1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) \ 92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 93 94 /* 95 * Because of LOR in run_key_delete(), use atomic instead. 96 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 97 */ 98 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 99 100 static const STRUCT_USB_HOST_ID run_devs[] = { 101 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 102 #define RUN_DEV_EJECT(v,p) \ 103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 104 #define RUN_EJECT 1 105 RUN_DEV(ABOCOM, RT2770), 106 RUN_DEV(ABOCOM, RT2870), 107 RUN_DEV(ABOCOM, RT3070), 108 RUN_DEV(ABOCOM, RT3071), 109 RUN_DEV(ABOCOM, RT3072), 110 RUN_DEV(ABOCOM2, RT2870_1), 111 RUN_DEV(ACCTON, RT2770), 112 RUN_DEV(ACCTON, RT2870_1), 113 RUN_DEV(ACCTON, RT2870_2), 114 RUN_DEV(ACCTON, RT2870_3), 115 RUN_DEV(ACCTON, RT2870_4), 116 RUN_DEV(ACCTON, RT2870_5), 117 RUN_DEV(ACCTON, RT3070), 118 RUN_DEV(ACCTON, RT3070_1), 119 RUN_DEV(ACCTON, RT3070_2), 120 RUN_DEV(ACCTON, RT3070_3), 121 RUN_DEV(ACCTON, RT3070_4), 122 RUN_DEV(ACCTON, RT3070_5), 123 RUN_DEV(AIRTIES, RT3070), 124 RUN_DEV(ALLWIN, RT2070), 125 RUN_DEV(ALLWIN, RT2770), 126 RUN_DEV(ALLWIN, RT2870), 127 RUN_DEV(ALLWIN, RT3070), 128 RUN_DEV(ALLWIN, RT3071), 129 RUN_DEV(ALLWIN, RT3072), 130 RUN_DEV(ALLWIN, RT3572), 131 RUN_DEV(AMIGO, RT2870_1), 132 RUN_DEV(AMIGO, RT2870_2), 133 RUN_DEV(AMIT, CGWLUSB2GNR), 134 RUN_DEV(AMIT, RT2870_1), 135 RUN_DEV(AMIT2, RT2870), 136 RUN_DEV(ASUS, RT2870_1), 137 RUN_DEV(ASUS, RT2870_2), 138 RUN_DEV(ASUS, RT2870_3), 139 RUN_DEV(ASUS, RT2870_4), 140 RUN_DEV(ASUS, RT2870_5), 141 RUN_DEV(ASUS, USBN13), 142 RUN_DEV(ASUS, RT3070_1), 143 RUN_DEV(ASUS, USBN66), 144 RUN_DEV(ASUS, USB_N53), 145 RUN_DEV(ASUS2, USBN11), 146 RUN_DEV(AZUREWAVE, RT2870_1), 147 RUN_DEV(AZUREWAVE, RT2870_2), 148 RUN_DEV(AZUREWAVE, RT3070_1), 149 RUN_DEV(AZUREWAVE, RT3070_2), 150 RUN_DEV(AZUREWAVE, RT3070_3), 151 RUN_DEV(BELKIN, F9L1103), 152 RUN_DEV(BELKIN, F5D8053V3), 153 RUN_DEV(BELKIN, F5D8055), 154 RUN_DEV(BELKIN, F5D8055V2), 155 RUN_DEV(BELKIN, F6D4050V1), 156 RUN_DEV(BELKIN, F6D4050V2), 157 RUN_DEV(BELKIN, RT2870_1), 158 RUN_DEV(BELKIN, RT2870_2), 159 RUN_DEV(CISCOLINKSYS, AE1000), 160 RUN_DEV(CISCOLINKSYS2, RT3070), 161 RUN_DEV(CISCOLINKSYS3, RT3070), 162 RUN_DEV(CONCEPTRONIC2, RT2870_1), 163 RUN_DEV(CONCEPTRONIC2, RT2870_2), 164 RUN_DEV(CONCEPTRONIC2, RT2870_3), 165 RUN_DEV(CONCEPTRONIC2, RT2870_4), 166 RUN_DEV(CONCEPTRONIC2, RT2870_5), 167 RUN_DEV(CONCEPTRONIC2, RT2870_6), 168 RUN_DEV(CONCEPTRONIC2, RT2870_7), 169 RUN_DEV(CONCEPTRONIC2, RT2870_8), 170 RUN_DEV(CONCEPTRONIC2, RT3070_1), 171 RUN_DEV(CONCEPTRONIC2, RT3070_2), 172 RUN_DEV(CONCEPTRONIC2, VIGORN61), 173 RUN_DEV(COREGA, CGWLUSB300GNM), 174 RUN_DEV(COREGA, RT2870_1), 175 RUN_DEV(COREGA, RT2870_2), 176 RUN_DEV(COREGA, RT2870_3), 177 RUN_DEV(COREGA, RT3070), 178 RUN_DEV(CYBERTAN, RT2870), 179 RUN_DEV(DLINK, RT2870), 180 RUN_DEV(DLINK, RT3072), 181 RUN_DEV(DLINK, DWA127), 182 RUN_DEV(DLINK, DWA140B3), 183 RUN_DEV(DLINK, DWA160B2), 184 RUN_DEV(DLINK, DWA140D1), 185 RUN_DEV(DLINK, DWA162), 186 RUN_DEV(DLINK2, DWA130), 187 RUN_DEV(DLINK2, RT2870_1), 188 RUN_DEV(DLINK2, RT2870_2), 189 RUN_DEV(DLINK2, RT3070_1), 190 RUN_DEV(DLINK2, RT3070_2), 191 RUN_DEV(DLINK2, RT3070_3), 192 RUN_DEV(DLINK2, RT3070_4), 193 RUN_DEV(DLINK2, RT3070_5), 194 RUN_DEV(DLINK2, RT3072), 195 RUN_DEV(DLINK2, RT3072_1), 196 RUN_DEV(EDIMAX, EW7717), 197 RUN_DEV(EDIMAX, EW7718), 198 RUN_DEV(EDIMAX, EW7733UND), 199 RUN_DEV(EDIMAX, RT2870_1), 200 RUN_DEV(ENCORE, RT3070_1), 201 RUN_DEV(ENCORE, RT3070_2), 202 RUN_DEV(ENCORE, RT3070_3), 203 RUN_DEV(GIGABYTE, GNWB31N), 204 RUN_DEV(GIGABYTE, GNWB32L), 205 RUN_DEV(GIGABYTE, RT2870_1), 206 RUN_DEV(GIGASET, RT3070_1), 207 RUN_DEV(GIGASET, RT3070_2), 208 RUN_DEV(GUILLEMOT, HWNU300), 209 RUN_DEV(HAWKING, HWUN2), 210 RUN_DEV(HAWKING, RT2870_1), 211 RUN_DEV(HAWKING, RT2870_2), 212 RUN_DEV(HAWKING, RT3070), 213 RUN_DEV(IODATA, RT3072_1), 214 RUN_DEV(IODATA, RT3072_2), 215 RUN_DEV(IODATA, RT3072_3), 216 RUN_DEV(IODATA, RT3072_4), 217 RUN_DEV(LINKSYS4, RT3070), 218 RUN_DEV(LINKSYS4, WUSB100), 219 RUN_DEV(LINKSYS4, WUSB54GCV3), 220 RUN_DEV(LINKSYS4, WUSB600N), 221 RUN_DEV(LINKSYS4, WUSB600NV2), 222 RUN_DEV(LOGITEC, RT2870_1), 223 RUN_DEV(LOGITEC, RT2870_2), 224 RUN_DEV(LOGITEC, RT2870_3), 225 RUN_DEV(LOGITEC, LANW300NU2), 226 RUN_DEV(LOGITEC, LANW150NU2), 227 RUN_DEV(LOGITEC, LANW300NU2S), 228 RUN_DEV(MELCO, WLIUCG300HP), 229 RUN_DEV(MELCO, RT2870_2), 230 RUN_DEV(MELCO, WLIUCAG300N), 231 RUN_DEV(MELCO, WLIUCG300N), 232 RUN_DEV(MELCO, WLIUCG301N), 233 RUN_DEV(MELCO, WLIUCGN), 234 RUN_DEV(MELCO, WLIUCGNM), 235 RUN_DEV(MELCO, WLIUCG300HPV1), 236 RUN_DEV(MELCO, WLIUCGNM2), 237 RUN_DEV(MOTOROLA4, RT2770), 238 RUN_DEV(MOTOROLA4, RT3070), 239 RUN_DEV(MSI, RT3070_1), 240 RUN_DEV(MSI, RT3070_2), 241 RUN_DEV(MSI, RT3070_3), 242 RUN_DEV(MSI, RT3070_4), 243 RUN_DEV(MSI, RT3070_5), 244 RUN_DEV(MSI, RT3070_6), 245 RUN_DEV(MSI, RT3070_7), 246 RUN_DEV(MSI, RT3070_8), 247 RUN_DEV(MSI, RT3070_9), 248 RUN_DEV(MSI, RT3070_10), 249 RUN_DEV(MSI, RT3070_11), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324 #undef RUN_DEV_EJECT 325 #undef RUN_DEV 326 }; 327 328 static device_probe_t run_match; 329 static device_attach_t run_attach; 330 static device_detach_t run_detach; 331 332 static usb_callback_t run_bulk_rx_callback; 333 static usb_callback_t run_bulk_tx_callback0; 334 static usb_callback_t run_bulk_tx_callback1; 335 static usb_callback_t run_bulk_tx_callback2; 336 static usb_callback_t run_bulk_tx_callback3; 337 static usb_callback_t run_bulk_tx_callback4; 338 static usb_callback_t run_bulk_tx_callback5; 339 340 static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342 static int run_driver_loaded(struct module *, int, void *); 343 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349 static void run_vap_delete(struct ieee80211vap *); 350 static void run_cmdq_cb(void *, int); 351 static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355 static int run_load_microcode(struct run_softc *); 356 static int run_reset(struct run_softc *); 357 static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359 static int run_read(struct run_softc *, uint16_t, uint32_t *); 360 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362 static int run_write(struct run_softc *, uint16_t, uint32_t); 363 static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375 static const char *run_get_rf(uint16_t); 376 static void run_rt3593_get_txpower(struct run_softc *); 377 static void run_get_txpower(struct run_softc *); 378 static int run_read_eeprom(struct run_softc *); 379 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381 static int run_media_change(struct ifnet *); 382 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383 static int run_wme_update(struct ieee80211com *); 384 static void run_wme_update_cb(void *); 385 static void run_key_update_begin(struct ieee80211vap *); 386 static void run_key_update_end(struct ieee80211vap *); 387 static void run_key_set_cb(void *); 388 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 389 const uint8_t mac[IEEE80211_ADDR_LEN]); 390 static void run_key_delete_cb(void *); 391 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 392 static void run_ratectl_to(void *); 393 static void run_ratectl_cb(void *, int); 394 static void run_drain_fifo(void *); 395 static void run_iter_func(void *, struct ieee80211_node *); 396 static void run_newassoc_cb(void *); 397 static void run_newassoc(struct ieee80211_node *, int); 398 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 399 static void run_tx_free(struct run_endpoint_queue *pq, 400 struct run_tx_data *, int); 401 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 402 static int run_tx(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404 static int run_tx_mgt(struct run_softc *, struct mbuf *, 405 struct ieee80211_node *); 406 static int run_sendprot(struct run_softc *, const struct mbuf *, 407 struct ieee80211_node *, int, int); 408 static int run_tx_param(struct run_softc *, struct mbuf *, 409 struct ieee80211_node *, 410 const struct ieee80211_bpf_params *); 411 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 412 const struct ieee80211_bpf_params *); 413 static int run_transmit(struct ieee80211com *, struct mbuf *); 414 static void run_start(struct run_softc *); 415 static void run_parent(struct ieee80211com *); 416 static void run_iq_calib(struct run_softc *, u_int); 417 static void run_set_agc(struct run_softc *, uint8_t); 418 static void run_select_chan_group(struct run_softc *, int); 419 static void run_set_rx_antenna(struct run_softc *, int); 420 static void run_rt2870_set_chan(struct run_softc *, u_int); 421 static void run_rt3070_set_chan(struct run_softc *, u_int); 422 static void run_rt3572_set_chan(struct run_softc *, u_int); 423 static void run_rt3593_set_chan(struct run_softc *, u_int); 424 static void run_rt5390_set_chan(struct run_softc *, u_int); 425 static void run_rt5592_set_chan(struct run_softc *, u_int); 426 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 427 static void run_set_channel(struct ieee80211com *); 428 static void run_scan_start(struct ieee80211com *); 429 static void run_scan_end(struct ieee80211com *); 430 static void run_update_beacon(struct ieee80211vap *, int); 431 static void run_update_beacon_cb(void *); 432 static void run_updateprot(struct ieee80211com *); 433 static void run_updateprot_cb(void *); 434 static void run_usb_timeout_cb(void *); 435 static void run_reset_livelock(struct run_softc *); 436 static void run_enable_tsf_sync(struct run_softc *); 437 static void run_enable_mrr(struct run_softc *); 438 static void run_set_txpreamble(struct run_softc *); 439 static void run_set_basicrates(struct run_softc *); 440 static void run_set_leds(struct run_softc *, uint16_t); 441 static void run_set_bssid(struct run_softc *, const uint8_t *); 442 static void run_set_macaddr(struct run_softc *, const uint8_t *); 443 static void run_updateslot(struct ieee80211com *); 444 static void run_updateslot_cb(void *); 445 static void run_update_mcast(struct ieee80211com *); 446 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 447 static void run_update_promisc_locked(struct run_softc *); 448 static void run_update_promisc(struct ieee80211com *); 449 static void run_rt5390_bbp_init(struct run_softc *); 450 static int run_bbp_init(struct run_softc *); 451 static int run_rt3070_rf_init(struct run_softc *); 452 static void run_rt3593_rf_init(struct run_softc *); 453 static void run_rt5390_rf_init(struct run_softc *); 454 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 455 uint8_t *); 456 static void run_rt3070_rf_setup(struct run_softc *); 457 static void run_rt3593_rf_setup(struct run_softc *); 458 static void run_rt5390_rf_setup(struct run_softc *); 459 static int run_txrx_enable(struct run_softc *); 460 static void run_adjust_freq_offset(struct run_softc *); 461 static void run_init_locked(struct run_softc *); 462 static void run_stop(void *); 463 static void run_delay(struct run_softc *, u_int); 464 465 static eventhandler_tag run_etag; 466 467 static const struct rt2860_rate { 468 uint8_t rate; 469 uint8_t mcs; 470 enum ieee80211_phytype phy; 471 uint8_t ctl_ridx; 472 uint16_t sp_ack_dur; 473 uint16_t lp_ack_dur; 474 } rt2860_rates[] = { 475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 487 }; 488 489 static const struct { 490 uint16_t reg; 491 uint32_t val; 492 } rt2870_def_mac[] = { 493 RT2870_DEF_MAC 494 }; 495 496 static const struct { 497 uint8_t reg; 498 uint8_t val; 499 } rt2860_def_bbp[] = { 500 RT2860_DEF_BBP 501 },rt5390_def_bbp[] = { 502 RT5390_DEF_BBP 503 },rt5592_def_bbp[] = { 504 RT5592_DEF_BBP 505 }; 506 507 /* 508 * Default values for BBP register R196 for RT5592. 509 */ 510 static const uint8_t rt5592_bbp_r196[] = { 511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 519 0x2e, 0x36, 0x30, 0x6e 520 }; 521 522 static const struct rfprog { 523 uint8_t chan; 524 uint32_t r1, r2, r3, r4; 525 } rt2860_rf2850[] = { 526 RT2860_RF2850 527 }; 528 529 struct { 530 uint8_t n, r, k; 531 } rt3070_freqs[] = { 532 RT3070_RF3052 533 }; 534 535 static const struct rt5592_freqs { 536 uint16_t n; 537 uint8_t k, m, r; 538 } rt5592_freqs_20mhz[] = { 539 RT5592_RF5592_20MHZ 540 },rt5592_freqs_40mhz[] = { 541 RT5592_RF5592_40MHZ 542 }; 543 544 static const struct { 545 uint8_t reg; 546 uint8_t val; 547 } rt3070_def_rf[] = { 548 RT3070_DEF_RF 549 },rt3572_def_rf[] = { 550 RT3572_DEF_RF 551 },rt3593_def_rf[] = { 552 RT3593_DEF_RF 553 },rt5390_def_rf[] = { 554 RT5390_DEF_RF 555 },rt5392_def_rf[] = { 556 RT5392_DEF_RF 557 },rt5592_def_rf[] = { 558 RT5592_DEF_RF 559 },rt5592_2ghz_def_rf[] = { 560 RT5592_2GHZ_DEF_RF 561 },rt5592_5ghz_def_rf[] = { 562 RT5592_5GHZ_DEF_RF 563 }; 564 565 static const struct { 566 u_int firstchan; 567 u_int lastchan; 568 uint8_t reg; 569 uint8_t val; 570 } rt5592_chan_5ghz[] = { 571 RT5592_CHAN_5GHZ 572 }; 573 574 static const struct usb_config run_config[RUN_N_XFER] = { 575 [RUN_BULK_TX_BE] = { 576 .type = UE_BULK, 577 .endpoint = UE_ADDR_ANY, 578 .ep_index = 0, 579 .direction = UE_DIR_OUT, 580 .bufsize = RUN_MAX_TXSZ, 581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 582 .callback = run_bulk_tx_callback0, 583 .timeout = 5000, /* ms */ 584 }, 585 [RUN_BULK_TX_BK] = { 586 .type = UE_BULK, 587 .endpoint = UE_ADDR_ANY, 588 .direction = UE_DIR_OUT, 589 .ep_index = 1, 590 .bufsize = RUN_MAX_TXSZ, 591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 592 .callback = run_bulk_tx_callback1, 593 .timeout = 5000, /* ms */ 594 }, 595 [RUN_BULK_TX_VI] = { 596 .type = UE_BULK, 597 .endpoint = UE_ADDR_ANY, 598 .direction = UE_DIR_OUT, 599 .ep_index = 2, 600 .bufsize = RUN_MAX_TXSZ, 601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 602 .callback = run_bulk_tx_callback2, 603 .timeout = 5000, /* ms */ 604 }, 605 [RUN_BULK_TX_VO] = { 606 .type = UE_BULK, 607 .endpoint = UE_ADDR_ANY, 608 .direction = UE_DIR_OUT, 609 .ep_index = 3, 610 .bufsize = RUN_MAX_TXSZ, 611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 612 .callback = run_bulk_tx_callback3, 613 .timeout = 5000, /* ms */ 614 }, 615 [RUN_BULK_TX_HCCA] = { 616 .type = UE_BULK, 617 .endpoint = UE_ADDR_ANY, 618 .direction = UE_DIR_OUT, 619 .ep_index = 4, 620 .bufsize = RUN_MAX_TXSZ, 621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 622 .callback = run_bulk_tx_callback4, 623 .timeout = 5000, /* ms */ 624 }, 625 [RUN_BULK_TX_PRIO] = { 626 .type = UE_BULK, 627 .endpoint = UE_ADDR_ANY, 628 .direction = UE_DIR_OUT, 629 .ep_index = 5, 630 .bufsize = RUN_MAX_TXSZ, 631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 632 .callback = run_bulk_tx_callback5, 633 .timeout = 5000, /* ms */ 634 }, 635 [RUN_BULK_RX] = { 636 .type = UE_BULK, 637 .endpoint = UE_ADDR_ANY, 638 .direction = UE_DIR_IN, 639 .bufsize = RUN_MAX_RXSZ, 640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 641 .callback = run_bulk_rx_callback, 642 } 643 }; 644 645 static void 646 run_autoinst(void *arg, struct usb_device *udev, 647 struct usb_attach_arg *uaa) 648 { 649 struct usb_interface *iface; 650 struct usb_interface_descriptor *id; 651 652 if (uaa->dev_state != UAA_DEV_READY) 653 return; 654 655 iface = usbd_get_iface(udev, 0); 656 if (iface == NULL) 657 return; 658 id = iface->idesc; 659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 660 return; 661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 662 return; 663 664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 665 uaa->dev_state = UAA_DEV_EJECTING; 666 } 667 668 static int 669 run_driver_loaded(struct module *mod, int what, void *arg) 670 { 671 switch (what) { 672 case MOD_LOAD: 673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 675 break; 676 case MOD_UNLOAD: 677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 678 break; 679 default: 680 return (EOPNOTSUPP); 681 } 682 return (0); 683 } 684 685 static int 686 run_match(device_t self) 687 { 688 struct usb_attach_arg *uaa = device_get_ivars(self); 689 690 if (uaa->usb_mode != USB_MODE_HOST) 691 return (ENXIO); 692 if (uaa->info.bConfigIndex != 0) 693 return (ENXIO); 694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 695 return (ENXIO); 696 697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 698 } 699 700 static int 701 run_attach(device_t self) 702 { 703 struct run_softc *sc = device_get_softc(self); 704 struct usb_attach_arg *uaa = device_get_ivars(self); 705 struct ieee80211com *ic = &sc->sc_ic; 706 uint32_t ver; 707 int ntries, error; 708 uint8_t iface_index, bands; 709 710 device_set_usb_desc(self); 711 sc->sc_udev = uaa->device; 712 sc->sc_dev = self; 713 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 714 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 715 716 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 717 MTX_NETWORK_LOCK, MTX_DEF); 718 mbufq_init(&sc->sc_snd, ifqmaxlen); 719 720 iface_index = RT2860_IFACE_INDEX; 721 722 error = usbd_transfer_setup(uaa->device, &iface_index, 723 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 724 if (error) { 725 device_printf(self, "could not allocate USB transfers, " 726 "err=%s\n", usbd_errstr(error)); 727 goto detach; 728 } 729 730 RUN_LOCK(sc); 731 732 /* wait for the chip to settle */ 733 for (ntries = 0; ntries < 100; ntries++) { 734 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 735 RUN_UNLOCK(sc); 736 goto detach; 737 } 738 if (ver != 0 && ver != 0xffffffff) 739 break; 740 run_delay(sc, 10); 741 } 742 if (ntries == 100) { 743 device_printf(sc->sc_dev, 744 "timeout waiting for NIC to initialize\n"); 745 RUN_UNLOCK(sc); 746 goto detach; 747 } 748 sc->mac_ver = ver >> 16; 749 sc->mac_rev = ver & 0xffff; 750 751 /* retrieve RF rev. no and various other things from EEPROM */ 752 run_read_eeprom(sc); 753 754 device_printf(sc->sc_dev, 755 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 756 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 757 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 758 759 RUN_UNLOCK(sc); 760 761 ic->ic_softc = sc; 762 ic->ic_name = device_get_nameunit(self); 763 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 764 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 765 766 /* set device capabilities */ 767 ic->ic_caps = 768 IEEE80211_C_STA | /* station mode supported */ 769 IEEE80211_C_MONITOR | /* monitor mode supported */ 770 IEEE80211_C_IBSS | 771 IEEE80211_C_HOSTAP | 772 IEEE80211_C_WDS | /* 4-address traffic works */ 773 IEEE80211_C_MBSS | 774 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 775 IEEE80211_C_SHSLOT | /* short slot time supported */ 776 IEEE80211_C_WME | /* WME */ 777 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 778 779 ic->ic_cryptocaps = 780 IEEE80211_CRYPTO_WEP | 781 IEEE80211_CRYPTO_AES_CCM | 782 IEEE80211_CRYPTO_TKIPMIC | 783 IEEE80211_CRYPTO_TKIP; 784 785 ic->ic_flags |= IEEE80211_F_DATAPAD; 786 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 787 788 bands = 0; 789 setbit(&bands, IEEE80211_MODE_11B); 790 setbit(&bands, IEEE80211_MODE_11G); 791 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 792 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 793 sc->rf_rev == RT5592_RF_5592) 794 setbit(&bands, IEEE80211_MODE_11A); 795 ieee80211_init_channels(ic, NULL, &bands); 796 797 ieee80211_ifattach(ic); 798 799 ic->ic_scan_start = run_scan_start; 800 ic->ic_scan_end = run_scan_end; 801 ic->ic_set_channel = run_set_channel; 802 ic->ic_node_alloc = run_node_alloc; 803 ic->ic_newassoc = run_newassoc; 804 ic->ic_updateslot = run_updateslot; 805 ic->ic_update_mcast = run_update_mcast; 806 ic->ic_wme.wme_update = run_wme_update; 807 ic->ic_raw_xmit = run_raw_xmit; 808 ic->ic_update_promisc = run_update_promisc; 809 ic->ic_vap_create = run_vap_create; 810 ic->ic_vap_delete = run_vap_delete; 811 ic->ic_transmit = run_transmit; 812 ic->ic_parent = run_parent; 813 814 ieee80211_radiotap_attach(ic, 815 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 816 RUN_TX_RADIOTAP_PRESENT, 817 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 818 RUN_RX_RADIOTAP_PRESENT); 819 820 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 821 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 822 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 823 824 if (bootverbose) 825 ieee80211_announce(ic); 826 827 return (0); 828 829 detach: 830 run_detach(self); 831 return (ENXIO); 832 } 833 834 static int 835 run_detach(device_t self) 836 { 837 struct run_softc *sc = device_get_softc(self); 838 struct ieee80211com *ic = &sc->sc_ic; 839 int i; 840 841 RUN_LOCK(sc); 842 sc->sc_detached = 1; 843 RUN_UNLOCK(sc); 844 845 /* stop all USB transfers */ 846 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 847 848 RUN_LOCK(sc); 849 sc->ratectl_run = RUN_RATECTL_OFF; 850 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 851 852 /* free TX list, if any */ 853 for (i = 0; i != RUN_EP_QUEUES; i++) 854 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 855 RUN_UNLOCK(sc); 856 857 if (sc->sc_ic.ic_softc == sc) { 858 /* drain tasks */ 859 usb_callout_drain(&sc->ratectl_ch); 860 ieee80211_draintask(ic, &sc->cmdq_task); 861 ieee80211_draintask(ic, &sc->ratectl_task); 862 ieee80211_ifdetach(ic); 863 } 864 865 mbufq_drain(&sc->sc_snd); 866 mtx_destroy(&sc->sc_mtx); 867 868 return (0); 869 } 870 871 static struct ieee80211vap * 872 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 873 enum ieee80211_opmode opmode, int flags, 874 const uint8_t bssid[IEEE80211_ADDR_LEN], 875 const uint8_t mac[IEEE80211_ADDR_LEN]) 876 { 877 struct run_softc *sc = ic->ic_softc; 878 struct run_vap *rvp; 879 struct ieee80211vap *vap; 880 int i; 881 882 if (sc->rvp_cnt >= RUN_VAP_MAX) { 883 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 884 return (NULL); 885 } 886 887 switch (opmode) { 888 case IEEE80211_M_STA: 889 /* enable s/w bmiss handling for sta mode */ 890 flags |= IEEE80211_CLONE_NOBEACONS; 891 /* fall though */ 892 case IEEE80211_M_IBSS: 893 case IEEE80211_M_MONITOR: 894 case IEEE80211_M_HOSTAP: 895 case IEEE80211_M_MBSS: 896 /* other than WDS vaps, only one at a time */ 897 if (!TAILQ_EMPTY(&ic->ic_vaps)) 898 return (NULL); 899 break; 900 case IEEE80211_M_WDS: 901 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 902 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 903 continue; 904 /* WDS vap's always share the local mac address. */ 905 flags &= ~IEEE80211_CLONE_BSSID; 906 break; 907 } 908 if (vap == NULL) { 909 device_printf(sc->sc_dev, 910 "wds only supported in ap mode\n"); 911 return (NULL); 912 } 913 break; 914 default: 915 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 916 return (NULL); 917 } 918 919 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 920 vap = &rvp->vap; 921 922 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 923 bssid) != 0) { 924 /* out of memory */ 925 free(rvp, M_80211_VAP); 926 return (NULL); 927 } 928 929 vap->iv_key_update_begin = run_key_update_begin; 930 vap->iv_key_update_end = run_key_update_end; 931 vap->iv_update_beacon = run_update_beacon; 932 vap->iv_max_aid = RT2870_WCID_MAX; 933 /* 934 * To delete the right key from h/w, we need wcid. 935 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 936 * and matching wcid will be written into there. So, cast 937 * some spells to remove 'const' from ieee80211_key{} 938 */ 939 vap->iv_key_delete = (void *)run_key_delete; 940 vap->iv_key_set = (void *)run_key_set; 941 942 /* override state transition machine */ 943 rvp->newstate = vap->iv_newstate; 944 vap->iv_newstate = run_newstate; 945 946 ieee80211_ratectl_init(vap); 947 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 948 949 /* complete setup */ 950 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 951 mac); 952 953 /* make sure id is always unique */ 954 for (i = 0; i < RUN_VAP_MAX; i++) { 955 if((sc->rvp_bmap & 1 << i) == 0){ 956 sc->rvp_bmap |= 1 << i; 957 rvp->rvp_id = i; 958 break; 959 } 960 } 961 if (sc->rvp_cnt++ == 0) 962 ic->ic_opmode = opmode; 963 964 if (opmode == IEEE80211_M_HOSTAP) 965 sc->cmdq_run = RUN_CMDQ_GO; 966 967 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 968 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 969 970 return (vap); 971 } 972 973 static void 974 run_vap_delete(struct ieee80211vap *vap) 975 { 976 struct run_vap *rvp = RUN_VAP(vap); 977 struct ieee80211com *ic; 978 struct run_softc *sc; 979 uint8_t rvp_id; 980 981 if (vap == NULL) 982 return; 983 984 ic = vap->iv_ic; 985 sc = ic->ic_softc; 986 987 RUN_LOCK(sc); 988 989 m_freem(rvp->beacon_mbuf); 990 rvp->beacon_mbuf = NULL; 991 992 rvp_id = rvp->rvp_id; 993 sc->ratectl_run &= ~(1 << rvp_id); 994 sc->rvp_bmap &= ~(1 << rvp_id); 995 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 996 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 997 --sc->rvp_cnt; 998 999 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1000 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1001 1002 RUN_UNLOCK(sc); 1003 1004 ieee80211_ratectl_deinit(vap); 1005 ieee80211_vap_detach(vap); 1006 free(rvp, M_80211_VAP); 1007 } 1008 1009 /* 1010 * There are numbers of functions need to be called in context thread. 1011 * Rather than creating taskqueue event for each of those functions, 1012 * here is all-for-one taskqueue callback function. This function 1013 * gurantees deferred functions are executed in the same order they 1014 * were enqueued. 1015 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1016 */ 1017 static void 1018 run_cmdq_cb(void *arg, int pending) 1019 { 1020 struct run_softc *sc = arg; 1021 uint8_t i; 1022 1023 /* call cmdq[].func locked */ 1024 RUN_LOCK(sc); 1025 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1026 i = sc->cmdq_exec, pending--) { 1027 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1028 if (sc->cmdq_run == RUN_CMDQ_GO) { 1029 /* 1030 * If arg0 is NULL, callback func needs more 1031 * than one arg. So, pass ptr to cmdq struct. 1032 */ 1033 if (sc->cmdq[i].arg0) 1034 sc->cmdq[i].func(sc->cmdq[i].arg0); 1035 else 1036 sc->cmdq[i].func(&sc->cmdq[i]); 1037 } 1038 sc->cmdq[i].arg0 = NULL; 1039 sc->cmdq[i].func = NULL; 1040 sc->cmdq_exec++; 1041 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1042 } 1043 RUN_UNLOCK(sc); 1044 } 1045 1046 static void 1047 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1048 { 1049 struct run_tx_data *data; 1050 1051 memset(pq, 0, sizeof(*pq)); 1052 1053 STAILQ_INIT(&pq->tx_qh); 1054 STAILQ_INIT(&pq->tx_fh); 1055 1056 for (data = &pq->tx_data[0]; 1057 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1058 data->sc = sc; 1059 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1060 } 1061 pq->tx_nfree = RUN_TX_RING_COUNT; 1062 } 1063 1064 static void 1065 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1066 { 1067 struct run_tx_data *data; 1068 1069 /* make sure any subsequent use of the queues will fail */ 1070 pq->tx_nfree = 0; 1071 STAILQ_INIT(&pq->tx_fh); 1072 STAILQ_INIT(&pq->tx_qh); 1073 1074 /* free up all node references and mbufs */ 1075 for (data = &pq->tx_data[0]; 1076 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1077 if (data->m != NULL) { 1078 m_freem(data->m); 1079 data->m = NULL; 1080 } 1081 if (data->ni != NULL) { 1082 ieee80211_free_node(data->ni); 1083 data->ni = NULL; 1084 } 1085 } 1086 } 1087 1088 static int 1089 run_load_microcode(struct run_softc *sc) 1090 { 1091 usb_device_request_t req; 1092 const struct firmware *fw; 1093 const u_char *base; 1094 uint32_t tmp; 1095 int ntries, error; 1096 const uint64_t *temp; 1097 uint64_t bytes; 1098 1099 RUN_UNLOCK(sc); 1100 fw = firmware_get("runfw"); 1101 RUN_LOCK(sc); 1102 if (fw == NULL) { 1103 device_printf(sc->sc_dev, 1104 "failed loadfirmware of file %s\n", "runfw"); 1105 return ENOENT; 1106 } 1107 1108 if (fw->datasize != 8192) { 1109 device_printf(sc->sc_dev, 1110 "invalid firmware size (should be 8KB)\n"); 1111 error = EINVAL; 1112 goto fail; 1113 } 1114 1115 /* 1116 * RT3071/RT3072 use a different firmware 1117 * run-rt2870 (8KB) contains both, 1118 * first half (4KB) is for rt2870, 1119 * last half is for rt3071. 1120 */ 1121 base = fw->data; 1122 if ((sc->mac_ver) != 0x2860 && 1123 (sc->mac_ver) != 0x2872 && 1124 (sc->mac_ver) != 0x3070) { 1125 base += 4096; 1126 } 1127 1128 /* cheap sanity check */ 1129 temp = fw->data; 1130 bytes = *temp; 1131 if (bytes != be64toh(0xffffff0210280210ULL)) { 1132 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1133 error = EINVAL; 1134 goto fail; 1135 } 1136 1137 /* write microcode image */ 1138 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1139 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1140 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1141 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1142 } 1143 1144 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1145 req.bRequest = RT2870_RESET; 1146 USETW(req.wValue, 8); 1147 USETW(req.wIndex, 0); 1148 USETW(req.wLength, 0); 1149 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1150 != 0) { 1151 device_printf(sc->sc_dev, "firmware reset failed\n"); 1152 goto fail; 1153 } 1154 1155 run_delay(sc, 10); 1156 1157 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1158 run_write(sc, RT2860_H2M_MAILBOX, 0); 1159 run_write(sc, RT2860_H2M_INTSRC, 0); 1160 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1161 goto fail; 1162 1163 /* wait until microcontroller is ready */ 1164 for (ntries = 0; ntries < 1000; ntries++) { 1165 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1166 goto fail; 1167 if (tmp & RT2860_MCU_READY) 1168 break; 1169 run_delay(sc, 10); 1170 } 1171 if (ntries == 1000) { 1172 device_printf(sc->sc_dev, 1173 "timeout waiting for MCU to initialize\n"); 1174 error = ETIMEDOUT; 1175 goto fail; 1176 } 1177 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1178 (base == fw->data) ? "RT2870" : "RT3071", 1179 *(base + 4092), *(base + 4093)); 1180 1181 fail: 1182 firmware_put(fw, FIRMWARE_UNLOAD); 1183 return (error); 1184 } 1185 1186 static int 1187 run_reset(struct run_softc *sc) 1188 { 1189 usb_device_request_t req; 1190 1191 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1192 req.bRequest = RT2870_RESET; 1193 USETW(req.wValue, 1); 1194 USETW(req.wIndex, 0); 1195 USETW(req.wLength, 0); 1196 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1197 } 1198 1199 static usb_error_t 1200 run_do_request(struct run_softc *sc, 1201 struct usb_device_request *req, void *data) 1202 { 1203 usb_error_t err; 1204 int ntries = 10; 1205 1206 RUN_LOCK_ASSERT(sc, MA_OWNED); 1207 1208 while (ntries--) { 1209 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1210 req, data, 0, NULL, 250 /* ms */); 1211 if (err == 0) 1212 break; 1213 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1214 usbd_errstr(err)); 1215 run_delay(sc, 10); 1216 } 1217 return (err); 1218 } 1219 1220 static int 1221 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1222 { 1223 uint32_t tmp; 1224 int error; 1225 1226 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1227 if (error == 0) 1228 *val = le32toh(tmp); 1229 else 1230 *val = 0xffffffff; 1231 return (error); 1232 } 1233 1234 static int 1235 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1236 { 1237 usb_device_request_t req; 1238 1239 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1240 req.bRequest = RT2870_READ_REGION_1; 1241 USETW(req.wValue, 0); 1242 USETW(req.wIndex, reg); 1243 USETW(req.wLength, len); 1244 1245 return (run_do_request(sc, &req, buf)); 1246 } 1247 1248 static int 1249 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1250 { 1251 usb_device_request_t req; 1252 1253 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1254 req.bRequest = RT2870_WRITE_2; 1255 USETW(req.wValue, val); 1256 USETW(req.wIndex, reg); 1257 USETW(req.wLength, 0); 1258 1259 return (run_do_request(sc, &req, NULL)); 1260 } 1261 1262 static int 1263 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1264 { 1265 int error; 1266 1267 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1268 error = run_write_2(sc, reg + 2, val >> 16); 1269 return (error); 1270 } 1271 1272 static int 1273 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1274 int len) 1275 { 1276 #if 1 1277 int i, error = 0; 1278 /* 1279 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1280 * We thus issue multiple WRITE_2 commands instead. 1281 */ 1282 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1283 for (i = 0; i < len && error == 0; i += 2) 1284 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1285 return (error); 1286 #else 1287 usb_device_request_t req; 1288 int error = 0; 1289 1290 /* 1291 * NOTE: It appears the WRITE_REGION_1 command cannot be 1292 * passed a huge amount of data, which will crash the 1293 * firmware. Limit amount of data passed to 64-bytes at a 1294 * time. 1295 */ 1296 while (len > 0) { 1297 int delta = 64; 1298 if (delta > len) 1299 delta = len; 1300 1301 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1302 req.bRequest = RT2870_WRITE_REGION_1; 1303 USETW(req.wValue, 0); 1304 USETW(req.wIndex, reg); 1305 USETW(req.wLength, delta); 1306 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1307 if (error != 0) 1308 break; 1309 reg += delta; 1310 buf += delta; 1311 len -= delta; 1312 } 1313 return (error); 1314 #endif 1315 } 1316 1317 static int 1318 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1319 { 1320 int i, error = 0; 1321 1322 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1323 for (i = 0; i < len && error == 0; i += 4) 1324 error = run_write(sc, reg + i, val); 1325 return (error); 1326 } 1327 1328 static int 1329 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1330 { 1331 uint32_t tmp; 1332 uint16_t reg; 1333 int error, ntries; 1334 1335 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1336 return (error); 1337 1338 if (count == 2) 1339 addr *= 2; 1340 /*- 1341 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1342 * DATA0: F E D C 1343 * DATA1: B A 9 8 1344 * DATA2: 7 6 5 4 1345 * DATA3: 3 2 1 0 1346 */ 1347 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1348 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1349 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1350 for (ntries = 0; ntries < 100; ntries++) { 1351 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1352 return (error); 1353 if (!(tmp & RT3070_EFSROM_KICK)) 1354 break; 1355 run_delay(sc, 2); 1356 } 1357 if (ntries == 100) 1358 return (ETIMEDOUT); 1359 1360 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1361 *val = 0xffff; /* address not found */ 1362 return (0); 1363 } 1364 /* determine to which 32-bit register our 16-bit word belongs */ 1365 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1366 if ((error = run_read(sc, reg, &tmp)) != 0) 1367 return (error); 1368 1369 tmp >>= (8 * (addr & 0x3)); 1370 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1371 1372 return (0); 1373 } 1374 1375 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1376 static int 1377 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1378 { 1379 return (run_efuse_read(sc, addr, val, 2)); 1380 } 1381 1382 static int 1383 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1384 { 1385 usb_device_request_t req; 1386 uint16_t tmp; 1387 int error; 1388 1389 addr *= 2; 1390 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1391 req.bRequest = RT2870_EEPROM_READ; 1392 USETW(req.wValue, 0); 1393 USETW(req.wIndex, addr); 1394 USETW(req.wLength, sizeof(tmp)); 1395 1396 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1397 if (error == 0) 1398 *val = le16toh(tmp); 1399 else 1400 *val = 0xffff; 1401 return (error); 1402 } 1403 1404 static __inline int 1405 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1406 { 1407 /* either eFUSE ROM or EEPROM */ 1408 return sc->sc_srom_read(sc, addr, val); 1409 } 1410 1411 static int 1412 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1413 { 1414 uint32_t tmp; 1415 int error, ntries; 1416 1417 for (ntries = 0; ntries < 10; ntries++) { 1418 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1419 return (error); 1420 if (!(tmp & RT2860_RF_REG_CTRL)) 1421 break; 1422 } 1423 if (ntries == 10) 1424 return (ETIMEDOUT); 1425 1426 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1427 } 1428 1429 static int 1430 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1431 { 1432 uint32_t tmp; 1433 int error, ntries; 1434 1435 for (ntries = 0; ntries < 100; ntries++) { 1436 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1437 return (error); 1438 if (!(tmp & RT3070_RF_KICK)) 1439 break; 1440 } 1441 if (ntries == 100) 1442 return (ETIMEDOUT); 1443 1444 tmp = RT3070_RF_KICK | reg << 8; 1445 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1446 return (error); 1447 1448 for (ntries = 0; ntries < 100; ntries++) { 1449 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1450 return (error); 1451 if (!(tmp & RT3070_RF_KICK)) 1452 break; 1453 } 1454 if (ntries == 100) 1455 return (ETIMEDOUT); 1456 1457 *val = tmp & 0xff; 1458 return (0); 1459 } 1460 1461 static int 1462 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1463 { 1464 uint32_t tmp; 1465 int error, ntries; 1466 1467 for (ntries = 0; ntries < 10; ntries++) { 1468 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1469 return (error); 1470 if (!(tmp & RT3070_RF_KICK)) 1471 break; 1472 } 1473 if (ntries == 10) 1474 return (ETIMEDOUT); 1475 1476 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1477 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1478 } 1479 1480 static int 1481 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1482 { 1483 uint32_t tmp; 1484 int ntries, error; 1485 1486 for (ntries = 0; ntries < 10; ntries++) { 1487 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1488 return (error); 1489 if (!(tmp & RT2860_BBP_CSR_KICK)) 1490 break; 1491 } 1492 if (ntries == 10) 1493 return (ETIMEDOUT); 1494 1495 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1496 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1497 return (error); 1498 1499 for (ntries = 0; ntries < 10; ntries++) { 1500 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1501 return (error); 1502 if (!(tmp & RT2860_BBP_CSR_KICK)) 1503 break; 1504 } 1505 if (ntries == 10) 1506 return (ETIMEDOUT); 1507 1508 *val = tmp & 0xff; 1509 return (0); 1510 } 1511 1512 static int 1513 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1514 { 1515 uint32_t tmp; 1516 int ntries, error; 1517 1518 for (ntries = 0; ntries < 10; ntries++) { 1519 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1520 return (error); 1521 if (!(tmp & RT2860_BBP_CSR_KICK)) 1522 break; 1523 } 1524 if (ntries == 10) 1525 return (ETIMEDOUT); 1526 1527 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1528 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1529 } 1530 1531 /* 1532 * Send a command to the 8051 microcontroller unit. 1533 */ 1534 static int 1535 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1536 { 1537 uint32_t tmp; 1538 int error, ntries; 1539 1540 for (ntries = 0; ntries < 100; ntries++) { 1541 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1542 return error; 1543 if (!(tmp & RT2860_H2M_BUSY)) 1544 break; 1545 } 1546 if (ntries == 100) 1547 return ETIMEDOUT; 1548 1549 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1550 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1551 error = run_write(sc, RT2860_HOST_CMD, cmd); 1552 return (error); 1553 } 1554 1555 /* 1556 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1557 * Used to adjust per-rate Tx power registers. 1558 */ 1559 static __inline uint32_t 1560 b4inc(uint32_t b32, int8_t delta) 1561 { 1562 int8_t i, b4; 1563 1564 for (i = 0; i < 8; i++) { 1565 b4 = b32 & 0xf; 1566 b4 += delta; 1567 if (b4 < 0) 1568 b4 = 0; 1569 else if (b4 > 0xf) 1570 b4 = 0xf; 1571 b32 = b32 >> 4 | b4 << 28; 1572 } 1573 return (b32); 1574 } 1575 1576 static const char * 1577 run_get_rf(uint16_t rev) 1578 { 1579 switch (rev) { 1580 case RT2860_RF_2820: return "RT2820"; 1581 case RT2860_RF_2850: return "RT2850"; 1582 case RT2860_RF_2720: return "RT2720"; 1583 case RT2860_RF_2750: return "RT2750"; 1584 case RT3070_RF_3020: return "RT3020"; 1585 case RT3070_RF_2020: return "RT2020"; 1586 case RT3070_RF_3021: return "RT3021"; 1587 case RT3070_RF_3022: return "RT3022"; 1588 case RT3070_RF_3052: return "RT3052"; 1589 case RT3593_RF_3053: return "RT3053"; 1590 case RT5592_RF_5592: return "RT5592"; 1591 case RT5390_RF_5370: return "RT5370"; 1592 case RT5390_RF_5372: return "RT5372"; 1593 } 1594 return ("unknown"); 1595 } 1596 1597 static void 1598 run_rt3593_get_txpower(struct run_softc *sc) 1599 { 1600 uint16_t addr, val; 1601 int i; 1602 1603 /* Read power settings for 2GHz channels. */ 1604 for (i = 0; i < 14; i += 2) { 1605 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1606 RT2860_EEPROM_PWR2GHZ_BASE1; 1607 run_srom_read(sc, addr + i / 2, &val); 1608 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1609 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1610 1611 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1612 RT2860_EEPROM_PWR2GHZ_BASE2; 1613 run_srom_read(sc, addr + i / 2, &val); 1614 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1615 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1616 1617 if (sc->ntxchains == 3) { 1618 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1619 &val); 1620 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1621 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1622 } 1623 } 1624 /* Fix broken Tx power entries. */ 1625 for (i = 0; i < 14; i++) { 1626 if (sc->txpow1[i] > 31) 1627 sc->txpow1[i] = 5; 1628 if (sc->txpow2[i] > 31) 1629 sc->txpow2[i] = 5; 1630 if (sc->ntxchains == 3) { 1631 if (sc->txpow3[i] > 31) 1632 sc->txpow3[i] = 5; 1633 } 1634 } 1635 /* Read power settings for 5GHz channels. */ 1636 for (i = 0; i < 40; i += 2) { 1637 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1638 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1639 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1640 1641 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1642 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1643 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1644 1645 if (sc->ntxchains == 3) { 1646 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1647 &val); 1648 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1649 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1650 } 1651 } 1652 } 1653 1654 static void 1655 run_get_txpower(struct run_softc *sc) 1656 { 1657 uint16_t val; 1658 int i; 1659 1660 /* Read power settings for 2GHz channels. */ 1661 for (i = 0; i < 14; i += 2) { 1662 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1663 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1664 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1665 1666 if (sc->mac_ver != 0x5390) { 1667 run_srom_read(sc, 1668 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1669 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1670 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1671 } 1672 } 1673 /* Fix broken Tx power entries. */ 1674 for (i = 0; i < 14; i++) { 1675 if (sc->mac_ver >= 0x5390) { 1676 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1677 sc->txpow1[i] = 5; 1678 } else { 1679 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1680 sc->txpow1[i] = 5; 1681 } 1682 if (sc->mac_ver > 0x5390) { 1683 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1684 sc->txpow2[i] = 5; 1685 } else if (sc->mac_ver < 0x5390) { 1686 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1687 sc->txpow2[i] = 5; 1688 } 1689 DPRINTF("chan %d: power1=%d, power2=%d\n", 1690 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1691 } 1692 /* Read power settings for 5GHz channels. */ 1693 for (i = 0; i < 40; i += 2) { 1694 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1695 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1696 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1697 1698 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1699 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1700 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1701 } 1702 /* Fix broken Tx power entries. */ 1703 for (i = 0; i < 40; i++ ) { 1704 if (sc->mac_ver != 0x5592) { 1705 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1706 sc->txpow1[14 + i] = 5; 1707 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1708 sc->txpow2[14 + i] = 5; 1709 } 1710 DPRINTF("chan %d: power1=%d, power2=%d\n", 1711 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1712 sc->txpow2[14 + i]); 1713 } 1714 } 1715 1716 static int 1717 run_read_eeprom(struct run_softc *sc) 1718 { 1719 struct ieee80211com *ic = &sc->sc_ic; 1720 int8_t delta_2ghz, delta_5ghz; 1721 uint32_t tmp; 1722 uint16_t val; 1723 int ridx, ant, i; 1724 1725 /* check whether the ROM is eFUSE ROM or EEPROM */ 1726 sc->sc_srom_read = run_eeprom_read_2; 1727 if (sc->mac_ver >= 0x3070) { 1728 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1729 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1730 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1731 sc->sc_srom_read = run_efuse_read_2; 1732 } 1733 1734 /* read ROM version */ 1735 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1736 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1737 1738 /* read MAC address */ 1739 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1740 ic->ic_macaddr[0] = val & 0xff; 1741 ic->ic_macaddr[1] = val >> 8; 1742 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1743 ic->ic_macaddr[2] = val & 0xff; 1744 ic->ic_macaddr[3] = val >> 8; 1745 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1746 ic->ic_macaddr[4] = val & 0xff; 1747 ic->ic_macaddr[5] = val >> 8; 1748 1749 if (sc->mac_ver < 0x3593) { 1750 /* read vender BBP settings */ 1751 for (i = 0; i < 10; i++) { 1752 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1753 sc->bbp[i].val = val & 0xff; 1754 sc->bbp[i].reg = val >> 8; 1755 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1756 sc->bbp[i].val); 1757 } 1758 if (sc->mac_ver >= 0x3071) { 1759 /* read vendor RF settings */ 1760 for (i = 0; i < 10; i++) { 1761 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1762 &val); 1763 sc->rf[i].val = val & 0xff; 1764 sc->rf[i].reg = val >> 8; 1765 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1766 sc->rf[i].val); 1767 } 1768 } 1769 } 1770 1771 /* read RF frequency offset from EEPROM */ 1772 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1773 RT3593_EEPROM_FREQ, &val); 1774 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1775 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1776 1777 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1778 RT3593_EEPROM_FREQ_LEDS, &val); 1779 if (val >> 8 != 0xff) { 1780 /* read LEDs operating mode */ 1781 sc->leds = val >> 8; 1782 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1783 RT3593_EEPROM_LED1, &sc->led[0]); 1784 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1785 RT3593_EEPROM_LED2, &sc->led[1]); 1786 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1787 RT3593_EEPROM_LED3, &sc->led[2]); 1788 } else { 1789 /* broken EEPROM, use default settings */ 1790 sc->leds = 0x01; 1791 sc->led[0] = 0x5555; 1792 sc->led[1] = 0x2221; 1793 sc->led[2] = 0x5627; /* differs from RT2860 */ 1794 } 1795 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1796 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1797 1798 /* read RF information */ 1799 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1800 run_srom_read(sc, 0x00, &val); 1801 else 1802 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1803 1804 if (val == 0xffff) { 1805 device_printf(sc->sc_dev, 1806 "invalid EEPROM antenna info, using default\n"); 1807 DPRINTF("invalid EEPROM antenna info, using default\n"); 1808 if (sc->mac_ver == 0x3572) { 1809 /* default to RF3052 2T2R */ 1810 sc->rf_rev = RT3070_RF_3052; 1811 sc->ntxchains = 2; 1812 sc->nrxchains = 2; 1813 } else if (sc->mac_ver >= 0x3070) { 1814 /* default to RF3020 1T1R */ 1815 sc->rf_rev = RT3070_RF_3020; 1816 sc->ntxchains = 1; 1817 sc->nrxchains = 1; 1818 } else { 1819 /* default to RF2820 1T2R */ 1820 sc->rf_rev = RT2860_RF_2820; 1821 sc->ntxchains = 1; 1822 sc->nrxchains = 2; 1823 } 1824 } else { 1825 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1826 sc->rf_rev = val; 1827 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1828 } else 1829 sc->rf_rev = (val >> 8) & 0xf; 1830 sc->ntxchains = (val >> 4) & 0xf; 1831 sc->nrxchains = val & 0xf; 1832 } 1833 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1834 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1835 1836 /* check if RF supports automatic Tx access gain control */ 1837 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1838 DPRINTF("EEPROM CFG 0x%04x\n", val); 1839 /* check if driver should patch the DAC issue */ 1840 if ((val >> 8) != 0xff) 1841 sc->patch_dac = (val >> 15) & 1; 1842 if ((val & 0xff) != 0xff) { 1843 sc->ext_5ghz_lna = (val >> 3) & 1; 1844 sc->ext_2ghz_lna = (val >> 2) & 1; 1845 /* check if RF supports automatic Tx access gain control */ 1846 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1847 /* check if we have a hardware radio switch */ 1848 sc->rfswitch = val & 1; 1849 } 1850 1851 /* Read Tx power settings. */ 1852 if (sc->mac_ver == 0x3593) 1853 run_rt3593_get_txpower(sc); 1854 else 1855 run_get_txpower(sc); 1856 1857 /* read Tx power compensation for each Tx rate */ 1858 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1859 delta_2ghz = delta_5ghz = 0; 1860 if ((val & 0xff) != 0xff && (val & 0x80)) { 1861 delta_2ghz = val & 0xf; 1862 if (!(val & 0x40)) /* negative number */ 1863 delta_2ghz = -delta_2ghz; 1864 } 1865 val >>= 8; 1866 if ((val & 0xff) != 0xff && (val & 0x80)) { 1867 delta_5ghz = val & 0xf; 1868 if (!(val & 0x40)) /* negative number */ 1869 delta_5ghz = -delta_5ghz; 1870 } 1871 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1872 delta_2ghz, delta_5ghz); 1873 1874 for (ridx = 0; ridx < 5; ridx++) { 1875 uint32_t reg; 1876 1877 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1878 reg = val; 1879 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1880 reg |= (uint32_t)val << 16; 1881 1882 sc->txpow20mhz[ridx] = reg; 1883 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1884 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1885 1886 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1887 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1888 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1889 } 1890 1891 /* Read RSSI offsets and LNA gains from EEPROM. */ 1892 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1893 RT3593_EEPROM_RSSI1_2GHZ, &val); 1894 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1895 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1896 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1897 RT3593_EEPROM_RSSI2_2GHZ, &val); 1898 if (sc->mac_ver >= 0x3070) { 1899 if (sc->mac_ver == 0x3593) { 1900 sc->txmixgain_2ghz = 0; 1901 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1902 } else { 1903 /* 1904 * On RT3070 chips (limited to 2 Rx chains), this ROM 1905 * field contains the Tx mixer gain for the 2GHz band. 1906 */ 1907 if ((val & 0xff) != 0xff) 1908 sc->txmixgain_2ghz = val & 0x7; 1909 } 1910 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1911 } else 1912 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1913 if (sc->mac_ver == 0x3593) 1914 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1915 sc->lna[2] = val >> 8; /* channel group 2 */ 1916 1917 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1918 RT3593_EEPROM_RSSI1_5GHZ, &val); 1919 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1920 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1921 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1922 RT3593_EEPROM_RSSI2_5GHZ, &val); 1923 if (sc->mac_ver == 0x3572) { 1924 /* 1925 * On RT3572 chips (limited to 2 Rx chains), this ROM 1926 * field contains the Tx mixer gain for the 5GHz band. 1927 */ 1928 if ((val & 0xff) != 0xff) 1929 sc->txmixgain_5ghz = val & 0x7; 1930 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1931 } else 1932 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1933 if (sc->mac_ver == 0x3593) { 1934 sc->txmixgain_5ghz = 0; 1935 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1936 } 1937 sc->lna[3] = val >> 8; /* channel group 3 */ 1938 1939 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1940 RT3593_EEPROM_LNA, &val); 1941 sc->lna[0] = val & 0xff; /* channel group 0 */ 1942 sc->lna[1] = val >> 8; /* channel group 1 */ 1943 1944 /* fix broken 5GHz LNA entries */ 1945 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1946 DPRINTF("invalid LNA for channel group %d\n", 2); 1947 sc->lna[2] = sc->lna[1]; 1948 } 1949 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1950 DPRINTF("invalid LNA for channel group %d\n", 3); 1951 sc->lna[3] = sc->lna[1]; 1952 } 1953 1954 /* fix broken RSSI offset entries */ 1955 for (ant = 0; ant < 3; ant++) { 1956 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1957 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1958 ant + 1, sc->rssi_2ghz[ant]); 1959 sc->rssi_2ghz[ant] = 0; 1960 } 1961 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1962 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1963 ant + 1, sc->rssi_5ghz[ant]); 1964 sc->rssi_5ghz[ant] = 0; 1965 } 1966 } 1967 return (0); 1968 } 1969 1970 static struct ieee80211_node * 1971 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1972 { 1973 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1974 } 1975 1976 static int 1977 run_media_change(struct ifnet *ifp) 1978 { 1979 struct ieee80211vap *vap = ifp->if_softc; 1980 struct ieee80211com *ic = vap->iv_ic; 1981 const struct ieee80211_txparam *tp; 1982 struct run_softc *sc = ic->ic_softc; 1983 uint8_t rate, ridx; 1984 int error; 1985 1986 RUN_LOCK(sc); 1987 1988 error = ieee80211_media_change(ifp); 1989 if (error != ENETRESET) { 1990 RUN_UNLOCK(sc); 1991 return (error); 1992 } 1993 1994 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1995 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1996 struct ieee80211_node *ni; 1997 struct run_node *rn; 1998 1999 rate = ic->ic_sup_rates[ic->ic_curmode]. 2000 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2001 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2002 if (rt2860_rates[ridx].rate == rate) 2003 break; 2004 ni = ieee80211_ref_node(vap->iv_bss); 2005 rn = (struct run_node *)ni; 2006 rn->fix_ridx = ridx; 2007 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2008 ieee80211_free_node(ni); 2009 } 2010 2011 #if 0 2012 if ((ifp->if_flags & IFF_UP) && 2013 (ifp->if_drv_flags & RUN_RUNNING)){ 2014 run_init_locked(sc); 2015 } 2016 #endif 2017 2018 RUN_UNLOCK(sc); 2019 2020 return (0); 2021 } 2022 2023 static int 2024 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2025 { 2026 const struct ieee80211_txparam *tp; 2027 struct ieee80211com *ic = vap->iv_ic; 2028 struct run_softc *sc = ic->ic_softc; 2029 struct run_vap *rvp = RUN_VAP(vap); 2030 enum ieee80211_state ostate; 2031 uint32_t sta[3]; 2032 uint32_t tmp; 2033 uint8_t ratectl; 2034 uint8_t restart_ratectl = 0; 2035 uint8_t bid = 1 << rvp->rvp_id; 2036 2037 ostate = vap->iv_state; 2038 DPRINTF("%s -> %s\n", 2039 ieee80211_state_name[ostate], 2040 ieee80211_state_name[nstate]); 2041 2042 IEEE80211_UNLOCK(ic); 2043 RUN_LOCK(sc); 2044 2045 ratectl = sc->ratectl_run; /* remember current state */ 2046 sc->ratectl_run = RUN_RATECTL_OFF; 2047 usb_callout_stop(&sc->ratectl_ch); 2048 2049 if (ostate == IEEE80211_S_RUN) { 2050 /* turn link LED off */ 2051 run_set_leds(sc, RT2860_LED_RADIO); 2052 } 2053 2054 switch (nstate) { 2055 case IEEE80211_S_INIT: 2056 restart_ratectl = 1; 2057 2058 if (ostate != IEEE80211_S_RUN) 2059 break; 2060 2061 ratectl &= ~bid; 2062 sc->runbmap &= ~bid; 2063 2064 /* abort TSF synchronization if there is no vap running */ 2065 if (--sc->running == 0) { 2066 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2067 run_write(sc, RT2860_BCN_TIME_CFG, 2068 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2069 RT2860_TBTT_TIMER_EN)); 2070 } 2071 break; 2072 2073 case IEEE80211_S_RUN: 2074 if (!(sc->runbmap & bid)) { 2075 if(sc->running++) 2076 restart_ratectl = 1; 2077 sc->runbmap |= bid; 2078 } 2079 2080 m_freem(rvp->beacon_mbuf); 2081 rvp->beacon_mbuf = NULL; 2082 2083 switch (vap->iv_opmode) { 2084 case IEEE80211_M_HOSTAP: 2085 case IEEE80211_M_MBSS: 2086 sc->ap_running |= bid; 2087 ic->ic_opmode = vap->iv_opmode; 2088 run_update_beacon_cb(vap); 2089 break; 2090 case IEEE80211_M_IBSS: 2091 sc->adhoc_running |= bid; 2092 if (!sc->ap_running) 2093 ic->ic_opmode = vap->iv_opmode; 2094 run_update_beacon_cb(vap); 2095 break; 2096 case IEEE80211_M_STA: 2097 sc->sta_running |= bid; 2098 if (!sc->ap_running && !sc->adhoc_running) 2099 ic->ic_opmode = vap->iv_opmode; 2100 2101 /* read statistic counters (clear on read) */ 2102 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2103 (uint8_t *)sta, sizeof sta); 2104 2105 break; 2106 default: 2107 ic->ic_opmode = vap->iv_opmode; 2108 break; 2109 } 2110 2111 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2112 struct ieee80211_node *ni; 2113 2114 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2115 RUN_UNLOCK(sc); 2116 IEEE80211_LOCK(ic); 2117 return (-1); 2118 } 2119 run_updateslot(ic); 2120 run_enable_mrr(sc); 2121 run_set_txpreamble(sc); 2122 run_set_basicrates(sc); 2123 ni = ieee80211_ref_node(vap->iv_bss); 2124 IEEE80211_ADDR_COPY(ic->ic_macaddr, ni->ni_bssid); 2125 run_set_bssid(sc, ni->ni_bssid); 2126 ieee80211_free_node(ni); 2127 run_enable_tsf_sync(sc); 2128 2129 /* enable automatic rate adaptation */ 2130 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2131 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2132 ratectl |= bid; 2133 } 2134 2135 /* turn link LED on */ 2136 run_set_leds(sc, RT2860_LED_RADIO | 2137 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2138 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2139 2140 break; 2141 default: 2142 DPRINTFN(6, "undefined case\n"); 2143 break; 2144 } 2145 2146 /* restart amrr for running VAPs */ 2147 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2148 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2149 2150 RUN_UNLOCK(sc); 2151 IEEE80211_LOCK(ic); 2152 2153 return(rvp->newstate(vap, nstate, arg)); 2154 } 2155 2156 /* ARGSUSED */ 2157 static void 2158 run_wme_update_cb(void *arg) 2159 { 2160 struct ieee80211com *ic = arg; 2161 struct run_softc *sc = ic->ic_softc; 2162 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2163 int aci, error = 0; 2164 2165 RUN_LOCK_ASSERT(sc, MA_OWNED); 2166 2167 /* update MAC TX configuration registers */ 2168 for (aci = 0; aci < WME_NUM_AC; aci++) { 2169 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2170 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2171 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2172 wmesp->wme_params[aci].wmep_aifsn << 8 | 2173 wmesp->wme_params[aci].wmep_txopLimit); 2174 if (error) goto err; 2175 } 2176 2177 /* update SCH/DMA registers too */ 2178 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2179 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2180 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2181 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2182 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2183 if (error) goto err; 2184 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2185 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2186 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2187 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2188 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2189 if (error) goto err; 2190 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2191 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2192 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2193 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2194 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2195 if (error) goto err; 2196 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2197 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2198 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2199 if (error) goto err; 2200 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2201 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2202 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2203 2204 err: 2205 if (error) 2206 DPRINTF("WME update failed\n"); 2207 2208 return; 2209 } 2210 2211 static int 2212 run_wme_update(struct ieee80211com *ic) 2213 { 2214 struct run_softc *sc = ic->ic_softc; 2215 2216 /* sometime called wothout lock */ 2217 if (mtx_owned(&ic->ic_comlock.mtx)) { 2218 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2219 DPRINTF("cmdq_store=%d\n", i); 2220 sc->cmdq[i].func = run_wme_update_cb; 2221 sc->cmdq[i].arg0 = ic; 2222 ieee80211_runtask(ic, &sc->cmdq_task); 2223 return (0); 2224 } 2225 2226 RUN_LOCK(sc); 2227 run_wme_update_cb(ic); 2228 RUN_UNLOCK(sc); 2229 2230 /* return whatever, upper layer desn't care anyway */ 2231 return (0); 2232 } 2233 2234 static void 2235 run_key_update_begin(struct ieee80211vap *vap) 2236 { 2237 /* 2238 * To avoid out-of-order events, both run_key_set() and 2239 * _delete() are deferred and handled by run_cmdq_cb(). 2240 * So, there is nothing we need to do here. 2241 */ 2242 } 2243 2244 static void 2245 run_key_update_end(struct ieee80211vap *vap) 2246 { 2247 /* null */ 2248 } 2249 2250 static void 2251 run_key_set_cb(void *arg) 2252 { 2253 struct run_cmdq *cmdq = arg; 2254 struct ieee80211vap *vap = cmdq->arg1; 2255 struct ieee80211_key *k = cmdq->k; 2256 struct ieee80211com *ic = vap->iv_ic; 2257 struct run_softc *sc = ic->ic_softc; 2258 struct ieee80211_node *ni; 2259 uint32_t attr; 2260 uint16_t base, associd; 2261 uint8_t mode, wcid, iv[8]; 2262 2263 RUN_LOCK_ASSERT(sc, MA_OWNED); 2264 2265 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2266 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2267 else 2268 ni = vap->iv_bss; 2269 associd = (ni != NULL) ? ni->ni_associd : 0; 2270 2271 /* map net80211 cipher to RT2860 security mode */ 2272 switch (k->wk_cipher->ic_cipher) { 2273 case IEEE80211_CIPHER_WEP: 2274 if(k->wk_keylen < 8) 2275 mode = RT2860_MODE_WEP40; 2276 else 2277 mode = RT2860_MODE_WEP104; 2278 break; 2279 case IEEE80211_CIPHER_TKIP: 2280 mode = RT2860_MODE_TKIP; 2281 break; 2282 case IEEE80211_CIPHER_AES_CCM: 2283 mode = RT2860_MODE_AES_CCMP; 2284 break; 2285 default: 2286 DPRINTF("undefined case\n"); 2287 return; 2288 } 2289 2290 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2291 associd, k->wk_keyix, mode, 2292 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2293 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2294 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2295 2296 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2297 wcid = 0; /* NB: update WCID0 for group keys */ 2298 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2299 } else { 2300 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2301 1 : RUN_AID2WCID(associd); 2302 base = RT2860_PKEY(wcid); 2303 } 2304 2305 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2306 if(run_write_region_1(sc, base, k->wk_key, 16)) 2307 return; 2308 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2309 return; 2310 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2311 return; 2312 } else { 2313 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2314 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2315 return; 2316 } 2317 2318 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2319 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2320 /* set initial packet number in IV+EIV */ 2321 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2322 memset(iv, 0, sizeof iv); 2323 iv[3] = vap->iv_def_txkey << 6; 2324 } else { 2325 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2326 iv[0] = k->wk_keytsc >> 8; 2327 iv[1] = (iv[0] | 0x20) & 0x7f; 2328 iv[2] = k->wk_keytsc; 2329 } else /* CCMP */ { 2330 iv[0] = k->wk_keytsc; 2331 iv[1] = k->wk_keytsc >> 8; 2332 iv[2] = 0; 2333 } 2334 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2335 iv[4] = k->wk_keytsc >> 16; 2336 iv[5] = k->wk_keytsc >> 24; 2337 iv[6] = k->wk_keytsc >> 32; 2338 iv[7] = k->wk_keytsc >> 40; 2339 } 2340 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2341 return; 2342 } 2343 2344 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2345 /* install group key */ 2346 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2347 return; 2348 attr &= ~(0xf << (k->wk_keyix * 4)); 2349 attr |= mode << (k->wk_keyix * 4); 2350 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2351 return; 2352 } else { 2353 /* install pairwise key */ 2354 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2355 return; 2356 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2357 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2358 return; 2359 } 2360 2361 /* TODO create a pass-thru key entry? */ 2362 2363 /* need wcid to delete the right key later */ 2364 k->wk_pad = wcid; 2365 } 2366 2367 /* 2368 * Don't have to be deferred, but in order to keep order of 2369 * execution, i.e. with run_key_delete(), defer this and let 2370 * run_cmdq_cb() maintain the order. 2371 * 2372 * return 0 on error 2373 */ 2374 static int 2375 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2376 const uint8_t mac[IEEE80211_ADDR_LEN]) 2377 { 2378 struct ieee80211com *ic = vap->iv_ic; 2379 struct run_softc *sc = ic->ic_softc; 2380 uint32_t i; 2381 2382 i = RUN_CMDQ_GET(&sc->cmdq_store); 2383 DPRINTF("cmdq_store=%d\n", i); 2384 sc->cmdq[i].func = run_key_set_cb; 2385 sc->cmdq[i].arg0 = NULL; 2386 sc->cmdq[i].arg1 = vap; 2387 sc->cmdq[i].k = k; 2388 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2389 ieee80211_runtask(ic, &sc->cmdq_task); 2390 2391 /* 2392 * To make sure key will be set when hostapd 2393 * calls iv_key_set() before if_init(). 2394 */ 2395 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2396 RUN_LOCK(sc); 2397 sc->cmdq_key_set = RUN_CMDQ_GO; 2398 RUN_UNLOCK(sc); 2399 } 2400 2401 return (1); 2402 } 2403 2404 /* 2405 * If wlan is destroyed without being brought down i.e. without 2406 * wlan down or wpa_cli terminate, this function is called after 2407 * vap is gone. Don't refer it. 2408 */ 2409 static void 2410 run_key_delete_cb(void *arg) 2411 { 2412 struct run_cmdq *cmdq = arg; 2413 struct run_softc *sc = cmdq->arg1; 2414 struct ieee80211_key *k = &cmdq->key; 2415 uint32_t attr; 2416 uint8_t wcid; 2417 2418 RUN_LOCK_ASSERT(sc, MA_OWNED); 2419 2420 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2421 /* remove group key */ 2422 DPRINTF("removing group key\n"); 2423 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2424 attr &= ~(0xf << (k->wk_keyix * 4)); 2425 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2426 } else { 2427 /* remove pairwise key */ 2428 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2429 /* matching wcid was written to wk_pad in run_key_set() */ 2430 wcid = k->wk_pad; 2431 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2432 attr &= ~0xf; 2433 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2434 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2435 } 2436 2437 k->wk_pad = 0; 2438 } 2439 2440 /* 2441 * return 0 on error 2442 */ 2443 static int 2444 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2445 { 2446 struct ieee80211com *ic = vap->iv_ic; 2447 struct run_softc *sc = ic->ic_softc; 2448 struct ieee80211_key *k0; 2449 uint32_t i; 2450 2451 /* 2452 * When called back, key might be gone. So, make a copy 2453 * of some values need to delete keys before deferring. 2454 * But, because of LOR with node lock, cannot use lock here. 2455 * So, use atomic instead. 2456 */ 2457 i = RUN_CMDQ_GET(&sc->cmdq_store); 2458 DPRINTF("cmdq_store=%d\n", i); 2459 sc->cmdq[i].func = run_key_delete_cb; 2460 sc->cmdq[i].arg0 = NULL; 2461 sc->cmdq[i].arg1 = sc; 2462 k0 = &sc->cmdq[i].key; 2463 k0->wk_flags = k->wk_flags; 2464 k0->wk_keyix = k->wk_keyix; 2465 /* matching wcid was written to wk_pad in run_key_set() */ 2466 k0->wk_pad = k->wk_pad; 2467 ieee80211_runtask(ic, &sc->cmdq_task); 2468 return (1); /* return fake success */ 2469 2470 } 2471 2472 static void 2473 run_ratectl_to(void *arg) 2474 { 2475 struct run_softc *sc = arg; 2476 2477 /* do it in a process context, so it can go sleep */ 2478 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2479 /* next timeout will be rescheduled in the callback task */ 2480 } 2481 2482 /* ARGSUSED */ 2483 static void 2484 run_ratectl_cb(void *arg, int pending) 2485 { 2486 struct run_softc *sc = arg; 2487 struct ieee80211com *ic = &sc->sc_ic; 2488 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2489 2490 if (vap == NULL) 2491 return; 2492 2493 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2494 /* 2495 * run_reset_livelock() doesn't do anything with AMRR, 2496 * but Ralink wants us to call it every 1 sec. So, we 2497 * piggyback here rather than creating another callout. 2498 * Livelock may occur only in HOSTAP or IBSS mode 2499 * (when h/w is sending beacons). 2500 */ 2501 RUN_LOCK(sc); 2502 run_reset_livelock(sc); 2503 /* just in case, there are some stats to drain */ 2504 run_drain_fifo(sc); 2505 RUN_UNLOCK(sc); 2506 } 2507 2508 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2509 2510 RUN_LOCK(sc); 2511 if(sc->ratectl_run != RUN_RATECTL_OFF) 2512 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2513 RUN_UNLOCK(sc); 2514 } 2515 2516 static void 2517 run_drain_fifo(void *arg) 2518 { 2519 struct run_softc *sc = arg; 2520 uint32_t stat; 2521 uint16_t (*wstat)[3]; 2522 uint8_t wcid, mcs, pid; 2523 int8_t retry; 2524 2525 RUN_LOCK_ASSERT(sc, MA_OWNED); 2526 2527 for (;;) { 2528 /* drain Tx status FIFO (maxsize = 16) */ 2529 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2530 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2531 if (!(stat & RT2860_TXQ_VLD)) 2532 break; 2533 2534 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2535 2536 /* if no ACK was requested, no feedback is available */ 2537 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2538 wcid == 0) 2539 continue; 2540 2541 /* 2542 * Even though each stat is Tx-complete-status like format, 2543 * the device can poll stats. Because there is no guarantee 2544 * that the referring node is still around when read the stats. 2545 * So that, if we use ieee80211_ratectl_tx_update(), we will 2546 * have hard time not to refer already freed node. 2547 * 2548 * To eliminate such page faults, we poll stats in softc. 2549 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2550 */ 2551 wstat = &(sc->wcid_stats[wcid]); 2552 (*wstat)[RUN_TXCNT]++; 2553 if (stat & RT2860_TXQ_OK) 2554 (*wstat)[RUN_SUCCESS]++; 2555 else 2556 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2557 /* 2558 * Check if there were retries, ie if the Tx success rate is 2559 * different from the requested rate. Note that it works only 2560 * because we do not allow rate fallback from OFDM to CCK. 2561 */ 2562 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2563 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2564 if ((retry = pid -1 - mcs) > 0) { 2565 (*wstat)[RUN_TXCNT] += retry; 2566 (*wstat)[RUN_RETRY] += retry; 2567 } 2568 } 2569 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2570 2571 sc->fifo_cnt = 0; 2572 } 2573 2574 static void 2575 run_iter_func(void *arg, struct ieee80211_node *ni) 2576 { 2577 struct run_softc *sc = arg; 2578 struct ieee80211vap *vap = ni->ni_vap; 2579 struct run_node *rn = (void *)ni; 2580 union run_stats sta[2]; 2581 uint16_t (*wstat)[3]; 2582 int txcnt, success, retrycnt, error; 2583 2584 RUN_LOCK(sc); 2585 2586 /* Check for special case */ 2587 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2588 ni != vap->iv_bss) 2589 goto fail; 2590 2591 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2592 vap->iv_opmode == IEEE80211_M_STA)) { 2593 /* read statistic counters (clear on read) and update AMRR state */ 2594 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2595 sizeof sta); 2596 if (error != 0) 2597 goto fail; 2598 2599 /* count failed TX as errors */ 2600 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2601 le16toh(sta[0].error.fail)); 2602 2603 retrycnt = le16toh(sta[1].tx.retry); 2604 success = le16toh(sta[1].tx.success); 2605 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2606 2607 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2608 retrycnt, success, le16toh(sta[0].error.fail)); 2609 } else { 2610 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2611 2612 if (wstat == &(sc->wcid_stats[0]) || 2613 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2614 goto fail; 2615 2616 txcnt = (*wstat)[RUN_TXCNT]; 2617 success = (*wstat)[RUN_SUCCESS]; 2618 retrycnt = (*wstat)[RUN_RETRY]; 2619 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2620 retrycnt, txcnt, success); 2621 2622 memset(wstat, 0, sizeof(*wstat)); 2623 } 2624 2625 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2626 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2627 2628 fail: 2629 RUN_UNLOCK(sc); 2630 2631 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2632 } 2633 2634 static void 2635 run_newassoc_cb(void *arg) 2636 { 2637 struct run_cmdq *cmdq = arg; 2638 struct ieee80211_node *ni = cmdq->arg1; 2639 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2640 uint8_t wcid = cmdq->wcid; 2641 2642 RUN_LOCK_ASSERT(sc, MA_OWNED); 2643 2644 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2645 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2646 2647 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2648 } 2649 2650 static void 2651 run_newassoc(struct ieee80211_node *ni, int isnew) 2652 { 2653 struct run_node *rn = (void *)ni; 2654 struct ieee80211_rateset *rs = &ni->ni_rates; 2655 struct ieee80211vap *vap = ni->ni_vap; 2656 struct ieee80211com *ic = vap->iv_ic; 2657 struct run_softc *sc = ic->ic_softc; 2658 uint8_t rate; 2659 uint8_t ridx; 2660 uint8_t wcid; 2661 int i, j; 2662 2663 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2664 1 : RUN_AID2WCID(ni->ni_associd); 2665 2666 if (wcid > RT2870_WCID_MAX) { 2667 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2668 return; 2669 } 2670 2671 /* only interested in true associations */ 2672 if (isnew && ni->ni_associd != 0) { 2673 2674 /* 2675 * This function could is called though timeout function. 2676 * Need to defer. 2677 */ 2678 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2679 DPRINTF("cmdq_store=%d\n", cnt); 2680 sc->cmdq[cnt].func = run_newassoc_cb; 2681 sc->cmdq[cnt].arg0 = NULL; 2682 sc->cmdq[cnt].arg1 = ni; 2683 sc->cmdq[cnt].wcid = wcid; 2684 ieee80211_runtask(ic, &sc->cmdq_task); 2685 } 2686 2687 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2688 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2689 2690 for (i = 0; i < rs->rs_nrates; i++) { 2691 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2692 /* convert 802.11 rate to hardware rate index */ 2693 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2694 if (rt2860_rates[ridx].rate == rate) 2695 break; 2696 rn->ridx[i] = ridx; 2697 /* determine rate of control response frames */ 2698 for (j = i; j >= 0; j--) { 2699 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2700 rt2860_rates[rn->ridx[i]].phy == 2701 rt2860_rates[rn->ridx[j]].phy) 2702 break; 2703 } 2704 if (j >= 0) { 2705 rn->ctl_ridx[i] = rn->ridx[j]; 2706 } else { 2707 /* no basic rate found, use mandatory one */ 2708 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2709 } 2710 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2711 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2712 } 2713 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2714 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2715 if (rt2860_rates[ridx].rate == rate) 2716 break; 2717 rn->mgt_ridx = ridx; 2718 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2719 2720 RUN_LOCK(sc); 2721 if(sc->ratectl_run != RUN_RATECTL_OFF) 2722 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2723 RUN_UNLOCK(sc); 2724 } 2725 2726 /* 2727 * Return the Rx chain with the highest RSSI for a given frame. 2728 */ 2729 static __inline uint8_t 2730 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2731 { 2732 uint8_t rxchain = 0; 2733 2734 if (sc->nrxchains > 1) { 2735 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2736 rxchain = 1; 2737 if (sc->nrxchains > 2) 2738 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2739 rxchain = 2; 2740 } 2741 return (rxchain); 2742 } 2743 2744 static void 2745 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2746 { 2747 struct ieee80211com *ic = &sc->sc_ic; 2748 struct ieee80211_frame *wh; 2749 struct ieee80211_node *ni; 2750 struct rt2870_rxd *rxd; 2751 struct rt2860_rxwi *rxwi; 2752 uint32_t flags; 2753 uint16_t len, rxwisize; 2754 uint8_t ant, rssi; 2755 int8_t nf; 2756 2757 rxwi = mtod(m, struct rt2860_rxwi *); 2758 len = le16toh(rxwi->len) & 0xfff; 2759 rxwisize = sizeof(struct rt2860_rxwi); 2760 if (sc->mac_ver == 0x5592) 2761 rxwisize += sizeof(uint64_t); 2762 else if (sc->mac_ver == 0x3593) 2763 rxwisize += sizeof(uint32_t); 2764 if (__predict_false(len > dmalen)) { 2765 m_freem(m); 2766 counter_u64_add(ic->ic_ierrors, 1); 2767 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2768 return; 2769 } 2770 /* Rx descriptor is located at the end */ 2771 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2772 flags = le32toh(rxd->flags); 2773 2774 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2775 m_freem(m); 2776 counter_u64_add(ic->ic_ierrors, 1); 2777 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2778 return; 2779 } 2780 2781 m->m_data += rxwisize; 2782 m->m_pkthdr.len = m->m_len -= rxwisize; 2783 2784 wh = mtod(m, struct ieee80211_frame *); 2785 2786 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2787 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2788 m->m_flags |= M_WEP; 2789 } 2790 2791 if (flags & RT2860_RX_L2PAD) { 2792 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2793 len += 2; 2794 } 2795 2796 ni = ieee80211_find_rxnode(ic, 2797 mtod(m, struct ieee80211_frame_min *)); 2798 2799 if (__predict_false(flags & RT2860_RX_MICERR)) { 2800 /* report MIC failures to net80211 for TKIP */ 2801 if (ni != NULL) 2802 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2803 rxwi->keyidx); 2804 m_freem(m); 2805 counter_u64_add(ic->ic_ierrors, 1); 2806 DPRINTF("MIC error. Someone is lying.\n"); 2807 return; 2808 } 2809 2810 ant = run_maxrssi_chain(sc, rxwi); 2811 rssi = rxwi->rssi[ant]; 2812 nf = run_rssi2dbm(sc, rssi, ant); 2813 2814 m->m_pkthdr.len = m->m_len = len; 2815 2816 if (ni != NULL) { 2817 (void)ieee80211_input(ni, m, rssi, nf); 2818 ieee80211_free_node(ni); 2819 } else { 2820 (void)ieee80211_input_all(ic, m, rssi, nf); 2821 } 2822 2823 if (__predict_false(ieee80211_radiotap_active(ic))) { 2824 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2825 uint16_t phy; 2826 2827 tap->wr_flags = 0; 2828 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2829 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2830 tap->wr_antsignal = rssi; 2831 tap->wr_antenna = ant; 2832 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2833 tap->wr_rate = 2; /* in case it can't be found below */ 2834 phy = le16toh(rxwi->phy); 2835 switch (phy & RT2860_PHY_MODE) { 2836 case RT2860_PHY_CCK: 2837 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2838 case 0: tap->wr_rate = 2; break; 2839 case 1: tap->wr_rate = 4; break; 2840 case 2: tap->wr_rate = 11; break; 2841 case 3: tap->wr_rate = 22; break; 2842 } 2843 if (phy & RT2860_PHY_SHPRE) 2844 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2845 break; 2846 case RT2860_PHY_OFDM: 2847 switch (phy & RT2860_PHY_MCS) { 2848 case 0: tap->wr_rate = 12; break; 2849 case 1: tap->wr_rate = 18; break; 2850 case 2: tap->wr_rate = 24; break; 2851 case 3: tap->wr_rate = 36; break; 2852 case 4: tap->wr_rate = 48; break; 2853 case 5: tap->wr_rate = 72; break; 2854 case 6: tap->wr_rate = 96; break; 2855 case 7: tap->wr_rate = 108; break; 2856 } 2857 break; 2858 } 2859 } 2860 } 2861 2862 static void 2863 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2864 { 2865 struct run_softc *sc = usbd_xfer_softc(xfer); 2866 struct ieee80211com *ic = &sc->sc_ic; 2867 struct mbuf *m = NULL; 2868 struct mbuf *m0; 2869 uint32_t dmalen; 2870 uint16_t rxwisize; 2871 int xferlen; 2872 2873 rxwisize = sizeof(struct rt2860_rxwi); 2874 if (sc->mac_ver == 0x5592) 2875 rxwisize += sizeof(uint64_t); 2876 else if (sc->mac_ver == 0x3593) 2877 rxwisize += sizeof(uint32_t); 2878 2879 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2880 2881 switch (USB_GET_STATE(xfer)) { 2882 case USB_ST_TRANSFERRED: 2883 2884 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2885 2886 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2887 sizeof(struct rt2870_rxd))) { 2888 DPRINTF("xfer too short %d\n", xferlen); 2889 goto tr_setup; 2890 } 2891 2892 m = sc->rx_m; 2893 sc->rx_m = NULL; 2894 2895 /* FALLTHROUGH */ 2896 case USB_ST_SETUP: 2897 tr_setup: 2898 if (sc->rx_m == NULL) { 2899 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2900 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2901 } 2902 if (sc->rx_m == NULL) { 2903 DPRINTF("could not allocate mbuf - idle with stall\n"); 2904 counter_u64_add(ic->ic_ierrors, 1); 2905 usbd_xfer_set_stall(xfer); 2906 usbd_xfer_set_frames(xfer, 0); 2907 } else { 2908 /* 2909 * Directly loading a mbuf cluster into DMA to 2910 * save some data copying. This works because 2911 * there is only one cluster. 2912 */ 2913 usbd_xfer_set_frame_data(xfer, 0, 2914 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2915 usbd_xfer_set_frames(xfer, 1); 2916 } 2917 usbd_transfer_submit(xfer); 2918 break; 2919 2920 default: /* Error */ 2921 if (error != USB_ERR_CANCELLED) { 2922 /* try to clear stall first */ 2923 usbd_xfer_set_stall(xfer); 2924 if (error == USB_ERR_TIMEOUT) 2925 device_printf(sc->sc_dev, "device timeout\n"); 2926 counter_u64_add(ic->ic_ierrors, 1); 2927 goto tr_setup; 2928 } 2929 if (sc->rx_m != NULL) { 2930 m_freem(sc->rx_m); 2931 sc->rx_m = NULL; 2932 } 2933 break; 2934 } 2935 2936 if (m == NULL) 2937 return; 2938 2939 /* inputting all the frames must be last */ 2940 2941 RUN_UNLOCK(sc); 2942 2943 m->m_pkthdr.len = m->m_len = xferlen; 2944 2945 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2946 for(;;) { 2947 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2948 2949 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2950 ((dmalen & 3) != 0)) { 2951 DPRINTF("bad DMA length %u\n", dmalen); 2952 break; 2953 } 2954 if ((dmalen + 8) > (uint32_t)xferlen) { 2955 DPRINTF("bad DMA length %u > %d\n", 2956 dmalen + 8, xferlen); 2957 break; 2958 } 2959 2960 /* If it is the last one or a single frame, we won't copy. */ 2961 if ((xferlen -= dmalen + 8) <= 8) { 2962 /* trim 32-bit DMA-len header */ 2963 m->m_data += 4; 2964 m->m_pkthdr.len = m->m_len -= 4; 2965 run_rx_frame(sc, m, dmalen); 2966 m = NULL; /* don't free source buffer */ 2967 break; 2968 } 2969 2970 /* copy aggregated frames to another mbuf */ 2971 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2972 if (__predict_false(m0 == NULL)) { 2973 DPRINTF("could not allocate mbuf\n"); 2974 counter_u64_add(ic->ic_ierrors, 1); 2975 break; 2976 } 2977 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2978 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2979 m0->m_pkthdr.len = m0->m_len = 2980 dmalen + sizeof(struct rt2870_rxd); 2981 run_rx_frame(sc, m0, dmalen); 2982 2983 /* update data ptr */ 2984 m->m_data += dmalen + 8; 2985 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2986 } 2987 2988 /* make sure we free the source buffer, if any */ 2989 m_freem(m); 2990 2991 RUN_LOCK(sc); 2992 } 2993 2994 static void 2995 run_tx_free(struct run_endpoint_queue *pq, 2996 struct run_tx_data *data, int txerr) 2997 { 2998 if (data->m != NULL) { 2999 if (data->m->m_flags & M_TXCB) 3000 ieee80211_process_callback(data->ni, data->m, 3001 txerr ? ETIMEDOUT : 0); 3002 m_freem(data->m); 3003 data->m = NULL; 3004 3005 if (data->ni == NULL) { 3006 DPRINTF("no node\n"); 3007 } else { 3008 ieee80211_free_node(data->ni); 3009 data->ni = NULL; 3010 } 3011 } 3012 3013 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3014 pq->tx_nfree++; 3015 } 3016 3017 static void 3018 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3019 { 3020 struct run_softc *sc = usbd_xfer_softc(xfer); 3021 struct ieee80211com *ic = &sc->sc_ic; 3022 struct run_tx_data *data; 3023 struct ieee80211vap *vap = NULL; 3024 struct usb_page_cache *pc; 3025 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3026 struct mbuf *m; 3027 usb_frlength_t size; 3028 int actlen; 3029 int sumlen; 3030 3031 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3032 3033 switch (USB_GET_STATE(xfer)) { 3034 case USB_ST_TRANSFERRED: 3035 DPRINTFN(11, "transfer complete: %d " 3036 "bytes @ index %d\n", actlen, index); 3037 3038 data = usbd_xfer_get_priv(xfer); 3039 run_tx_free(pq, data, 0); 3040 usbd_xfer_set_priv(xfer, NULL); 3041 3042 /* FALLTHROUGH */ 3043 case USB_ST_SETUP: 3044 tr_setup: 3045 data = STAILQ_FIRST(&pq->tx_qh); 3046 if (data == NULL) 3047 break; 3048 3049 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3050 3051 m = data->m; 3052 size = (sc->mac_ver == 0x5592) ? 3053 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3054 if ((m->m_pkthdr.len + 3055 size + 3 + 8) > RUN_MAX_TXSZ) { 3056 DPRINTF("data overflow, %u bytes\n", 3057 m->m_pkthdr.len); 3058 run_tx_free(pq, data, 1); 3059 goto tr_setup; 3060 } 3061 3062 pc = usbd_xfer_get_frame(xfer, 0); 3063 usbd_copy_in(pc, 0, &data->desc, size); 3064 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3065 size += m->m_pkthdr.len; 3066 /* 3067 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3068 * 4-byte padding), and be sure to zero those trailing 3069 * bytes: 3070 */ 3071 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3072 size += ((-size) & 3) + 8; 3073 3074 vap = data->ni->ni_vap; 3075 if (ieee80211_radiotap_active_vap(vap)) { 3076 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3077 struct rt2860_txwi *txwi = 3078 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3079 tap->wt_flags = 0; 3080 tap->wt_rate = rt2860_rates[data->ridx].rate; 3081 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3082 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3083 tap->wt_hwqueue = index; 3084 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3085 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3086 3087 ieee80211_radiotap_tx(vap, m); 3088 } 3089 3090 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3091 m->m_pkthdr.len, size, index); 3092 3093 usbd_xfer_set_frame_len(xfer, 0, size); 3094 usbd_xfer_set_priv(xfer, data); 3095 usbd_transfer_submit(xfer); 3096 run_start(sc); 3097 3098 break; 3099 3100 default: 3101 DPRINTF("USB transfer error, %s\n", 3102 usbd_errstr(error)); 3103 3104 data = usbd_xfer_get_priv(xfer); 3105 3106 if (data != NULL) { 3107 if(data->ni != NULL) 3108 vap = data->ni->ni_vap; 3109 run_tx_free(pq, data, error); 3110 usbd_xfer_set_priv(xfer, NULL); 3111 } 3112 3113 if (vap == NULL) 3114 vap = TAILQ_FIRST(&ic->ic_vaps); 3115 3116 if (error != USB_ERR_CANCELLED) { 3117 if (error == USB_ERR_TIMEOUT) { 3118 device_printf(sc->sc_dev, "device timeout\n"); 3119 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3120 DPRINTF("cmdq_store=%d\n", i); 3121 sc->cmdq[i].func = run_usb_timeout_cb; 3122 sc->cmdq[i].arg0 = vap; 3123 ieee80211_runtask(ic, &sc->cmdq_task); 3124 } 3125 3126 /* 3127 * Try to clear stall first, also if other 3128 * errors occur, hence clearing stall 3129 * introduces a 50 ms delay: 3130 */ 3131 usbd_xfer_set_stall(xfer); 3132 goto tr_setup; 3133 } 3134 break; 3135 } 3136 } 3137 3138 static void 3139 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3140 { 3141 run_bulk_tx_callbackN(xfer, error, 0); 3142 } 3143 3144 static void 3145 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3146 { 3147 run_bulk_tx_callbackN(xfer, error, 1); 3148 } 3149 3150 static void 3151 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3152 { 3153 run_bulk_tx_callbackN(xfer, error, 2); 3154 } 3155 3156 static void 3157 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3158 { 3159 run_bulk_tx_callbackN(xfer, error, 3); 3160 } 3161 3162 static void 3163 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3164 { 3165 run_bulk_tx_callbackN(xfer, error, 4); 3166 } 3167 3168 static void 3169 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3170 { 3171 run_bulk_tx_callbackN(xfer, error, 5); 3172 } 3173 3174 static void 3175 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3176 { 3177 struct mbuf *m = data->m; 3178 struct ieee80211com *ic = &sc->sc_ic; 3179 struct ieee80211vap *vap = data->ni->ni_vap; 3180 struct ieee80211_frame *wh; 3181 struct rt2870_txd *txd; 3182 struct rt2860_txwi *txwi; 3183 uint16_t xferlen, txwisize; 3184 uint16_t mcs; 3185 uint8_t ridx = data->ridx; 3186 uint8_t pad; 3187 3188 /* get MCS code from rate index */ 3189 mcs = rt2860_rates[ridx].mcs; 3190 3191 txwisize = (sc->mac_ver == 0x5592) ? 3192 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3193 xferlen = txwisize + m->m_pkthdr.len; 3194 3195 /* roundup to 32-bit alignment */ 3196 xferlen = (xferlen + 3) & ~3; 3197 3198 txd = (struct rt2870_txd *)&data->desc; 3199 txd->len = htole16(xferlen); 3200 3201 wh = mtod(m, struct ieee80211_frame *); 3202 3203 /* 3204 * Ether both are true or both are false, the header 3205 * are nicely aligned to 32-bit. So, no L2 padding. 3206 */ 3207 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3208 pad = 0; 3209 else 3210 pad = 2; 3211 3212 /* setup TX Wireless Information */ 3213 txwi = (struct rt2860_txwi *)(txd + 1); 3214 txwi->len = htole16(m->m_pkthdr.len - pad); 3215 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3216 mcs |= RT2860_PHY_CCK; 3217 if (ridx != RT2860_RIDX_CCK1 && 3218 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3219 mcs |= RT2860_PHY_SHPRE; 3220 } else 3221 mcs |= RT2860_PHY_OFDM; 3222 txwi->phy = htole16(mcs); 3223 3224 /* check if RTS/CTS or CTS-to-self protection is required */ 3225 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3226 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3227 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3228 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3229 txwi->txop |= RT2860_TX_TXOP_HT; 3230 else 3231 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3232 3233 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3234 txwi->xflags |= RT2860_TX_NSEQ; 3235 } 3236 3237 /* This function must be called locked */ 3238 static int 3239 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3240 { 3241 struct ieee80211com *ic = &sc->sc_ic; 3242 struct ieee80211vap *vap = ni->ni_vap; 3243 struct ieee80211_frame *wh; 3244 struct ieee80211_channel *chan; 3245 const struct ieee80211_txparam *tp; 3246 struct run_node *rn = (void *)ni; 3247 struct run_tx_data *data; 3248 struct rt2870_txd *txd; 3249 struct rt2860_txwi *txwi; 3250 uint16_t qos; 3251 uint16_t dur; 3252 uint16_t qid; 3253 uint8_t type; 3254 uint8_t tid; 3255 uint8_t ridx; 3256 uint8_t ctl_ridx; 3257 uint8_t qflags; 3258 uint8_t xflags = 0; 3259 int hasqos; 3260 3261 RUN_LOCK_ASSERT(sc, MA_OWNED); 3262 3263 wh = mtod(m, struct ieee80211_frame *); 3264 3265 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3266 3267 /* 3268 * There are 7 bulk endpoints: 1 for RX 3269 * and 6 for TX (4 EDCAs + HCCA + Prio). 3270 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3271 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3272 */ 3273 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3274 uint8_t *frm; 3275 3276 if(IEEE80211_HAS_ADDR4(wh)) 3277 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3278 else 3279 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3280 3281 qos = le16toh(*(const uint16_t *)frm); 3282 tid = qos & IEEE80211_QOS_TID; 3283 qid = TID_TO_WME_AC(tid); 3284 } else { 3285 qos = 0; 3286 tid = 0; 3287 qid = WME_AC_BE; 3288 } 3289 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3290 3291 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3292 qos, qid, tid, qflags); 3293 3294 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3295 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3296 3297 /* pickup a rate index */ 3298 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3299 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3300 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3301 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3302 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3303 } else { 3304 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3305 ridx = rn->fix_ridx; 3306 else 3307 ridx = rn->amrr_ridx; 3308 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3309 } 3310 3311 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3312 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3313 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3314 xflags |= RT2860_TX_ACK; 3315 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3316 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3317 else 3318 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3319 USETW(wh->i_dur, dur); 3320 } 3321 3322 /* reserve slots for mgmt packets, just in case */ 3323 if (sc->sc_epq[qid].tx_nfree < 3) { 3324 DPRINTFN(10, "tx ring %d is full\n", qid); 3325 return (-1); 3326 } 3327 3328 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3329 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3330 sc->sc_epq[qid].tx_nfree--; 3331 3332 txd = (struct rt2870_txd *)&data->desc; 3333 txd->flags = qflags; 3334 txwi = (struct rt2860_txwi *)(txd + 1); 3335 txwi->xflags = xflags; 3336 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3337 txwi->wcid = 0; 3338 else 3339 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3340 1 : RUN_AID2WCID(ni->ni_associd); 3341 3342 /* clear leftover garbage bits */ 3343 txwi->flags = 0; 3344 txwi->txop = 0; 3345 3346 data->m = m; 3347 data->ni = ni; 3348 data->ridx = ridx; 3349 3350 run_set_tx_desc(sc, data); 3351 3352 /* 3353 * The chip keeps track of 2 kind of Tx stats, 3354 * * TX_STAT_FIFO, for per WCID stats, and 3355 * * TX_STA_CNT0 for all-TX-in-one stats. 3356 * 3357 * To use FIFO stats, we need to store MCS into the driver-private 3358 * PacketID field. So that, we can tell whose stats when we read them. 3359 * We add 1 to the MCS because setting the PacketID field to 0 means 3360 * that we don't want feedback in TX_STAT_FIFO. 3361 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3362 * 3363 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3364 */ 3365 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3366 vap->iv_opmode == IEEE80211_M_MBSS) { 3367 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3368 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3369 3370 /* 3371 * Unlike PCI based devices, we don't get any interrupt from 3372 * USB devices, so we simulate FIFO-is-full interrupt here. 3373 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3374 * quickly get fulled. To prevent overflow, increment a counter on 3375 * every FIFO stat request, so we know how many slots are left. 3376 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3377 * are used only in those modes. 3378 * We just drain stats. AMRR gets updated every 1 sec by 3379 * run_ratectl_cb() via callout. 3380 * Call it early. Otherwise overflow. 3381 */ 3382 if (sc->fifo_cnt++ == 10) { 3383 /* 3384 * With multiple vaps or if_bridge, if_start() is called 3385 * with a non-sleepable lock, tcpinp. So, need to defer. 3386 */ 3387 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3388 DPRINTFN(6, "cmdq_store=%d\n", i); 3389 sc->cmdq[i].func = run_drain_fifo; 3390 sc->cmdq[i].arg0 = sc; 3391 ieee80211_runtask(ic, &sc->cmdq_task); 3392 } 3393 } 3394 3395 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3396 3397 usbd_transfer_start(sc->sc_xfer[qid]); 3398 3399 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3400 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3401 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3402 3403 return (0); 3404 } 3405 3406 static int 3407 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3408 { 3409 struct ieee80211com *ic = &sc->sc_ic; 3410 struct run_node *rn = (void *)ni; 3411 struct run_tx_data *data; 3412 struct ieee80211_frame *wh; 3413 struct rt2870_txd *txd; 3414 struct rt2860_txwi *txwi; 3415 uint16_t dur; 3416 uint8_t ridx = rn->mgt_ridx; 3417 uint8_t type; 3418 uint8_t xflags = 0; 3419 uint8_t wflags = 0; 3420 3421 RUN_LOCK_ASSERT(sc, MA_OWNED); 3422 3423 wh = mtod(m, struct ieee80211_frame *); 3424 3425 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3426 3427 /* tell hardware to add timestamp for probe responses */ 3428 if ((wh->i_fc[0] & 3429 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3430 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3431 wflags |= RT2860_TX_TS; 3432 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3433 xflags |= RT2860_TX_ACK; 3434 3435 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3436 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3437 USETW(wh->i_dur, dur); 3438 } 3439 3440 if (sc->sc_epq[0].tx_nfree == 0) 3441 /* let caller free mbuf */ 3442 return (EIO); 3443 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3444 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3445 sc->sc_epq[0].tx_nfree--; 3446 3447 txd = (struct rt2870_txd *)&data->desc; 3448 txd->flags = RT2860_TX_QSEL_EDCA; 3449 txwi = (struct rt2860_txwi *)(txd + 1); 3450 txwi->wcid = 0xff; 3451 txwi->flags = wflags; 3452 txwi->xflags = xflags; 3453 txwi->txop = 0; /* clear leftover garbage bits */ 3454 3455 data->m = m; 3456 data->ni = ni; 3457 data->ridx = ridx; 3458 3459 run_set_tx_desc(sc, data); 3460 3461 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3462 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3463 rt2860_rates[ridx].rate); 3464 3465 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3466 3467 usbd_transfer_start(sc->sc_xfer[0]); 3468 3469 return (0); 3470 } 3471 3472 static int 3473 run_sendprot(struct run_softc *sc, 3474 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3475 { 3476 struct ieee80211com *ic = ni->ni_ic; 3477 struct ieee80211_frame *wh; 3478 struct run_tx_data *data; 3479 struct rt2870_txd *txd; 3480 struct rt2860_txwi *txwi; 3481 struct mbuf *mprot; 3482 int ridx; 3483 int protrate; 3484 int ackrate; 3485 int pktlen; 3486 int isshort; 3487 uint16_t dur; 3488 uint8_t type; 3489 uint8_t wflags = 0; 3490 uint8_t xflags = 0; 3491 3492 RUN_LOCK_ASSERT(sc, MA_OWNED); 3493 3494 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3495 ("protection %d", prot)); 3496 3497 wh = mtod(m, struct ieee80211_frame *); 3498 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3499 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3500 3501 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3502 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3503 3504 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3505 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3506 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3507 wflags = RT2860_TX_FRAG; 3508 3509 /* check that there are free slots before allocating the mbuf */ 3510 if (sc->sc_epq[0].tx_nfree == 0) 3511 /* let caller free mbuf */ 3512 return (ENOBUFS); 3513 3514 if (prot == IEEE80211_PROT_RTSCTS) { 3515 /* NB: CTS is the same size as an ACK */ 3516 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3517 xflags |= RT2860_TX_ACK; 3518 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3519 } else { 3520 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3521 } 3522 if (mprot == NULL) { 3523 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3524 DPRINTF("could not allocate mbuf\n"); 3525 return (ENOBUFS); 3526 } 3527 3528 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3529 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3530 sc->sc_epq[0].tx_nfree--; 3531 3532 txd = (struct rt2870_txd *)&data->desc; 3533 txd->flags = RT2860_TX_QSEL_EDCA; 3534 txwi = (struct rt2860_txwi *)(txd + 1); 3535 txwi->wcid = 0xff; 3536 txwi->flags = wflags; 3537 txwi->xflags = xflags; 3538 txwi->txop = 0; /* clear leftover garbage bits */ 3539 3540 data->m = mprot; 3541 data->ni = ieee80211_ref_node(ni); 3542 3543 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3544 if (rt2860_rates[ridx].rate == protrate) 3545 break; 3546 data->ridx = ridx; 3547 3548 run_set_tx_desc(sc, data); 3549 3550 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3551 m->m_pkthdr.len, rate); 3552 3553 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3554 3555 usbd_transfer_start(sc->sc_xfer[0]); 3556 3557 return (0); 3558 } 3559 3560 static int 3561 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3562 const struct ieee80211_bpf_params *params) 3563 { 3564 struct ieee80211com *ic = ni->ni_ic; 3565 struct ieee80211_frame *wh; 3566 struct run_tx_data *data; 3567 struct rt2870_txd *txd; 3568 struct rt2860_txwi *txwi; 3569 uint8_t type; 3570 uint8_t ridx; 3571 uint8_t rate; 3572 uint8_t opflags = 0; 3573 uint8_t xflags = 0; 3574 int error; 3575 3576 RUN_LOCK_ASSERT(sc, MA_OWNED); 3577 3578 KASSERT(params != NULL, ("no raw xmit params")); 3579 3580 wh = mtod(m, struct ieee80211_frame *); 3581 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3582 3583 rate = params->ibp_rate0; 3584 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3585 /* let caller free mbuf */ 3586 return (EINVAL); 3587 } 3588 3589 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3590 xflags |= RT2860_TX_ACK; 3591 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3592 error = run_sendprot(sc, m, ni, 3593 params->ibp_flags & IEEE80211_BPF_RTS ? 3594 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3595 rate); 3596 if (error) { 3597 /* let caller free mbuf */ 3598 return error; 3599 } 3600 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3601 } 3602 3603 if (sc->sc_epq[0].tx_nfree == 0) { 3604 /* let caller free mbuf */ 3605 DPRINTF("sending raw frame, but tx ring is full\n"); 3606 return (EIO); 3607 } 3608 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3609 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3610 sc->sc_epq[0].tx_nfree--; 3611 3612 txd = (struct rt2870_txd *)&data->desc; 3613 txd->flags = RT2860_TX_QSEL_EDCA; 3614 txwi = (struct rt2860_txwi *)(txd + 1); 3615 txwi->wcid = 0xff; 3616 txwi->xflags = xflags; 3617 txwi->txop = opflags; 3618 txwi->flags = 0; /* clear leftover garbage bits */ 3619 3620 data->m = m; 3621 data->ni = ni; 3622 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3623 if (rt2860_rates[ridx].rate == rate) 3624 break; 3625 data->ridx = ridx; 3626 3627 run_set_tx_desc(sc, data); 3628 3629 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3630 m->m_pkthdr.len, rate); 3631 3632 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3633 3634 usbd_transfer_start(sc->sc_xfer[0]); 3635 3636 return (0); 3637 } 3638 3639 static int 3640 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3641 const struct ieee80211_bpf_params *params) 3642 { 3643 struct run_softc *sc = ni->ni_ic->ic_softc; 3644 int error = 0; 3645 3646 RUN_LOCK(sc); 3647 3648 /* prevent management frames from being sent if we're not ready */ 3649 if (!(sc->sc_flags & RUN_RUNNING)) { 3650 error = ENETDOWN; 3651 goto done; 3652 } 3653 3654 if (params == NULL) { 3655 /* tx mgt packet */ 3656 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3657 DPRINTF("mgt tx failed\n"); 3658 goto done; 3659 } 3660 } else { 3661 /* tx raw packet with param */ 3662 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3663 DPRINTF("tx with param failed\n"); 3664 goto done; 3665 } 3666 } 3667 3668 done: 3669 RUN_UNLOCK(sc); 3670 3671 if (error != 0) { 3672 if(m != NULL) 3673 m_freem(m); 3674 ieee80211_free_node(ni); 3675 } 3676 3677 return (error); 3678 } 3679 3680 static int 3681 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3682 { 3683 struct run_softc *sc = ic->ic_softc; 3684 int error; 3685 3686 RUN_LOCK(sc); 3687 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3688 RUN_UNLOCK(sc); 3689 return (ENXIO); 3690 } 3691 error = mbufq_enqueue(&sc->sc_snd, m); 3692 if (error) { 3693 RUN_UNLOCK(sc); 3694 return (error); 3695 } 3696 run_start(sc); 3697 RUN_UNLOCK(sc); 3698 3699 return (0); 3700 } 3701 3702 static void 3703 run_start(struct run_softc *sc) 3704 { 3705 struct ieee80211_node *ni; 3706 struct mbuf *m; 3707 3708 RUN_LOCK_ASSERT(sc, MA_OWNED); 3709 3710 if ((sc->sc_flags & RUN_RUNNING) == 0) 3711 return; 3712 3713 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3714 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3715 if (run_tx(sc, m, ni) != 0) { 3716 mbufq_prepend(&sc->sc_snd, m); 3717 break; 3718 } 3719 } 3720 } 3721 3722 static void 3723 run_parent(struct ieee80211com *ic) 3724 { 3725 struct run_softc *sc = ic->ic_softc; 3726 int startall = 0; 3727 3728 RUN_LOCK(sc); 3729 if (sc->sc_detached) { 3730 RUN_UNLOCK(sc); 3731 return; 3732 } 3733 3734 if (ic->ic_nrunning > 0) { 3735 if (!(sc->sc_flags & RUN_RUNNING)) { 3736 startall = 1; 3737 run_init_locked(sc); 3738 } else 3739 run_update_promisc_locked(sc); 3740 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3741 run_stop(sc); 3742 RUN_UNLOCK(sc); 3743 if (startall) 3744 ieee80211_start_all(ic); 3745 } 3746 3747 static void 3748 run_iq_calib(struct run_softc *sc, u_int chan) 3749 { 3750 uint16_t val; 3751 3752 /* Tx0 IQ gain. */ 3753 run_bbp_write(sc, 158, 0x2c); 3754 if (chan <= 14) 3755 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3756 else if (chan <= 64) { 3757 run_efuse_read(sc, 3758 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3759 &val, 1); 3760 } else if (chan <= 138) { 3761 run_efuse_read(sc, 3762 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3763 &val, 1); 3764 } else if (chan <= 165) { 3765 run_efuse_read(sc, 3766 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3767 &val, 1); 3768 } else 3769 val = 0; 3770 run_bbp_write(sc, 159, val); 3771 3772 /* Tx0 IQ phase. */ 3773 run_bbp_write(sc, 158, 0x2d); 3774 if (chan <= 14) { 3775 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3776 &val, 1); 3777 } else if (chan <= 64) { 3778 run_efuse_read(sc, 3779 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3780 &val, 1); 3781 } else if (chan <= 138) { 3782 run_efuse_read(sc, 3783 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3784 &val, 1); 3785 } else if (chan <= 165) { 3786 run_efuse_read(sc, 3787 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3788 &val, 1); 3789 } else 3790 val = 0; 3791 run_bbp_write(sc, 159, val); 3792 3793 /* Tx1 IQ gain. */ 3794 run_bbp_write(sc, 158, 0x4a); 3795 if (chan <= 14) { 3796 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3797 &val, 1); 3798 } else if (chan <= 64) { 3799 run_efuse_read(sc, 3800 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3801 &val, 1); 3802 } else if (chan <= 138) { 3803 run_efuse_read(sc, 3804 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3805 &val, 1); 3806 } else if (chan <= 165) { 3807 run_efuse_read(sc, 3808 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3809 &val, 1); 3810 } else 3811 val = 0; 3812 run_bbp_write(sc, 159, val); 3813 3814 /* Tx1 IQ phase. */ 3815 run_bbp_write(sc, 158, 0x4b); 3816 if (chan <= 14) { 3817 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3818 &val, 1); 3819 } else if (chan <= 64) { 3820 run_efuse_read(sc, 3821 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3822 &val, 1); 3823 } else if (chan <= 138) { 3824 run_efuse_read(sc, 3825 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3826 &val, 1); 3827 } else if (chan <= 165) { 3828 run_efuse_read(sc, 3829 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3830 &val, 1); 3831 } else 3832 val = 0; 3833 run_bbp_write(sc, 159, val); 3834 3835 /* RF IQ compensation control. */ 3836 run_bbp_write(sc, 158, 0x04); 3837 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3838 &val, 1); 3839 run_bbp_write(sc, 159, val); 3840 3841 /* RF IQ imbalance compensation control. */ 3842 run_bbp_write(sc, 158, 0x03); 3843 run_efuse_read(sc, 3844 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3845 run_bbp_write(sc, 159, val); 3846 } 3847 3848 static void 3849 run_set_agc(struct run_softc *sc, uint8_t agc) 3850 { 3851 uint8_t bbp; 3852 3853 if (sc->mac_ver == 0x3572) { 3854 run_bbp_read(sc, 27, &bbp); 3855 bbp &= ~(0x3 << 5); 3856 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3857 run_bbp_write(sc, 66, agc); 3858 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3859 run_bbp_write(sc, 66, agc); 3860 } else 3861 run_bbp_write(sc, 66, agc); 3862 } 3863 3864 static void 3865 run_select_chan_group(struct run_softc *sc, int group) 3866 { 3867 uint32_t tmp; 3868 uint8_t agc; 3869 3870 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3871 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3872 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3873 if (sc->mac_ver < 0x3572) 3874 run_bbp_write(sc, 86, 0x00); 3875 3876 if (sc->mac_ver == 0x3593) { 3877 run_bbp_write(sc, 77, 0x98); 3878 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3879 } 3880 3881 if (group == 0) { 3882 if (sc->ext_2ghz_lna) { 3883 if (sc->mac_ver >= 0x5390) 3884 run_bbp_write(sc, 75, 0x52); 3885 else { 3886 run_bbp_write(sc, 82, 0x62); 3887 run_bbp_write(sc, 75, 0x46); 3888 } 3889 } else { 3890 if (sc->mac_ver == 0x5592) { 3891 run_bbp_write(sc, 79, 0x1c); 3892 run_bbp_write(sc, 80, 0x0e); 3893 run_bbp_write(sc, 81, 0x3a); 3894 run_bbp_write(sc, 82, 0x62); 3895 3896 run_bbp_write(sc, 195, 0x80); 3897 run_bbp_write(sc, 196, 0xe0); 3898 run_bbp_write(sc, 195, 0x81); 3899 run_bbp_write(sc, 196, 0x1f); 3900 run_bbp_write(sc, 195, 0x82); 3901 run_bbp_write(sc, 196, 0x38); 3902 run_bbp_write(sc, 195, 0x83); 3903 run_bbp_write(sc, 196, 0x32); 3904 run_bbp_write(sc, 195, 0x85); 3905 run_bbp_write(sc, 196, 0x28); 3906 run_bbp_write(sc, 195, 0x86); 3907 run_bbp_write(sc, 196, 0x19); 3908 } else if (sc->mac_ver >= 0x5390) 3909 run_bbp_write(sc, 75, 0x50); 3910 else { 3911 run_bbp_write(sc, 82, 3912 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3913 run_bbp_write(sc, 75, 0x50); 3914 } 3915 } 3916 } else { 3917 if (sc->mac_ver == 0x5592) { 3918 run_bbp_write(sc, 79, 0x18); 3919 run_bbp_write(sc, 80, 0x08); 3920 run_bbp_write(sc, 81, 0x38); 3921 run_bbp_write(sc, 82, 0x92); 3922 3923 run_bbp_write(sc, 195, 0x80); 3924 run_bbp_write(sc, 196, 0xf0); 3925 run_bbp_write(sc, 195, 0x81); 3926 run_bbp_write(sc, 196, 0x1e); 3927 run_bbp_write(sc, 195, 0x82); 3928 run_bbp_write(sc, 196, 0x28); 3929 run_bbp_write(sc, 195, 0x83); 3930 run_bbp_write(sc, 196, 0x20); 3931 run_bbp_write(sc, 195, 0x85); 3932 run_bbp_write(sc, 196, 0x7f); 3933 run_bbp_write(sc, 195, 0x86); 3934 run_bbp_write(sc, 196, 0x7f); 3935 } else if (sc->mac_ver == 0x3572) 3936 run_bbp_write(sc, 82, 0x94); 3937 else 3938 run_bbp_write(sc, 82, 3939 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3940 if (sc->ext_5ghz_lna) 3941 run_bbp_write(sc, 75, 0x46); 3942 else 3943 run_bbp_write(sc, 75, 0x50); 3944 } 3945 3946 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3947 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3948 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3949 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3950 3951 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3952 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3953 if (sc->mac_ver == 0x3593) 3954 tmp |= 1 << 29 | 1 << 28; 3955 if (sc->nrxchains > 1) 3956 tmp |= RT2860_LNA_PE1_EN; 3957 if (group == 0) { /* 2GHz */ 3958 tmp |= RT2860_PA_PE_G0_EN; 3959 if (sc->ntxchains > 1) 3960 tmp |= RT2860_PA_PE_G1_EN; 3961 if (sc->mac_ver == 0x3593) { 3962 if (sc->ntxchains > 2) 3963 tmp |= 1 << 25; 3964 } 3965 } else { /* 5GHz */ 3966 tmp |= RT2860_PA_PE_A0_EN; 3967 if (sc->ntxchains > 1) 3968 tmp |= RT2860_PA_PE_A1_EN; 3969 } 3970 if (sc->mac_ver == 0x3572) { 3971 run_rt3070_rf_write(sc, 8, 0x00); 3972 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3973 run_rt3070_rf_write(sc, 8, 0x80); 3974 } else 3975 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3976 3977 if (sc->mac_ver == 0x5592) { 3978 run_bbp_write(sc, 195, 0x8d); 3979 run_bbp_write(sc, 196, 0x1a); 3980 } 3981 3982 if (sc->mac_ver == 0x3593) { 3983 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3984 tmp &= ~0x01010000; 3985 if (group == 0) 3986 tmp |= 0x00010000; 3987 tmp = (tmp & ~0x00009090) | 0x00000090; 3988 run_write(sc, RT2860_GPIO_CTRL, tmp); 3989 } 3990 3991 /* set initial AGC value */ 3992 if (group == 0) { /* 2GHz band */ 3993 if (sc->mac_ver >= 0x3070) 3994 agc = 0x1c + sc->lna[0] * 2; 3995 else 3996 agc = 0x2e + sc->lna[0]; 3997 } else { /* 5GHz band */ 3998 if (sc->mac_ver == 0x5592) 3999 agc = 0x24 + sc->lna[group] * 2; 4000 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4001 agc = 0x22 + (sc->lna[group] * 5) / 3; 4002 else 4003 agc = 0x32 + (sc->lna[group] * 5) / 3; 4004 } 4005 run_set_agc(sc, agc); 4006 } 4007 4008 static void 4009 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4010 { 4011 const struct rfprog *rfprog = rt2860_rf2850; 4012 uint32_t r2, r3, r4; 4013 int8_t txpow1, txpow2; 4014 int i; 4015 4016 /* find the settings for this channel (we know it exists) */ 4017 for (i = 0; rfprog[i].chan != chan; i++); 4018 4019 r2 = rfprog[i].r2; 4020 if (sc->ntxchains == 1) 4021 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4022 if (sc->nrxchains == 1) 4023 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4024 else if (sc->nrxchains == 2) 4025 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4026 4027 /* use Tx power values from EEPROM */ 4028 txpow1 = sc->txpow1[i]; 4029 txpow2 = sc->txpow2[i]; 4030 4031 /* Initialize RF R3 and R4. */ 4032 r3 = rfprog[i].r3 & 0xffffc1ff; 4033 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4034 if (chan > 14) { 4035 if (txpow1 >= 0) { 4036 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4037 r3 |= (txpow1 << 10) | (1 << 9); 4038 } else { 4039 txpow1 += 7; 4040 4041 /* txpow1 is not possible larger than 15. */ 4042 r3 |= (txpow1 << 10); 4043 } 4044 if (txpow2 >= 0) { 4045 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4046 r4 |= (txpow2 << 7) | (1 << 6); 4047 } else { 4048 txpow2 += 7; 4049 r4 |= (txpow2 << 7); 4050 } 4051 } else { 4052 /* Set Tx0 power. */ 4053 r3 |= (txpow1 << 9); 4054 4055 /* Set frequency offset and Tx1 power. */ 4056 r4 |= (txpow2 << 6); 4057 } 4058 4059 run_rt2870_rf_write(sc, rfprog[i].r1); 4060 run_rt2870_rf_write(sc, r2); 4061 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4062 run_rt2870_rf_write(sc, r4); 4063 4064 run_delay(sc, 10); 4065 4066 run_rt2870_rf_write(sc, rfprog[i].r1); 4067 run_rt2870_rf_write(sc, r2); 4068 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4069 run_rt2870_rf_write(sc, r4); 4070 4071 run_delay(sc, 10); 4072 4073 run_rt2870_rf_write(sc, rfprog[i].r1); 4074 run_rt2870_rf_write(sc, r2); 4075 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4076 run_rt2870_rf_write(sc, r4); 4077 } 4078 4079 static void 4080 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4081 { 4082 int8_t txpow1, txpow2; 4083 uint8_t rf; 4084 int i; 4085 4086 /* find the settings for this channel (we know it exists) */ 4087 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4088 4089 /* use Tx power values from EEPROM */ 4090 txpow1 = sc->txpow1[i]; 4091 txpow2 = sc->txpow2[i]; 4092 4093 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4094 4095 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4096 run_rt3070_rf_read(sc, 3, &rf); 4097 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4098 run_rt3070_rf_write(sc, 3, rf); 4099 4100 run_rt3070_rf_read(sc, 6, &rf); 4101 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4102 run_rt3070_rf_write(sc, 6, rf); 4103 4104 /* set Tx0 power */ 4105 run_rt3070_rf_read(sc, 12, &rf); 4106 rf = (rf & ~0x1f) | txpow1; 4107 run_rt3070_rf_write(sc, 12, rf); 4108 4109 /* set Tx1 power */ 4110 run_rt3070_rf_read(sc, 13, &rf); 4111 rf = (rf & ~0x1f) | txpow2; 4112 run_rt3070_rf_write(sc, 13, rf); 4113 4114 run_rt3070_rf_read(sc, 1, &rf); 4115 rf &= ~0xfc; 4116 if (sc->ntxchains == 1) 4117 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4118 else if (sc->ntxchains == 2) 4119 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4120 if (sc->nrxchains == 1) 4121 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4122 else if (sc->nrxchains == 2) 4123 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4124 run_rt3070_rf_write(sc, 1, rf); 4125 4126 /* set RF offset */ 4127 run_rt3070_rf_read(sc, 23, &rf); 4128 rf = (rf & ~0x7f) | sc->freq; 4129 run_rt3070_rf_write(sc, 23, rf); 4130 4131 /* program RF filter */ 4132 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4133 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4134 run_rt3070_rf_write(sc, 24, rf); 4135 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4136 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4137 run_rt3070_rf_write(sc, 31, rf); 4138 4139 /* enable RF tuning */ 4140 run_rt3070_rf_read(sc, 7, &rf); 4141 run_rt3070_rf_write(sc, 7, rf | 0x01); 4142 } 4143 4144 static void 4145 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4146 { 4147 int8_t txpow1, txpow2; 4148 uint32_t tmp; 4149 uint8_t rf; 4150 int i; 4151 4152 /* find the settings for this channel (we know it exists) */ 4153 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4154 4155 /* use Tx power values from EEPROM */ 4156 txpow1 = sc->txpow1[i]; 4157 txpow2 = sc->txpow2[i]; 4158 4159 if (chan <= 14) { 4160 run_bbp_write(sc, 25, sc->bbp25); 4161 run_bbp_write(sc, 26, sc->bbp26); 4162 } else { 4163 /* enable IQ phase correction */ 4164 run_bbp_write(sc, 25, 0x09); 4165 run_bbp_write(sc, 26, 0xff); 4166 } 4167 4168 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4169 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4170 run_rt3070_rf_read(sc, 6, &rf); 4171 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4172 rf |= (chan <= 14) ? 0x08 : 0x04; 4173 run_rt3070_rf_write(sc, 6, rf); 4174 4175 /* set PLL mode */ 4176 run_rt3070_rf_read(sc, 5, &rf); 4177 rf &= ~(0x08 | 0x04); 4178 rf |= (chan <= 14) ? 0x04 : 0x08; 4179 run_rt3070_rf_write(sc, 5, rf); 4180 4181 /* set Tx power for chain 0 */ 4182 if (chan <= 14) 4183 rf = 0x60 | txpow1; 4184 else 4185 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4186 run_rt3070_rf_write(sc, 12, rf); 4187 4188 /* set Tx power for chain 1 */ 4189 if (chan <= 14) 4190 rf = 0x60 | txpow2; 4191 else 4192 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4193 run_rt3070_rf_write(sc, 13, rf); 4194 4195 /* set Tx/Rx streams */ 4196 run_rt3070_rf_read(sc, 1, &rf); 4197 rf &= ~0xfc; 4198 if (sc->ntxchains == 1) 4199 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4200 else if (sc->ntxchains == 2) 4201 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4202 if (sc->nrxchains == 1) 4203 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4204 else if (sc->nrxchains == 2) 4205 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4206 run_rt3070_rf_write(sc, 1, rf); 4207 4208 /* set RF offset */ 4209 run_rt3070_rf_read(sc, 23, &rf); 4210 rf = (rf & ~0x7f) | sc->freq; 4211 run_rt3070_rf_write(sc, 23, rf); 4212 4213 /* program RF filter */ 4214 rf = sc->rf24_20mhz; 4215 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4216 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4217 4218 /* enable RF tuning */ 4219 run_rt3070_rf_read(sc, 7, &rf); 4220 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4221 run_rt3070_rf_write(sc, 7, rf); 4222 4223 /* TSSI */ 4224 rf = (chan <= 14) ? 0xc3 : 0xc0; 4225 run_rt3070_rf_write(sc, 9, rf); 4226 4227 /* set loop filter 1 */ 4228 run_rt3070_rf_write(sc, 10, 0xf1); 4229 /* set loop filter 2 */ 4230 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4231 4232 /* set tx_mx2_ic */ 4233 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4234 /* set tx_mx1_ic */ 4235 if (chan <= 14) 4236 rf = 0x48 | sc->txmixgain_2ghz; 4237 else 4238 rf = 0x78 | sc->txmixgain_5ghz; 4239 run_rt3070_rf_write(sc, 16, rf); 4240 4241 /* set tx_lo1 */ 4242 run_rt3070_rf_write(sc, 17, 0x23); 4243 /* set tx_lo2 */ 4244 if (chan <= 14) 4245 rf = 0x93; 4246 else if (chan <= 64) 4247 rf = 0xb7; 4248 else if (chan <= 128) 4249 rf = 0x74; 4250 else 4251 rf = 0x72; 4252 run_rt3070_rf_write(sc, 19, rf); 4253 4254 /* set rx_lo1 */ 4255 if (chan <= 14) 4256 rf = 0xb3; 4257 else if (chan <= 64) 4258 rf = 0xf6; 4259 else if (chan <= 128) 4260 rf = 0xf4; 4261 else 4262 rf = 0xf3; 4263 run_rt3070_rf_write(sc, 20, rf); 4264 4265 /* set pfd_delay */ 4266 if (chan <= 14) 4267 rf = 0x15; 4268 else if (chan <= 64) 4269 rf = 0x3d; 4270 else 4271 rf = 0x01; 4272 run_rt3070_rf_write(sc, 25, rf); 4273 4274 /* set rx_lo2 */ 4275 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4276 /* set ldo_rf_vc */ 4277 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4278 /* set drv_cc */ 4279 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4280 4281 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4282 tmp &= ~0x8080; 4283 if (chan <= 14) 4284 tmp |= 0x80; 4285 run_write(sc, RT2860_GPIO_CTRL, tmp); 4286 4287 /* enable RF tuning */ 4288 run_rt3070_rf_read(sc, 7, &rf); 4289 run_rt3070_rf_write(sc, 7, rf | 0x01); 4290 4291 run_delay(sc, 2); 4292 } 4293 4294 static void 4295 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4296 { 4297 int8_t txpow1, txpow2, txpow3; 4298 uint8_t h20mhz, rf; 4299 int i; 4300 4301 /* find the settings for this channel (we know it exists) */ 4302 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4303 4304 /* use Tx power values from EEPROM */ 4305 txpow1 = sc->txpow1[i]; 4306 txpow2 = sc->txpow2[i]; 4307 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4308 4309 if (chan <= 14) { 4310 run_bbp_write(sc, 25, sc->bbp25); 4311 run_bbp_write(sc, 26, sc->bbp26); 4312 } else { 4313 /* Enable IQ phase correction. */ 4314 run_bbp_write(sc, 25, 0x09); 4315 run_bbp_write(sc, 26, 0xff); 4316 } 4317 4318 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4319 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4320 run_rt3070_rf_read(sc, 11, &rf); 4321 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4322 run_rt3070_rf_write(sc, 11, rf); 4323 4324 /* Set pll_idoh. */ 4325 run_rt3070_rf_read(sc, 11, &rf); 4326 rf &= ~0x4c; 4327 rf |= (chan <= 14) ? 0x44 : 0x48; 4328 run_rt3070_rf_write(sc, 11, rf); 4329 4330 if (chan <= 14) 4331 rf = txpow1 & 0x1f; 4332 else 4333 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4334 run_rt3070_rf_write(sc, 53, rf); 4335 4336 if (chan <= 14) 4337 rf = txpow2 & 0x1f; 4338 else 4339 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4340 run_rt3070_rf_write(sc, 55, rf); 4341 4342 if (chan <= 14) 4343 rf = txpow3 & 0x1f; 4344 else 4345 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4346 run_rt3070_rf_write(sc, 54, rf); 4347 4348 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4349 if (sc->ntxchains == 3) 4350 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4351 else 4352 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4353 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4354 run_rt3070_rf_write(sc, 1, rf); 4355 4356 run_adjust_freq_offset(sc); 4357 4358 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4359 4360 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4361 run_rt3070_rf_read(sc, 30, &rf); 4362 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4363 run_rt3070_rf_write(sc, 30, rf); 4364 4365 run_rt3070_rf_read(sc, 36, &rf); 4366 if (chan <= 14) 4367 rf |= 0x80; 4368 else 4369 rf &= ~0x80; 4370 run_rt3070_rf_write(sc, 36, rf); 4371 4372 /* Set vcolo_bs. */ 4373 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4374 /* Set pfd_delay. */ 4375 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4376 4377 /* Set vco bias current control. */ 4378 run_rt3070_rf_read(sc, 6, &rf); 4379 rf &= ~0xc0; 4380 if (chan <= 14) 4381 rf |= 0x40; 4382 else if (chan <= 128) 4383 rf |= 0x80; 4384 else 4385 rf |= 0x40; 4386 run_rt3070_rf_write(sc, 6, rf); 4387 4388 run_rt3070_rf_read(sc, 30, &rf); 4389 rf = (rf & ~0x18) | 0x10; 4390 run_rt3070_rf_write(sc, 30, rf); 4391 4392 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4393 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4394 4395 run_rt3070_rf_read(sc, 51, &rf); 4396 rf = (rf & ~0x03) | 0x01; 4397 run_rt3070_rf_write(sc, 51, rf); 4398 /* Set tx_mx1_cc. */ 4399 run_rt3070_rf_read(sc, 51, &rf); 4400 rf &= ~0x1c; 4401 rf |= (chan <= 14) ? 0x14 : 0x10; 4402 run_rt3070_rf_write(sc, 51, rf); 4403 /* Set tx_mx1_ic. */ 4404 run_rt3070_rf_read(sc, 51, &rf); 4405 rf &= ~0xe0; 4406 rf |= (chan <= 14) ? 0x60 : 0x40; 4407 run_rt3070_rf_write(sc, 51, rf); 4408 /* Set tx_lo1_ic. */ 4409 run_rt3070_rf_read(sc, 49, &rf); 4410 rf &= ~0x1c; 4411 rf |= (chan <= 14) ? 0x0c : 0x08; 4412 run_rt3070_rf_write(sc, 49, rf); 4413 /* Set tx_lo1_en. */ 4414 run_rt3070_rf_read(sc, 50, &rf); 4415 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4416 /* Set drv_cc. */ 4417 run_rt3070_rf_read(sc, 57, &rf); 4418 rf &= ~0xfc; 4419 rf |= (chan <= 14) ? 0x6c : 0x3c; 4420 run_rt3070_rf_write(sc, 57, rf); 4421 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4422 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4423 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4424 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4425 /* Enable VCO calibration. */ 4426 run_rt3070_rf_read(sc, 3, &rf); 4427 rf &= ~RT5390_VCOCAL; 4428 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4429 run_rt3070_rf_write(sc, 3, rf); 4430 4431 if (chan <= 14) 4432 rf = 0x23; 4433 else if (chan <= 64) 4434 rf = 0x36; 4435 else if (chan <= 128) 4436 rf = 0x32; 4437 else 4438 rf = 0x30; 4439 run_rt3070_rf_write(sc, 39, rf); 4440 if (chan <= 14) 4441 rf = 0xbb; 4442 else if (chan <= 64) 4443 rf = 0xeb; 4444 else if (chan <= 128) 4445 rf = 0xb3; 4446 else 4447 rf = 0x9b; 4448 run_rt3070_rf_write(sc, 45, rf); 4449 4450 /* Set FEQ/AEQ control. */ 4451 run_bbp_write(sc, 105, 0x34); 4452 } 4453 4454 static void 4455 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4456 { 4457 int8_t txpow1, txpow2; 4458 uint8_t rf; 4459 int i; 4460 4461 /* find the settings for this channel (we know it exists) */ 4462 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4463 4464 /* use Tx power values from EEPROM */ 4465 txpow1 = sc->txpow1[i]; 4466 txpow2 = sc->txpow2[i]; 4467 4468 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4469 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4470 run_rt3070_rf_read(sc, 11, &rf); 4471 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4472 run_rt3070_rf_write(sc, 11, rf); 4473 4474 run_rt3070_rf_read(sc, 49, &rf); 4475 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4476 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4477 if ((rf & 0x3f) > 0x27) 4478 rf = (rf & ~0x3f) | 0x27; 4479 run_rt3070_rf_write(sc, 49, rf); 4480 4481 if (sc->mac_ver == 0x5392) { 4482 run_rt3070_rf_read(sc, 50, &rf); 4483 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4484 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4485 if ((rf & 0x3f) > 0x27) 4486 rf = (rf & ~0x3f) | 0x27; 4487 run_rt3070_rf_write(sc, 50, rf); 4488 } 4489 4490 run_rt3070_rf_read(sc, 1, &rf); 4491 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4492 if (sc->mac_ver == 0x5392) 4493 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4494 run_rt3070_rf_write(sc, 1, rf); 4495 4496 if (sc->mac_ver != 0x5392) { 4497 run_rt3070_rf_read(sc, 2, &rf); 4498 rf |= 0x80; 4499 run_rt3070_rf_write(sc, 2, rf); 4500 run_delay(sc, 10); 4501 rf &= 0x7f; 4502 run_rt3070_rf_write(sc, 2, rf); 4503 } 4504 4505 run_adjust_freq_offset(sc); 4506 4507 if (sc->mac_ver == 0x5392) { 4508 /* Fix for RT5392C. */ 4509 if (sc->mac_rev >= 0x0223) { 4510 if (chan <= 4) 4511 rf = 0x0f; 4512 else if (chan >= 5 && chan <= 7) 4513 rf = 0x0e; 4514 else 4515 rf = 0x0d; 4516 run_rt3070_rf_write(sc, 23, rf); 4517 4518 if (chan <= 4) 4519 rf = 0x0c; 4520 else if (chan == 5) 4521 rf = 0x0b; 4522 else if (chan >= 6 && chan <= 7) 4523 rf = 0x0a; 4524 else if (chan >= 8 && chan <= 10) 4525 rf = 0x09; 4526 else 4527 rf = 0x08; 4528 run_rt3070_rf_write(sc, 59, rf); 4529 } else { 4530 if (chan <= 11) 4531 rf = 0x0f; 4532 else 4533 rf = 0x0b; 4534 run_rt3070_rf_write(sc, 59, rf); 4535 } 4536 } else { 4537 /* Fix for RT5390F. */ 4538 if (sc->mac_rev >= 0x0502) { 4539 if (chan <= 11) 4540 rf = 0x43; 4541 else 4542 rf = 0x23; 4543 run_rt3070_rf_write(sc, 55, rf); 4544 4545 if (chan <= 11) 4546 rf = 0x0f; 4547 else if (chan == 12) 4548 rf = 0x0d; 4549 else 4550 rf = 0x0b; 4551 run_rt3070_rf_write(sc, 59, rf); 4552 } else { 4553 run_rt3070_rf_write(sc, 55, 0x44); 4554 run_rt3070_rf_write(sc, 59, 0x8f); 4555 } 4556 } 4557 4558 /* Enable VCO calibration. */ 4559 run_rt3070_rf_read(sc, 3, &rf); 4560 rf |= RT5390_VCOCAL; 4561 run_rt3070_rf_write(sc, 3, rf); 4562 } 4563 4564 static void 4565 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4566 { 4567 const struct rt5592_freqs *freqs; 4568 uint32_t tmp; 4569 uint8_t reg, rf, txpow_bound; 4570 int8_t txpow1, txpow2; 4571 int i; 4572 4573 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4574 freqs = (tmp & RT5592_SEL_XTAL) ? 4575 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4576 4577 /* find the settings for this channel (we know it exists) */ 4578 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4579 4580 /* use Tx power values from EEPROM */ 4581 txpow1 = sc->txpow1[i]; 4582 txpow2 = sc->txpow2[i]; 4583 4584 run_read(sc, RT3070_LDO_CFG0, &tmp); 4585 tmp &= ~0x1c000000; 4586 if (chan > 14) 4587 tmp |= 0x14000000; 4588 run_write(sc, RT3070_LDO_CFG0, tmp); 4589 4590 /* N setting. */ 4591 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4592 run_rt3070_rf_read(sc, 9, &rf); 4593 rf &= ~(1 << 4); 4594 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4595 run_rt3070_rf_write(sc, 9, rf); 4596 4597 /* K setting. */ 4598 run_rt3070_rf_read(sc, 9, &rf); 4599 rf &= ~0x0f; 4600 rf |= (freqs->k & 0x0f); 4601 run_rt3070_rf_write(sc, 9, rf); 4602 4603 /* Mode setting. */ 4604 run_rt3070_rf_read(sc, 11, &rf); 4605 rf &= ~0x0c; 4606 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4607 run_rt3070_rf_write(sc, 11, rf); 4608 run_rt3070_rf_read(sc, 9, &rf); 4609 rf &= ~(1 << 7); 4610 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4611 run_rt3070_rf_write(sc, 9, rf); 4612 4613 /* R setting. */ 4614 run_rt3070_rf_read(sc, 11, &rf); 4615 rf &= ~0x03; 4616 rf |= (freqs->r - 0x1); 4617 run_rt3070_rf_write(sc, 11, rf); 4618 4619 if (chan <= 14) { 4620 /* Initialize RF registers for 2GHZ. */ 4621 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4622 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4623 rt5592_2ghz_def_rf[i].val); 4624 } 4625 4626 rf = (chan <= 10) ? 0x07 : 0x06; 4627 run_rt3070_rf_write(sc, 23, rf); 4628 run_rt3070_rf_write(sc, 59, rf); 4629 4630 run_rt3070_rf_write(sc, 55, 0x43); 4631 4632 /* 4633 * RF R49/R50 Tx power ALC code. 4634 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4635 */ 4636 reg = 2; 4637 txpow_bound = 0x27; 4638 } else { 4639 /* Initialize RF registers for 5GHZ. */ 4640 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4641 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4642 rt5592_5ghz_def_rf[i].val); 4643 } 4644 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4645 if (chan >= rt5592_chan_5ghz[i].firstchan && 4646 chan <= rt5592_chan_5ghz[i].lastchan) { 4647 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4648 rt5592_chan_5ghz[i].val); 4649 } 4650 } 4651 4652 /* 4653 * RF R49/R50 Tx power ALC code. 4654 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4655 */ 4656 reg = 3; 4657 txpow_bound = 0x2b; 4658 } 4659 4660 /* RF R49 ch0 Tx power ALC code. */ 4661 run_rt3070_rf_read(sc, 49, &rf); 4662 rf &= ~0xc0; 4663 rf |= (reg << 6); 4664 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4665 if ((rf & 0x3f) > txpow_bound) 4666 rf = (rf & ~0x3f) | txpow_bound; 4667 run_rt3070_rf_write(sc, 49, rf); 4668 4669 /* RF R50 ch1 Tx power ALC code. */ 4670 run_rt3070_rf_read(sc, 50, &rf); 4671 rf &= ~(1 << 7 | 1 << 6); 4672 rf |= (reg << 6); 4673 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4674 if ((rf & 0x3f) > txpow_bound) 4675 rf = (rf & ~0x3f) | txpow_bound; 4676 run_rt3070_rf_write(sc, 50, rf); 4677 4678 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4679 run_rt3070_rf_read(sc, 1, &rf); 4680 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4681 if (sc->ntxchains > 1) 4682 rf |= RT3070_TX1_PD; 4683 if (sc->nrxchains > 1) 4684 rf |= RT3070_RX1_PD; 4685 run_rt3070_rf_write(sc, 1, rf); 4686 4687 run_rt3070_rf_write(sc, 6, 0xe4); 4688 4689 run_rt3070_rf_write(sc, 30, 0x10); 4690 run_rt3070_rf_write(sc, 31, 0x80); 4691 run_rt3070_rf_write(sc, 32, 0x80); 4692 4693 run_adjust_freq_offset(sc); 4694 4695 /* Enable VCO calibration. */ 4696 run_rt3070_rf_read(sc, 3, &rf); 4697 rf |= RT5390_VCOCAL; 4698 run_rt3070_rf_write(sc, 3, rf); 4699 } 4700 4701 static void 4702 run_set_rx_antenna(struct run_softc *sc, int aux) 4703 { 4704 uint32_t tmp; 4705 uint8_t bbp152; 4706 4707 if (aux) { 4708 if (sc->rf_rev == RT5390_RF_5370) { 4709 run_bbp_read(sc, 152, &bbp152); 4710 run_bbp_write(sc, 152, bbp152 & ~0x80); 4711 } else { 4712 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4713 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4714 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4715 } 4716 } else { 4717 if (sc->rf_rev == RT5390_RF_5370) { 4718 run_bbp_read(sc, 152, &bbp152); 4719 run_bbp_write(sc, 152, bbp152 | 0x80); 4720 } else { 4721 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4722 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4723 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4724 } 4725 } 4726 } 4727 4728 static int 4729 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4730 { 4731 struct ieee80211com *ic = &sc->sc_ic; 4732 u_int chan, group; 4733 4734 chan = ieee80211_chan2ieee(ic, c); 4735 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4736 return (EINVAL); 4737 4738 if (sc->mac_ver == 0x5592) 4739 run_rt5592_set_chan(sc, chan); 4740 else if (sc->mac_ver >= 0x5390) 4741 run_rt5390_set_chan(sc, chan); 4742 else if (sc->mac_ver == 0x3593) 4743 run_rt3593_set_chan(sc, chan); 4744 else if (sc->mac_ver == 0x3572) 4745 run_rt3572_set_chan(sc, chan); 4746 else if (sc->mac_ver >= 0x3070) 4747 run_rt3070_set_chan(sc, chan); 4748 else 4749 run_rt2870_set_chan(sc, chan); 4750 4751 /* determine channel group */ 4752 if (chan <= 14) 4753 group = 0; 4754 else if (chan <= 64) 4755 group = 1; 4756 else if (chan <= 128) 4757 group = 2; 4758 else 4759 group = 3; 4760 4761 /* XXX necessary only when group has changed! */ 4762 run_select_chan_group(sc, group); 4763 4764 run_delay(sc, 10); 4765 4766 /* Perform IQ calibration. */ 4767 if (sc->mac_ver >= 0x5392) 4768 run_iq_calib(sc, chan); 4769 4770 return (0); 4771 } 4772 4773 static void 4774 run_set_channel(struct ieee80211com *ic) 4775 { 4776 struct run_softc *sc = ic->ic_softc; 4777 4778 RUN_LOCK(sc); 4779 run_set_chan(sc, ic->ic_curchan); 4780 RUN_UNLOCK(sc); 4781 4782 return; 4783 } 4784 4785 static void 4786 run_scan_start(struct ieee80211com *ic) 4787 { 4788 struct run_softc *sc = ic->ic_softc; 4789 uint32_t tmp; 4790 4791 RUN_LOCK(sc); 4792 4793 /* abort TSF synchronization */ 4794 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4795 run_write(sc, RT2860_BCN_TIME_CFG, 4796 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4797 RT2860_TBTT_TIMER_EN)); 4798 run_set_bssid(sc, ieee80211broadcastaddr); 4799 4800 RUN_UNLOCK(sc); 4801 4802 return; 4803 } 4804 4805 static void 4806 run_scan_end(struct ieee80211com *ic) 4807 { 4808 struct run_softc *sc = ic->ic_softc; 4809 4810 RUN_LOCK(sc); 4811 4812 run_enable_tsf_sync(sc); 4813 /* XXX keep local copy */ 4814 run_set_bssid(sc, ic->ic_macaddr); 4815 4816 RUN_UNLOCK(sc); 4817 4818 return; 4819 } 4820 4821 /* 4822 * Could be called from ieee80211_node_timeout() 4823 * (non-sleepable thread) 4824 */ 4825 static void 4826 run_update_beacon(struct ieee80211vap *vap, int item) 4827 { 4828 struct ieee80211com *ic = vap->iv_ic; 4829 struct run_softc *sc = ic->ic_softc; 4830 struct run_vap *rvp = RUN_VAP(vap); 4831 int mcast = 0; 4832 uint32_t i; 4833 4834 KASSERT(vap != NULL, ("no beacon")); 4835 4836 switch (item) { 4837 case IEEE80211_BEACON_ERP: 4838 run_updateslot(ic); 4839 break; 4840 case IEEE80211_BEACON_HTINFO: 4841 run_updateprot(ic); 4842 break; 4843 case IEEE80211_BEACON_TIM: 4844 mcast = 1; /*TODO*/ 4845 break; 4846 default: 4847 break; 4848 } 4849 4850 setbit(rvp->bo.bo_flags, item); 4851 if (rvp->beacon_mbuf == NULL) { 4852 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4853 &rvp->bo); 4854 if (rvp->beacon_mbuf == NULL) 4855 return; 4856 } 4857 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4858 4859 i = RUN_CMDQ_GET(&sc->cmdq_store); 4860 DPRINTF("cmdq_store=%d\n", i); 4861 sc->cmdq[i].func = run_update_beacon_cb; 4862 sc->cmdq[i].arg0 = vap; 4863 ieee80211_runtask(ic, &sc->cmdq_task); 4864 4865 return; 4866 } 4867 4868 static void 4869 run_update_beacon_cb(void *arg) 4870 { 4871 struct ieee80211vap *vap = arg; 4872 struct run_vap *rvp = RUN_VAP(vap); 4873 struct ieee80211com *ic = vap->iv_ic; 4874 struct run_softc *sc = ic->ic_softc; 4875 struct rt2860_txwi txwi; 4876 struct mbuf *m; 4877 uint16_t txwisize; 4878 uint8_t ridx; 4879 4880 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4881 return; 4882 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4883 return; 4884 4885 /* 4886 * No need to call ieee80211_beacon_update(), run_update_beacon() 4887 * is taking care of apropriate calls. 4888 */ 4889 if (rvp->beacon_mbuf == NULL) { 4890 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4891 &rvp->bo); 4892 if (rvp->beacon_mbuf == NULL) 4893 return; 4894 } 4895 m = rvp->beacon_mbuf; 4896 4897 memset(&txwi, 0, sizeof(txwi)); 4898 txwi.wcid = 0xff; 4899 txwi.len = htole16(m->m_pkthdr.len); 4900 4901 /* send beacons at the lowest available rate */ 4902 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4903 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4904 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4905 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4906 txwi.phy |= htole16(RT2860_PHY_OFDM); 4907 txwi.txop = RT2860_TX_TXOP_HT; 4908 txwi.flags = RT2860_TX_TS; 4909 txwi.xflags = RT2860_TX_NSEQ; 4910 4911 txwisize = (sc->mac_ver == 0x5592) ? 4912 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4913 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4914 txwisize); 4915 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4916 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4917 } 4918 4919 static void 4920 run_updateprot(struct ieee80211com *ic) 4921 { 4922 struct run_softc *sc = ic->ic_softc; 4923 uint32_t i; 4924 4925 i = RUN_CMDQ_GET(&sc->cmdq_store); 4926 DPRINTF("cmdq_store=%d\n", i); 4927 sc->cmdq[i].func = run_updateprot_cb; 4928 sc->cmdq[i].arg0 = ic; 4929 ieee80211_runtask(ic, &sc->cmdq_task); 4930 } 4931 4932 static void 4933 run_updateprot_cb(void *arg) 4934 { 4935 struct ieee80211com *ic = arg; 4936 struct run_softc *sc = ic->ic_softc; 4937 uint32_t tmp; 4938 4939 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4940 /* setup protection frame rate (MCS code) */ 4941 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4942 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4943 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4944 4945 /* CCK frames don't require protection */ 4946 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4947 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4948 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4949 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4950 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4951 tmp |= RT2860_PROT_CTRL_CTS; 4952 } 4953 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4954 } 4955 4956 static void 4957 run_usb_timeout_cb(void *arg) 4958 { 4959 struct ieee80211vap *vap = arg; 4960 struct run_softc *sc = vap->iv_ic->ic_softc; 4961 4962 RUN_LOCK_ASSERT(sc, MA_OWNED); 4963 4964 if(vap->iv_state == IEEE80211_S_RUN && 4965 vap->iv_opmode != IEEE80211_M_STA) 4966 run_reset_livelock(sc); 4967 else if (vap->iv_state == IEEE80211_S_SCAN) { 4968 DPRINTF("timeout caused by scan\n"); 4969 /* cancel bgscan */ 4970 ieee80211_cancel_scan(vap); 4971 } else 4972 DPRINTF("timeout by unknown cause\n"); 4973 } 4974 4975 static void 4976 run_reset_livelock(struct run_softc *sc) 4977 { 4978 uint32_t tmp; 4979 4980 RUN_LOCK_ASSERT(sc, MA_OWNED); 4981 4982 /* 4983 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4984 * can run into a livelock and start sending CTS-to-self frames like 4985 * crazy if protection is enabled. Reset MAC/BBP for a while 4986 */ 4987 run_read(sc, RT2860_DEBUG, &tmp); 4988 DPRINTFN(3, "debug reg %08x\n", tmp); 4989 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4990 DPRINTF("CTS-to-self livelock detected\n"); 4991 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4992 run_delay(sc, 1); 4993 run_write(sc, RT2860_MAC_SYS_CTRL, 4994 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4995 } 4996 } 4997 4998 static void 4999 run_update_promisc_locked(struct run_softc *sc) 5000 { 5001 uint32_t tmp; 5002 5003 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5004 5005 tmp |= RT2860_DROP_UC_NOME; 5006 if (sc->sc_ic.ic_promisc > 0) 5007 tmp &= ~RT2860_DROP_UC_NOME; 5008 5009 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5010 5011 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5012 "entering" : "leaving"); 5013 } 5014 5015 static void 5016 run_update_promisc(struct ieee80211com *ic) 5017 { 5018 struct run_softc *sc = ic->ic_softc; 5019 5020 if ((sc->sc_flags & RUN_RUNNING) == 0) 5021 return; 5022 5023 RUN_LOCK(sc); 5024 run_update_promisc_locked(sc); 5025 RUN_UNLOCK(sc); 5026 } 5027 5028 static void 5029 run_enable_tsf_sync(struct run_softc *sc) 5030 { 5031 struct ieee80211com *ic = &sc->sc_ic; 5032 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5033 uint32_t tmp; 5034 5035 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5036 ic->ic_opmode); 5037 5038 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5039 tmp &= ~0x1fffff; 5040 tmp |= vap->iv_bss->ni_intval * 16; 5041 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5042 5043 if (ic->ic_opmode == IEEE80211_M_STA) { 5044 /* 5045 * Local TSF is always updated with remote TSF on beacon 5046 * reception. 5047 */ 5048 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5049 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5050 tmp |= RT2860_BCN_TX_EN; 5051 /* 5052 * Local TSF is updated with remote TSF on beacon reception 5053 * only if the remote TSF is greater than local TSF. 5054 */ 5055 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5056 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5057 ic->ic_opmode == IEEE80211_M_MBSS) { 5058 tmp |= RT2860_BCN_TX_EN; 5059 /* SYNC with nobody */ 5060 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5061 } else { 5062 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5063 return; 5064 } 5065 5066 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5067 } 5068 5069 static void 5070 run_enable_mrr(struct run_softc *sc) 5071 { 5072 #define CCK(mcs) (mcs) 5073 #define OFDM(mcs) (1 << 3 | (mcs)) 5074 run_write(sc, RT2860_LG_FBK_CFG0, 5075 OFDM(6) << 28 | /* 54->48 */ 5076 OFDM(5) << 24 | /* 48->36 */ 5077 OFDM(4) << 20 | /* 36->24 */ 5078 OFDM(3) << 16 | /* 24->18 */ 5079 OFDM(2) << 12 | /* 18->12 */ 5080 OFDM(1) << 8 | /* 12-> 9 */ 5081 OFDM(0) << 4 | /* 9-> 6 */ 5082 OFDM(0)); /* 6-> 6 */ 5083 5084 run_write(sc, RT2860_LG_FBK_CFG1, 5085 CCK(2) << 12 | /* 11->5.5 */ 5086 CCK(1) << 8 | /* 5.5-> 2 */ 5087 CCK(0) << 4 | /* 2-> 1 */ 5088 CCK(0)); /* 1-> 1 */ 5089 #undef OFDM 5090 #undef CCK 5091 } 5092 5093 static void 5094 run_set_txpreamble(struct run_softc *sc) 5095 { 5096 struct ieee80211com *ic = &sc->sc_ic; 5097 uint32_t tmp; 5098 5099 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5100 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5101 tmp |= RT2860_CCK_SHORT_EN; 5102 else 5103 tmp &= ~RT2860_CCK_SHORT_EN; 5104 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5105 } 5106 5107 static void 5108 run_set_basicrates(struct run_softc *sc) 5109 { 5110 struct ieee80211com *ic = &sc->sc_ic; 5111 5112 /* set basic rates mask */ 5113 if (ic->ic_curmode == IEEE80211_MODE_11B) 5114 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5115 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5116 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5117 else /* 11g */ 5118 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5119 } 5120 5121 static void 5122 run_set_leds(struct run_softc *sc, uint16_t which) 5123 { 5124 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5125 which | (sc->leds & 0x7f)); 5126 } 5127 5128 static void 5129 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5130 { 5131 run_write(sc, RT2860_MAC_BSSID_DW0, 5132 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5133 run_write(sc, RT2860_MAC_BSSID_DW1, 5134 bssid[4] | bssid[5] << 8); 5135 } 5136 5137 static void 5138 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5139 { 5140 run_write(sc, RT2860_MAC_ADDR_DW0, 5141 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5142 run_write(sc, RT2860_MAC_ADDR_DW1, 5143 addr[4] | addr[5] << 8 | 0xff << 16); 5144 } 5145 5146 static void 5147 run_updateslot(struct ieee80211com *ic) 5148 { 5149 struct run_softc *sc = ic->ic_softc; 5150 uint32_t i; 5151 5152 i = RUN_CMDQ_GET(&sc->cmdq_store); 5153 DPRINTF("cmdq_store=%d\n", i); 5154 sc->cmdq[i].func = run_updateslot_cb; 5155 sc->cmdq[i].arg0 = ic; 5156 ieee80211_runtask(ic, &sc->cmdq_task); 5157 5158 return; 5159 } 5160 5161 /* ARGSUSED */ 5162 static void 5163 run_updateslot_cb(void *arg) 5164 { 5165 struct ieee80211com *ic = arg; 5166 struct run_softc *sc = ic->ic_softc; 5167 uint32_t tmp; 5168 5169 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5170 tmp &= ~0xff; 5171 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5172 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5173 } 5174 5175 static void 5176 run_update_mcast(struct ieee80211com *ic) 5177 { 5178 } 5179 5180 static int8_t 5181 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5182 { 5183 struct ieee80211com *ic = &sc->sc_ic; 5184 struct ieee80211_channel *c = ic->ic_curchan; 5185 int delta; 5186 5187 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5188 u_int chan = ieee80211_chan2ieee(ic, c); 5189 delta = sc->rssi_5ghz[rxchain]; 5190 5191 /* determine channel group */ 5192 if (chan <= 64) 5193 delta -= sc->lna[1]; 5194 else if (chan <= 128) 5195 delta -= sc->lna[2]; 5196 else 5197 delta -= sc->lna[3]; 5198 } else 5199 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5200 5201 return (-12 - delta - rssi); 5202 } 5203 5204 static void 5205 run_rt5390_bbp_init(struct run_softc *sc) 5206 { 5207 int i; 5208 uint8_t bbp; 5209 5210 /* Apply maximum likelihood detection for 2 stream case. */ 5211 run_bbp_read(sc, 105, &bbp); 5212 if (sc->nrxchains > 1) 5213 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5214 5215 /* Avoid data lost and CRC error. */ 5216 run_bbp_read(sc, 4, &bbp); 5217 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5218 5219 if (sc->mac_ver == 0x5592) { 5220 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5221 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5222 rt5592_def_bbp[i].val); 5223 } 5224 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5225 run_bbp_write(sc, 195, i + 0x80); 5226 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5227 } 5228 } else { 5229 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5230 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5231 rt5390_def_bbp[i].val); 5232 } 5233 } 5234 if (sc->mac_ver == 0x5392) { 5235 run_bbp_write(sc, 88, 0x90); 5236 run_bbp_write(sc, 95, 0x9a); 5237 run_bbp_write(sc, 98, 0x12); 5238 run_bbp_write(sc, 106, 0x12); 5239 run_bbp_write(sc, 134, 0xd0); 5240 run_bbp_write(sc, 135, 0xf6); 5241 run_bbp_write(sc, 148, 0x84); 5242 } 5243 5244 run_bbp_read(sc, 152, &bbp); 5245 run_bbp_write(sc, 152, bbp | 0x80); 5246 5247 /* Fix BBP254 for RT5592C. */ 5248 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5249 run_bbp_read(sc, 254, &bbp); 5250 run_bbp_write(sc, 254, bbp | 0x80); 5251 } 5252 5253 /* Disable hardware antenna diversity. */ 5254 if (sc->mac_ver == 0x5390) 5255 run_bbp_write(sc, 154, 0); 5256 5257 /* Initialize Rx CCK/OFDM frequency offset report. */ 5258 run_bbp_write(sc, 142, 1); 5259 run_bbp_write(sc, 143, 57); 5260 } 5261 5262 static int 5263 run_bbp_init(struct run_softc *sc) 5264 { 5265 int i, error, ntries; 5266 uint8_t bbp0; 5267 5268 /* wait for BBP to wake up */ 5269 for (ntries = 0; ntries < 20; ntries++) { 5270 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5271 return error; 5272 if (bbp0 != 0 && bbp0 != 0xff) 5273 break; 5274 } 5275 if (ntries == 20) 5276 return (ETIMEDOUT); 5277 5278 /* initialize BBP registers to default values */ 5279 if (sc->mac_ver >= 0x5390) 5280 run_rt5390_bbp_init(sc); 5281 else { 5282 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5283 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5284 rt2860_def_bbp[i].val); 5285 } 5286 } 5287 5288 if (sc->mac_ver == 0x3593) { 5289 run_bbp_write(sc, 79, 0x13); 5290 run_bbp_write(sc, 80, 0x05); 5291 run_bbp_write(sc, 81, 0x33); 5292 run_bbp_write(sc, 86, 0x46); 5293 run_bbp_write(sc, 137, 0x0f); 5294 } 5295 5296 /* fix BBP84 for RT2860E */ 5297 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5298 run_bbp_write(sc, 84, 0x19); 5299 5300 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5301 sc->mac_ver != 0x5592)) { 5302 run_bbp_write(sc, 79, 0x13); 5303 run_bbp_write(sc, 80, 0x05); 5304 run_bbp_write(sc, 81, 0x33); 5305 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5306 run_bbp_write(sc, 69, 0x16); 5307 run_bbp_write(sc, 73, 0x12); 5308 } 5309 return (0); 5310 } 5311 5312 static int 5313 run_rt3070_rf_init(struct run_softc *sc) 5314 { 5315 uint32_t tmp; 5316 uint8_t bbp4, mingain, rf, target; 5317 int i; 5318 5319 run_rt3070_rf_read(sc, 30, &rf); 5320 /* toggle RF R30 bit 7 */ 5321 run_rt3070_rf_write(sc, 30, rf | 0x80); 5322 run_delay(sc, 10); 5323 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5324 5325 /* initialize RF registers to default value */ 5326 if (sc->mac_ver == 0x3572) { 5327 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5328 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5329 rt3572_def_rf[i].val); 5330 } 5331 } else { 5332 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5333 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5334 rt3070_def_rf[i].val); 5335 } 5336 } 5337 5338 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5339 /* 5340 * Change voltage from 1.2V to 1.35V for RT3070. 5341 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5342 * in RT3070(F). 5343 */ 5344 run_read(sc, RT3070_LDO_CFG0, &tmp); 5345 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5346 run_write(sc, RT3070_LDO_CFG0, tmp); 5347 5348 } else if (sc->mac_ver == 0x3071) { 5349 run_rt3070_rf_read(sc, 6, &rf); 5350 run_rt3070_rf_write(sc, 6, rf | 0x40); 5351 run_rt3070_rf_write(sc, 31, 0x14); 5352 5353 run_read(sc, RT3070_LDO_CFG0, &tmp); 5354 tmp &= ~0x1f000000; 5355 if (sc->mac_rev < 0x0211) 5356 tmp |= 0x0d000000; /* 1.3V */ 5357 else 5358 tmp |= 0x01000000; /* 1.2V */ 5359 run_write(sc, RT3070_LDO_CFG0, tmp); 5360 5361 /* patch LNA_PE_G1 */ 5362 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5363 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5364 5365 } else if (sc->mac_ver == 0x3572) { 5366 run_rt3070_rf_read(sc, 6, &rf); 5367 run_rt3070_rf_write(sc, 6, rf | 0x40); 5368 5369 /* increase voltage from 1.2V to 1.35V */ 5370 run_read(sc, RT3070_LDO_CFG0, &tmp); 5371 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5372 run_write(sc, RT3070_LDO_CFG0, tmp); 5373 5374 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5375 run_delay(sc, 1); /* wait for 1msec */ 5376 /* decrease voltage back to 1.2V */ 5377 tmp = (tmp & ~0x1f000000) | 0x01000000; 5378 run_write(sc, RT3070_LDO_CFG0, tmp); 5379 } 5380 } 5381 5382 /* select 20MHz bandwidth */ 5383 run_rt3070_rf_read(sc, 31, &rf); 5384 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5385 5386 /* calibrate filter for 20MHz bandwidth */ 5387 sc->rf24_20mhz = 0x1f; /* default value */ 5388 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5389 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5390 5391 /* select 40MHz bandwidth */ 5392 run_bbp_read(sc, 4, &bbp4); 5393 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5394 run_rt3070_rf_read(sc, 31, &rf); 5395 run_rt3070_rf_write(sc, 31, rf | 0x20); 5396 5397 /* calibrate filter for 40MHz bandwidth */ 5398 sc->rf24_40mhz = 0x2f; /* default value */ 5399 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5400 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5401 5402 /* go back to 20MHz bandwidth */ 5403 run_bbp_read(sc, 4, &bbp4); 5404 run_bbp_write(sc, 4, bbp4 & ~0x18); 5405 5406 if (sc->mac_ver == 0x3572) { 5407 /* save default BBP registers 25 and 26 values */ 5408 run_bbp_read(sc, 25, &sc->bbp25); 5409 run_bbp_read(sc, 26, &sc->bbp26); 5410 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5411 run_rt3070_rf_write(sc, 27, 0x03); 5412 5413 run_read(sc, RT3070_OPT_14, &tmp); 5414 run_write(sc, RT3070_OPT_14, tmp | 1); 5415 5416 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5417 run_rt3070_rf_read(sc, 17, &rf); 5418 rf &= ~RT3070_TX_LO1; 5419 if ((sc->mac_ver == 0x3070 || 5420 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5421 !sc->ext_2ghz_lna) 5422 rf |= 0x20; /* fix for long range Rx issue */ 5423 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5424 if (sc->txmixgain_2ghz >= mingain) 5425 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5426 run_rt3070_rf_write(sc, 17, rf); 5427 } 5428 5429 if (sc->mac_ver == 0x3071) { 5430 run_rt3070_rf_read(sc, 1, &rf); 5431 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5432 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5433 run_rt3070_rf_write(sc, 1, rf); 5434 5435 run_rt3070_rf_read(sc, 15, &rf); 5436 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5437 5438 run_rt3070_rf_read(sc, 20, &rf); 5439 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5440 5441 run_rt3070_rf_read(sc, 21, &rf); 5442 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5443 } 5444 5445 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5446 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5447 run_rt3070_rf_read(sc, 27, &rf); 5448 rf &= ~0x77; 5449 if (sc->mac_rev < 0x0211) 5450 rf |= 0x03; 5451 run_rt3070_rf_write(sc, 27, rf); 5452 } 5453 return (0); 5454 } 5455 5456 static void 5457 run_rt3593_rf_init(struct run_softc *sc) 5458 { 5459 uint32_t tmp; 5460 uint8_t rf; 5461 int i; 5462 5463 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5464 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5465 tmp &= ~(1 << 4 | 1 << 7); 5466 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5467 5468 /* Initialize RF registers to default value. */ 5469 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5470 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5471 rt3593_def_rf[i].val); 5472 } 5473 5474 /* Toggle RF R2 to initiate calibration. */ 5475 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5476 5477 /* Initialize RF frequency offset. */ 5478 run_adjust_freq_offset(sc); 5479 5480 run_rt3070_rf_read(sc, 18, &rf); 5481 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5482 5483 /* 5484 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5485 * decrease voltage back to 1.2V. 5486 */ 5487 run_read(sc, RT3070_LDO_CFG0, &tmp); 5488 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5489 run_write(sc, RT3070_LDO_CFG0, tmp); 5490 run_delay(sc, 1); 5491 tmp = (tmp & ~0x1f000000) | 0x01000000; 5492 run_write(sc, RT3070_LDO_CFG0, tmp); 5493 5494 sc->rf24_20mhz = 0x1f; 5495 sc->rf24_40mhz = 0x2f; 5496 5497 /* Save default BBP registers 25 and 26 values. */ 5498 run_bbp_read(sc, 25, &sc->bbp25); 5499 run_bbp_read(sc, 26, &sc->bbp26); 5500 5501 run_read(sc, RT3070_OPT_14, &tmp); 5502 run_write(sc, RT3070_OPT_14, tmp | 1); 5503 } 5504 5505 static void 5506 run_rt5390_rf_init(struct run_softc *sc) 5507 { 5508 uint32_t tmp; 5509 uint8_t rf; 5510 int i; 5511 5512 /* Toggle RF R2 to initiate calibration. */ 5513 if (sc->mac_ver == 0x5390) { 5514 run_rt3070_rf_read(sc, 2, &rf); 5515 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5516 run_delay(sc, 10); 5517 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5518 } else { 5519 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5520 run_delay(sc, 10); 5521 } 5522 5523 /* Initialize RF registers to default value. */ 5524 if (sc->mac_ver == 0x5592) { 5525 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5526 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5527 rt5592_def_rf[i].val); 5528 } 5529 /* Initialize RF frequency offset. */ 5530 run_adjust_freq_offset(sc); 5531 } else if (sc->mac_ver == 0x5392) { 5532 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5533 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5534 rt5392_def_rf[i].val); 5535 } 5536 if (sc->mac_rev >= 0x0223) { 5537 run_rt3070_rf_write(sc, 23, 0x0f); 5538 run_rt3070_rf_write(sc, 24, 0x3e); 5539 run_rt3070_rf_write(sc, 51, 0x32); 5540 run_rt3070_rf_write(sc, 53, 0x22); 5541 run_rt3070_rf_write(sc, 56, 0xc1); 5542 run_rt3070_rf_write(sc, 59, 0x0f); 5543 } 5544 } else { 5545 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5546 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5547 rt5390_def_rf[i].val); 5548 } 5549 if (sc->mac_rev >= 0x0502) { 5550 run_rt3070_rf_write(sc, 6, 0xe0); 5551 run_rt3070_rf_write(sc, 25, 0x80); 5552 run_rt3070_rf_write(sc, 46, 0x73); 5553 run_rt3070_rf_write(sc, 53, 0x00); 5554 run_rt3070_rf_write(sc, 56, 0x42); 5555 run_rt3070_rf_write(sc, 61, 0xd1); 5556 } 5557 } 5558 5559 sc->rf24_20mhz = 0x1f; /* default value */ 5560 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5561 5562 if (sc->mac_rev < 0x0211) 5563 run_rt3070_rf_write(sc, 27, 0x3); 5564 5565 run_read(sc, RT3070_OPT_14, &tmp); 5566 run_write(sc, RT3070_OPT_14, tmp | 1); 5567 } 5568 5569 static int 5570 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5571 uint8_t *val) 5572 { 5573 uint8_t rf22, rf24; 5574 uint8_t bbp55_pb, bbp55_sb, delta; 5575 int ntries; 5576 5577 /* program filter */ 5578 run_rt3070_rf_read(sc, 24, &rf24); 5579 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5580 run_rt3070_rf_write(sc, 24, rf24); 5581 5582 /* enable baseband loopback mode */ 5583 run_rt3070_rf_read(sc, 22, &rf22); 5584 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5585 5586 /* set power and frequency of passband test tone */ 5587 run_bbp_write(sc, 24, 0x00); 5588 for (ntries = 0; ntries < 100; ntries++) { 5589 /* transmit test tone */ 5590 run_bbp_write(sc, 25, 0x90); 5591 run_delay(sc, 10); 5592 /* read received power */ 5593 run_bbp_read(sc, 55, &bbp55_pb); 5594 if (bbp55_pb != 0) 5595 break; 5596 } 5597 if (ntries == 100) 5598 return (ETIMEDOUT); 5599 5600 /* set power and frequency of stopband test tone */ 5601 run_bbp_write(sc, 24, 0x06); 5602 for (ntries = 0; ntries < 100; ntries++) { 5603 /* transmit test tone */ 5604 run_bbp_write(sc, 25, 0x90); 5605 run_delay(sc, 10); 5606 /* read received power */ 5607 run_bbp_read(sc, 55, &bbp55_sb); 5608 5609 delta = bbp55_pb - bbp55_sb; 5610 if (delta > target) 5611 break; 5612 5613 /* reprogram filter */ 5614 rf24++; 5615 run_rt3070_rf_write(sc, 24, rf24); 5616 } 5617 if (ntries < 100) { 5618 if (rf24 != init) 5619 rf24--; /* backtrack */ 5620 *val = rf24; 5621 run_rt3070_rf_write(sc, 24, rf24); 5622 } 5623 5624 /* restore initial state */ 5625 run_bbp_write(sc, 24, 0x00); 5626 5627 /* disable baseband loopback mode */ 5628 run_rt3070_rf_read(sc, 22, &rf22); 5629 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5630 5631 return (0); 5632 } 5633 5634 static void 5635 run_rt3070_rf_setup(struct run_softc *sc) 5636 { 5637 uint8_t bbp, rf; 5638 int i; 5639 5640 if (sc->mac_ver == 0x3572) { 5641 /* enable DC filter */ 5642 if (sc->mac_rev >= 0x0201) 5643 run_bbp_write(sc, 103, 0xc0); 5644 5645 run_bbp_read(sc, 138, &bbp); 5646 if (sc->ntxchains == 1) 5647 bbp |= 0x20; /* turn off DAC1 */ 5648 if (sc->nrxchains == 1) 5649 bbp &= ~0x02; /* turn off ADC1 */ 5650 run_bbp_write(sc, 138, bbp); 5651 5652 if (sc->mac_rev >= 0x0211) { 5653 /* improve power consumption */ 5654 run_bbp_read(sc, 31, &bbp); 5655 run_bbp_write(sc, 31, bbp & ~0x03); 5656 } 5657 5658 run_rt3070_rf_read(sc, 16, &rf); 5659 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5660 run_rt3070_rf_write(sc, 16, rf); 5661 5662 } else if (sc->mac_ver == 0x3071) { 5663 if (sc->mac_rev >= 0x0211) { 5664 /* enable DC filter */ 5665 run_bbp_write(sc, 103, 0xc0); 5666 5667 /* improve power consumption */ 5668 run_bbp_read(sc, 31, &bbp); 5669 run_bbp_write(sc, 31, bbp & ~0x03); 5670 } 5671 5672 run_bbp_read(sc, 138, &bbp); 5673 if (sc->ntxchains == 1) 5674 bbp |= 0x20; /* turn off DAC1 */ 5675 if (sc->nrxchains == 1) 5676 bbp &= ~0x02; /* turn off ADC1 */ 5677 run_bbp_write(sc, 138, bbp); 5678 5679 run_write(sc, RT2860_TX_SW_CFG1, 0); 5680 if (sc->mac_rev < 0x0211) { 5681 run_write(sc, RT2860_TX_SW_CFG2, 5682 sc->patch_dac ? 0x2c : 0x0f); 5683 } else 5684 run_write(sc, RT2860_TX_SW_CFG2, 0); 5685 5686 } else if (sc->mac_ver == 0x3070) { 5687 if (sc->mac_rev >= 0x0201) { 5688 /* enable DC filter */ 5689 run_bbp_write(sc, 103, 0xc0); 5690 5691 /* improve power consumption */ 5692 run_bbp_read(sc, 31, &bbp); 5693 run_bbp_write(sc, 31, bbp & ~0x03); 5694 } 5695 5696 if (sc->mac_rev < 0x0201) { 5697 run_write(sc, RT2860_TX_SW_CFG1, 0); 5698 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5699 } else 5700 run_write(sc, RT2860_TX_SW_CFG2, 0); 5701 } 5702 5703 /* initialize RF registers from ROM for >=RT3071*/ 5704 if (sc->mac_ver >= 0x3071) { 5705 for (i = 0; i < 10; i++) { 5706 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5707 continue; 5708 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5709 } 5710 } 5711 } 5712 5713 static void 5714 run_rt3593_rf_setup(struct run_softc *sc) 5715 { 5716 uint8_t bbp, rf; 5717 5718 if (sc->mac_rev >= 0x0211) { 5719 /* Enable DC filter. */ 5720 run_bbp_write(sc, 103, 0xc0); 5721 } 5722 run_write(sc, RT2860_TX_SW_CFG1, 0); 5723 if (sc->mac_rev < 0x0211) { 5724 run_write(sc, RT2860_TX_SW_CFG2, 5725 sc->patch_dac ? 0x2c : 0x0f); 5726 } else 5727 run_write(sc, RT2860_TX_SW_CFG2, 0); 5728 5729 run_rt3070_rf_read(sc, 50, &rf); 5730 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5731 5732 run_rt3070_rf_read(sc, 51, &rf); 5733 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5734 ((sc->txmixgain_2ghz & 0x07) << 2); 5735 run_rt3070_rf_write(sc, 51, rf); 5736 5737 run_rt3070_rf_read(sc, 38, &rf); 5738 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5739 5740 run_rt3070_rf_read(sc, 39, &rf); 5741 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5742 5743 run_rt3070_rf_read(sc, 1, &rf); 5744 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5745 5746 run_rt3070_rf_read(sc, 30, &rf); 5747 rf = (rf & ~0x18) | 0x10; 5748 run_rt3070_rf_write(sc, 30, rf); 5749 5750 /* Apply maximum likelihood detection for 2 stream case. */ 5751 run_bbp_read(sc, 105, &bbp); 5752 if (sc->nrxchains > 1) 5753 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5754 5755 /* Avoid data lost and CRC error. */ 5756 run_bbp_read(sc, 4, &bbp); 5757 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5758 5759 run_bbp_write(sc, 92, 0x02); 5760 run_bbp_write(sc, 82, 0x82); 5761 run_bbp_write(sc, 106, 0x05); 5762 run_bbp_write(sc, 104, 0x92); 5763 run_bbp_write(sc, 88, 0x90); 5764 run_bbp_write(sc, 148, 0xc8); 5765 run_bbp_write(sc, 47, 0x48); 5766 run_bbp_write(sc, 120, 0x50); 5767 5768 run_bbp_write(sc, 163, 0x9d); 5769 5770 /* SNR mapping. */ 5771 run_bbp_write(sc, 142, 0x06); 5772 run_bbp_write(sc, 143, 0xa0); 5773 run_bbp_write(sc, 142, 0x07); 5774 run_bbp_write(sc, 143, 0xa1); 5775 run_bbp_write(sc, 142, 0x08); 5776 run_bbp_write(sc, 143, 0xa2); 5777 5778 run_bbp_write(sc, 31, 0x08); 5779 run_bbp_write(sc, 68, 0x0b); 5780 run_bbp_write(sc, 105, 0x04); 5781 } 5782 5783 static void 5784 run_rt5390_rf_setup(struct run_softc *sc) 5785 { 5786 uint8_t bbp, rf; 5787 5788 if (sc->mac_rev >= 0x0211) { 5789 /* Enable DC filter. */ 5790 run_bbp_write(sc, 103, 0xc0); 5791 5792 if (sc->mac_ver != 0x5592) { 5793 /* Improve power consumption. */ 5794 run_bbp_read(sc, 31, &bbp); 5795 run_bbp_write(sc, 31, bbp & ~0x03); 5796 } 5797 } 5798 5799 run_bbp_read(sc, 138, &bbp); 5800 if (sc->ntxchains == 1) 5801 bbp |= 0x20; /* turn off DAC1 */ 5802 if (sc->nrxchains == 1) 5803 bbp &= ~0x02; /* turn off ADC1 */ 5804 run_bbp_write(sc, 138, bbp); 5805 5806 run_rt3070_rf_read(sc, 38, &rf); 5807 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5808 5809 run_rt3070_rf_read(sc, 39, &rf); 5810 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5811 5812 /* Avoid data lost and CRC error. */ 5813 run_bbp_read(sc, 4, &bbp); 5814 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5815 5816 run_rt3070_rf_read(sc, 30, &rf); 5817 rf = (rf & ~0x18) | 0x10; 5818 run_rt3070_rf_write(sc, 30, rf); 5819 5820 if (sc->mac_ver != 0x5592) { 5821 run_write(sc, RT2860_TX_SW_CFG1, 0); 5822 if (sc->mac_rev < 0x0211) { 5823 run_write(sc, RT2860_TX_SW_CFG2, 5824 sc->patch_dac ? 0x2c : 0x0f); 5825 } else 5826 run_write(sc, RT2860_TX_SW_CFG2, 0); 5827 } 5828 } 5829 5830 static int 5831 run_txrx_enable(struct run_softc *sc) 5832 { 5833 struct ieee80211com *ic = &sc->sc_ic; 5834 uint32_t tmp; 5835 int error, ntries; 5836 5837 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5838 for (ntries = 0; ntries < 200; ntries++) { 5839 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5840 return (error); 5841 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5842 break; 5843 run_delay(sc, 50); 5844 } 5845 if (ntries == 200) 5846 return (ETIMEDOUT); 5847 5848 run_delay(sc, 50); 5849 5850 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5851 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5852 5853 /* enable Rx bulk aggregation (set timeout and limit) */ 5854 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5855 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5856 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5857 5858 /* set Rx filter */ 5859 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5860 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5861 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5862 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5863 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5864 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5865 if (ic->ic_opmode == IEEE80211_M_STA) 5866 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5867 } 5868 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5869 5870 run_write(sc, RT2860_MAC_SYS_CTRL, 5871 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5872 5873 return (0); 5874 } 5875 5876 static void 5877 run_adjust_freq_offset(struct run_softc *sc) 5878 { 5879 uint8_t rf, tmp; 5880 5881 run_rt3070_rf_read(sc, 17, &rf); 5882 tmp = rf; 5883 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5884 rf = MIN(rf, 0x5f); 5885 5886 if (tmp != rf) 5887 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5888 } 5889 5890 static void 5891 run_init_locked(struct run_softc *sc) 5892 { 5893 struct ieee80211com *ic = &sc->sc_ic; 5894 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5895 uint32_t tmp; 5896 uint8_t bbp1, bbp3; 5897 int i; 5898 int ridx; 5899 int ntries; 5900 5901 if (ic->ic_nrunning > 1) 5902 return; 5903 5904 run_stop(sc); 5905 5906 if (run_load_microcode(sc) != 0) { 5907 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5908 goto fail; 5909 } 5910 5911 for (ntries = 0; ntries < 100; ntries++) { 5912 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5913 goto fail; 5914 if (tmp != 0 && tmp != 0xffffffff) 5915 break; 5916 run_delay(sc, 10); 5917 } 5918 if (ntries == 100) 5919 goto fail; 5920 5921 for (i = 0; i != RUN_EP_QUEUES; i++) 5922 run_setup_tx_list(sc, &sc->sc_epq[i]); 5923 5924 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5925 5926 for (ntries = 0; ntries < 100; ntries++) { 5927 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5928 goto fail; 5929 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5930 break; 5931 run_delay(sc, 10); 5932 } 5933 if (ntries == 100) { 5934 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5935 goto fail; 5936 } 5937 tmp &= 0xff0; 5938 tmp |= RT2860_TX_WB_DDONE; 5939 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5940 5941 /* turn off PME_OEN to solve high-current issue */ 5942 run_read(sc, RT2860_SYS_CTRL, &tmp); 5943 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5944 5945 run_write(sc, RT2860_MAC_SYS_CTRL, 5946 RT2860_BBP_HRST | RT2860_MAC_SRST); 5947 run_write(sc, RT2860_USB_DMA_CFG, 0); 5948 5949 if (run_reset(sc) != 0) { 5950 device_printf(sc->sc_dev, "could not reset chipset\n"); 5951 goto fail; 5952 } 5953 5954 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5955 5956 /* init Tx power for all Tx rates (from EEPROM) */ 5957 for (ridx = 0; ridx < 5; ridx++) { 5958 if (sc->txpow20mhz[ridx] == 0xffffffff) 5959 continue; 5960 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5961 } 5962 5963 for (i = 0; i < nitems(rt2870_def_mac); i++) 5964 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 5965 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 5966 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 5967 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 5968 5969 if (sc->mac_ver >= 0x5390) { 5970 run_write(sc, RT2860_TX_SW_CFG0, 5971 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 5972 if (sc->mac_ver >= 0x5392) { 5973 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 5974 if (sc->mac_ver == 0x5592) { 5975 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 5976 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 5977 } else { 5978 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 5979 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 5980 } 5981 } 5982 } else if (sc->mac_ver == 0x3593) { 5983 run_write(sc, RT2860_TX_SW_CFG0, 5984 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 5985 } else if (sc->mac_ver >= 0x3070) { 5986 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 5987 run_write(sc, RT2860_TX_SW_CFG0, 5988 4 << RT2860_DLY_PAPE_EN_SHIFT); 5989 } 5990 5991 /* wait while MAC is busy */ 5992 for (ntries = 0; ntries < 100; ntries++) { 5993 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 5994 goto fail; 5995 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 5996 break; 5997 run_delay(sc, 10); 5998 } 5999 if (ntries == 100) 6000 goto fail; 6001 6002 /* clear Host to MCU mailbox */ 6003 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6004 run_write(sc, RT2860_H2M_MAILBOX, 0); 6005 run_delay(sc, 10); 6006 6007 if (run_bbp_init(sc) != 0) { 6008 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6009 goto fail; 6010 } 6011 6012 /* abort TSF synchronization */ 6013 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6014 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6015 RT2860_TBTT_TIMER_EN); 6016 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6017 6018 /* clear RX WCID search table */ 6019 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6020 /* clear WCID attribute table */ 6021 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6022 6023 /* hostapd sets a key before init. So, don't clear it. */ 6024 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6025 /* clear shared key table */ 6026 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6027 /* clear shared key mode */ 6028 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6029 } 6030 6031 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6032 tmp = (tmp & ~0xff) | 0x1e; 6033 run_write(sc, RT2860_US_CYC_CNT, tmp); 6034 6035 if (sc->mac_rev != 0x0101) 6036 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6037 6038 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6039 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6040 6041 /* write vendor-specific BBP values (from EEPROM) */ 6042 if (sc->mac_ver < 0x3593) { 6043 for (i = 0; i < 10; i++) { 6044 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6045 continue; 6046 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6047 } 6048 } 6049 6050 /* select Main antenna for 1T1R devices */ 6051 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6052 run_set_rx_antenna(sc, 0); 6053 6054 /* send LEDs operating mode to microcontroller */ 6055 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6056 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6057 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6058 6059 if (sc->mac_ver >= 0x5390) 6060 run_rt5390_rf_init(sc); 6061 else if (sc->mac_ver == 0x3593) 6062 run_rt3593_rf_init(sc); 6063 else if (sc->mac_ver >= 0x3070) 6064 run_rt3070_rf_init(sc); 6065 6066 /* disable non-existing Rx chains */ 6067 run_bbp_read(sc, 3, &bbp3); 6068 bbp3 &= ~(1 << 3 | 1 << 4); 6069 if (sc->nrxchains == 2) 6070 bbp3 |= 1 << 3; 6071 else if (sc->nrxchains == 3) 6072 bbp3 |= 1 << 4; 6073 run_bbp_write(sc, 3, bbp3); 6074 6075 /* disable non-existing Tx chains */ 6076 run_bbp_read(sc, 1, &bbp1); 6077 if (sc->ntxchains == 1) 6078 bbp1 &= ~(1 << 3 | 1 << 4); 6079 run_bbp_write(sc, 1, bbp1); 6080 6081 if (sc->mac_ver >= 0x5390) 6082 run_rt5390_rf_setup(sc); 6083 else if (sc->mac_ver == 0x3593) 6084 run_rt3593_rf_setup(sc); 6085 else if (sc->mac_ver >= 0x3070) 6086 run_rt3070_rf_setup(sc); 6087 6088 /* select default channel */ 6089 run_set_chan(sc, ic->ic_curchan); 6090 6091 /* setup initial protection mode */ 6092 run_updateprot_cb(ic); 6093 6094 /* turn radio LED on */ 6095 run_set_leds(sc, RT2860_LED_RADIO); 6096 6097 sc->sc_flags |= RUN_RUNNING; 6098 sc->cmdq_run = RUN_CMDQ_GO; 6099 6100 for (i = 0; i != RUN_N_XFER; i++) 6101 usbd_xfer_set_stall(sc->sc_xfer[i]); 6102 6103 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6104 6105 if (run_txrx_enable(sc) != 0) 6106 goto fail; 6107 6108 return; 6109 6110 fail: 6111 run_stop(sc); 6112 } 6113 6114 static void 6115 run_stop(void *arg) 6116 { 6117 struct run_softc *sc = (struct run_softc *)arg; 6118 uint32_t tmp; 6119 int i; 6120 int ntries; 6121 6122 RUN_LOCK_ASSERT(sc, MA_OWNED); 6123 6124 if (sc->sc_flags & RUN_RUNNING) 6125 run_set_leds(sc, 0); /* turn all LEDs off */ 6126 6127 sc->sc_flags &= ~RUN_RUNNING; 6128 6129 sc->ratectl_run = RUN_RATECTL_OFF; 6130 sc->cmdq_run = sc->cmdq_key_set; 6131 6132 RUN_UNLOCK(sc); 6133 6134 for(i = 0; i < RUN_N_XFER; i++) 6135 usbd_transfer_drain(sc->sc_xfer[i]); 6136 6137 RUN_LOCK(sc); 6138 6139 if (sc->rx_m != NULL) { 6140 m_free(sc->rx_m); 6141 sc->rx_m = NULL; 6142 } 6143 6144 /* Disable Tx/Rx DMA. */ 6145 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6146 return; 6147 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6148 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6149 6150 for (ntries = 0; ntries < 100; ntries++) { 6151 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6152 return; 6153 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6154 break; 6155 run_delay(sc, 10); 6156 } 6157 if (ntries == 100) { 6158 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6159 return; 6160 } 6161 6162 /* disable Tx/Rx */ 6163 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6164 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6165 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6166 6167 /* wait for pending Tx to complete */ 6168 for (ntries = 0; ntries < 100; ntries++) { 6169 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6170 DPRINTF("Cannot read Tx queue count\n"); 6171 break; 6172 } 6173 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6174 DPRINTF("All Tx cleared\n"); 6175 break; 6176 } 6177 run_delay(sc, 10); 6178 } 6179 if (ntries >= 100) 6180 DPRINTF("There are still pending Tx\n"); 6181 run_delay(sc, 10); 6182 run_write(sc, RT2860_USB_DMA_CFG, 0); 6183 6184 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6185 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6186 6187 for (i = 0; i != RUN_EP_QUEUES; i++) 6188 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6189 } 6190 6191 static void 6192 run_delay(struct run_softc *sc, u_int ms) 6193 { 6194 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6195 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6196 } 6197 6198 static device_method_t run_methods[] = { 6199 /* Device interface */ 6200 DEVMETHOD(device_probe, run_match), 6201 DEVMETHOD(device_attach, run_attach), 6202 DEVMETHOD(device_detach, run_detach), 6203 DEVMETHOD_END 6204 }; 6205 6206 static driver_t run_driver = { 6207 .name = "run", 6208 .methods = run_methods, 6209 .size = sizeof(struct run_softc) 6210 }; 6211 6212 static devclass_t run_devclass; 6213 6214 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6215 MODULE_DEPEND(run, wlan, 1, 1, 1); 6216 MODULE_DEPEND(run, usb, 1, 1, 1); 6217 MODULE_DEPEND(run, firmware, 1, 1, 1); 6218 MODULE_VERSION(run, 1); 6219