1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 #define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103 #define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(NETGEAR, WNDA4100), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324 #undef RUN_DEV_EJECT 325 #undef RUN_DEV 326 }; 327 328 static device_probe_t run_match; 329 static device_attach_t run_attach; 330 static device_detach_t run_detach; 331 332 static usb_callback_t run_bulk_rx_callback; 333 static usb_callback_t run_bulk_tx_callback0; 334 static usb_callback_t run_bulk_tx_callback1; 335 static usb_callback_t run_bulk_tx_callback2; 336 static usb_callback_t run_bulk_tx_callback3; 337 static usb_callback_t run_bulk_tx_callback4; 338 static usb_callback_t run_bulk_tx_callback5; 339 340 static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342 static int run_driver_loaded(struct module *, int, void *); 343 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349 static void run_vap_delete(struct ieee80211vap *); 350 static void run_cmdq_cb(void *, int); 351 static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355 static int run_load_microcode(struct run_softc *); 356 static int run_reset(struct run_softc *); 357 static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359 static int run_read(struct run_softc *, uint16_t, uint32_t *); 360 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362 static int run_write(struct run_softc *, uint16_t, uint32_t); 363 static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375 static const char *run_get_rf(uint16_t); 376 static void run_rt3593_get_txpower(struct run_softc *); 377 static void run_get_txpower(struct run_softc *); 378 static int run_read_eeprom(struct run_softc *); 379 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381 static int run_media_change(struct ifnet *); 382 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383 static int run_wme_update(struct ieee80211com *); 384 static void run_wme_update_cb(void *); 385 static void run_key_set_cb(void *); 386 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 387 static void run_key_delete_cb(void *); 388 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 389 static void run_ratectl_to(void *); 390 static void run_ratectl_cb(void *, int); 391 static void run_drain_fifo(void *); 392 static void run_iter_func(void *, struct ieee80211_node *); 393 static void run_newassoc_cb(void *); 394 static void run_newassoc(struct ieee80211_node *, int); 395 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 396 const struct ieee80211_rx_stats *, int, int); 397 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 398 static void run_tx_free(struct run_endpoint_queue *pq, 399 struct run_tx_data *, int); 400 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 401 static int run_tx(struct run_softc *, struct mbuf *, 402 struct ieee80211_node *); 403 static int run_tx_mgt(struct run_softc *, struct mbuf *, 404 struct ieee80211_node *); 405 static int run_sendprot(struct run_softc *, const struct mbuf *, 406 struct ieee80211_node *, int, int); 407 static int run_tx_param(struct run_softc *, struct mbuf *, 408 struct ieee80211_node *, 409 const struct ieee80211_bpf_params *); 410 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 411 const struct ieee80211_bpf_params *); 412 static int run_transmit(struct ieee80211com *, struct mbuf *); 413 static void run_start(struct run_softc *); 414 static void run_parent(struct ieee80211com *); 415 static void run_iq_calib(struct run_softc *, u_int); 416 static void run_set_agc(struct run_softc *, uint8_t); 417 static void run_select_chan_group(struct run_softc *, int); 418 static void run_set_rx_antenna(struct run_softc *, int); 419 static void run_rt2870_set_chan(struct run_softc *, u_int); 420 static void run_rt3070_set_chan(struct run_softc *, u_int); 421 static void run_rt3572_set_chan(struct run_softc *, u_int); 422 static void run_rt3593_set_chan(struct run_softc *, u_int); 423 static void run_rt5390_set_chan(struct run_softc *, u_int); 424 static void run_rt5592_set_chan(struct run_softc *, u_int); 425 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 426 static void run_set_channel(struct ieee80211com *); 427 static void run_scan_start(struct ieee80211com *); 428 static void run_scan_end(struct ieee80211com *); 429 static void run_update_beacon(struct ieee80211vap *, int); 430 static void run_update_beacon_cb(void *); 431 static void run_updateprot(struct ieee80211com *); 432 static void run_updateprot_cb(void *); 433 static void run_usb_timeout_cb(void *); 434 static void run_reset_livelock(struct run_softc *); 435 static void run_enable_tsf_sync(struct run_softc *); 436 static void run_enable_tsf(struct run_softc *); 437 static void run_get_tsf(struct run_softc *, uint64_t *); 438 static void run_enable_mrr(struct run_softc *); 439 static void run_set_txpreamble(struct run_softc *); 440 static void run_set_basicrates(struct run_softc *); 441 static void run_set_leds(struct run_softc *, uint16_t); 442 static void run_set_bssid(struct run_softc *, const uint8_t *); 443 static void run_set_macaddr(struct run_softc *, const uint8_t *); 444 static void run_updateslot(struct ieee80211com *); 445 static void run_updateslot_cb(void *); 446 static void run_update_mcast(struct ieee80211com *); 447 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 448 static void run_update_promisc_locked(struct run_softc *); 449 static void run_update_promisc(struct ieee80211com *); 450 static void run_rt5390_bbp_init(struct run_softc *); 451 static int run_bbp_init(struct run_softc *); 452 static int run_rt3070_rf_init(struct run_softc *); 453 static void run_rt3593_rf_init(struct run_softc *); 454 static void run_rt5390_rf_init(struct run_softc *); 455 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 456 uint8_t *); 457 static void run_rt3070_rf_setup(struct run_softc *); 458 static void run_rt3593_rf_setup(struct run_softc *); 459 static void run_rt5390_rf_setup(struct run_softc *); 460 static int run_txrx_enable(struct run_softc *); 461 static void run_adjust_freq_offset(struct run_softc *); 462 static void run_init_locked(struct run_softc *); 463 static void run_stop(void *); 464 static void run_delay(struct run_softc *, u_int); 465 466 static eventhandler_tag run_etag; 467 468 static const struct rt2860_rate { 469 uint8_t rate; 470 uint8_t mcs; 471 enum ieee80211_phytype phy; 472 uint8_t ctl_ridx; 473 uint16_t sp_ack_dur; 474 uint16_t lp_ack_dur; 475 } rt2860_rates[] = { 476 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 477 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 478 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 479 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 480 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 481 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 482 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 483 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 484 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 485 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 486 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 487 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 488 }; 489 490 static const struct { 491 uint16_t reg; 492 uint32_t val; 493 } rt2870_def_mac[] = { 494 RT2870_DEF_MAC 495 }; 496 497 static const struct { 498 uint8_t reg; 499 uint8_t val; 500 } rt2860_def_bbp[] = { 501 RT2860_DEF_BBP 502 },rt5390_def_bbp[] = { 503 RT5390_DEF_BBP 504 },rt5592_def_bbp[] = { 505 RT5592_DEF_BBP 506 }; 507 508 /* 509 * Default values for BBP register R196 for RT5592. 510 */ 511 static const uint8_t rt5592_bbp_r196[] = { 512 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 513 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 514 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 515 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 516 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 517 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 518 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 519 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 520 0x2e, 0x36, 0x30, 0x6e 521 }; 522 523 static const struct rfprog { 524 uint8_t chan; 525 uint32_t r1, r2, r3, r4; 526 } rt2860_rf2850[] = { 527 RT2860_RF2850 528 }; 529 530 struct { 531 uint8_t n, r, k; 532 } rt3070_freqs[] = { 533 RT3070_RF3052 534 }; 535 536 static const struct rt5592_freqs { 537 uint16_t n; 538 uint8_t k, m, r; 539 } rt5592_freqs_20mhz[] = { 540 RT5592_RF5592_20MHZ 541 },rt5592_freqs_40mhz[] = { 542 RT5592_RF5592_40MHZ 543 }; 544 545 static const struct { 546 uint8_t reg; 547 uint8_t val; 548 } rt3070_def_rf[] = { 549 RT3070_DEF_RF 550 },rt3572_def_rf[] = { 551 RT3572_DEF_RF 552 },rt3593_def_rf[] = { 553 RT3593_DEF_RF 554 },rt5390_def_rf[] = { 555 RT5390_DEF_RF 556 },rt5392_def_rf[] = { 557 RT5392_DEF_RF 558 },rt5592_def_rf[] = { 559 RT5592_DEF_RF 560 },rt5592_2ghz_def_rf[] = { 561 RT5592_2GHZ_DEF_RF 562 },rt5592_5ghz_def_rf[] = { 563 RT5592_5GHZ_DEF_RF 564 }; 565 566 static const struct { 567 u_int firstchan; 568 u_int lastchan; 569 uint8_t reg; 570 uint8_t val; 571 } rt5592_chan_5ghz[] = { 572 RT5592_CHAN_5GHZ 573 }; 574 575 static const struct usb_config run_config[RUN_N_XFER] = { 576 [RUN_BULK_TX_BE] = { 577 .type = UE_BULK, 578 .endpoint = UE_ADDR_ANY, 579 .ep_index = 0, 580 .direction = UE_DIR_OUT, 581 .bufsize = RUN_MAX_TXSZ, 582 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 583 .callback = run_bulk_tx_callback0, 584 .timeout = 5000, /* ms */ 585 }, 586 [RUN_BULK_TX_BK] = { 587 .type = UE_BULK, 588 .endpoint = UE_ADDR_ANY, 589 .direction = UE_DIR_OUT, 590 .ep_index = 1, 591 .bufsize = RUN_MAX_TXSZ, 592 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 593 .callback = run_bulk_tx_callback1, 594 .timeout = 5000, /* ms */ 595 }, 596 [RUN_BULK_TX_VI] = { 597 .type = UE_BULK, 598 .endpoint = UE_ADDR_ANY, 599 .direction = UE_DIR_OUT, 600 .ep_index = 2, 601 .bufsize = RUN_MAX_TXSZ, 602 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 603 .callback = run_bulk_tx_callback2, 604 .timeout = 5000, /* ms */ 605 }, 606 [RUN_BULK_TX_VO] = { 607 .type = UE_BULK, 608 .endpoint = UE_ADDR_ANY, 609 .direction = UE_DIR_OUT, 610 .ep_index = 3, 611 .bufsize = RUN_MAX_TXSZ, 612 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 613 .callback = run_bulk_tx_callback3, 614 .timeout = 5000, /* ms */ 615 }, 616 [RUN_BULK_TX_HCCA] = { 617 .type = UE_BULK, 618 .endpoint = UE_ADDR_ANY, 619 .direction = UE_DIR_OUT, 620 .ep_index = 4, 621 .bufsize = RUN_MAX_TXSZ, 622 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 623 .callback = run_bulk_tx_callback4, 624 .timeout = 5000, /* ms */ 625 }, 626 [RUN_BULK_TX_PRIO] = { 627 .type = UE_BULK, 628 .endpoint = UE_ADDR_ANY, 629 .direction = UE_DIR_OUT, 630 .ep_index = 5, 631 .bufsize = RUN_MAX_TXSZ, 632 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 633 .callback = run_bulk_tx_callback5, 634 .timeout = 5000, /* ms */ 635 }, 636 [RUN_BULK_RX] = { 637 .type = UE_BULK, 638 .endpoint = UE_ADDR_ANY, 639 .direction = UE_DIR_IN, 640 .bufsize = RUN_MAX_RXSZ, 641 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 642 .callback = run_bulk_rx_callback, 643 } 644 }; 645 646 static void 647 run_autoinst(void *arg, struct usb_device *udev, 648 struct usb_attach_arg *uaa) 649 { 650 struct usb_interface *iface; 651 struct usb_interface_descriptor *id; 652 653 if (uaa->dev_state != UAA_DEV_READY) 654 return; 655 656 iface = usbd_get_iface(udev, 0); 657 if (iface == NULL) 658 return; 659 id = iface->idesc; 660 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 661 return; 662 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 663 return; 664 665 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 666 uaa->dev_state = UAA_DEV_EJECTING; 667 } 668 669 static int 670 run_driver_loaded(struct module *mod, int what, void *arg) 671 { 672 switch (what) { 673 case MOD_LOAD: 674 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 675 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 676 break; 677 case MOD_UNLOAD: 678 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 679 break; 680 default: 681 return (EOPNOTSUPP); 682 } 683 return (0); 684 } 685 686 static int 687 run_match(device_t self) 688 { 689 struct usb_attach_arg *uaa = device_get_ivars(self); 690 691 if (uaa->usb_mode != USB_MODE_HOST) 692 return (ENXIO); 693 if (uaa->info.bConfigIndex != 0) 694 return (ENXIO); 695 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 696 return (ENXIO); 697 698 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 699 } 700 701 static int 702 run_attach(device_t self) 703 { 704 struct run_softc *sc = device_get_softc(self); 705 struct usb_attach_arg *uaa = device_get_ivars(self); 706 struct ieee80211com *ic = &sc->sc_ic; 707 uint32_t ver; 708 int ntries, error; 709 uint8_t iface_index, bands; 710 711 device_set_usb_desc(self); 712 sc->sc_udev = uaa->device; 713 sc->sc_dev = self; 714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 716 717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 718 MTX_NETWORK_LOCK, MTX_DEF); 719 mbufq_init(&sc->sc_snd, ifqmaxlen); 720 721 iface_index = RT2860_IFACE_INDEX; 722 723 error = usbd_transfer_setup(uaa->device, &iface_index, 724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 725 if (error) { 726 device_printf(self, "could not allocate USB transfers, " 727 "err=%s\n", usbd_errstr(error)); 728 goto detach; 729 } 730 731 RUN_LOCK(sc); 732 733 /* wait for the chip to settle */ 734 for (ntries = 0; ntries < 100; ntries++) { 735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 736 RUN_UNLOCK(sc); 737 goto detach; 738 } 739 if (ver != 0 && ver != 0xffffffff) 740 break; 741 run_delay(sc, 10); 742 } 743 if (ntries == 100) { 744 device_printf(sc->sc_dev, 745 "timeout waiting for NIC to initialize\n"); 746 RUN_UNLOCK(sc); 747 goto detach; 748 } 749 sc->mac_ver = ver >> 16; 750 sc->mac_rev = ver & 0xffff; 751 752 /* retrieve RF rev. no and various other things from EEPROM */ 753 run_read_eeprom(sc); 754 755 device_printf(sc->sc_dev, 756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 759 760 RUN_UNLOCK(sc); 761 762 ic->ic_softc = sc; 763 ic->ic_name = device_get_nameunit(self); 764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 766 767 /* set device capabilities */ 768 ic->ic_caps = 769 IEEE80211_C_STA | /* station mode supported */ 770 IEEE80211_C_MONITOR | /* monitor mode supported */ 771 IEEE80211_C_IBSS | 772 IEEE80211_C_HOSTAP | 773 IEEE80211_C_WDS | /* 4-address traffic works */ 774 IEEE80211_C_MBSS | 775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 776 IEEE80211_C_SHSLOT | /* short slot time supported */ 777 IEEE80211_C_WME | /* WME */ 778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 779 780 ic->ic_cryptocaps = 781 IEEE80211_CRYPTO_WEP | 782 IEEE80211_CRYPTO_AES_CCM | 783 IEEE80211_CRYPTO_TKIPMIC | 784 IEEE80211_CRYPTO_TKIP; 785 786 ic->ic_flags |= IEEE80211_F_DATAPAD; 787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 788 789 bands = 0; 790 setbit(&bands, IEEE80211_MODE_11B); 791 setbit(&bands, IEEE80211_MODE_11G); 792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 794 sc->rf_rev == RT5592_RF_5592) 795 setbit(&bands, IEEE80211_MODE_11A); 796 ieee80211_init_channels(ic, NULL, &bands); 797 798 ieee80211_ifattach(ic); 799 800 ic->ic_scan_start = run_scan_start; 801 ic->ic_scan_end = run_scan_end; 802 ic->ic_set_channel = run_set_channel; 803 ic->ic_node_alloc = run_node_alloc; 804 ic->ic_newassoc = run_newassoc; 805 ic->ic_updateslot = run_updateslot; 806 ic->ic_update_mcast = run_update_mcast; 807 ic->ic_wme.wme_update = run_wme_update; 808 ic->ic_raw_xmit = run_raw_xmit; 809 ic->ic_update_promisc = run_update_promisc; 810 ic->ic_vap_create = run_vap_create; 811 ic->ic_vap_delete = run_vap_delete; 812 ic->ic_transmit = run_transmit; 813 ic->ic_parent = run_parent; 814 815 ieee80211_radiotap_attach(ic, 816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 817 RUN_TX_RADIOTAP_PRESENT, 818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 819 RUN_RX_RADIOTAP_PRESENT); 820 821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 824 825 if (bootverbose) 826 ieee80211_announce(ic); 827 828 return (0); 829 830 detach: 831 run_detach(self); 832 return (ENXIO); 833 } 834 835 static void 836 run_drain_mbufq(struct run_softc *sc) 837 { 838 struct mbuf *m; 839 struct ieee80211_node *ni; 840 841 RUN_LOCK_ASSERT(sc, MA_OWNED); 842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 844 m->m_pkthdr.rcvif = NULL; 845 ieee80211_free_node(ni); 846 m_freem(m); 847 } 848 } 849 850 static int 851 run_detach(device_t self) 852 { 853 struct run_softc *sc = device_get_softc(self); 854 struct ieee80211com *ic = &sc->sc_ic; 855 int i; 856 857 RUN_LOCK(sc); 858 sc->sc_detached = 1; 859 RUN_UNLOCK(sc); 860 861 /* stop all USB transfers */ 862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 863 864 RUN_LOCK(sc); 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 872 /* Free TX queue */ 873 run_drain_mbufq(sc); 874 RUN_UNLOCK(sc); 875 876 if (sc->sc_ic.ic_softc == sc) { 877 /* drain tasks */ 878 usb_callout_drain(&sc->ratectl_ch); 879 ieee80211_draintask(ic, &sc->cmdq_task); 880 ieee80211_draintask(ic, &sc->ratectl_task); 881 ieee80211_ifdetach(ic); 882 } 883 884 mtx_destroy(&sc->sc_mtx); 885 886 return (0); 887 } 888 889 static struct ieee80211vap * 890 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 891 enum ieee80211_opmode opmode, int flags, 892 const uint8_t bssid[IEEE80211_ADDR_LEN], 893 const uint8_t mac[IEEE80211_ADDR_LEN]) 894 { 895 struct run_softc *sc = ic->ic_softc; 896 struct run_vap *rvp; 897 struct ieee80211vap *vap; 898 int i; 899 900 if (sc->rvp_cnt >= RUN_VAP_MAX) { 901 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 902 return (NULL); 903 } 904 905 switch (opmode) { 906 case IEEE80211_M_STA: 907 /* enable s/w bmiss handling for sta mode */ 908 flags |= IEEE80211_CLONE_NOBEACONS; 909 /* fall though */ 910 case IEEE80211_M_IBSS: 911 case IEEE80211_M_MONITOR: 912 case IEEE80211_M_HOSTAP: 913 case IEEE80211_M_MBSS: 914 /* other than WDS vaps, only one at a time */ 915 if (!TAILQ_EMPTY(&ic->ic_vaps)) 916 return (NULL); 917 break; 918 case IEEE80211_M_WDS: 919 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 920 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 921 continue; 922 /* WDS vap's always share the local mac address. */ 923 flags &= ~IEEE80211_CLONE_BSSID; 924 break; 925 } 926 if (vap == NULL) { 927 device_printf(sc->sc_dev, 928 "wds only supported in ap mode\n"); 929 return (NULL); 930 } 931 break; 932 default: 933 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 934 return (NULL); 935 } 936 937 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 938 vap = &rvp->vap; 939 940 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 941 bssid) != 0) { 942 /* out of memory */ 943 free(rvp, M_80211_VAP); 944 return (NULL); 945 } 946 947 vap->iv_update_beacon = run_update_beacon; 948 vap->iv_max_aid = RT2870_WCID_MAX; 949 /* 950 * To delete the right key from h/w, we need wcid. 951 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 952 * and matching wcid will be written into there. So, cast 953 * some spells to remove 'const' from ieee80211_key{} 954 */ 955 vap->iv_key_delete = (void *)run_key_delete; 956 vap->iv_key_set = (void *)run_key_set; 957 958 /* override state transition machine */ 959 rvp->newstate = vap->iv_newstate; 960 vap->iv_newstate = run_newstate; 961 if (opmode == IEEE80211_M_IBSS) { 962 rvp->recv_mgmt = vap->iv_recv_mgmt; 963 vap->iv_recv_mgmt = run_recv_mgmt; 964 } 965 966 ieee80211_ratectl_init(vap); 967 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 968 969 /* complete setup */ 970 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 971 mac); 972 973 /* make sure id is always unique */ 974 for (i = 0; i < RUN_VAP_MAX; i++) { 975 if((sc->rvp_bmap & 1 << i) == 0){ 976 sc->rvp_bmap |= 1 << i; 977 rvp->rvp_id = i; 978 break; 979 } 980 } 981 if (sc->rvp_cnt++ == 0) 982 ic->ic_opmode = opmode; 983 984 if (opmode == IEEE80211_M_HOSTAP) 985 sc->cmdq_run = RUN_CMDQ_GO; 986 987 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 988 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 989 990 return (vap); 991 } 992 993 static void 994 run_vap_delete(struct ieee80211vap *vap) 995 { 996 struct run_vap *rvp = RUN_VAP(vap); 997 struct ieee80211com *ic; 998 struct run_softc *sc; 999 uint8_t rvp_id; 1000 1001 if (vap == NULL) 1002 return; 1003 1004 ic = vap->iv_ic; 1005 sc = ic->ic_softc; 1006 1007 RUN_LOCK(sc); 1008 1009 m_freem(rvp->beacon_mbuf); 1010 rvp->beacon_mbuf = NULL; 1011 1012 rvp_id = rvp->rvp_id; 1013 sc->ratectl_run &= ~(1 << rvp_id); 1014 sc->rvp_bmap &= ~(1 << rvp_id); 1015 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1016 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1017 --sc->rvp_cnt; 1018 1019 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1020 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1021 1022 RUN_UNLOCK(sc); 1023 1024 ieee80211_ratectl_deinit(vap); 1025 ieee80211_vap_detach(vap); 1026 free(rvp, M_80211_VAP); 1027 } 1028 1029 /* 1030 * There are numbers of functions need to be called in context thread. 1031 * Rather than creating taskqueue event for each of those functions, 1032 * here is all-for-one taskqueue callback function. This function 1033 * gurantees deferred functions are executed in the same order they 1034 * were enqueued. 1035 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1036 */ 1037 static void 1038 run_cmdq_cb(void *arg, int pending) 1039 { 1040 struct run_softc *sc = arg; 1041 uint8_t i; 1042 1043 /* call cmdq[].func locked */ 1044 RUN_LOCK(sc); 1045 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1046 i = sc->cmdq_exec, pending--) { 1047 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1048 if (sc->cmdq_run == RUN_CMDQ_GO) { 1049 /* 1050 * If arg0 is NULL, callback func needs more 1051 * than one arg. So, pass ptr to cmdq struct. 1052 */ 1053 if (sc->cmdq[i].arg0) 1054 sc->cmdq[i].func(sc->cmdq[i].arg0); 1055 else 1056 sc->cmdq[i].func(&sc->cmdq[i]); 1057 } 1058 sc->cmdq[i].arg0 = NULL; 1059 sc->cmdq[i].func = NULL; 1060 sc->cmdq_exec++; 1061 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1062 } 1063 RUN_UNLOCK(sc); 1064 } 1065 1066 static void 1067 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1068 { 1069 struct run_tx_data *data; 1070 1071 memset(pq, 0, sizeof(*pq)); 1072 1073 STAILQ_INIT(&pq->tx_qh); 1074 STAILQ_INIT(&pq->tx_fh); 1075 1076 for (data = &pq->tx_data[0]; 1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1078 data->sc = sc; 1079 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1080 } 1081 pq->tx_nfree = RUN_TX_RING_COUNT; 1082 } 1083 1084 static void 1085 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1086 { 1087 struct run_tx_data *data; 1088 1089 /* make sure any subsequent use of the queues will fail */ 1090 pq->tx_nfree = 0; 1091 STAILQ_INIT(&pq->tx_fh); 1092 STAILQ_INIT(&pq->tx_qh); 1093 1094 /* free up all node references and mbufs */ 1095 for (data = &pq->tx_data[0]; 1096 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1097 if (data->m != NULL) { 1098 m_freem(data->m); 1099 data->m = NULL; 1100 } 1101 if (data->ni != NULL) { 1102 ieee80211_free_node(data->ni); 1103 data->ni = NULL; 1104 } 1105 } 1106 } 1107 1108 static int 1109 run_load_microcode(struct run_softc *sc) 1110 { 1111 usb_device_request_t req; 1112 const struct firmware *fw; 1113 const u_char *base; 1114 uint32_t tmp; 1115 int ntries, error; 1116 const uint64_t *temp; 1117 uint64_t bytes; 1118 1119 RUN_UNLOCK(sc); 1120 fw = firmware_get("runfw"); 1121 RUN_LOCK(sc); 1122 if (fw == NULL) { 1123 device_printf(sc->sc_dev, 1124 "failed loadfirmware of file %s\n", "runfw"); 1125 return ENOENT; 1126 } 1127 1128 if (fw->datasize != 8192) { 1129 device_printf(sc->sc_dev, 1130 "invalid firmware size (should be 8KB)\n"); 1131 error = EINVAL; 1132 goto fail; 1133 } 1134 1135 /* 1136 * RT3071/RT3072 use a different firmware 1137 * run-rt2870 (8KB) contains both, 1138 * first half (4KB) is for rt2870, 1139 * last half is for rt3071. 1140 */ 1141 base = fw->data; 1142 if ((sc->mac_ver) != 0x2860 && 1143 (sc->mac_ver) != 0x2872 && 1144 (sc->mac_ver) != 0x3070) { 1145 base += 4096; 1146 } 1147 1148 /* cheap sanity check */ 1149 temp = fw->data; 1150 bytes = *temp; 1151 if (bytes != be64toh(0xffffff0210280210ULL)) { 1152 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1153 error = EINVAL; 1154 goto fail; 1155 } 1156 1157 /* write microcode image */ 1158 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1159 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1160 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1161 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1162 } 1163 1164 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1165 req.bRequest = RT2870_RESET; 1166 USETW(req.wValue, 8); 1167 USETW(req.wIndex, 0); 1168 USETW(req.wLength, 0); 1169 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1170 != 0) { 1171 device_printf(sc->sc_dev, "firmware reset failed\n"); 1172 goto fail; 1173 } 1174 1175 run_delay(sc, 10); 1176 1177 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1178 run_write(sc, RT2860_H2M_MAILBOX, 0); 1179 run_write(sc, RT2860_H2M_INTSRC, 0); 1180 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1181 goto fail; 1182 1183 /* wait until microcontroller is ready */ 1184 for (ntries = 0; ntries < 1000; ntries++) { 1185 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1186 goto fail; 1187 if (tmp & RT2860_MCU_READY) 1188 break; 1189 run_delay(sc, 10); 1190 } 1191 if (ntries == 1000) { 1192 device_printf(sc->sc_dev, 1193 "timeout waiting for MCU to initialize\n"); 1194 error = ETIMEDOUT; 1195 goto fail; 1196 } 1197 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1198 (base == fw->data) ? "RT2870" : "RT3071", 1199 *(base + 4092), *(base + 4093)); 1200 1201 fail: 1202 firmware_put(fw, FIRMWARE_UNLOAD); 1203 return (error); 1204 } 1205 1206 static int 1207 run_reset(struct run_softc *sc) 1208 { 1209 usb_device_request_t req; 1210 1211 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1212 req.bRequest = RT2870_RESET; 1213 USETW(req.wValue, 1); 1214 USETW(req.wIndex, 0); 1215 USETW(req.wLength, 0); 1216 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1217 } 1218 1219 static usb_error_t 1220 run_do_request(struct run_softc *sc, 1221 struct usb_device_request *req, void *data) 1222 { 1223 usb_error_t err; 1224 int ntries = 10; 1225 1226 RUN_LOCK_ASSERT(sc, MA_OWNED); 1227 1228 while (ntries--) { 1229 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1230 req, data, 0, NULL, 250 /* ms */); 1231 if (err == 0) 1232 break; 1233 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1234 usbd_errstr(err)); 1235 run_delay(sc, 10); 1236 } 1237 return (err); 1238 } 1239 1240 static int 1241 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1242 { 1243 uint32_t tmp; 1244 int error; 1245 1246 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1247 if (error == 0) 1248 *val = le32toh(tmp); 1249 else 1250 *val = 0xffffffff; 1251 return (error); 1252 } 1253 1254 static int 1255 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1256 { 1257 usb_device_request_t req; 1258 1259 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1260 req.bRequest = RT2870_READ_REGION_1; 1261 USETW(req.wValue, 0); 1262 USETW(req.wIndex, reg); 1263 USETW(req.wLength, len); 1264 1265 return (run_do_request(sc, &req, buf)); 1266 } 1267 1268 static int 1269 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1270 { 1271 usb_device_request_t req; 1272 1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1274 req.bRequest = RT2870_WRITE_2; 1275 USETW(req.wValue, val); 1276 USETW(req.wIndex, reg); 1277 USETW(req.wLength, 0); 1278 1279 return (run_do_request(sc, &req, NULL)); 1280 } 1281 1282 static int 1283 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1284 { 1285 int error; 1286 1287 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1288 error = run_write_2(sc, reg + 2, val >> 16); 1289 return (error); 1290 } 1291 1292 static int 1293 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1294 int len) 1295 { 1296 #if 1 1297 int i, error = 0; 1298 /* 1299 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1300 * We thus issue multiple WRITE_2 commands instead. 1301 */ 1302 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1303 for (i = 0; i < len && error == 0; i += 2) 1304 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1305 return (error); 1306 #else 1307 usb_device_request_t req; 1308 int error = 0; 1309 1310 /* 1311 * NOTE: It appears the WRITE_REGION_1 command cannot be 1312 * passed a huge amount of data, which will crash the 1313 * firmware. Limit amount of data passed to 64-bytes at a 1314 * time. 1315 */ 1316 while (len > 0) { 1317 int delta = 64; 1318 if (delta > len) 1319 delta = len; 1320 1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1322 req.bRequest = RT2870_WRITE_REGION_1; 1323 USETW(req.wValue, 0); 1324 USETW(req.wIndex, reg); 1325 USETW(req.wLength, delta); 1326 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1327 if (error != 0) 1328 break; 1329 reg += delta; 1330 buf += delta; 1331 len -= delta; 1332 } 1333 return (error); 1334 #endif 1335 } 1336 1337 static int 1338 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1339 { 1340 int i, error = 0; 1341 1342 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1343 for (i = 0; i < len && error == 0; i += 4) 1344 error = run_write(sc, reg + i, val); 1345 return (error); 1346 } 1347 1348 static int 1349 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1350 { 1351 uint32_t tmp; 1352 uint16_t reg; 1353 int error, ntries; 1354 1355 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1356 return (error); 1357 1358 if (count == 2) 1359 addr *= 2; 1360 /*- 1361 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1362 * DATA0: F E D C 1363 * DATA1: B A 9 8 1364 * DATA2: 7 6 5 4 1365 * DATA3: 3 2 1 0 1366 */ 1367 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1368 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1369 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1370 for (ntries = 0; ntries < 100; ntries++) { 1371 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1372 return (error); 1373 if (!(tmp & RT3070_EFSROM_KICK)) 1374 break; 1375 run_delay(sc, 2); 1376 } 1377 if (ntries == 100) 1378 return (ETIMEDOUT); 1379 1380 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1381 *val = 0xffff; /* address not found */ 1382 return (0); 1383 } 1384 /* determine to which 32-bit register our 16-bit word belongs */ 1385 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1386 if ((error = run_read(sc, reg, &tmp)) != 0) 1387 return (error); 1388 1389 tmp >>= (8 * (addr & 0x3)); 1390 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1391 1392 return (0); 1393 } 1394 1395 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1396 static int 1397 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1398 { 1399 return (run_efuse_read(sc, addr, val, 2)); 1400 } 1401 1402 static int 1403 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1404 { 1405 usb_device_request_t req; 1406 uint16_t tmp; 1407 int error; 1408 1409 addr *= 2; 1410 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1411 req.bRequest = RT2870_EEPROM_READ; 1412 USETW(req.wValue, 0); 1413 USETW(req.wIndex, addr); 1414 USETW(req.wLength, sizeof(tmp)); 1415 1416 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1417 if (error == 0) 1418 *val = le16toh(tmp); 1419 else 1420 *val = 0xffff; 1421 return (error); 1422 } 1423 1424 static __inline int 1425 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1426 { 1427 /* either eFUSE ROM or EEPROM */ 1428 return sc->sc_srom_read(sc, addr, val); 1429 } 1430 1431 static int 1432 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1433 { 1434 uint32_t tmp; 1435 int error, ntries; 1436 1437 for (ntries = 0; ntries < 10; ntries++) { 1438 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1439 return (error); 1440 if (!(tmp & RT2860_RF_REG_CTRL)) 1441 break; 1442 } 1443 if (ntries == 10) 1444 return (ETIMEDOUT); 1445 1446 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1447 } 1448 1449 static int 1450 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1451 { 1452 uint32_t tmp; 1453 int error, ntries; 1454 1455 for (ntries = 0; ntries < 100; ntries++) { 1456 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1457 return (error); 1458 if (!(tmp & RT3070_RF_KICK)) 1459 break; 1460 } 1461 if (ntries == 100) 1462 return (ETIMEDOUT); 1463 1464 tmp = RT3070_RF_KICK | reg << 8; 1465 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1466 return (error); 1467 1468 for (ntries = 0; ntries < 100; ntries++) { 1469 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1470 return (error); 1471 if (!(tmp & RT3070_RF_KICK)) 1472 break; 1473 } 1474 if (ntries == 100) 1475 return (ETIMEDOUT); 1476 1477 *val = tmp & 0xff; 1478 return (0); 1479 } 1480 1481 static int 1482 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1483 { 1484 uint32_t tmp; 1485 int error, ntries; 1486 1487 for (ntries = 0; ntries < 10; ntries++) { 1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1489 return (error); 1490 if (!(tmp & RT3070_RF_KICK)) 1491 break; 1492 } 1493 if (ntries == 10) 1494 return (ETIMEDOUT); 1495 1496 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1497 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1498 } 1499 1500 static int 1501 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1502 { 1503 uint32_t tmp; 1504 int ntries, error; 1505 1506 for (ntries = 0; ntries < 10; ntries++) { 1507 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1508 return (error); 1509 if (!(tmp & RT2860_BBP_CSR_KICK)) 1510 break; 1511 } 1512 if (ntries == 10) 1513 return (ETIMEDOUT); 1514 1515 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1516 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1517 return (error); 1518 1519 for (ntries = 0; ntries < 10; ntries++) { 1520 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1521 return (error); 1522 if (!(tmp & RT2860_BBP_CSR_KICK)) 1523 break; 1524 } 1525 if (ntries == 10) 1526 return (ETIMEDOUT); 1527 1528 *val = tmp & 0xff; 1529 return (0); 1530 } 1531 1532 static int 1533 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1534 { 1535 uint32_t tmp; 1536 int ntries, error; 1537 1538 for (ntries = 0; ntries < 10; ntries++) { 1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1540 return (error); 1541 if (!(tmp & RT2860_BBP_CSR_KICK)) 1542 break; 1543 } 1544 if (ntries == 10) 1545 return (ETIMEDOUT); 1546 1547 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1548 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1549 } 1550 1551 /* 1552 * Send a command to the 8051 microcontroller unit. 1553 */ 1554 static int 1555 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1556 { 1557 uint32_t tmp; 1558 int error, ntries; 1559 1560 for (ntries = 0; ntries < 100; ntries++) { 1561 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1562 return error; 1563 if (!(tmp & RT2860_H2M_BUSY)) 1564 break; 1565 } 1566 if (ntries == 100) 1567 return ETIMEDOUT; 1568 1569 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1570 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1571 error = run_write(sc, RT2860_HOST_CMD, cmd); 1572 return (error); 1573 } 1574 1575 /* 1576 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1577 * Used to adjust per-rate Tx power registers. 1578 */ 1579 static __inline uint32_t 1580 b4inc(uint32_t b32, int8_t delta) 1581 { 1582 int8_t i, b4; 1583 1584 for (i = 0; i < 8; i++) { 1585 b4 = b32 & 0xf; 1586 b4 += delta; 1587 if (b4 < 0) 1588 b4 = 0; 1589 else if (b4 > 0xf) 1590 b4 = 0xf; 1591 b32 = b32 >> 4 | b4 << 28; 1592 } 1593 return (b32); 1594 } 1595 1596 static const char * 1597 run_get_rf(uint16_t rev) 1598 { 1599 switch (rev) { 1600 case RT2860_RF_2820: return "RT2820"; 1601 case RT2860_RF_2850: return "RT2850"; 1602 case RT2860_RF_2720: return "RT2720"; 1603 case RT2860_RF_2750: return "RT2750"; 1604 case RT3070_RF_3020: return "RT3020"; 1605 case RT3070_RF_2020: return "RT2020"; 1606 case RT3070_RF_3021: return "RT3021"; 1607 case RT3070_RF_3022: return "RT3022"; 1608 case RT3070_RF_3052: return "RT3052"; 1609 case RT3593_RF_3053: return "RT3053"; 1610 case RT5592_RF_5592: return "RT5592"; 1611 case RT5390_RF_5370: return "RT5370"; 1612 case RT5390_RF_5372: return "RT5372"; 1613 } 1614 return ("unknown"); 1615 } 1616 1617 static void 1618 run_rt3593_get_txpower(struct run_softc *sc) 1619 { 1620 uint16_t addr, val; 1621 int i; 1622 1623 /* Read power settings for 2GHz channels. */ 1624 for (i = 0; i < 14; i += 2) { 1625 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1626 RT2860_EEPROM_PWR2GHZ_BASE1; 1627 run_srom_read(sc, addr + i / 2, &val); 1628 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1629 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1630 1631 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1632 RT2860_EEPROM_PWR2GHZ_BASE2; 1633 run_srom_read(sc, addr + i / 2, &val); 1634 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1635 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1636 1637 if (sc->ntxchains == 3) { 1638 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1639 &val); 1640 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1641 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1642 } 1643 } 1644 /* Fix broken Tx power entries. */ 1645 for (i = 0; i < 14; i++) { 1646 if (sc->txpow1[i] > 31) 1647 sc->txpow1[i] = 5; 1648 if (sc->txpow2[i] > 31) 1649 sc->txpow2[i] = 5; 1650 if (sc->ntxchains == 3) { 1651 if (sc->txpow3[i] > 31) 1652 sc->txpow3[i] = 5; 1653 } 1654 } 1655 /* Read power settings for 5GHz channels. */ 1656 for (i = 0; i < 40; i += 2) { 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1658 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1660 1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1662 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1663 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1664 1665 if (sc->ntxchains == 3) { 1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1667 &val); 1668 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1669 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1670 } 1671 } 1672 } 1673 1674 static void 1675 run_get_txpower(struct run_softc *sc) 1676 { 1677 uint16_t val; 1678 int i; 1679 1680 /* Read power settings for 2GHz channels. */ 1681 for (i = 0; i < 14; i += 2) { 1682 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1683 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1684 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1685 1686 if (sc->mac_ver != 0x5390) { 1687 run_srom_read(sc, 1688 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1689 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1690 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1691 } 1692 } 1693 /* Fix broken Tx power entries. */ 1694 for (i = 0; i < 14; i++) { 1695 if (sc->mac_ver >= 0x5390) { 1696 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1697 sc->txpow1[i] = 5; 1698 } else { 1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1700 sc->txpow1[i] = 5; 1701 } 1702 if (sc->mac_ver > 0x5390) { 1703 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1704 sc->txpow2[i] = 5; 1705 } else if (sc->mac_ver < 0x5390) { 1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1707 sc->txpow2[i] = 5; 1708 } 1709 DPRINTF("chan %d: power1=%d, power2=%d\n", 1710 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1711 } 1712 /* Read power settings for 5GHz channels. */ 1713 for (i = 0; i < 40; i += 2) { 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1715 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1717 1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1719 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1720 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1721 } 1722 /* Fix broken Tx power entries. */ 1723 for (i = 0; i < 40; i++ ) { 1724 if (sc->mac_ver != 0x5592) { 1725 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1726 sc->txpow1[14 + i] = 5; 1727 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1728 sc->txpow2[14 + i] = 5; 1729 } 1730 DPRINTF("chan %d: power1=%d, power2=%d\n", 1731 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1732 sc->txpow2[14 + i]); 1733 } 1734 } 1735 1736 static int 1737 run_read_eeprom(struct run_softc *sc) 1738 { 1739 struct ieee80211com *ic = &sc->sc_ic; 1740 int8_t delta_2ghz, delta_5ghz; 1741 uint32_t tmp; 1742 uint16_t val; 1743 int ridx, ant, i; 1744 1745 /* check whether the ROM is eFUSE ROM or EEPROM */ 1746 sc->sc_srom_read = run_eeprom_read_2; 1747 if (sc->mac_ver >= 0x3070) { 1748 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1749 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1750 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1751 sc->sc_srom_read = run_efuse_read_2; 1752 } 1753 1754 /* read ROM version */ 1755 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1756 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1757 1758 /* read MAC address */ 1759 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1760 ic->ic_macaddr[0] = val & 0xff; 1761 ic->ic_macaddr[1] = val >> 8; 1762 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1763 ic->ic_macaddr[2] = val & 0xff; 1764 ic->ic_macaddr[3] = val >> 8; 1765 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1766 ic->ic_macaddr[4] = val & 0xff; 1767 ic->ic_macaddr[5] = val >> 8; 1768 1769 if (sc->mac_ver < 0x3593) { 1770 /* read vender BBP settings */ 1771 for (i = 0; i < 10; i++) { 1772 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1773 sc->bbp[i].val = val & 0xff; 1774 sc->bbp[i].reg = val >> 8; 1775 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1776 sc->bbp[i].val); 1777 } 1778 if (sc->mac_ver >= 0x3071) { 1779 /* read vendor RF settings */ 1780 for (i = 0; i < 10; i++) { 1781 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1782 &val); 1783 sc->rf[i].val = val & 0xff; 1784 sc->rf[i].reg = val >> 8; 1785 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1786 sc->rf[i].val); 1787 } 1788 } 1789 } 1790 1791 /* read RF frequency offset from EEPROM */ 1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1793 RT3593_EEPROM_FREQ, &val); 1794 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1795 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1796 1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1798 RT3593_EEPROM_FREQ_LEDS, &val); 1799 if (val >> 8 != 0xff) { 1800 /* read LEDs operating mode */ 1801 sc->leds = val >> 8; 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1803 RT3593_EEPROM_LED1, &sc->led[0]); 1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1805 RT3593_EEPROM_LED2, &sc->led[1]); 1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1807 RT3593_EEPROM_LED3, &sc->led[2]); 1808 } else { 1809 /* broken EEPROM, use default settings */ 1810 sc->leds = 0x01; 1811 sc->led[0] = 0x5555; 1812 sc->led[1] = 0x2221; 1813 sc->led[2] = 0x5627; /* differs from RT2860 */ 1814 } 1815 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1816 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1817 1818 /* read RF information */ 1819 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1820 run_srom_read(sc, 0x00, &val); 1821 else 1822 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1823 1824 if (val == 0xffff) { 1825 device_printf(sc->sc_dev, 1826 "invalid EEPROM antenna info, using default\n"); 1827 DPRINTF("invalid EEPROM antenna info, using default\n"); 1828 if (sc->mac_ver == 0x3572) { 1829 /* default to RF3052 2T2R */ 1830 sc->rf_rev = RT3070_RF_3052; 1831 sc->ntxchains = 2; 1832 sc->nrxchains = 2; 1833 } else if (sc->mac_ver >= 0x3070) { 1834 /* default to RF3020 1T1R */ 1835 sc->rf_rev = RT3070_RF_3020; 1836 sc->ntxchains = 1; 1837 sc->nrxchains = 1; 1838 } else { 1839 /* default to RF2820 1T2R */ 1840 sc->rf_rev = RT2860_RF_2820; 1841 sc->ntxchains = 1; 1842 sc->nrxchains = 2; 1843 } 1844 } else { 1845 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1846 sc->rf_rev = val; 1847 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1848 } else 1849 sc->rf_rev = (val >> 8) & 0xf; 1850 sc->ntxchains = (val >> 4) & 0xf; 1851 sc->nrxchains = val & 0xf; 1852 } 1853 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1854 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1855 1856 /* check if RF supports automatic Tx access gain control */ 1857 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1858 DPRINTF("EEPROM CFG 0x%04x\n", val); 1859 /* check if driver should patch the DAC issue */ 1860 if ((val >> 8) != 0xff) 1861 sc->patch_dac = (val >> 15) & 1; 1862 if ((val & 0xff) != 0xff) { 1863 sc->ext_5ghz_lna = (val >> 3) & 1; 1864 sc->ext_2ghz_lna = (val >> 2) & 1; 1865 /* check if RF supports automatic Tx access gain control */ 1866 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1867 /* check if we have a hardware radio switch */ 1868 sc->rfswitch = val & 1; 1869 } 1870 1871 /* Read Tx power settings. */ 1872 if (sc->mac_ver == 0x3593) 1873 run_rt3593_get_txpower(sc); 1874 else 1875 run_get_txpower(sc); 1876 1877 /* read Tx power compensation for each Tx rate */ 1878 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1879 delta_2ghz = delta_5ghz = 0; 1880 if ((val & 0xff) != 0xff && (val & 0x80)) { 1881 delta_2ghz = val & 0xf; 1882 if (!(val & 0x40)) /* negative number */ 1883 delta_2ghz = -delta_2ghz; 1884 } 1885 val >>= 8; 1886 if ((val & 0xff) != 0xff && (val & 0x80)) { 1887 delta_5ghz = val & 0xf; 1888 if (!(val & 0x40)) /* negative number */ 1889 delta_5ghz = -delta_5ghz; 1890 } 1891 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1892 delta_2ghz, delta_5ghz); 1893 1894 for (ridx = 0; ridx < 5; ridx++) { 1895 uint32_t reg; 1896 1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1898 reg = val; 1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1900 reg |= (uint32_t)val << 16; 1901 1902 sc->txpow20mhz[ridx] = reg; 1903 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1904 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1905 1906 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1907 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1908 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1909 } 1910 1911 /* Read RSSI offsets and LNA gains from EEPROM. */ 1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1913 RT3593_EEPROM_RSSI1_2GHZ, &val); 1914 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1915 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1917 RT3593_EEPROM_RSSI2_2GHZ, &val); 1918 if (sc->mac_ver >= 0x3070) { 1919 if (sc->mac_ver == 0x3593) { 1920 sc->txmixgain_2ghz = 0; 1921 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1922 } else { 1923 /* 1924 * On RT3070 chips (limited to 2 Rx chains), this ROM 1925 * field contains the Tx mixer gain for the 2GHz band. 1926 */ 1927 if ((val & 0xff) != 0xff) 1928 sc->txmixgain_2ghz = val & 0x7; 1929 } 1930 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1931 } else 1932 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1933 if (sc->mac_ver == 0x3593) 1934 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1935 sc->lna[2] = val >> 8; /* channel group 2 */ 1936 1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1938 RT3593_EEPROM_RSSI1_5GHZ, &val); 1939 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1940 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1942 RT3593_EEPROM_RSSI2_5GHZ, &val); 1943 if (sc->mac_ver == 0x3572) { 1944 /* 1945 * On RT3572 chips (limited to 2 Rx chains), this ROM 1946 * field contains the Tx mixer gain for the 5GHz band. 1947 */ 1948 if ((val & 0xff) != 0xff) 1949 sc->txmixgain_5ghz = val & 0x7; 1950 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1951 } else 1952 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1953 if (sc->mac_ver == 0x3593) { 1954 sc->txmixgain_5ghz = 0; 1955 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1956 } 1957 sc->lna[3] = val >> 8; /* channel group 3 */ 1958 1959 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1960 RT3593_EEPROM_LNA, &val); 1961 sc->lna[0] = val & 0xff; /* channel group 0 */ 1962 sc->lna[1] = val >> 8; /* channel group 1 */ 1963 1964 /* fix broken 5GHz LNA entries */ 1965 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1966 DPRINTF("invalid LNA for channel group %d\n", 2); 1967 sc->lna[2] = sc->lna[1]; 1968 } 1969 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1970 DPRINTF("invalid LNA for channel group %d\n", 3); 1971 sc->lna[3] = sc->lna[1]; 1972 } 1973 1974 /* fix broken RSSI offset entries */ 1975 for (ant = 0; ant < 3; ant++) { 1976 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1977 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1978 ant + 1, sc->rssi_2ghz[ant]); 1979 sc->rssi_2ghz[ant] = 0; 1980 } 1981 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1982 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1983 ant + 1, sc->rssi_5ghz[ant]); 1984 sc->rssi_5ghz[ant] = 0; 1985 } 1986 } 1987 return (0); 1988 } 1989 1990 static struct ieee80211_node * 1991 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1992 { 1993 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1994 } 1995 1996 static int 1997 run_media_change(struct ifnet *ifp) 1998 { 1999 struct ieee80211vap *vap = ifp->if_softc; 2000 struct ieee80211com *ic = vap->iv_ic; 2001 const struct ieee80211_txparam *tp; 2002 struct run_softc *sc = ic->ic_softc; 2003 uint8_t rate, ridx; 2004 int error; 2005 2006 RUN_LOCK(sc); 2007 2008 error = ieee80211_media_change(ifp); 2009 if (error != ENETRESET) { 2010 RUN_UNLOCK(sc); 2011 return (error); 2012 } 2013 2014 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2015 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2016 struct ieee80211_node *ni; 2017 struct run_node *rn; 2018 2019 rate = ic->ic_sup_rates[ic->ic_curmode]. 2020 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2021 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2022 if (rt2860_rates[ridx].rate == rate) 2023 break; 2024 ni = ieee80211_ref_node(vap->iv_bss); 2025 rn = RUN_NODE(ni); 2026 rn->fix_ridx = ridx; 2027 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2028 ieee80211_free_node(ni); 2029 } 2030 2031 #if 0 2032 if ((ifp->if_flags & IFF_UP) && 2033 (ifp->if_drv_flags & RUN_RUNNING)){ 2034 run_init_locked(sc); 2035 } 2036 #endif 2037 2038 RUN_UNLOCK(sc); 2039 2040 return (0); 2041 } 2042 2043 static int 2044 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2045 { 2046 const struct ieee80211_txparam *tp; 2047 struct ieee80211com *ic = vap->iv_ic; 2048 struct run_softc *sc = ic->ic_softc; 2049 struct run_vap *rvp = RUN_VAP(vap); 2050 enum ieee80211_state ostate; 2051 uint32_t sta[3]; 2052 uint32_t tmp; 2053 uint8_t ratectl; 2054 uint8_t restart_ratectl = 0; 2055 uint8_t bid = 1 << rvp->rvp_id; 2056 2057 ostate = vap->iv_state; 2058 DPRINTF("%s -> %s\n", 2059 ieee80211_state_name[ostate], 2060 ieee80211_state_name[nstate]); 2061 2062 IEEE80211_UNLOCK(ic); 2063 RUN_LOCK(sc); 2064 2065 ratectl = sc->ratectl_run; /* remember current state */ 2066 sc->ratectl_run = RUN_RATECTL_OFF; 2067 usb_callout_stop(&sc->ratectl_ch); 2068 2069 if (ostate == IEEE80211_S_RUN) { 2070 /* turn link LED off */ 2071 run_set_leds(sc, RT2860_LED_RADIO); 2072 } 2073 2074 switch (nstate) { 2075 case IEEE80211_S_INIT: 2076 restart_ratectl = 1; 2077 2078 if (ostate != IEEE80211_S_RUN) 2079 break; 2080 2081 ratectl &= ~bid; 2082 sc->runbmap &= ~bid; 2083 2084 /* abort TSF synchronization if there is no vap running */ 2085 if (--sc->running == 0) { 2086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2087 run_write(sc, RT2860_BCN_TIME_CFG, 2088 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2089 RT2860_TBTT_TIMER_EN)); 2090 } 2091 break; 2092 2093 case IEEE80211_S_RUN: 2094 if (!(sc->runbmap & bid)) { 2095 if(sc->running++) 2096 restart_ratectl = 1; 2097 sc->runbmap |= bid; 2098 } 2099 2100 m_freem(rvp->beacon_mbuf); 2101 rvp->beacon_mbuf = NULL; 2102 2103 switch (vap->iv_opmode) { 2104 case IEEE80211_M_HOSTAP: 2105 case IEEE80211_M_MBSS: 2106 sc->ap_running |= bid; 2107 ic->ic_opmode = vap->iv_opmode; 2108 run_update_beacon_cb(vap); 2109 break; 2110 case IEEE80211_M_IBSS: 2111 sc->adhoc_running |= bid; 2112 if (!sc->ap_running) 2113 ic->ic_opmode = vap->iv_opmode; 2114 run_update_beacon_cb(vap); 2115 break; 2116 case IEEE80211_M_STA: 2117 sc->sta_running |= bid; 2118 if (!sc->ap_running && !sc->adhoc_running) 2119 ic->ic_opmode = vap->iv_opmode; 2120 2121 /* read statistic counters (clear on read) */ 2122 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2123 (uint8_t *)sta, sizeof sta); 2124 2125 break; 2126 default: 2127 ic->ic_opmode = vap->iv_opmode; 2128 break; 2129 } 2130 2131 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2132 struct ieee80211_node *ni; 2133 2134 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2135 RUN_UNLOCK(sc); 2136 IEEE80211_LOCK(ic); 2137 return (-1); 2138 } 2139 run_updateslot(ic); 2140 run_enable_mrr(sc); 2141 run_set_txpreamble(sc); 2142 run_set_basicrates(sc); 2143 ni = ieee80211_ref_node(vap->iv_bss); 2144 IEEE80211_ADDR_COPY(ic->ic_macaddr, ni->ni_bssid); 2145 run_set_bssid(sc, ni->ni_bssid); 2146 ieee80211_free_node(ni); 2147 run_enable_tsf_sync(sc); 2148 2149 /* enable automatic rate adaptation */ 2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2152 ratectl |= bid; 2153 } else 2154 run_enable_tsf(sc); 2155 2156 /* turn link LED on */ 2157 run_set_leds(sc, RT2860_LED_RADIO | 2158 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2159 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2160 2161 break; 2162 default: 2163 DPRINTFN(6, "undefined case\n"); 2164 break; 2165 } 2166 2167 /* restart amrr for running VAPs */ 2168 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2169 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2170 2171 RUN_UNLOCK(sc); 2172 IEEE80211_LOCK(ic); 2173 2174 return(rvp->newstate(vap, nstate, arg)); 2175 } 2176 2177 /* ARGSUSED */ 2178 static void 2179 run_wme_update_cb(void *arg) 2180 { 2181 struct ieee80211com *ic = arg; 2182 struct run_softc *sc = ic->ic_softc; 2183 const struct wmeParams *ac = 2184 ic->ic_wme.wme_chanParams.cap_wmeParams; 2185 int aci, error = 0; 2186 2187 RUN_LOCK_ASSERT(sc, MA_OWNED); 2188 2189 /* update MAC TX configuration registers */ 2190 for (aci = 0; aci < WME_NUM_AC; aci++) { 2191 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2192 ac[aci].wmep_logcwmax << 16 | 2193 ac[aci].wmep_logcwmin << 12 | 2194 ac[aci].wmep_aifsn << 8 | 2195 ac[aci].wmep_txopLimit); 2196 if (error) goto err; 2197 } 2198 2199 /* update SCH/DMA registers too */ 2200 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2201 ac[WME_AC_VO].wmep_aifsn << 12 | 2202 ac[WME_AC_VI].wmep_aifsn << 8 | 2203 ac[WME_AC_BK].wmep_aifsn << 4 | 2204 ac[WME_AC_BE].wmep_aifsn); 2205 if (error) goto err; 2206 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2207 ac[WME_AC_VO].wmep_logcwmin << 12 | 2208 ac[WME_AC_VI].wmep_logcwmin << 8 | 2209 ac[WME_AC_BK].wmep_logcwmin << 4 | 2210 ac[WME_AC_BE].wmep_logcwmin); 2211 if (error) goto err; 2212 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2213 ac[WME_AC_VO].wmep_logcwmax << 12 | 2214 ac[WME_AC_VI].wmep_logcwmax << 8 | 2215 ac[WME_AC_BK].wmep_logcwmax << 4 | 2216 ac[WME_AC_BE].wmep_logcwmax); 2217 if (error) goto err; 2218 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2219 ac[WME_AC_BK].wmep_txopLimit << 16 | 2220 ac[WME_AC_BE].wmep_txopLimit); 2221 if (error) goto err; 2222 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2223 ac[WME_AC_VO].wmep_txopLimit << 16 | 2224 ac[WME_AC_VI].wmep_txopLimit); 2225 2226 err: 2227 if (error) 2228 DPRINTF("WME update failed\n"); 2229 2230 return; 2231 } 2232 2233 static int 2234 run_wme_update(struct ieee80211com *ic) 2235 { 2236 struct run_softc *sc = ic->ic_softc; 2237 2238 /* sometime called wothout lock */ 2239 if (mtx_owned(&ic->ic_comlock.mtx)) { 2240 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2241 DPRINTF("cmdq_store=%d\n", i); 2242 sc->cmdq[i].func = run_wme_update_cb; 2243 sc->cmdq[i].arg0 = ic; 2244 ieee80211_runtask(ic, &sc->cmdq_task); 2245 return (0); 2246 } 2247 2248 RUN_LOCK(sc); 2249 run_wme_update_cb(ic); 2250 RUN_UNLOCK(sc); 2251 2252 /* return whatever, upper layer doesn't care anyway */ 2253 return (0); 2254 } 2255 2256 static void 2257 run_key_set_cb(void *arg) 2258 { 2259 struct run_cmdq *cmdq = arg; 2260 struct ieee80211vap *vap = cmdq->arg1; 2261 struct ieee80211_key *k = cmdq->k; 2262 struct ieee80211com *ic = vap->iv_ic; 2263 struct run_softc *sc = ic->ic_softc; 2264 struct ieee80211_node *ni; 2265 u_int cipher = k->wk_cipher->ic_cipher; 2266 uint32_t attr; 2267 uint16_t base, associd; 2268 uint8_t mode, wcid, iv[8]; 2269 2270 RUN_LOCK_ASSERT(sc, MA_OWNED); 2271 2272 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2273 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2274 else 2275 ni = vap->iv_bss; 2276 associd = (ni != NULL) ? ni->ni_associd : 0; 2277 2278 /* map net80211 cipher to RT2860 security mode */ 2279 switch (cipher) { 2280 case IEEE80211_CIPHER_WEP: 2281 if(k->wk_keylen < 8) 2282 mode = RT2860_MODE_WEP40; 2283 else 2284 mode = RT2860_MODE_WEP104; 2285 break; 2286 case IEEE80211_CIPHER_TKIP: 2287 mode = RT2860_MODE_TKIP; 2288 break; 2289 case IEEE80211_CIPHER_AES_CCM: 2290 mode = RT2860_MODE_AES_CCMP; 2291 break; 2292 default: 2293 DPRINTF("undefined case\n"); 2294 return; 2295 } 2296 2297 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2298 associd, k->wk_keyix, mode, 2299 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2300 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2301 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2302 2303 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2304 wcid = 0; /* NB: update WCID0 for group keys */ 2305 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2306 } else { 2307 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2308 1 : RUN_AID2WCID(associd); 2309 base = RT2860_PKEY(wcid); 2310 } 2311 2312 if (cipher == IEEE80211_CIPHER_TKIP) { 2313 if(run_write_region_1(sc, base, k->wk_key, 16)) 2314 return; 2315 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2316 return; 2317 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2318 return; 2319 } else { 2320 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2321 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2322 return; 2323 } 2324 2325 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2326 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2327 /* set initial packet number in IV+EIV */ 2328 if (cipher == IEEE80211_CIPHER_WEP) { 2329 memset(iv, 0, sizeof iv); 2330 iv[3] = vap->iv_def_txkey << 6; 2331 } else { 2332 if (cipher == IEEE80211_CIPHER_TKIP) { 2333 iv[0] = k->wk_keytsc >> 8; 2334 iv[1] = (iv[0] | 0x20) & 0x7f; 2335 iv[2] = k->wk_keytsc; 2336 } else /* CCMP */ { 2337 iv[0] = k->wk_keytsc; 2338 iv[1] = k->wk_keytsc >> 8; 2339 iv[2] = 0; 2340 } 2341 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2342 iv[4] = k->wk_keytsc >> 16; 2343 iv[5] = k->wk_keytsc >> 24; 2344 iv[6] = k->wk_keytsc >> 32; 2345 iv[7] = k->wk_keytsc >> 40; 2346 } 2347 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2348 return; 2349 } 2350 2351 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2352 /* install group key */ 2353 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2354 return; 2355 attr &= ~(0xf << (k->wk_keyix * 4)); 2356 attr |= mode << (k->wk_keyix * 4); 2357 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2358 return; 2359 } else { 2360 /* install pairwise key */ 2361 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2362 return; 2363 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2364 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2365 return; 2366 } 2367 2368 /* TODO create a pass-thru key entry? */ 2369 2370 /* need wcid to delete the right key later */ 2371 k->wk_pad = wcid; 2372 } 2373 2374 /* 2375 * Don't have to be deferred, but in order to keep order of 2376 * execution, i.e. with run_key_delete(), defer this and let 2377 * run_cmdq_cb() maintain the order. 2378 * 2379 * return 0 on error 2380 */ 2381 static int 2382 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2383 { 2384 struct ieee80211com *ic = vap->iv_ic; 2385 struct run_softc *sc = ic->ic_softc; 2386 uint32_t i; 2387 2388 i = RUN_CMDQ_GET(&sc->cmdq_store); 2389 DPRINTF("cmdq_store=%d\n", i); 2390 sc->cmdq[i].func = run_key_set_cb; 2391 sc->cmdq[i].arg0 = NULL; 2392 sc->cmdq[i].arg1 = vap; 2393 sc->cmdq[i].k = k; 2394 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2395 ieee80211_runtask(ic, &sc->cmdq_task); 2396 2397 /* 2398 * To make sure key will be set when hostapd 2399 * calls iv_key_set() before if_init(). 2400 */ 2401 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2402 RUN_LOCK(sc); 2403 sc->cmdq_key_set = RUN_CMDQ_GO; 2404 RUN_UNLOCK(sc); 2405 } 2406 2407 return (1); 2408 } 2409 2410 /* 2411 * If wlan is destroyed without being brought down i.e. without 2412 * wlan down or wpa_cli terminate, this function is called after 2413 * vap is gone. Don't refer it. 2414 */ 2415 static void 2416 run_key_delete_cb(void *arg) 2417 { 2418 struct run_cmdq *cmdq = arg; 2419 struct run_softc *sc = cmdq->arg1; 2420 struct ieee80211_key *k = &cmdq->key; 2421 uint32_t attr; 2422 uint8_t wcid; 2423 2424 RUN_LOCK_ASSERT(sc, MA_OWNED); 2425 2426 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2427 /* remove group key */ 2428 DPRINTF("removing group key\n"); 2429 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2430 attr &= ~(0xf << (k->wk_keyix * 4)); 2431 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2432 } else { 2433 /* remove pairwise key */ 2434 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2435 /* matching wcid was written to wk_pad in run_key_set() */ 2436 wcid = k->wk_pad; 2437 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2438 attr &= ~0xf; 2439 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2440 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2441 } 2442 2443 k->wk_pad = 0; 2444 } 2445 2446 /* 2447 * return 0 on error 2448 */ 2449 static int 2450 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2451 { 2452 struct ieee80211com *ic = vap->iv_ic; 2453 struct run_softc *sc = ic->ic_softc; 2454 struct ieee80211_key *k0; 2455 uint32_t i; 2456 2457 /* 2458 * When called back, key might be gone. So, make a copy 2459 * of some values need to delete keys before deferring. 2460 * But, because of LOR with node lock, cannot use lock here. 2461 * So, use atomic instead. 2462 */ 2463 i = RUN_CMDQ_GET(&sc->cmdq_store); 2464 DPRINTF("cmdq_store=%d\n", i); 2465 sc->cmdq[i].func = run_key_delete_cb; 2466 sc->cmdq[i].arg0 = NULL; 2467 sc->cmdq[i].arg1 = sc; 2468 k0 = &sc->cmdq[i].key; 2469 k0->wk_flags = k->wk_flags; 2470 k0->wk_keyix = k->wk_keyix; 2471 /* matching wcid was written to wk_pad in run_key_set() */ 2472 k0->wk_pad = k->wk_pad; 2473 ieee80211_runtask(ic, &sc->cmdq_task); 2474 return (1); /* return fake success */ 2475 2476 } 2477 2478 static void 2479 run_ratectl_to(void *arg) 2480 { 2481 struct run_softc *sc = arg; 2482 2483 /* do it in a process context, so it can go sleep */ 2484 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2485 /* next timeout will be rescheduled in the callback task */ 2486 } 2487 2488 /* ARGSUSED */ 2489 static void 2490 run_ratectl_cb(void *arg, int pending) 2491 { 2492 struct run_softc *sc = arg; 2493 struct ieee80211com *ic = &sc->sc_ic; 2494 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2495 2496 if (vap == NULL) 2497 return; 2498 2499 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2500 /* 2501 * run_reset_livelock() doesn't do anything with AMRR, 2502 * but Ralink wants us to call it every 1 sec. So, we 2503 * piggyback here rather than creating another callout. 2504 * Livelock may occur only in HOSTAP or IBSS mode 2505 * (when h/w is sending beacons). 2506 */ 2507 RUN_LOCK(sc); 2508 run_reset_livelock(sc); 2509 /* just in case, there are some stats to drain */ 2510 run_drain_fifo(sc); 2511 RUN_UNLOCK(sc); 2512 } 2513 2514 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2515 2516 RUN_LOCK(sc); 2517 if(sc->ratectl_run != RUN_RATECTL_OFF) 2518 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2519 RUN_UNLOCK(sc); 2520 } 2521 2522 static void 2523 run_drain_fifo(void *arg) 2524 { 2525 struct run_softc *sc = arg; 2526 uint32_t stat; 2527 uint16_t (*wstat)[3]; 2528 uint8_t wcid, mcs, pid; 2529 int8_t retry; 2530 2531 RUN_LOCK_ASSERT(sc, MA_OWNED); 2532 2533 for (;;) { 2534 /* drain Tx status FIFO (maxsize = 16) */ 2535 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2536 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2537 if (!(stat & RT2860_TXQ_VLD)) 2538 break; 2539 2540 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2541 2542 /* if no ACK was requested, no feedback is available */ 2543 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2544 wcid == 0) 2545 continue; 2546 2547 /* 2548 * Even though each stat is Tx-complete-status like format, 2549 * the device can poll stats. Because there is no guarantee 2550 * that the referring node is still around when read the stats. 2551 * So that, if we use ieee80211_ratectl_tx_update(), we will 2552 * have hard time not to refer already freed node. 2553 * 2554 * To eliminate such page faults, we poll stats in softc. 2555 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2556 */ 2557 wstat = &(sc->wcid_stats[wcid]); 2558 (*wstat)[RUN_TXCNT]++; 2559 if (stat & RT2860_TXQ_OK) 2560 (*wstat)[RUN_SUCCESS]++; 2561 else 2562 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2563 /* 2564 * Check if there were retries, ie if the Tx success rate is 2565 * different from the requested rate. Note that it works only 2566 * because we do not allow rate fallback from OFDM to CCK. 2567 */ 2568 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2569 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2570 if ((retry = pid -1 - mcs) > 0) { 2571 (*wstat)[RUN_TXCNT] += retry; 2572 (*wstat)[RUN_RETRY] += retry; 2573 } 2574 } 2575 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2576 2577 sc->fifo_cnt = 0; 2578 } 2579 2580 static void 2581 run_iter_func(void *arg, struct ieee80211_node *ni) 2582 { 2583 struct run_softc *sc = arg; 2584 struct ieee80211vap *vap = ni->ni_vap; 2585 struct run_node *rn = RUN_NODE(ni); 2586 union run_stats sta[2]; 2587 uint16_t (*wstat)[3]; 2588 int txcnt, success, retrycnt, error; 2589 2590 RUN_LOCK(sc); 2591 2592 /* Check for special case */ 2593 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2594 ni != vap->iv_bss) 2595 goto fail; 2596 2597 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2598 vap->iv_opmode == IEEE80211_M_STA)) { 2599 /* read statistic counters (clear on read) and update AMRR state */ 2600 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2601 sizeof sta); 2602 if (error != 0) 2603 goto fail; 2604 2605 /* count failed TX as errors */ 2606 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2607 le16toh(sta[0].error.fail)); 2608 2609 retrycnt = le16toh(sta[1].tx.retry); 2610 success = le16toh(sta[1].tx.success); 2611 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2612 2613 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2614 retrycnt, success, le16toh(sta[0].error.fail)); 2615 } else { 2616 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2617 2618 if (wstat == &(sc->wcid_stats[0]) || 2619 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2620 goto fail; 2621 2622 txcnt = (*wstat)[RUN_TXCNT]; 2623 success = (*wstat)[RUN_SUCCESS]; 2624 retrycnt = (*wstat)[RUN_RETRY]; 2625 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2626 retrycnt, txcnt, success); 2627 2628 memset(wstat, 0, sizeof(*wstat)); 2629 } 2630 2631 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2632 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2633 2634 fail: 2635 RUN_UNLOCK(sc); 2636 2637 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2638 } 2639 2640 static void 2641 run_newassoc_cb(void *arg) 2642 { 2643 struct run_cmdq *cmdq = arg; 2644 struct ieee80211_node *ni = cmdq->arg1; 2645 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2646 uint8_t wcid = cmdq->wcid; 2647 2648 RUN_LOCK_ASSERT(sc, MA_OWNED); 2649 2650 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2651 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2652 2653 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2654 } 2655 2656 static void 2657 run_newassoc(struct ieee80211_node *ni, int isnew) 2658 { 2659 struct run_node *rn = RUN_NODE(ni); 2660 struct ieee80211_rateset *rs = &ni->ni_rates; 2661 struct ieee80211vap *vap = ni->ni_vap; 2662 struct ieee80211com *ic = vap->iv_ic; 2663 struct run_softc *sc = ic->ic_softc; 2664 uint8_t rate; 2665 uint8_t ridx; 2666 uint8_t wcid; 2667 int i, j; 2668 2669 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2670 1 : RUN_AID2WCID(ni->ni_associd); 2671 2672 if (wcid > RT2870_WCID_MAX) { 2673 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2674 return; 2675 } 2676 2677 /* only interested in true associations */ 2678 if (isnew && ni->ni_associd != 0) { 2679 2680 /* 2681 * This function could is called though timeout function. 2682 * Need to defer. 2683 */ 2684 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2685 DPRINTF("cmdq_store=%d\n", cnt); 2686 sc->cmdq[cnt].func = run_newassoc_cb; 2687 sc->cmdq[cnt].arg0 = NULL; 2688 sc->cmdq[cnt].arg1 = ni; 2689 sc->cmdq[cnt].wcid = wcid; 2690 ieee80211_runtask(ic, &sc->cmdq_task); 2691 } 2692 2693 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2694 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2695 2696 for (i = 0; i < rs->rs_nrates; i++) { 2697 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2698 /* convert 802.11 rate to hardware rate index */ 2699 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2700 if (rt2860_rates[ridx].rate == rate) 2701 break; 2702 rn->ridx[i] = ridx; 2703 /* determine rate of control response frames */ 2704 for (j = i; j >= 0; j--) { 2705 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2706 rt2860_rates[rn->ridx[i]].phy == 2707 rt2860_rates[rn->ridx[j]].phy) 2708 break; 2709 } 2710 if (j >= 0) { 2711 rn->ctl_ridx[i] = rn->ridx[j]; 2712 } else { 2713 /* no basic rate found, use mandatory one */ 2714 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2715 } 2716 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2717 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2718 } 2719 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2720 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2721 if (rt2860_rates[ridx].rate == rate) 2722 break; 2723 rn->mgt_ridx = ridx; 2724 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2725 2726 RUN_LOCK(sc); 2727 if(sc->ratectl_run != RUN_RATECTL_OFF) 2728 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2729 RUN_UNLOCK(sc); 2730 } 2731 2732 /* 2733 * Return the Rx chain with the highest RSSI for a given frame. 2734 */ 2735 static __inline uint8_t 2736 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2737 { 2738 uint8_t rxchain = 0; 2739 2740 if (sc->nrxchains > 1) { 2741 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2742 rxchain = 1; 2743 if (sc->nrxchains > 2) 2744 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2745 rxchain = 2; 2746 } 2747 return (rxchain); 2748 } 2749 2750 static void 2751 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2752 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2753 { 2754 struct ieee80211vap *vap = ni->ni_vap; 2755 struct run_softc *sc = vap->iv_ic->ic_softc; 2756 struct run_vap *rvp = RUN_VAP(vap); 2757 uint64_t ni_tstamp, rx_tstamp; 2758 2759 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2760 2761 if (vap->iv_state == IEEE80211_S_RUN && 2762 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2763 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2764 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2765 RUN_LOCK(sc); 2766 run_get_tsf(sc, &rx_tstamp); 2767 RUN_UNLOCK(sc); 2768 rx_tstamp = le64toh(rx_tstamp); 2769 2770 if (ni_tstamp >= rx_tstamp) { 2771 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2772 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2773 (void) ieee80211_ibss_merge(ni); 2774 } 2775 } 2776 } 2777 2778 static void 2779 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2780 { 2781 struct ieee80211com *ic = &sc->sc_ic; 2782 struct ieee80211_frame *wh; 2783 struct ieee80211_node *ni; 2784 struct rt2870_rxd *rxd; 2785 struct rt2860_rxwi *rxwi; 2786 uint32_t flags; 2787 uint16_t len, rxwisize; 2788 uint8_t ant, rssi; 2789 int8_t nf; 2790 2791 rxwi = mtod(m, struct rt2860_rxwi *); 2792 len = le16toh(rxwi->len) & 0xfff; 2793 rxwisize = sizeof(struct rt2860_rxwi); 2794 if (sc->mac_ver == 0x5592) 2795 rxwisize += sizeof(uint64_t); 2796 else if (sc->mac_ver == 0x3593) 2797 rxwisize += sizeof(uint32_t); 2798 if (__predict_false(len > dmalen)) { 2799 m_freem(m); 2800 counter_u64_add(ic->ic_ierrors, 1); 2801 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2802 return; 2803 } 2804 /* Rx descriptor is located at the end */ 2805 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2806 flags = le32toh(rxd->flags); 2807 2808 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2809 m_freem(m); 2810 counter_u64_add(ic->ic_ierrors, 1); 2811 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2812 return; 2813 } 2814 2815 m->m_data += rxwisize; 2816 m->m_pkthdr.len = m->m_len -= rxwisize; 2817 2818 wh = mtod(m, struct ieee80211_frame *); 2819 2820 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2821 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2822 m->m_flags |= M_WEP; 2823 } 2824 2825 if (flags & RT2860_RX_L2PAD) { 2826 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2827 len += 2; 2828 } 2829 2830 ni = ieee80211_find_rxnode(ic, 2831 mtod(m, struct ieee80211_frame_min *)); 2832 2833 if (__predict_false(flags & RT2860_RX_MICERR)) { 2834 /* report MIC failures to net80211 for TKIP */ 2835 if (ni != NULL) 2836 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2837 rxwi->keyidx); 2838 m_freem(m); 2839 counter_u64_add(ic->ic_ierrors, 1); 2840 DPRINTF("MIC error. Someone is lying.\n"); 2841 return; 2842 } 2843 2844 ant = run_maxrssi_chain(sc, rxwi); 2845 rssi = rxwi->rssi[ant]; 2846 nf = run_rssi2dbm(sc, rssi, ant); 2847 2848 m->m_pkthdr.len = m->m_len = len; 2849 2850 if (ni != NULL) { 2851 (void)ieee80211_input(ni, m, rssi, nf); 2852 ieee80211_free_node(ni); 2853 } else { 2854 (void)ieee80211_input_all(ic, m, rssi, nf); 2855 } 2856 2857 if (__predict_false(ieee80211_radiotap_active(ic))) { 2858 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2859 uint16_t phy; 2860 2861 tap->wr_flags = 0; 2862 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2863 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2864 tap->wr_antsignal = rssi; 2865 tap->wr_antenna = ant; 2866 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2867 tap->wr_rate = 2; /* in case it can't be found below */ 2868 run_get_tsf(sc, &tap->wr_tsf); 2869 phy = le16toh(rxwi->phy); 2870 switch (phy & RT2860_PHY_MODE) { 2871 case RT2860_PHY_CCK: 2872 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2873 case 0: tap->wr_rate = 2; break; 2874 case 1: tap->wr_rate = 4; break; 2875 case 2: tap->wr_rate = 11; break; 2876 case 3: tap->wr_rate = 22; break; 2877 } 2878 if (phy & RT2860_PHY_SHPRE) 2879 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2880 break; 2881 case RT2860_PHY_OFDM: 2882 switch (phy & RT2860_PHY_MCS) { 2883 case 0: tap->wr_rate = 12; break; 2884 case 1: tap->wr_rate = 18; break; 2885 case 2: tap->wr_rate = 24; break; 2886 case 3: tap->wr_rate = 36; break; 2887 case 4: tap->wr_rate = 48; break; 2888 case 5: tap->wr_rate = 72; break; 2889 case 6: tap->wr_rate = 96; break; 2890 case 7: tap->wr_rate = 108; break; 2891 } 2892 break; 2893 } 2894 } 2895 } 2896 2897 static void 2898 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2899 { 2900 struct run_softc *sc = usbd_xfer_softc(xfer); 2901 struct ieee80211com *ic = &sc->sc_ic; 2902 struct mbuf *m = NULL; 2903 struct mbuf *m0; 2904 uint32_t dmalen; 2905 uint16_t rxwisize; 2906 int xferlen; 2907 2908 rxwisize = sizeof(struct rt2860_rxwi); 2909 if (sc->mac_ver == 0x5592) 2910 rxwisize += sizeof(uint64_t); 2911 else if (sc->mac_ver == 0x3593) 2912 rxwisize += sizeof(uint32_t); 2913 2914 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2915 2916 switch (USB_GET_STATE(xfer)) { 2917 case USB_ST_TRANSFERRED: 2918 2919 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2920 2921 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2922 sizeof(struct rt2870_rxd))) { 2923 DPRINTF("xfer too short %d\n", xferlen); 2924 goto tr_setup; 2925 } 2926 2927 m = sc->rx_m; 2928 sc->rx_m = NULL; 2929 2930 /* FALLTHROUGH */ 2931 case USB_ST_SETUP: 2932 tr_setup: 2933 if (sc->rx_m == NULL) { 2934 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2935 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2936 } 2937 if (sc->rx_m == NULL) { 2938 DPRINTF("could not allocate mbuf - idle with stall\n"); 2939 counter_u64_add(ic->ic_ierrors, 1); 2940 usbd_xfer_set_stall(xfer); 2941 usbd_xfer_set_frames(xfer, 0); 2942 } else { 2943 /* 2944 * Directly loading a mbuf cluster into DMA to 2945 * save some data copying. This works because 2946 * there is only one cluster. 2947 */ 2948 usbd_xfer_set_frame_data(xfer, 0, 2949 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2950 usbd_xfer_set_frames(xfer, 1); 2951 } 2952 usbd_transfer_submit(xfer); 2953 break; 2954 2955 default: /* Error */ 2956 if (error != USB_ERR_CANCELLED) { 2957 /* try to clear stall first */ 2958 usbd_xfer_set_stall(xfer); 2959 if (error == USB_ERR_TIMEOUT) 2960 device_printf(sc->sc_dev, "device timeout\n"); 2961 counter_u64_add(ic->ic_ierrors, 1); 2962 goto tr_setup; 2963 } 2964 if (sc->rx_m != NULL) { 2965 m_freem(sc->rx_m); 2966 sc->rx_m = NULL; 2967 } 2968 break; 2969 } 2970 2971 if (m == NULL) 2972 return; 2973 2974 /* inputting all the frames must be last */ 2975 2976 RUN_UNLOCK(sc); 2977 2978 m->m_pkthdr.len = m->m_len = xferlen; 2979 2980 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2981 for(;;) { 2982 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2983 2984 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2985 ((dmalen & 3) != 0)) { 2986 DPRINTF("bad DMA length %u\n", dmalen); 2987 break; 2988 } 2989 if ((dmalen + 8) > (uint32_t)xferlen) { 2990 DPRINTF("bad DMA length %u > %d\n", 2991 dmalen + 8, xferlen); 2992 break; 2993 } 2994 2995 /* If it is the last one or a single frame, we won't copy. */ 2996 if ((xferlen -= dmalen + 8) <= 8) { 2997 /* trim 32-bit DMA-len header */ 2998 m->m_data += 4; 2999 m->m_pkthdr.len = m->m_len -= 4; 3000 run_rx_frame(sc, m, dmalen); 3001 m = NULL; /* don't free source buffer */ 3002 break; 3003 } 3004 3005 /* copy aggregated frames to another mbuf */ 3006 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3007 if (__predict_false(m0 == NULL)) { 3008 DPRINTF("could not allocate mbuf\n"); 3009 counter_u64_add(ic->ic_ierrors, 1); 3010 break; 3011 } 3012 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3013 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3014 m0->m_pkthdr.len = m0->m_len = 3015 dmalen + sizeof(struct rt2870_rxd); 3016 run_rx_frame(sc, m0, dmalen); 3017 3018 /* update data ptr */ 3019 m->m_data += dmalen + 8; 3020 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3021 } 3022 3023 /* make sure we free the source buffer, if any */ 3024 m_freem(m); 3025 3026 RUN_LOCK(sc); 3027 } 3028 3029 static void 3030 run_tx_free(struct run_endpoint_queue *pq, 3031 struct run_tx_data *data, int txerr) 3032 { 3033 if (data->m != NULL) { 3034 if (data->m->m_flags & M_TXCB) 3035 ieee80211_process_callback(data->ni, data->m, 3036 txerr ? ETIMEDOUT : 0); 3037 m_freem(data->m); 3038 data->m = NULL; 3039 3040 if (data->ni == NULL) { 3041 DPRINTF("no node\n"); 3042 } else { 3043 ieee80211_free_node(data->ni); 3044 data->ni = NULL; 3045 } 3046 } 3047 3048 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3049 pq->tx_nfree++; 3050 } 3051 3052 static void 3053 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3054 { 3055 struct run_softc *sc = usbd_xfer_softc(xfer); 3056 struct ieee80211com *ic = &sc->sc_ic; 3057 struct run_tx_data *data; 3058 struct ieee80211vap *vap = NULL; 3059 struct usb_page_cache *pc; 3060 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3061 struct mbuf *m; 3062 usb_frlength_t size; 3063 int actlen; 3064 int sumlen; 3065 3066 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3067 3068 switch (USB_GET_STATE(xfer)) { 3069 case USB_ST_TRANSFERRED: 3070 DPRINTFN(11, "transfer complete: %d " 3071 "bytes @ index %d\n", actlen, index); 3072 3073 data = usbd_xfer_get_priv(xfer); 3074 run_tx_free(pq, data, 0); 3075 usbd_xfer_set_priv(xfer, NULL); 3076 3077 /* FALLTHROUGH */ 3078 case USB_ST_SETUP: 3079 tr_setup: 3080 data = STAILQ_FIRST(&pq->tx_qh); 3081 if (data == NULL) 3082 break; 3083 3084 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3085 3086 m = data->m; 3087 size = (sc->mac_ver == 0x5592) ? 3088 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3089 if ((m->m_pkthdr.len + 3090 size + 3 + 8) > RUN_MAX_TXSZ) { 3091 DPRINTF("data overflow, %u bytes\n", 3092 m->m_pkthdr.len); 3093 run_tx_free(pq, data, 1); 3094 goto tr_setup; 3095 } 3096 3097 pc = usbd_xfer_get_frame(xfer, 0); 3098 usbd_copy_in(pc, 0, &data->desc, size); 3099 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3100 size += m->m_pkthdr.len; 3101 /* 3102 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3103 * 4-byte padding), and be sure to zero those trailing 3104 * bytes: 3105 */ 3106 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3107 size += ((-size) & 3) + 8; 3108 3109 vap = data->ni->ni_vap; 3110 if (ieee80211_radiotap_active_vap(vap)) { 3111 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3112 struct rt2860_txwi *txwi = 3113 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3114 tap->wt_flags = 0; 3115 tap->wt_rate = rt2860_rates[data->ridx].rate; 3116 run_get_tsf(sc, &tap->wt_tsf); 3117 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3118 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3119 tap->wt_hwqueue = index; 3120 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3121 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3122 3123 ieee80211_radiotap_tx(vap, m); 3124 } 3125 3126 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3127 m->m_pkthdr.len, size, index); 3128 3129 usbd_xfer_set_frame_len(xfer, 0, size); 3130 usbd_xfer_set_priv(xfer, data); 3131 usbd_transfer_submit(xfer); 3132 run_start(sc); 3133 3134 break; 3135 3136 default: 3137 DPRINTF("USB transfer error, %s\n", 3138 usbd_errstr(error)); 3139 3140 data = usbd_xfer_get_priv(xfer); 3141 3142 if (data != NULL) { 3143 if(data->ni != NULL) 3144 vap = data->ni->ni_vap; 3145 run_tx_free(pq, data, error); 3146 usbd_xfer_set_priv(xfer, NULL); 3147 } 3148 3149 if (vap == NULL) 3150 vap = TAILQ_FIRST(&ic->ic_vaps); 3151 3152 if (error != USB_ERR_CANCELLED) { 3153 if (error == USB_ERR_TIMEOUT) { 3154 device_printf(sc->sc_dev, "device timeout\n"); 3155 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3156 DPRINTF("cmdq_store=%d\n", i); 3157 sc->cmdq[i].func = run_usb_timeout_cb; 3158 sc->cmdq[i].arg0 = vap; 3159 ieee80211_runtask(ic, &sc->cmdq_task); 3160 } 3161 3162 /* 3163 * Try to clear stall first, also if other 3164 * errors occur, hence clearing stall 3165 * introduces a 50 ms delay: 3166 */ 3167 usbd_xfer_set_stall(xfer); 3168 goto tr_setup; 3169 } 3170 break; 3171 } 3172 } 3173 3174 static void 3175 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3176 { 3177 run_bulk_tx_callbackN(xfer, error, 0); 3178 } 3179 3180 static void 3181 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3182 { 3183 run_bulk_tx_callbackN(xfer, error, 1); 3184 } 3185 3186 static void 3187 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3188 { 3189 run_bulk_tx_callbackN(xfer, error, 2); 3190 } 3191 3192 static void 3193 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3194 { 3195 run_bulk_tx_callbackN(xfer, error, 3); 3196 } 3197 3198 static void 3199 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3200 { 3201 run_bulk_tx_callbackN(xfer, error, 4); 3202 } 3203 3204 static void 3205 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3206 { 3207 run_bulk_tx_callbackN(xfer, error, 5); 3208 } 3209 3210 static void 3211 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3212 { 3213 struct mbuf *m = data->m; 3214 struct ieee80211com *ic = &sc->sc_ic; 3215 struct ieee80211vap *vap = data->ni->ni_vap; 3216 struct ieee80211_frame *wh; 3217 struct rt2870_txd *txd; 3218 struct rt2860_txwi *txwi; 3219 uint16_t xferlen, txwisize; 3220 uint16_t mcs; 3221 uint8_t ridx = data->ridx; 3222 uint8_t pad; 3223 3224 /* get MCS code from rate index */ 3225 mcs = rt2860_rates[ridx].mcs; 3226 3227 txwisize = (sc->mac_ver == 0x5592) ? 3228 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3229 xferlen = txwisize + m->m_pkthdr.len; 3230 3231 /* roundup to 32-bit alignment */ 3232 xferlen = (xferlen + 3) & ~3; 3233 3234 txd = (struct rt2870_txd *)&data->desc; 3235 txd->len = htole16(xferlen); 3236 3237 wh = mtod(m, struct ieee80211_frame *); 3238 3239 /* 3240 * Ether both are true or both are false, the header 3241 * are nicely aligned to 32-bit. So, no L2 padding. 3242 */ 3243 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3244 pad = 0; 3245 else 3246 pad = 2; 3247 3248 /* setup TX Wireless Information */ 3249 txwi = (struct rt2860_txwi *)(txd + 1); 3250 txwi->len = htole16(m->m_pkthdr.len - pad); 3251 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3252 mcs |= RT2860_PHY_CCK; 3253 if (ridx != RT2860_RIDX_CCK1 && 3254 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3255 mcs |= RT2860_PHY_SHPRE; 3256 } else 3257 mcs |= RT2860_PHY_OFDM; 3258 txwi->phy = htole16(mcs); 3259 3260 /* check if RTS/CTS or CTS-to-self protection is required */ 3261 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3262 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3263 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3264 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3265 txwi->txop |= RT2860_TX_TXOP_HT; 3266 else 3267 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3268 3269 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3270 txwi->xflags |= RT2860_TX_NSEQ; 3271 } 3272 3273 /* This function must be called locked */ 3274 static int 3275 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3276 { 3277 struct ieee80211com *ic = &sc->sc_ic; 3278 struct ieee80211vap *vap = ni->ni_vap; 3279 struct ieee80211_frame *wh; 3280 struct ieee80211_channel *chan; 3281 const struct ieee80211_txparam *tp; 3282 struct run_node *rn = RUN_NODE(ni); 3283 struct run_tx_data *data; 3284 struct rt2870_txd *txd; 3285 struct rt2860_txwi *txwi; 3286 uint16_t qos; 3287 uint16_t dur; 3288 uint16_t qid; 3289 uint8_t type; 3290 uint8_t tid; 3291 uint8_t ridx; 3292 uint8_t ctl_ridx; 3293 uint8_t qflags; 3294 uint8_t xflags = 0; 3295 int hasqos; 3296 3297 RUN_LOCK_ASSERT(sc, MA_OWNED); 3298 3299 wh = mtod(m, struct ieee80211_frame *); 3300 3301 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3302 3303 /* 3304 * There are 7 bulk endpoints: 1 for RX 3305 * and 6 for TX (4 EDCAs + HCCA + Prio). 3306 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3307 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3308 */ 3309 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3310 uint8_t *frm; 3311 3312 if(IEEE80211_HAS_ADDR4(wh)) 3313 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3314 else 3315 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3316 3317 qos = le16toh(*(const uint16_t *)frm); 3318 tid = qos & IEEE80211_QOS_TID; 3319 qid = TID_TO_WME_AC(tid); 3320 } else { 3321 qos = 0; 3322 tid = 0; 3323 qid = WME_AC_BE; 3324 } 3325 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3326 3327 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3328 qos, qid, tid, qflags); 3329 3330 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3331 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3332 3333 /* pickup a rate index */ 3334 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3335 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3336 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3337 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3338 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3339 } else { 3340 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3341 ridx = rn->fix_ridx; 3342 else 3343 ridx = rn->amrr_ridx; 3344 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3345 } 3346 3347 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3348 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3349 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3350 xflags |= RT2860_TX_ACK; 3351 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3352 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3353 else 3354 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3355 USETW(wh->i_dur, dur); 3356 } 3357 3358 /* reserve slots for mgmt packets, just in case */ 3359 if (sc->sc_epq[qid].tx_nfree < 3) { 3360 DPRINTFN(10, "tx ring %d is full\n", qid); 3361 return (-1); 3362 } 3363 3364 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3365 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3366 sc->sc_epq[qid].tx_nfree--; 3367 3368 txd = (struct rt2870_txd *)&data->desc; 3369 txd->flags = qflags; 3370 txwi = (struct rt2860_txwi *)(txd + 1); 3371 txwi->xflags = xflags; 3372 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3373 txwi->wcid = 0; 3374 else 3375 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3376 1 : RUN_AID2WCID(ni->ni_associd); 3377 3378 /* clear leftover garbage bits */ 3379 txwi->flags = 0; 3380 txwi->txop = 0; 3381 3382 data->m = m; 3383 data->ni = ni; 3384 data->ridx = ridx; 3385 3386 run_set_tx_desc(sc, data); 3387 3388 /* 3389 * The chip keeps track of 2 kind of Tx stats, 3390 * * TX_STAT_FIFO, for per WCID stats, and 3391 * * TX_STA_CNT0 for all-TX-in-one stats. 3392 * 3393 * To use FIFO stats, we need to store MCS into the driver-private 3394 * PacketID field. So that, we can tell whose stats when we read them. 3395 * We add 1 to the MCS because setting the PacketID field to 0 means 3396 * that we don't want feedback in TX_STAT_FIFO. 3397 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3398 * 3399 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3400 */ 3401 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3402 vap->iv_opmode == IEEE80211_M_MBSS) { 3403 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3404 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3405 3406 /* 3407 * Unlike PCI based devices, we don't get any interrupt from 3408 * USB devices, so we simulate FIFO-is-full interrupt here. 3409 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3410 * quickly get fulled. To prevent overflow, increment a counter on 3411 * every FIFO stat request, so we know how many slots are left. 3412 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3413 * are used only in those modes. 3414 * We just drain stats. AMRR gets updated every 1 sec by 3415 * run_ratectl_cb() via callout. 3416 * Call it early. Otherwise overflow. 3417 */ 3418 if (sc->fifo_cnt++ == 10) { 3419 /* 3420 * With multiple vaps or if_bridge, if_start() is called 3421 * with a non-sleepable lock, tcpinp. So, need to defer. 3422 */ 3423 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3424 DPRINTFN(6, "cmdq_store=%d\n", i); 3425 sc->cmdq[i].func = run_drain_fifo; 3426 sc->cmdq[i].arg0 = sc; 3427 ieee80211_runtask(ic, &sc->cmdq_task); 3428 } 3429 } 3430 3431 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3432 3433 usbd_transfer_start(sc->sc_xfer[qid]); 3434 3435 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3436 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3437 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3438 3439 return (0); 3440 } 3441 3442 static int 3443 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3444 { 3445 struct ieee80211com *ic = &sc->sc_ic; 3446 struct run_node *rn = RUN_NODE(ni); 3447 struct run_tx_data *data; 3448 struct ieee80211_frame *wh; 3449 struct rt2870_txd *txd; 3450 struct rt2860_txwi *txwi; 3451 uint16_t dur; 3452 uint8_t ridx = rn->mgt_ridx; 3453 uint8_t type; 3454 uint8_t xflags = 0; 3455 uint8_t wflags = 0; 3456 3457 RUN_LOCK_ASSERT(sc, MA_OWNED); 3458 3459 wh = mtod(m, struct ieee80211_frame *); 3460 3461 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3462 3463 /* tell hardware to add timestamp for probe responses */ 3464 if ((wh->i_fc[0] & 3465 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3466 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3467 wflags |= RT2860_TX_TS; 3468 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3469 xflags |= RT2860_TX_ACK; 3470 3471 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3472 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3473 USETW(wh->i_dur, dur); 3474 } 3475 3476 if (sc->sc_epq[0].tx_nfree == 0) 3477 /* let caller free mbuf */ 3478 return (EIO); 3479 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3480 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3481 sc->sc_epq[0].tx_nfree--; 3482 3483 txd = (struct rt2870_txd *)&data->desc; 3484 txd->flags = RT2860_TX_QSEL_EDCA; 3485 txwi = (struct rt2860_txwi *)(txd + 1); 3486 txwi->wcid = 0xff; 3487 txwi->flags = wflags; 3488 txwi->xflags = xflags; 3489 txwi->txop = 0; /* clear leftover garbage bits */ 3490 3491 data->m = m; 3492 data->ni = ni; 3493 data->ridx = ridx; 3494 3495 run_set_tx_desc(sc, data); 3496 3497 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3498 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3499 rt2860_rates[ridx].rate); 3500 3501 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3502 3503 usbd_transfer_start(sc->sc_xfer[0]); 3504 3505 return (0); 3506 } 3507 3508 static int 3509 run_sendprot(struct run_softc *sc, 3510 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3511 { 3512 struct ieee80211com *ic = ni->ni_ic; 3513 struct ieee80211_frame *wh; 3514 struct run_tx_data *data; 3515 struct rt2870_txd *txd; 3516 struct rt2860_txwi *txwi; 3517 struct mbuf *mprot; 3518 int ridx; 3519 int protrate; 3520 int ackrate; 3521 int pktlen; 3522 int isshort; 3523 uint16_t dur; 3524 uint8_t type; 3525 uint8_t wflags = 0; 3526 uint8_t xflags = 0; 3527 3528 RUN_LOCK_ASSERT(sc, MA_OWNED); 3529 3530 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3531 ("protection %d", prot)); 3532 3533 wh = mtod(m, struct ieee80211_frame *); 3534 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3535 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3536 3537 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3538 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3539 3540 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3541 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3542 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3543 wflags = RT2860_TX_FRAG; 3544 3545 /* check that there are free slots before allocating the mbuf */ 3546 if (sc->sc_epq[0].tx_nfree == 0) 3547 /* let caller free mbuf */ 3548 return (ENOBUFS); 3549 3550 if (prot == IEEE80211_PROT_RTSCTS) { 3551 /* NB: CTS is the same size as an ACK */ 3552 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3553 xflags |= RT2860_TX_ACK; 3554 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3555 } else { 3556 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3557 } 3558 if (mprot == NULL) { 3559 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3560 DPRINTF("could not allocate mbuf\n"); 3561 return (ENOBUFS); 3562 } 3563 3564 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3565 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3566 sc->sc_epq[0].tx_nfree--; 3567 3568 txd = (struct rt2870_txd *)&data->desc; 3569 txd->flags = RT2860_TX_QSEL_EDCA; 3570 txwi = (struct rt2860_txwi *)(txd + 1); 3571 txwi->wcid = 0xff; 3572 txwi->flags = wflags; 3573 txwi->xflags = xflags; 3574 txwi->txop = 0; /* clear leftover garbage bits */ 3575 3576 data->m = mprot; 3577 data->ni = ieee80211_ref_node(ni); 3578 3579 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3580 if (rt2860_rates[ridx].rate == protrate) 3581 break; 3582 data->ridx = ridx; 3583 3584 run_set_tx_desc(sc, data); 3585 3586 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3587 m->m_pkthdr.len, rate); 3588 3589 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3590 3591 usbd_transfer_start(sc->sc_xfer[0]); 3592 3593 return (0); 3594 } 3595 3596 static int 3597 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3598 const struct ieee80211_bpf_params *params) 3599 { 3600 struct ieee80211com *ic = ni->ni_ic; 3601 struct ieee80211_frame *wh; 3602 struct run_tx_data *data; 3603 struct rt2870_txd *txd; 3604 struct rt2860_txwi *txwi; 3605 uint8_t type; 3606 uint8_t ridx; 3607 uint8_t rate; 3608 uint8_t opflags = 0; 3609 uint8_t xflags = 0; 3610 int error; 3611 3612 RUN_LOCK_ASSERT(sc, MA_OWNED); 3613 3614 KASSERT(params != NULL, ("no raw xmit params")); 3615 3616 wh = mtod(m, struct ieee80211_frame *); 3617 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3618 3619 rate = params->ibp_rate0; 3620 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3621 /* let caller free mbuf */ 3622 return (EINVAL); 3623 } 3624 3625 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3626 xflags |= RT2860_TX_ACK; 3627 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3628 error = run_sendprot(sc, m, ni, 3629 params->ibp_flags & IEEE80211_BPF_RTS ? 3630 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3631 rate); 3632 if (error) { 3633 /* let caller free mbuf */ 3634 return error; 3635 } 3636 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3637 } 3638 3639 if (sc->sc_epq[0].tx_nfree == 0) { 3640 /* let caller free mbuf */ 3641 DPRINTF("sending raw frame, but tx ring is full\n"); 3642 return (EIO); 3643 } 3644 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3645 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3646 sc->sc_epq[0].tx_nfree--; 3647 3648 txd = (struct rt2870_txd *)&data->desc; 3649 txd->flags = RT2860_TX_QSEL_EDCA; 3650 txwi = (struct rt2860_txwi *)(txd + 1); 3651 txwi->wcid = 0xff; 3652 txwi->xflags = xflags; 3653 txwi->txop = opflags; 3654 txwi->flags = 0; /* clear leftover garbage bits */ 3655 3656 data->m = m; 3657 data->ni = ni; 3658 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3659 if (rt2860_rates[ridx].rate == rate) 3660 break; 3661 data->ridx = ridx; 3662 3663 run_set_tx_desc(sc, data); 3664 3665 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3666 m->m_pkthdr.len, rate); 3667 3668 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3669 3670 usbd_transfer_start(sc->sc_xfer[0]); 3671 3672 return (0); 3673 } 3674 3675 static int 3676 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3677 const struct ieee80211_bpf_params *params) 3678 { 3679 struct run_softc *sc = ni->ni_ic->ic_softc; 3680 int error = 0; 3681 3682 RUN_LOCK(sc); 3683 3684 /* prevent management frames from being sent if we're not ready */ 3685 if (!(sc->sc_flags & RUN_RUNNING)) { 3686 error = ENETDOWN; 3687 goto done; 3688 } 3689 3690 if (params == NULL) { 3691 /* tx mgt packet */ 3692 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3693 DPRINTF("mgt tx failed\n"); 3694 goto done; 3695 } 3696 } else { 3697 /* tx raw packet with param */ 3698 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3699 DPRINTF("tx with param failed\n"); 3700 goto done; 3701 } 3702 } 3703 3704 done: 3705 RUN_UNLOCK(sc); 3706 3707 if (error != 0) { 3708 if(m != NULL) 3709 m_freem(m); 3710 } 3711 3712 return (error); 3713 } 3714 3715 static int 3716 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3717 { 3718 struct run_softc *sc = ic->ic_softc; 3719 int error; 3720 3721 RUN_LOCK(sc); 3722 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3723 RUN_UNLOCK(sc); 3724 return (ENXIO); 3725 } 3726 error = mbufq_enqueue(&sc->sc_snd, m); 3727 if (error) { 3728 RUN_UNLOCK(sc); 3729 return (error); 3730 } 3731 run_start(sc); 3732 RUN_UNLOCK(sc); 3733 3734 return (0); 3735 } 3736 3737 static void 3738 run_start(struct run_softc *sc) 3739 { 3740 struct ieee80211_node *ni; 3741 struct mbuf *m; 3742 3743 RUN_LOCK_ASSERT(sc, MA_OWNED); 3744 3745 if ((sc->sc_flags & RUN_RUNNING) == 0) 3746 return; 3747 3748 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3749 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3750 if (run_tx(sc, m, ni) != 0) { 3751 mbufq_prepend(&sc->sc_snd, m); 3752 break; 3753 } 3754 } 3755 } 3756 3757 static void 3758 run_parent(struct ieee80211com *ic) 3759 { 3760 struct run_softc *sc = ic->ic_softc; 3761 int startall = 0; 3762 3763 RUN_LOCK(sc); 3764 if (sc->sc_detached) { 3765 RUN_UNLOCK(sc); 3766 return; 3767 } 3768 3769 if (ic->ic_nrunning > 0) { 3770 if (!(sc->sc_flags & RUN_RUNNING)) { 3771 startall = 1; 3772 run_init_locked(sc); 3773 } else 3774 run_update_promisc_locked(sc); 3775 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3776 run_stop(sc); 3777 RUN_UNLOCK(sc); 3778 if (startall) 3779 ieee80211_start_all(ic); 3780 } 3781 3782 static void 3783 run_iq_calib(struct run_softc *sc, u_int chan) 3784 { 3785 uint16_t val; 3786 3787 /* Tx0 IQ gain. */ 3788 run_bbp_write(sc, 158, 0x2c); 3789 if (chan <= 14) 3790 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3791 else if (chan <= 64) { 3792 run_efuse_read(sc, 3793 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3794 &val, 1); 3795 } else if (chan <= 138) { 3796 run_efuse_read(sc, 3797 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3798 &val, 1); 3799 } else if (chan <= 165) { 3800 run_efuse_read(sc, 3801 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3802 &val, 1); 3803 } else 3804 val = 0; 3805 run_bbp_write(sc, 159, val); 3806 3807 /* Tx0 IQ phase. */ 3808 run_bbp_write(sc, 158, 0x2d); 3809 if (chan <= 14) { 3810 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3811 &val, 1); 3812 } else if (chan <= 64) { 3813 run_efuse_read(sc, 3814 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3815 &val, 1); 3816 } else if (chan <= 138) { 3817 run_efuse_read(sc, 3818 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3819 &val, 1); 3820 } else if (chan <= 165) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3823 &val, 1); 3824 } else 3825 val = 0; 3826 run_bbp_write(sc, 159, val); 3827 3828 /* Tx1 IQ gain. */ 3829 run_bbp_write(sc, 158, 0x4a); 3830 if (chan <= 14) { 3831 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3832 &val, 1); 3833 } else if (chan <= 64) { 3834 run_efuse_read(sc, 3835 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3836 &val, 1); 3837 } else if (chan <= 138) { 3838 run_efuse_read(sc, 3839 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3840 &val, 1); 3841 } else if (chan <= 165) { 3842 run_efuse_read(sc, 3843 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3844 &val, 1); 3845 } else 3846 val = 0; 3847 run_bbp_write(sc, 159, val); 3848 3849 /* Tx1 IQ phase. */ 3850 run_bbp_write(sc, 158, 0x4b); 3851 if (chan <= 14) { 3852 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3853 &val, 1); 3854 } else if (chan <= 64) { 3855 run_efuse_read(sc, 3856 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3857 &val, 1); 3858 } else if (chan <= 138) { 3859 run_efuse_read(sc, 3860 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3861 &val, 1); 3862 } else if (chan <= 165) { 3863 run_efuse_read(sc, 3864 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3865 &val, 1); 3866 } else 3867 val = 0; 3868 run_bbp_write(sc, 159, val); 3869 3870 /* RF IQ compensation control. */ 3871 run_bbp_write(sc, 158, 0x04); 3872 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3873 &val, 1); 3874 run_bbp_write(sc, 159, val); 3875 3876 /* RF IQ imbalance compensation control. */ 3877 run_bbp_write(sc, 158, 0x03); 3878 run_efuse_read(sc, 3879 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3880 run_bbp_write(sc, 159, val); 3881 } 3882 3883 static void 3884 run_set_agc(struct run_softc *sc, uint8_t agc) 3885 { 3886 uint8_t bbp; 3887 3888 if (sc->mac_ver == 0x3572) { 3889 run_bbp_read(sc, 27, &bbp); 3890 bbp &= ~(0x3 << 5); 3891 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3892 run_bbp_write(sc, 66, agc); 3893 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3894 run_bbp_write(sc, 66, agc); 3895 } else 3896 run_bbp_write(sc, 66, agc); 3897 } 3898 3899 static void 3900 run_select_chan_group(struct run_softc *sc, int group) 3901 { 3902 uint32_t tmp; 3903 uint8_t agc; 3904 3905 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3906 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3907 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3908 if (sc->mac_ver < 0x3572) 3909 run_bbp_write(sc, 86, 0x00); 3910 3911 if (sc->mac_ver == 0x3593) { 3912 run_bbp_write(sc, 77, 0x98); 3913 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3914 } 3915 3916 if (group == 0) { 3917 if (sc->ext_2ghz_lna) { 3918 if (sc->mac_ver >= 0x5390) 3919 run_bbp_write(sc, 75, 0x52); 3920 else { 3921 run_bbp_write(sc, 82, 0x62); 3922 run_bbp_write(sc, 75, 0x46); 3923 } 3924 } else { 3925 if (sc->mac_ver == 0x5592) { 3926 run_bbp_write(sc, 79, 0x1c); 3927 run_bbp_write(sc, 80, 0x0e); 3928 run_bbp_write(sc, 81, 0x3a); 3929 run_bbp_write(sc, 82, 0x62); 3930 3931 run_bbp_write(sc, 195, 0x80); 3932 run_bbp_write(sc, 196, 0xe0); 3933 run_bbp_write(sc, 195, 0x81); 3934 run_bbp_write(sc, 196, 0x1f); 3935 run_bbp_write(sc, 195, 0x82); 3936 run_bbp_write(sc, 196, 0x38); 3937 run_bbp_write(sc, 195, 0x83); 3938 run_bbp_write(sc, 196, 0x32); 3939 run_bbp_write(sc, 195, 0x85); 3940 run_bbp_write(sc, 196, 0x28); 3941 run_bbp_write(sc, 195, 0x86); 3942 run_bbp_write(sc, 196, 0x19); 3943 } else if (sc->mac_ver >= 0x5390) 3944 run_bbp_write(sc, 75, 0x50); 3945 else { 3946 run_bbp_write(sc, 82, 3947 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3948 run_bbp_write(sc, 75, 0x50); 3949 } 3950 } 3951 } else { 3952 if (sc->mac_ver == 0x5592) { 3953 run_bbp_write(sc, 79, 0x18); 3954 run_bbp_write(sc, 80, 0x08); 3955 run_bbp_write(sc, 81, 0x38); 3956 run_bbp_write(sc, 82, 0x92); 3957 3958 run_bbp_write(sc, 195, 0x80); 3959 run_bbp_write(sc, 196, 0xf0); 3960 run_bbp_write(sc, 195, 0x81); 3961 run_bbp_write(sc, 196, 0x1e); 3962 run_bbp_write(sc, 195, 0x82); 3963 run_bbp_write(sc, 196, 0x28); 3964 run_bbp_write(sc, 195, 0x83); 3965 run_bbp_write(sc, 196, 0x20); 3966 run_bbp_write(sc, 195, 0x85); 3967 run_bbp_write(sc, 196, 0x7f); 3968 run_bbp_write(sc, 195, 0x86); 3969 run_bbp_write(sc, 196, 0x7f); 3970 } else if (sc->mac_ver == 0x3572) 3971 run_bbp_write(sc, 82, 0x94); 3972 else 3973 run_bbp_write(sc, 82, 3974 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3975 if (sc->ext_5ghz_lna) 3976 run_bbp_write(sc, 75, 0x46); 3977 else 3978 run_bbp_write(sc, 75, 0x50); 3979 } 3980 3981 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3982 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3983 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3984 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3985 3986 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3987 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3988 if (sc->mac_ver == 0x3593) 3989 tmp |= 1 << 29 | 1 << 28; 3990 if (sc->nrxchains > 1) 3991 tmp |= RT2860_LNA_PE1_EN; 3992 if (group == 0) { /* 2GHz */ 3993 tmp |= RT2860_PA_PE_G0_EN; 3994 if (sc->ntxchains > 1) 3995 tmp |= RT2860_PA_PE_G1_EN; 3996 if (sc->mac_ver == 0x3593) { 3997 if (sc->ntxchains > 2) 3998 tmp |= 1 << 25; 3999 } 4000 } else { /* 5GHz */ 4001 tmp |= RT2860_PA_PE_A0_EN; 4002 if (sc->ntxchains > 1) 4003 tmp |= RT2860_PA_PE_A1_EN; 4004 } 4005 if (sc->mac_ver == 0x3572) { 4006 run_rt3070_rf_write(sc, 8, 0x00); 4007 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4008 run_rt3070_rf_write(sc, 8, 0x80); 4009 } else 4010 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4011 4012 if (sc->mac_ver == 0x5592) { 4013 run_bbp_write(sc, 195, 0x8d); 4014 run_bbp_write(sc, 196, 0x1a); 4015 } 4016 4017 if (sc->mac_ver == 0x3593) { 4018 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4019 tmp &= ~0x01010000; 4020 if (group == 0) 4021 tmp |= 0x00010000; 4022 tmp = (tmp & ~0x00009090) | 0x00000090; 4023 run_write(sc, RT2860_GPIO_CTRL, tmp); 4024 } 4025 4026 /* set initial AGC value */ 4027 if (group == 0) { /* 2GHz band */ 4028 if (sc->mac_ver >= 0x3070) 4029 agc = 0x1c + sc->lna[0] * 2; 4030 else 4031 agc = 0x2e + sc->lna[0]; 4032 } else { /* 5GHz band */ 4033 if (sc->mac_ver == 0x5592) 4034 agc = 0x24 + sc->lna[group] * 2; 4035 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4036 agc = 0x22 + (sc->lna[group] * 5) / 3; 4037 else 4038 agc = 0x32 + (sc->lna[group] * 5) / 3; 4039 } 4040 run_set_agc(sc, agc); 4041 } 4042 4043 static void 4044 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4045 { 4046 const struct rfprog *rfprog = rt2860_rf2850; 4047 uint32_t r2, r3, r4; 4048 int8_t txpow1, txpow2; 4049 int i; 4050 4051 /* find the settings for this channel (we know it exists) */ 4052 for (i = 0; rfprog[i].chan != chan; i++); 4053 4054 r2 = rfprog[i].r2; 4055 if (sc->ntxchains == 1) 4056 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4057 if (sc->nrxchains == 1) 4058 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4059 else if (sc->nrxchains == 2) 4060 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4061 4062 /* use Tx power values from EEPROM */ 4063 txpow1 = sc->txpow1[i]; 4064 txpow2 = sc->txpow2[i]; 4065 4066 /* Initialize RF R3 and R4. */ 4067 r3 = rfprog[i].r3 & 0xffffc1ff; 4068 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4069 if (chan > 14) { 4070 if (txpow1 >= 0) { 4071 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4072 r3 |= (txpow1 << 10) | (1 << 9); 4073 } else { 4074 txpow1 += 7; 4075 4076 /* txpow1 is not possible larger than 15. */ 4077 r3 |= (txpow1 << 10); 4078 } 4079 if (txpow2 >= 0) { 4080 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4081 r4 |= (txpow2 << 7) | (1 << 6); 4082 } else { 4083 txpow2 += 7; 4084 r4 |= (txpow2 << 7); 4085 } 4086 } else { 4087 /* Set Tx0 power. */ 4088 r3 |= (txpow1 << 9); 4089 4090 /* Set frequency offset and Tx1 power. */ 4091 r4 |= (txpow2 << 6); 4092 } 4093 4094 run_rt2870_rf_write(sc, rfprog[i].r1); 4095 run_rt2870_rf_write(sc, r2); 4096 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4097 run_rt2870_rf_write(sc, r4); 4098 4099 run_delay(sc, 10); 4100 4101 run_rt2870_rf_write(sc, rfprog[i].r1); 4102 run_rt2870_rf_write(sc, r2); 4103 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4104 run_rt2870_rf_write(sc, r4); 4105 4106 run_delay(sc, 10); 4107 4108 run_rt2870_rf_write(sc, rfprog[i].r1); 4109 run_rt2870_rf_write(sc, r2); 4110 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4111 run_rt2870_rf_write(sc, r4); 4112 } 4113 4114 static void 4115 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4116 { 4117 int8_t txpow1, txpow2; 4118 uint8_t rf; 4119 int i; 4120 4121 /* find the settings for this channel (we know it exists) */ 4122 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4123 4124 /* use Tx power values from EEPROM */ 4125 txpow1 = sc->txpow1[i]; 4126 txpow2 = sc->txpow2[i]; 4127 4128 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4129 4130 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4131 run_rt3070_rf_read(sc, 3, &rf); 4132 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4133 run_rt3070_rf_write(sc, 3, rf); 4134 4135 run_rt3070_rf_read(sc, 6, &rf); 4136 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4137 run_rt3070_rf_write(sc, 6, rf); 4138 4139 /* set Tx0 power */ 4140 run_rt3070_rf_read(sc, 12, &rf); 4141 rf = (rf & ~0x1f) | txpow1; 4142 run_rt3070_rf_write(sc, 12, rf); 4143 4144 /* set Tx1 power */ 4145 run_rt3070_rf_read(sc, 13, &rf); 4146 rf = (rf & ~0x1f) | txpow2; 4147 run_rt3070_rf_write(sc, 13, rf); 4148 4149 run_rt3070_rf_read(sc, 1, &rf); 4150 rf &= ~0xfc; 4151 if (sc->ntxchains == 1) 4152 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4153 else if (sc->ntxchains == 2) 4154 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4155 if (sc->nrxchains == 1) 4156 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4157 else if (sc->nrxchains == 2) 4158 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4159 run_rt3070_rf_write(sc, 1, rf); 4160 4161 /* set RF offset */ 4162 run_rt3070_rf_read(sc, 23, &rf); 4163 rf = (rf & ~0x7f) | sc->freq; 4164 run_rt3070_rf_write(sc, 23, rf); 4165 4166 /* program RF filter */ 4167 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4168 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4169 run_rt3070_rf_write(sc, 24, rf); 4170 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4171 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4172 run_rt3070_rf_write(sc, 31, rf); 4173 4174 /* enable RF tuning */ 4175 run_rt3070_rf_read(sc, 7, &rf); 4176 run_rt3070_rf_write(sc, 7, rf | 0x01); 4177 } 4178 4179 static void 4180 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4181 { 4182 int8_t txpow1, txpow2; 4183 uint32_t tmp; 4184 uint8_t rf; 4185 int i; 4186 4187 /* find the settings for this channel (we know it exists) */ 4188 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4189 4190 /* use Tx power values from EEPROM */ 4191 txpow1 = sc->txpow1[i]; 4192 txpow2 = sc->txpow2[i]; 4193 4194 if (chan <= 14) { 4195 run_bbp_write(sc, 25, sc->bbp25); 4196 run_bbp_write(sc, 26, sc->bbp26); 4197 } else { 4198 /* enable IQ phase correction */ 4199 run_bbp_write(sc, 25, 0x09); 4200 run_bbp_write(sc, 26, 0xff); 4201 } 4202 4203 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4204 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4205 run_rt3070_rf_read(sc, 6, &rf); 4206 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4207 rf |= (chan <= 14) ? 0x08 : 0x04; 4208 run_rt3070_rf_write(sc, 6, rf); 4209 4210 /* set PLL mode */ 4211 run_rt3070_rf_read(sc, 5, &rf); 4212 rf &= ~(0x08 | 0x04); 4213 rf |= (chan <= 14) ? 0x04 : 0x08; 4214 run_rt3070_rf_write(sc, 5, rf); 4215 4216 /* set Tx power for chain 0 */ 4217 if (chan <= 14) 4218 rf = 0x60 | txpow1; 4219 else 4220 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4221 run_rt3070_rf_write(sc, 12, rf); 4222 4223 /* set Tx power for chain 1 */ 4224 if (chan <= 14) 4225 rf = 0x60 | txpow2; 4226 else 4227 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4228 run_rt3070_rf_write(sc, 13, rf); 4229 4230 /* set Tx/Rx streams */ 4231 run_rt3070_rf_read(sc, 1, &rf); 4232 rf &= ~0xfc; 4233 if (sc->ntxchains == 1) 4234 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4235 else if (sc->ntxchains == 2) 4236 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4237 if (sc->nrxchains == 1) 4238 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4239 else if (sc->nrxchains == 2) 4240 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4241 run_rt3070_rf_write(sc, 1, rf); 4242 4243 /* set RF offset */ 4244 run_rt3070_rf_read(sc, 23, &rf); 4245 rf = (rf & ~0x7f) | sc->freq; 4246 run_rt3070_rf_write(sc, 23, rf); 4247 4248 /* program RF filter */ 4249 rf = sc->rf24_20mhz; 4250 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4251 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4252 4253 /* enable RF tuning */ 4254 run_rt3070_rf_read(sc, 7, &rf); 4255 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4256 run_rt3070_rf_write(sc, 7, rf); 4257 4258 /* TSSI */ 4259 rf = (chan <= 14) ? 0xc3 : 0xc0; 4260 run_rt3070_rf_write(sc, 9, rf); 4261 4262 /* set loop filter 1 */ 4263 run_rt3070_rf_write(sc, 10, 0xf1); 4264 /* set loop filter 2 */ 4265 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4266 4267 /* set tx_mx2_ic */ 4268 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4269 /* set tx_mx1_ic */ 4270 if (chan <= 14) 4271 rf = 0x48 | sc->txmixgain_2ghz; 4272 else 4273 rf = 0x78 | sc->txmixgain_5ghz; 4274 run_rt3070_rf_write(sc, 16, rf); 4275 4276 /* set tx_lo1 */ 4277 run_rt3070_rf_write(sc, 17, 0x23); 4278 /* set tx_lo2 */ 4279 if (chan <= 14) 4280 rf = 0x93; 4281 else if (chan <= 64) 4282 rf = 0xb7; 4283 else if (chan <= 128) 4284 rf = 0x74; 4285 else 4286 rf = 0x72; 4287 run_rt3070_rf_write(sc, 19, rf); 4288 4289 /* set rx_lo1 */ 4290 if (chan <= 14) 4291 rf = 0xb3; 4292 else if (chan <= 64) 4293 rf = 0xf6; 4294 else if (chan <= 128) 4295 rf = 0xf4; 4296 else 4297 rf = 0xf3; 4298 run_rt3070_rf_write(sc, 20, rf); 4299 4300 /* set pfd_delay */ 4301 if (chan <= 14) 4302 rf = 0x15; 4303 else if (chan <= 64) 4304 rf = 0x3d; 4305 else 4306 rf = 0x01; 4307 run_rt3070_rf_write(sc, 25, rf); 4308 4309 /* set rx_lo2 */ 4310 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4311 /* set ldo_rf_vc */ 4312 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4313 /* set drv_cc */ 4314 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4315 4316 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4317 tmp &= ~0x8080; 4318 if (chan <= 14) 4319 tmp |= 0x80; 4320 run_write(sc, RT2860_GPIO_CTRL, tmp); 4321 4322 /* enable RF tuning */ 4323 run_rt3070_rf_read(sc, 7, &rf); 4324 run_rt3070_rf_write(sc, 7, rf | 0x01); 4325 4326 run_delay(sc, 2); 4327 } 4328 4329 static void 4330 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4331 { 4332 int8_t txpow1, txpow2, txpow3; 4333 uint8_t h20mhz, rf; 4334 int i; 4335 4336 /* find the settings for this channel (we know it exists) */ 4337 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4338 4339 /* use Tx power values from EEPROM */ 4340 txpow1 = sc->txpow1[i]; 4341 txpow2 = sc->txpow2[i]; 4342 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4343 4344 if (chan <= 14) { 4345 run_bbp_write(sc, 25, sc->bbp25); 4346 run_bbp_write(sc, 26, sc->bbp26); 4347 } else { 4348 /* Enable IQ phase correction. */ 4349 run_bbp_write(sc, 25, 0x09); 4350 run_bbp_write(sc, 26, 0xff); 4351 } 4352 4353 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4354 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4355 run_rt3070_rf_read(sc, 11, &rf); 4356 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4357 run_rt3070_rf_write(sc, 11, rf); 4358 4359 /* Set pll_idoh. */ 4360 run_rt3070_rf_read(sc, 11, &rf); 4361 rf &= ~0x4c; 4362 rf |= (chan <= 14) ? 0x44 : 0x48; 4363 run_rt3070_rf_write(sc, 11, rf); 4364 4365 if (chan <= 14) 4366 rf = txpow1 & 0x1f; 4367 else 4368 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4369 run_rt3070_rf_write(sc, 53, rf); 4370 4371 if (chan <= 14) 4372 rf = txpow2 & 0x1f; 4373 else 4374 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4375 run_rt3070_rf_write(sc, 55, rf); 4376 4377 if (chan <= 14) 4378 rf = txpow3 & 0x1f; 4379 else 4380 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4381 run_rt3070_rf_write(sc, 54, rf); 4382 4383 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4384 if (sc->ntxchains == 3) 4385 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4386 else 4387 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4388 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4389 run_rt3070_rf_write(sc, 1, rf); 4390 4391 run_adjust_freq_offset(sc); 4392 4393 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4394 4395 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4396 run_rt3070_rf_read(sc, 30, &rf); 4397 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4398 run_rt3070_rf_write(sc, 30, rf); 4399 4400 run_rt3070_rf_read(sc, 36, &rf); 4401 if (chan <= 14) 4402 rf |= 0x80; 4403 else 4404 rf &= ~0x80; 4405 run_rt3070_rf_write(sc, 36, rf); 4406 4407 /* Set vcolo_bs. */ 4408 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4409 /* Set pfd_delay. */ 4410 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4411 4412 /* Set vco bias current control. */ 4413 run_rt3070_rf_read(sc, 6, &rf); 4414 rf &= ~0xc0; 4415 if (chan <= 14) 4416 rf |= 0x40; 4417 else if (chan <= 128) 4418 rf |= 0x80; 4419 else 4420 rf |= 0x40; 4421 run_rt3070_rf_write(sc, 6, rf); 4422 4423 run_rt3070_rf_read(sc, 30, &rf); 4424 rf = (rf & ~0x18) | 0x10; 4425 run_rt3070_rf_write(sc, 30, rf); 4426 4427 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4428 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4429 4430 run_rt3070_rf_read(sc, 51, &rf); 4431 rf = (rf & ~0x03) | 0x01; 4432 run_rt3070_rf_write(sc, 51, rf); 4433 /* Set tx_mx1_cc. */ 4434 run_rt3070_rf_read(sc, 51, &rf); 4435 rf &= ~0x1c; 4436 rf |= (chan <= 14) ? 0x14 : 0x10; 4437 run_rt3070_rf_write(sc, 51, rf); 4438 /* Set tx_mx1_ic. */ 4439 run_rt3070_rf_read(sc, 51, &rf); 4440 rf &= ~0xe0; 4441 rf |= (chan <= 14) ? 0x60 : 0x40; 4442 run_rt3070_rf_write(sc, 51, rf); 4443 /* Set tx_lo1_ic. */ 4444 run_rt3070_rf_read(sc, 49, &rf); 4445 rf &= ~0x1c; 4446 rf |= (chan <= 14) ? 0x0c : 0x08; 4447 run_rt3070_rf_write(sc, 49, rf); 4448 /* Set tx_lo1_en. */ 4449 run_rt3070_rf_read(sc, 50, &rf); 4450 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4451 /* Set drv_cc. */ 4452 run_rt3070_rf_read(sc, 57, &rf); 4453 rf &= ~0xfc; 4454 rf |= (chan <= 14) ? 0x6c : 0x3c; 4455 run_rt3070_rf_write(sc, 57, rf); 4456 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4457 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4458 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4459 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4460 /* Enable VCO calibration. */ 4461 run_rt3070_rf_read(sc, 3, &rf); 4462 rf &= ~RT5390_VCOCAL; 4463 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4464 run_rt3070_rf_write(sc, 3, rf); 4465 4466 if (chan <= 14) 4467 rf = 0x23; 4468 else if (chan <= 64) 4469 rf = 0x36; 4470 else if (chan <= 128) 4471 rf = 0x32; 4472 else 4473 rf = 0x30; 4474 run_rt3070_rf_write(sc, 39, rf); 4475 if (chan <= 14) 4476 rf = 0xbb; 4477 else if (chan <= 64) 4478 rf = 0xeb; 4479 else if (chan <= 128) 4480 rf = 0xb3; 4481 else 4482 rf = 0x9b; 4483 run_rt3070_rf_write(sc, 45, rf); 4484 4485 /* Set FEQ/AEQ control. */ 4486 run_bbp_write(sc, 105, 0x34); 4487 } 4488 4489 static void 4490 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4491 { 4492 int8_t txpow1, txpow2; 4493 uint8_t rf; 4494 int i; 4495 4496 /* find the settings for this channel (we know it exists) */ 4497 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4498 4499 /* use Tx power values from EEPROM */ 4500 txpow1 = sc->txpow1[i]; 4501 txpow2 = sc->txpow2[i]; 4502 4503 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4504 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4505 run_rt3070_rf_read(sc, 11, &rf); 4506 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4507 run_rt3070_rf_write(sc, 11, rf); 4508 4509 run_rt3070_rf_read(sc, 49, &rf); 4510 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4511 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4512 if ((rf & 0x3f) > 0x27) 4513 rf = (rf & ~0x3f) | 0x27; 4514 run_rt3070_rf_write(sc, 49, rf); 4515 4516 if (sc->mac_ver == 0x5392) { 4517 run_rt3070_rf_read(sc, 50, &rf); 4518 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4519 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4520 if ((rf & 0x3f) > 0x27) 4521 rf = (rf & ~0x3f) | 0x27; 4522 run_rt3070_rf_write(sc, 50, rf); 4523 } 4524 4525 run_rt3070_rf_read(sc, 1, &rf); 4526 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4527 if (sc->mac_ver == 0x5392) 4528 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4529 run_rt3070_rf_write(sc, 1, rf); 4530 4531 if (sc->mac_ver != 0x5392) { 4532 run_rt3070_rf_read(sc, 2, &rf); 4533 rf |= 0x80; 4534 run_rt3070_rf_write(sc, 2, rf); 4535 run_delay(sc, 10); 4536 rf &= 0x7f; 4537 run_rt3070_rf_write(sc, 2, rf); 4538 } 4539 4540 run_adjust_freq_offset(sc); 4541 4542 if (sc->mac_ver == 0x5392) { 4543 /* Fix for RT5392C. */ 4544 if (sc->mac_rev >= 0x0223) { 4545 if (chan <= 4) 4546 rf = 0x0f; 4547 else if (chan >= 5 && chan <= 7) 4548 rf = 0x0e; 4549 else 4550 rf = 0x0d; 4551 run_rt3070_rf_write(sc, 23, rf); 4552 4553 if (chan <= 4) 4554 rf = 0x0c; 4555 else if (chan == 5) 4556 rf = 0x0b; 4557 else if (chan >= 6 && chan <= 7) 4558 rf = 0x0a; 4559 else if (chan >= 8 && chan <= 10) 4560 rf = 0x09; 4561 else 4562 rf = 0x08; 4563 run_rt3070_rf_write(sc, 59, rf); 4564 } else { 4565 if (chan <= 11) 4566 rf = 0x0f; 4567 else 4568 rf = 0x0b; 4569 run_rt3070_rf_write(sc, 59, rf); 4570 } 4571 } else { 4572 /* Fix for RT5390F. */ 4573 if (sc->mac_rev >= 0x0502) { 4574 if (chan <= 11) 4575 rf = 0x43; 4576 else 4577 rf = 0x23; 4578 run_rt3070_rf_write(sc, 55, rf); 4579 4580 if (chan <= 11) 4581 rf = 0x0f; 4582 else if (chan == 12) 4583 rf = 0x0d; 4584 else 4585 rf = 0x0b; 4586 run_rt3070_rf_write(sc, 59, rf); 4587 } else { 4588 run_rt3070_rf_write(sc, 55, 0x44); 4589 run_rt3070_rf_write(sc, 59, 0x8f); 4590 } 4591 } 4592 4593 /* Enable VCO calibration. */ 4594 run_rt3070_rf_read(sc, 3, &rf); 4595 rf |= RT5390_VCOCAL; 4596 run_rt3070_rf_write(sc, 3, rf); 4597 } 4598 4599 static void 4600 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4601 { 4602 const struct rt5592_freqs *freqs; 4603 uint32_t tmp; 4604 uint8_t reg, rf, txpow_bound; 4605 int8_t txpow1, txpow2; 4606 int i; 4607 4608 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4609 freqs = (tmp & RT5592_SEL_XTAL) ? 4610 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4611 4612 /* find the settings for this channel (we know it exists) */ 4613 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4614 4615 /* use Tx power values from EEPROM */ 4616 txpow1 = sc->txpow1[i]; 4617 txpow2 = sc->txpow2[i]; 4618 4619 run_read(sc, RT3070_LDO_CFG0, &tmp); 4620 tmp &= ~0x1c000000; 4621 if (chan > 14) 4622 tmp |= 0x14000000; 4623 run_write(sc, RT3070_LDO_CFG0, tmp); 4624 4625 /* N setting. */ 4626 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4627 run_rt3070_rf_read(sc, 9, &rf); 4628 rf &= ~(1 << 4); 4629 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4630 run_rt3070_rf_write(sc, 9, rf); 4631 4632 /* K setting. */ 4633 run_rt3070_rf_read(sc, 9, &rf); 4634 rf &= ~0x0f; 4635 rf |= (freqs->k & 0x0f); 4636 run_rt3070_rf_write(sc, 9, rf); 4637 4638 /* Mode setting. */ 4639 run_rt3070_rf_read(sc, 11, &rf); 4640 rf &= ~0x0c; 4641 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4642 run_rt3070_rf_write(sc, 11, rf); 4643 run_rt3070_rf_read(sc, 9, &rf); 4644 rf &= ~(1 << 7); 4645 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4646 run_rt3070_rf_write(sc, 9, rf); 4647 4648 /* R setting. */ 4649 run_rt3070_rf_read(sc, 11, &rf); 4650 rf &= ~0x03; 4651 rf |= (freqs->r - 0x1); 4652 run_rt3070_rf_write(sc, 11, rf); 4653 4654 if (chan <= 14) { 4655 /* Initialize RF registers for 2GHZ. */ 4656 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4657 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4658 rt5592_2ghz_def_rf[i].val); 4659 } 4660 4661 rf = (chan <= 10) ? 0x07 : 0x06; 4662 run_rt3070_rf_write(sc, 23, rf); 4663 run_rt3070_rf_write(sc, 59, rf); 4664 4665 run_rt3070_rf_write(sc, 55, 0x43); 4666 4667 /* 4668 * RF R49/R50 Tx power ALC code. 4669 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4670 */ 4671 reg = 2; 4672 txpow_bound = 0x27; 4673 } else { 4674 /* Initialize RF registers for 5GHZ. */ 4675 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4676 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4677 rt5592_5ghz_def_rf[i].val); 4678 } 4679 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4680 if (chan >= rt5592_chan_5ghz[i].firstchan && 4681 chan <= rt5592_chan_5ghz[i].lastchan) { 4682 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4683 rt5592_chan_5ghz[i].val); 4684 } 4685 } 4686 4687 /* 4688 * RF R49/R50 Tx power ALC code. 4689 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4690 */ 4691 reg = 3; 4692 txpow_bound = 0x2b; 4693 } 4694 4695 /* RF R49 ch0 Tx power ALC code. */ 4696 run_rt3070_rf_read(sc, 49, &rf); 4697 rf &= ~0xc0; 4698 rf |= (reg << 6); 4699 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4700 if ((rf & 0x3f) > txpow_bound) 4701 rf = (rf & ~0x3f) | txpow_bound; 4702 run_rt3070_rf_write(sc, 49, rf); 4703 4704 /* RF R50 ch1 Tx power ALC code. */ 4705 run_rt3070_rf_read(sc, 50, &rf); 4706 rf &= ~(1 << 7 | 1 << 6); 4707 rf |= (reg << 6); 4708 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4709 if ((rf & 0x3f) > txpow_bound) 4710 rf = (rf & ~0x3f) | txpow_bound; 4711 run_rt3070_rf_write(sc, 50, rf); 4712 4713 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4714 run_rt3070_rf_read(sc, 1, &rf); 4715 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4716 if (sc->ntxchains > 1) 4717 rf |= RT3070_TX1_PD; 4718 if (sc->nrxchains > 1) 4719 rf |= RT3070_RX1_PD; 4720 run_rt3070_rf_write(sc, 1, rf); 4721 4722 run_rt3070_rf_write(sc, 6, 0xe4); 4723 4724 run_rt3070_rf_write(sc, 30, 0x10); 4725 run_rt3070_rf_write(sc, 31, 0x80); 4726 run_rt3070_rf_write(sc, 32, 0x80); 4727 4728 run_adjust_freq_offset(sc); 4729 4730 /* Enable VCO calibration. */ 4731 run_rt3070_rf_read(sc, 3, &rf); 4732 rf |= RT5390_VCOCAL; 4733 run_rt3070_rf_write(sc, 3, rf); 4734 } 4735 4736 static void 4737 run_set_rx_antenna(struct run_softc *sc, int aux) 4738 { 4739 uint32_t tmp; 4740 uint8_t bbp152; 4741 4742 if (aux) { 4743 if (sc->rf_rev == RT5390_RF_5370) { 4744 run_bbp_read(sc, 152, &bbp152); 4745 run_bbp_write(sc, 152, bbp152 & ~0x80); 4746 } else { 4747 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4748 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4749 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4750 } 4751 } else { 4752 if (sc->rf_rev == RT5390_RF_5370) { 4753 run_bbp_read(sc, 152, &bbp152); 4754 run_bbp_write(sc, 152, bbp152 | 0x80); 4755 } else { 4756 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4757 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4758 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4759 } 4760 } 4761 } 4762 4763 static int 4764 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4765 { 4766 struct ieee80211com *ic = &sc->sc_ic; 4767 u_int chan, group; 4768 4769 chan = ieee80211_chan2ieee(ic, c); 4770 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4771 return (EINVAL); 4772 4773 if (sc->mac_ver == 0x5592) 4774 run_rt5592_set_chan(sc, chan); 4775 else if (sc->mac_ver >= 0x5390) 4776 run_rt5390_set_chan(sc, chan); 4777 else if (sc->mac_ver == 0x3593) 4778 run_rt3593_set_chan(sc, chan); 4779 else if (sc->mac_ver == 0x3572) 4780 run_rt3572_set_chan(sc, chan); 4781 else if (sc->mac_ver >= 0x3070) 4782 run_rt3070_set_chan(sc, chan); 4783 else 4784 run_rt2870_set_chan(sc, chan); 4785 4786 /* determine channel group */ 4787 if (chan <= 14) 4788 group = 0; 4789 else if (chan <= 64) 4790 group = 1; 4791 else if (chan <= 128) 4792 group = 2; 4793 else 4794 group = 3; 4795 4796 /* XXX necessary only when group has changed! */ 4797 run_select_chan_group(sc, group); 4798 4799 run_delay(sc, 10); 4800 4801 /* Perform IQ calibration. */ 4802 if (sc->mac_ver >= 0x5392) 4803 run_iq_calib(sc, chan); 4804 4805 return (0); 4806 } 4807 4808 static void 4809 run_set_channel(struct ieee80211com *ic) 4810 { 4811 struct run_softc *sc = ic->ic_softc; 4812 4813 RUN_LOCK(sc); 4814 run_set_chan(sc, ic->ic_curchan); 4815 RUN_UNLOCK(sc); 4816 4817 return; 4818 } 4819 4820 static void 4821 run_scan_start(struct ieee80211com *ic) 4822 { 4823 struct run_softc *sc = ic->ic_softc; 4824 uint32_t tmp; 4825 4826 RUN_LOCK(sc); 4827 4828 /* abort TSF synchronization */ 4829 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4830 run_write(sc, RT2860_BCN_TIME_CFG, 4831 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4832 RT2860_TBTT_TIMER_EN)); 4833 run_set_bssid(sc, ieee80211broadcastaddr); 4834 4835 RUN_UNLOCK(sc); 4836 4837 return; 4838 } 4839 4840 static void 4841 run_scan_end(struct ieee80211com *ic) 4842 { 4843 struct run_softc *sc = ic->ic_softc; 4844 4845 RUN_LOCK(sc); 4846 4847 run_enable_tsf_sync(sc); 4848 /* XXX keep local copy */ 4849 run_set_bssid(sc, ic->ic_macaddr); 4850 4851 RUN_UNLOCK(sc); 4852 4853 return; 4854 } 4855 4856 /* 4857 * Could be called from ieee80211_node_timeout() 4858 * (non-sleepable thread) 4859 */ 4860 static void 4861 run_update_beacon(struct ieee80211vap *vap, int item) 4862 { 4863 struct ieee80211com *ic = vap->iv_ic; 4864 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4865 struct ieee80211_node *ni = vap->iv_bss; 4866 struct run_softc *sc = ic->ic_softc; 4867 struct run_vap *rvp = RUN_VAP(vap); 4868 int mcast = 0; 4869 uint32_t i; 4870 4871 switch (item) { 4872 case IEEE80211_BEACON_ERP: 4873 run_updateslot(ic); 4874 break; 4875 case IEEE80211_BEACON_HTINFO: 4876 run_updateprot(ic); 4877 break; 4878 case IEEE80211_BEACON_TIM: 4879 mcast = 1; /*TODO*/ 4880 break; 4881 default: 4882 break; 4883 } 4884 4885 setbit(bo->bo_flags, item); 4886 if (rvp->beacon_mbuf == NULL) { 4887 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4888 if (rvp->beacon_mbuf == NULL) 4889 return; 4890 } 4891 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4892 4893 i = RUN_CMDQ_GET(&sc->cmdq_store); 4894 DPRINTF("cmdq_store=%d\n", i); 4895 sc->cmdq[i].func = run_update_beacon_cb; 4896 sc->cmdq[i].arg0 = vap; 4897 ieee80211_runtask(ic, &sc->cmdq_task); 4898 4899 return; 4900 } 4901 4902 static void 4903 run_update_beacon_cb(void *arg) 4904 { 4905 struct ieee80211vap *vap = arg; 4906 struct ieee80211_node *ni = vap->iv_bss; 4907 struct run_vap *rvp = RUN_VAP(vap); 4908 struct ieee80211com *ic = vap->iv_ic; 4909 struct run_softc *sc = ic->ic_softc; 4910 struct rt2860_txwi txwi; 4911 struct mbuf *m; 4912 uint16_t txwisize; 4913 uint8_t ridx; 4914 4915 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4916 return; 4917 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4918 return; 4919 4920 /* 4921 * No need to call ieee80211_beacon_update(), run_update_beacon() 4922 * is taking care of apropriate calls. 4923 */ 4924 if (rvp->beacon_mbuf == NULL) { 4925 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4926 if (rvp->beacon_mbuf == NULL) 4927 return; 4928 } 4929 m = rvp->beacon_mbuf; 4930 4931 memset(&txwi, 0, sizeof(txwi)); 4932 txwi.wcid = 0xff; 4933 txwi.len = htole16(m->m_pkthdr.len); 4934 4935 /* send beacons at the lowest available rate */ 4936 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4937 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4938 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4939 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4940 txwi.phy |= htole16(RT2860_PHY_OFDM); 4941 txwi.txop = RT2860_TX_TXOP_HT; 4942 txwi.flags = RT2860_TX_TS; 4943 txwi.xflags = RT2860_TX_NSEQ; 4944 4945 txwisize = (sc->mac_ver == 0x5592) ? 4946 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4947 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4948 txwisize); 4949 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4950 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4951 } 4952 4953 static void 4954 run_updateprot(struct ieee80211com *ic) 4955 { 4956 struct run_softc *sc = ic->ic_softc; 4957 uint32_t i; 4958 4959 i = RUN_CMDQ_GET(&sc->cmdq_store); 4960 DPRINTF("cmdq_store=%d\n", i); 4961 sc->cmdq[i].func = run_updateprot_cb; 4962 sc->cmdq[i].arg0 = ic; 4963 ieee80211_runtask(ic, &sc->cmdq_task); 4964 } 4965 4966 static void 4967 run_updateprot_cb(void *arg) 4968 { 4969 struct ieee80211com *ic = arg; 4970 struct run_softc *sc = ic->ic_softc; 4971 uint32_t tmp; 4972 4973 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4974 /* setup protection frame rate (MCS code) */ 4975 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4976 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4977 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4978 4979 /* CCK frames don't require protection */ 4980 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4981 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4982 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4983 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4984 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4985 tmp |= RT2860_PROT_CTRL_CTS; 4986 } 4987 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4988 } 4989 4990 static void 4991 run_usb_timeout_cb(void *arg) 4992 { 4993 struct ieee80211vap *vap = arg; 4994 struct run_softc *sc = vap->iv_ic->ic_softc; 4995 4996 RUN_LOCK_ASSERT(sc, MA_OWNED); 4997 4998 if(vap->iv_state == IEEE80211_S_RUN && 4999 vap->iv_opmode != IEEE80211_M_STA) 5000 run_reset_livelock(sc); 5001 else if (vap->iv_state == IEEE80211_S_SCAN) { 5002 DPRINTF("timeout caused by scan\n"); 5003 /* cancel bgscan */ 5004 ieee80211_cancel_scan(vap); 5005 } else 5006 DPRINTF("timeout by unknown cause\n"); 5007 } 5008 5009 static void 5010 run_reset_livelock(struct run_softc *sc) 5011 { 5012 uint32_t tmp; 5013 5014 RUN_LOCK_ASSERT(sc, MA_OWNED); 5015 5016 /* 5017 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5018 * can run into a livelock and start sending CTS-to-self frames like 5019 * crazy if protection is enabled. Reset MAC/BBP for a while 5020 */ 5021 run_read(sc, RT2860_DEBUG, &tmp); 5022 DPRINTFN(3, "debug reg %08x\n", tmp); 5023 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5024 DPRINTF("CTS-to-self livelock detected\n"); 5025 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5026 run_delay(sc, 1); 5027 run_write(sc, RT2860_MAC_SYS_CTRL, 5028 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5029 } 5030 } 5031 5032 static void 5033 run_update_promisc_locked(struct run_softc *sc) 5034 { 5035 uint32_t tmp; 5036 5037 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5038 5039 tmp |= RT2860_DROP_UC_NOME; 5040 if (sc->sc_ic.ic_promisc > 0) 5041 tmp &= ~RT2860_DROP_UC_NOME; 5042 5043 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5044 5045 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5046 "entering" : "leaving"); 5047 } 5048 5049 static void 5050 run_update_promisc(struct ieee80211com *ic) 5051 { 5052 struct run_softc *sc = ic->ic_softc; 5053 5054 if ((sc->sc_flags & RUN_RUNNING) == 0) 5055 return; 5056 5057 RUN_LOCK(sc); 5058 run_update_promisc_locked(sc); 5059 RUN_UNLOCK(sc); 5060 } 5061 5062 static void 5063 run_enable_tsf_sync(struct run_softc *sc) 5064 { 5065 struct ieee80211com *ic = &sc->sc_ic; 5066 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5067 uint32_t tmp; 5068 5069 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5070 ic->ic_opmode); 5071 5072 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5073 tmp &= ~0x1fffff; 5074 tmp |= vap->iv_bss->ni_intval * 16; 5075 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5076 5077 if (ic->ic_opmode == IEEE80211_M_STA) { 5078 /* 5079 * Local TSF is always updated with remote TSF on beacon 5080 * reception. 5081 */ 5082 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5083 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5084 tmp |= RT2860_BCN_TX_EN; 5085 /* 5086 * Local TSF is updated with remote TSF on beacon reception 5087 * only if the remote TSF is greater than local TSF. 5088 */ 5089 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5090 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5091 ic->ic_opmode == IEEE80211_M_MBSS) { 5092 tmp |= RT2860_BCN_TX_EN; 5093 /* SYNC with nobody */ 5094 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5095 } else { 5096 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5097 return; 5098 } 5099 5100 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5101 } 5102 5103 static void 5104 run_enable_tsf(struct run_softc *sc) 5105 { 5106 uint32_t tmp; 5107 5108 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5109 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5110 tmp |= RT2860_TSF_TIMER_EN; 5111 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5112 } 5113 } 5114 5115 static void 5116 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5117 { 5118 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5119 sizeof(*buf)); 5120 } 5121 5122 static void 5123 run_enable_mrr(struct run_softc *sc) 5124 { 5125 #define CCK(mcs) (mcs) 5126 #define OFDM(mcs) (1 << 3 | (mcs)) 5127 run_write(sc, RT2860_LG_FBK_CFG0, 5128 OFDM(6) << 28 | /* 54->48 */ 5129 OFDM(5) << 24 | /* 48->36 */ 5130 OFDM(4) << 20 | /* 36->24 */ 5131 OFDM(3) << 16 | /* 24->18 */ 5132 OFDM(2) << 12 | /* 18->12 */ 5133 OFDM(1) << 8 | /* 12-> 9 */ 5134 OFDM(0) << 4 | /* 9-> 6 */ 5135 OFDM(0)); /* 6-> 6 */ 5136 5137 run_write(sc, RT2860_LG_FBK_CFG1, 5138 CCK(2) << 12 | /* 11->5.5 */ 5139 CCK(1) << 8 | /* 5.5-> 2 */ 5140 CCK(0) << 4 | /* 2-> 1 */ 5141 CCK(0)); /* 1-> 1 */ 5142 #undef OFDM 5143 #undef CCK 5144 } 5145 5146 static void 5147 run_set_txpreamble(struct run_softc *sc) 5148 { 5149 struct ieee80211com *ic = &sc->sc_ic; 5150 uint32_t tmp; 5151 5152 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5153 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5154 tmp |= RT2860_CCK_SHORT_EN; 5155 else 5156 tmp &= ~RT2860_CCK_SHORT_EN; 5157 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5158 } 5159 5160 static void 5161 run_set_basicrates(struct run_softc *sc) 5162 { 5163 struct ieee80211com *ic = &sc->sc_ic; 5164 5165 /* set basic rates mask */ 5166 if (ic->ic_curmode == IEEE80211_MODE_11B) 5167 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5168 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5169 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5170 else /* 11g */ 5171 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5172 } 5173 5174 static void 5175 run_set_leds(struct run_softc *sc, uint16_t which) 5176 { 5177 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5178 which | (sc->leds & 0x7f)); 5179 } 5180 5181 static void 5182 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5183 { 5184 run_write(sc, RT2860_MAC_BSSID_DW0, 5185 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5186 run_write(sc, RT2860_MAC_BSSID_DW1, 5187 bssid[4] | bssid[5] << 8); 5188 } 5189 5190 static void 5191 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5192 { 5193 run_write(sc, RT2860_MAC_ADDR_DW0, 5194 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5195 run_write(sc, RT2860_MAC_ADDR_DW1, 5196 addr[4] | addr[5] << 8 | 0xff << 16); 5197 } 5198 5199 static void 5200 run_updateslot(struct ieee80211com *ic) 5201 { 5202 struct run_softc *sc = ic->ic_softc; 5203 uint32_t i; 5204 5205 i = RUN_CMDQ_GET(&sc->cmdq_store); 5206 DPRINTF("cmdq_store=%d\n", i); 5207 sc->cmdq[i].func = run_updateslot_cb; 5208 sc->cmdq[i].arg0 = ic; 5209 ieee80211_runtask(ic, &sc->cmdq_task); 5210 5211 return; 5212 } 5213 5214 /* ARGSUSED */ 5215 static void 5216 run_updateslot_cb(void *arg) 5217 { 5218 struct ieee80211com *ic = arg; 5219 struct run_softc *sc = ic->ic_softc; 5220 uint32_t tmp; 5221 5222 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5223 tmp &= ~0xff; 5224 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5225 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5226 } 5227 5228 static void 5229 run_update_mcast(struct ieee80211com *ic) 5230 { 5231 } 5232 5233 static int8_t 5234 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5235 { 5236 struct ieee80211com *ic = &sc->sc_ic; 5237 struct ieee80211_channel *c = ic->ic_curchan; 5238 int delta; 5239 5240 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5241 u_int chan = ieee80211_chan2ieee(ic, c); 5242 delta = sc->rssi_5ghz[rxchain]; 5243 5244 /* determine channel group */ 5245 if (chan <= 64) 5246 delta -= sc->lna[1]; 5247 else if (chan <= 128) 5248 delta -= sc->lna[2]; 5249 else 5250 delta -= sc->lna[3]; 5251 } else 5252 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5253 5254 return (-12 - delta - rssi); 5255 } 5256 5257 static void 5258 run_rt5390_bbp_init(struct run_softc *sc) 5259 { 5260 int i; 5261 uint8_t bbp; 5262 5263 /* Apply maximum likelihood detection for 2 stream case. */ 5264 run_bbp_read(sc, 105, &bbp); 5265 if (sc->nrxchains > 1) 5266 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5267 5268 /* Avoid data lost and CRC error. */ 5269 run_bbp_read(sc, 4, &bbp); 5270 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5271 5272 if (sc->mac_ver == 0x5592) { 5273 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5274 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5275 rt5592_def_bbp[i].val); 5276 } 5277 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5278 run_bbp_write(sc, 195, i + 0x80); 5279 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5280 } 5281 } else { 5282 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5283 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5284 rt5390_def_bbp[i].val); 5285 } 5286 } 5287 if (sc->mac_ver == 0x5392) { 5288 run_bbp_write(sc, 88, 0x90); 5289 run_bbp_write(sc, 95, 0x9a); 5290 run_bbp_write(sc, 98, 0x12); 5291 run_bbp_write(sc, 106, 0x12); 5292 run_bbp_write(sc, 134, 0xd0); 5293 run_bbp_write(sc, 135, 0xf6); 5294 run_bbp_write(sc, 148, 0x84); 5295 } 5296 5297 run_bbp_read(sc, 152, &bbp); 5298 run_bbp_write(sc, 152, bbp | 0x80); 5299 5300 /* Fix BBP254 for RT5592C. */ 5301 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5302 run_bbp_read(sc, 254, &bbp); 5303 run_bbp_write(sc, 254, bbp | 0x80); 5304 } 5305 5306 /* Disable hardware antenna diversity. */ 5307 if (sc->mac_ver == 0x5390) 5308 run_bbp_write(sc, 154, 0); 5309 5310 /* Initialize Rx CCK/OFDM frequency offset report. */ 5311 run_bbp_write(sc, 142, 1); 5312 run_bbp_write(sc, 143, 57); 5313 } 5314 5315 static int 5316 run_bbp_init(struct run_softc *sc) 5317 { 5318 int i, error, ntries; 5319 uint8_t bbp0; 5320 5321 /* wait for BBP to wake up */ 5322 for (ntries = 0; ntries < 20; ntries++) { 5323 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5324 return error; 5325 if (bbp0 != 0 && bbp0 != 0xff) 5326 break; 5327 } 5328 if (ntries == 20) 5329 return (ETIMEDOUT); 5330 5331 /* initialize BBP registers to default values */ 5332 if (sc->mac_ver >= 0x5390) 5333 run_rt5390_bbp_init(sc); 5334 else { 5335 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5336 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5337 rt2860_def_bbp[i].val); 5338 } 5339 } 5340 5341 if (sc->mac_ver == 0x3593) { 5342 run_bbp_write(sc, 79, 0x13); 5343 run_bbp_write(sc, 80, 0x05); 5344 run_bbp_write(sc, 81, 0x33); 5345 run_bbp_write(sc, 86, 0x46); 5346 run_bbp_write(sc, 137, 0x0f); 5347 } 5348 5349 /* fix BBP84 for RT2860E */ 5350 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5351 run_bbp_write(sc, 84, 0x19); 5352 5353 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5354 sc->mac_ver != 0x5592)) { 5355 run_bbp_write(sc, 79, 0x13); 5356 run_bbp_write(sc, 80, 0x05); 5357 run_bbp_write(sc, 81, 0x33); 5358 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5359 run_bbp_write(sc, 69, 0x16); 5360 run_bbp_write(sc, 73, 0x12); 5361 } 5362 return (0); 5363 } 5364 5365 static int 5366 run_rt3070_rf_init(struct run_softc *sc) 5367 { 5368 uint32_t tmp; 5369 uint8_t bbp4, mingain, rf, target; 5370 int i; 5371 5372 run_rt3070_rf_read(sc, 30, &rf); 5373 /* toggle RF R30 bit 7 */ 5374 run_rt3070_rf_write(sc, 30, rf | 0x80); 5375 run_delay(sc, 10); 5376 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5377 5378 /* initialize RF registers to default value */ 5379 if (sc->mac_ver == 0x3572) { 5380 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5381 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5382 rt3572_def_rf[i].val); 5383 } 5384 } else { 5385 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5386 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5387 rt3070_def_rf[i].val); 5388 } 5389 } 5390 5391 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5392 /* 5393 * Change voltage from 1.2V to 1.35V for RT3070. 5394 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5395 * in RT3070(F). 5396 */ 5397 run_read(sc, RT3070_LDO_CFG0, &tmp); 5398 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5399 run_write(sc, RT3070_LDO_CFG0, tmp); 5400 5401 } else if (sc->mac_ver == 0x3071) { 5402 run_rt3070_rf_read(sc, 6, &rf); 5403 run_rt3070_rf_write(sc, 6, rf | 0x40); 5404 run_rt3070_rf_write(sc, 31, 0x14); 5405 5406 run_read(sc, RT3070_LDO_CFG0, &tmp); 5407 tmp &= ~0x1f000000; 5408 if (sc->mac_rev < 0x0211) 5409 tmp |= 0x0d000000; /* 1.3V */ 5410 else 5411 tmp |= 0x01000000; /* 1.2V */ 5412 run_write(sc, RT3070_LDO_CFG0, tmp); 5413 5414 /* patch LNA_PE_G1 */ 5415 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5416 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5417 5418 } else if (sc->mac_ver == 0x3572) { 5419 run_rt3070_rf_read(sc, 6, &rf); 5420 run_rt3070_rf_write(sc, 6, rf | 0x40); 5421 5422 /* increase voltage from 1.2V to 1.35V */ 5423 run_read(sc, RT3070_LDO_CFG0, &tmp); 5424 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5425 run_write(sc, RT3070_LDO_CFG0, tmp); 5426 5427 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5428 run_delay(sc, 1); /* wait for 1msec */ 5429 /* decrease voltage back to 1.2V */ 5430 tmp = (tmp & ~0x1f000000) | 0x01000000; 5431 run_write(sc, RT3070_LDO_CFG0, tmp); 5432 } 5433 } 5434 5435 /* select 20MHz bandwidth */ 5436 run_rt3070_rf_read(sc, 31, &rf); 5437 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5438 5439 /* calibrate filter for 20MHz bandwidth */ 5440 sc->rf24_20mhz = 0x1f; /* default value */ 5441 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5442 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5443 5444 /* select 40MHz bandwidth */ 5445 run_bbp_read(sc, 4, &bbp4); 5446 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5447 run_rt3070_rf_read(sc, 31, &rf); 5448 run_rt3070_rf_write(sc, 31, rf | 0x20); 5449 5450 /* calibrate filter for 40MHz bandwidth */ 5451 sc->rf24_40mhz = 0x2f; /* default value */ 5452 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5453 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5454 5455 /* go back to 20MHz bandwidth */ 5456 run_bbp_read(sc, 4, &bbp4); 5457 run_bbp_write(sc, 4, bbp4 & ~0x18); 5458 5459 if (sc->mac_ver == 0x3572) { 5460 /* save default BBP registers 25 and 26 values */ 5461 run_bbp_read(sc, 25, &sc->bbp25); 5462 run_bbp_read(sc, 26, &sc->bbp26); 5463 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5464 run_rt3070_rf_write(sc, 27, 0x03); 5465 5466 run_read(sc, RT3070_OPT_14, &tmp); 5467 run_write(sc, RT3070_OPT_14, tmp | 1); 5468 5469 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5470 run_rt3070_rf_read(sc, 17, &rf); 5471 rf &= ~RT3070_TX_LO1; 5472 if ((sc->mac_ver == 0x3070 || 5473 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5474 !sc->ext_2ghz_lna) 5475 rf |= 0x20; /* fix for long range Rx issue */ 5476 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5477 if (sc->txmixgain_2ghz >= mingain) 5478 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5479 run_rt3070_rf_write(sc, 17, rf); 5480 } 5481 5482 if (sc->mac_ver == 0x3071) { 5483 run_rt3070_rf_read(sc, 1, &rf); 5484 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5485 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5486 run_rt3070_rf_write(sc, 1, rf); 5487 5488 run_rt3070_rf_read(sc, 15, &rf); 5489 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5490 5491 run_rt3070_rf_read(sc, 20, &rf); 5492 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5493 5494 run_rt3070_rf_read(sc, 21, &rf); 5495 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5496 } 5497 5498 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5499 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5500 run_rt3070_rf_read(sc, 27, &rf); 5501 rf &= ~0x77; 5502 if (sc->mac_rev < 0x0211) 5503 rf |= 0x03; 5504 run_rt3070_rf_write(sc, 27, rf); 5505 } 5506 return (0); 5507 } 5508 5509 static void 5510 run_rt3593_rf_init(struct run_softc *sc) 5511 { 5512 uint32_t tmp; 5513 uint8_t rf; 5514 int i; 5515 5516 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5517 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5518 tmp &= ~(1 << 4 | 1 << 7); 5519 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5520 5521 /* Initialize RF registers to default value. */ 5522 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5523 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5524 rt3593_def_rf[i].val); 5525 } 5526 5527 /* Toggle RF R2 to initiate calibration. */ 5528 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5529 5530 /* Initialize RF frequency offset. */ 5531 run_adjust_freq_offset(sc); 5532 5533 run_rt3070_rf_read(sc, 18, &rf); 5534 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5535 5536 /* 5537 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5538 * decrease voltage back to 1.2V. 5539 */ 5540 run_read(sc, RT3070_LDO_CFG0, &tmp); 5541 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5542 run_write(sc, RT3070_LDO_CFG0, tmp); 5543 run_delay(sc, 1); 5544 tmp = (tmp & ~0x1f000000) | 0x01000000; 5545 run_write(sc, RT3070_LDO_CFG0, tmp); 5546 5547 sc->rf24_20mhz = 0x1f; 5548 sc->rf24_40mhz = 0x2f; 5549 5550 /* Save default BBP registers 25 and 26 values. */ 5551 run_bbp_read(sc, 25, &sc->bbp25); 5552 run_bbp_read(sc, 26, &sc->bbp26); 5553 5554 run_read(sc, RT3070_OPT_14, &tmp); 5555 run_write(sc, RT3070_OPT_14, tmp | 1); 5556 } 5557 5558 static void 5559 run_rt5390_rf_init(struct run_softc *sc) 5560 { 5561 uint32_t tmp; 5562 uint8_t rf; 5563 int i; 5564 5565 /* Toggle RF R2 to initiate calibration. */ 5566 if (sc->mac_ver == 0x5390) { 5567 run_rt3070_rf_read(sc, 2, &rf); 5568 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5569 run_delay(sc, 10); 5570 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5571 } else { 5572 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5573 run_delay(sc, 10); 5574 } 5575 5576 /* Initialize RF registers to default value. */ 5577 if (sc->mac_ver == 0x5592) { 5578 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5579 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5580 rt5592_def_rf[i].val); 5581 } 5582 /* Initialize RF frequency offset. */ 5583 run_adjust_freq_offset(sc); 5584 } else if (sc->mac_ver == 0x5392) { 5585 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5586 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5587 rt5392_def_rf[i].val); 5588 } 5589 if (sc->mac_rev >= 0x0223) { 5590 run_rt3070_rf_write(sc, 23, 0x0f); 5591 run_rt3070_rf_write(sc, 24, 0x3e); 5592 run_rt3070_rf_write(sc, 51, 0x32); 5593 run_rt3070_rf_write(sc, 53, 0x22); 5594 run_rt3070_rf_write(sc, 56, 0xc1); 5595 run_rt3070_rf_write(sc, 59, 0x0f); 5596 } 5597 } else { 5598 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5599 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5600 rt5390_def_rf[i].val); 5601 } 5602 if (sc->mac_rev >= 0x0502) { 5603 run_rt3070_rf_write(sc, 6, 0xe0); 5604 run_rt3070_rf_write(sc, 25, 0x80); 5605 run_rt3070_rf_write(sc, 46, 0x73); 5606 run_rt3070_rf_write(sc, 53, 0x00); 5607 run_rt3070_rf_write(sc, 56, 0x42); 5608 run_rt3070_rf_write(sc, 61, 0xd1); 5609 } 5610 } 5611 5612 sc->rf24_20mhz = 0x1f; /* default value */ 5613 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5614 5615 if (sc->mac_rev < 0x0211) 5616 run_rt3070_rf_write(sc, 27, 0x3); 5617 5618 run_read(sc, RT3070_OPT_14, &tmp); 5619 run_write(sc, RT3070_OPT_14, tmp | 1); 5620 } 5621 5622 static int 5623 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5624 uint8_t *val) 5625 { 5626 uint8_t rf22, rf24; 5627 uint8_t bbp55_pb, bbp55_sb, delta; 5628 int ntries; 5629 5630 /* program filter */ 5631 run_rt3070_rf_read(sc, 24, &rf24); 5632 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5633 run_rt3070_rf_write(sc, 24, rf24); 5634 5635 /* enable baseband loopback mode */ 5636 run_rt3070_rf_read(sc, 22, &rf22); 5637 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5638 5639 /* set power and frequency of passband test tone */ 5640 run_bbp_write(sc, 24, 0x00); 5641 for (ntries = 0; ntries < 100; ntries++) { 5642 /* transmit test tone */ 5643 run_bbp_write(sc, 25, 0x90); 5644 run_delay(sc, 10); 5645 /* read received power */ 5646 run_bbp_read(sc, 55, &bbp55_pb); 5647 if (bbp55_pb != 0) 5648 break; 5649 } 5650 if (ntries == 100) 5651 return (ETIMEDOUT); 5652 5653 /* set power and frequency of stopband test tone */ 5654 run_bbp_write(sc, 24, 0x06); 5655 for (ntries = 0; ntries < 100; ntries++) { 5656 /* transmit test tone */ 5657 run_bbp_write(sc, 25, 0x90); 5658 run_delay(sc, 10); 5659 /* read received power */ 5660 run_bbp_read(sc, 55, &bbp55_sb); 5661 5662 delta = bbp55_pb - bbp55_sb; 5663 if (delta > target) 5664 break; 5665 5666 /* reprogram filter */ 5667 rf24++; 5668 run_rt3070_rf_write(sc, 24, rf24); 5669 } 5670 if (ntries < 100) { 5671 if (rf24 != init) 5672 rf24--; /* backtrack */ 5673 *val = rf24; 5674 run_rt3070_rf_write(sc, 24, rf24); 5675 } 5676 5677 /* restore initial state */ 5678 run_bbp_write(sc, 24, 0x00); 5679 5680 /* disable baseband loopback mode */ 5681 run_rt3070_rf_read(sc, 22, &rf22); 5682 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5683 5684 return (0); 5685 } 5686 5687 static void 5688 run_rt3070_rf_setup(struct run_softc *sc) 5689 { 5690 uint8_t bbp, rf; 5691 int i; 5692 5693 if (sc->mac_ver == 0x3572) { 5694 /* enable DC filter */ 5695 if (sc->mac_rev >= 0x0201) 5696 run_bbp_write(sc, 103, 0xc0); 5697 5698 run_bbp_read(sc, 138, &bbp); 5699 if (sc->ntxchains == 1) 5700 bbp |= 0x20; /* turn off DAC1 */ 5701 if (sc->nrxchains == 1) 5702 bbp &= ~0x02; /* turn off ADC1 */ 5703 run_bbp_write(sc, 138, bbp); 5704 5705 if (sc->mac_rev >= 0x0211) { 5706 /* improve power consumption */ 5707 run_bbp_read(sc, 31, &bbp); 5708 run_bbp_write(sc, 31, bbp & ~0x03); 5709 } 5710 5711 run_rt3070_rf_read(sc, 16, &rf); 5712 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5713 run_rt3070_rf_write(sc, 16, rf); 5714 5715 } else if (sc->mac_ver == 0x3071) { 5716 if (sc->mac_rev >= 0x0211) { 5717 /* enable DC filter */ 5718 run_bbp_write(sc, 103, 0xc0); 5719 5720 /* improve power consumption */ 5721 run_bbp_read(sc, 31, &bbp); 5722 run_bbp_write(sc, 31, bbp & ~0x03); 5723 } 5724 5725 run_bbp_read(sc, 138, &bbp); 5726 if (sc->ntxchains == 1) 5727 bbp |= 0x20; /* turn off DAC1 */ 5728 if (sc->nrxchains == 1) 5729 bbp &= ~0x02; /* turn off ADC1 */ 5730 run_bbp_write(sc, 138, bbp); 5731 5732 run_write(sc, RT2860_TX_SW_CFG1, 0); 5733 if (sc->mac_rev < 0x0211) { 5734 run_write(sc, RT2860_TX_SW_CFG2, 5735 sc->patch_dac ? 0x2c : 0x0f); 5736 } else 5737 run_write(sc, RT2860_TX_SW_CFG2, 0); 5738 5739 } else if (sc->mac_ver == 0x3070) { 5740 if (sc->mac_rev >= 0x0201) { 5741 /* enable DC filter */ 5742 run_bbp_write(sc, 103, 0xc0); 5743 5744 /* improve power consumption */ 5745 run_bbp_read(sc, 31, &bbp); 5746 run_bbp_write(sc, 31, bbp & ~0x03); 5747 } 5748 5749 if (sc->mac_rev < 0x0201) { 5750 run_write(sc, RT2860_TX_SW_CFG1, 0); 5751 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5752 } else 5753 run_write(sc, RT2860_TX_SW_CFG2, 0); 5754 } 5755 5756 /* initialize RF registers from ROM for >=RT3071*/ 5757 if (sc->mac_ver >= 0x3071) { 5758 for (i = 0; i < 10; i++) { 5759 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5760 continue; 5761 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5762 } 5763 } 5764 } 5765 5766 static void 5767 run_rt3593_rf_setup(struct run_softc *sc) 5768 { 5769 uint8_t bbp, rf; 5770 5771 if (sc->mac_rev >= 0x0211) { 5772 /* Enable DC filter. */ 5773 run_bbp_write(sc, 103, 0xc0); 5774 } 5775 run_write(sc, RT2860_TX_SW_CFG1, 0); 5776 if (sc->mac_rev < 0x0211) { 5777 run_write(sc, RT2860_TX_SW_CFG2, 5778 sc->patch_dac ? 0x2c : 0x0f); 5779 } else 5780 run_write(sc, RT2860_TX_SW_CFG2, 0); 5781 5782 run_rt3070_rf_read(sc, 50, &rf); 5783 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5784 5785 run_rt3070_rf_read(sc, 51, &rf); 5786 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5787 ((sc->txmixgain_2ghz & 0x07) << 2); 5788 run_rt3070_rf_write(sc, 51, rf); 5789 5790 run_rt3070_rf_read(sc, 38, &rf); 5791 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5792 5793 run_rt3070_rf_read(sc, 39, &rf); 5794 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5795 5796 run_rt3070_rf_read(sc, 1, &rf); 5797 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5798 5799 run_rt3070_rf_read(sc, 30, &rf); 5800 rf = (rf & ~0x18) | 0x10; 5801 run_rt3070_rf_write(sc, 30, rf); 5802 5803 /* Apply maximum likelihood detection for 2 stream case. */ 5804 run_bbp_read(sc, 105, &bbp); 5805 if (sc->nrxchains > 1) 5806 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5807 5808 /* Avoid data lost and CRC error. */ 5809 run_bbp_read(sc, 4, &bbp); 5810 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5811 5812 run_bbp_write(sc, 92, 0x02); 5813 run_bbp_write(sc, 82, 0x82); 5814 run_bbp_write(sc, 106, 0x05); 5815 run_bbp_write(sc, 104, 0x92); 5816 run_bbp_write(sc, 88, 0x90); 5817 run_bbp_write(sc, 148, 0xc8); 5818 run_bbp_write(sc, 47, 0x48); 5819 run_bbp_write(sc, 120, 0x50); 5820 5821 run_bbp_write(sc, 163, 0x9d); 5822 5823 /* SNR mapping. */ 5824 run_bbp_write(sc, 142, 0x06); 5825 run_bbp_write(sc, 143, 0xa0); 5826 run_bbp_write(sc, 142, 0x07); 5827 run_bbp_write(sc, 143, 0xa1); 5828 run_bbp_write(sc, 142, 0x08); 5829 run_bbp_write(sc, 143, 0xa2); 5830 5831 run_bbp_write(sc, 31, 0x08); 5832 run_bbp_write(sc, 68, 0x0b); 5833 run_bbp_write(sc, 105, 0x04); 5834 } 5835 5836 static void 5837 run_rt5390_rf_setup(struct run_softc *sc) 5838 { 5839 uint8_t bbp, rf; 5840 5841 if (sc->mac_rev >= 0x0211) { 5842 /* Enable DC filter. */ 5843 run_bbp_write(sc, 103, 0xc0); 5844 5845 if (sc->mac_ver != 0x5592) { 5846 /* Improve power consumption. */ 5847 run_bbp_read(sc, 31, &bbp); 5848 run_bbp_write(sc, 31, bbp & ~0x03); 5849 } 5850 } 5851 5852 run_bbp_read(sc, 138, &bbp); 5853 if (sc->ntxchains == 1) 5854 bbp |= 0x20; /* turn off DAC1 */ 5855 if (sc->nrxchains == 1) 5856 bbp &= ~0x02; /* turn off ADC1 */ 5857 run_bbp_write(sc, 138, bbp); 5858 5859 run_rt3070_rf_read(sc, 38, &rf); 5860 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5861 5862 run_rt3070_rf_read(sc, 39, &rf); 5863 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5864 5865 /* Avoid data lost and CRC error. */ 5866 run_bbp_read(sc, 4, &bbp); 5867 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5868 5869 run_rt3070_rf_read(sc, 30, &rf); 5870 rf = (rf & ~0x18) | 0x10; 5871 run_rt3070_rf_write(sc, 30, rf); 5872 5873 if (sc->mac_ver != 0x5592) { 5874 run_write(sc, RT2860_TX_SW_CFG1, 0); 5875 if (sc->mac_rev < 0x0211) { 5876 run_write(sc, RT2860_TX_SW_CFG2, 5877 sc->patch_dac ? 0x2c : 0x0f); 5878 } else 5879 run_write(sc, RT2860_TX_SW_CFG2, 0); 5880 } 5881 } 5882 5883 static int 5884 run_txrx_enable(struct run_softc *sc) 5885 { 5886 struct ieee80211com *ic = &sc->sc_ic; 5887 uint32_t tmp; 5888 int error, ntries; 5889 5890 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5891 for (ntries = 0; ntries < 200; ntries++) { 5892 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5893 return (error); 5894 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5895 break; 5896 run_delay(sc, 50); 5897 } 5898 if (ntries == 200) 5899 return (ETIMEDOUT); 5900 5901 run_delay(sc, 50); 5902 5903 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5904 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5905 5906 /* enable Rx bulk aggregation (set timeout and limit) */ 5907 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5908 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5909 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5910 5911 /* set Rx filter */ 5912 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5913 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5914 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5915 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5916 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5917 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5918 if (ic->ic_opmode == IEEE80211_M_STA) 5919 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5920 } 5921 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5922 5923 run_write(sc, RT2860_MAC_SYS_CTRL, 5924 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5925 5926 return (0); 5927 } 5928 5929 static void 5930 run_adjust_freq_offset(struct run_softc *sc) 5931 { 5932 uint8_t rf, tmp; 5933 5934 run_rt3070_rf_read(sc, 17, &rf); 5935 tmp = rf; 5936 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5937 rf = MIN(rf, 0x5f); 5938 5939 if (tmp != rf) 5940 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5941 } 5942 5943 static void 5944 run_init_locked(struct run_softc *sc) 5945 { 5946 struct ieee80211com *ic = &sc->sc_ic; 5947 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5948 uint32_t tmp; 5949 uint8_t bbp1, bbp3; 5950 int i; 5951 int ridx; 5952 int ntries; 5953 5954 if (ic->ic_nrunning > 1) 5955 return; 5956 5957 run_stop(sc); 5958 5959 if (run_load_microcode(sc) != 0) { 5960 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5961 goto fail; 5962 } 5963 5964 for (ntries = 0; ntries < 100; ntries++) { 5965 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5966 goto fail; 5967 if (tmp != 0 && tmp != 0xffffffff) 5968 break; 5969 run_delay(sc, 10); 5970 } 5971 if (ntries == 100) 5972 goto fail; 5973 5974 for (i = 0; i != RUN_EP_QUEUES; i++) 5975 run_setup_tx_list(sc, &sc->sc_epq[i]); 5976 5977 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5978 5979 for (ntries = 0; ntries < 100; ntries++) { 5980 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5981 goto fail; 5982 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5983 break; 5984 run_delay(sc, 10); 5985 } 5986 if (ntries == 100) { 5987 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5988 goto fail; 5989 } 5990 tmp &= 0xff0; 5991 tmp |= RT2860_TX_WB_DDONE; 5992 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5993 5994 /* turn off PME_OEN to solve high-current issue */ 5995 run_read(sc, RT2860_SYS_CTRL, &tmp); 5996 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5997 5998 run_write(sc, RT2860_MAC_SYS_CTRL, 5999 RT2860_BBP_HRST | RT2860_MAC_SRST); 6000 run_write(sc, RT2860_USB_DMA_CFG, 0); 6001 6002 if (run_reset(sc) != 0) { 6003 device_printf(sc->sc_dev, "could not reset chipset\n"); 6004 goto fail; 6005 } 6006 6007 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6008 6009 /* init Tx power for all Tx rates (from EEPROM) */ 6010 for (ridx = 0; ridx < 5; ridx++) { 6011 if (sc->txpow20mhz[ridx] == 0xffffffff) 6012 continue; 6013 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6014 } 6015 6016 for (i = 0; i < nitems(rt2870_def_mac); i++) 6017 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6018 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6019 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6020 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6021 6022 if (sc->mac_ver >= 0x5390) { 6023 run_write(sc, RT2860_TX_SW_CFG0, 6024 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6025 if (sc->mac_ver >= 0x5392) { 6026 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6027 if (sc->mac_ver == 0x5592) { 6028 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6029 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6030 } else { 6031 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6032 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6033 } 6034 } 6035 } else if (sc->mac_ver == 0x3593) { 6036 run_write(sc, RT2860_TX_SW_CFG0, 6037 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6038 } else if (sc->mac_ver >= 0x3070) { 6039 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6040 run_write(sc, RT2860_TX_SW_CFG0, 6041 4 << RT2860_DLY_PAPE_EN_SHIFT); 6042 } 6043 6044 /* wait while MAC is busy */ 6045 for (ntries = 0; ntries < 100; ntries++) { 6046 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6047 goto fail; 6048 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6049 break; 6050 run_delay(sc, 10); 6051 } 6052 if (ntries == 100) 6053 goto fail; 6054 6055 /* clear Host to MCU mailbox */ 6056 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6057 run_write(sc, RT2860_H2M_MAILBOX, 0); 6058 run_delay(sc, 10); 6059 6060 if (run_bbp_init(sc) != 0) { 6061 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6062 goto fail; 6063 } 6064 6065 /* abort TSF synchronization */ 6066 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6067 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6068 RT2860_TBTT_TIMER_EN); 6069 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6070 6071 /* clear RX WCID search table */ 6072 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6073 /* clear WCID attribute table */ 6074 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6075 6076 /* hostapd sets a key before init. So, don't clear it. */ 6077 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6078 /* clear shared key table */ 6079 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6080 /* clear shared key mode */ 6081 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6082 } 6083 6084 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6085 tmp = (tmp & ~0xff) | 0x1e; 6086 run_write(sc, RT2860_US_CYC_CNT, tmp); 6087 6088 if (sc->mac_rev != 0x0101) 6089 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6090 6091 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6092 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6093 6094 /* write vendor-specific BBP values (from EEPROM) */ 6095 if (sc->mac_ver < 0x3593) { 6096 for (i = 0; i < 10; i++) { 6097 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6098 continue; 6099 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6100 } 6101 } 6102 6103 /* select Main antenna for 1T1R devices */ 6104 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6105 run_set_rx_antenna(sc, 0); 6106 6107 /* send LEDs operating mode to microcontroller */ 6108 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6109 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6110 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6111 6112 if (sc->mac_ver >= 0x5390) 6113 run_rt5390_rf_init(sc); 6114 else if (sc->mac_ver == 0x3593) 6115 run_rt3593_rf_init(sc); 6116 else if (sc->mac_ver >= 0x3070) 6117 run_rt3070_rf_init(sc); 6118 6119 /* disable non-existing Rx chains */ 6120 run_bbp_read(sc, 3, &bbp3); 6121 bbp3 &= ~(1 << 3 | 1 << 4); 6122 if (sc->nrxchains == 2) 6123 bbp3 |= 1 << 3; 6124 else if (sc->nrxchains == 3) 6125 bbp3 |= 1 << 4; 6126 run_bbp_write(sc, 3, bbp3); 6127 6128 /* disable non-existing Tx chains */ 6129 run_bbp_read(sc, 1, &bbp1); 6130 if (sc->ntxchains == 1) 6131 bbp1 &= ~(1 << 3 | 1 << 4); 6132 run_bbp_write(sc, 1, bbp1); 6133 6134 if (sc->mac_ver >= 0x5390) 6135 run_rt5390_rf_setup(sc); 6136 else if (sc->mac_ver == 0x3593) 6137 run_rt3593_rf_setup(sc); 6138 else if (sc->mac_ver >= 0x3070) 6139 run_rt3070_rf_setup(sc); 6140 6141 /* select default channel */ 6142 run_set_chan(sc, ic->ic_curchan); 6143 6144 /* setup initial protection mode */ 6145 run_updateprot_cb(ic); 6146 6147 /* turn radio LED on */ 6148 run_set_leds(sc, RT2860_LED_RADIO); 6149 6150 sc->sc_flags |= RUN_RUNNING; 6151 sc->cmdq_run = RUN_CMDQ_GO; 6152 6153 for (i = 0; i != RUN_N_XFER; i++) 6154 usbd_xfer_set_stall(sc->sc_xfer[i]); 6155 6156 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6157 6158 if (run_txrx_enable(sc) != 0) 6159 goto fail; 6160 6161 return; 6162 6163 fail: 6164 run_stop(sc); 6165 } 6166 6167 static void 6168 run_stop(void *arg) 6169 { 6170 struct run_softc *sc = (struct run_softc *)arg; 6171 uint32_t tmp; 6172 int i; 6173 int ntries; 6174 6175 RUN_LOCK_ASSERT(sc, MA_OWNED); 6176 6177 if (sc->sc_flags & RUN_RUNNING) 6178 run_set_leds(sc, 0); /* turn all LEDs off */ 6179 6180 sc->sc_flags &= ~RUN_RUNNING; 6181 6182 sc->ratectl_run = RUN_RATECTL_OFF; 6183 sc->cmdq_run = sc->cmdq_key_set; 6184 6185 RUN_UNLOCK(sc); 6186 6187 for(i = 0; i < RUN_N_XFER; i++) 6188 usbd_transfer_drain(sc->sc_xfer[i]); 6189 6190 RUN_LOCK(sc); 6191 6192 run_drain_mbufq(sc); 6193 6194 if (sc->rx_m != NULL) { 6195 m_free(sc->rx_m); 6196 sc->rx_m = NULL; 6197 } 6198 6199 /* Disable Tx/Rx DMA. */ 6200 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6201 return; 6202 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6203 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6204 6205 for (ntries = 0; ntries < 100; ntries++) { 6206 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6207 return; 6208 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6209 break; 6210 run_delay(sc, 10); 6211 } 6212 if (ntries == 100) { 6213 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6214 return; 6215 } 6216 6217 /* disable Tx/Rx */ 6218 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6219 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6220 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6221 6222 /* wait for pending Tx to complete */ 6223 for (ntries = 0; ntries < 100; ntries++) { 6224 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6225 DPRINTF("Cannot read Tx queue count\n"); 6226 break; 6227 } 6228 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6229 DPRINTF("All Tx cleared\n"); 6230 break; 6231 } 6232 run_delay(sc, 10); 6233 } 6234 if (ntries >= 100) 6235 DPRINTF("There are still pending Tx\n"); 6236 run_delay(sc, 10); 6237 run_write(sc, RT2860_USB_DMA_CFG, 0); 6238 6239 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6240 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6241 6242 for (i = 0; i != RUN_EP_QUEUES; i++) 6243 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6244 } 6245 6246 static void 6247 run_delay(struct run_softc *sc, u_int ms) 6248 { 6249 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6250 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6251 } 6252 6253 static device_method_t run_methods[] = { 6254 /* Device interface */ 6255 DEVMETHOD(device_probe, run_match), 6256 DEVMETHOD(device_attach, run_attach), 6257 DEVMETHOD(device_detach, run_detach), 6258 DEVMETHOD_END 6259 }; 6260 6261 static driver_t run_driver = { 6262 .name = "run", 6263 .methods = run_methods, 6264 .size = sizeof(struct run_softc) 6265 }; 6266 6267 static devclass_t run_devclass; 6268 6269 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6270 MODULE_DEPEND(run, wlan, 1, 1, 1); 6271 MODULE_DEPEND(run, usb, 1, 1, 1); 6272 MODULE_DEPEND(run, firmware, 1, 1, 1); 6273 MODULE_VERSION(run, 1); 6274