1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 #define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103 #define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(NETGEAR, WNDA4100), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324 #undef RUN_DEV_EJECT 325 #undef RUN_DEV 326 }; 327 328 static device_probe_t run_match; 329 static device_attach_t run_attach; 330 static device_detach_t run_detach; 331 332 static usb_callback_t run_bulk_rx_callback; 333 static usb_callback_t run_bulk_tx_callback0; 334 static usb_callback_t run_bulk_tx_callback1; 335 static usb_callback_t run_bulk_tx_callback2; 336 static usb_callback_t run_bulk_tx_callback3; 337 static usb_callback_t run_bulk_tx_callback4; 338 static usb_callback_t run_bulk_tx_callback5; 339 340 static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342 static int run_driver_loaded(struct module *, int, void *); 343 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349 static void run_vap_delete(struct ieee80211vap *); 350 static void run_cmdq_cb(void *, int); 351 static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355 static int run_load_microcode(struct run_softc *); 356 static int run_reset(struct run_softc *); 357 static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359 static int run_read(struct run_softc *, uint16_t, uint32_t *); 360 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362 static int run_write(struct run_softc *, uint16_t, uint32_t); 363 static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375 static const char *run_get_rf(uint16_t); 376 static void run_rt3593_get_txpower(struct run_softc *); 377 static void run_get_txpower(struct run_softc *); 378 static int run_read_eeprom(struct run_softc *); 379 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381 static int run_media_change(struct ifnet *); 382 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383 static int run_wme_update(struct ieee80211com *); 384 static void run_key_set_cb(void *); 385 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 386 static void run_key_delete_cb(void *); 387 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 388 static void run_ratectl_to(void *); 389 static void run_ratectl_cb(void *, int); 390 static void run_drain_fifo(void *); 391 static void run_iter_func(void *, struct ieee80211_node *); 392 static void run_newassoc_cb(void *); 393 static void run_newassoc(struct ieee80211_node *, int); 394 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 395 const struct ieee80211_rx_stats *, int, int); 396 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 397 static void run_tx_free(struct run_endpoint_queue *pq, 398 struct run_tx_data *, int); 399 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 400 static int run_tx(struct run_softc *, struct mbuf *, 401 struct ieee80211_node *); 402 static int run_tx_mgt(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404 static int run_sendprot(struct run_softc *, const struct mbuf *, 405 struct ieee80211_node *, int, int); 406 static int run_tx_param(struct run_softc *, struct mbuf *, 407 struct ieee80211_node *, 408 const struct ieee80211_bpf_params *); 409 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 410 const struct ieee80211_bpf_params *); 411 static int run_transmit(struct ieee80211com *, struct mbuf *); 412 static void run_start(struct run_softc *); 413 static void run_parent(struct ieee80211com *); 414 static void run_iq_calib(struct run_softc *, u_int); 415 static void run_set_agc(struct run_softc *, uint8_t); 416 static void run_select_chan_group(struct run_softc *, int); 417 static void run_set_rx_antenna(struct run_softc *, int); 418 static void run_rt2870_set_chan(struct run_softc *, u_int); 419 static void run_rt3070_set_chan(struct run_softc *, u_int); 420 static void run_rt3572_set_chan(struct run_softc *, u_int); 421 static void run_rt3593_set_chan(struct run_softc *, u_int); 422 static void run_rt5390_set_chan(struct run_softc *, u_int); 423 static void run_rt5592_set_chan(struct run_softc *, u_int); 424 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 425 static void run_set_channel(struct ieee80211com *); 426 static void run_getradiocaps(struct ieee80211com *, int, int *, 427 struct ieee80211_channel[]); 428 static void run_scan_start(struct ieee80211com *); 429 static void run_scan_end(struct ieee80211com *); 430 static void run_update_beacon(struct ieee80211vap *, int); 431 static void run_update_beacon_cb(void *); 432 static void run_updateprot(struct ieee80211com *); 433 static void run_updateprot_cb(void *); 434 static void run_usb_timeout_cb(void *); 435 static void run_reset_livelock(struct run_softc *); 436 static void run_enable_tsf_sync(struct run_softc *); 437 static void run_enable_tsf(struct run_softc *); 438 static void run_get_tsf(struct run_softc *, uint64_t *); 439 static void run_enable_mrr(struct run_softc *); 440 static void run_set_txpreamble(struct run_softc *); 441 static void run_set_basicrates(struct run_softc *); 442 static void run_set_leds(struct run_softc *, uint16_t); 443 static void run_set_bssid(struct run_softc *, const uint8_t *); 444 static void run_set_macaddr(struct run_softc *, const uint8_t *); 445 static void run_updateslot(struct ieee80211com *); 446 static void run_updateslot_cb(void *); 447 static void run_update_mcast(struct ieee80211com *); 448 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 449 static void run_update_promisc_locked(struct run_softc *); 450 static void run_update_promisc(struct ieee80211com *); 451 static void run_rt5390_bbp_init(struct run_softc *); 452 static int run_bbp_init(struct run_softc *); 453 static int run_rt3070_rf_init(struct run_softc *); 454 static void run_rt3593_rf_init(struct run_softc *); 455 static void run_rt5390_rf_init(struct run_softc *); 456 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 457 uint8_t *); 458 static void run_rt3070_rf_setup(struct run_softc *); 459 static void run_rt3593_rf_setup(struct run_softc *); 460 static void run_rt5390_rf_setup(struct run_softc *); 461 static int run_txrx_enable(struct run_softc *); 462 static void run_adjust_freq_offset(struct run_softc *); 463 static void run_init_locked(struct run_softc *); 464 static void run_stop(void *); 465 static void run_delay(struct run_softc *, u_int); 466 467 static eventhandler_tag run_etag; 468 469 static const struct rt2860_rate { 470 uint8_t rate; 471 uint8_t mcs; 472 enum ieee80211_phytype phy; 473 uint8_t ctl_ridx; 474 uint16_t sp_ack_dur; 475 uint16_t lp_ack_dur; 476 } rt2860_rates[] = { 477 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 478 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 479 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 480 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 481 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 482 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 483 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 484 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 485 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 486 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 487 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 488 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 489 }; 490 491 static const struct { 492 uint16_t reg; 493 uint32_t val; 494 } rt2870_def_mac[] = { 495 RT2870_DEF_MAC 496 }; 497 498 static const struct { 499 uint8_t reg; 500 uint8_t val; 501 } rt2860_def_bbp[] = { 502 RT2860_DEF_BBP 503 },rt5390_def_bbp[] = { 504 RT5390_DEF_BBP 505 },rt5592_def_bbp[] = { 506 RT5592_DEF_BBP 507 }; 508 509 /* 510 * Default values for BBP register R196 for RT5592. 511 */ 512 static const uint8_t rt5592_bbp_r196[] = { 513 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 514 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 515 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 516 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 517 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 518 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 519 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 520 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 521 0x2e, 0x36, 0x30, 0x6e 522 }; 523 524 static const struct rfprog { 525 uint8_t chan; 526 uint32_t r1, r2, r3, r4; 527 } rt2860_rf2850[] = { 528 RT2860_RF2850 529 }; 530 531 struct { 532 uint8_t n, r, k; 533 } rt3070_freqs[] = { 534 RT3070_RF3052 535 }; 536 537 static const struct rt5592_freqs { 538 uint16_t n; 539 uint8_t k, m, r; 540 } rt5592_freqs_20mhz[] = { 541 RT5592_RF5592_20MHZ 542 },rt5592_freqs_40mhz[] = { 543 RT5592_RF5592_40MHZ 544 }; 545 546 static const struct { 547 uint8_t reg; 548 uint8_t val; 549 } rt3070_def_rf[] = { 550 RT3070_DEF_RF 551 },rt3572_def_rf[] = { 552 RT3572_DEF_RF 553 },rt3593_def_rf[] = { 554 RT3593_DEF_RF 555 },rt5390_def_rf[] = { 556 RT5390_DEF_RF 557 },rt5392_def_rf[] = { 558 RT5392_DEF_RF 559 },rt5592_def_rf[] = { 560 RT5592_DEF_RF 561 },rt5592_2ghz_def_rf[] = { 562 RT5592_2GHZ_DEF_RF 563 },rt5592_5ghz_def_rf[] = { 564 RT5592_5GHZ_DEF_RF 565 }; 566 567 static const struct { 568 u_int firstchan; 569 u_int lastchan; 570 uint8_t reg; 571 uint8_t val; 572 } rt5592_chan_5ghz[] = { 573 RT5592_CHAN_5GHZ 574 }; 575 576 static const struct usb_config run_config[RUN_N_XFER] = { 577 [RUN_BULK_TX_BE] = { 578 .type = UE_BULK, 579 .endpoint = UE_ADDR_ANY, 580 .ep_index = 0, 581 .direction = UE_DIR_OUT, 582 .bufsize = RUN_MAX_TXSZ, 583 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 584 .callback = run_bulk_tx_callback0, 585 .timeout = 5000, /* ms */ 586 }, 587 [RUN_BULK_TX_BK] = { 588 .type = UE_BULK, 589 .endpoint = UE_ADDR_ANY, 590 .direction = UE_DIR_OUT, 591 .ep_index = 1, 592 .bufsize = RUN_MAX_TXSZ, 593 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 594 .callback = run_bulk_tx_callback1, 595 .timeout = 5000, /* ms */ 596 }, 597 [RUN_BULK_TX_VI] = { 598 .type = UE_BULK, 599 .endpoint = UE_ADDR_ANY, 600 .direction = UE_DIR_OUT, 601 .ep_index = 2, 602 .bufsize = RUN_MAX_TXSZ, 603 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 604 .callback = run_bulk_tx_callback2, 605 .timeout = 5000, /* ms */ 606 }, 607 [RUN_BULK_TX_VO] = { 608 .type = UE_BULK, 609 .endpoint = UE_ADDR_ANY, 610 .direction = UE_DIR_OUT, 611 .ep_index = 3, 612 .bufsize = RUN_MAX_TXSZ, 613 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 614 .callback = run_bulk_tx_callback3, 615 .timeout = 5000, /* ms */ 616 }, 617 [RUN_BULK_TX_HCCA] = { 618 .type = UE_BULK, 619 .endpoint = UE_ADDR_ANY, 620 .direction = UE_DIR_OUT, 621 .ep_index = 4, 622 .bufsize = RUN_MAX_TXSZ, 623 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 624 .callback = run_bulk_tx_callback4, 625 .timeout = 5000, /* ms */ 626 }, 627 [RUN_BULK_TX_PRIO] = { 628 .type = UE_BULK, 629 .endpoint = UE_ADDR_ANY, 630 .direction = UE_DIR_OUT, 631 .ep_index = 5, 632 .bufsize = RUN_MAX_TXSZ, 633 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 634 .callback = run_bulk_tx_callback5, 635 .timeout = 5000, /* ms */ 636 }, 637 [RUN_BULK_RX] = { 638 .type = UE_BULK, 639 .endpoint = UE_ADDR_ANY, 640 .direction = UE_DIR_IN, 641 .bufsize = RUN_MAX_RXSZ, 642 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 643 .callback = run_bulk_rx_callback, 644 } 645 }; 646 647 static void 648 run_autoinst(void *arg, struct usb_device *udev, 649 struct usb_attach_arg *uaa) 650 { 651 struct usb_interface *iface; 652 struct usb_interface_descriptor *id; 653 654 if (uaa->dev_state != UAA_DEV_READY) 655 return; 656 657 iface = usbd_get_iface(udev, 0); 658 if (iface == NULL) 659 return; 660 id = iface->idesc; 661 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 662 return; 663 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 664 return; 665 666 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 667 uaa->dev_state = UAA_DEV_EJECTING; 668 } 669 670 static int 671 run_driver_loaded(struct module *mod, int what, void *arg) 672 { 673 switch (what) { 674 case MOD_LOAD: 675 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 676 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 677 break; 678 case MOD_UNLOAD: 679 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 680 break; 681 default: 682 return (EOPNOTSUPP); 683 } 684 return (0); 685 } 686 687 static int 688 run_match(device_t self) 689 { 690 struct usb_attach_arg *uaa = device_get_ivars(self); 691 692 if (uaa->usb_mode != USB_MODE_HOST) 693 return (ENXIO); 694 if (uaa->info.bConfigIndex != 0) 695 return (ENXIO); 696 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 697 return (ENXIO); 698 699 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 700 } 701 702 static int 703 run_attach(device_t self) 704 { 705 struct run_softc *sc = device_get_softc(self); 706 struct usb_attach_arg *uaa = device_get_ivars(self); 707 struct ieee80211com *ic = &sc->sc_ic; 708 uint32_t ver; 709 uint8_t iface_index; 710 int ntries, error; 711 712 device_set_usb_desc(self); 713 sc->sc_udev = uaa->device; 714 sc->sc_dev = self; 715 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 716 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 717 718 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 719 MTX_NETWORK_LOCK, MTX_DEF); 720 mbufq_init(&sc->sc_snd, ifqmaxlen); 721 722 iface_index = RT2860_IFACE_INDEX; 723 724 error = usbd_transfer_setup(uaa->device, &iface_index, 725 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 726 if (error) { 727 device_printf(self, "could not allocate USB transfers, " 728 "err=%s\n", usbd_errstr(error)); 729 goto detach; 730 } 731 732 RUN_LOCK(sc); 733 734 /* wait for the chip to settle */ 735 for (ntries = 0; ntries < 100; ntries++) { 736 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 737 RUN_UNLOCK(sc); 738 goto detach; 739 } 740 if (ver != 0 && ver != 0xffffffff) 741 break; 742 run_delay(sc, 10); 743 } 744 if (ntries == 100) { 745 device_printf(sc->sc_dev, 746 "timeout waiting for NIC to initialize\n"); 747 RUN_UNLOCK(sc); 748 goto detach; 749 } 750 sc->mac_ver = ver >> 16; 751 sc->mac_rev = ver & 0xffff; 752 753 /* retrieve RF rev. no and various other things from EEPROM */ 754 run_read_eeprom(sc); 755 756 device_printf(sc->sc_dev, 757 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 758 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 759 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 760 761 RUN_UNLOCK(sc); 762 763 ic->ic_softc = sc; 764 ic->ic_name = device_get_nameunit(self); 765 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 766 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 767 768 /* set device capabilities */ 769 ic->ic_caps = 770 IEEE80211_C_STA | /* station mode supported */ 771 IEEE80211_C_MONITOR | /* monitor mode supported */ 772 IEEE80211_C_IBSS | 773 IEEE80211_C_HOSTAP | 774 IEEE80211_C_WDS | /* 4-address traffic works */ 775 IEEE80211_C_MBSS | 776 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 777 IEEE80211_C_SHSLOT | /* short slot time supported */ 778 IEEE80211_C_WME | /* WME */ 779 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 780 781 ic->ic_cryptocaps = 782 IEEE80211_CRYPTO_WEP | 783 IEEE80211_CRYPTO_AES_CCM | 784 IEEE80211_CRYPTO_TKIPMIC | 785 IEEE80211_CRYPTO_TKIP; 786 787 ic->ic_flags |= IEEE80211_F_DATAPAD; 788 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 789 790 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 791 ic->ic_channels); 792 793 ieee80211_ifattach(ic); 794 795 ic->ic_scan_start = run_scan_start; 796 ic->ic_scan_end = run_scan_end; 797 ic->ic_set_channel = run_set_channel; 798 ic->ic_getradiocaps = run_getradiocaps; 799 ic->ic_node_alloc = run_node_alloc; 800 ic->ic_newassoc = run_newassoc; 801 ic->ic_updateslot = run_updateslot; 802 ic->ic_update_mcast = run_update_mcast; 803 ic->ic_wme.wme_update = run_wme_update; 804 ic->ic_raw_xmit = run_raw_xmit; 805 ic->ic_update_promisc = run_update_promisc; 806 ic->ic_vap_create = run_vap_create; 807 ic->ic_vap_delete = run_vap_delete; 808 ic->ic_transmit = run_transmit; 809 ic->ic_parent = run_parent; 810 811 ieee80211_radiotap_attach(ic, 812 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 813 RUN_TX_RADIOTAP_PRESENT, 814 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 815 RUN_RX_RADIOTAP_PRESENT); 816 817 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 818 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 819 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 820 821 if (bootverbose) 822 ieee80211_announce(ic); 823 824 return (0); 825 826 detach: 827 run_detach(self); 828 return (ENXIO); 829 } 830 831 static void 832 run_drain_mbufq(struct run_softc *sc) 833 { 834 struct mbuf *m; 835 struct ieee80211_node *ni; 836 837 RUN_LOCK_ASSERT(sc, MA_OWNED); 838 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 839 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 840 m->m_pkthdr.rcvif = NULL; 841 ieee80211_free_node(ni); 842 m_freem(m); 843 } 844 } 845 846 static int 847 run_detach(device_t self) 848 { 849 struct run_softc *sc = device_get_softc(self); 850 struct ieee80211com *ic = &sc->sc_ic; 851 int i; 852 853 RUN_LOCK(sc); 854 sc->sc_detached = 1; 855 RUN_UNLOCK(sc); 856 857 /* stop all USB transfers */ 858 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 859 860 RUN_LOCK(sc); 861 sc->ratectl_run = RUN_RATECTL_OFF; 862 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 863 864 /* free TX list, if any */ 865 for (i = 0; i != RUN_EP_QUEUES; i++) 866 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 867 868 /* Free TX queue */ 869 run_drain_mbufq(sc); 870 RUN_UNLOCK(sc); 871 872 if (sc->sc_ic.ic_softc == sc) { 873 /* drain tasks */ 874 usb_callout_drain(&sc->ratectl_ch); 875 ieee80211_draintask(ic, &sc->cmdq_task); 876 ieee80211_draintask(ic, &sc->ratectl_task); 877 ieee80211_ifdetach(ic); 878 } 879 880 mtx_destroy(&sc->sc_mtx); 881 882 return (0); 883 } 884 885 static struct ieee80211vap * 886 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 887 enum ieee80211_opmode opmode, int flags, 888 const uint8_t bssid[IEEE80211_ADDR_LEN], 889 const uint8_t mac[IEEE80211_ADDR_LEN]) 890 { 891 struct run_softc *sc = ic->ic_softc; 892 struct run_vap *rvp; 893 struct ieee80211vap *vap; 894 int i; 895 896 if (sc->rvp_cnt >= RUN_VAP_MAX) { 897 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 898 return (NULL); 899 } 900 901 switch (opmode) { 902 case IEEE80211_M_STA: 903 /* enable s/w bmiss handling for sta mode */ 904 flags |= IEEE80211_CLONE_NOBEACONS; 905 /* fall though */ 906 case IEEE80211_M_IBSS: 907 case IEEE80211_M_MONITOR: 908 case IEEE80211_M_HOSTAP: 909 case IEEE80211_M_MBSS: 910 /* other than WDS vaps, only one at a time */ 911 if (!TAILQ_EMPTY(&ic->ic_vaps)) 912 return (NULL); 913 break; 914 case IEEE80211_M_WDS: 915 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 916 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 917 continue; 918 /* WDS vap's always share the local mac address. */ 919 flags &= ~IEEE80211_CLONE_BSSID; 920 break; 921 } 922 if (vap == NULL) { 923 device_printf(sc->sc_dev, 924 "wds only supported in ap mode\n"); 925 return (NULL); 926 } 927 break; 928 default: 929 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 930 return (NULL); 931 } 932 933 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 934 vap = &rvp->vap; 935 936 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 937 bssid) != 0) { 938 /* out of memory */ 939 free(rvp, M_80211_VAP); 940 return (NULL); 941 } 942 943 vap->iv_update_beacon = run_update_beacon; 944 vap->iv_max_aid = RT2870_WCID_MAX; 945 /* 946 * To delete the right key from h/w, we need wcid. 947 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 948 * and matching wcid will be written into there. So, cast 949 * some spells to remove 'const' from ieee80211_key{} 950 */ 951 vap->iv_key_delete = (void *)run_key_delete; 952 vap->iv_key_set = (void *)run_key_set; 953 954 /* override state transition machine */ 955 rvp->newstate = vap->iv_newstate; 956 vap->iv_newstate = run_newstate; 957 if (opmode == IEEE80211_M_IBSS) { 958 rvp->recv_mgmt = vap->iv_recv_mgmt; 959 vap->iv_recv_mgmt = run_recv_mgmt; 960 } 961 962 ieee80211_ratectl_init(vap); 963 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 964 965 /* complete setup */ 966 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 967 mac); 968 969 /* make sure id is always unique */ 970 for (i = 0; i < RUN_VAP_MAX; i++) { 971 if((sc->rvp_bmap & 1 << i) == 0){ 972 sc->rvp_bmap |= 1 << i; 973 rvp->rvp_id = i; 974 break; 975 } 976 } 977 if (sc->rvp_cnt++ == 0) 978 ic->ic_opmode = opmode; 979 980 if (opmode == IEEE80211_M_HOSTAP) 981 sc->cmdq_run = RUN_CMDQ_GO; 982 983 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 984 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 985 986 return (vap); 987 } 988 989 static void 990 run_vap_delete(struct ieee80211vap *vap) 991 { 992 struct run_vap *rvp = RUN_VAP(vap); 993 struct ieee80211com *ic; 994 struct run_softc *sc; 995 uint8_t rvp_id; 996 997 if (vap == NULL) 998 return; 999 1000 ic = vap->iv_ic; 1001 sc = ic->ic_softc; 1002 1003 RUN_LOCK(sc); 1004 1005 m_freem(rvp->beacon_mbuf); 1006 rvp->beacon_mbuf = NULL; 1007 1008 rvp_id = rvp->rvp_id; 1009 sc->ratectl_run &= ~(1 << rvp_id); 1010 sc->rvp_bmap &= ~(1 << rvp_id); 1011 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1012 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1013 --sc->rvp_cnt; 1014 1015 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1016 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1017 1018 RUN_UNLOCK(sc); 1019 1020 ieee80211_ratectl_deinit(vap); 1021 ieee80211_vap_detach(vap); 1022 free(rvp, M_80211_VAP); 1023 } 1024 1025 /* 1026 * There are numbers of functions need to be called in context thread. 1027 * Rather than creating taskqueue event for each of those functions, 1028 * here is all-for-one taskqueue callback function. This function 1029 * guarantees deferred functions are executed in the same order they 1030 * were enqueued. 1031 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1032 */ 1033 static void 1034 run_cmdq_cb(void *arg, int pending) 1035 { 1036 struct run_softc *sc = arg; 1037 uint8_t i; 1038 1039 /* call cmdq[].func locked */ 1040 RUN_LOCK(sc); 1041 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1042 i = sc->cmdq_exec, pending--) { 1043 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1044 if (sc->cmdq_run == RUN_CMDQ_GO) { 1045 /* 1046 * If arg0 is NULL, callback func needs more 1047 * than one arg. So, pass ptr to cmdq struct. 1048 */ 1049 if (sc->cmdq[i].arg0) 1050 sc->cmdq[i].func(sc->cmdq[i].arg0); 1051 else 1052 sc->cmdq[i].func(&sc->cmdq[i]); 1053 } 1054 sc->cmdq[i].arg0 = NULL; 1055 sc->cmdq[i].func = NULL; 1056 sc->cmdq_exec++; 1057 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1058 } 1059 RUN_UNLOCK(sc); 1060 } 1061 1062 static void 1063 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1064 { 1065 struct run_tx_data *data; 1066 1067 memset(pq, 0, sizeof(*pq)); 1068 1069 STAILQ_INIT(&pq->tx_qh); 1070 STAILQ_INIT(&pq->tx_fh); 1071 1072 for (data = &pq->tx_data[0]; 1073 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1074 data->sc = sc; 1075 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1076 } 1077 pq->tx_nfree = RUN_TX_RING_COUNT; 1078 } 1079 1080 static void 1081 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1082 { 1083 struct run_tx_data *data; 1084 1085 /* make sure any subsequent use of the queues will fail */ 1086 pq->tx_nfree = 0; 1087 STAILQ_INIT(&pq->tx_fh); 1088 STAILQ_INIT(&pq->tx_qh); 1089 1090 /* free up all node references and mbufs */ 1091 for (data = &pq->tx_data[0]; 1092 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1093 if (data->m != NULL) { 1094 m_freem(data->m); 1095 data->m = NULL; 1096 } 1097 if (data->ni != NULL) { 1098 ieee80211_free_node(data->ni); 1099 data->ni = NULL; 1100 } 1101 } 1102 } 1103 1104 static int 1105 run_load_microcode(struct run_softc *sc) 1106 { 1107 usb_device_request_t req; 1108 const struct firmware *fw; 1109 const u_char *base; 1110 uint32_t tmp; 1111 int ntries, error; 1112 const uint64_t *temp; 1113 uint64_t bytes; 1114 1115 RUN_UNLOCK(sc); 1116 fw = firmware_get("runfw"); 1117 RUN_LOCK(sc); 1118 if (fw == NULL) { 1119 device_printf(sc->sc_dev, 1120 "failed loadfirmware of file %s\n", "runfw"); 1121 return ENOENT; 1122 } 1123 1124 if (fw->datasize != 8192) { 1125 device_printf(sc->sc_dev, 1126 "invalid firmware size (should be 8KB)\n"); 1127 error = EINVAL; 1128 goto fail; 1129 } 1130 1131 /* 1132 * RT3071/RT3072 use a different firmware 1133 * run-rt2870 (8KB) contains both, 1134 * first half (4KB) is for rt2870, 1135 * last half is for rt3071. 1136 */ 1137 base = fw->data; 1138 if ((sc->mac_ver) != 0x2860 && 1139 (sc->mac_ver) != 0x2872 && 1140 (sc->mac_ver) != 0x3070) { 1141 base += 4096; 1142 } 1143 1144 /* cheap sanity check */ 1145 temp = fw->data; 1146 bytes = *temp; 1147 if (bytes != be64toh(0xffffff0210280210ULL)) { 1148 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1149 error = EINVAL; 1150 goto fail; 1151 } 1152 1153 /* write microcode image */ 1154 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1155 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1156 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1157 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1158 } 1159 1160 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1161 req.bRequest = RT2870_RESET; 1162 USETW(req.wValue, 8); 1163 USETW(req.wIndex, 0); 1164 USETW(req.wLength, 0); 1165 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1166 != 0) { 1167 device_printf(sc->sc_dev, "firmware reset failed\n"); 1168 goto fail; 1169 } 1170 1171 run_delay(sc, 10); 1172 1173 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1174 run_write(sc, RT2860_H2M_MAILBOX, 0); 1175 run_write(sc, RT2860_H2M_INTSRC, 0); 1176 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1177 goto fail; 1178 1179 /* wait until microcontroller is ready */ 1180 for (ntries = 0; ntries < 1000; ntries++) { 1181 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1182 goto fail; 1183 if (tmp & RT2860_MCU_READY) 1184 break; 1185 run_delay(sc, 10); 1186 } 1187 if (ntries == 1000) { 1188 device_printf(sc->sc_dev, 1189 "timeout waiting for MCU to initialize\n"); 1190 error = ETIMEDOUT; 1191 goto fail; 1192 } 1193 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1194 (base == fw->data) ? "RT2870" : "RT3071", 1195 *(base + 4092), *(base + 4093)); 1196 1197 fail: 1198 firmware_put(fw, FIRMWARE_UNLOAD); 1199 return (error); 1200 } 1201 1202 static int 1203 run_reset(struct run_softc *sc) 1204 { 1205 usb_device_request_t req; 1206 1207 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1208 req.bRequest = RT2870_RESET; 1209 USETW(req.wValue, 1); 1210 USETW(req.wIndex, 0); 1211 USETW(req.wLength, 0); 1212 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1213 } 1214 1215 static usb_error_t 1216 run_do_request(struct run_softc *sc, 1217 struct usb_device_request *req, void *data) 1218 { 1219 usb_error_t err; 1220 int ntries = 10; 1221 1222 RUN_LOCK_ASSERT(sc, MA_OWNED); 1223 1224 while (ntries--) { 1225 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1226 req, data, 0, NULL, 250 /* ms */); 1227 if (err == 0) 1228 break; 1229 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1230 usbd_errstr(err)); 1231 run_delay(sc, 10); 1232 } 1233 return (err); 1234 } 1235 1236 static int 1237 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1238 { 1239 uint32_t tmp; 1240 int error; 1241 1242 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1243 if (error == 0) 1244 *val = le32toh(tmp); 1245 else 1246 *val = 0xffffffff; 1247 return (error); 1248 } 1249 1250 static int 1251 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1252 { 1253 usb_device_request_t req; 1254 1255 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1256 req.bRequest = RT2870_READ_REGION_1; 1257 USETW(req.wValue, 0); 1258 USETW(req.wIndex, reg); 1259 USETW(req.wLength, len); 1260 1261 return (run_do_request(sc, &req, buf)); 1262 } 1263 1264 static int 1265 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1266 { 1267 usb_device_request_t req; 1268 1269 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1270 req.bRequest = RT2870_WRITE_2; 1271 USETW(req.wValue, val); 1272 USETW(req.wIndex, reg); 1273 USETW(req.wLength, 0); 1274 1275 return (run_do_request(sc, &req, NULL)); 1276 } 1277 1278 static int 1279 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1280 { 1281 int error; 1282 1283 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1284 error = run_write_2(sc, reg + 2, val >> 16); 1285 return (error); 1286 } 1287 1288 static int 1289 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1290 int len) 1291 { 1292 #if 1 1293 int i, error = 0; 1294 /* 1295 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1296 * We thus issue multiple WRITE_2 commands instead. 1297 */ 1298 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1299 for (i = 0; i < len && error == 0; i += 2) 1300 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1301 return (error); 1302 #else 1303 usb_device_request_t req; 1304 int error = 0; 1305 1306 /* 1307 * NOTE: It appears the WRITE_REGION_1 command cannot be 1308 * passed a huge amount of data, which will crash the 1309 * firmware. Limit amount of data passed to 64-bytes at a 1310 * time. 1311 */ 1312 while (len > 0) { 1313 int delta = 64; 1314 if (delta > len) 1315 delta = len; 1316 1317 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1318 req.bRequest = RT2870_WRITE_REGION_1; 1319 USETW(req.wValue, 0); 1320 USETW(req.wIndex, reg); 1321 USETW(req.wLength, delta); 1322 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1323 if (error != 0) 1324 break; 1325 reg += delta; 1326 buf += delta; 1327 len -= delta; 1328 } 1329 return (error); 1330 #endif 1331 } 1332 1333 static int 1334 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1335 { 1336 int i, error = 0; 1337 1338 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1339 for (i = 0; i < len && error == 0; i += 4) 1340 error = run_write(sc, reg + i, val); 1341 return (error); 1342 } 1343 1344 static int 1345 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1346 { 1347 uint32_t tmp; 1348 uint16_t reg; 1349 int error, ntries; 1350 1351 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1352 return (error); 1353 1354 if (count == 2) 1355 addr *= 2; 1356 /*- 1357 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1358 * DATA0: F E D C 1359 * DATA1: B A 9 8 1360 * DATA2: 7 6 5 4 1361 * DATA3: 3 2 1 0 1362 */ 1363 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1364 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1365 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1366 for (ntries = 0; ntries < 100; ntries++) { 1367 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1368 return (error); 1369 if (!(tmp & RT3070_EFSROM_KICK)) 1370 break; 1371 run_delay(sc, 2); 1372 } 1373 if (ntries == 100) 1374 return (ETIMEDOUT); 1375 1376 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1377 *val = 0xffff; /* address not found */ 1378 return (0); 1379 } 1380 /* determine to which 32-bit register our 16-bit word belongs */ 1381 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1382 if ((error = run_read(sc, reg, &tmp)) != 0) 1383 return (error); 1384 1385 tmp >>= (8 * (addr & 0x3)); 1386 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1387 1388 return (0); 1389 } 1390 1391 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1392 static int 1393 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1394 { 1395 return (run_efuse_read(sc, addr, val, 2)); 1396 } 1397 1398 static int 1399 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1400 { 1401 usb_device_request_t req; 1402 uint16_t tmp; 1403 int error; 1404 1405 addr *= 2; 1406 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1407 req.bRequest = RT2870_EEPROM_READ; 1408 USETW(req.wValue, 0); 1409 USETW(req.wIndex, addr); 1410 USETW(req.wLength, sizeof(tmp)); 1411 1412 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1413 if (error == 0) 1414 *val = le16toh(tmp); 1415 else 1416 *val = 0xffff; 1417 return (error); 1418 } 1419 1420 static __inline int 1421 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1422 { 1423 /* either eFUSE ROM or EEPROM */ 1424 return sc->sc_srom_read(sc, addr, val); 1425 } 1426 1427 static int 1428 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1429 { 1430 uint32_t tmp; 1431 int error, ntries; 1432 1433 for (ntries = 0; ntries < 10; ntries++) { 1434 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1435 return (error); 1436 if (!(tmp & RT2860_RF_REG_CTRL)) 1437 break; 1438 } 1439 if (ntries == 10) 1440 return (ETIMEDOUT); 1441 1442 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1443 } 1444 1445 static int 1446 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1447 { 1448 uint32_t tmp; 1449 int error, ntries; 1450 1451 for (ntries = 0; ntries < 100; ntries++) { 1452 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1453 return (error); 1454 if (!(tmp & RT3070_RF_KICK)) 1455 break; 1456 } 1457 if (ntries == 100) 1458 return (ETIMEDOUT); 1459 1460 tmp = RT3070_RF_KICK | reg << 8; 1461 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1462 return (error); 1463 1464 for (ntries = 0; ntries < 100; ntries++) { 1465 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1466 return (error); 1467 if (!(tmp & RT3070_RF_KICK)) 1468 break; 1469 } 1470 if (ntries == 100) 1471 return (ETIMEDOUT); 1472 1473 *val = tmp & 0xff; 1474 return (0); 1475 } 1476 1477 static int 1478 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1479 { 1480 uint32_t tmp; 1481 int error, ntries; 1482 1483 for (ntries = 0; ntries < 10; ntries++) { 1484 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1485 return (error); 1486 if (!(tmp & RT3070_RF_KICK)) 1487 break; 1488 } 1489 if (ntries == 10) 1490 return (ETIMEDOUT); 1491 1492 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1493 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1494 } 1495 1496 static int 1497 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1498 { 1499 uint32_t tmp; 1500 int ntries, error; 1501 1502 for (ntries = 0; ntries < 10; ntries++) { 1503 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1504 return (error); 1505 if (!(tmp & RT2860_BBP_CSR_KICK)) 1506 break; 1507 } 1508 if (ntries == 10) 1509 return (ETIMEDOUT); 1510 1511 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1512 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1513 return (error); 1514 1515 for (ntries = 0; ntries < 10; ntries++) { 1516 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1517 return (error); 1518 if (!(tmp & RT2860_BBP_CSR_KICK)) 1519 break; 1520 } 1521 if (ntries == 10) 1522 return (ETIMEDOUT); 1523 1524 *val = tmp & 0xff; 1525 return (0); 1526 } 1527 1528 static int 1529 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1530 { 1531 uint32_t tmp; 1532 int ntries, error; 1533 1534 for (ntries = 0; ntries < 10; ntries++) { 1535 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1536 return (error); 1537 if (!(tmp & RT2860_BBP_CSR_KICK)) 1538 break; 1539 } 1540 if (ntries == 10) 1541 return (ETIMEDOUT); 1542 1543 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1544 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1545 } 1546 1547 /* 1548 * Send a command to the 8051 microcontroller unit. 1549 */ 1550 static int 1551 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1552 { 1553 uint32_t tmp; 1554 int error, ntries; 1555 1556 for (ntries = 0; ntries < 100; ntries++) { 1557 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1558 return error; 1559 if (!(tmp & RT2860_H2M_BUSY)) 1560 break; 1561 } 1562 if (ntries == 100) 1563 return ETIMEDOUT; 1564 1565 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1566 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1567 error = run_write(sc, RT2860_HOST_CMD, cmd); 1568 return (error); 1569 } 1570 1571 /* 1572 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1573 * Used to adjust per-rate Tx power registers. 1574 */ 1575 static __inline uint32_t 1576 b4inc(uint32_t b32, int8_t delta) 1577 { 1578 int8_t i, b4; 1579 1580 for (i = 0; i < 8; i++) { 1581 b4 = b32 & 0xf; 1582 b4 += delta; 1583 if (b4 < 0) 1584 b4 = 0; 1585 else if (b4 > 0xf) 1586 b4 = 0xf; 1587 b32 = b32 >> 4 | b4 << 28; 1588 } 1589 return (b32); 1590 } 1591 1592 static const char * 1593 run_get_rf(uint16_t rev) 1594 { 1595 switch (rev) { 1596 case RT2860_RF_2820: return "RT2820"; 1597 case RT2860_RF_2850: return "RT2850"; 1598 case RT2860_RF_2720: return "RT2720"; 1599 case RT2860_RF_2750: return "RT2750"; 1600 case RT3070_RF_3020: return "RT3020"; 1601 case RT3070_RF_2020: return "RT2020"; 1602 case RT3070_RF_3021: return "RT3021"; 1603 case RT3070_RF_3022: return "RT3022"; 1604 case RT3070_RF_3052: return "RT3052"; 1605 case RT3593_RF_3053: return "RT3053"; 1606 case RT5592_RF_5592: return "RT5592"; 1607 case RT5390_RF_5370: return "RT5370"; 1608 case RT5390_RF_5372: return "RT5372"; 1609 } 1610 return ("unknown"); 1611 } 1612 1613 static void 1614 run_rt3593_get_txpower(struct run_softc *sc) 1615 { 1616 uint16_t addr, val; 1617 int i; 1618 1619 /* Read power settings for 2GHz channels. */ 1620 for (i = 0; i < 14; i += 2) { 1621 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1622 RT2860_EEPROM_PWR2GHZ_BASE1; 1623 run_srom_read(sc, addr + i / 2, &val); 1624 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1625 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1626 1627 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1628 RT2860_EEPROM_PWR2GHZ_BASE2; 1629 run_srom_read(sc, addr + i / 2, &val); 1630 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1631 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1632 1633 if (sc->ntxchains == 3) { 1634 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1635 &val); 1636 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1637 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1638 } 1639 } 1640 /* Fix broken Tx power entries. */ 1641 for (i = 0; i < 14; i++) { 1642 if (sc->txpow1[i] > 31) 1643 sc->txpow1[i] = 5; 1644 if (sc->txpow2[i] > 31) 1645 sc->txpow2[i] = 5; 1646 if (sc->ntxchains == 3) { 1647 if (sc->txpow3[i] > 31) 1648 sc->txpow3[i] = 5; 1649 } 1650 } 1651 /* Read power settings for 5GHz channels. */ 1652 for (i = 0; i < 40; i += 2) { 1653 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1654 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1655 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1656 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1658 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1660 1661 if (sc->ntxchains == 3) { 1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1663 &val); 1664 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1665 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1666 } 1667 } 1668 } 1669 1670 static void 1671 run_get_txpower(struct run_softc *sc) 1672 { 1673 uint16_t val; 1674 int i; 1675 1676 /* Read power settings for 2GHz channels. */ 1677 for (i = 0; i < 14; i += 2) { 1678 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1679 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1680 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1681 1682 if (sc->mac_ver != 0x5390) { 1683 run_srom_read(sc, 1684 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1685 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1686 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1687 } 1688 } 1689 /* Fix broken Tx power entries. */ 1690 for (i = 0; i < 14; i++) { 1691 if (sc->mac_ver >= 0x5390) { 1692 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1693 sc->txpow1[i] = 5; 1694 } else { 1695 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1696 sc->txpow1[i] = 5; 1697 } 1698 if (sc->mac_ver > 0x5390) { 1699 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1700 sc->txpow2[i] = 5; 1701 } else if (sc->mac_ver < 0x5390) { 1702 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1703 sc->txpow2[i] = 5; 1704 } 1705 DPRINTF("chan %d: power1=%d, power2=%d\n", 1706 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1707 } 1708 /* Read power settings for 5GHz channels. */ 1709 for (i = 0; i < 40; i += 2) { 1710 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1711 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1712 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1713 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1715 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1717 } 1718 /* Fix broken Tx power entries. */ 1719 for (i = 0; i < 40; i++ ) { 1720 if (sc->mac_ver != 0x5592) { 1721 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1722 sc->txpow1[14 + i] = 5; 1723 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1724 sc->txpow2[14 + i] = 5; 1725 } 1726 DPRINTF("chan %d: power1=%d, power2=%d\n", 1727 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1728 sc->txpow2[14 + i]); 1729 } 1730 } 1731 1732 static int 1733 run_read_eeprom(struct run_softc *sc) 1734 { 1735 struct ieee80211com *ic = &sc->sc_ic; 1736 int8_t delta_2ghz, delta_5ghz; 1737 uint32_t tmp; 1738 uint16_t val; 1739 int ridx, ant, i; 1740 1741 /* check whether the ROM is eFUSE ROM or EEPROM */ 1742 sc->sc_srom_read = run_eeprom_read_2; 1743 if (sc->mac_ver >= 0x3070) { 1744 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1745 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1746 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1747 sc->sc_srom_read = run_efuse_read_2; 1748 } 1749 1750 /* read ROM version */ 1751 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1752 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1753 1754 /* read MAC address */ 1755 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1756 ic->ic_macaddr[0] = val & 0xff; 1757 ic->ic_macaddr[1] = val >> 8; 1758 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1759 ic->ic_macaddr[2] = val & 0xff; 1760 ic->ic_macaddr[3] = val >> 8; 1761 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1762 ic->ic_macaddr[4] = val & 0xff; 1763 ic->ic_macaddr[5] = val >> 8; 1764 1765 if (sc->mac_ver < 0x3593) { 1766 /* read vender BBP settings */ 1767 for (i = 0; i < 10; i++) { 1768 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1769 sc->bbp[i].val = val & 0xff; 1770 sc->bbp[i].reg = val >> 8; 1771 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1772 sc->bbp[i].val); 1773 } 1774 if (sc->mac_ver >= 0x3071) { 1775 /* read vendor RF settings */ 1776 for (i = 0; i < 10; i++) { 1777 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1778 &val); 1779 sc->rf[i].val = val & 0xff; 1780 sc->rf[i].reg = val >> 8; 1781 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1782 sc->rf[i].val); 1783 } 1784 } 1785 } 1786 1787 /* read RF frequency offset from EEPROM */ 1788 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1789 RT3593_EEPROM_FREQ, &val); 1790 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1791 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1792 1793 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1794 RT3593_EEPROM_FREQ_LEDS, &val); 1795 if (val >> 8 != 0xff) { 1796 /* read LEDs operating mode */ 1797 sc->leds = val >> 8; 1798 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1799 RT3593_EEPROM_LED1, &sc->led[0]); 1800 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1801 RT3593_EEPROM_LED2, &sc->led[1]); 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1803 RT3593_EEPROM_LED3, &sc->led[2]); 1804 } else { 1805 /* broken EEPROM, use default settings */ 1806 sc->leds = 0x01; 1807 sc->led[0] = 0x5555; 1808 sc->led[1] = 0x2221; 1809 sc->led[2] = 0x5627; /* differs from RT2860 */ 1810 } 1811 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1812 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1813 1814 /* read RF information */ 1815 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1816 run_srom_read(sc, 0x00, &val); 1817 else 1818 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1819 1820 if (val == 0xffff) { 1821 device_printf(sc->sc_dev, 1822 "invalid EEPROM antenna info, using default\n"); 1823 DPRINTF("invalid EEPROM antenna info, using default\n"); 1824 if (sc->mac_ver == 0x3572) { 1825 /* default to RF3052 2T2R */ 1826 sc->rf_rev = RT3070_RF_3052; 1827 sc->ntxchains = 2; 1828 sc->nrxchains = 2; 1829 } else if (sc->mac_ver >= 0x3070) { 1830 /* default to RF3020 1T1R */ 1831 sc->rf_rev = RT3070_RF_3020; 1832 sc->ntxchains = 1; 1833 sc->nrxchains = 1; 1834 } else { 1835 /* default to RF2820 1T2R */ 1836 sc->rf_rev = RT2860_RF_2820; 1837 sc->ntxchains = 1; 1838 sc->nrxchains = 2; 1839 } 1840 } else { 1841 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1842 sc->rf_rev = val; 1843 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1844 } else 1845 sc->rf_rev = (val >> 8) & 0xf; 1846 sc->ntxchains = (val >> 4) & 0xf; 1847 sc->nrxchains = val & 0xf; 1848 } 1849 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1850 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1851 1852 /* check if RF supports automatic Tx access gain control */ 1853 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1854 DPRINTF("EEPROM CFG 0x%04x\n", val); 1855 /* check if driver should patch the DAC issue */ 1856 if ((val >> 8) != 0xff) 1857 sc->patch_dac = (val >> 15) & 1; 1858 if ((val & 0xff) != 0xff) { 1859 sc->ext_5ghz_lna = (val >> 3) & 1; 1860 sc->ext_2ghz_lna = (val >> 2) & 1; 1861 /* check if RF supports automatic Tx access gain control */ 1862 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1863 /* check if we have a hardware radio switch */ 1864 sc->rfswitch = val & 1; 1865 } 1866 1867 /* Read Tx power settings. */ 1868 if (sc->mac_ver == 0x3593) 1869 run_rt3593_get_txpower(sc); 1870 else 1871 run_get_txpower(sc); 1872 1873 /* read Tx power compensation for each Tx rate */ 1874 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1875 delta_2ghz = delta_5ghz = 0; 1876 if ((val & 0xff) != 0xff && (val & 0x80)) { 1877 delta_2ghz = val & 0xf; 1878 if (!(val & 0x40)) /* negative number */ 1879 delta_2ghz = -delta_2ghz; 1880 } 1881 val >>= 8; 1882 if ((val & 0xff) != 0xff && (val & 0x80)) { 1883 delta_5ghz = val & 0xf; 1884 if (!(val & 0x40)) /* negative number */ 1885 delta_5ghz = -delta_5ghz; 1886 } 1887 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1888 delta_2ghz, delta_5ghz); 1889 1890 for (ridx = 0; ridx < 5; ridx++) { 1891 uint32_t reg; 1892 1893 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1894 reg = val; 1895 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1896 reg |= (uint32_t)val << 16; 1897 1898 sc->txpow20mhz[ridx] = reg; 1899 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1900 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1901 1902 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1903 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1904 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1905 } 1906 1907 /* Read RSSI offsets and LNA gains from EEPROM. */ 1908 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1909 RT3593_EEPROM_RSSI1_2GHZ, &val); 1910 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1911 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1913 RT3593_EEPROM_RSSI2_2GHZ, &val); 1914 if (sc->mac_ver >= 0x3070) { 1915 if (sc->mac_ver == 0x3593) { 1916 sc->txmixgain_2ghz = 0; 1917 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1918 } else { 1919 /* 1920 * On RT3070 chips (limited to 2 Rx chains), this ROM 1921 * field contains the Tx mixer gain for the 2GHz band. 1922 */ 1923 if ((val & 0xff) != 0xff) 1924 sc->txmixgain_2ghz = val & 0x7; 1925 } 1926 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1927 } else 1928 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1929 if (sc->mac_ver == 0x3593) 1930 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1931 sc->lna[2] = val >> 8; /* channel group 2 */ 1932 1933 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1934 RT3593_EEPROM_RSSI1_5GHZ, &val); 1935 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1936 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1938 RT3593_EEPROM_RSSI2_5GHZ, &val); 1939 if (sc->mac_ver == 0x3572) { 1940 /* 1941 * On RT3572 chips (limited to 2 Rx chains), this ROM 1942 * field contains the Tx mixer gain for the 5GHz band. 1943 */ 1944 if ((val & 0xff) != 0xff) 1945 sc->txmixgain_5ghz = val & 0x7; 1946 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1947 } else 1948 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1949 if (sc->mac_ver == 0x3593) { 1950 sc->txmixgain_5ghz = 0; 1951 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1952 } 1953 sc->lna[3] = val >> 8; /* channel group 3 */ 1954 1955 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1956 RT3593_EEPROM_LNA, &val); 1957 sc->lna[0] = val & 0xff; /* channel group 0 */ 1958 sc->lna[1] = val >> 8; /* channel group 1 */ 1959 1960 /* fix broken 5GHz LNA entries */ 1961 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1962 DPRINTF("invalid LNA for channel group %d\n", 2); 1963 sc->lna[2] = sc->lna[1]; 1964 } 1965 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1966 DPRINTF("invalid LNA for channel group %d\n", 3); 1967 sc->lna[3] = sc->lna[1]; 1968 } 1969 1970 /* fix broken RSSI offset entries */ 1971 for (ant = 0; ant < 3; ant++) { 1972 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1973 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1974 ant + 1, sc->rssi_2ghz[ant]); 1975 sc->rssi_2ghz[ant] = 0; 1976 } 1977 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1978 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1979 ant + 1, sc->rssi_5ghz[ant]); 1980 sc->rssi_5ghz[ant] = 0; 1981 } 1982 } 1983 return (0); 1984 } 1985 1986 static struct ieee80211_node * 1987 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1988 { 1989 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1990 } 1991 1992 static int 1993 run_media_change(struct ifnet *ifp) 1994 { 1995 struct ieee80211vap *vap = ifp->if_softc; 1996 struct ieee80211com *ic = vap->iv_ic; 1997 const struct ieee80211_txparam *tp; 1998 struct run_softc *sc = ic->ic_softc; 1999 uint8_t rate, ridx; 2000 int error; 2001 2002 RUN_LOCK(sc); 2003 2004 error = ieee80211_media_change(ifp); 2005 if (error != ENETRESET) { 2006 RUN_UNLOCK(sc); 2007 return (error); 2008 } 2009 2010 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2011 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2012 struct ieee80211_node *ni; 2013 struct run_node *rn; 2014 2015 rate = ic->ic_sup_rates[ic->ic_curmode]. 2016 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2017 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2018 if (rt2860_rates[ridx].rate == rate) 2019 break; 2020 ni = ieee80211_ref_node(vap->iv_bss); 2021 rn = RUN_NODE(ni); 2022 rn->fix_ridx = ridx; 2023 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2024 ieee80211_free_node(ni); 2025 } 2026 2027 #if 0 2028 if ((ifp->if_flags & IFF_UP) && 2029 (ifp->if_drv_flags & RUN_RUNNING)){ 2030 run_init_locked(sc); 2031 } 2032 #endif 2033 2034 RUN_UNLOCK(sc); 2035 2036 return (0); 2037 } 2038 2039 static int 2040 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2041 { 2042 const struct ieee80211_txparam *tp; 2043 struct ieee80211com *ic = vap->iv_ic; 2044 struct run_softc *sc = ic->ic_softc; 2045 struct run_vap *rvp = RUN_VAP(vap); 2046 enum ieee80211_state ostate; 2047 uint32_t sta[3]; 2048 uint32_t tmp; 2049 uint8_t ratectl; 2050 uint8_t restart_ratectl = 0; 2051 uint8_t bid = 1 << rvp->rvp_id; 2052 2053 ostate = vap->iv_state; 2054 DPRINTF("%s -> %s\n", 2055 ieee80211_state_name[ostate], 2056 ieee80211_state_name[nstate]); 2057 2058 IEEE80211_UNLOCK(ic); 2059 RUN_LOCK(sc); 2060 2061 ratectl = sc->ratectl_run; /* remember current state */ 2062 sc->ratectl_run = RUN_RATECTL_OFF; 2063 usb_callout_stop(&sc->ratectl_ch); 2064 2065 if (ostate == IEEE80211_S_RUN) { 2066 /* turn link LED off */ 2067 run_set_leds(sc, RT2860_LED_RADIO); 2068 } 2069 2070 switch (nstate) { 2071 case IEEE80211_S_INIT: 2072 restart_ratectl = 1; 2073 2074 if (ostate != IEEE80211_S_RUN) 2075 break; 2076 2077 ratectl &= ~bid; 2078 sc->runbmap &= ~bid; 2079 2080 /* abort TSF synchronization if there is no vap running */ 2081 if (--sc->running == 0) { 2082 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2083 run_write(sc, RT2860_BCN_TIME_CFG, 2084 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2085 RT2860_TBTT_TIMER_EN)); 2086 } 2087 break; 2088 2089 case IEEE80211_S_RUN: 2090 if (!(sc->runbmap & bid)) { 2091 if(sc->running++) 2092 restart_ratectl = 1; 2093 sc->runbmap |= bid; 2094 } 2095 2096 m_freem(rvp->beacon_mbuf); 2097 rvp->beacon_mbuf = NULL; 2098 2099 switch (vap->iv_opmode) { 2100 case IEEE80211_M_HOSTAP: 2101 case IEEE80211_M_MBSS: 2102 sc->ap_running |= bid; 2103 ic->ic_opmode = vap->iv_opmode; 2104 run_update_beacon_cb(vap); 2105 break; 2106 case IEEE80211_M_IBSS: 2107 sc->adhoc_running |= bid; 2108 if (!sc->ap_running) 2109 ic->ic_opmode = vap->iv_opmode; 2110 run_update_beacon_cb(vap); 2111 break; 2112 case IEEE80211_M_STA: 2113 sc->sta_running |= bid; 2114 if (!sc->ap_running && !sc->adhoc_running) 2115 ic->ic_opmode = vap->iv_opmode; 2116 2117 /* read statistic counters (clear on read) */ 2118 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2119 (uint8_t *)sta, sizeof sta); 2120 2121 break; 2122 default: 2123 ic->ic_opmode = vap->iv_opmode; 2124 break; 2125 } 2126 2127 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2128 struct ieee80211_node *ni; 2129 2130 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2131 RUN_UNLOCK(sc); 2132 IEEE80211_LOCK(ic); 2133 return (-1); 2134 } 2135 run_updateslot(ic); 2136 run_enable_mrr(sc); 2137 run_set_txpreamble(sc); 2138 run_set_basicrates(sc); 2139 ni = ieee80211_ref_node(vap->iv_bss); 2140 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2141 run_set_bssid(sc, sc->sc_bssid); 2142 ieee80211_free_node(ni); 2143 run_enable_tsf_sync(sc); 2144 2145 /* enable automatic rate adaptation */ 2146 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2147 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2148 ratectl |= bid; 2149 } else 2150 run_enable_tsf(sc); 2151 2152 /* turn link LED on */ 2153 run_set_leds(sc, RT2860_LED_RADIO | 2154 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2155 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2156 2157 break; 2158 default: 2159 DPRINTFN(6, "undefined case\n"); 2160 break; 2161 } 2162 2163 /* restart amrr for running VAPs */ 2164 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2165 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2166 2167 RUN_UNLOCK(sc); 2168 IEEE80211_LOCK(ic); 2169 2170 return(rvp->newstate(vap, nstate, arg)); 2171 } 2172 2173 static int 2174 run_wme_update(struct ieee80211com *ic) 2175 { 2176 struct run_softc *sc = ic->ic_softc; 2177 const struct wmeParams *ac = 2178 ic->ic_wme.wme_chanParams.cap_wmeParams; 2179 int aci, error = 0; 2180 2181 /* update MAC TX configuration registers */ 2182 RUN_LOCK(sc); 2183 for (aci = 0; aci < WME_NUM_AC; aci++) { 2184 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2185 ac[aci].wmep_logcwmax << 16 | 2186 ac[aci].wmep_logcwmin << 12 | 2187 ac[aci].wmep_aifsn << 8 | 2188 ac[aci].wmep_txopLimit); 2189 if (error) goto err; 2190 } 2191 2192 /* update SCH/DMA registers too */ 2193 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2194 ac[WME_AC_VO].wmep_aifsn << 12 | 2195 ac[WME_AC_VI].wmep_aifsn << 8 | 2196 ac[WME_AC_BK].wmep_aifsn << 4 | 2197 ac[WME_AC_BE].wmep_aifsn); 2198 if (error) goto err; 2199 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2200 ac[WME_AC_VO].wmep_logcwmin << 12 | 2201 ac[WME_AC_VI].wmep_logcwmin << 8 | 2202 ac[WME_AC_BK].wmep_logcwmin << 4 | 2203 ac[WME_AC_BE].wmep_logcwmin); 2204 if (error) goto err; 2205 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2206 ac[WME_AC_VO].wmep_logcwmax << 12 | 2207 ac[WME_AC_VI].wmep_logcwmax << 8 | 2208 ac[WME_AC_BK].wmep_logcwmax << 4 | 2209 ac[WME_AC_BE].wmep_logcwmax); 2210 if (error) goto err; 2211 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2212 ac[WME_AC_BK].wmep_txopLimit << 16 | 2213 ac[WME_AC_BE].wmep_txopLimit); 2214 if (error) goto err; 2215 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2216 ac[WME_AC_VO].wmep_txopLimit << 16 | 2217 ac[WME_AC_VI].wmep_txopLimit); 2218 2219 err: 2220 RUN_UNLOCK(sc); 2221 if (error) 2222 DPRINTF("WME update failed\n"); 2223 2224 return (error); 2225 } 2226 2227 static void 2228 run_key_set_cb(void *arg) 2229 { 2230 struct run_cmdq *cmdq = arg; 2231 struct ieee80211vap *vap = cmdq->arg1; 2232 struct ieee80211_key *k = cmdq->k; 2233 struct ieee80211com *ic = vap->iv_ic; 2234 struct run_softc *sc = ic->ic_softc; 2235 struct ieee80211_node *ni; 2236 u_int cipher = k->wk_cipher->ic_cipher; 2237 uint32_t attr; 2238 uint16_t base, associd; 2239 uint8_t mode, wcid, iv[8]; 2240 2241 RUN_LOCK_ASSERT(sc, MA_OWNED); 2242 2243 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2244 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2245 else 2246 ni = vap->iv_bss; 2247 associd = (ni != NULL) ? ni->ni_associd : 0; 2248 2249 /* map net80211 cipher to RT2860 security mode */ 2250 switch (cipher) { 2251 case IEEE80211_CIPHER_WEP: 2252 if(k->wk_keylen < 8) 2253 mode = RT2860_MODE_WEP40; 2254 else 2255 mode = RT2860_MODE_WEP104; 2256 break; 2257 case IEEE80211_CIPHER_TKIP: 2258 mode = RT2860_MODE_TKIP; 2259 break; 2260 case IEEE80211_CIPHER_AES_CCM: 2261 mode = RT2860_MODE_AES_CCMP; 2262 break; 2263 default: 2264 DPRINTF("undefined case\n"); 2265 return; 2266 } 2267 2268 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2269 associd, k->wk_keyix, mode, 2270 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2271 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2272 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2273 2274 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2275 wcid = 0; /* NB: update WCID0 for group keys */ 2276 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2277 } else { 2278 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2279 1 : RUN_AID2WCID(associd); 2280 base = RT2860_PKEY(wcid); 2281 } 2282 2283 if (cipher == IEEE80211_CIPHER_TKIP) { 2284 if(run_write_region_1(sc, base, k->wk_key, 16)) 2285 return; 2286 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2287 return; 2288 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2289 return; 2290 } else { 2291 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2292 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2293 return; 2294 } 2295 2296 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2297 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2298 /* set initial packet number in IV+EIV */ 2299 if (cipher == IEEE80211_CIPHER_WEP) { 2300 memset(iv, 0, sizeof iv); 2301 iv[3] = vap->iv_def_txkey << 6; 2302 } else { 2303 if (cipher == IEEE80211_CIPHER_TKIP) { 2304 iv[0] = k->wk_keytsc >> 8; 2305 iv[1] = (iv[0] | 0x20) & 0x7f; 2306 iv[2] = k->wk_keytsc; 2307 } else /* CCMP */ { 2308 iv[0] = k->wk_keytsc; 2309 iv[1] = k->wk_keytsc >> 8; 2310 iv[2] = 0; 2311 } 2312 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2313 iv[4] = k->wk_keytsc >> 16; 2314 iv[5] = k->wk_keytsc >> 24; 2315 iv[6] = k->wk_keytsc >> 32; 2316 iv[7] = k->wk_keytsc >> 40; 2317 } 2318 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2319 return; 2320 } 2321 2322 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2323 /* install group key */ 2324 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2325 return; 2326 attr &= ~(0xf << (k->wk_keyix * 4)); 2327 attr |= mode << (k->wk_keyix * 4); 2328 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2329 return; 2330 } else { 2331 /* install pairwise key */ 2332 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2333 return; 2334 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2335 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2336 return; 2337 } 2338 2339 /* TODO create a pass-thru key entry? */ 2340 2341 /* need wcid to delete the right key later */ 2342 k->wk_pad = wcid; 2343 } 2344 2345 /* 2346 * Don't have to be deferred, but in order to keep order of 2347 * execution, i.e. with run_key_delete(), defer this and let 2348 * run_cmdq_cb() maintain the order. 2349 * 2350 * return 0 on error 2351 */ 2352 static int 2353 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2354 { 2355 struct ieee80211com *ic = vap->iv_ic; 2356 struct run_softc *sc = ic->ic_softc; 2357 uint32_t i; 2358 2359 i = RUN_CMDQ_GET(&sc->cmdq_store); 2360 DPRINTF("cmdq_store=%d\n", i); 2361 sc->cmdq[i].func = run_key_set_cb; 2362 sc->cmdq[i].arg0 = NULL; 2363 sc->cmdq[i].arg1 = vap; 2364 sc->cmdq[i].k = k; 2365 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2366 ieee80211_runtask(ic, &sc->cmdq_task); 2367 2368 /* 2369 * To make sure key will be set when hostapd 2370 * calls iv_key_set() before if_init(). 2371 */ 2372 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2373 RUN_LOCK(sc); 2374 sc->cmdq_key_set = RUN_CMDQ_GO; 2375 RUN_UNLOCK(sc); 2376 } 2377 2378 return (1); 2379 } 2380 2381 /* 2382 * If wlan is destroyed without being brought down i.e. without 2383 * wlan down or wpa_cli terminate, this function is called after 2384 * vap is gone. Don't refer it. 2385 */ 2386 static void 2387 run_key_delete_cb(void *arg) 2388 { 2389 struct run_cmdq *cmdq = arg; 2390 struct run_softc *sc = cmdq->arg1; 2391 struct ieee80211_key *k = &cmdq->key; 2392 uint32_t attr; 2393 uint8_t wcid; 2394 2395 RUN_LOCK_ASSERT(sc, MA_OWNED); 2396 2397 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2398 /* remove group key */ 2399 DPRINTF("removing group key\n"); 2400 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2401 attr &= ~(0xf << (k->wk_keyix * 4)); 2402 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2403 } else { 2404 /* remove pairwise key */ 2405 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2406 /* matching wcid was written to wk_pad in run_key_set() */ 2407 wcid = k->wk_pad; 2408 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2409 attr &= ~0xf; 2410 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2411 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2412 } 2413 2414 k->wk_pad = 0; 2415 } 2416 2417 /* 2418 * return 0 on error 2419 */ 2420 static int 2421 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2422 { 2423 struct ieee80211com *ic = vap->iv_ic; 2424 struct run_softc *sc = ic->ic_softc; 2425 struct ieee80211_key *k0; 2426 uint32_t i; 2427 2428 /* 2429 * When called back, key might be gone. So, make a copy 2430 * of some values need to delete keys before deferring. 2431 * But, because of LOR with node lock, cannot use lock here. 2432 * So, use atomic instead. 2433 */ 2434 i = RUN_CMDQ_GET(&sc->cmdq_store); 2435 DPRINTF("cmdq_store=%d\n", i); 2436 sc->cmdq[i].func = run_key_delete_cb; 2437 sc->cmdq[i].arg0 = NULL; 2438 sc->cmdq[i].arg1 = sc; 2439 k0 = &sc->cmdq[i].key; 2440 k0->wk_flags = k->wk_flags; 2441 k0->wk_keyix = k->wk_keyix; 2442 /* matching wcid was written to wk_pad in run_key_set() */ 2443 k0->wk_pad = k->wk_pad; 2444 ieee80211_runtask(ic, &sc->cmdq_task); 2445 return (1); /* return fake success */ 2446 2447 } 2448 2449 static void 2450 run_ratectl_to(void *arg) 2451 { 2452 struct run_softc *sc = arg; 2453 2454 /* do it in a process context, so it can go sleep */ 2455 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2456 /* next timeout will be rescheduled in the callback task */ 2457 } 2458 2459 /* ARGSUSED */ 2460 static void 2461 run_ratectl_cb(void *arg, int pending) 2462 { 2463 struct run_softc *sc = arg; 2464 struct ieee80211com *ic = &sc->sc_ic; 2465 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2466 2467 if (vap == NULL) 2468 return; 2469 2470 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2471 /* 2472 * run_reset_livelock() doesn't do anything with AMRR, 2473 * but Ralink wants us to call it every 1 sec. So, we 2474 * piggyback here rather than creating another callout. 2475 * Livelock may occur only in HOSTAP or IBSS mode 2476 * (when h/w is sending beacons). 2477 */ 2478 RUN_LOCK(sc); 2479 run_reset_livelock(sc); 2480 /* just in case, there are some stats to drain */ 2481 run_drain_fifo(sc); 2482 RUN_UNLOCK(sc); 2483 } 2484 2485 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2486 2487 RUN_LOCK(sc); 2488 if(sc->ratectl_run != RUN_RATECTL_OFF) 2489 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2490 RUN_UNLOCK(sc); 2491 } 2492 2493 static void 2494 run_drain_fifo(void *arg) 2495 { 2496 struct run_softc *sc = arg; 2497 uint32_t stat; 2498 uint16_t (*wstat)[3]; 2499 uint8_t wcid, mcs, pid; 2500 int8_t retry; 2501 2502 RUN_LOCK_ASSERT(sc, MA_OWNED); 2503 2504 for (;;) { 2505 /* drain Tx status FIFO (maxsize = 16) */ 2506 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2507 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2508 if (!(stat & RT2860_TXQ_VLD)) 2509 break; 2510 2511 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2512 2513 /* if no ACK was requested, no feedback is available */ 2514 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2515 wcid == 0) 2516 continue; 2517 2518 /* 2519 * Even though each stat is Tx-complete-status like format, 2520 * the device can poll stats. Because there is no guarantee 2521 * that the referring node is still around when read the stats. 2522 * So that, if we use ieee80211_ratectl_tx_update(), we will 2523 * have hard time not to refer already freed node. 2524 * 2525 * To eliminate such page faults, we poll stats in softc. 2526 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2527 */ 2528 wstat = &(sc->wcid_stats[wcid]); 2529 (*wstat)[RUN_TXCNT]++; 2530 if (stat & RT2860_TXQ_OK) 2531 (*wstat)[RUN_SUCCESS]++; 2532 else 2533 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2534 /* 2535 * Check if there were retries, ie if the Tx success rate is 2536 * different from the requested rate. Note that it works only 2537 * because we do not allow rate fallback from OFDM to CCK. 2538 */ 2539 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2540 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2541 if ((retry = pid -1 - mcs) > 0) { 2542 (*wstat)[RUN_TXCNT] += retry; 2543 (*wstat)[RUN_RETRY] += retry; 2544 } 2545 } 2546 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2547 2548 sc->fifo_cnt = 0; 2549 } 2550 2551 static void 2552 run_iter_func(void *arg, struct ieee80211_node *ni) 2553 { 2554 struct run_softc *sc = arg; 2555 struct ieee80211vap *vap = ni->ni_vap; 2556 struct run_node *rn = RUN_NODE(ni); 2557 union run_stats sta[2]; 2558 uint16_t (*wstat)[3]; 2559 int txcnt, success, retrycnt, error; 2560 2561 RUN_LOCK(sc); 2562 2563 /* Check for special case */ 2564 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2565 ni != vap->iv_bss) 2566 goto fail; 2567 2568 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2569 vap->iv_opmode == IEEE80211_M_STA)) { 2570 /* read statistic counters (clear on read) and update AMRR state */ 2571 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2572 sizeof sta); 2573 if (error != 0) 2574 goto fail; 2575 2576 /* count failed TX as errors */ 2577 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2578 le16toh(sta[0].error.fail)); 2579 2580 retrycnt = le16toh(sta[1].tx.retry); 2581 success = le16toh(sta[1].tx.success); 2582 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2583 2584 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2585 retrycnt, success, le16toh(sta[0].error.fail)); 2586 } else { 2587 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2588 2589 if (wstat == &(sc->wcid_stats[0]) || 2590 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2591 goto fail; 2592 2593 txcnt = (*wstat)[RUN_TXCNT]; 2594 success = (*wstat)[RUN_SUCCESS]; 2595 retrycnt = (*wstat)[RUN_RETRY]; 2596 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2597 retrycnt, txcnt, success); 2598 2599 memset(wstat, 0, sizeof(*wstat)); 2600 } 2601 2602 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2603 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2604 2605 fail: 2606 RUN_UNLOCK(sc); 2607 2608 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2609 } 2610 2611 static void 2612 run_newassoc_cb(void *arg) 2613 { 2614 struct run_cmdq *cmdq = arg; 2615 struct ieee80211_node *ni = cmdq->arg1; 2616 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2617 uint8_t wcid = cmdq->wcid; 2618 2619 RUN_LOCK_ASSERT(sc, MA_OWNED); 2620 2621 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2622 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2623 2624 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2625 } 2626 2627 static void 2628 run_newassoc(struct ieee80211_node *ni, int isnew) 2629 { 2630 struct run_node *rn = RUN_NODE(ni); 2631 struct ieee80211_rateset *rs = &ni->ni_rates; 2632 struct ieee80211vap *vap = ni->ni_vap; 2633 struct ieee80211com *ic = vap->iv_ic; 2634 struct run_softc *sc = ic->ic_softc; 2635 uint8_t rate; 2636 uint8_t ridx; 2637 uint8_t wcid; 2638 int i, j; 2639 2640 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2641 1 : RUN_AID2WCID(ni->ni_associd); 2642 2643 if (wcid > RT2870_WCID_MAX) { 2644 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2645 return; 2646 } 2647 2648 /* only interested in true associations */ 2649 if (isnew && ni->ni_associd != 0) { 2650 2651 /* 2652 * This function could is called though timeout function. 2653 * Need to defer. 2654 */ 2655 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2656 DPRINTF("cmdq_store=%d\n", cnt); 2657 sc->cmdq[cnt].func = run_newassoc_cb; 2658 sc->cmdq[cnt].arg0 = NULL; 2659 sc->cmdq[cnt].arg1 = ni; 2660 sc->cmdq[cnt].wcid = wcid; 2661 ieee80211_runtask(ic, &sc->cmdq_task); 2662 } 2663 2664 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2665 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2666 2667 for (i = 0; i < rs->rs_nrates; i++) { 2668 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2669 /* convert 802.11 rate to hardware rate index */ 2670 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2671 if (rt2860_rates[ridx].rate == rate) 2672 break; 2673 rn->ridx[i] = ridx; 2674 /* determine rate of control response frames */ 2675 for (j = i; j >= 0; j--) { 2676 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2677 rt2860_rates[rn->ridx[i]].phy == 2678 rt2860_rates[rn->ridx[j]].phy) 2679 break; 2680 } 2681 if (j >= 0) { 2682 rn->ctl_ridx[i] = rn->ridx[j]; 2683 } else { 2684 /* no basic rate found, use mandatory one */ 2685 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2686 } 2687 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2688 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2689 } 2690 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2691 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2692 if (rt2860_rates[ridx].rate == rate) 2693 break; 2694 rn->mgt_ridx = ridx; 2695 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2696 2697 RUN_LOCK(sc); 2698 if(sc->ratectl_run != RUN_RATECTL_OFF) 2699 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2700 RUN_UNLOCK(sc); 2701 } 2702 2703 /* 2704 * Return the Rx chain with the highest RSSI for a given frame. 2705 */ 2706 static __inline uint8_t 2707 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2708 { 2709 uint8_t rxchain = 0; 2710 2711 if (sc->nrxchains > 1) { 2712 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2713 rxchain = 1; 2714 if (sc->nrxchains > 2) 2715 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2716 rxchain = 2; 2717 } 2718 return (rxchain); 2719 } 2720 2721 static void 2722 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2723 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2724 { 2725 struct ieee80211vap *vap = ni->ni_vap; 2726 struct run_softc *sc = vap->iv_ic->ic_softc; 2727 struct run_vap *rvp = RUN_VAP(vap); 2728 uint64_t ni_tstamp, rx_tstamp; 2729 2730 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2731 2732 if (vap->iv_state == IEEE80211_S_RUN && 2733 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2734 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2735 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2736 RUN_LOCK(sc); 2737 run_get_tsf(sc, &rx_tstamp); 2738 RUN_UNLOCK(sc); 2739 rx_tstamp = le64toh(rx_tstamp); 2740 2741 if (ni_tstamp >= rx_tstamp) { 2742 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2743 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2744 (void) ieee80211_ibss_merge(ni); 2745 } 2746 } 2747 } 2748 2749 static void 2750 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2751 { 2752 struct ieee80211com *ic = &sc->sc_ic; 2753 struct ieee80211_frame *wh; 2754 struct ieee80211_node *ni; 2755 struct rt2870_rxd *rxd; 2756 struct rt2860_rxwi *rxwi; 2757 uint32_t flags; 2758 uint16_t len, rxwisize; 2759 uint8_t ant, rssi; 2760 int8_t nf; 2761 2762 rxwi = mtod(m, struct rt2860_rxwi *); 2763 len = le16toh(rxwi->len) & 0xfff; 2764 rxwisize = sizeof(struct rt2860_rxwi); 2765 if (sc->mac_ver == 0x5592) 2766 rxwisize += sizeof(uint64_t); 2767 else if (sc->mac_ver == 0x3593) 2768 rxwisize += sizeof(uint32_t); 2769 if (__predict_false(len > dmalen)) { 2770 m_freem(m); 2771 counter_u64_add(ic->ic_ierrors, 1); 2772 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2773 return; 2774 } 2775 /* Rx descriptor is located at the end */ 2776 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2777 flags = le32toh(rxd->flags); 2778 2779 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2780 m_freem(m); 2781 counter_u64_add(ic->ic_ierrors, 1); 2782 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2783 return; 2784 } 2785 2786 m->m_data += rxwisize; 2787 m->m_pkthdr.len = m->m_len -= rxwisize; 2788 2789 wh = mtod(m, struct ieee80211_frame *); 2790 2791 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2792 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2793 m->m_flags |= M_WEP; 2794 } 2795 2796 if (flags & RT2860_RX_L2PAD) { 2797 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2798 len += 2; 2799 } 2800 2801 ni = ieee80211_find_rxnode(ic, 2802 mtod(m, struct ieee80211_frame_min *)); 2803 2804 if (__predict_false(flags & RT2860_RX_MICERR)) { 2805 /* report MIC failures to net80211 for TKIP */ 2806 if (ni != NULL) 2807 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2808 rxwi->keyidx); 2809 m_freem(m); 2810 counter_u64_add(ic->ic_ierrors, 1); 2811 DPRINTF("MIC error. Someone is lying.\n"); 2812 return; 2813 } 2814 2815 ant = run_maxrssi_chain(sc, rxwi); 2816 rssi = rxwi->rssi[ant]; 2817 nf = run_rssi2dbm(sc, rssi, ant); 2818 2819 m->m_pkthdr.len = m->m_len = len; 2820 2821 if (__predict_false(ieee80211_radiotap_active(ic))) { 2822 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2823 uint16_t phy; 2824 2825 tap->wr_flags = 0; 2826 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2827 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2828 tap->wr_antsignal = rssi; 2829 tap->wr_antenna = ant; 2830 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2831 tap->wr_rate = 2; /* in case it can't be found below */ 2832 run_get_tsf(sc, &tap->wr_tsf); 2833 phy = le16toh(rxwi->phy); 2834 switch (phy & RT2860_PHY_MODE) { 2835 case RT2860_PHY_CCK: 2836 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2837 case 0: tap->wr_rate = 2; break; 2838 case 1: tap->wr_rate = 4; break; 2839 case 2: tap->wr_rate = 11; break; 2840 case 3: tap->wr_rate = 22; break; 2841 } 2842 if (phy & RT2860_PHY_SHPRE) 2843 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2844 break; 2845 case RT2860_PHY_OFDM: 2846 switch (phy & RT2860_PHY_MCS) { 2847 case 0: tap->wr_rate = 12; break; 2848 case 1: tap->wr_rate = 18; break; 2849 case 2: tap->wr_rate = 24; break; 2850 case 3: tap->wr_rate = 36; break; 2851 case 4: tap->wr_rate = 48; break; 2852 case 5: tap->wr_rate = 72; break; 2853 case 6: tap->wr_rate = 96; break; 2854 case 7: tap->wr_rate = 108; break; 2855 } 2856 break; 2857 } 2858 } 2859 2860 if (ni != NULL) { 2861 (void)ieee80211_input(ni, m, rssi, nf); 2862 ieee80211_free_node(ni); 2863 } else { 2864 (void)ieee80211_input_all(ic, m, rssi, nf); 2865 } 2866 } 2867 2868 static void 2869 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2870 { 2871 struct run_softc *sc = usbd_xfer_softc(xfer); 2872 struct ieee80211com *ic = &sc->sc_ic; 2873 struct mbuf *m = NULL; 2874 struct mbuf *m0; 2875 uint32_t dmalen; 2876 uint16_t rxwisize; 2877 int xferlen; 2878 2879 rxwisize = sizeof(struct rt2860_rxwi); 2880 if (sc->mac_ver == 0x5592) 2881 rxwisize += sizeof(uint64_t); 2882 else if (sc->mac_ver == 0x3593) 2883 rxwisize += sizeof(uint32_t); 2884 2885 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2886 2887 switch (USB_GET_STATE(xfer)) { 2888 case USB_ST_TRANSFERRED: 2889 2890 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2891 2892 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2893 sizeof(struct rt2870_rxd))) { 2894 DPRINTF("xfer too short %d\n", xferlen); 2895 goto tr_setup; 2896 } 2897 2898 m = sc->rx_m; 2899 sc->rx_m = NULL; 2900 2901 /* FALLTHROUGH */ 2902 case USB_ST_SETUP: 2903 tr_setup: 2904 if (sc->rx_m == NULL) { 2905 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2906 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2907 } 2908 if (sc->rx_m == NULL) { 2909 DPRINTF("could not allocate mbuf - idle with stall\n"); 2910 counter_u64_add(ic->ic_ierrors, 1); 2911 usbd_xfer_set_stall(xfer); 2912 usbd_xfer_set_frames(xfer, 0); 2913 } else { 2914 /* 2915 * Directly loading a mbuf cluster into DMA to 2916 * save some data copying. This works because 2917 * there is only one cluster. 2918 */ 2919 usbd_xfer_set_frame_data(xfer, 0, 2920 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2921 usbd_xfer_set_frames(xfer, 1); 2922 } 2923 usbd_transfer_submit(xfer); 2924 break; 2925 2926 default: /* Error */ 2927 if (error != USB_ERR_CANCELLED) { 2928 /* try to clear stall first */ 2929 usbd_xfer_set_stall(xfer); 2930 if (error == USB_ERR_TIMEOUT) 2931 device_printf(sc->sc_dev, "device timeout\n"); 2932 counter_u64_add(ic->ic_ierrors, 1); 2933 goto tr_setup; 2934 } 2935 if (sc->rx_m != NULL) { 2936 m_freem(sc->rx_m); 2937 sc->rx_m = NULL; 2938 } 2939 break; 2940 } 2941 2942 if (m == NULL) 2943 return; 2944 2945 /* inputting all the frames must be last */ 2946 2947 RUN_UNLOCK(sc); 2948 2949 m->m_pkthdr.len = m->m_len = xferlen; 2950 2951 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2952 for(;;) { 2953 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2954 2955 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2956 ((dmalen & 3) != 0)) { 2957 DPRINTF("bad DMA length %u\n", dmalen); 2958 break; 2959 } 2960 if ((dmalen + 8) > (uint32_t)xferlen) { 2961 DPRINTF("bad DMA length %u > %d\n", 2962 dmalen + 8, xferlen); 2963 break; 2964 } 2965 2966 /* If it is the last one or a single frame, we won't copy. */ 2967 if ((xferlen -= dmalen + 8) <= 8) { 2968 /* trim 32-bit DMA-len header */ 2969 m->m_data += 4; 2970 m->m_pkthdr.len = m->m_len -= 4; 2971 run_rx_frame(sc, m, dmalen); 2972 m = NULL; /* don't free source buffer */ 2973 break; 2974 } 2975 2976 /* copy aggregated frames to another mbuf */ 2977 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2978 if (__predict_false(m0 == NULL)) { 2979 DPRINTF("could not allocate mbuf\n"); 2980 counter_u64_add(ic->ic_ierrors, 1); 2981 break; 2982 } 2983 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2984 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2985 m0->m_pkthdr.len = m0->m_len = 2986 dmalen + sizeof(struct rt2870_rxd); 2987 run_rx_frame(sc, m0, dmalen); 2988 2989 /* update data ptr */ 2990 m->m_data += dmalen + 8; 2991 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2992 } 2993 2994 /* make sure we free the source buffer, if any */ 2995 m_freem(m); 2996 2997 RUN_LOCK(sc); 2998 } 2999 3000 static void 3001 run_tx_free(struct run_endpoint_queue *pq, 3002 struct run_tx_data *data, int txerr) 3003 { 3004 3005 ieee80211_tx_complete(data->ni, data->m, txerr); 3006 3007 data->m = NULL; 3008 data->ni = NULL; 3009 3010 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3011 pq->tx_nfree++; 3012 } 3013 3014 static void 3015 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3016 { 3017 struct run_softc *sc = usbd_xfer_softc(xfer); 3018 struct ieee80211com *ic = &sc->sc_ic; 3019 struct run_tx_data *data; 3020 struct ieee80211vap *vap = NULL; 3021 struct usb_page_cache *pc; 3022 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3023 struct mbuf *m; 3024 usb_frlength_t size; 3025 int actlen; 3026 int sumlen; 3027 3028 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3029 3030 switch (USB_GET_STATE(xfer)) { 3031 case USB_ST_TRANSFERRED: 3032 DPRINTFN(11, "transfer complete: %d " 3033 "bytes @ index %d\n", actlen, index); 3034 3035 data = usbd_xfer_get_priv(xfer); 3036 run_tx_free(pq, data, 0); 3037 usbd_xfer_set_priv(xfer, NULL); 3038 3039 /* FALLTHROUGH */ 3040 case USB_ST_SETUP: 3041 tr_setup: 3042 data = STAILQ_FIRST(&pq->tx_qh); 3043 if (data == NULL) 3044 break; 3045 3046 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3047 3048 m = data->m; 3049 size = (sc->mac_ver == 0x5592) ? 3050 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3051 if ((m->m_pkthdr.len + 3052 size + 3 + 8) > RUN_MAX_TXSZ) { 3053 DPRINTF("data overflow, %u bytes\n", 3054 m->m_pkthdr.len); 3055 run_tx_free(pq, data, 1); 3056 goto tr_setup; 3057 } 3058 3059 pc = usbd_xfer_get_frame(xfer, 0); 3060 usbd_copy_in(pc, 0, &data->desc, size); 3061 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3062 size += m->m_pkthdr.len; 3063 /* 3064 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3065 * 4-byte padding), and be sure to zero those trailing 3066 * bytes: 3067 */ 3068 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3069 size += ((-size) & 3) + 8; 3070 3071 vap = data->ni->ni_vap; 3072 if (ieee80211_radiotap_active_vap(vap)) { 3073 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3074 struct rt2860_txwi *txwi = 3075 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3076 tap->wt_flags = 0; 3077 tap->wt_rate = rt2860_rates[data->ridx].rate; 3078 run_get_tsf(sc, &tap->wt_tsf); 3079 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3080 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3081 tap->wt_hwqueue = index; 3082 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3083 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3084 3085 ieee80211_radiotap_tx(vap, m); 3086 } 3087 3088 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3089 m->m_pkthdr.len, size, index); 3090 3091 usbd_xfer_set_frame_len(xfer, 0, size); 3092 usbd_xfer_set_priv(xfer, data); 3093 usbd_transfer_submit(xfer); 3094 run_start(sc); 3095 3096 break; 3097 3098 default: 3099 DPRINTF("USB transfer error, %s\n", 3100 usbd_errstr(error)); 3101 3102 data = usbd_xfer_get_priv(xfer); 3103 3104 if (data != NULL) { 3105 if(data->ni != NULL) 3106 vap = data->ni->ni_vap; 3107 run_tx_free(pq, data, error); 3108 usbd_xfer_set_priv(xfer, NULL); 3109 } 3110 3111 if (vap == NULL) 3112 vap = TAILQ_FIRST(&ic->ic_vaps); 3113 3114 if (error != USB_ERR_CANCELLED) { 3115 if (error == USB_ERR_TIMEOUT) { 3116 device_printf(sc->sc_dev, "device timeout\n"); 3117 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3118 DPRINTF("cmdq_store=%d\n", i); 3119 sc->cmdq[i].func = run_usb_timeout_cb; 3120 sc->cmdq[i].arg0 = vap; 3121 ieee80211_runtask(ic, &sc->cmdq_task); 3122 } 3123 3124 /* 3125 * Try to clear stall first, also if other 3126 * errors occur, hence clearing stall 3127 * introduces a 50 ms delay: 3128 */ 3129 usbd_xfer_set_stall(xfer); 3130 goto tr_setup; 3131 } 3132 break; 3133 } 3134 } 3135 3136 static void 3137 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3138 { 3139 run_bulk_tx_callbackN(xfer, error, 0); 3140 } 3141 3142 static void 3143 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3144 { 3145 run_bulk_tx_callbackN(xfer, error, 1); 3146 } 3147 3148 static void 3149 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3150 { 3151 run_bulk_tx_callbackN(xfer, error, 2); 3152 } 3153 3154 static void 3155 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3156 { 3157 run_bulk_tx_callbackN(xfer, error, 3); 3158 } 3159 3160 static void 3161 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3162 { 3163 run_bulk_tx_callbackN(xfer, error, 4); 3164 } 3165 3166 static void 3167 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3168 { 3169 run_bulk_tx_callbackN(xfer, error, 5); 3170 } 3171 3172 static void 3173 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3174 { 3175 struct mbuf *m = data->m; 3176 struct ieee80211com *ic = &sc->sc_ic; 3177 struct ieee80211vap *vap = data->ni->ni_vap; 3178 struct ieee80211_frame *wh; 3179 struct rt2870_txd *txd; 3180 struct rt2860_txwi *txwi; 3181 uint16_t xferlen, txwisize; 3182 uint16_t mcs; 3183 uint8_t ridx = data->ridx; 3184 uint8_t pad; 3185 3186 /* get MCS code from rate index */ 3187 mcs = rt2860_rates[ridx].mcs; 3188 3189 txwisize = (sc->mac_ver == 0x5592) ? 3190 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3191 xferlen = txwisize + m->m_pkthdr.len; 3192 3193 /* roundup to 32-bit alignment */ 3194 xferlen = (xferlen + 3) & ~3; 3195 3196 txd = (struct rt2870_txd *)&data->desc; 3197 txd->len = htole16(xferlen); 3198 3199 wh = mtod(m, struct ieee80211_frame *); 3200 3201 /* 3202 * Ether both are true or both are false, the header 3203 * are nicely aligned to 32-bit. So, no L2 padding. 3204 */ 3205 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3206 pad = 0; 3207 else 3208 pad = 2; 3209 3210 /* setup TX Wireless Information */ 3211 txwi = (struct rt2860_txwi *)(txd + 1); 3212 txwi->len = htole16(m->m_pkthdr.len - pad); 3213 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3214 mcs |= RT2860_PHY_CCK; 3215 if (ridx != RT2860_RIDX_CCK1 && 3216 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3217 mcs |= RT2860_PHY_SHPRE; 3218 } else 3219 mcs |= RT2860_PHY_OFDM; 3220 txwi->phy = htole16(mcs); 3221 3222 /* check if RTS/CTS or CTS-to-self protection is required */ 3223 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3224 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3225 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3226 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3227 txwi->txop |= RT2860_TX_TXOP_HT; 3228 else 3229 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3230 3231 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3232 txwi->xflags |= RT2860_TX_NSEQ; 3233 } 3234 3235 /* This function must be called locked */ 3236 static int 3237 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3238 { 3239 struct ieee80211com *ic = &sc->sc_ic; 3240 struct ieee80211vap *vap = ni->ni_vap; 3241 struct ieee80211_frame *wh; 3242 struct ieee80211_channel *chan; 3243 const struct ieee80211_txparam *tp; 3244 struct run_node *rn = RUN_NODE(ni); 3245 struct run_tx_data *data; 3246 struct rt2870_txd *txd; 3247 struct rt2860_txwi *txwi; 3248 uint16_t qos; 3249 uint16_t dur; 3250 uint16_t qid; 3251 uint8_t type; 3252 uint8_t tid; 3253 uint8_t ridx; 3254 uint8_t ctl_ridx; 3255 uint8_t qflags; 3256 uint8_t xflags = 0; 3257 int hasqos; 3258 3259 RUN_LOCK_ASSERT(sc, MA_OWNED); 3260 3261 wh = mtod(m, struct ieee80211_frame *); 3262 3263 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3264 3265 /* 3266 * There are 7 bulk endpoints: 1 for RX 3267 * and 6 for TX (4 EDCAs + HCCA + Prio). 3268 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3269 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3270 */ 3271 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3272 uint8_t *frm; 3273 3274 if(IEEE80211_HAS_ADDR4(wh)) 3275 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3276 else 3277 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3278 3279 qos = le16toh(*(const uint16_t *)frm); 3280 tid = qos & IEEE80211_QOS_TID; 3281 qid = TID_TO_WME_AC(tid); 3282 } else { 3283 qos = 0; 3284 tid = 0; 3285 qid = WME_AC_BE; 3286 } 3287 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3288 3289 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3290 qos, qid, tid, qflags); 3291 3292 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3293 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3294 3295 /* pickup a rate index */ 3296 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3297 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3298 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3299 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3300 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3301 } else { 3302 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3303 ridx = rn->fix_ridx; 3304 else 3305 ridx = rn->amrr_ridx; 3306 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3307 } 3308 3309 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3310 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3311 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3312 xflags |= RT2860_TX_ACK; 3313 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3314 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3315 else 3316 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3317 USETW(wh->i_dur, dur); 3318 } 3319 3320 /* reserve slots for mgmt packets, just in case */ 3321 if (sc->sc_epq[qid].tx_nfree < 3) { 3322 DPRINTFN(10, "tx ring %d is full\n", qid); 3323 return (-1); 3324 } 3325 3326 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3327 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3328 sc->sc_epq[qid].tx_nfree--; 3329 3330 txd = (struct rt2870_txd *)&data->desc; 3331 txd->flags = qflags; 3332 txwi = (struct rt2860_txwi *)(txd + 1); 3333 txwi->xflags = xflags; 3334 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3335 txwi->wcid = 0; 3336 else 3337 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3338 1 : RUN_AID2WCID(ni->ni_associd); 3339 3340 /* clear leftover garbage bits */ 3341 txwi->flags = 0; 3342 txwi->txop = 0; 3343 3344 data->m = m; 3345 data->ni = ni; 3346 data->ridx = ridx; 3347 3348 run_set_tx_desc(sc, data); 3349 3350 /* 3351 * The chip keeps track of 2 kind of Tx stats, 3352 * * TX_STAT_FIFO, for per WCID stats, and 3353 * * TX_STA_CNT0 for all-TX-in-one stats. 3354 * 3355 * To use FIFO stats, we need to store MCS into the driver-private 3356 * PacketID field. So that, we can tell whose stats when we read them. 3357 * We add 1 to the MCS because setting the PacketID field to 0 means 3358 * that we don't want feedback in TX_STAT_FIFO. 3359 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3360 * 3361 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3362 */ 3363 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3364 vap->iv_opmode == IEEE80211_M_MBSS) { 3365 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3366 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3367 3368 /* 3369 * Unlike PCI based devices, we don't get any interrupt from 3370 * USB devices, so we simulate FIFO-is-full interrupt here. 3371 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3372 * quickly get fulled. To prevent overflow, increment a counter on 3373 * every FIFO stat request, so we know how many slots are left. 3374 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3375 * are used only in those modes. 3376 * We just drain stats. AMRR gets updated every 1 sec by 3377 * run_ratectl_cb() via callout. 3378 * Call it early. Otherwise overflow. 3379 */ 3380 if (sc->fifo_cnt++ == 10) { 3381 /* 3382 * With multiple vaps or if_bridge, if_start() is called 3383 * with a non-sleepable lock, tcpinp. So, need to defer. 3384 */ 3385 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3386 DPRINTFN(6, "cmdq_store=%d\n", i); 3387 sc->cmdq[i].func = run_drain_fifo; 3388 sc->cmdq[i].arg0 = sc; 3389 ieee80211_runtask(ic, &sc->cmdq_task); 3390 } 3391 } 3392 3393 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3394 3395 usbd_transfer_start(sc->sc_xfer[qid]); 3396 3397 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3398 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3399 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3400 3401 return (0); 3402 } 3403 3404 static int 3405 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3406 { 3407 struct ieee80211com *ic = &sc->sc_ic; 3408 struct run_node *rn = RUN_NODE(ni); 3409 struct run_tx_data *data; 3410 struct ieee80211_frame *wh; 3411 struct rt2870_txd *txd; 3412 struct rt2860_txwi *txwi; 3413 uint16_t dur; 3414 uint8_t ridx = rn->mgt_ridx; 3415 uint8_t type; 3416 uint8_t xflags = 0; 3417 uint8_t wflags = 0; 3418 3419 RUN_LOCK_ASSERT(sc, MA_OWNED); 3420 3421 wh = mtod(m, struct ieee80211_frame *); 3422 3423 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3424 3425 /* tell hardware to add timestamp for probe responses */ 3426 if ((wh->i_fc[0] & 3427 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3428 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3429 wflags |= RT2860_TX_TS; 3430 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3431 xflags |= RT2860_TX_ACK; 3432 3433 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3434 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3435 USETW(wh->i_dur, dur); 3436 } 3437 3438 if (sc->sc_epq[0].tx_nfree == 0) 3439 /* let caller free mbuf */ 3440 return (EIO); 3441 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3442 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3443 sc->sc_epq[0].tx_nfree--; 3444 3445 txd = (struct rt2870_txd *)&data->desc; 3446 txd->flags = RT2860_TX_QSEL_EDCA; 3447 txwi = (struct rt2860_txwi *)(txd + 1); 3448 txwi->wcid = 0xff; 3449 txwi->flags = wflags; 3450 txwi->xflags = xflags; 3451 txwi->txop = 0; /* clear leftover garbage bits */ 3452 3453 data->m = m; 3454 data->ni = ni; 3455 data->ridx = ridx; 3456 3457 run_set_tx_desc(sc, data); 3458 3459 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3460 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3461 rt2860_rates[ridx].rate); 3462 3463 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3464 3465 usbd_transfer_start(sc->sc_xfer[0]); 3466 3467 return (0); 3468 } 3469 3470 static int 3471 run_sendprot(struct run_softc *sc, 3472 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3473 { 3474 struct ieee80211com *ic = ni->ni_ic; 3475 struct ieee80211_frame *wh; 3476 struct run_tx_data *data; 3477 struct rt2870_txd *txd; 3478 struct rt2860_txwi *txwi; 3479 struct mbuf *mprot; 3480 int ridx; 3481 int protrate; 3482 int ackrate; 3483 int pktlen; 3484 int isshort; 3485 uint16_t dur; 3486 uint8_t type; 3487 uint8_t wflags = 0; 3488 uint8_t xflags = 0; 3489 3490 RUN_LOCK_ASSERT(sc, MA_OWNED); 3491 3492 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3493 ("protection %d", prot)); 3494 3495 wh = mtod(m, struct ieee80211_frame *); 3496 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3497 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3498 3499 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3500 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3501 3502 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3503 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3504 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3505 wflags = RT2860_TX_FRAG; 3506 3507 /* check that there are free slots before allocating the mbuf */ 3508 if (sc->sc_epq[0].tx_nfree == 0) 3509 /* let caller free mbuf */ 3510 return (ENOBUFS); 3511 3512 if (prot == IEEE80211_PROT_RTSCTS) { 3513 /* NB: CTS is the same size as an ACK */ 3514 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3515 xflags |= RT2860_TX_ACK; 3516 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3517 } else { 3518 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3519 } 3520 if (mprot == NULL) { 3521 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3522 DPRINTF("could not allocate mbuf\n"); 3523 return (ENOBUFS); 3524 } 3525 3526 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3527 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3528 sc->sc_epq[0].tx_nfree--; 3529 3530 txd = (struct rt2870_txd *)&data->desc; 3531 txd->flags = RT2860_TX_QSEL_EDCA; 3532 txwi = (struct rt2860_txwi *)(txd + 1); 3533 txwi->wcid = 0xff; 3534 txwi->flags = wflags; 3535 txwi->xflags = xflags; 3536 txwi->txop = 0; /* clear leftover garbage bits */ 3537 3538 data->m = mprot; 3539 data->ni = ieee80211_ref_node(ni); 3540 3541 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3542 if (rt2860_rates[ridx].rate == protrate) 3543 break; 3544 data->ridx = ridx; 3545 3546 run_set_tx_desc(sc, data); 3547 3548 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3549 m->m_pkthdr.len, rate); 3550 3551 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3552 3553 usbd_transfer_start(sc->sc_xfer[0]); 3554 3555 return (0); 3556 } 3557 3558 static int 3559 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3560 const struct ieee80211_bpf_params *params) 3561 { 3562 struct ieee80211com *ic = ni->ni_ic; 3563 struct ieee80211_frame *wh; 3564 struct run_tx_data *data; 3565 struct rt2870_txd *txd; 3566 struct rt2860_txwi *txwi; 3567 uint8_t type; 3568 uint8_t ridx; 3569 uint8_t rate; 3570 uint8_t opflags = 0; 3571 uint8_t xflags = 0; 3572 int error; 3573 3574 RUN_LOCK_ASSERT(sc, MA_OWNED); 3575 3576 KASSERT(params != NULL, ("no raw xmit params")); 3577 3578 wh = mtod(m, struct ieee80211_frame *); 3579 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3580 3581 rate = params->ibp_rate0; 3582 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3583 /* let caller free mbuf */ 3584 return (EINVAL); 3585 } 3586 3587 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3588 xflags |= RT2860_TX_ACK; 3589 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3590 error = run_sendprot(sc, m, ni, 3591 params->ibp_flags & IEEE80211_BPF_RTS ? 3592 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3593 rate); 3594 if (error) { 3595 /* let caller free mbuf */ 3596 return error; 3597 } 3598 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3599 } 3600 3601 if (sc->sc_epq[0].tx_nfree == 0) { 3602 /* let caller free mbuf */ 3603 DPRINTF("sending raw frame, but tx ring is full\n"); 3604 return (EIO); 3605 } 3606 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3607 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3608 sc->sc_epq[0].tx_nfree--; 3609 3610 txd = (struct rt2870_txd *)&data->desc; 3611 txd->flags = RT2860_TX_QSEL_EDCA; 3612 txwi = (struct rt2860_txwi *)(txd + 1); 3613 txwi->wcid = 0xff; 3614 txwi->xflags = xflags; 3615 txwi->txop = opflags; 3616 txwi->flags = 0; /* clear leftover garbage bits */ 3617 3618 data->m = m; 3619 data->ni = ni; 3620 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3621 if (rt2860_rates[ridx].rate == rate) 3622 break; 3623 data->ridx = ridx; 3624 3625 run_set_tx_desc(sc, data); 3626 3627 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3628 m->m_pkthdr.len, rate); 3629 3630 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3631 3632 usbd_transfer_start(sc->sc_xfer[0]); 3633 3634 return (0); 3635 } 3636 3637 static int 3638 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3639 const struct ieee80211_bpf_params *params) 3640 { 3641 struct run_softc *sc = ni->ni_ic->ic_softc; 3642 int error = 0; 3643 3644 RUN_LOCK(sc); 3645 3646 /* prevent management frames from being sent if we're not ready */ 3647 if (!(sc->sc_flags & RUN_RUNNING)) { 3648 error = ENETDOWN; 3649 goto done; 3650 } 3651 3652 if (params == NULL) { 3653 /* tx mgt packet */ 3654 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3655 DPRINTF("mgt tx failed\n"); 3656 goto done; 3657 } 3658 } else { 3659 /* tx raw packet with param */ 3660 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3661 DPRINTF("tx with param failed\n"); 3662 goto done; 3663 } 3664 } 3665 3666 done: 3667 RUN_UNLOCK(sc); 3668 3669 if (error != 0) { 3670 if(m != NULL) 3671 m_freem(m); 3672 } 3673 3674 return (error); 3675 } 3676 3677 static int 3678 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3679 { 3680 struct run_softc *sc = ic->ic_softc; 3681 int error; 3682 3683 RUN_LOCK(sc); 3684 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3685 RUN_UNLOCK(sc); 3686 return (ENXIO); 3687 } 3688 error = mbufq_enqueue(&sc->sc_snd, m); 3689 if (error) { 3690 RUN_UNLOCK(sc); 3691 return (error); 3692 } 3693 run_start(sc); 3694 RUN_UNLOCK(sc); 3695 3696 return (0); 3697 } 3698 3699 static void 3700 run_start(struct run_softc *sc) 3701 { 3702 struct ieee80211_node *ni; 3703 struct mbuf *m; 3704 3705 RUN_LOCK_ASSERT(sc, MA_OWNED); 3706 3707 if ((sc->sc_flags & RUN_RUNNING) == 0) 3708 return; 3709 3710 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3711 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3712 if (run_tx(sc, m, ni) != 0) { 3713 mbufq_prepend(&sc->sc_snd, m); 3714 break; 3715 } 3716 } 3717 } 3718 3719 static void 3720 run_parent(struct ieee80211com *ic) 3721 { 3722 struct run_softc *sc = ic->ic_softc; 3723 int startall = 0; 3724 3725 RUN_LOCK(sc); 3726 if (sc->sc_detached) { 3727 RUN_UNLOCK(sc); 3728 return; 3729 } 3730 3731 if (ic->ic_nrunning > 0) { 3732 if (!(sc->sc_flags & RUN_RUNNING)) { 3733 startall = 1; 3734 run_init_locked(sc); 3735 } else 3736 run_update_promisc_locked(sc); 3737 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3738 run_stop(sc); 3739 RUN_UNLOCK(sc); 3740 if (startall) 3741 ieee80211_start_all(ic); 3742 } 3743 3744 static void 3745 run_iq_calib(struct run_softc *sc, u_int chan) 3746 { 3747 uint16_t val; 3748 3749 /* Tx0 IQ gain. */ 3750 run_bbp_write(sc, 158, 0x2c); 3751 if (chan <= 14) 3752 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3753 else if (chan <= 64) { 3754 run_efuse_read(sc, 3755 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3756 &val, 1); 3757 } else if (chan <= 138) { 3758 run_efuse_read(sc, 3759 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3760 &val, 1); 3761 } else if (chan <= 165) { 3762 run_efuse_read(sc, 3763 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3764 &val, 1); 3765 } else 3766 val = 0; 3767 run_bbp_write(sc, 159, val); 3768 3769 /* Tx0 IQ phase. */ 3770 run_bbp_write(sc, 158, 0x2d); 3771 if (chan <= 14) { 3772 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3773 &val, 1); 3774 } else if (chan <= 64) { 3775 run_efuse_read(sc, 3776 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3777 &val, 1); 3778 } else if (chan <= 138) { 3779 run_efuse_read(sc, 3780 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3781 &val, 1); 3782 } else if (chan <= 165) { 3783 run_efuse_read(sc, 3784 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3785 &val, 1); 3786 } else 3787 val = 0; 3788 run_bbp_write(sc, 159, val); 3789 3790 /* Tx1 IQ gain. */ 3791 run_bbp_write(sc, 158, 0x4a); 3792 if (chan <= 14) { 3793 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3794 &val, 1); 3795 } else if (chan <= 64) { 3796 run_efuse_read(sc, 3797 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3798 &val, 1); 3799 } else if (chan <= 138) { 3800 run_efuse_read(sc, 3801 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3802 &val, 1); 3803 } else if (chan <= 165) { 3804 run_efuse_read(sc, 3805 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3806 &val, 1); 3807 } else 3808 val = 0; 3809 run_bbp_write(sc, 159, val); 3810 3811 /* Tx1 IQ phase. */ 3812 run_bbp_write(sc, 158, 0x4b); 3813 if (chan <= 14) { 3814 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3815 &val, 1); 3816 } else if (chan <= 64) { 3817 run_efuse_read(sc, 3818 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3819 &val, 1); 3820 } else if (chan <= 138) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3823 &val, 1); 3824 } else if (chan <= 165) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3827 &val, 1); 3828 } else 3829 val = 0; 3830 run_bbp_write(sc, 159, val); 3831 3832 /* RF IQ compensation control. */ 3833 run_bbp_write(sc, 158, 0x04); 3834 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3835 &val, 1); 3836 run_bbp_write(sc, 159, val); 3837 3838 /* RF IQ imbalance compensation control. */ 3839 run_bbp_write(sc, 158, 0x03); 3840 run_efuse_read(sc, 3841 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3842 run_bbp_write(sc, 159, val); 3843 } 3844 3845 static void 3846 run_set_agc(struct run_softc *sc, uint8_t agc) 3847 { 3848 uint8_t bbp; 3849 3850 if (sc->mac_ver == 0x3572) { 3851 run_bbp_read(sc, 27, &bbp); 3852 bbp &= ~(0x3 << 5); 3853 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3854 run_bbp_write(sc, 66, agc); 3855 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3856 run_bbp_write(sc, 66, agc); 3857 } else 3858 run_bbp_write(sc, 66, agc); 3859 } 3860 3861 static void 3862 run_select_chan_group(struct run_softc *sc, int group) 3863 { 3864 uint32_t tmp; 3865 uint8_t agc; 3866 3867 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3868 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3869 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3870 if (sc->mac_ver < 0x3572) 3871 run_bbp_write(sc, 86, 0x00); 3872 3873 if (sc->mac_ver == 0x3593) { 3874 run_bbp_write(sc, 77, 0x98); 3875 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3876 } 3877 3878 if (group == 0) { 3879 if (sc->ext_2ghz_lna) { 3880 if (sc->mac_ver >= 0x5390) 3881 run_bbp_write(sc, 75, 0x52); 3882 else { 3883 run_bbp_write(sc, 82, 0x62); 3884 run_bbp_write(sc, 75, 0x46); 3885 } 3886 } else { 3887 if (sc->mac_ver == 0x5592) { 3888 run_bbp_write(sc, 79, 0x1c); 3889 run_bbp_write(sc, 80, 0x0e); 3890 run_bbp_write(sc, 81, 0x3a); 3891 run_bbp_write(sc, 82, 0x62); 3892 3893 run_bbp_write(sc, 195, 0x80); 3894 run_bbp_write(sc, 196, 0xe0); 3895 run_bbp_write(sc, 195, 0x81); 3896 run_bbp_write(sc, 196, 0x1f); 3897 run_bbp_write(sc, 195, 0x82); 3898 run_bbp_write(sc, 196, 0x38); 3899 run_bbp_write(sc, 195, 0x83); 3900 run_bbp_write(sc, 196, 0x32); 3901 run_bbp_write(sc, 195, 0x85); 3902 run_bbp_write(sc, 196, 0x28); 3903 run_bbp_write(sc, 195, 0x86); 3904 run_bbp_write(sc, 196, 0x19); 3905 } else if (sc->mac_ver >= 0x5390) 3906 run_bbp_write(sc, 75, 0x50); 3907 else { 3908 run_bbp_write(sc, 82, 3909 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3910 run_bbp_write(sc, 75, 0x50); 3911 } 3912 } 3913 } else { 3914 if (sc->mac_ver == 0x5592) { 3915 run_bbp_write(sc, 79, 0x18); 3916 run_bbp_write(sc, 80, 0x08); 3917 run_bbp_write(sc, 81, 0x38); 3918 run_bbp_write(sc, 82, 0x92); 3919 3920 run_bbp_write(sc, 195, 0x80); 3921 run_bbp_write(sc, 196, 0xf0); 3922 run_bbp_write(sc, 195, 0x81); 3923 run_bbp_write(sc, 196, 0x1e); 3924 run_bbp_write(sc, 195, 0x82); 3925 run_bbp_write(sc, 196, 0x28); 3926 run_bbp_write(sc, 195, 0x83); 3927 run_bbp_write(sc, 196, 0x20); 3928 run_bbp_write(sc, 195, 0x85); 3929 run_bbp_write(sc, 196, 0x7f); 3930 run_bbp_write(sc, 195, 0x86); 3931 run_bbp_write(sc, 196, 0x7f); 3932 } else if (sc->mac_ver == 0x3572) 3933 run_bbp_write(sc, 82, 0x94); 3934 else 3935 run_bbp_write(sc, 82, 3936 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3937 if (sc->ext_5ghz_lna) 3938 run_bbp_write(sc, 75, 0x46); 3939 else 3940 run_bbp_write(sc, 75, 0x50); 3941 } 3942 3943 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3944 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3945 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3946 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3947 3948 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3949 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3950 if (sc->mac_ver == 0x3593) 3951 tmp |= 1 << 29 | 1 << 28; 3952 if (sc->nrxchains > 1) 3953 tmp |= RT2860_LNA_PE1_EN; 3954 if (group == 0) { /* 2GHz */ 3955 tmp |= RT2860_PA_PE_G0_EN; 3956 if (sc->ntxchains > 1) 3957 tmp |= RT2860_PA_PE_G1_EN; 3958 if (sc->mac_ver == 0x3593) { 3959 if (sc->ntxchains > 2) 3960 tmp |= 1 << 25; 3961 } 3962 } else { /* 5GHz */ 3963 tmp |= RT2860_PA_PE_A0_EN; 3964 if (sc->ntxchains > 1) 3965 tmp |= RT2860_PA_PE_A1_EN; 3966 } 3967 if (sc->mac_ver == 0x3572) { 3968 run_rt3070_rf_write(sc, 8, 0x00); 3969 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3970 run_rt3070_rf_write(sc, 8, 0x80); 3971 } else 3972 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3973 3974 if (sc->mac_ver == 0x5592) { 3975 run_bbp_write(sc, 195, 0x8d); 3976 run_bbp_write(sc, 196, 0x1a); 3977 } 3978 3979 if (sc->mac_ver == 0x3593) { 3980 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3981 tmp &= ~0x01010000; 3982 if (group == 0) 3983 tmp |= 0x00010000; 3984 tmp = (tmp & ~0x00009090) | 0x00000090; 3985 run_write(sc, RT2860_GPIO_CTRL, tmp); 3986 } 3987 3988 /* set initial AGC value */ 3989 if (group == 0) { /* 2GHz band */ 3990 if (sc->mac_ver >= 0x3070) 3991 agc = 0x1c + sc->lna[0] * 2; 3992 else 3993 agc = 0x2e + sc->lna[0]; 3994 } else { /* 5GHz band */ 3995 if (sc->mac_ver == 0x5592) 3996 agc = 0x24 + sc->lna[group] * 2; 3997 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 3998 agc = 0x22 + (sc->lna[group] * 5) / 3; 3999 else 4000 agc = 0x32 + (sc->lna[group] * 5) / 3; 4001 } 4002 run_set_agc(sc, agc); 4003 } 4004 4005 static void 4006 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4007 { 4008 const struct rfprog *rfprog = rt2860_rf2850; 4009 uint32_t r2, r3, r4; 4010 int8_t txpow1, txpow2; 4011 int i; 4012 4013 /* find the settings for this channel (we know it exists) */ 4014 for (i = 0; rfprog[i].chan != chan; i++); 4015 4016 r2 = rfprog[i].r2; 4017 if (sc->ntxchains == 1) 4018 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4019 if (sc->nrxchains == 1) 4020 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4021 else if (sc->nrxchains == 2) 4022 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4023 4024 /* use Tx power values from EEPROM */ 4025 txpow1 = sc->txpow1[i]; 4026 txpow2 = sc->txpow2[i]; 4027 4028 /* Initialize RF R3 and R4. */ 4029 r3 = rfprog[i].r3 & 0xffffc1ff; 4030 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4031 if (chan > 14) { 4032 if (txpow1 >= 0) { 4033 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4034 r3 |= (txpow1 << 10) | (1 << 9); 4035 } else { 4036 txpow1 += 7; 4037 4038 /* txpow1 is not possible larger than 15. */ 4039 r3 |= (txpow1 << 10); 4040 } 4041 if (txpow2 >= 0) { 4042 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4043 r4 |= (txpow2 << 7) | (1 << 6); 4044 } else { 4045 txpow2 += 7; 4046 r4 |= (txpow2 << 7); 4047 } 4048 } else { 4049 /* Set Tx0 power. */ 4050 r3 |= (txpow1 << 9); 4051 4052 /* Set frequency offset and Tx1 power. */ 4053 r4 |= (txpow2 << 6); 4054 } 4055 4056 run_rt2870_rf_write(sc, rfprog[i].r1); 4057 run_rt2870_rf_write(sc, r2); 4058 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4059 run_rt2870_rf_write(sc, r4); 4060 4061 run_delay(sc, 10); 4062 4063 run_rt2870_rf_write(sc, rfprog[i].r1); 4064 run_rt2870_rf_write(sc, r2); 4065 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4066 run_rt2870_rf_write(sc, r4); 4067 4068 run_delay(sc, 10); 4069 4070 run_rt2870_rf_write(sc, rfprog[i].r1); 4071 run_rt2870_rf_write(sc, r2); 4072 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4073 run_rt2870_rf_write(sc, r4); 4074 } 4075 4076 static void 4077 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4078 { 4079 int8_t txpow1, txpow2; 4080 uint8_t rf; 4081 int i; 4082 4083 /* find the settings for this channel (we know it exists) */ 4084 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4085 4086 /* use Tx power values from EEPROM */ 4087 txpow1 = sc->txpow1[i]; 4088 txpow2 = sc->txpow2[i]; 4089 4090 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4091 4092 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4093 run_rt3070_rf_read(sc, 3, &rf); 4094 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4095 run_rt3070_rf_write(sc, 3, rf); 4096 4097 run_rt3070_rf_read(sc, 6, &rf); 4098 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4099 run_rt3070_rf_write(sc, 6, rf); 4100 4101 /* set Tx0 power */ 4102 run_rt3070_rf_read(sc, 12, &rf); 4103 rf = (rf & ~0x1f) | txpow1; 4104 run_rt3070_rf_write(sc, 12, rf); 4105 4106 /* set Tx1 power */ 4107 run_rt3070_rf_read(sc, 13, &rf); 4108 rf = (rf & ~0x1f) | txpow2; 4109 run_rt3070_rf_write(sc, 13, rf); 4110 4111 run_rt3070_rf_read(sc, 1, &rf); 4112 rf &= ~0xfc; 4113 if (sc->ntxchains == 1) 4114 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4115 else if (sc->ntxchains == 2) 4116 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4117 if (sc->nrxchains == 1) 4118 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4119 else if (sc->nrxchains == 2) 4120 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4121 run_rt3070_rf_write(sc, 1, rf); 4122 4123 /* set RF offset */ 4124 run_rt3070_rf_read(sc, 23, &rf); 4125 rf = (rf & ~0x7f) | sc->freq; 4126 run_rt3070_rf_write(sc, 23, rf); 4127 4128 /* program RF filter */ 4129 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4130 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4131 run_rt3070_rf_write(sc, 24, rf); 4132 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4133 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4134 run_rt3070_rf_write(sc, 31, rf); 4135 4136 /* enable RF tuning */ 4137 run_rt3070_rf_read(sc, 7, &rf); 4138 run_rt3070_rf_write(sc, 7, rf | 0x01); 4139 } 4140 4141 static void 4142 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4143 { 4144 int8_t txpow1, txpow2; 4145 uint32_t tmp; 4146 uint8_t rf; 4147 int i; 4148 4149 /* find the settings for this channel (we know it exists) */ 4150 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4151 4152 /* use Tx power values from EEPROM */ 4153 txpow1 = sc->txpow1[i]; 4154 txpow2 = sc->txpow2[i]; 4155 4156 if (chan <= 14) { 4157 run_bbp_write(sc, 25, sc->bbp25); 4158 run_bbp_write(sc, 26, sc->bbp26); 4159 } else { 4160 /* enable IQ phase correction */ 4161 run_bbp_write(sc, 25, 0x09); 4162 run_bbp_write(sc, 26, 0xff); 4163 } 4164 4165 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4166 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4167 run_rt3070_rf_read(sc, 6, &rf); 4168 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4169 rf |= (chan <= 14) ? 0x08 : 0x04; 4170 run_rt3070_rf_write(sc, 6, rf); 4171 4172 /* set PLL mode */ 4173 run_rt3070_rf_read(sc, 5, &rf); 4174 rf &= ~(0x08 | 0x04); 4175 rf |= (chan <= 14) ? 0x04 : 0x08; 4176 run_rt3070_rf_write(sc, 5, rf); 4177 4178 /* set Tx power for chain 0 */ 4179 if (chan <= 14) 4180 rf = 0x60 | txpow1; 4181 else 4182 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4183 run_rt3070_rf_write(sc, 12, rf); 4184 4185 /* set Tx power for chain 1 */ 4186 if (chan <= 14) 4187 rf = 0x60 | txpow2; 4188 else 4189 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4190 run_rt3070_rf_write(sc, 13, rf); 4191 4192 /* set Tx/Rx streams */ 4193 run_rt3070_rf_read(sc, 1, &rf); 4194 rf &= ~0xfc; 4195 if (sc->ntxchains == 1) 4196 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4197 else if (sc->ntxchains == 2) 4198 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4199 if (sc->nrxchains == 1) 4200 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4201 else if (sc->nrxchains == 2) 4202 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4203 run_rt3070_rf_write(sc, 1, rf); 4204 4205 /* set RF offset */ 4206 run_rt3070_rf_read(sc, 23, &rf); 4207 rf = (rf & ~0x7f) | sc->freq; 4208 run_rt3070_rf_write(sc, 23, rf); 4209 4210 /* program RF filter */ 4211 rf = sc->rf24_20mhz; 4212 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4213 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4214 4215 /* enable RF tuning */ 4216 run_rt3070_rf_read(sc, 7, &rf); 4217 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4218 run_rt3070_rf_write(sc, 7, rf); 4219 4220 /* TSSI */ 4221 rf = (chan <= 14) ? 0xc3 : 0xc0; 4222 run_rt3070_rf_write(sc, 9, rf); 4223 4224 /* set loop filter 1 */ 4225 run_rt3070_rf_write(sc, 10, 0xf1); 4226 /* set loop filter 2 */ 4227 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4228 4229 /* set tx_mx2_ic */ 4230 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4231 /* set tx_mx1_ic */ 4232 if (chan <= 14) 4233 rf = 0x48 | sc->txmixgain_2ghz; 4234 else 4235 rf = 0x78 | sc->txmixgain_5ghz; 4236 run_rt3070_rf_write(sc, 16, rf); 4237 4238 /* set tx_lo1 */ 4239 run_rt3070_rf_write(sc, 17, 0x23); 4240 /* set tx_lo2 */ 4241 if (chan <= 14) 4242 rf = 0x93; 4243 else if (chan <= 64) 4244 rf = 0xb7; 4245 else if (chan <= 128) 4246 rf = 0x74; 4247 else 4248 rf = 0x72; 4249 run_rt3070_rf_write(sc, 19, rf); 4250 4251 /* set rx_lo1 */ 4252 if (chan <= 14) 4253 rf = 0xb3; 4254 else if (chan <= 64) 4255 rf = 0xf6; 4256 else if (chan <= 128) 4257 rf = 0xf4; 4258 else 4259 rf = 0xf3; 4260 run_rt3070_rf_write(sc, 20, rf); 4261 4262 /* set pfd_delay */ 4263 if (chan <= 14) 4264 rf = 0x15; 4265 else if (chan <= 64) 4266 rf = 0x3d; 4267 else 4268 rf = 0x01; 4269 run_rt3070_rf_write(sc, 25, rf); 4270 4271 /* set rx_lo2 */ 4272 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4273 /* set ldo_rf_vc */ 4274 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4275 /* set drv_cc */ 4276 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4277 4278 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4279 tmp &= ~0x8080; 4280 if (chan <= 14) 4281 tmp |= 0x80; 4282 run_write(sc, RT2860_GPIO_CTRL, tmp); 4283 4284 /* enable RF tuning */ 4285 run_rt3070_rf_read(sc, 7, &rf); 4286 run_rt3070_rf_write(sc, 7, rf | 0x01); 4287 4288 run_delay(sc, 2); 4289 } 4290 4291 static void 4292 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4293 { 4294 int8_t txpow1, txpow2, txpow3; 4295 uint8_t h20mhz, rf; 4296 int i; 4297 4298 /* find the settings for this channel (we know it exists) */ 4299 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4300 4301 /* use Tx power values from EEPROM */ 4302 txpow1 = sc->txpow1[i]; 4303 txpow2 = sc->txpow2[i]; 4304 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4305 4306 if (chan <= 14) { 4307 run_bbp_write(sc, 25, sc->bbp25); 4308 run_bbp_write(sc, 26, sc->bbp26); 4309 } else { 4310 /* Enable IQ phase correction. */ 4311 run_bbp_write(sc, 25, 0x09); 4312 run_bbp_write(sc, 26, 0xff); 4313 } 4314 4315 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4316 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4317 run_rt3070_rf_read(sc, 11, &rf); 4318 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4319 run_rt3070_rf_write(sc, 11, rf); 4320 4321 /* Set pll_idoh. */ 4322 run_rt3070_rf_read(sc, 11, &rf); 4323 rf &= ~0x4c; 4324 rf |= (chan <= 14) ? 0x44 : 0x48; 4325 run_rt3070_rf_write(sc, 11, rf); 4326 4327 if (chan <= 14) 4328 rf = txpow1 & 0x1f; 4329 else 4330 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4331 run_rt3070_rf_write(sc, 53, rf); 4332 4333 if (chan <= 14) 4334 rf = txpow2 & 0x1f; 4335 else 4336 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4337 run_rt3070_rf_write(sc, 55, rf); 4338 4339 if (chan <= 14) 4340 rf = txpow3 & 0x1f; 4341 else 4342 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4343 run_rt3070_rf_write(sc, 54, rf); 4344 4345 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4346 if (sc->ntxchains == 3) 4347 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4348 else 4349 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4350 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4351 run_rt3070_rf_write(sc, 1, rf); 4352 4353 run_adjust_freq_offset(sc); 4354 4355 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4356 4357 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4358 run_rt3070_rf_read(sc, 30, &rf); 4359 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4360 run_rt3070_rf_write(sc, 30, rf); 4361 4362 run_rt3070_rf_read(sc, 36, &rf); 4363 if (chan <= 14) 4364 rf |= 0x80; 4365 else 4366 rf &= ~0x80; 4367 run_rt3070_rf_write(sc, 36, rf); 4368 4369 /* Set vcolo_bs. */ 4370 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4371 /* Set pfd_delay. */ 4372 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4373 4374 /* Set vco bias current control. */ 4375 run_rt3070_rf_read(sc, 6, &rf); 4376 rf &= ~0xc0; 4377 if (chan <= 14) 4378 rf |= 0x40; 4379 else if (chan <= 128) 4380 rf |= 0x80; 4381 else 4382 rf |= 0x40; 4383 run_rt3070_rf_write(sc, 6, rf); 4384 4385 run_rt3070_rf_read(sc, 30, &rf); 4386 rf = (rf & ~0x18) | 0x10; 4387 run_rt3070_rf_write(sc, 30, rf); 4388 4389 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4390 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4391 4392 run_rt3070_rf_read(sc, 51, &rf); 4393 rf = (rf & ~0x03) | 0x01; 4394 run_rt3070_rf_write(sc, 51, rf); 4395 /* Set tx_mx1_cc. */ 4396 run_rt3070_rf_read(sc, 51, &rf); 4397 rf &= ~0x1c; 4398 rf |= (chan <= 14) ? 0x14 : 0x10; 4399 run_rt3070_rf_write(sc, 51, rf); 4400 /* Set tx_mx1_ic. */ 4401 run_rt3070_rf_read(sc, 51, &rf); 4402 rf &= ~0xe0; 4403 rf |= (chan <= 14) ? 0x60 : 0x40; 4404 run_rt3070_rf_write(sc, 51, rf); 4405 /* Set tx_lo1_ic. */ 4406 run_rt3070_rf_read(sc, 49, &rf); 4407 rf &= ~0x1c; 4408 rf |= (chan <= 14) ? 0x0c : 0x08; 4409 run_rt3070_rf_write(sc, 49, rf); 4410 /* Set tx_lo1_en. */ 4411 run_rt3070_rf_read(sc, 50, &rf); 4412 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4413 /* Set drv_cc. */ 4414 run_rt3070_rf_read(sc, 57, &rf); 4415 rf &= ~0xfc; 4416 rf |= (chan <= 14) ? 0x6c : 0x3c; 4417 run_rt3070_rf_write(sc, 57, rf); 4418 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4419 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4420 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4421 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4422 /* Enable VCO calibration. */ 4423 run_rt3070_rf_read(sc, 3, &rf); 4424 rf &= ~RT5390_VCOCAL; 4425 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4426 run_rt3070_rf_write(sc, 3, rf); 4427 4428 if (chan <= 14) 4429 rf = 0x23; 4430 else if (chan <= 64) 4431 rf = 0x36; 4432 else if (chan <= 128) 4433 rf = 0x32; 4434 else 4435 rf = 0x30; 4436 run_rt3070_rf_write(sc, 39, rf); 4437 if (chan <= 14) 4438 rf = 0xbb; 4439 else if (chan <= 64) 4440 rf = 0xeb; 4441 else if (chan <= 128) 4442 rf = 0xb3; 4443 else 4444 rf = 0x9b; 4445 run_rt3070_rf_write(sc, 45, rf); 4446 4447 /* Set FEQ/AEQ control. */ 4448 run_bbp_write(sc, 105, 0x34); 4449 } 4450 4451 static void 4452 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4453 { 4454 int8_t txpow1, txpow2; 4455 uint8_t rf; 4456 int i; 4457 4458 /* find the settings for this channel (we know it exists) */ 4459 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4460 4461 /* use Tx power values from EEPROM */ 4462 txpow1 = sc->txpow1[i]; 4463 txpow2 = sc->txpow2[i]; 4464 4465 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4466 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4467 run_rt3070_rf_read(sc, 11, &rf); 4468 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4469 run_rt3070_rf_write(sc, 11, rf); 4470 4471 run_rt3070_rf_read(sc, 49, &rf); 4472 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4473 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4474 if ((rf & 0x3f) > 0x27) 4475 rf = (rf & ~0x3f) | 0x27; 4476 run_rt3070_rf_write(sc, 49, rf); 4477 4478 if (sc->mac_ver == 0x5392) { 4479 run_rt3070_rf_read(sc, 50, &rf); 4480 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4481 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4482 if ((rf & 0x3f) > 0x27) 4483 rf = (rf & ~0x3f) | 0x27; 4484 run_rt3070_rf_write(sc, 50, rf); 4485 } 4486 4487 run_rt3070_rf_read(sc, 1, &rf); 4488 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4489 if (sc->mac_ver == 0x5392) 4490 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4491 run_rt3070_rf_write(sc, 1, rf); 4492 4493 if (sc->mac_ver != 0x5392) { 4494 run_rt3070_rf_read(sc, 2, &rf); 4495 rf |= 0x80; 4496 run_rt3070_rf_write(sc, 2, rf); 4497 run_delay(sc, 10); 4498 rf &= 0x7f; 4499 run_rt3070_rf_write(sc, 2, rf); 4500 } 4501 4502 run_adjust_freq_offset(sc); 4503 4504 if (sc->mac_ver == 0x5392) { 4505 /* Fix for RT5392C. */ 4506 if (sc->mac_rev >= 0x0223) { 4507 if (chan <= 4) 4508 rf = 0x0f; 4509 else if (chan >= 5 && chan <= 7) 4510 rf = 0x0e; 4511 else 4512 rf = 0x0d; 4513 run_rt3070_rf_write(sc, 23, rf); 4514 4515 if (chan <= 4) 4516 rf = 0x0c; 4517 else if (chan == 5) 4518 rf = 0x0b; 4519 else if (chan >= 6 && chan <= 7) 4520 rf = 0x0a; 4521 else if (chan >= 8 && chan <= 10) 4522 rf = 0x09; 4523 else 4524 rf = 0x08; 4525 run_rt3070_rf_write(sc, 59, rf); 4526 } else { 4527 if (chan <= 11) 4528 rf = 0x0f; 4529 else 4530 rf = 0x0b; 4531 run_rt3070_rf_write(sc, 59, rf); 4532 } 4533 } else { 4534 /* Fix for RT5390F. */ 4535 if (sc->mac_rev >= 0x0502) { 4536 if (chan <= 11) 4537 rf = 0x43; 4538 else 4539 rf = 0x23; 4540 run_rt3070_rf_write(sc, 55, rf); 4541 4542 if (chan <= 11) 4543 rf = 0x0f; 4544 else if (chan == 12) 4545 rf = 0x0d; 4546 else 4547 rf = 0x0b; 4548 run_rt3070_rf_write(sc, 59, rf); 4549 } else { 4550 run_rt3070_rf_write(sc, 55, 0x44); 4551 run_rt3070_rf_write(sc, 59, 0x8f); 4552 } 4553 } 4554 4555 /* Enable VCO calibration. */ 4556 run_rt3070_rf_read(sc, 3, &rf); 4557 rf |= RT5390_VCOCAL; 4558 run_rt3070_rf_write(sc, 3, rf); 4559 } 4560 4561 static void 4562 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4563 { 4564 const struct rt5592_freqs *freqs; 4565 uint32_t tmp; 4566 uint8_t reg, rf, txpow_bound; 4567 int8_t txpow1, txpow2; 4568 int i; 4569 4570 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4571 freqs = (tmp & RT5592_SEL_XTAL) ? 4572 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4573 4574 /* find the settings for this channel (we know it exists) */ 4575 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4576 4577 /* use Tx power values from EEPROM */ 4578 txpow1 = sc->txpow1[i]; 4579 txpow2 = sc->txpow2[i]; 4580 4581 run_read(sc, RT3070_LDO_CFG0, &tmp); 4582 tmp &= ~0x1c000000; 4583 if (chan > 14) 4584 tmp |= 0x14000000; 4585 run_write(sc, RT3070_LDO_CFG0, tmp); 4586 4587 /* N setting. */ 4588 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4589 run_rt3070_rf_read(sc, 9, &rf); 4590 rf &= ~(1 << 4); 4591 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4592 run_rt3070_rf_write(sc, 9, rf); 4593 4594 /* K setting. */ 4595 run_rt3070_rf_read(sc, 9, &rf); 4596 rf &= ~0x0f; 4597 rf |= (freqs->k & 0x0f); 4598 run_rt3070_rf_write(sc, 9, rf); 4599 4600 /* Mode setting. */ 4601 run_rt3070_rf_read(sc, 11, &rf); 4602 rf &= ~0x0c; 4603 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4604 run_rt3070_rf_write(sc, 11, rf); 4605 run_rt3070_rf_read(sc, 9, &rf); 4606 rf &= ~(1 << 7); 4607 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4608 run_rt3070_rf_write(sc, 9, rf); 4609 4610 /* R setting. */ 4611 run_rt3070_rf_read(sc, 11, &rf); 4612 rf &= ~0x03; 4613 rf |= (freqs->r - 0x1); 4614 run_rt3070_rf_write(sc, 11, rf); 4615 4616 if (chan <= 14) { 4617 /* Initialize RF registers for 2GHZ. */ 4618 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4619 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4620 rt5592_2ghz_def_rf[i].val); 4621 } 4622 4623 rf = (chan <= 10) ? 0x07 : 0x06; 4624 run_rt3070_rf_write(sc, 23, rf); 4625 run_rt3070_rf_write(sc, 59, rf); 4626 4627 run_rt3070_rf_write(sc, 55, 0x43); 4628 4629 /* 4630 * RF R49/R50 Tx power ALC code. 4631 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4632 */ 4633 reg = 2; 4634 txpow_bound = 0x27; 4635 } else { 4636 /* Initialize RF registers for 5GHZ. */ 4637 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4638 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4639 rt5592_5ghz_def_rf[i].val); 4640 } 4641 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4642 if (chan >= rt5592_chan_5ghz[i].firstchan && 4643 chan <= rt5592_chan_5ghz[i].lastchan) { 4644 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4645 rt5592_chan_5ghz[i].val); 4646 } 4647 } 4648 4649 /* 4650 * RF R49/R50 Tx power ALC code. 4651 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4652 */ 4653 reg = 3; 4654 txpow_bound = 0x2b; 4655 } 4656 4657 /* RF R49 ch0 Tx power ALC code. */ 4658 run_rt3070_rf_read(sc, 49, &rf); 4659 rf &= ~0xc0; 4660 rf |= (reg << 6); 4661 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4662 if ((rf & 0x3f) > txpow_bound) 4663 rf = (rf & ~0x3f) | txpow_bound; 4664 run_rt3070_rf_write(sc, 49, rf); 4665 4666 /* RF R50 ch1 Tx power ALC code. */ 4667 run_rt3070_rf_read(sc, 50, &rf); 4668 rf &= ~(1 << 7 | 1 << 6); 4669 rf |= (reg << 6); 4670 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4671 if ((rf & 0x3f) > txpow_bound) 4672 rf = (rf & ~0x3f) | txpow_bound; 4673 run_rt3070_rf_write(sc, 50, rf); 4674 4675 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4676 run_rt3070_rf_read(sc, 1, &rf); 4677 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4678 if (sc->ntxchains > 1) 4679 rf |= RT3070_TX1_PD; 4680 if (sc->nrxchains > 1) 4681 rf |= RT3070_RX1_PD; 4682 run_rt3070_rf_write(sc, 1, rf); 4683 4684 run_rt3070_rf_write(sc, 6, 0xe4); 4685 4686 run_rt3070_rf_write(sc, 30, 0x10); 4687 run_rt3070_rf_write(sc, 31, 0x80); 4688 run_rt3070_rf_write(sc, 32, 0x80); 4689 4690 run_adjust_freq_offset(sc); 4691 4692 /* Enable VCO calibration. */ 4693 run_rt3070_rf_read(sc, 3, &rf); 4694 rf |= RT5390_VCOCAL; 4695 run_rt3070_rf_write(sc, 3, rf); 4696 } 4697 4698 static void 4699 run_set_rx_antenna(struct run_softc *sc, int aux) 4700 { 4701 uint32_t tmp; 4702 uint8_t bbp152; 4703 4704 if (aux) { 4705 if (sc->rf_rev == RT5390_RF_5370) { 4706 run_bbp_read(sc, 152, &bbp152); 4707 run_bbp_write(sc, 152, bbp152 & ~0x80); 4708 } else { 4709 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4710 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4711 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4712 } 4713 } else { 4714 if (sc->rf_rev == RT5390_RF_5370) { 4715 run_bbp_read(sc, 152, &bbp152); 4716 run_bbp_write(sc, 152, bbp152 | 0x80); 4717 } else { 4718 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4719 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4720 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4721 } 4722 } 4723 } 4724 4725 static int 4726 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4727 { 4728 struct ieee80211com *ic = &sc->sc_ic; 4729 u_int chan, group; 4730 4731 chan = ieee80211_chan2ieee(ic, c); 4732 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4733 return (EINVAL); 4734 4735 if (sc->mac_ver == 0x5592) 4736 run_rt5592_set_chan(sc, chan); 4737 else if (sc->mac_ver >= 0x5390) 4738 run_rt5390_set_chan(sc, chan); 4739 else if (sc->mac_ver == 0x3593) 4740 run_rt3593_set_chan(sc, chan); 4741 else if (sc->mac_ver == 0x3572) 4742 run_rt3572_set_chan(sc, chan); 4743 else if (sc->mac_ver >= 0x3070) 4744 run_rt3070_set_chan(sc, chan); 4745 else 4746 run_rt2870_set_chan(sc, chan); 4747 4748 /* determine channel group */ 4749 if (chan <= 14) 4750 group = 0; 4751 else if (chan <= 64) 4752 group = 1; 4753 else if (chan <= 128) 4754 group = 2; 4755 else 4756 group = 3; 4757 4758 /* XXX necessary only when group has changed! */ 4759 run_select_chan_group(sc, group); 4760 4761 run_delay(sc, 10); 4762 4763 /* Perform IQ calibration. */ 4764 if (sc->mac_ver >= 0x5392) 4765 run_iq_calib(sc, chan); 4766 4767 return (0); 4768 } 4769 4770 static void 4771 run_set_channel(struct ieee80211com *ic) 4772 { 4773 struct run_softc *sc = ic->ic_softc; 4774 4775 RUN_LOCK(sc); 4776 run_set_chan(sc, ic->ic_curchan); 4777 RUN_UNLOCK(sc); 4778 4779 return; 4780 } 4781 4782 static void 4783 run_getradiocaps(struct ieee80211com *ic, 4784 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4785 { 4786 struct run_softc *sc = ic->ic_softc; 4787 uint8_t bands[IEEE80211_MODE_BYTES]; 4788 4789 memset(bands, 0, sizeof(bands)); 4790 setbit(bands, IEEE80211_MODE_11B); 4791 setbit(bands, IEEE80211_MODE_11G); 4792 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 4793 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0); 4794 4795 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4796 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4797 sc->rf_rev == RT5592_RF_5592) { 4798 setbit(bands, IEEE80211_MODE_11A); 4799 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4800 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4801 } 4802 } 4803 4804 static void 4805 run_scan_start(struct ieee80211com *ic) 4806 { 4807 struct run_softc *sc = ic->ic_softc; 4808 uint32_t tmp; 4809 4810 RUN_LOCK(sc); 4811 4812 /* abort TSF synchronization */ 4813 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4814 run_write(sc, RT2860_BCN_TIME_CFG, 4815 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4816 RT2860_TBTT_TIMER_EN)); 4817 run_set_bssid(sc, ieee80211broadcastaddr); 4818 4819 RUN_UNLOCK(sc); 4820 4821 return; 4822 } 4823 4824 static void 4825 run_scan_end(struct ieee80211com *ic) 4826 { 4827 struct run_softc *sc = ic->ic_softc; 4828 4829 RUN_LOCK(sc); 4830 4831 run_enable_tsf_sync(sc); 4832 run_set_bssid(sc, sc->sc_bssid); 4833 4834 RUN_UNLOCK(sc); 4835 4836 return; 4837 } 4838 4839 /* 4840 * Could be called from ieee80211_node_timeout() 4841 * (non-sleepable thread) 4842 */ 4843 static void 4844 run_update_beacon(struct ieee80211vap *vap, int item) 4845 { 4846 struct ieee80211com *ic = vap->iv_ic; 4847 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4848 struct ieee80211_node *ni = vap->iv_bss; 4849 struct run_softc *sc = ic->ic_softc; 4850 struct run_vap *rvp = RUN_VAP(vap); 4851 int mcast = 0; 4852 uint32_t i; 4853 4854 switch (item) { 4855 case IEEE80211_BEACON_ERP: 4856 run_updateslot(ic); 4857 break; 4858 case IEEE80211_BEACON_HTINFO: 4859 run_updateprot(ic); 4860 break; 4861 case IEEE80211_BEACON_TIM: 4862 mcast = 1; /*TODO*/ 4863 break; 4864 default: 4865 break; 4866 } 4867 4868 setbit(bo->bo_flags, item); 4869 if (rvp->beacon_mbuf == NULL) { 4870 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4871 if (rvp->beacon_mbuf == NULL) 4872 return; 4873 } 4874 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4875 4876 i = RUN_CMDQ_GET(&sc->cmdq_store); 4877 DPRINTF("cmdq_store=%d\n", i); 4878 sc->cmdq[i].func = run_update_beacon_cb; 4879 sc->cmdq[i].arg0 = vap; 4880 ieee80211_runtask(ic, &sc->cmdq_task); 4881 4882 return; 4883 } 4884 4885 static void 4886 run_update_beacon_cb(void *arg) 4887 { 4888 struct ieee80211vap *vap = arg; 4889 struct ieee80211_node *ni = vap->iv_bss; 4890 struct run_vap *rvp = RUN_VAP(vap); 4891 struct ieee80211com *ic = vap->iv_ic; 4892 struct run_softc *sc = ic->ic_softc; 4893 struct rt2860_txwi txwi; 4894 struct mbuf *m; 4895 uint16_t txwisize; 4896 uint8_t ridx; 4897 4898 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4899 return; 4900 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4901 return; 4902 4903 /* 4904 * No need to call ieee80211_beacon_update(), run_update_beacon() 4905 * is taking care of appropriate calls. 4906 */ 4907 if (rvp->beacon_mbuf == NULL) { 4908 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4909 if (rvp->beacon_mbuf == NULL) 4910 return; 4911 } 4912 m = rvp->beacon_mbuf; 4913 4914 memset(&txwi, 0, sizeof(txwi)); 4915 txwi.wcid = 0xff; 4916 txwi.len = htole16(m->m_pkthdr.len); 4917 4918 /* send beacons at the lowest available rate */ 4919 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4920 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4921 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4922 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4923 txwi.phy |= htole16(RT2860_PHY_OFDM); 4924 txwi.txop = RT2860_TX_TXOP_HT; 4925 txwi.flags = RT2860_TX_TS; 4926 txwi.xflags = RT2860_TX_NSEQ; 4927 4928 txwisize = (sc->mac_ver == 0x5592) ? 4929 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4930 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4931 txwisize); 4932 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4933 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4934 } 4935 4936 static void 4937 run_updateprot(struct ieee80211com *ic) 4938 { 4939 struct run_softc *sc = ic->ic_softc; 4940 uint32_t i; 4941 4942 i = RUN_CMDQ_GET(&sc->cmdq_store); 4943 DPRINTF("cmdq_store=%d\n", i); 4944 sc->cmdq[i].func = run_updateprot_cb; 4945 sc->cmdq[i].arg0 = ic; 4946 ieee80211_runtask(ic, &sc->cmdq_task); 4947 } 4948 4949 static void 4950 run_updateprot_cb(void *arg) 4951 { 4952 struct ieee80211com *ic = arg; 4953 struct run_softc *sc = ic->ic_softc; 4954 uint32_t tmp; 4955 4956 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4957 /* setup protection frame rate (MCS code) */ 4958 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4959 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4960 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4961 4962 /* CCK frames don't require protection */ 4963 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4964 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4965 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4966 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4967 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4968 tmp |= RT2860_PROT_CTRL_CTS; 4969 } 4970 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4971 } 4972 4973 static void 4974 run_usb_timeout_cb(void *arg) 4975 { 4976 struct ieee80211vap *vap = arg; 4977 struct run_softc *sc = vap->iv_ic->ic_softc; 4978 4979 RUN_LOCK_ASSERT(sc, MA_OWNED); 4980 4981 if(vap->iv_state == IEEE80211_S_RUN && 4982 vap->iv_opmode != IEEE80211_M_STA) 4983 run_reset_livelock(sc); 4984 else if (vap->iv_state == IEEE80211_S_SCAN) { 4985 DPRINTF("timeout caused by scan\n"); 4986 /* cancel bgscan */ 4987 ieee80211_cancel_scan(vap); 4988 } else 4989 DPRINTF("timeout by unknown cause\n"); 4990 } 4991 4992 static void 4993 run_reset_livelock(struct run_softc *sc) 4994 { 4995 uint32_t tmp; 4996 4997 RUN_LOCK_ASSERT(sc, MA_OWNED); 4998 4999 /* 5000 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5001 * can run into a livelock and start sending CTS-to-self frames like 5002 * crazy if protection is enabled. Reset MAC/BBP for a while 5003 */ 5004 run_read(sc, RT2860_DEBUG, &tmp); 5005 DPRINTFN(3, "debug reg %08x\n", tmp); 5006 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5007 DPRINTF("CTS-to-self livelock detected\n"); 5008 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5009 run_delay(sc, 1); 5010 run_write(sc, RT2860_MAC_SYS_CTRL, 5011 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5012 } 5013 } 5014 5015 static void 5016 run_update_promisc_locked(struct run_softc *sc) 5017 { 5018 uint32_t tmp; 5019 5020 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5021 5022 tmp |= RT2860_DROP_UC_NOME; 5023 if (sc->sc_ic.ic_promisc > 0) 5024 tmp &= ~RT2860_DROP_UC_NOME; 5025 5026 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5027 5028 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5029 "entering" : "leaving"); 5030 } 5031 5032 static void 5033 run_update_promisc(struct ieee80211com *ic) 5034 { 5035 struct run_softc *sc = ic->ic_softc; 5036 5037 if ((sc->sc_flags & RUN_RUNNING) == 0) 5038 return; 5039 5040 RUN_LOCK(sc); 5041 run_update_promisc_locked(sc); 5042 RUN_UNLOCK(sc); 5043 } 5044 5045 static void 5046 run_enable_tsf_sync(struct run_softc *sc) 5047 { 5048 struct ieee80211com *ic = &sc->sc_ic; 5049 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5050 uint32_t tmp; 5051 5052 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5053 ic->ic_opmode); 5054 5055 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5056 tmp &= ~0x1fffff; 5057 tmp |= vap->iv_bss->ni_intval * 16; 5058 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5059 5060 if (ic->ic_opmode == IEEE80211_M_STA) { 5061 /* 5062 * Local TSF is always updated with remote TSF on beacon 5063 * reception. 5064 */ 5065 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5066 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5067 tmp |= RT2860_BCN_TX_EN; 5068 /* 5069 * Local TSF is updated with remote TSF on beacon reception 5070 * only if the remote TSF is greater than local TSF. 5071 */ 5072 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5073 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5074 ic->ic_opmode == IEEE80211_M_MBSS) { 5075 tmp |= RT2860_BCN_TX_EN; 5076 /* SYNC with nobody */ 5077 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5078 } else { 5079 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5080 return; 5081 } 5082 5083 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5084 } 5085 5086 static void 5087 run_enable_tsf(struct run_softc *sc) 5088 { 5089 uint32_t tmp; 5090 5091 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5092 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5093 tmp |= RT2860_TSF_TIMER_EN; 5094 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5095 } 5096 } 5097 5098 static void 5099 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5100 { 5101 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5102 sizeof(*buf)); 5103 } 5104 5105 static void 5106 run_enable_mrr(struct run_softc *sc) 5107 { 5108 #define CCK(mcs) (mcs) 5109 #define OFDM(mcs) (1 << 3 | (mcs)) 5110 run_write(sc, RT2860_LG_FBK_CFG0, 5111 OFDM(6) << 28 | /* 54->48 */ 5112 OFDM(5) << 24 | /* 48->36 */ 5113 OFDM(4) << 20 | /* 36->24 */ 5114 OFDM(3) << 16 | /* 24->18 */ 5115 OFDM(2) << 12 | /* 18->12 */ 5116 OFDM(1) << 8 | /* 12-> 9 */ 5117 OFDM(0) << 4 | /* 9-> 6 */ 5118 OFDM(0)); /* 6-> 6 */ 5119 5120 run_write(sc, RT2860_LG_FBK_CFG1, 5121 CCK(2) << 12 | /* 11->5.5 */ 5122 CCK(1) << 8 | /* 5.5-> 2 */ 5123 CCK(0) << 4 | /* 2-> 1 */ 5124 CCK(0)); /* 1-> 1 */ 5125 #undef OFDM 5126 #undef CCK 5127 } 5128 5129 static void 5130 run_set_txpreamble(struct run_softc *sc) 5131 { 5132 struct ieee80211com *ic = &sc->sc_ic; 5133 uint32_t tmp; 5134 5135 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5136 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5137 tmp |= RT2860_CCK_SHORT_EN; 5138 else 5139 tmp &= ~RT2860_CCK_SHORT_EN; 5140 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5141 } 5142 5143 static void 5144 run_set_basicrates(struct run_softc *sc) 5145 { 5146 struct ieee80211com *ic = &sc->sc_ic; 5147 5148 /* set basic rates mask */ 5149 if (ic->ic_curmode == IEEE80211_MODE_11B) 5150 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5151 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5152 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5153 else /* 11g */ 5154 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5155 } 5156 5157 static void 5158 run_set_leds(struct run_softc *sc, uint16_t which) 5159 { 5160 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5161 which | (sc->leds & 0x7f)); 5162 } 5163 5164 static void 5165 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5166 { 5167 run_write(sc, RT2860_MAC_BSSID_DW0, 5168 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5169 run_write(sc, RT2860_MAC_BSSID_DW1, 5170 bssid[4] | bssid[5] << 8); 5171 } 5172 5173 static void 5174 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5175 { 5176 run_write(sc, RT2860_MAC_ADDR_DW0, 5177 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5178 run_write(sc, RT2860_MAC_ADDR_DW1, 5179 addr[4] | addr[5] << 8 | 0xff << 16); 5180 } 5181 5182 static void 5183 run_updateslot(struct ieee80211com *ic) 5184 { 5185 struct run_softc *sc = ic->ic_softc; 5186 uint32_t i; 5187 5188 i = RUN_CMDQ_GET(&sc->cmdq_store); 5189 DPRINTF("cmdq_store=%d\n", i); 5190 sc->cmdq[i].func = run_updateslot_cb; 5191 sc->cmdq[i].arg0 = ic; 5192 ieee80211_runtask(ic, &sc->cmdq_task); 5193 5194 return; 5195 } 5196 5197 /* ARGSUSED */ 5198 static void 5199 run_updateslot_cb(void *arg) 5200 { 5201 struct ieee80211com *ic = arg; 5202 struct run_softc *sc = ic->ic_softc; 5203 uint32_t tmp; 5204 5205 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5206 tmp &= ~0xff; 5207 tmp |= IEEE80211_GET_SLOTTIME(ic); 5208 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5209 } 5210 5211 static void 5212 run_update_mcast(struct ieee80211com *ic) 5213 { 5214 } 5215 5216 static int8_t 5217 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5218 { 5219 struct ieee80211com *ic = &sc->sc_ic; 5220 struct ieee80211_channel *c = ic->ic_curchan; 5221 int delta; 5222 5223 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5224 u_int chan = ieee80211_chan2ieee(ic, c); 5225 delta = sc->rssi_5ghz[rxchain]; 5226 5227 /* determine channel group */ 5228 if (chan <= 64) 5229 delta -= sc->lna[1]; 5230 else if (chan <= 128) 5231 delta -= sc->lna[2]; 5232 else 5233 delta -= sc->lna[3]; 5234 } else 5235 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5236 5237 return (-12 - delta - rssi); 5238 } 5239 5240 static void 5241 run_rt5390_bbp_init(struct run_softc *sc) 5242 { 5243 u_int i; 5244 uint8_t bbp; 5245 5246 /* Apply maximum likelihood detection for 2 stream case. */ 5247 run_bbp_read(sc, 105, &bbp); 5248 if (sc->nrxchains > 1) 5249 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5250 5251 /* Avoid data lost and CRC error. */ 5252 run_bbp_read(sc, 4, &bbp); 5253 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5254 5255 if (sc->mac_ver == 0x5592) { 5256 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5257 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5258 rt5592_def_bbp[i].val); 5259 } 5260 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5261 run_bbp_write(sc, 195, i + 0x80); 5262 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5263 } 5264 } else { 5265 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5266 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5267 rt5390_def_bbp[i].val); 5268 } 5269 } 5270 if (sc->mac_ver == 0x5392) { 5271 run_bbp_write(sc, 88, 0x90); 5272 run_bbp_write(sc, 95, 0x9a); 5273 run_bbp_write(sc, 98, 0x12); 5274 run_bbp_write(sc, 106, 0x12); 5275 run_bbp_write(sc, 134, 0xd0); 5276 run_bbp_write(sc, 135, 0xf6); 5277 run_bbp_write(sc, 148, 0x84); 5278 } 5279 5280 run_bbp_read(sc, 152, &bbp); 5281 run_bbp_write(sc, 152, bbp | 0x80); 5282 5283 /* Fix BBP254 for RT5592C. */ 5284 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5285 run_bbp_read(sc, 254, &bbp); 5286 run_bbp_write(sc, 254, bbp | 0x80); 5287 } 5288 5289 /* Disable hardware antenna diversity. */ 5290 if (sc->mac_ver == 0x5390) 5291 run_bbp_write(sc, 154, 0); 5292 5293 /* Initialize Rx CCK/OFDM frequency offset report. */ 5294 run_bbp_write(sc, 142, 1); 5295 run_bbp_write(sc, 143, 57); 5296 } 5297 5298 static int 5299 run_bbp_init(struct run_softc *sc) 5300 { 5301 int i, error, ntries; 5302 uint8_t bbp0; 5303 5304 /* wait for BBP to wake up */ 5305 for (ntries = 0; ntries < 20; ntries++) { 5306 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5307 return error; 5308 if (bbp0 != 0 && bbp0 != 0xff) 5309 break; 5310 } 5311 if (ntries == 20) 5312 return (ETIMEDOUT); 5313 5314 /* initialize BBP registers to default values */ 5315 if (sc->mac_ver >= 0x5390) 5316 run_rt5390_bbp_init(sc); 5317 else { 5318 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5319 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5320 rt2860_def_bbp[i].val); 5321 } 5322 } 5323 5324 if (sc->mac_ver == 0x3593) { 5325 run_bbp_write(sc, 79, 0x13); 5326 run_bbp_write(sc, 80, 0x05); 5327 run_bbp_write(sc, 81, 0x33); 5328 run_bbp_write(sc, 86, 0x46); 5329 run_bbp_write(sc, 137, 0x0f); 5330 } 5331 5332 /* fix BBP84 for RT2860E */ 5333 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5334 run_bbp_write(sc, 84, 0x19); 5335 5336 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5337 sc->mac_ver != 0x5592)) { 5338 run_bbp_write(sc, 79, 0x13); 5339 run_bbp_write(sc, 80, 0x05); 5340 run_bbp_write(sc, 81, 0x33); 5341 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5342 run_bbp_write(sc, 69, 0x16); 5343 run_bbp_write(sc, 73, 0x12); 5344 } 5345 return (0); 5346 } 5347 5348 static int 5349 run_rt3070_rf_init(struct run_softc *sc) 5350 { 5351 uint32_t tmp; 5352 uint8_t bbp4, mingain, rf, target; 5353 u_int i; 5354 5355 run_rt3070_rf_read(sc, 30, &rf); 5356 /* toggle RF R30 bit 7 */ 5357 run_rt3070_rf_write(sc, 30, rf | 0x80); 5358 run_delay(sc, 10); 5359 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5360 5361 /* initialize RF registers to default value */ 5362 if (sc->mac_ver == 0x3572) { 5363 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5364 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5365 rt3572_def_rf[i].val); 5366 } 5367 } else { 5368 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5369 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5370 rt3070_def_rf[i].val); 5371 } 5372 } 5373 5374 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5375 /* 5376 * Change voltage from 1.2V to 1.35V for RT3070. 5377 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5378 * in RT3070(F). 5379 */ 5380 run_read(sc, RT3070_LDO_CFG0, &tmp); 5381 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5382 run_write(sc, RT3070_LDO_CFG0, tmp); 5383 5384 } else if (sc->mac_ver == 0x3071) { 5385 run_rt3070_rf_read(sc, 6, &rf); 5386 run_rt3070_rf_write(sc, 6, rf | 0x40); 5387 run_rt3070_rf_write(sc, 31, 0x14); 5388 5389 run_read(sc, RT3070_LDO_CFG0, &tmp); 5390 tmp &= ~0x1f000000; 5391 if (sc->mac_rev < 0x0211) 5392 tmp |= 0x0d000000; /* 1.3V */ 5393 else 5394 tmp |= 0x01000000; /* 1.2V */ 5395 run_write(sc, RT3070_LDO_CFG0, tmp); 5396 5397 /* patch LNA_PE_G1 */ 5398 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5399 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5400 5401 } else if (sc->mac_ver == 0x3572) { 5402 run_rt3070_rf_read(sc, 6, &rf); 5403 run_rt3070_rf_write(sc, 6, rf | 0x40); 5404 5405 /* increase voltage from 1.2V to 1.35V */ 5406 run_read(sc, RT3070_LDO_CFG0, &tmp); 5407 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5408 run_write(sc, RT3070_LDO_CFG0, tmp); 5409 5410 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5411 run_delay(sc, 1); /* wait for 1msec */ 5412 /* decrease voltage back to 1.2V */ 5413 tmp = (tmp & ~0x1f000000) | 0x01000000; 5414 run_write(sc, RT3070_LDO_CFG0, tmp); 5415 } 5416 } 5417 5418 /* select 20MHz bandwidth */ 5419 run_rt3070_rf_read(sc, 31, &rf); 5420 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5421 5422 /* calibrate filter for 20MHz bandwidth */ 5423 sc->rf24_20mhz = 0x1f; /* default value */ 5424 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5425 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5426 5427 /* select 40MHz bandwidth */ 5428 run_bbp_read(sc, 4, &bbp4); 5429 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5430 run_rt3070_rf_read(sc, 31, &rf); 5431 run_rt3070_rf_write(sc, 31, rf | 0x20); 5432 5433 /* calibrate filter for 40MHz bandwidth */ 5434 sc->rf24_40mhz = 0x2f; /* default value */ 5435 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5436 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5437 5438 /* go back to 20MHz bandwidth */ 5439 run_bbp_read(sc, 4, &bbp4); 5440 run_bbp_write(sc, 4, bbp4 & ~0x18); 5441 5442 if (sc->mac_ver == 0x3572) { 5443 /* save default BBP registers 25 and 26 values */ 5444 run_bbp_read(sc, 25, &sc->bbp25); 5445 run_bbp_read(sc, 26, &sc->bbp26); 5446 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5447 run_rt3070_rf_write(sc, 27, 0x03); 5448 5449 run_read(sc, RT3070_OPT_14, &tmp); 5450 run_write(sc, RT3070_OPT_14, tmp | 1); 5451 5452 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5453 run_rt3070_rf_read(sc, 17, &rf); 5454 rf &= ~RT3070_TX_LO1; 5455 if ((sc->mac_ver == 0x3070 || 5456 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5457 !sc->ext_2ghz_lna) 5458 rf |= 0x20; /* fix for long range Rx issue */ 5459 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5460 if (sc->txmixgain_2ghz >= mingain) 5461 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5462 run_rt3070_rf_write(sc, 17, rf); 5463 } 5464 5465 if (sc->mac_ver == 0x3071) { 5466 run_rt3070_rf_read(sc, 1, &rf); 5467 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5468 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5469 run_rt3070_rf_write(sc, 1, rf); 5470 5471 run_rt3070_rf_read(sc, 15, &rf); 5472 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5473 5474 run_rt3070_rf_read(sc, 20, &rf); 5475 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5476 5477 run_rt3070_rf_read(sc, 21, &rf); 5478 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5479 } 5480 5481 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5482 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5483 run_rt3070_rf_read(sc, 27, &rf); 5484 rf &= ~0x77; 5485 if (sc->mac_rev < 0x0211) 5486 rf |= 0x03; 5487 run_rt3070_rf_write(sc, 27, rf); 5488 } 5489 return (0); 5490 } 5491 5492 static void 5493 run_rt3593_rf_init(struct run_softc *sc) 5494 { 5495 uint32_t tmp; 5496 uint8_t rf; 5497 u_int i; 5498 5499 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5500 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5501 tmp &= ~(1 << 4 | 1 << 7); 5502 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5503 5504 /* Initialize RF registers to default value. */ 5505 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5506 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5507 rt3593_def_rf[i].val); 5508 } 5509 5510 /* Toggle RF R2 to initiate calibration. */ 5511 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5512 5513 /* Initialize RF frequency offset. */ 5514 run_adjust_freq_offset(sc); 5515 5516 run_rt3070_rf_read(sc, 18, &rf); 5517 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5518 5519 /* 5520 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5521 * decrease voltage back to 1.2V. 5522 */ 5523 run_read(sc, RT3070_LDO_CFG0, &tmp); 5524 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5525 run_write(sc, RT3070_LDO_CFG0, tmp); 5526 run_delay(sc, 1); 5527 tmp = (tmp & ~0x1f000000) | 0x01000000; 5528 run_write(sc, RT3070_LDO_CFG0, tmp); 5529 5530 sc->rf24_20mhz = 0x1f; 5531 sc->rf24_40mhz = 0x2f; 5532 5533 /* Save default BBP registers 25 and 26 values. */ 5534 run_bbp_read(sc, 25, &sc->bbp25); 5535 run_bbp_read(sc, 26, &sc->bbp26); 5536 5537 run_read(sc, RT3070_OPT_14, &tmp); 5538 run_write(sc, RT3070_OPT_14, tmp | 1); 5539 } 5540 5541 static void 5542 run_rt5390_rf_init(struct run_softc *sc) 5543 { 5544 uint32_t tmp; 5545 uint8_t rf; 5546 u_int i; 5547 5548 /* Toggle RF R2 to initiate calibration. */ 5549 if (sc->mac_ver == 0x5390) { 5550 run_rt3070_rf_read(sc, 2, &rf); 5551 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5552 run_delay(sc, 10); 5553 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5554 } else { 5555 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5556 run_delay(sc, 10); 5557 } 5558 5559 /* Initialize RF registers to default value. */ 5560 if (sc->mac_ver == 0x5592) { 5561 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5562 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5563 rt5592_def_rf[i].val); 5564 } 5565 /* Initialize RF frequency offset. */ 5566 run_adjust_freq_offset(sc); 5567 } else if (sc->mac_ver == 0x5392) { 5568 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5569 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5570 rt5392_def_rf[i].val); 5571 } 5572 if (sc->mac_rev >= 0x0223) { 5573 run_rt3070_rf_write(sc, 23, 0x0f); 5574 run_rt3070_rf_write(sc, 24, 0x3e); 5575 run_rt3070_rf_write(sc, 51, 0x32); 5576 run_rt3070_rf_write(sc, 53, 0x22); 5577 run_rt3070_rf_write(sc, 56, 0xc1); 5578 run_rt3070_rf_write(sc, 59, 0x0f); 5579 } 5580 } else { 5581 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5582 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5583 rt5390_def_rf[i].val); 5584 } 5585 if (sc->mac_rev >= 0x0502) { 5586 run_rt3070_rf_write(sc, 6, 0xe0); 5587 run_rt3070_rf_write(sc, 25, 0x80); 5588 run_rt3070_rf_write(sc, 46, 0x73); 5589 run_rt3070_rf_write(sc, 53, 0x00); 5590 run_rt3070_rf_write(sc, 56, 0x42); 5591 run_rt3070_rf_write(sc, 61, 0xd1); 5592 } 5593 } 5594 5595 sc->rf24_20mhz = 0x1f; /* default value */ 5596 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5597 5598 if (sc->mac_rev < 0x0211) 5599 run_rt3070_rf_write(sc, 27, 0x3); 5600 5601 run_read(sc, RT3070_OPT_14, &tmp); 5602 run_write(sc, RT3070_OPT_14, tmp | 1); 5603 } 5604 5605 static int 5606 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5607 uint8_t *val) 5608 { 5609 uint8_t rf22, rf24; 5610 uint8_t bbp55_pb, bbp55_sb, delta; 5611 int ntries; 5612 5613 /* program filter */ 5614 run_rt3070_rf_read(sc, 24, &rf24); 5615 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5616 run_rt3070_rf_write(sc, 24, rf24); 5617 5618 /* enable baseband loopback mode */ 5619 run_rt3070_rf_read(sc, 22, &rf22); 5620 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5621 5622 /* set power and frequency of passband test tone */ 5623 run_bbp_write(sc, 24, 0x00); 5624 for (ntries = 0; ntries < 100; ntries++) { 5625 /* transmit test tone */ 5626 run_bbp_write(sc, 25, 0x90); 5627 run_delay(sc, 10); 5628 /* read received power */ 5629 run_bbp_read(sc, 55, &bbp55_pb); 5630 if (bbp55_pb != 0) 5631 break; 5632 } 5633 if (ntries == 100) 5634 return (ETIMEDOUT); 5635 5636 /* set power and frequency of stopband test tone */ 5637 run_bbp_write(sc, 24, 0x06); 5638 for (ntries = 0; ntries < 100; ntries++) { 5639 /* transmit test tone */ 5640 run_bbp_write(sc, 25, 0x90); 5641 run_delay(sc, 10); 5642 /* read received power */ 5643 run_bbp_read(sc, 55, &bbp55_sb); 5644 5645 delta = bbp55_pb - bbp55_sb; 5646 if (delta > target) 5647 break; 5648 5649 /* reprogram filter */ 5650 rf24++; 5651 run_rt3070_rf_write(sc, 24, rf24); 5652 } 5653 if (ntries < 100) { 5654 if (rf24 != init) 5655 rf24--; /* backtrack */ 5656 *val = rf24; 5657 run_rt3070_rf_write(sc, 24, rf24); 5658 } 5659 5660 /* restore initial state */ 5661 run_bbp_write(sc, 24, 0x00); 5662 5663 /* disable baseband loopback mode */ 5664 run_rt3070_rf_read(sc, 22, &rf22); 5665 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5666 5667 return (0); 5668 } 5669 5670 static void 5671 run_rt3070_rf_setup(struct run_softc *sc) 5672 { 5673 uint8_t bbp, rf; 5674 int i; 5675 5676 if (sc->mac_ver == 0x3572) { 5677 /* enable DC filter */ 5678 if (sc->mac_rev >= 0x0201) 5679 run_bbp_write(sc, 103, 0xc0); 5680 5681 run_bbp_read(sc, 138, &bbp); 5682 if (sc->ntxchains == 1) 5683 bbp |= 0x20; /* turn off DAC1 */ 5684 if (sc->nrxchains == 1) 5685 bbp &= ~0x02; /* turn off ADC1 */ 5686 run_bbp_write(sc, 138, bbp); 5687 5688 if (sc->mac_rev >= 0x0211) { 5689 /* improve power consumption */ 5690 run_bbp_read(sc, 31, &bbp); 5691 run_bbp_write(sc, 31, bbp & ~0x03); 5692 } 5693 5694 run_rt3070_rf_read(sc, 16, &rf); 5695 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5696 run_rt3070_rf_write(sc, 16, rf); 5697 5698 } else if (sc->mac_ver == 0x3071) { 5699 if (sc->mac_rev >= 0x0211) { 5700 /* enable DC filter */ 5701 run_bbp_write(sc, 103, 0xc0); 5702 5703 /* improve power consumption */ 5704 run_bbp_read(sc, 31, &bbp); 5705 run_bbp_write(sc, 31, bbp & ~0x03); 5706 } 5707 5708 run_bbp_read(sc, 138, &bbp); 5709 if (sc->ntxchains == 1) 5710 bbp |= 0x20; /* turn off DAC1 */ 5711 if (sc->nrxchains == 1) 5712 bbp &= ~0x02; /* turn off ADC1 */ 5713 run_bbp_write(sc, 138, bbp); 5714 5715 run_write(sc, RT2860_TX_SW_CFG1, 0); 5716 if (sc->mac_rev < 0x0211) { 5717 run_write(sc, RT2860_TX_SW_CFG2, 5718 sc->patch_dac ? 0x2c : 0x0f); 5719 } else 5720 run_write(sc, RT2860_TX_SW_CFG2, 0); 5721 5722 } else if (sc->mac_ver == 0x3070) { 5723 if (sc->mac_rev >= 0x0201) { 5724 /* enable DC filter */ 5725 run_bbp_write(sc, 103, 0xc0); 5726 5727 /* improve power consumption */ 5728 run_bbp_read(sc, 31, &bbp); 5729 run_bbp_write(sc, 31, bbp & ~0x03); 5730 } 5731 5732 if (sc->mac_rev < 0x0201) { 5733 run_write(sc, RT2860_TX_SW_CFG1, 0); 5734 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5735 } else 5736 run_write(sc, RT2860_TX_SW_CFG2, 0); 5737 } 5738 5739 /* initialize RF registers from ROM for >=RT3071*/ 5740 if (sc->mac_ver >= 0x3071) { 5741 for (i = 0; i < 10; i++) { 5742 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5743 continue; 5744 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5745 } 5746 } 5747 } 5748 5749 static void 5750 run_rt3593_rf_setup(struct run_softc *sc) 5751 { 5752 uint8_t bbp, rf; 5753 5754 if (sc->mac_rev >= 0x0211) { 5755 /* Enable DC filter. */ 5756 run_bbp_write(sc, 103, 0xc0); 5757 } 5758 run_write(sc, RT2860_TX_SW_CFG1, 0); 5759 if (sc->mac_rev < 0x0211) { 5760 run_write(sc, RT2860_TX_SW_CFG2, 5761 sc->patch_dac ? 0x2c : 0x0f); 5762 } else 5763 run_write(sc, RT2860_TX_SW_CFG2, 0); 5764 5765 run_rt3070_rf_read(sc, 50, &rf); 5766 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5767 5768 run_rt3070_rf_read(sc, 51, &rf); 5769 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5770 ((sc->txmixgain_2ghz & 0x07) << 2); 5771 run_rt3070_rf_write(sc, 51, rf); 5772 5773 run_rt3070_rf_read(sc, 38, &rf); 5774 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5775 5776 run_rt3070_rf_read(sc, 39, &rf); 5777 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5778 5779 run_rt3070_rf_read(sc, 1, &rf); 5780 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5781 5782 run_rt3070_rf_read(sc, 30, &rf); 5783 rf = (rf & ~0x18) | 0x10; 5784 run_rt3070_rf_write(sc, 30, rf); 5785 5786 /* Apply maximum likelihood detection for 2 stream case. */ 5787 run_bbp_read(sc, 105, &bbp); 5788 if (sc->nrxchains > 1) 5789 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5790 5791 /* Avoid data lost and CRC error. */ 5792 run_bbp_read(sc, 4, &bbp); 5793 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5794 5795 run_bbp_write(sc, 92, 0x02); 5796 run_bbp_write(sc, 82, 0x82); 5797 run_bbp_write(sc, 106, 0x05); 5798 run_bbp_write(sc, 104, 0x92); 5799 run_bbp_write(sc, 88, 0x90); 5800 run_bbp_write(sc, 148, 0xc8); 5801 run_bbp_write(sc, 47, 0x48); 5802 run_bbp_write(sc, 120, 0x50); 5803 5804 run_bbp_write(sc, 163, 0x9d); 5805 5806 /* SNR mapping. */ 5807 run_bbp_write(sc, 142, 0x06); 5808 run_bbp_write(sc, 143, 0xa0); 5809 run_bbp_write(sc, 142, 0x07); 5810 run_bbp_write(sc, 143, 0xa1); 5811 run_bbp_write(sc, 142, 0x08); 5812 run_bbp_write(sc, 143, 0xa2); 5813 5814 run_bbp_write(sc, 31, 0x08); 5815 run_bbp_write(sc, 68, 0x0b); 5816 run_bbp_write(sc, 105, 0x04); 5817 } 5818 5819 static void 5820 run_rt5390_rf_setup(struct run_softc *sc) 5821 { 5822 uint8_t bbp, rf; 5823 5824 if (sc->mac_rev >= 0x0211) { 5825 /* Enable DC filter. */ 5826 run_bbp_write(sc, 103, 0xc0); 5827 5828 if (sc->mac_ver != 0x5592) { 5829 /* Improve power consumption. */ 5830 run_bbp_read(sc, 31, &bbp); 5831 run_bbp_write(sc, 31, bbp & ~0x03); 5832 } 5833 } 5834 5835 run_bbp_read(sc, 138, &bbp); 5836 if (sc->ntxchains == 1) 5837 bbp |= 0x20; /* turn off DAC1 */ 5838 if (sc->nrxchains == 1) 5839 bbp &= ~0x02; /* turn off ADC1 */ 5840 run_bbp_write(sc, 138, bbp); 5841 5842 run_rt3070_rf_read(sc, 38, &rf); 5843 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5844 5845 run_rt3070_rf_read(sc, 39, &rf); 5846 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5847 5848 /* Avoid data lost and CRC error. */ 5849 run_bbp_read(sc, 4, &bbp); 5850 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5851 5852 run_rt3070_rf_read(sc, 30, &rf); 5853 rf = (rf & ~0x18) | 0x10; 5854 run_rt3070_rf_write(sc, 30, rf); 5855 5856 if (sc->mac_ver != 0x5592) { 5857 run_write(sc, RT2860_TX_SW_CFG1, 0); 5858 if (sc->mac_rev < 0x0211) { 5859 run_write(sc, RT2860_TX_SW_CFG2, 5860 sc->patch_dac ? 0x2c : 0x0f); 5861 } else 5862 run_write(sc, RT2860_TX_SW_CFG2, 0); 5863 } 5864 } 5865 5866 static int 5867 run_txrx_enable(struct run_softc *sc) 5868 { 5869 struct ieee80211com *ic = &sc->sc_ic; 5870 uint32_t tmp; 5871 int error, ntries; 5872 5873 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5874 for (ntries = 0; ntries < 200; ntries++) { 5875 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5876 return (error); 5877 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5878 break; 5879 run_delay(sc, 50); 5880 } 5881 if (ntries == 200) 5882 return (ETIMEDOUT); 5883 5884 run_delay(sc, 50); 5885 5886 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5887 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5888 5889 /* enable Rx bulk aggregation (set timeout and limit) */ 5890 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5891 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5892 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5893 5894 /* set Rx filter */ 5895 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5896 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5897 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5898 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5899 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5900 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5901 if (ic->ic_opmode == IEEE80211_M_STA) 5902 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5903 } 5904 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5905 5906 run_write(sc, RT2860_MAC_SYS_CTRL, 5907 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5908 5909 return (0); 5910 } 5911 5912 static void 5913 run_adjust_freq_offset(struct run_softc *sc) 5914 { 5915 uint8_t rf, tmp; 5916 5917 run_rt3070_rf_read(sc, 17, &rf); 5918 tmp = rf; 5919 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5920 rf = MIN(rf, 0x5f); 5921 5922 if (tmp != rf) 5923 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5924 } 5925 5926 static void 5927 run_init_locked(struct run_softc *sc) 5928 { 5929 struct ieee80211com *ic = &sc->sc_ic; 5930 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5931 uint32_t tmp; 5932 uint8_t bbp1, bbp3; 5933 int i; 5934 int ridx; 5935 int ntries; 5936 5937 if (ic->ic_nrunning > 1) 5938 return; 5939 5940 run_stop(sc); 5941 5942 if (run_load_microcode(sc) != 0) { 5943 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5944 goto fail; 5945 } 5946 5947 for (ntries = 0; ntries < 100; ntries++) { 5948 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5949 goto fail; 5950 if (tmp != 0 && tmp != 0xffffffff) 5951 break; 5952 run_delay(sc, 10); 5953 } 5954 if (ntries == 100) 5955 goto fail; 5956 5957 for (i = 0; i != RUN_EP_QUEUES; i++) 5958 run_setup_tx_list(sc, &sc->sc_epq[i]); 5959 5960 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5961 5962 for (ntries = 0; ntries < 100; ntries++) { 5963 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5964 goto fail; 5965 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5966 break; 5967 run_delay(sc, 10); 5968 } 5969 if (ntries == 100) { 5970 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5971 goto fail; 5972 } 5973 tmp &= 0xff0; 5974 tmp |= RT2860_TX_WB_DDONE; 5975 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5976 5977 /* turn off PME_OEN to solve high-current issue */ 5978 run_read(sc, RT2860_SYS_CTRL, &tmp); 5979 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5980 5981 run_write(sc, RT2860_MAC_SYS_CTRL, 5982 RT2860_BBP_HRST | RT2860_MAC_SRST); 5983 run_write(sc, RT2860_USB_DMA_CFG, 0); 5984 5985 if (run_reset(sc) != 0) { 5986 device_printf(sc->sc_dev, "could not reset chipset\n"); 5987 goto fail; 5988 } 5989 5990 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5991 5992 /* init Tx power for all Tx rates (from EEPROM) */ 5993 for (ridx = 0; ridx < 5; ridx++) { 5994 if (sc->txpow20mhz[ridx] == 0xffffffff) 5995 continue; 5996 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5997 } 5998 5999 for (i = 0; i < nitems(rt2870_def_mac); i++) 6000 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6001 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6002 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6003 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6004 6005 if (sc->mac_ver >= 0x5390) { 6006 run_write(sc, RT2860_TX_SW_CFG0, 6007 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6008 if (sc->mac_ver >= 0x5392) { 6009 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6010 if (sc->mac_ver == 0x5592) { 6011 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6012 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6013 } else { 6014 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6015 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6016 } 6017 } 6018 } else if (sc->mac_ver == 0x3593) { 6019 run_write(sc, RT2860_TX_SW_CFG0, 6020 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6021 } else if (sc->mac_ver >= 0x3070) { 6022 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6023 run_write(sc, RT2860_TX_SW_CFG0, 6024 4 << RT2860_DLY_PAPE_EN_SHIFT); 6025 } 6026 6027 /* wait while MAC is busy */ 6028 for (ntries = 0; ntries < 100; ntries++) { 6029 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6030 goto fail; 6031 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6032 break; 6033 run_delay(sc, 10); 6034 } 6035 if (ntries == 100) 6036 goto fail; 6037 6038 /* clear Host to MCU mailbox */ 6039 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6040 run_write(sc, RT2860_H2M_MAILBOX, 0); 6041 run_delay(sc, 10); 6042 6043 if (run_bbp_init(sc) != 0) { 6044 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6045 goto fail; 6046 } 6047 6048 /* abort TSF synchronization */ 6049 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6050 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6051 RT2860_TBTT_TIMER_EN); 6052 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6053 6054 /* clear RX WCID search table */ 6055 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6056 /* clear WCID attribute table */ 6057 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6058 6059 /* hostapd sets a key before init. So, don't clear it. */ 6060 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6061 /* clear shared key table */ 6062 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6063 /* clear shared key mode */ 6064 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6065 } 6066 6067 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6068 tmp = (tmp & ~0xff) | 0x1e; 6069 run_write(sc, RT2860_US_CYC_CNT, tmp); 6070 6071 if (sc->mac_rev != 0x0101) 6072 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6073 6074 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6075 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6076 6077 /* write vendor-specific BBP values (from EEPROM) */ 6078 if (sc->mac_ver < 0x3593) { 6079 for (i = 0; i < 10; i++) { 6080 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6081 continue; 6082 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6083 } 6084 } 6085 6086 /* select Main antenna for 1T1R devices */ 6087 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6088 run_set_rx_antenna(sc, 0); 6089 6090 /* send LEDs operating mode to microcontroller */ 6091 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6092 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6093 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6094 6095 if (sc->mac_ver >= 0x5390) 6096 run_rt5390_rf_init(sc); 6097 else if (sc->mac_ver == 0x3593) 6098 run_rt3593_rf_init(sc); 6099 else if (sc->mac_ver >= 0x3070) 6100 run_rt3070_rf_init(sc); 6101 6102 /* disable non-existing Rx chains */ 6103 run_bbp_read(sc, 3, &bbp3); 6104 bbp3 &= ~(1 << 3 | 1 << 4); 6105 if (sc->nrxchains == 2) 6106 bbp3 |= 1 << 3; 6107 else if (sc->nrxchains == 3) 6108 bbp3 |= 1 << 4; 6109 run_bbp_write(sc, 3, bbp3); 6110 6111 /* disable non-existing Tx chains */ 6112 run_bbp_read(sc, 1, &bbp1); 6113 if (sc->ntxchains == 1) 6114 bbp1 &= ~(1 << 3 | 1 << 4); 6115 run_bbp_write(sc, 1, bbp1); 6116 6117 if (sc->mac_ver >= 0x5390) 6118 run_rt5390_rf_setup(sc); 6119 else if (sc->mac_ver == 0x3593) 6120 run_rt3593_rf_setup(sc); 6121 else if (sc->mac_ver >= 0x3070) 6122 run_rt3070_rf_setup(sc); 6123 6124 /* select default channel */ 6125 run_set_chan(sc, ic->ic_curchan); 6126 6127 /* setup initial protection mode */ 6128 run_updateprot_cb(ic); 6129 6130 /* turn radio LED on */ 6131 run_set_leds(sc, RT2860_LED_RADIO); 6132 6133 sc->sc_flags |= RUN_RUNNING; 6134 sc->cmdq_run = RUN_CMDQ_GO; 6135 6136 for (i = 0; i != RUN_N_XFER; i++) 6137 usbd_xfer_set_stall(sc->sc_xfer[i]); 6138 6139 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6140 6141 if (run_txrx_enable(sc) != 0) 6142 goto fail; 6143 6144 return; 6145 6146 fail: 6147 run_stop(sc); 6148 } 6149 6150 static void 6151 run_stop(void *arg) 6152 { 6153 struct run_softc *sc = (struct run_softc *)arg; 6154 uint32_t tmp; 6155 int i; 6156 int ntries; 6157 6158 RUN_LOCK_ASSERT(sc, MA_OWNED); 6159 6160 if (sc->sc_flags & RUN_RUNNING) 6161 run_set_leds(sc, 0); /* turn all LEDs off */ 6162 6163 sc->sc_flags &= ~RUN_RUNNING; 6164 6165 sc->ratectl_run = RUN_RATECTL_OFF; 6166 sc->cmdq_run = sc->cmdq_key_set; 6167 6168 RUN_UNLOCK(sc); 6169 6170 for(i = 0; i < RUN_N_XFER; i++) 6171 usbd_transfer_drain(sc->sc_xfer[i]); 6172 6173 RUN_LOCK(sc); 6174 6175 run_drain_mbufq(sc); 6176 6177 if (sc->rx_m != NULL) { 6178 m_free(sc->rx_m); 6179 sc->rx_m = NULL; 6180 } 6181 6182 /* Disable Tx/Rx DMA. */ 6183 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6184 return; 6185 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6186 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6187 6188 for (ntries = 0; ntries < 100; ntries++) { 6189 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6190 return; 6191 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6192 break; 6193 run_delay(sc, 10); 6194 } 6195 if (ntries == 100) { 6196 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6197 return; 6198 } 6199 6200 /* disable Tx/Rx */ 6201 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6202 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6203 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6204 6205 /* wait for pending Tx to complete */ 6206 for (ntries = 0; ntries < 100; ntries++) { 6207 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6208 DPRINTF("Cannot read Tx queue count\n"); 6209 break; 6210 } 6211 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6212 DPRINTF("All Tx cleared\n"); 6213 break; 6214 } 6215 run_delay(sc, 10); 6216 } 6217 if (ntries >= 100) 6218 DPRINTF("There are still pending Tx\n"); 6219 run_delay(sc, 10); 6220 run_write(sc, RT2860_USB_DMA_CFG, 0); 6221 6222 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6223 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6224 6225 for (i = 0; i != RUN_EP_QUEUES; i++) 6226 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6227 } 6228 6229 static void 6230 run_delay(struct run_softc *sc, u_int ms) 6231 { 6232 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6233 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6234 } 6235 6236 static device_method_t run_methods[] = { 6237 /* Device interface */ 6238 DEVMETHOD(device_probe, run_match), 6239 DEVMETHOD(device_attach, run_attach), 6240 DEVMETHOD(device_detach, run_detach), 6241 DEVMETHOD_END 6242 }; 6243 6244 static driver_t run_driver = { 6245 .name = "run", 6246 .methods = run_methods, 6247 .size = sizeof(struct run_softc) 6248 }; 6249 6250 static devclass_t run_devclass; 6251 6252 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6253 MODULE_DEPEND(run, wlan, 1, 1, 1); 6254 MODULE_DEPEND(run, usb, 1, 1, 1); 6255 MODULE_DEPEND(run, firmware, 1, 1, 1); 6256 MODULE_VERSION(run, 1); 6257 USB_PNP_HOST_INFO(run_devs); 6258