xref: /titanic_52/usr/src/uts/common/io/rwn/rt2860.c (revision f89940742f5d14dde79b69b98a414dd7b7f585c7)
1 /*
2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * Copyright (c) 2007, 2008
8  *	Damien Bergamini <damien.bergamini@free.fr>
9  *
10  * Permission to use, copy, modify, and distribute this software for any
11  * purpose with or without fee is hereby granted, provided that the above
12  * copyright notice and this permission notice appear in all copies.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21  */
22 
23 /*
24  * Ralink Technology RT2860 chipset driver
25  * http://www.ralinktech.com/
26  */
27 
28 #include <sys/types.h>
29 #include <sys/byteorder.h>
30 #include <sys/conf.h>
31 #include <sys/cmn_err.h>
32 #include <sys/stat.h>
33 #include <sys/ddi.h>
34 #include <sys/sunddi.h>
35 #include <sys/strsubr.h>
36 #include <inet/common.h>
37 #include <sys/note.h>
38 #include <sys/stream.h>
39 #include <sys/strsun.h>
40 #include <sys/modctl.h>
41 #include <sys/devops.h>
42 #include <sys/mac_provider.h>
43 #include <sys/mac_wifi.h>
44 #include <sys/net80211.h>
45 #include <sys/net80211_proto.h>
46 #include <sys/varargs.h>
47 #include <sys/pci.h>
48 #include <sys/crypto/common.h>
49 #include <sys/crypto/api.h>
50 #include <inet/wifi_ioctl.h>
51 
52 #include "rt2860_reg.h"
53 #include "rt2860_var.h"
54 
55 #define	RT2860_DBG_80211	(1 << 0)
56 #define	RT2860_DBG_DMA		(1 << 1)
57 #define	RT2860_DBG_EEPROM	(1 << 2)
58 #define	RT2860_DBG_FW		(1 << 3)
59 #define	RT2860_DBG_HW		(1 << 4)
60 #define	RT2860_DBG_INTR		(1 << 5)
61 #define	RT2860_DBG_RX		(1 << 6)
62 #define	RT2860_DBG_SCAN		(1 << 7)
63 #define	RT2860_DBG_TX		(1 << 8)
64 #define	RT2860_DBG_RADIO	(1 << 9)
65 #define	RT2860_DBG_RESUME	(1 << 10)
66 #define	RT2860_DBG_MSG		(1 << 11)
67 
68 uint32_t rt2860_dbg_flags = 0x0;
69 
70 #ifdef DEBUG
71 #define	RWN_DEBUG \
72 	rt2860_debug
73 #else
74 #define	RWN_DEBUG
75 #endif
76 
77 static void *rt2860_soft_state_p = NULL;
78 static uint8_t rt2860_fw_bin [] = {
79 #include "fw-rt2860/rt2860.ucode"
80 };
81 
82 static const struct ieee80211_rateset rt2860_rateset_11b =
83 	{ 4, { 2, 4, 11, 22 } };
84 
85 static const struct ieee80211_rateset rt2860_rateset_11g =
86 	{ 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
87 
88 static const struct {
89 	uint32_t	reg;
90 	uint32_t	val;
91 } rt2860_def_mac[] = {
92 	RT2860_DEF_MAC
93 };
94 
95 static const struct {
96 	uint8_t	reg;
97 	uint8_t	val;
98 } rt2860_def_bbp[] = {
99 	RT2860_DEF_BBP
100 };
101 
102 static const struct rfprog {
103 	uint8_t		chan;
104 	uint32_t	r1, r2, r3, r4;
105 } rt2860_rf2850[] = {
106 	RT2860_RF2850
107 };
108 
109 /*
110  * PIO access attributes for registers
111  */
112 static ddi_device_acc_attr_t rwn_csr_accattr = {
113 	DDI_DEVICE_ATTR_V0,
114 	DDI_STRUCTURE_LE_ACC,
115 	DDI_STRICTORDER_ACC
116 };
117 
118 /*
119  * DMA access attributes for descriptors: NOT to be byte swapped.
120  */
121 static ddi_device_acc_attr_t rt2860_desc_accattr = {
122 	DDI_DEVICE_ATTR_V0,
123 	DDI_STRUCTURE_LE_ACC,
124 	DDI_STRICTORDER_ACC
125 };
126 
127 static ddi_device_acc_attr_t rt2860_buf_accattr = {
128 	DDI_DEVICE_ATTR_V0,
129 	DDI_NEVERSWAP_ACC,
130 	DDI_STRICTORDER_ACC,
131 	DDI_DEFAULT_ACC
132 };
133 
134 /*
135  * Describes the chip's DMA engine
136  */
137 static ddi_dma_attr_t rt2860_dma_attr = {
138 	DMA_ATTR_V0,			/* dma_attr version */
139 	0x0,				/* dma_attr_addr_lo */
140 	0xffffffffU,			/* dma_attr_addr_hi */
141 	0xffffffffU,			/* dma_attr_count_max */
142 	16,				/* dma_attr_align */
143 	0x00000fff,			/* dma_attr_burstsizes */
144 	1,				/* dma_attr_minxfer */
145 	0xffffffffU,			/* dma_attr_maxxfer */
146 	0xffffffffU,			/* dma_attr_seg */
147 	1,				/* dma_attr_sgllen */
148 	1,				/* dma_attr_granular */
149 	0				/* dma_attr_flags */
150 };
151 
152 static uint16_t	rt2860_eeprom_read(struct rt2860_softc *, uint8_t);
153 static int 	rt2860_read_eeprom(struct rt2860_softc *);
154 const char	*rt2860_get_rf(uint8_t);
155 static int	rt2860_alloc_dma_mem(dev_info_t *, ddi_dma_attr_t *, size_t,
156 		    ddi_device_acc_attr_t *, uint_t, uint_t, struct dma_area *);
157 static void	rt2860_free_dma_mem(struct dma_area *);
158 static int	rt2860_alloc_tx_ring(struct rt2860_softc *,
159 		    struct rt2860_tx_ring *);
160 static void	rt2860_free_tx_ring(struct rt2860_softc *,
161 		    struct rt2860_tx_ring *);
162 static int	rt2860_alloc_rx_ring(struct rt2860_softc *,
163 		    struct rt2860_rx_ring *);
164 static void	rt2860_free_rx_ring(struct rt2860_softc *,
165 		    struct rt2860_rx_ring *);
166 static int	rt2860_alloc_tx_pool(struct rt2860_softc *);
167 static void	rt2860_free_tx_pool(struct rt2860_softc *);
168 static uint16_t	rt2860_txtime(int, int, uint32_t);
169 static int	rt2860_ack_rate(struct ieee80211com *, int);
170 static int	rt2860_send(ieee80211com_t *, mblk_t *, uint8_t);
171 static uint8_t	rt2860_maxrssi_chain(struct rt2860_softc *,
172 		    const struct rt2860_rxwi *);
173 static void	rt2860_drain_stats_fifo(struct rt2860_softc *);
174 static void	rt2860_tx_intr(struct rt2860_softc *, int);
175 static void	rt2860_rx_intr(struct rt2860_softc *);
176 static uint_t	rt2860_softintr(caddr_t);
177 static uint_t	rt2860_intr(caddr_t);
178 static void	rt2860_set_region_4(struct rt2860_softc *,
179 		    uint32_t, uint32_t, int);
180 static int	rt2860_load_microcode(struct rt2860_softc *);
181 static void	rt2860_set_macaddr(struct rt2860_softc *, const uint8_t *);
182 static int	rt2860_bbp_init(struct rt2860_softc *);
183 static uint8_t	rt2860_mcu_bbp_read(struct rt2860_softc *, uint8_t);
184 static void	rt2860_mcu_bbp_write(struct rt2860_softc *, uint8_t, uint8_t);
185 static int	rt2860_mcu_cmd(struct rt2860_softc *, uint8_t, uint16_t);
186 static void	rt2860_rf_write(struct rt2860_softc *, uint8_t, uint32_t);
187 static void	rt2860_select_chan_group(struct rt2860_softc *, int);
188 static void	rt2860_set_chan(struct rt2860_softc *,
189 		    struct ieee80211_channel *);
190 static void	rt2860_updateprot(struct ieee80211com *);
191 static void	rt2860_set_leds(struct rt2860_softc *, uint16_t);
192 static void	rt2860_next_scan(void *);
193 static void	rt2860_iter_func(void *, struct ieee80211_node *);
194 static void	rt2860_updateslot(struct rt2860_softc *);
195 static uint8_t	rt2860_rate2mcs(uint8_t);
196 static void	rt2860_enable_mrr(struct rt2860_softc *);
197 static void	rt2860_set_txpreamble(struct rt2860_softc *);
198 static void	rt2860_set_basicrates(struct rt2860_softc *);
199 static void	rt2860_set_bssid(struct rt2860_softc *, const uint8_t *);
200 static void	rt2860_amrr_node_init(const struct rt2860_amrr *,
201 		    struct rt2860_amrr_node *);
202 static void	rt2860_amrr_choose(struct rt2860_amrr *,
203 		    struct ieee80211_node *, struct rt2860_amrr_node *);
204 static void	rt2860_newassoc(struct ieee80211com *, struct ieee80211_node *,
205 		    int);
206 static void	rt2860_enable_tsf_sync(struct rt2860_softc *);
207 static int	rt2860_newstate(struct ieee80211com *,
208 		    enum ieee80211_state, int);
209 static int	rt2860_init(struct rt2860_softc *);
210 static void	rt2860_stop(struct rt2860_softc *);
211 static int	rt2860_quiesce(dev_info_t *t);
212 
213 /*
214  * device operations
215  */
216 static int rt2860_attach(dev_info_t *, ddi_attach_cmd_t);
217 static int rt2860_detach(dev_info_t *, ddi_detach_cmd_t);
218 
219 /*
220  * Module Loading Data & Entry Points
221  */
222 DDI_DEFINE_STREAM_OPS(rwn_dev_ops, nulldev, nulldev, rt2860_attach,
223     rt2860_detach, nodev, NULL, D_MP, NULL, rt2860_quiesce);
224 
225 static struct modldrv rwn_modldrv = {
226 	&mod_driverops,		/* Type of module.  This one is a driver */
227 	"Ralink RT2700/2800 driver v1.2",	/* short description */
228 	&rwn_dev_ops		/* driver specific ops */
229 };
230 
231 static struct modlinkage modlinkage = {
232 	MODREV_1,
233 	(void *)&rwn_modldrv,
234 	NULL
235 };
236 
237 static int	rt2860_m_stat(void *,  uint_t, uint64_t *);
238 static int	rt2860_m_start(void *);
239 static void	rt2860_m_stop(void *);
240 static int	rt2860_m_promisc(void *, boolean_t);
241 static int	rt2860_m_multicst(void *, boolean_t, const uint8_t *);
242 static int	rt2860_m_unicst(void *, const uint8_t *);
243 static mblk_t	*rt2860_m_tx(void *, mblk_t *);
244 static void	rt2860_m_ioctl(void *, queue_t *, mblk_t *);
245 static int	rt2860_m_setprop(void *arg, const char *pr_name,
246 		    mac_prop_id_t wldp_pr_num,
247 		    uint_t wldp_length, const void *wldp_buf);
248 static void	rt2860_m_propinfo(void *arg, const char *pr_name,
249 		    mac_prop_id_t wldp_pr_num, mac_prop_info_handle_t prh);
250 static int	rt2860_m_getprop(void *arg, const char *pr_name,
251 		    mac_prop_id_t wldp_pr_num, uint_t wldp_length,
252 		    void *wldp_buf);
253 
254 static mac_callbacks_t rt2860_m_callbacks = {
255 	MC_IOCTL | MC_SETPROP | MC_GETPROP | MC_PROPINFO,
256 	rt2860_m_stat,
257 	rt2860_m_start,
258 	rt2860_m_stop,
259 	rt2860_m_promisc,
260 	rt2860_m_multicst,
261 	rt2860_m_unicst,
262 	rt2860_m_tx,
263 	NULL,
264 	rt2860_m_ioctl,
265 	NULL,
266 	NULL,
267 	NULL,
268 	rt2860_m_setprop,
269 	rt2860_m_getprop,
270 	rt2860_m_propinfo
271 };
272 
273 #ifdef DEBUG
274 void
275 rt2860_debug(uint32_t dbg_flags, const int8_t *fmt, ...)
276 {
277 	va_list args;
278 
279 	if (dbg_flags & rt2860_dbg_flags) {
280 		va_start(args, fmt);
281 		vcmn_err(CE_CONT, fmt, args);
282 		va_end(args);
283 	}
284 }
285 #endif
286 
287 const char *
288 rt2860_get_rf(uint8_t rev)
289 {
290 	switch (rev) {
291 	case RT2860_RF_2820:	return "RT2820";
292 	case RT2860_RF_2850:	return "RT2850";
293 	case RT2860_RF_2720:	return "RT2720";
294 	case RT2860_RF_2750:	return "RT2750";
295 	default:		return "unknown";
296 	}
297 }
298 
299 /*
300  * Read 16 bits at address 'addr' from the serial EEPROM (either 93C46,
301  * 93C66 or 93C86).
302  */
303 static uint16_t
304 rt2860_eeprom_read(struct rt2860_softc *sc, uint8_t addr)
305 {
306 	int		n;
307 	uint16_t	val;
308 	uint32_t	tmp;
309 
310 	/* clock C once before the first command */
311 	RT2860_EEPROM_CTL(sc, 0);
312 
313 	RT2860_EEPROM_CTL(sc, RT2860_S);
314 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
315 	RT2860_EEPROM_CTL(sc, RT2860_S);
316 
317 	/* write start bit (1) */
318 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
319 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
320 
321 	/* write READ opcode (10) */
322 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
323 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
324 	RT2860_EEPROM_CTL(sc, RT2860_S);
325 	RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
326 
327 	/* write address (A5-A0 or A7-A0) */
328 	n = ((RT2860_READ(sc, RT2860_PCI_EECTRL) & 0x30) == 0) ? 5 : 7;
329 	for (; n >= 0; n--) {
330 		RT2860_EEPROM_CTL(sc, RT2860_S |
331 		    (((addr >> n) & 1) << RT2860_SHIFT_D));
332 		RT2860_EEPROM_CTL(sc, RT2860_S |
333 		    (((addr >> n) & 1) << RT2860_SHIFT_D) | RT2860_C);
334 	}
335 
336 	RT2860_EEPROM_CTL(sc, RT2860_S);
337 
338 	/* read data Q15-Q0 */
339 	val = 0;
340 	for (n = 15; n >= 0; n--) {
341 		RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
342 		tmp = RT2860_READ(sc, RT2860_PCI_EECTRL);
343 		val |= ((tmp & RT2860_Q) >> RT2860_SHIFT_Q) << n;
344 		RT2860_EEPROM_CTL(sc, RT2860_S);
345 	}
346 
347 	RT2860_EEPROM_CTL(sc, 0);
348 
349 	/* clear Chip Select and clock C */
350 	RT2860_EEPROM_CTL(sc, RT2860_S);
351 	RT2860_EEPROM_CTL(sc, 0);
352 	RT2860_EEPROM_CTL(sc, RT2860_C);
353 
354 	return (val);
355 }
356 
357 /*
358  * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
359  * Used to adjust per-rate Tx power registers.
360  */
361 static inline uint32_t
362 b4inc(uint32_t b32, int8_t delta)
363 {
364 	int8_t i, b4;
365 
366 	for (i = 0; i < 8; i++) {
367 		b4 = b32 & 0xf;
368 		b4 += delta;
369 		if (b4 < 0)
370 			b4 = 0;
371 		else if (b4 > 0xf)
372 			b4 = 0xf;
373 		b32 = b32 >> 4 | b4 << 28;
374 	}
375 	return (b32);
376 }
377 
378 static int
379 rt2860_read_eeprom(struct rt2860_softc *sc)
380 {
381 	struct ieee80211com	*ic = &sc->sc_ic;
382 	int			ridx, ant, i;
383 	int8_t			delta_2ghz, delta_5ghz;
384 	uint16_t		val;
385 
386 	/* read EEPROM version */
387 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_VERSION);
388 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
389 	    "EEPROM rev=%d, FAE=%d\n",
390 	    val & 0xff, val >> 8);
391 
392 	/* read MAC address */
393 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_MAC01);
394 	ic->ic_macaddr[0] = val & 0xff;
395 	ic->ic_macaddr[1] = val >> 8;
396 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_MAC23);
397 	ic->ic_macaddr[2] = val & 0xff;
398 	ic->ic_macaddr[3] = val >> 8;
399 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_MAC45);
400 	ic->ic_macaddr[4] = val & 0xff;
401 	ic->ic_macaddr[5] = val >> 8;
402 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
403 	    "MAC address is: %x:%x:%x:%x:%x:%x\n",
404 	    ic->ic_macaddr[0], ic->ic_macaddr[1],
405 	    ic->ic_macaddr[2], ic->ic_macaddr[3],
406 	    ic->ic_macaddr[4], ic->ic_macaddr[5]);
407 
408 	/* read country code */
409 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_COUNTRY);
410 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
411 	    "EEPROM region code=0x%04x\n", val);
412 
413 	/* read default BBP settings */
414 	for (i = 0; i < 8; i++) {
415 		val = rt2860_eeprom_read(sc, RT2860_EEPROM_BBP_BASE + i);
416 		sc->bbp[i].val = val & 0xff;
417 		sc->bbp[i].reg = val >> 8;
418 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
419 		    "BBP%d=0x%02x\n",
420 		    sc->bbp[i].reg, sc->bbp[i].val);
421 	}
422 
423 	/* read RF frequency offset from EEPROM */
424 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_FREQ_LEDS);
425 	sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
426 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
427 	    "EEPROM freq offset %d\n", sc->freq & 0xff);
428 
429 	if ((sc->leds = val >> 8) != 0xff) {
430 		/* read LEDs operating mode */
431 		sc->led[0] = rt2860_eeprom_read(sc, RT2860_EEPROM_LED1);
432 		sc->led[1] = rt2860_eeprom_read(sc, RT2860_EEPROM_LED2);
433 		sc->led[2] = rt2860_eeprom_read(sc, RT2860_EEPROM_LED3);
434 	} else {
435 		/* broken EEPROM, use default settings */
436 		sc->leds = 0x01;
437 		sc->led[0] = 0x5555;
438 		sc->led[1] = 0x2221;
439 		sc->led[2] = 0xa9f8;
440 	}
441 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
442 	    "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
443 	    sc->leds, sc->led[0], sc->led[1], sc->led[2]);
444 
445 	/* read RF information */
446 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_ANTENNA);
447 	if (val == 0xffff) {
448 		/* broken EEPROM, default to RF2820 1T2R */
449 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
450 		    "invalid EEPROM antenna info, using default\n");
451 		sc->rf_rev = RT2860_RF_2820;
452 		sc->ntxchains = 1;
453 		sc->nrxchains = 2;
454 	} else {
455 		sc->rf_rev = (val >> 8) & 0xf;
456 		sc->ntxchains = (val >> 4) & 0xf;
457 		sc->nrxchains = val & 0xf;
458 	}
459 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
460 	    "EEPROM RF rev=0x%02x chains=%dT%dR\n",
461 	    sc->rf_rev, sc->ntxchains, sc->nrxchains);
462 
463 	/* check if RF supports automatic Tx access gain control */
464 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_CONFIG);
465 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
466 	    "EEPROM CFG 0x%04x\n", val);
467 	if ((val & 0xff) != 0xff)
468 		sc->calib_2ghz = sc->calib_5ghz = 0; /* XXX (val >> 1) & 1 */;
469 
470 	if (sc->sc_flags & RT2860_ADVANCED_PS) {
471 		/* read PCIe power save level */
472 		val = rt2860_eeprom_read(sc, RT2860_EEPROM_PCIE_PSLEVEL);
473 		if ((val & 0xff) != 0xff) {
474 			sc->pslevel = val & 0x3;
475 			val = rt2860_eeprom_read(sc, RT2860_EEPROM_REV);
476 			if (val >> 8 != 0x92 || !(val & 0x80))
477 				sc->pslevel = MIN(sc->pslevel, 1);
478 			RWN_DEBUG(RT2860_DBG_EEPROM,
479 			    "rwn: rt2860_read_eeprom(): "
480 			    "EEPROM PCIe PS Level=%d\n",
481 			    sc->pslevel);
482 		}
483 	}
484 	/* read power settings for 2GHz channels */
485 	for (i = 0; i < 14; i += 2) {
486 		val = rt2860_eeprom_read(sc,
487 		    RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2);
488 		sc->txpow1[i + 0] = (int8_t)(val & 0xff);
489 		sc->txpow1[i + 1] = (int8_t)(val >> 8);
490 
491 		val = rt2860_eeprom_read(sc,
492 		    RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2);
493 		sc->txpow2[i + 0] = (int8_t)(val & 0xff);
494 		sc->txpow2[i + 1] = (int8_t)(val >> 8);
495 	}
496 	/* fix broken Tx power entries */
497 	for (i = 0; i < 14; i++) {
498 		if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
499 			sc->txpow1[i] = 5;
500 		if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
501 			sc->txpow2[i] = 5;
502 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
503 		    "chan %d: power1=%d, power2=%d\n",
504 		    rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
505 	}
506 	/* read power settings for 5GHz channels */
507 	for (i = 0; i < 36; i += 2) {
508 		val = rt2860_eeprom_read(sc,
509 		    RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2);
510 		sc->txpow1[i + 14] = (int8_t)(val & 0xff);
511 		sc->txpow1[i + 15] = (int8_t)(val >> 8);
512 
513 		val = rt2860_eeprom_read(sc,
514 		    RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2);
515 		sc->txpow2[i + 14] = (int8_t)(val & 0xff);
516 		sc->txpow2[i + 15] = (int8_t)(val >> 8);
517 	}
518 	/* fix broken Tx power entries */
519 	for (i = 0; i < 36; i++) {
520 		if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
521 			sc->txpow1[14 + i] = 5;
522 		if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
523 			sc->txpow2[14 + i] = 5;
524 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
525 		    "chan %d: power1=%d, power2=%d\n",
526 		    rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
527 		    sc->txpow2[14 + i]);
528 	}
529 
530 	/* read Tx power compensation for each Tx rate */
531 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_DELTAPWR);
532 	delta_2ghz = delta_5ghz = 0;
533 	if ((val & 0xff) != 0xff && (val & 0x80)) {
534 		delta_2ghz = val & 0xf;
535 		if (!(val & 0x40))	/* negative number */
536 			delta_2ghz = -delta_2ghz;
537 	}
538 	val >>= 8;
539 	if ((val & 0xff) != 0xff && (val & 0x80)) {
540 		delta_5ghz = val & 0xf;
541 		if (!(val & 0x40))	/* negative number */
542 			delta_5ghz = -delta_5ghz;
543 	}
544 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
545 	    "power compensation=%d (2GHz), %d (5GHz) \n",
546 	    delta_2ghz, delta_5ghz);
547 
548 	for (ridx = 0; ridx < 5; ridx++) {
549 		uint32_t	reg;
550 
551 		val = rt2860_eeprom_read(sc, RT2860_EEPROM_RPWR + ridx);
552 		reg = (uint32_t)val << 16;
553 		val = rt2860_eeprom_read(sc, RT2860_EEPROM_RPWR + ridx + 1);
554 		reg |= val;
555 
556 		sc->txpow20mhz[ridx] = reg;
557 		sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
558 		sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
559 
560 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
561 		    "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
562 		    "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
563 		    sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
564 	}
565 
566 	/* read factory-calibrated samples for temperature compensation */
567 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI1_2GHZ);
568 	sc->tssi_2ghz[0] = val & 0xff;	/* [-4] */
569 	sc->tssi_2ghz[1] = val >> 8;	/* [-3] */
570 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI2_2GHZ);
571 	sc->tssi_2ghz[2] = val & 0xff;	/* [-2] */
572 	sc->tssi_2ghz[3] = val >> 8;	/* [-1] */
573 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI3_2GHZ);
574 	sc->tssi_2ghz[4] = val & 0xff;	/* [+0] */
575 	sc->tssi_2ghz[5] = val >> 8;	/* [+1] */
576 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI4_2GHZ);
577 	sc->tssi_2ghz[6] = val & 0xff;	/* [+2] */
578 	sc->tssi_2ghz[7] = val >> 8;	/* [+3] */
579 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI5_2GHZ);
580 	sc->tssi_2ghz[8] = val & 0xff;	/* [+4] */
581 	sc->step_2ghz = val >> 8;
582 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
583 	    "TSSI 2GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
584 	    "0x%02x 0x%02x step=%d\n", sc->tssi_2ghz[0], sc->tssi_2ghz[1],
585 	    sc->tssi_2ghz[2], sc->tssi_2ghz[3], sc->tssi_2ghz[4],
586 	    sc->tssi_2ghz[5], sc->tssi_2ghz[6], sc->tssi_2ghz[7],
587 	    sc->tssi_2ghz[8], sc->step_2ghz);
588 	/* check that ref value is correct, otherwise disable calibration */
589 	if (sc->tssi_2ghz[4] == 0xff)
590 		sc->calib_2ghz = 0;
591 
592 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI1_5GHZ);
593 	sc->tssi_5ghz[0] = val & 0xff;	/* [-4] */
594 	sc->tssi_5ghz[1] = val >> 8;	/* [-3] */
595 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI2_5GHZ);
596 	sc->tssi_5ghz[2] = val & 0xff;	/* [-2] */
597 	sc->tssi_5ghz[3] = val >> 8;	/* [-1] */
598 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI3_5GHZ);
599 	sc->tssi_5ghz[4] = val & 0xff;	/* [+0] */
600 	sc->tssi_5ghz[5] = val >> 8;	/* [+1] */
601 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI4_5GHZ);
602 	sc->tssi_5ghz[6] = val & 0xff;	/* [+2] */
603 	sc->tssi_5ghz[7] = val >> 8;	/* [+3] */
604 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_TSSI5_5GHZ);
605 	sc->tssi_5ghz[8] = val & 0xff;	/* [+4] */
606 	sc->step_5ghz = val >> 8;
607 	RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
608 	    "TSSI 5GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
609 	    "0x%02x 0x%02x step=%d\n", sc->tssi_5ghz[0], sc->tssi_5ghz[1],
610 	    sc->tssi_5ghz[2], sc->tssi_5ghz[3], sc->tssi_5ghz[4],
611 	    sc->tssi_5ghz[5], sc->tssi_5ghz[6], sc->tssi_5ghz[7],
612 	    sc->tssi_5ghz[8], sc->step_5ghz);
613 	/* check that ref value is correct, otherwise disable calibration */
614 	if (sc->tssi_5ghz[4] == 0xff)
615 		sc->calib_5ghz = 0;
616 
617 	/* read RSSI offsets and LNA gains from EEPROM */
618 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_RSSI1_2GHZ);
619 	sc->rssi_2ghz[0] = val & 0xff;	/* Ant A */
620 	sc->rssi_2ghz[1] = val >> 8;	/* Ant B */
621 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_RSSI2_2GHZ);
622 	sc->rssi_2ghz[2] = val & 0xff;	/* Ant C */
623 	sc->lna[2] = val >> 8;		/* channel group 2 */
624 
625 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_RSSI1_5GHZ);
626 	sc->rssi_5ghz[0] = val & 0xff;	/* Ant A */
627 	sc->rssi_5ghz[1] = val >> 8;	/* Ant B */
628 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_RSSI2_5GHZ);
629 	sc->rssi_5ghz[2] = val & 0xff;	/* Ant C */
630 	sc->lna[3] = val >> 8;		/* channel group 3 */
631 
632 	val = rt2860_eeprom_read(sc, RT2860_EEPROM_LNA);
633 	sc->lna[0] = val & 0xff;	/* channel group 0 */
634 	sc->lna[1] = val >> 8;		/* channel group 1 */
635 
636 	/* fix broken 5GHz LNA entries */
637 	if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
638 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
639 		    "invalid LNA for channel group %d\n", 2);
640 		sc->lna[2] = sc->lna[1];
641 	}
642 	if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
643 		RWN_DEBUG(RT2860_DBG_EEPROM, "rwn: rt2860_read_eeprom(): "
644 		    "invalid LNA for channel group %d\n", 3);
645 		sc->lna[3] = sc->lna[1];
646 	}
647 
648 	/* fix broken RSSI offset entries */
649 	for (ant = 0; ant < 3; ant++) {
650 		if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
651 			RWN_DEBUG(RT2860_DBG_EEPROM,
652 			    "rwn: rt2860_read_eeprom(): "
653 			    "invalid RSSI%d offset: %d (2GHz)\n",
654 			    ant + 1, sc->rssi_2ghz[ant]);
655 			sc->rssi_2ghz[ant] = 0;
656 		}
657 		if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
658 			RWN_DEBUG(RT2860_DBG_EEPROM,
659 			    "rwn: rt2860_read_eeprom(): "
660 			    "invalid RSSI%d offset: %d (2GHz)\n",
661 			    ant + 1, sc->rssi_5ghz[ant]);
662 			sc->rssi_5ghz[ant] = 0;
663 		}
664 	}
665 
666 	return (RT2860_SUCCESS);
667 }
668 
669 /*
670  * Allocate an DMA memory and a DMA handle for accessing it
671  */
672 static int
673 rt2860_alloc_dma_mem(dev_info_t *devinfo, ddi_dma_attr_t *dma_attr,
674 	size_t memsize, ddi_device_acc_attr_t *attr_p, uint_t alloc_flags,
675 	uint_t bind_flags, struct dma_area *dma_p)
676 {
677 	int	err;
678 
679 	/*
680 	 * Allocate handle
681 	 */
682 	err = ddi_dma_alloc_handle(devinfo, dma_attr,
683 	    DDI_DMA_SLEEP, NULL, &dma_p->dma_hdl);
684 	if (err != DDI_SUCCESS) {
685 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rwn_allo_dma_mem(): "
686 		    "failed to alloc handle\n");
687 		goto fail1;
688 	}
689 
690 	/*
691 	 * Allocate memory
692 	 */
693 	err = ddi_dma_mem_alloc(dma_p->dma_hdl, memsize, attr_p,
694 	    alloc_flags, DDI_DMA_SLEEP, NULL, &dma_p->mem_va,
695 	    &dma_p->alength, &dma_p->acc_hdl);
696 	if (err != DDI_SUCCESS) {
697 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rwn_alloc_dma_mem(): "
698 		    "failed to alloc mem\n");
699 		goto fail2;
700 	}
701 
702 	/*
703 	 * Bind the two together
704 	 */
705 	err = ddi_dma_addr_bind_handle(dma_p->dma_hdl, NULL,
706 	    dma_p->mem_va, dma_p->alength, bind_flags,
707 	    DDI_DMA_SLEEP, NULL, &dma_p->cookie, &dma_p->ncookies);
708 	if (err != DDI_DMA_MAPPED) {
709 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rwn_alloc_dma_mem(): "
710 		    "failed to bind handle\n");
711 		goto fail3;
712 	}
713 
714 	if (dma_p->ncookies != 1) {
715 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rwn_alloc_dma_mem(): "
716 		    "failed to alloc cookies\n");
717 		goto fail4;
718 	}
719 
720 	dma_p->nslots = ~0U;
721 	dma_p->size = ~0U;
722 	dma_p->token = ~0U;
723 	dma_p->offset = 0;
724 	return (DDI_SUCCESS);
725 
726 fail4:
727 	(void) ddi_dma_unbind_handle(dma_p->dma_hdl);
728 fail3:
729 	ddi_dma_mem_free(&dma_p->acc_hdl);
730 fail2:
731 	ddi_dma_free_handle(&dma_p->dma_hdl);
732 fail1:
733 	return (err);
734 }
735 
736 static void
737 rt2860_free_dma_mem(struct dma_area *dma_p)
738 {
739 	if (dma_p->dma_hdl != NULL) {
740 		(void) ddi_dma_unbind_handle(dma_p->dma_hdl);
741 		if (dma_p->acc_hdl != NULL) {
742 			ddi_dma_mem_free(&dma_p->acc_hdl);
743 			dma_p->acc_hdl = NULL;
744 		}
745 		ddi_dma_free_handle(&dma_p->dma_hdl);
746 		dma_p->ncookies = 0;
747 		dma_p->dma_hdl = NULL;
748 	}
749 }
750 
751 /*ARGSUSED*/
752 static int
753 rt2860_alloc_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
754 {
755 	int	size, err;
756 
757 	size = RT2860_TX_RING_COUNT * sizeof (struct rt2860_txd);
758 
759 	err = rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr, size,
760 	    &rt2860_desc_accattr, DDI_DMA_CONSISTENT,
761 	    DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
762 	    &ring->txdesc_dma);
763 	if (err != DDI_SUCCESS) {
764 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_alloc_tx_ring(): "
765 		    "failed to alloc dma mem\n");
766 		goto fail1;
767 	}
768 
769 	ring->txd = (struct rt2860_txd *)ring->txdesc_dma.mem_va;
770 	ring->paddr = ring->txdesc_dma.cookie.dmac_address;
771 
772 	ring->cur = 0;
773 	ring->next = 0;
774 	ring->queued = 0;
775 
776 	(void) bzero(ring->txd, size);
777 	RT2860_DMA_SYNC(ring->txdesc_dma, DDI_DMA_SYNC_FORDEV);
778 	return (DDI_SUCCESS);
779 fail1:
780 	return (err);
781 }
782 
783 void
784 rt2860_reset_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
785 {
786 	struct rt2860_tx_data *data;
787 	int i;
788 
789 	for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
790 		ring->txd[i].sdl0 &= ~LE_16(RT2860_TX_DDONE);
791 
792 		if ((data = ring->data[i]) == NULL)
793 			continue;	/* nothing mapped in this slot */
794 
795 		/* by pass if it's quiesced */
796 		if (!(sc->sc_flags & RT2860_F_QUIESCE))
797 			RT2860_DMA_SYNC(data->txbuf_dma, DDI_DMA_SYNC_FORDEV);
798 
799 		if (data->ni != NULL) {
800 			ieee80211_free_node(data->ni);
801 			data->ni = NULL;	/* node already freed */
802 		}
803 
804 		SLIST_INSERT_HEAD(&sc->data_pool, data, next);
805 		ring->data[i] = NULL;
806 	}
807 
808 	/* by pass if it's quiesced */
809 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
810 		RT2860_DMA_SYNC(ring->txdesc_dma, DDI_DMA_SYNC_FORDEV);
811 
812 	ring->queued = 0;
813 	ring->cur = ring->next = 0;
814 }
815 
816 /*ARGSUSED*/
817 static void
818 rt2860_free_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
819 {
820 	if (ring->txd != NULL) {
821 		rt2860_free_dma_mem(&ring->txdesc_dma);
822 	}
823 }
824 
825 static int
826 rt2860_alloc_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
827 {
828 	struct rt2860_rx_data	*data;
829 	struct rt2860_rxd	*rxd;
830 	int			i, err, size, datalen;
831 
832 	size = RT2860_RX_RING_COUNT * sizeof (struct rt2860_rxd);
833 
834 	err = rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr, size,
835 	    &rt2860_desc_accattr, DDI_DMA_CONSISTENT,
836 	    DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
837 	    &ring->rxdesc_dma);
838 	if (err != DDI_SUCCESS) {
839 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_alloc_rx_ring(): "
840 		    "failed to alloc dma mem\n");
841 		goto fail1;
842 	}
843 
844 	ring->rxd = (struct rt2860_rxd *)ring->rxdesc_dma.mem_va;
845 	ring->paddr = ring->rxdesc_dma.cookie.dmac_address;
846 	bzero(ring->rxd, size);
847 
848 	/*
849 	 * Pre-allocate Rx buffers and populate Rx ring.
850 	 */
851 	datalen = RT2860_RX_RING_COUNT * sizeof (struct rt2860_rx_data);
852 	bzero(ring->data, datalen);
853 	for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
854 		rxd = &ring->rxd[i];
855 		data = &ring->data[i];
856 		/* alloc DMA memory */
857 		(void) rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr,
858 		    sc->sc_dmabuf_size,
859 		    &rt2860_buf_accattr,
860 		    DDI_DMA_STREAMING,
861 		    DDI_DMA_READ | DDI_DMA_STREAMING,
862 		    &data->rxbuf_dma);
863 		rxd->sdp0 = LE_32(data->rxbuf_dma.cookie.dmac_address);
864 		rxd->sdl0 = LE_16(sc->sc_dmabuf_size);
865 	}
866 
867 	ring->cur = 0;
868 
869 	RT2860_DMA_SYNC(ring->rxdesc_dma, DDI_DMA_SYNC_FORDEV);
870 	return (DDI_SUCCESS);
871 fail2:
872 	rt2860_free_dma_mem(&ring->rxdesc_dma);
873 fail1:
874 	return (err);
875 }
876 
877 /*ARGSUSED*/
878 void
879 rt2860_reset_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
880 {
881 	int i;
882 
883 	for (i = 0; i < RT2860_RX_RING_COUNT; i++)
884 		ring->rxd[i].sdl0 &= ~LE_16(RT2860_RX_DDONE);
885 
886 	RT2860_DMA_SYNC(ring->rxdesc_dma, DDI_DMA_SYNC_FORDEV);
887 
888 	ring->cur = 0;
889 }
890 
891 /*ARGSUSED*/
892 static void
893 rt2860_free_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
894 {
895 	struct rt2860_rx_data	*data;
896 	int			i, count;
897 
898 	if (ring->rxd != NULL)
899 		rt2860_free_dma_mem(&ring->rxdesc_dma);
900 
901 	count = RT2860_RX_RING_COUNT;
902 	if (ring->data != NULL) {
903 		for (i = 0; i < count; i++) {
904 			data = &ring->data[i];
905 			rt2860_free_dma_mem(&data->rxbuf_dma);
906 		}
907 	}
908 }
909 
910 static int
911 rt2860_alloc_tx_pool(struct rt2860_softc *sc)
912 {
913 	struct rt2860_tx_data	*data;
914 	int			i, err, size;
915 
916 	size = RT2860_TX_POOL_COUNT * sizeof (struct rt2860_txwi);
917 
918 	/* init data_pool early in case of failure.. */
919 	SLIST_INIT(&sc->data_pool);
920 
921 	err = rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr, size,
922 	    &rt2860_desc_accattr, DDI_DMA_CONSISTENT,
923 	    DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
924 	    &sc->txpool_dma);
925 	if (err != DDI_SUCCESS) {
926 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_alloc_tx_pool(): "
927 		    "failed to alloc dma mem\n");
928 		goto fail1;
929 	}
930 
931 	sc->txwi = (struct rt2860_txwi *)sc->txpool_dma.mem_va;
932 	(void) bzero(sc->txwi, size);
933 	RT2860_DMA_SYNC(sc->txpool_dma, DDI_DMA_SYNC_FORDEV);
934 
935 	for (i = 0; i < RT2860_TX_POOL_COUNT; i++) {
936 		data = &sc->data[i];
937 
938 		err = rt2860_alloc_dma_mem(sc->sc_dev, &rt2860_dma_attr,
939 		    sc->sc_dmabuf_size,
940 		    &rt2860_buf_accattr, DDI_DMA_CONSISTENT,
941 		    DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
942 		    &data->txbuf_dma);
943 		if (err != DDI_SUCCESS) {
944 			RWN_DEBUG(RT2860_DBG_DMA,
945 			    "rwn: rt2860_alloc_tx_pool(): "
946 			    "failed to alloc dma mem\n");
947 			goto fail2;
948 		}
949 		data->txwi = &sc->txwi[i];
950 		data->paddr = sc->txpool_dma.cookie.dmac_address +
951 		    i * sizeof (struct rt2860_txwi);
952 
953 		SLIST_INSERT_HEAD(&sc->data_pool, data, next);
954 	}
955 	return (DDI_SUCCESS);
956 fail2:
957 	rt2860_free_dma_mem(&sc->txpool_dma);
958 fail1:
959 	return (err);
960 }
961 
962 static void
963 rt2860_free_tx_pool(struct rt2860_softc *sc)
964 {
965 	struct rt2860_tx_data	*data;
966 	int	i;
967 
968 	if (sc->txwi != NULL) {
969 		rt2860_free_dma_mem(&sc->txpool_dma);
970 	}
971 
972 	for (i = 0; i < RT2860_TX_POOL_COUNT; i++) {
973 		data = &sc->data[i];
974 		rt2860_free_dma_mem(&data->txbuf_dma);
975 	}
976 }
977 
978 /* quickly determine if a given rate is CCK or OFDM */
979 #define	RT2860_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22)
980 
981 #define	RT2860_ACK_SIZE		14	/* 10 + 4(FCS) */
982 #define	RT2860_SIFS_TIME	10
983 
984 static uint8_t
985 rt2860_rate2mcs(uint8_t rate)
986 {
987 	switch (rate) {
988 	/* CCK rates */
989 	case 2:
990 		return (0);
991 	case 4:
992 		return (1);
993 	case 11:
994 		return (2);
995 	case 22:
996 		return (3);
997 	/* OFDM rates */
998 	case 12:
999 		return (0);
1000 	case 18:
1001 		return (1);
1002 	case 24:
1003 		return (2);
1004 	case 36:
1005 		return (3);
1006 	case 48:
1007 		return (4);
1008 	case 72:
1009 		return (5);
1010 	case 96:
1011 		return (6);
1012 	case 108:
1013 		return (7);
1014 	}
1015 
1016 	return (0);	/* shouldn't get there */
1017 }
1018 
1019 /*
1020  * Return the expected ack rate for a frame transmitted at rate `rate'.
1021  */
1022 static int
1023 rt2860_ack_rate(struct ieee80211com *ic, int rate)
1024 {
1025 	switch (rate) {
1026 	/* CCK rates */
1027 	case 2:
1028 		return (2);
1029 	case 4:
1030 	case 11:
1031 	case 22:
1032 		return ((ic->ic_curmode == IEEE80211_MODE_11B) ? 4 : rate);
1033 
1034 	/* OFDM rates */
1035 	case 12:
1036 	case 18:
1037 		return (12);
1038 	case 24:
1039 	case 36:
1040 		return (24);
1041 	case 48:
1042 	case 72:
1043 	case 96:
1044 	case 108:
1045 		return (48);
1046 	}
1047 
1048 	/* default to 1Mbps */
1049 	return (2);
1050 }
1051 
1052 
1053 /*
1054  * Compute the duration (in us) needed to transmit `len' bytes at rate `rate'.
1055  * The function automatically determines the operating mode depending on the
1056  * given rate. `flags' indicates whether short preamble is in use or not.
1057  */
1058 static uint16_t
1059 rt2860_txtime(int len, int rate, uint32_t flags)
1060 {
1061 	uint16_t	txtime;
1062 
1063 	if (RT2860_RATE_IS_OFDM(rate)) {
1064 		/* IEEE Std 802.11g-2003, pp. 44 */
1065 		txtime = (8 + 4 * len + 3 + rate - 1) / rate;
1066 		txtime = 16 + 4 + 4 * txtime + 6;
1067 	} else {
1068 		/* IEEE Std 802.11b-1999, pp. 28 */
1069 		txtime = (16 * len + rate - 1) / rate;
1070 		if (rate != 2 && (flags & IEEE80211_F_SHPREAMBLE))
1071 			txtime +=  72 + 24;
1072 		else
1073 			txtime += 144 + 48;
1074 	}
1075 	return (txtime);
1076 }
1077 
1078 static int
1079 rt2860_send(ieee80211com_t *ic, mblk_t *mp, uint8_t type)
1080 {
1081 	struct rt2860_softc	*sc = (struct rt2860_softc *)ic;
1082 	struct rt2860_tx_ring	*ring;
1083 	struct rt2860_tx_data	*data;
1084 	struct rt2860_txd	*txd;
1085 	struct rt2860_txwi	*txwi;
1086 	struct ieee80211_frame	*wh;
1087 	struct ieee80211_node	*ni;
1088 	int			qid, off, rate, err;
1089 	int			mblen, pktlen;
1090 	uint_t			hdrlen;
1091 	uint8_t			mcs, pid, qsel;
1092 	uint16_t		dur;
1093 	mblk_t			*m, *m0;
1094 
1095 	err = DDI_SUCCESS;
1096 
1097 	mutex_enter(&sc->sc_txlock);
1098 	if (RT2860_IS_SUSPEND(sc)) {
1099 		err = ENXIO;
1100 		goto fail1;
1101 	}
1102 
1103 	if ((type & IEEE80211_FC0_TYPE_MASK) !=
1104 	    IEEE80211_FC0_TYPE_DATA)
1105 		qid = sc->mgtqid;
1106 	else
1107 		qid = EDCA_AC_BE;
1108 	ring = &sc->txq[qid];
1109 
1110 	if (SLIST_EMPTY(&sc->data_pool) || (ring->queued > 15)) {
1111 		sc->sc_need_sched = 1;
1112 		sc->sc_tx_nobuf++;
1113 		err = ENOMEM;
1114 		goto fail1;
1115 	}
1116 
1117 	/* the data pool contains at least one element, pick the first */
1118 	data = SLIST_FIRST(&sc->data_pool);
1119 
1120 	m = allocb(msgdsize(mp) + 32, BPRI_MED);
1121 	if (m == NULL) {
1122 		RWN_DEBUG(RT2860_DBG_TX, "rwn: rt2860_send():"
1123 		    "rt2860_mgmt_send: can't alloc mblk.\n");
1124 		err = DDI_FAILURE;
1125 		goto fail1;
1126 	}
1127 
1128 	for (off = 0, m0 = mp; m0 != NULL; m0 = m0->b_cont) {
1129 		mblen = MBLKL(m0);
1130 		(void) bcopy(m0->b_rptr, m->b_rptr + off, mblen);
1131 		off += mblen;
1132 	}
1133 	m->b_wptr += off;
1134 
1135 	wh = (struct ieee80211_frame *)m->b_rptr;
1136 	ni = ieee80211_find_txnode(ic, wh->i_addr1);
1137 	if (ni == NULL) {
1138 		err = DDI_FAILURE;
1139 		sc->sc_tx_err++;
1140 		goto fail2;
1141 	}
1142 
1143 	if ((type & IEEE80211_FC0_TYPE_MASK) ==
1144 	    IEEE80211_FC0_TYPE_DATA)
1145 		(void) ieee80211_encap(ic, m, ni);
1146 
1147 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1148 		struct ieee80211_key *k;
1149 		k = ieee80211_crypto_encap(ic, m);
1150 		if (k == NULL) {
1151 			sc->sc_tx_err++;
1152 			err = DDI_FAILURE;
1153 			goto fail3;
1154 		}
1155 		/* packet header may have moved, reset our local pointer */
1156 		wh = (struct ieee80211_frame *)m->b_rptr;
1157 	}
1158 	pktlen = msgdsize(m);
1159 	hdrlen = sizeof (*wh);
1160 
1161 	/* pickup a rate */
1162 	if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
1163 	    ((type & IEEE80211_FC0_TYPE_MASK) !=
1164 	    IEEE80211_FC0_TYPE_DATA))
1165 		rate = ni->in_rates.ir_rates[0];
1166 	else {
1167 		if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE)
1168 			rate = ic->ic_fixed_rate;
1169 		else
1170 			rate = ni->in_rates.ir_rates[ni->in_txrate];
1171 	}
1172 	rate &= IEEE80211_RATE_VAL;
1173 
1174 	/* get MCS code from rate */
1175 	mcs = rt2860_rate2mcs(rate);
1176 
1177 	/* setup TX Wireless Information */
1178 	txwi = data->txwi;
1179 	(void) bzero(txwi, sizeof (struct rt2860_txwi));
1180 	txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ?
1181 	    RT2860_AID2WCID(ni->in_associd) : 0xff;
1182 	txwi->len = LE_16(pktlen);
1183 	if (!RT2860_RATE_IS_OFDM(rate)) {
1184 		txwi->phy = LE_16(RT2860_PHY_CCK);
1185 		if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
1186 			mcs |= RT2860_PHY_SHPRE;
1187 	} else
1188 		txwi->phy = LE_16(RT2860_PHY_OFDM);
1189 	txwi->phy |= LE_16(mcs);
1190 
1191 	/*
1192 	 * We store the MCS code into the driver-private PacketID field.
1193 	 * The PacketID is latched into TX_STAT_FIFO when Tx completes so
1194 	 * that we know at which initial rate the frame was transmitted.
1195 	 * We add 1 to the MCS code because setting the PacketID field to
1196 	 * 0 means that we don't want feedback in TX_STAT_FIFO.
1197 	 */
1198 	pid = (mcs + 1) & 0xf;
1199 	txwi->len |= LE_16(pid << RT2860_TX_PID_SHIFT);
1200 
1201 	/* check if RTS/CTS or CTS-to-self protection is required */
1202 	if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1203 	    (pktlen + IEEE80211_CRC_LEN > ic->ic_rtsthreshold ||
1204 	    ((ic->ic_flags &
1205 	    IEEE80211_F_USEPROT) && RT2860_RATE_IS_OFDM(rate))))
1206 		txwi->txop = RT2860_TX_TXOP_HT;
1207 	else
1208 		txwi->txop = RT2860_TX_TXOP_BACKOFF;
1209 
1210 	if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1211 		txwi->xflags |= RT2860_TX_ACK;
1212 
1213 		dur = rt2860_txtime(RT2860_ACK_SIZE, rt2860_ack_rate(ic, rate),
1214 		    ic->ic_flags) + sc->sifs;
1215 		*(uint16_t *)wh->i_dur = LE_16(dur);
1216 	}
1217 
1218 	/* copy and trim 802.11 header */
1219 	bcopy(wh, &txwi->wh, hdrlen);
1220 	m->b_rptr += hdrlen;
1221 	bcopy(m->b_rptr, data->txbuf_dma.mem_va, pktlen - hdrlen);
1222 
1223 	qsel = (qid < EDCA_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
1224 
1225 	/* first segment is TXWI + 802.11 header */
1226 	txd = &ring->txd[ring->cur];
1227 	txd->sdp0 = LE_32(data->paddr);
1228 	txd->sdl0 = LE_16(16 + hdrlen);
1229 	txd->flags = qsel;
1230 
1231 	/* finalize last segment */
1232 	txd->sdp1 = LE_32(data->txbuf_dma.cookie.dmac_address);
1233 	txd->sdl1 = LE_16(pktlen - hdrlen | RT2860_TX_LS1);
1234 
1235 	/* remove from the free pool and link it into the SW Tx slot */
1236 	SLIST_REMOVE_HEAD(&sc->data_pool, next);
1237 	data->ni = ieee80211_ref_node(ni);
1238 	ring->data[ring->cur] = data;
1239 
1240 	(void) ddi_dma_sync(sc->txpool_dma.dma_hdl,
1241 	    _PTRDIFF(txwi, sc->txwi),
1242 	    (hdrlen + 16 + 2),
1243 	    DDI_DMA_SYNC_FORDEV);
1244 	RT2860_DMA_SYNC(data->txbuf_dma, DDI_DMA_SYNC_FORDEV);
1245 	RT2860_DMA_SYNC(ring->txdesc_dma, DDI_DMA_SYNC_FORDEV);
1246 
1247 	RWN_DEBUG(RT2860_DBG_TX, "rwn: rt2860_send():"
1248 	    "sending frame qid=%d wcid=%d rate=%d cur = %x\n",
1249 	    qid, txwi->wcid, rate, ring->cur);
1250 
1251 	ring->queued++;
1252 	ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1253 
1254 	/* kick Tx */
1255 	RT2860_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
1256 
1257 	sc->sc_tx_timer = 5;
1258 
1259 	ic->ic_stats.is_tx_frags++;
1260 	ic->ic_stats.is_tx_bytes += pktlen;
1261 
1262 fail3:
1263 	ieee80211_free_node(ni);
1264 fail2:
1265 	freemsg(m);
1266 fail1:
1267 	if ((type & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_DATA ||
1268 	    err == DDI_SUCCESS)
1269 		freemsg(mp);
1270 	mutex_exit(&sc->sc_txlock);
1271 	return (err);
1272 }
1273 
1274 /*
1275  * This function is called periodically (every 200ms) during scanning to
1276  * switch from one channel to another.
1277  */
1278 static void
1279 rt2860_next_scan(void *arg)
1280 {
1281 	struct rt2860_softc *sc = (struct rt2860_softc *)arg;
1282 	struct ieee80211com *ic = &sc->sc_ic;
1283 
1284 	if (ic->ic_state == IEEE80211_S_SCAN)
1285 		(void) ieee80211_next_scan(ic);
1286 }
1287 
1288 static void
1289 rt2860_updateslot(struct rt2860_softc *sc)
1290 {
1291 	struct ieee80211com *ic = &sc->sc_ic;
1292 	uint32_t tmp;
1293 
1294 	tmp = RT2860_READ(sc, RT2860_BKOFF_SLOT_CFG);
1295 	tmp &= ~0xff;
1296 	tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
1297 	RT2860_WRITE(sc, RT2860_BKOFF_SLOT_CFG, tmp);
1298 }
1299 
1300 static void
1301 rt2860_iter_func(void *arg, struct ieee80211_node *ni)
1302 {
1303 	struct rt2860_softc *sc = (struct rt2860_softc *)arg;
1304 	uint8_t wcid;
1305 
1306 	wcid = RT2860_AID2WCID(ni->in_associd);
1307 	rt2860_amrr_choose(&sc->amrr, ni, &sc->amn[wcid]);
1308 }
1309 
1310 static void
1311 rt2860_updatestats(void *arg)
1312 {
1313 	struct rt2860_softc *sc = (struct rt2860_softc *)arg;
1314 	struct ieee80211com *ic = &sc->sc_ic;
1315 
1316 	if (ic->ic_opmode == IEEE80211_M_STA)
1317 		rt2860_iter_func(sc, ic->ic_bss);
1318 	else
1319 		ieee80211_iterate_nodes(&ic->ic_sta, rt2860_iter_func, arg);
1320 
1321 	sc->sc_rssadapt_id = timeout(rt2860_updatestats, (void *)sc,
1322 	    drv_usectohz(500 * 1000));
1323 }
1324 
1325 static void
1326 rt2860_enable_mrr(struct rt2860_softc *sc)
1327 {
1328 #define	CCK(mcs)	(mcs)
1329 #define	OFDM(mcs)	((uint32_t)1 << 3 | (mcs))
1330 	RT2860_WRITE(sc, RT2860_LG_FBK_CFG0,
1331 	    OFDM(6) << 28 |	/* 54->48 */
1332 	    OFDM(5) << 24 |	/* 48->36 */
1333 	    OFDM(4) << 20 |	/* 36->24 */
1334 	    OFDM(3) << 16 |	/* 24->18 */
1335 	    OFDM(2) << 12 |	/* 18->12 */
1336 	    OFDM(1) <<  8 |	/* 12-> 9 */
1337 	    OFDM(0) <<  4 |	/*  9-> 6 */
1338 	    OFDM(0));		/*  6-> 6 */
1339 
1340 	RT2860_WRITE(sc, RT2860_LG_FBK_CFG1,
1341 	    CCK(2) << 12 |	/* 11->5.5 */
1342 	    CCK(1) <<  8 |	/* 5.5-> 2 */
1343 	    CCK(0) <<  4 |	/*   2-> 1 */
1344 	    CCK(0));		/*   1-> 1 */
1345 #undef OFDM
1346 #undef CCK
1347 }
1348 
1349 static void
1350 rt2860_set_txpreamble(struct rt2860_softc *sc)
1351 {
1352 	uint32_t tmp;
1353 
1354 	tmp = RT2860_READ(sc, RT2860_AUTO_RSP_CFG);
1355 	tmp &= ~RT2860_CCK_SHORT_EN;
1356 	if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
1357 		tmp |= RT2860_CCK_SHORT_EN;
1358 	RT2860_WRITE(sc, RT2860_AUTO_RSP_CFG, tmp);
1359 }
1360 
1361 static void
1362 rt2860_set_bssid(struct rt2860_softc *sc, const uint8_t *bssid)
1363 {
1364 	RT2860_WRITE(sc, RT2860_MAC_BSSID_DW0,
1365 	    bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
1366 	RT2860_WRITE(sc, RT2860_MAC_BSSID_DW1,
1367 	    bssid[4] | bssid[5] << 8);
1368 }
1369 
1370 static void
1371 rt2860_set_basicrates(struct rt2860_softc *sc)
1372 {
1373 	struct ieee80211com *ic = &sc->sc_ic;
1374 
1375 	/* set basic rates mask */
1376 	if (ic->ic_curmode == IEEE80211_MODE_11B)
1377 		RT2860_WRITE(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
1378 	else if (ic->ic_curmode == IEEE80211_MODE_11A)
1379 		RT2860_WRITE(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
1380 	else	/* 11g */
1381 		RT2860_WRITE(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
1382 }
1383 
1384 static void
1385 rt2860_amrr_node_init(const struct rt2860_amrr *amrr,
1386     struct rt2860_amrr_node *amn)
1387 {
1388 	amn->amn_success = 0;
1389 	amn->amn_recovery = 0;
1390 	amn->amn_txcnt = amn->amn_retrycnt = 0;
1391 	amn->amn_success_threshold = amrr->amrr_min_success_threshold;
1392 }
1393 
1394 static void
1395 rt2860_amrr_choose(struct rt2860_amrr *amrr, struct ieee80211_node *ni,
1396     struct rt2860_amrr_node *amn)
1397 {
1398 #define	RV(rate)	((rate) & IEEE80211_RATE_VAL)
1399 #define	is_success(amn)	\
1400 	((amn)->amn_retrycnt < (amn)->amn_txcnt / 10)
1401 #define	is_failure(amn)	\
1402 	((amn)->amn_retrycnt > (amn)->amn_txcnt / 3)
1403 #define	is_enough(amn)		\
1404 	((amn)->amn_txcnt > 10)
1405 #define	is_min_rate(ni)		\
1406 	((ni)->in_txrate == 0)
1407 #define	is_max_rate(ni)		\
1408 	((ni)->in_txrate == (ni)->in_rates.ir_nrates - 1)
1409 #define	increase_rate(ni)	\
1410 	((ni)->in_txrate++)
1411 #define	decrease_rate(ni)	\
1412 	((ni)->in_txrate--)
1413 #define	reset_cnt(amn)		\
1414 	{ (amn)->amn_txcnt = (amn)->amn_retrycnt = 0; }
1415 
1416 	int need_change = 0;
1417 
1418 	if (is_success(amn) && is_enough(amn)) {
1419 		amn->amn_success++;
1420 		if (amn->amn_success >= amn->amn_success_threshold &&
1421 		    !is_max_rate(ni)) {
1422 			amn->amn_recovery = 1;
1423 			amn->amn_success = 0;
1424 			increase_rate(ni);
1425 			RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_amrr_choose(): "
1426 			    "increase rate = %d, #tx = %d, #retries = %d\n",
1427 			    RV(ni->in_rates.ir_rates[ni->in_txrate]),
1428 			    amn->amn_txcnt, amn->amn_retrycnt);
1429 			need_change = 1;
1430 		} else {
1431 			amn->amn_recovery = 0;
1432 		}
1433 	} else if (is_failure(amn)) {
1434 		amn->amn_success = 0;
1435 		if (!is_min_rate(ni)) {
1436 			if (amn->amn_recovery) {
1437 				amn->amn_success_threshold *= 2;
1438 				if (amn->amn_success_threshold >
1439 				    amrr->amrr_max_success_threshold)
1440 					amn->amn_success_threshold =
1441 					    amrr->amrr_max_success_threshold;
1442 			} else {
1443 				amn->amn_success_threshold =
1444 				    amrr->amrr_min_success_threshold;
1445 			}
1446 			decrease_rate(ni);
1447 			RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_amrr_choose(): "
1448 			    "decrease rate = %d, #tx = %d, #retries = %d\n",
1449 			    RV(ni->in_rates.ir_rates[ni->in_txrate]),
1450 			    amn->amn_txcnt, amn->amn_retrycnt);
1451 			need_change = 1;
1452 		}
1453 		amn->amn_recovery = 0;
1454 	}
1455 
1456 	if (is_enough(amn) || need_change)
1457 		reset_cnt(amn);
1458 #undef RV
1459 }
1460 
1461 static void
1462 rt2860_newassoc(struct ieee80211com *ic, struct ieee80211_node *in, int isnew)
1463 {
1464 	struct rt2860_softc *sc = (struct rt2860_softc *)ic;
1465 	uint32_t off;
1466 	uint8_t *fptr, wcid = 0;
1467 	int i;
1468 
1469 	if (isnew && in->in_associd != 0) {
1470 		/* only interested in true associations */
1471 		wcid = RT2860_AID2WCID(in->in_associd);
1472 
1473 		/* init WCID table entry */
1474 		off = RT2860_WCID_ENTRY(wcid);
1475 		fptr = in->in_macaddr;
1476 		for (i = 0; i < IEEE80211_ADDR_LEN; i++)
1477 			rt2860_mem_write1(sc, off++, *fptr++);
1478 	}
1479 	rt2860_amrr_node_init(&sc->amrr, &sc->amn[wcid]);
1480 
1481 	/* set rate to some reasonable initial value */
1482 	i = in->in_rates.ir_nrates - 1;
1483 	for (; i > 0 && (in->in_rates.ir_rates[i] & IEEE80211_RATE_VAL) > 72; )
1484 		i--;
1485 	in->in_txrate = i;
1486 
1487 	RWN_DEBUG(RT2860_DBG_80211, "rwn: rt2860_newassoc(): "
1488 	    "new assoc isnew=%d WCID=%d, initial rate=%d\n",
1489 	    isnew, wcid,
1490 	    in->in_rates.ir_rates[i] & IEEE80211_RATE_VAL);
1491 	RWN_DEBUG(RT2860_DBG_80211, "rwn: rt2860_newassoc(): "
1492 	    "addr=%x:%x:%x:%x:%x:%x\n",
1493 	    in->in_macaddr[0], in->in_macaddr[1], in->in_macaddr[2],
1494 	    in->in_macaddr[3], in->in_macaddr[4], in->in_macaddr[5]);
1495 }
1496 
1497 void
1498 rt2860_enable_tsf_sync(struct rt2860_softc *sc)
1499 {
1500 	struct ieee80211com *ic = &sc->sc_ic;
1501 	uint32_t tmp;
1502 
1503 	tmp = RT2860_READ(sc, RT2860_BCN_TIME_CFG);
1504 
1505 	tmp &= ~0x1fffff;
1506 	tmp |= ic->ic_bss->in_intval * 16;
1507 	tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
1508 	if (ic->ic_opmode == IEEE80211_M_STA) {
1509 		/*
1510 		 * Local TSF is always updated with remote TSF on beacon
1511 		 * reception.
1512 		 */
1513 		tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
1514 	}
1515 
1516 	RT2860_WRITE(sc, RT2860_BCN_TIME_CFG, tmp);
1517 }
1518 
1519 static int
1520 rt2860_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1521 {
1522 	struct rt2860_softc	*sc = (struct rt2860_softc *)ic;
1523 	enum ieee80211_state	ostate;
1524 	int			err;
1525 	uint32_t		tmp;
1526 
1527 	ostate = ic->ic_state;
1528 	RWN_DEBUG(RT2860_DBG_80211, "rwn: rt2860_newstate(): "
1529 	    "%x -> %x!\n", ostate, nstate);
1530 
1531 	RT2860_GLOCK(sc);
1532 	if (sc->sc_scan_id != 0) {
1533 		(void) untimeout(sc->sc_scan_id);
1534 		sc->sc_scan_id = 0;
1535 	}
1536 	if (sc->sc_rssadapt_id != 0) {
1537 		(void) untimeout(sc->sc_rssadapt_id);
1538 		sc->sc_rssadapt_id = 0;
1539 	}
1540 	if (ostate == IEEE80211_S_RUN) {
1541 		/* turn link LED off */
1542 		rt2860_set_leds(sc, RT2860_LED_RADIO);
1543 	}
1544 
1545 	switch (nstate) {
1546 	case IEEE80211_S_INIT:
1547 		if (ostate == IEEE80211_S_RUN) {
1548 			/* abort TSF synchronization */
1549 			tmp = RT2860_READ(sc, RT2860_BCN_TIME_CFG);
1550 			RT2860_WRITE(sc, RT2860_BCN_TIME_CFG,
1551 			    tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
1552 			    RT2860_TBTT_TIMER_EN));
1553 		}
1554 		break;
1555 
1556 	case IEEE80211_S_SCAN:
1557 		rt2860_set_chan(sc, ic->ic_curchan);
1558 		sc->sc_scan_id = timeout(rt2860_next_scan, (void *)sc,
1559 		    drv_usectohz(200000));
1560 		break;
1561 
1562 	case IEEE80211_S_AUTH:
1563 	case IEEE80211_S_ASSOC:
1564 		rt2860_set_chan(sc, ic->ic_curchan);
1565 		break;
1566 
1567 	case IEEE80211_S_RUN:
1568 		rt2860_set_chan(sc, ic->ic_curchan);
1569 
1570 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1571 			rt2860_updateslot(sc);
1572 			rt2860_enable_mrr(sc);
1573 			rt2860_set_txpreamble(sc);
1574 			rt2860_set_basicrates(sc);
1575 			rt2860_set_bssid(sc, ic->ic_bss->in_bssid);
1576 		}
1577 		if (ic->ic_opmode == IEEE80211_M_STA) {
1578 			/* fake a join to init the tx rate */
1579 			rt2860_newassoc(ic, ic->ic_bss, 1);
1580 		}
1581 
1582 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1583 			rt2860_enable_tsf_sync(sc);
1584 			sc->sc_rssadapt_id = timeout(rt2860_updatestats,
1585 			    (void *)sc, drv_usectohz(500 * 1000));
1586 		}
1587 
1588 		/* turn link LED on */
1589 		rt2860_set_leds(sc, RT2860_LED_RADIO |
1590 		    (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
1591 		    RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
1592 		break;
1593 	}
1594 
1595 	RT2860_GUNLOCK(sc);
1596 
1597 	err = sc->sc_newstate(ic, nstate, arg);
1598 
1599 	return (err);
1600 }
1601 
1602 /*
1603  * Return the Rx chain with the highest RSSI for a given frame.
1604  */
1605 static uint8_t
1606 rt2860_maxrssi_chain(struct rt2860_softc *sc, const struct rt2860_rxwi *rxwi)
1607 {
1608 	uint8_t rxchain = 0;
1609 
1610 	if (sc->nrxchains > 1)
1611 		if (rxwi->rssi[1] > rxwi->rssi[rxchain])
1612 			rxchain = 1;
1613 	if (sc->nrxchains > 2)
1614 		if (rxwi->rssi[2] > rxwi->rssi[rxchain])
1615 			rxchain = 2;
1616 
1617 	return (rxchain);
1618 }
1619 
1620 static void
1621 rt2860_drain_stats_fifo(struct rt2860_softc *sc)
1622 {
1623 	struct rt2860_amrr_node *amn;
1624 	uint32_t stat;
1625 	uint8_t wcid, mcs, pid;
1626 
1627 	/* drain Tx status FIFO (maxsize = 16) */
1628 	while ((stat = RT2860_READ(sc, RT2860_TX_STAT_FIFO)) & RT2860_TXQ_VLD) {
1629 		RWN_DEBUG(RT2860_DBG_TX, "rwn: rt2860_drain_stats_fifo(): "
1630 		    "tx stat 0x%08\n", stat);
1631 
1632 		wcid = (stat >> 8) & 0xff;
1633 
1634 		/* if no ACK was requested, no feedback is available */
1635 		if (!(stat & RT2860_TXQ_ACKREQ) || wcid == 0xff)
1636 			continue;
1637 		/* update per-STA AMRR stats */
1638 		amn = &sc->amn[wcid];
1639 		amn->amn_txcnt++;
1640 		if (stat & RT2860_TXQ_OK) {
1641 			/*
1642 			 * Check if there were retries, ie if the Tx success
1643 			 * rate is different from the requested rate.  Note
1644 			 * that it works only because we do not allow rate
1645 			 * fallback from OFDM to CCK.
1646 			 */
1647 			mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
1648 			pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
1649 			if (mcs + 1 != pid)
1650 				amn->amn_retrycnt++;
1651 		} else
1652 			amn->amn_retrycnt++;
1653 	}
1654 }
1655 
1656 /*ARGSUSED*/
1657 static void
1658 rt2860_tx_intr(struct rt2860_softc *sc, int qid)
1659 {
1660 	struct rt2860_tx_ring	*ring = &sc->txq[qid];
1661 	struct ieee80211com	*ic = &sc->sc_ic;
1662 	uint32_t hw;
1663 
1664 	rt2860_drain_stats_fifo(sc);
1665 
1666 	mutex_enter(&sc->sc_txlock);
1667 	hw = RT2860_READ(sc, RT2860_TX_DTX_IDX(qid));
1668 	RWN_DEBUG(RT2860_DBG_TX, "rwn: rwn_tx_intr():"
1669 	    "hw = %x, ring->next = %x, queued = %d\n",
1670 	    hw, ring->next, ring->queued);
1671 	while (ring->next != hw) {
1672 		struct rt2860_txd *txd = &ring->txd[ring->next];
1673 		struct rt2860_tx_data *data = ring->data[ring->next];
1674 
1675 		if (data != NULL) {
1676 			RT2860_DMA_SYNC(data->txbuf_dma, DDI_DMA_SYNC_FORDEV);
1677 			if (data->ni != NULL) {
1678 				ieee80211_free_node(data->ni);
1679 				data->ni = NULL;
1680 			}
1681 			SLIST_INSERT_HEAD(&sc->data_pool, data, next);
1682 			ring->data[ring->next] = NULL;
1683 		}
1684 
1685 		txd->sdl0 &= ~LE_16(RT2860_TX_DDONE);
1686 
1687 		(void) ddi_dma_sync(ring->txdesc_dma.dma_hdl,
1688 		    ring->next * sizeof (struct rt2860_txd),
1689 		    sizeof (struct rt2860_txd),
1690 		    DDI_DMA_SYNC_FORDEV);
1691 
1692 		ring->queued--;
1693 		ring->next = (ring->next + 1) % RT2860_TX_RING_COUNT;
1694 
1695 		if (sc->sc_need_sched &&
1696 		    (ring->queued < RT2860_TX_RING_COUNT)) {
1697 			sc->sc_need_sched = 0;
1698 			mac_tx_update(ic->ic_mach);
1699 		}
1700 	}
1701 	sc->sc_tx_timer = 0;
1702 	mutex_exit(&sc->sc_txlock);
1703 }
1704 
1705 static void
1706 rt2860_rx_intr(struct rt2860_softc *sc)
1707 {
1708 	struct ieee80211com	*ic = &sc->sc_ic;
1709 	struct ieee80211_node	*ni;
1710 	struct ieee80211_frame	*wh;
1711 	int	pktlen;
1712 	uint8_t ant, rssi, *rxbuf;
1713 	mblk_t	*mp0;
1714 
1715 	mutex_enter(&sc->sc_rxlock);
1716 	for (;;) {
1717 		struct rt2860_rx_data *data = &sc->rxq.data[sc->rxq.cur];
1718 		struct rt2860_rxd *rxd = &sc->rxq.rxd[sc->rxq.cur];
1719 		struct rt2860_rxwi *rxwi;
1720 
1721 		(void) ddi_dma_sync(sc->rxq.rxdesc_dma.dma_hdl,
1722 		    sc->rxq.cur * sizeof (struct rt2860_rxd),
1723 		    sizeof (struct rt2860_rxd),
1724 		    DDI_DMA_SYNC_FORKERNEL);
1725 
1726 		if (!(rxd->sdl0 & LE_16(RT2860_RX_DDONE))) {
1727 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr(): "
1728 			    "rx done!\n");
1729 			break;
1730 		}
1731 
1732 		if (rxd->flags &
1733 		    LE_32(RT2860_RX_CRCERR | RT2860_RX_ICVERR)) {
1734 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr(): "
1735 			    "rx crc error & rx icv error!\n");
1736 			sc->sc_rx_err++;
1737 			goto skip;
1738 		}
1739 
1740 		if (rxd->flags & LE_32(RT2860_RX_MICERR)) {
1741 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr(): "
1742 			    "rx mic error!\n");
1743 			sc->sc_rx_err++;
1744 			goto skip;
1745 		}
1746 
1747 		(void) ddi_dma_sync(data->rxbuf_dma.dma_hdl,
1748 		    data->rxbuf_dma.offset,
1749 		    data->rxbuf_dma.alength,
1750 		    DDI_DMA_SYNC_FORCPU);
1751 
1752 		rxbuf = (uint8_t *)data->rxbuf_dma.mem_va;
1753 		rxd->sdp0 = LE_32(data->rxbuf_dma.cookie.dmac_address);
1754 		rxwi = (struct rt2860_rxwi *)rxbuf;
1755 		rxbuf = (uint8_t *)(rxwi + 1);
1756 		pktlen = LE_16(rxwi->len) & 0xfff;
1757 
1758 		mp0 = allocb(sc->sc_dmabuf_size, BPRI_MED);
1759 		if (mp0 == NULL) {
1760 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr():"
1761 			    "alloc mblk error\n");
1762 			sc->sc_rx_nobuf++;
1763 			goto skip;
1764 		}
1765 		bcopy(rxbuf, mp0->b_rptr, pktlen);
1766 		mp0->b_wptr += pktlen;
1767 
1768 		wh = (struct ieee80211_frame *)mp0->b_rptr;
1769 
1770 		/* HW may insert 2 padding bytes after 802.11 header */
1771 		if (rxd->flags & LE_32(RT2860_RX_L2PAD)) {
1772 			RWN_DEBUG(RT2860_DBG_RX, "rwn: rt2860_rx_intr():"
1773 			    "2 padding bytes after 80211 header!\n");
1774 		}
1775 
1776 		ant = rt2860_maxrssi_chain(sc, rxwi);
1777 		rssi = RT2860_RSSI_OFFSET - rxwi->rssi[ant];
1778 		/* grab a reference to the source node */
1779 		ni = ieee80211_find_rxnode(ic, wh);
1780 
1781 		(void) ieee80211_input(ic, mp0, ni, rssi, 0);
1782 
1783 		/* node is no longer needed */
1784 		ieee80211_free_node(ni);
1785 skip:
1786 		rxd->sdl0 &= ~LE_16(RT2860_RX_DDONE);
1787 
1788 		(void) ddi_dma_sync(sc->rxq.rxdesc_dma.dma_hdl,
1789 		    sc->rxq.cur * sizeof (struct rt2860_rxd),
1790 		    sizeof (struct rt2860_rxd),
1791 		    DDI_DMA_SYNC_FORDEV);
1792 
1793 		sc->rxq.cur = (sc->rxq.cur + 1) % RT2860_RX_RING_COUNT;
1794 	}
1795 	mutex_exit(&sc->sc_rxlock);
1796 
1797 	/* tell HW what we have processed */
1798 	RT2860_WRITE(sc, RT2860_RX_CALC_IDX,
1799 	    (sc->rxq.cur - 1) % RT2860_RX_RING_COUNT);
1800 }
1801 
1802 static uint_t
1803 rt2860_softintr(caddr_t data)
1804 {
1805 	struct rt2860_softc *sc = (struct rt2860_softc *)data;
1806 
1807 	/*
1808 	 * Check if the soft interrupt is triggered by another
1809 	 * driver at the same level.
1810 	 */
1811 	RT2860_GLOCK(sc);
1812 	if (sc->sc_rx_pend) {
1813 		sc->sc_rx_pend = 0;
1814 		RT2860_GUNLOCK(sc);
1815 		rt2860_rx_intr(sc);
1816 		return (DDI_INTR_CLAIMED);
1817 	}
1818 	RT2860_GUNLOCK(sc);
1819 
1820 	return (DDI_INTR_UNCLAIMED);
1821 }
1822 
1823 static uint_t
1824 rt2860_intr(caddr_t arg)
1825 {
1826 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
1827 	uint32_t		r;
1828 
1829 	RT2860_GLOCK(sc);
1830 
1831 	if ((!RT2860_IS_RUNNING(sc)) || RT2860_IS_SUSPEND(sc)) {
1832 		/*
1833 		 * The hardware is not ready/present, don't touch anything.
1834 		 * Note this can happen early on if the IRQ is shared.
1835 		 */
1836 		RT2860_GUNLOCK(sc);
1837 		return (DDI_INTR_UNCLAIMED);
1838 	}
1839 
1840 	r = RT2860_READ(sc, RT2860_INT_STATUS);
1841 	if (r == 0xffffffff) {
1842 		RT2860_GUNLOCK(sc);
1843 		return (DDI_INTR_UNCLAIMED);
1844 	}
1845 	if (r == 0) {
1846 		RT2860_GUNLOCK(sc);
1847 		return (DDI_INTR_UNCLAIMED);
1848 	}
1849 
1850 	/* acknowledge interrupts */
1851 	RT2860_WRITE(sc, RT2860_INT_STATUS, r);
1852 
1853 	if (r & RT2860_TX_COHERENT)
1854 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr()"
1855 		    "RT2860_TX_COHERENT\n");
1856 
1857 	if (r & RT2860_RX_COHERENT)
1858 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr()"
1859 		    "RT2860_RX_COHERENT\n");
1860 
1861 	if (r & RT2860_MAC_INT_2) {
1862 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1863 		    "RT2860_MAC_INT_2\n");
1864 		rt2860_drain_stats_fifo(sc);
1865 	}
1866 
1867 	if (r & RT2860_TX_DONE_INT5) {
1868 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1869 		    "RT2860_TX_DONE_INT5\n");
1870 		rt2860_tx_intr(sc, 5);
1871 	}
1872 
1873 	if (r & RT2860_RX_DONE_INT) {
1874 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr()"
1875 		    "RT2860_RX_INT\n");
1876 		sc->sc_rx_pend = 1;
1877 		ddi_trigger_softintr(sc->sc_softintr_hdl);
1878 	}
1879 
1880 	if (r & RT2860_TX_DONE_INT4) {
1881 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1882 		    "RT2860_TX_DONE_INT4\n");
1883 		rt2860_tx_intr(sc, 4);
1884 	}
1885 
1886 	if (r & RT2860_TX_DONE_INT3) {
1887 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1888 		    "RT2860_TX_DONE_INT3\n");
1889 		rt2860_tx_intr(sc, 3);
1890 	}
1891 
1892 	if (r & RT2860_TX_DONE_INT2) {
1893 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1894 		    "RT2860_TX_DONE_INT2\n");
1895 		rt2860_tx_intr(sc, 2);
1896 	}
1897 
1898 	if (r & RT2860_TX_DONE_INT1) {
1899 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1900 		    "RT2860_TX_DONE_INT1\n");
1901 		rt2860_tx_intr(sc, 1);
1902 	}
1903 
1904 	if (r & RT2860_TX_DONE_INT0) {
1905 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1906 		    "RT2860_TX_DONE_INT0\n");
1907 		rt2860_tx_intr(sc, 0);
1908 	}
1909 
1910 	if (r & RT2860_MAC_INT_0) {
1911 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1912 		    "RT2860_MAC_INT_0\n");
1913 		struct ieee80211com *ic = &sc->sc_ic;
1914 		/* check if protection mode has changed */
1915 		if ((sc->sc_ic_flags ^ ic->ic_flags) & IEEE80211_F_USEPROT) {
1916 			rt2860_updateprot(ic);
1917 			sc->sc_ic_flags = ic->ic_flags;
1918 		}
1919 	}
1920 
1921 	if (r & RT2860_MAC_INT_3)
1922 		RWN_DEBUG(RT2860_DBG_INTR, "rwn: rt2860_intr(): "
1923 		    "RT2860_MAC_INT_3\n");
1924 
1925 	RT2860_GUNLOCK(sc);
1926 
1927 	return (DDI_INTR_CLAIMED);
1928 }
1929 
1930 static void
1931 rt2860_set_region_4(struct rt2860_softc *sc,
1932     uint32_t addr, uint32_t data, int size)
1933 {
1934 	for (; size > 0; size--, data++, addr += 4)
1935 		ddi_put32((sc)->sc_io_handle,
1936 		    (uint32_t *)((uintptr_t)(sc)->sc_io_base + addr), data);
1937 }
1938 
1939 static int
1940 rt2860_load_microcode(struct rt2860_softc *sc)
1941 {
1942 	int		ntries;
1943 	size_t		size;
1944 	uint8_t		*ucode, *fptr;
1945 	uint32_t	off, i;
1946 
1947 	ucode = rt2860_fw_bin;
1948 	size = sizeof (rt2860_fw_bin);
1949 	RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_load_microcode(): "
1950 	    "The size of ucode is: %x\n", size);
1951 
1952 	/* set "host program ram write selection" bit */
1953 	RT2860_WRITE(sc, RT2860_SYS_CTRL, RT2860_HST_PM_SEL);
1954 	/* write microcode image */
1955 	fptr = ucode;
1956 	off = RT2860_FW_BASE;
1957 	for (i = 0; i < size; i++) {
1958 		rt2860_mem_write1(sc, off++, *fptr++);
1959 	}
1960 	/* kick microcontroller unit */
1961 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0);
1962 	RT2860_WRITE(sc, RT2860_SYS_CTRL, RT2860_MCU_RESET);
1963 
1964 	RT2860_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
1965 	RT2860_WRITE(sc, RT2860_H2M_MAILBOX, 0);
1966 
1967 	/* wait until microcontroller is ready */
1968 	for (ntries = 0; ntries < 1000; ntries++) {
1969 		if (RT2860_READ(sc, RT2860_SYS_CTRL) & RT2860_MCU_READY)
1970 			break;
1971 		DELAY(1000);
1972 	}
1973 	if (ntries == 1000) {
1974 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_load_microcode(): "
1975 		    "timeout waiting for MCU to initialie\n");
1976 		return (ETIMEDOUT);
1977 	}
1978 
1979 	return (0);
1980 }
1981 
1982 static void
1983 rt2860_set_macaddr(struct rt2860_softc *sc, const uint8_t *addr)
1984 {
1985 	RT2860_WRITE(sc, RT2860_MAC_ADDR_DW0,
1986 	    addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
1987 	RT2860_WRITE(sc, RT2860_MAC_ADDR_DW1,
1988 	    addr[4] | addr[5] << 8);
1989 }
1990 
1991 /*
1992  * Send a command to the 8051 microcontroller unit.
1993  */
1994 static int
1995 rt2860_mcu_cmd(struct rt2860_softc *sc, uint8_t cmd, uint16_t arg)
1996 {
1997 	int	ntries;
1998 
1999 	for (ntries = 0; ntries < 100; ntries++) {
2000 		if (!(RT2860_READ(sc, RT2860_H2M_MAILBOX) & RT2860_H2M_BUSY))
2001 			break;
2002 		DELAY(2);
2003 	}
2004 	if (ntries == 100)
2005 		return (EIO);
2006 
2007 	RT2860_WRITE(sc, RT2860_H2M_MAILBOX,
2008 	    RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg);
2009 	RT2860_WRITE(sc, RT2860_HOST_CMD, cmd);
2010 
2011 	return (RT2860_SUCCESS);
2012 }
2013 
2014 /*
2015  * Reading and writing from/to the BBP is different from RT2560 and RT2661.
2016  * We access the BBP through the 8051 microcontroller unit which means that
2017  * the microcode must be loaded first.
2018  */
2019 static uint8_t
2020 rt2860_mcu_bbp_read(struct rt2860_softc *sc, uint8_t reg)
2021 {
2022 	uint32_t val;
2023 	int ntries;
2024 
2025 	for (ntries = 0; ntries < 100; ntries++) {
2026 		if (!(RT2860_READ(sc,
2027 		    RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
2028 			break;
2029 		DELAY(1);
2030 	}
2031 	if (ntries == 100) {
2032 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_mcu_bbp_read():"
2033 		    "could not read from BBP through MCU\n");
2034 		return (0);
2035 	}
2036 
2037 	RT2860_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
2038 	    RT2860_BBP_CSR_KICK | RT2860_BBP_CSR_READ | reg << 8);
2039 
2040 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0);
2041 	DELAY(1000);
2042 
2043 	for (ntries = 0; ntries < 100; ntries++) {
2044 		val = RT2860_READ(sc, RT2860_H2M_BBPAGENT);
2045 		if (!(val & RT2860_BBP_CSR_KICK))
2046 			return (val & 0xff);
2047 		DELAY(1);
2048 	}
2049 	RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_mcu_bbp_read():"
2050 	    "could not read from BBP through MCU\n");
2051 
2052 	return (0);
2053 }
2054 
2055 static void
2056 rt2860_mcu_bbp_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
2057 {
2058 	int ntries;
2059 
2060 	for (ntries = 0; ntries < 100; ntries++) {
2061 		if (!(RT2860_READ(sc,
2062 		    RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
2063 			break;
2064 		DELAY(1);
2065 	}
2066 	if (ntries == 100) {
2067 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_mcu_bbp_write():"
2068 		    "could not write to BBP through MCU\n");
2069 		return;
2070 	}
2071 
2072 	RT2860_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
2073 	    RT2860_BBP_CSR_KICK | reg << 8 | val);
2074 
2075 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0);
2076 	DELAY(1000);
2077 }
2078 
2079 static int
2080 rt2860_bbp_init(struct rt2860_softc *sc)
2081 {
2082 	int i, ntries;
2083 
2084 	/* wait for BBP to wake up */
2085 	for (ntries = 0; ntries < 20; ntries++) {
2086 		uint8_t bbp0 = rt2860_mcu_bbp_read(sc, 0);
2087 		if (bbp0 != 0 && bbp0 != 0xff)
2088 			break;
2089 	}
2090 	if (ntries == 20) {
2091 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_bbp_init():"
2092 		    "timeout waiting for BBP to wake up\n");
2093 		return (ETIMEDOUT);
2094 	}
2095 
2096 	/* initialize BBP registers to default values */
2097 	for (i = 0; i < 12; i++) {
2098 		rt2860_mcu_bbp_write(sc, rt2860_def_bbp[i].reg,
2099 		    rt2860_def_bbp[i].val);
2100 	}
2101 
2102 	/* fix BBP69 and BBP73 for RT2860C */
2103 	if (sc->mac_rev == 0x28600100) {
2104 		rt2860_mcu_bbp_write(sc, 69, 0x16);
2105 		rt2860_mcu_bbp_write(sc, 73, 0x12);
2106 	}
2107 
2108 	return (0);
2109 }
2110 
2111 static void
2112 rt2860_rf_write(struct rt2860_softc *sc, uint8_t reg, uint32_t val)
2113 {
2114 	uint32_t tmp;
2115 	int ntries;
2116 
2117 	for (ntries = 0; ntries < 100; ntries++) {
2118 		if (!(RT2860_READ(sc, RT2860_RF_CSR_CFG0) & RT2860_RF_REG_CTRL))
2119 			break;
2120 		DELAY(1);
2121 	}
2122 	if (ntries == 100) {
2123 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rwn_init()"
2124 		    "could not write to RF\n");
2125 		return;
2126 	}
2127 
2128 	/* RF registers are 24-bit on the RT2860 */
2129 	tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT |
2130 	    (val & 0x3fffff) << 2 | (reg & 3);
2131 	RT2860_WRITE(sc, RT2860_RF_CSR_CFG0, tmp);
2132 }
2133 
2134 static void
2135 rt2860_select_chan_group(struct rt2860_softc *sc, int group)
2136 {
2137 	uint32_t tmp;
2138 
2139 	rt2860_mcu_bbp_write(sc, 62, 0x37 - sc->lna[group]);
2140 	rt2860_mcu_bbp_write(sc, 63, 0x37 - sc->lna[group]);
2141 	rt2860_mcu_bbp_write(sc, 64, 0x37 - sc->lna[group]);
2142 	rt2860_mcu_bbp_write(sc, 82, (group == 0) ? 0x62 : 0xf2);
2143 
2144 	tmp = RT2860_READ(sc, RT2860_TX_BAND_CFG);
2145 	tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
2146 	tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
2147 	RT2860_WRITE(sc, RT2860_TX_BAND_CFG, tmp);
2148 
2149 	/* enable appropriate Power Amplifiers and Low Noise Amplifiers */
2150 	tmp = RT2860_RFTR_EN | RT2860_TRSW_EN;
2151 	if (group == 0) {	/* 2GHz */
2152 		tmp |= RT2860_PA_PE_G0_EN | RT2860_LNA_PE_G0_EN;
2153 		if (sc->ntxchains > 1)
2154 			tmp |= RT2860_PA_PE_G1_EN;
2155 		if (sc->nrxchains > 1)
2156 			tmp |= RT2860_LNA_PE_G1_EN;
2157 	} else {		/* 5GHz */
2158 		tmp |= RT2860_PA_PE_A0_EN | RT2860_LNA_PE_A0_EN;
2159 		if (sc->ntxchains > 1)
2160 			tmp |= RT2860_PA_PE_A1_EN;
2161 		if (sc->nrxchains > 1)
2162 			tmp |= RT2860_LNA_PE_A1_EN;
2163 	}
2164 	RT2860_WRITE(sc, RT2860_TX_PIN_CFG, tmp);
2165 
2166 	rt2860_mcu_bbp_write(sc, 66, 0x2e + sc->lna[group]);
2167 }
2168 static void
2169 rt2860_set_chan(struct rt2860_softc *sc, struct ieee80211_channel *c)
2170 {
2171 	struct ieee80211com	*ic = &sc->sc_ic;
2172 	const struct rfprog	*rfprog = rt2860_rf2850;
2173 	uint_t			i, chan, group;
2174 	uint8_t			txpow1, txpow2;
2175 	uint32_t		r2, r3, r4;
2176 
2177 	chan = ieee80211_chan2ieee(ic, c);
2178 	if (chan == 0 || chan == IEEE80211_CHAN_ANY) {
2179 		RWN_DEBUG(RT2860_DBG_FW, "Unkonwn channel!\n");
2180 		return;
2181 	}
2182 
2183 	/* find the settings for this channel (we know it exists) */
2184 	for (i = 0; rfprog[i].chan != chan; )
2185 		i++;
2186 
2187 	r2 = rfprog[i].r2;
2188 	if (sc->ntxchains == 1)
2189 		r2 |= 1 << 12;		/* 1T: disable Tx chain 2 */
2190 	if (sc->nrxchains == 1)
2191 		r2 |= 1 << 15 | 1 << 4;	/* 1R: disable Rx chains 2 & 3 */
2192 	else if (sc->nrxchains == 2)
2193 		r2 |= 1 << 4;		/* 2R: disable Rx chain 3 */
2194 
2195 	/* use Tx power values from EEPROM */
2196 	txpow1 = sc->txpow1[i];
2197 	txpow2 = sc->txpow2[i];
2198 	if (IEEE80211_IS_CHAN_5GHZ(c)) {
2199 		txpow1 = txpow1 << 1 | 1;
2200 		txpow2 = txpow2 << 1 | 1;
2201 	}
2202 	r3 = rfprog[i].r3 | txpow1 << 7;
2203 	r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4;
2204 
2205 	rt2860_rf_write(sc, RAL_RF1, rfprog[i].r1);
2206 	rt2860_rf_write(sc, RAL_RF2, r2);
2207 	rt2860_rf_write(sc, RAL_RF3, r3);
2208 	rt2860_rf_write(sc, RAL_RF4, r4);
2209 
2210 	DELAY(200);
2211 
2212 	rt2860_rf_write(sc, RAL_RF1, rfprog[i].r1);
2213 	rt2860_rf_write(sc, RAL_RF2, r2);
2214 	rt2860_rf_write(sc, RAL_RF3, r3 | 1);
2215 	rt2860_rf_write(sc, RAL_RF4, r4);
2216 
2217 	DELAY(200);
2218 
2219 	rt2860_rf_write(sc, RAL_RF1, rfprog[i].r1);
2220 	rt2860_rf_write(sc, RAL_RF2, r2);
2221 	rt2860_rf_write(sc, RAL_RF3, r3);
2222 	rt2860_rf_write(sc, RAL_RF4, r4);
2223 
2224 	/* 802.11a uses a 16 microseconds short interframe space */
2225 	sc->sifs = IEEE80211_IS_CHAN_5GHZ(c) ? 16 : 10;
2226 
2227 	/* determine channel group */
2228 	if (chan <= 14)
2229 		group = 0;
2230 	else if (chan <= 64)
2231 		group = 1;
2232 	else if (chan <= 128)
2233 		group = 2;
2234 	else
2235 		group = 3;
2236 
2237 	/* XXX necessary only when group has changed! */
2238 	rt2860_select_chan_group(sc, group);
2239 
2240 	DELAY(1000);
2241 }
2242 
2243 static void
2244 rt2860_updateprot(struct ieee80211com *ic)
2245 {
2246 	struct rt2860_softc *sc = (struct rt2860_softc *)ic;
2247 	uint32_t tmp;
2248 
2249 	tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
2250 	/* setup protection frame rate (MCS code) */
2251 	tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 0 : 3;
2252 
2253 	/* CCK frames don't require protection */
2254 	RT2860_WRITE(sc, RT2860_CCK_PROT_CFG, tmp);
2255 
2256 	if (ic->ic_flags & IEEE80211_F_USEPROT) {
2257 		if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
2258 			tmp |= RT2860_PROT_CTRL_RTS_CTS;
2259 		else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
2260 			tmp |= RT2860_PROT_CTRL_CTS;
2261 	}
2262 	RT2860_WRITE(sc, RT2860_OFDM_PROT_CFG, tmp);
2263 }
2264 
2265 static void
2266 rt2860_set_leds(struct rt2860_softc *sc, uint16_t which)
2267 {
2268 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
2269 	    which | (sc->leds & 0x7f));
2270 }
2271 
2272 static int
2273 rt2860_init(struct rt2860_softc *sc)
2274 {
2275 #define	N(a)	(sizeof (a) / sizeof ((a)[0]))
2276 	struct ieee80211com	*ic;
2277 	int			i, err, qid, ridx, ntries;
2278 	uint8_t			bbp1, bbp3;
2279 	uint32_t		tmp;
2280 
2281 	ic = &sc->sc_ic;
2282 
2283 	rt2860_stop(sc);
2284 	tmp = RT2860_READ(sc, RT2860_WPDMA_GLO_CFG);
2285 	tmp &= 0xff0;
2286 	RT2860_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp | RT2860_TX_WB_DDONE);
2287 
2288 	RT2860_WRITE(sc, RT2860_WPDMA_RST_IDX, 0xffffffff);
2289 
2290 	/* PBF hardware reset */
2291 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
2292 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
2293 
2294 	if (!(sc->sc_flags & RT2860_FWLOADED)) {
2295 		if ((err = rt2860_load_microcode(sc)) != 0) {
2296 			RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_init(): "
2297 			    "could not load 8051 microcode\n");
2298 			rt2860_stop(sc);
2299 			return (err);
2300 		}
2301 		RT2860_GLOCK(sc);
2302 		sc->sc_flags |= RT2860_FWLOADED;
2303 		RT2860_GUNLOCK(sc);
2304 	}
2305 
2306 	rt2860_set_macaddr(sc, ic->ic_macaddr);
2307 
2308 	/* init Tx power for all Tx rates (from EEPROM) */
2309 	for (ridx = 0; ridx < 5; ridx++) {
2310 		if (sc->txpow20mhz[ridx] == 0xffffffff)
2311 			continue;
2312 		RT2860_WRITE(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
2313 	}
2314 
2315 	for (ntries = 0; ntries < 100; ntries++) {
2316 		tmp = RT2860_READ(sc, RT2860_WPDMA_GLO_CFG);
2317 		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
2318 			break;
2319 		DELAY(1000);
2320 	}
2321 	if (ntries == 100) {
2322 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_init():"
2323 		    "timeout waiting for DMA engine\n");
2324 		rt2860_stop(sc);
2325 		return (ETIMEDOUT);
2326 	}
2327 	tmp &= 0xff0;
2328 	RT2860_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp | RT2860_TX_WB_DDONE);
2329 
2330 	/* reset Rx ring and all 6 Tx rings */
2331 	RT2860_WRITE(sc, RT2860_WPDMA_RST_IDX, 0x1003f);
2332 
2333 	/* PBF hardware reset */
2334 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
2335 	RT2860_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
2336 
2337 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL,
2338 	    RT2860_BBP_HRST | RT2860_MAC_SRST);
2339 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
2340 
2341 	for (i = 0; i < N(rt2860_def_mac); i++)
2342 		RT2860_WRITE(sc, rt2860_def_mac[i].reg, rt2860_def_mac[i].val);
2343 
2344 	/* wait while MAC is busy */
2345 	for (ntries = 0; ntries < 100; ntries++) {
2346 		if (!(RT2860_READ(sc, RT2860_MAC_STATUS_REG) &
2347 		    (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
2348 			break;
2349 		DELAY(1000);
2350 	}
2351 	if (ntries == 100) {
2352 		RWN_DEBUG(RT2860_DBG_FW, "rwn: rt2860_init():"
2353 		    "timeout waiting for MAC\n");
2354 		rt2860_stop(sc);
2355 		return (ETIMEDOUT);
2356 	}
2357 
2358 	/* clear Host to MCU mailbox */
2359 	RT2860_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
2360 	RT2860_WRITE(sc, RT2860_H2M_MAILBOX, 0);
2361 
2362 	if ((err = rt2860_bbp_init(sc)) != 0) {
2363 		rt2860_stop(sc);
2364 		return (err);
2365 	}
2366 
2367 	/* init Tx rings (4 EDCAs + HCCA + Mgt) */
2368 	for (qid = 0; qid < 6; qid++) {
2369 		RT2860_WRITE(sc, RT2860_TX_BASE_PTR(qid), sc->txq[qid].paddr);
2370 		RT2860_WRITE(sc, RT2860_TX_MAX_CNT(qid), RT2860_TX_RING_COUNT);
2371 		RT2860_WRITE(sc, RT2860_TX_CTX_IDX(qid), 0);
2372 	}
2373 
2374 	/* init Rx ring */
2375 	RT2860_WRITE(sc, RT2860_RX_BASE_PTR, sc->rxq.paddr);
2376 	RT2860_WRITE(sc, RT2860_RX_MAX_CNT, RT2860_RX_RING_COUNT);
2377 	RT2860_WRITE(sc, RT2860_RX_CALC_IDX, RT2860_RX_RING_COUNT - 1);
2378 
2379 	/* setup maximum buffer sizes */
2380 	RT2860_WRITE(sc, RT2860_MAX_LEN_CFG, 1 << 12 |
2381 	    (sc->sc_dmabuf_size - sizeof (struct rt2860_rxwi) - 2));
2382 
2383 	for (ntries = 0; ntries < 100; ntries++) {
2384 		tmp = RT2860_READ(sc, RT2860_WPDMA_GLO_CFG);
2385 		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
2386 			break;
2387 		DELAY(1000);
2388 	}
2389 	if (ntries == 100) {
2390 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_init():"
2391 		    "timeout waiting for DMA engine\n");
2392 		rt2860_stop(sc);
2393 		return (ETIMEDOUT);
2394 	}
2395 	tmp &= 0xff0;
2396 	RT2860_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp | RT2860_TX_WB_DDONE);
2397 
2398 	/* disable interrupts mitigation */
2399 	RT2860_WRITE(sc, RT2860_DELAY_INT_CFG, 0);
2400 
2401 	/* write vendor-specific BBP values (from EEPROM) */
2402 	for (i = 0; i < 8; i++) {
2403 		if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
2404 			continue;
2405 		rt2860_mcu_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
2406 	}
2407 
2408 	/* send LEDs operating mode to microcontroller */
2409 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
2410 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
2411 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
2412 
2413 	/* disable non-existing Rx chains */
2414 	bbp3 = rt2860_mcu_bbp_read(sc, 3);
2415 	bbp3 &= ~(1 << 3 | 1 << 4);
2416 	if (sc->nrxchains == 2)
2417 		bbp3 |= 1 << 3;
2418 	else if (sc->nrxchains == 3)
2419 		bbp3 |= 1 << 4;
2420 	rt2860_mcu_bbp_write(sc, 3, bbp3);
2421 
2422 	/* disable non-existing Tx chains */
2423 	bbp1 = rt2860_mcu_bbp_read(sc, 1);
2424 	if (sc->ntxchains == 1)
2425 		bbp1 &= ~(1 << 3 | 1 << 4);
2426 	rt2860_mcu_bbp_write(sc, 1, bbp1);
2427 
2428 	/* select default channel */
2429 	rt2860_set_chan(sc, ic->ic_curchan);
2430 
2431 	/* XXX not clear what the following 8051 command does.. */
2432 	(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BOOT, 0);
2433 
2434 	/* set RTS threshold */
2435 	tmp = RT2860_READ(sc, RT2860_TX_RTS_CFG);
2436 	tmp &= ~0xffff00;
2437 	tmp |= ic->ic_rtsthreshold << 8;
2438 
2439 	/* setup initial protection mode */
2440 	sc->sc_ic_flags = ic->ic_flags;
2441 	rt2860_updateprot(ic);
2442 
2443 	/* enable Tx/Rx DMA engine */
2444 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
2445 	for (ntries = 0; ntries < 200; ntries++) {
2446 		tmp = RT2860_READ(sc, RT2860_WPDMA_GLO_CFG);
2447 		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
2448 			break;
2449 		DELAY(1000);
2450 	}
2451 	if (ntries == 200) {
2452 		RWN_DEBUG(RT2860_DBG_DMA, "rwn: rt2860_int():"
2453 		    "timeout waiting for DMA engine\n");
2454 		rt2860_stop(sc);
2455 		return (ETIMEDOUT);
2456 	}
2457 
2458 	DELAY(50);
2459 
2460 	tmp |= RT2860_TX_WB_DDONE | RT2860_RX_DMA_EN | RT2860_TX_DMA_EN |
2461 	    RT2860_WPDMA_BT_SIZE64 << RT2860_WPDMA_BT_SIZE_SHIFT;
2462 	RT2860_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
2463 
2464 	/* turn radio LED on */
2465 	rt2860_set_leds(sc, RT2860_LED_RADIO);
2466 
2467 	/* set Rx filter */
2468 	tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
2469 	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
2470 		tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
2471 		    RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
2472 		    RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
2473 		    RT2860_DROP_CFACK | RT2860_DROP_CFEND;
2474 		if (ic->ic_opmode == IEEE80211_M_STA)
2475 			tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
2476 	}
2477 	RT2860_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
2478 
2479 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL,
2480 	    RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
2481 
2482 	/* clear pending interrupts */
2483 	RT2860_WRITE(sc, RT2860_INT_STATUS, 0xffffffff);
2484 	/* enable interrupts */
2485 	RT2860_WRITE(sc, RT2860_INT_MASK, 0x3fffc);
2486 
2487 	if (sc->sc_flags & RT2860_ADVANCED_PS)
2488 		(void) rt2860_mcu_cmd(sc, RT2860_MCU_CMD_PSLEVEL, sc->pslevel);
2489 
2490 	return (DDI_SUCCESS);
2491 }
2492 
2493 static int
2494 rt2860_quiesce(dev_info_t *dip)
2495 {
2496 	struct rt2860_softc	*sc;
2497 
2498 	sc = ddi_get_soft_state(rt2860_soft_state_p, ddi_get_instance(dip));
2499 	if (sc == NULL)
2500 		return (DDI_FAILURE);
2501 
2502 #ifdef DEBUG
2503 	rt2860_dbg_flags = 0;
2504 #endif
2505 
2506 	/*
2507 	 * No more blocking is allowed while we are in quiesce(9E) entry point
2508 	 */
2509 	sc->sc_flags |= RT2860_F_QUIESCE;
2510 
2511 	/*
2512 	 * Disable and mask all interrupts
2513 	 */
2514 	rt2860_stop(sc);
2515 	return (DDI_SUCCESS);
2516 }
2517 
2518 static void
2519 rt2860_stop(struct rt2860_softc *sc)
2520 {
2521 	int		qid;
2522 	uint32_t	tmp;
2523 
2524 	/* by pass if it's quiesced */
2525 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
2526 		RT2860_GLOCK(sc);
2527 	if (sc->sc_flags == RT2860_F_RUNNING)
2528 		rt2860_set_leds(sc, 0);	/* turn all LEDs off */
2529 	sc->sc_tx_timer = 0;
2530 	/* by pass if it's quiesced */
2531 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
2532 		RT2860_GUNLOCK(sc);
2533 
2534 	/* clear RX WCID search table */
2535 	rt2860_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
2536 	/* clear pairwise key table */
2537 	rt2860_set_region_4(sc, RT2860_PKEY(0), 0, 2048);
2538 	/* clear IV/EIV table */
2539 	rt2860_set_region_4(sc, RT2860_IVEIV(0), 0, 512);
2540 	/* clear WCID attribute table */
2541 	rt2860_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 256);
2542 	/* clear shared key table */
2543 	rt2860_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
2544 	/* clear shared key mode */
2545 	rt2860_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
2546 
2547 	/* disable interrupts */
2548 	RT2860_WRITE(sc, RT2860_INT_MASK, 0);
2549 
2550 	/* disable Rx */
2551 	tmp = RT2860_READ(sc, RT2860_MAC_SYS_CTRL);
2552 	tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
2553 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL, tmp);
2554 
2555 	/* reset adapter */
2556 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL,
2557 	    RT2860_BBP_HRST | RT2860_MAC_SRST);
2558 	RT2860_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
2559 
2560 	/* reset Tx and Rx rings (and reclaim TXWIs) */
2561 	for (qid = 0; qid < 6; qid++)
2562 		rt2860_reset_tx_ring(sc, &sc->txq[qid]);
2563 	rt2860_reset_rx_ring(sc, &sc->rxq);
2564 
2565 	/* by pass if it's quiesced */
2566 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
2567 		RT2860_GLOCK(sc);
2568 	sc->sc_flags &= ~RT2860_UPD_BEACON;
2569 	/* by pass if it's quiesced */
2570 	if (!(sc->sc_flags & RT2860_F_QUIESCE))
2571 		RT2860_GUNLOCK(sc);
2572 }
2573 
2574 static int
2575 rt2860_m_start(void *arg)
2576 {
2577 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2578 	struct ieee80211com	*ic = &sc->sc_ic;
2579 	int			err;
2580 
2581 	err = rt2860_init(sc);
2582 	if (err != DDI_SUCCESS) {
2583 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_m_start():"
2584 		    "Hardware initialization failed\n");
2585 		goto fail1;
2586 	}
2587 
2588 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
2589 
2590 	RT2860_GLOCK(sc);
2591 	sc->sc_flags |= RT2860_F_RUNNING;
2592 	RT2860_GUNLOCK(sc);
2593 
2594 	return (err);
2595 fail1:
2596 	rt2860_stop(sc);
2597 	return (err);
2598 }
2599 
2600 static void
2601 rt2860_m_stop(void *arg)
2602 {
2603 	struct rt2860_softc *sc = (struct rt2860_softc *)arg;
2604 
2605 	(void) rt2860_stop(sc);
2606 
2607 	ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1);
2608 
2609 	RT2860_GLOCK(sc);
2610 	sc->sc_flags &= ~RT2860_F_RUNNING;
2611 	RT2860_GUNLOCK(sc);
2612 }
2613 
2614 static void
2615 rt2860_m_ioctl(void* arg, queue_t *wq, mblk_t *mp)
2616 {
2617 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2618 	struct ieee80211com	*ic = &sc->sc_ic;
2619 	int			err;
2620 
2621 	err = ieee80211_ioctl(ic, wq, mp);
2622 	RT2860_GLOCK(sc);
2623 	if (err == ENETRESET) {
2624 		if (ic->ic_des_esslen) {
2625 			if (RT2860_IS_RUNNING(sc)) {
2626 				RT2860_GUNLOCK(sc);
2627 				(void) rt2860_init(sc);
2628 				(void) ieee80211_new_state(ic,
2629 				    IEEE80211_S_SCAN, -1);
2630 				RT2860_GLOCK(sc);
2631 			}
2632 		}
2633 	}
2634 	RT2860_GUNLOCK(sc);
2635 }
2636 
2637 /*
2638  * Call back function for get/set proporty
2639  */
2640 static int
2641 rt2860_m_getprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2642     uint_t wldp_length, void *wldp_buf)
2643 {
2644 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2645 	int			err = 0;
2646 
2647 	err = ieee80211_getprop(&sc->sc_ic, pr_name, wldp_pr_num,
2648 	    wldp_length, wldp_buf);
2649 
2650 	return (err);
2651 }
2652 
2653 static void
2654 rt2860_m_propinfo(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2655     mac_prop_info_handle_t prh)
2656 {
2657 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2658 
2659 	ieee80211_propinfo(&sc->sc_ic, pr_name, wldp_pr_num, prh);
2660 }
2661 
2662 static int
2663 rt2860_m_setprop(void *arg, const char *pr_name, mac_prop_id_t wldp_pr_num,
2664     uint_t wldp_length, const void *wldp_buf)
2665 {
2666 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2667 	ieee80211com_t		*ic = &sc->sc_ic;
2668 	int			err;
2669 
2670 	err = ieee80211_setprop(ic, pr_name, wldp_pr_num, wldp_length,
2671 	    wldp_buf);
2672 	RT2860_GLOCK(sc);
2673 	if (err == ENETRESET) {
2674 		if (ic->ic_des_esslen) {
2675 			if (RT2860_IS_RUNNING(sc)) {
2676 				RT2860_GUNLOCK(sc);
2677 				(void) rt2860_init(sc);
2678 				(void) ieee80211_new_state(ic,
2679 				    IEEE80211_S_SCAN, -1);
2680 				RT2860_GLOCK(sc);
2681 			}
2682 		}
2683 		err = 0;
2684 	}
2685 	RT2860_GUNLOCK(sc);
2686 	return (err);
2687 }
2688 
2689 static mblk_t *
2690 rt2860_m_tx(void *arg, mblk_t *mp)
2691 {
2692 	struct rt2860_softc	*sc = (struct rt2860_softc *)arg;
2693 	struct ieee80211com	*ic = &sc->sc_ic;
2694 	mblk_t			*next;
2695 
2696 	if (RT2860_IS_SUSPEND(sc)) {
2697 		freemsgchain(mp);
2698 		return (NULL);
2699 	}
2700 
2701 	/*
2702 	 * No data frames go out unless we're associated; this
2703 	 * should not happen as the 802.11 layer does not enable
2704 	 * the xmit queue until we enter the RUN state.
2705 	 */
2706 	if (ic->ic_state != IEEE80211_S_RUN) {
2707 		RWN_DEBUG(RT2860_DBG_TX, "rwn: rt2860_tx_data(): "
2708 		    "discard, state %u\n", ic->ic_state);
2709 		freemsgchain(mp);
2710 		return (NULL);
2711 	}
2712 
2713 	while (mp != NULL) {
2714 		next = mp->b_next;
2715 		mp->b_next = NULL;
2716 		if (rt2860_send(ic, mp, IEEE80211_FC0_TYPE_DATA) !=
2717 		    DDI_SUCCESS) {
2718 			mp->b_next = next;
2719 			break;
2720 		}
2721 		mp = next;
2722 	}
2723 	return (mp);
2724 }
2725 
2726 /*ARGSUSED*/
2727 static int
2728 rt2860_m_unicst(void *arg, const uint8_t *macaddr)
2729 {
2730 	return (ENOTSUP);
2731 }
2732 
2733 /*ARGSUSED*/
2734 static int
2735 rt2860_m_multicst(void *arg, boolean_t add, const uint8_t *mca)
2736 {
2737 	return (ENOTSUP);
2738 }
2739 
2740 /*ARGSUSED*/
2741 static int
2742 rt2860_m_promisc(void *arg, boolean_t on)
2743 {
2744 	return (0);
2745 }
2746 
2747 static int
2748 rt2860_m_stat(void *arg, uint_t stat, uint64_t *val)
2749 {
2750 	struct rt2860_softc	*sc  = (struct rt2860_softc *)arg;
2751 	ieee80211com_t		*ic = &sc->sc_ic;
2752 	ieee80211_node_t	*ni = ic->ic_bss;
2753 	struct ieee80211_rateset *rs = &ni->in_rates;
2754 
2755 	RT2860_GLOCK(sc);
2756 	switch (stat) {
2757 	case MAC_STAT_IFSPEED:
2758 		*val = ((ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) ?
2759 		    (rs->ir_rates[ni->in_txrate] & IEEE80211_RATE_VAL)
2760 		    : ic->ic_fixed_rate) / 2 * 1000000;
2761 		break;
2762 	case MAC_STAT_NOXMTBUF:
2763 		*val = sc->sc_tx_nobuf;
2764 		break;
2765 	case MAC_STAT_NORCVBUF:
2766 		*val = sc->sc_rx_nobuf;
2767 		break;
2768 	case MAC_STAT_IERRORS:
2769 		*val = sc->sc_rx_err;
2770 		break;
2771 	case MAC_STAT_RBYTES:
2772 		*val = ic->ic_stats.is_rx_bytes;
2773 		break;
2774 	case MAC_STAT_IPACKETS:
2775 		*val = ic->ic_stats.is_rx_frags;
2776 		break;
2777 	case MAC_STAT_OBYTES:
2778 		*val = ic->ic_stats.is_tx_bytes;
2779 		break;
2780 	case MAC_STAT_OPACKETS:
2781 		*val = ic->ic_stats.is_tx_frags;
2782 		break;
2783 	case MAC_STAT_OERRORS:
2784 	case WIFI_STAT_TX_FAILED:
2785 		*val = sc->sc_tx_err;
2786 		break;
2787 	case WIFI_STAT_TX_RETRANS:
2788 		*val = sc->sc_tx_retries;
2789 		break;
2790 	case WIFI_STAT_FCS_ERRORS:
2791 	case WIFI_STAT_WEP_ERRORS:
2792 	case WIFI_STAT_TX_FRAGS:
2793 	case WIFI_STAT_MCAST_TX:
2794 	case WIFI_STAT_RTS_SUCCESS:
2795 	case WIFI_STAT_RTS_FAILURE:
2796 	case WIFI_STAT_ACK_FAILURE:
2797 	case WIFI_STAT_RX_FRAGS:
2798 	case WIFI_STAT_MCAST_RX:
2799 	case WIFI_STAT_RX_DUPS:
2800 		RT2860_GUNLOCK(sc);
2801 		return (ieee80211_stat(ic, stat, val));
2802 	default:
2803 		RT2860_GUNLOCK(sc);
2804 		return (ENOTSUP);
2805 	}
2806 	RT2860_GUNLOCK(sc);
2807 
2808 	return (0);
2809 }
2810 
2811 static int
2812 rt2860_attach(dev_info_t *devinfo, ddi_attach_cmd_t cmd)
2813 {
2814 	struct rt2860_softc	*sc;
2815 	struct ieee80211com	*ic;
2816 	int			i, err, qid, ntries, instance;
2817 	uint8_t			cachelsz;
2818 	uint16_t		command, vendor_id, device_id;
2819 	char			strbuf[32];
2820 	wifi_data_t		wd = { 0 };
2821 	mac_register_t		*macp;
2822 
2823 	switch (cmd) {
2824 	case DDI_ATTACH:
2825 		break;
2826 	case DDI_RESUME:
2827 		sc = ddi_get_soft_state(rt2860_soft_state_p,
2828 		    ddi_get_instance(devinfo));
2829 		ASSERT(sc != NULL);
2830 		RT2860_GLOCK(sc);
2831 		sc->sc_flags &= ~RT2860_F_SUSPEND;
2832 		RT2860_GUNLOCK(sc);
2833 		if (RT2860_IS_RUNNING(sc))
2834 			(void) rt2860_init(sc);
2835 		RWN_DEBUG(RT2860_DBG_RESUME, "rwn: rt2860_attach(): "
2836 		    "resume now\n");
2837 		return (DDI_SUCCESS);
2838 	default:
2839 		return (DDI_FAILURE);
2840 	}
2841 
2842 	instance = ddi_get_instance(devinfo);
2843 
2844 	err = ddi_soft_state_zalloc(rt2860_soft_state_p, instance);
2845 	if (err != DDI_SUCCESS) {
2846 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2847 		    "unable to alloc soft_state_p\n");
2848 		return (err);
2849 	}
2850 
2851 	sc = ddi_get_soft_state(rt2860_soft_state_p, instance);
2852 	ic = (ieee80211com_t *)&sc->sc_ic;
2853 	sc->sc_dev = devinfo;
2854 
2855 	/* pci configuration */
2856 	err = ddi_regs_map_setup(devinfo, 0, &sc->sc_cfg_base, 0, 0,
2857 	    &rwn_csr_accattr, &sc->sc_cfg_handle);
2858 	if (err != DDI_SUCCESS) {
2859 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2860 		    "ddi_regs_map_setup() failed");
2861 		goto fail1;
2862 	}
2863 
2864 	cachelsz = ddi_get8(sc->sc_cfg_handle,
2865 	    (uint8_t *)(sc->sc_cfg_base + PCI_CONF_CACHE_LINESZ));
2866 	if (cachelsz == 0)
2867 		cachelsz = 0x10;
2868 	sc->sc_cachelsz = cachelsz << 2;
2869 	sc->sc_dmabuf_size = roundup(IEEE80211_MAX_LEN, sc->sc_cachelsz);
2870 
2871 	vendor_id = ddi_get16(sc->sc_cfg_handle,
2872 	    (uint16_t *)((uintptr_t)(sc->sc_cfg_base) + PCI_CONF_VENID));
2873 	device_id = ddi_get16(sc->sc_cfg_handle,
2874 	    (uint16_t *)((uintptr_t)(sc->sc_cfg_base) + PCI_CONF_DEVID));
2875 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2876 	    "vendor 0x%x, device id 0x%x, cache size %d\n",
2877 	    vendor_id, device_id, cachelsz);
2878 
2879 	/*
2880 	 * Enable response to memory space accesses,
2881 	 * and enabe bus master.
2882 	 */
2883 	command = PCI_COMM_MAE | PCI_COMM_ME;
2884 	ddi_put16(sc->sc_cfg_handle,
2885 	    (uint16_t *)((uintptr_t)(sc->sc_cfg_base) + PCI_CONF_COMM),
2886 	    command);
2887 	ddi_put8(sc->sc_cfg_handle,
2888 	    (uint8_t *)(sc->sc_cfg_base + PCI_CONF_LATENCY_TIMER), 0xa8);
2889 	ddi_put8(sc->sc_cfg_handle,
2890 	    (uint8_t *)(sc->sc_cfg_base + PCI_CONF_ILINE), 0x10);
2891 
2892 	/* pci i/o space */
2893 	err = ddi_regs_map_setup(devinfo, 1,
2894 	    &sc->sc_io_base, 0, 0, &rwn_csr_accattr, &sc->sc_io_handle);
2895 	if (err != DDI_SUCCESS) {
2896 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2897 		    "ddi_regs_map_setup() failed");
2898 		goto fail2;
2899 	}
2900 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2901 	    "PCI configuration is done successfully\n");
2902 
2903 	sc->amrr.amrr_min_success_threshold =  1;
2904 	sc->amrr.amrr_max_success_threshold = 15;
2905 
2906 	/* wait for NIC to initialize */
2907 	for (ntries = 0; ntries < 100; ntries++) {
2908 		sc->mac_rev = RT2860_READ(sc, RT2860_ASIC_VER_ID);
2909 		if (sc->mac_rev != 0 && sc->mac_rev != 0xffffffff)
2910 			break;
2911 		DELAY(10);
2912 	}
2913 	if (ntries == 100) {
2914 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2915 		    "timeout waiting for NIC initialize\n");
2916 		return (DDI_FAILURE);
2917 	}
2918 
2919 	if ((sc->mac_rev >> 16) != 0x2860 &&
2920 	    (device_id == PRODUCT_RALINK_RT2890 ||
2921 	    device_id == PRODUCT_RALINK_RT2790 ||
2922 	    device_id == PRODUCT_AWT_RT2890))
2923 		sc->sc_flags |= RT2860_ADVANCED_PS;
2924 
2925 	/* retrieve RF rev. no and various other things from EEPROM */
2926 	(void) rt2860_read_eeprom(sc);
2927 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2928 	    "MAC/BBP RT%X (rev 0x%04X), RF %s (%dT%dR)\n",
2929 	    sc->mac_rev >> 16, sc->mac_rev & 0xffff,
2930 	    rt2860_get_rf(sc->rf_rev), sc->ntxchains, sc->nrxchains);
2931 
2932 	/*
2933 	 * Allocate Tx (4 EDCAs + HCCA + Mgt) and Rx rings.
2934 	 */
2935 	for (qid = 0; qid < 6; qid++) {
2936 		if ((err = rt2860_alloc_tx_ring(sc, &sc->txq[qid])) != 0) {
2937 			RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2938 			    "could not allocate Tx ring %d\n", qid);
2939 			goto fail3;
2940 		}
2941 	}
2942 
2943 	if ((err = rt2860_alloc_rx_ring(sc, &sc->rxq)) != 0) {
2944 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2945 		    "could not allocte Rx ring\n");
2946 		goto fail4;
2947 	}
2948 
2949 	if ((err = rt2860_alloc_tx_pool(sc)) != 0) {
2950 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
2951 		    "could not allocte Tx pool\n");
2952 		goto fail5;
2953 	}
2954 
2955 	mutex_init(&sc->sc_genlock, NULL, MUTEX_DRIVER, NULL);
2956 	mutex_init(&sc->sc_txlock, NULL, MUTEX_DRIVER, NULL);
2957 	mutex_init(&sc->sc_rxlock, NULL, MUTEX_DRIVER, NULL);
2958 
2959 	/* mgmt ring is broken on RT2860C, use EDCA AC VO ring instead */
2960 	sc->mgtqid = (sc->mac_rev == 0x28600100) ? EDCA_AC_VO : 5;
2961 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach():"
2962 	    "mgtqid = %x\n", sc->mgtqid);
2963 
2964 	ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
2965 	ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
2966 	ic->ic_state = IEEE80211_S_INIT;
2967 
2968 	/* set device capabilities */
2969 	ic->ic_caps =
2970 	    IEEE80211_C_TXPMGT |	/* tx power management */
2971 	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
2972 	    IEEE80211_C_SHSLOT;		/* short slot time supported */
2973 
2974 	/* WPA/WPA2 support */
2975 	ic->ic_caps |= IEEE80211_C_WPA; /* Support WPA/WPA2 */
2976 
2977 	/* set supported .11b and .11g rates */
2978 	ic->ic_sup_rates[IEEE80211_MODE_11B] = rt2860_rateset_11b;
2979 	ic->ic_sup_rates[IEEE80211_MODE_11G] = rt2860_rateset_11g;
2980 
2981 	/* set supported .11b and .11g channels (1 through 14) */
2982 	for (i = 1; i <= 14; i++) {
2983 		ic->ic_sup_channels[i].ich_freq =
2984 		    ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
2985 		ic->ic_sup_channels[i].ich_flags =
2986 		    IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
2987 		    IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
2988 	}
2989 
2990 	ic->ic_maxrssi = 63;
2991 	ic->ic_xmit = rt2860_send;
2992 
2993 	ieee80211_attach(ic);
2994 
2995 	/* register WPA door */
2996 	ieee80211_register_door(ic, ddi_driver_name(devinfo),
2997 	    ddi_get_instance(devinfo));
2998 
2999 	/* override state transition machine */
3000 	sc->sc_newstate = ic->ic_newstate;
3001 	ic->ic_newstate = rt2860_newstate;
3002 	ieee80211_media_init(ic);
3003 	ic->ic_def_txkey = 0;
3004 
3005 	err = ddi_add_softintr(devinfo, DDI_SOFTINT_LOW,
3006 	    &sc->sc_softintr_hdl, NULL, 0, rt2860_softintr, (caddr_t)sc);
3007 	if (err != DDI_SUCCESS) {
3008 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3009 		    "ddi_add_softintr() failed");
3010 		goto fail8;
3011 	}
3012 
3013 	err = ddi_get_iblock_cookie(devinfo, 0, &sc->sc_iblock);
3014 	if (err != DDI_SUCCESS) {
3015 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3016 		    "Can not get iblock cookie for INT\n");
3017 		goto fail7;
3018 	}
3019 
3020 	err = ddi_add_intr(devinfo, 0, NULL, NULL, rt2860_intr, (caddr_t)sc);
3021 	if (err != DDI_SUCCESS) {
3022 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3023 		    "unable to add device interrupt handler\n");
3024 		goto fail7;
3025 	}
3026 
3027 	/*
3028 	 * Provide initial settings for the WiFi plugin; whenever this
3029 	 * information changes, we need to call mac_plugindata_update()
3030 	 */
3031 	wd.wd_opmode = ic->ic_opmode;
3032 	wd.wd_secalloc = WIFI_SEC_NONE;
3033 	IEEE80211_ADDR_COPY(wd.wd_bssid, ic->ic_bss->in_bssid);
3034 
3035 	if ((macp = mac_alloc(MAC_VERSION)) == NULL) {
3036 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3037 		    "MAC version mismatch\n");
3038 		goto fail9;
3039 	}
3040 
3041 	macp->m_type_ident	= MAC_PLUGIN_IDENT_WIFI;
3042 	macp->m_driver		= sc;
3043 	macp->m_dip		= devinfo;
3044 	macp->m_src_addr	= ic->ic_macaddr;
3045 	macp->m_callbacks	= &rt2860_m_callbacks;
3046 	macp->m_min_sdu		= 0;
3047 	macp->m_max_sdu		= IEEE80211_MTU;
3048 	macp->m_pdata		= &wd;
3049 	macp->m_pdata_size	= sizeof (wd);
3050 
3051 	err = mac_register(macp, &ic->ic_mach);
3052 	mac_free(macp);
3053 	if (err != 0) {
3054 		RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach(): "
3055 		    "mac_register err %x\n", err);
3056 		goto fail9;
3057 	}
3058 
3059 	/*
3060 	 * Create minor node of type DDI_NT_NET_WIFI
3061 	 */
3062 	(void) snprintf(strbuf, sizeof (strbuf), "%s%d",
3063 	    "rwn", instance);
3064 	err = ddi_create_minor_node(devinfo, strbuf, S_IFCHR,
3065 	    instance + 1, DDI_NT_NET_WIFI, 0);
3066 
3067 	/*
3068 	 * Notify link is down now
3069 	 */
3070 	mac_link_update(ic->ic_mach, LINK_STATE_DOWN);
3071 
3072 	sc->sc_flags &= ~RT2860_F_RUNNING;
3073 
3074 	RWN_DEBUG(RT2860_DBG_MSG, "rwn: rt2860_attach() successfully.\n");
3075 	return (DDI_SUCCESS);
3076 fail9:
3077 	ddi_remove_softintr(sc->sc_softintr_hdl);
3078 fail8:
3079 	ddi_remove_intr(devinfo, 0, sc->sc_iblock);
3080 fail7:
3081 	mutex_destroy(&sc->sc_genlock);
3082 	mutex_destroy(&sc->sc_txlock);
3083 	mutex_destroy(&sc->sc_rxlock);
3084 fail6:
3085 	rt2860_free_tx_pool(sc);
3086 fail5:
3087 	rt2860_free_rx_ring(sc, &sc->rxq);
3088 fail4:
3089 	while (--qid >= 0)
3090 		rt2860_free_tx_ring(sc, &sc->txq[qid]);
3091 fail3:
3092 	ddi_regs_map_free(&sc->sc_io_handle);
3093 fail2:
3094 	ddi_regs_map_free(&sc->sc_cfg_handle);
3095 fail1:
3096 	return (err);
3097 }
3098 
3099 static int
3100 rt2860_detach(dev_info_t *devinfo, ddi_detach_cmd_t cmd)
3101 {
3102 	struct rt2860_softc	*sc;
3103 	int			qid;
3104 
3105 	sc = ddi_get_soft_state(rt2860_soft_state_p, ddi_get_instance(devinfo));
3106 
3107 	switch (cmd) {
3108 	case DDI_DETACH:
3109 		break;
3110 	case DDI_SUSPEND:
3111 		if (RT2860_IS_RUNNING(sc))
3112 			rt2860_stop(sc);
3113 		RT2860_GLOCK(sc);
3114 		sc->sc_flags &= ~RT2860_FWLOADED;
3115 		sc->sc_flags |= RT2860_F_SUSPEND;
3116 		RT2860_GUNLOCK(sc);
3117 		RWN_DEBUG(RT2860_DBG_RESUME, "rwn: rt2860_detach(): "
3118 		    "suspend now\n");
3119 		return (DDI_SUCCESS);
3120 	default:
3121 		return (DDI_FAILURE);
3122 	}
3123 
3124 	if (mac_disable(sc->sc_ic.ic_mach) != 0)
3125 		return (DDI_FAILURE);
3126 
3127 	rt2860_stop(sc);
3128 
3129 	/*
3130 	 * Unregister from the MAC layer subsystem
3131 	 */
3132 	(void) mac_unregister(sc->sc_ic.ic_mach);
3133 
3134 	ddi_remove_intr(devinfo, 0, sc->sc_iblock);
3135 	ddi_remove_softintr(sc->sc_softintr_hdl);
3136 
3137 	/*
3138 	 * detach ieee80211 layer
3139 	 */
3140 	ieee80211_detach(&sc->sc_ic);
3141 
3142 	rt2860_free_tx_pool(sc);
3143 	rt2860_free_rx_ring(sc, &sc->rxq);
3144 	for (qid = 0; qid < 6; qid++)
3145 		rt2860_free_tx_ring(sc, &sc->txq[qid]);
3146 
3147 	ddi_regs_map_free(&sc->sc_io_handle);
3148 
3149 	mutex_destroy(&sc->sc_genlock);
3150 	mutex_destroy(&sc->sc_txlock);
3151 	mutex_destroy(&sc->sc_rxlock);
3152 
3153 	ddi_remove_minor_node(devinfo, NULL);
3154 	ddi_soft_state_free(rt2860_soft_state_p, ddi_get_instance(devinfo));
3155 
3156 	return (DDI_SUCCESS);
3157 }
3158 
3159 int
3160 _info(struct modinfo *modinfop)
3161 {
3162 	return (mod_info(&modlinkage, modinfop));
3163 }
3164 
3165 int
3166 _init(void)
3167 {
3168 	int status;
3169 
3170 	status = ddi_soft_state_init(&rt2860_soft_state_p,
3171 	    sizeof (struct rt2860_softc), 1);
3172 	if (status != 0)
3173 		return (status);
3174 
3175 	mac_init_ops(&rwn_dev_ops, "rwn");
3176 	status = mod_install(&modlinkage);
3177 	if (status != 0) {
3178 		mac_fini_ops(&rwn_dev_ops);
3179 		ddi_soft_state_fini(&rt2860_soft_state_p);
3180 	}
3181 	return (status);
3182 }
3183 
3184 int
3185 _fini(void)
3186 {
3187 	int status;
3188 
3189 	status = mod_remove(&modlinkage);
3190 	if (status == 0) {
3191 		mac_fini_ops(&rwn_dev_ops);
3192 		ddi_soft_state_fini(&rt2860_soft_state_p);
3193 	}
3194 	return (status);
3195 }
3196