1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/eventhandler.h> 32 #include <sys/sockio.h> 33 #include <sys/sysctl.h> 34 #include <sys/lock.h> 35 #include <sys/mutex.h> 36 #include <sys/mbuf.h> 37 #include <sys/kernel.h> 38 #include <sys/socket.h> 39 #include <sys/systm.h> 40 #include <sys/malloc.h> 41 #include <sys/module.h> 42 #include <sys/bus.h> 43 #include <sys/endian.h> 44 #include <sys/linker.h> 45 #include <sys/firmware.h> 46 #include <sys/kdb.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_var.h> 51 #include <net/if_arp.h> 52 #include <net/ethernet.h> 53 #include <net/if_dl.h> 54 #include <net/if_media.h> 55 #include <net/if_types.h> 56 57 #include <netinet/in.h> 58 #include <netinet/in_systm.h> 59 #include <netinet/in_var.h> 60 #include <netinet/if_ether.h> 61 #include <netinet/ip.h> 62 63 #include <net80211/ieee80211_var.h> 64 #include <net80211/ieee80211_regdomain.h> 65 #include <net80211/ieee80211_radiotap.h> 66 #include <net80211/ieee80211_ratectl.h> 67 #ifdef IEEE80211_SUPPORT_SUPERG 68 #include <net80211/ieee80211_superg.h> 69 #endif 70 71 #include <dev/usb/usb.h> 72 #include <dev/usb/usbdi.h> 73 #include "usbdevs.h" 74 75 #define USB_DEBUG_VAR run_debug 76 #include <dev/usb/usb_debug.h> 77 #include <dev/usb/usb_msctest.h> 78 79 #include <dev/usb/wlan/if_runreg.h> 80 #include <dev/usb/wlan/if_runvar.h> 81 82 #ifdef USB_DEBUG 83 #define RUN_DEBUG 84 #endif 85 86 #ifdef RUN_DEBUG 87 int run_debug = 0; 88 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 89 "USB run"); 90 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 91 "run debug level"); 92 93 enum { 94 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 95 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 96 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 97 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 98 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 99 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 100 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 101 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 102 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 103 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 104 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 105 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 106 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 107 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 108 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 109 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 110 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 111 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 112 RUN_DEBUG_ANY = 0xffffffff 113 }; 114 115 #define RUN_DPRINTF(_sc, _m, ...) do { \ 116 if (run_debug & (_m)) \ 117 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 118 } while(0) 119 #else 120 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 121 #endif 122 123 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 124 125 /* 126 * Because of LOR in run_key_delete(), use atomic instead. 127 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 128 */ 129 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 130 131 static const STRUCT_USB_HOST_ID run_devs[] = { 132 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 133 #define RUN_DEV_EJECT(v,p) \ 134 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 135 #define RUN_EJECT 1 136 RUN_DEV(ABOCOM, RT2770), 137 RUN_DEV(ABOCOM, RT2870), 138 RUN_DEV(ABOCOM, RT3070), 139 RUN_DEV(ABOCOM, RT3071), 140 RUN_DEV(ABOCOM, RT3072), 141 RUN_DEV(ABOCOM2, RT2870_1), 142 RUN_DEV(ACCTON, RT2770), 143 RUN_DEV(ACCTON, RT2870_1), 144 RUN_DEV(ACCTON, RT2870_2), 145 RUN_DEV(ACCTON, RT2870_3), 146 RUN_DEV(ACCTON, RT2870_4), 147 RUN_DEV(ACCTON, RT2870_5), 148 RUN_DEV(ACCTON, RT3070), 149 RUN_DEV(ACCTON, RT3070_1), 150 RUN_DEV(ACCTON, RT3070_2), 151 RUN_DEV(ACCTON, RT3070_3), 152 RUN_DEV(ACCTON, RT3070_4), 153 RUN_DEV(ACCTON, RT3070_5), 154 RUN_DEV(AIRTIES, RT3070), 155 RUN_DEV(ALLWIN, RT2070), 156 RUN_DEV(ALLWIN, RT2770), 157 RUN_DEV(ALLWIN, RT2870), 158 RUN_DEV(ALLWIN, RT3070), 159 RUN_DEV(ALLWIN, RT3071), 160 RUN_DEV(ALLWIN, RT3072), 161 RUN_DEV(ALLWIN, RT3572), 162 RUN_DEV(AMIGO, RT2870_1), 163 RUN_DEV(AMIGO, RT2870_2), 164 RUN_DEV(AMIT, CGWLUSB2GNR), 165 RUN_DEV(AMIT, RT2870_1), 166 RUN_DEV(AMIT2, RT2870), 167 RUN_DEV(ASUS, RT2870_1), 168 RUN_DEV(ASUS, RT2870_2), 169 RUN_DEV(ASUS, RT2870_3), 170 RUN_DEV(ASUS, RT2870_4), 171 RUN_DEV(ASUS, RT2870_5), 172 RUN_DEV(ASUS, USBN13), 173 RUN_DEV(ASUS, RT3070_1), 174 RUN_DEV(ASUS, USBN66), 175 RUN_DEV(ASUS, USB_N53), 176 RUN_DEV(ASUS2, USBN11), 177 RUN_DEV(AZUREWAVE, RT2870_1), 178 RUN_DEV(AZUREWAVE, RT2870_2), 179 RUN_DEV(AZUREWAVE, RT3070_1), 180 RUN_DEV(AZUREWAVE, RT3070_2), 181 RUN_DEV(AZUREWAVE, RT3070_3), 182 RUN_DEV(BELKIN, F9L1103), 183 RUN_DEV(BELKIN, F5D8053V3), 184 RUN_DEV(BELKIN, F5D8055), 185 RUN_DEV(BELKIN, F5D8055V2), 186 RUN_DEV(BELKIN, F6D4050V1), 187 RUN_DEV(BELKIN, F6D4050V2), 188 RUN_DEV(BELKIN, RT2870_1), 189 RUN_DEV(BELKIN, RT2870_2), 190 RUN_DEV(CISCOLINKSYS, AE1000), 191 RUN_DEV(CISCOLINKSYS2, RT3070), 192 RUN_DEV(CISCOLINKSYS3, RT3070), 193 RUN_DEV(CONCEPTRONIC2, RT2870_1), 194 RUN_DEV(CONCEPTRONIC2, RT2870_2), 195 RUN_DEV(CONCEPTRONIC2, RT2870_3), 196 RUN_DEV(CONCEPTRONIC2, RT2870_4), 197 RUN_DEV(CONCEPTRONIC2, RT2870_5), 198 RUN_DEV(CONCEPTRONIC2, RT2870_6), 199 RUN_DEV(CONCEPTRONIC2, RT2870_7), 200 RUN_DEV(CONCEPTRONIC2, RT2870_8), 201 RUN_DEV(CONCEPTRONIC2, RT3070_1), 202 RUN_DEV(CONCEPTRONIC2, RT3070_2), 203 RUN_DEV(CONCEPTRONIC2, VIGORN61), 204 RUN_DEV(COREGA, CGWLUSB300GNM), 205 RUN_DEV(COREGA, RT2870_1), 206 RUN_DEV(COREGA, RT2870_2), 207 RUN_DEV(COREGA, RT2870_3), 208 RUN_DEV(COREGA, RT3070), 209 RUN_DEV(CYBERTAN, RT2870), 210 RUN_DEV(DLINK, RT2870), 211 RUN_DEV(DLINK, RT3072), 212 RUN_DEV(DLINK, DWA125A3), 213 RUN_DEV(DLINK, DWA127), 214 RUN_DEV(DLINK, DWA140B3), 215 RUN_DEV(DLINK, DWA160B2), 216 RUN_DEV(DLINK, DWA140D1), 217 RUN_DEV(DLINK, DWA162), 218 RUN_DEV(DLINK2, DWA130), 219 RUN_DEV(DLINK2, RT2870_1), 220 RUN_DEV(DLINK2, RT2870_2), 221 RUN_DEV(DLINK2, RT3070_1), 222 RUN_DEV(DLINK2, RT3070_2), 223 RUN_DEV(DLINK2, RT3070_3), 224 RUN_DEV(DLINK2, RT3070_4), 225 RUN_DEV(DLINK2, RT3070_5), 226 RUN_DEV(DLINK2, RT3072), 227 RUN_DEV(DLINK2, RT3072_1), 228 RUN_DEV(EDIMAX, EW7717), 229 RUN_DEV(EDIMAX, EW7718), 230 RUN_DEV(EDIMAX, EW7733UND), 231 RUN_DEV(EDIMAX, RT2870_1), 232 RUN_DEV(ENCORE, RT3070_1), 233 RUN_DEV(ENCORE, RT3070_2), 234 RUN_DEV(ENCORE, RT3070_3), 235 RUN_DEV(GIGABYTE, GNWB31N), 236 RUN_DEV(GIGABYTE, GNWB32L), 237 RUN_DEV(GIGABYTE, RT2870_1), 238 RUN_DEV(GIGASET, RT3070_1), 239 RUN_DEV(GIGASET, RT3070_2), 240 RUN_DEV(GUILLEMOT, HWNU300), 241 RUN_DEV(HAWKING, HWUN2), 242 RUN_DEV(HAWKING, RT2870_1), 243 RUN_DEV(HAWKING, RT2870_2), 244 RUN_DEV(HAWKING, RT3070), 245 RUN_DEV(IODATA, RT3072_1), 246 RUN_DEV(IODATA, RT3072_2), 247 RUN_DEV(IODATA, RT3072_3), 248 RUN_DEV(IODATA, RT3072_4), 249 RUN_DEV(LINKSYS4, RT3070), 250 RUN_DEV(LINKSYS4, WUSB100), 251 RUN_DEV(LINKSYS4, WUSB54GCV3), 252 RUN_DEV(LINKSYS4, WUSB600N), 253 RUN_DEV(LINKSYS4, WUSB600NV2), 254 RUN_DEV(LOGITEC, RT2870_1), 255 RUN_DEV(LOGITEC, RT2870_2), 256 RUN_DEV(LOGITEC, RT2870_3), 257 RUN_DEV(LOGITEC, LANW300NU2), 258 RUN_DEV(LOGITEC, LANW150NU2), 259 RUN_DEV(LOGITEC, LANW300NU2S), 260 RUN_DEV(MELCO, WLIUCG300HP), 261 RUN_DEV(MELCO, RT2870_2), 262 RUN_DEV(MELCO, WLIUCAG300N), 263 RUN_DEV(MELCO, WLIUCG300N), 264 RUN_DEV(MELCO, WLIUCG301N), 265 RUN_DEV(MELCO, WLIUCGN), 266 RUN_DEV(MELCO, WLIUCGNM), 267 RUN_DEV(MELCO, WLIUCG300HPV1), 268 RUN_DEV(MELCO, WLIUCGNM2), 269 RUN_DEV(MOTOROLA4, RT2770), 270 RUN_DEV(MOTOROLA4, RT3070), 271 RUN_DEV(MSI, RT3070_1), 272 RUN_DEV(MSI, RT3070_2), 273 RUN_DEV(MSI, RT3070_3), 274 RUN_DEV(MSI, RT3070_4), 275 RUN_DEV(MSI, RT3070_5), 276 RUN_DEV(MSI, RT3070_6), 277 RUN_DEV(MSI, RT3070_7), 278 RUN_DEV(MSI, RT3070_8), 279 RUN_DEV(MSI, RT3070_9), 280 RUN_DEV(MSI, RT3070_10), 281 RUN_DEV(MSI, RT3070_11), 282 RUN_DEV(NETGEAR, WNDA4100), 283 RUN_DEV(OVISLINK, RT3072), 284 RUN_DEV(PARA, RT3070), 285 RUN_DEV(PEGATRON, RT2870), 286 RUN_DEV(PEGATRON, RT3070), 287 RUN_DEV(PEGATRON, RT3070_2), 288 RUN_DEV(PEGATRON, RT3070_3), 289 RUN_DEV(PHILIPS, RT2870), 290 RUN_DEV(PLANEX2, GWUS300MINIS), 291 RUN_DEV(PLANEX2, GWUSMICRON), 292 RUN_DEV(PLANEX2, RT2870), 293 RUN_DEV(PLANEX2, RT3070), 294 RUN_DEV(QCOM, RT2870), 295 RUN_DEV(QUANTA, RT3070), 296 RUN_DEV(RALINK, RT2070), 297 RUN_DEV(RALINK, RT2770), 298 RUN_DEV(RALINK, RT2870), 299 RUN_DEV(RALINK, RT3070), 300 RUN_DEV(RALINK, RT3071), 301 RUN_DEV(RALINK, RT3072), 302 RUN_DEV(RALINK, RT3370), 303 RUN_DEV(RALINK, RT3572), 304 RUN_DEV(RALINK, RT3573), 305 RUN_DEV(RALINK, RT5370), 306 RUN_DEV(RALINK, RT5372), 307 RUN_DEV(RALINK, RT5572), 308 RUN_DEV(RALINK, RT8070), 309 RUN_DEV(SAMSUNG, WIS09ABGN), 310 RUN_DEV(SAMSUNG2, RT2870_1), 311 RUN_DEV(SENAO, RT2870_1), 312 RUN_DEV(SENAO, RT2870_2), 313 RUN_DEV(SENAO, RT2870_3), 314 RUN_DEV(SENAO, RT2870_4), 315 RUN_DEV(SENAO, RT3070), 316 RUN_DEV(SENAO, RT3071), 317 RUN_DEV(SENAO, RT3072_1), 318 RUN_DEV(SENAO, RT3072_2), 319 RUN_DEV(SENAO, RT3072_3), 320 RUN_DEV(SENAO, RT3072_4), 321 RUN_DEV(SENAO, RT3072_5), 322 RUN_DEV(SITECOMEU, RT2770), 323 RUN_DEV(SITECOMEU, RT2870_1), 324 RUN_DEV(SITECOMEU, RT2870_2), 325 RUN_DEV(SITECOMEU, RT2870_3), 326 RUN_DEV(SITECOMEU, RT2870_4), 327 RUN_DEV(SITECOMEU, RT3070), 328 RUN_DEV(SITECOMEU, RT3070_2), 329 RUN_DEV(SITECOMEU, RT3070_3), 330 RUN_DEV(SITECOMEU, RT3070_4), 331 RUN_DEV(SITECOMEU, RT3071), 332 RUN_DEV(SITECOMEU, RT3072_1), 333 RUN_DEV(SITECOMEU, RT3072_2), 334 RUN_DEV(SITECOMEU, RT3072_3), 335 RUN_DEV(SITECOMEU, RT3072_4), 336 RUN_DEV(SITECOMEU, RT3072_5), 337 RUN_DEV(SITECOMEU, RT3072_6), 338 RUN_DEV(SITECOMEU, WL608), 339 RUN_DEV(SPARKLAN, RT2870_1), 340 RUN_DEV(SPARKLAN, RT3070), 341 RUN_DEV(SWEEX2, LW153), 342 RUN_DEV(SWEEX2, LW303), 343 RUN_DEV(SWEEX2, LW313), 344 RUN_DEV(TOSHIBA, RT3070), 345 RUN_DEV(UMEDIA, RT2870_1), 346 RUN_DEV(ZCOM, RT2870_1), 347 RUN_DEV(ZCOM, RT2870_2), 348 RUN_DEV(ZINWELL, RT2870_1), 349 RUN_DEV(ZINWELL, RT2870_2), 350 RUN_DEV(ZINWELL, RT3070), 351 RUN_DEV(ZINWELL, RT3072_1), 352 RUN_DEV(ZINWELL, RT3072_2), 353 RUN_DEV(ZYXEL, RT2870_1), 354 RUN_DEV(ZYXEL, RT2870_2), 355 RUN_DEV(ZYXEL, RT3070), 356 RUN_DEV_EJECT(ZYXEL, NWD2705), 357 RUN_DEV_EJECT(RALINK, RT_STOR), 358 #undef RUN_DEV_EJECT 359 #undef RUN_DEV 360 }; 361 362 static device_probe_t run_match; 363 static device_attach_t run_attach; 364 static device_detach_t run_detach; 365 366 static usb_callback_t run_bulk_rx_callback; 367 static usb_callback_t run_bulk_tx_callback0; 368 static usb_callback_t run_bulk_tx_callback1; 369 static usb_callback_t run_bulk_tx_callback2; 370 static usb_callback_t run_bulk_tx_callback3; 371 static usb_callback_t run_bulk_tx_callback4; 372 static usb_callback_t run_bulk_tx_callback5; 373 374 static void run_autoinst(void *, struct usb_device *, 375 struct usb_attach_arg *); 376 static int run_driver_loaded(struct module *, int, void *); 377 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 378 usb_error_t error, u_int index); 379 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 380 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 381 const uint8_t [IEEE80211_ADDR_LEN], 382 const uint8_t [IEEE80211_ADDR_LEN]); 383 static void run_vap_delete(struct ieee80211vap *); 384 static void run_cmdq_cb(void *, int); 385 static void run_setup_tx_list(struct run_softc *, 386 struct run_endpoint_queue *); 387 static void run_unsetup_tx_list(struct run_softc *, 388 struct run_endpoint_queue *); 389 static int run_load_microcode(struct run_softc *); 390 static int run_reset(struct run_softc *); 391 static usb_error_t run_do_request(struct run_softc *, 392 struct usb_device_request *, void *); 393 static int run_read(struct run_softc *, uint16_t, uint32_t *); 394 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 395 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 396 static int run_write(struct run_softc *, uint16_t, uint32_t); 397 static int run_write_region_1(struct run_softc *, uint16_t, 398 const uint8_t *, int); 399 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 400 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 401 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 402 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 403 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 404 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 405 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 406 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 407 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 408 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 409 static const char *run_get_rf(uint16_t); 410 static void run_rt3593_get_txpower(struct run_softc *); 411 static void run_get_txpower(struct run_softc *); 412 static int run_read_eeprom(struct run_softc *); 413 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 414 const uint8_t mac[IEEE80211_ADDR_LEN]); 415 static int run_media_change(struct ifnet *); 416 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 417 static int run_wme_update(struct ieee80211com *); 418 static void run_key_set_cb(void *); 419 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 420 static void run_key_delete_cb(void *); 421 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 422 static void run_ratectl_to(void *); 423 static void run_ratectl_cb(void *, int); 424 static void run_drain_fifo(void *); 425 static void run_iter_func(void *, struct ieee80211_node *); 426 static void run_newassoc_cb(void *); 427 static void run_newassoc(struct ieee80211_node *, int); 428 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 429 const struct ieee80211_rx_stats *, int, int); 430 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 431 static void run_tx_free(struct run_endpoint_queue *pq, 432 struct run_tx_data *, int); 433 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 434 static int run_tx(struct run_softc *, struct mbuf *, 435 struct ieee80211_node *); 436 static int run_tx_mgt(struct run_softc *, struct mbuf *, 437 struct ieee80211_node *); 438 static int run_sendprot(struct run_softc *, const struct mbuf *, 439 struct ieee80211_node *, int, int); 440 static int run_tx_param(struct run_softc *, struct mbuf *, 441 struct ieee80211_node *, 442 const struct ieee80211_bpf_params *); 443 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 444 const struct ieee80211_bpf_params *); 445 static int run_transmit(struct ieee80211com *, struct mbuf *); 446 static void run_start(struct run_softc *); 447 static void run_parent(struct ieee80211com *); 448 static void run_iq_calib(struct run_softc *, u_int); 449 static void run_set_agc(struct run_softc *, uint8_t); 450 static void run_select_chan_group(struct run_softc *, int); 451 static void run_set_rx_antenna(struct run_softc *, int); 452 static void run_rt2870_set_chan(struct run_softc *, u_int); 453 static void run_rt3070_set_chan(struct run_softc *, u_int); 454 static void run_rt3572_set_chan(struct run_softc *, u_int); 455 static void run_rt3593_set_chan(struct run_softc *, u_int); 456 static void run_rt5390_set_chan(struct run_softc *, u_int); 457 static void run_rt5592_set_chan(struct run_softc *, u_int); 458 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 459 static void run_set_channel(struct ieee80211com *); 460 static void run_getradiocaps(struct ieee80211com *, int, int *, 461 struct ieee80211_channel[]); 462 static void run_scan_start(struct ieee80211com *); 463 static void run_scan_end(struct ieee80211com *); 464 static void run_update_beacon(struct ieee80211vap *, int); 465 static void run_update_beacon_cb(void *); 466 static void run_updateprot(struct ieee80211com *); 467 static void run_updateprot_cb(void *); 468 static void run_usb_timeout_cb(void *); 469 static void run_reset_livelock(struct run_softc *); 470 static void run_enable_tsf_sync(struct run_softc *); 471 static void run_enable_tsf(struct run_softc *); 472 static void run_disable_tsf(struct run_softc *); 473 static void run_get_tsf(struct run_softc *, uint64_t *); 474 static void run_enable_mrr(struct run_softc *); 475 static void run_set_txpreamble(struct run_softc *); 476 static void run_set_basicrates(struct run_softc *); 477 static void run_set_leds(struct run_softc *, uint16_t); 478 static void run_set_bssid(struct run_softc *, const uint8_t *); 479 static void run_set_macaddr(struct run_softc *, const uint8_t *); 480 static void run_updateslot(struct ieee80211com *); 481 static void run_updateslot_cb(void *); 482 static void run_update_mcast(struct ieee80211com *); 483 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 484 static void run_update_promisc_locked(struct run_softc *); 485 static void run_update_promisc(struct ieee80211com *); 486 static void run_rt5390_bbp_init(struct run_softc *); 487 static int run_bbp_init(struct run_softc *); 488 static int run_rt3070_rf_init(struct run_softc *); 489 static void run_rt3593_rf_init(struct run_softc *); 490 static void run_rt5390_rf_init(struct run_softc *); 491 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 492 uint8_t *); 493 static void run_rt3070_rf_setup(struct run_softc *); 494 static void run_rt3593_rf_setup(struct run_softc *); 495 static void run_rt5390_rf_setup(struct run_softc *); 496 static int run_txrx_enable(struct run_softc *); 497 static void run_adjust_freq_offset(struct run_softc *); 498 static void run_init_locked(struct run_softc *); 499 static void run_stop(void *); 500 static void run_delay(struct run_softc *, u_int); 501 static void run_update_chw(struct ieee80211com *ic); 502 static int run_ampdu_enable(struct ieee80211_node *ni, 503 struct ieee80211_tx_ampdu *tap); 504 505 static eventhandler_tag run_etag; 506 507 static const struct rt2860_rate { 508 uint8_t rate; 509 uint8_t mcs; 510 enum ieee80211_phytype phy; 511 uint8_t ctl_ridx; 512 uint16_t sp_ack_dur; 513 uint16_t lp_ack_dur; 514 } rt2860_rates[] = { 515 /* CCK rates (11b) */ 516 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 517 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 518 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 519 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 520 521 /* OFDM rates (11a / 11g) */ 522 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 523 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 524 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 525 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 526 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 527 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 528 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 529 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }, 530 531 /* MCS - single stream */ 532 { 0x80, 0, IEEE80211_T_HT, 4, 60, 60 }, 533 { 0x81, 1, IEEE80211_T_HT, 4, 60, 60 }, 534 { 0x82, 2, IEEE80211_T_HT, 4, 60, 60 }, 535 { 0x83, 3, IEEE80211_T_HT, 4, 60, 60 }, 536 { 0x84, 4, IEEE80211_T_HT, 4, 60, 60 }, 537 { 0x85, 5, IEEE80211_T_HT, 4, 60, 60 }, 538 { 0x86, 6, IEEE80211_T_HT, 4, 60, 60 }, 539 { 0x87, 7, IEEE80211_T_HT, 4, 60, 60 }, 540 /* MCS - 2 streams */ 541 { 0x88, 8, IEEE80211_T_HT, 4, 60, 60 }, 542 { 0x89, 9, IEEE80211_T_HT, 4, 60, 60 }, 543 { 0x8a, 10, IEEE80211_T_HT, 4, 60, 60 }, 544 { 0x8b, 11, IEEE80211_T_HT, 4, 60, 60 }, 545 { 0x8c, 12, IEEE80211_T_HT, 4, 60, 60 }, 546 { 0x8d, 13, IEEE80211_T_HT, 4, 60, 60 }, 547 { 0x8e, 14, IEEE80211_T_HT, 4, 60, 60 }, 548 { 0x8f, 15, IEEE80211_T_HT, 4, 60, 60 }, 549 }; 550 551 /* These are indexes into the above rt2860_rates[] array */ 552 #define RT2860_RIDX_CCK1 0 553 #define RT2860_RIDX_CCK11 3 554 #define RT2860_RIDX_OFDM6 4 555 #define RT2860_RIDX_MCS0 12 556 #define RT2860_RIDX_MAX 28 557 558 static const struct { 559 uint16_t reg; 560 uint32_t val; 561 } rt2870_def_mac[] = { 562 RT2870_DEF_MAC 563 }; 564 565 static const struct { 566 uint8_t reg; 567 uint8_t val; 568 } rt2860_def_bbp[] = { 569 RT2860_DEF_BBP 570 },rt5390_def_bbp[] = { 571 RT5390_DEF_BBP 572 },rt5592_def_bbp[] = { 573 RT5592_DEF_BBP 574 }; 575 576 /* 577 * Default values for BBP register R196 for RT5592. 578 */ 579 static const uint8_t rt5592_bbp_r196[] = { 580 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 581 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 582 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 583 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 584 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 585 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 586 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 587 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 588 0x2e, 0x36, 0x30, 0x6e 589 }; 590 591 static const struct rfprog { 592 uint8_t chan; 593 uint32_t r1, r2, r3, r4; 594 } rt2860_rf2850[] = { 595 RT2860_RF2850 596 }; 597 598 struct { 599 uint8_t n, r, k; 600 } rt3070_freqs[] = { 601 RT3070_RF3052 602 }; 603 604 static const struct rt5592_freqs { 605 uint16_t n; 606 uint8_t k, m, r; 607 } rt5592_freqs_20mhz[] = { 608 RT5592_RF5592_20MHZ 609 },rt5592_freqs_40mhz[] = { 610 RT5592_RF5592_40MHZ 611 }; 612 613 static const struct { 614 uint8_t reg; 615 uint8_t val; 616 } rt3070_def_rf[] = { 617 RT3070_DEF_RF 618 },rt3572_def_rf[] = { 619 RT3572_DEF_RF 620 },rt3593_def_rf[] = { 621 RT3593_DEF_RF 622 },rt5390_def_rf[] = { 623 RT5390_DEF_RF 624 },rt5392_def_rf[] = { 625 RT5392_DEF_RF 626 },rt5592_def_rf[] = { 627 RT5592_DEF_RF 628 },rt5592_2ghz_def_rf[] = { 629 RT5592_2GHZ_DEF_RF 630 },rt5592_5ghz_def_rf[] = { 631 RT5592_5GHZ_DEF_RF 632 }; 633 634 static const struct { 635 u_int firstchan; 636 u_int lastchan; 637 uint8_t reg; 638 uint8_t val; 639 } rt5592_chan_5ghz[] = { 640 RT5592_CHAN_5GHZ 641 }; 642 643 static const struct usb_config run_config[RUN_N_XFER] = { 644 [RUN_BULK_TX_BE] = { 645 .type = UE_BULK, 646 .endpoint = UE_ADDR_ANY, 647 .ep_index = 0, 648 .direction = UE_DIR_OUT, 649 .bufsize = RUN_MAX_TXSZ, 650 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 651 .callback = run_bulk_tx_callback0, 652 .timeout = 5000, /* ms */ 653 }, 654 [RUN_BULK_TX_BK] = { 655 .type = UE_BULK, 656 .endpoint = UE_ADDR_ANY, 657 .direction = UE_DIR_OUT, 658 .ep_index = 1, 659 .bufsize = RUN_MAX_TXSZ, 660 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 661 .callback = run_bulk_tx_callback1, 662 .timeout = 5000, /* ms */ 663 }, 664 [RUN_BULK_TX_VI] = { 665 .type = UE_BULK, 666 .endpoint = UE_ADDR_ANY, 667 .direction = UE_DIR_OUT, 668 .ep_index = 2, 669 .bufsize = RUN_MAX_TXSZ, 670 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 671 .callback = run_bulk_tx_callback2, 672 .timeout = 5000, /* ms */ 673 }, 674 [RUN_BULK_TX_VO] = { 675 .type = UE_BULK, 676 .endpoint = UE_ADDR_ANY, 677 .direction = UE_DIR_OUT, 678 .ep_index = 3, 679 .bufsize = RUN_MAX_TXSZ, 680 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 681 .callback = run_bulk_tx_callback3, 682 .timeout = 5000, /* ms */ 683 }, 684 [RUN_BULK_TX_HCCA] = { 685 .type = UE_BULK, 686 .endpoint = UE_ADDR_ANY, 687 .direction = UE_DIR_OUT, 688 .ep_index = 4, 689 .bufsize = RUN_MAX_TXSZ, 690 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 691 .callback = run_bulk_tx_callback4, 692 .timeout = 5000, /* ms */ 693 }, 694 [RUN_BULK_TX_PRIO] = { 695 .type = UE_BULK, 696 .endpoint = UE_ADDR_ANY, 697 .direction = UE_DIR_OUT, 698 .ep_index = 5, 699 .bufsize = RUN_MAX_TXSZ, 700 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 701 .callback = run_bulk_tx_callback5, 702 .timeout = 5000, /* ms */ 703 }, 704 [RUN_BULK_RX] = { 705 .type = UE_BULK, 706 .endpoint = UE_ADDR_ANY, 707 .direction = UE_DIR_IN, 708 .bufsize = RUN_MAX_RXSZ, 709 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 710 .callback = run_bulk_rx_callback, 711 } 712 }; 713 714 static void 715 run_autoinst(void *arg, struct usb_device *udev, 716 struct usb_attach_arg *uaa) 717 { 718 struct usb_interface *iface; 719 struct usb_interface_descriptor *id; 720 721 if (uaa->dev_state != UAA_DEV_READY) 722 return; 723 724 iface = usbd_get_iface(udev, 0); 725 if (iface == NULL) 726 return; 727 id = iface->idesc; 728 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 729 return; 730 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 731 return; 732 733 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 734 uaa->dev_state = UAA_DEV_EJECTING; 735 } 736 737 static int 738 run_driver_loaded(struct module *mod, int what, void *arg) 739 { 740 switch (what) { 741 case MOD_LOAD: 742 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 743 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 744 break; 745 case MOD_UNLOAD: 746 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 747 break; 748 default: 749 return (EOPNOTSUPP); 750 } 751 return (0); 752 } 753 754 static int 755 run_match(device_t self) 756 { 757 struct usb_attach_arg *uaa = device_get_ivars(self); 758 759 if (uaa->usb_mode != USB_MODE_HOST) 760 return (ENXIO); 761 if (uaa->info.bConfigIndex != 0) 762 return (ENXIO); 763 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 764 return (ENXIO); 765 766 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 767 } 768 769 static int 770 run_attach(device_t self) 771 { 772 struct run_softc *sc = device_get_softc(self); 773 struct usb_attach_arg *uaa = device_get_ivars(self); 774 struct ieee80211com *ic = &sc->sc_ic; 775 uint32_t ver; 776 uint8_t iface_index; 777 int ntries, error; 778 779 device_set_usb_desc(self); 780 sc->sc_udev = uaa->device; 781 sc->sc_dev = self; 782 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 783 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 784 785 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 786 MTX_NETWORK_LOCK, MTX_DEF); 787 mbufq_init(&sc->sc_snd, ifqmaxlen); 788 789 iface_index = RT2860_IFACE_INDEX; 790 791 error = usbd_transfer_setup(uaa->device, &iface_index, 792 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 793 if (error) { 794 device_printf(self, "could not allocate USB transfers, " 795 "err=%s\n", usbd_errstr(error)); 796 goto detach; 797 } 798 799 RUN_LOCK(sc); 800 801 /* wait for the chip to settle */ 802 for (ntries = 0; ntries < 100; ntries++) { 803 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 804 RUN_UNLOCK(sc); 805 goto detach; 806 } 807 if (ver != 0 && ver != 0xffffffff) 808 break; 809 run_delay(sc, 10); 810 } 811 if (ntries == 100) { 812 device_printf(sc->sc_dev, 813 "timeout waiting for NIC to initialize\n"); 814 RUN_UNLOCK(sc); 815 goto detach; 816 } 817 sc->mac_ver = ver >> 16; 818 sc->mac_rev = ver & 0xffff; 819 820 /* retrieve RF rev. no and various other things from EEPROM */ 821 run_read_eeprom(sc); 822 823 device_printf(sc->sc_dev, 824 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 825 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 826 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 827 828 RUN_UNLOCK(sc); 829 830 ic->ic_softc = sc; 831 ic->ic_name = device_get_nameunit(self); 832 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 833 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 834 835 /* set device capabilities */ 836 ic->ic_caps = 837 IEEE80211_C_STA | /* station mode supported */ 838 IEEE80211_C_MONITOR | /* monitor mode supported */ 839 IEEE80211_C_IBSS | 840 IEEE80211_C_HOSTAP | 841 IEEE80211_C_WDS | /* 4-address traffic works */ 842 IEEE80211_C_MBSS | 843 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 844 IEEE80211_C_SHSLOT | /* short slot time supported */ 845 IEEE80211_C_SWAMSDUTX | /* Do software A-MSDU TX */ 846 IEEE80211_C_FF | /* Atheros fast-frames */ 847 IEEE80211_C_WME | /* WME */ 848 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 849 850 /* 851 * RF2020 is not an 11n device. 852 */ 853 if (sc->rf_rev != RT3070_RF_2020) { 854 device_printf(sc->sc_dev, "[HT] Enabling 802.11n\n"); 855 ic->ic_htcaps = 856 IEEE80211_HTC_HT | 857 IEEE80211_HTC_AMPDU | 858 IEEE80211_HTC_AMSDU | 859 IEEE80211_HTCAP_MAXAMSDU_3839 | 860 IEEE80211_HTCAP_SMPS_OFF; 861 862 /* 863 * For now, just do 1 stream. Later on we'll figure out 864 * how many tx/rx streams a particular NIC supports. 865 */ 866 ic->ic_rxstream = 1; 867 ic->ic_txstream = 1; 868 } 869 870 ic->ic_cryptocaps = 871 IEEE80211_CRYPTO_WEP | 872 IEEE80211_CRYPTO_AES_CCM | 873 IEEE80211_CRYPTO_TKIPMIC | 874 IEEE80211_CRYPTO_TKIP; 875 876 ic->ic_flags |= IEEE80211_F_DATAPAD; 877 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 878 879 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 880 ic->ic_channels); 881 882 ieee80211_ifattach(ic); 883 884 ic->ic_scan_start = run_scan_start; 885 ic->ic_scan_end = run_scan_end; 886 ic->ic_set_channel = run_set_channel; 887 ic->ic_getradiocaps = run_getradiocaps; 888 ic->ic_node_alloc = run_node_alloc; 889 ic->ic_newassoc = run_newassoc; 890 ic->ic_updateslot = run_updateslot; 891 ic->ic_update_mcast = run_update_mcast; 892 ic->ic_wme.wme_update = run_wme_update; 893 ic->ic_raw_xmit = run_raw_xmit; 894 ic->ic_update_promisc = run_update_promisc; 895 ic->ic_vap_create = run_vap_create; 896 ic->ic_vap_delete = run_vap_delete; 897 ic->ic_transmit = run_transmit; 898 ic->ic_parent = run_parent; 899 ic->ic_update_chw = run_update_chw; 900 ic->ic_ampdu_enable = run_ampdu_enable; 901 902 ieee80211_radiotap_attach(ic, 903 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 904 RUN_TX_RADIOTAP_PRESENT, 905 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 906 RUN_RX_RADIOTAP_PRESENT); 907 908 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 909 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 910 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 911 912 if (bootverbose) 913 ieee80211_announce(ic); 914 915 return (0); 916 917 detach: 918 run_detach(self); 919 return (ENXIO); 920 } 921 922 static void 923 run_drain_mbufq(struct run_softc *sc) 924 { 925 struct mbuf *m; 926 struct ieee80211_node *ni; 927 928 RUN_LOCK_ASSERT(sc, MA_OWNED); 929 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 930 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 931 m->m_pkthdr.rcvif = NULL; 932 ieee80211_free_node(ni); 933 m_freem(m); 934 } 935 } 936 937 static int 938 run_detach(device_t self) 939 { 940 struct run_softc *sc = device_get_softc(self); 941 struct ieee80211com *ic = &sc->sc_ic; 942 int i; 943 944 RUN_LOCK(sc); 945 sc->sc_detached = 1; 946 RUN_UNLOCK(sc); 947 948 /* stop all USB transfers */ 949 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 950 951 RUN_LOCK(sc); 952 sc->ratectl_run = RUN_RATECTL_OFF; 953 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 954 955 /* free TX list, if any */ 956 for (i = 0; i != RUN_EP_QUEUES; i++) 957 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 958 959 /* Free TX queue */ 960 run_drain_mbufq(sc); 961 RUN_UNLOCK(sc); 962 963 if (sc->sc_ic.ic_softc == sc) { 964 /* drain tasks */ 965 usb_callout_drain(&sc->ratectl_ch); 966 ieee80211_draintask(ic, &sc->cmdq_task); 967 ieee80211_draintask(ic, &sc->ratectl_task); 968 ieee80211_ifdetach(ic); 969 } 970 971 mtx_destroy(&sc->sc_mtx); 972 973 return (0); 974 } 975 976 static struct ieee80211vap * 977 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 978 enum ieee80211_opmode opmode, int flags, 979 const uint8_t bssid[IEEE80211_ADDR_LEN], 980 const uint8_t mac[IEEE80211_ADDR_LEN]) 981 { 982 struct run_softc *sc = ic->ic_softc; 983 struct run_vap *rvp; 984 struct ieee80211vap *vap; 985 int i; 986 987 if (sc->rvp_cnt >= RUN_VAP_MAX) { 988 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 989 return (NULL); 990 } 991 992 switch (opmode) { 993 case IEEE80211_M_STA: 994 /* enable s/w bmiss handling for sta mode */ 995 flags |= IEEE80211_CLONE_NOBEACONS; 996 /* fall though */ 997 case IEEE80211_M_IBSS: 998 case IEEE80211_M_MONITOR: 999 case IEEE80211_M_HOSTAP: 1000 case IEEE80211_M_MBSS: 1001 /* other than WDS vaps, only one at a time */ 1002 if (!TAILQ_EMPTY(&ic->ic_vaps)) 1003 return (NULL); 1004 break; 1005 case IEEE80211_M_WDS: 1006 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 1007 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 1008 continue; 1009 /* WDS vap's always share the local mac address. */ 1010 flags &= ~IEEE80211_CLONE_BSSID; 1011 break; 1012 } 1013 if (vap == NULL) { 1014 device_printf(sc->sc_dev, 1015 "wds only supported in ap mode\n"); 1016 return (NULL); 1017 } 1018 break; 1019 default: 1020 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 1021 return (NULL); 1022 } 1023 1024 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 1025 vap = &rvp->vap; 1026 1027 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 1028 bssid) != 0) { 1029 /* out of memory */ 1030 free(rvp, M_80211_VAP); 1031 return (NULL); 1032 } 1033 1034 vap->iv_update_beacon = run_update_beacon; 1035 vap->iv_max_aid = RT2870_WCID_MAX; 1036 1037 /* 1038 * The linux rt2800 driver limits 1 stream devices to a 32KB 1039 * RX AMPDU. 1040 */ 1041 if (ic->ic_rxstream > 1) 1042 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K; 1043 else 1044 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K; 1045 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_2; /* 2uS */ 1046 1047 /* 1048 * To delete the right key from h/w, we need wcid. 1049 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 1050 * and matching wcid will be written into there. So, cast 1051 * some spells to remove 'const' from ieee80211_key{} 1052 */ 1053 vap->iv_key_delete = (void *)run_key_delete; 1054 vap->iv_key_set = (void *)run_key_set; 1055 1056 /* override state transition machine */ 1057 rvp->newstate = vap->iv_newstate; 1058 vap->iv_newstate = run_newstate; 1059 if (opmode == IEEE80211_M_IBSS) { 1060 rvp->recv_mgmt = vap->iv_recv_mgmt; 1061 vap->iv_recv_mgmt = run_recv_mgmt; 1062 } 1063 1064 ieee80211_ratectl_init(vap); 1065 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 1066 1067 /* complete setup */ 1068 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 1069 mac); 1070 1071 /* make sure id is always unique */ 1072 for (i = 0; i < RUN_VAP_MAX; i++) { 1073 if((sc->rvp_bmap & 1 << i) == 0){ 1074 sc->rvp_bmap |= 1 << i; 1075 rvp->rvp_id = i; 1076 break; 1077 } 1078 } 1079 if (sc->rvp_cnt++ == 0) 1080 ic->ic_opmode = opmode; 1081 1082 if (opmode == IEEE80211_M_HOSTAP) 1083 sc->cmdq_run = RUN_CMDQ_GO; 1084 1085 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1086 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1087 1088 return (vap); 1089 } 1090 1091 static void 1092 run_vap_delete(struct ieee80211vap *vap) 1093 { 1094 struct run_vap *rvp = RUN_VAP(vap); 1095 struct ieee80211com *ic; 1096 struct run_softc *sc; 1097 uint8_t rvp_id; 1098 1099 if (vap == NULL) 1100 return; 1101 1102 ic = vap->iv_ic; 1103 sc = ic->ic_softc; 1104 1105 RUN_LOCK(sc); 1106 1107 m_freem(rvp->beacon_mbuf); 1108 rvp->beacon_mbuf = NULL; 1109 1110 rvp_id = rvp->rvp_id; 1111 sc->ratectl_run &= ~(1 << rvp_id); 1112 sc->rvp_bmap &= ~(1 << rvp_id); 1113 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1114 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1115 --sc->rvp_cnt; 1116 1117 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1118 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1119 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1120 1121 RUN_UNLOCK(sc); 1122 1123 ieee80211_ratectl_deinit(vap); 1124 ieee80211_vap_detach(vap); 1125 free(rvp, M_80211_VAP); 1126 } 1127 1128 /* 1129 * There are numbers of functions need to be called in context thread. 1130 * Rather than creating taskqueue event for each of those functions, 1131 * here is all-for-one taskqueue callback function. This function 1132 * guarantees deferred functions are executed in the same order they 1133 * were enqueued. 1134 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1135 */ 1136 static void 1137 run_cmdq_cb(void *arg, int pending) 1138 { 1139 struct run_softc *sc = arg; 1140 uint8_t i; 1141 1142 /* call cmdq[].func locked */ 1143 RUN_LOCK(sc); 1144 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1145 i = sc->cmdq_exec, pending--) { 1146 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1147 i, pending); 1148 if (sc->cmdq_run == RUN_CMDQ_GO) { 1149 /* 1150 * If arg0 is NULL, callback func needs more 1151 * than one arg. So, pass ptr to cmdq struct. 1152 */ 1153 if (sc->cmdq[i].arg0) 1154 sc->cmdq[i].func(sc->cmdq[i].arg0); 1155 else 1156 sc->cmdq[i].func(&sc->cmdq[i]); 1157 } 1158 sc->cmdq[i].arg0 = NULL; 1159 sc->cmdq[i].func = NULL; 1160 sc->cmdq_exec++; 1161 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1162 } 1163 RUN_UNLOCK(sc); 1164 } 1165 1166 static void 1167 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1168 { 1169 struct run_tx_data *data; 1170 1171 memset(pq, 0, sizeof(*pq)); 1172 1173 STAILQ_INIT(&pq->tx_qh); 1174 STAILQ_INIT(&pq->tx_fh); 1175 1176 for (data = &pq->tx_data[0]; 1177 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1178 data->sc = sc; 1179 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1180 } 1181 pq->tx_nfree = RUN_TX_RING_COUNT; 1182 } 1183 1184 static void 1185 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1186 { 1187 struct run_tx_data *data; 1188 1189 /* make sure any subsequent use of the queues will fail */ 1190 pq->tx_nfree = 0; 1191 STAILQ_INIT(&pq->tx_fh); 1192 STAILQ_INIT(&pq->tx_qh); 1193 1194 /* free up all node references and mbufs */ 1195 for (data = &pq->tx_data[0]; 1196 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1197 if (data->m != NULL) { 1198 m_freem(data->m); 1199 data->m = NULL; 1200 } 1201 if (data->ni != NULL) { 1202 ieee80211_free_node(data->ni); 1203 data->ni = NULL; 1204 } 1205 } 1206 } 1207 1208 static int 1209 run_load_microcode(struct run_softc *sc) 1210 { 1211 usb_device_request_t req; 1212 const struct firmware *fw; 1213 const u_char *base; 1214 uint32_t tmp; 1215 int ntries, error; 1216 const uint64_t *temp; 1217 uint64_t bytes; 1218 1219 RUN_UNLOCK(sc); 1220 fw = firmware_get("runfw"); 1221 RUN_LOCK(sc); 1222 if (fw == NULL) { 1223 device_printf(sc->sc_dev, 1224 "failed loadfirmware of file %s\n", "runfw"); 1225 return ENOENT; 1226 } 1227 1228 if (fw->datasize != 8192) { 1229 device_printf(sc->sc_dev, 1230 "invalid firmware size (should be 8KB)\n"); 1231 error = EINVAL; 1232 goto fail; 1233 } 1234 1235 /* 1236 * RT3071/RT3072 use a different firmware 1237 * run-rt2870 (8KB) contains both, 1238 * first half (4KB) is for rt2870, 1239 * last half is for rt3071. 1240 */ 1241 base = fw->data; 1242 if ((sc->mac_ver) != 0x2860 && 1243 (sc->mac_ver) != 0x2872 && 1244 (sc->mac_ver) != 0x3070) { 1245 base += 4096; 1246 } 1247 1248 /* cheap sanity check */ 1249 temp = fw->data; 1250 bytes = *temp; 1251 if (bytes != be64toh(0xffffff0210280210ULL)) { 1252 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1253 error = EINVAL; 1254 goto fail; 1255 } 1256 1257 /* write microcode image */ 1258 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1259 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1260 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1261 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1262 } 1263 1264 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1265 req.bRequest = RT2870_RESET; 1266 USETW(req.wValue, 8); 1267 USETW(req.wIndex, 0); 1268 USETW(req.wLength, 0); 1269 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1270 != 0) { 1271 device_printf(sc->sc_dev, "firmware reset failed\n"); 1272 goto fail; 1273 } 1274 1275 run_delay(sc, 10); 1276 1277 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1278 run_write(sc, RT2860_H2M_MAILBOX, 0); 1279 run_write(sc, RT2860_H2M_INTSRC, 0); 1280 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1281 goto fail; 1282 1283 /* wait until microcontroller is ready */ 1284 for (ntries = 0; ntries < 1000; ntries++) { 1285 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1286 goto fail; 1287 if (tmp & RT2860_MCU_READY) 1288 break; 1289 run_delay(sc, 10); 1290 } 1291 if (ntries == 1000) { 1292 device_printf(sc->sc_dev, 1293 "timeout waiting for MCU to initialize\n"); 1294 error = ETIMEDOUT; 1295 goto fail; 1296 } 1297 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1298 (base == fw->data) ? "RT2870" : "RT3071", 1299 *(base + 4092), *(base + 4093)); 1300 1301 fail: 1302 firmware_put(fw, FIRMWARE_UNLOAD); 1303 return (error); 1304 } 1305 1306 static int 1307 run_reset(struct run_softc *sc) 1308 { 1309 usb_device_request_t req; 1310 1311 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1312 req.bRequest = RT2870_RESET; 1313 USETW(req.wValue, 1); 1314 USETW(req.wIndex, 0); 1315 USETW(req.wLength, 0); 1316 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1317 } 1318 1319 static usb_error_t 1320 run_do_request(struct run_softc *sc, 1321 struct usb_device_request *req, void *data) 1322 { 1323 usb_error_t err; 1324 int ntries = 10; 1325 1326 RUN_LOCK_ASSERT(sc, MA_OWNED); 1327 1328 while (ntries--) { 1329 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1330 req, data, 0, NULL, 250 /* ms */); 1331 if (err == 0) 1332 break; 1333 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1334 "Control request failed, %s (retrying)\n", 1335 usbd_errstr(err)); 1336 run_delay(sc, 10); 1337 } 1338 return (err); 1339 } 1340 1341 static int 1342 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1343 { 1344 uint32_t tmp; 1345 int error; 1346 1347 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1348 if (error == 0) 1349 *val = le32toh(tmp); 1350 else 1351 *val = 0xffffffff; 1352 return (error); 1353 } 1354 1355 static int 1356 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1357 { 1358 usb_device_request_t req; 1359 1360 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1361 req.bRequest = RT2870_READ_REGION_1; 1362 USETW(req.wValue, 0); 1363 USETW(req.wIndex, reg); 1364 USETW(req.wLength, len); 1365 1366 return (run_do_request(sc, &req, buf)); 1367 } 1368 1369 static int 1370 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1371 { 1372 usb_device_request_t req; 1373 1374 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1375 req.bRequest = RT2870_WRITE_2; 1376 USETW(req.wValue, val); 1377 USETW(req.wIndex, reg); 1378 USETW(req.wLength, 0); 1379 1380 return (run_do_request(sc, &req, NULL)); 1381 } 1382 1383 static int 1384 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1385 { 1386 int error; 1387 1388 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1389 error = run_write_2(sc, reg + 2, val >> 16); 1390 return (error); 1391 } 1392 1393 static int 1394 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1395 int len) 1396 { 1397 #if 1 1398 int i, error = 0; 1399 /* 1400 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1401 * We thus issue multiple WRITE_2 commands instead. 1402 */ 1403 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1404 for (i = 0; i < len && error == 0; i += 2) 1405 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1406 return (error); 1407 #else 1408 usb_device_request_t req; 1409 int error = 0; 1410 1411 /* 1412 * NOTE: It appears the WRITE_REGION_1 command cannot be 1413 * passed a huge amount of data, which will crash the 1414 * firmware. Limit amount of data passed to 64-bytes at a 1415 * time. 1416 */ 1417 while (len > 0) { 1418 int delta = 64; 1419 if (delta > len) 1420 delta = len; 1421 1422 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1423 req.bRequest = RT2870_WRITE_REGION_1; 1424 USETW(req.wValue, 0); 1425 USETW(req.wIndex, reg); 1426 USETW(req.wLength, delta); 1427 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1428 if (error != 0) 1429 break; 1430 reg += delta; 1431 buf += delta; 1432 len -= delta; 1433 } 1434 return (error); 1435 #endif 1436 } 1437 1438 static int 1439 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1440 { 1441 int i, error = 0; 1442 1443 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1444 for (i = 0; i < len && error == 0; i += 4) 1445 error = run_write(sc, reg + i, val); 1446 return (error); 1447 } 1448 1449 static int 1450 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1451 { 1452 uint32_t tmp; 1453 uint16_t reg; 1454 int error, ntries; 1455 1456 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1457 return (error); 1458 1459 if (count == 2) 1460 addr *= 2; 1461 /*- 1462 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1463 * DATA0: F E D C 1464 * DATA1: B A 9 8 1465 * DATA2: 7 6 5 4 1466 * DATA3: 3 2 1 0 1467 */ 1468 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1469 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1470 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1471 for (ntries = 0; ntries < 100; ntries++) { 1472 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1473 return (error); 1474 if (!(tmp & RT3070_EFSROM_KICK)) 1475 break; 1476 run_delay(sc, 2); 1477 } 1478 if (ntries == 100) 1479 return (ETIMEDOUT); 1480 1481 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1482 *val = 0xffff; /* address not found */ 1483 return (0); 1484 } 1485 /* determine to which 32-bit register our 16-bit word belongs */ 1486 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1487 if ((error = run_read(sc, reg, &tmp)) != 0) 1488 return (error); 1489 1490 tmp >>= (8 * (addr & 0x3)); 1491 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1492 1493 return (0); 1494 } 1495 1496 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1497 static int 1498 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1499 { 1500 return (run_efuse_read(sc, addr, val, 2)); 1501 } 1502 1503 static int 1504 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1505 { 1506 usb_device_request_t req; 1507 uint16_t tmp; 1508 int error; 1509 1510 addr *= 2; 1511 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1512 req.bRequest = RT2870_EEPROM_READ; 1513 USETW(req.wValue, 0); 1514 USETW(req.wIndex, addr); 1515 USETW(req.wLength, sizeof(tmp)); 1516 1517 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1518 if (error == 0) 1519 *val = le16toh(tmp); 1520 else 1521 *val = 0xffff; 1522 return (error); 1523 } 1524 1525 static __inline int 1526 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1527 { 1528 /* either eFUSE ROM or EEPROM */ 1529 return sc->sc_srom_read(sc, addr, val); 1530 } 1531 1532 static int 1533 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1534 { 1535 uint32_t tmp; 1536 int error, ntries; 1537 1538 for (ntries = 0; ntries < 10; ntries++) { 1539 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1540 return (error); 1541 if (!(tmp & RT2860_RF_REG_CTRL)) 1542 break; 1543 } 1544 if (ntries == 10) 1545 return (ETIMEDOUT); 1546 1547 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1548 } 1549 1550 static int 1551 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1552 { 1553 uint32_t tmp; 1554 int error, ntries; 1555 1556 for (ntries = 0; ntries < 100; ntries++) { 1557 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1558 return (error); 1559 if (!(tmp & RT3070_RF_KICK)) 1560 break; 1561 } 1562 if (ntries == 100) 1563 return (ETIMEDOUT); 1564 1565 tmp = RT3070_RF_KICK | reg << 8; 1566 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1567 return (error); 1568 1569 for (ntries = 0; ntries < 100; ntries++) { 1570 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1571 return (error); 1572 if (!(tmp & RT3070_RF_KICK)) 1573 break; 1574 } 1575 if (ntries == 100) 1576 return (ETIMEDOUT); 1577 1578 *val = tmp & 0xff; 1579 return (0); 1580 } 1581 1582 static int 1583 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1584 { 1585 uint32_t tmp; 1586 int error, ntries; 1587 1588 for (ntries = 0; ntries < 10; ntries++) { 1589 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1590 return (error); 1591 if (!(tmp & RT3070_RF_KICK)) 1592 break; 1593 } 1594 if (ntries == 10) 1595 return (ETIMEDOUT); 1596 1597 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1598 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1599 } 1600 1601 static int 1602 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1603 { 1604 uint32_t tmp; 1605 int ntries, error; 1606 1607 for (ntries = 0; ntries < 10; ntries++) { 1608 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1609 return (error); 1610 if (!(tmp & RT2860_BBP_CSR_KICK)) 1611 break; 1612 } 1613 if (ntries == 10) 1614 return (ETIMEDOUT); 1615 1616 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1617 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1618 return (error); 1619 1620 for (ntries = 0; ntries < 10; ntries++) { 1621 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1622 return (error); 1623 if (!(tmp & RT2860_BBP_CSR_KICK)) 1624 break; 1625 } 1626 if (ntries == 10) 1627 return (ETIMEDOUT); 1628 1629 *val = tmp & 0xff; 1630 return (0); 1631 } 1632 1633 static int 1634 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1635 { 1636 uint32_t tmp; 1637 int ntries, error; 1638 1639 for (ntries = 0; ntries < 10; ntries++) { 1640 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1641 return (error); 1642 if (!(tmp & RT2860_BBP_CSR_KICK)) 1643 break; 1644 } 1645 if (ntries == 10) 1646 return (ETIMEDOUT); 1647 1648 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1649 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1650 } 1651 1652 /* 1653 * Send a command to the 8051 microcontroller unit. 1654 */ 1655 static int 1656 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1657 { 1658 uint32_t tmp; 1659 int error, ntries; 1660 1661 for (ntries = 0; ntries < 100; ntries++) { 1662 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1663 return error; 1664 if (!(tmp & RT2860_H2M_BUSY)) 1665 break; 1666 } 1667 if (ntries == 100) 1668 return ETIMEDOUT; 1669 1670 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1671 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1672 error = run_write(sc, RT2860_HOST_CMD, cmd); 1673 return (error); 1674 } 1675 1676 /* 1677 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1678 * Used to adjust per-rate Tx power registers. 1679 */ 1680 static __inline uint32_t 1681 b4inc(uint32_t b32, int8_t delta) 1682 { 1683 int8_t i, b4; 1684 1685 for (i = 0; i < 8; i++) { 1686 b4 = b32 & 0xf; 1687 b4 += delta; 1688 if (b4 < 0) 1689 b4 = 0; 1690 else if (b4 > 0xf) 1691 b4 = 0xf; 1692 b32 = b32 >> 4 | b4 << 28; 1693 } 1694 return (b32); 1695 } 1696 1697 static const char * 1698 run_get_rf(uint16_t rev) 1699 { 1700 switch (rev) { 1701 case RT2860_RF_2820: return "RT2820"; 1702 case RT2860_RF_2850: return "RT2850"; 1703 case RT2860_RF_2720: return "RT2720"; 1704 case RT2860_RF_2750: return "RT2750"; 1705 case RT3070_RF_3020: return "RT3020"; 1706 case RT3070_RF_2020: return "RT2020"; 1707 case RT3070_RF_3021: return "RT3021"; 1708 case RT3070_RF_3022: return "RT3022"; 1709 case RT3070_RF_3052: return "RT3052"; 1710 case RT3593_RF_3053: return "RT3053"; 1711 case RT5592_RF_5592: return "RT5592"; 1712 case RT5390_RF_5370: return "RT5370"; 1713 case RT5390_RF_5372: return "RT5372"; 1714 } 1715 return ("unknown"); 1716 } 1717 1718 static void 1719 run_rt3593_get_txpower(struct run_softc *sc) 1720 { 1721 uint16_t addr, val; 1722 int i; 1723 1724 /* Read power settings for 2GHz channels. */ 1725 for (i = 0; i < 14; i += 2) { 1726 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1727 RT2860_EEPROM_PWR2GHZ_BASE1; 1728 run_srom_read(sc, addr + i / 2, &val); 1729 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1730 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1731 1732 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1733 RT2860_EEPROM_PWR2GHZ_BASE2; 1734 run_srom_read(sc, addr + i / 2, &val); 1735 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1736 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1737 1738 if (sc->ntxchains == 3) { 1739 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1740 &val); 1741 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1742 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1743 } 1744 } 1745 /* Fix broken Tx power entries. */ 1746 for (i = 0; i < 14; i++) { 1747 if (sc->txpow1[i] > 31) 1748 sc->txpow1[i] = 5; 1749 if (sc->txpow2[i] > 31) 1750 sc->txpow2[i] = 5; 1751 if (sc->ntxchains == 3) { 1752 if (sc->txpow3[i] > 31) 1753 sc->txpow3[i] = 5; 1754 } 1755 } 1756 /* Read power settings for 5GHz channels. */ 1757 for (i = 0; i < 40; i += 2) { 1758 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1759 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1760 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1761 1762 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1763 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1764 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1765 1766 if (sc->ntxchains == 3) { 1767 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1768 &val); 1769 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1770 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1771 } 1772 } 1773 } 1774 1775 static void 1776 run_get_txpower(struct run_softc *sc) 1777 { 1778 uint16_t val; 1779 int i; 1780 1781 /* Read power settings for 2GHz channels. */ 1782 for (i = 0; i < 14; i += 2) { 1783 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1784 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1785 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1786 1787 if (sc->mac_ver != 0x5390) { 1788 run_srom_read(sc, 1789 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1790 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1791 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1792 } 1793 } 1794 /* Fix broken Tx power entries. */ 1795 for (i = 0; i < 14; i++) { 1796 if (sc->mac_ver >= 0x5390) { 1797 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1798 sc->txpow1[i] = 5; 1799 } else { 1800 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1801 sc->txpow1[i] = 5; 1802 } 1803 if (sc->mac_ver > 0x5390) { 1804 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1805 sc->txpow2[i] = 5; 1806 } else if (sc->mac_ver < 0x5390) { 1807 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1808 sc->txpow2[i] = 5; 1809 } 1810 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1811 "chan %d: power1=%d, power2=%d\n", 1812 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1813 } 1814 /* Read power settings for 5GHz channels. */ 1815 for (i = 0; i < 40; i += 2) { 1816 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1817 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1818 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1819 1820 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1821 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1822 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1823 } 1824 /* Fix broken Tx power entries. */ 1825 for (i = 0; i < 40; i++ ) { 1826 if (sc->mac_ver != 0x5592) { 1827 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1828 sc->txpow1[14 + i] = 5; 1829 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1830 sc->txpow2[14 + i] = 5; 1831 } 1832 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1833 "chan %d: power1=%d, power2=%d\n", 1834 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1835 sc->txpow2[14 + i]); 1836 } 1837 } 1838 1839 static int 1840 run_read_eeprom(struct run_softc *sc) 1841 { 1842 struct ieee80211com *ic = &sc->sc_ic; 1843 int8_t delta_2ghz, delta_5ghz; 1844 uint32_t tmp; 1845 uint16_t val; 1846 int ridx, ant, i; 1847 1848 /* check whether the ROM is eFUSE ROM or EEPROM */ 1849 sc->sc_srom_read = run_eeprom_read_2; 1850 if (sc->mac_ver >= 0x3070) { 1851 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1852 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1853 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1854 sc->sc_srom_read = run_efuse_read_2; 1855 } 1856 1857 /* read ROM version */ 1858 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1859 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1860 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1861 1862 /* read MAC address */ 1863 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1864 ic->ic_macaddr[0] = val & 0xff; 1865 ic->ic_macaddr[1] = val >> 8; 1866 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1867 ic->ic_macaddr[2] = val & 0xff; 1868 ic->ic_macaddr[3] = val >> 8; 1869 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1870 ic->ic_macaddr[4] = val & 0xff; 1871 ic->ic_macaddr[5] = val >> 8; 1872 1873 if (sc->mac_ver < 0x3593) { 1874 /* read vender BBP settings */ 1875 for (i = 0; i < 10; i++) { 1876 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1877 sc->bbp[i].val = val & 0xff; 1878 sc->bbp[i].reg = val >> 8; 1879 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1880 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1881 } 1882 if (sc->mac_ver >= 0x3071) { 1883 /* read vendor RF settings */ 1884 for (i = 0; i < 10; i++) { 1885 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1886 &val); 1887 sc->rf[i].val = val & 0xff; 1888 sc->rf[i].reg = val >> 8; 1889 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1890 sc->rf[i].reg, sc->rf[i].val); 1891 } 1892 } 1893 } 1894 1895 /* read RF frequency offset from EEPROM */ 1896 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1897 RT3593_EEPROM_FREQ, &val); 1898 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1899 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1900 sc->freq & 0xff); 1901 1902 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1903 RT3593_EEPROM_FREQ_LEDS, &val); 1904 if (val >> 8 != 0xff) { 1905 /* read LEDs operating mode */ 1906 sc->leds = val >> 8; 1907 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1908 RT3593_EEPROM_LED1, &sc->led[0]); 1909 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1910 RT3593_EEPROM_LED2, &sc->led[1]); 1911 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1912 RT3593_EEPROM_LED3, &sc->led[2]); 1913 } else { 1914 /* broken EEPROM, use default settings */ 1915 sc->leds = 0x01; 1916 sc->led[0] = 0x5555; 1917 sc->led[1] = 0x2221; 1918 sc->led[2] = 0x5627; /* differs from RT2860 */ 1919 } 1920 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1921 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1922 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1923 1924 /* read RF information */ 1925 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1926 run_srom_read(sc, 0x00, &val); 1927 else 1928 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1929 1930 if (val == 0xffff) { 1931 device_printf(sc->sc_dev, 1932 "invalid EEPROM antenna info, using default\n"); 1933 if (sc->mac_ver == 0x3572) { 1934 /* default to RF3052 2T2R */ 1935 sc->rf_rev = RT3070_RF_3052; 1936 sc->ntxchains = 2; 1937 sc->nrxchains = 2; 1938 } else if (sc->mac_ver >= 0x3070) { 1939 /* default to RF3020 1T1R */ 1940 sc->rf_rev = RT3070_RF_3020; 1941 sc->ntxchains = 1; 1942 sc->nrxchains = 1; 1943 } else { 1944 /* default to RF2820 1T2R */ 1945 sc->rf_rev = RT2860_RF_2820; 1946 sc->ntxchains = 1; 1947 sc->nrxchains = 2; 1948 } 1949 } else { 1950 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1951 sc->rf_rev = val; 1952 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1953 } else 1954 sc->rf_rev = (val >> 8) & 0xf; 1955 sc->ntxchains = (val >> 4) & 0xf; 1956 sc->nrxchains = val & 0xf; 1957 } 1958 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1959 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1960 1961 /* check if RF supports automatic Tx access gain control */ 1962 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1963 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1964 /* check if driver should patch the DAC issue */ 1965 if ((val >> 8) != 0xff) 1966 sc->patch_dac = (val >> 15) & 1; 1967 if ((val & 0xff) != 0xff) { 1968 sc->ext_5ghz_lna = (val >> 3) & 1; 1969 sc->ext_2ghz_lna = (val >> 2) & 1; 1970 /* check if RF supports automatic Tx access gain control */ 1971 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1972 /* check if we have a hardware radio switch */ 1973 sc->rfswitch = val & 1; 1974 } 1975 1976 /* Read Tx power settings. */ 1977 if (sc->mac_ver == 0x3593) 1978 run_rt3593_get_txpower(sc); 1979 else 1980 run_get_txpower(sc); 1981 1982 /* read Tx power compensation for each Tx rate */ 1983 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1984 delta_2ghz = delta_5ghz = 0; 1985 if ((val & 0xff) != 0xff && (val & 0x80)) { 1986 delta_2ghz = val & 0xf; 1987 if (!(val & 0x40)) /* negative number */ 1988 delta_2ghz = -delta_2ghz; 1989 } 1990 val >>= 8; 1991 if ((val & 0xff) != 0xff && (val & 0x80)) { 1992 delta_5ghz = val & 0xf; 1993 if (!(val & 0x40)) /* negative number */ 1994 delta_5ghz = -delta_5ghz; 1995 } 1996 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1997 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1998 1999 for (ridx = 0; ridx < 5; ridx++) { 2000 uint32_t reg; 2001 2002 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 2003 reg = val; 2004 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 2005 reg |= (uint32_t)val << 16; 2006 2007 sc->txpow20mhz[ridx] = reg; 2008 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 2009 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 2010 2011 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 2012 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 2013 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 2014 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 2015 } 2016 2017 /* Read RSSI offsets and LNA gains from EEPROM. */ 2018 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 2019 RT3593_EEPROM_RSSI1_2GHZ, &val); 2020 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 2021 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 2022 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 2023 RT3593_EEPROM_RSSI2_2GHZ, &val); 2024 if (sc->mac_ver >= 0x3070) { 2025 if (sc->mac_ver == 0x3593) { 2026 sc->txmixgain_2ghz = 0; 2027 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2028 } else { 2029 /* 2030 * On RT3070 chips (limited to 2 Rx chains), this ROM 2031 * field contains the Tx mixer gain for the 2GHz band. 2032 */ 2033 if ((val & 0xff) != 0xff) 2034 sc->txmixgain_2ghz = val & 0x7; 2035 } 2036 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 2037 sc->txmixgain_2ghz); 2038 } else 2039 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2040 if (sc->mac_ver == 0x3593) 2041 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2042 sc->lna[2] = val >> 8; /* channel group 2 */ 2043 2044 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 2045 RT3593_EEPROM_RSSI1_5GHZ, &val); 2046 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 2047 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 2048 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 2049 RT3593_EEPROM_RSSI2_5GHZ, &val); 2050 if (sc->mac_ver == 0x3572) { 2051 /* 2052 * On RT3572 chips (limited to 2 Rx chains), this ROM 2053 * field contains the Tx mixer gain for the 5GHz band. 2054 */ 2055 if ((val & 0xff) != 0xff) 2056 sc->txmixgain_5ghz = val & 0x7; 2057 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 2058 sc->txmixgain_5ghz); 2059 } else 2060 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 2061 if (sc->mac_ver == 0x3593) { 2062 sc->txmixgain_5ghz = 0; 2063 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2064 } 2065 sc->lna[3] = val >> 8; /* channel group 3 */ 2066 2067 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 2068 RT3593_EEPROM_LNA, &val); 2069 sc->lna[0] = val & 0xff; /* channel group 0 */ 2070 sc->lna[1] = val >> 8; /* channel group 1 */ 2071 2072 /* fix broken 5GHz LNA entries */ 2073 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2074 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2075 "invalid LNA for channel group %d\n", 2); 2076 sc->lna[2] = sc->lna[1]; 2077 } 2078 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2079 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2080 "invalid LNA for channel group %d\n", 3); 2081 sc->lna[3] = sc->lna[1]; 2082 } 2083 2084 /* fix broken RSSI offset entries */ 2085 for (ant = 0; ant < 3; ant++) { 2086 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2087 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2088 "invalid RSSI%d offset: %d (2GHz)\n", 2089 ant + 1, sc->rssi_2ghz[ant]); 2090 sc->rssi_2ghz[ant] = 0; 2091 } 2092 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2093 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2094 "invalid RSSI%d offset: %d (5GHz)\n", 2095 ant + 1, sc->rssi_5ghz[ant]); 2096 sc->rssi_5ghz[ant] = 0; 2097 } 2098 } 2099 return (0); 2100 } 2101 2102 static struct ieee80211_node * 2103 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2104 { 2105 return malloc(sizeof (struct run_node), M_80211_NODE, 2106 M_NOWAIT | M_ZERO); 2107 } 2108 2109 static int 2110 run_media_change(struct ifnet *ifp) 2111 { 2112 struct ieee80211vap *vap = ifp->if_softc; 2113 struct ieee80211com *ic = vap->iv_ic; 2114 const struct ieee80211_txparam *tp; 2115 struct run_softc *sc = ic->ic_softc; 2116 uint8_t rate, ridx; 2117 int error; 2118 2119 RUN_LOCK(sc); 2120 2121 error = ieee80211_media_change(ifp); 2122 if (error != ENETRESET) { 2123 RUN_UNLOCK(sc); 2124 return (error); 2125 } 2126 2127 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2128 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2129 struct ieee80211_node *ni; 2130 struct run_node *rn; 2131 2132 /* XXX TODO: methodize with MCS rates */ 2133 rate = ic->ic_sup_rates[ic->ic_curmode]. 2134 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2135 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2136 if (rt2860_rates[ridx].rate == rate) 2137 break; 2138 2139 ni = ieee80211_ref_node(vap->iv_bss); 2140 rn = RUN_NODE(ni); 2141 rn->fix_ridx = ridx; 2142 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2143 rate, rn->fix_ridx); 2144 ieee80211_free_node(ni); 2145 } 2146 2147 #if 0 2148 if ((ifp->if_flags & IFF_UP) && 2149 (ifp->if_drv_flags & RUN_RUNNING)){ 2150 run_init_locked(sc); 2151 } 2152 #endif 2153 2154 RUN_UNLOCK(sc); 2155 2156 return (0); 2157 } 2158 2159 static int 2160 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2161 { 2162 const struct ieee80211_txparam *tp; 2163 struct ieee80211com *ic = vap->iv_ic; 2164 struct run_softc *sc = ic->ic_softc; 2165 struct run_vap *rvp = RUN_VAP(vap); 2166 enum ieee80211_state ostate; 2167 uint32_t sta[3]; 2168 uint8_t ratectl; 2169 uint8_t restart_ratectl = 0; 2170 uint8_t bid = 1 << rvp->rvp_id; 2171 2172 ostate = vap->iv_state; 2173 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2174 ieee80211_state_name[ostate], 2175 ieee80211_state_name[nstate]); 2176 2177 IEEE80211_UNLOCK(ic); 2178 RUN_LOCK(sc); 2179 2180 ratectl = sc->ratectl_run; /* remember current state */ 2181 sc->ratectl_run = RUN_RATECTL_OFF; 2182 usb_callout_stop(&sc->ratectl_ch); 2183 2184 if (ostate == IEEE80211_S_RUN) { 2185 /* turn link LED off */ 2186 run_set_leds(sc, RT2860_LED_RADIO); 2187 } 2188 2189 switch (nstate) { 2190 case IEEE80211_S_INIT: 2191 restart_ratectl = 1; 2192 2193 if (ostate != IEEE80211_S_RUN) 2194 break; 2195 2196 ratectl &= ~bid; 2197 sc->runbmap &= ~bid; 2198 2199 /* abort TSF synchronization if there is no vap running */ 2200 if (--sc->running == 0) 2201 run_disable_tsf(sc); 2202 break; 2203 2204 case IEEE80211_S_RUN: 2205 if (!(sc->runbmap & bid)) { 2206 if(sc->running++) 2207 restart_ratectl = 1; 2208 sc->runbmap |= bid; 2209 } 2210 2211 m_freem(rvp->beacon_mbuf); 2212 rvp->beacon_mbuf = NULL; 2213 2214 switch (vap->iv_opmode) { 2215 case IEEE80211_M_HOSTAP: 2216 case IEEE80211_M_MBSS: 2217 sc->ap_running |= bid; 2218 ic->ic_opmode = vap->iv_opmode; 2219 run_update_beacon_cb(vap); 2220 break; 2221 case IEEE80211_M_IBSS: 2222 sc->adhoc_running |= bid; 2223 if (!sc->ap_running) 2224 ic->ic_opmode = vap->iv_opmode; 2225 run_update_beacon_cb(vap); 2226 break; 2227 case IEEE80211_M_STA: 2228 sc->sta_running |= bid; 2229 if (!sc->ap_running && !sc->adhoc_running) 2230 ic->ic_opmode = vap->iv_opmode; 2231 2232 /* read statistic counters (clear on read) */ 2233 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2234 (uint8_t *)sta, sizeof sta); 2235 2236 break; 2237 default: 2238 ic->ic_opmode = vap->iv_opmode; 2239 break; 2240 } 2241 2242 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2243 struct ieee80211_node *ni; 2244 2245 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2246 RUN_UNLOCK(sc); 2247 IEEE80211_LOCK(ic); 2248 return (-1); 2249 } 2250 run_updateslot(ic); 2251 run_enable_mrr(sc); 2252 run_set_txpreamble(sc); 2253 run_set_basicrates(sc); 2254 ni = ieee80211_ref_node(vap->iv_bss); 2255 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2256 run_set_bssid(sc, sc->sc_bssid); 2257 ieee80211_free_node(ni); 2258 run_enable_tsf_sync(sc); 2259 2260 /* enable automatic rate adaptation */ 2261 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2262 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2263 ratectl |= bid; 2264 } else 2265 run_enable_tsf(sc); 2266 2267 /* turn link LED on */ 2268 run_set_leds(sc, RT2860_LED_RADIO | 2269 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2270 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2271 2272 break; 2273 default: 2274 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2275 break; 2276 } 2277 2278 /* restart amrr for running VAPs */ 2279 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2280 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2281 2282 RUN_UNLOCK(sc); 2283 IEEE80211_LOCK(ic); 2284 2285 return(rvp->newstate(vap, nstate, arg)); 2286 } 2287 2288 static int 2289 run_wme_update(struct ieee80211com *ic) 2290 { 2291 struct chanAccParams chp; 2292 struct run_softc *sc = ic->ic_softc; 2293 const struct wmeParams *ac; 2294 int aci, error = 0; 2295 2296 ieee80211_wme_ic_getparams(ic, &chp); 2297 ac = chp.cap_wmeParams; 2298 2299 /* update MAC TX configuration registers */ 2300 RUN_LOCK(sc); 2301 for (aci = 0; aci < WME_NUM_AC; aci++) { 2302 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2303 ac[aci].wmep_logcwmax << 16 | 2304 ac[aci].wmep_logcwmin << 12 | 2305 ac[aci].wmep_aifsn << 8 | 2306 ac[aci].wmep_txopLimit); 2307 if (error) goto err; 2308 } 2309 2310 /* update SCH/DMA registers too */ 2311 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2312 ac[WME_AC_VO].wmep_aifsn << 12 | 2313 ac[WME_AC_VI].wmep_aifsn << 8 | 2314 ac[WME_AC_BK].wmep_aifsn << 4 | 2315 ac[WME_AC_BE].wmep_aifsn); 2316 if (error) goto err; 2317 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2318 ac[WME_AC_VO].wmep_logcwmin << 12 | 2319 ac[WME_AC_VI].wmep_logcwmin << 8 | 2320 ac[WME_AC_BK].wmep_logcwmin << 4 | 2321 ac[WME_AC_BE].wmep_logcwmin); 2322 if (error) goto err; 2323 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2324 ac[WME_AC_VO].wmep_logcwmax << 12 | 2325 ac[WME_AC_VI].wmep_logcwmax << 8 | 2326 ac[WME_AC_BK].wmep_logcwmax << 4 | 2327 ac[WME_AC_BE].wmep_logcwmax); 2328 if (error) goto err; 2329 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2330 ac[WME_AC_BK].wmep_txopLimit << 16 | 2331 ac[WME_AC_BE].wmep_txopLimit); 2332 if (error) goto err; 2333 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2334 ac[WME_AC_VO].wmep_txopLimit << 16 | 2335 ac[WME_AC_VI].wmep_txopLimit); 2336 2337 err: 2338 RUN_UNLOCK(sc); 2339 if (error) 2340 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2341 2342 return (error); 2343 } 2344 2345 static void 2346 run_key_set_cb(void *arg) 2347 { 2348 struct run_cmdq *cmdq = arg; 2349 struct ieee80211vap *vap = cmdq->arg1; 2350 struct ieee80211_key *k = cmdq->k; 2351 struct ieee80211com *ic = vap->iv_ic; 2352 struct run_softc *sc = ic->ic_softc; 2353 struct ieee80211_node *ni; 2354 u_int cipher = k->wk_cipher->ic_cipher; 2355 uint32_t attr; 2356 uint16_t base, associd; 2357 uint8_t mode, wcid, iv[8]; 2358 2359 RUN_LOCK_ASSERT(sc, MA_OWNED); 2360 2361 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2362 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2363 else 2364 ni = vap->iv_bss; 2365 associd = (ni != NULL) ? ni->ni_associd : 0; 2366 2367 /* map net80211 cipher to RT2860 security mode */ 2368 switch (cipher) { 2369 case IEEE80211_CIPHER_WEP: 2370 if(k->wk_keylen < 8) 2371 mode = RT2860_MODE_WEP40; 2372 else 2373 mode = RT2860_MODE_WEP104; 2374 break; 2375 case IEEE80211_CIPHER_TKIP: 2376 mode = RT2860_MODE_TKIP; 2377 break; 2378 case IEEE80211_CIPHER_AES_CCM: 2379 mode = RT2860_MODE_AES_CCMP; 2380 break; 2381 default: 2382 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2383 return; 2384 } 2385 2386 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2387 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2388 associd, k->wk_keyix, mode, 2389 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2390 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2391 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2392 2393 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2394 wcid = 0; /* NB: update WCID0 for group keys */ 2395 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2396 } else { 2397 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2398 1 : RUN_AID2WCID(associd); 2399 base = RT2860_PKEY(wcid); 2400 } 2401 2402 if (cipher == IEEE80211_CIPHER_TKIP) { 2403 if(run_write_region_1(sc, base, k->wk_key, 16)) 2404 return; 2405 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2406 return; 2407 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2408 return; 2409 } else { 2410 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2411 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2412 return; 2413 } 2414 2415 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2416 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2417 /* set initial packet number in IV+EIV */ 2418 if (cipher == IEEE80211_CIPHER_WEP) { 2419 memset(iv, 0, sizeof iv); 2420 iv[3] = vap->iv_def_txkey << 6; 2421 } else { 2422 if (cipher == IEEE80211_CIPHER_TKIP) { 2423 iv[0] = k->wk_keytsc >> 8; 2424 iv[1] = (iv[0] | 0x20) & 0x7f; 2425 iv[2] = k->wk_keytsc; 2426 } else /* CCMP */ { 2427 iv[0] = k->wk_keytsc; 2428 iv[1] = k->wk_keytsc >> 8; 2429 iv[2] = 0; 2430 } 2431 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2432 iv[4] = k->wk_keytsc >> 16; 2433 iv[5] = k->wk_keytsc >> 24; 2434 iv[6] = k->wk_keytsc >> 32; 2435 iv[7] = k->wk_keytsc >> 40; 2436 } 2437 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2438 return; 2439 } 2440 2441 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2442 /* install group key */ 2443 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2444 return; 2445 attr &= ~(0xf << (k->wk_keyix * 4)); 2446 attr |= mode << (k->wk_keyix * 4); 2447 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2448 return; 2449 } else { 2450 /* install pairwise key */ 2451 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2452 return; 2453 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2454 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2455 return; 2456 } 2457 2458 /* TODO create a pass-thru key entry? */ 2459 2460 /* need wcid to delete the right key later */ 2461 k->wk_pad = wcid; 2462 } 2463 2464 /* 2465 * Don't have to be deferred, but in order to keep order of 2466 * execution, i.e. with run_key_delete(), defer this and let 2467 * run_cmdq_cb() maintain the order. 2468 * 2469 * return 0 on error 2470 */ 2471 static int 2472 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2473 { 2474 struct ieee80211com *ic = vap->iv_ic; 2475 struct run_softc *sc = ic->ic_softc; 2476 uint32_t i; 2477 2478 i = RUN_CMDQ_GET(&sc->cmdq_store); 2479 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2480 sc->cmdq[i].func = run_key_set_cb; 2481 sc->cmdq[i].arg0 = NULL; 2482 sc->cmdq[i].arg1 = vap; 2483 sc->cmdq[i].k = k; 2484 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2485 ieee80211_runtask(ic, &sc->cmdq_task); 2486 2487 /* 2488 * To make sure key will be set when hostapd 2489 * calls iv_key_set() before if_init(). 2490 */ 2491 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2492 RUN_LOCK(sc); 2493 sc->cmdq_key_set = RUN_CMDQ_GO; 2494 RUN_UNLOCK(sc); 2495 } 2496 2497 return (1); 2498 } 2499 2500 /* 2501 * If wlan is destroyed without being brought down i.e. without 2502 * wlan down or wpa_cli terminate, this function is called after 2503 * vap is gone. Don't refer it. 2504 */ 2505 static void 2506 run_key_delete_cb(void *arg) 2507 { 2508 struct run_cmdq *cmdq = arg; 2509 struct run_softc *sc = cmdq->arg1; 2510 struct ieee80211_key *k = &cmdq->key; 2511 uint32_t attr; 2512 uint8_t wcid; 2513 2514 RUN_LOCK_ASSERT(sc, MA_OWNED); 2515 2516 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2517 /* remove group key */ 2518 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2519 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2520 attr &= ~(0xf << (k->wk_keyix * 4)); 2521 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2522 } else { 2523 /* remove pairwise key */ 2524 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2525 "removing key for wcid %x\n", k->wk_pad); 2526 /* matching wcid was written to wk_pad in run_key_set() */ 2527 wcid = k->wk_pad; 2528 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2529 attr &= ~0xf; 2530 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2531 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2532 } 2533 2534 k->wk_pad = 0; 2535 } 2536 2537 /* 2538 * return 0 on error 2539 */ 2540 static int 2541 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2542 { 2543 struct ieee80211com *ic = vap->iv_ic; 2544 struct run_softc *sc = ic->ic_softc; 2545 struct ieee80211_key *k0; 2546 uint32_t i; 2547 2548 /* 2549 * When called back, key might be gone. So, make a copy 2550 * of some values need to delete keys before deferring. 2551 * But, because of LOR with node lock, cannot use lock here. 2552 * So, use atomic instead. 2553 */ 2554 i = RUN_CMDQ_GET(&sc->cmdq_store); 2555 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2556 sc->cmdq[i].func = run_key_delete_cb; 2557 sc->cmdq[i].arg0 = NULL; 2558 sc->cmdq[i].arg1 = sc; 2559 k0 = &sc->cmdq[i].key; 2560 k0->wk_flags = k->wk_flags; 2561 k0->wk_keyix = k->wk_keyix; 2562 /* matching wcid was written to wk_pad in run_key_set() */ 2563 k0->wk_pad = k->wk_pad; 2564 ieee80211_runtask(ic, &sc->cmdq_task); 2565 return (1); /* return fake success */ 2566 2567 } 2568 2569 static void 2570 run_ratectl_to(void *arg) 2571 { 2572 struct run_softc *sc = arg; 2573 2574 /* do it in a process context, so it can go sleep */ 2575 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2576 /* next timeout will be rescheduled in the callback task */ 2577 } 2578 2579 /* ARGSUSED */ 2580 static void 2581 run_ratectl_cb(void *arg, int pending) 2582 { 2583 struct run_softc *sc = arg; 2584 struct ieee80211com *ic = &sc->sc_ic; 2585 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2586 2587 if (vap == NULL) 2588 return; 2589 2590 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2591 /* 2592 * run_reset_livelock() doesn't do anything with AMRR, 2593 * but Ralink wants us to call it every 1 sec. So, we 2594 * piggyback here rather than creating another callout. 2595 * Livelock may occur only in HOSTAP or IBSS mode 2596 * (when h/w is sending beacons). 2597 */ 2598 RUN_LOCK(sc); 2599 run_reset_livelock(sc); 2600 /* just in case, there are some stats to drain */ 2601 run_drain_fifo(sc); 2602 RUN_UNLOCK(sc); 2603 } 2604 2605 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2606 2607 RUN_LOCK(sc); 2608 if(sc->ratectl_run != RUN_RATECTL_OFF) 2609 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2610 RUN_UNLOCK(sc); 2611 } 2612 2613 static void 2614 run_drain_fifo(void *arg) 2615 { 2616 struct run_softc *sc = arg; 2617 uint32_t stat; 2618 uint16_t (*wstat)[3]; 2619 uint8_t wcid, mcs, pid; 2620 int8_t retry; 2621 2622 RUN_LOCK_ASSERT(sc, MA_OWNED); 2623 2624 for (;;) { 2625 /* drain Tx status FIFO (maxsize = 16) */ 2626 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2627 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2628 if (!(stat & RT2860_TXQ_VLD)) 2629 break; 2630 2631 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2632 2633 /* if no ACK was requested, no feedback is available */ 2634 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2635 wcid == 0) 2636 continue; 2637 2638 /* 2639 * Even though each stat is Tx-complete-status like format, 2640 * the device can poll stats. Because there is no guarantee 2641 * that the referring node is still around when read the stats. 2642 * So that, if we use ieee80211_ratectl_tx_update(), we will 2643 * have hard time not to refer already freed node. 2644 * 2645 * To eliminate such page faults, we poll stats in softc. 2646 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2647 */ 2648 wstat = &(sc->wcid_stats[wcid]); 2649 (*wstat)[RUN_TXCNT]++; 2650 if (stat & RT2860_TXQ_OK) 2651 (*wstat)[RUN_SUCCESS]++; 2652 else 2653 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2654 /* 2655 * Check if there were retries, ie if the Tx success rate is 2656 * different from the requested rate. Note that it works only 2657 * because we do not allow rate fallback from OFDM to CCK. 2658 */ 2659 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2660 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2661 if ((retry = pid -1 - mcs) > 0) { 2662 (*wstat)[RUN_TXCNT] += retry; 2663 (*wstat)[RUN_RETRY] += retry; 2664 } 2665 } 2666 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2667 2668 sc->fifo_cnt = 0; 2669 } 2670 2671 static void 2672 run_iter_func(void *arg, struct ieee80211_node *ni) 2673 { 2674 struct run_softc *sc = arg; 2675 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2676 struct ieee80211vap *vap = ni->ni_vap; 2677 struct run_node *rn = RUN_NODE(ni); 2678 union run_stats sta[2]; 2679 uint16_t (*wstat)[3]; 2680 int error, ridx; 2681 2682 RUN_LOCK(sc); 2683 2684 /* Check for special case */ 2685 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2686 ni != vap->iv_bss) 2687 goto fail; 2688 2689 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2690 IEEE80211_RATECTL_TX_STATS_RETRIES; 2691 txs->ni = ni; 2692 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2693 vap->iv_opmode == IEEE80211_M_STA)) { 2694 /* read statistic counters (clear on read) and update AMRR state */ 2695 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2696 sizeof sta); 2697 if (error != 0) 2698 goto fail; 2699 2700 /* count failed TX as errors */ 2701 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2702 le16toh(sta[0].error.fail)); 2703 2704 txs->nretries = le16toh(sta[1].tx.retry); 2705 txs->nsuccess = le16toh(sta[1].tx.success); 2706 /* nretries??? */ 2707 txs->nframes = txs->nretries + txs->nsuccess + 2708 le16toh(sta[0].error.fail); 2709 2710 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2711 "retrycnt=%d success=%d failcnt=%d\n", 2712 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2713 } else { 2714 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2715 2716 if (wstat == &(sc->wcid_stats[0]) || 2717 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2718 goto fail; 2719 2720 txs->nretries = (*wstat)[RUN_RETRY]; 2721 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2722 txs->nframes = (*wstat)[RUN_TXCNT]; 2723 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2724 "retrycnt=%d txcnt=%d success=%d\n", 2725 txs->nretries, txs->nframes, txs->nsuccess); 2726 2727 memset(wstat, 0, sizeof(*wstat)); 2728 } 2729 2730 ieee80211_ratectl_tx_update(vap, txs); 2731 ieee80211_ratectl_rate(ni, NULL, 0); 2732 /* XXX TODO: methodize with MCS rates */ 2733 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2734 if (rt2860_rates[ridx].rate == ni->ni_txrate) 2735 break; 2736 rn->amrr_ridx = ridx; 2737 2738 fail: 2739 RUN_UNLOCK(sc); 2740 2741 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, ridx=%d\n", ni->ni_txrate, rn->amrr_ridx); 2742 } 2743 2744 static void 2745 run_newassoc_cb(void *arg) 2746 { 2747 struct run_cmdq *cmdq = arg; 2748 struct ieee80211_node *ni = cmdq->arg1; 2749 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2750 uint8_t wcid = cmdq->wcid; 2751 2752 RUN_LOCK_ASSERT(sc, MA_OWNED); 2753 2754 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2755 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2756 2757 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2758 } 2759 2760 static void 2761 run_newassoc(struct ieee80211_node *ni, int isnew) 2762 { 2763 struct run_node *rn = RUN_NODE(ni); 2764 struct ieee80211vap *vap = ni->ni_vap; 2765 struct ieee80211com *ic = vap->iv_ic; 2766 struct run_softc *sc = ic->ic_softc; 2767 uint8_t rate; 2768 uint8_t ridx; 2769 uint8_t wcid; 2770 2771 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2772 1 : RUN_AID2WCID(ni->ni_associd); 2773 2774 if (wcid > RT2870_WCID_MAX) { 2775 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2776 return; 2777 } 2778 2779 /* only interested in true associations */ 2780 if (isnew && ni->ni_associd != 0) { 2781 2782 /* 2783 * This function could is called though timeout function. 2784 * Need to defer. 2785 */ 2786 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2787 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2788 sc->cmdq[cnt].func = run_newassoc_cb; 2789 sc->cmdq[cnt].arg0 = NULL; 2790 sc->cmdq[cnt].arg1 = ni; 2791 sc->cmdq[cnt].wcid = wcid; 2792 ieee80211_runtask(ic, &sc->cmdq_task); 2793 } 2794 2795 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2796 "new assoc isnew=%d associd=%x addr=%s\n", 2797 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2798 2799 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2800 /* XXX TODO: methodize with MCS rates */ 2801 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2802 if (rt2860_rates[ridx].rate == rate) 2803 break; 2804 rn->mgt_ridx = ridx; 2805 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2806 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2807 2808 RUN_LOCK(sc); 2809 if(sc->ratectl_run != RUN_RATECTL_OFF) 2810 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2811 RUN_UNLOCK(sc); 2812 } 2813 2814 /* 2815 * Return the Rx chain with the highest RSSI for a given frame. 2816 */ 2817 static __inline uint8_t 2818 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2819 { 2820 uint8_t rxchain = 0; 2821 2822 if (sc->nrxchains > 1) { 2823 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2824 rxchain = 1; 2825 if (sc->nrxchains > 2) 2826 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2827 rxchain = 2; 2828 } 2829 return (rxchain); 2830 } 2831 2832 static void 2833 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2834 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2835 { 2836 struct ieee80211vap *vap = ni->ni_vap; 2837 struct run_softc *sc = vap->iv_ic->ic_softc; 2838 struct run_vap *rvp = RUN_VAP(vap); 2839 uint64_t ni_tstamp, rx_tstamp; 2840 2841 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2842 2843 if (vap->iv_state == IEEE80211_S_RUN && 2844 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2845 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2846 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2847 RUN_LOCK(sc); 2848 run_get_tsf(sc, &rx_tstamp); 2849 RUN_UNLOCK(sc); 2850 rx_tstamp = le64toh(rx_tstamp); 2851 2852 if (ni_tstamp >= rx_tstamp) { 2853 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2854 "ibss merge, tsf %ju tstamp %ju\n", 2855 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2856 (void) ieee80211_ibss_merge(ni); 2857 } 2858 } 2859 } 2860 2861 static void 2862 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2863 { 2864 struct ieee80211com *ic = &sc->sc_ic; 2865 struct ieee80211_frame *wh; 2866 struct ieee80211_node *ni; 2867 struct epoch_tracker et; 2868 struct rt2870_rxd *rxd; 2869 struct rt2860_rxwi *rxwi; 2870 uint32_t flags; 2871 uint16_t len, rxwisize; 2872 uint8_t ant, rssi; 2873 int8_t nf; 2874 2875 rxwisize = sizeof(struct rt2860_rxwi); 2876 if (sc->mac_ver == 0x5592) 2877 rxwisize += sizeof(uint64_t); 2878 else if (sc->mac_ver == 0x3593) 2879 rxwisize += sizeof(uint32_t); 2880 2881 if (__predict_false(dmalen < 2882 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2883 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2884 "payload is too short: dma length %u < %zu\n", 2885 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2886 goto fail; 2887 } 2888 2889 rxwi = mtod(m, struct rt2860_rxwi *); 2890 len = le16toh(rxwi->len) & 0xfff; 2891 2892 if (__predict_false(len > dmalen - rxwisize)) { 2893 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2894 "bad RXWI length %u > %u\n", len, dmalen); 2895 goto fail; 2896 } 2897 2898 /* Rx descriptor is located at the end */ 2899 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2900 flags = le32toh(rxd->flags); 2901 2902 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2903 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2904 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2905 goto fail; 2906 } 2907 2908 if (flags & RT2860_RX_L2PAD) { 2909 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2910 "received RT2860_RX_L2PAD frame\n"); 2911 len += 2; 2912 } 2913 2914 m->m_data += rxwisize; 2915 m->m_pkthdr.len = m->m_len = len; 2916 2917 wh = mtod(m, struct ieee80211_frame *); 2918 2919 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 && 2920 (flags & RT2860_RX_DEC) != 0) { 2921 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2922 m->m_flags |= M_WEP; 2923 } 2924 2925 if (len >= sizeof(struct ieee80211_frame_min)) { 2926 ni = ieee80211_find_rxnode(ic, 2927 mtod(m, struct ieee80211_frame_min *)); 2928 } else 2929 ni = NULL; 2930 2931 if(ni && ni->ni_flags & IEEE80211_NODE_HT) { 2932 m->m_flags |= M_AMPDU; 2933 } 2934 2935 if (__predict_false(flags & RT2860_RX_MICERR)) { 2936 /* report MIC failures to net80211 for TKIP */ 2937 if (ni != NULL) 2938 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2939 rxwi->keyidx); 2940 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2941 "MIC error. Someone is lying.\n"); 2942 goto fail; 2943 } 2944 2945 ant = run_maxrssi_chain(sc, rxwi); 2946 rssi = rxwi->rssi[ant]; 2947 nf = run_rssi2dbm(sc, rssi, ant); 2948 2949 if (__predict_false(ieee80211_radiotap_active(ic))) { 2950 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2951 uint16_t phy; 2952 2953 tap->wr_flags = 0; 2954 if (flags & RT2860_RX_L2PAD) 2955 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 2956 tap->wr_antsignal = rssi; 2957 tap->wr_antenna = ant; 2958 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2959 tap->wr_rate = 2; /* in case it can't be found below */ 2960 RUN_LOCK(sc); 2961 run_get_tsf(sc, &tap->wr_tsf); 2962 RUN_UNLOCK(sc); 2963 phy = le16toh(rxwi->phy); 2964 switch (phy & RT2860_PHY_MODE) { 2965 case RT2860_PHY_CCK: 2966 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2967 case 0: tap->wr_rate = 2; break; 2968 case 1: tap->wr_rate = 4; break; 2969 case 2: tap->wr_rate = 11; break; 2970 case 3: tap->wr_rate = 22; break; 2971 } 2972 if (phy & RT2860_PHY_SHPRE) 2973 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2974 break; 2975 case RT2860_PHY_OFDM: 2976 switch (phy & RT2860_PHY_MCS) { 2977 case 0: tap->wr_rate = 12; break; 2978 case 1: tap->wr_rate = 18; break; 2979 case 2: tap->wr_rate = 24; break; 2980 case 3: tap->wr_rate = 36; break; 2981 case 4: tap->wr_rate = 48; break; 2982 case 5: tap->wr_rate = 72; break; 2983 case 6: tap->wr_rate = 96; break; 2984 case 7: tap->wr_rate = 108; break; 2985 } 2986 break; 2987 } 2988 } 2989 2990 NET_EPOCH_ENTER(et); 2991 if (ni != NULL) { 2992 (void)ieee80211_input(ni, m, rssi, nf); 2993 ieee80211_free_node(ni); 2994 } else { 2995 (void)ieee80211_input_all(ic, m, rssi, nf); 2996 } 2997 NET_EPOCH_EXIT(et); 2998 2999 return; 3000 3001 fail: 3002 m_freem(m); 3003 counter_u64_add(ic->ic_ierrors, 1); 3004 } 3005 3006 static void 3007 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 3008 { 3009 struct run_softc *sc = usbd_xfer_softc(xfer); 3010 struct ieee80211com *ic = &sc->sc_ic; 3011 struct mbuf *m = NULL; 3012 struct mbuf *m0; 3013 uint32_t dmalen, mbuf_len; 3014 uint16_t rxwisize; 3015 int xferlen; 3016 3017 rxwisize = sizeof(struct rt2860_rxwi); 3018 if (sc->mac_ver == 0x5592) 3019 rxwisize += sizeof(uint64_t); 3020 else if (sc->mac_ver == 0x3593) 3021 rxwisize += sizeof(uint32_t); 3022 3023 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 3024 3025 switch (USB_GET_STATE(xfer)) { 3026 case USB_ST_TRANSFERRED: 3027 3028 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 3029 "rx done, actlen=%d\n", xferlen); 3030 3031 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 3032 sizeof(struct rt2870_rxd))) { 3033 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3034 "xfer too short %d\n", xferlen); 3035 goto tr_setup; 3036 } 3037 3038 m = sc->rx_m; 3039 sc->rx_m = NULL; 3040 3041 /* FALLTHROUGH */ 3042 case USB_ST_SETUP: 3043 tr_setup: 3044 if (sc->rx_m == NULL) { 3045 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 3046 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 3047 } 3048 if (sc->rx_m == NULL) { 3049 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 3050 "could not allocate mbuf - idle with stall\n"); 3051 counter_u64_add(ic->ic_ierrors, 1); 3052 usbd_xfer_set_stall(xfer); 3053 usbd_xfer_set_frames(xfer, 0); 3054 } else { 3055 /* 3056 * Directly loading a mbuf cluster into DMA to 3057 * save some data copying. This works because 3058 * there is only one cluster. 3059 */ 3060 usbd_xfer_set_frame_data(xfer, 0, 3061 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3062 usbd_xfer_set_frames(xfer, 1); 3063 } 3064 usbd_transfer_submit(xfer); 3065 break; 3066 3067 default: /* Error */ 3068 if (error != USB_ERR_CANCELLED) { 3069 /* try to clear stall first */ 3070 usbd_xfer_set_stall(xfer); 3071 if (error == USB_ERR_TIMEOUT) 3072 device_printf(sc->sc_dev, "device timeout\n"); 3073 counter_u64_add(ic->ic_ierrors, 1); 3074 goto tr_setup; 3075 } 3076 if (sc->rx_m != NULL) { 3077 m_freem(sc->rx_m); 3078 sc->rx_m = NULL; 3079 } 3080 break; 3081 } 3082 3083 if (m == NULL) 3084 return; 3085 3086 /* inputting all the frames must be last */ 3087 3088 RUN_UNLOCK(sc); 3089 3090 m->m_pkthdr.len = m->m_len = xferlen; 3091 3092 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3093 for(;;) { 3094 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3095 3096 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3097 ((dmalen & 3) != 0)) { 3098 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3099 "bad DMA length %u\n", dmalen); 3100 break; 3101 } 3102 if ((dmalen + 8) > (uint32_t)xferlen) { 3103 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3104 "bad DMA length %u > %d\n", 3105 dmalen + 8, xferlen); 3106 break; 3107 } 3108 3109 /* If it is the last one or a single frame, we won't copy. */ 3110 if ((xferlen -= dmalen + 8) <= 8) { 3111 /* trim 32-bit DMA-len header */ 3112 m->m_data += 4; 3113 m->m_pkthdr.len = m->m_len -= 4; 3114 run_rx_frame(sc, m, dmalen); 3115 m = NULL; /* don't free source buffer */ 3116 break; 3117 } 3118 3119 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3120 if (__predict_false(mbuf_len > MCLBYTES)) { 3121 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3122 "payload is too big: mbuf_len %u\n", mbuf_len); 3123 counter_u64_add(ic->ic_ierrors, 1); 3124 break; 3125 } 3126 3127 /* copy aggregated frames to another mbuf */ 3128 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3129 if (__predict_false(m0 == NULL)) { 3130 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3131 "could not allocate mbuf\n"); 3132 counter_u64_add(ic->ic_ierrors, 1); 3133 break; 3134 } 3135 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3136 mbuf_len, mtod(m0, caddr_t)); 3137 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3138 run_rx_frame(sc, m0, dmalen); 3139 3140 /* update data ptr */ 3141 m->m_data += mbuf_len + 4; 3142 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3143 } 3144 3145 /* make sure we free the source buffer, if any */ 3146 m_freem(m); 3147 3148 #ifdef IEEE80211_SUPPORT_SUPERG 3149 ieee80211_ff_age_all(ic, 100); 3150 #endif 3151 RUN_LOCK(sc); 3152 } 3153 3154 static void 3155 run_tx_free(struct run_endpoint_queue *pq, 3156 struct run_tx_data *data, int txerr) 3157 { 3158 3159 ieee80211_tx_complete(data->ni, data->m, txerr); 3160 3161 data->m = NULL; 3162 data->ni = NULL; 3163 3164 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3165 pq->tx_nfree++; 3166 } 3167 3168 static void 3169 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3170 { 3171 struct run_softc *sc = usbd_xfer_softc(xfer); 3172 struct ieee80211com *ic = &sc->sc_ic; 3173 struct run_tx_data *data; 3174 struct ieee80211vap *vap = NULL; 3175 struct usb_page_cache *pc; 3176 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3177 struct mbuf *m; 3178 usb_frlength_t size; 3179 int actlen; 3180 int sumlen; 3181 3182 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3183 3184 switch (USB_GET_STATE(xfer)) { 3185 case USB_ST_TRANSFERRED: 3186 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3187 "transfer complete: %d bytes @ index %d\n", actlen, index); 3188 3189 data = usbd_xfer_get_priv(xfer); 3190 run_tx_free(pq, data, 0); 3191 usbd_xfer_set_priv(xfer, NULL); 3192 3193 /* FALLTHROUGH */ 3194 case USB_ST_SETUP: 3195 tr_setup: 3196 data = STAILQ_FIRST(&pq->tx_qh); 3197 if (data == NULL) 3198 break; 3199 3200 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3201 3202 m = data->m; 3203 size = (sc->mac_ver == 0x5592) ? 3204 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3205 if ((m->m_pkthdr.len + 3206 size + 3 + 8) > RUN_MAX_TXSZ) { 3207 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3208 "data overflow, %u bytes\n", m->m_pkthdr.len); 3209 run_tx_free(pq, data, 1); 3210 goto tr_setup; 3211 } 3212 3213 pc = usbd_xfer_get_frame(xfer, 0); 3214 usbd_copy_in(pc, 0, &data->desc, size); 3215 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3216 size += m->m_pkthdr.len; 3217 /* 3218 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3219 * 4-byte padding), and be sure to zero those trailing 3220 * bytes: 3221 */ 3222 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3223 size += ((-size) & 3) + 8; 3224 3225 vap = data->ni->ni_vap; 3226 if (ieee80211_radiotap_active_vap(vap)) { 3227 const struct ieee80211_frame *wh; 3228 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3229 struct rt2860_txwi *txwi = 3230 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3231 int has_l2pad; 3232 3233 wh = mtod(m, struct ieee80211_frame *); 3234 has_l2pad = IEEE80211_HAS_ADDR4(wh) != 3235 IEEE80211_QOS_HAS_SEQ(wh); 3236 3237 tap->wt_flags = 0; 3238 tap->wt_rate = rt2860_rates[data->ridx].rate; 3239 tap->wt_hwqueue = index; 3240 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3241 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3242 if (has_l2pad) 3243 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 3244 3245 ieee80211_radiotap_tx(vap, m); 3246 } 3247 3248 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3249 "sending frame len=%u/%u @ index %d\n", 3250 m->m_pkthdr.len, size, index); 3251 3252 usbd_xfer_set_frame_len(xfer, 0, size); 3253 usbd_xfer_set_priv(xfer, data); 3254 usbd_transfer_submit(xfer); 3255 run_start(sc); 3256 3257 break; 3258 3259 default: 3260 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3261 "USB transfer error, %s\n", usbd_errstr(error)); 3262 3263 data = usbd_xfer_get_priv(xfer); 3264 3265 if (data != NULL) { 3266 if(data->ni != NULL) 3267 vap = data->ni->ni_vap; 3268 run_tx_free(pq, data, error); 3269 usbd_xfer_set_priv(xfer, NULL); 3270 } 3271 3272 if (vap == NULL) 3273 vap = TAILQ_FIRST(&ic->ic_vaps); 3274 3275 if (error != USB_ERR_CANCELLED) { 3276 if (error == USB_ERR_TIMEOUT) { 3277 device_printf(sc->sc_dev, "device timeout\n"); 3278 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3279 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3280 "cmdq_store=%d\n", i); 3281 sc->cmdq[i].func = run_usb_timeout_cb; 3282 sc->cmdq[i].arg0 = vap; 3283 ieee80211_runtask(ic, &sc->cmdq_task); 3284 } 3285 3286 /* 3287 * Try to clear stall first, also if other 3288 * errors occur, hence clearing stall 3289 * introduces a 50 ms delay: 3290 */ 3291 usbd_xfer_set_stall(xfer); 3292 goto tr_setup; 3293 } 3294 break; 3295 } 3296 #ifdef IEEE80211_SUPPORT_SUPERG 3297 /* XXX TODO: make this deferred rather than unlock/relock */ 3298 /* XXX TODO: should only do the QoS AC this belongs to */ 3299 if (pq->tx_nfree >= RUN_TX_RING_COUNT) { 3300 RUN_UNLOCK(sc); 3301 ieee80211_ff_flush_all(ic); 3302 RUN_LOCK(sc); 3303 } 3304 #endif 3305 } 3306 3307 static void 3308 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3309 { 3310 run_bulk_tx_callbackN(xfer, error, 0); 3311 } 3312 3313 static void 3314 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3315 { 3316 run_bulk_tx_callbackN(xfer, error, 1); 3317 } 3318 3319 static void 3320 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3321 { 3322 run_bulk_tx_callbackN(xfer, error, 2); 3323 } 3324 3325 static void 3326 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3327 { 3328 run_bulk_tx_callbackN(xfer, error, 3); 3329 } 3330 3331 static void 3332 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3333 { 3334 run_bulk_tx_callbackN(xfer, error, 4); 3335 } 3336 3337 static void 3338 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3339 { 3340 run_bulk_tx_callbackN(xfer, error, 5); 3341 } 3342 3343 static void 3344 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3345 { 3346 struct mbuf *m = data->m; 3347 struct ieee80211com *ic = &sc->sc_ic; 3348 struct ieee80211vap *vap = data->ni->ni_vap; 3349 struct ieee80211_frame *wh; 3350 struct rt2870_txd *txd; 3351 struct rt2860_txwi *txwi; 3352 uint16_t xferlen, txwisize; 3353 uint16_t mcs; 3354 uint8_t ridx = data->ridx; 3355 uint8_t pad; 3356 3357 /* get MCS code from rate index */ 3358 mcs = rt2860_rates[ridx].mcs; 3359 3360 txwisize = (sc->mac_ver == 0x5592) ? 3361 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3362 xferlen = txwisize + m->m_pkthdr.len; 3363 3364 /* roundup to 32-bit alignment */ 3365 xferlen = (xferlen + 3) & ~3; 3366 3367 txd = (struct rt2870_txd *)&data->desc; 3368 txd->len = htole16(xferlen); 3369 3370 wh = mtod(m, struct ieee80211_frame *); 3371 3372 /* 3373 * Ether both are true or both are false, the header 3374 * are nicely aligned to 32-bit. So, no L2 padding. 3375 */ 3376 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3377 pad = 0; 3378 else 3379 pad = 2; 3380 3381 /* setup TX Wireless Information */ 3382 txwi = (struct rt2860_txwi *)(txd + 1); 3383 txwi->len = htole16(m->m_pkthdr.len - pad); 3384 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3385 mcs |= RT2860_PHY_CCK; 3386 if (ridx != RT2860_RIDX_CCK1 && 3387 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3388 mcs |= RT2860_PHY_SHPRE; 3389 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) { 3390 mcs |= RT2860_PHY_OFDM; 3391 } else if (rt2860_rates[ridx].phy == IEEE80211_T_HT) { 3392 /* XXX TODO: [adrian] set short preamble for MCS? */ 3393 mcs |= RT2860_PHY_HT; /* Mixed, not greenfield */ 3394 } 3395 txwi->phy = htole16(mcs); 3396 3397 /* check if RTS/CTS or CTS-to-self protection is required */ 3398 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3399 ((m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) || 3400 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3401 rt2860_rates[ridx].phy == IEEE80211_T_OFDM) || 3402 ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) && 3403 rt2860_rates[ridx].phy == IEEE80211_T_HT))) 3404 txwi->txop |= RT2860_TX_TXOP_HT; 3405 else 3406 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3407 3408 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3409 txwi->xflags |= RT2860_TX_NSEQ; 3410 } 3411 3412 /* This function must be called locked */ 3413 static int 3414 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3415 { 3416 struct ieee80211com *ic = &sc->sc_ic; 3417 struct ieee80211vap *vap = ni->ni_vap; 3418 struct ieee80211_frame *wh; 3419 const struct ieee80211_txparam *tp = ni->ni_txparms; 3420 struct run_node *rn = RUN_NODE(ni); 3421 struct run_tx_data *data; 3422 struct rt2870_txd *txd; 3423 struct rt2860_txwi *txwi; 3424 uint16_t qos; 3425 uint16_t dur; 3426 uint16_t qid; 3427 uint8_t type; 3428 uint8_t tid; 3429 uint8_t ridx; 3430 uint8_t ctl_ridx; 3431 uint8_t qflags; 3432 uint8_t xflags = 0; 3433 int hasqos; 3434 3435 RUN_LOCK_ASSERT(sc, MA_OWNED); 3436 3437 wh = mtod(m, struct ieee80211_frame *); 3438 3439 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3440 3441 /* 3442 * There are 7 bulk endpoints: 1 for RX 3443 * and 6 for TX (4 EDCAs + HCCA + Prio). 3444 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3445 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3446 */ 3447 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3448 uint8_t *frm; 3449 3450 frm = ieee80211_getqos(wh); 3451 qos = le16toh(*(const uint16_t *)frm); 3452 tid = qos & IEEE80211_QOS_TID; 3453 qid = TID_TO_WME_AC(tid); 3454 } else { 3455 qos = 0; 3456 tid = 0; 3457 qid = WME_AC_BE; 3458 } 3459 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3460 3461 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3462 qos, qid, tid, qflags); 3463 3464 /* pickup a rate index */ 3465 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3466 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3467 /* XXX TODO: methodize for 11n; use MCS0 for 11NA/11NG */ 3468 ridx = (ic->ic_curmode == IEEE80211_MODE_11A || ic->ic_curmode == IEEE80211_MODE_11NA) ? 3469 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3470 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3471 } else { 3472 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3473 ridx = rn->fix_ridx; 3474 else 3475 ridx = rn->amrr_ridx; 3476 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3477 } 3478 3479 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3480 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3481 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3482 xflags |= RT2860_TX_ACK; 3483 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3484 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3485 else 3486 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3487 USETW(wh->i_dur, dur); 3488 } 3489 3490 /* reserve slots for mgmt packets, just in case */ 3491 if (sc->sc_epq[qid].tx_nfree < 3) { 3492 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3493 return (-1); 3494 } 3495 3496 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3497 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3498 sc->sc_epq[qid].tx_nfree--; 3499 3500 txd = (struct rt2870_txd *)&data->desc; 3501 txd->flags = qflags; 3502 txwi = (struct rt2860_txwi *)(txd + 1); 3503 txwi->xflags = xflags; 3504 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3505 txwi->wcid = 0; 3506 else 3507 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3508 1 : RUN_AID2WCID(ni->ni_associd); 3509 3510 /* clear leftover garbage bits */ 3511 txwi->flags = 0; 3512 txwi->txop = 0; 3513 3514 data->m = m; 3515 data->ni = ni; 3516 data->ridx = ridx; 3517 3518 run_set_tx_desc(sc, data); 3519 3520 /* 3521 * The chip keeps track of 2 kind of Tx stats, 3522 * * TX_STAT_FIFO, for per WCID stats, and 3523 * * TX_STA_CNT0 for all-TX-in-one stats. 3524 * 3525 * To use FIFO stats, we need to store MCS into the driver-private 3526 * PacketID field. So that, we can tell whose stats when we read them. 3527 * We add 1 to the MCS because setting the PacketID field to 0 means 3528 * that we don't want feedback in TX_STAT_FIFO. 3529 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3530 * 3531 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3532 */ 3533 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3534 vap->iv_opmode == IEEE80211_M_MBSS) { 3535 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3536 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3537 3538 /* 3539 * Unlike PCI based devices, we don't get any interrupt from 3540 * USB devices, so we simulate FIFO-is-full interrupt here. 3541 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3542 * quickly get fulled. To prevent overflow, increment a counter on 3543 * every FIFO stat request, so we know how many slots are left. 3544 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3545 * are used only in those modes. 3546 * We just drain stats. AMRR gets updated every 1 sec by 3547 * run_ratectl_cb() via callout. 3548 * Call it early. Otherwise overflow. 3549 */ 3550 if (sc->fifo_cnt++ == 10) { 3551 /* 3552 * With multiple vaps or if_bridge, if_start() is called 3553 * with a non-sleepable lock, tcpinp. So, need to defer. 3554 */ 3555 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3556 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3557 sc->cmdq[i].func = run_drain_fifo; 3558 sc->cmdq[i].arg0 = sc; 3559 ieee80211_runtask(ic, &sc->cmdq_task); 3560 } 3561 } 3562 3563 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3564 3565 usbd_transfer_start(sc->sc_xfer[qid]); 3566 3567 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3568 "sending data frame len=%d rate=%d qid=%d\n", 3569 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3570 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3571 3572 return (0); 3573 } 3574 3575 static int 3576 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3577 { 3578 struct ieee80211com *ic = &sc->sc_ic; 3579 struct run_node *rn = RUN_NODE(ni); 3580 struct run_tx_data *data; 3581 struct ieee80211_frame *wh; 3582 struct rt2870_txd *txd; 3583 struct rt2860_txwi *txwi; 3584 uint16_t dur; 3585 uint8_t ridx = rn->mgt_ridx; 3586 uint8_t xflags = 0; 3587 uint8_t wflags = 0; 3588 3589 RUN_LOCK_ASSERT(sc, MA_OWNED); 3590 3591 wh = mtod(m, struct ieee80211_frame *); 3592 3593 /* tell hardware to add timestamp for probe responses */ 3594 if ((wh->i_fc[0] & 3595 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3596 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3597 wflags |= RT2860_TX_TS; 3598 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3599 xflags |= RT2860_TX_ACK; 3600 3601 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3602 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3603 USETW(wh->i_dur, dur); 3604 } 3605 3606 if (sc->sc_epq[0].tx_nfree == 0) 3607 /* let caller free mbuf */ 3608 return (EIO); 3609 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3610 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3611 sc->sc_epq[0].tx_nfree--; 3612 3613 txd = (struct rt2870_txd *)&data->desc; 3614 txd->flags = RT2860_TX_QSEL_EDCA; 3615 txwi = (struct rt2860_txwi *)(txd + 1); 3616 txwi->wcid = 0xff; 3617 txwi->flags = wflags; 3618 txwi->xflags = xflags; 3619 txwi->txop = 0; /* clear leftover garbage bits */ 3620 3621 data->m = m; 3622 data->ni = ni; 3623 data->ridx = ridx; 3624 3625 run_set_tx_desc(sc, data); 3626 3627 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3628 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3629 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3630 3631 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3632 3633 usbd_transfer_start(sc->sc_xfer[0]); 3634 3635 return (0); 3636 } 3637 3638 static int 3639 run_sendprot(struct run_softc *sc, 3640 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3641 { 3642 struct ieee80211com *ic = ni->ni_ic; 3643 struct run_tx_data *data; 3644 struct rt2870_txd *txd; 3645 struct rt2860_txwi *txwi; 3646 struct mbuf *mprot; 3647 int ridx; 3648 int protrate; 3649 uint8_t wflags = 0; 3650 uint8_t xflags = 0; 3651 3652 RUN_LOCK_ASSERT(sc, MA_OWNED); 3653 3654 /* check that there are free slots before allocating the mbuf */ 3655 if (sc->sc_epq[0].tx_nfree == 0) 3656 /* let caller free mbuf */ 3657 return (ENOBUFS); 3658 3659 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3660 if (mprot == NULL) { 3661 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3662 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3663 return (ENOBUFS); 3664 } 3665 3666 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3667 wflags = RT2860_TX_FRAG; 3668 xflags = 0; 3669 if (prot == IEEE80211_PROT_RTSCTS) 3670 xflags |= RT2860_TX_ACK; 3671 3672 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3673 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3674 sc->sc_epq[0].tx_nfree--; 3675 3676 txd = (struct rt2870_txd *)&data->desc; 3677 txd->flags = RT2860_TX_QSEL_EDCA; 3678 txwi = (struct rt2860_txwi *)(txd + 1); 3679 txwi->wcid = 0xff; 3680 txwi->flags = wflags; 3681 txwi->xflags = xflags; 3682 txwi->txop = 0; /* clear leftover garbage bits */ 3683 3684 data->m = mprot; 3685 data->ni = ieee80211_ref_node(ni); 3686 3687 /* XXX TODO: methodize with MCS rates */ 3688 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3689 if (rt2860_rates[ridx].rate == protrate) 3690 break; 3691 data->ridx = ridx; 3692 3693 run_set_tx_desc(sc, data); 3694 3695 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3696 m->m_pkthdr.len, rate); 3697 3698 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3699 3700 usbd_transfer_start(sc->sc_xfer[0]); 3701 3702 return (0); 3703 } 3704 3705 static int 3706 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3707 const struct ieee80211_bpf_params *params) 3708 { 3709 struct ieee80211com *ic = ni->ni_ic; 3710 struct run_tx_data *data; 3711 struct rt2870_txd *txd; 3712 struct rt2860_txwi *txwi; 3713 uint8_t ridx; 3714 uint8_t rate; 3715 uint8_t opflags = 0; 3716 uint8_t xflags = 0; 3717 int error; 3718 3719 RUN_LOCK_ASSERT(sc, MA_OWNED); 3720 3721 KASSERT(params != NULL, ("no raw xmit params")); 3722 3723 rate = params->ibp_rate0; 3724 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3725 /* let caller free mbuf */ 3726 return (EINVAL); 3727 } 3728 3729 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3730 xflags |= RT2860_TX_ACK; 3731 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3732 error = run_sendprot(sc, m, ni, 3733 params->ibp_flags & IEEE80211_BPF_RTS ? 3734 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3735 rate); 3736 if (error) { 3737 /* let caller free mbuf */ 3738 return error; 3739 } 3740 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3741 } 3742 3743 if (sc->sc_epq[0].tx_nfree == 0) { 3744 /* let caller free mbuf */ 3745 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3746 "sending raw frame, but tx ring is full\n"); 3747 return (EIO); 3748 } 3749 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3750 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3751 sc->sc_epq[0].tx_nfree--; 3752 3753 txd = (struct rt2870_txd *)&data->desc; 3754 txd->flags = RT2860_TX_QSEL_EDCA; 3755 txwi = (struct rt2860_txwi *)(txd + 1); 3756 txwi->wcid = 0xff; 3757 txwi->xflags = xflags; 3758 txwi->txop = opflags; 3759 txwi->flags = 0; /* clear leftover garbage bits */ 3760 3761 data->m = m; 3762 data->ni = ni; 3763 /* XXX TODO: methodize with MCS rates */ 3764 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3765 if (rt2860_rates[ridx].rate == rate) 3766 break; 3767 data->ridx = ridx; 3768 3769 run_set_tx_desc(sc, data); 3770 3771 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3772 m->m_pkthdr.len, rate); 3773 3774 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3775 3776 usbd_transfer_start(sc->sc_xfer[0]); 3777 3778 return (0); 3779 } 3780 3781 static int 3782 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3783 const struct ieee80211_bpf_params *params) 3784 { 3785 struct run_softc *sc = ni->ni_ic->ic_softc; 3786 int error = 0; 3787 3788 RUN_LOCK(sc); 3789 3790 /* prevent management frames from being sent if we're not ready */ 3791 if (!(sc->sc_flags & RUN_RUNNING)) { 3792 error = ENETDOWN; 3793 goto done; 3794 } 3795 3796 if (params == NULL) { 3797 /* tx mgt packet */ 3798 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3799 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3800 goto done; 3801 } 3802 } else { 3803 /* tx raw packet with param */ 3804 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3805 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3806 goto done; 3807 } 3808 } 3809 3810 done: 3811 RUN_UNLOCK(sc); 3812 3813 if (error != 0) { 3814 if(m != NULL) 3815 m_freem(m); 3816 } 3817 3818 return (error); 3819 } 3820 3821 static int 3822 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3823 { 3824 struct run_softc *sc = ic->ic_softc; 3825 int error; 3826 3827 RUN_LOCK(sc); 3828 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3829 RUN_UNLOCK(sc); 3830 return (ENXIO); 3831 } 3832 error = mbufq_enqueue(&sc->sc_snd, m); 3833 if (error) { 3834 RUN_UNLOCK(sc); 3835 return (error); 3836 } 3837 run_start(sc); 3838 RUN_UNLOCK(sc); 3839 3840 return (0); 3841 } 3842 3843 static void 3844 run_start(struct run_softc *sc) 3845 { 3846 struct ieee80211_node *ni; 3847 struct mbuf *m; 3848 3849 RUN_LOCK_ASSERT(sc, MA_OWNED); 3850 3851 if ((sc->sc_flags & RUN_RUNNING) == 0) 3852 return; 3853 3854 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3855 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3856 if (run_tx(sc, m, ni) != 0) { 3857 mbufq_prepend(&sc->sc_snd, m); 3858 break; 3859 } 3860 } 3861 } 3862 3863 static void 3864 run_parent(struct ieee80211com *ic) 3865 { 3866 struct run_softc *sc = ic->ic_softc; 3867 int startall = 0; 3868 3869 RUN_LOCK(sc); 3870 if (sc->sc_detached) { 3871 RUN_UNLOCK(sc); 3872 return; 3873 } 3874 3875 if (ic->ic_nrunning > 0) { 3876 if (!(sc->sc_flags & RUN_RUNNING)) { 3877 startall = 1; 3878 run_init_locked(sc); 3879 } else 3880 run_update_promisc_locked(sc); 3881 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3882 run_stop(sc); 3883 RUN_UNLOCK(sc); 3884 if (startall) 3885 ieee80211_start_all(ic); 3886 } 3887 3888 static void 3889 run_iq_calib(struct run_softc *sc, u_int chan) 3890 { 3891 uint16_t val; 3892 3893 /* Tx0 IQ gain. */ 3894 run_bbp_write(sc, 158, 0x2c); 3895 if (chan <= 14) 3896 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3897 else if (chan <= 64) { 3898 run_efuse_read(sc, 3899 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3900 &val, 1); 3901 } else if (chan <= 138) { 3902 run_efuse_read(sc, 3903 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3904 &val, 1); 3905 } else if (chan <= 165) { 3906 run_efuse_read(sc, 3907 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3908 &val, 1); 3909 } else 3910 val = 0; 3911 run_bbp_write(sc, 159, val); 3912 3913 /* Tx0 IQ phase. */ 3914 run_bbp_write(sc, 158, 0x2d); 3915 if (chan <= 14) { 3916 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3917 &val, 1); 3918 } else if (chan <= 64) { 3919 run_efuse_read(sc, 3920 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3921 &val, 1); 3922 } else if (chan <= 138) { 3923 run_efuse_read(sc, 3924 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3925 &val, 1); 3926 } else if (chan <= 165) { 3927 run_efuse_read(sc, 3928 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3929 &val, 1); 3930 } else 3931 val = 0; 3932 run_bbp_write(sc, 159, val); 3933 3934 /* Tx1 IQ gain. */ 3935 run_bbp_write(sc, 158, 0x4a); 3936 if (chan <= 14) { 3937 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3938 &val, 1); 3939 } else if (chan <= 64) { 3940 run_efuse_read(sc, 3941 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3942 &val, 1); 3943 } else if (chan <= 138) { 3944 run_efuse_read(sc, 3945 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3946 &val, 1); 3947 } else if (chan <= 165) { 3948 run_efuse_read(sc, 3949 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3950 &val, 1); 3951 } else 3952 val = 0; 3953 run_bbp_write(sc, 159, val); 3954 3955 /* Tx1 IQ phase. */ 3956 run_bbp_write(sc, 158, 0x4b); 3957 if (chan <= 14) { 3958 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3959 &val, 1); 3960 } else if (chan <= 64) { 3961 run_efuse_read(sc, 3962 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3963 &val, 1); 3964 } else if (chan <= 138) { 3965 run_efuse_read(sc, 3966 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3967 &val, 1); 3968 } else if (chan <= 165) { 3969 run_efuse_read(sc, 3970 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3971 &val, 1); 3972 } else 3973 val = 0; 3974 run_bbp_write(sc, 159, val); 3975 3976 /* RF IQ compensation control. */ 3977 run_bbp_write(sc, 158, 0x04); 3978 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3979 &val, 1); 3980 run_bbp_write(sc, 159, val); 3981 3982 /* RF IQ imbalance compensation control. */ 3983 run_bbp_write(sc, 158, 0x03); 3984 run_efuse_read(sc, 3985 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3986 run_bbp_write(sc, 159, val); 3987 } 3988 3989 static void 3990 run_set_agc(struct run_softc *sc, uint8_t agc) 3991 { 3992 uint8_t bbp; 3993 3994 if (sc->mac_ver == 0x3572) { 3995 run_bbp_read(sc, 27, &bbp); 3996 bbp &= ~(0x3 << 5); 3997 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3998 run_bbp_write(sc, 66, agc); 3999 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 4000 run_bbp_write(sc, 66, agc); 4001 } else 4002 run_bbp_write(sc, 66, agc); 4003 } 4004 4005 static void 4006 run_select_chan_group(struct run_softc *sc, int group) 4007 { 4008 uint32_t tmp; 4009 uint8_t agc; 4010 4011 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 4012 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 4013 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 4014 if (sc->mac_ver < 0x3572) 4015 run_bbp_write(sc, 86, 0x00); 4016 4017 if (sc->mac_ver == 0x3593) { 4018 run_bbp_write(sc, 77, 0x98); 4019 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 4020 } 4021 4022 if (group == 0) { 4023 if (sc->ext_2ghz_lna) { 4024 if (sc->mac_ver >= 0x5390) 4025 run_bbp_write(sc, 75, 0x52); 4026 else { 4027 run_bbp_write(sc, 82, 0x62); 4028 run_bbp_write(sc, 75, 0x46); 4029 } 4030 } else { 4031 if (sc->mac_ver == 0x5592) { 4032 run_bbp_write(sc, 79, 0x1c); 4033 run_bbp_write(sc, 80, 0x0e); 4034 run_bbp_write(sc, 81, 0x3a); 4035 run_bbp_write(sc, 82, 0x62); 4036 4037 run_bbp_write(sc, 195, 0x80); 4038 run_bbp_write(sc, 196, 0xe0); 4039 run_bbp_write(sc, 195, 0x81); 4040 run_bbp_write(sc, 196, 0x1f); 4041 run_bbp_write(sc, 195, 0x82); 4042 run_bbp_write(sc, 196, 0x38); 4043 run_bbp_write(sc, 195, 0x83); 4044 run_bbp_write(sc, 196, 0x32); 4045 run_bbp_write(sc, 195, 0x85); 4046 run_bbp_write(sc, 196, 0x28); 4047 run_bbp_write(sc, 195, 0x86); 4048 run_bbp_write(sc, 196, 0x19); 4049 } else if (sc->mac_ver >= 0x5390) 4050 run_bbp_write(sc, 75, 0x50); 4051 else { 4052 run_bbp_write(sc, 82, 4053 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 4054 run_bbp_write(sc, 75, 0x50); 4055 } 4056 } 4057 } else { 4058 if (sc->mac_ver == 0x5592) { 4059 run_bbp_write(sc, 79, 0x18); 4060 run_bbp_write(sc, 80, 0x08); 4061 run_bbp_write(sc, 81, 0x38); 4062 run_bbp_write(sc, 82, 0x92); 4063 4064 run_bbp_write(sc, 195, 0x80); 4065 run_bbp_write(sc, 196, 0xf0); 4066 run_bbp_write(sc, 195, 0x81); 4067 run_bbp_write(sc, 196, 0x1e); 4068 run_bbp_write(sc, 195, 0x82); 4069 run_bbp_write(sc, 196, 0x28); 4070 run_bbp_write(sc, 195, 0x83); 4071 run_bbp_write(sc, 196, 0x20); 4072 run_bbp_write(sc, 195, 0x85); 4073 run_bbp_write(sc, 196, 0x7f); 4074 run_bbp_write(sc, 195, 0x86); 4075 run_bbp_write(sc, 196, 0x7f); 4076 } else if (sc->mac_ver == 0x3572) 4077 run_bbp_write(sc, 82, 0x94); 4078 else 4079 run_bbp_write(sc, 82, 4080 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4081 if (sc->ext_5ghz_lna) 4082 run_bbp_write(sc, 75, 0x46); 4083 else 4084 run_bbp_write(sc, 75, 0x50); 4085 } 4086 4087 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4088 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4089 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4090 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4091 4092 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4093 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4094 if (sc->mac_ver == 0x3593) 4095 tmp |= 1 << 29 | 1 << 28; 4096 if (sc->nrxchains > 1) 4097 tmp |= RT2860_LNA_PE1_EN; 4098 if (group == 0) { /* 2GHz */ 4099 tmp |= RT2860_PA_PE_G0_EN; 4100 if (sc->ntxchains > 1) 4101 tmp |= RT2860_PA_PE_G1_EN; 4102 if (sc->mac_ver == 0x3593) { 4103 if (sc->ntxchains > 2) 4104 tmp |= 1 << 25; 4105 } 4106 } else { /* 5GHz */ 4107 tmp |= RT2860_PA_PE_A0_EN; 4108 if (sc->ntxchains > 1) 4109 tmp |= RT2860_PA_PE_A1_EN; 4110 } 4111 if (sc->mac_ver == 0x3572) { 4112 run_rt3070_rf_write(sc, 8, 0x00); 4113 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4114 run_rt3070_rf_write(sc, 8, 0x80); 4115 } else 4116 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4117 4118 if (sc->mac_ver == 0x5592) { 4119 run_bbp_write(sc, 195, 0x8d); 4120 run_bbp_write(sc, 196, 0x1a); 4121 } 4122 4123 if (sc->mac_ver == 0x3593) { 4124 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4125 tmp &= ~0x01010000; 4126 if (group == 0) 4127 tmp |= 0x00010000; 4128 tmp = (tmp & ~0x00009090) | 0x00000090; 4129 run_write(sc, RT2860_GPIO_CTRL, tmp); 4130 } 4131 4132 /* set initial AGC value */ 4133 if (group == 0) { /* 2GHz band */ 4134 if (sc->mac_ver >= 0x3070) 4135 agc = 0x1c + sc->lna[0] * 2; 4136 else 4137 agc = 0x2e + sc->lna[0]; 4138 } else { /* 5GHz band */ 4139 if (sc->mac_ver == 0x5592) 4140 agc = 0x24 + sc->lna[group] * 2; 4141 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4142 agc = 0x22 + (sc->lna[group] * 5) / 3; 4143 else 4144 agc = 0x32 + (sc->lna[group] * 5) / 3; 4145 } 4146 run_set_agc(sc, agc); 4147 } 4148 4149 static void 4150 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4151 { 4152 const struct rfprog *rfprog = rt2860_rf2850; 4153 uint32_t r2, r3, r4; 4154 int8_t txpow1, txpow2; 4155 int i; 4156 4157 /* find the settings for this channel (we know it exists) */ 4158 for (i = 0; rfprog[i].chan != chan; i++); 4159 4160 r2 = rfprog[i].r2; 4161 if (sc->ntxchains == 1) 4162 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4163 if (sc->nrxchains == 1) 4164 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4165 else if (sc->nrxchains == 2) 4166 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4167 4168 /* use Tx power values from EEPROM */ 4169 txpow1 = sc->txpow1[i]; 4170 txpow2 = sc->txpow2[i]; 4171 4172 /* Initialize RF R3 and R4. */ 4173 r3 = rfprog[i].r3 & 0xffffc1ff; 4174 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4175 if (chan > 14) { 4176 if (txpow1 >= 0) { 4177 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4178 r3 |= (txpow1 << 10) | (1 << 9); 4179 } else { 4180 txpow1 += 7; 4181 4182 /* txpow1 is not possible larger than 15. */ 4183 r3 |= (txpow1 << 10); 4184 } 4185 if (txpow2 >= 0) { 4186 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4187 r4 |= (txpow2 << 7) | (1 << 6); 4188 } else { 4189 txpow2 += 7; 4190 r4 |= (txpow2 << 7); 4191 } 4192 } else { 4193 /* Set Tx0 power. */ 4194 r3 |= (txpow1 << 9); 4195 4196 /* Set frequency offset and Tx1 power. */ 4197 r4 |= (txpow2 << 6); 4198 } 4199 4200 run_rt2870_rf_write(sc, rfprog[i].r1); 4201 run_rt2870_rf_write(sc, r2); 4202 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4203 run_rt2870_rf_write(sc, r4); 4204 4205 run_delay(sc, 10); 4206 4207 run_rt2870_rf_write(sc, rfprog[i].r1); 4208 run_rt2870_rf_write(sc, r2); 4209 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4210 run_rt2870_rf_write(sc, r4); 4211 4212 run_delay(sc, 10); 4213 4214 run_rt2870_rf_write(sc, rfprog[i].r1); 4215 run_rt2870_rf_write(sc, r2); 4216 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4217 run_rt2870_rf_write(sc, r4); 4218 } 4219 4220 static void 4221 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4222 { 4223 int8_t txpow1, txpow2; 4224 uint8_t rf; 4225 int i; 4226 4227 /* find the settings for this channel (we know it exists) */ 4228 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4229 4230 /* use Tx power values from EEPROM */ 4231 txpow1 = sc->txpow1[i]; 4232 txpow2 = sc->txpow2[i]; 4233 4234 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4235 4236 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4237 run_rt3070_rf_read(sc, 3, &rf); 4238 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4239 run_rt3070_rf_write(sc, 3, rf); 4240 4241 run_rt3070_rf_read(sc, 6, &rf); 4242 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4243 run_rt3070_rf_write(sc, 6, rf); 4244 4245 /* set Tx0 power */ 4246 run_rt3070_rf_read(sc, 12, &rf); 4247 rf = (rf & ~0x1f) | txpow1; 4248 run_rt3070_rf_write(sc, 12, rf); 4249 4250 /* set Tx1 power */ 4251 run_rt3070_rf_read(sc, 13, &rf); 4252 rf = (rf & ~0x1f) | txpow2; 4253 run_rt3070_rf_write(sc, 13, rf); 4254 4255 run_rt3070_rf_read(sc, 1, &rf); 4256 rf &= ~0xfc; 4257 if (sc->ntxchains == 1) 4258 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4259 else if (sc->ntxchains == 2) 4260 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4261 if (sc->nrxchains == 1) 4262 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4263 else if (sc->nrxchains == 2) 4264 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4265 run_rt3070_rf_write(sc, 1, rf); 4266 4267 /* set RF offset */ 4268 run_rt3070_rf_read(sc, 23, &rf); 4269 rf = (rf & ~0x7f) | sc->freq; 4270 run_rt3070_rf_write(sc, 23, rf); 4271 4272 /* program RF filter */ 4273 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4274 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4275 run_rt3070_rf_write(sc, 24, rf); 4276 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4277 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4278 run_rt3070_rf_write(sc, 31, rf); 4279 4280 /* enable RF tuning */ 4281 run_rt3070_rf_read(sc, 7, &rf); 4282 run_rt3070_rf_write(sc, 7, rf | 0x01); 4283 } 4284 4285 static void 4286 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4287 { 4288 int8_t txpow1, txpow2; 4289 uint32_t tmp; 4290 uint8_t rf; 4291 int i; 4292 4293 /* find the settings for this channel (we know it exists) */ 4294 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4295 4296 /* use Tx power values from EEPROM */ 4297 txpow1 = sc->txpow1[i]; 4298 txpow2 = sc->txpow2[i]; 4299 4300 if (chan <= 14) { 4301 run_bbp_write(sc, 25, sc->bbp25); 4302 run_bbp_write(sc, 26, sc->bbp26); 4303 } else { 4304 /* enable IQ phase correction */ 4305 run_bbp_write(sc, 25, 0x09); 4306 run_bbp_write(sc, 26, 0xff); 4307 } 4308 4309 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4310 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4311 run_rt3070_rf_read(sc, 6, &rf); 4312 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4313 rf |= (chan <= 14) ? 0x08 : 0x04; 4314 run_rt3070_rf_write(sc, 6, rf); 4315 4316 /* set PLL mode */ 4317 run_rt3070_rf_read(sc, 5, &rf); 4318 rf &= ~(0x08 | 0x04); 4319 rf |= (chan <= 14) ? 0x04 : 0x08; 4320 run_rt3070_rf_write(sc, 5, rf); 4321 4322 /* set Tx power for chain 0 */ 4323 if (chan <= 14) 4324 rf = 0x60 | txpow1; 4325 else 4326 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4327 run_rt3070_rf_write(sc, 12, rf); 4328 4329 /* set Tx power for chain 1 */ 4330 if (chan <= 14) 4331 rf = 0x60 | txpow2; 4332 else 4333 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4334 run_rt3070_rf_write(sc, 13, rf); 4335 4336 /* set Tx/Rx streams */ 4337 run_rt3070_rf_read(sc, 1, &rf); 4338 rf &= ~0xfc; 4339 if (sc->ntxchains == 1) 4340 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4341 else if (sc->ntxchains == 2) 4342 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4343 if (sc->nrxchains == 1) 4344 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4345 else if (sc->nrxchains == 2) 4346 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4347 run_rt3070_rf_write(sc, 1, rf); 4348 4349 /* set RF offset */ 4350 run_rt3070_rf_read(sc, 23, &rf); 4351 rf = (rf & ~0x7f) | sc->freq; 4352 run_rt3070_rf_write(sc, 23, rf); 4353 4354 /* program RF filter */ 4355 rf = sc->rf24_20mhz; 4356 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4357 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4358 4359 /* enable RF tuning */ 4360 run_rt3070_rf_read(sc, 7, &rf); 4361 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4362 run_rt3070_rf_write(sc, 7, rf); 4363 4364 /* TSSI */ 4365 rf = (chan <= 14) ? 0xc3 : 0xc0; 4366 run_rt3070_rf_write(sc, 9, rf); 4367 4368 /* set loop filter 1 */ 4369 run_rt3070_rf_write(sc, 10, 0xf1); 4370 /* set loop filter 2 */ 4371 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4372 4373 /* set tx_mx2_ic */ 4374 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4375 /* set tx_mx1_ic */ 4376 if (chan <= 14) 4377 rf = 0x48 | sc->txmixgain_2ghz; 4378 else 4379 rf = 0x78 | sc->txmixgain_5ghz; 4380 run_rt3070_rf_write(sc, 16, rf); 4381 4382 /* set tx_lo1 */ 4383 run_rt3070_rf_write(sc, 17, 0x23); 4384 /* set tx_lo2 */ 4385 if (chan <= 14) 4386 rf = 0x93; 4387 else if (chan <= 64) 4388 rf = 0xb7; 4389 else if (chan <= 128) 4390 rf = 0x74; 4391 else 4392 rf = 0x72; 4393 run_rt3070_rf_write(sc, 19, rf); 4394 4395 /* set rx_lo1 */ 4396 if (chan <= 14) 4397 rf = 0xb3; 4398 else if (chan <= 64) 4399 rf = 0xf6; 4400 else if (chan <= 128) 4401 rf = 0xf4; 4402 else 4403 rf = 0xf3; 4404 run_rt3070_rf_write(sc, 20, rf); 4405 4406 /* set pfd_delay */ 4407 if (chan <= 14) 4408 rf = 0x15; 4409 else if (chan <= 64) 4410 rf = 0x3d; 4411 else 4412 rf = 0x01; 4413 run_rt3070_rf_write(sc, 25, rf); 4414 4415 /* set rx_lo2 */ 4416 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4417 /* set ldo_rf_vc */ 4418 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4419 /* set drv_cc */ 4420 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4421 4422 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4423 tmp &= ~0x8080; 4424 if (chan <= 14) 4425 tmp |= 0x80; 4426 run_write(sc, RT2860_GPIO_CTRL, tmp); 4427 4428 /* enable RF tuning */ 4429 run_rt3070_rf_read(sc, 7, &rf); 4430 run_rt3070_rf_write(sc, 7, rf | 0x01); 4431 4432 run_delay(sc, 2); 4433 } 4434 4435 static void 4436 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4437 { 4438 int8_t txpow1, txpow2, txpow3; 4439 uint8_t h20mhz, rf; 4440 int i; 4441 4442 /* find the settings for this channel (we know it exists) */ 4443 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4444 4445 /* use Tx power values from EEPROM */ 4446 txpow1 = sc->txpow1[i]; 4447 txpow2 = sc->txpow2[i]; 4448 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4449 4450 if (chan <= 14) { 4451 run_bbp_write(sc, 25, sc->bbp25); 4452 run_bbp_write(sc, 26, sc->bbp26); 4453 } else { 4454 /* Enable IQ phase correction. */ 4455 run_bbp_write(sc, 25, 0x09); 4456 run_bbp_write(sc, 26, 0xff); 4457 } 4458 4459 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4460 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4461 run_rt3070_rf_read(sc, 11, &rf); 4462 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4463 run_rt3070_rf_write(sc, 11, rf); 4464 4465 /* Set pll_idoh. */ 4466 run_rt3070_rf_read(sc, 11, &rf); 4467 rf &= ~0x4c; 4468 rf |= (chan <= 14) ? 0x44 : 0x48; 4469 run_rt3070_rf_write(sc, 11, rf); 4470 4471 if (chan <= 14) 4472 rf = txpow1 & 0x1f; 4473 else 4474 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4475 run_rt3070_rf_write(sc, 53, rf); 4476 4477 if (chan <= 14) 4478 rf = txpow2 & 0x1f; 4479 else 4480 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4481 run_rt3070_rf_write(sc, 55, rf); 4482 4483 if (chan <= 14) 4484 rf = txpow3 & 0x1f; 4485 else 4486 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4487 run_rt3070_rf_write(sc, 54, rf); 4488 4489 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4490 if (sc->ntxchains == 3) 4491 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4492 else 4493 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4494 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4495 run_rt3070_rf_write(sc, 1, rf); 4496 4497 run_adjust_freq_offset(sc); 4498 4499 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4500 4501 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4502 run_rt3070_rf_read(sc, 30, &rf); 4503 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4504 run_rt3070_rf_write(sc, 30, rf); 4505 4506 run_rt3070_rf_read(sc, 36, &rf); 4507 if (chan <= 14) 4508 rf |= 0x80; 4509 else 4510 rf &= ~0x80; 4511 run_rt3070_rf_write(sc, 36, rf); 4512 4513 /* Set vcolo_bs. */ 4514 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4515 /* Set pfd_delay. */ 4516 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4517 4518 /* Set vco bias current control. */ 4519 run_rt3070_rf_read(sc, 6, &rf); 4520 rf &= ~0xc0; 4521 if (chan <= 14) 4522 rf |= 0x40; 4523 else if (chan <= 128) 4524 rf |= 0x80; 4525 else 4526 rf |= 0x40; 4527 run_rt3070_rf_write(sc, 6, rf); 4528 4529 run_rt3070_rf_read(sc, 30, &rf); 4530 rf = (rf & ~0x18) | 0x10; 4531 run_rt3070_rf_write(sc, 30, rf); 4532 4533 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4534 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4535 4536 run_rt3070_rf_read(sc, 51, &rf); 4537 rf = (rf & ~0x03) | 0x01; 4538 run_rt3070_rf_write(sc, 51, rf); 4539 /* Set tx_mx1_cc. */ 4540 run_rt3070_rf_read(sc, 51, &rf); 4541 rf &= ~0x1c; 4542 rf |= (chan <= 14) ? 0x14 : 0x10; 4543 run_rt3070_rf_write(sc, 51, rf); 4544 /* Set tx_mx1_ic. */ 4545 run_rt3070_rf_read(sc, 51, &rf); 4546 rf &= ~0xe0; 4547 rf |= (chan <= 14) ? 0x60 : 0x40; 4548 run_rt3070_rf_write(sc, 51, rf); 4549 /* Set tx_lo1_ic. */ 4550 run_rt3070_rf_read(sc, 49, &rf); 4551 rf &= ~0x1c; 4552 rf |= (chan <= 14) ? 0x0c : 0x08; 4553 run_rt3070_rf_write(sc, 49, rf); 4554 /* Set tx_lo1_en. */ 4555 run_rt3070_rf_read(sc, 50, &rf); 4556 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4557 /* Set drv_cc. */ 4558 run_rt3070_rf_read(sc, 57, &rf); 4559 rf &= ~0xfc; 4560 rf |= (chan <= 14) ? 0x6c : 0x3c; 4561 run_rt3070_rf_write(sc, 57, rf); 4562 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4563 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4564 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4565 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4566 /* Enable VCO calibration. */ 4567 run_rt3070_rf_read(sc, 3, &rf); 4568 rf &= ~RT5390_VCOCAL; 4569 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4570 run_rt3070_rf_write(sc, 3, rf); 4571 4572 if (chan <= 14) 4573 rf = 0x23; 4574 else if (chan <= 64) 4575 rf = 0x36; 4576 else if (chan <= 128) 4577 rf = 0x32; 4578 else 4579 rf = 0x30; 4580 run_rt3070_rf_write(sc, 39, rf); 4581 if (chan <= 14) 4582 rf = 0xbb; 4583 else if (chan <= 64) 4584 rf = 0xeb; 4585 else if (chan <= 128) 4586 rf = 0xb3; 4587 else 4588 rf = 0x9b; 4589 run_rt3070_rf_write(sc, 45, rf); 4590 4591 /* Set FEQ/AEQ control. */ 4592 run_bbp_write(sc, 105, 0x34); 4593 } 4594 4595 static void 4596 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4597 { 4598 int8_t txpow1, txpow2; 4599 uint8_t rf; 4600 int i; 4601 4602 /* find the settings for this channel (we know it exists) */ 4603 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4604 4605 /* use Tx power values from EEPROM */ 4606 txpow1 = sc->txpow1[i]; 4607 txpow2 = sc->txpow2[i]; 4608 4609 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4610 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4611 run_rt3070_rf_read(sc, 11, &rf); 4612 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4613 run_rt3070_rf_write(sc, 11, rf); 4614 4615 run_rt3070_rf_read(sc, 49, &rf); 4616 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4617 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4618 if ((rf & 0x3f) > 0x27) 4619 rf = (rf & ~0x3f) | 0x27; 4620 run_rt3070_rf_write(sc, 49, rf); 4621 4622 if (sc->mac_ver == 0x5392) { 4623 run_rt3070_rf_read(sc, 50, &rf); 4624 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4625 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4626 if ((rf & 0x3f) > 0x27) 4627 rf = (rf & ~0x3f) | 0x27; 4628 run_rt3070_rf_write(sc, 50, rf); 4629 } 4630 4631 run_rt3070_rf_read(sc, 1, &rf); 4632 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4633 if (sc->mac_ver == 0x5392) 4634 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4635 run_rt3070_rf_write(sc, 1, rf); 4636 4637 if (sc->mac_ver != 0x5392) { 4638 run_rt3070_rf_read(sc, 2, &rf); 4639 rf |= 0x80; 4640 run_rt3070_rf_write(sc, 2, rf); 4641 run_delay(sc, 10); 4642 rf &= 0x7f; 4643 run_rt3070_rf_write(sc, 2, rf); 4644 } 4645 4646 run_adjust_freq_offset(sc); 4647 4648 if (sc->mac_ver == 0x5392) { 4649 /* Fix for RT5392C. */ 4650 if (sc->mac_rev >= 0x0223) { 4651 if (chan <= 4) 4652 rf = 0x0f; 4653 else if (chan >= 5 && chan <= 7) 4654 rf = 0x0e; 4655 else 4656 rf = 0x0d; 4657 run_rt3070_rf_write(sc, 23, rf); 4658 4659 if (chan <= 4) 4660 rf = 0x0c; 4661 else if (chan == 5) 4662 rf = 0x0b; 4663 else if (chan >= 6 && chan <= 7) 4664 rf = 0x0a; 4665 else if (chan >= 8 && chan <= 10) 4666 rf = 0x09; 4667 else 4668 rf = 0x08; 4669 run_rt3070_rf_write(sc, 59, rf); 4670 } else { 4671 if (chan <= 11) 4672 rf = 0x0f; 4673 else 4674 rf = 0x0b; 4675 run_rt3070_rf_write(sc, 59, rf); 4676 } 4677 } else { 4678 /* Fix for RT5390F. */ 4679 if (sc->mac_rev >= 0x0502) { 4680 if (chan <= 11) 4681 rf = 0x43; 4682 else 4683 rf = 0x23; 4684 run_rt3070_rf_write(sc, 55, rf); 4685 4686 if (chan <= 11) 4687 rf = 0x0f; 4688 else if (chan == 12) 4689 rf = 0x0d; 4690 else 4691 rf = 0x0b; 4692 run_rt3070_rf_write(sc, 59, rf); 4693 } else { 4694 run_rt3070_rf_write(sc, 55, 0x44); 4695 run_rt3070_rf_write(sc, 59, 0x8f); 4696 } 4697 } 4698 4699 /* Enable VCO calibration. */ 4700 run_rt3070_rf_read(sc, 3, &rf); 4701 rf |= RT5390_VCOCAL; 4702 run_rt3070_rf_write(sc, 3, rf); 4703 } 4704 4705 static void 4706 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4707 { 4708 const struct rt5592_freqs *freqs; 4709 uint32_t tmp; 4710 uint8_t reg, rf, txpow_bound; 4711 int8_t txpow1, txpow2; 4712 int i; 4713 4714 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4715 freqs = (tmp & RT5592_SEL_XTAL) ? 4716 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4717 4718 /* find the settings for this channel (we know it exists) */ 4719 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4720 4721 /* use Tx power values from EEPROM */ 4722 txpow1 = sc->txpow1[i]; 4723 txpow2 = sc->txpow2[i]; 4724 4725 run_read(sc, RT3070_LDO_CFG0, &tmp); 4726 tmp &= ~0x1c000000; 4727 if (chan > 14) 4728 tmp |= 0x14000000; 4729 run_write(sc, RT3070_LDO_CFG0, tmp); 4730 4731 /* N setting. */ 4732 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4733 run_rt3070_rf_read(sc, 9, &rf); 4734 rf &= ~(1 << 4); 4735 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4736 run_rt3070_rf_write(sc, 9, rf); 4737 4738 /* K setting. */ 4739 run_rt3070_rf_read(sc, 9, &rf); 4740 rf &= ~0x0f; 4741 rf |= (freqs->k & 0x0f); 4742 run_rt3070_rf_write(sc, 9, rf); 4743 4744 /* Mode setting. */ 4745 run_rt3070_rf_read(sc, 11, &rf); 4746 rf &= ~0x0c; 4747 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4748 run_rt3070_rf_write(sc, 11, rf); 4749 run_rt3070_rf_read(sc, 9, &rf); 4750 rf &= ~(1 << 7); 4751 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4752 run_rt3070_rf_write(sc, 9, rf); 4753 4754 /* R setting. */ 4755 run_rt3070_rf_read(sc, 11, &rf); 4756 rf &= ~0x03; 4757 rf |= (freqs->r - 0x1); 4758 run_rt3070_rf_write(sc, 11, rf); 4759 4760 if (chan <= 14) { 4761 /* Initialize RF registers for 2GHZ. */ 4762 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4763 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4764 rt5592_2ghz_def_rf[i].val); 4765 } 4766 4767 rf = (chan <= 10) ? 0x07 : 0x06; 4768 run_rt3070_rf_write(sc, 23, rf); 4769 run_rt3070_rf_write(sc, 59, rf); 4770 4771 run_rt3070_rf_write(sc, 55, 0x43); 4772 4773 /* 4774 * RF R49/R50 Tx power ALC code. 4775 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4776 */ 4777 reg = 2; 4778 txpow_bound = 0x27; 4779 } else { 4780 /* Initialize RF registers for 5GHZ. */ 4781 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4782 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4783 rt5592_5ghz_def_rf[i].val); 4784 } 4785 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4786 if (chan >= rt5592_chan_5ghz[i].firstchan && 4787 chan <= rt5592_chan_5ghz[i].lastchan) { 4788 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4789 rt5592_chan_5ghz[i].val); 4790 } 4791 } 4792 4793 /* 4794 * RF R49/R50 Tx power ALC code. 4795 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4796 */ 4797 reg = 3; 4798 txpow_bound = 0x2b; 4799 } 4800 4801 /* RF R49 ch0 Tx power ALC code. */ 4802 run_rt3070_rf_read(sc, 49, &rf); 4803 rf &= ~0xc0; 4804 rf |= (reg << 6); 4805 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4806 if ((rf & 0x3f) > txpow_bound) 4807 rf = (rf & ~0x3f) | txpow_bound; 4808 run_rt3070_rf_write(sc, 49, rf); 4809 4810 /* RF R50 ch1 Tx power ALC code. */ 4811 run_rt3070_rf_read(sc, 50, &rf); 4812 rf &= ~(1 << 7 | 1 << 6); 4813 rf |= (reg << 6); 4814 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4815 if ((rf & 0x3f) > txpow_bound) 4816 rf = (rf & ~0x3f) | txpow_bound; 4817 run_rt3070_rf_write(sc, 50, rf); 4818 4819 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4820 run_rt3070_rf_read(sc, 1, &rf); 4821 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4822 if (sc->ntxchains > 1) 4823 rf |= RT3070_TX1_PD; 4824 if (sc->nrxchains > 1) 4825 rf |= RT3070_RX1_PD; 4826 run_rt3070_rf_write(sc, 1, rf); 4827 4828 run_rt3070_rf_write(sc, 6, 0xe4); 4829 4830 run_rt3070_rf_write(sc, 30, 0x10); 4831 run_rt3070_rf_write(sc, 31, 0x80); 4832 run_rt3070_rf_write(sc, 32, 0x80); 4833 4834 run_adjust_freq_offset(sc); 4835 4836 /* Enable VCO calibration. */ 4837 run_rt3070_rf_read(sc, 3, &rf); 4838 rf |= RT5390_VCOCAL; 4839 run_rt3070_rf_write(sc, 3, rf); 4840 } 4841 4842 static void 4843 run_set_rx_antenna(struct run_softc *sc, int aux) 4844 { 4845 uint32_t tmp; 4846 uint8_t bbp152; 4847 4848 if (aux) { 4849 if (sc->rf_rev == RT5390_RF_5370) { 4850 run_bbp_read(sc, 152, &bbp152); 4851 run_bbp_write(sc, 152, bbp152 & ~0x80); 4852 } else { 4853 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4854 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4855 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4856 } 4857 } else { 4858 if (sc->rf_rev == RT5390_RF_5370) { 4859 run_bbp_read(sc, 152, &bbp152); 4860 run_bbp_write(sc, 152, bbp152 | 0x80); 4861 } else { 4862 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4863 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4864 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4865 } 4866 } 4867 } 4868 4869 static int 4870 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4871 { 4872 struct ieee80211com *ic = &sc->sc_ic; 4873 u_int chan, group; 4874 4875 chan = ieee80211_chan2ieee(ic, c); 4876 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4877 return (EINVAL); 4878 4879 if (sc->mac_ver == 0x5592) 4880 run_rt5592_set_chan(sc, chan); 4881 else if (sc->mac_ver >= 0x5390) 4882 run_rt5390_set_chan(sc, chan); 4883 else if (sc->mac_ver == 0x3593) 4884 run_rt3593_set_chan(sc, chan); 4885 else if (sc->mac_ver == 0x3572) 4886 run_rt3572_set_chan(sc, chan); 4887 else if (sc->mac_ver >= 0x3070) 4888 run_rt3070_set_chan(sc, chan); 4889 else 4890 run_rt2870_set_chan(sc, chan); 4891 4892 /* determine channel group */ 4893 if (chan <= 14) 4894 group = 0; 4895 else if (chan <= 64) 4896 group = 1; 4897 else if (chan <= 128) 4898 group = 2; 4899 else 4900 group = 3; 4901 4902 /* XXX necessary only when group has changed! */ 4903 run_select_chan_group(sc, group); 4904 4905 run_delay(sc, 10); 4906 4907 /* Perform IQ calibration. */ 4908 if (sc->mac_ver >= 0x5392) 4909 run_iq_calib(sc, chan); 4910 4911 return (0); 4912 } 4913 4914 static void 4915 run_set_channel(struct ieee80211com *ic) 4916 { 4917 struct run_softc *sc = ic->ic_softc; 4918 4919 RUN_LOCK(sc); 4920 run_set_chan(sc, ic->ic_curchan); 4921 RUN_UNLOCK(sc); 4922 4923 return; 4924 } 4925 4926 static void 4927 run_getradiocaps(struct ieee80211com *ic, 4928 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4929 { 4930 struct run_softc *sc = ic->ic_softc; 4931 uint8_t bands[IEEE80211_MODE_BYTES]; 4932 4933 memset(bands, 0, sizeof(bands)); 4934 setbit(bands, IEEE80211_MODE_11B); 4935 setbit(bands, IEEE80211_MODE_11G); 4936 if (sc->rf_rev != RT3070_RF_2020) 4937 setbit(bands, IEEE80211_MODE_11NG); 4938 4939 /* Note: for now, only support HT20 channels */ 4940 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4941 4942 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4943 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4944 sc->rf_rev == RT5592_RF_5592) { 4945 setbit(bands, IEEE80211_MODE_11A); 4946 /* Note: for now, only support HT20 channels */ 4947 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4948 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4949 } 4950 } 4951 4952 static void 4953 run_scan_start(struct ieee80211com *ic) 4954 { 4955 struct run_softc *sc = ic->ic_softc; 4956 4957 RUN_LOCK(sc); 4958 4959 /* abort TSF synchronization */ 4960 run_disable_tsf(sc); 4961 run_set_bssid(sc, ieee80211broadcastaddr); 4962 4963 RUN_UNLOCK(sc); 4964 4965 return; 4966 } 4967 4968 static void 4969 run_scan_end(struct ieee80211com *ic) 4970 { 4971 struct run_softc *sc = ic->ic_softc; 4972 4973 RUN_LOCK(sc); 4974 4975 run_enable_tsf_sync(sc); 4976 run_set_bssid(sc, sc->sc_bssid); 4977 4978 RUN_UNLOCK(sc); 4979 4980 return; 4981 } 4982 4983 /* 4984 * Could be called from ieee80211_node_timeout() 4985 * (non-sleepable thread) 4986 */ 4987 static void 4988 run_update_beacon(struct ieee80211vap *vap, int item) 4989 { 4990 struct ieee80211com *ic = vap->iv_ic; 4991 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4992 struct ieee80211_node *ni = vap->iv_bss; 4993 struct run_softc *sc = ic->ic_softc; 4994 struct run_vap *rvp = RUN_VAP(vap); 4995 int mcast = 0; 4996 uint32_t i; 4997 4998 switch (item) { 4999 case IEEE80211_BEACON_ERP: 5000 run_updateslot(ic); 5001 break; 5002 case IEEE80211_BEACON_HTINFO: 5003 run_updateprot(ic); 5004 break; 5005 case IEEE80211_BEACON_TIM: 5006 mcast = 1; /*TODO*/ 5007 break; 5008 default: 5009 break; 5010 } 5011 5012 setbit(bo->bo_flags, item); 5013 if (rvp->beacon_mbuf == NULL) { 5014 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5015 if (rvp->beacon_mbuf == NULL) 5016 return; 5017 } 5018 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 5019 5020 i = RUN_CMDQ_GET(&sc->cmdq_store); 5021 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5022 sc->cmdq[i].func = run_update_beacon_cb; 5023 sc->cmdq[i].arg0 = vap; 5024 ieee80211_runtask(ic, &sc->cmdq_task); 5025 5026 return; 5027 } 5028 5029 static void 5030 run_update_beacon_cb(void *arg) 5031 { 5032 struct ieee80211vap *vap = arg; 5033 struct ieee80211_node *ni = vap->iv_bss; 5034 struct run_vap *rvp = RUN_VAP(vap); 5035 struct ieee80211com *ic = vap->iv_ic; 5036 struct run_softc *sc = ic->ic_softc; 5037 struct rt2860_txwi txwi; 5038 struct mbuf *m; 5039 uint16_t txwisize; 5040 uint8_t ridx; 5041 5042 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 5043 return; 5044 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 5045 return; 5046 5047 /* 5048 * No need to call ieee80211_beacon_update(), run_update_beacon() 5049 * is taking care of appropriate calls. 5050 */ 5051 if (rvp->beacon_mbuf == NULL) { 5052 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5053 if (rvp->beacon_mbuf == NULL) 5054 return; 5055 } 5056 m = rvp->beacon_mbuf; 5057 5058 memset(&txwi, 0, sizeof(txwi)); 5059 txwi.wcid = 0xff; 5060 txwi.len = htole16(m->m_pkthdr.len); 5061 5062 /* send beacons at the lowest available rate */ 5063 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 5064 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 5065 txwi.phy = htole16(rt2860_rates[ridx].mcs); 5066 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 5067 txwi.phy |= htole16(RT2860_PHY_OFDM); 5068 txwi.txop = RT2860_TX_TXOP_HT; 5069 txwi.flags = RT2860_TX_TS; 5070 txwi.xflags = RT2860_TX_NSEQ; 5071 5072 txwisize = (sc->mac_ver == 0x5592) ? 5073 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 5074 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 5075 txwisize); 5076 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 5077 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 5078 } 5079 5080 static void 5081 run_updateprot(struct ieee80211com *ic) 5082 { 5083 struct run_softc *sc = ic->ic_softc; 5084 uint32_t i; 5085 5086 i = RUN_CMDQ_GET(&sc->cmdq_store); 5087 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5088 sc->cmdq[i].func = run_updateprot_cb; 5089 sc->cmdq[i].arg0 = ic; 5090 ieee80211_runtask(ic, &sc->cmdq_task); 5091 } 5092 5093 static void 5094 run_updateprot_cb(void *arg) 5095 { 5096 struct ieee80211com *ic = arg; 5097 struct run_softc *sc = ic->ic_softc; 5098 uint32_t tmp; 5099 5100 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5101 /* setup protection frame rate (MCS code) */ 5102 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5103 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5104 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5105 5106 /* CCK frames don't require protection */ 5107 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5108 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5109 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5110 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5111 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5112 tmp |= RT2860_PROT_CTRL_CTS; 5113 } 5114 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5115 } 5116 5117 static void 5118 run_usb_timeout_cb(void *arg) 5119 { 5120 struct ieee80211vap *vap = arg; 5121 struct run_softc *sc = vap->iv_ic->ic_softc; 5122 5123 RUN_LOCK_ASSERT(sc, MA_OWNED); 5124 5125 if(vap->iv_state == IEEE80211_S_RUN && 5126 vap->iv_opmode != IEEE80211_M_STA) 5127 run_reset_livelock(sc); 5128 else if (vap->iv_state == IEEE80211_S_SCAN) { 5129 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5130 "timeout caused by scan\n"); 5131 /* cancel bgscan */ 5132 ieee80211_cancel_scan(vap); 5133 } else 5134 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5135 "timeout by unknown cause\n"); 5136 } 5137 5138 static void 5139 run_reset_livelock(struct run_softc *sc) 5140 { 5141 uint32_t tmp; 5142 5143 RUN_LOCK_ASSERT(sc, MA_OWNED); 5144 5145 /* 5146 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5147 * can run into a livelock and start sending CTS-to-self frames like 5148 * crazy if protection is enabled. Reset MAC/BBP for a while 5149 */ 5150 run_read(sc, RT2860_DEBUG, &tmp); 5151 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5152 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5153 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5154 "CTS-to-self livelock detected\n"); 5155 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5156 run_delay(sc, 1); 5157 run_write(sc, RT2860_MAC_SYS_CTRL, 5158 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5159 } 5160 } 5161 5162 static void 5163 run_update_promisc_locked(struct run_softc *sc) 5164 { 5165 uint32_t tmp; 5166 5167 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5168 5169 tmp |= RT2860_DROP_UC_NOME; 5170 if (sc->sc_ic.ic_promisc > 0) 5171 tmp &= ~RT2860_DROP_UC_NOME; 5172 5173 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5174 5175 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5176 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5177 } 5178 5179 static void 5180 run_update_promisc(struct ieee80211com *ic) 5181 { 5182 struct run_softc *sc = ic->ic_softc; 5183 5184 if ((sc->sc_flags & RUN_RUNNING) == 0) 5185 return; 5186 5187 RUN_LOCK(sc); 5188 run_update_promisc_locked(sc); 5189 RUN_UNLOCK(sc); 5190 } 5191 5192 static void 5193 run_enable_tsf_sync(struct run_softc *sc) 5194 { 5195 struct ieee80211com *ic = &sc->sc_ic; 5196 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5197 uint32_t tmp; 5198 5199 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5200 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5201 5202 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5203 tmp &= ~0x1fffff; 5204 tmp |= vap->iv_bss->ni_intval * 16; 5205 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5206 5207 if (ic->ic_opmode == IEEE80211_M_STA) { 5208 /* 5209 * Local TSF is always updated with remote TSF on beacon 5210 * reception. 5211 */ 5212 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5213 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5214 tmp |= RT2860_BCN_TX_EN; 5215 /* 5216 * Local TSF is updated with remote TSF on beacon reception 5217 * only if the remote TSF is greater than local TSF. 5218 */ 5219 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5220 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5221 ic->ic_opmode == IEEE80211_M_MBSS) { 5222 tmp |= RT2860_BCN_TX_EN; 5223 /* SYNC with nobody */ 5224 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5225 } else { 5226 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5227 "Enabling TSF failed. undefined opmode\n"); 5228 return; 5229 } 5230 5231 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5232 } 5233 5234 static void 5235 run_enable_tsf(struct run_softc *sc) 5236 { 5237 uint32_t tmp; 5238 5239 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5240 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5241 tmp |= RT2860_TSF_TIMER_EN; 5242 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5243 } 5244 } 5245 5246 static void 5247 run_disable_tsf(struct run_softc *sc) 5248 { 5249 uint32_t tmp; 5250 5251 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5252 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5253 RT2860_TBTT_TIMER_EN); 5254 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5255 } 5256 } 5257 5258 static void 5259 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5260 { 5261 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5262 sizeof(*buf)); 5263 } 5264 5265 static void 5266 run_enable_mrr(struct run_softc *sc) 5267 { 5268 #define CCK(mcs) (mcs) 5269 #define OFDM(mcs) (1 << 3 | (mcs)) 5270 run_write(sc, RT2860_LG_FBK_CFG0, 5271 OFDM(6) << 28 | /* 54->48 */ 5272 OFDM(5) << 24 | /* 48->36 */ 5273 OFDM(4) << 20 | /* 36->24 */ 5274 OFDM(3) << 16 | /* 24->18 */ 5275 OFDM(2) << 12 | /* 18->12 */ 5276 OFDM(1) << 8 | /* 12-> 9 */ 5277 OFDM(0) << 4 | /* 9-> 6 */ 5278 OFDM(0)); /* 6-> 6 */ 5279 5280 run_write(sc, RT2860_LG_FBK_CFG1, 5281 CCK(2) << 12 | /* 11->5.5 */ 5282 CCK(1) << 8 | /* 5.5-> 2 */ 5283 CCK(0) << 4 | /* 2-> 1 */ 5284 CCK(0)); /* 1-> 1 */ 5285 #undef OFDM 5286 #undef CCK 5287 } 5288 5289 static void 5290 run_set_txpreamble(struct run_softc *sc) 5291 { 5292 struct ieee80211com *ic = &sc->sc_ic; 5293 uint32_t tmp; 5294 5295 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5296 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5297 tmp |= RT2860_CCK_SHORT_EN; 5298 else 5299 tmp &= ~RT2860_CCK_SHORT_EN; 5300 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5301 } 5302 5303 static void 5304 run_set_basicrates(struct run_softc *sc) 5305 { 5306 struct ieee80211com *ic = &sc->sc_ic; 5307 5308 /* set basic rates mask */ 5309 if (ic->ic_curmode == IEEE80211_MODE_11B) 5310 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5311 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5312 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5313 else /* 11g */ 5314 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5315 } 5316 5317 static void 5318 run_set_leds(struct run_softc *sc, uint16_t which) 5319 { 5320 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5321 which | (sc->leds & 0x7f)); 5322 } 5323 5324 static void 5325 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5326 { 5327 run_write(sc, RT2860_MAC_BSSID_DW0, 5328 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5329 run_write(sc, RT2860_MAC_BSSID_DW1, 5330 bssid[4] | bssid[5] << 8); 5331 } 5332 5333 static void 5334 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5335 { 5336 run_write(sc, RT2860_MAC_ADDR_DW0, 5337 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5338 run_write(sc, RT2860_MAC_ADDR_DW1, 5339 addr[4] | addr[5] << 8 | 0xff << 16); 5340 } 5341 5342 static void 5343 run_updateslot(struct ieee80211com *ic) 5344 { 5345 struct run_softc *sc = ic->ic_softc; 5346 uint32_t i; 5347 5348 i = RUN_CMDQ_GET(&sc->cmdq_store); 5349 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5350 sc->cmdq[i].func = run_updateslot_cb; 5351 sc->cmdq[i].arg0 = ic; 5352 ieee80211_runtask(ic, &sc->cmdq_task); 5353 5354 return; 5355 } 5356 5357 /* ARGSUSED */ 5358 static void 5359 run_updateslot_cb(void *arg) 5360 { 5361 struct ieee80211com *ic = arg; 5362 struct run_softc *sc = ic->ic_softc; 5363 uint32_t tmp; 5364 5365 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5366 tmp &= ~0xff; 5367 tmp |= IEEE80211_GET_SLOTTIME(ic); 5368 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5369 } 5370 5371 static void 5372 run_update_mcast(struct ieee80211com *ic) 5373 { 5374 } 5375 5376 static int8_t 5377 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5378 { 5379 struct ieee80211com *ic = &sc->sc_ic; 5380 struct ieee80211_channel *c = ic->ic_curchan; 5381 int delta; 5382 5383 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5384 u_int chan = ieee80211_chan2ieee(ic, c); 5385 delta = sc->rssi_5ghz[rxchain]; 5386 5387 /* determine channel group */ 5388 if (chan <= 64) 5389 delta -= sc->lna[1]; 5390 else if (chan <= 128) 5391 delta -= sc->lna[2]; 5392 else 5393 delta -= sc->lna[3]; 5394 } else 5395 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5396 5397 return (-12 - delta - rssi); 5398 } 5399 5400 static void 5401 run_rt5390_bbp_init(struct run_softc *sc) 5402 { 5403 u_int i; 5404 uint8_t bbp; 5405 5406 /* Apply maximum likelihood detection for 2 stream case. */ 5407 run_bbp_read(sc, 105, &bbp); 5408 if (sc->nrxchains > 1) 5409 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5410 5411 /* Avoid data lost and CRC error. */ 5412 run_bbp_read(sc, 4, &bbp); 5413 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5414 5415 if (sc->mac_ver == 0x5592) { 5416 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5417 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5418 rt5592_def_bbp[i].val); 5419 } 5420 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5421 run_bbp_write(sc, 195, i + 0x80); 5422 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5423 } 5424 } else { 5425 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5426 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5427 rt5390_def_bbp[i].val); 5428 } 5429 } 5430 if (sc->mac_ver == 0x5392) { 5431 run_bbp_write(sc, 88, 0x90); 5432 run_bbp_write(sc, 95, 0x9a); 5433 run_bbp_write(sc, 98, 0x12); 5434 run_bbp_write(sc, 106, 0x12); 5435 run_bbp_write(sc, 134, 0xd0); 5436 run_bbp_write(sc, 135, 0xf6); 5437 run_bbp_write(sc, 148, 0x84); 5438 } 5439 5440 run_bbp_read(sc, 152, &bbp); 5441 run_bbp_write(sc, 152, bbp | 0x80); 5442 5443 /* Fix BBP254 for RT5592C. */ 5444 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5445 run_bbp_read(sc, 254, &bbp); 5446 run_bbp_write(sc, 254, bbp | 0x80); 5447 } 5448 5449 /* Disable hardware antenna diversity. */ 5450 if (sc->mac_ver == 0x5390) 5451 run_bbp_write(sc, 154, 0); 5452 5453 /* Initialize Rx CCK/OFDM frequency offset report. */ 5454 run_bbp_write(sc, 142, 1); 5455 run_bbp_write(sc, 143, 57); 5456 } 5457 5458 static int 5459 run_bbp_init(struct run_softc *sc) 5460 { 5461 int i, error, ntries; 5462 uint8_t bbp0; 5463 5464 /* wait for BBP to wake up */ 5465 for (ntries = 0; ntries < 20; ntries++) { 5466 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5467 return error; 5468 if (bbp0 != 0 && bbp0 != 0xff) 5469 break; 5470 } 5471 if (ntries == 20) 5472 return (ETIMEDOUT); 5473 5474 /* initialize BBP registers to default values */ 5475 if (sc->mac_ver >= 0x5390) 5476 run_rt5390_bbp_init(sc); 5477 else { 5478 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5479 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5480 rt2860_def_bbp[i].val); 5481 } 5482 } 5483 5484 if (sc->mac_ver == 0x3593) { 5485 run_bbp_write(sc, 79, 0x13); 5486 run_bbp_write(sc, 80, 0x05); 5487 run_bbp_write(sc, 81, 0x33); 5488 run_bbp_write(sc, 86, 0x46); 5489 run_bbp_write(sc, 137, 0x0f); 5490 } 5491 5492 /* fix BBP84 for RT2860E */ 5493 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5494 run_bbp_write(sc, 84, 0x19); 5495 5496 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5497 sc->mac_ver != 0x5592)) { 5498 run_bbp_write(sc, 79, 0x13); 5499 run_bbp_write(sc, 80, 0x05); 5500 run_bbp_write(sc, 81, 0x33); 5501 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5502 run_bbp_write(sc, 69, 0x16); 5503 run_bbp_write(sc, 73, 0x12); 5504 } 5505 return (0); 5506 } 5507 5508 static int 5509 run_rt3070_rf_init(struct run_softc *sc) 5510 { 5511 uint32_t tmp; 5512 uint8_t bbp4, mingain, rf, target; 5513 u_int i; 5514 5515 run_rt3070_rf_read(sc, 30, &rf); 5516 /* toggle RF R30 bit 7 */ 5517 run_rt3070_rf_write(sc, 30, rf | 0x80); 5518 run_delay(sc, 10); 5519 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5520 5521 /* initialize RF registers to default value */ 5522 if (sc->mac_ver == 0x3572) { 5523 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5524 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5525 rt3572_def_rf[i].val); 5526 } 5527 } else { 5528 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5529 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5530 rt3070_def_rf[i].val); 5531 } 5532 } 5533 5534 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5535 /* 5536 * Change voltage from 1.2V to 1.35V for RT3070. 5537 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5538 * in RT3070(F). 5539 */ 5540 run_read(sc, RT3070_LDO_CFG0, &tmp); 5541 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5542 run_write(sc, RT3070_LDO_CFG0, tmp); 5543 5544 } else if (sc->mac_ver == 0x3071) { 5545 run_rt3070_rf_read(sc, 6, &rf); 5546 run_rt3070_rf_write(sc, 6, rf | 0x40); 5547 run_rt3070_rf_write(sc, 31, 0x14); 5548 5549 run_read(sc, RT3070_LDO_CFG0, &tmp); 5550 tmp &= ~0x1f000000; 5551 if (sc->mac_rev < 0x0211) 5552 tmp |= 0x0d000000; /* 1.3V */ 5553 else 5554 tmp |= 0x01000000; /* 1.2V */ 5555 run_write(sc, RT3070_LDO_CFG0, tmp); 5556 5557 /* patch LNA_PE_G1 */ 5558 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5559 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5560 5561 } else if (sc->mac_ver == 0x3572) { 5562 run_rt3070_rf_read(sc, 6, &rf); 5563 run_rt3070_rf_write(sc, 6, rf | 0x40); 5564 5565 /* increase voltage from 1.2V to 1.35V */ 5566 run_read(sc, RT3070_LDO_CFG0, &tmp); 5567 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5568 run_write(sc, RT3070_LDO_CFG0, tmp); 5569 5570 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5571 run_delay(sc, 1); /* wait for 1msec */ 5572 /* decrease voltage back to 1.2V */ 5573 tmp = (tmp & ~0x1f000000) | 0x01000000; 5574 run_write(sc, RT3070_LDO_CFG0, tmp); 5575 } 5576 } 5577 5578 /* select 20MHz bandwidth */ 5579 run_rt3070_rf_read(sc, 31, &rf); 5580 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5581 5582 /* calibrate filter for 20MHz bandwidth */ 5583 sc->rf24_20mhz = 0x1f; /* default value */ 5584 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5585 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5586 5587 /* select 40MHz bandwidth */ 5588 run_bbp_read(sc, 4, &bbp4); 5589 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5590 run_rt3070_rf_read(sc, 31, &rf); 5591 run_rt3070_rf_write(sc, 31, rf | 0x20); 5592 5593 /* calibrate filter for 40MHz bandwidth */ 5594 sc->rf24_40mhz = 0x2f; /* default value */ 5595 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5596 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5597 5598 /* go back to 20MHz bandwidth */ 5599 run_bbp_read(sc, 4, &bbp4); 5600 run_bbp_write(sc, 4, bbp4 & ~0x18); 5601 5602 if (sc->mac_ver == 0x3572) { 5603 /* save default BBP registers 25 and 26 values */ 5604 run_bbp_read(sc, 25, &sc->bbp25); 5605 run_bbp_read(sc, 26, &sc->bbp26); 5606 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5607 run_rt3070_rf_write(sc, 27, 0x03); 5608 5609 run_read(sc, RT3070_OPT_14, &tmp); 5610 run_write(sc, RT3070_OPT_14, tmp | 1); 5611 5612 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5613 run_rt3070_rf_read(sc, 17, &rf); 5614 rf &= ~RT3070_TX_LO1; 5615 if ((sc->mac_ver == 0x3070 || 5616 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5617 !sc->ext_2ghz_lna) 5618 rf |= 0x20; /* fix for long range Rx issue */ 5619 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5620 if (sc->txmixgain_2ghz >= mingain) 5621 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5622 run_rt3070_rf_write(sc, 17, rf); 5623 } 5624 5625 if (sc->mac_ver == 0x3071) { 5626 run_rt3070_rf_read(sc, 1, &rf); 5627 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5628 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5629 run_rt3070_rf_write(sc, 1, rf); 5630 5631 run_rt3070_rf_read(sc, 15, &rf); 5632 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5633 5634 run_rt3070_rf_read(sc, 20, &rf); 5635 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5636 5637 run_rt3070_rf_read(sc, 21, &rf); 5638 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5639 } 5640 5641 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5642 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5643 run_rt3070_rf_read(sc, 27, &rf); 5644 rf &= ~0x77; 5645 if (sc->mac_rev < 0x0211) 5646 rf |= 0x03; 5647 run_rt3070_rf_write(sc, 27, rf); 5648 } 5649 return (0); 5650 } 5651 5652 static void 5653 run_rt3593_rf_init(struct run_softc *sc) 5654 { 5655 uint32_t tmp; 5656 uint8_t rf; 5657 u_int i; 5658 5659 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5660 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5661 tmp &= ~(1 << 4 | 1 << 7); 5662 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5663 5664 /* Initialize RF registers to default value. */ 5665 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5666 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5667 rt3593_def_rf[i].val); 5668 } 5669 5670 /* Toggle RF R2 to initiate calibration. */ 5671 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5672 5673 /* Initialize RF frequency offset. */ 5674 run_adjust_freq_offset(sc); 5675 5676 run_rt3070_rf_read(sc, 18, &rf); 5677 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5678 5679 /* 5680 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5681 * decrease voltage back to 1.2V. 5682 */ 5683 run_read(sc, RT3070_LDO_CFG0, &tmp); 5684 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5685 run_write(sc, RT3070_LDO_CFG0, tmp); 5686 run_delay(sc, 1); 5687 tmp = (tmp & ~0x1f000000) | 0x01000000; 5688 run_write(sc, RT3070_LDO_CFG0, tmp); 5689 5690 sc->rf24_20mhz = 0x1f; 5691 sc->rf24_40mhz = 0x2f; 5692 5693 /* Save default BBP registers 25 and 26 values. */ 5694 run_bbp_read(sc, 25, &sc->bbp25); 5695 run_bbp_read(sc, 26, &sc->bbp26); 5696 5697 run_read(sc, RT3070_OPT_14, &tmp); 5698 run_write(sc, RT3070_OPT_14, tmp | 1); 5699 } 5700 5701 static void 5702 run_rt5390_rf_init(struct run_softc *sc) 5703 { 5704 uint32_t tmp; 5705 uint8_t rf; 5706 u_int i; 5707 5708 /* Toggle RF R2 to initiate calibration. */ 5709 if (sc->mac_ver == 0x5390) { 5710 run_rt3070_rf_read(sc, 2, &rf); 5711 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5712 run_delay(sc, 10); 5713 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5714 } else { 5715 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5716 run_delay(sc, 10); 5717 } 5718 5719 /* Initialize RF registers to default value. */ 5720 if (sc->mac_ver == 0x5592) { 5721 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5722 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5723 rt5592_def_rf[i].val); 5724 } 5725 /* Initialize RF frequency offset. */ 5726 run_adjust_freq_offset(sc); 5727 } else if (sc->mac_ver == 0x5392) { 5728 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5729 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5730 rt5392_def_rf[i].val); 5731 } 5732 if (sc->mac_rev >= 0x0223) { 5733 run_rt3070_rf_write(sc, 23, 0x0f); 5734 run_rt3070_rf_write(sc, 24, 0x3e); 5735 run_rt3070_rf_write(sc, 51, 0x32); 5736 run_rt3070_rf_write(sc, 53, 0x22); 5737 run_rt3070_rf_write(sc, 56, 0xc1); 5738 run_rt3070_rf_write(sc, 59, 0x0f); 5739 } 5740 } else { 5741 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5742 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5743 rt5390_def_rf[i].val); 5744 } 5745 if (sc->mac_rev >= 0x0502) { 5746 run_rt3070_rf_write(sc, 6, 0xe0); 5747 run_rt3070_rf_write(sc, 25, 0x80); 5748 run_rt3070_rf_write(sc, 46, 0x73); 5749 run_rt3070_rf_write(sc, 53, 0x00); 5750 run_rt3070_rf_write(sc, 56, 0x42); 5751 run_rt3070_rf_write(sc, 61, 0xd1); 5752 } 5753 } 5754 5755 sc->rf24_20mhz = 0x1f; /* default value */ 5756 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5757 5758 if (sc->mac_rev < 0x0211) 5759 run_rt3070_rf_write(sc, 27, 0x3); 5760 5761 run_read(sc, RT3070_OPT_14, &tmp); 5762 run_write(sc, RT3070_OPT_14, tmp | 1); 5763 } 5764 5765 static int 5766 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5767 uint8_t *val) 5768 { 5769 uint8_t rf22, rf24; 5770 uint8_t bbp55_pb, bbp55_sb, delta; 5771 int ntries; 5772 5773 /* program filter */ 5774 run_rt3070_rf_read(sc, 24, &rf24); 5775 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5776 run_rt3070_rf_write(sc, 24, rf24); 5777 5778 /* enable baseband loopback mode */ 5779 run_rt3070_rf_read(sc, 22, &rf22); 5780 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5781 5782 /* set power and frequency of passband test tone */ 5783 run_bbp_write(sc, 24, 0x00); 5784 for (ntries = 0; ntries < 100; ntries++) { 5785 /* transmit test tone */ 5786 run_bbp_write(sc, 25, 0x90); 5787 run_delay(sc, 10); 5788 /* read received power */ 5789 run_bbp_read(sc, 55, &bbp55_pb); 5790 if (bbp55_pb != 0) 5791 break; 5792 } 5793 if (ntries == 100) 5794 return (ETIMEDOUT); 5795 5796 /* set power and frequency of stopband test tone */ 5797 run_bbp_write(sc, 24, 0x06); 5798 for (ntries = 0; ntries < 100; ntries++) { 5799 /* transmit test tone */ 5800 run_bbp_write(sc, 25, 0x90); 5801 run_delay(sc, 10); 5802 /* read received power */ 5803 run_bbp_read(sc, 55, &bbp55_sb); 5804 5805 delta = bbp55_pb - bbp55_sb; 5806 if (delta > target) 5807 break; 5808 5809 /* reprogram filter */ 5810 rf24++; 5811 run_rt3070_rf_write(sc, 24, rf24); 5812 } 5813 if (ntries < 100) { 5814 if (rf24 != init) 5815 rf24--; /* backtrack */ 5816 *val = rf24; 5817 run_rt3070_rf_write(sc, 24, rf24); 5818 } 5819 5820 /* restore initial state */ 5821 run_bbp_write(sc, 24, 0x00); 5822 5823 /* disable baseband loopback mode */ 5824 run_rt3070_rf_read(sc, 22, &rf22); 5825 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5826 5827 return (0); 5828 } 5829 5830 static void 5831 run_rt3070_rf_setup(struct run_softc *sc) 5832 { 5833 uint8_t bbp, rf; 5834 int i; 5835 5836 if (sc->mac_ver == 0x3572) { 5837 /* enable DC filter */ 5838 if (sc->mac_rev >= 0x0201) 5839 run_bbp_write(sc, 103, 0xc0); 5840 5841 run_bbp_read(sc, 138, &bbp); 5842 if (sc->ntxchains == 1) 5843 bbp |= 0x20; /* turn off DAC1 */ 5844 if (sc->nrxchains == 1) 5845 bbp &= ~0x02; /* turn off ADC1 */ 5846 run_bbp_write(sc, 138, bbp); 5847 5848 if (sc->mac_rev >= 0x0211) { 5849 /* improve power consumption */ 5850 run_bbp_read(sc, 31, &bbp); 5851 run_bbp_write(sc, 31, bbp & ~0x03); 5852 } 5853 5854 run_rt3070_rf_read(sc, 16, &rf); 5855 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5856 run_rt3070_rf_write(sc, 16, rf); 5857 5858 } else if (sc->mac_ver == 0x3071) { 5859 if (sc->mac_rev >= 0x0211) { 5860 /* enable DC filter */ 5861 run_bbp_write(sc, 103, 0xc0); 5862 5863 /* improve power consumption */ 5864 run_bbp_read(sc, 31, &bbp); 5865 run_bbp_write(sc, 31, bbp & ~0x03); 5866 } 5867 5868 run_bbp_read(sc, 138, &bbp); 5869 if (sc->ntxchains == 1) 5870 bbp |= 0x20; /* turn off DAC1 */ 5871 if (sc->nrxchains == 1) 5872 bbp &= ~0x02; /* turn off ADC1 */ 5873 run_bbp_write(sc, 138, bbp); 5874 5875 run_write(sc, RT2860_TX_SW_CFG1, 0); 5876 if (sc->mac_rev < 0x0211) { 5877 run_write(sc, RT2860_TX_SW_CFG2, 5878 sc->patch_dac ? 0x2c : 0x0f); 5879 } else 5880 run_write(sc, RT2860_TX_SW_CFG2, 0); 5881 5882 } else if (sc->mac_ver == 0x3070) { 5883 if (sc->mac_rev >= 0x0201) { 5884 /* enable DC filter */ 5885 run_bbp_write(sc, 103, 0xc0); 5886 5887 /* improve power consumption */ 5888 run_bbp_read(sc, 31, &bbp); 5889 run_bbp_write(sc, 31, bbp & ~0x03); 5890 } 5891 5892 if (sc->mac_rev < 0x0201) { 5893 run_write(sc, RT2860_TX_SW_CFG1, 0); 5894 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5895 } else 5896 run_write(sc, RT2860_TX_SW_CFG2, 0); 5897 } 5898 5899 /* initialize RF registers from ROM for >=RT3071*/ 5900 if (sc->mac_ver >= 0x3071) { 5901 for (i = 0; i < 10; i++) { 5902 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5903 continue; 5904 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5905 } 5906 } 5907 } 5908 5909 static void 5910 run_rt3593_rf_setup(struct run_softc *sc) 5911 { 5912 uint8_t bbp, rf; 5913 5914 if (sc->mac_rev >= 0x0211) { 5915 /* Enable DC filter. */ 5916 run_bbp_write(sc, 103, 0xc0); 5917 } 5918 run_write(sc, RT2860_TX_SW_CFG1, 0); 5919 if (sc->mac_rev < 0x0211) { 5920 run_write(sc, RT2860_TX_SW_CFG2, 5921 sc->patch_dac ? 0x2c : 0x0f); 5922 } else 5923 run_write(sc, RT2860_TX_SW_CFG2, 0); 5924 5925 run_rt3070_rf_read(sc, 50, &rf); 5926 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5927 5928 run_rt3070_rf_read(sc, 51, &rf); 5929 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5930 ((sc->txmixgain_2ghz & 0x07) << 2); 5931 run_rt3070_rf_write(sc, 51, rf); 5932 5933 run_rt3070_rf_read(sc, 38, &rf); 5934 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5935 5936 run_rt3070_rf_read(sc, 39, &rf); 5937 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5938 5939 run_rt3070_rf_read(sc, 1, &rf); 5940 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5941 5942 run_rt3070_rf_read(sc, 30, &rf); 5943 rf = (rf & ~0x18) | 0x10; 5944 run_rt3070_rf_write(sc, 30, rf); 5945 5946 /* Apply maximum likelihood detection for 2 stream case. */ 5947 run_bbp_read(sc, 105, &bbp); 5948 if (sc->nrxchains > 1) 5949 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5950 5951 /* Avoid data lost and CRC error. */ 5952 run_bbp_read(sc, 4, &bbp); 5953 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5954 5955 run_bbp_write(sc, 92, 0x02); 5956 run_bbp_write(sc, 82, 0x82); 5957 run_bbp_write(sc, 106, 0x05); 5958 run_bbp_write(sc, 104, 0x92); 5959 run_bbp_write(sc, 88, 0x90); 5960 run_bbp_write(sc, 148, 0xc8); 5961 run_bbp_write(sc, 47, 0x48); 5962 run_bbp_write(sc, 120, 0x50); 5963 5964 run_bbp_write(sc, 163, 0x9d); 5965 5966 /* SNR mapping. */ 5967 run_bbp_write(sc, 142, 0x06); 5968 run_bbp_write(sc, 143, 0xa0); 5969 run_bbp_write(sc, 142, 0x07); 5970 run_bbp_write(sc, 143, 0xa1); 5971 run_bbp_write(sc, 142, 0x08); 5972 run_bbp_write(sc, 143, 0xa2); 5973 5974 run_bbp_write(sc, 31, 0x08); 5975 run_bbp_write(sc, 68, 0x0b); 5976 run_bbp_write(sc, 105, 0x04); 5977 } 5978 5979 static void 5980 run_rt5390_rf_setup(struct run_softc *sc) 5981 { 5982 uint8_t bbp, rf; 5983 5984 if (sc->mac_rev >= 0x0211) { 5985 /* Enable DC filter. */ 5986 run_bbp_write(sc, 103, 0xc0); 5987 5988 if (sc->mac_ver != 0x5592) { 5989 /* Improve power consumption. */ 5990 run_bbp_read(sc, 31, &bbp); 5991 run_bbp_write(sc, 31, bbp & ~0x03); 5992 } 5993 } 5994 5995 run_bbp_read(sc, 138, &bbp); 5996 if (sc->ntxchains == 1) 5997 bbp |= 0x20; /* turn off DAC1 */ 5998 if (sc->nrxchains == 1) 5999 bbp &= ~0x02; /* turn off ADC1 */ 6000 run_bbp_write(sc, 138, bbp); 6001 6002 run_rt3070_rf_read(sc, 38, &rf); 6003 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 6004 6005 run_rt3070_rf_read(sc, 39, &rf); 6006 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 6007 6008 /* Avoid data lost and CRC error. */ 6009 run_bbp_read(sc, 4, &bbp); 6010 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 6011 6012 run_rt3070_rf_read(sc, 30, &rf); 6013 rf = (rf & ~0x18) | 0x10; 6014 run_rt3070_rf_write(sc, 30, rf); 6015 6016 if (sc->mac_ver != 0x5592) { 6017 run_write(sc, RT2860_TX_SW_CFG1, 0); 6018 if (sc->mac_rev < 0x0211) { 6019 run_write(sc, RT2860_TX_SW_CFG2, 6020 sc->patch_dac ? 0x2c : 0x0f); 6021 } else 6022 run_write(sc, RT2860_TX_SW_CFG2, 0); 6023 } 6024 } 6025 6026 static int 6027 run_txrx_enable(struct run_softc *sc) 6028 { 6029 struct ieee80211com *ic = &sc->sc_ic; 6030 uint32_t tmp; 6031 int error, ntries; 6032 6033 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 6034 for (ntries = 0; ntries < 200; ntries++) { 6035 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 6036 return (error); 6037 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6038 break; 6039 run_delay(sc, 50); 6040 } 6041 if (ntries == 200) 6042 return (ETIMEDOUT); 6043 6044 run_delay(sc, 50); 6045 6046 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 6047 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6048 6049 /* enable Rx bulk aggregation (set timeout and limit) */ 6050 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 6051 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 6052 run_write(sc, RT2860_USB_DMA_CFG, tmp); 6053 6054 /* set Rx filter */ 6055 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 6056 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 6057 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 6058 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 6059 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 6060 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 6061 if (ic->ic_opmode == IEEE80211_M_STA) 6062 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 6063 } 6064 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 6065 6066 run_write(sc, RT2860_MAC_SYS_CTRL, 6067 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6068 6069 return (0); 6070 } 6071 6072 static void 6073 run_adjust_freq_offset(struct run_softc *sc) 6074 { 6075 uint8_t rf, tmp; 6076 6077 run_rt3070_rf_read(sc, 17, &rf); 6078 tmp = rf; 6079 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 6080 rf = MIN(rf, 0x5f); 6081 6082 if (tmp != rf) 6083 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 6084 } 6085 6086 static void 6087 run_init_locked(struct run_softc *sc) 6088 { 6089 struct ieee80211com *ic = &sc->sc_ic; 6090 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6091 uint32_t tmp; 6092 uint8_t bbp1, bbp3; 6093 int i; 6094 int ridx; 6095 int ntries; 6096 6097 if (ic->ic_nrunning > 1) 6098 return; 6099 6100 run_stop(sc); 6101 6102 if (run_load_microcode(sc) != 0) { 6103 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6104 goto fail; 6105 } 6106 6107 for (ntries = 0; ntries < 100; ntries++) { 6108 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6109 goto fail; 6110 if (tmp != 0 && tmp != 0xffffffff) 6111 break; 6112 run_delay(sc, 10); 6113 } 6114 if (ntries == 100) 6115 goto fail; 6116 6117 for (i = 0; i != RUN_EP_QUEUES; i++) 6118 run_setup_tx_list(sc, &sc->sc_epq[i]); 6119 6120 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6121 6122 for (ntries = 0; ntries < 100; ntries++) { 6123 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6124 goto fail; 6125 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6126 break; 6127 run_delay(sc, 10); 6128 } 6129 if (ntries == 100) { 6130 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6131 goto fail; 6132 } 6133 tmp &= 0xff0; 6134 tmp |= RT2860_TX_WB_DDONE; 6135 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6136 6137 /* turn off PME_OEN to solve high-current issue */ 6138 run_read(sc, RT2860_SYS_CTRL, &tmp); 6139 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6140 6141 run_write(sc, RT2860_MAC_SYS_CTRL, 6142 RT2860_BBP_HRST | RT2860_MAC_SRST); 6143 run_write(sc, RT2860_USB_DMA_CFG, 0); 6144 6145 if (run_reset(sc) != 0) { 6146 device_printf(sc->sc_dev, "could not reset chipset\n"); 6147 goto fail; 6148 } 6149 6150 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6151 6152 /* init Tx power for all Tx rates (from EEPROM) */ 6153 for (ridx = 0; ridx < 5; ridx++) { 6154 if (sc->txpow20mhz[ridx] == 0xffffffff) 6155 continue; 6156 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6157 } 6158 6159 for (i = 0; i < nitems(rt2870_def_mac); i++) 6160 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6161 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6162 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6163 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6164 6165 if (sc->mac_ver >= 0x5390) { 6166 run_write(sc, RT2860_TX_SW_CFG0, 6167 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6168 if (sc->mac_ver >= 0x5392) { 6169 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6170 if (sc->mac_ver == 0x5592) { 6171 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6172 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6173 } else { 6174 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6175 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6176 } 6177 } 6178 } else if (sc->mac_ver == 0x3593) { 6179 run_write(sc, RT2860_TX_SW_CFG0, 6180 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6181 } else if (sc->mac_ver >= 0x3070) { 6182 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6183 run_write(sc, RT2860_TX_SW_CFG0, 6184 4 << RT2860_DLY_PAPE_EN_SHIFT); 6185 } 6186 6187 /* wait while MAC is busy */ 6188 for (ntries = 0; ntries < 100; ntries++) { 6189 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6190 goto fail; 6191 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6192 break; 6193 run_delay(sc, 10); 6194 } 6195 if (ntries == 100) 6196 goto fail; 6197 6198 /* clear Host to MCU mailbox */ 6199 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6200 run_write(sc, RT2860_H2M_MAILBOX, 0); 6201 run_delay(sc, 10); 6202 6203 if (run_bbp_init(sc) != 0) { 6204 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6205 goto fail; 6206 } 6207 6208 /* abort TSF synchronization */ 6209 run_disable_tsf(sc); 6210 6211 /* clear RX WCID search table */ 6212 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6213 /* clear WCID attribute table */ 6214 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6215 6216 /* hostapd sets a key before init. So, don't clear it. */ 6217 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6218 /* clear shared key table */ 6219 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6220 /* clear shared key mode */ 6221 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6222 } 6223 6224 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6225 tmp = (tmp & ~0xff) | 0x1e; 6226 run_write(sc, RT2860_US_CYC_CNT, tmp); 6227 6228 if (sc->mac_rev != 0x0101) 6229 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6230 6231 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6232 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6233 6234 /* write vendor-specific BBP values (from EEPROM) */ 6235 if (sc->mac_ver < 0x3593) { 6236 for (i = 0; i < 10; i++) { 6237 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6238 continue; 6239 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6240 } 6241 } 6242 6243 /* select Main antenna for 1T1R devices */ 6244 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6245 run_set_rx_antenna(sc, 0); 6246 6247 /* send LEDs operating mode to microcontroller */ 6248 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6249 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6250 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6251 6252 if (sc->mac_ver >= 0x5390) 6253 run_rt5390_rf_init(sc); 6254 else if (sc->mac_ver == 0x3593) 6255 run_rt3593_rf_init(sc); 6256 else if (sc->mac_ver >= 0x3070) 6257 run_rt3070_rf_init(sc); 6258 6259 /* disable non-existing Rx chains */ 6260 run_bbp_read(sc, 3, &bbp3); 6261 bbp3 &= ~(1 << 3 | 1 << 4); 6262 if (sc->nrxchains == 2) 6263 bbp3 |= 1 << 3; 6264 else if (sc->nrxchains == 3) 6265 bbp3 |= 1 << 4; 6266 run_bbp_write(sc, 3, bbp3); 6267 6268 /* disable non-existing Tx chains */ 6269 run_bbp_read(sc, 1, &bbp1); 6270 if (sc->ntxchains == 1) 6271 bbp1 &= ~(1 << 3 | 1 << 4); 6272 run_bbp_write(sc, 1, bbp1); 6273 6274 if (sc->mac_ver >= 0x5390) 6275 run_rt5390_rf_setup(sc); 6276 else if (sc->mac_ver == 0x3593) 6277 run_rt3593_rf_setup(sc); 6278 else if (sc->mac_ver >= 0x3070) 6279 run_rt3070_rf_setup(sc); 6280 6281 /* select default channel */ 6282 run_set_chan(sc, ic->ic_curchan); 6283 6284 /* setup initial protection mode */ 6285 run_updateprot_cb(ic); 6286 6287 /* turn radio LED on */ 6288 run_set_leds(sc, RT2860_LED_RADIO); 6289 6290 /* Set up AUTO_RSP_CFG register for auto response */ 6291 run_write(sc, RT2860_AUTO_RSP_CFG, RT2860_AUTO_RSP_EN | 6292 RT2860_BAC_ACKPOLICY_EN | RT2860_CTS_40M_MODE_EN); 6293 6294 sc->sc_flags |= RUN_RUNNING; 6295 sc->cmdq_run = RUN_CMDQ_GO; 6296 6297 for (i = 0; i != RUN_N_XFER; i++) 6298 usbd_xfer_set_stall(sc->sc_xfer[i]); 6299 6300 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6301 6302 if (run_txrx_enable(sc) != 0) 6303 goto fail; 6304 6305 return; 6306 6307 fail: 6308 run_stop(sc); 6309 } 6310 6311 static void 6312 run_stop(void *arg) 6313 { 6314 struct run_softc *sc = (struct run_softc *)arg; 6315 uint32_t tmp; 6316 int i; 6317 int ntries; 6318 6319 RUN_LOCK_ASSERT(sc, MA_OWNED); 6320 6321 if (sc->sc_flags & RUN_RUNNING) 6322 run_set_leds(sc, 0); /* turn all LEDs off */ 6323 6324 sc->sc_flags &= ~RUN_RUNNING; 6325 6326 sc->ratectl_run = RUN_RATECTL_OFF; 6327 sc->cmdq_run = sc->cmdq_key_set; 6328 6329 RUN_UNLOCK(sc); 6330 6331 for(i = 0; i < RUN_N_XFER; i++) 6332 usbd_transfer_drain(sc->sc_xfer[i]); 6333 6334 RUN_LOCK(sc); 6335 6336 run_drain_mbufq(sc); 6337 6338 if (sc->rx_m != NULL) { 6339 m_free(sc->rx_m); 6340 sc->rx_m = NULL; 6341 } 6342 6343 /* Disable Tx/Rx DMA. */ 6344 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6345 return; 6346 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6347 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6348 6349 for (ntries = 0; ntries < 100; ntries++) { 6350 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6351 return; 6352 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6353 break; 6354 run_delay(sc, 10); 6355 } 6356 if (ntries == 100) { 6357 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6358 return; 6359 } 6360 6361 /* disable Tx/Rx */ 6362 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6363 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6364 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6365 6366 /* wait for pending Tx to complete */ 6367 for (ntries = 0; ntries < 100; ntries++) { 6368 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6369 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6370 "Cannot read Tx queue count\n"); 6371 break; 6372 } 6373 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6374 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6375 "All Tx cleared\n"); 6376 break; 6377 } 6378 run_delay(sc, 10); 6379 } 6380 if (ntries >= 100) 6381 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6382 "There are still pending Tx\n"); 6383 run_delay(sc, 10); 6384 run_write(sc, RT2860_USB_DMA_CFG, 0); 6385 6386 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6387 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6388 6389 for (i = 0; i != RUN_EP_QUEUES; i++) 6390 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6391 } 6392 6393 static void 6394 run_delay(struct run_softc *sc, u_int ms) 6395 { 6396 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6397 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6398 } 6399 6400 6401 static void 6402 run_update_chw(struct ieee80211com *ic) 6403 { 6404 6405 printf("%s: TODO\n", __func__); 6406 } 6407 6408 static int 6409 run_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 6410 { 6411 6412 /* For now, no A-MPDU TX support in the driver */ 6413 return (0); 6414 } 6415 6416 static device_method_t run_methods[] = { 6417 /* Device interface */ 6418 DEVMETHOD(device_probe, run_match), 6419 DEVMETHOD(device_attach, run_attach), 6420 DEVMETHOD(device_detach, run_detach), 6421 DEVMETHOD_END 6422 }; 6423 6424 static driver_t run_driver = { 6425 .name = "run", 6426 .methods = run_methods, 6427 .size = sizeof(struct run_softc) 6428 }; 6429 6430 static devclass_t run_devclass; 6431 6432 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6433 MODULE_DEPEND(run, wlan, 1, 1, 1); 6434 MODULE_DEPEND(run, usb, 1, 1, 1); 6435 MODULE_DEPEND(run, firmware, 1, 1, 1); 6436 MODULE_VERSION(run, 1); 6437 USB_PNP_HOST_INFO(run_devs); 6438