1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/cdefs.h> 20 __FBSDID("$FreeBSD$"); 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mutex.h> 32 #include <sys/mbuf.h> 33 #include <sys/kernel.h> 34 #include <sys/socket.h> 35 #include <sys/systm.h> 36 #include <sys/malloc.h> 37 #include <sys/module.h> 38 #include <sys/bus.h> 39 #include <sys/endian.h> 40 #include <sys/linker.h> 41 #include <sys/firmware.h> 42 #include <sys/kdb.h> 43 44 #include <machine/bus.h> 45 #include <machine/resource.h> 46 #include <sys/rman.h> 47 48 #include <net/bpf.h> 49 #include <net/if.h> 50 #include <net/if_var.h> 51 #include <net/if_arp.h> 52 #include <net/ethernet.h> 53 #include <net/if_dl.h> 54 #include <net/if_media.h> 55 #include <net/if_types.h> 56 57 #include <netinet/in.h> 58 #include <netinet/in_systm.h> 59 #include <netinet/in_var.h> 60 #include <netinet/if_ether.h> 61 #include <netinet/ip.h> 62 63 #include <net80211/ieee80211_var.h> 64 #include <net80211/ieee80211_regdomain.h> 65 #include <net80211/ieee80211_radiotap.h> 66 #include <net80211/ieee80211_ratectl.h> 67 68 #include <dev/usb/usb.h> 69 #include <dev/usb/usbdi.h> 70 #include "usbdevs.h" 71 72 #define USB_DEBUG_VAR run_debug 73 #include <dev/usb/usb_debug.h> 74 75 #include <dev/usb/wlan/if_runreg.h> 76 #include <dev/usb/wlan/if_runvar.h> 77 78 #define N(_a) ((int)(sizeof((_a)) / sizeof((_a)[0]))) 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) \ 92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 93 94 /* 95 * Because of LOR in run_key_delete(), use atomic instead. 96 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 97 */ 98 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 99 100 static const STRUCT_USB_HOST_ID run_devs[] = { 101 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 102 RUN_DEV(ABOCOM, RT2770), 103 RUN_DEV(ABOCOM, RT2870), 104 RUN_DEV(ABOCOM, RT3070), 105 RUN_DEV(ABOCOM, RT3071), 106 RUN_DEV(ABOCOM, RT3072), 107 RUN_DEV(ABOCOM2, RT2870_1), 108 RUN_DEV(ACCTON, RT2770), 109 RUN_DEV(ACCTON, RT2870_1), 110 RUN_DEV(ACCTON, RT2870_2), 111 RUN_DEV(ACCTON, RT2870_3), 112 RUN_DEV(ACCTON, RT2870_4), 113 RUN_DEV(ACCTON, RT2870_5), 114 RUN_DEV(ACCTON, RT3070), 115 RUN_DEV(ACCTON, RT3070_1), 116 RUN_DEV(ACCTON, RT3070_2), 117 RUN_DEV(ACCTON, RT3070_3), 118 RUN_DEV(ACCTON, RT3070_4), 119 RUN_DEV(ACCTON, RT3070_5), 120 RUN_DEV(AIRTIES, RT3070), 121 RUN_DEV(ALLWIN, RT2070), 122 RUN_DEV(ALLWIN, RT2770), 123 RUN_DEV(ALLWIN, RT2870), 124 RUN_DEV(ALLWIN, RT3070), 125 RUN_DEV(ALLWIN, RT3071), 126 RUN_DEV(ALLWIN, RT3072), 127 RUN_DEV(ALLWIN, RT3572), 128 RUN_DEV(AMIGO, RT2870_1), 129 RUN_DEV(AMIGO, RT2870_2), 130 RUN_DEV(AMIT, CGWLUSB2GNR), 131 RUN_DEV(AMIT, RT2870_1), 132 RUN_DEV(AMIT2, RT2870), 133 RUN_DEV(ASUS, RT2870_1), 134 RUN_DEV(ASUS, RT2870_2), 135 RUN_DEV(ASUS, RT2870_3), 136 RUN_DEV(ASUS, RT2870_4), 137 RUN_DEV(ASUS, RT2870_5), 138 RUN_DEV(ASUS, USBN13), 139 RUN_DEV(ASUS, RT3070_1), 140 RUN_DEV(ASUS, USB_N53), 141 RUN_DEV(ASUS2, USBN11), 142 RUN_DEV(AZUREWAVE, RT2870_1), 143 RUN_DEV(AZUREWAVE, RT2870_2), 144 RUN_DEV(AZUREWAVE, RT3070_1), 145 RUN_DEV(AZUREWAVE, RT3070_2), 146 RUN_DEV(AZUREWAVE, RT3070_3), 147 RUN_DEV(BELKIN, F5D8053V3), 148 RUN_DEV(BELKIN, F5D8055), 149 RUN_DEV(BELKIN, F5D8055V2), 150 RUN_DEV(BELKIN, F6D4050V1), 151 RUN_DEV(BELKIN, F6D4050V2), 152 RUN_DEV(BELKIN, RT2870_1), 153 RUN_DEV(BELKIN, RT2870_2), 154 RUN_DEV(CISCOLINKSYS, AE1000), 155 RUN_DEV(CISCOLINKSYS2, RT3070), 156 RUN_DEV(CISCOLINKSYS3, RT3070), 157 RUN_DEV(CONCEPTRONIC2, RT2870_1), 158 RUN_DEV(CONCEPTRONIC2, RT2870_2), 159 RUN_DEV(CONCEPTRONIC2, RT2870_3), 160 RUN_DEV(CONCEPTRONIC2, RT2870_4), 161 RUN_DEV(CONCEPTRONIC2, RT2870_5), 162 RUN_DEV(CONCEPTRONIC2, RT2870_6), 163 RUN_DEV(CONCEPTRONIC2, RT2870_7), 164 RUN_DEV(CONCEPTRONIC2, RT2870_8), 165 RUN_DEV(CONCEPTRONIC2, RT3070_1), 166 RUN_DEV(CONCEPTRONIC2, RT3070_2), 167 RUN_DEV(CONCEPTRONIC2, VIGORN61), 168 RUN_DEV(COREGA, CGWLUSB300GNM), 169 RUN_DEV(COREGA, RT2870_1), 170 RUN_DEV(COREGA, RT2870_2), 171 RUN_DEV(COREGA, RT2870_3), 172 RUN_DEV(COREGA, RT3070), 173 RUN_DEV(CYBERTAN, RT2870), 174 RUN_DEV(DLINK, RT2870), 175 RUN_DEV(DLINK, RT3072), 176 RUN_DEV(DLINK, DWA127), 177 RUN_DEV(DLINK2, DWA130), 178 RUN_DEV(DLINK2, RT2870_1), 179 RUN_DEV(DLINK2, RT2870_2), 180 RUN_DEV(DLINK2, RT3070_1), 181 RUN_DEV(DLINK2, RT3070_2), 182 RUN_DEV(DLINK2, RT3070_3), 183 RUN_DEV(DLINK2, RT3070_4), 184 RUN_DEV(DLINK2, RT3070_5), 185 RUN_DEV(DLINK2, RT3072), 186 RUN_DEV(DLINK2, RT3072_1), 187 RUN_DEV(EDIMAX, EW7717), 188 RUN_DEV(EDIMAX, EW7718), 189 RUN_DEV(EDIMAX, RT2870_1), 190 RUN_DEV(ENCORE, RT3070_1), 191 RUN_DEV(ENCORE, RT3070_2), 192 RUN_DEV(ENCORE, RT3070_3), 193 RUN_DEV(GIGABYTE, GNWB31N), 194 RUN_DEV(GIGABYTE, GNWB32L), 195 RUN_DEV(GIGABYTE, RT2870_1), 196 RUN_DEV(GIGASET, RT3070_1), 197 RUN_DEV(GIGASET, RT3070_2), 198 RUN_DEV(GUILLEMOT, HWNU300), 199 RUN_DEV(HAWKING, HWUN2), 200 RUN_DEV(HAWKING, RT2870_1), 201 RUN_DEV(HAWKING, RT2870_2), 202 RUN_DEV(HAWKING, RT3070), 203 RUN_DEV(IODATA, RT3072_1), 204 RUN_DEV(IODATA, RT3072_2), 205 RUN_DEV(IODATA, RT3072_3), 206 RUN_DEV(IODATA, RT3072_4), 207 RUN_DEV(LINKSYS4, RT3070), 208 RUN_DEV(LINKSYS4, WUSB100), 209 RUN_DEV(LINKSYS4, WUSB54GCV3), 210 RUN_DEV(LINKSYS4, WUSB600N), 211 RUN_DEV(LINKSYS4, WUSB600NV2), 212 RUN_DEV(LOGITEC, RT2870_1), 213 RUN_DEV(LOGITEC, RT2870_2), 214 RUN_DEV(LOGITEC, RT2870_3), 215 RUN_DEV(LOGITEC, LANW300NU2), 216 RUN_DEV(LOGITEC, LANW150NU2), 217 RUN_DEV(LOGITEC, LANW300NU2S), 218 RUN_DEV(MELCO, RT2870_1), 219 RUN_DEV(MELCO, RT2870_2), 220 RUN_DEV(MELCO, WLIUCAG300N), 221 RUN_DEV(MELCO, WLIUCG300N), 222 RUN_DEV(MELCO, WLIUCG301N), 223 RUN_DEV(MELCO, WLIUCGN), 224 RUN_DEV(MELCO, WLIUCGNM), 225 RUN_DEV(MELCO, WLIUCGNM2), 226 RUN_DEV(MOTOROLA4, RT2770), 227 RUN_DEV(MOTOROLA4, RT3070), 228 RUN_DEV(MSI, RT3070_1), 229 RUN_DEV(MSI, RT3070_2), 230 RUN_DEV(MSI, RT3070_3), 231 RUN_DEV(MSI, RT3070_4), 232 RUN_DEV(MSI, RT3070_5), 233 RUN_DEV(MSI, RT3070_6), 234 RUN_DEV(MSI, RT3070_7), 235 RUN_DEV(MSI, RT3070_8), 236 RUN_DEV(MSI, RT3070_9), 237 RUN_DEV(MSI, RT3070_10), 238 RUN_DEV(MSI, RT3070_11), 239 RUN_DEV(OVISLINK, RT3072), 240 RUN_DEV(PARA, RT3070), 241 RUN_DEV(PEGATRON, RT2870), 242 RUN_DEV(PEGATRON, RT3070), 243 RUN_DEV(PEGATRON, RT3070_2), 244 RUN_DEV(PEGATRON, RT3070_3), 245 RUN_DEV(PHILIPS, RT2870), 246 RUN_DEV(PLANEX2, GWUS300MINIS), 247 RUN_DEV(PLANEX2, GWUSMICRON), 248 RUN_DEV(PLANEX2, RT2870), 249 RUN_DEV(PLANEX2, RT3070), 250 RUN_DEV(QCOM, RT2870), 251 RUN_DEV(QUANTA, RT3070), 252 RUN_DEV(RALINK, RT2070), 253 RUN_DEV(RALINK, RT2770), 254 RUN_DEV(RALINK, RT2870), 255 RUN_DEV(RALINK, RT3070), 256 RUN_DEV(RALINK, RT3071), 257 RUN_DEV(RALINK, RT3072), 258 RUN_DEV(RALINK, RT3370), 259 RUN_DEV(RALINK, RT3572), 260 RUN_DEV(RALINK, RT8070), 261 RUN_DEV(SAMSUNG, WIS09ABGN), 262 RUN_DEV(SAMSUNG2, RT2870_1), 263 RUN_DEV(SENAO, RT2870_1), 264 RUN_DEV(SENAO, RT2870_2), 265 RUN_DEV(SENAO, RT2870_3), 266 RUN_DEV(SENAO, RT2870_4), 267 RUN_DEV(SENAO, RT3070), 268 RUN_DEV(SENAO, RT3071), 269 RUN_DEV(SENAO, RT3072_1), 270 RUN_DEV(SENAO, RT3072_2), 271 RUN_DEV(SENAO, RT3072_3), 272 RUN_DEV(SENAO, RT3072_4), 273 RUN_DEV(SENAO, RT3072_5), 274 RUN_DEV(SITECOMEU, RT2770), 275 RUN_DEV(SITECOMEU, RT2870_1), 276 RUN_DEV(SITECOMEU, RT2870_2), 277 RUN_DEV(SITECOMEU, RT2870_3), 278 RUN_DEV(SITECOMEU, RT2870_4), 279 RUN_DEV(SITECOMEU, RT3070), 280 RUN_DEV(SITECOMEU, RT3070_2), 281 RUN_DEV(SITECOMEU, RT3070_3), 282 RUN_DEV(SITECOMEU, RT3070_4), 283 RUN_DEV(SITECOMEU, RT3071), 284 RUN_DEV(SITECOMEU, RT3072_1), 285 RUN_DEV(SITECOMEU, RT3072_2), 286 RUN_DEV(SITECOMEU, RT3072_3), 287 RUN_DEV(SITECOMEU, RT3072_4), 288 RUN_DEV(SITECOMEU, RT3072_5), 289 RUN_DEV(SITECOMEU, RT3072_6), 290 RUN_DEV(SITECOMEU, WL608), 291 RUN_DEV(SPARKLAN, RT2870_1), 292 RUN_DEV(SPARKLAN, RT3070), 293 RUN_DEV(SWEEX2, LW153), 294 RUN_DEV(SWEEX2, LW303), 295 RUN_DEV(SWEEX2, LW313), 296 RUN_DEV(TOSHIBA, RT3070), 297 RUN_DEV(UMEDIA, RT2870_1), 298 RUN_DEV(ZCOM, RT2870_1), 299 RUN_DEV(ZCOM, RT2870_2), 300 RUN_DEV(ZINWELL, RT2870_1), 301 RUN_DEV(ZINWELL, RT2870_2), 302 RUN_DEV(ZINWELL, RT3070), 303 RUN_DEV(ZINWELL, RT3072_1), 304 RUN_DEV(ZINWELL, RT3072_2), 305 RUN_DEV(ZYXEL, RT2870_1), 306 RUN_DEV(ZYXEL, RT2870_2), 307 #undef RUN_DEV 308 }; 309 310 static device_probe_t run_match; 311 static device_attach_t run_attach; 312 static device_detach_t run_detach; 313 314 static usb_callback_t run_bulk_rx_callback; 315 static usb_callback_t run_bulk_tx_callback0; 316 static usb_callback_t run_bulk_tx_callback1; 317 static usb_callback_t run_bulk_tx_callback2; 318 static usb_callback_t run_bulk_tx_callback3; 319 static usb_callback_t run_bulk_tx_callback4; 320 static usb_callback_t run_bulk_tx_callback5; 321 322 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 323 usb_error_t error, u_int index); 324 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 325 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 326 const uint8_t [IEEE80211_ADDR_LEN], 327 const uint8_t [IEEE80211_ADDR_LEN]); 328 static void run_vap_delete(struct ieee80211vap *); 329 static void run_cmdq_cb(void *, int); 330 static void run_setup_tx_list(struct run_softc *, 331 struct run_endpoint_queue *); 332 static void run_unsetup_tx_list(struct run_softc *, 333 struct run_endpoint_queue *); 334 static int run_load_microcode(struct run_softc *); 335 static int run_reset(struct run_softc *); 336 static usb_error_t run_do_request(struct run_softc *, 337 struct usb_device_request *, void *); 338 static int run_read(struct run_softc *, uint16_t, uint32_t *); 339 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 340 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 341 static int run_write(struct run_softc *, uint16_t, uint32_t); 342 static int run_write_region_1(struct run_softc *, uint16_t, 343 const uint8_t *, int); 344 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 345 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 346 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 347 static int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t); 348 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 349 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 350 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 351 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 352 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 353 static const char *run_get_rf(int); 354 static int run_read_eeprom(struct run_softc *); 355 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 356 const uint8_t mac[IEEE80211_ADDR_LEN]); 357 static int run_media_change(struct ifnet *); 358 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 359 static int run_wme_update(struct ieee80211com *); 360 static void run_wme_update_cb(void *); 361 static void run_key_update_begin(struct ieee80211vap *); 362 static void run_key_update_end(struct ieee80211vap *); 363 static void run_key_set_cb(void *); 364 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 365 const uint8_t mac[IEEE80211_ADDR_LEN]); 366 static void run_key_delete_cb(void *); 367 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 368 static void run_ratectl_to(void *); 369 static void run_ratectl_cb(void *, int); 370 static void run_drain_fifo(void *); 371 static void run_iter_func(void *, struct ieee80211_node *); 372 static void run_newassoc_cb(void *); 373 static void run_newassoc(struct ieee80211_node *, int); 374 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 375 static void run_tx_free(struct run_endpoint_queue *pq, 376 struct run_tx_data *, int); 377 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 378 static int run_tx(struct run_softc *, struct mbuf *, 379 struct ieee80211_node *); 380 static int run_tx_mgt(struct run_softc *, struct mbuf *, 381 struct ieee80211_node *); 382 static int run_sendprot(struct run_softc *, const struct mbuf *, 383 struct ieee80211_node *, int, int); 384 static int run_tx_param(struct run_softc *, struct mbuf *, 385 struct ieee80211_node *, 386 const struct ieee80211_bpf_params *); 387 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 388 const struct ieee80211_bpf_params *); 389 static void run_start(struct ifnet *); 390 static int run_ioctl(struct ifnet *, u_long, caddr_t); 391 static void run_set_agc(struct run_softc *, uint8_t); 392 static void run_select_chan_group(struct run_softc *, int); 393 static void run_set_rx_antenna(struct run_softc *, int); 394 static void run_rt2870_set_chan(struct run_softc *, u_int); 395 static void run_rt3070_set_chan(struct run_softc *, u_int); 396 static void run_rt3572_set_chan(struct run_softc *, u_int); 397 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 398 static void run_set_channel(struct ieee80211com *); 399 static void run_scan_start(struct ieee80211com *); 400 static void run_scan_end(struct ieee80211com *); 401 static void run_update_beacon(struct ieee80211vap *, int); 402 static void run_update_beacon_cb(void *); 403 static void run_updateprot(struct ieee80211com *); 404 static void run_updateprot_cb(void *); 405 static void run_usb_timeout_cb(void *); 406 static void run_reset_livelock(struct run_softc *); 407 static void run_enable_tsf_sync(struct run_softc *); 408 static void run_enable_mrr(struct run_softc *); 409 static void run_set_txpreamble(struct run_softc *); 410 static void run_set_basicrates(struct run_softc *); 411 static void run_set_leds(struct run_softc *, uint16_t); 412 static void run_set_bssid(struct run_softc *, const uint8_t *); 413 static void run_set_macaddr(struct run_softc *, const uint8_t *); 414 static void run_updateslot(struct ifnet *); 415 static void run_updateslot_cb(void *); 416 static void run_update_mcast(struct ifnet *); 417 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 418 static void run_update_promisc_locked(struct ifnet *); 419 static void run_update_promisc(struct ifnet *); 420 static int run_bbp_init(struct run_softc *); 421 static int run_rt3070_rf_init(struct run_softc *); 422 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 423 uint8_t *); 424 static void run_rt3070_rf_setup(struct run_softc *); 425 static int run_txrx_enable(struct run_softc *); 426 static void run_init(void *); 427 static void run_init_locked(struct run_softc *); 428 static void run_stop(void *); 429 static void run_delay(struct run_softc *, u_int); 430 431 static const struct { 432 uint16_t reg; 433 uint32_t val; 434 } rt2870_def_mac[] = { 435 RT2870_DEF_MAC 436 }; 437 438 static const struct { 439 uint8_t reg; 440 uint8_t val; 441 } rt2860_def_bbp[] = { 442 RT2860_DEF_BBP 443 }; 444 445 static const struct rfprog { 446 uint8_t chan; 447 uint32_t r1, r2, r3, r4; 448 } rt2860_rf2850[] = { 449 RT2860_RF2850 450 }; 451 452 struct { 453 uint8_t n, r, k; 454 } rt3070_freqs[] = { 455 RT3070_RF3052 456 }; 457 458 static const struct { 459 uint8_t reg; 460 uint8_t val; 461 } rt3070_def_rf[] = { 462 RT3070_DEF_RF 463 },rt3572_def_rf[] = { 464 RT3572_DEF_RF 465 }; 466 467 static const struct usb_config run_config[RUN_N_XFER] = { 468 [RUN_BULK_TX_BE] = { 469 .type = UE_BULK, 470 .endpoint = UE_ADDR_ANY, 471 .ep_index = 0, 472 .direction = UE_DIR_OUT, 473 .bufsize = RUN_MAX_TXSZ, 474 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 475 .callback = run_bulk_tx_callback0, 476 .timeout = 5000, /* ms */ 477 }, 478 [RUN_BULK_TX_BK] = { 479 .type = UE_BULK, 480 .endpoint = UE_ADDR_ANY, 481 .direction = UE_DIR_OUT, 482 .ep_index = 1, 483 .bufsize = RUN_MAX_TXSZ, 484 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 485 .callback = run_bulk_tx_callback1, 486 .timeout = 5000, /* ms */ 487 }, 488 [RUN_BULK_TX_VI] = { 489 .type = UE_BULK, 490 .endpoint = UE_ADDR_ANY, 491 .direction = UE_DIR_OUT, 492 .ep_index = 2, 493 .bufsize = RUN_MAX_TXSZ, 494 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 495 .callback = run_bulk_tx_callback2, 496 .timeout = 5000, /* ms */ 497 }, 498 [RUN_BULK_TX_VO] = { 499 .type = UE_BULK, 500 .endpoint = UE_ADDR_ANY, 501 .direction = UE_DIR_OUT, 502 .ep_index = 3, 503 .bufsize = RUN_MAX_TXSZ, 504 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 505 .callback = run_bulk_tx_callback3, 506 .timeout = 5000, /* ms */ 507 }, 508 [RUN_BULK_TX_HCCA] = { 509 .type = UE_BULK, 510 .endpoint = UE_ADDR_ANY, 511 .direction = UE_DIR_OUT, 512 .ep_index = 4, 513 .bufsize = RUN_MAX_TXSZ, 514 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 515 .callback = run_bulk_tx_callback4, 516 .timeout = 5000, /* ms */ 517 }, 518 [RUN_BULK_TX_PRIO] = { 519 .type = UE_BULK, 520 .endpoint = UE_ADDR_ANY, 521 .direction = UE_DIR_OUT, 522 .ep_index = 5, 523 .bufsize = RUN_MAX_TXSZ, 524 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 525 .callback = run_bulk_tx_callback5, 526 .timeout = 5000, /* ms */ 527 }, 528 [RUN_BULK_RX] = { 529 .type = UE_BULK, 530 .endpoint = UE_ADDR_ANY, 531 .direction = UE_DIR_IN, 532 .bufsize = RUN_MAX_RXSZ, 533 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 534 .callback = run_bulk_rx_callback, 535 } 536 }; 537 538 static int 539 run_match(device_t self) 540 { 541 struct usb_attach_arg *uaa = device_get_ivars(self); 542 543 if (uaa->usb_mode != USB_MODE_HOST) 544 return (ENXIO); 545 if (uaa->info.bConfigIndex != 0) 546 return (ENXIO); 547 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 548 return (ENXIO); 549 550 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 551 } 552 553 static int 554 run_attach(device_t self) 555 { 556 struct run_softc *sc = device_get_softc(self); 557 struct usb_attach_arg *uaa = device_get_ivars(self); 558 struct ieee80211com *ic; 559 struct ifnet *ifp; 560 uint32_t ver; 561 int i, ntries, error; 562 uint8_t iface_index, bands; 563 564 device_set_usb_desc(self); 565 sc->sc_udev = uaa->device; 566 sc->sc_dev = self; 567 568 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 569 MTX_NETWORK_LOCK, MTX_DEF); 570 571 iface_index = RT2860_IFACE_INDEX; 572 573 error = usbd_transfer_setup(uaa->device, &iface_index, 574 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 575 if (error) { 576 device_printf(self, "could not allocate USB transfers, " 577 "err=%s\n", usbd_errstr(error)); 578 goto detach; 579 } 580 581 RUN_LOCK(sc); 582 583 /* wait for the chip to settle */ 584 for (ntries = 0; ntries < 100; ntries++) { 585 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 586 RUN_UNLOCK(sc); 587 goto detach; 588 } 589 if (ver != 0 && ver != 0xffffffff) 590 break; 591 run_delay(sc, 10); 592 } 593 if (ntries == 100) { 594 device_printf(sc->sc_dev, 595 "timeout waiting for NIC to initialize\n"); 596 RUN_UNLOCK(sc); 597 goto detach; 598 } 599 sc->mac_ver = ver >> 16; 600 sc->mac_rev = ver & 0xffff; 601 602 /* retrieve RF rev. no and various other things from EEPROM */ 603 run_read_eeprom(sc); 604 605 device_printf(sc->sc_dev, 606 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 607 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 608 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 609 610 RUN_UNLOCK(sc); 611 612 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 613 if (ifp == NULL) { 614 device_printf(sc->sc_dev, "can not if_alloc()\n"); 615 goto detach; 616 } 617 ic = ifp->if_l2com; 618 619 ifp->if_softc = sc; 620 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 621 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 622 ifp->if_init = run_init; 623 ifp->if_ioctl = run_ioctl; 624 ifp->if_start = run_start; 625 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 626 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 627 IFQ_SET_READY(&ifp->if_snd); 628 629 ic->ic_ifp = ifp; 630 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 631 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 632 633 /* set device capabilities */ 634 ic->ic_caps = 635 IEEE80211_C_STA | /* station mode supported */ 636 IEEE80211_C_MONITOR | /* monitor mode supported */ 637 IEEE80211_C_IBSS | 638 IEEE80211_C_HOSTAP | 639 IEEE80211_C_WDS | /* 4-address traffic works */ 640 IEEE80211_C_MBSS | 641 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 642 IEEE80211_C_SHSLOT | /* short slot time supported */ 643 IEEE80211_C_WME | /* WME */ 644 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 645 646 ic->ic_cryptocaps = 647 IEEE80211_CRYPTO_WEP | 648 IEEE80211_CRYPTO_AES_CCM | 649 IEEE80211_CRYPTO_TKIPMIC | 650 IEEE80211_CRYPTO_TKIP; 651 652 ic->ic_flags |= IEEE80211_F_DATAPAD; 653 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 654 655 bands = 0; 656 setbit(&bands, IEEE80211_MODE_11B); 657 setbit(&bands, IEEE80211_MODE_11G); 658 ieee80211_init_channels(ic, NULL, &bands); 659 660 /* 661 * Do this by own because h/w supports 662 * more channels than ieee80211_init_channels() 663 */ 664 if (sc->rf_rev == RT2860_RF_2750 || 665 sc->rf_rev == RT2860_RF_2850 || 666 sc->rf_rev == RT3070_RF_3052) { 667 /* set supported .11a rates */ 668 for (i = 14; i < N(rt2860_rf2850); i++) { 669 uint8_t chan = rt2860_rf2850[i].chan; 670 ic->ic_channels[ic->ic_nchans].ic_freq = 671 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A); 672 ic->ic_channels[ic->ic_nchans].ic_ieee = chan; 673 ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A; 674 ic->ic_channels[ic->ic_nchans].ic_extieee = 0; 675 ic->ic_nchans++; 676 } 677 } 678 679 ieee80211_ifattach(ic, sc->sc_bssid); 680 681 ic->ic_scan_start = run_scan_start; 682 ic->ic_scan_end = run_scan_end; 683 ic->ic_set_channel = run_set_channel; 684 ic->ic_node_alloc = run_node_alloc; 685 ic->ic_newassoc = run_newassoc; 686 ic->ic_updateslot = run_updateslot; 687 ic->ic_update_mcast = run_update_mcast; 688 ic->ic_wme.wme_update = run_wme_update; 689 ic->ic_raw_xmit = run_raw_xmit; 690 ic->ic_update_promisc = run_update_promisc; 691 692 ic->ic_vap_create = run_vap_create; 693 ic->ic_vap_delete = run_vap_delete; 694 695 ieee80211_radiotap_attach(ic, 696 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 697 RUN_TX_RADIOTAP_PRESENT, 698 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 699 RUN_RX_RADIOTAP_PRESENT); 700 701 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 702 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 703 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 704 705 if (bootverbose) 706 ieee80211_announce(ic); 707 708 return (0); 709 710 detach: 711 run_detach(self); 712 return (ENXIO); 713 } 714 715 static int 716 run_detach(device_t self) 717 { 718 struct run_softc *sc = device_get_softc(self); 719 struct ifnet *ifp = sc->sc_ifp; 720 struct ieee80211com *ic; 721 int i; 722 723 RUN_LOCK(sc); 724 sc->sc_detached = 1; 725 RUN_UNLOCK(sc); 726 727 /* stop all USB transfers */ 728 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 729 730 RUN_LOCK(sc); 731 sc->ratectl_run = RUN_RATECTL_OFF; 732 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 733 734 /* free TX list, if any */ 735 for (i = 0; i != RUN_EP_QUEUES; i++) 736 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 737 RUN_UNLOCK(sc); 738 739 if (ifp) { 740 ic = ifp->if_l2com; 741 /* drain tasks */ 742 usb_callout_drain(&sc->ratectl_ch); 743 ieee80211_draintask(ic, &sc->cmdq_task); 744 ieee80211_draintask(ic, &sc->ratectl_task); 745 ieee80211_ifdetach(ic); 746 if_free(ifp); 747 } 748 749 mtx_destroy(&sc->sc_mtx); 750 751 return (0); 752 } 753 754 static struct ieee80211vap * 755 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 756 enum ieee80211_opmode opmode, int flags, 757 const uint8_t bssid[IEEE80211_ADDR_LEN], 758 const uint8_t mac[IEEE80211_ADDR_LEN]) 759 { 760 struct ifnet *ifp = ic->ic_ifp; 761 struct run_softc *sc = ifp->if_softc; 762 struct run_vap *rvp; 763 struct ieee80211vap *vap; 764 int i; 765 766 if (sc->rvp_cnt >= RUN_VAP_MAX) { 767 if_printf(ifp, "number of VAPs maxed out\n"); 768 return (NULL); 769 } 770 771 switch (opmode) { 772 case IEEE80211_M_STA: 773 /* enable s/w bmiss handling for sta mode */ 774 flags |= IEEE80211_CLONE_NOBEACONS; 775 /* fall though */ 776 case IEEE80211_M_IBSS: 777 case IEEE80211_M_MONITOR: 778 case IEEE80211_M_HOSTAP: 779 case IEEE80211_M_MBSS: 780 /* other than WDS vaps, only one at a time */ 781 if (!TAILQ_EMPTY(&ic->ic_vaps)) 782 return (NULL); 783 break; 784 case IEEE80211_M_WDS: 785 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 786 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 787 continue; 788 /* WDS vap's always share the local mac address. */ 789 flags &= ~IEEE80211_CLONE_BSSID; 790 break; 791 } 792 if (vap == NULL) { 793 if_printf(ifp, "wds only supported in ap mode\n"); 794 return (NULL); 795 } 796 break; 797 default: 798 if_printf(ifp, "unknown opmode %d\n", opmode); 799 return (NULL); 800 } 801 802 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 803 M_80211_VAP, M_NOWAIT | M_ZERO); 804 if (rvp == NULL) 805 return (NULL); 806 vap = &rvp->vap; 807 808 if (ieee80211_vap_setup(ic, vap, name, unit, 809 opmode, flags, bssid, mac) != 0) { 810 /* out of memory */ 811 free(rvp, M_80211_VAP); 812 return (NULL); 813 } 814 815 vap->iv_key_update_begin = run_key_update_begin; 816 vap->iv_key_update_end = run_key_update_end; 817 vap->iv_update_beacon = run_update_beacon; 818 vap->iv_max_aid = RT2870_WCID_MAX; 819 /* 820 * To delete the right key from h/w, we need wcid. 821 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 822 * and matching wcid will be written into there. So, cast 823 * some spells to remove 'const' from ieee80211_key{} 824 */ 825 vap->iv_key_delete = (void *)run_key_delete; 826 vap->iv_key_set = (void *)run_key_set; 827 828 /* override state transition machine */ 829 rvp->newstate = vap->iv_newstate; 830 vap->iv_newstate = run_newstate; 831 832 ieee80211_ratectl_init(vap); 833 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 834 835 /* complete setup */ 836 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 837 838 /* make sure id is always unique */ 839 for (i = 0; i < RUN_VAP_MAX; i++) { 840 if((sc->rvp_bmap & 1 << i) == 0){ 841 sc->rvp_bmap |= 1 << i; 842 rvp->rvp_id = i; 843 break; 844 } 845 } 846 if (sc->rvp_cnt++ == 0) 847 ic->ic_opmode = opmode; 848 849 if (opmode == IEEE80211_M_HOSTAP) 850 sc->cmdq_run = RUN_CMDQ_GO; 851 852 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 853 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 854 855 return (vap); 856 } 857 858 static void 859 run_vap_delete(struct ieee80211vap *vap) 860 { 861 struct run_vap *rvp = RUN_VAP(vap); 862 struct ifnet *ifp; 863 struct ieee80211com *ic; 864 struct run_softc *sc; 865 uint8_t rvp_id; 866 867 if (vap == NULL) 868 return; 869 870 ic = vap->iv_ic; 871 ifp = ic->ic_ifp; 872 873 sc = ifp->if_softc; 874 875 RUN_LOCK(sc); 876 877 m_freem(rvp->beacon_mbuf); 878 rvp->beacon_mbuf = NULL; 879 880 rvp_id = rvp->rvp_id; 881 sc->ratectl_run &= ~(1 << rvp_id); 882 sc->rvp_bmap &= ~(1 << rvp_id); 883 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 884 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 885 --sc->rvp_cnt; 886 887 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 888 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 889 890 RUN_UNLOCK(sc); 891 892 ieee80211_ratectl_deinit(vap); 893 ieee80211_vap_detach(vap); 894 free(rvp, M_80211_VAP); 895 } 896 897 /* 898 * There are numbers of functions need to be called in context thread. 899 * Rather than creating taskqueue event for each of those functions, 900 * here is all-for-one taskqueue callback function. This function 901 * gurantees deferred functions are executed in the same order they 902 * were enqueued. 903 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 904 */ 905 static void 906 run_cmdq_cb(void *arg, int pending) 907 { 908 struct run_softc *sc = arg; 909 uint8_t i; 910 911 /* call cmdq[].func locked */ 912 RUN_LOCK(sc); 913 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 914 i = sc->cmdq_exec, pending--) { 915 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 916 if (sc->cmdq_run == RUN_CMDQ_GO) { 917 /* 918 * If arg0 is NULL, callback func needs more 919 * than one arg. So, pass ptr to cmdq struct. 920 */ 921 if (sc->cmdq[i].arg0) 922 sc->cmdq[i].func(sc->cmdq[i].arg0); 923 else 924 sc->cmdq[i].func(&sc->cmdq[i]); 925 } 926 sc->cmdq[i].arg0 = NULL; 927 sc->cmdq[i].func = NULL; 928 sc->cmdq_exec++; 929 sc->cmdq_exec &= RUN_CMDQ_MASQ; 930 } 931 RUN_UNLOCK(sc); 932 } 933 934 static void 935 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 936 { 937 struct run_tx_data *data; 938 939 memset(pq, 0, sizeof(*pq)); 940 941 STAILQ_INIT(&pq->tx_qh); 942 STAILQ_INIT(&pq->tx_fh); 943 944 for (data = &pq->tx_data[0]; 945 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 946 data->sc = sc; 947 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 948 } 949 pq->tx_nfree = RUN_TX_RING_COUNT; 950 } 951 952 static void 953 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 954 { 955 struct run_tx_data *data; 956 957 /* make sure any subsequent use of the queues will fail */ 958 pq->tx_nfree = 0; 959 STAILQ_INIT(&pq->tx_fh); 960 STAILQ_INIT(&pq->tx_qh); 961 962 /* free up all node references and mbufs */ 963 for (data = &pq->tx_data[0]; 964 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 965 if (data->m != NULL) { 966 m_freem(data->m); 967 data->m = NULL; 968 } 969 if (data->ni != NULL) { 970 ieee80211_free_node(data->ni); 971 data->ni = NULL; 972 } 973 } 974 } 975 976 static int 977 run_load_microcode(struct run_softc *sc) 978 { 979 usb_device_request_t req; 980 const struct firmware *fw; 981 const u_char *base; 982 uint32_t tmp; 983 int ntries, error; 984 const uint64_t *temp; 985 uint64_t bytes; 986 987 RUN_UNLOCK(sc); 988 fw = firmware_get("runfw"); 989 RUN_LOCK(sc); 990 if (fw == NULL) { 991 device_printf(sc->sc_dev, 992 "failed loadfirmware of file %s\n", "runfw"); 993 return ENOENT; 994 } 995 996 if (fw->datasize != 8192) { 997 device_printf(sc->sc_dev, 998 "invalid firmware size (should be 8KB)\n"); 999 error = EINVAL; 1000 goto fail; 1001 } 1002 1003 /* 1004 * RT3071/RT3072 use a different firmware 1005 * run-rt2870 (8KB) contains both, 1006 * first half (4KB) is for rt2870, 1007 * last half is for rt3071. 1008 */ 1009 base = fw->data; 1010 if ((sc->mac_ver) != 0x2860 && 1011 (sc->mac_ver) != 0x2872 && 1012 (sc->mac_ver) != 0x3070) { 1013 base += 4096; 1014 } 1015 1016 /* cheap sanity check */ 1017 temp = fw->data; 1018 bytes = *temp; 1019 if (bytes != be64toh(0xffffff0210280210ULL)) { 1020 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1021 error = EINVAL; 1022 goto fail; 1023 } 1024 1025 /* write microcode image */ 1026 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1027 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1028 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1029 1030 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1031 req.bRequest = RT2870_RESET; 1032 USETW(req.wValue, 8); 1033 USETW(req.wIndex, 0); 1034 USETW(req.wLength, 0); 1035 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1036 != 0) { 1037 device_printf(sc->sc_dev, "firmware reset failed\n"); 1038 goto fail; 1039 } 1040 1041 run_delay(sc, 10); 1042 1043 run_write(sc, RT2860_H2M_MAILBOX, 0); 1044 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1045 goto fail; 1046 1047 /* wait until microcontroller is ready */ 1048 for (ntries = 0; ntries < 1000; ntries++) { 1049 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1050 goto fail; 1051 } 1052 if (tmp & RT2860_MCU_READY) 1053 break; 1054 run_delay(sc, 10); 1055 } 1056 if (ntries == 1000) { 1057 device_printf(sc->sc_dev, 1058 "timeout waiting for MCU to initialize\n"); 1059 error = ETIMEDOUT; 1060 goto fail; 1061 } 1062 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1063 (base == fw->data) ? "RT2870" : "RT3071", 1064 *(base + 4092), *(base + 4093)); 1065 1066 fail: 1067 firmware_put(fw, FIRMWARE_UNLOAD); 1068 return (error); 1069 } 1070 1071 int 1072 run_reset(struct run_softc *sc) 1073 { 1074 usb_device_request_t req; 1075 1076 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1077 req.bRequest = RT2870_RESET; 1078 USETW(req.wValue, 1); 1079 USETW(req.wIndex, 0); 1080 USETW(req.wLength, 0); 1081 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1082 } 1083 1084 static usb_error_t 1085 run_do_request(struct run_softc *sc, 1086 struct usb_device_request *req, void *data) 1087 { 1088 usb_error_t err; 1089 int ntries = 10; 1090 1091 RUN_LOCK_ASSERT(sc, MA_OWNED); 1092 1093 while (ntries--) { 1094 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1095 req, data, 0, NULL, 250 /* ms */); 1096 if (err == 0) 1097 break; 1098 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1099 usbd_errstr(err)); 1100 run_delay(sc, 10); 1101 } 1102 return (err); 1103 } 1104 1105 static int 1106 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1107 { 1108 uint32_t tmp; 1109 int error; 1110 1111 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1112 if (error == 0) 1113 *val = le32toh(tmp); 1114 else 1115 *val = 0xffffffff; 1116 return (error); 1117 } 1118 1119 static int 1120 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1121 { 1122 usb_device_request_t req; 1123 1124 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1125 req.bRequest = RT2870_READ_REGION_1; 1126 USETW(req.wValue, 0); 1127 USETW(req.wIndex, reg); 1128 USETW(req.wLength, len); 1129 1130 return (run_do_request(sc, &req, buf)); 1131 } 1132 1133 static int 1134 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1135 { 1136 usb_device_request_t req; 1137 1138 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1139 req.bRequest = RT2870_WRITE_2; 1140 USETW(req.wValue, val); 1141 USETW(req.wIndex, reg); 1142 USETW(req.wLength, 0); 1143 1144 return (run_do_request(sc, &req, NULL)); 1145 } 1146 1147 static int 1148 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1149 { 1150 int error; 1151 1152 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1153 error = run_write_2(sc, reg + 2, val >> 16); 1154 return (error); 1155 } 1156 1157 static int 1158 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1159 int len) 1160 { 1161 #if 1 1162 int i, error = 0; 1163 /* 1164 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1165 * We thus issue multiple WRITE_2 commands instead. 1166 */ 1167 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1168 for (i = 0; i < len && error == 0; i += 2) 1169 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1170 return (error); 1171 #else 1172 usb_device_request_t req; 1173 int error = 0; 1174 1175 /* 1176 * NOTE: It appears the WRITE_REGION_1 command cannot be 1177 * passed a huge amount of data, which will crash the 1178 * firmware. Limit amount of data passed to 64-bytes at a 1179 * time: 1180 */ 1181 while (len > 0) { 1182 int delta = 64; 1183 if (delta > len) 1184 delta = len; 1185 1186 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1187 req.bRequest = RT2870_WRITE_REGION_1; 1188 USETW(req.wValue, 0); 1189 USETW(req.wIndex, reg); 1190 USETW(req.wLength, delta); 1191 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1192 if (error != 0) 1193 break; 1194 reg += delta; 1195 buf += delta; 1196 len -= delta; 1197 } 1198 return (error); 1199 #endif 1200 } 1201 1202 static int 1203 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1204 { 1205 int i, error = 0; 1206 1207 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1208 for (i = 0; i < len && error == 0; i += 4) 1209 error = run_write(sc, reg + i, val); 1210 return (error); 1211 } 1212 1213 /* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1214 static int 1215 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1216 { 1217 uint32_t tmp; 1218 uint16_t reg; 1219 int error, ntries; 1220 1221 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1222 return (error); 1223 1224 addr *= 2; 1225 /*- 1226 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1227 * DATA0: F E D C 1228 * DATA1: B A 9 8 1229 * DATA2: 7 6 5 4 1230 * DATA3: 3 2 1 0 1231 */ 1232 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1233 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1234 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1235 for (ntries = 0; ntries < 100; ntries++) { 1236 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1237 return (error); 1238 if (!(tmp & RT3070_EFSROM_KICK)) 1239 break; 1240 run_delay(sc, 2); 1241 } 1242 if (ntries == 100) 1243 return (ETIMEDOUT); 1244 1245 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1246 *val = 0xffff; /* address not found */ 1247 return (0); 1248 } 1249 /* determine to which 32-bit register our 16-bit word belongs */ 1250 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1251 if ((error = run_read(sc, reg, &tmp)) != 0) 1252 return (error); 1253 1254 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1255 return (0); 1256 } 1257 1258 static int 1259 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1260 { 1261 usb_device_request_t req; 1262 uint16_t tmp; 1263 int error; 1264 1265 addr *= 2; 1266 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1267 req.bRequest = RT2870_EEPROM_READ; 1268 USETW(req.wValue, 0); 1269 USETW(req.wIndex, addr); 1270 USETW(req.wLength, sizeof tmp); 1271 1272 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1273 if (error == 0) 1274 *val = le16toh(tmp); 1275 else 1276 *val = 0xffff; 1277 return (error); 1278 } 1279 1280 static __inline int 1281 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1282 { 1283 /* either eFUSE ROM or EEPROM */ 1284 return sc->sc_srom_read(sc, addr, val); 1285 } 1286 1287 static int 1288 run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val) 1289 { 1290 uint32_t tmp; 1291 int error, ntries; 1292 1293 for (ntries = 0; ntries < 10; ntries++) { 1294 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1295 return (error); 1296 if (!(tmp & RT2860_RF_REG_CTRL)) 1297 break; 1298 } 1299 if (ntries == 10) 1300 return (ETIMEDOUT); 1301 1302 /* RF registers are 24-bit on the RT2860 */ 1303 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 1304 (val & 0x3fffff) << 2 | (reg & 3); 1305 return (run_write(sc, RT2860_RF_CSR_CFG0, tmp)); 1306 } 1307 1308 static int 1309 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1310 { 1311 uint32_t tmp; 1312 int error, ntries; 1313 1314 for (ntries = 0; ntries < 100; ntries++) { 1315 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1316 return (error); 1317 if (!(tmp & RT3070_RF_KICK)) 1318 break; 1319 } 1320 if (ntries == 100) 1321 return (ETIMEDOUT); 1322 1323 tmp = RT3070_RF_KICK | reg << 8; 1324 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1325 return (error); 1326 1327 for (ntries = 0; ntries < 100; ntries++) { 1328 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1329 return (error); 1330 if (!(tmp & RT3070_RF_KICK)) 1331 break; 1332 } 1333 if (ntries == 100) 1334 return (ETIMEDOUT); 1335 1336 *val = tmp & 0xff; 1337 return (0); 1338 } 1339 1340 static int 1341 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1342 { 1343 uint32_t tmp; 1344 int error, ntries; 1345 1346 for (ntries = 0; ntries < 10; ntries++) { 1347 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1348 return (error); 1349 if (!(tmp & RT3070_RF_KICK)) 1350 break; 1351 } 1352 if (ntries == 10) 1353 return (ETIMEDOUT); 1354 1355 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1356 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1357 } 1358 1359 static int 1360 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1361 { 1362 uint32_t tmp; 1363 int ntries, error; 1364 1365 for (ntries = 0; ntries < 10; ntries++) { 1366 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1367 return (error); 1368 if (!(tmp & RT2860_BBP_CSR_KICK)) 1369 break; 1370 } 1371 if (ntries == 10) 1372 return (ETIMEDOUT); 1373 1374 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1375 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1376 return (error); 1377 1378 for (ntries = 0; ntries < 10; ntries++) { 1379 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1380 return (error); 1381 if (!(tmp & RT2860_BBP_CSR_KICK)) 1382 break; 1383 } 1384 if (ntries == 10) 1385 return (ETIMEDOUT); 1386 1387 *val = tmp & 0xff; 1388 return (0); 1389 } 1390 1391 static int 1392 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1393 { 1394 uint32_t tmp; 1395 int ntries, error; 1396 1397 for (ntries = 0; ntries < 10; ntries++) { 1398 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1399 return (error); 1400 if (!(tmp & RT2860_BBP_CSR_KICK)) 1401 break; 1402 } 1403 if (ntries == 10) 1404 return (ETIMEDOUT); 1405 1406 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1407 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1408 } 1409 1410 /* 1411 * Send a command to the 8051 microcontroller unit. 1412 */ 1413 static int 1414 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1415 { 1416 uint32_t tmp; 1417 int error, ntries; 1418 1419 for (ntries = 0; ntries < 100; ntries++) { 1420 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1421 return error; 1422 if (!(tmp & RT2860_H2M_BUSY)) 1423 break; 1424 } 1425 if (ntries == 100) 1426 return ETIMEDOUT; 1427 1428 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1429 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1430 error = run_write(sc, RT2860_HOST_CMD, cmd); 1431 return (error); 1432 } 1433 1434 /* 1435 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1436 * Used to adjust per-rate Tx power registers. 1437 */ 1438 static __inline uint32_t 1439 b4inc(uint32_t b32, int8_t delta) 1440 { 1441 int8_t i, b4; 1442 1443 for (i = 0; i < 8; i++) { 1444 b4 = b32 & 0xf; 1445 b4 += delta; 1446 if (b4 < 0) 1447 b4 = 0; 1448 else if (b4 > 0xf) 1449 b4 = 0xf; 1450 b32 = b32 >> 4 | b4 << 28; 1451 } 1452 return (b32); 1453 } 1454 1455 static const char * 1456 run_get_rf(int rev) 1457 { 1458 switch (rev) { 1459 case RT2860_RF_2820: return "RT2820"; 1460 case RT2860_RF_2850: return "RT2850"; 1461 case RT2860_RF_2720: return "RT2720"; 1462 case RT2860_RF_2750: return "RT2750"; 1463 case RT3070_RF_3020: return "RT3020"; 1464 case RT3070_RF_2020: return "RT2020"; 1465 case RT3070_RF_3021: return "RT3021"; 1466 case RT3070_RF_3022: return "RT3022"; 1467 case RT3070_RF_3052: return "RT3052"; 1468 } 1469 return ("unknown"); 1470 } 1471 1472 int 1473 run_read_eeprom(struct run_softc *sc) 1474 { 1475 int8_t delta_2ghz, delta_5ghz; 1476 uint32_t tmp; 1477 uint16_t val; 1478 int ridx, ant, i; 1479 1480 /* check whether the ROM is eFUSE ROM or EEPROM */ 1481 sc->sc_srom_read = run_eeprom_read_2; 1482 if (sc->mac_ver >= 0x3070) { 1483 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1484 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1485 if (tmp & RT3070_SEL_EFUSE) 1486 sc->sc_srom_read = run_efuse_read_2; 1487 } 1488 1489 /* read ROM version */ 1490 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1491 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1492 1493 /* read MAC address */ 1494 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1495 sc->sc_bssid[0] = val & 0xff; 1496 sc->sc_bssid[1] = val >> 8; 1497 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1498 sc->sc_bssid[2] = val & 0xff; 1499 sc->sc_bssid[3] = val >> 8; 1500 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1501 sc->sc_bssid[4] = val & 0xff; 1502 sc->sc_bssid[5] = val >> 8; 1503 1504 /* read vender BBP settings */ 1505 for (i = 0; i < 10; i++) { 1506 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1507 sc->bbp[i].val = val & 0xff; 1508 sc->bbp[i].reg = val >> 8; 1509 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1510 } 1511 if (sc->mac_ver >= 0x3071) { 1512 /* read vendor RF settings */ 1513 for (i = 0; i < 10; i++) { 1514 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val); 1515 sc->rf[i].val = val & 0xff; 1516 sc->rf[i].reg = val >> 8; 1517 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1518 sc->rf[i].val); 1519 } 1520 } 1521 1522 /* read RF frequency offset from EEPROM */ 1523 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1524 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1525 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1526 1527 if (val >> 8 != 0xff) { 1528 /* read LEDs operating mode */ 1529 sc->leds = val >> 8; 1530 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1531 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1532 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1533 } else { 1534 /* broken EEPROM, use default settings */ 1535 sc->leds = 0x01; 1536 sc->led[0] = 0x5555; 1537 sc->led[1] = 0x2221; 1538 sc->led[2] = 0x5627; /* differs from RT2860 */ 1539 } 1540 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1541 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1542 1543 /* read RF information */ 1544 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1545 if (val == 0xffff) { 1546 DPRINTF("invalid EEPROM antenna info, using default\n"); 1547 if (sc->mac_ver == 0x3572) { 1548 /* default to RF3052 2T2R */ 1549 sc->rf_rev = RT3070_RF_3052; 1550 sc->ntxchains = 2; 1551 sc->nrxchains = 2; 1552 } else if (sc->mac_ver >= 0x3070) { 1553 /* default to RF3020 1T1R */ 1554 sc->rf_rev = RT3070_RF_3020; 1555 sc->ntxchains = 1; 1556 sc->nrxchains = 1; 1557 } else { 1558 /* default to RF2820 1T2R */ 1559 sc->rf_rev = RT2860_RF_2820; 1560 sc->ntxchains = 1; 1561 sc->nrxchains = 2; 1562 } 1563 } else { 1564 sc->rf_rev = (val >> 8) & 0xf; 1565 sc->ntxchains = (val >> 4) & 0xf; 1566 sc->nrxchains = val & 0xf; 1567 } 1568 DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1569 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1570 1571 /* check if RF supports automatic Tx access gain control */ 1572 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1573 DPRINTF("EEPROM CFG 0x%04x\n", val); 1574 /* check if driver should patch the DAC issue */ 1575 if ((val >> 8) != 0xff) 1576 sc->patch_dac = (val >> 15) & 1; 1577 if ((val & 0xff) != 0xff) { 1578 sc->ext_5ghz_lna = (val >> 3) & 1; 1579 sc->ext_2ghz_lna = (val >> 2) & 1; 1580 /* check if RF supports automatic Tx access gain control */ 1581 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1582 /* check if we have a hardware radio switch */ 1583 sc->rfswitch = val & 1; 1584 } 1585 1586 /* read power settings for 2GHz channels */ 1587 for (i = 0; i < 14; i += 2) { 1588 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1589 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1590 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1591 1592 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1593 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1594 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1595 } 1596 /* fix broken Tx power entries */ 1597 for (i = 0; i < 14; i++) { 1598 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1599 sc->txpow1[i] = 5; 1600 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1601 sc->txpow2[i] = 5; 1602 DPRINTF("chan %d: power1=%d, power2=%d\n", 1603 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1604 } 1605 /* read power settings for 5GHz channels */ 1606 for (i = 0; i < 40; i += 2) { 1607 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1608 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1609 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1610 1611 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1612 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1613 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1614 } 1615 /* fix broken Tx power entries */ 1616 for (i = 0; i < 40; i++) { 1617 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1618 sc->txpow1[14 + i] = 5; 1619 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1620 sc->txpow2[14 + i] = 5; 1621 DPRINTF("chan %d: power1=%d, power2=%d\n", 1622 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1623 sc->txpow2[14 + i]); 1624 } 1625 1626 /* read Tx power compensation for each Tx rate */ 1627 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1628 delta_2ghz = delta_5ghz = 0; 1629 if ((val & 0xff) != 0xff && (val & 0x80)) { 1630 delta_2ghz = val & 0xf; 1631 if (!(val & 0x40)) /* negative number */ 1632 delta_2ghz = -delta_2ghz; 1633 } 1634 val >>= 8; 1635 if ((val & 0xff) != 0xff && (val & 0x80)) { 1636 delta_5ghz = val & 0xf; 1637 if (!(val & 0x40)) /* negative number */ 1638 delta_5ghz = -delta_5ghz; 1639 } 1640 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1641 delta_2ghz, delta_5ghz); 1642 1643 for (ridx = 0; ridx < 5; ridx++) { 1644 uint32_t reg; 1645 1646 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1647 reg = val; 1648 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1649 reg |= (uint32_t)val << 16; 1650 1651 sc->txpow20mhz[ridx] = reg; 1652 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1653 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1654 1655 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1656 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1657 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1658 } 1659 1660 /* read RSSI offsets and LNA gains from EEPROM */ 1661 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1662 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1663 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1664 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1665 if (sc->mac_ver >= 0x3070) { 1666 /* 1667 * On RT3070 chips (limited to 2 Rx chains), this ROM 1668 * field contains the Tx mixer gain for the 2GHz band. 1669 */ 1670 if ((val & 0xff) != 0xff) 1671 sc->txmixgain_2ghz = val & 0x7; 1672 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1673 } else 1674 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1675 sc->lna[2] = val >> 8; /* channel group 2 */ 1676 1677 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1678 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1679 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1680 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1681 if (sc->mac_ver == 0x3572) { 1682 /* 1683 * On RT3572 chips (limited to 2 Rx chains), this ROM 1684 * field contains the Tx mixer gain for the 5GHz band. 1685 */ 1686 if ((val & 0xff) != 0xff) 1687 sc->txmixgain_5ghz = val & 0x7; 1688 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1689 } else 1690 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1691 sc->lna[3] = val >> 8; /* channel group 3 */ 1692 1693 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1694 sc->lna[0] = val & 0xff; /* channel group 0 */ 1695 sc->lna[1] = val >> 8; /* channel group 1 */ 1696 1697 /* fix broken 5GHz LNA entries */ 1698 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1699 DPRINTF("invalid LNA for channel group %d\n", 2); 1700 sc->lna[2] = sc->lna[1]; 1701 } 1702 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1703 DPRINTF("invalid LNA for channel group %d\n", 3); 1704 sc->lna[3] = sc->lna[1]; 1705 } 1706 1707 /* fix broken RSSI offset entries */ 1708 for (ant = 0; ant < 3; ant++) { 1709 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1710 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1711 ant + 1, sc->rssi_2ghz[ant]); 1712 sc->rssi_2ghz[ant] = 0; 1713 } 1714 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1715 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1716 ant + 1, sc->rssi_5ghz[ant]); 1717 sc->rssi_5ghz[ant] = 0; 1718 } 1719 } 1720 return (0); 1721 } 1722 1723 static struct ieee80211_node * 1724 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1725 { 1726 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1727 } 1728 1729 static int 1730 run_media_change(struct ifnet *ifp) 1731 { 1732 struct ieee80211vap *vap = ifp->if_softc; 1733 struct ieee80211com *ic = vap->iv_ic; 1734 const struct ieee80211_txparam *tp; 1735 struct run_softc *sc = ic->ic_ifp->if_softc; 1736 uint8_t rate, ridx; 1737 int error; 1738 1739 RUN_LOCK(sc); 1740 1741 error = ieee80211_media_change(ifp); 1742 if (error != ENETRESET) { 1743 RUN_UNLOCK(sc); 1744 return (error); 1745 } 1746 1747 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1748 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1749 struct ieee80211_node *ni; 1750 struct run_node *rn; 1751 1752 rate = ic->ic_sup_rates[ic->ic_curmode]. 1753 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1754 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1755 if (rt2860_rates[ridx].rate == rate) 1756 break; 1757 ni = ieee80211_ref_node(vap->iv_bss); 1758 rn = (struct run_node *)ni; 1759 rn->fix_ridx = ridx; 1760 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1761 ieee80211_free_node(ni); 1762 } 1763 1764 #if 0 1765 if ((ifp->if_flags & IFF_UP) && 1766 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1767 run_init_locked(sc); 1768 } 1769 #endif 1770 1771 RUN_UNLOCK(sc); 1772 1773 return (0); 1774 } 1775 1776 static int 1777 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1778 { 1779 const struct ieee80211_txparam *tp; 1780 struct ieee80211com *ic = vap->iv_ic; 1781 struct run_softc *sc = ic->ic_ifp->if_softc; 1782 struct run_vap *rvp = RUN_VAP(vap); 1783 enum ieee80211_state ostate; 1784 uint32_t sta[3]; 1785 uint32_t tmp; 1786 uint8_t ratectl; 1787 uint8_t restart_ratectl = 0; 1788 uint8_t bid = 1 << rvp->rvp_id; 1789 1790 ostate = vap->iv_state; 1791 DPRINTF("%s -> %s\n", 1792 ieee80211_state_name[ostate], 1793 ieee80211_state_name[nstate]); 1794 1795 IEEE80211_UNLOCK(ic); 1796 RUN_LOCK(sc); 1797 1798 ratectl = sc->ratectl_run; /* remember current state */ 1799 sc->ratectl_run = RUN_RATECTL_OFF; 1800 usb_callout_stop(&sc->ratectl_ch); 1801 1802 if (ostate == IEEE80211_S_RUN) { 1803 /* turn link LED off */ 1804 run_set_leds(sc, RT2860_LED_RADIO); 1805 } 1806 1807 switch (nstate) { 1808 case IEEE80211_S_INIT: 1809 restart_ratectl = 1; 1810 1811 if (ostate != IEEE80211_S_RUN) 1812 break; 1813 1814 ratectl &= ~bid; 1815 sc->runbmap &= ~bid; 1816 1817 /* abort TSF synchronization if there is no vap running */ 1818 if (--sc->running == 0) { 1819 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1820 run_write(sc, RT2860_BCN_TIME_CFG, 1821 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1822 RT2860_TBTT_TIMER_EN)); 1823 } 1824 break; 1825 1826 case IEEE80211_S_RUN: 1827 if (!(sc->runbmap & bid)) { 1828 if(sc->running++) 1829 restart_ratectl = 1; 1830 sc->runbmap |= bid; 1831 } 1832 1833 m_freem(rvp->beacon_mbuf); 1834 rvp->beacon_mbuf = NULL; 1835 1836 switch (vap->iv_opmode) { 1837 case IEEE80211_M_HOSTAP: 1838 case IEEE80211_M_MBSS: 1839 sc->ap_running |= bid; 1840 ic->ic_opmode = vap->iv_opmode; 1841 run_update_beacon_cb(vap); 1842 break; 1843 case IEEE80211_M_IBSS: 1844 sc->adhoc_running |= bid; 1845 if (!sc->ap_running) 1846 ic->ic_opmode = vap->iv_opmode; 1847 run_update_beacon_cb(vap); 1848 break; 1849 case IEEE80211_M_STA: 1850 sc->sta_running |= bid; 1851 if (!sc->ap_running && !sc->adhoc_running) 1852 ic->ic_opmode = vap->iv_opmode; 1853 1854 /* read statistic counters (clear on read) */ 1855 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1856 (uint8_t *)sta, sizeof sta); 1857 1858 break; 1859 default: 1860 ic->ic_opmode = vap->iv_opmode; 1861 break; 1862 } 1863 1864 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1865 struct ieee80211_node *ni; 1866 1867 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 1868 RUN_UNLOCK(sc); 1869 IEEE80211_LOCK(ic); 1870 return (-1); 1871 } 1872 run_updateslot(ic->ic_ifp); 1873 run_enable_mrr(sc); 1874 run_set_txpreamble(sc); 1875 run_set_basicrates(sc); 1876 ni = ieee80211_ref_node(vap->iv_bss); 1877 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1878 run_set_bssid(sc, ni->ni_bssid); 1879 ieee80211_free_node(ni); 1880 run_enable_tsf_sync(sc); 1881 1882 /* enable automatic rate adaptation */ 1883 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1884 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1885 ratectl |= bid; 1886 } 1887 1888 /* turn link LED on */ 1889 run_set_leds(sc, RT2860_LED_RADIO | 1890 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1891 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1892 1893 break; 1894 default: 1895 DPRINTFN(6, "undefined case\n"); 1896 break; 1897 } 1898 1899 /* restart amrr for running VAPs */ 1900 if ((sc->ratectl_run = ratectl) && restart_ratectl) 1901 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 1902 1903 RUN_UNLOCK(sc); 1904 IEEE80211_LOCK(ic); 1905 1906 return(rvp->newstate(vap, nstate, arg)); 1907 } 1908 1909 /* ARGSUSED */ 1910 static void 1911 run_wme_update_cb(void *arg) 1912 { 1913 struct ieee80211com *ic = arg; 1914 struct run_softc *sc = ic->ic_ifp->if_softc; 1915 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 1916 int aci, error = 0; 1917 1918 RUN_LOCK_ASSERT(sc, MA_OWNED); 1919 1920 /* update MAC TX configuration registers */ 1921 for (aci = 0; aci < WME_NUM_AC; aci++) { 1922 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 1923 wmesp->wme_params[aci].wmep_logcwmax << 16 | 1924 wmesp->wme_params[aci].wmep_logcwmin << 12 | 1925 wmesp->wme_params[aci].wmep_aifsn << 8 | 1926 wmesp->wme_params[aci].wmep_txopLimit); 1927 if (error) goto err; 1928 } 1929 1930 /* update SCH/DMA registers too */ 1931 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 1932 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 1933 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 1934 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 1935 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 1936 if (error) goto err; 1937 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 1938 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 1939 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 1940 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 1941 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 1942 if (error) goto err; 1943 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 1944 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 1945 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 1946 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 1947 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 1948 if (error) goto err; 1949 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 1950 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 1951 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 1952 if (error) goto err; 1953 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 1954 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 1955 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 1956 1957 err: 1958 if (error) 1959 DPRINTF("WME update failed\n"); 1960 1961 return; 1962 } 1963 1964 static int 1965 run_wme_update(struct ieee80211com *ic) 1966 { 1967 struct run_softc *sc = ic->ic_ifp->if_softc; 1968 1969 /* sometime called wothout lock */ 1970 if (mtx_owned(&ic->ic_comlock.mtx)) { 1971 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 1972 DPRINTF("cmdq_store=%d\n", i); 1973 sc->cmdq[i].func = run_wme_update_cb; 1974 sc->cmdq[i].arg0 = ic; 1975 ieee80211_runtask(ic, &sc->cmdq_task); 1976 return (0); 1977 } 1978 1979 RUN_LOCK(sc); 1980 run_wme_update_cb(ic); 1981 RUN_UNLOCK(sc); 1982 1983 /* return whatever, upper layer desn't care anyway */ 1984 return (0); 1985 } 1986 1987 static void 1988 run_key_update_begin(struct ieee80211vap *vap) 1989 { 1990 /* 1991 * To avoid out-of-order events, both run_key_set() and 1992 * _delete() are deferred and handled by run_cmdq_cb(). 1993 * So, there is nothing we need to do here. 1994 */ 1995 } 1996 1997 static void 1998 run_key_update_end(struct ieee80211vap *vap) 1999 { 2000 /* null */ 2001 } 2002 2003 static void 2004 run_key_set_cb(void *arg) 2005 { 2006 struct run_cmdq *cmdq = arg; 2007 struct ieee80211vap *vap = cmdq->arg1; 2008 struct ieee80211_key *k = cmdq->k; 2009 struct ieee80211com *ic = vap->iv_ic; 2010 struct run_softc *sc = ic->ic_ifp->if_softc; 2011 struct ieee80211_node *ni; 2012 uint32_t attr; 2013 uint16_t base, associd; 2014 uint8_t mode, wcid, iv[8]; 2015 2016 RUN_LOCK_ASSERT(sc, MA_OWNED); 2017 2018 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2019 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2020 else 2021 ni = vap->iv_bss; 2022 associd = (ni != NULL) ? ni->ni_associd : 0; 2023 2024 /* map net80211 cipher to RT2860 security mode */ 2025 switch (k->wk_cipher->ic_cipher) { 2026 case IEEE80211_CIPHER_WEP: 2027 if(k->wk_keylen < 8) 2028 mode = RT2860_MODE_WEP40; 2029 else 2030 mode = RT2860_MODE_WEP104; 2031 break; 2032 case IEEE80211_CIPHER_TKIP: 2033 mode = RT2860_MODE_TKIP; 2034 break; 2035 case IEEE80211_CIPHER_AES_CCM: 2036 mode = RT2860_MODE_AES_CCMP; 2037 break; 2038 default: 2039 DPRINTF("undefined case\n"); 2040 return; 2041 } 2042 2043 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2044 associd, k->wk_keyix, mode, 2045 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2046 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2047 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2048 2049 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2050 wcid = 0; /* NB: update WCID0 for group keys */ 2051 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2052 } else { 2053 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2054 1 : RUN_AID2WCID(associd); 2055 base = RT2860_PKEY(wcid); 2056 } 2057 2058 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2059 if(run_write_region_1(sc, base, k->wk_key, 16)) 2060 return; 2061 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2062 return; 2063 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2064 return; 2065 } else { 2066 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2067 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2068 return; 2069 } 2070 2071 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2072 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2073 /* set initial packet number in IV+EIV */ 2074 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2075 memset(iv, 0, sizeof iv); 2076 iv[3] = vap->iv_def_txkey << 6; 2077 } else { 2078 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2079 iv[0] = k->wk_keytsc >> 8; 2080 iv[1] = (iv[0] | 0x20) & 0x7f; 2081 iv[2] = k->wk_keytsc; 2082 } else /* CCMP */ { 2083 iv[0] = k->wk_keytsc; 2084 iv[1] = k->wk_keytsc >> 8; 2085 iv[2] = 0; 2086 } 2087 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2088 iv[4] = k->wk_keytsc >> 16; 2089 iv[5] = k->wk_keytsc >> 24; 2090 iv[6] = k->wk_keytsc >> 32; 2091 iv[7] = k->wk_keytsc >> 40; 2092 } 2093 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2094 return; 2095 } 2096 2097 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2098 /* install group key */ 2099 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2100 return; 2101 attr &= ~(0xf << (k->wk_keyix * 4)); 2102 attr |= mode << (k->wk_keyix * 4); 2103 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2104 return; 2105 } else { 2106 /* install pairwise key */ 2107 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2108 return; 2109 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2110 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2111 return; 2112 } 2113 2114 /* TODO create a pass-thru key entry? */ 2115 2116 /* need wcid to delete the right key later */ 2117 k->wk_pad = wcid; 2118 } 2119 2120 /* 2121 * Don't have to be deferred, but in order to keep order of 2122 * execution, i.e. with run_key_delete(), defer this and let 2123 * run_cmdq_cb() maintain the order. 2124 * 2125 * return 0 on error 2126 */ 2127 static int 2128 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2129 const uint8_t mac[IEEE80211_ADDR_LEN]) 2130 { 2131 struct ieee80211com *ic = vap->iv_ic; 2132 struct run_softc *sc = ic->ic_ifp->if_softc; 2133 uint32_t i; 2134 2135 i = RUN_CMDQ_GET(&sc->cmdq_store); 2136 DPRINTF("cmdq_store=%d\n", i); 2137 sc->cmdq[i].func = run_key_set_cb; 2138 sc->cmdq[i].arg0 = NULL; 2139 sc->cmdq[i].arg1 = vap; 2140 sc->cmdq[i].k = k; 2141 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2142 ieee80211_runtask(ic, &sc->cmdq_task); 2143 2144 /* 2145 * To make sure key will be set when hostapd 2146 * calls iv_key_set() before if_init(). 2147 */ 2148 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2149 RUN_LOCK(sc); 2150 sc->cmdq_key_set = RUN_CMDQ_GO; 2151 RUN_UNLOCK(sc); 2152 } 2153 2154 return (1); 2155 } 2156 2157 /* 2158 * If wlan is destroyed without being brought down i.e. without 2159 * wlan down or wpa_cli terminate, this function is called after 2160 * vap is gone. Don't refer it. 2161 */ 2162 static void 2163 run_key_delete_cb(void *arg) 2164 { 2165 struct run_cmdq *cmdq = arg; 2166 struct run_softc *sc = cmdq->arg1; 2167 struct ieee80211_key *k = &cmdq->key; 2168 uint32_t attr; 2169 uint8_t wcid; 2170 2171 RUN_LOCK_ASSERT(sc, MA_OWNED); 2172 2173 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2174 /* remove group key */ 2175 DPRINTF("removing group key\n"); 2176 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2177 attr &= ~(0xf << (k->wk_keyix * 4)); 2178 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2179 } else { 2180 /* remove pairwise key */ 2181 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2182 /* matching wcid was written to wk_pad in run_key_set() */ 2183 wcid = k->wk_pad; 2184 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2185 attr &= ~0xf; 2186 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2187 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2188 } 2189 2190 k->wk_pad = 0; 2191 } 2192 2193 /* 2194 * return 0 on error 2195 */ 2196 static int 2197 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2198 { 2199 struct ieee80211com *ic = vap->iv_ic; 2200 struct run_softc *sc = ic->ic_ifp->if_softc; 2201 struct ieee80211_key *k0; 2202 uint32_t i; 2203 2204 /* 2205 * When called back, key might be gone. So, make a copy 2206 * of some values need to delete keys before deferring. 2207 * But, because of LOR with node lock, cannot use lock here. 2208 * So, use atomic instead. 2209 */ 2210 i = RUN_CMDQ_GET(&sc->cmdq_store); 2211 DPRINTF("cmdq_store=%d\n", i); 2212 sc->cmdq[i].func = run_key_delete_cb; 2213 sc->cmdq[i].arg0 = NULL; 2214 sc->cmdq[i].arg1 = sc; 2215 k0 = &sc->cmdq[i].key; 2216 k0->wk_flags = k->wk_flags; 2217 k0->wk_keyix = k->wk_keyix; 2218 /* matching wcid was written to wk_pad in run_key_set() */ 2219 k0->wk_pad = k->wk_pad; 2220 ieee80211_runtask(ic, &sc->cmdq_task); 2221 return (1); /* return fake success */ 2222 2223 } 2224 2225 static void 2226 run_ratectl_to(void *arg) 2227 { 2228 struct run_softc *sc = arg; 2229 2230 /* do it in a process context, so it can go sleep */ 2231 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2232 /* next timeout will be rescheduled in the callback task */ 2233 } 2234 2235 /* ARGSUSED */ 2236 static void 2237 run_ratectl_cb(void *arg, int pending) 2238 { 2239 struct run_softc *sc = arg; 2240 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2241 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2242 2243 if (vap == NULL) 2244 return; 2245 2246 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2247 run_iter_func(sc, vap->iv_bss); 2248 else { 2249 /* 2250 * run_reset_livelock() doesn't do anything with AMRR, 2251 * but Ralink wants us to call it every 1 sec. So, we 2252 * piggyback here rather than creating another callout. 2253 * Livelock may occur only in HOSTAP or IBSS mode 2254 * (when h/w is sending beacons). 2255 */ 2256 RUN_LOCK(sc); 2257 run_reset_livelock(sc); 2258 /* just in case, there are some stats to drain */ 2259 run_drain_fifo(sc); 2260 RUN_UNLOCK(sc); 2261 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2262 } 2263 2264 RUN_LOCK(sc); 2265 if(sc->ratectl_run != RUN_RATECTL_OFF) 2266 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2267 RUN_UNLOCK(sc); 2268 } 2269 2270 static void 2271 run_drain_fifo(void *arg) 2272 { 2273 struct run_softc *sc = arg; 2274 struct ifnet *ifp = sc->sc_ifp; 2275 uint32_t stat; 2276 uint16_t (*wstat)[3]; 2277 uint8_t wcid, mcs, pid; 2278 int8_t retry; 2279 2280 RUN_LOCK_ASSERT(sc, MA_OWNED); 2281 2282 for (;;) { 2283 /* drain Tx status FIFO (maxsize = 16) */ 2284 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2285 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2286 if (!(stat & RT2860_TXQ_VLD)) 2287 break; 2288 2289 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2290 2291 /* if no ACK was requested, no feedback is available */ 2292 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2293 wcid == 0) 2294 continue; 2295 2296 /* 2297 * Even though each stat is Tx-complete-status like format, 2298 * the device can poll stats. Because there is no guarantee 2299 * that the referring node is still around when read the stats. 2300 * So that, if we use ieee80211_ratectl_tx_update(), we will 2301 * have hard time not to refer already freed node. 2302 * 2303 * To eliminate such page faults, we poll stats in softc. 2304 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2305 */ 2306 wstat = &(sc->wcid_stats[wcid]); 2307 (*wstat)[RUN_TXCNT]++; 2308 if (stat & RT2860_TXQ_OK) 2309 (*wstat)[RUN_SUCCESS]++; 2310 else 2311 ifp->if_oerrors++; 2312 /* 2313 * Check if there were retries, ie if the Tx success rate is 2314 * different from the requested rate. Note that it works only 2315 * because we do not allow rate fallback from OFDM to CCK. 2316 */ 2317 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2318 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2319 if ((retry = pid -1 - mcs) > 0) { 2320 (*wstat)[RUN_TXCNT] += retry; 2321 (*wstat)[RUN_RETRY] += retry; 2322 } 2323 } 2324 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2325 2326 sc->fifo_cnt = 0; 2327 } 2328 2329 static void 2330 run_iter_func(void *arg, struct ieee80211_node *ni) 2331 { 2332 struct run_softc *sc = arg; 2333 struct ieee80211vap *vap = ni->ni_vap; 2334 struct ieee80211com *ic = ni->ni_ic; 2335 struct ifnet *ifp = ic->ic_ifp; 2336 struct run_node *rn = (void *)ni; 2337 union run_stats sta[2]; 2338 uint16_t (*wstat)[3]; 2339 int txcnt, success, retrycnt, error; 2340 2341 RUN_LOCK(sc); 2342 2343 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2344 vap->iv_opmode == IEEE80211_M_STA)) { 2345 /* read statistic counters (clear on read) and update AMRR state */ 2346 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2347 sizeof sta); 2348 if (error != 0) 2349 goto fail; 2350 2351 /* count failed TX as errors */ 2352 ifp->if_oerrors += le16toh(sta[0].error.fail); 2353 2354 retrycnt = le16toh(sta[1].tx.retry); 2355 success = le16toh(sta[1].tx.success); 2356 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2357 2358 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2359 retrycnt, success, le16toh(sta[0].error.fail)); 2360 } else { 2361 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2362 2363 if (wstat == &(sc->wcid_stats[0]) || 2364 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2365 goto fail; 2366 2367 txcnt = (*wstat)[RUN_TXCNT]; 2368 success = (*wstat)[RUN_SUCCESS]; 2369 retrycnt = (*wstat)[RUN_RETRY]; 2370 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2371 retrycnt, txcnt, success); 2372 2373 memset(wstat, 0, sizeof(*wstat)); 2374 } 2375 2376 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2377 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2378 2379 fail: 2380 RUN_UNLOCK(sc); 2381 2382 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2383 } 2384 2385 static void 2386 run_newassoc_cb(void *arg) 2387 { 2388 struct run_cmdq *cmdq = arg; 2389 struct ieee80211_node *ni = cmdq->arg1; 2390 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2391 uint8_t wcid = cmdq->wcid; 2392 2393 RUN_LOCK_ASSERT(sc, MA_OWNED); 2394 2395 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2396 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2397 2398 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2399 } 2400 2401 static void 2402 run_newassoc(struct ieee80211_node *ni, int isnew) 2403 { 2404 struct run_node *rn = (void *)ni; 2405 struct ieee80211_rateset *rs = &ni->ni_rates; 2406 struct ieee80211vap *vap = ni->ni_vap; 2407 struct ieee80211com *ic = vap->iv_ic; 2408 struct run_softc *sc = ic->ic_ifp->if_softc; 2409 uint8_t rate; 2410 uint8_t ridx; 2411 uint8_t wcid; 2412 int i, j; 2413 2414 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2415 1 : RUN_AID2WCID(ni->ni_associd); 2416 2417 if (wcid > RT2870_WCID_MAX) { 2418 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2419 return; 2420 } 2421 2422 /* only interested in true associations */ 2423 if (isnew && ni->ni_associd != 0) { 2424 2425 /* 2426 * This function could is called though timeout function. 2427 * Need to defer. 2428 */ 2429 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2430 DPRINTF("cmdq_store=%d\n", cnt); 2431 sc->cmdq[cnt].func = run_newassoc_cb; 2432 sc->cmdq[cnt].arg0 = NULL; 2433 sc->cmdq[cnt].arg1 = ni; 2434 sc->cmdq[cnt].wcid = wcid; 2435 ieee80211_runtask(ic, &sc->cmdq_task); 2436 } 2437 2438 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2439 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2440 2441 for (i = 0; i < rs->rs_nrates; i++) { 2442 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2443 /* convert 802.11 rate to hardware rate index */ 2444 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2445 if (rt2860_rates[ridx].rate == rate) 2446 break; 2447 rn->ridx[i] = ridx; 2448 /* determine rate of control response frames */ 2449 for (j = i; j >= 0; j--) { 2450 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2451 rt2860_rates[rn->ridx[i]].phy == 2452 rt2860_rates[rn->ridx[j]].phy) 2453 break; 2454 } 2455 if (j >= 0) { 2456 rn->ctl_ridx[i] = rn->ridx[j]; 2457 } else { 2458 /* no basic rate found, use mandatory one */ 2459 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2460 } 2461 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2462 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2463 } 2464 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2465 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2466 if (rt2860_rates[ridx].rate == rate) 2467 break; 2468 rn->mgt_ridx = ridx; 2469 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2470 2471 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2472 } 2473 2474 /* 2475 * Return the Rx chain with the highest RSSI for a given frame. 2476 */ 2477 static __inline uint8_t 2478 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2479 { 2480 uint8_t rxchain = 0; 2481 2482 if (sc->nrxchains > 1) { 2483 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2484 rxchain = 1; 2485 if (sc->nrxchains > 2) 2486 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2487 rxchain = 2; 2488 } 2489 return (rxchain); 2490 } 2491 2492 static void 2493 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2494 { 2495 struct ifnet *ifp = sc->sc_ifp; 2496 struct ieee80211com *ic = ifp->if_l2com; 2497 struct ieee80211_frame *wh; 2498 struct ieee80211_node *ni; 2499 struct rt2870_rxd *rxd; 2500 struct rt2860_rxwi *rxwi; 2501 uint32_t flags; 2502 uint16_t len, phy; 2503 uint8_t ant, rssi; 2504 int8_t nf; 2505 2506 rxwi = mtod(m, struct rt2860_rxwi *); 2507 len = le16toh(rxwi->len) & 0xfff; 2508 if (__predict_false(len > dmalen)) { 2509 m_freem(m); 2510 ifp->if_ierrors++; 2511 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2512 return; 2513 } 2514 /* Rx descriptor is located at the end */ 2515 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2516 flags = le32toh(rxd->flags); 2517 2518 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2519 m_freem(m); 2520 ifp->if_ierrors++; 2521 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2522 return; 2523 } 2524 2525 m->m_data += sizeof(struct rt2860_rxwi); 2526 m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi); 2527 2528 wh = mtod(m, struct ieee80211_frame *); 2529 2530 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2531 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2532 m->m_flags |= M_WEP; 2533 } 2534 2535 if (flags & RT2860_RX_L2PAD) { 2536 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2537 len += 2; 2538 } 2539 2540 ni = ieee80211_find_rxnode(ic, 2541 mtod(m, struct ieee80211_frame_min *)); 2542 2543 if (__predict_false(flags & RT2860_RX_MICERR)) { 2544 /* report MIC failures to net80211 for TKIP */ 2545 if (ni != NULL) 2546 ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx); 2547 m_freem(m); 2548 ifp->if_ierrors++; 2549 DPRINTF("MIC error. Someone is lying.\n"); 2550 return; 2551 } 2552 2553 ant = run_maxrssi_chain(sc, rxwi); 2554 rssi = rxwi->rssi[ant]; 2555 nf = run_rssi2dbm(sc, rssi, ant); 2556 2557 m->m_pkthdr.rcvif = ifp; 2558 m->m_pkthdr.len = m->m_len = len; 2559 2560 if (ni != NULL) { 2561 (void)ieee80211_input(ni, m, rssi, nf); 2562 ieee80211_free_node(ni); 2563 } else { 2564 (void)ieee80211_input_all(ic, m, rssi, nf); 2565 } 2566 2567 if (__predict_false(ieee80211_radiotap_active(ic))) { 2568 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2569 2570 tap->wr_flags = 0; 2571 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2572 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2573 tap->wr_antsignal = rssi; 2574 tap->wr_antenna = ant; 2575 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2576 tap->wr_rate = 2; /* in case it can't be found below */ 2577 phy = le16toh(rxwi->phy); 2578 switch (phy & RT2860_PHY_MODE) { 2579 case RT2860_PHY_CCK: 2580 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2581 case 0: tap->wr_rate = 2; break; 2582 case 1: tap->wr_rate = 4; break; 2583 case 2: tap->wr_rate = 11; break; 2584 case 3: tap->wr_rate = 22; break; 2585 } 2586 if (phy & RT2860_PHY_SHPRE) 2587 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2588 break; 2589 case RT2860_PHY_OFDM: 2590 switch (phy & RT2860_PHY_MCS) { 2591 case 0: tap->wr_rate = 12; break; 2592 case 1: tap->wr_rate = 18; break; 2593 case 2: tap->wr_rate = 24; break; 2594 case 3: tap->wr_rate = 36; break; 2595 case 4: tap->wr_rate = 48; break; 2596 case 5: tap->wr_rate = 72; break; 2597 case 6: tap->wr_rate = 96; break; 2598 case 7: tap->wr_rate = 108; break; 2599 } 2600 break; 2601 } 2602 } 2603 } 2604 2605 static void 2606 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2607 { 2608 struct run_softc *sc = usbd_xfer_softc(xfer); 2609 struct ifnet *ifp = sc->sc_ifp; 2610 struct mbuf *m = NULL; 2611 struct mbuf *m0; 2612 uint32_t dmalen; 2613 int xferlen; 2614 2615 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2616 2617 switch (USB_GET_STATE(xfer)) { 2618 case USB_ST_TRANSFERRED: 2619 2620 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2621 2622 if (xferlen < (int)(sizeof(uint32_t) + 2623 sizeof(struct rt2860_rxwi) + sizeof(struct rt2870_rxd))) { 2624 DPRINTF("xfer too short %d\n", xferlen); 2625 goto tr_setup; 2626 } 2627 2628 m = sc->rx_m; 2629 sc->rx_m = NULL; 2630 2631 /* FALLTHROUGH */ 2632 case USB_ST_SETUP: 2633 tr_setup: 2634 if (sc->rx_m == NULL) { 2635 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2636 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2637 } 2638 if (sc->rx_m == NULL) { 2639 DPRINTF("could not allocate mbuf - idle with stall\n"); 2640 ifp->if_ierrors++; 2641 usbd_xfer_set_stall(xfer); 2642 usbd_xfer_set_frames(xfer, 0); 2643 } else { 2644 /* 2645 * Directly loading a mbuf cluster into DMA to 2646 * save some data copying. This works because 2647 * there is only one cluster. 2648 */ 2649 usbd_xfer_set_frame_data(xfer, 0, 2650 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2651 usbd_xfer_set_frames(xfer, 1); 2652 } 2653 usbd_transfer_submit(xfer); 2654 break; 2655 2656 default: /* Error */ 2657 if (error != USB_ERR_CANCELLED) { 2658 /* try to clear stall first */ 2659 usbd_xfer_set_stall(xfer); 2660 2661 if (error == USB_ERR_TIMEOUT) 2662 device_printf(sc->sc_dev, "device timeout\n"); 2663 2664 ifp->if_ierrors++; 2665 2666 goto tr_setup; 2667 } 2668 if (sc->rx_m != NULL) { 2669 m_freem(sc->rx_m); 2670 sc->rx_m = NULL; 2671 } 2672 break; 2673 } 2674 2675 if (m == NULL) 2676 return; 2677 2678 /* inputting all the frames must be last */ 2679 2680 RUN_UNLOCK(sc); 2681 2682 m->m_pkthdr.len = m->m_len = xferlen; 2683 2684 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2685 for(;;) { 2686 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2687 2688 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2689 ((dmalen & 3) != 0)) { 2690 DPRINTF("bad DMA length %u\n", dmalen); 2691 break; 2692 } 2693 if ((dmalen + 8) > (uint32_t)xferlen) { 2694 DPRINTF("bad DMA length %u > %d\n", 2695 dmalen + 8, xferlen); 2696 break; 2697 } 2698 2699 /* If it is the last one or a single frame, we won't copy. */ 2700 if ((xferlen -= dmalen + 8) <= 8) { 2701 /* trim 32-bit DMA-len header */ 2702 m->m_data += 4; 2703 m->m_pkthdr.len = m->m_len -= 4; 2704 run_rx_frame(sc, m, dmalen); 2705 m = NULL; /* don't free source buffer */ 2706 break; 2707 } 2708 2709 /* copy aggregated frames to another mbuf */ 2710 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2711 if (__predict_false(m0 == NULL)) { 2712 DPRINTF("could not allocate mbuf\n"); 2713 ifp->if_ierrors++; 2714 break; 2715 } 2716 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2717 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2718 m0->m_pkthdr.len = m0->m_len = 2719 dmalen + sizeof(struct rt2870_rxd); 2720 run_rx_frame(sc, m0, dmalen); 2721 2722 /* update data ptr */ 2723 m->m_data += dmalen + 8; 2724 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2725 } 2726 2727 /* make sure we free the source buffer, if any */ 2728 m_freem(m); 2729 2730 RUN_LOCK(sc); 2731 } 2732 2733 static void 2734 run_tx_free(struct run_endpoint_queue *pq, 2735 struct run_tx_data *data, int txerr) 2736 { 2737 if (data->m != NULL) { 2738 if (data->m->m_flags & M_TXCB) 2739 ieee80211_process_callback(data->ni, data->m, 2740 txerr ? ETIMEDOUT : 0); 2741 m_freem(data->m); 2742 data->m = NULL; 2743 2744 if (data->ni == NULL) { 2745 DPRINTF("no node\n"); 2746 } else { 2747 ieee80211_free_node(data->ni); 2748 data->ni = NULL; 2749 } 2750 } 2751 2752 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2753 pq->tx_nfree++; 2754 } 2755 2756 static void 2757 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 2758 { 2759 struct run_softc *sc = usbd_xfer_softc(xfer); 2760 struct ifnet *ifp = sc->sc_ifp; 2761 struct ieee80211com *ic = ifp->if_l2com; 2762 struct run_tx_data *data; 2763 struct ieee80211vap *vap = NULL; 2764 struct usb_page_cache *pc; 2765 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2766 struct mbuf *m; 2767 usb_frlength_t size; 2768 int actlen; 2769 int sumlen; 2770 2771 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2772 2773 switch (USB_GET_STATE(xfer)) { 2774 case USB_ST_TRANSFERRED: 2775 DPRINTFN(11, "transfer complete: %d " 2776 "bytes @ index %d\n", actlen, index); 2777 2778 data = usbd_xfer_get_priv(xfer); 2779 2780 run_tx_free(pq, data, 0); 2781 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2782 2783 usbd_xfer_set_priv(xfer, NULL); 2784 2785 ifp->if_opackets++; 2786 2787 /* FALLTHROUGH */ 2788 case USB_ST_SETUP: 2789 tr_setup: 2790 data = STAILQ_FIRST(&pq->tx_qh); 2791 if (data == NULL) 2792 break; 2793 2794 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2795 2796 m = data->m; 2797 if ((m->m_pkthdr.len + 2798 sizeof(data->desc) + 3 + 8) > RUN_MAX_TXSZ) { 2799 DPRINTF("data overflow, %u bytes\n", 2800 m->m_pkthdr.len); 2801 2802 ifp->if_oerrors++; 2803 2804 run_tx_free(pq, data, 1); 2805 2806 goto tr_setup; 2807 } 2808 2809 pc = usbd_xfer_get_frame(xfer, 0); 2810 size = sizeof(data->desc); 2811 usbd_copy_in(pc, 0, &data->desc, size); 2812 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2813 size += m->m_pkthdr.len; 2814 /* 2815 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 2816 * 4-byte padding), and be sure to zero those trailing 2817 * bytes: 2818 */ 2819 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 2820 size += ((-size) & 3) + 8; 2821 2822 vap = data->ni->ni_vap; 2823 if (ieee80211_radiotap_active_vap(vap)) { 2824 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2825 struct rt2860_txwi *txwi = 2826 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2827 2828 tap->wt_flags = 0; 2829 tap->wt_rate = rt2860_rates[data->ridx].rate; 2830 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 2831 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 2832 tap->wt_hwqueue = index; 2833 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2834 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2835 2836 ieee80211_radiotap_tx(vap, m); 2837 } 2838 2839 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 2840 m->m_pkthdr.len, size, index); 2841 2842 usbd_xfer_set_frame_len(xfer, 0, size); 2843 usbd_xfer_set_priv(xfer, data); 2844 2845 usbd_transfer_submit(xfer); 2846 2847 RUN_UNLOCK(sc); 2848 run_start(ifp); 2849 RUN_LOCK(sc); 2850 2851 break; 2852 2853 default: 2854 DPRINTF("USB transfer error, %s\n", 2855 usbd_errstr(error)); 2856 2857 data = usbd_xfer_get_priv(xfer); 2858 2859 ifp->if_oerrors++; 2860 2861 if (data != NULL) { 2862 if(data->ni != NULL) 2863 vap = data->ni->ni_vap; 2864 run_tx_free(pq, data, error); 2865 usbd_xfer_set_priv(xfer, NULL); 2866 } 2867 if (vap == NULL) 2868 vap = TAILQ_FIRST(&ic->ic_vaps); 2869 2870 if (error != USB_ERR_CANCELLED) { 2871 if (error == USB_ERR_TIMEOUT) { 2872 device_printf(sc->sc_dev, "device timeout\n"); 2873 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2874 DPRINTF("cmdq_store=%d\n", i); 2875 sc->cmdq[i].func = run_usb_timeout_cb; 2876 sc->cmdq[i].arg0 = vap; 2877 ieee80211_runtask(ic, &sc->cmdq_task); 2878 } 2879 2880 /* 2881 * Try to clear stall first, also if other 2882 * errors occur, hence clearing stall 2883 * introduces a 50 ms delay: 2884 */ 2885 usbd_xfer_set_stall(xfer); 2886 goto tr_setup; 2887 } 2888 break; 2889 } 2890 } 2891 2892 static void 2893 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 2894 { 2895 run_bulk_tx_callbackN(xfer, error, 0); 2896 } 2897 2898 static void 2899 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 2900 { 2901 run_bulk_tx_callbackN(xfer, error, 1); 2902 } 2903 2904 static void 2905 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 2906 { 2907 run_bulk_tx_callbackN(xfer, error, 2); 2908 } 2909 2910 static void 2911 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 2912 { 2913 run_bulk_tx_callbackN(xfer, error, 3); 2914 } 2915 2916 static void 2917 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 2918 { 2919 run_bulk_tx_callbackN(xfer, error, 4); 2920 } 2921 2922 static void 2923 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 2924 { 2925 run_bulk_tx_callbackN(xfer, error, 5); 2926 } 2927 2928 static void 2929 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 2930 { 2931 struct mbuf *m = data->m; 2932 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2933 struct ieee80211vap *vap = data->ni->ni_vap; 2934 struct ieee80211_frame *wh; 2935 struct rt2870_txd *txd; 2936 struct rt2860_txwi *txwi; 2937 uint16_t xferlen; 2938 uint16_t mcs; 2939 uint8_t ridx = data->ridx; 2940 uint8_t pad; 2941 2942 /* get MCS code from rate index */ 2943 mcs = rt2860_rates[ridx].mcs; 2944 2945 xferlen = sizeof(*txwi) + m->m_pkthdr.len; 2946 2947 /* roundup to 32-bit alignment */ 2948 xferlen = (xferlen + 3) & ~3; 2949 2950 txd = (struct rt2870_txd *)&data->desc; 2951 txd->len = htole16(xferlen); 2952 2953 wh = mtod(m, struct ieee80211_frame *); 2954 2955 /* 2956 * Ether both are true or both are false, the header 2957 * are nicely aligned to 32-bit. So, no L2 padding. 2958 */ 2959 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 2960 pad = 0; 2961 else 2962 pad = 2; 2963 2964 /* setup TX Wireless Information */ 2965 txwi = (struct rt2860_txwi *)(txd + 1); 2966 txwi->len = htole16(m->m_pkthdr.len - pad); 2967 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2968 txwi->phy = htole16(RT2860_PHY_CCK); 2969 if (ridx != RT2860_RIDX_CCK1 && 2970 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2971 mcs |= RT2860_PHY_SHPRE; 2972 } else 2973 txwi->phy = htole16(RT2860_PHY_OFDM); 2974 txwi->phy |= htole16(mcs); 2975 2976 /* check if RTS/CTS or CTS-to-self protection is required */ 2977 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2978 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 2979 ((ic->ic_flags & IEEE80211_F_USEPROT) && 2980 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 2981 txwi->txop |= RT2860_TX_TXOP_HT; 2982 else 2983 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 2984 2985 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 2986 txwi->xflags |= RT2860_TX_NSEQ; 2987 } 2988 2989 /* This function must be called locked */ 2990 static int 2991 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2992 { 2993 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2994 struct ieee80211vap *vap = ni->ni_vap; 2995 struct ieee80211_frame *wh; 2996 struct ieee80211_channel *chan; 2997 const struct ieee80211_txparam *tp; 2998 struct run_node *rn = (void *)ni; 2999 struct run_tx_data *data; 3000 struct rt2870_txd *txd; 3001 struct rt2860_txwi *txwi; 3002 uint16_t qos; 3003 uint16_t dur; 3004 uint16_t qid; 3005 uint8_t type; 3006 uint8_t tid; 3007 uint8_t ridx; 3008 uint8_t ctl_ridx; 3009 uint8_t qflags; 3010 uint8_t xflags = 0; 3011 int hasqos; 3012 3013 RUN_LOCK_ASSERT(sc, MA_OWNED); 3014 3015 wh = mtod(m, struct ieee80211_frame *); 3016 3017 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3018 3019 /* 3020 * There are 7 bulk endpoints: 1 for RX 3021 * and 6 for TX (4 EDCAs + HCCA + Prio). 3022 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3023 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3024 */ 3025 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3026 uint8_t *frm; 3027 3028 if(IEEE80211_HAS_ADDR4(wh)) 3029 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3030 else 3031 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3032 3033 qos = le16toh(*(const uint16_t *)frm); 3034 tid = qos & IEEE80211_QOS_TID; 3035 qid = TID_TO_WME_AC(tid); 3036 } else { 3037 qos = 0; 3038 tid = 0; 3039 qid = WME_AC_BE; 3040 } 3041 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3042 3043 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3044 qos, qid, tid, qflags); 3045 3046 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3047 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3048 3049 /* pickup a rate index */ 3050 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3051 type != IEEE80211_FC0_TYPE_DATA) { 3052 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3053 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3054 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3055 } else { 3056 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3057 ridx = rn->fix_ridx; 3058 else 3059 ridx = rn->amrr_ridx; 3060 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3061 } 3062 3063 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3064 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3065 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3066 xflags |= RT2860_TX_ACK; 3067 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3068 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3069 else 3070 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3071 *(uint16_t *)wh->i_dur = htole16(dur); 3072 } 3073 3074 /* reserve slots for mgmt packets, just in case */ 3075 if (sc->sc_epq[qid].tx_nfree < 3) { 3076 DPRINTFN(10, "tx ring %d is full\n", qid); 3077 return (-1); 3078 } 3079 3080 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3081 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3082 sc->sc_epq[qid].tx_nfree--; 3083 3084 txd = (struct rt2870_txd *)&data->desc; 3085 txd->flags = qflags; 3086 txwi = (struct rt2860_txwi *)(txd + 1); 3087 txwi->xflags = xflags; 3088 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3089 txwi->wcid = 0; 3090 } else { 3091 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3092 1 : RUN_AID2WCID(ni->ni_associd); 3093 } 3094 /* clear leftover garbage bits */ 3095 txwi->flags = 0; 3096 txwi->txop = 0; 3097 3098 data->m = m; 3099 data->ni = ni; 3100 data->ridx = ridx; 3101 3102 run_set_tx_desc(sc, data); 3103 3104 /* 3105 * The chip keeps track of 2 kind of Tx stats, 3106 * * TX_STAT_FIFO, for per WCID stats, and 3107 * * TX_STA_CNT0 for all-TX-in-one stats. 3108 * 3109 * To use FIFO stats, we need to store MCS into the driver-private 3110 * PacketID field. So that, we can tell whose stats when we read them. 3111 * We add 1 to the MCS because setting the PacketID field to 0 means 3112 * that we don't want feedback in TX_STAT_FIFO. 3113 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3114 * 3115 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3116 */ 3117 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3118 vap->iv_opmode == IEEE80211_M_MBSS) { 3119 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3120 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3121 3122 /* 3123 * Unlike PCI based devices, we don't get any interrupt from 3124 * USB devices, so we simulate FIFO-is-full interrupt here. 3125 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3126 * quickly get fulled. To prevent overflow, increment a counter on 3127 * every FIFO stat request, so we know how many slots are left. 3128 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3129 * are used only in those modes. 3130 * We just drain stats. AMRR gets updated every 1 sec by 3131 * run_ratectl_cb() via callout. 3132 * Call it early. Otherwise overflow. 3133 */ 3134 if (sc->fifo_cnt++ == 10) { 3135 /* 3136 * With multiple vaps or if_bridge, if_start() is called 3137 * with a non-sleepable lock, tcpinp. So, need to defer. 3138 */ 3139 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3140 DPRINTFN(6, "cmdq_store=%d\n", i); 3141 sc->cmdq[i].func = run_drain_fifo; 3142 sc->cmdq[i].arg0 = sc; 3143 ieee80211_runtask(ic, &sc->cmdq_task); 3144 } 3145 } 3146 3147 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3148 3149 usbd_transfer_start(sc->sc_xfer[qid]); 3150 3151 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len + 3152 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3153 rt2860_rates[ridx].rate, qid); 3154 3155 return (0); 3156 } 3157 3158 static int 3159 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3160 { 3161 struct ifnet *ifp = sc->sc_ifp; 3162 struct ieee80211com *ic = ifp->if_l2com; 3163 struct run_node *rn = (void *)ni; 3164 struct run_tx_data *data; 3165 struct ieee80211_frame *wh; 3166 struct rt2870_txd *txd; 3167 struct rt2860_txwi *txwi; 3168 uint16_t dur; 3169 uint8_t ridx = rn->mgt_ridx; 3170 uint8_t type; 3171 uint8_t xflags = 0; 3172 uint8_t wflags = 0; 3173 3174 RUN_LOCK_ASSERT(sc, MA_OWNED); 3175 3176 wh = mtod(m, struct ieee80211_frame *); 3177 3178 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3179 3180 /* tell hardware to add timestamp for probe responses */ 3181 if ((wh->i_fc[0] & 3182 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3183 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3184 wflags |= RT2860_TX_TS; 3185 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3186 xflags |= RT2860_TX_ACK; 3187 3188 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3189 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3190 *(uint16_t *)wh->i_dur = htole16(dur); 3191 } 3192 3193 if (sc->sc_epq[0].tx_nfree == 0) { 3194 /* let caller free mbuf */ 3195 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3196 return (EIO); 3197 } 3198 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3199 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3200 sc->sc_epq[0].tx_nfree--; 3201 3202 txd = (struct rt2870_txd *)&data->desc; 3203 txd->flags = RT2860_TX_QSEL_EDCA; 3204 txwi = (struct rt2860_txwi *)(txd + 1); 3205 txwi->wcid = 0xff; 3206 txwi->flags = wflags; 3207 txwi->xflags = xflags; 3208 txwi->txop = 0; /* clear leftover garbage bits */ 3209 3210 data->m = m; 3211 data->ni = ni; 3212 data->ridx = ridx; 3213 3214 run_set_tx_desc(sc, data); 3215 3216 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3217 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3218 rt2860_rates[ridx].rate); 3219 3220 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3221 3222 usbd_transfer_start(sc->sc_xfer[0]); 3223 3224 return (0); 3225 } 3226 3227 static int 3228 run_sendprot(struct run_softc *sc, 3229 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3230 { 3231 struct ieee80211com *ic = ni->ni_ic; 3232 struct ieee80211_frame *wh; 3233 struct run_tx_data *data; 3234 struct rt2870_txd *txd; 3235 struct rt2860_txwi *txwi; 3236 struct mbuf *mprot; 3237 int ridx; 3238 int protrate; 3239 int ackrate; 3240 int pktlen; 3241 int isshort; 3242 uint16_t dur; 3243 uint8_t type; 3244 uint8_t wflags = 0; 3245 uint8_t xflags = 0; 3246 3247 RUN_LOCK_ASSERT(sc, MA_OWNED); 3248 3249 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3250 ("protection %d", prot)); 3251 3252 wh = mtod(m, struct ieee80211_frame *); 3253 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3254 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3255 3256 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3257 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3258 3259 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3260 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3261 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3262 wflags = RT2860_TX_FRAG; 3263 3264 /* check that there are free slots before allocating the mbuf */ 3265 if (sc->sc_epq[0].tx_nfree == 0) { 3266 /* let caller free mbuf */ 3267 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3268 return (ENOBUFS); 3269 } 3270 3271 if (prot == IEEE80211_PROT_RTSCTS) { 3272 /* NB: CTS is the same size as an ACK */ 3273 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3274 xflags |= RT2860_TX_ACK; 3275 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3276 } else { 3277 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3278 } 3279 if (mprot == NULL) { 3280 sc->sc_ifp->if_oerrors++; 3281 DPRINTF("could not allocate mbuf\n"); 3282 return (ENOBUFS); 3283 } 3284 3285 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3286 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3287 sc->sc_epq[0].tx_nfree--; 3288 3289 txd = (struct rt2870_txd *)&data->desc; 3290 txd->flags = RT2860_TX_QSEL_EDCA; 3291 txwi = (struct rt2860_txwi *)(txd + 1); 3292 txwi->wcid = 0xff; 3293 txwi->flags = wflags; 3294 txwi->xflags = xflags; 3295 txwi->txop = 0; /* clear leftover garbage bits */ 3296 3297 data->m = mprot; 3298 data->ni = ieee80211_ref_node(ni); 3299 3300 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3301 if (rt2860_rates[ridx].rate == protrate) 3302 break; 3303 data->ridx = ridx; 3304 3305 run_set_tx_desc(sc, data); 3306 3307 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3308 m->m_pkthdr.len, rate); 3309 3310 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3311 3312 usbd_transfer_start(sc->sc_xfer[0]); 3313 3314 return (0); 3315 } 3316 3317 static int 3318 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3319 const struct ieee80211_bpf_params *params) 3320 { 3321 struct ieee80211com *ic = ni->ni_ic; 3322 struct ieee80211_frame *wh; 3323 struct run_tx_data *data; 3324 struct rt2870_txd *txd; 3325 struct rt2860_txwi *txwi; 3326 uint8_t type; 3327 uint8_t ridx; 3328 uint8_t rate; 3329 uint8_t opflags = 0; 3330 uint8_t xflags = 0; 3331 int error; 3332 3333 RUN_LOCK_ASSERT(sc, MA_OWNED); 3334 3335 KASSERT(params != NULL, ("no raw xmit params")); 3336 3337 wh = mtod(m, struct ieee80211_frame *); 3338 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3339 3340 rate = params->ibp_rate0; 3341 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3342 /* let caller free mbuf */ 3343 return (EINVAL); 3344 } 3345 3346 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3347 xflags |= RT2860_TX_ACK; 3348 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3349 error = run_sendprot(sc, m, ni, 3350 params->ibp_flags & IEEE80211_BPF_RTS ? 3351 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3352 rate); 3353 if (error) { 3354 /* let caller free mbuf */ 3355 return error; 3356 } 3357 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3358 } 3359 3360 if (sc->sc_epq[0].tx_nfree == 0) { 3361 /* let caller free mbuf */ 3362 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3363 DPRINTF("sending raw frame, but tx ring is full\n"); 3364 return (EIO); 3365 } 3366 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3367 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3368 sc->sc_epq[0].tx_nfree--; 3369 3370 txd = (struct rt2870_txd *)&data->desc; 3371 txd->flags = RT2860_TX_QSEL_EDCA; 3372 txwi = (struct rt2860_txwi *)(txd + 1); 3373 txwi->wcid = 0xff; 3374 txwi->xflags = xflags; 3375 txwi->txop = opflags; 3376 txwi->flags = 0; /* clear leftover garbage bits */ 3377 3378 data->m = m; 3379 data->ni = ni; 3380 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3381 if (rt2860_rates[ridx].rate == rate) 3382 break; 3383 data->ridx = ridx; 3384 3385 run_set_tx_desc(sc, data); 3386 3387 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3388 m->m_pkthdr.len, rate); 3389 3390 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3391 3392 usbd_transfer_start(sc->sc_xfer[0]); 3393 3394 return (0); 3395 } 3396 3397 static int 3398 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3399 const struct ieee80211_bpf_params *params) 3400 { 3401 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3402 struct run_softc *sc = ifp->if_softc; 3403 int error = 0; 3404 3405 RUN_LOCK(sc); 3406 3407 /* prevent management frames from being sent if we're not ready */ 3408 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3409 error = ENETDOWN; 3410 goto done; 3411 } 3412 3413 if (params == NULL) { 3414 /* tx mgt packet */ 3415 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3416 ifp->if_oerrors++; 3417 DPRINTF("mgt tx failed\n"); 3418 goto done; 3419 } 3420 } else { 3421 /* tx raw packet with param */ 3422 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3423 ifp->if_oerrors++; 3424 DPRINTF("tx with param failed\n"); 3425 goto done; 3426 } 3427 } 3428 3429 ifp->if_opackets++; 3430 3431 done: 3432 RUN_UNLOCK(sc); 3433 3434 if (error != 0) { 3435 if(m != NULL) 3436 m_freem(m); 3437 ieee80211_free_node(ni); 3438 } 3439 3440 return (error); 3441 } 3442 3443 static void 3444 run_start(struct ifnet *ifp) 3445 { 3446 struct run_softc *sc = ifp->if_softc; 3447 struct ieee80211_node *ni; 3448 struct mbuf *m; 3449 3450 RUN_LOCK(sc); 3451 3452 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3453 RUN_UNLOCK(sc); 3454 return; 3455 } 3456 3457 for (;;) { 3458 /* send data frames */ 3459 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3460 if (m == NULL) 3461 break; 3462 3463 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3464 if (run_tx(sc, m, ni) != 0) { 3465 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3466 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3467 break; 3468 } 3469 } 3470 3471 RUN_UNLOCK(sc); 3472 } 3473 3474 static int 3475 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3476 { 3477 struct run_softc *sc = ifp->if_softc; 3478 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3479 struct ifreq *ifr = (struct ifreq *) data; 3480 int startall = 0; 3481 int error; 3482 3483 RUN_LOCK(sc); 3484 error = sc->sc_detached ? ENXIO : 0; 3485 RUN_UNLOCK(sc); 3486 if (error) 3487 return (error); 3488 3489 switch (cmd) { 3490 case SIOCSIFFLAGS: 3491 RUN_LOCK(sc); 3492 if (ifp->if_flags & IFF_UP) { 3493 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3494 startall = 1; 3495 run_init_locked(sc); 3496 } else 3497 run_update_promisc_locked(ifp); 3498 } else { 3499 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3500 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3501 run_stop(sc); 3502 } 3503 } 3504 RUN_UNLOCK(sc); 3505 if (startall) 3506 ieee80211_start_all(ic); 3507 break; 3508 case SIOCGIFMEDIA: 3509 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3510 break; 3511 case SIOCGIFADDR: 3512 error = ether_ioctl(ifp, cmd, data); 3513 break; 3514 default: 3515 error = EINVAL; 3516 break; 3517 } 3518 3519 return (error); 3520 } 3521 3522 static void 3523 run_set_agc(struct run_softc *sc, uint8_t agc) 3524 { 3525 uint8_t bbp; 3526 3527 if (sc->mac_ver == 0x3572) { 3528 run_bbp_read(sc, 27, &bbp); 3529 bbp &= ~(0x3 << 5); 3530 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3531 run_bbp_write(sc, 66, agc); 3532 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3533 run_bbp_write(sc, 66, agc); 3534 } else 3535 run_bbp_write(sc, 66, agc); 3536 } 3537 3538 static void 3539 run_select_chan_group(struct run_softc *sc, int group) 3540 { 3541 uint32_t tmp; 3542 uint8_t agc; 3543 3544 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3545 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3546 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3547 run_bbp_write(sc, 86, 0x00); 3548 3549 if (group == 0) { 3550 if (sc->ext_2ghz_lna) { 3551 run_bbp_write(sc, 82, 0x62); 3552 run_bbp_write(sc, 75, 0x46); 3553 } else { 3554 run_bbp_write(sc, 82, 0x84); 3555 run_bbp_write(sc, 75, 0x50); 3556 } 3557 } else { 3558 if (sc->mac_ver == 0x3572) 3559 run_bbp_write(sc, 82, 0x94); 3560 else 3561 run_bbp_write(sc, 82, 0xf2); 3562 if (sc->ext_5ghz_lna) 3563 run_bbp_write(sc, 75, 0x46); 3564 else 3565 run_bbp_write(sc, 75, 0x50); 3566 } 3567 3568 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3569 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3570 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3571 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3572 3573 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3574 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3575 if (sc->nrxchains > 1) 3576 tmp |= RT2860_LNA_PE1_EN; 3577 if (group == 0) { /* 2GHz */ 3578 tmp |= RT2860_PA_PE_G0_EN; 3579 if (sc->ntxchains > 1) 3580 tmp |= RT2860_PA_PE_G1_EN; 3581 } else { /* 5GHz */ 3582 tmp |= RT2860_PA_PE_A0_EN; 3583 if (sc->ntxchains > 1) 3584 tmp |= RT2860_PA_PE_A1_EN; 3585 } 3586 if (sc->mac_ver == 0x3572) { 3587 run_rt3070_rf_write(sc, 8, 0x00); 3588 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3589 run_rt3070_rf_write(sc, 8, 0x80); 3590 } else 3591 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3592 3593 /* set initial AGC value */ 3594 if (group == 0) { /* 2GHz band */ 3595 if (sc->mac_ver >= 0x3070) 3596 agc = 0x1c + sc->lna[0] * 2; 3597 else 3598 agc = 0x2e + sc->lna[0]; 3599 } else { /* 5GHz band */ 3600 if (sc->mac_ver == 0x3572) 3601 agc = 0x22 + (sc->lna[group] * 5) / 3; 3602 else 3603 agc = 0x32 + (sc->lna[group] * 5) / 3; 3604 } 3605 run_set_agc(sc, agc); 3606 } 3607 3608 static void 3609 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 3610 { 3611 const struct rfprog *rfprog = rt2860_rf2850; 3612 uint32_t r2, r3, r4; 3613 int8_t txpow1, txpow2; 3614 int i; 3615 3616 /* find the settings for this channel (we know it exists) */ 3617 for (i = 0; rfprog[i].chan != chan; i++); 3618 3619 r2 = rfprog[i].r2; 3620 if (sc->ntxchains == 1) 3621 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 3622 if (sc->nrxchains == 1) 3623 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3624 else if (sc->nrxchains == 2) 3625 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 3626 3627 /* use Tx power values from EEPROM */ 3628 txpow1 = sc->txpow1[i]; 3629 txpow2 = sc->txpow2[i]; 3630 if (chan > 14) { 3631 if (txpow1 >= 0) 3632 txpow1 = txpow1 << 1 | 1; 3633 else 3634 txpow1 = (7 + txpow1) << 1; 3635 if (txpow2 >= 0) 3636 txpow2 = txpow2 << 1 | 1; 3637 else 3638 txpow2 = (7 + txpow2) << 1; 3639 } 3640 r3 = rfprog[i].r3 | txpow1 << 7; 3641 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 3642 3643 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3644 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3645 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3646 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3647 3648 run_delay(sc, 10); 3649 3650 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3651 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3652 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1); 3653 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3654 3655 run_delay(sc, 10); 3656 3657 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3658 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3659 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3660 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3661 } 3662 3663 static void 3664 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 3665 { 3666 int8_t txpow1, txpow2; 3667 uint8_t rf; 3668 int i; 3669 3670 /* RT3070 is 2GHz only */ 3671 KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n")); 3672 3673 /* find the settings for this channel (we know it exists) */ 3674 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3675 3676 /* use Tx power values from EEPROM */ 3677 txpow1 = sc->txpow1[i]; 3678 txpow2 = sc->txpow2[i]; 3679 3680 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3681 3682 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 3683 run_rt3070_rf_read(sc, 3, &rf); 3684 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 3685 run_rt3070_rf_write(sc, 3, rf); 3686 3687 run_rt3070_rf_read(sc, 6, &rf); 3688 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3689 run_rt3070_rf_write(sc, 6, rf); 3690 3691 /* set Tx0 power */ 3692 run_rt3070_rf_read(sc, 12, &rf); 3693 rf = (rf & ~0x1f) | txpow1; 3694 run_rt3070_rf_write(sc, 12, rf); 3695 3696 /* set Tx1 power */ 3697 run_rt3070_rf_read(sc, 13, &rf); 3698 rf = (rf & ~0x1f) | txpow2; 3699 run_rt3070_rf_write(sc, 13, rf); 3700 3701 run_rt3070_rf_read(sc, 1, &rf); 3702 rf &= ~0xfc; 3703 if (sc->ntxchains == 1) 3704 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3705 else if (sc->ntxchains == 2) 3706 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3707 if (sc->nrxchains == 1) 3708 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3709 else if (sc->nrxchains == 2) 3710 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3711 run_rt3070_rf_write(sc, 1, rf); 3712 3713 /* set RF offset */ 3714 run_rt3070_rf_read(sc, 23, &rf); 3715 rf = (rf & ~0x7f) | sc->freq; 3716 run_rt3070_rf_write(sc, 23, rf); 3717 3718 /* program RF filter */ 3719 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 3720 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3721 run_rt3070_rf_write(sc, 24, rf); 3722 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 3723 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3724 run_rt3070_rf_write(sc, 31, rf); 3725 3726 /* enable RF tuning */ 3727 run_rt3070_rf_read(sc, 7, &rf); 3728 run_rt3070_rf_write(sc, 7, rf | 0x01); 3729 } 3730 3731 static void 3732 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 3733 { 3734 int8_t txpow1, txpow2; 3735 uint32_t tmp; 3736 uint8_t rf; 3737 int i; 3738 3739 /* find the settings for this channel (we know it exists) */ 3740 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3741 3742 /* use Tx power values from EEPROM */ 3743 txpow1 = sc->txpow1[i]; 3744 txpow2 = sc->txpow2[i]; 3745 3746 if (chan <= 14) { 3747 run_bbp_write(sc, 25, sc->bbp25); 3748 run_bbp_write(sc, 26, sc->bbp26); 3749 } else { 3750 /* enable IQ phase correction */ 3751 run_bbp_write(sc, 25, 0x09); 3752 run_bbp_write(sc, 26, 0xff); 3753 } 3754 3755 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3756 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3757 run_rt3070_rf_read(sc, 6, &rf); 3758 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 3759 rf |= (chan <= 14) ? 0x08 : 0x04; 3760 run_rt3070_rf_write(sc, 6, rf); 3761 3762 /* set PLL mode */ 3763 run_rt3070_rf_read(sc, 5, &rf); 3764 rf &= ~(0x08 | 0x04); 3765 rf |= (chan <= 14) ? 0x04 : 0x08; 3766 run_rt3070_rf_write(sc, 5, rf); 3767 3768 /* set Tx power for chain 0 */ 3769 if (chan <= 14) 3770 rf = 0x60 | txpow1; 3771 else 3772 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 3773 run_rt3070_rf_write(sc, 12, rf); 3774 3775 /* set Tx power for chain 1 */ 3776 if (chan <= 14) 3777 rf = 0x60 | txpow2; 3778 else 3779 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 3780 run_rt3070_rf_write(sc, 13, rf); 3781 3782 /* set Tx/Rx streams */ 3783 run_rt3070_rf_read(sc, 1, &rf); 3784 rf &= ~0xfc; 3785 if (sc->ntxchains == 1) 3786 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3787 else if (sc->ntxchains == 2) 3788 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3789 if (sc->nrxchains == 1) 3790 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3791 else if (sc->nrxchains == 2) 3792 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3793 run_rt3070_rf_write(sc, 1, rf); 3794 3795 /* set RF offset */ 3796 run_rt3070_rf_read(sc, 23, &rf); 3797 rf = (rf & ~0x7f) | sc->freq; 3798 run_rt3070_rf_write(sc, 23, rf); 3799 3800 /* program RF filter */ 3801 rf = sc->rf24_20mhz; 3802 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 3803 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 3804 3805 /* enable RF tuning */ 3806 run_rt3070_rf_read(sc, 7, &rf); 3807 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 3808 run_rt3070_rf_write(sc, 7, rf); 3809 3810 /* TSSI */ 3811 rf = (chan <= 14) ? 0xc3 : 0xc0; 3812 run_rt3070_rf_write(sc, 9, rf); 3813 3814 /* set loop filter 1 */ 3815 run_rt3070_rf_write(sc, 10, 0xf1); 3816 /* set loop filter 2 */ 3817 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 3818 3819 /* set tx_mx2_ic */ 3820 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 3821 /* set tx_mx1_ic */ 3822 if (chan <= 14) 3823 rf = 0x48 | sc->txmixgain_2ghz; 3824 else 3825 rf = 0x78 | sc->txmixgain_5ghz; 3826 run_rt3070_rf_write(sc, 16, rf); 3827 3828 /* set tx_lo1 */ 3829 run_rt3070_rf_write(sc, 17, 0x23); 3830 /* set tx_lo2 */ 3831 if (chan <= 14) 3832 rf = 0x93; 3833 else if (chan <= 64) 3834 rf = 0xb7; 3835 else if (chan <= 128) 3836 rf = 0x74; 3837 else 3838 rf = 0x72; 3839 run_rt3070_rf_write(sc, 19, rf); 3840 3841 /* set rx_lo1 */ 3842 if (chan <= 14) 3843 rf = 0xb3; 3844 else if (chan <= 64) 3845 rf = 0xf6; 3846 else if (chan <= 128) 3847 rf = 0xf4; 3848 else 3849 rf = 0xf3; 3850 run_rt3070_rf_write(sc, 20, rf); 3851 3852 /* set pfd_delay */ 3853 if (chan <= 14) 3854 rf = 0x15; 3855 else if (chan <= 64) 3856 rf = 0x3d; 3857 else 3858 rf = 0x01; 3859 run_rt3070_rf_write(sc, 25, rf); 3860 3861 /* set rx_lo2 */ 3862 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 3863 /* set ldo_rf_vc */ 3864 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 3865 /* set drv_cc */ 3866 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 3867 3868 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3869 tmp &= ~0x8080; 3870 if (chan <= 14) 3871 tmp |= 0x80; 3872 run_write(sc, RT2860_GPIO_CTRL, tmp); 3873 3874 /* enable RF tuning */ 3875 run_rt3070_rf_read(sc, 7, &rf); 3876 run_rt3070_rf_write(sc, 7, rf | 0x01); 3877 3878 run_delay(sc, 2); 3879 } 3880 3881 static void 3882 run_set_rx_antenna(struct run_softc *sc, int aux) 3883 { 3884 uint32_t tmp; 3885 3886 if (aux) { 3887 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 3888 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3889 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 3890 } else { 3891 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 3892 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3893 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 3894 } 3895 } 3896 3897 static int 3898 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 3899 { 3900 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3901 u_int chan, group; 3902 3903 chan = ieee80211_chan2ieee(ic, c); 3904 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 3905 return (EINVAL); 3906 3907 if (sc->mac_ver == 0x3572) 3908 run_rt3572_set_chan(sc, chan); 3909 else if (sc->mac_ver >= 0x3070) 3910 run_rt3070_set_chan(sc, chan); 3911 else 3912 run_rt2870_set_chan(sc, chan); 3913 3914 /* determine channel group */ 3915 if (chan <= 14) 3916 group = 0; 3917 else if (chan <= 64) 3918 group = 1; 3919 else if (chan <= 128) 3920 group = 2; 3921 else 3922 group = 3; 3923 3924 /* XXX necessary only when group has changed! */ 3925 run_select_chan_group(sc, group); 3926 3927 run_delay(sc, 10); 3928 3929 return (0); 3930 } 3931 3932 static void 3933 run_set_channel(struct ieee80211com *ic) 3934 { 3935 struct run_softc *sc = ic->ic_ifp->if_softc; 3936 3937 RUN_LOCK(sc); 3938 run_set_chan(sc, ic->ic_curchan); 3939 RUN_UNLOCK(sc); 3940 3941 return; 3942 } 3943 3944 static void 3945 run_scan_start(struct ieee80211com *ic) 3946 { 3947 struct run_softc *sc = ic->ic_ifp->if_softc; 3948 uint32_t tmp; 3949 3950 RUN_LOCK(sc); 3951 3952 /* abort TSF synchronization */ 3953 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 3954 run_write(sc, RT2860_BCN_TIME_CFG, 3955 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 3956 RT2860_TBTT_TIMER_EN)); 3957 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 3958 3959 RUN_UNLOCK(sc); 3960 3961 return; 3962 } 3963 3964 static void 3965 run_scan_end(struct ieee80211com *ic) 3966 { 3967 struct run_softc *sc = ic->ic_ifp->if_softc; 3968 3969 RUN_LOCK(sc); 3970 3971 run_enable_tsf_sync(sc); 3972 /* XXX keep local copy */ 3973 run_set_bssid(sc, sc->sc_bssid); 3974 3975 RUN_UNLOCK(sc); 3976 3977 return; 3978 } 3979 3980 /* 3981 * Could be called from ieee80211_node_timeout() 3982 * (non-sleepable thread) 3983 */ 3984 static void 3985 run_update_beacon(struct ieee80211vap *vap, int item) 3986 { 3987 struct ieee80211com *ic = vap->iv_ic; 3988 struct run_softc *sc = ic->ic_ifp->if_softc; 3989 struct run_vap *rvp = RUN_VAP(vap); 3990 int mcast = 0; 3991 uint32_t i; 3992 3993 KASSERT(vap != NULL, ("no beacon")); 3994 3995 switch (item) { 3996 case IEEE80211_BEACON_ERP: 3997 run_updateslot(ic->ic_ifp); 3998 break; 3999 case IEEE80211_BEACON_HTINFO: 4000 run_updateprot(ic); 4001 break; 4002 case IEEE80211_BEACON_TIM: 4003 mcast = 1; /*TODO*/ 4004 break; 4005 default: 4006 break; 4007 } 4008 4009 setbit(rvp->bo.bo_flags, item); 4010 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4011 4012 i = RUN_CMDQ_GET(&sc->cmdq_store); 4013 DPRINTF("cmdq_store=%d\n", i); 4014 sc->cmdq[i].func = run_update_beacon_cb; 4015 sc->cmdq[i].arg0 = vap; 4016 ieee80211_runtask(ic, &sc->cmdq_task); 4017 4018 return; 4019 } 4020 4021 static void 4022 run_update_beacon_cb(void *arg) 4023 { 4024 struct ieee80211vap *vap = arg; 4025 struct run_vap *rvp = RUN_VAP(vap); 4026 struct ieee80211com *ic = vap->iv_ic; 4027 struct run_softc *sc = ic->ic_ifp->if_softc; 4028 struct rt2860_txwi txwi; 4029 struct mbuf *m; 4030 uint8_t ridx; 4031 4032 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4033 return; 4034 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4035 return; 4036 4037 /* 4038 * No need to call ieee80211_beacon_update(), run_update_beacon() 4039 * is taking care of apropriate calls. 4040 */ 4041 if (rvp->beacon_mbuf == NULL) { 4042 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4043 &rvp->bo); 4044 if (rvp->beacon_mbuf == NULL) 4045 return; 4046 } 4047 m = rvp->beacon_mbuf; 4048 4049 memset(&txwi, 0, sizeof txwi); 4050 txwi.wcid = 0xff; 4051 txwi.len = htole16(m->m_pkthdr.len); 4052 /* send beacons at the lowest available rate */ 4053 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4054 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4055 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4056 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4057 txwi.phy |= htole16(RT2860_PHY_OFDM); 4058 txwi.txop = RT2860_TX_TXOP_HT; 4059 txwi.flags = RT2860_TX_TS; 4060 txwi.xflags = RT2860_TX_NSEQ; 4061 4062 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), 4063 (uint8_t *)&txwi, sizeof txwi); 4064 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + sizeof txwi, 4065 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); /* roundup len */ 4066 4067 return; 4068 } 4069 4070 static void 4071 run_updateprot(struct ieee80211com *ic) 4072 { 4073 struct run_softc *sc = ic->ic_ifp->if_softc; 4074 uint32_t i; 4075 4076 i = RUN_CMDQ_GET(&sc->cmdq_store); 4077 DPRINTF("cmdq_store=%d\n", i); 4078 sc->cmdq[i].func = run_updateprot_cb; 4079 sc->cmdq[i].arg0 = ic; 4080 ieee80211_runtask(ic, &sc->cmdq_task); 4081 } 4082 4083 static void 4084 run_updateprot_cb(void *arg) 4085 { 4086 struct ieee80211com *ic = arg; 4087 struct run_softc *sc = ic->ic_ifp->if_softc; 4088 uint32_t tmp; 4089 4090 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4091 /* setup protection frame rate (MCS code) */ 4092 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4093 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4094 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4095 4096 /* CCK frames don't require protection */ 4097 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4098 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4099 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4100 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4101 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4102 tmp |= RT2860_PROT_CTRL_CTS; 4103 } 4104 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4105 } 4106 4107 static void 4108 run_usb_timeout_cb(void *arg) 4109 { 4110 struct ieee80211vap *vap = arg; 4111 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4112 4113 RUN_LOCK_ASSERT(sc, MA_OWNED); 4114 4115 if(vap->iv_state == IEEE80211_S_RUN && 4116 vap->iv_opmode != IEEE80211_M_STA) 4117 run_reset_livelock(sc); 4118 else if (vap->iv_state == IEEE80211_S_SCAN) { 4119 DPRINTF("timeout caused by scan\n"); 4120 /* cancel bgscan */ 4121 ieee80211_cancel_scan(vap); 4122 } else 4123 DPRINTF("timeout by unknown cause\n"); 4124 } 4125 4126 static void 4127 run_reset_livelock(struct run_softc *sc) 4128 { 4129 uint32_t tmp; 4130 4131 RUN_LOCK_ASSERT(sc, MA_OWNED); 4132 4133 /* 4134 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4135 * can run into a livelock and start sending CTS-to-self frames like 4136 * crazy if protection is enabled. Reset MAC/BBP for a while 4137 */ 4138 run_read(sc, RT2860_DEBUG, &tmp); 4139 DPRINTFN(3, "debug reg %08x\n", tmp); 4140 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4141 DPRINTF("CTS-to-self livelock detected\n"); 4142 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4143 run_delay(sc, 1); 4144 run_write(sc, RT2860_MAC_SYS_CTRL, 4145 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4146 } 4147 } 4148 4149 static void 4150 run_update_promisc_locked(struct ifnet *ifp) 4151 { 4152 struct run_softc *sc = ifp->if_softc; 4153 uint32_t tmp; 4154 4155 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4156 4157 tmp |= RT2860_DROP_UC_NOME; 4158 if (ifp->if_flags & IFF_PROMISC) 4159 tmp &= ~RT2860_DROP_UC_NOME; 4160 4161 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4162 4163 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4164 "entering" : "leaving"); 4165 } 4166 4167 static void 4168 run_update_promisc(struct ifnet *ifp) 4169 { 4170 struct run_softc *sc = ifp->if_softc; 4171 4172 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4173 return; 4174 4175 RUN_LOCK(sc); 4176 run_update_promisc_locked(ifp); 4177 RUN_UNLOCK(sc); 4178 } 4179 4180 static void 4181 run_enable_tsf_sync(struct run_softc *sc) 4182 { 4183 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4184 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4185 uint32_t tmp; 4186 4187 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode); 4188 4189 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4190 tmp &= ~0x1fffff; 4191 tmp |= vap->iv_bss->ni_intval * 16; 4192 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4193 4194 if (ic->ic_opmode == IEEE80211_M_STA) { 4195 /* 4196 * Local TSF is always updated with remote TSF on beacon 4197 * reception. 4198 */ 4199 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4200 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4201 tmp |= RT2860_BCN_TX_EN; 4202 /* 4203 * Local TSF is updated with remote TSF on beacon reception 4204 * only if the remote TSF is greater than local TSF. 4205 */ 4206 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4207 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4208 ic->ic_opmode == IEEE80211_M_MBSS) { 4209 tmp |= RT2860_BCN_TX_EN; 4210 /* SYNC with nobody */ 4211 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4212 } else { 4213 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4214 return; 4215 } 4216 4217 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4218 } 4219 4220 static void 4221 run_enable_mrr(struct run_softc *sc) 4222 { 4223 #define CCK(mcs) (mcs) 4224 #define OFDM(mcs) (1 << 3 | (mcs)) 4225 run_write(sc, RT2860_LG_FBK_CFG0, 4226 OFDM(6) << 28 | /* 54->48 */ 4227 OFDM(5) << 24 | /* 48->36 */ 4228 OFDM(4) << 20 | /* 36->24 */ 4229 OFDM(3) << 16 | /* 24->18 */ 4230 OFDM(2) << 12 | /* 18->12 */ 4231 OFDM(1) << 8 | /* 12-> 9 */ 4232 OFDM(0) << 4 | /* 9-> 6 */ 4233 OFDM(0)); /* 6-> 6 */ 4234 4235 run_write(sc, RT2860_LG_FBK_CFG1, 4236 CCK(2) << 12 | /* 11->5.5 */ 4237 CCK(1) << 8 | /* 5.5-> 2 */ 4238 CCK(0) << 4 | /* 2-> 1 */ 4239 CCK(0)); /* 1-> 1 */ 4240 #undef OFDM 4241 #undef CCK 4242 } 4243 4244 static void 4245 run_set_txpreamble(struct run_softc *sc) 4246 { 4247 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4248 uint32_t tmp; 4249 4250 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4251 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4252 tmp |= RT2860_CCK_SHORT_EN; 4253 else 4254 tmp &= ~RT2860_CCK_SHORT_EN; 4255 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4256 } 4257 4258 static void 4259 run_set_basicrates(struct run_softc *sc) 4260 { 4261 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4262 4263 /* set basic rates mask */ 4264 if (ic->ic_curmode == IEEE80211_MODE_11B) 4265 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4266 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4267 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4268 else /* 11g */ 4269 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4270 } 4271 4272 static void 4273 run_set_leds(struct run_softc *sc, uint16_t which) 4274 { 4275 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4276 which | (sc->leds & 0x7f)); 4277 } 4278 4279 static void 4280 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4281 { 4282 run_write(sc, RT2860_MAC_BSSID_DW0, 4283 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4284 run_write(sc, RT2860_MAC_BSSID_DW1, 4285 bssid[4] | bssid[5] << 8); 4286 } 4287 4288 static void 4289 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4290 { 4291 run_write(sc, RT2860_MAC_ADDR_DW0, 4292 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4293 run_write(sc, RT2860_MAC_ADDR_DW1, 4294 addr[4] | addr[5] << 8 | 0xff << 16); 4295 } 4296 4297 static void 4298 run_updateslot(struct ifnet *ifp) 4299 { 4300 struct run_softc *sc = ifp->if_softc; 4301 struct ieee80211com *ic = ifp->if_l2com; 4302 uint32_t i; 4303 4304 i = RUN_CMDQ_GET(&sc->cmdq_store); 4305 DPRINTF("cmdq_store=%d\n", i); 4306 sc->cmdq[i].func = run_updateslot_cb; 4307 sc->cmdq[i].arg0 = ifp; 4308 ieee80211_runtask(ic, &sc->cmdq_task); 4309 4310 return; 4311 } 4312 4313 /* ARGSUSED */ 4314 static void 4315 run_updateslot_cb(void *arg) 4316 { 4317 struct ifnet *ifp = arg; 4318 struct run_softc *sc = ifp->if_softc; 4319 struct ieee80211com *ic = ifp->if_l2com; 4320 uint32_t tmp; 4321 4322 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4323 tmp &= ~0xff; 4324 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4325 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4326 } 4327 4328 static void 4329 run_update_mcast(struct ifnet *ifp) 4330 { 4331 /* h/w filter supports getting everything or nothing */ 4332 ifp->if_flags |= IFF_ALLMULTI; 4333 } 4334 4335 static int8_t 4336 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4337 { 4338 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4339 struct ieee80211_channel *c = ic->ic_curchan; 4340 int delta; 4341 4342 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4343 u_int chan = ieee80211_chan2ieee(ic, c); 4344 delta = sc->rssi_5ghz[rxchain]; 4345 4346 /* determine channel group */ 4347 if (chan <= 64) 4348 delta -= sc->lna[1]; 4349 else if (chan <= 128) 4350 delta -= sc->lna[2]; 4351 else 4352 delta -= sc->lna[3]; 4353 } else 4354 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4355 4356 return (-12 - delta - rssi); 4357 } 4358 4359 static int 4360 run_bbp_init(struct run_softc *sc) 4361 { 4362 int i, error, ntries; 4363 uint8_t bbp0; 4364 4365 /* wait for BBP to wake up */ 4366 for (ntries = 0; ntries < 20; ntries++) { 4367 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4368 return error; 4369 if (bbp0 != 0 && bbp0 != 0xff) 4370 break; 4371 } 4372 if (ntries == 20) 4373 return (ETIMEDOUT); 4374 4375 /* initialize BBP registers to default values */ 4376 for (i = 0; i < N(rt2860_def_bbp); i++) { 4377 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4378 rt2860_def_bbp[i].val); 4379 } 4380 4381 /* fix BBP84 for RT2860E */ 4382 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4383 run_bbp_write(sc, 84, 0x19); 4384 4385 if (sc->mac_ver >= 0x3070) { 4386 run_bbp_write(sc, 79, 0x13); 4387 run_bbp_write(sc, 80, 0x05); 4388 run_bbp_write(sc, 81, 0x33); 4389 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 4390 run_bbp_write(sc, 69, 0x16); 4391 run_bbp_write(sc, 73, 0x12); 4392 } 4393 return (0); 4394 } 4395 4396 static int 4397 run_rt3070_rf_init(struct run_softc *sc) 4398 { 4399 uint32_t tmp; 4400 uint8_t bbp4, mingain, rf, target; 4401 int i; 4402 4403 run_rt3070_rf_read(sc, 30, &rf); 4404 /* toggle RF R30 bit 7 */ 4405 run_rt3070_rf_write(sc, 30, rf | 0x80); 4406 run_delay(sc, 10); 4407 run_rt3070_rf_write(sc, 30, rf & ~0x80); 4408 4409 /* initialize RF registers to default value */ 4410 if (sc->mac_ver == 0x3572) { 4411 for (i = 0; i < N(rt3572_def_rf); i++) { 4412 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 4413 rt3572_def_rf[i].val); 4414 } 4415 } else { 4416 for (i = 0; i < N(rt3070_def_rf); i++) { 4417 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 4418 rt3070_def_rf[i].val); 4419 } 4420 } 4421 4422 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 4423 /* 4424 * Change voltage from 1.2V to 1.35V for RT3070. 4425 * The DAC issue (RT3070_LDO_CFG0) has been fixed 4426 * in RT3070(F). 4427 */ 4428 run_read(sc, RT3070_LDO_CFG0, &tmp); 4429 tmp = (tmp & ~0x0f000000) | 0x0d000000; 4430 run_write(sc, RT3070_LDO_CFG0, tmp); 4431 4432 } else if (sc->mac_ver == 0x3071) { 4433 run_rt3070_rf_read(sc, 6, &rf); 4434 run_rt3070_rf_write(sc, 6, rf | 0x40); 4435 run_rt3070_rf_write(sc, 31, 0x14); 4436 4437 run_read(sc, RT3070_LDO_CFG0, &tmp); 4438 tmp &= ~0x1f000000; 4439 if (sc->mac_rev < 0x0211) 4440 tmp |= 0x0d000000; /* 1.3V */ 4441 else 4442 tmp |= 0x01000000; /* 1.2V */ 4443 run_write(sc, RT3070_LDO_CFG0, tmp); 4444 4445 /* patch LNA_PE_G1 */ 4446 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 4447 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 4448 4449 } else if (sc->mac_ver == 0x3572) { 4450 run_rt3070_rf_read(sc, 6, &rf); 4451 run_rt3070_rf_write(sc, 6, rf | 0x40); 4452 4453 /* increase voltage from 1.2V to 1.35V */ 4454 run_read(sc, RT3070_LDO_CFG0, &tmp); 4455 tmp = (tmp & ~0x1f000000) | 0x0d000000; 4456 run_write(sc, RT3070_LDO_CFG0, tmp); 4457 4458 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 4459 run_delay(sc, 1); /* wait for 1msec */ 4460 /* decrease voltage back to 1.2V */ 4461 tmp = (tmp & ~0x1f000000) | 0x01000000; 4462 run_write(sc, RT3070_LDO_CFG0, tmp); 4463 } 4464 } 4465 4466 /* select 20MHz bandwidth */ 4467 run_rt3070_rf_read(sc, 31, &rf); 4468 run_rt3070_rf_write(sc, 31, rf & ~0x20); 4469 4470 /* calibrate filter for 20MHz bandwidth */ 4471 sc->rf24_20mhz = 0x1f; /* default value */ 4472 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 4473 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 4474 4475 /* select 40MHz bandwidth */ 4476 run_bbp_read(sc, 4, &bbp4); 4477 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 4478 run_rt3070_rf_read(sc, 31, &rf); 4479 run_rt3070_rf_write(sc, 31, rf | 0x20); 4480 4481 /* calibrate filter for 40MHz bandwidth */ 4482 sc->rf24_40mhz = 0x2f; /* default value */ 4483 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 4484 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 4485 4486 /* go back to 20MHz bandwidth */ 4487 run_bbp_read(sc, 4, &bbp4); 4488 run_bbp_write(sc, 4, bbp4 & ~0x18); 4489 4490 if (sc->mac_ver == 0x3572) { 4491 /* save default BBP registers 25 and 26 values */ 4492 run_bbp_read(sc, 25, &sc->bbp25); 4493 run_bbp_read(sc, 26, &sc->bbp26); 4494 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 4495 run_rt3070_rf_write(sc, 27, 0x03); 4496 4497 run_read(sc, RT3070_OPT_14, &tmp); 4498 run_write(sc, RT3070_OPT_14, tmp | 1); 4499 4500 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4501 run_rt3070_rf_read(sc, 17, &rf); 4502 rf &= ~RT3070_TX_LO1; 4503 if ((sc->mac_ver == 0x3070 || 4504 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 4505 !sc->ext_2ghz_lna) 4506 rf |= 0x20; /* fix for long range Rx issue */ 4507 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 4508 if (sc->txmixgain_2ghz >= mingain) 4509 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 4510 run_rt3070_rf_write(sc, 17, rf); 4511 } 4512 4513 if (sc->mac_rev == 0x3071) { 4514 run_rt3070_rf_read(sc, 1, &rf); 4515 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 4516 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 4517 run_rt3070_rf_write(sc, 1, rf); 4518 4519 run_rt3070_rf_read(sc, 15, &rf); 4520 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 4521 4522 run_rt3070_rf_read(sc, 20, &rf); 4523 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 4524 4525 run_rt3070_rf_read(sc, 21, &rf); 4526 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 4527 } 4528 4529 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4530 /* fix Tx to Rx IQ glitch by raising RF voltage */ 4531 run_rt3070_rf_read(sc, 27, &rf); 4532 rf &= ~0x77; 4533 if (sc->mac_rev < 0x0211) 4534 rf |= 0x03; 4535 run_rt3070_rf_write(sc, 27, rf); 4536 } 4537 return (0); 4538 } 4539 4540 static int 4541 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 4542 uint8_t *val) 4543 { 4544 uint8_t rf22, rf24; 4545 uint8_t bbp55_pb, bbp55_sb, delta; 4546 int ntries; 4547 4548 /* program filter */ 4549 run_rt3070_rf_read(sc, 24, &rf24); 4550 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 4551 run_rt3070_rf_write(sc, 24, rf24); 4552 4553 /* enable baseband loopback mode */ 4554 run_rt3070_rf_read(sc, 22, &rf22); 4555 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 4556 4557 /* set power and frequency of passband test tone */ 4558 run_bbp_write(sc, 24, 0x00); 4559 for (ntries = 0; ntries < 100; ntries++) { 4560 /* transmit test tone */ 4561 run_bbp_write(sc, 25, 0x90); 4562 run_delay(sc, 10); 4563 /* read received power */ 4564 run_bbp_read(sc, 55, &bbp55_pb); 4565 if (bbp55_pb != 0) 4566 break; 4567 } 4568 if (ntries == 100) 4569 return ETIMEDOUT; 4570 4571 /* set power and frequency of stopband test tone */ 4572 run_bbp_write(sc, 24, 0x06); 4573 for (ntries = 0; ntries < 100; ntries++) { 4574 /* transmit test tone */ 4575 run_bbp_write(sc, 25, 0x90); 4576 run_delay(sc, 10); 4577 /* read received power */ 4578 run_bbp_read(sc, 55, &bbp55_sb); 4579 4580 delta = bbp55_pb - bbp55_sb; 4581 if (delta > target) 4582 break; 4583 4584 /* reprogram filter */ 4585 rf24++; 4586 run_rt3070_rf_write(sc, 24, rf24); 4587 } 4588 if (ntries < 100) { 4589 if (rf24 != init) 4590 rf24--; /* backtrack */ 4591 *val = rf24; 4592 run_rt3070_rf_write(sc, 24, rf24); 4593 } 4594 4595 /* restore initial state */ 4596 run_bbp_write(sc, 24, 0x00); 4597 4598 /* disable baseband loopback mode */ 4599 run_rt3070_rf_read(sc, 22, &rf22); 4600 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 4601 4602 return (0); 4603 } 4604 4605 static void 4606 run_rt3070_rf_setup(struct run_softc *sc) 4607 { 4608 uint8_t bbp, rf; 4609 int i; 4610 4611 if (sc->mac_ver == 0x3572) { 4612 /* enable DC filter */ 4613 if (sc->mac_rev >= 0x0201) 4614 run_bbp_write(sc, 103, 0xc0); 4615 4616 run_bbp_read(sc, 138, &bbp); 4617 if (sc->ntxchains == 1) 4618 bbp |= 0x20; /* turn off DAC1 */ 4619 if (sc->nrxchains == 1) 4620 bbp &= ~0x02; /* turn off ADC1 */ 4621 run_bbp_write(sc, 138, bbp); 4622 4623 if (sc->mac_rev >= 0x0211) { 4624 /* improve power consumption */ 4625 run_bbp_read(sc, 31, &bbp); 4626 run_bbp_write(sc, 31, bbp & ~0x03); 4627 } 4628 4629 run_rt3070_rf_read(sc, 16, &rf); 4630 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 4631 run_rt3070_rf_write(sc, 16, rf); 4632 4633 } else if (sc->mac_ver == 0x3071) { 4634 if (sc->mac_rev >= 0x0211) { 4635 /* enable DC filter */ 4636 run_bbp_write(sc, 103, 0xc0); 4637 4638 /* improve power consumption */ 4639 run_bbp_read(sc, 31, &bbp); 4640 run_bbp_write(sc, 31, bbp & ~0x03); 4641 } 4642 4643 run_bbp_read(sc, 138, &bbp); 4644 if (sc->ntxchains == 1) 4645 bbp |= 0x20; /* turn off DAC1 */ 4646 if (sc->nrxchains == 1) 4647 bbp &= ~0x02; /* turn off ADC1 */ 4648 run_bbp_write(sc, 138, bbp); 4649 4650 run_write(sc, RT2860_TX_SW_CFG1, 0); 4651 if (sc->mac_rev < 0x0211) { 4652 run_write(sc, RT2860_TX_SW_CFG2, 4653 sc->patch_dac ? 0x2c : 0x0f); 4654 } else 4655 run_write(sc, RT2860_TX_SW_CFG2, 0); 4656 4657 } else if (sc->mac_ver == 0x3070) { 4658 if (sc->mac_rev >= 0x0201) { 4659 /* enable DC filter */ 4660 run_bbp_write(sc, 103, 0xc0); 4661 4662 /* improve power consumption */ 4663 run_bbp_read(sc, 31, &bbp); 4664 run_bbp_write(sc, 31, bbp & ~0x03); 4665 } 4666 4667 if (sc->mac_rev < 0x0201) { 4668 run_write(sc, RT2860_TX_SW_CFG1, 0); 4669 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 4670 } else 4671 run_write(sc, RT2860_TX_SW_CFG2, 0); 4672 } 4673 4674 /* initialize RF registers from ROM for >=RT3071*/ 4675 if (sc->mac_ver >= 0x3071) { 4676 for (i = 0; i < 10; i++) { 4677 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 4678 continue; 4679 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 4680 } 4681 } 4682 } 4683 4684 static int 4685 run_txrx_enable(struct run_softc *sc) 4686 { 4687 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4688 uint32_t tmp; 4689 int error, ntries; 4690 4691 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 4692 for (ntries = 0; ntries < 200; ntries++) { 4693 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 4694 return error; 4695 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4696 break; 4697 run_delay(sc, 50); 4698 } 4699 if (ntries == 200) 4700 return ETIMEDOUT; 4701 4702 run_delay(sc, 50); 4703 4704 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 4705 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4706 4707 /* enable Rx bulk aggregation (set timeout and limit) */ 4708 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 4709 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 4710 run_write(sc, RT2860_USB_DMA_CFG, tmp); 4711 4712 /* set Rx filter */ 4713 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 4714 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 4715 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 4716 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 4717 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 4718 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 4719 if (ic->ic_opmode == IEEE80211_M_STA) 4720 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 4721 } 4722 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4723 4724 run_write(sc, RT2860_MAC_SYS_CTRL, 4725 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4726 4727 return (0); 4728 } 4729 4730 static void 4731 run_init_locked(struct run_softc *sc) 4732 { 4733 struct ifnet *ifp = sc->sc_ifp; 4734 struct ieee80211com *ic = ifp->if_l2com; 4735 uint32_t tmp; 4736 uint8_t bbp1, bbp3; 4737 int i; 4738 int ridx; 4739 int ntries; 4740 4741 if (ic->ic_nrunning > 1) 4742 return; 4743 4744 run_stop(sc); 4745 4746 if (run_load_microcode(sc) != 0) { 4747 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 4748 goto fail; 4749 } 4750 4751 for (ntries = 0; ntries < 100; ntries++) { 4752 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 4753 goto fail; 4754 if (tmp != 0 && tmp != 0xffffffff) 4755 break; 4756 run_delay(sc, 10); 4757 } 4758 if (ntries == 100) 4759 goto fail; 4760 4761 for (i = 0; i != RUN_EP_QUEUES; i++) 4762 run_setup_tx_list(sc, &sc->sc_epq[i]); 4763 4764 run_set_macaddr(sc, IF_LLADDR(ifp)); 4765 4766 for (ntries = 0; ntries < 100; ntries++) { 4767 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 4768 goto fail; 4769 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4770 break; 4771 run_delay(sc, 10); 4772 } 4773 if (ntries == 100) { 4774 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 4775 goto fail; 4776 } 4777 tmp &= 0xff0; 4778 tmp |= RT2860_TX_WB_DDONE; 4779 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4780 4781 /* turn off PME_OEN to solve high-current issue */ 4782 run_read(sc, RT2860_SYS_CTRL, &tmp); 4783 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 4784 4785 run_write(sc, RT2860_MAC_SYS_CTRL, 4786 RT2860_BBP_HRST | RT2860_MAC_SRST); 4787 run_write(sc, RT2860_USB_DMA_CFG, 0); 4788 4789 if (run_reset(sc) != 0) { 4790 device_printf(sc->sc_dev, "could not reset chipset\n"); 4791 goto fail; 4792 } 4793 4794 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4795 4796 /* init Tx power for all Tx rates (from EEPROM) */ 4797 for (ridx = 0; ridx < 5; ridx++) { 4798 if (sc->txpow20mhz[ridx] == 0xffffffff) 4799 continue; 4800 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 4801 } 4802 4803 for (i = 0; i < N(rt2870_def_mac); i++) 4804 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 4805 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 4806 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 4807 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 4808 4809 if (sc->mac_ver >= 0x3070) { 4810 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 4811 run_write(sc, RT2860_TX_SW_CFG0, 4812 4 << RT2860_DLY_PAPE_EN_SHIFT); 4813 } 4814 4815 /* wait while MAC is busy */ 4816 for (ntries = 0; ntries < 100; ntries++) { 4817 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 4818 goto fail; 4819 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 4820 break; 4821 run_delay(sc, 10); 4822 } 4823 if (ntries == 100) 4824 goto fail; 4825 4826 /* clear Host to MCU mailbox */ 4827 run_write(sc, RT2860_H2M_BBPAGENT, 0); 4828 run_write(sc, RT2860_H2M_MAILBOX, 0); 4829 run_delay(sc, 10); 4830 4831 if (run_bbp_init(sc) != 0) { 4832 device_printf(sc->sc_dev, "could not initialize BBP\n"); 4833 goto fail; 4834 } 4835 4836 /* abort TSF synchronization */ 4837 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4838 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4839 RT2860_TBTT_TIMER_EN); 4840 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4841 4842 /* clear RX WCID search table */ 4843 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 4844 /* clear WCID attribute table */ 4845 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 4846 4847 /* hostapd sets a key before init. So, don't clear it. */ 4848 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 4849 /* clear shared key table */ 4850 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 4851 /* clear shared key mode */ 4852 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 4853 } 4854 4855 run_read(sc, RT2860_US_CYC_CNT, &tmp); 4856 tmp = (tmp & ~0xff) | 0x1e; 4857 run_write(sc, RT2860_US_CYC_CNT, tmp); 4858 4859 if (sc->mac_rev != 0x0101) 4860 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 4861 4862 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 4863 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 4864 4865 /* write vendor-specific BBP values (from EEPROM) */ 4866 for (i = 0; i < 10; i++) { 4867 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 4868 continue; 4869 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 4870 } 4871 4872 /* select Main antenna for 1T1R devices */ 4873 if (sc->rf_rev == RT3070_RF_3020) 4874 run_set_rx_antenna(sc, 0); 4875 4876 /* send LEDs operating mode to microcontroller */ 4877 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 4878 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 4879 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 4880 4881 if (sc->mac_ver >= 0x3070) 4882 run_rt3070_rf_init(sc); 4883 4884 /* disable non-existing Rx chains */ 4885 run_bbp_read(sc, 3, &bbp3); 4886 bbp3 &= ~(1 << 3 | 1 << 4); 4887 if (sc->nrxchains == 2) 4888 bbp3 |= 1 << 3; 4889 else if (sc->nrxchains == 3) 4890 bbp3 |= 1 << 4; 4891 run_bbp_write(sc, 3, bbp3); 4892 4893 /* disable non-existing Tx chains */ 4894 run_bbp_read(sc, 1, &bbp1); 4895 if (sc->ntxchains == 1) 4896 bbp1 &= ~(1 << 3 | 1 << 4); 4897 run_bbp_write(sc, 1, bbp1); 4898 4899 if (sc->mac_ver >= 0x3070) 4900 run_rt3070_rf_setup(sc); 4901 4902 /* select default channel */ 4903 run_set_chan(sc, ic->ic_curchan); 4904 4905 /* setup initial protection mode */ 4906 run_updateprot_cb(ic); 4907 4908 /* turn radio LED on */ 4909 run_set_leds(sc, RT2860_LED_RADIO); 4910 4911 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 4912 ifp->if_drv_flags |= IFF_DRV_RUNNING; 4913 sc->cmdq_run = RUN_CMDQ_GO; 4914 4915 for (i = 0; i != RUN_N_XFER; i++) 4916 usbd_xfer_set_stall(sc->sc_xfer[i]); 4917 4918 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 4919 4920 if (run_txrx_enable(sc) != 0) 4921 goto fail; 4922 4923 return; 4924 4925 fail: 4926 run_stop(sc); 4927 } 4928 4929 static void 4930 run_init(void *arg) 4931 { 4932 struct run_softc *sc = arg; 4933 struct ifnet *ifp = sc->sc_ifp; 4934 struct ieee80211com *ic = ifp->if_l2com; 4935 4936 RUN_LOCK(sc); 4937 run_init_locked(sc); 4938 RUN_UNLOCK(sc); 4939 4940 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4941 ieee80211_start_all(ic); 4942 } 4943 4944 static void 4945 run_stop(void *arg) 4946 { 4947 struct run_softc *sc = (struct run_softc *)arg; 4948 struct ifnet *ifp = sc->sc_ifp; 4949 uint32_t tmp; 4950 int i; 4951 int ntries; 4952 4953 RUN_LOCK_ASSERT(sc, MA_OWNED); 4954 4955 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4956 run_set_leds(sc, 0); /* turn all LEDs off */ 4957 4958 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 4959 4960 sc->ratectl_run = RUN_RATECTL_OFF; 4961 sc->cmdq_run = sc->cmdq_key_set; 4962 4963 RUN_UNLOCK(sc); 4964 4965 for(i = 0; i < RUN_N_XFER; i++) 4966 usbd_transfer_drain(sc->sc_xfer[i]); 4967 4968 RUN_LOCK(sc); 4969 4970 if (sc->rx_m != NULL) { 4971 m_free(sc->rx_m); 4972 sc->rx_m = NULL; 4973 } 4974 4975 /* disable Tx/Rx */ 4976 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 4977 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4978 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 4979 4980 /* wait for pending Tx to complete */ 4981 for (ntries = 0; ntries < 100; ntries++) { 4982 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 4983 DPRINTF("Cannot read Tx queue count\n"); 4984 break; 4985 } 4986 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 4987 DPRINTF("All Tx cleared\n"); 4988 break; 4989 } 4990 run_delay(sc, 10); 4991 } 4992 if (ntries >= 100) 4993 DPRINTF("There are still pending Tx\n"); 4994 run_delay(sc, 10); 4995 run_write(sc, RT2860_USB_DMA_CFG, 0); 4996 4997 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 4998 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4999 5000 for (i = 0; i != RUN_EP_QUEUES; i++) 5001 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 5002 5003 return; 5004 } 5005 5006 static void 5007 run_delay(struct run_softc *sc, u_int ms) 5008 { 5009 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 5010 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 5011 } 5012 5013 static device_method_t run_methods[] = { 5014 /* Device interface */ 5015 DEVMETHOD(device_probe, run_match), 5016 DEVMETHOD(device_attach, run_attach), 5017 DEVMETHOD(device_detach, run_detach), 5018 DEVMETHOD_END 5019 }; 5020 5021 static driver_t run_driver = { 5022 .name = "run", 5023 .methods = run_methods, 5024 .size = sizeof(struct run_softc) 5025 }; 5026 5027 static devclass_t run_devclass; 5028 5029 DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0); 5030 MODULE_DEPEND(run, wlan, 1, 1, 1); 5031 MODULE_DEPEND(run, usb, 1, 1, 1); 5032 MODULE_DEPEND(run, firmware, 1, 1, 1); 5033 MODULE_VERSION(run, 1); 5034