1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/cdefs.h> 20 __FBSDID("$FreeBSD$"); 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mutex.h> 32 #include <sys/mbuf.h> 33 #include <sys/kernel.h> 34 #include <sys/socket.h> 35 #include <sys/systm.h> 36 #include <sys/malloc.h> 37 #include <sys/module.h> 38 #include <sys/bus.h> 39 #include <sys/endian.h> 40 #include <sys/linker.h> 41 #include <sys/firmware.h> 42 #include <sys/kdb.h> 43 44 #include <machine/bus.h> 45 #include <machine/resource.h> 46 #include <sys/rman.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_arp.h> 51 #include <net/ethernet.h> 52 #include <net/if_dl.h> 53 #include <net/if_media.h> 54 #include <net/if_types.h> 55 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/if_ether.h> 60 #include <netinet/ip.h> 61 62 #include <net80211/ieee80211_var.h> 63 #include <net80211/ieee80211_regdomain.h> 64 #include <net80211/ieee80211_radiotap.h> 65 #include <net80211/ieee80211_ratectl.h> 66 67 #include <dev/usb/usb.h> 68 #include <dev/usb/usbdi.h> 69 #include "usbdevs.h" 70 71 #define USB_DEBUG_VAR run_debug 72 #include <dev/usb/usb_debug.h> 73 74 #include "if_runreg.h" 75 #include "if_runvar.h" 76 77 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 78 79 #ifdef USB_DEBUG 80 #define RUN_DEBUG 81 #endif 82 83 #ifdef RUN_DEBUG 84 int run_debug = 0; 85 SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 87 "run debug level"); 88 #endif 89 90 #define IEEE80211_HAS_ADDR4(wh) \ 91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const struct usb_device_id run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS2, USBN11), 140 RUN_DEV(AZUREWAVE, RT2870_1), 141 RUN_DEV(AZUREWAVE, RT2870_2), 142 RUN_DEV(AZUREWAVE, RT3070_1), 143 RUN_DEV(AZUREWAVE, RT3070_2), 144 RUN_DEV(AZUREWAVE, RT3070_3), 145 RUN_DEV(BELKIN, F5D8053V3), 146 RUN_DEV(BELKIN, F5D8055), 147 RUN_DEV(BELKIN, F6D4050V1), 148 RUN_DEV(BELKIN, RT2870_1), 149 RUN_DEV(BELKIN, RT2870_2), 150 RUN_DEV(CISCOLINKSYS2, RT3070), 151 RUN_DEV(CISCOLINKSYS3, RT3070), 152 RUN_DEV(CONCEPTRONIC2, RT2870_1), 153 RUN_DEV(CONCEPTRONIC2, RT2870_2), 154 RUN_DEV(CONCEPTRONIC2, RT2870_3), 155 RUN_DEV(CONCEPTRONIC2, RT2870_4), 156 RUN_DEV(CONCEPTRONIC2, RT2870_5), 157 RUN_DEV(CONCEPTRONIC2, RT2870_6), 158 RUN_DEV(CONCEPTRONIC2, RT2870_7), 159 RUN_DEV(CONCEPTRONIC2, RT2870_8), 160 RUN_DEV(CONCEPTRONIC2, RT3070_1), 161 RUN_DEV(CONCEPTRONIC2, RT3070_2), 162 RUN_DEV(CONCEPTRONIC2, VIGORN61), 163 RUN_DEV(COREGA, CGWLUSB300GNM), 164 RUN_DEV(COREGA, RT2870_1), 165 RUN_DEV(COREGA, RT2870_2), 166 RUN_DEV(COREGA, RT2870_3), 167 RUN_DEV(COREGA, RT3070), 168 RUN_DEV(CYBERTAN, RT2870), 169 RUN_DEV(DLINK, RT2870), 170 RUN_DEV(DLINK, RT3072), 171 RUN_DEV(DLINK2, DWA130), 172 RUN_DEV(DLINK2, RT2870_1), 173 RUN_DEV(DLINK2, RT2870_2), 174 RUN_DEV(DLINK2, RT3070_1), 175 RUN_DEV(DLINK2, RT3070_2), 176 RUN_DEV(DLINK2, RT3070_3), 177 RUN_DEV(DLINK2, RT3070_4), 178 RUN_DEV(DLINK2, RT3070_5), 179 RUN_DEV(DLINK2, RT3072), 180 RUN_DEV(DLINK2, RT3072_1), 181 RUN_DEV(EDIMAX, EW7717), 182 RUN_DEV(EDIMAX, EW7718), 183 RUN_DEV(EDIMAX, RT2870_1), 184 RUN_DEV(ENCORE, RT3070_1), 185 RUN_DEV(ENCORE, RT3070_2), 186 RUN_DEV(ENCORE, RT3070_3), 187 RUN_DEV(GIGABYTE, GNWB31N), 188 RUN_DEV(GIGABYTE, GNWB32L), 189 RUN_DEV(GIGABYTE, RT2870_1), 190 RUN_DEV(GIGASET, RT3070_1), 191 RUN_DEV(GIGASET, RT3070_2), 192 RUN_DEV(GUILLEMOT, HWNU300), 193 RUN_DEV(HAWKING, HWUN2), 194 RUN_DEV(HAWKING, RT2870_1), 195 RUN_DEV(HAWKING, RT2870_2), 196 RUN_DEV(HAWKING, RT3070), 197 RUN_DEV(IODATA, RT3072_1), 198 RUN_DEV(IODATA, RT3072_2), 199 RUN_DEV(IODATA, RT3072_3), 200 RUN_DEV(IODATA, RT3072_4), 201 RUN_DEV(LINKSYS4, RT3070), 202 RUN_DEV(LINKSYS4, WUSB100), 203 RUN_DEV(LINKSYS4, WUSB54GCV3), 204 RUN_DEV(LINKSYS4, WUSB600N), 205 RUN_DEV(LINKSYS4, WUSB600NV2), 206 RUN_DEV(LOGITEC, RT2870_1), 207 RUN_DEV(LOGITEC, RT2870_2), 208 RUN_DEV(LOGITEC, RT2870_3), 209 RUN_DEV(MELCO, RT2870_1), 210 RUN_DEV(MELCO, RT2870_2), 211 RUN_DEV(MELCO, WLIUCAG300N), 212 RUN_DEV(MELCO, WLIUCG300N), 213 RUN_DEV(MELCO, WLIUCGN), 214 RUN_DEV(MOTOROLA4, RT2770), 215 RUN_DEV(MOTOROLA4, RT3070), 216 RUN_DEV(MSI, RT3070_1), 217 RUN_DEV(MSI, RT3070_2), 218 RUN_DEV(MSI, RT3070_3), 219 RUN_DEV(MSI, RT3070_4), 220 RUN_DEV(MSI, RT3070_5), 221 RUN_DEV(MSI, RT3070_6), 222 RUN_DEV(MSI, RT3070_7), 223 RUN_DEV(MSI, RT3070_8), 224 RUN_DEV(MSI, RT3070_9), 225 RUN_DEV(MSI, RT3070_10), 226 RUN_DEV(MSI, RT3070_11), 227 RUN_DEV(OVISLINK, RT3072), 228 RUN_DEV(PARA, RT3070), 229 RUN_DEV(PEGATRON, RT2870), 230 RUN_DEV(PEGATRON, RT3070), 231 RUN_DEV(PEGATRON, RT3070_2), 232 RUN_DEV(PEGATRON, RT3070_3), 233 RUN_DEV(PHILIPS, RT2870), 234 RUN_DEV(PLANEX2, GWUS300MINIS), 235 RUN_DEV(PLANEX2, GWUSMICRON), 236 RUN_DEV(PLANEX2, RT2870), 237 RUN_DEV(PLANEX2, RT3070), 238 RUN_DEV(QCOM, RT2870), 239 RUN_DEV(QUANTA, RT3070), 240 RUN_DEV(RALINK, RT2070), 241 RUN_DEV(RALINK, RT2770), 242 RUN_DEV(RALINK, RT2870), 243 RUN_DEV(RALINK, RT3070), 244 RUN_DEV(RALINK, RT3071), 245 RUN_DEV(RALINK, RT3072), 246 RUN_DEV(RALINK, RT3370), 247 RUN_DEV(RALINK, RT3572), 248 RUN_DEV(RALINK, RT8070), 249 RUN_DEV(SAMSUNG2, RT2870_1), 250 RUN_DEV(SENAO, RT2870_1), 251 RUN_DEV(SENAO, RT2870_2), 252 RUN_DEV(SENAO, RT2870_3), 253 RUN_DEV(SENAO, RT2870_4), 254 RUN_DEV(SENAO, RT3070), 255 RUN_DEV(SENAO, RT3071), 256 RUN_DEV(SENAO, RT3072_1), 257 RUN_DEV(SENAO, RT3072_2), 258 RUN_DEV(SENAO, RT3072_3), 259 RUN_DEV(SENAO, RT3072_4), 260 RUN_DEV(SENAO, RT3072_5), 261 RUN_DEV(SITECOMEU, RT2770), 262 RUN_DEV(SITECOMEU, RT2870_1), 263 RUN_DEV(SITECOMEU, RT2870_2), 264 RUN_DEV(SITECOMEU, RT2870_3), 265 RUN_DEV(SITECOMEU, RT2870_4), 266 RUN_DEV(SITECOMEU, RT3070), 267 RUN_DEV(SITECOMEU, RT3070_2), 268 RUN_DEV(SITECOMEU, RT3070_3), 269 RUN_DEV(SITECOMEU, RT3070_4), 270 RUN_DEV(SITECOMEU, RT3071), 271 RUN_DEV(SITECOMEU, RT3072_1), 272 RUN_DEV(SITECOMEU, RT3072_2), 273 RUN_DEV(SITECOMEU, RT3072_3), 274 RUN_DEV(SITECOMEU, RT3072_4), 275 RUN_DEV(SITECOMEU, RT3072_5), 276 RUN_DEV(SITECOMEU, RT3072_6), 277 RUN_DEV(SITECOMEU, WL608), 278 RUN_DEV(SPARKLAN, RT2870_1), 279 RUN_DEV(SPARKLAN, RT3070), 280 RUN_DEV(SWEEX2, LW153), 281 RUN_DEV(SWEEX2, LW303), 282 RUN_DEV(SWEEX2, LW313), 283 RUN_DEV(TOSHIBA, RT3070), 284 RUN_DEV(UMEDIA, RT2870_1), 285 RUN_DEV(ZCOM, RT2870_1), 286 RUN_DEV(ZCOM, RT2870_2), 287 RUN_DEV(ZINWELL, RT2870_1), 288 RUN_DEV(ZINWELL, RT2870_2), 289 RUN_DEV(ZINWELL, RT3070), 290 RUN_DEV(ZINWELL, RT3072_1), 291 RUN_DEV(ZINWELL, RT3072_2), 292 RUN_DEV(ZYXEL, RT2870_1), 293 RUN_DEV(ZYXEL, RT2870_2), 294 #undef RUN_DEV 295 }; 296 297 static device_probe_t run_match; 298 static device_attach_t run_attach; 299 static device_detach_t run_detach; 300 301 static usb_callback_t run_bulk_rx_callback; 302 static usb_callback_t run_bulk_tx_callback0; 303 static usb_callback_t run_bulk_tx_callback1; 304 static usb_callback_t run_bulk_tx_callback2; 305 static usb_callback_t run_bulk_tx_callback3; 306 static usb_callback_t run_bulk_tx_callback4; 307 static usb_callback_t run_bulk_tx_callback5; 308 309 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 310 usb_error_t error, unsigned int index); 311 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 312 const char name[IFNAMSIZ], int unit, int opmode, int flags, 313 const uint8_t bssid[IEEE80211_ADDR_LEN], const uint8_t 314 mac[IEEE80211_ADDR_LEN]); 315 static void run_vap_delete(struct ieee80211vap *); 316 static void run_cmdq_cb(void *, int); 317 static void run_setup_tx_list(struct run_softc *, 318 struct run_endpoint_queue *); 319 static void run_unsetup_tx_list(struct run_softc *, 320 struct run_endpoint_queue *); 321 static int run_load_microcode(struct run_softc *); 322 static int run_reset(struct run_softc *); 323 static usb_error_t run_do_request(struct run_softc *, 324 struct usb_device_request *, void *); 325 static int run_read(struct run_softc *, uint16_t, uint32_t *); 326 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 327 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 328 static int run_write(struct run_softc *, uint16_t, uint32_t); 329 static int run_write_region_1(struct run_softc *, uint16_t, 330 const uint8_t *, int); 331 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 332 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 333 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 334 static int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t); 335 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 336 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 337 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 338 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 339 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 340 static const char *run_get_rf(int); 341 static int run_read_eeprom(struct run_softc *); 342 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 343 const uint8_t mac[IEEE80211_ADDR_LEN]); 344 static int run_media_change(struct ifnet *); 345 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 346 static int run_wme_update(struct ieee80211com *); 347 static void run_wme_update_cb(void *); 348 static void run_key_update_begin(struct ieee80211vap *); 349 static void run_key_update_end(struct ieee80211vap *); 350 static void run_key_set_cb(void *); 351 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 352 const uint8_t mac[IEEE80211_ADDR_LEN]); 353 static void run_key_delete_cb(void *); 354 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 355 static void run_ratectl_to(void *); 356 static void run_ratectl_cb(void *, int); 357 static void run_drain_fifo(void *); 358 static void run_iter_func(void *, struct ieee80211_node *); 359 static void run_newassoc_cb(void *); 360 static void run_newassoc(struct ieee80211_node *, int); 361 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 362 static void run_tx_free(struct run_endpoint_queue *pq, 363 struct run_tx_data *, int); 364 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 365 static int run_tx(struct run_softc *, struct mbuf *, 366 struct ieee80211_node *); 367 static int run_tx_mgt(struct run_softc *, struct mbuf *, 368 struct ieee80211_node *); 369 static int run_sendprot(struct run_softc *, const struct mbuf *, 370 struct ieee80211_node *, int, int); 371 static int run_tx_param(struct run_softc *, struct mbuf *, 372 struct ieee80211_node *, 373 const struct ieee80211_bpf_params *); 374 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 375 const struct ieee80211_bpf_params *); 376 static void run_start(struct ifnet *); 377 static int run_ioctl(struct ifnet *, u_long, caddr_t); 378 static void run_set_agc(struct run_softc *, uint8_t); 379 static void run_select_chan_group(struct run_softc *, int); 380 static void run_set_rx_antenna(struct run_softc *, int); 381 static void run_rt2870_set_chan(struct run_softc *, u_int); 382 static void run_rt3070_set_chan(struct run_softc *, u_int); 383 static void run_rt3572_set_chan(struct run_softc *, u_int); 384 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 385 static void run_set_channel(struct ieee80211com *); 386 static void run_scan_start(struct ieee80211com *); 387 static void run_scan_end(struct ieee80211com *); 388 static void run_update_beacon(struct ieee80211vap *, int); 389 static void run_update_beacon_cb(void *); 390 static void run_updateprot(struct ieee80211com *); 391 static void run_usb_timeout_cb(void *); 392 static void run_reset_livelock(struct run_softc *); 393 static void run_enable_tsf_sync(struct run_softc *); 394 static void run_enable_mrr(struct run_softc *); 395 static void run_set_txpreamble(struct run_softc *); 396 static void run_set_basicrates(struct run_softc *); 397 static void run_set_leds(struct run_softc *, uint16_t); 398 static void run_set_bssid(struct run_softc *, const uint8_t *); 399 static void run_set_macaddr(struct run_softc *, const uint8_t *); 400 static void run_updateslot(struct ifnet *); 401 static void run_update_mcast(struct ifnet *); 402 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 403 static void run_update_promisc_locked(struct ifnet *); 404 static void run_update_promisc(struct ifnet *); 405 static int run_bbp_init(struct run_softc *); 406 static int run_rt3070_rf_init(struct run_softc *); 407 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 408 uint8_t *); 409 static void run_rt3070_rf_setup(struct run_softc *); 410 static int run_txrx_enable(struct run_softc *); 411 static void run_init(void *); 412 static void run_init_locked(struct run_softc *); 413 static void run_stop(void *); 414 static void run_delay(struct run_softc *, unsigned int); 415 416 static const struct { 417 uint16_t reg; 418 uint32_t val; 419 } rt2870_def_mac[] = { 420 RT2870_DEF_MAC 421 }; 422 423 static const struct { 424 uint8_t reg; 425 uint8_t val; 426 } rt2860_def_bbp[] = { 427 RT2860_DEF_BBP 428 }; 429 430 static const struct rfprog { 431 uint8_t chan; 432 uint32_t r1, r2, r3, r4; 433 } rt2860_rf2850[] = { 434 RT2860_RF2850 435 }; 436 437 struct { 438 uint8_t n, r, k; 439 } rt3070_freqs[] = { 440 RT3070_RF3052 441 }; 442 443 static const struct { 444 uint8_t reg; 445 uint8_t val; 446 } rt3070_def_rf[] = { 447 RT3070_DEF_RF 448 },rt3572_def_rf[] = { 449 RT3572_DEF_RF 450 }; 451 452 static const struct usb_config run_config[RUN_N_XFER] = { 453 [RUN_BULK_TX_BE] = { 454 .type = UE_BULK, 455 .endpoint = UE_ADDR_ANY, 456 .ep_index = 0, 457 .direction = UE_DIR_OUT, 458 .bufsize = RUN_MAX_TXSZ, 459 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 460 .callback = run_bulk_tx_callback0, 461 .timeout = 5000, /* ms */ 462 }, 463 [RUN_BULK_TX_BK] = { 464 .type = UE_BULK, 465 .endpoint = UE_ADDR_ANY, 466 .direction = UE_DIR_OUT, 467 .ep_index = 1, 468 .bufsize = RUN_MAX_TXSZ, 469 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 470 .callback = run_bulk_tx_callback1, 471 .timeout = 5000, /* ms */ 472 }, 473 [RUN_BULK_TX_VI] = { 474 .type = UE_BULK, 475 .endpoint = UE_ADDR_ANY, 476 .direction = UE_DIR_OUT, 477 .ep_index = 2, 478 .bufsize = RUN_MAX_TXSZ, 479 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 480 .callback = run_bulk_tx_callback2, 481 .timeout = 5000, /* ms */ 482 }, 483 [RUN_BULK_TX_VO] = { 484 .type = UE_BULK, 485 .endpoint = UE_ADDR_ANY, 486 .direction = UE_DIR_OUT, 487 .ep_index = 3, 488 .bufsize = RUN_MAX_TXSZ, 489 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 490 .callback = run_bulk_tx_callback3, 491 .timeout = 5000, /* ms */ 492 }, 493 [RUN_BULK_TX_HCCA] = { 494 .type = UE_BULK, 495 .endpoint = UE_ADDR_ANY, 496 .direction = UE_DIR_OUT, 497 .ep_index = 4, 498 .bufsize = RUN_MAX_TXSZ, 499 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 500 .callback = run_bulk_tx_callback4, 501 .timeout = 5000, /* ms */ 502 }, 503 [RUN_BULK_TX_PRIO] = { 504 .type = UE_BULK, 505 .endpoint = UE_ADDR_ANY, 506 .direction = UE_DIR_OUT, 507 .ep_index = 5, 508 .bufsize = RUN_MAX_TXSZ, 509 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 510 .callback = run_bulk_tx_callback5, 511 .timeout = 5000, /* ms */ 512 }, 513 [RUN_BULK_RX] = { 514 .type = UE_BULK, 515 .endpoint = UE_ADDR_ANY, 516 .direction = UE_DIR_IN, 517 .bufsize = RUN_MAX_RXSZ, 518 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 519 .callback = run_bulk_rx_callback, 520 } 521 }; 522 523 int 524 run_match(device_t self) 525 { 526 struct usb_attach_arg *uaa = device_get_ivars(self); 527 528 if (uaa->usb_mode != USB_MODE_HOST) 529 return (ENXIO); 530 if (uaa->info.bConfigIndex != 0) 531 return (ENXIO); 532 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 533 return (ENXIO); 534 535 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 536 } 537 538 static int 539 run_attach(device_t self) 540 { 541 struct run_softc *sc = device_get_softc(self); 542 struct usb_attach_arg *uaa = device_get_ivars(self); 543 struct ieee80211com *ic; 544 struct ifnet *ifp; 545 uint32_t ver; 546 int i, ntries, error; 547 uint8_t iface_index, bands; 548 549 device_set_usb_desc(self); 550 sc->sc_udev = uaa->device; 551 sc->sc_dev = self; 552 553 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 554 MTX_NETWORK_LOCK, MTX_DEF); 555 556 iface_index = RT2860_IFACE_INDEX; 557 558 error = usbd_transfer_setup(uaa->device, &iface_index, 559 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 560 if (error) { 561 device_printf(self, "could not allocate USB transfers, " 562 "err=%s\n", usbd_errstr(error)); 563 goto detach; 564 } 565 566 RUN_LOCK(sc); 567 568 /* wait for the chip to settle */ 569 for (ntries = 0; ntries < 100; ntries++) { 570 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 571 RUN_UNLOCK(sc); 572 goto detach; 573 } 574 if (ver != 0 && ver != 0xffffffff) 575 break; 576 run_delay(sc, 10); 577 } 578 if (ntries == 100) { 579 device_printf(sc->sc_dev, 580 "timeout waiting for NIC to initialize\n"); 581 RUN_UNLOCK(sc); 582 goto detach; 583 } 584 sc->mac_ver = ver >> 16; 585 sc->mac_rev = ver & 0xffff; 586 587 /* retrieve RF rev. no and various other things from EEPROM */ 588 run_read_eeprom(sc); 589 590 device_printf(sc->sc_dev, 591 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 592 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 593 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 594 595 if ((error = run_load_microcode(sc)) != 0) { 596 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 597 RUN_UNLOCK(sc); 598 goto detach; 599 } 600 601 RUN_UNLOCK(sc); 602 603 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 604 if(ifp == NULL){ 605 device_printf(sc->sc_dev, "can not if_alloc()\n"); 606 goto detach; 607 } 608 ic = ifp->if_l2com; 609 610 ifp->if_softc = sc; 611 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 612 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 613 ifp->if_init = run_init; 614 ifp->if_ioctl = run_ioctl; 615 ifp->if_start = run_start; 616 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 617 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 618 IFQ_SET_READY(&ifp->if_snd); 619 620 ic->ic_ifp = ifp; 621 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 622 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 623 624 /* set device capabilities */ 625 ic->ic_caps = 626 IEEE80211_C_STA | /* station mode supported */ 627 IEEE80211_C_MONITOR | /* monitor mode supported */ 628 IEEE80211_C_IBSS | 629 IEEE80211_C_HOSTAP | 630 IEEE80211_C_WDS | /* 4-address traffic works */ 631 IEEE80211_C_MBSS | 632 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 633 IEEE80211_C_SHSLOT | /* short slot time supported */ 634 IEEE80211_C_WME | /* WME */ 635 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 636 637 ic->ic_cryptocaps = 638 IEEE80211_CRYPTO_WEP | 639 IEEE80211_CRYPTO_AES_CCM | 640 IEEE80211_CRYPTO_TKIPMIC | 641 IEEE80211_CRYPTO_TKIP; 642 643 ic->ic_flags |= IEEE80211_F_DATAPAD; 644 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 645 646 bands = 0; 647 setbit(&bands, IEEE80211_MODE_11B); 648 setbit(&bands, IEEE80211_MODE_11G); 649 ieee80211_init_channels(ic, NULL, &bands); 650 651 /* 652 * Do this by own because h/w supports 653 * more channels than ieee80211_init_channels() 654 */ 655 if (sc->rf_rev == RT2860_RF_2750 || 656 sc->rf_rev == RT2860_RF_2850 || 657 sc->rf_rev == RT3070_RF_3052) { 658 /* set supported .11a rates */ 659 for (i = 14; i < nitems(rt2860_rf2850); i++) { 660 uint8_t chan = rt2860_rf2850[i].chan; 661 ic->ic_channels[ic->ic_nchans].ic_freq = 662 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A); 663 ic->ic_channels[ic->ic_nchans].ic_ieee = chan; 664 ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A; 665 ic->ic_channels[ic->ic_nchans].ic_extieee = 0; 666 ic->ic_nchans++; 667 } 668 } 669 670 ieee80211_ifattach(ic, sc->sc_bssid); 671 672 ic->ic_scan_start = run_scan_start; 673 ic->ic_scan_end = run_scan_end; 674 ic->ic_set_channel = run_set_channel; 675 ic->ic_node_alloc = run_node_alloc; 676 ic->ic_newassoc = run_newassoc; 677 //ic->ic_updateslot = run_updateslot; 678 ic->ic_update_mcast = run_update_mcast; 679 ic->ic_wme.wme_update = run_wme_update; 680 ic->ic_raw_xmit = run_raw_xmit; 681 ic->ic_update_promisc = run_update_promisc; 682 683 ic->ic_vap_create = run_vap_create; 684 ic->ic_vap_delete = run_vap_delete; 685 686 ieee80211_radiotap_attach(ic, 687 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 688 RUN_TX_RADIOTAP_PRESENT, 689 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 690 RUN_RX_RADIOTAP_PRESENT); 691 692 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 693 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 694 callout_init((struct callout *)&sc->ratectl_ch, 1); 695 696 if (bootverbose) 697 ieee80211_announce(ic); 698 699 return (0); 700 701 detach: 702 run_detach(self); 703 return (ENXIO); 704 } 705 706 static int 707 run_detach(device_t self) 708 { 709 struct run_softc *sc = device_get_softc(self); 710 struct ifnet *ifp = sc->sc_ifp; 711 struct ieee80211com *ic; 712 int i; 713 714 /* stop all USB transfers */ 715 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 716 717 RUN_LOCK(sc); 718 719 sc->ratectl_run = RUN_RATECTL_OFF; 720 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 721 722 /* free TX list, if any */ 723 for (i = 0; i != RUN_EP_QUEUES; i++) 724 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 725 RUN_UNLOCK(sc); 726 727 if (ifp) { 728 ic = ifp->if_l2com; 729 /* drain tasks */ 730 usb_callout_drain(&sc->ratectl_ch); 731 ieee80211_draintask(ic, &sc->cmdq_task); 732 ieee80211_draintask(ic, &sc->ratectl_task); 733 ieee80211_ifdetach(ic); 734 if_free(ifp); 735 } 736 737 mtx_destroy(&sc->sc_mtx); 738 739 return (0); 740 } 741 742 static struct ieee80211vap * 743 run_vap_create(struct ieee80211com *ic, 744 const char name[IFNAMSIZ], int unit, int opmode, int flags, 745 const uint8_t bssid[IEEE80211_ADDR_LEN], 746 const uint8_t mac[IEEE80211_ADDR_LEN]) 747 { 748 struct ifnet *ifp = ic->ic_ifp; 749 struct run_softc *sc = ifp->if_softc; 750 struct run_vap *rvp; 751 struct ieee80211vap *vap; 752 int i; 753 754 if (sc->rvp_cnt >= RUN_VAP_MAX) { 755 if_printf(ifp, "number of VAPs maxed out\n"); 756 return (NULL); 757 } 758 759 switch (opmode) { 760 case IEEE80211_M_STA: 761 /* enable s/w bmiss handling for sta mode */ 762 flags |= IEEE80211_CLONE_NOBEACONS; 763 /* fall though */ 764 case IEEE80211_M_IBSS: 765 case IEEE80211_M_MONITOR: 766 case IEEE80211_M_HOSTAP: 767 case IEEE80211_M_MBSS: 768 /* other than WDS vaps, only one at a time */ 769 if (!TAILQ_EMPTY(&ic->ic_vaps)) 770 return (NULL); 771 break; 772 case IEEE80211_M_WDS: 773 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 774 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 775 continue; 776 /* WDS vap's always share the local mac address. */ 777 flags &= ~IEEE80211_CLONE_BSSID; 778 break; 779 } 780 if (vap == NULL) { 781 if_printf(ifp, "wds only supported in ap mode\n"); 782 return (NULL); 783 } 784 break; 785 default: 786 if_printf(ifp, "unknown opmode %d\n", opmode); 787 return (NULL); 788 } 789 790 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 791 M_80211_VAP, M_NOWAIT | M_ZERO); 792 if (rvp == NULL) 793 return (NULL); 794 vap = &rvp->vap; 795 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 796 797 vap->iv_key_update_begin = run_key_update_begin; 798 vap->iv_key_update_end = run_key_update_end; 799 vap->iv_update_beacon = run_update_beacon; 800 vap->iv_max_aid = RT2870_WCID_MAX; 801 /* 802 * To delete the right key from h/w, we need wcid. 803 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 804 * and matching wcid will be written into there. So, cast 805 * some spells to remove 'const' from ieee80211_key{} 806 */ 807 vap->iv_key_delete = (void *)run_key_delete; 808 vap->iv_key_set = (void *)run_key_set; 809 810 /* override state transition machine */ 811 rvp->newstate = vap->iv_newstate; 812 vap->iv_newstate = run_newstate; 813 814 ieee80211_ratectl_init(vap); 815 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 816 817 /* complete setup */ 818 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 819 820 /* make sure id is always unique */ 821 for (i = 0; i < RUN_VAP_MAX; i++) { 822 if((sc->rvp_bmap & 1 << i) == 0){ 823 sc->rvp_bmap |= 1 << i; 824 rvp->rvp_id = i; 825 break; 826 } 827 } 828 if (sc->rvp_cnt++ == 0) 829 ic->ic_opmode = opmode; 830 831 if (opmode == IEEE80211_M_HOSTAP) 832 sc->cmdq_run = RUN_CMDQ_GO; 833 834 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 835 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 836 837 return (vap); 838 } 839 840 static void 841 run_vap_delete(struct ieee80211vap *vap) 842 { 843 struct run_vap *rvp = RUN_VAP(vap); 844 struct ifnet *ifp; 845 struct ieee80211com *ic; 846 struct run_softc *sc; 847 uint8_t rvp_id; 848 849 if (vap == NULL) 850 return; 851 852 ic = vap->iv_ic; 853 ifp = ic->ic_ifp; 854 855 sc = ifp->if_softc; 856 857 RUN_LOCK(sc); 858 859 rvp_id = rvp->rvp_id; 860 sc->ratectl_run &= ~(1 << rvp_id); 861 sc->rvp_bmap &= ~(1 << rvp_id); 862 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 863 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 864 --sc->rvp_cnt; 865 866 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 867 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 868 869 RUN_UNLOCK(sc); 870 871 ieee80211_ratectl_deinit(vap); 872 ieee80211_vap_detach(vap); 873 free(rvp, M_80211_VAP); 874 } 875 876 /* 877 * There are numbers of functions need to be called in context thread. 878 * Rather than creating taskqueue event for each of those functions, 879 * here is all-for-one taskqueue callback function. This function 880 * gurantees deferred functions are executed in the same order they 881 * were enqueued. 882 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 883 */ 884 static void 885 run_cmdq_cb(void *arg, int pending) 886 { 887 struct run_softc *sc = arg; 888 uint8_t i; 889 890 /* call cmdq[].func locked */ 891 RUN_LOCK(sc); 892 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 893 i = sc->cmdq_exec, pending--) { 894 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 895 if (sc->cmdq_run == RUN_CMDQ_GO) { 896 /* 897 * If arg0 is NULL, callback func needs more 898 * than one arg. So, pass ptr to cmdq struct. 899 */ 900 if (sc->cmdq[i].arg0) 901 sc->cmdq[i].func(sc->cmdq[i].arg0); 902 else 903 sc->cmdq[i].func(&sc->cmdq[i]); 904 } 905 sc->cmdq[i].arg0 = NULL; 906 sc->cmdq[i].func = NULL; 907 sc->cmdq_exec++; 908 sc->cmdq_exec &= RUN_CMDQ_MASQ; 909 } 910 RUN_UNLOCK(sc); 911 } 912 913 static void 914 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 915 { 916 struct run_tx_data *data; 917 918 memset(pq, 0, sizeof(*pq)); 919 920 STAILQ_INIT(&pq->tx_qh); 921 STAILQ_INIT(&pq->tx_fh); 922 923 for (data = &pq->tx_data[0]; 924 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 925 data->sc = sc; 926 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 927 } 928 pq->tx_nfree = RUN_TX_RING_COUNT; 929 } 930 931 static void 932 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 933 { 934 struct run_tx_data *data; 935 936 /* make sure any subsequent use of the queues will fail */ 937 pq->tx_nfree = 0; 938 STAILQ_INIT(&pq->tx_fh); 939 STAILQ_INIT(&pq->tx_qh); 940 941 /* free up all node references and mbufs */ 942 for (data = &pq->tx_data[0]; 943 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 944 if (data->m != NULL) { 945 m_freem(data->m); 946 data->m = NULL; 947 } 948 if (data->ni != NULL) { 949 ieee80211_free_node(data->ni); 950 data->ni = NULL; 951 } 952 } 953 } 954 955 int 956 run_load_microcode(struct run_softc *sc) 957 { 958 usb_device_request_t req; 959 const struct firmware *fw; 960 const u_char *base; 961 uint32_t tmp; 962 int ntries, error; 963 const uint64_t *temp; 964 uint64_t bytes; 965 966 RUN_UNLOCK(sc); 967 fw = firmware_get("runfw"); 968 RUN_LOCK(sc); 969 if (fw == NULL) { 970 device_printf(sc->sc_dev, 971 "failed loadfirmware of file %s\n", "runfw"); 972 return ENOENT; 973 } 974 975 if (fw->datasize != 8192) { 976 device_printf(sc->sc_dev, 977 "invalid firmware size (should be 8KB)\n"); 978 error = EINVAL; 979 goto fail; 980 } 981 982 /* 983 * RT3071/RT3072 use a different firmware 984 * run-rt2870 (8KB) contains both, 985 * first half (4KB) is for rt2870, 986 * last half is for rt3071. 987 */ 988 base = fw->data; 989 if ((sc->mac_ver) != 0x2860 && 990 (sc->mac_ver) != 0x2872 && 991 (sc->mac_ver) != 0x3070) { 992 base += 4096; 993 } 994 995 /* cheap sanity check */ 996 temp = fw->data; 997 bytes = *temp; 998 if (bytes != be64toh(0xffffff0210280210)) { 999 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1000 error = EINVAL; 1001 goto fail; 1002 } 1003 1004 run_read(sc, RT2860_ASIC_VER_ID, &tmp); 1005 /* write microcode image */ 1006 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1007 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1008 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1009 1010 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1011 req.bRequest = RT2870_RESET; 1012 USETW(req.wValue, 8); 1013 USETW(req.wIndex, 0); 1014 USETW(req.wLength, 0); 1015 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) != 0) { 1016 device_printf(sc->sc_dev, "firmware reset failed\n"); 1017 goto fail; 1018 } 1019 1020 run_delay(sc, 10); 1021 1022 run_write(sc, RT2860_H2M_MAILBOX, 0); 1023 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1024 goto fail; 1025 1026 /* wait until microcontroller is ready */ 1027 for (ntries = 0; ntries < 1000; ntries++) { 1028 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1029 goto fail; 1030 } 1031 if (tmp & RT2860_MCU_READY) 1032 break; 1033 run_delay(sc, 10); 1034 } 1035 if (ntries == 1000) { 1036 device_printf(sc->sc_dev, 1037 "timeout waiting for MCU to initialize\n"); 1038 error = ETIMEDOUT; 1039 goto fail; 1040 } 1041 device_printf(sc->sc_dev, "firmware %s loaded\n", 1042 (base == fw->data) ? "RT2870" : "RT3071"); 1043 1044 fail: 1045 firmware_put(fw, FIRMWARE_UNLOAD); 1046 return (error); 1047 } 1048 1049 int 1050 run_reset(struct run_softc *sc) 1051 { 1052 usb_device_request_t req; 1053 1054 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1055 req.bRequest = RT2870_RESET; 1056 USETW(req.wValue, 1); 1057 USETW(req.wIndex, 0); 1058 USETW(req.wLength, 0); 1059 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1060 } 1061 1062 static usb_error_t 1063 run_do_request(struct run_softc *sc, 1064 struct usb_device_request *req, void *data) 1065 { 1066 usb_error_t err; 1067 int ntries = 10; 1068 1069 RUN_LOCK_ASSERT(sc, MA_OWNED); 1070 1071 while (ntries--) { 1072 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1073 req, data, 0, NULL, 250 /* ms */); 1074 if (err == 0) 1075 break; 1076 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1077 usbd_errstr(err)); 1078 run_delay(sc, 10); 1079 } 1080 return (err); 1081 } 1082 1083 static int 1084 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1085 { 1086 uint32_t tmp; 1087 int error; 1088 1089 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1090 if (error == 0) 1091 *val = le32toh(tmp); 1092 else 1093 *val = 0xffffffff; 1094 return (error); 1095 } 1096 1097 static int 1098 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1099 { 1100 usb_device_request_t req; 1101 1102 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1103 req.bRequest = RT2870_READ_REGION_1; 1104 USETW(req.wValue, 0); 1105 USETW(req.wIndex, reg); 1106 USETW(req.wLength, len); 1107 1108 return (run_do_request(sc, &req, buf)); 1109 } 1110 1111 static int 1112 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1113 { 1114 usb_device_request_t req; 1115 1116 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1117 req.bRequest = RT2870_WRITE_2; 1118 USETW(req.wValue, val); 1119 USETW(req.wIndex, reg); 1120 USETW(req.wLength, 0); 1121 1122 return (run_do_request(sc, &req, NULL)); 1123 } 1124 1125 static int 1126 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1127 { 1128 int error; 1129 1130 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1131 error = run_write_2(sc, reg + 2, val >> 16); 1132 return (error); 1133 } 1134 1135 static int 1136 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1137 int len) 1138 { 1139 #if 1 1140 int i, error = 0; 1141 /* 1142 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1143 * We thus issue multiple WRITE_2 commands instead. 1144 */ 1145 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1146 for (i = 0; i < len && error == 0; i += 2) 1147 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1148 return (error); 1149 #else 1150 usb_device_request_t req; 1151 1152 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1153 req.bRequest = RT2870_WRITE_REGION_1; 1154 USETW(req.wValue, 0); 1155 USETW(req.wIndex, reg); 1156 USETW(req.wLength, len); 1157 return (run_do_request(sc, &req, buf)); 1158 #endif 1159 } 1160 1161 static int 1162 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1163 { 1164 int i, error = 0; 1165 1166 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1167 for (i = 0; i < len && error == 0; i += 4) 1168 error = run_write(sc, reg + i, val); 1169 return (error); 1170 } 1171 1172 /* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1173 static int 1174 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1175 { 1176 uint32_t tmp; 1177 uint16_t reg; 1178 int error, ntries; 1179 1180 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1181 return (error); 1182 1183 addr *= 2; 1184 /*- 1185 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1186 * DATA0: F E D C 1187 * DATA1: B A 9 8 1188 * DATA2: 7 6 5 4 1189 * DATA3: 3 2 1 0 1190 */ 1191 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1192 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1193 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1194 for (ntries = 0; ntries < 100; ntries++) { 1195 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1196 return (error); 1197 if (!(tmp & RT3070_EFSROM_KICK)) 1198 break; 1199 run_delay(sc, 2); 1200 } 1201 if (ntries == 100) 1202 return (ETIMEDOUT); 1203 1204 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1205 *val = 0xffff; /* address not found */ 1206 return (0); 1207 } 1208 /* determine to which 32-bit register our 16-bit word belongs */ 1209 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1210 if ((error = run_read(sc, reg, &tmp)) != 0) 1211 return (error); 1212 1213 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1214 return (0); 1215 } 1216 1217 static int 1218 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1219 { 1220 usb_device_request_t req; 1221 uint16_t tmp; 1222 int error; 1223 1224 addr *= 2; 1225 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1226 req.bRequest = RT2870_EEPROM_READ; 1227 USETW(req.wValue, 0); 1228 USETW(req.wIndex, addr); 1229 USETW(req.wLength, sizeof tmp); 1230 1231 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1232 if (error == 0) 1233 *val = le16toh(tmp); 1234 else 1235 *val = 0xffff; 1236 return (error); 1237 } 1238 1239 static __inline int 1240 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1241 { 1242 /* either eFUSE ROM or EEPROM */ 1243 return sc->sc_srom_read(sc, addr, val); 1244 } 1245 1246 static int 1247 run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val) 1248 { 1249 uint32_t tmp; 1250 int error, ntries; 1251 1252 for (ntries = 0; ntries < 10; ntries++) { 1253 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1254 return (error); 1255 if (!(tmp & RT2860_RF_REG_CTRL)) 1256 break; 1257 } 1258 if (ntries == 10) 1259 return (ETIMEDOUT); 1260 1261 /* RF registers are 24-bit on the RT2860 */ 1262 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 1263 (val & 0x3fffff) << 2 | (reg & 3); 1264 return (run_write(sc, RT2860_RF_CSR_CFG0, tmp)); 1265 } 1266 1267 static int 1268 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1269 { 1270 uint32_t tmp; 1271 int error, ntries; 1272 1273 for (ntries = 0; ntries < 100; ntries++) { 1274 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1275 return (error); 1276 if (!(tmp & RT3070_RF_KICK)) 1277 break; 1278 } 1279 if (ntries == 100) 1280 return (ETIMEDOUT); 1281 1282 tmp = RT3070_RF_KICK | reg << 8; 1283 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1284 return (error); 1285 1286 for (ntries = 0; ntries < 100; ntries++) { 1287 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1288 return (error); 1289 if (!(tmp & RT3070_RF_KICK)) 1290 break; 1291 } 1292 if (ntries == 100) 1293 return (ETIMEDOUT); 1294 1295 *val = tmp & 0xff; 1296 return (0); 1297 } 1298 1299 static int 1300 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1301 { 1302 uint32_t tmp; 1303 int error, ntries; 1304 1305 for (ntries = 0; ntries < 10; ntries++) { 1306 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1307 return (error); 1308 if (!(tmp & RT3070_RF_KICK)) 1309 break; 1310 } 1311 if (ntries == 10) 1312 return (ETIMEDOUT); 1313 1314 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1315 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1316 } 1317 1318 static int 1319 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1320 { 1321 uint32_t tmp; 1322 int ntries, error; 1323 1324 for (ntries = 0; ntries < 10; ntries++) { 1325 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1326 return (error); 1327 if (!(tmp & RT2860_BBP_CSR_KICK)) 1328 break; 1329 } 1330 if (ntries == 10) 1331 return (ETIMEDOUT); 1332 1333 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1334 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1335 return (error); 1336 1337 for (ntries = 0; ntries < 10; ntries++) { 1338 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1339 return (error); 1340 if (!(tmp & RT2860_BBP_CSR_KICK)) 1341 break; 1342 } 1343 if (ntries == 10) 1344 return (ETIMEDOUT); 1345 1346 *val = tmp & 0xff; 1347 return (0); 1348 } 1349 1350 static int 1351 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1352 { 1353 uint32_t tmp; 1354 int ntries, error; 1355 1356 for (ntries = 0; ntries < 10; ntries++) { 1357 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1358 return (error); 1359 if (!(tmp & RT2860_BBP_CSR_KICK)) 1360 break; 1361 } 1362 if (ntries == 10) 1363 return (ETIMEDOUT); 1364 1365 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1366 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1367 } 1368 1369 /* 1370 * Send a command to the 8051 microcontroller unit. 1371 */ 1372 static int 1373 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1374 { 1375 uint32_t tmp; 1376 int error, ntries; 1377 1378 for (ntries = 0; ntries < 100; ntries++) { 1379 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1380 return error; 1381 if (!(tmp & RT2860_H2M_BUSY)) 1382 break; 1383 } 1384 if (ntries == 100) 1385 return ETIMEDOUT; 1386 1387 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1388 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1389 error = run_write(sc, RT2860_HOST_CMD, cmd); 1390 return (error); 1391 } 1392 1393 /* 1394 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1395 * Used to adjust per-rate Tx power registers. 1396 */ 1397 static __inline uint32_t 1398 b4inc(uint32_t b32, int8_t delta) 1399 { 1400 int8_t i, b4; 1401 1402 for (i = 0; i < 8; i++) { 1403 b4 = b32 & 0xf; 1404 b4 += delta; 1405 if (b4 < 0) 1406 b4 = 0; 1407 else if (b4 > 0xf) 1408 b4 = 0xf; 1409 b32 = b32 >> 4 | b4 << 28; 1410 } 1411 return (b32); 1412 } 1413 1414 static const char * 1415 run_get_rf(int rev) 1416 { 1417 switch (rev) { 1418 case RT2860_RF_2820: return "RT2820"; 1419 case RT2860_RF_2850: return "RT2850"; 1420 case RT2860_RF_2720: return "RT2720"; 1421 case RT2860_RF_2750: return "RT2750"; 1422 case RT3070_RF_3020: return "RT3020"; 1423 case RT3070_RF_2020: return "RT2020"; 1424 case RT3070_RF_3021: return "RT3021"; 1425 case RT3070_RF_3022: return "RT3022"; 1426 case RT3070_RF_3052: return "RT3052"; 1427 } 1428 return ("unknown"); 1429 } 1430 1431 int 1432 run_read_eeprom(struct run_softc *sc) 1433 { 1434 int8_t delta_2ghz, delta_5ghz; 1435 uint32_t tmp; 1436 uint16_t val; 1437 int ridx, ant, i; 1438 1439 /* check whether the ROM is eFUSE ROM or EEPROM */ 1440 sc->sc_srom_read = run_eeprom_read_2; 1441 if (sc->mac_ver >= 0x3070) { 1442 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1443 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1444 if (tmp & RT3070_SEL_EFUSE) 1445 sc->sc_srom_read = run_efuse_read_2; 1446 } 1447 1448 /* read ROM version */ 1449 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1450 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1451 1452 /* read MAC address */ 1453 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1454 sc->sc_bssid[0] = val & 0xff; 1455 sc->sc_bssid[1] = val >> 8; 1456 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1457 sc->sc_bssid[2] = val & 0xff; 1458 sc->sc_bssid[3] = val >> 8; 1459 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1460 sc->sc_bssid[4] = val & 0xff; 1461 sc->sc_bssid[5] = val >> 8; 1462 1463 /* read vender BBP settings */ 1464 for (i = 0; i < 10; i++) { 1465 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1466 sc->bbp[i].val = val & 0xff; 1467 sc->bbp[i].reg = val >> 8; 1468 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1469 } 1470 if (sc->mac_ver >= 0x3071) { 1471 /* read vendor RF settings */ 1472 for (i = 0; i < 10; i++) { 1473 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val); 1474 sc->rf[i].val = val & 0xff; 1475 sc->rf[i].reg = val >> 8; 1476 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1477 sc->rf[i].val); 1478 } 1479 } 1480 1481 /* read RF frequency offset from EEPROM */ 1482 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1483 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1484 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1485 1486 if (val >> 8 != 0xff) { 1487 /* read LEDs operating mode */ 1488 sc->leds = val >> 8; 1489 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1490 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1491 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1492 } else { 1493 /* broken EEPROM, use default settings */ 1494 sc->leds = 0x01; 1495 sc->led[0] = 0x5555; 1496 sc->led[1] = 0x2221; 1497 sc->led[2] = 0x5627; /* differs from RT2860 */ 1498 } 1499 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1500 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1501 1502 /* read RF information */ 1503 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1504 if (val == 0xffff) { 1505 DPRINTF("invalid EEPROM antenna info, using default\n"); 1506 if (sc->mac_ver == 0x3572) { 1507 /* default to RF3052 2T2R */ 1508 sc->rf_rev = RT3070_RF_3052; 1509 sc->ntxchains = 2; 1510 sc->nrxchains = 2; 1511 } else if (sc->mac_ver >= 0x3070) { 1512 /* default to RF3020 1T1R */ 1513 sc->rf_rev = RT3070_RF_3020; 1514 sc->ntxchains = 1; 1515 sc->nrxchains = 1; 1516 } else { 1517 /* default to RF2820 1T2R */ 1518 sc->rf_rev = RT2860_RF_2820; 1519 sc->ntxchains = 1; 1520 sc->nrxchains = 2; 1521 } 1522 } else { 1523 sc->rf_rev = (val >> 8) & 0xf; 1524 sc->ntxchains = (val >> 4) & 0xf; 1525 sc->nrxchains = val & 0xf; 1526 } 1527 DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1528 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1529 1530 /* check if RF supports automatic Tx access gain control */ 1531 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1532 DPRINTF("EEPROM CFG 0x%04x\n", val); 1533 /* check if driver should patch the DAC issue */ 1534 if ((val >> 8) != 0xff) 1535 sc->patch_dac = (val >> 15) & 1; 1536 if ((val & 0xff) != 0xff) { 1537 sc->ext_5ghz_lna = (val >> 3) & 1; 1538 sc->ext_2ghz_lna = (val >> 2) & 1; 1539 /* check if RF supports automatic Tx access gain control */ 1540 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1541 /* check if we have a hardware radio switch */ 1542 sc->rfswitch = val & 1; 1543 } 1544 1545 /* read power settings for 2GHz channels */ 1546 for (i = 0; i < 14; i += 2) { 1547 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1548 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1549 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1550 1551 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1552 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1553 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1554 } 1555 /* fix broken Tx power entries */ 1556 for (i = 0; i < 14; i++) { 1557 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1558 sc->txpow1[i] = 5; 1559 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1560 sc->txpow2[i] = 5; 1561 DPRINTF("chan %d: power1=%d, power2=%d\n", 1562 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1563 } 1564 /* read power settings for 5GHz channels */ 1565 for (i = 0; i < 40; i += 2) { 1566 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1567 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1568 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1569 1570 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1571 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1572 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1573 } 1574 /* fix broken Tx power entries */ 1575 for (i = 0; i < 40; i++) { 1576 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1577 sc->txpow1[14 + i] = 5; 1578 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1579 sc->txpow2[14 + i] = 5; 1580 DPRINTF("chan %d: power1=%d, power2=%d\n", 1581 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1582 sc->txpow2[14 + i]); 1583 } 1584 1585 /* read Tx power compensation for each Tx rate */ 1586 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1587 delta_2ghz = delta_5ghz = 0; 1588 if ((val & 0xff) != 0xff && (val & 0x80)) { 1589 delta_2ghz = val & 0xf; 1590 if (!(val & 0x40)) /* negative number */ 1591 delta_2ghz = -delta_2ghz; 1592 } 1593 val >>= 8; 1594 if ((val & 0xff) != 0xff && (val & 0x80)) { 1595 delta_5ghz = val & 0xf; 1596 if (!(val & 0x40)) /* negative number */ 1597 delta_5ghz = -delta_5ghz; 1598 } 1599 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1600 delta_2ghz, delta_5ghz); 1601 1602 for (ridx = 0; ridx < 5; ridx++) { 1603 uint32_t reg; 1604 1605 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1606 reg = val; 1607 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1608 reg |= (uint32_t)val << 16; 1609 1610 sc->txpow20mhz[ridx] = reg; 1611 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1612 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1613 1614 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1615 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1616 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1617 } 1618 1619 /* read RSSI offsets and LNA gains from EEPROM */ 1620 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1621 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1622 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1623 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1624 if (sc->mac_ver >= 0x3070) { 1625 /* 1626 * On RT3070 chips (limited to 2 Rx chains), this ROM 1627 * field contains the Tx mixer gain for the 2GHz band. 1628 */ 1629 if ((val & 0xff) != 0xff) 1630 sc->txmixgain_2ghz = val & 0x7; 1631 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1632 } else 1633 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1634 sc->lna[2] = val >> 8; /* channel group 2 */ 1635 1636 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1637 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1638 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1639 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1640 if (sc->mac_ver == 0x3572) { 1641 /* 1642 * On RT3572 chips (limited to 2 Rx chains), this ROM 1643 * field contains the Tx mixer gain for the 5GHz band. 1644 */ 1645 if ((val & 0xff) != 0xff) 1646 sc->txmixgain_5ghz = val & 0x7; 1647 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1648 } else 1649 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1650 sc->lna[3] = val >> 8; /* channel group 3 */ 1651 1652 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1653 sc->lna[0] = val & 0xff; /* channel group 0 */ 1654 sc->lna[1] = val >> 8; /* channel group 1 */ 1655 1656 /* fix broken 5GHz LNA entries */ 1657 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1658 DPRINTF("invalid LNA for channel group %d\n", 2); 1659 sc->lna[2] = sc->lna[1]; 1660 } 1661 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1662 DPRINTF("invalid LNA for channel group %d\n", 3); 1663 sc->lna[3] = sc->lna[1]; 1664 } 1665 1666 /* fix broken RSSI offset entries */ 1667 for (ant = 0; ant < 3; ant++) { 1668 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1669 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1670 ant + 1, sc->rssi_2ghz[ant]); 1671 sc->rssi_2ghz[ant] = 0; 1672 } 1673 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1674 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1675 ant + 1, sc->rssi_5ghz[ant]); 1676 sc->rssi_5ghz[ant] = 0; 1677 } 1678 } 1679 return (0); 1680 } 1681 1682 struct ieee80211_node * 1683 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1684 { 1685 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1686 } 1687 1688 static int 1689 run_media_change(struct ifnet *ifp) 1690 { 1691 struct ieee80211vap *vap = ifp->if_softc; 1692 struct ieee80211com *ic = vap->iv_ic; 1693 const struct ieee80211_txparam *tp; 1694 struct run_softc *sc = ic->ic_ifp->if_softc; 1695 uint8_t rate, ridx; 1696 int error; 1697 1698 RUN_LOCK(sc); 1699 1700 error = ieee80211_media_change(ifp); 1701 if (error != ENETRESET) { 1702 RUN_UNLOCK(sc); 1703 return (error); 1704 } 1705 1706 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1707 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1708 struct ieee80211_node *ni; 1709 struct run_node *rn; 1710 1711 rate = ic->ic_sup_rates[ic->ic_curmode]. 1712 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1713 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1714 if (rt2860_rates[ridx].rate == rate) 1715 break; 1716 ni = ieee80211_ref_node(vap->iv_bss); 1717 rn = (struct run_node *)ni; 1718 rn->fix_ridx = ridx; 1719 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1720 ieee80211_free_node(ni); 1721 } 1722 1723 #if 0 1724 if ((ifp->if_flags & IFF_UP) && 1725 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1726 run_init_locked(sc); 1727 } 1728 #endif 1729 1730 RUN_UNLOCK(sc); 1731 1732 return (0); 1733 } 1734 1735 static int 1736 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1737 { 1738 const struct ieee80211_txparam *tp; 1739 struct ieee80211com *ic = vap->iv_ic; 1740 struct run_softc *sc = ic->ic_ifp->if_softc; 1741 struct run_vap *rvp = RUN_VAP(vap); 1742 enum ieee80211_state ostate; 1743 uint32_t sta[3]; 1744 uint32_t tmp; 1745 uint8_t ratectl; 1746 uint8_t restart_ratectl = 0; 1747 uint8_t bid = 1 << rvp->rvp_id; 1748 1749 ostate = vap->iv_state; 1750 DPRINTF("%s -> %s\n", 1751 ieee80211_state_name[ostate], 1752 ieee80211_state_name[nstate]); 1753 1754 IEEE80211_UNLOCK(ic); 1755 RUN_LOCK(sc); 1756 1757 ratectl = sc->ratectl_run; /* remember current state */ 1758 sc->ratectl_run = RUN_RATECTL_OFF; 1759 usb_callout_stop(&sc->ratectl_ch); 1760 1761 if (ostate == IEEE80211_S_RUN) { 1762 /* turn link LED off */ 1763 run_set_leds(sc, RT2860_LED_RADIO); 1764 } 1765 1766 switch (nstate) { 1767 case IEEE80211_S_INIT: 1768 restart_ratectl = 1; 1769 1770 if (ostate != IEEE80211_S_RUN) 1771 break; 1772 1773 ratectl &= ~bid; 1774 sc->runbmap &= ~bid; 1775 1776 /* abort TSF synchronization if there is no vap running */ 1777 if (--sc->running == 0) { 1778 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1779 run_write(sc, RT2860_BCN_TIME_CFG, 1780 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1781 RT2860_TBTT_TIMER_EN)); 1782 } 1783 break; 1784 1785 1786 case IEEE80211_S_RUN: 1787 if (!(sc->runbmap & bid)) { 1788 if(sc->running++) 1789 restart_ratectl = 1; 1790 sc->runbmap |= bid; 1791 } 1792 1793 switch (vap->iv_opmode) { 1794 case IEEE80211_M_HOSTAP: 1795 case IEEE80211_M_MBSS: 1796 sc->ap_running |= bid; 1797 ic->ic_opmode = vap->iv_opmode; 1798 run_update_beacon_cb(vap); 1799 break; 1800 case IEEE80211_M_IBSS: 1801 sc->adhoc_running |= bid; 1802 if (!sc->ap_running) 1803 ic->ic_opmode = vap->iv_opmode; 1804 run_update_beacon_cb(vap); 1805 break; 1806 case IEEE80211_M_STA: 1807 sc->sta_running |= bid; 1808 if (!sc->ap_running && !sc->adhoc_running) 1809 ic->ic_opmode = vap->iv_opmode; 1810 1811 /* read statistic counters (clear on read) */ 1812 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1813 (uint8_t *)sta, sizeof sta); 1814 1815 break; 1816 default: 1817 ic->ic_opmode = vap->iv_opmode; 1818 break; 1819 } 1820 1821 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1822 struct ieee80211_node *ni; 1823 1824 run_updateslot(ic->ic_ifp); 1825 run_enable_mrr(sc); 1826 run_set_txpreamble(sc); 1827 run_set_basicrates(sc); 1828 ni = ieee80211_ref_node(vap->iv_bss); 1829 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1830 run_set_bssid(sc, ni->ni_bssid); 1831 ieee80211_free_node(ni); 1832 run_enable_tsf_sync(sc); 1833 1834 /* enable automatic rate adaptation */ 1835 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1836 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1837 ratectl |= bid; 1838 } 1839 1840 /* turn link LED on */ 1841 run_set_leds(sc, RT2860_LED_RADIO | 1842 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1843 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1844 1845 break; 1846 default: 1847 DPRINTFN(6, "undefined case\n"); 1848 break; 1849 } 1850 1851 /* restart amrr for running VAPs */ 1852 if ((sc->ratectl_run = ratectl) && restart_ratectl) 1853 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 1854 1855 RUN_UNLOCK(sc); 1856 IEEE80211_LOCK(ic); 1857 1858 return(rvp->newstate(vap, nstate, arg)); 1859 } 1860 1861 /* ARGSUSED */ 1862 static void 1863 run_wme_update_cb(void *arg) 1864 { 1865 struct ieee80211com *ic = arg; 1866 struct run_softc *sc = ic->ic_ifp->if_softc; 1867 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 1868 int aci, error = 0; 1869 1870 RUN_LOCK_ASSERT(sc, MA_OWNED); 1871 1872 /* update MAC TX configuration registers */ 1873 for (aci = 0; aci < WME_NUM_AC; aci++) { 1874 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 1875 wmesp->wme_params[aci].wmep_logcwmax << 16 | 1876 wmesp->wme_params[aci].wmep_logcwmin << 12 | 1877 wmesp->wme_params[aci].wmep_aifsn << 8 | 1878 wmesp->wme_params[aci].wmep_txopLimit); 1879 if (error) goto err; 1880 } 1881 1882 /* update SCH/DMA registers too */ 1883 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 1884 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 1885 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 1886 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 1887 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 1888 if (error) goto err; 1889 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 1890 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 1891 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 1892 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 1893 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 1894 if (error) goto err; 1895 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 1896 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 1897 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 1898 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 1899 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 1900 if (error) goto err; 1901 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 1902 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 1903 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 1904 if (error) goto err; 1905 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 1906 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 1907 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 1908 1909 err: 1910 if (error) 1911 DPRINTF("WME update failed\n"); 1912 1913 return; 1914 } 1915 1916 static int 1917 run_wme_update(struct ieee80211com *ic) 1918 { 1919 struct run_softc *sc = ic->ic_ifp->if_softc; 1920 1921 /* sometime called wothout lock */ 1922 if (mtx_owned(&ic->ic_comlock.mtx)) { 1923 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 1924 DPRINTF("cmdq_store=%d\n", i); 1925 sc->cmdq[i].func = run_wme_update_cb; 1926 sc->cmdq[i].arg0 = ic; 1927 ieee80211_runtask(ic, &sc->cmdq_task); 1928 return (0); 1929 } 1930 1931 RUN_LOCK(sc); 1932 run_wme_update_cb(ic); 1933 RUN_UNLOCK(sc); 1934 1935 /* return whatever, upper layer desn't care anyway */ 1936 return (0); 1937 } 1938 1939 static void 1940 run_key_update_begin(struct ieee80211vap *vap) 1941 { 1942 /* 1943 * To avoid out-of-order events, both run_key_set() and 1944 * _delete() are deferred and handled by run_cmdq_cb(). 1945 * So, there is nothing we need to do here. 1946 */ 1947 } 1948 1949 static void 1950 run_key_update_end(struct ieee80211vap *vap) 1951 { 1952 /* null */ 1953 } 1954 1955 static void 1956 run_key_set_cb(void *arg) 1957 { 1958 struct run_cmdq *cmdq = arg; 1959 struct ieee80211vap *vap = cmdq->arg1; 1960 struct ieee80211_key *k = cmdq->k; 1961 struct ieee80211com *ic = vap->iv_ic; 1962 struct run_softc *sc = ic->ic_ifp->if_softc; 1963 struct ieee80211_node *ni; 1964 uint32_t attr; 1965 uint16_t base, associd; 1966 uint8_t mode, wcid, iv[8]; 1967 1968 RUN_LOCK_ASSERT(sc, MA_OWNED); 1969 1970 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 1971 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 1972 else 1973 ni = vap->iv_bss; 1974 associd = (ni != NULL) ? ni->ni_associd : 0; 1975 1976 /* map net80211 cipher to RT2860 security mode */ 1977 switch (k->wk_cipher->ic_cipher) { 1978 case IEEE80211_CIPHER_WEP: 1979 if(k->wk_keylen < 8) 1980 mode = RT2860_MODE_WEP40; 1981 else 1982 mode = RT2860_MODE_WEP104; 1983 break; 1984 case IEEE80211_CIPHER_TKIP: 1985 mode = RT2860_MODE_TKIP; 1986 break; 1987 case IEEE80211_CIPHER_AES_CCM: 1988 mode = RT2860_MODE_AES_CCMP; 1989 break; 1990 default: 1991 DPRINTF("undefined case\n"); 1992 return; 1993 } 1994 1995 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 1996 associd, k->wk_keyix, mode, 1997 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 1998 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 1999 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2000 2001 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2002 wcid = 0; /* NB: update WCID0 for group keys */ 2003 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2004 } else { 2005 wcid = RUN_AID2WCID(associd); 2006 base = RT2860_PKEY(wcid); 2007 } 2008 2009 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2010 if(run_write_region_1(sc, base, k->wk_key, 16)) 2011 return; 2012 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2013 return; 2014 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2015 return; 2016 } else { 2017 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2018 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2019 return; 2020 } 2021 2022 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2023 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2024 /* set initial packet number in IV+EIV */ 2025 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2026 memset(iv, 0, sizeof iv); 2027 iv[3] = vap->iv_def_txkey << 6; 2028 } else { 2029 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2030 iv[0] = k->wk_keytsc >> 8; 2031 iv[1] = (iv[0] | 0x20) & 0x7f; 2032 iv[2] = k->wk_keytsc; 2033 } else /* CCMP */ { 2034 iv[0] = k->wk_keytsc; 2035 iv[1] = k->wk_keytsc >> 8; 2036 iv[2] = 0; 2037 } 2038 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2039 iv[4] = k->wk_keytsc >> 16; 2040 iv[5] = k->wk_keytsc >> 24; 2041 iv[6] = k->wk_keytsc >> 32; 2042 iv[7] = k->wk_keytsc >> 40; 2043 } 2044 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2045 return; 2046 } 2047 2048 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2049 /* install group key */ 2050 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2051 return; 2052 attr &= ~(0xf << (k->wk_keyix * 4)); 2053 attr |= mode << (k->wk_keyix * 4); 2054 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2055 return; 2056 } else { 2057 /* install pairwise key */ 2058 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2059 return; 2060 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2061 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2062 return; 2063 } 2064 2065 /* TODO create a pass-thru key entry? */ 2066 2067 /* need wcid to delete the right key later */ 2068 k->wk_pad = wcid; 2069 } 2070 2071 /* 2072 * Don't have to be deferred, but in order to keep order of 2073 * execution, i.e. with run_key_delete(), defer this and let 2074 * run_cmdq_cb() maintain the order. 2075 * 2076 * return 0 on error 2077 */ 2078 static int 2079 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2080 const uint8_t mac[IEEE80211_ADDR_LEN]) 2081 { 2082 struct ieee80211com *ic = vap->iv_ic; 2083 struct run_softc *sc = ic->ic_ifp->if_softc; 2084 uint32_t i; 2085 2086 i = RUN_CMDQ_GET(&sc->cmdq_store); 2087 DPRINTF("cmdq_store=%d\n", i); 2088 sc->cmdq[i].func = run_key_set_cb; 2089 sc->cmdq[i].arg0 = NULL; 2090 sc->cmdq[i].arg1 = vap; 2091 sc->cmdq[i].k = k; 2092 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2093 ieee80211_runtask(ic, &sc->cmdq_task); 2094 2095 /* 2096 * To make sure key will be set when hostapd 2097 * calls iv_key_set() before if_init(). 2098 */ 2099 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2100 RUN_LOCK(sc); 2101 sc->cmdq_key_set = RUN_CMDQ_GO; 2102 RUN_UNLOCK(sc); 2103 } 2104 2105 return (1); 2106 } 2107 2108 /* 2109 * If wlan is destroyed without being brought down i.e. without 2110 * wlan down or wpa_cli terminate, this function is called after 2111 * vap is gone. Don't refer it. 2112 */ 2113 static void 2114 run_key_delete_cb(void *arg) 2115 { 2116 struct run_cmdq *cmdq = arg; 2117 struct run_softc *sc = cmdq->arg1; 2118 struct ieee80211_key *k = &cmdq->key; 2119 uint32_t attr; 2120 uint8_t wcid; 2121 2122 RUN_LOCK_ASSERT(sc, MA_OWNED); 2123 2124 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2125 /* remove group key */ 2126 DPRINTF("removing group key\n"); 2127 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2128 attr &= ~(0xf << (k->wk_keyix * 4)); 2129 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2130 } else { 2131 /* remove pairwise key */ 2132 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2133 /* matching wcid was written to wk_pad in run_key_set() */ 2134 wcid = k->wk_pad; 2135 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2136 attr &= ~0xf; 2137 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2138 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2139 } 2140 2141 k->wk_pad = 0; 2142 } 2143 2144 /* 2145 * return 0 on error 2146 */ 2147 static int 2148 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2149 { 2150 struct ieee80211com *ic = vap->iv_ic; 2151 struct run_softc *sc = ic->ic_ifp->if_softc; 2152 struct ieee80211_key *k0; 2153 uint32_t i; 2154 2155 /* 2156 * When called back, key might be gone. So, make a copy 2157 * of some values need to delete keys before deferring. 2158 * But, because of LOR with node lock, cannot use lock here. 2159 * So, use atomic instead. 2160 */ 2161 i = RUN_CMDQ_GET(&sc->cmdq_store); 2162 DPRINTF("cmdq_store=%d\n", i); 2163 sc->cmdq[i].func = run_key_delete_cb; 2164 sc->cmdq[i].arg0 = NULL; 2165 sc->cmdq[i].arg1 = sc; 2166 k0 = &sc->cmdq[i].key; 2167 k0->wk_flags = k->wk_flags; 2168 k0->wk_keyix = k->wk_keyix; 2169 /* matching wcid was written to wk_pad in run_key_set() */ 2170 k0->wk_pad = k->wk_pad; 2171 ieee80211_runtask(ic, &sc->cmdq_task); 2172 return (1); /* return fake success */ 2173 2174 } 2175 2176 static void 2177 run_ratectl_to(void *arg) 2178 { 2179 struct run_softc *sc = arg; 2180 2181 /* do it in a process context, so it can go sleep */ 2182 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2183 /* next timeout will be rescheduled in the callback task */ 2184 } 2185 2186 /* ARGSUSED */ 2187 static void 2188 run_ratectl_cb(void *arg, int pending) 2189 { 2190 struct run_softc *sc = arg; 2191 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2192 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2193 2194 if (vap == NULL) 2195 return; 2196 2197 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2198 run_iter_func(sc, vap->iv_bss); 2199 else { 2200 /* 2201 * run_reset_livelock() doesn't do anything with AMRR, 2202 * but Ralink wants us to call it every 1 sec. So, we 2203 * piggyback here rather than creating another callout. 2204 * Livelock may occur only in HOSTAP or IBSS mode 2205 * (when h/w is sending beacons). 2206 */ 2207 RUN_LOCK(sc); 2208 run_reset_livelock(sc); 2209 /* just in case, there are some stats to drain */ 2210 run_drain_fifo(sc); 2211 RUN_UNLOCK(sc); 2212 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2213 } 2214 2215 if(sc->ratectl_run != RUN_RATECTL_OFF) 2216 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2217 } 2218 2219 static void 2220 run_drain_fifo(void *arg) 2221 { 2222 struct run_softc *sc = arg; 2223 struct ifnet *ifp = sc->sc_ifp; 2224 struct ieee80211_node *ni = sc->sc_ni[0]; /* make compiler happy */ 2225 uint32_t stat; 2226 int retrycnt = 0; 2227 uint8_t wcid, mcs, pid; 2228 2229 RUN_LOCK_ASSERT(sc, MA_OWNED); 2230 2231 for (;;) { 2232 /* drain Tx status FIFO (maxsize = 16) */ 2233 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2234 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2235 if (!(stat & RT2860_TXQ_VLD)) 2236 break; 2237 2238 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2239 2240 /* if no ACK was requested, no feedback is available */ 2241 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2242 wcid == 0) 2243 continue; 2244 2245 ni = sc->sc_ni[wcid]; 2246 if (ni->ni_rctls == NULL) 2247 continue; 2248 2249 /* update per-STA AMRR stats */ 2250 if (stat & RT2860_TXQ_OK) { 2251 /* 2252 * Check if there were retries, ie if the Tx 2253 * success rate is different from the requested 2254 * rate. Note that it works only because we do 2255 * not allow rate fallback from OFDM to CCK. 2256 */ 2257 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2258 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2259 if (mcs + 1 != pid) 2260 retrycnt = 1; 2261 ieee80211_ratectl_tx_complete(ni->ni_vap, ni, 2262 IEEE80211_RATECTL_TX_SUCCESS, 2263 &retrycnt, NULL); 2264 } else { 2265 retrycnt = 1; 2266 ieee80211_ratectl_tx_complete(ni->ni_vap, ni, 2267 IEEE80211_RATECTL_TX_FAILURE, 2268 &retrycnt, NULL); 2269 ifp->if_oerrors++; 2270 } 2271 } 2272 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2273 2274 sc->fifo_cnt = 0; 2275 } 2276 2277 static void 2278 run_iter_func(void *arg, struct ieee80211_node *ni) 2279 { 2280 struct run_softc *sc = arg; 2281 struct ieee80211vap *vap = ni->ni_vap; 2282 struct ieee80211com *ic = ni->ni_ic; 2283 struct ifnet *ifp = ic->ic_ifp; 2284 struct run_node *rn = (void *)ni; 2285 uint32_t sta[3]; 2286 int txcnt = 0, success = 0, retrycnt = 0; 2287 int error; 2288 2289 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2290 vap->iv_opmode == IEEE80211_M_STA)) { 2291 RUN_LOCK(sc); 2292 2293 /* read statistic counters (clear on read) and update AMRR state */ 2294 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2295 sizeof sta); 2296 if (error != 0) 2297 return; 2298 2299 DPRINTFN(3, "retrycnt=%d txcnt=%d failcnt=%d\n", 2300 le32toh(sta[1]) >> 16, le32toh(sta[1]) & 0xffff, 2301 le32toh(sta[0]) & 0xffff); 2302 2303 /* count failed TX as errors */ 2304 ifp->if_oerrors += le32toh(sta[0]) & 0xffff; 2305 2306 retrycnt = 2307 (le32toh(sta[0]) & 0xffff) + /* failed TX count */ 2308 (le32toh(sta[1]) >> 16); /* TX retransmission count */ 2309 2310 txcnt = 2311 retrycnt + 2312 (le32toh(sta[1]) & 0xffff); /* successful TX count */ 2313 2314 success = 2315 (le32toh(sta[1]) >> 16) + 2316 (le32toh(sta[1]) & 0xffff); 2317 2318 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, 2319 &retrycnt); 2320 2321 RUN_UNLOCK(sc); 2322 } 2323 2324 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2325 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2326 } 2327 2328 static void 2329 run_newassoc_cb(void *arg) 2330 { 2331 struct run_cmdq *cmdq = arg; 2332 struct ieee80211_node *ni = cmdq->arg1; 2333 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2334 uint8_t wcid = cmdq->wcid; 2335 2336 RUN_LOCK_ASSERT(sc, MA_OWNED); 2337 2338 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2339 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2340 } 2341 2342 static void 2343 run_newassoc(struct ieee80211_node *ni, int isnew) 2344 { 2345 struct run_node *rn = (void *)ni; 2346 struct ieee80211_rateset *rs = &ni->ni_rates; 2347 struct ieee80211vap *vap = ni->ni_vap; 2348 struct ieee80211com *ic = vap->iv_ic; 2349 struct run_softc *sc = ic->ic_ifp->if_softc; 2350 uint8_t rate; 2351 uint8_t ridx; 2352 uint8_t wcid = RUN_AID2WCID(ni->ni_associd); 2353 int i, j; 2354 2355 if (wcid > RT2870_WCID_MAX) { 2356 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2357 return; 2358 } 2359 2360 /* only interested in true associations */ 2361 if (isnew && ni->ni_associd != 0) { 2362 2363 /* 2364 * This function could is called though timeout function. 2365 * Need to defer. 2366 */ 2367 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2368 DPRINTF("cmdq_store=%d\n", cnt); 2369 sc->cmdq[cnt].func = run_newassoc_cb; 2370 sc->cmdq[cnt].arg0 = NULL; 2371 sc->cmdq[cnt].arg1 = ni; 2372 sc->cmdq[cnt].wcid = wcid; 2373 ieee80211_runtask(ic, &sc->cmdq_task); 2374 } 2375 2376 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2377 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2378 2379 ieee80211_ratectl_node_init(ni); 2380 sc->sc_ni[wcid] = ni; 2381 2382 for (i = 0; i < rs->rs_nrates; i++) { 2383 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2384 /* convert 802.11 rate to hardware rate index */ 2385 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2386 if (rt2860_rates[ridx].rate == rate) 2387 break; 2388 rn->ridx[i] = ridx; 2389 /* determine rate of control response frames */ 2390 for (j = i; j >= 0; j--) { 2391 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2392 rt2860_rates[rn->ridx[i]].phy == 2393 rt2860_rates[rn->ridx[j]].phy) 2394 break; 2395 } 2396 if (j >= 0) { 2397 rn->ctl_ridx[i] = rn->ridx[j]; 2398 } else { 2399 /* no basic rate found, use mandatory one */ 2400 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2401 } 2402 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2403 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2404 } 2405 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2406 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2407 if (rt2860_rates[ridx].rate == rate) 2408 break; 2409 rn->mgt_ridx = ridx; 2410 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2411 2412 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2413 } 2414 2415 /* 2416 * Return the Rx chain with the highest RSSI for a given frame. 2417 */ 2418 static __inline uint8_t 2419 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2420 { 2421 uint8_t rxchain = 0; 2422 2423 if (sc->nrxchains > 1) { 2424 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2425 rxchain = 1; 2426 if (sc->nrxchains > 2) 2427 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2428 rxchain = 2; 2429 } 2430 return (rxchain); 2431 } 2432 2433 static void 2434 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2435 { 2436 struct ifnet *ifp = sc->sc_ifp; 2437 struct ieee80211com *ic = ifp->if_l2com; 2438 struct ieee80211_frame *wh; 2439 struct ieee80211_node *ni; 2440 struct rt2870_rxd *rxd; 2441 struct rt2860_rxwi *rxwi; 2442 uint32_t flags; 2443 uint16_t len, phy; 2444 uint8_t ant, rssi; 2445 int8_t nf; 2446 2447 rxwi = mtod(m, struct rt2860_rxwi *); 2448 len = le16toh(rxwi->len) & 0xfff; 2449 if (__predict_false(len > dmalen)) { 2450 m_freem(m); 2451 ifp->if_ierrors++; 2452 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2453 return; 2454 } 2455 /* Rx descriptor is located at the end */ 2456 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2457 flags = le32toh(rxd->flags); 2458 2459 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2460 m_freem(m); 2461 ifp->if_ierrors++; 2462 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2463 return; 2464 } 2465 2466 m->m_data += sizeof(struct rt2860_rxwi); 2467 m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi); 2468 2469 wh = mtod(m, struct ieee80211_frame *); 2470 2471 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2472 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2473 m->m_flags |= M_WEP; 2474 } 2475 2476 if (flags & RT2860_RX_L2PAD) { 2477 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2478 len += 2; 2479 } 2480 2481 ni = ieee80211_find_rxnode(ic, 2482 mtod(m, struct ieee80211_frame_min *)); 2483 2484 if (__predict_false(flags & RT2860_RX_MICERR)) { 2485 /* report MIC failures to net80211 for TKIP */ 2486 if (ni != NULL) 2487 ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx); 2488 m_freem(m); 2489 ifp->if_ierrors++; 2490 DPRINTF("MIC error. Someone is lying.\n"); 2491 return; 2492 } 2493 2494 ant = run_maxrssi_chain(sc, rxwi); 2495 rssi = rxwi->rssi[ant]; 2496 nf = run_rssi2dbm(sc, rssi, ant); 2497 2498 m->m_pkthdr.rcvif = ifp; 2499 m->m_pkthdr.len = m->m_len = len; 2500 2501 if (ni != NULL) { 2502 (void)ieee80211_input(ni, m, rssi, nf); 2503 ieee80211_free_node(ni); 2504 } else { 2505 (void)ieee80211_input_all(ic, m, rssi, nf); 2506 } 2507 2508 if (__predict_false(ieee80211_radiotap_active(ic))) { 2509 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2510 2511 tap->wr_flags = 0; 2512 tap->wr_chan_freq = htole16(ic->ic_bsschan->ic_freq); 2513 tap->wr_chan_flags = htole16(ic->ic_bsschan->ic_flags); 2514 tap->wr_antsignal = rssi; 2515 tap->wr_antenna = ant; 2516 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2517 tap->wr_rate = 2; /* in case it can't be found below */ 2518 phy = le16toh(rxwi->phy); 2519 switch (phy & RT2860_PHY_MODE) { 2520 case RT2860_PHY_CCK: 2521 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2522 case 0: tap->wr_rate = 2; break; 2523 case 1: tap->wr_rate = 4; break; 2524 case 2: tap->wr_rate = 11; break; 2525 case 3: tap->wr_rate = 22; break; 2526 } 2527 if (phy & RT2860_PHY_SHPRE) 2528 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2529 break; 2530 case RT2860_PHY_OFDM: 2531 switch (phy & RT2860_PHY_MCS) { 2532 case 0: tap->wr_rate = 12; break; 2533 case 1: tap->wr_rate = 18; break; 2534 case 2: tap->wr_rate = 24; break; 2535 case 3: tap->wr_rate = 36; break; 2536 case 4: tap->wr_rate = 48; break; 2537 case 5: tap->wr_rate = 72; break; 2538 case 6: tap->wr_rate = 96; break; 2539 case 7: tap->wr_rate = 108; break; 2540 } 2541 break; 2542 } 2543 } 2544 } 2545 2546 static void 2547 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2548 { 2549 struct run_softc *sc = usbd_xfer_softc(xfer); 2550 struct ifnet *ifp = sc->sc_ifp; 2551 struct mbuf *m = NULL; 2552 struct mbuf *m0; 2553 uint32_t dmalen; 2554 int xferlen; 2555 2556 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2557 2558 switch (USB_GET_STATE(xfer)) { 2559 case USB_ST_TRANSFERRED: 2560 2561 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2562 2563 if (xferlen < sizeof (uint32_t) + 2564 sizeof (struct rt2860_rxwi) + sizeof (struct rt2870_rxd)) { 2565 DPRINTF("xfer too short %d\n", xferlen); 2566 goto tr_setup; 2567 } 2568 2569 m = sc->rx_m; 2570 sc->rx_m = NULL; 2571 2572 /* FALLTHROUGH */ 2573 case USB_ST_SETUP: 2574 tr_setup: 2575 if (sc->rx_m == NULL) { 2576 sc->rx_m = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, 2577 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2578 } 2579 if (sc->rx_m == NULL) { 2580 DPRINTF("could not allocate mbuf - idle with stall\n"); 2581 ifp->if_ierrors++; 2582 usbd_xfer_set_stall(xfer); 2583 usbd_xfer_set_frames(xfer, 0); 2584 } else { 2585 /* 2586 * Directly loading a mbuf cluster into DMA to 2587 * save some data copying. This works because 2588 * there is only one cluster. 2589 */ 2590 usbd_xfer_set_frame_data(xfer, 0, 2591 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2592 usbd_xfer_set_frames(xfer, 1); 2593 } 2594 usbd_transfer_submit(xfer); 2595 break; 2596 2597 default: /* Error */ 2598 if (error != USB_ERR_CANCELLED) { 2599 /* try to clear stall first */ 2600 usbd_xfer_set_stall(xfer); 2601 2602 if (error == USB_ERR_TIMEOUT) 2603 device_printf(sc->sc_dev, "device timeout\n"); 2604 2605 ifp->if_ierrors++; 2606 2607 goto tr_setup; 2608 } 2609 if (sc->rx_m != NULL) { 2610 m_freem(sc->rx_m); 2611 sc->rx_m = NULL; 2612 } 2613 break; 2614 } 2615 2616 if (m == NULL) 2617 return; 2618 2619 /* inputting all the frames must be last */ 2620 2621 RUN_UNLOCK(sc); 2622 2623 m->m_pkthdr.len = m->m_len = xferlen; 2624 2625 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2626 for(;;) { 2627 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2628 2629 if ((dmalen == 0) || ((dmalen & 3) != 0)) { 2630 DPRINTF("bad DMA length %u\n", dmalen); 2631 break; 2632 } 2633 if ((dmalen + 8) > xferlen) { 2634 DPRINTF("bad DMA length %u > %d\n", 2635 dmalen + 8, xferlen); 2636 break; 2637 } 2638 2639 /* If it is the last one or a single frame, we won't copy. */ 2640 if ((xferlen -= dmalen + 8) <= 8) { 2641 /* trim 32-bit DMA-len header */ 2642 m->m_data += 4; 2643 m->m_pkthdr.len = m->m_len -= 4; 2644 run_rx_frame(sc, m, dmalen); 2645 break; 2646 } 2647 2648 /* copy aggregated frames to another mbuf */ 2649 m0 = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 2650 if (__predict_false(m0 == NULL)) { 2651 DPRINTF("could not allocate mbuf\n"); 2652 ifp->if_ierrors++; 2653 break; 2654 } 2655 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2656 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2657 m0->m_pkthdr.len = m0->m_len = 2658 dmalen + sizeof(struct rt2870_rxd); 2659 run_rx_frame(sc, m0, dmalen); 2660 2661 /* update data ptr */ 2662 m->m_data += dmalen + 8; 2663 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2664 } 2665 2666 RUN_LOCK(sc); 2667 } 2668 2669 static void 2670 run_tx_free(struct run_endpoint_queue *pq, 2671 struct run_tx_data *data, int txerr) 2672 { 2673 if (data->m != NULL) { 2674 if (data->m->m_flags & M_TXCB) 2675 ieee80211_process_callback(data->ni, data->m, 2676 txerr ? ETIMEDOUT : 0); 2677 m_freem(data->m); 2678 data->m = NULL; 2679 2680 if (data->ni == NULL) { 2681 DPRINTF("no node\n"); 2682 } else { 2683 ieee80211_free_node(data->ni); 2684 data->ni = NULL; 2685 } 2686 } 2687 2688 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2689 pq->tx_nfree++; 2690 } 2691 2692 static void 2693 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, unsigned int index) 2694 { 2695 struct run_softc *sc = usbd_xfer_softc(xfer); 2696 struct ifnet *ifp = sc->sc_ifp; 2697 struct ieee80211com *ic = ifp->if_l2com; 2698 struct run_tx_data *data; 2699 struct ieee80211vap *vap = NULL; 2700 struct usb_page_cache *pc; 2701 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2702 struct mbuf *m; 2703 usb_frlength_t size; 2704 unsigned int len; 2705 int actlen; 2706 int sumlen; 2707 2708 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2709 2710 switch (USB_GET_STATE(xfer)) { 2711 case USB_ST_TRANSFERRED: 2712 DPRINTFN(11, "transfer complete: %d " 2713 "bytes @ index %d\n", actlen, index); 2714 2715 data = usbd_xfer_get_priv(xfer); 2716 2717 run_tx_free(pq, data, 0); 2718 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2719 2720 usbd_xfer_set_priv(xfer, NULL); 2721 2722 ifp->if_opackets++; 2723 2724 /* FALLTHROUGH */ 2725 case USB_ST_SETUP: 2726 tr_setup: 2727 data = STAILQ_FIRST(&pq->tx_qh); 2728 if (data == NULL) 2729 break; 2730 2731 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2732 2733 m = data->m; 2734 if (m->m_pkthdr.len > RUN_MAX_TXSZ) { 2735 DPRINTF("data overflow, %u bytes\n", 2736 m->m_pkthdr.len); 2737 2738 ifp->if_oerrors++; 2739 2740 run_tx_free(pq, data, 1); 2741 2742 goto tr_setup; 2743 } 2744 2745 pc = usbd_xfer_get_frame(xfer, 0); 2746 size = sizeof(data->desc); 2747 usbd_copy_in(pc, 0, &data->desc, size); 2748 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2749 2750 vap = data->ni->ni_vap; 2751 if (ieee80211_radiotap_active_vap(vap)) { 2752 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2753 struct rt2860_txwi *txwi = 2754 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2755 2756 tap->wt_flags = 0; 2757 tap->wt_rate = rt2860_rates[data->ridx].rate; 2758 tap->wt_chan_freq = htole16(vap->iv_bss->ni_chan->ic_freq); 2759 tap->wt_chan_flags = htole16(vap->iv_bss->ni_chan->ic_flags); 2760 tap->wt_hwqueue = index; 2761 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2762 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2763 2764 ieee80211_radiotap_tx(vap, m); 2765 } 2766 2767 /* align end on a 4-bytes boundary */ 2768 len = (size + IEEE80211_CRC_LEN + m->m_pkthdr.len + 3) & ~3; 2769 2770 DPRINTFN(11, "sending frame len=%u xferlen=%u @ index %d\n", 2771 m->m_pkthdr.len, len, index); 2772 2773 usbd_xfer_set_frame_len(xfer, 0, len); 2774 usbd_xfer_set_priv(xfer, data); 2775 2776 usbd_transfer_submit(xfer); 2777 2778 RUN_UNLOCK(sc); 2779 run_start(ifp); 2780 RUN_LOCK(sc); 2781 2782 break; 2783 2784 default: 2785 DPRINTF("USB transfer error, %s\n", 2786 usbd_errstr(error)); 2787 2788 data = usbd_xfer_get_priv(xfer); 2789 2790 ifp->if_oerrors++; 2791 2792 if (data != NULL) { 2793 if(data->ni != NULL) 2794 vap = data->ni->ni_vap; 2795 run_tx_free(pq, data, error); 2796 usbd_xfer_set_priv(xfer, NULL); 2797 } 2798 if (vap == NULL) 2799 vap = TAILQ_FIRST(&ic->ic_vaps); 2800 2801 if (error != USB_ERR_CANCELLED) { 2802 if (error == USB_ERR_TIMEOUT) { 2803 device_printf(sc->sc_dev, "device timeout\n"); 2804 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2805 DPRINTF("cmdq_store=%d\n", i); 2806 sc->cmdq[i].func = run_usb_timeout_cb; 2807 sc->cmdq[i].arg0 = vap; 2808 ieee80211_runtask(ic, &sc->cmdq_task); 2809 } 2810 2811 /* 2812 * Try to clear stall first, also if other 2813 * errors occur, hence clearing stall 2814 * introduces a 50 ms delay: 2815 */ 2816 usbd_xfer_set_stall(xfer); 2817 goto tr_setup; 2818 } 2819 break; 2820 } 2821 } 2822 2823 static void 2824 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 2825 { 2826 run_bulk_tx_callbackN(xfer, error, 0); 2827 } 2828 2829 static void 2830 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 2831 { 2832 run_bulk_tx_callbackN(xfer, error, 1); 2833 } 2834 2835 static void 2836 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 2837 { 2838 run_bulk_tx_callbackN(xfer, error, 2); 2839 } 2840 2841 static void 2842 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 2843 { 2844 run_bulk_tx_callbackN(xfer, error, 3); 2845 } 2846 2847 static void 2848 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 2849 { 2850 run_bulk_tx_callbackN(xfer, error, 4); 2851 } 2852 2853 static void 2854 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 2855 { 2856 run_bulk_tx_callbackN(xfer, error, 5); 2857 } 2858 2859 static void 2860 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 2861 { 2862 struct mbuf *m = data->m; 2863 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2864 struct ieee80211vap *vap = data->ni->ni_vap; 2865 struct ieee80211_frame *wh; 2866 struct rt2870_txd *txd; 2867 struct rt2860_txwi *txwi; 2868 uint16_t xferlen; 2869 uint16_t mcs; 2870 uint8_t ridx = data->ridx; 2871 uint8_t pad; 2872 2873 /* get MCS code from rate index */ 2874 mcs = rt2860_rates[ridx].mcs; 2875 2876 xferlen = sizeof(*txwi) + m->m_pkthdr.len; 2877 2878 /* roundup to 32-bit alignment */ 2879 xferlen = (xferlen + 3) & ~3; 2880 2881 txd = (struct rt2870_txd *)&data->desc; 2882 txd->len = htole16(xferlen); 2883 2884 wh = mtod(m, struct ieee80211_frame *); 2885 2886 /* 2887 * Ether both are true or both are false, the header 2888 * are nicely aligned to 32-bit. So, no L2 padding. 2889 */ 2890 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 2891 pad = 0; 2892 else 2893 pad = 2; 2894 2895 /* setup TX Wireless Information */ 2896 txwi = (struct rt2860_txwi *)(txd + 1); 2897 txwi->len = htole16(m->m_pkthdr.len - pad); 2898 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2899 txwi->phy = htole16(RT2860_PHY_CCK); 2900 if (ridx != RT2860_RIDX_CCK1 && 2901 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2902 mcs |= RT2860_PHY_SHPRE; 2903 } else 2904 txwi->phy = htole16(RT2860_PHY_OFDM); 2905 txwi->phy |= htole16(mcs); 2906 2907 /* check if RTS/CTS or CTS-to-self protection is required */ 2908 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2909 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 2910 ((ic->ic_flags & IEEE80211_F_USEPROT) && 2911 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 2912 txwi->txop |= RT2860_TX_TXOP_HT; 2913 else 2914 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 2915 2916 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 2917 txwi->xflags |= RT2860_TX_NSEQ; 2918 } 2919 2920 /* This function must be called locked */ 2921 static int 2922 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2923 { 2924 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2925 struct ieee80211vap *vap = ni->ni_vap; 2926 struct ieee80211_frame *wh; 2927 struct ieee80211_channel *chan; 2928 const struct ieee80211_txparam *tp; 2929 struct run_node *rn = (void *)ni; 2930 struct run_tx_data *data; 2931 struct rt2870_txd *txd; 2932 struct rt2860_txwi *txwi; 2933 uint16_t qos; 2934 uint16_t dur; 2935 uint16_t qid; 2936 uint8_t type; 2937 uint8_t tid; 2938 uint8_t ridx; 2939 uint8_t ctl_ridx; 2940 uint8_t qflags; 2941 uint8_t xflags = 0; 2942 int hasqos; 2943 2944 RUN_LOCK_ASSERT(sc, MA_OWNED); 2945 2946 wh = mtod(m, struct ieee80211_frame *); 2947 2948 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2949 2950 /* 2951 * There are 7 bulk endpoints: 1 for RX 2952 * and 6 for TX (4 EDCAs + HCCA + Prio). 2953 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 2954 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 2955 */ 2956 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 2957 uint8_t *frm; 2958 2959 if(IEEE80211_HAS_ADDR4(wh)) 2960 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 2961 else 2962 frm =((struct ieee80211_qosframe *)wh)->i_qos; 2963 2964 qos = le16toh(*(const uint16_t *)frm); 2965 tid = qos & IEEE80211_QOS_TID; 2966 qid = TID_TO_WME_AC(tid); 2967 } else { 2968 qos = 0; 2969 tid = 0; 2970 qid = WME_AC_BE; 2971 } 2972 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 2973 2974 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 2975 qos, qid, tid, qflags); 2976 2977 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 2978 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2979 2980 /* pickup a rate index */ 2981 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2982 type != IEEE80211_FC0_TYPE_DATA) { 2983 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 2984 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 2985 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2986 } else { 2987 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 2988 ridx = rn->fix_ridx; 2989 else 2990 ridx = rn->amrr_ridx; 2991 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 2992 } 2993 2994 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2995 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 2996 IEEE80211_QOS_ACKPOLICY_NOACK)) { 2997 xflags |= RT2860_TX_ACK; 2998 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2999 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3000 else 3001 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3002 *(uint16_t *)wh->i_dur = htole16(dur); 3003 } 3004 3005 /* reserve slots for mgmt packets, just in case */ 3006 if (sc->sc_epq[qid].tx_nfree < 3) { 3007 DPRINTFN(10, "tx ring %d is full\n", qid); 3008 return (-1); 3009 } 3010 3011 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3012 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3013 sc->sc_epq[qid].tx_nfree--; 3014 3015 txd = (struct rt2870_txd *)&data->desc; 3016 txd->flags = qflags; 3017 txwi = (struct rt2860_txwi *)(txd + 1); 3018 txwi->xflags = xflags; 3019 txwi->wcid = IEEE80211_IS_MULTICAST(wh->i_addr1) ? 3020 0 : RUN_AID2WCID(ni->ni_associd); 3021 /* clear leftover garbage bits */ 3022 txwi->flags = 0; 3023 txwi->txop = 0; 3024 3025 data->m = m; 3026 data->ni = ni; 3027 data->ridx = ridx; 3028 3029 run_set_tx_desc(sc, data); 3030 3031 /* 3032 * The chip keeps track of 2 kind of Tx stats, 3033 * * TX_STAT_FIFO, for per WCID stats, and 3034 * * TX_STA_CNT0 for all-TX-in-one stats. 3035 * 3036 * To use FIFO stats, we need to store MCS into the driver-private 3037 * PacketID field. So that, we can tell whose stats when we read them. 3038 * We add 1 to the MCS because setting the PacketID field to 0 means 3039 * that we don't want feedback in TX_STAT_FIFO. 3040 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3041 * 3042 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3043 */ 3044 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3045 vap->iv_opmode == IEEE80211_M_MBSS) { 3046 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3047 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3048 3049 /* 3050 * Unlike PCI based devices, we don't get any interrupt from 3051 * USB devices, so we simulate FIFO-is-full interrupt here. 3052 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3053 * quickly get fulled. To prevent overflow, increment a counter on 3054 * every FIFO stat request, so we know how many slots are left. 3055 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3056 * are used only in those modes. 3057 * We just drain stats. AMRR gets updated every 1 sec by 3058 * run_ratectl_cb() via callout. 3059 * Call it early. Otherwise overflow. 3060 */ 3061 if (sc->fifo_cnt++ == 10) { 3062 /* 3063 * With multiple vaps or if_bridge, if_start() is called 3064 * with a non-sleepable lock, tcpinp. So, need to defer. 3065 */ 3066 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3067 DPRINTFN(6, "cmdq_store=%d\n", i); 3068 sc->cmdq[i].func = run_drain_fifo; 3069 sc->cmdq[i].arg0 = sc; 3070 ieee80211_runtask(ic, &sc->cmdq_task); 3071 } 3072 } 3073 3074 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3075 3076 usbd_transfer_start(sc->sc_xfer[qid]); 3077 3078 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len + 3079 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3080 rt2860_rates[ridx].rate, qid); 3081 3082 return (0); 3083 } 3084 3085 static int 3086 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3087 { 3088 struct ifnet *ifp = sc->sc_ifp; 3089 struct ieee80211com *ic = ifp->if_l2com; 3090 struct run_node *rn = (void *)ni; 3091 struct run_tx_data *data; 3092 struct ieee80211_frame *wh; 3093 struct rt2870_txd *txd; 3094 struct rt2860_txwi *txwi; 3095 uint16_t dur; 3096 uint8_t ridx = rn->mgt_ridx; 3097 uint8_t type; 3098 uint8_t xflags = 0; 3099 uint8_t wflags = 0; 3100 3101 RUN_LOCK_ASSERT(sc, MA_OWNED); 3102 3103 wh = mtod(m, struct ieee80211_frame *); 3104 3105 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3106 3107 /* tell hardware to add timestamp for probe responses */ 3108 if ((wh->i_fc[0] & 3109 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3110 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3111 wflags |= RT2860_TX_TS; 3112 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3113 xflags |= RT2860_TX_ACK; 3114 3115 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3116 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3117 *(uint16_t *)wh->i_dur = htole16(dur); 3118 } 3119 3120 if (sc->sc_epq[0].tx_nfree == 0) { 3121 /* let caller free mbuf */ 3122 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3123 return (EIO); 3124 } 3125 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3126 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3127 sc->sc_epq[0].tx_nfree--; 3128 3129 txd = (struct rt2870_txd *)&data->desc; 3130 txd->flags = RT2860_TX_QSEL_EDCA; 3131 txwi = (struct rt2860_txwi *)(txd + 1); 3132 txwi->wcid = 0xff; 3133 txwi->flags = wflags; 3134 txwi->xflags = xflags; 3135 txwi->txop = 0; /* clear leftover garbage bits */ 3136 3137 data->m = m; 3138 data->ni = ni; 3139 data->ridx = ridx; 3140 3141 run_set_tx_desc(sc, data); 3142 3143 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3144 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3145 rt2860_rates[ridx].rate); 3146 3147 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3148 3149 usbd_transfer_start(sc->sc_xfer[0]); 3150 3151 return (0); 3152 } 3153 3154 static int 3155 run_sendprot(struct run_softc *sc, 3156 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3157 { 3158 struct ieee80211com *ic = ni->ni_ic; 3159 struct ieee80211_frame *wh; 3160 struct run_tx_data *data; 3161 struct rt2870_txd *txd; 3162 struct rt2860_txwi *txwi; 3163 struct mbuf *mprot; 3164 int ridx; 3165 int protrate; 3166 int ackrate; 3167 int pktlen; 3168 int isshort; 3169 uint16_t dur; 3170 uint8_t type; 3171 uint8_t wflags = 0; 3172 uint8_t xflags = 0; 3173 3174 RUN_LOCK_ASSERT(sc, MA_OWNED); 3175 3176 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3177 ("protection %d", prot)); 3178 3179 wh = mtod(m, struct ieee80211_frame *); 3180 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3181 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3182 3183 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3184 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3185 3186 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3187 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3188 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3189 wflags = RT2860_TX_FRAG; 3190 3191 /* check that there are free slots before allocating the mbuf */ 3192 if (sc->sc_epq[0].tx_nfree == 0) { 3193 /* let caller free mbuf */ 3194 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3195 return (ENOBUFS); 3196 } 3197 3198 if (prot == IEEE80211_PROT_RTSCTS) { 3199 /* NB: CTS is the same size as an ACK */ 3200 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3201 xflags |= RT2860_TX_ACK; 3202 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3203 } else { 3204 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3205 } 3206 if (mprot == NULL) { 3207 sc->sc_ifp->if_oerrors++; 3208 DPRINTF("could not allocate mbuf\n"); 3209 return (ENOBUFS); 3210 } 3211 3212 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3213 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3214 sc->sc_epq[0].tx_nfree--; 3215 3216 txd = (struct rt2870_txd *)&data->desc; 3217 txd->flags = RT2860_TX_QSEL_EDCA; 3218 txwi = (struct rt2860_txwi *)(txd + 1); 3219 txwi->wcid = 0xff; 3220 txwi->flags = wflags; 3221 txwi->xflags = xflags; 3222 txwi->txop = 0; /* clear leftover garbage bits */ 3223 3224 data->m = mprot; 3225 data->ni = ieee80211_ref_node(ni); 3226 3227 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3228 if (rt2860_rates[ridx].rate == protrate) 3229 break; 3230 data->ridx = ridx; 3231 3232 run_set_tx_desc(sc, data); 3233 3234 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3235 m->m_pkthdr.len, rate); 3236 3237 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3238 3239 usbd_transfer_start(sc->sc_xfer[0]); 3240 3241 return (0); 3242 } 3243 3244 static int 3245 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3246 const struct ieee80211_bpf_params *params) 3247 { 3248 struct ieee80211com *ic = ni->ni_ic; 3249 struct ieee80211_frame *wh; 3250 struct run_tx_data *data; 3251 struct rt2870_txd *txd; 3252 struct rt2860_txwi *txwi; 3253 uint8_t type; 3254 uint8_t ridx; 3255 uint8_t rate; 3256 uint8_t opflags = 0; 3257 uint8_t xflags = 0; 3258 int error; 3259 3260 RUN_LOCK_ASSERT(sc, MA_OWNED); 3261 3262 KASSERT(params != NULL, ("no raw xmit params")); 3263 3264 wh = mtod(m, struct ieee80211_frame *); 3265 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3266 3267 rate = params->ibp_rate0; 3268 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3269 /* let caller free mbuf */ 3270 return (EINVAL); 3271 } 3272 3273 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3274 xflags |= RT2860_TX_ACK; 3275 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3276 error = run_sendprot(sc, m, ni, 3277 params->ibp_flags & IEEE80211_BPF_RTS ? 3278 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3279 rate); 3280 if (error) { 3281 /* let caller free mbuf */ 3282 return error; 3283 } 3284 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3285 } 3286 3287 if (sc->sc_epq[0].tx_nfree == 0) { 3288 /* let caller free mbuf */ 3289 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3290 DPRINTF("sending raw frame, but tx ring is full\n"); 3291 return (EIO); 3292 } 3293 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3294 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3295 sc->sc_epq[0].tx_nfree--; 3296 3297 txd = (struct rt2870_txd *)&data->desc; 3298 txd->flags = RT2860_TX_QSEL_EDCA; 3299 txwi = (struct rt2860_txwi *)(txd + 1); 3300 txwi->wcid = 0xff; 3301 txwi->xflags = xflags; 3302 txwi->txop = opflags; 3303 txwi->flags = 0; /* clear leftover garbage bits */ 3304 3305 data->m = m; 3306 data->ni = ni; 3307 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3308 if (rt2860_rates[ridx].rate == rate) 3309 break; 3310 data->ridx = ridx; 3311 3312 run_set_tx_desc(sc, data); 3313 3314 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3315 m->m_pkthdr.len, rate); 3316 3317 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3318 3319 usbd_transfer_start(sc->sc_xfer[0]); 3320 3321 return (0); 3322 } 3323 3324 static int 3325 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3326 const struct ieee80211_bpf_params *params) 3327 { 3328 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3329 struct run_softc *sc = ifp->if_softc; 3330 int error = 0; 3331 3332 RUN_LOCK(sc); 3333 3334 /* prevent management frames from being sent if we're not ready */ 3335 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3336 error = ENETDOWN; 3337 goto done; 3338 } 3339 3340 if (params == NULL) { 3341 /* tx mgt packet */ 3342 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3343 ifp->if_oerrors++; 3344 DPRINTF("mgt tx failed\n"); 3345 goto done; 3346 } 3347 } else { 3348 /* tx raw packet with param */ 3349 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3350 ifp->if_oerrors++; 3351 DPRINTF("tx with param failed\n"); 3352 goto done; 3353 } 3354 } 3355 3356 ifp->if_opackets++; 3357 3358 done: 3359 RUN_UNLOCK(sc); 3360 3361 if (error != 0) { 3362 if(m != NULL) 3363 m_freem(m); 3364 ieee80211_free_node(ni); 3365 } 3366 3367 return (error); 3368 } 3369 3370 static void 3371 run_start(struct ifnet *ifp) 3372 { 3373 struct run_softc *sc = ifp->if_softc; 3374 struct ieee80211_node *ni; 3375 struct mbuf *m; 3376 3377 RUN_LOCK(sc); 3378 3379 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3380 RUN_UNLOCK(sc); 3381 return; 3382 } 3383 3384 for (;;) { 3385 /* send data frames */ 3386 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3387 if (m == NULL) 3388 break; 3389 3390 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3391 if (run_tx(sc, m, ni) != 0) { 3392 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3393 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3394 break; 3395 } 3396 } 3397 3398 RUN_UNLOCK(sc); 3399 } 3400 3401 static int 3402 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3403 { 3404 struct run_softc *sc = ifp->if_softc; 3405 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3406 struct ifreq *ifr = (struct ifreq *) data; 3407 int startall = 0; 3408 int error = 0; 3409 3410 switch (cmd) { 3411 case SIOCSIFFLAGS: 3412 RUN_LOCK(sc); 3413 if (ifp->if_flags & IFF_UP) { 3414 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3415 startall = 1; 3416 run_init_locked(sc); 3417 } else 3418 run_update_promisc_locked(ifp); 3419 } else { 3420 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3421 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3422 run_stop(sc); 3423 } 3424 } 3425 RUN_UNLOCK(sc); 3426 if (startall) 3427 ieee80211_start_all(ic); 3428 break; 3429 case SIOCGIFMEDIA: 3430 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3431 break; 3432 case SIOCGIFADDR: 3433 error = ether_ioctl(ifp, cmd, data); 3434 break; 3435 default: 3436 error = EINVAL; 3437 break; 3438 } 3439 3440 return (error); 3441 } 3442 3443 static void 3444 run_set_agc(struct run_softc *sc, uint8_t agc) 3445 { 3446 uint8_t bbp; 3447 3448 if (sc->mac_ver == 0x3572) { 3449 run_bbp_read(sc, 27, &bbp); 3450 bbp &= ~(0x3 << 5); 3451 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3452 run_bbp_write(sc, 66, agc); 3453 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3454 run_bbp_write(sc, 66, agc); 3455 } else 3456 run_bbp_write(sc, 66, agc); 3457 } 3458 3459 static void 3460 run_select_chan_group(struct run_softc *sc, int group) 3461 { 3462 uint32_t tmp; 3463 uint8_t agc; 3464 3465 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3466 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3467 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3468 run_bbp_write(sc, 86, 0x00); 3469 3470 if (group == 0) { 3471 if (sc->ext_2ghz_lna) { 3472 run_bbp_write(sc, 82, 0x62); 3473 run_bbp_write(sc, 75, 0x46); 3474 } else { 3475 run_bbp_write(sc, 82, 0x84); 3476 run_bbp_write(sc, 75, 0x50); 3477 } 3478 } else { 3479 if (sc->mac_ver == 0x3572) 3480 run_bbp_write(sc, 82, 0x94); 3481 else 3482 run_bbp_write(sc, 82, 0xf2); 3483 if (sc->ext_5ghz_lna) 3484 run_bbp_write(sc, 75, 0x46); 3485 else 3486 run_bbp_write(sc, 75, 0x50); 3487 } 3488 3489 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3490 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3491 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3492 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3493 3494 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3495 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3496 if (sc->nrxchains > 1) 3497 tmp |= RT2860_LNA_PE1_EN; 3498 if (group == 0) { /* 2GHz */ 3499 tmp |= RT2860_PA_PE_G0_EN; 3500 if (sc->ntxchains > 1) 3501 tmp |= RT2860_PA_PE_G1_EN; 3502 } else { /* 5GHz */ 3503 tmp |= RT2860_PA_PE_A0_EN; 3504 if (sc->ntxchains > 1) 3505 tmp |= RT2860_PA_PE_A1_EN; 3506 } 3507 if (sc->mac_ver == 0x3572) { 3508 run_rt3070_rf_write(sc, 8, 0x00); 3509 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3510 run_rt3070_rf_write(sc, 8, 0x80); 3511 } else 3512 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3513 3514 /* set initial AGC value */ 3515 if (group == 0) { /* 2GHz band */ 3516 if (sc->mac_ver >= 0x3070) 3517 agc = 0x1c + sc->lna[0] * 2; 3518 else 3519 agc = 0x2e + sc->lna[0]; 3520 } else { /* 5GHz band */ 3521 if (sc->mac_ver == 0x3572) 3522 agc = 0x22 + (sc->lna[group] * 5) / 3; 3523 else 3524 agc = 0x32 + (sc->lna[group] * 5) / 3; 3525 } 3526 run_set_agc(sc, agc); 3527 } 3528 3529 static void 3530 run_rt2870_set_chan(struct run_softc *sc, uint32_t chan) 3531 { 3532 const struct rfprog *rfprog = rt2860_rf2850; 3533 uint32_t r2, r3, r4; 3534 int8_t txpow1, txpow2; 3535 int i; 3536 3537 /* find the settings for this channel (we know it exists) */ 3538 for (i = 0; rfprog[i].chan != chan; i++); 3539 3540 r2 = rfprog[i].r2; 3541 if (sc->ntxchains == 1) 3542 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 3543 if (sc->nrxchains == 1) 3544 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3545 else if (sc->nrxchains == 2) 3546 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 3547 3548 /* use Tx power values from EEPROM */ 3549 txpow1 = sc->txpow1[i]; 3550 txpow2 = sc->txpow2[i]; 3551 if (chan > 14) { 3552 if (txpow1 >= 0) 3553 txpow1 = txpow1 << 1 | 1; 3554 else 3555 txpow1 = (7 + txpow1) << 1; 3556 if (txpow2 >= 0) 3557 txpow2 = txpow2 << 1 | 1; 3558 else 3559 txpow2 = (7 + txpow2) << 1; 3560 } 3561 r3 = rfprog[i].r3 | txpow1 << 7; 3562 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 3563 3564 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3565 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3566 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3567 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3568 3569 run_delay(sc, 10); 3570 3571 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3572 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3573 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1); 3574 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3575 3576 run_delay(sc, 10); 3577 3578 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3579 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3580 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3581 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3582 } 3583 3584 static void 3585 run_rt3070_set_chan(struct run_softc *sc, uint32_t chan) 3586 { 3587 int8_t txpow1, txpow2; 3588 uint8_t rf; 3589 int i; 3590 3591 /* RT3070 is 2GHz only */ 3592 KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n")); 3593 3594 /* find the settings for this channel (we know it exists) */ 3595 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3596 3597 /* use Tx power values from EEPROM */ 3598 txpow1 = sc->txpow1[i]; 3599 txpow2 = sc->txpow2[i]; 3600 3601 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3602 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3603 run_rt3070_rf_read(sc, 6, &rf); 3604 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3605 run_rt3070_rf_write(sc, 6, rf); 3606 3607 /* set Tx0 power */ 3608 run_rt3070_rf_read(sc, 12, &rf); 3609 rf = (rf & ~0x1f) | txpow1; 3610 run_rt3070_rf_write(sc, 12, rf); 3611 3612 /* set Tx1 power */ 3613 run_rt3070_rf_read(sc, 13, &rf); 3614 rf = (rf & ~0x1f) | txpow2; 3615 run_rt3070_rf_write(sc, 13, rf); 3616 3617 run_rt3070_rf_read(sc, 1, &rf); 3618 rf &= ~0xfc; 3619 if (sc->ntxchains == 1) 3620 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3621 else if (sc->ntxchains == 2) 3622 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3623 if (sc->nrxchains == 1) 3624 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3625 else if (sc->nrxchains == 2) 3626 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3627 run_rt3070_rf_write(sc, 1, rf); 3628 3629 /* set RF offset */ 3630 run_rt3070_rf_read(sc, 23, &rf); 3631 rf = (rf & ~0x7f) | sc->freq; 3632 run_rt3070_rf_write(sc, 23, rf); 3633 3634 /* program RF filter */ 3635 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 3636 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3637 run_rt3070_rf_write(sc, 24, rf); 3638 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 3639 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3640 run_rt3070_rf_write(sc, 31, rf); 3641 3642 /* enable RF tuning */ 3643 run_rt3070_rf_read(sc, 7, &rf); 3644 run_rt3070_rf_write(sc, 7, rf | 0x01); 3645 } 3646 3647 static void 3648 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 3649 { 3650 int8_t txpow1, txpow2; 3651 uint32_t tmp; 3652 uint8_t rf; 3653 int i; 3654 3655 /* find the settings for this channel (we know it exists) */ 3656 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3657 3658 /* use Tx power values from EEPROM */ 3659 txpow1 = sc->txpow1[i]; 3660 txpow2 = sc->txpow2[i]; 3661 3662 if (chan <= 14) { 3663 run_bbp_write(sc, 25, sc->bbp25); 3664 run_bbp_write(sc, 26, sc->bbp26); 3665 } else { 3666 /* enable IQ phase correction */ 3667 run_bbp_write(sc, 25, 0x09); 3668 run_bbp_write(sc, 26, 0xff); 3669 } 3670 3671 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3672 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3673 run_rt3070_rf_read(sc, 6, &rf); 3674 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 3675 rf |= (chan <= 14) ? 0x08 : 0x04; 3676 run_rt3070_rf_write(sc, 6, rf); 3677 3678 /* set PLL mode */ 3679 run_rt3070_rf_read(sc, 5, &rf); 3680 rf &= ~(0x08 | 0x04); 3681 rf |= (chan <= 14) ? 0x04 : 0x08; 3682 run_rt3070_rf_write(sc, 5, rf); 3683 3684 /* set Tx power for chain 0 */ 3685 if (chan <= 14) 3686 rf = 0x60 | txpow1; 3687 else 3688 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 3689 run_rt3070_rf_write(sc, 12, rf); 3690 3691 /* set Tx power for chain 1 */ 3692 if (chan <= 14) 3693 rf = 0x60 | txpow2; 3694 else 3695 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 3696 run_rt3070_rf_write(sc, 13, rf); 3697 3698 /* set Tx/Rx streams */ 3699 run_rt3070_rf_read(sc, 1, &rf); 3700 rf &= ~0xfc; 3701 if (sc->ntxchains == 1) 3702 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3703 else if (sc->ntxchains == 2) 3704 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3705 if (sc->nrxchains == 1) 3706 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3707 else if (sc->nrxchains == 2) 3708 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3709 run_rt3070_rf_write(sc, 1, rf); 3710 3711 /* set RF offset */ 3712 run_rt3070_rf_read(sc, 23, &rf); 3713 rf = (rf & ~0x7f) | sc->freq; 3714 run_rt3070_rf_write(sc, 23, rf); 3715 3716 /* program RF filter */ 3717 rf = sc->rf24_20mhz; 3718 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 3719 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 3720 3721 /* enable RF tuning */ 3722 run_rt3070_rf_read(sc, 7, &rf); 3723 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 3724 run_rt3070_rf_write(sc, 7, rf); 3725 3726 /* TSSI */ 3727 rf = (chan <= 14) ? 0xc3 : 0xc0; 3728 run_rt3070_rf_write(sc, 9, rf); 3729 3730 /* set loop filter 1 */ 3731 run_rt3070_rf_write(sc, 10, 0xf1); 3732 /* set loop filter 2 */ 3733 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 3734 3735 /* set tx_mx2_ic */ 3736 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 3737 /* set tx_mx1_ic */ 3738 if (chan <= 14) 3739 rf = 0x48 | sc->txmixgain_2ghz; 3740 else 3741 rf = 0x78 | sc->txmixgain_5ghz; 3742 run_rt3070_rf_write(sc, 16, rf); 3743 3744 /* set tx_lo1 */ 3745 run_rt3070_rf_write(sc, 17, 0x23); 3746 /* set tx_lo2 */ 3747 if (chan <= 14) 3748 rf = 0x93; 3749 else if (chan <= 64) 3750 rf = 0xb7; 3751 else if (chan <= 128) 3752 rf = 0x74; 3753 else 3754 rf = 0x72; 3755 run_rt3070_rf_write(sc, 19, rf); 3756 3757 /* set rx_lo1 */ 3758 if (chan <= 14) 3759 rf = 0xb3; 3760 else if (chan <= 64) 3761 rf = 0xf6; 3762 else if (chan <= 128) 3763 rf = 0xf4; 3764 else 3765 rf = 0xf3; 3766 run_rt3070_rf_write(sc, 20, rf); 3767 3768 /* set pfd_delay */ 3769 if (chan <= 14) 3770 rf = 0x15; 3771 else if (chan <= 64) 3772 rf = 0x3d; 3773 else 3774 rf = 0x01; 3775 run_rt3070_rf_write(sc, 25, rf); 3776 3777 /* set rx_lo2 */ 3778 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 3779 /* set ldo_rf_vc */ 3780 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 3781 /* set drv_cc */ 3782 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 3783 3784 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3785 tmp &= ~0x8080; 3786 if (chan <= 14) 3787 tmp |= 0x80; 3788 run_write(sc, RT2860_GPIO_CTRL, tmp); 3789 3790 /* enable RF tuning */ 3791 run_rt3070_rf_read(sc, 7, &rf); 3792 run_rt3070_rf_write(sc, 7, rf | 0x01); 3793 3794 run_delay(sc, 2); 3795 } 3796 3797 static void 3798 run_set_rx_antenna(struct run_softc *sc, int aux) 3799 { 3800 uint32_t tmp; 3801 3802 if (aux) { 3803 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 3804 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3805 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 3806 } else { 3807 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 3808 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3809 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 3810 } 3811 } 3812 3813 static int 3814 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 3815 { 3816 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3817 uint32_t chan, group; 3818 3819 chan = ieee80211_chan2ieee(ic, c); 3820 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 3821 return (EINVAL); 3822 3823 if (sc->mac_ver == 0x3572) 3824 run_rt3572_set_chan(sc, chan); 3825 else if (sc->mac_ver >= 0x3070) 3826 run_rt3070_set_chan(sc, chan); 3827 else 3828 run_rt2870_set_chan(sc, chan); 3829 3830 /* determine channel group */ 3831 if (chan <= 14) 3832 group = 0; 3833 else if (chan <= 64) 3834 group = 1; 3835 else if (chan <= 128) 3836 group = 2; 3837 else 3838 group = 3; 3839 3840 /* XXX necessary only when group has changed! */ 3841 run_select_chan_group(sc, group); 3842 3843 run_delay(sc, 10); 3844 3845 return (0); 3846 } 3847 3848 static void 3849 run_set_channel(struct ieee80211com *ic) 3850 { 3851 struct run_softc *sc = ic->ic_ifp->if_softc; 3852 3853 RUN_LOCK(sc); 3854 run_set_chan(sc, ic->ic_curchan); 3855 RUN_UNLOCK(sc); 3856 3857 return; 3858 } 3859 3860 static void 3861 run_scan_start(struct ieee80211com *ic) 3862 { 3863 struct run_softc *sc = ic->ic_ifp->if_softc; 3864 uint32_t tmp; 3865 3866 RUN_LOCK(sc); 3867 3868 /* abort TSF synchronization */ 3869 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 3870 run_write(sc, RT2860_BCN_TIME_CFG, 3871 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 3872 RT2860_TBTT_TIMER_EN)); 3873 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 3874 3875 RUN_UNLOCK(sc); 3876 3877 return; 3878 } 3879 3880 static void 3881 run_scan_end(struct ieee80211com *ic) 3882 { 3883 struct run_softc *sc = ic->ic_ifp->if_softc; 3884 3885 RUN_LOCK(sc); 3886 3887 run_enable_tsf_sync(sc); 3888 /* XXX keep local copy */ 3889 run_set_bssid(sc, sc->sc_bssid); 3890 3891 RUN_UNLOCK(sc); 3892 3893 return; 3894 } 3895 3896 /* 3897 * Could be called from ieee80211_node_timeout() 3898 * (non-sleepable thread) 3899 */ 3900 static void 3901 run_update_beacon(struct ieee80211vap *vap, int item) 3902 { 3903 struct ieee80211com *ic = vap->iv_ic; 3904 struct run_softc *sc = ic->ic_ifp->if_softc; 3905 uint32_t i; 3906 3907 i = RUN_CMDQ_GET(&sc->cmdq_store); 3908 DPRINTF("cmdq_store=%d\n", i); 3909 sc->cmdq[i].func = run_update_beacon_cb; 3910 sc->cmdq[i].arg0 = vap; 3911 ieee80211_runtask(ic, &sc->cmdq_task); 3912 3913 return; 3914 } 3915 3916 static void 3917 run_update_beacon_cb(void *arg) 3918 { 3919 struct ieee80211vap *vap = arg; 3920 struct ieee80211com *ic = vap->iv_ic; 3921 struct run_softc *sc = ic->ic_ifp->if_softc; 3922 struct rt2860_txwi txwi; 3923 struct mbuf *m; 3924 uint8_t ridx; 3925 3926 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 3927 return; 3928 3929 if ((m = ieee80211_beacon_alloc(vap->iv_bss, &RUN_VAP(vap)->bo)) == NULL) 3930 return; 3931 3932 memset(&txwi, 0, sizeof txwi); 3933 txwi.wcid = 0xff; 3934 txwi.len = htole16(m->m_pkthdr.len); 3935 /* send beacons at the lowest available rate */ 3936 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3937 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3938 txwi.phy = htole16(rt2860_rates[ridx].mcs); 3939 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 3940 txwi.phy |= htole16(RT2860_PHY_OFDM); 3941 txwi.txop = RT2860_TX_TXOP_HT; 3942 txwi.flags = RT2860_TX_TS; 3943 txwi.xflags = RT2860_TX_NSEQ; 3944 3945 run_write_region_1(sc, RT2860_BCN_BASE(RUN_VAP(vap)->rvp_id), 3946 (uint8_t *)&txwi, sizeof txwi); 3947 run_write_region_1(sc, RT2860_BCN_BASE(RUN_VAP(vap)->rvp_id) + sizeof txwi, 3948 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); /* roundup len */ 3949 3950 m_freem(m); 3951 3952 return; 3953 } 3954 3955 static void 3956 run_updateprot(struct ieee80211com *ic) 3957 { 3958 struct run_softc *sc = ic->ic_ifp->if_softc; 3959 uint32_t tmp; 3960 3961 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 3962 /* setup protection frame rate (MCS code) */ 3963 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 3964 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 3965 rt2860_rates[RT2860_RIDX_CCK11].mcs; 3966 3967 /* CCK frames don't require protection */ 3968 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 3969 if (ic->ic_flags & IEEE80211_F_USEPROT) { 3970 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 3971 tmp |= RT2860_PROT_CTRL_RTS_CTS; 3972 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 3973 tmp |= RT2860_PROT_CTRL_CTS; 3974 } 3975 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 3976 } 3977 3978 static void 3979 run_usb_timeout_cb(void *arg) 3980 { 3981 struct ieee80211vap *vap = arg; 3982 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 3983 3984 RUN_LOCK_ASSERT(sc, MA_OWNED); 3985 3986 if(vap->iv_state == IEEE80211_S_RUN && 3987 vap->iv_opmode != IEEE80211_M_STA) 3988 run_reset_livelock(sc); 3989 else if (vap->iv_state == IEEE80211_S_SCAN) { 3990 DPRINTF("timeout caused by scan\n"); 3991 /* cancel bgscan */ 3992 ieee80211_cancel_scan(vap); 3993 } else 3994 DPRINTF("timeout by unknown cause\n"); 3995 } 3996 3997 static void 3998 run_reset_livelock(struct run_softc *sc) 3999 { 4000 uint32_t tmp; 4001 4002 RUN_LOCK_ASSERT(sc, MA_OWNED); 4003 4004 /* 4005 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4006 * can run into a livelock and start sending CTS-to-self frames like 4007 * crazy if protection is enabled. Reset MAC/BBP for a while 4008 */ 4009 run_read(sc, RT2860_DEBUG, &tmp); 4010 DPRINTFN(3, "debug reg %08x\n", tmp); 4011 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4012 DPRINTF("CTS-to-self livelock detected\n"); 4013 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4014 run_delay(sc, 1); 4015 run_write(sc, RT2860_MAC_SYS_CTRL, 4016 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4017 } 4018 } 4019 4020 static void 4021 run_update_promisc_locked(struct ifnet *ifp) 4022 { 4023 struct run_softc *sc = ifp->if_softc; 4024 uint32_t tmp; 4025 4026 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4027 4028 tmp |= RT2860_DROP_UC_NOME; 4029 if (ifp->if_flags & IFF_PROMISC) 4030 tmp &= ~RT2860_DROP_UC_NOME; 4031 4032 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4033 4034 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4035 "entering" : "leaving"); 4036 } 4037 4038 static void 4039 run_update_promisc(struct ifnet *ifp) 4040 { 4041 struct run_softc *sc = ifp->if_softc; 4042 4043 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4044 return; 4045 4046 RUN_LOCK(sc); 4047 run_update_promisc_locked(ifp); 4048 RUN_UNLOCK(sc); 4049 } 4050 4051 static void 4052 run_enable_tsf_sync(struct run_softc *sc) 4053 { 4054 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4055 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4056 uint32_t tmp; 4057 4058 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode); 4059 4060 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4061 tmp &= ~0x1fffff; 4062 tmp |= vap->iv_bss->ni_intval * 16; 4063 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4064 4065 if (ic->ic_opmode == IEEE80211_M_STA) { 4066 /* 4067 * Local TSF is always updated with remote TSF on beacon 4068 * reception. 4069 */ 4070 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4071 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4072 tmp |= RT2860_BCN_TX_EN; 4073 /* 4074 * Local TSF is updated with remote TSF on beacon reception 4075 * only if the remote TSF is greater than local TSF. 4076 */ 4077 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4078 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4079 ic->ic_opmode == IEEE80211_M_MBSS) { 4080 tmp |= RT2860_BCN_TX_EN; 4081 /* SYNC with nobody */ 4082 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4083 } else { 4084 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4085 return; 4086 } 4087 4088 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4089 } 4090 4091 static void 4092 run_enable_mrr(struct run_softc *sc) 4093 { 4094 #define CCK(mcs) (mcs) 4095 #define OFDM(mcs) (1 << 3 | (mcs)) 4096 run_write(sc, RT2860_LG_FBK_CFG0, 4097 OFDM(6) << 28 | /* 54->48 */ 4098 OFDM(5) << 24 | /* 48->36 */ 4099 OFDM(4) << 20 | /* 36->24 */ 4100 OFDM(3) << 16 | /* 24->18 */ 4101 OFDM(2) << 12 | /* 18->12 */ 4102 OFDM(1) << 8 | /* 12-> 9 */ 4103 OFDM(0) << 4 | /* 9-> 6 */ 4104 OFDM(0)); /* 6-> 6 */ 4105 4106 run_write(sc, RT2860_LG_FBK_CFG1, 4107 CCK(2) << 12 | /* 11->5.5 */ 4108 CCK(1) << 8 | /* 5.5-> 2 */ 4109 CCK(0) << 4 | /* 2-> 1 */ 4110 CCK(0)); /* 1-> 1 */ 4111 #undef OFDM 4112 #undef CCK 4113 } 4114 4115 static void 4116 run_set_txpreamble(struct run_softc *sc) 4117 { 4118 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4119 uint32_t tmp; 4120 4121 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4122 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4123 tmp |= RT2860_CCK_SHORT_EN; 4124 else 4125 tmp &= ~RT2860_CCK_SHORT_EN; 4126 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4127 } 4128 4129 static void 4130 run_set_basicrates(struct run_softc *sc) 4131 { 4132 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4133 4134 /* set basic rates mask */ 4135 if (ic->ic_curmode == IEEE80211_MODE_11B) 4136 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4137 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4138 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4139 else /* 11g */ 4140 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4141 } 4142 4143 static void 4144 run_set_leds(struct run_softc *sc, uint16_t which) 4145 { 4146 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4147 which | (sc->leds & 0x7f)); 4148 } 4149 4150 static void 4151 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4152 { 4153 run_write(sc, RT2860_MAC_BSSID_DW0, 4154 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4155 run_write(sc, RT2860_MAC_BSSID_DW1, 4156 bssid[4] | bssid[5] << 8); 4157 } 4158 4159 static void 4160 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4161 { 4162 run_write(sc, RT2860_MAC_ADDR_DW0, 4163 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4164 run_write(sc, RT2860_MAC_ADDR_DW1, 4165 addr[4] | addr[5] << 8 | 0xff << 16); 4166 } 4167 4168 /* ARGSUSED */ 4169 static void 4170 run_updateslot(struct ifnet *ifp) 4171 { 4172 struct run_softc *sc = ifp->if_softc; 4173 struct ieee80211com *ic = ifp->if_l2com; 4174 uint32_t tmp; 4175 4176 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4177 tmp &= ~0xff; 4178 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4179 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4180 } 4181 4182 static void 4183 run_update_mcast(struct ifnet *ifp) 4184 { 4185 /* h/w filter supports getting everything or nothing */ 4186 ifp->if_flags |= IFF_ALLMULTI; 4187 } 4188 4189 static int8_t 4190 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4191 { 4192 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4193 struct ieee80211_channel *c = ic->ic_curchan; 4194 int delta; 4195 4196 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4197 uint32_t chan = ieee80211_chan2ieee(ic, c); 4198 delta = sc->rssi_5ghz[rxchain]; 4199 4200 /* determine channel group */ 4201 if (chan <= 64) 4202 delta -= sc->lna[1]; 4203 else if (chan <= 128) 4204 delta -= sc->lna[2]; 4205 else 4206 delta -= sc->lna[3]; 4207 } else 4208 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4209 4210 return (-12 - delta - rssi); 4211 } 4212 4213 static int 4214 run_bbp_init(struct run_softc *sc) 4215 { 4216 int i, error, ntries; 4217 uint8_t bbp0; 4218 4219 /* wait for BBP to wake up */ 4220 for (ntries = 0; ntries < 20; ntries++) { 4221 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4222 return error; 4223 if (bbp0 != 0 && bbp0 != 0xff) 4224 break; 4225 } 4226 if (ntries == 20) 4227 return (ETIMEDOUT); 4228 4229 /* initialize BBP registers to default values */ 4230 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 4231 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4232 rt2860_def_bbp[i].val); 4233 } 4234 4235 /* fix BBP84 for RT2860E */ 4236 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4237 run_bbp_write(sc, 84, 0x19); 4238 4239 if (sc->mac_ver >= 0x3070) { 4240 run_bbp_write(sc, 79, 0x13); 4241 run_bbp_write(sc, 80, 0x05); 4242 run_bbp_write(sc, 81, 0x33); 4243 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 4244 run_bbp_write(sc, 69, 0x16); 4245 run_bbp_write(sc, 73, 0x12); 4246 } 4247 return (0); 4248 } 4249 4250 static int 4251 run_rt3070_rf_init(struct run_softc *sc) 4252 { 4253 uint32_t tmp; 4254 uint8_t rf, target, bbp4; 4255 int i; 4256 4257 run_rt3070_rf_read(sc, 30, &rf); 4258 /* toggle RF R30 bit 7 */ 4259 run_rt3070_rf_write(sc, 30, rf | 0x80); 4260 run_delay(sc, 10); 4261 run_rt3070_rf_write(sc, 30, rf & ~0x80); 4262 4263 /* initialize RF registers to default value */ 4264 if (sc->mac_ver == 0x3572) { 4265 for (i = 0; i < nitems(rt3572_def_rf); i++) { 4266 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 4267 rt3572_def_rf[i].val); 4268 } 4269 } else { 4270 for (i = 0; i < nitems(rt3070_def_rf); i++) { 4271 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 4272 rt3070_def_rf[i].val); 4273 } 4274 } 4275 4276 if (sc->mac_ver == 0x3070) { 4277 /* change voltage from 1.2V to 1.35V for RT3070 */ 4278 run_read(sc, RT3070_LDO_CFG0, &tmp); 4279 tmp = (tmp & ~0x0f000000) | 0x0d000000; 4280 run_write(sc, RT3070_LDO_CFG0, tmp); 4281 4282 } else if (sc->mac_ver == 0x3071) { 4283 run_rt3070_rf_read(sc, 6, &rf); 4284 run_rt3070_rf_write(sc, 6, rf | 0x40); 4285 run_rt3070_rf_write(sc, 31, 0x14); 4286 4287 run_read(sc, RT3070_LDO_CFG0, &tmp); 4288 tmp &= ~0x1f000000; 4289 if (sc->mac_rev < 0x0211) 4290 tmp |= 0x0d000000; /* 1.3V */ 4291 else 4292 tmp |= 0x01000000; /* 1.2V */ 4293 run_write(sc, RT3070_LDO_CFG0, tmp); 4294 4295 /* patch LNA_PE_G1 */ 4296 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 4297 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 4298 4299 } else if (sc->mac_ver == 0x3572) { 4300 run_rt3070_rf_read(sc, 6, &rf); 4301 run_rt3070_rf_write(sc, 6, rf | 0x40); 4302 4303 /* increase voltage from 1.2V to 1.35V */ 4304 run_read(sc, RT3070_LDO_CFG0, &tmp); 4305 tmp = (tmp & ~0x1f000000) | 0x0d000000; 4306 run_write(sc, RT3070_LDO_CFG0, tmp); 4307 4308 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 4309 run_delay(sc, 1); /* wait for 1msec */ 4310 /* decrease voltage back to 1.2V */ 4311 tmp = (tmp & ~0x1f000000) | 0x01000000; 4312 run_write(sc, RT3070_LDO_CFG0, tmp); 4313 } 4314 } 4315 4316 /* select 20MHz bandwidth */ 4317 run_rt3070_rf_read(sc, 31, &rf); 4318 run_rt3070_rf_write(sc, 31, rf & ~0x20); 4319 4320 /* calibrate filter for 20MHz bandwidth */ 4321 sc->rf24_20mhz = 0x1f; /* default value */ 4322 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 4323 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 4324 4325 /* select 40MHz bandwidth */ 4326 run_bbp_read(sc, 4, &bbp4); 4327 run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10); 4328 run_rt3070_rf_read(sc, 31, &rf); 4329 run_rt3070_rf_write(sc, 31, rf | 0x20); 4330 4331 /* calibrate filter for 40MHz bandwidth */ 4332 sc->rf24_40mhz = 0x2f; /* default value */ 4333 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 4334 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 4335 4336 /* go back to 20MHz bandwidth */ 4337 run_bbp_read(sc, 4, &bbp4); 4338 run_bbp_write(sc, 4, bbp4 & ~0x18); 4339 4340 if (sc->mac_ver == 0x3572) { 4341 /* save default BBP registers 25 and 26 values */ 4342 run_bbp_read(sc, 25, &sc->bbp25); 4343 run_bbp_read(sc, 26, &sc->bbp26); 4344 } else if (sc->mac_rev < 0x0211) 4345 run_rt3070_rf_write(sc, 27, 0x03); 4346 4347 run_read(sc, RT3070_OPT_14, &tmp); 4348 run_write(sc, RT3070_OPT_14, tmp | 1); 4349 4350 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4351 run_rt3070_rf_read(sc, 17, &rf); 4352 rf &= ~RT3070_TX_LO1; 4353 if ((sc->mac_ver == 0x3070 || 4354 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 4355 !sc->ext_2ghz_lna) 4356 rf |= 0x20; /* fix for long range Rx issue */ 4357 if (sc->txmixgain_2ghz >= 1) 4358 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 4359 run_rt3070_rf_write(sc, 17, rf); 4360 } 4361 4362 if (sc->mac_rev == 0x3071) { 4363 run_rt3070_rf_read(sc, 1, &rf); 4364 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 4365 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 4366 run_rt3070_rf_write(sc, 1, rf); 4367 4368 run_rt3070_rf_read(sc, 15, &rf); 4369 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 4370 4371 run_rt3070_rf_read(sc, 20, &rf); 4372 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 4373 4374 run_rt3070_rf_read(sc, 21, &rf); 4375 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 4376 } 4377 4378 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4379 /* fix Tx to Rx IQ glitch by raising RF voltage */ 4380 run_rt3070_rf_read(sc, 27, &rf); 4381 rf &= ~0x77; 4382 if (sc->mac_rev < 0x0211) 4383 rf |= 0x03; 4384 run_rt3070_rf_write(sc, 27, rf); 4385 } 4386 return (0); 4387 } 4388 4389 static int 4390 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 4391 uint8_t *val) 4392 { 4393 uint8_t rf22, rf24; 4394 uint8_t bbp55_pb, bbp55_sb, delta; 4395 int ntries; 4396 4397 /* program filter */ 4398 run_rt3070_rf_read(sc, 24, &rf24); 4399 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 4400 run_rt3070_rf_write(sc, 24, rf24); 4401 4402 /* enable baseband loopback mode */ 4403 run_rt3070_rf_read(sc, 22, &rf22); 4404 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 4405 4406 /* set power and frequency of passband test tone */ 4407 run_bbp_write(sc, 24, 0x00); 4408 for (ntries = 0; ntries < 100; ntries++) { 4409 /* transmit test tone */ 4410 run_bbp_write(sc, 25, 0x90); 4411 run_delay(sc, 10); 4412 /* read received power */ 4413 run_bbp_read(sc, 55, &bbp55_pb); 4414 if (bbp55_pb != 0) 4415 break; 4416 } 4417 if (ntries == 100) 4418 return ETIMEDOUT; 4419 4420 /* set power and frequency of stopband test tone */ 4421 run_bbp_write(sc, 24, 0x06); 4422 for (ntries = 0; ntries < 100; ntries++) { 4423 /* transmit test tone */ 4424 run_bbp_write(sc, 25, 0x90); 4425 run_delay(sc, 10); 4426 /* read received power */ 4427 run_bbp_read(sc, 55, &bbp55_sb); 4428 4429 delta = bbp55_pb - bbp55_sb; 4430 if (delta > target) 4431 break; 4432 4433 /* reprogram filter */ 4434 rf24++; 4435 run_rt3070_rf_write(sc, 24, rf24); 4436 } 4437 if (ntries < 100) { 4438 if (rf24 != init) 4439 rf24--; /* backtrack */ 4440 *val = rf24; 4441 run_rt3070_rf_write(sc, 24, rf24); 4442 } 4443 4444 /* restore initial state */ 4445 run_bbp_write(sc, 24, 0x00); 4446 4447 /* disable baseband loopback mode */ 4448 run_rt3070_rf_read(sc, 22, &rf22); 4449 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 4450 4451 return (0); 4452 } 4453 4454 static void 4455 run_rt3070_rf_setup(struct run_softc *sc) 4456 { 4457 uint8_t bbp, rf; 4458 int i; 4459 4460 if (sc->mac_ver == 0x3572) { 4461 /* enable DC filter */ 4462 if (sc->mac_rev >= 0x0201) 4463 run_bbp_write(sc, 103, 0xc0); 4464 4465 run_bbp_read(sc, 138, &bbp); 4466 if (sc->ntxchains == 1) 4467 bbp |= 0x20; /* turn off DAC1 */ 4468 if (sc->nrxchains == 1) 4469 bbp &= ~0x02; /* turn off ADC1 */ 4470 run_bbp_write(sc, 138, bbp); 4471 4472 if (sc->mac_rev >= 0x0211) { 4473 /* improve power consumption */ 4474 run_bbp_read(sc, 31, &bbp); 4475 run_bbp_write(sc, 31, bbp & ~0x03); 4476 } 4477 4478 run_rt3070_rf_read(sc, 16, &rf); 4479 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 4480 run_rt3070_rf_write(sc, 16, rf); 4481 4482 } else if (sc->mac_ver == 0x3071) { 4483 /* enable DC filter */ 4484 if (sc->mac_rev >= 0x0201) 4485 run_bbp_write(sc, 103, 0xc0); 4486 4487 run_bbp_read(sc, 138, &bbp); 4488 if (sc->ntxchains == 1) 4489 bbp |= 0x20; /* turn off DAC1 */ 4490 if (sc->nrxchains == 1) 4491 bbp &= ~0x02; /* turn off ADC1 */ 4492 run_bbp_write(sc, 138, bbp); 4493 4494 if (sc->mac_rev >= 0x0211) { 4495 /* improve power consumption */ 4496 run_bbp_read(sc, 31, &bbp); 4497 run_bbp_write(sc, 31, bbp & ~0x03); 4498 } 4499 4500 run_write(sc, RT2860_TX_SW_CFG1, 0); 4501 if (sc->mac_rev < 0x0211) { 4502 run_write(sc, RT2860_TX_SW_CFG2, 4503 sc->patch_dac ? 0x2c : 0x0f); 4504 } else 4505 run_write(sc, RT2860_TX_SW_CFG2, 0); 4506 4507 } else if (sc->mac_ver == 0x3070) { 4508 if (sc->mac_rev >= 0x0201) { 4509 /* enable DC filter */ 4510 run_bbp_write(sc, 103, 0xc0); 4511 4512 /* improve power consumption */ 4513 run_bbp_read(sc, 31, &bbp); 4514 run_bbp_write(sc, 31, bbp & ~0x03); 4515 } 4516 4517 if (sc->mac_rev < 0x0211) { 4518 run_write(sc, RT2860_TX_SW_CFG1, 0); 4519 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 4520 } else 4521 run_write(sc, RT2860_TX_SW_CFG2, 0); 4522 } 4523 4524 /* initialize RF registers from ROM for >=RT3071*/ 4525 if (sc->mac_ver >= 0x3071) { 4526 for (i = 0; i < 10; i++) { 4527 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 4528 continue; 4529 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 4530 } 4531 } 4532 } 4533 4534 static int 4535 run_txrx_enable(struct run_softc *sc) 4536 { 4537 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4538 uint32_t tmp; 4539 int error, ntries; 4540 4541 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 4542 for (ntries = 0; ntries < 200; ntries++) { 4543 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 4544 return error; 4545 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4546 break; 4547 run_delay(sc, 50); 4548 } 4549 if (ntries == 200) 4550 return ETIMEDOUT; 4551 4552 run_delay(sc, 50); 4553 4554 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 4555 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4556 4557 /* enable Rx bulk aggregation (set timeout and limit) */ 4558 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 4559 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 4560 run_write(sc, RT2860_USB_DMA_CFG, tmp); 4561 4562 /* set Rx filter */ 4563 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 4564 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 4565 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 4566 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 4567 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 4568 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 4569 if (ic->ic_opmode == IEEE80211_M_STA) 4570 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 4571 } 4572 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4573 4574 run_write(sc, RT2860_MAC_SYS_CTRL, 4575 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4576 4577 return (0); 4578 } 4579 4580 static void 4581 run_init_locked(struct run_softc *sc) 4582 { 4583 struct ifnet *ifp = sc->sc_ifp; 4584 struct ieee80211com *ic = ifp->if_l2com; 4585 uint32_t tmp; 4586 uint8_t bbp1, bbp3; 4587 int i; 4588 int ridx; 4589 int ntries; 4590 4591 if (ic->ic_nrunning > 1) 4592 return; 4593 4594 run_stop(sc); 4595 4596 for (ntries = 0; ntries < 100; ntries++) { 4597 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 4598 goto fail; 4599 if (tmp != 0 && tmp != 0xffffffff) 4600 break; 4601 run_delay(sc, 10); 4602 } 4603 if (ntries == 100) 4604 goto fail; 4605 4606 for (i = 0; i != RUN_EP_QUEUES; i++) 4607 run_setup_tx_list(sc, &sc->sc_epq[i]); 4608 4609 run_set_macaddr(sc, IF_LLADDR(ifp)); 4610 4611 for (ntries = 0; ntries < 100; ntries++) { 4612 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 4613 goto fail; 4614 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4615 break; 4616 run_delay(sc, 10); 4617 } 4618 if (ntries == 100) { 4619 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 4620 goto fail; 4621 } 4622 tmp &= 0xff0; 4623 tmp |= RT2860_TX_WB_DDONE; 4624 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4625 4626 /* turn off PME_OEN to solve high-current issue */ 4627 run_read(sc, RT2860_SYS_CTRL, &tmp); 4628 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 4629 4630 run_write(sc, RT2860_MAC_SYS_CTRL, 4631 RT2860_BBP_HRST | RT2860_MAC_SRST); 4632 run_write(sc, RT2860_USB_DMA_CFG, 0); 4633 4634 if (run_reset(sc) != 0) { 4635 device_printf(sc->sc_dev, "could not reset chipset\n"); 4636 goto fail; 4637 } 4638 4639 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4640 4641 /* init Tx power for all Tx rates (from EEPROM) */ 4642 for (ridx = 0; ridx < 5; ridx++) { 4643 if (sc->txpow20mhz[ridx] == 0xffffffff) 4644 continue; 4645 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 4646 } 4647 4648 for (i = 0; i < nitems(rt2870_def_mac); i++) 4649 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 4650 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 4651 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 4652 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 4653 4654 if (sc->mac_ver >= 0x3070) { 4655 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 4656 run_write(sc, RT2860_TX_SW_CFG0, 4657 4 << RT2860_DLY_PAPE_EN_SHIFT); 4658 } 4659 4660 /* wait while MAC is busy */ 4661 for (ntries = 0; ntries < 100; ntries++) { 4662 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 4663 goto fail; 4664 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 4665 break; 4666 run_delay(sc, 10); 4667 } 4668 if (ntries == 100) 4669 goto fail; 4670 4671 /* clear Host to MCU mailbox */ 4672 run_write(sc, RT2860_H2M_BBPAGENT, 0); 4673 run_write(sc, RT2860_H2M_MAILBOX, 0); 4674 run_delay(sc, 10); 4675 4676 if (run_bbp_init(sc) != 0) { 4677 device_printf(sc->sc_dev, "could not initialize BBP\n"); 4678 goto fail; 4679 } 4680 4681 /* abort TSF synchronization */ 4682 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4683 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4684 RT2860_TBTT_TIMER_EN); 4685 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4686 4687 /* clear RX WCID search table */ 4688 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 4689 /* clear WCID attribute table */ 4690 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 4691 4692 /* hostapd sets a key before init. So, don't clear it. */ 4693 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 4694 /* clear shared key table */ 4695 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 4696 /* clear shared key mode */ 4697 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 4698 } 4699 4700 run_read(sc, RT2860_US_CYC_CNT, &tmp); 4701 tmp = (tmp & ~0xff) | 0x1e; 4702 run_write(sc, RT2860_US_CYC_CNT, tmp); 4703 4704 if (sc->mac_rev != 0x0101) 4705 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 4706 4707 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 4708 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 4709 4710 /* write vendor-specific BBP values (from EEPROM) */ 4711 for (i = 0; i < 10; i++) { 4712 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 4713 continue; 4714 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 4715 } 4716 4717 /* select Main antenna for 1T1R devices */ 4718 if (sc->rf_rev == RT3070_RF_3020) 4719 run_set_rx_antenna(sc, 0); 4720 4721 /* send LEDs operating mode to microcontroller */ 4722 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 4723 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 4724 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 4725 4726 if (sc->mac_ver >= 0x3070) 4727 run_rt3070_rf_init(sc); 4728 4729 /* disable non-existing Rx chains */ 4730 run_bbp_read(sc, 3, &bbp3); 4731 bbp3 &= ~(1 << 3 | 1 << 4); 4732 if (sc->nrxchains == 2) 4733 bbp3 |= 1 << 3; 4734 else if (sc->nrxchains == 3) 4735 bbp3 |= 1 << 4; 4736 run_bbp_write(sc, 3, bbp3); 4737 4738 /* disable non-existing Tx chains */ 4739 run_bbp_read(sc, 1, &bbp1); 4740 if (sc->ntxchains == 1) 4741 bbp1 &= ~(1 << 3 | 1 << 4); 4742 run_bbp_write(sc, 1, bbp1); 4743 4744 if (sc->mac_ver >= 0x3070) 4745 run_rt3070_rf_setup(sc); 4746 4747 /* select default channel */ 4748 run_set_chan(sc, ic->ic_curchan); 4749 4750 /* setup initial protection mode */ 4751 run_updateprot(ic); 4752 4753 /* turn radio LED on */ 4754 run_set_leds(sc, RT2860_LED_RADIO); 4755 4756 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 4757 ifp->if_drv_flags |= IFF_DRV_RUNNING; 4758 sc->cmdq_run = RUN_CMDQ_GO; 4759 4760 for (i = 0; i != RUN_N_XFER; i++) 4761 usbd_xfer_set_stall(sc->sc_xfer[i]); 4762 4763 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 4764 4765 if (run_txrx_enable(sc) != 0) 4766 goto fail; 4767 4768 return; 4769 4770 fail: 4771 run_stop(sc); 4772 } 4773 4774 static void 4775 run_init(void *arg) 4776 { 4777 struct run_softc *sc = arg; 4778 struct ifnet *ifp = sc->sc_ifp; 4779 struct ieee80211com *ic = ifp->if_l2com; 4780 4781 RUN_LOCK(sc); 4782 run_init_locked(sc); 4783 RUN_UNLOCK(sc); 4784 4785 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4786 ieee80211_start_all(ic); 4787 } 4788 4789 static void 4790 run_stop(void *arg) 4791 { 4792 struct run_softc *sc = (struct run_softc *)arg; 4793 struct ifnet *ifp = sc->sc_ifp; 4794 uint32_t tmp; 4795 int i; 4796 int ntries; 4797 4798 RUN_LOCK_ASSERT(sc, MA_OWNED); 4799 4800 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4801 run_set_leds(sc, 0); /* turn all LEDs off */ 4802 4803 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 4804 4805 sc->ratectl_run = RUN_RATECTL_OFF; 4806 sc->cmdq_run = sc->cmdq_key_set; 4807 4808 RUN_UNLOCK(sc); 4809 4810 for(i = 0; i < RUN_N_XFER; i++) 4811 usbd_transfer_drain(sc->sc_xfer[i]); 4812 4813 RUN_LOCK(sc); 4814 4815 if (sc->rx_m != NULL) { 4816 m_free(sc->rx_m); 4817 sc->rx_m = NULL; 4818 } 4819 4820 /* disable Tx/Rx */ 4821 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 4822 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4823 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 4824 4825 /* wait for pending Tx to complete */ 4826 for (ntries = 0; ntries < 100; ntries++) { 4827 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 4828 DPRINTF("Cannot read Tx queue count\n"); 4829 break; 4830 } 4831 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 4832 DPRINTF("All Tx cleared\n"); 4833 break; 4834 } 4835 run_delay(sc, 10); 4836 } 4837 if (ntries >= 100) 4838 DPRINTF("There are still pending Tx\n"); 4839 run_delay(sc, 10); 4840 run_write(sc, RT2860_USB_DMA_CFG, 0); 4841 4842 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 4843 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4844 4845 for (i = 0; i != RUN_EP_QUEUES; i++) 4846 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 4847 4848 return; 4849 } 4850 4851 static void 4852 run_delay(struct run_softc *sc, unsigned int ms) 4853 { 4854 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 4855 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 4856 } 4857 4858 static device_method_t run_methods[] = { 4859 /* Device interface */ 4860 DEVMETHOD(device_probe, run_match), 4861 DEVMETHOD(device_attach, run_attach), 4862 DEVMETHOD(device_detach, run_detach), 4863 4864 { 0, 0 } 4865 }; 4866 4867 static driver_t run_driver = { 4868 "run", 4869 run_methods, 4870 sizeof(struct run_softc) 4871 }; 4872 4873 static devclass_t run_devclass; 4874 4875 DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0); 4876 MODULE_DEPEND(run, wlan, 1, 1, 1); 4877 MODULE_DEPEND(run, usb, 1, 1, 1); 4878 MODULE_DEPEND(run, firmware, 1, 1, 1); 4879 MODULE_VERSION(run, 1); 4880