1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93 /* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99 static const STRUCT_USB_HOST_ID run_devs[] = { 100 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 #define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103 #define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(NETGEAR, WNDA4100), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324 #undef RUN_DEV_EJECT 325 #undef RUN_DEV 326 }; 327 328 static device_probe_t run_match; 329 static device_attach_t run_attach; 330 static device_detach_t run_detach; 331 332 static usb_callback_t run_bulk_rx_callback; 333 static usb_callback_t run_bulk_tx_callback0; 334 static usb_callback_t run_bulk_tx_callback1; 335 static usb_callback_t run_bulk_tx_callback2; 336 static usb_callback_t run_bulk_tx_callback3; 337 static usb_callback_t run_bulk_tx_callback4; 338 static usb_callback_t run_bulk_tx_callback5; 339 340 static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342 static int run_driver_loaded(struct module *, int, void *); 343 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349 static void run_vap_delete(struct ieee80211vap *); 350 static void run_cmdq_cb(void *, int); 351 static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355 static int run_load_microcode(struct run_softc *); 356 static int run_reset(struct run_softc *); 357 static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359 static int run_read(struct run_softc *, uint16_t, uint32_t *); 360 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362 static int run_write(struct run_softc *, uint16_t, uint32_t); 363 static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375 static const char *run_get_rf(uint16_t); 376 static void run_rt3593_get_txpower(struct run_softc *); 377 static void run_get_txpower(struct run_softc *); 378 static int run_read_eeprom(struct run_softc *); 379 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381 static int run_media_change(struct ifnet *); 382 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383 static int run_wme_update(struct ieee80211com *); 384 static void run_key_set_cb(void *); 385 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 386 static void run_key_delete_cb(void *); 387 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 388 static void run_ratectl_to(void *); 389 static void run_ratectl_cb(void *, int); 390 static void run_drain_fifo(void *); 391 static void run_iter_func(void *, struct ieee80211_node *); 392 static void run_newassoc_cb(void *); 393 static void run_newassoc(struct ieee80211_node *, int); 394 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 395 const struct ieee80211_rx_stats *, int, int); 396 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 397 static void run_tx_free(struct run_endpoint_queue *pq, 398 struct run_tx_data *, int); 399 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 400 static int run_tx(struct run_softc *, struct mbuf *, 401 struct ieee80211_node *); 402 static int run_tx_mgt(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404 static int run_sendprot(struct run_softc *, const struct mbuf *, 405 struct ieee80211_node *, int, int); 406 static int run_tx_param(struct run_softc *, struct mbuf *, 407 struct ieee80211_node *, 408 const struct ieee80211_bpf_params *); 409 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 410 const struct ieee80211_bpf_params *); 411 static int run_transmit(struct ieee80211com *, struct mbuf *); 412 static void run_start(struct run_softc *); 413 static void run_parent(struct ieee80211com *); 414 static void run_iq_calib(struct run_softc *, u_int); 415 static void run_set_agc(struct run_softc *, uint8_t); 416 static void run_select_chan_group(struct run_softc *, int); 417 static void run_set_rx_antenna(struct run_softc *, int); 418 static void run_rt2870_set_chan(struct run_softc *, u_int); 419 static void run_rt3070_set_chan(struct run_softc *, u_int); 420 static void run_rt3572_set_chan(struct run_softc *, u_int); 421 static void run_rt3593_set_chan(struct run_softc *, u_int); 422 static void run_rt5390_set_chan(struct run_softc *, u_int); 423 static void run_rt5592_set_chan(struct run_softc *, u_int); 424 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 425 static void run_set_channel(struct ieee80211com *); 426 static void run_getradiocaps(struct ieee80211com *, int, int *, 427 struct ieee80211_channel[]); 428 static void run_scan_start(struct ieee80211com *); 429 static void run_scan_end(struct ieee80211com *); 430 static void run_update_beacon(struct ieee80211vap *, int); 431 static void run_update_beacon_cb(void *); 432 static void run_updateprot(struct ieee80211com *); 433 static void run_updateprot_cb(void *); 434 static void run_usb_timeout_cb(void *); 435 static void run_reset_livelock(struct run_softc *); 436 static void run_enable_tsf_sync(struct run_softc *); 437 static void run_enable_tsf(struct run_softc *); 438 static void run_get_tsf(struct run_softc *, uint64_t *); 439 static void run_enable_mrr(struct run_softc *); 440 static void run_set_txpreamble(struct run_softc *); 441 static void run_set_basicrates(struct run_softc *); 442 static void run_set_leds(struct run_softc *, uint16_t); 443 static void run_set_bssid(struct run_softc *, const uint8_t *); 444 static void run_set_macaddr(struct run_softc *, const uint8_t *); 445 static void run_updateslot(struct ieee80211com *); 446 static void run_updateslot_cb(void *); 447 static void run_update_mcast(struct ieee80211com *); 448 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 449 static void run_update_promisc_locked(struct run_softc *); 450 static void run_update_promisc(struct ieee80211com *); 451 static void run_rt5390_bbp_init(struct run_softc *); 452 static int run_bbp_init(struct run_softc *); 453 static int run_rt3070_rf_init(struct run_softc *); 454 static void run_rt3593_rf_init(struct run_softc *); 455 static void run_rt5390_rf_init(struct run_softc *); 456 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 457 uint8_t *); 458 static void run_rt3070_rf_setup(struct run_softc *); 459 static void run_rt3593_rf_setup(struct run_softc *); 460 static void run_rt5390_rf_setup(struct run_softc *); 461 static int run_txrx_enable(struct run_softc *); 462 static void run_adjust_freq_offset(struct run_softc *); 463 static void run_init_locked(struct run_softc *); 464 static void run_stop(void *); 465 static void run_delay(struct run_softc *, u_int); 466 467 static eventhandler_tag run_etag; 468 469 static const struct rt2860_rate { 470 uint8_t rate; 471 uint8_t mcs; 472 enum ieee80211_phytype phy; 473 uint8_t ctl_ridx; 474 uint16_t sp_ack_dur; 475 uint16_t lp_ack_dur; 476 } rt2860_rates[] = { 477 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 478 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 479 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 480 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 481 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 482 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 483 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 484 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 485 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 486 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 487 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 488 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 489 }; 490 491 static const struct { 492 uint16_t reg; 493 uint32_t val; 494 } rt2870_def_mac[] = { 495 RT2870_DEF_MAC 496 }; 497 498 static const struct { 499 uint8_t reg; 500 uint8_t val; 501 } rt2860_def_bbp[] = { 502 RT2860_DEF_BBP 503 },rt5390_def_bbp[] = { 504 RT5390_DEF_BBP 505 },rt5592_def_bbp[] = { 506 RT5592_DEF_BBP 507 }; 508 509 /* 510 * Default values for BBP register R196 for RT5592. 511 */ 512 static const uint8_t rt5592_bbp_r196[] = { 513 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 514 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 515 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 516 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 517 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 518 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 519 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 520 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 521 0x2e, 0x36, 0x30, 0x6e 522 }; 523 524 static const struct rfprog { 525 uint8_t chan; 526 uint32_t r1, r2, r3, r4; 527 } rt2860_rf2850[] = { 528 RT2860_RF2850 529 }; 530 531 struct { 532 uint8_t n, r, k; 533 } rt3070_freqs[] = { 534 RT3070_RF3052 535 }; 536 537 static const struct rt5592_freqs { 538 uint16_t n; 539 uint8_t k, m, r; 540 } rt5592_freqs_20mhz[] = { 541 RT5592_RF5592_20MHZ 542 },rt5592_freqs_40mhz[] = { 543 RT5592_RF5592_40MHZ 544 }; 545 546 static const struct { 547 uint8_t reg; 548 uint8_t val; 549 } rt3070_def_rf[] = { 550 RT3070_DEF_RF 551 },rt3572_def_rf[] = { 552 RT3572_DEF_RF 553 },rt3593_def_rf[] = { 554 RT3593_DEF_RF 555 },rt5390_def_rf[] = { 556 RT5390_DEF_RF 557 },rt5392_def_rf[] = { 558 RT5392_DEF_RF 559 },rt5592_def_rf[] = { 560 RT5592_DEF_RF 561 },rt5592_2ghz_def_rf[] = { 562 RT5592_2GHZ_DEF_RF 563 },rt5592_5ghz_def_rf[] = { 564 RT5592_5GHZ_DEF_RF 565 }; 566 567 static const struct { 568 u_int firstchan; 569 u_int lastchan; 570 uint8_t reg; 571 uint8_t val; 572 } rt5592_chan_5ghz[] = { 573 RT5592_CHAN_5GHZ 574 }; 575 576 static const struct usb_config run_config[RUN_N_XFER] = { 577 [RUN_BULK_TX_BE] = { 578 .type = UE_BULK, 579 .endpoint = UE_ADDR_ANY, 580 .ep_index = 0, 581 .direction = UE_DIR_OUT, 582 .bufsize = RUN_MAX_TXSZ, 583 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 584 .callback = run_bulk_tx_callback0, 585 .timeout = 5000, /* ms */ 586 }, 587 [RUN_BULK_TX_BK] = { 588 .type = UE_BULK, 589 .endpoint = UE_ADDR_ANY, 590 .direction = UE_DIR_OUT, 591 .ep_index = 1, 592 .bufsize = RUN_MAX_TXSZ, 593 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 594 .callback = run_bulk_tx_callback1, 595 .timeout = 5000, /* ms */ 596 }, 597 [RUN_BULK_TX_VI] = { 598 .type = UE_BULK, 599 .endpoint = UE_ADDR_ANY, 600 .direction = UE_DIR_OUT, 601 .ep_index = 2, 602 .bufsize = RUN_MAX_TXSZ, 603 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 604 .callback = run_bulk_tx_callback2, 605 .timeout = 5000, /* ms */ 606 }, 607 [RUN_BULK_TX_VO] = { 608 .type = UE_BULK, 609 .endpoint = UE_ADDR_ANY, 610 .direction = UE_DIR_OUT, 611 .ep_index = 3, 612 .bufsize = RUN_MAX_TXSZ, 613 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 614 .callback = run_bulk_tx_callback3, 615 .timeout = 5000, /* ms */ 616 }, 617 [RUN_BULK_TX_HCCA] = { 618 .type = UE_BULK, 619 .endpoint = UE_ADDR_ANY, 620 .direction = UE_DIR_OUT, 621 .ep_index = 4, 622 .bufsize = RUN_MAX_TXSZ, 623 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 624 .callback = run_bulk_tx_callback4, 625 .timeout = 5000, /* ms */ 626 }, 627 [RUN_BULK_TX_PRIO] = { 628 .type = UE_BULK, 629 .endpoint = UE_ADDR_ANY, 630 .direction = UE_DIR_OUT, 631 .ep_index = 5, 632 .bufsize = RUN_MAX_TXSZ, 633 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 634 .callback = run_bulk_tx_callback5, 635 .timeout = 5000, /* ms */ 636 }, 637 [RUN_BULK_RX] = { 638 .type = UE_BULK, 639 .endpoint = UE_ADDR_ANY, 640 .direction = UE_DIR_IN, 641 .bufsize = RUN_MAX_RXSZ, 642 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 643 .callback = run_bulk_rx_callback, 644 } 645 }; 646 647 static void 648 run_autoinst(void *arg, struct usb_device *udev, 649 struct usb_attach_arg *uaa) 650 { 651 struct usb_interface *iface; 652 struct usb_interface_descriptor *id; 653 654 if (uaa->dev_state != UAA_DEV_READY) 655 return; 656 657 iface = usbd_get_iface(udev, 0); 658 if (iface == NULL) 659 return; 660 id = iface->idesc; 661 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 662 return; 663 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 664 return; 665 666 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 667 uaa->dev_state = UAA_DEV_EJECTING; 668 } 669 670 static int 671 run_driver_loaded(struct module *mod, int what, void *arg) 672 { 673 switch (what) { 674 case MOD_LOAD: 675 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 676 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 677 break; 678 case MOD_UNLOAD: 679 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 680 break; 681 default: 682 return (EOPNOTSUPP); 683 } 684 return (0); 685 } 686 687 static int 688 run_match(device_t self) 689 { 690 struct usb_attach_arg *uaa = device_get_ivars(self); 691 692 if (uaa->usb_mode != USB_MODE_HOST) 693 return (ENXIO); 694 if (uaa->info.bConfigIndex != 0) 695 return (ENXIO); 696 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 697 return (ENXIO); 698 699 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 700 } 701 702 static int 703 run_attach(device_t self) 704 { 705 struct run_softc *sc = device_get_softc(self); 706 struct usb_attach_arg *uaa = device_get_ivars(self); 707 struct ieee80211com *ic = &sc->sc_ic; 708 uint32_t ver; 709 uint8_t iface_index; 710 int ntries, error; 711 712 device_set_usb_desc(self); 713 sc->sc_udev = uaa->device; 714 sc->sc_dev = self; 715 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 716 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 717 718 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 719 MTX_NETWORK_LOCK, MTX_DEF); 720 mbufq_init(&sc->sc_snd, ifqmaxlen); 721 722 iface_index = RT2860_IFACE_INDEX; 723 724 error = usbd_transfer_setup(uaa->device, &iface_index, 725 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 726 if (error) { 727 device_printf(self, "could not allocate USB transfers, " 728 "err=%s\n", usbd_errstr(error)); 729 goto detach; 730 } 731 732 RUN_LOCK(sc); 733 734 /* wait for the chip to settle */ 735 for (ntries = 0; ntries < 100; ntries++) { 736 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 737 RUN_UNLOCK(sc); 738 goto detach; 739 } 740 if (ver != 0 && ver != 0xffffffff) 741 break; 742 run_delay(sc, 10); 743 } 744 if (ntries == 100) { 745 device_printf(sc->sc_dev, 746 "timeout waiting for NIC to initialize\n"); 747 RUN_UNLOCK(sc); 748 goto detach; 749 } 750 sc->mac_ver = ver >> 16; 751 sc->mac_rev = ver & 0xffff; 752 753 /* retrieve RF rev. no and various other things from EEPROM */ 754 run_read_eeprom(sc); 755 756 device_printf(sc->sc_dev, 757 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 758 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 759 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 760 761 RUN_UNLOCK(sc); 762 763 ic->ic_softc = sc; 764 ic->ic_name = device_get_nameunit(self); 765 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 766 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 767 768 /* set device capabilities */ 769 ic->ic_caps = 770 IEEE80211_C_STA | /* station mode supported */ 771 IEEE80211_C_MONITOR | /* monitor mode supported */ 772 IEEE80211_C_IBSS | 773 IEEE80211_C_HOSTAP | 774 IEEE80211_C_WDS | /* 4-address traffic works */ 775 IEEE80211_C_MBSS | 776 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 777 IEEE80211_C_SHSLOT | /* short slot time supported */ 778 IEEE80211_C_WME | /* WME */ 779 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 780 781 ic->ic_cryptocaps = 782 IEEE80211_CRYPTO_WEP | 783 IEEE80211_CRYPTO_AES_CCM | 784 IEEE80211_CRYPTO_TKIPMIC | 785 IEEE80211_CRYPTO_TKIP; 786 787 ic->ic_flags |= IEEE80211_F_DATAPAD; 788 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 789 790 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 791 ic->ic_channels); 792 793 ieee80211_ifattach(ic); 794 795 ic->ic_scan_start = run_scan_start; 796 ic->ic_scan_end = run_scan_end; 797 ic->ic_set_channel = run_set_channel; 798 ic->ic_getradiocaps = run_getradiocaps; 799 ic->ic_node_alloc = run_node_alloc; 800 ic->ic_newassoc = run_newassoc; 801 ic->ic_updateslot = run_updateslot; 802 ic->ic_update_mcast = run_update_mcast; 803 ic->ic_wme.wme_update = run_wme_update; 804 ic->ic_raw_xmit = run_raw_xmit; 805 ic->ic_update_promisc = run_update_promisc; 806 ic->ic_vap_create = run_vap_create; 807 ic->ic_vap_delete = run_vap_delete; 808 ic->ic_transmit = run_transmit; 809 ic->ic_parent = run_parent; 810 811 ieee80211_radiotap_attach(ic, 812 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 813 RUN_TX_RADIOTAP_PRESENT, 814 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 815 RUN_RX_RADIOTAP_PRESENT); 816 817 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 818 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 819 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 820 821 if (bootverbose) 822 ieee80211_announce(ic); 823 824 return (0); 825 826 detach: 827 run_detach(self); 828 return (ENXIO); 829 } 830 831 static void 832 run_drain_mbufq(struct run_softc *sc) 833 { 834 struct mbuf *m; 835 struct ieee80211_node *ni; 836 837 RUN_LOCK_ASSERT(sc, MA_OWNED); 838 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 839 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 840 m->m_pkthdr.rcvif = NULL; 841 ieee80211_free_node(ni); 842 m_freem(m); 843 } 844 } 845 846 static int 847 run_detach(device_t self) 848 { 849 struct run_softc *sc = device_get_softc(self); 850 struct ieee80211com *ic = &sc->sc_ic; 851 int i; 852 853 RUN_LOCK(sc); 854 sc->sc_detached = 1; 855 RUN_UNLOCK(sc); 856 857 /* stop all USB transfers */ 858 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 859 860 RUN_LOCK(sc); 861 sc->ratectl_run = RUN_RATECTL_OFF; 862 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 863 864 /* free TX list, if any */ 865 for (i = 0; i != RUN_EP_QUEUES; i++) 866 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 867 868 /* Free TX queue */ 869 run_drain_mbufq(sc); 870 RUN_UNLOCK(sc); 871 872 if (sc->sc_ic.ic_softc == sc) { 873 /* drain tasks */ 874 usb_callout_drain(&sc->ratectl_ch); 875 ieee80211_draintask(ic, &sc->cmdq_task); 876 ieee80211_draintask(ic, &sc->ratectl_task); 877 ieee80211_ifdetach(ic); 878 } 879 880 mtx_destroy(&sc->sc_mtx); 881 882 return (0); 883 } 884 885 static struct ieee80211vap * 886 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 887 enum ieee80211_opmode opmode, int flags, 888 const uint8_t bssid[IEEE80211_ADDR_LEN], 889 const uint8_t mac[IEEE80211_ADDR_LEN]) 890 { 891 struct run_softc *sc = ic->ic_softc; 892 struct run_vap *rvp; 893 struct ieee80211vap *vap; 894 int i; 895 896 if (sc->rvp_cnt >= RUN_VAP_MAX) { 897 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 898 return (NULL); 899 } 900 901 switch (opmode) { 902 case IEEE80211_M_STA: 903 /* enable s/w bmiss handling for sta mode */ 904 flags |= IEEE80211_CLONE_NOBEACONS; 905 /* fall though */ 906 case IEEE80211_M_IBSS: 907 case IEEE80211_M_MONITOR: 908 case IEEE80211_M_HOSTAP: 909 case IEEE80211_M_MBSS: 910 /* other than WDS vaps, only one at a time */ 911 if (!TAILQ_EMPTY(&ic->ic_vaps)) 912 return (NULL); 913 break; 914 case IEEE80211_M_WDS: 915 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 916 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 917 continue; 918 /* WDS vap's always share the local mac address. */ 919 flags &= ~IEEE80211_CLONE_BSSID; 920 break; 921 } 922 if (vap == NULL) { 923 device_printf(sc->sc_dev, 924 "wds only supported in ap mode\n"); 925 return (NULL); 926 } 927 break; 928 default: 929 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 930 return (NULL); 931 } 932 933 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 934 vap = &rvp->vap; 935 936 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 937 bssid) != 0) { 938 /* out of memory */ 939 free(rvp, M_80211_VAP); 940 return (NULL); 941 } 942 943 vap->iv_update_beacon = run_update_beacon; 944 vap->iv_max_aid = RT2870_WCID_MAX; 945 /* 946 * To delete the right key from h/w, we need wcid. 947 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 948 * and matching wcid will be written into there. So, cast 949 * some spells to remove 'const' from ieee80211_key{} 950 */ 951 vap->iv_key_delete = (void *)run_key_delete; 952 vap->iv_key_set = (void *)run_key_set; 953 954 /* override state transition machine */ 955 rvp->newstate = vap->iv_newstate; 956 vap->iv_newstate = run_newstate; 957 if (opmode == IEEE80211_M_IBSS) { 958 rvp->recv_mgmt = vap->iv_recv_mgmt; 959 vap->iv_recv_mgmt = run_recv_mgmt; 960 } 961 962 ieee80211_ratectl_init(vap); 963 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 964 965 /* complete setup */ 966 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 967 mac); 968 969 /* make sure id is always unique */ 970 for (i = 0; i < RUN_VAP_MAX; i++) { 971 if((sc->rvp_bmap & 1 << i) == 0){ 972 sc->rvp_bmap |= 1 << i; 973 rvp->rvp_id = i; 974 break; 975 } 976 } 977 if (sc->rvp_cnt++ == 0) 978 ic->ic_opmode = opmode; 979 980 if (opmode == IEEE80211_M_HOSTAP) 981 sc->cmdq_run = RUN_CMDQ_GO; 982 983 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 984 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 985 986 return (vap); 987 } 988 989 static void 990 run_vap_delete(struct ieee80211vap *vap) 991 { 992 struct run_vap *rvp = RUN_VAP(vap); 993 struct ieee80211com *ic; 994 struct run_softc *sc; 995 uint8_t rvp_id; 996 997 if (vap == NULL) 998 return; 999 1000 ic = vap->iv_ic; 1001 sc = ic->ic_softc; 1002 1003 RUN_LOCK(sc); 1004 1005 m_freem(rvp->beacon_mbuf); 1006 rvp->beacon_mbuf = NULL; 1007 1008 rvp_id = rvp->rvp_id; 1009 sc->ratectl_run &= ~(1 << rvp_id); 1010 sc->rvp_bmap &= ~(1 << rvp_id); 1011 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1012 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1013 --sc->rvp_cnt; 1014 1015 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1016 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1017 1018 RUN_UNLOCK(sc); 1019 1020 ieee80211_ratectl_deinit(vap); 1021 ieee80211_vap_detach(vap); 1022 free(rvp, M_80211_VAP); 1023 } 1024 1025 /* 1026 * There are numbers of functions need to be called in context thread. 1027 * Rather than creating taskqueue event for each of those functions, 1028 * here is all-for-one taskqueue callback function. This function 1029 * guarantees deferred functions are executed in the same order they 1030 * were enqueued. 1031 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1032 */ 1033 static void 1034 run_cmdq_cb(void *arg, int pending) 1035 { 1036 struct run_softc *sc = arg; 1037 uint8_t i; 1038 1039 /* call cmdq[].func locked */ 1040 RUN_LOCK(sc); 1041 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1042 i = sc->cmdq_exec, pending--) { 1043 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1044 if (sc->cmdq_run == RUN_CMDQ_GO) { 1045 /* 1046 * If arg0 is NULL, callback func needs more 1047 * than one arg. So, pass ptr to cmdq struct. 1048 */ 1049 if (sc->cmdq[i].arg0) 1050 sc->cmdq[i].func(sc->cmdq[i].arg0); 1051 else 1052 sc->cmdq[i].func(&sc->cmdq[i]); 1053 } 1054 sc->cmdq[i].arg0 = NULL; 1055 sc->cmdq[i].func = NULL; 1056 sc->cmdq_exec++; 1057 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1058 } 1059 RUN_UNLOCK(sc); 1060 } 1061 1062 static void 1063 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1064 { 1065 struct run_tx_data *data; 1066 1067 memset(pq, 0, sizeof(*pq)); 1068 1069 STAILQ_INIT(&pq->tx_qh); 1070 STAILQ_INIT(&pq->tx_fh); 1071 1072 for (data = &pq->tx_data[0]; 1073 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1074 data->sc = sc; 1075 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1076 } 1077 pq->tx_nfree = RUN_TX_RING_COUNT; 1078 } 1079 1080 static void 1081 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1082 { 1083 struct run_tx_data *data; 1084 1085 /* make sure any subsequent use of the queues will fail */ 1086 pq->tx_nfree = 0; 1087 STAILQ_INIT(&pq->tx_fh); 1088 STAILQ_INIT(&pq->tx_qh); 1089 1090 /* free up all node references and mbufs */ 1091 for (data = &pq->tx_data[0]; 1092 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1093 if (data->m != NULL) { 1094 m_freem(data->m); 1095 data->m = NULL; 1096 } 1097 if (data->ni != NULL) { 1098 ieee80211_free_node(data->ni); 1099 data->ni = NULL; 1100 } 1101 } 1102 } 1103 1104 static int 1105 run_load_microcode(struct run_softc *sc) 1106 { 1107 usb_device_request_t req; 1108 const struct firmware *fw; 1109 const u_char *base; 1110 uint32_t tmp; 1111 int ntries, error; 1112 const uint64_t *temp; 1113 uint64_t bytes; 1114 1115 RUN_UNLOCK(sc); 1116 fw = firmware_get("runfw"); 1117 RUN_LOCK(sc); 1118 if (fw == NULL) { 1119 device_printf(sc->sc_dev, 1120 "failed loadfirmware of file %s\n", "runfw"); 1121 return ENOENT; 1122 } 1123 1124 if (fw->datasize != 8192) { 1125 device_printf(sc->sc_dev, 1126 "invalid firmware size (should be 8KB)\n"); 1127 error = EINVAL; 1128 goto fail; 1129 } 1130 1131 /* 1132 * RT3071/RT3072 use a different firmware 1133 * run-rt2870 (8KB) contains both, 1134 * first half (4KB) is for rt2870, 1135 * last half is for rt3071. 1136 */ 1137 base = fw->data; 1138 if ((sc->mac_ver) != 0x2860 && 1139 (sc->mac_ver) != 0x2872 && 1140 (sc->mac_ver) != 0x3070) { 1141 base += 4096; 1142 } 1143 1144 /* cheap sanity check */ 1145 temp = fw->data; 1146 bytes = *temp; 1147 if (bytes != be64toh(0xffffff0210280210ULL)) { 1148 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1149 error = EINVAL; 1150 goto fail; 1151 } 1152 1153 /* write microcode image */ 1154 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1155 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1156 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1157 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1158 } 1159 1160 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1161 req.bRequest = RT2870_RESET; 1162 USETW(req.wValue, 8); 1163 USETW(req.wIndex, 0); 1164 USETW(req.wLength, 0); 1165 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1166 != 0) { 1167 device_printf(sc->sc_dev, "firmware reset failed\n"); 1168 goto fail; 1169 } 1170 1171 run_delay(sc, 10); 1172 1173 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1174 run_write(sc, RT2860_H2M_MAILBOX, 0); 1175 run_write(sc, RT2860_H2M_INTSRC, 0); 1176 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1177 goto fail; 1178 1179 /* wait until microcontroller is ready */ 1180 for (ntries = 0; ntries < 1000; ntries++) { 1181 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1182 goto fail; 1183 if (tmp & RT2860_MCU_READY) 1184 break; 1185 run_delay(sc, 10); 1186 } 1187 if (ntries == 1000) { 1188 device_printf(sc->sc_dev, 1189 "timeout waiting for MCU to initialize\n"); 1190 error = ETIMEDOUT; 1191 goto fail; 1192 } 1193 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1194 (base == fw->data) ? "RT2870" : "RT3071", 1195 *(base + 4092), *(base + 4093)); 1196 1197 fail: 1198 firmware_put(fw, FIRMWARE_UNLOAD); 1199 return (error); 1200 } 1201 1202 static int 1203 run_reset(struct run_softc *sc) 1204 { 1205 usb_device_request_t req; 1206 1207 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1208 req.bRequest = RT2870_RESET; 1209 USETW(req.wValue, 1); 1210 USETW(req.wIndex, 0); 1211 USETW(req.wLength, 0); 1212 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1213 } 1214 1215 static usb_error_t 1216 run_do_request(struct run_softc *sc, 1217 struct usb_device_request *req, void *data) 1218 { 1219 usb_error_t err; 1220 int ntries = 10; 1221 1222 RUN_LOCK_ASSERT(sc, MA_OWNED); 1223 1224 while (ntries--) { 1225 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1226 req, data, 0, NULL, 250 /* ms */); 1227 if (err == 0) 1228 break; 1229 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1230 usbd_errstr(err)); 1231 run_delay(sc, 10); 1232 } 1233 return (err); 1234 } 1235 1236 static int 1237 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1238 { 1239 uint32_t tmp; 1240 int error; 1241 1242 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1243 if (error == 0) 1244 *val = le32toh(tmp); 1245 else 1246 *val = 0xffffffff; 1247 return (error); 1248 } 1249 1250 static int 1251 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1252 { 1253 usb_device_request_t req; 1254 1255 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1256 req.bRequest = RT2870_READ_REGION_1; 1257 USETW(req.wValue, 0); 1258 USETW(req.wIndex, reg); 1259 USETW(req.wLength, len); 1260 1261 return (run_do_request(sc, &req, buf)); 1262 } 1263 1264 static int 1265 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1266 { 1267 usb_device_request_t req; 1268 1269 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1270 req.bRequest = RT2870_WRITE_2; 1271 USETW(req.wValue, val); 1272 USETW(req.wIndex, reg); 1273 USETW(req.wLength, 0); 1274 1275 return (run_do_request(sc, &req, NULL)); 1276 } 1277 1278 static int 1279 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1280 { 1281 int error; 1282 1283 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1284 error = run_write_2(sc, reg + 2, val >> 16); 1285 return (error); 1286 } 1287 1288 static int 1289 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1290 int len) 1291 { 1292 #if 1 1293 int i, error = 0; 1294 /* 1295 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1296 * We thus issue multiple WRITE_2 commands instead. 1297 */ 1298 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1299 for (i = 0; i < len && error == 0; i += 2) 1300 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1301 return (error); 1302 #else 1303 usb_device_request_t req; 1304 int error = 0; 1305 1306 /* 1307 * NOTE: It appears the WRITE_REGION_1 command cannot be 1308 * passed a huge amount of data, which will crash the 1309 * firmware. Limit amount of data passed to 64-bytes at a 1310 * time. 1311 */ 1312 while (len > 0) { 1313 int delta = 64; 1314 if (delta > len) 1315 delta = len; 1316 1317 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1318 req.bRequest = RT2870_WRITE_REGION_1; 1319 USETW(req.wValue, 0); 1320 USETW(req.wIndex, reg); 1321 USETW(req.wLength, delta); 1322 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1323 if (error != 0) 1324 break; 1325 reg += delta; 1326 buf += delta; 1327 len -= delta; 1328 } 1329 return (error); 1330 #endif 1331 } 1332 1333 static int 1334 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1335 { 1336 int i, error = 0; 1337 1338 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1339 for (i = 0; i < len && error == 0; i += 4) 1340 error = run_write(sc, reg + i, val); 1341 return (error); 1342 } 1343 1344 static int 1345 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1346 { 1347 uint32_t tmp; 1348 uint16_t reg; 1349 int error, ntries; 1350 1351 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1352 return (error); 1353 1354 if (count == 2) 1355 addr *= 2; 1356 /*- 1357 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1358 * DATA0: F E D C 1359 * DATA1: B A 9 8 1360 * DATA2: 7 6 5 4 1361 * DATA3: 3 2 1 0 1362 */ 1363 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1364 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1365 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1366 for (ntries = 0; ntries < 100; ntries++) { 1367 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1368 return (error); 1369 if (!(tmp & RT3070_EFSROM_KICK)) 1370 break; 1371 run_delay(sc, 2); 1372 } 1373 if (ntries == 100) 1374 return (ETIMEDOUT); 1375 1376 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1377 *val = 0xffff; /* address not found */ 1378 return (0); 1379 } 1380 /* determine to which 32-bit register our 16-bit word belongs */ 1381 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1382 if ((error = run_read(sc, reg, &tmp)) != 0) 1383 return (error); 1384 1385 tmp >>= (8 * (addr & 0x3)); 1386 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1387 1388 return (0); 1389 } 1390 1391 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1392 static int 1393 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1394 { 1395 return (run_efuse_read(sc, addr, val, 2)); 1396 } 1397 1398 static int 1399 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1400 { 1401 usb_device_request_t req; 1402 uint16_t tmp; 1403 int error; 1404 1405 addr *= 2; 1406 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1407 req.bRequest = RT2870_EEPROM_READ; 1408 USETW(req.wValue, 0); 1409 USETW(req.wIndex, addr); 1410 USETW(req.wLength, sizeof(tmp)); 1411 1412 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1413 if (error == 0) 1414 *val = le16toh(tmp); 1415 else 1416 *val = 0xffff; 1417 return (error); 1418 } 1419 1420 static __inline int 1421 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1422 { 1423 /* either eFUSE ROM or EEPROM */ 1424 return sc->sc_srom_read(sc, addr, val); 1425 } 1426 1427 static int 1428 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1429 { 1430 uint32_t tmp; 1431 int error, ntries; 1432 1433 for (ntries = 0; ntries < 10; ntries++) { 1434 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1435 return (error); 1436 if (!(tmp & RT2860_RF_REG_CTRL)) 1437 break; 1438 } 1439 if (ntries == 10) 1440 return (ETIMEDOUT); 1441 1442 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1443 } 1444 1445 static int 1446 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1447 { 1448 uint32_t tmp; 1449 int error, ntries; 1450 1451 for (ntries = 0; ntries < 100; ntries++) { 1452 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1453 return (error); 1454 if (!(tmp & RT3070_RF_KICK)) 1455 break; 1456 } 1457 if (ntries == 100) 1458 return (ETIMEDOUT); 1459 1460 tmp = RT3070_RF_KICK | reg << 8; 1461 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1462 return (error); 1463 1464 for (ntries = 0; ntries < 100; ntries++) { 1465 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1466 return (error); 1467 if (!(tmp & RT3070_RF_KICK)) 1468 break; 1469 } 1470 if (ntries == 100) 1471 return (ETIMEDOUT); 1472 1473 *val = tmp & 0xff; 1474 return (0); 1475 } 1476 1477 static int 1478 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1479 { 1480 uint32_t tmp; 1481 int error, ntries; 1482 1483 for (ntries = 0; ntries < 10; ntries++) { 1484 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1485 return (error); 1486 if (!(tmp & RT3070_RF_KICK)) 1487 break; 1488 } 1489 if (ntries == 10) 1490 return (ETIMEDOUT); 1491 1492 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1493 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1494 } 1495 1496 static int 1497 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1498 { 1499 uint32_t tmp; 1500 int ntries, error; 1501 1502 for (ntries = 0; ntries < 10; ntries++) { 1503 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1504 return (error); 1505 if (!(tmp & RT2860_BBP_CSR_KICK)) 1506 break; 1507 } 1508 if (ntries == 10) 1509 return (ETIMEDOUT); 1510 1511 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1512 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1513 return (error); 1514 1515 for (ntries = 0; ntries < 10; ntries++) { 1516 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1517 return (error); 1518 if (!(tmp & RT2860_BBP_CSR_KICK)) 1519 break; 1520 } 1521 if (ntries == 10) 1522 return (ETIMEDOUT); 1523 1524 *val = tmp & 0xff; 1525 return (0); 1526 } 1527 1528 static int 1529 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1530 { 1531 uint32_t tmp; 1532 int ntries, error; 1533 1534 for (ntries = 0; ntries < 10; ntries++) { 1535 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1536 return (error); 1537 if (!(tmp & RT2860_BBP_CSR_KICK)) 1538 break; 1539 } 1540 if (ntries == 10) 1541 return (ETIMEDOUT); 1542 1543 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1544 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1545 } 1546 1547 /* 1548 * Send a command to the 8051 microcontroller unit. 1549 */ 1550 static int 1551 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1552 { 1553 uint32_t tmp; 1554 int error, ntries; 1555 1556 for (ntries = 0; ntries < 100; ntries++) { 1557 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1558 return error; 1559 if (!(tmp & RT2860_H2M_BUSY)) 1560 break; 1561 } 1562 if (ntries == 100) 1563 return ETIMEDOUT; 1564 1565 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1566 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1567 error = run_write(sc, RT2860_HOST_CMD, cmd); 1568 return (error); 1569 } 1570 1571 /* 1572 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1573 * Used to adjust per-rate Tx power registers. 1574 */ 1575 static __inline uint32_t 1576 b4inc(uint32_t b32, int8_t delta) 1577 { 1578 int8_t i, b4; 1579 1580 for (i = 0; i < 8; i++) { 1581 b4 = b32 & 0xf; 1582 b4 += delta; 1583 if (b4 < 0) 1584 b4 = 0; 1585 else if (b4 > 0xf) 1586 b4 = 0xf; 1587 b32 = b32 >> 4 | b4 << 28; 1588 } 1589 return (b32); 1590 } 1591 1592 static const char * 1593 run_get_rf(uint16_t rev) 1594 { 1595 switch (rev) { 1596 case RT2860_RF_2820: return "RT2820"; 1597 case RT2860_RF_2850: return "RT2850"; 1598 case RT2860_RF_2720: return "RT2720"; 1599 case RT2860_RF_2750: return "RT2750"; 1600 case RT3070_RF_3020: return "RT3020"; 1601 case RT3070_RF_2020: return "RT2020"; 1602 case RT3070_RF_3021: return "RT3021"; 1603 case RT3070_RF_3022: return "RT3022"; 1604 case RT3070_RF_3052: return "RT3052"; 1605 case RT3593_RF_3053: return "RT3053"; 1606 case RT5592_RF_5592: return "RT5592"; 1607 case RT5390_RF_5370: return "RT5370"; 1608 case RT5390_RF_5372: return "RT5372"; 1609 } 1610 return ("unknown"); 1611 } 1612 1613 static void 1614 run_rt3593_get_txpower(struct run_softc *sc) 1615 { 1616 uint16_t addr, val; 1617 int i; 1618 1619 /* Read power settings for 2GHz channels. */ 1620 for (i = 0; i < 14; i += 2) { 1621 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1622 RT2860_EEPROM_PWR2GHZ_BASE1; 1623 run_srom_read(sc, addr + i / 2, &val); 1624 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1625 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1626 1627 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1628 RT2860_EEPROM_PWR2GHZ_BASE2; 1629 run_srom_read(sc, addr + i / 2, &val); 1630 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1631 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1632 1633 if (sc->ntxchains == 3) { 1634 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1635 &val); 1636 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1637 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1638 } 1639 } 1640 /* Fix broken Tx power entries. */ 1641 for (i = 0; i < 14; i++) { 1642 if (sc->txpow1[i] > 31) 1643 sc->txpow1[i] = 5; 1644 if (sc->txpow2[i] > 31) 1645 sc->txpow2[i] = 5; 1646 if (sc->ntxchains == 3) { 1647 if (sc->txpow3[i] > 31) 1648 sc->txpow3[i] = 5; 1649 } 1650 } 1651 /* Read power settings for 5GHz channels. */ 1652 for (i = 0; i < 40; i += 2) { 1653 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1654 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1655 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1656 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1658 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1660 1661 if (sc->ntxchains == 3) { 1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1663 &val); 1664 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1665 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1666 } 1667 } 1668 } 1669 1670 static void 1671 run_get_txpower(struct run_softc *sc) 1672 { 1673 uint16_t val; 1674 int i; 1675 1676 /* Read power settings for 2GHz channels. */ 1677 for (i = 0; i < 14; i += 2) { 1678 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1679 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1680 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1681 1682 if (sc->mac_ver != 0x5390) { 1683 run_srom_read(sc, 1684 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1685 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1686 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1687 } 1688 } 1689 /* Fix broken Tx power entries. */ 1690 for (i = 0; i < 14; i++) { 1691 if (sc->mac_ver >= 0x5390) { 1692 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1693 sc->txpow1[i] = 5; 1694 } else { 1695 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1696 sc->txpow1[i] = 5; 1697 } 1698 if (sc->mac_ver > 0x5390) { 1699 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1700 sc->txpow2[i] = 5; 1701 } else if (sc->mac_ver < 0x5390) { 1702 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1703 sc->txpow2[i] = 5; 1704 } 1705 DPRINTF("chan %d: power1=%d, power2=%d\n", 1706 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1707 } 1708 /* Read power settings for 5GHz channels. */ 1709 for (i = 0; i < 40; i += 2) { 1710 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1711 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1712 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1713 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1715 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1717 } 1718 /* Fix broken Tx power entries. */ 1719 for (i = 0; i < 40; i++ ) { 1720 if (sc->mac_ver != 0x5592) { 1721 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1722 sc->txpow1[14 + i] = 5; 1723 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1724 sc->txpow2[14 + i] = 5; 1725 } 1726 DPRINTF("chan %d: power1=%d, power2=%d\n", 1727 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1728 sc->txpow2[14 + i]); 1729 } 1730 } 1731 1732 static int 1733 run_read_eeprom(struct run_softc *sc) 1734 { 1735 struct ieee80211com *ic = &sc->sc_ic; 1736 int8_t delta_2ghz, delta_5ghz; 1737 uint32_t tmp; 1738 uint16_t val; 1739 int ridx, ant, i; 1740 1741 /* check whether the ROM is eFUSE ROM or EEPROM */ 1742 sc->sc_srom_read = run_eeprom_read_2; 1743 if (sc->mac_ver >= 0x3070) { 1744 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1745 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1746 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1747 sc->sc_srom_read = run_efuse_read_2; 1748 } 1749 1750 /* read ROM version */ 1751 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1752 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1753 1754 /* read MAC address */ 1755 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1756 ic->ic_macaddr[0] = val & 0xff; 1757 ic->ic_macaddr[1] = val >> 8; 1758 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1759 ic->ic_macaddr[2] = val & 0xff; 1760 ic->ic_macaddr[3] = val >> 8; 1761 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1762 ic->ic_macaddr[4] = val & 0xff; 1763 ic->ic_macaddr[5] = val >> 8; 1764 1765 if (sc->mac_ver < 0x3593) { 1766 /* read vender BBP settings */ 1767 for (i = 0; i < 10; i++) { 1768 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1769 sc->bbp[i].val = val & 0xff; 1770 sc->bbp[i].reg = val >> 8; 1771 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1772 sc->bbp[i].val); 1773 } 1774 if (sc->mac_ver >= 0x3071) { 1775 /* read vendor RF settings */ 1776 for (i = 0; i < 10; i++) { 1777 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1778 &val); 1779 sc->rf[i].val = val & 0xff; 1780 sc->rf[i].reg = val >> 8; 1781 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1782 sc->rf[i].val); 1783 } 1784 } 1785 } 1786 1787 /* read RF frequency offset from EEPROM */ 1788 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1789 RT3593_EEPROM_FREQ, &val); 1790 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1791 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1792 1793 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1794 RT3593_EEPROM_FREQ_LEDS, &val); 1795 if (val >> 8 != 0xff) { 1796 /* read LEDs operating mode */ 1797 sc->leds = val >> 8; 1798 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1799 RT3593_EEPROM_LED1, &sc->led[0]); 1800 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1801 RT3593_EEPROM_LED2, &sc->led[1]); 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1803 RT3593_EEPROM_LED3, &sc->led[2]); 1804 } else { 1805 /* broken EEPROM, use default settings */ 1806 sc->leds = 0x01; 1807 sc->led[0] = 0x5555; 1808 sc->led[1] = 0x2221; 1809 sc->led[2] = 0x5627; /* differs from RT2860 */ 1810 } 1811 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1812 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1813 1814 /* read RF information */ 1815 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1816 run_srom_read(sc, 0x00, &val); 1817 else 1818 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1819 1820 if (val == 0xffff) { 1821 device_printf(sc->sc_dev, 1822 "invalid EEPROM antenna info, using default\n"); 1823 DPRINTF("invalid EEPROM antenna info, using default\n"); 1824 if (sc->mac_ver == 0x3572) { 1825 /* default to RF3052 2T2R */ 1826 sc->rf_rev = RT3070_RF_3052; 1827 sc->ntxchains = 2; 1828 sc->nrxchains = 2; 1829 } else if (sc->mac_ver >= 0x3070) { 1830 /* default to RF3020 1T1R */ 1831 sc->rf_rev = RT3070_RF_3020; 1832 sc->ntxchains = 1; 1833 sc->nrxchains = 1; 1834 } else { 1835 /* default to RF2820 1T2R */ 1836 sc->rf_rev = RT2860_RF_2820; 1837 sc->ntxchains = 1; 1838 sc->nrxchains = 2; 1839 } 1840 } else { 1841 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1842 sc->rf_rev = val; 1843 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1844 } else 1845 sc->rf_rev = (val >> 8) & 0xf; 1846 sc->ntxchains = (val >> 4) & 0xf; 1847 sc->nrxchains = val & 0xf; 1848 } 1849 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1850 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1851 1852 /* check if RF supports automatic Tx access gain control */ 1853 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1854 DPRINTF("EEPROM CFG 0x%04x\n", val); 1855 /* check if driver should patch the DAC issue */ 1856 if ((val >> 8) != 0xff) 1857 sc->patch_dac = (val >> 15) & 1; 1858 if ((val & 0xff) != 0xff) { 1859 sc->ext_5ghz_lna = (val >> 3) & 1; 1860 sc->ext_2ghz_lna = (val >> 2) & 1; 1861 /* check if RF supports automatic Tx access gain control */ 1862 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1863 /* check if we have a hardware radio switch */ 1864 sc->rfswitch = val & 1; 1865 } 1866 1867 /* Read Tx power settings. */ 1868 if (sc->mac_ver == 0x3593) 1869 run_rt3593_get_txpower(sc); 1870 else 1871 run_get_txpower(sc); 1872 1873 /* read Tx power compensation for each Tx rate */ 1874 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1875 delta_2ghz = delta_5ghz = 0; 1876 if ((val & 0xff) != 0xff && (val & 0x80)) { 1877 delta_2ghz = val & 0xf; 1878 if (!(val & 0x40)) /* negative number */ 1879 delta_2ghz = -delta_2ghz; 1880 } 1881 val >>= 8; 1882 if ((val & 0xff) != 0xff && (val & 0x80)) { 1883 delta_5ghz = val & 0xf; 1884 if (!(val & 0x40)) /* negative number */ 1885 delta_5ghz = -delta_5ghz; 1886 } 1887 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1888 delta_2ghz, delta_5ghz); 1889 1890 for (ridx = 0; ridx < 5; ridx++) { 1891 uint32_t reg; 1892 1893 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1894 reg = val; 1895 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1896 reg |= (uint32_t)val << 16; 1897 1898 sc->txpow20mhz[ridx] = reg; 1899 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1900 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1901 1902 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1903 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1904 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1905 } 1906 1907 /* Read RSSI offsets and LNA gains from EEPROM. */ 1908 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1909 RT3593_EEPROM_RSSI1_2GHZ, &val); 1910 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1911 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1913 RT3593_EEPROM_RSSI2_2GHZ, &val); 1914 if (sc->mac_ver >= 0x3070) { 1915 if (sc->mac_ver == 0x3593) { 1916 sc->txmixgain_2ghz = 0; 1917 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1918 } else { 1919 /* 1920 * On RT3070 chips (limited to 2 Rx chains), this ROM 1921 * field contains the Tx mixer gain for the 2GHz band. 1922 */ 1923 if ((val & 0xff) != 0xff) 1924 sc->txmixgain_2ghz = val & 0x7; 1925 } 1926 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1927 } else 1928 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1929 if (sc->mac_ver == 0x3593) 1930 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1931 sc->lna[2] = val >> 8; /* channel group 2 */ 1932 1933 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1934 RT3593_EEPROM_RSSI1_5GHZ, &val); 1935 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1936 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1938 RT3593_EEPROM_RSSI2_5GHZ, &val); 1939 if (sc->mac_ver == 0x3572) { 1940 /* 1941 * On RT3572 chips (limited to 2 Rx chains), this ROM 1942 * field contains the Tx mixer gain for the 5GHz band. 1943 */ 1944 if ((val & 0xff) != 0xff) 1945 sc->txmixgain_5ghz = val & 0x7; 1946 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1947 } else 1948 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1949 if (sc->mac_ver == 0x3593) { 1950 sc->txmixgain_5ghz = 0; 1951 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1952 } 1953 sc->lna[3] = val >> 8; /* channel group 3 */ 1954 1955 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1956 RT3593_EEPROM_LNA, &val); 1957 sc->lna[0] = val & 0xff; /* channel group 0 */ 1958 sc->lna[1] = val >> 8; /* channel group 1 */ 1959 1960 /* fix broken 5GHz LNA entries */ 1961 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1962 DPRINTF("invalid LNA for channel group %d\n", 2); 1963 sc->lna[2] = sc->lna[1]; 1964 } 1965 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1966 DPRINTF("invalid LNA for channel group %d\n", 3); 1967 sc->lna[3] = sc->lna[1]; 1968 } 1969 1970 /* fix broken RSSI offset entries */ 1971 for (ant = 0; ant < 3; ant++) { 1972 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1973 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1974 ant + 1, sc->rssi_2ghz[ant]); 1975 sc->rssi_2ghz[ant] = 0; 1976 } 1977 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1978 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1979 ant + 1, sc->rssi_5ghz[ant]); 1980 sc->rssi_5ghz[ant] = 0; 1981 } 1982 } 1983 return (0); 1984 } 1985 1986 static struct ieee80211_node * 1987 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1988 { 1989 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1990 } 1991 1992 static int 1993 run_media_change(struct ifnet *ifp) 1994 { 1995 struct ieee80211vap *vap = ifp->if_softc; 1996 struct ieee80211com *ic = vap->iv_ic; 1997 const struct ieee80211_txparam *tp; 1998 struct run_softc *sc = ic->ic_softc; 1999 uint8_t rate, ridx; 2000 int error; 2001 2002 RUN_LOCK(sc); 2003 2004 error = ieee80211_media_change(ifp); 2005 if (error != ENETRESET) { 2006 RUN_UNLOCK(sc); 2007 return (error); 2008 } 2009 2010 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2011 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2012 struct ieee80211_node *ni; 2013 struct run_node *rn; 2014 2015 rate = ic->ic_sup_rates[ic->ic_curmode]. 2016 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2017 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2018 if (rt2860_rates[ridx].rate == rate) 2019 break; 2020 ni = ieee80211_ref_node(vap->iv_bss); 2021 rn = RUN_NODE(ni); 2022 rn->fix_ridx = ridx; 2023 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2024 ieee80211_free_node(ni); 2025 } 2026 2027 #if 0 2028 if ((ifp->if_flags & IFF_UP) && 2029 (ifp->if_drv_flags & RUN_RUNNING)){ 2030 run_init_locked(sc); 2031 } 2032 #endif 2033 2034 RUN_UNLOCK(sc); 2035 2036 return (0); 2037 } 2038 2039 static int 2040 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2041 { 2042 const struct ieee80211_txparam *tp; 2043 struct ieee80211com *ic = vap->iv_ic; 2044 struct run_softc *sc = ic->ic_softc; 2045 struct run_vap *rvp = RUN_VAP(vap); 2046 enum ieee80211_state ostate; 2047 uint32_t sta[3]; 2048 uint32_t tmp; 2049 uint8_t ratectl; 2050 uint8_t restart_ratectl = 0; 2051 uint8_t bid = 1 << rvp->rvp_id; 2052 2053 ostate = vap->iv_state; 2054 DPRINTF("%s -> %s\n", 2055 ieee80211_state_name[ostate], 2056 ieee80211_state_name[nstate]); 2057 2058 IEEE80211_UNLOCK(ic); 2059 RUN_LOCK(sc); 2060 2061 ratectl = sc->ratectl_run; /* remember current state */ 2062 sc->ratectl_run = RUN_RATECTL_OFF; 2063 usb_callout_stop(&sc->ratectl_ch); 2064 2065 if (ostate == IEEE80211_S_RUN) { 2066 /* turn link LED off */ 2067 run_set_leds(sc, RT2860_LED_RADIO); 2068 } 2069 2070 switch (nstate) { 2071 case IEEE80211_S_INIT: 2072 restart_ratectl = 1; 2073 2074 if (ostate != IEEE80211_S_RUN) 2075 break; 2076 2077 ratectl &= ~bid; 2078 sc->runbmap &= ~bid; 2079 2080 /* abort TSF synchronization if there is no vap running */ 2081 if (--sc->running == 0) { 2082 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2083 run_write(sc, RT2860_BCN_TIME_CFG, 2084 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2085 RT2860_TBTT_TIMER_EN)); 2086 } 2087 break; 2088 2089 case IEEE80211_S_RUN: 2090 if (!(sc->runbmap & bid)) { 2091 if(sc->running++) 2092 restart_ratectl = 1; 2093 sc->runbmap |= bid; 2094 } 2095 2096 m_freem(rvp->beacon_mbuf); 2097 rvp->beacon_mbuf = NULL; 2098 2099 switch (vap->iv_opmode) { 2100 case IEEE80211_M_HOSTAP: 2101 case IEEE80211_M_MBSS: 2102 sc->ap_running |= bid; 2103 ic->ic_opmode = vap->iv_opmode; 2104 run_update_beacon_cb(vap); 2105 break; 2106 case IEEE80211_M_IBSS: 2107 sc->adhoc_running |= bid; 2108 if (!sc->ap_running) 2109 ic->ic_opmode = vap->iv_opmode; 2110 run_update_beacon_cb(vap); 2111 break; 2112 case IEEE80211_M_STA: 2113 sc->sta_running |= bid; 2114 if (!sc->ap_running && !sc->adhoc_running) 2115 ic->ic_opmode = vap->iv_opmode; 2116 2117 /* read statistic counters (clear on read) */ 2118 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2119 (uint8_t *)sta, sizeof sta); 2120 2121 break; 2122 default: 2123 ic->ic_opmode = vap->iv_opmode; 2124 break; 2125 } 2126 2127 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2128 struct ieee80211_node *ni; 2129 2130 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2131 RUN_UNLOCK(sc); 2132 IEEE80211_LOCK(ic); 2133 return (-1); 2134 } 2135 run_updateslot(ic); 2136 run_enable_mrr(sc); 2137 run_set_txpreamble(sc); 2138 run_set_basicrates(sc); 2139 ni = ieee80211_ref_node(vap->iv_bss); 2140 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2141 run_set_bssid(sc, sc->sc_bssid); 2142 ieee80211_free_node(ni); 2143 run_enable_tsf_sync(sc); 2144 2145 /* enable automatic rate adaptation */ 2146 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2147 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2148 ratectl |= bid; 2149 } else 2150 run_enable_tsf(sc); 2151 2152 /* turn link LED on */ 2153 run_set_leds(sc, RT2860_LED_RADIO | 2154 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2155 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2156 2157 break; 2158 default: 2159 DPRINTFN(6, "undefined case\n"); 2160 break; 2161 } 2162 2163 /* restart amrr for running VAPs */ 2164 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2165 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2166 2167 RUN_UNLOCK(sc); 2168 IEEE80211_LOCK(ic); 2169 2170 return(rvp->newstate(vap, nstate, arg)); 2171 } 2172 2173 static int 2174 run_wme_update(struct ieee80211com *ic) 2175 { 2176 struct run_softc *sc = ic->ic_softc; 2177 const struct wmeParams *ac = 2178 ic->ic_wme.wme_chanParams.cap_wmeParams; 2179 int aci, error = 0; 2180 2181 /* update MAC TX configuration registers */ 2182 RUN_LOCK(sc); 2183 for (aci = 0; aci < WME_NUM_AC; aci++) { 2184 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2185 ac[aci].wmep_logcwmax << 16 | 2186 ac[aci].wmep_logcwmin << 12 | 2187 ac[aci].wmep_aifsn << 8 | 2188 ac[aci].wmep_txopLimit); 2189 if (error) goto err; 2190 } 2191 2192 /* update SCH/DMA registers too */ 2193 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2194 ac[WME_AC_VO].wmep_aifsn << 12 | 2195 ac[WME_AC_VI].wmep_aifsn << 8 | 2196 ac[WME_AC_BK].wmep_aifsn << 4 | 2197 ac[WME_AC_BE].wmep_aifsn); 2198 if (error) goto err; 2199 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2200 ac[WME_AC_VO].wmep_logcwmin << 12 | 2201 ac[WME_AC_VI].wmep_logcwmin << 8 | 2202 ac[WME_AC_BK].wmep_logcwmin << 4 | 2203 ac[WME_AC_BE].wmep_logcwmin); 2204 if (error) goto err; 2205 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2206 ac[WME_AC_VO].wmep_logcwmax << 12 | 2207 ac[WME_AC_VI].wmep_logcwmax << 8 | 2208 ac[WME_AC_BK].wmep_logcwmax << 4 | 2209 ac[WME_AC_BE].wmep_logcwmax); 2210 if (error) goto err; 2211 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2212 ac[WME_AC_BK].wmep_txopLimit << 16 | 2213 ac[WME_AC_BE].wmep_txopLimit); 2214 if (error) goto err; 2215 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2216 ac[WME_AC_VO].wmep_txopLimit << 16 | 2217 ac[WME_AC_VI].wmep_txopLimit); 2218 2219 err: 2220 RUN_UNLOCK(sc); 2221 if (error) 2222 DPRINTF("WME update failed\n"); 2223 2224 return (error); 2225 } 2226 2227 static void 2228 run_key_set_cb(void *arg) 2229 { 2230 struct run_cmdq *cmdq = arg; 2231 struct ieee80211vap *vap = cmdq->arg1; 2232 struct ieee80211_key *k = cmdq->k; 2233 struct ieee80211com *ic = vap->iv_ic; 2234 struct run_softc *sc = ic->ic_softc; 2235 struct ieee80211_node *ni; 2236 u_int cipher = k->wk_cipher->ic_cipher; 2237 uint32_t attr; 2238 uint16_t base, associd; 2239 uint8_t mode, wcid, iv[8]; 2240 2241 RUN_LOCK_ASSERT(sc, MA_OWNED); 2242 2243 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2244 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2245 else 2246 ni = vap->iv_bss; 2247 associd = (ni != NULL) ? ni->ni_associd : 0; 2248 2249 /* map net80211 cipher to RT2860 security mode */ 2250 switch (cipher) { 2251 case IEEE80211_CIPHER_WEP: 2252 if(k->wk_keylen < 8) 2253 mode = RT2860_MODE_WEP40; 2254 else 2255 mode = RT2860_MODE_WEP104; 2256 break; 2257 case IEEE80211_CIPHER_TKIP: 2258 mode = RT2860_MODE_TKIP; 2259 break; 2260 case IEEE80211_CIPHER_AES_CCM: 2261 mode = RT2860_MODE_AES_CCMP; 2262 break; 2263 default: 2264 DPRINTF("undefined case\n"); 2265 return; 2266 } 2267 2268 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2269 associd, k->wk_keyix, mode, 2270 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2271 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2272 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2273 2274 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2275 wcid = 0; /* NB: update WCID0 for group keys */ 2276 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2277 } else { 2278 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2279 1 : RUN_AID2WCID(associd); 2280 base = RT2860_PKEY(wcid); 2281 } 2282 2283 if (cipher == IEEE80211_CIPHER_TKIP) { 2284 if(run_write_region_1(sc, base, k->wk_key, 16)) 2285 return; 2286 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2287 return; 2288 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2289 return; 2290 } else { 2291 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2292 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2293 return; 2294 } 2295 2296 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2297 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2298 /* set initial packet number in IV+EIV */ 2299 if (cipher == IEEE80211_CIPHER_WEP) { 2300 memset(iv, 0, sizeof iv); 2301 iv[3] = vap->iv_def_txkey << 6; 2302 } else { 2303 if (cipher == IEEE80211_CIPHER_TKIP) { 2304 iv[0] = k->wk_keytsc >> 8; 2305 iv[1] = (iv[0] | 0x20) & 0x7f; 2306 iv[2] = k->wk_keytsc; 2307 } else /* CCMP */ { 2308 iv[0] = k->wk_keytsc; 2309 iv[1] = k->wk_keytsc >> 8; 2310 iv[2] = 0; 2311 } 2312 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2313 iv[4] = k->wk_keytsc >> 16; 2314 iv[5] = k->wk_keytsc >> 24; 2315 iv[6] = k->wk_keytsc >> 32; 2316 iv[7] = k->wk_keytsc >> 40; 2317 } 2318 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2319 return; 2320 } 2321 2322 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2323 /* install group key */ 2324 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2325 return; 2326 attr &= ~(0xf << (k->wk_keyix * 4)); 2327 attr |= mode << (k->wk_keyix * 4); 2328 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2329 return; 2330 } else { 2331 /* install pairwise key */ 2332 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2333 return; 2334 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2335 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2336 return; 2337 } 2338 2339 /* TODO create a pass-thru key entry? */ 2340 2341 /* need wcid to delete the right key later */ 2342 k->wk_pad = wcid; 2343 } 2344 2345 /* 2346 * Don't have to be deferred, but in order to keep order of 2347 * execution, i.e. with run_key_delete(), defer this and let 2348 * run_cmdq_cb() maintain the order. 2349 * 2350 * return 0 on error 2351 */ 2352 static int 2353 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2354 { 2355 struct ieee80211com *ic = vap->iv_ic; 2356 struct run_softc *sc = ic->ic_softc; 2357 uint32_t i; 2358 2359 i = RUN_CMDQ_GET(&sc->cmdq_store); 2360 DPRINTF("cmdq_store=%d\n", i); 2361 sc->cmdq[i].func = run_key_set_cb; 2362 sc->cmdq[i].arg0 = NULL; 2363 sc->cmdq[i].arg1 = vap; 2364 sc->cmdq[i].k = k; 2365 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2366 ieee80211_runtask(ic, &sc->cmdq_task); 2367 2368 /* 2369 * To make sure key will be set when hostapd 2370 * calls iv_key_set() before if_init(). 2371 */ 2372 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2373 RUN_LOCK(sc); 2374 sc->cmdq_key_set = RUN_CMDQ_GO; 2375 RUN_UNLOCK(sc); 2376 } 2377 2378 return (1); 2379 } 2380 2381 /* 2382 * If wlan is destroyed without being brought down i.e. without 2383 * wlan down or wpa_cli terminate, this function is called after 2384 * vap is gone. Don't refer it. 2385 */ 2386 static void 2387 run_key_delete_cb(void *arg) 2388 { 2389 struct run_cmdq *cmdq = arg; 2390 struct run_softc *sc = cmdq->arg1; 2391 struct ieee80211_key *k = &cmdq->key; 2392 uint32_t attr; 2393 uint8_t wcid; 2394 2395 RUN_LOCK_ASSERT(sc, MA_OWNED); 2396 2397 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2398 /* remove group key */ 2399 DPRINTF("removing group key\n"); 2400 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2401 attr &= ~(0xf << (k->wk_keyix * 4)); 2402 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2403 } else { 2404 /* remove pairwise key */ 2405 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2406 /* matching wcid was written to wk_pad in run_key_set() */ 2407 wcid = k->wk_pad; 2408 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2409 attr &= ~0xf; 2410 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2411 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2412 } 2413 2414 k->wk_pad = 0; 2415 } 2416 2417 /* 2418 * return 0 on error 2419 */ 2420 static int 2421 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2422 { 2423 struct ieee80211com *ic = vap->iv_ic; 2424 struct run_softc *sc = ic->ic_softc; 2425 struct ieee80211_key *k0; 2426 uint32_t i; 2427 2428 /* 2429 * When called back, key might be gone. So, make a copy 2430 * of some values need to delete keys before deferring. 2431 * But, because of LOR with node lock, cannot use lock here. 2432 * So, use atomic instead. 2433 */ 2434 i = RUN_CMDQ_GET(&sc->cmdq_store); 2435 DPRINTF("cmdq_store=%d\n", i); 2436 sc->cmdq[i].func = run_key_delete_cb; 2437 sc->cmdq[i].arg0 = NULL; 2438 sc->cmdq[i].arg1 = sc; 2439 k0 = &sc->cmdq[i].key; 2440 k0->wk_flags = k->wk_flags; 2441 k0->wk_keyix = k->wk_keyix; 2442 /* matching wcid was written to wk_pad in run_key_set() */ 2443 k0->wk_pad = k->wk_pad; 2444 ieee80211_runtask(ic, &sc->cmdq_task); 2445 return (1); /* return fake success */ 2446 2447 } 2448 2449 static void 2450 run_ratectl_to(void *arg) 2451 { 2452 struct run_softc *sc = arg; 2453 2454 /* do it in a process context, so it can go sleep */ 2455 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2456 /* next timeout will be rescheduled in the callback task */ 2457 } 2458 2459 /* ARGSUSED */ 2460 static void 2461 run_ratectl_cb(void *arg, int pending) 2462 { 2463 struct run_softc *sc = arg; 2464 struct ieee80211com *ic = &sc->sc_ic; 2465 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2466 2467 if (vap == NULL) 2468 return; 2469 2470 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2471 /* 2472 * run_reset_livelock() doesn't do anything with AMRR, 2473 * but Ralink wants us to call it every 1 sec. So, we 2474 * piggyback here rather than creating another callout. 2475 * Livelock may occur only in HOSTAP or IBSS mode 2476 * (when h/w is sending beacons). 2477 */ 2478 RUN_LOCK(sc); 2479 run_reset_livelock(sc); 2480 /* just in case, there are some stats to drain */ 2481 run_drain_fifo(sc); 2482 RUN_UNLOCK(sc); 2483 } 2484 2485 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2486 2487 RUN_LOCK(sc); 2488 if(sc->ratectl_run != RUN_RATECTL_OFF) 2489 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2490 RUN_UNLOCK(sc); 2491 } 2492 2493 static void 2494 run_drain_fifo(void *arg) 2495 { 2496 struct run_softc *sc = arg; 2497 uint32_t stat; 2498 uint16_t (*wstat)[3]; 2499 uint8_t wcid, mcs, pid; 2500 int8_t retry; 2501 2502 RUN_LOCK_ASSERT(sc, MA_OWNED); 2503 2504 for (;;) { 2505 /* drain Tx status FIFO (maxsize = 16) */ 2506 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2507 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2508 if (!(stat & RT2860_TXQ_VLD)) 2509 break; 2510 2511 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2512 2513 /* if no ACK was requested, no feedback is available */ 2514 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2515 wcid == 0) 2516 continue; 2517 2518 /* 2519 * Even though each stat is Tx-complete-status like format, 2520 * the device can poll stats. Because there is no guarantee 2521 * that the referring node is still around when read the stats. 2522 * So that, if we use ieee80211_ratectl_tx_update(), we will 2523 * have hard time not to refer already freed node. 2524 * 2525 * To eliminate such page faults, we poll stats in softc. 2526 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2527 */ 2528 wstat = &(sc->wcid_stats[wcid]); 2529 (*wstat)[RUN_TXCNT]++; 2530 if (stat & RT2860_TXQ_OK) 2531 (*wstat)[RUN_SUCCESS]++; 2532 else 2533 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2534 /* 2535 * Check if there were retries, ie if the Tx success rate is 2536 * different from the requested rate. Note that it works only 2537 * because we do not allow rate fallback from OFDM to CCK. 2538 */ 2539 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2540 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2541 if ((retry = pid -1 - mcs) > 0) { 2542 (*wstat)[RUN_TXCNT] += retry; 2543 (*wstat)[RUN_RETRY] += retry; 2544 } 2545 } 2546 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2547 2548 sc->fifo_cnt = 0; 2549 } 2550 2551 static void 2552 run_iter_func(void *arg, struct ieee80211_node *ni) 2553 { 2554 struct run_softc *sc = arg; 2555 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2556 struct ieee80211vap *vap = ni->ni_vap; 2557 struct run_node *rn = RUN_NODE(ni); 2558 union run_stats sta[2]; 2559 uint16_t (*wstat)[3]; 2560 int error; 2561 2562 RUN_LOCK(sc); 2563 2564 /* Check for special case */ 2565 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2566 ni != vap->iv_bss) 2567 goto fail; 2568 2569 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2570 IEEE80211_RATECTL_TX_STATS_RETRIES; 2571 txs->ni = ni; 2572 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2573 vap->iv_opmode == IEEE80211_M_STA)) { 2574 /* read statistic counters (clear on read) and update AMRR state */ 2575 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2576 sizeof sta); 2577 if (error != 0) 2578 goto fail; 2579 2580 /* count failed TX as errors */ 2581 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2582 le16toh(sta[0].error.fail)); 2583 2584 txs->nretries = le16toh(sta[1].tx.retry); 2585 txs->nsuccess = le16toh(sta[1].tx.success); 2586 /* nretries??? */ 2587 txs->nframes = txs->nretries + txs->nsuccess + 2588 le16toh(sta[0].error.fail); 2589 2590 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2591 txs->nretries, txs->nsuccess, 2592 le16toh(sta[0].error.fail)); 2593 } else { 2594 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2595 2596 if (wstat == &(sc->wcid_stats[0]) || 2597 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2598 goto fail; 2599 2600 txs->nretries = (*wstat)[RUN_RETRY]; 2601 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2602 txs->nframes = (*wstat)[RUN_TXCNT]; 2603 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2604 txs->nretries, txs->nframes, txs->nsuccess); 2605 2606 memset(wstat, 0, sizeof(*wstat)); 2607 } 2608 2609 ieee80211_ratectl_tx_update(vap, txs); 2610 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2611 2612 fail: 2613 RUN_UNLOCK(sc); 2614 2615 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2616 } 2617 2618 static void 2619 run_newassoc_cb(void *arg) 2620 { 2621 struct run_cmdq *cmdq = arg; 2622 struct ieee80211_node *ni = cmdq->arg1; 2623 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2624 uint8_t wcid = cmdq->wcid; 2625 2626 RUN_LOCK_ASSERT(sc, MA_OWNED); 2627 2628 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2629 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2630 2631 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2632 } 2633 2634 static void 2635 run_newassoc(struct ieee80211_node *ni, int isnew) 2636 { 2637 struct run_node *rn = RUN_NODE(ni); 2638 struct ieee80211_rateset *rs = &ni->ni_rates; 2639 struct ieee80211vap *vap = ni->ni_vap; 2640 struct ieee80211com *ic = vap->iv_ic; 2641 struct run_softc *sc = ic->ic_softc; 2642 uint8_t rate; 2643 uint8_t ridx; 2644 uint8_t wcid; 2645 int i, j; 2646 2647 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2648 1 : RUN_AID2WCID(ni->ni_associd); 2649 2650 if (wcid > RT2870_WCID_MAX) { 2651 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2652 return; 2653 } 2654 2655 /* only interested in true associations */ 2656 if (isnew && ni->ni_associd != 0) { 2657 2658 /* 2659 * This function could is called though timeout function. 2660 * Need to defer. 2661 */ 2662 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2663 DPRINTF("cmdq_store=%d\n", cnt); 2664 sc->cmdq[cnt].func = run_newassoc_cb; 2665 sc->cmdq[cnt].arg0 = NULL; 2666 sc->cmdq[cnt].arg1 = ni; 2667 sc->cmdq[cnt].wcid = wcid; 2668 ieee80211_runtask(ic, &sc->cmdq_task); 2669 } 2670 2671 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2672 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2673 2674 for (i = 0; i < rs->rs_nrates; i++) { 2675 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2676 /* convert 802.11 rate to hardware rate index */ 2677 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2678 if (rt2860_rates[ridx].rate == rate) 2679 break; 2680 rn->ridx[i] = ridx; 2681 /* determine rate of control response frames */ 2682 for (j = i; j >= 0; j--) { 2683 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2684 rt2860_rates[rn->ridx[i]].phy == 2685 rt2860_rates[rn->ridx[j]].phy) 2686 break; 2687 } 2688 if (j >= 0) { 2689 rn->ctl_ridx[i] = rn->ridx[j]; 2690 } else { 2691 /* no basic rate found, use mandatory one */ 2692 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2693 } 2694 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2695 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2696 } 2697 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2698 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2699 if (rt2860_rates[ridx].rate == rate) 2700 break; 2701 rn->mgt_ridx = ridx; 2702 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2703 2704 RUN_LOCK(sc); 2705 if(sc->ratectl_run != RUN_RATECTL_OFF) 2706 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2707 RUN_UNLOCK(sc); 2708 } 2709 2710 /* 2711 * Return the Rx chain with the highest RSSI for a given frame. 2712 */ 2713 static __inline uint8_t 2714 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2715 { 2716 uint8_t rxchain = 0; 2717 2718 if (sc->nrxchains > 1) { 2719 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2720 rxchain = 1; 2721 if (sc->nrxchains > 2) 2722 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2723 rxchain = 2; 2724 } 2725 return (rxchain); 2726 } 2727 2728 static void 2729 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2730 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2731 { 2732 struct ieee80211vap *vap = ni->ni_vap; 2733 struct run_softc *sc = vap->iv_ic->ic_softc; 2734 struct run_vap *rvp = RUN_VAP(vap); 2735 uint64_t ni_tstamp, rx_tstamp; 2736 2737 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2738 2739 if (vap->iv_state == IEEE80211_S_RUN && 2740 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2741 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2742 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2743 RUN_LOCK(sc); 2744 run_get_tsf(sc, &rx_tstamp); 2745 RUN_UNLOCK(sc); 2746 rx_tstamp = le64toh(rx_tstamp); 2747 2748 if (ni_tstamp >= rx_tstamp) { 2749 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2750 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2751 (void) ieee80211_ibss_merge(ni); 2752 } 2753 } 2754 } 2755 2756 static void 2757 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2758 { 2759 struct ieee80211com *ic = &sc->sc_ic; 2760 struct ieee80211_frame *wh; 2761 struct ieee80211_node *ni; 2762 struct rt2870_rxd *rxd; 2763 struct rt2860_rxwi *rxwi; 2764 uint32_t flags; 2765 uint16_t len, rxwisize; 2766 uint8_t ant, rssi; 2767 int8_t nf; 2768 2769 rxwi = mtod(m, struct rt2860_rxwi *); 2770 len = le16toh(rxwi->len) & 0xfff; 2771 rxwisize = sizeof(struct rt2860_rxwi); 2772 if (sc->mac_ver == 0x5592) 2773 rxwisize += sizeof(uint64_t); 2774 else if (sc->mac_ver == 0x3593) 2775 rxwisize += sizeof(uint32_t); 2776 if (__predict_false(len > dmalen)) { 2777 m_freem(m); 2778 counter_u64_add(ic->ic_ierrors, 1); 2779 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2780 return; 2781 } 2782 /* Rx descriptor is located at the end */ 2783 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2784 flags = le32toh(rxd->flags); 2785 2786 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2787 m_freem(m); 2788 counter_u64_add(ic->ic_ierrors, 1); 2789 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2790 return; 2791 } 2792 2793 m->m_data += rxwisize; 2794 m->m_pkthdr.len = m->m_len -= rxwisize; 2795 2796 wh = mtod(m, struct ieee80211_frame *); 2797 2798 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2799 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2800 m->m_flags |= M_WEP; 2801 } 2802 2803 if (flags & RT2860_RX_L2PAD) { 2804 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2805 len += 2; 2806 } 2807 2808 ni = ieee80211_find_rxnode(ic, 2809 mtod(m, struct ieee80211_frame_min *)); 2810 2811 if (__predict_false(flags & RT2860_RX_MICERR)) { 2812 /* report MIC failures to net80211 for TKIP */ 2813 if (ni != NULL) 2814 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2815 rxwi->keyidx); 2816 m_freem(m); 2817 counter_u64_add(ic->ic_ierrors, 1); 2818 DPRINTF("MIC error. Someone is lying.\n"); 2819 return; 2820 } 2821 2822 ant = run_maxrssi_chain(sc, rxwi); 2823 rssi = rxwi->rssi[ant]; 2824 nf = run_rssi2dbm(sc, rssi, ant); 2825 2826 m->m_pkthdr.len = m->m_len = len; 2827 2828 if (__predict_false(ieee80211_radiotap_active(ic))) { 2829 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2830 uint16_t phy; 2831 2832 tap->wr_flags = 0; 2833 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2834 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2835 tap->wr_antsignal = rssi; 2836 tap->wr_antenna = ant; 2837 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2838 tap->wr_rate = 2; /* in case it can't be found below */ 2839 RUN_LOCK(sc); 2840 run_get_tsf(sc, &tap->wr_tsf); 2841 RUN_UNLOCK(sc); 2842 phy = le16toh(rxwi->phy); 2843 switch (phy & RT2860_PHY_MODE) { 2844 case RT2860_PHY_CCK: 2845 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2846 case 0: tap->wr_rate = 2; break; 2847 case 1: tap->wr_rate = 4; break; 2848 case 2: tap->wr_rate = 11; break; 2849 case 3: tap->wr_rate = 22; break; 2850 } 2851 if (phy & RT2860_PHY_SHPRE) 2852 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2853 break; 2854 case RT2860_PHY_OFDM: 2855 switch (phy & RT2860_PHY_MCS) { 2856 case 0: tap->wr_rate = 12; break; 2857 case 1: tap->wr_rate = 18; break; 2858 case 2: tap->wr_rate = 24; break; 2859 case 3: tap->wr_rate = 36; break; 2860 case 4: tap->wr_rate = 48; break; 2861 case 5: tap->wr_rate = 72; break; 2862 case 6: tap->wr_rate = 96; break; 2863 case 7: tap->wr_rate = 108; break; 2864 } 2865 break; 2866 } 2867 } 2868 2869 if (ni != NULL) { 2870 (void)ieee80211_input(ni, m, rssi, nf); 2871 ieee80211_free_node(ni); 2872 } else { 2873 (void)ieee80211_input_all(ic, m, rssi, nf); 2874 } 2875 } 2876 2877 static void 2878 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2879 { 2880 struct run_softc *sc = usbd_xfer_softc(xfer); 2881 struct ieee80211com *ic = &sc->sc_ic; 2882 struct mbuf *m = NULL; 2883 struct mbuf *m0; 2884 uint32_t dmalen; 2885 uint16_t rxwisize; 2886 int xferlen; 2887 2888 rxwisize = sizeof(struct rt2860_rxwi); 2889 if (sc->mac_ver == 0x5592) 2890 rxwisize += sizeof(uint64_t); 2891 else if (sc->mac_ver == 0x3593) 2892 rxwisize += sizeof(uint32_t); 2893 2894 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2895 2896 switch (USB_GET_STATE(xfer)) { 2897 case USB_ST_TRANSFERRED: 2898 2899 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2900 2901 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2902 sizeof(struct rt2870_rxd))) { 2903 DPRINTF("xfer too short %d\n", xferlen); 2904 goto tr_setup; 2905 } 2906 2907 m = sc->rx_m; 2908 sc->rx_m = NULL; 2909 2910 /* FALLTHROUGH */ 2911 case USB_ST_SETUP: 2912 tr_setup: 2913 if (sc->rx_m == NULL) { 2914 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2915 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2916 } 2917 if (sc->rx_m == NULL) { 2918 DPRINTF("could not allocate mbuf - idle with stall\n"); 2919 counter_u64_add(ic->ic_ierrors, 1); 2920 usbd_xfer_set_stall(xfer); 2921 usbd_xfer_set_frames(xfer, 0); 2922 } else { 2923 /* 2924 * Directly loading a mbuf cluster into DMA to 2925 * save some data copying. This works because 2926 * there is only one cluster. 2927 */ 2928 usbd_xfer_set_frame_data(xfer, 0, 2929 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2930 usbd_xfer_set_frames(xfer, 1); 2931 } 2932 usbd_transfer_submit(xfer); 2933 break; 2934 2935 default: /* Error */ 2936 if (error != USB_ERR_CANCELLED) { 2937 /* try to clear stall first */ 2938 usbd_xfer_set_stall(xfer); 2939 if (error == USB_ERR_TIMEOUT) 2940 device_printf(sc->sc_dev, "device timeout\n"); 2941 counter_u64_add(ic->ic_ierrors, 1); 2942 goto tr_setup; 2943 } 2944 if (sc->rx_m != NULL) { 2945 m_freem(sc->rx_m); 2946 sc->rx_m = NULL; 2947 } 2948 break; 2949 } 2950 2951 if (m == NULL) 2952 return; 2953 2954 /* inputting all the frames must be last */ 2955 2956 RUN_UNLOCK(sc); 2957 2958 m->m_pkthdr.len = m->m_len = xferlen; 2959 2960 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2961 for(;;) { 2962 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2963 2964 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2965 ((dmalen & 3) != 0)) { 2966 DPRINTF("bad DMA length %u\n", dmalen); 2967 break; 2968 } 2969 if ((dmalen + 8) > (uint32_t)xferlen) { 2970 DPRINTF("bad DMA length %u > %d\n", 2971 dmalen + 8, xferlen); 2972 break; 2973 } 2974 2975 /* If it is the last one or a single frame, we won't copy. */ 2976 if ((xferlen -= dmalen + 8) <= 8) { 2977 /* trim 32-bit DMA-len header */ 2978 m->m_data += 4; 2979 m->m_pkthdr.len = m->m_len -= 4; 2980 run_rx_frame(sc, m, dmalen); 2981 m = NULL; /* don't free source buffer */ 2982 break; 2983 } 2984 2985 /* copy aggregated frames to another mbuf */ 2986 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2987 if (__predict_false(m0 == NULL)) { 2988 DPRINTF("could not allocate mbuf\n"); 2989 counter_u64_add(ic->ic_ierrors, 1); 2990 break; 2991 } 2992 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2993 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2994 m0->m_pkthdr.len = m0->m_len = 2995 dmalen + sizeof(struct rt2870_rxd); 2996 run_rx_frame(sc, m0, dmalen); 2997 2998 /* update data ptr */ 2999 m->m_data += dmalen + 8; 3000 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3001 } 3002 3003 /* make sure we free the source buffer, if any */ 3004 m_freem(m); 3005 3006 RUN_LOCK(sc); 3007 } 3008 3009 static void 3010 run_tx_free(struct run_endpoint_queue *pq, 3011 struct run_tx_data *data, int txerr) 3012 { 3013 3014 ieee80211_tx_complete(data->ni, data->m, txerr); 3015 3016 data->m = NULL; 3017 data->ni = NULL; 3018 3019 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3020 pq->tx_nfree++; 3021 } 3022 3023 static void 3024 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3025 { 3026 struct run_softc *sc = usbd_xfer_softc(xfer); 3027 struct ieee80211com *ic = &sc->sc_ic; 3028 struct run_tx_data *data; 3029 struct ieee80211vap *vap = NULL; 3030 struct usb_page_cache *pc; 3031 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3032 struct mbuf *m; 3033 usb_frlength_t size; 3034 int actlen; 3035 int sumlen; 3036 3037 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3038 3039 switch (USB_GET_STATE(xfer)) { 3040 case USB_ST_TRANSFERRED: 3041 DPRINTFN(11, "transfer complete: %d " 3042 "bytes @ index %d\n", actlen, index); 3043 3044 data = usbd_xfer_get_priv(xfer); 3045 run_tx_free(pq, data, 0); 3046 usbd_xfer_set_priv(xfer, NULL); 3047 3048 /* FALLTHROUGH */ 3049 case USB_ST_SETUP: 3050 tr_setup: 3051 data = STAILQ_FIRST(&pq->tx_qh); 3052 if (data == NULL) 3053 break; 3054 3055 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3056 3057 m = data->m; 3058 size = (sc->mac_ver == 0x5592) ? 3059 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3060 if ((m->m_pkthdr.len + 3061 size + 3 + 8) > RUN_MAX_TXSZ) { 3062 DPRINTF("data overflow, %u bytes\n", 3063 m->m_pkthdr.len); 3064 run_tx_free(pq, data, 1); 3065 goto tr_setup; 3066 } 3067 3068 pc = usbd_xfer_get_frame(xfer, 0); 3069 usbd_copy_in(pc, 0, &data->desc, size); 3070 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3071 size += m->m_pkthdr.len; 3072 /* 3073 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3074 * 4-byte padding), and be sure to zero those trailing 3075 * bytes: 3076 */ 3077 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3078 size += ((-size) & 3) + 8; 3079 3080 vap = data->ni->ni_vap; 3081 if (ieee80211_radiotap_active_vap(vap)) { 3082 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3083 struct rt2860_txwi *txwi = 3084 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3085 tap->wt_flags = 0; 3086 tap->wt_rate = rt2860_rates[data->ridx].rate; 3087 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3088 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3089 tap->wt_hwqueue = index; 3090 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3091 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3092 3093 ieee80211_radiotap_tx(vap, m); 3094 } 3095 3096 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3097 m->m_pkthdr.len, size, index); 3098 3099 usbd_xfer_set_frame_len(xfer, 0, size); 3100 usbd_xfer_set_priv(xfer, data); 3101 usbd_transfer_submit(xfer); 3102 run_start(sc); 3103 3104 break; 3105 3106 default: 3107 DPRINTF("USB transfer error, %s\n", 3108 usbd_errstr(error)); 3109 3110 data = usbd_xfer_get_priv(xfer); 3111 3112 if (data != NULL) { 3113 if(data->ni != NULL) 3114 vap = data->ni->ni_vap; 3115 run_tx_free(pq, data, error); 3116 usbd_xfer_set_priv(xfer, NULL); 3117 } 3118 3119 if (vap == NULL) 3120 vap = TAILQ_FIRST(&ic->ic_vaps); 3121 3122 if (error != USB_ERR_CANCELLED) { 3123 if (error == USB_ERR_TIMEOUT) { 3124 device_printf(sc->sc_dev, "device timeout\n"); 3125 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3126 DPRINTF("cmdq_store=%d\n", i); 3127 sc->cmdq[i].func = run_usb_timeout_cb; 3128 sc->cmdq[i].arg0 = vap; 3129 ieee80211_runtask(ic, &sc->cmdq_task); 3130 } 3131 3132 /* 3133 * Try to clear stall first, also if other 3134 * errors occur, hence clearing stall 3135 * introduces a 50 ms delay: 3136 */ 3137 usbd_xfer_set_stall(xfer); 3138 goto tr_setup; 3139 } 3140 break; 3141 } 3142 } 3143 3144 static void 3145 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3146 { 3147 run_bulk_tx_callbackN(xfer, error, 0); 3148 } 3149 3150 static void 3151 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3152 { 3153 run_bulk_tx_callbackN(xfer, error, 1); 3154 } 3155 3156 static void 3157 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3158 { 3159 run_bulk_tx_callbackN(xfer, error, 2); 3160 } 3161 3162 static void 3163 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3164 { 3165 run_bulk_tx_callbackN(xfer, error, 3); 3166 } 3167 3168 static void 3169 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3170 { 3171 run_bulk_tx_callbackN(xfer, error, 4); 3172 } 3173 3174 static void 3175 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3176 { 3177 run_bulk_tx_callbackN(xfer, error, 5); 3178 } 3179 3180 static void 3181 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3182 { 3183 struct mbuf *m = data->m; 3184 struct ieee80211com *ic = &sc->sc_ic; 3185 struct ieee80211vap *vap = data->ni->ni_vap; 3186 struct ieee80211_frame *wh; 3187 struct rt2870_txd *txd; 3188 struct rt2860_txwi *txwi; 3189 uint16_t xferlen, txwisize; 3190 uint16_t mcs; 3191 uint8_t ridx = data->ridx; 3192 uint8_t pad; 3193 3194 /* get MCS code from rate index */ 3195 mcs = rt2860_rates[ridx].mcs; 3196 3197 txwisize = (sc->mac_ver == 0x5592) ? 3198 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3199 xferlen = txwisize + m->m_pkthdr.len; 3200 3201 /* roundup to 32-bit alignment */ 3202 xferlen = (xferlen + 3) & ~3; 3203 3204 txd = (struct rt2870_txd *)&data->desc; 3205 txd->len = htole16(xferlen); 3206 3207 wh = mtod(m, struct ieee80211_frame *); 3208 3209 /* 3210 * Ether both are true or both are false, the header 3211 * are nicely aligned to 32-bit. So, no L2 padding. 3212 */ 3213 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3214 pad = 0; 3215 else 3216 pad = 2; 3217 3218 /* setup TX Wireless Information */ 3219 txwi = (struct rt2860_txwi *)(txd + 1); 3220 txwi->len = htole16(m->m_pkthdr.len - pad); 3221 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3222 mcs |= RT2860_PHY_CCK; 3223 if (ridx != RT2860_RIDX_CCK1 && 3224 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3225 mcs |= RT2860_PHY_SHPRE; 3226 } else 3227 mcs |= RT2860_PHY_OFDM; 3228 txwi->phy = htole16(mcs); 3229 3230 /* check if RTS/CTS or CTS-to-self protection is required */ 3231 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3232 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3233 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3234 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3235 txwi->txop |= RT2860_TX_TXOP_HT; 3236 else 3237 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3238 3239 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3240 txwi->xflags |= RT2860_TX_NSEQ; 3241 } 3242 3243 /* This function must be called locked */ 3244 static int 3245 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3246 { 3247 struct ieee80211com *ic = &sc->sc_ic; 3248 struct ieee80211vap *vap = ni->ni_vap; 3249 struct ieee80211_frame *wh; 3250 struct ieee80211_channel *chan; 3251 const struct ieee80211_txparam *tp; 3252 struct run_node *rn = RUN_NODE(ni); 3253 struct run_tx_data *data; 3254 struct rt2870_txd *txd; 3255 struct rt2860_txwi *txwi; 3256 uint16_t qos; 3257 uint16_t dur; 3258 uint16_t qid; 3259 uint8_t type; 3260 uint8_t tid; 3261 uint8_t ridx; 3262 uint8_t ctl_ridx; 3263 uint8_t qflags; 3264 uint8_t xflags = 0; 3265 int hasqos; 3266 3267 RUN_LOCK_ASSERT(sc, MA_OWNED); 3268 3269 wh = mtod(m, struct ieee80211_frame *); 3270 3271 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3272 3273 /* 3274 * There are 7 bulk endpoints: 1 for RX 3275 * and 6 for TX (4 EDCAs + HCCA + Prio). 3276 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3277 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3278 */ 3279 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3280 uint8_t *frm; 3281 3282 if(IEEE80211_HAS_ADDR4(wh)) 3283 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3284 else 3285 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3286 3287 qos = le16toh(*(const uint16_t *)frm); 3288 tid = qos & IEEE80211_QOS_TID; 3289 qid = TID_TO_WME_AC(tid); 3290 } else { 3291 qos = 0; 3292 tid = 0; 3293 qid = WME_AC_BE; 3294 } 3295 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3296 3297 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3298 qos, qid, tid, qflags); 3299 3300 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3301 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3302 3303 /* pickup a rate index */ 3304 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3305 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3306 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3307 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3308 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3309 } else { 3310 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3311 ridx = rn->fix_ridx; 3312 else 3313 ridx = rn->amrr_ridx; 3314 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3315 } 3316 3317 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3318 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3319 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3320 xflags |= RT2860_TX_ACK; 3321 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3322 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3323 else 3324 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3325 USETW(wh->i_dur, dur); 3326 } 3327 3328 /* reserve slots for mgmt packets, just in case */ 3329 if (sc->sc_epq[qid].tx_nfree < 3) { 3330 DPRINTFN(10, "tx ring %d is full\n", qid); 3331 return (-1); 3332 } 3333 3334 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3335 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3336 sc->sc_epq[qid].tx_nfree--; 3337 3338 txd = (struct rt2870_txd *)&data->desc; 3339 txd->flags = qflags; 3340 txwi = (struct rt2860_txwi *)(txd + 1); 3341 txwi->xflags = xflags; 3342 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3343 txwi->wcid = 0; 3344 else 3345 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3346 1 : RUN_AID2WCID(ni->ni_associd); 3347 3348 /* clear leftover garbage bits */ 3349 txwi->flags = 0; 3350 txwi->txop = 0; 3351 3352 data->m = m; 3353 data->ni = ni; 3354 data->ridx = ridx; 3355 3356 run_set_tx_desc(sc, data); 3357 3358 /* 3359 * The chip keeps track of 2 kind of Tx stats, 3360 * * TX_STAT_FIFO, for per WCID stats, and 3361 * * TX_STA_CNT0 for all-TX-in-one stats. 3362 * 3363 * To use FIFO stats, we need to store MCS into the driver-private 3364 * PacketID field. So that, we can tell whose stats when we read them. 3365 * We add 1 to the MCS because setting the PacketID field to 0 means 3366 * that we don't want feedback in TX_STAT_FIFO. 3367 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3368 * 3369 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3370 */ 3371 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3372 vap->iv_opmode == IEEE80211_M_MBSS) { 3373 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3374 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3375 3376 /* 3377 * Unlike PCI based devices, we don't get any interrupt from 3378 * USB devices, so we simulate FIFO-is-full interrupt here. 3379 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3380 * quickly get fulled. To prevent overflow, increment a counter on 3381 * every FIFO stat request, so we know how many slots are left. 3382 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3383 * are used only in those modes. 3384 * We just drain stats. AMRR gets updated every 1 sec by 3385 * run_ratectl_cb() via callout. 3386 * Call it early. Otherwise overflow. 3387 */ 3388 if (sc->fifo_cnt++ == 10) { 3389 /* 3390 * With multiple vaps or if_bridge, if_start() is called 3391 * with a non-sleepable lock, tcpinp. So, need to defer. 3392 */ 3393 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3394 DPRINTFN(6, "cmdq_store=%d\n", i); 3395 sc->cmdq[i].func = run_drain_fifo; 3396 sc->cmdq[i].arg0 = sc; 3397 ieee80211_runtask(ic, &sc->cmdq_task); 3398 } 3399 } 3400 3401 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3402 3403 usbd_transfer_start(sc->sc_xfer[qid]); 3404 3405 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3406 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3407 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3408 3409 return (0); 3410 } 3411 3412 static int 3413 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3414 { 3415 struct ieee80211com *ic = &sc->sc_ic; 3416 struct run_node *rn = RUN_NODE(ni); 3417 struct run_tx_data *data; 3418 struct ieee80211_frame *wh; 3419 struct rt2870_txd *txd; 3420 struct rt2860_txwi *txwi; 3421 uint16_t dur; 3422 uint8_t ridx = rn->mgt_ridx; 3423 uint8_t type; 3424 uint8_t xflags = 0; 3425 uint8_t wflags = 0; 3426 3427 RUN_LOCK_ASSERT(sc, MA_OWNED); 3428 3429 wh = mtod(m, struct ieee80211_frame *); 3430 3431 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3432 3433 /* tell hardware to add timestamp for probe responses */ 3434 if ((wh->i_fc[0] & 3435 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3436 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3437 wflags |= RT2860_TX_TS; 3438 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3439 xflags |= RT2860_TX_ACK; 3440 3441 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3442 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3443 USETW(wh->i_dur, dur); 3444 } 3445 3446 if (sc->sc_epq[0].tx_nfree == 0) 3447 /* let caller free mbuf */ 3448 return (EIO); 3449 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3450 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3451 sc->sc_epq[0].tx_nfree--; 3452 3453 txd = (struct rt2870_txd *)&data->desc; 3454 txd->flags = RT2860_TX_QSEL_EDCA; 3455 txwi = (struct rt2860_txwi *)(txd + 1); 3456 txwi->wcid = 0xff; 3457 txwi->flags = wflags; 3458 txwi->xflags = xflags; 3459 txwi->txop = 0; /* clear leftover garbage bits */ 3460 3461 data->m = m; 3462 data->ni = ni; 3463 data->ridx = ridx; 3464 3465 run_set_tx_desc(sc, data); 3466 3467 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3468 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3469 rt2860_rates[ridx].rate); 3470 3471 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3472 3473 usbd_transfer_start(sc->sc_xfer[0]); 3474 3475 return (0); 3476 } 3477 3478 static int 3479 run_sendprot(struct run_softc *sc, 3480 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3481 { 3482 struct ieee80211com *ic = ni->ni_ic; 3483 struct ieee80211_frame *wh; 3484 struct run_tx_data *data; 3485 struct rt2870_txd *txd; 3486 struct rt2860_txwi *txwi; 3487 struct mbuf *mprot; 3488 int ridx; 3489 int protrate; 3490 int ackrate; 3491 int pktlen; 3492 int isshort; 3493 uint16_t dur; 3494 uint8_t type; 3495 uint8_t wflags = 0; 3496 uint8_t xflags = 0; 3497 3498 RUN_LOCK_ASSERT(sc, MA_OWNED); 3499 3500 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3501 ("protection %d", prot)); 3502 3503 wh = mtod(m, struct ieee80211_frame *); 3504 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3505 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3506 3507 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3508 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3509 3510 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3511 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3512 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3513 wflags = RT2860_TX_FRAG; 3514 3515 /* check that there are free slots before allocating the mbuf */ 3516 if (sc->sc_epq[0].tx_nfree == 0) 3517 /* let caller free mbuf */ 3518 return (ENOBUFS); 3519 3520 if (prot == IEEE80211_PROT_RTSCTS) { 3521 /* NB: CTS is the same size as an ACK */ 3522 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3523 xflags |= RT2860_TX_ACK; 3524 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3525 } else { 3526 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3527 } 3528 if (mprot == NULL) { 3529 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3530 DPRINTF("could not allocate mbuf\n"); 3531 return (ENOBUFS); 3532 } 3533 3534 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3535 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3536 sc->sc_epq[0].tx_nfree--; 3537 3538 txd = (struct rt2870_txd *)&data->desc; 3539 txd->flags = RT2860_TX_QSEL_EDCA; 3540 txwi = (struct rt2860_txwi *)(txd + 1); 3541 txwi->wcid = 0xff; 3542 txwi->flags = wflags; 3543 txwi->xflags = xflags; 3544 txwi->txop = 0; /* clear leftover garbage bits */ 3545 3546 data->m = mprot; 3547 data->ni = ieee80211_ref_node(ni); 3548 3549 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3550 if (rt2860_rates[ridx].rate == protrate) 3551 break; 3552 data->ridx = ridx; 3553 3554 run_set_tx_desc(sc, data); 3555 3556 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3557 m->m_pkthdr.len, rate); 3558 3559 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3560 3561 usbd_transfer_start(sc->sc_xfer[0]); 3562 3563 return (0); 3564 } 3565 3566 static int 3567 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3568 const struct ieee80211_bpf_params *params) 3569 { 3570 struct ieee80211com *ic = ni->ni_ic; 3571 struct ieee80211_frame *wh; 3572 struct run_tx_data *data; 3573 struct rt2870_txd *txd; 3574 struct rt2860_txwi *txwi; 3575 uint8_t type; 3576 uint8_t ridx; 3577 uint8_t rate; 3578 uint8_t opflags = 0; 3579 uint8_t xflags = 0; 3580 int error; 3581 3582 RUN_LOCK_ASSERT(sc, MA_OWNED); 3583 3584 KASSERT(params != NULL, ("no raw xmit params")); 3585 3586 wh = mtod(m, struct ieee80211_frame *); 3587 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3588 3589 rate = params->ibp_rate0; 3590 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3591 /* let caller free mbuf */ 3592 return (EINVAL); 3593 } 3594 3595 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3596 xflags |= RT2860_TX_ACK; 3597 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3598 error = run_sendprot(sc, m, ni, 3599 params->ibp_flags & IEEE80211_BPF_RTS ? 3600 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3601 rate); 3602 if (error) { 3603 /* let caller free mbuf */ 3604 return error; 3605 } 3606 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3607 } 3608 3609 if (sc->sc_epq[0].tx_nfree == 0) { 3610 /* let caller free mbuf */ 3611 DPRINTF("sending raw frame, but tx ring is full\n"); 3612 return (EIO); 3613 } 3614 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3615 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3616 sc->sc_epq[0].tx_nfree--; 3617 3618 txd = (struct rt2870_txd *)&data->desc; 3619 txd->flags = RT2860_TX_QSEL_EDCA; 3620 txwi = (struct rt2860_txwi *)(txd + 1); 3621 txwi->wcid = 0xff; 3622 txwi->xflags = xflags; 3623 txwi->txop = opflags; 3624 txwi->flags = 0; /* clear leftover garbage bits */ 3625 3626 data->m = m; 3627 data->ni = ni; 3628 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3629 if (rt2860_rates[ridx].rate == rate) 3630 break; 3631 data->ridx = ridx; 3632 3633 run_set_tx_desc(sc, data); 3634 3635 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3636 m->m_pkthdr.len, rate); 3637 3638 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3639 3640 usbd_transfer_start(sc->sc_xfer[0]); 3641 3642 return (0); 3643 } 3644 3645 static int 3646 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3647 const struct ieee80211_bpf_params *params) 3648 { 3649 struct run_softc *sc = ni->ni_ic->ic_softc; 3650 int error = 0; 3651 3652 RUN_LOCK(sc); 3653 3654 /* prevent management frames from being sent if we're not ready */ 3655 if (!(sc->sc_flags & RUN_RUNNING)) { 3656 error = ENETDOWN; 3657 goto done; 3658 } 3659 3660 if (params == NULL) { 3661 /* tx mgt packet */ 3662 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3663 DPRINTF("mgt tx failed\n"); 3664 goto done; 3665 } 3666 } else { 3667 /* tx raw packet with param */ 3668 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3669 DPRINTF("tx with param failed\n"); 3670 goto done; 3671 } 3672 } 3673 3674 done: 3675 RUN_UNLOCK(sc); 3676 3677 if (error != 0) { 3678 if(m != NULL) 3679 m_freem(m); 3680 } 3681 3682 return (error); 3683 } 3684 3685 static int 3686 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3687 { 3688 struct run_softc *sc = ic->ic_softc; 3689 int error; 3690 3691 RUN_LOCK(sc); 3692 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3693 RUN_UNLOCK(sc); 3694 return (ENXIO); 3695 } 3696 error = mbufq_enqueue(&sc->sc_snd, m); 3697 if (error) { 3698 RUN_UNLOCK(sc); 3699 return (error); 3700 } 3701 run_start(sc); 3702 RUN_UNLOCK(sc); 3703 3704 return (0); 3705 } 3706 3707 static void 3708 run_start(struct run_softc *sc) 3709 { 3710 struct ieee80211_node *ni; 3711 struct mbuf *m; 3712 3713 RUN_LOCK_ASSERT(sc, MA_OWNED); 3714 3715 if ((sc->sc_flags & RUN_RUNNING) == 0) 3716 return; 3717 3718 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3719 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3720 if (run_tx(sc, m, ni) != 0) { 3721 mbufq_prepend(&sc->sc_snd, m); 3722 break; 3723 } 3724 } 3725 } 3726 3727 static void 3728 run_parent(struct ieee80211com *ic) 3729 { 3730 struct run_softc *sc = ic->ic_softc; 3731 int startall = 0; 3732 3733 RUN_LOCK(sc); 3734 if (sc->sc_detached) { 3735 RUN_UNLOCK(sc); 3736 return; 3737 } 3738 3739 if (ic->ic_nrunning > 0) { 3740 if (!(sc->sc_flags & RUN_RUNNING)) { 3741 startall = 1; 3742 run_init_locked(sc); 3743 } else 3744 run_update_promisc_locked(sc); 3745 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3746 run_stop(sc); 3747 RUN_UNLOCK(sc); 3748 if (startall) 3749 ieee80211_start_all(ic); 3750 } 3751 3752 static void 3753 run_iq_calib(struct run_softc *sc, u_int chan) 3754 { 3755 uint16_t val; 3756 3757 /* Tx0 IQ gain. */ 3758 run_bbp_write(sc, 158, 0x2c); 3759 if (chan <= 14) 3760 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3761 else if (chan <= 64) { 3762 run_efuse_read(sc, 3763 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3764 &val, 1); 3765 } else if (chan <= 138) { 3766 run_efuse_read(sc, 3767 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3768 &val, 1); 3769 } else if (chan <= 165) { 3770 run_efuse_read(sc, 3771 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3772 &val, 1); 3773 } else 3774 val = 0; 3775 run_bbp_write(sc, 159, val); 3776 3777 /* Tx0 IQ phase. */ 3778 run_bbp_write(sc, 158, 0x2d); 3779 if (chan <= 14) { 3780 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3781 &val, 1); 3782 } else if (chan <= 64) { 3783 run_efuse_read(sc, 3784 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3785 &val, 1); 3786 } else if (chan <= 138) { 3787 run_efuse_read(sc, 3788 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3789 &val, 1); 3790 } else if (chan <= 165) { 3791 run_efuse_read(sc, 3792 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3793 &val, 1); 3794 } else 3795 val = 0; 3796 run_bbp_write(sc, 159, val); 3797 3798 /* Tx1 IQ gain. */ 3799 run_bbp_write(sc, 158, 0x4a); 3800 if (chan <= 14) { 3801 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3802 &val, 1); 3803 } else if (chan <= 64) { 3804 run_efuse_read(sc, 3805 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3806 &val, 1); 3807 } else if (chan <= 138) { 3808 run_efuse_read(sc, 3809 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3810 &val, 1); 3811 } else if (chan <= 165) { 3812 run_efuse_read(sc, 3813 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3814 &val, 1); 3815 } else 3816 val = 0; 3817 run_bbp_write(sc, 159, val); 3818 3819 /* Tx1 IQ phase. */ 3820 run_bbp_write(sc, 158, 0x4b); 3821 if (chan <= 14) { 3822 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3823 &val, 1); 3824 } else if (chan <= 64) { 3825 run_efuse_read(sc, 3826 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3827 &val, 1); 3828 } else if (chan <= 138) { 3829 run_efuse_read(sc, 3830 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3831 &val, 1); 3832 } else if (chan <= 165) { 3833 run_efuse_read(sc, 3834 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3835 &val, 1); 3836 } else 3837 val = 0; 3838 run_bbp_write(sc, 159, val); 3839 3840 /* RF IQ compensation control. */ 3841 run_bbp_write(sc, 158, 0x04); 3842 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3843 &val, 1); 3844 run_bbp_write(sc, 159, val); 3845 3846 /* RF IQ imbalance compensation control. */ 3847 run_bbp_write(sc, 158, 0x03); 3848 run_efuse_read(sc, 3849 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3850 run_bbp_write(sc, 159, val); 3851 } 3852 3853 static void 3854 run_set_agc(struct run_softc *sc, uint8_t agc) 3855 { 3856 uint8_t bbp; 3857 3858 if (sc->mac_ver == 0x3572) { 3859 run_bbp_read(sc, 27, &bbp); 3860 bbp &= ~(0x3 << 5); 3861 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3862 run_bbp_write(sc, 66, agc); 3863 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3864 run_bbp_write(sc, 66, agc); 3865 } else 3866 run_bbp_write(sc, 66, agc); 3867 } 3868 3869 static void 3870 run_select_chan_group(struct run_softc *sc, int group) 3871 { 3872 uint32_t tmp; 3873 uint8_t agc; 3874 3875 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3876 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3877 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3878 if (sc->mac_ver < 0x3572) 3879 run_bbp_write(sc, 86, 0x00); 3880 3881 if (sc->mac_ver == 0x3593) { 3882 run_bbp_write(sc, 77, 0x98); 3883 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3884 } 3885 3886 if (group == 0) { 3887 if (sc->ext_2ghz_lna) { 3888 if (sc->mac_ver >= 0x5390) 3889 run_bbp_write(sc, 75, 0x52); 3890 else { 3891 run_bbp_write(sc, 82, 0x62); 3892 run_bbp_write(sc, 75, 0x46); 3893 } 3894 } else { 3895 if (sc->mac_ver == 0x5592) { 3896 run_bbp_write(sc, 79, 0x1c); 3897 run_bbp_write(sc, 80, 0x0e); 3898 run_bbp_write(sc, 81, 0x3a); 3899 run_bbp_write(sc, 82, 0x62); 3900 3901 run_bbp_write(sc, 195, 0x80); 3902 run_bbp_write(sc, 196, 0xe0); 3903 run_bbp_write(sc, 195, 0x81); 3904 run_bbp_write(sc, 196, 0x1f); 3905 run_bbp_write(sc, 195, 0x82); 3906 run_bbp_write(sc, 196, 0x38); 3907 run_bbp_write(sc, 195, 0x83); 3908 run_bbp_write(sc, 196, 0x32); 3909 run_bbp_write(sc, 195, 0x85); 3910 run_bbp_write(sc, 196, 0x28); 3911 run_bbp_write(sc, 195, 0x86); 3912 run_bbp_write(sc, 196, 0x19); 3913 } else if (sc->mac_ver >= 0x5390) 3914 run_bbp_write(sc, 75, 0x50); 3915 else { 3916 run_bbp_write(sc, 82, 3917 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3918 run_bbp_write(sc, 75, 0x50); 3919 } 3920 } 3921 } else { 3922 if (sc->mac_ver == 0x5592) { 3923 run_bbp_write(sc, 79, 0x18); 3924 run_bbp_write(sc, 80, 0x08); 3925 run_bbp_write(sc, 81, 0x38); 3926 run_bbp_write(sc, 82, 0x92); 3927 3928 run_bbp_write(sc, 195, 0x80); 3929 run_bbp_write(sc, 196, 0xf0); 3930 run_bbp_write(sc, 195, 0x81); 3931 run_bbp_write(sc, 196, 0x1e); 3932 run_bbp_write(sc, 195, 0x82); 3933 run_bbp_write(sc, 196, 0x28); 3934 run_bbp_write(sc, 195, 0x83); 3935 run_bbp_write(sc, 196, 0x20); 3936 run_bbp_write(sc, 195, 0x85); 3937 run_bbp_write(sc, 196, 0x7f); 3938 run_bbp_write(sc, 195, 0x86); 3939 run_bbp_write(sc, 196, 0x7f); 3940 } else if (sc->mac_ver == 0x3572) 3941 run_bbp_write(sc, 82, 0x94); 3942 else 3943 run_bbp_write(sc, 82, 3944 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3945 if (sc->ext_5ghz_lna) 3946 run_bbp_write(sc, 75, 0x46); 3947 else 3948 run_bbp_write(sc, 75, 0x50); 3949 } 3950 3951 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3952 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3953 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3954 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3955 3956 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3957 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3958 if (sc->mac_ver == 0x3593) 3959 tmp |= 1 << 29 | 1 << 28; 3960 if (sc->nrxchains > 1) 3961 tmp |= RT2860_LNA_PE1_EN; 3962 if (group == 0) { /* 2GHz */ 3963 tmp |= RT2860_PA_PE_G0_EN; 3964 if (sc->ntxchains > 1) 3965 tmp |= RT2860_PA_PE_G1_EN; 3966 if (sc->mac_ver == 0x3593) { 3967 if (sc->ntxchains > 2) 3968 tmp |= 1 << 25; 3969 } 3970 } else { /* 5GHz */ 3971 tmp |= RT2860_PA_PE_A0_EN; 3972 if (sc->ntxchains > 1) 3973 tmp |= RT2860_PA_PE_A1_EN; 3974 } 3975 if (sc->mac_ver == 0x3572) { 3976 run_rt3070_rf_write(sc, 8, 0x00); 3977 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3978 run_rt3070_rf_write(sc, 8, 0x80); 3979 } else 3980 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3981 3982 if (sc->mac_ver == 0x5592) { 3983 run_bbp_write(sc, 195, 0x8d); 3984 run_bbp_write(sc, 196, 0x1a); 3985 } 3986 3987 if (sc->mac_ver == 0x3593) { 3988 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3989 tmp &= ~0x01010000; 3990 if (group == 0) 3991 tmp |= 0x00010000; 3992 tmp = (tmp & ~0x00009090) | 0x00000090; 3993 run_write(sc, RT2860_GPIO_CTRL, tmp); 3994 } 3995 3996 /* set initial AGC value */ 3997 if (group == 0) { /* 2GHz band */ 3998 if (sc->mac_ver >= 0x3070) 3999 agc = 0x1c + sc->lna[0] * 2; 4000 else 4001 agc = 0x2e + sc->lna[0]; 4002 } else { /* 5GHz band */ 4003 if (sc->mac_ver == 0x5592) 4004 agc = 0x24 + sc->lna[group] * 2; 4005 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4006 agc = 0x22 + (sc->lna[group] * 5) / 3; 4007 else 4008 agc = 0x32 + (sc->lna[group] * 5) / 3; 4009 } 4010 run_set_agc(sc, agc); 4011 } 4012 4013 static void 4014 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4015 { 4016 const struct rfprog *rfprog = rt2860_rf2850; 4017 uint32_t r2, r3, r4; 4018 int8_t txpow1, txpow2; 4019 int i; 4020 4021 /* find the settings for this channel (we know it exists) */ 4022 for (i = 0; rfprog[i].chan != chan; i++); 4023 4024 r2 = rfprog[i].r2; 4025 if (sc->ntxchains == 1) 4026 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4027 if (sc->nrxchains == 1) 4028 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4029 else if (sc->nrxchains == 2) 4030 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4031 4032 /* use Tx power values from EEPROM */ 4033 txpow1 = sc->txpow1[i]; 4034 txpow2 = sc->txpow2[i]; 4035 4036 /* Initialize RF R3 and R4. */ 4037 r3 = rfprog[i].r3 & 0xffffc1ff; 4038 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4039 if (chan > 14) { 4040 if (txpow1 >= 0) { 4041 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4042 r3 |= (txpow1 << 10) | (1 << 9); 4043 } else { 4044 txpow1 += 7; 4045 4046 /* txpow1 is not possible larger than 15. */ 4047 r3 |= (txpow1 << 10); 4048 } 4049 if (txpow2 >= 0) { 4050 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4051 r4 |= (txpow2 << 7) | (1 << 6); 4052 } else { 4053 txpow2 += 7; 4054 r4 |= (txpow2 << 7); 4055 } 4056 } else { 4057 /* Set Tx0 power. */ 4058 r3 |= (txpow1 << 9); 4059 4060 /* Set frequency offset and Tx1 power. */ 4061 r4 |= (txpow2 << 6); 4062 } 4063 4064 run_rt2870_rf_write(sc, rfprog[i].r1); 4065 run_rt2870_rf_write(sc, r2); 4066 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4067 run_rt2870_rf_write(sc, r4); 4068 4069 run_delay(sc, 10); 4070 4071 run_rt2870_rf_write(sc, rfprog[i].r1); 4072 run_rt2870_rf_write(sc, r2); 4073 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4074 run_rt2870_rf_write(sc, r4); 4075 4076 run_delay(sc, 10); 4077 4078 run_rt2870_rf_write(sc, rfprog[i].r1); 4079 run_rt2870_rf_write(sc, r2); 4080 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4081 run_rt2870_rf_write(sc, r4); 4082 } 4083 4084 static void 4085 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4086 { 4087 int8_t txpow1, txpow2; 4088 uint8_t rf; 4089 int i; 4090 4091 /* find the settings for this channel (we know it exists) */ 4092 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4093 4094 /* use Tx power values from EEPROM */ 4095 txpow1 = sc->txpow1[i]; 4096 txpow2 = sc->txpow2[i]; 4097 4098 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4099 4100 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4101 run_rt3070_rf_read(sc, 3, &rf); 4102 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4103 run_rt3070_rf_write(sc, 3, rf); 4104 4105 run_rt3070_rf_read(sc, 6, &rf); 4106 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4107 run_rt3070_rf_write(sc, 6, rf); 4108 4109 /* set Tx0 power */ 4110 run_rt3070_rf_read(sc, 12, &rf); 4111 rf = (rf & ~0x1f) | txpow1; 4112 run_rt3070_rf_write(sc, 12, rf); 4113 4114 /* set Tx1 power */ 4115 run_rt3070_rf_read(sc, 13, &rf); 4116 rf = (rf & ~0x1f) | txpow2; 4117 run_rt3070_rf_write(sc, 13, rf); 4118 4119 run_rt3070_rf_read(sc, 1, &rf); 4120 rf &= ~0xfc; 4121 if (sc->ntxchains == 1) 4122 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4123 else if (sc->ntxchains == 2) 4124 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4125 if (sc->nrxchains == 1) 4126 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4127 else if (sc->nrxchains == 2) 4128 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4129 run_rt3070_rf_write(sc, 1, rf); 4130 4131 /* set RF offset */ 4132 run_rt3070_rf_read(sc, 23, &rf); 4133 rf = (rf & ~0x7f) | sc->freq; 4134 run_rt3070_rf_write(sc, 23, rf); 4135 4136 /* program RF filter */ 4137 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4138 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4139 run_rt3070_rf_write(sc, 24, rf); 4140 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4141 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4142 run_rt3070_rf_write(sc, 31, rf); 4143 4144 /* enable RF tuning */ 4145 run_rt3070_rf_read(sc, 7, &rf); 4146 run_rt3070_rf_write(sc, 7, rf | 0x01); 4147 } 4148 4149 static void 4150 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4151 { 4152 int8_t txpow1, txpow2; 4153 uint32_t tmp; 4154 uint8_t rf; 4155 int i; 4156 4157 /* find the settings for this channel (we know it exists) */ 4158 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4159 4160 /* use Tx power values from EEPROM */ 4161 txpow1 = sc->txpow1[i]; 4162 txpow2 = sc->txpow2[i]; 4163 4164 if (chan <= 14) { 4165 run_bbp_write(sc, 25, sc->bbp25); 4166 run_bbp_write(sc, 26, sc->bbp26); 4167 } else { 4168 /* enable IQ phase correction */ 4169 run_bbp_write(sc, 25, 0x09); 4170 run_bbp_write(sc, 26, 0xff); 4171 } 4172 4173 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4174 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4175 run_rt3070_rf_read(sc, 6, &rf); 4176 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4177 rf |= (chan <= 14) ? 0x08 : 0x04; 4178 run_rt3070_rf_write(sc, 6, rf); 4179 4180 /* set PLL mode */ 4181 run_rt3070_rf_read(sc, 5, &rf); 4182 rf &= ~(0x08 | 0x04); 4183 rf |= (chan <= 14) ? 0x04 : 0x08; 4184 run_rt3070_rf_write(sc, 5, rf); 4185 4186 /* set Tx power for chain 0 */ 4187 if (chan <= 14) 4188 rf = 0x60 | txpow1; 4189 else 4190 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4191 run_rt3070_rf_write(sc, 12, rf); 4192 4193 /* set Tx power for chain 1 */ 4194 if (chan <= 14) 4195 rf = 0x60 | txpow2; 4196 else 4197 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4198 run_rt3070_rf_write(sc, 13, rf); 4199 4200 /* set Tx/Rx streams */ 4201 run_rt3070_rf_read(sc, 1, &rf); 4202 rf &= ~0xfc; 4203 if (sc->ntxchains == 1) 4204 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4205 else if (sc->ntxchains == 2) 4206 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4207 if (sc->nrxchains == 1) 4208 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4209 else if (sc->nrxchains == 2) 4210 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4211 run_rt3070_rf_write(sc, 1, rf); 4212 4213 /* set RF offset */ 4214 run_rt3070_rf_read(sc, 23, &rf); 4215 rf = (rf & ~0x7f) | sc->freq; 4216 run_rt3070_rf_write(sc, 23, rf); 4217 4218 /* program RF filter */ 4219 rf = sc->rf24_20mhz; 4220 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4221 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4222 4223 /* enable RF tuning */ 4224 run_rt3070_rf_read(sc, 7, &rf); 4225 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4226 run_rt3070_rf_write(sc, 7, rf); 4227 4228 /* TSSI */ 4229 rf = (chan <= 14) ? 0xc3 : 0xc0; 4230 run_rt3070_rf_write(sc, 9, rf); 4231 4232 /* set loop filter 1 */ 4233 run_rt3070_rf_write(sc, 10, 0xf1); 4234 /* set loop filter 2 */ 4235 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4236 4237 /* set tx_mx2_ic */ 4238 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4239 /* set tx_mx1_ic */ 4240 if (chan <= 14) 4241 rf = 0x48 | sc->txmixgain_2ghz; 4242 else 4243 rf = 0x78 | sc->txmixgain_5ghz; 4244 run_rt3070_rf_write(sc, 16, rf); 4245 4246 /* set tx_lo1 */ 4247 run_rt3070_rf_write(sc, 17, 0x23); 4248 /* set tx_lo2 */ 4249 if (chan <= 14) 4250 rf = 0x93; 4251 else if (chan <= 64) 4252 rf = 0xb7; 4253 else if (chan <= 128) 4254 rf = 0x74; 4255 else 4256 rf = 0x72; 4257 run_rt3070_rf_write(sc, 19, rf); 4258 4259 /* set rx_lo1 */ 4260 if (chan <= 14) 4261 rf = 0xb3; 4262 else if (chan <= 64) 4263 rf = 0xf6; 4264 else if (chan <= 128) 4265 rf = 0xf4; 4266 else 4267 rf = 0xf3; 4268 run_rt3070_rf_write(sc, 20, rf); 4269 4270 /* set pfd_delay */ 4271 if (chan <= 14) 4272 rf = 0x15; 4273 else if (chan <= 64) 4274 rf = 0x3d; 4275 else 4276 rf = 0x01; 4277 run_rt3070_rf_write(sc, 25, rf); 4278 4279 /* set rx_lo2 */ 4280 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4281 /* set ldo_rf_vc */ 4282 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4283 /* set drv_cc */ 4284 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4285 4286 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4287 tmp &= ~0x8080; 4288 if (chan <= 14) 4289 tmp |= 0x80; 4290 run_write(sc, RT2860_GPIO_CTRL, tmp); 4291 4292 /* enable RF tuning */ 4293 run_rt3070_rf_read(sc, 7, &rf); 4294 run_rt3070_rf_write(sc, 7, rf | 0x01); 4295 4296 run_delay(sc, 2); 4297 } 4298 4299 static void 4300 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4301 { 4302 int8_t txpow1, txpow2, txpow3; 4303 uint8_t h20mhz, rf; 4304 int i; 4305 4306 /* find the settings for this channel (we know it exists) */ 4307 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4308 4309 /* use Tx power values from EEPROM */ 4310 txpow1 = sc->txpow1[i]; 4311 txpow2 = sc->txpow2[i]; 4312 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4313 4314 if (chan <= 14) { 4315 run_bbp_write(sc, 25, sc->bbp25); 4316 run_bbp_write(sc, 26, sc->bbp26); 4317 } else { 4318 /* Enable IQ phase correction. */ 4319 run_bbp_write(sc, 25, 0x09); 4320 run_bbp_write(sc, 26, 0xff); 4321 } 4322 4323 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4324 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4325 run_rt3070_rf_read(sc, 11, &rf); 4326 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4327 run_rt3070_rf_write(sc, 11, rf); 4328 4329 /* Set pll_idoh. */ 4330 run_rt3070_rf_read(sc, 11, &rf); 4331 rf &= ~0x4c; 4332 rf |= (chan <= 14) ? 0x44 : 0x48; 4333 run_rt3070_rf_write(sc, 11, rf); 4334 4335 if (chan <= 14) 4336 rf = txpow1 & 0x1f; 4337 else 4338 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4339 run_rt3070_rf_write(sc, 53, rf); 4340 4341 if (chan <= 14) 4342 rf = txpow2 & 0x1f; 4343 else 4344 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4345 run_rt3070_rf_write(sc, 55, rf); 4346 4347 if (chan <= 14) 4348 rf = txpow3 & 0x1f; 4349 else 4350 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4351 run_rt3070_rf_write(sc, 54, rf); 4352 4353 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4354 if (sc->ntxchains == 3) 4355 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4356 else 4357 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4358 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4359 run_rt3070_rf_write(sc, 1, rf); 4360 4361 run_adjust_freq_offset(sc); 4362 4363 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4364 4365 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4366 run_rt3070_rf_read(sc, 30, &rf); 4367 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4368 run_rt3070_rf_write(sc, 30, rf); 4369 4370 run_rt3070_rf_read(sc, 36, &rf); 4371 if (chan <= 14) 4372 rf |= 0x80; 4373 else 4374 rf &= ~0x80; 4375 run_rt3070_rf_write(sc, 36, rf); 4376 4377 /* Set vcolo_bs. */ 4378 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4379 /* Set pfd_delay. */ 4380 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4381 4382 /* Set vco bias current control. */ 4383 run_rt3070_rf_read(sc, 6, &rf); 4384 rf &= ~0xc0; 4385 if (chan <= 14) 4386 rf |= 0x40; 4387 else if (chan <= 128) 4388 rf |= 0x80; 4389 else 4390 rf |= 0x40; 4391 run_rt3070_rf_write(sc, 6, rf); 4392 4393 run_rt3070_rf_read(sc, 30, &rf); 4394 rf = (rf & ~0x18) | 0x10; 4395 run_rt3070_rf_write(sc, 30, rf); 4396 4397 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4398 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4399 4400 run_rt3070_rf_read(sc, 51, &rf); 4401 rf = (rf & ~0x03) | 0x01; 4402 run_rt3070_rf_write(sc, 51, rf); 4403 /* Set tx_mx1_cc. */ 4404 run_rt3070_rf_read(sc, 51, &rf); 4405 rf &= ~0x1c; 4406 rf |= (chan <= 14) ? 0x14 : 0x10; 4407 run_rt3070_rf_write(sc, 51, rf); 4408 /* Set tx_mx1_ic. */ 4409 run_rt3070_rf_read(sc, 51, &rf); 4410 rf &= ~0xe0; 4411 rf |= (chan <= 14) ? 0x60 : 0x40; 4412 run_rt3070_rf_write(sc, 51, rf); 4413 /* Set tx_lo1_ic. */ 4414 run_rt3070_rf_read(sc, 49, &rf); 4415 rf &= ~0x1c; 4416 rf |= (chan <= 14) ? 0x0c : 0x08; 4417 run_rt3070_rf_write(sc, 49, rf); 4418 /* Set tx_lo1_en. */ 4419 run_rt3070_rf_read(sc, 50, &rf); 4420 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4421 /* Set drv_cc. */ 4422 run_rt3070_rf_read(sc, 57, &rf); 4423 rf &= ~0xfc; 4424 rf |= (chan <= 14) ? 0x6c : 0x3c; 4425 run_rt3070_rf_write(sc, 57, rf); 4426 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4427 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4428 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4429 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4430 /* Enable VCO calibration. */ 4431 run_rt3070_rf_read(sc, 3, &rf); 4432 rf &= ~RT5390_VCOCAL; 4433 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4434 run_rt3070_rf_write(sc, 3, rf); 4435 4436 if (chan <= 14) 4437 rf = 0x23; 4438 else if (chan <= 64) 4439 rf = 0x36; 4440 else if (chan <= 128) 4441 rf = 0x32; 4442 else 4443 rf = 0x30; 4444 run_rt3070_rf_write(sc, 39, rf); 4445 if (chan <= 14) 4446 rf = 0xbb; 4447 else if (chan <= 64) 4448 rf = 0xeb; 4449 else if (chan <= 128) 4450 rf = 0xb3; 4451 else 4452 rf = 0x9b; 4453 run_rt3070_rf_write(sc, 45, rf); 4454 4455 /* Set FEQ/AEQ control. */ 4456 run_bbp_write(sc, 105, 0x34); 4457 } 4458 4459 static void 4460 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4461 { 4462 int8_t txpow1, txpow2; 4463 uint8_t rf; 4464 int i; 4465 4466 /* find the settings for this channel (we know it exists) */ 4467 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4468 4469 /* use Tx power values from EEPROM */ 4470 txpow1 = sc->txpow1[i]; 4471 txpow2 = sc->txpow2[i]; 4472 4473 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4474 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4475 run_rt3070_rf_read(sc, 11, &rf); 4476 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4477 run_rt3070_rf_write(sc, 11, rf); 4478 4479 run_rt3070_rf_read(sc, 49, &rf); 4480 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4481 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4482 if ((rf & 0x3f) > 0x27) 4483 rf = (rf & ~0x3f) | 0x27; 4484 run_rt3070_rf_write(sc, 49, rf); 4485 4486 if (sc->mac_ver == 0x5392) { 4487 run_rt3070_rf_read(sc, 50, &rf); 4488 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4489 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4490 if ((rf & 0x3f) > 0x27) 4491 rf = (rf & ~0x3f) | 0x27; 4492 run_rt3070_rf_write(sc, 50, rf); 4493 } 4494 4495 run_rt3070_rf_read(sc, 1, &rf); 4496 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4497 if (sc->mac_ver == 0x5392) 4498 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4499 run_rt3070_rf_write(sc, 1, rf); 4500 4501 if (sc->mac_ver != 0x5392) { 4502 run_rt3070_rf_read(sc, 2, &rf); 4503 rf |= 0x80; 4504 run_rt3070_rf_write(sc, 2, rf); 4505 run_delay(sc, 10); 4506 rf &= 0x7f; 4507 run_rt3070_rf_write(sc, 2, rf); 4508 } 4509 4510 run_adjust_freq_offset(sc); 4511 4512 if (sc->mac_ver == 0x5392) { 4513 /* Fix for RT5392C. */ 4514 if (sc->mac_rev >= 0x0223) { 4515 if (chan <= 4) 4516 rf = 0x0f; 4517 else if (chan >= 5 && chan <= 7) 4518 rf = 0x0e; 4519 else 4520 rf = 0x0d; 4521 run_rt3070_rf_write(sc, 23, rf); 4522 4523 if (chan <= 4) 4524 rf = 0x0c; 4525 else if (chan == 5) 4526 rf = 0x0b; 4527 else if (chan >= 6 && chan <= 7) 4528 rf = 0x0a; 4529 else if (chan >= 8 && chan <= 10) 4530 rf = 0x09; 4531 else 4532 rf = 0x08; 4533 run_rt3070_rf_write(sc, 59, rf); 4534 } else { 4535 if (chan <= 11) 4536 rf = 0x0f; 4537 else 4538 rf = 0x0b; 4539 run_rt3070_rf_write(sc, 59, rf); 4540 } 4541 } else { 4542 /* Fix for RT5390F. */ 4543 if (sc->mac_rev >= 0x0502) { 4544 if (chan <= 11) 4545 rf = 0x43; 4546 else 4547 rf = 0x23; 4548 run_rt3070_rf_write(sc, 55, rf); 4549 4550 if (chan <= 11) 4551 rf = 0x0f; 4552 else if (chan == 12) 4553 rf = 0x0d; 4554 else 4555 rf = 0x0b; 4556 run_rt3070_rf_write(sc, 59, rf); 4557 } else { 4558 run_rt3070_rf_write(sc, 55, 0x44); 4559 run_rt3070_rf_write(sc, 59, 0x8f); 4560 } 4561 } 4562 4563 /* Enable VCO calibration. */ 4564 run_rt3070_rf_read(sc, 3, &rf); 4565 rf |= RT5390_VCOCAL; 4566 run_rt3070_rf_write(sc, 3, rf); 4567 } 4568 4569 static void 4570 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4571 { 4572 const struct rt5592_freqs *freqs; 4573 uint32_t tmp; 4574 uint8_t reg, rf, txpow_bound; 4575 int8_t txpow1, txpow2; 4576 int i; 4577 4578 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4579 freqs = (tmp & RT5592_SEL_XTAL) ? 4580 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4581 4582 /* find the settings for this channel (we know it exists) */ 4583 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4584 4585 /* use Tx power values from EEPROM */ 4586 txpow1 = sc->txpow1[i]; 4587 txpow2 = sc->txpow2[i]; 4588 4589 run_read(sc, RT3070_LDO_CFG0, &tmp); 4590 tmp &= ~0x1c000000; 4591 if (chan > 14) 4592 tmp |= 0x14000000; 4593 run_write(sc, RT3070_LDO_CFG0, tmp); 4594 4595 /* N setting. */ 4596 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4597 run_rt3070_rf_read(sc, 9, &rf); 4598 rf &= ~(1 << 4); 4599 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4600 run_rt3070_rf_write(sc, 9, rf); 4601 4602 /* K setting. */ 4603 run_rt3070_rf_read(sc, 9, &rf); 4604 rf &= ~0x0f; 4605 rf |= (freqs->k & 0x0f); 4606 run_rt3070_rf_write(sc, 9, rf); 4607 4608 /* Mode setting. */ 4609 run_rt3070_rf_read(sc, 11, &rf); 4610 rf &= ~0x0c; 4611 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4612 run_rt3070_rf_write(sc, 11, rf); 4613 run_rt3070_rf_read(sc, 9, &rf); 4614 rf &= ~(1 << 7); 4615 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4616 run_rt3070_rf_write(sc, 9, rf); 4617 4618 /* R setting. */ 4619 run_rt3070_rf_read(sc, 11, &rf); 4620 rf &= ~0x03; 4621 rf |= (freqs->r - 0x1); 4622 run_rt3070_rf_write(sc, 11, rf); 4623 4624 if (chan <= 14) { 4625 /* Initialize RF registers for 2GHZ. */ 4626 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4627 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4628 rt5592_2ghz_def_rf[i].val); 4629 } 4630 4631 rf = (chan <= 10) ? 0x07 : 0x06; 4632 run_rt3070_rf_write(sc, 23, rf); 4633 run_rt3070_rf_write(sc, 59, rf); 4634 4635 run_rt3070_rf_write(sc, 55, 0x43); 4636 4637 /* 4638 * RF R49/R50 Tx power ALC code. 4639 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4640 */ 4641 reg = 2; 4642 txpow_bound = 0x27; 4643 } else { 4644 /* Initialize RF registers for 5GHZ. */ 4645 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4646 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4647 rt5592_5ghz_def_rf[i].val); 4648 } 4649 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4650 if (chan >= rt5592_chan_5ghz[i].firstchan && 4651 chan <= rt5592_chan_5ghz[i].lastchan) { 4652 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4653 rt5592_chan_5ghz[i].val); 4654 } 4655 } 4656 4657 /* 4658 * RF R49/R50 Tx power ALC code. 4659 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4660 */ 4661 reg = 3; 4662 txpow_bound = 0x2b; 4663 } 4664 4665 /* RF R49 ch0 Tx power ALC code. */ 4666 run_rt3070_rf_read(sc, 49, &rf); 4667 rf &= ~0xc0; 4668 rf |= (reg << 6); 4669 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4670 if ((rf & 0x3f) > txpow_bound) 4671 rf = (rf & ~0x3f) | txpow_bound; 4672 run_rt3070_rf_write(sc, 49, rf); 4673 4674 /* RF R50 ch1 Tx power ALC code. */ 4675 run_rt3070_rf_read(sc, 50, &rf); 4676 rf &= ~(1 << 7 | 1 << 6); 4677 rf |= (reg << 6); 4678 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4679 if ((rf & 0x3f) > txpow_bound) 4680 rf = (rf & ~0x3f) | txpow_bound; 4681 run_rt3070_rf_write(sc, 50, rf); 4682 4683 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4684 run_rt3070_rf_read(sc, 1, &rf); 4685 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4686 if (sc->ntxchains > 1) 4687 rf |= RT3070_TX1_PD; 4688 if (sc->nrxchains > 1) 4689 rf |= RT3070_RX1_PD; 4690 run_rt3070_rf_write(sc, 1, rf); 4691 4692 run_rt3070_rf_write(sc, 6, 0xe4); 4693 4694 run_rt3070_rf_write(sc, 30, 0x10); 4695 run_rt3070_rf_write(sc, 31, 0x80); 4696 run_rt3070_rf_write(sc, 32, 0x80); 4697 4698 run_adjust_freq_offset(sc); 4699 4700 /* Enable VCO calibration. */ 4701 run_rt3070_rf_read(sc, 3, &rf); 4702 rf |= RT5390_VCOCAL; 4703 run_rt3070_rf_write(sc, 3, rf); 4704 } 4705 4706 static void 4707 run_set_rx_antenna(struct run_softc *sc, int aux) 4708 { 4709 uint32_t tmp; 4710 uint8_t bbp152; 4711 4712 if (aux) { 4713 if (sc->rf_rev == RT5390_RF_5370) { 4714 run_bbp_read(sc, 152, &bbp152); 4715 run_bbp_write(sc, 152, bbp152 & ~0x80); 4716 } else { 4717 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4718 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4719 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4720 } 4721 } else { 4722 if (sc->rf_rev == RT5390_RF_5370) { 4723 run_bbp_read(sc, 152, &bbp152); 4724 run_bbp_write(sc, 152, bbp152 | 0x80); 4725 } else { 4726 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4727 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4728 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4729 } 4730 } 4731 } 4732 4733 static int 4734 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4735 { 4736 struct ieee80211com *ic = &sc->sc_ic; 4737 u_int chan, group; 4738 4739 chan = ieee80211_chan2ieee(ic, c); 4740 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4741 return (EINVAL); 4742 4743 if (sc->mac_ver == 0x5592) 4744 run_rt5592_set_chan(sc, chan); 4745 else if (sc->mac_ver >= 0x5390) 4746 run_rt5390_set_chan(sc, chan); 4747 else if (sc->mac_ver == 0x3593) 4748 run_rt3593_set_chan(sc, chan); 4749 else if (sc->mac_ver == 0x3572) 4750 run_rt3572_set_chan(sc, chan); 4751 else if (sc->mac_ver >= 0x3070) 4752 run_rt3070_set_chan(sc, chan); 4753 else 4754 run_rt2870_set_chan(sc, chan); 4755 4756 /* determine channel group */ 4757 if (chan <= 14) 4758 group = 0; 4759 else if (chan <= 64) 4760 group = 1; 4761 else if (chan <= 128) 4762 group = 2; 4763 else 4764 group = 3; 4765 4766 /* XXX necessary only when group has changed! */ 4767 run_select_chan_group(sc, group); 4768 4769 run_delay(sc, 10); 4770 4771 /* Perform IQ calibration. */ 4772 if (sc->mac_ver >= 0x5392) 4773 run_iq_calib(sc, chan); 4774 4775 return (0); 4776 } 4777 4778 static void 4779 run_set_channel(struct ieee80211com *ic) 4780 { 4781 struct run_softc *sc = ic->ic_softc; 4782 4783 RUN_LOCK(sc); 4784 run_set_chan(sc, ic->ic_curchan); 4785 RUN_UNLOCK(sc); 4786 4787 return; 4788 } 4789 4790 static void 4791 run_getradiocaps(struct ieee80211com *ic, 4792 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4793 { 4794 struct run_softc *sc = ic->ic_softc; 4795 uint8_t bands[IEEE80211_MODE_BYTES]; 4796 4797 memset(bands, 0, sizeof(bands)); 4798 setbit(bands, IEEE80211_MODE_11B); 4799 setbit(bands, IEEE80211_MODE_11G); 4800 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 4801 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0); 4802 4803 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4804 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4805 sc->rf_rev == RT5592_RF_5592) { 4806 setbit(bands, IEEE80211_MODE_11A); 4807 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4808 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4809 } 4810 } 4811 4812 static void 4813 run_scan_start(struct ieee80211com *ic) 4814 { 4815 struct run_softc *sc = ic->ic_softc; 4816 uint32_t tmp; 4817 4818 RUN_LOCK(sc); 4819 4820 /* abort TSF synchronization */ 4821 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4822 run_write(sc, RT2860_BCN_TIME_CFG, 4823 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4824 RT2860_TBTT_TIMER_EN)); 4825 run_set_bssid(sc, ieee80211broadcastaddr); 4826 4827 RUN_UNLOCK(sc); 4828 4829 return; 4830 } 4831 4832 static void 4833 run_scan_end(struct ieee80211com *ic) 4834 { 4835 struct run_softc *sc = ic->ic_softc; 4836 4837 RUN_LOCK(sc); 4838 4839 run_enable_tsf_sync(sc); 4840 run_set_bssid(sc, sc->sc_bssid); 4841 4842 RUN_UNLOCK(sc); 4843 4844 return; 4845 } 4846 4847 /* 4848 * Could be called from ieee80211_node_timeout() 4849 * (non-sleepable thread) 4850 */ 4851 static void 4852 run_update_beacon(struct ieee80211vap *vap, int item) 4853 { 4854 struct ieee80211com *ic = vap->iv_ic; 4855 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4856 struct ieee80211_node *ni = vap->iv_bss; 4857 struct run_softc *sc = ic->ic_softc; 4858 struct run_vap *rvp = RUN_VAP(vap); 4859 int mcast = 0; 4860 uint32_t i; 4861 4862 switch (item) { 4863 case IEEE80211_BEACON_ERP: 4864 run_updateslot(ic); 4865 break; 4866 case IEEE80211_BEACON_HTINFO: 4867 run_updateprot(ic); 4868 break; 4869 case IEEE80211_BEACON_TIM: 4870 mcast = 1; /*TODO*/ 4871 break; 4872 default: 4873 break; 4874 } 4875 4876 setbit(bo->bo_flags, item); 4877 if (rvp->beacon_mbuf == NULL) { 4878 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4879 if (rvp->beacon_mbuf == NULL) 4880 return; 4881 } 4882 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4883 4884 i = RUN_CMDQ_GET(&sc->cmdq_store); 4885 DPRINTF("cmdq_store=%d\n", i); 4886 sc->cmdq[i].func = run_update_beacon_cb; 4887 sc->cmdq[i].arg0 = vap; 4888 ieee80211_runtask(ic, &sc->cmdq_task); 4889 4890 return; 4891 } 4892 4893 static void 4894 run_update_beacon_cb(void *arg) 4895 { 4896 struct ieee80211vap *vap = arg; 4897 struct ieee80211_node *ni = vap->iv_bss; 4898 struct run_vap *rvp = RUN_VAP(vap); 4899 struct ieee80211com *ic = vap->iv_ic; 4900 struct run_softc *sc = ic->ic_softc; 4901 struct rt2860_txwi txwi; 4902 struct mbuf *m; 4903 uint16_t txwisize; 4904 uint8_t ridx; 4905 4906 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4907 return; 4908 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4909 return; 4910 4911 /* 4912 * No need to call ieee80211_beacon_update(), run_update_beacon() 4913 * is taking care of appropriate calls. 4914 */ 4915 if (rvp->beacon_mbuf == NULL) { 4916 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4917 if (rvp->beacon_mbuf == NULL) 4918 return; 4919 } 4920 m = rvp->beacon_mbuf; 4921 4922 memset(&txwi, 0, sizeof(txwi)); 4923 txwi.wcid = 0xff; 4924 txwi.len = htole16(m->m_pkthdr.len); 4925 4926 /* send beacons at the lowest available rate */ 4927 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4928 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4929 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4930 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4931 txwi.phy |= htole16(RT2860_PHY_OFDM); 4932 txwi.txop = RT2860_TX_TXOP_HT; 4933 txwi.flags = RT2860_TX_TS; 4934 txwi.xflags = RT2860_TX_NSEQ; 4935 4936 txwisize = (sc->mac_ver == 0x5592) ? 4937 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4938 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4939 txwisize); 4940 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4941 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4942 } 4943 4944 static void 4945 run_updateprot(struct ieee80211com *ic) 4946 { 4947 struct run_softc *sc = ic->ic_softc; 4948 uint32_t i; 4949 4950 i = RUN_CMDQ_GET(&sc->cmdq_store); 4951 DPRINTF("cmdq_store=%d\n", i); 4952 sc->cmdq[i].func = run_updateprot_cb; 4953 sc->cmdq[i].arg0 = ic; 4954 ieee80211_runtask(ic, &sc->cmdq_task); 4955 } 4956 4957 static void 4958 run_updateprot_cb(void *arg) 4959 { 4960 struct ieee80211com *ic = arg; 4961 struct run_softc *sc = ic->ic_softc; 4962 uint32_t tmp; 4963 4964 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4965 /* setup protection frame rate (MCS code) */ 4966 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4967 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4968 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4969 4970 /* CCK frames don't require protection */ 4971 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4972 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4973 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4974 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4975 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4976 tmp |= RT2860_PROT_CTRL_CTS; 4977 } 4978 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4979 } 4980 4981 static void 4982 run_usb_timeout_cb(void *arg) 4983 { 4984 struct ieee80211vap *vap = arg; 4985 struct run_softc *sc = vap->iv_ic->ic_softc; 4986 4987 RUN_LOCK_ASSERT(sc, MA_OWNED); 4988 4989 if(vap->iv_state == IEEE80211_S_RUN && 4990 vap->iv_opmode != IEEE80211_M_STA) 4991 run_reset_livelock(sc); 4992 else if (vap->iv_state == IEEE80211_S_SCAN) { 4993 DPRINTF("timeout caused by scan\n"); 4994 /* cancel bgscan */ 4995 ieee80211_cancel_scan(vap); 4996 } else 4997 DPRINTF("timeout by unknown cause\n"); 4998 } 4999 5000 static void 5001 run_reset_livelock(struct run_softc *sc) 5002 { 5003 uint32_t tmp; 5004 5005 RUN_LOCK_ASSERT(sc, MA_OWNED); 5006 5007 /* 5008 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5009 * can run into a livelock and start sending CTS-to-self frames like 5010 * crazy if protection is enabled. Reset MAC/BBP for a while 5011 */ 5012 run_read(sc, RT2860_DEBUG, &tmp); 5013 DPRINTFN(3, "debug reg %08x\n", tmp); 5014 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5015 DPRINTF("CTS-to-self livelock detected\n"); 5016 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5017 run_delay(sc, 1); 5018 run_write(sc, RT2860_MAC_SYS_CTRL, 5019 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5020 } 5021 } 5022 5023 static void 5024 run_update_promisc_locked(struct run_softc *sc) 5025 { 5026 uint32_t tmp; 5027 5028 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5029 5030 tmp |= RT2860_DROP_UC_NOME; 5031 if (sc->sc_ic.ic_promisc > 0) 5032 tmp &= ~RT2860_DROP_UC_NOME; 5033 5034 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5035 5036 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5037 "entering" : "leaving"); 5038 } 5039 5040 static void 5041 run_update_promisc(struct ieee80211com *ic) 5042 { 5043 struct run_softc *sc = ic->ic_softc; 5044 5045 if ((sc->sc_flags & RUN_RUNNING) == 0) 5046 return; 5047 5048 RUN_LOCK(sc); 5049 run_update_promisc_locked(sc); 5050 RUN_UNLOCK(sc); 5051 } 5052 5053 static void 5054 run_enable_tsf_sync(struct run_softc *sc) 5055 { 5056 struct ieee80211com *ic = &sc->sc_ic; 5057 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5058 uint32_t tmp; 5059 5060 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5061 ic->ic_opmode); 5062 5063 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5064 tmp &= ~0x1fffff; 5065 tmp |= vap->iv_bss->ni_intval * 16; 5066 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5067 5068 if (ic->ic_opmode == IEEE80211_M_STA) { 5069 /* 5070 * Local TSF is always updated with remote TSF on beacon 5071 * reception. 5072 */ 5073 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5074 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5075 tmp |= RT2860_BCN_TX_EN; 5076 /* 5077 * Local TSF is updated with remote TSF on beacon reception 5078 * only if the remote TSF is greater than local TSF. 5079 */ 5080 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5081 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5082 ic->ic_opmode == IEEE80211_M_MBSS) { 5083 tmp |= RT2860_BCN_TX_EN; 5084 /* SYNC with nobody */ 5085 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5086 } else { 5087 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5088 return; 5089 } 5090 5091 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5092 } 5093 5094 static void 5095 run_enable_tsf(struct run_softc *sc) 5096 { 5097 uint32_t tmp; 5098 5099 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5100 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5101 tmp |= RT2860_TSF_TIMER_EN; 5102 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5103 } 5104 } 5105 5106 static void 5107 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5108 { 5109 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5110 sizeof(*buf)); 5111 } 5112 5113 static void 5114 run_enable_mrr(struct run_softc *sc) 5115 { 5116 #define CCK(mcs) (mcs) 5117 #define OFDM(mcs) (1 << 3 | (mcs)) 5118 run_write(sc, RT2860_LG_FBK_CFG0, 5119 OFDM(6) << 28 | /* 54->48 */ 5120 OFDM(5) << 24 | /* 48->36 */ 5121 OFDM(4) << 20 | /* 36->24 */ 5122 OFDM(3) << 16 | /* 24->18 */ 5123 OFDM(2) << 12 | /* 18->12 */ 5124 OFDM(1) << 8 | /* 12-> 9 */ 5125 OFDM(0) << 4 | /* 9-> 6 */ 5126 OFDM(0)); /* 6-> 6 */ 5127 5128 run_write(sc, RT2860_LG_FBK_CFG1, 5129 CCK(2) << 12 | /* 11->5.5 */ 5130 CCK(1) << 8 | /* 5.5-> 2 */ 5131 CCK(0) << 4 | /* 2-> 1 */ 5132 CCK(0)); /* 1-> 1 */ 5133 #undef OFDM 5134 #undef CCK 5135 } 5136 5137 static void 5138 run_set_txpreamble(struct run_softc *sc) 5139 { 5140 struct ieee80211com *ic = &sc->sc_ic; 5141 uint32_t tmp; 5142 5143 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5144 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5145 tmp |= RT2860_CCK_SHORT_EN; 5146 else 5147 tmp &= ~RT2860_CCK_SHORT_EN; 5148 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5149 } 5150 5151 static void 5152 run_set_basicrates(struct run_softc *sc) 5153 { 5154 struct ieee80211com *ic = &sc->sc_ic; 5155 5156 /* set basic rates mask */ 5157 if (ic->ic_curmode == IEEE80211_MODE_11B) 5158 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5159 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5160 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5161 else /* 11g */ 5162 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5163 } 5164 5165 static void 5166 run_set_leds(struct run_softc *sc, uint16_t which) 5167 { 5168 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5169 which | (sc->leds & 0x7f)); 5170 } 5171 5172 static void 5173 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5174 { 5175 run_write(sc, RT2860_MAC_BSSID_DW0, 5176 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5177 run_write(sc, RT2860_MAC_BSSID_DW1, 5178 bssid[4] | bssid[5] << 8); 5179 } 5180 5181 static void 5182 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5183 { 5184 run_write(sc, RT2860_MAC_ADDR_DW0, 5185 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5186 run_write(sc, RT2860_MAC_ADDR_DW1, 5187 addr[4] | addr[5] << 8 | 0xff << 16); 5188 } 5189 5190 static void 5191 run_updateslot(struct ieee80211com *ic) 5192 { 5193 struct run_softc *sc = ic->ic_softc; 5194 uint32_t i; 5195 5196 i = RUN_CMDQ_GET(&sc->cmdq_store); 5197 DPRINTF("cmdq_store=%d\n", i); 5198 sc->cmdq[i].func = run_updateslot_cb; 5199 sc->cmdq[i].arg0 = ic; 5200 ieee80211_runtask(ic, &sc->cmdq_task); 5201 5202 return; 5203 } 5204 5205 /* ARGSUSED */ 5206 static void 5207 run_updateslot_cb(void *arg) 5208 { 5209 struct ieee80211com *ic = arg; 5210 struct run_softc *sc = ic->ic_softc; 5211 uint32_t tmp; 5212 5213 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5214 tmp &= ~0xff; 5215 tmp |= IEEE80211_GET_SLOTTIME(ic); 5216 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5217 } 5218 5219 static void 5220 run_update_mcast(struct ieee80211com *ic) 5221 { 5222 } 5223 5224 static int8_t 5225 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5226 { 5227 struct ieee80211com *ic = &sc->sc_ic; 5228 struct ieee80211_channel *c = ic->ic_curchan; 5229 int delta; 5230 5231 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5232 u_int chan = ieee80211_chan2ieee(ic, c); 5233 delta = sc->rssi_5ghz[rxchain]; 5234 5235 /* determine channel group */ 5236 if (chan <= 64) 5237 delta -= sc->lna[1]; 5238 else if (chan <= 128) 5239 delta -= sc->lna[2]; 5240 else 5241 delta -= sc->lna[3]; 5242 } else 5243 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5244 5245 return (-12 - delta - rssi); 5246 } 5247 5248 static void 5249 run_rt5390_bbp_init(struct run_softc *sc) 5250 { 5251 u_int i; 5252 uint8_t bbp; 5253 5254 /* Apply maximum likelihood detection for 2 stream case. */ 5255 run_bbp_read(sc, 105, &bbp); 5256 if (sc->nrxchains > 1) 5257 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5258 5259 /* Avoid data lost and CRC error. */ 5260 run_bbp_read(sc, 4, &bbp); 5261 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5262 5263 if (sc->mac_ver == 0x5592) { 5264 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5265 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5266 rt5592_def_bbp[i].val); 5267 } 5268 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5269 run_bbp_write(sc, 195, i + 0x80); 5270 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5271 } 5272 } else { 5273 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5274 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5275 rt5390_def_bbp[i].val); 5276 } 5277 } 5278 if (sc->mac_ver == 0x5392) { 5279 run_bbp_write(sc, 88, 0x90); 5280 run_bbp_write(sc, 95, 0x9a); 5281 run_bbp_write(sc, 98, 0x12); 5282 run_bbp_write(sc, 106, 0x12); 5283 run_bbp_write(sc, 134, 0xd0); 5284 run_bbp_write(sc, 135, 0xf6); 5285 run_bbp_write(sc, 148, 0x84); 5286 } 5287 5288 run_bbp_read(sc, 152, &bbp); 5289 run_bbp_write(sc, 152, bbp | 0x80); 5290 5291 /* Fix BBP254 for RT5592C. */ 5292 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5293 run_bbp_read(sc, 254, &bbp); 5294 run_bbp_write(sc, 254, bbp | 0x80); 5295 } 5296 5297 /* Disable hardware antenna diversity. */ 5298 if (sc->mac_ver == 0x5390) 5299 run_bbp_write(sc, 154, 0); 5300 5301 /* Initialize Rx CCK/OFDM frequency offset report. */ 5302 run_bbp_write(sc, 142, 1); 5303 run_bbp_write(sc, 143, 57); 5304 } 5305 5306 static int 5307 run_bbp_init(struct run_softc *sc) 5308 { 5309 int i, error, ntries; 5310 uint8_t bbp0; 5311 5312 /* wait for BBP to wake up */ 5313 for (ntries = 0; ntries < 20; ntries++) { 5314 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5315 return error; 5316 if (bbp0 != 0 && bbp0 != 0xff) 5317 break; 5318 } 5319 if (ntries == 20) 5320 return (ETIMEDOUT); 5321 5322 /* initialize BBP registers to default values */ 5323 if (sc->mac_ver >= 0x5390) 5324 run_rt5390_bbp_init(sc); 5325 else { 5326 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5327 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5328 rt2860_def_bbp[i].val); 5329 } 5330 } 5331 5332 if (sc->mac_ver == 0x3593) { 5333 run_bbp_write(sc, 79, 0x13); 5334 run_bbp_write(sc, 80, 0x05); 5335 run_bbp_write(sc, 81, 0x33); 5336 run_bbp_write(sc, 86, 0x46); 5337 run_bbp_write(sc, 137, 0x0f); 5338 } 5339 5340 /* fix BBP84 for RT2860E */ 5341 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5342 run_bbp_write(sc, 84, 0x19); 5343 5344 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5345 sc->mac_ver != 0x5592)) { 5346 run_bbp_write(sc, 79, 0x13); 5347 run_bbp_write(sc, 80, 0x05); 5348 run_bbp_write(sc, 81, 0x33); 5349 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5350 run_bbp_write(sc, 69, 0x16); 5351 run_bbp_write(sc, 73, 0x12); 5352 } 5353 return (0); 5354 } 5355 5356 static int 5357 run_rt3070_rf_init(struct run_softc *sc) 5358 { 5359 uint32_t tmp; 5360 uint8_t bbp4, mingain, rf, target; 5361 u_int i; 5362 5363 run_rt3070_rf_read(sc, 30, &rf); 5364 /* toggle RF R30 bit 7 */ 5365 run_rt3070_rf_write(sc, 30, rf | 0x80); 5366 run_delay(sc, 10); 5367 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5368 5369 /* initialize RF registers to default value */ 5370 if (sc->mac_ver == 0x3572) { 5371 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5372 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5373 rt3572_def_rf[i].val); 5374 } 5375 } else { 5376 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5377 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5378 rt3070_def_rf[i].val); 5379 } 5380 } 5381 5382 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5383 /* 5384 * Change voltage from 1.2V to 1.35V for RT3070. 5385 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5386 * in RT3070(F). 5387 */ 5388 run_read(sc, RT3070_LDO_CFG0, &tmp); 5389 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5390 run_write(sc, RT3070_LDO_CFG0, tmp); 5391 5392 } else if (sc->mac_ver == 0x3071) { 5393 run_rt3070_rf_read(sc, 6, &rf); 5394 run_rt3070_rf_write(sc, 6, rf | 0x40); 5395 run_rt3070_rf_write(sc, 31, 0x14); 5396 5397 run_read(sc, RT3070_LDO_CFG0, &tmp); 5398 tmp &= ~0x1f000000; 5399 if (sc->mac_rev < 0x0211) 5400 tmp |= 0x0d000000; /* 1.3V */ 5401 else 5402 tmp |= 0x01000000; /* 1.2V */ 5403 run_write(sc, RT3070_LDO_CFG0, tmp); 5404 5405 /* patch LNA_PE_G1 */ 5406 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5407 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5408 5409 } else if (sc->mac_ver == 0x3572) { 5410 run_rt3070_rf_read(sc, 6, &rf); 5411 run_rt3070_rf_write(sc, 6, rf | 0x40); 5412 5413 /* increase voltage from 1.2V to 1.35V */ 5414 run_read(sc, RT3070_LDO_CFG0, &tmp); 5415 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5416 run_write(sc, RT3070_LDO_CFG0, tmp); 5417 5418 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5419 run_delay(sc, 1); /* wait for 1msec */ 5420 /* decrease voltage back to 1.2V */ 5421 tmp = (tmp & ~0x1f000000) | 0x01000000; 5422 run_write(sc, RT3070_LDO_CFG0, tmp); 5423 } 5424 } 5425 5426 /* select 20MHz bandwidth */ 5427 run_rt3070_rf_read(sc, 31, &rf); 5428 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5429 5430 /* calibrate filter for 20MHz bandwidth */ 5431 sc->rf24_20mhz = 0x1f; /* default value */ 5432 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5433 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5434 5435 /* select 40MHz bandwidth */ 5436 run_bbp_read(sc, 4, &bbp4); 5437 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5438 run_rt3070_rf_read(sc, 31, &rf); 5439 run_rt3070_rf_write(sc, 31, rf | 0x20); 5440 5441 /* calibrate filter for 40MHz bandwidth */ 5442 sc->rf24_40mhz = 0x2f; /* default value */ 5443 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5444 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5445 5446 /* go back to 20MHz bandwidth */ 5447 run_bbp_read(sc, 4, &bbp4); 5448 run_bbp_write(sc, 4, bbp4 & ~0x18); 5449 5450 if (sc->mac_ver == 0x3572) { 5451 /* save default BBP registers 25 and 26 values */ 5452 run_bbp_read(sc, 25, &sc->bbp25); 5453 run_bbp_read(sc, 26, &sc->bbp26); 5454 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5455 run_rt3070_rf_write(sc, 27, 0x03); 5456 5457 run_read(sc, RT3070_OPT_14, &tmp); 5458 run_write(sc, RT3070_OPT_14, tmp | 1); 5459 5460 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5461 run_rt3070_rf_read(sc, 17, &rf); 5462 rf &= ~RT3070_TX_LO1; 5463 if ((sc->mac_ver == 0x3070 || 5464 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5465 !sc->ext_2ghz_lna) 5466 rf |= 0x20; /* fix for long range Rx issue */ 5467 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5468 if (sc->txmixgain_2ghz >= mingain) 5469 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5470 run_rt3070_rf_write(sc, 17, rf); 5471 } 5472 5473 if (sc->mac_ver == 0x3071) { 5474 run_rt3070_rf_read(sc, 1, &rf); 5475 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5476 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5477 run_rt3070_rf_write(sc, 1, rf); 5478 5479 run_rt3070_rf_read(sc, 15, &rf); 5480 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5481 5482 run_rt3070_rf_read(sc, 20, &rf); 5483 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5484 5485 run_rt3070_rf_read(sc, 21, &rf); 5486 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5487 } 5488 5489 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5490 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5491 run_rt3070_rf_read(sc, 27, &rf); 5492 rf &= ~0x77; 5493 if (sc->mac_rev < 0x0211) 5494 rf |= 0x03; 5495 run_rt3070_rf_write(sc, 27, rf); 5496 } 5497 return (0); 5498 } 5499 5500 static void 5501 run_rt3593_rf_init(struct run_softc *sc) 5502 { 5503 uint32_t tmp; 5504 uint8_t rf; 5505 u_int i; 5506 5507 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5508 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5509 tmp &= ~(1 << 4 | 1 << 7); 5510 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5511 5512 /* Initialize RF registers to default value. */ 5513 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5514 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5515 rt3593_def_rf[i].val); 5516 } 5517 5518 /* Toggle RF R2 to initiate calibration. */ 5519 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5520 5521 /* Initialize RF frequency offset. */ 5522 run_adjust_freq_offset(sc); 5523 5524 run_rt3070_rf_read(sc, 18, &rf); 5525 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5526 5527 /* 5528 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5529 * decrease voltage back to 1.2V. 5530 */ 5531 run_read(sc, RT3070_LDO_CFG0, &tmp); 5532 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5533 run_write(sc, RT3070_LDO_CFG0, tmp); 5534 run_delay(sc, 1); 5535 tmp = (tmp & ~0x1f000000) | 0x01000000; 5536 run_write(sc, RT3070_LDO_CFG0, tmp); 5537 5538 sc->rf24_20mhz = 0x1f; 5539 sc->rf24_40mhz = 0x2f; 5540 5541 /* Save default BBP registers 25 and 26 values. */ 5542 run_bbp_read(sc, 25, &sc->bbp25); 5543 run_bbp_read(sc, 26, &sc->bbp26); 5544 5545 run_read(sc, RT3070_OPT_14, &tmp); 5546 run_write(sc, RT3070_OPT_14, tmp | 1); 5547 } 5548 5549 static void 5550 run_rt5390_rf_init(struct run_softc *sc) 5551 { 5552 uint32_t tmp; 5553 uint8_t rf; 5554 u_int i; 5555 5556 /* Toggle RF R2 to initiate calibration. */ 5557 if (sc->mac_ver == 0x5390) { 5558 run_rt3070_rf_read(sc, 2, &rf); 5559 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5560 run_delay(sc, 10); 5561 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5562 } else { 5563 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5564 run_delay(sc, 10); 5565 } 5566 5567 /* Initialize RF registers to default value. */ 5568 if (sc->mac_ver == 0x5592) { 5569 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5570 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5571 rt5592_def_rf[i].val); 5572 } 5573 /* Initialize RF frequency offset. */ 5574 run_adjust_freq_offset(sc); 5575 } else if (sc->mac_ver == 0x5392) { 5576 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5577 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5578 rt5392_def_rf[i].val); 5579 } 5580 if (sc->mac_rev >= 0x0223) { 5581 run_rt3070_rf_write(sc, 23, 0x0f); 5582 run_rt3070_rf_write(sc, 24, 0x3e); 5583 run_rt3070_rf_write(sc, 51, 0x32); 5584 run_rt3070_rf_write(sc, 53, 0x22); 5585 run_rt3070_rf_write(sc, 56, 0xc1); 5586 run_rt3070_rf_write(sc, 59, 0x0f); 5587 } 5588 } else { 5589 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5590 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5591 rt5390_def_rf[i].val); 5592 } 5593 if (sc->mac_rev >= 0x0502) { 5594 run_rt3070_rf_write(sc, 6, 0xe0); 5595 run_rt3070_rf_write(sc, 25, 0x80); 5596 run_rt3070_rf_write(sc, 46, 0x73); 5597 run_rt3070_rf_write(sc, 53, 0x00); 5598 run_rt3070_rf_write(sc, 56, 0x42); 5599 run_rt3070_rf_write(sc, 61, 0xd1); 5600 } 5601 } 5602 5603 sc->rf24_20mhz = 0x1f; /* default value */ 5604 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5605 5606 if (sc->mac_rev < 0x0211) 5607 run_rt3070_rf_write(sc, 27, 0x3); 5608 5609 run_read(sc, RT3070_OPT_14, &tmp); 5610 run_write(sc, RT3070_OPT_14, tmp | 1); 5611 } 5612 5613 static int 5614 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5615 uint8_t *val) 5616 { 5617 uint8_t rf22, rf24; 5618 uint8_t bbp55_pb, bbp55_sb, delta; 5619 int ntries; 5620 5621 /* program filter */ 5622 run_rt3070_rf_read(sc, 24, &rf24); 5623 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5624 run_rt3070_rf_write(sc, 24, rf24); 5625 5626 /* enable baseband loopback mode */ 5627 run_rt3070_rf_read(sc, 22, &rf22); 5628 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5629 5630 /* set power and frequency of passband test tone */ 5631 run_bbp_write(sc, 24, 0x00); 5632 for (ntries = 0; ntries < 100; ntries++) { 5633 /* transmit test tone */ 5634 run_bbp_write(sc, 25, 0x90); 5635 run_delay(sc, 10); 5636 /* read received power */ 5637 run_bbp_read(sc, 55, &bbp55_pb); 5638 if (bbp55_pb != 0) 5639 break; 5640 } 5641 if (ntries == 100) 5642 return (ETIMEDOUT); 5643 5644 /* set power and frequency of stopband test tone */ 5645 run_bbp_write(sc, 24, 0x06); 5646 for (ntries = 0; ntries < 100; ntries++) { 5647 /* transmit test tone */ 5648 run_bbp_write(sc, 25, 0x90); 5649 run_delay(sc, 10); 5650 /* read received power */ 5651 run_bbp_read(sc, 55, &bbp55_sb); 5652 5653 delta = bbp55_pb - bbp55_sb; 5654 if (delta > target) 5655 break; 5656 5657 /* reprogram filter */ 5658 rf24++; 5659 run_rt3070_rf_write(sc, 24, rf24); 5660 } 5661 if (ntries < 100) { 5662 if (rf24 != init) 5663 rf24--; /* backtrack */ 5664 *val = rf24; 5665 run_rt3070_rf_write(sc, 24, rf24); 5666 } 5667 5668 /* restore initial state */ 5669 run_bbp_write(sc, 24, 0x00); 5670 5671 /* disable baseband loopback mode */ 5672 run_rt3070_rf_read(sc, 22, &rf22); 5673 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5674 5675 return (0); 5676 } 5677 5678 static void 5679 run_rt3070_rf_setup(struct run_softc *sc) 5680 { 5681 uint8_t bbp, rf; 5682 int i; 5683 5684 if (sc->mac_ver == 0x3572) { 5685 /* enable DC filter */ 5686 if (sc->mac_rev >= 0x0201) 5687 run_bbp_write(sc, 103, 0xc0); 5688 5689 run_bbp_read(sc, 138, &bbp); 5690 if (sc->ntxchains == 1) 5691 bbp |= 0x20; /* turn off DAC1 */ 5692 if (sc->nrxchains == 1) 5693 bbp &= ~0x02; /* turn off ADC1 */ 5694 run_bbp_write(sc, 138, bbp); 5695 5696 if (sc->mac_rev >= 0x0211) { 5697 /* improve power consumption */ 5698 run_bbp_read(sc, 31, &bbp); 5699 run_bbp_write(sc, 31, bbp & ~0x03); 5700 } 5701 5702 run_rt3070_rf_read(sc, 16, &rf); 5703 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5704 run_rt3070_rf_write(sc, 16, rf); 5705 5706 } else if (sc->mac_ver == 0x3071) { 5707 if (sc->mac_rev >= 0x0211) { 5708 /* enable DC filter */ 5709 run_bbp_write(sc, 103, 0xc0); 5710 5711 /* improve power consumption */ 5712 run_bbp_read(sc, 31, &bbp); 5713 run_bbp_write(sc, 31, bbp & ~0x03); 5714 } 5715 5716 run_bbp_read(sc, 138, &bbp); 5717 if (sc->ntxchains == 1) 5718 bbp |= 0x20; /* turn off DAC1 */ 5719 if (sc->nrxchains == 1) 5720 bbp &= ~0x02; /* turn off ADC1 */ 5721 run_bbp_write(sc, 138, bbp); 5722 5723 run_write(sc, RT2860_TX_SW_CFG1, 0); 5724 if (sc->mac_rev < 0x0211) { 5725 run_write(sc, RT2860_TX_SW_CFG2, 5726 sc->patch_dac ? 0x2c : 0x0f); 5727 } else 5728 run_write(sc, RT2860_TX_SW_CFG2, 0); 5729 5730 } else if (sc->mac_ver == 0x3070) { 5731 if (sc->mac_rev >= 0x0201) { 5732 /* enable DC filter */ 5733 run_bbp_write(sc, 103, 0xc0); 5734 5735 /* improve power consumption */ 5736 run_bbp_read(sc, 31, &bbp); 5737 run_bbp_write(sc, 31, bbp & ~0x03); 5738 } 5739 5740 if (sc->mac_rev < 0x0201) { 5741 run_write(sc, RT2860_TX_SW_CFG1, 0); 5742 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5743 } else 5744 run_write(sc, RT2860_TX_SW_CFG2, 0); 5745 } 5746 5747 /* initialize RF registers from ROM for >=RT3071*/ 5748 if (sc->mac_ver >= 0x3071) { 5749 for (i = 0; i < 10; i++) { 5750 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5751 continue; 5752 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5753 } 5754 } 5755 } 5756 5757 static void 5758 run_rt3593_rf_setup(struct run_softc *sc) 5759 { 5760 uint8_t bbp, rf; 5761 5762 if (sc->mac_rev >= 0x0211) { 5763 /* Enable DC filter. */ 5764 run_bbp_write(sc, 103, 0xc0); 5765 } 5766 run_write(sc, RT2860_TX_SW_CFG1, 0); 5767 if (sc->mac_rev < 0x0211) { 5768 run_write(sc, RT2860_TX_SW_CFG2, 5769 sc->patch_dac ? 0x2c : 0x0f); 5770 } else 5771 run_write(sc, RT2860_TX_SW_CFG2, 0); 5772 5773 run_rt3070_rf_read(sc, 50, &rf); 5774 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5775 5776 run_rt3070_rf_read(sc, 51, &rf); 5777 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5778 ((sc->txmixgain_2ghz & 0x07) << 2); 5779 run_rt3070_rf_write(sc, 51, rf); 5780 5781 run_rt3070_rf_read(sc, 38, &rf); 5782 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5783 5784 run_rt3070_rf_read(sc, 39, &rf); 5785 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5786 5787 run_rt3070_rf_read(sc, 1, &rf); 5788 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5789 5790 run_rt3070_rf_read(sc, 30, &rf); 5791 rf = (rf & ~0x18) | 0x10; 5792 run_rt3070_rf_write(sc, 30, rf); 5793 5794 /* Apply maximum likelihood detection for 2 stream case. */ 5795 run_bbp_read(sc, 105, &bbp); 5796 if (sc->nrxchains > 1) 5797 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5798 5799 /* Avoid data lost and CRC error. */ 5800 run_bbp_read(sc, 4, &bbp); 5801 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5802 5803 run_bbp_write(sc, 92, 0x02); 5804 run_bbp_write(sc, 82, 0x82); 5805 run_bbp_write(sc, 106, 0x05); 5806 run_bbp_write(sc, 104, 0x92); 5807 run_bbp_write(sc, 88, 0x90); 5808 run_bbp_write(sc, 148, 0xc8); 5809 run_bbp_write(sc, 47, 0x48); 5810 run_bbp_write(sc, 120, 0x50); 5811 5812 run_bbp_write(sc, 163, 0x9d); 5813 5814 /* SNR mapping. */ 5815 run_bbp_write(sc, 142, 0x06); 5816 run_bbp_write(sc, 143, 0xa0); 5817 run_bbp_write(sc, 142, 0x07); 5818 run_bbp_write(sc, 143, 0xa1); 5819 run_bbp_write(sc, 142, 0x08); 5820 run_bbp_write(sc, 143, 0xa2); 5821 5822 run_bbp_write(sc, 31, 0x08); 5823 run_bbp_write(sc, 68, 0x0b); 5824 run_bbp_write(sc, 105, 0x04); 5825 } 5826 5827 static void 5828 run_rt5390_rf_setup(struct run_softc *sc) 5829 { 5830 uint8_t bbp, rf; 5831 5832 if (sc->mac_rev >= 0x0211) { 5833 /* Enable DC filter. */ 5834 run_bbp_write(sc, 103, 0xc0); 5835 5836 if (sc->mac_ver != 0x5592) { 5837 /* Improve power consumption. */ 5838 run_bbp_read(sc, 31, &bbp); 5839 run_bbp_write(sc, 31, bbp & ~0x03); 5840 } 5841 } 5842 5843 run_bbp_read(sc, 138, &bbp); 5844 if (sc->ntxchains == 1) 5845 bbp |= 0x20; /* turn off DAC1 */ 5846 if (sc->nrxchains == 1) 5847 bbp &= ~0x02; /* turn off ADC1 */ 5848 run_bbp_write(sc, 138, bbp); 5849 5850 run_rt3070_rf_read(sc, 38, &rf); 5851 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5852 5853 run_rt3070_rf_read(sc, 39, &rf); 5854 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5855 5856 /* Avoid data lost and CRC error. */ 5857 run_bbp_read(sc, 4, &bbp); 5858 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5859 5860 run_rt3070_rf_read(sc, 30, &rf); 5861 rf = (rf & ~0x18) | 0x10; 5862 run_rt3070_rf_write(sc, 30, rf); 5863 5864 if (sc->mac_ver != 0x5592) { 5865 run_write(sc, RT2860_TX_SW_CFG1, 0); 5866 if (sc->mac_rev < 0x0211) { 5867 run_write(sc, RT2860_TX_SW_CFG2, 5868 sc->patch_dac ? 0x2c : 0x0f); 5869 } else 5870 run_write(sc, RT2860_TX_SW_CFG2, 0); 5871 } 5872 } 5873 5874 static int 5875 run_txrx_enable(struct run_softc *sc) 5876 { 5877 struct ieee80211com *ic = &sc->sc_ic; 5878 uint32_t tmp; 5879 int error, ntries; 5880 5881 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5882 for (ntries = 0; ntries < 200; ntries++) { 5883 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5884 return (error); 5885 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5886 break; 5887 run_delay(sc, 50); 5888 } 5889 if (ntries == 200) 5890 return (ETIMEDOUT); 5891 5892 run_delay(sc, 50); 5893 5894 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5895 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5896 5897 /* enable Rx bulk aggregation (set timeout and limit) */ 5898 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5899 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5900 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5901 5902 /* set Rx filter */ 5903 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5904 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5905 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5906 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5907 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5908 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5909 if (ic->ic_opmode == IEEE80211_M_STA) 5910 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5911 } 5912 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5913 5914 run_write(sc, RT2860_MAC_SYS_CTRL, 5915 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5916 5917 return (0); 5918 } 5919 5920 static void 5921 run_adjust_freq_offset(struct run_softc *sc) 5922 { 5923 uint8_t rf, tmp; 5924 5925 run_rt3070_rf_read(sc, 17, &rf); 5926 tmp = rf; 5927 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5928 rf = MIN(rf, 0x5f); 5929 5930 if (tmp != rf) 5931 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5932 } 5933 5934 static void 5935 run_init_locked(struct run_softc *sc) 5936 { 5937 struct ieee80211com *ic = &sc->sc_ic; 5938 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5939 uint32_t tmp; 5940 uint8_t bbp1, bbp3; 5941 int i; 5942 int ridx; 5943 int ntries; 5944 5945 if (ic->ic_nrunning > 1) 5946 return; 5947 5948 run_stop(sc); 5949 5950 if (run_load_microcode(sc) != 0) { 5951 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5952 goto fail; 5953 } 5954 5955 for (ntries = 0; ntries < 100; ntries++) { 5956 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5957 goto fail; 5958 if (tmp != 0 && tmp != 0xffffffff) 5959 break; 5960 run_delay(sc, 10); 5961 } 5962 if (ntries == 100) 5963 goto fail; 5964 5965 for (i = 0; i != RUN_EP_QUEUES; i++) 5966 run_setup_tx_list(sc, &sc->sc_epq[i]); 5967 5968 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5969 5970 for (ntries = 0; ntries < 100; ntries++) { 5971 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5972 goto fail; 5973 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5974 break; 5975 run_delay(sc, 10); 5976 } 5977 if (ntries == 100) { 5978 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5979 goto fail; 5980 } 5981 tmp &= 0xff0; 5982 tmp |= RT2860_TX_WB_DDONE; 5983 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5984 5985 /* turn off PME_OEN to solve high-current issue */ 5986 run_read(sc, RT2860_SYS_CTRL, &tmp); 5987 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5988 5989 run_write(sc, RT2860_MAC_SYS_CTRL, 5990 RT2860_BBP_HRST | RT2860_MAC_SRST); 5991 run_write(sc, RT2860_USB_DMA_CFG, 0); 5992 5993 if (run_reset(sc) != 0) { 5994 device_printf(sc->sc_dev, "could not reset chipset\n"); 5995 goto fail; 5996 } 5997 5998 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5999 6000 /* init Tx power for all Tx rates (from EEPROM) */ 6001 for (ridx = 0; ridx < 5; ridx++) { 6002 if (sc->txpow20mhz[ridx] == 0xffffffff) 6003 continue; 6004 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6005 } 6006 6007 for (i = 0; i < nitems(rt2870_def_mac); i++) 6008 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6009 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6010 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6011 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6012 6013 if (sc->mac_ver >= 0x5390) { 6014 run_write(sc, RT2860_TX_SW_CFG0, 6015 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6016 if (sc->mac_ver >= 0x5392) { 6017 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6018 if (sc->mac_ver == 0x5592) { 6019 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6020 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6021 } else { 6022 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6023 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6024 } 6025 } 6026 } else if (sc->mac_ver == 0x3593) { 6027 run_write(sc, RT2860_TX_SW_CFG0, 6028 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6029 } else if (sc->mac_ver >= 0x3070) { 6030 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6031 run_write(sc, RT2860_TX_SW_CFG0, 6032 4 << RT2860_DLY_PAPE_EN_SHIFT); 6033 } 6034 6035 /* wait while MAC is busy */ 6036 for (ntries = 0; ntries < 100; ntries++) { 6037 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6038 goto fail; 6039 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6040 break; 6041 run_delay(sc, 10); 6042 } 6043 if (ntries == 100) 6044 goto fail; 6045 6046 /* clear Host to MCU mailbox */ 6047 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6048 run_write(sc, RT2860_H2M_MAILBOX, 0); 6049 run_delay(sc, 10); 6050 6051 if (run_bbp_init(sc) != 0) { 6052 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6053 goto fail; 6054 } 6055 6056 /* abort TSF synchronization */ 6057 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6058 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6059 RT2860_TBTT_TIMER_EN); 6060 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6061 6062 /* clear RX WCID search table */ 6063 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6064 /* clear WCID attribute table */ 6065 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6066 6067 /* hostapd sets a key before init. So, don't clear it. */ 6068 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6069 /* clear shared key table */ 6070 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6071 /* clear shared key mode */ 6072 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6073 } 6074 6075 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6076 tmp = (tmp & ~0xff) | 0x1e; 6077 run_write(sc, RT2860_US_CYC_CNT, tmp); 6078 6079 if (sc->mac_rev != 0x0101) 6080 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6081 6082 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6083 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6084 6085 /* write vendor-specific BBP values (from EEPROM) */ 6086 if (sc->mac_ver < 0x3593) { 6087 for (i = 0; i < 10; i++) { 6088 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6089 continue; 6090 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6091 } 6092 } 6093 6094 /* select Main antenna for 1T1R devices */ 6095 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6096 run_set_rx_antenna(sc, 0); 6097 6098 /* send LEDs operating mode to microcontroller */ 6099 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6100 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6101 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6102 6103 if (sc->mac_ver >= 0x5390) 6104 run_rt5390_rf_init(sc); 6105 else if (sc->mac_ver == 0x3593) 6106 run_rt3593_rf_init(sc); 6107 else if (sc->mac_ver >= 0x3070) 6108 run_rt3070_rf_init(sc); 6109 6110 /* disable non-existing Rx chains */ 6111 run_bbp_read(sc, 3, &bbp3); 6112 bbp3 &= ~(1 << 3 | 1 << 4); 6113 if (sc->nrxchains == 2) 6114 bbp3 |= 1 << 3; 6115 else if (sc->nrxchains == 3) 6116 bbp3 |= 1 << 4; 6117 run_bbp_write(sc, 3, bbp3); 6118 6119 /* disable non-existing Tx chains */ 6120 run_bbp_read(sc, 1, &bbp1); 6121 if (sc->ntxchains == 1) 6122 bbp1 &= ~(1 << 3 | 1 << 4); 6123 run_bbp_write(sc, 1, bbp1); 6124 6125 if (sc->mac_ver >= 0x5390) 6126 run_rt5390_rf_setup(sc); 6127 else if (sc->mac_ver == 0x3593) 6128 run_rt3593_rf_setup(sc); 6129 else if (sc->mac_ver >= 0x3070) 6130 run_rt3070_rf_setup(sc); 6131 6132 /* select default channel */ 6133 run_set_chan(sc, ic->ic_curchan); 6134 6135 /* setup initial protection mode */ 6136 run_updateprot_cb(ic); 6137 6138 /* turn radio LED on */ 6139 run_set_leds(sc, RT2860_LED_RADIO); 6140 6141 sc->sc_flags |= RUN_RUNNING; 6142 sc->cmdq_run = RUN_CMDQ_GO; 6143 6144 for (i = 0; i != RUN_N_XFER; i++) 6145 usbd_xfer_set_stall(sc->sc_xfer[i]); 6146 6147 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6148 6149 if (run_txrx_enable(sc) != 0) 6150 goto fail; 6151 6152 return; 6153 6154 fail: 6155 run_stop(sc); 6156 } 6157 6158 static void 6159 run_stop(void *arg) 6160 { 6161 struct run_softc *sc = (struct run_softc *)arg; 6162 uint32_t tmp; 6163 int i; 6164 int ntries; 6165 6166 RUN_LOCK_ASSERT(sc, MA_OWNED); 6167 6168 if (sc->sc_flags & RUN_RUNNING) 6169 run_set_leds(sc, 0); /* turn all LEDs off */ 6170 6171 sc->sc_flags &= ~RUN_RUNNING; 6172 6173 sc->ratectl_run = RUN_RATECTL_OFF; 6174 sc->cmdq_run = sc->cmdq_key_set; 6175 6176 RUN_UNLOCK(sc); 6177 6178 for(i = 0; i < RUN_N_XFER; i++) 6179 usbd_transfer_drain(sc->sc_xfer[i]); 6180 6181 RUN_LOCK(sc); 6182 6183 run_drain_mbufq(sc); 6184 6185 if (sc->rx_m != NULL) { 6186 m_free(sc->rx_m); 6187 sc->rx_m = NULL; 6188 } 6189 6190 /* Disable Tx/Rx DMA. */ 6191 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6192 return; 6193 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6194 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6195 6196 for (ntries = 0; ntries < 100; ntries++) { 6197 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6198 return; 6199 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6200 break; 6201 run_delay(sc, 10); 6202 } 6203 if (ntries == 100) { 6204 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6205 return; 6206 } 6207 6208 /* disable Tx/Rx */ 6209 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6210 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6211 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6212 6213 /* wait for pending Tx to complete */ 6214 for (ntries = 0; ntries < 100; ntries++) { 6215 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6216 DPRINTF("Cannot read Tx queue count\n"); 6217 break; 6218 } 6219 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6220 DPRINTF("All Tx cleared\n"); 6221 break; 6222 } 6223 run_delay(sc, 10); 6224 } 6225 if (ntries >= 100) 6226 DPRINTF("There are still pending Tx\n"); 6227 run_delay(sc, 10); 6228 run_write(sc, RT2860_USB_DMA_CFG, 0); 6229 6230 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6231 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6232 6233 for (i = 0; i != RUN_EP_QUEUES; i++) 6234 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6235 } 6236 6237 static void 6238 run_delay(struct run_softc *sc, u_int ms) 6239 { 6240 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6241 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6242 } 6243 6244 static device_method_t run_methods[] = { 6245 /* Device interface */ 6246 DEVMETHOD(device_probe, run_match), 6247 DEVMETHOD(device_attach, run_attach), 6248 DEVMETHOD(device_detach, run_detach), 6249 DEVMETHOD_END 6250 }; 6251 6252 static driver_t run_driver = { 6253 .name = "run", 6254 .methods = run_methods, 6255 .size = sizeof(struct run_softc) 6256 }; 6257 6258 static devclass_t run_devclass; 6259 6260 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6261 MODULE_DEPEND(run, wlan, 1, 1, 1); 6262 MODULE_DEPEND(run, usb, 1, 1, 1); 6263 MODULE_DEPEND(run, firmware, 1, 1, 1); 6264 MODULE_VERSION(run, 1); 6265 USB_PNP_HOST_INFO(run_devs); 6266