1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/lock.h> 34 #include <sys/mutex.h> 35 #include <sys/mbuf.h> 36 #include <sys/kernel.h> 37 #include <sys/socket.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/module.h> 41 #include <sys/bus.h> 42 #include <sys/endian.h> 43 #include <sys/linker.h> 44 #include <sys/firmware.h> 45 #include <sys/kdb.h> 46 47 #include <machine/bus.h> 48 #include <machine/resource.h> 49 #include <sys/rman.h> 50 51 #include <net/bpf.h> 52 #include <net/if.h> 53 #include <net/if_var.h> 54 #include <net/if_arp.h> 55 #include <net/ethernet.h> 56 #include <net/if_dl.h> 57 #include <net/if_media.h> 58 #include <net/if_types.h> 59 60 #include <netinet/in.h> 61 #include <netinet/in_systm.h> 62 #include <netinet/in_var.h> 63 #include <netinet/if_ether.h> 64 #include <netinet/ip.h> 65 66 #include <net80211/ieee80211_var.h> 67 #include <net80211/ieee80211_regdomain.h> 68 #include <net80211/ieee80211_radiotap.h> 69 #include <net80211/ieee80211_ratectl.h> 70 71 #include <dev/usb/usb.h> 72 #include <dev/usb/usbdi.h> 73 #include "usbdevs.h" 74 75 #define USB_DEBUG_VAR run_debug 76 #include <dev/usb/usb_debug.h> 77 #include <dev/usb/usb_msctest.h> 78 79 #include <dev/usb/wlan/if_runreg.h> 80 #include <dev/usb/wlan/if_runvar.h> 81 82 #ifdef USB_DEBUG 83 #define RUN_DEBUG 84 #endif 85 86 #ifdef RUN_DEBUG 87 int run_debug = 0; 88 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 89 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 90 "run debug level"); 91 92 enum { 93 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 94 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 95 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 96 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 97 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 98 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 99 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 100 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 101 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 102 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 103 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 104 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 105 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 106 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 107 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 108 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 109 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 110 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 111 RUN_DEBUG_ANY = 0xffffffff 112 }; 113 114 #define RUN_DPRINTF(_sc, _m, ...) do { \ 115 if (run_debug & (_m)) \ 116 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 117 } while(0) 118 #else 119 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 120 #endif 121 122 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 123 124 /* 125 * Because of LOR in run_key_delete(), use atomic instead. 126 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 127 */ 128 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 129 130 static const STRUCT_USB_HOST_ID run_devs[] = { 131 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 132 #define RUN_DEV_EJECT(v,p) \ 133 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 134 #define RUN_EJECT 1 135 RUN_DEV(ABOCOM, RT2770), 136 RUN_DEV(ABOCOM, RT2870), 137 RUN_DEV(ABOCOM, RT3070), 138 RUN_DEV(ABOCOM, RT3071), 139 RUN_DEV(ABOCOM, RT3072), 140 RUN_DEV(ABOCOM2, RT2870_1), 141 RUN_DEV(ACCTON, RT2770), 142 RUN_DEV(ACCTON, RT2870_1), 143 RUN_DEV(ACCTON, RT2870_2), 144 RUN_DEV(ACCTON, RT2870_3), 145 RUN_DEV(ACCTON, RT2870_4), 146 RUN_DEV(ACCTON, RT2870_5), 147 RUN_DEV(ACCTON, RT3070), 148 RUN_DEV(ACCTON, RT3070_1), 149 RUN_DEV(ACCTON, RT3070_2), 150 RUN_DEV(ACCTON, RT3070_3), 151 RUN_DEV(ACCTON, RT3070_4), 152 RUN_DEV(ACCTON, RT3070_5), 153 RUN_DEV(AIRTIES, RT3070), 154 RUN_DEV(ALLWIN, RT2070), 155 RUN_DEV(ALLWIN, RT2770), 156 RUN_DEV(ALLWIN, RT2870), 157 RUN_DEV(ALLWIN, RT3070), 158 RUN_DEV(ALLWIN, RT3071), 159 RUN_DEV(ALLWIN, RT3072), 160 RUN_DEV(ALLWIN, RT3572), 161 RUN_DEV(AMIGO, RT2870_1), 162 RUN_DEV(AMIGO, RT2870_2), 163 RUN_DEV(AMIT, CGWLUSB2GNR), 164 RUN_DEV(AMIT, RT2870_1), 165 RUN_DEV(AMIT2, RT2870), 166 RUN_DEV(ASUS, RT2870_1), 167 RUN_DEV(ASUS, RT2870_2), 168 RUN_DEV(ASUS, RT2870_3), 169 RUN_DEV(ASUS, RT2870_4), 170 RUN_DEV(ASUS, RT2870_5), 171 RUN_DEV(ASUS, USBN13), 172 RUN_DEV(ASUS, RT3070_1), 173 RUN_DEV(ASUS, USBN66), 174 RUN_DEV(ASUS, USB_N53), 175 RUN_DEV(ASUS2, USBN11), 176 RUN_DEV(AZUREWAVE, RT2870_1), 177 RUN_DEV(AZUREWAVE, RT2870_2), 178 RUN_DEV(AZUREWAVE, RT3070_1), 179 RUN_DEV(AZUREWAVE, RT3070_2), 180 RUN_DEV(AZUREWAVE, RT3070_3), 181 RUN_DEV(BELKIN, F9L1103), 182 RUN_DEV(BELKIN, F5D8053V3), 183 RUN_DEV(BELKIN, F5D8055), 184 RUN_DEV(BELKIN, F5D8055V2), 185 RUN_DEV(BELKIN, F6D4050V1), 186 RUN_DEV(BELKIN, F6D4050V2), 187 RUN_DEV(BELKIN, RT2870_1), 188 RUN_DEV(BELKIN, RT2870_2), 189 RUN_DEV(CISCOLINKSYS, AE1000), 190 RUN_DEV(CISCOLINKSYS2, RT3070), 191 RUN_DEV(CISCOLINKSYS3, RT3070), 192 RUN_DEV(CONCEPTRONIC2, RT2870_1), 193 RUN_DEV(CONCEPTRONIC2, RT2870_2), 194 RUN_DEV(CONCEPTRONIC2, RT2870_3), 195 RUN_DEV(CONCEPTRONIC2, RT2870_4), 196 RUN_DEV(CONCEPTRONIC2, RT2870_5), 197 RUN_DEV(CONCEPTRONIC2, RT2870_6), 198 RUN_DEV(CONCEPTRONIC2, RT2870_7), 199 RUN_DEV(CONCEPTRONIC2, RT2870_8), 200 RUN_DEV(CONCEPTRONIC2, RT3070_1), 201 RUN_DEV(CONCEPTRONIC2, RT3070_2), 202 RUN_DEV(CONCEPTRONIC2, VIGORN61), 203 RUN_DEV(COREGA, CGWLUSB300GNM), 204 RUN_DEV(COREGA, RT2870_1), 205 RUN_DEV(COREGA, RT2870_2), 206 RUN_DEV(COREGA, RT2870_3), 207 RUN_DEV(COREGA, RT3070), 208 RUN_DEV(CYBERTAN, RT2870), 209 RUN_DEV(DLINK, RT2870), 210 RUN_DEV(DLINK, RT3072), 211 RUN_DEV(DLINK, DWA127), 212 RUN_DEV(DLINK, DWA140B3), 213 RUN_DEV(DLINK, DWA160B2), 214 RUN_DEV(DLINK, DWA140D1), 215 RUN_DEV(DLINK, DWA162), 216 RUN_DEV(DLINK2, DWA130), 217 RUN_DEV(DLINK2, RT2870_1), 218 RUN_DEV(DLINK2, RT2870_2), 219 RUN_DEV(DLINK2, RT3070_1), 220 RUN_DEV(DLINK2, RT3070_2), 221 RUN_DEV(DLINK2, RT3070_3), 222 RUN_DEV(DLINK2, RT3070_4), 223 RUN_DEV(DLINK2, RT3070_5), 224 RUN_DEV(DLINK2, RT3072), 225 RUN_DEV(DLINK2, RT3072_1), 226 RUN_DEV(EDIMAX, EW7717), 227 RUN_DEV(EDIMAX, EW7718), 228 RUN_DEV(EDIMAX, EW7733UND), 229 RUN_DEV(EDIMAX, RT2870_1), 230 RUN_DEV(ENCORE, RT3070_1), 231 RUN_DEV(ENCORE, RT3070_2), 232 RUN_DEV(ENCORE, RT3070_3), 233 RUN_DEV(GIGABYTE, GNWB31N), 234 RUN_DEV(GIGABYTE, GNWB32L), 235 RUN_DEV(GIGABYTE, RT2870_1), 236 RUN_DEV(GIGASET, RT3070_1), 237 RUN_DEV(GIGASET, RT3070_2), 238 RUN_DEV(GUILLEMOT, HWNU300), 239 RUN_DEV(HAWKING, HWUN2), 240 RUN_DEV(HAWKING, RT2870_1), 241 RUN_DEV(HAWKING, RT2870_2), 242 RUN_DEV(HAWKING, RT3070), 243 RUN_DEV(IODATA, RT3072_1), 244 RUN_DEV(IODATA, RT3072_2), 245 RUN_DEV(IODATA, RT3072_3), 246 RUN_DEV(IODATA, RT3072_4), 247 RUN_DEV(LINKSYS4, RT3070), 248 RUN_DEV(LINKSYS4, WUSB100), 249 RUN_DEV(LINKSYS4, WUSB54GCV3), 250 RUN_DEV(LINKSYS4, WUSB600N), 251 RUN_DEV(LINKSYS4, WUSB600NV2), 252 RUN_DEV(LOGITEC, RT2870_1), 253 RUN_DEV(LOGITEC, RT2870_2), 254 RUN_DEV(LOGITEC, RT2870_3), 255 RUN_DEV(LOGITEC, LANW300NU2), 256 RUN_DEV(LOGITEC, LANW150NU2), 257 RUN_DEV(LOGITEC, LANW300NU2S), 258 RUN_DEV(MELCO, WLIUCG300HP), 259 RUN_DEV(MELCO, RT2870_2), 260 RUN_DEV(MELCO, WLIUCAG300N), 261 RUN_DEV(MELCO, WLIUCG300N), 262 RUN_DEV(MELCO, WLIUCG301N), 263 RUN_DEV(MELCO, WLIUCGN), 264 RUN_DEV(MELCO, WLIUCGNM), 265 RUN_DEV(MELCO, WLIUCG300HPV1), 266 RUN_DEV(MELCO, WLIUCGNM2), 267 RUN_DEV(MOTOROLA4, RT2770), 268 RUN_DEV(MOTOROLA4, RT3070), 269 RUN_DEV(MSI, RT3070_1), 270 RUN_DEV(MSI, RT3070_2), 271 RUN_DEV(MSI, RT3070_3), 272 RUN_DEV(MSI, RT3070_4), 273 RUN_DEV(MSI, RT3070_5), 274 RUN_DEV(MSI, RT3070_6), 275 RUN_DEV(MSI, RT3070_7), 276 RUN_DEV(MSI, RT3070_8), 277 RUN_DEV(MSI, RT3070_9), 278 RUN_DEV(MSI, RT3070_10), 279 RUN_DEV(MSI, RT3070_11), 280 RUN_DEV(NETGEAR, WNDA4100), 281 RUN_DEV(OVISLINK, RT3072), 282 RUN_DEV(PARA, RT3070), 283 RUN_DEV(PEGATRON, RT2870), 284 RUN_DEV(PEGATRON, RT3070), 285 RUN_DEV(PEGATRON, RT3070_2), 286 RUN_DEV(PEGATRON, RT3070_3), 287 RUN_DEV(PHILIPS, RT2870), 288 RUN_DEV(PLANEX2, GWUS300MINIS), 289 RUN_DEV(PLANEX2, GWUSMICRON), 290 RUN_DEV(PLANEX2, RT2870), 291 RUN_DEV(PLANEX2, RT3070), 292 RUN_DEV(QCOM, RT2870), 293 RUN_DEV(QUANTA, RT3070), 294 RUN_DEV(RALINK, RT2070), 295 RUN_DEV(RALINK, RT2770), 296 RUN_DEV(RALINK, RT2870), 297 RUN_DEV(RALINK, RT3070), 298 RUN_DEV(RALINK, RT3071), 299 RUN_DEV(RALINK, RT3072), 300 RUN_DEV(RALINK, RT3370), 301 RUN_DEV(RALINK, RT3572), 302 RUN_DEV(RALINK, RT3573), 303 RUN_DEV(RALINK, RT5370), 304 RUN_DEV(RALINK, RT5572), 305 RUN_DEV(RALINK, RT8070), 306 RUN_DEV(SAMSUNG, WIS09ABGN), 307 RUN_DEV(SAMSUNG2, RT2870_1), 308 RUN_DEV(SENAO, RT2870_1), 309 RUN_DEV(SENAO, RT2870_2), 310 RUN_DEV(SENAO, RT2870_3), 311 RUN_DEV(SENAO, RT2870_4), 312 RUN_DEV(SENAO, RT3070), 313 RUN_DEV(SENAO, RT3071), 314 RUN_DEV(SENAO, RT3072_1), 315 RUN_DEV(SENAO, RT3072_2), 316 RUN_DEV(SENAO, RT3072_3), 317 RUN_DEV(SENAO, RT3072_4), 318 RUN_DEV(SENAO, RT3072_5), 319 RUN_DEV(SITECOMEU, RT2770), 320 RUN_DEV(SITECOMEU, RT2870_1), 321 RUN_DEV(SITECOMEU, RT2870_2), 322 RUN_DEV(SITECOMEU, RT2870_3), 323 RUN_DEV(SITECOMEU, RT2870_4), 324 RUN_DEV(SITECOMEU, RT3070), 325 RUN_DEV(SITECOMEU, RT3070_2), 326 RUN_DEV(SITECOMEU, RT3070_3), 327 RUN_DEV(SITECOMEU, RT3070_4), 328 RUN_DEV(SITECOMEU, RT3071), 329 RUN_DEV(SITECOMEU, RT3072_1), 330 RUN_DEV(SITECOMEU, RT3072_2), 331 RUN_DEV(SITECOMEU, RT3072_3), 332 RUN_DEV(SITECOMEU, RT3072_4), 333 RUN_DEV(SITECOMEU, RT3072_5), 334 RUN_DEV(SITECOMEU, RT3072_6), 335 RUN_DEV(SITECOMEU, WL608), 336 RUN_DEV(SPARKLAN, RT2870_1), 337 RUN_DEV(SPARKLAN, RT3070), 338 RUN_DEV(SWEEX2, LW153), 339 RUN_DEV(SWEEX2, LW303), 340 RUN_DEV(SWEEX2, LW313), 341 RUN_DEV(TOSHIBA, RT3070), 342 RUN_DEV(UMEDIA, RT2870_1), 343 RUN_DEV(ZCOM, RT2870_1), 344 RUN_DEV(ZCOM, RT2870_2), 345 RUN_DEV(ZINWELL, RT2870_1), 346 RUN_DEV(ZINWELL, RT2870_2), 347 RUN_DEV(ZINWELL, RT3070), 348 RUN_DEV(ZINWELL, RT3072_1), 349 RUN_DEV(ZINWELL, RT3072_2), 350 RUN_DEV(ZYXEL, RT2870_1), 351 RUN_DEV(ZYXEL, RT2870_2), 352 RUN_DEV(ZYXEL, RT3070), 353 RUN_DEV_EJECT(ZYXEL, NWD2705), 354 RUN_DEV_EJECT(RALINK, RT_STOR), 355 #undef RUN_DEV_EJECT 356 #undef RUN_DEV 357 }; 358 359 static device_probe_t run_match; 360 static device_attach_t run_attach; 361 static device_detach_t run_detach; 362 363 static usb_callback_t run_bulk_rx_callback; 364 static usb_callback_t run_bulk_tx_callback0; 365 static usb_callback_t run_bulk_tx_callback1; 366 static usb_callback_t run_bulk_tx_callback2; 367 static usb_callback_t run_bulk_tx_callback3; 368 static usb_callback_t run_bulk_tx_callback4; 369 static usb_callback_t run_bulk_tx_callback5; 370 371 static void run_autoinst(void *, struct usb_device *, 372 struct usb_attach_arg *); 373 static int run_driver_loaded(struct module *, int, void *); 374 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 375 usb_error_t error, u_int index); 376 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 377 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 378 const uint8_t [IEEE80211_ADDR_LEN], 379 const uint8_t [IEEE80211_ADDR_LEN]); 380 static void run_vap_delete(struct ieee80211vap *); 381 static void run_cmdq_cb(void *, int); 382 static void run_setup_tx_list(struct run_softc *, 383 struct run_endpoint_queue *); 384 static void run_unsetup_tx_list(struct run_softc *, 385 struct run_endpoint_queue *); 386 static int run_load_microcode(struct run_softc *); 387 static int run_reset(struct run_softc *); 388 static usb_error_t run_do_request(struct run_softc *, 389 struct usb_device_request *, void *); 390 static int run_read(struct run_softc *, uint16_t, uint32_t *); 391 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 392 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 393 static int run_write(struct run_softc *, uint16_t, uint32_t); 394 static int run_write_region_1(struct run_softc *, uint16_t, 395 const uint8_t *, int); 396 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 397 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 398 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 399 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 400 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 401 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 402 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 403 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 404 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 405 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 406 static const char *run_get_rf(uint16_t); 407 static void run_rt3593_get_txpower(struct run_softc *); 408 static void run_get_txpower(struct run_softc *); 409 static int run_read_eeprom(struct run_softc *); 410 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 411 const uint8_t mac[IEEE80211_ADDR_LEN]); 412 static int run_media_change(struct ifnet *); 413 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 414 static int run_wme_update(struct ieee80211com *); 415 static void run_key_set_cb(void *); 416 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 417 static void run_key_delete_cb(void *); 418 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 419 static void run_ratectl_to(void *); 420 static void run_ratectl_cb(void *, int); 421 static void run_drain_fifo(void *); 422 static void run_iter_func(void *, struct ieee80211_node *); 423 static void run_newassoc_cb(void *); 424 static void run_newassoc(struct ieee80211_node *, int); 425 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 426 const struct ieee80211_rx_stats *, int, int); 427 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 428 static void run_tx_free(struct run_endpoint_queue *pq, 429 struct run_tx_data *, int); 430 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 431 static int run_tx(struct run_softc *, struct mbuf *, 432 struct ieee80211_node *); 433 static int run_tx_mgt(struct run_softc *, struct mbuf *, 434 struct ieee80211_node *); 435 static int run_sendprot(struct run_softc *, const struct mbuf *, 436 struct ieee80211_node *, int, int); 437 static int run_tx_param(struct run_softc *, struct mbuf *, 438 struct ieee80211_node *, 439 const struct ieee80211_bpf_params *); 440 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 441 const struct ieee80211_bpf_params *); 442 static int run_transmit(struct ieee80211com *, struct mbuf *); 443 static void run_start(struct run_softc *); 444 static void run_parent(struct ieee80211com *); 445 static void run_iq_calib(struct run_softc *, u_int); 446 static void run_set_agc(struct run_softc *, uint8_t); 447 static void run_select_chan_group(struct run_softc *, int); 448 static void run_set_rx_antenna(struct run_softc *, int); 449 static void run_rt2870_set_chan(struct run_softc *, u_int); 450 static void run_rt3070_set_chan(struct run_softc *, u_int); 451 static void run_rt3572_set_chan(struct run_softc *, u_int); 452 static void run_rt3593_set_chan(struct run_softc *, u_int); 453 static void run_rt5390_set_chan(struct run_softc *, u_int); 454 static void run_rt5592_set_chan(struct run_softc *, u_int); 455 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 456 static void run_set_channel(struct ieee80211com *); 457 static void run_getradiocaps(struct ieee80211com *, int, int *, 458 struct ieee80211_channel[]); 459 static void run_scan_start(struct ieee80211com *); 460 static void run_scan_end(struct ieee80211com *); 461 static void run_update_beacon(struct ieee80211vap *, int); 462 static void run_update_beacon_cb(void *); 463 static void run_updateprot(struct ieee80211com *); 464 static void run_updateprot_cb(void *); 465 static void run_usb_timeout_cb(void *); 466 static void run_reset_livelock(struct run_softc *); 467 static void run_enable_tsf_sync(struct run_softc *); 468 static void run_enable_tsf(struct run_softc *); 469 static void run_get_tsf(struct run_softc *, uint64_t *); 470 static void run_enable_mrr(struct run_softc *); 471 static void run_set_txpreamble(struct run_softc *); 472 static void run_set_basicrates(struct run_softc *); 473 static void run_set_leds(struct run_softc *, uint16_t); 474 static void run_set_bssid(struct run_softc *, const uint8_t *); 475 static void run_set_macaddr(struct run_softc *, const uint8_t *); 476 static void run_updateslot(struct ieee80211com *); 477 static void run_updateslot_cb(void *); 478 static void run_update_mcast(struct ieee80211com *); 479 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 480 static void run_update_promisc_locked(struct run_softc *); 481 static void run_update_promisc(struct ieee80211com *); 482 static void run_rt5390_bbp_init(struct run_softc *); 483 static int run_bbp_init(struct run_softc *); 484 static int run_rt3070_rf_init(struct run_softc *); 485 static void run_rt3593_rf_init(struct run_softc *); 486 static void run_rt5390_rf_init(struct run_softc *); 487 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 488 uint8_t *); 489 static void run_rt3070_rf_setup(struct run_softc *); 490 static void run_rt3593_rf_setup(struct run_softc *); 491 static void run_rt5390_rf_setup(struct run_softc *); 492 static int run_txrx_enable(struct run_softc *); 493 static void run_adjust_freq_offset(struct run_softc *); 494 static void run_init_locked(struct run_softc *); 495 static void run_stop(void *); 496 static void run_delay(struct run_softc *, u_int); 497 498 static eventhandler_tag run_etag; 499 500 static const struct rt2860_rate { 501 uint8_t rate; 502 uint8_t mcs; 503 enum ieee80211_phytype phy; 504 uint8_t ctl_ridx; 505 uint16_t sp_ack_dur; 506 uint16_t lp_ack_dur; 507 } rt2860_rates[] = { 508 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 509 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 510 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 511 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 512 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 513 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 514 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 515 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 516 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 517 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 518 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 519 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 520 }; 521 522 static const struct { 523 uint16_t reg; 524 uint32_t val; 525 } rt2870_def_mac[] = { 526 RT2870_DEF_MAC 527 }; 528 529 static const struct { 530 uint8_t reg; 531 uint8_t val; 532 } rt2860_def_bbp[] = { 533 RT2860_DEF_BBP 534 },rt5390_def_bbp[] = { 535 RT5390_DEF_BBP 536 },rt5592_def_bbp[] = { 537 RT5592_DEF_BBP 538 }; 539 540 /* 541 * Default values for BBP register R196 for RT5592. 542 */ 543 static const uint8_t rt5592_bbp_r196[] = { 544 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 545 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 546 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 547 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 548 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 549 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 550 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 551 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 552 0x2e, 0x36, 0x30, 0x6e 553 }; 554 555 static const struct rfprog { 556 uint8_t chan; 557 uint32_t r1, r2, r3, r4; 558 } rt2860_rf2850[] = { 559 RT2860_RF2850 560 }; 561 562 struct { 563 uint8_t n, r, k; 564 } rt3070_freqs[] = { 565 RT3070_RF3052 566 }; 567 568 static const struct rt5592_freqs { 569 uint16_t n; 570 uint8_t k, m, r; 571 } rt5592_freqs_20mhz[] = { 572 RT5592_RF5592_20MHZ 573 },rt5592_freqs_40mhz[] = { 574 RT5592_RF5592_40MHZ 575 }; 576 577 static const struct { 578 uint8_t reg; 579 uint8_t val; 580 } rt3070_def_rf[] = { 581 RT3070_DEF_RF 582 },rt3572_def_rf[] = { 583 RT3572_DEF_RF 584 },rt3593_def_rf[] = { 585 RT3593_DEF_RF 586 },rt5390_def_rf[] = { 587 RT5390_DEF_RF 588 },rt5392_def_rf[] = { 589 RT5392_DEF_RF 590 },rt5592_def_rf[] = { 591 RT5592_DEF_RF 592 },rt5592_2ghz_def_rf[] = { 593 RT5592_2GHZ_DEF_RF 594 },rt5592_5ghz_def_rf[] = { 595 RT5592_5GHZ_DEF_RF 596 }; 597 598 static const struct { 599 u_int firstchan; 600 u_int lastchan; 601 uint8_t reg; 602 uint8_t val; 603 } rt5592_chan_5ghz[] = { 604 RT5592_CHAN_5GHZ 605 }; 606 607 static const struct usb_config run_config[RUN_N_XFER] = { 608 [RUN_BULK_TX_BE] = { 609 .type = UE_BULK, 610 .endpoint = UE_ADDR_ANY, 611 .ep_index = 0, 612 .direction = UE_DIR_OUT, 613 .bufsize = RUN_MAX_TXSZ, 614 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 615 .callback = run_bulk_tx_callback0, 616 .timeout = 5000, /* ms */ 617 }, 618 [RUN_BULK_TX_BK] = { 619 .type = UE_BULK, 620 .endpoint = UE_ADDR_ANY, 621 .direction = UE_DIR_OUT, 622 .ep_index = 1, 623 .bufsize = RUN_MAX_TXSZ, 624 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 625 .callback = run_bulk_tx_callback1, 626 .timeout = 5000, /* ms */ 627 }, 628 [RUN_BULK_TX_VI] = { 629 .type = UE_BULK, 630 .endpoint = UE_ADDR_ANY, 631 .direction = UE_DIR_OUT, 632 .ep_index = 2, 633 .bufsize = RUN_MAX_TXSZ, 634 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 635 .callback = run_bulk_tx_callback2, 636 .timeout = 5000, /* ms */ 637 }, 638 [RUN_BULK_TX_VO] = { 639 .type = UE_BULK, 640 .endpoint = UE_ADDR_ANY, 641 .direction = UE_DIR_OUT, 642 .ep_index = 3, 643 .bufsize = RUN_MAX_TXSZ, 644 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 645 .callback = run_bulk_tx_callback3, 646 .timeout = 5000, /* ms */ 647 }, 648 [RUN_BULK_TX_HCCA] = { 649 .type = UE_BULK, 650 .endpoint = UE_ADDR_ANY, 651 .direction = UE_DIR_OUT, 652 .ep_index = 4, 653 .bufsize = RUN_MAX_TXSZ, 654 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 655 .callback = run_bulk_tx_callback4, 656 .timeout = 5000, /* ms */ 657 }, 658 [RUN_BULK_TX_PRIO] = { 659 .type = UE_BULK, 660 .endpoint = UE_ADDR_ANY, 661 .direction = UE_DIR_OUT, 662 .ep_index = 5, 663 .bufsize = RUN_MAX_TXSZ, 664 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 665 .callback = run_bulk_tx_callback5, 666 .timeout = 5000, /* ms */ 667 }, 668 [RUN_BULK_RX] = { 669 .type = UE_BULK, 670 .endpoint = UE_ADDR_ANY, 671 .direction = UE_DIR_IN, 672 .bufsize = RUN_MAX_RXSZ, 673 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 674 .callback = run_bulk_rx_callback, 675 } 676 }; 677 678 static void 679 run_autoinst(void *arg, struct usb_device *udev, 680 struct usb_attach_arg *uaa) 681 { 682 struct usb_interface *iface; 683 struct usb_interface_descriptor *id; 684 685 if (uaa->dev_state != UAA_DEV_READY) 686 return; 687 688 iface = usbd_get_iface(udev, 0); 689 if (iface == NULL) 690 return; 691 id = iface->idesc; 692 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 693 return; 694 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 695 return; 696 697 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 698 uaa->dev_state = UAA_DEV_EJECTING; 699 } 700 701 static int 702 run_driver_loaded(struct module *mod, int what, void *arg) 703 { 704 switch (what) { 705 case MOD_LOAD: 706 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 707 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 708 break; 709 case MOD_UNLOAD: 710 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 711 break; 712 default: 713 return (EOPNOTSUPP); 714 } 715 return (0); 716 } 717 718 static int 719 run_match(device_t self) 720 { 721 struct usb_attach_arg *uaa = device_get_ivars(self); 722 723 if (uaa->usb_mode != USB_MODE_HOST) 724 return (ENXIO); 725 if (uaa->info.bConfigIndex != 0) 726 return (ENXIO); 727 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 728 return (ENXIO); 729 730 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 731 } 732 733 static int 734 run_attach(device_t self) 735 { 736 struct run_softc *sc = device_get_softc(self); 737 struct usb_attach_arg *uaa = device_get_ivars(self); 738 struct ieee80211com *ic = &sc->sc_ic; 739 uint32_t ver; 740 uint8_t iface_index; 741 int ntries, error; 742 743 device_set_usb_desc(self); 744 sc->sc_udev = uaa->device; 745 sc->sc_dev = self; 746 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 747 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 748 749 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 750 MTX_NETWORK_LOCK, MTX_DEF); 751 mbufq_init(&sc->sc_snd, ifqmaxlen); 752 753 iface_index = RT2860_IFACE_INDEX; 754 755 error = usbd_transfer_setup(uaa->device, &iface_index, 756 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 757 if (error) { 758 device_printf(self, "could not allocate USB transfers, " 759 "err=%s\n", usbd_errstr(error)); 760 goto detach; 761 } 762 763 RUN_LOCK(sc); 764 765 /* wait for the chip to settle */ 766 for (ntries = 0; ntries < 100; ntries++) { 767 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 768 RUN_UNLOCK(sc); 769 goto detach; 770 } 771 if (ver != 0 && ver != 0xffffffff) 772 break; 773 run_delay(sc, 10); 774 } 775 if (ntries == 100) { 776 device_printf(sc->sc_dev, 777 "timeout waiting for NIC to initialize\n"); 778 RUN_UNLOCK(sc); 779 goto detach; 780 } 781 sc->mac_ver = ver >> 16; 782 sc->mac_rev = ver & 0xffff; 783 784 /* retrieve RF rev. no and various other things from EEPROM */ 785 run_read_eeprom(sc); 786 787 device_printf(sc->sc_dev, 788 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 789 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 790 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 791 792 RUN_UNLOCK(sc); 793 794 ic->ic_softc = sc; 795 ic->ic_name = device_get_nameunit(self); 796 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 797 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 798 799 /* set device capabilities */ 800 ic->ic_caps = 801 IEEE80211_C_STA | /* station mode supported */ 802 IEEE80211_C_MONITOR | /* monitor mode supported */ 803 IEEE80211_C_IBSS | 804 IEEE80211_C_HOSTAP | 805 IEEE80211_C_WDS | /* 4-address traffic works */ 806 IEEE80211_C_MBSS | 807 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 808 IEEE80211_C_SHSLOT | /* short slot time supported */ 809 IEEE80211_C_WME | /* WME */ 810 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 811 812 ic->ic_cryptocaps = 813 IEEE80211_CRYPTO_WEP | 814 IEEE80211_CRYPTO_AES_CCM | 815 IEEE80211_CRYPTO_TKIPMIC | 816 IEEE80211_CRYPTO_TKIP; 817 818 ic->ic_flags |= IEEE80211_F_DATAPAD; 819 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 820 821 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 822 ic->ic_channels); 823 824 ieee80211_ifattach(ic); 825 826 ic->ic_scan_start = run_scan_start; 827 ic->ic_scan_end = run_scan_end; 828 ic->ic_set_channel = run_set_channel; 829 ic->ic_getradiocaps = run_getradiocaps; 830 ic->ic_node_alloc = run_node_alloc; 831 ic->ic_newassoc = run_newassoc; 832 ic->ic_updateslot = run_updateslot; 833 ic->ic_update_mcast = run_update_mcast; 834 ic->ic_wme.wme_update = run_wme_update; 835 ic->ic_raw_xmit = run_raw_xmit; 836 ic->ic_update_promisc = run_update_promisc; 837 ic->ic_vap_create = run_vap_create; 838 ic->ic_vap_delete = run_vap_delete; 839 ic->ic_transmit = run_transmit; 840 ic->ic_parent = run_parent; 841 842 ieee80211_radiotap_attach(ic, 843 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 844 RUN_TX_RADIOTAP_PRESENT, 845 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 846 RUN_RX_RADIOTAP_PRESENT); 847 848 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 849 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 850 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 851 852 if (bootverbose) 853 ieee80211_announce(ic); 854 855 return (0); 856 857 detach: 858 run_detach(self); 859 return (ENXIO); 860 } 861 862 static void 863 run_drain_mbufq(struct run_softc *sc) 864 { 865 struct mbuf *m; 866 struct ieee80211_node *ni; 867 868 RUN_LOCK_ASSERT(sc, MA_OWNED); 869 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 870 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 871 m->m_pkthdr.rcvif = NULL; 872 ieee80211_free_node(ni); 873 m_freem(m); 874 } 875 } 876 877 static int 878 run_detach(device_t self) 879 { 880 struct run_softc *sc = device_get_softc(self); 881 struct ieee80211com *ic = &sc->sc_ic; 882 int i; 883 884 RUN_LOCK(sc); 885 sc->sc_detached = 1; 886 RUN_UNLOCK(sc); 887 888 /* stop all USB transfers */ 889 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 890 891 RUN_LOCK(sc); 892 sc->ratectl_run = RUN_RATECTL_OFF; 893 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 894 895 /* free TX list, if any */ 896 for (i = 0; i != RUN_EP_QUEUES; i++) 897 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 898 899 /* Free TX queue */ 900 run_drain_mbufq(sc); 901 RUN_UNLOCK(sc); 902 903 if (sc->sc_ic.ic_softc == sc) { 904 /* drain tasks */ 905 usb_callout_drain(&sc->ratectl_ch); 906 ieee80211_draintask(ic, &sc->cmdq_task); 907 ieee80211_draintask(ic, &sc->ratectl_task); 908 ieee80211_ifdetach(ic); 909 } 910 911 mtx_destroy(&sc->sc_mtx); 912 913 return (0); 914 } 915 916 static struct ieee80211vap * 917 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 918 enum ieee80211_opmode opmode, int flags, 919 const uint8_t bssid[IEEE80211_ADDR_LEN], 920 const uint8_t mac[IEEE80211_ADDR_LEN]) 921 { 922 struct run_softc *sc = ic->ic_softc; 923 struct run_vap *rvp; 924 struct ieee80211vap *vap; 925 int i; 926 927 if (sc->rvp_cnt >= RUN_VAP_MAX) { 928 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 929 return (NULL); 930 } 931 932 switch (opmode) { 933 case IEEE80211_M_STA: 934 /* enable s/w bmiss handling for sta mode */ 935 flags |= IEEE80211_CLONE_NOBEACONS; 936 /* fall though */ 937 case IEEE80211_M_IBSS: 938 case IEEE80211_M_MONITOR: 939 case IEEE80211_M_HOSTAP: 940 case IEEE80211_M_MBSS: 941 /* other than WDS vaps, only one at a time */ 942 if (!TAILQ_EMPTY(&ic->ic_vaps)) 943 return (NULL); 944 break; 945 case IEEE80211_M_WDS: 946 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 947 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 948 continue; 949 /* WDS vap's always share the local mac address. */ 950 flags &= ~IEEE80211_CLONE_BSSID; 951 break; 952 } 953 if (vap == NULL) { 954 device_printf(sc->sc_dev, 955 "wds only supported in ap mode\n"); 956 return (NULL); 957 } 958 break; 959 default: 960 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 961 return (NULL); 962 } 963 964 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 965 vap = &rvp->vap; 966 967 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 968 bssid) != 0) { 969 /* out of memory */ 970 free(rvp, M_80211_VAP); 971 return (NULL); 972 } 973 974 vap->iv_update_beacon = run_update_beacon; 975 vap->iv_max_aid = RT2870_WCID_MAX; 976 /* 977 * To delete the right key from h/w, we need wcid. 978 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 979 * and matching wcid will be written into there. So, cast 980 * some spells to remove 'const' from ieee80211_key{} 981 */ 982 vap->iv_key_delete = (void *)run_key_delete; 983 vap->iv_key_set = (void *)run_key_set; 984 985 /* override state transition machine */ 986 rvp->newstate = vap->iv_newstate; 987 vap->iv_newstate = run_newstate; 988 if (opmode == IEEE80211_M_IBSS) { 989 rvp->recv_mgmt = vap->iv_recv_mgmt; 990 vap->iv_recv_mgmt = run_recv_mgmt; 991 } 992 993 ieee80211_ratectl_init(vap); 994 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 995 996 /* complete setup */ 997 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 998 mac); 999 1000 /* make sure id is always unique */ 1001 for (i = 0; i < RUN_VAP_MAX; i++) { 1002 if((sc->rvp_bmap & 1 << i) == 0){ 1003 sc->rvp_bmap |= 1 << i; 1004 rvp->rvp_id = i; 1005 break; 1006 } 1007 } 1008 if (sc->rvp_cnt++ == 0) 1009 ic->ic_opmode = opmode; 1010 1011 if (opmode == IEEE80211_M_HOSTAP) 1012 sc->cmdq_run = RUN_CMDQ_GO; 1013 1014 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1015 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1016 1017 return (vap); 1018 } 1019 1020 static void 1021 run_vap_delete(struct ieee80211vap *vap) 1022 { 1023 struct run_vap *rvp = RUN_VAP(vap); 1024 struct ieee80211com *ic; 1025 struct run_softc *sc; 1026 uint8_t rvp_id; 1027 1028 if (vap == NULL) 1029 return; 1030 1031 ic = vap->iv_ic; 1032 sc = ic->ic_softc; 1033 1034 RUN_LOCK(sc); 1035 1036 m_freem(rvp->beacon_mbuf); 1037 rvp->beacon_mbuf = NULL; 1038 1039 rvp_id = rvp->rvp_id; 1040 sc->ratectl_run &= ~(1 << rvp_id); 1041 sc->rvp_bmap &= ~(1 << rvp_id); 1042 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1043 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1044 --sc->rvp_cnt; 1045 1046 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1047 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1048 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1049 1050 RUN_UNLOCK(sc); 1051 1052 ieee80211_ratectl_deinit(vap); 1053 ieee80211_vap_detach(vap); 1054 free(rvp, M_80211_VAP); 1055 } 1056 1057 /* 1058 * There are numbers of functions need to be called in context thread. 1059 * Rather than creating taskqueue event for each of those functions, 1060 * here is all-for-one taskqueue callback function. This function 1061 * guarantees deferred functions are executed in the same order they 1062 * were enqueued. 1063 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1064 */ 1065 static void 1066 run_cmdq_cb(void *arg, int pending) 1067 { 1068 struct run_softc *sc = arg; 1069 uint8_t i; 1070 1071 /* call cmdq[].func locked */ 1072 RUN_LOCK(sc); 1073 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1074 i = sc->cmdq_exec, pending--) { 1075 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1076 i, pending); 1077 if (sc->cmdq_run == RUN_CMDQ_GO) { 1078 /* 1079 * If arg0 is NULL, callback func needs more 1080 * than one arg. So, pass ptr to cmdq struct. 1081 */ 1082 if (sc->cmdq[i].arg0) 1083 sc->cmdq[i].func(sc->cmdq[i].arg0); 1084 else 1085 sc->cmdq[i].func(&sc->cmdq[i]); 1086 } 1087 sc->cmdq[i].arg0 = NULL; 1088 sc->cmdq[i].func = NULL; 1089 sc->cmdq_exec++; 1090 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1091 } 1092 RUN_UNLOCK(sc); 1093 } 1094 1095 static void 1096 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1097 { 1098 struct run_tx_data *data; 1099 1100 memset(pq, 0, sizeof(*pq)); 1101 1102 STAILQ_INIT(&pq->tx_qh); 1103 STAILQ_INIT(&pq->tx_fh); 1104 1105 for (data = &pq->tx_data[0]; 1106 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1107 data->sc = sc; 1108 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1109 } 1110 pq->tx_nfree = RUN_TX_RING_COUNT; 1111 } 1112 1113 static void 1114 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1115 { 1116 struct run_tx_data *data; 1117 1118 /* make sure any subsequent use of the queues will fail */ 1119 pq->tx_nfree = 0; 1120 STAILQ_INIT(&pq->tx_fh); 1121 STAILQ_INIT(&pq->tx_qh); 1122 1123 /* free up all node references and mbufs */ 1124 for (data = &pq->tx_data[0]; 1125 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1126 if (data->m != NULL) { 1127 m_freem(data->m); 1128 data->m = NULL; 1129 } 1130 if (data->ni != NULL) { 1131 ieee80211_free_node(data->ni); 1132 data->ni = NULL; 1133 } 1134 } 1135 } 1136 1137 static int 1138 run_load_microcode(struct run_softc *sc) 1139 { 1140 usb_device_request_t req; 1141 const struct firmware *fw; 1142 const u_char *base; 1143 uint32_t tmp; 1144 int ntries, error; 1145 const uint64_t *temp; 1146 uint64_t bytes; 1147 1148 RUN_UNLOCK(sc); 1149 fw = firmware_get("runfw"); 1150 RUN_LOCK(sc); 1151 if (fw == NULL) { 1152 device_printf(sc->sc_dev, 1153 "failed loadfirmware of file %s\n", "runfw"); 1154 return ENOENT; 1155 } 1156 1157 if (fw->datasize != 8192) { 1158 device_printf(sc->sc_dev, 1159 "invalid firmware size (should be 8KB)\n"); 1160 error = EINVAL; 1161 goto fail; 1162 } 1163 1164 /* 1165 * RT3071/RT3072 use a different firmware 1166 * run-rt2870 (8KB) contains both, 1167 * first half (4KB) is for rt2870, 1168 * last half is for rt3071. 1169 */ 1170 base = fw->data; 1171 if ((sc->mac_ver) != 0x2860 && 1172 (sc->mac_ver) != 0x2872 && 1173 (sc->mac_ver) != 0x3070) { 1174 base += 4096; 1175 } 1176 1177 /* cheap sanity check */ 1178 temp = fw->data; 1179 bytes = *temp; 1180 if (bytes != be64toh(0xffffff0210280210ULL)) { 1181 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1182 error = EINVAL; 1183 goto fail; 1184 } 1185 1186 /* write microcode image */ 1187 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1188 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1189 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1190 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1191 } 1192 1193 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1194 req.bRequest = RT2870_RESET; 1195 USETW(req.wValue, 8); 1196 USETW(req.wIndex, 0); 1197 USETW(req.wLength, 0); 1198 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1199 != 0) { 1200 device_printf(sc->sc_dev, "firmware reset failed\n"); 1201 goto fail; 1202 } 1203 1204 run_delay(sc, 10); 1205 1206 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1207 run_write(sc, RT2860_H2M_MAILBOX, 0); 1208 run_write(sc, RT2860_H2M_INTSRC, 0); 1209 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1210 goto fail; 1211 1212 /* wait until microcontroller is ready */ 1213 for (ntries = 0; ntries < 1000; ntries++) { 1214 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1215 goto fail; 1216 if (tmp & RT2860_MCU_READY) 1217 break; 1218 run_delay(sc, 10); 1219 } 1220 if (ntries == 1000) { 1221 device_printf(sc->sc_dev, 1222 "timeout waiting for MCU to initialize\n"); 1223 error = ETIMEDOUT; 1224 goto fail; 1225 } 1226 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1227 (base == fw->data) ? "RT2870" : "RT3071", 1228 *(base + 4092), *(base + 4093)); 1229 1230 fail: 1231 firmware_put(fw, FIRMWARE_UNLOAD); 1232 return (error); 1233 } 1234 1235 static int 1236 run_reset(struct run_softc *sc) 1237 { 1238 usb_device_request_t req; 1239 1240 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1241 req.bRequest = RT2870_RESET; 1242 USETW(req.wValue, 1); 1243 USETW(req.wIndex, 0); 1244 USETW(req.wLength, 0); 1245 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1246 } 1247 1248 static usb_error_t 1249 run_do_request(struct run_softc *sc, 1250 struct usb_device_request *req, void *data) 1251 { 1252 usb_error_t err; 1253 int ntries = 10; 1254 1255 RUN_LOCK_ASSERT(sc, MA_OWNED); 1256 1257 while (ntries--) { 1258 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1259 req, data, 0, NULL, 250 /* ms */); 1260 if (err == 0) 1261 break; 1262 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1263 "Control request failed, %s (retrying)\n", 1264 usbd_errstr(err)); 1265 run_delay(sc, 10); 1266 } 1267 return (err); 1268 } 1269 1270 static int 1271 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1272 { 1273 uint32_t tmp; 1274 int error; 1275 1276 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1277 if (error == 0) 1278 *val = le32toh(tmp); 1279 else 1280 *val = 0xffffffff; 1281 return (error); 1282 } 1283 1284 static int 1285 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1286 { 1287 usb_device_request_t req; 1288 1289 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1290 req.bRequest = RT2870_READ_REGION_1; 1291 USETW(req.wValue, 0); 1292 USETW(req.wIndex, reg); 1293 USETW(req.wLength, len); 1294 1295 return (run_do_request(sc, &req, buf)); 1296 } 1297 1298 static int 1299 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1300 { 1301 usb_device_request_t req; 1302 1303 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1304 req.bRequest = RT2870_WRITE_2; 1305 USETW(req.wValue, val); 1306 USETW(req.wIndex, reg); 1307 USETW(req.wLength, 0); 1308 1309 return (run_do_request(sc, &req, NULL)); 1310 } 1311 1312 static int 1313 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1314 { 1315 int error; 1316 1317 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1318 error = run_write_2(sc, reg + 2, val >> 16); 1319 return (error); 1320 } 1321 1322 static int 1323 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1324 int len) 1325 { 1326 #if 1 1327 int i, error = 0; 1328 /* 1329 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1330 * We thus issue multiple WRITE_2 commands instead. 1331 */ 1332 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1333 for (i = 0; i < len && error == 0; i += 2) 1334 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1335 return (error); 1336 #else 1337 usb_device_request_t req; 1338 int error = 0; 1339 1340 /* 1341 * NOTE: It appears the WRITE_REGION_1 command cannot be 1342 * passed a huge amount of data, which will crash the 1343 * firmware. Limit amount of data passed to 64-bytes at a 1344 * time. 1345 */ 1346 while (len > 0) { 1347 int delta = 64; 1348 if (delta > len) 1349 delta = len; 1350 1351 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1352 req.bRequest = RT2870_WRITE_REGION_1; 1353 USETW(req.wValue, 0); 1354 USETW(req.wIndex, reg); 1355 USETW(req.wLength, delta); 1356 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1357 if (error != 0) 1358 break; 1359 reg += delta; 1360 buf += delta; 1361 len -= delta; 1362 } 1363 return (error); 1364 #endif 1365 } 1366 1367 static int 1368 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1369 { 1370 int i, error = 0; 1371 1372 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1373 for (i = 0; i < len && error == 0; i += 4) 1374 error = run_write(sc, reg + i, val); 1375 return (error); 1376 } 1377 1378 static int 1379 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1380 { 1381 uint32_t tmp; 1382 uint16_t reg; 1383 int error, ntries; 1384 1385 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1386 return (error); 1387 1388 if (count == 2) 1389 addr *= 2; 1390 /*- 1391 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1392 * DATA0: F E D C 1393 * DATA1: B A 9 8 1394 * DATA2: 7 6 5 4 1395 * DATA3: 3 2 1 0 1396 */ 1397 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1398 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1399 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1400 for (ntries = 0; ntries < 100; ntries++) { 1401 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1402 return (error); 1403 if (!(tmp & RT3070_EFSROM_KICK)) 1404 break; 1405 run_delay(sc, 2); 1406 } 1407 if (ntries == 100) 1408 return (ETIMEDOUT); 1409 1410 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1411 *val = 0xffff; /* address not found */ 1412 return (0); 1413 } 1414 /* determine to which 32-bit register our 16-bit word belongs */ 1415 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1416 if ((error = run_read(sc, reg, &tmp)) != 0) 1417 return (error); 1418 1419 tmp >>= (8 * (addr & 0x3)); 1420 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1421 1422 return (0); 1423 } 1424 1425 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1426 static int 1427 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1428 { 1429 return (run_efuse_read(sc, addr, val, 2)); 1430 } 1431 1432 static int 1433 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1434 { 1435 usb_device_request_t req; 1436 uint16_t tmp; 1437 int error; 1438 1439 addr *= 2; 1440 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1441 req.bRequest = RT2870_EEPROM_READ; 1442 USETW(req.wValue, 0); 1443 USETW(req.wIndex, addr); 1444 USETW(req.wLength, sizeof(tmp)); 1445 1446 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1447 if (error == 0) 1448 *val = le16toh(tmp); 1449 else 1450 *val = 0xffff; 1451 return (error); 1452 } 1453 1454 static __inline int 1455 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1456 { 1457 /* either eFUSE ROM or EEPROM */ 1458 return sc->sc_srom_read(sc, addr, val); 1459 } 1460 1461 static int 1462 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1463 { 1464 uint32_t tmp; 1465 int error, ntries; 1466 1467 for (ntries = 0; ntries < 10; ntries++) { 1468 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1469 return (error); 1470 if (!(tmp & RT2860_RF_REG_CTRL)) 1471 break; 1472 } 1473 if (ntries == 10) 1474 return (ETIMEDOUT); 1475 1476 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1477 } 1478 1479 static int 1480 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1481 { 1482 uint32_t tmp; 1483 int error, ntries; 1484 1485 for (ntries = 0; ntries < 100; ntries++) { 1486 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1487 return (error); 1488 if (!(tmp & RT3070_RF_KICK)) 1489 break; 1490 } 1491 if (ntries == 100) 1492 return (ETIMEDOUT); 1493 1494 tmp = RT3070_RF_KICK | reg << 8; 1495 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1496 return (error); 1497 1498 for (ntries = 0; ntries < 100; ntries++) { 1499 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1500 return (error); 1501 if (!(tmp & RT3070_RF_KICK)) 1502 break; 1503 } 1504 if (ntries == 100) 1505 return (ETIMEDOUT); 1506 1507 *val = tmp & 0xff; 1508 return (0); 1509 } 1510 1511 static int 1512 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1513 { 1514 uint32_t tmp; 1515 int error, ntries; 1516 1517 for (ntries = 0; ntries < 10; ntries++) { 1518 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1519 return (error); 1520 if (!(tmp & RT3070_RF_KICK)) 1521 break; 1522 } 1523 if (ntries == 10) 1524 return (ETIMEDOUT); 1525 1526 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1527 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1528 } 1529 1530 static int 1531 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1532 { 1533 uint32_t tmp; 1534 int ntries, error; 1535 1536 for (ntries = 0; ntries < 10; ntries++) { 1537 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1538 return (error); 1539 if (!(tmp & RT2860_BBP_CSR_KICK)) 1540 break; 1541 } 1542 if (ntries == 10) 1543 return (ETIMEDOUT); 1544 1545 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1546 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1547 return (error); 1548 1549 for (ntries = 0; ntries < 10; ntries++) { 1550 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1551 return (error); 1552 if (!(tmp & RT2860_BBP_CSR_KICK)) 1553 break; 1554 } 1555 if (ntries == 10) 1556 return (ETIMEDOUT); 1557 1558 *val = tmp & 0xff; 1559 return (0); 1560 } 1561 1562 static int 1563 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1564 { 1565 uint32_t tmp; 1566 int ntries, error; 1567 1568 for (ntries = 0; ntries < 10; ntries++) { 1569 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1570 return (error); 1571 if (!(tmp & RT2860_BBP_CSR_KICK)) 1572 break; 1573 } 1574 if (ntries == 10) 1575 return (ETIMEDOUT); 1576 1577 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1578 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1579 } 1580 1581 /* 1582 * Send a command to the 8051 microcontroller unit. 1583 */ 1584 static int 1585 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1586 { 1587 uint32_t tmp; 1588 int error, ntries; 1589 1590 for (ntries = 0; ntries < 100; ntries++) { 1591 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1592 return error; 1593 if (!(tmp & RT2860_H2M_BUSY)) 1594 break; 1595 } 1596 if (ntries == 100) 1597 return ETIMEDOUT; 1598 1599 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1600 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1601 error = run_write(sc, RT2860_HOST_CMD, cmd); 1602 return (error); 1603 } 1604 1605 /* 1606 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1607 * Used to adjust per-rate Tx power registers. 1608 */ 1609 static __inline uint32_t 1610 b4inc(uint32_t b32, int8_t delta) 1611 { 1612 int8_t i, b4; 1613 1614 for (i = 0; i < 8; i++) { 1615 b4 = b32 & 0xf; 1616 b4 += delta; 1617 if (b4 < 0) 1618 b4 = 0; 1619 else if (b4 > 0xf) 1620 b4 = 0xf; 1621 b32 = b32 >> 4 | b4 << 28; 1622 } 1623 return (b32); 1624 } 1625 1626 static const char * 1627 run_get_rf(uint16_t rev) 1628 { 1629 switch (rev) { 1630 case RT2860_RF_2820: return "RT2820"; 1631 case RT2860_RF_2850: return "RT2850"; 1632 case RT2860_RF_2720: return "RT2720"; 1633 case RT2860_RF_2750: return "RT2750"; 1634 case RT3070_RF_3020: return "RT3020"; 1635 case RT3070_RF_2020: return "RT2020"; 1636 case RT3070_RF_3021: return "RT3021"; 1637 case RT3070_RF_3022: return "RT3022"; 1638 case RT3070_RF_3052: return "RT3052"; 1639 case RT3593_RF_3053: return "RT3053"; 1640 case RT5592_RF_5592: return "RT5592"; 1641 case RT5390_RF_5370: return "RT5370"; 1642 case RT5390_RF_5372: return "RT5372"; 1643 } 1644 return ("unknown"); 1645 } 1646 1647 static void 1648 run_rt3593_get_txpower(struct run_softc *sc) 1649 { 1650 uint16_t addr, val; 1651 int i; 1652 1653 /* Read power settings for 2GHz channels. */ 1654 for (i = 0; i < 14; i += 2) { 1655 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1656 RT2860_EEPROM_PWR2GHZ_BASE1; 1657 run_srom_read(sc, addr + i / 2, &val); 1658 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1659 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1660 1661 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1662 RT2860_EEPROM_PWR2GHZ_BASE2; 1663 run_srom_read(sc, addr + i / 2, &val); 1664 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1665 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1666 1667 if (sc->ntxchains == 3) { 1668 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1669 &val); 1670 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1671 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1672 } 1673 } 1674 /* Fix broken Tx power entries. */ 1675 for (i = 0; i < 14; i++) { 1676 if (sc->txpow1[i] > 31) 1677 sc->txpow1[i] = 5; 1678 if (sc->txpow2[i] > 31) 1679 sc->txpow2[i] = 5; 1680 if (sc->ntxchains == 3) { 1681 if (sc->txpow3[i] > 31) 1682 sc->txpow3[i] = 5; 1683 } 1684 } 1685 /* Read power settings for 5GHz channels. */ 1686 for (i = 0; i < 40; i += 2) { 1687 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1688 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1689 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1690 1691 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1692 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1693 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1694 1695 if (sc->ntxchains == 3) { 1696 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1697 &val); 1698 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1699 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1700 } 1701 } 1702 } 1703 1704 static void 1705 run_get_txpower(struct run_softc *sc) 1706 { 1707 uint16_t val; 1708 int i; 1709 1710 /* Read power settings for 2GHz channels. */ 1711 for (i = 0; i < 14; i += 2) { 1712 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1713 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1714 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1715 1716 if (sc->mac_ver != 0x5390) { 1717 run_srom_read(sc, 1718 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1719 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1720 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1721 } 1722 } 1723 /* Fix broken Tx power entries. */ 1724 for (i = 0; i < 14; i++) { 1725 if (sc->mac_ver >= 0x5390) { 1726 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1727 sc->txpow1[i] = 5; 1728 } else { 1729 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1730 sc->txpow1[i] = 5; 1731 } 1732 if (sc->mac_ver > 0x5390) { 1733 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1734 sc->txpow2[i] = 5; 1735 } else if (sc->mac_ver < 0x5390) { 1736 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1737 sc->txpow2[i] = 5; 1738 } 1739 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1740 "chan %d: power1=%d, power2=%d\n", 1741 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1742 } 1743 /* Read power settings for 5GHz channels. */ 1744 for (i = 0; i < 40; i += 2) { 1745 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1746 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1747 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1748 1749 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1750 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1751 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1752 } 1753 /* Fix broken Tx power entries. */ 1754 for (i = 0; i < 40; i++ ) { 1755 if (sc->mac_ver != 0x5592) { 1756 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1757 sc->txpow1[14 + i] = 5; 1758 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1759 sc->txpow2[14 + i] = 5; 1760 } 1761 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1762 "chan %d: power1=%d, power2=%d\n", 1763 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1764 sc->txpow2[14 + i]); 1765 } 1766 } 1767 1768 static int 1769 run_read_eeprom(struct run_softc *sc) 1770 { 1771 struct ieee80211com *ic = &sc->sc_ic; 1772 int8_t delta_2ghz, delta_5ghz; 1773 uint32_t tmp; 1774 uint16_t val; 1775 int ridx, ant, i; 1776 1777 /* check whether the ROM is eFUSE ROM or EEPROM */ 1778 sc->sc_srom_read = run_eeprom_read_2; 1779 if (sc->mac_ver >= 0x3070) { 1780 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1781 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1782 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1783 sc->sc_srom_read = run_efuse_read_2; 1784 } 1785 1786 /* read ROM version */ 1787 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1788 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1789 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1790 1791 /* read MAC address */ 1792 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1793 ic->ic_macaddr[0] = val & 0xff; 1794 ic->ic_macaddr[1] = val >> 8; 1795 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1796 ic->ic_macaddr[2] = val & 0xff; 1797 ic->ic_macaddr[3] = val >> 8; 1798 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1799 ic->ic_macaddr[4] = val & 0xff; 1800 ic->ic_macaddr[5] = val >> 8; 1801 1802 if (sc->mac_ver < 0x3593) { 1803 /* read vender BBP settings */ 1804 for (i = 0; i < 10; i++) { 1805 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1806 sc->bbp[i].val = val & 0xff; 1807 sc->bbp[i].reg = val >> 8; 1808 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1809 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1810 } 1811 if (sc->mac_ver >= 0x3071) { 1812 /* read vendor RF settings */ 1813 for (i = 0; i < 10; i++) { 1814 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1815 &val); 1816 sc->rf[i].val = val & 0xff; 1817 sc->rf[i].reg = val >> 8; 1818 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1819 sc->rf[i].reg, sc->rf[i].val); 1820 } 1821 } 1822 } 1823 1824 /* read RF frequency offset from EEPROM */ 1825 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1826 RT3593_EEPROM_FREQ, &val); 1827 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1828 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1829 sc->freq & 0xff); 1830 1831 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1832 RT3593_EEPROM_FREQ_LEDS, &val); 1833 if (val >> 8 != 0xff) { 1834 /* read LEDs operating mode */ 1835 sc->leds = val >> 8; 1836 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1837 RT3593_EEPROM_LED1, &sc->led[0]); 1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1839 RT3593_EEPROM_LED2, &sc->led[1]); 1840 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1841 RT3593_EEPROM_LED3, &sc->led[2]); 1842 } else { 1843 /* broken EEPROM, use default settings */ 1844 sc->leds = 0x01; 1845 sc->led[0] = 0x5555; 1846 sc->led[1] = 0x2221; 1847 sc->led[2] = 0x5627; /* differs from RT2860 */ 1848 } 1849 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1850 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1851 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1852 1853 /* read RF information */ 1854 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1855 run_srom_read(sc, 0x00, &val); 1856 else 1857 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1858 1859 if (val == 0xffff) { 1860 device_printf(sc->sc_dev, 1861 "invalid EEPROM antenna info, using default\n"); 1862 if (sc->mac_ver == 0x3572) { 1863 /* default to RF3052 2T2R */ 1864 sc->rf_rev = RT3070_RF_3052; 1865 sc->ntxchains = 2; 1866 sc->nrxchains = 2; 1867 } else if (sc->mac_ver >= 0x3070) { 1868 /* default to RF3020 1T1R */ 1869 sc->rf_rev = RT3070_RF_3020; 1870 sc->ntxchains = 1; 1871 sc->nrxchains = 1; 1872 } else { 1873 /* default to RF2820 1T2R */ 1874 sc->rf_rev = RT2860_RF_2820; 1875 sc->ntxchains = 1; 1876 sc->nrxchains = 2; 1877 } 1878 } else { 1879 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1880 sc->rf_rev = val; 1881 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1882 } else 1883 sc->rf_rev = (val >> 8) & 0xf; 1884 sc->ntxchains = (val >> 4) & 0xf; 1885 sc->nrxchains = val & 0xf; 1886 } 1887 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1888 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1889 1890 /* check if RF supports automatic Tx access gain control */ 1891 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1892 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1893 /* check if driver should patch the DAC issue */ 1894 if ((val >> 8) != 0xff) 1895 sc->patch_dac = (val >> 15) & 1; 1896 if ((val & 0xff) != 0xff) { 1897 sc->ext_5ghz_lna = (val >> 3) & 1; 1898 sc->ext_2ghz_lna = (val >> 2) & 1; 1899 /* check if RF supports automatic Tx access gain control */ 1900 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1901 /* check if we have a hardware radio switch */ 1902 sc->rfswitch = val & 1; 1903 } 1904 1905 /* Read Tx power settings. */ 1906 if (sc->mac_ver == 0x3593) 1907 run_rt3593_get_txpower(sc); 1908 else 1909 run_get_txpower(sc); 1910 1911 /* read Tx power compensation for each Tx rate */ 1912 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1913 delta_2ghz = delta_5ghz = 0; 1914 if ((val & 0xff) != 0xff && (val & 0x80)) { 1915 delta_2ghz = val & 0xf; 1916 if (!(val & 0x40)) /* negative number */ 1917 delta_2ghz = -delta_2ghz; 1918 } 1919 val >>= 8; 1920 if ((val & 0xff) != 0xff && (val & 0x80)) { 1921 delta_5ghz = val & 0xf; 1922 if (!(val & 0x40)) /* negative number */ 1923 delta_5ghz = -delta_5ghz; 1924 } 1925 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1926 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1927 1928 for (ridx = 0; ridx < 5; ridx++) { 1929 uint32_t reg; 1930 1931 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1932 reg = val; 1933 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1934 reg |= (uint32_t)val << 16; 1935 1936 sc->txpow20mhz[ridx] = reg; 1937 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1938 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1939 1940 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1941 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1942 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1943 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1944 } 1945 1946 /* Read RSSI offsets and LNA gains from EEPROM. */ 1947 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1948 RT3593_EEPROM_RSSI1_2GHZ, &val); 1949 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1950 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1951 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1952 RT3593_EEPROM_RSSI2_2GHZ, &val); 1953 if (sc->mac_ver >= 0x3070) { 1954 if (sc->mac_ver == 0x3593) { 1955 sc->txmixgain_2ghz = 0; 1956 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1957 } else { 1958 /* 1959 * On RT3070 chips (limited to 2 Rx chains), this ROM 1960 * field contains the Tx mixer gain for the 2GHz band. 1961 */ 1962 if ((val & 0xff) != 0xff) 1963 sc->txmixgain_2ghz = val & 0x7; 1964 } 1965 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1966 sc->txmixgain_2ghz); 1967 } else 1968 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1969 if (sc->mac_ver == 0x3593) 1970 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1971 sc->lna[2] = val >> 8; /* channel group 2 */ 1972 1973 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1974 RT3593_EEPROM_RSSI1_5GHZ, &val); 1975 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1976 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1977 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1978 RT3593_EEPROM_RSSI2_5GHZ, &val); 1979 if (sc->mac_ver == 0x3572) { 1980 /* 1981 * On RT3572 chips (limited to 2 Rx chains), this ROM 1982 * field contains the Tx mixer gain for the 5GHz band. 1983 */ 1984 if ((val & 0xff) != 0xff) 1985 sc->txmixgain_5ghz = val & 0x7; 1986 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1987 sc->txmixgain_5ghz); 1988 } else 1989 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1990 if (sc->mac_ver == 0x3593) { 1991 sc->txmixgain_5ghz = 0; 1992 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1993 } 1994 sc->lna[3] = val >> 8; /* channel group 3 */ 1995 1996 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1997 RT3593_EEPROM_LNA, &val); 1998 sc->lna[0] = val & 0xff; /* channel group 0 */ 1999 sc->lna[1] = val >> 8; /* channel group 1 */ 2000 2001 /* fix broken 5GHz LNA entries */ 2002 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2003 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2004 "invalid LNA for channel group %d\n", 2); 2005 sc->lna[2] = sc->lna[1]; 2006 } 2007 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2008 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2009 "invalid LNA for channel group %d\n", 3); 2010 sc->lna[3] = sc->lna[1]; 2011 } 2012 2013 /* fix broken RSSI offset entries */ 2014 for (ant = 0; ant < 3; ant++) { 2015 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2016 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2017 "invalid RSSI%d offset: %d (2GHz)\n", 2018 ant + 1, sc->rssi_2ghz[ant]); 2019 sc->rssi_2ghz[ant] = 0; 2020 } 2021 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2022 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2023 "invalid RSSI%d offset: %d (5GHz)\n", 2024 ant + 1, sc->rssi_5ghz[ant]); 2025 sc->rssi_5ghz[ant] = 0; 2026 } 2027 } 2028 return (0); 2029 } 2030 2031 static struct ieee80211_node * 2032 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2033 { 2034 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 2035 } 2036 2037 static int 2038 run_media_change(struct ifnet *ifp) 2039 { 2040 struct ieee80211vap *vap = ifp->if_softc; 2041 struct ieee80211com *ic = vap->iv_ic; 2042 const struct ieee80211_txparam *tp; 2043 struct run_softc *sc = ic->ic_softc; 2044 uint8_t rate, ridx; 2045 int error; 2046 2047 RUN_LOCK(sc); 2048 2049 error = ieee80211_media_change(ifp); 2050 if (error != ENETRESET) { 2051 RUN_UNLOCK(sc); 2052 return (error); 2053 } 2054 2055 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2056 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2057 struct ieee80211_node *ni; 2058 struct run_node *rn; 2059 2060 rate = ic->ic_sup_rates[ic->ic_curmode]. 2061 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2062 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2063 if (rt2860_rates[ridx].rate == rate) 2064 break; 2065 ni = ieee80211_ref_node(vap->iv_bss); 2066 rn = RUN_NODE(ni); 2067 rn->fix_ridx = ridx; 2068 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2069 rate, rn->fix_ridx); 2070 ieee80211_free_node(ni); 2071 } 2072 2073 #if 0 2074 if ((ifp->if_flags & IFF_UP) && 2075 (ifp->if_drv_flags & RUN_RUNNING)){ 2076 run_init_locked(sc); 2077 } 2078 #endif 2079 2080 RUN_UNLOCK(sc); 2081 2082 return (0); 2083 } 2084 2085 static int 2086 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2087 { 2088 const struct ieee80211_txparam *tp; 2089 struct ieee80211com *ic = vap->iv_ic; 2090 struct run_softc *sc = ic->ic_softc; 2091 struct run_vap *rvp = RUN_VAP(vap); 2092 enum ieee80211_state ostate; 2093 uint32_t sta[3]; 2094 uint32_t tmp; 2095 uint8_t ratectl; 2096 uint8_t restart_ratectl = 0; 2097 uint8_t bid = 1 << rvp->rvp_id; 2098 2099 ostate = vap->iv_state; 2100 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2101 ieee80211_state_name[ostate], 2102 ieee80211_state_name[nstate]); 2103 2104 IEEE80211_UNLOCK(ic); 2105 RUN_LOCK(sc); 2106 2107 ratectl = sc->ratectl_run; /* remember current state */ 2108 sc->ratectl_run = RUN_RATECTL_OFF; 2109 usb_callout_stop(&sc->ratectl_ch); 2110 2111 if (ostate == IEEE80211_S_RUN) { 2112 /* turn link LED off */ 2113 run_set_leds(sc, RT2860_LED_RADIO); 2114 } 2115 2116 switch (nstate) { 2117 case IEEE80211_S_INIT: 2118 restart_ratectl = 1; 2119 2120 if (ostate != IEEE80211_S_RUN) 2121 break; 2122 2123 ratectl &= ~bid; 2124 sc->runbmap &= ~bid; 2125 2126 /* abort TSF synchronization if there is no vap running */ 2127 if (--sc->running == 0) { 2128 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2129 run_write(sc, RT2860_BCN_TIME_CFG, 2130 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2131 RT2860_TBTT_TIMER_EN)); 2132 } 2133 break; 2134 2135 case IEEE80211_S_RUN: 2136 if (!(sc->runbmap & bid)) { 2137 if(sc->running++) 2138 restart_ratectl = 1; 2139 sc->runbmap |= bid; 2140 } 2141 2142 m_freem(rvp->beacon_mbuf); 2143 rvp->beacon_mbuf = NULL; 2144 2145 switch (vap->iv_opmode) { 2146 case IEEE80211_M_HOSTAP: 2147 case IEEE80211_M_MBSS: 2148 sc->ap_running |= bid; 2149 ic->ic_opmode = vap->iv_opmode; 2150 run_update_beacon_cb(vap); 2151 break; 2152 case IEEE80211_M_IBSS: 2153 sc->adhoc_running |= bid; 2154 if (!sc->ap_running) 2155 ic->ic_opmode = vap->iv_opmode; 2156 run_update_beacon_cb(vap); 2157 break; 2158 case IEEE80211_M_STA: 2159 sc->sta_running |= bid; 2160 if (!sc->ap_running && !sc->adhoc_running) 2161 ic->ic_opmode = vap->iv_opmode; 2162 2163 /* read statistic counters (clear on read) */ 2164 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2165 (uint8_t *)sta, sizeof sta); 2166 2167 break; 2168 default: 2169 ic->ic_opmode = vap->iv_opmode; 2170 break; 2171 } 2172 2173 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2174 struct ieee80211_node *ni; 2175 2176 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2177 RUN_UNLOCK(sc); 2178 IEEE80211_LOCK(ic); 2179 return (-1); 2180 } 2181 run_updateslot(ic); 2182 run_enable_mrr(sc); 2183 run_set_txpreamble(sc); 2184 run_set_basicrates(sc); 2185 ni = ieee80211_ref_node(vap->iv_bss); 2186 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2187 run_set_bssid(sc, sc->sc_bssid); 2188 ieee80211_free_node(ni); 2189 run_enable_tsf_sync(sc); 2190 2191 /* enable automatic rate adaptation */ 2192 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2193 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2194 ratectl |= bid; 2195 } else 2196 run_enable_tsf(sc); 2197 2198 /* turn link LED on */ 2199 run_set_leds(sc, RT2860_LED_RADIO | 2200 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2201 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2202 2203 break; 2204 default: 2205 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2206 break; 2207 } 2208 2209 /* restart amrr for running VAPs */ 2210 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2211 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2212 2213 RUN_UNLOCK(sc); 2214 IEEE80211_LOCK(ic); 2215 2216 return(rvp->newstate(vap, nstate, arg)); 2217 } 2218 2219 static int 2220 run_wme_update(struct ieee80211com *ic) 2221 { 2222 struct chanAccParams chp; 2223 struct run_softc *sc = ic->ic_softc; 2224 const struct wmeParams *ac; 2225 int aci, error = 0; 2226 2227 ieee80211_wme_ic_getparams(ic, &chp); 2228 ac = chp.cap_wmeParams; 2229 2230 /* update MAC TX configuration registers */ 2231 RUN_LOCK(sc); 2232 for (aci = 0; aci < WME_NUM_AC; aci++) { 2233 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2234 ac[aci].wmep_logcwmax << 16 | 2235 ac[aci].wmep_logcwmin << 12 | 2236 ac[aci].wmep_aifsn << 8 | 2237 ac[aci].wmep_txopLimit); 2238 if (error) goto err; 2239 } 2240 2241 /* update SCH/DMA registers too */ 2242 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2243 ac[WME_AC_VO].wmep_aifsn << 12 | 2244 ac[WME_AC_VI].wmep_aifsn << 8 | 2245 ac[WME_AC_BK].wmep_aifsn << 4 | 2246 ac[WME_AC_BE].wmep_aifsn); 2247 if (error) goto err; 2248 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2249 ac[WME_AC_VO].wmep_logcwmin << 12 | 2250 ac[WME_AC_VI].wmep_logcwmin << 8 | 2251 ac[WME_AC_BK].wmep_logcwmin << 4 | 2252 ac[WME_AC_BE].wmep_logcwmin); 2253 if (error) goto err; 2254 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2255 ac[WME_AC_VO].wmep_logcwmax << 12 | 2256 ac[WME_AC_VI].wmep_logcwmax << 8 | 2257 ac[WME_AC_BK].wmep_logcwmax << 4 | 2258 ac[WME_AC_BE].wmep_logcwmax); 2259 if (error) goto err; 2260 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2261 ac[WME_AC_BK].wmep_txopLimit << 16 | 2262 ac[WME_AC_BE].wmep_txopLimit); 2263 if (error) goto err; 2264 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2265 ac[WME_AC_VO].wmep_txopLimit << 16 | 2266 ac[WME_AC_VI].wmep_txopLimit); 2267 2268 err: 2269 RUN_UNLOCK(sc); 2270 if (error) 2271 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2272 2273 return (error); 2274 } 2275 2276 static void 2277 run_key_set_cb(void *arg) 2278 { 2279 struct run_cmdq *cmdq = arg; 2280 struct ieee80211vap *vap = cmdq->arg1; 2281 struct ieee80211_key *k = cmdq->k; 2282 struct ieee80211com *ic = vap->iv_ic; 2283 struct run_softc *sc = ic->ic_softc; 2284 struct ieee80211_node *ni; 2285 u_int cipher = k->wk_cipher->ic_cipher; 2286 uint32_t attr; 2287 uint16_t base, associd; 2288 uint8_t mode, wcid, iv[8]; 2289 2290 RUN_LOCK_ASSERT(sc, MA_OWNED); 2291 2292 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2293 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2294 else 2295 ni = vap->iv_bss; 2296 associd = (ni != NULL) ? ni->ni_associd : 0; 2297 2298 /* map net80211 cipher to RT2860 security mode */ 2299 switch (cipher) { 2300 case IEEE80211_CIPHER_WEP: 2301 if(k->wk_keylen < 8) 2302 mode = RT2860_MODE_WEP40; 2303 else 2304 mode = RT2860_MODE_WEP104; 2305 break; 2306 case IEEE80211_CIPHER_TKIP: 2307 mode = RT2860_MODE_TKIP; 2308 break; 2309 case IEEE80211_CIPHER_AES_CCM: 2310 mode = RT2860_MODE_AES_CCMP; 2311 break; 2312 default: 2313 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2314 return; 2315 } 2316 2317 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2318 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2319 associd, k->wk_keyix, mode, 2320 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2321 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2322 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2323 2324 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2325 wcid = 0; /* NB: update WCID0 for group keys */ 2326 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2327 } else { 2328 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2329 1 : RUN_AID2WCID(associd); 2330 base = RT2860_PKEY(wcid); 2331 } 2332 2333 if (cipher == IEEE80211_CIPHER_TKIP) { 2334 if(run_write_region_1(sc, base, k->wk_key, 16)) 2335 return; 2336 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2337 return; 2338 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2339 return; 2340 } else { 2341 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2342 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2343 return; 2344 } 2345 2346 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2347 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2348 /* set initial packet number in IV+EIV */ 2349 if (cipher == IEEE80211_CIPHER_WEP) { 2350 memset(iv, 0, sizeof iv); 2351 iv[3] = vap->iv_def_txkey << 6; 2352 } else { 2353 if (cipher == IEEE80211_CIPHER_TKIP) { 2354 iv[0] = k->wk_keytsc >> 8; 2355 iv[1] = (iv[0] | 0x20) & 0x7f; 2356 iv[2] = k->wk_keytsc; 2357 } else /* CCMP */ { 2358 iv[0] = k->wk_keytsc; 2359 iv[1] = k->wk_keytsc >> 8; 2360 iv[2] = 0; 2361 } 2362 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2363 iv[4] = k->wk_keytsc >> 16; 2364 iv[5] = k->wk_keytsc >> 24; 2365 iv[6] = k->wk_keytsc >> 32; 2366 iv[7] = k->wk_keytsc >> 40; 2367 } 2368 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2369 return; 2370 } 2371 2372 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2373 /* install group key */ 2374 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2375 return; 2376 attr &= ~(0xf << (k->wk_keyix * 4)); 2377 attr |= mode << (k->wk_keyix * 4); 2378 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2379 return; 2380 } else { 2381 /* install pairwise key */ 2382 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2383 return; 2384 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2385 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2386 return; 2387 } 2388 2389 /* TODO create a pass-thru key entry? */ 2390 2391 /* need wcid to delete the right key later */ 2392 k->wk_pad = wcid; 2393 } 2394 2395 /* 2396 * Don't have to be deferred, but in order to keep order of 2397 * execution, i.e. with run_key_delete(), defer this and let 2398 * run_cmdq_cb() maintain the order. 2399 * 2400 * return 0 on error 2401 */ 2402 static int 2403 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2404 { 2405 struct ieee80211com *ic = vap->iv_ic; 2406 struct run_softc *sc = ic->ic_softc; 2407 uint32_t i; 2408 2409 i = RUN_CMDQ_GET(&sc->cmdq_store); 2410 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2411 sc->cmdq[i].func = run_key_set_cb; 2412 sc->cmdq[i].arg0 = NULL; 2413 sc->cmdq[i].arg1 = vap; 2414 sc->cmdq[i].k = k; 2415 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2416 ieee80211_runtask(ic, &sc->cmdq_task); 2417 2418 /* 2419 * To make sure key will be set when hostapd 2420 * calls iv_key_set() before if_init(). 2421 */ 2422 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2423 RUN_LOCK(sc); 2424 sc->cmdq_key_set = RUN_CMDQ_GO; 2425 RUN_UNLOCK(sc); 2426 } 2427 2428 return (1); 2429 } 2430 2431 /* 2432 * If wlan is destroyed without being brought down i.e. without 2433 * wlan down or wpa_cli terminate, this function is called after 2434 * vap is gone. Don't refer it. 2435 */ 2436 static void 2437 run_key_delete_cb(void *arg) 2438 { 2439 struct run_cmdq *cmdq = arg; 2440 struct run_softc *sc = cmdq->arg1; 2441 struct ieee80211_key *k = &cmdq->key; 2442 uint32_t attr; 2443 uint8_t wcid; 2444 2445 RUN_LOCK_ASSERT(sc, MA_OWNED); 2446 2447 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2448 /* remove group key */ 2449 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2450 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2451 attr &= ~(0xf << (k->wk_keyix * 4)); 2452 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2453 } else { 2454 /* remove pairwise key */ 2455 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2456 "removing key for wcid %x\n", k->wk_pad); 2457 /* matching wcid was written to wk_pad in run_key_set() */ 2458 wcid = k->wk_pad; 2459 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2460 attr &= ~0xf; 2461 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2462 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2463 } 2464 2465 k->wk_pad = 0; 2466 } 2467 2468 /* 2469 * return 0 on error 2470 */ 2471 static int 2472 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2473 { 2474 struct ieee80211com *ic = vap->iv_ic; 2475 struct run_softc *sc = ic->ic_softc; 2476 struct ieee80211_key *k0; 2477 uint32_t i; 2478 2479 /* 2480 * When called back, key might be gone. So, make a copy 2481 * of some values need to delete keys before deferring. 2482 * But, because of LOR with node lock, cannot use lock here. 2483 * So, use atomic instead. 2484 */ 2485 i = RUN_CMDQ_GET(&sc->cmdq_store); 2486 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2487 sc->cmdq[i].func = run_key_delete_cb; 2488 sc->cmdq[i].arg0 = NULL; 2489 sc->cmdq[i].arg1 = sc; 2490 k0 = &sc->cmdq[i].key; 2491 k0->wk_flags = k->wk_flags; 2492 k0->wk_keyix = k->wk_keyix; 2493 /* matching wcid was written to wk_pad in run_key_set() */ 2494 k0->wk_pad = k->wk_pad; 2495 ieee80211_runtask(ic, &sc->cmdq_task); 2496 return (1); /* return fake success */ 2497 2498 } 2499 2500 static void 2501 run_ratectl_to(void *arg) 2502 { 2503 struct run_softc *sc = arg; 2504 2505 /* do it in a process context, so it can go sleep */ 2506 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2507 /* next timeout will be rescheduled in the callback task */ 2508 } 2509 2510 /* ARGSUSED */ 2511 static void 2512 run_ratectl_cb(void *arg, int pending) 2513 { 2514 struct run_softc *sc = arg; 2515 struct ieee80211com *ic = &sc->sc_ic; 2516 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2517 2518 if (vap == NULL) 2519 return; 2520 2521 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2522 /* 2523 * run_reset_livelock() doesn't do anything with AMRR, 2524 * but Ralink wants us to call it every 1 sec. So, we 2525 * piggyback here rather than creating another callout. 2526 * Livelock may occur only in HOSTAP or IBSS mode 2527 * (when h/w is sending beacons). 2528 */ 2529 RUN_LOCK(sc); 2530 run_reset_livelock(sc); 2531 /* just in case, there are some stats to drain */ 2532 run_drain_fifo(sc); 2533 RUN_UNLOCK(sc); 2534 } 2535 2536 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2537 2538 RUN_LOCK(sc); 2539 if(sc->ratectl_run != RUN_RATECTL_OFF) 2540 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2541 RUN_UNLOCK(sc); 2542 } 2543 2544 static void 2545 run_drain_fifo(void *arg) 2546 { 2547 struct run_softc *sc = arg; 2548 uint32_t stat; 2549 uint16_t (*wstat)[3]; 2550 uint8_t wcid, mcs, pid; 2551 int8_t retry; 2552 2553 RUN_LOCK_ASSERT(sc, MA_OWNED); 2554 2555 for (;;) { 2556 /* drain Tx status FIFO (maxsize = 16) */ 2557 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2558 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2559 if (!(stat & RT2860_TXQ_VLD)) 2560 break; 2561 2562 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2563 2564 /* if no ACK was requested, no feedback is available */ 2565 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2566 wcid == 0) 2567 continue; 2568 2569 /* 2570 * Even though each stat is Tx-complete-status like format, 2571 * the device can poll stats. Because there is no guarantee 2572 * that the referring node is still around when read the stats. 2573 * So that, if we use ieee80211_ratectl_tx_update(), we will 2574 * have hard time not to refer already freed node. 2575 * 2576 * To eliminate such page faults, we poll stats in softc. 2577 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2578 */ 2579 wstat = &(sc->wcid_stats[wcid]); 2580 (*wstat)[RUN_TXCNT]++; 2581 if (stat & RT2860_TXQ_OK) 2582 (*wstat)[RUN_SUCCESS]++; 2583 else 2584 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2585 /* 2586 * Check if there were retries, ie if the Tx success rate is 2587 * different from the requested rate. Note that it works only 2588 * because we do not allow rate fallback from OFDM to CCK. 2589 */ 2590 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2591 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2592 if ((retry = pid -1 - mcs) > 0) { 2593 (*wstat)[RUN_TXCNT] += retry; 2594 (*wstat)[RUN_RETRY] += retry; 2595 } 2596 } 2597 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2598 2599 sc->fifo_cnt = 0; 2600 } 2601 2602 static void 2603 run_iter_func(void *arg, struct ieee80211_node *ni) 2604 { 2605 struct run_softc *sc = arg; 2606 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2607 struct ieee80211vap *vap = ni->ni_vap; 2608 struct run_node *rn = RUN_NODE(ni); 2609 union run_stats sta[2]; 2610 uint16_t (*wstat)[3]; 2611 int error; 2612 2613 RUN_LOCK(sc); 2614 2615 /* Check for special case */ 2616 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2617 ni != vap->iv_bss) 2618 goto fail; 2619 2620 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2621 IEEE80211_RATECTL_TX_STATS_RETRIES; 2622 txs->ni = ni; 2623 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2624 vap->iv_opmode == IEEE80211_M_STA)) { 2625 /* read statistic counters (clear on read) and update AMRR state */ 2626 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2627 sizeof sta); 2628 if (error != 0) 2629 goto fail; 2630 2631 /* count failed TX as errors */ 2632 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2633 le16toh(sta[0].error.fail)); 2634 2635 txs->nretries = le16toh(sta[1].tx.retry); 2636 txs->nsuccess = le16toh(sta[1].tx.success); 2637 /* nretries??? */ 2638 txs->nframes = txs->nretries + txs->nsuccess + 2639 le16toh(sta[0].error.fail); 2640 2641 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2642 "retrycnt=%d success=%d failcnt=%d\n", 2643 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2644 } else { 2645 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2646 2647 if (wstat == &(sc->wcid_stats[0]) || 2648 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2649 goto fail; 2650 2651 txs->nretries = (*wstat)[RUN_RETRY]; 2652 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2653 txs->nframes = (*wstat)[RUN_TXCNT]; 2654 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2655 "retrycnt=%d txcnt=%d success=%d\n", 2656 txs->nretries, txs->nframes, txs->nsuccess); 2657 2658 memset(wstat, 0, sizeof(*wstat)); 2659 } 2660 2661 ieee80211_ratectl_tx_update(vap, txs); 2662 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2663 2664 fail: 2665 RUN_UNLOCK(sc); 2666 2667 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2668 } 2669 2670 static void 2671 run_newassoc_cb(void *arg) 2672 { 2673 struct run_cmdq *cmdq = arg; 2674 struct ieee80211_node *ni = cmdq->arg1; 2675 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2676 uint8_t wcid = cmdq->wcid; 2677 2678 RUN_LOCK_ASSERT(sc, MA_OWNED); 2679 2680 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2681 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2682 2683 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2684 } 2685 2686 static void 2687 run_newassoc(struct ieee80211_node *ni, int isnew) 2688 { 2689 struct run_node *rn = RUN_NODE(ni); 2690 struct ieee80211_rateset *rs = &ni->ni_rates; 2691 struct ieee80211vap *vap = ni->ni_vap; 2692 struct ieee80211com *ic = vap->iv_ic; 2693 struct run_softc *sc = ic->ic_softc; 2694 uint8_t rate; 2695 uint8_t ridx; 2696 uint8_t wcid; 2697 int i, j; 2698 2699 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2700 1 : RUN_AID2WCID(ni->ni_associd); 2701 2702 if (wcid > RT2870_WCID_MAX) { 2703 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2704 return; 2705 } 2706 2707 /* only interested in true associations */ 2708 if (isnew && ni->ni_associd != 0) { 2709 2710 /* 2711 * This function could is called though timeout function. 2712 * Need to defer. 2713 */ 2714 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2715 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2716 sc->cmdq[cnt].func = run_newassoc_cb; 2717 sc->cmdq[cnt].arg0 = NULL; 2718 sc->cmdq[cnt].arg1 = ni; 2719 sc->cmdq[cnt].wcid = wcid; 2720 ieee80211_runtask(ic, &sc->cmdq_task); 2721 } 2722 2723 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2724 "new assoc isnew=%d associd=%x addr=%s\n", 2725 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2726 2727 for (i = 0; i < rs->rs_nrates; i++) { 2728 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2729 /* convert 802.11 rate to hardware rate index */ 2730 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2731 if (rt2860_rates[ridx].rate == rate) 2732 break; 2733 rn->ridx[i] = ridx; 2734 /* determine rate of control response frames */ 2735 for (j = i; j >= 0; j--) { 2736 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2737 rt2860_rates[rn->ridx[i]].phy == 2738 rt2860_rates[rn->ridx[j]].phy) 2739 break; 2740 } 2741 if (j >= 0) { 2742 rn->ctl_ridx[i] = rn->ridx[j]; 2743 } else { 2744 /* no basic rate found, use mandatory one */ 2745 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2746 } 2747 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2748 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2749 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2750 } 2751 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2752 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2753 if (rt2860_rates[ridx].rate == rate) 2754 break; 2755 rn->mgt_ridx = ridx; 2756 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2757 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2758 2759 RUN_LOCK(sc); 2760 if(sc->ratectl_run != RUN_RATECTL_OFF) 2761 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2762 RUN_UNLOCK(sc); 2763 } 2764 2765 /* 2766 * Return the Rx chain with the highest RSSI for a given frame. 2767 */ 2768 static __inline uint8_t 2769 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2770 { 2771 uint8_t rxchain = 0; 2772 2773 if (sc->nrxchains > 1) { 2774 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2775 rxchain = 1; 2776 if (sc->nrxchains > 2) 2777 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2778 rxchain = 2; 2779 } 2780 return (rxchain); 2781 } 2782 2783 static void 2784 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2785 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2786 { 2787 struct ieee80211vap *vap = ni->ni_vap; 2788 struct run_softc *sc = vap->iv_ic->ic_softc; 2789 struct run_vap *rvp = RUN_VAP(vap); 2790 uint64_t ni_tstamp, rx_tstamp; 2791 2792 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2793 2794 if (vap->iv_state == IEEE80211_S_RUN && 2795 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2796 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2797 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2798 RUN_LOCK(sc); 2799 run_get_tsf(sc, &rx_tstamp); 2800 RUN_UNLOCK(sc); 2801 rx_tstamp = le64toh(rx_tstamp); 2802 2803 if (ni_tstamp >= rx_tstamp) { 2804 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2805 "ibss merge, tsf %ju tstamp %ju\n", 2806 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2807 (void) ieee80211_ibss_merge(ni); 2808 } 2809 } 2810 } 2811 2812 static void 2813 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2814 { 2815 struct ieee80211com *ic = &sc->sc_ic; 2816 struct ieee80211_frame *wh; 2817 struct ieee80211_node *ni; 2818 struct rt2870_rxd *rxd; 2819 struct rt2860_rxwi *rxwi; 2820 uint32_t flags; 2821 uint16_t len, rxwisize; 2822 uint8_t ant, rssi; 2823 int8_t nf; 2824 2825 rxwi = mtod(m, struct rt2860_rxwi *); 2826 len = le16toh(rxwi->len) & 0xfff; 2827 rxwisize = sizeof(struct rt2860_rxwi); 2828 if (sc->mac_ver == 0x5592) 2829 rxwisize += sizeof(uint64_t); 2830 else if (sc->mac_ver == 0x3593) 2831 rxwisize += sizeof(uint32_t); 2832 if (__predict_false(len > dmalen)) { 2833 m_freem(m); 2834 counter_u64_add(ic->ic_ierrors, 1); 2835 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2836 "bad RXWI length %u > %u\n", len, dmalen); 2837 return; 2838 } 2839 /* Rx descriptor is located at the end */ 2840 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2841 flags = le32toh(rxd->flags); 2842 2843 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2844 m_freem(m); 2845 counter_u64_add(ic->ic_ierrors, 1); 2846 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2847 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2848 return; 2849 } 2850 2851 m->m_data += rxwisize; 2852 m->m_pkthdr.len = m->m_len -= rxwisize; 2853 2854 wh = mtod(m, struct ieee80211_frame *); 2855 2856 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2857 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2858 m->m_flags |= M_WEP; 2859 } 2860 2861 if (flags & RT2860_RX_L2PAD) { 2862 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2863 "received RT2860_RX_L2PAD frame\n"); 2864 len += 2; 2865 } 2866 2867 ni = ieee80211_find_rxnode(ic, 2868 mtod(m, struct ieee80211_frame_min *)); 2869 2870 if (__predict_false(flags & RT2860_RX_MICERR)) { 2871 /* report MIC failures to net80211 for TKIP */ 2872 if (ni != NULL) 2873 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2874 rxwi->keyidx); 2875 m_freem(m); 2876 counter_u64_add(ic->ic_ierrors, 1); 2877 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2878 "MIC error. Someone is lying.\n"); 2879 return; 2880 } 2881 2882 ant = run_maxrssi_chain(sc, rxwi); 2883 rssi = rxwi->rssi[ant]; 2884 nf = run_rssi2dbm(sc, rssi, ant); 2885 2886 m->m_pkthdr.len = m->m_len = len; 2887 2888 if (__predict_false(ieee80211_radiotap_active(ic))) { 2889 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2890 uint16_t phy; 2891 2892 tap->wr_flags = 0; 2893 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2894 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2895 tap->wr_antsignal = rssi; 2896 tap->wr_antenna = ant; 2897 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2898 tap->wr_rate = 2; /* in case it can't be found below */ 2899 RUN_LOCK(sc); 2900 run_get_tsf(sc, &tap->wr_tsf); 2901 RUN_UNLOCK(sc); 2902 phy = le16toh(rxwi->phy); 2903 switch (phy & RT2860_PHY_MODE) { 2904 case RT2860_PHY_CCK: 2905 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2906 case 0: tap->wr_rate = 2; break; 2907 case 1: tap->wr_rate = 4; break; 2908 case 2: tap->wr_rate = 11; break; 2909 case 3: tap->wr_rate = 22; break; 2910 } 2911 if (phy & RT2860_PHY_SHPRE) 2912 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2913 break; 2914 case RT2860_PHY_OFDM: 2915 switch (phy & RT2860_PHY_MCS) { 2916 case 0: tap->wr_rate = 12; break; 2917 case 1: tap->wr_rate = 18; break; 2918 case 2: tap->wr_rate = 24; break; 2919 case 3: tap->wr_rate = 36; break; 2920 case 4: tap->wr_rate = 48; break; 2921 case 5: tap->wr_rate = 72; break; 2922 case 6: tap->wr_rate = 96; break; 2923 case 7: tap->wr_rate = 108; break; 2924 } 2925 break; 2926 } 2927 } 2928 2929 if (ni != NULL) { 2930 (void)ieee80211_input(ni, m, rssi, nf); 2931 ieee80211_free_node(ni); 2932 } else { 2933 (void)ieee80211_input_all(ic, m, rssi, nf); 2934 } 2935 } 2936 2937 static void 2938 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2939 { 2940 struct run_softc *sc = usbd_xfer_softc(xfer); 2941 struct ieee80211com *ic = &sc->sc_ic; 2942 struct mbuf *m = NULL; 2943 struct mbuf *m0; 2944 uint32_t dmalen; 2945 uint16_t rxwisize; 2946 int xferlen; 2947 2948 rxwisize = sizeof(struct rt2860_rxwi); 2949 if (sc->mac_ver == 0x5592) 2950 rxwisize += sizeof(uint64_t); 2951 else if (sc->mac_ver == 0x3593) 2952 rxwisize += sizeof(uint32_t); 2953 2954 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2955 2956 switch (USB_GET_STATE(xfer)) { 2957 case USB_ST_TRANSFERRED: 2958 2959 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2960 "rx done, actlen=%d\n", xferlen); 2961 2962 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2963 sizeof(struct rt2870_rxd))) { 2964 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2965 "xfer too short %d\n", xferlen); 2966 goto tr_setup; 2967 } 2968 2969 m = sc->rx_m; 2970 sc->rx_m = NULL; 2971 2972 /* FALLTHROUGH */ 2973 case USB_ST_SETUP: 2974 tr_setup: 2975 if (sc->rx_m == NULL) { 2976 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2977 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2978 } 2979 if (sc->rx_m == NULL) { 2980 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2981 "could not allocate mbuf - idle with stall\n"); 2982 counter_u64_add(ic->ic_ierrors, 1); 2983 usbd_xfer_set_stall(xfer); 2984 usbd_xfer_set_frames(xfer, 0); 2985 } else { 2986 /* 2987 * Directly loading a mbuf cluster into DMA to 2988 * save some data copying. This works because 2989 * there is only one cluster. 2990 */ 2991 usbd_xfer_set_frame_data(xfer, 0, 2992 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2993 usbd_xfer_set_frames(xfer, 1); 2994 } 2995 usbd_transfer_submit(xfer); 2996 break; 2997 2998 default: /* Error */ 2999 if (error != USB_ERR_CANCELLED) { 3000 /* try to clear stall first */ 3001 usbd_xfer_set_stall(xfer); 3002 if (error == USB_ERR_TIMEOUT) 3003 device_printf(sc->sc_dev, "device timeout\n"); 3004 counter_u64_add(ic->ic_ierrors, 1); 3005 goto tr_setup; 3006 } 3007 if (sc->rx_m != NULL) { 3008 m_freem(sc->rx_m); 3009 sc->rx_m = NULL; 3010 } 3011 break; 3012 } 3013 3014 if (m == NULL) 3015 return; 3016 3017 /* inputting all the frames must be last */ 3018 3019 RUN_UNLOCK(sc); 3020 3021 m->m_pkthdr.len = m->m_len = xferlen; 3022 3023 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3024 for(;;) { 3025 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3026 3027 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3028 ((dmalen & 3) != 0)) { 3029 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3030 "bad DMA length %u\n", dmalen); 3031 break; 3032 } 3033 if ((dmalen + 8) > (uint32_t)xferlen) { 3034 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3035 "bad DMA length %u > %d\n", 3036 dmalen + 8, xferlen); 3037 break; 3038 } 3039 3040 /* If it is the last one or a single frame, we won't copy. */ 3041 if ((xferlen -= dmalen + 8) <= 8) { 3042 /* trim 32-bit DMA-len header */ 3043 m->m_data += 4; 3044 m->m_pkthdr.len = m->m_len -= 4; 3045 run_rx_frame(sc, m, dmalen); 3046 m = NULL; /* don't free source buffer */ 3047 break; 3048 } 3049 3050 /* copy aggregated frames to another mbuf */ 3051 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3052 if (__predict_false(m0 == NULL)) { 3053 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3054 "could not allocate mbuf\n"); 3055 counter_u64_add(ic->ic_ierrors, 1); 3056 break; 3057 } 3058 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3059 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3060 m0->m_pkthdr.len = m0->m_len = 3061 dmalen + sizeof(struct rt2870_rxd); 3062 run_rx_frame(sc, m0, dmalen); 3063 3064 /* update data ptr */ 3065 m->m_data += dmalen + 8; 3066 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3067 } 3068 3069 /* make sure we free the source buffer, if any */ 3070 m_freem(m); 3071 3072 RUN_LOCK(sc); 3073 } 3074 3075 static void 3076 run_tx_free(struct run_endpoint_queue *pq, 3077 struct run_tx_data *data, int txerr) 3078 { 3079 3080 ieee80211_tx_complete(data->ni, data->m, txerr); 3081 3082 data->m = NULL; 3083 data->ni = NULL; 3084 3085 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3086 pq->tx_nfree++; 3087 } 3088 3089 static void 3090 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3091 { 3092 struct run_softc *sc = usbd_xfer_softc(xfer); 3093 struct ieee80211com *ic = &sc->sc_ic; 3094 struct run_tx_data *data; 3095 struct ieee80211vap *vap = NULL; 3096 struct usb_page_cache *pc; 3097 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3098 struct mbuf *m; 3099 usb_frlength_t size; 3100 int actlen; 3101 int sumlen; 3102 3103 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3104 3105 switch (USB_GET_STATE(xfer)) { 3106 case USB_ST_TRANSFERRED: 3107 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3108 "transfer complete: %d bytes @ index %d\n", actlen, index); 3109 3110 data = usbd_xfer_get_priv(xfer); 3111 run_tx_free(pq, data, 0); 3112 usbd_xfer_set_priv(xfer, NULL); 3113 3114 /* FALLTHROUGH */ 3115 case USB_ST_SETUP: 3116 tr_setup: 3117 data = STAILQ_FIRST(&pq->tx_qh); 3118 if (data == NULL) 3119 break; 3120 3121 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3122 3123 m = data->m; 3124 size = (sc->mac_ver == 0x5592) ? 3125 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3126 if ((m->m_pkthdr.len + 3127 size + 3 + 8) > RUN_MAX_TXSZ) { 3128 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3129 "data overflow, %u bytes\n", m->m_pkthdr.len); 3130 run_tx_free(pq, data, 1); 3131 goto tr_setup; 3132 } 3133 3134 pc = usbd_xfer_get_frame(xfer, 0); 3135 usbd_copy_in(pc, 0, &data->desc, size); 3136 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3137 size += m->m_pkthdr.len; 3138 /* 3139 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3140 * 4-byte padding), and be sure to zero those trailing 3141 * bytes: 3142 */ 3143 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3144 size += ((-size) & 3) + 8; 3145 3146 vap = data->ni->ni_vap; 3147 if (ieee80211_radiotap_active_vap(vap)) { 3148 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3149 struct rt2860_txwi *txwi = 3150 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3151 tap->wt_flags = 0; 3152 tap->wt_rate = rt2860_rates[data->ridx].rate; 3153 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3154 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3155 tap->wt_hwqueue = index; 3156 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3157 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3158 3159 ieee80211_radiotap_tx(vap, m); 3160 } 3161 3162 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3163 "sending frame len=%u/%u @ index %d\n", 3164 m->m_pkthdr.len, size, index); 3165 3166 usbd_xfer_set_frame_len(xfer, 0, size); 3167 usbd_xfer_set_priv(xfer, data); 3168 usbd_transfer_submit(xfer); 3169 run_start(sc); 3170 3171 break; 3172 3173 default: 3174 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3175 "USB transfer error, %s\n", usbd_errstr(error)); 3176 3177 data = usbd_xfer_get_priv(xfer); 3178 3179 if (data != NULL) { 3180 if(data->ni != NULL) 3181 vap = data->ni->ni_vap; 3182 run_tx_free(pq, data, error); 3183 usbd_xfer_set_priv(xfer, NULL); 3184 } 3185 3186 if (vap == NULL) 3187 vap = TAILQ_FIRST(&ic->ic_vaps); 3188 3189 if (error != USB_ERR_CANCELLED) { 3190 if (error == USB_ERR_TIMEOUT) { 3191 device_printf(sc->sc_dev, "device timeout\n"); 3192 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3193 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3194 "cmdq_store=%d\n", i); 3195 sc->cmdq[i].func = run_usb_timeout_cb; 3196 sc->cmdq[i].arg0 = vap; 3197 ieee80211_runtask(ic, &sc->cmdq_task); 3198 } 3199 3200 /* 3201 * Try to clear stall first, also if other 3202 * errors occur, hence clearing stall 3203 * introduces a 50 ms delay: 3204 */ 3205 usbd_xfer_set_stall(xfer); 3206 goto tr_setup; 3207 } 3208 break; 3209 } 3210 } 3211 3212 static void 3213 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3214 { 3215 run_bulk_tx_callbackN(xfer, error, 0); 3216 } 3217 3218 static void 3219 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3220 { 3221 run_bulk_tx_callbackN(xfer, error, 1); 3222 } 3223 3224 static void 3225 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3226 { 3227 run_bulk_tx_callbackN(xfer, error, 2); 3228 } 3229 3230 static void 3231 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3232 { 3233 run_bulk_tx_callbackN(xfer, error, 3); 3234 } 3235 3236 static void 3237 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3238 { 3239 run_bulk_tx_callbackN(xfer, error, 4); 3240 } 3241 3242 static void 3243 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3244 { 3245 run_bulk_tx_callbackN(xfer, error, 5); 3246 } 3247 3248 static void 3249 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3250 { 3251 struct mbuf *m = data->m; 3252 struct ieee80211com *ic = &sc->sc_ic; 3253 struct ieee80211vap *vap = data->ni->ni_vap; 3254 struct ieee80211_frame *wh; 3255 struct rt2870_txd *txd; 3256 struct rt2860_txwi *txwi; 3257 uint16_t xferlen, txwisize; 3258 uint16_t mcs; 3259 uint8_t ridx = data->ridx; 3260 uint8_t pad; 3261 3262 /* get MCS code from rate index */ 3263 mcs = rt2860_rates[ridx].mcs; 3264 3265 txwisize = (sc->mac_ver == 0x5592) ? 3266 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3267 xferlen = txwisize + m->m_pkthdr.len; 3268 3269 /* roundup to 32-bit alignment */ 3270 xferlen = (xferlen + 3) & ~3; 3271 3272 txd = (struct rt2870_txd *)&data->desc; 3273 txd->len = htole16(xferlen); 3274 3275 wh = mtod(m, struct ieee80211_frame *); 3276 3277 /* 3278 * Ether both are true or both are false, the header 3279 * are nicely aligned to 32-bit. So, no L2 padding. 3280 */ 3281 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3282 pad = 0; 3283 else 3284 pad = 2; 3285 3286 /* setup TX Wireless Information */ 3287 txwi = (struct rt2860_txwi *)(txd + 1); 3288 txwi->len = htole16(m->m_pkthdr.len - pad); 3289 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3290 mcs |= RT2860_PHY_CCK; 3291 if (ridx != RT2860_RIDX_CCK1 && 3292 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3293 mcs |= RT2860_PHY_SHPRE; 3294 } else 3295 mcs |= RT2860_PHY_OFDM; 3296 txwi->phy = htole16(mcs); 3297 3298 /* check if RTS/CTS or CTS-to-self protection is required */ 3299 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3300 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3301 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3302 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3303 txwi->txop |= RT2860_TX_TXOP_HT; 3304 else 3305 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3306 3307 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3308 txwi->xflags |= RT2860_TX_NSEQ; 3309 } 3310 3311 /* This function must be called locked */ 3312 static int 3313 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3314 { 3315 struct ieee80211com *ic = &sc->sc_ic; 3316 struct ieee80211vap *vap = ni->ni_vap; 3317 struct ieee80211_frame *wh; 3318 const struct ieee80211_txparam *tp = ni->ni_txparms; 3319 struct run_node *rn = RUN_NODE(ni); 3320 struct run_tx_data *data; 3321 struct rt2870_txd *txd; 3322 struct rt2860_txwi *txwi; 3323 uint16_t qos; 3324 uint16_t dur; 3325 uint16_t qid; 3326 uint8_t type; 3327 uint8_t tid; 3328 uint8_t ridx; 3329 uint8_t ctl_ridx; 3330 uint8_t qflags; 3331 uint8_t xflags = 0; 3332 int hasqos; 3333 3334 RUN_LOCK_ASSERT(sc, MA_OWNED); 3335 3336 wh = mtod(m, struct ieee80211_frame *); 3337 3338 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3339 3340 /* 3341 * There are 7 bulk endpoints: 1 for RX 3342 * and 6 for TX (4 EDCAs + HCCA + Prio). 3343 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3344 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3345 */ 3346 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3347 uint8_t *frm; 3348 3349 if(IEEE80211_HAS_ADDR4(wh)) 3350 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3351 else 3352 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3353 3354 qos = le16toh(*(const uint16_t *)frm); 3355 tid = qos & IEEE80211_QOS_TID; 3356 qid = TID_TO_WME_AC(tid); 3357 } else { 3358 qos = 0; 3359 tid = 0; 3360 qid = WME_AC_BE; 3361 } 3362 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3363 3364 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3365 qos, qid, tid, qflags); 3366 3367 /* pickup a rate index */ 3368 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3369 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3370 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3371 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3372 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3373 } else { 3374 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3375 ridx = rn->fix_ridx; 3376 else 3377 ridx = rn->amrr_ridx; 3378 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3379 } 3380 3381 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3382 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3383 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3384 xflags |= RT2860_TX_ACK; 3385 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3386 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3387 else 3388 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3389 USETW(wh->i_dur, dur); 3390 } 3391 3392 /* reserve slots for mgmt packets, just in case */ 3393 if (sc->sc_epq[qid].tx_nfree < 3) { 3394 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3395 return (-1); 3396 } 3397 3398 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3399 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3400 sc->sc_epq[qid].tx_nfree--; 3401 3402 txd = (struct rt2870_txd *)&data->desc; 3403 txd->flags = qflags; 3404 txwi = (struct rt2860_txwi *)(txd + 1); 3405 txwi->xflags = xflags; 3406 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3407 txwi->wcid = 0; 3408 else 3409 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3410 1 : RUN_AID2WCID(ni->ni_associd); 3411 3412 /* clear leftover garbage bits */ 3413 txwi->flags = 0; 3414 txwi->txop = 0; 3415 3416 data->m = m; 3417 data->ni = ni; 3418 data->ridx = ridx; 3419 3420 run_set_tx_desc(sc, data); 3421 3422 /* 3423 * The chip keeps track of 2 kind of Tx stats, 3424 * * TX_STAT_FIFO, for per WCID stats, and 3425 * * TX_STA_CNT0 for all-TX-in-one stats. 3426 * 3427 * To use FIFO stats, we need to store MCS into the driver-private 3428 * PacketID field. So that, we can tell whose stats when we read them. 3429 * We add 1 to the MCS because setting the PacketID field to 0 means 3430 * that we don't want feedback in TX_STAT_FIFO. 3431 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3432 * 3433 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3434 */ 3435 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3436 vap->iv_opmode == IEEE80211_M_MBSS) { 3437 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3438 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3439 3440 /* 3441 * Unlike PCI based devices, we don't get any interrupt from 3442 * USB devices, so we simulate FIFO-is-full interrupt here. 3443 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3444 * quickly get fulled. To prevent overflow, increment a counter on 3445 * every FIFO stat request, so we know how many slots are left. 3446 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3447 * are used only in those modes. 3448 * We just drain stats. AMRR gets updated every 1 sec by 3449 * run_ratectl_cb() via callout. 3450 * Call it early. Otherwise overflow. 3451 */ 3452 if (sc->fifo_cnt++ == 10) { 3453 /* 3454 * With multiple vaps or if_bridge, if_start() is called 3455 * with a non-sleepable lock, tcpinp. So, need to defer. 3456 */ 3457 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3458 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3459 sc->cmdq[i].func = run_drain_fifo; 3460 sc->cmdq[i].arg0 = sc; 3461 ieee80211_runtask(ic, &sc->cmdq_task); 3462 } 3463 } 3464 3465 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3466 3467 usbd_transfer_start(sc->sc_xfer[qid]); 3468 3469 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3470 "sending data frame len=%d rate=%d qid=%d\n", 3471 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3472 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3473 3474 return (0); 3475 } 3476 3477 static int 3478 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3479 { 3480 struct ieee80211com *ic = &sc->sc_ic; 3481 struct run_node *rn = RUN_NODE(ni); 3482 struct run_tx_data *data; 3483 struct ieee80211_frame *wh; 3484 struct rt2870_txd *txd; 3485 struct rt2860_txwi *txwi; 3486 uint16_t dur; 3487 uint8_t ridx = rn->mgt_ridx; 3488 uint8_t xflags = 0; 3489 uint8_t wflags = 0; 3490 3491 RUN_LOCK_ASSERT(sc, MA_OWNED); 3492 3493 wh = mtod(m, struct ieee80211_frame *); 3494 3495 /* tell hardware to add timestamp for probe responses */ 3496 if ((wh->i_fc[0] & 3497 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3498 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3499 wflags |= RT2860_TX_TS; 3500 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3501 xflags |= RT2860_TX_ACK; 3502 3503 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3504 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3505 USETW(wh->i_dur, dur); 3506 } 3507 3508 if (sc->sc_epq[0].tx_nfree == 0) 3509 /* let caller free mbuf */ 3510 return (EIO); 3511 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3512 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3513 sc->sc_epq[0].tx_nfree--; 3514 3515 txd = (struct rt2870_txd *)&data->desc; 3516 txd->flags = RT2860_TX_QSEL_EDCA; 3517 txwi = (struct rt2860_txwi *)(txd + 1); 3518 txwi->wcid = 0xff; 3519 txwi->flags = wflags; 3520 txwi->xflags = xflags; 3521 txwi->txop = 0; /* clear leftover garbage bits */ 3522 3523 data->m = m; 3524 data->ni = ni; 3525 data->ridx = ridx; 3526 3527 run_set_tx_desc(sc, data); 3528 3529 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3530 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3531 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3532 3533 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3534 3535 usbd_transfer_start(sc->sc_xfer[0]); 3536 3537 return (0); 3538 } 3539 3540 static int 3541 run_sendprot(struct run_softc *sc, 3542 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3543 { 3544 struct ieee80211com *ic = ni->ni_ic; 3545 struct run_tx_data *data; 3546 struct rt2870_txd *txd; 3547 struct rt2860_txwi *txwi; 3548 struct mbuf *mprot; 3549 int ridx; 3550 int protrate; 3551 uint8_t wflags = 0; 3552 uint8_t xflags = 0; 3553 3554 RUN_LOCK_ASSERT(sc, MA_OWNED); 3555 3556 /* check that there are free slots before allocating the mbuf */ 3557 if (sc->sc_epq[0].tx_nfree == 0) 3558 /* let caller free mbuf */ 3559 return (ENOBUFS); 3560 3561 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3562 if (mprot == NULL) { 3563 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3564 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3565 return (ENOBUFS); 3566 } 3567 3568 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3569 wflags = RT2860_TX_FRAG; 3570 xflags = 0; 3571 if (prot == IEEE80211_PROT_RTSCTS) 3572 xflags |= RT2860_TX_ACK; 3573 3574 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3575 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3576 sc->sc_epq[0].tx_nfree--; 3577 3578 txd = (struct rt2870_txd *)&data->desc; 3579 txd->flags = RT2860_TX_QSEL_EDCA; 3580 txwi = (struct rt2860_txwi *)(txd + 1); 3581 txwi->wcid = 0xff; 3582 txwi->flags = wflags; 3583 txwi->xflags = xflags; 3584 txwi->txop = 0; /* clear leftover garbage bits */ 3585 3586 data->m = mprot; 3587 data->ni = ieee80211_ref_node(ni); 3588 3589 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3590 if (rt2860_rates[ridx].rate == protrate) 3591 break; 3592 data->ridx = ridx; 3593 3594 run_set_tx_desc(sc, data); 3595 3596 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3597 m->m_pkthdr.len, rate); 3598 3599 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3600 3601 usbd_transfer_start(sc->sc_xfer[0]); 3602 3603 return (0); 3604 } 3605 3606 static int 3607 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3608 const struct ieee80211_bpf_params *params) 3609 { 3610 struct ieee80211com *ic = ni->ni_ic; 3611 struct run_tx_data *data; 3612 struct rt2870_txd *txd; 3613 struct rt2860_txwi *txwi; 3614 uint8_t ridx; 3615 uint8_t rate; 3616 uint8_t opflags = 0; 3617 uint8_t xflags = 0; 3618 int error; 3619 3620 RUN_LOCK_ASSERT(sc, MA_OWNED); 3621 3622 KASSERT(params != NULL, ("no raw xmit params")); 3623 3624 rate = params->ibp_rate0; 3625 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3626 /* let caller free mbuf */ 3627 return (EINVAL); 3628 } 3629 3630 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3631 xflags |= RT2860_TX_ACK; 3632 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3633 error = run_sendprot(sc, m, ni, 3634 params->ibp_flags & IEEE80211_BPF_RTS ? 3635 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3636 rate); 3637 if (error) { 3638 /* let caller free mbuf */ 3639 return error; 3640 } 3641 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3642 } 3643 3644 if (sc->sc_epq[0].tx_nfree == 0) { 3645 /* let caller free mbuf */ 3646 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3647 "sending raw frame, but tx ring is full\n"); 3648 return (EIO); 3649 } 3650 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3651 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3652 sc->sc_epq[0].tx_nfree--; 3653 3654 txd = (struct rt2870_txd *)&data->desc; 3655 txd->flags = RT2860_TX_QSEL_EDCA; 3656 txwi = (struct rt2860_txwi *)(txd + 1); 3657 txwi->wcid = 0xff; 3658 txwi->xflags = xflags; 3659 txwi->txop = opflags; 3660 txwi->flags = 0; /* clear leftover garbage bits */ 3661 3662 data->m = m; 3663 data->ni = ni; 3664 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3665 if (rt2860_rates[ridx].rate == rate) 3666 break; 3667 data->ridx = ridx; 3668 3669 run_set_tx_desc(sc, data); 3670 3671 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3672 m->m_pkthdr.len, rate); 3673 3674 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3675 3676 usbd_transfer_start(sc->sc_xfer[0]); 3677 3678 return (0); 3679 } 3680 3681 static int 3682 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3683 const struct ieee80211_bpf_params *params) 3684 { 3685 struct run_softc *sc = ni->ni_ic->ic_softc; 3686 int error = 0; 3687 3688 RUN_LOCK(sc); 3689 3690 /* prevent management frames from being sent if we're not ready */ 3691 if (!(sc->sc_flags & RUN_RUNNING)) { 3692 error = ENETDOWN; 3693 goto done; 3694 } 3695 3696 if (params == NULL) { 3697 /* tx mgt packet */ 3698 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3699 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3700 goto done; 3701 } 3702 } else { 3703 /* tx raw packet with param */ 3704 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3705 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3706 goto done; 3707 } 3708 } 3709 3710 done: 3711 RUN_UNLOCK(sc); 3712 3713 if (error != 0) { 3714 if(m != NULL) 3715 m_freem(m); 3716 } 3717 3718 return (error); 3719 } 3720 3721 static int 3722 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3723 { 3724 struct run_softc *sc = ic->ic_softc; 3725 int error; 3726 3727 RUN_LOCK(sc); 3728 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3729 RUN_UNLOCK(sc); 3730 return (ENXIO); 3731 } 3732 error = mbufq_enqueue(&sc->sc_snd, m); 3733 if (error) { 3734 RUN_UNLOCK(sc); 3735 return (error); 3736 } 3737 run_start(sc); 3738 RUN_UNLOCK(sc); 3739 3740 return (0); 3741 } 3742 3743 static void 3744 run_start(struct run_softc *sc) 3745 { 3746 struct ieee80211_node *ni; 3747 struct mbuf *m; 3748 3749 RUN_LOCK_ASSERT(sc, MA_OWNED); 3750 3751 if ((sc->sc_flags & RUN_RUNNING) == 0) 3752 return; 3753 3754 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3755 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3756 if (run_tx(sc, m, ni) != 0) { 3757 mbufq_prepend(&sc->sc_snd, m); 3758 break; 3759 } 3760 } 3761 } 3762 3763 static void 3764 run_parent(struct ieee80211com *ic) 3765 { 3766 struct run_softc *sc = ic->ic_softc; 3767 int startall = 0; 3768 3769 RUN_LOCK(sc); 3770 if (sc->sc_detached) { 3771 RUN_UNLOCK(sc); 3772 return; 3773 } 3774 3775 if (ic->ic_nrunning > 0) { 3776 if (!(sc->sc_flags & RUN_RUNNING)) { 3777 startall = 1; 3778 run_init_locked(sc); 3779 } else 3780 run_update_promisc_locked(sc); 3781 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3782 run_stop(sc); 3783 RUN_UNLOCK(sc); 3784 if (startall) 3785 ieee80211_start_all(ic); 3786 } 3787 3788 static void 3789 run_iq_calib(struct run_softc *sc, u_int chan) 3790 { 3791 uint16_t val; 3792 3793 /* Tx0 IQ gain. */ 3794 run_bbp_write(sc, 158, 0x2c); 3795 if (chan <= 14) 3796 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3797 else if (chan <= 64) { 3798 run_efuse_read(sc, 3799 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3800 &val, 1); 3801 } else if (chan <= 138) { 3802 run_efuse_read(sc, 3803 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3804 &val, 1); 3805 } else if (chan <= 165) { 3806 run_efuse_read(sc, 3807 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3808 &val, 1); 3809 } else 3810 val = 0; 3811 run_bbp_write(sc, 159, val); 3812 3813 /* Tx0 IQ phase. */ 3814 run_bbp_write(sc, 158, 0x2d); 3815 if (chan <= 14) { 3816 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3817 &val, 1); 3818 } else if (chan <= 64) { 3819 run_efuse_read(sc, 3820 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3821 &val, 1); 3822 } else if (chan <= 138) { 3823 run_efuse_read(sc, 3824 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3825 &val, 1); 3826 } else if (chan <= 165) { 3827 run_efuse_read(sc, 3828 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3829 &val, 1); 3830 } else 3831 val = 0; 3832 run_bbp_write(sc, 159, val); 3833 3834 /* Tx1 IQ gain. */ 3835 run_bbp_write(sc, 158, 0x4a); 3836 if (chan <= 14) { 3837 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3838 &val, 1); 3839 } else if (chan <= 64) { 3840 run_efuse_read(sc, 3841 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3842 &val, 1); 3843 } else if (chan <= 138) { 3844 run_efuse_read(sc, 3845 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3846 &val, 1); 3847 } else if (chan <= 165) { 3848 run_efuse_read(sc, 3849 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3850 &val, 1); 3851 } else 3852 val = 0; 3853 run_bbp_write(sc, 159, val); 3854 3855 /* Tx1 IQ phase. */ 3856 run_bbp_write(sc, 158, 0x4b); 3857 if (chan <= 14) { 3858 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3859 &val, 1); 3860 } else if (chan <= 64) { 3861 run_efuse_read(sc, 3862 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3863 &val, 1); 3864 } else if (chan <= 138) { 3865 run_efuse_read(sc, 3866 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3867 &val, 1); 3868 } else if (chan <= 165) { 3869 run_efuse_read(sc, 3870 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3871 &val, 1); 3872 } else 3873 val = 0; 3874 run_bbp_write(sc, 159, val); 3875 3876 /* RF IQ compensation control. */ 3877 run_bbp_write(sc, 158, 0x04); 3878 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3879 &val, 1); 3880 run_bbp_write(sc, 159, val); 3881 3882 /* RF IQ imbalance compensation control. */ 3883 run_bbp_write(sc, 158, 0x03); 3884 run_efuse_read(sc, 3885 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3886 run_bbp_write(sc, 159, val); 3887 } 3888 3889 static void 3890 run_set_agc(struct run_softc *sc, uint8_t agc) 3891 { 3892 uint8_t bbp; 3893 3894 if (sc->mac_ver == 0x3572) { 3895 run_bbp_read(sc, 27, &bbp); 3896 bbp &= ~(0x3 << 5); 3897 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3898 run_bbp_write(sc, 66, agc); 3899 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3900 run_bbp_write(sc, 66, agc); 3901 } else 3902 run_bbp_write(sc, 66, agc); 3903 } 3904 3905 static void 3906 run_select_chan_group(struct run_softc *sc, int group) 3907 { 3908 uint32_t tmp; 3909 uint8_t agc; 3910 3911 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3912 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3913 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3914 if (sc->mac_ver < 0x3572) 3915 run_bbp_write(sc, 86, 0x00); 3916 3917 if (sc->mac_ver == 0x3593) { 3918 run_bbp_write(sc, 77, 0x98); 3919 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3920 } 3921 3922 if (group == 0) { 3923 if (sc->ext_2ghz_lna) { 3924 if (sc->mac_ver >= 0x5390) 3925 run_bbp_write(sc, 75, 0x52); 3926 else { 3927 run_bbp_write(sc, 82, 0x62); 3928 run_bbp_write(sc, 75, 0x46); 3929 } 3930 } else { 3931 if (sc->mac_ver == 0x5592) { 3932 run_bbp_write(sc, 79, 0x1c); 3933 run_bbp_write(sc, 80, 0x0e); 3934 run_bbp_write(sc, 81, 0x3a); 3935 run_bbp_write(sc, 82, 0x62); 3936 3937 run_bbp_write(sc, 195, 0x80); 3938 run_bbp_write(sc, 196, 0xe0); 3939 run_bbp_write(sc, 195, 0x81); 3940 run_bbp_write(sc, 196, 0x1f); 3941 run_bbp_write(sc, 195, 0x82); 3942 run_bbp_write(sc, 196, 0x38); 3943 run_bbp_write(sc, 195, 0x83); 3944 run_bbp_write(sc, 196, 0x32); 3945 run_bbp_write(sc, 195, 0x85); 3946 run_bbp_write(sc, 196, 0x28); 3947 run_bbp_write(sc, 195, 0x86); 3948 run_bbp_write(sc, 196, 0x19); 3949 } else if (sc->mac_ver >= 0x5390) 3950 run_bbp_write(sc, 75, 0x50); 3951 else { 3952 run_bbp_write(sc, 82, 3953 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3954 run_bbp_write(sc, 75, 0x50); 3955 } 3956 } 3957 } else { 3958 if (sc->mac_ver == 0x5592) { 3959 run_bbp_write(sc, 79, 0x18); 3960 run_bbp_write(sc, 80, 0x08); 3961 run_bbp_write(sc, 81, 0x38); 3962 run_bbp_write(sc, 82, 0x92); 3963 3964 run_bbp_write(sc, 195, 0x80); 3965 run_bbp_write(sc, 196, 0xf0); 3966 run_bbp_write(sc, 195, 0x81); 3967 run_bbp_write(sc, 196, 0x1e); 3968 run_bbp_write(sc, 195, 0x82); 3969 run_bbp_write(sc, 196, 0x28); 3970 run_bbp_write(sc, 195, 0x83); 3971 run_bbp_write(sc, 196, 0x20); 3972 run_bbp_write(sc, 195, 0x85); 3973 run_bbp_write(sc, 196, 0x7f); 3974 run_bbp_write(sc, 195, 0x86); 3975 run_bbp_write(sc, 196, 0x7f); 3976 } else if (sc->mac_ver == 0x3572) 3977 run_bbp_write(sc, 82, 0x94); 3978 else 3979 run_bbp_write(sc, 82, 3980 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3981 if (sc->ext_5ghz_lna) 3982 run_bbp_write(sc, 75, 0x46); 3983 else 3984 run_bbp_write(sc, 75, 0x50); 3985 } 3986 3987 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3988 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3989 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3990 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3991 3992 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3993 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3994 if (sc->mac_ver == 0x3593) 3995 tmp |= 1 << 29 | 1 << 28; 3996 if (sc->nrxchains > 1) 3997 tmp |= RT2860_LNA_PE1_EN; 3998 if (group == 0) { /* 2GHz */ 3999 tmp |= RT2860_PA_PE_G0_EN; 4000 if (sc->ntxchains > 1) 4001 tmp |= RT2860_PA_PE_G1_EN; 4002 if (sc->mac_ver == 0x3593) { 4003 if (sc->ntxchains > 2) 4004 tmp |= 1 << 25; 4005 } 4006 } else { /* 5GHz */ 4007 tmp |= RT2860_PA_PE_A0_EN; 4008 if (sc->ntxchains > 1) 4009 tmp |= RT2860_PA_PE_A1_EN; 4010 } 4011 if (sc->mac_ver == 0x3572) { 4012 run_rt3070_rf_write(sc, 8, 0x00); 4013 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4014 run_rt3070_rf_write(sc, 8, 0x80); 4015 } else 4016 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4017 4018 if (sc->mac_ver == 0x5592) { 4019 run_bbp_write(sc, 195, 0x8d); 4020 run_bbp_write(sc, 196, 0x1a); 4021 } 4022 4023 if (sc->mac_ver == 0x3593) { 4024 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4025 tmp &= ~0x01010000; 4026 if (group == 0) 4027 tmp |= 0x00010000; 4028 tmp = (tmp & ~0x00009090) | 0x00000090; 4029 run_write(sc, RT2860_GPIO_CTRL, tmp); 4030 } 4031 4032 /* set initial AGC value */ 4033 if (group == 0) { /* 2GHz band */ 4034 if (sc->mac_ver >= 0x3070) 4035 agc = 0x1c + sc->lna[0] * 2; 4036 else 4037 agc = 0x2e + sc->lna[0]; 4038 } else { /* 5GHz band */ 4039 if (sc->mac_ver == 0x5592) 4040 agc = 0x24 + sc->lna[group] * 2; 4041 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4042 agc = 0x22 + (sc->lna[group] * 5) / 3; 4043 else 4044 agc = 0x32 + (sc->lna[group] * 5) / 3; 4045 } 4046 run_set_agc(sc, agc); 4047 } 4048 4049 static void 4050 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4051 { 4052 const struct rfprog *rfprog = rt2860_rf2850; 4053 uint32_t r2, r3, r4; 4054 int8_t txpow1, txpow2; 4055 int i; 4056 4057 /* find the settings for this channel (we know it exists) */ 4058 for (i = 0; rfprog[i].chan != chan; i++); 4059 4060 r2 = rfprog[i].r2; 4061 if (sc->ntxchains == 1) 4062 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4063 if (sc->nrxchains == 1) 4064 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4065 else if (sc->nrxchains == 2) 4066 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4067 4068 /* use Tx power values from EEPROM */ 4069 txpow1 = sc->txpow1[i]; 4070 txpow2 = sc->txpow2[i]; 4071 4072 /* Initialize RF R3 and R4. */ 4073 r3 = rfprog[i].r3 & 0xffffc1ff; 4074 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4075 if (chan > 14) { 4076 if (txpow1 >= 0) { 4077 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4078 r3 |= (txpow1 << 10) | (1 << 9); 4079 } else { 4080 txpow1 += 7; 4081 4082 /* txpow1 is not possible larger than 15. */ 4083 r3 |= (txpow1 << 10); 4084 } 4085 if (txpow2 >= 0) { 4086 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4087 r4 |= (txpow2 << 7) | (1 << 6); 4088 } else { 4089 txpow2 += 7; 4090 r4 |= (txpow2 << 7); 4091 } 4092 } else { 4093 /* Set Tx0 power. */ 4094 r3 |= (txpow1 << 9); 4095 4096 /* Set frequency offset and Tx1 power. */ 4097 r4 |= (txpow2 << 6); 4098 } 4099 4100 run_rt2870_rf_write(sc, rfprog[i].r1); 4101 run_rt2870_rf_write(sc, r2); 4102 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4103 run_rt2870_rf_write(sc, r4); 4104 4105 run_delay(sc, 10); 4106 4107 run_rt2870_rf_write(sc, rfprog[i].r1); 4108 run_rt2870_rf_write(sc, r2); 4109 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4110 run_rt2870_rf_write(sc, r4); 4111 4112 run_delay(sc, 10); 4113 4114 run_rt2870_rf_write(sc, rfprog[i].r1); 4115 run_rt2870_rf_write(sc, r2); 4116 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4117 run_rt2870_rf_write(sc, r4); 4118 } 4119 4120 static void 4121 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4122 { 4123 int8_t txpow1, txpow2; 4124 uint8_t rf; 4125 int i; 4126 4127 /* find the settings for this channel (we know it exists) */ 4128 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4129 4130 /* use Tx power values from EEPROM */ 4131 txpow1 = sc->txpow1[i]; 4132 txpow2 = sc->txpow2[i]; 4133 4134 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4135 4136 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4137 run_rt3070_rf_read(sc, 3, &rf); 4138 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4139 run_rt3070_rf_write(sc, 3, rf); 4140 4141 run_rt3070_rf_read(sc, 6, &rf); 4142 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4143 run_rt3070_rf_write(sc, 6, rf); 4144 4145 /* set Tx0 power */ 4146 run_rt3070_rf_read(sc, 12, &rf); 4147 rf = (rf & ~0x1f) | txpow1; 4148 run_rt3070_rf_write(sc, 12, rf); 4149 4150 /* set Tx1 power */ 4151 run_rt3070_rf_read(sc, 13, &rf); 4152 rf = (rf & ~0x1f) | txpow2; 4153 run_rt3070_rf_write(sc, 13, rf); 4154 4155 run_rt3070_rf_read(sc, 1, &rf); 4156 rf &= ~0xfc; 4157 if (sc->ntxchains == 1) 4158 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4159 else if (sc->ntxchains == 2) 4160 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4161 if (sc->nrxchains == 1) 4162 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4163 else if (sc->nrxchains == 2) 4164 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4165 run_rt3070_rf_write(sc, 1, rf); 4166 4167 /* set RF offset */ 4168 run_rt3070_rf_read(sc, 23, &rf); 4169 rf = (rf & ~0x7f) | sc->freq; 4170 run_rt3070_rf_write(sc, 23, rf); 4171 4172 /* program RF filter */ 4173 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4174 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4175 run_rt3070_rf_write(sc, 24, rf); 4176 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4177 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4178 run_rt3070_rf_write(sc, 31, rf); 4179 4180 /* enable RF tuning */ 4181 run_rt3070_rf_read(sc, 7, &rf); 4182 run_rt3070_rf_write(sc, 7, rf | 0x01); 4183 } 4184 4185 static void 4186 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4187 { 4188 int8_t txpow1, txpow2; 4189 uint32_t tmp; 4190 uint8_t rf; 4191 int i; 4192 4193 /* find the settings for this channel (we know it exists) */ 4194 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4195 4196 /* use Tx power values from EEPROM */ 4197 txpow1 = sc->txpow1[i]; 4198 txpow2 = sc->txpow2[i]; 4199 4200 if (chan <= 14) { 4201 run_bbp_write(sc, 25, sc->bbp25); 4202 run_bbp_write(sc, 26, sc->bbp26); 4203 } else { 4204 /* enable IQ phase correction */ 4205 run_bbp_write(sc, 25, 0x09); 4206 run_bbp_write(sc, 26, 0xff); 4207 } 4208 4209 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4210 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4211 run_rt3070_rf_read(sc, 6, &rf); 4212 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4213 rf |= (chan <= 14) ? 0x08 : 0x04; 4214 run_rt3070_rf_write(sc, 6, rf); 4215 4216 /* set PLL mode */ 4217 run_rt3070_rf_read(sc, 5, &rf); 4218 rf &= ~(0x08 | 0x04); 4219 rf |= (chan <= 14) ? 0x04 : 0x08; 4220 run_rt3070_rf_write(sc, 5, rf); 4221 4222 /* set Tx power for chain 0 */ 4223 if (chan <= 14) 4224 rf = 0x60 | txpow1; 4225 else 4226 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4227 run_rt3070_rf_write(sc, 12, rf); 4228 4229 /* set Tx power for chain 1 */ 4230 if (chan <= 14) 4231 rf = 0x60 | txpow2; 4232 else 4233 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4234 run_rt3070_rf_write(sc, 13, rf); 4235 4236 /* set Tx/Rx streams */ 4237 run_rt3070_rf_read(sc, 1, &rf); 4238 rf &= ~0xfc; 4239 if (sc->ntxchains == 1) 4240 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4241 else if (sc->ntxchains == 2) 4242 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4243 if (sc->nrxchains == 1) 4244 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4245 else if (sc->nrxchains == 2) 4246 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4247 run_rt3070_rf_write(sc, 1, rf); 4248 4249 /* set RF offset */ 4250 run_rt3070_rf_read(sc, 23, &rf); 4251 rf = (rf & ~0x7f) | sc->freq; 4252 run_rt3070_rf_write(sc, 23, rf); 4253 4254 /* program RF filter */ 4255 rf = sc->rf24_20mhz; 4256 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4257 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4258 4259 /* enable RF tuning */ 4260 run_rt3070_rf_read(sc, 7, &rf); 4261 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4262 run_rt3070_rf_write(sc, 7, rf); 4263 4264 /* TSSI */ 4265 rf = (chan <= 14) ? 0xc3 : 0xc0; 4266 run_rt3070_rf_write(sc, 9, rf); 4267 4268 /* set loop filter 1 */ 4269 run_rt3070_rf_write(sc, 10, 0xf1); 4270 /* set loop filter 2 */ 4271 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4272 4273 /* set tx_mx2_ic */ 4274 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4275 /* set tx_mx1_ic */ 4276 if (chan <= 14) 4277 rf = 0x48 | sc->txmixgain_2ghz; 4278 else 4279 rf = 0x78 | sc->txmixgain_5ghz; 4280 run_rt3070_rf_write(sc, 16, rf); 4281 4282 /* set tx_lo1 */ 4283 run_rt3070_rf_write(sc, 17, 0x23); 4284 /* set tx_lo2 */ 4285 if (chan <= 14) 4286 rf = 0x93; 4287 else if (chan <= 64) 4288 rf = 0xb7; 4289 else if (chan <= 128) 4290 rf = 0x74; 4291 else 4292 rf = 0x72; 4293 run_rt3070_rf_write(sc, 19, rf); 4294 4295 /* set rx_lo1 */ 4296 if (chan <= 14) 4297 rf = 0xb3; 4298 else if (chan <= 64) 4299 rf = 0xf6; 4300 else if (chan <= 128) 4301 rf = 0xf4; 4302 else 4303 rf = 0xf3; 4304 run_rt3070_rf_write(sc, 20, rf); 4305 4306 /* set pfd_delay */ 4307 if (chan <= 14) 4308 rf = 0x15; 4309 else if (chan <= 64) 4310 rf = 0x3d; 4311 else 4312 rf = 0x01; 4313 run_rt3070_rf_write(sc, 25, rf); 4314 4315 /* set rx_lo2 */ 4316 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4317 /* set ldo_rf_vc */ 4318 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4319 /* set drv_cc */ 4320 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4321 4322 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4323 tmp &= ~0x8080; 4324 if (chan <= 14) 4325 tmp |= 0x80; 4326 run_write(sc, RT2860_GPIO_CTRL, tmp); 4327 4328 /* enable RF tuning */ 4329 run_rt3070_rf_read(sc, 7, &rf); 4330 run_rt3070_rf_write(sc, 7, rf | 0x01); 4331 4332 run_delay(sc, 2); 4333 } 4334 4335 static void 4336 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4337 { 4338 int8_t txpow1, txpow2, txpow3; 4339 uint8_t h20mhz, rf; 4340 int i; 4341 4342 /* find the settings for this channel (we know it exists) */ 4343 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4344 4345 /* use Tx power values from EEPROM */ 4346 txpow1 = sc->txpow1[i]; 4347 txpow2 = sc->txpow2[i]; 4348 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4349 4350 if (chan <= 14) { 4351 run_bbp_write(sc, 25, sc->bbp25); 4352 run_bbp_write(sc, 26, sc->bbp26); 4353 } else { 4354 /* Enable IQ phase correction. */ 4355 run_bbp_write(sc, 25, 0x09); 4356 run_bbp_write(sc, 26, 0xff); 4357 } 4358 4359 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4360 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4361 run_rt3070_rf_read(sc, 11, &rf); 4362 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4363 run_rt3070_rf_write(sc, 11, rf); 4364 4365 /* Set pll_idoh. */ 4366 run_rt3070_rf_read(sc, 11, &rf); 4367 rf &= ~0x4c; 4368 rf |= (chan <= 14) ? 0x44 : 0x48; 4369 run_rt3070_rf_write(sc, 11, rf); 4370 4371 if (chan <= 14) 4372 rf = txpow1 & 0x1f; 4373 else 4374 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4375 run_rt3070_rf_write(sc, 53, rf); 4376 4377 if (chan <= 14) 4378 rf = txpow2 & 0x1f; 4379 else 4380 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4381 run_rt3070_rf_write(sc, 55, rf); 4382 4383 if (chan <= 14) 4384 rf = txpow3 & 0x1f; 4385 else 4386 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4387 run_rt3070_rf_write(sc, 54, rf); 4388 4389 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4390 if (sc->ntxchains == 3) 4391 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4392 else 4393 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4394 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4395 run_rt3070_rf_write(sc, 1, rf); 4396 4397 run_adjust_freq_offset(sc); 4398 4399 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4400 4401 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4402 run_rt3070_rf_read(sc, 30, &rf); 4403 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4404 run_rt3070_rf_write(sc, 30, rf); 4405 4406 run_rt3070_rf_read(sc, 36, &rf); 4407 if (chan <= 14) 4408 rf |= 0x80; 4409 else 4410 rf &= ~0x80; 4411 run_rt3070_rf_write(sc, 36, rf); 4412 4413 /* Set vcolo_bs. */ 4414 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4415 /* Set pfd_delay. */ 4416 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4417 4418 /* Set vco bias current control. */ 4419 run_rt3070_rf_read(sc, 6, &rf); 4420 rf &= ~0xc0; 4421 if (chan <= 14) 4422 rf |= 0x40; 4423 else if (chan <= 128) 4424 rf |= 0x80; 4425 else 4426 rf |= 0x40; 4427 run_rt3070_rf_write(sc, 6, rf); 4428 4429 run_rt3070_rf_read(sc, 30, &rf); 4430 rf = (rf & ~0x18) | 0x10; 4431 run_rt3070_rf_write(sc, 30, rf); 4432 4433 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4434 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4435 4436 run_rt3070_rf_read(sc, 51, &rf); 4437 rf = (rf & ~0x03) | 0x01; 4438 run_rt3070_rf_write(sc, 51, rf); 4439 /* Set tx_mx1_cc. */ 4440 run_rt3070_rf_read(sc, 51, &rf); 4441 rf &= ~0x1c; 4442 rf |= (chan <= 14) ? 0x14 : 0x10; 4443 run_rt3070_rf_write(sc, 51, rf); 4444 /* Set tx_mx1_ic. */ 4445 run_rt3070_rf_read(sc, 51, &rf); 4446 rf &= ~0xe0; 4447 rf |= (chan <= 14) ? 0x60 : 0x40; 4448 run_rt3070_rf_write(sc, 51, rf); 4449 /* Set tx_lo1_ic. */ 4450 run_rt3070_rf_read(sc, 49, &rf); 4451 rf &= ~0x1c; 4452 rf |= (chan <= 14) ? 0x0c : 0x08; 4453 run_rt3070_rf_write(sc, 49, rf); 4454 /* Set tx_lo1_en. */ 4455 run_rt3070_rf_read(sc, 50, &rf); 4456 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4457 /* Set drv_cc. */ 4458 run_rt3070_rf_read(sc, 57, &rf); 4459 rf &= ~0xfc; 4460 rf |= (chan <= 14) ? 0x6c : 0x3c; 4461 run_rt3070_rf_write(sc, 57, rf); 4462 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4463 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4464 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4465 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4466 /* Enable VCO calibration. */ 4467 run_rt3070_rf_read(sc, 3, &rf); 4468 rf &= ~RT5390_VCOCAL; 4469 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4470 run_rt3070_rf_write(sc, 3, rf); 4471 4472 if (chan <= 14) 4473 rf = 0x23; 4474 else if (chan <= 64) 4475 rf = 0x36; 4476 else if (chan <= 128) 4477 rf = 0x32; 4478 else 4479 rf = 0x30; 4480 run_rt3070_rf_write(sc, 39, rf); 4481 if (chan <= 14) 4482 rf = 0xbb; 4483 else if (chan <= 64) 4484 rf = 0xeb; 4485 else if (chan <= 128) 4486 rf = 0xb3; 4487 else 4488 rf = 0x9b; 4489 run_rt3070_rf_write(sc, 45, rf); 4490 4491 /* Set FEQ/AEQ control. */ 4492 run_bbp_write(sc, 105, 0x34); 4493 } 4494 4495 static void 4496 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4497 { 4498 int8_t txpow1, txpow2; 4499 uint8_t rf; 4500 int i; 4501 4502 /* find the settings for this channel (we know it exists) */ 4503 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4504 4505 /* use Tx power values from EEPROM */ 4506 txpow1 = sc->txpow1[i]; 4507 txpow2 = sc->txpow2[i]; 4508 4509 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4510 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4511 run_rt3070_rf_read(sc, 11, &rf); 4512 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4513 run_rt3070_rf_write(sc, 11, rf); 4514 4515 run_rt3070_rf_read(sc, 49, &rf); 4516 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4517 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4518 if ((rf & 0x3f) > 0x27) 4519 rf = (rf & ~0x3f) | 0x27; 4520 run_rt3070_rf_write(sc, 49, rf); 4521 4522 if (sc->mac_ver == 0x5392) { 4523 run_rt3070_rf_read(sc, 50, &rf); 4524 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4525 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4526 if ((rf & 0x3f) > 0x27) 4527 rf = (rf & ~0x3f) | 0x27; 4528 run_rt3070_rf_write(sc, 50, rf); 4529 } 4530 4531 run_rt3070_rf_read(sc, 1, &rf); 4532 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4533 if (sc->mac_ver == 0x5392) 4534 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4535 run_rt3070_rf_write(sc, 1, rf); 4536 4537 if (sc->mac_ver != 0x5392) { 4538 run_rt3070_rf_read(sc, 2, &rf); 4539 rf |= 0x80; 4540 run_rt3070_rf_write(sc, 2, rf); 4541 run_delay(sc, 10); 4542 rf &= 0x7f; 4543 run_rt3070_rf_write(sc, 2, rf); 4544 } 4545 4546 run_adjust_freq_offset(sc); 4547 4548 if (sc->mac_ver == 0x5392) { 4549 /* Fix for RT5392C. */ 4550 if (sc->mac_rev >= 0x0223) { 4551 if (chan <= 4) 4552 rf = 0x0f; 4553 else if (chan >= 5 && chan <= 7) 4554 rf = 0x0e; 4555 else 4556 rf = 0x0d; 4557 run_rt3070_rf_write(sc, 23, rf); 4558 4559 if (chan <= 4) 4560 rf = 0x0c; 4561 else if (chan == 5) 4562 rf = 0x0b; 4563 else if (chan >= 6 && chan <= 7) 4564 rf = 0x0a; 4565 else if (chan >= 8 && chan <= 10) 4566 rf = 0x09; 4567 else 4568 rf = 0x08; 4569 run_rt3070_rf_write(sc, 59, rf); 4570 } else { 4571 if (chan <= 11) 4572 rf = 0x0f; 4573 else 4574 rf = 0x0b; 4575 run_rt3070_rf_write(sc, 59, rf); 4576 } 4577 } else { 4578 /* Fix for RT5390F. */ 4579 if (sc->mac_rev >= 0x0502) { 4580 if (chan <= 11) 4581 rf = 0x43; 4582 else 4583 rf = 0x23; 4584 run_rt3070_rf_write(sc, 55, rf); 4585 4586 if (chan <= 11) 4587 rf = 0x0f; 4588 else if (chan == 12) 4589 rf = 0x0d; 4590 else 4591 rf = 0x0b; 4592 run_rt3070_rf_write(sc, 59, rf); 4593 } else { 4594 run_rt3070_rf_write(sc, 55, 0x44); 4595 run_rt3070_rf_write(sc, 59, 0x8f); 4596 } 4597 } 4598 4599 /* Enable VCO calibration. */ 4600 run_rt3070_rf_read(sc, 3, &rf); 4601 rf |= RT5390_VCOCAL; 4602 run_rt3070_rf_write(sc, 3, rf); 4603 } 4604 4605 static void 4606 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4607 { 4608 const struct rt5592_freqs *freqs; 4609 uint32_t tmp; 4610 uint8_t reg, rf, txpow_bound; 4611 int8_t txpow1, txpow2; 4612 int i; 4613 4614 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4615 freqs = (tmp & RT5592_SEL_XTAL) ? 4616 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4617 4618 /* find the settings for this channel (we know it exists) */ 4619 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4620 4621 /* use Tx power values from EEPROM */ 4622 txpow1 = sc->txpow1[i]; 4623 txpow2 = sc->txpow2[i]; 4624 4625 run_read(sc, RT3070_LDO_CFG0, &tmp); 4626 tmp &= ~0x1c000000; 4627 if (chan > 14) 4628 tmp |= 0x14000000; 4629 run_write(sc, RT3070_LDO_CFG0, tmp); 4630 4631 /* N setting. */ 4632 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4633 run_rt3070_rf_read(sc, 9, &rf); 4634 rf &= ~(1 << 4); 4635 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4636 run_rt3070_rf_write(sc, 9, rf); 4637 4638 /* K setting. */ 4639 run_rt3070_rf_read(sc, 9, &rf); 4640 rf &= ~0x0f; 4641 rf |= (freqs->k & 0x0f); 4642 run_rt3070_rf_write(sc, 9, rf); 4643 4644 /* Mode setting. */ 4645 run_rt3070_rf_read(sc, 11, &rf); 4646 rf &= ~0x0c; 4647 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4648 run_rt3070_rf_write(sc, 11, rf); 4649 run_rt3070_rf_read(sc, 9, &rf); 4650 rf &= ~(1 << 7); 4651 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4652 run_rt3070_rf_write(sc, 9, rf); 4653 4654 /* R setting. */ 4655 run_rt3070_rf_read(sc, 11, &rf); 4656 rf &= ~0x03; 4657 rf |= (freqs->r - 0x1); 4658 run_rt3070_rf_write(sc, 11, rf); 4659 4660 if (chan <= 14) { 4661 /* Initialize RF registers for 2GHZ. */ 4662 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4663 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4664 rt5592_2ghz_def_rf[i].val); 4665 } 4666 4667 rf = (chan <= 10) ? 0x07 : 0x06; 4668 run_rt3070_rf_write(sc, 23, rf); 4669 run_rt3070_rf_write(sc, 59, rf); 4670 4671 run_rt3070_rf_write(sc, 55, 0x43); 4672 4673 /* 4674 * RF R49/R50 Tx power ALC code. 4675 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4676 */ 4677 reg = 2; 4678 txpow_bound = 0x27; 4679 } else { 4680 /* Initialize RF registers for 5GHZ. */ 4681 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4682 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4683 rt5592_5ghz_def_rf[i].val); 4684 } 4685 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4686 if (chan >= rt5592_chan_5ghz[i].firstchan && 4687 chan <= rt5592_chan_5ghz[i].lastchan) { 4688 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4689 rt5592_chan_5ghz[i].val); 4690 } 4691 } 4692 4693 /* 4694 * RF R49/R50 Tx power ALC code. 4695 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4696 */ 4697 reg = 3; 4698 txpow_bound = 0x2b; 4699 } 4700 4701 /* RF R49 ch0 Tx power ALC code. */ 4702 run_rt3070_rf_read(sc, 49, &rf); 4703 rf &= ~0xc0; 4704 rf |= (reg << 6); 4705 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4706 if ((rf & 0x3f) > txpow_bound) 4707 rf = (rf & ~0x3f) | txpow_bound; 4708 run_rt3070_rf_write(sc, 49, rf); 4709 4710 /* RF R50 ch1 Tx power ALC code. */ 4711 run_rt3070_rf_read(sc, 50, &rf); 4712 rf &= ~(1 << 7 | 1 << 6); 4713 rf |= (reg << 6); 4714 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4715 if ((rf & 0x3f) > txpow_bound) 4716 rf = (rf & ~0x3f) | txpow_bound; 4717 run_rt3070_rf_write(sc, 50, rf); 4718 4719 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4720 run_rt3070_rf_read(sc, 1, &rf); 4721 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4722 if (sc->ntxchains > 1) 4723 rf |= RT3070_TX1_PD; 4724 if (sc->nrxchains > 1) 4725 rf |= RT3070_RX1_PD; 4726 run_rt3070_rf_write(sc, 1, rf); 4727 4728 run_rt3070_rf_write(sc, 6, 0xe4); 4729 4730 run_rt3070_rf_write(sc, 30, 0x10); 4731 run_rt3070_rf_write(sc, 31, 0x80); 4732 run_rt3070_rf_write(sc, 32, 0x80); 4733 4734 run_adjust_freq_offset(sc); 4735 4736 /* Enable VCO calibration. */ 4737 run_rt3070_rf_read(sc, 3, &rf); 4738 rf |= RT5390_VCOCAL; 4739 run_rt3070_rf_write(sc, 3, rf); 4740 } 4741 4742 static void 4743 run_set_rx_antenna(struct run_softc *sc, int aux) 4744 { 4745 uint32_t tmp; 4746 uint8_t bbp152; 4747 4748 if (aux) { 4749 if (sc->rf_rev == RT5390_RF_5370) { 4750 run_bbp_read(sc, 152, &bbp152); 4751 run_bbp_write(sc, 152, bbp152 & ~0x80); 4752 } else { 4753 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4754 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4755 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4756 } 4757 } else { 4758 if (sc->rf_rev == RT5390_RF_5370) { 4759 run_bbp_read(sc, 152, &bbp152); 4760 run_bbp_write(sc, 152, bbp152 | 0x80); 4761 } else { 4762 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4763 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4764 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4765 } 4766 } 4767 } 4768 4769 static int 4770 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4771 { 4772 struct ieee80211com *ic = &sc->sc_ic; 4773 u_int chan, group; 4774 4775 chan = ieee80211_chan2ieee(ic, c); 4776 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4777 return (EINVAL); 4778 4779 if (sc->mac_ver == 0x5592) 4780 run_rt5592_set_chan(sc, chan); 4781 else if (sc->mac_ver >= 0x5390) 4782 run_rt5390_set_chan(sc, chan); 4783 else if (sc->mac_ver == 0x3593) 4784 run_rt3593_set_chan(sc, chan); 4785 else if (sc->mac_ver == 0x3572) 4786 run_rt3572_set_chan(sc, chan); 4787 else if (sc->mac_ver >= 0x3070) 4788 run_rt3070_set_chan(sc, chan); 4789 else 4790 run_rt2870_set_chan(sc, chan); 4791 4792 /* determine channel group */ 4793 if (chan <= 14) 4794 group = 0; 4795 else if (chan <= 64) 4796 group = 1; 4797 else if (chan <= 128) 4798 group = 2; 4799 else 4800 group = 3; 4801 4802 /* XXX necessary only when group has changed! */ 4803 run_select_chan_group(sc, group); 4804 4805 run_delay(sc, 10); 4806 4807 /* Perform IQ calibration. */ 4808 if (sc->mac_ver >= 0x5392) 4809 run_iq_calib(sc, chan); 4810 4811 return (0); 4812 } 4813 4814 static void 4815 run_set_channel(struct ieee80211com *ic) 4816 { 4817 struct run_softc *sc = ic->ic_softc; 4818 4819 RUN_LOCK(sc); 4820 run_set_chan(sc, ic->ic_curchan); 4821 RUN_UNLOCK(sc); 4822 4823 return; 4824 } 4825 4826 static void 4827 run_getradiocaps(struct ieee80211com *ic, 4828 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4829 { 4830 struct run_softc *sc = ic->ic_softc; 4831 uint8_t bands[IEEE80211_MODE_BYTES]; 4832 4833 memset(bands, 0, sizeof(bands)); 4834 setbit(bands, IEEE80211_MODE_11B); 4835 setbit(bands, IEEE80211_MODE_11G); 4836 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 4837 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0); 4838 4839 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4840 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4841 sc->rf_rev == RT5592_RF_5592) { 4842 setbit(bands, IEEE80211_MODE_11A); 4843 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4844 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4845 } 4846 } 4847 4848 static void 4849 run_scan_start(struct ieee80211com *ic) 4850 { 4851 struct run_softc *sc = ic->ic_softc; 4852 uint32_t tmp; 4853 4854 RUN_LOCK(sc); 4855 4856 /* abort TSF synchronization */ 4857 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4858 run_write(sc, RT2860_BCN_TIME_CFG, 4859 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4860 RT2860_TBTT_TIMER_EN)); 4861 run_set_bssid(sc, ieee80211broadcastaddr); 4862 4863 RUN_UNLOCK(sc); 4864 4865 return; 4866 } 4867 4868 static void 4869 run_scan_end(struct ieee80211com *ic) 4870 { 4871 struct run_softc *sc = ic->ic_softc; 4872 4873 RUN_LOCK(sc); 4874 4875 run_enable_tsf_sync(sc); 4876 run_set_bssid(sc, sc->sc_bssid); 4877 4878 RUN_UNLOCK(sc); 4879 4880 return; 4881 } 4882 4883 /* 4884 * Could be called from ieee80211_node_timeout() 4885 * (non-sleepable thread) 4886 */ 4887 static void 4888 run_update_beacon(struct ieee80211vap *vap, int item) 4889 { 4890 struct ieee80211com *ic = vap->iv_ic; 4891 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4892 struct ieee80211_node *ni = vap->iv_bss; 4893 struct run_softc *sc = ic->ic_softc; 4894 struct run_vap *rvp = RUN_VAP(vap); 4895 int mcast = 0; 4896 uint32_t i; 4897 4898 switch (item) { 4899 case IEEE80211_BEACON_ERP: 4900 run_updateslot(ic); 4901 break; 4902 case IEEE80211_BEACON_HTINFO: 4903 run_updateprot(ic); 4904 break; 4905 case IEEE80211_BEACON_TIM: 4906 mcast = 1; /*TODO*/ 4907 break; 4908 default: 4909 break; 4910 } 4911 4912 setbit(bo->bo_flags, item); 4913 if (rvp->beacon_mbuf == NULL) { 4914 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4915 if (rvp->beacon_mbuf == NULL) 4916 return; 4917 } 4918 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4919 4920 i = RUN_CMDQ_GET(&sc->cmdq_store); 4921 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4922 sc->cmdq[i].func = run_update_beacon_cb; 4923 sc->cmdq[i].arg0 = vap; 4924 ieee80211_runtask(ic, &sc->cmdq_task); 4925 4926 return; 4927 } 4928 4929 static void 4930 run_update_beacon_cb(void *arg) 4931 { 4932 struct ieee80211vap *vap = arg; 4933 struct ieee80211_node *ni = vap->iv_bss; 4934 struct run_vap *rvp = RUN_VAP(vap); 4935 struct ieee80211com *ic = vap->iv_ic; 4936 struct run_softc *sc = ic->ic_softc; 4937 struct rt2860_txwi txwi; 4938 struct mbuf *m; 4939 uint16_t txwisize; 4940 uint8_t ridx; 4941 4942 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4943 return; 4944 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4945 return; 4946 4947 /* 4948 * No need to call ieee80211_beacon_update(), run_update_beacon() 4949 * is taking care of appropriate calls. 4950 */ 4951 if (rvp->beacon_mbuf == NULL) { 4952 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4953 if (rvp->beacon_mbuf == NULL) 4954 return; 4955 } 4956 m = rvp->beacon_mbuf; 4957 4958 memset(&txwi, 0, sizeof(txwi)); 4959 txwi.wcid = 0xff; 4960 txwi.len = htole16(m->m_pkthdr.len); 4961 4962 /* send beacons at the lowest available rate */ 4963 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4964 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4965 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4966 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4967 txwi.phy |= htole16(RT2860_PHY_OFDM); 4968 txwi.txop = RT2860_TX_TXOP_HT; 4969 txwi.flags = RT2860_TX_TS; 4970 txwi.xflags = RT2860_TX_NSEQ; 4971 4972 txwisize = (sc->mac_ver == 0x5592) ? 4973 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4974 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4975 txwisize); 4976 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4977 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4978 } 4979 4980 static void 4981 run_updateprot(struct ieee80211com *ic) 4982 { 4983 struct run_softc *sc = ic->ic_softc; 4984 uint32_t i; 4985 4986 i = RUN_CMDQ_GET(&sc->cmdq_store); 4987 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4988 sc->cmdq[i].func = run_updateprot_cb; 4989 sc->cmdq[i].arg0 = ic; 4990 ieee80211_runtask(ic, &sc->cmdq_task); 4991 } 4992 4993 static void 4994 run_updateprot_cb(void *arg) 4995 { 4996 struct ieee80211com *ic = arg; 4997 struct run_softc *sc = ic->ic_softc; 4998 uint32_t tmp; 4999 5000 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5001 /* setup protection frame rate (MCS code) */ 5002 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5003 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5004 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5005 5006 /* CCK frames don't require protection */ 5007 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5008 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5009 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5010 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5011 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5012 tmp |= RT2860_PROT_CTRL_CTS; 5013 } 5014 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5015 } 5016 5017 static void 5018 run_usb_timeout_cb(void *arg) 5019 { 5020 struct ieee80211vap *vap = arg; 5021 struct run_softc *sc = vap->iv_ic->ic_softc; 5022 5023 RUN_LOCK_ASSERT(sc, MA_OWNED); 5024 5025 if(vap->iv_state == IEEE80211_S_RUN && 5026 vap->iv_opmode != IEEE80211_M_STA) 5027 run_reset_livelock(sc); 5028 else if (vap->iv_state == IEEE80211_S_SCAN) { 5029 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5030 "timeout caused by scan\n"); 5031 /* cancel bgscan */ 5032 ieee80211_cancel_scan(vap); 5033 } else 5034 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5035 "timeout by unknown cause\n"); 5036 } 5037 5038 static void 5039 run_reset_livelock(struct run_softc *sc) 5040 { 5041 uint32_t tmp; 5042 5043 RUN_LOCK_ASSERT(sc, MA_OWNED); 5044 5045 /* 5046 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5047 * can run into a livelock and start sending CTS-to-self frames like 5048 * crazy if protection is enabled. Reset MAC/BBP for a while 5049 */ 5050 run_read(sc, RT2860_DEBUG, &tmp); 5051 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5052 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5053 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5054 "CTS-to-self livelock detected\n"); 5055 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5056 run_delay(sc, 1); 5057 run_write(sc, RT2860_MAC_SYS_CTRL, 5058 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5059 } 5060 } 5061 5062 static void 5063 run_update_promisc_locked(struct run_softc *sc) 5064 { 5065 uint32_t tmp; 5066 5067 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5068 5069 tmp |= RT2860_DROP_UC_NOME; 5070 if (sc->sc_ic.ic_promisc > 0) 5071 tmp &= ~RT2860_DROP_UC_NOME; 5072 5073 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5074 5075 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5076 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5077 } 5078 5079 static void 5080 run_update_promisc(struct ieee80211com *ic) 5081 { 5082 struct run_softc *sc = ic->ic_softc; 5083 5084 if ((sc->sc_flags & RUN_RUNNING) == 0) 5085 return; 5086 5087 RUN_LOCK(sc); 5088 run_update_promisc_locked(sc); 5089 RUN_UNLOCK(sc); 5090 } 5091 5092 static void 5093 run_enable_tsf_sync(struct run_softc *sc) 5094 { 5095 struct ieee80211com *ic = &sc->sc_ic; 5096 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5097 uint32_t tmp; 5098 5099 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5100 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5101 5102 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5103 tmp &= ~0x1fffff; 5104 tmp |= vap->iv_bss->ni_intval * 16; 5105 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5106 5107 if (ic->ic_opmode == IEEE80211_M_STA) { 5108 /* 5109 * Local TSF is always updated with remote TSF on beacon 5110 * reception. 5111 */ 5112 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5113 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5114 tmp |= RT2860_BCN_TX_EN; 5115 /* 5116 * Local TSF is updated with remote TSF on beacon reception 5117 * only if the remote TSF is greater than local TSF. 5118 */ 5119 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5120 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5121 ic->ic_opmode == IEEE80211_M_MBSS) { 5122 tmp |= RT2860_BCN_TX_EN; 5123 /* SYNC with nobody */ 5124 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5125 } else { 5126 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5127 "Enabling TSF failed. undefined opmode\n"); 5128 return; 5129 } 5130 5131 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5132 } 5133 5134 static void 5135 run_enable_tsf(struct run_softc *sc) 5136 { 5137 uint32_t tmp; 5138 5139 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5140 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5141 tmp |= RT2860_TSF_TIMER_EN; 5142 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5143 } 5144 } 5145 5146 static void 5147 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5148 { 5149 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5150 sizeof(*buf)); 5151 } 5152 5153 static void 5154 run_enable_mrr(struct run_softc *sc) 5155 { 5156 #define CCK(mcs) (mcs) 5157 #define OFDM(mcs) (1 << 3 | (mcs)) 5158 run_write(sc, RT2860_LG_FBK_CFG0, 5159 OFDM(6) << 28 | /* 54->48 */ 5160 OFDM(5) << 24 | /* 48->36 */ 5161 OFDM(4) << 20 | /* 36->24 */ 5162 OFDM(3) << 16 | /* 24->18 */ 5163 OFDM(2) << 12 | /* 18->12 */ 5164 OFDM(1) << 8 | /* 12-> 9 */ 5165 OFDM(0) << 4 | /* 9-> 6 */ 5166 OFDM(0)); /* 6-> 6 */ 5167 5168 run_write(sc, RT2860_LG_FBK_CFG1, 5169 CCK(2) << 12 | /* 11->5.5 */ 5170 CCK(1) << 8 | /* 5.5-> 2 */ 5171 CCK(0) << 4 | /* 2-> 1 */ 5172 CCK(0)); /* 1-> 1 */ 5173 #undef OFDM 5174 #undef CCK 5175 } 5176 5177 static void 5178 run_set_txpreamble(struct run_softc *sc) 5179 { 5180 struct ieee80211com *ic = &sc->sc_ic; 5181 uint32_t tmp; 5182 5183 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5184 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5185 tmp |= RT2860_CCK_SHORT_EN; 5186 else 5187 tmp &= ~RT2860_CCK_SHORT_EN; 5188 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5189 } 5190 5191 static void 5192 run_set_basicrates(struct run_softc *sc) 5193 { 5194 struct ieee80211com *ic = &sc->sc_ic; 5195 5196 /* set basic rates mask */ 5197 if (ic->ic_curmode == IEEE80211_MODE_11B) 5198 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5199 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5200 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5201 else /* 11g */ 5202 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5203 } 5204 5205 static void 5206 run_set_leds(struct run_softc *sc, uint16_t which) 5207 { 5208 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5209 which | (sc->leds & 0x7f)); 5210 } 5211 5212 static void 5213 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5214 { 5215 run_write(sc, RT2860_MAC_BSSID_DW0, 5216 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5217 run_write(sc, RT2860_MAC_BSSID_DW1, 5218 bssid[4] | bssid[5] << 8); 5219 } 5220 5221 static void 5222 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5223 { 5224 run_write(sc, RT2860_MAC_ADDR_DW0, 5225 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5226 run_write(sc, RT2860_MAC_ADDR_DW1, 5227 addr[4] | addr[5] << 8 | 0xff << 16); 5228 } 5229 5230 static void 5231 run_updateslot(struct ieee80211com *ic) 5232 { 5233 struct run_softc *sc = ic->ic_softc; 5234 uint32_t i; 5235 5236 i = RUN_CMDQ_GET(&sc->cmdq_store); 5237 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5238 sc->cmdq[i].func = run_updateslot_cb; 5239 sc->cmdq[i].arg0 = ic; 5240 ieee80211_runtask(ic, &sc->cmdq_task); 5241 5242 return; 5243 } 5244 5245 /* ARGSUSED */ 5246 static void 5247 run_updateslot_cb(void *arg) 5248 { 5249 struct ieee80211com *ic = arg; 5250 struct run_softc *sc = ic->ic_softc; 5251 uint32_t tmp; 5252 5253 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5254 tmp &= ~0xff; 5255 tmp |= IEEE80211_GET_SLOTTIME(ic); 5256 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5257 } 5258 5259 static void 5260 run_update_mcast(struct ieee80211com *ic) 5261 { 5262 } 5263 5264 static int8_t 5265 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5266 { 5267 struct ieee80211com *ic = &sc->sc_ic; 5268 struct ieee80211_channel *c = ic->ic_curchan; 5269 int delta; 5270 5271 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5272 u_int chan = ieee80211_chan2ieee(ic, c); 5273 delta = sc->rssi_5ghz[rxchain]; 5274 5275 /* determine channel group */ 5276 if (chan <= 64) 5277 delta -= sc->lna[1]; 5278 else if (chan <= 128) 5279 delta -= sc->lna[2]; 5280 else 5281 delta -= sc->lna[3]; 5282 } else 5283 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5284 5285 return (-12 - delta - rssi); 5286 } 5287 5288 static void 5289 run_rt5390_bbp_init(struct run_softc *sc) 5290 { 5291 u_int i; 5292 uint8_t bbp; 5293 5294 /* Apply maximum likelihood detection for 2 stream case. */ 5295 run_bbp_read(sc, 105, &bbp); 5296 if (sc->nrxchains > 1) 5297 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5298 5299 /* Avoid data lost and CRC error. */ 5300 run_bbp_read(sc, 4, &bbp); 5301 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5302 5303 if (sc->mac_ver == 0x5592) { 5304 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5305 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5306 rt5592_def_bbp[i].val); 5307 } 5308 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5309 run_bbp_write(sc, 195, i + 0x80); 5310 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5311 } 5312 } else { 5313 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5314 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5315 rt5390_def_bbp[i].val); 5316 } 5317 } 5318 if (sc->mac_ver == 0x5392) { 5319 run_bbp_write(sc, 88, 0x90); 5320 run_bbp_write(sc, 95, 0x9a); 5321 run_bbp_write(sc, 98, 0x12); 5322 run_bbp_write(sc, 106, 0x12); 5323 run_bbp_write(sc, 134, 0xd0); 5324 run_bbp_write(sc, 135, 0xf6); 5325 run_bbp_write(sc, 148, 0x84); 5326 } 5327 5328 run_bbp_read(sc, 152, &bbp); 5329 run_bbp_write(sc, 152, bbp | 0x80); 5330 5331 /* Fix BBP254 for RT5592C. */ 5332 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5333 run_bbp_read(sc, 254, &bbp); 5334 run_bbp_write(sc, 254, bbp | 0x80); 5335 } 5336 5337 /* Disable hardware antenna diversity. */ 5338 if (sc->mac_ver == 0x5390) 5339 run_bbp_write(sc, 154, 0); 5340 5341 /* Initialize Rx CCK/OFDM frequency offset report. */ 5342 run_bbp_write(sc, 142, 1); 5343 run_bbp_write(sc, 143, 57); 5344 } 5345 5346 static int 5347 run_bbp_init(struct run_softc *sc) 5348 { 5349 int i, error, ntries; 5350 uint8_t bbp0; 5351 5352 /* wait for BBP to wake up */ 5353 for (ntries = 0; ntries < 20; ntries++) { 5354 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5355 return error; 5356 if (bbp0 != 0 && bbp0 != 0xff) 5357 break; 5358 } 5359 if (ntries == 20) 5360 return (ETIMEDOUT); 5361 5362 /* initialize BBP registers to default values */ 5363 if (sc->mac_ver >= 0x5390) 5364 run_rt5390_bbp_init(sc); 5365 else { 5366 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5367 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5368 rt2860_def_bbp[i].val); 5369 } 5370 } 5371 5372 if (sc->mac_ver == 0x3593) { 5373 run_bbp_write(sc, 79, 0x13); 5374 run_bbp_write(sc, 80, 0x05); 5375 run_bbp_write(sc, 81, 0x33); 5376 run_bbp_write(sc, 86, 0x46); 5377 run_bbp_write(sc, 137, 0x0f); 5378 } 5379 5380 /* fix BBP84 for RT2860E */ 5381 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5382 run_bbp_write(sc, 84, 0x19); 5383 5384 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5385 sc->mac_ver != 0x5592)) { 5386 run_bbp_write(sc, 79, 0x13); 5387 run_bbp_write(sc, 80, 0x05); 5388 run_bbp_write(sc, 81, 0x33); 5389 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5390 run_bbp_write(sc, 69, 0x16); 5391 run_bbp_write(sc, 73, 0x12); 5392 } 5393 return (0); 5394 } 5395 5396 static int 5397 run_rt3070_rf_init(struct run_softc *sc) 5398 { 5399 uint32_t tmp; 5400 uint8_t bbp4, mingain, rf, target; 5401 u_int i; 5402 5403 run_rt3070_rf_read(sc, 30, &rf); 5404 /* toggle RF R30 bit 7 */ 5405 run_rt3070_rf_write(sc, 30, rf | 0x80); 5406 run_delay(sc, 10); 5407 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5408 5409 /* initialize RF registers to default value */ 5410 if (sc->mac_ver == 0x3572) { 5411 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5412 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5413 rt3572_def_rf[i].val); 5414 } 5415 } else { 5416 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5417 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5418 rt3070_def_rf[i].val); 5419 } 5420 } 5421 5422 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5423 /* 5424 * Change voltage from 1.2V to 1.35V for RT3070. 5425 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5426 * in RT3070(F). 5427 */ 5428 run_read(sc, RT3070_LDO_CFG0, &tmp); 5429 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5430 run_write(sc, RT3070_LDO_CFG0, tmp); 5431 5432 } else if (sc->mac_ver == 0x3071) { 5433 run_rt3070_rf_read(sc, 6, &rf); 5434 run_rt3070_rf_write(sc, 6, rf | 0x40); 5435 run_rt3070_rf_write(sc, 31, 0x14); 5436 5437 run_read(sc, RT3070_LDO_CFG0, &tmp); 5438 tmp &= ~0x1f000000; 5439 if (sc->mac_rev < 0x0211) 5440 tmp |= 0x0d000000; /* 1.3V */ 5441 else 5442 tmp |= 0x01000000; /* 1.2V */ 5443 run_write(sc, RT3070_LDO_CFG0, tmp); 5444 5445 /* patch LNA_PE_G1 */ 5446 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5447 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5448 5449 } else if (sc->mac_ver == 0x3572) { 5450 run_rt3070_rf_read(sc, 6, &rf); 5451 run_rt3070_rf_write(sc, 6, rf | 0x40); 5452 5453 /* increase voltage from 1.2V to 1.35V */ 5454 run_read(sc, RT3070_LDO_CFG0, &tmp); 5455 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5456 run_write(sc, RT3070_LDO_CFG0, tmp); 5457 5458 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5459 run_delay(sc, 1); /* wait for 1msec */ 5460 /* decrease voltage back to 1.2V */ 5461 tmp = (tmp & ~0x1f000000) | 0x01000000; 5462 run_write(sc, RT3070_LDO_CFG0, tmp); 5463 } 5464 } 5465 5466 /* select 20MHz bandwidth */ 5467 run_rt3070_rf_read(sc, 31, &rf); 5468 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5469 5470 /* calibrate filter for 20MHz bandwidth */ 5471 sc->rf24_20mhz = 0x1f; /* default value */ 5472 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5473 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5474 5475 /* select 40MHz bandwidth */ 5476 run_bbp_read(sc, 4, &bbp4); 5477 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5478 run_rt3070_rf_read(sc, 31, &rf); 5479 run_rt3070_rf_write(sc, 31, rf | 0x20); 5480 5481 /* calibrate filter for 40MHz bandwidth */ 5482 sc->rf24_40mhz = 0x2f; /* default value */ 5483 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5484 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5485 5486 /* go back to 20MHz bandwidth */ 5487 run_bbp_read(sc, 4, &bbp4); 5488 run_bbp_write(sc, 4, bbp4 & ~0x18); 5489 5490 if (sc->mac_ver == 0x3572) { 5491 /* save default BBP registers 25 and 26 values */ 5492 run_bbp_read(sc, 25, &sc->bbp25); 5493 run_bbp_read(sc, 26, &sc->bbp26); 5494 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5495 run_rt3070_rf_write(sc, 27, 0x03); 5496 5497 run_read(sc, RT3070_OPT_14, &tmp); 5498 run_write(sc, RT3070_OPT_14, tmp | 1); 5499 5500 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5501 run_rt3070_rf_read(sc, 17, &rf); 5502 rf &= ~RT3070_TX_LO1; 5503 if ((sc->mac_ver == 0x3070 || 5504 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5505 !sc->ext_2ghz_lna) 5506 rf |= 0x20; /* fix for long range Rx issue */ 5507 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5508 if (sc->txmixgain_2ghz >= mingain) 5509 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5510 run_rt3070_rf_write(sc, 17, rf); 5511 } 5512 5513 if (sc->mac_ver == 0x3071) { 5514 run_rt3070_rf_read(sc, 1, &rf); 5515 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5516 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5517 run_rt3070_rf_write(sc, 1, rf); 5518 5519 run_rt3070_rf_read(sc, 15, &rf); 5520 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5521 5522 run_rt3070_rf_read(sc, 20, &rf); 5523 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5524 5525 run_rt3070_rf_read(sc, 21, &rf); 5526 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5527 } 5528 5529 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5530 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5531 run_rt3070_rf_read(sc, 27, &rf); 5532 rf &= ~0x77; 5533 if (sc->mac_rev < 0x0211) 5534 rf |= 0x03; 5535 run_rt3070_rf_write(sc, 27, rf); 5536 } 5537 return (0); 5538 } 5539 5540 static void 5541 run_rt3593_rf_init(struct run_softc *sc) 5542 { 5543 uint32_t tmp; 5544 uint8_t rf; 5545 u_int i; 5546 5547 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5548 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5549 tmp &= ~(1 << 4 | 1 << 7); 5550 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5551 5552 /* Initialize RF registers to default value. */ 5553 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5554 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5555 rt3593_def_rf[i].val); 5556 } 5557 5558 /* Toggle RF R2 to initiate calibration. */ 5559 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5560 5561 /* Initialize RF frequency offset. */ 5562 run_adjust_freq_offset(sc); 5563 5564 run_rt3070_rf_read(sc, 18, &rf); 5565 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5566 5567 /* 5568 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5569 * decrease voltage back to 1.2V. 5570 */ 5571 run_read(sc, RT3070_LDO_CFG0, &tmp); 5572 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5573 run_write(sc, RT3070_LDO_CFG0, tmp); 5574 run_delay(sc, 1); 5575 tmp = (tmp & ~0x1f000000) | 0x01000000; 5576 run_write(sc, RT3070_LDO_CFG0, tmp); 5577 5578 sc->rf24_20mhz = 0x1f; 5579 sc->rf24_40mhz = 0x2f; 5580 5581 /* Save default BBP registers 25 and 26 values. */ 5582 run_bbp_read(sc, 25, &sc->bbp25); 5583 run_bbp_read(sc, 26, &sc->bbp26); 5584 5585 run_read(sc, RT3070_OPT_14, &tmp); 5586 run_write(sc, RT3070_OPT_14, tmp | 1); 5587 } 5588 5589 static void 5590 run_rt5390_rf_init(struct run_softc *sc) 5591 { 5592 uint32_t tmp; 5593 uint8_t rf; 5594 u_int i; 5595 5596 /* Toggle RF R2 to initiate calibration. */ 5597 if (sc->mac_ver == 0x5390) { 5598 run_rt3070_rf_read(sc, 2, &rf); 5599 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5600 run_delay(sc, 10); 5601 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5602 } else { 5603 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5604 run_delay(sc, 10); 5605 } 5606 5607 /* Initialize RF registers to default value. */ 5608 if (sc->mac_ver == 0x5592) { 5609 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5610 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5611 rt5592_def_rf[i].val); 5612 } 5613 /* Initialize RF frequency offset. */ 5614 run_adjust_freq_offset(sc); 5615 } else if (sc->mac_ver == 0x5392) { 5616 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5617 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5618 rt5392_def_rf[i].val); 5619 } 5620 if (sc->mac_rev >= 0x0223) { 5621 run_rt3070_rf_write(sc, 23, 0x0f); 5622 run_rt3070_rf_write(sc, 24, 0x3e); 5623 run_rt3070_rf_write(sc, 51, 0x32); 5624 run_rt3070_rf_write(sc, 53, 0x22); 5625 run_rt3070_rf_write(sc, 56, 0xc1); 5626 run_rt3070_rf_write(sc, 59, 0x0f); 5627 } 5628 } else { 5629 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5630 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5631 rt5390_def_rf[i].val); 5632 } 5633 if (sc->mac_rev >= 0x0502) { 5634 run_rt3070_rf_write(sc, 6, 0xe0); 5635 run_rt3070_rf_write(sc, 25, 0x80); 5636 run_rt3070_rf_write(sc, 46, 0x73); 5637 run_rt3070_rf_write(sc, 53, 0x00); 5638 run_rt3070_rf_write(sc, 56, 0x42); 5639 run_rt3070_rf_write(sc, 61, 0xd1); 5640 } 5641 } 5642 5643 sc->rf24_20mhz = 0x1f; /* default value */ 5644 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5645 5646 if (sc->mac_rev < 0x0211) 5647 run_rt3070_rf_write(sc, 27, 0x3); 5648 5649 run_read(sc, RT3070_OPT_14, &tmp); 5650 run_write(sc, RT3070_OPT_14, tmp | 1); 5651 } 5652 5653 static int 5654 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5655 uint8_t *val) 5656 { 5657 uint8_t rf22, rf24; 5658 uint8_t bbp55_pb, bbp55_sb, delta; 5659 int ntries; 5660 5661 /* program filter */ 5662 run_rt3070_rf_read(sc, 24, &rf24); 5663 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5664 run_rt3070_rf_write(sc, 24, rf24); 5665 5666 /* enable baseband loopback mode */ 5667 run_rt3070_rf_read(sc, 22, &rf22); 5668 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5669 5670 /* set power and frequency of passband test tone */ 5671 run_bbp_write(sc, 24, 0x00); 5672 for (ntries = 0; ntries < 100; ntries++) { 5673 /* transmit test tone */ 5674 run_bbp_write(sc, 25, 0x90); 5675 run_delay(sc, 10); 5676 /* read received power */ 5677 run_bbp_read(sc, 55, &bbp55_pb); 5678 if (bbp55_pb != 0) 5679 break; 5680 } 5681 if (ntries == 100) 5682 return (ETIMEDOUT); 5683 5684 /* set power and frequency of stopband test tone */ 5685 run_bbp_write(sc, 24, 0x06); 5686 for (ntries = 0; ntries < 100; ntries++) { 5687 /* transmit test tone */ 5688 run_bbp_write(sc, 25, 0x90); 5689 run_delay(sc, 10); 5690 /* read received power */ 5691 run_bbp_read(sc, 55, &bbp55_sb); 5692 5693 delta = bbp55_pb - bbp55_sb; 5694 if (delta > target) 5695 break; 5696 5697 /* reprogram filter */ 5698 rf24++; 5699 run_rt3070_rf_write(sc, 24, rf24); 5700 } 5701 if (ntries < 100) { 5702 if (rf24 != init) 5703 rf24--; /* backtrack */ 5704 *val = rf24; 5705 run_rt3070_rf_write(sc, 24, rf24); 5706 } 5707 5708 /* restore initial state */ 5709 run_bbp_write(sc, 24, 0x00); 5710 5711 /* disable baseband loopback mode */ 5712 run_rt3070_rf_read(sc, 22, &rf22); 5713 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5714 5715 return (0); 5716 } 5717 5718 static void 5719 run_rt3070_rf_setup(struct run_softc *sc) 5720 { 5721 uint8_t bbp, rf; 5722 int i; 5723 5724 if (sc->mac_ver == 0x3572) { 5725 /* enable DC filter */ 5726 if (sc->mac_rev >= 0x0201) 5727 run_bbp_write(sc, 103, 0xc0); 5728 5729 run_bbp_read(sc, 138, &bbp); 5730 if (sc->ntxchains == 1) 5731 bbp |= 0x20; /* turn off DAC1 */ 5732 if (sc->nrxchains == 1) 5733 bbp &= ~0x02; /* turn off ADC1 */ 5734 run_bbp_write(sc, 138, bbp); 5735 5736 if (sc->mac_rev >= 0x0211) { 5737 /* improve power consumption */ 5738 run_bbp_read(sc, 31, &bbp); 5739 run_bbp_write(sc, 31, bbp & ~0x03); 5740 } 5741 5742 run_rt3070_rf_read(sc, 16, &rf); 5743 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5744 run_rt3070_rf_write(sc, 16, rf); 5745 5746 } else if (sc->mac_ver == 0x3071) { 5747 if (sc->mac_rev >= 0x0211) { 5748 /* enable DC filter */ 5749 run_bbp_write(sc, 103, 0xc0); 5750 5751 /* improve power consumption */ 5752 run_bbp_read(sc, 31, &bbp); 5753 run_bbp_write(sc, 31, bbp & ~0x03); 5754 } 5755 5756 run_bbp_read(sc, 138, &bbp); 5757 if (sc->ntxchains == 1) 5758 bbp |= 0x20; /* turn off DAC1 */ 5759 if (sc->nrxchains == 1) 5760 bbp &= ~0x02; /* turn off ADC1 */ 5761 run_bbp_write(sc, 138, bbp); 5762 5763 run_write(sc, RT2860_TX_SW_CFG1, 0); 5764 if (sc->mac_rev < 0x0211) { 5765 run_write(sc, RT2860_TX_SW_CFG2, 5766 sc->patch_dac ? 0x2c : 0x0f); 5767 } else 5768 run_write(sc, RT2860_TX_SW_CFG2, 0); 5769 5770 } else if (sc->mac_ver == 0x3070) { 5771 if (sc->mac_rev >= 0x0201) { 5772 /* enable DC filter */ 5773 run_bbp_write(sc, 103, 0xc0); 5774 5775 /* improve power consumption */ 5776 run_bbp_read(sc, 31, &bbp); 5777 run_bbp_write(sc, 31, bbp & ~0x03); 5778 } 5779 5780 if (sc->mac_rev < 0x0201) { 5781 run_write(sc, RT2860_TX_SW_CFG1, 0); 5782 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5783 } else 5784 run_write(sc, RT2860_TX_SW_CFG2, 0); 5785 } 5786 5787 /* initialize RF registers from ROM for >=RT3071*/ 5788 if (sc->mac_ver >= 0x3071) { 5789 for (i = 0; i < 10; i++) { 5790 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5791 continue; 5792 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5793 } 5794 } 5795 } 5796 5797 static void 5798 run_rt3593_rf_setup(struct run_softc *sc) 5799 { 5800 uint8_t bbp, rf; 5801 5802 if (sc->mac_rev >= 0x0211) { 5803 /* Enable DC filter. */ 5804 run_bbp_write(sc, 103, 0xc0); 5805 } 5806 run_write(sc, RT2860_TX_SW_CFG1, 0); 5807 if (sc->mac_rev < 0x0211) { 5808 run_write(sc, RT2860_TX_SW_CFG2, 5809 sc->patch_dac ? 0x2c : 0x0f); 5810 } else 5811 run_write(sc, RT2860_TX_SW_CFG2, 0); 5812 5813 run_rt3070_rf_read(sc, 50, &rf); 5814 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5815 5816 run_rt3070_rf_read(sc, 51, &rf); 5817 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5818 ((sc->txmixgain_2ghz & 0x07) << 2); 5819 run_rt3070_rf_write(sc, 51, rf); 5820 5821 run_rt3070_rf_read(sc, 38, &rf); 5822 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5823 5824 run_rt3070_rf_read(sc, 39, &rf); 5825 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5826 5827 run_rt3070_rf_read(sc, 1, &rf); 5828 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5829 5830 run_rt3070_rf_read(sc, 30, &rf); 5831 rf = (rf & ~0x18) | 0x10; 5832 run_rt3070_rf_write(sc, 30, rf); 5833 5834 /* Apply maximum likelihood detection for 2 stream case. */ 5835 run_bbp_read(sc, 105, &bbp); 5836 if (sc->nrxchains > 1) 5837 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5838 5839 /* Avoid data lost and CRC error. */ 5840 run_bbp_read(sc, 4, &bbp); 5841 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5842 5843 run_bbp_write(sc, 92, 0x02); 5844 run_bbp_write(sc, 82, 0x82); 5845 run_bbp_write(sc, 106, 0x05); 5846 run_bbp_write(sc, 104, 0x92); 5847 run_bbp_write(sc, 88, 0x90); 5848 run_bbp_write(sc, 148, 0xc8); 5849 run_bbp_write(sc, 47, 0x48); 5850 run_bbp_write(sc, 120, 0x50); 5851 5852 run_bbp_write(sc, 163, 0x9d); 5853 5854 /* SNR mapping. */ 5855 run_bbp_write(sc, 142, 0x06); 5856 run_bbp_write(sc, 143, 0xa0); 5857 run_bbp_write(sc, 142, 0x07); 5858 run_bbp_write(sc, 143, 0xa1); 5859 run_bbp_write(sc, 142, 0x08); 5860 run_bbp_write(sc, 143, 0xa2); 5861 5862 run_bbp_write(sc, 31, 0x08); 5863 run_bbp_write(sc, 68, 0x0b); 5864 run_bbp_write(sc, 105, 0x04); 5865 } 5866 5867 static void 5868 run_rt5390_rf_setup(struct run_softc *sc) 5869 { 5870 uint8_t bbp, rf; 5871 5872 if (sc->mac_rev >= 0x0211) { 5873 /* Enable DC filter. */ 5874 run_bbp_write(sc, 103, 0xc0); 5875 5876 if (sc->mac_ver != 0x5592) { 5877 /* Improve power consumption. */ 5878 run_bbp_read(sc, 31, &bbp); 5879 run_bbp_write(sc, 31, bbp & ~0x03); 5880 } 5881 } 5882 5883 run_bbp_read(sc, 138, &bbp); 5884 if (sc->ntxchains == 1) 5885 bbp |= 0x20; /* turn off DAC1 */ 5886 if (sc->nrxchains == 1) 5887 bbp &= ~0x02; /* turn off ADC1 */ 5888 run_bbp_write(sc, 138, bbp); 5889 5890 run_rt3070_rf_read(sc, 38, &rf); 5891 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5892 5893 run_rt3070_rf_read(sc, 39, &rf); 5894 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5895 5896 /* Avoid data lost and CRC error. */ 5897 run_bbp_read(sc, 4, &bbp); 5898 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5899 5900 run_rt3070_rf_read(sc, 30, &rf); 5901 rf = (rf & ~0x18) | 0x10; 5902 run_rt3070_rf_write(sc, 30, rf); 5903 5904 if (sc->mac_ver != 0x5592) { 5905 run_write(sc, RT2860_TX_SW_CFG1, 0); 5906 if (sc->mac_rev < 0x0211) { 5907 run_write(sc, RT2860_TX_SW_CFG2, 5908 sc->patch_dac ? 0x2c : 0x0f); 5909 } else 5910 run_write(sc, RT2860_TX_SW_CFG2, 0); 5911 } 5912 } 5913 5914 static int 5915 run_txrx_enable(struct run_softc *sc) 5916 { 5917 struct ieee80211com *ic = &sc->sc_ic; 5918 uint32_t tmp; 5919 int error, ntries; 5920 5921 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5922 for (ntries = 0; ntries < 200; ntries++) { 5923 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5924 return (error); 5925 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5926 break; 5927 run_delay(sc, 50); 5928 } 5929 if (ntries == 200) 5930 return (ETIMEDOUT); 5931 5932 run_delay(sc, 50); 5933 5934 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5935 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5936 5937 /* enable Rx bulk aggregation (set timeout and limit) */ 5938 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5939 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5940 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5941 5942 /* set Rx filter */ 5943 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5944 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5945 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5946 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5947 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5948 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5949 if (ic->ic_opmode == IEEE80211_M_STA) 5950 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5951 } 5952 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5953 5954 run_write(sc, RT2860_MAC_SYS_CTRL, 5955 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5956 5957 return (0); 5958 } 5959 5960 static void 5961 run_adjust_freq_offset(struct run_softc *sc) 5962 { 5963 uint8_t rf, tmp; 5964 5965 run_rt3070_rf_read(sc, 17, &rf); 5966 tmp = rf; 5967 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5968 rf = MIN(rf, 0x5f); 5969 5970 if (tmp != rf) 5971 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5972 } 5973 5974 static void 5975 run_init_locked(struct run_softc *sc) 5976 { 5977 struct ieee80211com *ic = &sc->sc_ic; 5978 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5979 uint32_t tmp; 5980 uint8_t bbp1, bbp3; 5981 int i; 5982 int ridx; 5983 int ntries; 5984 5985 if (ic->ic_nrunning > 1) 5986 return; 5987 5988 run_stop(sc); 5989 5990 if (run_load_microcode(sc) != 0) { 5991 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5992 goto fail; 5993 } 5994 5995 for (ntries = 0; ntries < 100; ntries++) { 5996 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5997 goto fail; 5998 if (tmp != 0 && tmp != 0xffffffff) 5999 break; 6000 run_delay(sc, 10); 6001 } 6002 if (ntries == 100) 6003 goto fail; 6004 6005 for (i = 0; i != RUN_EP_QUEUES; i++) 6006 run_setup_tx_list(sc, &sc->sc_epq[i]); 6007 6008 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6009 6010 for (ntries = 0; ntries < 100; ntries++) { 6011 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6012 goto fail; 6013 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6014 break; 6015 run_delay(sc, 10); 6016 } 6017 if (ntries == 100) { 6018 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6019 goto fail; 6020 } 6021 tmp &= 0xff0; 6022 tmp |= RT2860_TX_WB_DDONE; 6023 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6024 6025 /* turn off PME_OEN to solve high-current issue */ 6026 run_read(sc, RT2860_SYS_CTRL, &tmp); 6027 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6028 6029 run_write(sc, RT2860_MAC_SYS_CTRL, 6030 RT2860_BBP_HRST | RT2860_MAC_SRST); 6031 run_write(sc, RT2860_USB_DMA_CFG, 0); 6032 6033 if (run_reset(sc) != 0) { 6034 device_printf(sc->sc_dev, "could not reset chipset\n"); 6035 goto fail; 6036 } 6037 6038 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6039 6040 /* init Tx power for all Tx rates (from EEPROM) */ 6041 for (ridx = 0; ridx < 5; ridx++) { 6042 if (sc->txpow20mhz[ridx] == 0xffffffff) 6043 continue; 6044 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6045 } 6046 6047 for (i = 0; i < nitems(rt2870_def_mac); i++) 6048 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6049 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6050 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6051 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6052 6053 if (sc->mac_ver >= 0x5390) { 6054 run_write(sc, RT2860_TX_SW_CFG0, 6055 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6056 if (sc->mac_ver >= 0x5392) { 6057 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6058 if (sc->mac_ver == 0x5592) { 6059 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6060 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6061 } else { 6062 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6063 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6064 } 6065 } 6066 } else if (sc->mac_ver == 0x3593) { 6067 run_write(sc, RT2860_TX_SW_CFG0, 6068 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6069 } else if (sc->mac_ver >= 0x3070) { 6070 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6071 run_write(sc, RT2860_TX_SW_CFG0, 6072 4 << RT2860_DLY_PAPE_EN_SHIFT); 6073 } 6074 6075 /* wait while MAC is busy */ 6076 for (ntries = 0; ntries < 100; ntries++) { 6077 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6078 goto fail; 6079 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6080 break; 6081 run_delay(sc, 10); 6082 } 6083 if (ntries == 100) 6084 goto fail; 6085 6086 /* clear Host to MCU mailbox */ 6087 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6088 run_write(sc, RT2860_H2M_MAILBOX, 0); 6089 run_delay(sc, 10); 6090 6091 if (run_bbp_init(sc) != 0) { 6092 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6093 goto fail; 6094 } 6095 6096 /* abort TSF synchronization */ 6097 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6098 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6099 RT2860_TBTT_TIMER_EN); 6100 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6101 6102 /* clear RX WCID search table */ 6103 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6104 /* clear WCID attribute table */ 6105 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6106 6107 /* hostapd sets a key before init. So, don't clear it. */ 6108 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6109 /* clear shared key table */ 6110 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6111 /* clear shared key mode */ 6112 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6113 } 6114 6115 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6116 tmp = (tmp & ~0xff) | 0x1e; 6117 run_write(sc, RT2860_US_CYC_CNT, tmp); 6118 6119 if (sc->mac_rev != 0x0101) 6120 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6121 6122 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6123 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6124 6125 /* write vendor-specific BBP values (from EEPROM) */ 6126 if (sc->mac_ver < 0x3593) { 6127 for (i = 0; i < 10; i++) { 6128 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6129 continue; 6130 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6131 } 6132 } 6133 6134 /* select Main antenna for 1T1R devices */ 6135 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6136 run_set_rx_antenna(sc, 0); 6137 6138 /* send LEDs operating mode to microcontroller */ 6139 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6140 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6141 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6142 6143 if (sc->mac_ver >= 0x5390) 6144 run_rt5390_rf_init(sc); 6145 else if (sc->mac_ver == 0x3593) 6146 run_rt3593_rf_init(sc); 6147 else if (sc->mac_ver >= 0x3070) 6148 run_rt3070_rf_init(sc); 6149 6150 /* disable non-existing Rx chains */ 6151 run_bbp_read(sc, 3, &bbp3); 6152 bbp3 &= ~(1 << 3 | 1 << 4); 6153 if (sc->nrxchains == 2) 6154 bbp3 |= 1 << 3; 6155 else if (sc->nrxchains == 3) 6156 bbp3 |= 1 << 4; 6157 run_bbp_write(sc, 3, bbp3); 6158 6159 /* disable non-existing Tx chains */ 6160 run_bbp_read(sc, 1, &bbp1); 6161 if (sc->ntxchains == 1) 6162 bbp1 &= ~(1 << 3 | 1 << 4); 6163 run_bbp_write(sc, 1, bbp1); 6164 6165 if (sc->mac_ver >= 0x5390) 6166 run_rt5390_rf_setup(sc); 6167 else if (sc->mac_ver == 0x3593) 6168 run_rt3593_rf_setup(sc); 6169 else if (sc->mac_ver >= 0x3070) 6170 run_rt3070_rf_setup(sc); 6171 6172 /* select default channel */ 6173 run_set_chan(sc, ic->ic_curchan); 6174 6175 /* setup initial protection mode */ 6176 run_updateprot_cb(ic); 6177 6178 /* turn radio LED on */ 6179 run_set_leds(sc, RT2860_LED_RADIO); 6180 6181 sc->sc_flags |= RUN_RUNNING; 6182 sc->cmdq_run = RUN_CMDQ_GO; 6183 6184 for (i = 0; i != RUN_N_XFER; i++) 6185 usbd_xfer_set_stall(sc->sc_xfer[i]); 6186 6187 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6188 6189 if (run_txrx_enable(sc) != 0) 6190 goto fail; 6191 6192 return; 6193 6194 fail: 6195 run_stop(sc); 6196 } 6197 6198 static void 6199 run_stop(void *arg) 6200 { 6201 struct run_softc *sc = (struct run_softc *)arg; 6202 uint32_t tmp; 6203 int i; 6204 int ntries; 6205 6206 RUN_LOCK_ASSERT(sc, MA_OWNED); 6207 6208 if (sc->sc_flags & RUN_RUNNING) 6209 run_set_leds(sc, 0); /* turn all LEDs off */ 6210 6211 sc->sc_flags &= ~RUN_RUNNING; 6212 6213 sc->ratectl_run = RUN_RATECTL_OFF; 6214 sc->cmdq_run = sc->cmdq_key_set; 6215 6216 RUN_UNLOCK(sc); 6217 6218 for(i = 0; i < RUN_N_XFER; i++) 6219 usbd_transfer_drain(sc->sc_xfer[i]); 6220 6221 RUN_LOCK(sc); 6222 6223 run_drain_mbufq(sc); 6224 6225 if (sc->rx_m != NULL) { 6226 m_free(sc->rx_m); 6227 sc->rx_m = NULL; 6228 } 6229 6230 /* Disable Tx/Rx DMA. */ 6231 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6232 return; 6233 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6234 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6235 6236 for (ntries = 0; ntries < 100; ntries++) { 6237 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6238 return; 6239 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6240 break; 6241 run_delay(sc, 10); 6242 } 6243 if (ntries == 100) { 6244 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6245 return; 6246 } 6247 6248 /* disable Tx/Rx */ 6249 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6250 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6251 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6252 6253 /* wait for pending Tx to complete */ 6254 for (ntries = 0; ntries < 100; ntries++) { 6255 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6256 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6257 "Cannot read Tx queue count\n"); 6258 break; 6259 } 6260 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6261 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6262 "All Tx cleared\n"); 6263 break; 6264 } 6265 run_delay(sc, 10); 6266 } 6267 if (ntries >= 100) 6268 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6269 "There are still pending Tx\n"); 6270 run_delay(sc, 10); 6271 run_write(sc, RT2860_USB_DMA_CFG, 0); 6272 6273 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6274 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6275 6276 for (i = 0; i != RUN_EP_QUEUES; i++) 6277 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6278 } 6279 6280 static void 6281 run_delay(struct run_softc *sc, u_int ms) 6282 { 6283 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6284 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6285 } 6286 6287 static device_method_t run_methods[] = { 6288 /* Device interface */ 6289 DEVMETHOD(device_probe, run_match), 6290 DEVMETHOD(device_attach, run_attach), 6291 DEVMETHOD(device_detach, run_detach), 6292 DEVMETHOD_END 6293 }; 6294 6295 static driver_t run_driver = { 6296 .name = "run", 6297 .methods = run_methods, 6298 .size = sizeof(struct run_softc) 6299 }; 6300 6301 static devclass_t run_devclass; 6302 6303 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6304 MODULE_DEPEND(run, wlan, 1, 1, 1); 6305 MODULE_DEPEND(run, usb, 1, 1, 1); 6306 MODULE_DEPEND(run, firmware, 1, 1, 1); 6307 MODULE_VERSION(run, 1); 6308 USB_PNP_HOST_INFO(run_devs); 6309