1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 #define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103 #define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(NETGEAR, WNDA4100), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324 #undef RUN_DEV_EJECT 325 #undef RUN_DEV 326 }; 327 328 static device_probe_t run_match; 329 static device_attach_t run_attach; 330 static device_detach_t run_detach; 331 332 static usb_callback_t run_bulk_rx_callback; 333 static usb_callback_t run_bulk_tx_callback0; 334 static usb_callback_t run_bulk_tx_callback1; 335 static usb_callback_t run_bulk_tx_callback2; 336 static usb_callback_t run_bulk_tx_callback3; 337 static usb_callback_t run_bulk_tx_callback4; 338 static usb_callback_t run_bulk_tx_callback5; 339 340 static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342 static int run_driver_loaded(struct module *, int, void *); 343 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349 static void run_vap_delete(struct ieee80211vap *); 350 static void run_cmdq_cb(void *, int); 351 static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355 static int run_load_microcode(struct run_softc *); 356 static int run_reset(struct run_softc *); 357 static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359 static int run_read(struct run_softc *, uint16_t, uint32_t *); 360 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362 static int run_write(struct run_softc *, uint16_t, uint32_t); 363 static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375 static const char *run_get_rf(uint16_t); 376 static void run_rt3593_get_txpower(struct run_softc *); 377 static void run_get_txpower(struct run_softc *); 378 static int run_read_eeprom(struct run_softc *); 379 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381 static int run_media_change(struct ifnet *); 382 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383 static int run_wme_update(struct ieee80211com *); 384 static void run_wme_update_cb(void *); 385 static void run_key_set_cb(void *); 386 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 387 static void run_key_delete_cb(void *); 388 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 389 static void run_ratectl_to(void *); 390 static void run_ratectl_cb(void *, int); 391 static void run_drain_fifo(void *); 392 static void run_iter_func(void *, struct ieee80211_node *); 393 static void run_newassoc_cb(void *); 394 static void run_newassoc(struct ieee80211_node *, int); 395 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 396 const struct ieee80211_rx_stats *, int, int); 397 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 398 static void run_tx_free(struct run_endpoint_queue *pq, 399 struct run_tx_data *, int); 400 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 401 static int run_tx(struct run_softc *, struct mbuf *, 402 struct ieee80211_node *); 403 static int run_tx_mgt(struct run_softc *, struct mbuf *, 404 struct ieee80211_node *); 405 static int run_sendprot(struct run_softc *, const struct mbuf *, 406 struct ieee80211_node *, int, int); 407 static int run_tx_param(struct run_softc *, struct mbuf *, 408 struct ieee80211_node *, 409 const struct ieee80211_bpf_params *); 410 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 411 const struct ieee80211_bpf_params *); 412 static int run_transmit(struct ieee80211com *, struct mbuf *); 413 static void run_start(struct run_softc *); 414 static void run_parent(struct ieee80211com *); 415 static void run_iq_calib(struct run_softc *, u_int); 416 static void run_set_agc(struct run_softc *, uint8_t); 417 static void run_select_chan_group(struct run_softc *, int); 418 static void run_set_rx_antenna(struct run_softc *, int); 419 static void run_rt2870_set_chan(struct run_softc *, u_int); 420 static void run_rt3070_set_chan(struct run_softc *, u_int); 421 static void run_rt3572_set_chan(struct run_softc *, u_int); 422 static void run_rt3593_set_chan(struct run_softc *, u_int); 423 static void run_rt5390_set_chan(struct run_softc *, u_int); 424 static void run_rt5592_set_chan(struct run_softc *, u_int); 425 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 426 static void run_set_channel(struct ieee80211com *); 427 static void run_scan_start(struct ieee80211com *); 428 static void run_scan_end(struct ieee80211com *); 429 static void run_update_beacon(struct ieee80211vap *, int); 430 static void run_update_beacon_cb(void *); 431 static void run_updateprot(struct ieee80211com *); 432 static void run_updateprot_cb(void *); 433 static void run_usb_timeout_cb(void *); 434 static void run_reset_livelock(struct run_softc *); 435 static void run_enable_tsf_sync(struct run_softc *); 436 static void run_enable_tsf(struct run_softc *); 437 static void run_get_tsf(struct run_softc *, uint64_t *); 438 static void run_enable_mrr(struct run_softc *); 439 static void run_set_txpreamble(struct run_softc *); 440 static void run_set_basicrates(struct run_softc *); 441 static void run_set_leds(struct run_softc *, uint16_t); 442 static void run_set_bssid(struct run_softc *, const uint8_t *); 443 static void run_set_macaddr(struct run_softc *, const uint8_t *); 444 static void run_updateslot(struct ieee80211com *); 445 static void run_updateslot_cb(void *); 446 static void run_update_mcast(struct ieee80211com *); 447 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 448 static void run_update_promisc_locked(struct run_softc *); 449 static void run_update_promisc(struct ieee80211com *); 450 static void run_rt5390_bbp_init(struct run_softc *); 451 static int run_bbp_init(struct run_softc *); 452 static int run_rt3070_rf_init(struct run_softc *); 453 static void run_rt3593_rf_init(struct run_softc *); 454 static void run_rt5390_rf_init(struct run_softc *); 455 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 456 uint8_t *); 457 static void run_rt3070_rf_setup(struct run_softc *); 458 static void run_rt3593_rf_setup(struct run_softc *); 459 static void run_rt5390_rf_setup(struct run_softc *); 460 static int run_txrx_enable(struct run_softc *); 461 static void run_adjust_freq_offset(struct run_softc *); 462 static void run_init_locked(struct run_softc *); 463 static void run_stop(void *); 464 static void run_delay(struct run_softc *, u_int); 465 466 static eventhandler_tag run_etag; 467 468 static const struct rt2860_rate { 469 uint8_t rate; 470 uint8_t mcs; 471 enum ieee80211_phytype phy; 472 uint8_t ctl_ridx; 473 uint16_t sp_ack_dur; 474 uint16_t lp_ack_dur; 475 } rt2860_rates[] = { 476 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 477 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 478 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 479 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 480 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 481 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 482 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 483 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 484 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 485 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 486 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 487 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 488 }; 489 490 static const struct { 491 uint16_t reg; 492 uint32_t val; 493 } rt2870_def_mac[] = { 494 RT2870_DEF_MAC 495 }; 496 497 static const struct { 498 uint8_t reg; 499 uint8_t val; 500 } rt2860_def_bbp[] = { 501 RT2860_DEF_BBP 502 },rt5390_def_bbp[] = { 503 RT5390_DEF_BBP 504 },rt5592_def_bbp[] = { 505 RT5592_DEF_BBP 506 }; 507 508 /* 509 * Default values for BBP register R196 for RT5592. 510 */ 511 static const uint8_t rt5592_bbp_r196[] = { 512 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 513 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 514 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 515 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 516 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 517 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 518 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 519 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 520 0x2e, 0x36, 0x30, 0x6e 521 }; 522 523 static const struct rfprog { 524 uint8_t chan; 525 uint32_t r1, r2, r3, r4; 526 } rt2860_rf2850[] = { 527 RT2860_RF2850 528 }; 529 530 struct { 531 uint8_t n, r, k; 532 } rt3070_freqs[] = { 533 RT3070_RF3052 534 }; 535 536 static const struct rt5592_freqs { 537 uint16_t n; 538 uint8_t k, m, r; 539 } rt5592_freqs_20mhz[] = { 540 RT5592_RF5592_20MHZ 541 },rt5592_freqs_40mhz[] = { 542 RT5592_RF5592_40MHZ 543 }; 544 545 static const struct { 546 uint8_t reg; 547 uint8_t val; 548 } rt3070_def_rf[] = { 549 RT3070_DEF_RF 550 },rt3572_def_rf[] = { 551 RT3572_DEF_RF 552 },rt3593_def_rf[] = { 553 RT3593_DEF_RF 554 },rt5390_def_rf[] = { 555 RT5390_DEF_RF 556 },rt5392_def_rf[] = { 557 RT5392_DEF_RF 558 },rt5592_def_rf[] = { 559 RT5592_DEF_RF 560 },rt5592_2ghz_def_rf[] = { 561 RT5592_2GHZ_DEF_RF 562 },rt5592_5ghz_def_rf[] = { 563 RT5592_5GHZ_DEF_RF 564 }; 565 566 static const struct { 567 u_int firstchan; 568 u_int lastchan; 569 uint8_t reg; 570 uint8_t val; 571 } rt5592_chan_5ghz[] = { 572 RT5592_CHAN_5GHZ 573 }; 574 575 static const struct usb_config run_config[RUN_N_XFER] = { 576 [RUN_BULK_TX_BE] = { 577 .type = UE_BULK, 578 .endpoint = UE_ADDR_ANY, 579 .ep_index = 0, 580 .direction = UE_DIR_OUT, 581 .bufsize = RUN_MAX_TXSZ, 582 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 583 .callback = run_bulk_tx_callback0, 584 .timeout = 5000, /* ms */ 585 }, 586 [RUN_BULK_TX_BK] = { 587 .type = UE_BULK, 588 .endpoint = UE_ADDR_ANY, 589 .direction = UE_DIR_OUT, 590 .ep_index = 1, 591 .bufsize = RUN_MAX_TXSZ, 592 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 593 .callback = run_bulk_tx_callback1, 594 .timeout = 5000, /* ms */ 595 }, 596 [RUN_BULK_TX_VI] = { 597 .type = UE_BULK, 598 .endpoint = UE_ADDR_ANY, 599 .direction = UE_DIR_OUT, 600 .ep_index = 2, 601 .bufsize = RUN_MAX_TXSZ, 602 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 603 .callback = run_bulk_tx_callback2, 604 .timeout = 5000, /* ms */ 605 }, 606 [RUN_BULK_TX_VO] = { 607 .type = UE_BULK, 608 .endpoint = UE_ADDR_ANY, 609 .direction = UE_DIR_OUT, 610 .ep_index = 3, 611 .bufsize = RUN_MAX_TXSZ, 612 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 613 .callback = run_bulk_tx_callback3, 614 .timeout = 5000, /* ms */ 615 }, 616 [RUN_BULK_TX_HCCA] = { 617 .type = UE_BULK, 618 .endpoint = UE_ADDR_ANY, 619 .direction = UE_DIR_OUT, 620 .ep_index = 4, 621 .bufsize = RUN_MAX_TXSZ, 622 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 623 .callback = run_bulk_tx_callback4, 624 .timeout = 5000, /* ms */ 625 }, 626 [RUN_BULK_TX_PRIO] = { 627 .type = UE_BULK, 628 .endpoint = UE_ADDR_ANY, 629 .direction = UE_DIR_OUT, 630 .ep_index = 5, 631 .bufsize = RUN_MAX_TXSZ, 632 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 633 .callback = run_bulk_tx_callback5, 634 .timeout = 5000, /* ms */ 635 }, 636 [RUN_BULK_RX] = { 637 .type = UE_BULK, 638 .endpoint = UE_ADDR_ANY, 639 .direction = UE_DIR_IN, 640 .bufsize = RUN_MAX_RXSZ, 641 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 642 .callback = run_bulk_rx_callback, 643 } 644 }; 645 646 static void 647 run_autoinst(void *arg, struct usb_device *udev, 648 struct usb_attach_arg *uaa) 649 { 650 struct usb_interface *iface; 651 struct usb_interface_descriptor *id; 652 653 if (uaa->dev_state != UAA_DEV_READY) 654 return; 655 656 iface = usbd_get_iface(udev, 0); 657 if (iface == NULL) 658 return; 659 id = iface->idesc; 660 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 661 return; 662 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 663 return; 664 665 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 666 uaa->dev_state = UAA_DEV_EJECTING; 667 } 668 669 static int 670 run_driver_loaded(struct module *mod, int what, void *arg) 671 { 672 switch (what) { 673 case MOD_LOAD: 674 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 675 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 676 break; 677 case MOD_UNLOAD: 678 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 679 break; 680 default: 681 return (EOPNOTSUPP); 682 } 683 return (0); 684 } 685 686 static int 687 run_match(device_t self) 688 { 689 struct usb_attach_arg *uaa = device_get_ivars(self); 690 691 if (uaa->usb_mode != USB_MODE_HOST) 692 return (ENXIO); 693 if (uaa->info.bConfigIndex != 0) 694 return (ENXIO); 695 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 696 return (ENXIO); 697 698 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 699 } 700 701 static int 702 run_attach(device_t self) 703 { 704 struct run_softc *sc = device_get_softc(self); 705 struct usb_attach_arg *uaa = device_get_ivars(self); 706 struct ieee80211com *ic = &sc->sc_ic; 707 uint32_t ver; 708 int ntries, error; 709 uint8_t iface_index, bands; 710 711 device_set_usb_desc(self); 712 sc->sc_udev = uaa->device; 713 sc->sc_dev = self; 714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 716 717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 718 MTX_NETWORK_LOCK, MTX_DEF); 719 mbufq_init(&sc->sc_snd, ifqmaxlen); 720 721 iface_index = RT2860_IFACE_INDEX; 722 723 error = usbd_transfer_setup(uaa->device, &iface_index, 724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 725 if (error) { 726 device_printf(self, "could not allocate USB transfers, " 727 "err=%s\n", usbd_errstr(error)); 728 goto detach; 729 } 730 731 RUN_LOCK(sc); 732 733 /* wait for the chip to settle */ 734 for (ntries = 0; ntries < 100; ntries++) { 735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 736 RUN_UNLOCK(sc); 737 goto detach; 738 } 739 if (ver != 0 && ver != 0xffffffff) 740 break; 741 run_delay(sc, 10); 742 } 743 if (ntries == 100) { 744 device_printf(sc->sc_dev, 745 "timeout waiting for NIC to initialize\n"); 746 RUN_UNLOCK(sc); 747 goto detach; 748 } 749 sc->mac_ver = ver >> 16; 750 sc->mac_rev = ver & 0xffff; 751 752 /* retrieve RF rev. no and various other things from EEPROM */ 753 run_read_eeprom(sc); 754 755 device_printf(sc->sc_dev, 756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 759 760 RUN_UNLOCK(sc); 761 762 ic->ic_softc = sc; 763 ic->ic_name = device_get_nameunit(self); 764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 766 767 /* set device capabilities */ 768 ic->ic_caps = 769 IEEE80211_C_STA | /* station mode supported */ 770 IEEE80211_C_MONITOR | /* monitor mode supported */ 771 IEEE80211_C_IBSS | 772 IEEE80211_C_HOSTAP | 773 IEEE80211_C_WDS | /* 4-address traffic works */ 774 IEEE80211_C_MBSS | 775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 776 IEEE80211_C_SHSLOT | /* short slot time supported */ 777 IEEE80211_C_WME | /* WME */ 778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 779 780 ic->ic_cryptocaps = 781 IEEE80211_CRYPTO_WEP | 782 IEEE80211_CRYPTO_AES_CCM | 783 IEEE80211_CRYPTO_TKIPMIC | 784 IEEE80211_CRYPTO_TKIP; 785 786 ic->ic_flags |= IEEE80211_F_DATAPAD; 787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 788 789 bands = 0; 790 setbit(&bands, IEEE80211_MODE_11B); 791 setbit(&bands, IEEE80211_MODE_11G); 792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 794 sc->rf_rev == RT5592_RF_5592) 795 setbit(&bands, IEEE80211_MODE_11A); 796 ieee80211_init_channels(ic, NULL, &bands); 797 798 ieee80211_ifattach(ic); 799 800 ic->ic_scan_start = run_scan_start; 801 ic->ic_scan_end = run_scan_end; 802 ic->ic_set_channel = run_set_channel; 803 ic->ic_node_alloc = run_node_alloc; 804 ic->ic_newassoc = run_newassoc; 805 ic->ic_updateslot = run_updateslot; 806 ic->ic_update_mcast = run_update_mcast; 807 ic->ic_wme.wme_update = run_wme_update; 808 ic->ic_raw_xmit = run_raw_xmit; 809 ic->ic_update_promisc = run_update_promisc; 810 ic->ic_vap_create = run_vap_create; 811 ic->ic_vap_delete = run_vap_delete; 812 ic->ic_transmit = run_transmit; 813 ic->ic_parent = run_parent; 814 815 ieee80211_radiotap_attach(ic, 816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 817 RUN_TX_RADIOTAP_PRESENT, 818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 819 RUN_RX_RADIOTAP_PRESENT); 820 821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 824 825 if (bootverbose) 826 ieee80211_announce(ic); 827 828 return (0); 829 830 detach: 831 run_detach(self); 832 return (ENXIO); 833 } 834 835 static void 836 run_drain_mbufq(struct run_softc *sc) 837 { 838 struct mbuf *m; 839 struct ieee80211_node *ni; 840 841 RUN_LOCK_ASSERT(sc, MA_OWNED); 842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 844 m->m_pkthdr.rcvif = NULL; 845 ieee80211_free_node(ni); 846 m_freem(m); 847 } 848 } 849 850 static int 851 run_detach(device_t self) 852 { 853 struct run_softc *sc = device_get_softc(self); 854 struct ieee80211com *ic = &sc->sc_ic; 855 int i; 856 857 RUN_LOCK(sc); 858 sc->sc_detached = 1; 859 RUN_UNLOCK(sc); 860 861 /* stop all USB transfers */ 862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 863 864 RUN_LOCK(sc); 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 872 /* Free TX queue */ 873 run_drain_mbufq(sc); 874 RUN_UNLOCK(sc); 875 876 if (sc->sc_ic.ic_softc == sc) { 877 /* drain tasks */ 878 usb_callout_drain(&sc->ratectl_ch); 879 ieee80211_draintask(ic, &sc->cmdq_task); 880 ieee80211_draintask(ic, &sc->ratectl_task); 881 ieee80211_ifdetach(ic); 882 } 883 884 mtx_destroy(&sc->sc_mtx); 885 886 return (0); 887 } 888 889 static struct ieee80211vap * 890 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 891 enum ieee80211_opmode opmode, int flags, 892 const uint8_t bssid[IEEE80211_ADDR_LEN], 893 const uint8_t mac[IEEE80211_ADDR_LEN]) 894 { 895 struct run_softc *sc = ic->ic_softc; 896 struct run_vap *rvp; 897 struct ieee80211vap *vap; 898 int i; 899 900 if (sc->rvp_cnt >= RUN_VAP_MAX) { 901 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 902 return (NULL); 903 } 904 905 switch (opmode) { 906 case IEEE80211_M_STA: 907 /* enable s/w bmiss handling for sta mode */ 908 flags |= IEEE80211_CLONE_NOBEACONS; 909 /* fall though */ 910 case IEEE80211_M_IBSS: 911 case IEEE80211_M_MONITOR: 912 case IEEE80211_M_HOSTAP: 913 case IEEE80211_M_MBSS: 914 /* other than WDS vaps, only one at a time */ 915 if (!TAILQ_EMPTY(&ic->ic_vaps)) 916 return (NULL); 917 break; 918 case IEEE80211_M_WDS: 919 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 920 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 921 continue; 922 /* WDS vap's always share the local mac address. */ 923 flags &= ~IEEE80211_CLONE_BSSID; 924 break; 925 } 926 if (vap == NULL) { 927 device_printf(sc->sc_dev, 928 "wds only supported in ap mode\n"); 929 return (NULL); 930 } 931 break; 932 default: 933 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 934 return (NULL); 935 } 936 937 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 938 vap = &rvp->vap; 939 940 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 941 bssid) != 0) { 942 /* out of memory */ 943 free(rvp, M_80211_VAP); 944 return (NULL); 945 } 946 947 vap->iv_update_beacon = run_update_beacon; 948 vap->iv_max_aid = RT2870_WCID_MAX; 949 /* 950 * To delete the right key from h/w, we need wcid. 951 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 952 * and matching wcid will be written into there. So, cast 953 * some spells to remove 'const' from ieee80211_key{} 954 */ 955 vap->iv_key_delete = (void *)run_key_delete; 956 vap->iv_key_set = (void *)run_key_set; 957 958 /* override state transition machine */ 959 rvp->newstate = vap->iv_newstate; 960 vap->iv_newstate = run_newstate; 961 if (opmode == IEEE80211_M_IBSS) { 962 rvp->recv_mgmt = vap->iv_recv_mgmt; 963 vap->iv_recv_mgmt = run_recv_mgmt; 964 } 965 966 ieee80211_ratectl_init(vap); 967 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 968 969 /* complete setup */ 970 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 971 mac); 972 973 /* make sure id is always unique */ 974 for (i = 0; i < RUN_VAP_MAX; i++) { 975 if((sc->rvp_bmap & 1 << i) == 0){ 976 sc->rvp_bmap |= 1 << i; 977 rvp->rvp_id = i; 978 break; 979 } 980 } 981 if (sc->rvp_cnt++ == 0) 982 ic->ic_opmode = opmode; 983 984 if (opmode == IEEE80211_M_HOSTAP) 985 sc->cmdq_run = RUN_CMDQ_GO; 986 987 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 988 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 989 990 return (vap); 991 } 992 993 static void 994 run_vap_delete(struct ieee80211vap *vap) 995 { 996 struct run_vap *rvp = RUN_VAP(vap); 997 struct ieee80211com *ic; 998 struct run_softc *sc; 999 uint8_t rvp_id; 1000 1001 if (vap == NULL) 1002 return; 1003 1004 ic = vap->iv_ic; 1005 sc = ic->ic_softc; 1006 1007 RUN_LOCK(sc); 1008 1009 m_freem(rvp->beacon_mbuf); 1010 rvp->beacon_mbuf = NULL; 1011 1012 rvp_id = rvp->rvp_id; 1013 sc->ratectl_run &= ~(1 << rvp_id); 1014 sc->rvp_bmap &= ~(1 << rvp_id); 1015 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1016 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1017 --sc->rvp_cnt; 1018 1019 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1020 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1021 1022 RUN_UNLOCK(sc); 1023 1024 ieee80211_ratectl_deinit(vap); 1025 ieee80211_vap_detach(vap); 1026 free(rvp, M_80211_VAP); 1027 } 1028 1029 /* 1030 * There are numbers of functions need to be called in context thread. 1031 * Rather than creating taskqueue event for each of those functions, 1032 * here is all-for-one taskqueue callback function. This function 1033 * gurantees deferred functions are executed in the same order they 1034 * were enqueued. 1035 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1036 */ 1037 static void 1038 run_cmdq_cb(void *arg, int pending) 1039 { 1040 struct run_softc *sc = arg; 1041 uint8_t i; 1042 1043 /* call cmdq[].func locked */ 1044 RUN_LOCK(sc); 1045 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1046 i = sc->cmdq_exec, pending--) { 1047 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1048 if (sc->cmdq_run == RUN_CMDQ_GO) { 1049 /* 1050 * If arg0 is NULL, callback func needs more 1051 * than one arg. So, pass ptr to cmdq struct. 1052 */ 1053 if (sc->cmdq[i].arg0) 1054 sc->cmdq[i].func(sc->cmdq[i].arg0); 1055 else 1056 sc->cmdq[i].func(&sc->cmdq[i]); 1057 } 1058 sc->cmdq[i].arg0 = NULL; 1059 sc->cmdq[i].func = NULL; 1060 sc->cmdq_exec++; 1061 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1062 } 1063 RUN_UNLOCK(sc); 1064 } 1065 1066 static void 1067 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1068 { 1069 struct run_tx_data *data; 1070 1071 memset(pq, 0, sizeof(*pq)); 1072 1073 STAILQ_INIT(&pq->tx_qh); 1074 STAILQ_INIT(&pq->tx_fh); 1075 1076 for (data = &pq->tx_data[0]; 1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1078 data->sc = sc; 1079 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1080 } 1081 pq->tx_nfree = RUN_TX_RING_COUNT; 1082 } 1083 1084 static void 1085 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1086 { 1087 struct run_tx_data *data; 1088 1089 /* make sure any subsequent use of the queues will fail */ 1090 pq->tx_nfree = 0; 1091 STAILQ_INIT(&pq->tx_fh); 1092 STAILQ_INIT(&pq->tx_qh); 1093 1094 /* free up all node references and mbufs */ 1095 for (data = &pq->tx_data[0]; 1096 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1097 if (data->m != NULL) { 1098 m_freem(data->m); 1099 data->m = NULL; 1100 } 1101 if (data->ni != NULL) { 1102 ieee80211_free_node(data->ni); 1103 data->ni = NULL; 1104 } 1105 } 1106 } 1107 1108 static int 1109 run_load_microcode(struct run_softc *sc) 1110 { 1111 usb_device_request_t req; 1112 const struct firmware *fw; 1113 const u_char *base; 1114 uint32_t tmp; 1115 int ntries, error; 1116 const uint64_t *temp; 1117 uint64_t bytes; 1118 1119 RUN_UNLOCK(sc); 1120 fw = firmware_get("runfw"); 1121 RUN_LOCK(sc); 1122 if (fw == NULL) { 1123 device_printf(sc->sc_dev, 1124 "failed loadfirmware of file %s\n", "runfw"); 1125 return ENOENT; 1126 } 1127 1128 if (fw->datasize != 8192) { 1129 device_printf(sc->sc_dev, 1130 "invalid firmware size (should be 8KB)\n"); 1131 error = EINVAL; 1132 goto fail; 1133 } 1134 1135 /* 1136 * RT3071/RT3072 use a different firmware 1137 * run-rt2870 (8KB) contains both, 1138 * first half (4KB) is for rt2870, 1139 * last half is for rt3071. 1140 */ 1141 base = fw->data; 1142 if ((sc->mac_ver) != 0x2860 && 1143 (sc->mac_ver) != 0x2872 && 1144 (sc->mac_ver) != 0x3070) { 1145 base += 4096; 1146 } 1147 1148 /* cheap sanity check */ 1149 temp = fw->data; 1150 bytes = *temp; 1151 if (bytes != be64toh(0xffffff0210280210ULL)) { 1152 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1153 error = EINVAL; 1154 goto fail; 1155 } 1156 1157 /* write microcode image */ 1158 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1159 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1160 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1161 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1162 } 1163 1164 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1165 req.bRequest = RT2870_RESET; 1166 USETW(req.wValue, 8); 1167 USETW(req.wIndex, 0); 1168 USETW(req.wLength, 0); 1169 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1170 != 0) { 1171 device_printf(sc->sc_dev, "firmware reset failed\n"); 1172 goto fail; 1173 } 1174 1175 run_delay(sc, 10); 1176 1177 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1178 run_write(sc, RT2860_H2M_MAILBOX, 0); 1179 run_write(sc, RT2860_H2M_INTSRC, 0); 1180 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1181 goto fail; 1182 1183 /* wait until microcontroller is ready */ 1184 for (ntries = 0; ntries < 1000; ntries++) { 1185 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1186 goto fail; 1187 if (tmp & RT2860_MCU_READY) 1188 break; 1189 run_delay(sc, 10); 1190 } 1191 if (ntries == 1000) { 1192 device_printf(sc->sc_dev, 1193 "timeout waiting for MCU to initialize\n"); 1194 error = ETIMEDOUT; 1195 goto fail; 1196 } 1197 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1198 (base == fw->data) ? "RT2870" : "RT3071", 1199 *(base + 4092), *(base + 4093)); 1200 1201 fail: 1202 firmware_put(fw, FIRMWARE_UNLOAD); 1203 return (error); 1204 } 1205 1206 static int 1207 run_reset(struct run_softc *sc) 1208 { 1209 usb_device_request_t req; 1210 1211 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1212 req.bRequest = RT2870_RESET; 1213 USETW(req.wValue, 1); 1214 USETW(req.wIndex, 0); 1215 USETW(req.wLength, 0); 1216 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1217 } 1218 1219 static usb_error_t 1220 run_do_request(struct run_softc *sc, 1221 struct usb_device_request *req, void *data) 1222 { 1223 usb_error_t err; 1224 int ntries = 10; 1225 1226 RUN_LOCK_ASSERT(sc, MA_OWNED); 1227 1228 while (ntries--) { 1229 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1230 req, data, 0, NULL, 250 /* ms */); 1231 if (err == 0) 1232 break; 1233 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1234 usbd_errstr(err)); 1235 run_delay(sc, 10); 1236 } 1237 return (err); 1238 } 1239 1240 static int 1241 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1242 { 1243 uint32_t tmp; 1244 int error; 1245 1246 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1247 if (error == 0) 1248 *val = le32toh(tmp); 1249 else 1250 *val = 0xffffffff; 1251 return (error); 1252 } 1253 1254 static int 1255 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1256 { 1257 usb_device_request_t req; 1258 1259 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1260 req.bRequest = RT2870_READ_REGION_1; 1261 USETW(req.wValue, 0); 1262 USETW(req.wIndex, reg); 1263 USETW(req.wLength, len); 1264 1265 return (run_do_request(sc, &req, buf)); 1266 } 1267 1268 static int 1269 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1270 { 1271 usb_device_request_t req; 1272 1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1274 req.bRequest = RT2870_WRITE_2; 1275 USETW(req.wValue, val); 1276 USETW(req.wIndex, reg); 1277 USETW(req.wLength, 0); 1278 1279 return (run_do_request(sc, &req, NULL)); 1280 } 1281 1282 static int 1283 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1284 { 1285 int error; 1286 1287 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1288 error = run_write_2(sc, reg + 2, val >> 16); 1289 return (error); 1290 } 1291 1292 static int 1293 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1294 int len) 1295 { 1296 #if 1 1297 int i, error = 0; 1298 /* 1299 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1300 * We thus issue multiple WRITE_2 commands instead. 1301 */ 1302 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1303 for (i = 0; i < len && error == 0; i += 2) 1304 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1305 return (error); 1306 #else 1307 usb_device_request_t req; 1308 int error = 0; 1309 1310 /* 1311 * NOTE: It appears the WRITE_REGION_1 command cannot be 1312 * passed a huge amount of data, which will crash the 1313 * firmware. Limit amount of data passed to 64-bytes at a 1314 * time. 1315 */ 1316 while (len > 0) { 1317 int delta = 64; 1318 if (delta > len) 1319 delta = len; 1320 1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1322 req.bRequest = RT2870_WRITE_REGION_1; 1323 USETW(req.wValue, 0); 1324 USETW(req.wIndex, reg); 1325 USETW(req.wLength, delta); 1326 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1327 if (error != 0) 1328 break; 1329 reg += delta; 1330 buf += delta; 1331 len -= delta; 1332 } 1333 return (error); 1334 #endif 1335 } 1336 1337 static int 1338 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1339 { 1340 int i, error = 0; 1341 1342 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1343 for (i = 0; i < len && error == 0; i += 4) 1344 error = run_write(sc, reg + i, val); 1345 return (error); 1346 } 1347 1348 static int 1349 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1350 { 1351 uint32_t tmp; 1352 uint16_t reg; 1353 int error, ntries; 1354 1355 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1356 return (error); 1357 1358 if (count == 2) 1359 addr *= 2; 1360 /*- 1361 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1362 * DATA0: F E D C 1363 * DATA1: B A 9 8 1364 * DATA2: 7 6 5 4 1365 * DATA3: 3 2 1 0 1366 */ 1367 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1368 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1369 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1370 for (ntries = 0; ntries < 100; ntries++) { 1371 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1372 return (error); 1373 if (!(tmp & RT3070_EFSROM_KICK)) 1374 break; 1375 run_delay(sc, 2); 1376 } 1377 if (ntries == 100) 1378 return (ETIMEDOUT); 1379 1380 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1381 *val = 0xffff; /* address not found */ 1382 return (0); 1383 } 1384 /* determine to which 32-bit register our 16-bit word belongs */ 1385 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1386 if ((error = run_read(sc, reg, &tmp)) != 0) 1387 return (error); 1388 1389 tmp >>= (8 * (addr & 0x3)); 1390 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1391 1392 return (0); 1393 } 1394 1395 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1396 static int 1397 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1398 { 1399 return (run_efuse_read(sc, addr, val, 2)); 1400 } 1401 1402 static int 1403 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1404 { 1405 usb_device_request_t req; 1406 uint16_t tmp; 1407 int error; 1408 1409 addr *= 2; 1410 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1411 req.bRequest = RT2870_EEPROM_READ; 1412 USETW(req.wValue, 0); 1413 USETW(req.wIndex, addr); 1414 USETW(req.wLength, sizeof(tmp)); 1415 1416 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1417 if (error == 0) 1418 *val = le16toh(tmp); 1419 else 1420 *val = 0xffff; 1421 return (error); 1422 } 1423 1424 static __inline int 1425 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1426 { 1427 /* either eFUSE ROM or EEPROM */ 1428 return sc->sc_srom_read(sc, addr, val); 1429 } 1430 1431 static int 1432 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1433 { 1434 uint32_t tmp; 1435 int error, ntries; 1436 1437 for (ntries = 0; ntries < 10; ntries++) { 1438 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1439 return (error); 1440 if (!(tmp & RT2860_RF_REG_CTRL)) 1441 break; 1442 } 1443 if (ntries == 10) 1444 return (ETIMEDOUT); 1445 1446 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1447 } 1448 1449 static int 1450 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1451 { 1452 uint32_t tmp; 1453 int error, ntries; 1454 1455 for (ntries = 0; ntries < 100; ntries++) { 1456 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1457 return (error); 1458 if (!(tmp & RT3070_RF_KICK)) 1459 break; 1460 } 1461 if (ntries == 100) 1462 return (ETIMEDOUT); 1463 1464 tmp = RT3070_RF_KICK | reg << 8; 1465 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1466 return (error); 1467 1468 for (ntries = 0; ntries < 100; ntries++) { 1469 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1470 return (error); 1471 if (!(tmp & RT3070_RF_KICK)) 1472 break; 1473 } 1474 if (ntries == 100) 1475 return (ETIMEDOUT); 1476 1477 *val = tmp & 0xff; 1478 return (0); 1479 } 1480 1481 static int 1482 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1483 { 1484 uint32_t tmp; 1485 int error, ntries; 1486 1487 for (ntries = 0; ntries < 10; ntries++) { 1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1489 return (error); 1490 if (!(tmp & RT3070_RF_KICK)) 1491 break; 1492 } 1493 if (ntries == 10) 1494 return (ETIMEDOUT); 1495 1496 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1497 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1498 } 1499 1500 static int 1501 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1502 { 1503 uint32_t tmp; 1504 int ntries, error; 1505 1506 for (ntries = 0; ntries < 10; ntries++) { 1507 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1508 return (error); 1509 if (!(tmp & RT2860_BBP_CSR_KICK)) 1510 break; 1511 } 1512 if (ntries == 10) 1513 return (ETIMEDOUT); 1514 1515 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1516 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1517 return (error); 1518 1519 for (ntries = 0; ntries < 10; ntries++) { 1520 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1521 return (error); 1522 if (!(tmp & RT2860_BBP_CSR_KICK)) 1523 break; 1524 } 1525 if (ntries == 10) 1526 return (ETIMEDOUT); 1527 1528 *val = tmp & 0xff; 1529 return (0); 1530 } 1531 1532 static int 1533 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1534 { 1535 uint32_t tmp; 1536 int ntries, error; 1537 1538 for (ntries = 0; ntries < 10; ntries++) { 1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1540 return (error); 1541 if (!(tmp & RT2860_BBP_CSR_KICK)) 1542 break; 1543 } 1544 if (ntries == 10) 1545 return (ETIMEDOUT); 1546 1547 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1548 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1549 } 1550 1551 /* 1552 * Send a command to the 8051 microcontroller unit. 1553 */ 1554 static int 1555 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1556 { 1557 uint32_t tmp; 1558 int error, ntries; 1559 1560 for (ntries = 0; ntries < 100; ntries++) { 1561 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1562 return error; 1563 if (!(tmp & RT2860_H2M_BUSY)) 1564 break; 1565 } 1566 if (ntries == 100) 1567 return ETIMEDOUT; 1568 1569 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1570 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1571 error = run_write(sc, RT2860_HOST_CMD, cmd); 1572 return (error); 1573 } 1574 1575 /* 1576 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1577 * Used to adjust per-rate Tx power registers. 1578 */ 1579 static __inline uint32_t 1580 b4inc(uint32_t b32, int8_t delta) 1581 { 1582 int8_t i, b4; 1583 1584 for (i = 0; i < 8; i++) { 1585 b4 = b32 & 0xf; 1586 b4 += delta; 1587 if (b4 < 0) 1588 b4 = 0; 1589 else if (b4 > 0xf) 1590 b4 = 0xf; 1591 b32 = b32 >> 4 | b4 << 28; 1592 } 1593 return (b32); 1594 } 1595 1596 static const char * 1597 run_get_rf(uint16_t rev) 1598 { 1599 switch (rev) { 1600 case RT2860_RF_2820: return "RT2820"; 1601 case RT2860_RF_2850: return "RT2850"; 1602 case RT2860_RF_2720: return "RT2720"; 1603 case RT2860_RF_2750: return "RT2750"; 1604 case RT3070_RF_3020: return "RT3020"; 1605 case RT3070_RF_2020: return "RT2020"; 1606 case RT3070_RF_3021: return "RT3021"; 1607 case RT3070_RF_3022: return "RT3022"; 1608 case RT3070_RF_3052: return "RT3052"; 1609 case RT3593_RF_3053: return "RT3053"; 1610 case RT5592_RF_5592: return "RT5592"; 1611 case RT5390_RF_5370: return "RT5370"; 1612 case RT5390_RF_5372: return "RT5372"; 1613 } 1614 return ("unknown"); 1615 } 1616 1617 static void 1618 run_rt3593_get_txpower(struct run_softc *sc) 1619 { 1620 uint16_t addr, val; 1621 int i; 1622 1623 /* Read power settings for 2GHz channels. */ 1624 for (i = 0; i < 14; i += 2) { 1625 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1626 RT2860_EEPROM_PWR2GHZ_BASE1; 1627 run_srom_read(sc, addr + i / 2, &val); 1628 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1629 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1630 1631 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1632 RT2860_EEPROM_PWR2GHZ_BASE2; 1633 run_srom_read(sc, addr + i / 2, &val); 1634 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1635 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1636 1637 if (sc->ntxchains == 3) { 1638 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1639 &val); 1640 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1641 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1642 } 1643 } 1644 /* Fix broken Tx power entries. */ 1645 for (i = 0; i < 14; i++) { 1646 if (sc->txpow1[i] > 31) 1647 sc->txpow1[i] = 5; 1648 if (sc->txpow2[i] > 31) 1649 sc->txpow2[i] = 5; 1650 if (sc->ntxchains == 3) { 1651 if (sc->txpow3[i] > 31) 1652 sc->txpow3[i] = 5; 1653 } 1654 } 1655 /* Read power settings for 5GHz channels. */ 1656 for (i = 0; i < 40; i += 2) { 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1658 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1660 1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1662 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1663 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1664 1665 if (sc->ntxchains == 3) { 1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1667 &val); 1668 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1669 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1670 } 1671 } 1672 } 1673 1674 static void 1675 run_get_txpower(struct run_softc *sc) 1676 { 1677 uint16_t val; 1678 int i; 1679 1680 /* Read power settings for 2GHz channels. */ 1681 for (i = 0; i < 14; i += 2) { 1682 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1683 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1684 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1685 1686 if (sc->mac_ver != 0x5390) { 1687 run_srom_read(sc, 1688 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1689 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1690 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1691 } 1692 } 1693 /* Fix broken Tx power entries. */ 1694 for (i = 0; i < 14; i++) { 1695 if (sc->mac_ver >= 0x5390) { 1696 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1697 sc->txpow1[i] = 5; 1698 } else { 1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1700 sc->txpow1[i] = 5; 1701 } 1702 if (sc->mac_ver > 0x5390) { 1703 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1704 sc->txpow2[i] = 5; 1705 } else if (sc->mac_ver < 0x5390) { 1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1707 sc->txpow2[i] = 5; 1708 } 1709 DPRINTF("chan %d: power1=%d, power2=%d\n", 1710 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1711 } 1712 /* Read power settings for 5GHz channels. */ 1713 for (i = 0; i < 40; i += 2) { 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1715 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1717 1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1719 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1720 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1721 } 1722 /* Fix broken Tx power entries. */ 1723 for (i = 0; i < 40; i++ ) { 1724 if (sc->mac_ver != 0x5592) { 1725 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1726 sc->txpow1[14 + i] = 5; 1727 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1728 sc->txpow2[14 + i] = 5; 1729 } 1730 DPRINTF("chan %d: power1=%d, power2=%d\n", 1731 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1732 sc->txpow2[14 + i]); 1733 } 1734 } 1735 1736 static int 1737 run_read_eeprom(struct run_softc *sc) 1738 { 1739 struct ieee80211com *ic = &sc->sc_ic; 1740 int8_t delta_2ghz, delta_5ghz; 1741 uint32_t tmp; 1742 uint16_t val; 1743 int ridx, ant, i; 1744 1745 /* check whether the ROM is eFUSE ROM or EEPROM */ 1746 sc->sc_srom_read = run_eeprom_read_2; 1747 if (sc->mac_ver >= 0x3070) { 1748 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1749 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1750 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1751 sc->sc_srom_read = run_efuse_read_2; 1752 } 1753 1754 /* read ROM version */ 1755 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1756 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1757 1758 /* read MAC address */ 1759 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1760 ic->ic_macaddr[0] = val & 0xff; 1761 ic->ic_macaddr[1] = val >> 8; 1762 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1763 ic->ic_macaddr[2] = val & 0xff; 1764 ic->ic_macaddr[3] = val >> 8; 1765 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1766 ic->ic_macaddr[4] = val & 0xff; 1767 ic->ic_macaddr[5] = val >> 8; 1768 1769 if (sc->mac_ver < 0x3593) { 1770 /* read vender BBP settings */ 1771 for (i = 0; i < 10; i++) { 1772 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1773 sc->bbp[i].val = val & 0xff; 1774 sc->bbp[i].reg = val >> 8; 1775 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1776 sc->bbp[i].val); 1777 } 1778 if (sc->mac_ver >= 0x3071) { 1779 /* read vendor RF settings */ 1780 for (i = 0; i < 10; i++) { 1781 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1782 &val); 1783 sc->rf[i].val = val & 0xff; 1784 sc->rf[i].reg = val >> 8; 1785 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1786 sc->rf[i].val); 1787 } 1788 } 1789 } 1790 1791 /* read RF frequency offset from EEPROM */ 1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1793 RT3593_EEPROM_FREQ, &val); 1794 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1795 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1796 1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1798 RT3593_EEPROM_FREQ_LEDS, &val); 1799 if (val >> 8 != 0xff) { 1800 /* read LEDs operating mode */ 1801 sc->leds = val >> 8; 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1803 RT3593_EEPROM_LED1, &sc->led[0]); 1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1805 RT3593_EEPROM_LED2, &sc->led[1]); 1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1807 RT3593_EEPROM_LED3, &sc->led[2]); 1808 } else { 1809 /* broken EEPROM, use default settings */ 1810 sc->leds = 0x01; 1811 sc->led[0] = 0x5555; 1812 sc->led[1] = 0x2221; 1813 sc->led[2] = 0x5627; /* differs from RT2860 */ 1814 } 1815 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1816 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1817 1818 /* read RF information */ 1819 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1820 run_srom_read(sc, 0x00, &val); 1821 else 1822 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1823 1824 if (val == 0xffff) { 1825 device_printf(sc->sc_dev, 1826 "invalid EEPROM antenna info, using default\n"); 1827 DPRINTF("invalid EEPROM antenna info, using default\n"); 1828 if (sc->mac_ver == 0x3572) { 1829 /* default to RF3052 2T2R */ 1830 sc->rf_rev = RT3070_RF_3052; 1831 sc->ntxchains = 2; 1832 sc->nrxchains = 2; 1833 } else if (sc->mac_ver >= 0x3070) { 1834 /* default to RF3020 1T1R */ 1835 sc->rf_rev = RT3070_RF_3020; 1836 sc->ntxchains = 1; 1837 sc->nrxchains = 1; 1838 } else { 1839 /* default to RF2820 1T2R */ 1840 sc->rf_rev = RT2860_RF_2820; 1841 sc->ntxchains = 1; 1842 sc->nrxchains = 2; 1843 } 1844 } else { 1845 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1846 sc->rf_rev = val; 1847 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1848 } else 1849 sc->rf_rev = (val >> 8) & 0xf; 1850 sc->ntxchains = (val >> 4) & 0xf; 1851 sc->nrxchains = val & 0xf; 1852 } 1853 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1854 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1855 1856 /* check if RF supports automatic Tx access gain control */ 1857 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1858 DPRINTF("EEPROM CFG 0x%04x\n", val); 1859 /* check if driver should patch the DAC issue */ 1860 if ((val >> 8) != 0xff) 1861 sc->patch_dac = (val >> 15) & 1; 1862 if ((val & 0xff) != 0xff) { 1863 sc->ext_5ghz_lna = (val >> 3) & 1; 1864 sc->ext_2ghz_lna = (val >> 2) & 1; 1865 /* check if RF supports automatic Tx access gain control */ 1866 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1867 /* check if we have a hardware radio switch */ 1868 sc->rfswitch = val & 1; 1869 } 1870 1871 /* Read Tx power settings. */ 1872 if (sc->mac_ver == 0x3593) 1873 run_rt3593_get_txpower(sc); 1874 else 1875 run_get_txpower(sc); 1876 1877 /* read Tx power compensation for each Tx rate */ 1878 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1879 delta_2ghz = delta_5ghz = 0; 1880 if ((val & 0xff) != 0xff && (val & 0x80)) { 1881 delta_2ghz = val & 0xf; 1882 if (!(val & 0x40)) /* negative number */ 1883 delta_2ghz = -delta_2ghz; 1884 } 1885 val >>= 8; 1886 if ((val & 0xff) != 0xff && (val & 0x80)) { 1887 delta_5ghz = val & 0xf; 1888 if (!(val & 0x40)) /* negative number */ 1889 delta_5ghz = -delta_5ghz; 1890 } 1891 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1892 delta_2ghz, delta_5ghz); 1893 1894 for (ridx = 0; ridx < 5; ridx++) { 1895 uint32_t reg; 1896 1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1898 reg = val; 1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1900 reg |= (uint32_t)val << 16; 1901 1902 sc->txpow20mhz[ridx] = reg; 1903 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1904 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1905 1906 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1907 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1908 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1909 } 1910 1911 /* Read RSSI offsets and LNA gains from EEPROM. */ 1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1913 RT3593_EEPROM_RSSI1_2GHZ, &val); 1914 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1915 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1917 RT3593_EEPROM_RSSI2_2GHZ, &val); 1918 if (sc->mac_ver >= 0x3070) { 1919 if (sc->mac_ver == 0x3593) { 1920 sc->txmixgain_2ghz = 0; 1921 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1922 } else { 1923 /* 1924 * On RT3070 chips (limited to 2 Rx chains), this ROM 1925 * field contains the Tx mixer gain for the 2GHz band. 1926 */ 1927 if ((val & 0xff) != 0xff) 1928 sc->txmixgain_2ghz = val & 0x7; 1929 } 1930 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1931 } else 1932 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1933 if (sc->mac_ver == 0x3593) 1934 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1935 sc->lna[2] = val >> 8; /* channel group 2 */ 1936 1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1938 RT3593_EEPROM_RSSI1_5GHZ, &val); 1939 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1940 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1942 RT3593_EEPROM_RSSI2_5GHZ, &val); 1943 if (sc->mac_ver == 0x3572) { 1944 /* 1945 * On RT3572 chips (limited to 2 Rx chains), this ROM 1946 * field contains the Tx mixer gain for the 5GHz band. 1947 */ 1948 if ((val & 0xff) != 0xff) 1949 sc->txmixgain_5ghz = val & 0x7; 1950 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1951 } else 1952 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1953 if (sc->mac_ver == 0x3593) { 1954 sc->txmixgain_5ghz = 0; 1955 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1956 } 1957 sc->lna[3] = val >> 8; /* channel group 3 */ 1958 1959 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1960 RT3593_EEPROM_LNA, &val); 1961 sc->lna[0] = val & 0xff; /* channel group 0 */ 1962 sc->lna[1] = val >> 8; /* channel group 1 */ 1963 1964 /* fix broken 5GHz LNA entries */ 1965 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1966 DPRINTF("invalid LNA for channel group %d\n", 2); 1967 sc->lna[2] = sc->lna[1]; 1968 } 1969 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1970 DPRINTF("invalid LNA for channel group %d\n", 3); 1971 sc->lna[3] = sc->lna[1]; 1972 } 1973 1974 /* fix broken RSSI offset entries */ 1975 for (ant = 0; ant < 3; ant++) { 1976 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1977 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1978 ant + 1, sc->rssi_2ghz[ant]); 1979 sc->rssi_2ghz[ant] = 0; 1980 } 1981 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1982 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1983 ant + 1, sc->rssi_5ghz[ant]); 1984 sc->rssi_5ghz[ant] = 0; 1985 } 1986 } 1987 return (0); 1988 } 1989 1990 static struct ieee80211_node * 1991 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1992 { 1993 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1994 } 1995 1996 static int 1997 run_media_change(struct ifnet *ifp) 1998 { 1999 struct ieee80211vap *vap = ifp->if_softc; 2000 struct ieee80211com *ic = vap->iv_ic; 2001 const struct ieee80211_txparam *tp; 2002 struct run_softc *sc = ic->ic_softc; 2003 uint8_t rate, ridx; 2004 int error; 2005 2006 RUN_LOCK(sc); 2007 2008 error = ieee80211_media_change(ifp); 2009 if (error != ENETRESET) { 2010 RUN_UNLOCK(sc); 2011 return (error); 2012 } 2013 2014 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2015 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2016 struct ieee80211_node *ni; 2017 struct run_node *rn; 2018 2019 rate = ic->ic_sup_rates[ic->ic_curmode]. 2020 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2021 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2022 if (rt2860_rates[ridx].rate == rate) 2023 break; 2024 ni = ieee80211_ref_node(vap->iv_bss); 2025 rn = RUN_NODE(ni); 2026 rn->fix_ridx = ridx; 2027 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2028 ieee80211_free_node(ni); 2029 } 2030 2031 #if 0 2032 if ((ifp->if_flags & IFF_UP) && 2033 (ifp->if_drv_flags & RUN_RUNNING)){ 2034 run_init_locked(sc); 2035 } 2036 #endif 2037 2038 RUN_UNLOCK(sc); 2039 2040 return (0); 2041 } 2042 2043 static int 2044 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2045 { 2046 const struct ieee80211_txparam *tp; 2047 struct ieee80211com *ic = vap->iv_ic; 2048 struct run_softc *sc = ic->ic_softc; 2049 struct run_vap *rvp = RUN_VAP(vap); 2050 enum ieee80211_state ostate; 2051 uint32_t sta[3]; 2052 uint32_t tmp; 2053 uint8_t ratectl; 2054 uint8_t restart_ratectl = 0; 2055 uint8_t bid = 1 << rvp->rvp_id; 2056 2057 ostate = vap->iv_state; 2058 DPRINTF("%s -> %s\n", 2059 ieee80211_state_name[ostate], 2060 ieee80211_state_name[nstate]); 2061 2062 IEEE80211_UNLOCK(ic); 2063 RUN_LOCK(sc); 2064 2065 ratectl = sc->ratectl_run; /* remember current state */ 2066 sc->ratectl_run = RUN_RATECTL_OFF; 2067 usb_callout_stop(&sc->ratectl_ch); 2068 2069 if (ostate == IEEE80211_S_RUN) { 2070 /* turn link LED off */ 2071 run_set_leds(sc, RT2860_LED_RADIO); 2072 } 2073 2074 switch (nstate) { 2075 case IEEE80211_S_INIT: 2076 restart_ratectl = 1; 2077 2078 if (ostate != IEEE80211_S_RUN) 2079 break; 2080 2081 ratectl &= ~bid; 2082 sc->runbmap &= ~bid; 2083 2084 /* abort TSF synchronization if there is no vap running */ 2085 if (--sc->running == 0) { 2086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2087 run_write(sc, RT2860_BCN_TIME_CFG, 2088 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2089 RT2860_TBTT_TIMER_EN)); 2090 } 2091 break; 2092 2093 case IEEE80211_S_RUN: 2094 if (!(sc->runbmap & bid)) { 2095 if(sc->running++) 2096 restart_ratectl = 1; 2097 sc->runbmap |= bid; 2098 } 2099 2100 m_freem(rvp->beacon_mbuf); 2101 rvp->beacon_mbuf = NULL; 2102 2103 switch (vap->iv_opmode) { 2104 case IEEE80211_M_HOSTAP: 2105 case IEEE80211_M_MBSS: 2106 sc->ap_running |= bid; 2107 ic->ic_opmode = vap->iv_opmode; 2108 run_update_beacon_cb(vap); 2109 break; 2110 case IEEE80211_M_IBSS: 2111 sc->adhoc_running |= bid; 2112 if (!sc->ap_running) 2113 ic->ic_opmode = vap->iv_opmode; 2114 run_update_beacon_cb(vap); 2115 break; 2116 case IEEE80211_M_STA: 2117 sc->sta_running |= bid; 2118 if (!sc->ap_running && !sc->adhoc_running) 2119 ic->ic_opmode = vap->iv_opmode; 2120 2121 /* read statistic counters (clear on read) */ 2122 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2123 (uint8_t *)sta, sizeof sta); 2124 2125 break; 2126 default: 2127 ic->ic_opmode = vap->iv_opmode; 2128 break; 2129 } 2130 2131 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2132 struct ieee80211_node *ni; 2133 2134 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2135 RUN_UNLOCK(sc); 2136 IEEE80211_LOCK(ic); 2137 return (-1); 2138 } 2139 run_updateslot(ic); 2140 run_enable_mrr(sc); 2141 run_set_txpreamble(sc); 2142 run_set_basicrates(sc); 2143 ni = ieee80211_ref_node(vap->iv_bss); 2144 IEEE80211_ADDR_COPY(ic->ic_macaddr, ni->ni_bssid); 2145 run_set_bssid(sc, ni->ni_bssid); 2146 ieee80211_free_node(ni); 2147 run_enable_tsf_sync(sc); 2148 2149 /* enable automatic rate adaptation */ 2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2152 ratectl |= bid; 2153 } else 2154 run_enable_tsf(sc); 2155 2156 /* turn link LED on */ 2157 run_set_leds(sc, RT2860_LED_RADIO | 2158 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2159 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2160 2161 break; 2162 default: 2163 DPRINTFN(6, "undefined case\n"); 2164 break; 2165 } 2166 2167 /* restart amrr for running VAPs */ 2168 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2169 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2170 2171 RUN_UNLOCK(sc); 2172 IEEE80211_LOCK(ic); 2173 2174 return(rvp->newstate(vap, nstate, arg)); 2175 } 2176 2177 /* ARGSUSED */ 2178 static void 2179 run_wme_update_cb(void *arg) 2180 { 2181 struct ieee80211com *ic = arg; 2182 struct run_softc *sc = ic->ic_softc; 2183 const struct wmeParams *ac = 2184 ic->ic_wme.wme_chanParams.cap_wmeParams; 2185 int aci, error = 0; 2186 2187 RUN_LOCK_ASSERT(sc, MA_OWNED); 2188 2189 /* update MAC TX configuration registers */ 2190 for (aci = 0; aci < WME_NUM_AC; aci++) { 2191 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2192 ac[aci].wmep_logcwmax << 16 | 2193 ac[aci].wmep_logcwmin << 12 | 2194 ac[aci].wmep_aifsn << 8 | 2195 ac[aci].wmep_txopLimit); 2196 if (error) goto err; 2197 } 2198 2199 /* update SCH/DMA registers too */ 2200 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2201 ac[WME_AC_VO].wmep_aifsn << 12 | 2202 ac[WME_AC_VI].wmep_aifsn << 8 | 2203 ac[WME_AC_BK].wmep_aifsn << 4 | 2204 ac[WME_AC_BE].wmep_aifsn); 2205 if (error) goto err; 2206 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2207 ac[WME_AC_VO].wmep_logcwmin << 12 | 2208 ac[WME_AC_VI].wmep_logcwmin << 8 | 2209 ac[WME_AC_BK].wmep_logcwmin << 4 | 2210 ac[WME_AC_BE].wmep_logcwmin); 2211 if (error) goto err; 2212 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2213 ac[WME_AC_VO].wmep_logcwmax << 12 | 2214 ac[WME_AC_VI].wmep_logcwmax << 8 | 2215 ac[WME_AC_BK].wmep_logcwmax << 4 | 2216 ac[WME_AC_BE].wmep_logcwmax); 2217 if (error) goto err; 2218 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2219 ac[WME_AC_BK].wmep_txopLimit << 16 | 2220 ac[WME_AC_BE].wmep_txopLimit); 2221 if (error) goto err; 2222 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2223 ac[WME_AC_VO].wmep_txopLimit << 16 | 2224 ac[WME_AC_VI].wmep_txopLimit); 2225 2226 err: 2227 if (error) 2228 DPRINTF("WME update failed\n"); 2229 2230 return; 2231 } 2232 2233 static int 2234 run_wme_update(struct ieee80211com *ic) 2235 { 2236 struct run_softc *sc = ic->ic_softc; 2237 2238 /* sometime called wothout lock */ 2239 if (mtx_owned(&ic->ic_comlock.mtx)) { 2240 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2241 DPRINTF("cmdq_store=%d\n", i); 2242 sc->cmdq[i].func = run_wme_update_cb; 2243 sc->cmdq[i].arg0 = ic; 2244 ieee80211_runtask(ic, &sc->cmdq_task); 2245 return (0); 2246 } 2247 2248 RUN_LOCK(sc); 2249 run_wme_update_cb(ic); 2250 RUN_UNLOCK(sc); 2251 2252 /* return whatever, upper layer doesn't care anyway */ 2253 return (0); 2254 } 2255 2256 static void 2257 run_key_set_cb(void *arg) 2258 { 2259 struct run_cmdq *cmdq = arg; 2260 struct ieee80211vap *vap = cmdq->arg1; 2261 struct ieee80211_key *k = cmdq->k; 2262 struct ieee80211com *ic = vap->iv_ic; 2263 struct run_softc *sc = ic->ic_softc; 2264 struct ieee80211_node *ni; 2265 u_int cipher = k->wk_cipher->ic_cipher; 2266 uint32_t attr; 2267 uint16_t base, associd; 2268 uint8_t mode, wcid, iv[8]; 2269 2270 RUN_LOCK_ASSERT(sc, MA_OWNED); 2271 2272 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2273 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2274 else 2275 ni = vap->iv_bss; 2276 associd = (ni != NULL) ? ni->ni_associd : 0; 2277 2278 /* map net80211 cipher to RT2860 security mode */ 2279 switch (cipher) { 2280 case IEEE80211_CIPHER_WEP: 2281 if(k->wk_keylen < 8) 2282 mode = RT2860_MODE_WEP40; 2283 else 2284 mode = RT2860_MODE_WEP104; 2285 break; 2286 case IEEE80211_CIPHER_TKIP: 2287 mode = RT2860_MODE_TKIP; 2288 break; 2289 case IEEE80211_CIPHER_AES_CCM: 2290 mode = RT2860_MODE_AES_CCMP; 2291 break; 2292 default: 2293 DPRINTF("undefined case\n"); 2294 return; 2295 } 2296 2297 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2298 associd, k->wk_keyix, mode, 2299 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2300 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2301 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2302 2303 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2304 wcid = 0; /* NB: update WCID0 for group keys */ 2305 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2306 } else { 2307 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2308 1 : RUN_AID2WCID(associd); 2309 base = RT2860_PKEY(wcid); 2310 } 2311 2312 if (cipher == IEEE80211_CIPHER_TKIP) { 2313 if(run_write_region_1(sc, base, k->wk_key, 16)) 2314 return; 2315 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2316 return; 2317 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2318 return; 2319 } else { 2320 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2321 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2322 return; 2323 } 2324 2325 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2326 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2327 /* set initial packet number in IV+EIV */ 2328 if (cipher == IEEE80211_CIPHER_WEP) { 2329 memset(iv, 0, sizeof iv); 2330 iv[3] = vap->iv_def_txkey << 6; 2331 } else { 2332 if (cipher == IEEE80211_CIPHER_TKIP) { 2333 iv[0] = k->wk_keytsc >> 8; 2334 iv[1] = (iv[0] | 0x20) & 0x7f; 2335 iv[2] = k->wk_keytsc; 2336 } else /* CCMP */ { 2337 iv[0] = k->wk_keytsc; 2338 iv[1] = k->wk_keytsc >> 8; 2339 iv[2] = 0; 2340 } 2341 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2342 iv[4] = k->wk_keytsc >> 16; 2343 iv[5] = k->wk_keytsc >> 24; 2344 iv[6] = k->wk_keytsc >> 32; 2345 iv[7] = k->wk_keytsc >> 40; 2346 } 2347 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2348 return; 2349 } 2350 2351 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2352 /* install group key */ 2353 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2354 return; 2355 attr &= ~(0xf << (k->wk_keyix * 4)); 2356 attr |= mode << (k->wk_keyix * 4); 2357 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2358 return; 2359 } else { 2360 /* install pairwise key */ 2361 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2362 return; 2363 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2364 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2365 return; 2366 } 2367 2368 /* TODO create a pass-thru key entry? */ 2369 2370 /* need wcid to delete the right key later */ 2371 k->wk_pad = wcid; 2372 } 2373 2374 /* 2375 * Don't have to be deferred, but in order to keep order of 2376 * execution, i.e. with run_key_delete(), defer this and let 2377 * run_cmdq_cb() maintain the order. 2378 * 2379 * return 0 on error 2380 */ 2381 static int 2382 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2383 { 2384 struct ieee80211com *ic = vap->iv_ic; 2385 struct run_softc *sc = ic->ic_softc; 2386 uint32_t i; 2387 2388 i = RUN_CMDQ_GET(&sc->cmdq_store); 2389 DPRINTF("cmdq_store=%d\n", i); 2390 sc->cmdq[i].func = run_key_set_cb; 2391 sc->cmdq[i].arg0 = NULL; 2392 sc->cmdq[i].arg1 = vap; 2393 sc->cmdq[i].k = k; 2394 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2395 ieee80211_runtask(ic, &sc->cmdq_task); 2396 2397 /* 2398 * To make sure key will be set when hostapd 2399 * calls iv_key_set() before if_init(). 2400 */ 2401 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2402 RUN_LOCK(sc); 2403 sc->cmdq_key_set = RUN_CMDQ_GO; 2404 RUN_UNLOCK(sc); 2405 } 2406 2407 return (1); 2408 } 2409 2410 /* 2411 * If wlan is destroyed without being brought down i.e. without 2412 * wlan down or wpa_cli terminate, this function is called after 2413 * vap is gone. Don't refer it. 2414 */ 2415 static void 2416 run_key_delete_cb(void *arg) 2417 { 2418 struct run_cmdq *cmdq = arg; 2419 struct run_softc *sc = cmdq->arg1; 2420 struct ieee80211_key *k = &cmdq->key; 2421 uint32_t attr; 2422 uint8_t wcid; 2423 2424 RUN_LOCK_ASSERT(sc, MA_OWNED); 2425 2426 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2427 /* remove group key */ 2428 DPRINTF("removing group key\n"); 2429 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2430 attr &= ~(0xf << (k->wk_keyix * 4)); 2431 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2432 } else { 2433 /* remove pairwise key */ 2434 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2435 /* matching wcid was written to wk_pad in run_key_set() */ 2436 wcid = k->wk_pad; 2437 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2438 attr &= ~0xf; 2439 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2440 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2441 } 2442 2443 k->wk_pad = 0; 2444 } 2445 2446 /* 2447 * return 0 on error 2448 */ 2449 static int 2450 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2451 { 2452 struct ieee80211com *ic = vap->iv_ic; 2453 struct run_softc *sc = ic->ic_softc; 2454 struct ieee80211_key *k0; 2455 uint32_t i; 2456 2457 /* 2458 * When called back, key might be gone. So, make a copy 2459 * of some values need to delete keys before deferring. 2460 * But, because of LOR with node lock, cannot use lock here. 2461 * So, use atomic instead. 2462 */ 2463 i = RUN_CMDQ_GET(&sc->cmdq_store); 2464 DPRINTF("cmdq_store=%d\n", i); 2465 sc->cmdq[i].func = run_key_delete_cb; 2466 sc->cmdq[i].arg0 = NULL; 2467 sc->cmdq[i].arg1 = sc; 2468 k0 = &sc->cmdq[i].key; 2469 k0->wk_flags = k->wk_flags; 2470 k0->wk_keyix = k->wk_keyix; 2471 /* matching wcid was written to wk_pad in run_key_set() */ 2472 k0->wk_pad = k->wk_pad; 2473 ieee80211_runtask(ic, &sc->cmdq_task); 2474 return (1); /* return fake success */ 2475 2476 } 2477 2478 static void 2479 run_ratectl_to(void *arg) 2480 { 2481 struct run_softc *sc = arg; 2482 2483 /* do it in a process context, so it can go sleep */ 2484 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2485 /* next timeout will be rescheduled in the callback task */ 2486 } 2487 2488 /* ARGSUSED */ 2489 static void 2490 run_ratectl_cb(void *arg, int pending) 2491 { 2492 struct run_softc *sc = arg; 2493 struct ieee80211com *ic = &sc->sc_ic; 2494 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2495 2496 if (vap == NULL) 2497 return; 2498 2499 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2500 /* 2501 * run_reset_livelock() doesn't do anything with AMRR, 2502 * but Ralink wants us to call it every 1 sec. So, we 2503 * piggyback here rather than creating another callout. 2504 * Livelock may occur only in HOSTAP or IBSS mode 2505 * (when h/w is sending beacons). 2506 */ 2507 RUN_LOCK(sc); 2508 run_reset_livelock(sc); 2509 /* just in case, there are some stats to drain */ 2510 run_drain_fifo(sc); 2511 RUN_UNLOCK(sc); 2512 } 2513 2514 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2515 2516 RUN_LOCK(sc); 2517 if(sc->ratectl_run != RUN_RATECTL_OFF) 2518 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2519 RUN_UNLOCK(sc); 2520 } 2521 2522 static void 2523 run_drain_fifo(void *arg) 2524 { 2525 struct run_softc *sc = arg; 2526 uint32_t stat; 2527 uint16_t (*wstat)[3]; 2528 uint8_t wcid, mcs, pid; 2529 int8_t retry; 2530 2531 RUN_LOCK_ASSERT(sc, MA_OWNED); 2532 2533 for (;;) { 2534 /* drain Tx status FIFO (maxsize = 16) */ 2535 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2536 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2537 if (!(stat & RT2860_TXQ_VLD)) 2538 break; 2539 2540 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2541 2542 /* if no ACK was requested, no feedback is available */ 2543 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2544 wcid == 0) 2545 continue; 2546 2547 /* 2548 * Even though each stat is Tx-complete-status like format, 2549 * the device can poll stats. Because there is no guarantee 2550 * that the referring node is still around when read the stats. 2551 * So that, if we use ieee80211_ratectl_tx_update(), we will 2552 * have hard time not to refer already freed node. 2553 * 2554 * To eliminate such page faults, we poll stats in softc. 2555 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2556 */ 2557 wstat = &(sc->wcid_stats[wcid]); 2558 (*wstat)[RUN_TXCNT]++; 2559 if (stat & RT2860_TXQ_OK) 2560 (*wstat)[RUN_SUCCESS]++; 2561 else 2562 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2563 /* 2564 * Check if there were retries, ie if the Tx success rate is 2565 * different from the requested rate. Note that it works only 2566 * because we do not allow rate fallback from OFDM to CCK. 2567 */ 2568 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2569 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2570 if ((retry = pid -1 - mcs) > 0) { 2571 (*wstat)[RUN_TXCNT] += retry; 2572 (*wstat)[RUN_RETRY] += retry; 2573 } 2574 } 2575 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2576 2577 sc->fifo_cnt = 0; 2578 } 2579 2580 static void 2581 run_iter_func(void *arg, struct ieee80211_node *ni) 2582 { 2583 struct run_softc *sc = arg; 2584 struct ieee80211vap *vap = ni->ni_vap; 2585 struct run_node *rn = RUN_NODE(ni); 2586 union run_stats sta[2]; 2587 uint16_t (*wstat)[3]; 2588 int txcnt, success, retrycnt, error; 2589 2590 RUN_LOCK(sc); 2591 2592 /* Check for special case */ 2593 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2594 ni != vap->iv_bss) 2595 goto fail; 2596 2597 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2598 vap->iv_opmode == IEEE80211_M_STA)) { 2599 /* read statistic counters (clear on read) and update AMRR state */ 2600 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2601 sizeof sta); 2602 if (error != 0) 2603 goto fail; 2604 2605 /* count failed TX as errors */ 2606 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2607 le16toh(sta[0].error.fail)); 2608 2609 retrycnt = le16toh(sta[1].tx.retry); 2610 success = le16toh(sta[1].tx.success); 2611 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2612 2613 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2614 retrycnt, success, le16toh(sta[0].error.fail)); 2615 } else { 2616 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2617 2618 if (wstat == &(sc->wcid_stats[0]) || 2619 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2620 goto fail; 2621 2622 txcnt = (*wstat)[RUN_TXCNT]; 2623 success = (*wstat)[RUN_SUCCESS]; 2624 retrycnt = (*wstat)[RUN_RETRY]; 2625 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2626 retrycnt, txcnt, success); 2627 2628 memset(wstat, 0, sizeof(*wstat)); 2629 } 2630 2631 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2632 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2633 2634 fail: 2635 RUN_UNLOCK(sc); 2636 2637 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2638 } 2639 2640 static void 2641 run_newassoc_cb(void *arg) 2642 { 2643 struct run_cmdq *cmdq = arg; 2644 struct ieee80211_node *ni = cmdq->arg1; 2645 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2646 uint8_t wcid = cmdq->wcid; 2647 2648 RUN_LOCK_ASSERT(sc, MA_OWNED); 2649 2650 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2651 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2652 2653 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2654 } 2655 2656 static void 2657 run_newassoc(struct ieee80211_node *ni, int isnew) 2658 { 2659 struct run_node *rn = RUN_NODE(ni); 2660 struct ieee80211_rateset *rs = &ni->ni_rates; 2661 struct ieee80211vap *vap = ni->ni_vap; 2662 struct ieee80211com *ic = vap->iv_ic; 2663 struct run_softc *sc = ic->ic_softc; 2664 uint8_t rate; 2665 uint8_t ridx; 2666 uint8_t wcid; 2667 int i, j; 2668 2669 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2670 1 : RUN_AID2WCID(ni->ni_associd); 2671 2672 if (wcid > RT2870_WCID_MAX) { 2673 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2674 return; 2675 } 2676 2677 /* only interested in true associations */ 2678 if (isnew && ni->ni_associd != 0) { 2679 2680 /* 2681 * This function could is called though timeout function. 2682 * Need to defer. 2683 */ 2684 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2685 DPRINTF("cmdq_store=%d\n", cnt); 2686 sc->cmdq[cnt].func = run_newassoc_cb; 2687 sc->cmdq[cnt].arg0 = NULL; 2688 sc->cmdq[cnt].arg1 = ni; 2689 sc->cmdq[cnt].wcid = wcid; 2690 ieee80211_runtask(ic, &sc->cmdq_task); 2691 } 2692 2693 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2694 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2695 2696 for (i = 0; i < rs->rs_nrates; i++) { 2697 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2698 /* convert 802.11 rate to hardware rate index */ 2699 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2700 if (rt2860_rates[ridx].rate == rate) 2701 break; 2702 rn->ridx[i] = ridx; 2703 /* determine rate of control response frames */ 2704 for (j = i; j >= 0; j--) { 2705 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2706 rt2860_rates[rn->ridx[i]].phy == 2707 rt2860_rates[rn->ridx[j]].phy) 2708 break; 2709 } 2710 if (j >= 0) { 2711 rn->ctl_ridx[i] = rn->ridx[j]; 2712 } else { 2713 /* no basic rate found, use mandatory one */ 2714 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2715 } 2716 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2717 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2718 } 2719 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2720 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2721 if (rt2860_rates[ridx].rate == rate) 2722 break; 2723 rn->mgt_ridx = ridx; 2724 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2725 2726 RUN_LOCK(sc); 2727 if(sc->ratectl_run != RUN_RATECTL_OFF) 2728 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2729 RUN_UNLOCK(sc); 2730 } 2731 2732 /* 2733 * Return the Rx chain with the highest RSSI for a given frame. 2734 */ 2735 static __inline uint8_t 2736 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2737 { 2738 uint8_t rxchain = 0; 2739 2740 if (sc->nrxchains > 1) { 2741 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2742 rxchain = 1; 2743 if (sc->nrxchains > 2) 2744 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2745 rxchain = 2; 2746 } 2747 return (rxchain); 2748 } 2749 2750 static void 2751 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2752 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2753 { 2754 struct ieee80211vap *vap = ni->ni_vap; 2755 struct run_softc *sc = vap->iv_ic->ic_softc; 2756 struct run_vap *rvp = RUN_VAP(vap); 2757 uint64_t ni_tstamp, rx_tstamp; 2758 2759 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2760 2761 if (vap->iv_state == IEEE80211_S_RUN && 2762 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2763 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2764 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2765 RUN_LOCK(sc); 2766 run_get_tsf(sc, &rx_tstamp); 2767 RUN_UNLOCK(sc); 2768 rx_tstamp = le64toh(rx_tstamp); 2769 2770 if (ni_tstamp >= rx_tstamp) { 2771 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2772 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2773 (void) ieee80211_ibss_merge(ni); 2774 } 2775 } 2776 } 2777 2778 static void 2779 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2780 { 2781 struct ieee80211com *ic = &sc->sc_ic; 2782 struct ieee80211_frame *wh; 2783 struct ieee80211_node *ni; 2784 struct rt2870_rxd *rxd; 2785 struct rt2860_rxwi *rxwi; 2786 uint32_t flags; 2787 uint16_t len, rxwisize; 2788 uint8_t ant, rssi; 2789 int8_t nf; 2790 2791 rxwi = mtod(m, struct rt2860_rxwi *); 2792 len = le16toh(rxwi->len) & 0xfff; 2793 rxwisize = sizeof(struct rt2860_rxwi); 2794 if (sc->mac_ver == 0x5592) 2795 rxwisize += sizeof(uint64_t); 2796 else if (sc->mac_ver == 0x3593) 2797 rxwisize += sizeof(uint32_t); 2798 if (__predict_false(len > dmalen)) { 2799 m_freem(m); 2800 counter_u64_add(ic->ic_ierrors, 1); 2801 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2802 return; 2803 } 2804 /* Rx descriptor is located at the end */ 2805 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2806 flags = le32toh(rxd->flags); 2807 2808 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2809 m_freem(m); 2810 counter_u64_add(ic->ic_ierrors, 1); 2811 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2812 return; 2813 } 2814 2815 m->m_data += rxwisize; 2816 m->m_pkthdr.len = m->m_len -= rxwisize; 2817 2818 wh = mtod(m, struct ieee80211_frame *); 2819 2820 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2821 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2822 m->m_flags |= M_WEP; 2823 } 2824 2825 if (flags & RT2860_RX_L2PAD) { 2826 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2827 len += 2; 2828 } 2829 2830 ni = ieee80211_find_rxnode(ic, 2831 mtod(m, struct ieee80211_frame_min *)); 2832 2833 if (__predict_false(flags & RT2860_RX_MICERR)) { 2834 /* report MIC failures to net80211 for TKIP */ 2835 if (ni != NULL) 2836 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2837 rxwi->keyidx); 2838 m_freem(m); 2839 counter_u64_add(ic->ic_ierrors, 1); 2840 DPRINTF("MIC error. Someone is lying.\n"); 2841 return; 2842 } 2843 2844 ant = run_maxrssi_chain(sc, rxwi); 2845 rssi = rxwi->rssi[ant]; 2846 nf = run_rssi2dbm(sc, rssi, ant); 2847 2848 m->m_pkthdr.len = m->m_len = len; 2849 2850 if (__predict_false(ieee80211_radiotap_active(ic))) { 2851 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2852 uint16_t phy; 2853 2854 tap->wr_flags = 0; 2855 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2856 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2857 tap->wr_antsignal = rssi; 2858 tap->wr_antenna = ant; 2859 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2860 tap->wr_rate = 2; /* in case it can't be found below */ 2861 run_get_tsf(sc, &tap->wr_tsf); 2862 phy = le16toh(rxwi->phy); 2863 switch (phy & RT2860_PHY_MODE) { 2864 case RT2860_PHY_CCK: 2865 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2866 case 0: tap->wr_rate = 2; break; 2867 case 1: tap->wr_rate = 4; break; 2868 case 2: tap->wr_rate = 11; break; 2869 case 3: tap->wr_rate = 22; break; 2870 } 2871 if (phy & RT2860_PHY_SHPRE) 2872 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2873 break; 2874 case RT2860_PHY_OFDM: 2875 switch (phy & RT2860_PHY_MCS) { 2876 case 0: tap->wr_rate = 12; break; 2877 case 1: tap->wr_rate = 18; break; 2878 case 2: tap->wr_rate = 24; break; 2879 case 3: tap->wr_rate = 36; break; 2880 case 4: tap->wr_rate = 48; break; 2881 case 5: tap->wr_rate = 72; break; 2882 case 6: tap->wr_rate = 96; break; 2883 case 7: tap->wr_rate = 108; break; 2884 } 2885 break; 2886 } 2887 } 2888 2889 if (ni != NULL) { 2890 (void)ieee80211_input(ni, m, rssi, nf); 2891 ieee80211_free_node(ni); 2892 } else { 2893 (void)ieee80211_input_all(ic, m, rssi, nf); 2894 } 2895 } 2896 2897 static void 2898 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2899 { 2900 struct run_softc *sc = usbd_xfer_softc(xfer); 2901 struct ieee80211com *ic = &sc->sc_ic; 2902 struct mbuf *m = NULL; 2903 struct mbuf *m0; 2904 uint32_t dmalen; 2905 uint16_t rxwisize; 2906 int xferlen; 2907 2908 rxwisize = sizeof(struct rt2860_rxwi); 2909 if (sc->mac_ver == 0x5592) 2910 rxwisize += sizeof(uint64_t); 2911 else if (sc->mac_ver == 0x3593) 2912 rxwisize += sizeof(uint32_t); 2913 2914 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2915 2916 switch (USB_GET_STATE(xfer)) { 2917 case USB_ST_TRANSFERRED: 2918 2919 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2920 2921 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2922 sizeof(struct rt2870_rxd))) { 2923 DPRINTF("xfer too short %d\n", xferlen); 2924 goto tr_setup; 2925 } 2926 2927 m = sc->rx_m; 2928 sc->rx_m = NULL; 2929 2930 /* FALLTHROUGH */ 2931 case USB_ST_SETUP: 2932 tr_setup: 2933 if (sc->rx_m == NULL) { 2934 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2935 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2936 } 2937 if (sc->rx_m == NULL) { 2938 DPRINTF("could not allocate mbuf - idle with stall\n"); 2939 counter_u64_add(ic->ic_ierrors, 1); 2940 usbd_xfer_set_stall(xfer); 2941 usbd_xfer_set_frames(xfer, 0); 2942 } else { 2943 /* 2944 * Directly loading a mbuf cluster into DMA to 2945 * save some data copying. This works because 2946 * there is only one cluster. 2947 */ 2948 usbd_xfer_set_frame_data(xfer, 0, 2949 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2950 usbd_xfer_set_frames(xfer, 1); 2951 } 2952 usbd_transfer_submit(xfer); 2953 break; 2954 2955 default: /* Error */ 2956 if (error != USB_ERR_CANCELLED) { 2957 /* try to clear stall first */ 2958 usbd_xfer_set_stall(xfer); 2959 if (error == USB_ERR_TIMEOUT) 2960 device_printf(sc->sc_dev, "device timeout\n"); 2961 counter_u64_add(ic->ic_ierrors, 1); 2962 goto tr_setup; 2963 } 2964 if (sc->rx_m != NULL) { 2965 m_freem(sc->rx_m); 2966 sc->rx_m = NULL; 2967 } 2968 break; 2969 } 2970 2971 if (m == NULL) 2972 return; 2973 2974 /* inputting all the frames must be last */ 2975 2976 RUN_UNLOCK(sc); 2977 2978 m->m_pkthdr.len = m->m_len = xferlen; 2979 2980 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2981 for(;;) { 2982 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2983 2984 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2985 ((dmalen & 3) != 0)) { 2986 DPRINTF("bad DMA length %u\n", dmalen); 2987 break; 2988 } 2989 if ((dmalen + 8) > (uint32_t)xferlen) { 2990 DPRINTF("bad DMA length %u > %d\n", 2991 dmalen + 8, xferlen); 2992 break; 2993 } 2994 2995 /* If it is the last one or a single frame, we won't copy. */ 2996 if ((xferlen -= dmalen + 8) <= 8) { 2997 /* trim 32-bit DMA-len header */ 2998 m->m_data += 4; 2999 m->m_pkthdr.len = m->m_len -= 4; 3000 run_rx_frame(sc, m, dmalen); 3001 m = NULL; /* don't free source buffer */ 3002 break; 3003 } 3004 3005 /* copy aggregated frames to another mbuf */ 3006 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3007 if (__predict_false(m0 == NULL)) { 3008 DPRINTF("could not allocate mbuf\n"); 3009 counter_u64_add(ic->ic_ierrors, 1); 3010 break; 3011 } 3012 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3013 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3014 m0->m_pkthdr.len = m0->m_len = 3015 dmalen + sizeof(struct rt2870_rxd); 3016 run_rx_frame(sc, m0, dmalen); 3017 3018 /* update data ptr */ 3019 m->m_data += dmalen + 8; 3020 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3021 } 3022 3023 /* make sure we free the source buffer, if any */ 3024 m_freem(m); 3025 3026 RUN_LOCK(sc); 3027 } 3028 3029 static void 3030 run_tx_free(struct run_endpoint_queue *pq, 3031 struct run_tx_data *data, int txerr) 3032 { 3033 3034 ieee80211_tx_complete(data->ni, data->m, txerr); 3035 3036 data->m = NULL; 3037 data->ni = NULL; 3038 3039 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3040 pq->tx_nfree++; 3041 } 3042 3043 static void 3044 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3045 { 3046 struct run_softc *sc = usbd_xfer_softc(xfer); 3047 struct ieee80211com *ic = &sc->sc_ic; 3048 struct run_tx_data *data; 3049 struct ieee80211vap *vap = NULL; 3050 struct usb_page_cache *pc; 3051 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3052 struct mbuf *m; 3053 usb_frlength_t size; 3054 int actlen; 3055 int sumlen; 3056 3057 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3058 3059 switch (USB_GET_STATE(xfer)) { 3060 case USB_ST_TRANSFERRED: 3061 DPRINTFN(11, "transfer complete: %d " 3062 "bytes @ index %d\n", actlen, index); 3063 3064 data = usbd_xfer_get_priv(xfer); 3065 run_tx_free(pq, data, 0); 3066 usbd_xfer_set_priv(xfer, NULL); 3067 3068 /* FALLTHROUGH */ 3069 case USB_ST_SETUP: 3070 tr_setup: 3071 data = STAILQ_FIRST(&pq->tx_qh); 3072 if (data == NULL) 3073 break; 3074 3075 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3076 3077 m = data->m; 3078 size = (sc->mac_ver == 0x5592) ? 3079 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3080 if ((m->m_pkthdr.len + 3081 size + 3 + 8) > RUN_MAX_TXSZ) { 3082 DPRINTF("data overflow, %u bytes\n", 3083 m->m_pkthdr.len); 3084 run_tx_free(pq, data, 1); 3085 goto tr_setup; 3086 } 3087 3088 pc = usbd_xfer_get_frame(xfer, 0); 3089 usbd_copy_in(pc, 0, &data->desc, size); 3090 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3091 size += m->m_pkthdr.len; 3092 /* 3093 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3094 * 4-byte padding), and be sure to zero those trailing 3095 * bytes: 3096 */ 3097 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3098 size += ((-size) & 3) + 8; 3099 3100 vap = data->ni->ni_vap; 3101 if (ieee80211_radiotap_active_vap(vap)) { 3102 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3103 struct rt2860_txwi *txwi = 3104 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3105 tap->wt_flags = 0; 3106 tap->wt_rate = rt2860_rates[data->ridx].rate; 3107 run_get_tsf(sc, &tap->wt_tsf); 3108 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3109 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3110 tap->wt_hwqueue = index; 3111 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3112 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3113 3114 ieee80211_radiotap_tx(vap, m); 3115 } 3116 3117 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3118 m->m_pkthdr.len, size, index); 3119 3120 usbd_xfer_set_frame_len(xfer, 0, size); 3121 usbd_xfer_set_priv(xfer, data); 3122 usbd_transfer_submit(xfer); 3123 run_start(sc); 3124 3125 break; 3126 3127 default: 3128 DPRINTF("USB transfer error, %s\n", 3129 usbd_errstr(error)); 3130 3131 data = usbd_xfer_get_priv(xfer); 3132 3133 if (data != NULL) { 3134 if(data->ni != NULL) 3135 vap = data->ni->ni_vap; 3136 run_tx_free(pq, data, error); 3137 usbd_xfer_set_priv(xfer, NULL); 3138 } 3139 3140 if (vap == NULL) 3141 vap = TAILQ_FIRST(&ic->ic_vaps); 3142 3143 if (error != USB_ERR_CANCELLED) { 3144 if (error == USB_ERR_TIMEOUT) { 3145 device_printf(sc->sc_dev, "device timeout\n"); 3146 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3147 DPRINTF("cmdq_store=%d\n", i); 3148 sc->cmdq[i].func = run_usb_timeout_cb; 3149 sc->cmdq[i].arg0 = vap; 3150 ieee80211_runtask(ic, &sc->cmdq_task); 3151 } 3152 3153 /* 3154 * Try to clear stall first, also if other 3155 * errors occur, hence clearing stall 3156 * introduces a 50 ms delay: 3157 */ 3158 usbd_xfer_set_stall(xfer); 3159 goto tr_setup; 3160 } 3161 break; 3162 } 3163 } 3164 3165 static void 3166 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3167 { 3168 run_bulk_tx_callbackN(xfer, error, 0); 3169 } 3170 3171 static void 3172 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3173 { 3174 run_bulk_tx_callbackN(xfer, error, 1); 3175 } 3176 3177 static void 3178 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3179 { 3180 run_bulk_tx_callbackN(xfer, error, 2); 3181 } 3182 3183 static void 3184 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3185 { 3186 run_bulk_tx_callbackN(xfer, error, 3); 3187 } 3188 3189 static void 3190 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3191 { 3192 run_bulk_tx_callbackN(xfer, error, 4); 3193 } 3194 3195 static void 3196 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3197 { 3198 run_bulk_tx_callbackN(xfer, error, 5); 3199 } 3200 3201 static void 3202 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3203 { 3204 struct mbuf *m = data->m; 3205 struct ieee80211com *ic = &sc->sc_ic; 3206 struct ieee80211vap *vap = data->ni->ni_vap; 3207 struct ieee80211_frame *wh; 3208 struct rt2870_txd *txd; 3209 struct rt2860_txwi *txwi; 3210 uint16_t xferlen, txwisize; 3211 uint16_t mcs; 3212 uint8_t ridx = data->ridx; 3213 uint8_t pad; 3214 3215 /* get MCS code from rate index */ 3216 mcs = rt2860_rates[ridx].mcs; 3217 3218 txwisize = (sc->mac_ver == 0x5592) ? 3219 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3220 xferlen = txwisize + m->m_pkthdr.len; 3221 3222 /* roundup to 32-bit alignment */ 3223 xferlen = (xferlen + 3) & ~3; 3224 3225 txd = (struct rt2870_txd *)&data->desc; 3226 txd->len = htole16(xferlen); 3227 3228 wh = mtod(m, struct ieee80211_frame *); 3229 3230 /* 3231 * Ether both are true or both are false, the header 3232 * are nicely aligned to 32-bit. So, no L2 padding. 3233 */ 3234 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3235 pad = 0; 3236 else 3237 pad = 2; 3238 3239 /* setup TX Wireless Information */ 3240 txwi = (struct rt2860_txwi *)(txd + 1); 3241 txwi->len = htole16(m->m_pkthdr.len - pad); 3242 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3243 mcs |= RT2860_PHY_CCK; 3244 if (ridx != RT2860_RIDX_CCK1 && 3245 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3246 mcs |= RT2860_PHY_SHPRE; 3247 } else 3248 mcs |= RT2860_PHY_OFDM; 3249 txwi->phy = htole16(mcs); 3250 3251 /* check if RTS/CTS or CTS-to-self protection is required */ 3252 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3253 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3254 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3255 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3256 txwi->txop |= RT2860_TX_TXOP_HT; 3257 else 3258 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3259 3260 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3261 txwi->xflags |= RT2860_TX_NSEQ; 3262 } 3263 3264 /* This function must be called locked */ 3265 static int 3266 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3267 { 3268 struct ieee80211com *ic = &sc->sc_ic; 3269 struct ieee80211vap *vap = ni->ni_vap; 3270 struct ieee80211_frame *wh; 3271 struct ieee80211_channel *chan; 3272 const struct ieee80211_txparam *tp; 3273 struct run_node *rn = RUN_NODE(ni); 3274 struct run_tx_data *data; 3275 struct rt2870_txd *txd; 3276 struct rt2860_txwi *txwi; 3277 uint16_t qos; 3278 uint16_t dur; 3279 uint16_t qid; 3280 uint8_t type; 3281 uint8_t tid; 3282 uint8_t ridx; 3283 uint8_t ctl_ridx; 3284 uint8_t qflags; 3285 uint8_t xflags = 0; 3286 int hasqos; 3287 3288 RUN_LOCK_ASSERT(sc, MA_OWNED); 3289 3290 wh = mtod(m, struct ieee80211_frame *); 3291 3292 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3293 3294 /* 3295 * There are 7 bulk endpoints: 1 for RX 3296 * and 6 for TX (4 EDCAs + HCCA + Prio). 3297 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3298 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3299 */ 3300 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3301 uint8_t *frm; 3302 3303 if(IEEE80211_HAS_ADDR4(wh)) 3304 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3305 else 3306 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3307 3308 qos = le16toh(*(const uint16_t *)frm); 3309 tid = qos & IEEE80211_QOS_TID; 3310 qid = TID_TO_WME_AC(tid); 3311 } else { 3312 qos = 0; 3313 tid = 0; 3314 qid = WME_AC_BE; 3315 } 3316 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3317 3318 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3319 qos, qid, tid, qflags); 3320 3321 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3322 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3323 3324 /* pickup a rate index */ 3325 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3326 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3327 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3328 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3329 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3330 } else { 3331 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3332 ridx = rn->fix_ridx; 3333 else 3334 ridx = rn->amrr_ridx; 3335 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3336 } 3337 3338 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3339 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3340 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3341 xflags |= RT2860_TX_ACK; 3342 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3343 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3344 else 3345 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3346 USETW(wh->i_dur, dur); 3347 } 3348 3349 /* reserve slots for mgmt packets, just in case */ 3350 if (sc->sc_epq[qid].tx_nfree < 3) { 3351 DPRINTFN(10, "tx ring %d is full\n", qid); 3352 return (-1); 3353 } 3354 3355 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3356 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3357 sc->sc_epq[qid].tx_nfree--; 3358 3359 txd = (struct rt2870_txd *)&data->desc; 3360 txd->flags = qflags; 3361 txwi = (struct rt2860_txwi *)(txd + 1); 3362 txwi->xflags = xflags; 3363 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3364 txwi->wcid = 0; 3365 else 3366 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3367 1 : RUN_AID2WCID(ni->ni_associd); 3368 3369 /* clear leftover garbage bits */ 3370 txwi->flags = 0; 3371 txwi->txop = 0; 3372 3373 data->m = m; 3374 data->ni = ni; 3375 data->ridx = ridx; 3376 3377 run_set_tx_desc(sc, data); 3378 3379 /* 3380 * The chip keeps track of 2 kind of Tx stats, 3381 * * TX_STAT_FIFO, for per WCID stats, and 3382 * * TX_STA_CNT0 for all-TX-in-one stats. 3383 * 3384 * To use FIFO stats, we need to store MCS into the driver-private 3385 * PacketID field. So that, we can tell whose stats when we read them. 3386 * We add 1 to the MCS because setting the PacketID field to 0 means 3387 * that we don't want feedback in TX_STAT_FIFO. 3388 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3389 * 3390 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3391 */ 3392 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3393 vap->iv_opmode == IEEE80211_M_MBSS) { 3394 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3395 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3396 3397 /* 3398 * Unlike PCI based devices, we don't get any interrupt from 3399 * USB devices, so we simulate FIFO-is-full interrupt here. 3400 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3401 * quickly get fulled. To prevent overflow, increment a counter on 3402 * every FIFO stat request, so we know how many slots are left. 3403 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3404 * are used only in those modes. 3405 * We just drain stats. AMRR gets updated every 1 sec by 3406 * run_ratectl_cb() via callout. 3407 * Call it early. Otherwise overflow. 3408 */ 3409 if (sc->fifo_cnt++ == 10) { 3410 /* 3411 * With multiple vaps or if_bridge, if_start() is called 3412 * with a non-sleepable lock, tcpinp. So, need to defer. 3413 */ 3414 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3415 DPRINTFN(6, "cmdq_store=%d\n", i); 3416 sc->cmdq[i].func = run_drain_fifo; 3417 sc->cmdq[i].arg0 = sc; 3418 ieee80211_runtask(ic, &sc->cmdq_task); 3419 } 3420 } 3421 3422 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3423 3424 usbd_transfer_start(sc->sc_xfer[qid]); 3425 3426 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3427 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3428 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3429 3430 return (0); 3431 } 3432 3433 static int 3434 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3435 { 3436 struct ieee80211com *ic = &sc->sc_ic; 3437 struct run_node *rn = RUN_NODE(ni); 3438 struct run_tx_data *data; 3439 struct ieee80211_frame *wh; 3440 struct rt2870_txd *txd; 3441 struct rt2860_txwi *txwi; 3442 uint16_t dur; 3443 uint8_t ridx = rn->mgt_ridx; 3444 uint8_t type; 3445 uint8_t xflags = 0; 3446 uint8_t wflags = 0; 3447 3448 RUN_LOCK_ASSERT(sc, MA_OWNED); 3449 3450 wh = mtod(m, struct ieee80211_frame *); 3451 3452 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3453 3454 /* tell hardware to add timestamp for probe responses */ 3455 if ((wh->i_fc[0] & 3456 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3457 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3458 wflags |= RT2860_TX_TS; 3459 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3460 xflags |= RT2860_TX_ACK; 3461 3462 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3463 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3464 USETW(wh->i_dur, dur); 3465 } 3466 3467 if (sc->sc_epq[0].tx_nfree == 0) 3468 /* let caller free mbuf */ 3469 return (EIO); 3470 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3471 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3472 sc->sc_epq[0].tx_nfree--; 3473 3474 txd = (struct rt2870_txd *)&data->desc; 3475 txd->flags = RT2860_TX_QSEL_EDCA; 3476 txwi = (struct rt2860_txwi *)(txd + 1); 3477 txwi->wcid = 0xff; 3478 txwi->flags = wflags; 3479 txwi->xflags = xflags; 3480 txwi->txop = 0; /* clear leftover garbage bits */ 3481 3482 data->m = m; 3483 data->ni = ni; 3484 data->ridx = ridx; 3485 3486 run_set_tx_desc(sc, data); 3487 3488 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3489 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3490 rt2860_rates[ridx].rate); 3491 3492 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3493 3494 usbd_transfer_start(sc->sc_xfer[0]); 3495 3496 return (0); 3497 } 3498 3499 static int 3500 run_sendprot(struct run_softc *sc, 3501 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3502 { 3503 struct ieee80211com *ic = ni->ni_ic; 3504 struct ieee80211_frame *wh; 3505 struct run_tx_data *data; 3506 struct rt2870_txd *txd; 3507 struct rt2860_txwi *txwi; 3508 struct mbuf *mprot; 3509 int ridx; 3510 int protrate; 3511 int ackrate; 3512 int pktlen; 3513 int isshort; 3514 uint16_t dur; 3515 uint8_t type; 3516 uint8_t wflags = 0; 3517 uint8_t xflags = 0; 3518 3519 RUN_LOCK_ASSERT(sc, MA_OWNED); 3520 3521 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3522 ("protection %d", prot)); 3523 3524 wh = mtod(m, struct ieee80211_frame *); 3525 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3526 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3527 3528 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3529 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3530 3531 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3532 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3533 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3534 wflags = RT2860_TX_FRAG; 3535 3536 /* check that there are free slots before allocating the mbuf */ 3537 if (sc->sc_epq[0].tx_nfree == 0) 3538 /* let caller free mbuf */ 3539 return (ENOBUFS); 3540 3541 if (prot == IEEE80211_PROT_RTSCTS) { 3542 /* NB: CTS is the same size as an ACK */ 3543 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3544 xflags |= RT2860_TX_ACK; 3545 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3546 } else { 3547 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3548 } 3549 if (mprot == NULL) { 3550 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3551 DPRINTF("could not allocate mbuf\n"); 3552 return (ENOBUFS); 3553 } 3554 3555 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3556 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3557 sc->sc_epq[0].tx_nfree--; 3558 3559 txd = (struct rt2870_txd *)&data->desc; 3560 txd->flags = RT2860_TX_QSEL_EDCA; 3561 txwi = (struct rt2860_txwi *)(txd + 1); 3562 txwi->wcid = 0xff; 3563 txwi->flags = wflags; 3564 txwi->xflags = xflags; 3565 txwi->txop = 0; /* clear leftover garbage bits */ 3566 3567 data->m = mprot; 3568 data->ni = ieee80211_ref_node(ni); 3569 3570 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3571 if (rt2860_rates[ridx].rate == protrate) 3572 break; 3573 data->ridx = ridx; 3574 3575 run_set_tx_desc(sc, data); 3576 3577 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3578 m->m_pkthdr.len, rate); 3579 3580 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3581 3582 usbd_transfer_start(sc->sc_xfer[0]); 3583 3584 return (0); 3585 } 3586 3587 static int 3588 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3589 const struct ieee80211_bpf_params *params) 3590 { 3591 struct ieee80211com *ic = ni->ni_ic; 3592 struct ieee80211_frame *wh; 3593 struct run_tx_data *data; 3594 struct rt2870_txd *txd; 3595 struct rt2860_txwi *txwi; 3596 uint8_t type; 3597 uint8_t ridx; 3598 uint8_t rate; 3599 uint8_t opflags = 0; 3600 uint8_t xflags = 0; 3601 int error; 3602 3603 RUN_LOCK_ASSERT(sc, MA_OWNED); 3604 3605 KASSERT(params != NULL, ("no raw xmit params")); 3606 3607 wh = mtod(m, struct ieee80211_frame *); 3608 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3609 3610 rate = params->ibp_rate0; 3611 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3612 /* let caller free mbuf */ 3613 return (EINVAL); 3614 } 3615 3616 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3617 xflags |= RT2860_TX_ACK; 3618 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3619 error = run_sendprot(sc, m, ni, 3620 params->ibp_flags & IEEE80211_BPF_RTS ? 3621 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3622 rate); 3623 if (error) { 3624 /* let caller free mbuf */ 3625 return error; 3626 } 3627 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3628 } 3629 3630 if (sc->sc_epq[0].tx_nfree == 0) { 3631 /* let caller free mbuf */ 3632 DPRINTF("sending raw frame, but tx ring is full\n"); 3633 return (EIO); 3634 } 3635 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3636 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3637 sc->sc_epq[0].tx_nfree--; 3638 3639 txd = (struct rt2870_txd *)&data->desc; 3640 txd->flags = RT2860_TX_QSEL_EDCA; 3641 txwi = (struct rt2860_txwi *)(txd + 1); 3642 txwi->wcid = 0xff; 3643 txwi->xflags = xflags; 3644 txwi->txop = opflags; 3645 txwi->flags = 0; /* clear leftover garbage bits */ 3646 3647 data->m = m; 3648 data->ni = ni; 3649 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3650 if (rt2860_rates[ridx].rate == rate) 3651 break; 3652 data->ridx = ridx; 3653 3654 run_set_tx_desc(sc, data); 3655 3656 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3657 m->m_pkthdr.len, rate); 3658 3659 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3660 3661 usbd_transfer_start(sc->sc_xfer[0]); 3662 3663 return (0); 3664 } 3665 3666 static int 3667 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3668 const struct ieee80211_bpf_params *params) 3669 { 3670 struct run_softc *sc = ni->ni_ic->ic_softc; 3671 int error = 0; 3672 3673 RUN_LOCK(sc); 3674 3675 /* prevent management frames from being sent if we're not ready */ 3676 if (!(sc->sc_flags & RUN_RUNNING)) { 3677 error = ENETDOWN; 3678 goto done; 3679 } 3680 3681 if (params == NULL) { 3682 /* tx mgt packet */ 3683 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3684 DPRINTF("mgt tx failed\n"); 3685 goto done; 3686 } 3687 } else { 3688 /* tx raw packet with param */ 3689 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3690 DPRINTF("tx with param failed\n"); 3691 goto done; 3692 } 3693 } 3694 3695 done: 3696 RUN_UNLOCK(sc); 3697 3698 if (error != 0) { 3699 if(m != NULL) 3700 m_freem(m); 3701 } 3702 3703 return (error); 3704 } 3705 3706 static int 3707 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3708 { 3709 struct run_softc *sc = ic->ic_softc; 3710 int error; 3711 3712 RUN_LOCK(sc); 3713 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3714 RUN_UNLOCK(sc); 3715 return (ENXIO); 3716 } 3717 error = mbufq_enqueue(&sc->sc_snd, m); 3718 if (error) { 3719 RUN_UNLOCK(sc); 3720 return (error); 3721 } 3722 run_start(sc); 3723 RUN_UNLOCK(sc); 3724 3725 return (0); 3726 } 3727 3728 static void 3729 run_start(struct run_softc *sc) 3730 { 3731 struct ieee80211_node *ni; 3732 struct mbuf *m; 3733 3734 RUN_LOCK_ASSERT(sc, MA_OWNED); 3735 3736 if ((sc->sc_flags & RUN_RUNNING) == 0) 3737 return; 3738 3739 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3740 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3741 if (run_tx(sc, m, ni) != 0) { 3742 mbufq_prepend(&sc->sc_snd, m); 3743 break; 3744 } 3745 } 3746 } 3747 3748 static void 3749 run_parent(struct ieee80211com *ic) 3750 { 3751 struct run_softc *sc = ic->ic_softc; 3752 int startall = 0; 3753 3754 RUN_LOCK(sc); 3755 if (sc->sc_detached) { 3756 RUN_UNLOCK(sc); 3757 return; 3758 } 3759 3760 if (ic->ic_nrunning > 0) { 3761 if (!(sc->sc_flags & RUN_RUNNING)) { 3762 startall = 1; 3763 run_init_locked(sc); 3764 } else 3765 run_update_promisc_locked(sc); 3766 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3767 run_stop(sc); 3768 RUN_UNLOCK(sc); 3769 if (startall) 3770 ieee80211_start_all(ic); 3771 } 3772 3773 static void 3774 run_iq_calib(struct run_softc *sc, u_int chan) 3775 { 3776 uint16_t val; 3777 3778 /* Tx0 IQ gain. */ 3779 run_bbp_write(sc, 158, 0x2c); 3780 if (chan <= 14) 3781 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3782 else if (chan <= 64) { 3783 run_efuse_read(sc, 3784 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3785 &val, 1); 3786 } else if (chan <= 138) { 3787 run_efuse_read(sc, 3788 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3789 &val, 1); 3790 } else if (chan <= 165) { 3791 run_efuse_read(sc, 3792 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3793 &val, 1); 3794 } else 3795 val = 0; 3796 run_bbp_write(sc, 159, val); 3797 3798 /* Tx0 IQ phase. */ 3799 run_bbp_write(sc, 158, 0x2d); 3800 if (chan <= 14) { 3801 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3802 &val, 1); 3803 } else if (chan <= 64) { 3804 run_efuse_read(sc, 3805 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3806 &val, 1); 3807 } else if (chan <= 138) { 3808 run_efuse_read(sc, 3809 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3810 &val, 1); 3811 } else if (chan <= 165) { 3812 run_efuse_read(sc, 3813 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3814 &val, 1); 3815 } else 3816 val = 0; 3817 run_bbp_write(sc, 159, val); 3818 3819 /* Tx1 IQ gain. */ 3820 run_bbp_write(sc, 158, 0x4a); 3821 if (chan <= 14) { 3822 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3823 &val, 1); 3824 } else if (chan <= 64) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3827 &val, 1); 3828 } else if (chan <= 138) { 3829 run_efuse_read(sc, 3830 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3831 &val, 1); 3832 } else if (chan <= 165) { 3833 run_efuse_read(sc, 3834 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3835 &val, 1); 3836 } else 3837 val = 0; 3838 run_bbp_write(sc, 159, val); 3839 3840 /* Tx1 IQ phase. */ 3841 run_bbp_write(sc, 158, 0x4b); 3842 if (chan <= 14) { 3843 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3844 &val, 1); 3845 } else if (chan <= 64) { 3846 run_efuse_read(sc, 3847 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3848 &val, 1); 3849 } else if (chan <= 138) { 3850 run_efuse_read(sc, 3851 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3852 &val, 1); 3853 } else if (chan <= 165) { 3854 run_efuse_read(sc, 3855 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3856 &val, 1); 3857 } else 3858 val = 0; 3859 run_bbp_write(sc, 159, val); 3860 3861 /* RF IQ compensation control. */ 3862 run_bbp_write(sc, 158, 0x04); 3863 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3864 &val, 1); 3865 run_bbp_write(sc, 159, val); 3866 3867 /* RF IQ imbalance compensation control. */ 3868 run_bbp_write(sc, 158, 0x03); 3869 run_efuse_read(sc, 3870 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3871 run_bbp_write(sc, 159, val); 3872 } 3873 3874 static void 3875 run_set_agc(struct run_softc *sc, uint8_t agc) 3876 { 3877 uint8_t bbp; 3878 3879 if (sc->mac_ver == 0x3572) { 3880 run_bbp_read(sc, 27, &bbp); 3881 bbp &= ~(0x3 << 5); 3882 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3883 run_bbp_write(sc, 66, agc); 3884 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3885 run_bbp_write(sc, 66, agc); 3886 } else 3887 run_bbp_write(sc, 66, agc); 3888 } 3889 3890 static void 3891 run_select_chan_group(struct run_softc *sc, int group) 3892 { 3893 uint32_t tmp; 3894 uint8_t agc; 3895 3896 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3897 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3898 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3899 if (sc->mac_ver < 0x3572) 3900 run_bbp_write(sc, 86, 0x00); 3901 3902 if (sc->mac_ver == 0x3593) { 3903 run_bbp_write(sc, 77, 0x98); 3904 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3905 } 3906 3907 if (group == 0) { 3908 if (sc->ext_2ghz_lna) { 3909 if (sc->mac_ver >= 0x5390) 3910 run_bbp_write(sc, 75, 0x52); 3911 else { 3912 run_bbp_write(sc, 82, 0x62); 3913 run_bbp_write(sc, 75, 0x46); 3914 } 3915 } else { 3916 if (sc->mac_ver == 0x5592) { 3917 run_bbp_write(sc, 79, 0x1c); 3918 run_bbp_write(sc, 80, 0x0e); 3919 run_bbp_write(sc, 81, 0x3a); 3920 run_bbp_write(sc, 82, 0x62); 3921 3922 run_bbp_write(sc, 195, 0x80); 3923 run_bbp_write(sc, 196, 0xe0); 3924 run_bbp_write(sc, 195, 0x81); 3925 run_bbp_write(sc, 196, 0x1f); 3926 run_bbp_write(sc, 195, 0x82); 3927 run_bbp_write(sc, 196, 0x38); 3928 run_bbp_write(sc, 195, 0x83); 3929 run_bbp_write(sc, 196, 0x32); 3930 run_bbp_write(sc, 195, 0x85); 3931 run_bbp_write(sc, 196, 0x28); 3932 run_bbp_write(sc, 195, 0x86); 3933 run_bbp_write(sc, 196, 0x19); 3934 } else if (sc->mac_ver >= 0x5390) 3935 run_bbp_write(sc, 75, 0x50); 3936 else { 3937 run_bbp_write(sc, 82, 3938 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3939 run_bbp_write(sc, 75, 0x50); 3940 } 3941 } 3942 } else { 3943 if (sc->mac_ver == 0x5592) { 3944 run_bbp_write(sc, 79, 0x18); 3945 run_bbp_write(sc, 80, 0x08); 3946 run_bbp_write(sc, 81, 0x38); 3947 run_bbp_write(sc, 82, 0x92); 3948 3949 run_bbp_write(sc, 195, 0x80); 3950 run_bbp_write(sc, 196, 0xf0); 3951 run_bbp_write(sc, 195, 0x81); 3952 run_bbp_write(sc, 196, 0x1e); 3953 run_bbp_write(sc, 195, 0x82); 3954 run_bbp_write(sc, 196, 0x28); 3955 run_bbp_write(sc, 195, 0x83); 3956 run_bbp_write(sc, 196, 0x20); 3957 run_bbp_write(sc, 195, 0x85); 3958 run_bbp_write(sc, 196, 0x7f); 3959 run_bbp_write(sc, 195, 0x86); 3960 run_bbp_write(sc, 196, 0x7f); 3961 } else if (sc->mac_ver == 0x3572) 3962 run_bbp_write(sc, 82, 0x94); 3963 else 3964 run_bbp_write(sc, 82, 3965 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3966 if (sc->ext_5ghz_lna) 3967 run_bbp_write(sc, 75, 0x46); 3968 else 3969 run_bbp_write(sc, 75, 0x50); 3970 } 3971 3972 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3973 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3974 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3975 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3976 3977 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3978 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3979 if (sc->mac_ver == 0x3593) 3980 tmp |= 1 << 29 | 1 << 28; 3981 if (sc->nrxchains > 1) 3982 tmp |= RT2860_LNA_PE1_EN; 3983 if (group == 0) { /* 2GHz */ 3984 tmp |= RT2860_PA_PE_G0_EN; 3985 if (sc->ntxchains > 1) 3986 tmp |= RT2860_PA_PE_G1_EN; 3987 if (sc->mac_ver == 0x3593) { 3988 if (sc->ntxchains > 2) 3989 tmp |= 1 << 25; 3990 } 3991 } else { /* 5GHz */ 3992 tmp |= RT2860_PA_PE_A0_EN; 3993 if (sc->ntxchains > 1) 3994 tmp |= RT2860_PA_PE_A1_EN; 3995 } 3996 if (sc->mac_ver == 0x3572) { 3997 run_rt3070_rf_write(sc, 8, 0x00); 3998 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3999 run_rt3070_rf_write(sc, 8, 0x80); 4000 } else 4001 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4002 4003 if (sc->mac_ver == 0x5592) { 4004 run_bbp_write(sc, 195, 0x8d); 4005 run_bbp_write(sc, 196, 0x1a); 4006 } 4007 4008 if (sc->mac_ver == 0x3593) { 4009 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4010 tmp &= ~0x01010000; 4011 if (group == 0) 4012 tmp |= 0x00010000; 4013 tmp = (tmp & ~0x00009090) | 0x00000090; 4014 run_write(sc, RT2860_GPIO_CTRL, tmp); 4015 } 4016 4017 /* set initial AGC value */ 4018 if (group == 0) { /* 2GHz band */ 4019 if (sc->mac_ver >= 0x3070) 4020 agc = 0x1c + sc->lna[0] * 2; 4021 else 4022 agc = 0x2e + sc->lna[0]; 4023 } else { /* 5GHz band */ 4024 if (sc->mac_ver == 0x5592) 4025 agc = 0x24 + sc->lna[group] * 2; 4026 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4027 agc = 0x22 + (sc->lna[group] * 5) / 3; 4028 else 4029 agc = 0x32 + (sc->lna[group] * 5) / 3; 4030 } 4031 run_set_agc(sc, agc); 4032 } 4033 4034 static void 4035 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4036 { 4037 const struct rfprog *rfprog = rt2860_rf2850; 4038 uint32_t r2, r3, r4; 4039 int8_t txpow1, txpow2; 4040 int i; 4041 4042 /* find the settings for this channel (we know it exists) */ 4043 for (i = 0; rfprog[i].chan != chan; i++); 4044 4045 r2 = rfprog[i].r2; 4046 if (sc->ntxchains == 1) 4047 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4048 if (sc->nrxchains == 1) 4049 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4050 else if (sc->nrxchains == 2) 4051 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4052 4053 /* use Tx power values from EEPROM */ 4054 txpow1 = sc->txpow1[i]; 4055 txpow2 = sc->txpow2[i]; 4056 4057 /* Initialize RF R3 and R4. */ 4058 r3 = rfprog[i].r3 & 0xffffc1ff; 4059 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4060 if (chan > 14) { 4061 if (txpow1 >= 0) { 4062 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4063 r3 |= (txpow1 << 10) | (1 << 9); 4064 } else { 4065 txpow1 += 7; 4066 4067 /* txpow1 is not possible larger than 15. */ 4068 r3 |= (txpow1 << 10); 4069 } 4070 if (txpow2 >= 0) { 4071 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4072 r4 |= (txpow2 << 7) | (1 << 6); 4073 } else { 4074 txpow2 += 7; 4075 r4 |= (txpow2 << 7); 4076 } 4077 } else { 4078 /* Set Tx0 power. */ 4079 r3 |= (txpow1 << 9); 4080 4081 /* Set frequency offset and Tx1 power. */ 4082 r4 |= (txpow2 << 6); 4083 } 4084 4085 run_rt2870_rf_write(sc, rfprog[i].r1); 4086 run_rt2870_rf_write(sc, r2); 4087 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4088 run_rt2870_rf_write(sc, r4); 4089 4090 run_delay(sc, 10); 4091 4092 run_rt2870_rf_write(sc, rfprog[i].r1); 4093 run_rt2870_rf_write(sc, r2); 4094 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4095 run_rt2870_rf_write(sc, r4); 4096 4097 run_delay(sc, 10); 4098 4099 run_rt2870_rf_write(sc, rfprog[i].r1); 4100 run_rt2870_rf_write(sc, r2); 4101 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4102 run_rt2870_rf_write(sc, r4); 4103 } 4104 4105 static void 4106 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4107 { 4108 int8_t txpow1, txpow2; 4109 uint8_t rf; 4110 int i; 4111 4112 /* find the settings for this channel (we know it exists) */ 4113 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4114 4115 /* use Tx power values from EEPROM */ 4116 txpow1 = sc->txpow1[i]; 4117 txpow2 = sc->txpow2[i]; 4118 4119 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4120 4121 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4122 run_rt3070_rf_read(sc, 3, &rf); 4123 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4124 run_rt3070_rf_write(sc, 3, rf); 4125 4126 run_rt3070_rf_read(sc, 6, &rf); 4127 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4128 run_rt3070_rf_write(sc, 6, rf); 4129 4130 /* set Tx0 power */ 4131 run_rt3070_rf_read(sc, 12, &rf); 4132 rf = (rf & ~0x1f) | txpow1; 4133 run_rt3070_rf_write(sc, 12, rf); 4134 4135 /* set Tx1 power */ 4136 run_rt3070_rf_read(sc, 13, &rf); 4137 rf = (rf & ~0x1f) | txpow2; 4138 run_rt3070_rf_write(sc, 13, rf); 4139 4140 run_rt3070_rf_read(sc, 1, &rf); 4141 rf &= ~0xfc; 4142 if (sc->ntxchains == 1) 4143 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4144 else if (sc->ntxchains == 2) 4145 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4146 if (sc->nrxchains == 1) 4147 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4148 else if (sc->nrxchains == 2) 4149 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4150 run_rt3070_rf_write(sc, 1, rf); 4151 4152 /* set RF offset */ 4153 run_rt3070_rf_read(sc, 23, &rf); 4154 rf = (rf & ~0x7f) | sc->freq; 4155 run_rt3070_rf_write(sc, 23, rf); 4156 4157 /* program RF filter */ 4158 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4159 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4160 run_rt3070_rf_write(sc, 24, rf); 4161 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4162 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4163 run_rt3070_rf_write(sc, 31, rf); 4164 4165 /* enable RF tuning */ 4166 run_rt3070_rf_read(sc, 7, &rf); 4167 run_rt3070_rf_write(sc, 7, rf | 0x01); 4168 } 4169 4170 static void 4171 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4172 { 4173 int8_t txpow1, txpow2; 4174 uint32_t tmp; 4175 uint8_t rf; 4176 int i; 4177 4178 /* find the settings for this channel (we know it exists) */ 4179 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4180 4181 /* use Tx power values from EEPROM */ 4182 txpow1 = sc->txpow1[i]; 4183 txpow2 = sc->txpow2[i]; 4184 4185 if (chan <= 14) { 4186 run_bbp_write(sc, 25, sc->bbp25); 4187 run_bbp_write(sc, 26, sc->bbp26); 4188 } else { 4189 /* enable IQ phase correction */ 4190 run_bbp_write(sc, 25, 0x09); 4191 run_bbp_write(sc, 26, 0xff); 4192 } 4193 4194 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4195 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4196 run_rt3070_rf_read(sc, 6, &rf); 4197 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4198 rf |= (chan <= 14) ? 0x08 : 0x04; 4199 run_rt3070_rf_write(sc, 6, rf); 4200 4201 /* set PLL mode */ 4202 run_rt3070_rf_read(sc, 5, &rf); 4203 rf &= ~(0x08 | 0x04); 4204 rf |= (chan <= 14) ? 0x04 : 0x08; 4205 run_rt3070_rf_write(sc, 5, rf); 4206 4207 /* set Tx power for chain 0 */ 4208 if (chan <= 14) 4209 rf = 0x60 | txpow1; 4210 else 4211 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4212 run_rt3070_rf_write(sc, 12, rf); 4213 4214 /* set Tx power for chain 1 */ 4215 if (chan <= 14) 4216 rf = 0x60 | txpow2; 4217 else 4218 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4219 run_rt3070_rf_write(sc, 13, rf); 4220 4221 /* set Tx/Rx streams */ 4222 run_rt3070_rf_read(sc, 1, &rf); 4223 rf &= ~0xfc; 4224 if (sc->ntxchains == 1) 4225 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4226 else if (sc->ntxchains == 2) 4227 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4228 if (sc->nrxchains == 1) 4229 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4230 else if (sc->nrxchains == 2) 4231 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4232 run_rt3070_rf_write(sc, 1, rf); 4233 4234 /* set RF offset */ 4235 run_rt3070_rf_read(sc, 23, &rf); 4236 rf = (rf & ~0x7f) | sc->freq; 4237 run_rt3070_rf_write(sc, 23, rf); 4238 4239 /* program RF filter */ 4240 rf = sc->rf24_20mhz; 4241 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4242 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4243 4244 /* enable RF tuning */ 4245 run_rt3070_rf_read(sc, 7, &rf); 4246 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4247 run_rt3070_rf_write(sc, 7, rf); 4248 4249 /* TSSI */ 4250 rf = (chan <= 14) ? 0xc3 : 0xc0; 4251 run_rt3070_rf_write(sc, 9, rf); 4252 4253 /* set loop filter 1 */ 4254 run_rt3070_rf_write(sc, 10, 0xf1); 4255 /* set loop filter 2 */ 4256 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4257 4258 /* set tx_mx2_ic */ 4259 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4260 /* set tx_mx1_ic */ 4261 if (chan <= 14) 4262 rf = 0x48 | sc->txmixgain_2ghz; 4263 else 4264 rf = 0x78 | sc->txmixgain_5ghz; 4265 run_rt3070_rf_write(sc, 16, rf); 4266 4267 /* set tx_lo1 */ 4268 run_rt3070_rf_write(sc, 17, 0x23); 4269 /* set tx_lo2 */ 4270 if (chan <= 14) 4271 rf = 0x93; 4272 else if (chan <= 64) 4273 rf = 0xb7; 4274 else if (chan <= 128) 4275 rf = 0x74; 4276 else 4277 rf = 0x72; 4278 run_rt3070_rf_write(sc, 19, rf); 4279 4280 /* set rx_lo1 */ 4281 if (chan <= 14) 4282 rf = 0xb3; 4283 else if (chan <= 64) 4284 rf = 0xf6; 4285 else if (chan <= 128) 4286 rf = 0xf4; 4287 else 4288 rf = 0xf3; 4289 run_rt3070_rf_write(sc, 20, rf); 4290 4291 /* set pfd_delay */ 4292 if (chan <= 14) 4293 rf = 0x15; 4294 else if (chan <= 64) 4295 rf = 0x3d; 4296 else 4297 rf = 0x01; 4298 run_rt3070_rf_write(sc, 25, rf); 4299 4300 /* set rx_lo2 */ 4301 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4302 /* set ldo_rf_vc */ 4303 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4304 /* set drv_cc */ 4305 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4306 4307 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4308 tmp &= ~0x8080; 4309 if (chan <= 14) 4310 tmp |= 0x80; 4311 run_write(sc, RT2860_GPIO_CTRL, tmp); 4312 4313 /* enable RF tuning */ 4314 run_rt3070_rf_read(sc, 7, &rf); 4315 run_rt3070_rf_write(sc, 7, rf | 0x01); 4316 4317 run_delay(sc, 2); 4318 } 4319 4320 static void 4321 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4322 { 4323 int8_t txpow1, txpow2, txpow3; 4324 uint8_t h20mhz, rf; 4325 int i; 4326 4327 /* find the settings for this channel (we know it exists) */ 4328 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4329 4330 /* use Tx power values from EEPROM */ 4331 txpow1 = sc->txpow1[i]; 4332 txpow2 = sc->txpow2[i]; 4333 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4334 4335 if (chan <= 14) { 4336 run_bbp_write(sc, 25, sc->bbp25); 4337 run_bbp_write(sc, 26, sc->bbp26); 4338 } else { 4339 /* Enable IQ phase correction. */ 4340 run_bbp_write(sc, 25, 0x09); 4341 run_bbp_write(sc, 26, 0xff); 4342 } 4343 4344 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4345 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4346 run_rt3070_rf_read(sc, 11, &rf); 4347 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4348 run_rt3070_rf_write(sc, 11, rf); 4349 4350 /* Set pll_idoh. */ 4351 run_rt3070_rf_read(sc, 11, &rf); 4352 rf &= ~0x4c; 4353 rf |= (chan <= 14) ? 0x44 : 0x48; 4354 run_rt3070_rf_write(sc, 11, rf); 4355 4356 if (chan <= 14) 4357 rf = txpow1 & 0x1f; 4358 else 4359 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4360 run_rt3070_rf_write(sc, 53, rf); 4361 4362 if (chan <= 14) 4363 rf = txpow2 & 0x1f; 4364 else 4365 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4366 run_rt3070_rf_write(sc, 55, rf); 4367 4368 if (chan <= 14) 4369 rf = txpow3 & 0x1f; 4370 else 4371 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4372 run_rt3070_rf_write(sc, 54, rf); 4373 4374 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4375 if (sc->ntxchains == 3) 4376 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4377 else 4378 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4379 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4380 run_rt3070_rf_write(sc, 1, rf); 4381 4382 run_adjust_freq_offset(sc); 4383 4384 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4385 4386 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4387 run_rt3070_rf_read(sc, 30, &rf); 4388 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4389 run_rt3070_rf_write(sc, 30, rf); 4390 4391 run_rt3070_rf_read(sc, 36, &rf); 4392 if (chan <= 14) 4393 rf |= 0x80; 4394 else 4395 rf &= ~0x80; 4396 run_rt3070_rf_write(sc, 36, rf); 4397 4398 /* Set vcolo_bs. */ 4399 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4400 /* Set pfd_delay. */ 4401 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4402 4403 /* Set vco bias current control. */ 4404 run_rt3070_rf_read(sc, 6, &rf); 4405 rf &= ~0xc0; 4406 if (chan <= 14) 4407 rf |= 0x40; 4408 else if (chan <= 128) 4409 rf |= 0x80; 4410 else 4411 rf |= 0x40; 4412 run_rt3070_rf_write(sc, 6, rf); 4413 4414 run_rt3070_rf_read(sc, 30, &rf); 4415 rf = (rf & ~0x18) | 0x10; 4416 run_rt3070_rf_write(sc, 30, rf); 4417 4418 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4419 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4420 4421 run_rt3070_rf_read(sc, 51, &rf); 4422 rf = (rf & ~0x03) | 0x01; 4423 run_rt3070_rf_write(sc, 51, rf); 4424 /* Set tx_mx1_cc. */ 4425 run_rt3070_rf_read(sc, 51, &rf); 4426 rf &= ~0x1c; 4427 rf |= (chan <= 14) ? 0x14 : 0x10; 4428 run_rt3070_rf_write(sc, 51, rf); 4429 /* Set tx_mx1_ic. */ 4430 run_rt3070_rf_read(sc, 51, &rf); 4431 rf &= ~0xe0; 4432 rf |= (chan <= 14) ? 0x60 : 0x40; 4433 run_rt3070_rf_write(sc, 51, rf); 4434 /* Set tx_lo1_ic. */ 4435 run_rt3070_rf_read(sc, 49, &rf); 4436 rf &= ~0x1c; 4437 rf |= (chan <= 14) ? 0x0c : 0x08; 4438 run_rt3070_rf_write(sc, 49, rf); 4439 /* Set tx_lo1_en. */ 4440 run_rt3070_rf_read(sc, 50, &rf); 4441 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4442 /* Set drv_cc. */ 4443 run_rt3070_rf_read(sc, 57, &rf); 4444 rf &= ~0xfc; 4445 rf |= (chan <= 14) ? 0x6c : 0x3c; 4446 run_rt3070_rf_write(sc, 57, rf); 4447 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4448 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4449 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4450 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4451 /* Enable VCO calibration. */ 4452 run_rt3070_rf_read(sc, 3, &rf); 4453 rf &= ~RT5390_VCOCAL; 4454 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4455 run_rt3070_rf_write(sc, 3, rf); 4456 4457 if (chan <= 14) 4458 rf = 0x23; 4459 else if (chan <= 64) 4460 rf = 0x36; 4461 else if (chan <= 128) 4462 rf = 0x32; 4463 else 4464 rf = 0x30; 4465 run_rt3070_rf_write(sc, 39, rf); 4466 if (chan <= 14) 4467 rf = 0xbb; 4468 else if (chan <= 64) 4469 rf = 0xeb; 4470 else if (chan <= 128) 4471 rf = 0xb3; 4472 else 4473 rf = 0x9b; 4474 run_rt3070_rf_write(sc, 45, rf); 4475 4476 /* Set FEQ/AEQ control. */ 4477 run_bbp_write(sc, 105, 0x34); 4478 } 4479 4480 static void 4481 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4482 { 4483 int8_t txpow1, txpow2; 4484 uint8_t rf; 4485 int i; 4486 4487 /* find the settings for this channel (we know it exists) */ 4488 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4489 4490 /* use Tx power values from EEPROM */ 4491 txpow1 = sc->txpow1[i]; 4492 txpow2 = sc->txpow2[i]; 4493 4494 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4495 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4496 run_rt3070_rf_read(sc, 11, &rf); 4497 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4498 run_rt3070_rf_write(sc, 11, rf); 4499 4500 run_rt3070_rf_read(sc, 49, &rf); 4501 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4502 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4503 if ((rf & 0x3f) > 0x27) 4504 rf = (rf & ~0x3f) | 0x27; 4505 run_rt3070_rf_write(sc, 49, rf); 4506 4507 if (sc->mac_ver == 0x5392) { 4508 run_rt3070_rf_read(sc, 50, &rf); 4509 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4510 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4511 if ((rf & 0x3f) > 0x27) 4512 rf = (rf & ~0x3f) | 0x27; 4513 run_rt3070_rf_write(sc, 50, rf); 4514 } 4515 4516 run_rt3070_rf_read(sc, 1, &rf); 4517 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4518 if (sc->mac_ver == 0x5392) 4519 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4520 run_rt3070_rf_write(sc, 1, rf); 4521 4522 if (sc->mac_ver != 0x5392) { 4523 run_rt3070_rf_read(sc, 2, &rf); 4524 rf |= 0x80; 4525 run_rt3070_rf_write(sc, 2, rf); 4526 run_delay(sc, 10); 4527 rf &= 0x7f; 4528 run_rt3070_rf_write(sc, 2, rf); 4529 } 4530 4531 run_adjust_freq_offset(sc); 4532 4533 if (sc->mac_ver == 0x5392) { 4534 /* Fix for RT5392C. */ 4535 if (sc->mac_rev >= 0x0223) { 4536 if (chan <= 4) 4537 rf = 0x0f; 4538 else if (chan >= 5 && chan <= 7) 4539 rf = 0x0e; 4540 else 4541 rf = 0x0d; 4542 run_rt3070_rf_write(sc, 23, rf); 4543 4544 if (chan <= 4) 4545 rf = 0x0c; 4546 else if (chan == 5) 4547 rf = 0x0b; 4548 else if (chan >= 6 && chan <= 7) 4549 rf = 0x0a; 4550 else if (chan >= 8 && chan <= 10) 4551 rf = 0x09; 4552 else 4553 rf = 0x08; 4554 run_rt3070_rf_write(sc, 59, rf); 4555 } else { 4556 if (chan <= 11) 4557 rf = 0x0f; 4558 else 4559 rf = 0x0b; 4560 run_rt3070_rf_write(sc, 59, rf); 4561 } 4562 } else { 4563 /* Fix for RT5390F. */ 4564 if (sc->mac_rev >= 0x0502) { 4565 if (chan <= 11) 4566 rf = 0x43; 4567 else 4568 rf = 0x23; 4569 run_rt3070_rf_write(sc, 55, rf); 4570 4571 if (chan <= 11) 4572 rf = 0x0f; 4573 else if (chan == 12) 4574 rf = 0x0d; 4575 else 4576 rf = 0x0b; 4577 run_rt3070_rf_write(sc, 59, rf); 4578 } else { 4579 run_rt3070_rf_write(sc, 55, 0x44); 4580 run_rt3070_rf_write(sc, 59, 0x8f); 4581 } 4582 } 4583 4584 /* Enable VCO calibration. */ 4585 run_rt3070_rf_read(sc, 3, &rf); 4586 rf |= RT5390_VCOCAL; 4587 run_rt3070_rf_write(sc, 3, rf); 4588 } 4589 4590 static void 4591 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4592 { 4593 const struct rt5592_freqs *freqs; 4594 uint32_t tmp; 4595 uint8_t reg, rf, txpow_bound; 4596 int8_t txpow1, txpow2; 4597 int i; 4598 4599 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4600 freqs = (tmp & RT5592_SEL_XTAL) ? 4601 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4602 4603 /* find the settings for this channel (we know it exists) */ 4604 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4605 4606 /* use Tx power values from EEPROM */ 4607 txpow1 = sc->txpow1[i]; 4608 txpow2 = sc->txpow2[i]; 4609 4610 run_read(sc, RT3070_LDO_CFG0, &tmp); 4611 tmp &= ~0x1c000000; 4612 if (chan > 14) 4613 tmp |= 0x14000000; 4614 run_write(sc, RT3070_LDO_CFG0, tmp); 4615 4616 /* N setting. */ 4617 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4618 run_rt3070_rf_read(sc, 9, &rf); 4619 rf &= ~(1 << 4); 4620 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4621 run_rt3070_rf_write(sc, 9, rf); 4622 4623 /* K setting. */ 4624 run_rt3070_rf_read(sc, 9, &rf); 4625 rf &= ~0x0f; 4626 rf |= (freqs->k & 0x0f); 4627 run_rt3070_rf_write(sc, 9, rf); 4628 4629 /* Mode setting. */ 4630 run_rt3070_rf_read(sc, 11, &rf); 4631 rf &= ~0x0c; 4632 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4633 run_rt3070_rf_write(sc, 11, rf); 4634 run_rt3070_rf_read(sc, 9, &rf); 4635 rf &= ~(1 << 7); 4636 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4637 run_rt3070_rf_write(sc, 9, rf); 4638 4639 /* R setting. */ 4640 run_rt3070_rf_read(sc, 11, &rf); 4641 rf &= ~0x03; 4642 rf |= (freqs->r - 0x1); 4643 run_rt3070_rf_write(sc, 11, rf); 4644 4645 if (chan <= 14) { 4646 /* Initialize RF registers for 2GHZ. */ 4647 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4648 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4649 rt5592_2ghz_def_rf[i].val); 4650 } 4651 4652 rf = (chan <= 10) ? 0x07 : 0x06; 4653 run_rt3070_rf_write(sc, 23, rf); 4654 run_rt3070_rf_write(sc, 59, rf); 4655 4656 run_rt3070_rf_write(sc, 55, 0x43); 4657 4658 /* 4659 * RF R49/R50 Tx power ALC code. 4660 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4661 */ 4662 reg = 2; 4663 txpow_bound = 0x27; 4664 } else { 4665 /* Initialize RF registers for 5GHZ. */ 4666 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4667 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4668 rt5592_5ghz_def_rf[i].val); 4669 } 4670 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4671 if (chan >= rt5592_chan_5ghz[i].firstchan && 4672 chan <= rt5592_chan_5ghz[i].lastchan) { 4673 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4674 rt5592_chan_5ghz[i].val); 4675 } 4676 } 4677 4678 /* 4679 * RF R49/R50 Tx power ALC code. 4680 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4681 */ 4682 reg = 3; 4683 txpow_bound = 0x2b; 4684 } 4685 4686 /* RF R49 ch0 Tx power ALC code. */ 4687 run_rt3070_rf_read(sc, 49, &rf); 4688 rf &= ~0xc0; 4689 rf |= (reg << 6); 4690 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4691 if ((rf & 0x3f) > txpow_bound) 4692 rf = (rf & ~0x3f) | txpow_bound; 4693 run_rt3070_rf_write(sc, 49, rf); 4694 4695 /* RF R50 ch1 Tx power ALC code. */ 4696 run_rt3070_rf_read(sc, 50, &rf); 4697 rf &= ~(1 << 7 | 1 << 6); 4698 rf |= (reg << 6); 4699 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4700 if ((rf & 0x3f) > txpow_bound) 4701 rf = (rf & ~0x3f) | txpow_bound; 4702 run_rt3070_rf_write(sc, 50, rf); 4703 4704 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4705 run_rt3070_rf_read(sc, 1, &rf); 4706 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4707 if (sc->ntxchains > 1) 4708 rf |= RT3070_TX1_PD; 4709 if (sc->nrxchains > 1) 4710 rf |= RT3070_RX1_PD; 4711 run_rt3070_rf_write(sc, 1, rf); 4712 4713 run_rt3070_rf_write(sc, 6, 0xe4); 4714 4715 run_rt3070_rf_write(sc, 30, 0x10); 4716 run_rt3070_rf_write(sc, 31, 0x80); 4717 run_rt3070_rf_write(sc, 32, 0x80); 4718 4719 run_adjust_freq_offset(sc); 4720 4721 /* Enable VCO calibration. */ 4722 run_rt3070_rf_read(sc, 3, &rf); 4723 rf |= RT5390_VCOCAL; 4724 run_rt3070_rf_write(sc, 3, rf); 4725 } 4726 4727 static void 4728 run_set_rx_antenna(struct run_softc *sc, int aux) 4729 { 4730 uint32_t tmp; 4731 uint8_t bbp152; 4732 4733 if (aux) { 4734 if (sc->rf_rev == RT5390_RF_5370) { 4735 run_bbp_read(sc, 152, &bbp152); 4736 run_bbp_write(sc, 152, bbp152 & ~0x80); 4737 } else { 4738 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4739 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4740 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4741 } 4742 } else { 4743 if (sc->rf_rev == RT5390_RF_5370) { 4744 run_bbp_read(sc, 152, &bbp152); 4745 run_bbp_write(sc, 152, bbp152 | 0x80); 4746 } else { 4747 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4748 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4749 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4750 } 4751 } 4752 } 4753 4754 static int 4755 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4756 { 4757 struct ieee80211com *ic = &sc->sc_ic; 4758 u_int chan, group; 4759 4760 chan = ieee80211_chan2ieee(ic, c); 4761 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4762 return (EINVAL); 4763 4764 if (sc->mac_ver == 0x5592) 4765 run_rt5592_set_chan(sc, chan); 4766 else if (sc->mac_ver >= 0x5390) 4767 run_rt5390_set_chan(sc, chan); 4768 else if (sc->mac_ver == 0x3593) 4769 run_rt3593_set_chan(sc, chan); 4770 else if (sc->mac_ver == 0x3572) 4771 run_rt3572_set_chan(sc, chan); 4772 else if (sc->mac_ver >= 0x3070) 4773 run_rt3070_set_chan(sc, chan); 4774 else 4775 run_rt2870_set_chan(sc, chan); 4776 4777 /* determine channel group */ 4778 if (chan <= 14) 4779 group = 0; 4780 else if (chan <= 64) 4781 group = 1; 4782 else if (chan <= 128) 4783 group = 2; 4784 else 4785 group = 3; 4786 4787 /* XXX necessary only when group has changed! */ 4788 run_select_chan_group(sc, group); 4789 4790 run_delay(sc, 10); 4791 4792 /* Perform IQ calibration. */ 4793 if (sc->mac_ver >= 0x5392) 4794 run_iq_calib(sc, chan); 4795 4796 return (0); 4797 } 4798 4799 static void 4800 run_set_channel(struct ieee80211com *ic) 4801 { 4802 struct run_softc *sc = ic->ic_softc; 4803 4804 RUN_LOCK(sc); 4805 run_set_chan(sc, ic->ic_curchan); 4806 RUN_UNLOCK(sc); 4807 4808 return; 4809 } 4810 4811 static void 4812 run_scan_start(struct ieee80211com *ic) 4813 { 4814 struct run_softc *sc = ic->ic_softc; 4815 uint32_t tmp; 4816 4817 RUN_LOCK(sc); 4818 4819 /* abort TSF synchronization */ 4820 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4821 run_write(sc, RT2860_BCN_TIME_CFG, 4822 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4823 RT2860_TBTT_TIMER_EN)); 4824 run_set_bssid(sc, ieee80211broadcastaddr); 4825 4826 RUN_UNLOCK(sc); 4827 4828 return; 4829 } 4830 4831 static void 4832 run_scan_end(struct ieee80211com *ic) 4833 { 4834 struct run_softc *sc = ic->ic_softc; 4835 4836 RUN_LOCK(sc); 4837 4838 run_enable_tsf_sync(sc); 4839 /* XXX keep local copy */ 4840 run_set_bssid(sc, ic->ic_macaddr); 4841 4842 RUN_UNLOCK(sc); 4843 4844 return; 4845 } 4846 4847 /* 4848 * Could be called from ieee80211_node_timeout() 4849 * (non-sleepable thread) 4850 */ 4851 static void 4852 run_update_beacon(struct ieee80211vap *vap, int item) 4853 { 4854 struct ieee80211com *ic = vap->iv_ic; 4855 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4856 struct ieee80211_node *ni = vap->iv_bss; 4857 struct run_softc *sc = ic->ic_softc; 4858 struct run_vap *rvp = RUN_VAP(vap); 4859 int mcast = 0; 4860 uint32_t i; 4861 4862 switch (item) { 4863 case IEEE80211_BEACON_ERP: 4864 run_updateslot(ic); 4865 break; 4866 case IEEE80211_BEACON_HTINFO: 4867 run_updateprot(ic); 4868 break; 4869 case IEEE80211_BEACON_TIM: 4870 mcast = 1; /*TODO*/ 4871 break; 4872 default: 4873 break; 4874 } 4875 4876 setbit(bo->bo_flags, item); 4877 if (rvp->beacon_mbuf == NULL) { 4878 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4879 if (rvp->beacon_mbuf == NULL) 4880 return; 4881 } 4882 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4883 4884 i = RUN_CMDQ_GET(&sc->cmdq_store); 4885 DPRINTF("cmdq_store=%d\n", i); 4886 sc->cmdq[i].func = run_update_beacon_cb; 4887 sc->cmdq[i].arg0 = vap; 4888 ieee80211_runtask(ic, &sc->cmdq_task); 4889 4890 return; 4891 } 4892 4893 static void 4894 run_update_beacon_cb(void *arg) 4895 { 4896 struct ieee80211vap *vap = arg; 4897 struct ieee80211_node *ni = vap->iv_bss; 4898 struct run_vap *rvp = RUN_VAP(vap); 4899 struct ieee80211com *ic = vap->iv_ic; 4900 struct run_softc *sc = ic->ic_softc; 4901 struct rt2860_txwi txwi; 4902 struct mbuf *m; 4903 uint16_t txwisize; 4904 uint8_t ridx; 4905 4906 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4907 return; 4908 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4909 return; 4910 4911 /* 4912 * No need to call ieee80211_beacon_update(), run_update_beacon() 4913 * is taking care of apropriate calls. 4914 */ 4915 if (rvp->beacon_mbuf == NULL) { 4916 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4917 if (rvp->beacon_mbuf == NULL) 4918 return; 4919 } 4920 m = rvp->beacon_mbuf; 4921 4922 memset(&txwi, 0, sizeof(txwi)); 4923 txwi.wcid = 0xff; 4924 txwi.len = htole16(m->m_pkthdr.len); 4925 4926 /* send beacons at the lowest available rate */ 4927 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4928 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4929 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4930 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4931 txwi.phy |= htole16(RT2860_PHY_OFDM); 4932 txwi.txop = RT2860_TX_TXOP_HT; 4933 txwi.flags = RT2860_TX_TS; 4934 txwi.xflags = RT2860_TX_NSEQ; 4935 4936 txwisize = (sc->mac_ver == 0x5592) ? 4937 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4938 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4939 txwisize); 4940 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4941 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4942 } 4943 4944 static void 4945 run_updateprot(struct ieee80211com *ic) 4946 { 4947 struct run_softc *sc = ic->ic_softc; 4948 uint32_t i; 4949 4950 i = RUN_CMDQ_GET(&sc->cmdq_store); 4951 DPRINTF("cmdq_store=%d\n", i); 4952 sc->cmdq[i].func = run_updateprot_cb; 4953 sc->cmdq[i].arg0 = ic; 4954 ieee80211_runtask(ic, &sc->cmdq_task); 4955 } 4956 4957 static void 4958 run_updateprot_cb(void *arg) 4959 { 4960 struct ieee80211com *ic = arg; 4961 struct run_softc *sc = ic->ic_softc; 4962 uint32_t tmp; 4963 4964 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4965 /* setup protection frame rate (MCS code) */ 4966 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4967 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4968 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4969 4970 /* CCK frames don't require protection */ 4971 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4972 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4973 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4974 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4975 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4976 tmp |= RT2860_PROT_CTRL_CTS; 4977 } 4978 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4979 } 4980 4981 static void 4982 run_usb_timeout_cb(void *arg) 4983 { 4984 struct ieee80211vap *vap = arg; 4985 struct run_softc *sc = vap->iv_ic->ic_softc; 4986 4987 RUN_LOCK_ASSERT(sc, MA_OWNED); 4988 4989 if(vap->iv_state == IEEE80211_S_RUN && 4990 vap->iv_opmode != IEEE80211_M_STA) 4991 run_reset_livelock(sc); 4992 else if (vap->iv_state == IEEE80211_S_SCAN) { 4993 DPRINTF("timeout caused by scan\n"); 4994 /* cancel bgscan */ 4995 ieee80211_cancel_scan(vap); 4996 } else 4997 DPRINTF("timeout by unknown cause\n"); 4998 } 4999 5000 static void 5001 run_reset_livelock(struct run_softc *sc) 5002 { 5003 uint32_t tmp; 5004 5005 RUN_LOCK_ASSERT(sc, MA_OWNED); 5006 5007 /* 5008 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5009 * can run into a livelock and start sending CTS-to-self frames like 5010 * crazy if protection is enabled. Reset MAC/BBP for a while 5011 */ 5012 run_read(sc, RT2860_DEBUG, &tmp); 5013 DPRINTFN(3, "debug reg %08x\n", tmp); 5014 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5015 DPRINTF("CTS-to-self livelock detected\n"); 5016 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5017 run_delay(sc, 1); 5018 run_write(sc, RT2860_MAC_SYS_CTRL, 5019 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5020 } 5021 } 5022 5023 static void 5024 run_update_promisc_locked(struct run_softc *sc) 5025 { 5026 uint32_t tmp; 5027 5028 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5029 5030 tmp |= RT2860_DROP_UC_NOME; 5031 if (sc->sc_ic.ic_promisc > 0) 5032 tmp &= ~RT2860_DROP_UC_NOME; 5033 5034 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5035 5036 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5037 "entering" : "leaving"); 5038 } 5039 5040 static void 5041 run_update_promisc(struct ieee80211com *ic) 5042 { 5043 struct run_softc *sc = ic->ic_softc; 5044 5045 if ((sc->sc_flags & RUN_RUNNING) == 0) 5046 return; 5047 5048 RUN_LOCK(sc); 5049 run_update_promisc_locked(sc); 5050 RUN_UNLOCK(sc); 5051 } 5052 5053 static void 5054 run_enable_tsf_sync(struct run_softc *sc) 5055 { 5056 struct ieee80211com *ic = &sc->sc_ic; 5057 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5058 uint32_t tmp; 5059 5060 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5061 ic->ic_opmode); 5062 5063 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5064 tmp &= ~0x1fffff; 5065 tmp |= vap->iv_bss->ni_intval * 16; 5066 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5067 5068 if (ic->ic_opmode == IEEE80211_M_STA) { 5069 /* 5070 * Local TSF is always updated with remote TSF on beacon 5071 * reception. 5072 */ 5073 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5074 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5075 tmp |= RT2860_BCN_TX_EN; 5076 /* 5077 * Local TSF is updated with remote TSF on beacon reception 5078 * only if the remote TSF is greater than local TSF. 5079 */ 5080 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5081 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5082 ic->ic_opmode == IEEE80211_M_MBSS) { 5083 tmp |= RT2860_BCN_TX_EN; 5084 /* SYNC with nobody */ 5085 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5086 } else { 5087 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5088 return; 5089 } 5090 5091 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5092 } 5093 5094 static void 5095 run_enable_tsf(struct run_softc *sc) 5096 { 5097 uint32_t tmp; 5098 5099 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5100 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5101 tmp |= RT2860_TSF_TIMER_EN; 5102 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5103 } 5104 } 5105 5106 static void 5107 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5108 { 5109 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5110 sizeof(*buf)); 5111 } 5112 5113 static void 5114 run_enable_mrr(struct run_softc *sc) 5115 { 5116 #define CCK(mcs) (mcs) 5117 #define OFDM(mcs) (1 << 3 | (mcs)) 5118 run_write(sc, RT2860_LG_FBK_CFG0, 5119 OFDM(6) << 28 | /* 54->48 */ 5120 OFDM(5) << 24 | /* 48->36 */ 5121 OFDM(4) << 20 | /* 36->24 */ 5122 OFDM(3) << 16 | /* 24->18 */ 5123 OFDM(2) << 12 | /* 18->12 */ 5124 OFDM(1) << 8 | /* 12-> 9 */ 5125 OFDM(0) << 4 | /* 9-> 6 */ 5126 OFDM(0)); /* 6-> 6 */ 5127 5128 run_write(sc, RT2860_LG_FBK_CFG1, 5129 CCK(2) << 12 | /* 11->5.5 */ 5130 CCK(1) << 8 | /* 5.5-> 2 */ 5131 CCK(0) << 4 | /* 2-> 1 */ 5132 CCK(0)); /* 1-> 1 */ 5133 #undef OFDM 5134 #undef CCK 5135 } 5136 5137 static void 5138 run_set_txpreamble(struct run_softc *sc) 5139 { 5140 struct ieee80211com *ic = &sc->sc_ic; 5141 uint32_t tmp; 5142 5143 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5144 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5145 tmp |= RT2860_CCK_SHORT_EN; 5146 else 5147 tmp &= ~RT2860_CCK_SHORT_EN; 5148 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5149 } 5150 5151 static void 5152 run_set_basicrates(struct run_softc *sc) 5153 { 5154 struct ieee80211com *ic = &sc->sc_ic; 5155 5156 /* set basic rates mask */ 5157 if (ic->ic_curmode == IEEE80211_MODE_11B) 5158 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5159 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5160 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5161 else /* 11g */ 5162 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5163 } 5164 5165 static void 5166 run_set_leds(struct run_softc *sc, uint16_t which) 5167 { 5168 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5169 which | (sc->leds & 0x7f)); 5170 } 5171 5172 static void 5173 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5174 { 5175 run_write(sc, RT2860_MAC_BSSID_DW0, 5176 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5177 run_write(sc, RT2860_MAC_BSSID_DW1, 5178 bssid[4] | bssid[5] << 8); 5179 } 5180 5181 static void 5182 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5183 { 5184 run_write(sc, RT2860_MAC_ADDR_DW0, 5185 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5186 run_write(sc, RT2860_MAC_ADDR_DW1, 5187 addr[4] | addr[5] << 8 | 0xff << 16); 5188 } 5189 5190 static void 5191 run_updateslot(struct ieee80211com *ic) 5192 { 5193 struct run_softc *sc = ic->ic_softc; 5194 uint32_t i; 5195 5196 i = RUN_CMDQ_GET(&sc->cmdq_store); 5197 DPRINTF("cmdq_store=%d\n", i); 5198 sc->cmdq[i].func = run_updateslot_cb; 5199 sc->cmdq[i].arg0 = ic; 5200 ieee80211_runtask(ic, &sc->cmdq_task); 5201 5202 return; 5203 } 5204 5205 /* ARGSUSED */ 5206 static void 5207 run_updateslot_cb(void *arg) 5208 { 5209 struct ieee80211com *ic = arg; 5210 struct run_softc *sc = ic->ic_softc; 5211 uint32_t tmp; 5212 5213 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5214 tmp &= ~0xff; 5215 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5216 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5217 } 5218 5219 static void 5220 run_update_mcast(struct ieee80211com *ic) 5221 { 5222 } 5223 5224 static int8_t 5225 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5226 { 5227 struct ieee80211com *ic = &sc->sc_ic; 5228 struct ieee80211_channel *c = ic->ic_curchan; 5229 int delta; 5230 5231 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5232 u_int chan = ieee80211_chan2ieee(ic, c); 5233 delta = sc->rssi_5ghz[rxchain]; 5234 5235 /* determine channel group */ 5236 if (chan <= 64) 5237 delta -= sc->lna[1]; 5238 else if (chan <= 128) 5239 delta -= sc->lna[2]; 5240 else 5241 delta -= sc->lna[3]; 5242 } else 5243 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5244 5245 return (-12 - delta - rssi); 5246 } 5247 5248 static void 5249 run_rt5390_bbp_init(struct run_softc *sc) 5250 { 5251 int i; 5252 uint8_t bbp; 5253 5254 /* Apply maximum likelihood detection for 2 stream case. */ 5255 run_bbp_read(sc, 105, &bbp); 5256 if (sc->nrxchains > 1) 5257 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5258 5259 /* Avoid data lost and CRC error. */ 5260 run_bbp_read(sc, 4, &bbp); 5261 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5262 5263 if (sc->mac_ver == 0x5592) { 5264 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5265 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5266 rt5592_def_bbp[i].val); 5267 } 5268 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5269 run_bbp_write(sc, 195, i + 0x80); 5270 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5271 } 5272 } else { 5273 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5274 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5275 rt5390_def_bbp[i].val); 5276 } 5277 } 5278 if (sc->mac_ver == 0x5392) { 5279 run_bbp_write(sc, 88, 0x90); 5280 run_bbp_write(sc, 95, 0x9a); 5281 run_bbp_write(sc, 98, 0x12); 5282 run_bbp_write(sc, 106, 0x12); 5283 run_bbp_write(sc, 134, 0xd0); 5284 run_bbp_write(sc, 135, 0xf6); 5285 run_bbp_write(sc, 148, 0x84); 5286 } 5287 5288 run_bbp_read(sc, 152, &bbp); 5289 run_bbp_write(sc, 152, bbp | 0x80); 5290 5291 /* Fix BBP254 for RT5592C. */ 5292 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5293 run_bbp_read(sc, 254, &bbp); 5294 run_bbp_write(sc, 254, bbp | 0x80); 5295 } 5296 5297 /* Disable hardware antenna diversity. */ 5298 if (sc->mac_ver == 0x5390) 5299 run_bbp_write(sc, 154, 0); 5300 5301 /* Initialize Rx CCK/OFDM frequency offset report. */ 5302 run_bbp_write(sc, 142, 1); 5303 run_bbp_write(sc, 143, 57); 5304 } 5305 5306 static int 5307 run_bbp_init(struct run_softc *sc) 5308 { 5309 int i, error, ntries; 5310 uint8_t bbp0; 5311 5312 /* wait for BBP to wake up */ 5313 for (ntries = 0; ntries < 20; ntries++) { 5314 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5315 return error; 5316 if (bbp0 != 0 && bbp0 != 0xff) 5317 break; 5318 } 5319 if (ntries == 20) 5320 return (ETIMEDOUT); 5321 5322 /* initialize BBP registers to default values */ 5323 if (sc->mac_ver >= 0x5390) 5324 run_rt5390_bbp_init(sc); 5325 else { 5326 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5327 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5328 rt2860_def_bbp[i].val); 5329 } 5330 } 5331 5332 if (sc->mac_ver == 0x3593) { 5333 run_bbp_write(sc, 79, 0x13); 5334 run_bbp_write(sc, 80, 0x05); 5335 run_bbp_write(sc, 81, 0x33); 5336 run_bbp_write(sc, 86, 0x46); 5337 run_bbp_write(sc, 137, 0x0f); 5338 } 5339 5340 /* fix BBP84 for RT2860E */ 5341 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5342 run_bbp_write(sc, 84, 0x19); 5343 5344 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5345 sc->mac_ver != 0x5592)) { 5346 run_bbp_write(sc, 79, 0x13); 5347 run_bbp_write(sc, 80, 0x05); 5348 run_bbp_write(sc, 81, 0x33); 5349 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5350 run_bbp_write(sc, 69, 0x16); 5351 run_bbp_write(sc, 73, 0x12); 5352 } 5353 return (0); 5354 } 5355 5356 static int 5357 run_rt3070_rf_init(struct run_softc *sc) 5358 { 5359 uint32_t tmp; 5360 uint8_t bbp4, mingain, rf, target; 5361 int i; 5362 5363 run_rt3070_rf_read(sc, 30, &rf); 5364 /* toggle RF R30 bit 7 */ 5365 run_rt3070_rf_write(sc, 30, rf | 0x80); 5366 run_delay(sc, 10); 5367 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5368 5369 /* initialize RF registers to default value */ 5370 if (sc->mac_ver == 0x3572) { 5371 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5372 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5373 rt3572_def_rf[i].val); 5374 } 5375 } else { 5376 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5377 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5378 rt3070_def_rf[i].val); 5379 } 5380 } 5381 5382 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5383 /* 5384 * Change voltage from 1.2V to 1.35V for RT3070. 5385 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5386 * in RT3070(F). 5387 */ 5388 run_read(sc, RT3070_LDO_CFG0, &tmp); 5389 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5390 run_write(sc, RT3070_LDO_CFG0, tmp); 5391 5392 } else if (sc->mac_ver == 0x3071) { 5393 run_rt3070_rf_read(sc, 6, &rf); 5394 run_rt3070_rf_write(sc, 6, rf | 0x40); 5395 run_rt3070_rf_write(sc, 31, 0x14); 5396 5397 run_read(sc, RT3070_LDO_CFG0, &tmp); 5398 tmp &= ~0x1f000000; 5399 if (sc->mac_rev < 0x0211) 5400 tmp |= 0x0d000000; /* 1.3V */ 5401 else 5402 tmp |= 0x01000000; /* 1.2V */ 5403 run_write(sc, RT3070_LDO_CFG0, tmp); 5404 5405 /* patch LNA_PE_G1 */ 5406 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5407 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5408 5409 } else if (sc->mac_ver == 0x3572) { 5410 run_rt3070_rf_read(sc, 6, &rf); 5411 run_rt3070_rf_write(sc, 6, rf | 0x40); 5412 5413 /* increase voltage from 1.2V to 1.35V */ 5414 run_read(sc, RT3070_LDO_CFG0, &tmp); 5415 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5416 run_write(sc, RT3070_LDO_CFG0, tmp); 5417 5418 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5419 run_delay(sc, 1); /* wait for 1msec */ 5420 /* decrease voltage back to 1.2V */ 5421 tmp = (tmp & ~0x1f000000) | 0x01000000; 5422 run_write(sc, RT3070_LDO_CFG0, tmp); 5423 } 5424 } 5425 5426 /* select 20MHz bandwidth */ 5427 run_rt3070_rf_read(sc, 31, &rf); 5428 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5429 5430 /* calibrate filter for 20MHz bandwidth */ 5431 sc->rf24_20mhz = 0x1f; /* default value */ 5432 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5433 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5434 5435 /* select 40MHz bandwidth */ 5436 run_bbp_read(sc, 4, &bbp4); 5437 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5438 run_rt3070_rf_read(sc, 31, &rf); 5439 run_rt3070_rf_write(sc, 31, rf | 0x20); 5440 5441 /* calibrate filter for 40MHz bandwidth */ 5442 sc->rf24_40mhz = 0x2f; /* default value */ 5443 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5444 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5445 5446 /* go back to 20MHz bandwidth */ 5447 run_bbp_read(sc, 4, &bbp4); 5448 run_bbp_write(sc, 4, bbp4 & ~0x18); 5449 5450 if (sc->mac_ver == 0x3572) { 5451 /* save default BBP registers 25 and 26 values */ 5452 run_bbp_read(sc, 25, &sc->bbp25); 5453 run_bbp_read(sc, 26, &sc->bbp26); 5454 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5455 run_rt3070_rf_write(sc, 27, 0x03); 5456 5457 run_read(sc, RT3070_OPT_14, &tmp); 5458 run_write(sc, RT3070_OPT_14, tmp | 1); 5459 5460 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5461 run_rt3070_rf_read(sc, 17, &rf); 5462 rf &= ~RT3070_TX_LO1; 5463 if ((sc->mac_ver == 0x3070 || 5464 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5465 !sc->ext_2ghz_lna) 5466 rf |= 0x20; /* fix for long range Rx issue */ 5467 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5468 if (sc->txmixgain_2ghz >= mingain) 5469 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5470 run_rt3070_rf_write(sc, 17, rf); 5471 } 5472 5473 if (sc->mac_ver == 0x3071) { 5474 run_rt3070_rf_read(sc, 1, &rf); 5475 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5476 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5477 run_rt3070_rf_write(sc, 1, rf); 5478 5479 run_rt3070_rf_read(sc, 15, &rf); 5480 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5481 5482 run_rt3070_rf_read(sc, 20, &rf); 5483 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5484 5485 run_rt3070_rf_read(sc, 21, &rf); 5486 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5487 } 5488 5489 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5490 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5491 run_rt3070_rf_read(sc, 27, &rf); 5492 rf &= ~0x77; 5493 if (sc->mac_rev < 0x0211) 5494 rf |= 0x03; 5495 run_rt3070_rf_write(sc, 27, rf); 5496 } 5497 return (0); 5498 } 5499 5500 static void 5501 run_rt3593_rf_init(struct run_softc *sc) 5502 { 5503 uint32_t tmp; 5504 uint8_t rf; 5505 int i; 5506 5507 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5508 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5509 tmp &= ~(1 << 4 | 1 << 7); 5510 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5511 5512 /* Initialize RF registers to default value. */ 5513 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5514 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5515 rt3593_def_rf[i].val); 5516 } 5517 5518 /* Toggle RF R2 to initiate calibration. */ 5519 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5520 5521 /* Initialize RF frequency offset. */ 5522 run_adjust_freq_offset(sc); 5523 5524 run_rt3070_rf_read(sc, 18, &rf); 5525 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5526 5527 /* 5528 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5529 * decrease voltage back to 1.2V. 5530 */ 5531 run_read(sc, RT3070_LDO_CFG0, &tmp); 5532 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5533 run_write(sc, RT3070_LDO_CFG0, tmp); 5534 run_delay(sc, 1); 5535 tmp = (tmp & ~0x1f000000) | 0x01000000; 5536 run_write(sc, RT3070_LDO_CFG0, tmp); 5537 5538 sc->rf24_20mhz = 0x1f; 5539 sc->rf24_40mhz = 0x2f; 5540 5541 /* Save default BBP registers 25 and 26 values. */ 5542 run_bbp_read(sc, 25, &sc->bbp25); 5543 run_bbp_read(sc, 26, &sc->bbp26); 5544 5545 run_read(sc, RT3070_OPT_14, &tmp); 5546 run_write(sc, RT3070_OPT_14, tmp | 1); 5547 } 5548 5549 static void 5550 run_rt5390_rf_init(struct run_softc *sc) 5551 { 5552 uint32_t tmp; 5553 uint8_t rf; 5554 int i; 5555 5556 /* Toggle RF R2 to initiate calibration. */ 5557 if (sc->mac_ver == 0x5390) { 5558 run_rt3070_rf_read(sc, 2, &rf); 5559 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5560 run_delay(sc, 10); 5561 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5562 } else { 5563 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5564 run_delay(sc, 10); 5565 } 5566 5567 /* Initialize RF registers to default value. */ 5568 if (sc->mac_ver == 0x5592) { 5569 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5570 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5571 rt5592_def_rf[i].val); 5572 } 5573 /* Initialize RF frequency offset. */ 5574 run_adjust_freq_offset(sc); 5575 } else if (sc->mac_ver == 0x5392) { 5576 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5577 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5578 rt5392_def_rf[i].val); 5579 } 5580 if (sc->mac_rev >= 0x0223) { 5581 run_rt3070_rf_write(sc, 23, 0x0f); 5582 run_rt3070_rf_write(sc, 24, 0x3e); 5583 run_rt3070_rf_write(sc, 51, 0x32); 5584 run_rt3070_rf_write(sc, 53, 0x22); 5585 run_rt3070_rf_write(sc, 56, 0xc1); 5586 run_rt3070_rf_write(sc, 59, 0x0f); 5587 } 5588 } else { 5589 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5590 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5591 rt5390_def_rf[i].val); 5592 } 5593 if (sc->mac_rev >= 0x0502) { 5594 run_rt3070_rf_write(sc, 6, 0xe0); 5595 run_rt3070_rf_write(sc, 25, 0x80); 5596 run_rt3070_rf_write(sc, 46, 0x73); 5597 run_rt3070_rf_write(sc, 53, 0x00); 5598 run_rt3070_rf_write(sc, 56, 0x42); 5599 run_rt3070_rf_write(sc, 61, 0xd1); 5600 } 5601 } 5602 5603 sc->rf24_20mhz = 0x1f; /* default value */ 5604 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5605 5606 if (sc->mac_rev < 0x0211) 5607 run_rt3070_rf_write(sc, 27, 0x3); 5608 5609 run_read(sc, RT3070_OPT_14, &tmp); 5610 run_write(sc, RT3070_OPT_14, tmp | 1); 5611 } 5612 5613 static int 5614 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5615 uint8_t *val) 5616 { 5617 uint8_t rf22, rf24; 5618 uint8_t bbp55_pb, bbp55_sb, delta; 5619 int ntries; 5620 5621 /* program filter */ 5622 run_rt3070_rf_read(sc, 24, &rf24); 5623 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5624 run_rt3070_rf_write(sc, 24, rf24); 5625 5626 /* enable baseband loopback mode */ 5627 run_rt3070_rf_read(sc, 22, &rf22); 5628 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5629 5630 /* set power and frequency of passband test tone */ 5631 run_bbp_write(sc, 24, 0x00); 5632 for (ntries = 0; ntries < 100; ntries++) { 5633 /* transmit test tone */ 5634 run_bbp_write(sc, 25, 0x90); 5635 run_delay(sc, 10); 5636 /* read received power */ 5637 run_bbp_read(sc, 55, &bbp55_pb); 5638 if (bbp55_pb != 0) 5639 break; 5640 } 5641 if (ntries == 100) 5642 return (ETIMEDOUT); 5643 5644 /* set power and frequency of stopband test tone */ 5645 run_bbp_write(sc, 24, 0x06); 5646 for (ntries = 0; ntries < 100; ntries++) { 5647 /* transmit test tone */ 5648 run_bbp_write(sc, 25, 0x90); 5649 run_delay(sc, 10); 5650 /* read received power */ 5651 run_bbp_read(sc, 55, &bbp55_sb); 5652 5653 delta = bbp55_pb - bbp55_sb; 5654 if (delta > target) 5655 break; 5656 5657 /* reprogram filter */ 5658 rf24++; 5659 run_rt3070_rf_write(sc, 24, rf24); 5660 } 5661 if (ntries < 100) { 5662 if (rf24 != init) 5663 rf24--; /* backtrack */ 5664 *val = rf24; 5665 run_rt3070_rf_write(sc, 24, rf24); 5666 } 5667 5668 /* restore initial state */ 5669 run_bbp_write(sc, 24, 0x00); 5670 5671 /* disable baseband loopback mode */ 5672 run_rt3070_rf_read(sc, 22, &rf22); 5673 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5674 5675 return (0); 5676 } 5677 5678 static void 5679 run_rt3070_rf_setup(struct run_softc *sc) 5680 { 5681 uint8_t bbp, rf; 5682 int i; 5683 5684 if (sc->mac_ver == 0x3572) { 5685 /* enable DC filter */ 5686 if (sc->mac_rev >= 0x0201) 5687 run_bbp_write(sc, 103, 0xc0); 5688 5689 run_bbp_read(sc, 138, &bbp); 5690 if (sc->ntxchains == 1) 5691 bbp |= 0x20; /* turn off DAC1 */ 5692 if (sc->nrxchains == 1) 5693 bbp &= ~0x02; /* turn off ADC1 */ 5694 run_bbp_write(sc, 138, bbp); 5695 5696 if (sc->mac_rev >= 0x0211) { 5697 /* improve power consumption */ 5698 run_bbp_read(sc, 31, &bbp); 5699 run_bbp_write(sc, 31, bbp & ~0x03); 5700 } 5701 5702 run_rt3070_rf_read(sc, 16, &rf); 5703 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5704 run_rt3070_rf_write(sc, 16, rf); 5705 5706 } else if (sc->mac_ver == 0x3071) { 5707 if (sc->mac_rev >= 0x0211) { 5708 /* enable DC filter */ 5709 run_bbp_write(sc, 103, 0xc0); 5710 5711 /* improve power consumption */ 5712 run_bbp_read(sc, 31, &bbp); 5713 run_bbp_write(sc, 31, bbp & ~0x03); 5714 } 5715 5716 run_bbp_read(sc, 138, &bbp); 5717 if (sc->ntxchains == 1) 5718 bbp |= 0x20; /* turn off DAC1 */ 5719 if (sc->nrxchains == 1) 5720 bbp &= ~0x02; /* turn off ADC1 */ 5721 run_bbp_write(sc, 138, bbp); 5722 5723 run_write(sc, RT2860_TX_SW_CFG1, 0); 5724 if (sc->mac_rev < 0x0211) { 5725 run_write(sc, RT2860_TX_SW_CFG2, 5726 sc->patch_dac ? 0x2c : 0x0f); 5727 } else 5728 run_write(sc, RT2860_TX_SW_CFG2, 0); 5729 5730 } else if (sc->mac_ver == 0x3070) { 5731 if (sc->mac_rev >= 0x0201) { 5732 /* enable DC filter */ 5733 run_bbp_write(sc, 103, 0xc0); 5734 5735 /* improve power consumption */ 5736 run_bbp_read(sc, 31, &bbp); 5737 run_bbp_write(sc, 31, bbp & ~0x03); 5738 } 5739 5740 if (sc->mac_rev < 0x0201) { 5741 run_write(sc, RT2860_TX_SW_CFG1, 0); 5742 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5743 } else 5744 run_write(sc, RT2860_TX_SW_CFG2, 0); 5745 } 5746 5747 /* initialize RF registers from ROM for >=RT3071*/ 5748 if (sc->mac_ver >= 0x3071) { 5749 for (i = 0; i < 10; i++) { 5750 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5751 continue; 5752 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5753 } 5754 } 5755 } 5756 5757 static void 5758 run_rt3593_rf_setup(struct run_softc *sc) 5759 { 5760 uint8_t bbp, rf; 5761 5762 if (sc->mac_rev >= 0x0211) { 5763 /* Enable DC filter. */ 5764 run_bbp_write(sc, 103, 0xc0); 5765 } 5766 run_write(sc, RT2860_TX_SW_CFG1, 0); 5767 if (sc->mac_rev < 0x0211) { 5768 run_write(sc, RT2860_TX_SW_CFG2, 5769 sc->patch_dac ? 0x2c : 0x0f); 5770 } else 5771 run_write(sc, RT2860_TX_SW_CFG2, 0); 5772 5773 run_rt3070_rf_read(sc, 50, &rf); 5774 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5775 5776 run_rt3070_rf_read(sc, 51, &rf); 5777 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5778 ((sc->txmixgain_2ghz & 0x07) << 2); 5779 run_rt3070_rf_write(sc, 51, rf); 5780 5781 run_rt3070_rf_read(sc, 38, &rf); 5782 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5783 5784 run_rt3070_rf_read(sc, 39, &rf); 5785 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5786 5787 run_rt3070_rf_read(sc, 1, &rf); 5788 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5789 5790 run_rt3070_rf_read(sc, 30, &rf); 5791 rf = (rf & ~0x18) | 0x10; 5792 run_rt3070_rf_write(sc, 30, rf); 5793 5794 /* Apply maximum likelihood detection for 2 stream case. */ 5795 run_bbp_read(sc, 105, &bbp); 5796 if (sc->nrxchains > 1) 5797 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5798 5799 /* Avoid data lost and CRC error. */ 5800 run_bbp_read(sc, 4, &bbp); 5801 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5802 5803 run_bbp_write(sc, 92, 0x02); 5804 run_bbp_write(sc, 82, 0x82); 5805 run_bbp_write(sc, 106, 0x05); 5806 run_bbp_write(sc, 104, 0x92); 5807 run_bbp_write(sc, 88, 0x90); 5808 run_bbp_write(sc, 148, 0xc8); 5809 run_bbp_write(sc, 47, 0x48); 5810 run_bbp_write(sc, 120, 0x50); 5811 5812 run_bbp_write(sc, 163, 0x9d); 5813 5814 /* SNR mapping. */ 5815 run_bbp_write(sc, 142, 0x06); 5816 run_bbp_write(sc, 143, 0xa0); 5817 run_bbp_write(sc, 142, 0x07); 5818 run_bbp_write(sc, 143, 0xa1); 5819 run_bbp_write(sc, 142, 0x08); 5820 run_bbp_write(sc, 143, 0xa2); 5821 5822 run_bbp_write(sc, 31, 0x08); 5823 run_bbp_write(sc, 68, 0x0b); 5824 run_bbp_write(sc, 105, 0x04); 5825 } 5826 5827 static void 5828 run_rt5390_rf_setup(struct run_softc *sc) 5829 { 5830 uint8_t bbp, rf; 5831 5832 if (sc->mac_rev >= 0x0211) { 5833 /* Enable DC filter. */ 5834 run_bbp_write(sc, 103, 0xc0); 5835 5836 if (sc->mac_ver != 0x5592) { 5837 /* Improve power consumption. */ 5838 run_bbp_read(sc, 31, &bbp); 5839 run_bbp_write(sc, 31, bbp & ~0x03); 5840 } 5841 } 5842 5843 run_bbp_read(sc, 138, &bbp); 5844 if (sc->ntxchains == 1) 5845 bbp |= 0x20; /* turn off DAC1 */ 5846 if (sc->nrxchains == 1) 5847 bbp &= ~0x02; /* turn off ADC1 */ 5848 run_bbp_write(sc, 138, bbp); 5849 5850 run_rt3070_rf_read(sc, 38, &rf); 5851 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5852 5853 run_rt3070_rf_read(sc, 39, &rf); 5854 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5855 5856 /* Avoid data lost and CRC error. */ 5857 run_bbp_read(sc, 4, &bbp); 5858 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5859 5860 run_rt3070_rf_read(sc, 30, &rf); 5861 rf = (rf & ~0x18) | 0x10; 5862 run_rt3070_rf_write(sc, 30, rf); 5863 5864 if (sc->mac_ver != 0x5592) { 5865 run_write(sc, RT2860_TX_SW_CFG1, 0); 5866 if (sc->mac_rev < 0x0211) { 5867 run_write(sc, RT2860_TX_SW_CFG2, 5868 sc->patch_dac ? 0x2c : 0x0f); 5869 } else 5870 run_write(sc, RT2860_TX_SW_CFG2, 0); 5871 } 5872 } 5873 5874 static int 5875 run_txrx_enable(struct run_softc *sc) 5876 { 5877 struct ieee80211com *ic = &sc->sc_ic; 5878 uint32_t tmp; 5879 int error, ntries; 5880 5881 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5882 for (ntries = 0; ntries < 200; ntries++) { 5883 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5884 return (error); 5885 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5886 break; 5887 run_delay(sc, 50); 5888 } 5889 if (ntries == 200) 5890 return (ETIMEDOUT); 5891 5892 run_delay(sc, 50); 5893 5894 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5895 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5896 5897 /* enable Rx bulk aggregation (set timeout and limit) */ 5898 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5899 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5900 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5901 5902 /* set Rx filter */ 5903 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5904 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5905 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5906 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5907 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5908 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5909 if (ic->ic_opmode == IEEE80211_M_STA) 5910 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5911 } 5912 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5913 5914 run_write(sc, RT2860_MAC_SYS_CTRL, 5915 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5916 5917 return (0); 5918 } 5919 5920 static void 5921 run_adjust_freq_offset(struct run_softc *sc) 5922 { 5923 uint8_t rf, tmp; 5924 5925 run_rt3070_rf_read(sc, 17, &rf); 5926 tmp = rf; 5927 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5928 rf = MIN(rf, 0x5f); 5929 5930 if (tmp != rf) 5931 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5932 } 5933 5934 static void 5935 run_init_locked(struct run_softc *sc) 5936 { 5937 struct ieee80211com *ic = &sc->sc_ic; 5938 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5939 uint32_t tmp; 5940 uint8_t bbp1, bbp3; 5941 int i; 5942 int ridx; 5943 int ntries; 5944 5945 if (ic->ic_nrunning > 1) 5946 return; 5947 5948 run_stop(sc); 5949 5950 if (run_load_microcode(sc) != 0) { 5951 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5952 goto fail; 5953 } 5954 5955 for (ntries = 0; ntries < 100; ntries++) { 5956 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5957 goto fail; 5958 if (tmp != 0 && tmp != 0xffffffff) 5959 break; 5960 run_delay(sc, 10); 5961 } 5962 if (ntries == 100) 5963 goto fail; 5964 5965 for (i = 0; i != RUN_EP_QUEUES; i++) 5966 run_setup_tx_list(sc, &sc->sc_epq[i]); 5967 5968 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5969 5970 for (ntries = 0; ntries < 100; ntries++) { 5971 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5972 goto fail; 5973 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5974 break; 5975 run_delay(sc, 10); 5976 } 5977 if (ntries == 100) { 5978 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5979 goto fail; 5980 } 5981 tmp &= 0xff0; 5982 tmp |= RT2860_TX_WB_DDONE; 5983 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5984 5985 /* turn off PME_OEN to solve high-current issue */ 5986 run_read(sc, RT2860_SYS_CTRL, &tmp); 5987 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5988 5989 run_write(sc, RT2860_MAC_SYS_CTRL, 5990 RT2860_BBP_HRST | RT2860_MAC_SRST); 5991 run_write(sc, RT2860_USB_DMA_CFG, 0); 5992 5993 if (run_reset(sc) != 0) { 5994 device_printf(sc->sc_dev, "could not reset chipset\n"); 5995 goto fail; 5996 } 5997 5998 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5999 6000 /* init Tx power for all Tx rates (from EEPROM) */ 6001 for (ridx = 0; ridx < 5; ridx++) { 6002 if (sc->txpow20mhz[ridx] == 0xffffffff) 6003 continue; 6004 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6005 } 6006 6007 for (i = 0; i < nitems(rt2870_def_mac); i++) 6008 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6009 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6010 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6011 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6012 6013 if (sc->mac_ver >= 0x5390) { 6014 run_write(sc, RT2860_TX_SW_CFG0, 6015 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6016 if (sc->mac_ver >= 0x5392) { 6017 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6018 if (sc->mac_ver == 0x5592) { 6019 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6020 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6021 } else { 6022 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6023 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6024 } 6025 } 6026 } else if (sc->mac_ver == 0x3593) { 6027 run_write(sc, RT2860_TX_SW_CFG0, 6028 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6029 } else if (sc->mac_ver >= 0x3070) { 6030 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6031 run_write(sc, RT2860_TX_SW_CFG0, 6032 4 << RT2860_DLY_PAPE_EN_SHIFT); 6033 } 6034 6035 /* wait while MAC is busy */ 6036 for (ntries = 0; ntries < 100; ntries++) { 6037 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6038 goto fail; 6039 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6040 break; 6041 run_delay(sc, 10); 6042 } 6043 if (ntries == 100) 6044 goto fail; 6045 6046 /* clear Host to MCU mailbox */ 6047 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6048 run_write(sc, RT2860_H2M_MAILBOX, 0); 6049 run_delay(sc, 10); 6050 6051 if (run_bbp_init(sc) != 0) { 6052 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6053 goto fail; 6054 } 6055 6056 /* abort TSF synchronization */ 6057 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6058 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6059 RT2860_TBTT_TIMER_EN); 6060 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6061 6062 /* clear RX WCID search table */ 6063 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6064 /* clear WCID attribute table */ 6065 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6066 6067 /* hostapd sets a key before init. So, don't clear it. */ 6068 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6069 /* clear shared key table */ 6070 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6071 /* clear shared key mode */ 6072 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6073 } 6074 6075 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6076 tmp = (tmp & ~0xff) | 0x1e; 6077 run_write(sc, RT2860_US_CYC_CNT, tmp); 6078 6079 if (sc->mac_rev != 0x0101) 6080 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6081 6082 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6083 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6084 6085 /* write vendor-specific BBP values (from EEPROM) */ 6086 if (sc->mac_ver < 0x3593) { 6087 for (i = 0; i < 10; i++) { 6088 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6089 continue; 6090 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6091 } 6092 } 6093 6094 /* select Main antenna for 1T1R devices */ 6095 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6096 run_set_rx_antenna(sc, 0); 6097 6098 /* send LEDs operating mode to microcontroller */ 6099 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6100 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6101 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6102 6103 if (sc->mac_ver >= 0x5390) 6104 run_rt5390_rf_init(sc); 6105 else if (sc->mac_ver == 0x3593) 6106 run_rt3593_rf_init(sc); 6107 else if (sc->mac_ver >= 0x3070) 6108 run_rt3070_rf_init(sc); 6109 6110 /* disable non-existing Rx chains */ 6111 run_bbp_read(sc, 3, &bbp3); 6112 bbp3 &= ~(1 << 3 | 1 << 4); 6113 if (sc->nrxchains == 2) 6114 bbp3 |= 1 << 3; 6115 else if (sc->nrxchains == 3) 6116 bbp3 |= 1 << 4; 6117 run_bbp_write(sc, 3, bbp3); 6118 6119 /* disable non-existing Tx chains */ 6120 run_bbp_read(sc, 1, &bbp1); 6121 if (sc->ntxchains == 1) 6122 bbp1 &= ~(1 << 3 | 1 << 4); 6123 run_bbp_write(sc, 1, bbp1); 6124 6125 if (sc->mac_ver >= 0x5390) 6126 run_rt5390_rf_setup(sc); 6127 else if (sc->mac_ver == 0x3593) 6128 run_rt3593_rf_setup(sc); 6129 else if (sc->mac_ver >= 0x3070) 6130 run_rt3070_rf_setup(sc); 6131 6132 /* select default channel */ 6133 run_set_chan(sc, ic->ic_curchan); 6134 6135 /* setup initial protection mode */ 6136 run_updateprot_cb(ic); 6137 6138 /* turn radio LED on */ 6139 run_set_leds(sc, RT2860_LED_RADIO); 6140 6141 sc->sc_flags |= RUN_RUNNING; 6142 sc->cmdq_run = RUN_CMDQ_GO; 6143 6144 for (i = 0; i != RUN_N_XFER; i++) 6145 usbd_xfer_set_stall(sc->sc_xfer[i]); 6146 6147 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6148 6149 if (run_txrx_enable(sc) != 0) 6150 goto fail; 6151 6152 return; 6153 6154 fail: 6155 run_stop(sc); 6156 } 6157 6158 static void 6159 run_stop(void *arg) 6160 { 6161 struct run_softc *sc = (struct run_softc *)arg; 6162 uint32_t tmp; 6163 int i; 6164 int ntries; 6165 6166 RUN_LOCK_ASSERT(sc, MA_OWNED); 6167 6168 if (sc->sc_flags & RUN_RUNNING) 6169 run_set_leds(sc, 0); /* turn all LEDs off */ 6170 6171 sc->sc_flags &= ~RUN_RUNNING; 6172 6173 sc->ratectl_run = RUN_RATECTL_OFF; 6174 sc->cmdq_run = sc->cmdq_key_set; 6175 6176 RUN_UNLOCK(sc); 6177 6178 for(i = 0; i < RUN_N_XFER; i++) 6179 usbd_transfer_drain(sc->sc_xfer[i]); 6180 6181 RUN_LOCK(sc); 6182 6183 run_drain_mbufq(sc); 6184 6185 if (sc->rx_m != NULL) { 6186 m_free(sc->rx_m); 6187 sc->rx_m = NULL; 6188 } 6189 6190 /* Disable Tx/Rx DMA. */ 6191 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6192 return; 6193 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6194 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6195 6196 for (ntries = 0; ntries < 100; ntries++) { 6197 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6198 return; 6199 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6200 break; 6201 run_delay(sc, 10); 6202 } 6203 if (ntries == 100) { 6204 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6205 return; 6206 } 6207 6208 /* disable Tx/Rx */ 6209 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6210 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6211 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6212 6213 /* wait for pending Tx to complete */ 6214 for (ntries = 0; ntries < 100; ntries++) { 6215 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6216 DPRINTF("Cannot read Tx queue count\n"); 6217 break; 6218 } 6219 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6220 DPRINTF("All Tx cleared\n"); 6221 break; 6222 } 6223 run_delay(sc, 10); 6224 } 6225 if (ntries >= 100) 6226 DPRINTF("There are still pending Tx\n"); 6227 run_delay(sc, 10); 6228 run_write(sc, RT2860_USB_DMA_CFG, 0); 6229 6230 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6231 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6232 6233 for (i = 0; i != RUN_EP_QUEUES; i++) 6234 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6235 } 6236 6237 static void 6238 run_delay(struct run_softc *sc, u_int ms) 6239 { 6240 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6241 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6242 } 6243 6244 static device_method_t run_methods[] = { 6245 /* Device interface */ 6246 DEVMETHOD(device_probe, run_match), 6247 DEVMETHOD(device_attach, run_attach), 6248 DEVMETHOD(device_detach, run_detach), 6249 DEVMETHOD_END 6250 }; 6251 6252 static driver_t run_driver = { 6253 .name = "run", 6254 .methods = run_methods, 6255 .size = sizeof(struct run_softc) 6256 }; 6257 6258 static devclass_t run_devclass; 6259 6260 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6261 MODULE_DEPEND(run, wlan, 1, 1, 1); 6262 MODULE_DEPEND(run, usb, 1, 1, 1); 6263 MODULE_DEPEND(run, firmware, 1, 1, 1); 6264 MODULE_VERSION(run, 1); 6265