xref: /illumos-gate/usr/src/uts/common/io/rum/rum.c (revision 91760536453132b0d3369ad5543622a5478007e6)
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2005-2007 Damien Bergamini <damien.bergamini@free.fr>
8  * Copyright (c) 2006 Niall O'Higgins <niallo@openbsd.org>
9  *
10  * Permission to use, copy, modify, and distribute this software for any
11  * purpose with or without fee is hereby granted, provided that the above
12  * copyright notice and this permission notice appear in all copies.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21  */
22 
23 /*
24  * Ralink Technology RT2501USB/RT2601USB chipset driver
25  * http://www.ralinktech.com.tw/
26  */
27 
28 #include <sys/types.h>
29 #include <sys/byteorder.h>
30 #include <sys/conf.h>
31 #include <sys/cmn_err.h>
32 #include <sys/stat.h>
33 #include <sys/ddi.h>
34 #include <sys/sunddi.h>
35 #include <sys/strsubr.h>
36 #include <sys/ethernet.h>
37 #include <inet/common.h>
38 #include <inet/nd.h>
39 #include <inet/mi.h>
40 #include <sys/note.h>
41 #include <sys/stream.h>
42 #include <sys/strsun.h>
43 #include <sys/modctl.h>
44 #include <sys/devops.h>
45 #include <sys/dlpi.h>
46 #include <sys/mac.h>
47 #include <sys/mac_wifi.h>
48 #include <sys/net80211.h>
49 #include <sys/net80211_proto.h>
50 #include <sys/varargs.h>
51 #include <sys/policy.h>
52 #include <sys/pci.h>
53 #include <sys/crypto/common.h>
54 #include <sys/crypto/api.h>
55 #include <inet/wifi_ioctl.h>
56 
57 #define	USBDRV_MAJOR_VER	2
58 #define	USBDRV_MINOR_VER	0
59 #include <sys/usb/usba.h>
60 
61 #include "rum_reg.h"
62 #include "rum_var.h"
63 #include "rt2573_ucode.h"
64 
65 static void *rum_soft_state_p = NULL;
66 
67 #define	RAL_TXBUF_SIZE  	(IEEE80211_MAX_LEN)
68 #define	RAL_RXBUF_SIZE  	(IEEE80211_MAX_LEN)
69 
70 /* quickly determine if a given rate is CCK or OFDM */
71 #define	RUM_RATE_IS_OFDM(rate)	((rate) >= 12 && (rate) != 22)
72 #define	RUM_ACK_SIZE	14	/* 10 + 4(FCS) */
73 #define	RUM_CTS_SIZE	14	/* 10 + 4(FCS) */
74 
75 #define	RUM_N(a)		(sizeof (a) / sizeof ((a)[0]))
76 
77 /*
78  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
79  */
80 static const struct ieee80211_rateset rum_rateset_11a =
81 	{ 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
82 
83 static const struct ieee80211_rateset rum_rateset_11b =
84 	{ 4, { 2, 4, 11, 22 } };
85 
86 static const struct ieee80211_rateset rum_rateset_11g =
87 	{ 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
88 
89 static const struct {
90 	uint32_t	reg;
91 	uint32_t	val;
92 } rum_def_mac[] = {
93 	{ RT2573_TXRX_CSR0,  0x025fb032 },
94 	{ RT2573_TXRX_CSR1,  0x9eaa9eaf },
95 	{ RT2573_TXRX_CSR2,  0x8a8b8c8d },
96 	{ RT2573_TXRX_CSR3,  0x00858687 },
97 	{ RT2573_TXRX_CSR7,  0x2e31353b },
98 	{ RT2573_TXRX_CSR8,  0x2a2a2a2c },
99 	{ RT2573_TXRX_CSR15, 0x0000000f },
100 	{ RT2573_MAC_CSR6,   0x00000fff },
101 	{ RT2573_MAC_CSR8,   0x016c030a },
102 	{ RT2573_MAC_CSR10,  0x00000718 },
103 	{ RT2573_MAC_CSR12,  0x00000004 },
104 	{ RT2573_MAC_CSR13,  0x00007f00 },
105 	{ RT2573_SEC_CSR0,   0x00000000 },
106 	{ RT2573_SEC_CSR1,   0x00000000 },
107 	{ RT2573_SEC_CSR5,   0x00000000 },
108 	{ RT2573_PHY_CSR1,   0x000023b0 },
109 	{ RT2573_PHY_CSR5,   0x00040a06 },
110 	{ RT2573_PHY_CSR6,   0x00080606 },
111 	{ RT2573_PHY_CSR7,   0x00000408 },
112 	{ RT2573_AIFSN_CSR,  0x00002273 },
113 	{ RT2573_CWMIN_CSR,  0x00002344 },
114 	{ RT2573_CWMAX_CSR,  0x000034aa }
115 };
116 
117 static const struct {
118 	uint8_t	reg;
119 	uint8_t	val;
120 } rum_def_bbp[] = {
121 	{   3, 0x80 },
122 	{  15, 0x30 },
123 	{  17, 0x20 },
124 	{  21, 0xc8 },
125 	{  22, 0x38 },
126 	{  23, 0x06 },
127 	{  24, 0xfe },
128 	{  25, 0x0a },
129 	{  26, 0x0d },
130 	{  32, 0x0b },
131 	{  34, 0x12 },
132 	{  37, 0x07 },
133 	{  39, 0xf8 },
134 	{  41, 0x60 },
135 	{  53, 0x10 },
136 	{  54, 0x18 },
137 	{  60, 0x10 },
138 	{  61, 0x04 },
139 	{  62, 0x04 },
140 	{  75, 0xfe },
141 	{  86, 0xfe },
142 	{  88, 0xfe },
143 	{  90, 0x0f },
144 	{  99, 0x00 },
145 	{ 102, 0x16 },
146 	{ 107, 0x04 }
147 };
148 
149 static const struct rfprog {
150 	uint8_t		chan;
151 	uint32_t	r1, r2, r3, r4;
152 }  rum_rf5226[] = {
153 	{   1, 0x00b03, 0x001e1, 0x1a014, 0x30282 },
154 	{   2, 0x00b03, 0x001e1, 0x1a014, 0x30287 },
155 	{   3, 0x00b03, 0x001e2, 0x1a014, 0x30282 },
156 	{   4, 0x00b03, 0x001e2, 0x1a014, 0x30287 },
157 	{   5, 0x00b03, 0x001e3, 0x1a014, 0x30282 },
158 	{   6, 0x00b03, 0x001e3, 0x1a014, 0x30287 },
159 	{   7, 0x00b03, 0x001e4, 0x1a014, 0x30282 },
160 	{   8, 0x00b03, 0x001e4, 0x1a014, 0x30287 },
161 	{   9, 0x00b03, 0x001e5, 0x1a014, 0x30282 },
162 	{  10, 0x00b03, 0x001e5, 0x1a014, 0x30287 },
163 	{  11, 0x00b03, 0x001e6, 0x1a014, 0x30282 },
164 	{  12, 0x00b03, 0x001e6, 0x1a014, 0x30287 },
165 	{  13, 0x00b03, 0x001e7, 0x1a014, 0x30282 },
166 	{  14, 0x00b03, 0x001e8, 0x1a014, 0x30284 },
167 
168 	{  34, 0x00b03, 0x20266, 0x36014, 0x30282 },
169 	{  38, 0x00b03, 0x20267, 0x36014, 0x30284 },
170 	{  42, 0x00b03, 0x20268, 0x36014, 0x30286 },
171 	{  46, 0x00b03, 0x20269, 0x36014, 0x30288 },
172 
173 	{  36, 0x00b03, 0x00266, 0x26014, 0x30288 },
174 	{  40, 0x00b03, 0x00268, 0x26014, 0x30280 },
175 	{  44, 0x00b03, 0x00269, 0x26014, 0x30282 },
176 	{  48, 0x00b03, 0x0026a, 0x26014, 0x30284 },
177 	{  52, 0x00b03, 0x0026b, 0x26014, 0x30286 },
178 	{  56, 0x00b03, 0x0026c, 0x26014, 0x30288 },
179 	{  60, 0x00b03, 0x0026e, 0x26014, 0x30280 },
180 	{  64, 0x00b03, 0x0026f, 0x26014, 0x30282 },
181 
182 	{ 100, 0x00b03, 0x0028a, 0x2e014, 0x30280 },
183 	{ 104, 0x00b03, 0x0028b, 0x2e014, 0x30282 },
184 	{ 108, 0x00b03, 0x0028c, 0x2e014, 0x30284 },
185 	{ 112, 0x00b03, 0x0028d, 0x2e014, 0x30286 },
186 	{ 116, 0x00b03, 0x0028e, 0x2e014, 0x30288 },
187 	{ 120, 0x00b03, 0x002a0, 0x2e014, 0x30280 },
188 	{ 124, 0x00b03, 0x002a1, 0x2e014, 0x30282 },
189 	{ 128, 0x00b03, 0x002a2, 0x2e014, 0x30284 },
190 	{ 132, 0x00b03, 0x002a3, 0x2e014, 0x30286 },
191 	{ 136, 0x00b03, 0x002a4, 0x2e014, 0x30288 },
192 	{ 140, 0x00b03, 0x002a6, 0x2e014, 0x30280 },
193 
194 	{ 149, 0x00b03, 0x002a8, 0x2e014, 0x30287 },
195 	{ 153, 0x00b03, 0x002a9, 0x2e014, 0x30289 },
196 	{ 157, 0x00b03, 0x002ab, 0x2e014, 0x30281 },
197 	{ 161, 0x00b03, 0x002ac, 0x2e014, 0x30283 },
198 	{ 165, 0x00b03, 0x002ad, 0x2e014, 0x30285 }
199 }, rum_rf5225[] = {
200 	{   1, 0x00b33, 0x011e1, 0x1a014, 0x30282 },
201 	{   2, 0x00b33, 0x011e1, 0x1a014, 0x30287 },
202 	{   3, 0x00b33, 0x011e2, 0x1a014, 0x30282 },
203 	{   4, 0x00b33, 0x011e2, 0x1a014, 0x30287 },
204 	{   5, 0x00b33, 0x011e3, 0x1a014, 0x30282 },
205 	{   6, 0x00b33, 0x011e3, 0x1a014, 0x30287 },
206 	{   7, 0x00b33, 0x011e4, 0x1a014, 0x30282 },
207 	{   8, 0x00b33, 0x011e4, 0x1a014, 0x30287 },
208 	{   9, 0x00b33, 0x011e5, 0x1a014, 0x30282 },
209 	{  10, 0x00b33, 0x011e5, 0x1a014, 0x30287 },
210 	{  11, 0x00b33, 0x011e6, 0x1a014, 0x30282 },
211 	{  12, 0x00b33, 0x011e6, 0x1a014, 0x30287 },
212 	{  13, 0x00b33, 0x011e7, 0x1a014, 0x30282 },
213 	{  14, 0x00b33, 0x011e8, 0x1a014, 0x30284 },
214 
215 	{  34, 0x00b33, 0x01266, 0x26014, 0x30282 },
216 	{  38, 0x00b33, 0x01267, 0x26014, 0x30284 },
217 	{  42, 0x00b33, 0x01268, 0x26014, 0x30286 },
218 	{  46, 0x00b33, 0x01269, 0x26014, 0x30288 },
219 
220 	{  36, 0x00b33, 0x01266, 0x26014, 0x30288 },
221 	{  40, 0x00b33, 0x01268, 0x26014, 0x30280 },
222 	{  44, 0x00b33, 0x01269, 0x26014, 0x30282 },
223 	{  48, 0x00b33, 0x0126a, 0x26014, 0x30284 },
224 	{  52, 0x00b33, 0x0126b, 0x26014, 0x30286 },
225 	{  56, 0x00b33, 0x0126c, 0x26014, 0x30288 },
226 	{  60, 0x00b33, 0x0126e, 0x26014, 0x30280 },
227 	{  64, 0x00b33, 0x0126f, 0x26014, 0x30282 },
228 
229 	{ 100, 0x00b33, 0x0128a, 0x2e014, 0x30280 },
230 	{ 104, 0x00b33, 0x0128b, 0x2e014, 0x30282 },
231 	{ 108, 0x00b33, 0x0128c, 0x2e014, 0x30284 },
232 	{ 112, 0x00b33, 0x0128d, 0x2e014, 0x30286 },
233 	{ 116, 0x00b33, 0x0128e, 0x2e014, 0x30288 },
234 	{ 120, 0x00b33, 0x012a0, 0x2e014, 0x30280 },
235 	{ 124, 0x00b33, 0x012a1, 0x2e014, 0x30282 },
236 	{ 128, 0x00b33, 0x012a2, 0x2e014, 0x30284 },
237 	{ 132, 0x00b33, 0x012a3, 0x2e014, 0x30286 },
238 	{ 136, 0x00b33, 0x012a4, 0x2e014, 0x30288 },
239 	{ 140, 0x00b33, 0x012a6, 0x2e014, 0x30280 },
240 
241 	{ 149, 0x00b33, 0x012a8, 0x2e014, 0x30287 },
242 	{ 153, 0x00b33, 0x012a9, 0x2e014, 0x30289 },
243 	{ 157, 0x00b33, 0x012ab, 0x2e014, 0x30281 },
244 	{ 161, 0x00b33, 0x012ac, 0x2e014, 0x30283 },
245 	{ 165, 0x00b33, 0x012ad, 0x2e014, 0x30285 }
246 };
247 
248 /*
249  * device operations
250  */
251 static int rum_attach(dev_info_t *, ddi_attach_cmd_t);
252 static int rum_detach(dev_info_t *, ddi_detach_cmd_t);
253 
254 /*
255  * Module Loading Data & Entry Points
256  */
257 DDI_DEFINE_STREAM_OPS(rum_dev_ops, nulldev, nulldev, rum_attach,
258     rum_detach, nodev, NULL, D_MP, NULL, ddi_quiesce_not_needed);
259 
260 static struct modldrv rum_modldrv = {
261 	&mod_driverops,		/* Type of module.  This one is a driver */
262 	"rum driver v1.1",	/* short description */
263 	&rum_dev_ops		/* driver specific ops */
264 };
265 
266 static struct modlinkage modlinkage = {
267 	MODREV_1,
268 	(void *)&rum_modldrv,
269 	NULL
270 };
271 
272 static int	rum_m_stat(void *,  uint_t, uint64_t *);
273 static int	rum_m_start(void *);
274 static void	rum_m_stop(void *);
275 static int	rum_m_promisc(void *, boolean_t);
276 static int	rum_m_multicst(void *, boolean_t, const uint8_t *);
277 static int	rum_m_unicst(void *, const uint8_t *);
278 static mblk_t	*rum_m_tx(void *, mblk_t *);
279 static void	rum_m_ioctl(void *, queue_t *, mblk_t *);
280 static int	rum_m_setprop(void *, const char *, mac_prop_id_t,
281     uint_t, const void *);
282 static int	rum_m_getprop(void *, const char *, mac_prop_id_t,
283     uint_t, uint_t, void *, uint_t *);
284 
285 static mac_callbacks_t rum_m_callbacks = {
286 	MC_IOCTL | MC_SETPROP | MC_GETPROP,
287 	rum_m_stat,
288 	rum_m_start,
289 	rum_m_stop,
290 	rum_m_promisc,
291 	rum_m_multicst,
292 	rum_m_unicst,
293 	rum_m_tx,
294 	NULL,		/* mc_resources; */
295 	rum_m_ioctl,
296 	NULL,		/* mc_getcapab */
297 	NULL,
298 	NULL,
299 	rum_m_setprop,
300 	rum_m_getprop
301 };
302 
303 extern const char *usb_str_cr(int);
304 static void rum_amrr_start(struct rum_softc *, struct ieee80211_node *);
305 static int  rum_tx_trigger(struct rum_softc *, mblk_t *);
306 static int  rum_rx_trigger(struct rum_softc *);
307 
308 uint32_t rum_dbg_flags = 0;
309 
310 #ifdef DEBUG
311 void
312 ral_debug(uint32_t dbg_flags, const int8_t *fmt, ...)
313 {
314 	va_list args;
315 
316 	if (dbg_flags & rum_dbg_flags) {
317 		va_start(args, fmt);
318 		vcmn_err(CE_CONT, fmt, args);
319 		va_end(args);
320 	}
321 }
322 #endif
323 
324 static void
325 rum_read_multi(struct rum_softc *sc, uint16_t reg, void *buf, int len)
326 {
327 	usb_ctrl_setup_t req;
328 	usb_cr_t cr;
329 	usb_cb_flags_t cf;
330 	mblk_t *mp;
331 	int err;
332 
333 	bzero(&req, sizeof (req));
334 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
335 	req.bRequest = RT2573_READ_MULTI_MAC;
336 	req.wValue = 0;
337 	req.wIndex = reg;
338 	req.wLength = (uint16_t)len;
339 	req.attrs = USB_ATTRS_AUTOCLEARING;
340 
341 	mp = NULL;
342 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
343 	    &cr, &cf, 0);
344 
345 	if (err != USB_SUCCESS) {
346 		RAL_DEBUG(RAL_DBG_ERR,
347 		    "rum_read_multi(): could not read MAC register:"
348 		    "cr:%s(%d), cf:(%x)\n",
349 		    usb_str_cr(cr), cr, cf);
350 		return;
351 	}
352 
353 	bcopy(mp->b_rptr, buf, len);
354 	freemsg(mp);
355 }
356 
357 static uint32_t
358 rum_read(struct rum_softc *sc, uint16_t reg)
359 {
360 	uint32_t val;
361 
362 	rum_read_multi(sc, reg, &val, sizeof (val));
363 
364 	return (LE_32(val));
365 }
366 
367 static void
368 rum_write_multi(struct rum_softc *sc, uint16_t reg, void *buf, size_t len)
369 {
370 	usb_ctrl_setup_t req;
371 	usb_cr_t cr;
372 	usb_cb_flags_t cf;
373 	mblk_t *mp;
374 	int err;
375 
376 	bzero(&req, sizeof (req));
377 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
378 	req.bRequest = RT2573_WRITE_MULTI_MAC;
379 	req.wValue = 0;
380 	req.wIndex = reg;
381 	req.wLength = (uint16_t)len;
382 	req.attrs = USB_ATTRS_NONE;
383 
384 	if ((mp = allocb(len, BPRI_HI)) == NULL) {
385 		RAL_DEBUG(RAL_DBG_ERR, "rum_write_multi(): failed alloc mblk.");
386 		return;
387 	}
388 
389 	bcopy(buf, mp->b_wptr, len);
390 	mp->b_wptr += len;
391 
392 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
393 	    &cr, &cf, 0);
394 
395 	if (err != USB_SUCCESS) {
396 		RAL_DEBUG(RAL_DBG_USB,
397 		    "rum_write_multi(): could not write MAC register:"
398 		    "cr:%s(%d), cf:(%x)\n",
399 		    usb_str_cr(cr), cr, cf);
400 	}
401 
402 	freemsg(mp);
403 }
404 
405 static void
406 rum_write(struct rum_softc *sc, uint16_t reg, uint32_t val)
407 {
408 	uint32_t tmp = LE_32(val);
409 
410 	rum_write_multi(sc, reg, &tmp, sizeof (tmp));
411 }
412 
413 #define	UGETDW(w) ((w)[0] | ((w)[1] << 8) | ((w)[2] << 16) | ((w)[3] << 24))
414 
415 static int
416 rum_load_microcode(struct rum_softc *sc)
417 {
418 	usb_ctrl_setup_t req;
419 	usb_cr_t cr;
420 	usb_cb_flags_t cf;
421 	int err;
422 
423 	const uint8_t *ucode;
424 	int size;
425 	uint16_t reg = RT2573_MCU_CODE_BASE;
426 
427 	ucode = rt2573_ucode;
428 	size  = sizeof (rt2573_ucode);
429 
430 	/* copy firmware image into NIC */
431 	for (; size >= 4; reg += 4, ucode += 4, size -= 4) {
432 		rum_write(sc, reg, UGETDW(ucode));
433 		/* rum_write(sc, reg, *(uint32_t *)(ucode)); */
434 	}
435 
436 	bzero(&req, sizeof (req));
437 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_HOST_TO_DEV;
438 	req.bRequest = RT2573_MCU_CNTL;
439 	req.wValue = RT2573_MCU_RUN;
440 	req.wIndex = 0;
441 	req.wLength = 0;
442 	req.attrs = USB_ATTRS_NONE;
443 
444 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, NULL,
445 	    &cr, &cf, 0);
446 
447 	if (err != USB_SUCCESS) {
448 		RAL_DEBUG(RAL_DBG_ERR,
449 		    "rum_load_microcode(): could not run firmware: "
450 		    "cr:%s(%d), cf:(%x)\n",
451 		    usb_str_cr(cr), cr, cf);
452 	}
453 
454 	RAL_DEBUG(RAL_DBG_MSG,
455 	    "rum_load_microcode(%d): done\n", sizeof (rt2573_ucode));
456 
457 	return (err);
458 }
459 
460 static void
461 rum_eeprom_read(struct rum_softc *sc, uint16_t addr, void *buf, int len)
462 {
463 	usb_ctrl_setup_t req;
464 	usb_cr_t cr;
465 	usb_cb_flags_t cf;
466 	mblk_t *mp;
467 	int err;
468 
469 	bzero(&req, sizeof (req));
470 	req.bmRequestType = USB_DEV_REQ_TYPE_VENDOR | USB_DEV_REQ_DEV_TO_HOST;
471 	req.bRequest = RT2573_READ_EEPROM;
472 	req.wValue = 0;
473 	req.wIndex = addr;
474 	req.wLength = (uint16_t)len;
475 
476 	mp = NULL;
477 	err = usb_pipe_ctrl_xfer_wait(sc->sc_udev->dev_default_ph, &req, &mp,
478 	    &cr, &cf, 0);
479 
480 	if (err != USB_SUCCESS) {
481 		RAL_DEBUG(RAL_DBG_USB,
482 		    "rum_eeprom_read(): could not read EEPROM:"
483 		    "cr:%s(%d), cf:(%x)\n",
484 		    usb_str_cr(cr), cr, cf);
485 		return;
486 	}
487 
488 	bcopy(mp->b_rptr, buf, len);
489 	freemsg(mp);
490 }
491 
492 /* ARGSUSED */
493 static void
494 rum_txeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
495 {
496 	struct rum_softc *sc = (struct rum_softc *)req->bulk_client_private;
497 	struct ieee80211com *ic = &sc->sc_ic;
498 
499 	RAL_DEBUG(RAL_DBG_TX,
500 	    "rum_txeof(): cr:%s(%d), flags:0x%x, tx_queued:%d",
501 	    usb_str_cr(req->bulk_completion_reason),
502 	    req->bulk_completion_reason,
503 	    req->bulk_cb_flags,
504 	    sc->tx_queued);
505 
506 	if (req->bulk_completion_reason != USB_CR_OK)
507 		sc->sc_tx_err++;
508 
509 	mutex_enter(&sc->tx_lock);
510 
511 	sc->tx_queued--;
512 	sc->sc_tx_timer = 0;
513 
514 	if (sc->sc_need_sched) {
515 		sc->sc_need_sched = 0;
516 		mac_tx_update(ic->ic_mach);
517 	}
518 
519 	mutex_exit(&sc->tx_lock);
520 	usb_free_bulk_req(req);
521 }
522 
523 /* ARGSUSED */
524 static void
525 rum_rxeof(usb_pipe_handle_t pipe, usb_bulk_req_t *req)
526 {
527 	struct rum_softc *sc = (struct rum_softc *)req->bulk_client_private;
528 	struct ieee80211com *ic = &sc->sc_ic;
529 
530 	struct rum_rx_desc *desc;
531 	struct ieee80211_frame *wh;
532 	struct ieee80211_node *ni;
533 
534 	mblk_t *m, *mp;
535 	int len, pktlen;
536 	char *rxbuf;
537 
538 	mp = req->bulk_data;
539 	req->bulk_data = NULL;
540 
541 	RAL_DEBUG(RAL_DBG_RX,
542 	    "rum_rxeof(): cr:%s(%d), flags:0x%x, rx_queued:%d",
543 	    usb_str_cr(req->bulk_completion_reason),
544 	    req->bulk_completion_reason,
545 	    req->bulk_cb_flags,
546 	    sc->rx_queued);
547 
548 	if (req->bulk_completion_reason != USB_CR_OK) {
549 		sc->sc_rx_err++;
550 		goto fail;
551 	}
552 
553 	len = msgdsize(mp);
554 	rxbuf = (char *)mp->b_rptr;
555 
556 
557 	if (len < RT2573_RX_DESC_SIZE + sizeof (struct ieee80211_frame_min)) {
558 		RAL_DEBUG(RAL_DBG_ERR,
559 		    "rum_rxeof(): xfer too short %d\n", len);
560 		sc->sc_rx_err++;
561 		goto fail;
562 	}
563 
564 	/* rx descriptor is located at the head, different from RT2500USB */
565 	desc = (struct rum_rx_desc *)rxbuf;
566 
567 	if (LE_32(desc->flags) & RT2573_RX_CRC_ERROR) {
568 		/*
569 		 * This should not happen since we did not request to receive
570 		 * those frames when we filled RT2573_TXRX_CSR0.
571 		 */
572 		RAL_DEBUG(RAL_DBG_ERR, "CRC error\n");
573 		sc->sc_rx_err++;
574 		goto fail;
575 	}
576 
577 	pktlen = (LE_32(desc->flags) >> 16) & 0xfff;
578 
579 	if (pktlen > (len - RT2573_RX_DESC_SIZE)) {
580 		RAL_DEBUG(RAL_DBG_ERR,
581 		    "rum_rxeof(): pktlen mismatch <%d, %d>.\n", pktlen, len);
582 		goto fail;
583 	}
584 
585 	if ((m = allocb(pktlen, BPRI_MED)) == NULL) {
586 		RAL_DEBUG(RAL_DBG_ERR,
587 		    "rum_rxeof(): allocate mblk failed.\n");
588 		sc->sc_rx_nobuf++;
589 		goto fail;
590 	}
591 
592 	bcopy(rxbuf + RT2573_RX_DESC_SIZE, m->b_rptr, pktlen);
593 	m->b_wptr += pktlen;
594 
595 	wh = (struct ieee80211_frame *)m->b_rptr;
596 	ni = ieee80211_find_rxnode(ic, wh);
597 
598 	/* send the frame to the 802.11 layer */
599 	(void) ieee80211_input(ic, m, ni, desc->rssi, 0);
600 
601 	/* node is no longer needed */
602 	ieee80211_free_node(ni);
603 
604 fail:
605 	mutex_enter(&sc->rx_lock);
606 	sc->rx_queued--;
607 	mutex_exit(&sc->rx_lock);
608 
609 	freemsg(mp);
610 	usb_free_bulk_req(req);
611 
612 	if (RAL_IS_RUNNING(sc))
613 		(void) rum_rx_trigger(sc);
614 }
615 
616 /*
617  * Return the expected ack rate for a frame transmitted at rate `rate'.
618  */
619 static int
620 rum_ack_rate(struct ieee80211com *ic, int rate)
621 {
622 	switch (rate) {
623 	/* CCK rates */
624 	case 2:
625 		return (2);
626 	case 4:
627 	case 11:
628 	case 22:
629 		return ((ic->ic_curmode == IEEE80211_MODE_11B) ? 4 : rate);
630 
631 	/* OFDM rates */
632 	case 12:
633 	case 18:
634 		return (12);
635 	case 24:
636 	case 36:
637 		return (24);
638 	case 48:
639 	case 72:
640 	case 96:
641 	case 108:
642 		return (48);
643 	}
644 
645 	/* default to 1Mbps */
646 	return (2);
647 }
648 
649 /*
650  * Compute the duration (in us) needed to transmit `len' bytes at rate `rate'.
651  * The function automatically determines the operating mode depending on the
652  * given rate. `flags' indicates whether short preamble is in use or not.
653  */
654 static uint16_t
655 rum_txtime(int len, int rate, uint32_t flags)
656 {
657 	uint16_t txtime;
658 
659 	if (RUM_RATE_IS_OFDM(rate)) {
660 		/* IEEE Std 802.11a-1999, pp. 37 */
661 		txtime = (8 + 4 * len + 3 + rate - 1) / rate;
662 		txtime = 16 + 4 + 4 * txtime + 6;
663 	} else {
664 		/* IEEE Std 802.11b-1999, pp. 28 */
665 		txtime = (16 * len + rate - 1) / rate;
666 		if (rate != 2 && (flags & IEEE80211_F_SHPREAMBLE))
667 			txtime +=  72 + 24;
668 		else
669 			txtime += 144 + 48;
670 	}
671 	return (txtime);
672 }
673 
674 static uint8_t
675 rum_plcp_signal(int rate)
676 {
677 	switch (rate) {
678 	/* CCK rates (returned values are device-dependent) */
679 	case 2:		return (0x0);
680 	case 4:		return (0x1);
681 	case 11:	return (0x2);
682 	case 22:	return (0x3);
683 
684 	/* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
685 	case 12:	return (0xb);
686 	case 18:	return (0xf);
687 	case 24:	return (0xa);
688 	case 36:	return (0xe);
689 	case 48:	return (0x9);
690 	case 72:	return (0xd);
691 	case 96:	return (0x8);
692 	case 108:	return (0xc);
693 
694 	/* unsupported rates (should not get there) */
695 	default:	return (0xff);
696 	}
697 }
698 
699 static void
700 rum_setup_tx_desc(struct rum_softc *sc, struct rum_tx_desc *desc,
701     uint32_t flags, uint16_t xflags, int len, int rate)
702 {
703 	struct ieee80211com *ic = &sc->sc_ic;
704 	uint16_t plcp_length;
705 	int remainder;
706 
707 	desc->flags = LE_32(flags);
708 	desc->flags |= LE_32(RT2573_TX_VALID);
709 	desc->flags |= LE_32(len << 16);
710 
711 	desc->xflags = LE_16(xflags);
712 
713 	desc->wme = LE_16(RT2573_QID(0) | RT2573_AIFSN(2) |
714 	    RT2573_LOGCWMIN(4) | RT2573_LOGCWMAX(10));
715 
716 	/* setup PLCP fields */
717 	desc->plcp_signal  = rum_plcp_signal(rate);
718 	desc->plcp_service = 4;
719 
720 	len += IEEE80211_CRC_LEN;
721 	if (RUM_RATE_IS_OFDM(rate)) {
722 		desc->flags |= LE_32(RT2573_TX_OFDM);
723 
724 		plcp_length = len & 0xfff;
725 		desc->plcp_length_hi = plcp_length >> 6;
726 		desc->plcp_length_lo = plcp_length & 0x3f;
727 	} else {
728 		plcp_length = (16 * len + rate - 1) / rate;
729 		if (rate == 22) {
730 			remainder = (16 * len) % 22;
731 			if (remainder != 0 && remainder < 7)
732 				desc->plcp_service |= RT2573_PLCP_LENGEXT;
733 		}
734 		desc->plcp_length_hi = plcp_length >> 8;
735 		desc->plcp_length_lo = plcp_length & 0xff;
736 
737 		if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
738 			desc->plcp_signal |= 0x08;
739 	}
740 }
741 
742 #define	RUM_TX_TIMEOUT	5
743 
744 static int
745 rum_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
746 {
747 	struct rum_softc *sc = (struct rum_softc *)ic;
748 	struct rum_tx_desc *desc;
749 
750 	struct ieee80211_frame *wh;
751 	struct ieee80211_key *k;
752 
753 	uint16_t dur;
754 	uint32_t flags = 0;
755 	int rate, err = DDI_SUCCESS, rv;
756 
757 	struct ieee80211_node *ni = NULL;
758 	mblk_t *m, *m0;
759 	int off, mblen, pktlen, xferlen;
760 
761 
762 	mutex_enter(&sc->tx_lock);
763 
764 	if (sc->tx_queued > RAL_TX_LIST_COUNT) {
765 		RAL_DEBUG(RAL_DBG_TX, "rum_send(): "
766 		    "no TX buffer available!\n");
767 		if ((type & IEEE80211_FC0_TYPE_MASK) ==
768 		    IEEE80211_FC0_TYPE_DATA) {
769 			sc->sc_need_sched = 1;
770 		}
771 		sc->sc_tx_nobuf++;
772 		err = ENOMEM;
773 		goto fail;
774 	}
775 
776 	m = allocb(RAL_TXBUF_SIZE + RT2573_TX_DESC_SIZE, BPRI_MED);
777 	if (m == NULL) {
778 		RAL_DEBUG(RAL_DBG_ERR, "rum_send(): can't alloc mblk.\n");
779 		err = DDI_FAILURE;
780 		goto fail;
781 	}
782 
783 	m->b_rptr += RT2573_TX_DESC_SIZE;	/* skip TX descriptor */
784 	m->b_wptr += RT2573_TX_DESC_SIZE;
785 
786 	for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) {
787 		mblen = (uintptr_t)m0->b_wptr - (uintptr_t)m0->b_rptr;
788 		(void) memcpy(m->b_rptr + off, m0->b_rptr, mblen);
789 		off += mblen;
790 	}
791 	m->b_wptr += off;
792 
793 	wh = (struct ieee80211_frame *)m->b_rptr;
794 
795 	ni = ieee80211_find_txnode(ic, wh->i_addr1);
796 	if (ni == NULL) {
797 		err = DDI_FAILURE;
798 		sc->sc_tx_err++;
799 		freemsg(m);
800 		goto fail;
801 	}
802 
803 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
804 	    IEEE80211_FC0_TYPE_DATA) {
805 		(void) ieee80211_encap(ic, m, ni);
806 	}
807 
808 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
809 		k = ieee80211_crypto_encap(ic, m);
810 		if (k == NULL) {
811 			sc->sc_tx_err++;
812 			err = DDI_FAILURE;
813 			freemsg(m);
814 			goto fail;
815 		}
816 		/* packet header may have moved, reset our local pointer */
817 		wh = (struct ieee80211_frame *)m->b_rptr;
818 	}
819 
820 	m->b_rptr -= RT2573_TX_DESC_SIZE;	/* restore */
821 	desc = (struct rum_tx_desc *)m->b_rptr;
822 
823 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
824 	    IEEE80211_FC0_TYPE_DATA) {	/* DATA */
825 		if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE)
826 			rate = ic->ic_bss->in_rates.ir_rates[ic->ic_fixed_rate];
827 		else
828 			rate = ni->in_rates.ir_rates[ni->in_txrate];
829 
830 		rate &= IEEE80211_RATE_VAL;
831 		if (rate <= 0) {
832 			rate = 2;	/* basic rate */
833 		}
834 
835 
836 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
837 			flags |= RT2573_TX_NEED_ACK;
838 			flags |= RT2573_TX_MORE_FRAG;
839 
840 			dur = rum_txtime(RUM_ACK_SIZE, rum_ack_rate(ic, rate),
841 			    ic->ic_flags) + sc->sifs;
842 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
843 		}
844 	} else {	/* MGMT */
845 		rate = IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ? 12 : 2;
846 
847 		if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
848 			flags |= RT2573_TX_NEED_ACK;
849 
850 			dur = rum_txtime(RUM_ACK_SIZE, rum_ack_rate(ic, rate),
851 			    ic->ic_flags) + sc->sifs;
852 			*(uint16_t *)(uintptr_t)wh->i_dur = LE_16(dur);
853 
854 			/* tell hardware to add timestamp for probe responses */
855 			if ((wh->i_fc[0] &
856 			    (IEEE80211_FC0_TYPE_MASK |
857 			    IEEE80211_FC0_SUBTYPE_MASK)) ==
858 			    (IEEE80211_FC0_TYPE_MGT |
859 			    IEEE80211_FC0_SUBTYPE_PROBE_RESP))
860 				flags |= RT2573_TX_TIMESTAMP;
861 		}
862 	}
863 
864 	pktlen = msgdsize(m) - RT2573_TX_DESC_SIZE;
865 	rum_setup_tx_desc(sc, desc, flags, 0, pktlen, rate);
866 
867 	/* align end on a 4-bytes boundary */
868 	xferlen = (RT2573_TX_DESC_SIZE + pktlen + 3) & ~3;
869 
870 	/*
871 	 * No space left in the last URB to store the extra 4 bytes, force
872 	 * sending of another URB.
873 	 */
874 	if ((xferlen % 64) == 0)
875 		xferlen += 4;
876 
877 	m->b_wptr = m->b_rptr + xferlen;
878 
879 	RAL_DEBUG(RAL_DBG_TX, "sending data frame len=%u rate=%u xfer len=%u\n",
880 	    pktlen, rate, xferlen);
881 
882 	rv = rum_tx_trigger(sc, m);
883 
884 	if (rv == 0) {
885 		ic->ic_stats.is_tx_frags++;
886 		ic->ic_stats.is_tx_bytes += pktlen;
887 	}
888 
889 fail:
890 	if (ni != NULL)
891 		ieee80211_free_node(ni);
892 
893 	if ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA ||
894 	    err == 0) {
895 		freemsg(mp);
896 	}
897 
898 	mutex_exit(&sc->tx_lock);
899 
900 	return (err);
901 }
902 
903 static mblk_t *
904 rum_m_tx(void *arg, mblk_t *mp)
905 {
906 	struct rum_softc *sc = (struct rum_softc *)arg;
907 	struct ieee80211com *ic = &sc->sc_ic;
908 	mblk_t *next;
909 
910 	/*
911 	 * No data frames go out unless we're associated; this
912 	 * should not happen as the 802.11 layer does not enable
913 	 * the xmit queue until we enter the RUN state.
914 	 */
915 	if (ic->ic_state != IEEE80211_S_RUN) {
916 		RAL_DEBUG(RAL_DBG_ERR, "rum_m_tx(): "
917 		    "discard, state %u\n", ic->ic_state);
918 		freemsgchain(mp);
919 		return (NULL);
920 	}
921 
922 	while (mp != NULL) {
923 		next = mp->b_next;
924 		mp->b_next = NULL;
925 		if (rum_send(ic, mp, IEEE80211_FC0_TYPE_DATA) != DDI_SUCCESS) {
926 			mp->b_next = next;
927 			freemsgchain(mp);
928 			return (NULL);
929 		}
930 		mp = next;
931 	}
932 	return (mp);
933 }
934 
935 static void
936 rum_bbp_write(struct rum_softc *sc, uint8_t reg, uint8_t val)
937 {
938 	uint32_t tmp;
939 	int ntries;
940 
941 	for (ntries = 0; ntries < 5; ntries++) {
942 		if (!(rum_read(sc, RT2573_PHY_CSR3) & RT2573_BBP_BUSY))
943 			break;
944 	}
945 	if (ntries == 5) {
946 		RAL_DEBUG(RAL_DBG_ERR,
947 		    "rum_bbp_write(): could not write to BBP\n");
948 		return;
949 	}
950 
951 	tmp = RT2573_BBP_BUSY | (reg & 0x7f) << 8 | val;
952 	rum_write(sc, RT2573_PHY_CSR3, tmp);
953 }
954 
955 static uint8_t
956 rum_bbp_read(struct rum_softc *sc, uint8_t reg)
957 {
958 	uint32_t val;
959 	int ntries;
960 
961 	for (ntries = 0; ntries < 5; ntries++) {
962 		if (!(rum_read(sc, RT2573_PHY_CSR3) & RT2573_BBP_BUSY))
963 			break;
964 	}
965 	if (ntries == 5) {
966 		RAL_DEBUG(RAL_DBG_ERR, "rum_bbp_read(): could not read BBP\n");
967 		return (0);
968 	}
969 
970 	val = RT2573_BBP_BUSY | RT2573_BBP_READ | reg << 8;
971 	rum_write(sc, RT2573_PHY_CSR3, val);
972 
973 	for (ntries = 0; ntries < 100; ntries++) {
974 		val = rum_read(sc, RT2573_PHY_CSR3);
975 		if (!(val & RT2573_BBP_BUSY))
976 			return (val & 0xff);
977 		drv_usecwait(1);
978 	}
979 
980 	RAL_DEBUG(RAL_DBG_ERR, "rum_bbp_read(): could not read BBP\n");
981 	return (0);
982 }
983 
984 static void
985 rum_rf_write(struct rum_softc *sc, uint8_t reg, uint32_t val)
986 {
987 	uint32_t tmp;
988 	int ntries;
989 
990 	for (ntries = 0; ntries < 5; ntries++) {
991 		if (!(rum_read(sc, RT2573_PHY_CSR4) & RT2573_RF_BUSY))
992 			break;
993 	}
994 	if (ntries == 5) {
995 		RAL_DEBUG(RAL_DBG_ERR,
996 		    "rum_rf_write(): could not write to RF\n");
997 		return;
998 	}
999 
1000 	tmp = RT2573_RF_BUSY | RT2573_RF_20BIT | (val & 0xfffff) << 2 |
1001 	    (reg & 3);
1002 	rum_write(sc, RT2573_PHY_CSR4, tmp);
1003 
1004 	/* remember last written value in sc */
1005 	sc->rf_regs[reg] = val;
1006 
1007 	RAL_DEBUG(RAL_DBG_HW, "RF R[%u] <- 0x%05x\n", reg & 3, val & 0xfffff);
1008 }
1009 
1010 static void
1011 rum_select_antenna(struct rum_softc *sc)
1012 {
1013 	uint8_t bbp4, bbp77;
1014 	uint32_t tmp;
1015 
1016 	bbp4  = rum_bbp_read(sc, 4);
1017 	bbp77 = rum_bbp_read(sc, 77);
1018 
1019 	/* make sure Rx is disabled before switching antenna */
1020 	tmp = rum_read(sc, RT2573_TXRX_CSR0);
1021 	rum_write(sc, RT2573_TXRX_CSR0, tmp | RT2573_DISABLE_RX);
1022 
1023 	rum_bbp_write(sc,  4, bbp4);
1024 	rum_bbp_write(sc, 77, bbp77);
1025 
1026 	rum_write(sc, RT2573_TXRX_CSR0, tmp);
1027 }
1028 
1029 /*
1030  * Enable multi-rate retries for frames sent at OFDM rates.
1031  * In 802.11b/g mode, allow fallback to CCK rates.
1032  */
1033 static void
1034 rum_enable_mrr(struct rum_softc *sc)
1035 {
1036 	struct ieee80211com *ic = &sc->sc_ic;
1037 	uint32_t tmp;
1038 
1039 	tmp = rum_read(sc, RT2573_TXRX_CSR4);
1040 
1041 	tmp &= ~RT2573_MRR_CCK_FALLBACK;
1042 	if (!IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan))
1043 		tmp |= RT2573_MRR_CCK_FALLBACK;
1044 	tmp |= RT2573_MRR_ENABLED;
1045 
1046 	rum_write(sc, RT2573_TXRX_CSR4, tmp);
1047 }
1048 
1049 static void
1050 rum_set_txpreamble(struct rum_softc *sc)
1051 {
1052 	uint32_t tmp;
1053 
1054 	tmp = rum_read(sc, RT2573_TXRX_CSR4);
1055 
1056 	tmp &= ~RT2573_SHORT_PREAMBLE;
1057 	if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
1058 		tmp |= RT2573_SHORT_PREAMBLE;
1059 
1060 	rum_write(sc, RT2573_TXRX_CSR4, tmp);
1061 }
1062 
1063 static void
1064 rum_set_basicrates(struct rum_softc *sc)
1065 {
1066 	struct ieee80211com *ic = &sc->sc_ic;
1067 
1068 	/* update basic rate set */
1069 	if (ic->ic_curmode == IEEE80211_MODE_11B) {
1070 		/* 11b basic rates: 1, 2Mbps */
1071 		rum_write(sc, RT2573_TXRX_CSR5, 0x3);
1072 	} else if (IEEE80211_IS_CHAN_5GHZ(ic->ic_bss->in_chan)) {
1073 		/* 11a basic rates: 6, 12, 24Mbps */
1074 		rum_write(sc, RT2573_TXRX_CSR5, 0x150);
1075 	} else {
1076 		/* 11b/g basic rates: 1, 2, 5.5, 11Mbps */
1077 		rum_write(sc, RT2573_TXRX_CSR5, 0xf);
1078 	}
1079 }
1080 
1081 /*
1082  * Reprogram MAC/BBP to switch to a new band.  Values taken from the reference
1083  * driver.
1084  */
1085 static void
1086 rum_select_band(struct rum_softc *sc, struct ieee80211_channel *c)
1087 {
1088 	uint8_t bbp17, bbp35, bbp96, bbp97, bbp98, bbp104;
1089 	uint32_t tmp;
1090 
1091 	/* update all BBP registers that depend on the band */
1092 	bbp17 = 0x20; bbp96 = 0x48; bbp104 = 0x2c;
1093 	bbp35 = 0x50; bbp97 = 0x48; bbp98  = 0x48;
1094 	if (IEEE80211_IS_CHAN_5GHZ(c)) {
1095 		bbp17 += 0x08; bbp96 += 0x10; bbp104 += 0x0c;
1096 		bbp35 += 0x10; bbp97 += 0x10; bbp98  += 0x10;
1097 	}
1098 	if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
1099 	    (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
1100 		bbp17 += 0x10; bbp96 += 0x10; bbp104 += 0x10;
1101 	}
1102 
1103 	sc->bbp17 = bbp17;
1104 	rum_bbp_write(sc,  17, bbp17);
1105 	rum_bbp_write(sc,  96, bbp96);
1106 	rum_bbp_write(sc, 104, bbp104);
1107 
1108 	if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
1109 	    (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
1110 		rum_bbp_write(sc, 75, 0x80);
1111 		rum_bbp_write(sc, 86, 0x80);
1112 		rum_bbp_write(sc, 88, 0x80);
1113 	}
1114 
1115 	rum_bbp_write(sc, 35, bbp35);
1116 	rum_bbp_write(sc, 97, bbp97);
1117 	rum_bbp_write(sc, 98, bbp98);
1118 
1119 	tmp = rum_read(sc, RT2573_PHY_CSR0);
1120 	tmp &= ~(RT2573_PA_PE_2GHZ | RT2573_PA_PE_5GHZ);
1121 	if (IEEE80211_IS_CHAN_2GHZ(c))
1122 		tmp |= RT2573_PA_PE_2GHZ;
1123 	else
1124 		tmp |= RT2573_PA_PE_5GHZ;
1125 	rum_write(sc, RT2573_PHY_CSR0, tmp);
1126 
1127 	/* 802.11a uses a 16 microseconds short interframe space */
1128 	sc->sifs = IEEE80211_IS_CHAN_5GHZ(c) ? 16 : 10;
1129 }
1130 
1131 static void
1132 rum_set_chan(struct rum_softc *sc, struct ieee80211_channel *c)
1133 {
1134 	struct ieee80211com *ic = &sc->sc_ic;
1135 	const struct rfprog *rfprog;
1136 	uint8_t bbp3, bbp94 = RT2573_BBPR94_DEFAULT;
1137 	int8_t power;
1138 	uint_t i, chan;
1139 
1140 	chan = ieee80211_chan2ieee(ic, c);
1141 	if (chan == 0 || chan == IEEE80211_CHAN_ANY)
1142 		return;
1143 
1144 	/* select the appropriate RF settings based on what EEPROM says */
1145 	rfprog = (sc->rf_rev == RT2573_RF_5225 ||
1146 	    sc->rf_rev == RT2573_RF_2527) ? rum_rf5225 : rum_rf5226;
1147 
1148 	/* find the settings for this channel (we know it exists) */
1149 	for (i = 0; rfprog[i].chan != chan; i++) {
1150 	}
1151 
1152 	power = sc->txpow[i];
1153 	if (power < 0) {
1154 		bbp94 += power;
1155 		power = 0;
1156 	} else if (power > 31) {
1157 		bbp94 += power - 31;
1158 		power = 31;
1159 	}
1160 
1161 	/*
1162 	 * If we are switching from the 2GHz band to the 5GHz band or
1163 	 * vice-versa, BBP registers need to be reprogrammed.
1164 	 */
1165 	if (c->ich_flags != ic->ic_curchan->ich_flags) {
1166 		rum_select_band(sc, c);
1167 		rum_select_antenna(sc);
1168 	}
1169 	ic->ic_curchan = c;
1170 
1171 	rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1172 	rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1173 	rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7);
1174 	rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1175 
1176 	rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1177 	rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1178 	rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7 | 1);
1179 	rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1180 
1181 	rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1182 	rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1183 	rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7);
1184 	rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1185 
1186 	drv_usecwait(10);
1187 
1188 	/* enable smart mode for MIMO-capable RFs */
1189 	bbp3 = rum_bbp_read(sc, 3);
1190 
1191 	bbp3 &= ~RT2573_SMART_MODE;
1192 	if (sc->rf_rev == RT2573_RF_5225 || sc->rf_rev == RT2573_RF_2527)
1193 		bbp3 |= RT2573_SMART_MODE;
1194 
1195 	rum_bbp_write(sc, 3, bbp3);
1196 
1197 	if (bbp94 != RT2573_BBPR94_DEFAULT)
1198 		rum_bbp_write(sc, 94, bbp94);
1199 }
1200 
1201 /*
1202  * Enable TSF synchronization and tell h/w to start sending beacons for IBSS
1203  * and HostAP operating modes.
1204  */
1205 static void
1206 rum_enable_tsf_sync(struct rum_softc *sc)
1207 {
1208 	struct ieee80211com *ic = &sc->sc_ic;
1209 	uint32_t tmp;
1210 
1211 	if (ic->ic_opmode != IEEE80211_M_STA) {
1212 		/*
1213 		 * Change default 16ms TBTT adjustment to 8ms.
1214 		 * Must be done before enabling beacon generation.
1215 		 */
1216 		rum_write(sc, RT2573_TXRX_CSR10, 1 << 12 | 8);
1217 	}
1218 
1219 	tmp = rum_read(sc, RT2573_TXRX_CSR9) & 0xff000000;
1220 
1221 	/* set beacon interval (in 1/16ms unit) */
1222 	tmp |= ic->ic_bss->in_intval * 16;
1223 
1224 	tmp |= RT2573_TSF_TICKING | RT2573_ENABLE_TBTT;
1225 	if (ic->ic_opmode == IEEE80211_M_STA)
1226 		tmp |= RT2573_TSF_MODE(1);
1227 	else
1228 		tmp |= RT2573_TSF_MODE(2) | RT2573_GENERATE_BEACON;
1229 
1230 	rum_write(sc, RT2573_TXRX_CSR9, tmp);
1231 }
1232 
1233 /* ARGSUSED */
1234 static void
1235 rum_update_slot(struct ieee80211com *ic, int onoff)
1236 {
1237 	struct rum_softc *sc = (struct rum_softc *)ic;
1238 	uint8_t slottime;
1239 	uint32_t tmp;
1240 
1241 	slottime = (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
1242 
1243 	tmp = rum_read(sc, RT2573_MAC_CSR9);
1244 	tmp = (tmp & ~0xff) | slottime;
1245 	rum_write(sc, RT2573_MAC_CSR9, tmp);
1246 
1247 	RAL_DEBUG(RAL_DBG_HW, "setting slot time to %uus\n", slottime);
1248 }
1249 
1250 static void
1251 rum_set_bssid(struct rum_softc *sc, const uint8_t *bssid)
1252 {
1253 	uint32_t tmp;
1254 
1255 	tmp = bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24;
1256 	rum_write(sc, RT2573_MAC_CSR4, tmp);
1257 
1258 	tmp = bssid[4] | bssid[5] << 8 | RT2573_ONE_BSSID << 16;
1259 	rum_write(sc, RT2573_MAC_CSR5, tmp);
1260 }
1261 
1262 static void
1263 rum_set_macaddr(struct rum_softc *sc, const uint8_t *addr)
1264 {
1265 	uint32_t tmp;
1266 
1267 	tmp = addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24;
1268 	rum_write(sc, RT2573_MAC_CSR2, tmp);
1269 
1270 	tmp = addr[4] | addr[5] << 8 | 0xff << 16;
1271 	rum_write(sc, RT2573_MAC_CSR3, tmp);
1272 
1273 	RAL_DEBUG(RAL_DBG_HW,
1274 	    "setting MAC address to " MACSTR "\n", MAC2STR(addr));
1275 }
1276 
1277 static void
1278 rum_update_promisc(struct rum_softc *sc)
1279 {
1280 	uint32_t tmp;
1281 
1282 	tmp = rum_read(sc, RT2573_TXRX_CSR0);
1283 
1284 	tmp &= ~RT2573_DROP_NOT_TO_ME;
1285 	if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1286 		tmp |= RT2573_DROP_NOT_TO_ME;
1287 
1288 	rum_write(sc, RT2573_TXRX_CSR0, tmp);
1289 
1290 	RAL_DEBUG(RAL_DBG_HW, "%s promiscuous mode\n",
1291 	    (sc->sc_rcr & RAL_RCR_PROMISC) ?  "entering" : "leaving");
1292 }
1293 
1294 static const char *
1295 rum_get_rf(int rev)
1296 {
1297 	switch (rev) {
1298 	case RT2573_RF_2527:	return ("RT2527 (MIMO XR)");
1299 	case RT2573_RF_2528:	return ("RT2528");
1300 	case RT2573_RF_5225:	return ("RT5225 (MIMO XR)");
1301 	case RT2573_RF_5226:	return ("RT5226");
1302 	default:		return ("unknown");
1303 	}
1304 }
1305 
1306 static void
1307 rum_read_eeprom(struct rum_softc *sc)
1308 {
1309 	struct ieee80211com *ic = &sc->sc_ic;
1310 	uint16_t val;
1311 
1312 	/* read MAC address */
1313 	rum_eeprom_read(sc, RT2573_EEPROM_ADDRESS, ic->ic_macaddr, 6);
1314 
1315 	rum_eeprom_read(sc, RT2573_EEPROM_ANTENNA, &val, 2);
1316 	val = LE_16(val);
1317 	sc->rf_rev =   (val >> 11) & 0x1f;
1318 	sc->hw_radio = (val >> 10) & 0x1;
1319 	sc->rx_ant =   (val >> 4)  & 0x3;
1320 	sc->tx_ant =   (val >> 2)  & 0x3;
1321 	sc->nb_ant =   val & 0x3;
1322 
1323 	RAL_DEBUG(RAL_DBG_HW, "RF revision=%d\n", sc->rf_rev);
1324 
1325 	rum_eeprom_read(sc, RT2573_EEPROM_CONFIG2, &val, 2);
1326 	val = LE_16(val);
1327 	sc->ext_5ghz_lna = (val >> 6) & 0x1;
1328 	sc->ext_2ghz_lna = (val >> 4) & 0x1;
1329 
1330 	RAL_DEBUG(RAL_DBG_HW, "External 2GHz LNA=%d\nExternal 5GHz LNA=%d\n",
1331 	    sc->ext_2ghz_lna, sc->ext_5ghz_lna);
1332 
1333 	rum_eeprom_read(sc, RT2573_EEPROM_RSSI_2GHZ_OFFSET, &val, 2);
1334 	val = LE_16(val);
1335 	if ((val & 0xff) != 0xff)
1336 		sc->rssi_2ghz_corr = (int8_t)(val & 0xff);	/* signed */
1337 
1338 	rum_eeprom_read(sc, RT2573_EEPROM_RSSI_5GHZ_OFFSET, &val, 2);
1339 	val = LE_16(val);
1340 	if ((val & 0xff) != 0xff)
1341 		sc->rssi_5ghz_corr = (int8_t)(val & 0xff);	/* signed */
1342 
1343 	RAL_DEBUG(RAL_DBG_HW, "RSSI 2GHz corr=%d\nRSSI 5GHz corr=%d\n",
1344 	    sc->rssi_2ghz_corr, sc->rssi_5ghz_corr);
1345 
1346 	rum_eeprom_read(sc, RT2573_EEPROM_FREQ_OFFSET, &val, 2);
1347 	val = LE_16(val);
1348 	if ((val & 0xff) != 0xff)
1349 		sc->rffreq = val & 0xff;
1350 
1351 	RAL_DEBUG(RAL_DBG_HW, "RF freq=%d\n", sc->rffreq);
1352 
1353 	/* read Tx power for all a/b/g channels */
1354 	rum_eeprom_read(sc, RT2573_EEPROM_TXPOWER, sc->txpow, 14);
1355 	/* default Tx power for 802.11a channels */
1356 	(void) memset(sc->txpow + 14, 24, sizeof (sc->txpow) - 14);
1357 
1358 	/* read default values for BBP registers */
1359 	rum_eeprom_read(sc, RT2573_EEPROM_BBP_BASE, sc->bbp_prom, 2 * 16);
1360 }
1361 
1362 static int
1363 rum_bbp_init(struct rum_softc *sc)
1364 {
1365 	int i, ntries;
1366 
1367 	/* wait for BBP to be ready */
1368 	for (ntries = 0; ntries < 100; ntries++) {
1369 		const uint8_t val = rum_bbp_read(sc, 0);
1370 		if (val != 0 && val != 0xff)
1371 			break;
1372 		drv_usecwait(1000);
1373 	}
1374 	if (ntries == 100) {
1375 		RAL_DEBUG(RAL_DBG_ERR, "timeout waiting for BBP\n");
1376 		return (EIO);
1377 	}
1378 
1379 	/* initialize BBP registers to default values */
1380 	for (i = 0; i < RUM_N(rum_def_bbp); i++)
1381 		rum_bbp_write(sc, rum_def_bbp[i].reg, rum_def_bbp[i].val);
1382 
1383 	/* write vendor-specific BBP values (from EEPROM) */
1384 	for (i = 0; i < 16; i++) {
1385 		if (sc->bbp_prom[i].reg == 0 || sc->bbp_prom[i].reg == 0xff)
1386 			continue;
1387 		rum_bbp_write(sc, sc->bbp_prom[i].reg, sc->bbp_prom[i].val);
1388 	}
1389 
1390 	return (0);
1391 }
1392 
1393 /*
1394  * This function is called periodically (every 200ms) during scanning to
1395  * switch from one channel to another.
1396  */
1397 static void
1398 rum_next_scan(void *arg)
1399 {
1400 	struct rum_softc *sc = arg;
1401 	struct ieee80211com *ic = &sc->sc_ic;
1402 
1403 	if (ic->ic_state == IEEE80211_S_SCAN)
1404 		ieee80211_next_scan(ic);
1405 }
1406 
1407 static int
1408 rum_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1409 {
1410 	struct rum_softc *sc = (struct rum_softc *)ic;
1411 	enum ieee80211_state ostate;
1412 	struct ieee80211_node *ni;
1413 	int err;
1414 	uint32_t tmp;
1415 
1416 	RAL_LOCK(sc);
1417 
1418 	ostate = ic->ic_state;
1419 
1420 	if (sc->sc_scan_id != 0) {
1421 		(void) untimeout(sc->sc_scan_id);
1422 		sc->sc_scan_id = 0;
1423 	}
1424 
1425 	if (sc->sc_amrr_id != 0) {
1426 		(void) untimeout(sc->sc_amrr_id);
1427 		sc->sc_amrr_id = 0;
1428 	}
1429 
1430 	switch (nstate) {
1431 	case IEEE80211_S_INIT:
1432 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_INIT ...\n");
1433 		if (ostate == IEEE80211_S_RUN) {
1434 			/* abort TSF synchronization */
1435 			tmp = rum_read(sc, RT2573_TXRX_CSR9);
1436 			rum_write(sc, RT2573_TXRX_CSR9, tmp & ~0x00ffffff);
1437 		}
1438 		break;
1439 
1440 	case IEEE80211_S_SCAN:
1441 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_SCAN ...\n");
1442 		rum_set_chan(sc, ic->ic_curchan);
1443 		sc->sc_scan_id = timeout(rum_next_scan, (void *)sc,
1444 		    drv_usectohz(sc->dwelltime * 1000));
1445 		break;
1446 
1447 	case IEEE80211_S_AUTH:
1448 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_AUTH ...\n");
1449 		rum_set_chan(sc, ic->ic_curchan);
1450 		break;
1451 
1452 	case IEEE80211_S_ASSOC:
1453 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_ASSOC ...\n");
1454 		rum_set_chan(sc, ic->ic_curchan);
1455 		break;
1456 
1457 	case IEEE80211_S_RUN:
1458 		RAL_DEBUG(RAL_DBG_MSG, "-> IEEE80211_S_RUN ...\n");
1459 		rum_set_chan(sc, ic->ic_curchan);
1460 
1461 		ni = ic->ic_bss;
1462 
1463 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1464 			rum_update_slot(ic, 1);
1465 			rum_enable_mrr(sc);
1466 			rum_set_txpreamble(sc);
1467 			rum_set_basicrates(sc);
1468 			rum_set_bssid(sc, ni->in_bssid);
1469 		}
1470 
1471 		if (ic->ic_opmode != IEEE80211_M_MONITOR)
1472 			rum_enable_tsf_sync(sc);
1473 
1474 		/* enable automatic rate adaptation in STA mode */
1475 		if (ic->ic_opmode == IEEE80211_M_STA &&
1476 		    ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE)
1477 			rum_amrr_start(sc, ni);
1478 		break;
1479 	}
1480 
1481 	RAL_UNLOCK(sc);
1482 
1483 	err = sc->sc_newstate(ic, nstate, arg);
1484 	/*
1485 	 * Finally, start any timers.
1486 	 */
1487 	if (nstate == IEEE80211_S_RUN)
1488 		ieee80211_start_watchdog(ic, 1);
1489 
1490 	return (err);
1491 }
1492 
1493 static void
1494 rum_close_pipes(struct rum_softc *sc)
1495 {
1496 	usb_flags_t flags = USB_FLAGS_SLEEP;
1497 
1498 	if (sc->sc_rx_pipeh != NULL) {
1499 		usb_pipe_reset(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1500 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh, flags, NULL, 0);
1501 		sc->sc_rx_pipeh = NULL;
1502 	}
1503 
1504 	if (sc->sc_tx_pipeh != NULL) {
1505 		usb_pipe_reset(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1506 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh, flags, NULL, 0);
1507 		sc->sc_tx_pipeh = NULL;
1508 	}
1509 }
1510 
1511 static int
1512 rum_open_pipes(struct rum_softc *sc)
1513 {
1514 	usb_ep_data_t *ep_node;
1515 	usb_pipe_policy_t policy;
1516 	int err;
1517 
1518 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1519 	    USB_EP_ATTR_BULK, USB_EP_DIR_OUT);
1520 
1521 	bzero(&policy, sizeof (usb_pipe_policy_t));
1522 	policy.pp_max_async_reqs = RAL_TX_LIST_COUNT;
1523 
1524 	if ((err = usb_pipe_open(sc->sc_dev,
1525 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1526 	    &sc->sc_tx_pipeh)) != USB_SUCCESS) {
1527 		RAL_DEBUG(RAL_DBG_ERR,
1528 		    "rum_open_pipes(): %x failed to open tx pipe\n", err);
1529 		goto fail;
1530 	}
1531 
1532 	RAL_DEBUG(RAL_DBG_MSG, "tx pipe opened\n");
1533 
1534 	ep_node = usb_lookup_ep_data(sc->sc_dev, sc->sc_udev, 0, 0, 0,
1535 	    USB_EP_ATTR_BULK, USB_EP_DIR_IN);
1536 
1537 	bzero(&policy, sizeof (usb_pipe_policy_t));
1538 	policy.pp_max_async_reqs = RAL_RX_LIST_COUNT + 32;
1539 
1540 	if ((err = usb_pipe_open(sc->sc_dev,
1541 	    &ep_node->ep_descr, &policy, USB_FLAGS_SLEEP,
1542 	    &sc->sc_rx_pipeh)) != USB_SUCCESS) {
1543 		RAL_DEBUG(RAL_DBG_ERR,
1544 		    "rum_open_pipes(): %x failed to open rx pipe\n", err);
1545 		goto fail;
1546 	}
1547 
1548 	RAL_DEBUG(RAL_DBG_MSG, "rx pipe opened\n");
1549 
1550 	return (USB_SUCCESS);
1551 
1552 fail:
1553 	if (sc->sc_rx_pipeh != NULL) {
1554 		usb_pipe_close(sc->sc_dev, sc->sc_rx_pipeh,
1555 		    USB_FLAGS_SLEEP, NULL, 0);
1556 		sc->sc_rx_pipeh = NULL;
1557 	}
1558 
1559 	if (sc->sc_tx_pipeh != NULL) {
1560 		usb_pipe_close(sc->sc_dev, sc->sc_tx_pipeh,
1561 		    USB_FLAGS_SLEEP, NULL, 0);
1562 		sc->sc_tx_pipeh = NULL;
1563 	}
1564 
1565 	return (USB_FAILURE);
1566 }
1567 
1568 static int
1569 rum_tx_trigger(struct rum_softc *sc, mblk_t *mp)
1570 {
1571 	usb_bulk_req_t *req;
1572 	int err;
1573 
1574 	sc->sc_tx_timer = RUM_TX_TIMEOUT;
1575 
1576 	req = usb_alloc_bulk_req(sc->sc_dev, 0, USB_FLAGS_SLEEP);
1577 	if (req == NULL) {
1578 		RAL_DEBUG(RAL_DBG_ERR,
1579 		    "rum_tx_trigger(): failed to allocate req");
1580 		freemsg(mp);
1581 		return (-1);
1582 	}
1583 
1584 	req->bulk_len		= msgdsize(mp);
1585 	req->bulk_data		= mp;
1586 	req->bulk_client_private = (usb_opaque_t)sc;
1587 	req->bulk_timeout	= RUM_TX_TIMEOUT;
1588 	req->bulk_attributes	= USB_ATTRS_AUTOCLEARING;
1589 	req->bulk_cb		= rum_txeof;
1590 	req->bulk_exc_cb	= rum_txeof;
1591 	req->bulk_completion_reason = 0;
1592 	req->bulk_cb_flags	= 0;
1593 
1594 	if ((err = usb_pipe_bulk_xfer(sc->sc_tx_pipeh, req, 0))
1595 	    != USB_SUCCESS) {
1596 
1597 		RAL_DEBUG(RAL_DBG_ERR, "rum_tx_trigger(): "
1598 		    "failed to do tx xfer, %d", err);
1599 		usb_free_bulk_req(req);
1600 		return (-1);
1601 	}
1602 
1603 	sc->tx_queued++;
1604 
1605 	return (0);
1606 }
1607 
1608 static int
1609 rum_rx_trigger(struct rum_softc *sc)
1610 {
1611 	usb_bulk_req_t *req;
1612 	int err;
1613 
1614 	req = usb_alloc_bulk_req(sc->sc_dev, RAL_RXBUF_SIZE, USB_FLAGS_SLEEP);
1615 	if (req == NULL) {
1616 		RAL_DEBUG(RAL_DBG_ERR,
1617 		    "rum_rx_trigger(): failed to allocate req");
1618 		return (-1);
1619 	}
1620 
1621 	req->bulk_len		= RAL_RXBUF_SIZE;
1622 	req->bulk_client_private = (usb_opaque_t)sc;
1623 	req->bulk_timeout	= 0;
1624 	req->bulk_attributes	= USB_ATTRS_SHORT_XFER_OK
1625 	    | USB_ATTRS_AUTOCLEARING;
1626 	req->bulk_cb		= rum_rxeof;
1627 	req->bulk_exc_cb	= rum_rxeof;
1628 	req->bulk_completion_reason = 0;
1629 	req->bulk_cb_flags	= 0;
1630 
1631 	err = usb_pipe_bulk_xfer(sc->sc_rx_pipeh, req, 0);
1632 
1633 	if (err != USB_SUCCESS) {
1634 		RAL_DEBUG(RAL_DBG_ERR, "rum_rx_trigger(): "
1635 		    "failed to do rx xfer, %d", err);
1636 		usb_free_bulk_req(req);
1637 
1638 		return (-1);
1639 	}
1640 
1641 	mutex_enter(&sc->rx_lock);
1642 	sc->rx_queued++;
1643 	mutex_exit(&sc->rx_lock);
1644 
1645 	return (0);
1646 }
1647 
1648 static void
1649 rum_init_tx_queue(struct rum_softc *sc)
1650 {
1651 	sc->tx_queued = 0;
1652 }
1653 
1654 static int
1655 rum_init_rx_queue(struct rum_softc *sc)
1656 {
1657 	int	i;
1658 
1659 	sc->rx_queued = 0;
1660 
1661 	for (i = 0; i < RAL_RX_LIST_COUNT; i++) {
1662 		if (rum_rx_trigger(sc) != 0) {
1663 			return (USB_FAILURE);
1664 		}
1665 	}
1666 
1667 	return (USB_SUCCESS);
1668 }
1669 
1670 static void
1671 rum_stop(struct rum_softc *sc)
1672 {
1673 	struct ieee80211com *ic = &sc->sc_ic;
1674 	uint32_t tmp;
1675 
1676 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1677 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1678 
1679 	RAL_LOCK(sc);
1680 
1681 	sc->sc_tx_timer = 0;
1682 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1683 
1684 	/* disable Rx */
1685 	tmp = rum_read(sc, RT2573_TXRX_CSR0);
1686 	rum_write(sc, RT2573_TXRX_CSR0, tmp | RT2573_DISABLE_RX);
1687 
1688 	/* reset ASIC */
1689 	rum_write(sc, RT2573_MAC_CSR1, 3);
1690 	rum_write(sc, RT2573_MAC_CSR1, 0);
1691 
1692 	rum_close_pipes(sc);
1693 
1694 	RAL_UNLOCK(sc);
1695 }
1696 
1697 static int
1698 rum_init(struct rum_softc *sc)
1699 {
1700 	struct ieee80211com *ic = &sc->sc_ic;
1701 	uint32_t tmp;
1702 	int i, ntries;
1703 
1704 	rum_stop(sc);
1705 
1706 	/* initialize MAC registers to default values */
1707 	for (i = 0; i < RUM_N(rum_def_mac); i++)
1708 		rum_write(sc, rum_def_mac[i].reg, rum_def_mac[i].val);
1709 
1710 	/* set host ready */
1711 	rum_write(sc, RT2573_MAC_CSR1, 3);
1712 	rum_write(sc, RT2573_MAC_CSR1, 0);
1713 
1714 	/* wait for BBP/RF to wakeup */
1715 	for (ntries = 0; ntries < 1000; ntries++) {
1716 		if (rum_read(sc, RT2573_MAC_CSR12) & 8)
1717 			break;
1718 		rum_write(sc, RT2573_MAC_CSR12, 4);	/* force wakeup */
1719 		drv_usecwait(1000);
1720 	}
1721 	if (ntries == 1000) {
1722 		RAL_DEBUG(RAL_DBG_ERR,
1723 		    "rum_init(): timeout waiting for BBP/RF to wakeup\n");
1724 		goto fail;
1725 	}
1726 
1727 	if (rum_bbp_init(sc) != 0)
1728 		goto fail;
1729 
1730 	/* select default channel */
1731 	rum_select_band(sc, ic->ic_curchan);
1732 	rum_select_antenna(sc);
1733 	rum_set_chan(sc, ic->ic_curchan);
1734 
1735 	/* clear STA registers */
1736 	rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof (sc->sta));
1737 
1738 	rum_set_macaddr(sc, ic->ic_macaddr);
1739 
1740 	/* initialize ASIC */
1741 	rum_write(sc, RT2573_MAC_CSR1, 4);
1742 
1743 	if (rum_open_pipes(sc) != USB_SUCCESS) {
1744 		RAL_DEBUG(RAL_DBG_ERR, "rum_init(): "
1745 		    "could not open pipes.\n");
1746 		goto fail;
1747 	}
1748 
1749 	rum_init_tx_queue(sc);
1750 
1751 	if (rum_init_rx_queue(sc) != USB_SUCCESS)
1752 		goto fail;
1753 
1754 	/* update Rx filter */
1755 	tmp = rum_read(sc, RT2573_TXRX_CSR0) & 0xffff;
1756 	tmp |= RT2573_DROP_PHY_ERROR | RT2573_DROP_CRC_ERROR;
1757 	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1758 		tmp |= RT2573_DROP_CTL | RT2573_DROP_VER_ERROR |
1759 		    RT2573_DROP_ACKCTS;
1760 		if (ic->ic_opmode != IEEE80211_M_HOSTAP)
1761 			tmp |= RT2573_DROP_TODS;
1762 		if (!(sc->sc_rcr & RAL_RCR_PROMISC))
1763 			tmp |= RT2573_DROP_NOT_TO_ME;
1764 	}
1765 
1766 	rum_write(sc, RT2573_TXRX_CSR0, tmp);
1767 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
1768 
1769 	return (DDI_SUCCESS);
1770 fail:
1771 	rum_stop(sc);
1772 	return (DDI_FAILURE);
1773 }
1774 
1775 static int
1776 rum_disconnect(dev_info_t *devinfo)
1777 {
1778 	struct rum_softc *sc;
1779 	struct ieee80211com *ic;
1780 
1781 	RAL_DEBUG(RAL_DBG_MSG, "rum_disconnect()\n");
1782 
1783 	/*
1784 	 * We can't call rum_stop() here, since the hardware is removed,
1785 	 * we can't access the register anymore.
1786 	 */
1787 
1788 	sc = ddi_get_soft_state(rum_soft_state_p, ddi_get_instance(devinfo));
1789 	ic = &sc->sc_ic;
1790 
1791 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1792 	ieee80211_stop_watchdog(ic);	/* stop the watchdog */
1793 
1794 	RAL_LOCK(sc);
1795 
1796 	sc->sc_tx_timer = 0;
1797 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
1798 
1799 	rum_close_pipes(sc);
1800 
1801 	RAL_UNLOCK(sc);
1802 
1803 	return (DDI_SUCCESS);
1804 }
1805 
1806 static int
1807 rum_reconnect(dev_info_t *devinfo)
1808 {
1809 	struct rum_softc *sc;
1810 	int err;
1811 
1812 	RAL_DEBUG(RAL_DBG_MSG, "rum_reconnect()\n");
1813 
1814 	sc = ddi_get_soft_state(rum_soft_state_p, ddi_get_instance(devinfo));
1815 
1816 	err = rum_load_microcode(sc);
1817 	if (err != USB_SUCCESS) {
1818 		RAL_DEBUG(RAL_DBG_ERR, "could not load 8051 microcode\n");
1819 		goto fail;
1820 	}
1821 
1822 	err = rum_init(sc);
1823 fail:
1824 	return (err);
1825 }
1826 
1827 #define	RUM_AMRR_MIN_SUCCESS_THRESHOLD	1
1828 #define	RUM_AMRR_MAX_SUCCESS_THRESHOLD	10
1829 
1830 /*
1831  * Naive implementation of the Adaptive Multi Rate Retry algorithm:
1832  * "IEEE 802.11 Rate Adaptation: A Practical Approach"
1833  * Mathieu Lacage, Hossein Manshaei, Thierry Turletti
1834  * INRIA Sophia - Projet Planete
1835  * http://www-sop.inria.fr/rapports/sophia/RR-5208.html
1836  *
1837  * This algorithm is particularly well suited for rum since it does not
1838  * require per-frame retry statistics.  Note however that since h/w does
1839  * not provide per-frame stats, we can't do per-node rate adaptation and
1840  * thus automatic rate adaptation is only enabled in STA operating mode.
1841  */
1842 #define	is_success(amrr)	\
1843 	((amrr)->retrycnt < (amrr)->txcnt / 10)
1844 #define	is_failure(amrr)	\
1845 	((amrr)->retrycnt > (amrr)->txcnt / 3)
1846 #define	is_enough(amrr)		\
1847 	((amrr)->txcnt > 10)
1848 #define	is_min_rate(ni)		\
1849 	((ni)->in_txrate == 0)
1850 #define	is_max_rate(ni)		\
1851 	((ni)->in_txrate == (ni)->in_rates.ir_nrates - 1)
1852 #define	increase_rate(ni)	\
1853 	((ni)->in_txrate++)
1854 #define	decrease_rate(ni)	\
1855 	((ni)->in_txrate--)
1856 #define	reset_cnt(amrr)	do {	\
1857 	(amrr)->txcnt = (amrr)->retrycnt = 0;	\
1858 	_NOTE(CONSTCOND)	\
1859 } while (/* CONSTCOND */0)
1860 
1861 static void
1862 rum_ratectl(struct rum_amrr *amrr, struct ieee80211_node *ni)
1863 {
1864 	int need_change = 0;
1865 
1866 	if (is_success(amrr) && is_enough(amrr)) {
1867 		amrr->success++;
1868 		if (amrr->success >= amrr->success_threshold &&
1869 		    !is_max_rate(ni)) {
1870 			amrr->recovery = 1;
1871 			amrr->success = 0;
1872 			increase_rate(ni);
1873 			need_change = 1;
1874 		} else {
1875 			amrr->recovery = 0;
1876 		}
1877 	} else if (is_failure(amrr)) {
1878 		amrr->success = 0;
1879 		if (!is_min_rate(ni)) {
1880 			if (amrr->recovery) {
1881 				amrr->success_threshold *= 2;
1882 				if (amrr->success_threshold >
1883 				    RUM_AMRR_MAX_SUCCESS_THRESHOLD)
1884 					amrr->success_threshold =
1885 					    RUM_AMRR_MAX_SUCCESS_THRESHOLD;
1886 			} else {
1887 				amrr->success_threshold =
1888 				    RUM_AMRR_MIN_SUCCESS_THRESHOLD;
1889 			}
1890 			decrease_rate(ni);
1891 			need_change = 1;
1892 		}
1893 		amrr->recovery = 0;	/* original paper was incorrect */
1894 	}
1895 
1896 	if (is_enough(amrr) || need_change)
1897 		reset_cnt(amrr);
1898 }
1899 
1900 static void
1901 rum_amrr_timeout(void *arg)
1902 {
1903 	struct rum_softc *sc = (struct rum_softc *)arg;
1904 	struct rum_amrr *amrr = &sc->amrr;
1905 
1906 	rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof (sc->sta));
1907 
1908 	/* count TX retry-fail as Tx errors */
1909 	sc->sc_tx_err += LE_32(sc->sta[5]) >> 16;
1910 	sc->sc_tx_retries += ((LE_32(sc->sta[4]) >> 16) +
1911 	    (LE_32(sc->sta[5]) & 0xffff));
1912 
1913 	amrr->retrycnt =
1914 	    (LE_32(sc->sta[4]) >> 16) +		/* TX one-retry ok count */
1915 	    (LE_32(sc->sta[5]) & 0xffff) +	/* TX more-retry ok count */
1916 	    (LE_32(sc->sta[5]) >> 16);		/* TX retry-fail count */
1917 
1918 	amrr->txcnt =
1919 	    amrr->retrycnt +
1920 	    (LE_32(sc->sta[4]) & 0xffff);	/* TX no-retry ok count */
1921 
1922 	rum_ratectl(amrr, sc->sc_ic.ic_bss);
1923 
1924 	sc->sc_amrr_id = timeout(rum_amrr_timeout, (void *)sc,
1925 	    drv_usectohz(1000 * 1000)); /* 1 second */
1926 }
1927 
1928 static void
1929 rum_amrr_start(struct rum_softc *sc, struct ieee80211_node *ni)
1930 {
1931 	struct rum_amrr *amrr = &sc->amrr;
1932 	int i;
1933 
1934 	/* clear statistic registers (STA_CSR0 to STA_CSR5) */
1935 	rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof (sc->sta));
1936 
1937 	amrr->success = 0;
1938 	amrr->recovery = 0;
1939 	amrr->txcnt = amrr->retrycnt = 0;
1940 	amrr->success_threshold = RUM_AMRR_MIN_SUCCESS_THRESHOLD;
1941 
1942 	/* set rate to some reasonable initial value */
1943 	for (i = ni->in_rates.ir_nrates - 1;
1944 	    i > 0 && (ni->in_rates.ir_rates[i] & IEEE80211_RATE_VAL) > 72;
1945 	    i--) {
1946 	}
1947 
1948 	ni->in_txrate = i;
1949 
1950 	sc->sc_amrr_id = timeout(rum_amrr_timeout, (void *)sc,
1951 	    drv_usectohz(1000 * 1000)); /* 1 second */
1952 }
1953 
1954 void
1955 rum_watchdog(void *arg)
1956 {
1957 	struct rum_softc *sc = arg;
1958 	struct ieee80211com *ic = &sc->sc_ic;
1959 	int ntimer = 0;
1960 
1961 	RAL_LOCK(sc);
1962 	ic->ic_watchdog_timer = 0;
1963 
1964 	if (!RAL_IS_RUNNING(sc)) {
1965 		RAL_UNLOCK(sc);
1966 		return;
1967 	}
1968 
1969 	if (sc->sc_tx_timer > 0) {
1970 		if (--sc->sc_tx_timer == 0) {
1971 			RAL_DEBUG(RAL_DBG_ERR, "tx timer timeout\n");
1972 			RAL_UNLOCK(sc);
1973 			(void) rum_init(sc);
1974 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
1975 			return;
1976 		}
1977 	}
1978 
1979 	if (ic->ic_state == IEEE80211_S_RUN)
1980 		ntimer = 1;
1981 
1982 	RAL_UNLOCK(sc);
1983 
1984 	ieee80211_watchdog(ic);
1985 
1986 	if (ntimer)
1987 		ieee80211_start_watchdog(ic, ntimer);
1988 }
1989 
1990 static int
1991 rum_m_start(void *arg)
1992 {
1993 	struct rum_softc *sc = (struct rum_softc *)arg;
1994 	crypto_mech_type_t type;
1995 	int err;
1996 
1997 	type = crypto_mech2id(SUN_CKM_RC4); /* load rc4 module into kernel */
1998 	RAL_DEBUG(RAL_DBG_MSG, "rum_m_start(%d)\n", type);
1999 
2000 	/*
2001 	 * initialize RT2501USB hardware
2002 	 */
2003 	err = rum_init(sc);
2004 	if (err != DDI_SUCCESS) {
2005 		RAL_DEBUG(RAL_DBG_ERR, "device configuration failed\n");
2006 		goto fail;
2007 	}
2008 	sc->sc_flags |= RAL_FLAG_RUNNING;	/* RUNNING */
2009 	return (err);
2010 
2011 fail:
2012 	rum_stop(sc);
2013 	return (err);
2014 }
2015 
2016 static void
2017 rum_m_stop(void *arg)
2018 {
2019 	struct rum_softc *sc = (struct rum_softc *)arg;
2020 
2021 	RAL_DEBUG(RAL_DBG_MSG, "rum_m_stop()\n");
2022 
2023 	(void) rum_stop(sc);
2024 	sc->sc_flags &= ~RAL_FLAG_RUNNING;	/* STOP */
2025 }
2026 
2027 static int
2028 rum_m_unicst(void *arg, const uint8_t *macaddr)
2029 {
2030 	struct rum_softc *sc = (struct rum_softc *)arg;
2031 	struct ieee80211com *ic = &sc->sc_ic;
2032 
2033 	RAL_DEBUG(RAL_DBG_MSG, "rum_m_unicst(): " MACSTR "\n",
2034 	    MAC2STR(macaddr));
2035 
2036 	IEEE80211_ADDR_COPY(ic->ic_macaddr, macaddr);
2037 	(void) rum_set_macaddr(sc, (uint8_t *)macaddr);
2038 	(void) rum_init(sc);
2039 
2040 	return (0);
2041 }
2042 
2043 /*ARGSUSED*/
2044 static int
2045 rum_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
2046 {
2047 	return (0);
2048 }
2049 
2050 static int
2051 rum_m_promisc(void *arg, boolean_t on)
2052 {
2053 	struct rum_softc *sc = (struct rum_softc *)arg;
2054 
2055 	RAL_DEBUG(RAL_DBG_MSG, "rum_m_promisc()\n");
2056 
2057 	if (on) {
2058 		sc->sc_rcr |= RAL_RCR_PROMISC;
2059 		sc->sc_rcr |= RAL_RCR_MULTI;
2060 	} else {
2061 		sc->sc_rcr &= ~RAL_RCR_PROMISC;
2062 		sc->sc_rcr &= ~RAL_RCR_MULTI;
2063 	}
2064 
2065 	rum_update_promisc(sc);
2066 	return (0);
2067 }
2068 
2069 /*
2070  * callback functions for /get/set properties
2071  */
2072 static int
2073 rum_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2074     uint_t wldp_length, const void *wldp_buf)
2075 {
2076 	struct rum_softc *sc = (struct rum_softc *)arg;
2077 	struct ieee80211com *ic = &sc->sc_ic;
2078 	int err;
2079 
2080 	err = ieee80211_setprop(ic, pr_name, wldp_pr_num,
2081 	    wldp_length, wldp_buf);
2082 	RAL_LOCK(sc);
2083 	if (err == ENETRESET) {
2084 		if (RAL_IS_RUNNING(sc)) {
2085 			RAL_UNLOCK(sc);
2086 			(void) rum_init(sc);
2087 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2088 			RAL_LOCK(sc);
2089 		}
2090 		err = 0;
2091 	}
2092 	RAL_UNLOCK(sc);
2093 
2094 	return (err);
2095 }
2096 
2097 static int
2098 rum_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2099     uint_t pr_flags, uint_t wldp_length, void *wldp_buf, uint_t *perm)
2100 {
2101 	struct rum_softc *sc = (struct rum_softc *)arg;
2102 	int err;
2103 
2104 	err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_num,
2105 	    pr_flags, wldp_length, wldp_buf, perm);
2106 
2107 	return (err);
2108 }
2109 
2110 static void
2111 rum_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
2112 {
2113 	struct rum_softc *sc = (struct rum_softc *)arg;
2114 	struct ieee80211com *ic = &sc->sc_ic;
2115 	int err;
2116 
2117 	err = ieee80211_ioctl(ic, wq, mp);
2118 	RAL_LOCK(sc);
2119 	if (err == ENETRESET) {
2120 		if (RAL_IS_RUNNING(sc)) {
2121 			RAL_UNLOCK(sc);
2122 			(void) rum_init(sc);
2123 			(void) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2124 			RAL_LOCK(sc);
2125 		}
2126 	}
2127 	RAL_UNLOCK(sc);
2128 }
2129 
2130 static int
2131 rum_m_stat(void *arg, uint_t stat, uint64_t *val)
2132 {
2133 	struct rum_softc *sc  = (struct rum_softc *)arg;
2134 	ieee80211com_t	*ic = &sc->sc_ic;
2135 	ieee80211_node_t *ni;
2136 	struct ieee80211_rateset *rs;
2137 
2138 	RAL_LOCK(sc);
2139 
2140 	ni = ic->ic_bss;
2141 	rs = &ni->in_rates;
2142 
2143 	switch (stat) {
2144 	case MAC_STAT_IFSPEED:
2145 		*val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
2146 		    (rs->ir_rates[ni->in_txrate] & IEEE80211_RATE_VAL)
2147 		    : ic->ic_fixed_rate) * 500000ull;
2148 		break;
2149 	case MAC_STAT_NOXMTBUF:
2150 		*val = sc->sc_tx_nobuf;
2151 		break;
2152 	case MAC_STAT_NORCVBUF:
2153 		*val = sc->sc_rx_nobuf;
2154 		break;
2155 	case MAC_STAT_IERRORS:
2156 		*val = sc->sc_rx_err;
2157 		break;
2158 	case MAC_STAT_RBYTES:
2159 		*val = ic->ic_stats.is_rx_bytes;
2160 		break;
2161 	case MAC_STAT_IPACKETS:
2162 		*val = ic->ic_stats.is_rx_frags;
2163 		break;
2164 	case MAC_STAT_OBYTES:
2165 		*val = ic->ic_stats.is_tx_bytes;
2166 		break;
2167 	case MAC_STAT_OPACKETS:
2168 		*val = ic->ic_stats.is_tx_frags;
2169 		break;
2170 	case MAC_STAT_OERRORS:
2171 	case WIFI_STAT_TX_FAILED:
2172 		*val = sc->sc_tx_err;
2173 		break;
2174 	case WIFI_STAT_TX_RETRANS:
2175 		*val = sc->sc_tx_retries;
2176 		break;
2177 	case WIFI_STAT_FCS_ERRORS:
2178 	case WIFI_STAT_WEP_ERRORS:
2179 	case WIFI_STAT_TX_FRAGS:
2180 	case WIFI_STAT_MCAST_TX:
2181 	case WIFI_STAT_RTS_SUCCESS:
2182 	case WIFI_STAT_RTS_FAILURE:
2183 	case WIFI_STAT_ACK_FAILURE:
2184 	case WIFI_STAT_RX_FRAGS:
2185 	case WIFI_STAT_MCAST_RX:
2186 	case WIFI_STAT_RX_DUPS:
2187 		RAL_UNLOCK(sc);
2188 		return (ieee80211_stat(ic, stat, val));
2189 	default:
2190 		RAL_UNLOCK(sc);
2191 		return (ENOTSUP);
2192 	}
2193 	RAL_UNLOCK(sc);
2194 
2195 	return (0);
2196 }
2197 
2198 static int
2199 rum_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
2200 {
2201 	struct rum_softc *sc;
2202 	struct ieee80211com *ic;
2203 	int err, i, ntries;
2204 	uint32_t tmp;
2205 	int instance;
2206 
2207 	char strbuf[32];
2208 
2209 	wifi_data_t wd = { 0 };
2210 	mac_register_t *macp;
2211 
2212 	RAL_DEBUG(RAL_DBG_MSG, "rum_attach()\n");
2213 
2214 	if (cmd != DDI_ATTACH)
2215 		return (DDI_FAILURE);
2216 
2217 	instance = ddi_get_instance(devinfo);
2218 
2219 	if (ddi_soft_state_zalloc(rum_soft_state_p, instance) != DDI_SUCCESS) {
2220 		RAL_DEBUG(RAL_DBG_MSG, "rum_attach(): "
2221 		    "unable to alloc soft_state_p\n");
2222 		return (DDI_FAILURE);
2223 	}
2224 
2225 	sc = ddi_get_soft_state(rum_soft_state_p, instance);
2226 	ic = (ieee80211com_t *)&sc->sc_ic;
2227 	sc->sc_dev = devinfo;
2228 
2229 	if (usb_client_attach(devinfo, USBDRV_VERSION, 0) != USB_SUCCESS) {
2230 		RAL_DEBUG(RAL_DBG_ERR,
2231 		    "rum_attach(): usb_client_attach failed\n");
2232 		goto fail1;
2233 	}
2234 
2235 	if (usb_get_dev_data(devinfo, &sc->sc_udev,
2236 	    USB_PARSE_LVL_ALL, 0) != USB_SUCCESS) {
2237 		sc->sc_udev = NULL;
2238 		goto fail2;
2239 	}
2240 
2241 	mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
2242 	mutex_init(&sc->tx_lock, NULL, MUTEX_DRIVER, NULL);
2243 	mutex_init(&sc->rx_lock, NULL, MUTEX_DRIVER, NULL);
2244 
2245 	/* retrieve RT2573 rev. no */
2246 	for (ntries = 0; ntries < 1000; ntries++) {
2247 		if ((tmp = rum_read(sc, RT2573_MAC_CSR0)) != 0)
2248 			break;
2249 		drv_usecwait(1000);
2250 	}
2251 	if (ntries == 1000) {
2252 		RAL_DEBUG(RAL_DBG_ERR,
2253 		    "rum_attach(): timeout waiting for chip to settle\n");
2254 		goto fail3;
2255 	}
2256 
2257 	/* retrieve MAC address and various other things from EEPROM */
2258 	rum_read_eeprom(sc);
2259 
2260 	RAL_DEBUG(RAL_DBG_MSG, "rum: MAC/BBP RT2573 (rev 0x%05x), RF %s\n",
2261 	    tmp, rum_get_rf(sc->rf_rev));
2262 
2263 	err = rum_load_microcode(sc);
2264 	if (err != USB_SUCCESS) {
2265 		RAL_DEBUG(RAL_DBG_ERR, "could not load 8051 microcode\n");
2266 		goto fail3;
2267 	}
2268 
2269 	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
2270 	ic->ic_opmode = IEEE80211_M_STA;	/* default to BSS mode */
2271 	ic->ic_state = IEEE80211_S_INIT;
2272 
2273 	ic->ic_maxrssi = 63;
2274 	ic->ic_set_shortslot = rum_update_slot;
2275 	ic->ic_xmit = rum_send;
2276 
2277 	/* set device capabilities */
2278 	ic->ic_caps =
2279 	    IEEE80211_C_TXPMGT |	/* tx power management */
2280 	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
2281 	    IEEE80211_C_SHSLOT;		/* short slot time supported */
2282 
2283 	ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */
2284 
2285 #define	IEEE80211_CHAN_A	\
2286 	(IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2287 
2288 	if (sc->rf_rev == RT2573_RF_5225 || sc->rf_rev == RT2573_RF_5226) {
2289 		/* set supported .11a rates */
2290 		ic->ic_sup_rates[IEEE80211_MODE_11A] = rum_rateset_11a;
2291 
2292 		/* set supported .11a channels */
2293 		for (i = 34; i <= 46; i += 4) {
2294 			ic->ic_sup_channels[i].ich_freq =
2295 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2296 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2297 		}
2298 		for (i = 36; i <= 64; i += 4) {
2299 			ic->ic_sup_channels[i].ich_freq =
2300 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2301 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2302 		}
2303 		for (i = 100; i <= 140; i += 4) {
2304 			ic->ic_sup_channels[i].ich_freq =
2305 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2306 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2307 		}
2308 		for (i = 149; i <= 165; i += 4) {
2309 			ic->ic_sup_channels[i].ich_freq =
2310 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
2311 			ic->ic_sup_channels[i].ich_flags = IEEE80211_CHAN_A;
2312 		}
2313 	}
2314 
2315 	/* set supported .11b and .11g rates */
2316 	ic->ic_sup_rates[IEEE80211_MODE_11B] = rum_rateset_11b;
2317 	ic->ic_sup_rates[IEEE80211_MODE_11G] = rum_rateset_11g;
2318 
2319 	/* set supported .11b and .11g channels (1 through 14) */
2320 	for (i = 1; i <= 14; i++) {
2321 		ic->ic_sup_channels[i].ich_freq =
2322 		    ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
2323 		ic->ic_sup_channels[i].ich_flags =
2324 		    IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
2325 		    IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
2326 	}
2327 
2328 	ieee80211_attach(ic);
2329 
2330 	/* register WPA door */
2331 	ieee80211_register_door(ic, ddi_driver_name(devinfo),
2332 	    ddi_get_instance(devinfo));
2333 
2334 	/* override state transition machine */
2335 	sc->sc_newstate = ic->ic_newstate;
2336 	ic->ic_newstate = rum_newstate;
2337 	ic->ic_watchdog = rum_watchdog;
2338 	ieee80211_media_init(ic);
2339 	ic->ic_def_txkey = 0;
2340 
2341 	sc->sc_rcr = 0;
2342 	sc->dwelltime = 300;
2343 	sc->sc_flags &= ~RAL_FLAG_RUNNING;
2344 
2345 	/*
2346 	 * Provide initial settings for the WiFi plugin; whenever this
2347 	 * information changes, we need to call mac_plugindata_update()
2348 	 */
2349 	wd.wd_opmode = ic->ic_opmode;
2350 	wd.wd_secalloc = WIFI_SEC_NONE;
2351 	IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
2352 
2353 	if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
2354 		RAL_DEBUG(RAL_DBG_ERR, "rum_attach(): "
2355 		    "MAC version mismatch\n");
2356 		goto fail3;
2357 	}
2358 
2359 	macp->m_type_ident	= MAC_PLUGIN_IDENT_WIFI;
2360 	macp->m_driver		= sc;
2361 	macp->m_dip		= devinfo;
2362 	macp->m_src_addr	= ic->ic_macaddr;
2363 	macp->m_callbacks	= &rum_m_callbacks;
2364 	macp->m_min_sdu		= 0;
2365 	macp->m_max_sdu		= IEEE80211_MTU;
2366 	macp->m_pdata		= &wd;
2367 	macp->m_pdata_size	= sizeof (wd);
2368 
2369 	err = mac_register(macp, &ic->ic_mach);
2370 	mac_free(macp);
2371 	if (err != 0) {
2372 		RAL_DEBUG(RAL_DBG_ERR, "rum_attach(): "
2373 		    "mac_register() err %x\n", err);
2374 		goto fail3;
2375 	}
2376 
2377 	if (usb_register_hotplug_cbs(devinfo, rum_disconnect,
2378 	    rum_reconnect) != USB_SUCCESS) {
2379 		RAL_DEBUG(RAL_DBG_ERR,
2380 		    "rum_attach() failed to register events");
2381 		goto fail4;
2382 	}
2383 
2384 	/*
2385 	 * Create minor node of type DDI_NT_NET_WIFI
2386 	 */
2387 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
2388 	    "rum", instance);
2389 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
2390 	    instance + 1, DDI_NT_NET_WIFI, 0);
2391 
2392 	if (err != DDI_SUCCESS)
2393 		RAL_DEBUG(RAL_DBG_ERR, "ddi_create_minor_node() failed\n");
2394 
2395 	/*
2396 	 * Notify link is down now
2397 	 */
2398 	mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
2399 
2400 	RAL_DEBUG(RAL_DBG_MSG, "rum_attach() done successfully.\n");
2401 	return (DDI_SUCCESS);
2402 
2403 fail4:
2404 	(void) mac_unregister(ic->ic_mach);
2405 fail3:
2406 	mutex_destroy(&sc->sc_genlock);
2407 	mutex_destroy(&sc->tx_lock);
2408 	mutex_destroy(&sc->rx_lock);
2409 fail2:
2410 	usb_client_detach(sc->sc_dev, sc->sc_udev);
2411 fail1:
2412 	ddi_soft_state_free(rum_soft_state_p, ddi_get_instance(devinfo));
2413 
2414 	return (DDI_FAILURE);
2415 }
2416 
2417 static int
2418 rum_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
2419 {
2420 	struct rum_softc *sc;
2421 
2422 	RAL_DEBUG(RAL_DBG_MSG, "rum_detach()\n");
2423 	sc = ddi_get_soft_state(rum_soft_state_p, ddi_get_instance(devinfo));
2424 
2425 	if (cmd != DDI_DETACH)
2426 		return (DDI_FAILURE);
2427 
2428 	rum_stop(sc);
2429 	usb_unregister_hotplug_cbs(devinfo);
2430 
2431 	/*
2432 	 * Unregister from the MAC layer subsystem
2433 	 */
2434 	if (mac_unregister(sc->sc_ic.ic_mach) != 0)
2435 		return (DDI_FAILURE);
2436 
2437 	/*
2438 	 * detach ieee80211 layer
2439 	 */
2440 	ieee80211_detach(&sc->sc_ic);
2441 
2442 	mutex_destroy(&sc->sc_genlock);
2443 	mutex_destroy(&sc->tx_lock);
2444 	mutex_destroy(&sc->rx_lock);
2445 
2446 	/* pipes will be closed in rum_stop() */
2447 	usb_client_detach(devinfo, sc->sc_udev);
2448 	sc->sc_udev = NULL;
2449 
2450 	ddi_remove_minor_node(devinfo, NULL);
2451 	ddi_soft_state_free(rum_soft_state_p, ddi_get_instance(devinfo));
2452 
2453 	return (DDI_SUCCESS);
2454 }
2455 
2456 int
2457 _info(struct modinfo *modinfop)
2458 {
2459 	return (mod_info(&modlinkage, modinfop));
2460 }
2461 
2462 int
2463 _init(void)
2464 {
2465 	int status;
2466 
2467 	status = ddi_soft_state_init(&rum_soft_state_p,
2468 	    sizeof (struct rum_softc), 1);
2469 	if (status != 0)
2470 		return (status);
2471 
2472 	mac_init_ops(&rum_dev_ops, "rum");
2473 	status = mod_install(&modlinkage);
2474 	if (status != 0) {
2475 		mac_fini_ops(&rum_dev_ops);
2476 		ddi_soft_state_fini(&rum_soft_state_p);
2477 	}
2478 	return (status);
2479 }
2480 
2481 int
2482 _fini(void)
2483 {
2484 	int status;
2485 
2486 	status = mod_remove(&modlinkage);
2487 	if (status == 0) {
2488 		mac_fini_ops(&rum_dev_ops);
2489 		ddi_soft_state_fini(&rum_soft_state_p);
2490 	}
2491 	return (status);
2492 }
2493