xref: /illumos-gate/usr/src/uts/common/io/rwn/rt2860.c (revision 2a6e99a0f1f7d22c0396e8b2ce9b9babbd1056cf)
1 /*
2  * Copyright 2017 Gary Mills
3  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
4  * Use is subject to license terms.
5  */
6 
7 /*
8  * Copyright (c) 2007, 2008
9  *	Damien Bergamini <damien.bergamini@free.fr>
10  *
11  * Permission to use, copy, modify, and distribute this software for any
12  * purpose with or without fee is hereby granted, provided that the above
13  * copyright notice and this permission notice appear in all copies.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22  */
23 
24 /*
25  * Ralink Technology RT2860 chipset driver
26  * http://www.ralinktech.com/
27  */
28 
29 #include <sys/types.h>
30 #include <sys/byteorder.h>
31 #include <sys/conf.h>
32 #include <sys/cmn_err.h>
33 #include <sys/stat.h>
34 #include <sys/ddi.h>
35 #include <sys/sunddi.h>
36 #include <sys/strsubr.h>
37 #include <inet/common.h>
38 #include <sys/note.h>
39 #include <sys/stream.h>
40 #include <sys/strsun.h>
41 #include <sys/modctl.h>
42 #include <sys/devops.h>
43 #include <sys/mac_provider.h>
44 #include <sys/mac_wifi.h>
45 #include <sys/net80211.h>
46 #include <sys/net80211_proto.h>
47 #include <sys/varargs.h>
48 #include <sys/pci.h>
49 #include <sys/crypto/common.h>
50 #include <sys/crypto/api.h>
51 #include <inet/wifi_ioctl.h>
52 
53 #include "rt2860_reg.h"
54 #include "rt2860_var.h"
55 
56 #define	RT2860_DBG_80211	(1 << 0)
57 #define	RT2860_DBG_DMA		(1 << 1)
58 #define	RT2860_DBG_EEPROM	(1 << 2)
59 #define	RT2860_DBG_FW		(1 << 3)
60 #define	RT2860_DBG_HW		(1 << 4)
61 #define	RT2860_DBG_INTR		(1 << 5)
62 #define	RT2860_DBG_RX		(1 << 6)
63 #define	RT2860_DBG_SCAN		(1 << 7)
64 #define	RT2860_DBG_TX		(1 << 8)
65 #define	RT2860_DBG_RADIO	(1 << 9)
66 #define	RT2860_DBG_RESUME	(1 << 10)
67 #define	RT2860_DBG_MSG		(1 << 11)
68 
69 uint32_t rt2860_dbg_flags = 0x0;
70 
71 #ifdef DEBUG
72 #define	RWN_DEBUG \
73 	rt2860_debug
74 #else
75 #define	RWN_DEBUG
76 #endif
77 
78 static void *rt2860_soft_state_p = NULL;
79 static uint8_t rt2860_fw_bin [] = {
80 #include "fw-rt2860/rt2860.ucode"
81 };
82 
83 static const struct ieee80211_rateset rt2860_rateset_11b =
84 	{ 4, { 2, 4, 11, 22 } };
85 
86 static const struct ieee80211_rateset rt2860_rateset_11g =
87 	{ 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
88 
89 static const struct {
90 	uint32_t	reg;
91 	uint32_t	val;
92 } rt2860_def_mac[] = {
93 	RT2860_DEF_MAC
94 };
95 
96 static const struct {
97 	uint8_t	reg;
98 	uint8_t	val;
99 } rt2860_def_bbp[] = {
100 	RT2860_DEF_BBP
101 };
102 
103 static const struct rfprog {
104 	uint8_t		chan;
105 	uint32_t	r1, r2, r3, r4;
106 } rt2860_rf2850[] = {
107 	RT2860_RF2850
108 };
109 
110 /*
111  * PIO access attributes for registers
112  */
113 static ddi_device_acc_attr_t rwn_csr_accattr = {
114 	DDI_DEVICE_ATTR_V0,
115 	DDI_STRUCTURE_LE_ACC,
116 	DDI_STRICTORDER_ACC
117 };
118 
119 /*
120  * DMA access attributes for descriptors: NOT to be byte swapped.
121  */
122 static ddi_device_acc_attr_t rt2860_desc_accattr = {
123 	DDI_DEVICE_ATTR_V0,
124 	DDI_STRUCTURE_LE_ACC,
125 	DDI_STRICTORDER_ACC
126 };
127 
128 static ddi_device_acc_attr_t rt2860_buf_accattr = {
129 	DDI_DEVICE_ATTR_V0,
130 	DDI_NEVERSWAP_ACC,
131 	DDI_STRICTORDER_ACC,
132 	DDI_DEFAULT_ACC
133 };
134 
135 /*
136  * Describes the chip's DMA engine
137  */
138 static ddi_dma_attr_t rt2860_dma_attr = {
139 	DMA_ATTR_V0,			/* dma_attr version */
140 	0x0,				/* dma_attr_addr_lo */
141 	0xffffffffU,			/* dma_attr_addr_hi */
142 	0xffffffffU,			/* dma_attr_count_max */
143 	16,				/* dma_attr_align */
144 	0x00000fff,			/* dma_attr_burstsizes */
145 	1,				/* dma_attr_minxfer */
146 	0xffffffffU,			/* dma_attr_maxxfer */
147 	0xffffffffU,			/* dma_attr_seg */
148 	1,				/* dma_attr_sgllen */
149 	1,				/* dma_attr_granular */
150 	0				/* dma_attr_flags */
151 };
152 
153 static uint16_t	rt2860_eeprom_read(struct rt2860_softc *, uint8_t);
154 static int 	rt2860_read_eeprom(struct rt2860_softc *);
155 const char	*rt2860_get_rf(uint8_t);
156 static int	rt2860_alloc_dma_mem(dev_info_t *, ddi_dma_attr_t *, size_t,
157 		    ddi_device_acc_attr_t *, uint_t, uint_t, struct dma_area *);
158 static void	rt2860_free_dma_mem(struct dma_area *);
159 static int	rt2860_alloc_tx_ring(struct rt2860_softc *,
160 		    struct rt2860_tx_ring *);
161 static void	rt2860_free_tx_ring(struct rt2860_softc *,
162 		    struct rt2860_tx_ring *);
163 static int	rt2860_alloc_rx_ring(struct rt2860_softc *,
164 		    struct rt2860_rx_ring *);
165 static void	rt2860_free_rx_ring(struct rt2860_softc *,
166 		    struct rt2860_rx_ring *);
167 static int	rt2860_alloc_tx_pool(struct rt2860_softc *);
168 static void	rt2860_free_tx_pool(struct rt2860_softc *);
169 static uint16_t	rt2860_txtime(int, int, uint32_t);
170 static int	rt2860_ack_rate(struct ieee80211com *, int);
171 static int	rt2860_send(ieee80211com_t *, mblk_t *, uint8_t);
172 static uint8_t	rt2860_maxrssi_chain(struct rt2860_softc *,
173 		    const struct rt2860_rxwi *);
174 static void	rt2860_drain_stats_fifo(struct rt2860_softc *);
175 static void	rt2860_tx_intr(struct rt2860_softc *, int);
176 static void	rt2860_rx_intr(struct rt2860_softc *);
177 static uint_t	rt2860_softintr(caddr_t);
178 static uint_t	rt2860_intr(caddr_t);
179 static void	rt2860_set_region_4(struct rt2860_softc *,
180 		    uint32_t, uint32_t, int);
181 static int	rt2860_load_microcode(struct rt2860_softc *);
182 static void	rt2860_set_macaddr(struct rt2860_softc *, const uint8_t *);
183 static int	rt2860_bbp_init(struct rt2860_softc *);
184 static uint8_t	rt2860_mcu_bbp_read(struct rt2860_softc *, uint8_t);
185 static void	rt2860_mcu_bbp_write(struct rt2860_softc *, uint8_t, uint8_t);
186 static int	rt2860_mcu_cmd(struct rt2860_softc *, uint8_t, uint16_t);
187 static void	rt2860_rf_write(struct rt2860_softc *, uint8_t, uint32_t);
188 static void	rt2860_select_chan_group(struct rt2860_softc *, int);
189 static void	rt2860_set_chan(struct rt2860_softc *,
190 		    struct ieee80211_channel *);
191 static void	rt2860_updateprot(struct ieee80211com *);
192 static void	rt2860_set_leds(struct rt2860_softc *, uint16_t);
193 static void	rt2860_next_scan(void *);
194 static void	rt2860_iter_func(void *, struct ieee80211_node *);
195 static void	rt2860_updateslot(struct rt2860_softc *);
196 static uint8_t	rt2860_rate2mcs(uint8_t);
197 static void	rt2860_enable_mrr(struct rt2860_softc *);
198 static void	rt2860_set_txpreamble(struct rt2860_softc *);
199 static void	rt2860_set_basicrates(struct rt2860_softc *);
200 static void	rt2860_set_bssid(struct rt2860_softc *, const uint8_t *);
201 static void	rt2860_amrr_node_init(const struct rt2860_amrr *,
202 		    struct rt2860_amrr_node *);
203 static void	rt2860_amrr_choose(struct rt2860_amrr *,
204 		    struct ieee80211_node *, struct rt2860_amrr_node *);
205 static void	rt2860_newassoc(struct ieee80211com *, struct ieee80211_node *,
206 		    int);
207 static void	rt2860_enable_tsf_sync(struct rt2860_softc *);
208 static int	rt2860_newstate(struct ieee80211com *,
209 		    enum ieee80211_state, int);
210 static int	rt2860_init(struct rt2860_softc *);
211 static void	rt2860_stop(struct rt2860_softc *);
212 static int	rt2860_quiesce(dev_info_t *t);
213 
214 /*
215  * device operations
216  */
217 static int rt2860_attach(dev_info_t *, ddi_attach_cmd_t);
218 static int rt2860_detach(dev_info_t *, ddi_detach_cmd_t);
219 
220 /*
221  * Module Loading Data & Entry Points
222  */
223 DDI_DEFINE_STREAM_OPS(rwn_dev_ops, nulldev, nulldev, rt2860_attach,
224     rt2860_detach, nodev, NULL, D_MP, NULL, rt2860_quiesce);
225 
226 static struct modldrv rwn_modldrv = {
227 	&mod_driverops,		/* Type of module.  This one is a driver */
228 	"Ralink RT2700/2800 driver v1.2",	/* short description */
229 	&rwn_dev_ops		/* driver specific ops */
230 };
231 
232 static struct modlinkage modlinkage = {
233 	MODREV_1,
234 	(void *)&rwn_modldrv,
235 	NULL
236 };
237 
238 static int	rt2860_m_stat(void *,  uint_t, uint64_t *);
239 static int	rt2860_m_start(void *);
240 static void	rt2860_m_stop(void *);
241 static int	rt2860_m_promisc(void *, boolean_t);
242 static int	rt2860_m_multicst(void *, boolean_t, const uint8_t *);
243 static int	rt2860_m_unicst(void *, const uint8_t *);
244 static mblk_t	*rt2860_m_tx(void *, mblk_t *);
245 static void	rt2860_m_ioctl(void *, queue_t *, mblk_t *);
246 static int	rt2860_m_setprop(void *arg, const char *pr_name,
247 		    mac_prop_id_t wldp_pr_num,
248 		    uint_t wldp_length, const void *wldp_buf);
249 static void	rt2860_m_propinfo(void *arg, const char *pr_name,
250 		    mac_prop_id_t wldp_pr_num, mac_prop_info_handle_t prh);
251 static int	rt2860_m_getprop(void *arg, const char *pr_name,
252 		    mac_prop_id_t wldp_pr_num, uint_t wldp_length,
253 		    void *wldp_buf);
254 
255 static mac_callbacks_t rt2860_m_callbacks = {
256 	MC_IOCTL | MC_SETPROP | MC_GETPROP | MC_PROPINFO,
257 	rt2860_m_stat,
258 	rt2860_m_start,
259 	rt2860_m_stop,
260 	rt2860_m_promisc,
261 	rt2860_m_multicst,
262 	rt2860_m_unicst,
263 	rt2860_m_tx,
264 	NULL,
265 	rt2860_m_ioctl,
266 	NULL,
267 	NULL,
268 	NULL,
269 	rt2860_m_setprop,
270 	rt2860_m_getprop,
271 	rt2860_m_propinfo
272 };
273 
274 #ifdef DEBUG
275 void
276 rt2860_debug(uint32_t dbg_flags, const int8_t *fmt, ...)
277 {
278 	va_list args;
279 
280 	if (dbg_flags & rt2860_dbg_flags) {
281 		va_start(args, fmt);
282 		vcmn_err(CE_CONT, fmt, args);
283 		va_end(args);
284 	}
285 }
286 #endif
287 
288 const char *
289 rt2860_get_rf(uint8_t rev)
290 {
291 	switch (rev) {
292 	case RT2860_RF_2820:	return "RT2820";
293 	case RT2860_RF_2850:	return "RT2850";
294 	case RT2860_RF_2720:	return "RT2720";
295 	case RT2860_RF_2750:	return "RT2750";
296 	default:		return "unknown";
297 	}
298 }
299 
300 /*
301  * Read 16 bits at address 'addr' from the serial EEPROM (either 93C46,
302  * 93C66 or 93C86).
303  */
304 static uint16_t
305 rt2860_eeprom_read(struct rt2860_softc *sc, uint8_t addr)
306 {
307 	int		n;
308 	uint16_t	val;
309 	uint32_t	tmp;
310 
311 	/* clock C once before the first command */
312 	RT2860_EEPROM_CTL(sc, 0);
313 
314 	RT2860_EEPROM_CTL(sc, RT2860_S);
315 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
316 	RT2860_EEPROM_CTL(sc, RT2860_S);
317 
318 	/* write start bit (1) */
319 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
320 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
321 
322 	/* write READ opcode (10) */
323 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
324 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
325 	RT2860_EEPROM_CTL(sc, RT2860_S);
326 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
327 
328 	/* write address (A5-A0 or A7-A0) */
329 	n = ((RT2860_READ(sc, RT2860_PCI_EECTRL) & 0x30) == 0) ? 5 : 7;
330 	for (; n >= 0; n--) {
331 		RT2860_EEPROM_CTL(sc, RT2860_S |
332 		    (((addr >> n) & 1) << RT2860_SHIFT_D));
333 		RT2860_EEPROM_CTL(sc, RT2860_S |
334 		    (((addr >> n) & 1) << RT2860_SHIFT_D) | RT2860_C);
335 	}
336 
337 	RT2860_EEPROM_CTL(sc, RT2860_S);
338 
339 	/* read data Q15-Q0 */
340 	val = 0;
341 	for (n = 15; n >= 0; n--) {
342 		RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
343 		tmp = RT2860_READ(sc, RT2860_PCI_EECTRL);
344 		val |= ((tmp & RT2860_Q) >> RT2860_SHIFT_Q) << n;
345 		RT2860_EEPROM_CTL(sc, RT2860_S);
346 	}
347 
348 	RT2860_EEPROM_CTL(sc, 0);
349 
350 	/* clear Chip Select and clock C */
351 	RT2860_EEPROM_CTL(sc, RT2860_S);
352 	RT2860_EEPROM_CTL(sc, 0);
353 	RT2860_EEPROM_CTL(sc, RT2860_C);
354 
355 	return (val);
356 }
357 
358 /*
359  * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
360  * Used to adjust per-rate Tx power registers.
361  */
362 static inline uint32_t
363 b4inc(uint32_t b32, int8_t delta)
364 {
365 	int8_t i, b4;
366 
367 	for (i = 0; i < 8; i++) {
368 		b4 = b32 & 0xf;
369 		b4 += delta;
370 		if (b4 < 0)
371 			b4 = 0;
372 		else if (b4 > 0xf)
373 			b4 = 0xf;
374 		b32 = b32 >> 4 | b4 << 28;
375 	}
376 	return (b32);
377 }
378 
379 static int
380 rt2860_read_eeprom(struct rt2860_softc *sc)
381 {
382 	struct ieee80211com	*ic = &sc->sc_ic;
383 	int			ridx, ant, i;
384 	int8_t			delta_2ghz, delta_5ghz;
385 	uint16_t		val;
386 
387 	/* read EEPROM version */
388 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_VERSION);
389 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
390 	    "EEPROM rev=%d, FAE=%d\n",
391 	    val & 0xff, val >> 8);
392 
393 	/* read MAC address */
394 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_MAC01);
395 	ic->ic_macaddr[0] = val & 0xff;
396 	ic->ic_macaddr[1] = val >> 8;
397 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_MAC23);
398 	ic->ic_macaddr[2] = val & 0xff;
399 	ic->ic_macaddr[3] = val >> 8;
400 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_MAC45);
401 	ic->ic_macaddr[4] = val & 0xff;
402 	ic->ic_macaddr[5] = val >> 8;
403 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
404 	    "MAC address is: %x:%x:%x:%x:%x:%x\n",
405 	    ic->ic_macaddr[0], ic->ic_macaddr[1],
406 	    ic->ic_macaddr[2], ic->ic_macaddr[3],
407 	    ic->ic_macaddr[4], ic->ic_macaddr[5]);
408 
409 	/* read country code */
410 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_COUNTRY);
411 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
412 	    "EEPROM region code=0x%04x\n", val);
413 
414 	/* read default BBP settings */
415 	for (i = 0; i < 8; i++) {
416 		val = rt2860_eeprom_read(sc, RT2860_EEPROM_BBP_BASE + i);
417 		sc->bbp[i].val = val & 0xff;
418 		sc->bbp[i].reg = val >> 8;
419 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
420 		    "BBP%d=0x%02x\n",
421 		    sc->bbp[i].reg, sc->bbp[i].val);
422 	}
423 
424 	/* read RF frequency offset from EEPROM */
425 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_FREQ_LEDS);
426 	sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
427 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
428 	    "EEPROM freq offset %d\n", sc->freq & 0xff);
429 
430 	if ((sc->leds = val >> 8) != 0xff) {
431 		/* read LEDs operating mode */
432 		sc->led[0] = rt2860_eeprom_read(sc, RT2860_EEPROM_LED1);
433 		sc->led[1] = rt2860_eeprom_read(sc, RT2860_EEPROM_LED2);
434 		sc->led[2] = rt2860_eeprom_read(sc, RT2860_EEPROM_LED3);
435 	} else {
436 		/* broken EEPROM, use default settings */
437 		sc->leds = 0x01;
438 		sc->led[0] = 0x5555;
439 		sc->led[1] = 0x2221;
440 		sc->led[2] = 0xa9f8;
441 	}
442 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
443 	    "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
444 	    sc->leds, sc->led[0], sc->led[1], sc->led[2]);
445 
446 	/* read RF information */
447 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_ANTENNA);
448 	if (val == 0xffff) {
449 		/* broken EEPROM, default to RF2820 1T2R */
450 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
451 		    "invalid EEPROM antenna info, using default\n");
452 		sc->rf_rev = RT2860_RF_2820;
453 		sc->ntxchains = 1;
454 		sc->nrxchains = 2;
455 	} else {
456 		sc->rf_rev = (val >> 8) & 0xf;
457 		sc->ntxchains = (val >> 4) & 0xf;
458 		sc->nrxchains = val & 0xf;
459 	}
460 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
461 	    "EEPROM RF rev=0x%02x chains=%dT%dR\n",
462 	    sc->rf_rev, sc->ntxchains, sc->nrxchains);
463 
464 	/* check if RF supports automatic Tx access gain control */
465 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_CONFIG);
466 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
467 	    "EEPROM CFG 0x%04x\n", val);
468 	if ((val & 0xff) != 0xff)
469 		sc->calib_2ghz = sc->calib_5ghz = 0; /* XXX (val >> 1) & 1 */;
470 
471 	if (sc->sc_flags & RT2860_ADVANCED_PS) {
472 		/* read PCIe power save level */
473 		val = rt2860_eeprom_read(sc, RT2860_EEPROM_PCIE_PSLEVEL);
474 		if ((val & 0xff) != 0xff) {
475 			sc->pslevel = val & 0x3;
476 			val = rt2860_eeprom_read(sc, RT2860_EEPROM_REV);
477 			if (val >> 8 != 0x92 || !(val & 0x80))
478 				sc->pslevel = MIN(sc->pslevel, 1);
479 			RWN_DEBUG(RT2860_DBG_EEPROM,
480 			    "rwn: rt2860_read_eeprom(): "
481 			    "EEPROM PCIe PS Level=%d\n",
482 			    sc->pslevel);
483 		}
484 	}
485 	/* read power settings for 2GHz channels */
486 	for (i = 0; i < 14; i += 2) {
487 		val = rt2860_eeprom_read(sc,
488 		    RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2);
489 		sc->txpow1[i + 0] = (int8_t)(val & 0xff);
490 		sc->txpow1[i + 1] = (int8_t)(val >> 8);
491 
492 		val = rt2860_eeprom_read(sc,
493 		    RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2);
494 		sc->txpow2[i + 0] = (int8_t)(val & 0xff);
495 		sc->txpow2[i + 1] = (int8_t)(val >> 8);
496 	}
497 	/* fix broken Tx power entries */
498 	for (i = 0; i < 14; i++) {
499 		if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
500 			sc->txpow1[i] = 5;
501 		if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
502 			sc->txpow2[i] = 5;
503 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
504 		    "chan %d: power1=%d, power2=%d\n",
505 		    rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
506 	}
507 	/* read power settings for 5GHz channels */
508 	for (i = 0; i < 36; i += 2) {
509 		val = rt2860_eeprom_read(sc,
510 		    RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2);
511 		sc->txpow1[i + 14] = (int8_t)(val & 0xff);
512 		sc->txpow1[i + 15] = (int8_t)(val >> 8);
513 
514 		val = rt2860_eeprom_read(sc,
515 		    RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2);
516 		sc->txpow2[i + 14] = (int8_t)(val & 0xff);
517 		sc->txpow2[i + 15] = (int8_t)(val >> 8);
518 	}
519 	/* fix broken Tx power entries */
520 	for (i = 0; i < 35; i++) {
521 		if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
522 			sc->txpow1[14 + i] = 5;
523 		if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
524 			sc->txpow2[14 + i] = 5;
525 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
526 		    "chan %d: power1=%d, power2=%d\n",
527 		    rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
528 		    sc->txpow2[14 + i]);
529 	}
530 
531 	/* read Tx power compensation for each Tx rate */
532 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_DELTAPWR);
533 	delta_2ghz = delta_5ghz = 0;
534 	if ((val & 0xff) != 0xff && (val & 0x80)) {
535 		delta_2ghz = val & 0xf;
536 		if (!(val & 0x40))	/* negative number */
537 			delta_2ghz = -delta_2ghz;
538 	}
539 	val >>= 8;
540 	if ((val & 0xff) != 0xff && (val & 0x80)) {
541 		delta_5ghz = val & 0xf;
542 		if (!(val & 0x40))	/* negative number */
543 			delta_5ghz = -delta_5ghz;
544 	}
545 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
546 	    "power compensation=%d (2GHz), %d (5GHz) \n",
547 	    delta_2ghz, delta_5ghz);
548 
549 	for (ridx = 0; ridx < 5; ridx++) {
550 		uint32_t	reg;
551 
552 		val = rt2860_eeprom_read(sc, RT2860_EEPROM_RPWR + ridx);
553 		reg = (uint32_t)val << 16;
554 		val = rt2860_eeprom_read(sc, RT2860_EEPROM_RPWR + ridx + 1);
555 		reg |= val;
556 
557 		sc->txpow20mhz[ridx] = reg;
558 		sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
559 		sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
560 
561 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
562 		    "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
563 		    "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
564 		    sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
565 	}
566 
567 	/* read factory-calibrated samples for temperature compensation */
568 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI1_2GHZ);
569 	sc->tssi_2ghz[0] = val & 0xff;	/* [-4] */
570 	sc->tssi_2ghz[1] = val >> 8;	/* [-3] */
571 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI2_2GHZ);
572 	sc->tssi_2ghz[2] = val & 0xff;	/* [-2] */
573 	sc->tssi_2ghz[3] = val >> 8;	/* [-1] */
574 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI3_2GHZ);
575 	sc->tssi_2ghz[4] = val & 0xff;	/* [+0] */
576 	sc->tssi_2ghz[5] = val >> 8;	/* [+1] */
577 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI4_2GHZ);
578 	sc->tssi_2ghz[6] = val & 0xff;	/* [+2] */
579 	sc->tssi_2ghz[7] = val >> 8;	/* [+3] */
580 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI5_2GHZ);
581 	sc->tssi_2ghz[8] = val & 0xff;	/* [+4] */
582 	sc->step_2ghz = val >> 8;
583 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
584 	    "TSSI 2GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
585 	    "0x%02x 0x%02x step=%d\n", sc->tssi_2ghz[0], sc->tssi_2ghz[1],
586 	    sc->tssi_2ghz[2], sc->tssi_2ghz[3], sc->tssi_2ghz[4],
587 	    sc->tssi_2ghz[5], sc->tssi_2ghz[6], sc->tssi_2ghz[7],
588 	    sc->tssi_2ghz[8], sc->step_2ghz);
589 	/* check that ref value is correct, otherwise disable calibration */
590 	if (sc->tssi_2ghz[4] == 0xff)
591 		sc->calib_2ghz = 0;
592 
593 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI1_5GHZ);
594 	sc->tssi_5ghz[0] = val & 0xff;	/* [-4] */
595 	sc->tssi_5ghz[1] = val >> 8;	/* [-3] */
596 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI2_5GHZ);
597 	sc->tssi_5ghz[2] = val & 0xff;	/* [-2] */
598 	sc->tssi_5ghz[3] = val >> 8;	/* [-1] */
599 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI3_5GHZ);
600 	sc->tssi_5ghz[4] = val & 0xff;	/* [+0] */
601 	sc->tssi_5ghz[5] = val >> 8;	/* [+1] */
602 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI4_5GHZ);
603 	sc->tssi_5ghz[6] = val & 0xff;	/* [+2] */
604 	sc->tssi_5ghz[7] = val >> 8;	/* [+3] */
605 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI5_5GHZ);
606 	sc->tssi_5ghz[8] = val & 0xff;	/* [+4] */
607 	sc->step_5ghz = val >> 8;
608 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
609 	    "TSSI 5GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
610 	    "0x%02x 0x%02x step=%d\n", sc->tssi_5ghz[0], sc->tssi_5ghz[1],
611 	    sc->tssi_5ghz[2], sc->tssi_5ghz[3], sc->tssi_5ghz[4],
612 	    sc->tssi_5ghz[5], sc->tssi_5ghz[6], sc->tssi_5ghz[7],
613 	    sc->tssi_5ghz[8], sc->step_5ghz);
614 	/* check that ref value is correct, otherwise disable calibration */
615 	if (sc->tssi_5ghz[4] == 0xff)
616 		sc->calib_5ghz = 0;
617 
618 	/* read RSSI offsets and LNA gains from EEPROM */
619 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_RSSI1_2GHZ);
620 	sc->rssi_2ghz[0] = val & 0xff;	/* Ant A */
621 	sc->rssi_2ghz[1] = val >> 8;	/* Ant B */
622 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_RSSI2_2GHZ);
623 	sc->rssi_2ghz[2] = val & 0xff;	/* Ant C */
624 	sc->lna[2] = val >> 8;		/* channel group 2 */
625 
626 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_RSSI1_5GHZ);
627 	sc->rssi_5ghz[0] = val & 0xff;	/* Ant A */
628 	sc->rssi_5ghz[1] = val >> 8;	/* Ant B */
629 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_RSSI2_5GHZ);
630 	sc->rssi_5ghz[2] = val & 0xff;	/* Ant C */
631 	sc->lna[3] = val >> 8;		/* channel group 3 */
632 
633 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_LNA);
634 	sc->lna[0] = val & 0xff;	/* channel group 0 */
635 	sc->lna[1] = val >> 8;		/* channel group 1 */
636 
637 	/* fix broken 5GHz LNA entries */
638 	if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
639 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
640 		    "invalid LNA for channel group %d\n", 2);
641 		sc->lna[2] = sc->lna[1];
642 	}
643 	if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
644 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
645 		    "invalid LNA for channel group %d\n", 3);
646 		sc->lna[3] = sc->lna[1];
647 	}
648 
649 	/* fix broken RSSI offset entries */
650 	for (ant = 0; ant < 3; ant++) {
651 		if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
652 			RWN_DEBUG(RT2860_DBG_EEPROM,
653 			    "rwn: rt2860_read_eeprom(): "
654 			    "invalid RSSI%d offset: %d (2GHz)\n",
655 			    ant + 1, sc->rssi_2ghz[ant]);
656 			sc->rssi_2ghz[ant] = 0;
657 		}
658 		if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
659 			RWN_DEBUG(RT2860_DBG_EEPROM,
660 			    "rwn: rt2860_read_eeprom(): "
661 			    "invalid RSSI%d offset: %d (2GHz)\n",
662 			    ant + 1, sc->rssi_5ghz[ant]);
663 			sc->rssi_5ghz[ant] = 0;
664 		}
665 	}
666 
667 	return (RT2860_SUCCESS);
668 }
669 
670 /*
671  * Allocate an DMA memory and a DMA handle for accessing it
672  */
673 static int
674 rt2860_alloc_dma_mem(dev_info_t *devinfo, ddi_dma_attr_t *dma_attr,
675     size_t memsize, ddi_device_acc_attr_t *attr_p, uint_t alloc_flags,
676     uint_t bind_flags, struct dma_area *dma_p)
677 {
678 	int	err;
679 
680 	/*
681 	 * Allocate handle
682 	 */
683 	err = ddi_dma_alloc_handle(devinfo, dma_attr,
684 	    DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl);
685 	if (err != DDI_SUCCESS) {
686 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rwn_allo_dma_mem(): "
687 		    "failed to alloc handle\n");
688 		goto fail1;
689 	}
690 
691 	/*
692 	 * Allocate memory
693 	 */
694 	err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, attr_p,
695 	    alloc_flags, DDI_DMA_SLEEP, NULL, &dma_p->mem_va,
696 	    &dma_p->alength, &dma_p->acc_hdl);
697 	if (err != DDI_SUCCESS) {
698 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rwn_alloc_dma_mem(): "
699 		    "failed to alloc mem\n");
700 		goto fail2;
701 	}
702 
703 	/*
704 	 * Bind the two together
705 	 */
706 	err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL,
707 	    dma_p->mem_va, dma_p->alength, bind_flags,
708 	    DDI_DMA_SLEEP, NULL, &dma_p->cookie, &dma_p->ncookies);
709 	if (err != DDI_DMA_MAPPED) {
710 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rwn_alloc_dma_mem(): "
711 		    "failed to bind handle\n");
712 		goto fail3;
713 	}
714 
715 	if (dma_p->ncookies != 1) {
716 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rwn_alloc_dma_mem(): "
717 		    "failed to alloc cookies\n");
718 		goto fail4;
719 	}
720 
721 	dma_p->nslots = ~0U;
722 	dma_p->size = ~0U;
723 	dma_p->token = ~0U;
724 	dma_p->offset = 0;
725 	return (DDI_SUCCESS);
726 
727 fail4:
728 	(void) ddi_dma_unbind_handle(dma_p->dma_hdl);
729 fail3:
730 	ddi_dma_mem_free(&dma_p->acc_hdl);
731 fail2:
732 	ddi_dma_free_handle(&dma_p->dma_hdl);
733 fail1:
734 	return (err);
735 }
736 
737 static void
738 rt2860_free_dma_mem(struct dma_area *dma_p)
739 {
740 	if (dma_p->dma_hdl != NULL) {
741 		(void) ddi_dma_unbind_handle(dma_p->dma_hdl);
742 		if (dma_p->acc_hdl != NULL) {
743 			ddi_dma_mem_free(&dma_p->acc_hdl);
744 			dma_p->acc_hdl = NULL;
745 		}
746 		ddi_dma_free_handle(&dma_p->dma_hdl);
747 		dma_p->ncookies = 0;
748 		dma_p->dma_hdl = NULL;
749 	}
750 }
751 
752 /*ARGSUSED*/
753 static int
754 rt2860_alloc_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
755 {
756 	int	size, err;
757 
758 	size = RT2860_TX_RING_COUNT * sizeof (struct rt2860_txd);
759 
760 	err = rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr, size,
761 	    &rt2860_desc_accattr, DDI_DMA_CONSISTENT,
762 	    DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
763 	    &ring->txdesc_dma);
764 	if (err != DDI_SUCCESS) {
765 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_alloc_tx_ring(): "
766 		    "failed to alloc dma mem\n");
767 		goto fail1;
768 	}
769 
770 	ring->txd = (struct rt2860_txd *)ring->txdesc_dma.mem_va;
771 	ring->paddr = ring->txdesc_dma.cookie.dmac_address;
772 
773 	ring->cur = 0;
774 	ring->next = 0;
775 	ring->queued = 0;
776 
777 	(void) bzero(ring->txd, size);
778 	RT2860_DMA_SYNC(ring->txdesc_dma, DDI_DMA_SYNC_FORDEV);
779 	return (DDI_SUCCESS);
780 fail1:
781 	return (err);
782 }
783 
784 void
785 rt2860_reset_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
786 {
787 	struct rt2860_tx_data *data;
788 	int i;
789 
790 	for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
791 		ring->txd[i].sdl0 &= ~LE_16(RT2860_TX_DDONE);
792 
793 		if ((data = ring->data[i]) == NULL)
794 			continue;	/* nothing mapped in this slot */
795 
796 		/* by pass if it's quiesced */
797 		if (!(sc->sc_flags & RT2860_F_QUIESCE))
798 			RT2860_DMA_SYNC(data->txbuf_dma, DDI_DMA_SYNC_FORDEV);
799 
800 		if (data->ni != NULL) {
801 			ieee80211_free_node(data->ni);
802 			data->ni = NULL;	/* node already freed */
803 		}
804 
805 		SLIST_INSERT_HEAD(&sc->data_pool, data, next);
806 		ring->data[i] = NULL;
807 	}
808 
809 	/* by pass if it's quiesced */
810 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
811 		RT2860_DMA_SYNC(ring->txdesc_dma, DDI_DMA_SYNC_FORDEV);
812 
813 	ring->queued = 0;
814 	ring->cur = ring->next = 0;
815 }
816 
817 /*ARGSUSED*/
818 static void
819 rt2860_free_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
820 {
821 	if (ring->txd != NULL) {
822 		rt2860_free_dma_mem(&ring->txdesc_dma);
823 	}
824 }
825 
826 static int
827 rt2860_alloc_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
828 {
829 	struct rt2860_rx_data	*data;
830 	struct rt2860_rxd	*rxd;
831 	int			i, err, size, datalen;
832 
833 	size = RT2860_RX_RING_COUNT * sizeof (struct rt2860_rxd);
834 
835 	err = rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr, size,
836 	    &rt2860_desc_accattr, DDI_DMA_CONSISTENT,
837 	    DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
838 	    &ring->rxdesc_dma);
839 	if (err != DDI_SUCCESS) {
840 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_alloc_rx_ring(): "
841 		    "failed to alloc dma mem\n");
842 		goto fail1;
843 	}
844 
845 	ring->rxd = (struct rt2860_rxd *)ring->rxdesc_dma.mem_va;
846 	ring->paddr = ring->rxdesc_dma.cookie.dmac_address;
847 	bzero(ring->rxd, size);
848 
849 	/*
850 	 * Pre-allocate Rx buffers and populate Rx ring.
851 	 */
852 	datalen = RT2860_RX_RING_COUNT * sizeof (struct rt2860_rx_data);
853 	bzero(ring->data, datalen);
854 	for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
855 		rxd = &ring->rxd[i];
856 		data = &ring->data[i];
857 		/* alloc DMA memory */
858 		(void) rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr,
859 		    sc->sc_dmabuf_size,
860 		    &rt2860_buf_accattr,
861 		    DDI_DMA_STREAMING,
862 		    DDI_DMA_READ | DDI_DMA_STREAMING,
863 		    &data->rxbuf_dma);
864 		rxd->sdp0 = LE_32(data->rxbuf_dma.cookie.dmac_address);
865 		rxd->sdl0 = LE_16(sc->sc_dmabuf_size);
866 	}
867 
868 	ring->cur = 0;
869 
870 	RT2860_DMA_SYNC(ring->rxdesc_dma, DDI_DMA_SYNC_FORDEV);
871 	return (DDI_SUCCESS);
872 fail2:
873 	rt2860_free_dma_mem(&ring->rxdesc_dma);
874 fail1:
875 	return (err);
876 }
877 
878 /*ARGSUSED*/
879 void
880 rt2860_reset_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
881 {
882 	int i;
883 
884 	for (i = 0; i < RT2860_RX_RING_COUNT; i++)
885 		ring->rxd[i].sdl0 &= ~LE_16(RT2860_RX_DDONE);
886 
887 	RT2860_DMA_SYNC(ring->rxdesc_dma, DDI_DMA_SYNC_FORDEV);
888 
889 	ring->cur = 0;
890 }
891 
892 /*ARGSUSED*/
893 static void
894 rt2860_free_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
895 {
896 	struct rt2860_rx_data	*data;
897 	int			i, count;
898 
899 	if (ring->rxd != NULL)
900 		rt2860_free_dma_mem(&ring->rxdesc_dma);
901 
902 	count = RT2860_RX_RING_COUNT;
903 	if (ring->data != NULL) {
904 		for (i = 0; i < count; i++) {
905 			data = &ring->data[i];
906 			rt2860_free_dma_mem(&data->rxbuf_dma);
907 		}
908 	}
909 }
910 
911 static int
912 rt2860_alloc_tx_pool(struct rt2860_softc *sc)
913 {
914 	struct rt2860_tx_data	*data;
915 	int			i, err, size;
916 
917 	size = RT2860_TX_POOL_COUNT * sizeof (struct rt2860_txwi);
918 
919 	/* init data_pool early in case of failure.. */
920 	SLIST_INIT(&sc->data_pool);
921 
922 	err = rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr, size,
923 	    &rt2860_desc_accattr, DDI_DMA_CONSISTENT,
924 	    DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
925 	    &sc->txpool_dma);
926 	if (err != DDI_SUCCESS) {
927 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_alloc_tx_pool(): "
928 		    "failed to alloc dma mem\n");
929 		goto fail1;
930 	}
931 
932 	sc->txwi = (struct rt2860_txwi *)sc->txpool_dma.mem_va;
933 	(void) bzero(sc->txwi, size);
934 	RT2860_DMA_SYNC(sc->txpool_dma, DDI_DMA_SYNC_FORDEV);
935 
936 	for (i = 0; i < RT2860_TX_POOL_COUNT; i++) {
937 		data = &sc->data[i];
938 
939 		err = rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr,
940 		    sc->sc_dmabuf_size,
941 		    &rt2860_buf_accattr, DDI_DMA_CONSISTENT,
942 		    DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
943 		    &data->txbuf_dma);
944 		if (err != DDI_SUCCESS) {
945 			RWN_DEBUG(RT2860_DBG_DMA,
946 			    "rwn: rt2860_alloc_tx_pool(): "
947 			    "failed to alloc dma mem\n");
948 			goto fail2;
949 		}
950 		data->txwi = &sc->txwi[i];
951 		data->paddr = sc->txpool_dma.cookie.dmac_address +
952 		    i * sizeof (struct rt2860_txwi);
953 
954 		SLIST_INSERT_HEAD(&sc->data_pool, data, next);
955 	}
956 	return (DDI_SUCCESS);
957 fail2:
958 	rt2860_free_dma_mem(&sc->txpool_dma);
959 fail1:
960 	return (err);
961 }
962 
963 static void
964 rt2860_free_tx_pool(struct rt2860_softc *sc)
965 {
966 	struct rt2860_tx_data	*data;
967 	int	i;
968 
969 	if (sc->txwi != NULL) {
970 		rt2860_free_dma_mem(&sc->txpool_dma);
971 	}
972 
973 	for (i = 0; i < RT2860_TX_POOL_COUNT; i++) {
974 		data = &sc->data[i];
975 		rt2860_free_dma_mem(&data->txbuf_dma);
976 	}
977 }
978 
979 /* quickly determine if a given rate is CCK or OFDM */
980 #define	RT2860_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22)
981 
982 #define	RT2860_ACK_SIZE		14	/* 10 + 4(FCS) */
983 #define	RT2860_SIFS_TIME	10
984 
985 static uint8_t
986 rt2860_rate2mcs(uint8_t rate)
987 {
988 	switch (rate) {
989 	/* CCK rates */
990 	case 2:
991 		return (0);
992 	case 4:
993 		return (1);
994 	case 11:
995 		return (2);
996 	case 22:
997 		return (3);
998 	/* OFDM rates */
999 	case 12:
1000 		return (0);
1001 	case 18:
1002 		return (1);
1003 	case 24:
1004 		return (2);
1005 	case 36:
1006 		return (3);
1007 	case 48:
1008 		return (4);
1009 	case 72:
1010 		return (5);
1011 	case 96:
1012 		return (6);
1013 	case 108:
1014 		return (7);
1015 	}
1016 
1017 	return (0);	/* shouldn't get there */
1018 }
1019 
1020 /*
1021  * Return the expected ack rate for a frame transmitted at rate `rate'.
1022  */
1023 static int
1024 rt2860_ack_rate(struct ieee80211com *ic, int rate)
1025 {
1026 	switch (rate) {
1027 	/* CCK rates */
1028 	case 2:
1029 		return (2);
1030 	case 4:
1031 	case 11:
1032 	case 22:
1033 		return ((ic->ic_curmode == IEEE80211_MODE_11B) ? 4 : rate);
1034 
1035 	/* OFDM rates */
1036 	case 12:
1037 	case 18:
1038 		return (12);
1039 	case 24:
1040 	case 36:
1041 		return (24);
1042 	case 48:
1043 	case 72:
1044 	case 96:
1045 	case 108:
1046 		return (48);
1047 	}
1048 
1049 	/* default to 1Mbps */
1050 	return (2);
1051 }
1052 
1053 
1054 /*
1055  * Compute the duration (in us) needed to transmit `len' bytes at rate `rate'.
1056  * The function automatically determines the operating mode depending on the
1057  * given rate. `flags' indicates whether short preamble is in use or not.
1058  */
1059 static uint16_t
1060 rt2860_txtime(int len, int rate, uint32_t flags)
1061 {
1062 	uint16_t	txtime;
1063 
1064 	if (RT2860_RATE_IS_OFDM(rate)) {
1065 		/* IEEE Std 802.11g-2003, pp. 44 */
1066 		txtime = (8 + 4 * len + 3 + rate - 1) / rate;
1067 		txtime = 16 + 4 + 4 * txtime + 6;
1068 	} else {
1069 		/* IEEE Std 802.11b-1999, pp. 28 */
1070 		txtime = (16 * len + rate - 1) / rate;
1071 		if (rate != 2 && (flags & IEEE80211_F_SHPREAMBLE))
1072 			txtime +=  72 + 24;
1073 		else
1074 			txtime += 144 + 48;
1075 	}
1076 	return (txtime);
1077 }
1078 
1079 static int
1080 rt2860_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
1081 {
1082 	struct rt2860_softc	*sc = (struct rt2860_softc *)ic;
1083 	struct rt2860_tx_ring	*ring;
1084 	struct rt2860_tx_data	*data;
1085 	struct rt2860_txd	*txd;
1086 	struct rt2860_txwi	*txwi;
1087 	struct ieee80211_frame	*wh;
1088 	struct ieee80211_node	*ni;
1089 	int			qid, off, rate, err;
1090 	int			mblen, pktlen;
1091 	uint_t			hdrlen;
1092 	uint8_t			mcs, pid, qsel;
1093 	uint16_t		dur;
1094 	mblk_t			*m, *m0;
1095 
1096 	err = DDI_SUCCESS;
1097 
1098 	mutex_enter(&sc->sc_txlock);
1099 	if (RT2860_IS_SUSPEND(sc)) {
1100 		err = ENXIO;
1101 		goto fail1;
1102 	}
1103 
1104 	if ((type & IEEE80211_FC0_TYPE_MASK) !=
1105 	    IEEE80211_FC0_TYPE_DATA)
1106 		qid = sc->mgtqid;
1107 	else
1108 		qid = EDCA_AC_BE;
1109 	ring = &sc->txq[qid];
1110 
1111 	if (SLIST_EMPTY(&sc->data_pool) || (ring->queued > 15)) {
1112 		sc->sc_need_sched = 1;
1113 		sc->sc_tx_nobuf++;
1114 		err = ENOMEM;
1115 		goto fail1;
1116 	}
1117 
1118 	/* the data pool contains at least one element, pick the first */
1119 	data = SLIST_FIRST(&sc->data_pool);
1120 
1121 	m = allocb(msgdsize(mp) + 32, BPRI_MED);
1122 	if (m == NULL) {
1123 		RWN_DEBUG(RT2860_DBG_TX, "rwn: rt2860_send():"
1124 		    "rt2860_mgmt_send: can't alloc mblk.\n");
1125 		err = DDI_FAILURE;
1126 		goto fail1;
1127 	}
1128 
1129 	for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) {
1130 		mblen = MBLKL(m0);
1131 		(void) bcopy(m0->b_rptr, m->b_rptr + off, mblen);
1132 		off += mblen;
1133 	}
1134 	m->b_wptr += off;
1135 
1136 	wh = (struct ieee80211_frame *)m->b_rptr;
1137 	ni = ieee80211_find_txnode(ic, wh->i_addr1);
1138 	if (ni == NULL) {
1139 		err = DDI_FAILURE;
1140 		sc->sc_tx_err++;
1141 		goto fail2;
1142 	}
1143 
1144 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
1145 	    IEEE80211_FC0_TYPE_DATA)
1146 		(void) ieee80211_encap(ic, m, ni);
1147 
1148 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1149 		struct ieee80211_key *k;
1150 		k = ieee80211_crypto_encap(ic, m);
1151 		if (k == NULL) {
1152 			sc->sc_tx_err++;
1153 			err = DDI_FAILURE;
1154 			goto fail3;
1155 		}
1156 		/* packet header may have moved, reset our local pointer */
1157 		wh = (struct ieee80211_frame *)m->b_rptr;
1158 	}
1159 	pktlen = msgdsize(m);
1160 	hdrlen = sizeof (*wh);
1161 
1162 	/* pickup a rate */
1163 	if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
1164 	    ((type & IEEE80211_FC0_TYPE_MASK) !=
1165 	    IEEE80211_FC0_TYPE_DATA))
1166 		rate = ni->in_rates.ir_rates[0];
1167 	else {
1168 		if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE)
1169 			rate = ic->ic_fixed_rate;
1170 		else
1171 			rate = ni->in_rates.ir_rates[ni->in_txrate];
1172 	}
1173 	rate &= IEEE80211_RATE_VAL;
1174 
1175 	/* get MCS code from rate */
1176 	mcs = rt2860_rate2mcs(rate);
1177 
1178 	/* setup TX Wireless Information */
1179 	txwi = data->txwi;
1180 	(void) bzero(txwi, sizeof (struct rt2860_txwi));
1181 	txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ?
1182 	    RT2860_AID2WCID(ni->in_associd) : 0xff;
1183 	txwi->len = LE_16(pktlen);
1184 	if (!RT2860_RATE_IS_OFDM(rate)) {
1185 		txwi->phy = LE_16(RT2860_PHY_CCK);
1186 		if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
1187 			mcs |= RT2860_PHY_SHPRE;
1188 	} else
1189 		txwi->phy = LE_16(RT2860_PHY_OFDM);
1190 	txwi->phy |= LE_16(mcs);
1191 
1192 	/*
1193 	 * We store the MCS code into the driver-private PacketID field.
1194 	 * The PacketID is latched into TX_STAT_FIFO when Tx completes so
1195 	 * that we know at which initial rate the frame was transmitted.
1196 	 * We add 1 to the MCS code because setting the PacketID field to
1197 	 * 0 means that we don't want feedback in TX_STAT_FIFO.
1198 	 */
1199 	pid = (mcs + 1) & 0xf;
1200 	txwi->len |= LE_16(pid << RT2860_TX_PID_SHIFT);
1201 
1202 	/* check if RTS/CTS or CTS-to-self protection is required */
1203 	if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1204 	    (pktlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold ||
1205 	    ((ic->ic_flags &
1206 	    IEEE80211_F_USEPROT) && RT2860_RATE_IS_OFDM(rate))))
1207 		txwi->txop = RT2860_TX_TXOP_HT;
1208 	else
1209 		txwi->txop = RT2860_TX_TXOP_BACKOFF;
1210 
1211 	if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1212 		txwi->xflags |= RT2860_TX_ACK;
1213 
1214 		dur = rt2860_txtime(RT2860_ACK_SIZE, rt2860_ack_rate(ic, rate),
1215 		    ic->ic_flags) + sc->sifs;
1216 		*(uint16_t *)wh->i_dur = LE_16(dur);
1217 	}
1218 
1219 	/* copy and trim 802.11 header */
1220 	bcopy(wh, &txwi->wh, hdrlen);
1221 	m->b_rptr += hdrlen;
1222 	bcopy(m->b_rptr, data->txbuf_dma.mem_va, pktlen - hdrlen);
1223 
1224 	qsel = (qid < EDCA_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
1225 
1226 	/* first segment is TXWI + 802.11 header */
1227 	txd = &ring->txd[ring->cur];
1228 	txd->sdp0 = LE_32(data->paddr);
1229 	txd->sdl0 = LE_16(16 + hdrlen);
1230 	txd->flags = qsel;
1231 
1232 	/* finalize last segment */
1233 	txd->sdp1 = LE_32(data->txbuf_dma.cookie.dmac_address);
1234 	txd->sdl1 = LE_16(pktlen - hdrlen | RT2860_TX_LS1);
1235 
1236 	/* remove from the free pool and link it into the SW Tx slot */
1237 	SLIST_REMOVE_HEAD(&sc->data_pool, next);
1238 	data->ni = ieee80211_ref_node(ni);
1239 	ring->data[ring->cur] = data;
1240 
1241 	(void) ddi_dma_sync(sc->txpool_dma.dma_hdl,
1242 	    _PTRDIFF(txwi, sc->txwi),
1243 	    (hdrlen + 16 + 2),
1244 	    DDI_DMA_SYNC_FORDEV);
1245 	RT2860_DMA_SYNC(data->txbuf_dma, DDI_DMA_SYNC_FORDEV);
1246 	RT2860_DMA_SYNC(ring->txdesc_dma, DDI_DMA_SYNC_FORDEV);
1247 
1248 	RWN_DEBUG(RT2860_DBG_TX, "rwn: rt2860_send():"
1249 	    "sending frame qid=%d wcid=%d rate=%d cur = %x\n",
1250 	    qid, txwi->wcid, rate, ring->cur);
1251 
1252 	ring->queued++;
1253 	ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1254 
1255 	/* kick Tx */
1256 	RT2860_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
1257 
1258 	sc->sc_tx_timer = 5;
1259 
1260 	ic->ic_stats.is_tx_frags++;
1261 	ic->ic_stats.is_tx_bytes += pktlen;
1262 
1263 fail3:
1264 	ieee80211_free_node(ni);
1265 fail2:
1266 	freemsg(m);
1267 fail1:
1268 	if ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA ||
1269 	    err == DDI_SUCCESS)
1270 		freemsg(mp);
1271 	mutex_exit(&sc->sc_txlock);
1272 	return (err);
1273 }
1274 
1275 /*
1276  * This function is called periodically (every 200ms) during scanning to
1277  * switch from one channel to another.
1278  */
1279 static void
1280 rt2860_next_scan(void *arg)
1281 {
1282 	struct rt2860_softc *sc = (struct rt2860_softc *)arg;
1283 	struct ieee80211com *ic = &sc->sc_ic;
1284 
1285 	if (ic->ic_state == IEEE80211_S_SCAN)
1286 		(void) ieee80211_next_scan(ic);
1287 }
1288 
1289 static void
1290 rt2860_updateslot(struct rt2860_softc *sc)
1291 {
1292 	struct ieee80211com *ic = &sc->sc_ic;
1293 	uint32_t tmp;
1294 
1295 	tmp = RT2860_READ(sc, RT2860_BKOFF_SLOT_CFG);
1296 	tmp &= ~0xff;
1297 	tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
1298 	RT2860_WRITE(sc, RT2860_BKOFF_SLOT_CFG, tmp);
1299 }
1300 
1301 static void
1302 rt2860_iter_func(void *arg, struct ieee80211_node *ni)
1303 {
1304 	struct rt2860_softc *sc = (struct rt2860_softc *)arg;
1305 	uint8_t wcid;
1306 
1307 	wcid = RT2860_AID2WCID(ni->in_associd);
1308 	rt2860_amrr_choose(&sc->amrr, ni, &sc->amn[wcid]);
1309 }
1310 
1311 static void
1312 rt2860_updatestats(void *arg)
1313 {
1314 	struct rt2860_softc *sc = (struct rt2860_softc *)arg;
1315 	struct ieee80211com *ic = &sc->sc_ic;
1316 
1317 	if (ic->ic_opmode == IEEE80211_M_STA)
1318 		rt2860_iter_func(sc, ic->ic_bss);
1319 	else
1320 		ieee80211_iterate_nodes(&ic->ic_sta, rt2860_iter_func, arg);
1321 
1322 	sc->sc_rssadapt_id = timeout(rt2860_updatestats, (void *)sc,
1323 	    drv_usectohz(500 * 1000));
1324 }
1325 
1326 static void
1327 rt2860_enable_mrr(struct rt2860_softc *sc)
1328 {
1329 #define	CCK(mcs)	(mcs)
1330 #define	OFDM(mcs)	((uint32_t)1 << 3 | (mcs))
1331 	RT2860_WRITE(sc, RT2860_LG_FBK_CFG0,
1332 	    OFDM(6) << 28 |	/* 54->48 */
1333 	    OFDM(5) << 24 |	/* 48->36 */
1334 	    OFDM(4) << 20 |	/* 36->24 */
1335 	    OFDM(3) << 16 |	/* 24->18 */
1336 	    OFDM(2) << 12 |	/* 18->12 */
1337 	    OFDM(1) <<  8 |	/* 12-> 9 */
1338 	    OFDM(0) <<  4 |	/*  9-> 6 */
1339 	    OFDM(0));		/*  6-> 6 */
1340 
1341 	RT2860_WRITE(sc, RT2860_LG_FBK_CFG1,
1342 	    CCK(2) << 12 |	/* 11->5.5 */
1343 	    CCK(1) <<  8 |	/* 5.5-> 2 */
1344 	    CCK(0) <<  4 |	/*   2-> 1 */
1345 	    CCK(0));		/*   1-> 1 */
1346 #undef OFDM
1347 #undef CCK
1348 }
1349 
1350 static void
1351 rt2860_set_txpreamble(struct rt2860_softc *sc)
1352 {
1353 	uint32_t tmp;
1354 
1355 	tmp = RT2860_READ(sc, RT2860_AUTO_RSP_CFG);
1356 	tmp &= ~RT2860_CCK_SHORT_EN;
1357 	if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
1358 		tmp |= RT2860_CCK_SHORT_EN;
1359 	RT2860_WRITE(sc, RT2860_AUTO_RSP_CFG, tmp);
1360 }
1361 
1362 static void
1363 rt2860_set_bssid(struct rt2860_softc *sc, const uint8_t *bssid)
1364 {
1365 	RT2860_WRITE(sc, RT2860_MAC_BSSID_DW0,
1366 	    bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
1367 	RT2860_WRITE(sc, RT2860_MAC_BSSID_DW1,
1368 	    bssid[4] | bssid[5] << 8);
1369 }
1370 
1371 static void
1372 rt2860_set_basicrates(struct rt2860_softc *sc)
1373 {
1374 	struct ieee80211com *ic = &sc->sc_ic;
1375 
1376 	/* set basic rates mask */
1377 	if (ic->ic_curmode == IEEE80211_MODE_11B)
1378 		RT2860_WRITE(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
1379 	else if (ic->ic_curmode == IEEE80211_MODE_11A)
1380 		RT2860_WRITE(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
1381 	else	/* 11g */
1382 		RT2860_WRITE(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
1383 }
1384 
1385 static void
1386 rt2860_amrr_node_init(const struct rt2860_amrr *amrr,
1387     struct rt2860_amrr_node *amn)
1388 {
1389 	amn->amn_success = 0;
1390 	amn->amn_recovery = 0;
1391 	amn->amn_txcnt = amn->amn_retrycnt = 0;
1392 	amn->amn_success_threshold = amrr->amrr_min_success_threshold;
1393 }
1394 
1395 static void
1396 rt2860_amrr_choose(struct rt2860_amrr *amrr, struct ieee80211_node *ni,
1397     struct rt2860_amrr_node *amn)
1398 {
1399 #define	RV(rate)	((rate) & IEEE80211_RATE_VAL)
1400 #define	is_success(amn)	\
1401 	((amn)->amn_retrycnt < (amn)->amn_txcnt / 10)
1402 #define	is_failure(amn)	\
1403 	((amn)->amn_retrycnt > (amn)->amn_txcnt / 3)
1404 #define	is_enough(amn)		\
1405 	((amn)->amn_txcnt > 10)
1406 #define	is_min_rate(ni)		\
1407 	((ni)->in_txrate == 0)
1408 #define	is_max_rate(ni)		\
1409 	((ni)->in_txrate == (ni)->in_rates.ir_nrates - 1)
1410 #define	increase_rate(ni)	\
1411 	((ni)->in_txrate++)
1412 #define	decrease_rate(ni)	\
1413 	((ni)->in_txrate--)
1414 #define	reset_cnt(amn)		\
1415 	{ (amn)->amn_txcnt = (amn)->amn_retrycnt = 0; }
1416 
1417 	int need_change = 0;
1418 
1419 	if (is_success(amn) && is_enough(amn)) {
1420 		amn->amn_success++;
1421 		if (amn->amn_success >= amn->amn_success_threshold &&
1422 		    !is_max_rate(ni)) {
1423 			amn->amn_recovery = 1;
1424 			amn->amn_success = 0;
1425 			increase_rate(ni);
1426 			RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_amrr_choose(): "
1427 			    "increase rate = %d, #tx = %d, #retries = %d\n",
1428 			    RV(ni->in_rates.ir_rates[ni->in_txrate]),
1429 			    amn->amn_txcnt, amn->amn_retrycnt);
1430 			need_change = 1;
1431 		} else {
1432 			amn->amn_recovery = 0;
1433 		}
1434 	} else if (is_failure(amn)) {
1435 		amn->amn_success = 0;
1436 		if (!is_min_rate(ni)) {
1437 			if (amn->amn_recovery) {
1438 				amn->amn_success_threshold *= 2;
1439 				if (amn->amn_success_threshold >
1440 				    amrr->amrr_max_success_threshold)
1441 					amn->amn_success_threshold =
1442 					    amrr->amrr_max_success_threshold;
1443 			} else {
1444 				amn->amn_success_threshold =
1445 				    amrr->amrr_min_success_threshold;
1446 			}
1447 			decrease_rate(ni);
1448 			RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_amrr_choose(): "
1449 			    "decrease rate = %d, #tx = %d, #retries = %d\n",
1450 			    RV(ni->in_rates.ir_rates[ni->in_txrate]),
1451 			    amn->amn_txcnt, amn->amn_retrycnt);
1452 			need_change = 1;
1453 		}
1454 		amn->amn_recovery = 0;
1455 	}
1456 
1457 	if (is_enough(amn) || need_change)
1458 		reset_cnt(amn);
1459 #undef RV
1460 }
1461 
1462 static void
1463 rt2860_newassoc(struct ieee80211com *ic, struct ieee80211_node *in, int isnew)
1464 {
1465 	struct rt2860_softc *sc = (struct rt2860_softc *)ic;
1466 	uint32_t off;
1467 	uint8_t *fptr, wcid = 0;
1468 	int i;
1469 
1470 	if (isnew && in->in_associd != 0) {
1471 		/* only interested in true associations */
1472 		wcid = RT2860_AID2WCID(in->in_associd);
1473 
1474 		/* init WCID table entry */
1475 		off = RT2860_WCID_ENTRY(wcid);
1476 		fptr = in->in_macaddr;
1477 		for (i = 0; i < IEEE80211_ADDR_LEN; i++)
1478 			rt2860_mem_write1(sc, off++, *fptr++);
1479 	}
1480 	rt2860_amrr_node_init(&sc->amrr, &sc->amn[wcid]);
1481 
1482 	/* set rate to some reasonable initial value */
1483 	i = in->in_rates.ir_nrates - 1;
1484 	for (; i > 0 && (in->in_rates.ir_rates[i] & IEEE80211_RATE_VAL) > 72; )
1485 		i--;
1486 	in->in_txrate = i;
1487 
1488 	RWN_DEBUG(RT2860_DBG_80211, "rwn: rt2860_newassoc(): "
1489 	    "new assoc isnew=%d WCID=%d, initial rate=%d\n",
1490 	    isnew, wcid,
1491 	    in->in_rates.ir_rates[i] & IEEE80211_RATE_VAL);
1492 	RWN_DEBUG(RT2860_DBG_80211, "rwn: rt2860_newassoc(): "
1493 	    "addr=%x:%x:%x:%x:%x:%x\n",
1494 	    in->in_macaddr[0], in->in_macaddr[1], in->in_macaddr[2],
1495 	    in->in_macaddr[3], in->in_macaddr[4], in->in_macaddr[5]);
1496 }
1497 
1498 void
1499 rt2860_enable_tsf_sync(struct rt2860_softc *sc)
1500 {
1501 	struct ieee80211com *ic = &sc->sc_ic;
1502 	uint32_t tmp;
1503 
1504 	tmp = RT2860_READ(sc, RT2860_BCN_TIME_CFG);
1505 
1506 	tmp &= ~0x1fffff;
1507 	tmp |= ic->ic_bss->in_intval * 16;
1508 	tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
1509 	if (ic->ic_opmode == IEEE80211_M_STA) {
1510 		/*
1511 		 * Local TSF is always updated with remote TSF on beacon
1512 		 * reception.
1513 		 */
1514 		tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
1515 	}
1516 
1517 	RT2860_WRITE(sc, RT2860_BCN_TIME_CFG, tmp);
1518 }
1519 
1520 static int
1521 rt2860_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1522 {
1523 	struct rt2860_softc	*sc = (struct rt2860_softc *)ic;
1524 	enum ieee80211_state	ostate;
1525 	int			err;
1526 	uint32_t		tmp;
1527 
1528 	ostate = ic->ic_state;
1529 	RWN_DEBUG(RT2860_DBG_80211, "rwn: rt2860_newstate(): "
1530 	    "%x -> %x!\n", ostate, nstate);
1531 
1532 	RT2860_GLOCK(sc);
1533 	if (sc->sc_scan_id != 0) {
1534 		(void) untimeout(sc->sc_scan_id);
1535 		sc->sc_scan_id = 0;
1536 	}
1537 	if (sc->sc_rssadapt_id != 0) {
1538 		(void) untimeout(sc->sc_rssadapt_id);
1539 		sc->sc_rssadapt_id = 0;
1540 	}
1541 	if (ostate == IEEE80211_S_RUN) {
1542 		/* turn link LED off */
1543 		rt2860_set_leds(sc, RT2860_LED_RADIO);
1544 	}
1545 
1546 	switch (nstate) {
1547 	case IEEE80211_S_INIT:
1548 		if (ostate == IEEE80211_S_RUN) {
1549 			/* abort TSF synchronization */
1550 			tmp = RT2860_READ(sc, RT2860_BCN_TIME_CFG);
1551 			RT2860_WRITE(sc, RT2860_BCN_TIME_CFG,
1552 			    tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
1553 			    RT2860_TBTT_TIMER_EN));
1554 		}
1555 		break;
1556 
1557 	case IEEE80211_S_SCAN:
1558 		rt2860_set_chan(sc, ic->ic_curchan);
1559 		sc->sc_scan_id = timeout(rt2860_next_scan, (void *)sc,
1560 		    drv_usectohz(200000));
1561 		break;
1562 
1563 	case IEEE80211_S_AUTH:
1564 	case IEEE80211_S_ASSOC:
1565 		rt2860_set_chan(sc, ic->ic_curchan);
1566 		break;
1567 
1568 	case IEEE80211_S_RUN:
1569 		rt2860_set_chan(sc, ic->ic_curchan);
1570 
1571 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1572 			rt2860_updateslot(sc);
1573 			rt2860_enable_mrr(sc);
1574 			rt2860_set_txpreamble(sc);
1575 			rt2860_set_basicrates(sc);
1576 			rt2860_set_bssid(sc, ic->ic_bss->in_bssid);
1577 		}
1578 		if (ic->ic_opmode == IEEE80211_M_STA) {
1579 			/* fake a join to init the tx rate */
1580 			rt2860_newassoc(ic, ic->ic_bss, 1);
1581 		}
1582 
1583 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1584 			rt2860_enable_tsf_sync(sc);
1585 			sc->sc_rssadapt_id = timeout(rt2860_updatestats,
1586 			    (void *)sc, drv_usectohz(500 * 1000));
1587 		}
1588 
1589 		/* turn link LED on */
1590 		rt2860_set_leds(sc, RT2860_LED_RADIO |
1591 		    (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
1592 		    RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
1593 		break;
1594 	}
1595 
1596 	RT2860_GUNLOCK(sc);
1597 
1598 	err = sc->sc_newstate(ic, nstate, arg);
1599 
1600 	return (err);
1601 }
1602 
1603 /*
1604  * Return the Rx chain with the highest RSSI for a given frame.
1605  */
1606 static uint8_t
1607 rt2860_maxrssi_chain(struct rt2860_softc *sc, const struct rt2860_rxwi *rxwi)
1608 {
1609 	uint8_t rxchain = 0;
1610 
1611 	if (sc->nrxchains > 1)
1612 		if (rxwi->rssi[1] > rxwi->rssi[rxchain])
1613 			rxchain = 1;
1614 	if (sc->nrxchains > 2)
1615 		if (rxwi->rssi[2] > rxwi->rssi[rxchain])
1616 			rxchain = 2;
1617 
1618 	return (rxchain);
1619 }
1620 
1621 static void
1622 rt2860_drain_stats_fifo(struct rt2860_softc *sc)
1623 {
1624 	struct rt2860_amrr_node *amn;
1625 	uint32_t stat;
1626 	uint8_t wcid, mcs, pid;
1627 
1628 	/* drain Tx status FIFO (maxsize = 16) */
1629 	while ((stat = RT2860_READ(sc, RT2860_TX_STAT_FIFO)) & RT2860_TXQ_VLD) {
1630 		RWN_DEBUG(RT2860_DBG_TX, "rwn: rt2860_drain_stats_fifo(): "
1631 		    "tx stat 0x%08\n", stat);
1632 
1633 		wcid = (stat >> 8) & 0xff;
1634 
1635 		/* if no ACK was requested, no feedback is available */
1636 		if (!(stat & RT2860_TXQ_ACKREQ) || wcid == 0xff)
1637 			continue;
1638 		/* update per-STA AMRR stats */
1639 		amn = &sc->amn[wcid];
1640 		amn->amn_txcnt++;
1641 		if (stat & RT2860_TXQ_OK) {
1642 			/*
1643 			 * Check if there were retries, ie if the Tx success
1644 			 * rate is different from the requested rate.  Note
1645 			 * that it works only because we do not allow rate
1646 			 * fallback from OFDM to CCK.
1647 			 */
1648 			mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
1649 			pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
1650 			if (mcs + 1 != pid)
1651 				amn->amn_retrycnt++;
1652 		} else
1653 			amn->amn_retrycnt++;
1654 	}
1655 }
1656 
1657 /*ARGSUSED*/
1658 static void
1659 rt2860_tx_intr(struct rt2860_softc *sc, int qid)
1660 {
1661 	struct rt2860_tx_ring	*ring = &sc->txq[qid];
1662 	struct ieee80211com	*ic = &sc->sc_ic;
1663 	uint32_t hw;
1664 
1665 	rt2860_drain_stats_fifo(sc);
1666 
1667 	mutex_enter(&sc->sc_txlock);
1668 	hw = RT2860_READ(sc, RT2860_TX_DTX_IDX(qid));
1669 	RWN_DEBUG(RT2860_DBG_TX, "rwn: rwn_tx_intr():"
1670 	    "hw = %x, ring->next = %x, queued = %d\n",
1671 	    hw, ring->next, ring->queued);
1672 	while (ring->next != hw) {
1673 		struct rt2860_txd *txd = &ring->txd[ring->next];
1674 		struct rt2860_tx_data *data = ring->data[ring->next];
1675 
1676 		if (data != NULL) {
1677 			RT2860_DMA_SYNC(data->txbuf_dma, DDI_DMA_SYNC_FORDEV);
1678 			if (data->ni != NULL) {
1679 				ieee80211_free_node(data->ni);
1680 				data->ni = NULL;
1681 			}
1682 			SLIST_INSERT_HEAD(&sc->data_pool, data, next);
1683 			ring->data[ring->next] = NULL;
1684 		}
1685 
1686 		txd->sdl0 &= ~LE_16(RT2860_TX_DDONE);
1687 
1688 		(void) ddi_dma_sync(ring->txdesc_dma.dma_hdl,
1689 		    ring->next * sizeof (struct rt2860_txd),
1690 		    sizeof (struct rt2860_txd),
1691 		    DDI_DMA_SYNC_FORDEV);
1692 
1693 		ring->queued--;
1694 		ring->next = (ring->next + 1) % RT2860_TX_RING_COUNT;
1695 
1696 		if (sc->sc_need_sched &&
1697 		    (ring->queued < RT2860_TX_RING_COUNT)) {
1698 			sc->sc_need_sched = 0;
1699 			mac_tx_update(ic->ic_mach);
1700 		}
1701 	}
1702 	sc->sc_tx_timer = 0;
1703 	mutex_exit(&sc->sc_txlock);
1704 }
1705 
1706 static void
1707 rt2860_rx_intr(struct rt2860_softc *sc)
1708 {
1709 	struct ieee80211com	*ic = &sc->sc_ic;
1710 	struct ieee80211_node	*ni;
1711 	struct ieee80211_frame	*wh;
1712 	int	pktlen;
1713 	uint8_t ant, rssi, *rxbuf;
1714 	mblk_t	*mp0;
1715 
1716 	mutex_enter(&sc->sc_rxlock);
1717 	for (;;) {
1718 		struct rt2860_rx_data *data = &sc->rxq.data[sc->rxq.cur];
1719 		struct rt2860_rxd *rxd = &sc->rxq.rxd[sc->rxq.cur];
1720 		struct rt2860_rxwi *rxwi;
1721 
1722 		(void) ddi_dma_sync(sc->rxq.rxdesc_dma.dma_hdl,
1723 		    sc->rxq.cur * sizeof (struct rt2860_rxd),
1724 		    sizeof (struct rt2860_rxd),
1725 		    DDI_DMA_SYNC_FORKERNEL);
1726 
1727 		if (!(rxd->sdl0 & LE_16(RT2860_RX_DDONE))) {
1728 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr(): "
1729 			    "rx done!\n");
1730 			break;
1731 		}
1732 
1733 		if (rxd->flags &
1734 		    LE_32(RT2860_RX_CRCERR | RT2860_RX_ICVERR)) {
1735 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr(): "
1736 			    "rx crc error & rx icv error!\n");
1737 			sc->sc_rx_err++;
1738 			goto skip;
1739 		}
1740 
1741 		if (rxd->flags & LE_32(RT2860_RX_MICERR)) {
1742 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr(): "
1743 			    "rx mic error!\n");
1744 			sc->sc_rx_err++;
1745 			goto skip;
1746 		}
1747 
1748 		(void) ddi_dma_sync(data->rxbuf_dma.dma_hdl,
1749 		    data->rxbuf_dma.offset,
1750 		    data->rxbuf_dma.alength,
1751 		    DDI_DMA_SYNC_FORCPU);
1752 
1753 		rxbuf = (uint8_t *)data->rxbuf_dma.mem_va;
1754 		rxd->sdp0 = LE_32(data->rxbuf_dma.cookie.dmac_address);
1755 		rxwi = (struct rt2860_rxwi *)rxbuf;
1756 		rxbuf = (uint8_t *)(rxwi + 1);
1757 		pktlen = LE_16(rxwi->len) & 0xfff;
1758 
1759 		mp0 = allocb(sc->sc_dmabuf_size, BPRI_MED);
1760 		if (mp0 == NULL) {
1761 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr():"
1762 			    "alloc mblk error\n");
1763 			sc->sc_rx_nobuf++;
1764 			goto skip;
1765 		}
1766 		bcopy(rxbuf, mp0->b_rptr, pktlen);
1767 		mp0->b_wptr += pktlen;
1768 
1769 		wh = (struct ieee80211_frame *)mp0->b_rptr;
1770 
1771 		/* HW may insert 2 padding bytes after 802.11 header */
1772 		if (rxd->flags & LE_32(RT2860_RX_L2PAD)) {
1773 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr():"
1774 			    "2 padding bytes after 80211 header!\n");
1775 		}
1776 
1777 		ant = rt2860_maxrssi_chain(sc, rxwi);
1778 		rssi = RT2860_RSSI_OFFSET - rxwi->rssi[ant];
1779 		/* grab a reference to the source node */
1780 		ni = ieee80211_find_rxnode(ic, wh);
1781 
1782 		(void) ieee80211_input(ic, mp0, ni, rssi, 0);
1783 
1784 		/* node is no longer needed */
1785 		ieee80211_free_node(ni);
1786 skip:
1787 		rxd->sdl0 &= ~LE_16(RT2860_RX_DDONE);
1788 
1789 		(void) ddi_dma_sync(sc->rxq.rxdesc_dma.dma_hdl,
1790 		    sc->rxq.cur * sizeof (struct rt2860_rxd),
1791 		    sizeof (struct rt2860_rxd),
1792 		    DDI_DMA_SYNC_FORDEV);
1793 
1794 		sc->rxq.cur = (sc->rxq.cur + 1) % RT2860_RX_RING_COUNT;
1795 	}
1796 	mutex_exit(&sc->sc_rxlock);
1797 
1798 	/* tell HW what we have processed */
1799 	RT2860_WRITE(sc, RT2860_RX_CALC_IDX,
1800 	    (sc->rxq.cur - 1) % RT2860_RX_RING_COUNT);
1801 }
1802 
1803 static uint_t
1804 rt2860_softintr(caddr_t data)
1805 {
1806 	struct rt2860_softc *sc = (struct rt2860_softc *)data;
1807 
1808 	/*
1809 	 * Check if the soft interrupt is triggered by another
1810 	 * driver at the same level.
1811 	 */
1812 	RT2860_GLOCK(sc);
1813 	if (sc->sc_rx_pend) {
1814 		sc->sc_rx_pend = 0;
1815 		RT2860_GUNLOCK(sc);
1816 		rt2860_rx_intr(sc);
1817 		return (DDI_INTR_CLAIMED);
1818 	}
1819 	RT2860_GUNLOCK(sc);
1820 
1821 	return (DDI_INTR_UNCLAIMED);
1822 }
1823 
1824 static uint_t
1825 rt2860_intr(caddr_t arg)
1826 {
1827 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
1828 	uint32_t		r;
1829 
1830 	RT2860_GLOCK(sc);
1831 
1832 	if ((!RT2860_IS_RUNNING(sc)) || RT2860_IS_SUSPEND(sc)) {
1833 		/*
1834 		 * The hardware is not ready/present, don't touch anything.
1835 		 * Note this can happen early on if the IRQ is shared.
1836 		 */
1837 		RT2860_GUNLOCK(sc);
1838 		return (DDI_INTR_UNCLAIMED);
1839 	}
1840 
1841 	r = RT2860_READ(sc, RT2860_INT_STATUS);
1842 	if (r == 0xffffffff) {
1843 		RT2860_GUNLOCK(sc);
1844 		return (DDI_INTR_UNCLAIMED);
1845 	}
1846 	if (r == 0) {
1847 		RT2860_GUNLOCK(sc);
1848 		return (DDI_INTR_UNCLAIMED);
1849 	}
1850 
1851 	/* acknowledge interrupts */
1852 	RT2860_WRITE(sc, RT2860_INT_STATUS, r);
1853 
1854 	if (r & RT2860_TX_COHERENT)
1855 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr()"
1856 		    "RT2860_TX_COHERENT\n");
1857 
1858 	if (r & RT2860_RX_COHERENT)
1859 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr()"
1860 		    "RT2860_RX_COHERENT\n");
1861 
1862 	if (r & RT2860_MAC_INT_2) {
1863 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1864 		    "RT2860_MAC_INT_2\n");
1865 		rt2860_drain_stats_fifo(sc);
1866 	}
1867 
1868 	if (r & RT2860_TX_DONE_INT5) {
1869 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1870 		    "RT2860_TX_DONE_INT5\n");
1871 		rt2860_tx_intr(sc, 5);
1872 	}
1873 
1874 	if (r & RT2860_RX_DONE_INT) {
1875 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr()"
1876 		    "RT2860_RX_INT\n");
1877 		sc->sc_rx_pend = 1;
1878 		ddi_trigger_softintr(sc->sc_softintr_hdl);
1879 	}
1880 
1881 	if (r & RT2860_TX_DONE_INT4) {
1882 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1883 		    "RT2860_TX_DONE_INT4\n");
1884 		rt2860_tx_intr(sc, 4);
1885 	}
1886 
1887 	if (r & RT2860_TX_DONE_INT3) {
1888 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1889 		    "RT2860_TX_DONE_INT3\n");
1890 		rt2860_tx_intr(sc, 3);
1891 	}
1892 
1893 	if (r & RT2860_TX_DONE_INT2) {
1894 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1895 		    "RT2860_TX_DONE_INT2\n");
1896 		rt2860_tx_intr(sc, 2);
1897 	}
1898 
1899 	if (r & RT2860_TX_DONE_INT1) {
1900 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1901 		    "RT2860_TX_DONE_INT1\n");
1902 		rt2860_tx_intr(sc, 1);
1903 	}
1904 
1905 	if (r & RT2860_TX_DONE_INT0) {
1906 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1907 		    "RT2860_TX_DONE_INT0\n");
1908 		rt2860_tx_intr(sc, 0);
1909 	}
1910 
1911 	if (r & RT2860_MAC_INT_0) {
1912 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1913 		    "RT2860_MAC_INT_0\n");
1914 		struct ieee80211com *ic = &sc->sc_ic;
1915 		/* check if protection mode has changed */
1916 		if ((sc->sc_ic_flags ^ ic->ic_flags) & IEEE80211_F_USEPROT) {
1917 			rt2860_updateprot(ic);
1918 			sc->sc_ic_flags = ic->ic_flags;
1919 		}
1920 	}
1921 
1922 	if (r & RT2860_MAC_INT_3)
1923 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1924 		    "RT2860_MAC_INT_3\n");
1925 
1926 	RT2860_GUNLOCK(sc);
1927 
1928 	return (DDI_INTR_CLAIMED);
1929 }
1930 
1931 static void
1932 rt2860_set_region_4(struct rt2860_softc *sc,
1933     uint32_t addr, uint32_t data, int size)
1934 {
1935 	for (; size > 0; size--, data++, addr += 4)
1936 		ddi_put32((sc)->sc_io_handle,
1937 		    (uint32_t *)((uintptr_t)(sc)->sc_io_base + addr), data);
1938 }
1939 
1940 static int
1941 rt2860_load_microcode(struct rt2860_softc *sc)
1942 {
1943 	int		ntries;
1944 	size_t		size;
1945 	uint8_t		*ucode, *fptr;
1946 	uint32_t	off, i;
1947 
1948 	ucode = rt2860_fw_bin;
1949 	size = sizeof (rt2860_fw_bin);
1950 	RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_load_microcode(): "
1951 	    "The size of ucode is: %x\n", size);
1952 
1953 	/* set "host program ram write selection" bit */
1954 	RT2860_WRITE(sc, RT2860_SYS_CTRL, RT2860_HST_PM_SEL);
1955 	/* write microcode image */
1956 	fptr = ucode;
1957 	off = RT2860_FW_BASE;
1958 	for (i = 0; i < size; i++) {
1959 		rt2860_mem_write1(sc, off++, *fptr++);
1960 	}
1961 	/* kick microcontroller unit */
1962 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0);
1963 	RT2860_WRITE(sc, RT2860_SYS_CTRL, RT2860_MCU_RESET);
1964 
1965 	RT2860_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
1966 	RT2860_WRITE(sc, RT2860_H2M_MAILBOX, 0);
1967 
1968 	/* wait until microcontroller is ready */
1969 	for (ntries = 0; ntries < 1000; ntries++) {
1970 		if (RT2860_READ(sc, RT2860_SYS_CTRL) & RT2860_MCU_READY)
1971 			break;
1972 		DELAY(1000);
1973 	}
1974 	if (ntries == 1000) {
1975 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_load_microcode(): "
1976 		    "timeout waiting for MCU to initialie\n");
1977 		return (ETIMEDOUT);
1978 	}
1979 
1980 	return (0);
1981 }
1982 
1983 static void
1984 rt2860_set_macaddr(struct rt2860_softc *sc, const uint8_t *addr)
1985 {
1986 	RT2860_WRITE(sc, RT2860_MAC_ADDR_DW0,
1987 	    addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
1988 	RT2860_WRITE(sc, RT2860_MAC_ADDR_DW1,
1989 	    addr[4] | addr[5] << 8);
1990 }
1991 
1992 /*
1993  * Send a command to the 8051 microcontroller unit.
1994  */
1995 static int
1996 rt2860_mcu_cmd(struct rt2860_softc *sc, uint8_t cmd, uint16_t arg)
1997 {
1998 	int	ntries;
1999 
2000 	for (ntries = 0; ntries < 100; ntries++) {
2001 		if (!(RT2860_READ(sc, RT2860_H2M_MAILBOX) & RT2860_H2M_BUSY))
2002 			break;
2003 		DELAY(2);
2004 	}
2005 	if (ntries == 100)
2006 		return (EIO);
2007 
2008 	RT2860_WRITE(sc, RT2860_H2M_MAILBOX,
2009 	    RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg);
2010 	RT2860_WRITE(sc, RT2860_HOST_CMD, cmd);
2011 
2012 	return (RT2860_SUCCESS);
2013 }
2014 
2015 /*
2016  * Reading and writing from/to the BBP is different from RT2560 and RT2661.
2017  * We access the BBP through the 8051 microcontroller unit which means that
2018  * the microcode must be loaded first.
2019  */
2020 static uint8_t
2021 rt2860_mcu_bbp_read(struct rt2860_softc *sc, uint8_t reg)
2022 {
2023 	uint32_t val;
2024 	int ntries;
2025 
2026 	for (ntries = 0; ntries < 100; ntries++) {
2027 		if (!(RT2860_READ(sc,
2028 		    RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
2029 			break;
2030 		DELAY(1);
2031 	}
2032 	if (ntries == 100) {
2033 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_mcu_bbp_read():"
2034 		    "could not read from BBP through MCU\n");
2035 		return (0);
2036 	}
2037 
2038 	RT2860_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
2039 	    RT2860_BBP_CSR_KICK | RT2860_BBP_CSR_READ | reg << 8);
2040 
2041 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0);
2042 	DELAY(1000);
2043 
2044 	for (ntries = 0; ntries < 100; ntries++) {
2045 		val = RT2860_READ(sc, RT2860_H2M_BBPAGENT);
2046 		if (!(val & RT2860_BBP_CSR_KICK))
2047 			return (val & 0xff);
2048 		DELAY(1);
2049 	}
2050 	RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_mcu_bbp_read():"
2051 	    "could not read from BBP through MCU\n");
2052 
2053 	return (0);
2054 }
2055 
2056 static void
2057 rt2860_mcu_bbp_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
2058 {
2059 	int ntries;
2060 
2061 	for (ntries = 0; ntries < 100; ntries++) {
2062 		if (!(RT2860_READ(sc,
2063 		    RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
2064 			break;
2065 		DELAY(1);
2066 	}
2067 	if (ntries == 100) {
2068 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_mcu_bbp_write():"
2069 		    "could not write to BBP through MCU\n");
2070 		return;
2071 	}
2072 
2073 	RT2860_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
2074 	    RT2860_BBP_CSR_KICK | reg << 8 | val);
2075 
2076 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0);
2077 	DELAY(1000);
2078 }
2079 
2080 static int
2081 rt2860_bbp_init(struct rt2860_softc *sc)
2082 {
2083 	int i, ntries;
2084 
2085 	/* wait for BBP to wake up */
2086 	for (ntries = 0; ntries < 20; ntries++) {
2087 		uint8_t bbp0 = rt2860_mcu_bbp_read(sc, 0);
2088 		if (bbp0 != 0 && bbp0 != 0xff)
2089 			break;
2090 	}
2091 	if (ntries == 20) {
2092 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_bbp_init():"
2093 		    "timeout waiting for BBP to wake up\n");
2094 		return (ETIMEDOUT);
2095 	}
2096 
2097 	/* initialize BBP registers to default values */
2098 	for (i = 0; i < 12; i++) {
2099 		rt2860_mcu_bbp_write(sc, rt2860_def_bbp[i].reg,
2100 		    rt2860_def_bbp[i].val);
2101 	}
2102 
2103 	/* fix BBP69 and BBP73 for RT2860C */
2104 	if (sc->mac_rev == 0x28600100) {
2105 		rt2860_mcu_bbp_write(sc, 69, 0x16);
2106 		rt2860_mcu_bbp_write(sc, 73, 0x12);
2107 	}
2108 
2109 	return (0);
2110 }
2111 
2112 static void
2113 rt2860_rf_write(struct rt2860_softc *sc, uint8_t reg, uint32_t val)
2114 {
2115 	uint32_t tmp;
2116 	int ntries;
2117 
2118 	for (ntries = 0; ntries < 100; ntries++) {
2119 		if (!(RT2860_READ(sc, RT2860_RF_CSR_CFG0) & RT2860_RF_REG_CTRL))
2120 			break;
2121 		DELAY(1);
2122 	}
2123 	if (ntries == 100) {
2124 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rwn_init()"
2125 		    "could not write to RF\n");
2126 		return;
2127 	}
2128 
2129 	/* RF registers are 24-bit on the RT2860 */
2130 	tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT |
2131 	    (val & 0x3fffff) << 2 | (reg & 3);
2132 	RT2860_WRITE(sc, RT2860_RF_CSR_CFG0, tmp);
2133 }
2134 
2135 static void
2136 rt2860_select_chan_group(struct rt2860_softc *sc, int group)
2137 {
2138 	uint32_t tmp;
2139 
2140 	rt2860_mcu_bbp_write(sc, 62, 0x37 - sc->lna[group]);
2141 	rt2860_mcu_bbp_write(sc, 63, 0x37 - sc->lna[group]);
2142 	rt2860_mcu_bbp_write(sc, 64, 0x37 - sc->lna[group]);
2143 	rt2860_mcu_bbp_write(sc, 82, (group == 0) ? 0x62 : 0xf2);
2144 
2145 	tmp = RT2860_READ(sc, RT2860_TX_BAND_CFG);
2146 	tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
2147 	tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
2148 	RT2860_WRITE(sc, RT2860_TX_BAND_CFG, tmp);
2149 
2150 	/* enable appropriate Power Amplifiers and Low Noise Amplifiers */
2151 	tmp = RT2860_RFTR_EN | RT2860_TRSW_EN;
2152 	if (group == 0) {	/* 2GHz */
2153 		tmp |= RT2860_PA_PE_G0_EN | RT2860_LNA_PE_G0_EN;
2154 		if (sc->ntxchains > 1)
2155 			tmp |= RT2860_PA_PE_G1_EN;
2156 		if (sc->nrxchains > 1)
2157 			tmp |= RT2860_LNA_PE_G1_EN;
2158 	} else {		/* 5GHz */
2159 		tmp |= RT2860_PA_PE_A0_EN | RT2860_LNA_PE_A0_EN;
2160 		if (sc->ntxchains > 1)
2161 			tmp |= RT2860_PA_PE_A1_EN;
2162 		if (sc->nrxchains > 1)
2163 			tmp |= RT2860_LNA_PE_A1_EN;
2164 	}
2165 	RT2860_WRITE(sc, RT2860_TX_PIN_CFG, tmp);
2166 
2167 	rt2860_mcu_bbp_write(sc, 66, 0x2e + sc->lna[group]);
2168 }
2169 static void
2170 rt2860_set_chan(struct rt2860_softc *sc, struct ieee80211_channel *c)
2171 {
2172 	struct ieee80211com	*ic = &sc->sc_ic;
2173 	const struct rfprog	*rfprog = rt2860_rf2850;
2174 	uint_t			i, chan, group;
2175 	uint8_t			txpow1, txpow2;
2176 	uint32_t		r2, r3, r4;
2177 
2178 	chan = ieee80211_chan2ieee(ic, c);
2179 	if (chan == 0 || chan == IEEE80211_CHAN_ANY) {
2180 		RWN_DEBUG(RT2860_DBG_FW, "Unkonwn channel!\n");
2181 		return;
2182 	}
2183 
2184 	/* find the settings for this channel (we know it exists) */
2185 	for (i = 0; rfprog[i].chan != chan; )
2186 		i++;
2187 
2188 	r2 = rfprog[i].r2;
2189 	if (sc->ntxchains == 1)
2190 		r2 |= 1 << 12;		/* 1T: disable Tx chain 2 */
2191 	if (sc->nrxchains == 1)
2192 		r2 |= 1 << 15 | 1 << 4;	/* 1R: disable Rx chains 2 & 3 */
2193 	else if (sc->nrxchains == 2)
2194 		r2 |= 1 << 4;		/* 2R: disable Rx chain 3 */
2195 
2196 	/* use Tx power values from EEPROM */
2197 	txpow1 = sc->txpow1[i];
2198 	txpow2 = sc->txpow2[i];
2199 	if (IEEE80211_IS_CHAN_5GHZ(c)) {
2200 		txpow1 = txpow1 << 1 | 1;
2201 		txpow2 = txpow2 << 1 | 1;
2202 	}
2203 	r3 = rfprog[i].r3 | txpow1 << 7;
2204 	r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4;
2205 
2206 	rt2860_rf_write(sc, RAL_RF1, rfprog[i].r1);
2207 	rt2860_rf_write(sc, RAL_RF2, r2);
2208 	rt2860_rf_write(sc, RAL_RF3, r3);
2209 	rt2860_rf_write(sc, RAL_RF4, r4);
2210 
2211 	DELAY(200);
2212 
2213 	rt2860_rf_write(sc, RAL_RF1, rfprog[i].r1);
2214 	rt2860_rf_write(sc, RAL_RF2, r2);
2215 	rt2860_rf_write(sc, RAL_RF3, r3 | 1);
2216 	rt2860_rf_write(sc, RAL_RF4, r4);
2217 
2218 	DELAY(200);
2219 
2220 	rt2860_rf_write(sc, RAL_RF1, rfprog[i].r1);
2221 	rt2860_rf_write(sc, RAL_RF2, r2);
2222 	rt2860_rf_write(sc, RAL_RF3, r3);
2223 	rt2860_rf_write(sc, RAL_RF4, r4);
2224 
2225 	/* 802.11a uses a 16 microseconds short interframe space */
2226 	sc->sifs = IEEE80211_IS_CHAN_5GHZ(c) ? 16 : 10;
2227 
2228 	/* determine channel group */
2229 	if (chan <= 14)
2230 		group = 0;
2231 	else if (chan <= 64)
2232 		group = 1;
2233 	else if (chan <= 128)
2234 		group = 2;
2235 	else
2236 		group = 3;
2237 
2238 	/* XXX necessary only when group has changed! */
2239 	rt2860_select_chan_group(sc, group);
2240 
2241 	DELAY(1000);
2242 }
2243 
2244 static void
2245 rt2860_updateprot(struct ieee80211com *ic)
2246 {
2247 	struct rt2860_softc *sc = (struct rt2860_softc *)ic;
2248 	uint32_t tmp;
2249 
2250 	tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
2251 	/* setup protection frame rate (MCS code) */
2252 	tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 0 : 3;
2253 
2254 	/* CCK frames don't require protection */
2255 	RT2860_WRITE(sc, RT2860_CCK_PROT_CFG, tmp);
2256 
2257 	if (ic->ic_flags & IEEE80211_F_USEPROT) {
2258 		if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
2259 			tmp |= RT2860_PROT_CTRL_RTS_CTS;
2260 		else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
2261 			tmp |= RT2860_PROT_CTRL_CTS;
2262 	}
2263 	RT2860_WRITE(sc, RT2860_OFDM_PROT_CFG, tmp);
2264 }
2265 
2266 static void
2267 rt2860_set_leds(struct rt2860_softc *sc, uint16_t which)
2268 {
2269 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
2270 	    which | (sc->leds & 0x7f));
2271 }
2272 
2273 static int
2274 rt2860_init(struct rt2860_softc *sc)
2275 {
2276 #define	N(a)	(sizeof (a) / sizeof ((a)[0]))
2277 	struct ieee80211com	*ic;
2278 	int			i, err, qid, ridx, ntries;
2279 	uint8_t			bbp1, bbp3;
2280 	uint32_t		tmp;
2281 
2282 	ic = &sc->sc_ic;
2283 
2284 	rt2860_stop(sc);
2285 	tmp = RT2860_READ(sc, RT2860_WPDMA_GLO_CFG);
2286 	tmp &= 0xff0;
2287 	RT2860_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp | RT2860_TX_WB_DDONE);
2288 
2289 	RT2860_WRITE(sc, RT2860_WPDMA_RST_IDX, 0xffffffff);
2290 
2291 	/* PBF hardware reset */
2292 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
2293 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
2294 
2295 	if (!(sc->sc_flags & RT2860_FWLOADED)) {
2296 		if ((err = rt2860_load_microcode(sc)) != 0) {
2297 			RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_init(): "
2298 			    "could not load 8051 microcode\n");
2299 			rt2860_stop(sc);
2300 			return (err);
2301 		}
2302 		RT2860_GLOCK(sc);
2303 		sc->sc_flags |= RT2860_FWLOADED;
2304 		RT2860_GUNLOCK(sc);
2305 	}
2306 
2307 	rt2860_set_macaddr(sc, ic->ic_macaddr);
2308 
2309 	/* init Tx power for all Tx rates (from EEPROM) */
2310 	for (ridx = 0; ridx < 5; ridx++) {
2311 		if (sc->txpow20mhz[ridx] == 0xffffffff)
2312 			continue;
2313 		RT2860_WRITE(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
2314 	}
2315 
2316 	for (ntries = 0; ntries < 100; ntries++) {
2317 		tmp = RT2860_READ(sc, RT2860_WPDMA_GLO_CFG);
2318 		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
2319 			break;
2320 		DELAY(1000);
2321 	}
2322 	if (ntries == 100) {
2323 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_init():"
2324 		    "timeout waiting for DMA engine\n");
2325 		rt2860_stop(sc);
2326 		return (ETIMEDOUT);
2327 	}
2328 	tmp &= 0xff0;
2329 	RT2860_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp | RT2860_TX_WB_DDONE);
2330 
2331 	/* reset Rx ring and all 6 Tx rings */
2332 	RT2860_WRITE(sc, RT2860_WPDMA_RST_IDX, 0x1003f);
2333 
2334 	/* PBF hardware reset */
2335 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
2336 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
2337 
2338 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL,
2339 	    RT2860_BBP_HRST | RT2860_MAC_SRST);
2340 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
2341 
2342 	for (i = 0; i < N(rt2860_def_mac); i++)
2343 		RT2860_WRITE(sc, rt2860_def_mac[i].reg, rt2860_def_mac[i].val);
2344 
2345 	/* wait while MAC is busy */
2346 	for (ntries = 0; ntries < 100; ntries++) {
2347 		if (!(RT2860_READ(sc, RT2860_MAC_STATUS_REG) &
2348 		    (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
2349 			break;
2350 		DELAY(1000);
2351 	}
2352 	if (ntries == 100) {
2353 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_init():"
2354 		    "timeout waiting for MAC\n");
2355 		rt2860_stop(sc);
2356 		return (ETIMEDOUT);
2357 	}
2358 
2359 	/* clear Host to MCU mailbox */
2360 	RT2860_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
2361 	RT2860_WRITE(sc, RT2860_H2M_MAILBOX, 0);
2362 
2363 	if ((err = rt2860_bbp_init(sc)) != 0) {
2364 		rt2860_stop(sc);
2365 		return (err);
2366 	}
2367 
2368 	/* init Tx rings (4 EDCAs + HCCA + Mgt) */
2369 	for (qid = 0; qid < 6; qid++) {
2370 		RT2860_WRITE(sc, RT2860_TX_BASE_PTR(qid), sc->txq[qid].paddr);
2371 		RT2860_WRITE(sc, RT2860_TX_MAX_CNT(qid), RT2860_TX_RING_COUNT);
2372 		RT2860_WRITE(sc, RT2860_TX_CTX_IDX(qid), 0);
2373 	}
2374 
2375 	/* init Rx ring */
2376 	RT2860_WRITE(sc, RT2860_RX_BASE_PTR, sc->rxq.paddr);
2377 	RT2860_WRITE(sc, RT2860_RX_MAX_CNT, RT2860_RX_RING_COUNT);
2378 	RT2860_WRITE(sc, RT2860_RX_CALC_IDX, RT2860_RX_RING_COUNT - 1);
2379 
2380 	/* setup maximum buffer sizes */
2381 	RT2860_WRITE(sc, RT2860_MAX_LEN_CFG, 1 << 12 |
2382 	    (sc->sc_dmabuf_size - sizeof (struct rt2860_rxwi) - 2));
2383 
2384 	for (ntries = 0; ntries < 100; ntries++) {
2385 		tmp = RT2860_READ(sc, RT2860_WPDMA_GLO_CFG);
2386 		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
2387 			break;
2388 		DELAY(1000);
2389 	}
2390 	if (ntries == 100) {
2391 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_init():"
2392 		    "timeout waiting for DMA engine\n");
2393 		rt2860_stop(sc);
2394 		return (ETIMEDOUT);
2395 	}
2396 	tmp &= 0xff0;
2397 	RT2860_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp | RT2860_TX_WB_DDONE);
2398 
2399 	/* disable interrupts mitigation */
2400 	RT2860_WRITE(sc, RT2860_DELAY_INT_CFG, 0);
2401 
2402 	/* write vendor-specific BBP values (from EEPROM) */
2403 	for (i = 0; i < 8; i++) {
2404 		if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
2405 			continue;
2406 		rt2860_mcu_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
2407 	}
2408 
2409 	/* send LEDs operating mode to microcontroller */
2410 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
2411 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
2412 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
2413 
2414 	/* disable non-existing Rx chains */
2415 	bbp3 = rt2860_mcu_bbp_read(sc, 3);
2416 	bbp3 &= ~(1 << 3 | 1 << 4);
2417 	if (sc->nrxchains == 2)
2418 		bbp3 |= 1 << 3;
2419 	else if (sc->nrxchains == 3)
2420 		bbp3 |= 1 << 4;
2421 	rt2860_mcu_bbp_write(sc, 3, bbp3);
2422 
2423 	/* disable non-existing Tx chains */
2424 	bbp1 = rt2860_mcu_bbp_read(sc, 1);
2425 	if (sc->ntxchains == 1)
2426 		bbp1 &= ~(1 << 3 | 1 << 4);
2427 	rt2860_mcu_bbp_write(sc, 1, bbp1);
2428 
2429 	/* select default channel */
2430 	rt2860_set_chan(sc, ic->ic_curchan);
2431 
2432 	/* XXX not clear what the following 8051 command does.. */
2433 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BOOT, 0);
2434 
2435 	/* set RTS threshold */
2436 	tmp = RT2860_READ(sc, RT2860_TX_RTS_CFG);
2437 	tmp &= ~0xffff00;
2438 	tmp |= ic->ic_rtsthreshold << 8;
2439 
2440 	/* setup initial protection mode */
2441 	sc->sc_ic_flags = ic->ic_flags;
2442 	rt2860_updateprot(ic);
2443 
2444 	/* enable Tx/Rx DMA engine */
2445 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
2446 	for (ntries = 0; ntries < 200; ntries++) {
2447 		tmp = RT2860_READ(sc, RT2860_WPDMA_GLO_CFG);
2448 		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
2449 			break;
2450 		DELAY(1000);
2451 	}
2452 	if (ntries == 200) {
2453 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_int():"
2454 		    "timeout waiting for DMA engine\n");
2455 		rt2860_stop(sc);
2456 		return (ETIMEDOUT);
2457 	}
2458 
2459 	DELAY(50);
2460 
2461 	tmp |= RT2860_TX_WB_DDONE | RT2860_RX_DMA_EN | RT2860_TX_DMA_EN |
2462 	    RT2860_WPDMA_BT_SIZE64 << RT2860_WPDMA_BT_SIZE_SHIFT;
2463 	RT2860_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
2464 
2465 	/* turn radio LED on */
2466 	rt2860_set_leds(sc, RT2860_LED_RADIO);
2467 
2468 	/* set Rx filter */
2469 	tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
2470 	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
2471 		tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
2472 		    RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
2473 		    RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
2474 		    RT2860_DROP_CFACK | RT2860_DROP_CFEND;
2475 		if (ic->ic_opmode == IEEE80211_M_STA)
2476 			tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
2477 	}
2478 	RT2860_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
2479 
2480 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL,
2481 	    RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
2482 
2483 	/* clear pending interrupts */
2484 	RT2860_WRITE(sc, RT2860_INT_STATUS, 0xffffffff);
2485 	/* enable interrupts */
2486 	RT2860_WRITE(sc, RT2860_INT_MASK, 0x3fffc);
2487 
2488 	if (sc->sc_flags & RT2860_ADVANCED_PS)
2489 		(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_PSLEVEL, sc->pslevel);
2490 
2491 	return (DDI_SUCCESS);
2492 }
2493 
2494 static int
2495 rt2860_quiesce(dev_info_t *dip)
2496 {
2497 	struct rt2860_softc	*sc;
2498 
2499 	sc = ddi_get_soft_state(rt2860_soft_state_p, ddi_get_instance(dip));
2500 	if (sc == NULL)
2501 		return (DDI_FAILURE);
2502 
2503 #ifdef DEBUG
2504 	rt2860_dbg_flags = 0;
2505 #endif
2506 
2507 	/*
2508 	 * No more blocking is allowed while we are in quiesce(9E) entry point
2509 	 */
2510 	sc->sc_flags |= RT2860_F_QUIESCE;
2511 
2512 	/*
2513 	 * Disable and mask all interrupts
2514 	 */
2515 	rt2860_stop(sc);
2516 	return (DDI_SUCCESS);
2517 }
2518 
2519 static void
2520 rt2860_stop(struct rt2860_softc *sc)
2521 {
2522 	int		qid;
2523 	uint32_t	tmp;
2524 
2525 	/* by pass if it's quiesced */
2526 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
2527 		RT2860_GLOCK(sc);
2528 	if (sc->sc_flags == RT2860_F_RUNNING)
2529 		rt2860_set_leds(sc, 0);	/* turn all LEDs off */
2530 	sc->sc_tx_timer = 0;
2531 	/* by pass if it's quiesced */
2532 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
2533 		RT2860_GUNLOCK(sc);
2534 
2535 	/* clear RX WCID search table */
2536 	rt2860_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
2537 	/* clear pairwise key table */
2538 	rt2860_set_region_4(sc, RT2860_PKEY(0), 0, 2048);
2539 	/* clear IV/EIV table */
2540 	rt2860_set_region_4(sc, RT2860_IVEIV(0), 0, 512);
2541 	/* clear WCID attribute table */
2542 	rt2860_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 256);
2543 	/* clear shared key table */
2544 	rt2860_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
2545 	/* clear shared key mode */
2546 	rt2860_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
2547 
2548 	/* disable interrupts */
2549 	RT2860_WRITE(sc, RT2860_INT_MASK, 0);
2550 
2551 	/* disable Rx */
2552 	tmp = RT2860_READ(sc, RT2860_MAC_SYS_CTRL);
2553 	tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
2554 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL, tmp);
2555 
2556 	/* reset adapter */
2557 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL,
2558 	    RT2860_BBP_HRST | RT2860_MAC_SRST);
2559 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
2560 
2561 	/* reset Tx and Rx rings (and reclaim TXWIs) */
2562 	for (qid = 0; qid < 6; qid++)
2563 		rt2860_reset_tx_ring(sc, &sc->txq[qid]);
2564 	rt2860_reset_rx_ring(sc, &sc->rxq);
2565 
2566 	/* by pass if it's quiesced */
2567 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
2568 		RT2860_GLOCK(sc);
2569 	sc->sc_flags &= ~RT2860_UPD_BEACON;
2570 	/* by pass if it's quiesced */
2571 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
2572 		RT2860_GUNLOCK(sc);
2573 }
2574 
2575 static int
2576 rt2860_m_start(void *arg)
2577 {
2578 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2579 	struct ieee80211com	*ic = &sc->sc_ic;
2580 	int			err;
2581 
2582 	err = rt2860_init(sc);
2583 	if (err != DDI_SUCCESS) {
2584 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_m_start():"
2585 		    "Hardware initialization failed\n");
2586 		goto fail1;
2587 	}
2588 
2589 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
2590 
2591 	RT2860_GLOCK(sc);
2592 	sc->sc_flags |= RT2860_F_RUNNING;
2593 	RT2860_GUNLOCK(sc);
2594 
2595 	return (err);
2596 fail1:
2597 	rt2860_stop(sc);
2598 	return (err);
2599 }
2600 
2601 static void
2602 rt2860_m_stop(void *arg)
2603 {
2604 	struct rt2860_softc *sc = (struct rt2860_softc *)arg;
2605 
2606 	(void) rt2860_stop(sc);
2607 
2608 	ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1);
2609 
2610 	RT2860_GLOCK(sc);
2611 	sc->sc_flags &= ~RT2860_F_RUNNING;
2612 	RT2860_GUNLOCK(sc);
2613 }
2614 
2615 static void
2616 rt2860_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
2617 {
2618 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2619 	struct ieee80211com	*ic = &sc->sc_ic;
2620 	int			err;
2621 
2622 	err = ieee80211_ioctl(ic, wq, mp);
2623 	RT2860_GLOCK(sc);
2624 	if (err == ENETRESET) {
2625 		if (ic->ic_des_esslen) {
2626 			if (RT2860_IS_RUNNING(sc)) {
2627 				RT2860_GUNLOCK(sc);
2628 				(void) rt2860_init(sc);
2629 				(void) ieee80211_new_state(ic,
2630 				    IEEE80211_S_SCAN, -1);
2631 				RT2860_GLOCK(sc);
2632 			}
2633 		}
2634 	}
2635 	RT2860_GUNLOCK(sc);
2636 }
2637 
2638 /*
2639  * Call back function for get/set proporty
2640  */
2641 static int
2642 rt2860_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2643     uint_t wldp_length, void *wldp_buf)
2644 {
2645 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2646 	int			err = 0;
2647 
2648 	err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_num,
2649 	    wldp_length, wldp_buf);
2650 
2651 	return (err);
2652 }
2653 
2654 static void
2655 rt2860_m_propinfo(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2656     mac_prop_info_handle_t prh)
2657 {
2658 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2659 
2660 	ieee80211_propinfo(&sc->sc_ic, pr_name, wldp_pr_num, prh);
2661 }
2662 
2663 static int
2664 rt2860_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2665     uint_t wldp_length, const void *wldp_buf)
2666 {
2667 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2668 	ieee80211com_t		*ic = &sc->sc_ic;
2669 	int			err;
2670 
2671 	err = ieee80211_setprop(ic, pr_name, wldp_pr_num, wldp_length,
2672 	    wldp_buf);
2673 	RT2860_GLOCK(sc);
2674 	if (err == ENETRESET) {
2675 		if (ic->ic_des_esslen) {
2676 			if (RT2860_IS_RUNNING(sc)) {
2677 				RT2860_GUNLOCK(sc);
2678 				(void) rt2860_init(sc);
2679 				(void) ieee80211_new_state(ic,
2680 				    IEEE80211_S_SCAN, -1);
2681 				RT2860_GLOCK(sc);
2682 			}
2683 		}
2684 		err = 0;
2685 	}
2686 	RT2860_GUNLOCK(sc);
2687 	return (err);
2688 }
2689 
2690 static mblk_t *
2691 rt2860_m_tx(void *arg, mblk_t *mp)
2692 {
2693 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2694 	struct ieee80211com	*ic = &sc->sc_ic;
2695 	mblk_t			*next;
2696 
2697 	if (RT2860_IS_SUSPEND(sc)) {
2698 		freemsgchain(mp);
2699 		return (NULL);
2700 	}
2701 
2702 	/*
2703 	 * No data frames go out unless we're associated; this
2704 	 * should not happen as the 802.11 layer does not enable
2705 	 * the xmit queue until we enter the RUN state.
2706 	 */
2707 	if (ic->ic_state != IEEE80211_S_RUN) {
2708 		RWN_DEBUG(RT2860_DBG_TX, "rwn: rt2860_tx_data(): "
2709 		    "discard, state %u\n", ic->ic_state);
2710 		freemsgchain(mp);
2711 		return (NULL);
2712 	}
2713 
2714 	while (mp != NULL) {
2715 		next = mp->b_next;
2716 		mp->b_next = NULL;
2717 		if (rt2860_send(ic, mp, IEEE80211_FC0_TYPE_DATA) !=
2718 		    DDI_SUCCESS) {
2719 			mp->b_next = next;
2720 			break;
2721 		}
2722 		mp = next;
2723 	}
2724 	return (mp);
2725 }
2726 
2727 /*ARGSUSED*/
2728 static int
2729 rt2860_m_unicst(void *arg, const uint8_t *macaddr)
2730 {
2731 	return (ENOTSUP);
2732 }
2733 
2734 /*ARGSUSED*/
2735 static int
2736 rt2860_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
2737 {
2738 	return (ENOTSUP);
2739 }
2740 
2741 /*ARGSUSED*/
2742 static int
2743 rt2860_m_promisc(void *arg, boolean_t on)
2744 {
2745 	return (0);
2746 }
2747 
2748 static int
2749 rt2860_m_stat(void *arg, uint_t stat, uint64_t *val)
2750 {
2751 	struct rt2860_softc	*sc  = (struct rt2860_softc *)arg;
2752 	ieee80211com_t		*ic = &sc->sc_ic;
2753 	ieee80211_node_t	*ni = ic->ic_bss;
2754 	struct ieee80211_rateset *rs = &ni->in_rates;
2755 
2756 	RT2860_GLOCK(sc);
2757 	switch (stat) {
2758 	case MAC_STAT_IFSPEED:
2759 		*val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
2760 		    (rs->ir_rates[ni->in_txrate] & IEEE80211_RATE_VAL)
2761 		    : ic->ic_fixed_rate) / 2 * 1000000;
2762 		break;
2763 	case MAC_STAT_NOXMTBUF:
2764 		*val = sc->sc_tx_nobuf;
2765 		break;
2766 	case MAC_STAT_NORCVBUF:
2767 		*val = sc->sc_rx_nobuf;
2768 		break;
2769 	case MAC_STAT_IERRORS:
2770 		*val = sc->sc_rx_err;
2771 		break;
2772 	case MAC_STAT_RBYTES:
2773 		*val = ic->ic_stats.is_rx_bytes;
2774 		break;
2775 	case MAC_STAT_IPACKETS:
2776 		*val = ic->ic_stats.is_rx_frags;
2777 		break;
2778 	case MAC_STAT_OBYTES:
2779 		*val = ic->ic_stats.is_tx_bytes;
2780 		break;
2781 	case MAC_STAT_OPACKETS:
2782 		*val = ic->ic_stats.is_tx_frags;
2783 		break;
2784 	case MAC_STAT_OERRORS:
2785 	case WIFI_STAT_TX_FAILED:
2786 		*val = sc->sc_tx_err;
2787 		break;
2788 	case WIFI_STAT_TX_RETRANS:
2789 		*val = sc->sc_tx_retries;
2790 		break;
2791 	case WIFI_STAT_FCS_ERRORS:
2792 	case WIFI_STAT_WEP_ERRORS:
2793 	case WIFI_STAT_TX_FRAGS:
2794 	case WIFI_STAT_MCAST_TX:
2795 	case WIFI_STAT_RTS_SUCCESS:
2796 	case WIFI_STAT_RTS_FAILURE:
2797 	case WIFI_STAT_ACK_FAILURE:
2798 	case WIFI_STAT_RX_FRAGS:
2799 	case WIFI_STAT_MCAST_RX:
2800 	case WIFI_STAT_RX_DUPS:
2801 		RT2860_GUNLOCK(sc);
2802 		return (ieee80211_stat(ic, stat, val));
2803 	default:
2804 		RT2860_GUNLOCK(sc);
2805 		return (ENOTSUP);
2806 	}
2807 	RT2860_GUNLOCK(sc);
2808 
2809 	return (0);
2810 }
2811 
2812 static int
2813 rt2860_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
2814 {
2815 	struct rt2860_softc	*sc;
2816 	struct ieee80211com	*ic;
2817 	int			i, err, qid, ntries, instance;
2818 	uint8_t			cachelsz;
2819 	uint16_t		command, vendor_id, device_id;
2820 	char			strbuf[32];
2821 	wifi_data_t		wd = { 0 };
2822 	mac_register_t		*macp;
2823 
2824 	switch (cmd) {
2825 	case DDI_ATTACH:
2826 		break;
2827 	case DDI_RESUME:
2828 		sc = ddi_get_soft_state(rt2860_soft_state_p,
2829 		    ddi_get_instance(devinfo));
2830 		ASSERT(sc != NULL);
2831 		RT2860_GLOCK(sc);
2832 		sc->sc_flags &= ~RT2860_F_SUSPEND;
2833 		RT2860_GUNLOCK(sc);
2834 		if (RT2860_IS_RUNNING(sc))
2835 			(void) rt2860_init(sc);
2836 		RWN_DEBUG(RT2860_DBG_RESUME, "rwn: rt2860_attach(): "
2837 		    "resume now\n");
2838 		return (DDI_SUCCESS);
2839 	default:
2840 		return (DDI_FAILURE);
2841 	}
2842 
2843 	instance = ddi_get_instance(devinfo);
2844 
2845 	err = ddi_soft_state_zalloc(rt2860_soft_state_p, instance);
2846 	if (err != DDI_SUCCESS) {
2847 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2848 		    "unable to alloc soft_state_p\n");
2849 		return (err);
2850 	}
2851 
2852 	sc = ddi_get_soft_state(rt2860_soft_state_p, instance);
2853 	ic = (ieee80211com_t *)&sc->sc_ic;
2854 	sc->sc_dev = devinfo;
2855 
2856 	/* pci configuration */
2857 	err = ddi_regs_map_setup(devinfo, 0, &sc->sc_cfg_base, 0, 0,
2858 	    &rwn_csr_accattr, &sc->sc_cfg_handle);
2859 	if (err != DDI_SUCCESS) {
2860 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2861 		    "ddi_regs_map_setup() failed");
2862 		goto fail1;
2863 	}
2864 
2865 	cachelsz = ddi_get8(sc->sc_cfg_handle,
2866 	    (uint8_t *)(sc->sc_cfg_base + PCI_CONF_CACHE_LINESZ));
2867 	if (cachelsz == 0)
2868 		cachelsz = 0x10;
2869 	sc->sc_cachelsz = cachelsz << 2;
2870 	sc->sc_dmabuf_size = roundup(IEEE80211_MAX_LEN, sc->sc_cachelsz);
2871 
2872 	vendor_id = ddi_get16(sc->sc_cfg_handle,
2873 	    (uint16_t *)((uintptr_t)(sc->sc_cfg_base) + PCI_CONF_VENID));
2874 	device_id = ddi_get16(sc->sc_cfg_handle,
2875 	    (uint16_t *)((uintptr_t)(sc->sc_cfg_base) + PCI_CONF_DEVID));
2876 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2877 	    "vendor 0x%x, device id 0x%x, cache size %d\n",
2878 	    vendor_id, device_id, cachelsz);
2879 
2880 	/*
2881 	 * Enable response to memory space accesses,
2882 	 * and enabe bus master.
2883 	 */
2884 	command = PCI_COMM_MAE | PCI_COMM_ME;
2885 	ddi_put16(sc->sc_cfg_handle,
2886 	    (uint16_t *)((uintptr_t)(sc->sc_cfg_base) + PCI_CONF_COMM),
2887 	    command);
2888 	ddi_put8(sc->sc_cfg_handle,
2889 	    (uint8_t *)(sc->sc_cfg_base + PCI_CONF_LATENCY_TIMER), 0xa8);
2890 	ddi_put8(sc->sc_cfg_handle,
2891 	    (uint8_t *)(sc->sc_cfg_base + PCI_CONF_ILINE), 0x10);
2892 
2893 	/* pci i/o space */
2894 	err = ddi_regs_map_setup(devinfo, 1,
2895 	    &sc->sc_io_base, 0, 0, &rwn_csr_accattr, &sc->sc_io_handle);
2896 	if (err != DDI_SUCCESS) {
2897 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2898 		    "ddi_regs_map_setup() failed");
2899 		goto fail2;
2900 	}
2901 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2902 	    "PCI configuration is done successfully\n");
2903 
2904 	sc->amrr.amrr_min_success_threshold =  1;
2905 	sc->amrr.amrr_max_success_threshold = 15;
2906 
2907 	/* wait for NIC to initialize */
2908 	for (ntries = 0; ntries < 100; ntries++) {
2909 		sc->mac_rev = RT2860_READ(sc, RT2860_ASIC_VER_ID);
2910 		if (sc->mac_rev != 0 && sc->mac_rev != 0xffffffff)
2911 			break;
2912 		DELAY(10);
2913 	}
2914 	if (ntries == 100) {
2915 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2916 		    "timeout waiting for NIC initialize\n");
2917 		return (DDI_FAILURE);
2918 	}
2919 
2920 	if ((sc->mac_rev >> 16) != 0x2860 &&
2921 	    (device_id == PRODUCT_RALINK_RT2890 ||
2922 	    device_id == PRODUCT_RALINK_RT2790 ||
2923 	    device_id == PRODUCT_AWT_RT2890))
2924 		sc->sc_flags |= RT2860_ADVANCED_PS;
2925 
2926 	/* retrieve RF rev. no and various other things from EEPROM */
2927 	(void) rt2860_read_eeprom(sc);
2928 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2929 	    "MAC/BBP RT%X (rev 0x%04X), RF %s (%dT%dR)\n",
2930 	    sc->mac_rev >> 16, sc->mac_rev & 0xffff,
2931 	    rt2860_get_rf(sc->rf_rev), sc->ntxchains, sc->nrxchains);
2932 
2933 	/*
2934 	 * Allocate Tx (4 EDCAs + HCCA + Mgt) and Rx rings.
2935 	 */
2936 	for (qid = 0; qid < 6; qid++) {
2937 		if ((err = rt2860_alloc_tx_ring(sc, &sc->txq[qid])) != 0) {
2938 			RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2939 			    "could not allocate Tx ring %d\n", qid);
2940 			goto fail3;
2941 		}
2942 	}
2943 
2944 	if ((err = rt2860_alloc_rx_ring(sc, &sc->rxq)) != 0) {
2945 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2946 		    "could not allocte Rx ring\n");
2947 		goto fail4;
2948 	}
2949 
2950 	if ((err = rt2860_alloc_tx_pool(sc)) != 0) {
2951 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2952 		    "could not allocte Tx pool\n");
2953 		goto fail5;
2954 	}
2955 
2956 	mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
2957 	mutex_init(&sc->sc_txlock, NULL, MUTEX_DRIVER, NULL);
2958 	mutex_init(&sc->sc_rxlock, NULL, MUTEX_DRIVER, NULL);
2959 
2960 	/* mgmt ring is broken on RT2860C, use EDCA AC VO ring instead */
2961 	sc->mgtqid = (sc->mac_rev == 0x28600100) ? EDCA_AC_VO : 5;
2962 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach():"
2963 	    "mgtqid = %x\n", sc->mgtqid);
2964 
2965 	ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
2966 	ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
2967 	ic->ic_state = IEEE80211_S_INIT;
2968 
2969 	/* set device capabilities */
2970 	ic->ic_caps =
2971 	    IEEE80211_C_TXPMGT |	/* tx power management */
2972 	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
2973 	    IEEE80211_C_SHSLOT;		/* short slot time supported */
2974 
2975 	/* WPA/WPA2 support */
2976 	ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */
2977 
2978 	/* set supported .11b and .11g rates */
2979 	ic->ic_sup_rates[IEEE80211_MODE_11B] = rt2860_rateset_11b;
2980 	ic->ic_sup_rates[IEEE80211_MODE_11G] = rt2860_rateset_11g;
2981 
2982 	/* set supported .11b and .11g channels (1 through 14) */
2983 	for (i = 1; i <= 14; i++) {
2984 		ic->ic_sup_channels[i].ich_freq =
2985 		    ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
2986 		ic->ic_sup_channels[i].ich_flags =
2987 		    IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
2988 		    IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
2989 	}
2990 
2991 	ic->ic_maxrssi = 63;
2992 	ic->ic_xmit = rt2860_send;
2993 
2994 	ieee80211_attach(ic);
2995 
2996 	/* register WPA door */
2997 	ieee80211_register_door(ic, ddi_driver_name(devinfo),
2998 	    ddi_get_instance(devinfo));
2999 
3000 	/* override state transition machine */
3001 	sc->sc_newstate = ic->ic_newstate;
3002 	ic->ic_newstate = rt2860_newstate;
3003 	ieee80211_media_init(ic);
3004 	ic->ic_def_txkey = 0;
3005 
3006 	err = ddi_add_softintr(devinfo, DDI_SOFTINT_LOW,
3007 	    &sc->sc_softintr_hdl, NULL, 0, rt2860_softintr, (caddr_t)sc);
3008 	if (err != DDI_SUCCESS) {
3009 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3010 		    "ddi_add_softintr() failed");
3011 		goto fail8;
3012 	}
3013 
3014 	err = ddi_get_iblock_cookie(devinfo, 0, &sc->sc_iblock);
3015 	if (err != DDI_SUCCESS) {
3016 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3017 		    "Can not get iblock cookie for INT\n");
3018 		goto fail7;
3019 	}
3020 
3021 	err = ddi_add_intr(devinfo, 0, NULL, NULL, rt2860_intr, (caddr_t)sc);
3022 	if (err != DDI_SUCCESS) {
3023 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3024 		    "unable to add device interrupt handler\n");
3025 		goto fail7;
3026 	}
3027 
3028 	/*
3029 	 * Provide initial settings for the WiFi plugin; whenever this
3030 	 * information changes, we need to call mac_plugindata_update()
3031 	 */
3032 	wd.wd_opmode = ic->ic_opmode;
3033 	wd.wd_secalloc = WIFI_SEC_NONE;
3034 	IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
3035 
3036 	if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
3037 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3038 		    "MAC version mismatch\n");
3039 		goto fail9;
3040 	}
3041 
3042 	macp->m_type_ident	= MAC_PLUGIN_IDENT_WIFI;
3043 	macp->m_driver		= sc;
3044 	macp->m_dip		= devinfo;
3045 	macp->m_src_addr	= ic->ic_macaddr;
3046 	macp->m_callbacks	= &rt2860_m_callbacks;
3047 	macp->m_min_sdu		= 0;
3048 	macp->m_max_sdu		= IEEE80211_MTU;
3049 	macp->m_pdata		= &wd;
3050 	macp->m_pdata_size	= sizeof (wd);
3051 
3052 	err = mac_register(macp, &ic->ic_mach);
3053 	mac_free(macp);
3054 	if (err != 0) {
3055 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3056 		    "mac_register err %x\n", err);
3057 		goto fail9;
3058 	}
3059 
3060 	/*
3061 	 * Create minor node of type DDI_NT_NET_WIFI
3062 	 */
3063 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
3064 	    "rwn", instance);
3065 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
3066 	    instance + 1, DDI_NT_NET_WIFI, 0);
3067 
3068 	/*
3069 	 * Notify link is down now
3070 	 */
3071 	mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
3072 
3073 	sc->sc_flags &= ~RT2860_F_RUNNING;
3074 
3075 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach() successfully.\n");
3076 	return (DDI_SUCCESS);
3077 fail9:
3078 	ddi_remove_softintr(sc->sc_softintr_hdl);
3079 fail8:
3080 	ddi_remove_intr(devinfo, 0, sc->sc_iblock);
3081 fail7:
3082 	mutex_destroy(&sc->sc_genlock);
3083 	mutex_destroy(&sc->sc_txlock);
3084 	mutex_destroy(&sc->sc_rxlock);
3085 fail6:
3086 	rt2860_free_tx_pool(sc);
3087 fail5:
3088 	rt2860_free_rx_ring(sc, &sc->rxq);
3089 fail4:
3090 	while (--qid >= 0)
3091 		rt2860_free_tx_ring(sc, &sc->txq[qid]);
3092 fail3:
3093 	ddi_regs_map_free(&sc->sc_io_handle);
3094 fail2:
3095 	ddi_regs_map_free(&sc->sc_cfg_handle);
3096 fail1:
3097 	return (err);
3098 }
3099 
3100 static int
3101 rt2860_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
3102 {
3103 	struct rt2860_softc	*sc;
3104 	int			qid;
3105 
3106 	sc = ddi_get_soft_state(rt2860_soft_state_p, ddi_get_instance(devinfo));
3107 
3108 	switch (cmd) {
3109 	case DDI_DETACH:
3110 		break;
3111 	case DDI_SUSPEND:
3112 		if (RT2860_IS_RUNNING(sc))
3113 			rt2860_stop(sc);
3114 		RT2860_GLOCK(sc);
3115 		sc->sc_flags &= ~RT2860_FWLOADED;
3116 		sc->sc_flags |= RT2860_F_SUSPEND;
3117 		RT2860_GUNLOCK(sc);
3118 		RWN_DEBUG(RT2860_DBG_RESUME, "rwn: rt2860_detach(): "
3119 		    "suspend now\n");
3120 		return (DDI_SUCCESS);
3121 	default:
3122 		return (DDI_FAILURE);
3123 	}
3124 
3125 	if (mac_disable(sc->sc_ic.ic_mach) != 0)
3126 		return (DDI_FAILURE);
3127 
3128 	rt2860_stop(sc);
3129 
3130 	/*
3131 	 * Unregister from the MAC layer subsystem
3132 	 */
3133 	(void) mac_unregister(sc->sc_ic.ic_mach);
3134 
3135 	ddi_remove_intr(devinfo, 0, sc->sc_iblock);
3136 	ddi_remove_softintr(sc->sc_softintr_hdl);
3137 
3138 	/*
3139 	 * detach ieee80211 layer
3140 	 */
3141 	ieee80211_detach(&sc->sc_ic);
3142 
3143 	rt2860_free_tx_pool(sc);
3144 	rt2860_free_rx_ring(sc, &sc->rxq);
3145 	for (qid = 0; qid < 6; qid++)
3146 		rt2860_free_tx_ring(sc, &sc->txq[qid]);
3147 
3148 	ddi_regs_map_free(&sc->sc_io_handle);
3149 
3150 	mutex_destroy(&sc->sc_genlock);
3151 	mutex_destroy(&sc->sc_txlock);
3152 	mutex_destroy(&sc->sc_rxlock);
3153 
3154 	ddi_remove_minor_node(devinfo, NULL);
3155 	ddi_soft_state_free(rt2860_soft_state_p, ddi_get_instance(devinfo));
3156 
3157 	return (DDI_SUCCESS);
3158 }
3159 
3160 int
3161 _info(struct modinfo *modinfop)
3162 {
3163 	return (mod_info(&modlinkage, modinfop));
3164 }
3165 
3166 int
3167 _init(void)
3168 {
3169 	int status;
3170 
3171 	status = ddi_soft_state_init(&rt2860_soft_state_p,
3172 	    sizeof (struct rt2860_softc), 1);
3173 	if (status != 0)
3174 		return (status);
3175 
3176 	mac_init_ops(&rwn_dev_ops, "rwn");
3177 	status = mod_install(&modlinkage);
3178 	if (status != 0) {
3179 		mac_fini_ops(&rwn_dev_ops);
3180 		ddi_soft_state_fini(&rt2860_soft_state_p);
3181 	}
3182 	return (status);
3183 }
3184 
3185 int
3186 _fini(void)
3187 {
3188 	int status;
3189 
3190 	status = mod_remove(&modlinkage);
3191 	if (status == 0) {
3192 		mac_fini_ops(&rwn_dev_ops);
3193 		ddi_soft_state_fini(&rt2860_soft_state_p);
3194 	}
3195 	return (status);
3196 }
3197