1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/lock.h> 34 #include <sys/mutex.h> 35 #include <sys/mbuf.h> 36 #include <sys/kernel.h> 37 #include <sys/socket.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/module.h> 41 #include <sys/bus.h> 42 #include <sys/endian.h> 43 #include <sys/linker.h> 44 #include <sys/firmware.h> 45 #include <sys/kdb.h> 46 47 #include <net/bpf.h> 48 #include <net/if.h> 49 #include <net/if_var.h> 50 #include <net/if_arp.h> 51 #include <net/ethernet.h> 52 #include <net/if_dl.h> 53 #include <net/if_media.h> 54 #include <net/if_types.h> 55 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/if_ether.h> 60 #include <netinet/ip.h> 61 62 #include <net80211/ieee80211_var.h> 63 #include <net80211/ieee80211_regdomain.h> 64 #include <net80211/ieee80211_radiotap.h> 65 #include <net80211/ieee80211_ratectl.h> 66 67 #include <dev/usb/usb.h> 68 #include <dev/usb/usbdi.h> 69 #include "usbdevs.h" 70 71 #define USB_DEBUG_VAR run_debug 72 #include <dev/usb/usb_debug.h> 73 #include <dev/usb/usb_msctest.h> 74 75 #include <dev/usb/wlan/if_runreg.h> 76 #include <dev/usb/wlan/if_runvar.h> 77 78 #ifdef USB_DEBUG 79 #define RUN_DEBUG 80 #endif 81 82 #ifdef RUN_DEBUG 83 int run_debug = 0; 84 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 85 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 86 "run debug level"); 87 88 enum { 89 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 90 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 91 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 92 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 93 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 94 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 95 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 96 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 97 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 98 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 99 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 100 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 101 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 102 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 103 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 104 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 105 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 106 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 107 RUN_DEBUG_ANY = 0xffffffff 108 }; 109 110 #define RUN_DPRINTF(_sc, _m, ...) do { \ 111 if (run_debug & (_m)) \ 112 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 113 } while(0) 114 #else 115 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 116 #endif 117 118 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 119 120 /* 121 * Because of LOR in run_key_delete(), use atomic instead. 122 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 123 */ 124 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 125 126 static const STRUCT_USB_HOST_ID run_devs[] = { 127 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 128 #define RUN_DEV_EJECT(v,p) \ 129 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 130 #define RUN_EJECT 1 131 RUN_DEV(ABOCOM, RT2770), 132 RUN_DEV(ABOCOM, RT2870), 133 RUN_DEV(ABOCOM, RT3070), 134 RUN_DEV(ABOCOM, RT3071), 135 RUN_DEV(ABOCOM, RT3072), 136 RUN_DEV(ABOCOM2, RT2870_1), 137 RUN_DEV(ACCTON, RT2770), 138 RUN_DEV(ACCTON, RT2870_1), 139 RUN_DEV(ACCTON, RT2870_2), 140 RUN_DEV(ACCTON, RT2870_3), 141 RUN_DEV(ACCTON, RT2870_4), 142 RUN_DEV(ACCTON, RT2870_5), 143 RUN_DEV(ACCTON, RT3070), 144 RUN_DEV(ACCTON, RT3070_1), 145 RUN_DEV(ACCTON, RT3070_2), 146 RUN_DEV(ACCTON, RT3070_3), 147 RUN_DEV(ACCTON, RT3070_4), 148 RUN_DEV(ACCTON, RT3070_5), 149 RUN_DEV(AIRTIES, RT3070), 150 RUN_DEV(ALLWIN, RT2070), 151 RUN_DEV(ALLWIN, RT2770), 152 RUN_DEV(ALLWIN, RT2870), 153 RUN_DEV(ALLWIN, RT3070), 154 RUN_DEV(ALLWIN, RT3071), 155 RUN_DEV(ALLWIN, RT3072), 156 RUN_DEV(ALLWIN, RT3572), 157 RUN_DEV(AMIGO, RT2870_1), 158 RUN_DEV(AMIGO, RT2870_2), 159 RUN_DEV(AMIT, CGWLUSB2GNR), 160 RUN_DEV(AMIT, RT2870_1), 161 RUN_DEV(AMIT2, RT2870), 162 RUN_DEV(ASUS, RT2870_1), 163 RUN_DEV(ASUS, RT2870_2), 164 RUN_DEV(ASUS, RT2870_3), 165 RUN_DEV(ASUS, RT2870_4), 166 RUN_DEV(ASUS, RT2870_5), 167 RUN_DEV(ASUS, USBN13), 168 RUN_DEV(ASUS, RT3070_1), 169 RUN_DEV(ASUS, USBN66), 170 RUN_DEV(ASUS, USB_N53), 171 RUN_DEV(ASUS2, USBN11), 172 RUN_DEV(AZUREWAVE, RT2870_1), 173 RUN_DEV(AZUREWAVE, RT2870_2), 174 RUN_DEV(AZUREWAVE, RT3070_1), 175 RUN_DEV(AZUREWAVE, RT3070_2), 176 RUN_DEV(AZUREWAVE, RT3070_3), 177 RUN_DEV(BELKIN, F9L1103), 178 RUN_DEV(BELKIN, F5D8053V3), 179 RUN_DEV(BELKIN, F5D8055), 180 RUN_DEV(BELKIN, F5D8055V2), 181 RUN_DEV(BELKIN, F6D4050V1), 182 RUN_DEV(BELKIN, F6D4050V2), 183 RUN_DEV(BELKIN, RT2870_1), 184 RUN_DEV(BELKIN, RT2870_2), 185 RUN_DEV(CISCOLINKSYS, AE1000), 186 RUN_DEV(CISCOLINKSYS2, RT3070), 187 RUN_DEV(CISCOLINKSYS3, RT3070), 188 RUN_DEV(CONCEPTRONIC2, RT2870_1), 189 RUN_DEV(CONCEPTRONIC2, RT2870_2), 190 RUN_DEV(CONCEPTRONIC2, RT2870_3), 191 RUN_DEV(CONCEPTRONIC2, RT2870_4), 192 RUN_DEV(CONCEPTRONIC2, RT2870_5), 193 RUN_DEV(CONCEPTRONIC2, RT2870_6), 194 RUN_DEV(CONCEPTRONIC2, RT2870_7), 195 RUN_DEV(CONCEPTRONIC2, RT2870_8), 196 RUN_DEV(CONCEPTRONIC2, RT3070_1), 197 RUN_DEV(CONCEPTRONIC2, RT3070_2), 198 RUN_DEV(CONCEPTRONIC2, VIGORN61), 199 RUN_DEV(COREGA, CGWLUSB300GNM), 200 RUN_DEV(COREGA, RT2870_1), 201 RUN_DEV(COREGA, RT2870_2), 202 RUN_DEV(COREGA, RT2870_3), 203 RUN_DEV(COREGA, RT3070), 204 RUN_DEV(CYBERTAN, RT2870), 205 RUN_DEV(DLINK, RT2870), 206 RUN_DEV(DLINK, RT3072), 207 RUN_DEV(DLINK, DWA125A3), 208 RUN_DEV(DLINK, DWA127), 209 RUN_DEV(DLINK, DWA140B3), 210 RUN_DEV(DLINK, DWA160B2), 211 RUN_DEV(DLINK, DWA140D1), 212 RUN_DEV(DLINK, DWA162), 213 RUN_DEV(DLINK2, DWA130), 214 RUN_DEV(DLINK2, RT2870_1), 215 RUN_DEV(DLINK2, RT2870_2), 216 RUN_DEV(DLINK2, RT3070_1), 217 RUN_DEV(DLINK2, RT3070_2), 218 RUN_DEV(DLINK2, RT3070_3), 219 RUN_DEV(DLINK2, RT3070_4), 220 RUN_DEV(DLINK2, RT3070_5), 221 RUN_DEV(DLINK2, RT3072), 222 RUN_DEV(DLINK2, RT3072_1), 223 RUN_DEV(EDIMAX, EW7717), 224 RUN_DEV(EDIMAX, EW7718), 225 RUN_DEV(EDIMAX, EW7733UND), 226 RUN_DEV(EDIMAX, RT2870_1), 227 RUN_DEV(ENCORE, RT3070_1), 228 RUN_DEV(ENCORE, RT3070_2), 229 RUN_DEV(ENCORE, RT3070_3), 230 RUN_DEV(GIGABYTE, GNWB31N), 231 RUN_DEV(GIGABYTE, GNWB32L), 232 RUN_DEV(GIGABYTE, RT2870_1), 233 RUN_DEV(GIGASET, RT3070_1), 234 RUN_DEV(GIGASET, RT3070_2), 235 RUN_DEV(GUILLEMOT, HWNU300), 236 RUN_DEV(HAWKING, HWUN2), 237 RUN_DEV(HAWKING, RT2870_1), 238 RUN_DEV(HAWKING, RT2870_2), 239 RUN_DEV(HAWKING, RT3070), 240 RUN_DEV(IODATA, RT3072_1), 241 RUN_DEV(IODATA, RT3072_2), 242 RUN_DEV(IODATA, RT3072_3), 243 RUN_DEV(IODATA, RT3072_4), 244 RUN_DEV(LINKSYS4, RT3070), 245 RUN_DEV(LINKSYS4, WUSB100), 246 RUN_DEV(LINKSYS4, WUSB54GCV3), 247 RUN_DEV(LINKSYS4, WUSB600N), 248 RUN_DEV(LINKSYS4, WUSB600NV2), 249 RUN_DEV(LOGITEC, RT2870_1), 250 RUN_DEV(LOGITEC, RT2870_2), 251 RUN_DEV(LOGITEC, RT2870_3), 252 RUN_DEV(LOGITEC, LANW300NU2), 253 RUN_DEV(LOGITEC, LANW150NU2), 254 RUN_DEV(LOGITEC, LANW300NU2S), 255 RUN_DEV(MELCO, WLIUCG300HP), 256 RUN_DEV(MELCO, RT2870_2), 257 RUN_DEV(MELCO, WLIUCAG300N), 258 RUN_DEV(MELCO, WLIUCG300N), 259 RUN_DEV(MELCO, WLIUCG301N), 260 RUN_DEV(MELCO, WLIUCGN), 261 RUN_DEV(MELCO, WLIUCGNM), 262 RUN_DEV(MELCO, WLIUCG300HPV1), 263 RUN_DEV(MELCO, WLIUCGNM2), 264 RUN_DEV(MOTOROLA4, RT2770), 265 RUN_DEV(MOTOROLA4, RT3070), 266 RUN_DEV(MSI, RT3070_1), 267 RUN_DEV(MSI, RT3070_2), 268 RUN_DEV(MSI, RT3070_3), 269 RUN_DEV(MSI, RT3070_4), 270 RUN_DEV(MSI, RT3070_5), 271 RUN_DEV(MSI, RT3070_6), 272 RUN_DEV(MSI, RT3070_7), 273 RUN_DEV(MSI, RT3070_8), 274 RUN_DEV(MSI, RT3070_9), 275 RUN_DEV(MSI, RT3070_10), 276 RUN_DEV(MSI, RT3070_11), 277 RUN_DEV(NETGEAR, WNDA4100), 278 RUN_DEV(OVISLINK, RT3072), 279 RUN_DEV(PARA, RT3070), 280 RUN_DEV(PEGATRON, RT2870), 281 RUN_DEV(PEGATRON, RT3070), 282 RUN_DEV(PEGATRON, RT3070_2), 283 RUN_DEV(PEGATRON, RT3070_3), 284 RUN_DEV(PHILIPS, RT2870), 285 RUN_DEV(PLANEX2, GWUS300MINIS), 286 RUN_DEV(PLANEX2, GWUSMICRON), 287 RUN_DEV(PLANEX2, RT2870), 288 RUN_DEV(PLANEX2, RT3070), 289 RUN_DEV(QCOM, RT2870), 290 RUN_DEV(QUANTA, RT3070), 291 RUN_DEV(RALINK, RT2070), 292 RUN_DEV(RALINK, RT2770), 293 RUN_DEV(RALINK, RT2870), 294 RUN_DEV(RALINK, RT3070), 295 RUN_DEV(RALINK, RT3071), 296 RUN_DEV(RALINK, RT3072), 297 RUN_DEV(RALINK, RT3370), 298 RUN_DEV(RALINK, RT3572), 299 RUN_DEV(RALINK, RT3573), 300 RUN_DEV(RALINK, RT5370), 301 RUN_DEV(RALINK, RT5372), 302 RUN_DEV(RALINK, RT5572), 303 RUN_DEV(RALINK, RT8070), 304 RUN_DEV(SAMSUNG, WIS09ABGN), 305 RUN_DEV(SAMSUNG2, RT2870_1), 306 RUN_DEV(SENAO, RT2870_1), 307 RUN_DEV(SENAO, RT2870_2), 308 RUN_DEV(SENAO, RT2870_3), 309 RUN_DEV(SENAO, RT2870_4), 310 RUN_DEV(SENAO, RT3070), 311 RUN_DEV(SENAO, RT3071), 312 RUN_DEV(SENAO, RT3072_1), 313 RUN_DEV(SENAO, RT3072_2), 314 RUN_DEV(SENAO, RT3072_3), 315 RUN_DEV(SENAO, RT3072_4), 316 RUN_DEV(SENAO, RT3072_5), 317 RUN_DEV(SITECOMEU, RT2770), 318 RUN_DEV(SITECOMEU, RT2870_1), 319 RUN_DEV(SITECOMEU, RT2870_2), 320 RUN_DEV(SITECOMEU, RT2870_3), 321 RUN_DEV(SITECOMEU, RT2870_4), 322 RUN_DEV(SITECOMEU, RT3070), 323 RUN_DEV(SITECOMEU, RT3070_2), 324 RUN_DEV(SITECOMEU, RT3070_3), 325 RUN_DEV(SITECOMEU, RT3070_4), 326 RUN_DEV(SITECOMEU, RT3071), 327 RUN_DEV(SITECOMEU, RT3072_1), 328 RUN_DEV(SITECOMEU, RT3072_2), 329 RUN_DEV(SITECOMEU, RT3072_3), 330 RUN_DEV(SITECOMEU, RT3072_4), 331 RUN_DEV(SITECOMEU, RT3072_5), 332 RUN_DEV(SITECOMEU, RT3072_6), 333 RUN_DEV(SITECOMEU, WL608), 334 RUN_DEV(SPARKLAN, RT2870_1), 335 RUN_DEV(SPARKLAN, RT3070), 336 RUN_DEV(SWEEX2, LW153), 337 RUN_DEV(SWEEX2, LW303), 338 RUN_DEV(SWEEX2, LW313), 339 RUN_DEV(TOSHIBA, RT3070), 340 RUN_DEV(UMEDIA, RT2870_1), 341 RUN_DEV(ZCOM, RT2870_1), 342 RUN_DEV(ZCOM, RT2870_2), 343 RUN_DEV(ZINWELL, RT2870_1), 344 RUN_DEV(ZINWELL, RT2870_2), 345 RUN_DEV(ZINWELL, RT3070), 346 RUN_DEV(ZINWELL, RT3072_1), 347 RUN_DEV(ZINWELL, RT3072_2), 348 RUN_DEV(ZYXEL, RT2870_1), 349 RUN_DEV(ZYXEL, RT2870_2), 350 RUN_DEV(ZYXEL, RT3070), 351 RUN_DEV_EJECT(ZYXEL, NWD2705), 352 RUN_DEV_EJECT(RALINK, RT_STOR), 353 #undef RUN_DEV_EJECT 354 #undef RUN_DEV 355 }; 356 357 static device_probe_t run_match; 358 static device_attach_t run_attach; 359 static device_detach_t run_detach; 360 361 static usb_callback_t run_bulk_rx_callback; 362 static usb_callback_t run_bulk_tx_callback0; 363 static usb_callback_t run_bulk_tx_callback1; 364 static usb_callback_t run_bulk_tx_callback2; 365 static usb_callback_t run_bulk_tx_callback3; 366 static usb_callback_t run_bulk_tx_callback4; 367 static usb_callback_t run_bulk_tx_callback5; 368 369 static void run_autoinst(void *, struct usb_device *, 370 struct usb_attach_arg *); 371 static int run_driver_loaded(struct module *, int, void *); 372 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 373 usb_error_t error, u_int index); 374 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 375 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 376 const uint8_t [IEEE80211_ADDR_LEN], 377 const uint8_t [IEEE80211_ADDR_LEN]); 378 static void run_vap_delete(struct ieee80211vap *); 379 static void run_cmdq_cb(void *, int); 380 static void run_setup_tx_list(struct run_softc *, 381 struct run_endpoint_queue *); 382 static void run_unsetup_tx_list(struct run_softc *, 383 struct run_endpoint_queue *); 384 static int run_load_microcode(struct run_softc *); 385 static int run_reset(struct run_softc *); 386 static usb_error_t run_do_request(struct run_softc *, 387 struct usb_device_request *, void *); 388 static int run_read(struct run_softc *, uint16_t, uint32_t *); 389 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 390 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 391 static int run_write(struct run_softc *, uint16_t, uint32_t); 392 static int run_write_region_1(struct run_softc *, uint16_t, 393 const uint8_t *, int); 394 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 395 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 396 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 397 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 398 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 399 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 400 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 401 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 402 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 403 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 404 static const char *run_get_rf(uint16_t); 405 static void run_rt3593_get_txpower(struct run_softc *); 406 static void run_get_txpower(struct run_softc *); 407 static int run_read_eeprom(struct run_softc *); 408 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 409 const uint8_t mac[IEEE80211_ADDR_LEN]); 410 static int run_media_change(struct ifnet *); 411 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 412 static int run_wme_update(struct ieee80211com *); 413 static void run_key_set_cb(void *); 414 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 415 static void run_key_delete_cb(void *); 416 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 417 static void run_ratectl_to(void *); 418 static void run_ratectl_cb(void *, int); 419 static void run_drain_fifo(void *); 420 static void run_iter_func(void *, struct ieee80211_node *); 421 static void run_newassoc_cb(void *); 422 static void run_newassoc(struct ieee80211_node *, int); 423 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 424 const struct ieee80211_rx_stats *, int, int); 425 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 426 static void run_tx_free(struct run_endpoint_queue *pq, 427 struct run_tx_data *, int); 428 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 429 static int run_tx(struct run_softc *, struct mbuf *, 430 struct ieee80211_node *); 431 static int run_tx_mgt(struct run_softc *, struct mbuf *, 432 struct ieee80211_node *); 433 static int run_sendprot(struct run_softc *, const struct mbuf *, 434 struct ieee80211_node *, int, int); 435 static int run_tx_param(struct run_softc *, struct mbuf *, 436 struct ieee80211_node *, 437 const struct ieee80211_bpf_params *); 438 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 439 const struct ieee80211_bpf_params *); 440 static int run_transmit(struct ieee80211com *, struct mbuf *); 441 static void run_start(struct run_softc *); 442 static void run_parent(struct ieee80211com *); 443 static void run_iq_calib(struct run_softc *, u_int); 444 static void run_set_agc(struct run_softc *, uint8_t); 445 static void run_select_chan_group(struct run_softc *, int); 446 static void run_set_rx_antenna(struct run_softc *, int); 447 static void run_rt2870_set_chan(struct run_softc *, u_int); 448 static void run_rt3070_set_chan(struct run_softc *, u_int); 449 static void run_rt3572_set_chan(struct run_softc *, u_int); 450 static void run_rt3593_set_chan(struct run_softc *, u_int); 451 static void run_rt5390_set_chan(struct run_softc *, u_int); 452 static void run_rt5592_set_chan(struct run_softc *, u_int); 453 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 454 static void run_set_channel(struct ieee80211com *); 455 static void run_getradiocaps(struct ieee80211com *, int, int *, 456 struct ieee80211_channel[]); 457 static void run_scan_start(struct ieee80211com *); 458 static void run_scan_end(struct ieee80211com *); 459 static void run_update_beacon(struct ieee80211vap *, int); 460 static void run_update_beacon_cb(void *); 461 static void run_updateprot(struct ieee80211com *); 462 static void run_updateprot_cb(void *); 463 static void run_usb_timeout_cb(void *); 464 static void run_reset_livelock(struct run_softc *); 465 static void run_enable_tsf_sync(struct run_softc *); 466 static void run_enable_tsf(struct run_softc *); 467 static void run_get_tsf(struct run_softc *, uint64_t *); 468 static void run_enable_mrr(struct run_softc *); 469 static void run_set_txpreamble(struct run_softc *); 470 static void run_set_basicrates(struct run_softc *); 471 static void run_set_leds(struct run_softc *, uint16_t); 472 static void run_set_bssid(struct run_softc *, const uint8_t *); 473 static void run_set_macaddr(struct run_softc *, const uint8_t *); 474 static void run_updateslot(struct ieee80211com *); 475 static void run_updateslot_cb(void *); 476 static void run_update_mcast(struct ieee80211com *); 477 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 478 static void run_update_promisc_locked(struct run_softc *); 479 static void run_update_promisc(struct ieee80211com *); 480 static void run_rt5390_bbp_init(struct run_softc *); 481 static int run_bbp_init(struct run_softc *); 482 static int run_rt3070_rf_init(struct run_softc *); 483 static void run_rt3593_rf_init(struct run_softc *); 484 static void run_rt5390_rf_init(struct run_softc *); 485 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 486 uint8_t *); 487 static void run_rt3070_rf_setup(struct run_softc *); 488 static void run_rt3593_rf_setup(struct run_softc *); 489 static void run_rt5390_rf_setup(struct run_softc *); 490 static int run_txrx_enable(struct run_softc *); 491 static void run_adjust_freq_offset(struct run_softc *); 492 static void run_init_locked(struct run_softc *); 493 static void run_stop(void *); 494 static void run_delay(struct run_softc *, u_int); 495 496 static eventhandler_tag run_etag; 497 498 static const struct rt2860_rate { 499 uint8_t rate; 500 uint8_t mcs; 501 enum ieee80211_phytype phy; 502 uint8_t ctl_ridx; 503 uint16_t sp_ack_dur; 504 uint16_t lp_ack_dur; 505 } rt2860_rates[] = { 506 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 507 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 508 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 509 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 510 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 511 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 512 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 513 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 514 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 515 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 516 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 517 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 518 }; 519 520 static const struct { 521 uint16_t reg; 522 uint32_t val; 523 } rt2870_def_mac[] = { 524 RT2870_DEF_MAC 525 }; 526 527 static const struct { 528 uint8_t reg; 529 uint8_t val; 530 } rt2860_def_bbp[] = { 531 RT2860_DEF_BBP 532 },rt5390_def_bbp[] = { 533 RT5390_DEF_BBP 534 },rt5592_def_bbp[] = { 535 RT5592_DEF_BBP 536 }; 537 538 /* 539 * Default values for BBP register R196 for RT5592. 540 */ 541 static const uint8_t rt5592_bbp_r196[] = { 542 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 543 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 544 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 545 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 546 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 547 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 548 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 549 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 550 0x2e, 0x36, 0x30, 0x6e 551 }; 552 553 static const struct rfprog { 554 uint8_t chan; 555 uint32_t r1, r2, r3, r4; 556 } rt2860_rf2850[] = { 557 RT2860_RF2850 558 }; 559 560 struct { 561 uint8_t n, r, k; 562 } rt3070_freqs[] = { 563 RT3070_RF3052 564 }; 565 566 static const struct rt5592_freqs { 567 uint16_t n; 568 uint8_t k, m, r; 569 } rt5592_freqs_20mhz[] = { 570 RT5592_RF5592_20MHZ 571 },rt5592_freqs_40mhz[] = { 572 RT5592_RF5592_40MHZ 573 }; 574 575 static const struct { 576 uint8_t reg; 577 uint8_t val; 578 } rt3070_def_rf[] = { 579 RT3070_DEF_RF 580 },rt3572_def_rf[] = { 581 RT3572_DEF_RF 582 },rt3593_def_rf[] = { 583 RT3593_DEF_RF 584 },rt5390_def_rf[] = { 585 RT5390_DEF_RF 586 },rt5392_def_rf[] = { 587 RT5392_DEF_RF 588 },rt5592_def_rf[] = { 589 RT5592_DEF_RF 590 },rt5592_2ghz_def_rf[] = { 591 RT5592_2GHZ_DEF_RF 592 },rt5592_5ghz_def_rf[] = { 593 RT5592_5GHZ_DEF_RF 594 }; 595 596 static const struct { 597 u_int firstchan; 598 u_int lastchan; 599 uint8_t reg; 600 uint8_t val; 601 } rt5592_chan_5ghz[] = { 602 RT5592_CHAN_5GHZ 603 }; 604 605 static const struct usb_config run_config[RUN_N_XFER] = { 606 [RUN_BULK_TX_BE] = { 607 .type = UE_BULK, 608 .endpoint = UE_ADDR_ANY, 609 .ep_index = 0, 610 .direction = UE_DIR_OUT, 611 .bufsize = RUN_MAX_TXSZ, 612 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 613 .callback = run_bulk_tx_callback0, 614 .timeout = 5000, /* ms */ 615 }, 616 [RUN_BULK_TX_BK] = { 617 .type = UE_BULK, 618 .endpoint = UE_ADDR_ANY, 619 .direction = UE_DIR_OUT, 620 .ep_index = 1, 621 .bufsize = RUN_MAX_TXSZ, 622 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 623 .callback = run_bulk_tx_callback1, 624 .timeout = 5000, /* ms */ 625 }, 626 [RUN_BULK_TX_VI] = { 627 .type = UE_BULK, 628 .endpoint = UE_ADDR_ANY, 629 .direction = UE_DIR_OUT, 630 .ep_index = 2, 631 .bufsize = RUN_MAX_TXSZ, 632 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 633 .callback = run_bulk_tx_callback2, 634 .timeout = 5000, /* ms */ 635 }, 636 [RUN_BULK_TX_VO] = { 637 .type = UE_BULK, 638 .endpoint = UE_ADDR_ANY, 639 .direction = UE_DIR_OUT, 640 .ep_index = 3, 641 .bufsize = RUN_MAX_TXSZ, 642 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 643 .callback = run_bulk_tx_callback3, 644 .timeout = 5000, /* ms */ 645 }, 646 [RUN_BULK_TX_HCCA] = { 647 .type = UE_BULK, 648 .endpoint = UE_ADDR_ANY, 649 .direction = UE_DIR_OUT, 650 .ep_index = 4, 651 .bufsize = RUN_MAX_TXSZ, 652 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 653 .callback = run_bulk_tx_callback4, 654 .timeout = 5000, /* ms */ 655 }, 656 [RUN_BULK_TX_PRIO] = { 657 .type = UE_BULK, 658 .endpoint = UE_ADDR_ANY, 659 .direction = UE_DIR_OUT, 660 .ep_index = 5, 661 .bufsize = RUN_MAX_TXSZ, 662 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 663 .callback = run_bulk_tx_callback5, 664 .timeout = 5000, /* ms */ 665 }, 666 [RUN_BULK_RX] = { 667 .type = UE_BULK, 668 .endpoint = UE_ADDR_ANY, 669 .direction = UE_DIR_IN, 670 .bufsize = RUN_MAX_RXSZ, 671 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 672 .callback = run_bulk_rx_callback, 673 } 674 }; 675 676 static void 677 run_autoinst(void *arg, struct usb_device *udev, 678 struct usb_attach_arg *uaa) 679 { 680 struct usb_interface *iface; 681 struct usb_interface_descriptor *id; 682 683 if (uaa->dev_state != UAA_DEV_READY) 684 return; 685 686 iface = usbd_get_iface(udev, 0); 687 if (iface == NULL) 688 return; 689 id = iface->idesc; 690 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 691 return; 692 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 693 return; 694 695 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 696 uaa->dev_state = UAA_DEV_EJECTING; 697 } 698 699 static int 700 run_driver_loaded(struct module *mod, int what, void *arg) 701 { 702 switch (what) { 703 case MOD_LOAD: 704 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 705 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 706 break; 707 case MOD_UNLOAD: 708 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 709 break; 710 default: 711 return (EOPNOTSUPP); 712 } 713 return (0); 714 } 715 716 static int 717 run_match(device_t self) 718 { 719 struct usb_attach_arg *uaa = device_get_ivars(self); 720 721 if (uaa->usb_mode != USB_MODE_HOST) 722 return (ENXIO); 723 if (uaa->info.bConfigIndex != 0) 724 return (ENXIO); 725 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 726 return (ENXIO); 727 728 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 729 } 730 731 static int 732 run_attach(device_t self) 733 { 734 struct run_softc *sc = device_get_softc(self); 735 struct usb_attach_arg *uaa = device_get_ivars(self); 736 struct ieee80211com *ic = &sc->sc_ic; 737 uint32_t ver; 738 uint8_t iface_index; 739 int ntries, error; 740 741 device_set_usb_desc(self); 742 sc->sc_udev = uaa->device; 743 sc->sc_dev = self; 744 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 745 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 746 747 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 748 MTX_NETWORK_LOCK, MTX_DEF); 749 mbufq_init(&sc->sc_snd, ifqmaxlen); 750 751 iface_index = RT2860_IFACE_INDEX; 752 753 error = usbd_transfer_setup(uaa->device, &iface_index, 754 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 755 if (error) { 756 device_printf(self, "could not allocate USB transfers, " 757 "err=%s\n", usbd_errstr(error)); 758 goto detach; 759 } 760 761 RUN_LOCK(sc); 762 763 /* wait for the chip to settle */ 764 for (ntries = 0; ntries < 100; ntries++) { 765 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 766 RUN_UNLOCK(sc); 767 goto detach; 768 } 769 if (ver != 0 && ver != 0xffffffff) 770 break; 771 run_delay(sc, 10); 772 } 773 if (ntries == 100) { 774 device_printf(sc->sc_dev, 775 "timeout waiting for NIC to initialize\n"); 776 RUN_UNLOCK(sc); 777 goto detach; 778 } 779 sc->mac_ver = ver >> 16; 780 sc->mac_rev = ver & 0xffff; 781 782 /* retrieve RF rev. no and various other things from EEPROM */ 783 run_read_eeprom(sc); 784 785 device_printf(sc->sc_dev, 786 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 787 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 788 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 789 790 RUN_UNLOCK(sc); 791 792 ic->ic_softc = sc; 793 ic->ic_name = device_get_nameunit(self); 794 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 795 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 796 797 /* set device capabilities */ 798 ic->ic_caps = 799 IEEE80211_C_STA | /* station mode supported */ 800 IEEE80211_C_MONITOR | /* monitor mode supported */ 801 IEEE80211_C_IBSS | 802 IEEE80211_C_HOSTAP | 803 IEEE80211_C_WDS | /* 4-address traffic works */ 804 IEEE80211_C_MBSS | 805 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 806 IEEE80211_C_SHSLOT | /* short slot time supported */ 807 IEEE80211_C_WME | /* WME */ 808 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 809 810 ic->ic_cryptocaps = 811 IEEE80211_CRYPTO_WEP | 812 IEEE80211_CRYPTO_AES_CCM | 813 IEEE80211_CRYPTO_TKIPMIC | 814 IEEE80211_CRYPTO_TKIP; 815 816 ic->ic_flags |= IEEE80211_F_DATAPAD; 817 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 818 819 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 820 ic->ic_channels); 821 822 ieee80211_ifattach(ic); 823 824 ic->ic_scan_start = run_scan_start; 825 ic->ic_scan_end = run_scan_end; 826 ic->ic_set_channel = run_set_channel; 827 ic->ic_getradiocaps = run_getradiocaps; 828 ic->ic_node_alloc = run_node_alloc; 829 ic->ic_newassoc = run_newassoc; 830 ic->ic_updateslot = run_updateslot; 831 ic->ic_update_mcast = run_update_mcast; 832 ic->ic_wme.wme_update = run_wme_update; 833 ic->ic_raw_xmit = run_raw_xmit; 834 ic->ic_update_promisc = run_update_promisc; 835 ic->ic_vap_create = run_vap_create; 836 ic->ic_vap_delete = run_vap_delete; 837 ic->ic_transmit = run_transmit; 838 ic->ic_parent = run_parent; 839 840 ieee80211_radiotap_attach(ic, 841 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 842 RUN_TX_RADIOTAP_PRESENT, 843 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 844 RUN_RX_RADIOTAP_PRESENT); 845 846 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 847 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 848 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 849 850 if (bootverbose) 851 ieee80211_announce(ic); 852 853 return (0); 854 855 detach: 856 run_detach(self); 857 return (ENXIO); 858 } 859 860 static void 861 run_drain_mbufq(struct run_softc *sc) 862 { 863 struct mbuf *m; 864 struct ieee80211_node *ni; 865 866 RUN_LOCK_ASSERT(sc, MA_OWNED); 867 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 868 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 869 m->m_pkthdr.rcvif = NULL; 870 ieee80211_free_node(ni); 871 m_freem(m); 872 } 873 } 874 875 static int 876 run_detach(device_t self) 877 { 878 struct run_softc *sc = device_get_softc(self); 879 struct ieee80211com *ic = &sc->sc_ic; 880 int i; 881 882 RUN_LOCK(sc); 883 sc->sc_detached = 1; 884 RUN_UNLOCK(sc); 885 886 /* stop all USB transfers */ 887 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 888 889 RUN_LOCK(sc); 890 sc->ratectl_run = RUN_RATECTL_OFF; 891 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 892 893 /* free TX list, if any */ 894 for (i = 0; i != RUN_EP_QUEUES; i++) 895 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 896 897 /* Free TX queue */ 898 run_drain_mbufq(sc); 899 RUN_UNLOCK(sc); 900 901 if (sc->sc_ic.ic_softc == sc) { 902 /* drain tasks */ 903 usb_callout_drain(&sc->ratectl_ch); 904 ieee80211_draintask(ic, &sc->cmdq_task); 905 ieee80211_draintask(ic, &sc->ratectl_task); 906 ieee80211_ifdetach(ic); 907 } 908 909 mtx_destroy(&sc->sc_mtx); 910 911 return (0); 912 } 913 914 static struct ieee80211vap * 915 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 916 enum ieee80211_opmode opmode, int flags, 917 const uint8_t bssid[IEEE80211_ADDR_LEN], 918 const uint8_t mac[IEEE80211_ADDR_LEN]) 919 { 920 struct run_softc *sc = ic->ic_softc; 921 struct run_vap *rvp; 922 struct ieee80211vap *vap; 923 int i; 924 925 if (sc->rvp_cnt >= RUN_VAP_MAX) { 926 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 927 return (NULL); 928 } 929 930 switch (opmode) { 931 case IEEE80211_M_STA: 932 /* enable s/w bmiss handling for sta mode */ 933 flags |= IEEE80211_CLONE_NOBEACONS; 934 /* fall though */ 935 case IEEE80211_M_IBSS: 936 case IEEE80211_M_MONITOR: 937 case IEEE80211_M_HOSTAP: 938 case IEEE80211_M_MBSS: 939 /* other than WDS vaps, only one at a time */ 940 if (!TAILQ_EMPTY(&ic->ic_vaps)) 941 return (NULL); 942 break; 943 case IEEE80211_M_WDS: 944 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 945 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 946 continue; 947 /* WDS vap's always share the local mac address. */ 948 flags &= ~IEEE80211_CLONE_BSSID; 949 break; 950 } 951 if (vap == NULL) { 952 device_printf(sc->sc_dev, 953 "wds only supported in ap mode\n"); 954 return (NULL); 955 } 956 break; 957 default: 958 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 959 return (NULL); 960 } 961 962 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 963 vap = &rvp->vap; 964 965 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 966 bssid) != 0) { 967 /* out of memory */ 968 free(rvp, M_80211_VAP); 969 return (NULL); 970 } 971 972 vap->iv_update_beacon = run_update_beacon; 973 vap->iv_max_aid = RT2870_WCID_MAX; 974 /* 975 * To delete the right key from h/w, we need wcid. 976 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 977 * and matching wcid will be written into there. So, cast 978 * some spells to remove 'const' from ieee80211_key{} 979 */ 980 vap->iv_key_delete = (void *)run_key_delete; 981 vap->iv_key_set = (void *)run_key_set; 982 983 /* override state transition machine */ 984 rvp->newstate = vap->iv_newstate; 985 vap->iv_newstate = run_newstate; 986 if (opmode == IEEE80211_M_IBSS) { 987 rvp->recv_mgmt = vap->iv_recv_mgmt; 988 vap->iv_recv_mgmt = run_recv_mgmt; 989 } 990 991 ieee80211_ratectl_init(vap); 992 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 993 994 /* complete setup */ 995 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 996 mac); 997 998 /* make sure id is always unique */ 999 for (i = 0; i < RUN_VAP_MAX; i++) { 1000 if((sc->rvp_bmap & 1 << i) == 0){ 1001 sc->rvp_bmap |= 1 << i; 1002 rvp->rvp_id = i; 1003 break; 1004 } 1005 } 1006 if (sc->rvp_cnt++ == 0) 1007 ic->ic_opmode = opmode; 1008 1009 if (opmode == IEEE80211_M_HOSTAP) 1010 sc->cmdq_run = RUN_CMDQ_GO; 1011 1012 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1013 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1014 1015 return (vap); 1016 } 1017 1018 static void 1019 run_vap_delete(struct ieee80211vap *vap) 1020 { 1021 struct run_vap *rvp = RUN_VAP(vap); 1022 struct ieee80211com *ic; 1023 struct run_softc *sc; 1024 uint8_t rvp_id; 1025 1026 if (vap == NULL) 1027 return; 1028 1029 ic = vap->iv_ic; 1030 sc = ic->ic_softc; 1031 1032 RUN_LOCK(sc); 1033 1034 m_freem(rvp->beacon_mbuf); 1035 rvp->beacon_mbuf = NULL; 1036 1037 rvp_id = rvp->rvp_id; 1038 sc->ratectl_run &= ~(1 << rvp_id); 1039 sc->rvp_bmap &= ~(1 << rvp_id); 1040 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1041 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1042 --sc->rvp_cnt; 1043 1044 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1045 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1046 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1047 1048 RUN_UNLOCK(sc); 1049 1050 ieee80211_ratectl_deinit(vap); 1051 ieee80211_vap_detach(vap); 1052 free(rvp, M_80211_VAP); 1053 } 1054 1055 /* 1056 * There are numbers of functions need to be called in context thread. 1057 * Rather than creating taskqueue event for each of those functions, 1058 * here is all-for-one taskqueue callback function. This function 1059 * guarantees deferred functions are executed in the same order they 1060 * were enqueued. 1061 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1062 */ 1063 static void 1064 run_cmdq_cb(void *arg, int pending) 1065 { 1066 struct run_softc *sc = arg; 1067 uint8_t i; 1068 1069 /* call cmdq[].func locked */ 1070 RUN_LOCK(sc); 1071 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1072 i = sc->cmdq_exec, pending--) { 1073 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1074 i, pending); 1075 if (sc->cmdq_run == RUN_CMDQ_GO) { 1076 /* 1077 * If arg0 is NULL, callback func needs more 1078 * than one arg. So, pass ptr to cmdq struct. 1079 */ 1080 if (sc->cmdq[i].arg0) 1081 sc->cmdq[i].func(sc->cmdq[i].arg0); 1082 else 1083 sc->cmdq[i].func(&sc->cmdq[i]); 1084 } 1085 sc->cmdq[i].arg0 = NULL; 1086 sc->cmdq[i].func = NULL; 1087 sc->cmdq_exec++; 1088 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1089 } 1090 RUN_UNLOCK(sc); 1091 } 1092 1093 static void 1094 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1095 { 1096 struct run_tx_data *data; 1097 1098 memset(pq, 0, sizeof(*pq)); 1099 1100 STAILQ_INIT(&pq->tx_qh); 1101 STAILQ_INIT(&pq->tx_fh); 1102 1103 for (data = &pq->tx_data[0]; 1104 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1105 data->sc = sc; 1106 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1107 } 1108 pq->tx_nfree = RUN_TX_RING_COUNT; 1109 } 1110 1111 static void 1112 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1113 { 1114 struct run_tx_data *data; 1115 1116 /* make sure any subsequent use of the queues will fail */ 1117 pq->tx_nfree = 0; 1118 STAILQ_INIT(&pq->tx_fh); 1119 STAILQ_INIT(&pq->tx_qh); 1120 1121 /* free up all node references and mbufs */ 1122 for (data = &pq->tx_data[0]; 1123 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1124 if (data->m != NULL) { 1125 m_freem(data->m); 1126 data->m = NULL; 1127 } 1128 if (data->ni != NULL) { 1129 ieee80211_free_node(data->ni); 1130 data->ni = NULL; 1131 } 1132 } 1133 } 1134 1135 static int 1136 run_load_microcode(struct run_softc *sc) 1137 { 1138 usb_device_request_t req; 1139 const struct firmware *fw; 1140 const u_char *base; 1141 uint32_t tmp; 1142 int ntries, error; 1143 const uint64_t *temp; 1144 uint64_t bytes; 1145 1146 RUN_UNLOCK(sc); 1147 fw = firmware_get("runfw"); 1148 RUN_LOCK(sc); 1149 if (fw == NULL) { 1150 device_printf(sc->sc_dev, 1151 "failed loadfirmware of file %s\n", "runfw"); 1152 return ENOENT; 1153 } 1154 1155 if (fw->datasize != 8192) { 1156 device_printf(sc->sc_dev, 1157 "invalid firmware size (should be 8KB)\n"); 1158 error = EINVAL; 1159 goto fail; 1160 } 1161 1162 /* 1163 * RT3071/RT3072 use a different firmware 1164 * run-rt2870 (8KB) contains both, 1165 * first half (4KB) is for rt2870, 1166 * last half is for rt3071. 1167 */ 1168 base = fw->data; 1169 if ((sc->mac_ver) != 0x2860 && 1170 (sc->mac_ver) != 0x2872 && 1171 (sc->mac_ver) != 0x3070) { 1172 base += 4096; 1173 } 1174 1175 /* cheap sanity check */ 1176 temp = fw->data; 1177 bytes = *temp; 1178 if (bytes != be64toh(0xffffff0210280210ULL)) { 1179 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1180 error = EINVAL; 1181 goto fail; 1182 } 1183 1184 /* write microcode image */ 1185 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1186 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1187 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1188 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1189 } 1190 1191 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1192 req.bRequest = RT2870_RESET; 1193 USETW(req.wValue, 8); 1194 USETW(req.wIndex, 0); 1195 USETW(req.wLength, 0); 1196 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1197 != 0) { 1198 device_printf(sc->sc_dev, "firmware reset failed\n"); 1199 goto fail; 1200 } 1201 1202 run_delay(sc, 10); 1203 1204 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1205 run_write(sc, RT2860_H2M_MAILBOX, 0); 1206 run_write(sc, RT2860_H2M_INTSRC, 0); 1207 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1208 goto fail; 1209 1210 /* wait until microcontroller is ready */ 1211 for (ntries = 0; ntries < 1000; ntries++) { 1212 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1213 goto fail; 1214 if (tmp & RT2860_MCU_READY) 1215 break; 1216 run_delay(sc, 10); 1217 } 1218 if (ntries == 1000) { 1219 device_printf(sc->sc_dev, 1220 "timeout waiting for MCU to initialize\n"); 1221 error = ETIMEDOUT; 1222 goto fail; 1223 } 1224 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1225 (base == fw->data) ? "RT2870" : "RT3071", 1226 *(base + 4092), *(base + 4093)); 1227 1228 fail: 1229 firmware_put(fw, FIRMWARE_UNLOAD); 1230 return (error); 1231 } 1232 1233 static int 1234 run_reset(struct run_softc *sc) 1235 { 1236 usb_device_request_t req; 1237 1238 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1239 req.bRequest = RT2870_RESET; 1240 USETW(req.wValue, 1); 1241 USETW(req.wIndex, 0); 1242 USETW(req.wLength, 0); 1243 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1244 } 1245 1246 static usb_error_t 1247 run_do_request(struct run_softc *sc, 1248 struct usb_device_request *req, void *data) 1249 { 1250 usb_error_t err; 1251 int ntries = 10; 1252 1253 RUN_LOCK_ASSERT(sc, MA_OWNED); 1254 1255 while (ntries--) { 1256 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1257 req, data, 0, NULL, 250 /* ms */); 1258 if (err == 0) 1259 break; 1260 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1261 "Control request failed, %s (retrying)\n", 1262 usbd_errstr(err)); 1263 run_delay(sc, 10); 1264 } 1265 return (err); 1266 } 1267 1268 static int 1269 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1270 { 1271 uint32_t tmp; 1272 int error; 1273 1274 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1275 if (error == 0) 1276 *val = le32toh(tmp); 1277 else 1278 *val = 0xffffffff; 1279 return (error); 1280 } 1281 1282 static int 1283 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1284 { 1285 usb_device_request_t req; 1286 1287 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1288 req.bRequest = RT2870_READ_REGION_1; 1289 USETW(req.wValue, 0); 1290 USETW(req.wIndex, reg); 1291 USETW(req.wLength, len); 1292 1293 return (run_do_request(sc, &req, buf)); 1294 } 1295 1296 static int 1297 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1298 { 1299 usb_device_request_t req; 1300 1301 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1302 req.bRequest = RT2870_WRITE_2; 1303 USETW(req.wValue, val); 1304 USETW(req.wIndex, reg); 1305 USETW(req.wLength, 0); 1306 1307 return (run_do_request(sc, &req, NULL)); 1308 } 1309 1310 static int 1311 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1312 { 1313 int error; 1314 1315 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1316 error = run_write_2(sc, reg + 2, val >> 16); 1317 return (error); 1318 } 1319 1320 static int 1321 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1322 int len) 1323 { 1324 #if 1 1325 int i, error = 0; 1326 /* 1327 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1328 * We thus issue multiple WRITE_2 commands instead. 1329 */ 1330 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1331 for (i = 0; i < len && error == 0; i += 2) 1332 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1333 return (error); 1334 #else 1335 usb_device_request_t req; 1336 int error = 0; 1337 1338 /* 1339 * NOTE: It appears the WRITE_REGION_1 command cannot be 1340 * passed a huge amount of data, which will crash the 1341 * firmware. Limit amount of data passed to 64-bytes at a 1342 * time. 1343 */ 1344 while (len > 0) { 1345 int delta = 64; 1346 if (delta > len) 1347 delta = len; 1348 1349 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1350 req.bRequest = RT2870_WRITE_REGION_1; 1351 USETW(req.wValue, 0); 1352 USETW(req.wIndex, reg); 1353 USETW(req.wLength, delta); 1354 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1355 if (error != 0) 1356 break; 1357 reg += delta; 1358 buf += delta; 1359 len -= delta; 1360 } 1361 return (error); 1362 #endif 1363 } 1364 1365 static int 1366 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1367 { 1368 int i, error = 0; 1369 1370 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1371 for (i = 0; i < len && error == 0; i += 4) 1372 error = run_write(sc, reg + i, val); 1373 return (error); 1374 } 1375 1376 static int 1377 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1378 { 1379 uint32_t tmp; 1380 uint16_t reg; 1381 int error, ntries; 1382 1383 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1384 return (error); 1385 1386 if (count == 2) 1387 addr *= 2; 1388 /*- 1389 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1390 * DATA0: F E D C 1391 * DATA1: B A 9 8 1392 * DATA2: 7 6 5 4 1393 * DATA3: 3 2 1 0 1394 */ 1395 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1396 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1397 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1398 for (ntries = 0; ntries < 100; ntries++) { 1399 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1400 return (error); 1401 if (!(tmp & RT3070_EFSROM_KICK)) 1402 break; 1403 run_delay(sc, 2); 1404 } 1405 if (ntries == 100) 1406 return (ETIMEDOUT); 1407 1408 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1409 *val = 0xffff; /* address not found */ 1410 return (0); 1411 } 1412 /* determine to which 32-bit register our 16-bit word belongs */ 1413 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1414 if ((error = run_read(sc, reg, &tmp)) != 0) 1415 return (error); 1416 1417 tmp >>= (8 * (addr & 0x3)); 1418 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1419 1420 return (0); 1421 } 1422 1423 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1424 static int 1425 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1426 { 1427 return (run_efuse_read(sc, addr, val, 2)); 1428 } 1429 1430 static int 1431 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1432 { 1433 usb_device_request_t req; 1434 uint16_t tmp; 1435 int error; 1436 1437 addr *= 2; 1438 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1439 req.bRequest = RT2870_EEPROM_READ; 1440 USETW(req.wValue, 0); 1441 USETW(req.wIndex, addr); 1442 USETW(req.wLength, sizeof(tmp)); 1443 1444 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1445 if (error == 0) 1446 *val = le16toh(tmp); 1447 else 1448 *val = 0xffff; 1449 return (error); 1450 } 1451 1452 static __inline int 1453 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1454 { 1455 /* either eFUSE ROM or EEPROM */ 1456 return sc->sc_srom_read(sc, addr, val); 1457 } 1458 1459 static int 1460 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1461 { 1462 uint32_t tmp; 1463 int error, ntries; 1464 1465 for (ntries = 0; ntries < 10; ntries++) { 1466 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1467 return (error); 1468 if (!(tmp & RT2860_RF_REG_CTRL)) 1469 break; 1470 } 1471 if (ntries == 10) 1472 return (ETIMEDOUT); 1473 1474 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1475 } 1476 1477 static int 1478 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1479 { 1480 uint32_t tmp; 1481 int error, ntries; 1482 1483 for (ntries = 0; ntries < 100; ntries++) { 1484 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1485 return (error); 1486 if (!(tmp & RT3070_RF_KICK)) 1487 break; 1488 } 1489 if (ntries == 100) 1490 return (ETIMEDOUT); 1491 1492 tmp = RT3070_RF_KICK | reg << 8; 1493 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1494 return (error); 1495 1496 for (ntries = 0; ntries < 100; ntries++) { 1497 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1498 return (error); 1499 if (!(tmp & RT3070_RF_KICK)) 1500 break; 1501 } 1502 if (ntries == 100) 1503 return (ETIMEDOUT); 1504 1505 *val = tmp & 0xff; 1506 return (0); 1507 } 1508 1509 static int 1510 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1511 { 1512 uint32_t tmp; 1513 int error, ntries; 1514 1515 for (ntries = 0; ntries < 10; ntries++) { 1516 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1517 return (error); 1518 if (!(tmp & RT3070_RF_KICK)) 1519 break; 1520 } 1521 if (ntries == 10) 1522 return (ETIMEDOUT); 1523 1524 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1525 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1526 } 1527 1528 static int 1529 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1530 { 1531 uint32_t tmp; 1532 int ntries, error; 1533 1534 for (ntries = 0; ntries < 10; ntries++) { 1535 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1536 return (error); 1537 if (!(tmp & RT2860_BBP_CSR_KICK)) 1538 break; 1539 } 1540 if (ntries == 10) 1541 return (ETIMEDOUT); 1542 1543 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1544 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1545 return (error); 1546 1547 for (ntries = 0; ntries < 10; ntries++) { 1548 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1549 return (error); 1550 if (!(tmp & RT2860_BBP_CSR_KICK)) 1551 break; 1552 } 1553 if (ntries == 10) 1554 return (ETIMEDOUT); 1555 1556 *val = tmp & 0xff; 1557 return (0); 1558 } 1559 1560 static int 1561 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1562 { 1563 uint32_t tmp; 1564 int ntries, error; 1565 1566 for (ntries = 0; ntries < 10; ntries++) { 1567 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1568 return (error); 1569 if (!(tmp & RT2860_BBP_CSR_KICK)) 1570 break; 1571 } 1572 if (ntries == 10) 1573 return (ETIMEDOUT); 1574 1575 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1576 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1577 } 1578 1579 /* 1580 * Send a command to the 8051 microcontroller unit. 1581 */ 1582 static int 1583 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1584 { 1585 uint32_t tmp; 1586 int error, ntries; 1587 1588 for (ntries = 0; ntries < 100; ntries++) { 1589 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1590 return error; 1591 if (!(tmp & RT2860_H2M_BUSY)) 1592 break; 1593 } 1594 if (ntries == 100) 1595 return ETIMEDOUT; 1596 1597 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1598 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1599 error = run_write(sc, RT2860_HOST_CMD, cmd); 1600 return (error); 1601 } 1602 1603 /* 1604 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1605 * Used to adjust per-rate Tx power registers. 1606 */ 1607 static __inline uint32_t 1608 b4inc(uint32_t b32, int8_t delta) 1609 { 1610 int8_t i, b4; 1611 1612 for (i = 0; i < 8; i++) { 1613 b4 = b32 & 0xf; 1614 b4 += delta; 1615 if (b4 < 0) 1616 b4 = 0; 1617 else if (b4 > 0xf) 1618 b4 = 0xf; 1619 b32 = b32 >> 4 | b4 << 28; 1620 } 1621 return (b32); 1622 } 1623 1624 static const char * 1625 run_get_rf(uint16_t rev) 1626 { 1627 switch (rev) { 1628 case RT2860_RF_2820: return "RT2820"; 1629 case RT2860_RF_2850: return "RT2850"; 1630 case RT2860_RF_2720: return "RT2720"; 1631 case RT2860_RF_2750: return "RT2750"; 1632 case RT3070_RF_3020: return "RT3020"; 1633 case RT3070_RF_2020: return "RT2020"; 1634 case RT3070_RF_3021: return "RT3021"; 1635 case RT3070_RF_3022: return "RT3022"; 1636 case RT3070_RF_3052: return "RT3052"; 1637 case RT3593_RF_3053: return "RT3053"; 1638 case RT5592_RF_5592: return "RT5592"; 1639 case RT5390_RF_5370: return "RT5370"; 1640 case RT5390_RF_5372: return "RT5372"; 1641 } 1642 return ("unknown"); 1643 } 1644 1645 static void 1646 run_rt3593_get_txpower(struct run_softc *sc) 1647 { 1648 uint16_t addr, val; 1649 int i; 1650 1651 /* Read power settings for 2GHz channels. */ 1652 for (i = 0; i < 14; i += 2) { 1653 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1654 RT2860_EEPROM_PWR2GHZ_BASE1; 1655 run_srom_read(sc, addr + i / 2, &val); 1656 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1657 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1658 1659 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1660 RT2860_EEPROM_PWR2GHZ_BASE2; 1661 run_srom_read(sc, addr + i / 2, &val); 1662 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1663 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1664 1665 if (sc->ntxchains == 3) { 1666 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1667 &val); 1668 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1669 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1670 } 1671 } 1672 /* Fix broken Tx power entries. */ 1673 for (i = 0; i < 14; i++) { 1674 if (sc->txpow1[i] > 31) 1675 sc->txpow1[i] = 5; 1676 if (sc->txpow2[i] > 31) 1677 sc->txpow2[i] = 5; 1678 if (sc->ntxchains == 3) { 1679 if (sc->txpow3[i] > 31) 1680 sc->txpow3[i] = 5; 1681 } 1682 } 1683 /* Read power settings for 5GHz channels. */ 1684 for (i = 0; i < 40; i += 2) { 1685 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1686 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1687 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1688 1689 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1690 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1691 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1692 1693 if (sc->ntxchains == 3) { 1694 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1695 &val); 1696 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1697 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1698 } 1699 } 1700 } 1701 1702 static void 1703 run_get_txpower(struct run_softc *sc) 1704 { 1705 uint16_t val; 1706 int i; 1707 1708 /* Read power settings for 2GHz channels. */ 1709 for (i = 0; i < 14; i += 2) { 1710 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1711 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1712 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1713 1714 if (sc->mac_ver != 0x5390) { 1715 run_srom_read(sc, 1716 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1717 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1718 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1719 } 1720 } 1721 /* Fix broken Tx power entries. */ 1722 for (i = 0; i < 14; i++) { 1723 if (sc->mac_ver >= 0x5390) { 1724 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1725 sc->txpow1[i] = 5; 1726 } else { 1727 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1728 sc->txpow1[i] = 5; 1729 } 1730 if (sc->mac_ver > 0x5390) { 1731 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1732 sc->txpow2[i] = 5; 1733 } else if (sc->mac_ver < 0x5390) { 1734 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1735 sc->txpow2[i] = 5; 1736 } 1737 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1738 "chan %d: power1=%d, power2=%d\n", 1739 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1740 } 1741 /* Read power settings for 5GHz channels. */ 1742 for (i = 0; i < 40; i += 2) { 1743 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1744 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1745 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1746 1747 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1748 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1749 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1750 } 1751 /* Fix broken Tx power entries. */ 1752 for (i = 0; i < 40; i++ ) { 1753 if (sc->mac_ver != 0x5592) { 1754 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1755 sc->txpow1[14 + i] = 5; 1756 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1757 sc->txpow2[14 + i] = 5; 1758 } 1759 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1760 "chan %d: power1=%d, power2=%d\n", 1761 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1762 sc->txpow2[14 + i]); 1763 } 1764 } 1765 1766 static int 1767 run_read_eeprom(struct run_softc *sc) 1768 { 1769 struct ieee80211com *ic = &sc->sc_ic; 1770 int8_t delta_2ghz, delta_5ghz; 1771 uint32_t tmp; 1772 uint16_t val; 1773 int ridx, ant, i; 1774 1775 /* check whether the ROM is eFUSE ROM or EEPROM */ 1776 sc->sc_srom_read = run_eeprom_read_2; 1777 if (sc->mac_ver >= 0x3070) { 1778 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1779 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1780 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1781 sc->sc_srom_read = run_efuse_read_2; 1782 } 1783 1784 /* read ROM version */ 1785 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1786 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1787 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1788 1789 /* read MAC address */ 1790 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1791 ic->ic_macaddr[0] = val & 0xff; 1792 ic->ic_macaddr[1] = val >> 8; 1793 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1794 ic->ic_macaddr[2] = val & 0xff; 1795 ic->ic_macaddr[3] = val >> 8; 1796 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1797 ic->ic_macaddr[4] = val & 0xff; 1798 ic->ic_macaddr[5] = val >> 8; 1799 1800 if (sc->mac_ver < 0x3593) { 1801 /* read vender BBP settings */ 1802 for (i = 0; i < 10; i++) { 1803 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1804 sc->bbp[i].val = val & 0xff; 1805 sc->bbp[i].reg = val >> 8; 1806 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1807 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1808 } 1809 if (sc->mac_ver >= 0x3071) { 1810 /* read vendor RF settings */ 1811 for (i = 0; i < 10; i++) { 1812 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1813 &val); 1814 sc->rf[i].val = val & 0xff; 1815 sc->rf[i].reg = val >> 8; 1816 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1817 sc->rf[i].reg, sc->rf[i].val); 1818 } 1819 } 1820 } 1821 1822 /* read RF frequency offset from EEPROM */ 1823 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1824 RT3593_EEPROM_FREQ, &val); 1825 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1826 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1827 sc->freq & 0xff); 1828 1829 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1830 RT3593_EEPROM_FREQ_LEDS, &val); 1831 if (val >> 8 != 0xff) { 1832 /* read LEDs operating mode */ 1833 sc->leds = val >> 8; 1834 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1835 RT3593_EEPROM_LED1, &sc->led[0]); 1836 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1837 RT3593_EEPROM_LED2, &sc->led[1]); 1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1839 RT3593_EEPROM_LED3, &sc->led[2]); 1840 } else { 1841 /* broken EEPROM, use default settings */ 1842 sc->leds = 0x01; 1843 sc->led[0] = 0x5555; 1844 sc->led[1] = 0x2221; 1845 sc->led[2] = 0x5627; /* differs from RT2860 */ 1846 } 1847 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1848 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1849 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1850 1851 /* read RF information */ 1852 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1853 run_srom_read(sc, 0x00, &val); 1854 else 1855 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1856 1857 if (val == 0xffff) { 1858 device_printf(sc->sc_dev, 1859 "invalid EEPROM antenna info, using default\n"); 1860 if (sc->mac_ver == 0x3572) { 1861 /* default to RF3052 2T2R */ 1862 sc->rf_rev = RT3070_RF_3052; 1863 sc->ntxchains = 2; 1864 sc->nrxchains = 2; 1865 } else if (sc->mac_ver >= 0x3070) { 1866 /* default to RF3020 1T1R */ 1867 sc->rf_rev = RT3070_RF_3020; 1868 sc->ntxchains = 1; 1869 sc->nrxchains = 1; 1870 } else { 1871 /* default to RF2820 1T2R */ 1872 sc->rf_rev = RT2860_RF_2820; 1873 sc->ntxchains = 1; 1874 sc->nrxchains = 2; 1875 } 1876 } else { 1877 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1878 sc->rf_rev = val; 1879 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1880 } else 1881 sc->rf_rev = (val >> 8) & 0xf; 1882 sc->ntxchains = (val >> 4) & 0xf; 1883 sc->nrxchains = val & 0xf; 1884 } 1885 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1886 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1887 1888 /* check if RF supports automatic Tx access gain control */ 1889 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1890 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1891 /* check if driver should patch the DAC issue */ 1892 if ((val >> 8) != 0xff) 1893 sc->patch_dac = (val >> 15) & 1; 1894 if ((val & 0xff) != 0xff) { 1895 sc->ext_5ghz_lna = (val >> 3) & 1; 1896 sc->ext_2ghz_lna = (val >> 2) & 1; 1897 /* check if RF supports automatic Tx access gain control */ 1898 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1899 /* check if we have a hardware radio switch */ 1900 sc->rfswitch = val & 1; 1901 } 1902 1903 /* Read Tx power settings. */ 1904 if (sc->mac_ver == 0x3593) 1905 run_rt3593_get_txpower(sc); 1906 else 1907 run_get_txpower(sc); 1908 1909 /* read Tx power compensation for each Tx rate */ 1910 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1911 delta_2ghz = delta_5ghz = 0; 1912 if ((val & 0xff) != 0xff && (val & 0x80)) { 1913 delta_2ghz = val & 0xf; 1914 if (!(val & 0x40)) /* negative number */ 1915 delta_2ghz = -delta_2ghz; 1916 } 1917 val >>= 8; 1918 if ((val & 0xff) != 0xff && (val & 0x80)) { 1919 delta_5ghz = val & 0xf; 1920 if (!(val & 0x40)) /* negative number */ 1921 delta_5ghz = -delta_5ghz; 1922 } 1923 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1924 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1925 1926 for (ridx = 0; ridx < 5; ridx++) { 1927 uint32_t reg; 1928 1929 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1930 reg = val; 1931 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1932 reg |= (uint32_t)val << 16; 1933 1934 sc->txpow20mhz[ridx] = reg; 1935 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1936 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1937 1938 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1939 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1940 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1941 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1942 } 1943 1944 /* Read RSSI offsets and LNA gains from EEPROM. */ 1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1946 RT3593_EEPROM_RSSI1_2GHZ, &val); 1947 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1948 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1949 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1950 RT3593_EEPROM_RSSI2_2GHZ, &val); 1951 if (sc->mac_ver >= 0x3070) { 1952 if (sc->mac_ver == 0x3593) { 1953 sc->txmixgain_2ghz = 0; 1954 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1955 } else { 1956 /* 1957 * On RT3070 chips (limited to 2 Rx chains), this ROM 1958 * field contains the Tx mixer gain for the 2GHz band. 1959 */ 1960 if ((val & 0xff) != 0xff) 1961 sc->txmixgain_2ghz = val & 0x7; 1962 } 1963 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1964 sc->txmixgain_2ghz); 1965 } else 1966 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1967 if (sc->mac_ver == 0x3593) 1968 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1969 sc->lna[2] = val >> 8; /* channel group 2 */ 1970 1971 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1972 RT3593_EEPROM_RSSI1_5GHZ, &val); 1973 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1974 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1975 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1976 RT3593_EEPROM_RSSI2_5GHZ, &val); 1977 if (sc->mac_ver == 0x3572) { 1978 /* 1979 * On RT3572 chips (limited to 2 Rx chains), this ROM 1980 * field contains the Tx mixer gain for the 5GHz band. 1981 */ 1982 if ((val & 0xff) != 0xff) 1983 sc->txmixgain_5ghz = val & 0x7; 1984 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1985 sc->txmixgain_5ghz); 1986 } else 1987 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1988 if (sc->mac_ver == 0x3593) { 1989 sc->txmixgain_5ghz = 0; 1990 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1991 } 1992 sc->lna[3] = val >> 8; /* channel group 3 */ 1993 1994 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1995 RT3593_EEPROM_LNA, &val); 1996 sc->lna[0] = val & 0xff; /* channel group 0 */ 1997 sc->lna[1] = val >> 8; /* channel group 1 */ 1998 1999 /* fix broken 5GHz LNA entries */ 2000 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2001 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2002 "invalid LNA for channel group %d\n", 2); 2003 sc->lna[2] = sc->lna[1]; 2004 } 2005 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2006 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2007 "invalid LNA for channel group %d\n", 3); 2008 sc->lna[3] = sc->lna[1]; 2009 } 2010 2011 /* fix broken RSSI offset entries */ 2012 for (ant = 0; ant < 3; ant++) { 2013 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2014 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2015 "invalid RSSI%d offset: %d (2GHz)\n", 2016 ant + 1, sc->rssi_2ghz[ant]); 2017 sc->rssi_2ghz[ant] = 0; 2018 } 2019 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2020 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2021 "invalid RSSI%d offset: %d (5GHz)\n", 2022 ant + 1, sc->rssi_5ghz[ant]); 2023 sc->rssi_5ghz[ant] = 0; 2024 } 2025 } 2026 return (0); 2027 } 2028 2029 static struct ieee80211_node * 2030 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2031 { 2032 return malloc(sizeof (struct run_node), M_80211_NODE, 2033 M_NOWAIT | M_ZERO); 2034 } 2035 2036 static int 2037 run_media_change(struct ifnet *ifp) 2038 { 2039 struct ieee80211vap *vap = ifp->if_softc; 2040 struct ieee80211com *ic = vap->iv_ic; 2041 const struct ieee80211_txparam *tp; 2042 struct run_softc *sc = ic->ic_softc; 2043 uint8_t rate, ridx; 2044 int error; 2045 2046 RUN_LOCK(sc); 2047 2048 error = ieee80211_media_change(ifp); 2049 if (error != ENETRESET) { 2050 RUN_UNLOCK(sc); 2051 return (error); 2052 } 2053 2054 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2055 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2056 struct ieee80211_node *ni; 2057 struct run_node *rn; 2058 2059 rate = ic->ic_sup_rates[ic->ic_curmode]. 2060 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2061 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2062 if (rt2860_rates[ridx].rate == rate) 2063 break; 2064 ni = ieee80211_ref_node(vap->iv_bss); 2065 rn = RUN_NODE(ni); 2066 rn->fix_ridx = ridx; 2067 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2068 rate, rn->fix_ridx); 2069 ieee80211_free_node(ni); 2070 } 2071 2072 #if 0 2073 if ((ifp->if_flags & IFF_UP) && 2074 (ifp->if_drv_flags & RUN_RUNNING)){ 2075 run_init_locked(sc); 2076 } 2077 #endif 2078 2079 RUN_UNLOCK(sc); 2080 2081 return (0); 2082 } 2083 2084 static int 2085 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2086 { 2087 const struct ieee80211_txparam *tp; 2088 struct ieee80211com *ic = vap->iv_ic; 2089 struct run_softc *sc = ic->ic_softc; 2090 struct run_vap *rvp = RUN_VAP(vap); 2091 enum ieee80211_state ostate; 2092 uint32_t sta[3]; 2093 uint32_t tmp; 2094 uint8_t ratectl; 2095 uint8_t restart_ratectl = 0; 2096 uint8_t bid = 1 << rvp->rvp_id; 2097 2098 ostate = vap->iv_state; 2099 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2100 ieee80211_state_name[ostate], 2101 ieee80211_state_name[nstate]); 2102 2103 IEEE80211_UNLOCK(ic); 2104 RUN_LOCK(sc); 2105 2106 ratectl = sc->ratectl_run; /* remember current state */ 2107 sc->ratectl_run = RUN_RATECTL_OFF; 2108 usb_callout_stop(&sc->ratectl_ch); 2109 2110 if (ostate == IEEE80211_S_RUN) { 2111 /* turn link LED off */ 2112 run_set_leds(sc, RT2860_LED_RADIO); 2113 } 2114 2115 switch (nstate) { 2116 case IEEE80211_S_INIT: 2117 restart_ratectl = 1; 2118 2119 if (ostate != IEEE80211_S_RUN) 2120 break; 2121 2122 ratectl &= ~bid; 2123 sc->runbmap &= ~bid; 2124 2125 /* abort TSF synchronization if there is no vap running */ 2126 if (--sc->running == 0) { 2127 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2128 run_write(sc, RT2860_BCN_TIME_CFG, 2129 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2130 RT2860_TBTT_TIMER_EN)); 2131 } 2132 break; 2133 2134 case IEEE80211_S_RUN: 2135 if (!(sc->runbmap & bid)) { 2136 if(sc->running++) 2137 restart_ratectl = 1; 2138 sc->runbmap |= bid; 2139 } 2140 2141 m_freem(rvp->beacon_mbuf); 2142 rvp->beacon_mbuf = NULL; 2143 2144 switch (vap->iv_opmode) { 2145 case IEEE80211_M_HOSTAP: 2146 case IEEE80211_M_MBSS: 2147 sc->ap_running |= bid; 2148 ic->ic_opmode = vap->iv_opmode; 2149 run_update_beacon_cb(vap); 2150 break; 2151 case IEEE80211_M_IBSS: 2152 sc->adhoc_running |= bid; 2153 if (!sc->ap_running) 2154 ic->ic_opmode = vap->iv_opmode; 2155 run_update_beacon_cb(vap); 2156 break; 2157 case IEEE80211_M_STA: 2158 sc->sta_running |= bid; 2159 if (!sc->ap_running && !sc->adhoc_running) 2160 ic->ic_opmode = vap->iv_opmode; 2161 2162 /* read statistic counters (clear on read) */ 2163 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2164 (uint8_t *)sta, sizeof sta); 2165 2166 break; 2167 default: 2168 ic->ic_opmode = vap->iv_opmode; 2169 break; 2170 } 2171 2172 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2173 struct ieee80211_node *ni; 2174 2175 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2176 RUN_UNLOCK(sc); 2177 IEEE80211_LOCK(ic); 2178 return (-1); 2179 } 2180 run_updateslot(ic); 2181 run_enable_mrr(sc); 2182 run_set_txpreamble(sc); 2183 run_set_basicrates(sc); 2184 ni = ieee80211_ref_node(vap->iv_bss); 2185 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2186 run_set_bssid(sc, sc->sc_bssid); 2187 ieee80211_free_node(ni); 2188 run_enable_tsf_sync(sc); 2189 2190 /* enable automatic rate adaptation */ 2191 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2192 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2193 ratectl |= bid; 2194 } else 2195 run_enable_tsf(sc); 2196 2197 /* turn link LED on */ 2198 run_set_leds(sc, RT2860_LED_RADIO | 2199 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2200 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2201 2202 break; 2203 default: 2204 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2205 break; 2206 } 2207 2208 /* restart amrr for running VAPs */ 2209 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2210 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2211 2212 RUN_UNLOCK(sc); 2213 IEEE80211_LOCK(ic); 2214 2215 return(rvp->newstate(vap, nstate, arg)); 2216 } 2217 2218 static int 2219 run_wme_update(struct ieee80211com *ic) 2220 { 2221 struct chanAccParams chp; 2222 struct run_softc *sc = ic->ic_softc; 2223 const struct wmeParams *ac; 2224 int aci, error = 0; 2225 2226 ieee80211_wme_ic_getparams(ic, &chp); 2227 ac = chp.cap_wmeParams; 2228 2229 /* update MAC TX configuration registers */ 2230 RUN_LOCK(sc); 2231 for (aci = 0; aci < WME_NUM_AC; aci++) { 2232 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2233 ac[aci].wmep_logcwmax << 16 | 2234 ac[aci].wmep_logcwmin << 12 | 2235 ac[aci].wmep_aifsn << 8 | 2236 ac[aci].wmep_txopLimit); 2237 if (error) goto err; 2238 } 2239 2240 /* update SCH/DMA registers too */ 2241 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2242 ac[WME_AC_VO].wmep_aifsn << 12 | 2243 ac[WME_AC_VI].wmep_aifsn << 8 | 2244 ac[WME_AC_BK].wmep_aifsn << 4 | 2245 ac[WME_AC_BE].wmep_aifsn); 2246 if (error) goto err; 2247 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2248 ac[WME_AC_VO].wmep_logcwmin << 12 | 2249 ac[WME_AC_VI].wmep_logcwmin << 8 | 2250 ac[WME_AC_BK].wmep_logcwmin << 4 | 2251 ac[WME_AC_BE].wmep_logcwmin); 2252 if (error) goto err; 2253 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2254 ac[WME_AC_VO].wmep_logcwmax << 12 | 2255 ac[WME_AC_VI].wmep_logcwmax << 8 | 2256 ac[WME_AC_BK].wmep_logcwmax << 4 | 2257 ac[WME_AC_BE].wmep_logcwmax); 2258 if (error) goto err; 2259 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2260 ac[WME_AC_BK].wmep_txopLimit << 16 | 2261 ac[WME_AC_BE].wmep_txopLimit); 2262 if (error) goto err; 2263 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2264 ac[WME_AC_VO].wmep_txopLimit << 16 | 2265 ac[WME_AC_VI].wmep_txopLimit); 2266 2267 err: 2268 RUN_UNLOCK(sc); 2269 if (error) 2270 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2271 2272 return (error); 2273 } 2274 2275 static void 2276 run_key_set_cb(void *arg) 2277 { 2278 struct run_cmdq *cmdq = arg; 2279 struct ieee80211vap *vap = cmdq->arg1; 2280 struct ieee80211_key *k = cmdq->k; 2281 struct ieee80211com *ic = vap->iv_ic; 2282 struct run_softc *sc = ic->ic_softc; 2283 struct ieee80211_node *ni; 2284 u_int cipher = k->wk_cipher->ic_cipher; 2285 uint32_t attr; 2286 uint16_t base, associd; 2287 uint8_t mode, wcid, iv[8]; 2288 2289 RUN_LOCK_ASSERT(sc, MA_OWNED); 2290 2291 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2292 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2293 else 2294 ni = vap->iv_bss; 2295 associd = (ni != NULL) ? ni->ni_associd : 0; 2296 2297 /* map net80211 cipher to RT2860 security mode */ 2298 switch (cipher) { 2299 case IEEE80211_CIPHER_WEP: 2300 if(k->wk_keylen < 8) 2301 mode = RT2860_MODE_WEP40; 2302 else 2303 mode = RT2860_MODE_WEP104; 2304 break; 2305 case IEEE80211_CIPHER_TKIP: 2306 mode = RT2860_MODE_TKIP; 2307 break; 2308 case IEEE80211_CIPHER_AES_CCM: 2309 mode = RT2860_MODE_AES_CCMP; 2310 break; 2311 default: 2312 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2313 return; 2314 } 2315 2316 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2317 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2318 associd, k->wk_keyix, mode, 2319 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2320 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2321 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2322 2323 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2324 wcid = 0; /* NB: update WCID0 for group keys */ 2325 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2326 } else { 2327 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2328 1 : RUN_AID2WCID(associd); 2329 base = RT2860_PKEY(wcid); 2330 } 2331 2332 if (cipher == IEEE80211_CIPHER_TKIP) { 2333 if(run_write_region_1(sc, base, k->wk_key, 16)) 2334 return; 2335 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2336 return; 2337 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2338 return; 2339 } else { 2340 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2341 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2342 return; 2343 } 2344 2345 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2346 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2347 /* set initial packet number in IV+EIV */ 2348 if (cipher == IEEE80211_CIPHER_WEP) { 2349 memset(iv, 0, sizeof iv); 2350 iv[3] = vap->iv_def_txkey << 6; 2351 } else { 2352 if (cipher == IEEE80211_CIPHER_TKIP) { 2353 iv[0] = k->wk_keytsc >> 8; 2354 iv[1] = (iv[0] | 0x20) & 0x7f; 2355 iv[2] = k->wk_keytsc; 2356 } else /* CCMP */ { 2357 iv[0] = k->wk_keytsc; 2358 iv[1] = k->wk_keytsc >> 8; 2359 iv[2] = 0; 2360 } 2361 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2362 iv[4] = k->wk_keytsc >> 16; 2363 iv[5] = k->wk_keytsc >> 24; 2364 iv[6] = k->wk_keytsc >> 32; 2365 iv[7] = k->wk_keytsc >> 40; 2366 } 2367 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2368 return; 2369 } 2370 2371 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2372 /* install group key */ 2373 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2374 return; 2375 attr &= ~(0xf << (k->wk_keyix * 4)); 2376 attr |= mode << (k->wk_keyix * 4); 2377 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2378 return; 2379 } else { 2380 /* install pairwise key */ 2381 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2382 return; 2383 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2384 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2385 return; 2386 } 2387 2388 /* TODO create a pass-thru key entry? */ 2389 2390 /* need wcid to delete the right key later */ 2391 k->wk_pad = wcid; 2392 } 2393 2394 /* 2395 * Don't have to be deferred, but in order to keep order of 2396 * execution, i.e. with run_key_delete(), defer this and let 2397 * run_cmdq_cb() maintain the order. 2398 * 2399 * return 0 on error 2400 */ 2401 static int 2402 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2403 { 2404 struct ieee80211com *ic = vap->iv_ic; 2405 struct run_softc *sc = ic->ic_softc; 2406 uint32_t i; 2407 2408 i = RUN_CMDQ_GET(&sc->cmdq_store); 2409 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2410 sc->cmdq[i].func = run_key_set_cb; 2411 sc->cmdq[i].arg0 = NULL; 2412 sc->cmdq[i].arg1 = vap; 2413 sc->cmdq[i].k = k; 2414 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2415 ieee80211_runtask(ic, &sc->cmdq_task); 2416 2417 /* 2418 * To make sure key will be set when hostapd 2419 * calls iv_key_set() before if_init(). 2420 */ 2421 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2422 RUN_LOCK(sc); 2423 sc->cmdq_key_set = RUN_CMDQ_GO; 2424 RUN_UNLOCK(sc); 2425 } 2426 2427 return (1); 2428 } 2429 2430 /* 2431 * If wlan is destroyed without being brought down i.e. without 2432 * wlan down or wpa_cli terminate, this function is called after 2433 * vap is gone. Don't refer it. 2434 */ 2435 static void 2436 run_key_delete_cb(void *arg) 2437 { 2438 struct run_cmdq *cmdq = arg; 2439 struct run_softc *sc = cmdq->arg1; 2440 struct ieee80211_key *k = &cmdq->key; 2441 uint32_t attr; 2442 uint8_t wcid; 2443 2444 RUN_LOCK_ASSERT(sc, MA_OWNED); 2445 2446 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2447 /* remove group key */ 2448 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2449 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2450 attr &= ~(0xf << (k->wk_keyix * 4)); 2451 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2452 } else { 2453 /* remove pairwise key */ 2454 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2455 "removing key for wcid %x\n", k->wk_pad); 2456 /* matching wcid was written to wk_pad in run_key_set() */ 2457 wcid = k->wk_pad; 2458 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2459 attr &= ~0xf; 2460 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2461 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2462 } 2463 2464 k->wk_pad = 0; 2465 } 2466 2467 /* 2468 * return 0 on error 2469 */ 2470 static int 2471 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2472 { 2473 struct ieee80211com *ic = vap->iv_ic; 2474 struct run_softc *sc = ic->ic_softc; 2475 struct ieee80211_key *k0; 2476 uint32_t i; 2477 2478 /* 2479 * When called back, key might be gone. So, make a copy 2480 * of some values need to delete keys before deferring. 2481 * But, because of LOR with node lock, cannot use lock here. 2482 * So, use atomic instead. 2483 */ 2484 i = RUN_CMDQ_GET(&sc->cmdq_store); 2485 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2486 sc->cmdq[i].func = run_key_delete_cb; 2487 sc->cmdq[i].arg0 = NULL; 2488 sc->cmdq[i].arg1 = sc; 2489 k0 = &sc->cmdq[i].key; 2490 k0->wk_flags = k->wk_flags; 2491 k0->wk_keyix = k->wk_keyix; 2492 /* matching wcid was written to wk_pad in run_key_set() */ 2493 k0->wk_pad = k->wk_pad; 2494 ieee80211_runtask(ic, &sc->cmdq_task); 2495 return (1); /* return fake success */ 2496 2497 } 2498 2499 static void 2500 run_ratectl_to(void *arg) 2501 { 2502 struct run_softc *sc = arg; 2503 2504 /* do it in a process context, so it can go sleep */ 2505 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2506 /* next timeout will be rescheduled in the callback task */ 2507 } 2508 2509 /* ARGSUSED */ 2510 static void 2511 run_ratectl_cb(void *arg, int pending) 2512 { 2513 struct run_softc *sc = arg; 2514 struct ieee80211com *ic = &sc->sc_ic; 2515 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2516 2517 if (vap == NULL) 2518 return; 2519 2520 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2521 /* 2522 * run_reset_livelock() doesn't do anything with AMRR, 2523 * but Ralink wants us to call it every 1 sec. So, we 2524 * piggyback here rather than creating another callout. 2525 * Livelock may occur only in HOSTAP or IBSS mode 2526 * (when h/w is sending beacons). 2527 */ 2528 RUN_LOCK(sc); 2529 run_reset_livelock(sc); 2530 /* just in case, there are some stats to drain */ 2531 run_drain_fifo(sc); 2532 RUN_UNLOCK(sc); 2533 } 2534 2535 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2536 2537 RUN_LOCK(sc); 2538 if(sc->ratectl_run != RUN_RATECTL_OFF) 2539 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2540 RUN_UNLOCK(sc); 2541 } 2542 2543 static void 2544 run_drain_fifo(void *arg) 2545 { 2546 struct run_softc *sc = arg; 2547 uint32_t stat; 2548 uint16_t (*wstat)[3]; 2549 uint8_t wcid, mcs, pid; 2550 int8_t retry; 2551 2552 RUN_LOCK_ASSERT(sc, MA_OWNED); 2553 2554 for (;;) { 2555 /* drain Tx status FIFO (maxsize = 16) */ 2556 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2557 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2558 if (!(stat & RT2860_TXQ_VLD)) 2559 break; 2560 2561 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2562 2563 /* if no ACK was requested, no feedback is available */ 2564 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2565 wcid == 0) 2566 continue; 2567 2568 /* 2569 * Even though each stat is Tx-complete-status like format, 2570 * the device can poll stats. Because there is no guarantee 2571 * that the referring node is still around when read the stats. 2572 * So that, if we use ieee80211_ratectl_tx_update(), we will 2573 * have hard time not to refer already freed node. 2574 * 2575 * To eliminate such page faults, we poll stats in softc. 2576 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2577 */ 2578 wstat = &(sc->wcid_stats[wcid]); 2579 (*wstat)[RUN_TXCNT]++; 2580 if (stat & RT2860_TXQ_OK) 2581 (*wstat)[RUN_SUCCESS]++; 2582 else 2583 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2584 /* 2585 * Check if there were retries, ie if the Tx success rate is 2586 * different from the requested rate. Note that it works only 2587 * because we do not allow rate fallback from OFDM to CCK. 2588 */ 2589 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2590 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2591 if ((retry = pid -1 - mcs) > 0) { 2592 (*wstat)[RUN_TXCNT] += retry; 2593 (*wstat)[RUN_RETRY] += retry; 2594 } 2595 } 2596 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2597 2598 sc->fifo_cnt = 0; 2599 } 2600 2601 static void 2602 run_iter_func(void *arg, struct ieee80211_node *ni) 2603 { 2604 struct run_softc *sc = arg; 2605 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2606 struct ieee80211vap *vap = ni->ni_vap; 2607 struct run_node *rn = RUN_NODE(ni); 2608 union run_stats sta[2]; 2609 uint16_t (*wstat)[3]; 2610 int error; 2611 2612 RUN_LOCK(sc); 2613 2614 /* Check for special case */ 2615 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2616 ni != vap->iv_bss) 2617 goto fail; 2618 2619 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2620 IEEE80211_RATECTL_TX_STATS_RETRIES; 2621 txs->ni = ni; 2622 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2623 vap->iv_opmode == IEEE80211_M_STA)) { 2624 /* read statistic counters (clear on read) and update AMRR state */ 2625 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2626 sizeof sta); 2627 if (error != 0) 2628 goto fail; 2629 2630 /* count failed TX as errors */ 2631 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2632 le16toh(sta[0].error.fail)); 2633 2634 txs->nretries = le16toh(sta[1].tx.retry); 2635 txs->nsuccess = le16toh(sta[1].tx.success); 2636 /* nretries??? */ 2637 txs->nframes = txs->nretries + txs->nsuccess + 2638 le16toh(sta[0].error.fail); 2639 2640 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2641 "retrycnt=%d success=%d failcnt=%d\n", 2642 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2643 } else { 2644 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2645 2646 if (wstat == &(sc->wcid_stats[0]) || 2647 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2648 goto fail; 2649 2650 txs->nretries = (*wstat)[RUN_RETRY]; 2651 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2652 txs->nframes = (*wstat)[RUN_TXCNT]; 2653 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2654 "retrycnt=%d txcnt=%d success=%d\n", 2655 txs->nretries, txs->nframes, txs->nsuccess); 2656 2657 memset(wstat, 0, sizeof(*wstat)); 2658 } 2659 2660 ieee80211_ratectl_tx_update(vap, txs); 2661 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2662 2663 fail: 2664 RUN_UNLOCK(sc); 2665 2666 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2667 } 2668 2669 static void 2670 run_newassoc_cb(void *arg) 2671 { 2672 struct run_cmdq *cmdq = arg; 2673 struct ieee80211_node *ni = cmdq->arg1; 2674 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2675 uint8_t wcid = cmdq->wcid; 2676 2677 RUN_LOCK_ASSERT(sc, MA_OWNED); 2678 2679 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2680 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2681 2682 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2683 } 2684 2685 static void 2686 run_newassoc(struct ieee80211_node *ni, int isnew) 2687 { 2688 struct run_node *rn = RUN_NODE(ni); 2689 struct ieee80211_rateset *rs = &ni->ni_rates; 2690 struct ieee80211vap *vap = ni->ni_vap; 2691 struct ieee80211com *ic = vap->iv_ic; 2692 struct run_softc *sc = ic->ic_softc; 2693 uint8_t rate; 2694 uint8_t ridx; 2695 uint8_t wcid; 2696 int i, j; 2697 2698 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2699 1 : RUN_AID2WCID(ni->ni_associd); 2700 2701 if (wcid > RT2870_WCID_MAX) { 2702 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2703 return; 2704 } 2705 2706 /* only interested in true associations */ 2707 if (isnew && ni->ni_associd != 0) { 2708 2709 /* 2710 * This function could is called though timeout function. 2711 * Need to defer. 2712 */ 2713 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2714 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2715 sc->cmdq[cnt].func = run_newassoc_cb; 2716 sc->cmdq[cnt].arg0 = NULL; 2717 sc->cmdq[cnt].arg1 = ni; 2718 sc->cmdq[cnt].wcid = wcid; 2719 ieee80211_runtask(ic, &sc->cmdq_task); 2720 } 2721 2722 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2723 "new assoc isnew=%d associd=%x addr=%s\n", 2724 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2725 2726 for (i = 0; i < rs->rs_nrates; i++) { 2727 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2728 /* convert 802.11 rate to hardware rate index */ 2729 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2730 if (rt2860_rates[ridx].rate == rate) 2731 break; 2732 rn->ridx[i] = ridx; 2733 /* determine rate of control response frames */ 2734 for (j = i; j >= 0; j--) { 2735 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2736 rt2860_rates[rn->ridx[i]].phy == 2737 rt2860_rates[rn->ridx[j]].phy) 2738 break; 2739 } 2740 if (j >= 0) { 2741 rn->ctl_ridx[i] = rn->ridx[j]; 2742 } else { 2743 /* no basic rate found, use mandatory one */ 2744 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2745 } 2746 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2747 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2748 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2749 } 2750 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2751 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2752 if (rt2860_rates[ridx].rate == rate) 2753 break; 2754 rn->mgt_ridx = ridx; 2755 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2756 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2757 2758 RUN_LOCK(sc); 2759 if(sc->ratectl_run != RUN_RATECTL_OFF) 2760 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2761 RUN_UNLOCK(sc); 2762 } 2763 2764 /* 2765 * Return the Rx chain with the highest RSSI for a given frame. 2766 */ 2767 static __inline uint8_t 2768 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2769 { 2770 uint8_t rxchain = 0; 2771 2772 if (sc->nrxchains > 1) { 2773 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2774 rxchain = 1; 2775 if (sc->nrxchains > 2) 2776 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2777 rxchain = 2; 2778 } 2779 return (rxchain); 2780 } 2781 2782 static void 2783 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2784 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2785 { 2786 struct ieee80211vap *vap = ni->ni_vap; 2787 struct run_softc *sc = vap->iv_ic->ic_softc; 2788 struct run_vap *rvp = RUN_VAP(vap); 2789 uint64_t ni_tstamp, rx_tstamp; 2790 2791 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2792 2793 if (vap->iv_state == IEEE80211_S_RUN && 2794 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2795 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2796 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2797 RUN_LOCK(sc); 2798 run_get_tsf(sc, &rx_tstamp); 2799 RUN_UNLOCK(sc); 2800 rx_tstamp = le64toh(rx_tstamp); 2801 2802 if (ni_tstamp >= rx_tstamp) { 2803 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2804 "ibss merge, tsf %ju tstamp %ju\n", 2805 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2806 (void) ieee80211_ibss_merge(ni); 2807 } 2808 } 2809 } 2810 2811 static void 2812 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2813 { 2814 struct ieee80211com *ic = &sc->sc_ic; 2815 struct ieee80211_frame *wh; 2816 struct ieee80211_node *ni; 2817 struct rt2870_rxd *rxd; 2818 struct rt2860_rxwi *rxwi; 2819 uint32_t flags; 2820 uint16_t len, rxwisize; 2821 uint8_t ant, rssi; 2822 int8_t nf; 2823 2824 rxwisize = sizeof(struct rt2860_rxwi); 2825 if (sc->mac_ver == 0x5592) 2826 rxwisize += sizeof(uint64_t); 2827 else if (sc->mac_ver == 0x3593) 2828 rxwisize += sizeof(uint32_t); 2829 2830 if (__predict_false(dmalen < 2831 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2832 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2833 "payload is too short: dma length %u < %zu\n", 2834 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2835 goto fail; 2836 } 2837 2838 rxwi = mtod(m, struct rt2860_rxwi *); 2839 len = le16toh(rxwi->len) & 0xfff; 2840 2841 if (__predict_false(len > dmalen - rxwisize)) { 2842 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2843 "bad RXWI length %u > %u\n", len, dmalen); 2844 goto fail; 2845 } 2846 2847 /* Rx descriptor is located at the end */ 2848 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2849 flags = le32toh(rxd->flags); 2850 2851 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2852 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2853 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2854 goto fail; 2855 } 2856 2857 if (flags & RT2860_RX_L2PAD) { 2858 /* 2859 * XXX OpenBSD removes padding between header 2860 * and payload here... 2861 */ 2862 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2863 "received RT2860_RX_L2PAD frame\n"); 2864 len += 2; 2865 } 2866 2867 m->m_data += rxwisize; 2868 m->m_pkthdr.len = m->m_len = len; 2869 2870 wh = mtod(m, struct ieee80211_frame *); 2871 2872 /* XXX wrong for monitor mode */ 2873 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2874 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2875 m->m_flags |= M_WEP; 2876 } 2877 2878 if (len >= sizeof(struct ieee80211_frame_min)) { 2879 ni = ieee80211_find_rxnode(ic, 2880 mtod(m, struct ieee80211_frame_min *)); 2881 } else 2882 ni = NULL; 2883 2884 if (__predict_false(flags & RT2860_RX_MICERR)) { 2885 /* report MIC failures to net80211 for TKIP */ 2886 if (ni != NULL) 2887 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2888 rxwi->keyidx); 2889 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2890 "MIC error. Someone is lying.\n"); 2891 goto fail; 2892 } 2893 2894 ant = run_maxrssi_chain(sc, rxwi); 2895 rssi = rxwi->rssi[ant]; 2896 nf = run_rssi2dbm(sc, rssi, ant); 2897 2898 if (__predict_false(ieee80211_radiotap_active(ic))) { 2899 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2900 uint16_t phy; 2901 2902 tap->wr_flags = 0; 2903 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2904 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2905 tap->wr_antsignal = rssi; 2906 tap->wr_antenna = ant; 2907 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2908 tap->wr_rate = 2; /* in case it can't be found below */ 2909 RUN_LOCK(sc); 2910 run_get_tsf(sc, &tap->wr_tsf); 2911 RUN_UNLOCK(sc); 2912 phy = le16toh(rxwi->phy); 2913 switch (phy & RT2860_PHY_MODE) { 2914 case RT2860_PHY_CCK: 2915 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2916 case 0: tap->wr_rate = 2; break; 2917 case 1: tap->wr_rate = 4; break; 2918 case 2: tap->wr_rate = 11; break; 2919 case 3: tap->wr_rate = 22; break; 2920 } 2921 if (phy & RT2860_PHY_SHPRE) 2922 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2923 break; 2924 case RT2860_PHY_OFDM: 2925 switch (phy & RT2860_PHY_MCS) { 2926 case 0: tap->wr_rate = 12; break; 2927 case 1: tap->wr_rate = 18; break; 2928 case 2: tap->wr_rate = 24; break; 2929 case 3: tap->wr_rate = 36; break; 2930 case 4: tap->wr_rate = 48; break; 2931 case 5: tap->wr_rate = 72; break; 2932 case 6: tap->wr_rate = 96; break; 2933 case 7: tap->wr_rate = 108; break; 2934 } 2935 break; 2936 } 2937 } 2938 2939 if (ni != NULL) { 2940 (void)ieee80211_input(ni, m, rssi, nf); 2941 ieee80211_free_node(ni); 2942 } else { 2943 (void)ieee80211_input_all(ic, m, rssi, nf); 2944 } 2945 2946 return; 2947 2948 fail: 2949 m_freem(m); 2950 counter_u64_add(ic->ic_ierrors, 1); 2951 } 2952 2953 static void 2954 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2955 { 2956 struct run_softc *sc = usbd_xfer_softc(xfer); 2957 struct ieee80211com *ic = &sc->sc_ic; 2958 struct mbuf *m = NULL; 2959 struct mbuf *m0; 2960 uint32_t dmalen, mbuf_len; 2961 uint16_t rxwisize; 2962 int xferlen; 2963 2964 rxwisize = sizeof(struct rt2860_rxwi); 2965 if (sc->mac_ver == 0x5592) 2966 rxwisize += sizeof(uint64_t); 2967 else if (sc->mac_ver == 0x3593) 2968 rxwisize += sizeof(uint32_t); 2969 2970 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2971 2972 switch (USB_GET_STATE(xfer)) { 2973 case USB_ST_TRANSFERRED: 2974 2975 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2976 "rx done, actlen=%d\n", xferlen); 2977 2978 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2979 sizeof(struct rt2870_rxd))) { 2980 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2981 "xfer too short %d\n", xferlen); 2982 goto tr_setup; 2983 } 2984 2985 m = sc->rx_m; 2986 sc->rx_m = NULL; 2987 2988 /* FALLTHROUGH */ 2989 case USB_ST_SETUP: 2990 tr_setup: 2991 if (sc->rx_m == NULL) { 2992 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2993 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2994 } 2995 if (sc->rx_m == NULL) { 2996 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2997 "could not allocate mbuf - idle with stall\n"); 2998 counter_u64_add(ic->ic_ierrors, 1); 2999 usbd_xfer_set_stall(xfer); 3000 usbd_xfer_set_frames(xfer, 0); 3001 } else { 3002 /* 3003 * Directly loading a mbuf cluster into DMA to 3004 * save some data copying. This works because 3005 * there is only one cluster. 3006 */ 3007 usbd_xfer_set_frame_data(xfer, 0, 3008 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3009 usbd_xfer_set_frames(xfer, 1); 3010 } 3011 usbd_transfer_submit(xfer); 3012 break; 3013 3014 default: /* Error */ 3015 if (error != USB_ERR_CANCELLED) { 3016 /* try to clear stall first */ 3017 usbd_xfer_set_stall(xfer); 3018 if (error == USB_ERR_TIMEOUT) 3019 device_printf(sc->sc_dev, "device timeout\n"); 3020 counter_u64_add(ic->ic_ierrors, 1); 3021 goto tr_setup; 3022 } 3023 if (sc->rx_m != NULL) { 3024 m_freem(sc->rx_m); 3025 sc->rx_m = NULL; 3026 } 3027 break; 3028 } 3029 3030 if (m == NULL) 3031 return; 3032 3033 /* inputting all the frames must be last */ 3034 3035 RUN_UNLOCK(sc); 3036 3037 m->m_pkthdr.len = m->m_len = xferlen; 3038 3039 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3040 for(;;) { 3041 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3042 3043 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3044 ((dmalen & 3) != 0)) { 3045 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3046 "bad DMA length %u\n", dmalen); 3047 break; 3048 } 3049 if ((dmalen + 8) > (uint32_t)xferlen) { 3050 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3051 "bad DMA length %u > %d\n", 3052 dmalen + 8, xferlen); 3053 break; 3054 } 3055 3056 /* If it is the last one or a single frame, we won't copy. */ 3057 if ((xferlen -= dmalen + 8) <= 8) { 3058 /* trim 32-bit DMA-len header */ 3059 m->m_data += 4; 3060 m->m_pkthdr.len = m->m_len -= 4; 3061 run_rx_frame(sc, m, dmalen); 3062 m = NULL; /* don't free source buffer */ 3063 break; 3064 } 3065 3066 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3067 if (__predict_false(mbuf_len > MCLBYTES)) { 3068 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3069 "payload is too big: mbuf_len %u\n", mbuf_len); 3070 counter_u64_add(ic->ic_ierrors, 1); 3071 break; 3072 } 3073 3074 /* copy aggregated frames to another mbuf */ 3075 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3076 if (__predict_false(m0 == NULL)) { 3077 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3078 "could not allocate mbuf\n"); 3079 counter_u64_add(ic->ic_ierrors, 1); 3080 break; 3081 } 3082 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3083 mbuf_len, mtod(m0, caddr_t)); 3084 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3085 run_rx_frame(sc, m0, dmalen); 3086 3087 /* update data ptr */ 3088 m->m_data += mbuf_len + 4; 3089 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3090 } 3091 3092 /* make sure we free the source buffer, if any */ 3093 m_freem(m); 3094 3095 RUN_LOCK(sc); 3096 } 3097 3098 static void 3099 run_tx_free(struct run_endpoint_queue *pq, 3100 struct run_tx_data *data, int txerr) 3101 { 3102 3103 ieee80211_tx_complete(data->ni, data->m, txerr); 3104 3105 data->m = NULL; 3106 data->ni = NULL; 3107 3108 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3109 pq->tx_nfree++; 3110 } 3111 3112 static void 3113 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3114 { 3115 struct run_softc *sc = usbd_xfer_softc(xfer); 3116 struct ieee80211com *ic = &sc->sc_ic; 3117 struct run_tx_data *data; 3118 struct ieee80211vap *vap = NULL; 3119 struct usb_page_cache *pc; 3120 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3121 struct mbuf *m; 3122 usb_frlength_t size; 3123 int actlen; 3124 int sumlen; 3125 3126 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3127 3128 switch (USB_GET_STATE(xfer)) { 3129 case USB_ST_TRANSFERRED: 3130 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3131 "transfer complete: %d bytes @ index %d\n", actlen, index); 3132 3133 data = usbd_xfer_get_priv(xfer); 3134 run_tx_free(pq, data, 0); 3135 usbd_xfer_set_priv(xfer, NULL); 3136 3137 /* FALLTHROUGH */ 3138 case USB_ST_SETUP: 3139 tr_setup: 3140 data = STAILQ_FIRST(&pq->tx_qh); 3141 if (data == NULL) 3142 break; 3143 3144 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3145 3146 m = data->m; 3147 size = (sc->mac_ver == 0x5592) ? 3148 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3149 if ((m->m_pkthdr.len + 3150 size + 3 + 8) > RUN_MAX_TXSZ) { 3151 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3152 "data overflow, %u bytes\n", m->m_pkthdr.len); 3153 run_tx_free(pq, data, 1); 3154 goto tr_setup; 3155 } 3156 3157 pc = usbd_xfer_get_frame(xfer, 0); 3158 usbd_copy_in(pc, 0, &data->desc, size); 3159 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3160 size += m->m_pkthdr.len; 3161 /* 3162 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3163 * 4-byte padding), and be sure to zero those trailing 3164 * bytes: 3165 */ 3166 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3167 size += ((-size) & 3) + 8; 3168 3169 vap = data->ni->ni_vap; 3170 if (ieee80211_radiotap_active_vap(vap)) { 3171 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3172 struct rt2860_txwi *txwi = 3173 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3174 tap->wt_flags = 0; 3175 tap->wt_rate = rt2860_rates[data->ridx].rate; 3176 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3177 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3178 tap->wt_hwqueue = index; 3179 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3180 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3181 3182 ieee80211_radiotap_tx(vap, m); 3183 } 3184 3185 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3186 "sending frame len=%u/%u @ index %d\n", 3187 m->m_pkthdr.len, size, index); 3188 3189 usbd_xfer_set_frame_len(xfer, 0, size); 3190 usbd_xfer_set_priv(xfer, data); 3191 usbd_transfer_submit(xfer); 3192 run_start(sc); 3193 3194 break; 3195 3196 default: 3197 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3198 "USB transfer error, %s\n", usbd_errstr(error)); 3199 3200 data = usbd_xfer_get_priv(xfer); 3201 3202 if (data != NULL) { 3203 if(data->ni != NULL) 3204 vap = data->ni->ni_vap; 3205 run_tx_free(pq, data, error); 3206 usbd_xfer_set_priv(xfer, NULL); 3207 } 3208 3209 if (vap == NULL) 3210 vap = TAILQ_FIRST(&ic->ic_vaps); 3211 3212 if (error != USB_ERR_CANCELLED) { 3213 if (error == USB_ERR_TIMEOUT) { 3214 device_printf(sc->sc_dev, "device timeout\n"); 3215 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3216 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3217 "cmdq_store=%d\n", i); 3218 sc->cmdq[i].func = run_usb_timeout_cb; 3219 sc->cmdq[i].arg0 = vap; 3220 ieee80211_runtask(ic, &sc->cmdq_task); 3221 } 3222 3223 /* 3224 * Try to clear stall first, also if other 3225 * errors occur, hence clearing stall 3226 * introduces a 50 ms delay: 3227 */ 3228 usbd_xfer_set_stall(xfer); 3229 goto tr_setup; 3230 } 3231 break; 3232 } 3233 } 3234 3235 static void 3236 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3237 { 3238 run_bulk_tx_callbackN(xfer, error, 0); 3239 } 3240 3241 static void 3242 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3243 { 3244 run_bulk_tx_callbackN(xfer, error, 1); 3245 } 3246 3247 static void 3248 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3249 { 3250 run_bulk_tx_callbackN(xfer, error, 2); 3251 } 3252 3253 static void 3254 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3255 { 3256 run_bulk_tx_callbackN(xfer, error, 3); 3257 } 3258 3259 static void 3260 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3261 { 3262 run_bulk_tx_callbackN(xfer, error, 4); 3263 } 3264 3265 static void 3266 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3267 { 3268 run_bulk_tx_callbackN(xfer, error, 5); 3269 } 3270 3271 static void 3272 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3273 { 3274 struct mbuf *m = data->m; 3275 struct ieee80211com *ic = &sc->sc_ic; 3276 struct ieee80211vap *vap = data->ni->ni_vap; 3277 struct ieee80211_frame *wh; 3278 struct rt2870_txd *txd; 3279 struct rt2860_txwi *txwi; 3280 uint16_t xferlen, txwisize; 3281 uint16_t mcs; 3282 uint8_t ridx = data->ridx; 3283 uint8_t pad; 3284 3285 /* get MCS code from rate index */ 3286 mcs = rt2860_rates[ridx].mcs; 3287 3288 txwisize = (sc->mac_ver == 0x5592) ? 3289 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3290 xferlen = txwisize + m->m_pkthdr.len; 3291 3292 /* roundup to 32-bit alignment */ 3293 xferlen = (xferlen + 3) & ~3; 3294 3295 txd = (struct rt2870_txd *)&data->desc; 3296 txd->len = htole16(xferlen); 3297 3298 wh = mtod(m, struct ieee80211_frame *); 3299 3300 /* 3301 * Ether both are true or both are false, the header 3302 * are nicely aligned to 32-bit. So, no L2 padding. 3303 */ 3304 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3305 pad = 0; 3306 else 3307 pad = 2; 3308 3309 /* setup TX Wireless Information */ 3310 txwi = (struct rt2860_txwi *)(txd + 1); 3311 txwi->len = htole16(m->m_pkthdr.len - pad); 3312 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3313 mcs |= RT2860_PHY_CCK; 3314 if (ridx != RT2860_RIDX_CCK1 && 3315 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3316 mcs |= RT2860_PHY_SHPRE; 3317 } else 3318 mcs |= RT2860_PHY_OFDM; 3319 txwi->phy = htole16(mcs); 3320 3321 /* check if RTS/CTS or CTS-to-self protection is required */ 3322 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3323 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3324 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3325 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3326 txwi->txop |= RT2860_TX_TXOP_HT; 3327 else 3328 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3329 3330 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3331 txwi->xflags |= RT2860_TX_NSEQ; 3332 } 3333 3334 /* This function must be called locked */ 3335 static int 3336 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3337 { 3338 struct ieee80211com *ic = &sc->sc_ic; 3339 struct ieee80211vap *vap = ni->ni_vap; 3340 struct ieee80211_frame *wh; 3341 const struct ieee80211_txparam *tp = ni->ni_txparms; 3342 struct run_node *rn = RUN_NODE(ni); 3343 struct run_tx_data *data; 3344 struct rt2870_txd *txd; 3345 struct rt2860_txwi *txwi; 3346 uint16_t qos; 3347 uint16_t dur; 3348 uint16_t qid; 3349 uint8_t type; 3350 uint8_t tid; 3351 uint8_t ridx; 3352 uint8_t ctl_ridx; 3353 uint8_t qflags; 3354 uint8_t xflags = 0; 3355 int hasqos; 3356 3357 RUN_LOCK_ASSERT(sc, MA_OWNED); 3358 3359 wh = mtod(m, struct ieee80211_frame *); 3360 3361 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3362 3363 /* 3364 * There are 7 bulk endpoints: 1 for RX 3365 * and 6 for TX (4 EDCAs + HCCA + Prio). 3366 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3367 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3368 */ 3369 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3370 uint8_t *frm; 3371 3372 if(IEEE80211_HAS_ADDR4(wh)) 3373 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3374 else 3375 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3376 3377 qos = le16toh(*(const uint16_t *)frm); 3378 tid = qos & IEEE80211_QOS_TID; 3379 qid = TID_TO_WME_AC(tid); 3380 } else { 3381 qos = 0; 3382 tid = 0; 3383 qid = WME_AC_BE; 3384 } 3385 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3386 3387 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3388 qos, qid, tid, qflags); 3389 3390 /* pickup a rate index */ 3391 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3392 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3393 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3394 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3395 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3396 } else { 3397 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3398 ridx = rn->fix_ridx; 3399 else 3400 ridx = rn->amrr_ridx; 3401 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3402 } 3403 3404 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3405 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3406 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3407 xflags |= RT2860_TX_ACK; 3408 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3409 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3410 else 3411 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3412 USETW(wh->i_dur, dur); 3413 } 3414 3415 /* reserve slots for mgmt packets, just in case */ 3416 if (sc->sc_epq[qid].tx_nfree < 3) { 3417 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3418 return (-1); 3419 } 3420 3421 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3422 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3423 sc->sc_epq[qid].tx_nfree--; 3424 3425 txd = (struct rt2870_txd *)&data->desc; 3426 txd->flags = qflags; 3427 txwi = (struct rt2860_txwi *)(txd + 1); 3428 txwi->xflags = xflags; 3429 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3430 txwi->wcid = 0; 3431 else 3432 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3433 1 : RUN_AID2WCID(ni->ni_associd); 3434 3435 /* clear leftover garbage bits */ 3436 txwi->flags = 0; 3437 txwi->txop = 0; 3438 3439 data->m = m; 3440 data->ni = ni; 3441 data->ridx = ridx; 3442 3443 run_set_tx_desc(sc, data); 3444 3445 /* 3446 * The chip keeps track of 2 kind of Tx stats, 3447 * * TX_STAT_FIFO, for per WCID stats, and 3448 * * TX_STA_CNT0 for all-TX-in-one stats. 3449 * 3450 * To use FIFO stats, we need to store MCS into the driver-private 3451 * PacketID field. So that, we can tell whose stats when we read them. 3452 * We add 1 to the MCS because setting the PacketID field to 0 means 3453 * that we don't want feedback in TX_STAT_FIFO. 3454 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3455 * 3456 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3457 */ 3458 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3459 vap->iv_opmode == IEEE80211_M_MBSS) { 3460 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3461 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3462 3463 /* 3464 * Unlike PCI based devices, we don't get any interrupt from 3465 * USB devices, so we simulate FIFO-is-full interrupt here. 3466 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3467 * quickly get fulled. To prevent overflow, increment a counter on 3468 * every FIFO stat request, so we know how many slots are left. 3469 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3470 * are used only in those modes. 3471 * We just drain stats. AMRR gets updated every 1 sec by 3472 * run_ratectl_cb() via callout. 3473 * Call it early. Otherwise overflow. 3474 */ 3475 if (sc->fifo_cnt++ == 10) { 3476 /* 3477 * With multiple vaps or if_bridge, if_start() is called 3478 * with a non-sleepable lock, tcpinp. So, need to defer. 3479 */ 3480 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3481 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3482 sc->cmdq[i].func = run_drain_fifo; 3483 sc->cmdq[i].arg0 = sc; 3484 ieee80211_runtask(ic, &sc->cmdq_task); 3485 } 3486 } 3487 3488 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3489 3490 usbd_transfer_start(sc->sc_xfer[qid]); 3491 3492 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3493 "sending data frame len=%d rate=%d qid=%d\n", 3494 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3495 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3496 3497 return (0); 3498 } 3499 3500 static int 3501 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3502 { 3503 struct ieee80211com *ic = &sc->sc_ic; 3504 struct run_node *rn = RUN_NODE(ni); 3505 struct run_tx_data *data; 3506 struct ieee80211_frame *wh; 3507 struct rt2870_txd *txd; 3508 struct rt2860_txwi *txwi; 3509 uint16_t dur; 3510 uint8_t ridx = rn->mgt_ridx; 3511 uint8_t xflags = 0; 3512 uint8_t wflags = 0; 3513 3514 RUN_LOCK_ASSERT(sc, MA_OWNED); 3515 3516 wh = mtod(m, struct ieee80211_frame *); 3517 3518 /* tell hardware to add timestamp for probe responses */ 3519 if ((wh->i_fc[0] & 3520 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3521 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3522 wflags |= RT2860_TX_TS; 3523 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3524 xflags |= RT2860_TX_ACK; 3525 3526 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3527 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3528 USETW(wh->i_dur, dur); 3529 } 3530 3531 if (sc->sc_epq[0].tx_nfree == 0) 3532 /* let caller free mbuf */ 3533 return (EIO); 3534 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3535 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3536 sc->sc_epq[0].tx_nfree--; 3537 3538 txd = (struct rt2870_txd *)&data->desc; 3539 txd->flags = RT2860_TX_QSEL_EDCA; 3540 txwi = (struct rt2860_txwi *)(txd + 1); 3541 txwi->wcid = 0xff; 3542 txwi->flags = wflags; 3543 txwi->xflags = xflags; 3544 txwi->txop = 0; /* clear leftover garbage bits */ 3545 3546 data->m = m; 3547 data->ni = ni; 3548 data->ridx = ridx; 3549 3550 run_set_tx_desc(sc, data); 3551 3552 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3553 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3554 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3555 3556 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3557 3558 usbd_transfer_start(sc->sc_xfer[0]); 3559 3560 return (0); 3561 } 3562 3563 static int 3564 run_sendprot(struct run_softc *sc, 3565 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3566 { 3567 struct ieee80211com *ic = ni->ni_ic; 3568 struct run_tx_data *data; 3569 struct rt2870_txd *txd; 3570 struct rt2860_txwi *txwi; 3571 struct mbuf *mprot; 3572 int ridx; 3573 int protrate; 3574 uint8_t wflags = 0; 3575 uint8_t xflags = 0; 3576 3577 RUN_LOCK_ASSERT(sc, MA_OWNED); 3578 3579 /* check that there are free slots before allocating the mbuf */ 3580 if (sc->sc_epq[0].tx_nfree == 0) 3581 /* let caller free mbuf */ 3582 return (ENOBUFS); 3583 3584 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3585 if (mprot == NULL) { 3586 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3587 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3588 return (ENOBUFS); 3589 } 3590 3591 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3592 wflags = RT2860_TX_FRAG; 3593 xflags = 0; 3594 if (prot == IEEE80211_PROT_RTSCTS) 3595 xflags |= RT2860_TX_ACK; 3596 3597 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3598 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3599 sc->sc_epq[0].tx_nfree--; 3600 3601 txd = (struct rt2870_txd *)&data->desc; 3602 txd->flags = RT2860_TX_QSEL_EDCA; 3603 txwi = (struct rt2860_txwi *)(txd + 1); 3604 txwi->wcid = 0xff; 3605 txwi->flags = wflags; 3606 txwi->xflags = xflags; 3607 txwi->txop = 0; /* clear leftover garbage bits */ 3608 3609 data->m = mprot; 3610 data->ni = ieee80211_ref_node(ni); 3611 3612 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3613 if (rt2860_rates[ridx].rate == protrate) 3614 break; 3615 data->ridx = ridx; 3616 3617 run_set_tx_desc(sc, data); 3618 3619 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3620 m->m_pkthdr.len, rate); 3621 3622 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3623 3624 usbd_transfer_start(sc->sc_xfer[0]); 3625 3626 return (0); 3627 } 3628 3629 static int 3630 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3631 const struct ieee80211_bpf_params *params) 3632 { 3633 struct ieee80211com *ic = ni->ni_ic; 3634 struct run_tx_data *data; 3635 struct rt2870_txd *txd; 3636 struct rt2860_txwi *txwi; 3637 uint8_t ridx; 3638 uint8_t rate; 3639 uint8_t opflags = 0; 3640 uint8_t xflags = 0; 3641 int error; 3642 3643 RUN_LOCK_ASSERT(sc, MA_OWNED); 3644 3645 KASSERT(params != NULL, ("no raw xmit params")); 3646 3647 rate = params->ibp_rate0; 3648 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3649 /* let caller free mbuf */ 3650 return (EINVAL); 3651 } 3652 3653 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3654 xflags |= RT2860_TX_ACK; 3655 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3656 error = run_sendprot(sc, m, ni, 3657 params->ibp_flags & IEEE80211_BPF_RTS ? 3658 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3659 rate); 3660 if (error) { 3661 /* let caller free mbuf */ 3662 return error; 3663 } 3664 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3665 } 3666 3667 if (sc->sc_epq[0].tx_nfree == 0) { 3668 /* let caller free mbuf */ 3669 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3670 "sending raw frame, but tx ring is full\n"); 3671 return (EIO); 3672 } 3673 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3674 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3675 sc->sc_epq[0].tx_nfree--; 3676 3677 txd = (struct rt2870_txd *)&data->desc; 3678 txd->flags = RT2860_TX_QSEL_EDCA; 3679 txwi = (struct rt2860_txwi *)(txd + 1); 3680 txwi->wcid = 0xff; 3681 txwi->xflags = xflags; 3682 txwi->txop = opflags; 3683 txwi->flags = 0; /* clear leftover garbage bits */ 3684 3685 data->m = m; 3686 data->ni = ni; 3687 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3688 if (rt2860_rates[ridx].rate == rate) 3689 break; 3690 data->ridx = ridx; 3691 3692 run_set_tx_desc(sc, data); 3693 3694 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3695 m->m_pkthdr.len, rate); 3696 3697 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3698 3699 usbd_transfer_start(sc->sc_xfer[0]); 3700 3701 return (0); 3702 } 3703 3704 static int 3705 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3706 const struct ieee80211_bpf_params *params) 3707 { 3708 struct run_softc *sc = ni->ni_ic->ic_softc; 3709 int error = 0; 3710 3711 RUN_LOCK(sc); 3712 3713 /* prevent management frames from being sent if we're not ready */ 3714 if (!(sc->sc_flags & RUN_RUNNING)) { 3715 error = ENETDOWN; 3716 goto done; 3717 } 3718 3719 if (params == NULL) { 3720 /* tx mgt packet */ 3721 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3722 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3723 goto done; 3724 } 3725 } else { 3726 /* tx raw packet with param */ 3727 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3728 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3729 goto done; 3730 } 3731 } 3732 3733 done: 3734 RUN_UNLOCK(sc); 3735 3736 if (error != 0) { 3737 if(m != NULL) 3738 m_freem(m); 3739 } 3740 3741 return (error); 3742 } 3743 3744 static int 3745 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3746 { 3747 struct run_softc *sc = ic->ic_softc; 3748 int error; 3749 3750 RUN_LOCK(sc); 3751 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3752 RUN_UNLOCK(sc); 3753 return (ENXIO); 3754 } 3755 error = mbufq_enqueue(&sc->sc_snd, m); 3756 if (error) { 3757 RUN_UNLOCK(sc); 3758 return (error); 3759 } 3760 run_start(sc); 3761 RUN_UNLOCK(sc); 3762 3763 return (0); 3764 } 3765 3766 static void 3767 run_start(struct run_softc *sc) 3768 { 3769 struct ieee80211_node *ni; 3770 struct mbuf *m; 3771 3772 RUN_LOCK_ASSERT(sc, MA_OWNED); 3773 3774 if ((sc->sc_flags & RUN_RUNNING) == 0) 3775 return; 3776 3777 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3778 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3779 if (run_tx(sc, m, ni) != 0) { 3780 mbufq_prepend(&sc->sc_snd, m); 3781 break; 3782 } 3783 } 3784 } 3785 3786 static void 3787 run_parent(struct ieee80211com *ic) 3788 { 3789 struct run_softc *sc = ic->ic_softc; 3790 int startall = 0; 3791 3792 RUN_LOCK(sc); 3793 if (sc->sc_detached) { 3794 RUN_UNLOCK(sc); 3795 return; 3796 } 3797 3798 if (ic->ic_nrunning > 0) { 3799 if (!(sc->sc_flags & RUN_RUNNING)) { 3800 startall = 1; 3801 run_init_locked(sc); 3802 } else 3803 run_update_promisc_locked(sc); 3804 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3805 run_stop(sc); 3806 RUN_UNLOCK(sc); 3807 if (startall) 3808 ieee80211_start_all(ic); 3809 } 3810 3811 static void 3812 run_iq_calib(struct run_softc *sc, u_int chan) 3813 { 3814 uint16_t val; 3815 3816 /* Tx0 IQ gain. */ 3817 run_bbp_write(sc, 158, 0x2c); 3818 if (chan <= 14) 3819 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3820 else if (chan <= 64) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3823 &val, 1); 3824 } else if (chan <= 138) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3827 &val, 1); 3828 } else if (chan <= 165) { 3829 run_efuse_read(sc, 3830 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3831 &val, 1); 3832 } else 3833 val = 0; 3834 run_bbp_write(sc, 159, val); 3835 3836 /* Tx0 IQ phase. */ 3837 run_bbp_write(sc, 158, 0x2d); 3838 if (chan <= 14) { 3839 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3840 &val, 1); 3841 } else if (chan <= 64) { 3842 run_efuse_read(sc, 3843 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3844 &val, 1); 3845 } else if (chan <= 138) { 3846 run_efuse_read(sc, 3847 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3848 &val, 1); 3849 } else if (chan <= 165) { 3850 run_efuse_read(sc, 3851 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3852 &val, 1); 3853 } else 3854 val = 0; 3855 run_bbp_write(sc, 159, val); 3856 3857 /* Tx1 IQ gain. */ 3858 run_bbp_write(sc, 158, 0x4a); 3859 if (chan <= 14) { 3860 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3861 &val, 1); 3862 } else if (chan <= 64) { 3863 run_efuse_read(sc, 3864 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3865 &val, 1); 3866 } else if (chan <= 138) { 3867 run_efuse_read(sc, 3868 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3869 &val, 1); 3870 } else if (chan <= 165) { 3871 run_efuse_read(sc, 3872 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3873 &val, 1); 3874 } else 3875 val = 0; 3876 run_bbp_write(sc, 159, val); 3877 3878 /* Tx1 IQ phase. */ 3879 run_bbp_write(sc, 158, 0x4b); 3880 if (chan <= 14) { 3881 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3882 &val, 1); 3883 } else if (chan <= 64) { 3884 run_efuse_read(sc, 3885 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3886 &val, 1); 3887 } else if (chan <= 138) { 3888 run_efuse_read(sc, 3889 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3890 &val, 1); 3891 } else if (chan <= 165) { 3892 run_efuse_read(sc, 3893 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3894 &val, 1); 3895 } else 3896 val = 0; 3897 run_bbp_write(sc, 159, val); 3898 3899 /* RF IQ compensation control. */ 3900 run_bbp_write(sc, 158, 0x04); 3901 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3902 &val, 1); 3903 run_bbp_write(sc, 159, val); 3904 3905 /* RF IQ imbalance compensation control. */ 3906 run_bbp_write(sc, 158, 0x03); 3907 run_efuse_read(sc, 3908 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3909 run_bbp_write(sc, 159, val); 3910 } 3911 3912 static void 3913 run_set_agc(struct run_softc *sc, uint8_t agc) 3914 { 3915 uint8_t bbp; 3916 3917 if (sc->mac_ver == 0x3572) { 3918 run_bbp_read(sc, 27, &bbp); 3919 bbp &= ~(0x3 << 5); 3920 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3921 run_bbp_write(sc, 66, agc); 3922 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3923 run_bbp_write(sc, 66, agc); 3924 } else 3925 run_bbp_write(sc, 66, agc); 3926 } 3927 3928 static void 3929 run_select_chan_group(struct run_softc *sc, int group) 3930 { 3931 uint32_t tmp; 3932 uint8_t agc; 3933 3934 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3935 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3936 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3937 if (sc->mac_ver < 0x3572) 3938 run_bbp_write(sc, 86, 0x00); 3939 3940 if (sc->mac_ver == 0x3593) { 3941 run_bbp_write(sc, 77, 0x98); 3942 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3943 } 3944 3945 if (group == 0) { 3946 if (sc->ext_2ghz_lna) { 3947 if (sc->mac_ver >= 0x5390) 3948 run_bbp_write(sc, 75, 0x52); 3949 else { 3950 run_bbp_write(sc, 82, 0x62); 3951 run_bbp_write(sc, 75, 0x46); 3952 } 3953 } else { 3954 if (sc->mac_ver == 0x5592) { 3955 run_bbp_write(sc, 79, 0x1c); 3956 run_bbp_write(sc, 80, 0x0e); 3957 run_bbp_write(sc, 81, 0x3a); 3958 run_bbp_write(sc, 82, 0x62); 3959 3960 run_bbp_write(sc, 195, 0x80); 3961 run_bbp_write(sc, 196, 0xe0); 3962 run_bbp_write(sc, 195, 0x81); 3963 run_bbp_write(sc, 196, 0x1f); 3964 run_bbp_write(sc, 195, 0x82); 3965 run_bbp_write(sc, 196, 0x38); 3966 run_bbp_write(sc, 195, 0x83); 3967 run_bbp_write(sc, 196, 0x32); 3968 run_bbp_write(sc, 195, 0x85); 3969 run_bbp_write(sc, 196, 0x28); 3970 run_bbp_write(sc, 195, 0x86); 3971 run_bbp_write(sc, 196, 0x19); 3972 } else if (sc->mac_ver >= 0x5390) 3973 run_bbp_write(sc, 75, 0x50); 3974 else { 3975 run_bbp_write(sc, 82, 3976 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3977 run_bbp_write(sc, 75, 0x50); 3978 } 3979 } 3980 } else { 3981 if (sc->mac_ver == 0x5592) { 3982 run_bbp_write(sc, 79, 0x18); 3983 run_bbp_write(sc, 80, 0x08); 3984 run_bbp_write(sc, 81, 0x38); 3985 run_bbp_write(sc, 82, 0x92); 3986 3987 run_bbp_write(sc, 195, 0x80); 3988 run_bbp_write(sc, 196, 0xf0); 3989 run_bbp_write(sc, 195, 0x81); 3990 run_bbp_write(sc, 196, 0x1e); 3991 run_bbp_write(sc, 195, 0x82); 3992 run_bbp_write(sc, 196, 0x28); 3993 run_bbp_write(sc, 195, 0x83); 3994 run_bbp_write(sc, 196, 0x20); 3995 run_bbp_write(sc, 195, 0x85); 3996 run_bbp_write(sc, 196, 0x7f); 3997 run_bbp_write(sc, 195, 0x86); 3998 run_bbp_write(sc, 196, 0x7f); 3999 } else if (sc->mac_ver == 0x3572) 4000 run_bbp_write(sc, 82, 0x94); 4001 else 4002 run_bbp_write(sc, 82, 4003 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4004 if (sc->ext_5ghz_lna) 4005 run_bbp_write(sc, 75, 0x46); 4006 else 4007 run_bbp_write(sc, 75, 0x50); 4008 } 4009 4010 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4011 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4012 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4013 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4014 4015 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4016 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4017 if (sc->mac_ver == 0x3593) 4018 tmp |= 1 << 29 | 1 << 28; 4019 if (sc->nrxchains > 1) 4020 tmp |= RT2860_LNA_PE1_EN; 4021 if (group == 0) { /* 2GHz */ 4022 tmp |= RT2860_PA_PE_G0_EN; 4023 if (sc->ntxchains > 1) 4024 tmp |= RT2860_PA_PE_G1_EN; 4025 if (sc->mac_ver == 0x3593) { 4026 if (sc->ntxchains > 2) 4027 tmp |= 1 << 25; 4028 } 4029 } else { /* 5GHz */ 4030 tmp |= RT2860_PA_PE_A0_EN; 4031 if (sc->ntxchains > 1) 4032 tmp |= RT2860_PA_PE_A1_EN; 4033 } 4034 if (sc->mac_ver == 0x3572) { 4035 run_rt3070_rf_write(sc, 8, 0x00); 4036 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4037 run_rt3070_rf_write(sc, 8, 0x80); 4038 } else 4039 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4040 4041 if (sc->mac_ver == 0x5592) { 4042 run_bbp_write(sc, 195, 0x8d); 4043 run_bbp_write(sc, 196, 0x1a); 4044 } 4045 4046 if (sc->mac_ver == 0x3593) { 4047 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4048 tmp &= ~0x01010000; 4049 if (group == 0) 4050 tmp |= 0x00010000; 4051 tmp = (tmp & ~0x00009090) | 0x00000090; 4052 run_write(sc, RT2860_GPIO_CTRL, tmp); 4053 } 4054 4055 /* set initial AGC value */ 4056 if (group == 0) { /* 2GHz band */ 4057 if (sc->mac_ver >= 0x3070) 4058 agc = 0x1c + sc->lna[0] * 2; 4059 else 4060 agc = 0x2e + sc->lna[0]; 4061 } else { /* 5GHz band */ 4062 if (sc->mac_ver == 0x5592) 4063 agc = 0x24 + sc->lna[group] * 2; 4064 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4065 agc = 0x22 + (sc->lna[group] * 5) / 3; 4066 else 4067 agc = 0x32 + (sc->lna[group] * 5) / 3; 4068 } 4069 run_set_agc(sc, agc); 4070 } 4071 4072 static void 4073 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4074 { 4075 const struct rfprog *rfprog = rt2860_rf2850; 4076 uint32_t r2, r3, r4; 4077 int8_t txpow1, txpow2; 4078 int i; 4079 4080 /* find the settings for this channel (we know it exists) */ 4081 for (i = 0; rfprog[i].chan != chan; i++); 4082 4083 r2 = rfprog[i].r2; 4084 if (sc->ntxchains == 1) 4085 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4086 if (sc->nrxchains == 1) 4087 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4088 else if (sc->nrxchains == 2) 4089 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4090 4091 /* use Tx power values from EEPROM */ 4092 txpow1 = sc->txpow1[i]; 4093 txpow2 = sc->txpow2[i]; 4094 4095 /* Initialize RF R3 and R4. */ 4096 r3 = rfprog[i].r3 & 0xffffc1ff; 4097 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4098 if (chan > 14) { 4099 if (txpow1 >= 0) { 4100 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4101 r3 |= (txpow1 << 10) | (1 << 9); 4102 } else { 4103 txpow1 += 7; 4104 4105 /* txpow1 is not possible larger than 15. */ 4106 r3 |= (txpow1 << 10); 4107 } 4108 if (txpow2 >= 0) { 4109 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4110 r4 |= (txpow2 << 7) | (1 << 6); 4111 } else { 4112 txpow2 += 7; 4113 r4 |= (txpow2 << 7); 4114 } 4115 } else { 4116 /* Set Tx0 power. */ 4117 r3 |= (txpow1 << 9); 4118 4119 /* Set frequency offset and Tx1 power. */ 4120 r4 |= (txpow2 << 6); 4121 } 4122 4123 run_rt2870_rf_write(sc, rfprog[i].r1); 4124 run_rt2870_rf_write(sc, r2); 4125 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4126 run_rt2870_rf_write(sc, r4); 4127 4128 run_delay(sc, 10); 4129 4130 run_rt2870_rf_write(sc, rfprog[i].r1); 4131 run_rt2870_rf_write(sc, r2); 4132 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4133 run_rt2870_rf_write(sc, r4); 4134 4135 run_delay(sc, 10); 4136 4137 run_rt2870_rf_write(sc, rfprog[i].r1); 4138 run_rt2870_rf_write(sc, r2); 4139 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4140 run_rt2870_rf_write(sc, r4); 4141 } 4142 4143 static void 4144 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4145 { 4146 int8_t txpow1, txpow2; 4147 uint8_t rf; 4148 int i; 4149 4150 /* find the settings for this channel (we know it exists) */ 4151 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4152 4153 /* use Tx power values from EEPROM */ 4154 txpow1 = sc->txpow1[i]; 4155 txpow2 = sc->txpow2[i]; 4156 4157 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4158 4159 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4160 run_rt3070_rf_read(sc, 3, &rf); 4161 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4162 run_rt3070_rf_write(sc, 3, rf); 4163 4164 run_rt3070_rf_read(sc, 6, &rf); 4165 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4166 run_rt3070_rf_write(sc, 6, rf); 4167 4168 /* set Tx0 power */ 4169 run_rt3070_rf_read(sc, 12, &rf); 4170 rf = (rf & ~0x1f) | txpow1; 4171 run_rt3070_rf_write(sc, 12, rf); 4172 4173 /* set Tx1 power */ 4174 run_rt3070_rf_read(sc, 13, &rf); 4175 rf = (rf & ~0x1f) | txpow2; 4176 run_rt3070_rf_write(sc, 13, rf); 4177 4178 run_rt3070_rf_read(sc, 1, &rf); 4179 rf &= ~0xfc; 4180 if (sc->ntxchains == 1) 4181 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4182 else if (sc->ntxchains == 2) 4183 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4184 if (sc->nrxchains == 1) 4185 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4186 else if (sc->nrxchains == 2) 4187 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4188 run_rt3070_rf_write(sc, 1, rf); 4189 4190 /* set RF offset */ 4191 run_rt3070_rf_read(sc, 23, &rf); 4192 rf = (rf & ~0x7f) | sc->freq; 4193 run_rt3070_rf_write(sc, 23, rf); 4194 4195 /* program RF filter */ 4196 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4197 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4198 run_rt3070_rf_write(sc, 24, rf); 4199 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4200 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4201 run_rt3070_rf_write(sc, 31, rf); 4202 4203 /* enable RF tuning */ 4204 run_rt3070_rf_read(sc, 7, &rf); 4205 run_rt3070_rf_write(sc, 7, rf | 0x01); 4206 } 4207 4208 static void 4209 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4210 { 4211 int8_t txpow1, txpow2; 4212 uint32_t tmp; 4213 uint8_t rf; 4214 int i; 4215 4216 /* find the settings for this channel (we know it exists) */ 4217 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4218 4219 /* use Tx power values from EEPROM */ 4220 txpow1 = sc->txpow1[i]; 4221 txpow2 = sc->txpow2[i]; 4222 4223 if (chan <= 14) { 4224 run_bbp_write(sc, 25, sc->bbp25); 4225 run_bbp_write(sc, 26, sc->bbp26); 4226 } else { 4227 /* enable IQ phase correction */ 4228 run_bbp_write(sc, 25, 0x09); 4229 run_bbp_write(sc, 26, 0xff); 4230 } 4231 4232 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4233 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4234 run_rt3070_rf_read(sc, 6, &rf); 4235 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4236 rf |= (chan <= 14) ? 0x08 : 0x04; 4237 run_rt3070_rf_write(sc, 6, rf); 4238 4239 /* set PLL mode */ 4240 run_rt3070_rf_read(sc, 5, &rf); 4241 rf &= ~(0x08 | 0x04); 4242 rf |= (chan <= 14) ? 0x04 : 0x08; 4243 run_rt3070_rf_write(sc, 5, rf); 4244 4245 /* set Tx power for chain 0 */ 4246 if (chan <= 14) 4247 rf = 0x60 | txpow1; 4248 else 4249 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4250 run_rt3070_rf_write(sc, 12, rf); 4251 4252 /* set Tx power for chain 1 */ 4253 if (chan <= 14) 4254 rf = 0x60 | txpow2; 4255 else 4256 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4257 run_rt3070_rf_write(sc, 13, rf); 4258 4259 /* set Tx/Rx streams */ 4260 run_rt3070_rf_read(sc, 1, &rf); 4261 rf &= ~0xfc; 4262 if (sc->ntxchains == 1) 4263 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4264 else if (sc->ntxchains == 2) 4265 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4266 if (sc->nrxchains == 1) 4267 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4268 else if (sc->nrxchains == 2) 4269 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4270 run_rt3070_rf_write(sc, 1, rf); 4271 4272 /* set RF offset */ 4273 run_rt3070_rf_read(sc, 23, &rf); 4274 rf = (rf & ~0x7f) | sc->freq; 4275 run_rt3070_rf_write(sc, 23, rf); 4276 4277 /* program RF filter */ 4278 rf = sc->rf24_20mhz; 4279 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4280 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4281 4282 /* enable RF tuning */ 4283 run_rt3070_rf_read(sc, 7, &rf); 4284 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4285 run_rt3070_rf_write(sc, 7, rf); 4286 4287 /* TSSI */ 4288 rf = (chan <= 14) ? 0xc3 : 0xc0; 4289 run_rt3070_rf_write(sc, 9, rf); 4290 4291 /* set loop filter 1 */ 4292 run_rt3070_rf_write(sc, 10, 0xf1); 4293 /* set loop filter 2 */ 4294 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4295 4296 /* set tx_mx2_ic */ 4297 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4298 /* set tx_mx1_ic */ 4299 if (chan <= 14) 4300 rf = 0x48 | sc->txmixgain_2ghz; 4301 else 4302 rf = 0x78 | sc->txmixgain_5ghz; 4303 run_rt3070_rf_write(sc, 16, rf); 4304 4305 /* set tx_lo1 */ 4306 run_rt3070_rf_write(sc, 17, 0x23); 4307 /* set tx_lo2 */ 4308 if (chan <= 14) 4309 rf = 0x93; 4310 else if (chan <= 64) 4311 rf = 0xb7; 4312 else if (chan <= 128) 4313 rf = 0x74; 4314 else 4315 rf = 0x72; 4316 run_rt3070_rf_write(sc, 19, rf); 4317 4318 /* set rx_lo1 */ 4319 if (chan <= 14) 4320 rf = 0xb3; 4321 else if (chan <= 64) 4322 rf = 0xf6; 4323 else if (chan <= 128) 4324 rf = 0xf4; 4325 else 4326 rf = 0xf3; 4327 run_rt3070_rf_write(sc, 20, rf); 4328 4329 /* set pfd_delay */ 4330 if (chan <= 14) 4331 rf = 0x15; 4332 else if (chan <= 64) 4333 rf = 0x3d; 4334 else 4335 rf = 0x01; 4336 run_rt3070_rf_write(sc, 25, rf); 4337 4338 /* set rx_lo2 */ 4339 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4340 /* set ldo_rf_vc */ 4341 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4342 /* set drv_cc */ 4343 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4344 4345 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4346 tmp &= ~0x8080; 4347 if (chan <= 14) 4348 tmp |= 0x80; 4349 run_write(sc, RT2860_GPIO_CTRL, tmp); 4350 4351 /* enable RF tuning */ 4352 run_rt3070_rf_read(sc, 7, &rf); 4353 run_rt3070_rf_write(sc, 7, rf | 0x01); 4354 4355 run_delay(sc, 2); 4356 } 4357 4358 static void 4359 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4360 { 4361 int8_t txpow1, txpow2, txpow3; 4362 uint8_t h20mhz, rf; 4363 int i; 4364 4365 /* find the settings for this channel (we know it exists) */ 4366 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4367 4368 /* use Tx power values from EEPROM */ 4369 txpow1 = sc->txpow1[i]; 4370 txpow2 = sc->txpow2[i]; 4371 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4372 4373 if (chan <= 14) { 4374 run_bbp_write(sc, 25, sc->bbp25); 4375 run_bbp_write(sc, 26, sc->bbp26); 4376 } else { 4377 /* Enable IQ phase correction. */ 4378 run_bbp_write(sc, 25, 0x09); 4379 run_bbp_write(sc, 26, 0xff); 4380 } 4381 4382 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4383 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4384 run_rt3070_rf_read(sc, 11, &rf); 4385 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4386 run_rt3070_rf_write(sc, 11, rf); 4387 4388 /* Set pll_idoh. */ 4389 run_rt3070_rf_read(sc, 11, &rf); 4390 rf &= ~0x4c; 4391 rf |= (chan <= 14) ? 0x44 : 0x48; 4392 run_rt3070_rf_write(sc, 11, rf); 4393 4394 if (chan <= 14) 4395 rf = txpow1 & 0x1f; 4396 else 4397 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4398 run_rt3070_rf_write(sc, 53, rf); 4399 4400 if (chan <= 14) 4401 rf = txpow2 & 0x1f; 4402 else 4403 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4404 run_rt3070_rf_write(sc, 55, rf); 4405 4406 if (chan <= 14) 4407 rf = txpow3 & 0x1f; 4408 else 4409 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4410 run_rt3070_rf_write(sc, 54, rf); 4411 4412 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4413 if (sc->ntxchains == 3) 4414 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4415 else 4416 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4417 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4418 run_rt3070_rf_write(sc, 1, rf); 4419 4420 run_adjust_freq_offset(sc); 4421 4422 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4423 4424 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4425 run_rt3070_rf_read(sc, 30, &rf); 4426 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4427 run_rt3070_rf_write(sc, 30, rf); 4428 4429 run_rt3070_rf_read(sc, 36, &rf); 4430 if (chan <= 14) 4431 rf |= 0x80; 4432 else 4433 rf &= ~0x80; 4434 run_rt3070_rf_write(sc, 36, rf); 4435 4436 /* Set vcolo_bs. */ 4437 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4438 /* Set pfd_delay. */ 4439 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4440 4441 /* Set vco bias current control. */ 4442 run_rt3070_rf_read(sc, 6, &rf); 4443 rf &= ~0xc0; 4444 if (chan <= 14) 4445 rf |= 0x40; 4446 else if (chan <= 128) 4447 rf |= 0x80; 4448 else 4449 rf |= 0x40; 4450 run_rt3070_rf_write(sc, 6, rf); 4451 4452 run_rt3070_rf_read(sc, 30, &rf); 4453 rf = (rf & ~0x18) | 0x10; 4454 run_rt3070_rf_write(sc, 30, rf); 4455 4456 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4457 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4458 4459 run_rt3070_rf_read(sc, 51, &rf); 4460 rf = (rf & ~0x03) | 0x01; 4461 run_rt3070_rf_write(sc, 51, rf); 4462 /* Set tx_mx1_cc. */ 4463 run_rt3070_rf_read(sc, 51, &rf); 4464 rf &= ~0x1c; 4465 rf |= (chan <= 14) ? 0x14 : 0x10; 4466 run_rt3070_rf_write(sc, 51, rf); 4467 /* Set tx_mx1_ic. */ 4468 run_rt3070_rf_read(sc, 51, &rf); 4469 rf &= ~0xe0; 4470 rf |= (chan <= 14) ? 0x60 : 0x40; 4471 run_rt3070_rf_write(sc, 51, rf); 4472 /* Set tx_lo1_ic. */ 4473 run_rt3070_rf_read(sc, 49, &rf); 4474 rf &= ~0x1c; 4475 rf |= (chan <= 14) ? 0x0c : 0x08; 4476 run_rt3070_rf_write(sc, 49, rf); 4477 /* Set tx_lo1_en. */ 4478 run_rt3070_rf_read(sc, 50, &rf); 4479 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4480 /* Set drv_cc. */ 4481 run_rt3070_rf_read(sc, 57, &rf); 4482 rf &= ~0xfc; 4483 rf |= (chan <= 14) ? 0x6c : 0x3c; 4484 run_rt3070_rf_write(sc, 57, rf); 4485 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4486 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4487 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4488 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4489 /* Enable VCO calibration. */ 4490 run_rt3070_rf_read(sc, 3, &rf); 4491 rf &= ~RT5390_VCOCAL; 4492 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4493 run_rt3070_rf_write(sc, 3, rf); 4494 4495 if (chan <= 14) 4496 rf = 0x23; 4497 else if (chan <= 64) 4498 rf = 0x36; 4499 else if (chan <= 128) 4500 rf = 0x32; 4501 else 4502 rf = 0x30; 4503 run_rt3070_rf_write(sc, 39, rf); 4504 if (chan <= 14) 4505 rf = 0xbb; 4506 else if (chan <= 64) 4507 rf = 0xeb; 4508 else if (chan <= 128) 4509 rf = 0xb3; 4510 else 4511 rf = 0x9b; 4512 run_rt3070_rf_write(sc, 45, rf); 4513 4514 /* Set FEQ/AEQ control. */ 4515 run_bbp_write(sc, 105, 0x34); 4516 } 4517 4518 static void 4519 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4520 { 4521 int8_t txpow1, txpow2; 4522 uint8_t rf; 4523 int i; 4524 4525 /* find the settings for this channel (we know it exists) */ 4526 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4527 4528 /* use Tx power values from EEPROM */ 4529 txpow1 = sc->txpow1[i]; 4530 txpow2 = sc->txpow2[i]; 4531 4532 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4533 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4534 run_rt3070_rf_read(sc, 11, &rf); 4535 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4536 run_rt3070_rf_write(sc, 11, rf); 4537 4538 run_rt3070_rf_read(sc, 49, &rf); 4539 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4540 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4541 if ((rf & 0x3f) > 0x27) 4542 rf = (rf & ~0x3f) | 0x27; 4543 run_rt3070_rf_write(sc, 49, rf); 4544 4545 if (sc->mac_ver == 0x5392) { 4546 run_rt3070_rf_read(sc, 50, &rf); 4547 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4548 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4549 if ((rf & 0x3f) > 0x27) 4550 rf = (rf & ~0x3f) | 0x27; 4551 run_rt3070_rf_write(sc, 50, rf); 4552 } 4553 4554 run_rt3070_rf_read(sc, 1, &rf); 4555 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4556 if (sc->mac_ver == 0x5392) 4557 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4558 run_rt3070_rf_write(sc, 1, rf); 4559 4560 if (sc->mac_ver != 0x5392) { 4561 run_rt3070_rf_read(sc, 2, &rf); 4562 rf |= 0x80; 4563 run_rt3070_rf_write(sc, 2, rf); 4564 run_delay(sc, 10); 4565 rf &= 0x7f; 4566 run_rt3070_rf_write(sc, 2, rf); 4567 } 4568 4569 run_adjust_freq_offset(sc); 4570 4571 if (sc->mac_ver == 0x5392) { 4572 /* Fix for RT5392C. */ 4573 if (sc->mac_rev >= 0x0223) { 4574 if (chan <= 4) 4575 rf = 0x0f; 4576 else if (chan >= 5 && chan <= 7) 4577 rf = 0x0e; 4578 else 4579 rf = 0x0d; 4580 run_rt3070_rf_write(sc, 23, rf); 4581 4582 if (chan <= 4) 4583 rf = 0x0c; 4584 else if (chan == 5) 4585 rf = 0x0b; 4586 else if (chan >= 6 && chan <= 7) 4587 rf = 0x0a; 4588 else if (chan >= 8 && chan <= 10) 4589 rf = 0x09; 4590 else 4591 rf = 0x08; 4592 run_rt3070_rf_write(sc, 59, rf); 4593 } else { 4594 if (chan <= 11) 4595 rf = 0x0f; 4596 else 4597 rf = 0x0b; 4598 run_rt3070_rf_write(sc, 59, rf); 4599 } 4600 } else { 4601 /* Fix for RT5390F. */ 4602 if (sc->mac_rev >= 0x0502) { 4603 if (chan <= 11) 4604 rf = 0x43; 4605 else 4606 rf = 0x23; 4607 run_rt3070_rf_write(sc, 55, rf); 4608 4609 if (chan <= 11) 4610 rf = 0x0f; 4611 else if (chan == 12) 4612 rf = 0x0d; 4613 else 4614 rf = 0x0b; 4615 run_rt3070_rf_write(sc, 59, rf); 4616 } else { 4617 run_rt3070_rf_write(sc, 55, 0x44); 4618 run_rt3070_rf_write(sc, 59, 0x8f); 4619 } 4620 } 4621 4622 /* Enable VCO calibration. */ 4623 run_rt3070_rf_read(sc, 3, &rf); 4624 rf |= RT5390_VCOCAL; 4625 run_rt3070_rf_write(sc, 3, rf); 4626 } 4627 4628 static void 4629 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4630 { 4631 const struct rt5592_freqs *freqs; 4632 uint32_t tmp; 4633 uint8_t reg, rf, txpow_bound; 4634 int8_t txpow1, txpow2; 4635 int i; 4636 4637 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4638 freqs = (tmp & RT5592_SEL_XTAL) ? 4639 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4640 4641 /* find the settings for this channel (we know it exists) */ 4642 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4643 4644 /* use Tx power values from EEPROM */ 4645 txpow1 = sc->txpow1[i]; 4646 txpow2 = sc->txpow2[i]; 4647 4648 run_read(sc, RT3070_LDO_CFG0, &tmp); 4649 tmp &= ~0x1c000000; 4650 if (chan > 14) 4651 tmp |= 0x14000000; 4652 run_write(sc, RT3070_LDO_CFG0, tmp); 4653 4654 /* N setting. */ 4655 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4656 run_rt3070_rf_read(sc, 9, &rf); 4657 rf &= ~(1 << 4); 4658 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4659 run_rt3070_rf_write(sc, 9, rf); 4660 4661 /* K setting. */ 4662 run_rt3070_rf_read(sc, 9, &rf); 4663 rf &= ~0x0f; 4664 rf |= (freqs->k & 0x0f); 4665 run_rt3070_rf_write(sc, 9, rf); 4666 4667 /* Mode setting. */ 4668 run_rt3070_rf_read(sc, 11, &rf); 4669 rf &= ~0x0c; 4670 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4671 run_rt3070_rf_write(sc, 11, rf); 4672 run_rt3070_rf_read(sc, 9, &rf); 4673 rf &= ~(1 << 7); 4674 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4675 run_rt3070_rf_write(sc, 9, rf); 4676 4677 /* R setting. */ 4678 run_rt3070_rf_read(sc, 11, &rf); 4679 rf &= ~0x03; 4680 rf |= (freqs->r - 0x1); 4681 run_rt3070_rf_write(sc, 11, rf); 4682 4683 if (chan <= 14) { 4684 /* Initialize RF registers for 2GHZ. */ 4685 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4686 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4687 rt5592_2ghz_def_rf[i].val); 4688 } 4689 4690 rf = (chan <= 10) ? 0x07 : 0x06; 4691 run_rt3070_rf_write(sc, 23, rf); 4692 run_rt3070_rf_write(sc, 59, rf); 4693 4694 run_rt3070_rf_write(sc, 55, 0x43); 4695 4696 /* 4697 * RF R49/R50 Tx power ALC code. 4698 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4699 */ 4700 reg = 2; 4701 txpow_bound = 0x27; 4702 } else { 4703 /* Initialize RF registers for 5GHZ. */ 4704 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4705 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4706 rt5592_5ghz_def_rf[i].val); 4707 } 4708 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4709 if (chan >= rt5592_chan_5ghz[i].firstchan && 4710 chan <= rt5592_chan_5ghz[i].lastchan) { 4711 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4712 rt5592_chan_5ghz[i].val); 4713 } 4714 } 4715 4716 /* 4717 * RF R49/R50 Tx power ALC code. 4718 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4719 */ 4720 reg = 3; 4721 txpow_bound = 0x2b; 4722 } 4723 4724 /* RF R49 ch0 Tx power ALC code. */ 4725 run_rt3070_rf_read(sc, 49, &rf); 4726 rf &= ~0xc0; 4727 rf |= (reg << 6); 4728 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4729 if ((rf & 0x3f) > txpow_bound) 4730 rf = (rf & ~0x3f) | txpow_bound; 4731 run_rt3070_rf_write(sc, 49, rf); 4732 4733 /* RF R50 ch1 Tx power ALC code. */ 4734 run_rt3070_rf_read(sc, 50, &rf); 4735 rf &= ~(1 << 7 | 1 << 6); 4736 rf |= (reg << 6); 4737 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4738 if ((rf & 0x3f) > txpow_bound) 4739 rf = (rf & ~0x3f) | txpow_bound; 4740 run_rt3070_rf_write(sc, 50, rf); 4741 4742 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4743 run_rt3070_rf_read(sc, 1, &rf); 4744 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4745 if (sc->ntxchains > 1) 4746 rf |= RT3070_TX1_PD; 4747 if (sc->nrxchains > 1) 4748 rf |= RT3070_RX1_PD; 4749 run_rt3070_rf_write(sc, 1, rf); 4750 4751 run_rt3070_rf_write(sc, 6, 0xe4); 4752 4753 run_rt3070_rf_write(sc, 30, 0x10); 4754 run_rt3070_rf_write(sc, 31, 0x80); 4755 run_rt3070_rf_write(sc, 32, 0x80); 4756 4757 run_adjust_freq_offset(sc); 4758 4759 /* Enable VCO calibration. */ 4760 run_rt3070_rf_read(sc, 3, &rf); 4761 rf |= RT5390_VCOCAL; 4762 run_rt3070_rf_write(sc, 3, rf); 4763 } 4764 4765 static void 4766 run_set_rx_antenna(struct run_softc *sc, int aux) 4767 { 4768 uint32_t tmp; 4769 uint8_t bbp152; 4770 4771 if (aux) { 4772 if (sc->rf_rev == RT5390_RF_5370) { 4773 run_bbp_read(sc, 152, &bbp152); 4774 run_bbp_write(sc, 152, bbp152 & ~0x80); 4775 } else { 4776 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4777 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4778 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4779 } 4780 } else { 4781 if (sc->rf_rev == RT5390_RF_5370) { 4782 run_bbp_read(sc, 152, &bbp152); 4783 run_bbp_write(sc, 152, bbp152 | 0x80); 4784 } else { 4785 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4786 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4787 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4788 } 4789 } 4790 } 4791 4792 static int 4793 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4794 { 4795 struct ieee80211com *ic = &sc->sc_ic; 4796 u_int chan, group; 4797 4798 chan = ieee80211_chan2ieee(ic, c); 4799 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4800 return (EINVAL); 4801 4802 if (sc->mac_ver == 0x5592) 4803 run_rt5592_set_chan(sc, chan); 4804 else if (sc->mac_ver >= 0x5390) 4805 run_rt5390_set_chan(sc, chan); 4806 else if (sc->mac_ver == 0x3593) 4807 run_rt3593_set_chan(sc, chan); 4808 else if (sc->mac_ver == 0x3572) 4809 run_rt3572_set_chan(sc, chan); 4810 else if (sc->mac_ver >= 0x3070) 4811 run_rt3070_set_chan(sc, chan); 4812 else 4813 run_rt2870_set_chan(sc, chan); 4814 4815 /* determine channel group */ 4816 if (chan <= 14) 4817 group = 0; 4818 else if (chan <= 64) 4819 group = 1; 4820 else if (chan <= 128) 4821 group = 2; 4822 else 4823 group = 3; 4824 4825 /* XXX necessary only when group has changed! */ 4826 run_select_chan_group(sc, group); 4827 4828 run_delay(sc, 10); 4829 4830 /* Perform IQ calibration. */ 4831 if (sc->mac_ver >= 0x5392) 4832 run_iq_calib(sc, chan); 4833 4834 return (0); 4835 } 4836 4837 static void 4838 run_set_channel(struct ieee80211com *ic) 4839 { 4840 struct run_softc *sc = ic->ic_softc; 4841 4842 RUN_LOCK(sc); 4843 run_set_chan(sc, ic->ic_curchan); 4844 RUN_UNLOCK(sc); 4845 4846 return; 4847 } 4848 4849 static void 4850 run_getradiocaps(struct ieee80211com *ic, 4851 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4852 { 4853 struct run_softc *sc = ic->ic_softc; 4854 uint8_t bands[IEEE80211_MODE_BYTES]; 4855 4856 memset(bands, 0, sizeof(bands)); 4857 setbit(bands, IEEE80211_MODE_11B); 4858 setbit(bands, IEEE80211_MODE_11G); 4859 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4860 4861 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4862 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4863 sc->rf_rev == RT5592_RF_5592) { 4864 setbit(bands, IEEE80211_MODE_11A); 4865 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4866 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4867 } 4868 } 4869 4870 static void 4871 run_scan_start(struct ieee80211com *ic) 4872 { 4873 struct run_softc *sc = ic->ic_softc; 4874 uint32_t tmp; 4875 4876 RUN_LOCK(sc); 4877 4878 /* abort TSF synchronization */ 4879 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4880 run_write(sc, RT2860_BCN_TIME_CFG, 4881 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4882 RT2860_TBTT_TIMER_EN)); 4883 run_set_bssid(sc, ieee80211broadcastaddr); 4884 4885 RUN_UNLOCK(sc); 4886 4887 return; 4888 } 4889 4890 static void 4891 run_scan_end(struct ieee80211com *ic) 4892 { 4893 struct run_softc *sc = ic->ic_softc; 4894 4895 RUN_LOCK(sc); 4896 4897 run_enable_tsf_sync(sc); 4898 run_set_bssid(sc, sc->sc_bssid); 4899 4900 RUN_UNLOCK(sc); 4901 4902 return; 4903 } 4904 4905 /* 4906 * Could be called from ieee80211_node_timeout() 4907 * (non-sleepable thread) 4908 */ 4909 static void 4910 run_update_beacon(struct ieee80211vap *vap, int item) 4911 { 4912 struct ieee80211com *ic = vap->iv_ic; 4913 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4914 struct ieee80211_node *ni = vap->iv_bss; 4915 struct run_softc *sc = ic->ic_softc; 4916 struct run_vap *rvp = RUN_VAP(vap); 4917 int mcast = 0; 4918 uint32_t i; 4919 4920 switch (item) { 4921 case IEEE80211_BEACON_ERP: 4922 run_updateslot(ic); 4923 break; 4924 case IEEE80211_BEACON_HTINFO: 4925 run_updateprot(ic); 4926 break; 4927 case IEEE80211_BEACON_TIM: 4928 mcast = 1; /*TODO*/ 4929 break; 4930 default: 4931 break; 4932 } 4933 4934 setbit(bo->bo_flags, item); 4935 if (rvp->beacon_mbuf == NULL) { 4936 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4937 if (rvp->beacon_mbuf == NULL) 4938 return; 4939 } 4940 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4941 4942 i = RUN_CMDQ_GET(&sc->cmdq_store); 4943 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4944 sc->cmdq[i].func = run_update_beacon_cb; 4945 sc->cmdq[i].arg0 = vap; 4946 ieee80211_runtask(ic, &sc->cmdq_task); 4947 4948 return; 4949 } 4950 4951 static void 4952 run_update_beacon_cb(void *arg) 4953 { 4954 struct ieee80211vap *vap = arg; 4955 struct ieee80211_node *ni = vap->iv_bss; 4956 struct run_vap *rvp = RUN_VAP(vap); 4957 struct ieee80211com *ic = vap->iv_ic; 4958 struct run_softc *sc = ic->ic_softc; 4959 struct rt2860_txwi txwi; 4960 struct mbuf *m; 4961 uint16_t txwisize; 4962 uint8_t ridx; 4963 4964 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4965 return; 4966 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4967 return; 4968 4969 /* 4970 * No need to call ieee80211_beacon_update(), run_update_beacon() 4971 * is taking care of appropriate calls. 4972 */ 4973 if (rvp->beacon_mbuf == NULL) { 4974 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4975 if (rvp->beacon_mbuf == NULL) 4976 return; 4977 } 4978 m = rvp->beacon_mbuf; 4979 4980 memset(&txwi, 0, sizeof(txwi)); 4981 txwi.wcid = 0xff; 4982 txwi.len = htole16(m->m_pkthdr.len); 4983 4984 /* send beacons at the lowest available rate */ 4985 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4986 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4987 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4988 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4989 txwi.phy |= htole16(RT2860_PHY_OFDM); 4990 txwi.txop = RT2860_TX_TXOP_HT; 4991 txwi.flags = RT2860_TX_TS; 4992 txwi.xflags = RT2860_TX_NSEQ; 4993 4994 txwisize = (sc->mac_ver == 0x5592) ? 4995 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4996 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4997 txwisize); 4998 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4999 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 5000 } 5001 5002 static void 5003 run_updateprot(struct ieee80211com *ic) 5004 { 5005 struct run_softc *sc = ic->ic_softc; 5006 uint32_t i; 5007 5008 i = RUN_CMDQ_GET(&sc->cmdq_store); 5009 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5010 sc->cmdq[i].func = run_updateprot_cb; 5011 sc->cmdq[i].arg0 = ic; 5012 ieee80211_runtask(ic, &sc->cmdq_task); 5013 } 5014 5015 static void 5016 run_updateprot_cb(void *arg) 5017 { 5018 struct ieee80211com *ic = arg; 5019 struct run_softc *sc = ic->ic_softc; 5020 uint32_t tmp; 5021 5022 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5023 /* setup protection frame rate (MCS code) */ 5024 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5025 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5026 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5027 5028 /* CCK frames don't require protection */ 5029 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5030 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5031 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5032 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5033 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5034 tmp |= RT2860_PROT_CTRL_CTS; 5035 } 5036 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5037 } 5038 5039 static void 5040 run_usb_timeout_cb(void *arg) 5041 { 5042 struct ieee80211vap *vap = arg; 5043 struct run_softc *sc = vap->iv_ic->ic_softc; 5044 5045 RUN_LOCK_ASSERT(sc, MA_OWNED); 5046 5047 if(vap->iv_state == IEEE80211_S_RUN && 5048 vap->iv_opmode != IEEE80211_M_STA) 5049 run_reset_livelock(sc); 5050 else if (vap->iv_state == IEEE80211_S_SCAN) { 5051 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5052 "timeout caused by scan\n"); 5053 /* cancel bgscan */ 5054 ieee80211_cancel_scan(vap); 5055 } else 5056 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5057 "timeout by unknown cause\n"); 5058 } 5059 5060 static void 5061 run_reset_livelock(struct run_softc *sc) 5062 { 5063 uint32_t tmp; 5064 5065 RUN_LOCK_ASSERT(sc, MA_OWNED); 5066 5067 /* 5068 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5069 * can run into a livelock and start sending CTS-to-self frames like 5070 * crazy if protection is enabled. Reset MAC/BBP for a while 5071 */ 5072 run_read(sc, RT2860_DEBUG, &tmp); 5073 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5074 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5075 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5076 "CTS-to-self livelock detected\n"); 5077 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5078 run_delay(sc, 1); 5079 run_write(sc, RT2860_MAC_SYS_CTRL, 5080 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5081 } 5082 } 5083 5084 static void 5085 run_update_promisc_locked(struct run_softc *sc) 5086 { 5087 uint32_t tmp; 5088 5089 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5090 5091 tmp |= RT2860_DROP_UC_NOME; 5092 if (sc->sc_ic.ic_promisc > 0) 5093 tmp &= ~RT2860_DROP_UC_NOME; 5094 5095 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5096 5097 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5098 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5099 } 5100 5101 static void 5102 run_update_promisc(struct ieee80211com *ic) 5103 { 5104 struct run_softc *sc = ic->ic_softc; 5105 5106 if ((sc->sc_flags & RUN_RUNNING) == 0) 5107 return; 5108 5109 RUN_LOCK(sc); 5110 run_update_promisc_locked(sc); 5111 RUN_UNLOCK(sc); 5112 } 5113 5114 static void 5115 run_enable_tsf_sync(struct run_softc *sc) 5116 { 5117 struct ieee80211com *ic = &sc->sc_ic; 5118 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5119 uint32_t tmp; 5120 5121 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5122 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5123 5124 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5125 tmp &= ~0x1fffff; 5126 tmp |= vap->iv_bss->ni_intval * 16; 5127 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5128 5129 if (ic->ic_opmode == IEEE80211_M_STA) { 5130 /* 5131 * Local TSF is always updated with remote TSF on beacon 5132 * reception. 5133 */ 5134 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5135 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5136 tmp |= RT2860_BCN_TX_EN; 5137 /* 5138 * Local TSF is updated with remote TSF on beacon reception 5139 * only if the remote TSF is greater than local TSF. 5140 */ 5141 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5142 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5143 ic->ic_opmode == IEEE80211_M_MBSS) { 5144 tmp |= RT2860_BCN_TX_EN; 5145 /* SYNC with nobody */ 5146 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5147 } else { 5148 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5149 "Enabling TSF failed. undefined opmode\n"); 5150 return; 5151 } 5152 5153 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5154 } 5155 5156 static void 5157 run_enable_tsf(struct run_softc *sc) 5158 { 5159 uint32_t tmp; 5160 5161 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5162 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5163 tmp |= RT2860_TSF_TIMER_EN; 5164 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5165 } 5166 } 5167 5168 static void 5169 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5170 { 5171 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5172 sizeof(*buf)); 5173 } 5174 5175 static void 5176 run_enable_mrr(struct run_softc *sc) 5177 { 5178 #define CCK(mcs) (mcs) 5179 #define OFDM(mcs) (1 << 3 | (mcs)) 5180 run_write(sc, RT2860_LG_FBK_CFG0, 5181 OFDM(6) << 28 | /* 54->48 */ 5182 OFDM(5) << 24 | /* 48->36 */ 5183 OFDM(4) << 20 | /* 36->24 */ 5184 OFDM(3) << 16 | /* 24->18 */ 5185 OFDM(2) << 12 | /* 18->12 */ 5186 OFDM(1) << 8 | /* 12-> 9 */ 5187 OFDM(0) << 4 | /* 9-> 6 */ 5188 OFDM(0)); /* 6-> 6 */ 5189 5190 run_write(sc, RT2860_LG_FBK_CFG1, 5191 CCK(2) << 12 | /* 11->5.5 */ 5192 CCK(1) << 8 | /* 5.5-> 2 */ 5193 CCK(0) << 4 | /* 2-> 1 */ 5194 CCK(0)); /* 1-> 1 */ 5195 #undef OFDM 5196 #undef CCK 5197 } 5198 5199 static void 5200 run_set_txpreamble(struct run_softc *sc) 5201 { 5202 struct ieee80211com *ic = &sc->sc_ic; 5203 uint32_t tmp; 5204 5205 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5206 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5207 tmp |= RT2860_CCK_SHORT_EN; 5208 else 5209 tmp &= ~RT2860_CCK_SHORT_EN; 5210 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5211 } 5212 5213 static void 5214 run_set_basicrates(struct run_softc *sc) 5215 { 5216 struct ieee80211com *ic = &sc->sc_ic; 5217 5218 /* set basic rates mask */ 5219 if (ic->ic_curmode == IEEE80211_MODE_11B) 5220 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5221 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5222 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5223 else /* 11g */ 5224 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5225 } 5226 5227 static void 5228 run_set_leds(struct run_softc *sc, uint16_t which) 5229 { 5230 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5231 which | (sc->leds & 0x7f)); 5232 } 5233 5234 static void 5235 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5236 { 5237 run_write(sc, RT2860_MAC_BSSID_DW0, 5238 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5239 run_write(sc, RT2860_MAC_BSSID_DW1, 5240 bssid[4] | bssid[5] << 8); 5241 } 5242 5243 static void 5244 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5245 { 5246 run_write(sc, RT2860_MAC_ADDR_DW0, 5247 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5248 run_write(sc, RT2860_MAC_ADDR_DW1, 5249 addr[4] | addr[5] << 8 | 0xff << 16); 5250 } 5251 5252 static void 5253 run_updateslot(struct ieee80211com *ic) 5254 { 5255 struct run_softc *sc = ic->ic_softc; 5256 uint32_t i; 5257 5258 i = RUN_CMDQ_GET(&sc->cmdq_store); 5259 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5260 sc->cmdq[i].func = run_updateslot_cb; 5261 sc->cmdq[i].arg0 = ic; 5262 ieee80211_runtask(ic, &sc->cmdq_task); 5263 5264 return; 5265 } 5266 5267 /* ARGSUSED */ 5268 static void 5269 run_updateslot_cb(void *arg) 5270 { 5271 struct ieee80211com *ic = arg; 5272 struct run_softc *sc = ic->ic_softc; 5273 uint32_t tmp; 5274 5275 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5276 tmp &= ~0xff; 5277 tmp |= IEEE80211_GET_SLOTTIME(ic); 5278 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5279 } 5280 5281 static void 5282 run_update_mcast(struct ieee80211com *ic) 5283 { 5284 } 5285 5286 static int8_t 5287 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5288 { 5289 struct ieee80211com *ic = &sc->sc_ic; 5290 struct ieee80211_channel *c = ic->ic_curchan; 5291 int delta; 5292 5293 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5294 u_int chan = ieee80211_chan2ieee(ic, c); 5295 delta = sc->rssi_5ghz[rxchain]; 5296 5297 /* determine channel group */ 5298 if (chan <= 64) 5299 delta -= sc->lna[1]; 5300 else if (chan <= 128) 5301 delta -= sc->lna[2]; 5302 else 5303 delta -= sc->lna[3]; 5304 } else 5305 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5306 5307 return (-12 - delta - rssi); 5308 } 5309 5310 static void 5311 run_rt5390_bbp_init(struct run_softc *sc) 5312 { 5313 u_int i; 5314 uint8_t bbp; 5315 5316 /* Apply maximum likelihood detection for 2 stream case. */ 5317 run_bbp_read(sc, 105, &bbp); 5318 if (sc->nrxchains > 1) 5319 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5320 5321 /* Avoid data lost and CRC error. */ 5322 run_bbp_read(sc, 4, &bbp); 5323 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5324 5325 if (sc->mac_ver == 0x5592) { 5326 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5327 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5328 rt5592_def_bbp[i].val); 5329 } 5330 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5331 run_bbp_write(sc, 195, i + 0x80); 5332 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5333 } 5334 } else { 5335 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5336 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5337 rt5390_def_bbp[i].val); 5338 } 5339 } 5340 if (sc->mac_ver == 0x5392) { 5341 run_bbp_write(sc, 88, 0x90); 5342 run_bbp_write(sc, 95, 0x9a); 5343 run_bbp_write(sc, 98, 0x12); 5344 run_bbp_write(sc, 106, 0x12); 5345 run_bbp_write(sc, 134, 0xd0); 5346 run_bbp_write(sc, 135, 0xf6); 5347 run_bbp_write(sc, 148, 0x84); 5348 } 5349 5350 run_bbp_read(sc, 152, &bbp); 5351 run_bbp_write(sc, 152, bbp | 0x80); 5352 5353 /* Fix BBP254 for RT5592C. */ 5354 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5355 run_bbp_read(sc, 254, &bbp); 5356 run_bbp_write(sc, 254, bbp | 0x80); 5357 } 5358 5359 /* Disable hardware antenna diversity. */ 5360 if (sc->mac_ver == 0x5390) 5361 run_bbp_write(sc, 154, 0); 5362 5363 /* Initialize Rx CCK/OFDM frequency offset report. */ 5364 run_bbp_write(sc, 142, 1); 5365 run_bbp_write(sc, 143, 57); 5366 } 5367 5368 static int 5369 run_bbp_init(struct run_softc *sc) 5370 { 5371 int i, error, ntries; 5372 uint8_t bbp0; 5373 5374 /* wait for BBP to wake up */ 5375 for (ntries = 0; ntries < 20; ntries++) { 5376 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5377 return error; 5378 if (bbp0 != 0 && bbp0 != 0xff) 5379 break; 5380 } 5381 if (ntries == 20) 5382 return (ETIMEDOUT); 5383 5384 /* initialize BBP registers to default values */ 5385 if (sc->mac_ver >= 0x5390) 5386 run_rt5390_bbp_init(sc); 5387 else { 5388 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5389 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5390 rt2860_def_bbp[i].val); 5391 } 5392 } 5393 5394 if (sc->mac_ver == 0x3593) { 5395 run_bbp_write(sc, 79, 0x13); 5396 run_bbp_write(sc, 80, 0x05); 5397 run_bbp_write(sc, 81, 0x33); 5398 run_bbp_write(sc, 86, 0x46); 5399 run_bbp_write(sc, 137, 0x0f); 5400 } 5401 5402 /* fix BBP84 for RT2860E */ 5403 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5404 run_bbp_write(sc, 84, 0x19); 5405 5406 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5407 sc->mac_ver != 0x5592)) { 5408 run_bbp_write(sc, 79, 0x13); 5409 run_bbp_write(sc, 80, 0x05); 5410 run_bbp_write(sc, 81, 0x33); 5411 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5412 run_bbp_write(sc, 69, 0x16); 5413 run_bbp_write(sc, 73, 0x12); 5414 } 5415 return (0); 5416 } 5417 5418 static int 5419 run_rt3070_rf_init(struct run_softc *sc) 5420 { 5421 uint32_t tmp; 5422 uint8_t bbp4, mingain, rf, target; 5423 u_int i; 5424 5425 run_rt3070_rf_read(sc, 30, &rf); 5426 /* toggle RF R30 bit 7 */ 5427 run_rt3070_rf_write(sc, 30, rf | 0x80); 5428 run_delay(sc, 10); 5429 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5430 5431 /* initialize RF registers to default value */ 5432 if (sc->mac_ver == 0x3572) { 5433 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5434 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5435 rt3572_def_rf[i].val); 5436 } 5437 } else { 5438 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5439 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5440 rt3070_def_rf[i].val); 5441 } 5442 } 5443 5444 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5445 /* 5446 * Change voltage from 1.2V to 1.35V for RT3070. 5447 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5448 * in RT3070(F). 5449 */ 5450 run_read(sc, RT3070_LDO_CFG0, &tmp); 5451 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5452 run_write(sc, RT3070_LDO_CFG0, tmp); 5453 5454 } else if (sc->mac_ver == 0x3071) { 5455 run_rt3070_rf_read(sc, 6, &rf); 5456 run_rt3070_rf_write(sc, 6, rf | 0x40); 5457 run_rt3070_rf_write(sc, 31, 0x14); 5458 5459 run_read(sc, RT3070_LDO_CFG0, &tmp); 5460 tmp &= ~0x1f000000; 5461 if (sc->mac_rev < 0x0211) 5462 tmp |= 0x0d000000; /* 1.3V */ 5463 else 5464 tmp |= 0x01000000; /* 1.2V */ 5465 run_write(sc, RT3070_LDO_CFG0, tmp); 5466 5467 /* patch LNA_PE_G1 */ 5468 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5469 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5470 5471 } else if (sc->mac_ver == 0x3572) { 5472 run_rt3070_rf_read(sc, 6, &rf); 5473 run_rt3070_rf_write(sc, 6, rf | 0x40); 5474 5475 /* increase voltage from 1.2V to 1.35V */ 5476 run_read(sc, RT3070_LDO_CFG0, &tmp); 5477 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5478 run_write(sc, RT3070_LDO_CFG0, tmp); 5479 5480 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5481 run_delay(sc, 1); /* wait for 1msec */ 5482 /* decrease voltage back to 1.2V */ 5483 tmp = (tmp & ~0x1f000000) | 0x01000000; 5484 run_write(sc, RT3070_LDO_CFG0, tmp); 5485 } 5486 } 5487 5488 /* select 20MHz bandwidth */ 5489 run_rt3070_rf_read(sc, 31, &rf); 5490 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5491 5492 /* calibrate filter for 20MHz bandwidth */ 5493 sc->rf24_20mhz = 0x1f; /* default value */ 5494 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5495 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5496 5497 /* select 40MHz bandwidth */ 5498 run_bbp_read(sc, 4, &bbp4); 5499 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5500 run_rt3070_rf_read(sc, 31, &rf); 5501 run_rt3070_rf_write(sc, 31, rf | 0x20); 5502 5503 /* calibrate filter for 40MHz bandwidth */ 5504 sc->rf24_40mhz = 0x2f; /* default value */ 5505 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5506 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5507 5508 /* go back to 20MHz bandwidth */ 5509 run_bbp_read(sc, 4, &bbp4); 5510 run_bbp_write(sc, 4, bbp4 & ~0x18); 5511 5512 if (sc->mac_ver == 0x3572) { 5513 /* save default BBP registers 25 and 26 values */ 5514 run_bbp_read(sc, 25, &sc->bbp25); 5515 run_bbp_read(sc, 26, &sc->bbp26); 5516 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5517 run_rt3070_rf_write(sc, 27, 0x03); 5518 5519 run_read(sc, RT3070_OPT_14, &tmp); 5520 run_write(sc, RT3070_OPT_14, tmp | 1); 5521 5522 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5523 run_rt3070_rf_read(sc, 17, &rf); 5524 rf &= ~RT3070_TX_LO1; 5525 if ((sc->mac_ver == 0x3070 || 5526 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5527 !sc->ext_2ghz_lna) 5528 rf |= 0x20; /* fix for long range Rx issue */ 5529 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5530 if (sc->txmixgain_2ghz >= mingain) 5531 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5532 run_rt3070_rf_write(sc, 17, rf); 5533 } 5534 5535 if (sc->mac_ver == 0x3071) { 5536 run_rt3070_rf_read(sc, 1, &rf); 5537 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5538 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5539 run_rt3070_rf_write(sc, 1, rf); 5540 5541 run_rt3070_rf_read(sc, 15, &rf); 5542 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5543 5544 run_rt3070_rf_read(sc, 20, &rf); 5545 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5546 5547 run_rt3070_rf_read(sc, 21, &rf); 5548 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5549 } 5550 5551 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5552 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5553 run_rt3070_rf_read(sc, 27, &rf); 5554 rf &= ~0x77; 5555 if (sc->mac_rev < 0x0211) 5556 rf |= 0x03; 5557 run_rt3070_rf_write(sc, 27, rf); 5558 } 5559 return (0); 5560 } 5561 5562 static void 5563 run_rt3593_rf_init(struct run_softc *sc) 5564 { 5565 uint32_t tmp; 5566 uint8_t rf; 5567 u_int i; 5568 5569 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5570 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5571 tmp &= ~(1 << 4 | 1 << 7); 5572 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5573 5574 /* Initialize RF registers to default value. */ 5575 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5576 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5577 rt3593_def_rf[i].val); 5578 } 5579 5580 /* Toggle RF R2 to initiate calibration. */ 5581 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5582 5583 /* Initialize RF frequency offset. */ 5584 run_adjust_freq_offset(sc); 5585 5586 run_rt3070_rf_read(sc, 18, &rf); 5587 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5588 5589 /* 5590 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5591 * decrease voltage back to 1.2V. 5592 */ 5593 run_read(sc, RT3070_LDO_CFG0, &tmp); 5594 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5595 run_write(sc, RT3070_LDO_CFG0, tmp); 5596 run_delay(sc, 1); 5597 tmp = (tmp & ~0x1f000000) | 0x01000000; 5598 run_write(sc, RT3070_LDO_CFG0, tmp); 5599 5600 sc->rf24_20mhz = 0x1f; 5601 sc->rf24_40mhz = 0x2f; 5602 5603 /* Save default BBP registers 25 and 26 values. */ 5604 run_bbp_read(sc, 25, &sc->bbp25); 5605 run_bbp_read(sc, 26, &sc->bbp26); 5606 5607 run_read(sc, RT3070_OPT_14, &tmp); 5608 run_write(sc, RT3070_OPT_14, tmp | 1); 5609 } 5610 5611 static void 5612 run_rt5390_rf_init(struct run_softc *sc) 5613 { 5614 uint32_t tmp; 5615 uint8_t rf; 5616 u_int i; 5617 5618 /* Toggle RF R2 to initiate calibration. */ 5619 if (sc->mac_ver == 0x5390) { 5620 run_rt3070_rf_read(sc, 2, &rf); 5621 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5622 run_delay(sc, 10); 5623 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5624 } else { 5625 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5626 run_delay(sc, 10); 5627 } 5628 5629 /* Initialize RF registers to default value. */ 5630 if (sc->mac_ver == 0x5592) { 5631 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5632 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5633 rt5592_def_rf[i].val); 5634 } 5635 /* Initialize RF frequency offset. */ 5636 run_adjust_freq_offset(sc); 5637 } else if (sc->mac_ver == 0x5392) { 5638 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5639 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5640 rt5392_def_rf[i].val); 5641 } 5642 if (sc->mac_rev >= 0x0223) { 5643 run_rt3070_rf_write(sc, 23, 0x0f); 5644 run_rt3070_rf_write(sc, 24, 0x3e); 5645 run_rt3070_rf_write(sc, 51, 0x32); 5646 run_rt3070_rf_write(sc, 53, 0x22); 5647 run_rt3070_rf_write(sc, 56, 0xc1); 5648 run_rt3070_rf_write(sc, 59, 0x0f); 5649 } 5650 } else { 5651 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5652 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5653 rt5390_def_rf[i].val); 5654 } 5655 if (sc->mac_rev >= 0x0502) { 5656 run_rt3070_rf_write(sc, 6, 0xe0); 5657 run_rt3070_rf_write(sc, 25, 0x80); 5658 run_rt3070_rf_write(sc, 46, 0x73); 5659 run_rt3070_rf_write(sc, 53, 0x00); 5660 run_rt3070_rf_write(sc, 56, 0x42); 5661 run_rt3070_rf_write(sc, 61, 0xd1); 5662 } 5663 } 5664 5665 sc->rf24_20mhz = 0x1f; /* default value */ 5666 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5667 5668 if (sc->mac_rev < 0x0211) 5669 run_rt3070_rf_write(sc, 27, 0x3); 5670 5671 run_read(sc, RT3070_OPT_14, &tmp); 5672 run_write(sc, RT3070_OPT_14, tmp | 1); 5673 } 5674 5675 static int 5676 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5677 uint8_t *val) 5678 { 5679 uint8_t rf22, rf24; 5680 uint8_t bbp55_pb, bbp55_sb, delta; 5681 int ntries; 5682 5683 /* program filter */ 5684 run_rt3070_rf_read(sc, 24, &rf24); 5685 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5686 run_rt3070_rf_write(sc, 24, rf24); 5687 5688 /* enable baseband loopback mode */ 5689 run_rt3070_rf_read(sc, 22, &rf22); 5690 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5691 5692 /* set power and frequency of passband test tone */ 5693 run_bbp_write(sc, 24, 0x00); 5694 for (ntries = 0; ntries < 100; ntries++) { 5695 /* transmit test tone */ 5696 run_bbp_write(sc, 25, 0x90); 5697 run_delay(sc, 10); 5698 /* read received power */ 5699 run_bbp_read(sc, 55, &bbp55_pb); 5700 if (bbp55_pb != 0) 5701 break; 5702 } 5703 if (ntries == 100) 5704 return (ETIMEDOUT); 5705 5706 /* set power and frequency of stopband test tone */ 5707 run_bbp_write(sc, 24, 0x06); 5708 for (ntries = 0; ntries < 100; ntries++) { 5709 /* transmit test tone */ 5710 run_bbp_write(sc, 25, 0x90); 5711 run_delay(sc, 10); 5712 /* read received power */ 5713 run_bbp_read(sc, 55, &bbp55_sb); 5714 5715 delta = bbp55_pb - bbp55_sb; 5716 if (delta > target) 5717 break; 5718 5719 /* reprogram filter */ 5720 rf24++; 5721 run_rt3070_rf_write(sc, 24, rf24); 5722 } 5723 if (ntries < 100) { 5724 if (rf24 != init) 5725 rf24--; /* backtrack */ 5726 *val = rf24; 5727 run_rt3070_rf_write(sc, 24, rf24); 5728 } 5729 5730 /* restore initial state */ 5731 run_bbp_write(sc, 24, 0x00); 5732 5733 /* disable baseband loopback mode */ 5734 run_rt3070_rf_read(sc, 22, &rf22); 5735 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5736 5737 return (0); 5738 } 5739 5740 static void 5741 run_rt3070_rf_setup(struct run_softc *sc) 5742 { 5743 uint8_t bbp, rf; 5744 int i; 5745 5746 if (sc->mac_ver == 0x3572) { 5747 /* enable DC filter */ 5748 if (sc->mac_rev >= 0x0201) 5749 run_bbp_write(sc, 103, 0xc0); 5750 5751 run_bbp_read(sc, 138, &bbp); 5752 if (sc->ntxchains == 1) 5753 bbp |= 0x20; /* turn off DAC1 */ 5754 if (sc->nrxchains == 1) 5755 bbp &= ~0x02; /* turn off ADC1 */ 5756 run_bbp_write(sc, 138, bbp); 5757 5758 if (sc->mac_rev >= 0x0211) { 5759 /* improve power consumption */ 5760 run_bbp_read(sc, 31, &bbp); 5761 run_bbp_write(sc, 31, bbp & ~0x03); 5762 } 5763 5764 run_rt3070_rf_read(sc, 16, &rf); 5765 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5766 run_rt3070_rf_write(sc, 16, rf); 5767 5768 } else if (sc->mac_ver == 0x3071) { 5769 if (sc->mac_rev >= 0x0211) { 5770 /* enable DC filter */ 5771 run_bbp_write(sc, 103, 0xc0); 5772 5773 /* improve power consumption */ 5774 run_bbp_read(sc, 31, &bbp); 5775 run_bbp_write(sc, 31, bbp & ~0x03); 5776 } 5777 5778 run_bbp_read(sc, 138, &bbp); 5779 if (sc->ntxchains == 1) 5780 bbp |= 0x20; /* turn off DAC1 */ 5781 if (sc->nrxchains == 1) 5782 bbp &= ~0x02; /* turn off ADC1 */ 5783 run_bbp_write(sc, 138, bbp); 5784 5785 run_write(sc, RT2860_TX_SW_CFG1, 0); 5786 if (sc->mac_rev < 0x0211) { 5787 run_write(sc, RT2860_TX_SW_CFG2, 5788 sc->patch_dac ? 0x2c : 0x0f); 5789 } else 5790 run_write(sc, RT2860_TX_SW_CFG2, 0); 5791 5792 } else if (sc->mac_ver == 0x3070) { 5793 if (sc->mac_rev >= 0x0201) { 5794 /* enable DC filter */ 5795 run_bbp_write(sc, 103, 0xc0); 5796 5797 /* improve power consumption */ 5798 run_bbp_read(sc, 31, &bbp); 5799 run_bbp_write(sc, 31, bbp & ~0x03); 5800 } 5801 5802 if (sc->mac_rev < 0x0201) { 5803 run_write(sc, RT2860_TX_SW_CFG1, 0); 5804 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5805 } else 5806 run_write(sc, RT2860_TX_SW_CFG2, 0); 5807 } 5808 5809 /* initialize RF registers from ROM for >=RT3071*/ 5810 if (sc->mac_ver >= 0x3071) { 5811 for (i = 0; i < 10; i++) { 5812 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5813 continue; 5814 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5815 } 5816 } 5817 } 5818 5819 static void 5820 run_rt3593_rf_setup(struct run_softc *sc) 5821 { 5822 uint8_t bbp, rf; 5823 5824 if (sc->mac_rev >= 0x0211) { 5825 /* Enable DC filter. */ 5826 run_bbp_write(sc, 103, 0xc0); 5827 } 5828 run_write(sc, RT2860_TX_SW_CFG1, 0); 5829 if (sc->mac_rev < 0x0211) { 5830 run_write(sc, RT2860_TX_SW_CFG2, 5831 sc->patch_dac ? 0x2c : 0x0f); 5832 } else 5833 run_write(sc, RT2860_TX_SW_CFG2, 0); 5834 5835 run_rt3070_rf_read(sc, 50, &rf); 5836 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5837 5838 run_rt3070_rf_read(sc, 51, &rf); 5839 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5840 ((sc->txmixgain_2ghz & 0x07) << 2); 5841 run_rt3070_rf_write(sc, 51, rf); 5842 5843 run_rt3070_rf_read(sc, 38, &rf); 5844 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5845 5846 run_rt3070_rf_read(sc, 39, &rf); 5847 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5848 5849 run_rt3070_rf_read(sc, 1, &rf); 5850 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5851 5852 run_rt3070_rf_read(sc, 30, &rf); 5853 rf = (rf & ~0x18) | 0x10; 5854 run_rt3070_rf_write(sc, 30, rf); 5855 5856 /* Apply maximum likelihood detection for 2 stream case. */ 5857 run_bbp_read(sc, 105, &bbp); 5858 if (sc->nrxchains > 1) 5859 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5860 5861 /* Avoid data lost and CRC error. */ 5862 run_bbp_read(sc, 4, &bbp); 5863 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5864 5865 run_bbp_write(sc, 92, 0x02); 5866 run_bbp_write(sc, 82, 0x82); 5867 run_bbp_write(sc, 106, 0x05); 5868 run_bbp_write(sc, 104, 0x92); 5869 run_bbp_write(sc, 88, 0x90); 5870 run_bbp_write(sc, 148, 0xc8); 5871 run_bbp_write(sc, 47, 0x48); 5872 run_bbp_write(sc, 120, 0x50); 5873 5874 run_bbp_write(sc, 163, 0x9d); 5875 5876 /* SNR mapping. */ 5877 run_bbp_write(sc, 142, 0x06); 5878 run_bbp_write(sc, 143, 0xa0); 5879 run_bbp_write(sc, 142, 0x07); 5880 run_bbp_write(sc, 143, 0xa1); 5881 run_bbp_write(sc, 142, 0x08); 5882 run_bbp_write(sc, 143, 0xa2); 5883 5884 run_bbp_write(sc, 31, 0x08); 5885 run_bbp_write(sc, 68, 0x0b); 5886 run_bbp_write(sc, 105, 0x04); 5887 } 5888 5889 static void 5890 run_rt5390_rf_setup(struct run_softc *sc) 5891 { 5892 uint8_t bbp, rf; 5893 5894 if (sc->mac_rev >= 0x0211) { 5895 /* Enable DC filter. */ 5896 run_bbp_write(sc, 103, 0xc0); 5897 5898 if (sc->mac_ver != 0x5592) { 5899 /* Improve power consumption. */ 5900 run_bbp_read(sc, 31, &bbp); 5901 run_bbp_write(sc, 31, bbp & ~0x03); 5902 } 5903 } 5904 5905 run_bbp_read(sc, 138, &bbp); 5906 if (sc->ntxchains == 1) 5907 bbp |= 0x20; /* turn off DAC1 */ 5908 if (sc->nrxchains == 1) 5909 bbp &= ~0x02; /* turn off ADC1 */ 5910 run_bbp_write(sc, 138, bbp); 5911 5912 run_rt3070_rf_read(sc, 38, &rf); 5913 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5914 5915 run_rt3070_rf_read(sc, 39, &rf); 5916 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5917 5918 /* Avoid data lost and CRC error. */ 5919 run_bbp_read(sc, 4, &bbp); 5920 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5921 5922 run_rt3070_rf_read(sc, 30, &rf); 5923 rf = (rf & ~0x18) | 0x10; 5924 run_rt3070_rf_write(sc, 30, rf); 5925 5926 if (sc->mac_ver != 0x5592) { 5927 run_write(sc, RT2860_TX_SW_CFG1, 0); 5928 if (sc->mac_rev < 0x0211) { 5929 run_write(sc, RT2860_TX_SW_CFG2, 5930 sc->patch_dac ? 0x2c : 0x0f); 5931 } else 5932 run_write(sc, RT2860_TX_SW_CFG2, 0); 5933 } 5934 } 5935 5936 static int 5937 run_txrx_enable(struct run_softc *sc) 5938 { 5939 struct ieee80211com *ic = &sc->sc_ic; 5940 uint32_t tmp; 5941 int error, ntries; 5942 5943 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5944 for (ntries = 0; ntries < 200; ntries++) { 5945 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5946 return (error); 5947 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5948 break; 5949 run_delay(sc, 50); 5950 } 5951 if (ntries == 200) 5952 return (ETIMEDOUT); 5953 5954 run_delay(sc, 50); 5955 5956 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5957 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5958 5959 /* enable Rx bulk aggregation (set timeout and limit) */ 5960 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5961 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5962 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5963 5964 /* set Rx filter */ 5965 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5966 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5967 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5968 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5969 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5970 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5971 if (ic->ic_opmode == IEEE80211_M_STA) 5972 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5973 } 5974 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5975 5976 run_write(sc, RT2860_MAC_SYS_CTRL, 5977 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5978 5979 return (0); 5980 } 5981 5982 static void 5983 run_adjust_freq_offset(struct run_softc *sc) 5984 { 5985 uint8_t rf, tmp; 5986 5987 run_rt3070_rf_read(sc, 17, &rf); 5988 tmp = rf; 5989 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5990 rf = MIN(rf, 0x5f); 5991 5992 if (tmp != rf) 5993 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5994 } 5995 5996 static void 5997 run_init_locked(struct run_softc *sc) 5998 { 5999 struct ieee80211com *ic = &sc->sc_ic; 6000 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6001 uint32_t tmp; 6002 uint8_t bbp1, bbp3; 6003 int i; 6004 int ridx; 6005 int ntries; 6006 6007 if (ic->ic_nrunning > 1) 6008 return; 6009 6010 run_stop(sc); 6011 6012 if (run_load_microcode(sc) != 0) { 6013 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6014 goto fail; 6015 } 6016 6017 for (ntries = 0; ntries < 100; ntries++) { 6018 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6019 goto fail; 6020 if (tmp != 0 && tmp != 0xffffffff) 6021 break; 6022 run_delay(sc, 10); 6023 } 6024 if (ntries == 100) 6025 goto fail; 6026 6027 for (i = 0; i != RUN_EP_QUEUES; i++) 6028 run_setup_tx_list(sc, &sc->sc_epq[i]); 6029 6030 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6031 6032 for (ntries = 0; ntries < 100; ntries++) { 6033 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6034 goto fail; 6035 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6036 break; 6037 run_delay(sc, 10); 6038 } 6039 if (ntries == 100) { 6040 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6041 goto fail; 6042 } 6043 tmp &= 0xff0; 6044 tmp |= RT2860_TX_WB_DDONE; 6045 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6046 6047 /* turn off PME_OEN to solve high-current issue */ 6048 run_read(sc, RT2860_SYS_CTRL, &tmp); 6049 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6050 6051 run_write(sc, RT2860_MAC_SYS_CTRL, 6052 RT2860_BBP_HRST | RT2860_MAC_SRST); 6053 run_write(sc, RT2860_USB_DMA_CFG, 0); 6054 6055 if (run_reset(sc) != 0) { 6056 device_printf(sc->sc_dev, "could not reset chipset\n"); 6057 goto fail; 6058 } 6059 6060 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6061 6062 /* init Tx power for all Tx rates (from EEPROM) */ 6063 for (ridx = 0; ridx < 5; ridx++) { 6064 if (sc->txpow20mhz[ridx] == 0xffffffff) 6065 continue; 6066 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6067 } 6068 6069 for (i = 0; i < nitems(rt2870_def_mac); i++) 6070 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6071 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6072 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6073 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6074 6075 if (sc->mac_ver >= 0x5390) { 6076 run_write(sc, RT2860_TX_SW_CFG0, 6077 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6078 if (sc->mac_ver >= 0x5392) { 6079 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6080 if (sc->mac_ver == 0x5592) { 6081 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6082 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6083 } else { 6084 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6085 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6086 } 6087 } 6088 } else if (sc->mac_ver == 0x3593) { 6089 run_write(sc, RT2860_TX_SW_CFG0, 6090 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6091 } else if (sc->mac_ver >= 0x3070) { 6092 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6093 run_write(sc, RT2860_TX_SW_CFG0, 6094 4 << RT2860_DLY_PAPE_EN_SHIFT); 6095 } 6096 6097 /* wait while MAC is busy */ 6098 for (ntries = 0; ntries < 100; ntries++) { 6099 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6100 goto fail; 6101 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6102 break; 6103 run_delay(sc, 10); 6104 } 6105 if (ntries == 100) 6106 goto fail; 6107 6108 /* clear Host to MCU mailbox */ 6109 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6110 run_write(sc, RT2860_H2M_MAILBOX, 0); 6111 run_delay(sc, 10); 6112 6113 if (run_bbp_init(sc) != 0) { 6114 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6115 goto fail; 6116 } 6117 6118 /* abort TSF synchronization */ 6119 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6120 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6121 RT2860_TBTT_TIMER_EN); 6122 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6123 6124 /* clear RX WCID search table */ 6125 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6126 /* clear WCID attribute table */ 6127 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6128 6129 /* hostapd sets a key before init. So, don't clear it. */ 6130 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6131 /* clear shared key table */ 6132 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6133 /* clear shared key mode */ 6134 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6135 } 6136 6137 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6138 tmp = (tmp & ~0xff) | 0x1e; 6139 run_write(sc, RT2860_US_CYC_CNT, tmp); 6140 6141 if (sc->mac_rev != 0x0101) 6142 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6143 6144 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6145 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6146 6147 /* write vendor-specific BBP values (from EEPROM) */ 6148 if (sc->mac_ver < 0x3593) { 6149 for (i = 0; i < 10; i++) { 6150 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6151 continue; 6152 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6153 } 6154 } 6155 6156 /* select Main antenna for 1T1R devices */ 6157 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6158 run_set_rx_antenna(sc, 0); 6159 6160 /* send LEDs operating mode to microcontroller */ 6161 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6162 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6163 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6164 6165 if (sc->mac_ver >= 0x5390) 6166 run_rt5390_rf_init(sc); 6167 else if (sc->mac_ver == 0x3593) 6168 run_rt3593_rf_init(sc); 6169 else if (sc->mac_ver >= 0x3070) 6170 run_rt3070_rf_init(sc); 6171 6172 /* disable non-existing Rx chains */ 6173 run_bbp_read(sc, 3, &bbp3); 6174 bbp3 &= ~(1 << 3 | 1 << 4); 6175 if (sc->nrxchains == 2) 6176 bbp3 |= 1 << 3; 6177 else if (sc->nrxchains == 3) 6178 bbp3 |= 1 << 4; 6179 run_bbp_write(sc, 3, bbp3); 6180 6181 /* disable non-existing Tx chains */ 6182 run_bbp_read(sc, 1, &bbp1); 6183 if (sc->ntxchains == 1) 6184 bbp1 &= ~(1 << 3 | 1 << 4); 6185 run_bbp_write(sc, 1, bbp1); 6186 6187 if (sc->mac_ver >= 0x5390) 6188 run_rt5390_rf_setup(sc); 6189 else if (sc->mac_ver == 0x3593) 6190 run_rt3593_rf_setup(sc); 6191 else if (sc->mac_ver >= 0x3070) 6192 run_rt3070_rf_setup(sc); 6193 6194 /* select default channel */ 6195 run_set_chan(sc, ic->ic_curchan); 6196 6197 /* setup initial protection mode */ 6198 run_updateprot_cb(ic); 6199 6200 /* turn radio LED on */ 6201 run_set_leds(sc, RT2860_LED_RADIO); 6202 6203 sc->sc_flags |= RUN_RUNNING; 6204 sc->cmdq_run = RUN_CMDQ_GO; 6205 6206 for (i = 0; i != RUN_N_XFER; i++) 6207 usbd_xfer_set_stall(sc->sc_xfer[i]); 6208 6209 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6210 6211 if (run_txrx_enable(sc) != 0) 6212 goto fail; 6213 6214 return; 6215 6216 fail: 6217 run_stop(sc); 6218 } 6219 6220 static void 6221 run_stop(void *arg) 6222 { 6223 struct run_softc *sc = (struct run_softc *)arg; 6224 uint32_t tmp; 6225 int i; 6226 int ntries; 6227 6228 RUN_LOCK_ASSERT(sc, MA_OWNED); 6229 6230 if (sc->sc_flags & RUN_RUNNING) 6231 run_set_leds(sc, 0); /* turn all LEDs off */ 6232 6233 sc->sc_flags &= ~RUN_RUNNING; 6234 6235 sc->ratectl_run = RUN_RATECTL_OFF; 6236 sc->cmdq_run = sc->cmdq_key_set; 6237 6238 RUN_UNLOCK(sc); 6239 6240 for(i = 0; i < RUN_N_XFER; i++) 6241 usbd_transfer_drain(sc->sc_xfer[i]); 6242 6243 RUN_LOCK(sc); 6244 6245 run_drain_mbufq(sc); 6246 6247 if (sc->rx_m != NULL) { 6248 m_free(sc->rx_m); 6249 sc->rx_m = NULL; 6250 } 6251 6252 /* Disable Tx/Rx DMA. */ 6253 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6254 return; 6255 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6256 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6257 6258 for (ntries = 0; ntries < 100; ntries++) { 6259 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6260 return; 6261 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6262 break; 6263 run_delay(sc, 10); 6264 } 6265 if (ntries == 100) { 6266 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6267 return; 6268 } 6269 6270 /* disable Tx/Rx */ 6271 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6272 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6273 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6274 6275 /* wait for pending Tx to complete */ 6276 for (ntries = 0; ntries < 100; ntries++) { 6277 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6278 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6279 "Cannot read Tx queue count\n"); 6280 break; 6281 } 6282 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6283 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6284 "All Tx cleared\n"); 6285 break; 6286 } 6287 run_delay(sc, 10); 6288 } 6289 if (ntries >= 100) 6290 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6291 "There are still pending Tx\n"); 6292 run_delay(sc, 10); 6293 run_write(sc, RT2860_USB_DMA_CFG, 0); 6294 6295 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6296 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6297 6298 for (i = 0; i != RUN_EP_QUEUES; i++) 6299 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6300 } 6301 6302 static void 6303 run_delay(struct run_softc *sc, u_int ms) 6304 { 6305 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6306 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6307 } 6308 6309 static device_method_t run_methods[] = { 6310 /* Device interface */ 6311 DEVMETHOD(device_probe, run_match), 6312 DEVMETHOD(device_attach, run_attach), 6313 DEVMETHOD(device_detach, run_detach), 6314 DEVMETHOD_END 6315 }; 6316 6317 static driver_t run_driver = { 6318 .name = "run", 6319 .methods = run_methods, 6320 .size = sizeof(struct run_softc) 6321 }; 6322 6323 static devclass_t run_devclass; 6324 6325 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6326 MODULE_DEPEND(run, wlan, 1, 1, 1); 6327 MODULE_DEPEND(run, usb, 1, 1, 1); 6328 MODULE_DEPEND(run, firmware, 1, 1, 1); 6329 MODULE_VERSION(run, 1); 6330 USB_PNP_HOST_INFO(run_devs); 6331