1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/lock.h> 34 #include <sys/mutex.h> 35 #include <sys/mbuf.h> 36 #include <sys/kernel.h> 37 #include <sys/socket.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/module.h> 41 #include <sys/bus.h> 42 #include <sys/endian.h> 43 #include <sys/linker.h> 44 #include <sys/firmware.h> 45 #include <sys/kdb.h> 46 47 #include <machine/bus.h> 48 #include <machine/resource.h> 49 #include <sys/rman.h> 50 51 #include <net/bpf.h> 52 #include <net/if.h> 53 #include <net/if_var.h> 54 #include <net/if_arp.h> 55 #include <net/ethernet.h> 56 #include <net/if_dl.h> 57 #include <net/if_media.h> 58 #include <net/if_types.h> 59 60 #include <netinet/in.h> 61 #include <netinet/in_systm.h> 62 #include <netinet/in_var.h> 63 #include <netinet/if_ether.h> 64 #include <netinet/ip.h> 65 66 #include <net80211/ieee80211_var.h> 67 #include <net80211/ieee80211_regdomain.h> 68 #include <net80211/ieee80211_radiotap.h> 69 #include <net80211/ieee80211_ratectl.h> 70 71 #include <dev/usb/usb.h> 72 #include <dev/usb/usbdi.h> 73 #include "usbdevs.h" 74 75 #define USB_DEBUG_VAR run_debug 76 #include <dev/usb/usb_debug.h> 77 #include <dev/usb/usb_msctest.h> 78 79 #include <dev/usb/wlan/if_runreg.h> 80 #include <dev/usb/wlan/if_runvar.h> 81 82 #ifdef USB_DEBUG 83 #define RUN_DEBUG 84 #endif 85 86 #ifdef RUN_DEBUG 87 int run_debug = 0; 88 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 89 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 90 "run debug level"); 91 92 enum { 93 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 94 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 95 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 96 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 97 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 98 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 99 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 100 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 101 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 102 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 103 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 104 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 105 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 106 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 107 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 108 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 109 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 110 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 111 RUN_DEBUG_ANY = 0xffffffff 112 }; 113 114 #define RUN_DPRINTF(_sc, _m, ...) do { \ 115 if (run_debug & (_m)) \ 116 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 117 } while(0) 118 #else 119 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 120 #endif 121 122 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 123 124 /* 125 * Because of LOR in run_key_delete(), use atomic instead. 126 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 127 */ 128 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 129 130 static const STRUCT_USB_HOST_ID run_devs[] = { 131 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 132 #define RUN_DEV_EJECT(v,p) \ 133 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 134 #define RUN_EJECT 1 135 RUN_DEV(ABOCOM, RT2770), 136 RUN_DEV(ABOCOM, RT2870), 137 RUN_DEV(ABOCOM, RT3070), 138 RUN_DEV(ABOCOM, RT3071), 139 RUN_DEV(ABOCOM, RT3072), 140 RUN_DEV(ABOCOM2, RT2870_1), 141 RUN_DEV(ACCTON, RT2770), 142 RUN_DEV(ACCTON, RT2870_1), 143 RUN_DEV(ACCTON, RT2870_2), 144 RUN_DEV(ACCTON, RT2870_3), 145 RUN_DEV(ACCTON, RT2870_4), 146 RUN_DEV(ACCTON, RT2870_5), 147 RUN_DEV(ACCTON, RT3070), 148 RUN_DEV(ACCTON, RT3070_1), 149 RUN_DEV(ACCTON, RT3070_2), 150 RUN_DEV(ACCTON, RT3070_3), 151 RUN_DEV(ACCTON, RT3070_4), 152 RUN_DEV(ACCTON, RT3070_5), 153 RUN_DEV(AIRTIES, RT3070), 154 RUN_DEV(ALLWIN, RT2070), 155 RUN_DEV(ALLWIN, RT2770), 156 RUN_DEV(ALLWIN, RT2870), 157 RUN_DEV(ALLWIN, RT3070), 158 RUN_DEV(ALLWIN, RT3071), 159 RUN_DEV(ALLWIN, RT3072), 160 RUN_DEV(ALLWIN, RT3572), 161 RUN_DEV(AMIGO, RT2870_1), 162 RUN_DEV(AMIGO, RT2870_2), 163 RUN_DEV(AMIT, CGWLUSB2GNR), 164 RUN_DEV(AMIT, RT2870_1), 165 RUN_DEV(AMIT2, RT2870), 166 RUN_DEV(ASUS, RT2870_1), 167 RUN_DEV(ASUS, RT2870_2), 168 RUN_DEV(ASUS, RT2870_3), 169 RUN_DEV(ASUS, RT2870_4), 170 RUN_DEV(ASUS, RT2870_5), 171 RUN_DEV(ASUS, USBN13), 172 RUN_DEV(ASUS, RT3070_1), 173 RUN_DEV(ASUS, USBN66), 174 RUN_DEV(ASUS, USB_N53), 175 RUN_DEV(ASUS2, USBN11), 176 RUN_DEV(AZUREWAVE, RT2870_1), 177 RUN_DEV(AZUREWAVE, RT2870_2), 178 RUN_DEV(AZUREWAVE, RT3070_1), 179 RUN_DEV(AZUREWAVE, RT3070_2), 180 RUN_DEV(AZUREWAVE, RT3070_3), 181 RUN_DEV(BELKIN, F9L1103), 182 RUN_DEV(BELKIN, F5D8053V3), 183 RUN_DEV(BELKIN, F5D8055), 184 RUN_DEV(BELKIN, F5D8055V2), 185 RUN_DEV(BELKIN, F6D4050V1), 186 RUN_DEV(BELKIN, F6D4050V2), 187 RUN_DEV(BELKIN, RT2870_1), 188 RUN_DEV(BELKIN, RT2870_2), 189 RUN_DEV(CISCOLINKSYS, AE1000), 190 RUN_DEV(CISCOLINKSYS2, RT3070), 191 RUN_DEV(CISCOLINKSYS3, RT3070), 192 RUN_DEV(CONCEPTRONIC2, RT2870_1), 193 RUN_DEV(CONCEPTRONIC2, RT2870_2), 194 RUN_DEV(CONCEPTRONIC2, RT2870_3), 195 RUN_DEV(CONCEPTRONIC2, RT2870_4), 196 RUN_DEV(CONCEPTRONIC2, RT2870_5), 197 RUN_DEV(CONCEPTRONIC2, RT2870_6), 198 RUN_DEV(CONCEPTRONIC2, RT2870_7), 199 RUN_DEV(CONCEPTRONIC2, RT2870_8), 200 RUN_DEV(CONCEPTRONIC2, RT3070_1), 201 RUN_DEV(CONCEPTRONIC2, RT3070_2), 202 RUN_DEV(CONCEPTRONIC2, VIGORN61), 203 RUN_DEV(COREGA, CGWLUSB300GNM), 204 RUN_DEV(COREGA, RT2870_1), 205 RUN_DEV(COREGA, RT2870_2), 206 RUN_DEV(COREGA, RT2870_3), 207 RUN_DEV(COREGA, RT3070), 208 RUN_DEV(CYBERTAN, RT2870), 209 RUN_DEV(DLINK, RT2870), 210 RUN_DEV(DLINK, RT3072), 211 RUN_DEV(DLINK, DWA125A3), 212 RUN_DEV(DLINK, DWA127), 213 RUN_DEV(DLINK, DWA140B3), 214 RUN_DEV(DLINK, DWA160B2), 215 RUN_DEV(DLINK, DWA140D1), 216 RUN_DEV(DLINK, DWA162), 217 RUN_DEV(DLINK2, DWA130), 218 RUN_DEV(DLINK2, RT2870_1), 219 RUN_DEV(DLINK2, RT2870_2), 220 RUN_DEV(DLINK2, RT3070_1), 221 RUN_DEV(DLINK2, RT3070_2), 222 RUN_DEV(DLINK2, RT3070_3), 223 RUN_DEV(DLINK2, RT3070_4), 224 RUN_DEV(DLINK2, RT3070_5), 225 RUN_DEV(DLINK2, RT3072), 226 RUN_DEV(DLINK2, RT3072_1), 227 RUN_DEV(EDIMAX, EW7717), 228 RUN_DEV(EDIMAX, EW7718), 229 RUN_DEV(EDIMAX, EW7733UND), 230 RUN_DEV(EDIMAX, RT2870_1), 231 RUN_DEV(ENCORE, RT3070_1), 232 RUN_DEV(ENCORE, RT3070_2), 233 RUN_DEV(ENCORE, RT3070_3), 234 RUN_DEV(GIGABYTE, GNWB31N), 235 RUN_DEV(GIGABYTE, GNWB32L), 236 RUN_DEV(GIGABYTE, RT2870_1), 237 RUN_DEV(GIGASET, RT3070_1), 238 RUN_DEV(GIGASET, RT3070_2), 239 RUN_DEV(GUILLEMOT, HWNU300), 240 RUN_DEV(HAWKING, HWUN2), 241 RUN_DEV(HAWKING, RT2870_1), 242 RUN_DEV(HAWKING, RT2870_2), 243 RUN_DEV(HAWKING, RT3070), 244 RUN_DEV(IODATA, RT3072_1), 245 RUN_DEV(IODATA, RT3072_2), 246 RUN_DEV(IODATA, RT3072_3), 247 RUN_DEV(IODATA, RT3072_4), 248 RUN_DEV(LINKSYS4, RT3070), 249 RUN_DEV(LINKSYS4, WUSB100), 250 RUN_DEV(LINKSYS4, WUSB54GCV3), 251 RUN_DEV(LINKSYS4, WUSB600N), 252 RUN_DEV(LINKSYS4, WUSB600NV2), 253 RUN_DEV(LOGITEC, RT2870_1), 254 RUN_DEV(LOGITEC, RT2870_2), 255 RUN_DEV(LOGITEC, RT2870_3), 256 RUN_DEV(LOGITEC, LANW300NU2), 257 RUN_DEV(LOGITEC, LANW150NU2), 258 RUN_DEV(LOGITEC, LANW300NU2S), 259 RUN_DEV(MELCO, WLIUCG300HP), 260 RUN_DEV(MELCO, RT2870_2), 261 RUN_DEV(MELCO, WLIUCAG300N), 262 RUN_DEV(MELCO, WLIUCG300N), 263 RUN_DEV(MELCO, WLIUCG301N), 264 RUN_DEV(MELCO, WLIUCGN), 265 RUN_DEV(MELCO, WLIUCGNM), 266 RUN_DEV(MELCO, WLIUCG300HPV1), 267 RUN_DEV(MELCO, WLIUCGNM2), 268 RUN_DEV(MOTOROLA4, RT2770), 269 RUN_DEV(MOTOROLA4, RT3070), 270 RUN_DEV(MSI, RT3070_1), 271 RUN_DEV(MSI, RT3070_2), 272 RUN_DEV(MSI, RT3070_3), 273 RUN_DEV(MSI, RT3070_4), 274 RUN_DEV(MSI, RT3070_5), 275 RUN_DEV(MSI, RT3070_6), 276 RUN_DEV(MSI, RT3070_7), 277 RUN_DEV(MSI, RT3070_8), 278 RUN_DEV(MSI, RT3070_9), 279 RUN_DEV(MSI, RT3070_10), 280 RUN_DEV(MSI, RT3070_11), 281 RUN_DEV(NETGEAR, WNDA4100), 282 RUN_DEV(OVISLINK, RT3072), 283 RUN_DEV(PARA, RT3070), 284 RUN_DEV(PEGATRON, RT2870), 285 RUN_DEV(PEGATRON, RT3070), 286 RUN_DEV(PEGATRON, RT3070_2), 287 RUN_DEV(PEGATRON, RT3070_3), 288 RUN_DEV(PHILIPS, RT2870), 289 RUN_DEV(PLANEX2, GWUS300MINIS), 290 RUN_DEV(PLANEX2, GWUSMICRON), 291 RUN_DEV(PLANEX2, RT2870), 292 RUN_DEV(PLANEX2, RT3070), 293 RUN_DEV(QCOM, RT2870), 294 RUN_DEV(QUANTA, RT3070), 295 RUN_DEV(RALINK, RT2070), 296 RUN_DEV(RALINK, RT2770), 297 RUN_DEV(RALINK, RT2870), 298 RUN_DEV(RALINK, RT3070), 299 RUN_DEV(RALINK, RT3071), 300 RUN_DEV(RALINK, RT3072), 301 RUN_DEV(RALINK, RT3370), 302 RUN_DEV(RALINK, RT3572), 303 RUN_DEV(RALINK, RT3573), 304 RUN_DEV(RALINK, RT5370), 305 RUN_DEV(RALINK, RT5372), 306 RUN_DEV(RALINK, RT5572), 307 RUN_DEV(RALINK, RT8070), 308 RUN_DEV(SAMSUNG, WIS09ABGN), 309 RUN_DEV(SAMSUNG2, RT2870_1), 310 RUN_DEV(SENAO, RT2870_1), 311 RUN_DEV(SENAO, RT2870_2), 312 RUN_DEV(SENAO, RT2870_3), 313 RUN_DEV(SENAO, RT2870_4), 314 RUN_DEV(SENAO, RT3070), 315 RUN_DEV(SENAO, RT3071), 316 RUN_DEV(SENAO, RT3072_1), 317 RUN_DEV(SENAO, RT3072_2), 318 RUN_DEV(SENAO, RT3072_3), 319 RUN_DEV(SENAO, RT3072_4), 320 RUN_DEV(SENAO, RT3072_5), 321 RUN_DEV(SITECOMEU, RT2770), 322 RUN_DEV(SITECOMEU, RT2870_1), 323 RUN_DEV(SITECOMEU, RT2870_2), 324 RUN_DEV(SITECOMEU, RT2870_3), 325 RUN_DEV(SITECOMEU, RT2870_4), 326 RUN_DEV(SITECOMEU, RT3070), 327 RUN_DEV(SITECOMEU, RT3070_2), 328 RUN_DEV(SITECOMEU, RT3070_3), 329 RUN_DEV(SITECOMEU, RT3070_4), 330 RUN_DEV(SITECOMEU, RT3071), 331 RUN_DEV(SITECOMEU, RT3072_1), 332 RUN_DEV(SITECOMEU, RT3072_2), 333 RUN_DEV(SITECOMEU, RT3072_3), 334 RUN_DEV(SITECOMEU, RT3072_4), 335 RUN_DEV(SITECOMEU, RT3072_5), 336 RUN_DEV(SITECOMEU, RT3072_6), 337 RUN_DEV(SITECOMEU, WL608), 338 RUN_DEV(SPARKLAN, RT2870_1), 339 RUN_DEV(SPARKLAN, RT3070), 340 RUN_DEV(SWEEX2, LW153), 341 RUN_DEV(SWEEX2, LW303), 342 RUN_DEV(SWEEX2, LW313), 343 RUN_DEV(TOSHIBA, RT3070), 344 RUN_DEV(UMEDIA, RT2870_1), 345 RUN_DEV(ZCOM, RT2870_1), 346 RUN_DEV(ZCOM, RT2870_2), 347 RUN_DEV(ZINWELL, RT2870_1), 348 RUN_DEV(ZINWELL, RT2870_2), 349 RUN_DEV(ZINWELL, RT3070), 350 RUN_DEV(ZINWELL, RT3072_1), 351 RUN_DEV(ZINWELL, RT3072_2), 352 RUN_DEV(ZYXEL, RT2870_1), 353 RUN_DEV(ZYXEL, RT2870_2), 354 RUN_DEV(ZYXEL, RT3070), 355 RUN_DEV_EJECT(ZYXEL, NWD2705), 356 RUN_DEV_EJECT(RALINK, RT_STOR), 357 #undef RUN_DEV_EJECT 358 #undef RUN_DEV 359 }; 360 361 static device_probe_t run_match; 362 static device_attach_t run_attach; 363 static device_detach_t run_detach; 364 365 static usb_callback_t run_bulk_rx_callback; 366 static usb_callback_t run_bulk_tx_callback0; 367 static usb_callback_t run_bulk_tx_callback1; 368 static usb_callback_t run_bulk_tx_callback2; 369 static usb_callback_t run_bulk_tx_callback3; 370 static usb_callback_t run_bulk_tx_callback4; 371 static usb_callback_t run_bulk_tx_callback5; 372 373 static void run_autoinst(void *, struct usb_device *, 374 struct usb_attach_arg *); 375 static int run_driver_loaded(struct module *, int, void *); 376 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 377 usb_error_t error, u_int index); 378 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 379 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 380 const uint8_t [IEEE80211_ADDR_LEN], 381 const uint8_t [IEEE80211_ADDR_LEN]); 382 static void run_vap_delete(struct ieee80211vap *); 383 static void run_cmdq_cb(void *, int); 384 static void run_setup_tx_list(struct run_softc *, 385 struct run_endpoint_queue *); 386 static void run_unsetup_tx_list(struct run_softc *, 387 struct run_endpoint_queue *); 388 static int run_load_microcode(struct run_softc *); 389 static int run_reset(struct run_softc *); 390 static usb_error_t run_do_request(struct run_softc *, 391 struct usb_device_request *, void *); 392 static int run_read(struct run_softc *, uint16_t, uint32_t *); 393 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 394 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 395 static int run_write(struct run_softc *, uint16_t, uint32_t); 396 static int run_write_region_1(struct run_softc *, uint16_t, 397 const uint8_t *, int); 398 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 399 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 400 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 401 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 402 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 403 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 404 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 405 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 406 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 407 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 408 static const char *run_get_rf(uint16_t); 409 static void run_rt3593_get_txpower(struct run_softc *); 410 static void run_get_txpower(struct run_softc *); 411 static int run_read_eeprom(struct run_softc *); 412 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 413 const uint8_t mac[IEEE80211_ADDR_LEN]); 414 static int run_media_change(struct ifnet *); 415 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 416 static int run_wme_update(struct ieee80211com *); 417 static void run_key_set_cb(void *); 418 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 419 static void run_key_delete_cb(void *); 420 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 421 static void run_ratectl_to(void *); 422 static void run_ratectl_cb(void *, int); 423 static void run_drain_fifo(void *); 424 static void run_iter_func(void *, struct ieee80211_node *); 425 static void run_newassoc_cb(void *); 426 static void run_newassoc(struct ieee80211_node *, int); 427 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 428 const struct ieee80211_rx_stats *, int, int); 429 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 430 static void run_tx_free(struct run_endpoint_queue *pq, 431 struct run_tx_data *, int); 432 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 433 static int run_tx(struct run_softc *, struct mbuf *, 434 struct ieee80211_node *); 435 static int run_tx_mgt(struct run_softc *, struct mbuf *, 436 struct ieee80211_node *); 437 static int run_sendprot(struct run_softc *, const struct mbuf *, 438 struct ieee80211_node *, int, int); 439 static int run_tx_param(struct run_softc *, struct mbuf *, 440 struct ieee80211_node *, 441 const struct ieee80211_bpf_params *); 442 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 443 const struct ieee80211_bpf_params *); 444 static int run_transmit(struct ieee80211com *, struct mbuf *); 445 static void run_start(struct run_softc *); 446 static void run_parent(struct ieee80211com *); 447 static void run_iq_calib(struct run_softc *, u_int); 448 static void run_set_agc(struct run_softc *, uint8_t); 449 static void run_select_chan_group(struct run_softc *, int); 450 static void run_set_rx_antenna(struct run_softc *, int); 451 static void run_rt2870_set_chan(struct run_softc *, u_int); 452 static void run_rt3070_set_chan(struct run_softc *, u_int); 453 static void run_rt3572_set_chan(struct run_softc *, u_int); 454 static void run_rt3593_set_chan(struct run_softc *, u_int); 455 static void run_rt5390_set_chan(struct run_softc *, u_int); 456 static void run_rt5592_set_chan(struct run_softc *, u_int); 457 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 458 static void run_set_channel(struct ieee80211com *); 459 static void run_getradiocaps(struct ieee80211com *, int, int *, 460 struct ieee80211_channel[]); 461 static void run_scan_start(struct ieee80211com *); 462 static void run_scan_end(struct ieee80211com *); 463 static void run_update_beacon(struct ieee80211vap *, int); 464 static void run_update_beacon_cb(void *); 465 static void run_updateprot(struct ieee80211com *); 466 static void run_updateprot_cb(void *); 467 static void run_usb_timeout_cb(void *); 468 static void run_reset_livelock(struct run_softc *); 469 static void run_enable_tsf_sync(struct run_softc *); 470 static void run_enable_tsf(struct run_softc *); 471 static void run_get_tsf(struct run_softc *, uint64_t *); 472 static void run_enable_mrr(struct run_softc *); 473 static void run_set_txpreamble(struct run_softc *); 474 static void run_set_basicrates(struct run_softc *); 475 static void run_set_leds(struct run_softc *, uint16_t); 476 static void run_set_bssid(struct run_softc *, const uint8_t *); 477 static void run_set_macaddr(struct run_softc *, const uint8_t *); 478 static void run_updateslot(struct ieee80211com *); 479 static void run_updateslot_cb(void *); 480 static void run_update_mcast(struct ieee80211com *); 481 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 482 static void run_update_promisc_locked(struct run_softc *); 483 static void run_update_promisc(struct ieee80211com *); 484 static void run_rt5390_bbp_init(struct run_softc *); 485 static int run_bbp_init(struct run_softc *); 486 static int run_rt3070_rf_init(struct run_softc *); 487 static void run_rt3593_rf_init(struct run_softc *); 488 static void run_rt5390_rf_init(struct run_softc *); 489 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 490 uint8_t *); 491 static void run_rt3070_rf_setup(struct run_softc *); 492 static void run_rt3593_rf_setup(struct run_softc *); 493 static void run_rt5390_rf_setup(struct run_softc *); 494 static int run_txrx_enable(struct run_softc *); 495 static void run_adjust_freq_offset(struct run_softc *); 496 static void run_init_locked(struct run_softc *); 497 static void run_stop(void *); 498 static void run_delay(struct run_softc *, u_int); 499 500 static eventhandler_tag run_etag; 501 502 static const struct rt2860_rate { 503 uint8_t rate; 504 uint8_t mcs; 505 enum ieee80211_phytype phy; 506 uint8_t ctl_ridx; 507 uint16_t sp_ack_dur; 508 uint16_t lp_ack_dur; 509 } rt2860_rates[] = { 510 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 511 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 512 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 513 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 514 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 515 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 516 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 517 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 518 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 519 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 520 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 521 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 522 }; 523 524 static const struct { 525 uint16_t reg; 526 uint32_t val; 527 } rt2870_def_mac[] = { 528 RT2870_DEF_MAC 529 }; 530 531 static const struct { 532 uint8_t reg; 533 uint8_t val; 534 } rt2860_def_bbp[] = { 535 RT2860_DEF_BBP 536 },rt5390_def_bbp[] = { 537 RT5390_DEF_BBP 538 },rt5592_def_bbp[] = { 539 RT5592_DEF_BBP 540 }; 541 542 /* 543 * Default values for BBP register R196 for RT5592. 544 */ 545 static const uint8_t rt5592_bbp_r196[] = { 546 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 547 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 548 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 549 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 550 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 551 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 552 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 553 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 554 0x2e, 0x36, 0x30, 0x6e 555 }; 556 557 static const struct rfprog { 558 uint8_t chan; 559 uint32_t r1, r2, r3, r4; 560 } rt2860_rf2850[] = { 561 RT2860_RF2850 562 }; 563 564 struct { 565 uint8_t n, r, k; 566 } rt3070_freqs[] = { 567 RT3070_RF3052 568 }; 569 570 static const struct rt5592_freqs { 571 uint16_t n; 572 uint8_t k, m, r; 573 } rt5592_freqs_20mhz[] = { 574 RT5592_RF5592_20MHZ 575 },rt5592_freqs_40mhz[] = { 576 RT5592_RF5592_40MHZ 577 }; 578 579 static const struct { 580 uint8_t reg; 581 uint8_t val; 582 } rt3070_def_rf[] = { 583 RT3070_DEF_RF 584 },rt3572_def_rf[] = { 585 RT3572_DEF_RF 586 },rt3593_def_rf[] = { 587 RT3593_DEF_RF 588 },rt5390_def_rf[] = { 589 RT5390_DEF_RF 590 },rt5392_def_rf[] = { 591 RT5392_DEF_RF 592 },rt5592_def_rf[] = { 593 RT5592_DEF_RF 594 },rt5592_2ghz_def_rf[] = { 595 RT5592_2GHZ_DEF_RF 596 },rt5592_5ghz_def_rf[] = { 597 RT5592_5GHZ_DEF_RF 598 }; 599 600 static const struct { 601 u_int firstchan; 602 u_int lastchan; 603 uint8_t reg; 604 uint8_t val; 605 } rt5592_chan_5ghz[] = { 606 RT5592_CHAN_5GHZ 607 }; 608 609 static const struct usb_config run_config[RUN_N_XFER] = { 610 [RUN_BULK_TX_BE] = { 611 .type = UE_BULK, 612 .endpoint = UE_ADDR_ANY, 613 .ep_index = 0, 614 .direction = UE_DIR_OUT, 615 .bufsize = RUN_MAX_TXSZ, 616 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 617 .callback = run_bulk_tx_callback0, 618 .timeout = 5000, /* ms */ 619 }, 620 [RUN_BULK_TX_BK] = { 621 .type = UE_BULK, 622 .endpoint = UE_ADDR_ANY, 623 .direction = UE_DIR_OUT, 624 .ep_index = 1, 625 .bufsize = RUN_MAX_TXSZ, 626 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 627 .callback = run_bulk_tx_callback1, 628 .timeout = 5000, /* ms */ 629 }, 630 [RUN_BULK_TX_VI] = { 631 .type = UE_BULK, 632 .endpoint = UE_ADDR_ANY, 633 .direction = UE_DIR_OUT, 634 .ep_index = 2, 635 .bufsize = RUN_MAX_TXSZ, 636 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 637 .callback = run_bulk_tx_callback2, 638 .timeout = 5000, /* ms */ 639 }, 640 [RUN_BULK_TX_VO] = { 641 .type = UE_BULK, 642 .endpoint = UE_ADDR_ANY, 643 .direction = UE_DIR_OUT, 644 .ep_index = 3, 645 .bufsize = RUN_MAX_TXSZ, 646 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 647 .callback = run_bulk_tx_callback3, 648 .timeout = 5000, /* ms */ 649 }, 650 [RUN_BULK_TX_HCCA] = { 651 .type = UE_BULK, 652 .endpoint = UE_ADDR_ANY, 653 .direction = UE_DIR_OUT, 654 .ep_index = 4, 655 .bufsize = RUN_MAX_TXSZ, 656 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 657 .callback = run_bulk_tx_callback4, 658 .timeout = 5000, /* ms */ 659 }, 660 [RUN_BULK_TX_PRIO] = { 661 .type = UE_BULK, 662 .endpoint = UE_ADDR_ANY, 663 .direction = UE_DIR_OUT, 664 .ep_index = 5, 665 .bufsize = RUN_MAX_TXSZ, 666 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 667 .callback = run_bulk_tx_callback5, 668 .timeout = 5000, /* ms */ 669 }, 670 [RUN_BULK_RX] = { 671 .type = UE_BULK, 672 .endpoint = UE_ADDR_ANY, 673 .direction = UE_DIR_IN, 674 .bufsize = RUN_MAX_RXSZ, 675 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 676 .callback = run_bulk_rx_callback, 677 } 678 }; 679 680 static void 681 run_autoinst(void *arg, struct usb_device *udev, 682 struct usb_attach_arg *uaa) 683 { 684 struct usb_interface *iface; 685 struct usb_interface_descriptor *id; 686 687 if (uaa->dev_state != UAA_DEV_READY) 688 return; 689 690 iface = usbd_get_iface(udev, 0); 691 if (iface == NULL) 692 return; 693 id = iface->idesc; 694 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 695 return; 696 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 697 return; 698 699 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 700 uaa->dev_state = UAA_DEV_EJECTING; 701 } 702 703 static int 704 run_driver_loaded(struct module *mod, int what, void *arg) 705 { 706 switch (what) { 707 case MOD_LOAD: 708 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 709 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 710 break; 711 case MOD_UNLOAD: 712 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 713 break; 714 default: 715 return (EOPNOTSUPP); 716 } 717 return (0); 718 } 719 720 static int 721 run_match(device_t self) 722 { 723 struct usb_attach_arg *uaa = device_get_ivars(self); 724 725 if (uaa->usb_mode != USB_MODE_HOST) 726 return (ENXIO); 727 if (uaa->info.bConfigIndex != 0) 728 return (ENXIO); 729 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 730 return (ENXIO); 731 732 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 733 } 734 735 static int 736 run_attach(device_t self) 737 { 738 struct run_softc *sc = device_get_softc(self); 739 struct usb_attach_arg *uaa = device_get_ivars(self); 740 struct ieee80211com *ic = &sc->sc_ic; 741 uint32_t ver; 742 uint8_t iface_index; 743 int ntries, error; 744 745 device_set_usb_desc(self); 746 sc->sc_udev = uaa->device; 747 sc->sc_dev = self; 748 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 749 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 750 751 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 752 MTX_NETWORK_LOCK, MTX_DEF); 753 mbufq_init(&sc->sc_snd, ifqmaxlen); 754 755 iface_index = RT2860_IFACE_INDEX; 756 757 error = usbd_transfer_setup(uaa->device, &iface_index, 758 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 759 if (error) { 760 device_printf(self, "could not allocate USB transfers, " 761 "err=%s\n", usbd_errstr(error)); 762 goto detach; 763 } 764 765 RUN_LOCK(sc); 766 767 /* wait for the chip to settle */ 768 for (ntries = 0; ntries < 100; ntries++) { 769 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 770 RUN_UNLOCK(sc); 771 goto detach; 772 } 773 if (ver != 0 && ver != 0xffffffff) 774 break; 775 run_delay(sc, 10); 776 } 777 if (ntries == 100) { 778 device_printf(sc->sc_dev, 779 "timeout waiting for NIC to initialize\n"); 780 RUN_UNLOCK(sc); 781 goto detach; 782 } 783 sc->mac_ver = ver >> 16; 784 sc->mac_rev = ver & 0xffff; 785 786 /* retrieve RF rev. no and various other things from EEPROM */ 787 run_read_eeprom(sc); 788 789 device_printf(sc->sc_dev, 790 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 791 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 792 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 793 794 RUN_UNLOCK(sc); 795 796 ic->ic_softc = sc; 797 ic->ic_name = device_get_nameunit(self); 798 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 799 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 800 801 /* set device capabilities */ 802 ic->ic_caps = 803 IEEE80211_C_STA | /* station mode supported */ 804 IEEE80211_C_MONITOR | /* monitor mode supported */ 805 IEEE80211_C_IBSS | 806 IEEE80211_C_HOSTAP | 807 IEEE80211_C_WDS | /* 4-address traffic works */ 808 IEEE80211_C_MBSS | 809 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 810 IEEE80211_C_SHSLOT | /* short slot time supported */ 811 IEEE80211_C_WME | /* WME */ 812 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 813 814 ic->ic_cryptocaps = 815 IEEE80211_CRYPTO_WEP | 816 IEEE80211_CRYPTO_AES_CCM | 817 IEEE80211_CRYPTO_TKIPMIC | 818 IEEE80211_CRYPTO_TKIP; 819 820 ic->ic_flags |= IEEE80211_F_DATAPAD; 821 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 822 823 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 824 ic->ic_channels); 825 826 ieee80211_ifattach(ic); 827 828 ic->ic_scan_start = run_scan_start; 829 ic->ic_scan_end = run_scan_end; 830 ic->ic_set_channel = run_set_channel; 831 ic->ic_getradiocaps = run_getradiocaps; 832 ic->ic_node_alloc = run_node_alloc; 833 ic->ic_newassoc = run_newassoc; 834 ic->ic_updateslot = run_updateslot; 835 ic->ic_update_mcast = run_update_mcast; 836 ic->ic_wme.wme_update = run_wme_update; 837 ic->ic_raw_xmit = run_raw_xmit; 838 ic->ic_update_promisc = run_update_promisc; 839 ic->ic_vap_create = run_vap_create; 840 ic->ic_vap_delete = run_vap_delete; 841 ic->ic_transmit = run_transmit; 842 ic->ic_parent = run_parent; 843 844 ieee80211_radiotap_attach(ic, 845 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 846 RUN_TX_RADIOTAP_PRESENT, 847 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 848 RUN_RX_RADIOTAP_PRESENT); 849 850 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 851 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 852 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 853 854 if (bootverbose) 855 ieee80211_announce(ic); 856 857 return (0); 858 859 detach: 860 run_detach(self); 861 return (ENXIO); 862 } 863 864 static void 865 run_drain_mbufq(struct run_softc *sc) 866 { 867 struct mbuf *m; 868 struct ieee80211_node *ni; 869 870 RUN_LOCK_ASSERT(sc, MA_OWNED); 871 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 872 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 873 m->m_pkthdr.rcvif = NULL; 874 ieee80211_free_node(ni); 875 m_freem(m); 876 } 877 } 878 879 static int 880 run_detach(device_t self) 881 { 882 struct run_softc *sc = device_get_softc(self); 883 struct ieee80211com *ic = &sc->sc_ic; 884 int i; 885 886 RUN_LOCK(sc); 887 sc->sc_detached = 1; 888 RUN_UNLOCK(sc); 889 890 /* stop all USB transfers */ 891 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 892 893 RUN_LOCK(sc); 894 sc->ratectl_run = RUN_RATECTL_OFF; 895 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 896 897 /* free TX list, if any */ 898 for (i = 0; i != RUN_EP_QUEUES; i++) 899 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 900 901 /* Free TX queue */ 902 run_drain_mbufq(sc); 903 RUN_UNLOCK(sc); 904 905 if (sc->sc_ic.ic_softc == sc) { 906 /* drain tasks */ 907 usb_callout_drain(&sc->ratectl_ch); 908 ieee80211_draintask(ic, &sc->cmdq_task); 909 ieee80211_draintask(ic, &sc->ratectl_task); 910 ieee80211_ifdetach(ic); 911 } 912 913 mtx_destroy(&sc->sc_mtx); 914 915 return (0); 916 } 917 918 static struct ieee80211vap * 919 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 920 enum ieee80211_opmode opmode, int flags, 921 const uint8_t bssid[IEEE80211_ADDR_LEN], 922 const uint8_t mac[IEEE80211_ADDR_LEN]) 923 { 924 struct run_softc *sc = ic->ic_softc; 925 struct run_vap *rvp; 926 struct ieee80211vap *vap; 927 int i; 928 929 if (sc->rvp_cnt >= RUN_VAP_MAX) { 930 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 931 return (NULL); 932 } 933 934 switch (opmode) { 935 case IEEE80211_M_STA: 936 /* enable s/w bmiss handling for sta mode */ 937 flags |= IEEE80211_CLONE_NOBEACONS; 938 /* fall though */ 939 case IEEE80211_M_IBSS: 940 case IEEE80211_M_MONITOR: 941 case IEEE80211_M_HOSTAP: 942 case IEEE80211_M_MBSS: 943 /* other than WDS vaps, only one at a time */ 944 if (!TAILQ_EMPTY(&ic->ic_vaps)) 945 return (NULL); 946 break; 947 case IEEE80211_M_WDS: 948 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 949 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 950 continue; 951 /* WDS vap's always share the local mac address. */ 952 flags &= ~IEEE80211_CLONE_BSSID; 953 break; 954 } 955 if (vap == NULL) { 956 device_printf(sc->sc_dev, 957 "wds only supported in ap mode\n"); 958 return (NULL); 959 } 960 break; 961 default: 962 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 963 return (NULL); 964 } 965 966 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 967 vap = &rvp->vap; 968 969 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 970 bssid) != 0) { 971 /* out of memory */ 972 free(rvp, M_80211_VAP); 973 return (NULL); 974 } 975 976 vap->iv_update_beacon = run_update_beacon; 977 vap->iv_max_aid = RT2870_WCID_MAX; 978 /* 979 * To delete the right key from h/w, we need wcid. 980 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 981 * and matching wcid will be written into there. So, cast 982 * some spells to remove 'const' from ieee80211_key{} 983 */ 984 vap->iv_key_delete = (void *)run_key_delete; 985 vap->iv_key_set = (void *)run_key_set; 986 987 /* override state transition machine */ 988 rvp->newstate = vap->iv_newstate; 989 vap->iv_newstate = run_newstate; 990 if (opmode == IEEE80211_M_IBSS) { 991 rvp->recv_mgmt = vap->iv_recv_mgmt; 992 vap->iv_recv_mgmt = run_recv_mgmt; 993 } 994 995 ieee80211_ratectl_init(vap); 996 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 997 998 /* complete setup */ 999 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 1000 mac); 1001 1002 /* make sure id is always unique */ 1003 for (i = 0; i < RUN_VAP_MAX; i++) { 1004 if((sc->rvp_bmap & 1 << i) == 0){ 1005 sc->rvp_bmap |= 1 << i; 1006 rvp->rvp_id = i; 1007 break; 1008 } 1009 } 1010 if (sc->rvp_cnt++ == 0) 1011 ic->ic_opmode = opmode; 1012 1013 if (opmode == IEEE80211_M_HOSTAP) 1014 sc->cmdq_run = RUN_CMDQ_GO; 1015 1016 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1017 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1018 1019 return (vap); 1020 } 1021 1022 static void 1023 run_vap_delete(struct ieee80211vap *vap) 1024 { 1025 struct run_vap *rvp = RUN_VAP(vap); 1026 struct ieee80211com *ic; 1027 struct run_softc *sc; 1028 uint8_t rvp_id; 1029 1030 if (vap == NULL) 1031 return; 1032 1033 ic = vap->iv_ic; 1034 sc = ic->ic_softc; 1035 1036 RUN_LOCK(sc); 1037 1038 m_freem(rvp->beacon_mbuf); 1039 rvp->beacon_mbuf = NULL; 1040 1041 rvp_id = rvp->rvp_id; 1042 sc->ratectl_run &= ~(1 << rvp_id); 1043 sc->rvp_bmap &= ~(1 << rvp_id); 1044 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1045 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1046 --sc->rvp_cnt; 1047 1048 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1049 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1050 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1051 1052 RUN_UNLOCK(sc); 1053 1054 ieee80211_ratectl_deinit(vap); 1055 ieee80211_vap_detach(vap); 1056 free(rvp, M_80211_VAP); 1057 } 1058 1059 /* 1060 * There are numbers of functions need to be called in context thread. 1061 * Rather than creating taskqueue event for each of those functions, 1062 * here is all-for-one taskqueue callback function. This function 1063 * guarantees deferred functions are executed in the same order they 1064 * were enqueued. 1065 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1066 */ 1067 static void 1068 run_cmdq_cb(void *arg, int pending) 1069 { 1070 struct run_softc *sc = arg; 1071 uint8_t i; 1072 1073 /* call cmdq[].func locked */ 1074 RUN_LOCK(sc); 1075 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1076 i = sc->cmdq_exec, pending--) { 1077 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1078 i, pending); 1079 if (sc->cmdq_run == RUN_CMDQ_GO) { 1080 /* 1081 * If arg0 is NULL, callback func needs more 1082 * than one arg. So, pass ptr to cmdq struct. 1083 */ 1084 if (sc->cmdq[i].arg0) 1085 sc->cmdq[i].func(sc->cmdq[i].arg0); 1086 else 1087 sc->cmdq[i].func(&sc->cmdq[i]); 1088 } 1089 sc->cmdq[i].arg0 = NULL; 1090 sc->cmdq[i].func = NULL; 1091 sc->cmdq_exec++; 1092 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1093 } 1094 RUN_UNLOCK(sc); 1095 } 1096 1097 static void 1098 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1099 { 1100 struct run_tx_data *data; 1101 1102 memset(pq, 0, sizeof(*pq)); 1103 1104 STAILQ_INIT(&pq->tx_qh); 1105 STAILQ_INIT(&pq->tx_fh); 1106 1107 for (data = &pq->tx_data[0]; 1108 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1109 data->sc = sc; 1110 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1111 } 1112 pq->tx_nfree = RUN_TX_RING_COUNT; 1113 } 1114 1115 static void 1116 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1117 { 1118 struct run_tx_data *data; 1119 1120 /* make sure any subsequent use of the queues will fail */ 1121 pq->tx_nfree = 0; 1122 STAILQ_INIT(&pq->tx_fh); 1123 STAILQ_INIT(&pq->tx_qh); 1124 1125 /* free up all node references and mbufs */ 1126 for (data = &pq->tx_data[0]; 1127 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1128 if (data->m != NULL) { 1129 m_freem(data->m); 1130 data->m = NULL; 1131 } 1132 if (data->ni != NULL) { 1133 ieee80211_free_node(data->ni); 1134 data->ni = NULL; 1135 } 1136 } 1137 } 1138 1139 static int 1140 run_load_microcode(struct run_softc *sc) 1141 { 1142 usb_device_request_t req; 1143 const struct firmware *fw; 1144 const u_char *base; 1145 uint32_t tmp; 1146 int ntries, error; 1147 const uint64_t *temp; 1148 uint64_t bytes; 1149 1150 RUN_UNLOCK(sc); 1151 fw = firmware_get("runfw"); 1152 RUN_LOCK(sc); 1153 if (fw == NULL) { 1154 device_printf(sc->sc_dev, 1155 "failed loadfirmware of file %s\n", "runfw"); 1156 return ENOENT; 1157 } 1158 1159 if (fw->datasize != 8192) { 1160 device_printf(sc->sc_dev, 1161 "invalid firmware size (should be 8KB)\n"); 1162 error = EINVAL; 1163 goto fail; 1164 } 1165 1166 /* 1167 * RT3071/RT3072 use a different firmware 1168 * run-rt2870 (8KB) contains both, 1169 * first half (4KB) is for rt2870, 1170 * last half is for rt3071. 1171 */ 1172 base = fw->data; 1173 if ((sc->mac_ver) != 0x2860 && 1174 (sc->mac_ver) != 0x2872 && 1175 (sc->mac_ver) != 0x3070) { 1176 base += 4096; 1177 } 1178 1179 /* cheap sanity check */ 1180 temp = fw->data; 1181 bytes = *temp; 1182 if (bytes != be64toh(0xffffff0210280210ULL)) { 1183 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1184 error = EINVAL; 1185 goto fail; 1186 } 1187 1188 /* write microcode image */ 1189 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1190 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1191 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1192 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1193 } 1194 1195 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1196 req.bRequest = RT2870_RESET; 1197 USETW(req.wValue, 8); 1198 USETW(req.wIndex, 0); 1199 USETW(req.wLength, 0); 1200 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1201 != 0) { 1202 device_printf(sc->sc_dev, "firmware reset failed\n"); 1203 goto fail; 1204 } 1205 1206 run_delay(sc, 10); 1207 1208 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1209 run_write(sc, RT2860_H2M_MAILBOX, 0); 1210 run_write(sc, RT2860_H2M_INTSRC, 0); 1211 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1212 goto fail; 1213 1214 /* wait until microcontroller is ready */ 1215 for (ntries = 0; ntries < 1000; ntries++) { 1216 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1217 goto fail; 1218 if (tmp & RT2860_MCU_READY) 1219 break; 1220 run_delay(sc, 10); 1221 } 1222 if (ntries == 1000) { 1223 device_printf(sc->sc_dev, 1224 "timeout waiting for MCU to initialize\n"); 1225 error = ETIMEDOUT; 1226 goto fail; 1227 } 1228 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1229 (base == fw->data) ? "RT2870" : "RT3071", 1230 *(base + 4092), *(base + 4093)); 1231 1232 fail: 1233 firmware_put(fw, FIRMWARE_UNLOAD); 1234 return (error); 1235 } 1236 1237 static int 1238 run_reset(struct run_softc *sc) 1239 { 1240 usb_device_request_t req; 1241 1242 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1243 req.bRequest = RT2870_RESET; 1244 USETW(req.wValue, 1); 1245 USETW(req.wIndex, 0); 1246 USETW(req.wLength, 0); 1247 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1248 } 1249 1250 static usb_error_t 1251 run_do_request(struct run_softc *sc, 1252 struct usb_device_request *req, void *data) 1253 { 1254 usb_error_t err; 1255 int ntries = 10; 1256 1257 RUN_LOCK_ASSERT(sc, MA_OWNED); 1258 1259 while (ntries--) { 1260 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1261 req, data, 0, NULL, 250 /* ms */); 1262 if (err == 0) 1263 break; 1264 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1265 "Control request failed, %s (retrying)\n", 1266 usbd_errstr(err)); 1267 run_delay(sc, 10); 1268 } 1269 return (err); 1270 } 1271 1272 static int 1273 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1274 { 1275 uint32_t tmp; 1276 int error; 1277 1278 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1279 if (error == 0) 1280 *val = le32toh(tmp); 1281 else 1282 *val = 0xffffffff; 1283 return (error); 1284 } 1285 1286 static int 1287 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1288 { 1289 usb_device_request_t req; 1290 1291 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1292 req.bRequest = RT2870_READ_REGION_1; 1293 USETW(req.wValue, 0); 1294 USETW(req.wIndex, reg); 1295 USETW(req.wLength, len); 1296 1297 return (run_do_request(sc, &req, buf)); 1298 } 1299 1300 static int 1301 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1302 { 1303 usb_device_request_t req; 1304 1305 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1306 req.bRequest = RT2870_WRITE_2; 1307 USETW(req.wValue, val); 1308 USETW(req.wIndex, reg); 1309 USETW(req.wLength, 0); 1310 1311 return (run_do_request(sc, &req, NULL)); 1312 } 1313 1314 static int 1315 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1316 { 1317 int error; 1318 1319 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1320 error = run_write_2(sc, reg + 2, val >> 16); 1321 return (error); 1322 } 1323 1324 static int 1325 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1326 int len) 1327 { 1328 #if 1 1329 int i, error = 0; 1330 /* 1331 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1332 * We thus issue multiple WRITE_2 commands instead. 1333 */ 1334 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1335 for (i = 0; i < len && error == 0; i += 2) 1336 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1337 return (error); 1338 #else 1339 usb_device_request_t req; 1340 int error = 0; 1341 1342 /* 1343 * NOTE: It appears the WRITE_REGION_1 command cannot be 1344 * passed a huge amount of data, which will crash the 1345 * firmware. Limit amount of data passed to 64-bytes at a 1346 * time. 1347 */ 1348 while (len > 0) { 1349 int delta = 64; 1350 if (delta > len) 1351 delta = len; 1352 1353 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1354 req.bRequest = RT2870_WRITE_REGION_1; 1355 USETW(req.wValue, 0); 1356 USETW(req.wIndex, reg); 1357 USETW(req.wLength, delta); 1358 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1359 if (error != 0) 1360 break; 1361 reg += delta; 1362 buf += delta; 1363 len -= delta; 1364 } 1365 return (error); 1366 #endif 1367 } 1368 1369 static int 1370 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1371 { 1372 int i, error = 0; 1373 1374 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1375 for (i = 0; i < len && error == 0; i += 4) 1376 error = run_write(sc, reg + i, val); 1377 return (error); 1378 } 1379 1380 static int 1381 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1382 { 1383 uint32_t tmp; 1384 uint16_t reg; 1385 int error, ntries; 1386 1387 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1388 return (error); 1389 1390 if (count == 2) 1391 addr *= 2; 1392 /*- 1393 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1394 * DATA0: F E D C 1395 * DATA1: B A 9 8 1396 * DATA2: 7 6 5 4 1397 * DATA3: 3 2 1 0 1398 */ 1399 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1400 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1401 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1402 for (ntries = 0; ntries < 100; ntries++) { 1403 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1404 return (error); 1405 if (!(tmp & RT3070_EFSROM_KICK)) 1406 break; 1407 run_delay(sc, 2); 1408 } 1409 if (ntries == 100) 1410 return (ETIMEDOUT); 1411 1412 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1413 *val = 0xffff; /* address not found */ 1414 return (0); 1415 } 1416 /* determine to which 32-bit register our 16-bit word belongs */ 1417 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1418 if ((error = run_read(sc, reg, &tmp)) != 0) 1419 return (error); 1420 1421 tmp >>= (8 * (addr & 0x3)); 1422 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1423 1424 return (0); 1425 } 1426 1427 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1428 static int 1429 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1430 { 1431 return (run_efuse_read(sc, addr, val, 2)); 1432 } 1433 1434 static int 1435 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1436 { 1437 usb_device_request_t req; 1438 uint16_t tmp; 1439 int error; 1440 1441 addr *= 2; 1442 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1443 req.bRequest = RT2870_EEPROM_READ; 1444 USETW(req.wValue, 0); 1445 USETW(req.wIndex, addr); 1446 USETW(req.wLength, sizeof(tmp)); 1447 1448 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1449 if (error == 0) 1450 *val = le16toh(tmp); 1451 else 1452 *val = 0xffff; 1453 return (error); 1454 } 1455 1456 static __inline int 1457 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1458 { 1459 /* either eFUSE ROM or EEPROM */ 1460 return sc->sc_srom_read(sc, addr, val); 1461 } 1462 1463 static int 1464 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1465 { 1466 uint32_t tmp; 1467 int error, ntries; 1468 1469 for (ntries = 0; ntries < 10; ntries++) { 1470 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1471 return (error); 1472 if (!(tmp & RT2860_RF_REG_CTRL)) 1473 break; 1474 } 1475 if (ntries == 10) 1476 return (ETIMEDOUT); 1477 1478 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1479 } 1480 1481 static int 1482 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1483 { 1484 uint32_t tmp; 1485 int error, ntries; 1486 1487 for (ntries = 0; ntries < 100; ntries++) { 1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1489 return (error); 1490 if (!(tmp & RT3070_RF_KICK)) 1491 break; 1492 } 1493 if (ntries == 100) 1494 return (ETIMEDOUT); 1495 1496 tmp = RT3070_RF_KICK | reg << 8; 1497 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1498 return (error); 1499 1500 for (ntries = 0; ntries < 100; ntries++) { 1501 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1502 return (error); 1503 if (!(tmp & RT3070_RF_KICK)) 1504 break; 1505 } 1506 if (ntries == 100) 1507 return (ETIMEDOUT); 1508 1509 *val = tmp & 0xff; 1510 return (0); 1511 } 1512 1513 static int 1514 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1515 { 1516 uint32_t tmp; 1517 int error, ntries; 1518 1519 for (ntries = 0; ntries < 10; ntries++) { 1520 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1521 return (error); 1522 if (!(tmp & RT3070_RF_KICK)) 1523 break; 1524 } 1525 if (ntries == 10) 1526 return (ETIMEDOUT); 1527 1528 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1529 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1530 } 1531 1532 static int 1533 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1534 { 1535 uint32_t tmp; 1536 int ntries, error; 1537 1538 for (ntries = 0; ntries < 10; ntries++) { 1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1540 return (error); 1541 if (!(tmp & RT2860_BBP_CSR_KICK)) 1542 break; 1543 } 1544 if (ntries == 10) 1545 return (ETIMEDOUT); 1546 1547 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1548 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1549 return (error); 1550 1551 for (ntries = 0; ntries < 10; ntries++) { 1552 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1553 return (error); 1554 if (!(tmp & RT2860_BBP_CSR_KICK)) 1555 break; 1556 } 1557 if (ntries == 10) 1558 return (ETIMEDOUT); 1559 1560 *val = tmp & 0xff; 1561 return (0); 1562 } 1563 1564 static int 1565 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1566 { 1567 uint32_t tmp; 1568 int ntries, error; 1569 1570 for (ntries = 0; ntries < 10; ntries++) { 1571 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1572 return (error); 1573 if (!(tmp & RT2860_BBP_CSR_KICK)) 1574 break; 1575 } 1576 if (ntries == 10) 1577 return (ETIMEDOUT); 1578 1579 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1580 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1581 } 1582 1583 /* 1584 * Send a command to the 8051 microcontroller unit. 1585 */ 1586 static int 1587 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1588 { 1589 uint32_t tmp; 1590 int error, ntries; 1591 1592 for (ntries = 0; ntries < 100; ntries++) { 1593 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1594 return error; 1595 if (!(tmp & RT2860_H2M_BUSY)) 1596 break; 1597 } 1598 if (ntries == 100) 1599 return ETIMEDOUT; 1600 1601 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1602 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1603 error = run_write(sc, RT2860_HOST_CMD, cmd); 1604 return (error); 1605 } 1606 1607 /* 1608 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1609 * Used to adjust per-rate Tx power registers. 1610 */ 1611 static __inline uint32_t 1612 b4inc(uint32_t b32, int8_t delta) 1613 { 1614 int8_t i, b4; 1615 1616 for (i = 0; i < 8; i++) { 1617 b4 = b32 & 0xf; 1618 b4 += delta; 1619 if (b4 < 0) 1620 b4 = 0; 1621 else if (b4 > 0xf) 1622 b4 = 0xf; 1623 b32 = b32 >> 4 | b4 << 28; 1624 } 1625 return (b32); 1626 } 1627 1628 static const char * 1629 run_get_rf(uint16_t rev) 1630 { 1631 switch (rev) { 1632 case RT2860_RF_2820: return "RT2820"; 1633 case RT2860_RF_2850: return "RT2850"; 1634 case RT2860_RF_2720: return "RT2720"; 1635 case RT2860_RF_2750: return "RT2750"; 1636 case RT3070_RF_3020: return "RT3020"; 1637 case RT3070_RF_2020: return "RT2020"; 1638 case RT3070_RF_3021: return "RT3021"; 1639 case RT3070_RF_3022: return "RT3022"; 1640 case RT3070_RF_3052: return "RT3052"; 1641 case RT3593_RF_3053: return "RT3053"; 1642 case RT5592_RF_5592: return "RT5592"; 1643 case RT5390_RF_5370: return "RT5370"; 1644 case RT5390_RF_5372: return "RT5372"; 1645 } 1646 return ("unknown"); 1647 } 1648 1649 static void 1650 run_rt3593_get_txpower(struct run_softc *sc) 1651 { 1652 uint16_t addr, val; 1653 int i; 1654 1655 /* Read power settings for 2GHz channels. */ 1656 for (i = 0; i < 14; i += 2) { 1657 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1658 RT2860_EEPROM_PWR2GHZ_BASE1; 1659 run_srom_read(sc, addr + i / 2, &val); 1660 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1661 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1662 1663 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1664 RT2860_EEPROM_PWR2GHZ_BASE2; 1665 run_srom_read(sc, addr + i / 2, &val); 1666 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1667 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1668 1669 if (sc->ntxchains == 3) { 1670 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1671 &val); 1672 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1673 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1674 } 1675 } 1676 /* Fix broken Tx power entries. */ 1677 for (i = 0; i < 14; i++) { 1678 if (sc->txpow1[i] > 31) 1679 sc->txpow1[i] = 5; 1680 if (sc->txpow2[i] > 31) 1681 sc->txpow2[i] = 5; 1682 if (sc->ntxchains == 3) { 1683 if (sc->txpow3[i] > 31) 1684 sc->txpow3[i] = 5; 1685 } 1686 } 1687 /* Read power settings for 5GHz channels. */ 1688 for (i = 0; i < 40; i += 2) { 1689 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1690 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1691 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1692 1693 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1694 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1695 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1696 1697 if (sc->ntxchains == 3) { 1698 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1699 &val); 1700 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1701 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1702 } 1703 } 1704 } 1705 1706 static void 1707 run_get_txpower(struct run_softc *sc) 1708 { 1709 uint16_t val; 1710 int i; 1711 1712 /* Read power settings for 2GHz channels. */ 1713 for (i = 0; i < 14; i += 2) { 1714 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1715 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1716 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1717 1718 if (sc->mac_ver != 0x5390) { 1719 run_srom_read(sc, 1720 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1721 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1722 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1723 } 1724 } 1725 /* Fix broken Tx power entries. */ 1726 for (i = 0; i < 14; i++) { 1727 if (sc->mac_ver >= 0x5390) { 1728 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1729 sc->txpow1[i] = 5; 1730 } else { 1731 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1732 sc->txpow1[i] = 5; 1733 } 1734 if (sc->mac_ver > 0x5390) { 1735 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1736 sc->txpow2[i] = 5; 1737 } else if (sc->mac_ver < 0x5390) { 1738 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1739 sc->txpow2[i] = 5; 1740 } 1741 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1742 "chan %d: power1=%d, power2=%d\n", 1743 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1744 } 1745 /* Read power settings for 5GHz channels. */ 1746 for (i = 0; i < 40; i += 2) { 1747 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1748 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1749 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1750 1751 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1752 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1753 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1754 } 1755 /* Fix broken Tx power entries. */ 1756 for (i = 0; i < 40; i++ ) { 1757 if (sc->mac_ver != 0x5592) { 1758 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1759 sc->txpow1[14 + i] = 5; 1760 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1761 sc->txpow2[14 + i] = 5; 1762 } 1763 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1764 "chan %d: power1=%d, power2=%d\n", 1765 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1766 sc->txpow2[14 + i]); 1767 } 1768 } 1769 1770 static int 1771 run_read_eeprom(struct run_softc *sc) 1772 { 1773 struct ieee80211com *ic = &sc->sc_ic; 1774 int8_t delta_2ghz, delta_5ghz; 1775 uint32_t tmp; 1776 uint16_t val; 1777 int ridx, ant, i; 1778 1779 /* check whether the ROM is eFUSE ROM or EEPROM */ 1780 sc->sc_srom_read = run_eeprom_read_2; 1781 if (sc->mac_ver >= 0x3070) { 1782 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1783 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1784 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1785 sc->sc_srom_read = run_efuse_read_2; 1786 } 1787 1788 /* read ROM version */ 1789 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1790 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1791 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1792 1793 /* read MAC address */ 1794 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1795 ic->ic_macaddr[0] = val & 0xff; 1796 ic->ic_macaddr[1] = val >> 8; 1797 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1798 ic->ic_macaddr[2] = val & 0xff; 1799 ic->ic_macaddr[3] = val >> 8; 1800 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1801 ic->ic_macaddr[4] = val & 0xff; 1802 ic->ic_macaddr[5] = val >> 8; 1803 1804 if (sc->mac_ver < 0x3593) { 1805 /* read vender BBP settings */ 1806 for (i = 0; i < 10; i++) { 1807 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1808 sc->bbp[i].val = val & 0xff; 1809 sc->bbp[i].reg = val >> 8; 1810 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1811 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1812 } 1813 if (sc->mac_ver >= 0x3071) { 1814 /* read vendor RF settings */ 1815 for (i = 0; i < 10; i++) { 1816 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1817 &val); 1818 sc->rf[i].val = val & 0xff; 1819 sc->rf[i].reg = val >> 8; 1820 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1821 sc->rf[i].reg, sc->rf[i].val); 1822 } 1823 } 1824 } 1825 1826 /* read RF frequency offset from EEPROM */ 1827 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1828 RT3593_EEPROM_FREQ, &val); 1829 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1830 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1831 sc->freq & 0xff); 1832 1833 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1834 RT3593_EEPROM_FREQ_LEDS, &val); 1835 if (val >> 8 != 0xff) { 1836 /* read LEDs operating mode */ 1837 sc->leds = val >> 8; 1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1839 RT3593_EEPROM_LED1, &sc->led[0]); 1840 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1841 RT3593_EEPROM_LED2, &sc->led[1]); 1842 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1843 RT3593_EEPROM_LED3, &sc->led[2]); 1844 } else { 1845 /* broken EEPROM, use default settings */ 1846 sc->leds = 0x01; 1847 sc->led[0] = 0x5555; 1848 sc->led[1] = 0x2221; 1849 sc->led[2] = 0x5627; /* differs from RT2860 */ 1850 } 1851 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1852 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1853 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1854 1855 /* read RF information */ 1856 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1857 run_srom_read(sc, 0x00, &val); 1858 else 1859 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1860 1861 if (val == 0xffff) { 1862 device_printf(sc->sc_dev, 1863 "invalid EEPROM antenna info, using default\n"); 1864 if (sc->mac_ver == 0x3572) { 1865 /* default to RF3052 2T2R */ 1866 sc->rf_rev = RT3070_RF_3052; 1867 sc->ntxchains = 2; 1868 sc->nrxchains = 2; 1869 } else if (sc->mac_ver >= 0x3070) { 1870 /* default to RF3020 1T1R */ 1871 sc->rf_rev = RT3070_RF_3020; 1872 sc->ntxchains = 1; 1873 sc->nrxchains = 1; 1874 } else { 1875 /* default to RF2820 1T2R */ 1876 sc->rf_rev = RT2860_RF_2820; 1877 sc->ntxchains = 1; 1878 sc->nrxchains = 2; 1879 } 1880 } else { 1881 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1882 sc->rf_rev = val; 1883 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1884 } else 1885 sc->rf_rev = (val >> 8) & 0xf; 1886 sc->ntxchains = (val >> 4) & 0xf; 1887 sc->nrxchains = val & 0xf; 1888 } 1889 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1890 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1891 1892 /* check if RF supports automatic Tx access gain control */ 1893 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1894 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1895 /* check if driver should patch the DAC issue */ 1896 if ((val >> 8) != 0xff) 1897 sc->patch_dac = (val >> 15) & 1; 1898 if ((val & 0xff) != 0xff) { 1899 sc->ext_5ghz_lna = (val >> 3) & 1; 1900 sc->ext_2ghz_lna = (val >> 2) & 1; 1901 /* check if RF supports automatic Tx access gain control */ 1902 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1903 /* check if we have a hardware radio switch */ 1904 sc->rfswitch = val & 1; 1905 } 1906 1907 /* Read Tx power settings. */ 1908 if (sc->mac_ver == 0x3593) 1909 run_rt3593_get_txpower(sc); 1910 else 1911 run_get_txpower(sc); 1912 1913 /* read Tx power compensation for each Tx rate */ 1914 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1915 delta_2ghz = delta_5ghz = 0; 1916 if ((val & 0xff) != 0xff && (val & 0x80)) { 1917 delta_2ghz = val & 0xf; 1918 if (!(val & 0x40)) /* negative number */ 1919 delta_2ghz = -delta_2ghz; 1920 } 1921 val >>= 8; 1922 if ((val & 0xff) != 0xff && (val & 0x80)) { 1923 delta_5ghz = val & 0xf; 1924 if (!(val & 0x40)) /* negative number */ 1925 delta_5ghz = -delta_5ghz; 1926 } 1927 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1928 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1929 1930 for (ridx = 0; ridx < 5; ridx++) { 1931 uint32_t reg; 1932 1933 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1934 reg = val; 1935 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1936 reg |= (uint32_t)val << 16; 1937 1938 sc->txpow20mhz[ridx] = reg; 1939 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1940 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1941 1942 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1943 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1944 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1945 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1946 } 1947 1948 /* Read RSSI offsets and LNA gains from EEPROM. */ 1949 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1950 RT3593_EEPROM_RSSI1_2GHZ, &val); 1951 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1952 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1953 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1954 RT3593_EEPROM_RSSI2_2GHZ, &val); 1955 if (sc->mac_ver >= 0x3070) { 1956 if (sc->mac_ver == 0x3593) { 1957 sc->txmixgain_2ghz = 0; 1958 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1959 } else { 1960 /* 1961 * On RT3070 chips (limited to 2 Rx chains), this ROM 1962 * field contains the Tx mixer gain for the 2GHz band. 1963 */ 1964 if ((val & 0xff) != 0xff) 1965 sc->txmixgain_2ghz = val & 0x7; 1966 } 1967 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1968 sc->txmixgain_2ghz); 1969 } else 1970 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1971 if (sc->mac_ver == 0x3593) 1972 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1973 sc->lna[2] = val >> 8; /* channel group 2 */ 1974 1975 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1976 RT3593_EEPROM_RSSI1_5GHZ, &val); 1977 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1978 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1979 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1980 RT3593_EEPROM_RSSI2_5GHZ, &val); 1981 if (sc->mac_ver == 0x3572) { 1982 /* 1983 * On RT3572 chips (limited to 2 Rx chains), this ROM 1984 * field contains the Tx mixer gain for the 5GHz band. 1985 */ 1986 if ((val & 0xff) != 0xff) 1987 sc->txmixgain_5ghz = val & 0x7; 1988 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1989 sc->txmixgain_5ghz); 1990 } else 1991 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1992 if (sc->mac_ver == 0x3593) { 1993 sc->txmixgain_5ghz = 0; 1994 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1995 } 1996 sc->lna[3] = val >> 8; /* channel group 3 */ 1997 1998 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1999 RT3593_EEPROM_LNA, &val); 2000 sc->lna[0] = val & 0xff; /* channel group 0 */ 2001 sc->lna[1] = val >> 8; /* channel group 1 */ 2002 2003 /* fix broken 5GHz LNA entries */ 2004 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2005 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2006 "invalid LNA for channel group %d\n", 2); 2007 sc->lna[2] = sc->lna[1]; 2008 } 2009 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2010 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2011 "invalid LNA for channel group %d\n", 3); 2012 sc->lna[3] = sc->lna[1]; 2013 } 2014 2015 /* fix broken RSSI offset entries */ 2016 for (ant = 0; ant < 3; ant++) { 2017 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2018 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2019 "invalid RSSI%d offset: %d (2GHz)\n", 2020 ant + 1, sc->rssi_2ghz[ant]); 2021 sc->rssi_2ghz[ant] = 0; 2022 } 2023 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2024 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2025 "invalid RSSI%d offset: %d (5GHz)\n", 2026 ant + 1, sc->rssi_5ghz[ant]); 2027 sc->rssi_5ghz[ant] = 0; 2028 } 2029 } 2030 return (0); 2031 } 2032 2033 static struct ieee80211_node * 2034 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2035 { 2036 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 2037 } 2038 2039 static int 2040 run_media_change(struct ifnet *ifp) 2041 { 2042 struct ieee80211vap *vap = ifp->if_softc; 2043 struct ieee80211com *ic = vap->iv_ic; 2044 const struct ieee80211_txparam *tp; 2045 struct run_softc *sc = ic->ic_softc; 2046 uint8_t rate, ridx; 2047 int error; 2048 2049 RUN_LOCK(sc); 2050 2051 error = ieee80211_media_change(ifp); 2052 if (error != ENETRESET) { 2053 RUN_UNLOCK(sc); 2054 return (error); 2055 } 2056 2057 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2058 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2059 struct ieee80211_node *ni; 2060 struct run_node *rn; 2061 2062 rate = ic->ic_sup_rates[ic->ic_curmode]. 2063 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2064 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2065 if (rt2860_rates[ridx].rate == rate) 2066 break; 2067 ni = ieee80211_ref_node(vap->iv_bss); 2068 rn = RUN_NODE(ni); 2069 rn->fix_ridx = ridx; 2070 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2071 rate, rn->fix_ridx); 2072 ieee80211_free_node(ni); 2073 } 2074 2075 #if 0 2076 if ((ifp->if_flags & IFF_UP) && 2077 (ifp->if_drv_flags & RUN_RUNNING)){ 2078 run_init_locked(sc); 2079 } 2080 #endif 2081 2082 RUN_UNLOCK(sc); 2083 2084 return (0); 2085 } 2086 2087 static int 2088 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2089 { 2090 const struct ieee80211_txparam *tp; 2091 struct ieee80211com *ic = vap->iv_ic; 2092 struct run_softc *sc = ic->ic_softc; 2093 struct run_vap *rvp = RUN_VAP(vap); 2094 enum ieee80211_state ostate; 2095 uint32_t sta[3]; 2096 uint32_t tmp; 2097 uint8_t ratectl; 2098 uint8_t restart_ratectl = 0; 2099 uint8_t bid = 1 << rvp->rvp_id; 2100 2101 ostate = vap->iv_state; 2102 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2103 ieee80211_state_name[ostate], 2104 ieee80211_state_name[nstate]); 2105 2106 IEEE80211_UNLOCK(ic); 2107 RUN_LOCK(sc); 2108 2109 ratectl = sc->ratectl_run; /* remember current state */ 2110 sc->ratectl_run = RUN_RATECTL_OFF; 2111 usb_callout_stop(&sc->ratectl_ch); 2112 2113 if (ostate == IEEE80211_S_RUN) { 2114 /* turn link LED off */ 2115 run_set_leds(sc, RT2860_LED_RADIO); 2116 } 2117 2118 switch (nstate) { 2119 case IEEE80211_S_INIT: 2120 restart_ratectl = 1; 2121 2122 if (ostate != IEEE80211_S_RUN) 2123 break; 2124 2125 ratectl &= ~bid; 2126 sc->runbmap &= ~bid; 2127 2128 /* abort TSF synchronization if there is no vap running */ 2129 if (--sc->running == 0) { 2130 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2131 run_write(sc, RT2860_BCN_TIME_CFG, 2132 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2133 RT2860_TBTT_TIMER_EN)); 2134 } 2135 break; 2136 2137 case IEEE80211_S_RUN: 2138 if (!(sc->runbmap & bid)) { 2139 if(sc->running++) 2140 restart_ratectl = 1; 2141 sc->runbmap |= bid; 2142 } 2143 2144 m_freem(rvp->beacon_mbuf); 2145 rvp->beacon_mbuf = NULL; 2146 2147 switch (vap->iv_opmode) { 2148 case IEEE80211_M_HOSTAP: 2149 case IEEE80211_M_MBSS: 2150 sc->ap_running |= bid; 2151 ic->ic_opmode = vap->iv_opmode; 2152 run_update_beacon_cb(vap); 2153 break; 2154 case IEEE80211_M_IBSS: 2155 sc->adhoc_running |= bid; 2156 if (!sc->ap_running) 2157 ic->ic_opmode = vap->iv_opmode; 2158 run_update_beacon_cb(vap); 2159 break; 2160 case IEEE80211_M_STA: 2161 sc->sta_running |= bid; 2162 if (!sc->ap_running && !sc->adhoc_running) 2163 ic->ic_opmode = vap->iv_opmode; 2164 2165 /* read statistic counters (clear on read) */ 2166 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2167 (uint8_t *)sta, sizeof sta); 2168 2169 break; 2170 default: 2171 ic->ic_opmode = vap->iv_opmode; 2172 break; 2173 } 2174 2175 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2176 struct ieee80211_node *ni; 2177 2178 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2179 RUN_UNLOCK(sc); 2180 IEEE80211_LOCK(ic); 2181 return (-1); 2182 } 2183 run_updateslot(ic); 2184 run_enable_mrr(sc); 2185 run_set_txpreamble(sc); 2186 run_set_basicrates(sc); 2187 ni = ieee80211_ref_node(vap->iv_bss); 2188 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2189 run_set_bssid(sc, sc->sc_bssid); 2190 ieee80211_free_node(ni); 2191 run_enable_tsf_sync(sc); 2192 2193 /* enable automatic rate adaptation */ 2194 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2195 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2196 ratectl |= bid; 2197 } else 2198 run_enable_tsf(sc); 2199 2200 /* turn link LED on */ 2201 run_set_leds(sc, RT2860_LED_RADIO | 2202 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2203 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2204 2205 break; 2206 default: 2207 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2208 break; 2209 } 2210 2211 /* restart amrr for running VAPs */ 2212 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2213 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2214 2215 RUN_UNLOCK(sc); 2216 IEEE80211_LOCK(ic); 2217 2218 return(rvp->newstate(vap, nstate, arg)); 2219 } 2220 2221 static int 2222 run_wme_update(struct ieee80211com *ic) 2223 { 2224 struct chanAccParams chp; 2225 struct run_softc *sc = ic->ic_softc; 2226 const struct wmeParams *ac; 2227 int aci, error = 0; 2228 2229 ieee80211_wme_ic_getparams(ic, &chp); 2230 ac = chp.cap_wmeParams; 2231 2232 /* update MAC TX configuration registers */ 2233 RUN_LOCK(sc); 2234 for (aci = 0; aci < WME_NUM_AC; aci++) { 2235 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2236 ac[aci].wmep_logcwmax << 16 | 2237 ac[aci].wmep_logcwmin << 12 | 2238 ac[aci].wmep_aifsn << 8 | 2239 ac[aci].wmep_txopLimit); 2240 if (error) goto err; 2241 } 2242 2243 /* update SCH/DMA registers too */ 2244 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2245 ac[WME_AC_VO].wmep_aifsn << 12 | 2246 ac[WME_AC_VI].wmep_aifsn << 8 | 2247 ac[WME_AC_BK].wmep_aifsn << 4 | 2248 ac[WME_AC_BE].wmep_aifsn); 2249 if (error) goto err; 2250 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2251 ac[WME_AC_VO].wmep_logcwmin << 12 | 2252 ac[WME_AC_VI].wmep_logcwmin << 8 | 2253 ac[WME_AC_BK].wmep_logcwmin << 4 | 2254 ac[WME_AC_BE].wmep_logcwmin); 2255 if (error) goto err; 2256 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2257 ac[WME_AC_VO].wmep_logcwmax << 12 | 2258 ac[WME_AC_VI].wmep_logcwmax << 8 | 2259 ac[WME_AC_BK].wmep_logcwmax << 4 | 2260 ac[WME_AC_BE].wmep_logcwmax); 2261 if (error) goto err; 2262 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2263 ac[WME_AC_BK].wmep_txopLimit << 16 | 2264 ac[WME_AC_BE].wmep_txopLimit); 2265 if (error) goto err; 2266 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2267 ac[WME_AC_VO].wmep_txopLimit << 16 | 2268 ac[WME_AC_VI].wmep_txopLimit); 2269 2270 err: 2271 RUN_UNLOCK(sc); 2272 if (error) 2273 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2274 2275 return (error); 2276 } 2277 2278 static void 2279 run_key_set_cb(void *arg) 2280 { 2281 struct run_cmdq *cmdq = arg; 2282 struct ieee80211vap *vap = cmdq->arg1; 2283 struct ieee80211_key *k = cmdq->k; 2284 struct ieee80211com *ic = vap->iv_ic; 2285 struct run_softc *sc = ic->ic_softc; 2286 struct ieee80211_node *ni; 2287 u_int cipher = k->wk_cipher->ic_cipher; 2288 uint32_t attr; 2289 uint16_t base, associd; 2290 uint8_t mode, wcid, iv[8]; 2291 2292 RUN_LOCK_ASSERT(sc, MA_OWNED); 2293 2294 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2295 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2296 else 2297 ni = vap->iv_bss; 2298 associd = (ni != NULL) ? ni->ni_associd : 0; 2299 2300 /* map net80211 cipher to RT2860 security mode */ 2301 switch (cipher) { 2302 case IEEE80211_CIPHER_WEP: 2303 if(k->wk_keylen < 8) 2304 mode = RT2860_MODE_WEP40; 2305 else 2306 mode = RT2860_MODE_WEP104; 2307 break; 2308 case IEEE80211_CIPHER_TKIP: 2309 mode = RT2860_MODE_TKIP; 2310 break; 2311 case IEEE80211_CIPHER_AES_CCM: 2312 mode = RT2860_MODE_AES_CCMP; 2313 break; 2314 default: 2315 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2316 return; 2317 } 2318 2319 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2320 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2321 associd, k->wk_keyix, mode, 2322 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2323 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2324 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2325 2326 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2327 wcid = 0; /* NB: update WCID0 for group keys */ 2328 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2329 } else { 2330 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2331 1 : RUN_AID2WCID(associd); 2332 base = RT2860_PKEY(wcid); 2333 } 2334 2335 if (cipher == IEEE80211_CIPHER_TKIP) { 2336 if(run_write_region_1(sc, base, k->wk_key, 16)) 2337 return; 2338 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2339 return; 2340 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2341 return; 2342 } else { 2343 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2344 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2345 return; 2346 } 2347 2348 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2349 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2350 /* set initial packet number in IV+EIV */ 2351 if (cipher == IEEE80211_CIPHER_WEP) { 2352 memset(iv, 0, sizeof iv); 2353 iv[3] = vap->iv_def_txkey << 6; 2354 } else { 2355 if (cipher == IEEE80211_CIPHER_TKIP) { 2356 iv[0] = k->wk_keytsc >> 8; 2357 iv[1] = (iv[0] | 0x20) & 0x7f; 2358 iv[2] = k->wk_keytsc; 2359 } else /* CCMP */ { 2360 iv[0] = k->wk_keytsc; 2361 iv[1] = k->wk_keytsc >> 8; 2362 iv[2] = 0; 2363 } 2364 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2365 iv[4] = k->wk_keytsc >> 16; 2366 iv[5] = k->wk_keytsc >> 24; 2367 iv[6] = k->wk_keytsc >> 32; 2368 iv[7] = k->wk_keytsc >> 40; 2369 } 2370 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2371 return; 2372 } 2373 2374 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2375 /* install group key */ 2376 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2377 return; 2378 attr &= ~(0xf << (k->wk_keyix * 4)); 2379 attr |= mode << (k->wk_keyix * 4); 2380 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2381 return; 2382 } else { 2383 /* install pairwise key */ 2384 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2385 return; 2386 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2387 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2388 return; 2389 } 2390 2391 /* TODO create a pass-thru key entry? */ 2392 2393 /* need wcid to delete the right key later */ 2394 k->wk_pad = wcid; 2395 } 2396 2397 /* 2398 * Don't have to be deferred, but in order to keep order of 2399 * execution, i.e. with run_key_delete(), defer this and let 2400 * run_cmdq_cb() maintain the order. 2401 * 2402 * return 0 on error 2403 */ 2404 static int 2405 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2406 { 2407 struct ieee80211com *ic = vap->iv_ic; 2408 struct run_softc *sc = ic->ic_softc; 2409 uint32_t i; 2410 2411 i = RUN_CMDQ_GET(&sc->cmdq_store); 2412 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2413 sc->cmdq[i].func = run_key_set_cb; 2414 sc->cmdq[i].arg0 = NULL; 2415 sc->cmdq[i].arg1 = vap; 2416 sc->cmdq[i].k = k; 2417 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2418 ieee80211_runtask(ic, &sc->cmdq_task); 2419 2420 /* 2421 * To make sure key will be set when hostapd 2422 * calls iv_key_set() before if_init(). 2423 */ 2424 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2425 RUN_LOCK(sc); 2426 sc->cmdq_key_set = RUN_CMDQ_GO; 2427 RUN_UNLOCK(sc); 2428 } 2429 2430 return (1); 2431 } 2432 2433 /* 2434 * If wlan is destroyed without being brought down i.e. without 2435 * wlan down or wpa_cli terminate, this function is called after 2436 * vap is gone. Don't refer it. 2437 */ 2438 static void 2439 run_key_delete_cb(void *arg) 2440 { 2441 struct run_cmdq *cmdq = arg; 2442 struct run_softc *sc = cmdq->arg1; 2443 struct ieee80211_key *k = &cmdq->key; 2444 uint32_t attr; 2445 uint8_t wcid; 2446 2447 RUN_LOCK_ASSERT(sc, MA_OWNED); 2448 2449 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2450 /* remove group key */ 2451 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2452 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2453 attr &= ~(0xf << (k->wk_keyix * 4)); 2454 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2455 } else { 2456 /* remove pairwise key */ 2457 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2458 "removing key for wcid %x\n", k->wk_pad); 2459 /* matching wcid was written to wk_pad in run_key_set() */ 2460 wcid = k->wk_pad; 2461 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2462 attr &= ~0xf; 2463 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2464 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2465 } 2466 2467 k->wk_pad = 0; 2468 } 2469 2470 /* 2471 * return 0 on error 2472 */ 2473 static int 2474 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2475 { 2476 struct ieee80211com *ic = vap->iv_ic; 2477 struct run_softc *sc = ic->ic_softc; 2478 struct ieee80211_key *k0; 2479 uint32_t i; 2480 2481 /* 2482 * When called back, key might be gone. So, make a copy 2483 * of some values need to delete keys before deferring. 2484 * But, because of LOR with node lock, cannot use lock here. 2485 * So, use atomic instead. 2486 */ 2487 i = RUN_CMDQ_GET(&sc->cmdq_store); 2488 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2489 sc->cmdq[i].func = run_key_delete_cb; 2490 sc->cmdq[i].arg0 = NULL; 2491 sc->cmdq[i].arg1 = sc; 2492 k0 = &sc->cmdq[i].key; 2493 k0->wk_flags = k->wk_flags; 2494 k0->wk_keyix = k->wk_keyix; 2495 /* matching wcid was written to wk_pad in run_key_set() */ 2496 k0->wk_pad = k->wk_pad; 2497 ieee80211_runtask(ic, &sc->cmdq_task); 2498 return (1); /* return fake success */ 2499 2500 } 2501 2502 static void 2503 run_ratectl_to(void *arg) 2504 { 2505 struct run_softc *sc = arg; 2506 2507 /* do it in a process context, so it can go sleep */ 2508 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2509 /* next timeout will be rescheduled in the callback task */ 2510 } 2511 2512 /* ARGSUSED */ 2513 static void 2514 run_ratectl_cb(void *arg, int pending) 2515 { 2516 struct run_softc *sc = arg; 2517 struct ieee80211com *ic = &sc->sc_ic; 2518 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2519 2520 if (vap == NULL) 2521 return; 2522 2523 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2524 /* 2525 * run_reset_livelock() doesn't do anything with AMRR, 2526 * but Ralink wants us to call it every 1 sec. So, we 2527 * piggyback here rather than creating another callout. 2528 * Livelock may occur only in HOSTAP or IBSS mode 2529 * (when h/w is sending beacons). 2530 */ 2531 RUN_LOCK(sc); 2532 run_reset_livelock(sc); 2533 /* just in case, there are some stats to drain */ 2534 run_drain_fifo(sc); 2535 RUN_UNLOCK(sc); 2536 } 2537 2538 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2539 2540 RUN_LOCK(sc); 2541 if(sc->ratectl_run != RUN_RATECTL_OFF) 2542 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2543 RUN_UNLOCK(sc); 2544 } 2545 2546 static void 2547 run_drain_fifo(void *arg) 2548 { 2549 struct run_softc *sc = arg; 2550 uint32_t stat; 2551 uint16_t (*wstat)[3]; 2552 uint8_t wcid, mcs, pid; 2553 int8_t retry; 2554 2555 RUN_LOCK_ASSERT(sc, MA_OWNED); 2556 2557 for (;;) { 2558 /* drain Tx status FIFO (maxsize = 16) */ 2559 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2560 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2561 if (!(stat & RT2860_TXQ_VLD)) 2562 break; 2563 2564 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2565 2566 /* if no ACK was requested, no feedback is available */ 2567 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2568 wcid == 0) 2569 continue; 2570 2571 /* 2572 * Even though each stat is Tx-complete-status like format, 2573 * the device can poll stats. Because there is no guarantee 2574 * that the referring node is still around when read the stats. 2575 * So that, if we use ieee80211_ratectl_tx_update(), we will 2576 * have hard time not to refer already freed node. 2577 * 2578 * To eliminate such page faults, we poll stats in softc. 2579 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2580 */ 2581 wstat = &(sc->wcid_stats[wcid]); 2582 (*wstat)[RUN_TXCNT]++; 2583 if (stat & RT2860_TXQ_OK) 2584 (*wstat)[RUN_SUCCESS]++; 2585 else 2586 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2587 /* 2588 * Check if there were retries, ie if the Tx success rate is 2589 * different from the requested rate. Note that it works only 2590 * because we do not allow rate fallback from OFDM to CCK. 2591 */ 2592 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2593 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2594 if ((retry = pid -1 - mcs) > 0) { 2595 (*wstat)[RUN_TXCNT] += retry; 2596 (*wstat)[RUN_RETRY] += retry; 2597 } 2598 } 2599 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2600 2601 sc->fifo_cnt = 0; 2602 } 2603 2604 static void 2605 run_iter_func(void *arg, struct ieee80211_node *ni) 2606 { 2607 struct run_softc *sc = arg; 2608 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2609 struct ieee80211vap *vap = ni->ni_vap; 2610 struct run_node *rn = RUN_NODE(ni); 2611 union run_stats sta[2]; 2612 uint16_t (*wstat)[3]; 2613 int error; 2614 2615 RUN_LOCK(sc); 2616 2617 /* Check for special case */ 2618 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2619 ni != vap->iv_bss) 2620 goto fail; 2621 2622 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2623 IEEE80211_RATECTL_TX_STATS_RETRIES; 2624 txs->ni = ni; 2625 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2626 vap->iv_opmode == IEEE80211_M_STA)) { 2627 /* read statistic counters (clear on read) and update AMRR state */ 2628 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2629 sizeof sta); 2630 if (error != 0) 2631 goto fail; 2632 2633 /* count failed TX as errors */ 2634 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2635 le16toh(sta[0].error.fail)); 2636 2637 txs->nretries = le16toh(sta[1].tx.retry); 2638 txs->nsuccess = le16toh(sta[1].tx.success); 2639 /* nretries??? */ 2640 txs->nframes = txs->nretries + txs->nsuccess + 2641 le16toh(sta[0].error.fail); 2642 2643 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2644 "retrycnt=%d success=%d failcnt=%d\n", 2645 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2646 } else { 2647 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2648 2649 if (wstat == &(sc->wcid_stats[0]) || 2650 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2651 goto fail; 2652 2653 txs->nretries = (*wstat)[RUN_RETRY]; 2654 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2655 txs->nframes = (*wstat)[RUN_TXCNT]; 2656 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2657 "retrycnt=%d txcnt=%d success=%d\n", 2658 txs->nretries, txs->nframes, txs->nsuccess); 2659 2660 memset(wstat, 0, sizeof(*wstat)); 2661 } 2662 2663 ieee80211_ratectl_tx_update(vap, txs); 2664 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2665 2666 fail: 2667 RUN_UNLOCK(sc); 2668 2669 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2670 } 2671 2672 static void 2673 run_newassoc_cb(void *arg) 2674 { 2675 struct run_cmdq *cmdq = arg; 2676 struct ieee80211_node *ni = cmdq->arg1; 2677 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2678 uint8_t wcid = cmdq->wcid; 2679 2680 RUN_LOCK_ASSERT(sc, MA_OWNED); 2681 2682 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2683 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2684 2685 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2686 } 2687 2688 static void 2689 run_newassoc(struct ieee80211_node *ni, int isnew) 2690 { 2691 struct run_node *rn = RUN_NODE(ni); 2692 struct ieee80211_rateset *rs = &ni->ni_rates; 2693 struct ieee80211vap *vap = ni->ni_vap; 2694 struct ieee80211com *ic = vap->iv_ic; 2695 struct run_softc *sc = ic->ic_softc; 2696 uint8_t rate; 2697 uint8_t ridx; 2698 uint8_t wcid; 2699 int i, j; 2700 2701 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2702 1 : RUN_AID2WCID(ni->ni_associd); 2703 2704 if (wcid > RT2870_WCID_MAX) { 2705 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2706 return; 2707 } 2708 2709 /* only interested in true associations */ 2710 if (isnew && ni->ni_associd != 0) { 2711 2712 /* 2713 * This function could is called though timeout function. 2714 * Need to defer. 2715 */ 2716 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2717 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2718 sc->cmdq[cnt].func = run_newassoc_cb; 2719 sc->cmdq[cnt].arg0 = NULL; 2720 sc->cmdq[cnt].arg1 = ni; 2721 sc->cmdq[cnt].wcid = wcid; 2722 ieee80211_runtask(ic, &sc->cmdq_task); 2723 } 2724 2725 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2726 "new assoc isnew=%d associd=%x addr=%s\n", 2727 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2728 2729 for (i = 0; i < rs->rs_nrates; i++) { 2730 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2731 /* convert 802.11 rate to hardware rate index */ 2732 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2733 if (rt2860_rates[ridx].rate == rate) 2734 break; 2735 rn->ridx[i] = ridx; 2736 /* determine rate of control response frames */ 2737 for (j = i; j >= 0; j--) { 2738 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2739 rt2860_rates[rn->ridx[i]].phy == 2740 rt2860_rates[rn->ridx[j]].phy) 2741 break; 2742 } 2743 if (j >= 0) { 2744 rn->ctl_ridx[i] = rn->ridx[j]; 2745 } else { 2746 /* no basic rate found, use mandatory one */ 2747 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2748 } 2749 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2750 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2751 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2752 } 2753 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2754 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2755 if (rt2860_rates[ridx].rate == rate) 2756 break; 2757 rn->mgt_ridx = ridx; 2758 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2759 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2760 2761 RUN_LOCK(sc); 2762 if(sc->ratectl_run != RUN_RATECTL_OFF) 2763 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2764 RUN_UNLOCK(sc); 2765 } 2766 2767 /* 2768 * Return the Rx chain with the highest RSSI for a given frame. 2769 */ 2770 static __inline uint8_t 2771 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2772 { 2773 uint8_t rxchain = 0; 2774 2775 if (sc->nrxchains > 1) { 2776 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2777 rxchain = 1; 2778 if (sc->nrxchains > 2) 2779 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2780 rxchain = 2; 2781 } 2782 return (rxchain); 2783 } 2784 2785 static void 2786 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2787 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2788 { 2789 struct ieee80211vap *vap = ni->ni_vap; 2790 struct run_softc *sc = vap->iv_ic->ic_softc; 2791 struct run_vap *rvp = RUN_VAP(vap); 2792 uint64_t ni_tstamp, rx_tstamp; 2793 2794 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2795 2796 if (vap->iv_state == IEEE80211_S_RUN && 2797 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2798 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2799 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2800 RUN_LOCK(sc); 2801 run_get_tsf(sc, &rx_tstamp); 2802 RUN_UNLOCK(sc); 2803 rx_tstamp = le64toh(rx_tstamp); 2804 2805 if (ni_tstamp >= rx_tstamp) { 2806 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2807 "ibss merge, tsf %ju tstamp %ju\n", 2808 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2809 (void) ieee80211_ibss_merge(ni); 2810 } 2811 } 2812 } 2813 2814 static void 2815 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2816 { 2817 struct ieee80211com *ic = &sc->sc_ic; 2818 struct ieee80211_frame *wh; 2819 struct ieee80211_node *ni; 2820 struct rt2870_rxd *rxd; 2821 struct rt2860_rxwi *rxwi; 2822 uint32_t flags; 2823 uint16_t len, rxwisize; 2824 uint8_t ant, rssi; 2825 int8_t nf; 2826 2827 rxwi = mtod(m, struct rt2860_rxwi *); 2828 len = le16toh(rxwi->len) & 0xfff; 2829 rxwisize = sizeof(struct rt2860_rxwi); 2830 if (sc->mac_ver == 0x5592) 2831 rxwisize += sizeof(uint64_t); 2832 else if (sc->mac_ver == 0x3593) 2833 rxwisize += sizeof(uint32_t); 2834 if (__predict_false(len > dmalen)) { 2835 m_freem(m); 2836 counter_u64_add(ic->ic_ierrors, 1); 2837 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2838 "bad RXWI length %u > %u\n", len, dmalen); 2839 return; 2840 } 2841 /* Rx descriptor is located at the end */ 2842 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2843 flags = le32toh(rxd->flags); 2844 2845 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2846 m_freem(m); 2847 counter_u64_add(ic->ic_ierrors, 1); 2848 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2849 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2850 return; 2851 } 2852 2853 m->m_data += rxwisize; 2854 m->m_pkthdr.len = m->m_len -= rxwisize; 2855 2856 wh = mtod(m, struct ieee80211_frame *); 2857 2858 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2859 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2860 m->m_flags |= M_WEP; 2861 } 2862 2863 if (flags & RT2860_RX_L2PAD) { 2864 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2865 "received RT2860_RX_L2PAD frame\n"); 2866 len += 2; 2867 } 2868 2869 ni = ieee80211_find_rxnode(ic, 2870 mtod(m, struct ieee80211_frame_min *)); 2871 2872 if (__predict_false(flags & RT2860_RX_MICERR)) { 2873 /* report MIC failures to net80211 for TKIP */ 2874 if (ni != NULL) 2875 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2876 rxwi->keyidx); 2877 m_freem(m); 2878 counter_u64_add(ic->ic_ierrors, 1); 2879 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2880 "MIC error. Someone is lying.\n"); 2881 return; 2882 } 2883 2884 ant = run_maxrssi_chain(sc, rxwi); 2885 rssi = rxwi->rssi[ant]; 2886 nf = run_rssi2dbm(sc, rssi, ant); 2887 2888 m->m_pkthdr.len = m->m_len = len; 2889 2890 if (__predict_false(ieee80211_radiotap_active(ic))) { 2891 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2892 uint16_t phy; 2893 2894 tap->wr_flags = 0; 2895 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2896 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2897 tap->wr_antsignal = rssi; 2898 tap->wr_antenna = ant; 2899 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2900 tap->wr_rate = 2; /* in case it can't be found below */ 2901 RUN_LOCK(sc); 2902 run_get_tsf(sc, &tap->wr_tsf); 2903 RUN_UNLOCK(sc); 2904 phy = le16toh(rxwi->phy); 2905 switch (phy & RT2860_PHY_MODE) { 2906 case RT2860_PHY_CCK: 2907 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2908 case 0: tap->wr_rate = 2; break; 2909 case 1: tap->wr_rate = 4; break; 2910 case 2: tap->wr_rate = 11; break; 2911 case 3: tap->wr_rate = 22; break; 2912 } 2913 if (phy & RT2860_PHY_SHPRE) 2914 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2915 break; 2916 case RT2860_PHY_OFDM: 2917 switch (phy & RT2860_PHY_MCS) { 2918 case 0: tap->wr_rate = 12; break; 2919 case 1: tap->wr_rate = 18; break; 2920 case 2: tap->wr_rate = 24; break; 2921 case 3: tap->wr_rate = 36; break; 2922 case 4: tap->wr_rate = 48; break; 2923 case 5: tap->wr_rate = 72; break; 2924 case 6: tap->wr_rate = 96; break; 2925 case 7: tap->wr_rate = 108; break; 2926 } 2927 break; 2928 } 2929 } 2930 2931 if (ni != NULL) { 2932 (void)ieee80211_input(ni, m, rssi, nf); 2933 ieee80211_free_node(ni); 2934 } else { 2935 (void)ieee80211_input_all(ic, m, rssi, nf); 2936 } 2937 } 2938 2939 static void 2940 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2941 { 2942 struct run_softc *sc = usbd_xfer_softc(xfer); 2943 struct ieee80211com *ic = &sc->sc_ic; 2944 struct mbuf *m = NULL; 2945 struct mbuf *m0; 2946 uint32_t dmalen; 2947 uint16_t rxwisize; 2948 int xferlen; 2949 2950 rxwisize = sizeof(struct rt2860_rxwi); 2951 if (sc->mac_ver == 0x5592) 2952 rxwisize += sizeof(uint64_t); 2953 else if (sc->mac_ver == 0x3593) 2954 rxwisize += sizeof(uint32_t); 2955 2956 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2957 2958 switch (USB_GET_STATE(xfer)) { 2959 case USB_ST_TRANSFERRED: 2960 2961 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2962 "rx done, actlen=%d\n", xferlen); 2963 2964 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2965 sizeof(struct rt2870_rxd))) { 2966 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2967 "xfer too short %d\n", xferlen); 2968 goto tr_setup; 2969 } 2970 2971 m = sc->rx_m; 2972 sc->rx_m = NULL; 2973 2974 /* FALLTHROUGH */ 2975 case USB_ST_SETUP: 2976 tr_setup: 2977 if (sc->rx_m == NULL) { 2978 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2979 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2980 } 2981 if (sc->rx_m == NULL) { 2982 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2983 "could not allocate mbuf - idle with stall\n"); 2984 counter_u64_add(ic->ic_ierrors, 1); 2985 usbd_xfer_set_stall(xfer); 2986 usbd_xfer_set_frames(xfer, 0); 2987 } else { 2988 /* 2989 * Directly loading a mbuf cluster into DMA to 2990 * save some data copying. This works because 2991 * there is only one cluster. 2992 */ 2993 usbd_xfer_set_frame_data(xfer, 0, 2994 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2995 usbd_xfer_set_frames(xfer, 1); 2996 } 2997 usbd_transfer_submit(xfer); 2998 break; 2999 3000 default: /* Error */ 3001 if (error != USB_ERR_CANCELLED) { 3002 /* try to clear stall first */ 3003 usbd_xfer_set_stall(xfer); 3004 if (error == USB_ERR_TIMEOUT) 3005 device_printf(sc->sc_dev, "device timeout\n"); 3006 counter_u64_add(ic->ic_ierrors, 1); 3007 goto tr_setup; 3008 } 3009 if (sc->rx_m != NULL) { 3010 m_freem(sc->rx_m); 3011 sc->rx_m = NULL; 3012 } 3013 break; 3014 } 3015 3016 if (m == NULL) 3017 return; 3018 3019 /* inputting all the frames must be last */ 3020 3021 RUN_UNLOCK(sc); 3022 3023 m->m_pkthdr.len = m->m_len = xferlen; 3024 3025 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3026 for(;;) { 3027 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3028 3029 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3030 ((dmalen & 3) != 0)) { 3031 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3032 "bad DMA length %u\n", dmalen); 3033 break; 3034 } 3035 if ((dmalen + 8) > (uint32_t)xferlen) { 3036 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3037 "bad DMA length %u > %d\n", 3038 dmalen + 8, xferlen); 3039 break; 3040 } 3041 3042 /* If it is the last one or a single frame, we won't copy. */ 3043 if ((xferlen -= dmalen + 8) <= 8) { 3044 /* trim 32-bit DMA-len header */ 3045 m->m_data += 4; 3046 m->m_pkthdr.len = m->m_len -= 4; 3047 run_rx_frame(sc, m, dmalen); 3048 m = NULL; /* don't free source buffer */ 3049 break; 3050 } 3051 3052 /* copy aggregated frames to another mbuf */ 3053 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3054 if (__predict_false(m0 == NULL)) { 3055 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3056 "could not allocate mbuf\n"); 3057 counter_u64_add(ic->ic_ierrors, 1); 3058 break; 3059 } 3060 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3061 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3062 m0->m_pkthdr.len = m0->m_len = 3063 dmalen + sizeof(struct rt2870_rxd); 3064 run_rx_frame(sc, m0, dmalen); 3065 3066 /* update data ptr */ 3067 m->m_data += dmalen + 8; 3068 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3069 } 3070 3071 /* make sure we free the source buffer, if any */ 3072 m_freem(m); 3073 3074 RUN_LOCK(sc); 3075 } 3076 3077 static void 3078 run_tx_free(struct run_endpoint_queue *pq, 3079 struct run_tx_data *data, int txerr) 3080 { 3081 3082 ieee80211_tx_complete(data->ni, data->m, txerr); 3083 3084 data->m = NULL; 3085 data->ni = NULL; 3086 3087 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3088 pq->tx_nfree++; 3089 } 3090 3091 static void 3092 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3093 { 3094 struct run_softc *sc = usbd_xfer_softc(xfer); 3095 struct ieee80211com *ic = &sc->sc_ic; 3096 struct run_tx_data *data; 3097 struct ieee80211vap *vap = NULL; 3098 struct usb_page_cache *pc; 3099 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3100 struct mbuf *m; 3101 usb_frlength_t size; 3102 int actlen; 3103 int sumlen; 3104 3105 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3106 3107 switch (USB_GET_STATE(xfer)) { 3108 case USB_ST_TRANSFERRED: 3109 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3110 "transfer complete: %d bytes @ index %d\n", actlen, index); 3111 3112 data = usbd_xfer_get_priv(xfer); 3113 run_tx_free(pq, data, 0); 3114 usbd_xfer_set_priv(xfer, NULL); 3115 3116 /* FALLTHROUGH */ 3117 case USB_ST_SETUP: 3118 tr_setup: 3119 data = STAILQ_FIRST(&pq->tx_qh); 3120 if (data == NULL) 3121 break; 3122 3123 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3124 3125 m = data->m; 3126 size = (sc->mac_ver == 0x5592) ? 3127 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3128 if ((m->m_pkthdr.len + 3129 size + 3 + 8) > RUN_MAX_TXSZ) { 3130 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3131 "data overflow, %u bytes\n", m->m_pkthdr.len); 3132 run_tx_free(pq, data, 1); 3133 goto tr_setup; 3134 } 3135 3136 pc = usbd_xfer_get_frame(xfer, 0); 3137 usbd_copy_in(pc, 0, &data->desc, size); 3138 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3139 size += m->m_pkthdr.len; 3140 /* 3141 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3142 * 4-byte padding), and be sure to zero those trailing 3143 * bytes: 3144 */ 3145 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3146 size += ((-size) & 3) + 8; 3147 3148 vap = data->ni->ni_vap; 3149 if (ieee80211_radiotap_active_vap(vap)) { 3150 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3151 struct rt2860_txwi *txwi = 3152 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3153 tap->wt_flags = 0; 3154 tap->wt_rate = rt2860_rates[data->ridx].rate; 3155 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3156 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3157 tap->wt_hwqueue = index; 3158 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3159 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3160 3161 ieee80211_radiotap_tx(vap, m); 3162 } 3163 3164 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3165 "sending frame len=%u/%u @ index %d\n", 3166 m->m_pkthdr.len, size, index); 3167 3168 usbd_xfer_set_frame_len(xfer, 0, size); 3169 usbd_xfer_set_priv(xfer, data); 3170 usbd_transfer_submit(xfer); 3171 run_start(sc); 3172 3173 break; 3174 3175 default: 3176 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3177 "USB transfer error, %s\n", usbd_errstr(error)); 3178 3179 data = usbd_xfer_get_priv(xfer); 3180 3181 if (data != NULL) { 3182 if(data->ni != NULL) 3183 vap = data->ni->ni_vap; 3184 run_tx_free(pq, data, error); 3185 usbd_xfer_set_priv(xfer, NULL); 3186 } 3187 3188 if (vap == NULL) 3189 vap = TAILQ_FIRST(&ic->ic_vaps); 3190 3191 if (error != USB_ERR_CANCELLED) { 3192 if (error == USB_ERR_TIMEOUT) { 3193 device_printf(sc->sc_dev, "device timeout\n"); 3194 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3195 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3196 "cmdq_store=%d\n", i); 3197 sc->cmdq[i].func = run_usb_timeout_cb; 3198 sc->cmdq[i].arg0 = vap; 3199 ieee80211_runtask(ic, &sc->cmdq_task); 3200 } 3201 3202 /* 3203 * Try to clear stall first, also if other 3204 * errors occur, hence clearing stall 3205 * introduces a 50 ms delay: 3206 */ 3207 usbd_xfer_set_stall(xfer); 3208 goto tr_setup; 3209 } 3210 break; 3211 } 3212 } 3213 3214 static void 3215 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3216 { 3217 run_bulk_tx_callbackN(xfer, error, 0); 3218 } 3219 3220 static void 3221 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3222 { 3223 run_bulk_tx_callbackN(xfer, error, 1); 3224 } 3225 3226 static void 3227 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3228 { 3229 run_bulk_tx_callbackN(xfer, error, 2); 3230 } 3231 3232 static void 3233 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3234 { 3235 run_bulk_tx_callbackN(xfer, error, 3); 3236 } 3237 3238 static void 3239 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3240 { 3241 run_bulk_tx_callbackN(xfer, error, 4); 3242 } 3243 3244 static void 3245 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3246 { 3247 run_bulk_tx_callbackN(xfer, error, 5); 3248 } 3249 3250 static void 3251 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3252 { 3253 struct mbuf *m = data->m; 3254 struct ieee80211com *ic = &sc->sc_ic; 3255 struct ieee80211vap *vap = data->ni->ni_vap; 3256 struct ieee80211_frame *wh; 3257 struct rt2870_txd *txd; 3258 struct rt2860_txwi *txwi; 3259 uint16_t xferlen, txwisize; 3260 uint16_t mcs; 3261 uint8_t ridx = data->ridx; 3262 uint8_t pad; 3263 3264 /* get MCS code from rate index */ 3265 mcs = rt2860_rates[ridx].mcs; 3266 3267 txwisize = (sc->mac_ver == 0x5592) ? 3268 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3269 xferlen = txwisize + m->m_pkthdr.len; 3270 3271 /* roundup to 32-bit alignment */ 3272 xferlen = (xferlen + 3) & ~3; 3273 3274 txd = (struct rt2870_txd *)&data->desc; 3275 txd->len = htole16(xferlen); 3276 3277 wh = mtod(m, struct ieee80211_frame *); 3278 3279 /* 3280 * Ether both are true or both are false, the header 3281 * are nicely aligned to 32-bit. So, no L2 padding. 3282 */ 3283 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3284 pad = 0; 3285 else 3286 pad = 2; 3287 3288 /* setup TX Wireless Information */ 3289 txwi = (struct rt2860_txwi *)(txd + 1); 3290 txwi->len = htole16(m->m_pkthdr.len - pad); 3291 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3292 mcs |= RT2860_PHY_CCK; 3293 if (ridx != RT2860_RIDX_CCK1 && 3294 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3295 mcs |= RT2860_PHY_SHPRE; 3296 } else 3297 mcs |= RT2860_PHY_OFDM; 3298 txwi->phy = htole16(mcs); 3299 3300 /* check if RTS/CTS or CTS-to-self protection is required */ 3301 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3302 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3303 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3304 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3305 txwi->txop |= RT2860_TX_TXOP_HT; 3306 else 3307 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3308 3309 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3310 txwi->xflags |= RT2860_TX_NSEQ; 3311 } 3312 3313 /* This function must be called locked */ 3314 static int 3315 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3316 { 3317 struct ieee80211com *ic = &sc->sc_ic; 3318 struct ieee80211vap *vap = ni->ni_vap; 3319 struct ieee80211_frame *wh; 3320 const struct ieee80211_txparam *tp = ni->ni_txparms; 3321 struct run_node *rn = RUN_NODE(ni); 3322 struct run_tx_data *data; 3323 struct rt2870_txd *txd; 3324 struct rt2860_txwi *txwi; 3325 uint16_t qos; 3326 uint16_t dur; 3327 uint16_t qid; 3328 uint8_t type; 3329 uint8_t tid; 3330 uint8_t ridx; 3331 uint8_t ctl_ridx; 3332 uint8_t qflags; 3333 uint8_t xflags = 0; 3334 int hasqos; 3335 3336 RUN_LOCK_ASSERT(sc, MA_OWNED); 3337 3338 wh = mtod(m, struct ieee80211_frame *); 3339 3340 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3341 3342 /* 3343 * There are 7 bulk endpoints: 1 for RX 3344 * and 6 for TX (4 EDCAs + HCCA + Prio). 3345 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3346 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3347 */ 3348 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3349 uint8_t *frm; 3350 3351 if(IEEE80211_HAS_ADDR4(wh)) 3352 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3353 else 3354 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3355 3356 qos = le16toh(*(const uint16_t *)frm); 3357 tid = qos & IEEE80211_QOS_TID; 3358 qid = TID_TO_WME_AC(tid); 3359 } else { 3360 qos = 0; 3361 tid = 0; 3362 qid = WME_AC_BE; 3363 } 3364 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3365 3366 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3367 qos, qid, tid, qflags); 3368 3369 /* pickup a rate index */ 3370 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3371 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3372 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3373 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3374 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3375 } else { 3376 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3377 ridx = rn->fix_ridx; 3378 else 3379 ridx = rn->amrr_ridx; 3380 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3381 } 3382 3383 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3384 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3385 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3386 xflags |= RT2860_TX_ACK; 3387 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3388 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3389 else 3390 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3391 USETW(wh->i_dur, dur); 3392 } 3393 3394 /* reserve slots for mgmt packets, just in case */ 3395 if (sc->sc_epq[qid].tx_nfree < 3) { 3396 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3397 return (-1); 3398 } 3399 3400 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3401 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3402 sc->sc_epq[qid].tx_nfree--; 3403 3404 txd = (struct rt2870_txd *)&data->desc; 3405 txd->flags = qflags; 3406 txwi = (struct rt2860_txwi *)(txd + 1); 3407 txwi->xflags = xflags; 3408 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3409 txwi->wcid = 0; 3410 else 3411 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3412 1 : RUN_AID2WCID(ni->ni_associd); 3413 3414 /* clear leftover garbage bits */ 3415 txwi->flags = 0; 3416 txwi->txop = 0; 3417 3418 data->m = m; 3419 data->ni = ni; 3420 data->ridx = ridx; 3421 3422 run_set_tx_desc(sc, data); 3423 3424 /* 3425 * The chip keeps track of 2 kind of Tx stats, 3426 * * TX_STAT_FIFO, for per WCID stats, and 3427 * * TX_STA_CNT0 for all-TX-in-one stats. 3428 * 3429 * To use FIFO stats, we need to store MCS into the driver-private 3430 * PacketID field. So that, we can tell whose stats when we read them. 3431 * We add 1 to the MCS because setting the PacketID field to 0 means 3432 * that we don't want feedback in TX_STAT_FIFO. 3433 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3434 * 3435 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3436 */ 3437 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3438 vap->iv_opmode == IEEE80211_M_MBSS) { 3439 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3440 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3441 3442 /* 3443 * Unlike PCI based devices, we don't get any interrupt from 3444 * USB devices, so we simulate FIFO-is-full interrupt here. 3445 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3446 * quickly get fulled. To prevent overflow, increment a counter on 3447 * every FIFO stat request, so we know how many slots are left. 3448 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3449 * are used only in those modes. 3450 * We just drain stats. AMRR gets updated every 1 sec by 3451 * run_ratectl_cb() via callout. 3452 * Call it early. Otherwise overflow. 3453 */ 3454 if (sc->fifo_cnt++ == 10) { 3455 /* 3456 * With multiple vaps or if_bridge, if_start() is called 3457 * with a non-sleepable lock, tcpinp. So, need to defer. 3458 */ 3459 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3460 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3461 sc->cmdq[i].func = run_drain_fifo; 3462 sc->cmdq[i].arg0 = sc; 3463 ieee80211_runtask(ic, &sc->cmdq_task); 3464 } 3465 } 3466 3467 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3468 3469 usbd_transfer_start(sc->sc_xfer[qid]); 3470 3471 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3472 "sending data frame len=%d rate=%d qid=%d\n", 3473 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3474 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3475 3476 return (0); 3477 } 3478 3479 static int 3480 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3481 { 3482 struct ieee80211com *ic = &sc->sc_ic; 3483 struct run_node *rn = RUN_NODE(ni); 3484 struct run_tx_data *data; 3485 struct ieee80211_frame *wh; 3486 struct rt2870_txd *txd; 3487 struct rt2860_txwi *txwi; 3488 uint16_t dur; 3489 uint8_t ridx = rn->mgt_ridx; 3490 uint8_t xflags = 0; 3491 uint8_t wflags = 0; 3492 3493 RUN_LOCK_ASSERT(sc, MA_OWNED); 3494 3495 wh = mtod(m, struct ieee80211_frame *); 3496 3497 /* tell hardware to add timestamp for probe responses */ 3498 if ((wh->i_fc[0] & 3499 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3500 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3501 wflags |= RT2860_TX_TS; 3502 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3503 xflags |= RT2860_TX_ACK; 3504 3505 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3506 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3507 USETW(wh->i_dur, dur); 3508 } 3509 3510 if (sc->sc_epq[0].tx_nfree == 0) 3511 /* let caller free mbuf */ 3512 return (EIO); 3513 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3514 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3515 sc->sc_epq[0].tx_nfree--; 3516 3517 txd = (struct rt2870_txd *)&data->desc; 3518 txd->flags = RT2860_TX_QSEL_EDCA; 3519 txwi = (struct rt2860_txwi *)(txd + 1); 3520 txwi->wcid = 0xff; 3521 txwi->flags = wflags; 3522 txwi->xflags = xflags; 3523 txwi->txop = 0; /* clear leftover garbage bits */ 3524 3525 data->m = m; 3526 data->ni = ni; 3527 data->ridx = ridx; 3528 3529 run_set_tx_desc(sc, data); 3530 3531 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3532 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3533 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3534 3535 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3536 3537 usbd_transfer_start(sc->sc_xfer[0]); 3538 3539 return (0); 3540 } 3541 3542 static int 3543 run_sendprot(struct run_softc *sc, 3544 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3545 { 3546 struct ieee80211com *ic = ni->ni_ic; 3547 struct run_tx_data *data; 3548 struct rt2870_txd *txd; 3549 struct rt2860_txwi *txwi; 3550 struct mbuf *mprot; 3551 int ridx; 3552 int protrate; 3553 uint8_t wflags = 0; 3554 uint8_t xflags = 0; 3555 3556 RUN_LOCK_ASSERT(sc, MA_OWNED); 3557 3558 /* check that there are free slots before allocating the mbuf */ 3559 if (sc->sc_epq[0].tx_nfree == 0) 3560 /* let caller free mbuf */ 3561 return (ENOBUFS); 3562 3563 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3564 if (mprot == NULL) { 3565 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3566 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3567 return (ENOBUFS); 3568 } 3569 3570 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3571 wflags = RT2860_TX_FRAG; 3572 xflags = 0; 3573 if (prot == IEEE80211_PROT_RTSCTS) 3574 xflags |= RT2860_TX_ACK; 3575 3576 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3577 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3578 sc->sc_epq[0].tx_nfree--; 3579 3580 txd = (struct rt2870_txd *)&data->desc; 3581 txd->flags = RT2860_TX_QSEL_EDCA; 3582 txwi = (struct rt2860_txwi *)(txd + 1); 3583 txwi->wcid = 0xff; 3584 txwi->flags = wflags; 3585 txwi->xflags = xflags; 3586 txwi->txop = 0; /* clear leftover garbage bits */ 3587 3588 data->m = mprot; 3589 data->ni = ieee80211_ref_node(ni); 3590 3591 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3592 if (rt2860_rates[ridx].rate == protrate) 3593 break; 3594 data->ridx = ridx; 3595 3596 run_set_tx_desc(sc, data); 3597 3598 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3599 m->m_pkthdr.len, rate); 3600 3601 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3602 3603 usbd_transfer_start(sc->sc_xfer[0]); 3604 3605 return (0); 3606 } 3607 3608 static int 3609 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3610 const struct ieee80211_bpf_params *params) 3611 { 3612 struct ieee80211com *ic = ni->ni_ic; 3613 struct run_tx_data *data; 3614 struct rt2870_txd *txd; 3615 struct rt2860_txwi *txwi; 3616 uint8_t ridx; 3617 uint8_t rate; 3618 uint8_t opflags = 0; 3619 uint8_t xflags = 0; 3620 int error; 3621 3622 RUN_LOCK_ASSERT(sc, MA_OWNED); 3623 3624 KASSERT(params != NULL, ("no raw xmit params")); 3625 3626 rate = params->ibp_rate0; 3627 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3628 /* let caller free mbuf */ 3629 return (EINVAL); 3630 } 3631 3632 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3633 xflags |= RT2860_TX_ACK; 3634 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3635 error = run_sendprot(sc, m, ni, 3636 params->ibp_flags & IEEE80211_BPF_RTS ? 3637 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3638 rate); 3639 if (error) { 3640 /* let caller free mbuf */ 3641 return error; 3642 } 3643 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3644 } 3645 3646 if (sc->sc_epq[0].tx_nfree == 0) { 3647 /* let caller free mbuf */ 3648 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3649 "sending raw frame, but tx ring is full\n"); 3650 return (EIO); 3651 } 3652 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3653 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3654 sc->sc_epq[0].tx_nfree--; 3655 3656 txd = (struct rt2870_txd *)&data->desc; 3657 txd->flags = RT2860_TX_QSEL_EDCA; 3658 txwi = (struct rt2860_txwi *)(txd + 1); 3659 txwi->wcid = 0xff; 3660 txwi->xflags = xflags; 3661 txwi->txop = opflags; 3662 txwi->flags = 0; /* clear leftover garbage bits */ 3663 3664 data->m = m; 3665 data->ni = ni; 3666 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3667 if (rt2860_rates[ridx].rate == rate) 3668 break; 3669 data->ridx = ridx; 3670 3671 run_set_tx_desc(sc, data); 3672 3673 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3674 m->m_pkthdr.len, rate); 3675 3676 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3677 3678 usbd_transfer_start(sc->sc_xfer[0]); 3679 3680 return (0); 3681 } 3682 3683 static int 3684 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3685 const struct ieee80211_bpf_params *params) 3686 { 3687 struct run_softc *sc = ni->ni_ic->ic_softc; 3688 int error = 0; 3689 3690 RUN_LOCK(sc); 3691 3692 /* prevent management frames from being sent if we're not ready */ 3693 if (!(sc->sc_flags & RUN_RUNNING)) { 3694 error = ENETDOWN; 3695 goto done; 3696 } 3697 3698 if (params == NULL) { 3699 /* tx mgt packet */ 3700 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3701 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3702 goto done; 3703 } 3704 } else { 3705 /* tx raw packet with param */ 3706 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3707 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3708 goto done; 3709 } 3710 } 3711 3712 done: 3713 RUN_UNLOCK(sc); 3714 3715 if (error != 0) { 3716 if(m != NULL) 3717 m_freem(m); 3718 } 3719 3720 return (error); 3721 } 3722 3723 static int 3724 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3725 { 3726 struct run_softc *sc = ic->ic_softc; 3727 int error; 3728 3729 RUN_LOCK(sc); 3730 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3731 RUN_UNLOCK(sc); 3732 return (ENXIO); 3733 } 3734 error = mbufq_enqueue(&sc->sc_snd, m); 3735 if (error) { 3736 RUN_UNLOCK(sc); 3737 return (error); 3738 } 3739 run_start(sc); 3740 RUN_UNLOCK(sc); 3741 3742 return (0); 3743 } 3744 3745 static void 3746 run_start(struct run_softc *sc) 3747 { 3748 struct ieee80211_node *ni; 3749 struct mbuf *m; 3750 3751 RUN_LOCK_ASSERT(sc, MA_OWNED); 3752 3753 if ((sc->sc_flags & RUN_RUNNING) == 0) 3754 return; 3755 3756 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3757 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3758 if (run_tx(sc, m, ni) != 0) { 3759 mbufq_prepend(&sc->sc_snd, m); 3760 break; 3761 } 3762 } 3763 } 3764 3765 static void 3766 run_parent(struct ieee80211com *ic) 3767 { 3768 struct run_softc *sc = ic->ic_softc; 3769 int startall = 0; 3770 3771 RUN_LOCK(sc); 3772 if (sc->sc_detached) { 3773 RUN_UNLOCK(sc); 3774 return; 3775 } 3776 3777 if (ic->ic_nrunning > 0) { 3778 if (!(sc->sc_flags & RUN_RUNNING)) { 3779 startall = 1; 3780 run_init_locked(sc); 3781 } else 3782 run_update_promisc_locked(sc); 3783 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3784 run_stop(sc); 3785 RUN_UNLOCK(sc); 3786 if (startall) 3787 ieee80211_start_all(ic); 3788 } 3789 3790 static void 3791 run_iq_calib(struct run_softc *sc, u_int chan) 3792 { 3793 uint16_t val; 3794 3795 /* Tx0 IQ gain. */ 3796 run_bbp_write(sc, 158, 0x2c); 3797 if (chan <= 14) 3798 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3799 else if (chan <= 64) { 3800 run_efuse_read(sc, 3801 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3802 &val, 1); 3803 } else if (chan <= 138) { 3804 run_efuse_read(sc, 3805 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3806 &val, 1); 3807 } else if (chan <= 165) { 3808 run_efuse_read(sc, 3809 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3810 &val, 1); 3811 } else 3812 val = 0; 3813 run_bbp_write(sc, 159, val); 3814 3815 /* Tx0 IQ phase. */ 3816 run_bbp_write(sc, 158, 0x2d); 3817 if (chan <= 14) { 3818 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3819 &val, 1); 3820 } else if (chan <= 64) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3823 &val, 1); 3824 } else if (chan <= 138) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3827 &val, 1); 3828 } else if (chan <= 165) { 3829 run_efuse_read(sc, 3830 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3831 &val, 1); 3832 } else 3833 val = 0; 3834 run_bbp_write(sc, 159, val); 3835 3836 /* Tx1 IQ gain. */ 3837 run_bbp_write(sc, 158, 0x4a); 3838 if (chan <= 14) { 3839 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3840 &val, 1); 3841 } else if (chan <= 64) { 3842 run_efuse_read(sc, 3843 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3844 &val, 1); 3845 } else if (chan <= 138) { 3846 run_efuse_read(sc, 3847 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3848 &val, 1); 3849 } else if (chan <= 165) { 3850 run_efuse_read(sc, 3851 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3852 &val, 1); 3853 } else 3854 val = 0; 3855 run_bbp_write(sc, 159, val); 3856 3857 /* Tx1 IQ phase. */ 3858 run_bbp_write(sc, 158, 0x4b); 3859 if (chan <= 14) { 3860 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3861 &val, 1); 3862 } else if (chan <= 64) { 3863 run_efuse_read(sc, 3864 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3865 &val, 1); 3866 } else if (chan <= 138) { 3867 run_efuse_read(sc, 3868 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3869 &val, 1); 3870 } else if (chan <= 165) { 3871 run_efuse_read(sc, 3872 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3873 &val, 1); 3874 } else 3875 val = 0; 3876 run_bbp_write(sc, 159, val); 3877 3878 /* RF IQ compensation control. */ 3879 run_bbp_write(sc, 158, 0x04); 3880 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3881 &val, 1); 3882 run_bbp_write(sc, 159, val); 3883 3884 /* RF IQ imbalance compensation control. */ 3885 run_bbp_write(sc, 158, 0x03); 3886 run_efuse_read(sc, 3887 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3888 run_bbp_write(sc, 159, val); 3889 } 3890 3891 static void 3892 run_set_agc(struct run_softc *sc, uint8_t agc) 3893 { 3894 uint8_t bbp; 3895 3896 if (sc->mac_ver == 0x3572) { 3897 run_bbp_read(sc, 27, &bbp); 3898 bbp &= ~(0x3 << 5); 3899 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3900 run_bbp_write(sc, 66, agc); 3901 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3902 run_bbp_write(sc, 66, agc); 3903 } else 3904 run_bbp_write(sc, 66, agc); 3905 } 3906 3907 static void 3908 run_select_chan_group(struct run_softc *sc, int group) 3909 { 3910 uint32_t tmp; 3911 uint8_t agc; 3912 3913 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3914 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3915 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3916 if (sc->mac_ver < 0x3572) 3917 run_bbp_write(sc, 86, 0x00); 3918 3919 if (sc->mac_ver == 0x3593) { 3920 run_bbp_write(sc, 77, 0x98); 3921 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3922 } 3923 3924 if (group == 0) { 3925 if (sc->ext_2ghz_lna) { 3926 if (sc->mac_ver >= 0x5390) 3927 run_bbp_write(sc, 75, 0x52); 3928 else { 3929 run_bbp_write(sc, 82, 0x62); 3930 run_bbp_write(sc, 75, 0x46); 3931 } 3932 } else { 3933 if (sc->mac_ver == 0x5592) { 3934 run_bbp_write(sc, 79, 0x1c); 3935 run_bbp_write(sc, 80, 0x0e); 3936 run_bbp_write(sc, 81, 0x3a); 3937 run_bbp_write(sc, 82, 0x62); 3938 3939 run_bbp_write(sc, 195, 0x80); 3940 run_bbp_write(sc, 196, 0xe0); 3941 run_bbp_write(sc, 195, 0x81); 3942 run_bbp_write(sc, 196, 0x1f); 3943 run_bbp_write(sc, 195, 0x82); 3944 run_bbp_write(sc, 196, 0x38); 3945 run_bbp_write(sc, 195, 0x83); 3946 run_bbp_write(sc, 196, 0x32); 3947 run_bbp_write(sc, 195, 0x85); 3948 run_bbp_write(sc, 196, 0x28); 3949 run_bbp_write(sc, 195, 0x86); 3950 run_bbp_write(sc, 196, 0x19); 3951 } else if (sc->mac_ver >= 0x5390) 3952 run_bbp_write(sc, 75, 0x50); 3953 else { 3954 run_bbp_write(sc, 82, 3955 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3956 run_bbp_write(sc, 75, 0x50); 3957 } 3958 } 3959 } else { 3960 if (sc->mac_ver == 0x5592) { 3961 run_bbp_write(sc, 79, 0x18); 3962 run_bbp_write(sc, 80, 0x08); 3963 run_bbp_write(sc, 81, 0x38); 3964 run_bbp_write(sc, 82, 0x92); 3965 3966 run_bbp_write(sc, 195, 0x80); 3967 run_bbp_write(sc, 196, 0xf0); 3968 run_bbp_write(sc, 195, 0x81); 3969 run_bbp_write(sc, 196, 0x1e); 3970 run_bbp_write(sc, 195, 0x82); 3971 run_bbp_write(sc, 196, 0x28); 3972 run_bbp_write(sc, 195, 0x83); 3973 run_bbp_write(sc, 196, 0x20); 3974 run_bbp_write(sc, 195, 0x85); 3975 run_bbp_write(sc, 196, 0x7f); 3976 run_bbp_write(sc, 195, 0x86); 3977 run_bbp_write(sc, 196, 0x7f); 3978 } else if (sc->mac_ver == 0x3572) 3979 run_bbp_write(sc, 82, 0x94); 3980 else 3981 run_bbp_write(sc, 82, 3982 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3983 if (sc->ext_5ghz_lna) 3984 run_bbp_write(sc, 75, 0x46); 3985 else 3986 run_bbp_write(sc, 75, 0x50); 3987 } 3988 3989 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3990 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3991 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3992 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3993 3994 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3995 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3996 if (sc->mac_ver == 0x3593) 3997 tmp |= 1 << 29 | 1 << 28; 3998 if (sc->nrxchains > 1) 3999 tmp |= RT2860_LNA_PE1_EN; 4000 if (group == 0) { /* 2GHz */ 4001 tmp |= RT2860_PA_PE_G0_EN; 4002 if (sc->ntxchains > 1) 4003 tmp |= RT2860_PA_PE_G1_EN; 4004 if (sc->mac_ver == 0x3593) { 4005 if (sc->ntxchains > 2) 4006 tmp |= 1 << 25; 4007 } 4008 } else { /* 5GHz */ 4009 tmp |= RT2860_PA_PE_A0_EN; 4010 if (sc->ntxchains > 1) 4011 tmp |= RT2860_PA_PE_A1_EN; 4012 } 4013 if (sc->mac_ver == 0x3572) { 4014 run_rt3070_rf_write(sc, 8, 0x00); 4015 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4016 run_rt3070_rf_write(sc, 8, 0x80); 4017 } else 4018 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4019 4020 if (sc->mac_ver == 0x5592) { 4021 run_bbp_write(sc, 195, 0x8d); 4022 run_bbp_write(sc, 196, 0x1a); 4023 } 4024 4025 if (sc->mac_ver == 0x3593) { 4026 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4027 tmp &= ~0x01010000; 4028 if (group == 0) 4029 tmp |= 0x00010000; 4030 tmp = (tmp & ~0x00009090) | 0x00000090; 4031 run_write(sc, RT2860_GPIO_CTRL, tmp); 4032 } 4033 4034 /* set initial AGC value */ 4035 if (group == 0) { /* 2GHz band */ 4036 if (sc->mac_ver >= 0x3070) 4037 agc = 0x1c + sc->lna[0] * 2; 4038 else 4039 agc = 0x2e + sc->lna[0]; 4040 } else { /* 5GHz band */ 4041 if (sc->mac_ver == 0x5592) 4042 agc = 0x24 + sc->lna[group] * 2; 4043 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4044 agc = 0x22 + (sc->lna[group] * 5) / 3; 4045 else 4046 agc = 0x32 + (sc->lna[group] * 5) / 3; 4047 } 4048 run_set_agc(sc, agc); 4049 } 4050 4051 static void 4052 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4053 { 4054 const struct rfprog *rfprog = rt2860_rf2850; 4055 uint32_t r2, r3, r4; 4056 int8_t txpow1, txpow2; 4057 int i; 4058 4059 /* find the settings for this channel (we know it exists) */ 4060 for (i = 0; rfprog[i].chan != chan; i++); 4061 4062 r2 = rfprog[i].r2; 4063 if (sc->ntxchains == 1) 4064 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4065 if (sc->nrxchains == 1) 4066 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4067 else if (sc->nrxchains == 2) 4068 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4069 4070 /* use Tx power values from EEPROM */ 4071 txpow1 = sc->txpow1[i]; 4072 txpow2 = sc->txpow2[i]; 4073 4074 /* Initialize RF R3 and R4. */ 4075 r3 = rfprog[i].r3 & 0xffffc1ff; 4076 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4077 if (chan > 14) { 4078 if (txpow1 >= 0) { 4079 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4080 r3 |= (txpow1 << 10) | (1 << 9); 4081 } else { 4082 txpow1 += 7; 4083 4084 /* txpow1 is not possible larger than 15. */ 4085 r3 |= (txpow1 << 10); 4086 } 4087 if (txpow2 >= 0) { 4088 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4089 r4 |= (txpow2 << 7) | (1 << 6); 4090 } else { 4091 txpow2 += 7; 4092 r4 |= (txpow2 << 7); 4093 } 4094 } else { 4095 /* Set Tx0 power. */ 4096 r3 |= (txpow1 << 9); 4097 4098 /* Set frequency offset and Tx1 power. */ 4099 r4 |= (txpow2 << 6); 4100 } 4101 4102 run_rt2870_rf_write(sc, rfprog[i].r1); 4103 run_rt2870_rf_write(sc, r2); 4104 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4105 run_rt2870_rf_write(sc, r4); 4106 4107 run_delay(sc, 10); 4108 4109 run_rt2870_rf_write(sc, rfprog[i].r1); 4110 run_rt2870_rf_write(sc, r2); 4111 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4112 run_rt2870_rf_write(sc, r4); 4113 4114 run_delay(sc, 10); 4115 4116 run_rt2870_rf_write(sc, rfprog[i].r1); 4117 run_rt2870_rf_write(sc, r2); 4118 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4119 run_rt2870_rf_write(sc, r4); 4120 } 4121 4122 static void 4123 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4124 { 4125 int8_t txpow1, txpow2; 4126 uint8_t rf; 4127 int i; 4128 4129 /* find the settings for this channel (we know it exists) */ 4130 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4131 4132 /* use Tx power values from EEPROM */ 4133 txpow1 = sc->txpow1[i]; 4134 txpow2 = sc->txpow2[i]; 4135 4136 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4137 4138 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4139 run_rt3070_rf_read(sc, 3, &rf); 4140 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4141 run_rt3070_rf_write(sc, 3, rf); 4142 4143 run_rt3070_rf_read(sc, 6, &rf); 4144 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4145 run_rt3070_rf_write(sc, 6, rf); 4146 4147 /* set Tx0 power */ 4148 run_rt3070_rf_read(sc, 12, &rf); 4149 rf = (rf & ~0x1f) | txpow1; 4150 run_rt3070_rf_write(sc, 12, rf); 4151 4152 /* set Tx1 power */ 4153 run_rt3070_rf_read(sc, 13, &rf); 4154 rf = (rf & ~0x1f) | txpow2; 4155 run_rt3070_rf_write(sc, 13, rf); 4156 4157 run_rt3070_rf_read(sc, 1, &rf); 4158 rf &= ~0xfc; 4159 if (sc->ntxchains == 1) 4160 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4161 else if (sc->ntxchains == 2) 4162 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4163 if (sc->nrxchains == 1) 4164 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4165 else if (sc->nrxchains == 2) 4166 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4167 run_rt3070_rf_write(sc, 1, rf); 4168 4169 /* set RF offset */ 4170 run_rt3070_rf_read(sc, 23, &rf); 4171 rf = (rf & ~0x7f) | sc->freq; 4172 run_rt3070_rf_write(sc, 23, rf); 4173 4174 /* program RF filter */ 4175 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4176 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4177 run_rt3070_rf_write(sc, 24, rf); 4178 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4179 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4180 run_rt3070_rf_write(sc, 31, rf); 4181 4182 /* enable RF tuning */ 4183 run_rt3070_rf_read(sc, 7, &rf); 4184 run_rt3070_rf_write(sc, 7, rf | 0x01); 4185 } 4186 4187 static void 4188 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4189 { 4190 int8_t txpow1, txpow2; 4191 uint32_t tmp; 4192 uint8_t rf; 4193 int i; 4194 4195 /* find the settings for this channel (we know it exists) */ 4196 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4197 4198 /* use Tx power values from EEPROM */ 4199 txpow1 = sc->txpow1[i]; 4200 txpow2 = sc->txpow2[i]; 4201 4202 if (chan <= 14) { 4203 run_bbp_write(sc, 25, sc->bbp25); 4204 run_bbp_write(sc, 26, sc->bbp26); 4205 } else { 4206 /* enable IQ phase correction */ 4207 run_bbp_write(sc, 25, 0x09); 4208 run_bbp_write(sc, 26, 0xff); 4209 } 4210 4211 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4212 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4213 run_rt3070_rf_read(sc, 6, &rf); 4214 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4215 rf |= (chan <= 14) ? 0x08 : 0x04; 4216 run_rt3070_rf_write(sc, 6, rf); 4217 4218 /* set PLL mode */ 4219 run_rt3070_rf_read(sc, 5, &rf); 4220 rf &= ~(0x08 | 0x04); 4221 rf |= (chan <= 14) ? 0x04 : 0x08; 4222 run_rt3070_rf_write(sc, 5, rf); 4223 4224 /* set Tx power for chain 0 */ 4225 if (chan <= 14) 4226 rf = 0x60 | txpow1; 4227 else 4228 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4229 run_rt3070_rf_write(sc, 12, rf); 4230 4231 /* set Tx power for chain 1 */ 4232 if (chan <= 14) 4233 rf = 0x60 | txpow2; 4234 else 4235 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4236 run_rt3070_rf_write(sc, 13, rf); 4237 4238 /* set Tx/Rx streams */ 4239 run_rt3070_rf_read(sc, 1, &rf); 4240 rf &= ~0xfc; 4241 if (sc->ntxchains == 1) 4242 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4243 else if (sc->ntxchains == 2) 4244 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4245 if (sc->nrxchains == 1) 4246 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4247 else if (sc->nrxchains == 2) 4248 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4249 run_rt3070_rf_write(sc, 1, rf); 4250 4251 /* set RF offset */ 4252 run_rt3070_rf_read(sc, 23, &rf); 4253 rf = (rf & ~0x7f) | sc->freq; 4254 run_rt3070_rf_write(sc, 23, rf); 4255 4256 /* program RF filter */ 4257 rf = sc->rf24_20mhz; 4258 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4259 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4260 4261 /* enable RF tuning */ 4262 run_rt3070_rf_read(sc, 7, &rf); 4263 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4264 run_rt3070_rf_write(sc, 7, rf); 4265 4266 /* TSSI */ 4267 rf = (chan <= 14) ? 0xc3 : 0xc0; 4268 run_rt3070_rf_write(sc, 9, rf); 4269 4270 /* set loop filter 1 */ 4271 run_rt3070_rf_write(sc, 10, 0xf1); 4272 /* set loop filter 2 */ 4273 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4274 4275 /* set tx_mx2_ic */ 4276 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4277 /* set tx_mx1_ic */ 4278 if (chan <= 14) 4279 rf = 0x48 | sc->txmixgain_2ghz; 4280 else 4281 rf = 0x78 | sc->txmixgain_5ghz; 4282 run_rt3070_rf_write(sc, 16, rf); 4283 4284 /* set tx_lo1 */ 4285 run_rt3070_rf_write(sc, 17, 0x23); 4286 /* set tx_lo2 */ 4287 if (chan <= 14) 4288 rf = 0x93; 4289 else if (chan <= 64) 4290 rf = 0xb7; 4291 else if (chan <= 128) 4292 rf = 0x74; 4293 else 4294 rf = 0x72; 4295 run_rt3070_rf_write(sc, 19, rf); 4296 4297 /* set rx_lo1 */ 4298 if (chan <= 14) 4299 rf = 0xb3; 4300 else if (chan <= 64) 4301 rf = 0xf6; 4302 else if (chan <= 128) 4303 rf = 0xf4; 4304 else 4305 rf = 0xf3; 4306 run_rt3070_rf_write(sc, 20, rf); 4307 4308 /* set pfd_delay */ 4309 if (chan <= 14) 4310 rf = 0x15; 4311 else if (chan <= 64) 4312 rf = 0x3d; 4313 else 4314 rf = 0x01; 4315 run_rt3070_rf_write(sc, 25, rf); 4316 4317 /* set rx_lo2 */ 4318 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4319 /* set ldo_rf_vc */ 4320 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4321 /* set drv_cc */ 4322 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4323 4324 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4325 tmp &= ~0x8080; 4326 if (chan <= 14) 4327 tmp |= 0x80; 4328 run_write(sc, RT2860_GPIO_CTRL, tmp); 4329 4330 /* enable RF tuning */ 4331 run_rt3070_rf_read(sc, 7, &rf); 4332 run_rt3070_rf_write(sc, 7, rf | 0x01); 4333 4334 run_delay(sc, 2); 4335 } 4336 4337 static void 4338 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4339 { 4340 int8_t txpow1, txpow2, txpow3; 4341 uint8_t h20mhz, rf; 4342 int i; 4343 4344 /* find the settings for this channel (we know it exists) */ 4345 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4346 4347 /* use Tx power values from EEPROM */ 4348 txpow1 = sc->txpow1[i]; 4349 txpow2 = sc->txpow2[i]; 4350 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4351 4352 if (chan <= 14) { 4353 run_bbp_write(sc, 25, sc->bbp25); 4354 run_bbp_write(sc, 26, sc->bbp26); 4355 } else { 4356 /* Enable IQ phase correction. */ 4357 run_bbp_write(sc, 25, 0x09); 4358 run_bbp_write(sc, 26, 0xff); 4359 } 4360 4361 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4362 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4363 run_rt3070_rf_read(sc, 11, &rf); 4364 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4365 run_rt3070_rf_write(sc, 11, rf); 4366 4367 /* Set pll_idoh. */ 4368 run_rt3070_rf_read(sc, 11, &rf); 4369 rf &= ~0x4c; 4370 rf |= (chan <= 14) ? 0x44 : 0x48; 4371 run_rt3070_rf_write(sc, 11, rf); 4372 4373 if (chan <= 14) 4374 rf = txpow1 & 0x1f; 4375 else 4376 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4377 run_rt3070_rf_write(sc, 53, rf); 4378 4379 if (chan <= 14) 4380 rf = txpow2 & 0x1f; 4381 else 4382 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4383 run_rt3070_rf_write(sc, 55, rf); 4384 4385 if (chan <= 14) 4386 rf = txpow3 & 0x1f; 4387 else 4388 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4389 run_rt3070_rf_write(sc, 54, rf); 4390 4391 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4392 if (sc->ntxchains == 3) 4393 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4394 else 4395 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4396 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4397 run_rt3070_rf_write(sc, 1, rf); 4398 4399 run_adjust_freq_offset(sc); 4400 4401 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4402 4403 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4404 run_rt3070_rf_read(sc, 30, &rf); 4405 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4406 run_rt3070_rf_write(sc, 30, rf); 4407 4408 run_rt3070_rf_read(sc, 36, &rf); 4409 if (chan <= 14) 4410 rf |= 0x80; 4411 else 4412 rf &= ~0x80; 4413 run_rt3070_rf_write(sc, 36, rf); 4414 4415 /* Set vcolo_bs. */ 4416 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4417 /* Set pfd_delay. */ 4418 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4419 4420 /* Set vco bias current control. */ 4421 run_rt3070_rf_read(sc, 6, &rf); 4422 rf &= ~0xc0; 4423 if (chan <= 14) 4424 rf |= 0x40; 4425 else if (chan <= 128) 4426 rf |= 0x80; 4427 else 4428 rf |= 0x40; 4429 run_rt3070_rf_write(sc, 6, rf); 4430 4431 run_rt3070_rf_read(sc, 30, &rf); 4432 rf = (rf & ~0x18) | 0x10; 4433 run_rt3070_rf_write(sc, 30, rf); 4434 4435 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4436 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4437 4438 run_rt3070_rf_read(sc, 51, &rf); 4439 rf = (rf & ~0x03) | 0x01; 4440 run_rt3070_rf_write(sc, 51, rf); 4441 /* Set tx_mx1_cc. */ 4442 run_rt3070_rf_read(sc, 51, &rf); 4443 rf &= ~0x1c; 4444 rf |= (chan <= 14) ? 0x14 : 0x10; 4445 run_rt3070_rf_write(sc, 51, rf); 4446 /* Set tx_mx1_ic. */ 4447 run_rt3070_rf_read(sc, 51, &rf); 4448 rf &= ~0xe0; 4449 rf |= (chan <= 14) ? 0x60 : 0x40; 4450 run_rt3070_rf_write(sc, 51, rf); 4451 /* Set tx_lo1_ic. */ 4452 run_rt3070_rf_read(sc, 49, &rf); 4453 rf &= ~0x1c; 4454 rf |= (chan <= 14) ? 0x0c : 0x08; 4455 run_rt3070_rf_write(sc, 49, rf); 4456 /* Set tx_lo1_en. */ 4457 run_rt3070_rf_read(sc, 50, &rf); 4458 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4459 /* Set drv_cc. */ 4460 run_rt3070_rf_read(sc, 57, &rf); 4461 rf &= ~0xfc; 4462 rf |= (chan <= 14) ? 0x6c : 0x3c; 4463 run_rt3070_rf_write(sc, 57, rf); 4464 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4465 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4466 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4467 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4468 /* Enable VCO calibration. */ 4469 run_rt3070_rf_read(sc, 3, &rf); 4470 rf &= ~RT5390_VCOCAL; 4471 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4472 run_rt3070_rf_write(sc, 3, rf); 4473 4474 if (chan <= 14) 4475 rf = 0x23; 4476 else if (chan <= 64) 4477 rf = 0x36; 4478 else if (chan <= 128) 4479 rf = 0x32; 4480 else 4481 rf = 0x30; 4482 run_rt3070_rf_write(sc, 39, rf); 4483 if (chan <= 14) 4484 rf = 0xbb; 4485 else if (chan <= 64) 4486 rf = 0xeb; 4487 else if (chan <= 128) 4488 rf = 0xb3; 4489 else 4490 rf = 0x9b; 4491 run_rt3070_rf_write(sc, 45, rf); 4492 4493 /* Set FEQ/AEQ control. */ 4494 run_bbp_write(sc, 105, 0x34); 4495 } 4496 4497 static void 4498 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4499 { 4500 int8_t txpow1, txpow2; 4501 uint8_t rf; 4502 int i; 4503 4504 /* find the settings for this channel (we know it exists) */ 4505 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4506 4507 /* use Tx power values from EEPROM */ 4508 txpow1 = sc->txpow1[i]; 4509 txpow2 = sc->txpow2[i]; 4510 4511 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4512 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4513 run_rt3070_rf_read(sc, 11, &rf); 4514 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4515 run_rt3070_rf_write(sc, 11, rf); 4516 4517 run_rt3070_rf_read(sc, 49, &rf); 4518 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4519 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4520 if ((rf & 0x3f) > 0x27) 4521 rf = (rf & ~0x3f) | 0x27; 4522 run_rt3070_rf_write(sc, 49, rf); 4523 4524 if (sc->mac_ver == 0x5392) { 4525 run_rt3070_rf_read(sc, 50, &rf); 4526 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4527 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4528 if ((rf & 0x3f) > 0x27) 4529 rf = (rf & ~0x3f) | 0x27; 4530 run_rt3070_rf_write(sc, 50, rf); 4531 } 4532 4533 run_rt3070_rf_read(sc, 1, &rf); 4534 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4535 if (sc->mac_ver == 0x5392) 4536 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4537 run_rt3070_rf_write(sc, 1, rf); 4538 4539 if (sc->mac_ver != 0x5392) { 4540 run_rt3070_rf_read(sc, 2, &rf); 4541 rf |= 0x80; 4542 run_rt3070_rf_write(sc, 2, rf); 4543 run_delay(sc, 10); 4544 rf &= 0x7f; 4545 run_rt3070_rf_write(sc, 2, rf); 4546 } 4547 4548 run_adjust_freq_offset(sc); 4549 4550 if (sc->mac_ver == 0x5392) { 4551 /* Fix for RT5392C. */ 4552 if (sc->mac_rev >= 0x0223) { 4553 if (chan <= 4) 4554 rf = 0x0f; 4555 else if (chan >= 5 && chan <= 7) 4556 rf = 0x0e; 4557 else 4558 rf = 0x0d; 4559 run_rt3070_rf_write(sc, 23, rf); 4560 4561 if (chan <= 4) 4562 rf = 0x0c; 4563 else if (chan == 5) 4564 rf = 0x0b; 4565 else if (chan >= 6 && chan <= 7) 4566 rf = 0x0a; 4567 else if (chan >= 8 && chan <= 10) 4568 rf = 0x09; 4569 else 4570 rf = 0x08; 4571 run_rt3070_rf_write(sc, 59, rf); 4572 } else { 4573 if (chan <= 11) 4574 rf = 0x0f; 4575 else 4576 rf = 0x0b; 4577 run_rt3070_rf_write(sc, 59, rf); 4578 } 4579 } else { 4580 /* Fix for RT5390F. */ 4581 if (sc->mac_rev >= 0x0502) { 4582 if (chan <= 11) 4583 rf = 0x43; 4584 else 4585 rf = 0x23; 4586 run_rt3070_rf_write(sc, 55, rf); 4587 4588 if (chan <= 11) 4589 rf = 0x0f; 4590 else if (chan == 12) 4591 rf = 0x0d; 4592 else 4593 rf = 0x0b; 4594 run_rt3070_rf_write(sc, 59, rf); 4595 } else { 4596 run_rt3070_rf_write(sc, 55, 0x44); 4597 run_rt3070_rf_write(sc, 59, 0x8f); 4598 } 4599 } 4600 4601 /* Enable VCO calibration. */ 4602 run_rt3070_rf_read(sc, 3, &rf); 4603 rf |= RT5390_VCOCAL; 4604 run_rt3070_rf_write(sc, 3, rf); 4605 } 4606 4607 static void 4608 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4609 { 4610 const struct rt5592_freqs *freqs; 4611 uint32_t tmp; 4612 uint8_t reg, rf, txpow_bound; 4613 int8_t txpow1, txpow2; 4614 int i; 4615 4616 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4617 freqs = (tmp & RT5592_SEL_XTAL) ? 4618 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4619 4620 /* find the settings for this channel (we know it exists) */ 4621 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4622 4623 /* use Tx power values from EEPROM */ 4624 txpow1 = sc->txpow1[i]; 4625 txpow2 = sc->txpow2[i]; 4626 4627 run_read(sc, RT3070_LDO_CFG0, &tmp); 4628 tmp &= ~0x1c000000; 4629 if (chan > 14) 4630 tmp |= 0x14000000; 4631 run_write(sc, RT3070_LDO_CFG0, tmp); 4632 4633 /* N setting. */ 4634 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4635 run_rt3070_rf_read(sc, 9, &rf); 4636 rf &= ~(1 << 4); 4637 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4638 run_rt3070_rf_write(sc, 9, rf); 4639 4640 /* K setting. */ 4641 run_rt3070_rf_read(sc, 9, &rf); 4642 rf &= ~0x0f; 4643 rf |= (freqs->k & 0x0f); 4644 run_rt3070_rf_write(sc, 9, rf); 4645 4646 /* Mode setting. */ 4647 run_rt3070_rf_read(sc, 11, &rf); 4648 rf &= ~0x0c; 4649 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4650 run_rt3070_rf_write(sc, 11, rf); 4651 run_rt3070_rf_read(sc, 9, &rf); 4652 rf &= ~(1 << 7); 4653 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4654 run_rt3070_rf_write(sc, 9, rf); 4655 4656 /* R setting. */ 4657 run_rt3070_rf_read(sc, 11, &rf); 4658 rf &= ~0x03; 4659 rf |= (freqs->r - 0x1); 4660 run_rt3070_rf_write(sc, 11, rf); 4661 4662 if (chan <= 14) { 4663 /* Initialize RF registers for 2GHZ. */ 4664 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4665 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4666 rt5592_2ghz_def_rf[i].val); 4667 } 4668 4669 rf = (chan <= 10) ? 0x07 : 0x06; 4670 run_rt3070_rf_write(sc, 23, rf); 4671 run_rt3070_rf_write(sc, 59, rf); 4672 4673 run_rt3070_rf_write(sc, 55, 0x43); 4674 4675 /* 4676 * RF R49/R50 Tx power ALC code. 4677 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4678 */ 4679 reg = 2; 4680 txpow_bound = 0x27; 4681 } else { 4682 /* Initialize RF registers for 5GHZ. */ 4683 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4684 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4685 rt5592_5ghz_def_rf[i].val); 4686 } 4687 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4688 if (chan >= rt5592_chan_5ghz[i].firstchan && 4689 chan <= rt5592_chan_5ghz[i].lastchan) { 4690 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4691 rt5592_chan_5ghz[i].val); 4692 } 4693 } 4694 4695 /* 4696 * RF R49/R50 Tx power ALC code. 4697 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4698 */ 4699 reg = 3; 4700 txpow_bound = 0x2b; 4701 } 4702 4703 /* RF R49 ch0 Tx power ALC code. */ 4704 run_rt3070_rf_read(sc, 49, &rf); 4705 rf &= ~0xc0; 4706 rf |= (reg << 6); 4707 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4708 if ((rf & 0x3f) > txpow_bound) 4709 rf = (rf & ~0x3f) | txpow_bound; 4710 run_rt3070_rf_write(sc, 49, rf); 4711 4712 /* RF R50 ch1 Tx power ALC code. */ 4713 run_rt3070_rf_read(sc, 50, &rf); 4714 rf &= ~(1 << 7 | 1 << 6); 4715 rf |= (reg << 6); 4716 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4717 if ((rf & 0x3f) > txpow_bound) 4718 rf = (rf & ~0x3f) | txpow_bound; 4719 run_rt3070_rf_write(sc, 50, rf); 4720 4721 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4722 run_rt3070_rf_read(sc, 1, &rf); 4723 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4724 if (sc->ntxchains > 1) 4725 rf |= RT3070_TX1_PD; 4726 if (sc->nrxchains > 1) 4727 rf |= RT3070_RX1_PD; 4728 run_rt3070_rf_write(sc, 1, rf); 4729 4730 run_rt3070_rf_write(sc, 6, 0xe4); 4731 4732 run_rt3070_rf_write(sc, 30, 0x10); 4733 run_rt3070_rf_write(sc, 31, 0x80); 4734 run_rt3070_rf_write(sc, 32, 0x80); 4735 4736 run_adjust_freq_offset(sc); 4737 4738 /* Enable VCO calibration. */ 4739 run_rt3070_rf_read(sc, 3, &rf); 4740 rf |= RT5390_VCOCAL; 4741 run_rt3070_rf_write(sc, 3, rf); 4742 } 4743 4744 static void 4745 run_set_rx_antenna(struct run_softc *sc, int aux) 4746 { 4747 uint32_t tmp; 4748 uint8_t bbp152; 4749 4750 if (aux) { 4751 if (sc->rf_rev == RT5390_RF_5370) { 4752 run_bbp_read(sc, 152, &bbp152); 4753 run_bbp_write(sc, 152, bbp152 & ~0x80); 4754 } else { 4755 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4756 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4757 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4758 } 4759 } else { 4760 if (sc->rf_rev == RT5390_RF_5370) { 4761 run_bbp_read(sc, 152, &bbp152); 4762 run_bbp_write(sc, 152, bbp152 | 0x80); 4763 } else { 4764 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4765 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4766 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4767 } 4768 } 4769 } 4770 4771 static int 4772 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4773 { 4774 struct ieee80211com *ic = &sc->sc_ic; 4775 u_int chan, group; 4776 4777 chan = ieee80211_chan2ieee(ic, c); 4778 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4779 return (EINVAL); 4780 4781 if (sc->mac_ver == 0x5592) 4782 run_rt5592_set_chan(sc, chan); 4783 else if (sc->mac_ver >= 0x5390) 4784 run_rt5390_set_chan(sc, chan); 4785 else if (sc->mac_ver == 0x3593) 4786 run_rt3593_set_chan(sc, chan); 4787 else if (sc->mac_ver == 0x3572) 4788 run_rt3572_set_chan(sc, chan); 4789 else if (sc->mac_ver >= 0x3070) 4790 run_rt3070_set_chan(sc, chan); 4791 else 4792 run_rt2870_set_chan(sc, chan); 4793 4794 /* determine channel group */ 4795 if (chan <= 14) 4796 group = 0; 4797 else if (chan <= 64) 4798 group = 1; 4799 else if (chan <= 128) 4800 group = 2; 4801 else 4802 group = 3; 4803 4804 /* XXX necessary only when group has changed! */ 4805 run_select_chan_group(sc, group); 4806 4807 run_delay(sc, 10); 4808 4809 /* Perform IQ calibration. */ 4810 if (sc->mac_ver >= 0x5392) 4811 run_iq_calib(sc, chan); 4812 4813 return (0); 4814 } 4815 4816 static void 4817 run_set_channel(struct ieee80211com *ic) 4818 { 4819 struct run_softc *sc = ic->ic_softc; 4820 4821 RUN_LOCK(sc); 4822 run_set_chan(sc, ic->ic_curchan); 4823 RUN_UNLOCK(sc); 4824 4825 return; 4826 } 4827 4828 static void 4829 run_getradiocaps(struct ieee80211com *ic, 4830 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4831 { 4832 struct run_softc *sc = ic->ic_softc; 4833 uint8_t bands[IEEE80211_MODE_BYTES]; 4834 4835 memset(bands, 0, sizeof(bands)); 4836 setbit(bands, IEEE80211_MODE_11B); 4837 setbit(bands, IEEE80211_MODE_11G); 4838 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 4839 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0); 4840 4841 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4842 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4843 sc->rf_rev == RT5592_RF_5592) { 4844 setbit(bands, IEEE80211_MODE_11A); 4845 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4846 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4847 } 4848 } 4849 4850 static void 4851 run_scan_start(struct ieee80211com *ic) 4852 { 4853 struct run_softc *sc = ic->ic_softc; 4854 uint32_t tmp; 4855 4856 RUN_LOCK(sc); 4857 4858 /* abort TSF synchronization */ 4859 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4860 run_write(sc, RT2860_BCN_TIME_CFG, 4861 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4862 RT2860_TBTT_TIMER_EN)); 4863 run_set_bssid(sc, ieee80211broadcastaddr); 4864 4865 RUN_UNLOCK(sc); 4866 4867 return; 4868 } 4869 4870 static void 4871 run_scan_end(struct ieee80211com *ic) 4872 { 4873 struct run_softc *sc = ic->ic_softc; 4874 4875 RUN_LOCK(sc); 4876 4877 run_enable_tsf_sync(sc); 4878 run_set_bssid(sc, sc->sc_bssid); 4879 4880 RUN_UNLOCK(sc); 4881 4882 return; 4883 } 4884 4885 /* 4886 * Could be called from ieee80211_node_timeout() 4887 * (non-sleepable thread) 4888 */ 4889 static void 4890 run_update_beacon(struct ieee80211vap *vap, int item) 4891 { 4892 struct ieee80211com *ic = vap->iv_ic; 4893 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4894 struct ieee80211_node *ni = vap->iv_bss; 4895 struct run_softc *sc = ic->ic_softc; 4896 struct run_vap *rvp = RUN_VAP(vap); 4897 int mcast = 0; 4898 uint32_t i; 4899 4900 switch (item) { 4901 case IEEE80211_BEACON_ERP: 4902 run_updateslot(ic); 4903 break; 4904 case IEEE80211_BEACON_HTINFO: 4905 run_updateprot(ic); 4906 break; 4907 case IEEE80211_BEACON_TIM: 4908 mcast = 1; /*TODO*/ 4909 break; 4910 default: 4911 break; 4912 } 4913 4914 setbit(bo->bo_flags, item); 4915 if (rvp->beacon_mbuf == NULL) { 4916 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4917 if (rvp->beacon_mbuf == NULL) 4918 return; 4919 } 4920 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4921 4922 i = RUN_CMDQ_GET(&sc->cmdq_store); 4923 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4924 sc->cmdq[i].func = run_update_beacon_cb; 4925 sc->cmdq[i].arg0 = vap; 4926 ieee80211_runtask(ic, &sc->cmdq_task); 4927 4928 return; 4929 } 4930 4931 static void 4932 run_update_beacon_cb(void *arg) 4933 { 4934 struct ieee80211vap *vap = arg; 4935 struct ieee80211_node *ni = vap->iv_bss; 4936 struct run_vap *rvp = RUN_VAP(vap); 4937 struct ieee80211com *ic = vap->iv_ic; 4938 struct run_softc *sc = ic->ic_softc; 4939 struct rt2860_txwi txwi; 4940 struct mbuf *m; 4941 uint16_t txwisize; 4942 uint8_t ridx; 4943 4944 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4945 return; 4946 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4947 return; 4948 4949 /* 4950 * No need to call ieee80211_beacon_update(), run_update_beacon() 4951 * is taking care of appropriate calls. 4952 */ 4953 if (rvp->beacon_mbuf == NULL) { 4954 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4955 if (rvp->beacon_mbuf == NULL) 4956 return; 4957 } 4958 m = rvp->beacon_mbuf; 4959 4960 memset(&txwi, 0, sizeof(txwi)); 4961 txwi.wcid = 0xff; 4962 txwi.len = htole16(m->m_pkthdr.len); 4963 4964 /* send beacons at the lowest available rate */ 4965 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4966 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4967 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4968 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4969 txwi.phy |= htole16(RT2860_PHY_OFDM); 4970 txwi.txop = RT2860_TX_TXOP_HT; 4971 txwi.flags = RT2860_TX_TS; 4972 txwi.xflags = RT2860_TX_NSEQ; 4973 4974 txwisize = (sc->mac_ver == 0x5592) ? 4975 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4976 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4977 txwisize); 4978 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4979 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4980 } 4981 4982 static void 4983 run_updateprot(struct ieee80211com *ic) 4984 { 4985 struct run_softc *sc = ic->ic_softc; 4986 uint32_t i; 4987 4988 i = RUN_CMDQ_GET(&sc->cmdq_store); 4989 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4990 sc->cmdq[i].func = run_updateprot_cb; 4991 sc->cmdq[i].arg0 = ic; 4992 ieee80211_runtask(ic, &sc->cmdq_task); 4993 } 4994 4995 static void 4996 run_updateprot_cb(void *arg) 4997 { 4998 struct ieee80211com *ic = arg; 4999 struct run_softc *sc = ic->ic_softc; 5000 uint32_t tmp; 5001 5002 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5003 /* setup protection frame rate (MCS code) */ 5004 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5005 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5006 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5007 5008 /* CCK frames don't require protection */ 5009 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5010 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5011 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5012 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5013 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5014 tmp |= RT2860_PROT_CTRL_CTS; 5015 } 5016 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5017 } 5018 5019 static void 5020 run_usb_timeout_cb(void *arg) 5021 { 5022 struct ieee80211vap *vap = arg; 5023 struct run_softc *sc = vap->iv_ic->ic_softc; 5024 5025 RUN_LOCK_ASSERT(sc, MA_OWNED); 5026 5027 if(vap->iv_state == IEEE80211_S_RUN && 5028 vap->iv_opmode != IEEE80211_M_STA) 5029 run_reset_livelock(sc); 5030 else if (vap->iv_state == IEEE80211_S_SCAN) { 5031 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5032 "timeout caused by scan\n"); 5033 /* cancel bgscan */ 5034 ieee80211_cancel_scan(vap); 5035 } else 5036 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5037 "timeout by unknown cause\n"); 5038 } 5039 5040 static void 5041 run_reset_livelock(struct run_softc *sc) 5042 { 5043 uint32_t tmp; 5044 5045 RUN_LOCK_ASSERT(sc, MA_OWNED); 5046 5047 /* 5048 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5049 * can run into a livelock and start sending CTS-to-self frames like 5050 * crazy if protection is enabled. Reset MAC/BBP for a while 5051 */ 5052 run_read(sc, RT2860_DEBUG, &tmp); 5053 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5054 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5055 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5056 "CTS-to-self livelock detected\n"); 5057 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5058 run_delay(sc, 1); 5059 run_write(sc, RT2860_MAC_SYS_CTRL, 5060 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5061 } 5062 } 5063 5064 static void 5065 run_update_promisc_locked(struct run_softc *sc) 5066 { 5067 uint32_t tmp; 5068 5069 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5070 5071 tmp |= RT2860_DROP_UC_NOME; 5072 if (sc->sc_ic.ic_promisc > 0) 5073 tmp &= ~RT2860_DROP_UC_NOME; 5074 5075 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5076 5077 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5078 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5079 } 5080 5081 static void 5082 run_update_promisc(struct ieee80211com *ic) 5083 { 5084 struct run_softc *sc = ic->ic_softc; 5085 5086 if ((sc->sc_flags & RUN_RUNNING) == 0) 5087 return; 5088 5089 RUN_LOCK(sc); 5090 run_update_promisc_locked(sc); 5091 RUN_UNLOCK(sc); 5092 } 5093 5094 static void 5095 run_enable_tsf_sync(struct run_softc *sc) 5096 { 5097 struct ieee80211com *ic = &sc->sc_ic; 5098 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5099 uint32_t tmp; 5100 5101 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5102 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5103 5104 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5105 tmp &= ~0x1fffff; 5106 tmp |= vap->iv_bss->ni_intval * 16; 5107 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5108 5109 if (ic->ic_opmode == IEEE80211_M_STA) { 5110 /* 5111 * Local TSF is always updated with remote TSF on beacon 5112 * reception. 5113 */ 5114 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5115 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5116 tmp |= RT2860_BCN_TX_EN; 5117 /* 5118 * Local TSF is updated with remote TSF on beacon reception 5119 * only if the remote TSF is greater than local TSF. 5120 */ 5121 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5122 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5123 ic->ic_opmode == IEEE80211_M_MBSS) { 5124 tmp |= RT2860_BCN_TX_EN; 5125 /* SYNC with nobody */ 5126 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5127 } else { 5128 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5129 "Enabling TSF failed. undefined opmode\n"); 5130 return; 5131 } 5132 5133 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5134 } 5135 5136 static void 5137 run_enable_tsf(struct run_softc *sc) 5138 { 5139 uint32_t tmp; 5140 5141 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5142 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5143 tmp |= RT2860_TSF_TIMER_EN; 5144 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5145 } 5146 } 5147 5148 static void 5149 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5150 { 5151 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5152 sizeof(*buf)); 5153 } 5154 5155 static void 5156 run_enable_mrr(struct run_softc *sc) 5157 { 5158 #define CCK(mcs) (mcs) 5159 #define OFDM(mcs) (1 << 3 | (mcs)) 5160 run_write(sc, RT2860_LG_FBK_CFG0, 5161 OFDM(6) << 28 | /* 54->48 */ 5162 OFDM(5) << 24 | /* 48->36 */ 5163 OFDM(4) << 20 | /* 36->24 */ 5164 OFDM(3) << 16 | /* 24->18 */ 5165 OFDM(2) << 12 | /* 18->12 */ 5166 OFDM(1) << 8 | /* 12-> 9 */ 5167 OFDM(0) << 4 | /* 9-> 6 */ 5168 OFDM(0)); /* 6-> 6 */ 5169 5170 run_write(sc, RT2860_LG_FBK_CFG1, 5171 CCK(2) << 12 | /* 11->5.5 */ 5172 CCK(1) << 8 | /* 5.5-> 2 */ 5173 CCK(0) << 4 | /* 2-> 1 */ 5174 CCK(0)); /* 1-> 1 */ 5175 #undef OFDM 5176 #undef CCK 5177 } 5178 5179 static void 5180 run_set_txpreamble(struct run_softc *sc) 5181 { 5182 struct ieee80211com *ic = &sc->sc_ic; 5183 uint32_t tmp; 5184 5185 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5186 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5187 tmp |= RT2860_CCK_SHORT_EN; 5188 else 5189 tmp &= ~RT2860_CCK_SHORT_EN; 5190 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5191 } 5192 5193 static void 5194 run_set_basicrates(struct run_softc *sc) 5195 { 5196 struct ieee80211com *ic = &sc->sc_ic; 5197 5198 /* set basic rates mask */ 5199 if (ic->ic_curmode == IEEE80211_MODE_11B) 5200 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5201 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5202 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5203 else /* 11g */ 5204 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5205 } 5206 5207 static void 5208 run_set_leds(struct run_softc *sc, uint16_t which) 5209 { 5210 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5211 which | (sc->leds & 0x7f)); 5212 } 5213 5214 static void 5215 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5216 { 5217 run_write(sc, RT2860_MAC_BSSID_DW0, 5218 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5219 run_write(sc, RT2860_MAC_BSSID_DW1, 5220 bssid[4] | bssid[5] << 8); 5221 } 5222 5223 static void 5224 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5225 { 5226 run_write(sc, RT2860_MAC_ADDR_DW0, 5227 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5228 run_write(sc, RT2860_MAC_ADDR_DW1, 5229 addr[4] | addr[5] << 8 | 0xff << 16); 5230 } 5231 5232 static void 5233 run_updateslot(struct ieee80211com *ic) 5234 { 5235 struct run_softc *sc = ic->ic_softc; 5236 uint32_t i; 5237 5238 i = RUN_CMDQ_GET(&sc->cmdq_store); 5239 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5240 sc->cmdq[i].func = run_updateslot_cb; 5241 sc->cmdq[i].arg0 = ic; 5242 ieee80211_runtask(ic, &sc->cmdq_task); 5243 5244 return; 5245 } 5246 5247 /* ARGSUSED */ 5248 static void 5249 run_updateslot_cb(void *arg) 5250 { 5251 struct ieee80211com *ic = arg; 5252 struct run_softc *sc = ic->ic_softc; 5253 uint32_t tmp; 5254 5255 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5256 tmp &= ~0xff; 5257 tmp |= IEEE80211_GET_SLOTTIME(ic); 5258 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5259 } 5260 5261 static void 5262 run_update_mcast(struct ieee80211com *ic) 5263 { 5264 } 5265 5266 static int8_t 5267 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5268 { 5269 struct ieee80211com *ic = &sc->sc_ic; 5270 struct ieee80211_channel *c = ic->ic_curchan; 5271 int delta; 5272 5273 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5274 u_int chan = ieee80211_chan2ieee(ic, c); 5275 delta = sc->rssi_5ghz[rxchain]; 5276 5277 /* determine channel group */ 5278 if (chan <= 64) 5279 delta -= sc->lna[1]; 5280 else if (chan <= 128) 5281 delta -= sc->lna[2]; 5282 else 5283 delta -= sc->lna[3]; 5284 } else 5285 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5286 5287 return (-12 - delta - rssi); 5288 } 5289 5290 static void 5291 run_rt5390_bbp_init(struct run_softc *sc) 5292 { 5293 u_int i; 5294 uint8_t bbp; 5295 5296 /* Apply maximum likelihood detection for 2 stream case. */ 5297 run_bbp_read(sc, 105, &bbp); 5298 if (sc->nrxchains > 1) 5299 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5300 5301 /* Avoid data lost and CRC error. */ 5302 run_bbp_read(sc, 4, &bbp); 5303 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5304 5305 if (sc->mac_ver == 0x5592) { 5306 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5307 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5308 rt5592_def_bbp[i].val); 5309 } 5310 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5311 run_bbp_write(sc, 195, i + 0x80); 5312 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5313 } 5314 } else { 5315 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5316 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5317 rt5390_def_bbp[i].val); 5318 } 5319 } 5320 if (sc->mac_ver == 0x5392) { 5321 run_bbp_write(sc, 88, 0x90); 5322 run_bbp_write(sc, 95, 0x9a); 5323 run_bbp_write(sc, 98, 0x12); 5324 run_bbp_write(sc, 106, 0x12); 5325 run_bbp_write(sc, 134, 0xd0); 5326 run_bbp_write(sc, 135, 0xf6); 5327 run_bbp_write(sc, 148, 0x84); 5328 } 5329 5330 run_bbp_read(sc, 152, &bbp); 5331 run_bbp_write(sc, 152, bbp | 0x80); 5332 5333 /* Fix BBP254 for RT5592C. */ 5334 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5335 run_bbp_read(sc, 254, &bbp); 5336 run_bbp_write(sc, 254, bbp | 0x80); 5337 } 5338 5339 /* Disable hardware antenna diversity. */ 5340 if (sc->mac_ver == 0x5390) 5341 run_bbp_write(sc, 154, 0); 5342 5343 /* Initialize Rx CCK/OFDM frequency offset report. */ 5344 run_bbp_write(sc, 142, 1); 5345 run_bbp_write(sc, 143, 57); 5346 } 5347 5348 static int 5349 run_bbp_init(struct run_softc *sc) 5350 { 5351 int i, error, ntries; 5352 uint8_t bbp0; 5353 5354 /* wait for BBP to wake up */ 5355 for (ntries = 0; ntries < 20; ntries++) { 5356 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5357 return error; 5358 if (bbp0 != 0 && bbp0 != 0xff) 5359 break; 5360 } 5361 if (ntries == 20) 5362 return (ETIMEDOUT); 5363 5364 /* initialize BBP registers to default values */ 5365 if (sc->mac_ver >= 0x5390) 5366 run_rt5390_bbp_init(sc); 5367 else { 5368 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5369 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5370 rt2860_def_bbp[i].val); 5371 } 5372 } 5373 5374 if (sc->mac_ver == 0x3593) { 5375 run_bbp_write(sc, 79, 0x13); 5376 run_bbp_write(sc, 80, 0x05); 5377 run_bbp_write(sc, 81, 0x33); 5378 run_bbp_write(sc, 86, 0x46); 5379 run_bbp_write(sc, 137, 0x0f); 5380 } 5381 5382 /* fix BBP84 for RT2860E */ 5383 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5384 run_bbp_write(sc, 84, 0x19); 5385 5386 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5387 sc->mac_ver != 0x5592)) { 5388 run_bbp_write(sc, 79, 0x13); 5389 run_bbp_write(sc, 80, 0x05); 5390 run_bbp_write(sc, 81, 0x33); 5391 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5392 run_bbp_write(sc, 69, 0x16); 5393 run_bbp_write(sc, 73, 0x12); 5394 } 5395 return (0); 5396 } 5397 5398 static int 5399 run_rt3070_rf_init(struct run_softc *sc) 5400 { 5401 uint32_t tmp; 5402 uint8_t bbp4, mingain, rf, target; 5403 u_int i; 5404 5405 run_rt3070_rf_read(sc, 30, &rf); 5406 /* toggle RF R30 bit 7 */ 5407 run_rt3070_rf_write(sc, 30, rf | 0x80); 5408 run_delay(sc, 10); 5409 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5410 5411 /* initialize RF registers to default value */ 5412 if (sc->mac_ver == 0x3572) { 5413 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5414 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5415 rt3572_def_rf[i].val); 5416 } 5417 } else { 5418 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5419 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5420 rt3070_def_rf[i].val); 5421 } 5422 } 5423 5424 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5425 /* 5426 * Change voltage from 1.2V to 1.35V for RT3070. 5427 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5428 * in RT3070(F). 5429 */ 5430 run_read(sc, RT3070_LDO_CFG0, &tmp); 5431 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5432 run_write(sc, RT3070_LDO_CFG0, tmp); 5433 5434 } else if (sc->mac_ver == 0x3071) { 5435 run_rt3070_rf_read(sc, 6, &rf); 5436 run_rt3070_rf_write(sc, 6, rf | 0x40); 5437 run_rt3070_rf_write(sc, 31, 0x14); 5438 5439 run_read(sc, RT3070_LDO_CFG0, &tmp); 5440 tmp &= ~0x1f000000; 5441 if (sc->mac_rev < 0x0211) 5442 tmp |= 0x0d000000; /* 1.3V */ 5443 else 5444 tmp |= 0x01000000; /* 1.2V */ 5445 run_write(sc, RT3070_LDO_CFG0, tmp); 5446 5447 /* patch LNA_PE_G1 */ 5448 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5449 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5450 5451 } else if (sc->mac_ver == 0x3572) { 5452 run_rt3070_rf_read(sc, 6, &rf); 5453 run_rt3070_rf_write(sc, 6, rf | 0x40); 5454 5455 /* increase voltage from 1.2V to 1.35V */ 5456 run_read(sc, RT3070_LDO_CFG0, &tmp); 5457 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5458 run_write(sc, RT3070_LDO_CFG0, tmp); 5459 5460 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5461 run_delay(sc, 1); /* wait for 1msec */ 5462 /* decrease voltage back to 1.2V */ 5463 tmp = (tmp & ~0x1f000000) | 0x01000000; 5464 run_write(sc, RT3070_LDO_CFG0, tmp); 5465 } 5466 } 5467 5468 /* select 20MHz bandwidth */ 5469 run_rt3070_rf_read(sc, 31, &rf); 5470 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5471 5472 /* calibrate filter for 20MHz bandwidth */ 5473 sc->rf24_20mhz = 0x1f; /* default value */ 5474 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5475 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5476 5477 /* select 40MHz bandwidth */ 5478 run_bbp_read(sc, 4, &bbp4); 5479 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5480 run_rt3070_rf_read(sc, 31, &rf); 5481 run_rt3070_rf_write(sc, 31, rf | 0x20); 5482 5483 /* calibrate filter for 40MHz bandwidth */ 5484 sc->rf24_40mhz = 0x2f; /* default value */ 5485 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5486 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5487 5488 /* go back to 20MHz bandwidth */ 5489 run_bbp_read(sc, 4, &bbp4); 5490 run_bbp_write(sc, 4, bbp4 & ~0x18); 5491 5492 if (sc->mac_ver == 0x3572) { 5493 /* save default BBP registers 25 and 26 values */ 5494 run_bbp_read(sc, 25, &sc->bbp25); 5495 run_bbp_read(sc, 26, &sc->bbp26); 5496 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5497 run_rt3070_rf_write(sc, 27, 0x03); 5498 5499 run_read(sc, RT3070_OPT_14, &tmp); 5500 run_write(sc, RT3070_OPT_14, tmp | 1); 5501 5502 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5503 run_rt3070_rf_read(sc, 17, &rf); 5504 rf &= ~RT3070_TX_LO1; 5505 if ((sc->mac_ver == 0x3070 || 5506 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5507 !sc->ext_2ghz_lna) 5508 rf |= 0x20; /* fix for long range Rx issue */ 5509 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5510 if (sc->txmixgain_2ghz >= mingain) 5511 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5512 run_rt3070_rf_write(sc, 17, rf); 5513 } 5514 5515 if (sc->mac_ver == 0x3071) { 5516 run_rt3070_rf_read(sc, 1, &rf); 5517 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5518 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5519 run_rt3070_rf_write(sc, 1, rf); 5520 5521 run_rt3070_rf_read(sc, 15, &rf); 5522 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5523 5524 run_rt3070_rf_read(sc, 20, &rf); 5525 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5526 5527 run_rt3070_rf_read(sc, 21, &rf); 5528 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5529 } 5530 5531 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5532 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5533 run_rt3070_rf_read(sc, 27, &rf); 5534 rf &= ~0x77; 5535 if (sc->mac_rev < 0x0211) 5536 rf |= 0x03; 5537 run_rt3070_rf_write(sc, 27, rf); 5538 } 5539 return (0); 5540 } 5541 5542 static void 5543 run_rt3593_rf_init(struct run_softc *sc) 5544 { 5545 uint32_t tmp; 5546 uint8_t rf; 5547 u_int i; 5548 5549 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5550 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5551 tmp &= ~(1 << 4 | 1 << 7); 5552 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5553 5554 /* Initialize RF registers to default value. */ 5555 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5556 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5557 rt3593_def_rf[i].val); 5558 } 5559 5560 /* Toggle RF R2 to initiate calibration. */ 5561 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5562 5563 /* Initialize RF frequency offset. */ 5564 run_adjust_freq_offset(sc); 5565 5566 run_rt3070_rf_read(sc, 18, &rf); 5567 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5568 5569 /* 5570 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5571 * decrease voltage back to 1.2V. 5572 */ 5573 run_read(sc, RT3070_LDO_CFG0, &tmp); 5574 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5575 run_write(sc, RT3070_LDO_CFG0, tmp); 5576 run_delay(sc, 1); 5577 tmp = (tmp & ~0x1f000000) | 0x01000000; 5578 run_write(sc, RT3070_LDO_CFG0, tmp); 5579 5580 sc->rf24_20mhz = 0x1f; 5581 sc->rf24_40mhz = 0x2f; 5582 5583 /* Save default BBP registers 25 and 26 values. */ 5584 run_bbp_read(sc, 25, &sc->bbp25); 5585 run_bbp_read(sc, 26, &sc->bbp26); 5586 5587 run_read(sc, RT3070_OPT_14, &tmp); 5588 run_write(sc, RT3070_OPT_14, tmp | 1); 5589 } 5590 5591 static void 5592 run_rt5390_rf_init(struct run_softc *sc) 5593 { 5594 uint32_t tmp; 5595 uint8_t rf; 5596 u_int i; 5597 5598 /* Toggle RF R2 to initiate calibration. */ 5599 if (sc->mac_ver == 0x5390) { 5600 run_rt3070_rf_read(sc, 2, &rf); 5601 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5602 run_delay(sc, 10); 5603 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5604 } else { 5605 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5606 run_delay(sc, 10); 5607 } 5608 5609 /* Initialize RF registers to default value. */ 5610 if (sc->mac_ver == 0x5592) { 5611 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5612 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5613 rt5592_def_rf[i].val); 5614 } 5615 /* Initialize RF frequency offset. */ 5616 run_adjust_freq_offset(sc); 5617 } else if (sc->mac_ver == 0x5392) { 5618 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5619 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5620 rt5392_def_rf[i].val); 5621 } 5622 if (sc->mac_rev >= 0x0223) { 5623 run_rt3070_rf_write(sc, 23, 0x0f); 5624 run_rt3070_rf_write(sc, 24, 0x3e); 5625 run_rt3070_rf_write(sc, 51, 0x32); 5626 run_rt3070_rf_write(sc, 53, 0x22); 5627 run_rt3070_rf_write(sc, 56, 0xc1); 5628 run_rt3070_rf_write(sc, 59, 0x0f); 5629 } 5630 } else { 5631 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5632 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5633 rt5390_def_rf[i].val); 5634 } 5635 if (sc->mac_rev >= 0x0502) { 5636 run_rt3070_rf_write(sc, 6, 0xe0); 5637 run_rt3070_rf_write(sc, 25, 0x80); 5638 run_rt3070_rf_write(sc, 46, 0x73); 5639 run_rt3070_rf_write(sc, 53, 0x00); 5640 run_rt3070_rf_write(sc, 56, 0x42); 5641 run_rt3070_rf_write(sc, 61, 0xd1); 5642 } 5643 } 5644 5645 sc->rf24_20mhz = 0x1f; /* default value */ 5646 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5647 5648 if (sc->mac_rev < 0x0211) 5649 run_rt3070_rf_write(sc, 27, 0x3); 5650 5651 run_read(sc, RT3070_OPT_14, &tmp); 5652 run_write(sc, RT3070_OPT_14, tmp | 1); 5653 } 5654 5655 static int 5656 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5657 uint8_t *val) 5658 { 5659 uint8_t rf22, rf24; 5660 uint8_t bbp55_pb, bbp55_sb, delta; 5661 int ntries; 5662 5663 /* program filter */ 5664 run_rt3070_rf_read(sc, 24, &rf24); 5665 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5666 run_rt3070_rf_write(sc, 24, rf24); 5667 5668 /* enable baseband loopback mode */ 5669 run_rt3070_rf_read(sc, 22, &rf22); 5670 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5671 5672 /* set power and frequency of passband test tone */ 5673 run_bbp_write(sc, 24, 0x00); 5674 for (ntries = 0; ntries < 100; ntries++) { 5675 /* transmit test tone */ 5676 run_bbp_write(sc, 25, 0x90); 5677 run_delay(sc, 10); 5678 /* read received power */ 5679 run_bbp_read(sc, 55, &bbp55_pb); 5680 if (bbp55_pb != 0) 5681 break; 5682 } 5683 if (ntries == 100) 5684 return (ETIMEDOUT); 5685 5686 /* set power and frequency of stopband test tone */ 5687 run_bbp_write(sc, 24, 0x06); 5688 for (ntries = 0; ntries < 100; ntries++) { 5689 /* transmit test tone */ 5690 run_bbp_write(sc, 25, 0x90); 5691 run_delay(sc, 10); 5692 /* read received power */ 5693 run_bbp_read(sc, 55, &bbp55_sb); 5694 5695 delta = bbp55_pb - bbp55_sb; 5696 if (delta > target) 5697 break; 5698 5699 /* reprogram filter */ 5700 rf24++; 5701 run_rt3070_rf_write(sc, 24, rf24); 5702 } 5703 if (ntries < 100) { 5704 if (rf24 != init) 5705 rf24--; /* backtrack */ 5706 *val = rf24; 5707 run_rt3070_rf_write(sc, 24, rf24); 5708 } 5709 5710 /* restore initial state */ 5711 run_bbp_write(sc, 24, 0x00); 5712 5713 /* disable baseband loopback mode */ 5714 run_rt3070_rf_read(sc, 22, &rf22); 5715 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5716 5717 return (0); 5718 } 5719 5720 static void 5721 run_rt3070_rf_setup(struct run_softc *sc) 5722 { 5723 uint8_t bbp, rf; 5724 int i; 5725 5726 if (sc->mac_ver == 0x3572) { 5727 /* enable DC filter */ 5728 if (sc->mac_rev >= 0x0201) 5729 run_bbp_write(sc, 103, 0xc0); 5730 5731 run_bbp_read(sc, 138, &bbp); 5732 if (sc->ntxchains == 1) 5733 bbp |= 0x20; /* turn off DAC1 */ 5734 if (sc->nrxchains == 1) 5735 bbp &= ~0x02; /* turn off ADC1 */ 5736 run_bbp_write(sc, 138, bbp); 5737 5738 if (sc->mac_rev >= 0x0211) { 5739 /* improve power consumption */ 5740 run_bbp_read(sc, 31, &bbp); 5741 run_bbp_write(sc, 31, bbp & ~0x03); 5742 } 5743 5744 run_rt3070_rf_read(sc, 16, &rf); 5745 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5746 run_rt3070_rf_write(sc, 16, rf); 5747 5748 } else if (sc->mac_ver == 0x3071) { 5749 if (sc->mac_rev >= 0x0211) { 5750 /* enable DC filter */ 5751 run_bbp_write(sc, 103, 0xc0); 5752 5753 /* improve power consumption */ 5754 run_bbp_read(sc, 31, &bbp); 5755 run_bbp_write(sc, 31, bbp & ~0x03); 5756 } 5757 5758 run_bbp_read(sc, 138, &bbp); 5759 if (sc->ntxchains == 1) 5760 bbp |= 0x20; /* turn off DAC1 */ 5761 if (sc->nrxchains == 1) 5762 bbp &= ~0x02; /* turn off ADC1 */ 5763 run_bbp_write(sc, 138, bbp); 5764 5765 run_write(sc, RT2860_TX_SW_CFG1, 0); 5766 if (sc->mac_rev < 0x0211) { 5767 run_write(sc, RT2860_TX_SW_CFG2, 5768 sc->patch_dac ? 0x2c : 0x0f); 5769 } else 5770 run_write(sc, RT2860_TX_SW_CFG2, 0); 5771 5772 } else if (sc->mac_ver == 0x3070) { 5773 if (sc->mac_rev >= 0x0201) { 5774 /* enable DC filter */ 5775 run_bbp_write(sc, 103, 0xc0); 5776 5777 /* improve power consumption */ 5778 run_bbp_read(sc, 31, &bbp); 5779 run_bbp_write(sc, 31, bbp & ~0x03); 5780 } 5781 5782 if (sc->mac_rev < 0x0201) { 5783 run_write(sc, RT2860_TX_SW_CFG1, 0); 5784 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5785 } else 5786 run_write(sc, RT2860_TX_SW_CFG2, 0); 5787 } 5788 5789 /* initialize RF registers from ROM for >=RT3071*/ 5790 if (sc->mac_ver >= 0x3071) { 5791 for (i = 0; i < 10; i++) { 5792 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5793 continue; 5794 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5795 } 5796 } 5797 } 5798 5799 static void 5800 run_rt3593_rf_setup(struct run_softc *sc) 5801 { 5802 uint8_t bbp, rf; 5803 5804 if (sc->mac_rev >= 0x0211) { 5805 /* Enable DC filter. */ 5806 run_bbp_write(sc, 103, 0xc0); 5807 } 5808 run_write(sc, RT2860_TX_SW_CFG1, 0); 5809 if (sc->mac_rev < 0x0211) { 5810 run_write(sc, RT2860_TX_SW_CFG2, 5811 sc->patch_dac ? 0x2c : 0x0f); 5812 } else 5813 run_write(sc, RT2860_TX_SW_CFG2, 0); 5814 5815 run_rt3070_rf_read(sc, 50, &rf); 5816 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5817 5818 run_rt3070_rf_read(sc, 51, &rf); 5819 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5820 ((sc->txmixgain_2ghz & 0x07) << 2); 5821 run_rt3070_rf_write(sc, 51, rf); 5822 5823 run_rt3070_rf_read(sc, 38, &rf); 5824 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5825 5826 run_rt3070_rf_read(sc, 39, &rf); 5827 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5828 5829 run_rt3070_rf_read(sc, 1, &rf); 5830 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5831 5832 run_rt3070_rf_read(sc, 30, &rf); 5833 rf = (rf & ~0x18) | 0x10; 5834 run_rt3070_rf_write(sc, 30, rf); 5835 5836 /* Apply maximum likelihood detection for 2 stream case. */ 5837 run_bbp_read(sc, 105, &bbp); 5838 if (sc->nrxchains > 1) 5839 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5840 5841 /* Avoid data lost and CRC error. */ 5842 run_bbp_read(sc, 4, &bbp); 5843 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5844 5845 run_bbp_write(sc, 92, 0x02); 5846 run_bbp_write(sc, 82, 0x82); 5847 run_bbp_write(sc, 106, 0x05); 5848 run_bbp_write(sc, 104, 0x92); 5849 run_bbp_write(sc, 88, 0x90); 5850 run_bbp_write(sc, 148, 0xc8); 5851 run_bbp_write(sc, 47, 0x48); 5852 run_bbp_write(sc, 120, 0x50); 5853 5854 run_bbp_write(sc, 163, 0x9d); 5855 5856 /* SNR mapping. */ 5857 run_bbp_write(sc, 142, 0x06); 5858 run_bbp_write(sc, 143, 0xa0); 5859 run_bbp_write(sc, 142, 0x07); 5860 run_bbp_write(sc, 143, 0xa1); 5861 run_bbp_write(sc, 142, 0x08); 5862 run_bbp_write(sc, 143, 0xa2); 5863 5864 run_bbp_write(sc, 31, 0x08); 5865 run_bbp_write(sc, 68, 0x0b); 5866 run_bbp_write(sc, 105, 0x04); 5867 } 5868 5869 static void 5870 run_rt5390_rf_setup(struct run_softc *sc) 5871 { 5872 uint8_t bbp, rf; 5873 5874 if (sc->mac_rev >= 0x0211) { 5875 /* Enable DC filter. */ 5876 run_bbp_write(sc, 103, 0xc0); 5877 5878 if (sc->mac_ver != 0x5592) { 5879 /* Improve power consumption. */ 5880 run_bbp_read(sc, 31, &bbp); 5881 run_bbp_write(sc, 31, bbp & ~0x03); 5882 } 5883 } 5884 5885 run_bbp_read(sc, 138, &bbp); 5886 if (sc->ntxchains == 1) 5887 bbp |= 0x20; /* turn off DAC1 */ 5888 if (sc->nrxchains == 1) 5889 bbp &= ~0x02; /* turn off ADC1 */ 5890 run_bbp_write(sc, 138, bbp); 5891 5892 run_rt3070_rf_read(sc, 38, &rf); 5893 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5894 5895 run_rt3070_rf_read(sc, 39, &rf); 5896 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5897 5898 /* Avoid data lost and CRC error. */ 5899 run_bbp_read(sc, 4, &bbp); 5900 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5901 5902 run_rt3070_rf_read(sc, 30, &rf); 5903 rf = (rf & ~0x18) | 0x10; 5904 run_rt3070_rf_write(sc, 30, rf); 5905 5906 if (sc->mac_ver != 0x5592) { 5907 run_write(sc, RT2860_TX_SW_CFG1, 0); 5908 if (sc->mac_rev < 0x0211) { 5909 run_write(sc, RT2860_TX_SW_CFG2, 5910 sc->patch_dac ? 0x2c : 0x0f); 5911 } else 5912 run_write(sc, RT2860_TX_SW_CFG2, 0); 5913 } 5914 } 5915 5916 static int 5917 run_txrx_enable(struct run_softc *sc) 5918 { 5919 struct ieee80211com *ic = &sc->sc_ic; 5920 uint32_t tmp; 5921 int error, ntries; 5922 5923 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5924 for (ntries = 0; ntries < 200; ntries++) { 5925 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5926 return (error); 5927 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5928 break; 5929 run_delay(sc, 50); 5930 } 5931 if (ntries == 200) 5932 return (ETIMEDOUT); 5933 5934 run_delay(sc, 50); 5935 5936 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5937 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5938 5939 /* enable Rx bulk aggregation (set timeout and limit) */ 5940 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5941 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5942 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5943 5944 /* set Rx filter */ 5945 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5946 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5947 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5948 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5949 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5950 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5951 if (ic->ic_opmode == IEEE80211_M_STA) 5952 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5953 } 5954 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5955 5956 run_write(sc, RT2860_MAC_SYS_CTRL, 5957 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5958 5959 return (0); 5960 } 5961 5962 static void 5963 run_adjust_freq_offset(struct run_softc *sc) 5964 { 5965 uint8_t rf, tmp; 5966 5967 run_rt3070_rf_read(sc, 17, &rf); 5968 tmp = rf; 5969 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5970 rf = MIN(rf, 0x5f); 5971 5972 if (tmp != rf) 5973 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5974 } 5975 5976 static void 5977 run_init_locked(struct run_softc *sc) 5978 { 5979 struct ieee80211com *ic = &sc->sc_ic; 5980 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5981 uint32_t tmp; 5982 uint8_t bbp1, bbp3; 5983 int i; 5984 int ridx; 5985 int ntries; 5986 5987 if (ic->ic_nrunning > 1) 5988 return; 5989 5990 run_stop(sc); 5991 5992 if (run_load_microcode(sc) != 0) { 5993 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5994 goto fail; 5995 } 5996 5997 for (ntries = 0; ntries < 100; ntries++) { 5998 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5999 goto fail; 6000 if (tmp != 0 && tmp != 0xffffffff) 6001 break; 6002 run_delay(sc, 10); 6003 } 6004 if (ntries == 100) 6005 goto fail; 6006 6007 for (i = 0; i != RUN_EP_QUEUES; i++) 6008 run_setup_tx_list(sc, &sc->sc_epq[i]); 6009 6010 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6011 6012 for (ntries = 0; ntries < 100; ntries++) { 6013 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6014 goto fail; 6015 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6016 break; 6017 run_delay(sc, 10); 6018 } 6019 if (ntries == 100) { 6020 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6021 goto fail; 6022 } 6023 tmp &= 0xff0; 6024 tmp |= RT2860_TX_WB_DDONE; 6025 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6026 6027 /* turn off PME_OEN to solve high-current issue */ 6028 run_read(sc, RT2860_SYS_CTRL, &tmp); 6029 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6030 6031 run_write(sc, RT2860_MAC_SYS_CTRL, 6032 RT2860_BBP_HRST | RT2860_MAC_SRST); 6033 run_write(sc, RT2860_USB_DMA_CFG, 0); 6034 6035 if (run_reset(sc) != 0) { 6036 device_printf(sc->sc_dev, "could not reset chipset\n"); 6037 goto fail; 6038 } 6039 6040 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6041 6042 /* init Tx power for all Tx rates (from EEPROM) */ 6043 for (ridx = 0; ridx < 5; ridx++) { 6044 if (sc->txpow20mhz[ridx] == 0xffffffff) 6045 continue; 6046 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6047 } 6048 6049 for (i = 0; i < nitems(rt2870_def_mac); i++) 6050 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6051 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6052 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6053 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6054 6055 if (sc->mac_ver >= 0x5390) { 6056 run_write(sc, RT2860_TX_SW_CFG0, 6057 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6058 if (sc->mac_ver >= 0x5392) { 6059 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6060 if (sc->mac_ver == 0x5592) { 6061 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6062 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6063 } else { 6064 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6065 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6066 } 6067 } 6068 } else if (sc->mac_ver == 0x3593) { 6069 run_write(sc, RT2860_TX_SW_CFG0, 6070 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6071 } else if (sc->mac_ver >= 0x3070) { 6072 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6073 run_write(sc, RT2860_TX_SW_CFG0, 6074 4 << RT2860_DLY_PAPE_EN_SHIFT); 6075 } 6076 6077 /* wait while MAC is busy */ 6078 for (ntries = 0; ntries < 100; ntries++) { 6079 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6080 goto fail; 6081 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6082 break; 6083 run_delay(sc, 10); 6084 } 6085 if (ntries == 100) 6086 goto fail; 6087 6088 /* clear Host to MCU mailbox */ 6089 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6090 run_write(sc, RT2860_H2M_MAILBOX, 0); 6091 run_delay(sc, 10); 6092 6093 if (run_bbp_init(sc) != 0) { 6094 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6095 goto fail; 6096 } 6097 6098 /* abort TSF synchronization */ 6099 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6100 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6101 RT2860_TBTT_TIMER_EN); 6102 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6103 6104 /* clear RX WCID search table */ 6105 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6106 /* clear WCID attribute table */ 6107 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6108 6109 /* hostapd sets a key before init. So, don't clear it. */ 6110 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6111 /* clear shared key table */ 6112 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6113 /* clear shared key mode */ 6114 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6115 } 6116 6117 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6118 tmp = (tmp & ~0xff) | 0x1e; 6119 run_write(sc, RT2860_US_CYC_CNT, tmp); 6120 6121 if (sc->mac_rev != 0x0101) 6122 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6123 6124 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6125 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6126 6127 /* write vendor-specific BBP values (from EEPROM) */ 6128 if (sc->mac_ver < 0x3593) { 6129 for (i = 0; i < 10; i++) { 6130 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6131 continue; 6132 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6133 } 6134 } 6135 6136 /* select Main antenna for 1T1R devices */ 6137 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6138 run_set_rx_antenna(sc, 0); 6139 6140 /* send LEDs operating mode to microcontroller */ 6141 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6142 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6143 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6144 6145 if (sc->mac_ver >= 0x5390) 6146 run_rt5390_rf_init(sc); 6147 else if (sc->mac_ver == 0x3593) 6148 run_rt3593_rf_init(sc); 6149 else if (sc->mac_ver >= 0x3070) 6150 run_rt3070_rf_init(sc); 6151 6152 /* disable non-existing Rx chains */ 6153 run_bbp_read(sc, 3, &bbp3); 6154 bbp3 &= ~(1 << 3 | 1 << 4); 6155 if (sc->nrxchains == 2) 6156 bbp3 |= 1 << 3; 6157 else if (sc->nrxchains == 3) 6158 bbp3 |= 1 << 4; 6159 run_bbp_write(sc, 3, bbp3); 6160 6161 /* disable non-existing Tx chains */ 6162 run_bbp_read(sc, 1, &bbp1); 6163 if (sc->ntxchains == 1) 6164 bbp1 &= ~(1 << 3 | 1 << 4); 6165 run_bbp_write(sc, 1, bbp1); 6166 6167 if (sc->mac_ver >= 0x5390) 6168 run_rt5390_rf_setup(sc); 6169 else if (sc->mac_ver == 0x3593) 6170 run_rt3593_rf_setup(sc); 6171 else if (sc->mac_ver >= 0x3070) 6172 run_rt3070_rf_setup(sc); 6173 6174 /* select default channel */ 6175 run_set_chan(sc, ic->ic_curchan); 6176 6177 /* setup initial protection mode */ 6178 run_updateprot_cb(ic); 6179 6180 /* turn radio LED on */ 6181 run_set_leds(sc, RT2860_LED_RADIO); 6182 6183 sc->sc_flags |= RUN_RUNNING; 6184 sc->cmdq_run = RUN_CMDQ_GO; 6185 6186 for (i = 0; i != RUN_N_XFER; i++) 6187 usbd_xfer_set_stall(sc->sc_xfer[i]); 6188 6189 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6190 6191 if (run_txrx_enable(sc) != 0) 6192 goto fail; 6193 6194 return; 6195 6196 fail: 6197 run_stop(sc); 6198 } 6199 6200 static void 6201 run_stop(void *arg) 6202 { 6203 struct run_softc *sc = (struct run_softc *)arg; 6204 uint32_t tmp; 6205 int i; 6206 int ntries; 6207 6208 RUN_LOCK_ASSERT(sc, MA_OWNED); 6209 6210 if (sc->sc_flags & RUN_RUNNING) 6211 run_set_leds(sc, 0); /* turn all LEDs off */ 6212 6213 sc->sc_flags &= ~RUN_RUNNING; 6214 6215 sc->ratectl_run = RUN_RATECTL_OFF; 6216 sc->cmdq_run = sc->cmdq_key_set; 6217 6218 RUN_UNLOCK(sc); 6219 6220 for(i = 0; i < RUN_N_XFER; i++) 6221 usbd_transfer_drain(sc->sc_xfer[i]); 6222 6223 RUN_LOCK(sc); 6224 6225 run_drain_mbufq(sc); 6226 6227 if (sc->rx_m != NULL) { 6228 m_free(sc->rx_m); 6229 sc->rx_m = NULL; 6230 } 6231 6232 /* Disable Tx/Rx DMA. */ 6233 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6234 return; 6235 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6236 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6237 6238 for (ntries = 0; ntries < 100; ntries++) { 6239 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6240 return; 6241 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6242 break; 6243 run_delay(sc, 10); 6244 } 6245 if (ntries == 100) { 6246 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6247 return; 6248 } 6249 6250 /* disable Tx/Rx */ 6251 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6252 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6253 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6254 6255 /* wait for pending Tx to complete */ 6256 for (ntries = 0; ntries < 100; ntries++) { 6257 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6258 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6259 "Cannot read Tx queue count\n"); 6260 break; 6261 } 6262 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6263 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6264 "All Tx cleared\n"); 6265 break; 6266 } 6267 run_delay(sc, 10); 6268 } 6269 if (ntries >= 100) 6270 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6271 "There are still pending Tx\n"); 6272 run_delay(sc, 10); 6273 run_write(sc, RT2860_USB_DMA_CFG, 0); 6274 6275 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6276 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6277 6278 for (i = 0; i != RUN_EP_QUEUES; i++) 6279 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6280 } 6281 6282 static void 6283 run_delay(struct run_softc *sc, u_int ms) 6284 { 6285 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6286 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6287 } 6288 6289 static device_method_t run_methods[] = { 6290 /* Device interface */ 6291 DEVMETHOD(device_probe, run_match), 6292 DEVMETHOD(device_attach, run_attach), 6293 DEVMETHOD(device_detach, run_detach), 6294 DEVMETHOD_END 6295 }; 6296 6297 static driver_t run_driver = { 6298 .name = "run", 6299 .methods = run_methods, 6300 .size = sizeof(struct run_softc) 6301 }; 6302 6303 static devclass_t run_devclass; 6304 6305 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6306 MODULE_DEPEND(run, wlan, 1, 1, 1); 6307 MODULE_DEPEND(run, usb, 1, 1, 1); 6308 MODULE_DEPEND(run, firmware, 1, 1, 1); 6309 MODULE_VERSION(run, 1); 6310 USB_PNP_HOST_INFO(run_devs); 6311