1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/eventhandler.h> 32 #include <sys/sockio.h> 33 #include <sys/sysctl.h> 34 #include <sys/lock.h> 35 #include <sys/mutex.h> 36 #include <sys/mbuf.h> 37 #include <sys/kernel.h> 38 #include <sys/socket.h> 39 #include <sys/systm.h> 40 #include <sys/malloc.h> 41 #include <sys/module.h> 42 #include <sys/bus.h> 43 #include <sys/endian.h> 44 #include <sys/linker.h> 45 #include <sys/firmware.h> 46 #include <sys/kdb.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_var.h> 51 #include <net/if_arp.h> 52 #include <net/ethernet.h> 53 #include <net/if_dl.h> 54 #include <net/if_media.h> 55 #include <net/if_types.h> 56 57 #include <netinet/in.h> 58 #include <netinet/in_systm.h> 59 #include <netinet/in_var.h> 60 #include <netinet/if_ether.h> 61 #include <netinet/ip.h> 62 63 #include <net80211/ieee80211_var.h> 64 #include <net80211/ieee80211_regdomain.h> 65 #include <net80211/ieee80211_radiotap.h> 66 #include <net80211/ieee80211_ratectl.h> 67 68 #include <dev/usb/usb.h> 69 #include <dev/usb/usbdi.h> 70 #include "usbdevs.h" 71 72 #define USB_DEBUG_VAR run_debug 73 #include <dev/usb/usb_debug.h> 74 #include <dev/usb/usb_msctest.h> 75 76 #include <dev/usb/wlan/if_runreg.h> 77 #include <dev/usb/wlan/if_runvar.h> 78 79 #ifdef USB_DEBUG 80 #define RUN_DEBUG 81 #endif 82 83 #ifdef RUN_DEBUG 84 int run_debug = 0; 85 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 86 "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 90 enum { 91 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 92 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 93 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 94 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 95 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 96 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 97 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 98 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 99 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 100 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 101 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 102 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 103 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 104 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 105 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 106 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 107 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 108 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 109 RUN_DEBUG_ANY = 0xffffffff 110 }; 111 112 #define RUN_DPRINTF(_sc, _m, ...) do { \ 113 if (run_debug & (_m)) \ 114 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 115 } while(0) 116 #else 117 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 118 #endif 119 120 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 121 122 /* 123 * Because of LOR in run_key_delete(), use atomic instead. 124 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 125 */ 126 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 127 128 static const STRUCT_USB_HOST_ID run_devs[] = { 129 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 130 #define RUN_DEV_EJECT(v,p) \ 131 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 132 #define RUN_EJECT 1 133 RUN_DEV(ABOCOM, RT2770), 134 RUN_DEV(ABOCOM, RT2870), 135 RUN_DEV(ABOCOM, RT3070), 136 RUN_DEV(ABOCOM, RT3071), 137 RUN_DEV(ABOCOM, RT3072), 138 RUN_DEV(ABOCOM2, RT2870_1), 139 RUN_DEV(ACCTON, RT2770), 140 RUN_DEV(ACCTON, RT2870_1), 141 RUN_DEV(ACCTON, RT2870_2), 142 RUN_DEV(ACCTON, RT2870_3), 143 RUN_DEV(ACCTON, RT2870_4), 144 RUN_DEV(ACCTON, RT2870_5), 145 RUN_DEV(ACCTON, RT3070), 146 RUN_DEV(ACCTON, RT3070_1), 147 RUN_DEV(ACCTON, RT3070_2), 148 RUN_DEV(ACCTON, RT3070_3), 149 RUN_DEV(ACCTON, RT3070_4), 150 RUN_DEV(ACCTON, RT3070_5), 151 RUN_DEV(AIRTIES, RT3070), 152 RUN_DEV(ALLWIN, RT2070), 153 RUN_DEV(ALLWIN, RT2770), 154 RUN_DEV(ALLWIN, RT2870), 155 RUN_DEV(ALLWIN, RT3070), 156 RUN_DEV(ALLWIN, RT3071), 157 RUN_DEV(ALLWIN, RT3072), 158 RUN_DEV(ALLWIN, RT3572), 159 RUN_DEV(AMIGO, RT2870_1), 160 RUN_DEV(AMIGO, RT2870_2), 161 RUN_DEV(AMIT, CGWLUSB2GNR), 162 RUN_DEV(AMIT, RT2870_1), 163 RUN_DEV(AMIT2, RT2870), 164 RUN_DEV(ASUS, RT2870_1), 165 RUN_DEV(ASUS, RT2870_2), 166 RUN_DEV(ASUS, RT2870_3), 167 RUN_DEV(ASUS, RT2870_4), 168 RUN_DEV(ASUS, RT2870_5), 169 RUN_DEV(ASUS, USBN13), 170 RUN_DEV(ASUS, RT3070_1), 171 RUN_DEV(ASUS, USBN66), 172 RUN_DEV(ASUS, USB_N53), 173 RUN_DEV(ASUS2, USBN11), 174 RUN_DEV(AZUREWAVE, RT2870_1), 175 RUN_DEV(AZUREWAVE, RT2870_2), 176 RUN_DEV(AZUREWAVE, RT3070_1), 177 RUN_DEV(AZUREWAVE, RT3070_2), 178 RUN_DEV(AZUREWAVE, RT3070_3), 179 RUN_DEV(BELKIN, F9L1103), 180 RUN_DEV(BELKIN, F5D8053V3), 181 RUN_DEV(BELKIN, F5D8055), 182 RUN_DEV(BELKIN, F5D8055V2), 183 RUN_DEV(BELKIN, F6D4050V1), 184 RUN_DEV(BELKIN, F6D4050V2), 185 RUN_DEV(BELKIN, RT2870_1), 186 RUN_DEV(BELKIN, RT2870_2), 187 RUN_DEV(CISCOLINKSYS, AE1000), 188 RUN_DEV(CISCOLINKSYS2, RT3070), 189 RUN_DEV(CISCOLINKSYS3, RT3070), 190 RUN_DEV(CONCEPTRONIC2, RT2870_1), 191 RUN_DEV(CONCEPTRONIC2, RT2870_2), 192 RUN_DEV(CONCEPTRONIC2, RT2870_3), 193 RUN_DEV(CONCEPTRONIC2, RT2870_4), 194 RUN_DEV(CONCEPTRONIC2, RT2870_5), 195 RUN_DEV(CONCEPTRONIC2, RT2870_6), 196 RUN_DEV(CONCEPTRONIC2, RT2870_7), 197 RUN_DEV(CONCEPTRONIC2, RT2870_8), 198 RUN_DEV(CONCEPTRONIC2, RT3070_1), 199 RUN_DEV(CONCEPTRONIC2, RT3070_2), 200 RUN_DEV(CONCEPTRONIC2, VIGORN61), 201 RUN_DEV(COREGA, CGWLUSB300GNM), 202 RUN_DEV(COREGA, RT2870_1), 203 RUN_DEV(COREGA, RT2870_2), 204 RUN_DEV(COREGA, RT2870_3), 205 RUN_DEV(COREGA, RT3070), 206 RUN_DEV(CYBERTAN, RT2870), 207 RUN_DEV(DLINK, RT2870), 208 RUN_DEV(DLINK, RT3072), 209 RUN_DEV(DLINK, DWA125A3), 210 RUN_DEV(DLINK, DWA127), 211 RUN_DEV(DLINK, DWA140B3), 212 RUN_DEV(DLINK, DWA160B2), 213 RUN_DEV(DLINK, DWA140D1), 214 RUN_DEV(DLINK, DWA162), 215 RUN_DEV(DLINK2, DWA130), 216 RUN_DEV(DLINK2, RT2870_1), 217 RUN_DEV(DLINK2, RT2870_2), 218 RUN_DEV(DLINK2, RT3070_1), 219 RUN_DEV(DLINK2, RT3070_2), 220 RUN_DEV(DLINK2, RT3070_3), 221 RUN_DEV(DLINK2, RT3070_4), 222 RUN_DEV(DLINK2, RT3070_5), 223 RUN_DEV(DLINK2, RT3072), 224 RUN_DEV(DLINK2, RT3072_1), 225 RUN_DEV(EDIMAX, EW7717), 226 RUN_DEV(EDIMAX, EW7718), 227 RUN_DEV(EDIMAX, EW7733UND), 228 RUN_DEV(EDIMAX, RT2870_1), 229 RUN_DEV(ENCORE, RT3070_1), 230 RUN_DEV(ENCORE, RT3070_2), 231 RUN_DEV(ENCORE, RT3070_3), 232 RUN_DEV(GIGABYTE, GNWB31N), 233 RUN_DEV(GIGABYTE, GNWB32L), 234 RUN_DEV(GIGABYTE, RT2870_1), 235 RUN_DEV(GIGASET, RT3070_1), 236 RUN_DEV(GIGASET, RT3070_2), 237 RUN_DEV(GUILLEMOT, HWNU300), 238 RUN_DEV(HAWKING, HWUN2), 239 RUN_DEV(HAWKING, RT2870_1), 240 RUN_DEV(HAWKING, RT2870_2), 241 RUN_DEV(HAWKING, RT3070), 242 RUN_DEV(IODATA, RT3072_1), 243 RUN_DEV(IODATA, RT3072_2), 244 RUN_DEV(IODATA, RT3072_3), 245 RUN_DEV(IODATA, RT3072_4), 246 RUN_DEV(LINKSYS4, RT3070), 247 RUN_DEV(LINKSYS4, WUSB100), 248 RUN_DEV(LINKSYS4, WUSB54GCV3), 249 RUN_DEV(LINKSYS4, WUSB600N), 250 RUN_DEV(LINKSYS4, WUSB600NV2), 251 RUN_DEV(LOGITEC, RT2870_1), 252 RUN_DEV(LOGITEC, RT2870_2), 253 RUN_DEV(LOGITEC, RT2870_3), 254 RUN_DEV(LOGITEC, LANW300NU2), 255 RUN_DEV(LOGITEC, LANW150NU2), 256 RUN_DEV(LOGITEC, LANW300NU2S), 257 RUN_DEV(MELCO, WLIUCG300HP), 258 RUN_DEV(MELCO, RT2870_2), 259 RUN_DEV(MELCO, WLIUCAG300N), 260 RUN_DEV(MELCO, WLIUCG300N), 261 RUN_DEV(MELCO, WLIUCG301N), 262 RUN_DEV(MELCO, WLIUCGN), 263 RUN_DEV(MELCO, WLIUCGNM), 264 RUN_DEV(MELCO, WLIUCG300HPV1), 265 RUN_DEV(MELCO, WLIUCGNM2), 266 RUN_DEV(MOTOROLA4, RT2770), 267 RUN_DEV(MOTOROLA4, RT3070), 268 RUN_DEV(MSI, RT3070_1), 269 RUN_DEV(MSI, RT3070_2), 270 RUN_DEV(MSI, RT3070_3), 271 RUN_DEV(MSI, RT3070_4), 272 RUN_DEV(MSI, RT3070_5), 273 RUN_DEV(MSI, RT3070_6), 274 RUN_DEV(MSI, RT3070_7), 275 RUN_DEV(MSI, RT3070_8), 276 RUN_DEV(MSI, RT3070_9), 277 RUN_DEV(MSI, RT3070_10), 278 RUN_DEV(MSI, RT3070_11), 279 RUN_DEV(NETGEAR, WNDA4100), 280 RUN_DEV(OVISLINK, RT3072), 281 RUN_DEV(PARA, RT3070), 282 RUN_DEV(PEGATRON, RT2870), 283 RUN_DEV(PEGATRON, RT3070), 284 RUN_DEV(PEGATRON, RT3070_2), 285 RUN_DEV(PEGATRON, RT3070_3), 286 RUN_DEV(PHILIPS, RT2870), 287 RUN_DEV(PLANEX2, GWUS300MINIS), 288 RUN_DEV(PLANEX2, GWUSMICRON), 289 RUN_DEV(PLANEX2, RT2870), 290 RUN_DEV(PLANEX2, RT3070), 291 RUN_DEV(QCOM, RT2870), 292 RUN_DEV(QUANTA, RT3070), 293 RUN_DEV(RALINK, RT2070), 294 RUN_DEV(RALINK, RT2770), 295 RUN_DEV(RALINK, RT2870), 296 RUN_DEV(RALINK, RT3070), 297 RUN_DEV(RALINK, RT3071), 298 RUN_DEV(RALINK, RT3072), 299 RUN_DEV(RALINK, RT3370), 300 RUN_DEV(RALINK, RT3572), 301 RUN_DEV(RALINK, RT3573), 302 RUN_DEV(RALINK, RT5370), 303 RUN_DEV(RALINK, RT5372), 304 RUN_DEV(RALINK, RT5572), 305 RUN_DEV(RALINK, RT8070), 306 RUN_DEV(SAMSUNG, WIS09ABGN), 307 RUN_DEV(SAMSUNG2, RT2870_1), 308 RUN_DEV(SENAO, RT2870_1), 309 RUN_DEV(SENAO, RT2870_2), 310 RUN_DEV(SENAO, RT2870_3), 311 RUN_DEV(SENAO, RT2870_4), 312 RUN_DEV(SENAO, RT3070), 313 RUN_DEV(SENAO, RT3071), 314 RUN_DEV(SENAO, RT3072_1), 315 RUN_DEV(SENAO, RT3072_2), 316 RUN_DEV(SENAO, RT3072_3), 317 RUN_DEV(SENAO, RT3072_4), 318 RUN_DEV(SENAO, RT3072_5), 319 RUN_DEV(SITECOMEU, RT2770), 320 RUN_DEV(SITECOMEU, RT2870_1), 321 RUN_DEV(SITECOMEU, RT2870_2), 322 RUN_DEV(SITECOMEU, RT2870_3), 323 RUN_DEV(SITECOMEU, RT2870_4), 324 RUN_DEV(SITECOMEU, RT3070), 325 RUN_DEV(SITECOMEU, RT3070_2), 326 RUN_DEV(SITECOMEU, RT3070_3), 327 RUN_DEV(SITECOMEU, RT3070_4), 328 RUN_DEV(SITECOMEU, RT3071), 329 RUN_DEV(SITECOMEU, RT3072_1), 330 RUN_DEV(SITECOMEU, RT3072_2), 331 RUN_DEV(SITECOMEU, RT3072_3), 332 RUN_DEV(SITECOMEU, RT3072_4), 333 RUN_DEV(SITECOMEU, RT3072_5), 334 RUN_DEV(SITECOMEU, RT3072_6), 335 RUN_DEV(SITECOMEU, WL608), 336 RUN_DEV(SPARKLAN, RT2870_1), 337 RUN_DEV(SPARKLAN, RT3070), 338 RUN_DEV(SWEEX2, LW153), 339 RUN_DEV(SWEEX2, LW303), 340 RUN_DEV(SWEEX2, LW313), 341 RUN_DEV(TOSHIBA, RT3070), 342 RUN_DEV(UMEDIA, RT2870_1), 343 RUN_DEV(ZCOM, RT2870_1), 344 RUN_DEV(ZCOM, RT2870_2), 345 RUN_DEV(ZINWELL, RT2870_1), 346 RUN_DEV(ZINWELL, RT2870_2), 347 RUN_DEV(ZINWELL, RT3070), 348 RUN_DEV(ZINWELL, RT3072_1), 349 RUN_DEV(ZINWELL, RT3072_2), 350 RUN_DEV(ZYXEL, RT2870_1), 351 RUN_DEV(ZYXEL, RT2870_2), 352 RUN_DEV(ZYXEL, RT3070), 353 RUN_DEV_EJECT(ZYXEL, NWD2705), 354 RUN_DEV_EJECT(RALINK, RT_STOR), 355 #undef RUN_DEV_EJECT 356 #undef RUN_DEV 357 }; 358 359 static device_probe_t run_match; 360 static device_attach_t run_attach; 361 static device_detach_t run_detach; 362 363 static usb_callback_t run_bulk_rx_callback; 364 static usb_callback_t run_bulk_tx_callback0; 365 static usb_callback_t run_bulk_tx_callback1; 366 static usb_callback_t run_bulk_tx_callback2; 367 static usb_callback_t run_bulk_tx_callback3; 368 static usb_callback_t run_bulk_tx_callback4; 369 static usb_callback_t run_bulk_tx_callback5; 370 371 static void run_autoinst(void *, struct usb_device *, 372 struct usb_attach_arg *); 373 static int run_driver_loaded(struct module *, int, void *); 374 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 375 usb_error_t error, u_int index); 376 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 377 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 378 const uint8_t [IEEE80211_ADDR_LEN], 379 const uint8_t [IEEE80211_ADDR_LEN]); 380 static void run_vap_delete(struct ieee80211vap *); 381 static void run_cmdq_cb(void *, int); 382 static void run_setup_tx_list(struct run_softc *, 383 struct run_endpoint_queue *); 384 static void run_unsetup_tx_list(struct run_softc *, 385 struct run_endpoint_queue *); 386 static int run_load_microcode(struct run_softc *); 387 static int run_reset(struct run_softc *); 388 static usb_error_t run_do_request(struct run_softc *, 389 struct usb_device_request *, void *); 390 static int run_read(struct run_softc *, uint16_t, uint32_t *); 391 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 392 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 393 static int run_write(struct run_softc *, uint16_t, uint32_t); 394 static int run_write_region_1(struct run_softc *, uint16_t, 395 const uint8_t *, int); 396 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 397 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 398 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 399 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 400 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 401 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 402 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 403 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 404 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 405 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 406 static const char *run_get_rf(uint16_t); 407 static void run_rt3593_get_txpower(struct run_softc *); 408 static void run_get_txpower(struct run_softc *); 409 static int run_read_eeprom(struct run_softc *); 410 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 411 const uint8_t mac[IEEE80211_ADDR_LEN]); 412 static int run_media_change(struct ifnet *); 413 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 414 static int run_wme_update(struct ieee80211com *); 415 static void run_key_set_cb(void *); 416 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 417 static void run_key_delete_cb(void *); 418 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 419 static void run_ratectl_to(void *); 420 static void run_ratectl_cb(void *, int); 421 static void run_drain_fifo(void *); 422 static void run_iter_func(void *, struct ieee80211_node *); 423 static void run_newassoc_cb(void *); 424 static void run_newassoc(struct ieee80211_node *, int); 425 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 426 const struct ieee80211_rx_stats *, int, int); 427 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 428 static void run_tx_free(struct run_endpoint_queue *pq, 429 struct run_tx_data *, int); 430 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 431 static int run_tx(struct run_softc *, struct mbuf *, 432 struct ieee80211_node *); 433 static int run_tx_mgt(struct run_softc *, struct mbuf *, 434 struct ieee80211_node *); 435 static int run_sendprot(struct run_softc *, const struct mbuf *, 436 struct ieee80211_node *, int, int); 437 static int run_tx_param(struct run_softc *, struct mbuf *, 438 struct ieee80211_node *, 439 const struct ieee80211_bpf_params *); 440 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 441 const struct ieee80211_bpf_params *); 442 static int run_transmit(struct ieee80211com *, struct mbuf *); 443 static void run_start(struct run_softc *); 444 static void run_parent(struct ieee80211com *); 445 static void run_iq_calib(struct run_softc *, u_int); 446 static void run_set_agc(struct run_softc *, uint8_t); 447 static void run_select_chan_group(struct run_softc *, int); 448 static void run_set_rx_antenna(struct run_softc *, int); 449 static void run_rt2870_set_chan(struct run_softc *, u_int); 450 static void run_rt3070_set_chan(struct run_softc *, u_int); 451 static void run_rt3572_set_chan(struct run_softc *, u_int); 452 static void run_rt3593_set_chan(struct run_softc *, u_int); 453 static void run_rt5390_set_chan(struct run_softc *, u_int); 454 static void run_rt5592_set_chan(struct run_softc *, u_int); 455 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 456 static void run_set_channel(struct ieee80211com *); 457 static void run_getradiocaps(struct ieee80211com *, int, int *, 458 struct ieee80211_channel[]); 459 static void run_scan_start(struct ieee80211com *); 460 static void run_scan_end(struct ieee80211com *); 461 static void run_update_beacon(struct ieee80211vap *, int); 462 static void run_update_beacon_cb(void *); 463 static void run_updateprot(struct ieee80211com *); 464 static void run_updateprot_cb(void *); 465 static void run_usb_timeout_cb(void *); 466 static void run_reset_livelock(struct run_softc *); 467 static void run_enable_tsf_sync(struct run_softc *); 468 static void run_enable_tsf(struct run_softc *); 469 static void run_disable_tsf(struct run_softc *); 470 static void run_get_tsf(struct run_softc *, uint64_t *); 471 static void run_enable_mrr(struct run_softc *); 472 static void run_set_txpreamble(struct run_softc *); 473 static void run_set_basicrates(struct run_softc *); 474 static void run_set_leds(struct run_softc *, uint16_t); 475 static void run_set_bssid(struct run_softc *, const uint8_t *); 476 static void run_set_macaddr(struct run_softc *, const uint8_t *); 477 static void run_updateslot(struct ieee80211com *); 478 static void run_updateslot_cb(void *); 479 static void run_update_mcast(struct ieee80211com *); 480 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 481 static void run_update_promisc_locked(struct run_softc *); 482 static void run_update_promisc(struct ieee80211com *); 483 static void run_rt5390_bbp_init(struct run_softc *); 484 static int run_bbp_init(struct run_softc *); 485 static int run_rt3070_rf_init(struct run_softc *); 486 static void run_rt3593_rf_init(struct run_softc *); 487 static void run_rt5390_rf_init(struct run_softc *); 488 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 489 uint8_t *); 490 static void run_rt3070_rf_setup(struct run_softc *); 491 static void run_rt3593_rf_setup(struct run_softc *); 492 static void run_rt5390_rf_setup(struct run_softc *); 493 static int run_txrx_enable(struct run_softc *); 494 static void run_adjust_freq_offset(struct run_softc *); 495 static void run_init_locked(struct run_softc *); 496 static void run_stop(void *); 497 static void run_delay(struct run_softc *, u_int); 498 499 static eventhandler_tag run_etag; 500 501 static const struct rt2860_rate { 502 uint8_t rate; 503 uint8_t mcs; 504 enum ieee80211_phytype phy; 505 uint8_t ctl_ridx; 506 uint16_t sp_ack_dur; 507 uint16_t lp_ack_dur; 508 } rt2860_rates[] = { 509 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 510 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 511 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 512 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 513 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 514 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 515 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 516 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 517 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 518 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 519 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 520 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 521 }; 522 523 static const struct { 524 uint16_t reg; 525 uint32_t val; 526 } rt2870_def_mac[] = { 527 RT2870_DEF_MAC 528 }; 529 530 static const struct { 531 uint8_t reg; 532 uint8_t val; 533 } rt2860_def_bbp[] = { 534 RT2860_DEF_BBP 535 },rt5390_def_bbp[] = { 536 RT5390_DEF_BBP 537 },rt5592_def_bbp[] = { 538 RT5592_DEF_BBP 539 }; 540 541 /* 542 * Default values for BBP register R196 for RT5592. 543 */ 544 static const uint8_t rt5592_bbp_r196[] = { 545 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 546 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 547 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 548 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 549 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 550 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 551 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 552 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 553 0x2e, 0x36, 0x30, 0x6e 554 }; 555 556 static const struct rfprog { 557 uint8_t chan; 558 uint32_t r1, r2, r3, r4; 559 } rt2860_rf2850[] = { 560 RT2860_RF2850 561 }; 562 563 struct { 564 uint8_t n, r, k; 565 } rt3070_freqs[] = { 566 RT3070_RF3052 567 }; 568 569 static const struct rt5592_freqs { 570 uint16_t n; 571 uint8_t k, m, r; 572 } rt5592_freqs_20mhz[] = { 573 RT5592_RF5592_20MHZ 574 },rt5592_freqs_40mhz[] = { 575 RT5592_RF5592_40MHZ 576 }; 577 578 static const struct { 579 uint8_t reg; 580 uint8_t val; 581 } rt3070_def_rf[] = { 582 RT3070_DEF_RF 583 },rt3572_def_rf[] = { 584 RT3572_DEF_RF 585 },rt3593_def_rf[] = { 586 RT3593_DEF_RF 587 },rt5390_def_rf[] = { 588 RT5390_DEF_RF 589 },rt5392_def_rf[] = { 590 RT5392_DEF_RF 591 },rt5592_def_rf[] = { 592 RT5592_DEF_RF 593 },rt5592_2ghz_def_rf[] = { 594 RT5592_2GHZ_DEF_RF 595 },rt5592_5ghz_def_rf[] = { 596 RT5592_5GHZ_DEF_RF 597 }; 598 599 static const struct { 600 u_int firstchan; 601 u_int lastchan; 602 uint8_t reg; 603 uint8_t val; 604 } rt5592_chan_5ghz[] = { 605 RT5592_CHAN_5GHZ 606 }; 607 608 static const struct usb_config run_config[RUN_N_XFER] = { 609 [RUN_BULK_TX_BE] = { 610 .type = UE_BULK, 611 .endpoint = UE_ADDR_ANY, 612 .ep_index = 0, 613 .direction = UE_DIR_OUT, 614 .bufsize = RUN_MAX_TXSZ, 615 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 616 .callback = run_bulk_tx_callback0, 617 .timeout = 5000, /* ms */ 618 }, 619 [RUN_BULK_TX_BK] = { 620 .type = UE_BULK, 621 .endpoint = UE_ADDR_ANY, 622 .direction = UE_DIR_OUT, 623 .ep_index = 1, 624 .bufsize = RUN_MAX_TXSZ, 625 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 626 .callback = run_bulk_tx_callback1, 627 .timeout = 5000, /* ms */ 628 }, 629 [RUN_BULK_TX_VI] = { 630 .type = UE_BULK, 631 .endpoint = UE_ADDR_ANY, 632 .direction = UE_DIR_OUT, 633 .ep_index = 2, 634 .bufsize = RUN_MAX_TXSZ, 635 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 636 .callback = run_bulk_tx_callback2, 637 .timeout = 5000, /* ms */ 638 }, 639 [RUN_BULK_TX_VO] = { 640 .type = UE_BULK, 641 .endpoint = UE_ADDR_ANY, 642 .direction = UE_DIR_OUT, 643 .ep_index = 3, 644 .bufsize = RUN_MAX_TXSZ, 645 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 646 .callback = run_bulk_tx_callback3, 647 .timeout = 5000, /* ms */ 648 }, 649 [RUN_BULK_TX_HCCA] = { 650 .type = UE_BULK, 651 .endpoint = UE_ADDR_ANY, 652 .direction = UE_DIR_OUT, 653 .ep_index = 4, 654 .bufsize = RUN_MAX_TXSZ, 655 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 656 .callback = run_bulk_tx_callback4, 657 .timeout = 5000, /* ms */ 658 }, 659 [RUN_BULK_TX_PRIO] = { 660 .type = UE_BULK, 661 .endpoint = UE_ADDR_ANY, 662 .direction = UE_DIR_OUT, 663 .ep_index = 5, 664 .bufsize = RUN_MAX_TXSZ, 665 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 666 .callback = run_bulk_tx_callback5, 667 .timeout = 5000, /* ms */ 668 }, 669 [RUN_BULK_RX] = { 670 .type = UE_BULK, 671 .endpoint = UE_ADDR_ANY, 672 .direction = UE_DIR_IN, 673 .bufsize = RUN_MAX_RXSZ, 674 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 675 .callback = run_bulk_rx_callback, 676 } 677 }; 678 679 static void 680 run_autoinst(void *arg, struct usb_device *udev, 681 struct usb_attach_arg *uaa) 682 { 683 struct usb_interface *iface; 684 struct usb_interface_descriptor *id; 685 686 if (uaa->dev_state != UAA_DEV_READY) 687 return; 688 689 iface = usbd_get_iface(udev, 0); 690 if (iface == NULL) 691 return; 692 id = iface->idesc; 693 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 694 return; 695 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 696 return; 697 698 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 699 uaa->dev_state = UAA_DEV_EJECTING; 700 } 701 702 static int 703 run_driver_loaded(struct module *mod, int what, void *arg) 704 { 705 switch (what) { 706 case MOD_LOAD: 707 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 708 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 709 break; 710 case MOD_UNLOAD: 711 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 712 break; 713 default: 714 return (EOPNOTSUPP); 715 } 716 return (0); 717 } 718 719 static int 720 run_match(device_t self) 721 { 722 struct usb_attach_arg *uaa = device_get_ivars(self); 723 724 if (uaa->usb_mode != USB_MODE_HOST) 725 return (ENXIO); 726 if (uaa->info.bConfigIndex != 0) 727 return (ENXIO); 728 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 729 return (ENXIO); 730 731 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 732 } 733 734 static int 735 run_attach(device_t self) 736 { 737 struct run_softc *sc = device_get_softc(self); 738 struct usb_attach_arg *uaa = device_get_ivars(self); 739 struct ieee80211com *ic = &sc->sc_ic; 740 uint32_t ver; 741 uint8_t iface_index; 742 int ntries, error; 743 744 device_set_usb_desc(self); 745 sc->sc_udev = uaa->device; 746 sc->sc_dev = self; 747 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 748 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 749 750 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 751 MTX_NETWORK_LOCK, MTX_DEF); 752 mbufq_init(&sc->sc_snd, ifqmaxlen); 753 754 iface_index = RT2860_IFACE_INDEX; 755 756 error = usbd_transfer_setup(uaa->device, &iface_index, 757 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 758 if (error) { 759 device_printf(self, "could not allocate USB transfers, " 760 "err=%s\n", usbd_errstr(error)); 761 goto detach; 762 } 763 764 RUN_LOCK(sc); 765 766 /* wait for the chip to settle */ 767 for (ntries = 0; ntries < 100; ntries++) { 768 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 769 RUN_UNLOCK(sc); 770 goto detach; 771 } 772 if (ver != 0 && ver != 0xffffffff) 773 break; 774 run_delay(sc, 10); 775 } 776 if (ntries == 100) { 777 device_printf(sc->sc_dev, 778 "timeout waiting for NIC to initialize\n"); 779 RUN_UNLOCK(sc); 780 goto detach; 781 } 782 sc->mac_ver = ver >> 16; 783 sc->mac_rev = ver & 0xffff; 784 785 /* retrieve RF rev. no and various other things from EEPROM */ 786 run_read_eeprom(sc); 787 788 device_printf(sc->sc_dev, 789 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 790 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 791 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 792 793 RUN_UNLOCK(sc); 794 795 ic->ic_softc = sc; 796 ic->ic_name = device_get_nameunit(self); 797 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 798 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 799 800 /* set device capabilities */ 801 ic->ic_caps = 802 IEEE80211_C_STA | /* station mode supported */ 803 IEEE80211_C_MONITOR | /* monitor mode supported */ 804 IEEE80211_C_IBSS | 805 IEEE80211_C_HOSTAP | 806 IEEE80211_C_WDS | /* 4-address traffic works */ 807 IEEE80211_C_MBSS | 808 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 809 IEEE80211_C_SHSLOT | /* short slot time supported */ 810 IEEE80211_C_WME | /* WME */ 811 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 812 813 ic->ic_cryptocaps = 814 IEEE80211_CRYPTO_WEP | 815 IEEE80211_CRYPTO_AES_CCM | 816 IEEE80211_CRYPTO_TKIPMIC | 817 IEEE80211_CRYPTO_TKIP; 818 819 ic->ic_flags |= IEEE80211_F_DATAPAD; 820 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 821 822 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 823 ic->ic_channels); 824 825 ieee80211_ifattach(ic); 826 827 ic->ic_scan_start = run_scan_start; 828 ic->ic_scan_end = run_scan_end; 829 ic->ic_set_channel = run_set_channel; 830 ic->ic_getradiocaps = run_getradiocaps; 831 ic->ic_node_alloc = run_node_alloc; 832 ic->ic_newassoc = run_newassoc; 833 ic->ic_updateslot = run_updateslot; 834 ic->ic_update_mcast = run_update_mcast; 835 ic->ic_wme.wme_update = run_wme_update; 836 ic->ic_raw_xmit = run_raw_xmit; 837 ic->ic_update_promisc = run_update_promisc; 838 ic->ic_vap_create = run_vap_create; 839 ic->ic_vap_delete = run_vap_delete; 840 ic->ic_transmit = run_transmit; 841 ic->ic_parent = run_parent; 842 843 ieee80211_radiotap_attach(ic, 844 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 845 RUN_TX_RADIOTAP_PRESENT, 846 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 847 RUN_RX_RADIOTAP_PRESENT); 848 849 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 850 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 851 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 852 853 if (bootverbose) 854 ieee80211_announce(ic); 855 856 return (0); 857 858 detach: 859 run_detach(self); 860 return (ENXIO); 861 } 862 863 static void 864 run_drain_mbufq(struct run_softc *sc) 865 { 866 struct mbuf *m; 867 struct ieee80211_node *ni; 868 869 RUN_LOCK_ASSERT(sc, MA_OWNED); 870 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 871 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 872 m->m_pkthdr.rcvif = NULL; 873 ieee80211_free_node(ni); 874 m_freem(m); 875 } 876 } 877 878 static int 879 run_detach(device_t self) 880 { 881 struct run_softc *sc = device_get_softc(self); 882 struct ieee80211com *ic = &sc->sc_ic; 883 int i; 884 885 RUN_LOCK(sc); 886 sc->sc_detached = 1; 887 RUN_UNLOCK(sc); 888 889 /* stop all USB transfers */ 890 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 891 892 RUN_LOCK(sc); 893 sc->ratectl_run = RUN_RATECTL_OFF; 894 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 895 896 /* free TX list, if any */ 897 for (i = 0; i != RUN_EP_QUEUES; i++) 898 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 899 900 /* Free TX queue */ 901 run_drain_mbufq(sc); 902 RUN_UNLOCK(sc); 903 904 if (sc->sc_ic.ic_softc == sc) { 905 /* drain tasks */ 906 usb_callout_drain(&sc->ratectl_ch); 907 ieee80211_draintask(ic, &sc->cmdq_task); 908 ieee80211_draintask(ic, &sc->ratectl_task); 909 ieee80211_ifdetach(ic); 910 } 911 912 mtx_destroy(&sc->sc_mtx); 913 914 return (0); 915 } 916 917 static struct ieee80211vap * 918 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 919 enum ieee80211_opmode opmode, int flags, 920 const uint8_t bssid[IEEE80211_ADDR_LEN], 921 const uint8_t mac[IEEE80211_ADDR_LEN]) 922 { 923 struct run_softc *sc = ic->ic_softc; 924 struct run_vap *rvp; 925 struct ieee80211vap *vap; 926 int i; 927 928 if (sc->rvp_cnt >= RUN_VAP_MAX) { 929 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 930 return (NULL); 931 } 932 933 switch (opmode) { 934 case IEEE80211_M_STA: 935 /* enable s/w bmiss handling for sta mode */ 936 flags |= IEEE80211_CLONE_NOBEACONS; 937 /* fall though */ 938 case IEEE80211_M_IBSS: 939 case IEEE80211_M_MONITOR: 940 case IEEE80211_M_HOSTAP: 941 case IEEE80211_M_MBSS: 942 /* other than WDS vaps, only one at a time */ 943 if (!TAILQ_EMPTY(&ic->ic_vaps)) 944 return (NULL); 945 break; 946 case IEEE80211_M_WDS: 947 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 948 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 949 continue; 950 /* WDS vap's always share the local mac address. */ 951 flags &= ~IEEE80211_CLONE_BSSID; 952 break; 953 } 954 if (vap == NULL) { 955 device_printf(sc->sc_dev, 956 "wds only supported in ap mode\n"); 957 return (NULL); 958 } 959 break; 960 default: 961 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 962 return (NULL); 963 } 964 965 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 966 vap = &rvp->vap; 967 968 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 969 bssid) != 0) { 970 /* out of memory */ 971 free(rvp, M_80211_VAP); 972 return (NULL); 973 } 974 975 vap->iv_update_beacon = run_update_beacon; 976 vap->iv_max_aid = RT2870_WCID_MAX; 977 /* 978 * To delete the right key from h/w, we need wcid. 979 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 980 * and matching wcid will be written into there. So, cast 981 * some spells to remove 'const' from ieee80211_key{} 982 */ 983 vap->iv_key_delete = (void *)run_key_delete; 984 vap->iv_key_set = (void *)run_key_set; 985 986 /* override state transition machine */ 987 rvp->newstate = vap->iv_newstate; 988 vap->iv_newstate = run_newstate; 989 if (opmode == IEEE80211_M_IBSS) { 990 rvp->recv_mgmt = vap->iv_recv_mgmt; 991 vap->iv_recv_mgmt = run_recv_mgmt; 992 } 993 994 ieee80211_ratectl_init(vap); 995 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 996 997 /* complete setup */ 998 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 999 mac); 1000 1001 /* make sure id is always unique */ 1002 for (i = 0; i < RUN_VAP_MAX; i++) { 1003 if((sc->rvp_bmap & 1 << i) == 0){ 1004 sc->rvp_bmap |= 1 << i; 1005 rvp->rvp_id = i; 1006 break; 1007 } 1008 } 1009 if (sc->rvp_cnt++ == 0) 1010 ic->ic_opmode = opmode; 1011 1012 if (opmode == IEEE80211_M_HOSTAP) 1013 sc->cmdq_run = RUN_CMDQ_GO; 1014 1015 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1016 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1017 1018 return (vap); 1019 } 1020 1021 static void 1022 run_vap_delete(struct ieee80211vap *vap) 1023 { 1024 struct run_vap *rvp = RUN_VAP(vap); 1025 struct ieee80211com *ic; 1026 struct run_softc *sc; 1027 uint8_t rvp_id; 1028 1029 if (vap == NULL) 1030 return; 1031 1032 ic = vap->iv_ic; 1033 sc = ic->ic_softc; 1034 1035 RUN_LOCK(sc); 1036 1037 m_freem(rvp->beacon_mbuf); 1038 rvp->beacon_mbuf = NULL; 1039 1040 rvp_id = rvp->rvp_id; 1041 sc->ratectl_run &= ~(1 << rvp_id); 1042 sc->rvp_bmap &= ~(1 << rvp_id); 1043 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1044 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1045 --sc->rvp_cnt; 1046 1047 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1048 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1049 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1050 1051 RUN_UNLOCK(sc); 1052 1053 ieee80211_ratectl_deinit(vap); 1054 ieee80211_vap_detach(vap); 1055 free(rvp, M_80211_VAP); 1056 } 1057 1058 /* 1059 * There are numbers of functions need to be called in context thread. 1060 * Rather than creating taskqueue event for each of those functions, 1061 * here is all-for-one taskqueue callback function. This function 1062 * guarantees deferred functions are executed in the same order they 1063 * were enqueued. 1064 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1065 */ 1066 static void 1067 run_cmdq_cb(void *arg, int pending) 1068 { 1069 struct run_softc *sc = arg; 1070 uint8_t i; 1071 1072 /* call cmdq[].func locked */ 1073 RUN_LOCK(sc); 1074 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1075 i = sc->cmdq_exec, pending--) { 1076 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1077 i, pending); 1078 if (sc->cmdq_run == RUN_CMDQ_GO) { 1079 /* 1080 * If arg0 is NULL, callback func needs more 1081 * than one arg. So, pass ptr to cmdq struct. 1082 */ 1083 if (sc->cmdq[i].arg0) 1084 sc->cmdq[i].func(sc->cmdq[i].arg0); 1085 else 1086 sc->cmdq[i].func(&sc->cmdq[i]); 1087 } 1088 sc->cmdq[i].arg0 = NULL; 1089 sc->cmdq[i].func = NULL; 1090 sc->cmdq_exec++; 1091 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1092 } 1093 RUN_UNLOCK(sc); 1094 } 1095 1096 static void 1097 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1098 { 1099 struct run_tx_data *data; 1100 1101 memset(pq, 0, sizeof(*pq)); 1102 1103 STAILQ_INIT(&pq->tx_qh); 1104 STAILQ_INIT(&pq->tx_fh); 1105 1106 for (data = &pq->tx_data[0]; 1107 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1108 data->sc = sc; 1109 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1110 } 1111 pq->tx_nfree = RUN_TX_RING_COUNT; 1112 } 1113 1114 static void 1115 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1116 { 1117 struct run_tx_data *data; 1118 1119 /* make sure any subsequent use of the queues will fail */ 1120 pq->tx_nfree = 0; 1121 STAILQ_INIT(&pq->tx_fh); 1122 STAILQ_INIT(&pq->tx_qh); 1123 1124 /* free up all node references and mbufs */ 1125 for (data = &pq->tx_data[0]; 1126 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1127 if (data->m != NULL) { 1128 m_freem(data->m); 1129 data->m = NULL; 1130 } 1131 if (data->ni != NULL) { 1132 ieee80211_free_node(data->ni); 1133 data->ni = NULL; 1134 } 1135 } 1136 } 1137 1138 static int 1139 run_load_microcode(struct run_softc *sc) 1140 { 1141 usb_device_request_t req; 1142 const struct firmware *fw; 1143 const u_char *base; 1144 uint32_t tmp; 1145 int ntries, error; 1146 const uint64_t *temp; 1147 uint64_t bytes; 1148 1149 RUN_UNLOCK(sc); 1150 fw = firmware_get("runfw"); 1151 RUN_LOCK(sc); 1152 if (fw == NULL) { 1153 device_printf(sc->sc_dev, 1154 "failed loadfirmware of file %s\n", "runfw"); 1155 return ENOENT; 1156 } 1157 1158 if (fw->datasize != 8192) { 1159 device_printf(sc->sc_dev, 1160 "invalid firmware size (should be 8KB)\n"); 1161 error = EINVAL; 1162 goto fail; 1163 } 1164 1165 /* 1166 * RT3071/RT3072 use a different firmware 1167 * run-rt2870 (8KB) contains both, 1168 * first half (4KB) is for rt2870, 1169 * last half is for rt3071. 1170 */ 1171 base = fw->data; 1172 if ((sc->mac_ver) != 0x2860 && 1173 (sc->mac_ver) != 0x2872 && 1174 (sc->mac_ver) != 0x3070) { 1175 base += 4096; 1176 } 1177 1178 /* cheap sanity check */ 1179 temp = fw->data; 1180 bytes = *temp; 1181 if (bytes != be64toh(0xffffff0210280210ULL)) { 1182 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1183 error = EINVAL; 1184 goto fail; 1185 } 1186 1187 /* write microcode image */ 1188 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1189 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1190 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1191 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1192 } 1193 1194 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1195 req.bRequest = RT2870_RESET; 1196 USETW(req.wValue, 8); 1197 USETW(req.wIndex, 0); 1198 USETW(req.wLength, 0); 1199 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1200 != 0) { 1201 device_printf(sc->sc_dev, "firmware reset failed\n"); 1202 goto fail; 1203 } 1204 1205 run_delay(sc, 10); 1206 1207 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1208 run_write(sc, RT2860_H2M_MAILBOX, 0); 1209 run_write(sc, RT2860_H2M_INTSRC, 0); 1210 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1211 goto fail; 1212 1213 /* wait until microcontroller is ready */ 1214 for (ntries = 0; ntries < 1000; ntries++) { 1215 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1216 goto fail; 1217 if (tmp & RT2860_MCU_READY) 1218 break; 1219 run_delay(sc, 10); 1220 } 1221 if (ntries == 1000) { 1222 device_printf(sc->sc_dev, 1223 "timeout waiting for MCU to initialize\n"); 1224 error = ETIMEDOUT; 1225 goto fail; 1226 } 1227 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1228 (base == fw->data) ? "RT2870" : "RT3071", 1229 *(base + 4092), *(base + 4093)); 1230 1231 fail: 1232 firmware_put(fw, FIRMWARE_UNLOAD); 1233 return (error); 1234 } 1235 1236 static int 1237 run_reset(struct run_softc *sc) 1238 { 1239 usb_device_request_t req; 1240 1241 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1242 req.bRequest = RT2870_RESET; 1243 USETW(req.wValue, 1); 1244 USETW(req.wIndex, 0); 1245 USETW(req.wLength, 0); 1246 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1247 } 1248 1249 static usb_error_t 1250 run_do_request(struct run_softc *sc, 1251 struct usb_device_request *req, void *data) 1252 { 1253 usb_error_t err; 1254 int ntries = 10; 1255 1256 RUN_LOCK_ASSERT(sc, MA_OWNED); 1257 1258 while (ntries--) { 1259 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1260 req, data, 0, NULL, 250 /* ms */); 1261 if (err == 0) 1262 break; 1263 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1264 "Control request failed, %s (retrying)\n", 1265 usbd_errstr(err)); 1266 run_delay(sc, 10); 1267 } 1268 return (err); 1269 } 1270 1271 static int 1272 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1273 { 1274 uint32_t tmp; 1275 int error; 1276 1277 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1278 if (error == 0) 1279 *val = le32toh(tmp); 1280 else 1281 *val = 0xffffffff; 1282 return (error); 1283 } 1284 1285 static int 1286 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1287 { 1288 usb_device_request_t req; 1289 1290 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1291 req.bRequest = RT2870_READ_REGION_1; 1292 USETW(req.wValue, 0); 1293 USETW(req.wIndex, reg); 1294 USETW(req.wLength, len); 1295 1296 return (run_do_request(sc, &req, buf)); 1297 } 1298 1299 static int 1300 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1301 { 1302 usb_device_request_t req; 1303 1304 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1305 req.bRequest = RT2870_WRITE_2; 1306 USETW(req.wValue, val); 1307 USETW(req.wIndex, reg); 1308 USETW(req.wLength, 0); 1309 1310 return (run_do_request(sc, &req, NULL)); 1311 } 1312 1313 static int 1314 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1315 { 1316 int error; 1317 1318 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1319 error = run_write_2(sc, reg + 2, val >> 16); 1320 return (error); 1321 } 1322 1323 static int 1324 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1325 int len) 1326 { 1327 #if 1 1328 int i, error = 0; 1329 /* 1330 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1331 * We thus issue multiple WRITE_2 commands instead. 1332 */ 1333 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1334 for (i = 0; i < len && error == 0; i += 2) 1335 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1336 return (error); 1337 #else 1338 usb_device_request_t req; 1339 int error = 0; 1340 1341 /* 1342 * NOTE: It appears the WRITE_REGION_1 command cannot be 1343 * passed a huge amount of data, which will crash the 1344 * firmware. Limit amount of data passed to 64-bytes at a 1345 * time. 1346 */ 1347 while (len > 0) { 1348 int delta = 64; 1349 if (delta > len) 1350 delta = len; 1351 1352 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1353 req.bRequest = RT2870_WRITE_REGION_1; 1354 USETW(req.wValue, 0); 1355 USETW(req.wIndex, reg); 1356 USETW(req.wLength, delta); 1357 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1358 if (error != 0) 1359 break; 1360 reg += delta; 1361 buf += delta; 1362 len -= delta; 1363 } 1364 return (error); 1365 #endif 1366 } 1367 1368 static int 1369 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1370 { 1371 int i, error = 0; 1372 1373 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1374 for (i = 0; i < len && error == 0; i += 4) 1375 error = run_write(sc, reg + i, val); 1376 return (error); 1377 } 1378 1379 static int 1380 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1381 { 1382 uint32_t tmp; 1383 uint16_t reg; 1384 int error, ntries; 1385 1386 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1387 return (error); 1388 1389 if (count == 2) 1390 addr *= 2; 1391 /*- 1392 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1393 * DATA0: F E D C 1394 * DATA1: B A 9 8 1395 * DATA2: 7 6 5 4 1396 * DATA3: 3 2 1 0 1397 */ 1398 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1399 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1400 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1401 for (ntries = 0; ntries < 100; ntries++) { 1402 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1403 return (error); 1404 if (!(tmp & RT3070_EFSROM_KICK)) 1405 break; 1406 run_delay(sc, 2); 1407 } 1408 if (ntries == 100) 1409 return (ETIMEDOUT); 1410 1411 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1412 *val = 0xffff; /* address not found */ 1413 return (0); 1414 } 1415 /* determine to which 32-bit register our 16-bit word belongs */ 1416 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1417 if ((error = run_read(sc, reg, &tmp)) != 0) 1418 return (error); 1419 1420 tmp >>= (8 * (addr & 0x3)); 1421 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1422 1423 return (0); 1424 } 1425 1426 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1427 static int 1428 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1429 { 1430 return (run_efuse_read(sc, addr, val, 2)); 1431 } 1432 1433 static int 1434 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1435 { 1436 usb_device_request_t req; 1437 uint16_t tmp; 1438 int error; 1439 1440 addr *= 2; 1441 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1442 req.bRequest = RT2870_EEPROM_READ; 1443 USETW(req.wValue, 0); 1444 USETW(req.wIndex, addr); 1445 USETW(req.wLength, sizeof(tmp)); 1446 1447 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1448 if (error == 0) 1449 *val = le16toh(tmp); 1450 else 1451 *val = 0xffff; 1452 return (error); 1453 } 1454 1455 static __inline int 1456 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1457 { 1458 /* either eFUSE ROM or EEPROM */ 1459 return sc->sc_srom_read(sc, addr, val); 1460 } 1461 1462 static int 1463 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1464 { 1465 uint32_t tmp; 1466 int error, ntries; 1467 1468 for (ntries = 0; ntries < 10; ntries++) { 1469 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1470 return (error); 1471 if (!(tmp & RT2860_RF_REG_CTRL)) 1472 break; 1473 } 1474 if (ntries == 10) 1475 return (ETIMEDOUT); 1476 1477 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1478 } 1479 1480 static int 1481 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1482 { 1483 uint32_t tmp; 1484 int error, ntries; 1485 1486 for (ntries = 0; ntries < 100; ntries++) { 1487 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1488 return (error); 1489 if (!(tmp & RT3070_RF_KICK)) 1490 break; 1491 } 1492 if (ntries == 100) 1493 return (ETIMEDOUT); 1494 1495 tmp = RT3070_RF_KICK | reg << 8; 1496 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1497 return (error); 1498 1499 for (ntries = 0; ntries < 100; ntries++) { 1500 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1501 return (error); 1502 if (!(tmp & RT3070_RF_KICK)) 1503 break; 1504 } 1505 if (ntries == 100) 1506 return (ETIMEDOUT); 1507 1508 *val = tmp & 0xff; 1509 return (0); 1510 } 1511 1512 static int 1513 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1514 { 1515 uint32_t tmp; 1516 int error, ntries; 1517 1518 for (ntries = 0; ntries < 10; ntries++) { 1519 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1520 return (error); 1521 if (!(tmp & RT3070_RF_KICK)) 1522 break; 1523 } 1524 if (ntries == 10) 1525 return (ETIMEDOUT); 1526 1527 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1528 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1529 } 1530 1531 static int 1532 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1533 { 1534 uint32_t tmp; 1535 int ntries, error; 1536 1537 for (ntries = 0; ntries < 10; ntries++) { 1538 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1539 return (error); 1540 if (!(tmp & RT2860_BBP_CSR_KICK)) 1541 break; 1542 } 1543 if (ntries == 10) 1544 return (ETIMEDOUT); 1545 1546 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1547 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1548 return (error); 1549 1550 for (ntries = 0; ntries < 10; ntries++) { 1551 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1552 return (error); 1553 if (!(tmp & RT2860_BBP_CSR_KICK)) 1554 break; 1555 } 1556 if (ntries == 10) 1557 return (ETIMEDOUT); 1558 1559 *val = tmp & 0xff; 1560 return (0); 1561 } 1562 1563 static int 1564 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1565 { 1566 uint32_t tmp; 1567 int ntries, error; 1568 1569 for (ntries = 0; ntries < 10; ntries++) { 1570 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1571 return (error); 1572 if (!(tmp & RT2860_BBP_CSR_KICK)) 1573 break; 1574 } 1575 if (ntries == 10) 1576 return (ETIMEDOUT); 1577 1578 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1579 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1580 } 1581 1582 /* 1583 * Send a command to the 8051 microcontroller unit. 1584 */ 1585 static int 1586 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1587 { 1588 uint32_t tmp; 1589 int error, ntries; 1590 1591 for (ntries = 0; ntries < 100; ntries++) { 1592 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1593 return error; 1594 if (!(tmp & RT2860_H2M_BUSY)) 1595 break; 1596 } 1597 if (ntries == 100) 1598 return ETIMEDOUT; 1599 1600 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1601 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1602 error = run_write(sc, RT2860_HOST_CMD, cmd); 1603 return (error); 1604 } 1605 1606 /* 1607 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1608 * Used to adjust per-rate Tx power registers. 1609 */ 1610 static __inline uint32_t 1611 b4inc(uint32_t b32, int8_t delta) 1612 { 1613 int8_t i, b4; 1614 1615 for (i = 0; i < 8; i++) { 1616 b4 = b32 & 0xf; 1617 b4 += delta; 1618 if (b4 < 0) 1619 b4 = 0; 1620 else if (b4 > 0xf) 1621 b4 = 0xf; 1622 b32 = b32 >> 4 | b4 << 28; 1623 } 1624 return (b32); 1625 } 1626 1627 static const char * 1628 run_get_rf(uint16_t rev) 1629 { 1630 switch (rev) { 1631 case RT2860_RF_2820: return "RT2820"; 1632 case RT2860_RF_2850: return "RT2850"; 1633 case RT2860_RF_2720: return "RT2720"; 1634 case RT2860_RF_2750: return "RT2750"; 1635 case RT3070_RF_3020: return "RT3020"; 1636 case RT3070_RF_2020: return "RT2020"; 1637 case RT3070_RF_3021: return "RT3021"; 1638 case RT3070_RF_3022: return "RT3022"; 1639 case RT3070_RF_3052: return "RT3052"; 1640 case RT3593_RF_3053: return "RT3053"; 1641 case RT5592_RF_5592: return "RT5592"; 1642 case RT5390_RF_5370: return "RT5370"; 1643 case RT5390_RF_5372: return "RT5372"; 1644 } 1645 return ("unknown"); 1646 } 1647 1648 static void 1649 run_rt3593_get_txpower(struct run_softc *sc) 1650 { 1651 uint16_t addr, val; 1652 int i; 1653 1654 /* Read power settings for 2GHz channels. */ 1655 for (i = 0; i < 14; i += 2) { 1656 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1657 RT2860_EEPROM_PWR2GHZ_BASE1; 1658 run_srom_read(sc, addr + i / 2, &val); 1659 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1660 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1661 1662 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1663 RT2860_EEPROM_PWR2GHZ_BASE2; 1664 run_srom_read(sc, addr + i / 2, &val); 1665 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1666 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1667 1668 if (sc->ntxchains == 3) { 1669 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1670 &val); 1671 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1672 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1673 } 1674 } 1675 /* Fix broken Tx power entries. */ 1676 for (i = 0; i < 14; i++) { 1677 if (sc->txpow1[i] > 31) 1678 sc->txpow1[i] = 5; 1679 if (sc->txpow2[i] > 31) 1680 sc->txpow2[i] = 5; 1681 if (sc->ntxchains == 3) { 1682 if (sc->txpow3[i] > 31) 1683 sc->txpow3[i] = 5; 1684 } 1685 } 1686 /* Read power settings for 5GHz channels. */ 1687 for (i = 0; i < 40; i += 2) { 1688 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1689 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1690 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1691 1692 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1693 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1694 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1695 1696 if (sc->ntxchains == 3) { 1697 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1698 &val); 1699 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1700 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1701 } 1702 } 1703 } 1704 1705 static void 1706 run_get_txpower(struct run_softc *sc) 1707 { 1708 uint16_t val; 1709 int i; 1710 1711 /* Read power settings for 2GHz channels. */ 1712 for (i = 0; i < 14; i += 2) { 1713 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1714 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1715 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1716 1717 if (sc->mac_ver != 0x5390) { 1718 run_srom_read(sc, 1719 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1720 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1721 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1722 } 1723 } 1724 /* Fix broken Tx power entries. */ 1725 for (i = 0; i < 14; i++) { 1726 if (sc->mac_ver >= 0x5390) { 1727 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1728 sc->txpow1[i] = 5; 1729 } else { 1730 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1731 sc->txpow1[i] = 5; 1732 } 1733 if (sc->mac_ver > 0x5390) { 1734 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1735 sc->txpow2[i] = 5; 1736 } else if (sc->mac_ver < 0x5390) { 1737 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1738 sc->txpow2[i] = 5; 1739 } 1740 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1741 "chan %d: power1=%d, power2=%d\n", 1742 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1743 } 1744 /* Read power settings for 5GHz channels. */ 1745 for (i = 0; i < 40; i += 2) { 1746 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1747 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1748 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1749 1750 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1751 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1752 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1753 } 1754 /* Fix broken Tx power entries. */ 1755 for (i = 0; i < 40; i++ ) { 1756 if (sc->mac_ver != 0x5592) { 1757 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1758 sc->txpow1[14 + i] = 5; 1759 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1760 sc->txpow2[14 + i] = 5; 1761 } 1762 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1763 "chan %d: power1=%d, power2=%d\n", 1764 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1765 sc->txpow2[14 + i]); 1766 } 1767 } 1768 1769 static int 1770 run_read_eeprom(struct run_softc *sc) 1771 { 1772 struct ieee80211com *ic = &sc->sc_ic; 1773 int8_t delta_2ghz, delta_5ghz; 1774 uint32_t tmp; 1775 uint16_t val; 1776 int ridx, ant, i; 1777 1778 /* check whether the ROM is eFUSE ROM or EEPROM */ 1779 sc->sc_srom_read = run_eeprom_read_2; 1780 if (sc->mac_ver >= 0x3070) { 1781 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1782 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1783 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1784 sc->sc_srom_read = run_efuse_read_2; 1785 } 1786 1787 /* read ROM version */ 1788 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1789 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1790 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1791 1792 /* read MAC address */ 1793 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1794 ic->ic_macaddr[0] = val & 0xff; 1795 ic->ic_macaddr[1] = val >> 8; 1796 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1797 ic->ic_macaddr[2] = val & 0xff; 1798 ic->ic_macaddr[3] = val >> 8; 1799 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1800 ic->ic_macaddr[4] = val & 0xff; 1801 ic->ic_macaddr[5] = val >> 8; 1802 1803 if (sc->mac_ver < 0x3593) { 1804 /* read vender BBP settings */ 1805 for (i = 0; i < 10; i++) { 1806 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1807 sc->bbp[i].val = val & 0xff; 1808 sc->bbp[i].reg = val >> 8; 1809 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1810 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1811 } 1812 if (sc->mac_ver >= 0x3071) { 1813 /* read vendor RF settings */ 1814 for (i = 0; i < 10; i++) { 1815 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1816 &val); 1817 sc->rf[i].val = val & 0xff; 1818 sc->rf[i].reg = val >> 8; 1819 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1820 sc->rf[i].reg, sc->rf[i].val); 1821 } 1822 } 1823 } 1824 1825 /* read RF frequency offset from EEPROM */ 1826 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1827 RT3593_EEPROM_FREQ, &val); 1828 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1829 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1830 sc->freq & 0xff); 1831 1832 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1833 RT3593_EEPROM_FREQ_LEDS, &val); 1834 if (val >> 8 != 0xff) { 1835 /* read LEDs operating mode */ 1836 sc->leds = val >> 8; 1837 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1838 RT3593_EEPROM_LED1, &sc->led[0]); 1839 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1840 RT3593_EEPROM_LED2, &sc->led[1]); 1841 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1842 RT3593_EEPROM_LED3, &sc->led[2]); 1843 } else { 1844 /* broken EEPROM, use default settings */ 1845 sc->leds = 0x01; 1846 sc->led[0] = 0x5555; 1847 sc->led[1] = 0x2221; 1848 sc->led[2] = 0x5627; /* differs from RT2860 */ 1849 } 1850 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1851 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1852 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1853 1854 /* read RF information */ 1855 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1856 run_srom_read(sc, 0x00, &val); 1857 else 1858 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1859 1860 if (val == 0xffff) { 1861 device_printf(sc->sc_dev, 1862 "invalid EEPROM antenna info, using default\n"); 1863 if (sc->mac_ver == 0x3572) { 1864 /* default to RF3052 2T2R */ 1865 sc->rf_rev = RT3070_RF_3052; 1866 sc->ntxchains = 2; 1867 sc->nrxchains = 2; 1868 } else if (sc->mac_ver >= 0x3070) { 1869 /* default to RF3020 1T1R */ 1870 sc->rf_rev = RT3070_RF_3020; 1871 sc->ntxchains = 1; 1872 sc->nrxchains = 1; 1873 } else { 1874 /* default to RF2820 1T2R */ 1875 sc->rf_rev = RT2860_RF_2820; 1876 sc->ntxchains = 1; 1877 sc->nrxchains = 2; 1878 } 1879 } else { 1880 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1881 sc->rf_rev = val; 1882 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1883 } else 1884 sc->rf_rev = (val >> 8) & 0xf; 1885 sc->ntxchains = (val >> 4) & 0xf; 1886 sc->nrxchains = val & 0xf; 1887 } 1888 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1889 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1890 1891 /* check if RF supports automatic Tx access gain control */ 1892 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1893 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1894 /* check if driver should patch the DAC issue */ 1895 if ((val >> 8) != 0xff) 1896 sc->patch_dac = (val >> 15) & 1; 1897 if ((val & 0xff) != 0xff) { 1898 sc->ext_5ghz_lna = (val >> 3) & 1; 1899 sc->ext_2ghz_lna = (val >> 2) & 1; 1900 /* check if RF supports automatic Tx access gain control */ 1901 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1902 /* check if we have a hardware radio switch */ 1903 sc->rfswitch = val & 1; 1904 } 1905 1906 /* Read Tx power settings. */ 1907 if (sc->mac_ver == 0x3593) 1908 run_rt3593_get_txpower(sc); 1909 else 1910 run_get_txpower(sc); 1911 1912 /* read Tx power compensation for each Tx rate */ 1913 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1914 delta_2ghz = delta_5ghz = 0; 1915 if ((val & 0xff) != 0xff && (val & 0x80)) { 1916 delta_2ghz = val & 0xf; 1917 if (!(val & 0x40)) /* negative number */ 1918 delta_2ghz = -delta_2ghz; 1919 } 1920 val >>= 8; 1921 if ((val & 0xff) != 0xff && (val & 0x80)) { 1922 delta_5ghz = val & 0xf; 1923 if (!(val & 0x40)) /* negative number */ 1924 delta_5ghz = -delta_5ghz; 1925 } 1926 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1927 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1928 1929 for (ridx = 0; ridx < 5; ridx++) { 1930 uint32_t reg; 1931 1932 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1933 reg = val; 1934 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1935 reg |= (uint32_t)val << 16; 1936 1937 sc->txpow20mhz[ridx] = reg; 1938 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1939 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1940 1941 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1942 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1943 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1944 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1945 } 1946 1947 /* Read RSSI offsets and LNA gains from EEPROM. */ 1948 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1949 RT3593_EEPROM_RSSI1_2GHZ, &val); 1950 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1951 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1952 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1953 RT3593_EEPROM_RSSI2_2GHZ, &val); 1954 if (sc->mac_ver >= 0x3070) { 1955 if (sc->mac_ver == 0x3593) { 1956 sc->txmixgain_2ghz = 0; 1957 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1958 } else { 1959 /* 1960 * On RT3070 chips (limited to 2 Rx chains), this ROM 1961 * field contains the Tx mixer gain for the 2GHz band. 1962 */ 1963 if ((val & 0xff) != 0xff) 1964 sc->txmixgain_2ghz = val & 0x7; 1965 } 1966 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1967 sc->txmixgain_2ghz); 1968 } else 1969 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1970 if (sc->mac_ver == 0x3593) 1971 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1972 sc->lna[2] = val >> 8; /* channel group 2 */ 1973 1974 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1975 RT3593_EEPROM_RSSI1_5GHZ, &val); 1976 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1977 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1978 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1979 RT3593_EEPROM_RSSI2_5GHZ, &val); 1980 if (sc->mac_ver == 0x3572) { 1981 /* 1982 * On RT3572 chips (limited to 2 Rx chains), this ROM 1983 * field contains the Tx mixer gain for the 5GHz band. 1984 */ 1985 if ((val & 0xff) != 0xff) 1986 sc->txmixgain_5ghz = val & 0x7; 1987 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1988 sc->txmixgain_5ghz); 1989 } else 1990 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1991 if (sc->mac_ver == 0x3593) { 1992 sc->txmixgain_5ghz = 0; 1993 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1994 } 1995 sc->lna[3] = val >> 8; /* channel group 3 */ 1996 1997 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1998 RT3593_EEPROM_LNA, &val); 1999 sc->lna[0] = val & 0xff; /* channel group 0 */ 2000 sc->lna[1] = val >> 8; /* channel group 1 */ 2001 2002 /* fix broken 5GHz LNA entries */ 2003 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2004 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2005 "invalid LNA for channel group %d\n", 2); 2006 sc->lna[2] = sc->lna[1]; 2007 } 2008 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2009 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2010 "invalid LNA for channel group %d\n", 3); 2011 sc->lna[3] = sc->lna[1]; 2012 } 2013 2014 /* fix broken RSSI offset entries */ 2015 for (ant = 0; ant < 3; ant++) { 2016 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2017 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2018 "invalid RSSI%d offset: %d (2GHz)\n", 2019 ant + 1, sc->rssi_2ghz[ant]); 2020 sc->rssi_2ghz[ant] = 0; 2021 } 2022 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2023 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2024 "invalid RSSI%d offset: %d (5GHz)\n", 2025 ant + 1, sc->rssi_5ghz[ant]); 2026 sc->rssi_5ghz[ant] = 0; 2027 } 2028 } 2029 return (0); 2030 } 2031 2032 static struct ieee80211_node * 2033 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2034 { 2035 return malloc(sizeof (struct run_node), M_80211_NODE, 2036 M_NOWAIT | M_ZERO); 2037 } 2038 2039 static int 2040 run_media_change(struct ifnet *ifp) 2041 { 2042 struct ieee80211vap *vap = ifp->if_softc; 2043 struct ieee80211com *ic = vap->iv_ic; 2044 const struct ieee80211_txparam *tp; 2045 struct run_softc *sc = ic->ic_softc; 2046 uint8_t rate, ridx; 2047 int error; 2048 2049 RUN_LOCK(sc); 2050 2051 error = ieee80211_media_change(ifp); 2052 if (error != ENETRESET) { 2053 RUN_UNLOCK(sc); 2054 return (error); 2055 } 2056 2057 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2058 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2059 struct ieee80211_node *ni; 2060 struct run_node *rn; 2061 2062 rate = ic->ic_sup_rates[ic->ic_curmode]. 2063 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2064 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2065 if (rt2860_rates[ridx].rate == rate) 2066 break; 2067 ni = ieee80211_ref_node(vap->iv_bss); 2068 rn = RUN_NODE(ni); 2069 rn->fix_ridx = ridx; 2070 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2071 rate, rn->fix_ridx); 2072 ieee80211_free_node(ni); 2073 } 2074 2075 #if 0 2076 if ((ifp->if_flags & IFF_UP) && 2077 (ifp->if_drv_flags & RUN_RUNNING)){ 2078 run_init_locked(sc); 2079 } 2080 #endif 2081 2082 RUN_UNLOCK(sc); 2083 2084 return (0); 2085 } 2086 2087 static int 2088 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2089 { 2090 const struct ieee80211_txparam *tp; 2091 struct ieee80211com *ic = vap->iv_ic; 2092 struct run_softc *sc = ic->ic_softc; 2093 struct run_vap *rvp = RUN_VAP(vap); 2094 enum ieee80211_state ostate; 2095 uint32_t sta[3]; 2096 uint8_t ratectl; 2097 uint8_t restart_ratectl = 0; 2098 uint8_t bid = 1 << rvp->rvp_id; 2099 2100 ostate = vap->iv_state; 2101 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2102 ieee80211_state_name[ostate], 2103 ieee80211_state_name[nstate]); 2104 2105 IEEE80211_UNLOCK(ic); 2106 RUN_LOCK(sc); 2107 2108 ratectl = sc->ratectl_run; /* remember current state */ 2109 sc->ratectl_run = RUN_RATECTL_OFF; 2110 usb_callout_stop(&sc->ratectl_ch); 2111 2112 if (ostate == IEEE80211_S_RUN) { 2113 /* turn link LED off */ 2114 run_set_leds(sc, RT2860_LED_RADIO); 2115 } 2116 2117 switch (nstate) { 2118 case IEEE80211_S_INIT: 2119 restart_ratectl = 1; 2120 2121 if (ostate != IEEE80211_S_RUN) 2122 break; 2123 2124 ratectl &= ~bid; 2125 sc->runbmap &= ~bid; 2126 2127 /* abort TSF synchronization if there is no vap running */ 2128 if (--sc->running == 0) 2129 run_disable_tsf(sc); 2130 break; 2131 2132 case IEEE80211_S_RUN: 2133 if (!(sc->runbmap & bid)) { 2134 if(sc->running++) 2135 restart_ratectl = 1; 2136 sc->runbmap |= bid; 2137 } 2138 2139 m_freem(rvp->beacon_mbuf); 2140 rvp->beacon_mbuf = NULL; 2141 2142 switch (vap->iv_opmode) { 2143 case IEEE80211_M_HOSTAP: 2144 case IEEE80211_M_MBSS: 2145 sc->ap_running |= bid; 2146 ic->ic_opmode = vap->iv_opmode; 2147 run_update_beacon_cb(vap); 2148 break; 2149 case IEEE80211_M_IBSS: 2150 sc->adhoc_running |= bid; 2151 if (!sc->ap_running) 2152 ic->ic_opmode = vap->iv_opmode; 2153 run_update_beacon_cb(vap); 2154 break; 2155 case IEEE80211_M_STA: 2156 sc->sta_running |= bid; 2157 if (!sc->ap_running && !sc->adhoc_running) 2158 ic->ic_opmode = vap->iv_opmode; 2159 2160 /* read statistic counters (clear on read) */ 2161 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2162 (uint8_t *)sta, sizeof sta); 2163 2164 break; 2165 default: 2166 ic->ic_opmode = vap->iv_opmode; 2167 break; 2168 } 2169 2170 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2171 struct ieee80211_node *ni; 2172 2173 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2174 RUN_UNLOCK(sc); 2175 IEEE80211_LOCK(ic); 2176 return (-1); 2177 } 2178 run_updateslot(ic); 2179 run_enable_mrr(sc); 2180 run_set_txpreamble(sc); 2181 run_set_basicrates(sc); 2182 ni = ieee80211_ref_node(vap->iv_bss); 2183 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2184 run_set_bssid(sc, sc->sc_bssid); 2185 ieee80211_free_node(ni); 2186 run_enable_tsf_sync(sc); 2187 2188 /* enable automatic rate adaptation */ 2189 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2190 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2191 ratectl |= bid; 2192 } else 2193 run_enable_tsf(sc); 2194 2195 /* turn link LED on */ 2196 run_set_leds(sc, RT2860_LED_RADIO | 2197 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2198 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2199 2200 break; 2201 default: 2202 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2203 break; 2204 } 2205 2206 /* restart amrr for running VAPs */ 2207 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2208 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2209 2210 RUN_UNLOCK(sc); 2211 IEEE80211_LOCK(ic); 2212 2213 return(rvp->newstate(vap, nstate, arg)); 2214 } 2215 2216 static int 2217 run_wme_update(struct ieee80211com *ic) 2218 { 2219 struct chanAccParams chp; 2220 struct run_softc *sc = ic->ic_softc; 2221 const struct wmeParams *ac; 2222 int aci, error = 0; 2223 2224 ieee80211_wme_ic_getparams(ic, &chp); 2225 ac = chp.cap_wmeParams; 2226 2227 /* update MAC TX configuration registers */ 2228 RUN_LOCK(sc); 2229 for (aci = 0; aci < WME_NUM_AC; aci++) { 2230 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2231 ac[aci].wmep_logcwmax << 16 | 2232 ac[aci].wmep_logcwmin << 12 | 2233 ac[aci].wmep_aifsn << 8 | 2234 ac[aci].wmep_txopLimit); 2235 if (error) goto err; 2236 } 2237 2238 /* update SCH/DMA registers too */ 2239 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2240 ac[WME_AC_VO].wmep_aifsn << 12 | 2241 ac[WME_AC_VI].wmep_aifsn << 8 | 2242 ac[WME_AC_BK].wmep_aifsn << 4 | 2243 ac[WME_AC_BE].wmep_aifsn); 2244 if (error) goto err; 2245 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2246 ac[WME_AC_VO].wmep_logcwmin << 12 | 2247 ac[WME_AC_VI].wmep_logcwmin << 8 | 2248 ac[WME_AC_BK].wmep_logcwmin << 4 | 2249 ac[WME_AC_BE].wmep_logcwmin); 2250 if (error) goto err; 2251 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2252 ac[WME_AC_VO].wmep_logcwmax << 12 | 2253 ac[WME_AC_VI].wmep_logcwmax << 8 | 2254 ac[WME_AC_BK].wmep_logcwmax << 4 | 2255 ac[WME_AC_BE].wmep_logcwmax); 2256 if (error) goto err; 2257 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2258 ac[WME_AC_BK].wmep_txopLimit << 16 | 2259 ac[WME_AC_BE].wmep_txopLimit); 2260 if (error) goto err; 2261 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2262 ac[WME_AC_VO].wmep_txopLimit << 16 | 2263 ac[WME_AC_VI].wmep_txopLimit); 2264 2265 err: 2266 RUN_UNLOCK(sc); 2267 if (error) 2268 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2269 2270 return (error); 2271 } 2272 2273 static void 2274 run_key_set_cb(void *arg) 2275 { 2276 struct run_cmdq *cmdq = arg; 2277 struct ieee80211vap *vap = cmdq->arg1; 2278 struct ieee80211_key *k = cmdq->k; 2279 struct ieee80211com *ic = vap->iv_ic; 2280 struct run_softc *sc = ic->ic_softc; 2281 struct ieee80211_node *ni; 2282 u_int cipher = k->wk_cipher->ic_cipher; 2283 uint32_t attr; 2284 uint16_t base, associd; 2285 uint8_t mode, wcid, iv[8]; 2286 2287 RUN_LOCK_ASSERT(sc, MA_OWNED); 2288 2289 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2290 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2291 else 2292 ni = vap->iv_bss; 2293 associd = (ni != NULL) ? ni->ni_associd : 0; 2294 2295 /* map net80211 cipher to RT2860 security mode */ 2296 switch (cipher) { 2297 case IEEE80211_CIPHER_WEP: 2298 if(k->wk_keylen < 8) 2299 mode = RT2860_MODE_WEP40; 2300 else 2301 mode = RT2860_MODE_WEP104; 2302 break; 2303 case IEEE80211_CIPHER_TKIP: 2304 mode = RT2860_MODE_TKIP; 2305 break; 2306 case IEEE80211_CIPHER_AES_CCM: 2307 mode = RT2860_MODE_AES_CCMP; 2308 break; 2309 default: 2310 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2311 return; 2312 } 2313 2314 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2315 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2316 associd, k->wk_keyix, mode, 2317 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2318 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2319 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2320 2321 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2322 wcid = 0; /* NB: update WCID0 for group keys */ 2323 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2324 } else { 2325 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2326 1 : RUN_AID2WCID(associd); 2327 base = RT2860_PKEY(wcid); 2328 } 2329 2330 if (cipher == IEEE80211_CIPHER_TKIP) { 2331 if(run_write_region_1(sc, base, k->wk_key, 16)) 2332 return; 2333 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2334 return; 2335 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2336 return; 2337 } else { 2338 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2339 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2340 return; 2341 } 2342 2343 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2344 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2345 /* set initial packet number in IV+EIV */ 2346 if (cipher == IEEE80211_CIPHER_WEP) { 2347 memset(iv, 0, sizeof iv); 2348 iv[3] = vap->iv_def_txkey << 6; 2349 } else { 2350 if (cipher == IEEE80211_CIPHER_TKIP) { 2351 iv[0] = k->wk_keytsc >> 8; 2352 iv[1] = (iv[0] | 0x20) & 0x7f; 2353 iv[2] = k->wk_keytsc; 2354 } else /* CCMP */ { 2355 iv[0] = k->wk_keytsc; 2356 iv[1] = k->wk_keytsc >> 8; 2357 iv[2] = 0; 2358 } 2359 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2360 iv[4] = k->wk_keytsc >> 16; 2361 iv[5] = k->wk_keytsc >> 24; 2362 iv[6] = k->wk_keytsc >> 32; 2363 iv[7] = k->wk_keytsc >> 40; 2364 } 2365 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2366 return; 2367 } 2368 2369 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2370 /* install group key */ 2371 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2372 return; 2373 attr &= ~(0xf << (k->wk_keyix * 4)); 2374 attr |= mode << (k->wk_keyix * 4); 2375 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2376 return; 2377 } else { 2378 /* install pairwise key */ 2379 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2380 return; 2381 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2382 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2383 return; 2384 } 2385 2386 /* TODO create a pass-thru key entry? */ 2387 2388 /* need wcid to delete the right key later */ 2389 k->wk_pad = wcid; 2390 } 2391 2392 /* 2393 * Don't have to be deferred, but in order to keep order of 2394 * execution, i.e. with run_key_delete(), defer this and let 2395 * run_cmdq_cb() maintain the order. 2396 * 2397 * return 0 on error 2398 */ 2399 static int 2400 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2401 { 2402 struct ieee80211com *ic = vap->iv_ic; 2403 struct run_softc *sc = ic->ic_softc; 2404 uint32_t i; 2405 2406 i = RUN_CMDQ_GET(&sc->cmdq_store); 2407 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2408 sc->cmdq[i].func = run_key_set_cb; 2409 sc->cmdq[i].arg0 = NULL; 2410 sc->cmdq[i].arg1 = vap; 2411 sc->cmdq[i].k = k; 2412 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2413 ieee80211_runtask(ic, &sc->cmdq_task); 2414 2415 /* 2416 * To make sure key will be set when hostapd 2417 * calls iv_key_set() before if_init(). 2418 */ 2419 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2420 RUN_LOCK(sc); 2421 sc->cmdq_key_set = RUN_CMDQ_GO; 2422 RUN_UNLOCK(sc); 2423 } 2424 2425 return (1); 2426 } 2427 2428 /* 2429 * If wlan is destroyed without being brought down i.e. without 2430 * wlan down or wpa_cli terminate, this function is called after 2431 * vap is gone. Don't refer it. 2432 */ 2433 static void 2434 run_key_delete_cb(void *arg) 2435 { 2436 struct run_cmdq *cmdq = arg; 2437 struct run_softc *sc = cmdq->arg1; 2438 struct ieee80211_key *k = &cmdq->key; 2439 uint32_t attr; 2440 uint8_t wcid; 2441 2442 RUN_LOCK_ASSERT(sc, MA_OWNED); 2443 2444 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2445 /* remove group key */ 2446 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2447 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2448 attr &= ~(0xf << (k->wk_keyix * 4)); 2449 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2450 } else { 2451 /* remove pairwise key */ 2452 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2453 "removing key for wcid %x\n", k->wk_pad); 2454 /* matching wcid was written to wk_pad in run_key_set() */ 2455 wcid = k->wk_pad; 2456 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2457 attr &= ~0xf; 2458 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2459 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2460 } 2461 2462 k->wk_pad = 0; 2463 } 2464 2465 /* 2466 * return 0 on error 2467 */ 2468 static int 2469 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2470 { 2471 struct ieee80211com *ic = vap->iv_ic; 2472 struct run_softc *sc = ic->ic_softc; 2473 struct ieee80211_key *k0; 2474 uint32_t i; 2475 2476 /* 2477 * When called back, key might be gone. So, make a copy 2478 * of some values need to delete keys before deferring. 2479 * But, because of LOR with node lock, cannot use lock here. 2480 * So, use atomic instead. 2481 */ 2482 i = RUN_CMDQ_GET(&sc->cmdq_store); 2483 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2484 sc->cmdq[i].func = run_key_delete_cb; 2485 sc->cmdq[i].arg0 = NULL; 2486 sc->cmdq[i].arg1 = sc; 2487 k0 = &sc->cmdq[i].key; 2488 k0->wk_flags = k->wk_flags; 2489 k0->wk_keyix = k->wk_keyix; 2490 /* matching wcid was written to wk_pad in run_key_set() */ 2491 k0->wk_pad = k->wk_pad; 2492 ieee80211_runtask(ic, &sc->cmdq_task); 2493 return (1); /* return fake success */ 2494 2495 } 2496 2497 static void 2498 run_ratectl_to(void *arg) 2499 { 2500 struct run_softc *sc = arg; 2501 2502 /* do it in a process context, so it can go sleep */ 2503 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2504 /* next timeout will be rescheduled in the callback task */ 2505 } 2506 2507 /* ARGSUSED */ 2508 static void 2509 run_ratectl_cb(void *arg, int pending) 2510 { 2511 struct run_softc *sc = arg; 2512 struct ieee80211com *ic = &sc->sc_ic; 2513 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2514 2515 if (vap == NULL) 2516 return; 2517 2518 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2519 /* 2520 * run_reset_livelock() doesn't do anything with AMRR, 2521 * but Ralink wants us to call it every 1 sec. So, we 2522 * piggyback here rather than creating another callout. 2523 * Livelock may occur only in HOSTAP or IBSS mode 2524 * (when h/w is sending beacons). 2525 */ 2526 RUN_LOCK(sc); 2527 run_reset_livelock(sc); 2528 /* just in case, there are some stats to drain */ 2529 run_drain_fifo(sc); 2530 RUN_UNLOCK(sc); 2531 } 2532 2533 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2534 2535 RUN_LOCK(sc); 2536 if(sc->ratectl_run != RUN_RATECTL_OFF) 2537 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2538 RUN_UNLOCK(sc); 2539 } 2540 2541 static void 2542 run_drain_fifo(void *arg) 2543 { 2544 struct run_softc *sc = arg; 2545 uint32_t stat; 2546 uint16_t (*wstat)[3]; 2547 uint8_t wcid, mcs, pid; 2548 int8_t retry; 2549 2550 RUN_LOCK_ASSERT(sc, MA_OWNED); 2551 2552 for (;;) { 2553 /* drain Tx status FIFO (maxsize = 16) */ 2554 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2555 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2556 if (!(stat & RT2860_TXQ_VLD)) 2557 break; 2558 2559 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2560 2561 /* if no ACK was requested, no feedback is available */ 2562 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2563 wcid == 0) 2564 continue; 2565 2566 /* 2567 * Even though each stat is Tx-complete-status like format, 2568 * the device can poll stats. Because there is no guarantee 2569 * that the referring node is still around when read the stats. 2570 * So that, if we use ieee80211_ratectl_tx_update(), we will 2571 * have hard time not to refer already freed node. 2572 * 2573 * To eliminate such page faults, we poll stats in softc. 2574 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2575 */ 2576 wstat = &(sc->wcid_stats[wcid]); 2577 (*wstat)[RUN_TXCNT]++; 2578 if (stat & RT2860_TXQ_OK) 2579 (*wstat)[RUN_SUCCESS]++; 2580 else 2581 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2582 /* 2583 * Check if there were retries, ie if the Tx success rate is 2584 * different from the requested rate. Note that it works only 2585 * because we do not allow rate fallback from OFDM to CCK. 2586 */ 2587 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2588 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2589 if ((retry = pid -1 - mcs) > 0) { 2590 (*wstat)[RUN_TXCNT] += retry; 2591 (*wstat)[RUN_RETRY] += retry; 2592 } 2593 } 2594 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2595 2596 sc->fifo_cnt = 0; 2597 } 2598 2599 static void 2600 run_iter_func(void *arg, struct ieee80211_node *ni) 2601 { 2602 struct run_softc *sc = arg; 2603 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2604 struct ieee80211vap *vap = ni->ni_vap; 2605 struct run_node *rn = RUN_NODE(ni); 2606 union run_stats sta[2]; 2607 uint16_t (*wstat)[3]; 2608 int error; 2609 2610 RUN_LOCK(sc); 2611 2612 /* Check for special case */ 2613 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2614 ni != vap->iv_bss) 2615 goto fail; 2616 2617 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2618 IEEE80211_RATECTL_TX_STATS_RETRIES; 2619 txs->ni = ni; 2620 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2621 vap->iv_opmode == IEEE80211_M_STA)) { 2622 /* read statistic counters (clear on read) and update AMRR state */ 2623 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2624 sizeof sta); 2625 if (error != 0) 2626 goto fail; 2627 2628 /* count failed TX as errors */ 2629 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2630 le16toh(sta[0].error.fail)); 2631 2632 txs->nretries = le16toh(sta[1].tx.retry); 2633 txs->nsuccess = le16toh(sta[1].tx.success); 2634 /* nretries??? */ 2635 txs->nframes = txs->nretries + txs->nsuccess + 2636 le16toh(sta[0].error.fail); 2637 2638 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2639 "retrycnt=%d success=%d failcnt=%d\n", 2640 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2641 } else { 2642 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2643 2644 if (wstat == &(sc->wcid_stats[0]) || 2645 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2646 goto fail; 2647 2648 txs->nretries = (*wstat)[RUN_RETRY]; 2649 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2650 txs->nframes = (*wstat)[RUN_TXCNT]; 2651 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2652 "retrycnt=%d txcnt=%d success=%d\n", 2653 txs->nretries, txs->nframes, txs->nsuccess); 2654 2655 memset(wstat, 0, sizeof(*wstat)); 2656 } 2657 2658 ieee80211_ratectl_tx_update(vap, txs); 2659 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2660 2661 fail: 2662 RUN_UNLOCK(sc); 2663 2664 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2665 } 2666 2667 static void 2668 run_newassoc_cb(void *arg) 2669 { 2670 struct run_cmdq *cmdq = arg; 2671 struct ieee80211_node *ni = cmdq->arg1; 2672 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2673 uint8_t wcid = cmdq->wcid; 2674 2675 RUN_LOCK_ASSERT(sc, MA_OWNED); 2676 2677 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2678 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2679 2680 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2681 } 2682 2683 static void 2684 run_newassoc(struct ieee80211_node *ni, int isnew) 2685 { 2686 struct run_node *rn = RUN_NODE(ni); 2687 struct ieee80211_rateset *rs = &ni->ni_rates; 2688 struct ieee80211vap *vap = ni->ni_vap; 2689 struct ieee80211com *ic = vap->iv_ic; 2690 struct run_softc *sc = ic->ic_softc; 2691 uint8_t rate; 2692 uint8_t ridx; 2693 uint8_t wcid; 2694 int i, j; 2695 2696 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2697 1 : RUN_AID2WCID(ni->ni_associd); 2698 2699 if (wcid > RT2870_WCID_MAX) { 2700 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2701 return; 2702 } 2703 2704 /* only interested in true associations */ 2705 if (isnew && ni->ni_associd != 0) { 2706 2707 /* 2708 * This function could is called though timeout function. 2709 * Need to defer. 2710 */ 2711 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2712 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2713 sc->cmdq[cnt].func = run_newassoc_cb; 2714 sc->cmdq[cnt].arg0 = NULL; 2715 sc->cmdq[cnt].arg1 = ni; 2716 sc->cmdq[cnt].wcid = wcid; 2717 ieee80211_runtask(ic, &sc->cmdq_task); 2718 } 2719 2720 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2721 "new assoc isnew=%d associd=%x addr=%s\n", 2722 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2723 2724 for (i = 0; i < rs->rs_nrates; i++) { 2725 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2726 /* convert 802.11 rate to hardware rate index */ 2727 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2728 if (rt2860_rates[ridx].rate == rate) 2729 break; 2730 rn->ridx[i] = ridx; 2731 /* determine rate of control response frames */ 2732 for (j = i; j >= 0; j--) { 2733 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2734 rt2860_rates[rn->ridx[i]].phy == 2735 rt2860_rates[rn->ridx[j]].phy) 2736 break; 2737 } 2738 if (j >= 0) { 2739 rn->ctl_ridx[i] = rn->ridx[j]; 2740 } else { 2741 /* no basic rate found, use mandatory one */ 2742 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2743 } 2744 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2745 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2746 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2747 } 2748 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2749 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2750 if (rt2860_rates[ridx].rate == rate) 2751 break; 2752 rn->mgt_ridx = ridx; 2753 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2754 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2755 2756 RUN_LOCK(sc); 2757 if(sc->ratectl_run != RUN_RATECTL_OFF) 2758 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2759 RUN_UNLOCK(sc); 2760 } 2761 2762 /* 2763 * Return the Rx chain with the highest RSSI for a given frame. 2764 */ 2765 static __inline uint8_t 2766 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2767 { 2768 uint8_t rxchain = 0; 2769 2770 if (sc->nrxchains > 1) { 2771 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2772 rxchain = 1; 2773 if (sc->nrxchains > 2) 2774 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2775 rxchain = 2; 2776 } 2777 return (rxchain); 2778 } 2779 2780 static void 2781 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2782 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2783 { 2784 struct ieee80211vap *vap = ni->ni_vap; 2785 struct run_softc *sc = vap->iv_ic->ic_softc; 2786 struct run_vap *rvp = RUN_VAP(vap); 2787 uint64_t ni_tstamp, rx_tstamp; 2788 2789 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2790 2791 if (vap->iv_state == IEEE80211_S_RUN && 2792 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2793 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2794 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2795 RUN_LOCK(sc); 2796 run_get_tsf(sc, &rx_tstamp); 2797 RUN_UNLOCK(sc); 2798 rx_tstamp = le64toh(rx_tstamp); 2799 2800 if (ni_tstamp >= rx_tstamp) { 2801 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2802 "ibss merge, tsf %ju tstamp %ju\n", 2803 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2804 (void) ieee80211_ibss_merge(ni); 2805 } 2806 } 2807 } 2808 2809 static void 2810 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2811 { 2812 struct ieee80211com *ic = &sc->sc_ic; 2813 struct ieee80211_frame *wh; 2814 struct ieee80211_node *ni; 2815 struct epoch_tracker et; 2816 struct rt2870_rxd *rxd; 2817 struct rt2860_rxwi *rxwi; 2818 uint32_t flags; 2819 uint16_t len, rxwisize; 2820 uint8_t ant, rssi; 2821 int8_t nf; 2822 2823 rxwisize = sizeof(struct rt2860_rxwi); 2824 if (sc->mac_ver == 0x5592) 2825 rxwisize += sizeof(uint64_t); 2826 else if (sc->mac_ver == 0x3593) 2827 rxwisize += sizeof(uint32_t); 2828 2829 if (__predict_false(dmalen < 2830 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2831 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2832 "payload is too short: dma length %u < %zu\n", 2833 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2834 goto fail; 2835 } 2836 2837 rxwi = mtod(m, struct rt2860_rxwi *); 2838 len = le16toh(rxwi->len) & 0xfff; 2839 2840 if (__predict_false(len > dmalen - rxwisize)) { 2841 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2842 "bad RXWI length %u > %u\n", len, dmalen); 2843 goto fail; 2844 } 2845 2846 /* Rx descriptor is located at the end */ 2847 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2848 flags = le32toh(rxd->flags); 2849 2850 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2851 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2852 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2853 goto fail; 2854 } 2855 2856 if (flags & RT2860_RX_L2PAD) { 2857 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2858 "received RT2860_RX_L2PAD frame\n"); 2859 len += 2; 2860 } 2861 2862 m->m_data += rxwisize; 2863 m->m_pkthdr.len = m->m_len = len; 2864 2865 wh = mtod(m, struct ieee80211_frame *); 2866 2867 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 && 2868 (flags & RT2860_RX_DEC) != 0) { 2869 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2870 m->m_flags |= M_WEP; 2871 } 2872 2873 if (len >= sizeof(struct ieee80211_frame_min)) { 2874 ni = ieee80211_find_rxnode(ic, 2875 mtod(m, struct ieee80211_frame_min *)); 2876 } else 2877 ni = NULL; 2878 2879 if (__predict_false(flags & RT2860_RX_MICERR)) { 2880 /* report MIC failures to net80211 for TKIP */ 2881 if (ni != NULL) 2882 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2883 rxwi->keyidx); 2884 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2885 "MIC error. Someone is lying.\n"); 2886 goto fail; 2887 } 2888 2889 ant = run_maxrssi_chain(sc, rxwi); 2890 rssi = rxwi->rssi[ant]; 2891 nf = run_rssi2dbm(sc, rssi, ant); 2892 2893 if (__predict_false(ieee80211_radiotap_active(ic))) { 2894 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2895 uint16_t phy; 2896 2897 tap->wr_flags = 0; 2898 if (flags & RT2860_RX_L2PAD) 2899 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 2900 tap->wr_antsignal = rssi; 2901 tap->wr_antenna = ant; 2902 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2903 tap->wr_rate = 2; /* in case it can't be found below */ 2904 RUN_LOCK(sc); 2905 run_get_tsf(sc, &tap->wr_tsf); 2906 RUN_UNLOCK(sc); 2907 phy = le16toh(rxwi->phy); 2908 switch (phy & RT2860_PHY_MODE) { 2909 case RT2860_PHY_CCK: 2910 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2911 case 0: tap->wr_rate = 2; break; 2912 case 1: tap->wr_rate = 4; break; 2913 case 2: tap->wr_rate = 11; break; 2914 case 3: tap->wr_rate = 22; break; 2915 } 2916 if (phy & RT2860_PHY_SHPRE) 2917 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2918 break; 2919 case RT2860_PHY_OFDM: 2920 switch (phy & RT2860_PHY_MCS) { 2921 case 0: tap->wr_rate = 12; break; 2922 case 1: tap->wr_rate = 18; break; 2923 case 2: tap->wr_rate = 24; break; 2924 case 3: tap->wr_rate = 36; break; 2925 case 4: tap->wr_rate = 48; break; 2926 case 5: tap->wr_rate = 72; break; 2927 case 6: tap->wr_rate = 96; break; 2928 case 7: tap->wr_rate = 108; break; 2929 } 2930 break; 2931 } 2932 } 2933 2934 NET_EPOCH_ENTER(et); 2935 if (ni != NULL) { 2936 (void)ieee80211_input(ni, m, rssi, nf); 2937 ieee80211_free_node(ni); 2938 } else { 2939 (void)ieee80211_input_all(ic, m, rssi, nf); 2940 } 2941 NET_EPOCH_EXIT(et); 2942 2943 return; 2944 2945 fail: 2946 m_freem(m); 2947 counter_u64_add(ic->ic_ierrors, 1); 2948 } 2949 2950 static void 2951 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2952 { 2953 struct run_softc *sc = usbd_xfer_softc(xfer); 2954 struct ieee80211com *ic = &sc->sc_ic; 2955 struct mbuf *m = NULL; 2956 struct mbuf *m0; 2957 uint32_t dmalen, mbuf_len; 2958 uint16_t rxwisize; 2959 int xferlen; 2960 2961 rxwisize = sizeof(struct rt2860_rxwi); 2962 if (sc->mac_ver == 0x5592) 2963 rxwisize += sizeof(uint64_t); 2964 else if (sc->mac_ver == 0x3593) 2965 rxwisize += sizeof(uint32_t); 2966 2967 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2968 2969 switch (USB_GET_STATE(xfer)) { 2970 case USB_ST_TRANSFERRED: 2971 2972 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2973 "rx done, actlen=%d\n", xferlen); 2974 2975 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2976 sizeof(struct rt2870_rxd))) { 2977 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2978 "xfer too short %d\n", xferlen); 2979 goto tr_setup; 2980 } 2981 2982 m = sc->rx_m; 2983 sc->rx_m = NULL; 2984 2985 /* FALLTHROUGH */ 2986 case USB_ST_SETUP: 2987 tr_setup: 2988 if (sc->rx_m == NULL) { 2989 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2990 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2991 } 2992 if (sc->rx_m == NULL) { 2993 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2994 "could not allocate mbuf - idle with stall\n"); 2995 counter_u64_add(ic->ic_ierrors, 1); 2996 usbd_xfer_set_stall(xfer); 2997 usbd_xfer_set_frames(xfer, 0); 2998 } else { 2999 /* 3000 * Directly loading a mbuf cluster into DMA to 3001 * save some data copying. This works because 3002 * there is only one cluster. 3003 */ 3004 usbd_xfer_set_frame_data(xfer, 0, 3005 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3006 usbd_xfer_set_frames(xfer, 1); 3007 } 3008 usbd_transfer_submit(xfer); 3009 break; 3010 3011 default: /* Error */ 3012 if (error != USB_ERR_CANCELLED) { 3013 /* try to clear stall first */ 3014 usbd_xfer_set_stall(xfer); 3015 if (error == USB_ERR_TIMEOUT) 3016 device_printf(sc->sc_dev, "device timeout\n"); 3017 counter_u64_add(ic->ic_ierrors, 1); 3018 goto tr_setup; 3019 } 3020 if (sc->rx_m != NULL) { 3021 m_freem(sc->rx_m); 3022 sc->rx_m = NULL; 3023 } 3024 break; 3025 } 3026 3027 if (m == NULL) 3028 return; 3029 3030 /* inputting all the frames must be last */ 3031 3032 RUN_UNLOCK(sc); 3033 3034 m->m_pkthdr.len = m->m_len = xferlen; 3035 3036 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3037 for(;;) { 3038 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3039 3040 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3041 ((dmalen & 3) != 0)) { 3042 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3043 "bad DMA length %u\n", dmalen); 3044 break; 3045 } 3046 if ((dmalen + 8) > (uint32_t)xferlen) { 3047 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3048 "bad DMA length %u > %d\n", 3049 dmalen + 8, xferlen); 3050 break; 3051 } 3052 3053 /* If it is the last one or a single frame, we won't copy. */ 3054 if ((xferlen -= dmalen + 8) <= 8) { 3055 /* trim 32-bit DMA-len header */ 3056 m->m_data += 4; 3057 m->m_pkthdr.len = m->m_len -= 4; 3058 run_rx_frame(sc, m, dmalen); 3059 m = NULL; /* don't free source buffer */ 3060 break; 3061 } 3062 3063 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3064 if (__predict_false(mbuf_len > MCLBYTES)) { 3065 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3066 "payload is too big: mbuf_len %u\n", mbuf_len); 3067 counter_u64_add(ic->ic_ierrors, 1); 3068 break; 3069 } 3070 3071 /* copy aggregated frames to another mbuf */ 3072 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3073 if (__predict_false(m0 == NULL)) { 3074 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3075 "could not allocate mbuf\n"); 3076 counter_u64_add(ic->ic_ierrors, 1); 3077 break; 3078 } 3079 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3080 mbuf_len, mtod(m0, caddr_t)); 3081 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3082 run_rx_frame(sc, m0, dmalen); 3083 3084 /* update data ptr */ 3085 m->m_data += mbuf_len + 4; 3086 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3087 } 3088 3089 /* make sure we free the source buffer, if any */ 3090 m_freem(m); 3091 3092 RUN_LOCK(sc); 3093 } 3094 3095 static void 3096 run_tx_free(struct run_endpoint_queue *pq, 3097 struct run_tx_data *data, int txerr) 3098 { 3099 3100 ieee80211_tx_complete(data->ni, data->m, txerr); 3101 3102 data->m = NULL; 3103 data->ni = NULL; 3104 3105 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3106 pq->tx_nfree++; 3107 } 3108 3109 static void 3110 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3111 { 3112 struct run_softc *sc = usbd_xfer_softc(xfer); 3113 struct ieee80211com *ic = &sc->sc_ic; 3114 struct run_tx_data *data; 3115 struct ieee80211vap *vap = NULL; 3116 struct usb_page_cache *pc; 3117 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3118 struct mbuf *m; 3119 usb_frlength_t size; 3120 int actlen; 3121 int sumlen; 3122 3123 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3124 3125 switch (USB_GET_STATE(xfer)) { 3126 case USB_ST_TRANSFERRED: 3127 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3128 "transfer complete: %d bytes @ index %d\n", actlen, index); 3129 3130 data = usbd_xfer_get_priv(xfer); 3131 run_tx_free(pq, data, 0); 3132 usbd_xfer_set_priv(xfer, NULL); 3133 3134 /* FALLTHROUGH */ 3135 case USB_ST_SETUP: 3136 tr_setup: 3137 data = STAILQ_FIRST(&pq->tx_qh); 3138 if (data == NULL) 3139 break; 3140 3141 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3142 3143 m = data->m; 3144 size = (sc->mac_ver == 0x5592) ? 3145 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3146 if ((m->m_pkthdr.len + 3147 size + 3 + 8) > RUN_MAX_TXSZ) { 3148 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3149 "data overflow, %u bytes\n", m->m_pkthdr.len); 3150 run_tx_free(pq, data, 1); 3151 goto tr_setup; 3152 } 3153 3154 pc = usbd_xfer_get_frame(xfer, 0); 3155 usbd_copy_in(pc, 0, &data->desc, size); 3156 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3157 size += m->m_pkthdr.len; 3158 /* 3159 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3160 * 4-byte padding), and be sure to zero those trailing 3161 * bytes: 3162 */ 3163 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3164 size += ((-size) & 3) + 8; 3165 3166 vap = data->ni->ni_vap; 3167 if (ieee80211_radiotap_active_vap(vap)) { 3168 const struct ieee80211_frame *wh; 3169 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3170 struct rt2860_txwi *txwi = 3171 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3172 int has_l2pad; 3173 3174 wh = mtod(m, struct ieee80211_frame *); 3175 has_l2pad = IEEE80211_HAS_ADDR4(wh) != 3176 IEEE80211_QOS_HAS_SEQ(wh); 3177 3178 tap->wt_flags = 0; 3179 tap->wt_rate = rt2860_rates[data->ridx].rate; 3180 tap->wt_hwqueue = index; 3181 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3182 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3183 if (has_l2pad) 3184 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 3185 3186 ieee80211_radiotap_tx(vap, m); 3187 } 3188 3189 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3190 "sending frame len=%u/%u @ index %d\n", 3191 m->m_pkthdr.len, size, index); 3192 3193 usbd_xfer_set_frame_len(xfer, 0, size); 3194 usbd_xfer_set_priv(xfer, data); 3195 usbd_transfer_submit(xfer); 3196 run_start(sc); 3197 3198 break; 3199 3200 default: 3201 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3202 "USB transfer error, %s\n", usbd_errstr(error)); 3203 3204 data = usbd_xfer_get_priv(xfer); 3205 3206 if (data != NULL) { 3207 if(data->ni != NULL) 3208 vap = data->ni->ni_vap; 3209 run_tx_free(pq, data, error); 3210 usbd_xfer_set_priv(xfer, NULL); 3211 } 3212 3213 if (vap == NULL) 3214 vap = TAILQ_FIRST(&ic->ic_vaps); 3215 3216 if (error != USB_ERR_CANCELLED) { 3217 if (error == USB_ERR_TIMEOUT) { 3218 device_printf(sc->sc_dev, "device timeout\n"); 3219 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3220 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3221 "cmdq_store=%d\n", i); 3222 sc->cmdq[i].func = run_usb_timeout_cb; 3223 sc->cmdq[i].arg0 = vap; 3224 ieee80211_runtask(ic, &sc->cmdq_task); 3225 } 3226 3227 /* 3228 * Try to clear stall first, also if other 3229 * errors occur, hence clearing stall 3230 * introduces a 50 ms delay: 3231 */ 3232 usbd_xfer_set_stall(xfer); 3233 goto tr_setup; 3234 } 3235 break; 3236 } 3237 } 3238 3239 static void 3240 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3241 { 3242 run_bulk_tx_callbackN(xfer, error, 0); 3243 } 3244 3245 static void 3246 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3247 { 3248 run_bulk_tx_callbackN(xfer, error, 1); 3249 } 3250 3251 static void 3252 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3253 { 3254 run_bulk_tx_callbackN(xfer, error, 2); 3255 } 3256 3257 static void 3258 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3259 { 3260 run_bulk_tx_callbackN(xfer, error, 3); 3261 } 3262 3263 static void 3264 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3265 { 3266 run_bulk_tx_callbackN(xfer, error, 4); 3267 } 3268 3269 static void 3270 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3271 { 3272 run_bulk_tx_callbackN(xfer, error, 5); 3273 } 3274 3275 static void 3276 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3277 { 3278 struct mbuf *m = data->m; 3279 struct ieee80211com *ic = &sc->sc_ic; 3280 struct ieee80211vap *vap = data->ni->ni_vap; 3281 struct ieee80211_frame *wh; 3282 struct rt2870_txd *txd; 3283 struct rt2860_txwi *txwi; 3284 uint16_t xferlen, txwisize; 3285 uint16_t mcs; 3286 uint8_t ridx = data->ridx; 3287 uint8_t pad; 3288 3289 /* get MCS code from rate index */ 3290 mcs = rt2860_rates[ridx].mcs; 3291 3292 txwisize = (sc->mac_ver == 0x5592) ? 3293 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3294 xferlen = txwisize + m->m_pkthdr.len; 3295 3296 /* roundup to 32-bit alignment */ 3297 xferlen = (xferlen + 3) & ~3; 3298 3299 txd = (struct rt2870_txd *)&data->desc; 3300 txd->len = htole16(xferlen); 3301 3302 wh = mtod(m, struct ieee80211_frame *); 3303 3304 /* 3305 * Ether both are true or both are false, the header 3306 * are nicely aligned to 32-bit. So, no L2 padding. 3307 */ 3308 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3309 pad = 0; 3310 else 3311 pad = 2; 3312 3313 /* setup TX Wireless Information */ 3314 txwi = (struct rt2860_txwi *)(txd + 1); 3315 txwi->len = htole16(m->m_pkthdr.len - pad); 3316 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3317 mcs |= RT2860_PHY_CCK; 3318 if (ridx != RT2860_RIDX_CCK1 && 3319 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3320 mcs |= RT2860_PHY_SHPRE; 3321 } else 3322 mcs |= RT2860_PHY_OFDM; 3323 txwi->phy = htole16(mcs); 3324 3325 /* check if RTS/CTS or CTS-to-self protection is required */ 3326 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3327 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3328 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3329 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3330 txwi->txop |= RT2860_TX_TXOP_HT; 3331 else 3332 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3333 3334 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3335 txwi->xflags |= RT2860_TX_NSEQ; 3336 } 3337 3338 /* This function must be called locked */ 3339 static int 3340 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3341 { 3342 struct ieee80211com *ic = &sc->sc_ic; 3343 struct ieee80211vap *vap = ni->ni_vap; 3344 struct ieee80211_frame *wh; 3345 const struct ieee80211_txparam *tp = ni->ni_txparms; 3346 struct run_node *rn = RUN_NODE(ni); 3347 struct run_tx_data *data; 3348 struct rt2870_txd *txd; 3349 struct rt2860_txwi *txwi; 3350 uint16_t qos; 3351 uint16_t dur; 3352 uint16_t qid; 3353 uint8_t type; 3354 uint8_t tid; 3355 uint8_t ridx; 3356 uint8_t ctl_ridx; 3357 uint8_t qflags; 3358 uint8_t xflags = 0; 3359 int hasqos; 3360 3361 RUN_LOCK_ASSERT(sc, MA_OWNED); 3362 3363 wh = mtod(m, struct ieee80211_frame *); 3364 3365 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3366 3367 /* 3368 * There are 7 bulk endpoints: 1 for RX 3369 * and 6 for TX (4 EDCAs + HCCA + Prio). 3370 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3371 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3372 */ 3373 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3374 uint8_t *frm; 3375 3376 frm = ieee80211_getqos(wh); 3377 qos = le16toh(*(const uint16_t *)frm); 3378 tid = qos & IEEE80211_QOS_TID; 3379 qid = TID_TO_WME_AC(tid); 3380 } else { 3381 qos = 0; 3382 tid = 0; 3383 qid = WME_AC_BE; 3384 } 3385 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3386 3387 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3388 qos, qid, tid, qflags); 3389 3390 /* pickup a rate index */ 3391 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3392 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3393 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3394 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3395 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3396 } else { 3397 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3398 ridx = rn->fix_ridx; 3399 else 3400 ridx = rn->amrr_ridx; 3401 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3402 } 3403 3404 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3405 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3406 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3407 xflags |= RT2860_TX_ACK; 3408 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3409 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3410 else 3411 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3412 USETW(wh->i_dur, dur); 3413 } 3414 3415 /* reserve slots for mgmt packets, just in case */ 3416 if (sc->sc_epq[qid].tx_nfree < 3) { 3417 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3418 return (-1); 3419 } 3420 3421 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3422 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3423 sc->sc_epq[qid].tx_nfree--; 3424 3425 txd = (struct rt2870_txd *)&data->desc; 3426 txd->flags = qflags; 3427 txwi = (struct rt2860_txwi *)(txd + 1); 3428 txwi->xflags = xflags; 3429 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3430 txwi->wcid = 0; 3431 else 3432 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3433 1 : RUN_AID2WCID(ni->ni_associd); 3434 3435 /* clear leftover garbage bits */ 3436 txwi->flags = 0; 3437 txwi->txop = 0; 3438 3439 data->m = m; 3440 data->ni = ni; 3441 data->ridx = ridx; 3442 3443 run_set_tx_desc(sc, data); 3444 3445 /* 3446 * The chip keeps track of 2 kind of Tx stats, 3447 * * TX_STAT_FIFO, for per WCID stats, and 3448 * * TX_STA_CNT0 for all-TX-in-one stats. 3449 * 3450 * To use FIFO stats, we need to store MCS into the driver-private 3451 * PacketID field. So that, we can tell whose stats when we read them. 3452 * We add 1 to the MCS because setting the PacketID field to 0 means 3453 * that we don't want feedback in TX_STAT_FIFO. 3454 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3455 * 3456 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3457 */ 3458 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3459 vap->iv_opmode == IEEE80211_M_MBSS) { 3460 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3461 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3462 3463 /* 3464 * Unlike PCI based devices, we don't get any interrupt from 3465 * USB devices, so we simulate FIFO-is-full interrupt here. 3466 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3467 * quickly get fulled. To prevent overflow, increment a counter on 3468 * every FIFO stat request, so we know how many slots are left. 3469 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3470 * are used only in those modes. 3471 * We just drain stats. AMRR gets updated every 1 sec by 3472 * run_ratectl_cb() via callout. 3473 * Call it early. Otherwise overflow. 3474 */ 3475 if (sc->fifo_cnt++ == 10) { 3476 /* 3477 * With multiple vaps or if_bridge, if_start() is called 3478 * with a non-sleepable lock, tcpinp. So, need to defer. 3479 */ 3480 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3481 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3482 sc->cmdq[i].func = run_drain_fifo; 3483 sc->cmdq[i].arg0 = sc; 3484 ieee80211_runtask(ic, &sc->cmdq_task); 3485 } 3486 } 3487 3488 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3489 3490 usbd_transfer_start(sc->sc_xfer[qid]); 3491 3492 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3493 "sending data frame len=%d rate=%d qid=%d\n", 3494 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3495 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3496 3497 return (0); 3498 } 3499 3500 static int 3501 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3502 { 3503 struct ieee80211com *ic = &sc->sc_ic; 3504 struct run_node *rn = RUN_NODE(ni); 3505 struct run_tx_data *data; 3506 struct ieee80211_frame *wh; 3507 struct rt2870_txd *txd; 3508 struct rt2860_txwi *txwi; 3509 uint16_t dur; 3510 uint8_t ridx = rn->mgt_ridx; 3511 uint8_t xflags = 0; 3512 uint8_t wflags = 0; 3513 3514 RUN_LOCK_ASSERT(sc, MA_OWNED); 3515 3516 wh = mtod(m, struct ieee80211_frame *); 3517 3518 /* tell hardware to add timestamp for probe responses */ 3519 if ((wh->i_fc[0] & 3520 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3521 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3522 wflags |= RT2860_TX_TS; 3523 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3524 xflags |= RT2860_TX_ACK; 3525 3526 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3527 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3528 USETW(wh->i_dur, dur); 3529 } 3530 3531 if (sc->sc_epq[0].tx_nfree == 0) 3532 /* let caller free mbuf */ 3533 return (EIO); 3534 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3535 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3536 sc->sc_epq[0].tx_nfree--; 3537 3538 txd = (struct rt2870_txd *)&data->desc; 3539 txd->flags = RT2860_TX_QSEL_EDCA; 3540 txwi = (struct rt2860_txwi *)(txd + 1); 3541 txwi->wcid = 0xff; 3542 txwi->flags = wflags; 3543 txwi->xflags = xflags; 3544 txwi->txop = 0; /* clear leftover garbage bits */ 3545 3546 data->m = m; 3547 data->ni = ni; 3548 data->ridx = ridx; 3549 3550 run_set_tx_desc(sc, data); 3551 3552 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3553 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3554 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3555 3556 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3557 3558 usbd_transfer_start(sc->sc_xfer[0]); 3559 3560 return (0); 3561 } 3562 3563 static int 3564 run_sendprot(struct run_softc *sc, 3565 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3566 { 3567 struct ieee80211com *ic = ni->ni_ic; 3568 struct run_tx_data *data; 3569 struct rt2870_txd *txd; 3570 struct rt2860_txwi *txwi; 3571 struct mbuf *mprot; 3572 int ridx; 3573 int protrate; 3574 uint8_t wflags = 0; 3575 uint8_t xflags = 0; 3576 3577 RUN_LOCK_ASSERT(sc, MA_OWNED); 3578 3579 /* check that there are free slots before allocating the mbuf */ 3580 if (sc->sc_epq[0].tx_nfree == 0) 3581 /* let caller free mbuf */ 3582 return (ENOBUFS); 3583 3584 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3585 if (mprot == NULL) { 3586 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3587 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3588 return (ENOBUFS); 3589 } 3590 3591 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3592 wflags = RT2860_TX_FRAG; 3593 xflags = 0; 3594 if (prot == IEEE80211_PROT_RTSCTS) 3595 xflags |= RT2860_TX_ACK; 3596 3597 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3598 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3599 sc->sc_epq[0].tx_nfree--; 3600 3601 txd = (struct rt2870_txd *)&data->desc; 3602 txd->flags = RT2860_TX_QSEL_EDCA; 3603 txwi = (struct rt2860_txwi *)(txd + 1); 3604 txwi->wcid = 0xff; 3605 txwi->flags = wflags; 3606 txwi->xflags = xflags; 3607 txwi->txop = 0; /* clear leftover garbage bits */ 3608 3609 data->m = mprot; 3610 data->ni = ieee80211_ref_node(ni); 3611 3612 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3613 if (rt2860_rates[ridx].rate == protrate) 3614 break; 3615 data->ridx = ridx; 3616 3617 run_set_tx_desc(sc, data); 3618 3619 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3620 m->m_pkthdr.len, rate); 3621 3622 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3623 3624 usbd_transfer_start(sc->sc_xfer[0]); 3625 3626 return (0); 3627 } 3628 3629 static int 3630 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3631 const struct ieee80211_bpf_params *params) 3632 { 3633 struct ieee80211com *ic = ni->ni_ic; 3634 struct run_tx_data *data; 3635 struct rt2870_txd *txd; 3636 struct rt2860_txwi *txwi; 3637 uint8_t ridx; 3638 uint8_t rate; 3639 uint8_t opflags = 0; 3640 uint8_t xflags = 0; 3641 int error; 3642 3643 RUN_LOCK_ASSERT(sc, MA_OWNED); 3644 3645 KASSERT(params != NULL, ("no raw xmit params")); 3646 3647 rate = params->ibp_rate0; 3648 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3649 /* let caller free mbuf */ 3650 return (EINVAL); 3651 } 3652 3653 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3654 xflags |= RT2860_TX_ACK; 3655 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3656 error = run_sendprot(sc, m, ni, 3657 params->ibp_flags & IEEE80211_BPF_RTS ? 3658 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3659 rate); 3660 if (error) { 3661 /* let caller free mbuf */ 3662 return error; 3663 } 3664 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3665 } 3666 3667 if (sc->sc_epq[0].tx_nfree == 0) { 3668 /* let caller free mbuf */ 3669 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3670 "sending raw frame, but tx ring is full\n"); 3671 return (EIO); 3672 } 3673 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3674 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3675 sc->sc_epq[0].tx_nfree--; 3676 3677 txd = (struct rt2870_txd *)&data->desc; 3678 txd->flags = RT2860_TX_QSEL_EDCA; 3679 txwi = (struct rt2860_txwi *)(txd + 1); 3680 txwi->wcid = 0xff; 3681 txwi->xflags = xflags; 3682 txwi->txop = opflags; 3683 txwi->flags = 0; /* clear leftover garbage bits */ 3684 3685 data->m = m; 3686 data->ni = ni; 3687 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3688 if (rt2860_rates[ridx].rate == rate) 3689 break; 3690 data->ridx = ridx; 3691 3692 run_set_tx_desc(sc, data); 3693 3694 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3695 m->m_pkthdr.len, rate); 3696 3697 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3698 3699 usbd_transfer_start(sc->sc_xfer[0]); 3700 3701 return (0); 3702 } 3703 3704 static int 3705 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3706 const struct ieee80211_bpf_params *params) 3707 { 3708 struct run_softc *sc = ni->ni_ic->ic_softc; 3709 int error = 0; 3710 3711 RUN_LOCK(sc); 3712 3713 /* prevent management frames from being sent if we're not ready */ 3714 if (!(sc->sc_flags & RUN_RUNNING)) { 3715 error = ENETDOWN; 3716 goto done; 3717 } 3718 3719 if (params == NULL) { 3720 /* tx mgt packet */ 3721 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3722 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3723 goto done; 3724 } 3725 } else { 3726 /* tx raw packet with param */ 3727 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3728 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3729 goto done; 3730 } 3731 } 3732 3733 done: 3734 RUN_UNLOCK(sc); 3735 3736 if (error != 0) { 3737 if(m != NULL) 3738 m_freem(m); 3739 } 3740 3741 return (error); 3742 } 3743 3744 static int 3745 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3746 { 3747 struct run_softc *sc = ic->ic_softc; 3748 int error; 3749 3750 RUN_LOCK(sc); 3751 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3752 RUN_UNLOCK(sc); 3753 return (ENXIO); 3754 } 3755 error = mbufq_enqueue(&sc->sc_snd, m); 3756 if (error) { 3757 RUN_UNLOCK(sc); 3758 return (error); 3759 } 3760 run_start(sc); 3761 RUN_UNLOCK(sc); 3762 3763 return (0); 3764 } 3765 3766 static void 3767 run_start(struct run_softc *sc) 3768 { 3769 struct ieee80211_node *ni; 3770 struct mbuf *m; 3771 3772 RUN_LOCK_ASSERT(sc, MA_OWNED); 3773 3774 if ((sc->sc_flags & RUN_RUNNING) == 0) 3775 return; 3776 3777 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3778 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3779 if (run_tx(sc, m, ni) != 0) { 3780 mbufq_prepend(&sc->sc_snd, m); 3781 break; 3782 } 3783 } 3784 } 3785 3786 static void 3787 run_parent(struct ieee80211com *ic) 3788 { 3789 struct run_softc *sc = ic->ic_softc; 3790 int startall = 0; 3791 3792 RUN_LOCK(sc); 3793 if (sc->sc_detached) { 3794 RUN_UNLOCK(sc); 3795 return; 3796 } 3797 3798 if (ic->ic_nrunning > 0) { 3799 if (!(sc->sc_flags & RUN_RUNNING)) { 3800 startall = 1; 3801 run_init_locked(sc); 3802 } else 3803 run_update_promisc_locked(sc); 3804 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3805 run_stop(sc); 3806 RUN_UNLOCK(sc); 3807 if (startall) 3808 ieee80211_start_all(ic); 3809 } 3810 3811 static void 3812 run_iq_calib(struct run_softc *sc, u_int chan) 3813 { 3814 uint16_t val; 3815 3816 /* Tx0 IQ gain. */ 3817 run_bbp_write(sc, 158, 0x2c); 3818 if (chan <= 14) 3819 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3820 else if (chan <= 64) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3823 &val, 1); 3824 } else if (chan <= 138) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3827 &val, 1); 3828 } else if (chan <= 165) { 3829 run_efuse_read(sc, 3830 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3831 &val, 1); 3832 } else 3833 val = 0; 3834 run_bbp_write(sc, 159, val); 3835 3836 /* Tx0 IQ phase. */ 3837 run_bbp_write(sc, 158, 0x2d); 3838 if (chan <= 14) { 3839 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3840 &val, 1); 3841 } else if (chan <= 64) { 3842 run_efuse_read(sc, 3843 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3844 &val, 1); 3845 } else if (chan <= 138) { 3846 run_efuse_read(sc, 3847 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3848 &val, 1); 3849 } else if (chan <= 165) { 3850 run_efuse_read(sc, 3851 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3852 &val, 1); 3853 } else 3854 val = 0; 3855 run_bbp_write(sc, 159, val); 3856 3857 /* Tx1 IQ gain. */ 3858 run_bbp_write(sc, 158, 0x4a); 3859 if (chan <= 14) { 3860 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3861 &val, 1); 3862 } else if (chan <= 64) { 3863 run_efuse_read(sc, 3864 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3865 &val, 1); 3866 } else if (chan <= 138) { 3867 run_efuse_read(sc, 3868 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3869 &val, 1); 3870 } else if (chan <= 165) { 3871 run_efuse_read(sc, 3872 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3873 &val, 1); 3874 } else 3875 val = 0; 3876 run_bbp_write(sc, 159, val); 3877 3878 /* Tx1 IQ phase. */ 3879 run_bbp_write(sc, 158, 0x4b); 3880 if (chan <= 14) { 3881 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3882 &val, 1); 3883 } else if (chan <= 64) { 3884 run_efuse_read(sc, 3885 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3886 &val, 1); 3887 } else if (chan <= 138) { 3888 run_efuse_read(sc, 3889 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3890 &val, 1); 3891 } else if (chan <= 165) { 3892 run_efuse_read(sc, 3893 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3894 &val, 1); 3895 } else 3896 val = 0; 3897 run_bbp_write(sc, 159, val); 3898 3899 /* RF IQ compensation control. */ 3900 run_bbp_write(sc, 158, 0x04); 3901 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3902 &val, 1); 3903 run_bbp_write(sc, 159, val); 3904 3905 /* RF IQ imbalance compensation control. */ 3906 run_bbp_write(sc, 158, 0x03); 3907 run_efuse_read(sc, 3908 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3909 run_bbp_write(sc, 159, val); 3910 } 3911 3912 static void 3913 run_set_agc(struct run_softc *sc, uint8_t agc) 3914 { 3915 uint8_t bbp; 3916 3917 if (sc->mac_ver == 0x3572) { 3918 run_bbp_read(sc, 27, &bbp); 3919 bbp &= ~(0x3 << 5); 3920 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3921 run_bbp_write(sc, 66, agc); 3922 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3923 run_bbp_write(sc, 66, agc); 3924 } else 3925 run_bbp_write(sc, 66, agc); 3926 } 3927 3928 static void 3929 run_select_chan_group(struct run_softc *sc, int group) 3930 { 3931 uint32_t tmp; 3932 uint8_t agc; 3933 3934 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3935 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3936 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3937 if (sc->mac_ver < 0x3572) 3938 run_bbp_write(sc, 86, 0x00); 3939 3940 if (sc->mac_ver == 0x3593) { 3941 run_bbp_write(sc, 77, 0x98); 3942 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3943 } 3944 3945 if (group == 0) { 3946 if (sc->ext_2ghz_lna) { 3947 if (sc->mac_ver >= 0x5390) 3948 run_bbp_write(sc, 75, 0x52); 3949 else { 3950 run_bbp_write(sc, 82, 0x62); 3951 run_bbp_write(sc, 75, 0x46); 3952 } 3953 } else { 3954 if (sc->mac_ver == 0x5592) { 3955 run_bbp_write(sc, 79, 0x1c); 3956 run_bbp_write(sc, 80, 0x0e); 3957 run_bbp_write(sc, 81, 0x3a); 3958 run_bbp_write(sc, 82, 0x62); 3959 3960 run_bbp_write(sc, 195, 0x80); 3961 run_bbp_write(sc, 196, 0xe0); 3962 run_bbp_write(sc, 195, 0x81); 3963 run_bbp_write(sc, 196, 0x1f); 3964 run_bbp_write(sc, 195, 0x82); 3965 run_bbp_write(sc, 196, 0x38); 3966 run_bbp_write(sc, 195, 0x83); 3967 run_bbp_write(sc, 196, 0x32); 3968 run_bbp_write(sc, 195, 0x85); 3969 run_bbp_write(sc, 196, 0x28); 3970 run_bbp_write(sc, 195, 0x86); 3971 run_bbp_write(sc, 196, 0x19); 3972 } else if (sc->mac_ver >= 0x5390) 3973 run_bbp_write(sc, 75, 0x50); 3974 else { 3975 run_bbp_write(sc, 82, 3976 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3977 run_bbp_write(sc, 75, 0x50); 3978 } 3979 } 3980 } else { 3981 if (sc->mac_ver == 0x5592) { 3982 run_bbp_write(sc, 79, 0x18); 3983 run_bbp_write(sc, 80, 0x08); 3984 run_bbp_write(sc, 81, 0x38); 3985 run_bbp_write(sc, 82, 0x92); 3986 3987 run_bbp_write(sc, 195, 0x80); 3988 run_bbp_write(sc, 196, 0xf0); 3989 run_bbp_write(sc, 195, 0x81); 3990 run_bbp_write(sc, 196, 0x1e); 3991 run_bbp_write(sc, 195, 0x82); 3992 run_bbp_write(sc, 196, 0x28); 3993 run_bbp_write(sc, 195, 0x83); 3994 run_bbp_write(sc, 196, 0x20); 3995 run_bbp_write(sc, 195, 0x85); 3996 run_bbp_write(sc, 196, 0x7f); 3997 run_bbp_write(sc, 195, 0x86); 3998 run_bbp_write(sc, 196, 0x7f); 3999 } else if (sc->mac_ver == 0x3572) 4000 run_bbp_write(sc, 82, 0x94); 4001 else 4002 run_bbp_write(sc, 82, 4003 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4004 if (sc->ext_5ghz_lna) 4005 run_bbp_write(sc, 75, 0x46); 4006 else 4007 run_bbp_write(sc, 75, 0x50); 4008 } 4009 4010 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4011 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4012 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4013 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4014 4015 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4016 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4017 if (sc->mac_ver == 0x3593) 4018 tmp |= 1 << 29 | 1 << 28; 4019 if (sc->nrxchains > 1) 4020 tmp |= RT2860_LNA_PE1_EN; 4021 if (group == 0) { /* 2GHz */ 4022 tmp |= RT2860_PA_PE_G0_EN; 4023 if (sc->ntxchains > 1) 4024 tmp |= RT2860_PA_PE_G1_EN; 4025 if (sc->mac_ver == 0x3593) { 4026 if (sc->ntxchains > 2) 4027 tmp |= 1 << 25; 4028 } 4029 } else { /* 5GHz */ 4030 tmp |= RT2860_PA_PE_A0_EN; 4031 if (sc->ntxchains > 1) 4032 tmp |= RT2860_PA_PE_A1_EN; 4033 } 4034 if (sc->mac_ver == 0x3572) { 4035 run_rt3070_rf_write(sc, 8, 0x00); 4036 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4037 run_rt3070_rf_write(sc, 8, 0x80); 4038 } else 4039 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4040 4041 if (sc->mac_ver == 0x5592) { 4042 run_bbp_write(sc, 195, 0x8d); 4043 run_bbp_write(sc, 196, 0x1a); 4044 } 4045 4046 if (sc->mac_ver == 0x3593) { 4047 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4048 tmp &= ~0x01010000; 4049 if (group == 0) 4050 tmp |= 0x00010000; 4051 tmp = (tmp & ~0x00009090) | 0x00000090; 4052 run_write(sc, RT2860_GPIO_CTRL, tmp); 4053 } 4054 4055 /* set initial AGC value */ 4056 if (group == 0) { /* 2GHz band */ 4057 if (sc->mac_ver >= 0x3070) 4058 agc = 0x1c + sc->lna[0] * 2; 4059 else 4060 agc = 0x2e + sc->lna[0]; 4061 } else { /* 5GHz band */ 4062 if (sc->mac_ver == 0x5592) 4063 agc = 0x24 + sc->lna[group] * 2; 4064 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4065 agc = 0x22 + (sc->lna[group] * 5) / 3; 4066 else 4067 agc = 0x32 + (sc->lna[group] * 5) / 3; 4068 } 4069 run_set_agc(sc, agc); 4070 } 4071 4072 static void 4073 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4074 { 4075 const struct rfprog *rfprog = rt2860_rf2850; 4076 uint32_t r2, r3, r4; 4077 int8_t txpow1, txpow2; 4078 int i; 4079 4080 /* find the settings for this channel (we know it exists) */ 4081 for (i = 0; rfprog[i].chan != chan; i++); 4082 4083 r2 = rfprog[i].r2; 4084 if (sc->ntxchains == 1) 4085 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4086 if (sc->nrxchains == 1) 4087 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4088 else if (sc->nrxchains == 2) 4089 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4090 4091 /* use Tx power values from EEPROM */ 4092 txpow1 = sc->txpow1[i]; 4093 txpow2 = sc->txpow2[i]; 4094 4095 /* Initialize RF R3 and R4. */ 4096 r3 = rfprog[i].r3 & 0xffffc1ff; 4097 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4098 if (chan > 14) { 4099 if (txpow1 >= 0) { 4100 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4101 r3 |= (txpow1 << 10) | (1 << 9); 4102 } else { 4103 txpow1 += 7; 4104 4105 /* txpow1 is not possible larger than 15. */ 4106 r3 |= (txpow1 << 10); 4107 } 4108 if (txpow2 >= 0) { 4109 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4110 r4 |= (txpow2 << 7) | (1 << 6); 4111 } else { 4112 txpow2 += 7; 4113 r4 |= (txpow2 << 7); 4114 } 4115 } else { 4116 /* Set Tx0 power. */ 4117 r3 |= (txpow1 << 9); 4118 4119 /* Set frequency offset and Tx1 power. */ 4120 r4 |= (txpow2 << 6); 4121 } 4122 4123 run_rt2870_rf_write(sc, rfprog[i].r1); 4124 run_rt2870_rf_write(sc, r2); 4125 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4126 run_rt2870_rf_write(sc, r4); 4127 4128 run_delay(sc, 10); 4129 4130 run_rt2870_rf_write(sc, rfprog[i].r1); 4131 run_rt2870_rf_write(sc, r2); 4132 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4133 run_rt2870_rf_write(sc, r4); 4134 4135 run_delay(sc, 10); 4136 4137 run_rt2870_rf_write(sc, rfprog[i].r1); 4138 run_rt2870_rf_write(sc, r2); 4139 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4140 run_rt2870_rf_write(sc, r4); 4141 } 4142 4143 static void 4144 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4145 { 4146 int8_t txpow1, txpow2; 4147 uint8_t rf; 4148 int i; 4149 4150 /* find the settings for this channel (we know it exists) */ 4151 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4152 4153 /* use Tx power values from EEPROM */ 4154 txpow1 = sc->txpow1[i]; 4155 txpow2 = sc->txpow2[i]; 4156 4157 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4158 4159 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4160 run_rt3070_rf_read(sc, 3, &rf); 4161 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4162 run_rt3070_rf_write(sc, 3, rf); 4163 4164 run_rt3070_rf_read(sc, 6, &rf); 4165 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4166 run_rt3070_rf_write(sc, 6, rf); 4167 4168 /* set Tx0 power */ 4169 run_rt3070_rf_read(sc, 12, &rf); 4170 rf = (rf & ~0x1f) | txpow1; 4171 run_rt3070_rf_write(sc, 12, rf); 4172 4173 /* set Tx1 power */ 4174 run_rt3070_rf_read(sc, 13, &rf); 4175 rf = (rf & ~0x1f) | txpow2; 4176 run_rt3070_rf_write(sc, 13, rf); 4177 4178 run_rt3070_rf_read(sc, 1, &rf); 4179 rf &= ~0xfc; 4180 if (sc->ntxchains == 1) 4181 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4182 else if (sc->ntxchains == 2) 4183 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4184 if (sc->nrxchains == 1) 4185 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4186 else if (sc->nrxchains == 2) 4187 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4188 run_rt3070_rf_write(sc, 1, rf); 4189 4190 /* set RF offset */ 4191 run_rt3070_rf_read(sc, 23, &rf); 4192 rf = (rf & ~0x7f) | sc->freq; 4193 run_rt3070_rf_write(sc, 23, rf); 4194 4195 /* program RF filter */ 4196 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4197 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4198 run_rt3070_rf_write(sc, 24, rf); 4199 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4200 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4201 run_rt3070_rf_write(sc, 31, rf); 4202 4203 /* enable RF tuning */ 4204 run_rt3070_rf_read(sc, 7, &rf); 4205 run_rt3070_rf_write(sc, 7, rf | 0x01); 4206 } 4207 4208 static void 4209 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4210 { 4211 int8_t txpow1, txpow2; 4212 uint32_t tmp; 4213 uint8_t rf; 4214 int i; 4215 4216 /* find the settings for this channel (we know it exists) */ 4217 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4218 4219 /* use Tx power values from EEPROM */ 4220 txpow1 = sc->txpow1[i]; 4221 txpow2 = sc->txpow2[i]; 4222 4223 if (chan <= 14) { 4224 run_bbp_write(sc, 25, sc->bbp25); 4225 run_bbp_write(sc, 26, sc->bbp26); 4226 } else { 4227 /* enable IQ phase correction */ 4228 run_bbp_write(sc, 25, 0x09); 4229 run_bbp_write(sc, 26, 0xff); 4230 } 4231 4232 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4233 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4234 run_rt3070_rf_read(sc, 6, &rf); 4235 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4236 rf |= (chan <= 14) ? 0x08 : 0x04; 4237 run_rt3070_rf_write(sc, 6, rf); 4238 4239 /* set PLL mode */ 4240 run_rt3070_rf_read(sc, 5, &rf); 4241 rf &= ~(0x08 | 0x04); 4242 rf |= (chan <= 14) ? 0x04 : 0x08; 4243 run_rt3070_rf_write(sc, 5, rf); 4244 4245 /* set Tx power for chain 0 */ 4246 if (chan <= 14) 4247 rf = 0x60 | txpow1; 4248 else 4249 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4250 run_rt3070_rf_write(sc, 12, rf); 4251 4252 /* set Tx power for chain 1 */ 4253 if (chan <= 14) 4254 rf = 0x60 | txpow2; 4255 else 4256 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4257 run_rt3070_rf_write(sc, 13, rf); 4258 4259 /* set Tx/Rx streams */ 4260 run_rt3070_rf_read(sc, 1, &rf); 4261 rf &= ~0xfc; 4262 if (sc->ntxchains == 1) 4263 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4264 else if (sc->ntxchains == 2) 4265 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4266 if (sc->nrxchains == 1) 4267 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4268 else if (sc->nrxchains == 2) 4269 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4270 run_rt3070_rf_write(sc, 1, rf); 4271 4272 /* set RF offset */ 4273 run_rt3070_rf_read(sc, 23, &rf); 4274 rf = (rf & ~0x7f) | sc->freq; 4275 run_rt3070_rf_write(sc, 23, rf); 4276 4277 /* program RF filter */ 4278 rf = sc->rf24_20mhz; 4279 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4280 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4281 4282 /* enable RF tuning */ 4283 run_rt3070_rf_read(sc, 7, &rf); 4284 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4285 run_rt3070_rf_write(sc, 7, rf); 4286 4287 /* TSSI */ 4288 rf = (chan <= 14) ? 0xc3 : 0xc0; 4289 run_rt3070_rf_write(sc, 9, rf); 4290 4291 /* set loop filter 1 */ 4292 run_rt3070_rf_write(sc, 10, 0xf1); 4293 /* set loop filter 2 */ 4294 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4295 4296 /* set tx_mx2_ic */ 4297 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4298 /* set tx_mx1_ic */ 4299 if (chan <= 14) 4300 rf = 0x48 | sc->txmixgain_2ghz; 4301 else 4302 rf = 0x78 | sc->txmixgain_5ghz; 4303 run_rt3070_rf_write(sc, 16, rf); 4304 4305 /* set tx_lo1 */ 4306 run_rt3070_rf_write(sc, 17, 0x23); 4307 /* set tx_lo2 */ 4308 if (chan <= 14) 4309 rf = 0x93; 4310 else if (chan <= 64) 4311 rf = 0xb7; 4312 else if (chan <= 128) 4313 rf = 0x74; 4314 else 4315 rf = 0x72; 4316 run_rt3070_rf_write(sc, 19, rf); 4317 4318 /* set rx_lo1 */ 4319 if (chan <= 14) 4320 rf = 0xb3; 4321 else if (chan <= 64) 4322 rf = 0xf6; 4323 else if (chan <= 128) 4324 rf = 0xf4; 4325 else 4326 rf = 0xf3; 4327 run_rt3070_rf_write(sc, 20, rf); 4328 4329 /* set pfd_delay */ 4330 if (chan <= 14) 4331 rf = 0x15; 4332 else if (chan <= 64) 4333 rf = 0x3d; 4334 else 4335 rf = 0x01; 4336 run_rt3070_rf_write(sc, 25, rf); 4337 4338 /* set rx_lo2 */ 4339 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4340 /* set ldo_rf_vc */ 4341 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4342 /* set drv_cc */ 4343 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4344 4345 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4346 tmp &= ~0x8080; 4347 if (chan <= 14) 4348 tmp |= 0x80; 4349 run_write(sc, RT2860_GPIO_CTRL, tmp); 4350 4351 /* enable RF tuning */ 4352 run_rt3070_rf_read(sc, 7, &rf); 4353 run_rt3070_rf_write(sc, 7, rf | 0x01); 4354 4355 run_delay(sc, 2); 4356 } 4357 4358 static void 4359 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4360 { 4361 int8_t txpow1, txpow2, txpow3; 4362 uint8_t h20mhz, rf; 4363 int i; 4364 4365 /* find the settings for this channel (we know it exists) */ 4366 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4367 4368 /* use Tx power values from EEPROM */ 4369 txpow1 = sc->txpow1[i]; 4370 txpow2 = sc->txpow2[i]; 4371 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4372 4373 if (chan <= 14) { 4374 run_bbp_write(sc, 25, sc->bbp25); 4375 run_bbp_write(sc, 26, sc->bbp26); 4376 } else { 4377 /* Enable IQ phase correction. */ 4378 run_bbp_write(sc, 25, 0x09); 4379 run_bbp_write(sc, 26, 0xff); 4380 } 4381 4382 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4383 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4384 run_rt3070_rf_read(sc, 11, &rf); 4385 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4386 run_rt3070_rf_write(sc, 11, rf); 4387 4388 /* Set pll_idoh. */ 4389 run_rt3070_rf_read(sc, 11, &rf); 4390 rf &= ~0x4c; 4391 rf |= (chan <= 14) ? 0x44 : 0x48; 4392 run_rt3070_rf_write(sc, 11, rf); 4393 4394 if (chan <= 14) 4395 rf = txpow1 & 0x1f; 4396 else 4397 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4398 run_rt3070_rf_write(sc, 53, rf); 4399 4400 if (chan <= 14) 4401 rf = txpow2 & 0x1f; 4402 else 4403 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4404 run_rt3070_rf_write(sc, 55, rf); 4405 4406 if (chan <= 14) 4407 rf = txpow3 & 0x1f; 4408 else 4409 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4410 run_rt3070_rf_write(sc, 54, rf); 4411 4412 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4413 if (sc->ntxchains == 3) 4414 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4415 else 4416 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4417 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4418 run_rt3070_rf_write(sc, 1, rf); 4419 4420 run_adjust_freq_offset(sc); 4421 4422 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4423 4424 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4425 run_rt3070_rf_read(sc, 30, &rf); 4426 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4427 run_rt3070_rf_write(sc, 30, rf); 4428 4429 run_rt3070_rf_read(sc, 36, &rf); 4430 if (chan <= 14) 4431 rf |= 0x80; 4432 else 4433 rf &= ~0x80; 4434 run_rt3070_rf_write(sc, 36, rf); 4435 4436 /* Set vcolo_bs. */ 4437 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4438 /* Set pfd_delay. */ 4439 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4440 4441 /* Set vco bias current control. */ 4442 run_rt3070_rf_read(sc, 6, &rf); 4443 rf &= ~0xc0; 4444 if (chan <= 14) 4445 rf |= 0x40; 4446 else if (chan <= 128) 4447 rf |= 0x80; 4448 else 4449 rf |= 0x40; 4450 run_rt3070_rf_write(sc, 6, rf); 4451 4452 run_rt3070_rf_read(sc, 30, &rf); 4453 rf = (rf & ~0x18) | 0x10; 4454 run_rt3070_rf_write(sc, 30, rf); 4455 4456 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4457 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4458 4459 run_rt3070_rf_read(sc, 51, &rf); 4460 rf = (rf & ~0x03) | 0x01; 4461 run_rt3070_rf_write(sc, 51, rf); 4462 /* Set tx_mx1_cc. */ 4463 run_rt3070_rf_read(sc, 51, &rf); 4464 rf &= ~0x1c; 4465 rf |= (chan <= 14) ? 0x14 : 0x10; 4466 run_rt3070_rf_write(sc, 51, rf); 4467 /* Set tx_mx1_ic. */ 4468 run_rt3070_rf_read(sc, 51, &rf); 4469 rf &= ~0xe0; 4470 rf |= (chan <= 14) ? 0x60 : 0x40; 4471 run_rt3070_rf_write(sc, 51, rf); 4472 /* Set tx_lo1_ic. */ 4473 run_rt3070_rf_read(sc, 49, &rf); 4474 rf &= ~0x1c; 4475 rf |= (chan <= 14) ? 0x0c : 0x08; 4476 run_rt3070_rf_write(sc, 49, rf); 4477 /* Set tx_lo1_en. */ 4478 run_rt3070_rf_read(sc, 50, &rf); 4479 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4480 /* Set drv_cc. */ 4481 run_rt3070_rf_read(sc, 57, &rf); 4482 rf &= ~0xfc; 4483 rf |= (chan <= 14) ? 0x6c : 0x3c; 4484 run_rt3070_rf_write(sc, 57, rf); 4485 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4486 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4487 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4488 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4489 /* Enable VCO calibration. */ 4490 run_rt3070_rf_read(sc, 3, &rf); 4491 rf &= ~RT5390_VCOCAL; 4492 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4493 run_rt3070_rf_write(sc, 3, rf); 4494 4495 if (chan <= 14) 4496 rf = 0x23; 4497 else if (chan <= 64) 4498 rf = 0x36; 4499 else if (chan <= 128) 4500 rf = 0x32; 4501 else 4502 rf = 0x30; 4503 run_rt3070_rf_write(sc, 39, rf); 4504 if (chan <= 14) 4505 rf = 0xbb; 4506 else if (chan <= 64) 4507 rf = 0xeb; 4508 else if (chan <= 128) 4509 rf = 0xb3; 4510 else 4511 rf = 0x9b; 4512 run_rt3070_rf_write(sc, 45, rf); 4513 4514 /* Set FEQ/AEQ control. */ 4515 run_bbp_write(sc, 105, 0x34); 4516 } 4517 4518 static void 4519 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4520 { 4521 int8_t txpow1, txpow2; 4522 uint8_t rf; 4523 int i; 4524 4525 /* find the settings for this channel (we know it exists) */ 4526 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4527 4528 /* use Tx power values from EEPROM */ 4529 txpow1 = sc->txpow1[i]; 4530 txpow2 = sc->txpow2[i]; 4531 4532 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4533 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4534 run_rt3070_rf_read(sc, 11, &rf); 4535 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4536 run_rt3070_rf_write(sc, 11, rf); 4537 4538 run_rt3070_rf_read(sc, 49, &rf); 4539 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4540 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4541 if ((rf & 0x3f) > 0x27) 4542 rf = (rf & ~0x3f) | 0x27; 4543 run_rt3070_rf_write(sc, 49, rf); 4544 4545 if (sc->mac_ver == 0x5392) { 4546 run_rt3070_rf_read(sc, 50, &rf); 4547 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4548 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4549 if ((rf & 0x3f) > 0x27) 4550 rf = (rf & ~0x3f) | 0x27; 4551 run_rt3070_rf_write(sc, 50, rf); 4552 } 4553 4554 run_rt3070_rf_read(sc, 1, &rf); 4555 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4556 if (sc->mac_ver == 0x5392) 4557 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4558 run_rt3070_rf_write(sc, 1, rf); 4559 4560 if (sc->mac_ver != 0x5392) { 4561 run_rt3070_rf_read(sc, 2, &rf); 4562 rf |= 0x80; 4563 run_rt3070_rf_write(sc, 2, rf); 4564 run_delay(sc, 10); 4565 rf &= 0x7f; 4566 run_rt3070_rf_write(sc, 2, rf); 4567 } 4568 4569 run_adjust_freq_offset(sc); 4570 4571 if (sc->mac_ver == 0x5392) { 4572 /* Fix for RT5392C. */ 4573 if (sc->mac_rev >= 0x0223) { 4574 if (chan <= 4) 4575 rf = 0x0f; 4576 else if (chan >= 5 && chan <= 7) 4577 rf = 0x0e; 4578 else 4579 rf = 0x0d; 4580 run_rt3070_rf_write(sc, 23, rf); 4581 4582 if (chan <= 4) 4583 rf = 0x0c; 4584 else if (chan == 5) 4585 rf = 0x0b; 4586 else if (chan >= 6 && chan <= 7) 4587 rf = 0x0a; 4588 else if (chan >= 8 && chan <= 10) 4589 rf = 0x09; 4590 else 4591 rf = 0x08; 4592 run_rt3070_rf_write(sc, 59, rf); 4593 } else { 4594 if (chan <= 11) 4595 rf = 0x0f; 4596 else 4597 rf = 0x0b; 4598 run_rt3070_rf_write(sc, 59, rf); 4599 } 4600 } else { 4601 /* Fix for RT5390F. */ 4602 if (sc->mac_rev >= 0x0502) { 4603 if (chan <= 11) 4604 rf = 0x43; 4605 else 4606 rf = 0x23; 4607 run_rt3070_rf_write(sc, 55, rf); 4608 4609 if (chan <= 11) 4610 rf = 0x0f; 4611 else if (chan == 12) 4612 rf = 0x0d; 4613 else 4614 rf = 0x0b; 4615 run_rt3070_rf_write(sc, 59, rf); 4616 } else { 4617 run_rt3070_rf_write(sc, 55, 0x44); 4618 run_rt3070_rf_write(sc, 59, 0x8f); 4619 } 4620 } 4621 4622 /* Enable VCO calibration. */ 4623 run_rt3070_rf_read(sc, 3, &rf); 4624 rf |= RT5390_VCOCAL; 4625 run_rt3070_rf_write(sc, 3, rf); 4626 } 4627 4628 static void 4629 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4630 { 4631 const struct rt5592_freqs *freqs; 4632 uint32_t tmp; 4633 uint8_t reg, rf, txpow_bound; 4634 int8_t txpow1, txpow2; 4635 int i; 4636 4637 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4638 freqs = (tmp & RT5592_SEL_XTAL) ? 4639 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4640 4641 /* find the settings for this channel (we know it exists) */ 4642 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4643 4644 /* use Tx power values from EEPROM */ 4645 txpow1 = sc->txpow1[i]; 4646 txpow2 = sc->txpow2[i]; 4647 4648 run_read(sc, RT3070_LDO_CFG0, &tmp); 4649 tmp &= ~0x1c000000; 4650 if (chan > 14) 4651 tmp |= 0x14000000; 4652 run_write(sc, RT3070_LDO_CFG0, tmp); 4653 4654 /* N setting. */ 4655 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4656 run_rt3070_rf_read(sc, 9, &rf); 4657 rf &= ~(1 << 4); 4658 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4659 run_rt3070_rf_write(sc, 9, rf); 4660 4661 /* K setting. */ 4662 run_rt3070_rf_read(sc, 9, &rf); 4663 rf &= ~0x0f; 4664 rf |= (freqs->k & 0x0f); 4665 run_rt3070_rf_write(sc, 9, rf); 4666 4667 /* Mode setting. */ 4668 run_rt3070_rf_read(sc, 11, &rf); 4669 rf &= ~0x0c; 4670 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4671 run_rt3070_rf_write(sc, 11, rf); 4672 run_rt3070_rf_read(sc, 9, &rf); 4673 rf &= ~(1 << 7); 4674 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4675 run_rt3070_rf_write(sc, 9, rf); 4676 4677 /* R setting. */ 4678 run_rt3070_rf_read(sc, 11, &rf); 4679 rf &= ~0x03; 4680 rf |= (freqs->r - 0x1); 4681 run_rt3070_rf_write(sc, 11, rf); 4682 4683 if (chan <= 14) { 4684 /* Initialize RF registers for 2GHZ. */ 4685 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4686 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4687 rt5592_2ghz_def_rf[i].val); 4688 } 4689 4690 rf = (chan <= 10) ? 0x07 : 0x06; 4691 run_rt3070_rf_write(sc, 23, rf); 4692 run_rt3070_rf_write(sc, 59, rf); 4693 4694 run_rt3070_rf_write(sc, 55, 0x43); 4695 4696 /* 4697 * RF R49/R50 Tx power ALC code. 4698 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4699 */ 4700 reg = 2; 4701 txpow_bound = 0x27; 4702 } else { 4703 /* Initialize RF registers for 5GHZ. */ 4704 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4705 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4706 rt5592_5ghz_def_rf[i].val); 4707 } 4708 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4709 if (chan >= rt5592_chan_5ghz[i].firstchan && 4710 chan <= rt5592_chan_5ghz[i].lastchan) { 4711 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4712 rt5592_chan_5ghz[i].val); 4713 } 4714 } 4715 4716 /* 4717 * RF R49/R50 Tx power ALC code. 4718 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4719 */ 4720 reg = 3; 4721 txpow_bound = 0x2b; 4722 } 4723 4724 /* RF R49 ch0 Tx power ALC code. */ 4725 run_rt3070_rf_read(sc, 49, &rf); 4726 rf &= ~0xc0; 4727 rf |= (reg << 6); 4728 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4729 if ((rf & 0x3f) > txpow_bound) 4730 rf = (rf & ~0x3f) | txpow_bound; 4731 run_rt3070_rf_write(sc, 49, rf); 4732 4733 /* RF R50 ch1 Tx power ALC code. */ 4734 run_rt3070_rf_read(sc, 50, &rf); 4735 rf &= ~(1 << 7 | 1 << 6); 4736 rf |= (reg << 6); 4737 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4738 if ((rf & 0x3f) > txpow_bound) 4739 rf = (rf & ~0x3f) | txpow_bound; 4740 run_rt3070_rf_write(sc, 50, rf); 4741 4742 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4743 run_rt3070_rf_read(sc, 1, &rf); 4744 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4745 if (sc->ntxchains > 1) 4746 rf |= RT3070_TX1_PD; 4747 if (sc->nrxchains > 1) 4748 rf |= RT3070_RX1_PD; 4749 run_rt3070_rf_write(sc, 1, rf); 4750 4751 run_rt3070_rf_write(sc, 6, 0xe4); 4752 4753 run_rt3070_rf_write(sc, 30, 0x10); 4754 run_rt3070_rf_write(sc, 31, 0x80); 4755 run_rt3070_rf_write(sc, 32, 0x80); 4756 4757 run_adjust_freq_offset(sc); 4758 4759 /* Enable VCO calibration. */ 4760 run_rt3070_rf_read(sc, 3, &rf); 4761 rf |= RT5390_VCOCAL; 4762 run_rt3070_rf_write(sc, 3, rf); 4763 } 4764 4765 static void 4766 run_set_rx_antenna(struct run_softc *sc, int aux) 4767 { 4768 uint32_t tmp; 4769 uint8_t bbp152; 4770 4771 if (aux) { 4772 if (sc->rf_rev == RT5390_RF_5370) { 4773 run_bbp_read(sc, 152, &bbp152); 4774 run_bbp_write(sc, 152, bbp152 & ~0x80); 4775 } else { 4776 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4777 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4778 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4779 } 4780 } else { 4781 if (sc->rf_rev == RT5390_RF_5370) { 4782 run_bbp_read(sc, 152, &bbp152); 4783 run_bbp_write(sc, 152, bbp152 | 0x80); 4784 } else { 4785 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4786 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4787 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4788 } 4789 } 4790 } 4791 4792 static int 4793 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4794 { 4795 struct ieee80211com *ic = &sc->sc_ic; 4796 u_int chan, group; 4797 4798 chan = ieee80211_chan2ieee(ic, c); 4799 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4800 return (EINVAL); 4801 4802 if (sc->mac_ver == 0x5592) 4803 run_rt5592_set_chan(sc, chan); 4804 else if (sc->mac_ver >= 0x5390) 4805 run_rt5390_set_chan(sc, chan); 4806 else if (sc->mac_ver == 0x3593) 4807 run_rt3593_set_chan(sc, chan); 4808 else if (sc->mac_ver == 0x3572) 4809 run_rt3572_set_chan(sc, chan); 4810 else if (sc->mac_ver >= 0x3070) 4811 run_rt3070_set_chan(sc, chan); 4812 else 4813 run_rt2870_set_chan(sc, chan); 4814 4815 /* determine channel group */ 4816 if (chan <= 14) 4817 group = 0; 4818 else if (chan <= 64) 4819 group = 1; 4820 else if (chan <= 128) 4821 group = 2; 4822 else 4823 group = 3; 4824 4825 /* XXX necessary only when group has changed! */ 4826 run_select_chan_group(sc, group); 4827 4828 run_delay(sc, 10); 4829 4830 /* Perform IQ calibration. */ 4831 if (sc->mac_ver >= 0x5392) 4832 run_iq_calib(sc, chan); 4833 4834 return (0); 4835 } 4836 4837 static void 4838 run_set_channel(struct ieee80211com *ic) 4839 { 4840 struct run_softc *sc = ic->ic_softc; 4841 4842 RUN_LOCK(sc); 4843 run_set_chan(sc, ic->ic_curchan); 4844 RUN_UNLOCK(sc); 4845 4846 return; 4847 } 4848 4849 static void 4850 run_getradiocaps(struct ieee80211com *ic, 4851 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4852 { 4853 struct run_softc *sc = ic->ic_softc; 4854 uint8_t bands[IEEE80211_MODE_BYTES]; 4855 4856 memset(bands, 0, sizeof(bands)); 4857 setbit(bands, IEEE80211_MODE_11B); 4858 setbit(bands, IEEE80211_MODE_11G); 4859 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4860 4861 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4862 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4863 sc->rf_rev == RT5592_RF_5592) { 4864 setbit(bands, IEEE80211_MODE_11A); 4865 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4866 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4867 } 4868 } 4869 4870 static void 4871 run_scan_start(struct ieee80211com *ic) 4872 { 4873 struct run_softc *sc = ic->ic_softc; 4874 4875 RUN_LOCK(sc); 4876 4877 /* abort TSF synchronization */ 4878 run_disable_tsf(sc); 4879 run_set_bssid(sc, ieee80211broadcastaddr); 4880 4881 RUN_UNLOCK(sc); 4882 4883 return; 4884 } 4885 4886 static void 4887 run_scan_end(struct ieee80211com *ic) 4888 { 4889 struct run_softc *sc = ic->ic_softc; 4890 4891 RUN_LOCK(sc); 4892 4893 run_enable_tsf_sync(sc); 4894 run_set_bssid(sc, sc->sc_bssid); 4895 4896 RUN_UNLOCK(sc); 4897 4898 return; 4899 } 4900 4901 /* 4902 * Could be called from ieee80211_node_timeout() 4903 * (non-sleepable thread) 4904 */ 4905 static void 4906 run_update_beacon(struct ieee80211vap *vap, int item) 4907 { 4908 struct ieee80211com *ic = vap->iv_ic; 4909 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4910 struct ieee80211_node *ni = vap->iv_bss; 4911 struct run_softc *sc = ic->ic_softc; 4912 struct run_vap *rvp = RUN_VAP(vap); 4913 int mcast = 0; 4914 uint32_t i; 4915 4916 switch (item) { 4917 case IEEE80211_BEACON_ERP: 4918 run_updateslot(ic); 4919 break; 4920 case IEEE80211_BEACON_HTINFO: 4921 run_updateprot(ic); 4922 break; 4923 case IEEE80211_BEACON_TIM: 4924 mcast = 1; /*TODO*/ 4925 break; 4926 default: 4927 break; 4928 } 4929 4930 setbit(bo->bo_flags, item); 4931 if (rvp->beacon_mbuf == NULL) { 4932 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4933 if (rvp->beacon_mbuf == NULL) 4934 return; 4935 } 4936 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4937 4938 i = RUN_CMDQ_GET(&sc->cmdq_store); 4939 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4940 sc->cmdq[i].func = run_update_beacon_cb; 4941 sc->cmdq[i].arg0 = vap; 4942 ieee80211_runtask(ic, &sc->cmdq_task); 4943 4944 return; 4945 } 4946 4947 static void 4948 run_update_beacon_cb(void *arg) 4949 { 4950 struct ieee80211vap *vap = arg; 4951 struct ieee80211_node *ni = vap->iv_bss; 4952 struct run_vap *rvp = RUN_VAP(vap); 4953 struct ieee80211com *ic = vap->iv_ic; 4954 struct run_softc *sc = ic->ic_softc; 4955 struct rt2860_txwi txwi; 4956 struct mbuf *m; 4957 uint16_t txwisize; 4958 uint8_t ridx; 4959 4960 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4961 return; 4962 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4963 return; 4964 4965 /* 4966 * No need to call ieee80211_beacon_update(), run_update_beacon() 4967 * is taking care of appropriate calls. 4968 */ 4969 if (rvp->beacon_mbuf == NULL) { 4970 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4971 if (rvp->beacon_mbuf == NULL) 4972 return; 4973 } 4974 m = rvp->beacon_mbuf; 4975 4976 memset(&txwi, 0, sizeof(txwi)); 4977 txwi.wcid = 0xff; 4978 txwi.len = htole16(m->m_pkthdr.len); 4979 4980 /* send beacons at the lowest available rate */ 4981 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4982 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4983 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4984 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4985 txwi.phy |= htole16(RT2860_PHY_OFDM); 4986 txwi.txop = RT2860_TX_TXOP_HT; 4987 txwi.flags = RT2860_TX_TS; 4988 txwi.xflags = RT2860_TX_NSEQ; 4989 4990 txwisize = (sc->mac_ver == 0x5592) ? 4991 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4992 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4993 txwisize); 4994 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4995 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4996 } 4997 4998 static void 4999 run_updateprot(struct ieee80211com *ic) 5000 { 5001 struct run_softc *sc = ic->ic_softc; 5002 uint32_t i; 5003 5004 i = RUN_CMDQ_GET(&sc->cmdq_store); 5005 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5006 sc->cmdq[i].func = run_updateprot_cb; 5007 sc->cmdq[i].arg0 = ic; 5008 ieee80211_runtask(ic, &sc->cmdq_task); 5009 } 5010 5011 static void 5012 run_updateprot_cb(void *arg) 5013 { 5014 struct ieee80211com *ic = arg; 5015 struct run_softc *sc = ic->ic_softc; 5016 uint32_t tmp; 5017 5018 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5019 /* setup protection frame rate (MCS code) */ 5020 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5021 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5022 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5023 5024 /* CCK frames don't require protection */ 5025 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5026 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5027 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5028 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5029 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5030 tmp |= RT2860_PROT_CTRL_CTS; 5031 } 5032 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5033 } 5034 5035 static void 5036 run_usb_timeout_cb(void *arg) 5037 { 5038 struct ieee80211vap *vap = arg; 5039 struct run_softc *sc = vap->iv_ic->ic_softc; 5040 5041 RUN_LOCK_ASSERT(sc, MA_OWNED); 5042 5043 if(vap->iv_state == IEEE80211_S_RUN && 5044 vap->iv_opmode != IEEE80211_M_STA) 5045 run_reset_livelock(sc); 5046 else if (vap->iv_state == IEEE80211_S_SCAN) { 5047 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5048 "timeout caused by scan\n"); 5049 /* cancel bgscan */ 5050 ieee80211_cancel_scan(vap); 5051 } else 5052 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5053 "timeout by unknown cause\n"); 5054 } 5055 5056 static void 5057 run_reset_livelock(struct run_softc *sc) 5058 { 5059 uint32_t tmp; 5060 5061 RUN_LOCK_ASSERT(sc, MA_OWNED); 5062 5063 /* 5064 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5065 * can run into a livelock and start sending CTS-to-self frames like 5066 * crazy if protection is enabled. Reset MAC/BBP for a while 5067 */ 5068 run_read(sc, RT2860_DEBUG, &tmp); 5069 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5070 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5071 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5072 "CTS-to-self livelock detected\n"); 5073 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5074 run_delay(sc, 1); 5075 run_write(sc, RT2860_MAC_SYS_CTRL, 5076 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5077 } 5078 } 5079 5080 static void 5081 run_update_promisc_locked(struct run_softc *sc) 5082 { 5083 uint32_t tmp; 5084 5085 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5086 5087 tmp |= RT2860_DROP_UC_NOME; 5088 if (sc->sc_ic.ic_promisc > 0) 5089 tmp &= ~RT2860_DROP_UC_NOME; 5090 5091 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5092 5093 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5094 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5095 } 5096 5097 static void 5098 run_update_promisc(struct ieee80211com *ic) 5099 { 5100 struct run_softc *sc = ic->ic_softc; 5101 5102 if ((sc->sc_flags & RUN_RUNNING) == 0) 5103 return; 5104 5105 RUN_LOCK(sc); 5106 run_update_promisc_locked(sc); 5107 RUN_UNLOCK(sc); 5108 } 5109 5110 static void 5111 run_enable_tsf_sync(struct run_softc *sc) 5112 { 5113 struct ieee80211com *ic = &sc->sc_ic; 5114 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5115 uint32_t tmp; 5116 5117 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5118 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5119 5120 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5121 tmp &= ~0x1fffff; 5122 tmp |= vap->iv_bss->ni_intval * 16; 5123 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5124 5125 if (ic->ic_opmode == IEEE80211_M_STA) { 5126 /* 5127 * Local TSF is always updated with remote TSF on beacon 5128 * reception. 5129 */ 5130 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5131 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5132 tmp |= RT2860_BCN_TX_EN; 5133 /* 5134 * Local TSF is updated with remote TSF on beacon reception 5135 * only if the remote TSF is greater than local TSF. 5136 */ 5137 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5138 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5139 ic->ic_opmode == IEEE80211_M_MBSS) { 5140 tmp |= RT2860_BCN_TX_EN; 5141 /* SYNC with nobody */ 5142 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5143 } else { 5144 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5145 "Enabling TSF failed. undefined opmode\n"); 5146 return; 5147 } 5148 5149 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5150 } 5151 5152 static void 5153 run_enable_tsf(struct run_softc *sc) 5154 { 5155 uint32_t tmp; 5156 5157 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5158 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5159 tmp |= RT2860_TSF_TIMER_EN; 5160 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5161 } 5162 } 5163 5164 static void 5165 run_disable_tsf(struct run_softc *sc) 5166 { 5167 uint32_t tmp; 5168 5169 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5170 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5171 RT2860_TBTT_TIMER_EN); 5172 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5173 } 5174 } 5175 5176 static void 5177 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5178 { 5179 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5180 sizeof(*buf)); 5181 } 5182 5183 static void 5184 run_enable_mrr(struct run_softc *sc) 5185 { 5186 #define CCK(mcs) (mcs) 5187 #define OFDM(mcs) (1 << 3 | (mcs)) 5188 run_write(sc, RT2860_LG_FBK_CFG0, 5189 OFDM(6) << 28 | /* 54->48 */ 5190 OFDM(5) << 24 | /* 48->36 */ 5191 OFDM(4) << 20 | /* 36->24 */ 5192 OFDM(3) << 16 | /* 24->18 */ 5193 OFDM(2) << 12 | /* 18->12 */ 5194 OFDM(1) << 8 | /* 12-> 9 */ 5195 OFDM(0) << 4 | /* 9-> 6 */ 5196 OFDM(0)); /* 6-> 6 */ 5197 5198 run_write(sc, RT2860_LG_FBK_CFG1, 5199 CCK(2) << 12 | /* 11->5.5 */ 5200 CCK(1) << 8 | /* 5.5-> 2 */ 5201 CCK(0) << 4 | /* 2-> 1 */ 5202 CCK(0)); /* 1-> 1 */ 5203 #undef OFDM 5204 #undef CCK 5205 } 5206 5207 static void 5208 run_set_txpreamble(struct run_softc *sc) 5209 { 5210 struct ieee80211com *ic = &sc->sc_ic; 5211 uint32_t tmp; 5212 5213 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5214 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5215 tmp |= RT2860_CCK_SHORT_EN; 5216 else 5217 tmp &= ~RT2860_CCK_SHORT_EN; 5218 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5219 } 5220 5221 static void 5222 run_set_basicrates(struct run_softc *sc) 5223 { 5224 struct ieee80211com *ic = &sc->sc_ic; 5225 5226 /* set basic rates mask */ 5227 if (ic->ic_curmode == IEEE80211_MODE_11B) 5228 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5229 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5230 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5231 else /* 11g */ 5232 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5233 } 5234 5235 static void 5236 run_set_leds(struct run_softc *sc, uint16_t which) 5237 { 5238 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5239 which | (sc->leds & 0x7f)); 5240 } 5241 5242 static void 5243 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5244 { 5245 run_write(sc, RT2860_MAC_BSSID_DW0, 5246 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5247 run_write(sc, RT2860_MAC_BSSID_DW1, 5248 bssid[4] | bssid[5] << 8); 5249 } 5250 5251 static void 5252 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5253 { 5254 run_write(sc, RT2860_MAC_ADDR_DW0, 5255 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5256 run_write(sc, RT2860_MAC_ADDR_DW1, 5257 addr[4] | addr[5] << 8 | 0xff << 16); 5258 } 5259 5260 static void 5261 run_updateslot(struct ieee80211com *ic) 5262 { 5263 struct run_softc *sc = ic->ic_softc; 5264 uint32_t i; 5265 5266 i = RUN_CMDQ_GET(&sc->cmdq_store); 5267 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5268 sc->cmdq[i].func = run_updateslot_cb; 5269 sc->cmdq[i].arg0 = ic; 5270 ieee80211_runtask(ic, &sc->cmdq_task); 5271 5272 return; 5273 } 5274 5275 /* ARGSUSED */ 5276 static void 5277 run_updateslot_cb(void *arg) 5278 { 5279 struct ieee80211com *ic = arg; 5280 struct run_softc *sc = ic->ic_softc; 5281 uint32_t tmp; 5282 5283 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5284 tmp &= ~0xff; 5285 tmp |= IEEE80211_GET_SLOTTIME(ic); 5286 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5287 } 5288 5289 static void 5290 run_update_mcast(struct ieee80211com *ic) 5291 { 5292 } 5293 5294 static int8_t 5295 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5296 { 5297 struct ieee80211com *ic = &sc->sc_ic; 5298 struct ieee80211_channel *c = ic->ic_curchan; 5299 int delta; 5300 5301 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5302 u_int chan = ieee80211_chan2ieee(ic, c); 5303 delta = sc->rssi_5ghz[rxchain]; 5304 5305 /* determine channel group */ 5306 if (chan <= 64) 5307 delta -= sc->lna[1]; 5308 else if (chan <= 128) 5309 delta -= sc->lna[2]; 5310 else 5311 delta -= sc->lna[3]; 5312 } else 5313 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5314 5315 return (-12 - delta - rssi); 5316 } 5317 5318 static void 5319 run_rt5390_bbp_init(struct run_softc *sc) 5320 { 5321 u_int i; 5322 uint8_t bbp; 5323 5324 /* Apply maximum likelihood detection for 2 stream case. */ 5325 run_bbp_read(sc, 105, &bbp); 5326 if (sc->nrxchains > 1) 5327 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5328 5329 /* Avoid data lost and CRC error. */ 5330 run_bbp_read(sc, 4, &bbp); 5331 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5332 5333 if (sc->mac_ver == 0x5592) { 5334 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5335 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5336 rt5592_def_bbp[i].val); 5337 } 5338 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5339 run_bbp_write(sc, 195, i + 0x80); 5340 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5341 } 5342 } else { 5343 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5344 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5345 rt5390_def_bbp[i].val); 5346 } 5347 } 5348 if (sc->mac_ver == 0x5392) { 5349 run_bbp_write(sc, 88, 0x90); 5350 run_bbp_write(sc, 95, 0x9a); 5351 run_bbp_write(sc, 98, 0x12); 5352 run_bbp_write(sc, 106, 0x12); 5353 run_bbp_write(sc, 134, 0xd0); 5354 run_bbp_write(sc, 135, 0xf6); 5355 run_bbp_write(sc, 148, 0x84); 5356 } 5357 5358 run_bbp_read(sc, 152, &bbp); 5359 run_bbp_write(sc, 152, bbp | 0x80); 5360 5361 /* Fix BBP254 for RT5592C. */ 5362 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5363 run_bbp_read(sc, 254, &bbp); 5364 run_bbp_write(sc, 254, bbp | 0x80); 5365 } 5366 5367 /* Disable hardware antenna diversity. */ 5368 if (sc->mac_ver == 0x5390) 5369 run_bbp_write(sc, 154, 0); 5370 5371 /* Initialize Rx CCK/OFDM frequency offset report. */ 5372 run_bbp_write(sc, 142, 1); 5373 run_bbp_write(sc, 143, 57); 5374 } 5375 5376 static int 5377 run_bbp_init(struct run_softc *sc) 5378 { 5379 int i, error, ntries; 5380 uint8_t bbp0; 5381 5382 /* wait for BBP to wake up */ 5383 for (ntries = 0; ntries < 20; ntries++) { 5384 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5385 return error; 5386 if (bbp0 != 0 && bbp0 != 0xff) 5387 break; 5388 } 5389 if (ntries == 20) 5390 return (ETIMEDOUT); 5391 5392 /* initialize BBP registers to default values */ 5393 if (sc->mac_ver >= 0x5390) 5394 run_rt5390_bbp_init(sc); 5395 else { 5396 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5397 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5398 rt2860_def_bbp[i].val); 5399 } 5400 } 5401 5402 if (sc->mac_ver == 0x3593) { 5403 run_bbp_write(sc, 79, 0x13); 5404 run_bbp_write(sc, 80, 0x05); 5405 run_bbp_write(sc, 81, 0x33); 5406 run_bbp_write(sc, 86, 0x46); 5407 run_bbp_write(sc, 137, 0x0f); 5408 } 5409 5410 /* fix BBP84 for RT2860E */ 5411 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5412 run_bbp_write(sc, 84, 0x19); 5413 5414 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5415 sc->mac_ver != 0x5592)) { 5416 run_bbp_write(sc, 79, 0x13); 5417 run_bbp_write(sc, 80, 0x05); 5418 run_bbp_write(sc, 81, 0x33); 5419 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5420 run_bbp_write(sc, 69, 0x16); 5421 run_bbp_write(sc, 73, 0x12); 5422 } 5423 return (0); 5424 } 5425 5426 static int 5427 run_rt3070_rf_init(struct run_softc *sc) 5428 { 5429 uint32_t tmp; 5430 uint8_t bbp4, mingain, rf, target; 5431 u_int i; 5432 5433 run_rt3070_rf_read(sc, 30, &rf); 5434 /* toggle RF R30 bit 7 */ 5435 run_rt3070_rf_write(sc, 30, rf | 0x80); 5436 run_delay(sc, 10); 5437 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5438 5439 /* initialize RF registers to default value */ 5440 if (sc->mac_ver == 0x3572) { 5441 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5442 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5443 rt3572_def_rf[i].val); 5444 } 5445 } else { 5446 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5447 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5448 rt3070_def_rf[i].val); 5449 } 5450 } 5451 5452 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5453 /* 5454 * Change voltage from 1.2V to 1.35V for RT3070. 5455 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5456 * in RT3070(F). 5457 */ 5458 run_read(sc, RT3070_LDO_CFG0, &tmp); 5459 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5460 run_write(sc, RT3070_LDO_CFG0, tmp); 5461 5462 } else if (sc->mac_ver == 0x3071) { 5463 run_rt3070_rf_read(sc, 6, &rf); 5464 run_rt3070_rf_write(sc, 6, rf | 0x40); 5465 run_rt3070_rf_write(sc, 31, 0x14); 5466 5467 run_read(sc, RT3070_LDO_CFG0, &tmp); 5468 tmp &= ~0x1f000000; 5469 if (sc->mac_rev < 0x0211) 5470 tmp |= 0x0d000000; /* 1.3V */ 5471 else 5472 tmp |= 0x01000000; /* 1.2V */ 5473 run_write(sc, RT3070_LDO_CFG0, tmp); 5474 5475 /* patch LNA_PE_G1 */ 5476 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5477 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5478 5479 } else if (sc->mac_ver == 0x3572) { 5480 run_rt3070_rf_read(sc, 6, &rf); 5481 run_rt3070_rf_write(sc, 6, rf | 0x40); 5482 5483 /* increase voltage from 1.2V to 1.35V */ 5484 run_read(sc, RT3070_LDO_CFG0, &tmp); 5485 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5486 run_write(sc, RT3070_LDO_CFG0, tmp); 5487 5488 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5489 run_delay(sc, 1); /* wait for 1msec */ 5490 /* decrease voltage back to 1.2V */ 5491 tmp = (tmp & ~0x1f000000) | 0x01000000; 5492 run_write(sc, RT3070_LDO_CFG0, tmp); 5493 } 5494 } 5495 5496 /* select 20MHz bandwidth */ 5497 run_rt3070_rf_read(sc, 31, &rf); 5498 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5499 5500 /* calibrate filter for 20MHz bandwidth */ 5501 sc->rf24_20mhz = 0x1f; /* default value */ 5502 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5503 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5504 5505 /* select 40MHz bandwidth */ 5506 run_bbp_read(sc, 4, &bbp4); 5507 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5508 run_rt3070_rf_read(sc, 31, &rf); 5509 run_rt3070_rf_write(sc, 31, rf | 0x20); 5510 5511 /* calibrate filter for 40MHz bandwidth */ 5512 sc->rf24_40mhz = 0x2f; /* default value */ 5513 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5514 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5515 5516 /* go back to 20MHz bandwidth */ 5517 run_bbp_read(sc, 4, &bbp4); 5518 run_bbp_write(sc, 4, bbp4 & ~0x18); 5519 5520 if (sc->mac_ver == 0x3572) { 5521 /* save default BBP registers 25 and 26 values */ 5522 run_bbp_read(sc, 25, &sc->bbp25); 5523 run_bbp_read(sc, 26, &sc->bbp26); 5524 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5525 run_rt3070_rf_write(sc, 27, 0x03); 5526 5527 run_read(sc, RT3070_OPT_14, &tmp); 5528 run_write(sc, RT3070_OPT_14, tmp | 1); 5529 5530 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5531 run_rt3070_rf_read(sc, 17, &rf); 5532 rf &= ~RT3070_TX_LO1; 5533 if ((sc->mac_ver == 0x3070 || 5534 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5535 !sc->ext_2ghz_lna) 5536 rf |= 0x20; /* fix for long range Rx issue */ 5537 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5538 if (sc->txmixgain_2ghz >= mingain) 5539 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5540 run_rt3070_rf_write(sc, 17, rf); 5541 } 5542 5543 if (sc->mac_ver == 0x3071) { 5544 run_rt3070_rf_read(sc, 1, &rf); 5545 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5546 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5547 run_rt3070_rf_write(sc, 1, rf); 5548 5549 run_rt3070_rf_read(sc, 15, &rf); 5550 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5551 5552 run_rt3070_rf_read(sc, 20, &rf); 5553 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5554 5555 run_rt3070_rf_read(sc, 21, &rf); 5556 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5557 } 5558 5559 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5560 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5561 run_rt3070_rf_read(sc, 27, &rf); 5562 rf &= ~0x77; 5563 if (sc->mac_rev < 0x0211) 5564 rf |= 0x03; 5565 run_rt3070_rf_write(sc, 27, rf); 5566 } 5567 return (0); 5568 } 5569 5570 static void 5571 run_rt3593_rf_init(struct run_softc *sc) 5572 { 5573 uint32_t tmp; 5574 uint8_t rf; 5575 u_int i; 5576 5577 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5578 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5579 tmp &= ~(1 << 4 | 1 << 7); 5580 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5581 5582 /* Initialize RF registers to default value. */ 5583 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5584 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5585 rt3593_def_rf[i].val); 5586 } 5587 5588 /* Toggle RF R2 to initiate calibration. */ 5589 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5590 5591 /* Initialize RF frequency offset. */ 5592 run_adjust_freq_offset(sc); 5593 5594 run_rt3070_rf_read(sc, 18, &rf); 5595 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5596 5597 /* 5598 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5599 * decrease voltage back to 1.2V. 5600 */ 5601 run_read(sc, RT3070_LDO_CFG0, &tmp); 5602 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5603 run_write(sc, RT3070_LDO_CFG0, tmp); 5604 run_delay(sc, 1); 5605 tmp = (tmp & ~0x1f000000) | 0x01000000; 5606 run_write(sc, RT3070_LDO_CFG0, tmp); 5607 5608 sc->rf24_20mhz = 0x1f; 5609 sc->rf24_40mhz = 0x2f; 5610 5611 /* Save default BBP registers 25 and 26 values. */ 5612 run_bbp_read(sc, 25, &sc->bbp25); 5613 run_bbp_read(sc, 26, &sc->bbp26); 5614 5615 run_read(sc, RT3070_OPT_14, &tmp); 5616 run_write(sc, RT3070_OPT_14, tmp | 1); 5617 } 5618 5619 static void 5620 run_rt5390_rf_init(struct run_softc *sc) 5621 { 5622 uint32_t tmp; 5623 uint8_t rf; 5624 u_int i; 5625 5626 /* Toggle RF R2 to initiate calibration. */ 5627 if (sc->mac_ver == 0x5390) { 5628 run_rt3070_rf_read(sc, 2, &rf); 5629 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5630 run_delay(sc, 10); 5631 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5632 } else { 5633 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5634 run_delay(sc, 10); 5635 } 5636 5637 /* Initialize RF registers to default value. */ 5638 if (sc->mac_ver == 0x5592) { 5639 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5640 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5641 rt5592_def_rf[i].val); 5642 } 5643 /* Initialize RF frequency offset. */ 5644 run_adjust_freq_offset(sc); 5645 } else if (sc->mac_ver == 0x5392) { 5646 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5647 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5648 rt5392_def_rf[i].val); 5649 } 5650 if (sc->mac_rev >= 0x0223) { 5651 run_rt3070_rf_write(sc, 23, 0x0f); 5652 run_rt3070_rf_write(sc, 24, 0x3e); 5653 run_rt3070_rf_write(sc, 51, 0x32); 5654 run_rt3070_rf_write(sc, 53, 0x22); 5655 run_rt3070_rf_write(sc, 56, 0xc1); 5656 run_rt3070_rf_write(sc, 59, 0x0f); 5657 } 5658 } else { 5659 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5660 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5661 rt5390_def_rf[i].val); 5662 } 5663 if (sc->mac_rev >= 0x0502) { 5664 run_rt3070_rf_write(sc, 6, 0xe0); 5665 run_rt3070_rf_write(sc, 25, 0x80); 5666 run_rt3070_rf_write(sc, 46, 0x73); 5667 run_rt3070_rf_write(sc, 53, 0x00); 5668 run_rt3070_rf_write(sc, 56, 0x42); 5669 run_rt3070_rf_write(sc, 61, 0xd1); 5670 } 5671 } 5672 5673 sc->rf24_20mhz = 0x1f; /* default value */ 5674 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5675 5676 if (sc->mac_rev < 0x0211) 5677 run_rt3070_rf_write(sc, 27, 0x3); 5678 5679 run_read(sc, RT3070_OPT_14, &tmp); 5680 run_write(sc, RT3070_OPT_14, tmp | 1); 5681 } 5682 5683 static int 5684 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5685 uint8_t *val) 5686 { 5687 uint8_t rf22, rf24; 5688 uint8_t bbp55_pb, bbp55_sb, delta; 5689 int ntries; 5690 5691 /* program filter */ 5692 run_rt3070_rf_read(sc, 24, &rf24); 5693 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5694 run_rt3070_rf_write(sc, 24, rf24); 5695 5696 /* enable baseband loopback mode */ 5697 run_rt3070_rf_read(sc, 22, &rf22); 5698 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5699 5700 /* set power and frequency of passband test tone */ 5701 run_bbp_write(sc, 24, 0x00); 5702 for (ntries = 0; ntries < 100; ntries++) { 5703 /* transmit test tone */ 5704 run_bbp_write(sc, 25, 0x90); 5705 run_delay(sc, 10); 5706 /* read received power */ 5707 run_bbp_read(sc, 55, &bbp55_pb); 5708 if (bbp55_pb != 0) 5709 break; 5710 } 5711 if (ntries == 100) 5712 return (ETIMEDOUT); 5713 5714 /* set power and frequency of stopband test tone */ 5715 run_bbp_write(sc, 24, 0x06); 5716 for (ntries = 0; ntries < 100; ntries++) { 5717 /* transmit test tone */ 5718 run_bbp_write(sc, 25, 0x90); 5719 run_delay(sc, 10); 5720 /* read received power */ 5721 run_bbp_read(sc, 55, &bbp55_sb); 5722 5723 delta = bbp55_pb - bbp55_sb; 5724 if (delta > target) 5725 break; 5726 5727 /* reprogram filter */ 5728 rf24++; 5729 run_rt3070_rf_write(sc, 24, rf24); 5730 } 5731 if (ntries < 100) { 5732 if (rf24 != init) 5733 rf24--; /* backtrack */ 5734 *val = rf24; 5735 run_rt3070_rf_write(sc, 24, rf24); 5736 } 5737 5738 /* restore initial state */ 5739 run_bbp_write(sc, 24, 0x00); 5740 5741 /* disable baseband loopback mode */ 5742 run_rt3070_rf_read(sc, 22, &rf22); 5743 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5744 5745 return (0); 5746 } 5747 5748 static void 5749 run_rt3070_rf_setup(struct run_softc *sc) 5750 { 5751 uint8_t bbp, rf; 5752 int i; 5753 5754 if (sc->mac_ver == 0x3572) { 5755 /* enable DC filter */ 5756 if (sc->mac_rev >= 0x0201) 5757 run_bbp_write(sc, 103, 0xc0); 5758 5759 run_bbp_read(sc, 138, &bbp); 5760 if (sc->ntxchains == 1) 5761 bbp |= 0x20; /* turn off DAC1 */ 5762 if (sc->nrxchains == 1) 5763 bbp &= ~0x02; /* turn off ADC1 */ 5764 run_bbp_write(sc, 138, bbp); 5765 5766 if (sc->mac_rev >= 0x0211) { 5767 /* improve power consumption */ 5768 run_bbp_read(sc, 31, &bbp); 5769 run_bbp_write(sc, 31, bbp & ~0x03); 5770 } 5771 5772 run_rt3070_rf_read(sc, 16, &rf); 5773 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5774 run_rt3070_rf_write(sc, 16, rf); 5775 5776 } else if (sc->mac_ver == 0x3071) { 5777 if (sc->mac_rev >= 0x0211) { 5778 /* enable DC filter */ 5779 run_bbp_write(sc, 103, 0xc0); 5780 5781 /* improve power consumption */ 5782 run_bbp_read(sc, 31, &bbp); 5783 run_bbp_write(sc, 31, bbp & ~0x03); 5784 } 5785 5786 run_bbp_read(sc, 138, &bbp); 5787 if (sc->ntxchains == 1) 5788 bbp |= 0x20; /* turn off DAC1 */ 5789 if (sc->nrxchains == 1) 5790 bbp &= ~0x02; /* turn off ADC1 */ 5791 run_bbp_write(sc, 138, bbp); 5792 5793 run_write(sc, RT2860_TX_SW_CFG1, 0); 5794 if (sc->mac_rev < 0x0211) { 5795 run_write(sc, RT2860_TX_SW_CFG2, 5796 sc->patch_dac ? 0x2c : 0x0f); 5797 } else 5798 run_write(sc, RT2860_TX_SW_CFG2, 0); 5799 5800 } else if (sc->mac_ver == 0x3070) { 5801 if (sc->mac_rev >= 0x0201) { 5802 /* enable DC filter */ 5803 run_bbp_write(sc, 103, 0xc0); 5804 5805 /* improve power consumption */ 5806 run_bbp_read(sc, 31, &bbp); 5807 run_bbp_write(sc, 31, bbp & ~0x03); 5808 } 5809 5810 if (sc->mac_rev < 0x0201) { 5811 run_write(sc, RT2860_TX_SW_CFG1, 0); 5812 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5813 } else 5814 run_write(sc, RT2860_TX_SW_CFG2, 0); 5815 } 5816 5817 /* initialize RF registers from ROM for >=RT3071*/ 5818 if (sc->mac_ver >= 0x3071) { 5819 for (i = 0; i < 10; i++) { 5820 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5821 continue; 5822 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5823 } 5824 } 5825 } 5826 5827 static void 5828 run_rt3593_rf_setup(struct run_softc *sc) 5829 { 5830 uint8_t bbp, rf; 5831 5832 if (sc->mac_rev >= 0x0211) { 5833 /* Enable DC filter. */ 5834 run_bbp_write(sc, 103, 0xc0); 5835 } 5836 run_write(sc, RT2860_TX_SW_CFG1, 0); 5837 if (sc->mac_rev < 0x0211) { 5838 run_write(sc, RT2860_TX_SW_CFG2, 5839 sc->patch_dac ? 0x2c : 0x0f); 5840 } else 5841 run_write(sc, RT2860_TX_SW_CFG2, 0); 5842 5843 run_rt3070_rf_read(sc, 50, &rf); 5844 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5845 5846 run_rt3070_rf_read(sc, 51, &rf); 5847 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5848 ((sc->txmixgain_2ghz & 0x07) << 2); 5849 run_rt3070_rf_write(sc, 51, rf); 5850 5851 run_rt3070_rf_read(sc, 38, &rf); 5852 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5853 5854 run_rt3070_rf_read(sc, 39, &rf); 5855 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5856 5857 run_rt3070_rf_read(sc, 1, &rf); 5858 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5859 5860 run_rt3070_rf_read(sc, 30, &rf); 5861 rf = (rf & ~0x18) | 0x10; 5862 run_rt3070_rf_write(sc, 30, rf); 5863 5864 /* Apply maximum likelihood detection for 2 stream case. */ 5865 run_bbp_read(sc, 105, &bbp); 5866 if (sc->nrxchains > 1) 5867 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5868 5869 /* Avoid data lost and CRC error. */ 5870 run_bbp_read(sc, 4, &bbp); 5871 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5872 5873 run_bbp_write(sc, 92, 0x02); 5874 run_bbp_write(sc, 82, 0x82); 5875 run_bbp_write(sc, 106, 0x05); 5876 run_bbp_write(sc, 104, 0x92); 5877 run_bbp_write(sc, 88, 0x90); 5878 run_bbp_write(sc, 148, 0xc8); 5879 run_bbp_write(sc, 47, 0x48); 5880 run_bbp_write(sc, 120, 0x50); 5881 5882 run_bbp_write(sc, 163, 0x9d); 5883 5884 /* SNR mapping. */ 5885 run_bbp_write(sc, 142, 0x06); 5886 run_bbp_write(sc, 143, 0xa0); 5887 run_bbp_write(sc, 142, 0x07); 5888 run_bbp_write(sc, 143, 0xa1); 5889 run_bbp_write(sc, 142, 0x08); 5890 run_bbp_write(sc, 143, 0xa2); 5891 5892 run_bbp_write(sc, 31, 0x08); 5893 run_bbp_write(sc, 68, 0x0b); 5894 run_bbp_write(sc, 105, 0x04); 5895 } 5896 5897 static void 5898 run_rt5390_rf_setup(struct run_softc *sc) 5899 { 5900 uint8_t bbp, rf; 5901 5902 if (sc->mac_rev >= 0x0211) { 5903 /* Enable DC filter. */ 5904 run_bbp_write(sc, 103, 0xc0); 5905 5906 if (sc->mac_ver != 0x5592) { 5907 /* Improve power consumption. */ 5908 run_bbp_read(sc, 31, &bbp); 5909 run_bbp_write(sc, 31, bbp & ~0x03); 5910 } 5911 } 5912 5913 run_bbp_read(sc, 138, &bbp); 5914 if (sc->ntxchains == 1) 5915 bbp |= 0x20; /* turn off DAC1 */ 5916 if (sc->nrxchains == 1) 5917 bbp &= ~0x02; /* turn off ADC1 */ 5918 run_bbp_write(sc, 138, bbp); 5919 5920 run_rt3070_rf_read(sc, 38, &rf); 5921 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5922 5923 run_rt3070_rf_read(sc, 39, &rf); 5924 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5925 5926 /* Avoid data lost and CRC error. */ 5927 run_bbp_read(sc, 4, &bbp); 5928 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5929 5930 run_rt3070_rf_read(sc, 30, &rf); 5931 rf = (rf & ~0x18) | 0x10; 5932 run_rt3070_rf_write(sc, 30, rf); 5933 5934 if (sc->mac_ver != 0x5592) { 5935 run_write(sc, RT2860_TX_SW_CFG1, 0); 5936 if (sc->mac_rev < 0x0211) { 5937 run_write(sc, RT2860_TX_SW_CFG2, 5938 sc->patch_dac ? 0x2c : 0x0f); 5939 } else 5940 run_write(sc, RT2860_TX_SW_CFG2, 0); 5941 } 5942 } 5943 5944 static int 5945 run_txrx_enable(struct run_softc *sc) 5946 { 5947 struct ieee80211com *ic = &sc->sc_ic; 5948 uint32_t tmp; 5949 int error, ntries; 5950 5951 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5952 for (ntries = 0; ntries < 200; ntries++) { 5953 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5954 return (error); 5955 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5956 break; 5957 run_delay(sc, 50); 5958 } 5959 if (ntries == 200) 5960 return (ETIMEDOUT); 5961 5962 run_delay(sc, 50); 5963 5964 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5965 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5966 5967 /* enable Rx bulk aggregation (set timeout and limit) */ 5968 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5969 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5970 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5971 5972 /* set Rx filter */ 5973 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5974 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5975 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5976 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5977 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5978 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5979 if (ic->ic_opmode == IEEE80211_M_STA) 5980 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5981 } 5982 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5983 5984 run_write(sc, RT2860_MAC_SYS_CTRL, 5985 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5986 5987 return (0); 5988 } 5989 5990 static void 5991 run_adjust_freq_offset(struct run_softc *sc) 5992 { 5993 uint8_t rf, tmp; 5994 5995 run_rt3070_rf_read(sc, 17, &rf); 5996 tmp = rf; 5997 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5998 rf = MIN(rf, 0x5f); 5999 6000 if (tmp != rf) 6001 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 6002 } 6003 6004 static void 6005 run_init_locked(struct run_softc *sc) 6006 { 6007 struct ieee80211com *ic = &sc->sc_ic; 6008 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6009 uint32_t tmp; 6010 uint8_t bbp1, bbp3; 6011 int i; 6012 int ridx; 6013 int ntries; 6014 6015 if (ic->ic_nrunning > 1) 6016 return; 6017 6018 run_stop(sc); 6019 6020 if (run_load_microcode(sc) != 0) { 6021 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6022 goto fail; 6023 } 6024 6025 for (ntries = 0; ntries < 100; ntries++) { 6026 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6027 goto fail; 6028 if (tmp != 0 && tmp != 0xffffffff) 6029 break; 6030 run_delay(sc, 10); 6031 } 6032 if (ntries == 100) 6033 goto fail; 6034 6035 for (i = 0; i != RUN_EP_QUEUES; i++) 6036 run_setup_tx_list(sc, &sc->sc_epq[i]); 6037 6038 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6039 6040 for (ntries = 0; ntries < 100; ntries++) { 6041 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6042 goto fail; 6043 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6044 break; 6045 run_delay(sc, 10); 6046 } 6047 if (ntries == 100) { 6048 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6049 goto fail; 6050 } 6051 tmp &= 0xff0; 6052 tmp |= RT2860_TX_WB_DDONE; 6053 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6054 6055 /* turn off PME_OEN to solve high-current issue */ 6056 run_read(sc, RT2860_SYS_CTRL, &tmp); 6057 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6058 6059 run_write(sc, RT2860_MAC_SYS_CTRL, 6060 RT2860_BBP_HRST | RT2860_MAC_SRST); 6061 run_write(sc, RT2860_USB_DMA_CFG, 0); 6062 6063 if (run_reset(sc) != 0) { 6064 device_printf(sc->sc_dev, "could not reset chipset\n"); 6065 goto fail; 6066 } 6067 6068 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6069 6070 /* init Tx power for all Tx rates (from EEPROM) */ 6071 for (ridx = 0; ridx < 5; ridx++) { 6072 if (sc->txpow20mhz[ridx] == 0xffffffff) 6073 continue; 6074 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6075 } 6076 6077 for (i = 0; i < nitems(rt2870_def_mac); i++) 6078 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6079 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6080 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6081 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6082 6083 if (sc->mac_ver >= 0x5390) { 6084 run_write(sc, RT2860_TX_SW_CFG0, 6085 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6086 if (sc->mac_ver >= 0x5392) { 6087 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6088 if (sc->mac_ver == 0x5592) { 6089 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6090 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6091 } else { 6092 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6093 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6094 } 6095 } 6096 } else if (sc->mac_ver == 0x3593) { 6097 run_write(sc, RT2860_TX_SW_CFG0, 6098 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6099 } else if (sc->mac_ver >= 0x3070) { 6100 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6101 run_write(sc, RT2860_TX_SW_CFG0, 6102 4 << RT2860_DLY_PAPE_EN_SHIFT); 6103 } 6104 6105 /* wait while MAC is busy */ 6106 for (ntries = 0; ntries < 100; ntries++) { 6107 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6108 goto fail; 6109 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6110 break; 6111 run_delay(sc, 10); 6112 } 6113 if (ntries == 100) 6114 goto fail; 6115 6116 /* clear Host to MCU mailbox */ 6117 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6118 run_write(sc, RT2860_H2M_MAILBOX, 0); 6119 run_delay(sc, 10); 6120 6121 if (run_bbp_init(sc) != 0) { 6122 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6123 goto fail; 6124 } 6125 6126 /* abort TSF synchronization */ 6127 run_disable_tsf(sc); 6128 6129 /* clear RX WCID search table */ 6130 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6131 /* clear WCID attribute table */ 6132 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6133 6134 /* hostapd sets a key before init. So, don't clear it. */ 6135 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6136 /* clear shared key table */ 6137 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6138 /* clear shared key mode */ 6139 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6140 } 6141 6142 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6143 tmp = (tmp & ~0xff) | 0x1e; 6144 run_write(sc, RT2860_US_CYC_CNT, tmp); 6145 6146 if (sc->mac_rev != 0x0101) 6147 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6148 6149 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6150 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6151 6152 /* write vendor-specific BBP values (from EEPROM) */ 6153 if (sc->mac_ver < 0x3593) { 6154 for (i = 0; i < 10; i++) { 6155 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6156 continue; 6157 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6158 } 6159 } 6160 6161 /* select Main antenna for 1T1R devices */ 6162 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6163 run_set_rx_antenna(sc, 0); 6164 6165 /* send LEDs operating mode to microcontroller */ 6166 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6167 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6168 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6169 6170 if (sc->mac_ver >= 0x5390) 6171 run_rt5390_rf_init(sc); 6172 else if (sc->mac_ver == 0x3593) 6173 run_rt3593_rf_init(sc); 6174 else if (sc->mac_ver >= 0x3070) 6175 run_rt3070_rf_init(sc); 6176 6177 /* disable non-existing Rx chains */ 6178 run_bbp_read(sc, 3, &bbp3); 6179 bbp3 &= ~(1 << 3 | 1 << 4); 6180 if (sc->nrxchains == 2) 6181 bbp3 |= 1 << 3; 6182 else if (sc->nrxchains == 3) 6183 bbp3 |= 1 << 4; 6184 run_bbp_write(sc, 3, bbp3); 6185 6186 /* disable non-existing Tx chains */ 6187 run_bbp_read(sc, 1, &bbp1); 6188 if (sc->ntxchains == 1) 6189 bbp1 &= ~(1 << 3 | 1 << 4); 6190 run_bbp_write(sc, 1, bbp1); 6191 6192 if (sc->mac_ver >= 0x5390) 6193 run_rt5390_rf_setup(sc); 6194 else if (sc->mac_ver == 0x3593) 6195 run_rt3593_rf_setup(sc); 6196 else if (sc->mac_ver >= 0x3070) 6197 run_rt3070_rf_setup(sc); 6198 6199 /* select default channel */ 6200 run_set_chan(sc, ic->ic_curchan); 6201 6202 /* setup initial protection mode */ 6203 run_updateprot_cb(ic); 6204 6205 /* turn radio LED on */ 6206 run_set_leds(sc, RT2860_LED_RADIO); 6207 6208 sc->sc_flags |= RUN_RUNNING; 6209 sc->cmdq_run = RUN_CMDQ_GO; 6210 6211 for (i = 0; i != RUN_N_XFER; i++) 6212 usbd_xfer_set_stall(sc->sc_xfer[i]); 6213 6214 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6215 6216 if (run_txrx_enable(sc) != 0) 6217 goto fail; 6218 6219 return; 6220 6221 fail: 6222 run_stop(sc); 6223 } 6224 6225 static void 6226 run_stop(void *arg) 6227 { 6228 struct run_softc *sc = (struct run_softc *)arg; 6229 uint32_t tmp; 6230 int i; 6231 int ntries; 6232 6233 RUN_LOCK_ASSERT(sc, MA_OWNED); 6234 6235 if (sc->sc_flags & RUN_RUNNING) 6236 run_set_leds(sc, 0); /* turn all LEDs off */ 6237 6238 sc->sc_flags &= ~RUN_RUNNING; 6239 6240 sc->ratectl_run = RUN_RATECTL_OFF; 6241 sc->cmdq_run = sc->cmdq_key_set; 6242 6243 RUN_UNLOCK(sc); 6244 6245 for(i = 0; i < RUN_N_XFER; i++) 6246 usbd_transfer_drain(sc->sc_xfer[i]); 6247 6248 RUN_LOCK(sc); 6249 6250 run_drain_mbufq(sc); 6251 6252 if (sc->rx_m != NULL) { 6253 m_free(sc->rx_m); 6254 sc->rx_m = NULL; 6255 } 6256 6257 /* Disable Tx/Rx DMA. */ 6258 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6259 return; 6260 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6261 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6262 6263 for (ntries = 0; ntries < 100; ntries++) { 6264 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6265 return; 6266 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6267 break; 6268 run_delay(sc, 10); 6269 } 6270 if (ntries == 100) { 6271 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6272 return; 6273 } 6274 6275 /* disable Tx/Rx */ 6276 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6277 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6278 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6279 6280 /* wait for pending Tx to complete */ 6281 for (ntries = 0; ntries < 100; ntries++) { 6282 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6283 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6284 "Cannot read Tx queue count\n"); 6285 break; 6286 } 6287 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6288 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6289 "All Tx cleared\n"); 6290 break; 6291 } 6292 run_delay(sc, 10); 6293 } 6294 if (ntries >= 100) 6295 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6296 "There are still pending Tx\n"); 6297 run_delay(sc, 10); 6298 run_write(sc, RT2860_USB_DMA_CFG, 0); 6299 6300 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6301 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6302 6303 for (i = 0; i != RUN_EP_QUEUES; i++) 6304 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6305 } 6306 6307 static void 6308 run_delay(struct run_softc *sc, u_int ms) 6309 { 6310 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6311 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6312 } 6313 6314 static device_method_t run_methods[] = { 6315 /* Device interface */ 6316 DEVMETHOD(device_probe, run_match), 6317 DEVMETHOD(device_attach, run_attach), 6318 DEVMETHOD(device_detach, run_detach), 6319 DEVMETHOD_END 6320 }; 6321 6322 static driver_t run_driver = { 6323 .name = "run", 6324 .methods = run_methods, 6325 .size = sizeof(struct run_softc) 6326 }; 6327 6328 static devclass_t run_devclass; 6329 6330 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6331 MODULE_DEPEND(run, wlan, 1, 1, 1); 6332 MODULE_DEPEND(run, usb, 1, 1, 1); 6333 MODULE_DEPEND(run, firmware, 1, 1, 1); 6334 MODULE_VERSION(run, 1); 6335 USB_PNP_HOST_INFO(run_devs); 6336