1/*-
2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#include <sys/cdefs.h>
21__FBSDID("$FreeBSD: stable/11/sys/dev/usb/wlan/if_run.c 345636 2019-03-28 09:50:25Z avos $");
22
23/*-
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
26 */
27
28#include <sys/param.h>
29#include <sys/sockio.h>
30#include <sys/sysctl.h>
31#include <sys/lock.h>
32#include <sys/mutex.h>
33#include <sys/mbuf.h>
34#include <sys/kernel.h>
35#include <sys/socket.h>
36#include <sys/systm.h>
37#include <sys/malloc.h>
38#include <sys/module.h>
39#include <sys/bus.h>
40#include <sys/endian.h>
41#include <sys/linker.h>
42#include <sys/firmware.h>
43#include <sys/kdb.h>
44
45#include <net/bpf.h>
46#include <net/if.h>
47#include <net/if_var.h>
48#include <net/if_arp.h>
49#include <net/ethernet.h>
50#include <net/if_dl.h>
51#include <net/if_media.h>
52#include <net/if_types.h>
53
54#include <netinet/in.h>
55#include <netinet/in_systm.h>
56#include <netinet/in_var.h>
57#include <netinet/if_ether.h>
58#include <netinet/ip.h>
59
60#include <net80211/ieee80211_var.h>
61#include <net80211/ieee80211_regdomain.h>
62#include <net80211/ieee80211_radiotap.h>
63#include <net80211/ieee80211_ratectl.h>
64
65#include <dev/usb/usb.h>
66#include <dev/usb/usbdi.h>
67#include "usbdevs.h"
68
69#define USB_DEBUG_VAR run_debug
70#include <dev/usb/usb_debug.h>
71#include <dev/usb/usb_msctest.h>
72
73#include <dev/usb/wlan/if_runreg.h>
74#include <dev/usb/wlan/if_runvar.h>
75
76#ifdef USB_DEBUG
77#define RUN_DEBUG
78#endif
79
80#ifdef RUN_DEBUG
81int run_debug = 0;
82static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
83SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
84 "run debug level");
85#endif
86
87#define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
88
89/*
90 * Because of LOR in run_key_delete(), use atomic instead.
91 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
92 */
93#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
94
95static const STRUCT_USB_HOST_ID run_devs[] = {
96#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
97#define RUN_DEV_EJECT(v,p) \
98 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
99#define RUN_EJECT 1
100 RUN_DEV(ABOCOM, RT2770),
101 RUN_DEV(ABOCOM, RT2870),
102 RUN_DEV(ABOCOM, RT3070),
103 RUN_DEV(ABOCOM, RT3071),
104 RUN_DEV(ABOCOM, RT3072),
105 RUN_DEV(ABOCOM2, RT2870_1),
106 RUN_DEV(ACCTON, RT2770),
107 RUN_DEV(ACCTON, RT2870_1),
108 RUN_DEV(ACCTON, RT2870_2),
109 RUN_DEV(ACCTON, RT2870_3),
110 RUN_DEV(ACCTON, RT2870_4),
111 RUN_DEV(ACCTON, RT2870_5),
112 RUN_DEV(ACCTON, RT3070),
113 RUN_DEV(ACCTON, RT3070_1),
114 RUN_DEV(ACCTON, RT3070_2),
115 RUN_DEV(ACCTON, RT3070_3),
116 RUN_DEV(ACCTON, RT3070_4),
117 RUN_DEV(ACCTON, RT3070_5),
118 RUN_DEV(AIRTIES, RT3070),
119 RUN_DEV(ALLWIN, RT2070),
120 RUN_DEV(ALLWIN, RT2770),
121 RUN_DEV(ALLWIN, RT2870),
122 RUN_DEV(ALLWIN, RT3070),
123 RUN_DEV(ALLWIN, RT3071),
124 RUN_DEV(ALLWIN, RT3072),
125 RUN_DEV(ALLWIN, RT3572),
126 RUN_DEV(AMIGO, RT2870_1),
127 RUN_DEV(AMIGO, RT2870_2),
128 RUN_DEV(AMIT, CGWLUSB2GNR),
129 RUN_DEV(AMIT, RT2870_1),
130 RUN_DEV(AMIT2, RT2870),
131 RUN_DEV(ASUS, RT2870_1),
132 RUN_DEV(ASUS, RT2870_2),
133 RUN_DEV(ASUS, RT2870_3),
134 RUN_DEV(ASUS, RT2870_4),
135 RUN_DEV(ASUS, RT2870_5),
136 RUN_DEV(ASUS, USBN13),
137 RUN_DEV(ASUS, RT3070_1),
138 RUN_DEV(ASUS, USBN66),
139 RUN_DEV(ASUS, USB_N53),
140 RUN_DEV(ASUS2, USBN11),
141 RUN_DEV(AZUREWAVE, RT2870_1),
142 RUN_DEV(AZUREWAVE, RT2870_2),
143 RUN_DEV(AZUREWAVE, RT3070_1),
144 RUN_DEV(AZUREWAVE, RT3070_2),
145 RUN_DEV(AZUREWAVE, RT3070_3),
146 RUN_DEV(BELKIN, F9L1103),
147 RUN_DEV(BELKIN, F5D8053V3),
148 RUN_DEV(BELKIN, F5D8055),
149 RUN_DEV(BELKIN, F5D8055V2),
150 RUN_DEV(BELKIN, F6D4050V1),
151 RUN_DEV(BELKIN, F6D4050V2),
152 RUN_DEV(BELKIN, RT2870_1),
153 RUN_DEV(BELKIN, RT2870_2),
154 RUN_DEV(CISCOLINKSYS, AE1000),
155 RUN_DEV(CISCOLINKSYS2, RT3070),
156 RUN_DEV(CISCOLINKSYS3, RT3070),
157 RUN_DEV(CONCEPTRONIC2, RT2870_1),
158 RUN_DEV(CONCEPTRONIC2, RT2870_2),
159 RUN_DEV(CONCEPTRONIC2, RT2870_3),
160 RUN_DEV(CONCEPTRONIC2, RT2870_4),
161 RUN_DEV(CONCEPTRONIC2, RT2870_5),
162 RUN_DEV(CONCEPTRONIC2, RT2870_6),
163 RUN_DEV(CONCEPTRONIC2, RT2870_7),
164 RUN_DEV(CONCEPTRONIC2, RT2870_8),
165 RUN_DEV(CONCEPTRONIC2, RT3070_1),
166 RUN_DEV(CONCEPTRONIC2, RT3070_2),
167 RUN_DEV(CONCEPTRONIC2, VIGORN61),
168 RUN_DEV(COREGA, CGWLUSB300GNM),
169 RUN_DEV(COREGA, RT2870_1),
170 RUN_DEV(COREGA, RT2870_2),
171 RUN_DEV(COREGA, RT2870_3),
172 RUN_DEV(COREGA, RT3070),
173 RUN_DEV(CYBERTAN, RT2870),
174 RUN_DEV(DLINK, RT2870),
175 RUN_DEV(DLINK, RT3072),
176 RUN_DEV(DLINK, DWA127),
177 RUN_DEV(DLINK, DWA140B3),
178 RUN_DEV(DLINK, DWA160B2),
179 RUN_DEV(DLINK, DWA140D1),
180 RUN_DEV(DLINK, DWA162),
181 RUN_DEV(DLINK2, DWA130),
182 RUN_DEV(DLINK2, RT2870_1),
183 RUN_DEV(DLINK2, RT2870_2),
184 RUN_DEV(DLINK2, RT3070_1),
185 RUN_DEV(DLINK2, RT3070_2),
186 RUN_DEV(DLINK2, RT3070_3),
187 RUN_DEV(DLINK2, RT3070_4),
188 RUN_DEV(DLINK2, RT3070_5),
189 RUN_DEV(DLINK2, RT3072),
190 RUN_DEV(DLINK2, RT3072_1),
191 RUN_DEV(EDIMAX, EW7717),
192 RUN_DEV(EDIMAX, EW7718),
193 RUN_DEV(EDIMAX, EW7733UND),
194 RUN_DEV(EDIMAX, RT2870_1),
195 RUN_DEV(ENCORE, RT3070_1),
196 RUN_DEV(ENCORE, RT3070_2),
197 RUN_DEV(ENCORE, RT3070_3),
198 RUN_DEV(GIGABYTE, GNWB31N),
199 RUN_DEV(GIGABYTE, GNWB32L),
200 RUN_DEV(GIGABYTE, RT2870_1),
201 RUN_DEV(GIGASET, RT3070_1),
202 RUN_DEV(GIGASET, RT3070_2),
203 RUN_DEV(GUILLEMOT, HWNU300),
204 RUN_DEV(HAWKING, HWUN2),
205 RUN_DEV(HAWKING, RT2870_1),
206 RUN_DEV(HAWKING, RT2870_2),
207 RUN_DEV(HAWKING, RT3070),
208 RUN_DEV(IODATA, RT3072_1),
209 RUN_DEV(IODATA, RT3072_2),
210 RUN_DEV(IODATA, RT3072_3),
211 RUN_DEV(IODATA, RT3072_4),
212 RUN_DEV(LINKSYS4, RT3070),
213 RUN_DEV(LINKSYS4, WUSB100),
214 RUN_DEV(LINKSYS4, WUSB54GCV3),
215 RUN_DEV(LINKSYS4, WUSB600N),
216 RUN_DEV(LINKSYS4, WUSB600NV2),
217 RUN_DEV(LOGITEC, RT2870_1),
218 RUN_DEV(LOGITEC, RT2870_2),
219 RUN_DEV(LOGITEC, RT2870_3),
220 RUN_DEV(LOGITEC, LANW300NU2),
221 RUN_DEV(LOGITEC, LANW150NU2),
222 RUN_DEV(LOGITEC, LANW300NU2S),
223 RUN_DEV(MELCO, WLIUCG300HP),
224 RUN_DEV(MELCO, RT2870_2),
225 RUN_DEV(MELCO, WLIUCAG300N),
226 RUN_DEV(MELCO, WLIUCG300N),
227 RUN_DEV(MELCO, WLIUCG301N),
228 RUN_DEV(MELCO, WLIUCGN),
229 RUN_DEV(MELCO, WLIUCGNM),
230 RUN_DEV(MELCO, WLIUCG300HPV1),
231 RUN_DEV(MELCO, WLIUCGNM2),
232 RUN_DEV(MOTOROLA4, RT2770),
233 RUN_DEV(MOTOROLA4, RT3070),
234 RUN_DEV(MSI, RT3070_1),
235 RUN_DEV(MSI, RT3070_2),
236 RUN_DEV(MSI, RT3070_3),
237 RUN_DEV(MSI, RT3070_4),
238 RUN_DEV(MSI, RT3070_5),
239 RUN_DEV(MSI, RT3070_6),
240 RUN_DEV(MSI, RT3070_7),
241 RUN_DEV(MSI, RT3070_8),
242 RUN_DEV(MSI, RT3070_9),
243 RUN_DEV(MSI, RT3070_10),
244 RUN_DEV(MSI, RT3070_11),
245 RUN_DEV(NETGEAR, WNDA4100),
246 RUN_DEV(OVISLINK, RT3072),
247 RUN_DEV(PARA, RT3070),
248 RUN_DEV(PEGATRON, RT2870),
249 RUN_DEV(PEGATRON, RT3070),
250 RUN_DEV(PEGATRON, RT3070_2),
251 RUN_DEV(PEGATRON, RT3070_3),
252 RUN_DEV(PHILIPS, RT2870),
253 RUN_DEV(PLANEX2, GWUS300MINIS),
254 RUN_DEV(PLANEX2, GWUSMICRON),
255 RUN_DEV(PLANEX2, RT2870),
256 RUN_DEV(PLANEX2, RT3070),
257 RUN_DEV(QCOM, RT2870),
258 RUN_DEV(QUANTA, RT3070),
259 RUN_DEV(RALINK, RT2070),
260 RUN_DEV(RALINK, RT2770),
261 RUN_DEV(RALINK, RT2870),
262 RUN_DEV(RALINK, RT3070),
263 RUN_DEV(RALINK, RT3071),
264 RUN_DEV(RALINK, RT3072),
265 RUN_DEV(RALINK, RT3370),
266 RUN_DEV(RALINK, RT3572),
267 RUN_DEV(RALINK, RT3573),
268 RUN_DEV(RALINK, RT5370),
269 RUN_DEV(RALINK, RT5572),
270 RUN_DEV(RALINK, RT8070),
271 RUN_DEV(SAMSUNG, WIS09ABGN),
272 RUN_DEV(SAMSUNG2, RT2870_1),
273 RUN_DEV(SENAO, RT2870_1),
274 RUN_DEV(SENAO, RT2870_2),
275 RUN_DEV(SENAO, RT2870_3),
276 RUN_DEV(SENAO, RT2870_4),
277 RUN_DEV(SENAO, RT3070),
278 RUN_DEV(SENAO, RT3071),
279 RUN_DEV(SENAO, RT3072_1),
280 RUN_DEV(SENAO, RT3072_2),
281 RUN_DEV(SENAO, RT3072_3),
282 RUN_DEV(SENAO, RT3072_4),
283 RUN_DEV(SENAO, RT3072_5),
284 RUN_DEV(SITECOMEU, RT2770),
285 RUN_DEV(SITECOMEU, RT2870_1),
286 RUN_DEV(SITECOMEU, RT2870_2),
287 RUN_DEV(SITECOMEU, RT2870_3),
288 RUN_DEV(SITECOMEU, RT2870_4),
289 RUN_DEV(SITECOMEU, RT3070),
290 RUN_DEV(SITECOMEU, RT3070_2),
291 RUN_DEV(SITECOMEU, RT3070_3),
292 RUN_DEV(SITECOMEU, RT3070_4),
293 RUN_DEV(SITECOMEU, RT3071),
294 RUN_DEV(SITECOMEU, RT3072_1),
295 RUN_DEV(SITECOMEU, RT3072_2),
296 RUN_DEV(SITECOMEU, RT3072_3),
297 RUN_DEV(SITECOMEU, RT3072_4),
298 RUN_DEV(SITECOMEU, RT3072_5),
299 RUN_DEV(SITECOMEU, RT3072_6),
300 RUN_DEV(SITECOMEU, WL608),
301 RUN_DEV(SPARKLAN, RT2870_1),
302 RUN_DEV(SPARKLAN, RT3070),
303 RUN_DEV(SWEEX2, LW153),
304 RUN_DEV(SWEEX2, LW303),
305 RUN_DEV(SWEEX2, LW313),
306 RUN_DEV(TOSHIBA, RT3070),
307 RUN_DEV(UMEDIA, RT2870_1),
308 RUN_DEV(ZCOM, RT2870_1),
309 RUN_DEV(ZCOM, RT2870_2),
310 RUN_DEV(ZINWELL, RT2870_1),
311 RUN_DEV(ZINWELL, RT2870_2),
312 RUN_DEV(ZINWELL, RT3070),
313 RUN_DEV(ZINWELL, RT3072_1),
314 RUN_DEV(ZINWELL, RT3072_2),
315 RUN_DEV(ZYXEL, RT2870_1),
316 RUN_DEV(ZYXEL, RT2870_2),
317 RUN_DEV(ZYXEL, RT3070),
318 RUN_DEV_EJECT(ZYXEL, NWD2705),
319 RUN_DEV_EJECT(RALINK, RT_STOR),
320#undef RUN_DEV_EJECT
321#undef RUN_DEV
322};
323
324static device_probe_t run_match;
325static device_attach_t run_attach;
326static device_detach_t run_detach;
327
328static usb_callback_t run_bulk_rx_callback;
329static usb_callback_t run_bulk_tx_callback0;
330static usb_callback_t run_bulk_tx_callback1;
331static usb_callback_t run_bulk_tx_callback2;
332static usb_callback_t run_bulk_tx_callback3;
333static usb_callback_t run_bulk_tx_callback4;
334static usb_callback_t run_bulk_tx_callback5;
335
336static void run_autoinst(void *, struct usb_device *,
337 struct usb_attach_arg *);
338static int run_driver_loaded(struct module *, int, void *);
339static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
340 usb_error_t error, u_int index);
341static struct ieee80211vap *run_vap_create(struct ieee80211com *,
342 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
343 const uint8_t [IEEE80211_ADDR_LEN],
344 const uint8_t [IEEE80211_ADDR_LEN]);
345static void run_vap_delete(struct ieee80211vap *);
346static void run_cmdq_cb(void *, int);
347static void run_setup_tx_list(struct run_softc *,
348 struct run_endpoint_queue *);
349static void run_unsetup_tx_list(struct run_softc *,
350 struct run_endpoint_queue *);
351static int run_load_microcode(struct run_softc *);
352static int run_reset(struct run_softc *);
353static usb_error_t run_do_request(struct run_softc *,
354 struct usb_device_request *, void *);
355static int run_read(struct run_softc *, uint16_t, uint32_t *);
356static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
357static int run_write_2(struct run_softc *, uint16_t, uint16_t);
358static int run_write(struct run_softc *, uint16_t, uint32_t);
359static int run_write_region_1(struct run_softc *, uint16_t,
360 const uint8_t *, int);
361static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
362static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
363static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
364static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
365static int run_rt2870_rf_write(struct run_softc *, uint32_t);
366static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
367static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
368static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
369static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
370static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
371static const char *run_get_rf(uint16_t);
372static void run_rt3593_get_txpower(struct run_softc *);
373static void run_get_txpower(struct run_softc *);
374static int run_read_eeprom(struct run_softc *);
375static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
376 const uint8_t mac[IEEE80211_ADDR_LEN]);
377static int run_media_change(struct ifnet *);
378static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
379static int run_wme_update(struct ieee80211com *);
380static void run_key_set_cb(void *);
381static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
382static void run_key_delete_cb(void *);
383static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
384static void run_ratectl_to(void *);
385static void run_ratectl_cb(void *, int);
386static void run_drain_fifo(void *);
387static void run_iter_func(void *, struct ieee80211_node *);
388static void run_newassoc_cb(void *);
389static void run_newassoc(struct ieee80211_node *, int);
390static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
391 const struct ieee80211_rx_stats *, int, int);
392static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
393static void run_tx_free(struct run_endpoint_queue *pq,
394 struct run_tx_data *, int);
395static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
396static int run_tx(struct run_softc *, struct mbuf *,
397 struct ieee80211_node *);
398static int run_tx_mgt(struct run_softc *, struct mbuf *,
399 struct ieee80211_node *);
400static int run_sendprot(struct run_softc *, const struct mbuf *,
401 struct ieee80211_node *, int, int);
402static int run_tx_param(struct run_softc *, struct mbuf *,
403 struct ieee80211_node *,
404 const struct ieee80211_bpf_params *);
405static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
406 const struct ieee80211_bpf_params *);
407static int run_transmit(struct ieee80211com *, struct mbuf *);
408static void run_start(struct run_softc *);
409static void run_parent(struct ieee80211com *);
410static void run_iq_calib(struct run_softc *, u_int);
411static void run_set_agc(struct run_softc *, uint8_t);
412static void run_select_chan_group(struct run_softc *, int);
413static void run_set_rx_antenna(struct run_softc *, int);
414static void run_rt2870_set_chan(struct run_softc *, u_int);
415static void run_rt3070_set_chan(struct run_softc *, u_int);
416static void run_rt3572_set_chan(struct run_softc *, u_int);
417static void run_rt3593_set_chan(struct run_softc *, u_int);
418static void run_rt5390_set_chan(struct run_softc *, u_int);
419static void run_rt5592_set_chan(struct run_softc *, u_int);
420static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
421static void run_set_channel(struct ieee80211com *);
422static void run_getradiocaps(struct ieee80211com *, int, int *,
423 struct ieee80211_channel[]);
424static void run_scan_start(struct ieee80211com *);
425static void run_scan_end(struct ieee80211com *);
426static void run_update_beacon(struct ieee80211vap *, int);
427static void run_update_beacon_cb(void *);
428static void run_updateprot(struct ieee80211com *);
429static void run_updateprot_cb(void *);
430static void run_usb_timeout_cb(void *);
431static void run_reset_livelock(struct run_softc *);
432static void run_enable_tsf_sync(struct run_softc *);
433static void run_enable_tsf(struct run_softc *);
434static void run_get_tsf(struct run_softc *, uint64_t *);
435static void run_enable_mrr(struct run_softc *);
436static void run_set_txpreamble(struct run_softc *);
437static void run_set_basicrates(struct run_softc *);
438static void run_set_leds(struct run_softc *, uint16_t);
439static void run_set_bssid(struct run_softc *, const uint8_t *);
440static void run_set_macaddr(struct run_softc *, const uint8_t *);
441static void run_updateslot(struct ieee80211com *);
442static void run_updateslot_cb(void *);
443static void run_update_mcast(struct ieee80211com *);
444static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
445static void run_update_promisc_locked(struct run_softc *);
446static void run_update_promisc(struct ieee80211com *);
447static void run_rt5390_bbp_init(struct run_softc *);
448static int run_bbp_init(struct run_softc *);
449static int run_rt3070_rf_init(struct run_softc *);
450static void run_rt3593_rf_init(struct run_softc *);
451static void run_rt5390_rf_init(struct run_softc *);
452static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
453 uint8_t *);
454static void run_rt3070_rf_setup(struct run_softc *);
455static void run_rt3593_rf_setup(struct run_softc *);
456static void run_rt5390_rf_setup(struct run_softc *);
457static int run_txrx_enable(struct run_softc *);
458static void run_adjust_freq_offset(struct run_softc *);
459static void run_init_locked(struct run_softc *);
460static void run_stop(void *);
461static void run_delay(struct run_softc *, u_int);
462
463static eventhandler_tag run_etag;
464
465static const struct rt2860_rate {
466 uint8_t rate;
467 uint8_t mcs;
468 enum ieee80211_phytype phy;
469 uint8_t ctl_ridx;
470 uint16_t sp_ack_dur;
471 uint16_t lp_ack_dur;
472} rt2860_rates[] = {
473 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
474 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
475 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
476 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
477 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
478 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
479 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
480 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
481 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
482 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
483 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
484 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
485};
486
487static const struct {
488 uint16_t reg;
489 uint32_t val;
490} rt2870_def_mac[] = {
491 RT2870_DEF_MAC
492};
493
494static const struct {
495 uint8_t reg;
496 uint8_t val;
497} rt2860_def_bbp[] = {
498 RT2860_DEF_BBP
499},rt5390_def_bbp[] = {
500 RT5390_DEF_BBP
501},rt5592_def_bbp[] = {
502 RT5592_DEF_BBP
503};
504
505/*
506 * Default values for BBP register R196 for RT5592.
507 */
508static const uint8_t rt5592_bbp_r196[] = {
509 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
510 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
511 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
512 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
513 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
514 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
515 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
516 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
517 0x2e, 0x36, 0x30, 0x6e
518};
519
520static const struct rfprog {
521 uint8_t chan;
522 uint32_t r1, r2, r3, r4;
523} rt2860_rf2850[] = {
524 RT2860_RF2850
525};
526
527struct {
528 uint8_t n, r, k;
529} rt3070_freqs[] = {
530 RT3070_RF3052
531};
532
533static const struct rt5592_freqs {
534 uint16_t n;
535 uint8_t k, m, r;
536} rt5592_freqs_20mhz[] = {
537 RT5592_RF5592_20MHZ
538},rt5592_freqs_40mhz[] = {
539 RT5592_RF5592_40MHZ
540};
541
542static const struct {
543 uint8_t reg;
544 uint8_t val;
545} rt3070_def_rf[] = {
546 RT3070_DEF_RF
547},rt3572_def_rf[] = {
548 RT3572_DEF_RF
549},rt3593_def_rf[] = {
550 RT3593_DEF_RF
551},rt5390_def_rf[] = {
552 RT5390_DEF_RF
553},rt5392_def_rf[] = {
554 RT5392_DEF_RF
555},rt5592_def_rf[] = {
556 RT5592_DEF_RF
557},rt5592_2ghz_def_rf[] = {
558 RT5592_2GHZ_DEF_RF
559},rt5592_5ghz_def_rf[] = {
560 RT5592_5GHZ_DEF_RF
561};
562
563static const struct {
564 u_int firstchan;
565 u_int lastchan;
566 uint8_t reg;
567 uint8_t val;
568} rt5592_chan_5ghz[] = {
569 RT5592_CHAN_5GHZ
570};
571
572static const struct usb_config run_config[RUN_N_XFER] = {
573 [RUN_BULK_TX_BE] = {
574 .type = UE_BULK,
575 .endpoint = UE_ADDR_ANY,
576 .ep_index = 0,
577 .direction = UE_DIR_OUT,
578 .bufsize = RUN_MAX_TXSZ,
579 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
580 .callback = run_bulk_tx_callback0,
581 .timeout = 5000, /* ms */
582 },
583 [RUN_BULK_TX_BK] = {
584 .type = UE_BULK,
585 .endpoint = UE_ADDR_ANY,
586 .direction = UE_DIR_OUT,
587 .ep_index = 1,
588 .bufsize = RUN_MAX_TXSZ,
589 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
590 .callback = run_bulk_tx_callback1,
591 .timeout = 5000, /* ms */
592 },
593 [RUN_BULK_TX_VI] = {
594 .type = UE_BULK,
595 .endpoint = UE_ADDR_ANY,
596 .direction = UE_DIR_OUT,
597 .ep_index = 2,
598 .bufsize = RUN_MAX_TXSZ,
599 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
600 .callback = run_bulk_tx_callback2,
601 .timeout = 5000, /* ms */
602 },
603 [RUN_BULK_TX_VO] = {
604 .type = UE_BULK,
605 .endpoint = UE_ADDR_ANY,
606 .direction = UE_DIR_OUT,
607 .ep_index = 3,
608 .bufsize = RUN_MAX_TXSZ,
609 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
610 .callback = run_bulk_tx_callback3,
611 .timeout = 5000, /* ms */
612 },
613 [RUN_BULK_TX_HCCA] = {
614 .type = UE_BULK,
615 .endpoint = UE_ADDR_ANY,
616 .direction = UE_DIR_OUT,
617 .ep_index = 4,
618 .bufsize = RUN_MAX_TXSZ,
619 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
620 .callback = run_bulk_tx_callback4,
621 .timeout = 5000, /* ms */
622 },
623 [RUN_BULK_TX_PRIO] = {
624 .type = UE_BULK,
625 .endpoint = UE_ADDR_ANY,
626 .direction = UE_DIR_OUT,
627 .ep_index = 5,
628 .bufsize = RUN_MAX_TXSZ,
629 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
630 .callback = run_bulk_tx_callback5,
631 .timeout = 5000, /* ms */
632 },
633 [RUN_BULK_RX] = {
634 .type = UE_BULK,
635 .endpoint = UE_ADDR_ANY,
636 .direction = UE_DIR_IN,
637 .bufsize = RUN_MAX_RXSZ,
638 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
639 .callback = run_bulk_rx_callback,
640 }
641};
642
643static void
644run_autoinst(void *arg, struct usb_device *udev,
645 struct usb_attach_arg *uaa)
646{
647 struct usb_interface *iface;
648 struct usb_interface_descriptor *id;
649
650 if (uaa->dev_state != UAA_DEV_READY)
651 return;
652
653 iface = usbd_get_iface(udev, 0);
654 if (iface == NULL)
655 return;
656 id = iface->idesc;
657 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
658 return;
659 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
660 return;
661
662 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
663 uaa->dev_state = UAA_DEV_EJECTING;
664}
665
666static int
667run_driver_loaded(struct module *mod, int what, void *arg)
668{
669 switch (what) {
670 case MOD_LOAD:
671 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
672 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
673 break;
674 case MOD_UNLOAD:
675 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
676 break;
677 default:
678 return (EOPNOTSUPP);
679 }
680 return (0);
681}
682
683static int
684run_match(device_t self)
685{
686 struct usb_attach_arg *uaa = device_get_ivars(self);
687
688 if (uaa->usb_mode != USB_MODE_HOST)
689 return (ENXIO);
690 if (uaa->info.bConfigIndex != 0)
691 return (ENXIO);
692 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
693 return (ENXIO);
694
695 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
696}
697
698static int
699run_attach(device_t self)
700{
701 struct run_softc *sc = device_get_softc(self);
702 struct usb_attach_arg *uaa = device_get_ivars(self);
703 struct ieee80211com *ic = &sc->sc_ic;
704 uint32_t ver;
705 uint8_t iface_index;
706 int ntries, error;
707
708 device_set_usb_desc(self);
709 sc->sc_udev = uaa->device;
710 sc->sc_dev = self;
711 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
712 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
713
714 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
715 MTX_NETWORK_LOCK, MTX_DEF);
716 mbufq_init(&sc->sc_snd, ifqmaxlen);
717
718 iface_index = RT2860_IFACE_INDEX;
719
720 error = usbd_transfer_setup(uaa->device, &iface_index,
721 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
722 if (error) {
723 device_printf(self, "could not allocate USB transfers, "
724 "err=%s\n", usbd_errstr(error));
725 goto detach;
726 }
727
728 RUN_LOCK(sc);
729
730 /* wait for the chip to settle */
731 for (ntries = 0; ntries < 100; ntries++) {
732 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
733 RUN_UNLOCK(sc);
734 goto detach;
735 }
736 if (ver != 0 && ver != 0xffffffff)
737 break;
738 run_delay(sc, 10);
739 }
740 if (ntries == 100) {
741 device_printf(sc->sc_dev,
742 "timeout waiting for NIC to initialize\n");
743 RUN_UNLOCK(sc);
744 goto detach;
745 }
746 sc->mac_ver = ver >> 16;
747 sc->mac_rev = ver & 0xffff;
748
749 /* retrieve RF rev. no and various other things from EEPROM */
750 run_read_eeprom(sc);
751
752 device_printf(sc->sc_dev,
753 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
754 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
755 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
756
757 RUN_UNLOCK(sc);
758
759 ic->ic_softc = sc;
760 ic->ic_name = device_get_nameunit(self);
761 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
762 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
763
764 /* set device capabilities */
765 ic->ic_caps =
766 IEEE80211_C_STA | /* station mode supported */
767 IEEE80211_C_MONITOR | /* monitor mode supported */
768 IEEE80211_C_IBSS |
769 IEEE80211_C_HOSTAP |
770 IEEE80211_C_WDS | /* 4-address traffic works */
771 IEEE80211_C_MBSS |
772 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
773 IEEE80211_C_SHSLOT | /* short slot time supported */
774 IEEE80211_C_WME | /* WME */
775 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
776
777 ic->ic_cryptocaps =
778 IEEE80211_CRYPTO_WEP |
779 IEEE80211_CRYPTO_AES_CCM |
780 IEEE80211_CRYPTO_TKIPMIC |
781 IEEE80211_CRYPTO_TKIP;
782
783 ic->ic_flags |= IEEE80211_F_DATAPAD;
784 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
785
786 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
787 ic->ic_channels);
788
789 ieee80211_ifattach(ic);
790
791 ic->ic_scan_start = run_scan_start;
792 ic->ic_scan_end = run_scan_end;
793 ic->ic_set_channel = run_set_channel;
794 ic->ic_getradiocaps = run_getradiocaps;
795 ic->ic_node_alloc = run_node_alloc;
796 ic->ic_newassoc = run_newassoc;
797 ic->ic_updateslot = run_updateslot;
798 ic->ic_update_mcast = run_update_mcast;
799 ic->ic_wme.wme_update = run_wme_update;
800 ic->ic_raw_xmit = run_raw_xmit;
801 ic->ic_update_promisc = run_update_promisc;
802 ic->ic_vap_create = run_vap_create;
803 ic->ic_vap_delete = run_vap_delete;
804 ic->ic_transmit = run_transmit;
805 ic->ic_parent = run_parent;
806
807 ieee80211_radiotap_attach(ic,
808 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
809 RUN_TX_RADIOTAP_PRESENT,
810 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
811 RUN_RX_RADIOTAP_PRESENT);
812
813 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
814 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
815 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
816
817 if (bootverbose)
818 ieee80211_announce(ic);
819
820 return (0);
821
822detach:
823 run_detach(self);
824 return (ENXIO);
825}
826
827static void
828run_drain_mbufq(struct run_softc *sc)
829{
830 struct mbuf *m;
831 struct ieee80211_node *ni;
832
833 RUN_LOCK_ASSERT(sc, MA_OWNED);
834 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
835 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
836 m->m_pkthdr.rcvif = NULL;
837 ieee80211_free_node(ni);
838 m_freem(m);
839 }
840}
841
842static int
843run_detach(device_t self)
844{
845 struct run_softc *sc = device_get_softc(self);
846 struct ieee80211com *ic = &sc->sc_ic;
847 int i;
848
849 RUN_LOCK(sc);
850 sc->sc_detached = 1;
851 RUN_UNLOCK(sc);
852
853 /* stop all USB transfers */
854 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
855
856 RUN_LOCK(sc);
857 sc->ratectl_run = RUN_RATECTL_OFF;
858 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
859
860 /* free TX list, if any */
861 for (i = 0; i != RUN_EP_QUEUES; i++)
862 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
863
864 /* Free TX queue */
865 run_drain_mbufq(sc);
866 RUN_UNLOCK(sc);
867
868 if (sc->sc_ic.ic_softc == sc) {
869 /* drain tasks */
870 usb_callout_drain(&sc->ratectl_ch);
871 ieee80211_draintask(ic, &sc->cmdq_task);
872 ieee80211_draintask(ic, &sc->ratectl_task);
873 ieee80211_ifdetach(ic);
874 }
875
876 mtx_destroy(&sc->sc_mtx);
877
878 return (0);
879}
880
881static struct ieee80211vap *
882run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
883 enum ieee80211_opmode opmode, int flags,
884 const uint8_t bssid[IEEE80211_ADDR_LEN],
885 const uint8_t mac[IEEE80211_ADDR_LEN])
886{
887 struct run_softc *sc = ic->ic_softc;
888 struct run_vap *rvp;
889 struct ieee80211vap *vap;
890 int i;
891
892 if (sc->rvp_cnt >= RUN_VAP_MAX) {
893 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
894 return (NULL);
895 }
896
897 switch (opmode) {
898 case IEEE80211_M_STA:
899 /* enable s/w bmiss handling for sta mode */
900 flags |= IEEE80211_CLONE_NOBEACONS;
901 /* fall though */
902 case IEEE80211_M_IBSS:
903 case IEEE80211_M_MONITOR:
904 case IEEE80211_M_HOSTAP:
905 case IEEE80211_M_MBSS:
906 /* other than WDS vaps, only one at a time */
907 if (!TAILQ_EMPTY(&ic->ic_vaps))
908 return (NULL);
909 break;
910 case IEEE80211_M_WDS:
911 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
912 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
913 continue;
914 /* WDS vap's always share the local mac address. */
915 flags &= ~IEEE80211_CLONE_BSSID;
916 break;
917 }
918 if (vap == NULL) {
919 device_printf(sc->sc_dev,
920 "wds only supported in ap mode\n");
921 return (NULL);
922 }
923 break;
924 default:
925 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
926 return (NULL);
927 }
928
929 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
930 vap = &rvp->vap;
931
932 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
933 bssid) != 0) {
934 /* out of memory */
935 free(rvp, M_80211_VAP);
936 return (NULL);
937 }
938
939 vap->iv_update_beacon = run_update_beacon;
940 vap->iv_max_aid = RT2870_WCID_MAX;
941 /*
942 * To delete the right key from h/w, we need wcid.
943 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
944 * and matching wcid will be written into there. So, cast
945 * some spells to remove 'const' from ieee80211_key{}
946 */
947 vap->iv_key_delete = (void *)run_key_delete;
948 vap->iv_key_set = (void *)run_key_set;
949
950 /* override state transition machine */
951 rvp->newstate = vap->iv_newstate;
952 vap->iv_newstate = run_newstate;
953 if (opmode == IEEE80211_M_IBSS) {
954 rvp->recv_mgmt = vap->iv_recv_mgmt;
955 vap->iv_recv_mgmt = run_recv_mgmt;
956 }
957
958 ieee80211_ratectl_init(vap);
959 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
960
961 /* complete setup */
962 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
963 mac);
964
965 /* make sure id is always unique */
966 for (i = 0; i < RUN_VAP_MAX; i++) {
967 if((sc->rvp_bmap & 1 << i) == 0){
968 sc->rvp_bmap |= 1 << i;
969 rvp->rvp_id = i;
970 break;
971 }
972 }
973 if (sc->rvp_cnt++ == 0)
974 ic->ic_opmode = opmode;
975
976 if (opmode == IEEE80211_M_HOSTAP)
977 sc->cmdq_run = RUN_CMDQ_GO;
978
979 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
980 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
981
982 return (vap);
983}
984
985static void
986run_vap_delete(struct ieee80211vap *vap)
987{
988 struct run_vap *rvp = RUN_VAP(vap);
989 struct ieee80211com *ic;
990 struct run_softc *sc;
991 uint8_t rvp_id;
992
993 if (vap == NULL)
994 return;
995
996 ic = vap->iv_ic;
997 sc = ic->ic_softc;
998
999 RUN_LOCK(sc);
1000
1001 m_freem(rvp->beacon_mbuf);
1002 rvp->beacon_mbuf = NULL;
1003
1004 rvp_id = rvp->rvp_id;
1005 sc->ratectl_run &= ~(1 << rvp_id);
1006 sc->rvp_bmap &= ~(1 << rvp_id);
1007 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1008 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1009 --sc->rvp_cnt;
1010
1011 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1012 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1013
1014 RUN_UNLOCK(sc);
1015
1016 ieee80211_ratectl_deinit(vap);
1017 ieee80211_vap_detach(vap);
1018 free(rvp, M_80211_VAP);
1019}
1020
1021/*
1022 * There are numbers of functions need to be called in context thread.
1023 * Rather than creating taskqueue event for each of those functions,
1024 * here is all-for-one taskqueue callback function. This function
1025 * guarantees deferred functions are executed in the same order they
1026 * were enqueued.
1027 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1028 */
1029static void
1030run_cmdq_cb(void *arg, int pending)
1031{
1032 struct run_softc *sc = arg;
1033 uint8_t i;
1034
1035 /* call cmdq[].func locked */
1036 RUN_LOCK(sc);
1037 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1038 i = sc->cmdq_exec, pending--) {
1039 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1040 if (sc->cmdq_run == RUN_CMDQ_GO) {
1041 /*
1042 * If arg0 is NULL, callback func needs more
1043 * than one arg. So, pass ptr to cmdq struct.
1044 */
1045 if (sc->cmdq[i].arg0)
1046 sc->cmdq[i].func(sc->cmdq[i].arg0);
1047 else
1048 sc->cmdq[i].func(&sc->cmdq[i]);
1049 }
1050 sc->cmdq[i].arg0 = NULL;
1051 sc->cmdq[i].func = NULL;
1052 sc->cmdq_exec++;
1053 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1054 }
1055 RUN_UNLOCK(sc);
1056}
1057
1058static void
1059run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1060{
1061 struct run_tx_data *data;
1062
1063 memset(pq, 0, sizeof(*pq));
1064
1065 STAILQ_INIT(&pq->tx_qh);
1066 STAILQ_INIT(&pq->tx_fh);
1067
1068 for (data = &pq->tx_data[0];
1069 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1070 data->sc = sc;
1071 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1072 }
1073 pq->tx_nfree = RUN_TX_RING_COUNT;
1074}
1075
1076static void
1077run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1078{
1079 struct run_tx_data *data;
1080
1081 /* make sure any subsequent use of the queues will fail */
1082 pq->tx_nfree = 0;
1083 STAILQ_INIT(&pq->tx_fh);
1084 STAILQ_INIT(&pq->tx_qh);
1085
1086 /* free up all node references and mbufs */
1087 for (data = &pq->tx_data[0];
1088 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1089 if (data->m != NULL) {
1090 m_freem(data->m);
1091 data->m = NULL;
1092 }
1093 if (data->ni != NULL) {
1094 ieee80211_free_node(data->ni);
1095 data->ni = NULL;
1096 }
1097 }
1098}
1099
1100static int
1101run_load_microcode(struct run_softc *sc)
1102{
1103 usb_device_request_t req;
1104 const struct firmware *fw;
1105 const u_char *base;
1106 uint32_t tmp;
1107 int ntries, error;
1108 const uint64_t *temp;
1109 uint64_t bytes;
1110
1111 RUN_UNLOCK(sc);
1112 fw = firmware_get("runfw");
1113 RUN_LOCK(sc);
1114 if (fw == NULL) {
1115 device_printf(sc->sc_dev,
1116 "failed loadfirmware of file %s\n", "runfw");
1117 return ENOENT;
1118 }
1119
1120 if (fw->datasize != 8192) {
1121 device_printf(sc->sc_dev,
1122 "invalid firmware size (should be 8KB)\n");
1123 error = EINVAL;
1124 goto fail;
1125 }
1126
1127 /*
1128 * RT3071/RT3072 use a different firmware
1129 * run-rt2870 (8KB) contains both,
1130 * first half (4KB) is for rt2870,
1131 * last half is for rt3071.
1132 */
1133 base = fw->data;
1134 if ((sc->mac_ver) != 0x2860 &&
1135 (sc->mac_ver) != 0x2872 &&
1136 (sc->mac_ver) != 0x3070) {
1137 base += 4096;
1138 }
1139
1140 /* cheap sanity check */
1141 temp = fw->data;
1142 bytes = *temp;
1143 if (bytes != be64toh(0xffffff0210280210ULL)) {
1144 device_printf(sc->sc_dev, "firmware checksum failed\n");
1145 error = EINVAL;
1146 goto fail;
1147 }
1148
1149 /* write microcode image */
1150 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1151 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1152 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1153 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1154 }
1155
1156 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1157 req.bRequest = RT2870_RESET;
1158 USETW(req.wValue, 8);
1159 USETW(req.wIndex, 0);
1160 USETW(req.wLength, 0);
1161 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1162 != 0) {
1163 device_printf(sc->sc_dev, "firmware reset failed\n");
1164 goto fail;
1165 }
1166
1167 run_delay(sc, 10);
1168
1169 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1170 run_write(sc, RT2860_H2M_MAILBOX, 0);
1171 run_write(sc, RT2860_H2M_INTSRC, 0);
1172 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1173 goto fail;
1174
1175 /* wait until microcontroller is ready */
1176 for (ntries = 0; ntries < 1000; ntries++) {
1177 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1178 goto fail;
1179 if (tmp & RT2860_MCU_READY)
1180 break;
1181 run_delay(sc, 10);
1182 }
1183 if (ntries == 1000) {
1184 device_printf(sc->sc_dev,
1185 "timeout waiting for MCU to initialize\n");
1186 error = ETIMEDOUT;
1187 goto fail;
1188 }
1189 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1190 (base == fw->data) ? "RT2870" : "RT3071",
1191 *(base + 4092), *(base + 4093));
1192
1193fail:
1194 firmware_put(fw, FIRMWARE_UNLOAD);
1195 return (error);
1196}
1197
1198static int
1199run_reset(struct run_softc *sc)
1200{
1201 usb_device_request_t req;
1202
1203 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1204 req.bRequest = RT2870_RESET;
1205 USETW(req.wValue, 1);
1206 USETW(req.wIndex, 0);
1207 USETW(req.wLength, 0);
1208 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1209}
1210
1211static usb_error_t
1212run_do_request(struct run_softc *sc,
1213 struct usb_device_request *req, void *data)
1214{
1215 usb_error_t err;
1216 int ntries = 10;
1217
1218 RUN_LOCK_ASSERT(sc, MA_OWNED);
1219
1220 while (ntries--) {
1221 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1222 req, data, 0, NULL, 250 /* ms */);
1223 if (err == 0)
1224 break;
1225 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1226 usbd_errstr(err));
1227 run_delay(sc, 10);
1228 }
1229 return (err);
1230}
1231
1232static int
1233run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1234{
1235 uint32_t tmp;
1236 int error;
1237
1238 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1239 if (error == 0)
1240 *val = le32toh(tmp);
1241 else
1242 *val = 0xffffffff;
1243 return (error);
1244}
1245
1246static int
1247run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1248{
1249 usb_device_request_t req;
1250
1251 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1252 req.bRequest = RT2870_READ_REGION_1;
1253 USETW(req.wValue, 0);
1254 USETW(req.wIndex, reg);
1255 USETW(req.wLength, len);
1256
1257 return (run_do_request(sc, &req, buf));
1258}
1259
1260static int
1261run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1262{
1263 usb_device_request_t req;
1264
1265 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1266 req.bRequest = RT2870_WRITE_2;
1267 USETW(req.wValue, val);
1268 USETW(req.wIndex, reg);
1269 USETW(req.wLength, 0);
1270
1271 return (run_do_request(sc, &req, NULL));
1272}
1273
1274static int
1275run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1276{
1277 int error;
1278
1279 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1280 error = run_write_2(sc, reg + 2, val >> 16);
1281 return (error);
1282}
1283
1284static int
1285run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1286 int len)
1287{
1288#if 1
1289 int i, error = 0;
1290 /*
1291 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1292 * We thus issue multiple WRITE_2 commands instead.
1293 */
1294 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1295 for (i = 0; i < len && error == 0; i += 2)
1296 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1297 return (error);
1298#else
1299 usb_device_request_t req;
1300 int error = 0;
1301
1302 /*
1303 * NOTE: It appears the WRITE_REGION_1 command cannot be
1304 * passed a huge amount of data, which will crash the
1305 * firmware. Limit amount of data passed to 64-bytes at a
1306 * time.
1307 */
1308 while (len > 0) {
1309 int delta = 64;
1310 if (delta > len)
1311 delta = len;
1312
1313 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1314 req.bRequest = RT2870_WRITE_REGION_1;
1315 USETW(req.wValue, 0);
1316 USETW(req.wIndex, reg);
1317 USETW(req.wLength, delta);
1318 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1319 if (error != 0)
1320 break;
1321 reg += delta;
1322 buf += delta;
1323 len -= delta;
1324 }
1325 return (error);
1326#endif
1327}
1328
1329static int
1330run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1331{
1332 int i, error = 0;
1333
1334 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1335 for (i = 0; i < len && error == 0; i += 4)
1336 error = run_write(sc, reg + i, val);
1337 return (error);
1338}
1339
1340static int
1341run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1342{
1343 uint32_t tmp;
1344 uint16_t reg;
1345 int error, ntries;
1346
1347 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1348 return (error);
1349
1350 if (count == 2)
1351 addr *= 2;
1352 /*-
1353 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1354 * DATA0: F E D C
1355 * DATA1: B A 9 8
1356 * DATA2: 7 6 5 4
1357 * DATA3: 3 2 1 0
1358 */
1359 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1360 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1361 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1362 for (ntries = 0; ntries < 100; ntries++) {
1363 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1364 return (error);
1365 if (!(tmp & RT3070_EFSROM_KICK))
1366 break;
1367 run_delay(sc, 2);
1368 }
1369 if (ntries == 100)
1370 return (ETIMEDOUT);
1371
1372 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1373 *val = 0xffff; /* address not found */
1374 return (0);
1375 }
1376 /* determine to which 32-bit register our 16-bit word belongs */
1377 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1378 if ((error = run_read(sc, reg, &tmp)) != 0)
1379 return (error);
1380
1381 tmp >>= (8 * (addr & 0x3));
1382 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1383
1384 return (0);
1385}
1386
1387/* Read 16-bit from eFUSE ROM for RT3xxx. */
1388static int
1389run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1390{
1391 return (run_efuse_read(sc, addr, val, 2));
1392}
1393
1394static int
1395run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1396{
1397 usb_device_request_t req;
1398 uint16_t tmp;
1399 int error;
1400
1401 addr *= 2;
1402 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1403 req.bRequest = RT2870_EEPROM_READ;
1404 USETW(req.wValue, 0);
1405 USETW(req.wIndex, addr);
1406 USETW(req.wLength, sizeof(tmp));
1407
1408 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1409 if (error == 0)
1410 *val = le16toh(tmp);
1411 else
1412 *val = 0xffff;
1413 return (error);
1414}
1415
1416static __inline int
1417run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1418{
1419 /* either eFUSE ROM or EEPROM */
1420 return sc->sc_srom_read(sc, addr, val);
1421}
1422
1423static int
1424run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1425{
1426 uint32_t tmp;
1427 int error, ntries;
1428
1429 for (ntries = 0; ntries < 10; ntries++) {
1430 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1431 return (error);
1432 if (!(tmp & RT2860_RF_REG_CTRL))
1433 break;
1434 }
1435 if (ntries == 10)
1436 return (ETIMEDOUT);
1437
1438 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1439}
1440
1441static int
1442run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1443{
1444 uint32_t tmp;
1445 int error, ntries;
1446
1447 for (ntries = 0; ntries < 100; ntries++) {
1448 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1449 return (error);
1450 if (!(tmp & RT3070_RF_KICK))
1451 break;
1452 }
1453 if (ntries == 100)
1454 return (ETIMEDOUT);
1455
1456 tmp = RT3070_RF_KICK | reg << 8;
1457 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1458 return (error);
1459
1460 for (ntries = 0; ntries < 100; ntries++) {
1461 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1462 return (error);
1463 if (!(tmp & RT3070_RF_KICK))
1464 break;
1465 }
1466 if (ntries == 100)
1467 return (ETIMEDOUT);
1468
1469 *val = tmp & 0xff;
1470 return (0);
1471}
1472
1473static int
1474run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1475{
1476 uint32_t tmp;
1477 int error, ntries;
1478
1479 for (ntries = 0; ntries < 10; ntries++) {
1480 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1481 return (error);
1482 if (!(tmp & RT3070_RF_KICK))
1483 break;
1484 }
1485 if (ntries == 10)
1486 return (ETIMEDOUT);
1487
1488 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1489 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1490}
1491
1492static int
1493run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1494{
1495 uint32_t tmp;
1496 int ntries, error;
1497
1498 for (ntries = 0; ntries < 10; ntries++) {
1499 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1500 return (error);
1501 if (!(tmp & RT2860_BBP_CSR_KICK))
1502 break;
1503 }
1504 if (ntries == 10)
1505 return (ETIMEDOUT);
1506
1507 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1508 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1509 return (error);
1510
1511 for (ntries = 0; ntries < 10; ntries++) {
1512 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1513 return (error);
1514 if (!(tmp & RT2860_BBP_CSR_KICK))
1515 break;
1516 }
1517 if (ntries == 10)
1518 return (ETIMEDOUT);
1519
1520 *val = tmp & 0xff;
1521 return (0);
1522}
1523
1524static int
1525run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1526{
1527 uint32_t tmp;
1528 int ntries, error;
1529
1530 for (ntries = 0; ntries < 10; ntries++) {
1531 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1532 return (error);
1533 if (!(tmp & RT2860_BBP_CSR_KICK))
1534 break;
1535 }
1536 if (ntries == 10)
1537 return (ETIMEDOUT);
1538
1539 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1540 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1541}
1542
1543/*
1544 * Send a command to the 8051 microcontroller unit.
1545 */
1546static int
1547run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1548{
1549 uint32_t tmp;
1550 int error, ntries;
1551
1552 for (ntries = 0; ntries < 100; ntries++) {
1553 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1554 return error;
1555 if (!(tmp & RT2860_H2M_BUSY))
1556 break;
1557 }
1558 if (ntries == 100)
1559 return ETIMEDOUT;
1560
1561 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1562 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1563 error = run_write(sc, RT2860_HOST_CMD, cmd);
1564 return (error);
1565}
1566
1567/*
1568 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1569 * Used to adjust per-rate Tx power registers.
1570 */
1571static __inline uint32_t
1572b4inc(uint32_t b32, int8_t delta)
1573{
1574 int8_t i, b4;
1575
1576 for (i = 0; i < 8; i++) {
1577 b4 = b32 & 0xf;
1578 b4 += delta;
1579 if (b4 < 0)
1580 b4 = 0;
1581 else if (b4 > 0xf)
1582 b4 = 0xf;
1583 b32 = b32 >> 4 | b4 << 28;
1584 }
1585 return (b32);
1586}
1587
1588static const char *
1589run_get_rf(uint16_t rev)
1590{
1591 switch (rev) {
1592 case RT2860_RF_2820: return "RT2820";
1593 case RT2860_RF_2850: return "RT2850";
1594 case RT2860_RF_2720: return "RT2720";
1595 case RT2860_RF_2750: return "RT2750";
1596 case RT3070_RF_3020: return "RT3020";
1597 case RT3070_RF_2020: return "RT2020";
1598 case RT3070_RF_3021: return "RT3021";
1599 case RT3070_RF_3022: return "RT3022";
1600 case RT3070_RF_3052: return "RT3052";
1601 case RT3593_RF_3053: return "RT3053";
1602 case RT5592_RF_5592: return "RT5592";
1603 case RT5390_RF_5370: return "RT5370";
1604 case RT5390_RF_5372: return "RT5372";
1605 }
1606 return ("unknown");
1607}
1608
1609static void
1610run_rt3593_get_txpower(struct run_softc *sc)
1611{
1612 uint16_t addr, val;
1613 int i;
1614
1615 /* Read power settings for 2GHz channels. */
1616 for (i = 0; i < 14; i += 2) {
1617 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1618 RT2860_EEPROM_PWR2GHZ_BASE1;
1619 run_srom_read(sc, addr + i / 2, &val);
1620 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1621 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1622
1623 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1624 RT2860_EEPROM_PWR2GHZ_BASE2;
1625 run_srom_read(sc, addr + i / 2, &val);
1626 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1627 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1628
1629 if (sc->ntxchains == 3) {
1630 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1631 &val);
1632 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1633 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1634 }
1635 }
1636 /* Fix broken Tx power entries. */
1637 for (i = 0; i < 14; i++) {
1638 if (sc->txpow1[i] > 31)
1639 sc->txpow1[i] = 5;
1640 if (sc->txpow2[i] > 31)
1641 sc->txpow2[i] = 5;
1642 if (sc->ntxchains == 3) {
1643 if (sc->txpow3[i] > 31)
1644 sc->txpow3[i] = 5;
1645 }
1646 }
1647 /* Read power settings for 5GHz channels. */
1648 for (i = 0; i < 40; i += 2) {
1649 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1650 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1651 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1652
1653 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1654 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1655 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1656
1657 if (sc->ntxchains == 3) {
1658 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1659 &val);
1660 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1661 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1662 }
1663 }
1664}
1665
1666static void
1667run_get_txpower(struct run_softc *sc)
1668{
1669 uint16_t val;
1670 int i;
1671
1672 /* Read power settings for 2GHz channels. */
1673 for (i = 0; i < 14; i += 2) {
1674 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1675 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1676 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1677
1678 if (sc->mac_ver != 0x5390) {
1679 run_srom_read(sc,
1680 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1681 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1682 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1683 }
1684 }
1685 /* Fix broken Tx power entries. */
1686 for (i = 0; i < 14; i++) {
1687 if (sc->mac_ver >= 0x5390) {
1688 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1689 sc->txpow1[i] = 5;
1690 } else {
1691 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1692 sc->txpow1[i] = 5;
1693 }
1694 if (sc->mac_ver > 0x5390) {
1695 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1696 sc->txpow2[i] = 5;
1697 } else if (sc->mac_ver < 0x5390) {
1698 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1699 sc->txpow2[i] = 5;
1700 }
1701 DPRINTF("chan %d: power1=%d, power2=%d\n",
1702 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1703 }
1704 /* Read power settings for 5GHz channels. */
1705 for (i = 0; i < 40; i += 2) {
1706 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1707 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1708 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1709
1710 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1711 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1712 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1713 }
1714 /* Fix broken Tx power entries. */
1715 for (i = 0; i < 40; i++ ) {
1716 if (sc->mac_ver != 0x5592) {
1717 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1718 sc->txpow1[14 + i] = 5;
1719 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1720 sc->txpow2[14 + i] = 5;
1721 }
1722 DPRINTF("chan %d: power1=%d, power2=%d\n",
1723 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1724 sc->txpow2[14 + i]);
1725 }
1726}
1727
1728static int
1729run_read_eeprom(struct run_softc *sc)
1730{
1731 struct ieee80211com *ic = &sc->sc_ic;
1732 int8_t delta_2ghz, delta_5ghz;
1733 uint32_t tmp;
1734 uint16_t val;
1735 int ridx, ant, i;
1736
1737 /* check whether the ROM is eFUSE ROM or EEPROM */
1738 sc->sc_srom_read = run_eeprom_read_2;
1739 if (sc->mac_ver >= 0x3070) {
1740 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1741 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1742 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1743 sc->sc_srom_read = run_efuse_read_2;
1744 }
1745
1746 /* read ROM version */
1747 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1748 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1749
1750 /* read MAC address */
1751 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1752 ic->ic_macaddr[0] = val & 0xff;
1753 ic->ic_macaddr[1] = val >> 8;
1754 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1755 ic->ic_macaddr[2] = val & 0xff;
1756 ic->ic_macaddr[3] = val >> 8;
1757 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1758 ic->ic_macaddr[4] = val & 0xff;
1759 ic->ic_macaddr[5] = val >> 8;
1760
1761 if (sc->mac_ver < 0x3593) {
1762 /* read vender BBP settings */
1763 for (i = 0; i < 10; i++) {
1764 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1765 sc->bbp[i].val = val & 0xff;
1766 sc->bbp[i].reg = val >> 8;
1767 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1768 sc->bbp[i].val);
1769 }
1770 if (sc->mac_ver >= 0x3071) {
1771 /* read vendor RF settings */
1772 for (i = 0; i < 10; i++) {
1773 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1774 &val);
1775 sc->rf[i].val = val & 0xff;
1776 sc->rf[i].reg = val >> 8;
1777 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1778 sc->rf[i].val);
1779 }
1780 }
1781 }
1782
1783 /* read RF frequency offset from EEPROM */
1784 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1785 RT3593_EEPROM_FREQ, &val);
1786 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1787 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1788
1789 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1790 RT3593_EEPROM_FREQ_LEDS, &val);
1791 if (val >> 8 != 0xff) {
1792 /* read LEDs operating mode */
1793 sc->leds = val >> 8;
1794 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1795 RT3593_EEPROM_LED1, &sc->led[0]);
1796 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1797 RT3593_EEPROM_LED2, &sc->led[1]);
1798 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1799 RT3593_EEPROM_LED3, &sc->led[2]);
1800 } else {
1801 /* broken EEPROM, use default settings */
1802 sc->leds = 0x01;
1803 sc->led[0] = 0x5555;
1804 sc->led[1] = 0x2221;
1805 sc->led[2] = 0x5627; /* differs from RT2860 */
1806 }
1807 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1808 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1809
1810 /* read RF information */
1811 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1812 run_srom_read(sc, 0x00, &val);
1813 else
1814 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1815
1816 if (val == 0xffff) {
1817 device_printf(sc->sc_dev,
1818 "invalid EEPROM antenna info, using default\n");
1819 DPRINTF("invalid EEPROM antenna info, using default\n");
1820 if (sc->mac_ver == 0x3572) {
1821 /* default to RF3052 2T2R */
1822 sc->rf_rev = RT3070_RF_3052;
1823 sc->ntxchains = 2;
1824 sc->nrxchains = 2;
1825 } else if (sc->mac_ver >= 0x3070) {
1826 /* default to RF3020 1T1R */
1827 sc->rf_rev = RT3070_RF_3020;
1828 sc->ntxchains = 1;
1829 sc->nrxchains = 1;
1830 } else {
1831 /* default to RF2820 1T2R */
1832 sc->rf_rev = RT2860_RF_2820;
1833 sc->ntxchains = 1;
1834 sc->nrxchains = 2;
1835 }
1836 } else {
1837 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1838 sc->rf_rev = val;
1839 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1840 } else
1841 sc->rf_rev = (val >> 8) & 0xf;
1842 sc->ntxchains = (val >> 4) & 0xf;
1843 sc->nrxchains = val & 0xf;
1844 }
1845 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1846 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1847
1848 /* check if RF supports automatic Tx access gain control */
1849 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1850 DPRINTF("EEPROM CFG 0x%04x\n", val);
1851 /* check if driver should patch the DAC issue */
1852 if ((val >> 8) != 0xff)
1853 sc->patch_dac = (val >> 15) & 1;
1854 if ((val & 0xff) != 0xff) {
1855 sc->ext_5ghz_lna = (val >> 3) & 1;
1856 sc->ext_2ghz_lna = (val >> 2) & 1;
1857 /* check if RF supports automatic Tx access gain control */
1858 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1859 /* check if we have a hardware radio switch */
1860 sc->rfswitch = val & 1;
1861 }
1862
1863 /* Read Tx power settings. */
1864 if (sc->mac_ver == 0x3593)
1865 run_rt3593_get_txpower(sc);
1866 else
1867 run_get_txpower(sc);
1868
1869 /* read Tx power compensation for each Tx rate */
1870 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1871 delta_2ghz = delta_5ghz = 0;
1872 if ((val & 0xff) != 0xff && (val & 0x80)) {
1873 delta_2ghz = val & 0xf;
1874 if (!(val & 0x40)) /* negative number */
1875 delta_2ghz = -delta_2ghz;
1876 }
1877 val >>= 8;
1878 if ((val & 0xff) != 0xff && (val & 0x80)) {
1879 delta_5ghz = val & 0xf;
1880 if (!(val & 0x40)) /* negative number */
1881 delta_5ghz = -delta_5ghz;
1882 }
1883 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1884 delta_2ghz, delta_5ghz);
1885
1886 for (ridx = 0; ridx < 5; ridx++) {
1887 uint32_t reg;
1888
1889 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1890 reg = val;
1891 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1892 reg |= (uint32_t)val << 16;
1893
1894 sc->txpow20mhz[ridx] = reg;
1895 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1896 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1897
1898 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1899 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1900 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1901 }
1902
1903 /* Read RSSI offsets and LNA gains from EEPROM. */
1904 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1905 RT3593_EEPROM_RSSI1_2GHZ, &val);
1906 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1907 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1908 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1909 RT3593_EEPROM_RSSI2_2GHZ, &val);
1910 if (sc->mac_ver >= 0x3070) {
1911 if (sc->mac_ver == 0x3593) {
1912 sc->txmixgain_2ghz = 0;
1913 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1914 } else {
1915 /*
1916 * On RT3070 chips (limited to 2 Rx chains), this ROM
1917 * field contains the Tx mixer gain for the 2GHz band.
1918 */
1919 if ((val & 0xff) != 0xff)
1920 sc->txmixgain_2ghz = val & 0x7;
1921 }
1922 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1923 } else
1924 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1925 if (sc->mac_ver == 0x3593)
1926 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1927 sc->lna[2] = val >> 8; /* channel group 2 */
1928
1929 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1930 RT3593_EEPROM_RSSI1_5GHZ, &val);
1931 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1932 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1933 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1934 RT3593_EEPROM_RSSI2_5GHZ, &val);
1935 if (sc->mac_ver == 0x3572) {
1936 /*
1937 * On RT3572 chips (limited to 2 Rx chains), this ROM
1938 * field contains the Tx mixer gain for the 5GHz band.
1939 */
1940 if ((val & 0xff) != 0xff)
1941 sc->txmixgain_5ghz = val & 0x7;
1942 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1943 } else
1944 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1945 if (sc->mac_ver == 0x3593) {
1946 sc->txmixgain_5ghz = 0;
1947 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1948 }
1949 sc->lna[3] = val >> 8; /* channel group 3 */
1950
1951 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1952 RT3593_EEPROM_LNA, &val);
1953 sc->lna[0] = val & 0xff; /* channel group 0 */
1954 sc->lna[1] = val >> 8; /* channel group 1 */
1955
1956 /* fix broken 5GHz LNA entries */
1957 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1958 DPRINTF("invalid LNA for channel group %d\n", 2);
1959 sc->lna[2] = sc->lna[1];
1960 }
1961 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1962 DPRINTF("invalid LNA for channel group %d\n", 3);
1963 sc->lna[3] = sc->lna[1];
1964 }
1965
1966 /* fix broken RSSI offset entries */
1967 for (ant = 0; ant < 3; ant++) {
1968 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1969 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1970 ant + 1, sc->rssi_2ghz[ant]);
1971 sc->rssi_2ghz[ant] = 0;
1972 }
1973 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1974 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1975 ant + 1, sc->rssi_5ghz[ant]);
1976 sc->rssi_5ghz[ant] = 0;
1977 }
1978 }
1979 return (0);
1980}
1981
1982static struct ieee80211_node *
1983run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1984{
1985 return malloc(sizeof (struct run_node), M_80211_NODE,
1986 M_NOWAIT | M_ZERO);
1987}
1988
1989static int
1990run_media_change(struct ifnet *ifp)
1991{
1992 struct ieee80211vap *vap = ifp->if_softc;
1993 struct ieee80211com *ic = vap->iv_ic;
1994 const struct ieee80211_txparam *tp;
1995 struct run_softc *sc = ic->ic_softc;
1996 uint8_t rate, ridx;
1997 int error;
1998
1999 RUN_LOCK(sc);
2000
2001 error = ieee80211_media_change(ifp);
2002 if (error != ENETRESET) {
2003 RUN_UNLOCK(sc);
2004 return (error);
2005 }
2006
2007 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2008 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2009 struct ieee80211_node *ni;
2010 struct run_node *rn;
2011
2012 rate = ic->ic_sup_rates[ic->ic_curmode].
2013 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2014 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2015 if (rt2860_rates[ridx].rate == rate)
2016 break;
2017 ni = ieee80211_ref_node(vap->iv_bss);
2018 rn = RUN_NODE(ni);
2019 rn->fix_ridx = ridx;
2020 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2021 ieee80211_free_node(ni);
2022 }
2023
2024#if 0
2025 if ((ifp->if_flags & IFF_UP) &&
2026 (ifp->if_drv_flags & RUN_RUNNING)){
2027 run_init_locked(sc);
2028 }
2029#endif
2030
2031 RUN_UNLOCK(sc);
2032
2033 return (0);
2034}
2035
2036static int
2037run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2038{
2039 const struct ieee80211_txparam *tp;
2040 struct ieee80211com *ic = vap->iv_ic;
2041 struct run_softc *sc = ic->ic_softc;
2042 struct run_vap *rvp = RUN_VAP(vap);
2043 enum ieee80211_state ostate;
2044 uint32_t sta[3];
2045 uint32_t tmp;
2046 uint8_t ratectl;
2047 uint8_t restart_ratectl = 0;
2048 uint8_t bid = 1 << rvp->rvp_id;
2049
2050 ostate = vap->iv_state;
2051 DPRINTF("%s -> %s\n",
2052 ieee80211_state_name[ostate],
2053 ieee80211_state_name[nstate]);
2054
2055 IEEE80211_UNLOCK(ic);
2056 RUN_LOCK(sc);
2057
2058 ratectl = sc->ratectl_run; /* remember current state */
2059 sc->ratectl_run = RUN_RATECTL_OFF;
2060 usb_callout_stop(&sc->ratectl_ch);
2061
2062 if (ostate == IEEE80211_S_RUN) {
2063 /* turn link LED off */
2064 run_set_leds(sc, RT2860_LED_RADIO);
2065 }
2066
2067 switch (nstate) {
2068 case IEEE80211_S_INIT:
2069 restart_ratectl = 1;
2070
2071 if (ostate != IEEE80211_S_RUN)
2072 break;
2073
2074 ratectl &= ~bid;
2075 sc->runbmap &= ~bid;
2076
2077 /* abort TSF synchronization if there is no vap running */
2078 if (--sc->running == 0) {
2079 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2080 run_write(sc, RT2860_BCN_TIME_CFG,
2081 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2082 RT2860_TBTT_TIMER_EN));
2083 }
2084 break;
2085
2086 case IEEE80211_S_RUN:
2087 if (!(sc->runbmap & bid)) {
2088 if(sc->running++)
2089 restart_ratectl = 1;
2090 sc->runbmap |= bid;
2091 }
2092
2093 m_freem(rvp->beacon_mbuf);
2094 rvp->beacon_mbuf = NULL;
2095
2096 switch (vap->iv_opmode) {
2097 case IEEE80211_M_HOSTAP:
2098 case IEEE80211_M_MBSS:
2099 sc->ap_running |= bid;
2100 ic->ic_opmode = vap->iv_opmode;
2101 run_update_beacon_cb(vap);
2102 break;
2103 case IEEE80211_M_IBSS:
2104 sc->adhoc_running |= bid;
2105 if (!sc->ap_running)
2106 ic->ic_opmode = vap->iv_opmode;
2107 run_update_beacon_cb(vap);
2108 break;
2109 case IEEE80211_M_STA:
2110 sc->sta_running |= bid;
2111 if (!sc->ap_running && !sc->adhoc_running)
2112 ic->ic_opmode = vap->iv_opmode;
2113
2114 /* read statistic counters (clear on read) */
2115 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2116 (uint8_t *)sta, sizeof sta);
2117
2118 break;
2119 default:
2120 ic->ic_opmode = vap->iv_opmode;
2121 break;
2122 }
2123
2124 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2125 struct ieee80211_node *ni;
2126
2127 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2128 RUN_UNLOCK(sc);
2129 IEEE80211_LOCK(ic);
2130 return (-1);
2131 }
2132 run_updateslot(ic);
2133 run_enable_mrr(sc);
2134 run_set_txpreamble(sc);
2135 run_set_basicrates(sc);
2136 ni = ieee80211_ref_node(vap->iv_bss);
2137 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2138 run_set_bssid(sc, sc->sc_bssid);
2139 ieee80211_free_node(ni);
2140 run_enable_tsf_sync(sc);
2141
2142 /* enable automatic rate adaptation */
2143 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2144 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2145 ratectl |= bid;
2146 } else
2147 run_enable_tsf(sc);
2148
2149 /* turn link LED on */
2150 run_set_leds(sc, RT2860_LED_RADIO |
2151 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2152 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2153
2154 break;
2155 default:
2156 DPRINTFN(6, "undefined case\n");
2157 break;
2158 }
2159
2160 /* restart amrr for running VAPs */
2161 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2162 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2163
2164 RUN_UNLOCK(sc);
2165 IEEE80211_LOCK(ic);
2166
2167 return(rvp->newstate(vap, nstate, arg));
2168}
2169
2170static int
2171run_wme_update(struct ieee80211com *ic)
2172{
2173 struct run_softc *sc = ic->ic_softc;
2174 const struct wmeParams *ac =
2175 ic->ic_wme.wme_chanParams.cap_wmeParams;
2176 int aci, error = 0;
2177
2178 /* update MAC TX configuration registers */
2179 RUN_LOCK(sc);
2180 for (aci = 0; aci < WME_NUM_AC; aci++) {
2181 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2182 ac[aci].wmep_logcwmax << 16 |
2183 ac[aci].wmep_logcwmin << 12 |
2184 ac[aci].wmep_aifsn << 8 |
2185 ac[aci].wmep_txopLimit);
2186 if (error) goto err;
2187 }
2188
2189 /* update SCH/DMA registers too */
2190 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2191 ac[WME_AC_VO].wmep_aifsn << 12 |
2192 ac[WME_AC_VI].wmep_aifsn << 8 |
2193 ac[WME_AC_BK].wmep_aifsn << 4 |
2194 ac[WME_AC_BE].wmep_aifsn);
2195 if (error) goto err;
2196 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2197 ac[WME_AC_VO].wmep_logcwmin << 12 |
2198 ac[WME_AC_VI].wmep_logcwmin << 8 |
2199 ac[WME_AC_BK].wmep_logcwmin << 4 |
2200 ac[WME_AC_BE].wmep_logcwmin);
2201 if (error) goto err;
2202 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2203 ac[WME_AC_VO].wmep_logcwmax << 12 |
2204 ac[WME_AC_VI].wmep_logcwmax << 8 |
2205 ac[WME_AC_BK].wmep_logcwmax << 4 |
2206 ac[WME_AC_BE].wmep_logcwmax);
2207 if (error) goto err;
2208 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2209 ac[WME_AC_BK].wmep_txopLimit << 16 |
2210 ac[WME_AC_BE].wmep_txopLimit);
2211 if (error) goto err;
2212 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2213 ac[WME_AC_VO].wmep_txopLimit << 16 |
2214 ac[WME_AC_VI].wmep_txopLimit);
2215
2216err:
2217 RUN_UNLOCK(sc);
2218 if (error)
2219 DPRINTF("WME update failed\n");
2220
2221 return (error);
2222}
2223
2224static void
2225run_key_set_cb(void *arg)
2226{
2227 struct run_cmdq *cmdq = arg;
2228 struct ieee80211vap *vap = cmdq->arg1;
2229 struct ieee80211_key *k = cmdq->k;
2230 struct ieee80211com *ic = vap->iv_ic;
2231 struct run_softc *sc = ic->ic_softc;
2232 struct ieee80211_node *ni;
2233 u_int cipher = k->wk_cipher->ic_cipher;
2234 uint32_t attr;
2235 uint16_t base, associd;
2236 uint8_t mode, wcid, iv[8];
2237
2238 RUN_LOCK_ASSERT(sc, MA_OWNED);
2239
2240 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2241 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2242 else
2243 ni = vap->iv_bss;
2244 associd = (ni != NULL) ? ni->ni_associd : 0;
2245
2246 /* map net80211 cipher to RT2860 security mode */
2247 switch (cipher) {
2248 case IEEE80211_CIPHER_WEP:
2249 if(k->wk_keylen < 8)
2250 mode = RT2860_MODE_WEP40;
2251 else
2252 mode = RT2860_MODE_WEP104;
2253 break;
2254 case IEEE80211_CIPHER_TKIP:
2255 mode = RT2860_MODE_TKIP;
2256 break;
2257 case IEEE80211_CIPHER_AES_CCM:
2258 mode = RT2860_MODE_AES_CCMP;
2259 break;
2260 default:
2261 DPRINTF("undefined case\n");
2262 return;
2263 }
2264
2265 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2266 associd, k->wk_keyix, mode,
2267 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2268 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2269 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2270
2271 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2272 wcid = 0; /* NB: update WCID0 for group keys */
2273 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2274 } else {
2275 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2276 1 : RUN_AID2WCID(associd);
2277 base = RT2860_PKEY(wcid);
2278 }
2279
2280 if (cipher == IEEE80211_CIPHER_TKIP) {
2281 if(run_write_region_1(sc, base, k->wk_key, 16))
2282 return;
2283 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2284 return;
2285 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2286 return;
2287 } else {
2288 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2289 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2290 return;
2291 }
2292
2293 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2294 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2295 /* set initial packet number in IV+EIV */
2296 if (cipher == IEEE80211_CIPHER_WEP) {
2297 memset(iv, 0, sizeof iv);
2298 iv[3] = vap->iv_def_txkey << 6;
2299 } else {
2300 if (cipher == IEEE80211_CIPHER_TKIP) {
2301 iv[0] = k->wk_keytsc >> 8;
2302 iv[1] = (iv[0] | 0x20) & 0x7f;
2303 iv[2] = k->wk_keytsc;
2304 } else /* CCMP */ {
2305 iv[0] = k->wk_keytsc;
2306 iv[1] = k->wk_keytsc >> 8;
2307 iv[2] = 0;
2308 }
2309 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2310 iv[4] = k->wk_keytsc >> 16;
2311 iv[5] = k->wk_keytsc >> 24;
2312 iv[6] = k->wk_keytsc >> 32;
2313 iv[7] = k->wk_keytsc >> 40;
2314 }
2315 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2316 return;
2317 }
2318
2319 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2320 /* install group key */
2321 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2322 return;
2323 attr &= ~(0xf << (k->wk_keyix * 4));
2324 attr |= mode << (k->wk_keyix * 4);
2325 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2326 return;
2327 } else {
2328 /* install pairwise key */
2329 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2330 return;
2331 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2332 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2333 return;
2334 }
2335
2336 /* TODO create a pass-thru key entry? */
2337
2338 /* need wcid to delete the right key later */
2339 k->wk_pad = wcid;
2340}
2341
2342/*
2343 * Don't have to be deferred, but in order to keep order of
2344 * execution, i.e. with run_key_delete(), defer this and let
2345 * run_cmdq_cb() maintain the order.
2346 *
2347 * return 0 on error
2348 */
2349static int
2350run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2351{
2352 struct ieee80211com *ic = vap->iv_ic;
2353 struct run_softc *sc = ic->ic_softc;
2354 uint32_t i;
2355
2356 i = RUN_CMDQ_GET(&sc->cmdq_store);
2357 DPRINTF("cmdq_store=%d\n", i);
2358 sc->cmdq[i].func = run_key_set_cb;
2359 sc->cmdq[i].arg0 = NULL;
2360 sc->cmdq[i].arg1 = vap;
2361 sc->cmdq[i].k = k;
2362 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2363 ieee80211_runtask(ic, &sc->cmdq_task);
2364
2365 /*
2366 * To make sure key will be set when hostapd
2367 * calls iv_key_set() before if_init().
2368 */
2369 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2370 RUN_LOCK(sc);
2371 sc->cmdq_key_set = RUN_CMDQ_GO;
2372 RUN_UNLOCK(sc);
2373 }
2374
2375 return (1);
2376}
2377
2378/*
2379 * If wlan is destroyed without being brought down i.e. without
2380 * wlan down or wpa_cli terminate, this function is called after
2381 * vap is gone. Don't refer it.
2382 */
2383static void
2384run_key_delete_cb(void *arg)
2385{
2386 struct run_cmdq *cmdq = arg;
2387 struct run_softc *sc = cmdq->arg1;
2388 struct ieee80211_key *k = &cmdq->key;
2389 uint32_t attr;
2390 uint8_t wcid;
2391
2392 RUN_LOCK_ASSERT(sc, MA_OWNED);
2393
2394 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2395 /* remove group key */
2396 DPRINTF("removing group key\n");
2397 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2398 attr &= ~(0xf << (k->wk_keyix * 4));
2399 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2400 } else {
2401 /* remove pairwise key */
2402 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2403 /* matching wcid was written to wk_pad in run_key_set() */
2404 wcid = k->wk_pad;
2405 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2406 attr &= ~0xf;
2407 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2408 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2409 }
2410
2411 k->wk_pad = 0;
2412}
2413
2414/*
2415 * return 0 on error
2416 */
2417static int
2418run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2419{
2420 struct ieee80211com *ic = vap->iv_ic;
2421 struct run_softc *sc = ic->ic_softc;
2422 struct ieee80211_key *k0;
2423 uint32_t i;
2424
2425 /*
2426 * When called back, key might be gone. So, make a copy
2427 * of some values need to delete keys before deferring.
2428 * But, because of LOR with node lock, cannot use lock here.
2429 * So, use atomic instead.
2430 */
2431 i = RUN_CMDQ_GET(&sc->cmdq_store);
2432 DPRINTF("cmdq_store=%d\n", i);
2433 sc->cmdq[i].func = run_key_delete_cb;
2434 sc->cmdq[i].arg0 = NULL;
2435 sc->cmdq[i].arg1 = sc;
2436 k0 = &sc->cmdq[i].key;
2437 k0->wk_flags = k->wk_flags;
2438 k0->wk_keyix = k->wk_keyix;
2439 /* matching wcid was written to wk_pad in run_key_set() */
2440 k0->wk_pad = k->wk_pad;
2441 ieee80211_runtask(ic, &sc->cmdq_task);
2442 return (1); /* return fake success */
2443
2444}
2445
2446static void
2447run_ratectl_to(void *arg)
2448{
2449 struct run_softc *sc = arg;
2450
2451 /* do it in a process context, so it can go sleep */
2452 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2453 /* next timeout will be rescheduled in the callback task */
2454}
2455
2456/* ARGSUSED */
2457static void
2458run_ratectl_cb(void *arg, int pending)
2459{
2460 struct run_softc *sc = arg;
2461 struct ieee80211com *ic = &sc->sc_ic;
2462 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2463
2464 if (vap == NULL)
2465 return;
2466
2467 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2468 /*
2469 * run_reset_livelock() doesn't do anything with AMRR,
2470 * but Ralink wants us to call it every 1 sec. So, we
2471 * piggyback here rather than creating another callout.
2472 * Livelock may occur only in HOSTAP or IBSS mode
2473 * (when h/w is sending beacons).
2474 */
2475 RUN_LOCK(sc);
2476 run_reset_livelock(sc);
2477 /* just in case, there are some stats to drain */
2478 run_drain_fifo(sc);
2479 RUN_UNLOCK(sc);
2480 }
2481
2482 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2483
2484 RUN_LOCK(sc);
2485 if(sc->ratectl_run != RUN_RATECTL_OFF)
2486 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2487 RUN_UNLOCK(sc);
2488}
2489
2490static void
2491run_drain_fifo(void *arg)
2492{
2493 struct run_softc *sc = arg;
2494 uint32_t stat;
2495 uint16_t (*wstat)[3];
2496 uint8_t wcid, mcs, pid;
2497 int8_t retry;
2498
2499 RUN_LOCK_ASSERT(sc, MA_OWNED);
2500
2501 for (;;) {
2502 /* drain Tx status FIFO (maxsize = 16) */
2503 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2504 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2505 if (!(stat & RT2860_TXQ_VLD))
2506 break;
2507
2508 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2509
2510 /* if no ACK was requested, no feedback is available */
2511 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2512 wcid == 0)
2513 continue;
2514
2515 /*
2516 * Even though each stat is Tx-complete-status like format,
2517 * the device can poll stats. Because there is no guarantee
2518 * that the referring node is still around when read the stats.
2519 * So that, if we use ieee80211_ratectl_tx_update(), we will
2520 * have hard time not to refer already freed node.
2521 *
2522 * To eliminate such page faults, we poll stats in softc.
2523 * Then, update the rates later with ieee80211_ratectl_tx_update().
2524 */
2525 wstat = &(sc->wcid_stats[wcid]);
2526 (*wstat)[RUN_TXCNT]++;
2527 if (stat & RT2860_TXQ_OK)
2528 (*wstat)[RUN_SUCCESS]++;
2529 else
2530 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2531 /*
2532 * Check if there were retries, ie if the Tx success rate is
2533 * different from the requested rate. Note that it works only
2534 * because we do not allow rate fallback from OFDM to CCK.
2535 */
2536 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2537 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2538 if ((retry = pid -1 - mcs) > 0) {
2539 (*wstat)[RUN_TXCNT] += retry;
2540 (*wstat)[RUN_RETRY] += retry;
2541 }
2542 }
2543 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2544
2545 sc->fifo_cnt = 0;
2546}
2547
2548static void
2549run_iter_func(void *arg, struct ieee80211_node *ni)
2550{
2551 struct run_softc *sc = arg;
2552 struct ieee80211vap *vap = ni->ni_vap;
2553 struct run_node *rn = RUN_NODE(ni);
2554 union run_stats sta[2];
2555 uint16_t (*wstat)[3];
2556 int txcnt, success, retrycnt, error;
2557
2558 RUN_LOCK(sc);
2559
2560 /* Check for special case */
2561 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2562 ni != vap->iv_bss)
2563 goto fail;
2564
2565 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2566 vap->iv_opmode == IEEE80211_M_STA)) {
2567 /* read statistic counters (clear on read) and update AMRR state */
2568 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2569 sizeof sta);
2570 if (error != 0)
2571 goto fail;
2572
2573 /* count failed TX as errors */
2574 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2575 le16toh(sta[0].error.fail));
2576
2577 retrycnt = le16toh(sta[1].tx.retry);
2578 success = le16toh(sta[1].tx.success);
2579 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2580
2581 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2582 retrycnt, success, le16toh(sta[0].error.fail));
2583 } else {
2584 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2585
2586 if (wstat == &(sc->wcid_stats[0]) ||
2587 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2588 goto fail;
2589
2590 txcnt = (*wstat)[RUN_TXCNT];
2591 success = (*wstat)[RUN_SUCCESS];
2592 retrycnt = (*wstat)[RUN_RETRY];
2593 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2594 retrycnt, txcnt, success);
2595
2596 memset(wstat, 0, sizeof(*wstat));
2597 }
2598
2599 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2600 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2601
2602fail:
2603 RUN_UNLOCK(sc);
2604
2605 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2606}
2607
2608static void
2609run_newassoc_cb(void *arg)
2610{
2611 struct run_cmdq *cmdq = arg;
2612 struct ieee80211_node *ni = cmdq->arg1;
2613 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2614 uint8_t wcid = cmdq->wcid;
2615
2616 RUN_LOCK_ASSERT(sc, MA_OWNED);
2617
2618 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2619 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2620
2621 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2622}
2623
2624static void
2625run_newassoc(struct ieee80211_node *ni, int isnew)
2626{
2627 struct run_node *rn = RUN_NODE(ni);
2628 struct ieee80211_rateset *rs = &ni->ni_rates;
2629 struct ieee80211vap *vap = ni->ni_vap;
2630 struct ieee80211com *ic = vap->iv_ic;
2631 struct run_softc *sc = ic->ic_softc;
2632 uint8_t rate;
2633 uint8_t ridx;
2634 uint8_t wcid;
2635 int i, j;
2636
2637 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2638 1 : RUN_AID2WCID(ni->ni_associd);
2639
2640 if (wcid > RT2870_WCID_MAX) {
2641 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2642 return;
2643 }
2644
2645 /* only interested in true associations */
2646 if (isnew && ni->ni_associd != 0) {
2647
2648 /*
2649 * This function could is called though timeout function.
2650 * Need to defer.
2651 */
2652 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2653 DPRINTF("cmdq_store=%d\n", cnt);
2654 sc->cmdq[cnt].func = run_newassoc_cb;
2655 sc->cmdq[cnt].arg0 = NULL;
2656 sc->cmdq[cnt].arg1 = ni;
2657 sc->cmdq[cnt].wcid = wcid;
2658 ieee80211_runtask(ic, &sc->cmdq_task);
2659 }
2660
2661 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2662 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2663
2664 for (i = 0; i < rs->rs_nrates; i++) {
2665 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2666 /* convert 802.11 rate to hardware rate index */
2667 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2668 if (rt2860_rates[ridx].rate == rate)
2669 break;
2670 rn->ridx[i] = ridx;
2671 /* determine rate of control response frames */
2672 for (j = i; j >= 0; j--) {
2673 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2674 rt2860_rates[rn->ridx[i]].phy ==
2675 rt2860_rates[rn->ridx[j]].phy)
2676 break;
2677 }
2678 if (j >= 0) {
2679 rn->ctl_ridx[i] = rn->ridx[j];
2680 } else {
2681 /* no basic rate found, use mandatory one */
2682 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2683 }
2684 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2685 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2686 }
2687 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2688 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2689 if (rt2860_rates[ridx].rate == rate)
2690 break;
2691 rn->mgt_ridx = ridx;
2692 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2693
2694 RUN_LOCK(sc);
2695 if(sc->ratectl_run != RUN_RATECTL_OFF)
2696 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2697 RUN_UNLOCK(sc);
2698}
2699
2700/*
2701 * Return the Rx chain with the highest RSSI for a given frame.
2702 */
2703static __inline uint8_t
2704run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2705{
2706 uint8_t rxchain = 0;
2707
2708 if (sc->nrxchains > 1) {
2709 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2710 rxchain = 1;
2711 if (sc->nrxchains > 2)
2712 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2713 rxchain = 2;
2714 }
2715 return (rxchain);
2716}
2717
2718static void
2719run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2720 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2721{
2722 struct ieee80211vap *vap = ni->ni_vap;
2723 struct run_softc *sc = vap->iv_ic->ic_softc;
2724 struct run_vap *rvp = RUN_VAP(vap);
2725 uint64_t ni_tstamp, rx_tstamp;
2726
2727 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2728
2729 if (vap->iv_state == IEEE80211_S_RUN &&
2730 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2731 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2732 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2733 RUN_LOCK(sc);
2734 run_get_tsf(sc, &rx_tstamp);
2735 RUN_UNLOCK(sc);
2736 rx_tstamp = le64toh(rx_tstamp);
2737
2738 if (ni_tstamp >= rx_tstamp) {
2739 DPRINTF("ibss merge, tsf %ju tstamp %ju\n",
2740 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2741 (void) ieee80211_ibss_merge(ni);
2742 }
2743 }
2744}
2745
2746static void
2747run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2748{
2749 struct ieee80211com *ic = &sc->sc_ic;
2750 struct ieee80211_frame *wh;
2751 struct ieee80211_node *ni;
2752 struct rt2870_rxd *rxd;
2753 struct rt2860_rxwi *rxwi;
2754 uint32_t flags;
2755 uint16_t len, rxwisize;
2756 uint8_t ant, rssi;
2757 int8_t nf;
2758
2759 rxwisize = sizeof(struct rt2860_rxwi);
2760 if (sc->mac_ver == 0x5592)
2761 rxwisize += sizeof(uint64_t);
2762 else if (sc->mac_ver == 0x3593)
2763 rxwisize += sizeof(uint32_t);
2764
2765 if (__predict_false(dmalen <
2766 rxwisize + sizeof(struct ieee80211_frame_ack))) {
2767 DPRINTF("payload is too short: dma length %u < %zu\n",
2768 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack));
2769 goto fail;
2770 }
2771
2772 rxwi = mtod(m, struct rt2860_rxwi *);
2773 len = le16toh(rxwi->len) & 0xfff;
2774
2775 if (__predict_false(len > dmalen - rxwisize)) {
2776 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2777 goto fail;
2778 }
2779
2780 /* Rx descriptor is located at the end */
2781 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2782 flags = le32toh(rxd->flags);
2783
2784 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2785 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2786 goto fail;
2787 }
2788
2789 if (flags & RT2860_RX_L2PAD) {
2790 /*
2791 * XXX OpenBSD removes padding between header
2792 * and payload here...
2793 */
2794 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2795 len += 2;
2796 }
2797
2798 m->m_data += rxwisize;
2799 m->m_pkthdr.len = m->m_len = len;
2800
2801 wh = mtod(m, struct ieee80211_frame *);
2802
2803 /* XXX wrong for monitor mode */
2804 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2805 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2806 m->m_flags |= M_WEP;
2807 }
2808
2809 if (len >= sizeof(struct ieee80211_frame_min)) {
2810 ni = ieee80211_find_rxnode(ic,
2811 mtod(m, struct ieee80211_frame_min *));
2812 } else
2813 ni = NULL;
2814
2815 if (__predict_false(flags & RT2860_RX_MICERR)) {
2816 /* report MIC failures to net80211 for TKIP */
2817 if (ni != NULL)
2818 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2819 rxwi->keyidx);
2820 DPRINTF("MIC error. Someone is lying.\n");
2821 goto fail;
2822 }
2823
2824 ant = run_maxrssi_chain(sc, rxwi);
2825 rssi = rxwi->rssi[ant];
2826 nf = run_rssi2dbm(sc, rssi, ant);
2827
2828 if (__predict_false(ieee80211_radiotap_active(ic))) {
2829 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2830 uint16_t phy;
2831
2832 tap->wr_flags = 0;
2833 tap->wr_antsignal = rssi;
2834 tap->wr_antenna = ant;
2835 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2836 tap->wr_rate = 2; /* in case it can't be found below */
2837 RUN_LOCK(sc);
2838 run_get_tsf(sc, &tap->wr_tsf);
2839 RUN_UNLOCK(sc);
2840 phy = le16toh(rxwi->phy);
2841 switch (phy & RT2860_PHY_MODE) {
2842 case RT2860_PHY_CCK:
2843 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2844 case 0: tap->wr_rate = 2; break;
2845 case 1: tap->wr_rate = 4; break;
2846 case 2: tap->wr_rate = 11; break;
2847 case 3: tap->wr_rate = 22; break;
2848 }
2849 if (phy & RT2860_PHY_SHPRE)
2850 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2851 break;
2852 case RT2860_PHY_OFDM:
2853 switch (phy & RT2860_PHY_MCS) {
2854 case 0: tap->wr_rate = 12; break;
2855 case 1: tap->wr_rate = 18; break;
2856 case 2: tap->wr_rate = 24; break;
2857 case 3: tap->wr_rate = 36; break;
2858 case 4: tap->wr_rate = 48; break;
2859 case 5: tap->wr_rate = 72; break;
2860 case 6: tap->wr_rate = 96; break;
2861 case 7: tap->wr_rate = 108; break;
2862 }
2863 break;
2864 }
2865 }
2866
2867 if (ni != NULL) {
2868 (void)ieee80211_input(ni, m, rssi, nf);
2869 ieee80211_free_node(ni);
2870 } else {
2871 (void)ieee80211_input_all(ic, m, rssi, nf);
2872 }
2873
2874 return;
2875
2876fail:
2877 m_freem(m);
2878 counter_u64_add(ic->ic_ierrors, 1);
2879}
2880
2881static void
2882run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2883{
2884 struct run_softc *sc = usbd_xfer_softc(xfer);
2885 struct ieee80211com *ic = &sc->sc_ic;
2886 struct mbuf *m = NULL;
2887 struct mbuf *m0;
2888 uint32_t dmalen, mbuf_len;
2889 uint16_t rxwisize;
2890 int xferlen;
2891
2892 rxwisize = sizeof(struct rt2860_rxwi);
2893 if (sc->mac_ver == 0x5592)
2894 rxwisize += sizeof(uint64_t);
2895 else if (sc->mac_ver == 0x3593)
2896 rxwisize += sizeof(uint32_t);
2897
2898 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2899
2900 switch (USB_GET_STATE(xfer)) {
2901 case USB_ST_TRANSFERRED:
2902
2903 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2904
2905 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2906 sizeof(struct rt2870_rxd))) {
2907 DPRINTF("xfer too short %d\n", xferlen);
2908 goto tr_setup;
2909 }
2910
2911 m = sc->rx_m;
2912 sc->rx_m = NULL;
2913
2914 /* FALLTHROUGH */
2915 case USB_ST_SETUP:
2916tr_setup:
2917 if (sc->rx_m == NULL) {
2918 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2919 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2920 }
2921 if (sc->rx_m == NULL) {
2922 DPRINTF("could not allocate mbuf - idle with stall\n");
2923 counter_u64_add(ic->ic_ierrors, 1);
2924 usbd_xfer_set_stall(xfer);
2925 usbd_xfer_set_frames(xfer, 0);
2926 } else {
2927 /*
2928 * Directly loading a mbuf cluster into DMA to
2929 * save some data copying. This works because
2930 * there is only one cluster.
2931 */
2932 usbd_xfer_set_frame_data(xfer, 0,
2933 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2934 usbd_xfer_set_frames(xfer, 1);
2935 }
2936 usbd_transfer_submit(xfer);
2937 break;
2938
2939 default: /* Error */
2940 if (error != USB_ERR_CANCELLED) {
2941 /* try to clear stall first */
2942 usbd_xfer_set_stall(xfer);
2943 if (error == USB_ERR_TIMEOUT)
2944 device_printf(sc->sc_dev, "device timeout\n");
2945 counter_u64_add(ic->ic_ierrors, 1);
2946 goto tr_setup;
2947 }
2948 if (sc->rx_m != NULL) {
2949 m_freem(sc->rx_m);
2950 sc->rx_m = NULL;
2951 }
2952 break;
2953 }
2954
2955 if (m == NULL)
2956 return;
2957
2958 /* inputting all the frames must be last */
2959
2960 RUN_UNLOCK(sc);
2961
2962 m->m_pkthdr.len = m->m_len = xferlen;
2963
2964 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2965 for(;;) {
2966 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2967
2968 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2969 ((dmalen & 3) != 0)) {
2970 DPRINTF("bad DMA length %u\n", dmalen);
2971 break;
2972 }
2973 if ((dmalen + 8) > (uint32_t)xferlen) {
2974 DPRINTF("bad DMA length %u > %d\n",
2975 dmalen + 8, xferlen);
2976 break;
2977 }
2978
2979 /* If it is the last one or a single frame, we won't copy. */
2980 if ((xferlen -= dmalen + 8) <= 8) {
2981 /* trim 32-bit DMA-len header */
2982 m->m_data += 4;
2983 m->m_pkthdr.len = m->m_len -= 4;
2984 run_rx_frame(sc, m, dmalen);
2985 m = NULL; /* don't free source buffer */
2986 break;
2987 }
2988
2989 mbuf_len = dmalen + sizeof(struct rt2870_rxd);
2990 if (__predict_false(mbuf_len > MCLBYTES)) {
2991 DPRINTF("payload is too big: mbuf_len %u\n", mbuf_len);
2992 counter_u64_add(ic->ic_ierrors, 1);
2993 break;
2994 }
2995
2996 /* copy aggregated frames to another mbuf */
2997 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
2998 if (__predict_false(m0 == NULL)) {
2999 DPRINTF("could not allocate mbuf\n");
3000 counter_u64_add(ic->ic_ierrors, 1);
3001 break;
3002 }
3003 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3004 mbuf_len, mtod(m0, caddr_t));
3005 m0->m_pkthdr.len = m0->m_len = mbuf_len;
3006 run_rx_frame(sc, m0, dmalen);
3007
3008 /* update data ptr */
3009 m->m_data += mbuf_len + 4;
3010 m->m_pkthdr.len = m->m_len -= mbuf_len + 4;
3011 }
3012
3013 /* make sure we free the source buffer, if any */
3014 m_freem(m);
3015
3016 RUN_LOCK(sc);
3017}
3018
3019static void
3020run_tx_free(struct run_endpoint_queue *pq,
3021 struct run_tx_data *data, int txerr)
3022{
3023
3024 ieee80211_tx_complete(data->ni, data->m, txerr);
3025
3026 data->m = NULL;
3027 data->ni = NULL;
3028
3029 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3030 pq->tx_nfree++;
3031}
3032
3033static void
3034run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3035{
3036 struct run_softc *sc = usbd_xfer_softc(xfer);
3037 struct ieee80211com *ic = &sc->sc_ic;
3038 struct run_tx_data *data;
3039 struct ieee80211vap *vap = NULL;
3040 struct usb_page_cache *pc;
3041 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3042 struct mbuf *m;
3043 usb_frlength_t size;
3044 int actlen;
3045 int sumlen;
3046
3047 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3048
3049 switch (USB_GET_STATE(xfer)) {
3050 case USB_ST_TRANSFERRED:
3051 DPRINTFN(11, "transfer complete: %d "
3052 "bytes @ index %d\n", actlen, index);
3053
3054 data = usbd_xfer_get_priv(xfer);
3055 run_tx_free(pq, data, 0);
3056 usbd_xfer_set_priv(xfer, NULL);
3057
3058 /* FALLTHROUGH */
3059 case USB_ST_SETUP:
3060tr_setup:
3061 data = STAILQ_FIRST(&pq->tx_qh);
3062 if (data == NULL)
3063 break;
3064
3065 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3066
3067 m = data->m;
3068 size = (sc->mac_ver == 0x5592) ?
3069 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3070 if ((m->m_pkthdr.len +
3071 size + 3 + 8) > RUN_MAX_TXSZ) {
3072 DPRINTF("data overflow, %u bytes\n",
3073 m->m_pkthdr.len);
3074 run_tx_free(pq, data, 1);
3075 goto tr_setup;
3076 }
3077
3078 pc = usbd_xfer_get_frame(xfer, 0);
3079 usbd_copy_in(pc, 0, &data->desc, size);
3080 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3081 size += m->m_pkthdr.len;
3082 /*
3083 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3084 * 4-byte padding), and be sure to zero those trailing
3085 * bytes:
3086 */
3087 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3088 size += ((-size) & 3) + 8;
3089
3090 vap = data->ni->ni_vap;
3091 if (ieee80211_radiotap_active_vap(vap)) {
3092 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3093 struct rt2860_txwi *txwi =
3094 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3095 tap->wt_flags = 0;
3096 tap->wt_rate = rt2860_rates[data->ridx].rate;
3097 tap->wt_hwqueue = index;
3098 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3099 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3100
3101 ieee80211_radiotap_tx(vap, m);
3102 }
3103
3104 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3105 m->m_pkthdr.len, size, index);
3106
3107 usbd_xfer_set_frame_len(xfer, 0, size);
3108 usbd_xfer_set_priv(xfer, data);
3109 usbd_transfer_submit(xfer);
3110 run_start(sc);
3111
3112 break;
3113
3114 default:
3115 DPRINTF("USB transfer error, %s\n",
3116 usbd_errstr(error));
3117
3118 data = usbd_xfer_get_priv(xfer);
3119
3120 if (data != NULL) {
3121 if(data->ni != NULL)
3122 vap = data->ni->ni_vap;
3123 run_tx_free(pq, data, error);
3124 usbd_xfer_set_priv(xfer, NULL);
3125 }
3126
3127 if (vap == NULL)
3128 vap = TAILQ_FIRST(&ic->ic_vaps);
3129
3130 if (error != USB_ERR_CANCELLED) {
3131 if (error == USB_ERR_TIMEOUT) {
3132 device_printf(sc->sc_dev, "device timeout\n");
3133 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3134 DPRINTF("cmdq_store=%d\n", i);
3135 sc->cmdq[i].func = run_usb_timeout_cb;
3136 sc->cmdq[i].arg0 = vap;
3137 ieee80211_runtask(ic, &sc->cmdq_task);
3138 }
3139
3140 /*
3141 * Try to clear stall first, also if other
3142 * errors occur, hence clearing stall
3143 * introduces a 50 ms delay:
3144 */
3145 usbd_xfer_set_stall(xfer);
3146 goto tr_setup;
3147 }
3148 break;
3149 }
3150}
3151
3152static void
3153run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3154{
3155 run_bulk_tx_callbackN(xfer, error, 0);
3156}
3157
3158static void
3159run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3160{
3161 run_bulk_tx_callbackN(xfer, error, 1);
3162}
3163
3164static void
3165run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3166{
3167 run_bulk_tx_callbackN(xfer, error, 2);
3168}
3169
3170static void
3171run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3172{
3173 run_bulk_tx_callbackN(xfer, error, 3);
3174}
3175
3176static void
3177run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3178{
3179 run_bulk_tx_callbackN(xfer, error, 4);
3180}
3181
3182static void
3183run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3184{
3185 run_bulk_tx_callbackN(xfer, error, 5);
3186}
3187
3188static void
3189run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3190{
3191 struct mbuf *m = data->m;
3192 struct ieee80211com *ic = &sc->sc_ic;
3193 struct ieee80211vap *vap = data->ni->ni_vap;
3194 struct ieee80211_frame *wh;
3195 struct rt2870_txd *txd;
3196 struct rt2860_txwi *txwi;
3197 uint16_t xferlen, txwisize;
3198 uint16_t mcs;
3199 uint8_t ridx = data->ridx;
3200 uint8_t pad;
3201
3202 /* get MCS code from rate index */
3203 mcs = rt2860_rates[ridx].mcs;
3204
3205 txwisize = (sc->mac_ver == 0x5592) ?
3206 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3207 xferlen = txwisize + m->m_pkthdr.len;
3208
3209 /* roundup to 32-bit alignment */
3210 xferlen = (xferlen + 3) & ~3;
3211
3212 txd = (struct rt2870_txd *)&data->desc;
3213 txd->len = htole16(xferlen);
3214
3215 wh = mtod(m, struct ieee80211_frame *);
3216
3217 /*
3218 * Ether both are true or both are false, the header
3219 * are nicely aligned to 32-bit. So, no L2 padding.
3220 */
3221 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3222 pad = 0;
3223 else
3224 pad = 2;
3225
3226 /* setup TX Wireless Information */
3227 txwi = (struct rt2860_txwi *)(txd + 1);
3228 txwi->len = htole16(m->m_pkthdr.len - pad);
3229 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3230 mcs |= RT2860_PHY_CCK;
3231 if (ridx != RT2860_RIDX_CCK1 &&
3232 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3233 mcs |= RT2860_PHY_SHPRE;
3234 } else
3235 mcs |= RT2860_PHY_OFDM;
3236 txwi->phy = htole16(mcs);
3237
3238 /* check if RTS/CTS or CTS-to-self protection is required */
3239 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3240 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3241 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3242 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3243 txwi->txop |= RT2860_TX_TXOP_HT;
3244 else
3245 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3246
3247 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3248 txwi->xflags |= RT2860_TX_NSEQ;
3249}
3250
3251/* This function must be called locked */
3252static int
3253run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3254{
3255 struct ieee80211com *ic = &sc->sc_ic;
3256 struct ieee80211vap *vap = ni->ni_vap;
3257 struct ieee80211_frame *wh;
3258 struct ieee80211_channel *chan;
3259 const struct ieee80211_txparam *tp;
3260 struct run_node *rn = RUN_NODE(ni);
3261 struct run_tx_data *data;
3262 struct rt2870_txd *txd;
3263 struct rt2860_txwi *txwi;
3264 uint16_t qos;
3265 uint16_t dur;
3266 uint16_t qid;
3267 uint8_t type;
3268 uint8_t tid;
3269 uint8_t ridx;
3270 uint8_t ctl_ridx;
3271 uint8_t qflags;
3272 uint8_t xflags = 0;
3273 int hasqos;
3274
3275 RUN_LOCK_ASSERT(sc, MA_OWNED);
3276
3277 wh = mtod(m, struct ieee80211_frame *);
3278
3279 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3280
3281 /*
3282 * There are 7 bulk endpoints: 1 for RX
3283 * and 6 for TX (4 EDCAs + HCCA + Prio).
3284 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3285 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3286 */
3287 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3288 uint8_t *frm;
3289
3290 frm = ieee80211_getqos(wh);
3291 qos = le16toh(*(const uint16_t *)frm);
3292 tid = qos & IEEE80211_QOS_TID;
3293 qid = TID_TO_WME_AC(tid);
3294 } else {
3295 qos = 0;
3296 tid = 0;
3297 qid = WME_AC_BE;
3298 }
3299 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3300
3301 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3302 qos, qid, tid, qflags);
3303
3304 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3305 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3306
3307 /* pickup a rate index */
3308 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3309 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3310 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3311 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3312 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3313 } else {
3314 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3315 ridx = rn->fix_ridx;
3316 else
3317 ridx = rn->amrr_ridx;
3318 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3319 }
3320
3321 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3322 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3323 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3324 xflags |= RT2860_TX_ACK;
3325 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3326 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3327 else
3328 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3329 USETW(wh->i_dur, dur);
3330 }
3331
3332 /* reserve slots for mgmt packets, just in case */
3333 if (sc->sc_epq[qid].tx_nfree < 3) {
3334 DPRINTFN(10, "tx ring %d is full\n", qid);
3335 return (-1);
3336 }
3337
3338 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3339 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3340 sc->sc_epq[qid].tx_nfree--;
3341
3342 txd = (struct rt2870_txd *)&data->desc;
3343 txd->flags = qflags;
3344 txwi = (struct rt2860_txwi *)(txd + 1);
3345 txwi->xflags = xflags;
3346 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3347 txwi->wcid = 0;
3348 else
3349 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3350 1 : RUN_AID2WCID(ni->ni_associd);
3351
3352 /* clear leftover garbage bits */
3353 txwi->flags = 0;
3354 txwi->txop = 0;
3355
3356 data->m = m;
3357 data->ni = ni;
3358 data->ridx = ridx;
3359
3360 run_set_tx_desc(sc, data);
3361
3362 /*
3363 * The chip keeps track of 2 kind of Tx stats,
3364 * * TX_STAT_FIFO, for per WCID stats, and
3365 * * TX_STA_CNT0 for all-TX-in-one stats.
3366 *
3367 * To use FIFO stats, we need to store MCS into the driver-private
3368 * PacketID field. So that, we can tell whose stats when we read them.
3369 * We add 1 to the MCS because setting the PacketID field to 0 means
3370 * that we don't want feedback in TX_STAT_FIFO.
3371 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3372 *
3373 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3374 */
3375 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3376 vap->iv_opmode == IEEE80211_M_MBSS) {
3377 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3378 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3379
3380 /*
3381 * Unlike PCI based devices, we don't get any interrupt from
3382 * USB devices, so we simulate FIFO-is-full interrupt here.
3383 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3384 * quickly get fulled. To prevent overflow, increment a counter on
3385 * every FIFO stat request, so we know how many slots are left.
3386 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3387 * are used only in those modes.
3388 * We just drain stats. AMRR gets updated every 1 sec by
3389 * run_ratectl_cb() via callout.
3390 * Call it early. Otherwise overflow.
3391 */
3392 if (sc->fifo_cnt++ == 10) {
3393 /*
3394 * With multiple vaps or if_bridge, if_start() is called
3395 * with a non-sleepable lock, tcpinp. So, need to defer.
3396 */
3397 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3398 DPRINTFN(6, "cmdq_store=%d\n", i);
3399 sc->cmdq[i].func = run_drain_fifo;
3400 sc->cmdq[i].arg0 = sc;
3401 ieee80211_runtask(ic, &sc->cmdq_task);
3402 }
3403 }
3404
3405 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3406
3407 usbd_transfer_start(sc->sc_xfer[qid]);
3408
3409 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3410 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3411 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3412
3413 return (0);
3414}
3415
3416static int
3417run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3418{
3419 struct ieee80211com *ic = &sc->sc_ic;
3420 struct run_node *rn = RUN_NODE(ni);
3421 struct run_tx_data *data;
3422 struct ieee80211_frame *wh;
3423 struct rt2870_txd *txd;
3424 struct rt2860_txwi *txwi;
3425 uint16_t dur;
3426 uint8_t ridx = rn->mgt_ridx;
3427 uint8_t type;
3428 uint8_t xflags = 0;
3429 uint8_t wflags = 0;
3430
3431 RUN_LOCK_ASSERT(sc, MA_OWNED);
3432
3433 wh = mtod(m, struct ieee80211_frame *);
3434
3435 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3436
3437 /* tell hardware to add timestamp for probe responses */
3438 if ((wh->i_fc[0] &
3439 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3440 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3441 wflags |= RT2860_TX_TS;
3442 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3443 xflags |= RT2860_TX_ACK;
3444
3445 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3446 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3447 USETW(wh->i_dur, dur);
3448 }
3449
3450 if (sc->sc_epq[0].tx_nfree == 0)
3451 /* let caller free mbuf */
3452 return (EIO);
3453 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3454 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3455 sc->sc_epq[0].tx_nfree--;
3456
3457 txd = (struct rt2870_txd *)&data->desc;
3458 txd->flags = RT2860_TX_QSEL_EDCA;
3459 txwi = (struct rt2860_txwi *)(txd + 1);
3460 txwi->wcid = 0xff;
3461 txwi->flags = wflags;
3462 txwi->xflags = xflags;
3463 txwi->txop = 0; /* clear leftover garbage bits */
3464
3465 data->m = m;
3466 data->ni = ni;
3467 data->ridx = ridx;
3468
3469 run_set_tx_desc(sc, data);
3470
3471 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3472 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3473 rt2860_rates[ridx].rate);
3474
3475 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3476
3477 usbd_transfer_start(sc->sc_xfer[0]);
3478
3479 return (0);
3480}
3481
3482static int
3483run_sendprot(struct run_softc *sc,
3484 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3485{
3486 struct ieee80211com *ic = ni->ni_ic;
3487 struct ieee80211_frame *wh;
3488 struct run_tx_data *data;
3489 struct rt2870_txd *txd;
3490 struct rt2860_txwi *txwi;
3491 struct mbuf *mprot;
3492 int ridx;
3493 int protrate;
3494 int ackrate;
3495 int pktlen;
3496 int isshort;
3497 uint16_t dur;
3498 uint8_t type;
3499 uint8_t wflags = 0;
3500 uint8_t xflags = 0;
3501
3502 RUN_LOCK_ASSERT(sc, MA_OWNED);
3503
3504 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3505 ("protection %d", prot));
3506
3507 wh = mtod(m, struct ieee80211_frame *);
3508 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3509 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3510
3511 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3512 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3513
3514 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3515 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3516 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3517 wflags = RT2860_TX_FRAG;
3518
3519 /* check that there are free slots before allocating the mbuf */
3520 if (sc->sc_epq[0].tx_nfree == 0)
3521 /* let caller free mbuf */
3522 return (ENOBUFS);
3523
3524 if (prot == IEEE80211_PROT_RTSCTS) {
3525 /* NB: CTS is the same size as an ACK */
3526 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3527 xflags |= RT2860_TX_ACK;
3528 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3529 } else {
3530 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3531 }
3532 if (mprot == NULL) {
3533 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3534 DPRINTF("could not allocate mbuf\n");
3535 return (ENOBUFS);
3536 }
3537
3538 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3539 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3540 sc->sc_epq[0].tx_nfree--;
3541
3542 txd = (struct rt2870_txd *)&data->desc;
3543 txd->flags = RT2860_TX_QSEL_EDCA;
3544 txwi = (struct rt2860_txwi *)(txd + 1);
3545 txwi->wcid = 0xff;
3546 txwi->flags = wflags;
3547 txwi->xflags = xflags;
3548 txwi->txop = 0; /* clear leftover garbage bits */
3549
3550 data->m = mprot;
3551 data->ni = ieee80211_ref_node(ni);
3552
3553 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3554 if (rt2860_rates[ridx].rate == protrate)
3555 break;
3556 data->ridx = ridx;
3557
3558 run_set_tx_desc(sc, data);
3559
3560 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3561 m->m_pkthdr.len, rate);
3562
3563 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3564
3565 usbd_transfer_start(sc->sc_xfer[0]);
3566
3567 return (0);
3568}
3569
3570static int
3571run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3572 const struct ieee80211_bpf_params *params)
3573{
3574 struct ieee80211com *ic = ni->ni_ic;
3575 struct ieee80211_frame *wh;
3576 struct run_tx_data *data;
3577 struct rt2870_txd *txd;
3578 struct rt2860_txwi *txwi;
3579 uint8_t type;
3580 uint8_t ridx;
3581 uint8_t rate;
3582 uint8_t opflags = 0;
3583 uint8_t xflags = 0;
3584 int error;
3585
3586 RUN_LOCK_ASSERT(sc, MA_OWNED);
3587
3588 KASSERT(params != NULL, ("no raw xmit params"));
3589
3590 wh = mtod(m, struct ieee80211_frame *);
3591 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3592
3593 rate = params->ibp_rate0;
3594 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3595 /* let caller free mbuf */
3596 return (EINVAL);
3597 }
3598
3599 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3600 xflags |= RT2860_TX_ACK;
3601 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3602 error = run_sendprot(sc, m, ni,
3603 params->ibp_flags & IEEE80211_BPF_RTS ?
3604 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3605 rate);
3606 if (error) {
3607 /* let caller free mbuf */
3608 return error;
3609 }
3610 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3611 }
3612
3613 if (sc->sc_epq[0].tx_nfree == 0) {
3614 /* let caller free mbuf */
3615 DPRINTF("sending raw frame, but tx ring is full\n");
3616 return (EIO);
3617 }
3618 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3619 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3620 sc->sc_epq[0].tx_nfree--;
3621
3622 txd = (struct rt2870_txd *)&data->desc;
3623 txd->flags = RT2860_TX_QSEL_EDCA;
3624 txwi = (struct rt2860_txwi *)(txd + 1);
3625 txwi->wcid = 0xff;
3626 txwi->xflags = xflags;
3627 txwi->txop = opflags;
3628 txwi->flags = 0; /* clear leftover garbage bits */
3629
3630 data->m = m;
3631 data->ni = ni;
3632 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3633 if (rt2860_rates[ridx].rate == rate)
3634 break;
3635 data->ridx = ridx;
3636
3637 run_set_tx_desc(sc, data);
3638
3639 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3640 m->m_pkthdr.len, rate);
3641
3642 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3643
3644 usbd_transfer_start(sc->sc_xfer[0]);
3645
3646 return (0);
3647}
3648
3649static int
3650run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3651 const struct ieee80211_bpf_params *params)
3652{
3653 struct run_softc *sc = ni->ni_ic->ic_softc;
3654 int error = 0;
3655
3656 RUN_LOCK(sc);
3657
3658 /* prevent management frames from being sent if we're not ready */
3659 if (!(sc->sc_flags & RUN_RUNNING)) {
3660 error = ENETDOWN;
3661 goto done;
3662 }
3663
3664 if (params == NULL) {
3665 /* tx mgt packet */
3666 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3667 DPRINTF("mgt tx failed\n");
3668 goto done;
3669 }
3670 } else {
3671 /* tx raw packet with param */
3672 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3673 DPRINTF("tx with param failed\n");
3674 goto done;
3675 }
3676 }
3677
3678done:
3679 RUN_UNLOCK(sc);
3680
3681 if (error != 0) {
3682 if(m != NULL)
3683 m_freem(m);
3684 }
3685
3686 return (error);
3687}
3688
3689static int
3690run_transmit(struct ieee80211com *ic, struct mbuf *m)
3691{
3692 struct run_softc *sc = ic->ic_softc;
3693 int error;
3694
3695 RUN_LOCK(sc);
3696 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3697 RUN_UNLOCK(sc);
3698 return (ENXIO);
3699 }
3700 error = mbufq_enqueue(&sc->sc_snd, m);
3701 if (error) {
3702 RUN_UNLOCK(sc);
3703 return (error);
3704 }
3705 run_start(sc);
3706 RUN_UNLOCK(sc);
3707
3708 return (0);
3709}
3710
3711static void
3712run_start(struct run_softc *sc)
3713{
3714 struct ieee80211_node *ni;
3715 struct mbuf *m;
3716
3717 RUN_LOCK_ASSERT(sc, MA_OWNED);
3718
3719 if ((sc->sc_flags & RUN_RUNNING) == 0)
3720 return;
3721
3722 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3723 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3724 if (run_tx(sc, m, ni) != 0) {
3725 mbufq_prepend(&sc->sc_snd, m);
3726 break;
3727 }
3728 }
3729}
3730
3731static void
3732run_parent(struct ieee80211com *ic)
3733{
3734 struct run_softc *sc = ic->ic_softc;
3735 int startall = 0;
3736
3737 RUN_LOCK(sc);
3738 if (sc->sc_detached) {
3739 RUN_UNLOCK(sc);
3740 return;
3741 }
3742
3743 if (ic->ic_nrunning > 0) {
3744 if (!(sc->sc_flags & RUN_RUNNING)) {
3745 startall = 1;
3746 run_init_locked(sc);
3747 } else
3748 run_update_promisc_locked(sc);
3749 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3750 run_stop(sc);
3751 RUN_UNLOCK(sc);
3752 if (startall)
3753 ieee80211_start_all(ic);
3754}
3755
3756static void
3757run_iq_calib(struct run_softc *sc, u_int chan)
3758{
3759 uint16_t val;
3760
3761 /* Tx0 IQ gain. */
3762 run_bbp_write(sc, 158, 0x2c);
3763 if (chan <= 14)
3764 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3765 else if (chan <= 64) {
3766 run_efuse_read(sc,
3767 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3768 &val, 1);
3769 } else if (chan <= 138) {
3770 run_efuse_read(sc,
3771 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3772 &val, 1);
3773 } else if (chan <= 165) {
3774 run_efuse_read(sc,
3775 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3776 &val, 1);
3777 } else
3778 val = 0;
3779 run_bbp_write(sc, 159, val);
3780
3781 /* Tx0 IQ phase. */
3782 run_bbp_write(sc, 158, 0x2d);
3783 if (chan <= 14) {
3784 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3785 &val, 1);
3786 } else if (chan <= 64) {
3787 run_efuse_read(sc,
3788 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3789 &val, 1);
3790 } else if (chan <= 138) {
3791 run_efuse_read(sc,
3792 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3793 &val, 1);
3794 } else if (chan <= 165) {
3795 run_efuse_read(sc,
3796 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3797 &val, 1);
3798 } else
3799 val = 0;
3800 run_bbp_write(sc, 159, val);
3801
3802 /* Tx1 IQ gain. */
3803 run_bbp_write(sc, 158, 0x4a);
3804 if (chan <= 14) {
3805 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3806 &val, 1);
3807 } else if (chan <= 64) {
3808 run_efuse_read(sc,
3809 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3810 &val, 1);
3811 } else if (chan <= 138) {
3812 run_efuse_read(sc,
3813 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3814 &val, 1);
3815 } else if (chan <= 165) {
3816 run_efuse_read(sc,
3817 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3818 &val, 1);
3819 } else
3820 val = 0;
3821 run_bbp_write(sc, 159, val);
3822
3823 /* Tx1 IQ phase. */
3824 run_bbp_write(sc, 158, 0x4b);
3825 if (chan <= 14) {
3826 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3827 &val, 1);
3828 } else if (chan <= 64) {
3829 run_efuse_read(sc,
3830 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3831 &val, 1);
3832 } else if (chan <= 138) {
3833 run_efuse_read(sc,
3834 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3835 &val, 1);
3836 } else if (chan <= 165) {
3837 run_efuse_read(sc,
3838 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3839 &val, 1);
3840 } else
3841 val = 0;
3842 run_bbp_write(sc, 159, val);
3843
3844 /* RF IQ compensation control. */
3845 run_bbp_write(sc, 158, 0x04);
3846 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3847 &val, 1);
3848 run_bbp_write(sc, 159, val);
3849
3850 /* RF IQ imbalance compensation control. */
3851 run_bbp_write(sc, 158, 0x03);
3852 run_efuse_read(sc,
3853 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3854 run_bbp_write(sc, 159, val);
3855}
3856
3857static void
3858run_set_agc(struct run_softc *sc, uint8_t agc)
3859{
3860 uint8_t bbp;
3861
3862 if (sc->mac_ver == 0x3572) {
3863 run_bbp_read(sc, 27, &bbp);
3864 bbp &= ~(0x3 << 5);
3865 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3866 run_bbp_write(sc, 66, agc);
3867 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3868 run_bbp_write(sc, 66, agc);
3869 } else
3870 run_bbp_write(sc, 66, agc);
3871}
3872
3873static void
3874run_select_chan_group(struct run_softc *sc, int group)
3875{
3876 uint32_t tmp;
3877 uint8_t agc;
3878
3879 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3880 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3881 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3882 if (sc->mac_ver < 0x3572)
3883 run_bbp_write(sc, 86, 0x00);
3884
3885 if (sc->mac_ver == 0x3593) {
3886 run_bbp_write(sc, 77, 0x98);
3887 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3888 }
3889
3890 if (group == 0) {
3891 if (sc->ext_2ghz_lna) {
3892 if (sc->mac_ver >= 0x5390)
3893 run_bbp_write(sc, 75, 0x52);
3894 else {
3895 run_bbp_write(sc, 82, 0x62);
3896 run_bbp_write(sc, 75, 0x46);
3897 }
3898 } else {
3899 if (sc->mac_ver == 0x5592) {
3900 run_bbp_write(sc, 79, 0x1c);
3901 run_bbp_write(sc, 80, 0x0e);
3902 run_bbp_write(sc, 81, 0x3a);
3903 run_bbp_write(sc, 82, 0x62);
3904
3905 run_bbp_write(sc, 195, 0x80);
3906 run_bbp_write(sc, 196, 0xe0);
3907 run_bbp_write(sc, 195, 0x81);
3908 run_bbp_write(sc, 196, 0x1f);
3909 run_bbp_write(sc, 195, 0x82);
3910 run_bbp_write(sc, 196, 0x38);
3911 run_bbp_write(sc, 195, 0x83);
3912 run_bbp_write(sc, 196, 0x32);
3913 run_bbp_write(sc, 195, 0x85);
3914 run_bbp_write(sc, 196, 0x28);
3915 run_bbp_write(sc, 195, 0x86);
3916 run_bbp_write(sc, 196, 0x19);
3917 } else if (sc->mac_ver >= 0x5390)
3918 run_bbp_write(sc, 75, 0x50);
3919 else {
3920 run_bbp_write(sc, 82,
3921 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3922 run_bbp_write(sc, 75, 0x50);
3923 }
3924 }
3925 } else {
3926 if (sc->mac_ver == 0x5592) {
3927 run_bbp_write(sc, 79, 0x18);
3928 run_bbp_write(sc, 80, 0x08);
3929 run_bbp_write(sc, 81, 0x38);
3930 run_bbp_write(sc, 82, 0x92);
3931
3932 run_bbp_write(sc, 195, 0x80);
3933 run_bbp_write(sc, 196, 0xf0);
3934 run_bbp_write(sc, 195, 0x81);
3935 run_bbp_write(sc, 196, 0x1e);
3936 run_bbp_write(sc, 195, 0x82);
3937 run_bbp_write(sc, 196, 0x28);
3938 run_bbp_write(sc, 195, 0x83);
3939 run_bbp_write(sc, 196, 0x20);
3940 run_bbp_write(sc, 195, 0x85);
3941 run_bbp_write(sc, 196, 0x7f);
3942 run_bbp_write(sc, 195, 0x86);
3943 run_bbp_write(sc, 196, 0x7f);
3944 } else if (sc->mac_ver == 0x3572)
3945 run_bbp_write(sc, 82, 0x94);
3946 else
3947 run_bbp_write(sc, 82,
3948 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
3949 if (sc->ext_5ghz_lna)
3950 run_bbp_write(sc, 75, 0x46);
3951 else
3952 run_bbp_write(sc, 75, 0x50);
3953 }
3954
3955 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
3956 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
3957 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
3958 run_write(sc, RT2860_TX_BAND_CFG, tmp);
3959
3960 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
3961 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
3962 if (sc->mac_ver == 0x3593)
3963 tmp |= 1 << 29 | 1 << 28;
3964 if (sc->nrxchains > 1)
3965 tmp |= RT2860_LNA_PE1_EN;
3966 if (group == 0) { /* 2GHz */
3967 tmp |= RT2860_PA_PE_G0_EN;
3968 if (sc->ntxchains > 1)
3969 tmp |= RT2860_PA_PE_G1_EN;
3970 if (sc->mac_ver == 0x3593) {
3971 if (sc->ntxchains > 2)
3972 tmp |= 1 << 25;
3973 }
3974 } else { /* 5GHz */
3975 tmp |= RT2860_PA_PE_A0_EN;
3976 if (sc->ntxchains > 1)
3977 tmp |= RT2860_PA_PE_A1_EN;
3978 }
3979 if (sc->mac_ver == 0x3572) {
3980 run_rt3070_rf_write(sc, 8, 0x00);
3981 run_write(sc, RT2860_TX_PIN_CFG, tmp);
3982 run_rt3070_rf_write(sc, 8, 0x80);
3983 } else
3984 run_write(sc, RT2860_TX_PIN_CFG, tmp);
3985
3986 if (sc->mac_ver == 0x5592) {
3987 run_bbp_write(sc, 195, 0x8d);
3988 run_bbp_write(sc, 196, 0x1a);
3989 }
3990
3991 if (sc->mac_ver == 0x3593) {
3992 run_read(sc, RT2860_GPIO_CTRL, &tmp);
3993 tmp &= ~0x01010000;
3994 if (group == 0)
3995 tmp |= 0x00010000;
3996 tmp = (tmp & ~0x00009090) | 0x00000090;
3997 run_write(sc, RT2860_GPIO_CTRL, tmp);
3998 }
3999
4000 /* set initial AGC value */
4001 if (group == 0) { /* 2GHz band */
4002 if (sc->mac_ver >= 0x3070)
4003 agc = 0x1c + sc->lna[0] * 2;
4004 else
4005 agc = 0x2e + sc->lna[0];
4006 } else { /* 5GHz band */
4007 if (sc->mac_ver == 0x5592)
4008 agc = 0x24 + sc->lna[group] * 2;
4009 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4010 agc = 0x22 + (sc->lna[group] * 5) / 3;
4011 else
4012 agc = 0x32 + (sc->lna[group] * 5) / 3;
4013 }
4014 run_set_agc(sc, agc);
4015}
4016
4017static void
4018run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4019{
4020 const struct rfprog *rfprog = rt2860_rf2850;
4021 uint32_t r2, r3, r4;
4022 int8_t txpow1, txpow2;
4023 int i;
4024
4025 /* find the settings for this channel (we know it exists) */
4026 for (i = 0; rfprog[i].chan != chan; i++);
4027
4028 r2 = rfprog[i].r2;
4029 if (sc->ntxchains == 1)
4030 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4031 if (sc->nrxchains == 1)
4032 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4033 else if (sc->nrxchains == 2)
4034 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4035
4036 /* use Tx power values from EEPROM */
4037 txpow1 = sc->txpow1[i];
4038 txpow2 = sc->txpow2[i];
4039
4040 /* Initialize RF R3 and R4. */
4041 r3 = rfprog[i].r3 & 0xffffc1ff;
4042 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4043 if (chan > 14) {
4044 if (txpow1 >= 0) {
4045 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4046 r3 |= (txpow1 << 10) | (1 << 9);
4047 } else {
4048 txpow1 += 7;
4049
4050 /* txpow1 is not possible larger than 15. */
4051 r3 |= (txpow1 << 10);
4052 }
4053 if (txpow2 >= 0) {
4054 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4055 r4 |= (txpow2 << 7) | (1 << 6);
4056 } else {
4057 txpow2 += 7;
4058 r4 |= (txpow2 << 7);
4059 }
4060 } else {
4061 /* Set Tx0 power. */
4062 r3 |= (txpow1 << 9);
4063
4064 /* Set frequency offset and Tx1 power. */
4065 r4 |= (txpow2 << 6);
4066 }
4067
4068 run_rt2870_rf_write(sc, rfprog[i].r1);
4069 run_rt2870_rf_write(sc, r2);
4070 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4071 run_rt2870_rf_write(sc, r4);
4072
4073 run_delay(sc, 10);
4074
4075 run_rt2870_rf_write(sc, rfprog[i].r1);
4076 run_rt2870_rf_write(sc, r2);
4077 run_rt2870_rf_write(sc, r3 | (1 << 2));
4078 run_rt2870_rf_write(sc, r4);
4079
4080 run_delay(sc, 10);
4081
4082 run_rt2870_rf_write(sc, rfprog[i].r1);
4083 run_rt2870_rf_write(sc, r2);
4084 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4085 run_rt2870_rf_write(sc, r4);
4086}
4087
4088static void
4089run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4090{
4091 int8_t txpow1, txpow2;
4092 uint8_t rf;
4093 int i;
4094
4095 /* find the settings for this channel (we know it exists) */
4096 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4097
4098 /* use Tx power values from EEPROM */
4099 txpow1 = sc->txpow1[i];
4100 txpow2 = sc->txpow2[i];
4101
4102 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4103
4104 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4105 run_rt3070_rf_read(sc, 3, &rf);
4106 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4107 run_rt3070_rf_write(sc, 3, rf);
4108
4109 run_rt3070_rf_read(sc, 6, &rf);
4110 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4111 run_rt3070_rf_write(sc, 6, rf);
4112
4113 /* set Tx0 power */
4114 run_rt3070_rf_read(sc, 12, &rf);
4115 rf = (rf & ~0x1f) | txpow1;
4116 run_rt3070_rf_write(sc, 12, rf);
4117
4118 /* set Tx1 power */
4119 run_rt3070_rf_read(sc, 13, &rf);
4120 rf = (rf & ~0x1f) | txpow2;
4121 run_rt3070_rf_write(sc, 13, rf);
4122
4123 run_rt3070_rf_read(sc, 1, &rf);
4124 rf &= ~0xfc;
4125 if (sc->ntxchains == 1)
4126 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4127 else if (sc->ntxchains == 2)
4128 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4129 if (sc->nrxchains == 1)
4130 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4131 else if (sc->nrxchains == 2)
4132 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4133 run_rt3070_rf_write(sc, 1, rf);
4134
4135 /* set RF offset */
4136 run_rt3070_rf_read(sc, 23, &rf);
4137 rf = (rf & ~0x7f) | sc->freq;
4138 run_rt3070_rf_write(sc, 23, rf);
4139
4140 /* program RF filter */
4141 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4142 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4143 run_rt3070_rf_write(sc, 24, rf);
4144 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4145 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4146 run_rt3070_rf_write(sc, 31, rf);
4147
4148 /* enable RF tuning */
4149 run_rt3070_rf_read(sc, 7, &rf);
4150 run_rt3070_rf_write(sc, 7, rf | 0x01);
4151}
4152
4153static void
4154run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4155{
4156 int8_t txpow1, txpow2;
4157 uint32_t tmp;
4158 uint8_t rf;
4159 int i;
4160
4161 /* find the settings for this channel (we know it exists) */
4162 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4163
4164 /* use Tx power values from EEPROM */
4165 txpow1 = sc->txpow1[i];
4166 txpow2 = sc->txpow2[i];
4167
4168 if (chan <= 14) {
4169 run_bbp_write(sc, 25, sc->bbp25);
4170 run_bbp_write(sc, 26, sc->bbp26);
4171 } else {
4172 /* enable IQ phase correction */
4173 run_bbp_write(sc, 25, 0x09);
4174 run_bbp_write(sc, 26, 0xff);
4175 }
4176
4177 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4178 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4179 run_rt3070_rf_read(sc, 6, &rf);
4180 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4181 rf |= (chan <= 14) ? 0x08 : 0x04;
4182 run_rt3070_rf_write(sc, 6, rf);
4183
4184 /* set PLL mode */
4185 run_rt3070_rf_read(sc, 5, &rf);
4186 rf &= ~(0x08 | 0x04);
4187 rf |= (chan <= 14) ? 0x04 : 0x08;
4188 run_rt3070_rf_write(sc, 5, rf);
4189
4190 /* set Tx power for chain 0 */
4191 if (chan <= 14)
4192 rf = 0x60 | txpow1;
4193 else
4194 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4195 run_rt3070_rf_write(sc, 12, rf);
4196
4197 /* set Tx power for chain 1 */
4198 if (chan <= 14)
4199 rf = 0x60 | txpow2;
4200 else
4201 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4202 run_rt3070_rf_write(sc, 13, rf);
4203
4204 /* set Tx/Rx streams */
4205 run_rt3070_rf_read(sc, 1, &rf);
4206 rf &= ~0xfc;
4207 if (sc->ntxchains == 1)
4208 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4209 else if (sc->ntxchains == 2)
4210 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4211 if (sc->nrxchains == 1)
4212 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4213 else if (sc->nrxchains == 2)
4214 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4215 run_rt3070_rf_write(sc, 1, rf);
4216
4217 /* set RF offset */
4218 run_rt3070_rf_read(sc, 23, &rf);
4219 rf = (rf & ~0x7f) | sc->freq;
4220 run_rt3070_rf_write(sc, 23, rf);
4221
4222 /* program RF filter */
4223 rf = sc->rf24_20mhz;
4224 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4225 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4226
4227 /* enable RF tuning */
4228 run_rt3070_rf_read(sc, 7, &rf);
4229 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4230 run_rt3070_rf_write(sc, 7, rf);
4231
4232 /* TSSI */
4233 rf = (chan <= 14) ? 0xc3 : 0xc0;
4234 run_rt3070_rf_write(sc, 9, rf);
4235
4236 /* set loop filter 1 */
4237 run_rt3070_rf_write(sc, 10, 0xf1);
4238 /* set loop filter 2 */
4239 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4240
4241 /* set tx_mx2_ic */
4242 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4243 /* set tx_mx1_ic */
4244 if (chan <= 14)
4245 rf = 0x48 | sc->txmixgain_2ghz;
4246 else
4247 rf = 0x78 | sc->txmixgain_5ghz;
4248 run_rt3070_rf_write(sc, 16, rf);
4249
4250 /* set tx_lo1 */
4251 run_rt3070_rf_write(sc, 17, 0x23);
4252 /* set tx_lo2 */
4253 if (chan <= 14)
4254 rf = 0x93;
4255 else if (chan <= 64)
4256 rf = 0xb7;
4257 else if (chan <= 128)
4258 rf = 0x74;
4259 else
4260 rf = 0x72;
4261 run_rt3070_rf_write(sc, 19, rf);
4262
4263 /* set rx_lo1 */
4264 if (chan <= 14)
4265 rf = 0xb3;
4266 else if (chan <= 64)
4267 rf = 0xf6;
4268 else if (chan <= 128)
4269 rf = 0xf4;
4270 else
4271 rf = 0xf3;
4272 run_rt3070_rf_write(sc, 20, rf);
4273
4274 /* set pfd_delay */
4275 if (chan <= 14)
4276 rf = 0x15;
4277 else if (chan <= 64)
4278 rf = 0x3d;
4279 else
4280 rf = 0x01;
4281 run_rt3070_rf_write(sc, 25, rf);
4282
4283 /* set rx_lo2 */
4284 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4285 /* set ldo_rf_vc */
4286 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4287 /* set drv_cc */
4288 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4289
4290 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4291 tmp &= ~0x8080;
4292 if (chan <= 14)
4293 tmp |= 0x80;
4294 run_write(sc, RT2860_GPIO_CTRL, tmp);
4295
4296 /* enable RF tuning */
4297 run_rt3070_rf_read(sc, 7, &rf);
4298 run_rt3070_rf_write(sc, 7, rf | 0x01);
4299
4300 run_delay(sc, 2);
4301}
4302
4303static void
4304run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4305{
4306 int8_t txpow1, txpow2, txpow3;
4307 uint8_t h20mhz, rf;
4308 int i;
4309
4310 /* find the settings for this channel (we know it exists) */
4311 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4312
4313 /* use Tx power values from EEPROM */
4314 txpow1 = sc->txpow1[i];
4315 txpow2 = sc->txpow2[i];
4316 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4317
4318 if (chan <= 14) {
4319 run_bbp_write(sc, 25, sc->bbp25);
4320 run_bbp_write(sc, 26, sc->bbp26);
4321 } else {
4322 /* Enable IQ phase correction. */
4323 run_bbp_write(sc, 25, 0x09);
4324 run_bbp_write(sc, 26, 0xff);
4325 }
4326
4327 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4328 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4329 run_rt3070_rf_read(sc, 11, &rf);
4330 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4331 run_rt3070_rf_write(sc, 11, rf);
4332
4333 /* Set pll_idoh. */
4334 run_rt3070_rf_read(sc, 11, &rf);
4335 rf &= ~0x4c;
4336 rf |= (chan <= 14) ? 0x44 : 0x48;
4337 run_rt3070_rf_write(sc, 11, rf);
4338
4339 if (chan <= 14)
4340 rf = txpow1 & 0x1f;
4341 else
4342 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4343 run_rt3070_rf_write(sc, 53, rf);
4344
4345 if (chan <= 14)
4346 rf = txpow2 & 0x1f;
4347 else
4348 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4349 run_rt3070_rf_write(sc, 55, rf);
4350
4351 if (chan <= 14)
4352 rf = txpow3 & 0x1f;
4353 else
4354 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4355 run_rt3070_rf_write(sc, 54, rf);
4356
4357 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4358 if (sc->ntxchains == 3)
4359 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4360 else
4361 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4362 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4363 run_rt3070_rf_write(sc, 1, rf);
4364
4365 run_adjust_freq_offset(sc);
4366
4367 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4368
4369 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4370 run_rt3070_rf_read(sc, 30, &rf);
4371 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4372 run_rt3070_rf_write(sc, 30, rf);
4373
4374 run_rt3070_rf_read(sc, 36, &rf);
4375 if (chan <= 14)
4376 rf |= 0x80;
4377 else
4378 rf &= ~0x80;
4379 run_rt3070_rf_write(sc, 36, rf);
4380
4381 /* Set vcolo_bs. */
4382 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4383 /* Set pfd_delay. */
4384 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4385
4386 /* Set vco bias current control. */
4387 run_rt3070_rf_read(sc, 6, &rf);
4388 rf &= ~0xc0;
4389 if (chan <= 14)
4390 rf |= 0x40;
4391 else if (chan <= 128)
4392 rf |= 0x80;
4393 else
4394 rf |= 0x40;
4395 run_rt3070_rf_write(sc, 6, rf);
4396
4397 run_rt3070_rf_read(sc, 30, &rf);
4398 rf = (rf & ~0x18) | 0x10;
4399 run_rt3070_rf_write(sc, 30, rf);
4400
4401 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4402 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4403
4404 run_rt3070_rf_read(sc, 51, &rf);
4405 rf = (rf & ~0x03) | 0x01;
4406 run_rt3070_rf_write(sc, 51, rf);
4407 /* Set tx_mx1_cc. */
4408 run_rt3070_rf_read(sc, 51, &rf);
4409 rf &= ~0x1c;
4410 rf |= (chan <= 14) ? 0x14 : 0x10;
4411 run_rt3070_rf_write(sc, 51, rf);
4412 /* Set tx_mx1_ic. */
4413 run_rt3070_rf_read(sc, 51, &rf);
4414 rf &= ~0xe0;
4415 rf |= (chan <= 14) ? 0x60 : 0x40;
4416 run_rt3070_rf_write(sc, 51, rf);
4417 /* Set tx_lo1_ic. */
4418 run_rt3070_rf_read(sc, 49, &rf);
4419 rf &= ~0x1c;
4420 rf |= (chan <= 14) ? 0x0c : 0x08;
4421 run_rt3070_rf_write(sc, 49, rf);
4422 /* Set tx_lo1_en. */
4423 run_rt3070_rf_read(sc, 50, &rf);
4424 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4425 /* Set drv_cc. */
4426 run_rt3070_rf_read(sc, 57, &rf);
4427 rf &= ~0xfc;
4428 rf |= (chan <= 14) ? 0x6c : 0x3c;
4429 run_rt3070_rf_write(sc, 57, rf);
4430 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4431 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4432 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4433 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4434 /* Enable VCO calibration. */
4435 run_rt3070_rf_read(sc, 3, &rf);
4436 rf &= ~RT5390_VCOCAL;
4437 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4438 run_rt3070_rf_write(sc, 3, rf);
4439
4440 if (chan <= 14)
4441 rf = 0x23;
4442 else if (chan <= 64)
4443 rf = 0x36;
4444 else if (chan <= 128)
4445 rf = 0x32;
4446 else
4447 rf = 0x30;
4448 run_rt3070_rf_write(sc, 39, rf);
4449 if (chan <= 14)
4450 rf = 0xbb;
4451 else if (chan <= 64)
4452 rf = 0xeb;
4453 else if (chan <= 128)
4454 rf = 0xb3;
4455 else
4456 rf = 0x9b;
4457 run_rt3070_rf_write(sc, 45, rf);
4458
4459 /* Set FEQ/AEQ control. */
4460 run_bbp_write(sc, 105, 0x34);
4461}
4462
4463static void
4464run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4465{
4466 int8_t txpow1, txpow2;
4467 uint8_t rf;
4468 int i;
4469
4470 /* find the settings for this channel (we know it exists) */
4471 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4472
4473 /* use Tx power values from EEPROM */
4474 txpow1 = sc->txpow1[i];
4475 txpow2 = sc->txpow2[i];
4476
4477 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4478 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4479 run_rt3070_rf_read(sc, 11, &rf);
4480 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4481 run_rt3070_rf_write(sc, 11, rf);
4482
4483 run_rt3070_rf_read(sc, 49, &rf);
4484 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4485 /* The valid range of the RF R49 is 0x00 to 0x27. */
4486 if ((rf & 0x3f) > 0x27)
4487 rf = (rf & ~0x3f) | 0x27;
4488 run_rt3070_rf_write(sc, 49, rf);
4489
4490 if (sc->mac_ver == 0x5392) {
4491 run_rt3070_rf_read(sc, 50, &rf);
4492 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4493 /* The valid range of the RF R50 is 0x00 to 0x27. */
4494 if ((rf & 0x3f) > 0x27)
4495 rf = (rf & ~0x3f) | 0x27;
4496 run_rt3070_rf_write(sc, 50, rf);
4497 }
4498
4499 run_rt3070_rf_read(sc, 1, &rf);
4500 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4501 if (sc->mac_ver == 0x5392)
4502 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4503 run_rt3070_rf_write(sc, 1, rf);
4504
4505 if (sc->mac_ver != 0x5392) {
4506 run_rt3070_rf_read(sc, 2, &rf);
4507 rf |= 0x80;
4508 run_rt3070_rf_write(sc, 2, rf);
4509 run_delay(sc, 10);
4510 rf &= 0x7f;
4511 run_rt3070_rf_write(sc, 2, rf);
4512 }
4513
4514 run_adjust_freq_offset(sc);
4515
4516 if (sc->mac_ver == 0x5392) {
4517 /* Fix for RT5392C. */
4518 if (sc->mac_rev >= 0x0223) {
4519 if (chan <= 4)
4520 rf = 0x0f;
4521 else if (chan >= 5 && chan <= 7)
4522 rf = 0x0e;
4523 else
4524 rf = 0x0d;
4525 run_rt3070_rf_write(sc, 23, rf);
4526
4527 if (chan <= 4)
4528 rf = 0x0c;
4529 else if (chan == 5)
4530 rf = 0x0b;
4531 else if (chan >= 6 && chan <= 7)
4532 rf = 0x0a;
4533 else if (chan >= 8 && chan <= 10)
4534 rf = 0x09;
4535 else
4536 rf = 0x08;
4537 run_rt3070_rf_write(sc, 59, rf);
4538 } else {
4539 if (chan <= 11)
4540 rf = 0x0f;
4541 else
4542 rf = 0x0b;
4543 run_rt3070_rf_write(sc, 59, rf);
4544 }
4545 } else {
4546 /* Fix for RT5390F. */
4547 if (sc->mac_rev >= 0x0502) {
4548 if (chan <= 11)
4549 rf = 0x43;
4550 else
4551 rf = 0x23;
4552 run_rt3070_rf_write(sc, 55, rf);
4553
4554 if (chan <= 11)
4555 rf = 0x0f;
4556 else if (chan == 12)
4557 rf = 0x0d;
4558 else
4559 rf = 0x0b;
4560 run_rt3070_rf_write(sc, 59, rf);
4561 } else {
4562 run_rt3070_rf_write(sc, 55, 0x44);
4563 run_rt3070_rf_write(sc, 59, 0x8f);
4564 }
4565 }
4566
4567 /* Enable VCO calibration. */
4568 run_rt3070_rf_read(sc, 3, &rf);
4569 rf |= RT5390_VCOCAL;
4570 run_rt3070_rf_write(sc, 3, rf);
4571}
4572
4573static void
4574run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4575{
4576 const struct rt5592_freqs *freqs;
4577 uint32_t tmp;
4578 uint8_t reg, rf, txpow_bound;
4579 int8_t txpow1, txpow2;
4580 int i;
4581
4582 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4583 freqs = (tmp & RT5592_SEL_XTAL) ?
4584 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4585
4586 /* find the settings for this channel (we know it exists) */
4587 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4588
4589 /* use Tx power values from EEPROM */
4590 txpow1 = sc->txpow1[i];
4591 txpow2 = sc->txpow2[i];
4592
4593 run_read(sc, RT3070_LDO_CFG0, &tmp);
4594 tmp &= ~0x1c000000;
4595 if (chan > 14)
4596 tmp |= 0x14000000;
4597 run_write(sc, RT3070_LDO_CFG0, tmp);
4598
4599 /* N setting. */
4600 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4601 run_rt3070_rf_read(sc, 9, &rf);
4602 rf &= ~(1 << 4);
4603 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4604 run_rt3070_rf_write(sc, 9, rf);
4605
4606 /* K setting. */
4607 run_rt3070_rf_read(sc, 9, &rf);
4608 rf &= ~0x0f;
4609 rf |= (freqs->k & 0x0f);
4610 run_rt3070_rf_write(sc, 9, rf);
4611
4612 /* Mode setting. */
4613 run_rt3070_rf_read(sc, 11, &rf);
4614 rf &= ~0x0c;
4615 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4616 run_rt3070_rf_write(sc, 11, rf);
4617 run_rt3070_rf_read(sc, 9, &rf);
4618 rf &= ~(1 << 7);
4619 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4620 run_rt3070_rf_write(sc, 9, rf);
4621
4622 /* R setting. */
4623 run_rt3070_rf_read(sc, 11, &rf);
4624 rf &= ~0x03;
4625 rf |= (freqs->r - 0x1);
4626 run_rt3070_rf_write(sc, 11, rf);
4627
4628 if (chan <= 14) {
4629 /* Initialize RF registers for 2GHZ. */
4630 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4631 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4632 rt5592_2ghz_def_rf[i].val);
4633 }
4634
4635 rf = (chan <= 10) ? 0x07 : 0x06;
4636 run_rt3070_rf_write(sc, 23, rf);
4637 run_rt3070_rf_write(sc, 59, rf);
4638
4639 run_rt3070_rf_write(sc, 55, 0x43);
4640
4641 /*
4642 * RF R49/R50 Tx power ALC code.
4643 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4644 */
4645 reg = 2;
4646 txpow_bound = 0x27;
4647 } else {
4648 /* Initialize RF registers for 5GHZ. */
4649 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4650 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4651 rt5592_5ghz_def_rf[i].val);
4652 }
4653 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4654 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4655 chan <= rt5592_chan_5ghz[i].lastchan) {
4656 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4657 rt5592_chan_5ghz[i].val);
4658 }
4659 }
4660
4661 /*
4662 * RF R49/R50 Tx power ALC code.
4663 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4664 */
4665 reg = 3;
4666 txpow_bound = 0x2b;
4667 }
4668
4669 /* RF R49 ch0 Tx power ALC code. */
4670 run_rt3070_rf_read(sc, 49, &rf);
4671 rf &= ~0xc0;
4672 rf |= (reg << 6);
4673 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4674 if ((rf & 0x3f) > txpow_bound)
4675 rf = (rf & ~0x3f) | txpow_bound;
4676 run_rt3070_rf_write(sc, 49, rf);
4677
4678 /* RF R50 ch1 Tx power ALC code. */
4679 run_rt3070_rf_read(sc, 50, &rf);
4680 rf &= ~(1 << 7 | 1 << 6);
4681 rf |= (reg << 6);
4682 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4683 if ((rf & 0x3f) > txpow_bound)
4684 rf = (rf & ~0x3f) | txpow_bound;
4685 run_rt3070_rf_write(sc, 50, rf);
4686
4687 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4688 run_rt3070_rf_read(sc, 1, &rf);
4689 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4690 if (sc->ntxchains > 1)
4691 rf |= RT3070_TX1_PD;
4692 if (sc->nrxchains > 1)
4693 rf |= RT3070_RX1_PD;
4694 run_rt3070_rf_write(sc, 1, rf);
4695
4696 run_rt3070_rf_write(sc, 6, 0xe4);
4697
4698 run_rt3070_rf_write(sc, 30, 0x10);
4699 run_rt3070_rf_write(sc, 31, 0x80);
4700 run_rt3070_rf_write(sc, 32, 0x80);
4701
4702 run_adjust_freq_offset(sc);
4703
4704 /* Enable VCO calibration. */
4705 run_rt3070_rf_read(sc, 3, &rf);
4706 rf |= RT5390_VCOCAL;
4707 run_rt3070_rf_write(sc, 3, rf);
4708}
4709
4710static void
4711run_set_rx_antenna(struct run_softc *sc, int aux)
4712{
4713 uint32_t tmp;
4714 uint8_t bbp152;
4715
4716 if (aux) {
4717 if (sc->rf_rev == RT5390_RF_5370) {
4718 run_bbp_read(sc, 152, &bbp152);
4719 run_bbp_write(sc, 152, bbp152 & ~0x80);
4720 } else {
4721 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4722 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4723 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4724 }
4725 } else {
4726 if (sc->rf_rev == RT5390_RF_5370) {
4727 run_bbp_read(sc, 152, &bbp152);
4728 run_bbp_write(sc, 152, bbp152 | 0x80);
4729 } else {
4730 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4731 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4732 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4733 }
4734 }
4735}
4736
4737static int
4738run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4739{
4740 struct ieee80211com *ic = &sc->sc_ic;
4741 u_int chan, group;
4742
4743 chan = ieee80211_chan2ieee(ic, c);
4744 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4745 return (EINVAL);
4746
4747 if (sc->mac_ver == 0x5592)
4748 run_rt5592_set_chan(sc, chan);
4749 else if (sc->mac_ver >= 0x5390)
4750 run_rt5390_set_chan(sc, chan);
4751 else if (sc->mac_ver == 0x3593)
4752 run_rt3593_set_chan(sc, chan);
4753 else if (sc->mac_ver == 0x3572)
4754 run_rt3572_set_chan(sc, chan);
4755 else if (sc->mac_ver >= 0x3070)
4756 run_rt3070_set_chan(sc, chan);
4757 else
4758 run_rt2870_set_chan(sc, chan);
4759
4760 /* determine channel group */
4761 if (chan <= 14)
4762 group = 0;
4763 else if (chan <= 64)
4764 group = 1;
4765 else if (chan <= 128)
4766 group = 2;
4767 else
4768 group = 3;
4769
4770 /* XXX necessary only when group has changed! */
4771 run_select_chan_group(sc, group);
4772
4773 run_delay(sc, 10);
4774
4775 /* Perform IQ calibration. */
4776 if (sc->mac_ver >= 0x5392)
4777 run_iq_calib(sc, chan);
4778
4779 return (0);
4780}
4781
4782static void
4783run_set_channel(struct ieee80211com *ic)
4784{
4785 struct run_softc *sc = ic->ic_softc;
4786
4787 RUN_LOCK(sc);
4788 run_set_chan(sc, ic->ic_curchan);
4789 RUN_UNLOCK(sc);
4790
4791 return;
4792}
4793
4794static void
4795run_getradiocaps(struct ieee80211com *ic,
4796 int maxchans, int *nchans, struct ieee80211_channel chans[])
4797{
4798 struct run_softc *sc = ic->ic_softc;
4799 uint8_t bands[IEEE80211_MODE_BYTES];
4800
4801 memset(bands, 0, sizeof(bands));
4802 setbit(bands, IEEE80211_MODE_11B);
4803 setbit(bands, IEEE80211_MODE_11G);
4804 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0);
4805
4806 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
4807 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
4808 sc->rf_rev == RT5592_RF_5592) {
4809 setbit(bands, IEEE80211_MODE_11A);
4810 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
4811 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0);
4812 }
4813}
4814
4815static void
4816run_scan_start(struct ieee80211com *ic)
4817{
4818 struct run_softc *sc = ic->ic_softc;
4819 uint32_t tmp;
4820
4821 RUN_LOCK(sc);
4822
4823 /* abort TSF synchronization */
4824 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4825 run_write(sc, RT2860_BCN_TIME_CFG,
4826 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4827 RT2860_TBTT_TIMER_EN));
4828 run_set_bssid(sc, ieee80211broadcastaddr);
4829
4830 RUN_UNLOCK(sc);
4831
4832 return;
4833}
4834
4835static void
4836run_scan_end(struct ieee80211com *ic)
4837{
4838 struct run_softc *sc = ic->ic_softc;
4839
4840 RUN_LOCK(sc);
4841
4842 run_enable_tsf_sync(sc);
4843 run_set_bssid(sc, sc->sc_bssid);
4844
4845 RUN_UNLOCK(sc);
4846
4847 return;
4848}
4849
4850/*
4851 * Could be called from ieee80211_node_timeout()
4852 * (non-sleepable thread)
4853 */
4854static void
4855run_update_beacon(struct ieee80211vap *vap, int item)
4856{
4857 struct ieee80211com *ic = vap->iv_ic;
4858 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4859 struct ieee80211_node *ni = vap->iv_bss;
4860 struct run_softc *sc = ic->ic_softc;
4861 struct run_vap *rvp = RUN_VAP(vap);
4862 int mcast = 0;
4863 uint32_t i;
4864
4865 switch (item) {
4866 case IEEE80211_BEACON_ERP:
4867 run_updateslot(ic);
4868 break;
4869 case IEEE80211_BEACON_HTINFO:
4870 run_updateprot(ic);
4871 break;
4872 case IEEE80211_BEACON_TIM:
4873 mcast = 1; /*TODO*/
4874 break;
4875 default:
4876 break;
4877 }
4878
4879 setbit(bo->bo_flags, item);
4880 if (rvp->beacon_mbuf == NULL) {
4881 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4882 if (rvp->beacon_mbuf == NULL)
4883 return;
4884 }
4885 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
4886
4887 i = RUN_CMDQ_GET(&sc->cmdq_store);
4888 DPRINTF("cmdq_store=%d\n", i);
4889 sc->cmdq[i].func = run_update_beacon_cb;
4890 sc->cmdq[i].arg0 = vap;
4891 ieee80211_runtask(ic, &sc->cmdq_task);
4892
4893 return;
4894}
4895
4896static void
4897run_update_beacon_cb(void *arg)
4898{
4899 struct ieee80211vap *vap = arg;
4900 struct ieee80211_node *ni = vap->iv_bss;
4901 struct run_vap *rvp = RUN_VAP(vap);
4902 struct ieee80211com *ic = vap->iv_ic;
4903 struct run_softc *sc = ic->ic_softc;
4904 struct rt2860_txwi txwi;
4905 struct mbuf *m;
4906 uint16_t txwisize;
4907 uint8_t ridx;
4908
4909 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
4910 return;
4911 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4912 return;
4913
4914 /*
4915 * No need to call ieee80211_beacon_update(), run_update_beacon()
4916 * is taking care of appropriate calls.
4917 */
4918 if (rvp->beacon_mbuf == NULL) {
4919 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4920 if (rvp->beacon_mbuf == NULL)
4921 return;
4922 }
4923 m = rvp->beacon_mbuf;
4924
4925 memset(&txwi, 0, sizeof(txwi));
4926 txwi.wcid = 0xff;
4927 txwi.len = htole16(m->m_pkthdr.len);
4928
4929 /* send beacons at the lowest available rate */
4930 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4931 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4932 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4933 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4934 txwi.phy |= htole16(RT2860_PHY_OFDM);
4935 txwi.txop = RT2860_TX_TXOP_HT;
4936 txwi.flags = RT2860_TX_TS;
4937 txwi.xflags = RT2860_TX_NSEQ;
4938
4939 txwisize = (sc->mac_ver == 0x5592) ?
4940 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4941 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4942 txwisize);
4943 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4944 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4945}
4946
4947static void
4948run_updateprot(struct ieee80211com *ic)
4949{
4950 struct run_softc *sc = ic->ic_softc;
4951 uint32_t i;
4952
4953 i = RUN_CMDQ_GET(&sc->cmdq_store);
4954 DPRINTF("cmdq_store=%d\n", i);
4955 sc->cmdq[i].func = run_updateprot_cb;
4956 sc->cmdq[i].arg0 = ic;
4957 ieee80211_runtask(ic, &sc->cmdq_task);
4958}
4959
4960static void
4961run_updateprot_cb(void *arg)
4962{
4963 struct ieee80211com *ic = arg;
4964 struct run_softc *sc = ic->ic_softc;
4965 uint32_t tmp;
4966
4967 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
4968 /* setup protection frame rate (MCS code) */
4969 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
4970 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
4971 rt2860_rates[RT2860_RIDX_CCK11].mcs;
4972
4973 /* CCK frames don't require protection */
4974 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
4975 if (ic->ic_flags & IEEE80211_F_USEPROT) {
4976 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
4977 tmp |= RT2860_PROT_CTRL_RTS_CTS;
4978 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
4979 tmp |= RT2860_PROT_CTRL_CTS;
4980 }
4981 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
4982}
4983
4984static void
4985run_usb_timeout_cb(void *arg)
4986{
4987 struct ieee80211vap *vap = arg;
4988 struct run_softc *sc = vap->iv_ic->ic_softc;
4989
4990 RUN_LOCK_ASSERT(sc, MA_OWNED);
4991
4992 if(vap->iv_state == IEEE80211_S_RUN &&
4993 vap->iv_opmode != IEEE80211_M_STA)
4994 run_reset_livelock(sc);
4995 else if (vap->iv_state == IEEE80211_S_SCAN) {
4996 DPRINTF("timeout caused by scan\n");
4997 /* cancel bgscan */
4998 ieee80211_cancel_scan(vap);
4999 } else
5000 DPRINTF("timeout by unknown cause\n");
5001}
5002
5003static void
5004run_reset_livelock(struct run_softc *sc)
5005{
5006 uint32_t tmp;
5007
5008 RUN_LOCK_ASSERT(sc, MA_OWNED);
5009
5010 /*
5011 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5012 * can run into a livelock and start sending CTS-to-self frames like
5013 * crazy if protection is enabled. Reset MAC/BBP for a while
5014 */
5015 run_read(sc, RT2860_DEBUG, &tmp);
5016 DPRINTFN(3, "debug reg %08x\n", tmp);
5017 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5018 DPRINTF("CTS-to-self livelock detected\n");
5019 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5020 run_delay(sc, 1);
5021 run_write(sc, RT2860_MAC_SYS_CTRL,
5022 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5023 }
5024}
5025
5026static void
5027run_update_promisc_locked(struct run_softc *sc)
5028{
5029 uint32_t tmp;
5030
5031 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5032
5033 tmp |= RT2860_DROP_UC_NOME;
5034 if (sc->sc_ic.ic_promisc > 0)
5035 tmp &= ~RT2860_DROP_UC_NOME;
5036
5037 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5038
5039 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ?
5040 "entering" : "leaving");
5041}
5042
5043static void
5044run_update_promisc(struct ieee80211com *ic)
5045{
5046 struct run_softc *sc = ic->ic_softc;
5047
5048 if ((sc->sc_flags & RUN_RUNNING) == 0)
5049 return;
5050
5051 RUN_LOCK(sc);
5052 run_update_promisc_locked(sc);
5053 RUN_UNLOCK(sc);
5054}
5055
5056static void
5057run_enable_tsf_sync(struct run_softc *sc)
5058{
5059 struct ieee80211com *ic = &sc->sc_ic;
5060 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5061 uint32_t tmp;
5062
5063 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5064 ic->ic_opmode);
5065
5066 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5067 tmp &= ~0x1fffff;
5068 tmp |= vap->iv_bss->ni_intval * 16;
5069 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5070
5071 if (ic->ic_opmode == IEEE80211_M_STA) {
5072 /*
5073 * Local TSF is always updated with remote TSF on beacon
5074 * reception.
5075 */
5076 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5077 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5078 tmp |= RT2860_BCN_TX_EN;
5079 /*
5080 * Local TSF is updated with remote TSF on beacon reception
5081 * only if the remote TSF is greater than local TSF.
5082 */
5083 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5084 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5085 ic->ic_opmode == IEEE80211_M_MBSS) {
5086 tmp |= RT2860_BCN_TX_EN;
5087 /* SYNC with nobody */
5088 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5089 } else {
5090 DPRINTF("Enabling TSF failed. undefined opmode\n");
5091 return;
5092 }
5093
5094 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5095}
5096
5097static void
5098run_enable_tsf(struct run_softc *sc)
5099{
5100 uint32_t tmp;
5101
5102 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5103 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5104 tmp |= RT2860_TSF_TIMER_EN;
5105 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5106 }
5107}
5108
5109static void
5110run_get_tsf(struct run_softc *sc, uint64_t *buf)
5111{
5112 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5113 sizeof(*buf));
5114}
5115
5116static void
5117run_enable_mrr(struct run_softc *sc)
5118{
5119#define CCK(mcs) (mcs)
5120#define OFDM(mcs) (1 << 3 | (mcs))
5121 run_write(sc, RT2860_LG_FBK_CFG0,
5122 OFDM(6) << 28 | /* 54->48 */
5123 OFDM(5) << 24 | /* 48->36 */
5124 OFDM(4) << 20 | /* 36->24 */
5125 OFDM(3) << 16 | /* 24->18 */
5126 OFDM(2) << 12 | /* 18->12 */
5127 OFDM(1) << 8 | /* 12-> 9 */
5128 OFDM(0) << 4 | /* 9-> 6 */
5129 OFDM(0)); /* 6-> 6 */
5130
5131 run_write(sc, RT2860_LG_FBK_CFG1,
5132 CCK(2) << 12 | /* 11->5.5 */
5133 CCK(1) << 8 | /* 5.5-> 2 */
5134 CCK(0) << 4 | /* 2-> 1 */
5135 CCK(0)); /* 1-> 1 */
5136#undef OFDM
5137#undef CCK
5138}
5139
5140static void
5141run_set_txpreamble(struct run_softc *sc)
5142{
5143 struct ieee80211com *ic = &sc->sc_ic;
5144 uint32_t tmp;
5145
5146 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5147 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5148 tmp |= RT2860_CCK_SHORT_EN;
5149 else
5150 tmp &= ~RT2860_CCK_SHORT_EN;
5151 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5152}
5153
5154static void
5155run_set_basicrates(struct run_softc *sc)
5156{
5157 struct ieee80211com *ic = &sc->sc_ic;
5158
5159 /* set basic rates mask */
5160 if (ic->ic_curmode == IEEE80211_MODE_11B)
5161 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5162 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5163 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5164 else /* 11g */
5165 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5166}
5167
5168static void
5169run_set_leds(struct run_softc *sc, uint16_t which)
5170{
5171 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5172 which | (sc->leds & 0x7f));
5173}
5174
5175static void
5176run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5177{
5178 run_write(sc, RT2860_MAC_BSSID_DW0,
5179 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5180 run_write(sc, RT2860_MAC_BSSID_DW1,
5181 bssid[4] | bssid[5] << 8);
5182}
5183
5184static void
5185run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5186{
5187 run_write(sc, RT2860_MAC_ADDR_DW0,
5188 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5189 run_write(sc, RT2860_MAC_ADDR_DW1,
5190 addr[4] | addr[5] << 8 | 0xff << 16);
5191}
5192
5193static void
5194run_updateslot(struct ieee80211com *ic)
5195{
5196 struct run_softc *sc = ic->ic_softc;
5197 uint32_t i;
5198
5199 i = RUN_CMDQ_GET(&sc->cmdq_store);
5200 DPRINTF("cmdq_store=%d\n", i);
5201 sc->cmdq[i].func = run_updateslot_cb;
5202 sc->cmdq[i].arg0 = ic;
5203 ieee80211_runtask(ic, &sc->cmdq_task);
5204
5205 return;
5206}
5207
5208/* ARGSUSED */
5209static void
5210run_updateslot_cb(void *arg)
5211{
5212 struct ieee80211com *ic = arg;
5213 struct run_softc *sc = ic->ic_softc;
5214 uint32_t tmp;
5215
5216 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5217 tmp &= ~0xff;
5218 tmp |= IEEE80211_GET_SLOTTIME(ic);
5219 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5220}
5221
5222static void
5223run_update_mcast(struct ieee80211com *ic)
5224{
5225}
5226
5227static int8_t
5228run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5229{
5230 struct ieee80211com *ic = &sc->sc_ic;
5231 struct ieee80211_channel *c = ic->ic_curchan;
5232 int delta;
5233
5234 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5235 u_int chan = ieee80211_chan2ieee(ic, c);
5236 delta = sc->rssi_5ghz[rxchain];
5237
5238 /* determine channel group */
5239 if (chan <= 64)
5240 delta -= sc->lna[1];
5241 else if (chan <= 128)
5242 delta -= sc->lna[2];
5243 else
5244 delta -= sc->lna[3];
5245 } else
5246 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5247
5248 return (-12 - delta - rssi);
5249}
5250
5251static void
5252run_rt5390_bbp_init(struct run_softc *sc)
5253{
5254 u_int i;
5255 uint8_t bbp;
5256
5257 /* Apply maximum likelihood detection for 2 stream case. */
5258 run_bbp_read(sc, 105, &bbp);
5259 if (sc->nrxchains > 1)
5260 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5261
5262 /* Avoid data lost and CRC error. */
5263 run_bbp_read(sc, 4, &bbp);
5264 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5265
5266 if (sc->mac_ver == 0x5592) {
5267 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5268 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5269 rt5592_def_bbp[i].val);
5270 }
5271 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5272 run_bbp_write(sc, 195, i + 0x80);
5273 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5274 }
5275 } else {
5276 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5277 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5278 rt5390_def_bbp[i].val);
5279 }
5280 }
5281 if (sc->mac_ver == 0x5392) {
5282 run_bbp_write(sc, 88, 0x90);
5283 run_bbp_write(sc, 95, 0x9a);
5284 run_bbp_write(sc, 98, 0x12);
5285 run_bbp_write(sc, 106, 0x12);
5286 run_bbp_write(sc, 134, 0xd0);
5287 run_bbp_write(sc, 135, 0xf6);
5288 run_bbp_write(sc, 148, 0x84);
5289 }
5290
5291 run_bbp_read(sc, 152, &bbp);
5292 run_bbp_write(sc, 152, bbp | 0x80);
5293
5294 /* Fix BBP254 for RT5592C. */
5295 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5296 run_bbp_read(sc, 254, &bbp);
5297 run_bbp_write(sc, 254, bbp | 0x80);
5298 }
5299
5300 /* Disable hardware antenna diversity. */
5301 if (sc->mac_ver == 0x5390)
5302 run_bbp_write(sc, 154, 0);
5303
5304 /* Initialize Rx CCK/OFDM frequency offset report. */
5305 run_bbp_write(sc, 142, 1);
5306 run_bbp_write(sc, 143, 57);
5307}
5308
5309static int
5310run_bbp_init(struct run_softc *sc)
5311{
5312 int i, error, ntries;
5313 uint8_t bbp0;
5314
5315 /* wait for BBP to wake up */
5316 for (ntries = 0; ntries < 20; ntries++) {
5317 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5318 return error;
5319 if (bbp0 != 0 && bbp0 != 0xff)
5320 break;
5321 }
5322 if (ntries == 20)
5323 return (ETIMEDOUT);
5324
5325 /* initialize BBP registers to default values */
5326 if (sc->mac_ver >= 0x5390)
5327 run_rt5390_bbp_init(sc);
5328 else {
5329 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5330 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5331 rt2860_def_bbp[i].val);
5332 }
5333 }
5334
5335 if (sc->mac_ver == 0x3593) {
5336 run_bbp_write(sc, 79, 0x13);
5337 run_bbp_write(sc, 80, 0x05);
5338 run_bbp_write(sc, 81, 0x33);
5339 run_bbp_write(sc, 86, 0x46);
5340 run_bbp_write(sc, 137, 0x0f);
5341 }
5342
5343 /* fix BBP84 for RT2860E */
5344 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5345 run_bbp_write(sc, 84, 0x19);
5346
5347 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5348 sc->mac_ver != 0x5592)) {
5349 run_bbp_write(sc, 79, 0x13);
5350 run_bbp_write(sc, 80, 0x05);
5351 run_bbp_write(sc, 81, 0x33);
5352 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5353 run_bbp_write(sc, 69, 0x16);
5354 run_bbp_write(sc, 73, 0x12);
5355 }
5356 return (0);
5357}
5358
5359static int
5360run_rt3070_rf_init(struct run_softc *sc)
5361{
5362 uint32_t tmp;
5363 uint8_t bbp4, mingain, rf, target;
5364 u_int i;
5365
5366 run_rt3070_rf_read(sc, 30, &rf);
5367 /* toggle RF R30 bit 7 */
5368 run_rt3070_rf_write(sc, 30, rf | 0x80);
5369 run_delay(sc, 10);
5370 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5371
5372 /* initialize RF registers to default value */
5373 if (sc->mac_ver == 0x3572) {
5374 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5375 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5376 rt3572_def_rf[i].val);
5377 }
5378 } else {
5379 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5380 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5381 rt3070_def_rf[i].val);
5382 }
5383 }
5384
5385 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5386 /*
5387 * Change voltage from 1.2V to 1.35V for RT3070.
5388 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5389 * in RT3070(F).
5390 */
5391 run_read(sc, RT3070_LDO_CFG0, &tmp);
5392 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5393 run_write(sc, RT3070_LDO_CFG0, tmp);
5394
5395 } else if (sc->mac_ver == 0x3071) {
5396 run_rt3070_rf_read(sc, 6, &rf);
5397 run_rt3070_rf_write(sc, 6, rf | 0x40);
5398 run_rt3070_rf_write(sc, 31, 0x14);
5399
5400 run_read(sc, RT3070_LDO_CFG0, &tmp);
5401 tmp &= ~0x1f000000;
5402 if (sc->mac_rev < 0x0211)
5403 tmp |= 0x0d000000; /* 1.3V */
5404 else
5405 tmp |= 0x01000000; /* 1.2V */
5406 run_write(sc, RT3070_LDO_CFG0, tmp);
5407
5408 /* patch LNA_PE_G1 */
5409 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5410 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5411
5412 } else if (sc->mac_ver == 0x3572) {
5413 run_rt3070_rf_read(sc, 6, &rf);
5414 run_rt3070_rf_write(sc, 6, rf | 0x40);
5415
5416 /* increase voltage from 1.2V to 1.35V */
5417 run_read(sc, RT3070_LDO_CFG0, &tmp);
5418 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5419 run_write(sc, RT3070_LDO_CFG0, tmp);
5420
5421 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5422 run_delay(sc, 1); /* wait for 1msec */
5423 /* decrease voltage back to 1.2V */
5424 tmp = (tmp & ~0x1f000000) | 0x01000000;
5425 run_write(sc, RT3070_LDO_CFG0, tmp);
5426 }
5427 }
5428
5429 /* select 20MHz bandwidth */
5430 run_rt3070_rf_read(sc, 31, &rf);
5431 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5432
5433 /* calibrate filter for 20MHz bandwidth */
5434 sc->rf24_20mhz = 0x1f; /* default value */
5435 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5436 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5437
5438 /* select 40MHz bandwidth */
5439 run_bbp_read(sc, 4, &bbp4);
5440 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5441 run_rt3070_rf_read(sc, 31, &rf);
5442 run_rt3070_rf_write(sc, 31, rf | 0x20);
5443
5444 /* calibrate filter for 40MHz bandwidth */
5445 sc->rf24_40mhz = 0x2f; /* default value */
5446 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5447 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5448
5449 /* go back to 20MHz bandwidth */
5450 run_bbp_read(sc, 4, &bbp4);
5451 run_bbp_write(sc, 4, bbp4 & ~0x18);
5452
5453 if (sc->mac_ver == 0x3572) {
5454 /* save default BBP registers 25 and 26 values */
5455 run_bbp_read(sc, 25, &sc->bbp25);
5456 run_bbp_read(sc, 26, &sc->bbp26);
5457 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5458 run_rt3070_rf_write(sc, 27, 0x03);
5459
5460 run_read(sc, RT3070_OPT_14, &tmp);
5461 run_write(sc, RT3070_OPT_14, tmp | 1);
5462
5463 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5464 run_rt3070_rf_read(sc, 17, &rf);
5465 rf &= ~RT3070_TX_LO1;
5466 if ((sc->mac_ver == 0x3070 ||
5467 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5468 !sc->ext_2ghz_lna)
5469 rf |= 0x20; /* fix for long range Rx issue */
5470 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5471 if (sc->txmixgain_2ghz >= mingain)
5472 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5473 run_rt3070_rf_write(sc, 17, rf);
5474 }
5475
5476 if (sc->mac_ver == 0x3071) {
5477 run_rt3070_rf_read(sc, 1, &rf);
5478 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5479 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5480 run_rt3070_rf_write(sc, 1, rf);
5481
5482 run_rt3070_rf_read(sc, 15, &rf);
5483 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5484
5485 run_rt3070_rf_read(sc, 20, &rf);
5486 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5487
5488 run_rt3070_rf_read(sc, 21, &rf);
5489 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5490 }
5491
5492 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5493 /* fix Tx to Rx IQ glitch by raising RF voltage */
5494 run_rt3070_rf_read(sc, 27, &rf);
5495 rf &= ~0x77;
5496 if (sc->mac_rev < 0x0211)
5497 rf |= 0x03;
5498 run_rt3070_rf_write(sc, 27, rf);
5499 }
5500 return (0);
5501}
5502
5503static void
5504run_rt3593_rf_init(struct run_softc *sc)
5505{
5506 uint32_t tmp;
5507 uint8_t rf;
5508 u_int i;
5509
5510 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5511 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5512 tmp &= ~(1 << 4 | 1 << 7);
5513 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5514
5515 /* Initialize RF registers to default value. */
5516 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5517 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5518 rt3593_def_rf[i].val);
5519 }
5520
5521 /* Toggle RF R2 to initiate calibration. */
5522 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5523
5524 /* Initialize RF frequency offset. */
5525 run_adjust_freq_offset(sc);
5526
5527 run_rt3070_rf_read(sc, 18, &rf);
5528 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5529
5530 /*
5531 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5532 * decrease voltage back to 1.2V.
5533 */
5534 run_read(sc, RT3070_LDO_CFG0, &tmp);
5535 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5536 run_write(sc, RT3070_LDO_CFG0, tmp);
5537 run_delay(sc, 1);
5538 tmp = (tmp & ~0x1f000000) | 0x01000000;
5539 run_write(sc, RT3070_LDO_CFG0, tmp);
5540
5541 sc->rf24_20mhz = 0x1f;
5542 sc->rf24_40mhz = 0x2f;
5543
5544 /* Save default BBP registers 25 and 26 values. */
5545 run_bbp_read(sc, 25, &sc->bbp25);
5546 run_bbp_read(sc, 26, &sc->bbp26);
5547
5548 run_read(sc, RT3070_OPT_14, &tmp);
5549 run_write(sc, RT3070_OPT_14, tmp | 1);
5550}
5551
5552static void
5553run_rt5390_rf_init(struct run_softc *sc)
5554{
5555 uint32_t tmp;
5556 uint8_t rf;
5557 u_int i;
5558
5559 /* Toggle RF R2 to initiate calibration. */
5560 if (sc->mac_ver == 0x5390) {
5561 run_rt3070_rf_read(sc, 2, &rf);
5562 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5563 run_delay(sc, 10);
5564 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5565 } else {
5566 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5567 run_delay(sc, 10);
5568 }
5569
5570 /* Initialize RF registers to default value. */
5571 if (sc->mac_ver == 0x5592) {
5572 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5573 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5574 rt5592_def_rf[i].val);
5575 }
5576 /* Initialize RF frequency offset. */
5577 run_adjust_freq_offset(sc);
5578 } else if (sc->mac_ver == 0x5392) {
5579 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5580 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5581 rt5392_def_rf[i].val);
5582 }
5583 if (sc->mac_rev >= 0x0223) {
5584 run_rt3070_rf_write(sc, 23, 0x0f);
5585 run_rt3070_rf_write(sc, 24, 0x3e);
5586 run_rt3070_rf_write(sc, 51, 0x32);
5587 run_rt3070_rf_write(sc, 53, 0x22);
5588 run_rt3070_rf_write(sc, 56, 0xc1);
5589 run_rt3070_rf_write(sc, 59, 0x0f);
5590 }
5591 } else {
5592 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5593 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5594 rt5390_def_rf[i].val);
5595 }
5596 if (sc->mac_rev >= 0x0502) {
5597 run_rt3070_rf_write(sc, 6, 0xe0);
5598 run_rt3070_rf_write(sc, 25, 0x80);
5599 run_rt3070_rf_write(sc, 46, 0x73);
5600 run_rt3070_rf_write(sc, 53, 0x00);
5601 run_rt3070_rf_write(sc, 56, 0x42);
5602 run_rt3070_rf_write(sc, 61, 0xd1);
5603 }
5604 }
5605
5606 sc->rf24_20mhz = 0x1f; /* default value */
5607 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5608
5609 if (sc->mac_rev < 0x0211)
5610 run_rt3070_rf_write(sc, 27, 0x3);
5611
5612 run_read(sc, RT3070_OPT_14, &tmp);
5613 run_write(sc, RT3070_OPT_14, tmp | 1);
5614}
5615
5616static int
5617run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5618 uint8_t *val)
5619{
5620 uint8_t rf22, rf24;
5621 uint8_t bbp55_pb, bbp55_sb, delta;
5622 int ntries;
5623
5624 /* program filter */
5625 run_rt3070_rf_read(sc, 24, &rf24);
5626 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5627 run_rt3070_rf_write(sc, 24, rf24);
5628
5629 /* enable baseband loopback mode */
5630 run_rt3070_rf_read(sc, 22, &rf22);
5631 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5632
5633 /* set power and frequency of passband test tone */
5634 run_bbp_write(sc, 24, 0x00);
5635 for (ntries = 0; ntries < 100; ntries++) {
5636 /* transmit test tone */
5637 run_bbp_write(sc, 25, 0x90);
5638 run_delay(sc, 10);
5639 /* read received power */
5640 run_bbp_read(sc, 55, &bbp55_pb);
5641 if (bbp55_pb != 0)
5642 break;
5643 }
5644 if (ntries == 100)
5645 return (ETIMEDOUT);
5646
5647 /* set power and frequency of stopband test tone */
5648 run_bbp_write(sc, 24, 0x06);
5649 for (ntries = 0; ntries < 100; ntries++) {
5650 /* transmit test tone */
5651 run_bbp_write(sc, 25, 0x90);
5652 run_delay(sc, 10);
5653 /* read received power */
5654 run_bbp_read(sc, 55, &bbp55_sb);
5655
5656 delta = bbp55_pb - bbp55_sb;
5657 if (delta > target)
5658 break;
5659
5660 /* reprogram filter */
5661 rf24++;
5662 run_rt3070_rf_write(sc, 24, rf24);
5663 }
5664 if (ntries < 100) {
5665 if (rf24 != init)
5666 rf24--; /* backtrack */
5667 *val = rf24;
5668 run_rt3070_rf_write(sc, 24, rf24);
5669 }
5670
5671 /* restore initial state */
5672 run_bbp_write(sc, 24, 0x00);
5673
5674 /* disable baseband loopback mode */
5675 run_rt3070_rf_read(sc, 22, &rf22);
5676 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5677
5678 return (0);
5679}
5680
5681static void
5682run_rt3070_rf_setup(struct run_softc *sc)
5683{
5684 uint8_t bbp, rf;
5685 int i;
5686
5687 if (sc->mac_ver == 0x3572) {
5688 /* enable DC filter */
5689 if (sc->mac_rev >= 0x0201)
5690 run_bbp_write(sc, 103, 0xc0);
5691
5692 run_bbp_read(sc, 138, &bbp);
5693 if (sc->ntxchains == 1)
5694 bbp |= 0x20; /* turn off DAC1 */
5695 if (sc->nrxchains == 1)
5696 bbp &= ~0x02; /* turn off ADC1 */
5697 run_bbp_write(sc, 138, bbp);
5698
5699 if (sc->mac_rev >= 0x0211) {
5700 /* improve power consumption */
5701 run_bbp_read(sc, 31, &bbp);
5702 run_bbp_write(sc, 31, bbp & ~0x03);
5703 }
5704
5705 run_rt3070_rf_read(sc, 16, &rf);
5706 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5707 run_rt3070_rf_write(sc, 16, rf);
5708
5709 } else if (sc->mac_ver == 0x3071) {
5710 if (sc->mac_rev >= 0x0211) {
5711 /* enable DC filter */
5712 run_bbp_write(sc, 103, 0xc0);
5713
5714 /* improve power consumption */
5715 run_bbp_read(sc, 31, &bbp);
5716 run_bbp_write(sc, 31, bbp & ~0x03);
5717 }
5718
5719 run_bbp_read(sc, 138, &bbp);
5720 if (sc->ntxchains == 1)
5721 bbp |= 0x20; /* turn off DAC1 */
5722 if (sc->nrxchains == 1)
5723 bbp &= ~0x02; /* turn off ADC1 */
5724 run_bbp_write(sc, 138, bbp);
5725
5726 run_write(sc, RT2860_TX_SW_CFG1, 0);
5727 if (sc->mac_rev < 0x0211) {
5728 run_write(sc, RT2860_TX_SW_CFG2,
5729 sc->patch_dac ? 0x2c : 0x0f);
5730 } else
5731 run_write(sc, RT2860_TX_SW_CFG2, 0);
5732
5733 } else if (sc->mac_ver == 0x3070) {
5734 if (sc->mac_rev >= 0x0201) {
5735 /* enable DC filter */
5736 run_bbp_write(sc, 103, 0xc0);
5737
5738 /* improve power consumption */
5739 run_bbp_read(sc, 31, &bbp);
5740 run_bbp_write(sc, 31, bbp & ~0x03);
5741 }
5742
5743 if (sc->mac_rev < 0x0201) {
5744 run_write(sc, RT2860_TX_SW_CFG1, 0);
5745 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5746 } else
5747 run_write(sc, RT2860_TX_SW_CFG2, 0);
5748 }
5749
5750 /* initialize RF registers from ROM for >=RT3071*/
5751 if (sc->mac_ver >= 0x3071) {
5752 for (i = 0; i < 10; i++) {
5753 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5754 continue;
5755 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5756 }
5757 }
5758}
5759
5760static void
5761run_rt3593_rf_setup(struct run_softc *sc)
5762{
5763 uint8_t bbp, rf;
5764
5765 if (sc->mac_rev >= 0x0211) {
5766 /* Enable DC filter. */
5767 run_bbp_write(sc, 103, 0xc0);
5768 }
5769 run_write(sc, RT2860_TX_SW_CFG1, 0);
5770 if (sc->mac_rev < 0x0211) {
5771 run_write(sc, RT2860_TX_SW_CFG2,
5772 sc->patch_dac ? 0x2c : 0x0f);
5773 } else
5774 run_write(sc, RT2860_TX_SW_CFG2, 0);
5775
5776 run_rt3070_rf_read(sc, 50, &rf);
5777 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5778
5779 run_rt3070_rf_read(sc, 51, &rf);
5780 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5781 ((sc->txmixgain_2ghz & 0x07) << 2);
5782 run_rt3070_rf_write(sc, 51, rf);
5783
5784 run_rt3070_rf_read(sc, 38, &rf);
5785 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5786
5787 run_rt3070_rf_read(sc, 39, &rf);
5788 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5789
5790 run_rt3070_rf_read(sc, 1, &rf);
5791 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5792
5793 run_rt3070_rf_read(sc, 30, &rf);
5794 rf = (rf & ~0x18) | 0x10;
5795 run_rt3070_rf_write(sc, 30, rf);
5796
5797 /* Apply maximum likelihood detection for 2 stream case. */
5798 run_bbp_read(sc, 105, &bbp);
5799 if (sc->nrxchains > 1)
5800 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5801
5802 /* Avoid data lost and CRC error. */
5803 run_bbp_read(sc, 4, &bbp);
5804 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5805
5806 run_bbp_write(sc, 92, 0x02);
5807 run_bbp_write(sc, 82, 0x82);
5808 run_bbp_write(sc, 106, 0x05);
5809 run_bbp_write(sc, 104, 0x92);
5810 run_bbp_write(sc, 88, 0x90);
5811 run_bbp_write(sc, 148, 0xc8);
5812 run_bbp_write(sc, 47, 0x48);
5813 run_bbp_write(sc, 120, 0x50);
5814
5815 run_bbp_write(sc, 163, 0x9d);
5816
5817 /* SNR mapping. */
5818 run_bbp_write(sc, 142, 0x06);
5819 run_bbp_write(sc, 143, 0xa0);
5820 run_bbp_write(sc, 142, 0x07);
5821 run_bbp_write(sc, 143, 0xa1);
5822 run_bbp_write(sc, 142, 0x08);
5823 run_bbp_write(sc, 143, 0xa2);
5824
5825 run_bbp_write(sc, 31, 0x08);
5826 run_bbp_write(sc, 68, 0x0b);
5827 run_bbp_write(sc, 105, 0x04);
5828}
5829
5830static void
5831run_rt5390_rf_setup(struct run_softc *sc)
5832{
5833 uint8_t bbp, rf;
5834
5835 if (sc->mac_rev >= 0x0211) {
5836 /* Enable DC filter. */
5837 run_bbp_write(sc, 103, 0xc0);
5838
5839 if (sc->mac_ver != 0x5592) {
5840 /* Improve power consumption. */
5841 run_bbp_read(sc, 31, &bbp);
5842 run_bbp_write(sc, 31, bbp & ~0x03);
5843 }
5844 }
5845
5846 run_bbp_read(sc, 138, &bbp);
5847 if (sc->ntxchains == 1)
5848 bbp |= 0x20; /* turn off DAC1 */
5849 if (sc->nrxchains == 1)
5850 bbp &= ~0x02; /* turn off ADC1 */
5851 run_bbp_write(sc, 138, bbp);
5852
5853 run_rt3070_rf_read(sc, 38, &rf);
5854 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5855
5856 run_rt3070_rf_read(sc, 39, &rf);
5857 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5858
5859 /* Avoid data lost and CRC error. */
5860 run_bbp_read(sc, 4, &bbp);
5861 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5862
5863 run_rt3070_rf_read(sc, 30, &rf);
5864 rf = (rf & ~0x18) | 0x10;
5865 run_rt3070_rf_write(sc, 30, rf);
5866
5867 if (sc->mac_ver != 0x5592) {
5868 run_write(sc, RT2860_TX_SW_CFG1, 0);
5869 if (sc->mac_rev < 0x0211) {
5870 run_write(sc, RT2860_TX_SW_CFG2,
5871 sc->patch_dac ? 0x2c : 0x0f);
5872 } else
5873 run_write(sc, RT2860_TX_SW_CFG2, 0);
5874 }
5875}
5876
5877static int
5878run_txrx_enable(struct run_softc *sc)
5879{
5880 struct ieee80211com *ic = &sc->sc_ic;
5881 uint32_t tmp;
5882 int error, ntries;
5883
5884 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5885 for (ntries = 0; ntries < 200; ntries++) {
5886 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5887 return (error);
5888 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5889 break;
5890 run_delay(sc, 50);
5891 }
5892 if (ntries == 200)
5893 return (ETIMEDOUT);
5894
5895 run_delay(sc, 50);
5896
5897 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5898 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5899
5900 /* enable Rx bulk aggregation (set timeout and limit) */
5901 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5902 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5903 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5904
5905 /* set Rx filter */
5906 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5907 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5908 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5909 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5910 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5911 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5912 if (ic->ic_opmode == IEEE80211_M_STA)
5913 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5914 }
5915 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5916
5917 run_write(sc, RT2860_MAC_SYS_CTRL,
5918 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5919
5920 return (0);
5921}
5922
5923static void
5924run_adjust_freq_offset(struct run_softc *sc)
5925{
5926 uint8_t rf, tmp;
5927
5928 run_rt3070_rf_read(sc, 17, &rf);
5929 tmp = rf;
5930 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5931 rf = MIN(rf, 0x5f);
5932
5933 if (tmp != rf)
5934 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5935}
5936
5937static void
5938run_init_locked(struct run_softc *sc)
5939{
5940 struct ieee80211com *ic = &sc->sc_ic;
5941 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5942 uint32_t tmp;
5943 uint8_t bbp1, bbp3;
5944 int i;
5945 int ridx;
5946 int ntries;
5947
5948 if (ic->ic_nrunning > 1)
5949 return;
5950
5951 run_stop(sc);
5952
5953 if (run_load_microcode(sc) != 0) {
5954 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
5955 goto fail;
5956 }
5957
5958 for (ntries = 0; ntries < 100; ntries++) {
5959 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
5960 goto fail;
5961 if (tmp != 0 && tmp != 0xffffffff)
5962 break;
5963 run_delay(sc, 10);
5964 }
5965 if (ntries == 100)
5966 goto fail;
5967
5968 for (i = 0; i != RUN_EP_QUEUES; i++)
5969 run_setup_tx_list(sc, &sc->sc_epq[i]);
5970
5971 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
5972
5973 for (ntries = 0; ntries < 100; ntries++) {
5974 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
5975 goto fail;
5976 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5977 break;
5978 run_delay(sc, 10);
5979 }
5980 if (ntries == 100) {
5981 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
5982 goto fail;
5983 }
5984 tmp &= 0xff0;
5985 tmp |= RT2860_TX_WB_DDONE;
5986 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5987
5988 /* turn off PME_OEN to solve high-current issue */
5989 run_read(sc, RT2860_SYS_CTRL, &tmp);
5990 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
5991
5992 run_write(sc, RT2860_MAC_SYS_CTRL,
5993 RT2860_BBP_HRST | RT2860_MAC_SRST);
5994 run_write(sc, RT2860_USB_DMA_CFG, 0);
5995
5996 if (run_reset(sc) != 0) {
5997 device_printf(sc->sc_dev, "could not reset chipset\n");
5998 goto fail;
5999 }
6000
6001 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6002
6003 /* init Tx power for all Tx rates (from EEPROM) */
6004 for (ridx = 0; ridx < 5; ridx++) {
6005 if (sc->txpow20mhz[ridx] == 0xffffffff)
6006 continue;
6007 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6008 }
6009
6010 for (i = 0; i < nitems(rt2870_def_mac); i++)
6011 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6012 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6013 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6014 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6015
6016 if (sc->mac_ver >= 0x5390) {
6017 run_write(sc, RT2860_TX_SW_CFG0,
6018 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6019 if (sc->mac_ver >= 0x5392) {
6020 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6021 if (sc->mac_ver == 0x5592) {
6022 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6023 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6024 } else {
6025 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6026 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6027 }
6028 }
6029 } else if (sc->mac_ver == 0x3593) {
6030 run_write(sc, RT2860_TX_SW_CFG0,
6031 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6032 } else if (sc->mac_ver >= 0x3070) {
6033 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6034 run_write(sc, RT2860_TX_SW_CFG0,
6035 4 << RT2860_DLY_PAPE_EN_SHIFT);
6036 }
6037
6038 /* wait while MAC is busy */
6039 for (ntries = 0; ntries < 100; ntries++) {
6040 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6041 goto fail;
6042 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6043 break;
6044 run_delay(sc, 10);
6045 }
6046 if (ntries == 100)
6047 goto fail;
6048
6049 /* clear Host to MCU mailbox */
6050 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6051 run_write(sc, RT2860_H2M_MAILBOX, 0);
6052 run_delay(sc, 10);
6053
6054 if (run_bbp_init(sc) != 0) {
6055 device_printf(sc->sc_dev, "could not initialize BBP\n");
6056 goto fail;
6057 }
6058
6059 /* abort TSF synchronization */
6060 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6061 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6062 RT2860_TBTT_TIMER_EN);
6063 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6064
6065 /* clear RX WCID search table */
6066 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6067 /* clear WCID attribute table */
6068 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6069
6070 /* hostapd sets a key before init. So, don't clear it. */
6071 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6072 /* clear shared key table */
6073 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6074 /* clear shared key mode */
6075 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6076 }
6077
6078 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6079 tmp = (tmp & ~0xff) | 0x1e;
6080 run_write(sc, RT2860_US_CYC_CNT, tmp);
6081
6082 if (sc->mac_rev != 0x0101)
6083 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6084
6085 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6086 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6087
6088 /* write vendor-specific BBP values (from EEPROM) */
6089 if (sc->mac_ver < 0x3593) {
6090 for (i = 0; i < 10; i++) {
6091 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6092 continue;
6093 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6094 }
6095 }
6096
6097 /* select Main antenna for 1T1R devices */
6098 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6099 run_set_rx_antenna(sc, 0);
6100
6101 /* send LEDs operating mode to microcontroller */
6102 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6103 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6104 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6105
6106 if (sc->mac_ver >= 0x5390)
6107 run_rt5390_rf_init(sc);
6108 else if (sc->mac_ver == 0x3593)
6109 run_rt3593_rf_init(sc);
6110 else if (sc->mac_ver >= 0x3070)
6111 run_rt3070_rf_init(sc);
6112
6113 /* disable non-existing Rx chains */
6114 run_bbp_read(sc, 3, &bbp3);
6115 bbp3 &= ~(1 << 3 | 1 << 4);
6116 if (sc->nrxchains == 2)
6117 bbp3 |= 1 << 3;
6118 else if (sc->nrxchains == 3)
6119 bbp3 |= 1 << 4;
6120 run_bbp_write(sc, 3, bbp3);
6121
6122 /* disable non-existing Tx chains */
6123 run_bbp_read(sc, 1, &bbp1);
6124 if (sc->ntxchains == 1)
6125 bbp1 &= ~(1 << 3 | 1 << 4);
6126 run_bbp_write(sc, 1, bbp1);
6127
6128 if (sc->mac_ver >= 0x5390)
6129 run_rt5390_rf_setup(sc);
6130 else if (sc->mac_ver == 0x3593)
6131 run_rt3593_rf_setup(sc);
6132 else if (sc->mac_ver >= 0x3070)
6133 run_rt3070_rf_setup(sc);
6134
6135 /* select default channel */
6136 run_set_chan(sc, ic->ic_curchan);
6137
6138 /* setup initial protection mode */
6139 run_updateprot_cb(ic);
6140
6141 /* turn radio LED on */
6142 run_set_leds(sc, RT2860_LED_RADIO);
6143
6144 sc->sc_flags |= RUN_RUNNING;
6145 sc->cmdq_run = RUN_CMDQ_GO;
6146
6147 for (i = 0; i != RUN_N_XFER; i++)
6148 usbd_xfer_set_stall(sc->sc_xfer[i]);
6149
6150 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6151
6152 if (run_txrx_enable(sc) != 0)
6153 goto fail;
6154
6155 return;
6156
6157fail:
6158 run_stop(sc);
6159}
6160
6161static void
6162run_stop(void *arg)
6163{
6164 struct run_softc *sc = (struct run_softc *)arg;
6165 uint32_t tmp;
6166 int i;
6167 int ntries;
6168
6169 RUN_LOCK_ASSERT(sc, MA_OWNED);
6170
6171 if (sc->sc_flags & RUN_RUNNING)
6172 run_set_leds(sc, 0); /* turn all LEDs off */
6173
6174 sc->sc_flags &= ~RUN_RUNNING;
6175
6176 sc->ratectl_run = RUN_RATECTL_OFF;
6177 sc->cmdq_run = sc->cmdq_key_set;
6178
6179 RUN_UNLOCK(sc);
6180
6181 for(i = 0; i < RUN_N_XFER; i++)
6182 usbd_transfer_drain(sc->sc_xfer[i]);
6183
6184 RUN_LOCK(sc);
6185
6186 run_drain_mbufq(sc);
6187
6188 if (sc->rx_m != NULL) {
6189 m_free(sc->rx_m);
6190 sc->rx_m = NULL;
6191 }
6192
6193 /* Disable Tx/Rx DMA. */
6194 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6195 return;
6196 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6197 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6198
6199 for (ntries = 0; ntries < 100; ntries++) {
6200 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6201 return;
6202 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6203 break;
6204 run_delay(sc, 10);
6205 }
6206 if (ntries == 100) {
6207 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6208 return;
6209 }
6210
6211 /* disable Tx/Rx */
6212 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6213 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6214 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6215
6216 /* wait for pending Tx to complete */
6217 for (ntries = 0; ntries < 100; ntries++) {
6218 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6219 DPRINTF("Cannot read Tx queue count\n");
6220 break;
6221 }
6222 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6223 DPRINTF("All Tx cleared\n");
6224 break;
6225 }
6226 run_delay(sc, 10);
6227 }
6228 if (ntries >= 100)
6229 DPRINTF("There are still pending Tx\n");
6230 run_delay(sc, 10);
6231 run_write(sc, RT2860_USB_DMA_CFG, 0);
6232
6233 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6234 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6235
6236 for (i = 0; i != RUN_EP_QUEUES; i++)
6237 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6238}
6239
6240static void
6241run_delay(struct run_softc *sc, u_int ms)
6242{
6243 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6244 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6245}
6246
6247static device_method_t run_methods[] = {
6248 /* Device interface */
6249 DEVMETHOD(device_probe, run_match),
6250 DEVMETHOD(device_attach, run_attach),
6251 DEVMETHOD(device_detach, run_detach),
6252 DEVMETHOD_END
6253};
6254
6255static driver_t run_driver = {
6256 .name = "run",
6257 .methods = run_methods,
6258 .size = sizeof(struct run_softc)
6259};
6260
6261static devclass_t run_devclass;
6262
6263DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6264MODULE_DEPEND(run, wlan, 1, 1, 1);
6265MODULE_DEPEND(run, usb, 1, 1, 1);
6266MODULE_DEPEND(run, firmware, 1, 1, 1);
6267MODULE_VERSION(run, 1);
6268USB_PNP_HOST_INFO(run_devs);