1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 #define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103 #define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(OVISLINK, RT3072), 250 RUN_DEV(PARA, RT3070), 251 RUN_DEV(PEGATRON, RT2870), 252 RUN_DEV(PEGATRON, RT3070), 253 RUN_DEV(PEGATRON, RT3070_2), 254 RUN_DEV(PEGATRON, RT3070_3), 255 RUN_DEV(PHILIPS, RT2870), 256 RUN_DEV(PLANEX2, GWUS300MINIS), 257 RUN_DEV(PLANEX2, GWUSMICRON), 258 RUN_DEV(PLANEX2, RT2870), 259 RUN_DEV(PLANEX2, RT3070), 260 RUN_DEV(QCOM, RT2870), 261 RUN_DEV(QUANTA, RT3070), 262 RUN_DEV(RALINK, RT2070), 263 RUN_DEV(RALINK, RT2770), 264 RUN_DEV(RALINK, RT2870), 265 RUN_DEV(RALINK, RT3070), 266 RUN_DEV(RALINK, RT3071), 267 RUN_DEV(RALINK, RT3072), 268 RUN_DEV(RALINK, RT3370), 269 RUN_DEV(RALINK, RT3572), 270 RUN_DEV(RALINK, RT3573), 271 RUN_DEV(RALINK, RT5370), 272 RUN_DEV(RALINK, RT5572), 273 RUN_DEV(RALINK, RT8070), 274 RUN_DEV(SAMSUNG, WIS09ABGN), 275 RUN_DEV(SAMSUNG2, RT2870_1), 276 RUN_DEV(SENAO, RT2870_1), 277 RUN_DEV(SENAO, RT2870_2), 278 RUN_DEV(SENAO, RT2870_3), 279 RUN_DEV(SENAO, RT2870_4), 280 RUN_DEV(SENAO, RT3070), 281 RUN_DEV(SENAO, RT3071), 282 RUN_DEV(SENAO, RT3072_1), 283 RUN_DEV(SENAO, RT3072_2), 284 RUN_DEV(SENAO, RT3072_3), 285 RUN_DEV(SENAO, RT3072_4), 286 RUN_DEV(SENAO, RT3072_5), 287 RUN_DEV(SITECOMEU, RT2770), 288 RUN_DEV(SITECOMEU, RT2870_1), 289 RUN_DEV(SITECOMEU, RT2870_2), 290 RUN_DEV(SITECOMEU, RT2870_3), 291 RUN_DEV(SITECOMEU, RT2870_4), 292 RUN_DEV(SITECOMEU, RT3070), 293 RUN_DEV(SITECOMEU, RT3070_2), 294 RUN_DEV(SITECOMEU, RT3070_3), 295 RUN_DEV(SITECOMEU, RT3070_4), 296 RUN_DEV(SITECOMEU, RT3071), 297 RUN_DEV(SITECOMEU, RT3072_1), 298 RUN_DEV(SITECOMEU, RT3072_2), 299 RUN_DEV(SITECOMEU, RT3072_3), 300 RUN_DEV(SITECOMEU, RT3072_4), 301 RUN_DEV(SITECOMEU, RT3072_5), 302 RUN_DEV(SITECOMEU, RT3072_6), 303 RUN_DEV(SITECOMEU, WL608), 304 RUN_DEV(SPARKLAN, RT2870_1), 305 RUN_DEV(SPARKLAN, RT3070), 306 RUN_DEV(SWEEX2, LW153), 307 RUN_DEV(SWEEX2, LW303), 308 RUN_DEV(SWEEX2, LW313), 309 RUN_DEV(TOSHIBA, RT3070), 310 RUN_DEV(UMEDIA, RT2870_1), 311 RUN_DEV(ZCOM, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_2), 313 RUN_DEV(ZINWELL, RT2870_1), 314 RUN_DEV(ZINWELL, RT2870_2), 315 RUN_DEV(ZINWELL, RT3070), 316 RUN_DEV(ZINWELL, RT3072_1), 317 RUN_DEV(ZINWELL, RT3072_2), 318 RUN_DEV(ZYXEL, RT2870_1), 319 RUN_DEV(ZYXEL, RT2870_2), 320 RUN_DEV(ZYXEL, RT3070), 321 RUN_DEV_EJECT(ZYXEL, NWD2705), 322 RUN_DEV_EJECT(RALINK, RT_STOR), 323 #undef RUN_DEV_EJECT 324 #undef RUN_DEV 325 }; 326 327 static device_probe_t run_match; 328 static device_attach_t run_attach; 329 static device_detach_t run_detach; 330 331 static usb_callback_t run_bulk_rx_callback; 332 static usb_callback_t run_bulk_tx_callback0; 333 static usb_callback_t run_bulk_tx_callback1; 334 static usb_callback_t run_bulk_tx_callback2; 335 static usb_callback_t run_bulk_tx_callback3; 336 static usb_callback_t run_bulk_tx_callback4; 337 static usb_callback_t run_bulk_tx_callback5; 338 339 static void run_autoinst(void *, struct usb_device *, 340 struct usb_attach_arg *); 341 static int run_driver_loaded(struct module *, int, void *); 342 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 343 usb_error_t error, u_int index); 344 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 345 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 346 const uint8_t [IEEE80211_ADDR_LEN], 347 const uint8_t [IEEE80211_ADDR_LEN]); 348 static void run_vap_delete(struct ieee80211vap *); 349 static void run_cmdq_cb(void *, int); 350 static void run_setup_tx_list(struct run_softc *, 351 struct run_endpoint_queue *); 352 static void run_unsetup_tx_list(struct run_softc *, 353 struct run_endpoint_queue *); 354 static int run_load_microcode(struct run_softc *); 355 static int run_reset(struct run_softc *); 356 static usb_error_t run_do_request(struct run_softc *, 357 struct usb_device_request *, void *); 358 static int run_read(struct run_softc *, uint16_t, uint32_t *); 359 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 360 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 361 static int run_write(struct run_softc *, uint16_t, uint32_t); 362 static int run_write_region_1(struct run_softc *, uint16_t, 363 const uint8_t *, int); 364 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 365 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 366 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 367 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 369 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 370 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 371 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 372 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 373 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 374 static const char *run_get_rf(uint16_t); 375 static void run_rt3593_get_txpower(struct run_softc *); 376 static void run_get_txpower(struct run_softc *); 377 static int run_read_eeprom(struct run_softc *); 378 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 379 const uint8_t mac[IEEE80211_ADDR_LEN]); 380 static int run_media_change(struct ifnet *); 381 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 382 static int run_wme_update(struct ieee80211com *); 383 static void run_wme_update_cb(void *); 384 static void run_key_set_cb(void *); 385 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 386 static void run_key_delete_cb(void *); 387 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 388 static void run_ratectl_to(void *); 389 static void run_ratectl_cb(void *, int); 390 static void run_drain_fifo(void *); 391 static void run_iter_func(void *, struct ieee80211_node *); 392 static void run_newassoc_cb(void *); 393 static void run_newassoc(struct ieee80211_node *, int); 394 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 395 const struct ieee80211_rx_stats *, int, int); 396 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 397 static void run_tx_free(struct run_endpoint_queue *pq, 398 struct run_tx_data *, int); 399 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 400 static int run_tx(struct run_softc *, struct mbuf *, 401 struct ieee80211_node *); 402 static int run_tx_mgt(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404 static int run_sendprot(struct run_softc *, const struct mbuf *, 405 struct ieee80211_node *, int, int); 406 static int run_tx_param(struct run_softc *, struct mbuf *, 407 struct ieee80211_node *, 408 const struct ieee80211_bpf_params *); 409 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 410 const struct ieee80211_bpf_params *); 411 static int run_transmit(struct ieee80211com *, struct mbuf *); 412 static void run_start(struct run_softc *); 413 static void run_parent(struct ieee80211com *); 414 static void run_iq_calib(struct run_softc *, u_int); 415 static void run_set_agc(struct run_softc *, uint8_t); 416 static void run_select_chan_group(struct run_softc *, int); 417 static void run_set_rx_antenna(struct run_softc *, int); 418 static void run_rt2870_set_chan(struct run_softc *, u_int); 419 static void run_rt3070_set_chan(struct run_softc *, u_int); 420 static void run_rt3572_set_chan(struct run_softc *, u_int); 421 static void run_rt3593_set_chan(struct run_softc *, u_int); 422 static void run_rt5390_set_chan(struct run_softc *, u_int); 423 static void run_rt5592_set_chan(struct run_softc *, u_int); 424 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 425 static void run_set_channel(struct ieee80211com *); 426 static void run_scan_start(struct ieee80211com *); 427 static void run_scan_end(struct ieee80211com *); 428 static void run_update_beacon(struct ieee80211vap *, int); 429 static void run_update_beacon_cb(void *); 430 static void run_updateprot(struct ieee80211com *); 431 static void run_updateprot_cb(void *); 432 static void run_usb_timeout_cb(void *); 433 static void run_reset_livelock(struct run_softc *); 434 static void run_enable_tsf_sync(struct run_softc *); 435 static void run_enable_tsf(struct run_softc *); 436 static void run_get_tsf(struct run_softc *, uint64_t *); 437 static void run_enable_mrr(struct run_softc *); 438 static void run_set_txpreamble(struct run_softc *); 439 static void run_set_basicrates(struct run_softc *); 440 static void run_set_leds(struct run_softc *, uint16_t); 441 static void run_set_bssid(struct run_softc *, const uint8_t *); 442 static void run_set_macaddr(struct run_softc *, const uint8_t *); 443 static void run_updateslot(struct ieee80211com *); 444 static void run_updateslot_cb(void *); 445 static void run_update_mcast(struct ieee80211com *); 446 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 447 static void run_update_promisc_locked(struct run_softc *); 448 static void run_update_promisc(struct ieee80211com *); 449 static void run_rt5390_bbp_init(struct run_softc *); 450 static int run_bbp_init(struct run_softc *); 451 static int run_rt3070_rf_init(struct run_softc *); 452 static void run_rt3593_rf_init(struct run_softc *); 453 static void run_rt5390_rf_init(struct run_softc *); 454 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 455 uint8_t *); 456 static void run_rt3070_rf_setup(struct run_softc *); 457 static void run_rt3593_rf_setup(struct run_softc *); 458 static void run_rt5390_rf_setup(struct run_softc *); 459 static int run_txrx_enable(struct run_softc *); 460 static void run_adjust_freq_offset(struct run_softc *); 461 static void run_init_locked(struct run_softc *); 462 static void run_stop(void *); 463 static void run_delay(struct run_softc *, u_int); 464 465 static eventhandler_tag run_etag; 466 467 static const struct rt2860_rate { 468 uint8_t rate; 469 uint8_t mcs; 470 enum ieee80211_phytype phy; 471 uint8_t ctl_ridx; 472 uint16_t sp_ack_dur; 473 uint16_t lp_ack_dur; 474 } rt2860_rates[] = { 475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 487 }; 488 489 static const struct { 490 uint16_t reg; 491 uint32_t val; 492 } rt2870_def_mac[] = { 493 RT2870_DEF_MAC 494 }; 495 496 static const struct { 497 uint8_t reg; 498 uint8_t val; 499 } rt2860_def_bbp[] = { 500 RT2860_DEF_BBP 501 },rt5390_def_bbp[] = { 502 RT5390_DEF_BBP 503 },rt5592_def_bbp[] = { 504 RT5592_DEF_BBP 505 }; 506 507 /* 508 * Default values for BBP register R196 for RT5592. 509 */ 510 static const uint8_t rt5592_bbp_r196[] = { 511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 519 0x2e, 0x36, 0x30, 0x6e 520 }; 521 522 static const struct rfprog { 523 uint8_t chan; 524 uint32_t r1, r2, r3, r4; 525 } rt2860_rf2850[] = { 526 RT2860_RF2850 527 }; 528 529 struct { 530 uint8_t n, r, k; 531 } rt3070_freqs[] = { 532 RT3070_RF3052 533 }; 534 535 static const struct rt5592_freqs { 536 uint16_t n; 537 uint8_t k, m, r; 538 } rt5592_freqs_20mhz[] = { 539 RT5592_RF5592_20MHZ 540 },rt5592_freqs_40mhz[] = { 541 RT5592_RF5592_40MHZ 542 }; 543 544 static const struct { 545 uint8_t reg; 546 uint8_t val; 547 } rt3070_def_rf[] = { 548 RT3070_DEF_RF 549 },rt3572_def_rf[] = { 550 RT3572_DEF_RF 551 },rt3593_def_rf[] = { 552 RT3593_DEF_RF 553 },rt5390_def_rf[] = { 554 RT5390_DEF_RF 555 },rt5392_def_rf[] = { 556 RT5392_DEF_RF 557 },rt5592_def_rf[] = { 558 RT5592_DEF_RF 559 },rt5592_2ghz_def_rf[] = { 560 RT5592_2GHZ_DEF_RF 561 },rt5592_5ghz_def_rf[] = { 562 RT5592_5GHZ_DEF_RF 563 }; 564 565 static const struct { 566 u_int firstchan; 567 u_int lastchan; 568 uint8_t reg; 569 uint8_t val; 570 } rt5592_chan_5ghz[] = { 571 RT5592_CHAN_5GHZ 572 }; 573 574 static const struct usb_config run_config[RUN_N_XFER] = { 575 [RUN_BULK_TX_BE] = { 576 .type = UE_BULK, 577 .endpoint = UE_ADDR_ANY, 578 .ep_index = 0, 579 .direction = UE_DIR_OUT, 580 .bufsize = RUN_MAX_TXSZ, 581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 582 .callback = run_bulk_tx_callback0, 583 .timeout = 5000, /* ms */ 584 }, 585 [RUN_BULK_TX_BK] = { 586 .type = UE_BULK, 587 .endpoint = UE_ADDR_ANY, 588 .direction = UE_DIR_OUT, 589 .ep_index = 1, 590 .bufsize = RUN_MAX_TXSZ, 591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 592 .callback = run_bulk_tx_callback1, 593 .timeout = 5000, /* ms */ 594 }, 595 [RUN_BULK_TX_VI] = { 596 .type = UE_BULK, 597 .endpoint = UE_ADDR_ANY, 598 .direction = UE_DIR_OUT, 599 .ep_index = 2, 600 .bufsize = RUN_MAX_TXSZ, 601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 602 .callback = run_bulk_tx_callback2, 603 .timeout = 5000, /* ms */ 604 }, 605 [RUN_BULK_TX_VO] = { 606 .type = UE_BULK, 607 .endpoint = UE_ADDR_ANY, 608 .direction = UE_DIR_OUT, 609 .ep_index = 3, 610 .bufsize = RUN_MAX_TXSZ, 611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 612 .callback = run_bulk_tx_callback3, 613 .timeout = 5000, /* ms */ 614 }, 615 [RUN_BULK_TX_HCCA] = { 616 .type = UE_BULK, 617 .endpoint = UE_ADDR_ANY, 618 .direction = UE_DIR_OUT, 619 .ep_index = 4, 620 .bufsize = RUN_MAX_TXSZ, 621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 622 .callback = run_bulk_tx_callback4, 623 .timeout = 5000, /* ms */ 624 }, 625 [RUN_BULK_TX_PRIO] = { 626 .type = UE_BULK, 627 .endpoint = UE_ADDR_ANY, 628 .direction = UE_DIR_OUT, 629 .ep_index = 5, 630 .bufsize = RUN_MAX_TXSZ, 631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 632 .callback = run_bulk_tx_callback5, 633 .timeout = 5000, /* ms */ 634 }, 635 [RUN_BULK_RX] = { 636 .type = UE_BULK, 637 .endpoint = UE_ADDR_ANY, 638 .direction = UE_DIR_IN, 639 .bufsize = RUN_MAX_RXSZ, 640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 641 .callback = run_bulk_rx_callback, 642 } 643 }; 644 645 static void 646 run_autoinst(void *arg, struct usb_device *udev, 647 struct usb_attach_arg *uaa) 648 { 649 struct usb_interface *iface; 650 struct usb_interface_descriptor *id; 651 652 if (uaa->dev_state != UAA_DEV_READY) 653 return; 654 655 iface = usbd_get_iface(udev, 0); 656 if (iface == NULL) 657 return; 658 id = iface->idesc; 659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 660 return; 661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 662 return; 663 664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 665 uaa->dev_state = UAA_DEV_EJECTING; 666 } 667 668 static int 669 run_driver_loaded(struct module *mod, int what, void *arg) 670 { 671 switch (what) { 672 case MOD_LOAD: 673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 675 break; 676 case MOD_UNLOAD: 677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 678 break; 679 default: 680 return (EOPNOTSUPP); 681 } 682 return (0); 683 } 684 685 static int 686 run_match(device_t self) 687 { 688 struct usb_attach_arg *uaa = device_get_ivars(self); 689 690 if (uaa->usb_mode != USB_MODE_HOST) 691 return (ENXIO); 692 if (uaa->info.bConfigIndex != 0) 693 return (ENXIO); 694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 695 return (ENXIO); 696 697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 698 } 699 700 static int 701 run_attach(device_t self) 702 { 703 struct run_softc *sc = device_get_softc(self); 704 struct usb_attach_arg *uaa = device_get_ivars(self); 705 struct ieee80211com *ic = &sc->sc_ic; 706 uint32_t ver; 707 int ntries, error; 708 uint8_t iface_index, bands; 709 710 device_set_usb_desc(self); 711 sc->sc_udev = uaa->device; 712 sc->sc_dev = self; 713 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 714 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 715 716 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 717 MTX_NETWORK_LOCK, MTX_DEF); 718 mbufq_init(&sc->sc_snd, ifqmaxlen); 719 720 iface_index = RT2860_IFACE_INDEX; 721 722 error = usbd_transfer_setup(uaa->device, &iface_index, 723 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 724 if (error) { 725 device_printf(self, "could not allocate USB transfers, " 726 "err=%s\n", usbd_errstr(error)); 727 goto detach; 728 } 729 730 RUN_LOCK(sc); 731 732 /* wait for the chip to settle */ 733 for (ntries = 0; ntries < 100; ntries++) { 734 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 735 RUN_UNLOCK(sc); 736 goto detach; 737 } 738 if (ver != 0 && ver != 0xffffffff) 739 break; 740 run_delay(sc, 10); 741 } 742 if (ntries == 100) { 743 device_printf(sc->sc_dev, 744 "timeout waiting for NIC to initialize\n"); 745 RUN_UNLOCK(sc); 746 goto detach; 747 } 748 sc->mac_ver = ver >> 16; 749 sc->mac_rev = ver & 0xffff; 750 751 /* retrieve RF rev. no and various other things from EEPROM */ 752 run_read_eeprom(sc); 753 754 device_printf(sc->sc_dev, 755 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 756 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 757 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 758 759 RUN_UNLOCK(sc); 760 761 ic->ic_softc = sc; 762 ic->ic_name = device_get_nameunit(self); 763 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 764 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 765 766 /* set device capabilities */ 767 ic->ic_caps = 768 IEEE80211_C_STA | /* station mode supported */ 769 IEEE80211_C_MONITOR | /* monitor mode supported */ 770 IEEE80211_C_IBSS | 771 IEEE80211_C_HOSTAP | 772 IEEE80211_C_WDS | /* 4-address traffic works */ 773 IEEE80211_C_MBSS | 774 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 775 IEEE80211_C_SHSLOT | /* short slot time supported */ 776 IEEE80211_C_WME | /* WME */ 777 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 778 779 ic->ic_cryptocaps = 780 IEEE80211_CRYPTO_WEP | 781 IEEE80211_CRYPTO_AES_CCM | 782 IEEE80211_CRYPTO_TKIPMIC | 783 IEEE80211_CRYPTO_TKIP; 784 785 ic->ic_flags |= IEEE80211_F_DATAPAD; 786 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 787 788 bands = 0; 789 setbit(&bands, IEEE80211_MODE_11B); 790 setbit(&bands, IEEE80211_MODE_11G); 791 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 792 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 793 sc->rf_rev == RT5592_RF_5592) 794 setbit(&bands, IEEE80211_MODE_11A); 795 ieee80211_init_channels(ic, NULL, &bands); 796 797 ieee80211_ifattach(ic); 798 799 ic->ic_scan_start = run_scan_start; 800 ic->ic_scan_end = run_scan_end; 801 ic->ic_set_channel = run_set_channel; 802 ic->ic_node_alloc = run_node_alloc; 803 ic->ic_newassoc = run_newassoc; 804 ic->ic_updateslot = run_updateslot; 805 ic->ic_update_mcast = run_update_mcast; 806 ic->ic_wme.wme_update = run_wme_update; 807 ic->ic_raw_xmit = run_raw_xmit; 808 ic->ic_update_promisc = run_update_promisc; 809 ic->ic_vap_create = run_vap_create; 810 ic->ic_vap_delete = run_vap_delete; 811 ic->ic_transmit = run_transmit; 812 ic->ic_parent = run_parent; 813 814 ieee80211_radiotap_attach(ic, 815 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 816 RUN_TX_RADIOTAP_PRESENT, 817 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 818 RUN_RX_RADIOTAP_PRESENT); 819 820 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 821 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 822 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 823 824 if (bootverbose) 825 ieee80211_announce(ic); 826 827 return (0); 828 829 detach: 830 run_detach(self); 831 return (ENXIO); 832 } 833 834 static int 835 run_detach(device_t self) 836 { 837 struct run_softc *sc = device_get_softc(self); 838 struct ieee80211com *ic = &sc->sc_ic; 839 int i; 840 841 RUN_LOCK(sc); 842 sc->sc_detached = 1; 843 RUN_UNLOCK(sc); 844 845 /* stop all USB transfers */ 846 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 847 848 RUN_LOCK(sc); 849 sc->ratectl_run = RUN_RATECTL_OFF; 850 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 851 852 /* free TX list, if any */ 853 for (i = 0; i != RUN_EP_QUEUES; i++) 854 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 855 RUN_UNLOCK(sc); 856 857 if (sc->sc_ic.ic_softc == sc) { 858 /* drain tasks */ 859 usb_callout_drain(&sc->ratectl_ch); 860 ieee80211_draintask(ic, &sc->cmdq_task); 861 ieee80211_draintask(ic, &sc->ratectl_task); 862 ieee80211_ifdetach(ic); 863 } 864 865 mbufq_drain(&sc->sc_snd); 866 mtx_destroy(&sc->sc_mtx); 867 868 return (0); 869 } 870 871 static struct ieee80211vap * 872 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 873 enum ieee80211_opmode opmode, int flags, 874 const uint8_t bssid[IEEE80211_ADDR_LEN], 875 const uint8_t mac[IEEE80211_ADDR_LEN]) 876 { 877 struct run_softc *sc = ic->ic_softc; 878 struct run_vap *rvp; 879 struct ieee80211vap *vap; 880 int i; 881 882 if (sc->rvp_cnt >= RUN_VAP_MAX) { 883 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 884 return (NULL); 885 } 886 887 switch (opmode) { 888 case IEEE80211_M_STA: 889 /* enable s/w bmiss handling for sta mode */ 890 flags |= IEEE80211_CLONE_NOBEACONS; 891 /* fall though */ 892 case IEEE80211_M_IBSS: 893 case IEEE80211_M_MONITOR: 894 case IEEE80211_M_HOSTAP: 895 case IEEE80211_M_MBSS: 896 /* other than WDS vaps, only one at a time */ 897 if (!TAILQ_EMPTY(&ic->ic_vaps)) 898 return (NULL); 899 break; 900 case IEEE80211_M_WDS: 901 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 902 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 903 continue; 904 /* WDS vap's always share the local mac address. */ 905 flags &= ~IEEE80211_CLONE_BSSID; 906 break; 907 } 908 if (vap == NULL) { 909 device_printf(sc->sc_dev, 910 "wds only supported in ap mode\n"); 911 return (NULL); 912 } 913 break; 914 default: 915 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 916 return (NULL); 917 } 918 919 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 920 vap = &rvp->vap; 921 922 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 923 bssid) != 0) { 924 /* out of memory */ 925 free(rvp, M_80211_VAP); 926 return (NULL); 927 } 928 929 vap->iv_update_beacon = run_update_beacon; 930 vap->iv_max_aid = RT2870_WCID_MAX; 931 /* 932 * To delete the right key from h/w, we need wcid. 933 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 934 * and matching wcid will be written into there. So, cast 935 * some spells to remove 'const' from ieee80211_key{} 936 */ 937 vap->iv_key_delete = (void *)run_key_delete; 938 vap->iv_key_set = (void *)run_key_set; 939 940 /* override state transition machine */ 941 rvp->newstate = vap->iv_newstate; 942 vap->iv_newstate = run_newstate; 943 if (opmode == IEEE80211_M_IBSS) { 944 rvp->recv_mgmt = vap->iv_recv_mgmt; 945 vap->iv_recv_mgmt = run_recv_mgmt; 946 } 947 948 ieee80211_ratectl_init(vap); 949 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 950 951 /* complete setup */ 952 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 953 mac); 954 955 /* make sure id is always unique */ 956 for (i = 0; i < RUN_VAP_MAX; i++) { 957 if((sc->rvp_bmap & 1 << i) == 0){ 958 sc->rvp_bmap |= 1 << i; 959 rvp->rvp_id = i; 960 break; 961 } 962 } 963 if (sc->rvp_cnt++ == 0) 964 ic->ic_opmode = opmode; 965 966 if (opmode == IEEE80211_M_HOSTAP) 967 sc->cmdq_run = RUN_CMDQ_GO; 968 969 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 970 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 971 972 return (vap); 973 } 974 975 static void 976 run_vap_delete(struct ieee80211vap *vap) 977 { 978 struct run_vap *rvp = RUN_VAP(vap); 979 struct ieee80211com *ic; 980 struct run_softc *sc; 981 uint8_t rvp_id; 982 983 if (vap == NULL) 984 return; 985 986 ic = vap->iv_ic; 987 sc = ic->ic_softc; 988 989 RUN_LOCK(sc); 990 991 m_freem(rvp->beacon_mbuf); 992 rvp->beacon_mbuf = NULL; 993 994 rvp_id = rvp->rvp_id; 995 sc->ratectl_run &= ~(1 << rvp_id); 996 sc->rvp_bmap &= ~(1 << rvp_id); 997 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 998 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 999 --sc->rvp_cnt; 1000 1001 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1002 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1003 1004 RUN_UNLOCK(sc); 1005 1006 ieee80211_ratectl_deinit(vap); 1007 ieee80211_vap_detach(vap); 1008 free(rvp, M_80211_VAP); 1009 } 1010 1011 /* 1012 * There are numbers of functions need to be called in context thread. 1013 * Rather than creating taskqueue event for each of those functions, 1014 * here is all-for-one taskqueue callback function. This function 1015 * gurantees deferred functions are executed in the same order they 1016 * were enqueued. 1017 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1018 */ 1019 static void 1020 run_cmdq_cb(void *arg, int pending) 1021 { 1022 struct run_softc *sc = arg; 1023 uint8_t i; 1024 1025 /* call cmdq[].func locked */ 1026 RUN_LOCK(sc); 1027 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1028 i = sc->cmdq_exec, pending--) { 1029 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1030 if (sc->cmdq_run == RUN_CMDQ_GO) { 1031 /* 1032 * If arg0 is NULL, callback func needs more 1033 * than one arg. So, pass ptr to cmdq struct. 1034 */ 1035 if (sc->cmdq[i].arg0) 1036 sc->cmdq[i].func(sc->cmdq[i].arg0); 1037 else 1038 sc->cmdq[i].func(&sc->cmdq[i]); 1039 } 1040 sc->cmdq[i].arg0 = NULL; 1041 sc->cmdq[i].func = NULL; 1042 sc->cmdq_exec++; 1043 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1044 } 1045 RUN_UNLOCK(sc); 1046 } 1047 1048 static void 1049 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1050 { 1051 struct run_tx_data *data; 1052 1053 memset(pq, 0, sizeof(*pq)); 1054 1055 STAILQ_INIT(&pq->tx_qh); 1056 STAILQ_INIT(&pq->tx_fh); 1057 1058 for (data = &pq->tx_data[0]; 1059 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1060 data->sc = sc; 1061 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1062 } 1063 pq->tx_nfree = RUN_TX_RING_COUNT; 1064 } 1065 1066 static void 1067 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1068 { 1069 struct run_tx_data *data; 1070 1071 /* make sure any subsequent use of the queues will fail */ 1072 pq->tx_nfree = 0; 1073 STAILQ_INIT(&pq->tx_fh); 1074 STAILQ_INIT(&pq->tx_qh); 1075 1076 /* free up all node references and mbufs */ 1077 for (data = &pq->tx_data[0]; 1078 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1079 if (data->m != NULL) { 1080 m_freem(data->m); 1081 data->m = NULL; 1082 } 1083 if (data->ni != NULL) { 1084 ieee80211_free_node(data->ni); 1085 data->ni = NULL; 1086 } 1087 } 1088 } 1089 1090 static int 1091 run_load_microcode(struct run_softc *sc) 1092 { 1093 usb_device_request_t req; 1094 const struct firmware *fw; 1095 const u_char *base; 1096 uint32_t tmp; 1097 int ntries, error; 1098 const uint64_t *temp; 1099 uint64_t bytes; 1100 1101 RUN_UNLOCK(sc); 1102 fw = firmware_get("runfw"); 1103 RUN_LOCK(sc); 1104 if (fw == NULL) { 1105 device_printf(sc->sc_dev, 1106 "failed loadfirmware of file %s\n", "runfw"); 1107 return ENOENT; 1108 } 1109 1110 if (fw->datasize != 8192) { 1111 device_printf(sc->sc_dev, 1112 "invalid firmware size (should be 8KB)\n"); 1113 error = EINVAL; 1114 goto fail; 1115 } 1116 1117 /* 1118 * RT3071/RT3072 use a different firmware 1119 * run-rt2870 (8KB) contains both, 1120 * first half (4KB) is for rt2870, 1121 * last half is for rt3071. 1122 */ 1123 base = fw->data; 1124 if ((sc->mac_ver) != 0x2860 && 1125 (sc->mac_ver) != 0x2872 && 1126 (sc->mac_ver) != 0x3070) { 1127 base += 4096; 1128 } 1129 1130 /* cheap sanity check */ 1131 temp = fw->data; 1132 bytes = *temp; 1133 if (bytes != be64toh(0xffffff0210280210ULL)) { 1134 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1135 error = EINVAL; 1136 goto fail; 1137 } 1138 1139 /* write microcode image */ 1140 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1141 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1142 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1143 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1144 } 1145 1146 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1147 req.bRequest = RT2870_RESET; 1148 USETW(req.wValue, 8); 1149 USETW(req.wIndex, 0); 1150 USETW(req.wLength, 0); 1151 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1152 != 0) { 1153 device_printf(sc->sc_dev, "firmware reset failed\n"); 1154 goto fail; 1155 } 1156 1157 run_delay(sc, 10); 1158 1159 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1160 run_write(sc, RT2860_H2M_MAILBOX, 0); 1161 run_write(sc, RT2860_H2M_INTSRC, 0); 1162 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1163 goto fail; 1164 1165 /* wait until microcontroller is ready */ 1166 for (ntries = 0; ntries < 1000; ntries++) { 1167 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1168 goto fail; 1169 if (tmp & RT2860_MCU_READY) 1170 break; 1171 run_delay(sc, 10); 1172 } 1173 if (ntries == 1000) { 1174 device_printf(sc->sc_dev, 1175 "timeout waiting for MCU to initialize\n"); 1176 error = ETIMEDOUT; 1177 goto fail; 1178 } 1179 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1180 (base == fw->data) ? "RT2870" : "RT3071", 1181 *(base + 4092), *(base + 4093)); 1182 1183 fail: 1184 firmware_put(fw, FIRMWARE_UNLOAD); 1185 return (error); 1186 } 1187 1188 static int 1189 run_reset(struct run_softc *sc) 1190 { 1191 usb_device_request_t req; 1192 1193 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1194 req.bRequest = RT2870_RESET; 1195 USETW(req.wValue, 1); 1196 USETW(req.wIndex, 0); 1197 USETW(req.wLength, 0); 1198 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1199 } 1200 1201 static usb_error_t 1202 run_do_request(struct run_softc *sc, 1203 struct usb_device_request *req, void *data) 1204 { 1205 usb_error_t err; 1206 int ntries = 10; 1207 1208 RUN_LOCK_ASSERT(sc, MA_OWNED); 1209 1210 while (ntries--) { 1211 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1212 req, data, 0, NULL, 250 /* ms */); 1213 if (err == 0) 1214 break; 1215 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1216 usbd_errstr(err)); 1217 run_delay(sc, 10); 1218 } 1219 return (err); 1220 } 1221 1222 static int 1223 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1224 { 1225 uint32_t tmp; 1226 int error; 1227 1228 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1229 if (error == 0) 1230 *val = le32toh(tmp); 1231 else 1232 *val = 0xffffffff; 1233 return (error); 1234 } 1235 1236 static int 1237 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1238 { 1239 usb_device_request_t req; 1240 1241 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1242 req.bRequest = RT2870_READ_REGION_1; 1243 USETW(req.wValue, 0); 1244 USETW(req.wIndex, reg); 1245 USETW(req.wLength, len); 1246 1247 return (run_do_request(sc, &req, buf)); 1248 } 1249 1250 static int 1251 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1252 { 1253 usb_device_request_t req; 1254 1255 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1256 req.bRequest = RT2870_WRITE_2; 1257 USETW(req.wValue, val); 1258 USETW(req.wIndex, reg); 1259 USETW(req.wLength, 0); 1260 1261 return (run_do_request(sc, &req, NULL)); 1262 } 1263 1264 static int 1265 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1266 { 1267 int error; 1268 1269 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1270 error = run_write_2(sc, reg + 2, val >> 16); 1271 return (error); 1272 } 1273 1274 static int 1275 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1276 int len) 1277 { 1278 #if 1 1279 int i, error = 0; 1280 /* 1281 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1282 * We thus issue multiple WRITE_2 commands instead. 1283 */ 1284 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1285 for (i = 0; i < len && error == 0; i += 2) 1286 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1287 return (error); 1288 #else 1289 usb_device_request_t req; 1290 int error = 0; 1291 1292 /* 1293 * NOTE: It appears the WRITE_REGION_1 command cannot be 1294 * passed a huge amount of data, which will crash the 1295 * firmware. Limit amount of data passed to 64-bytes at a 1296 * time. 1297 */ 1298 while (len > 0) { 1299 int delta = 64; 1300 if (delta > len) 1301 delta = len; 1302 1303 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1304 req.bRequest = RT2870_WRITE_REGION_1; 1305 USETW(req.wValue, 0); 1306 USETW(req.wIndex, reg); 1307 USETW(req.wLength, delta); 1308 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1309 if (error != 0) 1310 break; 1311 reg += delta; 1312 buf += delta; 1313 len -= delta; 1314 } 1315 return (error); 1316 #endif 1317 } 1318 1319 static int 1320 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1321 { 1322 int i, error = 0; 1323 1324 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1325 for (i = 0; i < len && error == 0; i += 4) 1326 error = run_write(sc, reg + i, val); 1327 return (error); 1328 } 1329 1330 static int 1331 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1332 { 1333 uint32_t tmp; 1334 uint16_t reg; 1335 int error, ntries; 1336 1337 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1338 return (error); 1339 1340 if (count == 2) 1341 addr *= 2; 1342 /*- 1343 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1344 * DATA0: F E D C 1345 * DATA1: B A 9 8 1346 * DATA2: 7 6 5 4 1347 * DATA3: 3 2 1 0 1348 */ 1349 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1350 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1351 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1352 for (ntries = 0; ntries < 100; ntries++) { 1353 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1354 return (error); 1355 if (!(tmp & RT3070_EFSROM_KICK)) 1356 break; 1357 run_delay(sc, 2); 1358 } 1359 if (ntries == 100) 1360 return (ETIMEDOUT); 1361 1362 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1363 *val = 0xffff; /* address not found */ 1364 return (0); 1365 } 1366 /* determine to which 32-bit register our 16-bit word belongs */ 1367 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1368 if ((error = run_read(sc, reg, &tmp)) != 0) 1369 return (error); 1370 1371 tmp >>= (8 * (addr & 0x3)); 1372 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1373 1374 return (0); 1375 } 1376 1377 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1378 static int 1379 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1380 { 1381 return (run_efuse_read(sc, addr, val, 2)); 1382 } 1383 1384 static int 1385 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1386 { 1387 usb_device_request_t req; 1388 uint16_t tmp; 1389 int error; 1390 1391 addr *= 2; 1392 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1393 req.bRequest = RT2870_EEPROM_READ; 1394 USETW(req.wValue, 0); 1395 USETW(req.wIndex, addr); 1396 USETW(req.wLength, sizeof(tmp)); 1397 1398 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1399 if (error == 0) 1400 *val = le16toh(tmp); 1401 else 1402 *val = 0xffff; 1403 return (error); 1404 } 1405 1406 static __inline int 1407 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1408 { 1409 /* either eFUSE ROM or EEPROM */ 1410 return sc->sc_srom_read(sc, addr, val); 1411 } 1412 1413 static int 1414 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1415 { 1416 uint32_t tmp; 1417 int error, ntries; 1418 1419 for (ntries = 0; ntries < 10; ntries++) { 1420 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1421 return (error); 1422 if (!(tmp & RT2860_RF_REG_CTRL)) 1423 break; 1424 } 1425 if (ntries == 10) 1426 return (ETIMEDOUT); 1427 1428 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1429 } 1430 1431 static int 1432 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1433 { 1434 uint32_t tmp; 1435 int error, ntries; 1436 1437 for (ntries = 0; ntries < 100; ntries++) { 1438 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1439 return (error); 1440 if (!(tmp & RT3070_RF_KICK)) 1441 break; 1442 } 1443 if (ntries == 100) 1444 return (ETIMEDOUT); 1445 1446 tmp = RT3070_RF_KICK | reg << 8; 1447 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1448 return (error); 1449 1450 for (ntries = 0; ntries < 100; ntries++) { 1451 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1452 return (error); 1453 if (!(tmp & RT3070_RF_KICK)) 1454 break; 1455 } 1456 if (ntries == 100) 1457 return (ETIMEDOUT); 1458 1459 *val = tmp & 0xff; 1460 return (0); 1461 } 1462 1463 static int 1464 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1465 { 1466 uint32_t tmp; 1467 int error, ntries; 1468 1469 for (ntries = 0; ntries < 10; ntries++) { 1470 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1471 return (error); 1472 if (!(tmp & RT3070_RF_KICK)) 1473 break; 1474 } 1475 if (ntries == 10) 1476 return (ETIMEDOUT); 1477 1478 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1479 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1480 } 1481 1482 static int 1483 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1484 { 1485 uint32_t tmp; 1486 int ntries, error; 1487 1488 for (ntries = 0; ntries < 10; ntries++) { 1489 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1490 return (error); 1491 if (!(tmp & RT2860_BBP_CSR_KICK)) 1492 break; 1493 } 1494 if (ntries == 10) 1495 return (ETIMEDOUT); 1496 1497 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1498 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1499 return (error); 1500 1501 for (ntries = 0; ntries < 10; ntries++) { 1502 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1503 return (error); 1504 if (!(tmp & RT2860_BBP_CSR_KICK)) 1505 break; 1506 } 1507 if (ntries == 10) 1508 return (ETIMEDOUT); 1509 1510 *val = tmp & 0xff; 1511 return (0); 1512 } 1513 1514 static int 1515 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1516 { 1517 uint32_t tmp; 1518 int ntries, error; 1519 1520 for (ntries = 0; ntries < 10; ntries++) { 1521 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1522 return (error); 1523 if (!(tmp & RT2860_BBP_CSR_KICK)) 1524 break; 1525 } 1526 if (ntries == 10) 1527 return (ETIMEDOUT); 1528 1529 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1530 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1531 } 1532 1533 /* 1534 * Send a command to the 8051 microcontroller unit. 1535 */ 1536 static int 1537 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1538 { 1539 uint32_t tmp; 1540 int error, ntries; 1541 1542 for (ntries = 0; ntries < 100; ntries++) { 1543 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1544 return error; 1545 if (!(tmp & RT2860_H2M_BUSY)) 1546 break; 1547 } 1548 if (ntries == 100) 1549 return ETIMEDOUT; 1550 1551 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1552 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1553 error = run_write(sc, RT2860_HOST_CMD, cmd); 1554 return (error); 1555 } 1556 1557 /* 1558 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1559 * Used to adjust per-rate Tx power registers. 1560 */ 1561 static __inline uint32_t 1562 b4inc(uint32_t b32, int8_t delta) 1563 { 1564 int8_t i, b4; 1565 1566 for (i = 0; i < 8; i++) { 1567 b4 = b32 & 0xf; 1568 b4 += delta; 1569 if (b4 < 0) 1570 b4 = 0; 1571 else if (b4 > 0xf) 1572 b4 = 0xf; 1573 b32 = b32 >> 4 | b4 << 28; 1574 } 1575 return (b32); 1576 } 1577 1578 static const char * 1579 run_get_rf(uint16_t rev) 1580 { 1581 switch (rev) { 1582 case RT2860_RF_2820: return "RT2820"; 1583 case RT2860_RF_2850: return "RT2850"; 1584 case RT2860_RF_2720: return "RT2720"; 1585 case RT2860_RF_2750: return "RT2750"; 1586 case RT3070_RF_3020: return "RT3020"; 1587 case RT3070_RF_2020: return "RT2020"; 1588 case RT3070_RF_3021: return "RT3021"; 1589 case RT3070_RF_3022: return "RT3022"; 1590 case RT3070_RF_3052: return "RT3052"; 1591 case RT3593_RF_3053: return "RT3053"; 1592 case RT5592_RF_5592: return "RT5592"; 1593 case RT5390_RF_5370: return "RT5370"; 1594 case RT5390_RF_5372: return "RT5372"; 1595 } 1596 return ("unknown"); 1597 } 1598 1599 static void 1600 run_rt3593_get_txpower(struct run_softc *sc) 1601 { 1602 uint16_t addr, val; 1603 int i; 1604 1605 /* Read power settings for 2GHz channels. */ 1606 for (i = 0; i < 14; i += 2) { 1607 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1608 RT2860_EEPROM_PWR2GHZ_BASE1; 1609 run_srom_read(sc, addr + i / 2, &val); 1610 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1611 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1612 1613 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1614 RT2860_EEPROM_PWR2GHZ_BASE2; 1615 run_srom_read(sc, addr + i / 2, &val); 1616 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1617 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1618 1619 if (sc->ntxchains == 3) { 1620 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1621 &val); 1622 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1623 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1624 } 1625 } 1626 /* Fix broken Tx power entries. */ 1627 for (i = 0; i < 14; i++) { 1628 if (sc->txpow1[i] > 31) 1629 sc->txpow1[i] = 5; 1630 if (sc->txpow2[i] > 31) 1631 sc->txpow2[i] = 5; 1632 if (sc->ntxchains == 3) { 1633 if (sc->txpow3[i] > 31) 1634 sc->txpow3[i] = 5; 1635 } 1636 } 1637 /* Read power settings for 5GHz channels. */ 1638 for (i = 0; i < 40; i += 2) { 1639 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1640 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1641 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1642 1643 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1644 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1645 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1646 1647 if (sc->ntxchains == 3) { 1648 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1649 &val); 1650 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1651 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1652 } 1653 } 1654 } 1655 1656 static void 1657 run_get_txpower(struct run_softc *sc) 1658 { 1659 uint16_t val; 1660 int i; 1661 1662 /* Read power settings for 2GHz channels. */ 1663 for (i = 0; i < 14; i += 2) { 1664 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1665 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1666 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1667 1668 if (sc->mac_ver != 0x5390) { 1669 run_srom_read(sc, 1670 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1671 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1672 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1673 } 1674 } 1675 /* Fix broken Tx power entries. */ 1676 for (i = 0; i < 14; i++) { 1677 if (sc->mac_ver >= 0x5390) { 1678 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1679 sc->txpow1[i] = 5; 1680 } else { 1681 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1682 sc->txpow1[i] = 5; 1683 } 1684 if (sc->mac_ver > 0x5390) { 1685 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1686 sc->txpow2[i] = 5; 1687 } else if (sc->mac_ver < 0x5390) { 1688 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1689 sc->txpow2[i] = 5; 1690 } 1691 DPRINTF("chan %d: power1=%d, power2=%d\n", 1692 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1693 } 1694 /* Read power settings for 5GHz channels. */ 1695 for (i = 0; i < 40; i += 2) { 1696 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1697 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1698 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1699 1700 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1701 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1702 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1703 } 1704 /* Fix broken Tx power entries. */ 1705 for (i = 0; i < 40; i++ ) { 1706 if (sc->mac_ver != 0x5592) { 1707 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1708 sc->txpow1[14 + i] = 5; 1709 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1710 sc->txpow2[14 + i] = 5; 1711 } 1712 DPRINTF("chan %d: power1=%d, power2=%d\n", 1713 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1714 sc->txpow2[14 + i]); 1715 } 1716 } 1717 1718 static int 1719 run_read_eeprom(struct run_softc *sc) 1720 { 1721 struct ieee80211com *ic = &sc->sc_ic; 1722 int8_t delta_2ghz, delta_5ghz; 1723 uint32_t tmp; 1724 uint16_t val; 1725 int ridx, ant, i; 1726 1727 /* check whether the ROM is eFUSE ROM or EEPROM */ 1728 sc->sc_srom_read = run_eeprom_read_2; 1729 if (sc->mac_ver >= 0x3070) { 1730 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1731 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1732 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1733 sc->sc_srom_read = run_efuse_read_2; 1734 } 1735 1736 /* read ROM version */ 1737 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1738 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1739 1740 /* read MAC address */ 1741 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1742 ic->ic_macaddr[0] = val & 0xff; 1743 ic->ic_macaddr[1] = val >> 8; 1744 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1745 ic->ic_macaddr[2] = val & 0xff; 1746 ic->ic_macaddr[3] = val >> 8; 1747 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1748 ic->ic_macaddr[4] = val & 0xff; 1749 ic->ic_macaddr[5] = val >> 8; 1750 1751 if (sc->mac_ver < 0x3593) { 1752 /* read vender BBP settings */ 1753 for (i = 0; i < 10; i++) { 1754 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1755 sc->bbp[i].val = val & 0xff; 1756 sc->bbp[i].reg = val >> 8; 1757 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1758 sc->bbp[i].val); 1759 } 1760 if (sc->mac_ver >= 0x3071) { 1761 /* read vendor RF settings */ 1762 for (i = 0; i < 10; i++) { 1763 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1764 &val); 1765 sc->rf[i].val = val & 0xff; 1766 sc->rf[i].reg = val >> 8; 1767 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1768 sc->rf[i].val); 1769 } 1770 } 1771 } 1772 1773 /* read RF frequency offset from EEPROM */ 1774 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1775 RT3593_EEPROM_FREQ, &val); 1776 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1777 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1778 1779 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1780 RT3593_EEPROM_FREQ_LEDS, &val); 1781 if (val >> 8 != 0xff) { 1782 /* read LEDs operating mode */ 1783 sc->leds = val >> 8; 1784 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1785 RT3593_EEPROM_LED1, &sc->led[0]); 1786 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1787 RT3593_EEPROM_LED2, &sc->led[1]); 1788 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1789 RT3593_EEPROM_LED3, &sc->led[2]); 1790 } else { 1791 /* broken EEPROM, use default settings */ 1792 sc->leds = 0x01; 1793 sc->led[0] = 0x5555; 1794 sc->led[1] = 0x2221; 1795 sc->led[2] = 0x5627; /* differs from RT2860 */ 1796 } 1797 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1798 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1799 1800 /* read RF information */ 1801 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1802 run_srom_read(sc, 0x00, &val); 1803 else 1804 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1805 1806 if (val == 0xffff) { 1807 device_printf(sc->sc_dev, 1808 "invalid EEPROM antenna info, using default\n"); 1809 DPRINTF("invalid EEPROM antenna info, using default\n"); 1810 if (sc->mac_ver == 0x3572) { 1811 /* default to RF3052 2T2R */ 1812 sc->rf_rev = RT3070_RF_3052; 1813 sc->ntxchains = 2; 1814 sc->nrxchains = 2; 1815 } else if (sc->mac_ver >= 0x3070) { 1816 /* default to RF3020 1T1R */ 1817 sc->rf_rev = RT3070_RF_3020; 1818 sc->ntxchains = 1; 1819 sc->nrxchains = 1; 1820 } else { 1821 /* default to RF2820 1T2R */ 1822 sc->rf_rev = RT2860_RF_2820; 1823 sc->ntxchains = 1; 1824 sc->nrxchains = 2; 1825 } 1826 } else { 1827 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1828 sc->rf_rev = val; 1829 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1830 } else 1831 sc->rf_rev = (val >> 8) & 0xf; 1832 sc->ntxchains = (val >> 4) & 0xf; 1833 sc->nrxchains = val & 0xf; 1834 } 1835 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1836 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1837 1838 /* check if RF supports automatic Tx access gain control */ 1839 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1840 DPRINTF("EEPROM CFG 0x%04x\n", val); 1841 /* check if driver should patch the DAC issue */ 1842 if ((val >> 8) != 0xff) 1843 sc->patch_dac = (val >> 15) & 1; 1844 if ((val & 0xff) != 0xff) { 1845 sc->ext_5ghz_lna = (val >> 3) & 1; 1846 sc->ext_2ghz_lna = (val >> 2) & 1; 1847 /* check if RF supports automatic Tx access gain control */ 1848 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1849 /* check if we have a hardware radio switch */ 1850 sc->rfswitch = val & 1; 1851 } 1852 1853 /* Read Tx power settings. */ 1854 if (sc->mac_ver == 0x3593) 1855 run_rt3593_get_txpower(sc); 1856 else 1857 run_get_txpower(sc); 1858 1859 /* read Tx power compensation for each Tx rate */ 1860 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1861 delta_2ghz = delta_5ghz = 0; 1862 if ((val & 0xff) != 0xff && (val & 0x80)) { 1863 delta_2ghz = val & 0xf; 1864 if (!(val & 0x40)) /* negative number */ 1865 delta_2ghz = -delta_2ghz; 1866 } 1867 val >>= 8; 1868 if ((val & 0xff) != 0xff && (val & 0x80)) { 1869 delta_5ghz = val & 0xf; 1870 if (!(val & 0x40)) /* negative number */ 1871 delta_5ghz = -delta_5ghz; 1872 } 1873 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1874 delta_2ghz, delta_5ghz); 1875 1876 for (ridx = 0; ridx < 5; ridx++) { 1877 uint32_t reg; 1878 1879 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1880 reg = val; 1881 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1882 reg |= (uint32_t)val << 16; 1883 1884 sc->txpow20mhz[ridx] = reg; 1885 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1886 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1887 1888 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1889 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1890 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1891 } 1892 1893 /* Read RSSI offsets and LNA gains from EEPROM. */ 1894 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1895 RT3593_EEPROM_RSSI1_2GHZ, &val); 1896 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1897 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1898 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1899 RT3593_EEPROM_RSSI2_2GHZ, &val); 1900 if (sc->mac_ver >= 0x3070) { 1901 if (sc->mac_ver == 0x3593) { 1902 sc->txmixgain_2ghz = 0; 1903 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1904 } else { 1905 /* 1906 * On RT3070 chips (limited to 2 Rx chains), this ROM 1907 * field contains the Tx mixer gain for the 2GHz band. 1908 */ 1909 if ((val & 0xff) != 0xff) 1910 sc->txmixgain_2ghz = val & 0x7; 1911 } 1912 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1913 } else 1914 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1915 if (sc->mac_ver == 0x3593) 1916 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1917 sc->lna[2] = val >> 8; /* channel group 2 */ 1918 1919 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1920 RT3593_EEPROM_RSSI1_5GHZ, &val); 1921 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1922 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1923 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1924 RT3593_EEPROM_RSSI2_5GHZ, &val); 1925 if (sc->mac_ver == 0x3572) { 1926 /* 1927 * On RT3572 chips (limited to 2 Rx chains), this ROM 1928 * field contains the Tx mixer gain for the 5GHz band. 1929 */ 1930 if ((val & 0xff) != 0xff) 1931 sc->txmixgain_5ghz = val & 0x7; 1932 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1933 } else 1934 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1935 if (sc->mac_ver == 0x3593) { 1936 sc->txmixgain_5ghz = 0; 1937 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1938 } 1939 sc->lna[3] = val >> 8; /* channel group 3 */ 1940 1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1942 RT3593_EEPROM_LNA, &val); 1943 sc->lna[0] = val & 0xff; /* channel group 0 */ 1944 sc->lna[1] = val >> 8; /* channel group 1 */ 1945 1946 /* fix broken 5GHz LNA entries */ 1947 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1948 DPRINTF("invalid LNA for channel group %d\n", 2); 1949 sc->lna[2] = sc->lna[1]; 1950 } 1951 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1952 DPRINTF("invalid LNA for channel group %d\n", 3); 1953 sc->lna[3] = sc->lna[1]; 1954 } 1955 1956 /* fix broken RSSI offset entries */ 1957 for (ant = 0; ant < 3; ant++) { 1958 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1959 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1960 ant + 1, sc->rssi_2ghz[ant]); 1961 sc->rssi_2ghz[ant] = 0; 1962 } 1963 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1964 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1965 ant + 1, sc->rssi_5ghz[ant]); 1966 sc->rssi_5ghz[ant] = 0; 1967 } 1968 } 1969 return (0); 1970 } 1971 1972 static struct ieee80211_node * 1973 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1974 { 1975 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1976 } 1977 1978 static int 1979 run_media_change(struct ifnet *ifp) 1980 { 1981 struct ieee80211vap *vap = ifp->if_softc; 1982 struct ieee80211com *ic = vap->iv_ic; 1983 const struct ieee80211_txparam *tp; 1984 struct run_softc *sc = ic->ic_softc; 1985 uint8_t rate, ridx; 1986 int error; 1987 1988 RUN_LOCK(sc); 1989 1990 error = ieee80211_media_change(ifp); 1991 if (error != ENETRESET) { 1992 RUN_UNLOCK(sc); 1993 return (error); 1994 } 1995 1996 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1997 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1998 struct ieee80211_node *ni; 1999 struct run_node *rn; 2000 2001 rate = ic->ic_sup_rates[ic->ic_curmode]. 2002 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2003 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2004 if (rt2860_rates[ridx].rate == rate) 2005 break; 2006 ni = ieee80211_ref_node(vap->iv_bss); 2007 rn = RUN_NODE(ni); 2008 rn->fix_ridx = ridx; 2009 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2010 ieee80211_free_node(ni); 2011 } 2012 2013 #if 0 2014 if ((ifp->if_flags & IFF_UP) && 2015 (ifp->if_drv_flags & RUN_RUNNING)){ 2016 run_init_locked(sc); 2017 } 2018 #endif 2019 2020 RUN_UNLOCK(sc); 2021 2022 return (0); 2023 } 2024 2025 static int 2026 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2027 { 2028 const struct ieee80211_txparam *tp; 2029 struct ieee80211com *ic = vap->iv_ic; 2030 struct run_softc *sc = ic->ic_softc; 2031 struct run_vap *rvp = RUN_VAP(vap); 2032 enum ieee80211_state ostate; 2033 uint32_t sta[3]; 2034 uint32_t tmp; 2035 uint8_t ratectl; 2036 uint8_t restart_ratectl = 0; 2037 uint8_t bid = 1 << rvp->rvp_id; 2038 2039 ostate = vap->iv_state; 2040 DPRINTF("%s -> %s\n", 2041 ieee80211_state_name[ostate], 2042 ieee80211_state_name[nstate]); 2043 2044 IEEE80211_UNLOCK(ic); 2045 RUN_LOCK(sc); 2046 2047 ratectl = sc->ratectl_run; /* remember current state */ 2048 sc->ratectl_run = RUN_RATECTL_OFF; 2049 usb_callout_stop(&sc->ratectl_ch); 2050 2051 if (ostate == IEEE80211_S_RUN) { 2052 /* turn link LED off */ 2053 run_set_leds(sc, RT2860_LED_RADIO); 2054 } 2055 2056 switch (nstate) { 2057 case IEEE80211_S_INIT: 2058 restart_ratectl = 1; 2059 2060 if (ostate != IEEE80211_S_RUN) 2061 break; 2062 2063 ratectl &= ~bid; 2064 sc->runbmap &= ~bid; 2065 2066 /* abort TSF synchronization if there is no vap running */ 2067 if (--sc->running == 0) { 2068 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2069 run_write(sc, RT2860_BCN_TIME_CFG, 2070 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2071 RT2860_TBTT_TIMER_EN)); 2072 } 2073 break; 2074 2075 case IEEE80211_S_RUN: 2076 if (!(sc->runbmap & bid)) { 2077 if(sc->running++) 2078 restart_ratectl = 1; 2079 sc->runbmap |= bid; 2080 } 2081 2082 m_freem(rvp->beacon_mbuf); 2083 rvp->beacon_mbuf = NULL; 2084 2085 switch (vap->iv_opmode) { 2086 case IEEE80211_M_HOSTAP: 2087 case IEEE80211_M_MBSS: 2088 sc->ap_running |= bid; 2089 ic->ic_opmode = vap->iv_opmode; 2090 run_update_beacon_cb(vap); 2091 break; 2092 case IEEE80211_M_IBSS: 2093 sc->adhoc_running |= bid; 2094 if (!sc->ap_running) 2095 ic->ic_opmode = vap->iv_opmode; 2096 run_update_beacon_cb(vap); 2097 break; 2098 case IEEE80211_M_STA: 2099 sc->sta_running |= bid; 2100 if (!sc->ap_running && !sc->adhoc_running) 2101 ic->ic_opmode = vap->iv_opmode; 2102 2103 /* read statistic counters (clear on read) */ 2104 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2105 (uint8_t *)sta, sizeof sta); 2106 2107 break; 2108 default: 2109 ic->ic_opmode = vap->iv_opmode; 2110 break; 2111 } 2112 2113 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2114 struct ieee80211_node *ni; 2115 2116 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2117 RUN_UNLOCK(sc); 2118 IEEE80211_LOCK(ic); 2119 return (-1); 2120 } 2121 run_updateslot(ic); 2122 run_enable_mrr(sc); 2123 run_set_txpreamble(sc); 2124 run_set_basicrates(sc); 2125 ni = ieee80211_ref_node(vap->iv_bss); 2126 IEEE80211_ADDR_COPY(ic->ic_macaddr, ni->ni_bssid); 2127 run_set_bssid(sc, ni->ni_bssid); 2128 ieee80211_free_node(ni); 2129 run_enable_tsf_sync(sc); 2130 2131 /* enable automatic rate adaptation */ 2132 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2133 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2134 ratectl |= bid; 2135 } else 2136 run_enable_tsf(sc); 2137 2138 /* turn link LED on */ 2139 run_set_leds(sc, RT2860_LED_RADIO | 2140 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2141 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2142 2143 break; 2144 default: 2145 DPRINTFN(6, "undefined case\n"); 2146 break; 2147 } 2148 2149 /* restart amrr for running VAPs */ 2150 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2151 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2152 2153 RUN_UNLOCK(sc); 2154 IEEE80211_LOCK(ic); 2155 2156 return(rvp->newstate(vap, nstate, arg)); 2157 } 2158 2159 /* ARGSUSED */ 2160 static void 2161 run_wme_update_cb(void *arg) 2162 { 2163 struct ieee80211com *ic = arg; 2164 struct run_softc *sc = ic->ic_softc; 2165 const struct wmeParams (*ac)[WME_NUM_AC] = 2166 &ic->ic_wme.wme_chanParams.cap_wmeParams; 2167 int aci, error = 0; 2168 2169 RUN_LOCK_ASSERT(sc, MA_OWNED); 2170 2171 /* update MAC TX configuration registers */ 2172 for (aci = 0; aci < WME_NUM_AC; aci++) { 2173 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2174 ac[aci]->wmep_logcwmax << 16 | 2175 ac[aci]->wmep_logcwmin << 12 | 2176 ac[aci]->wmep_aifsn << 8 | 2177 ac[aci]->wmep_txopLimit); 2178 if (error) goto err; 2179 } 2180 2181 /* update SCH/DMA registers too */ 2182 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2183 ac[WME_AC_VO]->wmep_aifsn << 12 | 2184 ac[WME_AC_VI]->wmep_aifsn << 8 | 2185 ac[WME_AC_BK]->wmep_aifsn << 4 | 2186 ac[WME_AC_BE]->wmep_aifsn); 2187 if (error) goto err; 2188 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2189 ac[WME_AC_VO]->wmep_logcwmin << 12 | 2190 ac[WME_AC_VI]->wmep_logcwmin << 8 | 2191 ac[WME_AC_BK]->wmep_logcwmin << 4 | 2192 ac[WME_AC_BE]->wmep_logcwmin); 2193 if (error) goto err; 2194 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2195 ac[WME_AC_VO]->wmep_logcwmax << 12 | 2196 ac[WME_AC_VI]->wmep_logcwmax << 8 | 2197 ac[WME_AC_BK]->wmep_logcwmax << 4 | 2198 ac[WME_AC_BE]->wmep_logcwmax); 2199 if (error) goto err; 2200 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2201 ac[WME_AC_BK]->wmep_txopLimit << 16 | 2202 ac[WME_AC_BE]->wmep_txopLimit); 2203 if (error) goto err; 2204 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2205 ac[WME_AC_VO]->wmep_txopLimit << 16 | 2206 ac[WME_AC_VI]->wmep_txopLimit); 2207 2208 err: 2209 if (error) 2210 DPRINTF("WME update failed\n"); 2211 2212 return; 2213 } 2214 2215 static int 2216 run_wme_update(struct ieee80211com *ic) 2217 { 2218 struct run_softc *sc = ic->ic_softc; 2219 2220 /* sometime called wothout lock */ 2221 if (mtx_owned(&ic->ic_comlock.mtx)) { 2222 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2223 DPRINTF("cmdq_store=%d\n", i); 2224 sc->cmdq[i].func = run_wme_update_cb; 2225 sc->cmdq[i].arg0 = ic; 2226 ieee80211_runtask(ic, &sc->cmdq_task); 2227 return (0); 2228 } 2229 2230 RUN_LOCK(sc); 2231 run_wme_update_cb(ic); 2232 RUN_UNLOCK(sc); 2233 2234 /* return whatever, upper layer doesn't care anyway */ 2235 return (0); 2236 } 2237 2238 static void 2239 run_key_set_cb(void *arg) 2240 { 2241 struct run_cmdq *cmdq = arg; 2242 struct ieee80211vap *vap = cmdq->arg1; 2243 struct ieee80211_key *k = cmdq->k; 2244 struct ieee80211com *ic = vap->iv_ic; 2245 struct run_softc *sc = ic->ic_softc; 2246 struct ieee80211_node *ni; 2247 u_int cipher = k->wk_cipher->ic_cipher; 2248 uint32_t attr; 2249 uint16_t base, associd; 2250 uint8_t mode, wcid, iv[8]; 2251 2252 RUN_LOCK_ASSERT(sc, MA_OWNED); 2253 2254 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2255 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2256 else 2257 ni = vap->iv_bss; 2258 associd = (ni != NULL) ? ni->ni_associd : 0; 2259 2260 /* map net80211 cipher to RT2860 security mode */ 2261 switch (cipher) { 2262 case IEEE80211_CIPHER_WEP: 2263 if(k->wk_keylen < 8) 2264 mode = RT2860_MODE_WEP40; 2265 else 2266 mode = RT2860_MODE_WEP104; 2267 break; 2268 case IEEE80211_CIPHER_TKIP: 2269 mode = RT2860_MODE_TKIP; 2270 break; 2271 case IEEE80211_CIPHER_AES_CCM: 2272 mode = RT2860_MODE_AES_CCMP; 2273 break; 2274 default: 2275 DPRINTF("undefined case\n"); 2276 return; 2277 } 2278 2279 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2280 associd, k->wk_keyix, mode, 2281 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2282 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2283 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2284 2285 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2286 wcid = 0; /* NB: update WCID0 for group keys */ 2287 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2288 } else { 2289 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2290 1 : RUN_AID2WCID(associd); 2291 base = RT2860_PKEY(wcid); 2292 } 2293 2294 if (cipher == IEEE80211_CIPHER_TKIP) { 2295 if(run_write_region_1(sc, base, k->wk_key, 16)) 2296 return; 2297 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2298 return; 2299 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2300 return; 2301 } else { 2302 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2303 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2304 return; 2305 } 2306 2307 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2308 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2309 /* set initial packet number in IV+EIV */ 2310 if (cipher == IEEE80211_CIPHER_WEP) { 2311 memset(iv, 0, sizeof iv); 2312 iv[3] = vap->iv_def_txkey << 6; 2313 } else { 2314 if (cipher == IEEE80211_CIPHER_TKIP) { 2315 iv[0] = k->wk_keytsc >> 8; 2316 iv[1] = (iv[0] | 0x20) & 0x7f; 2317 iv[2] = k->wk_keytsc; 2318 } else /* CCMP */ { 2319 iv[0] = k->wk_keytsc; 2320 iv[1] = k->wk_keytsc >> 8; 2321 iv[2] = 0; 2322 } 2323 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2324 iv[4] = k->wk_keytsc >> 16; 2325 iv[5] = k->wk_keytsc >> 24; 2326 iv[6] = k->wk_keytsc >> 32; 2327 iv[7] = k->wk_keytsc >> 40; 2328 } 2329 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2330 return; 2331 } 2332 2333 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2334 /* install group key */ 2335 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2336 return; 2337 attr &= ~(0xf << (k->wk_keyix * 4)); 2338 attr |= mode << (k->wk_keyix * 4); 2339 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2340 return; 2341 } else { 2342 /* install pairwise key */ 2343 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2344 return; 2345 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2346 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2347 return; 2348 } 2349 2350 /* TODO create a pass-thru key entry? */ 2351 2352 /* need wcid to delete the right key later */ 2353 k->wk_pad = wcid; 2354 } 2355 2356 /* 2357 * Don't have to be deferred, but in order to keep order of 2358 * execution, i.e. with run_key_delete(), defer this and let 2359 * run_cmdq_cb() maintain the order. 2360 * 2361 * return 0 on error 2362 */ 2363 static int 2364 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2365 { 2366 struct ieee80211com *ic = vap->iv_ic; 2367 struct run_softc *sc = ic->ic_softc; 2368 uint32_t i; 2369 2370 i = RUN_CMDQ_GET(&sc->cmdq_store); 2371 DPRINTF("cmdq_store=%d\n", i); 2372 sc->cmdq[i].func = run_key_set_cb; 2373 sc->cmdq[i].arg0 = NULL; 2374 sc->cmdq[i].arg1 = vap; 2375 sc->cmdq[i].k = k; 2376 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2377 ieee80211_runtask(ic, &sc->cmdq_task); 2378 2379 /* 2380 * To make sure key will be set when hostapd 2381 * calls iv_key_set() before if_init(). 2382 */ 2383 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2384 RUN_LOCK(sc); 2385 sc->cmdq_key_set = RUN_CMDQ_GO; 2386 RUN_UNLOCK(sc); 2387 } 2388 2389 return (1); 2390 } 2391 2392 /* 2393 * If wlan is destroyed without being brought down i.e. without 2394 * wlan down or wpa_cli terminate, this function is called after 2395 * vap is gone. Don't refer it. 2396 */ 2397 static void 2398 run_key_delete_cb(void *arg) 2399 { 2400 struct run_cmdq *cmdq = arg; 2401 struct run_softc *sc = cmdq->arg1; 2402 struct ieee80211_key *k = &cmdq->key; 2403 uint32_t attr; 2404 uint8_t wcid; 2405 2406 RUN_LOCK_ASSERT(sc, MA_OWNED); 2407 2408 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2409 /* remove group key */ 2410 DPRINTF("removing group key\n"); 2411 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2412 attr &= ~(0xf << (k->wk_keyix * 4)); 2413 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2414 } else { 2415 /* remove pairwise key */ 2416 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2417 /* matching wcid was written to wk_pad in run_key_set() */ 2418 wcid = k->wk_pad; 2419 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2420 attr &= ~0xf; 2421 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2422 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2423 } 2424 2425 k->wk_pad = 0; 2426 } 2427 2428 /* 2429 * return 0 on error 2430 */ 2431 static int 2432 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2433 { 2434 struct ieee80211com *ic = vap->iv_ic; 2435 struct run_softc *sc = ic->ic_softc; 2436 struct ieee80211_key *k0; 2437 uint32_t i; 2438 2439 /* 2440 * When called back, key might be gone. So, make a copy 2441 * of some values need to delete keys before deferring. 2442 * But, because of LOR with node lock, cannot use lock here. 2443 * So, use atomic instead. 2444 */ 2445 i = RUN_CMDQ_GET(&sc->cmdq_store); 2446 DPRINTF("cmdq_store=%d\n", i); 2447 sc->cmdq[i].func = run_key_delete_cb; 2448 sc->cmdq[i].arg0 = NULL; 2449 sc->cmdq[i].arg1 = sc; 2450 k0 = &sc->cmdq[i].key; 2451 k0->wk_flags = k->wk_flags; 2452 k0->wk_keyix = k->wk_keyix; 2453 /* matching wcid was written to wk_pad in run_key_set() */ 2454 k0->wk_pad = k->wk_pad; 2455 ieee80211_runtask(ic, &sc->cmdq_task); 2456 return (1); /* return fake success */ 2457 2458 } 2459 2460 static void 2461 run_ratectl_to(void *arg) 2462 { 2463 struct run_softc *sc = arg; 2464 2465 /* do it in a process context, so it can go sleep */ 2466 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2467 /* next timeout will be rescheduled in the callback task */ 2468 } 2469 2470 /* ARGSUSED */ 2471 static void 2472 run_ratectl_cb(void *arg, int pending) 2473 { 2474 struct run_softc *sc = arg; 2475 struct ieee80211com *ic = &sc->sc_ic; 2476 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2477 2478 if (vap == NULL) 2479 return; 2480 2481 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2482 /* 2483 * run_reset_livelock() doesn't do anything with AMRR, 2484 * but Ralink wants us to call it every 1 sec. So, we 2485 * piggyback here rather than creating another callout. 2486 * Livelock may occur only in HOSTAP or IBSS mode 2487 * (when h/w is sending beacons). 2488 */ 2489 RUN_LOCK(sc); 2490 run_reset_livelock(sc); 2491 /* just in case, there are some stats to drain */ 2492 run_drain_fifo(sc); 2493 RUN_UNLOCK(sc); 2494 } 2495 2496 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2497 2498 RUN_LOCK(sc); 2499 if(sc->ratectl_run != RUN_RATECTL_OFF) 2500 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2501 RUN_UNLOCK(sc); 2502 } 2503 2504 static void 2505 run_drain_fifo(void *arg) 2506 { 2507 struct run_softc *sc = arg; 2508 uint32_t stat; 2509 uint16_t (*wstat)[3]; 2510 uint8_t wcid, mcs, pid; 2511 int8_t retry; 2512 2513 RUN_LOCK_ASSERT(sc, MA_OWNED); 2514 2515 for (;;) { 2516 /* drain Tx status FIFO (maxsize = 16) */ 2517 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2518 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2519 if (!(stat & RT2860_TXQ_VLD)) 2520 break; 2521 2522 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2523 2524 /* if no ACK was requested, no feedback is available */ 2525 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2526 wcid == 0) 2527 continue; 2528 2529 /* 2530 * Even though each stat is Tx-complete-status like format, 2531 * the device can poll stats. Because there is no guarantee 2532 * that the referring node is still around when read the stats. 2533 * So that, if we use ieee80211_ratectl_tx_update(), we will 2534 * have hard time not to refer already freed node. 2535 * 2536 * To eliminate such page faults, we poll stats in softc. 2537 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2538 */ 2539 wstat = &(sc->wcid_stats[wcid]); 2540 (*wstat)[RUN_TXCNT]++; 2541 if (stat & RT2860_TXQ_OK) 2542 (*wstat)[RUN_SUCCESS]++; 2543 else 2544 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2545 /* 2546 * Check if there were retries, ie if the Tx success rate is 2547 * different from the requested rate. Note that it works only 2548 * because we do not allow rate fallback from OFDM to CCK. 2549 */ 2550 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2551 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2552 if ((retry = pid -1 - mcs) > 0) { 2553 (*wstat)[RUN_TXCNT] += retry; 2554 (*wstat)[RUN_RETRY] += retry; 2555 } 2556 } 2557 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2558 2559 sc->fifo_cnt = 0; 2560 } 2561 2562 static void 2563 run_iter_func(void *arg, struct ieee80211_node *ni) 2564 { 2565 struct run_softc *sc = arg; 2566 struct ieee80211vap *vap = ni->ni_vap; 2567 struct run_node *rn = RUN_NODE(ni); 2568 union run_stats sta[2]; 2569 uint16_t (*wstat)[3]; 2570 int txcnt, success, retrycnt, error; 2571 2572 RUN_LOCK(sc); 2573 2574 /* Check for special case */ 2575 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2576 ni != vap->iv_bss) 2577 goto fail; 2578 2579 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2580 vap->iv_opmode == IEEE80211_M_STA)) { 2581 /* read statistic counters (clear on read) and update AMRR state */ 2582 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2583 sizeof sta); 2584 if (error != 0) 2585 goto fail; 2586 2587 /* count failed TX as errors */ 2588 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2589 le16toh(sta[0].error.fail)); 2590 2591 retrycnt = le16toh(sta[1].tx.retry); 2592 success = le16toh(sta[1].tx.success); 2593 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2594 2595 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2596 retrycnt, success, le16toh(sta[0].error.fail)); 2597 } else { 2598 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2599 2600 if (wstat == &(sc->wcid_stats[0]) || 2601 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2602 goto fail; 2603 2604 txcnt = (*wstat)[RUN_TXCNT]; 2605 success = (*wstat)[RUN_SUCCESS]; 2606 retrycnt = (*wstat)[RUN_RETRY]; 2607 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2608 retrycnt, txcnt, success); 2609 2610 memset(wstat, 0, sizeof(*wstat)); 2611 } 2612 2613 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2614 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2615 2616 fail: 2617 RUN_UNLOCK(sc); 2618 2619 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2620 } 2621 2622 static void 2623 run_newassoc_cb(void *arg) 2624 { 2625 struct run_cmdq *cmdq = arg; 2626 struct ieee80211_node *ni = cmdq->arg1; 2627 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2628 uint8_t wcid = cmdq->wcid; 2629 2630 RUN_LOCK_ASSERT(sc, MA_OWNED); 2631 2632 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2633 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2634 2635 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2636 } 2637 2638 static void 2639 run_newassoc(struct ieee80211_node *ni, int isnew) 2640 { 2641 struct run_node *rn = RUN_NODE(ni); 2642 struct ieee80211_rateset *rs = &ni->ni_rates; 2643 struct ieee80211vap *vap = ni->ni_vap; 2644 struct ieee80211com *ic = vap->iv_ic; 2645 struct run_softc *sc = ic->ic_softc; 2646 uint8_t rate; 2647 uint8_t ridx; 2648 uint8_t wcid; 2649 int i, j; 2650 2651 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2652 1 : RUN_AID2WCID(ni->ni_associd); 2653 2654 if (wcid > RT2870_WCID_MAX) { 2655 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2656 return; 2657 } 2658 2659 /* only interested in true associations */ 2660 if (isnew && ni->ni_associd != 0) { 2661 2662 /* 2663 * This function could is called though timeout function. 2664 * Need to defer. 2665 */ 2666 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2667 DPRINTF("cmdq_store=%d\n", cnt); 2668 sc->cmdq[cnt].func = run_newassoc_cb; 2669 sc->cmdq[cnt].arg0 = NULL; 2670 sc->cmdq[cnt].arg1 = ni; 2671 sc->cmdq[cnt].wcid = wcid; 2672 ieee80211_runtask(ic, &sc->cmdq_task); 2673 } 2674 2675 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2676 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2677 2678 for (i = 0; i < rs->rs_nrates; i++) { 2679 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2680 /* convert 802.11 rate to hardware rate index */ 2681 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2682 if (rt2860_rates[ridx].rate == rate) 2683 break; 2684 rn->ridx[i] = ridx; 2685 /* determine rate of control response frames */ 2686 for (j = i; j >= 0; j--) { 2687 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2688 rt2860_rates[rn->ridx[i]].phy == 2689 rt2860_rates[rn->ridx[j]].phy) 2690 break; 2691 } 2692 if (j >= 0) { 2693 rn->ctl_ridx[i] = rn->ridx[j]; 2694 } else { 2695 /* no basic rate found, use mandatory one */ 2696 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2697 } 2698 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2699 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2700 } 2701 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2702 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2703 if (rt2860_rates[ridx].rate == rate) 2704 break; 2705 rn->mgt_ridx = ridx; 2706 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2707 2708 RUN_LOCK(sc); 2709 if(sc->ratectl_run != RUN_RATECTL_OFF) 2710 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2711 RUN_UNLOCK(sc); 2712 } 2713 2714 /* 2715 * Return the Rx chain with the highest RSSI for a given frame. 2716 */ 2717 static __inline uint8_t 2718 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2719 { 2720 uint8_t rxchain = 0; 2721 2722 if (sc->nrxchains > 1) { 2723 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2724 rxchain = 1; 2725 if (sc->nrxchains > 2) 2726 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2727 rxchain = 2; 2728 } 2729 return (rxchain); 2730 } 2731 2732 static void 2733 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2734 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2735 { 2736 struct ieee80211vap *vap = ni->ni_vap; 2737 struct run_softc *sc = vap->iv_ic->ic_softc; 2738 struct run_vap *rvp = RUN_VAP(vap); 2739 uint64_t ni_tstamp, rx_tstamp; 2740 2741 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2742 2743 if (vap->iv_state == IEEE80211_S_RUN && 2744 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2745 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2746 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2747 RUN_LOCK(sc); 2748 run_get_tsf(sc, &rx_tstamp); 2749 RUN_UNLOCK(sc); 2750 rx_tstamp = le64toh(rx_tstamp); 2751 2752 if (ni_tstamp >= rx_tstamp) { 2753 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2754 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2755 (void) ieee80211_ibss_merge(ni); 2756 } 2757 } 2758 } 2759 2760 static void 2761 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2762 { 2763 struct ieee80211com *ic = &sc->sc_ic; 2764 struct ieee80211_frame *wh; 2765 struct ieee80211_node *ni; 2766 struct rt2870_rxd *rxd; 2767 struct rt2860_rxwi *rxwi; 2768 uint32_t flags; 2769 uint16_t len, rxwisize; 2770 uint8_t ant, rssi; 2771 int8_t nf; 2772 2773 rxwi = mtod(m, struct rt2860_rxwi *); 2774 len = le16toh(rxwi->len) & 0xfff; 2775 rxwisize = sizeof(struct rt2860_rxwi); 2776 if (sc->mac_ver == 0x5592) 2777 rxwisize += sizeof(uint64_t); 2778 else if (sc->mac_ver == 0x3593) 2779 rxwisize += sizeof(uint32_t); 2780 if (__predict_false(len > dmalen)) { 2781 m_freem(m); 2782 counter_u64_add(ic->ic_ierrors, 1); 2783 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2784 return; 2785 } 2786 /* Rx descriptor is located at the end */ 2787 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2788 flags = le32toh(rxd->flags); 2789 2790 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2791 m_freem(m); 2792 counter_u64_add(ic->ic_ierrors, 1); 2793 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2794 return; 2795 } 2796 2797 m->m_data += rxwisize; 2798 m->m_pkthdr.len = m->m_len -= rxwisize; 2799 2800 wh = mtod(m, struct ieee80211_frame *); 2801 2802 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2803 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2804 m->m_flags |= M_WEP; 2805 } 2806 2807 if (flags & RT2860_RX_L2PAD) { 2808 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2809 len += 2; 2810 } 2811 2812 ni = ieee80211_find_rxnode(ic, 2813 mtod(m, struct ieee80211_frame_min *)); 2814 2815 if (__predict_false(flags & RT2860_RX_MICERR)) { 2816 /* report MIC failures to net80211 for TKIP */ 2817 if (ni != NULL) 2818 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2819 rxwi->keyidx); 2820 m_freem(m); 2821 counter_u64_add(ic->ic_ierrors, 1); 2822 DPRINTF("MIC error. Someone is lying.\n"); 2823 return; 2824 } 2825 2826 ant = run_maxrssi_chain(sc, rxwi); 2827 rssi = rxwi->rssi[ant]; 2828 nf = run_rssi2dbm(sc, rssi, ant); 2829 2830 m->m_pkthdr.len = m->m_len = len; 2831 2832 if (ni != NULL) { 2833 (void)ieee80211_input(ni, m, rssi, nf); 2834 ieee80211_free_node(ni); 2835 } else { 2836 (void)ieee80211_input_all(ic, m, rssi, nf); 2837 } 2838 2839 if (__predict_false(ieee80211_radiotap_active(ic))) { 2840 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2841 uint16_t phy; 2842 2843 tap->wr_flags = 0; 2844 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2845 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2846 tap->wr_antsignal = rssi; 2847 tap->wr_antenna = ant; 2848 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2849 tap->wr_rate = 2; /* in case it can't be found below */ 2850 run_get_tsf(sc, &tap->wr_tsf); 2851 phy = le16toh(rxwi->phy); 2852 switch (phy & RT2860_PHY_MODE) { 2853 case RT2860_PHY_CCK: 2854 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2855 case 0: tap->wr_rate = 2; break; 2856 case 1: tap->wr_rate = 4; break; 2857 case 2: tap->wr_rate = 11; break; 2858 case 3: tap->wr_rate = 22; break; 2859 } 2860 if (phy & RT2860_PHY_SHPRE) 2861 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2862 break; 2863 case RT2860_PHY_OFDM: 2864 switch (phy & RT2860_PHY_MCS) { 2865 case 0: tap->wr_rate = 12; break; 2866 case 1: tap->wr_rate = 18; break; 2867 case 2: tap->wr_rate = 24; break; 2868 case 3: tap->wr_rate = 36; break; 2869 case 4: tap->wr_rate = 48; break; 2870 case 5: tap->wr_rate = 72; break; 2871 case 6: tap->wr_rate = 96; break; 2872 case 7: tap->wr_rate = 108; break; 2873 } 2874 break; 2875 } 2876 } 2877 } 2878 2879 static void 2880 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2881 { 2882 struct run_softc *sc = usbd_xfer_softc(xfer); 2883 struct ieee80211com *ic = &sc->sc_ic; 2884 struct mbuf *m = NULL; 2885 struct mbuf *m0; 2886 uint32_t dmalen; 2887 uint16_t rxwisize; 2888 int xferlen; 2889 2890 rxwisize = sizeof(struct rt2860_rxwi); 2891 if (sc->mac_ver == 0x5592) 2892 rxwisize += sizeof(uint64_t); 2893 else if (sc->mac_ver == 0x3593) 2894 rxwisize += sizeof(uint32_t); 2895 2896 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2897 2898 switch (USB_GET_STATE(xfer)) { 2899 case USB_ST_TRANSFERRED: 2900 2901 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2902 2903 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2904 sizeof(struct rt2870_rxd))) { 2905 DPRINTF("xfer too short %d\n", xferlen); 2906 goto tr_setup; 2907 } 2908 2909 m = sc->rx_m; 2910 sc->rx_m = NULL; 2911 2912 /* FALLTHROUGH */ 2913 case USB_ST_SETUP: 2914 tr_setup: 2915 if (sc->rx_m == NULL) { 2916 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2917 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2918 } 2919 if (sc->rx_m == NULL) { 2920 DPRINTF("could not allocate mbuf - idle with stall\n"); 2921 counter_u64_add(ic->ic_ierrors, 1); 2922 usbd_xfer_set_stall(xfer); 2923 usbd_xfer_set_frames(xfer, 0); 2924 } else { 2925 /* 2926 * Directly loading a mbuf cluster into DMA to 2927 * save some data copying. This works because 2928 * there is only one cluster. 2929 */ 2930 usbd_xfer_set_frame_data(xfer, 0, 2931 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2932 usbd_xfer_set_frames(xfer, 1); 2933 } 2934 usbd_transfer_submit(xfer); 2935 break; 2936 2937 default: /* Error */ 2938 if (error != USB_ERR_CANCELLED) { 2939 /* try to clear stall first */ 2940 usbd_xfer_set_stall(xfer); 2941 if (error == USB_ERR_TIMEOUT) 2942 device_printf(sc->sc_dev, "device timeout\n"); 2943 counter_u64_add(ic->ic_ierrors, 1); 2944 goto tr_setup; 2945 } 2946 if (sc->rx_m != NULL) { 2947 m_freem(sc->rx_m); 2948 sc->rx_m = NULL; 2949 } 2950 break; 2951 } 2952 2953 if (m == NULL) 2954 return; 2955 2956 /* inputting all the frames must be last */ 2957 2958 RUN_UNLOCK(sc); 2959 2960 m->m_pkthdr.len = m->m_len = xferlen; 2961 2962 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2963 for(;;) { 2964 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2965 2966 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2967 ((dmalen & 3) != 0)) { 2968 DPRINTF("bad DMA length %u\n", dmalen); 2969 break; 2970 } 2971 if ((dmalen + 8) > (uint32_t)xferlen) { 2972 DPRINTF("bad DMA length %u > %d\n", 2973 dmalen + 8, xferlen); 2974 break; 2975 } 2976 2977 /* If it is the last one or a single frame, we won't copy. */ 2978 if ((xferlen -= dmalen + 8) <= 8) { 2979 /* trim 32-bit DMA-len header */ 2980 m->m_data += 4; 2981 m->m_pkthdr.len = m->m_len -= 4; 2982 run_rx_frame(sc, m, dmalen); 2983 m = NULL; /* don't free source buffer */ 2984 break; 2985 } 2986 2987 /* copy aggregated frames to another mbuf */ 2988 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2989 if (__predict_false(m0 == NULL)) { 2990 DPRINTF("could not allocate mbuf\n"); 2991 counter_u64_add(ic->ic_ierrors, 1); 2992 break; 2993 } 2994 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2995 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2996 m0->m_pkthdr.len = m0->m_len = 2997 dmalen + sizeof(struct rt2870_rxd); 2998 run_rx_frame(sc, m0, dmalen); 2999 3000 /* update data ptr */ 3001 m->m_data += dmalen + 8; 3002 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3003 } 3004 3005 /* make sure we free the source buffer, if any */ 3006 m_freem(m); 3007 3008 RUN_LOCK(sc); 3009 } 3010 3011 static void 3012 run_tx_free(struct run_endpoint_queue *pq, 3013 struct run_tx_data *data, int txerr) 3014 { 3015 if (data->m != NULL) { 3016 if (data->m->m_flags & M_TXCB) 3017 ieee80211_process_callback(data->ni, data->m, 3018 txerr ? ETIMEDOUT : 0); 3019 m_freem(data->m); 3020 data->m = NULL; 3021 3022 if (data->ni == NULL) { 3023 DPRINTF("no node\n"); 3024 } else { 3025 ieee80211_free_node(data->ni); 3026 data->ni = NULL; 3027 } 3028 } 3029 3030 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3031 pq->tx_nfree++; 3032 } 3033 3034 static void 3035 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3036 { 3037 struct run_softc *sc = usbd_xfer_softc(xfer); 3038 struct ieee80211com *ic = &sc->sc_ic; 3039 struct run_tx_data *data; 3040 struct ieee80211vap *vap = NULL; 3041 struct usb_page_cache *pc; 3042 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3043 struct mbuf *m; 3044 usb_frlength_t size; 3045 int actlen; 3046 int sumlen; 3047 3048 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3049 3050 switch (USB_GET_STATE(xfer)) { 3051 case USB_ST_TRANSFERRED: 3052 DPRINTFN(11, "transfer complete: %d " 3053 "bytes @ index %d\n", actlen, index); 3054 3055 data = usbd_xfer_get_priv(xfer); 3056 run_tx_free(pq, data, 0); 3057 usbd_xfer_set_priv(xfer, NULL); 3058 3059 /* FALLTHROUGH */ 3060 case USB_ST_SETUP: 3061 tr_setup: 3062 data = STAILQ_FIRST(&pq->tx_qh); 3063 if (data == NULL) 3064 break; 3065 3066 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3067 3068 m = data->m; 3069 size = (sc->mac_ver == 0x5592) ? 3070 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3071 if ((m->m_pkthdr.len + 3072 size + 3 + 8) > RUN_MAX_TXSZ) { 3073 DPRINTF("data overflow, %u bytes\n", 3074 m->m_pkthdr.len); 3075 run_tx_free(pq, data, 1); 3076 goto tr_setup; 3077 } 3078 3079 pc = usbd_xfer_get_frame(xfer, 0); 3080 usbd_copy_in(pc, 0, &data->desc, size); 3081 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3082 size += m->m_pkthdr.len; 3083 /* 3084 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3085 * 4-byte padding), and be sure to zero those trailing 3086 * bytes: 3087 */ 3088 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3089 size += ((-size) & 3) + 8; 3090 3091 vap = data->ni->ni_vap; 3092 if (ieee80211_radiotap_active_vap(vap)) { 3093 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3094 struct rt2860_txwi *txwi = 3095 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3096 tap->wt_flags = 0; 3097 tap->wt_rate = rt2860_rates[data->ridx].rate; 3098 run_get_tsf(sc, &tap->wt_tsf); 3099 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3100 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3101 tap->wt_hwqueue = index; 3102 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3103 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3104 3105 ieee80211_radiotap_tx(vap, m); 3106 } 3107 3108 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3109 m->m_pkthdr.len, size, index); 3110 3111 usbd_xfer_set_frame_len(xfer, 0, size); 3112 usbd_xfer_set_priv(xfer, data); 3113 usbd_transfer_submit(xfer); 3114 run_start(sc); 3115 3116 break; 3117 3118 default: 3119 DPRINTF("USB transfer error, %s\n", 3120 usbd_errstr(error)); 3121 3122 data = usbd_xfer_get_priv(xfer); 3123 3124 if (data != NULL) { 3125 if(data->ni != NULL) 3126 vap = data->ni->ni_vap; 3127 run_tx_free(pq, data, error); 3128 usbd_xfer_set_priv(xfer, NULL); 3129 } 3130 3131 if (vap == NULL) 3132 vap = TAILQ_FIRST(&ic->ic_vaps); 3133 3134 if (error != USB_ERR_CANCELLED) { 3135 if (error == USB_ERR_TIMEOUT) { 3136 device_printf(sc->sc_dev, "device timeout\n"); 3137 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3138 DPRINTF("cmdq_store=%d\n", i); 3139 sc->cmdq[i].func = run_usb_timeout_cb; 3140 sc->cmdq[i].arg0 = vap; 3141 ieee80211_runtask(ic, &sc->cmdq_task); 3142 } 3143 3144 /* 3145 * Try to clear stall first, also if other 3146 * errors occur, hence clearing stall 3147 * introduces a 50 ms delay: 3148 */ 3149 usbd_xfer_set_stall(xfer); 3150 goto tr_setup; 3151 } 3152 break; 3153 } 3154 } 3155 3156 static void 3157 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3158 { 3159 run_bulk_tx_callbackN(xfer, error, 0); 3160 } 3161 3162 static void 3163 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3164 { 3165 run_bulk_tx_callbackN(xfer, error, 1); 3166 } 3167 3168 static void 3169 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3170 { 3171 run_bulk_tx_callbackN(xfer, error, 2); 3172 } 3173 3174 static void 3175 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3176 { 3177 run_bulk_tx_callbackN(xfer, error, 3); 3178 } 3179 3180 static void 3181 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3182 { 3183 run_bulk_tx_callbackN(xfer, error, 4); 3184 } 3185 3186 static void 3187 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3188 { 3189 run_bulk_tx_callbackN(xfer, error, 5); 3190 } 3191 3192 static void 3193 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3194 { 3195 struct mbuf *m = data->m; 3196 struct ieee80211com *ic = &sc->sc_ic; 3197 struct ieee80211vap *vap = data->ni->ni_vap; 3198 struct ieee80211_frame *wh; 3199 struct rt2870_txd *txd; 3200 struct rt2860_txwi *txwi; 3201 uint16_t xferlen, txwisize; 3202 uint16_t mcs; 3203 uint8_t ridx = data->ridx; 3204 uint8_t pad; 3205 3206 /* get MCS code from rate index */ 3207 mcs = rt2860_rates[ridx].mcs; 3208 3209 txwisize = (sc->mac_ver == 0x5592) ? 3210 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3211 xferlen = txwisize + m->m_pkthdr.len; 3212 3213 /* roundup to 32-bit alignment */ 3214 xferlen = (xferlen + 3) & ~3; 3215 3216 txd = (struct rt2870_txd *)&data->desc; 3217 txd->len = htole16(xferlen); 3218 3219 wh = mtod(m, struct ieee80211_frame *); 3220 3221 /* 3222 * Ether both are true or both are false, the header 3223 * are nicely aligned to 32-bit. So, no L2 padding. 3224 */ 3225 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3226 pad = 0; 3227 else 3228 pad = 2; 3229 3230 /* setup TX Wireless Information */ 3231 txwi = (struct rt2860_txwi *)(txd + 1); 3232 txwi->len = htole16(m->m_pkthdr.len - pad); 3233 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3234 mcs |= RT2860_PHY_CCK; 3235 if (ridx != RT2860_RIDX_CCK1 && 3236 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3237 mcs |= RT2860_PHY_SHPRE; 3238 } else 3239 mcs |= RT2860_PHY_OFDM; 3240 txwi->phy = htole16(mcs); 3241 3242 /* check if RTS/CTS or CTS-to-self protection is required */ 3243 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3244 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3245 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3246 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3247 txwi->txop |= RT2860_TX_TXOP_HT; 3248 else 3249 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3250 3251 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3252 txwi->xflags |= RT2860_TX_NSEQ; 3253 } 3254 3255 /* This function must be called locked */ 3256 static int 3257 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3258 { 3259 struct ieee80211com *ic = &sc->sc_ic; 3260 struct ieee80211vap *vap = ni->ni_vap; 3261 struct ieee80211_frame *wh; 3262 struct ieee80211_channel *chan; 3263 const struct ieee80211_txparam *tp; 3264 struct run_node *rn = RUN_NODE(ni); 3265 struct run_tx_data *data; 3266 struct rt2870_txd *txd; 3267 struct rt2860_txwi *txwi; 3268 uint16_t qos; 3269 uint16_t dur; 3270 uint16_t qid; 3271 uint8_t type; 3272 uint8_t tid; 3273 uint8_t ridx; 3274 uint8_t ctl_ridx; 3275 uint8_t qflags; 3276 uint8_t xflags = 0; 3277 int hasqos; 3278 3279 RUN_LOCK_ASSERT(sc, MA_OWNED); 3280 3281 wh = mtod(m, struct ieee80211_frame *); 3282 3283 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3284 3285 /* 3286 * There are 7 bulk endpoints: 1 for RX 3287 * and 6 for TX (4 EDCAs + HCCA + Prio). 3288 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3289 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3290 */ 3291 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3292 uint8_t *frm; 3293 3294 if(IEEE80211_HAS_ADDR4(wh)) 3295 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3296 else 3297 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3298 3299 qos = le16toh(*(const uint16_t *)frm); 3300 tid = qos & IEEE80211_QOS_TID; 3301 qid = TID_TO_WME_AC(tid); 3302 } else { 3303 qos = 0; 3304 tid = 0; 3305 qid = WME_AC_BE; 3306 } 3307 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3308 3309 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3310 qos, qid, tid, qflags); 3311 3312 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3313 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3314 3315 /* pickup a rate index */ 3316 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3317 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3318 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3319 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3320 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3321 } else { 3322 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3323 ridx = rn->fix_ridx; 3324 else 3325 ridx = rn->amrr_ridx; 3326 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3327 } 3328 3329 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3330 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3331 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3332 xflags |= RT2860_TX_ACK; 3333 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3334 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3335 else 3336 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3337 USETW(wh->i_dur, dur); 3338 } 3339 3340 /* reserve slots for mgmt packets, just in case */ 3341 if (sc->sc_epq[qid].tx_nfree < 3) { 3342 DPRINTFN(10, "tx ring %d is full\n", qid); 3343 return (-1); 3344 } 3345 3346 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3347 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3348 sc->sc_epq[qid].tx_nfree--; 3349 3350 txd = (struct rt2870_txd *)&data->desc; 3351 txd->flags = qflags; 3352 txwi = (struct rt2860_txwi *)(txd + 1); 3353 txwi->xflags = xflags; 3354 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3355 txwi->wcid = 0; 3356 else 3357 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3358 1 : RUN_AID2WCID(ni->ni_associd); 3359 3360 /* clear leftover garbage bits */ 3361 txwi->flags = 0; 3362 txwi->txop = 0; 3363 3364 data->m = m; 3365 data->ni = ni; 3366 data->ridx = ridx; 3367 3368 run_set_tx_desc(sc, data); 3369 3370 /* 3371 * The chip keeps track of 2 kind of Tx stats, 3372 * * TX_STAT_FIFO, for per WCID stats, and 3373 * * TX_STA_CNT0 for all-TX-in-one stats. 3374 * 3375 * To use FIFO stats, we need to store MCS into the driver-private 3376 * PacketID field. So that, we can tell whose stats when we read them. 3377 * We add 1 to the MCS because setting the PacketID field to 0 means 3378 * that we don't want feedback in TX_STAT_FIFO. 3379 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3380 * 3381 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3382 */ 3383 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3384 vap->iv_opmode == IEEE80211_M_MBSS) { 3385 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3386 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3387 3388 /* 3389 * Unlike PCI based devices, we don't get any interrupt from 3390 * USB devices, so we simulate FIFO-is-full interrupt here. 3391 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3392 * quickly get fulled. To prevent overflow, increment a counter on 3393 * every FIFO stat request, so we know how many slots are left. 3394 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3395 * are used only in those modes. 3396 * We just drain stats. AMRR gets updated every 1 sec by 3397 * run_ratectl_cb() via callout. 3398 * Call it early. Otherwise overflow. 3399 */ 3400 if (sc->fifo_cnt++ == 10) { 3401 /* 3402 * With multiple vaps or if_bridge, if_start() is called 3403 * with a non-sleepable lock, tcpinp. So, need to defer. 3404 */ 3405 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3406 DPRINTFN(6, "cmdq_store=%d\n", i); 3407 sc->cmdq[i].func = run_drain_fifo; 3408 sc->cmdq[i].arg0 = sc; 3409 ieee80211_runtask(ic, &sc->cmdq_task); 3410 } 3411 } 3412 3413 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3414 3415 usbd_transfer_start(sc->sc_xfer[qid]); 3416 3417 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3418 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3419 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3420 3421 return (0); 3422 } 3423 3424 static int 3425 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3426 { 3427 struct ieee80211com *ic = &sc->sc_ic; 3428 struct run_node *rn = RUN_NODE(ni); 3429 struct run_tx_data *data; 3430 struct ieee80211_frame *wh; 3431 struct rt2870_txd *txd; 3432 struct rt2860_txwi *txwi; 3433 uint16_t dur; 3434 uint8_t ridx = rn->mgt_ridx; 3435 uint8_t type; 3436 uint8_t xflags = 0; 3437 uint8_t wflags = 0; 3438 3439 RUN_LOCK_ASSERT(sc, MA_OWNED); 3440 3441 wh = mtod(m, struct ieee80211_frame *); 3442 3443 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3444 3445 /* tell hardware to add timestamp for probe responses */ 3446 if ((wh->i_fc[0] & 3447 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3448 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3449 wflags |= RT2860_TX_TS; 3450 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3451 xflags |= RT2860_TX_ACK; 3452 3453 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3454 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3455 USETW(wh->i_dur, dur); 3456 } 3457 3458 if (sc->sc_epq[0].tx_nfree == 0) 3459 /* let caller free mbuf */ 3460 return (EIO); 3461 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3462 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3463 sc->sc_epq[0].tx_nfree--; 3464 3465 txd = (struct rt2870_txd *)&data->desc; 3466 txd->flags = RT2860_TX_QSEL_EDCA; 3467 txwi = (struct rt2860_txwi *)(txd + 1); 3468 txwi->wcid = 0xff; 3469 txwi->flags = wflags; 3470 txwi->xflags = xflags; 3471 txwi->txop = 0; /* clear leftover garbage bits */ 3472 3473 data->m = m; 3474 data->ni = ni; 3475 data->ridx = ridx; 3476 3477 run_set_tx_desc(sc, data); 3478 3479 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3480 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3481 rt2860_rates[ridx].rate); 3482 3483 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3484 3485 usbd_transfer_start(sc->sc_xfer[0]); 3486 3487 return (0); 3488 } 3489 3490 static int 3491 run_sendprot(struct run_softc *sc, 3492 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3493 { 3494 struct ieee80211com *ic = ni->ni_ic; 3495 struct ieee80211_frame *wh; 3496 struct run_tx_data *data; 3497 struct rt2870_txd *txd; 3498 struct rt2860_txwi *txwi; 3499 struct mbuf *mprot; 3500 int ridx; 3501 int protrate; 3502 int ackrate; 3503 int pktlen; 3504 int isshort; 3505 uint16_t dur; 3506 uint8_t type; 3507 uint8_t wflags = 0; 3508 uint8_t xflags = 0; 3509 3510 RUN_LOCK_ASSERT(sc, MA_OWNED); 3511 3512 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3513 ("protection %d", prot)); 3514 3515 wh = mtod(m, struct ieee80211_frame *); 3516 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3517 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3518 3519 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3520 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3521 3522 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3523 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3524 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3525 wflags = RT2860_TX_FRAG; 3526 3527 /* check that there are free slots before allocating the mbuf */ 3528 if (sc->sc_epq[0].tx_nfree == 0) 3529 /* let caller free mbuf */ 3530 return (ENOBUFS); 3531 3532 if (prot == IEEE80211_PROT_RTSCTS) { 3533 /* NB: CTS is the same size as an ACK */ 3534 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3535 xflags |= RT2860_TX_ACK; 3536 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3537 } else { 3538 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3539 } 3540 if (mprot == NULL) { 3541 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3542 DPRINTF("could not allocate mbuf\n"); 3543 return (ENOBUFS); 3544 } 3545 3546 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3547 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3548 sc->sc_epq[0].tx_nfree--; 3549 3550 txd = (struct rt2870_txd *)&data->desc; 3551 txd->flags = RT2860_TX_QSEL_EDCA; 3552 txwi = (struct rt2860_txwi *)(txd + 1); 3553 txwi->wcid = 0xff; 3554 txwi->flags = wflags; 3555 txwi->xflags = xflags; 3556 txwi->txop = 0; /* clear leftover garbage bits */ 3557 3558 data->m = mprot; 3559 data->ni = ieee80211_ref_node(ni); 3560 3561 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3562 if (rt2860_rates[ridx].rate == protrate) 3563 break; 3564 data->ridx = ridx; 3565 3566 run_set_tx_desc(sc, data); 3567 3568 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3569 m->m_pkthdr.len, rate); 3570 3571 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3572 3573 usbd_transfer_start(sc->sc_xfer[0]); 3574 3575 return (0); 3576 } 3577 3578 static int 3579 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3580 const struct ieee80211_bpf_params *params) 3581 { 3582 struct ieee80211com *ic = ni->ni_ic; 3583 struct ieee80211_frame *wh; 3584 struct run_tx_data *data; 3585 struct rt2870_txd *txd; 3586 struct rt2860_txwi *txwi; 3587 uint8_t type; 3588 uint8_t ridx; 3589 uint8_t rate; 3590 uint8_t opflags = 0; 3591 uint8_t xflags = 0; 3592 int error; 3593 3594 RUN_LOCK_ASSERT(sc, MA_OWNED); 3595 3596 KASSERT(params != NULL, ("no raw xmit params")); 3597 3598 wh = mtod(m, struct ieee80211_frame *); 3599 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3600 3601 rate = params->ibp_rate0; 3602 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3603 /* let caller free mbuf */ 3604 return (EINVAL); 3605 } 3606 3607 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3608 xflags |= RT2860_TX_ACK; 3609 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3610 error = run_sendprot(sc, m, ni, 3611 params->ibp_flags & IEEE80211_BPF_RTS ? 3612 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3613 rate); 3614 if (error) { 3615 /* let caller free mbuf */ 3616 return error; 3617 } 3618 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3619 } 3620 3621 if (sc->sc_epq[0].tx_nfree == 0) { 3622 /* let caller free mbuf */ 3623 DPRINTF("sending raw frame, but tx ring is full\n"); 3624 return (EIO); 3625 } 3626 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3627 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3628 sc->sc_epq[0].tx_nfree--; 3629 3630 txd = (struct rt2870_txd *)&data->desc; 3631 txd->flags = RT2860_TX_QSEL_EDCA; 3632 txwi = (struct rt2860_txwi *)(txd + 1); 3633 txwi->wcid = 0xff; 3634 txwi->xflags = xflags; 3635 txwi->txop = opflags; 3636 txwi->flags = 0; /* clear leftover garbage bits */ 3637 3638 data->m = m; 3639 data->ni = ni; 3640 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3641 if (rt2860_rates[ridx].rate == rate) 3642 break; 3643 data->ridx = ridx; 3644 3645 run_set_tx_desc(sc, data); 3646 3647 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3648 m->m_pkthdr.len, rate); 3649 3650 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3651 3652 usbd_transfer_start(sc->sc_xfer[0]); 3653 3654 return (0); 3655 } 3656 3657 static int 3658 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3659 const struct ieee80211_bpf_params *params) 3660 { 3661 struct run_softc *sc = ni->ni_ic->ic_softc; 3662 int error = 0; 3663 3664 RUN_LOCK(sc); 3665 3666 /* prevent management frames from being sent if we're not ready */ 3667 if (!(sc->sc_flags & RUN_RUNNING)) { 3668 error = ENETDOWN; 3669 goto done; 3670 } 3671 3672 if (params == NULL) { 3673 /* tx mgt packet */ 3674 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3675 DPRINTF("mgt tx failed\n"); 3676 goto done; 3677 } 3678 } else { 3679 /* tx raw packet with param */ 3680 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3681 DPRINTF("tx with param failed\n"); 3682 goto done; 3683 } 3684 } 3685 3686 done: 3687 RUN_UNLOCK(sc); 3688 3689 if (error != 0) { 3690 if(m != NULL) 3691 m_freem(m); 3692 ieee80211_free_node(ni); 3693 } 3694 3695 return (error); 3696 } 3697 3698 static int 3699 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3700 { 3701 struct run_softc *sc = ic->ic_softc; 3702 int error; 3703 3704 RUN_LOCK(sc); 3705 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3706 RUN_UNLOCK(sc); 3707 return (ENXIO); 3708 } 3709 error = mbufq_enqueue(&sc->sc_snd, m); 3710 if (error) { 3711 RUN_UNLOCK(sc); 3712 return (error); 3713 } 3714 run_start(sc); 3715 RUN_UNLOCK(sc); 3716 3717 return (0); 3718 } 3719 3720 static void 3721 run_start(struct run_softc *sc) 3722 { 3723 struct ieee80211_node *ni; 3724 struct mbuf *m; 3725 3726 RUN_LOCK_ASSERT(sc, MA_OWNED); 3727 3728 if ((sc->sc_flags & RUN_RUNNING) == 0) 3729 return; 3730 3731 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3732 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3733 if (run_tx(sc, m, ni) != 0) { 3734 mbufq_prepend(&sc->sc_snd, m); 3735 break; 3736 } 3737 } 3738 } 3739 3740 static void 3741 run_parent(struct ieee80211com *ic) 3742 { 3743 struct run_softc *sc = ic->ic_softc; 3744 int startall = 0; 3745 3746 RUN_LOCK(sc); 3747 if (sc->sc_detached) { 3748 RUN_UNLOCK(sc); 3749 return; 3750 } 3751 3752 if (ic->ic_nrunning > 0) { 3753 if (!(sc->sc_flags & RUN_RUNNING)) { 3754 startall = 1; 3755 run_init_locked(sc); 3756 } else 3757 run_update_promisc_locked(sc); 3758 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3759 run_stop(sc); 3760 RUN_UNLOCK(sc); 3761 if (startall) 3762 ieee80211_start_all(ic); 3763 } 3764 3765 static void 3766 run_iq_calib(struct run_softc *sc, u_int chan) 3767 { 3768 uint16_t val; 3769 3770 /* Tx0 IQ gain. */ 3771 run_bbp_write(sc, 158, 0x2c); 3772 if (chan <= 14) 3773 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3774 else if (chan <= 64) { 3775 run_efuse_read(sc, 3776 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3777 &val, 1); 3778 } else if (chan <= 138) { 3779 run_efuse_read(sc, 3780 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3781 &val, 1); 3782 } else if (chan <= 165) { 3783 run_efuse_read(sc, 3784 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3785 &val, 1); 3786 } else 3787 val = 0; 3788 run_bbp_write(sc, 159, val); 3789 3790 /* Tx0 IQ phase. */ 3791 run_bbp_write(sc, 158, 0x2d); 3792 if (chan <= 14) { 3793 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3794 &val, 1); 3795 } else if (chan <= 64) { 3796 run_efuse_read(sc, 3797 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3798 &val, 1); 3799 } else if (chan <= 138) { 3800 run_efuse_read(sc, 3801 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3802 &val, 1); 3803 } else if (chan <= 165) { 3804 run_efuse_read(sc, 3805 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3806 &val, 1); 3807 } else 3808 val = 0; 3809 run_bbp_write(sc, 159, val); 3810 3811 /* Tx1 IQ gain. */ 3812 run_bbp_write(sc, 158, 0x4a); 3813 if (chan <= 14) { 3814 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3815 &val, 1); 3816 } else if (chan <= 64) { 3817 run_efuse_read(sc, 3818 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3819 &val, 1); 3820 } else if (chan <= 138) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3823 &val, 1); 3824 } else if (chan <= 165) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3827 &val, 1); 3828 } else 3829 val = 0; 3830 run_bbp_write(sc, 159, val); 3831 3832 /* Tx1 IQ phase. */ 3833 run_bbp_write(sc, 158, 0x4b); 3834 if (chan <= 14) { 3835 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3836 &val, 1); 3837 } else if (chan <= 64) { 3838 run_efuse_read(sc, 3839 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3840 &val, 1); 3841 } else if (chan <= 138) { 3842 run_efuse_read(sc, 3843 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3844 &val, 1); 3845 } else if (chan <= 165) { 3846 run_efuse_read(sc, 3847 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3848 &val, 1); 3849 } else 3850 val = 0; 3851 run_bbp_write(sc, 159, val); 3852 3853 /* RF IQ compensation control. */ 3854 run_bbp_write(sc, 158, 0x04); 3855 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3856 &val, 1); 3857 run_bbp_write(sc, 159, val); 3858 3859 /* RF IQ imbalance compensation control. */ 3860 run_bbp_write(sc, 158, 0x03); 3861 run_efuse_read(sc, 3862 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3863 run_bbp_write(sc, 159, val); 3864 } 3865 3866 static void 3867 run_set_agc(struct run_softc *sc, uint8_t agc) 3868 { 3869 uint8_t bbp; 3870 3871 if (sc->mac_ver == 0x3572) { 3872 run_bbp_read(sc, 27, &bbp); 3873 bbp &= ~(0x3 << 5); 3874 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3875 run_bbp_write(sc, 66, agc); 3876 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3877 run_bbp_write(sc, 66, agc); 3878 } else 3879 run_bbp_write(sc, 66, agc); 3880 } 3881 3882 static void 3883 run_select_chan_group(struct run_softc *sc, int group) 3884 { 3885 uint32_t tmp; 3886 uint8_t agc; 3887 3888 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3889 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3890 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3891 if (sc->mac_ver < 0x3572) 3892 run_bbp_write(sc, 86, 0x00); 3893 3894 if (sc->mac_ver == 0x3593) { 3895 run_bbp_write(sc, 77, 0x98); 3896 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3897 } 3898 3899 if (group == 0) { 3900 if (sc->ext_2ghz_lna) { 3901 if (sc->mac_ver >= 0x5390) 3902 run_bbp_write(sc, 75, 0x52); 3903 else { 3904 run_bbp_write(sc, 82, 0x62); 3905 run_bbp_write(sc, 75, 0x46); 3906 } 3907 } else { 3908 if (sc->mac_ver == 0x5592) { 3909 run_bbp_write(sc, 79, 0x1c); 3910 run_bbp_write(sc, 80, 0x0e); 3911 run_bbp_write(sc, 81, 0x3a); 3912 run_bbp_write(sc, 82, 0x62); 3913 3914 run_bbp_write(sc, 195, 0x80); 3915 run_bbp_write(sc, 196, 0xe0); 3916 run_bbp_write(sc, 195, 0x81); 3917 run_bbp_write(sc, 196, 0x1f); 3918 run_bbp_write(sc, 195, 0x82); 3919 run_bbp_write(sc, 196, 0x38); 3920 run_bbp_write(sc, 195, 0x83); 3921 run_bbp_write(sc, 196, 0x32); 3922 run_bbp_write(sc, 195, 0x85); 3923 run_bbp_write(sc, 196, 0x28); 3924 run_bbp_write(sc, 195, 0x86); 3925 run_bbp_write(sc, 196, 0x19); 3926 } else if (sc->mac_ver >= 0x5390) 3927 run_bbp_write(sc, 75, 0x50); 3928 else { 3929 run_bbp_write(sc, 82, 3930 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3931 run_bbp_write(sc, 75, 0x50); 3932 } 3933 } 3934 } else { 3935 if (sc->mac_ver == 0x5592) { 3936 run_bbp_write(sc, 79, 0x18); 3937 run_bbp_write(sc, 80, 0x08); 3938 run_bbp_write(sc, 81, 0x38); 3939 run_bbp_write(sc, 82, 0x92); 3940 3941 run_bbp_write(sc, 195, 0x80); 3942 run_bbp_write(sc, 196, 0xf0); 3943 run_bbp_write(sc, 195, 0x81); 3944 run_bbp_write(sc, 196, 0x1e); 3945 run_bbp_write(sc, 195, 0x82); 3946 run_bbp_write(sc, 196, 0x28); 3947 run_bbp_write(sc, 195, 0x83); 3948 run_bbp_write(sc, 196, 0x20); 3949 run_bbp_write(sc, 195, 0x85); 3950 run_bbp_write(sc, 196, 0x7f); 3951 run_bbp_write(sc, 195, 0x86); 3952 run_bbp_write(sc, 196, 0x7f); 3953 } else if (sc->mac_ver == 0x3572) 3954 run_bbp_write(sc, 82, 0x94); 3955 else 3956 run_bbp_write(sc, 82, 3957 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3958 if (sc->ext_5ghz_lna) 3959 run_bbp_write(sc, 75, 0x46); 3960 else 3961 run_bbp_write(sc, 75, 0x50); 3962 } 3963 3964 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3965 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3966 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3967 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3968 3969 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3970 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3971 if (sc->mac_ver == 0x3593) 3972 tmp |= 1 << 29 | 1 << 28; 3973 if (sc->nrxchains > 1) 3974 tmp |= RT2860_LNA_PE1_EN; 3975 if (group == 0) { /* 2GHz */ 3976 tmp |= RT2860_PA_PE_G0_EN; 3977 if (sc->ntxchains > 1) 3978 tmp |= RT2860_PA_PE_G1_EN; 3979 if (sc->mac_ver == 0x3593) { 3980 if (sc->ntxchains > 2) 3981 tmp |= 1 << 25; 3982 } 3983 } else { /* 5GHz */ 3984 tmp |= RT2860_PA_PE_A0_EN; 3985 if (sc->ntxchains > 1) 3986 tmp |= RT2860_PA_PE_A1_EN; 3987 } 3988 if (sc->mac_ver == 0x3572) { 3989 run_rt3070_rf_write(sc, 8, 0x00); 3990 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3991 run_rt3070_rf_write(sc, 8, 0x80); 3992 } else 3993 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3994 3995 if (sc->mac_ver == 0x5592) { 3996 run_bbp_write(sc, 195, 0x8d); 3997 run_bbp_write(sc, 196, 0x1a); 3998 } 3999 4000 if (sc->mac_ver == 0x3593) { 4001 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4002 tmp &= ~0x01010000; 4003 if (group == 0) 4004 tmp |= 0x00010000; 4005 tmp = (tmp & ~0x00009090) | 0x00000090; 4006 run_write(sc, RT2860_GPIO_CTRL, tmp); 4007 } 4008 4009 /* set initial AGC value */ 4010 if (group == 0) { /* 2GHz band */ 4011 if (sc->mac_ver >= 0x3070) 4012 agc = 0x1c + sc->lna[0] * 2; 4013 else 4014 agc = 0x2e + sc->lna[0]; 4015 } else { /* 5GHz band */ 4016 if (sc->mac_ver == 0x5592) 4017 agc = 0x24 + sc->lna[group] * 2; 4018 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4019 agc = 0x22 + (sc->lna[group] * 5) / 3; 4020 else 4021 agc = 0x32 + (sc->lna[group] * 5) / 3; 4022 } 4023 run_set_agc(sc, agc); 4024 } 4025 4026 static void 4027 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4028 { 4029 const struct rfprog *rfprog = rt2860_rf2850; 4030 uint32_t r2, r3, r4; 4031 int8_t txpow1, txpow2; 4032 int i; 4033 4034 /* find the settings for this channel (we know it exists) */ 4035 for (i = 0; rfprog[i].chan != chan; i++); 4036 4037 r2 = rfprog[i].r2; 4038 if (sc->ntxchains == 1) 4039 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4040 if (sc->nrxchains == 1) 4041 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4042 else if (sc->nrxchains == 2) 4043 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4044 4045 /* use Tx power values from EEPROM */ 4046 txpow1 = sc->txpow1[i]; 4047 txpow2 = sc->txpow2[i]; 4048 4049 /* Initialize RF R3 and R4. */ 4050 r3 = rfprog[i].r3 & 0xffffc1ff; 4051 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4052 if (chan > 14) { 4053 if (txpow1 >= 0) { 4054 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4055 r3 |= (txpow1 << 10) | (1 << 9); 4056 } else { 4057 txpow1 += 7; 4058 4059 /* txpow1 is not possible larger than 15. */ 4060 r3 |= (txpow1 << 10); 4061 } 4062 if (txpow2 >= 0) { 4063 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4064 r4 |= (txpow2 << 7) | (1 << 6); 4065 } else { 4066 txpow2 += 7; 4067 r4 |= (txpow2 << 7); 4068 } 4069 } else { 4070 /* Set Tx0 power. */ 4071 r3 |= (txpow1 << 9); 4072 4073 /* Set frequency offset and Tx1 power. */ 4074 r4 |= (txpow2 << 6); 4075 } 4076 4077 run_rt2870_rf_write(sc, rfprog[i].r1); 4078 run_rt2870_rf_write(sc, r2); 4079 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4080 run_rt2870_rf_write(sc, r4); 4081 4082 run_delay(sc, 10); 4083 4084 run_rt2870_rf_write(sc, rfprog[i].r1); 4085 run_rt2870_rf_write(sc, r2); 4086 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4087 run_rt2870_rf_write(sc, r4); 4088 4089 run_delay(sc, 10); 4090 4091 run_rt2870_rf_write(sc, rfprog[i].r1); 4092 run_rt2870_rf_write(sc, r2); 4093 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4094 run_rt2870_rf_write(sc, r4); 4095 } 4096 4097 static void 4098 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4099 { 4100 int8_t txpow1, txpow2; 4101 uint8_t rf; 4102 int i; 4103 4104 /* find the settings for this channel (we know it exists) */ 4105 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4106 4107 /* use Tx power values from EEPROM */ 4108 txpow1 = sc->txpow1[i]; 4109 txpow2 = sc->txpow2[i]; 4110 4111 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4112 4113 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4114 run_rt3070_rf_read(sc, 3, &rf); 4115 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4116 run_rt3070_rf_write(sc, 3, rf); 4117 4118 run_rt3070_rf_read(sc, 6, &rf); 4119 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4120 run_rt3070_rf_write(sc, 6, rf); 4121 4122 /* set Tx0 power */ 4123 run_rt3070_rf_read(sc, 12, &rf); 4124 rf = (rf & ~0x1f) | txpow1; 4125 run_rt3070_rf_write(sc, 12, rf); 4126 4127 /* set Tx1 power */ 4128 run_rt3070_rf_read(sc, 13, &rf); 4129 rf = (rf & ~0x1f) | txpow2; 4130 run_rt3070_rf_write(sc, 13, rf); 4131 4132 run_rt3070_rf_read(sc, 1, &rf); 4133 rf &= ~0xfc; 4134 if (sc->ntxchains == 1) 4135 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4136 else if (sc->ntxchains == 2) 4137 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4138 if (sc->nrxchains == 1) 4139 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4140 else if (sc->nrxchains == 2) 4141 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4142 run_rt3070_rf_write(sc, 1, rf); 4143 4144 /* set RF offset */ 4145 run_rt3070_rf_read(sc, 23, &rf); 4146 rf = (rf & ~0x7f) | sc->freq; 4147 run_rt3070_rf_write(sc, 23, rf); 4148 4149 /* program RF filter */ 4150 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4151 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4152 run_rt3070_rf_write(sc, 24, rf); 4153 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4154 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4155 run_rt3070_rf_write(sc, 31, rf); 4156 4157 /* enable RF tuning */ 4158 run_rt3070_rf_read(sc, 7, &rf); 4159 run_rt3070_rf_write(sc, 7, rf | 0x01); 4160 } 4161 4162 static void 4163 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4164 { 4165 int8_t txpow1, txpow2; 4166 uint32_t tmp; 4167 uint8_t rf; 4168 int i; 4169 4170 /* find the settings for this channel (we know it exists) */ 4171 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4172 4173 /* use Tx power values from EEPROM */ 4174 txpow1 = sc->txpow1[i]; 4175 txpow2 = sc->txpow2[i]; 4176 4177 if (chan <= 14) { 4178 run_bbp_write(sc, 25, sc->bbp25); 4179 run_bbp_write(sc, 26, sc->bbp26); 4180 } else { 4181 /* enable IQ phase correction */ 4182 run_bbp_write(sc, 25, 0x09); 4183 run_bbp_write(sc, 26, 0xff); 4184 } 4185 4186 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4187 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4188 run_rt3070_rf_read(sc, 6, &rf); 4189 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4190 rf |= (chan <= 14) ? 0x08 : 0x04; 4191 run_rt3070_rf_write(sc, 6, rf); 4192 4193 /* set PLL mode */ 4194 run_rt3070_rf_read(sc, 5, &rf); 4195 rf &= ~(0x08 | 0x04); 4196 rf |= (chan <= 14) ? 0x04 : 0x08; 4197 run_rt3070_rf_write(sc, 5, rf); 4198 4199 /* set Tx power for chain 0 */ 4200 if (chan <= 14) 4201 rf = 0x60 | txpow1; 4202 else 4203 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4204 run_rt3070_rf_write(sc, 12, rf); 4205 4206 /* set Tx power for chain 1 */ 4207 if (chan <= 14) 4208 rf = 0x60 | txpow2; 4209 else 4210 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4211 run_rt3070_rf_write(sc, 13, rf); 4212 4213 /* set Tx/Rx streams */ 4214 run_rt3070_rf_read(sc, 1, &rf); 4215 rf &= ~0xfc; 4216 if (sc->ntxchains == 1) 4217 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4218 else if (sc->ntxchains == 2) 4219 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4220 if (sc->nrxchains == 1) 4221 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4222 else if (sc->nrxchains == 2) 4223 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4224 run_rt3070_rf_write(sc, 1, rf); 4225 4226 /* set RF offset */ 4227 run_rt3070_rf_read(sc, 23, &rf); 4228 rf = (rf & ~0x7f) | sc->freq; 4229 run_rt3070_rf_write(sc, 23, rf); 4230 4231 /* program RF filter */ 4232 rf = sc->rf24_20mhz; 4233 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4234 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4235 4236 /* enable RF tuning */ 4237 run_rt3070_rf_read(sc, 7, &rf); 4238 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4239 run_rt3070_rf_write(sc, 7, rf); 4240 4241 /* TSSI */ 4242 rf = (chan <= 14) ? 0xc3 : 0xc0; 4243 run_rt3070_rf_write(sc, 9, rf); 4244 4245 /* set loop filter 1 */ 4246 run_rt3070_rf_write(sc, 10, 0xf1); 4247 /* set loop filter 2 */ 4248 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4249 4250 /* set tx_mx2_ic */ 4251 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4252 /* set tx_mx1_ic */ 4253 if (chan <= 14) 4254 rf = 0x48 | sc->txmixgain_2ghz; 4255 else 4256 rf = 0x78 | sc->txmixgain_5ghz; 4257 run_rt3070_rf_write(sc, 16, rf); 4258 4259 /* set tx_lo1 */ 4260 run_rt3070_rf_write(sc, 17, 0x23); 4261 /* set tx_lo2 */ 4262 if (chan <= 14) 4263 rf = 0x93; 4264 else if (chan <= 64) 4265 rf = 0xb7; 4266 else if (chan <= 128) 4267 rf = 0x74; 4268 else 4269 rf = 0x72; 4270 run_rt3070_rf_write(sc, 19, rf); 4271 4272 /* set rx_lo1 */ 4273 if (chan <= 14) 4274 rf = 0xb3; 4275 else if (chan <= 64) 4276 rf = 0xf6; 4277 else if (chan <= 128) 4278 rf = 0xf4; 4279 else 4280 rf = 0xf3; 4281 run_rt3070_rf_write(sc, 20, rf); 4282 4283 /* set pfd_delay */ 4284 if (chan <= 14) 4285 rf = 0x15; 4286 else if (chan <= 64) 4287 rf = 0x3d; 4288 else 4289 rf = 0x01; 4290 run_rt3070_rf_write(sc, 25, rf); 4291 4292 /* set rx_lo2 */ 4293 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4294 /* set ldo_rf_vc */ 4295 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4296 /* set drv_cc */ 4297 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4298 4299 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4300 tmp &= ~0x8080; 4301 if (chan <= 14) 4302 tmp |= 0x80; 4303 run_write(sc, RT2860_GPIO_CTRL, tmp); 4304 4305 /* enable RF tuning */ 4306 run_rt3070_rf_read(sc, 7, &rf); 4307 run_rt3070_rf_write(sc, 7, rf | 0x01); 4308 4309 run_delay(sc, 2); 4310 } 4311 4312 static void 4313 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4314 { 4315 int8_t txpow1, txpow2, txpow3; 4316 uint8_t h20mhz, rf; 4317 int i; 4318 4319 /* find the settings for this channel (we know it exists) */ 4320 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4321 4322 /* use Tx power values from EEPROM */ 4323 txpow1 = sc->txpow1[i]; 4324 txpow2 = sc->txpow2[i]; 4325 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4326 4327 if (chan <= 14) { 4328 run_bbp_write(sc, 25, sc->bbp25); 4329 run_bbp_write(sc, 26, sc->bbp26); 4330 } else { 4331 /* Enable IQ phase correction. */ 4332 run_bbp_write(sc, 25, 0x09); 4333 run_bbp_write(sc, 26, 0xff); 4334 } 4335 4336 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4337 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4338 run_rt3070_rf_read(sc, 11, &rf); 4339 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4340 run_rt3070_rf_write(sc, 11, rf); 4341 4342 /* Set pll_idoh. */ 4343 run_rt3070_rf_read(sc, 11, &rf); 4344 rf &= ~0x4c; 4345 rf |= (chan <= 14) ? 0x44 : 0x48; 4346 run_rt3070_rf_write(sc, 11, rf); 4347 4348 if (chan <= 14) 4349 rf = txpow1 & 0x1f; 4350 else 4351 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4352 run_rt3070_rf_write(sc, 53, rf); 4353 4354 if (chan <= 14) 4355 rf = txpow2 & 0x1f; 4356 else 4357 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4358 run_rt3070_rf_write(sc, 55, rf); 4359 4360 if (chan <= 14) 4361 rf = txpow3 & 0x1f; 4362 else 4363 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4364 run_rt3070_rf_write(sc, 54, rf); 4365 4366 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4367 if (sc->ntxchains == 3) 4368 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4369 else 4370 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4371 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4372 run_rt3070_rf_write(sc, 1, rf); 4373 4374 run_adjust_freq_offset(sc); 4375 4376 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4377 4378 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4379 run_rt3070_rf_read(sc, 30, &rf); 4380 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4381 run_rt3070_rf_write(sc, 30, rf); 4382 4383 run_rt3070_rf_read(sc, 36, &rf); 4384 if (chan <= 14) 4385 rf |= 0x80; 4386 else 4387 rf &= ~0x80; 4388 run_rt3070_rf_write(sc, 36, rf); 4389 4390 /* Set vcolo_bs. */ 4391 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4392 /* Set pfd_delay. */ 4393 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4394 4395 /* Set vco bias current control. */ 4396 run_rt3070_rf_read(sc, 6, &rf); 4397 rf &= ~0xc0; 4398 if (chan <= 14) 4399 rf |= 0x40; 4400 else if (chan <= 128) 4401 rf |= 0x80; 4402 else 4403 rf |= 0x40; 4404 run_rt3070_rf_write(sc, 6, rf); 4405 4406 run_rt3070_rf_read(sc, 30, &rf); 4407 rf = (rf & ~0x18) | 0x10; 4408 run_rt3070_rf_write(sc, 30, rf); 4409 4410 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4411 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4412 4413 run_rt3070_rf_read(sc, 51, &rf); 4414 rf = (rf & ~0x03) | 0x01; 4415 run_rt3070_rf_write(sc, 51, rf); 4416 /* Set tx_mx1_cc. */ 4417 run_rt3070_rf_read(sc, 51, &rf); 4418 rf &= ~0x1c; 4419 rf |= (chan <= 14) ? 0x14 : 0x10; 4420 run_rt3070_rf_write(sc, 51, rf); 4421 /* Set tx_mx1_ic. */ 4422 run_rt3070_rf_read(sc, 51, &rf); 4423 rf &= ~0xe0; 4424 rf |= (chan <= 14) ? 0x60 : 0x40; 4425 run_rt3070_rf_write(sc, 51, rf); 4426 /* Set tx_lo1_ic. */ 4427 run_rt3070_rf_read(sc, 49, &rf); 4428 rf &= ~0x1c; 4429 rf |= (chan <= 14) ? 0x0c : 0x08; 4430 run_rt3070_rf_write(sc, 49, rf); 4431 /* Set tx_lo1_en. */ 4432 run_rt3070_rf_read(sc, 50, &rf); 4433 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4434 /* Set drv_cc. */ 4435 run_rt3070_rf_read(sc, 57, &rf); 4436 rf &= ~0xfc; 4437 rf |= (chan <= 14) ? 0x6c : 0x3c; 4438 run_rt3070_rf_write(sc, 57, rf); 4439 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4440 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4441 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4442 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4443 /* Enable VCO calibration. */ 4444 run_rt3070_rf_read(sc, 3, &rf); 4445 rf &= ~RT5390_VCOCAL; 4446 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4447 run_rt3070_rf_write(sc, 3, rf); 4448 4449 if (chan <= 14) 4450 rf = 0x23; 4451 else if (chan <= 64) 4452 rf = 0x36; 4453 else if (chan <= 128) 4454 rf = 0x32; 4455 else 4456 rf = 0x30; 4457 run_rt3070_rf_write(sc, 39, rf); 4458 if (chan <= 14) 4459 rf = 0xbb; 4460 else if (chan <= 64) 4461 rf = 0xeb; 4462 else if (chan <= 128) 4463 rf = 0xb3; 4464 else 4465 rf = 0x9b; 4466 run_rt3070_rf_write(sc, 45, rf); 4467 4468 /* Set FEQ/AEQ control. */ 4469 run_bbp_write(sc, 105, 0x34); 4470 } 4471 4472 static void 4473 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4474 { 4475 int8_t txpow1, txpow2; 4476 uint8_t rf; 4477 int i; 4478 4479 /* find the settings for this channel (we know it exists) */ 4480 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4481 4482 /* use Tx power values from EEPROM */ 4483 txpow1 = sc->txpow1[i]; 4484 txpow2 = sc->txpow2[i]; 4485 4486 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4487 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4488 run_rt3070_rf_read(sc, 11, &rf); 4489 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4490 run_rt3070_rf_write(sc, 11, rf); 4491 4492 run_rt3070_rf_read(sc, 49, &rf); 4493 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4494 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4495 if ((rf & 0x3f) > 0x27) 4496 rf = (rf & ~0x3f) | 0x27; 4497 run_rt3070_rf_write(sc, 49, rf); 4498 4499 if (sc->mac_ver == 0x5392) { 4500 run_rt3070_rf_read(sc, 50, &rf); 4501 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4502 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4503 if ((rf & 0x3f) > 0x27) 4504 rf = (rf & ~0x3f) | 0x27; 4505 run_rt3070_rf_write(sc, 50, rf); 4506 } 4507 4508 run_rt3070_rf_read(sc, 1, &rf); 4509 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4510 if (sc->mac_ver == 0x5392) 4511 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4512 run_rt3070_rf_write(sc, 1, rf); 4513 4514 if (sc->mac_ver != 0x5392) { 4515 run_rt3070_rf_read(sc, 2, &rf); 4516 rf |= 0x80; 4517 run_rt3070_rf_write(sc, 2, rf); 4518 run_delay(sc, 10); 4519 rf &= 0x7f; 4520 run_rt3070_rf_write(sc, 2, rf); 4521 } 4522 4523 run_adjust_freq_offset(sc); 4524 4525 if (sc->mac_ver == 0x5392) { 4526 /* Fix for RT5392C. */ 4527 if (sc->mac_rev >= 0x0223) { 4528 if (chan <= 4) 4529 rf = 0x0f; 4530 else if (chan >= 5 && chan <= 7) 4531 rf = 0x0e; 4532 else 4533 rf = 0x0d; 4534 run_rt3070_rf_write(sc, 23, rf); 4535 4536 if (chan <= 4) 4537 rf = 0x0c; 4538 else if (chan == 5) 4539 rf = 0x0b; 4540 else if (chan >= 6 && chan <= 7) 4541 rf = 0x0a; 4542 else if (chan >= 8 && chan <= 10) 4543 rf = 0x09; 4544 else 4545 rf = 0x08; 4546 run_rt3070_rf_write(sc, 59, rf); 4547 } else { 4548 if (chan <= 11) 4549 rf = 0x0f; 4550 else 4551 rf = 0x0b; 4552 run_rt3070_rf_write(sc, 59, rf); 4553 } 4554 } else { 4555 /* Fix for RT5390F. */ 4556 if (sc->mac_rev >= 0x0502) { 4557 if (chan <= 11) 4558 rf = 0x43; 4559 else 4560 rf = 0x23; 4561 run_rt3070_rf_write(sc, 55, rf); 4562 4563 if (chan <= 11) 4564 rf = 0x0f; 4565 else if (chan == 12) 4566 rf = 0x0d; 4567 else 4568 rf = 0x0b; 4569 run_rt3070_rf_write(sc, 59, rf); 4570 } else { 4571 run_rt3070_rf_write(sc, 55, 0x44); 4572 run_rt3070_rf_write(sc, 59, 0x8f); 4573 } 4574 } 4575 4576 /* Enable VCO calibration. */ 4577 run_rt3070_rf_read(sc, 3, &rf); 4578 rf |= RT5390_VCOCAL; 4579 run_rt3070_rf_write(sc, 3, rf); 4580 } 4581 4582 static void 4583 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4584 { 4585 const struct rt5592_freqs *freqs; 4586 uint32_t tmp; 4587 uint8_t reg, rf, txpow_bound; 4588 int8_t txpow1, txpow2; 4589 int i; 4590 4591 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4592 freqs = (tmp & RT5592_SEL_XTAL) ? 4593 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4594 4595 /* find the settings for this channel (we know it exists) */ 4596 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4597 4598 /* use Tx power values from EEPROM */ 4599 txpow1 = sc->txpow1[i]; 4600 txpow2 = sc->txpow2[i]; 4601 4602 run_read(sc, RT3070_LDO_CFG0, &tmp); 4603 tmp &= ~0x1c000000; 4604 if (chan > 14) 4605 tmp |= 0x14000000; 4606 run_write(sc, RT3070_LDO_CFG0, tmp); 4607 4608 /* N setting. */ 4609 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4610 run_rt3070_rf_read(sc, 9, &rf); 4611 rf &= ~(1 << 4); 4612 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4613 run_rt3070_rf_write(sc, 9, rf); 4614 4615 /* K setting. */ 4616 run_rt3070_rf_read(sc, 9, &rf); 4617 rf &= ~0x0f; 4618 rf |= (freqs->k & 0x0f); 4619 run_rt3070_rf_write(sc, 9, rf); 4620 4621 /* Mode setting. */ 4622 run_rt3070_rf_read(sc, 11, &rf); 4623 rf &= ~0x0c; 4624 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4625 run_rt3070_rf_write(sc, 11, rf); 4626 run_rt3070_rf_read(sc, 9, &rf); 4627 rf &= ~(1 << 7); 4628 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4629 run_rt3070_rf_write(sc, 9, rf); 4630 4631 /* R setting. */ 4632 run_rt3070_rf_read(sc, 11, &rf); 4633 rf &= ~0x03; 4634 rf |= (freqs->r - 0x1); 4635 run_rt3070_rf_write(sc, 11, rf); 4636 4637 if (chan <= 14) { 4638 /* Initialize RF registers for 2GHZ. */ 4639 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4640 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4641 rt5592_2ghz_def_rf[i].val); 4642 } 4643 4644 rf = (chan <= 10) ? 0x07 : 0x06; 4645 run_rt3070_rf_write(sc, 23, rf); 4646 run_rt3070_rf_write(sc, 59, rf); 4647 4648 run_rt3070_rf_write(sc, 55, 0x43); 4649 4650 /* 4651 * RF R49/R50 Tx power ALC code. 4652 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4653 */ 4654 reg = 2; 4655 txpow_bound = 0x27; 4656 } else { 4657 /* Initialize RF registers for 5GHZ. */ 4658 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4659 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4660 rt5592_5ghz_def_rf[i].val); 4661 } 4662 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4663 if (chan >= rt5592_chan_5ghz[i].firstchan && 4664 chan <= rt5592_chan_5ghz[i].lastchan) { 4665 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4666 rt5592_chan_5ghz[i].val); 4667 } 4668 } 4669 4670 /* 4671 * RF R49/R50 Tx power ALC code. 4672 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4673 */ 4674 reg = 3; 4675 txpow_bound = 0x2b; 4676 } 4677 4678 /* RF R49 ch0 Tx power ALC code. */ 4679 run_rt3070_rf_read(sc, 49, &rf); 4680 rf &= ~0xc0; 4681 rf |= (reg << 6); 4682 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4683 if ((rf & 0x3f) > txpow_bound) 4684 rf = (rf & ~0x3f) | txpow_bound; 4685 run_rt3070_rf_write(sc, 49, rf); 4686 4687 /* RF R50 ch1 Tx power ALC code. */ 4688 run_rt3070_rf_read(sc, 50, &rf); 4689 rf &= ~(1 << 7 | 1 << 6); 4690 rf |= (reg << 6); 4691 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4692 if ((rf & 0x3f) > txpow_bound) 4693 rf = (rf & ~0x3f) | txpow_bound; 4694 run_rt3070_rf_write(sc, 50, rf); 4695 4696 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4697 run_rt3070_rf_read(sc, 1, &rf); 4698 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4699 if (sc->ntxchains > 1) 4700 rf |= RT3070_TX1_PD; 4701 if (sc->nrxchains > 1) 4702 rf |= RT3070_RX1_PD; 4703 run_rt3070_rf_write(sc, 1, rf); 4704 4705 run_rt3070_rf_write(sc, 6, 0xe4); 4706 4707 run_rt3070_rf_write(sc, 30, 0x10); 4708 run_rt3070_rf_write(sc, 31, 0x80); 4709 run_rt3070_rf_write(sc, 32, 0x80); 4710 4711 run_adjust_freq_offset(sc); 4712 4713 /* Enable VCO calibration. */ 4714 run_rt3070_rf_read(sc, 3, &rf); 4715 rf |= RT5390_VCOCAL; 4716 run_rt3070_rf_write(sc, 3, rf); 4717 } 4718 4719 static void 4720 run_set_rx_antenna(struct run_softc *sc, int aux) 4721 { 4722 uint32_t tmp; 4723 uint8_t bbp152; 4724 4725 if (aux) { 4726 if (sc->rf_rev == RT5390_RF_5370) { 4727 run_bbp_read(sc, 152, &bbp152); 4728 run_bbp_write(sc, 152, bbp152 & ~0x80); 4729 } else { 4730 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4731 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4732 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4733 } 4734 } else { 4735 if (sc->rf_rev == RT5390_RF_5370) { 4736 run_bbp_read(sc, 152, &bbp152); 4737 run_bbp_write(sc, 152, bbp152 | 0x80); 4738 } else { 4739 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4740 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4741 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4742 } 4743 } 4744 } 4745 4746 static int 4747 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4748 { 4749 struct ieee80211com *ic = &sc->sc_ic; 4750 u_int chan, group; 4751 4752 chan = ieee80211_chan2ieee(ic, c); 4753 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4754 return (EINVAL); 4755 4756 if (sc->mac_ver == 0x5592) 4757 run_rt5592_set_chan(sc, chan); 4758 else if (sc->mac_ver >= 0x5390) 4759 run_rt5390_set_chan(sc, chan); 4760 else if (sc->mac_ver == 0x3593) 4761 run_rt3593_set_chan(sc, chan); 4762 else if (sc->mac_ver == 0x3572) 4763 run_rt3572_set_chan(sc, chan); 4764 else if (sc->mac_ver >= 0x3070) 4765 run_rt3070_set_chan(sc, chan); 4766 else 4767 run_rt2870_set_chan(sc, chan); 4768 4769 /* determine channel group */ 4770 if (chan <= 14) 4771 group = 0; 4772 else if (chan <= 64) 4773 group = 1; 4774 else if (chan <= 128) 4775 group = 2; 4776 else 4777 group = 3; 4778 4779 /* XXX necessary only when group has changed! */ 4780 run_select_chan_group(sc, group); 4781 4782 run_delay(sc, 10); 4783 4784 /* Perform IQ calibration. */ 4785 if (sc->mac_ver >= 0x5392) 4786 run_iq_calib(sc, chan); 4787 4788 return (0); 4789 } 4790 4791 static void 4792 run_set_channel(struct ieee80211com *ic) 4793 { 4794 struct run_softc *sc = ic->ic_softc; 4795 4796 RUN_LOCK(sc); 4797 run_set_chan(sc, ic->ic_curchan); 4798 RUN_UNLOCK(sc); 4799 4800 return; 4801 } 4802 4803 static void 4804 run_scan_start(struct ieee80211com *ic) 4805 { 4806 struct run_softc *sc = ic->ic_softc; 4807 uint32_t tmp; 4808 4809 RUN_LOCK(sc); 4810 4811 /* abort TSF synchronization */ 4812 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4813 run_write(sc, RT2860_BCN_TIME_CFG, 4814 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4815 RT2860_TBTT_TIMER_EN)); 4816 run_set_bssid(sc, ieee80211broadcastaddr); 4817 4818 RUN_UNLOCK(sc); 4819 4820 return; 4821 } 4822 4823 static void 4824 run_scan_end(struct ieee80211com *ic) 4825 { 4826 struct run_softc *sc = ic->ic_softc; 4827 4828 RUN_LOCK(sc); 4829 4830 run_enable_tsf_sync(sc); 4831 /* XXX keep local copy */ 4832 run_set_bssid(sc, ic->ic_macaddr); 4833 4834 RUN_UNLOCK(sc); 4835 4836 return; 4837 } 4838 4839 /* 4840 * Could be called from ieee80211_node_timeout() 4841 * (non-sleepable thread) 4842 */ 4843 static void 4844 run_update_beacon(struct ieee80211vap *vap, int item) 4845 { 4846 struct ieee80211com *ic = vap->iv_ic; 4847 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4848 struct ieee80211_node *ni = vap->iv_bss; 4849 struct run_softc *sc = ic->ic_softc; 4850 struct run_vap *rvp = RUN_VAP(vap); 4851 int mcast = 0; 4852 uint32_t i; 4853 4854 switch (item) { 4855 case IEEE80211_BEACON_ERP: 4856 run_updateslot(ic); 4857 break; 4858 case IEEE80211_BEACON_HTINFO: 4859 run_updateprot(ic); 4860 break; 4861 case IEEE80211_BEACON_TIM: 4862 mcast = 1; /*TODO*/ 4863 break; 4864 default: 4865 break; 4866 } 4867 4868 setbit(bo->bo_flags, item); 4869 if (rvp->beacon_mbuf == NULL) { 4870 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4871 if (rvp->beacon_mbuf == NULL) 4872 return; 4873 } 4874 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4875 4876 i = RUN_CMDQ_GET(&sc->cmdq_store); 4877 DPRINTF("cmdq_store=%d\n", i); 4878 sc->cmdq[i].func = run_update_beacon_cb; 4879 sc->cmdq[i].arg0 = vap; 4880 ieee80211_runtask(ic, &sc->cmdq_task); 4881 4882 return; 4883 } 4884 4885 static void 4886 run_update_beacon_cb(void *arg) 4887 { 4888 struct ieee80211vap *vap = arg; 4889 struct ieee80211_node *ni = vap->iv_bss; 4890 struct run_vap *rvp = RUN_VAP(vap); 4891 struct ieee80211com *ic = vap->iv_ic; 4892 struct run_softc *sc = ic->ic_softc; 4893 struct rt2860_txwi txwi; 4894 struct mbuf *m; 4895 uint16_t txwisize; 4896 uint8_t ridx; 4897 4898 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4899 return; 4900 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4901 return; 4902 4903 /* 4904 * No need to call ieee80211_beacon_update(), run_update_beacon() 4905 * is taking care of apropriate calls. 4906 */ 4907 if (rvp->beacon_mbuf == NULL) { 4908 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4909 if (rvp->beacon_mbuf == NULL) 4910 return; 4911 } 4912 m = rvp->beacon_mbuf; 4913 4914 memset(&txwi, 0, sizeof(txwi)); 4915 txwi.wcid = 0xff; 4916 txwi.len = htole16(m->m_pkthdr.len); 4917 4918 /* send beacons at the lowest available rate */ 4919 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4920 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4921 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4922 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4923 txwi.phy |= htole16(RT2860_PHY_OFDM); 4924 txwi.txop = RT2860_TX_TXOP_HT; 4925 txwi.flags = RT2860_TX_TS; 4926 txwi.xflags = RT2860_TX_NSEQ; 4927 4928 txwisize = (sc->mac_ver == 0x5592) ? 4929 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4930 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4931 txwisize); 4932 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4933 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4934 } 4935 4936 static void 4937 run_updateprot(struct ieee80211com *ic) 4938 { 4939 struct run_softc *sc = ic->ic_softc; 4940 uint32_t i; 4941 4942 i = RUN_CMDQ_GET(&sc->cmdq_store); 4943 DPRINTF("cmdq_store=%d\n", i); 4944 sc->cmdq[i].func = run_updateprot_cb; 4945 sc->cmdq[i].arg0 = ic; 4946 ieee80211_runtask(ic, &sc->cmdq_task); 4947 } 4948 4949 static void 4950 run_updateprot_cb(void *arg) 4951 { 4952 struct ieee80211com *ic = arg; 4953 struct run_softc *sc = ic->ic_softc; 4954 uint32_t tmp; 4955 4956 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4957 /* setup protection frame rate (MCS code) */ 4958 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4959 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4960 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4961 4962 /* CCK frames don't require protection */ 4963 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4964 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4965 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4966 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4967 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4968 tmp |= RT2860_PROT_CTRL_CTS; 4969 } 4970 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4971 } 4972 4973 static void 4974 run_usb_timeout_cb(void *arg) 4975 { 4976 struct ieee80211vap *vap = arg; 4977 struct run_softc *sc = vap->iv_ic->ic_softc; 4978 4979 RUN_LOCK_ASSERT(sc, MA_OWNED); 4980 4981 if(vap->iv_state == IEEE80211_S_RUN && 4982 vap->iv_opmode != IEEE80211_M_STA) 4983 run_reset_livelock(sc); 4984 else if (vap->iv_state == IEEE80211_S_SCAN) { 4985 DPRINTF("timeout caused by scan\n"); 4986 /* cancel bgscan */ 4987 ieee80211_cancel_scan(vap); 4988 } else 4989 DPRINTF("timeout by unknown cause\n"); 4990 } 4991 4992 static void 4993 run_reset_livelock(struct run_softc *sc) 4994 { 4995 uint32_t tmp; 4996 4997 RUN_LOCK_ASSERT(sc, MA_OWNED); 4998 4999 /* 5000 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5001 * can run into a livelock and start sending CTS-to-self frames like 5002 * crazy if protection is enabled. Reset MAC/BBP for a while 5003 */ 5004 run_read(sc, RT2860_DEBUG, &tmp); 5005 DPRINTFN(3, "debug reg %08x\n", tmp); 5006 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5007 DPRINTF("CTS-to-self livelock detected\n"); 5008 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5009 run_delay(sc, 1); 5010 run_write(sc, RT2860_MAC_SYS_CTRL, 5011 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5012 } 5013 } 5014 5015 static void 5016 run_update_promisc_locked(struct run_softc *sc) 5017 { 5018 uint32_t tmp; 5019 5020 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5021 5022 tmp |= RT2860_DROP_UC_NOME; 5023 if (sc->sc_ic.ic_promisc > 0) 5024 tmp &= ~RT2860_DROP_UC_NOME; 5025 5026 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5027 5028 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5029 "entering" : "leaving"); 5030 } 5031 5032 static void 5033 run_update_promisc(struct ieee80211com *ic) 5034 { 5035 struct run_softc *sc = ic->ic_softc; 5036 5037 if ((sc->sc_flags & RUN_RUNNING) == 0) 5038 return; 5039 5040 RUN_LOCK(sc); 5041 run_update_promisc_locked(sc); 5042 RUN_UNLOCK(sc); 5043 } 5044 5045 static void 5046 run_enable_tsf_sync(struct run_softc *sc) 5047 { 5048 struct ieee80211com *ic = &sc->sc_ic; 5049 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5050 uint32_t tmp; 5051 5052 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5053 ic->ic_opmode); 5054 5055 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5056 tmp &= ~0x1fffff; 5057 tmp |= vap->iv_bss->ni_intval * 16; 5058 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5059 5060 if (ic->ic_opmode == IEEE80211_M_STA) { 5061 /* 5062 * Local TSF is always updated with remote TSF on beacon 5063 * reception. 5064 */ 5065 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5066 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5067 tmp |= RT2860_BCN_TX_EN; 5068 /* 5069 * Local TSF is updated with remote TSF on beacon reception 5070 * only if the remote TSF is greater than local TSF. 5071 */ 5072 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5073 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5074 ic->ic_opmode == IEEE80211_M_MBSS) { 5075 tmp |= RT2860_BCN_TX_EN; 5076 /* SYNC with nobody */ 5077 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5078 } else { 5079 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5080 return; 5081 } 5082 5083 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5084 } 5085 5086 static void 5087 run_enable_tsf(struct run_softc *sc) 5088 { 5089 uint32_t tmp; 5090 5091 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5092 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5093 tmp |= RT2860_TSF_TIMER_EN; 5094 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5095 } 5096 } 5097 5098 static void 5099 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5100 { 5101 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5102 sizeof(*buf)); 5103 } 5104 5105 static void 5106 run_enable_mrr(struct run_softc *sc) 5107 { 5108 #define CCK(mcs) (mcs) 5109 #define OFDM(mcs) (1 << 3 | (mcs)) 5110 run_write(sc, RT2860_LG_FBK_CFG0, 5111 OFDM(6) << 28 | /* 54->48 */ 5112 OFDM(5) << 24 | /* 48->36 */ 5113 OFDM(4) << 20 | /* 36->24 */ 5114 OFDM(3) << 16 | /* 24->18 */ 5115 OFDM(2) << 12 | /* 18->12 */ 5116 OFDM(1) << 8 | /* 12-> 9 */ 5117 OFDM(0) << 4 | /* 9-> 6 */ 5118 OFDM(0)); /* 6-> 6 */ 5119 5120 run_write(sc, RT2860_LG_FBK_CFG1, 5121 CCK(2) << 12 | /* 11->5.5 */ 5122 CCK(1) << 8 | /* 5.5-> 2 */ 5123 CCK(0) << 4 | /* 2-> 1 */ 5124 CCK(0)); /* 1-> 1 */ 5125 #undef OFDM 5126 #undef CCK 5127 } 5128 5129 static void 5130 run_set_txpreamble(struct run_softc *sc) 5131 { 5132 struct ieee80211com *ic = &sc->sc_ic; 5133 uint32_t tmp; 5134 5135 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5136 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5137 tmp |= RT2860_CCK_SHORT_EN; 5138 else 5139 tmp &= ~RT2860_CCK_SHORT_EN; 5140 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5141 } 5142 5143 static void 5144 run_set_basicrates(struct run_softc *sc) 5145 { 5146 struct ieee80211com *ic = &sc->sc_ic; 5147 5148 /* set basic rates mask */ 5149 if (ic->ic_curmode == IEEE80211_MODE_11B) 5150 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5151 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5152 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5153 else /* 11g */ 5154 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5155 } 5156 5157 static void 5158 run_set_leds(struct run_softc *sc, uint16_t which) 5159 { 5160 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5161 which | (sc->leds & 0x7f)); 5162 } 5163 5164 static void 5165 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5166 { 5167 run_write(sc, RT2860_MAC_BSSID_DW0, 5168 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5169 run_write(sc, RT2860_MAC_BSSID_DW1, 5170 bssid[4] | bssid[5] << 8); 5171 } 5172 5173 static void 5174 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5175 { 5176 run_write(sc, RT2860_MAC_ADDR_DW0, 5177 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5178 run_write(sc, RT2860_MAC_ADDR_DW1, 5179 addr[4] | addr[5] << 8 | 0xff << 16); 5180 } 5181 5182 static void 5183 run_updateslot(struct ieee80211com *ic) 5184 { 5185 struct run_softc *sc = ic->ic_softc; 5186 uint32_t i; 5187 5188 i = RUN_CMDQ_GET(&sc->cmdq_store); 5189 DPRINTF("cmdq_store=%d\n", i); 5190 sc->cmdq[i].func = run_updateslot_cb; 5191 sc->cmdq[i].arg0 = ic; 5192 ieee80211_runtask(ic, &sc->cmdq_task); 5193 5194 return; 5195 } 5196 5197 /* ARGSUSED */ 5198 static void 5199 run_updateslot_cb(void *arg) 5200 { 5201 struct ieee80211com *ic = arg; 5202 struct run_softc *sc = ic->ic_softc; 5203 uint32_t tmp; 5204 5205 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5206 tmp &= ~0xff; 5207 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5208 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5209 } 5210 5211 static void 5212 run_update_mcast(struct ieee80211com *ic) 5213 { 5214 } 5215 5216 static int8_t 5217 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5218 { 5219 struct ieee80211com *ic = &sc->sc_ic; 5220 struct ieee80211_channel *c = ic->ic_curchan; 5221 int delta; 5222 5223 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5224 u_int chan = ieee80211_chan2ieee(ic, c); 5225 delta = sc->rssi_5ghz[rxchain]; 5226 5227 /* determine channel group */ 5228 if (chan <= 64) 5229 delta -= sc->lna[1]; 5230 else if (chan <= 128) 5231 delta -= sc->lna[2]; 5232 else 5233 delta -= sc->lna[3]; 5234 } else 5235 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5236 5237 return (-12 - delta - rssi); 5238 } 5239 5240 static void 5241 run_rt5390_bbp_init(struct run_softc *sc) 5242 { 5243 int i; 5244 uint8_t bbp; 5245 5246 /* Apply maximum likelihood detection for 2 stream case. */ 5247 run_bbp_read(sc, 105, &bbp); 5248 if (sc->nrxchains > 1) 5249 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5250 5251 /* Avoid data lost and CRC error. */ 5252 run_bbp_read(sc, 4, &bbp); 5253 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5254 5255 if (sc->mac_ver == 0x5592) { 5256 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5257 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5258 rt5592_def_bbp[i].val); 5259 } 5260 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5261 run_bbp_write(sc, 195, i + 0x80); 5262 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5263 } 5264 } else { 5265 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5266 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5267 rt5390_def_bbp[i].val); 5268 } 5269 } 5270 if (sc->mac_ver == 0x5392) { 5271 run_bbp_write(sc, 88, 0x90); 5272 run_bbp_write(sc, 95, 0x9a); 5273 run_bbp_write(sc, 98, 0x12); 5274 run_bbp_write(sc, 106, 0x12); 5275 run_bbp_write(sc, 134, 0xd0); 5276 run_bbp_write(sc, 135, 0xf6); 5277 run_bbp_write(sc, 148, 0x84); 5278 } 5279 5280 run_bbp_read(sc, 152, &bbp); 5281 run_bbp_write(sc, 152, bbp | 0x80); 5282 5283 /* Fix BBP254 for RT5592C. */ 5284 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5285 run_bbp_read(sc, 254, &bbp); 5286 run_bbp_write(sc, 254, bbp | 0x80); 5287 } 5288 5289 /* Disable hardware antenna diversity. */ 5290 if (sc->mac_ver == 0x5390) 5291 run_bbp_write(sc, 154, 0); 5292 5293 /* Initialize Rx CCK/OFDM frequency offset report. */ 5294 run_bbp_write(sc, 142, 1); 5295 run_bbp_write(sc, 143, 57); 5296 } 5297 5298 static int 5299 run_bbp_init(struct run_softc *sc) 5300 { 5301 int i, error, ntries; 5302 uint8_t bbp0; 5303 5304 /* wait for BBP to wake up */ 5305 for (ntries = 0; ntries < 20; ntries++) { 5306 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5307 return error; 5308 if (bbp0 != 0 && bbp0 != 0xff) 5309 break; 5310 } 5311 if (ntries == 20) 5312 return (ETIMEDOUT); 5313 5314 /* initialize BBP registers to default values */ 5315 if (sc->mac_ver >= 0x5390) 5316 run_rt5390_bbp_init(sc); 5317 else { 5318 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5319 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5320 rt2860_def_bbp[i].val); 5321 } 5322 } 5323 5324 if (sc->mac_ver == 0x3593) { 5325 run_bbp_write(sc, 79, 0x13); 5326 run_bbp_write(sc, 80, 0x05); 5327 run_bbp_write(sc, 81, 0x33); 5328 run_bbp_write(sc, 86, 0x46); 5329 run_bbp_write(sc, 137, 0x0f); 5330 } 5331 5332 /* fix BBP84 for RT2860E */ 5333 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5334 run_bbp_write(sc, 84, 0x19); 5335 5336 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5337 sc->mac_ver != 0x5592)) { 5338 run_bbp_write(sc, 79, 0x13); 5339 run_bbp_write(sc, 80, 0x05); 5340 run_bbp_write(sc, 81, 0x33); 5341 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5342 run_bbp_write(sc, 69, 0x16); 5343 run_bbp_write(sc, 73, 0x12); 5344 } 5345 return (0); 5346 } 5347 5348 static int 5349 run_rt3070_rf_init(struct run_softc *sc) 5350 { 5351 uint32_t tmp; 5352 uint8_t bbp4, mingain, rf, target; 5353 int i; 5354 5355 run_rt3070_rf_read(sc, 30, &rf); 5356 /* toggle RF R30 bit 7 */ 5357 run_rt3070_rf_write(sc, 30, rf | 0x80); 5358 run_delay(sc, 10); 5359 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5360 5361 /* initialize RF registers to default value */ 5362 if (sc->mac_ver == 0x3572) { 5363 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5364 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5365 rt3572_def_rf[i].val); 5366 } 5367 } else { 5368 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5369 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5370 rt3070_def_rf[i].val); 5371 } 5372 } 5373 5374 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5375 /* 5376 * Change voltage from 1.2V to 1.35V for RT3070. 5377 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5378 * in RT3070(F). 5379 */ 5380 run_read(sc, RT3070_LDO_CFG0, &tmp); 5381 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5382 run_write(sc, RT3070_LDO_CFG0, tmp); 5383 5384 } else if (sc->mac_ver == 0x3071) { 5385 run_rt3070_rf_read(sc, 6, &rf); 5386 run_rt3070_rf_write(sc, 6, rf | 0x40); 5387 run_rt3070_rf_write(sc, 31, 0x14); 5388 5389 run_read(sc, RT3070_LDO_CFG0, &tmp); 5390 tmp &= ~0x1f000000; 5391 if (sc->mac_rev < 0x0211) 5392 tmp |= 0x0d000000; /* 1.3V */ 5393 else 5394 tmp |= 0x01000000; /* 1.2V */ 5395 run_write(sc, RT3070_LDO_CFG0, tmp); 5396 5397 /* patch LNA_PE_G1 */ 5398 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5399 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5400 5401 } else if (sc->mac_ver == 0x3572) { 5402 run_rt3070_rf_read(sc, 6, &rf); 5403 run_rt3070_rf_write(sc, 6, rf | 0x40); 5404 5405 /* increase voltage from 1.2V to 1.35V */ 5406 run_read(sc, RT3070_LDO_CFG0, &tmp); 5407 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5408 run_write(sc, RT3070_LDO_CFG0, tmp); 5409 5410 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5411 run_delay(sc, 1); /* wait for 1msec */ 5412 /* decrease voltage back to 1.2V */ 5413 tmp = (tmp & ~0x1f000000) | 0x01000000; 5414 run_write(sc, RT3070_LDO_CFG0, tmp); 5415 } 5416 } 5417 5418 /* select 20MHz bandwidth */ 5419 run_rt3070_rf_read(sc, 31, &rf); 5420 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5421 5422 /* calibrate filter for 20MHz bandwidth */ 5423 sc->rf24_20mhz = 0x1f; /* default value */ 5424 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5425 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5426 5427 /* select 40MHz bandwidth */ 5428 run_bbp_read(sc, 4, &bbp4); 5429 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5430 run_rt3070_rf_read(sc, 31, &rf); 5431 run_rt3070_rf_write(sc, 31, rf | 0x20); 5432 5433 /* calibrate filter for 40MHz bandwidth */ 5434 sc->rf24_40mhz = 0x2f; /* default value */ 5435 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5436 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5437 5438 /* go back to 20MHz bandwidth */ 5439 run_bbp_read(sc, 4, &bbp4); 5440 run_bbp_write(sc, 4, bbp4 & ~0x18); 5441 5442 if (sc->mac_ver == 0x3572) { 5443 /* save default BBP registers 25 and 26 values */ 5444 run_bbp_read(sc, 25, &sc->bbp25); 5445 run_bbp_read(sc, 26, &sc->bbp26); 5446 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5447 run_rt3070_rf_write(sc, 27, 0x03); 5448 5449 run_read(sc, RT3070_OPT_14, &tmp); 5450 run_write(sc, RT3070_OPT_14, tmp | 1); 5451 5452 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5453 run_rt3070_rf_read(sc, 17, &rf); 5454 rf &= ~RT3070_TX_LO1; 5455 if ((sc->mac_ver == 0x3070 || 5456 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5457 !sc->ext_2ghz_lna) 5458 rf |= 0x20; /* fix for long range Rx issue */ 5459 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5460 if (sc->txmixgain_2ghz >= mingain) 5461 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5462 run_rt3070_rf_write(sc, 17, rf); 5463 } 5464 5465 if (sc->mac_ver == 0x3071) { 5466 run_rt3070_rf_read(sc, 1, &rf); 5467 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5468 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5469 run_rt3070_rf_write(sc, 1, rf); 5470 5471 run_rt3070_rf_read(sc, 15, &rf); 5472 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5473 5474 run_rt3070_rf_read(sc, 20, &rf); 5475 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5476 5477 run_rt3070_rf_read(sc, 21, &rf); 5478 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5479 } 5480 5481 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5482 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5483 run_rt3070_rf_read(sc, 27, &rf); 5484 rf &= ~0x77; 5485 if (sc->mac_rev < 0x0211) 5486 rf |= 0x03; 5487 run_rt3070_rf_write(sc, 27, rf); 5488 } 5489 return (0); 5490 } 5491 5492 static void 5493 run_rt3593_rf_init(struct run_softc *sc) 5494 { 5495 uint32_t tmp; 5496 uint8_t rf; 5497 int i; 5498 5499 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5500 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5501 tmp &= ~(1 << 4 | 1 << 7); 5502 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5503 5504 /* Initialize RF registers to default value. */ 5505 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5506 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5507 rt3593_def_rf[i].val); 5508 } 5509 5510 /* Toggle RF R2 to initiate calibration. */ 5511 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5512 5513 /* Initialize RF frequency offset. */ 5514 run_adjust_freq_offset(sc); 5515 5516 run_rt3070_rf_read(sc, 18, &rf); 5517 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5518 5519 /* 5520 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5521 * decrease voltage back to 1.2V. 5522 */ 5523 run_read(sc, RT3070_LDO_CFG0, &tmp); 5524 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5525 run_write(sc, RT3070_LDO_CFG0, tmp); 5526 run_delay(sc, 1); 5527 tmp = (tmp & ~0x1f000000) | 0x01000000; 5528 run_write(sc, RT3070_LDO_CFG0, tmp); 5529 5530 sc->rf24_20mhz = 0x1f; 5531 sc->rf24_40mhz = 0x2f; 5532 5533 /* Save default BBP registers 25 and 26 values. */ 5534 run_bbp_read(sc, 25, &sc->bbp25); 5535 run_bbp_read(sc, 26, &sc->bbp26); 5536 5537 run_read(sc, RT3070_OPT_14, &tmp); 5538 run_write(sc, RT3070_OPT_14, tmp | 1); 5539 } 5540 5541 static void 5542 run_rt5390_rf_init(struct run_softc *sc) 5543 { 5544 uint32_t tmp; 5545 uint8_t rf; 5546 int i; 5547 5548 /* Toggle RF R2 to initiate calibration. */ 5549 if (sc->mac_ver == 0x5390) { 5550 run_rt3070_rf_read(sc, 2, &rf); 5551 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5552 run_delay(sc, 10); 5553 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5554 } else { 5555 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5556 run_delay(sc, 10); 5557 } 5558 5559 /* Initialize RF registers to default value. */ 5560 if (sc->mac_ver == 0x5592) { 5561 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5562 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5563 rt5592_def_rf[i].val); 5564 } 5565 /* Initialize RF frequency offset. */ 5566 run_adjust_freq_offset(sc); 5567 } else if (sc->mac_ver == 0x5392) { 5568 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5569 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5570 rt5392_def_rf[i].val); 5571 } 5572 if (sc->mac_rev >= 0x0223) { 5573 run_rt3070_rf_write(sc, 23, 0x0f); 5574 run_rt3070_rf_write(sc, 24, 0x3e); 5575 run_rt3070_rf_write(sc, 51, 0x32); 5576 run_rt3070_rf_write(sc, 53, 0x22); 5577 run_rt3070_rf_write(sc, 56, 0xc1); 5578 run_rt3070_rf_write(sc, 59, 0x0f); 5579 } 5580 } else { 5581 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5582 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5583 rt5390_def_rf[i].val); 5584 } 5585 if (sc->mac_rev >= 0x0502) { 5586 run_rt3070_rf_write(sc, 6, 0xe0); 5587 run_rt3070_rf_write(sc, 25, 0x80); 5588 run_rt3070_rf_write(sc, 46, 0x73); 5589 run_rt3070_rf_write(sc, 53, 0x00); 5590 run_rt3070_rf_write(sc, 56, 0x42); 5591 run_rt3070_rf_write(sc, 61, 0xd1); 5592 } 5593 } 5594 5595 sc->rf24_20mhz = 0x1f; /* default value */ 5596 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5597 5598 if (sc->mac_rev < 0x0211) 5599 run_rt3070_rf_write(sc, 27, 0x3); 5600 5601 run_read(sc, RT3070_OPT_14, &tmp); 5602 run_write(sc, RT3070_OPT_14, tmp | 1); 5603 } 5604 5605 static int 5606 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5607 uint8_t *val) 5608 { 5609 uint8_t rf22, rf24; 5610 uint8_t bbp55_pb, bbp55_sb, delta; 5611 int ntries; 5612 5613 /* program filter */ 5614 run_rt3070_rf_read(sc, 24, &rf24); 5615 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5616 run_rt3070_rf_write(sc, 24, rf24); 5617 5618 /* enable baseband loopback mode */ 5619 run_rt3070_rf_read(sc, 22, &rf22); 5620 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5621 5622 /* set power and frequency of passband test tone */ 5623 run_bbp_write(sc, 24, 0x00); 5624 for (ntries = 0; ntries < 100; ntries++) { 5625 /* transmit test tone */ 5626 run_bbp_write(sc, 25, 0x90); 5627 run_delay(sc, 10); 5628 /* read received power */ 5629 run_bbp_read(sc, 55, &bbp55_pb); 5630 if (bbp55_pb != 0) 5631 break; 5632 } 5633 if (ntries == 100) 5634 return (ETIMEDOUT); 5635 5636 /* set power and frequency of stopband test tone */ 5637 run_bbp_write(sc, 24, 0x06); 5638 for (ntries = 0; ntries < 100; ntries++) { 5639 /* transmit test tone */ 5640 run_bbp_write(sc, 25, 0x90); 5641 run_delay(sc, 10); 5642 /* read received power */ 5643 run_bbp_read(sc, 55, &bbp55_sb); 5644 5645 delta = bbp55_pb - bbp55_sb; 5646 if (delta > target) 5647 break; 5648 5649 /* reprogram filter */ 5650 rf24++; 5651 run_rt3070_rf_write(sc, 24, rf24); 5652 } 5653 if (ntries < 100) { 5654 if (rf24 != init) 5655 rf24--; /* backtrack */ 5656 *val = rf24; 5657 run_rt3070_rf_write(sc, 24, rf24); 5658 } 5659 5660 /* restore initial state */ 5661 run_bbp_write(sc, 24, 0x00); 5662 5663 /* disable baseband loopback mode */ 5664 run_rt3070_rf_read(sc, 22, &rf22); 5665 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5666 5667 return (0); 5668 } 5669 5670 static void 5671 run_rt3070_rf_setup(struct run_softc *sc) 5672 { 5673 uint8_t bbp, rf; 5674 int i; 5675 5676 if (sc->mac_ver == 0x3572) { 5677 /* enable DC filter */ 5678 if (sc->mac_rev >= 0x0201) 5679 run_bbp_write(sc, 103, 0xc0); 5680 5681 run_bbp_read(sc, 138, &bbp); 5682 if (sc->ntxchains == 1) 5683 bbp |= 0x20; /* turn off DAC1 */ 5684 if (sc->nrxchains == 1) 5685 bbp &= ~0x02; /* turn off ADC1 */ 5686 run_bbp_write(sc, 138, bbp); 5687 5688 if (sc->mac_rev >= 0x0211) { 5689 /* improve power consumption */ 5690 run_bbp_read(sc, 31, &bbp); 5691 run_bbp_write(sc, 31, bbp & ~0x03); 5692 } 5693 5694 run_rt3070_rf_read(sc, 16, &rf); 5695 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5696 run_rt3070_rf_write(sc, 16, rf); 5697 5698 } else if (sc->mac_ver == 0x3071) { 5699 if (sc->mac_rev >= 0x0211) { 5700 /* enable DC filter */ 5701 run_bbp_write(sc, 103, 0xc0); 5702 5703 /* improve power consumption */ 5704 run_bbp_read(sc, 31, &bbp); 5705 run_bbp_write(sc, 31, bbp & ~0x03); 5706 } 5707 5708 run_bbp_read(sc, 138, &bbp); 5709 if (sc->ntxchains == 1) 5710 bbp |= 0x20; /* turn off DAC1 */ 5711 if (sc->nrxchains == 1) 5712 bbp &= ~0x02; /* turn off ADC1 */ 5713 run_bbp_write(sc, 138, bbp); 5714 5715 run_write(sc, RT2860_TX_SW_CFG1, 0); 5716 if (sc->mac_rev < 0x0211) { 5717 run_write(sc, RT2860_TX_SW_CFG2, 5718 sc->patch_dac ? 0x2c : 0x0f); 5719 } else 5720 run_write(sc, RT2860_TX_SW_CFG2, 0); 5721 5722 } else if (sc->mac_ver == 0x3070) { 5723 if (sc->mac_rev >= 0x0201) { 5724 /* enable DC filter */ 5725 run_bbp_write(sc, 103, 0xc0); 5726 5727 /* improve power consumption */ 5728 run_bbp_read(sc, 31, &bbp); 5729 run_bbp_write(sc, 31, bbp & ~0x03); 5730 } 5731 5732 if (sc->mac_rev < 0x0201) { 5733 run_write(sc, RT2860_TX_SW_CFG1, 0); 5734 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5735 } else 5736 run_write(sc, RT2860_TX_SW_CFG2, 0); 5737 } 5738 5739 /* initialize RF registers from ROM for >=RT3071*/ 5740 if (sc->mac_ver >= 0x3071) { 5741 for (i = 0; i < 10; i++) { 5742 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5743 continue; 5744 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5745 } 5746 } 5747 } 5748 5749 static void 5750 run_rt3593_rf_setup(struct run_softc *sc) 5751 { 5752 uint8_t bbp, rf; 5753 5754 if (sc->mac_rev >= 0x0211) { 5755 /* Enable DC filter. */ 5756 run_bbp_write(sc, 103, 0xc0); 5757 } 5758 run_write(sc, RT2860_TX_SW_CFG1, 0); 5759 if (sc->mac_rev < 0x0211) { 5760 run_write(sc, RT2860_TX_SW_CFG2, 5761 sc->patch_dac ? 0x2c : 0x0f); 5762 } else 5763 run_write(sc, RT2860_TX_SW_CFG2, 0); 5764 5765 run_rt3070_rf_read(sc, 50, &rf); 5766 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5767 5768 run_rt3070_rf_read(sc, 51, &rf); 5769 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5770 ((sc->txmixgain_2ghz & 0x07) << 2); 5771 run_rt3070_rf_write(sc, 51, rf); 5772 5773 run_rt3070_rf_read(sc, 38, &rf); 5774 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5775 5776 run_rt3070_rf_read(sc, 39, &rf); 5777 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5778 5779 run_rt3070_rf_read(sc, 1, &rf); 5780 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5781 5782 run_rt3070_rf_read(sc, 30, &rf); 5783 rf = (rf & ~0x18) | 0x10; 5784 run_rt3070_rf_write(sc, 30, rf); 5785 5786 /* Apply maximum likelihood detection for 2 stream case. */ 5787 run_bbp_read(sc, 105, &bbp); 5788 if (sc->nrxchains > 1) 5789 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5790 5791 /* Avoid data lost and CRC error. */ 5792 run_bbp_read(sc, 4, &bbp); 5793 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5794 5795 run_bbp_write(sc, 92, 0x02); 5796 run_bbp_write(sc, 82, 0x82); 5797 run_bbp_write(sc, 106, 0x05); 5798 run_bbp_write(sc, 104, 0x92); 5799 run_bbp_write(sc, 88, 0x90); 5800 run_bbp_write(sc, 148, 0xc8); 5801 run_bbp_write(sc, 47, 0x48); 5802 run_bbp_write(sc, 120, 0x50); 5803 5804 run_bbp_write(sc, 163, 0x9d); 5805 5806 /* SNR mapping. */ 5807 run_bbp_write(sc, 142, 0x06); 5808 run_bbp_write(sc, 143, 0xa0); 5809 run_bbp_write(sc, 142, 0x07); 5810 run_bbp_write(sc, 143, 0xa1); 5811 run_bbp_write(sc, 142, 0x08); 5812 run_bbp_write(sc, 143, 0xa2); 5813 5814 run_bbp_write(sc, 31, 0x08); 5815 run_bbp_write(sc, 68, 0x0b); 5816 run_bbp_write(sc, 105, 0x04); 5817 } 5818 5819 static void 5820 run_rt5390_rf_setup(struct run_softc *sc) 5821 { 5822 uint8_t bbp, rf; 5823 5824 if (sc->mac_rev >= 0x0211) { 5825 /* Enable DC filter. */ 5826 run_bbp_write(sc, 103, 0xc0); 5827 5828 if (sc->mac_ver != 0x5592) { 5829 /* Improve power consumption. */ 5830 run_bbp_read(sc, 31, &bbp); 5831 run_bbp_write(sc, 31, bbp & ~0x03); 5832 } 5833 } 5834 5835 run_bbp_read(sc, 138, &bbp); 5836 if (sc->ntxchains == 1) 5837 bbp |= 0x20; /* turn off DAC1 */ 5838 if (sc->nrxchains == 1) 5839 bbp &= ~0x02; /* turn off ADC1 */ 5840 run_bbp_write(sc, 138, bbp); 5841 5842 run_rt3070_rf_read(sc, 38, &rf); 5843 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5844 5845 run_rt3070_rf_read(sc, 39, &rf); 5846 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5847 5848 /* Avoid data lost and CRC error. */ 5849 run_bbp_read(sc, 4, &bbp); 5850 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5851 5852 run_rt3070_rf_read(sc, 30, &rf); 5853 rf = (rf & ~0x18) | 0x10; 5854 run_rt3070_rf_write(sc, 30, rf); 5855 5856 if (sc->mac_ver != 0x5592) { 5857 run_write(sc, RT2860_TX_SW_CFG1, 0); 5858 if (sc->mac_rev < 0x0211) { 5859 run_write(sc, RT2860_TX_SW_CFG2, 5860 sc->patch_dac ? 0x2c : 0x0f); 5861 } else 5862 run_write(sc, RT2860_TX_SW_CFG2, 0); 5863 } 5864 } 5865 5866 static int 5867 run_txrx_enable(struct run_softc *sc) 5868 { 5869 struct ieee80211com *ic = &sc->sc_ic; 5870 uint32_t tmp; 5871 int error, ntries; 5872 5873 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5874 for (ntries = 0; ntries < 200; ntries++) { 5875 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5876 return (error); 5877 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5878 break; 5879 run_delay(sc, 50); 5880 } 5881 if (ntries == 200) 5882 return (ETIMEDOUT); 5883 5884 run_delay(sc, 50); 5885 5886 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5887 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5888 5889 /* enable Rx bulk aggregation (set timeout and limit) */ 5890 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5891 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5892 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5893 5894 /* set Rx filter */ 5895 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5896 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5897 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5898 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5899 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5900 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5901 if (ic->ic_opmode == IEEE80211_M_STA) 5902 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5903 } 5904 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5905 5906 run_write(sc, RT2860_MAC_SYS_CTRL, 5907 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5908 5909 return (0); 5910 } 5911 5912 static void 5913 run_adjust_freq_offset(struct run_softc *sc) 5914 { 5915 uint8_t rf, tmp; 5916 5917 run_rt3070_rf_read(sc, 17, &rf); 5918 tmp = rf; 5919 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5920 rf = MIN(rf, 0x5f); 5921 5922 if (tmp != rf) 5923 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5924 } 5925 5926 static void 5927 run_init_locked(struct run_softc *sc) 5928 { 5929 struct ieee80211com *ic = &sc->sc_ic; 5930 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5931 uint32_t tmp; 5932 uint8_t bbp1, bbp3; 5933 int i; 5934 int ridx; 5935 int ntries; 5936 5937 if (ic->ic_nrunning > 1) 5938 return; 5939 5940 run_stop(sc); 5941 5942 if (run_load_microcode(sc) != 0) { 5943 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5944 goto fail; 5945 } 5946 5947 for (ntries = 0; ntries < 100; ntries++) { 5948 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5949 goto fail; 5950 if (tmp != 0 && tmp != 0xffffffff) 5951 break; 5952 run_delay(sc, 10); 5953 } 5954 if (ntries == 100) 5955 goto fail; 5956 5957 for (i = 0; i != RUN_EP_QUEUES; i++) 5958 run_setup_tx_list(sc, &sc->sc_epq[i]); 5959 5960 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5961 5962 for (ntries = 0; ntries < 100; ntries++) { 5963 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5964 goto fail; 5965 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5966 break; 5967 run_delay(sc, 10); 5968 } 5969 if (ntries == 100) { 5970 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5971 goto fail; 5972 } 5973 tmp &= 0xff0; 5974 tmp |= RT2860_TX_WB_DDONE; 5975 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5976 5977 /* turn off PME_OEN to solve high-current issue */ 5978 run_read(sc, RT2860_SYS_CTRL, &tmp); 5979 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5980 5981 run_write(sc, RT2860_MAC_SYS_CTRL, 5982 RT2860_BBP_HRST | RT2860_MAC_SRST); 5983 run_write(sc, RT2860_USB_DMA_CFG, 0); 5984 5985 if (run_reset(sc) != 0) { 5986 device_printf(sc->sc_dev, "could not reset chipset\n"); 5987 goto fail; 5988 } 5989 5990 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5991 5992 /* init Tx power for all Tx rates (from EEPROM) */ 5993 for (ridx = 0; ridx < 5; ridx++) { 5994 if (sc->txpow20mhz[ridx] == 0xffffffff) 5995 continue; 5996 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5997 } 5998 5999 for (i = 0; i < nitems(rt2870_def_mac); i++) 6000 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6001 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6002 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6003 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6004 6005 if (sc->mac_ver >= 0x5390) { 6006 run_write(sc, RT2860_TX_SW_CFG0, 6007 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6008 if (sc->mac_ver >= 0x5392) { 6009 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6010 if (sc->mac_ver == 0x5592) { 6011 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6012 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6013 } else { 6014 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6015 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6016 } 6017 } 6018 } else if (sc->mac_ver == 0x3593) { 6019 run_write(sc, RT2860_TX_SW_CFG0, 6020 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6021 } else if (sc->mac_ver >= 0x3070) { 6022 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6023 run_write(sc, RT2860_TX_SW_CFG0, 6024 4 << RT2860_DLY_PAPE_EN_SHIFT); 6025 } 6026 6027 /* wait while MAC is busy */ 6028 for (ntries = 0; ntries < 100; ntries++) { 6029 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6030 goto fail; 6031 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6032 break; 6033 run_delay(sc, 10); 6034 } 6035 if (ntries == 100) 6036 goto fail; 6037 6038 /* clear Host to MCU mailbox */ 6039 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6040 run_write(sc, RT2860_H2M_MAILBOX, 0); 6041 run_delay(sc, 10); 6042 6043 if (run_bbp_init(sc) != 0) { 6044 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6045 goto fail; 6046 } 6047 6048 /* abort TSF synchronization */ 6049 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6050 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6051 RT2860_TBTT_TIMER_EN); 6052 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6053 6054 /* clear RX WCID search table */ 6055 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6056 /* clear WCID attribute table */ 6057 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6058 6059 /* hostapd sets a key before init. So, don't clear it. */ 6060 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6061 /* clear shared key table */ 6062 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6063 /* clear shared key mode */ 6064 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6065 } 6066 6067 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6068 tmp = (tmp & ~0xff) | 0x1e; 6069 run_write(sc, RT2860_US_CYC_CNT, tmp); 6070 6071 if (sc->mac_rev != 0x0101) 6072 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6073 6074 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6075 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6076 6077 /* write vendor-specific BBP values (from EEPROM) */ 6078 if (sc->mac_ver < 0x3593) { 6079 for (i = 0; i < 10; i++) { 6080 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6081 continue; 6082 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6083 } 6084 } 6085 6086 /* select Main antenna for 1T1R devices */ 6087 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6088 run_set_rx_antenna(sc, 0); 6089 6090 /* send LEDs operating mode to microcontroller */ 6091 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6092 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6093 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6094 6095 if (sc->mac_ver >= 0x5390) 6096 run_rt5390_rf_init(sc); 6097 else if (sc->mac_ver == 0x3593) 6098 run_rt3593_rf_init(sc); 6099 else if (sc->mac_ver >= 0x3070) 6100 run_rt3070_rf_init(sc); 6101 6102 /* disable non-existing Rx chains */ 6103 run_bbp_read(sc, 3, &bbp3); 6104 bbp3 &= ~(1 << 3 | 1 << 4); 6105 if (sc->nrxchains == 2) 6106 bbp3 |= 1 << 3; 6107 else if (sc->nrxchains == 3) 6108 bbp3 |= 1 << 4; 6109 run_bbp_write(sc, 3, bbp3); 6110 6111 /* disable non-existing Tx chains */ 6112 run_bbp_read(sc, 1, &bbp1); 6113 if (sc->ntxchains == 1) 6114 bbp1 &= ~(1 << 3 | 1 << 4); 6115 run_bbp_write(sc, 1, bbp1); 6116 6117 if (sc->mac_ver >= 0x5390) 6118 run_rt5390_rf_setup(sc); 6119 else if (sc->mac_ver == 0x3593) 6120 run_rt3593_rf_setup(sc); 6121 else if (sc->mac_ver >= 0x3070) 6122 run_rt3070_rf_setup(sc); 6123 6124 /* select default channel */ 6125 run_set_chan(sc, ic->ic_curchan); 6126 6127 /* setup initial protection mode */ 6128 run_updateprot_cb(ic); 6129 6130 /* turn radio LED on */ 6131 run_set_leds(sc, RT2860_LED_RADIO); 6132 6133 sc->sc_flags |= RUN_RUNNING; 6134 sc->cmdq_run = RUN_CMDQ_GO; 6135 6136 for (i = 0; i != RUN_N_XFER; i++) 6137 usbd_xfer_set_stall(sc->sc_xfer[i]); 6138 6139 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6140 6141 if (run_txrx_enable(sc) != 0) 6142 goto fail; 6143 6144 return; 6145 6146 fail: 6147 run_stop(sc); 6148 } 6149 6150 static void 6151 run_stop(void *arg) 6152 { 6153 struct run_softc *sc = (struct run_softc *)arg; 6154 uint32_t tmp; 6155 int i; 6156 int ntries; 6157 6158 RUN_LOCK_ASSERT(sc, MA_OWNED); 6159 6160 if (sc->sc_flags & RUN_RUNNING) 6161 run_set_leds(sc, 0); /* turn all LEDs off */ 6162 6163 sc->sc_flags &= ~RUN_RUNNING; 6164 6165 sc->ratectl_run = RUN_RATECTL_OFF; 6166 sc->cmdq_run = sc->cmdq_key_set; 6167 6168 RUN_UNLOCK(sc); 6169 6170 for(i = 0; i < RUN_N_XFER; i++) 6171 usbd_transfer_drain(sc->sc_xfer[i]); 6172 6173 RUN_LOCK(sc); 6174 6175 if (sc->rx_m != NULL) { 6176 m_free(sc->rx_m); 6177 sc->rx_m = NULL; 6178 } 6179 6180 /* Disable Tx/Rx DMA. */ 6181 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6182 return; 6183 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6184 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6185 6186 for (ntries = 0; ntries < 100; ntries++) { 6187 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6188 return; 6189 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6190 break; 6191 run_delay(sc, 10); 6192 } 6193 if (ntries == 100) { 6194 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6195 return; 6196 } 6197 6198 /* disable Tx/Rx */ 6199 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6200 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6201 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6202 6203 /* wait for pending Tx to complete */ 6204 for (ntries = 0; ntries < 100; ntries++) { 6205 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6206 DPRINTF("Cannot read Tx queue count\n"); 6207 break; 6208 } 6209 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6210 DPRINTF("All Tx cleared\n"); 6211 break; 6212 } 6213 run_delay(sc, 10); 6214 } 6215 if (ntries >= 100) 6216 DPRINTF("There are still pending Tx\n"); 6217 run_delay(sc, 10); 6218 run_write(sc, RT2860_USB_DMA_CFG, 0); 6219 6220 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6221 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6222 6223 for (i = 0; i != RUN_EP_QUEUES; i++) 6224 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6225 } 6226 6227 static void 6228 run_delay(struct run_softc *sc, u_int ms) 6229 { 6230 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6231 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6232 } 6233 6234 static device_method_t run_methods[] = { 6235 /* Device interface */ 6236 DEVMETHOD(device_probe, run_match), 6237 DEVMETHOD(device_attach, run_attach), 6238 DEVMETHOD(device_detach, run_detach), 6239 DEVMETHOD_END 6240 }; 6241 6242 static driver_t run_driver = { 6243 .name = "run", 6244 .methods = run_methods, 6245 .size = sizeof(struct run_softc) 6246 }; 6247 6248 static devclass_t run_devclass; 6249 6250 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6251 MODULE_DEPEND(run, wlan, 1, 1, 1); 6252 MODULE_DEPEND(run, usb, 1, 1, 1); 6253 MODULE_DEPEND(run, firmware, 1, 1, 1); 6254 MODULE_VERSION(run, 1); 6255