22
23/*-
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
26 */
27
28#include <sys/param.h>
29#include <sys/sockio.h>
30#include <sys/sysctl.h>
31#include <sys/lock.h>
32#include <sys/mutex.h>
33#include <sys/mbuf.h>
34#include <sys/kernel.h>
35#include <sys/socket.h>
36#include <sys/systm.h>
37#include <sys/malloc.h>
38#include <sys/module.h>
39#include <sys/bus.h>
40#include <sys/endian.h>
41#include <sys/linker.h>
42#include <sys/firmware.h>
43#include <sys/kdb.h>
44
45#include <machine/bus.h>
46#include <machine/resource.h>
47#include <sys/rman.h>
48
49#include <net/bpf.h>
50#include <net/if.h>
51#include <net/if_var.h>
52#include <net/if_arp.h>
53#include <net/ethernet.h>
54#include <net/if_dl.h>
55#include <net/if_media.h>
56#include <net/if_types.h>
57
58#include <netinet/in.h>
59#include <netinet/in_systm.h>
60#include <netinet/in_var.h>
61#include <netinet/if_ether.h>
62#include <netinet/ip.h>
63
64#include <net80211/ieee80211_var.h>
65#include <net80211/ieee80211_regdomain.h>
66#include <net80211/ieee80211_radiotap.h>
67#include <net80211/ieee80211_ratectl.h>
68
69#include <dev/usb/usb.h>
70#include <dev/usb/usbdi.h>
71#include "usbdevs.h"
72
73#define USB_DEBUG_VAR run_debug
74#include <dev/usb/usb_debug.h>
75#include <dev/usb/usb_msctest.h>
76
77#include <dev/usb/wlan/if_runreg.h>
78#include <dev/usb/wlan/if_runvar.h>
79
80#ifdef USB_DEBUG
81#define RUN_DEBUG
82#endif
83
84#ifdef RUN_DEBUG
85int run_debug = 0;
86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
88 "run debug level");
89#endif
90
91#define IEEE80211_HAS_ADDR4(wh) \
92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
93
94/*
95 * Because of LOR in run_key_delete(), use atomic instead.
96 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
97 */
98#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
99
100static const STRUCT_USB_HOST_ID run_devs[] = {
101#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
102#define RUN_DEV_EJECT(v,p) \
103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
104#define RUN_EJECT 1
105 RUN_DEV(ABOCOM, RT2770),
106 RUN_DEV(ABOCOM, RT2870),
107 RUN_DEV(ABOCOM, RT3070),
108 RUN_DEV(ABOCOM, RT3071),
109 RUN_DEV(ABOCOM, RT3072),
110 RUN_DEV(ABOCOM2, RT2870_1),
111 RUN_DEV(ACCTON, RT2770),
112 RUN_DEV(ACCTON, RT2870_1),
113 RUN_DEV(ACCTON, RT2870_2),
114 RUN_DEV(ACCTON, RT2870_3),
115 RUN_DEV(ACCTON, RT2870_4),
116 RUN_DEV(ACCTON, RT2870_5),
117 RUN_DEV(ACCTON, RT3070),
118 RUN_DEV(ACCTON, RT3070_1),
119 RUN_DEV(ACCTON, RT3070_2),
120 RUN_DEV(ACCTON, RT3070_3),
121 RUN_DEV(ACCTON, RT3070_4),
122 RUN_DEV(ACCTON, RT3070_5),
123 RUN_DEV(AIRTIES, RT3070),
124 RUN_DEV(ALLWIN, RT2070),
125 RUN_DEV(ALLWIN, RT2770),
126 RUN_DEV(ALLWIN, RT2870),
127 RUN_DEV(ALLWIN, RT3070),
128 RUN_DEV(ALLWIN, RT3071),
129 RUN_DEV(ALLWIN, RT3072),
130 RUN_DEV(ALLWIN, RT3572),
131 RUN_DEV(AMIGO, RT2870_1),
132 RUN_DEV(AMIGO, RT2870_2),
133 RUN_DEV(AMIT, CGWLUSB2GNR),
134 RUN_DEV(AMIT, RT2870_1),
135 RUN_DEV(AMIT2, RT2870),
136 RUN_DEV(ASUS, RT2870_1),
137 RUN_DEV(ASUS, RT2870_2),
138 RUN_DEV(ASUS, RT2870_3),
139 RUN_DEV(ASUS, RT2870_4),
140 RUN_DEV(ASUS, RT2870_5),
141 RUN_DEV(ASUS, USBN13),
142 RUN_DEV(ASUS, RT3070_1),
143 RUN_DEV(ASUS, USBN66),
144 RUN_DEV(ASUS, USB_N53),
145 RUN_DEV(ASUS2, USBN11),
146 RUN_DEV(AZUREWAVE, RT2870_1),
147 RUN_DEV(AZUREWAVE, RT2870_2),
148 RUN_DEV(AZUREWAVE, RT3070_1),
149 RUN_DEV(AZUREWAVE, RT3070_2),
150 RUN_DEV(AZUREWAVE, RT3070_3),
151 RUN_DEV(BELKIN, F9L1103),
152 RUN_DEV(BELKIN, F5D8053V3),
153 RUN_DEV(BELKIN, F5D8055),
154 RUN_DEV(BELKIN, F5D8055V2),
155 RUN_DEV(BELKIN, F6D4050V1),
156 RUN_DEV(BELKIN, F6D4050V2),
157 RUN_DEV(BELKIN, RT2870_1),
158 RUN_DEV(BELKIN, RT2870_2),
159 RUN_DEV(CISCOLINKSYS, AE1000),
160 RUN_DEV(CISCOLINKSYS2, RT3070),
161 RUN_DEV(CISCOLINKSYS3, RT3070),
162 RUN_DEV(CONCEPTRONIC2, RT2870_1),
163 RUN_DEV(CONCEPTRONIC2, RT2870_2),
164 RUN_DEV(CONCEPTRONIC2, RT2870_3),
165 RUN_DEV(CONCEPTRONIC2, RT2870_4),
166 RUN_DEV(CONCEPTRONIC2, RT2870_5),
167 RUN_DEV(CONCEPTRONIC2, RT2870_6),
168 RUN_DEV(CONCEPTRONIC2, RT2870_7),
169 RUN_DEV(CONCEPTRONIC2, RT2870_8),
170 RUN_DEV(CONCEPTRONIC2, RT3070_1),
171 RUN_DEV(CONCEPTRONIC2, RT3070_2),
172 RUN_DEV(CONCEPTRONIC2, VIGORN61),
173 RUN_DEV(COREGA, CGWLUSB300GNM),
174 RUN_DEV(COREGA, RT2870_1),
175 RUN_DEV(COREGA, RT2870_2),
176 RUN_DEV(COREGA, RT2870_3),
177 RUN_DEV(COREGA, RT3070),
178 RUN_DEV(CYBERTAN, RT2870),
179 RUN_DEV(DLINK, RT2870),
180 RUN_DEV(DLINK, RT3072),
181 RUN_DEV(DLINK, DWA127),
182 RUN_DEV(DLINK, DWA140B3),
183 RUN_DEV(DLINK, DWA160B2),
184 RUN_DEV(DLINK, DWA140D1),
185 RUN_DEV(DLINK, DWA162),
186 RUN_DEV(DLINK2, DWA130),
187 RUN_DEV(DLINK2, RT2870_1),
188 RUN_DEV(DLINK2, RT2870_2),
189 RUN_DEV(DLINK2, RT3070_1),
190 RUN_DEV(DLINK2, RT3070_2),
191 RUN_DEV(DLINK2, RT3070_3),
192 RUN_DEV(DLINK2, RT3070_4),
193 RUN_DEV(DLINK2, RT3070_5),
194 RUN_DEV(DLINK2, RT3072),
195 RUN_DEV(DLINK2, RT3072_1),
196 RUN_DEV(EDIMAX, EW7717),
197 RUN_DEV(EDIMAX, EW7718),
198 RUN_DEV(EDIMAX, EW7733UND),
199 RUN_DEV(EDIMAX, RT2870_1),
200 RUN_DEV(ENCORE, RT3070_1),
201 RUN_DEV(ENCORE, RT3070_2),
202 RUN_DEV(ENCORE, RT3070_3),
203 RUN_DEV(GIGABYTE, GNWB31N),
204 RUN_DEV(GIGABYTE, GNWB32L),
205 RUN_DEV(GIGABYTE, RT2870_1),
206 RUN_DEV(GIGASET, RT3070_1),
207 RUN_DEV(GIGASET, RT3070_2),
208 RUN_DEV(GUILLEMOT, HWNU300),
209 RUN_DEV(HAWKING, HWUN2),
210 RUN_DEV(HAWKING, RT2870_1),
211 RUN_DEV(HAWKING, RT2870_2),
212 RUN_DEV(HAWKING, RT3070),
213 RUN_DEV(IODATA, RT3072_1),
214 RUN_DEV(IODATA, RT3072_2),
215 RUN_DEV(IODATA, RT3072_3),
216 RUN_DEV(IODATA, RT3072_4),
217 RUN_DEV(LINKSYS4, RT3070),
218 RUN_DEV(LINKSYS4, WUSB100),
219 RUN_DEV(LINKSYS4, WUSB54GCV3),
220 RUN_DEV(LINKSYS4, WUSB600N),
221 RUN_DEV(LINKSYS4, WUSB600NV2),
222 RUN_DEV(LOGITEC, RT2870_1),
223 RUN_DEV(LOGITEC, RT2870_2),
224 RUN_DEV(LOGITEC, RT2870_3),
225 RUN_DEV(LOGITEC, LANW300NU2),
226 RUN_DEV(LOGITEC, LANW150NU2),
227 RUN_DEV(LOGITEC, LANW300NU2S),
228 RUN_DEV(MELCO, RT2870_1),
229 RUN_DEV(MELCO, RT2870_2),
230 RUN_DEV(MELCO, WLIUCAG300N),
231 RUN_DEV(MELCO, WLIUCG300N),
232 RUN_DEV(MELCO, WLIUCG301N),
233 RUN_DEV(MELCO, WLIUCGN),
234 RUN_DEV(MELCO, WLIUCGNM),
235 RUN_DEV(MELCO, WLIUCGNM2),
236 RUN_DEV(MOTOROLA4, RT2770),
237 RUN_DEV(MOTOROLA4, RT3070),
238 RUN_DEV(MSI, RT3070_1),
239 RUN_DEV(MSI, RT3070_2),
240 RUN_DEV(MSI, RT3070_3),
241 RUN_DEV(MSI, RT3070_4),
242 RUN_DEV(MSI, RT3070_5),
243 RUN_DEV(MSI, RT3070_6),
244 RUN_DEV(MSI, RT3070_7),
245 RUN_DEV(MSI, RT3070_8),
246 RUN_DEV(MSI, RT3070_9),
247 RUN_DEV(MSI, RT3070_10),
248 RUN_DEV(MSI, RT3070_11),
249 RUN_DEV(OVISLINK, RT3072),
250 RUN_DEV(PARA, RT3070),
251 RUN_DEV(PEGATRON, RT2870),
252 RUN_DEV(PEGATRON, RT3070),
253 RUN_DEV(PEGATRON, RT3070_2),
254 RUN_DEV(PEGATRON, RT3070_3),
255 RUN_DEV(PHILIPS, RT2870),
256 RUN_DEV(PLANEX2, GWUS300MINIS),
257 RUN_DEV(PLANEX2, GWUSMICRON),
258 RUN_DEV(PLANEX2, RT2870),
259 RUN_DEV(PLANEX2, RT3070),
260 RUN_DEV(QCOM, RT2870),
261 RUN_DEV(QUANTA, RT3070),
262 RUN_DEV(RALINK, RT2070),
263 RUN_DEV(RALINK, RT2770),
264 RUN_DEV(RALINK, RT2870),
265 RUN_DEV(RALINK, RT3070),
266 RUN_DEV(RALINK, RT3071),
267 RUN_DEV(RALINK, RT3072),
268 RUN_DEV(RALINK, RT3370),
269 RUN_DEV(RALINK, RT3572),
270 RUN_DEV(RALINK, RT3573),
271 RUN_DEV(RALINK, RT5370),
272 RUN_DEV(RALINK, RT5572),
273 RUN_DEV(RALINK, RT8070),
274 RUN_DEV(SAMSUNG, WIS09ABGN),
275 RUN_DEV(SAMSUNG2, RT2870_1),
276 RUN_DEV(SENAO, RT2870_1),
277 RUN_DEV(SENAO, RT2870_2),
278 RUN_DEV(SENAO, RT2870_3),
279 RUN_DEV(SENAO, RT2870_4),
280 RUN_DEV(SENAO, RT3070),
281 RUN_DEV(SENAO, RT3071),
282 RUN_DEV(SENAO, RT3072_1),
283 RUN_DEV(SENAO, RT3072_2),
284 RUN_DEV(SENAO, RT3072_3),
285 RUN_DEV(SENAO, RT3072_4),
286 RUN_DEV(SENAO, RT3072_5),
287 RUN_DEV(SITECOMEU, RT2770),
288 RUN_DEV(SITECOMEU, RT2870_1),
289 RUN_DEV(SITECOMEU, RT2870_2),
290 RUN_DEV(SITECOMEU, RT2870_3),
291 RUN_DEV(SITECOMEU, RT2870_4),
292 RUN_DEV(SITECOMEU, RT3070),
293 RUN_DEV(SITECOMEU, RT3070_2),
294 RUN_DEV(SITECOMEU, RT3070_3),
295 RUN_DEV(SITECOMEU, RT3070_4),
296 RUN_DEV(SITECOMEU, RT3071),
297 RUN_DEV(SITECOMEU, RT3072_1),
298 RUN_DEV(SITECOMEU, RT3072_2),
299 RUN_DEV(SITECOMEU, RT3072_3),
300 RUN_DEV(SITECOMEU, RT3072_4),
301 RUN_DEV(SITECOMEU, RT3072_5),
302 RUN_DEV(SITECOMEU, RT3072_6),
303 RUN_DEV(SITECOMEU, WL608),
304 RUN_DEV(SPARKLAN, RT2870_1),
305 RUN_DEV(SPARKLAN, RT3070),
306 RUN_DEV(SWEEX2, LW153),
307 RUN_DEV(SWEEX2, LW303),
308 RUN_DEV(SWEEX2, LW313),
309 RUN_DEV(TOSHIBA, RT3070),
310 RUN_DEV(UMEDIA, RT2870_1),
311 RUN_DEV(ZCOM, RT2870_1),
312 RUN_DEV(ZCOM, RT2870_2),
313 RUN_DEV(ZINWELL, RT2870_1),
314 RUN_DEV(ZINWELL, RT2870_2),
315 RUN_DEV(ZINWELL, RT3070),
316 RUN_DEV(ZINWELL, RT3072_1),
317 RUN_DEV(ZINWELL, RT3072_2),
318 RUN_DEV(ZYXEL, RT2870_1),
319 RUN_DEV(ZYXEL, RT2870_2),
320 RUN_DEV(ZYXEL, RT3070),
321 RUN_DEV_EJECT(ZYXEL, NWD2705),
322 RUN_DEV_EJECT(RALINK, RT_STOR),
323#undef RUN_DEV_EJECT
324#undef RUN_DEV
325};
326
327static device_probe_t run_match;
328static device_attach_t run_attach;
329static device_detach_t run_detach;
330
331static usb_callback_t run_bulk_rx_callback;
332static usb_callback_t run_bulk_tx_callback0;
333static usb_callback_t run_bulk_tx_callback1;
334static usb_callback_t run_bulk_tx_callback2;
335static usb_callback_t run_bulk_tx_callback3;
336static usb_callback_t run_bulk_tx_callback4;
337static usb_callback_t run_bulk_tx_callback5;
338
339static void run_autoinst(void *, struct usb_device *,
340 struct usb_attach_arg *);
341static int run_driver_loaded(struct module *, int, void *);
342static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
343 usb_error_t error, u_int index);
344static struct ieee80211vap *run_vap_create(struct ieee80211com *,
345 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
346 const uint8_t [IEEE80211_ADDR_LEN],
347 const uint8_t [IEEE80211_ADDR_LEN]);
348static void run_vap_delete(struct ieee80211vap *);
349static void run_cmdq_cb(void *, int);
350static void run_setup_tx_list(struct run_softc *,
351 struct run_endpoint_queue *);
352static void run_unsetup_tx_list(struct run_softc *,
353 struct run_endpoint_queue *);
354static int run_load_microcode(struct run_softc *);
355static int run_reset(struct run_softc *);
356static usb_error_t run_do_request(struct run_softc *,
357 struct usb_device_request *, void *);
358static int run_read(struct run_softc *, uint16_t, uint32_t *);
359static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
360static int run_write_2(struct run_softc *, uint16_t, uint16_t);
361static int run_write(struct run_softc *, uint16_t, uint32_t);
362static int run_write_region_1(struct run_softc *, uint16_t,
363 const uint8_t *, int);
364static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
365static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
366static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
367static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
368static int run_rt2870_rf_write(struct run_softc *, uint32_t);
369static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
370static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
371static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
372static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
373static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
374static const char *run_get_rf(uint16_t);
375static void run_rt3593_get_txpower(struct run_softc *);
376static void run_get_txpower(struct run_softc *);
377static int run_read_eeprom(struct run_softc *);
378static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
379 const uint8_t mac[IEEE80211_ADDR_LEN]);
380static int run_media_change(struct ifnet *);
381static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
382static int run_wme_update(struct ieee80211com *);
383static void run_wme_update_cb(void *);
384static void run_key_update_begin(struct ieee80211vap *);
385static void run_key_update_end(struct ieee80211vap *);
386static void run_key_set_cb(void *);
387static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
388 const uint8_t mac[IEEE80211_ADDR_LEN]);
389static void run_key_delete_cb(void *);
390static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
391static void run_ratectl_to(void *);
392static void run_ratectl_cb(void *, int);
393static void run_drain_fifo(void *);
394static void run_iter_func(void *, struct ieee80211_node *);
395static void run_newassoc_cb(void *);
396static void run_newassoc(struct ieee80211_node *, int);
397static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
398static void run_tx_free(struct run_endpoint_queue *pq,
399 struct run_tx_data *, int);
400static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
401static int run_tx(struct run_softc *, struct mbuf *,
402 struct ieee80211_node *);
403static int run_tx_mgt(struct run_softc *, struct mbuf *,
404 struct ieee80211_node *);
405static int run_sendprot(struct run_softc *, const struct mbuf *,
406 struct ieee80211_node *, int, int);
407static int run_tx_param(struct run_softc *, struct mbuf *,
408 struct ieee80211_node *,
409 const struct ieee80211_bpf_params *);
410static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
411 const struct ieee80211_bpf_params *);
412static void run_start(struct ifnet *);
413static int run_ioctl(struct ifnet *, u_long, caddr_t);
414static void run_iq_calib(struct run_softc *, u_int);
415static void run_set_agc(struct run_softc *, uint8_t);
416static void run_select_chan_group(struct run_softc *, int);
417static void run_set_rx_antenna(struct run_softc *, int);
418static void run_rt2870_set_chan(struct run_softc *, u_int);
419static void run_rt3070_set_chan(struct run_softc *, u_int);
420static void run_rt3572_set_chan(struct run_softc *, u_int);
421static void run_rt3593_set_chan(struct run_softc *, u_int);
422static void run_rt5390_set_chan(struct run_softc *, u_int);
423static void run_rt5592_set_chan(struct run_softc *, u_int);
424static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
425static void run_set_channel(struct ieee80211com *);
426static void run_scan_start(struct ieee80211com *);
427static void run_scan_end(struct ieee80211com *);
428static void run_update_beacon(struct ieee80211vap *, int);
429static void run_update_beacon_cb(void *);
430static void run_updateprot(struct ieee80211com *);
431static void run_updateprot_cb(void *);
432static void run_usb_timeout_cb(void *);
433static void run_reset_livelock(struct run_softc *);
434static void run_enable_tsf_sync(struct run_softc *);
435static void run_enable_mrr(struct run_softc *);
436static void run_set_txpreamble(struct run_softc *);
437static void run_set_basicrates(struct run_softc *);
438static void run_set_leds(struct run_softc *, uint16_t);
439static void run_set_bssid(struct run_softc *, const uint8_t *);
440static void run_set_macaddr(struct run_softc *, const uint8_t *);
441static void run_updateslot(struct ifnet *);
442static void run_updateslot_cb(void *);
443static void run_update_mcast(struct ifnet *);
444static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
445static void run_update_promisc_locked(struct ifnet *);
446static void run_update_promisc(struct ifnet *);
447static void run_rt5390_bbp_init(struct run_softc *);
448static int run_bbp_init(struct run_softc *);
449static int run_rt3070_rf_init(struct run_softc *);
450static void run_rt3593_rf_init(struct run_softc *);
451static void run_rt5390_rf_init(struct run_softc *);
452static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
453 uint8_t *);
454static void run_rt3070_rf_setup(struct run_softc *);
455static void run_rt3593_rf_setup(struct run_softc *);
456static void run_rt5390_rf_setup(struct run_softc *);
457static int run_txrx_enable(struct run_softc *);
458static void run_adjust_freq_offset(struct run_softc *);
459static void run_init(void *);
460static void run_init_locked(struct run_softc *);
461static void run_stop(void *);
462static void run_delay(struct run_softc *, u_int);
463
464static eventhandler_tag run_etag;
465
466static const struct rt2860_rate {
467 uint8_t rate;
468 uint8_t mcs;
469 enum ieee80211_phytype phy;
470 uint8_t ctl_ridx;
471 uint16_t sp_ack_dur;
472 uint16_t lp_ack_dur;
473} rt2860_rates[] = {
474 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
475 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
476 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
477 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
478 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
479 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
480 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
481 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
482 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
483 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
484 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
485 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
486};
487
488static const struct {
489 uint16_t reg;
490 uint32_t val;
491} rt2870_def_mac[] = {
492 RT2870_DEF_MAC
493};
494
495static const struct {
496 uint8_t reg;
497 uint8_t val;
498} rt2860_def_bbp[] = {
499 RT2860_DEF_BBP
500},rt5390_def_bbp[] = {
501 RT5390_DEF_BBP
502},rt5592_def_bbp[] = {
503 RT5592_DEF_BBP
504};
505
506/*
507 * Default values for BBP register R196 for RT5592.
508 */
509static const uint8_t rt5592_bbp_r196[] = {
510 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
511 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
512 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
513 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
514 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
515 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
516 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
517 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
518 0x2e, 0x36, 0x30, 0x6e
519};
520
521static const struct rfprog {
522 uint8_t chan;
523 uint32_t r1, r2, r3, r4;
524} rt2860_rf2850[] = {
525 RT2860_RF2850
526};
527
528struct {
529 uint8_t n, r, k;
530} rt3070_freqs[] = {
531 RT3070_RF3052
532};
533
534static const struct rt5592_freqs {
535 uint16_t n;
536 uint8_t k, m, r;
537} rt5592_freqs_20mhz[] = {
538 RT5592_RF5592_20MHZ
539},rt5592_freqs_40mhz[] = {
540 RT5592_RF5592_40MHZ
541};
542
543static const struct {
544 uint8_t reg;
545 uint8_t val;
546} rt3070_def_rf[] = {
547 RT3070_DEF_RF
548},rt3572_def_rf[] = {
549 RT3572_DEF_RF
550},rt3593_def_rf[] = {
551 RT3593_DEF_RF
552},rt5390_def_rf[] = {
553 RT5390_DEF_RF
554},rt5392_def_rf[] = {
555 RT5392_DEF_RF
556},rt5592_def_rf[] = {
557 RT5592_DEF_RF
558},rt5592_2ghz_def_rf[] = {
559 RT5592_2GHZ_DEF_RF
560},rt5592_5ghz_def_rf[] = {
561 RT5592_5GHZ_DEF_RF
562};
563
564static const struct {
565 u_int firstchan;
566 u_int lastchan;
567 uint8_t reg;
568 uint8_t val;
569} rt5592_chan_5ghz[] = {
570 RT5592_CHAN_5GHZ
571};
572
573static const struct usb_config run_config[RUN_N_XFER] = {
574 [RUN_BULK_TX_BE] = {
575 .type = UE_BULK,
576 .endpoint = UE_ADDR_ANY,
577 .ep_index = 0,
578 .direction = UE_DIR_OUT,
579 .bufsize = RUN_MAX_TXSZ,
580 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
581 .callback = run_bulk_tx_callback0,
582 .timeout = 5000, /* ms */
583 },
584 [RUN_BULK_TX_BK] = {
585 .type = UE_BULK,
586 .endpoint = UE_ADDR_ANY,
587 .direction = UE_DIR_OUT,
588 .ep_index = 1,
589 .bufsize = RUN_MAX_TXSZ,
590 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
591 .callback = run_bulk_tx_callback1,
592 .timeout = 5000, /* ms */
593 },
594 [RUN_BULK_TX_VI] = {
595 .type = UE_BULK,
596 .endpoint = UE_ADDR_ANY,
597 .direction = UE_DIR_OUT,
598 .ep_index = 2,
599 .bufsize = RUN_MAX_TXSZ,
600 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
601 .callback = run_bulk_tx_callback2,
602 .timeout = 5000, /* ms */
603 },
604 [RUN_BULK_TX_VO] = {
605 .type = UE_BULK,
606 .endpoint = UE_ADDR_ANY,
607 .direction = UE_DIR_OUT,
608 .ep_index = 3,
609 .bufsize = RUN_MAX_TXSZ,
610 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
611 .callback = run_bulk_tx_callback3,
612 .timeout = 5000, /* ms */
613 },
614 [RUN_BULK_TX_HCCA] = {
615 .type = UE_BULK,
616 .endpoint = UE_ADDR_ANY,
617 .direction = UE_DIR_OUT,
618 .ep_index = 4,
619 .bufsize = RUN_MAX_TXSZ,
620 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
621 .callback = run_bulk_tx_callback4,
622 .timeout = 5000, /* ms */
623 },
624 [RUN_BULK_TX_PRIO] = {
625 .type = UE_BULK,
626 .endpoint = UE_ADDR_ANY,
627 .direction = UE_DIR_OUT,
628 .ep_index = 5,
629 .bufsize = RUN_MAX_TXSZ,
630 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
631 .callback = run_bulk_tx_callback5,
632 .timeout = 5000, /* ms */
633 },
634 [RUN_BULK_RX] = {
635 .type = UE_BULK,
636 .endpoint = UE_ADDR_ANY,
637 .direction = UE_DIR_IN,
638 .bufsize = RUN_MAX_RXSZ,
639 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
640 .callback = run_bulk_rx_callback,
641 }
642};
643
644static void
645run_autoinst(void *arg, struct usb_device *udev,
646 struct usb_attach_arg *uaa)
647{
648 struct usb_interface *iface;
649 struct usb_interface_descriptor *id;
650
651 if (uaa->dev_state != UAA_DEV_READY)
652 return;
653
654 iface = usbd_get_iface(udev, 0);
655 if (iface == NULL)
656 return;
657 id = iface->idesc;
658 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
659 return;
660 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
661 return;
662
663 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
664 uaa->dev_state = UAA_DEV_EJECTING;
665}
666
667static int
668run_driver_loaded(struct module *mod, int what, void *arg)
669{
670 switch (what) {
671 case MOD_LOAD:
672 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
673 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
674 break;
675 case MOD_UNLOAD:
676 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
677 break;
678 default:
679 return (EOPNOTSUPP);
680 }
681 return (0);
682}
683
684static int
685run_match(device_t self)
686{
687 struct usb_attach_arg *uaa = device_get_ivars(self);
688
689 if (uaa->usb_mode != USB_MODE_HOST)
690 return (ENXIO);
691 if (uaa->info.bConfigIndex != 0)
692 return (ENXIO);
693 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
694 return (ENXIO);
695
696 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
697}
698
699static int
700run_attach(device_t self)
701{
702 struct run_softc *sc = device_get_softc(self);
703 struct usb_attach_arg *uaa = device_get_ivars(self);
704 struct ieee80211com *ic;
705 struct ifnet *ifp;
706 uint32_t ver;
707 int ntries, error;
708 uint8_t iface_index, bands;
709
710 device_set_usb_desc(self);
711 sc->sc_udev = uaa->device;
712 sc->sc_dev = self;
713 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
714 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
715
716 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
717 MTX_NETWORK_LOCK, MTX_DEF);
718
719 iface_index = RT2860_IFACE_INDEX;
720
721 error = usbd_transfer_setup(uaa->device, &iface_index,
722 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
723 if (error) {
724 device_printf(self, "could not allocate USB transfers, "
725 "err=%s\n", usbd_errstr(error));
726 goto detach;
727 }
728
729 RUN_LOCK(sc);
730
731 /* wait for the chip to settle */
732 for (ntries = 0; ntries < 100; ntries++) {
733 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
734 RUN_UNLOCK(sc);
735 goto detach;
736 }
737 if (ver != 0 && ver != 0xffffffff)
738 break;
739 run_delay(sc, 10);
740 }
741 if (ntries == 100) {
742 device_printf(sc->sc_dev,
743 "timeout waiting for NIC to initialize\n");
744 RUN_UNLOCK(sc);
745 goto detach;
746 }
747 sc->mac_ver = ver >> 16;
748 sc->mac_rev = ver & 0xffff;
749
750 /* retrieve RF rev. no and various other things from EEPROM */
751 run_read_eeprom(sc);
752
753 device_printf(sc->sc_dev,
754 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
755 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
756 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid));
757
758 RUN_UNLOCK(sc);
759
760 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
761 if (ifp == NULL) {
762 device_printf(sc->sc_dev, "can not if_alloc()\n");
763 goto detach;
764 }
765 ic = ifp->if_l2com;
766
767 ifp->if_softc = sc;
768 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
769 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
770 ifp->if_init = run_init;
771 ifp->if_ioctl = run_ioctl;
772 ifp->if_start = run_start;
773 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
774 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
775 IFQ_SET_READY(&ifp->if_snd);
776
777 ic->ic_ifp = ifp;
778 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
779 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
780
781 /* set device capabilities */
782 ic->ic_caps =
783 IEEE80211_C_STA | /* station mode supported */
784 IEEE80211_C_MONITOR | /* monitor mode supported */
785 IEEE80211_C_IBSS |
786 IEEE80211_C_HOSTAP |
787 IEEE80211_C_WDS | /* 4-address traffic works */
788 IEEE80211_C_MBSS |
789 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
790 IEEE80211_C_SHSLOT | /* short slot time supported */
791 IEEE80211_C_WME | /* WME */
792 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
793
794 ic->ic_cryptocaps =
795 IEEE80211_CRYPTO_WEP |
796 IEEE80211_CRYPTO_AES_CCM |
797 IEEE80211_CRYPTO_TKIPMIC |
798 IEEE80211_CRYPTO_TKIP;
799
800 ic->ic_flags |= IEEE80211_F_DATAPAD;
801 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
802
803 bands = 0;
804 setbit(&bands, IEEE80211_MODE_11B);
805 setbit(&bands, IEEE80211_MODE_11G);
806 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
807 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
808 sc->rf_rev == RT5592_RF_5592)
809 setbit(&bands, IEEE80211_MODE_11A);
810 ieee80211_init_channels(ic, NULL, &bands);
811
812 ieee80211_ifattach(ic, sc->sc_bssid);
813
814 ic->ic_scan_start = run_scan_start;
815 ic->ic_scan_end = run_scan_end;
816 ic->ic_set_channel = run_set_channel;
817 ic->ic_node_alloc = run_node_alloc;
818 ic->ic_newassoc = run_newassoc;
819 ic->ic_updateslot = run_updateslot;
820 ic->ic_update_mcast = run_update_mcast;
821 ic->ic_wme.wme_update = run_wme_update;
822 ic->ic_raw_xmit = run_raw_xmit;
823 ic->ic_update_promisc = run_update_promisc;
824
825 ic->ic_vap_create = run_vap_create;
826 ic->ic_vap_delete = run_vap_delete;
827
828 ieee80211_radiotap_attach(ic,
829 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
830 RUN_TX_RADIOTAP_PRESENT,
831 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
832 RUN_RX_RADIOTAP_PRESENT);
833
834 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
835 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
836 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
837
838 if (bootverbose)
839 ieee80211_announce(ic);
840
841 return (0);
842
843detach:
844 run_detach(self);
845 return (ENXIO);
846}
847
848static int
849run_detach(device_t self)
850{
851 struct run_softc *sc = device_get_softc(self);
852 struct ifnet *ifp = sc->sc_ifp;
853 struct ieee80211com *ic;
854 int i;
855
856 RUN_LOCK(sc);
857 sc->sc_detached = 1;
858 RUN_UNLOCK(sc);
859
860 /* stop all USB transfers */
861 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
862
863 RUN_LOCK(sc);
864 sc->ratectl_run = RUN_RATECTL_OFF;
865 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
866
867 /* free TX list, if any */
868 for (i = 0; i != RUN_EP_QUEUES; i++)
869 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
870 RUN_UNLOCK(sc);
871
872 if (ifp) {
873 ic = ifp->if_l2com;
874 /* drain tasks */
875 usb_callout_drain(&sc->ratectl_ch);
876 ieee80211_draintask(ic, &sc->cmdq_task);
877 ieee80211_draintask(ic, &sc->ratectl_task);
878 ieee80211_ifdetach(ic);
879 if_free(ifp);
880 }
881
882 mtx_destroy(&sc->sc_mtx);
883
884 return (0);
885}
886
887static struct ieee80211vap *
888run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
889 enum ieee80211_opmode opmode, int flags,
890 const uint8_t bssid[IEEE80211_ADDR_LEN],
891 const uint8_t mac[IEEE80211_ADDR_LEN])
892{
893 struct ifnet *ifp = ic->ic_ifp;
894 struct run_softc *sc = ifp->if_softc;
895 struct run_vap *rvp;
896 struct ieee80211vap *vap;
897 int i;
898
899 if (sc->rvp_cnt >= RUN_VAP_MAX) {
900 if_printf(ifp, "number of VAPs maxed out\n");
901 return (NULL);
902 }
903
904 switch (opmode) {
905 case IEEE80211_M_STA:
906 /* enable s/w bmiss handling for sta mode */
907 flags |= IEEE80211_CLONE_NOBEACONS;
908 /* fall though */
909 case IEEE80211_M_IBSS:
910 case IEEE80211_M_MONITOR:
911 case IEEE80211_M_HOSTAP:
912 case IEEE80211_M_MBSS:
913 /* other than WDS vaps, only one at a time */
914 if (!TAILQ_EMPTY(&ic->ic_vaps))
915 return (NULL);
916 break;
917 case IEEE80211_M_WDS:
918 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
919 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
920 continue;
921 /* WDS vap's always share the local mac address. */
922 flags &= ~IEEE80211_CLONE_BSSID;
923 break;
924 }
925 if (vap == NULL) {
926 if_printf(ifp, "wds only supported in ap mode\n");
927 return (NULL);
928 }
929 break;
930 default:
931 if_printf(ifp, "unknown opmode %d\n", opmode);
932 return (NULL);
933 }
934
935 rvp = (struct run_vap *) malloc(sizeof(struct run_vap),
936 M_80211_VAP, M_NOWAIT | M_ZERO);
937 if (rvp == NULL)
938 return (NULL);
939 vap = &rvp->vap;
940
941 if (ieee80211_vap_setup(ic, vap, name, unit,
942 opmode, flags, bssid, mac) != 0) {
943 /* out of memory */
944 free(rvp, M_80211_VAP);
945 return (NULL);
946 }
947
948 vap->iv_key_update_begin = run_key_update_begin;
949 vap->iv_key_update_end = run_key_update_end;
950 vap->iv_update_beacon = run_update_beacon;
951 vap->iv_max_aid = RT2870_WCID_MAX;
952 /*
953 * To delete the right key from h/w, we need wcid.
954 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
955 * and matching wcid will be written into there. So, cast
956 * some spells to remove 'const' from ieee80211_key{}
957 */
958 vap->iv_key_delete = (void *)run_key_delete;
959 vap->iv_key_set = (void *)run_key_set;
960
961 /* override state transition machine */
962 rvp->newstate = vap->iv_newstate;
963 vap->iv_newstate = run_newstate;
964
965 ieee80211_ratectl_init(vap);
966 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
967
968 /* complete setup */
969 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
970
971 /* make sure id is always unique */
972 for (i = 0; i < RUN_VAP_MAX; i++) {
973 if((sc->rvp_bmap & 1 << i) == 0){
974 sc->rvp_bmap |= 1 << i;
975 rvp->rvp_id = i;
976 break;
977 }
978 }
979 if (sc->rvp_cnt++ == 0)
980 ic->ic_opmode = opmode;
981
982 if (opmode == IEEE80211_M_HOSTAP)
983 sc->cmdq_run = RUN_CMDQ_GO;
984
985 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
986 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
987
988 return (vap);
989}
990
991static void
992run_vap_delete(struct ieee80211vap *vap)
993{
994 struct run_vap *rvp = RUN_VAP(vap);
995 struct ifnet *ifp;
996 struct ieee80211com *ic;
997 struct run_softc *sc;
998 uint8_t rvp_id;
999
1000 if (vap == NULL)
1001 return;
1002
1003 ic = vap->iv_ic;
1004 ifp = ic->ic_ifp;
1005
1006 sc = ifp->if_softc;
1007
1008 RUN_LOCK(sc);
1009
1010 m_freem(rvp->beacon_mbuf);
1011 rvp->beacon_mbuf = NULL;
1012
1013 rvp_id = rvp->rvp_id;
1014 sc->ratectl_run &= ~(1 << rvp_id);
1015 sc->rvp_bmap &= ~(1 << rvp_id);
1016 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1017 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1018 --sc->rvp_cnt;
1019
1020 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1021 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1022
1023 RUN_UNLOCK(sc);
1024
1025 ieee80211_ratectl_deinit(vap);
1026 ieee80211_vap_detach(vap);
1027 free(rvp, M_80211_VAP);
1028}
1029
1030/*
1031 * There are numbers of functions need to be called in context thread.
1032 * Rather than creating taskqueue event for each of those functions,
1033 * here is all-for-one taskqueue callback function. This function
1034 * gurantees deferred functions are executed in the same order they
1035 * were enqueued.
1036 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1037 */
1038static void
1039run_cmdq_cb(void *arg, int pending)
1040{
1041 struct run_softc *sc = arg;
1042 uint8_t i;
1043
1044 /* call cmdq[].func locked */
1045 RUN_LOCK(sc);
1046 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1047 i = sc->cmdq_exec, pending--) {
1048 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1049 if (sc->cmdq_run == RUN_CMDQ_GO) {
1050 /*
1051 * If arg0 is NULL, callback func needs more
1052 * than one arg. So, pass ptr to cmdq struct.
1053 */
1054 if (sc->cmdq[i].arg0)
1055 sc->cmdq[i].func(sc->cmdq[i].arg0);
1056 else
1057 sc->cmdq[i].func(&sc->cmdq[i]);
1058 }
1059 sc->cmdq[i].arg0 = NULL;
1060 sc->cmdq[i].func = NULL;
1061 sc->cmdq_exec++;
1062 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1063 }
1064 RUN_UNLOCK(sc);
1065}
1066
1067static void
1068run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1069{
1070 struct run_tx_data *data;
1071
1072 memset(pq, 0, sizeof(*pq));
1073
1074 STAILQ_INIT(&pq->tx_qh);
1075 STAILQ_INIT(&pq->tx_fh);
1076
1077 for (data = &pq->tx_data[0];
1078 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1079 data->sc = sc;
1080 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1081 }
1082 pq->tx_nfree = RUN_TX_RING_COUNT;
1083}
1084
1085static void
1086run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1087{
1088 struct run_tx_data *data;
1089
1090 /* make sure any subsequent use of the queues will fail */
1091 pq->tx_nfree = 0;
1092 STAILQ_INIT(&pq->tx_fh);
1093 STAILQ_INIT(&pq->tx_qh);
1094
1095 /* free up all node references and mbufs */
1096 for (data = &pq->tx_data[0];
1097 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1098 if (data->m != NULL) {
1099 m_freem(data->m);
1100 data->m = NULL;
1101 }
1102 if (data->ni != NULL) {
1103 ieee80211_free_node(data->ni);
1104 data->ni = NULL;
1105 }
1106 }
1107}
1108
1109static int
1110run_load_microcode(struct run_softc *sc)
1111{
1112 usb_device_request_t req;
1113 const struct firmware *fw;
1114 const u_char *base;
1115 uint32_t tmp;
1116 int ntries, error;
1117 const uint64_t *temp;
1118 uint64_t bytes;
1119
1120 RUN_UNLOCK(sc);
1121 fw = firmware_get("runfw");
1122 RUN_LOCK(sc);
1123 if (fw == NULL) {
1124 device_printf(sc->sc_dev,
1125 "failed loadfirmware of file %s\n", "runfw");
1126 return ENOENT;
1127 }
1128
1129 if (fw->datasize != 8192) {
1130 device_printf(sc->sc_dev,
1131 "invalid firmware size (should be 8KB)\n");
1132 error = EINVAL;
1133 goto fail;
1134 }
1135
1136 /*
1137 * RT3071/RT3072 use a different firmware
1138 * run-rt2870 (8KB) contains both,
1139 * first half (4KB) is for rt2870,
1140 * last half is for rt3071.
1141 */
1142 base = fw->data;
1143 if ((sc->mac_ver) != 0x2860 &&
1144 (sc->mac_ver) != 0x2872 &&
1145 (sc->mac_ver) != 0x3070) {
1146 base += 4096;
1147 }
1148
1149 /* cheap sanity check */
1150 temp = fw->data;
1151 bytes = *temp;
1152 if (bytes != be64toh(0xffffff0210280210ULL)) {
1153 device_printf(sc->sc_dev, "firmware checksum failed\n");
1154 error = EINVAL;
1155 goto fail;
1156 }
1157
1158 /* write microcode image */
1159 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1160 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1161 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1162 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1163 }
1164
1165 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1166 req.bRequest = RT2870_RESET;
1167 USETW(req.wValue, 8);
1168 USETW(req.wIndex, 0);
1169 USETW(req.wLength, 0);
1170 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1171 != 0) {
1172 device_printf(sc->sc_dev, "firmware reset failed\n");
1173 goto fail;
1174 }
1175
1176 run_delay(sc, 10);
1177
1178 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1179 run_write(sc, RT2860_H2M_MAILBOX, 0);
1180 run_write(sc, RT2860_H2M_INTSRC, 0);
1181 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1182 goto fail;
1183
1184 /* wait until microcontroller is ready */
1185 for (ntries = 0; ntries < 1000; ntries++) {
1186 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1187 goto fail;
1188 if (tmp & RT2860_MCU_READY)
1189 break;
1190 run_delay(sc, 10);
1191 }
1192 if (ntries == 1000) {
1193 device_printf(sc->sc_dev,
1194 "timeout waiting for MCU to initialize\n");
1195 error = ETIMEDOUT;
1196 goto fail;
1197 }
1198 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1199 (base == fw->data) ? "RT2870" : "RT3071",
1200 *(base + 4092), *(base + 4093));
1201
1202fail:
1203 firmware_put(fw, FIRMWARE_UNLOAD);
1204 return (error);
1205}
1206
1207static int
1208run_reset(struct run_softc *sc)
1209{
1210 usb_device_request_t req;
1211
1212 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1213 req.bRequest = RT2870_RESET;
1214 USETW(req.wValue, 1);
1215 USETW(req.wIndex, 0);
1216 USETW(req.wLength, 0);
1217 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1218}
1219
1220static usb_error_t
1221run_do_request(struct run_softc *sc,
1222 struct usb_device_request *req, void *data)
1223{
1224 usb_error_t err;
1225 int ntries = 10;
1226
1227 RUN_LOCK_ASSERT(sc, MA_OWNED);
1228
1229 while (ntries--) {
1230 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1231 req, data, 0, NULL, 250 /* ms */);
1232 if (err == 0)
1233 break;
1234 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1235 usbd_errstr(err));
1236 run_delay(sc, 10);
1237 }
1238 return (err);
1239}
1240
1241static int
1242run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1243{
1244 uint32_t tmp;
1245 int error;
1246
1247 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1248 if (error == 0)
1249 *val = le32toh(tmp);
1250 else
1251 *val = 0xffffffff;
1252 return (error);
1253}
1254
1255static int
1256run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1257{
1258 usb_device_request_t req;
1259
1260 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1261 req.bRequest = RT2870_READ_REGION_1;
1262 USETW(req.wValue, 0);
1263 USETW(req.wIndex, reg);
1264 USETW(req.wLength, len);
1265
1266 return (run_do_request(sc, &req, buf));
1267}
1268
1269static int
1270run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1271{
1272 usb_device_request_t req;
1273
1274 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1275 req.bRequest = RT2870_WRITE_2;
1276 USETW(req.wValue, val);
1277 USETW(req.wIndex, reg);
1278 USETW(req.wLength, 0);
1279
1280 return (run_do_request(sc, &req, NULL));
1281}
1282
1283static int
1284run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1285{
1286 int error;
1287
1288 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1289 error = run_write_2(sc, reg + 2, val >> 16);
1290 return (error);
1291}
1292
1293static int
1294run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1295 int len)
1296{
1297#if 1
1298 int i, error = 0;
1299 /*
1300 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1301 * We thus issue multiple WRITE_2 commands instead.
1302 */
1303 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1304 for (i = 0; i < len && error == 0; i += 2)
1305 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1306 return (error);
1307#else
1308 usb_device_request_t req;
1309 int error = 0;
1310
1311 /*
1312 * NOTE: It appears the WRITE_REGION_1 command cannot be
1313 * passed a huge amount of data, which will crash the
1314 * firmware. Limit amount of data passed to 64-bytes at a
1315 * time.
1316 */
1317 while (len > 0) {
1318 int delta = 64;
1319 if (delta > len)
1320 delta = len;
1321
1322 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1323 req.bRequest = RT2870_WRITE_REGION_1;
1324 USETW(req.wValue, 0);
1325 USETW(req.wIndex, reg);
1326 USETW(req.wLength, delta);
1327 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1328 if (error != 0)
1329 break;
1330 reg += delta;
1331 buf += delta;
1332 len -= delta;
1333 }
1334 return (error);
1335#endif
1336}
1337
1338static int
1339run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1340{
1341 int i, error = 0;
1342
1343 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1344 for (i = 0; i < len && error == 0; i += 4)
1345 error = run_write(sc, reg + i, val);
1346 return (error);
1347}
1348
1349static int
1350run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1351{
1352 uint32_t tmp;
1353 uint16_t reg;
1354 int error, ntries;
1355
1356 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1357 return (error);
1358
1359 if (count == 2)
1360 addr *= 2;
1361 /*-
1362 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1363 * DATA0: F E D C
1364 * DATA1: B A 9 8
1365 * DATA2: 7 6 5 4
1366 * DATA3: 3 2 1 0
1367 */
1368 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1369 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1370 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1371 for (ntries = 0; ntries < 100; ntries++) {
1372 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1373 return (error);
1374 if (!(tmp & RT3070_EFSROM_KICK))
1375 break;
1376 run_delay(sc, 2);
1377 }
1378 if (ntries == 100)
1379 return (ETIMEDOUT);
1380
1381 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1382 *val = 0xffff; /* address not found */
1383 return (0);
1384 }
1385 /* determine to which 32-bit register our 16-bit word belongs */
1386 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1387 if ((error = run_read(sc, reg, &tmp)) != 0)
1388 return (error);
1389
1390 tmp >>= (8 * (addr & 0x3));
1391 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1392
1393 return (0);
1394}
1395
1396/* Read 16-bit from eFUSE ROM for RT3xxx. */
1397static int
1398run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1399{
1400 return (run_efuse_read(sc, addr, val, 2));
1401}
1402
1403static int
1404run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1405{
1406 usb_device_request_t req;
1407 uint16_t tmp;
1408 int error;
1409
1410 addr *= 2;
1411 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1412 req.bRequest = RT2870_EEPROM_READ;
1413 USETW(req.wValue, 0);
1414 USETW(req.wIndex, addr);
1415 USETW(req.wLength, sizeof(tmp));
1416
1417 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1418 if (error == 0)
1419 *val = le16toh(tmp);
1420 else
1421 *val = 0xffff;
1422 return (error);
1423}
1424
1425static __inline int
1426run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1427{
1428 /* either eFUSE ROM or EEPROM */
1429 return sc->sc_srom_read(sc, addr, val);
1430}
1431
1432static int
1433run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1434{
1435 uint32_t tmp;
1436 int error, ntries;
1437
1438 for (ntries = 0; ntries < 10; ntries++) {
1439 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1440 return (error);
1441 if (!(tmp & RT2860_RF_REG_CTRL))
1442 break;
1443 }
1444 if (ntries == 10)
1445 return (ETIMEDOUT);
1446
1447 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1448}
1449
1450static int
1451run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1452{
1453 uint32_t tmp;
1454 int error, ntries;
1455
1456 for (ntries = 0; ntries < 100; ntries++) {
1457 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1458 return (error);
1459 if (!(tmp & RT3070_RF_KICK))
1460 break;
1461 }
1462 if (ntries == 100)
1463 return (ETIMEDOUT);
1464
1465 tmp = RT3070_RF_KICK | reg << 8;
1466 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1467 return (error);
1468
1469 for (ntries = 0; ntries < 100; ntries++) {
1470 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1471 return (error);
1472 if (!(tmp & RT3070_RF_KICK))
1473 break;
1474 }
1475 if (ntries == 100)
1476 return (ETIMEDOUT);
1477
1478 *val = tmp & 0xff;
1479 return (0);
1480}
1481
1482static int
1483run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1484{
1485 uint32_t tmp;
1486 int error, ntries;
1487
1488 for (ntries = 0; ntries < 10; ntries++) {
1489 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1490 return (error);
1491 if (!(tmp & RT3070_RF_KICK))
1492 break;
1493 }
1494 if (ntries == 10)
1495 return (ETIMEDOUT);
1496
1497 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1498 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1499}
1500
1501static int
1502run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1503{
1504 uint32_t tmp;
1505 int ntries, error;
1506
1507 for (ntries = 0; ntries < 10; ntries++) {
1508 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1509 return (error);
1510 if (!(tmp & RT2860_BBP_CSR_KICK))
1511 break;
1512 }
1513 if (ntries == 10)
1514 return (ETIMEDOUT);
1515
1516 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1517 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1518 return (error);
1519
1520 for (ntries = 0; ntries < 10; ntries++) {
1521 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1522 return (error);
1523 if (!(tmp & RT2860_BBP_CSR_KICK))
1524 break;
1525 }
1526 if (ntries == 10)
1527 return (ETIMEDOUT);
1528
1529 *val = tmp & 0xff;
1530 return (0);
1531}
1532
1533static int
1534run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1535{
1536 uint32_t tmp;
1537 int ntries, error;
1538
1539 for (ntries = 0; ntries < 10; ntries++) {
1540 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1541 return (error);
1542 if (!(tmp & RT2860_BBP_CSR_KICK))
1543 break;
1544 }
1545 if (ntries == 10)
1546 return (ETIMEDOUT);
1547
1548 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1549 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1550}
1551
1552/*
1553 * Send a command to the 8051 microcontroller unit.
1554 */
1555static int
1556run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1557{
1558 uint32_t tmp;
1559 int error, ntries;
1560
1561 for (ntries = 0; ntries < 100; ntries++) {
1562 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1563 return error;
1564 if (!(tmp & RT2860_H2M_BUSY))
1565 break;
1566 }
1567 if (ntries == 100)
1568 return ETIMEDOUT;
1569
1570 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1571 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1572 error = run_write(sc, RT2860_HOST_CMD, cmd);
1573 return (error);
1574}
1575
1576/*
1577 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1578 * Used to adjust per-rate Tx power registers.
1579 */
1580static __inline uint32_t
1581b4inc(uint32_t b32, int8_t delta)
1582{
1583 int8_t i, b4;
1584
1585 for (i = 0; i < 8; i++) {
1586 b4 = b32 & 0xf;
1587 b4 += delta;
1588 if (b4 < 0)
1589 b4 = 0;
1590 else if (b4 > 0xf)
1591 b4 = 0xf;
1592 b32 = b32 >> 4 | b4 << 28;
1593 }
1594 return (b32);
1595}
1596
1597static const char *
1598run_get_rf(uint16_t rev)
1599{
1600 switch (rev) {
1601 case RT2860_RF_2820: return "RT2820";
1602 case RT2860_RF_2850: return "RT2850";
1603 case RT2860_RF_2720: return "RT2720";
1604 case RT2860_RF_2750: return "RT2750";
1605 case RT3070_RF_3020: return "RT3020";
1606 case RT3070_RF_2020: return "RT2020";
1607 case RT3070_RF_3021: return "RT3021";
1608 case RT3070_RF_3022: return "RT3022";
1609 case RT3070_RF_3052: return "RT3052";
1610 case RT3593_RF_3053: return "RT3053";
1611 case RT5592_RF_5592: return "RT5592";
1612 case RT5390_RF_5370: return "RT5370";
1613 case RT5390_RF_5372: return "RT5372";
1614 }
1615 return ("unknown");
1616}
1617
1618static void
1619run_rt3593_get_txpower(struct run_softc *sc)
1620{
1621 uint16_t addr, val;
1622 int i;
1623
1624 /* Read power settings for 2GHz channels. */
1625 for (i = 0; i < 14; i += 2) {
1626 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1627 RT2860_EEPROM_PWR2GHZ_BASE1;
1628 run_srom_read(sc, addr + i / 2, &val);
1629 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1630 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1631
1632 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1633 RT2860_EEPROM_PWR2GHZ_BASE2;
1634 run_srom_read(sc, addr + i / 2, &val);
1635 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1636 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1637
1638 if (sc->ntxchains == 3) {
1639 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1640 &val);
1641 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1642 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1643 }
1644 }
1645 /* Fix broken Tx power entries. */
1646 for (i = 0; i < 14; i++) {
1647 if (sc->txpow1[i] > 31)
1648 sc->txpow1[i] = 5;
1649 if (sc->txpow2[i] > 31)
1650 sc->txpow2[i] = 5;
1651 if (sc->ntxchains == 3) {
1652 if (sc->txpow3[i] > 31)
1653 sc->txpow3[i] = 5;
1654 }
1655 }
1656 /* Read power settings for 5GHz channels. */
1657 for (i = 0; i < 40; i += 2) {
1658 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1659 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1660 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1661
1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1663 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1664 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1665
1666 if (sc->ntxchains == 3) {
1667 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1668 &val);
1669 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1670 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1671 }
1672 }
1673}
1674
1675static void
1676run_get_txpower(struct run_softc *sc)
1677{
1678 uint16_t val;
1679 int i;
1680
1681 /* Read power settings for 2GHz channels. */
1682 for (i = 0; i < 14; i += 2) {
1683 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1684 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1685 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1686
1687 if (sc->mac_ver != 0x5390) {
1688 run_srom_read(sc,
1689 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1690 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1691 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1692 }
1693 }
1694 /* Fix broken Tx power entries. */
1695 for (i = 0; i < 14; i++) {
1696 if (sc->mac_ver >= 0x5390) {
1697 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1698 sc->txpow1[i] = 5;
1699 } else {
1700 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1701 sc->txpow1[i] = 5;
1702 }
1703 if (sc->mac_ver > 0x5390) {
1704 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1705 sc->txpow2[i] = 5;
1706 } else if (sc->mac_ver < 0x5390) {
1707 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1708 sc->txpow2[i] = 5;
1709 }
1710 DPRINTF("chan %d: power1=%d, power2=%d\n",
1711 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1712 }
1713 /* Read power settings for 5GHz channels. */
1714 for (i = 0; i < 40; i += 2) {
1715 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1716 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1717 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1718
1719 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1720 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1721 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1722 }
1723 /* Fix broken Tx power entries. */
1724 for (i = 0; i < 40; i++ ) {
1725 if (sc->mac_ver != 0x5592) {
1726 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1727 sc->txpow1[14 + i] = 5;
1728 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1729 sc->txpow2[14 + i] = 5;
1730 }
1731 DPRINTF("chan %d: power1=%d, power2=%d\n",
1732 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1733 sc->txpow2[14 + i]);
1734 }
1735}
1736
1737static int
1738run_read_eeprom(struct run_softc *sc)
1739{
1740 int8_t delta_2ghz, delta_5ghz;
1741 uint32_t tmp;
1742 uint16_t val;
1743 int ridx, ant, i;
1744
1745 /* check whether the ROM is eFUSE ROM or EEPROM */
1746 sc->sc_srom_read = run_eeprom_read_2;
1747 if (sc->mac_ver >= 0x3070) {
1748 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1749 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1750 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1751 sc->sc_srom_read = run_efuse_read_2;
1752 }
1753
1754 /* read ROM version */
1755 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1756 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1757
1758 /* read MAC address */
1759 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1760 sc->sc_bssid[0] = val & 0xff;
1761 sc->sc_bssid[1] = val >> 8;
1762 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1763 sc->sc_bssid[2] = val & 0xff;
1764 sc->sc_bssid[3] = val >> 8;
1765 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1766 sc->sc_bssid[4] = val & 0xff;
1767 sc->sc_bssid[5] = val >> 8;
1768
1769 if (sc->mac_ver < 0x3593) {
1770 /* read vender BBP settings */
1771 for (i = 0; i < 10; i++) {
1772 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1773 sc->bbp[i].val = val & 0xff;
1774 sc->bbp[i].reg = val >> 8;
1775 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1776 sc->bbp[i].val);
1777 }
1778 if (sc->mac_ver >= 0x3071) {
1779 /* read vendor RF settings */
1780 for (i = 0; i < 10; i++) {
1781 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1782 &val);
1783 sc->rf[i].val = val & 0xff;
1784 sc->rf[i].reg = val >> 8;
1785 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1786 sc->rf[i].val);
1787 }
1788 }
1789 }
1790
1791 /* read RF frequency offset from EEPROM */
1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1793 RT3593_EEPROM_FREQ, &val);
1794 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1795 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1796
1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1798 RT3593_EEPROM_FREQ_LEDS, &val);
1799 if (val >> 8 != 0xff) {
1800 /* read LEDs operating mode */
1801 sc->leds = val >> 8;
1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1803 RT3593_EEPROM_LED1, &sc->led[0]);
1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1805 RT3593_EEPROM_LED2, &sc->led[1]);
1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1807 RT3593_EEPROM_LED3, &sc->led[2]);
1808 } else {
1809 /* broken EEPROM, use default settings */
1810 sc->leds = 0x01;
1811 sc->led[0] = 0x5555;
1812 sc->led[1] = 0x2221;
1813 sc->led[2] = 0x5627; /* differs from RT2860 */
1814 }
1815 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1816 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1817
1818 /* read RF information */
1819 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1820 run_srom_read(sc, 0x00, &val);
1821 else
1822 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1823
1824 if (val == 0xffff) {
1825 device_printf(sc->sc_dev,
1826 "invalid EEPROM antenna info, using default\n");
1827 DPRINTF("invalid EEPROM antenna info, using default\n");
1828 if (sc->mac_ver == 0x3572) {
1829 /* default to RF3052 2T2R */
1830 sc->rf_rev = RT3070_RF_3052;
1831 sc->ntxchains = 2;
1832 sc->nrxchains = 2;
1833 } else if (sc->mac_ver >= 0x3070) {
1834 /* default to RF3020 1T1R */
1835 sc->rf_rev = RT3070_RF_3020;
1836 sc->ntxchains = 1;
1837 sc->nrxchains = 1;
1838 } else {
1839 /* default to RF2820 1T2R */
1840 sc->rf_rev = RT2860_RF_2820;
1841 sc->ntxchains = 1;
1842 sc->nrxchains = 2;
1843 }
1844 } else {
1845 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1846 sc->rf_rev = val;
1847 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1848 } else
1849 sc->rf_rev = (val >> 8) & 0xf;
1850 sc->ntxchains = (val >> 4) & 0xf;
1851 sc->nrxchains = val & 0xf;
1852 }
1853 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1854 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1855
1856 /* check if RF supports automatic Tx access gain control */
1857 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1858 DPRINTF("EEPROM CFG 0x%04x\n", val);
1859 /* check if driver should patch the DAC issue */
1860 if ((val >> 8) != 0xff)
1861 sc->patch_dac = (val >> 15) & 1;
1862 if ((val & 0xff) != 0xff) {
1863 sc->ext_5ghz_lna = (val >> 3) & 1;
1864 sc->ext_2ghz_lna = (val >> 2) & 1;
1865 /* check if RF supports automatic Tx access gain control */
1866 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1867 /* check if we have a hardware radio switch */
1868 sc->rfswitch = val & 1;
1869 }
1870
1871 /* Read Tx power settings. */
1872 if (sc->mac_ver == 0x3593)
1873 run_rt3593_get_txpower(sc);
1874 else
1875 run_get_txpower(sc);
1876
1877 /* read Tx power compensation for each Tx rate */
1878 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1879 delta_2ghz = delta_5ghz = 0;
1880 if ((val & 0xff) != 0xff && (val & 0x80)) {
1881 delta_2ghz = val & 0xf;
1882 if (!(val & 0x40)) /* negative number */
1883 delta_2ghz = -delta_2ghz;
1884 }
1885 val >>= 8;
1886 if ((val & 0xff) != 0xff && (val & 0x80)) {
1887 delta_5ghz = val & 0xf;
1888 if (!(val & 0x40)) /* negative number */
1889 delta_5ghz = -delta_5ghz;
1890 }
1891 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1892 delta_2ghz, delta_5ghz);
1893
1894 for (ridx = 0; ridx < 5; ridx++) {
1895 uint32_t reg;
1896
1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1898 reg = val;
1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1900 reg |= (uint32_t)val << 16;
1901
1902 sc->txpow20mhz[ridx] = reg;
1903 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1904 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1905
1906 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1907 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1908 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1909 }
1910
1911 /* Read RSSI offsets and LNA gains from EEPROM. */
1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1913 RT3593_EEPROM_RSSI1_2GHZ, &val);
1914 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1915 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1917 RT3593_EEPROM_RSSI2_2GHZ, &val);
1918 if (sc->mac_ver >= 0x3070) {
1919 if (sc->mac_ver == 0x3593) {
1920 sc->txmixgain_2ghz = 0;
1921 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1922 } else {
1923 /*
1924 * On RT3070 chips (limited to 2 Rx chains), this ROM
1925 * field contains the Tx mixer gain for the 2GHz band.
1926 */
1927 if ((val & 0xff) != 0xff)
1928 sc->txmixgain_2ghz = val & 0x7;
1929 }
1930 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1931 } else
1932 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1933 if (sc->mac_ver == 0x3593)
1934 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1935 sc->lna[2] = val >> 8; /* channel group 2 */
1936
1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1938 RT3593_EEPROM_RSSI1_5GHZ, &val);
1939 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1940 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1942 RT3593_EEPROM_RSSI2_5GHZ, &val);
1943 if (sc->mac_ver == 0x3572) {
1944 /*
1945 * On RT3572 chips (limited to 2 Rx chains), this ROM
1946 * field contains the Tx mixer gain for the 5GHz band.
1947 */
1948 if ((val & 0xff) != 0xff)
1949 sc->txmixgain_5ghz = val & 0x7;
1950 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1951 } else
1952 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1953 if (sc->mac_ver == 0x3593) {
1954 sc->txmixgain_5ghz = 0;
1955 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1956 }
1957 sc->lna[3] = val >> 8; /* channel group 3 */
1958
1959 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1960 RT3593_EEPROM_LNA, &val);
1961 sc->lna[0] = val & 0xff; /* channel group 0 */
1962 sc->lna[1] = val >> 8; /* channel group 1 */
1963
1964 /* fix broken 5GHz LNA entries */
1965 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1966 DPRINTF("invalid LNA for channel group %d\n", 2);
1967 sc->lna[2] = sc->lna[1];
1968 }
1969 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1970 DPRINTF("invalid LNA for channel group %d\n", 3);
1971 sc->lna[3] = sc->lna[1];
1972 }
1973
1974 /* fix broken RSSI offset entries */
1975 for (ant = 0; ant < 3; ant++) {
1976 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1977 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1978 ant + 1, sc->rssi_2ghz[ant]);
1979 sc->rssi_2ghz[ant] = 0;
1980 }
1981 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1982 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1983 ant + 1, sc->rssi_5ghz[ant]);
1984 sc->rssi_5ghz[ant] = 0;
1985 }
1986 }
1987 return (0);
1988}
1989
1990static struct ieee80211_node *
1991run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1992{
1993 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
1994}
1995
1996static int
1997run_media_change(struct ifnet *ifp)
1998{
1999 struct ieee80211vap *vap = ifp->if_softc;
2000 struct ieee80211com *ic = vap->iv_ic;
2001 const struct ieee80211_txparam *tp;
2002 struct run_softc *sc = ic->ic_ifp->if_softc;
2003 uint8_t rate, ridx;
2004 int error;
2005
2006 RUN_LOCK(sc);
2007
2008 error = ieee80211_media_change(ifp);
2009 if (error != ENETRESET) {
2010 RUN_UNLOCK(sc);
2011 return (error);
2012 }
2013
2014 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2015 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2016 struct ieee80211_node *ni;
2017 struct run_node *rn;
2018
2019 rate = ic->ic_sup_rates[ic->ic_curmode].
2020 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2021 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2022 if (rt2860_rates[ridx].rate == rate)
2023 break;
2024 ni = ieee80211_ref_node(vap->iv_bss);
2025 rn = (struct run_node *)ni;
2026 rn->fix_ridx = ridx;
2027 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2028 ieee80211_free_node(ni);
2029 }
2030
2031#if 0
2032 if ((ifp->if_flags & IFF_UP) &&
2033 (ifp->if_drv_flags & IFF_DRV_RUNNING)){
2034 run_init_locked(sc);
2035 }
2036#endif
2037
2038 RUN_UNLOCK(sc);
2039
2040 return (0);
2041}
2042
2043static int
2044run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2045{
2046 const struct ieee80211_txparam *tp;
2047 struct ieee80211com *ic = vap->iv_ic;
2048 struct run_softc *sc = ic->ic_ifp->if_softc;
2049 struct run_vap *rvp = RUN_VAP(vap);
2050 enum ieee80211_state ostate;
2051 uint32_t sta[3];
2052 uint32_t tmp;
2053 uint8_t ratectl;
2054 uint8_t restart_ratectl = 0;
2055 uint8_t bid = 1 << rvp->rvp_id;
2056
2057 ostate = vap->iv_state;
2058 DPRINTF("%s -> %s\n",
2059 ieee80211_state_name[ostate],
2060 ieee80211_state_name[nstate]);
2061
2062 IEEE80211_UNLOCK(ic);
2063 RUN_LOCK(sc);
2064
2065 ratectl = sc->ratectl_run; /* remember current state */
2066 sc->ratectl_run = RUN_RATECTL_OFF;
2067 usb_callout_stop(&sc->ratectl_ch);
2068
2069 if (ostate == IEEE80211_S_RUN) {
2070 /* turn link LED off */
2071 run_set_leds(sc, RT2860_LED_RADIO);
2072 }
2073
2074 switch (nstate) {
2075 case IEEE80211_S_INIT:
2076 restart_ratectl = 1;
2077
2078 if (ostate != IEEE80211_S_RUN)
2079 break;
2080
2081 ratectl &= ~bid;
2082 sc->runbmap &= ~bid;
2083
2084 /* abort TSF synchronization if there is no vap running */
2085 if (--sc->running == 0) {
2086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2087 run_write(sc, RT2860_BCN_TIME_CFG,
2088 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2089 RT2860_TBTT_TIMER_EN));
2090 }
2091 break;
2092
2093 case IEEE80211_S_RUN:
2094 if (!(sc->runbmap & bid)) {
2095 if(sc->running++)
2096 restart_ratectl = 1;
2097 sc->runbmap |= bid;
2098 }
2099
2100 m_freem(rvp->beacon_mbuf);
2101 rvp->beacon_mbuf = NULL;
2102
2103 switch (vap->iv_opmode) {
2104 case IEEE80211_M_HOSTAP:
2105 case IEEE80211_M_MBSS:
2106 sc->ap_running |= bid;
2107 ic->ic_opmode = vap->iv_opmode;
2108 run_update_beacon_cb(vap);
2109 break;
2110 case IEEE80211_M_IBSS:
2111 sc->adhoc_running |= bid;
2112 if (!sc->ap_running)
2113 ic->ic_opmode = vap->iv_opmode;
2114 run_update_beacon_cb(vap);
2115 break;
2116 case IEEE80211_M_STA:
2117 sc->sta_running |= bid;
2118 if (!sc->ap_running && !sc->adhoc_running)
2119 ic->ic_opmode = vap->iv_opmode;
2120
2121 /* read statistic counters (clear on read) */
2122 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2123 (uint8_t *)sta, sizeof sta);
2124
2125 break;
2126 default:
2127 ic->ic_opmode = vap->iv_opmode;
2128 break;
2129 }
2130
2131 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2132 struct ieee80211_node *ni;
2133
2134 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2135 RUN_UNLOCK(sc);
2136 IEEE80211_LOCK(ic);
2137 return (-1);
2138 }
2139 run_updateslot(ic->ic_ifp);
2140 run_enable_mrr(sc);
2141 run_set_txpreamble(sc);
2142 run_set_basicrates(sc);
2143 ni = ieee80211_ref_node(vap->iv_bss);
2144 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2145 run_set_bssid(sc, ni->ni_bssid);
2146 ieee80211_free_node(ni);
2147 run_enable_tsf_sync(sc);
2148
2149 /* enable automatic rate adaptation */
2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2152 ratectl |= bid;
2153 }
2154
2155 /* turn link LED on */
2156 run_set_leds(sc, RT2860_LED_RADIO |
2157 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2158 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2159
2160 break;
2161 default:
2162 DPRINTFN(6, "undefined case\n");
2163 break;
2164 }
2165
2166 /* restart amrr for running VAPs */
2167 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2168 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2169
2170 RUN_UNLOCK(sc);
2171 IEEE80211_LOCK(ic);
2172
2173 return(rvp->newstate(vap, nstate, arg));
2174}
2175
2176/* ARGSUSED */
2177static void
2178run_wme_update_cb(void *arg)
2179{
2180 struct ieee80211com *ic = arg;
2181 struct run_softc *sc = ic->ic_ifp->if_softc;
2182 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
2183 int aci, error = 0;
2184
2185 RUN_LOCK_ASSERT(sc, MA_OWNED);
2186
2187 /* update MAC TX configuration registers */
2188 for (aci = 0; aci < WME_NUM_AC; aci++) {
2189 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2190 wmesp->wme_params[aci].wmep_logcwmax << 16 |
2191 wmesp->wme_params[aci].wmep_logcwmin << 12 |
2192 wmesp->wme_params[aci].wmep_aifsn << 8 |
2193 wmesp->wme_params[aci].wmep_txopLimit);
2194 if (error) goto err;
2195 }
2196
2197 /* update SCH/DMA registers too */
2198 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2199 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
2200 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
2201 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
2202 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
2203 if (error) goto err;
2204 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2205 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
2206 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
2207 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
2208 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
2209 if (error) goto err;
2210 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2211 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
2212 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
2213 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
2214 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
2215 if (error) goto err;
2216 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2217 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
2218 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
2219 if (error) goto err;
2220 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2221 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
2222 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
2223
2224err:
2225 if (error)
2226 DPRINTF("WME update failed\n");
2227
2228 return;
2229}
2230
2231static int
2232run_wme_update(struct ieee80211com *ic)
2233{
2234 struct run_softc *sc = ic->ic_ifp->if_softc;
2235
2236 /* sometime called wothout lock */
2237 if (mtx_owned(&ic->ic_comlock.mtx)) {
2238 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2239 DPRINTF("cmdq_store=%d\n", i);
2240 sc->cmdq[i].func = run_wme_update_cb;
2241 sc->cmdq[i].arg0 = ic;
2242 ieee80211_runtask(ic, &sc->cmdq_task);
2243 return (0);
2244 }
2245
2246 RUN_LOCK(sc);
2247 run_wme_update_cb(ic);
2248 RUN_UNLOCK(sc);
2249
2250 /* return whatever, upper layer desn't care anyway */
2251 return (0);
2252}
2253
2254static void
2255run_key_update_begin(struct ieee80211vap *vap)
2256{
2257 /*
2258 * To avoid out-of-order events, both run_key_set() and
2259 * _delete() are deferred and handled by run_cmdq_cb().
2260 * So, there is nothing we need to do here.
2261 */
2262}
2263
2264static void
2265run_key_update_end(struct ieee80211vap *vap)
2266{
2267 /* null */
2268}
2269
2270static void
2271run_key_set_cb(void *arg)
2272{
2273 struct run_cmdq *cmdq = arg;
2274 struct ieee80211vap *vap = cmdq->arg1;
2275 struct ieee80211_key *k = cmdq->k;
2276 struct ieee80211com *ic = vap->iv_ic;
2277 struct run_softc *sc = ic->ic_ifp->if_softc;
2278 struct ieee80211_node *ni;
2279 uint32_t attr;
2280 uint16_t base, associd;
2281 uint8_t mode, wcid, iv[8];
2282
2283 RUN_LOCK_ASSERT(sc, MA_OWNED);
2284
2285 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2286 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2287 else
2288 ni = vap->iv_bss;
2289 associd = (ni != NULL) ? ni->ni_associd : 0;
2290
2291 /* map net80211 cipher to RT2860 security mode */
2292 switch (k->wk_cipher->ic_cipher) {
2293 case IEEE80211_CIPHER_WEP:
2294 if(k->wk_keylen < 8)
2295 mode = RT2860_MODE_WEP40;
2296 else
2297 mode = RT2860_MODE_WEP104;
2298 break;
2299 case IEEE80211_CIPHER_TKIP:
2300 mode = RT2860_MODE_TKIP;
2301 break;
2302 case IEEE80211_CIPHER_AES_CCM:
2303 mode = RT2860_MODE_AES_CCMP;
2304 break;
2305 default:
2306 DPRINTF("undefined case\n");
2307 return;
2308 }
2309
2310 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2311 associd, k->wk_keyix, mode,
2312 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2313 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2314 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2315
2316 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2317 wcid = 0; /* NB: update WCID0 for group keys */
2318 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2319 } else {
2320 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2321 1 : RUN_AID2WCID(associd);
2322 base = RT2860_PKEY(wcid);
2323 }
2324
2325 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2326 if(run_write_region_1(sc, base, k->wk_key, 16))
2327 return;
2328 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2329 return;
2330 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2331 return;
2332 } else {
2333 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2334 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2335 return;
2336 }
2337
2338 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2339 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2340 /* set initial packet number in IV+EIV */
2341 if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
2342 memset(iv, 0, sizeof iv);
2343 iv[3] = vap->iv_def_txkey << 6;
2344 } else {
2345 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2346 iv[0] = k->wk_keytsc >> 8;
2347 iv[1] = (iv[0] | 0x20) & 0x7f;
2348 iv[2] = k->wk_keytsc;
2349 } else /* CCMP */ {
2350 iv[0] = k->wk_keytsc;
2351 iv[1] = k->wk_keytsc >> 8;
2352 iv[2] = 0;
2353 }
2354 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2355 iv[4] = k->wk_keytsc >> 16;
2356 iv[5] = k->wk_keytsc >> 24;
2357 iv[6] = k->wk_keytsc >> 32;
2358 iv[7] = k->wk_keytsc >> 40;
2359 }
2360 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2361 return;
2362 }
2363
2364 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2365 /* install group key */
2366 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2367 return;
2368 attr &= ~(0xf << (k->wk_keyix * 4));
2369 attr |= mode << (k->wk_keyix * 4);
2370 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2371 return;
2372 } else {
2373 /* install pairwise key */
2374 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2375 return;
2376 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2377 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2378 return;
2379 }
2380
2381 /* TODO create a pass-thru key entry? */
2382
2383 /* need wcid to delete the right key later */
2384 k->wk_pad = wcid;
2385}
2386
2387/*
2388 * Don't have to be deferred, but in order to keep order of
2389 * execution, i.e. with run_key_delete(), defer this and let
2390 * run_cmdq_cb() maintain the order.
2391 *
2392 * return 0 on error
2393 */
2394static int
2395run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2396 const uint8_t mac[IEEE80211_ADDR_LEN])
2397{
2398 struct ieee80211com *ic = vap->iv_ic;
2399 struct run_softc *sc = ic->ic_ifp->if_softc;
2400 uint32_t i;
2401
2402 i = RUN_CMDQ_GET(&sc->cmdq_store);
2403 DPRINTF("cmdq_store=%d\n", i);
2404 sc->cmdq[i].func = run_key_set_cb;
2405 sc->cmdq[i].arg0 = NULL;
2406 sc->cmdq[i].arg1 = vap;
2407 sc->cmdq[i].k = k;
2408 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2409 ieee80211_runtask(ic, &sc->cmdq_task);
2410
2411 /*
2412 * To make sure key will be set when hostapd
2413 * calls iv_key_set() before if_init().
2414 */
2415 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2416 RUN_LOCK(sc);
2417 sc->cmdq_key_set = RUN_CMDQ_GO;
2418 RUN_UNLOCK(sc);
2419 }
2420
2421 return (1);
2422}
2423
2424/*
2425 * If wlan is destroyed without being brought down i.e. without
2426 * wlan down or wpa_cli terminate, this function is called after
2427 * vap is gone. Don't refer it.
2428 */
2429static void
2430run_key_delete_cb(void *arg)
2431{
2432 struct run_cmdq *cmdq = arg;
2433 struct run_softc *sc = cmdq->arg1;
2434 struct ieee80211_key *k = &cmdq->key;
2435 uint32_t attr;
2436 uint8_t wcid;
2437
2438 RUN_LOCK_ASSERT(sc, MA_OWNED);
2439
2440 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2441 /* remove group key */
2442 DPRINTF("removing group key\n");
2443 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2444 attr &= ~(0xf << (k->wk_keyix * 4));
2445 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2446 } else {
2447 /* remove pairwise key */
2448 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2449 /* matching wcid was written to wk_pad in run_key_set() */
2450 wcid = k->wk_pad;
2451 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2452 attr &= ~0xf;
2453 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2454 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2455 }
2456
2457 k->wk_pad = 0;
2458}
2459
2460/*
2461 * return 0 on error
2462 */
2463static int
2464run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2465{
2466 struct ieee80211com *ic = vap->iv_ic;
2467 struct run_softc *sc = ic->ic_ifp->if_softc;
2468 struct ieee80211_key *k0;
2469 uint32_t i;
2470
2471 /*
2472 * When called back, key might be gone. So, make a copy
2473 * of some values need to delete keys before deferring.
2474 * But, because of LOR with node lock, cannot use lock here.
2475 * So, use atomic instead.
2476 */
2477 i = RUN_CMDQ_GET(&sc->cmdq_store);
2478 DPRINTF("cmdq_store=%d\n", i);
2479 sc->cmdq[i].func = run_key_delete_cb;
2480 sc->cmdq[i].arg0 = NULL;
2481 sc->cmdq[i].arg1 = sc;
2482 k0 = &sc->cmdq[i].key;
2483 k0->wk_flags = k->wk_flags;
2484 k0->wk_keyix = k->wk_keyix;
2485 /* matching wcid was written to wk_pad in run_key_set() */
2486 k0->wk_pad = k->wk_pad;
2487 ieee80211_runtask(ic, &sc->cmdq_task);
2488 return (1); /* return fake success */
2489
2490}
2491
2492static void
2493run_ratectl_to(void *arg)
2494{
2495 struct run_softc *sc = arg;
2496
2497 /* do it in a process context, so it can go sleep */
2498 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2499 /* next timeout will be rescheduled in the callback task */
2500}
2501
2502/* ARGSUSED */
2503static void
2504run_ratectl_cb(void *arg, int pending)
2505{
2506 struct run_softc *sc = arg;
2507 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2508 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2509
2510 if (vap == NULL)
2511 return;
2512
2513 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2514 /*
2515 * run_reset_livelock() doesn't do anything with AMRR,
2516 * but Ralink wants us to call it every 1 sec. So, we
2517 * piggyback here rather than creating another callout.
2518 * Livelock may occur only in HOSTAP or IBSS mode
2519 * (when h/w is sending beacons).
2520 */
2521 RUN_LOCK(sc);
2522 run_reset_livelock(sc);
2523 /* just in case, there are some stats to drain */
2524 run_drain_fifo(sc);
2525 RUN_UNLOCK(sc);
2526 }
2527
2528 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2529
2530 RUN_LOCK(sc);
2531 if(sc->ratectl_run != RUN_RATECTL_OFF)
2532 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2533 RUN_UNLOCK(sc);
2534}
2535
2536static void
2537run_drain_fifo(void *arg)
2538{
2539 struct run_softc *sc = arg;
2540 struct ifnet *ifp = sc->sc_ifp;
2541 uint32_t stat;
2542 uint16_t (*wstat)[3];
2543 uint8_t wcid, mcs, pid;
2544 int8_t retry;
2545
2546 RUN_LOCK_ASSERT(sc, MA_OWNED);
2547
2548 for (;;) {
2549 /* drain Tx status FIFO (maxsize = 16) */
2550 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2551 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2552 if (!(stat & RT2860_TXQ_VLD))
2553 break;
2554
2555 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2556
2557 /* if no ACK was requested, no feedback is available */
2558 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2559 wcid == 0)
2560 continue;
2561
2562 /*
2563 * Even though each stat is Tx-complete-status like format,
2564 * the device can poll stats. Because there is no guarantee
2565 * that the referring node is still around when read the stats.
2566 * So that, if we use ieee80211_ratectl_tx_update(), we will
2567 * have hard time not to refer already freed node.
2568 *
2569 * To eliminate such page faults, we poll stats in softc.
2570 * Then, update the rates later with ieee80211_ratectl_tx_update().
2571 */
2572 wstat = &(sc->wcid_stats[wcid]);
2573 (*wstat)[RUN_TXCNT]++;
2574 if (stat & RT2860_TXQ_OK)
2575 (*wstat)[RUN_SUCCESS]++;
2576 else
2577 ifp->if_oerrors++;
2578 /*
2579 * Check if there were retries, ie if the Tx success rate is
2580 * different from the requested rate. Note that it works only
2581 * because we do not allow rate fallback from OFDM to CCK.
2582 */
2583 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2584 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2585 if ((retry = pid -1 - mcs) > 0) {
2586 (*wstat)[RUN_TXCNT] += retry;
2587 (*wstat)[RUN_RETRY] += retry;
2588 }
2589 }
2590 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2591
2592 sc->fifo_cnt = 0;
2593}
2594
2595static void
2596run_iter_func(void *arg, struct ieee80211_node *ni)
2597{
2598 struct run_softc *sc = arg;
2599 struct ieee80211vap *vap = ni->ni_vap;
2600 struct ieee80211com *ic = ni->ni_ic;
2601 struct ifnet *ifp = ic->ic_ifp;
2602 struct run_node *rn = (void *)ni;
2603 union run_stats sta[2];
2604 uint16_t (*wstat)[3];
2605 int txcnt, success, retrycnt, error;
2606
2607 RUN_LOCK(sc);
2608
2609 /* Check for special case */
2610 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2611 ni != vap->iv_bss)
2612 goto fail;
2613
2614 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2615 vap->iv_opmode == IEEE80211_M_STA)) {
2616 /* read statistic counters (clear on read) and update AMRR state */
2617 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2618 sizeof sta);
2619 if (error != 0)
2620 goto fail;
2621
2622 /* count failed TX as errors */
2623 ifp->if_oerrors += le16toh(sta[0].error.fail);
2624
2625 retrycnt = le16toh(sta[1].tx.retry);
2626 success = le16toh(sta[1].tx.success);
2627 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2628
2629 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2630 retrycnt, success, le16toh(sta[0].error.fail));
2631 } else {
2632 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2633
2634 if (wstat == &(sc->wcid_stats[0]) ||
2635 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2636 goto fail;
2637
2638 txcnt = (*wstat)[RUN_TXCNT];
2639 success = (*wstat)[RUN_SUCCESS];
2640 retrycnt = (*wstat)[RUN_RETRY];
2641 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2642 retrycnt, txcnt, success);
2643
2644 memset(wstat, 0, sizeof(*wstat));
2645 }
2646
2647 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2648 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2649
2650fail:
2651 RUN_UNLOCK(sc);
2652
2653 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2654}
2655
2656static void
2657run_newassoc_cb(void *arg)
2658{
2659 struct run_cmdq *cmdq = arg;
2660 struct ieee80211_node *ni = cmdq->arg1;
2661 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2662 uint8_t wcid = cmdq->wcid;
2663
2664 RUN_LOCK_ASSERT(sc, MA_OWNED);
2665
2666 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2667 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2668
2669 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2670}
2671
2672static void
2673run_newassoc(struct ieee80211_node *ni, int isnew)
2674{
2675 struct run_node *rn = (void *)ni;
2676 struct ieee80211_rateset *rs = &ni->ni_rates;
2677 struct ieee80211vap *vap = ni->ni_vap;
2678 struct ieee80211com *ic = vap->iv_ic;
2679 struct run_softc *sc = ic->ic_ifp->if_softc;
2680 uint8_t rate;
2681 uint8_t ridx;
2682 uint8_t wcid;
2683 int i, j;
2684
2685 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2686 1 : RUN_AID2WCID(ni->ni_associd);
2687
2688 if (wcid > RT2870_WCID_MAX) {
2689 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2690 return;
2691 }
2692
2693 /* only interested in true associations */
2694 if (isnew && ni->ni_associd != 0) {
2695
2696 /*
2697 * This function could is called though timeout function.
2698 * Need to defer.
2699 */
2700 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2701 DPRINTF("cmdq_store=%d\n", cnt);
2702 sc->cmdq[cnt].func = run_newassoc_cb;
2703 sc->cmdq[cnt].arg0 = NULL;
2704 sc->cmdq[cnt].arg1 = ni;
2705 sc->cmdq[cnt].wcid = wcid;
2706 ieee80211_runtask(ic, &sc->cmdq_task);
2707 }
2708
2709 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2710 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2711
2712 for (i = 0; i < rs->rs_nrates; i++) {
2713 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2714 /* convert 802.11 rate to hardware rate index */
2715 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2716 if (rt2860_rates[ridx].rate == rate)
2717 break;
2718 rn->ridx[i] = ridx;
2719 /* determine rate of control response frames */
2720 for (j = i; j >= 0; j--) {
2721 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2722 rt2860_rates[rn->ridx[i]].phy ==
2723 rt2860_rates[rn->ridx[j]].phy)
2724 break;
2725 }
2726 if (j >= 0) {
2727 rn->ctl_ridx[i] = rn->ridx[j];
2728 } else {
2729 /* no basic rate found, use mandatory one */
2730 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2731 }
2732 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2733 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2734 }
2735 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2736 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2737 if (rt2860_rates[ridx].rate == rate)
2738 break;
2739 rn->mgt_ridx = ridx;
2740 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2741
2742 RUN_LOCK(sc);
2743 if(sc->ratectl_run != RUN_RATECTL_OFF)
2744 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2745 RUN_UNLOCK(sc);
2746}
2747
2748/*
2749 * Return the Rx chain with the highest RSSI for a given frame.
2750 */
2751static __inline uint8_t
2752run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2753{
2754 uint8_t rxchain = 0;
2755
2756 if (sc->nrxchains > 1) {
2757 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2758 rxchain = 1;
2759 if (sc->nrxchains > 2)
2760 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2761 rxchain = 2;
2762 }
2763 return (rxchain);
2764}
2765
2766static void
2767run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2768{
2769 struct ifnet *ifp = sc->sc_ifp;
2770 struct ieee80211com *ic = ifp->if_l2com;
2771 struct ieee80211_frame *wh;
2772 struct ieee80211_node *ni;
2773 struct rt2870_rxd *rxd;
2774 struct rt2860_rxwi *rxwi;
2775 uint32_t flags;
2776 uint16_t len, rxwisize;
2777 uint8_t ant, rssi;
2778 int8_t nf;
2779
2780 rxwi = mtod(m, struct rt2860_rxwi *);
2781 len = le16toh(rxwi->len) & 0xfff;
2782 rxwisize = sizeof(struct rt2860_rxwi);
2783 if (sc->mac_ver == 0x5592)
2784 rxwisize += sizeof(uint64_t);
2785 else if (sc->mac_ver == 0x3593)
2786 rxwisize += sizeof(uint32_t);
2787 if (__predict_false(len > dmalen)) {
2788 m_freem(m);
2789 ifp->if_ierrors++;
2790 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2791 return;
2792 }
2793 /* Rx descriptor is located at the end */
2794 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2795 flags = le32toh(rxd->flags);
2796
2797 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2798 m_freem(m);
2799 ifp->if_ierrors++;
2800 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2801 return;
2802 }
2803
2804 m->m_data += rxwisize;
2805 m->m_pkthdr.len = m->m_len -= rxwisize;
2806
2807 wh = mtod(m, struct ieee80211_frame *);
2808
2809 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2810 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2811 m->m_flags |= M_WEP;
2812 }
2813
2814 if (flags & RT2860_RX_L2PAD) {
2815 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2816 len += 2;
2817 }
2818
2819 ni = ieee80211_find_rxnode(ic,
2820 mtod(m, struct ieee80211_frame_min *));
2821
2822 if (__predict_false(flags & RT2860_RX_MICERR)) {
2823 /* report MIC failures to net80211 for TKIP */
2824 if (ni != NULL)
2825 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2826 rxwi->keyidx);
2827 m_freem(m);
2828 ifp->if_ierrors++;
2829 DPRINTF("MIC error. Someone is lying.\n");
2830 return;
2831 }
2832
2833 ant = run_maxrssi_chain(sc, rxwi);
2834 rssi = rxwi->rssi[ant];
2835 nf = run_rssi2dbm(sc, rssi, ant);
2836
2837 m->m_pkthdr.rcvif = ifp;
2838 m->m_pkthdr.len = m->m_len = len;
2839
2840 if (ni != NULL) {
2841 (void)ieee80211_input(ni, m, rssi, nf);
2842 ieee80211_free_node(ni);
2843 } else {
2844 (void)ieee80211_input_all(ic, m, rssi, nf);
2845 }
2846
2847 if (__predict_false(ieee80211_radiotap_active(ic))) {
2848 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2849 uint16_t phy;
2850
2851 tap->wr_flags = 0;
2852 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2853 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2854 tap->wr_antsignal = rssi;
2855 tap->wr_antenna = ant;
2856 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2857 tap->wr_rate = 2; /* in case it can't be found below */
2858 phy = le16toh(rxwi->phy);
2859 switch (phy & RT2860_PHY_MODE) {
2860 case RT2860_PHY_CCK:
2861 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2862 case 0: tap->wr_rate = 2; break;
2863 case 1: tap->wr_rate = 4; break;
2864 case 2: tap->wr_rate = 11; break;
2865 case 3: tap->wr_rate = 22; break;
2866 }
2867 if (phy & RT2860_PHY_SHPRE)
2868 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2869 break;
2870 case RT2860_PHY_OFDM:
2871 switch (phy & RT2860_PHY_MCS) {
2872 case 0: tap->wr_rate = 12; break;
2873 case 1: tap->wr_rate = 18; break;
2874 case 2: tap->wr_rate = 24; break;
2875 case 3: tap->wr_rate = 36; break;
2876 case 4: tap->wr_rate = 48; break;
2877 case 5: tap->wr_rate = 72; break;
2878 case 6: tap->wr_rate = 96; break;
2879 case 7: tap->wr_rate = 108; break;
2880 }
2881 break;
2882 }
2883 }
2884}
2885
2886static void
2887run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2888{
2889 struct run_softc *sc = usbd_xfer_softc(xfer);
2890 struct ifnet *ifp = sc->sc_ifp;
2891 struct mbuf *m = NULL;
2892 struct mbuf *m0;
2893 uint32_t dmalen;
2894 uint16_t rxwisize;
2895 int xferlen;
2896
2897 rxwisize = sizeof(struct rt2860_rxwi);
2898 if (sc->mac_ver == 0x5592)
2899 rxwisize += sizeof(uint64_t);
2900 else if (sc->mac_ver == 0x3593)
2901 rxwisize += sizeof(uint32_t);
2902
2903 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2904
2905 switch (USB_GET_STATE(xfer)) {
2906 case USB_ST_TRANSFERRED:
2907
2908 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2909
2910 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2911 sizeof(struct rt2870_rxd))) {
2912 DPRINTF("xfer too short %d\n", xferlen);
2913 goto tr_setup;
2914 }
2915
2916 m = sc->rx_m;
2917 sc->rx_m = NULL;
2918
2919 /* FALLTHROUGH */
2920 case USB_ST_SETUP:
2921tr_setup:
2922 if (sc->rx_m == NULL) {
2923 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2924 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2925 }
2926 if (sc->rx_m == NULL) {
2927 DPRINTF("could not allocate mbuf - idle with stall\n");
2928 ifp->if_ierrors++;
2929 usbd_xfer_set_stall(xfer);
2930 usbd_xfer_set_frames(xfer, 0);
2931 } else {
2932 /*
2933 * Directly loading a mbuf cluster into DMA to
2934 * save some data copying. This works because
2935 * there is only one cluster.
2936 */
2937 usbd_xfer_set_frame_data(xfer, 0,
2938 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2939 usbd_xfer_set_frames(xfer, 1);
2940 }
2941 usbd_transfer_submit(xfer);
2942 break;
2943
2944 default: /* Error */
2945 if (error != USB_ERR_CANCELLED) {
2946 /* try to clear stall first */
2947 usbd_xfer_set_stall(xfer);
2948
2949 if (error == USB_ERR_TIMEOUT)
2950 device_printf(sc->sc_dev, "device timeout\n");
2951
2952 ifp->if_ierrors++;
2953
2954 goto tr_setup;
2955 }
2956 if (sc->rx_m != NULL) {
2957 m_freem(sc->rx_m);
2958 sc->rx_m = NULL;
2959 }
2960 break;
2961 }
2962
2963 if (m == NULL)
2964 return;
2965
2966 /* inputting all the frames must be last */
2967
2968 RUN_UNLOCK(sc);
2969
2970 m->m_pkthdr.len = m->m_len = xferlen;
2971
2972 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2973 for(;;) {
2974 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2975
2976 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2977 ((dmalen & 3) != 0)) {
2978 DPRINTF("bad DMA length %u\n", dmalen);
2979 break;
2980 }
2981 if ((dmalen + 8) > (uint32_t)xferlen) {
2982 DPRINTF("bad DMA length %u > %d\n",
2983 dmalen + 8, xferlen);
2984 break;
2985 }
2986
2987 /* If it is the last one or a single frame, we won't copy. */
2988 if ((xferlen -= dmalen + 8) <= 8) {
2989 /* trim 32-bit DMA-len header */
2990 m->m_data += 4;
2991 m->m_pkthdr.len = m->m_len -= 4;
2992 run_rx_frame(sc, m, dmalen);
2993 m = NULL; /* don't free source buffer */
2994 break;
2995 }
2996
2997 /* copy aggregated frames to another mbuf */
2998 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
2999 if (__predict_false(m0 == NULL)) {
3000 DPRINTF("could not allocate mbuf\n");
3001 ifp->if_ierrors++;
3002 break;
3003 }
3004 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3005 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3006 m0->m_pkthdr.len = m0->m_len =
3007 dmalen + sizeof(struct rt2870_rxd);
3008 run_rx_frame(sc, m0, dmalen);
3009
3010 /* update data ptr */
3011 m->m_data += dmalen + 8;
3012 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3013 }
3014
3015 /* make sure we free the source buffer, if any */
3016 m_freem(m);
3017
3018 RUN_LOCK(sc);
3019}
3020
3021static void
3022run_tx_free(struct run_endpoint_queue *pq,
3023 struct run_tx_data *data, int txerr)
3024{
3025 if (data->m != NULL) {
3026 if (data->m->m_flags & M_TXCB)
3027 ieee80211_process_callback(data->ni, data->m,
3028 txerr ? ETIMEDOUT : 0);
3029 m_freem(data->m);
3030 data->m = NULL;
3031
3032 if (data->ni == NULL) {
3033 DPRINTF("no node\n");
3034 } else {
3035 ieee80211_free_node(data->ni);
3036 data->ni = NULL;
3037 }
3038 }
3039
3040 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3041 pq->tx_nfree++;
3042}
3043
3044static void
3045run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3046{
3047 struct run_softc *sc = usbd_xfer_softc(xfer);
3048 struct ifnet *ifp = sc->sc_ifp;
3049 struct ieee80211com *ic = ifp->if_l2com;
3050 struct run_tx_data *data;
3051 struct ieee80211vap *vap = NULL;
3052 struct usb_page_cache *pc;
3053 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3054 struct mbuf *m;
3055 usb_frlength_t size;
3056 int actlen;
3057 int sumlen;
3058
3059 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3060
3061 switch (USB_GET_STATE(xfer)) {
3062 case USB_ST_TRANSFERRED:
3063 DPRINTFN(11, "transfer complete: %d "
3064 "bytes @ index %d\n", actlen, index);
3065
3066 data = usbd_xfer_get_priv(xfer);
3067
3068 run_tx_free(pq, data, 0);
3069 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
3070
3071 usbd_xfer_set_priv(xfer, NULL);
3072
3073 ifp->if_opackets++;
3074
3075 /* FALLTHROUGH */
3076 case USB_ST_SETUP:
3077tr_setup:
3078 data = STAILQ_FIRST(&pq->tx_qh);
3079 if (data == NULL)
3080 break;
3081
3082 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3083
3084 m = data->m;
3085 size = (sc->mac_ver == 0x5592) ?
3086 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3087 if ((m->m_pkthdr.len +
3088 size + 3 + 8) > RUN_MAX_TXSZ) {
3089 DPRINTF("data overflow, %u bytes\n",
3090 m->m_pkthdr.len);
3091
3092 ifp->if_oerrors++;
3093
3094 run_tx_free(pq, data, 1);
3095
3096 goto tr_setup;
3097 }
3098
3099 pc = usbd_xfer_get_frame(xfer, 0);
3100 usbd_copy_in(pc, 0, &data->desc, size);
3101 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3102 size += m->m_pkthdr.len;
3103 /*
3104 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3105 * 4-byte padding), and be sure to zero those trailing
3106 * bytes:
3107 */
3108 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3109 size += ((-size) & 3) + 8;
3110
3111 vap = data->ni->ni_vap;
3112 if (ieee80211_radiotap_active_vap(vap)) {
3113 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3114 struct rt2860_txwi *txwi =
3115 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3116 tap->wt_flags = 0;
3117 tap->wt_rate = rt2860_rates[data->ridx].rate;
3118 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3119 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3120 tap->wt_hwqueue = index;
3121 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3122 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3123
3124 ieee80211_radiotap_tx(vap, m);
3125 }
3126
3127 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3128 m->m_pkthdr.len, size, index);
3129
3130 usbd_xfer_set_frame_len(xfer, 0, size);
3131 usbd_xfer_set_priv(xfer, data);
3132
3133 usbd_transfer_submit(xfer);
3134
3135 RUN_UNLOCK(sc);
3136 run_start(ifp);
3137 RUN_LOCK(sc);
3138
3139 break;
3140
3141 default:
3142 DPRINTF("USB transfer error, %s\n",
3143 usbd_errstr(error));
3144
3145 data = usbd_xfer_get_priv(xfer);
3146
3147 ifp->if_oerrors++;
3148
3149 if (data != NULL) {
3150 if(data->ni != NULL)
3151 vap = data->ni->ni_vap;
3152 run_tx_free(pq, data, error);
3153 usbd_xfer_set_priv(xfer, NULL);
3154 }
3155 if (vap == NULL)
3156 vap = TAILQ_FIRST(&ic->ic_vaps);
3157
3158 if (error != USB_ERR_CANCELLED) {
3159 if (error == USB_ERR_TIMEOUT) {
3160 device_printf(sc->sc_dev, "device timeout\n");
3161 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3162 DPRINTF("cmdq_store=%d\n", i);
3163 sc->cmdq[i].func = run_usb_timeout_cb;
3164 sc->cmdq[i].arg0 = vap;
3165 ieee80211_runtask(ic, &sc->cmdq_task);
3166 }
3167
3168 /*
3169 * Try to clear stall first, also if other
3170 * errors occur, hence clearing stall
3171 * introduces a 50 ms delay:
3172 */
3173 usbd_xfer_set_stall(xfer);
3174 goto tr_setup;
3175 }
3176 break;
3177 }
3178}
3179
3180static void
3181run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3182{
3183 run_bulk_tx_callbackN(xfer, error, 0);
3184}
3185
3186static void
3187run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3188{
3189 run_bulk_tx_callbackN(xfer, error, 1);
3190}
3191
3192static void
3193run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3194{
3195 run_bulk_tx_callbackN(xfer, error, 2);
3196}
3197
3198static void
3199run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3200{
3201 run_bulk_tx_callbackN(xfer, error, 3);
3202}
3203
3204static void
3205run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3206{
3207 run_bulk_tx_callbackN(xfer, error, 4);
3208}
3209
3210static void
3211run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3212{
3213 run_bulk_tx_callbackN(xfer, error, 5);
3214}
3215
3216static void
3217run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3218{
3219 struct mbuf *m = data->m;
3220 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3221 struct ieee80211vap *vap = data->ni->ni_vap;
3222 struct ieee80211_frame *wh;
3223 struct rt2870_txd *txd;
3224 struct rt2860_txwi *txwi;
3225 uint16_t xferlen, txwisize;
3226 uint16_t mcs;
3227 uint8_t ridx = data->ridx;
3228 uint8_t pad;
3229
3230 /* get MCS code from rate index */
3231 mcs = rt2860_rates[ridx].mcs;
3232
3233 txwisize = (sc->mac_ver == 0x5592) ?
3234 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3235 xferlen = txwisize + m->m_pkthdr.len;
3236
3237 /* roundup to 32-bit alignment */
3238 xferlen = (xferlen + 3) & ~3;
3239
3240 txd = (struct rt2870_txd *)&data->desc;
3241 txd->len = htole16(xferlen);
3242
3243 wh = mtod(m, struct ieee80211_frame *);
3244
3245 /*
3246 * Ether both are true or both are false, the header
3247 * are nicely aligned to 32-bit. So, no L2 padding.
3248 */
3249 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3250 pad = 0;
3251 else
3252 pad = 2;
3253
3254 /* setup TX Wireless Information */
3255 txwi = (struct rt2860_txwi *)(txd + 1);
3256 txwi->len = htole16(m->m_pkthdr.len - pad);
3257 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3258 mcs |= RT2860_PHY_CCK;
3259 if (ridx != RT2860_RIDX_CCK1 &&
3260 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3261 mcs |= RT2860_PHY_SHPRE;
3262 } else
3263 mcs |= RT2860_PHY_OFDM;
3264 txwi->phy = htole16(mcs);
3265
3266 /* check if RTS/CTS or CTS-to-self protection is required */
3267 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3268 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3269 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3270 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3271 txwi->txop |= RT2860_TX_TXOP_HT;
3272 else
3273 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3274
3275 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3276 txwi->xflags |= RT2860_TX_NSEQ;
3277}
3278
3279/* This function must be called locked */
3280static int
3281run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3282{
3283 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3284 struct ieee80211vap *vap = ni->ni_vap;
3285 struct ieee80211_frame *wh;
3286 struct ieee80211_channel *chan;
3287 const struct ieee80211_txparam *tp;
3288 struct run_node *rn = (void *)ni;
3289 struct run_tx_data *data;
3290 struct rt2870_txd *txd;
3291 struct rt2860_txwi *txwi;
3292 uint16_t qos;
3293 uint16_t dur;
3294 uint16_t qid;
3295 uint8_t type;
3296 uint8_t tid;
3297 uint8_t ridx;
3298 uint8_t ctl_ridx;
3299 uint8_t qflags;
3300 uint8_t xflags = 0;
3301 int hasqos;
3302
3303 RUN_LOCK_ASSERT(sc, MA_OWNED);
3304
3305 wh = mtod(m, struct ieee80211_frame *);
3306
3307 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3308
3309 /*
3310 * There are 7 bulk endpoints: 1 for RX
3311 * and 6 for TX (4 EDCAs + HCCA + Prio).
3312 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3313 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3314 */
3315 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3316 uint8_t *frm;
3317
3318 if(IEEE80211_HAS_ADDR4(wh))
3319 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3320 else
3321 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3322
3323 qos = le16toh(*(const uint16_t *)frm);
3324 tid = qos & IEEE80211_QOS_TID;
3325 qid = TID_TO_WME_AC(tid);
3326 } else {
3327 qos = 0;
3328 tid = 0;
3329 qid = WME_AC_BE;
3330 }
3331 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3332
3333 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3334 qos, qid, tid, qflags);
3335
3336 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3337 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3338
3339 /* pickup a rate index */
3340 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3341 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3342 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3343 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3344 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3345 } else {
3346 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3347 ridx = rn->fix_ridx;
3348 else
3349 ridx = rn->amrr_ridx;
3350 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3351 }
3352
3353 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3354 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3355 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3356 xflags |= RT2860_TX_ACK;
3357 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3358 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3359 else
3360 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3361 USETW(wh->i_dur, dur);
3362 }
3363
3364 /* reserve slots for mgmt packets, just in case */
3365 if (sc->sc_epq[qid].tx_nfree < 3) {
3366 DPRINTFN(10, "tx ring %d is full\n", qid);
3367 return (-1);
3368 }
3369
3370 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3371 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3372 sc->sc_epq[qid].tx_nfree--;
3373
3374 txd = (struct rt2870_txd *)&data->desc;
3375 txd->flags = qflags;
3376 txwi = (struct rt2860_txwi *)(txd + 1);
3377 txwi->xflags = xflags;
3378 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3379 txwi->wcid = 0;
3380 else
3381 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3382 1 : RUN_AID2WCID(ni->ni_associd);
3383
3384 /* clear leftover garbage bits */
3385 txwi->flags = 0;
3386 txwi->txop = 0;
3387
3388 data->m = m;
3389 data->ni = ni;
3390 data->ridx = ridx;
3391
3392 run_set_tx_desc(sc, data);
3393
3394 /*
3395 * The chip keeps track of 2 kind of Tx stats,
3396 * * TX_STAT_FIFO, for per WCID stats, and
3397 * * TX_STA_CNT0 for all-TX-in-one stats.
3398 *
3399 * To use FIFO stats, we need to store MCS into the driver-private
3400 * PacketID field. So that, we can tell whose stats when we read them.
3401 * We add 1 to the MCS because setting the PacketID field to 0 means
3402 * that we don't want feedback in TX_STAT_FIFO.
3403 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3404 *
3405 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3406 */
3407 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3408 vap->iv_opmode == IEEE80211_M_MBSS) {
3409 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3410 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3411
3412 /*
3413 * Unlike PCI based devices, we don't get any interrupt from
3414 * USB devices, so we simulate FIFO-is-full interrupt here.
3415 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3416 * quickly get fulled. To prevent overflow, increment a counter on
3417 * every FIFO stat request, so we know how many slots are left.
3418 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3419 * are used only in those modes.
3420 * We just drain stats. AMRR gets updated every 1 sec by
3421 * run_ratectl_cb() via callout.
3422 * Call it early. Otherwise overflow.
3423 */
3424 if (sc->fifo_cnt++ == 10) {
3425 /*
3426 * With multiple vaps or if_bridge, if_start() is called
3427 * with a non-sleepable lock, tcpinp. So, need to defer.
3428 */
3429 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3430 DPRINTFN(6, "cmdq_store=%d\n", i);
3431 sc->cmdq[i].func = run_drain_fifo;
3432 sc->cmdq[i].arg0 = sc;
3433 ieee80211_runtask(ic, &sc->cmdq_task);
3434 }
3435 }
3436
3437 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3438
3439 usbd_transfer_start(sc->sc_xfer[qid]);
3440
3441 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3442 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3443 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3444
3445 return (0);
3446}
3447
3448static int
3449run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3450{
3451 struct ifnet *ifp = sc->sc_ifp;
3452 struct ieee80211com *ic = ifp->if_l2com;
3453 struct run_node *rn = (void *)ni;
3454 struct run_tx_data *data;
3455 struct ieee80211_frame *wh;
3456 struct rt2870_txd *txd;
3457 struct rt2860_txwi *txwi;
3458 uint16_t dur;
3459 uint8_t ridx = rn->mgt_ridx;
3460 uint8_t type;
3461 uint8_t xflags = 0;
3462 uint8_t wflags = 0;
3463
3464 RUN_LOCK_ASSERT(sc, MA_OWNED);
3465
3466 wh = mtod(m, struct ieee80211_frame *);
3467
3468 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3469
3470 /* tell hardware to add timestamp for probe responses */
3471 if ((wh->i_fc[0] &
3472 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3473 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3474 wflags |= RT2860_TX_TS;
3475 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3476 xflags |= RT2860_TX_ACK;
3477
3478 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3479 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3480 USETW(wh->i_dur, dur);
3481 }
3482
3483 if (sc->sc_epq[0].tx_nfree == 0) {
3484 /* let caller free mbuf */
3485 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3486 return (EIO);
3487 }
3488 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3489 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3490 sc->sc_epq[0].tx_nfree--;
3491
3492 txd = (struct rt2870_txd *)&data->desc;
3493 txd->flags = RT2860_TX_QSEL_EDCA;
3494 txwi = (struct rt2860_txwi *)(txd + 1);
3495 txwi->wcid = 0xff;
3496 txwi->flags = wflags;
3497 txwi->xflags = xflags;
3498 txwi->txop = 0; /* clear leftover garbage bits */
3499
3500 data->m = m;
3501 data->ni = ni;
3502 data->ridx = ridx;
3503
3504 run_set_tx_desc(sc, data);
3505
3506 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3507 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3508 rt2860_rates[ridx].rate);
3509
3510 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3511
3512 usbd_transfer_start(sc->sc_xfer[0]);
3513
3514 return (0);
3515}
3516
3517static int
3518run_sendprot(struct run_softc *sc,
3519 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3520{
3521 struct ieee80211com *ic = ni->ni_ic;
3522 struct ieee80211_frame *wh;
3523 struct run_tx_data *data;
3524 struct rt2870_txd *txd;
3525 struct rt2860_txwi *txwi;
3526 struct mbuf *mprot;
3527 int ridx;
3528 int protrate;
3529 int ackrate;
3530 int pktlen;
3531 int isshort;
3532 uint16_t dur;
3533 uint8_t type;
3534 uint8_t wflags = 0;
3535 uint8_t xflags = 0;
3536
3537 RUN_LOCK_ASSERT(sc, MA_OWNED);
3538
3539 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3540 ("protection %d", prot));
3541
3542 wh = mtod(m, struct ieee80211_frame *);
3543 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3544 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3545
3546 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3547 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3548
3549 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3550 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3551 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3552 wflags = RT2860_TX_FRAG;
3553
3554 /* check that there are free slots before allocating the mbuf */
3555 if (sc->sc_epq[0].tx_nfree == 0) {
3556 /* let caller free mbuf */
3557 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3558 return (ENOBUFS);
3559 }
3560
3561 if (prot == IEEE80211_PROT_RTSCTS) {
3562 /* NB: CTS is the same size as an ACK */
3563 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3564 xflags |= RT2860_TX_ACK;
3565 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3566 } else {
3567 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3568 }
3569 if (mprot == NULL) {
3570 sc->sc_ifp->if_oerrors++;
3571 DPRINTF("could not allocate mbuf\n");
3572 return (ENOBUFS);
3573 }
3574
3575 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3576 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3577 sc->sc_epq[0].tx_nfree--;
3578
3579 txd = (struct rt2870_txd *)&data->desc;
3580 txd->flags = RT2860_TX_QSEL_EDCA;
3581 txwi = (struct rt2860_txwi *)(txd + 1);
3582 txwi->wcid = 0xff;
3583 txwi->flags = wflags;
3584 txwi->xflags = xflags;
3585 txwi->txop = 0; /* clear leftover garbage bits */
3586
3587 data->m = mprot;
3588 data->ni = ieee80211_ref_node(ni);
3589
3590 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3591 if (rt2860_rates[ridx].rate == protrate)
3592 break;
3593 data->ridx = ridx;
3594
3595 run_set_tx_desc(sc, data);
3596
3597 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3598 m->m_pkthdr.len, rate);
3599
3600 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3601
3602 usbd_transfer_start(sc->sc_xfer[0]);
3603
3604 return (0);
3605}
3606
3607static int
3608run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3609 const struct ieee80211_bpf_params *params)
3610{
3611 struct ieee80211com *ic = ni->ni_ic;
3612 struct ieee80211_frame *wh;
3613 struct run_tx_data *data;
3614 struct rt2870_txd *txd;
3615 struct rt2860_txwi *txwi;
3616 uint8_t type;
3617 uint8_t ridx;
3618 uint8_t rate;
3619 uint8_t opflags = 0;
3620 uint8_t xflags = 0;
3621 int error;
3622
3623 RUN_LOCK_ASSERT(sc, MA_OWNED);
3624
3625 KASSERT(params != NULL, ("no raw xmit params"));
3626
3627 wh = mtod(m, struct ieee80211_frame *);
3628 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3629
3630 rate = params->ibp_rate0;
3631 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3632 /* let caller free mbuf */
3633 return (EINVAL);
3634 }
3635
3636 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3637 xflags |= RT2860_TX_ACK;
3638 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3639 error = run_sendprot(sc, m, ni,
3640 params->ibp_flags & IEEE80211_BPF_RTS ?
3641 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3642 rate);
3643 if (error) {
3644 /* let caller free mbuf */
3645 return error;
3646 }
3647 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3648 }
3649
3650 if (sc->sc_epq[0].tx_nfree == 0) {
3651 /* let caller free mbuf */
3652 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3653 DPRINTF("sending raw frame, but tx ring is full\n");
3654 return (EIO);
3655 }
3656 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3657 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3658 sc->sc_epq[0].tx_nfree--;
3659
3660 txd = (struct rt2870_txd *)&data->desc;
3661 txd->flags = RT2860_TX_QSEL_EDCA;
3662 txwi = (struct rt2860_txwi *)(txd + 1);
3663 txwi->wcid = 0xff;
3664 txwi->xflags = xflags;
3665 txwi->txop = opflags;
3666 txwi->flags = 0; /* clear leftover garbage bits */
3667
3668 data->m = m;
3669 data->ni = ni;
3670 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3671 if (rt2860_rates[ridx].rate == rate)
3672 break;
3673 data->ridx = ridx;
3674
3675 run_set_tx_desc(sc, data);
3676
3677 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3678 m->m_pkthdr.len, rate);
3679
3680 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3681
3682 usbd_transfer_start(sc->sc_xfer[0]);
3683
3684 return (0);
3685}
3686
3687static int
3688run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3689 const struct ieee80211_bpf_params *params)
3690{
3691 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3692 struct run_softc *sc = ifp->if_softc;
3693 int error = 0;
3694
3695 RUN_LOCK(sc);
3696
3697 /* prevent management frames from being sent if we're not ready */
3698 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
3699 error = ENETDOWN;
3700 goto done;
3701 }
3702
3703 if (params == NULL) {
3704 /* tx mgt packet */
3705 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3706 ifp->if_oerrors++;
3707 DPRINTF("mgt tx failed\n");
3708 goto done;
3709 }
3710 } else {
3711 /* tx raw packet with param */
3712 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3713 ifp->if_oerrors++;
3714 DPRINTF("tx with param failed\n");
3715 goto done;
3716 }
3717 }
3718
3719 ifp->if_opackets++;
3720
3721done:
3722 RUN_UNLOCK(sc);
3723
3724 if (error != 0) {
3725 if(m != NULL)
3726 m_freem(m);
3727 ieee80211_free_node(ni);
3728 }
3729
3730 return (error);
3731}
3732
3733static void
3734run_start(struct ifnet *ifp)
3735{
3736 struct run_softc *sc = ifp->if_softc;
3737 struct ieee80211_node *ni;
3738 struct mbuf *m;
3739
3740 RUN_LOCK(sc);
3741
3742 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3743 RUN_UNLOCK(sc);
3744 return;
3745 }
3746
3747 for (;;) {
3748 /* send data frames */
3749 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3750 if (m == NULL)
3751 break;
3752
3753 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3754 if (run_tx(sc, m, ni) != 0) {
3755 IFQ_DRV_PREPEND(&ifp->if_snd, m);
3756 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3757 break;
3758 }
3759 }
3760
3761 RUN_UNLOCK(sc);
3762}
3763
3764static int
3765run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3766{
3767 struct run_softc *sc = ifp->if_softc;
3768 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3769 struct ifreq *ifr = (struct ifreq *) data;
3770 int startall = 0;
3771 int error;
3772
3773 RUN_LOCK(sc);
3774 error = sc->sc_detached ? ENXIO : 0;
3775 RUN_UNLOCK(sc);
3776 if (error)
3777 return (error);
3778
3779 switch (cmd) {
3780 case SIOCSIFFLAGS:
3781 RUN_LOCK(sc);
3782 if (ifp->if_flags & IFF_UP) {
3783 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){
3784 startall = 1;
3785 run_init_locked(sc);
3786 } else
3787 run_update_promisc_locked(ifp);
3788 } else {
3789 if (ifp->if_drv_flags & IFF_DRV_RUNNING &&
3790 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
3791 run_stop(sc);
3792 }
3793 }
3794 RUN_UNLOCK(sc);
3795 if (startall)
3796 ieee80211_start_all(ic);
3797 break;
3798 case SIOCGIFMEDIA:
3799 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3800 break;
3801 case SIOCGIFADDR:
3802 error = ether_ioctl(ifp, cmd, data);
3803 break;
3804 default:
3805 error = EINVAL;
3806 break;
3807 }
3808
3809 return (error);
3810}
3811
3812static void
3813run_iq_calib(struct run_softc *sc, u_int chan)
3814{
3815 uint16_t val;
3816
3817 /* Tx0 IQ gain. */
3818 run_bbp_write(sc, 158, 0x2c);
3819 if (chan <= 14)
3820 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3821 else if (chan <= 64) {
3822 run_efuse_read(sc,
3823 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3824 &val, 1);
3825 } else if (chan <= 138) {
3826 run_efuse_read(sc,
3827 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3828 &val, 1);
3829 } else if (chan <= 165) {
3830 run_efuse_read(sc,
3831 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3832 &val, 1);
3833 } else
3834 val = 0;
3835 run_bbp_write(sc, 159, val);
3836
3837 /* Tx0 IQ phase. */
3838 run_bbp_write(sc, 158, 0x2d);
3839 if (chan <= 14) {
3840 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3841 &val, 1);
3842 } else if (chan <= 64) {
3843 run_efuse_read(sc,
3844 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3845 &val, 1);
3846 } else if (chan <= 138) {
3847 run_efuse_read(sc,
3848 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3849 &val, 1);
3850 } else if (chan <= 165) {
3851 run_efuse_read(sc,
3852 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3853 &val, 1);
3854 } else
3855 val = 0;
3856 run_bbp_write(sc, 159, val);
3857
3858 /* Tx1 IQ gain. */
3859 run_bbp_write(sc, 158, 0x4a);
3860 if (chan <= 14) {
3861 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3862 &val, 1);
3863 } else if (chan <= 64) {
3864 run_efuse_read(sc,
3865 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3866 &val, 1);
3867 } else if (chan <= 138) {
3868 run_efuse_read(sc,
3869 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3870 &val, 1);
3871 } else if (chan <= 165) {
3872 run_efuse_read(sc,
3873 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3874 &val, 1);
3875 } else
3876 val = 0;
3877 run_bbp_write(sc, 159, val);
3878
3879 /* Tx1 IQ phase. */
3880 run_bbp_write(sc, 158, 0x4b);
3881 if (chan <= 14) {
3882 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3883 &val, 1);
3884 } else if (chan <= 64) {
3885 run_efuse_read(sc,
3886 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3887 &val, 1);
3888 } else if (chan <= 138) {
3889 run_efuse_read(sc,
3890 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3891 &val, 1);
3892 } else if (chan <= 165) {
3893 run_efuse_read(sc,
3894 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3895 &val, 1);
3896 } else
3897 val = 0;
3898 run_bbp_write(sc, 159, val);
3899
3900 /* RF IQ compensation control. */
3901 run_bbp_write(sc, 158, 0x04);
3902 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3903 &val, 1);
3904 run_bbp_write(sc, 159, val);
3905
3906 /* RF IQ imbalance compensation control. */
3907 run_bbp_write(sc, 158, 0x03);
3908 run_efuse_read(sc,
3909 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3910 run_bbp_write(sc, 159, val);
3911}
3912
3913static void
3914run_set_agc(struct run_softc *sc, uint8_t agc)
3915{
3916 uint8_t bbp;
3917
3918 if (sc->mac_ver == 0x3572) {
3919 run_bbp_read(sc, 27, &bbp);
3920 bbp &= ~(0x3 << 5);
3921 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3922 run_bbp_write(sc, 66, agc);
3923 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3924 run_bbp_write(sc, 66, agc);
3925 } else
3926 run_bbp_write(sc, 66, agc);
3927}
3928
3929static void
3930run_select_chan_group(struct run_softc *sc, int group)
3931{
3932 uint32_t tmp;
3933 uint8_t agc;
3934
3935 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3936 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3937 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3938 if (sc->mac_ver < 0x3572)
3939 run_bbp_write(sc, 86, 0x00);
3940
3941 if (sc->mac_ver == 0x3593) {
3942 run_bbp_write(sc, 77, 0x98);
3943 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3944 }
3945
3946 if (group == 0) {
3947 if (sc->ext_2ghz_lna) {
3948 if (sc->mac_ver >= 0x5390)
3949 run_bbp_write(sc, 75, 0x52);
3950 else {
3951 run_bbp_write(sc, 82, 0x62);
3952 run_bbp_write(sc, 75, 0x46);
3953 }
3954 } else {
3955 if (sc->mac_ver == 0x5592) {
3956 run_bbp_write(sc, 79, 0x1c);
3957 run_bbp_write(sc, 80, 0x0e);
3958 run_bbp_write(sc, 81, 0x3a);
3959 run_bbp_write(sc, 82, 0x62);
3960
3961 run_bbp_write(sc, 195, 0x80);
3962 run_bbp_write(sc, 196, 0xe0);
3963 run_bbp_write(sc, 195, 0x81);
3964 run_bbp_write(sc, 196, 0x1f);
3965 run_bbp_write(sc, 195, 0x82);
3966 run_bbp_write(sc, 196, 0x38);
3967 run_bbp_write(sc, 195, 0x83);
3968 run_bbp_write(sc, 196, 0x32);
3969 run_bbp_write(sc, 195, 0x85);
3970 run_bbp_write(sc, 196, 0x28);
3971 run_bbp_write(sc, 195, 0x86);
3972 run_bbp_write(sc, 196, 0x19);
3973 } else if (sc->mac_ver >= 0x5390)
3974 run_bbp_write(sc, 75, 0x50);
3975 else {
3976 run_bbp_write(sc, 82,
3977 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3978 run_bbp_write(sc, 75, 0x50);
3979 }
3980 }
3981 } else {
3982 if (sc->mac_ver == 0x5592) {
3983 run_bbp_write(sc, 79, 0x18);
3984 run_bbp_write(sc, 80, 0x08);
3985 run_bbp_write(sc, 81, 0x38);
3986 run_bbp_write(sc, 82, 0x92);
3987
3988 run_bbp_write(sc, 195, 0x80);
3989 run_bbp_write(sc, 196, 0xf0);
3990 run_bbp_write(sc, 195, 0x81);
3991 run_bbp_write(sc, 196, 0x1e);
3992 run_bbp_write(sc, 195, 0x82);
3993 run_bbp_write(sc, 196, 0x28);
3994 run_bbp_write(sc, 195, 0x83);
3995 run_bbp_write(sc, 196, 0x20);
3996 run_bbp_write(sc, 195, 0x85);
3997 run_bbp_write(sc, 196, 0x7f);
3998 run_bbp_write(sc, 195, 0x86);
3999 run_bbp_write(sc, 196, 0x7f);
4000 } else if (sc->mac_ver == 0x3572)
4001 run_bbp_write(sc, 82, 0x94);
4002 else
4003 run_bbp_write(sc, 82,
4004 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4005 if (sc->ext_5ghz_lna)
4006 run_bbp_write(sc, 75, 0x46);
4007 else
4008 run_bbp_write(sc, 75, 0x50);
4009 }
4010
4011 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4012 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4013 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4014 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4015
4016 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4017 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4018 if (sc->mac_ver == 0x3593)
4019 tmp |= 1 << 29 | 1 << 28;
4020 if (sc->nrxchains > 1)
4021 tmp |= RT2860_LNA_PE1_EN;
4022 if (group == 0) { /* 2GHz */
4023 tmp |= RT2860_PA_PE_G0_EN;
4024 if (sc->ntxchains > 1)
4025 tmp |= RT2860_PA_PE_G1_EN;
4026 if (sc->mac_ver == 0x3593) {
4027 if (sc->ntxchains > 2)
4028 tmp |= 1 << 25;
4029 }
4030 } else { /* 5GHz */
4031 tmp |= RT2860_PA_PE_A0_EN;
4032 if (sc->ntxchains > 1)
4033 tmp |= RT2860_PA_PE_A1_EN;
4034 }
4035 if (sc->mac_ver == 0x3572) {
4036 run_rt3070_rf_write(sc, 8, 0x00);
4037 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4038 run_rt3070_rf_write(sc, 8, 0x80);
4039 } else
4040 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4041
4042 if (sc->mac_ver == 0x5592) {
4043 run_bbp_write(sc, 195, 0x8d);
4044 run_bbp_write(sc, 196, 0x1a);
4045 }
4046
4047 if (sc->mac_ver == 0x3593) {
4048 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4049 tmp &= ~0x01010000;
4050 if (group == 0)
4051 tmp |= 0x00010000;
4052 tmp = (tmp & ~0x00009090) | 0x00000090;
4053 run_write(sc, RT2860_GPIO_CTRL, tmp);
4054 }
4055
4056 /* set initial AGC value */
4057 if (group == 0) { /* 2GHz band */
4058 if (sc->mac_ver >= 0x3070)
4059 agc = 0x1c + sc->lna[0] * 2;
4060 else
4061 agc = 0x2e + sc->lna[0];
4062 } else { /* 5GHz band */
4063 if (sc->mac_ver == 0x5592)
4064 agc = 0x24 + sc->lna[group] * 2;
4065 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4066 agc = 0x22 + (sc->lna[group] * 5) / 3;
4067 else
4068 agc = 0x32 + (sc->lna[group] * 5) / 3;
4069 }
4070 run_set_agc(sc, agc);
4071}
4072
4073static void
4074run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4075{
4076 const struct rfprog *rfprog = rt2860_rf2850;
4077 uint32_t r2, r3, r4;
4078 int8_t txpow1, txpow2;
4079 int i;
4080
4081 /* find the settings for this channel (we know it exists) */
4082 for (i = 0; rfprog[i].chan != chan; i++);
4083
4084 r2 = rfprog[i].r2;
4085 if (sc->ntxchains == 1)
4086 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4087 if (sc->nrxchains == 1)
4088 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4089 else if (sc->nrxchains == 2)
4090 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4091
4092 /* use Tx power values from EEPROM */
4093 txpow1 = sc->txpow1[i];
4094 txpow2 = sc->txpow2[i];
4095
4096 /* Initialize RF R3 and R4. */
4097 r3 = rfprog[i].r3 & 0xffffc1ff;
4098 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4099 if (chan > 14) {
4100 if (txpow1 >= 0) {
4101 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4102 r3 |= (txpow1 << 10) | (1 << 9);
4103 } else {
4104 txpow1 += 7;
4105
4106 /* txpow1 is not possible larger than 15. */
4107 r3 |= (txpow1 << 10);
4108 }
4109 if (txpow2 >= 0) {
4110 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4111 r4 |= (txpow2 << 7) | (1 << 6);
4112 } else {
4113 txpow2 += 7;
4114 r4 |= (txpow2 << 7);
4115 }
4116 } else {
4117 /* Set Tx0 power. */
4118 r3 |= (txpow1 << 9);
4119
4120 /* Set frequency offset and Tx1 power. */
4121 r4 |= (txpow2 << 6);
4122 }
4123
4124 run_rt2870_rf_write(sc, rfprog[i].r1);
4125 run_rt2870_rf_write(sc, r2);
4126 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4127 run_rt2870_rf_write(sc, r4);
4128
4129 run_delay(sc, 10);
4130
4131 run_rt2870_rf_write(sc, rfprog[i].r1);
4132 run_rt2870_rf_write(sc, r2);
4133 run_rt2870_rf_write(sc, r3 | (1 << 2));
4134 run_rt2870_rf_write(sc, r4);
4135
4136 run_delay(sc, 10);
4137
4138 run_rt2870_rf_write(sc, rfprog[i].r1);
4139 run_rt2870_rf_write(sc, r2);
4140 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4141 run_rt2870_rf_write(sc, r4);
4142}
4143
4144static void
4145run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4146{
4147 int8_t txpow1, txpow2;
4148 uint8_t rf;
4149 int i;
4150
4151 /* find the settings for this channel (we know it exists) */
4152 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4153
4154 /* use Tx power values from EEPROM */
4155 txpow1 = sc->txpow1[i];
4156 txpow2 = sc->txpow2[i];
4157
4158 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4159
4160 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4161 run_rt3070_rf_read(sc, 3, &rf);
4162 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4163 run_rt3070_rf_write(sc, 3, rf);
4164
4165 run_rt3070_rf_read(sc, 6, &rf);
4166 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4167 run_rt3070_rf_write(sc, 6, rf);
4168
4169 /* set Tx0 power */
4170 run_rt3070_rf_read(sc, 12, &rf);
4171 rf = (rf & ~0x1f) | txpow1;
4172 run_rt3070_rf_write(sc, 12, rf);
4173
4174 /* set Tx1 power */
4175 run_rt3070_rf_read(sc, 13, &rf);
4176 rf = (rf & ~0x1f) | txpow2;
4177 run_rt3070_rf_write(sc, 13, rf);
4178
4179 run_rt3070_rf_read(sc, 1, &rf);
4180 rf &= ~0xfc;
4181 if (sc->ntxchains == 1)
4182 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4183 else if (sc->ntxchains == 2)
4184 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4185 if (sc->nrxchains == 1)
4186 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4187 else if (sc->nrxchains == 2)
4188 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4189 run_rt3070_rf_write(sc, 1, rf);
4190
4191 /* set RF offset */
4192 run_rt3070_rf_read(sc, 23, &rf);
4193 rf = (rf & ~0x7f) | sc->freq;
4194 run_rt3070_rf_write(sc, 23, rf);
4195
4196 /* program RF filter */
4197 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4198 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4199 run_rt3070_rf_write(sc, 24, rf);
4200 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4201 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4202 run_rt3070_rf_write(sc, 31, rf);
4203
4204 /* enable RF tuning */
4205 run_rt3070_rf_read(sc, 7, &rf);
4206 run_rt3070_rf_write(sc, 7, rf | 0x01);
4207}
4208
4209static void
4210run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4211{
4212 int8_t txpow1, txpow2;
4213 uint32_t tmp;
4214 uint8_t rf;
4215 int i;
4216
4217 /* find the settings for this channel (we know it exists) */
4218 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4219
4220 /* use Tx power values from EEPROM */
4221 txpow1 = sc->txpow1[i];
4222 txpow2 = sc->txpow2[i];
4223
4224 if (chan <= 14) {
4225 run_bbp_write(sc, 25, sc->bbp25);
4226 run_bbp_write(sc, 26, sc->bbp26);
4227 } else {
4228 /* enable IQ phase correction */
4229 run_bbp_write(sc, 25, 0x09);
4230 run_bbp_write(sc, 26, 0xff);
4231 }
4232
4233 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4234 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4235 run_rt3070_rf_read(sc, 6, &rf);
4236 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4237 rf |= (chan <= 14) ? 0x08 : 0x04;
4238 run_rt3070_rf_write(sc, 6, rf);
4239
4240 /* set PLL mode */
4241 run_rt3070_rf_read(sc, 5, &rf);
4242 rf &= ~(0x08 | 0x04);
4243 rf |= (chan <= 14) ? 0x04 : 0x08;
4244 run_rt3070_rf_write(sc, 5, rf);
4245
4246 /* set Tx power for chain 0 */
4247 if (chan <= 14)
4248 rf = 0x60 | txpow1;
4249 else
4250 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4251 run_rt3070_rf_write(sc, 12, rf);
4252
4253 /* set Tx power for chain 1 */
4254 if (chan <= 14)
4255 rf = 0x60 | txpow2;
4256 else
4257 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4258 run_rt3070_rf_write(sc, 13, rf);
4259
4260 /* set Tx/Rx streams */
4261 run_rt3070_rf_read(sc, 1, &rf);
4262 rf &= ~0xfc;
4263 if (sc->ntxchains == 1)
4264 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4265 else if (sc->ntxchains == 2)
4266 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4267 if (sc->nrxchains == 1)
4268 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4269 else if (sc->nrxchains == 2)
4270 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4271 run_rt3070_rf_write(sc, 1, rf);
4272
4273 /* set RF offset */
4274 run_rt3070_rf_read(sc, 23, &rf);
4275 rf = (rf & ~0x7f) | sc->freq;
4276 run_rt3070_rf_write(sc, 23, rf);
4277
4278 /* program RF filter */
4279 rf = sc->rf24_20mhz;
4280 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4281 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4282
4283 /* enable RF tuning */
4284 run_rt3070_rf_read(sc, 7, &rf);
4285 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4286 run_rt3070_rf_write(sc, 7, rf);
4287
4288 /* TSSI */
4289 rf = (chan <= 14) ? 0xc3 : 0xc0;
4290 run_rt3070_rf_write(sc, 9, rf);
4291
4292 /* set loop filter 1 */
4293 run_rt3070_rf_write(sc, 10, 0xf1);
4294 /* set loop filter 2 */
4295 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4296
4297 /* set tx_mx2_ic */
4298 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4299 /* set tx_mx1_ic */
4300 if (chan <= 14)
4301 rf = 0x48 | sc->txmixgain_2ghz;
4302 else
4303 rf = 0x78 | sc->txmixgain_5ghz;
4304 run_rt3070_rf_write(sc, 16, rf);
4305
4306 /* set tx_lo1 */
4307 run_rt3070_rf_write(sc, 17, 0x23);
4308 /* set tx_lo2 */
4309 if (chan <= 14)
4310 rf = 0x93;
4311 else if (chan <= 64)
4312 rf = 0xb7;
4313 else if (chan <= 128)
4314 rf = 0x74;
4315 else
4316 rf = 0x72;
4317 run_rt3070_rf_write(sc, 19, rf);
4318
4319 /* set rx_lo1 */
4320 if (chan <= 14)
4321 rf = 0xb3;
4322 else if (chan <= 64)
4323 rf = 0xf6;
4324 else if (chan <= 128)
4325 rf = 0xf4;
4326 else
4327 rf = 0xf3;
4328 run_rt3070_rf_write(sc, 20, rf);
4329
4330 /* set pfd_delay */
4331 if (chan <= 14)
4332 rf = 0x15;
4333 else if (chan <= 64)
4334 rf = 0x3d;
4335 else
4336 rf = 0x01;
4337 run_rt3070_rf_write(sc, 25, rf);
4338
4339 /* set rx_lo2 */
4340 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4341 /* set ldo_rf_vc */
4342 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4343 /* set drv_cc */
4344 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4345
4346 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4347 tmp &= ~0x8080;
4348 if (chan <= 14)
4349 tmp |= 0x80;
4350 run_write(sc, RT2860_GPIO_CTRL, tmp);
4351
4352 /* enable RF tuning */
4353 run_rt3070_rf_read(sc, 7, &rf);
4354 run_rt3070_rf_write(sc, 7, rf | 0x01);
4355
4356 run_delay(sc, 2);
4357}
4358
4359static void
4360run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4361{
4362 int8_t txpow1, txpow2, txpow3;
4363 uint8_t h20mhz, rf;
4364 int i;
4365
4366 /* find the settings for this channel (we know it exists) */
4367 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4368
4369 /* use Tx power values from EEPROM */
4370 txpow1 = sc->txpow1[i];
4371 txpow2 = sc->txpow2[i];
4372 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4373
4374 if (chan <= 14) {
4375 run_bbp_write(sc, 25, sc->bbp25);
4376 run_bbp_write(sc, 26, sc->bbp26);
4377 } else {
4378 /* Enable IQ phase correction. */
4379 run_bbp_write(sc, 25, 0x09);
4380 run_bbp_write(sc, 26, 0xff);
4381 }
4382
4383 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4384 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4385 run_rt3070_rf_read(sc, 11, &rf);
4386 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4387 run_rt3070_rf_write(sc, 11, rf);
4388
4389 /* Set pll_idoh. */
4390 run_rt3070_rf_read(sc, 11, &rf);
4391 rf &= ~0x4c;
4392 rf |= (chan <= 14) ? 0x44 : 0x48;
4393 run_rt3070_rf_write(sc, 11, rf);
4394
4395 if (chan <= 14)
4396 rf = txpow1 & 0x1f;
4397 else
4398 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4399 run_rt3070_rf_write(sc, 53, rf);
4400
4401 if (chan <= 14)
4402 rf = txpow2 & 0x1f;
4403 else
4404 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4405 run_rt3070_rf_write(sc, 55, rf);
4406
4407 if (chan <= 14)
4408 rf = txpow3 & 0x1f;
4409 else
4410 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4411 run_rt3070_rf_write(sc, 54, rf);
4412
4413 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4414 if (sc->ntxchains == 3)
4415 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4416 else
4417 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4418 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4419 run_rt3070_rf_write(sc, 1, rf);
4420
4421 run_adjust_freq_offset(sc);
4422
4423 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4424
4425 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4426 run_rt3070_rf_read(sc, 30, &rf);
4427 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4428 run_rt3070_rf_write(sc, 30, rf);
4429
4430 run_rt3070_rf_read(sc, 36, &rf);
4431 if (chan <= 14)
4432 rf |= 0x80;
4433 else
4434 rf &= ~0x80;
4435 run_rt3070_rf_write(sc, 36, rf);
4436
4437 /* Set vcolo_bs. */
4438 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4439 /* Set pfd_delay. */
4440 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4441
4442 /* Set vco bias current control. */
4443 run_rt3070_rf_read(sc, 6, &rf);
4444 rf &= ~0xc0;
4445 if (chan <= 14)
4446 rf |= 0x40;
4447 else if (chan <= 128)
4448 rf |= 0x80;
4449 else
4450 rf |= 0x40;
4451 run_rt3070_rf_write(sc, 6, rf);
4452
4453 run_rt3070_rf_read(sc, 30, &rf);
4454 rf = (rf & ~0x18) | 0x10;
4455 run_rt3070_rf_write(sc, 30, rf);
4456
4457 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4458 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4459
4460 run_rt3070_rf_read(sc, 51, &rf);
4461 rf = (rf & ~0x03) | 0x01;
4462 run_rt3070_rf_write(sc, 51, rf);
4463 /* Set tx_mx1_cc. */
4464 run_rt3070_rf_read(sc, 51, &rf);
4465 rf &= ~0x1c;
4466 rf |= (chan <= 14) ? 0x14 : 0x10;
4467 run_rt3070_rf_write(sc, 51, rf);
4468 /* Set tx_mx1_ic. */
4469 run_rt3070_rf_read(sc, 51, &rf);
4470 rf &= ~0xe0;
4471 rf |= (chan <= 14) ? 0x60 : 0x40;
4472 run_rt3070_rf_write(sc, 51, rf);
4473 /* Set tx_lo1_ic. */
4474 run_rt3070_rf_read(sc, 49, &rf);
4475 rf &= ~0x1c;
4476 rf |= (chan <= 14) ? 0x0c : 0x08;
4477 run_rt3070_rf_write(sc, 49, rf);
4478 /* Set tx_lo1_en. */
4479 run_rt3070_rf_read(sc, 50, &rf);
4480 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4481 /* Set drv_cc. */
4482 run_rt3070_rf_read(sc, 57, &rf);
4483 rf &= ~0xfc;
4484 rf |= (chan <= 14) ? 0x6c : 0x3c;
4485 run_rt3070_rf_write(sc, 57, rf);
4486 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4487 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4488 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4489 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4490 /* Enable VCO calibration. */
4491 run_rt3070_rf_read(sc, 3, &rf);
4492 rf &= ~RT5390_VCOCAL;
4493 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4494 run_rt3070_rf_write(sc, 3, rf);
4495
4496 if (chan <= 14)
4497 rf = 0x23;
4498 else if (chan <= 64)
4499 rf = 0x36;
4500 else if (chan <= 128)
4501 rf = 0x32;
4502 else
4503 rf = 0x30;
4504 run_rt3070_rf_write(sc, 39, rf);
4505 if (chan <= 14)
4506 rf = 0xbb;
4507 else if (chan <= 64)
4508 rf = 0xeb;
4509 else if (chan <= 128)
4510 rf = 0xb3;
4511 else
4512 rf = 0x9b;
4513 run_rt3070_rf_write(sc, 45, rf);
4514
4515 /* Set FEQ/AEQ control. */
4516 run_bbp_write(sc, 105, 0x34);
4517}
4518
4519static void
4520run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4521{
4522 int8_t txpow1, txpow2;
4523 uint8_t rf;
4524 int i;
4525
4526 /* find the settings for this channel (we know it exists) */
4527 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4528
4529 /* use Tx power values from EEPROM */
4530 txpow1 = sc->txpow1[i];
4531 txpow2 = sc->txpow2[i];
4532
4533 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4534 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4535 run_rt3070_rf_read(sc, 11, &rf);
4536 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4537 run_rt3070_rf_write(sc, 11, rf);
4538
4539 run_rt3070_rf_read(sc, 49, &rf);
4540 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4541 /* The valid range of the RF R49 is 0x00 to 0x27. */
4542 if ((rf & 0x3f) > 0x27)
4543 rf = (rf & ~0x3f) | 0x27;
4544 run_rt3070_rf_write(sc, 49, rf);
4545
4546 if (sc->mac_ver == 0x5392) {
4547 run_rt3070_rf_read(sc, 50, &rf);
4548 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4549 /* The valid range of the RF R50 is 0x00 to 0x27. */
4550 if ((rf & 0x3f) > 0x27)
4551 rf = (rf & ~0x3f) | 0x27;
4552 run_rt3070_rf_write(sc, 50, rf);
4553 }
4554
4555 run_rt3070_rf_read(sc, 1, &rf);
4556 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4557 if (sc->mac_ver == 0x5392)
4558 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4559 run_rt3070_rf_write(sc, 1, rf);
4560
4561 if (sc->mac_ver != 0x5392) {
4562 run_rt3070_rf_read(sc, 2, &rf);
4563 rf |= 0x80;
4564 run_rt3070_rf_write(sc, 2, rf);
4565 run_delay(sc, 10);
4566 rf &= 0x7f;
4567 run_rt3070_rf_write(sc, 2, rf);
4568 }
4569
4570 run_adjust_freq_offset(sc);
4571
4572 if (sc->mac_ver == 0x5392) {
4573 /* Fix for RT5392C. */
4574 if (sc->mac_rev >= 0x0223) {
4575 if (chan <= 4)
4576 rf = 0x0f;
4577 else if (chan >= 5 && chan <= 7)
4578 rf = 0x0e;
4579 else
4580 rf = 0x0d;
4581 run_rt3070_rf_write(sc, 23, rf);
4582
4583 if (chan <= 4)
4584 rf = 0x0c;
4585 else if (chan == 5)
4586 rf = 0x0b;
4587 else if (chan >= 6 && chan <= 7)
4588 rf = 0x0a;
4589 else if (chan >= 8 && chan <= 10)
4590 rf = 0x09;
4591 else
4592 rf = 0x08;
4593 run_rt3070_rf_write(sc, 59, rf);
4594 } else {
4595 if (chan <= 11)
4596 rf = 0x0f;
4597 else
4598 rf = 0x0b;
4599 run_rt3070_rf_write(sc, 59, rf);
4600 }
4601 } else {
4602 /* Fix for RT5390F. */
4603 if (sc->mac_rev >= 0x0502) {
4604 if (chan <= 11)
4605 rf = 0x43;
4606 else
4607 rf = 0x23;
4608 run_rt3070_rf_write(sc, 55, rf);
4609
4610 if (chan <= 11)
4611 rf = 0x0f;
4612 else if (chan == 12)
4613 rf = 0x0d;
4614 else
4615 rf = 0x0b;
4616 run_rt3070_rf_write(sc, 59, rf);
4617 } else {
4618 run_rt3070_rf_write(sc, 55, 0x44);
4619 run_rt3070_rf_write(sc, 59, 0x8f);
4620 }
4621 }
4622
4623 /* Enable VCO calibration. */
4624 run_rt3070_rf_read(sc, 3, &rf);
4625 rf |= RT5390_VCOCAL;
4626 run_rt3070_rf_write(sc, 3, rf);
4627}
4628
4629static void
4630run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4631{
4632 const struct rt5592_freqs *freqs;
4633 uint32_t tmp;
4634 uint8_t reg, rf, txpow_bound;
4635 int8_t txpow1, txpow2;
4636 int i;
4637
4638 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4639 freqs = (tmp & RT5592_SEL_XTAL) ?
4640 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4641
4642 /* find the settings for this channel (we know it exists) */
4643 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4644
4645 /* use Tx power values from EEPROM */
4646 txpow1 = sc->txpow1[i];
4647 txpow2 = sc->txpow2[i];
4648
4649 run_read(sc, RT3070_LDO_CFG0, &tmp);
4650 tmp &= ~0x1c000000;
4651 if (chan > 14)
4652 tmp |= 0x14000000;
4653 run_write(sc, RT3070_LDO_CFG0, tmp);
4654
4655 /* N setting. */
4656 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4657 run_rt3070_rf_read(sc, 9, &rf);
4658 rf &= ~(1 << 4);
4659 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4660 run_rt3070_rf_write(sc, 9, rf);
4661
4662 /* K setting. */
4663 run_rt3070_rf_read(sc, 9, &rf);
4664 rf &= ~0x0f;
4665 rf |= (freqs->k & 0x0f);
4666 run_rt3070_rf_write(sc, 9, rf);
4667
4668 /* Mode setting. */
4669 run_rt3070_rf_read(sc, 11, &rf);
4670 rf &= ~0x0c;
4671 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4672 run_rt3070_rf_write(sc, 11, rf);
4673 run_rt3070_rf_read(sc, 9, &rf);
4674 rf &= ~(1 << 7);
4675 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4676 run_rt3070_rf_write(sc, 9, rf);
4677
4678 /* R setting. */
4679 run_rt3070_rf_read(sc, 11, &rf);
4680 rf &= ~0x03;
4681 rf |= (freqs->r - 0x1);
4682 run_rt3070_rf_write(sc, 11, rf);
4683
4684 if (chan <= 14) {
4685 /* Initialize RF registers for 2GHZ. */
4686 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4687 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4688 rt5592_2ghz_def_rf[i].val);
4689 }
4690
4691 rf = (chan <= 10) ? 0x07 : 0x06;
4692 run_rt3070_rf_write(sc, 23, rf);
4693 run_rt3070_rf_write(sc, 59, rf);
4694
4695 run_rt3070_rf_write(sc, 55, 0x43);
4696
4697 /*
4698 * RF R49/R50 Tx power ALC code.
4699 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4700 */
4701 reg = 2;
4702 txpow_bound = 0x27;
4703 } else {
4704 /* Initialize RF registers for 5GHZ. */
4705 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4706 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4707 rt5592_5ghz_def_rf[i].val);
4708 }
4709 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4710 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4711 chan <= rt5592_chan_5ghz[i].lastchan) {
4712 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4713 rt5592_chan_5ghz[i].val);
4714 }
4715 }
4716
4717 /*
4718 * RF R49/R50 Tx power ALC code.
4719 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4720 */
4721 reg = 3;
4722 txpow_bound = 0x2b;
4723 }
4724
4725 /* RF R49 ch0 Tx power ALC code. */
4726 run_rt3070_rf_read(sc, 49, &rf);
4727 rf &= ~0xc0;
4728 rf |= (reg << 6);
4729 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4730 if ((rf & 0x3f) > txpow_bound)
4731 rf = (rf & ~0x3f) | txpow_bound;
4732 run_rt3070_rf_write(sc, 49, rf);
4733
4734 /* RF R50 ch1 Tx power ALC code. */
4735 run_rt3070_rf_read(sc, 50, &rf);
4736 rf &= ~(1 << 7 | 1 << 6);
4737 rf |= (reg << 6);
4738 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4739 if ((rf & 0x3f) > txpow_bound)
4740 rf = (rf & ~0x3f) | txpow_bound;
4741 run_rt3070_rf_write(sc, 50, rf);
4742
4743 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4744 run_rt3070_rf_read(sc, 1, &rf);
4745 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4746 if (sc->ntxchains > 1)
4747 rf |= RT3070_TX1_PD;
4748 if (sc->nrxchains > 1)
4749 rf |= RT3070_RX1_PD;
4750 run_rt3070_rf_write(sc, 1, rf);
4751
4752 run_rt3070_rf_write(sc, 6, 0xe4);
4753
4754 run_rt3070_rf_write(sc, 30, 0x10);
4755 run_rt3070_rf_write(sc, 31, 0x80);
4756 run_rt3070_rf_write(sc, 32, 0x80);
4757
4758 run_adjust_freq_offset(sc);
4759
4760 /* Enable VCO calibration. */
4761 run_rt3070_rf_read(sc, 3, &rf);
4762 rf |= RT5390_VCOCAL;
4763 run_rt3070_rf_write(sc, 3, rf);
4764}
4765
4766static void
4767run_set_rx_antenna(struct run_softc *sc, int aux)
4768{
4769 uint32_t tmp;
4770 uint8_t bbp152;
4771
4772 if (aux) {
4773 if (sc->rf_rev == RT5390_RF_5370) {
4774 run_bbp_read(sc, 152, &bbp152);
4775 run_bbp_write(sc, 152, bbp152 & ~0x80);
4776 } else {
4777 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4778 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4779 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4780 }
4781 } else {
4782 if (sc->rf_rev == RT5390_RF_5370) {
4783 run_bbp_read(sc, 152, &bbp152);
4784 run_bbp_write(sc, 152, bbp152 | 0x80);
4785 } else {
4786 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4787 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4788 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4789 }
4790 }
4791}
4792
4793static int
4794run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4795{
4796 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4797 u_int chan, group;
4798
4799 chan = ieee80211_chan2ieee(ic, c);
4800 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4801 return (EINVAL);
4802
4803 if (sc->mac_ver == 0x5592)
4804 run_rt5592_set_chan(sc, chan);
4805 else if (sc->mac_ver >= 0x5390)
4806 run_rt5390_set_chan(sc, chan);
4807 else if (sc->mac_ver == 0x3593)
4808 run_rt3593_set_chan(sc, chan);
4809 else if (sc->mac_ver == 0x3572)
4810 run_rt3572_set_chan(sc, chan);
4811 else if (sc->mac_ver >= 0x3070)
4812 run_rt3070_set_chan(sc, chan);
4813 else
4814 run_rt2870_set_chan(sc, chan);
4815
4816 /* determine channel group */
4817 if (chan <= 14)
4818 group = 0;
4819 else if (chan <= 64)
4820 group = 1;
4821 else if (chan <= 128)
4822 group = 2;
4823 else
4824 group = 3;
4825
4826 /* XXX necessary only when group has changed! */
4827 run_select_chan_group(sc, group);
4828
4829 run_delay(sc, 10);
4830
4831 /* Perform IQ calibration. */
4832 if (sc->mac_ver >= 0x5392)
4833 run_iq_calib(sc, chan);
4834
4835 return (0);
4836}
4837
4838static void
4839run_set_channel(struct ieee80211com *ic)
4840{
4841 struct run_softc *sc = ic->ic_ifp->if_softc;
4842
4843 RUN_LOCK(sc);
4844 run_set_chan(sc, ic->ic_curchan);
4845 RUN_UNLOCK(sc);
4846
4847 return;
4848}
4849
4850static void
4851run_scan_start(struct ieee80211com *ic)
4852{
4853 struct run_softc *sc = ic->ic_ifp->if_softc;
4854 uint32_t tmp;
4855
4856 RUN_LOCK(sc);
4857
4858 /* abort TSF synchronization */
4859 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4860 run_write(sc, RT2860_BCN_TIME_CFG,
4861 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4862 RT2860_TBTT_TIMER_EN));
4863 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
4864
4865 RUN_UNLOCK(sc);
4866
4867 return;
4868}
4869
4870static void
4871run_scan_end(struct ieee80211com *ic)
4872{
4873 struct run_softc *sc = ic->ic_ifp->if_softc;
4874
4875 RUN_LOCK(sc);
4876
4877 run_enable_tsf_sync(sc);
4878 /* XXX keep local copy */
4879 run_set_bssid(sc, sc->sc_bssid);
4880
4881 RUN_UNLOCK(sc);
4882
4883 return;
4884}
4885
4886/*
4887 * Could be called from ieee80211_node_timeout()
4888 * (non-sleepable thread)
4889 */
4890static void
4891run_update_beacon(struct ieee80211vap *vap, int item)
4892{
4893 struct ieee80211com *ic = vap->iv_ic;
4894 struct run_softc *sc = ic->ic_ifp->if_softc;
4895 struct run_vap *rvp = RUN_VAP(vap);
4896 int mcast = 0;
4897 uint32_t i;
4898
4899 KASSERT(vap != NULL, ("no beacon"));
4900
4901 switch (item) {
4902 case IEEE80211_BEACON_ERP:
4903 run_updateslot(ic->ic_ifp);
4904 break;
4905 case IEEE80211_BEACON_HTINFO:
4906 run_updateprot(ic);
4907 break;
4908 case IEEE80211_BEACON_TIM:
4909 mcast = 1; /*TODO*/
4910 break;
4911 default:
4912 break;
4913 }
4914
4915 setbit(rvp->bo.bo_flags, item);
4916 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast);
4917
4918 i = RUN_CMDQ_GET(&sc->cmdq_store);
4919 DPRINTF("cmdq_store=%d\n", i);
4920 sc->cmdq[i].func = run_update_beacon_cb;
4921 sc->cmdq[i].arg0 = vap;
4922 ieee80211_runtask(ic, &sc->cmdq_task);
4923
4924 return;
4925}
4926
4927static void
4928run_update_beacon_cb(void *arg)
4929{
4930 struct ieee80211vap *vap = arg;
4931 struct run_vap *rvp = RUN_VAP(vap);
4932 struct ieee80211com *ic = vap->iv_ic;
4933 struct run_softc *sc = ic->ic_ifp->if_softc;
4934 struct rt2860_txwi txwi;
4935 struct mbuf *m;
4936 uint16_t txwisize;
4937 uint8_t ridx;
4938
4939 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
4940 return;
4941 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4942 return;
4943
4944 /*
4945 * No need to call ieee80211_beacon_update(), run_update_beacon()
4946 * is taking care of apropriate calls.
4947 */
4948 if (rvp->beacon_mbuf == NULL) {
4949 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4950 &rvp->bo);
4951 if (rvp->beacon_mbuf == NULL)
4952 return;
4953 }
4954 m = rvp->beacon_mbuf;
4955
4956 memset(&txwi, 0, sizeof(txwi));
4957 txwi.wcid = 0xff;
4958 txwi.len = htole16(m->m_pkthdr.len);
4959
4960 /* send beacons at the lowest available rate */
4961 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4962 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4963 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4964 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4965 txwi.phy |= htole16(RT2860_PHY_OFDM);
4966 txwi.txop = RT2860_TX_TXOP_HT;
4967 txwi.flags = RT2860_TX_TS;
4968 txwi.xflags = RT2860_TX_NSEQ;
4969
4970 txwisize = (sc->mac_ver == 0x5592) ?
4971 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4972 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4973 txwisize);
4974 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4975 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4976}
4977
4978static void
4979run_updateprot(struct ieee80211com *ic)
4980{
4981 struct run_softc *sc = ic->ic_ifp->if_softc;
4982 uint32_t i;
4983
4984 i = RUN_CMDQ_GET(&sc->cmdq_store);
4985 DPRINTF("cmdq_store=%d\n", i);
4986 sc->cmdq[i].func = run_updateprot_cb;
4987 sc->cmdq[i].arg0 = ic;
4988 ieee80211_runtask(ic, &sc->cmdq_task);
4989}
4990
4991static void
4992run_updateprot_cb(void *arg)
4993{
4994 struct ieee80211com *ic = arg;
4995 struct run_softc *sc = ic->ic_ifp->if_softc;
4996 uint32_t tmp;
4997
4998 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
4999 /* setup protection frame rate (MCS code) */
5000 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5001 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5002 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5003
5004 /* CCK frames don't require protection */
5005 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5006 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5007 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5008 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5009 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5010 tmp |= RT2860_PROT_CTRL_CTS;
5011 }
5012 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5013}
5014
5015static void
5016run_usb_timeout_cb(void *arg)
5017{
5018 struct ieee80211vap *vap = arg;
5019 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
5020
5021 RUN_LOCK_ASSERT(sc, MA_OWNED);
5022
5023 if(vap->iv_state == IEEE80211_S_RUN &&
5024 vap->iv_opmode != IEEE80211_M_STA)
5025 run_reset_livelock(sc);
5026 else if (vap->iv_state == IEEE80211_S_SCAN) {
5027 DPRINTF("timeout caused by scan\n");
5028 /* cancel bgscan */
5029 ieee80211_cancel_scan(vap);
5030 } else
5031 DPRINTF("timeout by unknown cause\n");
5032}
5033
5034static void
5035run_reset_livelock(struct run_softc *sc)
5036{
5037 uint32_t tmp;
5038
5039 RUN_LOCK_ASSERT(sc, MA_OWNED);
5040
5041 /*
5042 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5043 * can run into a livelock and start sending CTS-to-self frames like
5044 * crazy if protection is enabled. Reset MAC/BBP for a while
5045 */
5046 run_read(sc, RT2860_DEBUG, &tmp);
5047 DPRINTFN(3, "debug reg %08x\n", tmp);
5048 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5049 DPRINTF("CTS-to-self livelock detected\n");
5050 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5051 run_delay(sc, 1);
5052 run_write(sc, RT2860_MAC_SYS_CTRL,
5053 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5054 }
5055}
5056
5057static void
5058run_update_promisc_locked(struct ifnet *ifp)
5059{
5060 struct run_softc *sc = ifp->if_softc;
5061 uint32_t tmp;
5062
5063 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5064
5065 tmp |= RT2860_DROP_UC_NOME;
5066 if (ifp->if_flags & IFF_PROMISC)
5067 tmp &= ~RT2860_DROP_UC_NOME;
5068
5069 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5070
5071 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
5072 "entering" : "leaving");
5073}
5074
5075static void
5076run_update_promisc(struct ifnet *ifp)
5077{
5078 struct run_softc *sc = ifp->if_softc;
5079
5080 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
5081 return;
5082
5083 RUN_LOCK(sc);
5084 run_update_promisc_locked(ifp);
5085 RUN_UNLOCK(sc);
5086}
5087
5088static void
5089run_enable_tsf_sync(struct run_softc *sc)
5090{
5091 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5092 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5093 uint32_t tmp;
5094
5095 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5096 ic->ic_opmode);
5097
5098 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5099 tmp &= ~0x1fffff;
5100 tmp |= vap->iv_bss->ni_intval * 16;
5101 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5102
5103 if (ic->ic_opmode == IEEE80211_M_STA) {
5104 /*
5105 * Local TSF is always updated with remote TSF on beacon
5106 * reception.
5107 */
5108 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5109 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5110 tmp |= RT2860_BCN_TX_EN;
5111 /*
5112 * Local TSF is updated with remote TSF on beacon reception
5113 * only if the remote TSF is greater than local TSF.
5114 */
5115 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5116 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5117 ic->ic_opmode == IEEE80211_M_MBSS) {
5118 tmp |= RT2860_BCN_TX_EN;
5119 /* SYNC with nobody */
5120 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5121 } else {
5122 DPRINTF("Enabling TSF failed. undefined opmode\n");
5123 return;
5124 }
5125
5126 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5127}
5128
5129static void
5130run_enable_mrr(struct run_softc *sc)
5131{
5132#define CCK(mcs) (mcs)
5133#define OFDM(mcs) (1 << 3 | (mcs))
5134 run_write(sc, RT2860_LG_FBK_CFG0,
5135 OFDM(6) << 28 | /* 54->48 */
5136 OFDM(5) << 24 | /* 48->36 */
5137 OFDM(4) << 20 | /* 36->24 */
5138 OFDM(3) << 16 | /* 24->18 */
5139 OFDM(2) << 12 | /* 18->12 */
5140 OFDM(1) << 8 | /* 12-> 9 */
5141 OFDM(0) << 4 | /* 9-> 6 */
5142 OFDM(0)); /* 6-> 6 */
5143
5144 run_write(sc, RT2860_LG_FBK_CFG1,
5145 CCK(2) << 12 | /* 11->5.5 */
5146 CCK(1) << 8 | /* 5.5-> 2 */
5147 CCK(0) << 4 | /* 2-> 1 */
5148 CCK(0)); /* 1-> 1 */
5149#undef OFDM
5150#undef CCK
5151}
5152
5153static void
5154run_set_txpreamble(struct run_softc *sc)
5155{
5156 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5157 uint32_t tmp;
5158
5159 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5160 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5161 tmp |= RT2860_CCK_SHORT_EN;
5162 else
5163 tmp &= ~RT2860_CCK_SHORT_EN;
5164 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5165}
5166
5167static void
5168run_set_basicrates(struct run_softc *sc)
5169{
5170 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5171
5172 /* set basic rates mask */
5173 if (ic->ic_curmode == IEEE80211_MODE_11B)
5174 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5175 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5176 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5177 else /* 11g */
5178 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5179}
5180
5181static void
5182run_set_leds(struct run_softc *sc, uint16_t which)
5183{
5184 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5185 which | (sc->leds & 0x7f));
5186}
5187
5188static void
5189run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5190{
5191 run_write(sc, RT2860_MAC_BSSID_DW0,
5192 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5193 run_write(sc, RT2860_MAC_BSSID_DW1,
5194 bssid[4] | bssid[5] << 8);
5195}
5196
5197static void
5198run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5199{
5200 run_write(sc, RT2860_MAC_ADDR_DW0,
5201 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5202 run_write(sc, RT2860_MAC_ADDR_DW1,
5203 addr[4] | addr[5] << 8 | 0xff << 16);
5204}
5205
5206static void
5207run_updateslot(struct ifnet *ifp)
5208{
5209 struct run_softc *sc = ifp->if_softc;
5210 struct ieee80211com *ic = ifp->if_l2com;
5211 uint32_t i;
5212
5213 i = RUN_CMDQ_GET(&sc->cmdq_store);
5214 DPRINTF("cmdq_store=%d\n", i);
5215 sc->cmdq[i].func = run_updateslot_cb;
5216 sc->cmdq[i].arg0 = ifp;
5217 ieee80211_runtask(ic, &sc->cmdq_task);
5218
5219 return;
5220}
5221
5222/* ARGSUSED */
5223static void
5224run_updateslot_cb(void *arg)
5225{
5226 struct ifnet *ifp = arg;
5227 struct run_softc *sc = ifp->if_softc;
5228 struct ieee80211com *ic = ifp->if_l2com;
5229 uint32_t tmp;
5230
5231 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5232 tmp &= ~0xff;
5233 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
5234 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5235}
5236
5237static void
5238run_update_mcast(struct ifnet *ifp)
5239{
5240 /* h/w filter supports getting everything or nothing */
5241 ifp->if_flags |= IFF_ALLMULTI;
5242}
5243
5244static int8_t
5245run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5246{
5247 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5248 struct ieee80211_channel *c = ic->ic_curchan;
5249 int delta;
5250
5251 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5252 u_int chan = ieee80211_chan2ieee(ic, c);
5253 delta = sc->rssi_5ghz[rxchain];
5254
5255 /* determine channel group */
5256 if (chan <= 64)
5257 delta -= sc->lna[1];
5258 else if (chan <= 128)
5259 delta -= sc->lna[2];
5260 else
5261 delta -= sc->lna[3];
5262 } else
5263 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5264
5265 return (-12 - delta - rssi);
5266}
5267
5268static void
5269run_rt5390_bbp_init(struct run_softc *sc)
5270{
5271 int i;
5272 uint8_t bbp;
5273
5274 /* Apply maximum likelihood detection for 2 stream case. */
5275 run_bbp_read(sc, 105, &bbp);
5276 if (sc->nrxchains > 1)
5277 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5278
5279 /* Avoid data lost and CRC error. */
5280 run_bbp_read(sc, 4, &bbp);
5281 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5282
5283 if (sc->mac_ver == 0x5592) {
5284 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5285 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5286 rt5592_def_bbp[i].val);
5287 }
5288 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5289 run_bbp_write(sc, 195, i + 0x80);
5290 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5291 }
5292 } else {
5293 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5294 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5295 rt5390_def_bbp[i].val);
5296 }
5297 }
5298 if (sc->mac_ver == 0x5392) {
5299 run_bbp_write(sc, 88, 0x90);
5300 run_bbp_write(sc, 95, 0x9a);
5301 run_bbp_write(sc, 98, 0x12);
5302 run_bbp_write(sc, 106, 0x12);
5303 run_bbp_write(sc, 134, 0xd0);
5304 run_bbp_write(sc, 135, 0xf6);
5305 run_bbp_write(sc, 148, 0x84);
5306 }
5307
5308 run_bbp_read(sc, 152, &bbp);
5309 run_bbp_write(sc, 152, bbp | 0x80);
5310
5311 /* Fix BBP254 for RT5592C. */
5312 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5313 run_bbp_read(sc, 254, &bbp);
5314 run_bbp_write(sc, 254, bbp | 0x80);
5315 }
5316
5317 /* Disable hardware antenna diversity. */
5318 if (sc->mac_ver == 0x5390)
5319 run_bbp_write(sc, 154, 0);
5320
5321 /* Initialize Rx CCK/OFDM frequency offset report. */
5322 run_bbp_write(sc, 142, 1);
5323 run_bbp_write(sc, 143, 57);
5324}
5325
5326static int
5327run_bbp_init(struct run_softc *sc)
5328{
5329 int i, error, ntries;
5330 uint8_t bbp0;
5331
5332 /* wait for BBP to wake up */
5333 for (ntries = 0; ntries < 20; ntries++) {
5334 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5335 return error;
5336 if (bbp0 != 0 && bbp0 != 0xff)
5337 break;
5338 }
5339 if (ntries == 20)
5340 return (ETIMEDOUT);
5341
5342 /* initialize BBP registers to default values */
5343 if (sc->mac_ver >= 0x5390)
5344 run_rt5390_bbp_init(sc);
5345 else {
5346 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5347 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5348 rt2860_def_bbp[i].val);
5349 }
5350 }
5351
5352 if (sc->mac_ver == 0x3593) {
5353 run_bbp_write(sc, 79, 0x13);
5354 run_bbp_write(sc, 80, 0x05);
5355 run_bbp_write(sc, 81, 0x33);
5356 run_bbp_write(sc, 86, 0x46);
5357 run_bbp_write(sc, 137, 0x0f);
5358 }
5359
5360 /* fix BBP84 for RT2860E */
5361 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5362 run_bbp_write(sc, 84, 0x19);
5363
5364 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5365 sc->mac_ver != 0x5592)) {
5366 run_bbp_write(sc, 79, 0x13);
5367 run_bbp_write(sc, 80, 0x05);
5368 run_bbp_write(sc, 81, 0x33);
5369 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5370 run_bbp_write(sc, 69, 0x16);
5371 run_bbp_write(sc, 73, 0x12);
5372 }
5373 return (0);
5374}
5375
5376static int
5377run_rt3070_rf_init(struct run_softc *sc)
5378{
5379 uint32_t tmp;
5380 uint8_t bbp4, mingain, rf, target;
5381 int i;
5382
5383 run_rt3070_rf_read(sc, 30, &rf);
5384 /* toggle RF R30 bit 7 */
5385 run_rt3070_rf_write(sc, 30, rf | 0x80);
5386 run_delay(sc, 10);
5387 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5388
5389 /* initialize RF registers to default value */
5390 if (sc->mac_ver == 0x3572) {
5391 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5392 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5393 rt3572_def_rf[i].val);
5394 }
5395 } else {
5396 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5397 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5398 rt3070_def_rf[i].val);
5399 }
5400 }
5401
5402 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5403 /*
5404 * Change voltage from 1.2V to 1.35V for RT3070.
5405 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5406 * in RT3070(F).
5407 */
5408 run_read(sc, RT3070_LDO_CFG0, &tmp);
5409 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5410 run_write(sc, RT3070_LDO_CFG0, tmp);
5411
5412 } else if (sc->mac_ver == 0x3071) {
5413 run_rt3070_rf_read(sc, 6, &rf);
5414 run_rt3070_rf_write(sc, 6, rf | 0x40);
5415 run_rt3070_rf_write(sc, 31, 0x14);
5416
5417 run_read(sc, RT3070_LDO_CFG0, &tmp);
5418 tmp &= ~0x1f000000;
5419 if (sc->mac_rev < 0x0211)
5420 tmp |= 0x0d000000; /* 1.3V */
5421 else
5422 tmp |= 0x01000000; /* 1.2V */
5423 run_write(sc, RT3070_LDO_CFG0, tmp);
5424
5425 /* patch LNA_PE_G1 */
5426 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5427 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5428
5429 } else if (sc->mac_ver == 0x3572) {
5430 run_rt3070_rf_read(sc, 6, &rf);
5431 run_rt3070_rf_write(sc, 6, rf | 0x40);
5432
5433 /* increase voltage from 1.2V to 1.35V */
5434 run_read(sc, RT3070_LDO_CFG0, &tmp);
5435 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5436 run_write(sc, RT3070_LDO_CFG0, tmp);
5437
5438 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5439 run_delay(sc, 1); /* wait for 1msec */
5440 /* decrease voltage back to 1.2V */
5441 tmp = (tmp & ~0x1f000000) | 0x01000000;
5442 run_write(sc, RT3070_LDO_CFG0, tmp);
5443 }
5444 }
5445
5446 /* select 20MHz bandwidth */
5447 run_rt3070_rf_read(sc, 31, &rf);
5448 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5449
5450 /* calibrate filter for 20MHz bandwidth */
5451 sc->rf24_20mhz = 0x1f; /* default value */
5452 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5453 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5454
5455 /* select 40MHz bandwidth */
5456 run_bbp_read(sc, 4, &bbp4);
5457 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5458 run_rt3070_rf_read(sc, 31, &rf);
5459 run_rt3070_rf_write(sc, 31, rf | 0x20);
5460
5461 /* calibrate filter for 40MHz bandwidth */
5462 sc->rf24_40mhz = 0x2f; /* default value */
5463 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5464 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5465
5466 /* go back to 20MHz bandwidth */
5467 run_bbp_read(sc, 4, &bbp4);
5468 run_bbp_write(sc, 4, bbp4 & ~0x18);
5469
5470 if (sc->mac_ver == 0x3572) {
5471 /* save default BBP registers 25 and 26 values */
5472 run_bbp_read(sc, 25, &sc->bbp25);
5473 run_bbp_read(sc, 26, &sc->bbp26);
5474 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5475 run_rt3070_rf_write(sc, 27, 0x03);
5476
5477 run_read(sc, RT3070_OPT_14, &tmp);
5478 run_write(sc, RT3070_OPT_14, tmp | 1);
5479
5480 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5481 run_rt3070_rf_read(sc, 17, &rf);
5482 rf &= ~RT3070_TX_LO1;
5483 if ((sc->mac_ver == 0x3070 ||
5484 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5485 !sc->ext_2ghz_lna)
5486 rf |= 0x20; /* fix for long range Rx issue */
5487 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5488 if (sc->txmixgain_2ghz >= mingain)
5489 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5490 run_rt3070_rf_write(sc, 17, rf);
5491 }
5492
| 22
23/*-
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
26 */
27
28#include <sys/param.h>
29#include <sys/sockio.h>
30#include <sys/sysctl.h>
31#include <sys/lock.h>
32#include <sys/mutex.h>
33#include <sys/mbuf.h>
34#include <sys/kernel.h>
35#include <sys/socket.h>
36#include <sys/systm.h>
37#include <sys/malloc.h>
38#include <sys/module.h>
39#include <sys/bus.h>
40#include <sys/endian.h>
41#include <sys/linker.h>
42#include <sys/firmware.h>
43#include <sys/kdb.h>
44
45#include <machine/bus.h>
46#include <machine/resource.h>
47#include <sys/rman.h>
48
49#include <net/bpf.h>
50#include <net/if.h>
51#include <net/if_var.h>
52#include <net/if_arp.h>
53#include <net/ethernet.h>
54#include <net/if_dl.h>
55#include <net/if_media.h>
56#include <net/if_types.h>
57
58#include <netinet/in.h>
59#include <netinet/in_systm.h>
60#include <netinet/in_var.h>
61#include <netinet/if_ether.h>
62#include <netinet/ip.h>
63
64#include <net80211/ieee80211_var.h>
65#include <net80211/ieee80211_regdomain.h>
66#include <net80211/ieee80211_radiotap.h>
67#include <net80211/ieee80211_ratectl.h>
68
69#include <dev/usb/usb.h>
70#include <dev/usb/usbdi.h>
71#include "usbdevs.h"
72
73#define USB_DEBUG_VAR run_debug
74#include <dev/usb/usb_debug.h>
75#include <dev/usb/usb_msctest.h>
76
77#include <dev/usb/wlan/if_runreg.h>
78#include <dev/usb/wlan/if_runvar.h>
79
80#ifdef USB_DEBUG
81#define RUN_DEBUG
82#endif
83
84#ifdef RUN_DEBUG
85int run_debug = 0;
86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
88 "run debug level");
89#endif
90
91#define IEEE80211_HAS_ADDR4(wh) \
92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
93
94/*
95 * Because of LOR in run_key_delete(), use atomic instead.
96 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
97 */
98#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
99
100static const STRUCT_USB_HOST_ID run_devs[] = {
101#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
102#define RUN_DEV_EJECT(v,p) \
103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
104#define RUN_EJECT 1
105 RUN_DEV(ABOCOM, RT2770),
106 RUN_DEV(ABOCOM, RT2870),
107 RUN_DEV(ABOCOM, RT3070),
108 RUN_DEV(ABOCOM, RT3071),
109 RUN_DEV(ABOCOM, RT3072),
110 RUN_DEV(ABOCOM2, RT2870_1),
111 RUN_DEV(ACCTON, RT2770),
112 RUN_DEV(ACCTON, RT2870_1),
113 RUN_DEV(ACCTON, RT2870_2),
114 RUN_DEV(ACCTON, RT2870_3),
115 RUN_DEV(ACCTON, RT2870_4),
116 RUN_DEV(ACCTON, RT2870_5),
117 RUN_DEV(ACCTON, RT3070),
118 RUN_DEV(ACCTON, RT3070_1),
119 RUN_DEV(ACCTON, RT3070_2),
120 RUN_DEV(ACCTON, RT3070_3),
121 RUN_DEV(ACCTON, RT3070_4),
122 RUN_DEV(ACCTON, RT3070_5),
123 RUN_DEV(AIRTIES, RT3070),
124 RUN_DEV(ALLWIN, RT2070),
125 RUN_DEV(ALLWIN, RT2770),
126 RUN_DEV(ALLWIN, RT2870),
127 RUN_DEV(ALLWIN, RT3070),
128 RUN_DEV(ALLWIN, RT3071),
129 RUN_DEV(ALLWIN, RT3072),
130 RUN_DEV(ALLWIN, RT3572),
131 RUN_DEV(AMIGO, RT2870_1),
132 RUN_DEV(AMIGO, RT2870_2),
133 RUN_DEV(AMIT, CGWLUSB2GNR),
134 RUN_DEV(AMIT, RT2870_1),
135 RUN_DEV(AMIT2, RT2870),
136 RUN_DEV(ASUS, RT2870_1),
137 RUN_DEV(ASUS, RT2870_2),
138 RUN_DEV(ASUS, RT2870_3),
139 RUN_DEV(ASUS, RT2870_4),
140 RUN_DEV(ASUS, RT2870_5),
141 RUN_DEV(ASUS, USBN13),
142 RUN_DEV(ASUS, RT3070_1),
143 RUN_DEV(ASUS, USBN66),
144 RUN_DEV(ASUS, USB_N53),
145 RUN_DEV(ASUS2, USBN11),
146 RUN_DEV(AZUREWAVE, RT2870_1),
147 RUN_DEV(AZUREWAVE, RT2870_2),
148 RUN_DEV(AZUREWAVE, RT3070_1),
149 RUN_DEV(AZUREWAVE, RT3070_2),
150 RUN_DEV(AZUREWAVE, RT3070_3),
151 RUN_DEV(BELKIN, F9L1103),
152 RUN_DEV(BELKIN, F5D8053V3),
153 RUN_DEV(BELKIN, F5D8055),
154 RUN_DEV(BELKIN, F5D8055V2),
155 RUN_DEV(BELKIN, F6D4050V1),
156 RUN_DEV(BELKIN, F6D4050V2),
157 RUN_DEV(BELKIN, RT2870_1),
158 RUN_DEV(BELKIN, RT2870_2),
159 RUN_DEV(CISCOLINKSYS, AE1000),
160 RUN_DEV(CISCOLINKSYS2, RT3070),
161 RUN_DEV(CISCOLINKSYS3, RT3070),
162 RUN_DEV(CONCEPTRONIC2, RT2870_1),
163 RUN_DEV(CONCEPTRONIC2, RT2870_2),
164 RUN_DEV(CONCEPTRONIC2, RT2870_3),
165 RUN_DEV(CONCEPTRONIC2, RT2870_4),
166 RUN_DEV(CONCEPTRONIC2, RT2870_5),
167 RUN_DEV(CONCEPTRONIC2, RT2870_6),
168 RUN_DEV(CONCEPTRONIC2, RT2870_7),
169 RUN_DEV(CONCEPTRONIC2, RT2870_8),
170 RUN_DEV(CONCEPTRONIC2, RT3070_1),
171 RUN_DEV(CONCEPTRONIC2, RT3070_2),
172 RUN_DEV(CONCEPTRONIC2, VIGORN61),
173 RUN_DEV(COREGA, CGWLUSB300GNM),
174 RUN_DEV(COREGA, RT2870_1),
175 RUN_DEV(COREGA, RT2870_2),
176 RUN_DEV(COREGA, RT2870_3),
177 RUN_DEV(COREGA, RT3070),
178 RUN_DEV(CYBERTAN, RT2870),
179 RUN_DEV(DLINK, RT2870),
180 RUN_DEV(DLINK, RT3072),
181 RUN_DEV(DLINK, DWA127),
182 RUN_DEV(DLINK, DWA140B3),
183 RUN_DEV(DLINK, DWA160B2),
184 RUN_DEV(DLINK, DWA140D1),
185 RUN_DEV(DLINK, DWA162),
186 RUN_DEV(DLINK2, DWA130),
187 RUN_DEV(DLINK2, RT2870_1),
188 RUN_DEV(DLINK2, RT2870_2),
189 RUN_DEV(DLINK2, RT3070_1),
190 RUN_DEV(DLINK2, RT3070_2),
191 RUN_DEV(DLINK2, RT3070_3),
192 RUN_DEV(DLINK2, RT3070_4),
193 RUN_DEV(DLINK2, RT3070_5),
194 RUN_DEV(DLINK2, RT3072),
195 RUN_DEV(DLINK2, RT3072_1),
196 RUN_DEV(EDIMAX, EW7717),
197 RUN_DEV(EDIMAX, EW7718),
198 RUN_DEV(EDIMAX, EW7733UND),
199 RUN_DEV(EDIMAX, RT2870_1),
200 RUN_DEV(ENCORE, RT3070_1),
201 RUN_DEV(ENCORE, RT3070_2),
202 RUN_DEV(ENCORE, RT3070_3),
203 RUN_DEV(GIGABYTE, GNWB31N),
204 RUN_DEV(GIGABYTE, GNWB32L),
205 RUN_DEV(GIGABYTE, RT2870_1),
206 RUN_DEV(GIGASET, RT3070_1),
207 RUN_DEV(GIGASET, RT3070_2),
208 RUN_DEV(GUILLEMOT, HWNU300),
209 RUN_DEV(HAWKING, HWUN2),
210 RUN_DEV(HAWKING, RT2870_1),
211 RUN_DEV(HAWKING, RT2870_2),
212 RUN_DEV(HAWKING, RT3070),
213 RUN_DEV(IODATA, RT3072_1),
214 RUN_DEV(IODATA, RT3072_2),
215 RUN_DEV(IODATA, RT3072_3),
216 RUN_DEV(IODATA, RT3072_4),
217 RUN_DEV(LINKSYS4, RT3070),
218 RUN_DEV(LINKSYS4, WUSB100),
219 RUN_DEV(LINKSYS4, WUSB54GCV3),
220 RUN_DEV(LINKSYS4, WUSB600N),
221 RUN_DEV(LINKSYS4, WUSB600NV2),
222 RUN_DEV(LOGITEC, RT2870_1),
223 RUN_DEV(LOGITEC, RT2870_2),
224 RUN_DEV(LOGITEC, RT2870_3),
225 RUN_DEV(LOGITEC, LANW300NU2),
226 RUN_DEV(LOGITEC, LANW150NU2),
227 RUN_DEV(LOGITEC, LANW300NU2S),
228 RUN_DEV(MELCO, RT2870_1),
229 RUN_DEV(MELCO, RT2870_2),
230 RUN_DEV(MELCO, WLIUCAG300N),
231 RUN_DEV(MELCO, WLIUCG300N),
232 RUN_DEV(MELCO, WLIUCG301N),
233 RUN_DEV(MELCO, WLIUCGN),
234 RUN_DEV(MELCO, WLIUCGNM),
235 RUN_DEV(MELCO, WLIUCGNM2),
236 RUN_DEV(MOTOROLA4, RT2770),
237 RUN_DEV(MOTOROLA4, RT3070),
238 RUN_DEV(MSI, RT3070_1),
239 RUN_DEV(MSI, RT3070_2),
240 RUN_DEV(MSI, RT3070_3),
241 RUN_DEV(MSI, RT3070_4),
242 RUN_DEV(MSI, RT3070_5),
243 RUN_DEV(MSI, RT3070_6),
244 RUN_DEV(MSI, RT3070_7),
245 RUN_DEV(MSI, RT3070_8),
246 RUN_DEV(MSI, RT3070_9),
247 RUN_DEV(MSI, RT3070_10),
248 RUN_DEV(MSI, RT3070_11),
249 RUN_DEV(OVISLINK, RT3072),
250 RUN_DEV(PARA, RT3070),
251 RUN_DEV(PEGATRON, RT2870),
252 RUN_DEV(PEGATRON, RT3070),
253 RUN_DEV(PEGATRON, RT3070_2),
254 RUN_DEV(PEGATRON, RT3070_3),
255 RUN_DEV(PHILIPS, RT2870),
256 RUN_DEV(PLANEX2, GWUS300MINIS),
257 RUN_DEV(PLANEX2, GWUSMICRON),
258 RUN_DEV(PLANEX2, RT2870),
259 RUN_DEV(PLANEX2, RT3070),
260 RUN_DEV(QCOM, RT2870),
261 RUN_DEV(QUANTA, RT3070),
262 RUN_DEV(RALINK, RT2070),
263 RUN_DEV(RALINK, RT2770),
264 RUN_DEV(RALINK, RT2870),
265 RUN_DEV(RALINK, RT3070),
266 RUN_DEV(RALINK, RT3071),
267 RUN_DEV(RALINK, RT3072),
268 RUN_DEV(RALINK, RT3370),
269 RUN_DEV(RALINK, RT3572),
270 RUN_DEV(RALINK, RT3573),
271 RUN_DEV(RALINK, RT5370),
272 RUN_DEV(RALINK, RT5572),
273 RUN_DEV(RALINK, RT8070),
274 RUN_DEV(SAMSUNG, WIS09ABGN),
275 RUN_DEV(SAMSUNG2, RT2870_1),
276 RUN_DEV(SENAO, RT2870_1),
277 RUN_DEV(SENAO, RT2870_2),
278 RUN_DEV(SENAO, RT2870_3),
279 RUN_DEV(SENAO, RT2870_4),
280 RUN_DEV(SENAO, RT3070),
281 RUN_DEV(SENAO, RT3071),
282 RUN_DEV(SENAO, RT3072_1),
283 RUN_DEV(SENAO, RT3072_2),
284 RUN_DEV(SENAO, RT3072_3),
285 RUN_DEV(SENAO, RT3072_4),
286 RUN_DEV(SENAO, RT3072_5),
287 RUN_DEV(SITECOMEU, RT2770),
288 RUN_DEV(SITECOMEU, RT2870_1),
289 RUN_DEV(SITECOMEU, RT2870_2),
290 RUN_DEV(SITECOMEU, RT2870_3),
291 RUN_DEV(SITECOMEU, RT2870_4),
292 RUN_DEV(SITECOMEU, RT3070),
293 RUN_DEV(SITECOMEU, RT3070_2),
294 RUN_DEV(SITECOMEU, RT3070_3),
295 RUN_DEV(SITECOMEU, RT3070_4),
296 RUN_DEV(SITECOMEU, RT3071),
297 RUN_DEV(SITECOMEU, RT3072_1),
298 RUN_DEV(SITECOMEU, RT3072_2),
299 RUN_DEV(SITECOMEU, RT3072_3),
300 RUN_DEV(SITECOMEU, RT3072_4),
301 RUN_DEV(SITECOMEU, RT3072_5),
302 RUN_DEV(SITECOMEU, RT3072_6),
303 RUN_DEV(SITECOMEU, WL608),
304 RUN_DEV(SPARKLAN, RT2870_1),
305 RUN_DEV(SPARKLAN, RT3070),
306 RUN_DEV(SWEEX2, LW153),
307 RUN_DEV(SWEEX2, LW303),
308 RUN_DEV(SWEEX2, LW313),
309 RUN_DEV(TOSHIBA, RT3070),
310 RUN_DEV(UMEDIA, RT2870_1),
311 RUN_DEV(ZCOM, RT2870_1),
312 RUN_DEV(ZCOM, RT2870_2),
313 RUN_DEV(ZINWELL, RT2870_1),
314 RUN_DEV(ZINWELL, RT2870_2),
315 RUN_DEV(ZINWELL, RT3070),
316 RUN_DEV(ZINWELL, RT3072_1),
317 RUN_DEV(ZINWELL, RT3072_2),
318 RUN_DEV(ZYXEL, RT2870_1),
319 RUN_DEV(ZYXEL, RT2870_2),
320 RUN_DEV(ZYXEL, RT3070),
321 RUN_DEV_EJECT(ZYXEL, NWD2705),
322 RUN_DEV_EJECT(RALINK, RT_STOR),
323#undef RUN_DEV_EJECT
324#undef RUN_DEV
325};
326
327static device_probe_t run_match;
328static device_attach_t run_attach;
329static device_detach_t run_detach;
330
331static usb_callback_t run_bulk_rx_callback;
332static usb_callback_t run_bulk_tx_callback0;
333static usb_callback_t run_bulk_tx_callback1;
334static usb_callback_t run_bulk_tx_callback2;
335static usb_callback_t run_bulk_tx_callback3;
336static usb_callback_t run_bulk_tx_callback4;
337static usb_callback_t run_bulk_tx_callback5;
338
339static void run_autoinst(void *, struct usb_device *,
340 struct usb_attach_arg *);
341static int run_driver_loaded(struct module *, int, void *);
342static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
343 usb_error_t error, u_int index);
344static struct ieee80211vap *run_vap_create(struct ieee80211com *,
345 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
346 const uint8_t [IEEE80211_ADDR_LEN],
347 const uint8_t [IEEE80211_ADDR_LEN]);
348static void run_vap_delete(struct ieee80211vap *);
349static void run_cmdq_cb(void *, int);
350static void run_setup_tx_list(struct run_softc *,
351 struct run_endpoint_queue *);
352static void run_unsetup_tx_list(struct run_softc *,
353 struct run_endpoint_queue *);
354static int run_load_microcode(struct run_softc *);
355static int run_reset(struct run_softc *);
356static usb_error_t run_do_request(struct run_softc *,
357 struct usb_device_request *, void *);
358static int run_read(struct run_softc *, uint16_t, uint32_t *);
359static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
360static int run_write_2(struct run_softc *, uint16_t, uint16_t);
361static int run_write(struct run_softc *, uint16_t, uint32_t);
362static int run_write_region_1(struct run_softc *, uint16_t,
363 const uint8_t *, int);
364static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
365static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
366static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
367static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
368static int run_rt2870_rf_write(struct run_softc *, uint32_t);
369static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
370static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
371static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
372static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
373static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
374static const char *run_get_rf(uint16_t);
375static void run_rt3593_get_txpower(struct run_softc *);
376static void run_get_txpower(struct run_softc *);
377static int run_read_eeprom(struct run_softc *);
378static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
379 const uint8_t mac[IEEE80211_ADDR_LEN]);
380static int run_media_change(struct ifnet *);
381static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
382static int run_wme_update(struct ieee80211com *);
383static void run_wme_update_cb(void *);
384static void run_key_update_begin(struct ieee80211vap *);
385static void run_key_update_end(struct ieee80211vap *);
386static void run_key_set_cb(void *);
387static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
388 const uint8_t mac[IEEE80211_ADDR_LEN]);
389static void run_key_delete_cb(void *);
390static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
391static void run_ratectl_to(void *);
392static void run_ratectl_cb(void *, int);
393static void run_drain_fifo(void *);
394static void run_iter_func(void *, struct ieee80211_node *);
395static void run_newassoc_cb(void *);
396static void run_newassoc(struct ieee80211_node *, int);
397static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
398static void run_tx_free(struct run_endpoint_queue *pq,
399 struct run_tx_data *, int);
400static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
401static int run_tx(struct run_softc *, struct mbuf *,
402 struct ieee80211_node *);
403static int run_tx_mgt(struct run_softc *, struct mbuf *,
404 struct ieee80211_node *);
405static int run_sendprot(struct run_softc *, const struct mbuf *,
406 struct ieee80211_node *, int, int);
407static int run_tx_param(struct run_softc *, struct mbuf *,
408 struct ieee80211_node *,
409 const struct ieee80211_bpf_params *);
410static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
411 const struct ieee80211_bpf_params *);
412static void run_start(struct ifnet *);
413static int run_ioctl(struct ifnet *, u_long, caddr_t);
414static void run_iq_calib(struct run_softc *, u_int);
415static void run_set_agc(struct run_softc *, uint8_t);
416static void run_select_chan_group(struct run_softc *, int);
417static void run_set_rx_antenna(struct run_softc *, int);
418static void run_rt2870_set_chan(struct run_softc *, u_int);
419static void run_rt3070_set_chan(struct run_softc *, u_int);
420static void run_rt3572_set_chan(struct run_softc *, u_int);
421static void run_rt3593_set_chan(struct run_softc *, u_int);
422static void run_rt5390_set_chan(struct run_softc *, u_int);
423static void run_rt5592_set_chan(struct run_softc *, u_int);
424static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
425static void run_set_channel(struct ieee80211com *);
426static void run_scan_start(struct ieee80211com *);
427static void run_scan_end(struct ieee80211com *);
428static void run_update_beacon(struct ieee80211vap *, int);
429static void run_update_beacon_cb(void *);
430static void run_updateprot(struct ieee80211com *);
431static void run_updateprot_cb(void *);
432static void run_usb_timeout_cb(void *);
433static void run_reset_livelock(struct run_softc *);
434static void run_enable_tsf_sync(struct run_softc *);
435static void run_enable_mrr(struct run_softc *);
436static void run_set_txpreamble(struct run_softc *);
437static void run_set_basicrates(struct run_softc *);
438static void run_set_leds(struct run_softc *, uint16_t);
439static void run_set_bssid(struct run_softc *, const uint8_t *);
440static void run_set_macaddr(struct run_softc *, const uint8_t *);
441static void run_updateslot(struct ifnet *);
442static void run_updateslot_cb(void *);
443static void run_update_mcast(struct ifnet *);
444static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
445static void run_update_promisc_locked(struct ifnet *);
446static void run_update_promisc(struct ifnet *);
447static void run_rt5390_bbp_init(struct run_softc *);
448static int run_bbp_init(struct run_softc *);
449static int run_rt3070_rf_init(struct run_softc *);
450static void run_rt3593_rf_init(struct run_softc *);
451static void run_rt5390_rf_init(struct run_softc *);
452static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
453 uint8_t *);
454static void run_rt3070_rf_setup(struct run_softc *);
455static void run_rt3593_rf_setup(struct run_softc *);
456static void run_rt5390_rf_setup(struct run_softc *);
457static int run_txrx_enable(struct run_softc *);
458static void run_adjust_freq_offset(struct run_softc *);
459static void run_init(void *);
460static void run_init_locked(struct run_softc *);
461static void run_stop(void *);
462static void run_delay(struct run_softc *, u_int);
463
464static eventhandler_tag run_etag;
465
466static const struct rt2860_rate {
467 uint8_t rate;
468 uint8_t mcs;
469 enum ieee80211_phytype phy;
470 uint8_t ctl_ridx;
471 uint16_t sp_ack_dur;
472 uint16_t lp_ack_dur;
473} rt2860_rates[] = {
474 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
475 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
476 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
477 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
478 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
479 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
480 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
481 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
482 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
483 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
484 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
485 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
486};
487
488static const struct {
489 uint16_t reg;
490 uint32_t val;
491} rt2870_def_mac[] = {
492 RT2870_DEF_MAC
493};
494
495static const struct {
496 uint8_t reg;
497 uint8_t val;
498} rt2860_def_bbp[] = {
499 RT2860_DEF_BBP
500},rt5390_def_bbp[] = {
501 RT5390_DEF_BBP
502},rt5592_def_bbp[] = {
503 RT5592_DEF_BBP
504};
505
506/*
507 * Default values for BBP register R196 for RT5592.
508 */
509static const uint8_t rt5592_bbp_r196[] = {
510 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
511 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
512 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
513 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
514 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
515 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
516 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
517 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
518 0x2e, 0x36, 0x30, 0x6e
519};
520
521static const struct rfprog {
522 uint8_t chan;
523 uint32_t r1, r2, r3, r4;
524} rt2860_rf2850[] = {
525 RT2860_RF2850
526};
527
528struct {
529 uint8_t n, r, k;
530} rt3070_freqs[] = {
531 RT3070_RF3052
532};
533
534static const struct rt5592_freqs {
535 uint16_t n;
536 uint8_t k, m, r;
537} rt5592_freqs_20mhz[] = {
538 RT5592_RF5592_20MHZ
539},rt5592_freqs_40mhz[] = {
540 RT5592_RF5592_40MHZ
541};
542
543static const struct {
544 uint8_t reg;
545 uint8_t val;
546} rt3070_def_rf[] = {
547 RT3070_DEF_RF
548},rt3572_def_rf[] = {
549 RT3572_DEF_RF
550},rt3593_def_rf[] = {
551 RT3593_DEF_RF
552},rt5390_def_rf[] = {
553 RT5390_DEF_RF
554},rt5392_def_rf[] = {
555 RT5392_DEF_RF
556},rt5592_def_rf[] = {
557 RT5592_DEF_RF
558},rt5592_2ghz_def_rf[] = {
559 RT5592_2GHZ_DEF_RF
560},rt5592_5ghz_def_rf[] = {
561 RT5592_5GHZ_DEF_RF
562};
563
564static const struct {
565 u_int firstchan;
566 u_int lastchan;
567 uint8_t reg;
568 uint8_t val;
569} rt5592_chan_5ghz[] = {
570 RT5592_CHAN_5GHZ
571};
572
573static const struct usb_config run_config[RUN_N_XFER] = {
574 [RUN_BULK_TX_BE] = {
575 .type = UE_BULK,
576 .endpoint = UE_ADDR_ANY,
577 .ep_index = 0,
578 .direction = UE_DIR_OUT,
579 .bufsize = RUN_MAX_TXSZ,
580 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
581 .callback = run_bulk_tx_callback0,
582 .timeout = 5000, /* ms */
583 },
584 [RUN_BULK_TX_BK] = {
585 .type = UE_BULK,
586 .endpoint = UE_ADDR_ANY,
587 .direction = UE_DIR_OUT,
588 .ep_index = 1,
589 .bufsize = RUN_MAX_TXSZ,
590 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
591 .callback = run_bulk_tx_callback1,
592 .timeout = 5000, /* ms */
593 },
594 [RUN_BULK_TX_VI] = {
595 .type = UE_BULK,
596 .endpoint = UE_ADDR_ANY,
597 .direction = UE_DIR_OUT,
598 .ep_index = 2,
599 .bufsize = RUN_MAX_TXSZ,
600 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
601 .callback = run_bulk_tx_callback2,
602 .timeout = 5000, /* ms */
603 },
604 [RUN_BULK_TX_VO] = {
605 .type = UE_BULK,
606 .endpoint = UE_ADDR_ANY,
607 .direction = UE_DIR_OUT,
608 .ep_index = 3,
609 .bufsize = RUN_MAX_TXSZ,
610 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
611 .callback = run_bulk_tx_callback3,
612 .timeout = 5000, /* ms */
613 },
614 [RUN_BULK_TX_HCCA] = {
615 .type = UE_BULK,
616 .endpoint = UE_ADDR_ANY,
617 .direction = UE_DIR_OUT,
618 .ep_index = 4,
619 .bufsize = RUN_MAX_TXSZ,
620 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
621 .callback = run_bulk_tx_callback4,
622 .timeout = 5000, /* ms */
623 },
624 [RUN_BULK_TX_PRIO] = {
625 .type = UE_BULK,
626 .endpoint = UE_ADDR_ANY,
627 .direction = UE_DIR_OUT,
628 .ep_index = 5,
629 .bufsize = RUN_MAX_TXSZ,
630 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
631 .callback = run_bulk_tx_callback5,
632 .timeout = 5000, /* ms */
633 },
634 [RUN_BULK_RX] = {
635 .type = UE_BULK,
636 .endpoint = UE_ADDR_ANY,
637 .direction = UE_DIR_IN,
638 .bufsize = RUN_MAX_RXSZ,
639 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
640 .callback = run_bulk_rx_callback,
641 }
642};
643
644static void
645run_autoinst(void *arg, struct usb_device *udev,
646 struct usb_attach_arg *uaa)
647{
648 struct usb_interface *iface;
649 struct usb_interface_descriptor *id;
650
651 if (uaa->dev_state != UAA_DEV_READY)
652 return;
653
654 iface = usbd_get_iface(udev, 0);
655 if (iface == NULL)
656 return;
657 id = iface->idesc;
658 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
659 return;
660 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
661 return;
662
663 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
664 uaa->dev_state = UAA_DEV_EJECTING;
665}
666
667static int
668run_driver_loaded(struct module *mod, int what, void *arg)
669{
670 switch (what) {
671 case MOD_LOAD:
672 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
673 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
674 break;
675 case MOD_UNLOAD:
676 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
677 break;
678 default:
679 return (EOPNOTSUPP);
680 }
681 return (0);
682}
683
684static int
685run_match(device_t self)
686{
687 struct usb_attach_arg *uaa = device_get_ivars(self);
688
689 if (uaa->usb_mode != USB_MODE_HOST)
690 return (ENXIO);
691 if (uaa->info.bConfigIndex != 0)
692 return (ENXIO);
693 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
694 return (ENXIO);
695
696 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
697}
698
699static int
700run_attach(device_t self)
701{
702 struct run_softc *sc = device_get_softc(self);
703 struct usb_attach_arg *uaa = device_get_ivars(self);
704 struct ieee80211com *ic;
705 struct ifnet *ifp;
706 uint32_t ver;
707 int ntries, error;
708 uint8_t iface_index, bands;
709
710 device_set_usb_desc(self);
711 sc->sc_udev = uaa->device;
712 sc->sc_dev = self;
713 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
714 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
715
716 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
717 MTX_NETWORK_LOCK, MTX_DEF);
718
719 iface_index = RT2860_IFACE_INDEX;
720
721 error = usbd_transfer_setup(uaa->device, &iface_index,
722 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
723 if (error) {
724 device_printf(self, "could not allocate USB transfers, "
725 "err=%s\n", usbd_errstr(error));
726 goto detach;
727 }
728
729 RUN_LOCK(sc);
730
731 /* wait for the chip to settle */
732 for (ntries = 0; ntries < 100; ntries++) {
733 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
734 RUN_UNLOCK(sc);
735 goto detach;
736 }
737 if (ver != 0 && ver != 0xffffffff)
738 break;
739 run_delay(sc, 10);
740 }
741 if (ntries == 100) {
742 device_printf(sc->sc_dev,
743 "timeout waiting for NIC to initialize\n");
744 RUN_UNLOCK(sc);
745 goto detach;
746 }
747 sc->mac_ver = ver >> 16;
748 sc->mac_rev = ver & 0xffff;
749
750 /* retrieve RF rev. no and various other things from EEPROM */
751 run_read_eeprom(sc);
752
753 device_printf(sc->sc_dev,
754 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
755 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
756 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid));
757
758 RUN_UNLOCK(sc);
759
760 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
761 if (ifp == NULL) {
762 device_printf(sc->sc_dev, "can not if_alloc()\n");
763 goto detach;
764 }
765 ic = ifp->if_l2com;
766
767 ifp->if_softc = sc;
768 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
769 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
770 ifp->if_init = run_init;
771 ifp->if_ioctl = run_ioctl;
772 ifp->if_start = run_start;
773 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
774 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
775 IFQ_SET_READY(&ifp->if_snd);
776
777 ic->ic_ifp = ifp;
778 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
779 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
780
781 /* set device capabilities */
782 ic->ic_caps =
783 IEEE80211_C_STA | /* station mode supported */
784 IEEE80211_C_MONITOR | /* monitor mode supported */
785 IEEE80211_C_IBSS |
786 IEEE80211_C_HOSTAP |
787 IEEE80211_C_WDS | /* 4-address traffic works */
788 IEEE80211_C_MBSS |
789 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
790 IEEE80211_C_SHSLOT | /* short slot time supported */
791 IEEE80211_C_WME | /* WME */
792 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
793
794 ic->ic_cryptocaps =
795 IEEE80211_CRYPTO_WEP |
796 IEEE80211_CRYPTO_AES_CCM |
797 IEEE80211_CRYPTO_TKIPMIC |
798 IEEE80211_CRYPTO_TKIP;
799
800 ic->ic_flags |= IEEE80211_F_DATAPAD;
801 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
802
803 bands = 0;
804 setbit(&bands, IEEE80211_MODE_11B);
805 setbit(&bands, IEEE80211_MODE_11G);
806 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
807 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
808 sc->rf_rev == RT5592_RF_5592)
809 setbit(&bands, IEEE80211_MODE_11A);
810 ieee80211_init_channels(ic, NULL, &bands);
811
812 ieee80211_ifattach(ic, sc->sc_bssid);
813
814 ic->ic_scan_start = run_scan_start;
815 ic->ic_scan_end = run_scan_end;
816 ic->ic_set_channel = run_set_channel;
817 ic->ic_node_alloc = run_node_alloc;
818 ic->ic_newassoc = run_newassoc;
819 ic->ic_updateslot = run_updateslot;
820 ic->ic_update_mcast = run_update_mcast;
821 ic->ic_wme.wme_update = run_wme_update;
822 ic->ic_raw_xmit = run_raw_xmit;
823 ic->ic_update_promisc = run_update_promisc;
824
825 ic->ic_vap_create = run_vap_create;
826 ic->ic_vap_delete = run_vap_delete;
827
828 ieee80211_radiotap_attach(ic,
829 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
830 RUN_TX_RADIOTAP_PRESENT,
831 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
832 RUN_RX_RADIOTAP_PRESENT);
833
834 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
835 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
836 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
837
838 if (bootverbose)
839 ieee80211_announce(ic);
840
841 return (0);
842
843detach:
844 run_detach(self);
845 return (ENXIO);
846}
847
848static int
849run_detach(device_t self)
850{
851 struct run_softc *sc = device_get_softc(self);
852 struct ifnet *ifp = sc->sc_ifp;
853 struct ieee80211com *ic;
854 int i;
855
856 RUN_LOCK(sc);
857 sc->sc_detached = 1;
858 RUN_UNLOCK(sc);
859
860 /* stop all USB transfers */
861 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
862
863 RUN_LOCK(sc);
864 sc->ratectl_run = RUN_RATECTL_OFF;
865 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
866
867 /* free TX list, if any */
868 for (i = 0; i != RUN_EP_QUEUES; i++)
869 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
870 RUN_UNLOCK(sc);
871
872 if (ifp) {
873 ic = ifp->if_l2com;
874 /* drain tasks */
875 usb_callout_drain(&sc->ratectl_ch);
876 ieee80211_draintask(ic, &sc->cmdq_task);
877 ieee80211_draintask(ic, &sc->ratectl_task);
878 ieee80211_ifdetach(ic);
879 if_free(ifp);
880 }
881
882 mtx_destroy(&sc->sc_mtx);
883
884 return (0);
885}
886
887static struct ieee80211vap *
888run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
889 enum ieee80211_opmode opmode, int flags,
890 const uint8_t bssid[IEEE80211_ADDR_LEN],
891 const uint8_t mac[IEEE80211_ADDR_LEN])
892{
893 struct ifnet *ifp = ic->ic_ifp;
894 struct run_softc *sc = ifp->if_softc;
895 struct run_vap *rvp;
896 struct ieee80211vap *vap;
897 int i;
898
899 if (sc->rvp_cnt >= RUN_VAP_MAX) {
900 if_printf(ifp, "number of VAPs maxed out\n");
901 return (NULL);
902 }
903
904 switch (opmode) {
905 case IEEE80211_M_STA:
906 /* enable s/w bmiss handling for sta mode */
907 flags |= IEEE80211_CLONE_NOBEACONS;
908 /* fall though */
909 case IEEE80211_M_IBSS:
910 case IEEE80211_M_MONITOR:
911 case IEEE80211_M_HOSTAP:
912 case IEEE80211_M_MBSS:
913 /* other than WDS vaps, only one at a time */
914 if (!TAILQ_EMPTY(&ic->ic_vaps))
915 return (NULL);
916 break;
917 case IEEE80211_M_WDS:
918 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
919 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
920 continue;
921 /* WDS vap's always share the local mac address. */
922 flags &= ~IEEE80211_CLONE_BSSID;
923 break;
924 }
925 if (vap == NULL) {
926 if_printf(ifp, "wds only supported in ap mode\n");
927 return (NULL);
928 }
929 break;
930 default:
931 if_printf(ifp, "unknown opmode %d\n", opmode);
932 return (NULL);
933 }
934
935 rvp = (struct run_vap *) malloc(sizeof(struct run_vap),
936 M_80211_VAP, M_NOWAIT | M_ZERO);
937 if (rvp == NULL)
938 return (NULL);
939 vap = &rvp->vap;
940
941 if (ieee80211_vap_setup(ic, vap, name, unit,
942 opmode, flags, bssid, mac) != 0) {
943 /* out of memory */
944 free(rvp, M_80211_VAP);
945 return (NULL);
946 }
947
948 vap->iv_key_update_begin = run_key_update_begin;
949 vap->iv_key_update_end = run_key_update_end;
950 vap->iv_update_beacon = run_update_beacon;
951 vap->iv_max_aid = RT2870_WCID_MAX;
952 /*
953 * To delete the right key from h/w, we need wcid.
954 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
955 * and matching wcid will be written into there. So, cast
956 * some spells to remove 'const' from ieee80211_key{}
957 */
958 vap->iv_key_delete = (void *)run_key_delete;
959 vap->iv_key_set = (void *)run_key_set;
960
961 /* override state transition machine */
962 rvp->newstate = vap->iv_newstate;
963 vap->iv_newstate = run_newstate;
964
965 ieee80211_ratectl_init(vap);
966 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
967
968 /* complete setup */
969 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
970
971 /* make sure id is always unique */
972 for (i = 0; i < RUN_VAP_MAX; i++) {
973 if((sc->rvp_bmap & 1 << i) == 0){
974 sc->rvp_bmap |= 1 << i;
975 rvp->rvp_id = i;
976 break;
977 }
978 }
979 if (sc->rvp_cnt++ == 0)
980 ic->ic_opmode = opmode;
981
982 if (opmode == IEEE80211_M_HOSTAP)
983 sc->cmdq_run = RUN_CMDQ_GO;
984
985 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
986 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
987
988 return (vap);
989}
990
991static void
992run_vap_delete(struct ieee80211vap *vap)
993{
994 struct run_vap *rvp = RUN_VAP(vap);
995 struct ifnet *ifp;
996 struct ieee80211com *ic;
997 struct run_softc *sc;
998 uint8_t rvp_id;
999
1000 if (vap == NULL)
1001 return;
1002
1003 ic = vap->iv_ic;
1004 ifp = ic->ic_ifp;
1005
1006 sc = ifp->if_softc;
1007
1008 RUN_LOCK(sc);
1009
1010 m_freem(rvp->beacon_mbuf);
1011 rvp->beacon_mbuf = NULL;
1012
1013 rvp_id = rvp->rvp_id;
1014 sc->ratectl_run &= ~(1 << rvp_id);
1015 sc->rvp_bmap &= ~(1 << rvp_id);
1016 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1017 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1018 --sc->rvp_cnt;
1019
1020 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1021 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1022
1023 RUN_UNLOCK(sc);
1024
1025 ieee80211_ratectl_deinit(vap);
1026 ieee80211_vap_detach(vap);
1027 free(rvp, M_80211_VAP);
1028}
1029
1030/*
1031 * There are numbers of functions need to be called in context thread.
1032 * Rather than creating taskqueue event for each of those functions,
1033 * here is all-for-one taskqueue callback function. This function
1034 * gurantees deferred functions are executed in the same order they
1035 * were enqueued.
1036 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1037 */
1038static void
1039run_cmdq_cb(void *arg, int pending)
1040{
1041 struct run_softc *sc = arg;
1042 uint8_t i;
1043
1044 /* call cmdq[].func locked */
1045 RUN_LOCK(sc);
1046 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1047 i = sc->cmdq_exec, pending--) {
1048 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1049 if (sc->cmdq_run == RUN_CMDQ_GO) {
1050 /*
1051 * If arg0 is NULL, callback func needs more
1052 * than one arg. So, pass ptr to cmdq struct.
1053 */
1054 if (sc->cmdq[i].arg0)
1055 sc->cmdq[i].func(sc->cmdq[i].arg0);
1056 else
1057 sc->cmdq[i].func(&sc->cmdq[i]);
1058 }
1059 sc->cmdq[i].arg0 = NULL;
1060 sc->cmdq[i].func = NULL;
1061 sc->cmdq_exec++;
1062 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1063 }
1064 RUN_UNLOCK(sc);
1065}
1066
1067static void
1068run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1069{
1070 struct run_tx_data *data;
1071
1072 memset(pq, 0, sizeof(*pq));
1073
1074 STAILQ_INIT(&pq->tx_qh);
1075 STAILQ_INIT(&pq->tx_fh);
1076
1077 for (data = &pq->tx_data[0];
1078 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1079 data->sc = sc;
1080 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1081 }
1082 pq->tx_nfree = RUN_TX_RING_COUNT;
1083}
1084
1085static void
1086run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1087{
1088 struct run_tx_data *data;
1089
1090 /* make sure any subsequent use of the queues will fail */
1091 pq->tx_nfree = 0;
1092 STAILQ_INIT(&pq->tx_fh);
1093 STAILQ_INIT(&pq->tx_qh);
1094
1095 /* free up all node references and mbufs */
1096 for (data = &pq->tx_data[0];
1097 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1098 if (data->m != NULL) {
1099 m_freem(data->m);
1100 data->m = NULL;
1101 }
1102 if (data->ni != NULL) {
1103 ieee80211_free_node(data->ni);
1104 data->ni = NULL;
1105 }
1106 }
1107}
1108
1109static int
1110run_load_microcode(struct run_softc *sc)
1111{
1112 usb_device_request_t req;
1113 const struct firmware *fw;
1114 const u_char *base;
1115 uint32_t tmp;
1116 int ntries, error;
1117 const uint64_t *temp;
1118 uint64_t bytes;
1119
1120 RUN_UNLOCK(sc);
1121 fw = firmware_get("runfw");
1122 RUN_LOCK(sc);
1123 if (fw == NULL) {
1124 device_printf(sc->sc_dev,
1125 "failed loadfirmware of file %s\n", "runfw");
1126 return ENOENT;
1127 }
1128
1129 if (fw->datasize != 8192) {
1130 device_printf(sc->sc_dev,
1131 "invalid firmware size (should be 8KB)\n");
1132 error = EINVAL;
1133 goto fail;
1134 }
1135
1136 /*
1137 * RT3071/RT3072 use a different firmware
1138 * run-rt2870 (8KB) contains both,
1139 * first half (4KB) is for rt2870,
1140 * last half is for rt3071.
1141 */
1142 base = fw->data;
1143 if ((sc->mac_ver) != 0x2860 &&
1144 (sc->mac_ver) != 0x2872 &&
1145 (sc->mac_ver) != 0x3070) {
1146 base += 4096;
1147 }
1148
1149 /* cheap sanity check */
1150 temp = fw->data;
1151 bytes = *temp;
1152 if (bytes != be64toh(0xffffff0210280210ULL)) {
1153 device_printf(sc->sc_dev, "firmware checksum failed\n");
1154 error = EINVAL;
1155 goto fail;
1156 }
1157
1158 /* write microcode image */
1159 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1160 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1161 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1162 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1163 }
1164
1165 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1166 req.bRequest = RT2870_RESET;
1167 USETW(req.wValue, 8);
1168 USETW(req.wIndex, 0);
1169 USETW(req.wLength, 0);
1170 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1171 != 0) {
1172 device_printf(sc->sc_dev, "firmware reset failed\n");
1173 goto fail;
1174 }
1175
1176 run_delay(sc, 10);
1177
1178 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1179 run_write(sc, RT2860_H2M_MAILBOX, 0);
1180 run_write(sc, RT2860_H2M_INTSRC, 0);
1181 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1182 goto fail;
1183
1184 /* wait until microcontroller is ready */
1185 for (ntries = 0; ntries < 1000; ntries++) {
1186 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1187 goto fail;
1188 if (tmp & RT2860_MCU_READY)
1189 break;
1190 run_delay(sc, 10);
1191 }
1192 if (ntries == 1000) {
1193 device_printf(sc->sc_dev,
1194 "timeout waiting for MCU to initialize\n");
1195 error = ETIMEDOUT;
1196 goto fail;
1197 }
1198 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1199 (base == fw->data) ? "RT2870" : "RT3071",
1200 *(base + 4092), *(base + 4093));
1201
1202fail:
1203 firmware_put(fw, FIRMWARE_UNLOAD);
1204 return (error);
1205}
1206
1207static int
1208run_reset(struct run_softc *sc)
1209{
1210 usb_device_request_t req;
1211
1212 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1213 req.bRequest = RT2870_RESET;
1214 USETW(req.wValue, 1);
1215 USETW(req.wIndex, 0);
1216 USETW(req.wLength, 0);
1217 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1218}
1219
1220static usb_error_t
1221run_do_request(struct run_softc *sc,
1222 struct usb_device_request *req, void *data)
1223{
1224 usb_error_t err;
1225 int ntries = 10;
1226
1227 RUN_LOCK_ASSERT(sc, MA_OWNED);
1228
1229 while (ntries--) {
1230 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1231 req, data, 0, NULL, 250 /* ms */);
1232 if (err == 0)
1233 break;
1234 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1235 usbd_errstr(err));
1236 run_delay(sc, 10);
1237 }
1238 return (err);
1239}
1240
1241static int
1242run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1243{
1244 uint32_t tmp;
1245 int error;
1246
1247 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1248 if (error == 0)
1249 *val = le32toh(tmp);
1250 else
1251 *val = 0xffffffff;
1252 return (error);
1253}
1254
1255static int
1256run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1257{
1258 usb_device_request_t req;
1259
1260 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1261 req.bRequest = RT2870_READ_REGION_1;
1262 USETW(req.wValue, 0);
1263 USETW(req.wIndex, reg);
1264 USETW(req.wLength, len);
1265
1266 return (run_do_request(sc, &req, buf));
1267}
1268
1269static int
1270run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1271{
1272 usb_device_request_t req;
1273
1274 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1275 req.bRequest = RT2870_WRITE_2;
1276 USETW(req.wValue, val);
1277 USETW(req.wIndex, reg);
1278 USETW(req.wLength, 0);
1279
1280 return (run_do_request(sc, &req, NULL));
1281}
1282
1283static int
1284run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1285{
1286 int error;
1287
1288 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1289 error = run_write_2(sc, reg + 2, val >> 16);
1290 return (error);
1291}
1292
1293static int
1294run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1295 int len)
1296{
1297#if 1
1298 int i, error = 0;
1299 /*
1300 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1301 * We thus issue multiple WRITE_2 commands instead.
1302 */
1303 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1304 for (i = 0; i < len && error == 0; i += 2)
1305 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1306 return (error);
1307#else
1308 usb_device_request_t req;
1309 int error = 0;
1310
1311 /*
1312 * NOTE: It appears the WRITE_REGION_1 command cannot be
1313 * passed a huge amount of data, which will crash the
1314 * firmware. Limit amount of data passed to 64-bytes at a
1315 * time.
1316 */
1317 while (len > 0) {
1318 int delta = 64;
1319 if (delta > len)
1320 delta = len;
1321
1322 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1323 req.bRequest = RT2870_WRITE_REGION_1;
1324 USETW(req.wValue, 0);
1325 USETW(req.wIndex, reg);
1326 USETW(req.wLength, delta);
1327 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1328 if (error != 0)
1329 break;
1330 reg += delta;
1331 buf += delta;
1332 len -= delta;
1333 }
1334 return (error);
1335#endif
1336}
1337
1338static int
1339run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1340{
1341 int i, error = 0;
1342
1343 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1344 for (i = 0; i < len && error == 0; i += 4)
1345 error = run_write(sc, reg + i, val);
1346 return (error);
1347}
1348
1349static int
1350run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1351{
1352 uint32_t tmp;
1353 uint16_t reg;
1354 int error, ntries;
1355
1356 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1357 return (error);
1358
1359 if (count == 2)
1360 addr *= 2;
1361 /*-
1362 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1363 * DATA0: F E D C
1364 * DATA1: B A 9 8
1365 * DATA2: 7 6 5 4
1366 * DATA3: 3 2 1 0
1367 */
1368 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1369 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1370 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1371 for (ntries = 0; ntries < 100; ntries++) {
1372 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1373 return (error);
1374 if (!(tmp & RT3070_EFSROM_KICK))
1375 break;
1376 run_delay(sc, 2);
1377 }
1378 if (ntries == 100)
1379 return (ETIMEDOUT);
1380
1381 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1382 *val = 0xffff; /* address not found */
1383 return (0);
1384 }
1385 /* determine to which 32-bit register our 16-bit word belongs */
1386 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1387 if ((error = run_read(sc, reg, &tmp)) != 0)
1388 return (error);
1389
1390 tmp >>= (8 * (addr & 0x3));
1391 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1392
1393 return (0);
1394}
1395
1396/* Read 16-bit from eFUSE ROM for RT3xxx. */
1397static int
1398run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1399{
1400 return (run_efuse_read(sc, addr, val, 2));
1401}
1402
1403static int
1404run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1405{
1406 usb_device_request_t req;
1407 uint16_t tmp;
1408 int error;
1409
1410 addr *= 2;
1411 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1412 req.bRequest = RT2870_EEPROM_READ;
1413 USETW(req.wValue, 0);
1414 USETW(req.wIndex, addr);
1415 USETW(req.wLength, sizeof(tmp));
1416
1417 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1418 if (error == 0)
1419 *val = le16toh(tmp);
1420 else
1421 *val = 0xffff;
1422 return (error);
1423}
1424
1425static __inline int
1426run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1427{
1428 /* either eFUSE ROM or EEPROM */
1429 return sc->sc_srom_read(sc, addr, val);
1430}
1431
1432static int
1433run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1434{
1435 uint32_t tmp;
1436 int error, ntries;
1437
1438 for (ntries = 0; ntries < 10; ntries++) {
1439 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1440 return (error);
1441 if (!(tmp & RT2860_RF_REG_CTRL))
1442 break;
1443 }
1444 if (ntries == 10)
1445 return (ETIMEDOUT);
1446
1447 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1448}
1449
1450static int
1451run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1452{
1453 uint32_t tmp;
1454 int error, ntries;
1455
1456 for (ntries = 0; ntries < 100; ntries++) {
1457 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1458 return (error);
1459 if (!(tmp & RT3070_RF_KICK))
1460 break;
1461 }
1462 if (ntries == 100)
1463 return (ETIMEDOUT);
1464
1465 tmp = RT3070_RF_KICK | reg << 8;
1466 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1467 return (error);
1468
1469 for (ntries = 0; ntries < 100; ntries++) {
1470 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1471 return (error);
1472 if (!(tmp & RT3070_RF_KICK))
1473 break;
1474 }
1475 if (ntries == 100)
1476 return (ETIMEDOUT);
1477
1478 *val = tmp & 0xff;
1479 return (0);
1480}
1481
1482static int
1483run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1484{
1485 uint32_t tmp;
1486 int error, ntries;
1487
1488 for (ntries = 0; ntries < 10; ntries++) {
1489 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1490 return (error);
1491 if (!(tmp & RT3070_RF_KICK))
1492 break;
1493 }
1494 if (ntries == 10)
1495 return (ETIMEDOUT);
1496
1497 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1498 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1499}
1500
1501static int
1502run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1503{
1504 uint32_t tmp;
1505 int ntries, error;
1506
1507 for (ntries = 0; ntries < 10; ntries++) {
1508 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1509 return (error);
1510 if (!(tmp & RT2860_BBP_CSR_KICK))
1511 break;
1512 }
1513 if (ntries == 10)
1514 return (ETIMEDOUT);
1515
1516 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1517 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1518 return (error);
1519
1520 for (ntries = 0; ntries < 10; ntries++) {
1521 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1522 return (error);
1523 if (!(tmp & RT2860_BBP_CSR_KICK))
1524 break;
1525 }
1526 if (ntries == 10)
1527 return (ETIMEDOUT);
1528
1529 *val = tmp & 0xff;
1530 return (0);
1531}
1532
1533static int
1534run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1535{
1536 uint32_t tmp;
1537 int ntries, error;
1538
1539 for (ntries = 0; ntries < 10; ntries++) {
1540 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1541 return (error);
1542 if (!(tmp & RT2860_BBP_CSR_KICK))
1543 break;
1544 }
1545 if (ntries == 10)
1546 return (ETIMEDOUT);
1547
1548 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1549 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1550}
1551
1552/*
1553 * Send a command to the 8051 microcontroller unit.
1554 */
1555static int
1556run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1557{
1558 uint32_t tmp;
1559 int error, ntries;
1560
1561 for (ntries = 0; ntries < 100; ntries++) {
1562 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1563 return error;
1564 if (!(tmp & RT2860_H2M_BUSY))
1565 break;
1566 }
1567 if (ntries == 100)
1568 return ETIMEDOUT;
1569
1570 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1571 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1572 error = run_write(sc, RT2860_HOST_CMD, cmd);
1573 return (error);
1574}
1575
1576/*
1577 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1578 * Used to adjust per-rate Tx power registers.
1579 */
1580static __inline uint32_t
1581b4inc(uint32_t b32, int8_t delta)
1582{
1583 int8_t i, b4;
1584
1585 for (i = 0; i < 8; i++) {
1586 b4 = b32 & 0xf;
1587 b4 += delta;
1588 if (b4 < 0)
1589 b4 = 0;
1590 else if (b4 > 0xf)
1591 b4 = 0xf;
1592 b32 = b32 >> 4 | b4 << 28;
1593 }
1594 return (b32);
1595}
1596
1597static const char *
1598run_get_rf(uint16_t rev)
1599{
1600 switch (rev) {
1601 case RT2860_RF_2820: return "RT2820";
1602 case RT2860_RF_2850: return "RT2850";
1603 case RT2860_RF_2720: return "RT2720";
1604 case RT2860_RF_2750: return "RT2750";
1605 case RT3070_RF_3020: return "RT3020";
1606 case RT3070_RF_2020: return "RT2020";
1607 case RT3070_RF_3021: return "RT3021";
1608 case RT3070_RF_3022: return "RT3022";
1609 case RT3070_RF_3052: return "RT3052";
1610 case RT3593_RF_3053: return "RT3053";
1611 case RT5592_RF_5592: return "RT5592";
1612 case RT5390_RF_5370: return "RT5370";
1613 case RT5390_RF_5372: return "RT5372";
1614 }
1615 return ("unknown");
1616}
1617
1618static void
1619run_rt3593_get_txpower(struct run_softc *sc)
1620{
1621 uint16_t addr, val;
1622 int i;
1623
1624 /* Read power settings for 2GHz channels. */
1625 for (i = 0; i < 14; i += 2) {
1626 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1627 RT2860_EEPROM_PWR2GHZ_BASE1;
1628 run_srom_read(sc, addr + i / 2, &val);
1629 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1630 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1631
1632 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1633 RT2860_EEPROM_PWR2GHZ_BASE2;
1634 run_srom_read(sc, addr + i / 2, &val);
1635 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1636 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1637
1638 if (sc->ntxchains == 3) {
1639 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1640 &val);
1641 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1642 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1643 }
1644 }
1645 /* Fix broken Tx power entries. */
1646 for (i = 0; i < 14; i++) {
1647 if (sc->txpow1[i] > 31)
1648 sc->txpow1[i] = 5;
1649 if (sc->txpow2[i] > 31)
1650 sc->txpow2[i] = 5;
1651 if (sc->ntxchains == 3) {
1652 if (sc->txpow3[i] > 31)
1653 sc->txpow3[i] = 5;
1654 }
1655 }
1656 /* Read power settings for 5GHz channels. */
1657 for (i = 0; i < 40; i += 2) {
1658 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1659 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1660 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1661
1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1663 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1664 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1665
1666 if (sc->ntxchains == 3) {
1667 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1668 &val);
1669 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1670 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1671 }
1672 }
1673}
1674
1675static void
1676run_get_txpower(struct run_softc *sc)
1677{
1678 uint16_t val;
1679 int i;
1680
1681 /* Read power settings for 2GHz channels. */
1682 for (i = 0; i < 14; i += 2) {
1683 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1684 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1685 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1686
1687 if (sc->mac_ver != 0x5390) {
1688 run_srom_read(sc,
1689 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1690 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1691 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1692 }
1693 }
1694 /* Fix broken Tx power entries. */
1695 for (i = 0; i < 14; i++) {
1696 if (sc->mac_ver >= 0x5390) {
1697 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1698 sc->txpow1[i] = 5;
1699 } else {
1700 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1701 sc->txpow1[i] = 5;
1702 }
1703 if (sc->mac_ver > 0x5390) {
1704 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1705 sc->txpow2[i] = 5;
1706 } else if (sc->mac_ver < 0x5390) {
1707 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1708 sc->txpow2[i] = 5;
1709 }
1710 DPRINTF("chan %d: power1=%d, power2=%d\n",
1711 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1712 }
1713 /* Read power settings for 5GHz channels. */
1714 for (i = 0; i < 40; i += 2) {
1715 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1716 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1717 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1718
1719 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1720 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1721 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1722 }
1723 /* Fix broken Tx power entries. */
1724 for (i = 0; i < 40; i++ ) {
1725 if (sc->mac_ver != 0x5592) {
1726 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1727 sc->txpow1[14 + i] = 5;
1728 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1729 sc->txpow2[14 + i] = 5;
1730 }
1731 DPRINTF("chan %d: power1=%d, power2=%d\n",
1732 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1733 sc->txpow2[14 + i]);
1734 }
1735}
1736
1737static int
1738run_read_eeprom(struct run_softc *sc)
1739{
1740 int8_t delta_2ghz, delta_5ghz;
1741 uint32_t tmp;
1742 uint16_t val;
1743 int ridx, ant, i;
1744
1745 /* check whether the ROM is eFUSE ROM or EEPROM */
1746 sc->sc_srom_read = run_eeprom_read_2;
1747 if (sc->mac_ver >= 0x3070) {
1748 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1749 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1750 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1751 sc->sc_srom_read = run_efuse_read_2;
1752 }
1753
1754 /* read ROM version */
1755 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1756 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1757
1758 /* read MAC address */
1759 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1760 sc->sc_bssid[0] = val & 0xff;
1761 sc->sc_bssid[1] = val >> 8;
1762 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1763 sc->sc_bssid[2] = val & 0xff;
1764 sc->sc_bssid[3] = val >> 8;
1765 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1766 sc->sc_bssid[4] = val & 0xff;
1767 sc->sc_bssid[5] = val >> 8;
1768
1769 if (sc->mac_ver < 0x3593) {
1770 /* read vender BBP settings */
1771 for (i = 0; i < 10; i++) {
1772 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1773 sc->bbp[i].val = val & 0xff;
1774 sc->bbp[i].reg = val >> 8;
1775 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1776 sc->bbp[i].val);
1777 }
1778 if (sc->mac_ver >= 0x3071) {
1779 /* read vendor RF settings */
1780 for (i = 0; i < 10; i++) {
1781 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1782 &val);
1783 sc->rf[i].val = val & 0xff;
1784 sc->rf[i].reg = val >> 8;
1785 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1786 sc->rf[i].val);
1787 }
1788 }
1789 }
1790
1791 /* read RF frequency offset from EEPROM */
1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1793 RT3593_EEPROM_FREQ, &val);
1794 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1795 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1796
1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1798 RT3593_EEPROM_FREQ_LEDS, &val);
1799 if (val >> 8 != 0xff) {
1800 /* read LEDs operating mode */
1801 sc->leds = val >> 8;
1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1803 RT3593_EEPROM_LED1, &sc->led[0]);
1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1805 RT3593_EEPROM_LED2, &sc->led[1]);
1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1807 RT3593_EEPROM_LED3, &sc->led[2]);
1808 } else {
1809 /* broken EEPROM, use default settings */
1810 sc->leds = 0x01;
1811 sc->led[0] = 0x5555;
1812 sc->led[1] = 0x2221;
1813 sc->led[2] = 0x5627; /* differs from RT2860 */
1814 }
1815 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1816 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1817
1818 /* read RF information */
1819 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1820 run_srom_read(sc, 0x00, &val);
1821 else
1822 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1823
1824 if (val == 0xffff) {
1825 device_printf(sc->sc_dev,
1826 "invalid EEPROM antenna info, using default\n");
1827 DPRINTF("invalid EEPROM antenna info, using default\n");
1828 if (sc->mac_ver == 0x3572) {
1829 /* default to RF3052 2T2R */
1830 sc->rf_rev = RT3070_RF_3052;
1831 sc->ntxchains = 2;
1832 sc->nrxchains = 2;
1833 } else if (sc->mac_ver >= 0x3070) {
1834 /* default to RF3020 1T1R */
1835 sc->rf_rev = RT3070_RF_3020;
1836 sc->ntxchains = 1;
1837 sc->nrxchains = 1;
1838 } else {
1839 /* default to RF2820 1T2R */
1840 sc->rf_rev = RT2860_RF_2820;
1841 sc->ntxchains = 1;
1842 sc->nrxchains = 2;
1843 }
1844 } else {
1845 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1846 sc->rf_rev = val;
1847 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1848 } else
1849 sc->rf_rev = (val >> 8) & 0xf;
1850 sc->ntxchains = (val >> 4) & 0xf;
1851 sc->nrxchains = val & 0xf;
1852 }
1853 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1854 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1855
1856 /* check if RF supports automatic Tx access gain control */
1857 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1858 DPRINTF("EEPROM CFG 0x%04x\n", val);
1859 /* check if driver should patch the DAC issue */
1860 if ((val >> 8) != 0xff)
1861 sc->patch_dac = (val >> 15) & 1;
1862 if ((val & 0xff) != 0xff) {
1863 sc->ext_5ghz_lna = (val >> 3) & 1;
1864 sc->ext_2ghz_lna = (val >> 2) & 1;
1865 /* check if RF supports automatic Tx access gain control */
1866 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1867 /* check if we have a hardware radio switch */
1868 sc->rfswitch = val & 1;
1869 }
1870
1871 /* Read Tx power settings. */
1872 if (sc->mac_ver == 0x3593)
1873 run_rt3593_get_txpower(sc);
1874 else
1875 run_get_txpower(sc);
1876
1877 /* read Tx power compensation for each Tx rate */
1878 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1879 delta_2ghz = delta_5ghz = 0;
1880 if ((val & 0xff) != 0xff && (val & 0x80)) {
1881 delta_2ghz = val & 0xf;
1882 if (!(val & 0x40)) /* negative number */
1883 delta_2ghz = -delta_2ghz;
1884 }
1885 val >>= 8;
1886 if ((val & 0xff) != 0xff && (val & 0x80)) {
1887 delta_5ghz = val & 0xf;
1888 if (!(val & 0x40)) /* negative number */
1889 delta_5ghz = -delta_5ghz;
1890 }
1891 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1892 delta_2ghz, delta_5ghz);
1893
1894 for (ridx = 0; ridx < 5; ridx++) {
1895 uint32_t reg;
1896
1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1898 reg = val;
1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1900 reg |= (uint32_t)val << 16;
1901
1902 sc->txpow20mhz[ridx] = reg;
1903 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1904 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1905
1906 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1907 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1908 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1909 }
1910
1911 /* Read RSSI offsets and LNA gains from EEPROM. */
1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1913 RT3593_EEPROM_RSSI1_2GHZ, &val);
1914 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1915 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1917 RT3593_EEPROM_RSSI2_2GHZ, &val);
1918 if (sc->mac_ver >= 0x3070) {
1919 if (sc->mac_ver == 0x3593) {
1920 sc->txmixgain_2ghz = 0;
1921 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1922 } else {
1923 /*
1924 * On RT3070 chips (limited to 2 Rx chains), this ROM
1925 * field contains the Tx mixer gain for the 2GHz band.
1926 */
1927 if ((val & 0xff) != 0xff)
1928 sc->txmixgain_2ghz = val & 0x7;
1929 }
1930 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1931 } else
1932 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1933 if (sc->mac_ver == 0x3593)
1934 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1935 sc->lna[2] = val >> 8; /* channel group 2 */
1936
1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1938 RT3593_EEPROM_RSSI1_5GHZ, &val);
1939 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1940 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1942 RT3593_EEPROM_RSSI2_5GHZ, &val);
1943 if (sc->mac_ver == 0x3572) {
1944 /*
1945 * On RT3572 chips (limited to 2 Rx chains), this ROM
1946 * field contains the Tx mixer gain for the 5GHz band.
1947 */
1948 if ((val & 0xff) != 0xff)
1949 sc->txmixgain_5ghz = val & 0x7;
1950 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1951 } else
1952 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1953 if (sc->mac_ver == 0x3593) {
1954 sc->txmixgain_5ghz = 0;
1955 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1956 }
1957 sc->lna[3] = val >> 8; /* channel group 3 */
1958
1959 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1960 RT3593_EEPROM_LNA, &val);
1961 sc->lna[0] = val & 0xff; /* channel group 0 */
1962 sc->lna[1] = val >> 8; /* channel group 1 */
1963
1964 /* fix broken 5GHz LNA entries */
1965 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1966 DPRINTF("invalid LNA for channel group %d\n", 2);
1967 sc->lna[2] = sc->lna[1];
1968 }
1969 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1970 DPRINTF("invalid LNA for channel group %d\n", 3);
1971 sc->lna[3] = sc->lna[1];
1972 }
1973
1974 /* fix broken RSSI offset entries */
1975 for (ant = 0; ant < 3; ant++) {
1976 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1977 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1978 ant + 1, sc->rssi_2ghz[ant]);
1979 sc->rssi_2ghz[ant] = 0;
1980 }
1981 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1982 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1983 ant + 1, sc->rssi_5ghz[ant]);
1984 sc->rssi_5ghz[ant] = 0;
1985 }
1986 }
1987 return (0);
1988}
1989
1990static struct ieee80211_node *
1991run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1992{
1993 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
1994}
1995
1996static int
1997run_media_change(struct ifnet *ifp)
1998{
1999 struct ieee80211vap *vap = ifp->if_softc;
2000 struct ieee80211com *ic = vap->iv_ic;
2001 const struct ieee80211_txparam *tp;
2002 struct run_softc *sc = ic->ic_ifp->if_softc;
2003 uint8_t rate, ridx;
2004 int error;
2005
2006 RUN_LOCK(sc);
2007
2008 error = ieee80211_media_change(ifp);
2009 if (error != ENETRESET) {
2010 RUN_UNLOCK(sc);
2011 return (error);
2012 }
2013
2014 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2015 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2016 struct ieee80211_node *ni;
2017 struct run_node *rn;
2018
2019 rate = ic->ic_sup_rates[ic->ic_curmode].
2020 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2021 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2022 if (rt2860_rates[ridx].rate == rate)
2023 break;
2024 ni = ieee80211_ref_node(vap->iv_bss);
2025 rn = (struct run_node *)ni;
2026 rn->fix_ridx = ridx;
2027 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2028 ieee80211_free_node(ni);
2029 }
2030
2031#if 0
2032 if ((ifp->if_flags & IFF_UP) &&
2033 (ifp->if_drv_flags & IFF_DRV_RUNNING)){
2034 run_init_locked(sc);
2035 }
2036#endif
2037
2038 RUN_UNLOCK(sc);
2039
2040 return (0);
2041}
2042
2043static int
2044run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2045{
2046 const struct ieee80211_txparam *tp;
2047 struct ieee80211com *ic = vap->iv_ic;
2048 struct run_softc *sc = ic->ic_ifp->if_softc;
2049 struct run_vap *rvp = RUN_VAP(vap);
2050 enum ieee80211_state ostate;
2051 uint32_t sta[3];
2052 uint32_t tmp;
2053 uint8_t ratectl;
2054 uint8_t restart_ratectl = 0;
2055 uint8_t bid = 1 << rvp->rvp_id;
2056
2057 ostate = vap->iv_state;
2058 DPRINTF("%s -> %s\n",
2059 ieee80211_state_name[ostate],
2060 ieee80211_state_name[nstate]);
2061
2062 IEEE80211_UNLOCK(ic);
2063 RUN_LOCK(sc);
2064
2065 ratectl = sc->ratectl_run; /* remember current state */
2066 sc->ratectl_run = RUN_RATECTL_OFF;
2067 usb_callout_stop(&sc->ratectl_ch);
2068
2069 if (ostate == IEEE80211_S_RUN) {
2070 /* turn link LED off */
2071 run_set_leds(sc, RT2860_LED_RADIO);
2072 }
2073
2074 switch (nstate) {
2075 case IEEE80211_S_INIT:
2076 restart_ratectl = 1;
2077
2078 if (ostate != IEEE80211_S_RUN)
2079 break;
2080
2081 ratectl &= ~bid;
2082 sc->runbmap &= ~bid;
2083
2084 /* abort TSF synchronization if there is no vap running */
2085 if (--sc->running == 0) {
2086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2087 run_write(sc, RT2860_BCN_TIME_CFG,
2088 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2089 RT2860_TBTT_TIMER_EN));
2090 }
2091 break;
2092
2093 case IEEE80211_S_RUN:
2094 if (!(sc->runbmap & bid)) {
2095 if(sc->running++)
2096 restart_ratectl = 1;
2097 sc->runbmap |= bid;
2098 }
2099
2100 m_freem(rvp->beacon_mbuf);
2101 rvp->beacon_mbuf = NULL;
2102
2103 switch (vap->iv_opmode) {
2104 case IEEE80211_M_HOSTAP:
2105 case IEEE80211_M_MBSS:
2106 sc->ap_running |= bid;
2107 ic->ic_opmode = vap->iv_opmode;
2108 run_update_beacon_cb(vap);
2109 break;
2110 case IEEE80211_M_IBSS:
2111 sc->adhoc_running |= bid;
2112 if (!sc->ap_running)
2113 ic->ic_opmode = vap->iv_opmode;
2114 run_update_beacon_cb(vap);
2115 break;
2116 case IEEE80211_M_STA:
2117 sc->sta_running |= bid;
2118 if (!sc->ap_running && !sc->adhoc_running)
2119 ic->ic_opmode = vap->iv_opmode;
2120
2121 /* read statistic counters (clear on read) */
2122 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2123 (uint8_t *)sta, sizeof sta);
2124
2125 break;
2126 default:
2127 ic->ic_opmode = vap->iv_opmode;
2128 break;
2129 }
2130
2131 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2132 struct ieee80211_node *ni;
2133
2134 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2135 RUN_UNLOCK(sc);
2136 IEEE80211_LOCK(ic);
2137 return (-1);
2138 }
2139 run_updateslot(ic->ic_ifp);
2140 run_enable_mrr(sc);
2141 run_set_txpreamble(sc);
2142 run_set_basicrates(sc);
2143 ni = ieee80211_ref_node(vap->iv_bss);
2144 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2145 run_set_bssid(sc, ni->ni_bssid);
2146 ieee80211_free_node(ni);
2147 run_enable_tsf_sync(sc);
2148
2149 /* enable automatic rate adaptation */
2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2152 ratectl |= bid;
2153 }
2154
2155 /* turn link LED on */
2156 run_set_leds(sc, RT2860_LED_RADIO |
2157 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2158 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2159
2160 break;
2161 default:
2162 DPRINTFN(6, "undefined case\n");
2163 break;
2164 }
2165
2166 /* restart amrr for running VAPs */
2167 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2168 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2169
2170 RUN_UNLOCK(sc);
2171 IEEE80211_LOCK(ic);
2172
2173 return(rvp->newstate(vap, nstate, arg));
2174}
2175
2176/* ARGSUSED */
2177static void
2178run_wme_update_cb(void *arg)
2179{
2180 struct ieee80211com *ic = arg;
2181 struct run_softc *sc = ic->ic_ifp->if_softc;
2182 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
2183 int aci, error = 0;
2184
2185 RUN_LOCK_ASSERT(sc, MA_OWNED);
2186
2187 /* update MAC TX configuration registers */
2188 for (aci = 0; aci < WME_NUM_AC; aci++) {
2189 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2190 wmesp->wme_params[aci].wmep_logcwmax << 16 |
2191 wmesp->wme_params[aci].wmep_logcwmin << 12 |
2192 wmesp->wme_params[aci].wmep_aifsn << 8 |
2193 wmesp->wme_params[aci].wmep_txopLimit);
2194 if (error) goto err;
2195 }
2196
2197 /* update SCH/DMA registers too */
2198 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2199 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
2200 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
2201 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
2202 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
2203 if (error) goto err;
2204 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2205 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
2206 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
2207 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
2208 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
2209 if (error) goto err;
2210 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2211 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
2212 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
2213 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
2214 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
2215 if (error) goto err;
2216 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2217 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
2218 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
2219 if (error) goto err;
2220 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2221 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
2222 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
2223
2224err:
2225 if (error)
2226 DPRINTF("WME update failed\n");
2227
2228 return;
2229}
2230
2231static int
2232run_wme_update(struct ieee80211com *ic)
2233{
2234 struct run_softc *sc = ic->ic_ifp->if_softc;
2235
2236 /* sometime called wothout lock */
2237 if (mtx_owned(&ic->ic_comlock.mtx)) {
2238 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2239 DPRINTF("cmdq_store=%d\n", i);
2240 sc->cmdq[i].func = run_wme_update_cb;
2241 sc->cmdq[i].arg0 = ic;
2242 ieee80211_runtask(ic, &sc->cmdq_task);
2243 return (0);
2244 }
2245
2246 RUN_LOCK(sc);
2247 run_wme_update_cb(ic);
2248 RUN_UNLOCK(sc);
2249
2250 /* return whatever, upper layer desn't care anyway */
2251 return (0);
2252}
2253
2254static void
2255run_key_update_begin(struct ieee80211vap *vap)
2256{
2257 /*
2258 * To avoid out-of-order events, both run_key_set() and
2259 * _delete() are deferred and handled by run_cmdq_cb().
2260 * So, there is nothing we need to do here.
2261 */
2262}
2263
2264static void
2265run_key_update_end(struct ieee80211vap *vap)
2266{
2267 /* null */
2268}
2269
2270static void
2271run_key_set_cb(void *arg)
2272{
2273 struct run_cmdq *cmdq = arg;
2274 struct ieee80211vap *vap = cmdq->arg1;
2275 struct ieee80211_key *k = cmdq->k;
2276 struct ieee80211com *ic = vap->iv_ic;
2277 struct run_softc *sc = ic->ic_ifp->if_softc;
2278 struct ieee80211_node *ni;
2279 uint32_t attr;
2280 uint16_t base, associd;
2281 uint8_t mode, wcid, iv[8];
2282
2283 RUN_LOCK_ASSERT(sc, MA_OWNED);
2284
2285 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2286 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2287 else
2288 ni = vap->iv_bss;
2289 associd = (ni != NULL) ? ni->ni_associd : 0;
2290
2291 /* map net80211 cipher to RT2860 security mode */
2292 switch (k->wk_cipher->ic_cipher) {
2293 case IEEE80211_CIPHER_WEP:
2294 if(k->wk_keylen < 8)
2295 mode = RT2860_MODE_WEP40;
2296 else
2297 mode = RT2860_MODE_WEP104;
2298 break;
2299 case IEEE80211_CIPHER_TKIP:
2300 mode = RT2860_MODE_TKIP;
2301 break;
2302 case IEEE80211_CIPHER_AES_CCM:
2303 mode = RT2860_MODE_AES_CCMP;
2304 break;
2305 default:
2306 DPRINTF("undefined case\n");
2307 return;
2308 }
2309
2310 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2311 associd, k->wk_keyix, mode,
2312 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2313 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2314 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2315
2316 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2317 wcid = 0; /* NB: update WCID0 for group keys */
2318 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2319 } else {
2320 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2321 1 : RUN_AID2WCID(associd);
2322 base = RT2860_PKEY(wcid);
2323 }
2324
2325 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2326 if(run_write_region_1(sc, base, k->wk_key, 16))
2327 return;
2328 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2329 return;
2330 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2331 return;
2332 } else {
2333 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2334 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2335 return;
2336 }
2337
2338 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2339 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2340 /* set initial packet number in IV+EIV */
2341 if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
2342 memset(iv, 0, sizeof iv);
2343 iv[3] = vap->iv_def_txkey << 6;
2344 } else {
2345 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2346 iv[0] = k->wk_keytsc >> 8;
2347 iv[1] = (iv[0] | 0x20) & 0x7f;
2348 iv[2] = k->wk_keytsc;
2349 } else /* CCMP */ {
2350 iv[0] = k->wk_keytsc;
2351 iv[1] = k->wk_keytsc >> 8;
2352 iv[2] = 0;
2353 }
2354 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2355 iv[4] = k->wk_keytsc >> 16;
2356 iv[5] = k->wk_keytsc >> 24;
2357 iv[6] = k->wk_keytsc >> 32;
2358 iv[7] = k->wk_keytsc >> 40;
2359 }
2360 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2361 return;
2362 }
2363
2364 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2365 /* install group key */
2366 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2367 return;
2368 attr &= ~(0xf << (k->wk_keyix * 4));
2369 attr |= mode << (k->wk_keyix * 4);
2370 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2371 return;
2372 } else {
2373 /* install pairwise key */
2374 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2375 return;
2376 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2377 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2378 return;
2379 }
2380
2381 /* TODO create a pass-thru key entry? */
2382
2383 /* need wcid to delete the right key later */
2384 k->wk_pad = wcid;
2385}
2386
2387/*
2388 * Don't have to be deferred, but in order to keep order of
2389 * execution, i.e. with run_key_delete(), defer this and let
2390 * run_cmdq_cb() maintain the order.
2391 *
2392 * return 0 on error
2393 */
2394static int
2395run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2396 const uint8_t mac[IEEE80211_ADDR_LEN])
2397{
2398 struct ieee80211com *ic = vap->iv_ic;
2399 struct run_softc *sc = ic->ic_ifp->if_softc;
2400 uint32_t i;
2401
2402 i = RUN_CMDQ_GET(&sc->cmdq_store);
2403 DPRINTF("cmdq_store=%d\n", i);
2404 sc->cmdq[i].func = run_key_set_cb;
2405 sc->cmdq[i].arg0 = NULL;
2406 sc->cmdq[i].arg1 = vap;
2407 sc->cmdq[i].k = k;
2408 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2409 ieee80211_runtask(ic, &sc->cmdq_task);
2410
2411 /*
2412 * To make sure key will be set when hostapd
2413 * calls iv_key_set() before if_init().
2414 */
2415 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2416 RUN_LOCK(sc);
2417 sc->cmdq_key_set = RUN_CMDQ_GO;
2418 RUN_UNLOCK(sc);
2419 }
2420
2421 return (1);
2422}
2423
2424/*
2425 * If wlan is destroyed without being brought down i.e. without
2426 * wlan down or wpa_cli terminate, this function is called after
2427 * vap is gone. Don't refer it.
2428 */
2429static void
2430run_key_delete_cb(void *arg)
2431{
2432 struct run_cmdq *cmdq = arg;
2433 struct run_softc *sc = cmdq->arg1;
2434 struct ieee80211_key *k = &cmdq->key;
2435 uint32_t attr;
2436 uint8_t wcid;
2437
2438 RUN_LOCK_ASSERT(sc, MA_OWNED);
2439
2440 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2441 /* remove group key */
2442 DPRINTF("removing group key\n");
2443 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2444 attr &= ~(0xf << (k->wk_keyix * 4));
2445 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2446 } else {
2447 /* remove pairwise key */
2448 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2449 /* matching wcid was written to wk_pad in run_key_set() */
2450 wcid = k->wk_pad;
2451 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2452 attr &= ~0xf;
2453 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2454 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2455 }
2456
2457 k->wk_pad = 0;
2458}
2459
2460/*
2461 * return 0 on error
2462 */
2463static int
2464run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2465{
2466 struct ieee80211com *ic = vap->iv_ic;
2467 struct run_softc *sc = ic->ic_ifp->if_softc;
2468 struct ieee80211_key *k0;
2469 uint32_t i;
2470
2471 /*
2472 * When called back, key might be gone. So, make a copy
2473 * of some values need to delete keys before deferring.
2474 * But, because of LOR with node lock, cannot use lock here.
2475 * So, use atomic instead.
2476 */
2477 i = RUN_CMDQ_GET(&sc->cmdq_store);
2478 DPRINTF("cmdq_store=%d\n", i);
2479 sc->cmdq[i].func = run_key_delete_cb;
2480 sc->cmdq[i].arg0 = NULL;
2481 sc->cmdq[i].arg1 = sc;
2482 k0 = &sc->cmdq[i].key;
2483 k0->wk_flags = k->wk_flags;
2484 k0->wk_keyix = k->wk_keyix;
2485 /* matching wcid was written to wk_pad in run_key_set() */
2486 k0->wk_pad = k->wk_pad;
2487 ieee80211_runtask(ic, &sc->cmdq_task);
2488 return (1); /* return fake success */
2489
2490}
2491
2492static void
2493run_ratectl_to(void *arg)
2494{
2495 struct run_softc *sc = arg;
2496
2497 /* do it in a process context, so it can go sleep */
2498 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2499 /* next timeout will be rescheduled in the callback task */
2500}
2501
2502/* ARGSUSED */
2503static void
2504run_ratectl_cb(void *arg, int pending)
2505{
2506 struct run_softc *sc = arg;
2507 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2508 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2509
2510 if (vap == NULL)
2511 return;
2512
2513 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2514 /*
2515 * run_reset_livelock() doesn't do anything with AMRR,
2516 * but Ralink wants us to call it every 1 sec. So, we
2517 * piggyback here rather than creating another callout.
2518 * Livelock may occur only in HOSTAP or IBSS mode
2519 * (when h/w is sending beacons).
2520 */
2521 RUN_LOCK(sc);
2522 run_reset_livelock(sc);
2523 /* just in case, there are some stats to drain */
2524 run_drain_fifo(sc);
2525 RUN_UNLOCK(sc);
2526 }
2527
2528 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2529
2530 RUN_LOCK(sc);
2531 if(sc->ratectl_run != RUN_RATECTL_OFF)
2532 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2533 RUN_UNLOCK(sc);
2534}
2535
2536static void
2537run_drain_fifo(void *arg)
2538{
2539 struct run_softc *sc = arg;
2540 struct ifnet *ifp = sc->sc_ifp;
2541 uint32_t stat;
2542 uint16_t (*wstat)[3];
2543 uint8_t wcid, mcs, pid;
2544 int8_t retry;
2545
2546 RUN_LOCK_ASSERT(sc, MA_OWNED);
2547
2548 for (;;) {
2549 /* drain Tx status FIFO (maxsize = 16) */
2550 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2551 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2552 if (!(stat & RT2860_TXQ_VLD))
2553 break;
2554
2555 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2556
2557 /* if no ACK was requested, no feedback is available */
2558 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2559 wcid == 0)
2560 continue;
2561
2562 /*
2563 * Even though each stat is Tx-complete-status like format,
2564 * the device can poll stats. Because there is no guarantee
2565 * that the referring node is still around when read the stats.
2566 * So that, if we use ieee80211_ratectl_tx_update(), we will
2567 * have hard time not to refer already freed node.
2568 *
2569 * To eliminate such page faults, we poll stats in softc.
2570 * Then, update the rates later with ieee80211_ratectl_tx_update().
2571 */
2572 wstat = &(sc->wcid_stats[wcid]);
2573 (*wstat)[RUN_TXCNT]++;
2574 if (stat & RT2860_TXQ_OK)
2575 (*wstat)[RUN_SUCCESS]++;
2576 else
2577 ifp->if_oerrors++;
2578 /*
2579 * Check if there were retries, ie if the Tx success rate is
2580 * different from the requested rate. Note that it works only
2581 * because we do not allow rate fallback from OFDM to CCK.
2582 */
2583 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2584 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2585 if ((retry = pid -1 - mcs) > 0) {
2586 (*wstat)[RUN_TXCNT] += retry;
2587 (*wstat)[RUN_RETRY] += retry;
2588 }
2589 }
2590 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2591
2592 sc->fifo_cnt = 0;
2593}
2594
2595static void
2596run_iter_func(void *arg, struct ieee80211_node *ni)
2597{
2598 struct run_softc *sc = arg;
2599 struct ieee80211vap *vap = ni->ni_vap;
2600 struct ieee80211com *ic = ni->ni_ic;
2601 struct ifnet *ifp = ic->ic_ifp;
2602 struct run_node *rn = (void *)ni;
2603 union run_stats sta[2];
2604 uint16_t (*wstat)[3];
2605 int txcnt, success, retrycnt, error;
2606
2607 RUN_LOCK(sc);
2608
2609 /* Check for special case */
2610 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2611 ni != vap->iv_bss)
2612 goto fail;
2613
2614 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2615 vap->iv_opmode == IEEE80211_M_STA)) {
2616 /* read statistic counters (clear on read) and update AMRR state */
2617 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2618 sizeof sta);
2619 if (error != 0)
2620 goto fail;
2621
2622 /* count failed TX as errors */
2623 ifp->if_oerrors += le16toh(sta[0].error.fail);
2624
2625 retrycnt = le16toh(sta[1].tx.retry);
2626 success = le16toh(sta[1].tx.success);
2627 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2628
2629 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2630 retrycnt, success, le16toh(sta[0].error.fail));
2631 } else {
2632 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2633
2634 if (wstat == &(sc->wcid_stats[0]) ||
2635 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2636 goto fail;
2637
2638 txcnt = (*wstat)[RUN_TXCNT];
2639 success = (*wstat)[RUN_SUCCESS];
2640 retrycnt = (*wstat)[RUN_RETRY];
2641 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2642 retrycnt, txcnt, success);
2643
2644 memset(wstat, 0, sizeof(*wstat));
2645 }
2646
2647 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2648 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2649
2650fail:
2651 RUN_UNLOCK(sc);
2652
2653 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2654}
2655
2656static void
2657run_newassoc_cb(void *arg)
2658{
2659 struct run_cmdq *cmdq = arg;
2660 struct ieee80211_node *ni = cmdq->arg1;
2661 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2662 uint8_t wcid = cmdq->wcid;
2663
2664 RUN_LOCK_ASSERT(sc, MA_OWNED);
2665
2666 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2667 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2668
2669 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2670}
2671
2672static void
2673run_newassoc(struct ieee80211_node *ni, int isnew)
2674{
2675 struct run_node *rn = (void *)ni;
2676 struct ieee80211_rateset *rs = &ni->ni_rates;
2677 struct ieee80211vap *vap = ni->ni_vap;
2678 struct ieee80211com *ic = vap->iv_ic;
2679 struct run_softc *sc = ic->ic_ifp->if_softc;
2680 uint8_t rate;
2681 uint8_t ridx;
2682 uint8_t wcid;
2683 int i, j;
2684
2685 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2686 1 : RUN_AID2WCID(ni->ni_associd);
2687
2688 if (wcid > RT2870_WCID_MAX) {
2689 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2690 return;
2691 }
2692
2693 /* only interested in true associations */
2694 if (isnew && ni->ni_associd != 0) {
2695
2696 /*
2697 * This function could is called though timeout function.
2698 * Need to defer.
2699 */
2700 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2701 DPRINTF("cmdq_store=%d\n", cnt);
2702 sc->cmdq[cnt].func = run_newassoc_cb;
2703 sc->cmdq[cnt].arg0 = NULL;
2704 sc->cmdq[cnt].arg1 = ni;
2705 sc->cmdq[cnt].wcid = wcid;
2706 ieee80211_runtask(ic, &sc->cmdq_task);
2707 }
2708
2709 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2710 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2711
2712 for (i = 0; i < rs->rs_nrates; i++) {
2713 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2714 /* convert 802.11 rate to hardware rate index */
2715 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2716 if (rt2860_rates[ridx].rate == rate)
2717 break;
2718 rn->ridx[i] = ridx;
2719 /* determine rate of control response frames */
2720 for (j = i; j >= 0; j--) {
2721 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2722 rt2860_rates[rn->ridx[i]].phy ==
2723 rt2860_rates[rn->ridx[j]].phy)
2724 break;
2725 }
2726 if (j >= 0) {
2727 rn->ctl_ridx[i] = rn->ridx[j];
2728 } else {
2729 /* no basic rate found, use mandatory one */
2730 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2731 }
2732 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2733 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2734 }
2735 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2736 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2737 if (rt2860_rates[ridx].rate == rate)
2738 break;
2739 rn->mgt_ridx = ridx;
2740 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2741
2742 RUN_LOCK(sc);
2743 if(sc->ratectl_run != RUN_RATECTL_OFF)
2744 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2745 RUN_UNLOCK(sc);
2746}
2747
2748/*
2749 * Return the Rx chain with the highest RSSI for a given frame.
2750 */
2751static __inline uint8_t
2752run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2753{
2754 uint8_t rxchain = 0;
2755
2756 if (sc->nrxchains > 1) {
2757 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2758 rxchain = 1;
2759 if (sc->nrxchains > 2)
2760 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2761 rxchain = 2;
2762 }
2763 return (rxchain);
2764}
2765
2766static void
2767run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2768{
2769 struct ifnet *ifp = sc->sc_ifp;
2770 struct ieee80211com *ic = ifp->if_l2com;
2771 struct ieee80211_frame *wh;
2772 struct ieee80211_node *ni;
2773 struct rt2870_rxd *rxd;
2774 struct rt2860_rxwi *rxwi;
2775 uint32_t flags;
2776 uint16_t len, rxwisize;
2777 uint8_t ant, rssi;
2778 int8_t nf;
2779
2780 rxwi = mtod(m, struct rt2860_rxwi *);
2781 len = le16toh(rxwi->len) & 0xfff;
2782 rxwisize = sizeof(struct rt2860_rxwi);
2783 if (sc->mac_ver == 0x5592)
2784 rxwisize += sizeof(uint64_t);
2785 else if (sc->mac_ver == 0x3593)
2786 rxwisize += sizeof(uint32_t);
2787 if (__predict_false(len > dmalen)) {
2788 m_freem(m);
2789 ifp->if_ierrors++;
2790 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2791 return;
2792 }
2793 /* Rx descriptor is located at the end */
2794 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2795 flags = le32toh(rxd->flags);
2796
2797 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2798 m_freem(m);
2799 ifp->if_ierrors++;
2800 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2801 return;
2802 }
2803
2804 m->m_data += rxwisize;
2805 m->m_pkthdr.len = m->m_len -= rxwisize;
2806
2807 wh = mtod(m, struct ieee80211_frame *);
2808
2809 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2810 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2811 m->m_flags |= M_WEP;
2812 }
2813
2814 if (flags & RT2860_RX_L2PAD) {
2815 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2816 len += 2;
2817 }
2818
2819 ni = ieee80211_find_rxnode(ic,
2820 mtod(m, struct ieee80211_frame_min *));
2821
2822 if (__predict_false(flags & RT2860_RX_MICERR)) {
2823 /* report MIC failures to net80211 for TKIP */
2824 if (ni != NULL)
2825 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2826 rxwi->keyidx);
2827 m_freem(m);
2828 ifp->if_ierrors++;
2829 DPRINTF("MIC error. Someone is lying.\n");
2830 return;
2831 }
2832
2833 ant = run_maxrssi_chain(sc, rxwi);
2834 rssi = rxwi->rssi[ant];
2835 nf = run_rssi2dbm(sc, rssi, ant);
2836
2837 m->m_pkthdr.rcvif = ifp;
2838 m->m_pkthdr.len = m->m_len = len;
2839
2840 if (ni != NULL) {
2841 (void)ieee80211_input(ni, m, rssi, nf);
2842 ieee80211_free_node(ni);
2843 } else {
2844 (void)ieee80211_input_all(ic, m, rssi, nf);
2845 }
2846
2847 if (__predict_false(ieee80211_radiotap_active(ic))) {
2848 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2849 uint16_t phy;
2850
2851 tap->wr_flags = 0;
2852 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2853 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2854 tap->wr_antsignal = rssi;
2855 tap->wr_antenna = ant;
2856 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2857 tap->wr_rate = 2; /* in case it can't be found below */
2858 phy = le16toh(rxwi->phy);
2859 switch (phy & RT2860_PHY_MODE) {
2860 case RT2860_PHY_CCK:
2861 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2862 case 0: tap->wr_rate = 2; break;
2863 case 1: tap->wr_rate = 4; break;
2864 case 2: tap->wr_rate = 11; break;
2865 case 3: tap->wr_rate = 22; break;
2866 }
2867 if (phy & RT2860_PHY_SHPRE)
2868 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2869 break;
2870 case RT2860_PHY_OFDM:
2871 switch (phy & RT2860_PHY_MCS) {
2872 case 0: tap->wr_rate = 12; break;
2873 case 1: tap->wr_rate = 18; break;
2874 case 2: tap->wr_rate = 24; break;
2875 case 3: tap->wr_rate = 36; break;
2876 case 4: tap->wr_rate = 48; break;
2877 case 5: tap->wr_rate = 72; break;
2878 case 6: tap->wr_rate = 96; break;
2879 case 7: tap->wr_rate = 108; break;
2880 }
2881 break;
2882 }
2883 }
2884}
2885
2886static void
2887run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2888{
2889 struct run_softc *sc = usbd_xfer_softc(xfer);
2890 struct ifnet *ifp = sc->sc_ifp;
2891 struct mbuf *m = NULL;
2892 struct mbuf *m0;
2893 uint32_t dmalen;
2894 uint16_t rxwisize;
2895 int xferlen;
2896
2897 rxwisize = sizeof(struct rt2860_rxwi);
2898 if (sc->mac_ver == 0x5592)
2899 rxwisize += sizeof(uint64_t);
2900 else if (sc->mac_ver == 0x3593)
2901 rxwisize += sizeof(uint32_t);
2902
2903 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2904
2905 switch (USB_GET_STATE(xfer)) {
2906 case USB_ST_TRANSFERRED:
2907
2908 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2909
2910 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2911 sizeof(struct rt2870_rxd))) {
2912 DPRINTF("xfer too short %d\n", xferlen);
2913 goto tr_setup;
2914 }
2915
2916 m = sc->rx_m;
2917 sc->rx_m = NULL;
2918
2919 /* FALLTHROUGH */
2920 case USB_ST_SETUP:
2921tr_setup:
2922 if (sc->rx_m == NULL) {
2923 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2924 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2925 }
2926 if (sc->rx_m == NULL) {
2927 DPRINTF("could not allocate mbuf - idle with stall\n");
2928 ifp->if_ierrors++;
2929 usbd_xfer_set_stall(xfer);
2930 usbd_xfer_set_frames(xfer, 0);
2931 } else {
2932 /*
2933 * Directly loading a mbuf cluster into DMA to
2934 * save some data copying. This works because
2935 * there is only one cluster.
2936 */
2937 usbd_xfer_set_frame_data(xfer, 0,
2938 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2939 usbd_xfer_set_frames(xfer, 1);
2940 }
2941 usbd_transfer_submit(xfer);
2942 break;
2943
2944 default: /* Error */
2945 if (error != USB_ERR_CANCELLED) {
2946 /* try to clear stall first */
2947 usbd_xfer_set_stall(xfer);
2948
2949 if (error == USB_ERR_TIMEOUT)
2950 device_printf(sc->sc_dev, "device timeout\n");
2951
2952 ifp->if_ierrors++;
2953
2954 goto tr_setup;
2955 }
2956 if (sc->rx_m != NULL) {
2957 m_freem(sc->rx_m);
2958 sc->rx_m = NULL;
2959 }
2960 break;
2961 }
2962
2963 if (m == NULL)
2964 return;
2965
2966 /* inputting all the frames must be last */
2967
2968 RUN_UNLOCK(sc);
2969
2970 m->m_pkthdr.len = m->m_len = xferlen;
2971
2972 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2973 for(;;) {
2974 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2975
2976 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2977 ((dmalen & 3) != 0)) {
2978 DPRINTF("bad DMA length %u\n", dmalen);
2979 break;
2980 }
2981 if ((dmalen + 8) > (uint32_t)xferlen) {
2982 DPRINTF("bad DMA length %u > %d\n",
2983 dmalen + 8, xferlen);
2984 break;
2985 }
2986
2987 /* If it is the last one or a single frame, we won't copy. */
2988 if ((xferlen -= dmalen + 8) <= 8) {
2989 /* trim 32-bit DMA-len header */
2990 m->m_data += 4;
2991 m->m_pkthdr.len = m->m_len -= 4;
2992 run_rx_frame(sc, m, dmalen);
2993 m = NULL; /* don't free source buffer */
2994 break;
2995 }
2996
2997 /* copy aggregated frames to another mbuf */
2998 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
2999 if (__predict_false(m0 == NULL)) {
3000 DPRINTF("could not allocate mbuf\n");
3001 ifp->if_ierrors++;
3002 break;
3003 }
3004 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3005 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3006 m0->m_pkthdr.len = m0->m_len =
3007 dmalen + sizeof(struct rt2870_rxd);
3008 run_rx_frame(sc, m0, dmalen);
3009
3010 /* update data ptr */
3011 m->m_data += dmalen + 8;
3012 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3013 }
3014
3015 /* make sure we free the source buffer, if any */
3016 m_freem(m);
3017
3018 RUN_LOCK(sc);
3019}
3020
3021static void
3022run_tx_free(struct run_endpoint_queue *pq,
3023 struct run_tx_data *data, int txerr)
3024{
3025 if (data->m != NULL) {
3026 if (data->m->m_flags & M_TXCB)
3027 ieee80211_process_callback(data->ni, data->m,
3028 txerr ? ETIMEDOUT : 0);
3029 m_freem(data->m);
3030 data->m = NULL;
3031
3032 if (data->ni == NULL) {
3033 DPRINTF("no node\n");
3034 } else {
3035 ieee80211_free_node(data->ni);
3036 data->ni = NULL;
3037 }
3038 }
3039
3040 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3041 pq->tx_nfree++;
3042}
3043
3044static void
3045run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3046{
3047 struct run_softc *sc = usbd_xfer_softc(xfer);
3048 struct ifnet *ifp = sc->sc_ifp;
3049 struct ieee80211com *ic = ifp->if_l2com;
3050 struct run_tx_data *data;
3051 struct ieee80211vap *vap = NULL;
3052 struct usb_page_cache *pc;
3053 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3054 struct mbuf *m;
3055 usb_frlength_t size;
3056 int actlen;
3057 int sumlen;
3058
3059 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3060
3061 switch (USB_GET_STATE(xfer)) {
3062 case USB_ST_TRANSFERRED:
3063 DPRINTFN(11, "transfer complete: %d "
3064 "bytes @ index %d\n", actlen, index);
3065
3066 data = usbd_xfer_get_priv(xfer);
3067
3068 run_tx_free(pq, data, 0);
3069 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
3070
3071 usbd_xfer_set_priv(xfer, NULL);
3072
3073 ifp->if_opackets++;
3074
3075 /* FALLTHROUGH */
3076 case USB_ST_SETUP:
3077tr_setup:
3078 data = STAILQ_FIRST(&pq->tx_qh);
3079 if (data == NULL)
3080 break;
3081
3082 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3083
3084 m = data->m;
3085 size = (sc->mac_ver == 0x5592) ?
3086 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3087 if ((m->m_pkthdr.len +
3088 size + 3 + 8) > RUN_MAX_TXSZ) {
3089 DPRINTF("data overflow, %u bytes\n",
3090 m->m_pkthdr.len);
3091
3092 ifp->if_oerrors++;
3093
3094 run_tx_free(pq, data, 1);
3095
3096 goto tr_setup;
3097 }
3098
3099 pc = usbd_xfer_get_frame(xfer, 0);
3100 usbd_copy_in(pc, 0, &data->desc, size);
3101 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3102 size += m->m_pkthdr.len;
3103 /*
3104 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3105 * 4-byte padding), and be sure to zero those trailing
3106 * bytes:
3107 */
3108 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3109 size += ((-size) & 3) + 8;
3110
3111 vap = data->ni->ni_vap;
3112 if (ieee80211_radiotap_active_vap(vap)) {
3113 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3114 struct rt2860_txwi *txwi =
3115 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3116 tap->wt_flags = 0;
3117 tap->wt_rate = rt2860_rates[data->ridx].rate;
3118 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3119 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3120 tap->wt_hwqueue = index;
3121 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3122 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3123
3124 ieee80211_radiotap_tx(vap, m);
3125 }
3126
3127 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3128 m->m_pkthdr.len, size, index);
3129
3130 usbd_xfer_set_frame_len(xfer, 0, size);
3131 usbd_xfer_set_priv(xfer, data);
3132
3133 usbd_transfer_submit(xfer);
3134
3135 RUN_UNLOCK(sc);
3136 run_start(ifp);
3137 RUN_LOCK(sc);
3138
3139 break;
3140
3141 default:
3142 DPRINTF("USB transfer error, %s\n",
3143 usbd_errstr(error));
3144
3145 data = usbd_xfer_get_priv(xfer);
3146
3147 ifp->if_oerrors++;
3148
3149 if (data != NULL) {
3150 if(data->ni != NULL)
3151 vap = data->ni->ni_vap;
3152 run_tx_free(pq, data, error);
3153 usbd_xfer_set_priv(xfer, NULL);
3154 }
3155 if (vap == NULL)
3156 vap = TAILQ_FIRST(&ic->ic_vaps);
3157
3158 if (error != USB_ERR_CANCELLED) {
3159 if (error == USB_ERR_TIMEOUT) {
3160 device_printf(sc->sc_dev, "device timeout\n");
3161 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3162 DPRINTF("cmdq_store=%d\n", i);
3163 sc->cmdq[i].func = run_usb_timeout_cb;
3164 sc->cmdq[i].arg0 = vap;
3165 ieee80211_runtask(ic, &sc->cmdq_task);
3166 }
3167
3168 /*
3169 * Try to clear stall first, also if other
3170 * errors occur, hence clearing stall
3171 * introduces a 50 ms delay:
3172 */
3173 usbd_xfer_set_stall(xfer);
3174 goto tr_setup;
3175 }
3176 break;
3177 }
3178}
3179
3180static void
3181run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3182{
3183 run_bulk_tx_callbackN(xfer, error, 0);
3184}
3185
3186static void
3187run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3188{
3189 run_bulk_tx_callbackN(xfer, error, 1);
3190}
3191
3192static void
3193run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3194{
3195 run_bulk_tx_callbackN(xfer, error, 2);
3196}
3197
3198static void
3199run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3200{
3201 run_bulk_tx_callbackN(xfer, error, 3);
3202}
3203
3204static void
3205run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3206{
3207 run_bulk_tx_callbackN(xfer, error, 4);
3208}
3209
3210static void
3211run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3212{
3213 run_bulk_tx_callbackN(xfer, error, 5);
3214}
3215
3216static void
3217run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3218{
3219 struct mbuf *m = data->m;
3220 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3221 struct ieee80211vap *vap = data->ni->ni_vap;
3222 struct ieee80211_frame *wh;
3223 struct rt2870_txd *txd;
3224 struct rt2860_txwi *txwi;
3225 uint16_t xferlen, txwisize;
3226 uint16_t mcs;
3227 uint8_t ridx = data->ridx;
3228 uint8_t pad;
3229
3230 /* get MCS code from rate index */
3231 mcs = rt2860_rates[ridx].mcs;
3232
3233 txwisize = (sc->mac_ver == 0x5592) ?
3234 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3235 xferlen = txwisize + m->m_pkthdr.len;
3236
3237 /* roundup to 32-bit alignment */
3238 xferlen = (xferlen + 3) & ~3;
3239
3240 txd = (struct rt2870_txd *)&data->desc;
3241 txd->len = htole16(xferlen);
3242
3243 wh = mtod(m, struct ieee80211_frame *);
3244
3245 /*
3246 * Ether both are true or both are false, the header
3247 * are nicely aligned to 32-bit. So, no L2 padding.
3248 */
3249 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3250 pad = 0;
3251 else
3252 pad = 2;
3253
3254 /* setup TX Wireless Information */
3255 txwi = (struct rt2860_txwi *)(txd + 1);
3256 txwi->len = htole16(m->m_pkthdr.len - pad);
3257 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3258 mcs |= RT2860_PHY_CCK;
3259 if (ridx != RT2860_RIDX_CCK1 &&
3260 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3261 mcs |= RT2860_PHY_SHPRE;
3262 } else
3263 mcs |= RT2860_PHY_OFDM;
3264 txwi->phy = htole16(mcs);
3265
3266 /* check if RTS/CTS or CTS-to-self protection is required */
3267 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3268 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3269 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3270 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3271 txwi->txop |= RT2860_TX_TXOP_HT;
3272 else
3273 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3274
3275 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3276 txwi->xflags |= RT2860_TX_NSEQ;
3277}
3278
3279/* This function must be called locked */
3280static int
3281run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3282{
3283 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3284 struct ieee80211vap *vap = ni->ni_vap;
3285 struct ieee80211_frame *wh;
3286 struct ieee80211_channel *chan;
3287 const struct ieee80211_txparam *tp;
3288 struct run_node *rn = (void *)ni;
3289 struct run_tx_data *data;
3290 struct rt2870_txd *txd;
3291 struct rt2860_txwi *txwi;
3292 uint16_t qos;
3293 uint16_t dur;
3294 uint16_t qid;
3295 uint8_t type;
3296 uint8_t tid;
3297 uint8_t ridx;
3298 uint8_t ctl_ridx;
3299 uint8_t qflags;
3300 uint8_t xflags = 0;
3301 int hasqos;
3302
3303 RUN_LOCK_ASSERT(sc, MA_OWNED);
3304
3305 wh = mtod(m, struct ieee80211_frame *);
3306
3307 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3308
3309 /*
3310 * There are 7 bulk endpoints: 1 for RX
3311 * and 6 for TX (4 EDCAs + HCCA + Prio).
3312 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3313 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3314 */
3315 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3316 uint8_t *frm;
3317
3318 if(IEEE80211_HAS_ADDR4(wh))
3319 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3320 else
3321 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3322
3323 qos = le16toh(*(const uint16_t *)frm);
3324 tid = qos & IEEE80211_QOS_TID;
3325 qid = TID_TO_WME_AC(tid);
3326 } else {
3327 qos = 0;
3328 tid = 0;
3329 qid = WME_AC_BE;
3330 }
3331 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3332
3333 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3334 qos, qid, tid, qflags);
3335
3336 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3337 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3338
3339 /* pickup a rate index */
3340 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3341 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3342 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3343 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3344 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3345 } else {
3346 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3347 ridx = rn->fix_ridx;
3348 else
3349 ridx = rn->amrr_ridx;
3350 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3351 }
3352
3353 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3354 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3355 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3356 xflags |= RT2860_TX_ACK;
3357 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3358 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3359 else
3360 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3361 USETW(wh->i_dur, dur);
3362 }
3363
3364 /* reserve slots for mgmt packets, just in case */
3365 if (sc->sc_epq[qid].tx_nfree < 3) {
3366 DPRINTFN(10, "tx ring %d is full\n", qid);
3367 return (-1);
3368 }
3369
3370 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3371 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3372 sc->sc_epq[qid].tx_nfree--;
3373
3374 txd = (struct rt2870_txd *)&data->desc;
3375 txd->flags = qflags;
3376 txwi = (struct rt2860_txwi *)(txd + 1);
3377 txwi->xflags = xflags;
3378 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3379 txwi->wcid = 0;
3380 else
3381 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3382 1 : RUN_AID2WCID(ni->ni_associd);
3383
3384 /* clear leftover garbage bits */
3385 txwi->flags = 0;
3386 txwi->txop = 0;
3387
3388 data->m = m;
3389 data->ni = ni;
3390 data->ridx = ridx;
3391
3392 run_set_tx_desc(sc, data);
3393
3394 /*
3395 * The chip keeps track of 2 kind of Tx stats,
3396 * * TX_STAT_FIFO, for per WCID stats, and
3397 * * TX_STA_CNT0 for all-TX-in-one stats.
3398 *
3399 * To use FIFO stats, we need to store MCS into the driver-private
3400 * PacketID field. So that, we can tell whose stats when we read them.
3401 * We add 1 to the MCS because setting the PacketID field to 0 means
3402 * that we don't want feedback in TX_STAT_FIFO.
3403 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3404 *
3405 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3406 */
3407 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3408 vap->iv_opmode == IEEE80211_M_MBSS) {
3409 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3410 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3411
3412 /*
3413 * Unlike PCI based devices, we don't get any interrupt from
3414 * USB devices, so we simulate FIFO-is-full interrupt here.
3415 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3416 * quickly get fulled. To prevent overflow, increment a counter on
3417 * every FIFO stat request, so we know how many slots are left.
3418 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3419 * are used only in those modes.
3420 * We just drain stats. AMRR gets updated every 1 sec by
3421 * run_ratectl_cb() via callout.
3422 * Call it early. Otherwise overflow.
3423 */
3424 if (sc->fifo_cnt++ == 10) {
3425 /*
3426 * With multiple vaps or if_bridge, if_start() is called
3427 * with a non-sleepable lock, tcpinp. So, need to defer.
3428 */
3429 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3430 DPRINTFN(6, "cmdq_store=%d\n", i);
3431 sc->cmdq[i].func = run_drain_fifo;
3432 sc->cmdq[i].arg0 = sc;
3433 ieee80211_runtask(ic, &sc->cmdq_task);
3434 }
3435 }
3436
3437 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3438
3439 usbd_transfer_start(sc->sc_xfer[qid]);
3440
3441 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3442 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3443 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3444
3445 return (0);
3446}
3447
3448static int
3449run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3450{
3451 struct ifnet *ifp = sc->sc_ifp;
3452 struct ieee80211com *ic = ifp->if_l2com;
3453 struct run_node *rn = (void *)ni;
3454 struct run_tx_data *data;
3455 struct ieee80211_frame *wh;
3456 struct rt2870_txd *txd;
3457 struct rt2860_txwi *txwi;
3458 uint16_t dur;
3459 uint8_t ridx = rn->mgt_ridx;
3460 uint8_t type;
3461 uint8_t xflags = 0;
3462 uint8_t wflags = 0;
3463
3464 RUN_LOCK_ASSERT(sc, MA_OWNED);
3465
3466 wh = mtod(m, struct ieee80211_frame *);
3467
3468 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3469
3470 /* tell hardware to add timestamp for probe responses */
3471 if ((wh->i_fc[0] &
3472 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3473 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3474 wflags |= RT2860_TX_TS;
3475 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3476 xflags |= RT2860_TX_ACK;
3477
3478 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3479 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3480 USETW(wh->i_dur, dur);
3481 }
3482
3483 if (sc->sc_epq[0].tx_nfree == 0) {
3484 /* let caller free mbuf */
3485 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3486 return (EIO);
3487 }
3488 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3489 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3490 sc->sc_epq[0].tx_nfree--;
3491
3492 txd = (struct rt2870_txd *)&data->desc;
3493 txd->flags = RT2860_TX_QSEL_EDCA;
3494 txwi = (struct rt2860_txwi *)(txd + 1);
3495 txwi->wcid = 0xff;
3496 txwi->flags = wflags;
3497 txwi->xflags = xflags;
3498 txwi->txop = 0; /* clear leftover garbage bits */
3499
3500 data->m = m;
3501 data->ni = ni;
3502 data->ridx = ridx;
3503
3504 run_set_tx_desc(sc, data);
3505
3506 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3507 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3508 rt2860_rates[ridx].rate);
3509
3510 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3511
3512 usbd_transfer_start(sc->sc_xfer[0]);
3513
3514 return (0);
3515}
3516
3517static int
3518run_sendprot(struct run_softc *sc,
3519 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3520{
3521 struct ieee80211com *ic = ni->ni_ic;
3522 struct ieee80211_frame *wh;
3523 struct run_tx_data *data;
3524 struct rt2870_txd *txd;
3525 struct rt2860_txwi *txwi;
3526 struct mbuf *mprot;
3527 int ridx;
3528 int protrate;
3529 int ackrate;
3530 int pktlen;
3531 int isshort;
3532 uint16_t dur;
3533 uint8_t type;
3534 uint8_t wflags = 0;
3535 uint8_t xflags = 0;
3536
3537 RUN_LOCK_ASSERT(sc, MA_OWNED);
3538
3539 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3540 ("protection %d", prot));
3541
3542 wh = mtod(m, struct ieee80211_frame *);
3543 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3544 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3545
3546 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3547 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3548
3549 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3550 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3551 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3552 wflags = RT2860_TX_FRAG;
3553
3554 /* check that there are free slots before allocating the mbuf */
3555 if (sc->sc_epq[0].tx_nfree == 0) {
3556 /* let caller free mbuf */
3557 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3558 return (ENOBUFS);
3559 }
3560
3561 if (prot == IEEE80211_PROT_RTSCTS) {
3562 /* NB: CTS is the same size as an ACK */
3563 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3564 xflags |= RT2860_TX_ACK;
3565 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3566 } else {
3567 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3568 }
3569 if (mprot == NULL) {
3570 sc->sc_ifp->if_oerrors++;
3571 DPRINTF("could not allocate mbuf\n");
3572 return (ENOBUFS);
3573 }
3574
3575 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3576 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3577 sc->sc_epq[0].tx_nfree--;
3578
3579 txd = (struct rt2870_txd *)&data->desc;
3580 txd->flags = RT2860_TX_QSEL_EDCA;
3581 txwi = (struct rt2860_txwi *)(txd + 1);
3582 txwi->wcid = 0xff;
3583 txwi->flags = wflags;
3584 txwi->xflags = xflags;
3585 txwi->txop = 0; /* clear leftover garbage bits */
3586
3587 data->m = mprot;
3588 data->ni = ieee80211_ref_node(ni);
3589
3590 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3591 if (rt2860_rates[ridx].rate == protrate)
3592 break;
3593 data->ridx = ridx;
3594
3595 run_set_tx_desc(sc, data);
3596
3597 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3598 m->m_pkthdr.len, rate);
3599
3600 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3601
3602 usbd_transfer_start(sc->sc_xfer[0]);
3603
3604 return (0);
3605}
3606
3607static int
3608run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3609 const struct ieee80211_bpf_params *params)
3610{
3611 struct ieee80211com *ic = ni->ni_ic;
3612 struct ieee80211_frame *wh;
3613 struct run_tx_data *data;
3614 struct rt2870_txd *txd;
3615 struct rt2860_txwi *txwi;
3616 uint8_t type;
3617 uint8_t ridx;
3618 uint8_t rate;
3619 uint8_t opflags = 0;
3620 uint8_t xflags = 0;
3621 int error;
3622
3623 RUN_LOCK_ASSERT(sc, MA_OWNED);
3624
3625 KASSERT(params != NULL, ("no raw xmit params"));
3626
3627 wh = mtod(m, struct ieee80211_frame *);
3628 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3629
3630 rate = params->ibp_rate0;
3631 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3632 /* let caller free mbuf */
3633 return (EINVAL);
3634 }
3635
3636 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3637 xflags |= RT2860_TX_ACK;
3638 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3639 error = run_sendprot(sc, m, ni,
3640 params->ibp_flags & IEEE80211_BPF_RTS ?
3641 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3642 rate);
3643 if (error) {
3644 /* let caller free mbuf */
3645 return error;
3646 }
3647 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3648 }
3649
3650 if (sc->sc_epq[0].tx_nfree == 0) {
3651 /* let caller free mbuf */
3652 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3653 DPRINTF("sending raw frame, but tx ring is full\n");
3654 return (EIO);
3655 }
3656 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3657 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3658 sc->sc_epq[0].tx_nfree--;
3659
3660 txd = (struct rt2870_txd *)&data->desc;
3661 txd->flags = RT2860_TX_QSEL_EDCA;
3662 txwi = (struct rt2860_txwi *)(txd + 1);
3663 txwi->wcid = 0xff;
3664 txwi->xflags = xflags;
3665 txwi->txop = opflags;
3666 txwi->flags = 0; /* clear leftover garbage bits */
3667
3668 data->m = m;
3669 data->ni = ni;
3670 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3671 if (rt2860_rates[ridx].rate == rate)
3672 break;
3673 data->ridx = ridx;
3674
3675 run_set_tx_desc(sc, data);
3676
3677 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3678 m->m_pkthdr.len, rate);
3679
3680 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3681
3682 usbd_transfer_start(sc->sc_xfer[0]);
3683
3684 return (0);
3685}
3686
3687static int
3688run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3689 const struct ieee80211_bpf_params *params)
3690{
3691 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3692 struct run_softc *sc = ifp->if_softc;
3693 int error = 0;
3694
3695 RUN_LOCK(sc);
3696
3697 /* prevent management frames from being sent if we're not ready */
3698 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
3699 error = ENETDOWN;
3700 goto done;
3701 }
3702
3703 if (params == NULL) {
3704 /* tx mgt packet */
3705 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3706 ifp->if_oerrors++;
3707 DPRINTF("mgt tx failed\n");
3708 goto done;
3709 }
3710 } else {
3711 /* tx raw packet with param */
3712 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3713 ifp->if_oerrors++;
3714 DPRINTF("tx with param failed\n");
3715 goto done;
3716 }
3717 }
3718
3719 ifp->if_opackets++;
3720
3721done:
3722 RUN_UNLOCK(sc);
3723
3724 if (error != 0) {
3725 if(m != NULL)
3726 m_freem(m);
3727 ieee80211_free_node(ni);
3728 }
3729
3730 return (error);
3731}
3732
3733static void
3734run_start(struct ifnet *ifp)
3735{
3736 struct run_softc *sc = ifp->if_softc;
3737 struct ieee80211_node *ni;
3738 struct mbuf *m;
3739
3740 RUN_LOCK(sc);
3741
3742 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3743 RUN_UNLOCK(sc);
3744 return;
3745 }
3746
3747 for (;;) {
3748 /* send data frames */
3749 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3750 if (m == NULL)
3751 break;
3752
3753 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3754 if (run_tx(sc, m, ni) != 0) {
3755 IFQ_DRV_PREPEND(&ifp->if_snd, m);
3756 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3757 break;
3758 }
3759 }
3760
3761 RUN_UNLOCK(sc);
3762}
3763
3764static int
3765run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3766{
3767 struct run_softc *sc = ifp->if_softc;
3768 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3769 struct ifreq *ifr = (struct ifreq *) data;
3770 int startall = 0;
3771 int error;
3772
3773 RUN_LOCK(sc);
3774 error = sc->sc_detached ? ENXIO : 0;
3775 RUN_UNLOCK(sc);
3776 if (error)
3777 return (error);
3778
3779 switch (cmd) {
3780 case SIOCSIFFLAGS:
3781 RUN_LOCK(sc);
3782 if (ifp->if_flags & IFF_UP) {
3783 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){
3784 startall = 1;
3785 run_init_locked(sc);
3786 } else
3787 run_update_promisc_locked(ifp);
3788 } else {
3789 if (ifp->if_drv_flags & IFF_DRV_RUNNING &&
3790 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
3791 run_stop(sc);
3792 }
3793 }
3794 RUN_UNLOCK(sc);
3795 if (startall)
3796 ieee80211_start_all(ic);
3797 break;
3798 case SIOCGIFMEDIA:
3799 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3800 break;
3801 case SIOCGIFADDR:
3802 error = ether_ioctl(ifp, cmd, data);
3803 break;
3804 default:
3805 error = EINVAL;
3806 break;
3807 }
3808
3809 return (error);
3810}
3811
3812static void
3813run_iq_calib(struct run_softc *sc, u_int chan)
3814{
3815 uint16_t val;
3816
3817 /* Tx0 IQ gain. */
3818 run_bbp_write(sc, 158, 0x2c);
3819 if (chan <= 14)
3820 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3821 else if (chan <= 64) {
3822 run_efuse_read(sc,
3823 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3824 &val, 1);
3825 } else if (chan <= 138) {
3826 run_efuse_read(sc,
3827 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3828 &val, 1);
3829 } else if (chan <= 165) {
3830 run_efuse_read(sc,
3831 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3832 &val, 1);
3833 } else
3834 val = 0;
3835 run_bbp_write(sc, 159, val);
3836
3837 /* Tx0 IQ phase. */
3838 run_bbp_write(sc, 158, 0x2d);
3839 if (chan <= 14) {
3840 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3841 &val, 1);
3842 } else if (chan <= 64) {
3843 run_efuse_read(sc,
3844 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3845 &val, 1);
3846 } else if (chan <= 138) {
3847 run_efuse_read(sc,
3848 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3849 &val, 1);
3850 } else if (chan <= 165) {
3851 run_efuse_read(sc,
3852 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3853 &val, 1);
3854 } else
3855 val = 0;
3856 run_bbp_write(sc, 159, val);
3857
3858 /* Tx1 IQ gain. */
3859 run_bbp_write(sc, 158, 0x4a);
3860 if (chan <= 14) {
3861 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3862 &val, 1);
3863 } else if (chan <= 64) {
3864 run_efuse_read(sc,
3865 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3866 &val, 1);
3867 } else if (chan <= 138) {
3868 run_efuse_read(sc,
3869 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3870 &val, 1);
3871 } else if (chan <= 165) {
3872 run_efuse_read(sc,
3873 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3874 &val, 1);
3875 } else
3876 val = 0;
3877 run_bbp_write(sc, 159, val);
3878
3879 /* Tx1 IQ phase. */
3880 run_bbp_write(sc, 158, 0x4b);
3881 if (chan <= 14) {
3882 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3883 &val, 1);
3884 } else if (chan <= 64) {
3885 run_efuse_read(sc,
3886 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3887 &val, 1);
3888 } else if (chan <= 138) {
3889 run_efuse_read(sc,
3890 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3891 &val, 1);
3892 } else if (chan <= 165) {
3893 run_efuse_read(sc,
3894 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3895 &val, 1);
3896 } else
3897 val = 0;
3898 run_bbp_write(sc, 159, val);
3899
3900 /* RF IQ compensation control. */
3901 run_bbp_write(sc, 158, 0x04);
3902 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3903 &val, 1);
3904 run_bbp_write(sc, 159, val);
3905
3906 /* RF IQ imbalance compensation control. */
3907 run_bbp_write(sc, 158, 0x03);
3908 run_efuse_read(sc,
3909 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3910 run_bbp_write(sc, 159, val);
3911}
3912
3913static void
3914run_set_agc(struct run_softc *sc, uint8_t agc)
3915{
3916 uint8_t bbp;
3917
3918 if (sc->mac_ver == 0x3572) {
3919 run_bbp_read(sc, 27, &bbp);
3920 bbp &= ~(0x3 << 5);
3921 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3922 run_bbp_write(sc, 66, agc);
3923 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3924 run_bbp_write(sc, 66, agc);
3925 } else
3926 run_bbp_write(sc, 66, agc);
3927}
3928
3929static void
3930run_select_chan_group(struct run_softc *sc, int group)
3931{
3932 uint32_t tmp;
3933 uint8_t agc;
3934
3935 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3936 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3937 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3938 if (sc->mac_ver < 0x3572)
3939 run_bbp_write(sc, 86, 0x00);
3940
3941 if (sc->mac_ver == 0x3593) {
3942 run_bbp_write(sc, 77, 0x98);
3943 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3944 }
3945
3946 if (group == 0) {
3947 if (sc->ext_2ghz_lna) {
3948 if (sc->mac_ver >= 0x5390)
3949 run_bbp_write(sc, 75, 0x52);
3950 else {
3951 run_bbp_write(sc, 82, 0x62);
3952 run_bbp_write(sc, 75, 0x46);
3953 }
3954 } else {
3955 if (sc->mac_ver == 0x5592) {
3956 run_bbp_write(sc, 79, 0x1c);
3957 run_bbp_write(sc, 80, 0x0e);
3958 run_bbp_write(sc, 81, 0x3a);
3959 run_bbp_write(sc, 82, 0x62);
3960
3961 run_bbp_write(sc, 195, 0x80);
3962 run_bbp_write(sc, 196, 0xe0);
3963 run_bbp_write(sc, 195, 0x81);
3964 run_bbp_write(sc, 196, 0x1f);
3965 run_bbp_write(sc, 195, 0x82);
3966 run_bbp_write(sc, 196, 0x38);
3967 run_bbp_write(sc, 195, 0x83);
3968 run_bbp_write(sc, 196, 0x32);
3969 run_bbp_write(sc, 195, 0x85);
3970 run_bbp_write(sc, 196, 0x28);
3971 run_bbp_write(sc, 195, 0x86);
3972 run_bbp_write(sc, 196, 0x19);
3973 } else if (sc->mac_ver >= 0x5390)
3974 run_bbp_write(sc, 75, 0x50);
3975 else {
3976 run_bbp_write(sc, 82,
3977 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3978 run_bbp_write(sc, 75, 0x50);
3979 }
3980 }
3981 } else {
3982 if (sc->mac_ver == 0x5592) {
3983 run_bbp_write(sc, 79, 0x18);
3984 run_bbp_write(sc, 80, 0x08);
3985 run_bbp_write(sc, 81, 0x38);
3986 run_bbp_write(sc, 82, 0x92);
3987
3988 run_bbp_write(sc, 195, 0x80);
3989 run_bbp_write(sc, 196, 0xf0);
3990 run_bbp_write(sc, 195, 0x81);
3991 run_bbp_write(sc, 196, 0x1e);
3992 run_bbp_write(sc, 195, 0x82);
3993 run_bbp_write(sc, 196, 0x28);
3994 run_bbp_write(sc, 195, 0x83);
3995 run_bbp_write(sc, 196, 0x20);
3996 run_bbp_write(sc, 195, 0x85);
3997 run_bbp_write(sc, 196, 0x7f);
3998 run_bbp_write(sc, 195, 0x86);
3999 run_bbp_write(sc, 196, 0x7f);
4000 } else if (sc->mac_ver == 0x3572)
4001 run_bbp_write(sc, 82, 0x94);
4002 else
4003 run_bbp_write(sc, 82,
4004 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4005 if (sc->ext_5ghz_lna)
4006 run_bbp_write(sc, 75, 0x46);
4007 else
4008 run_bbp_write(sc, 75, 0x50);
4009 }
4010
4011 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4012 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4013 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4014 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4015
4016 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4017 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4018 if (sc->mac_ver == 0x3593)
4019 tmp |= 1 << 29 | 1 << 28;
4020 if (sc->nrxchains > 1)
4021 tmp |= RT2860_LNA_PE1_EN;
4022 if (group == 0) { /* 2GHz */
4023 tmp |= RT2860_PA_PE_G0_EN;
4024 if (sc->ntxchains > 1)
4025 tmp |= RT2860_PA_PE_G1_EN;
4026 if (sc->mac_ver == 0x3593) {
4027 if (sc->ntxchains > 2)
4028 tmp |= 1 << 25;
4029 }
4030 } else { /* 5GHz */
4031 tmp |= RT2860_PA_PE_A0_EN;
4032 if (sc->ntxchains > 1)
4033 tmp |= RT2860_PA_PE_A1_EN;
4034 }
4035 if (sc->mac_ver == 0x3572) {
4036 run_rt3070_rf_write(sc, 8, 0x00);
4037 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4038 run_rt3070_rf_write(sc, 8, 0x80);
4039 } else
4040 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4041
4042 if (sc->mac_ver == 0x5592) {
4043 run_bbp_write(sc, 195, 0x8d);
4044 run_bbp_write(sc, 196, 0x1a);
4045 }
4046
4047 if (sc->mac_ver == 0x3593) {
4048 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4049 tmp &= ~0x01010000;
4050 if (group == 0)
4051 tmp |= 0x00010000;
4052 tmp = (tmp & ~0x00009090) | 0x00000090;
4053 run_write(sc, RT2860_GPIO_CTRL, tmp);
4054 }
4055
4056 /* set initial AGC value */
4057 if (group == 0) { /* 2GHz band */
4058 if (sc->mac_ver >= 0x3070)
4059 agc = 0x1c + sc->lna[0] * 2;
4060 else
4061 agc = 0x2e + sc->lna[0];
4062 } else { /* 5GHz band */
4063 if (sc->mac_ver == 0x5592)
4064 agc = 0x24 + sc->lna[group] * 2;
4065 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4066 agc = 0x22 + (sc->lna[group] * 5) / 3;
4067 else
4068 agc = 0x32 + (sc->lna[group] * 5) / 3;
4069 }
4070 run_set_agc(sc, agc);
4071}
4072
4073static void
4074run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4075{
4076 const struct rfprog *rfprog = rt2860_rf2850;
4077 uint32_t r2, r3, r4;
4078 int8_t txpow1, txpow2;
4079 int i;
4080
4081 /* find the settings for this channel (we know it exists) */
4082 for (i = 0; rfprog[i].chan != chan; i++);
4083
4084 r2 = rfprog[i].r2;
4085 if (sc->ntxchains == 1)
4086 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4087 if (sc->nrxchains == 1)
4088 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4089 else if (sc->nrxchains == 2)
4090 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4091
4092 /* use Tx power values from EEPROM */
4093 txpow1 = sc->txpow1[i];
4094 txpow2 = sc->txpow2[i];
4095
4096 /* Initialize RF R3 and R4. */
4097 r3 = rfprog[i].r3 & 0xffffc1ff;
4098 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4099 if (chan > 14) {
4100 if (txpow1 >= 0) {
4101 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4102 r3 |= (txpow1 << 10) | (1 << 9);
4103 } else {
4104 txpow1 += 7;
4105
4106 /* txpow1 is not possible larger than 15. */
4107 r3 |= (txpow1 << 10);
4108 }
4109 if (txpow2 >= 0) {
4110 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4111 r4 |= (txpow2 << 7) | (1 << 6);
4112 } else {
4113 txpow2 += 7;
4114 r4 |= (txpow2 << 7);
4115 }
4116 } else {
4117 /* Set Tx0 power. */
4118 r3 |= (txpow1 << 9);
4119
4120 /* Set frequency offset and Tx1 power. */
4121 r4 |= (txpow2 << 6);
4122 }
4123
4124 run_rt2870_rf_write(sc, rfprog[i].r1);
4125 run_rt2870_rf_write(sc, r2);
4126 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4127 run_rt2870_rf_write(sc, r4);
4128
4129 run_delay(sc, 10);
4130
4131 run_rt2870_rf_write(sc, rfprog[i].r1);
4132 run_rt2870_rf_write(sc, r2);
4133 run_rt2870_rf_write(sc, r3 | (1 << 2));
4134 run_rt2870_rf_write(sc, r4);
4135
4136 run_delay(sc, 10);
4137
4138 run_rt2870_rf_write(sc, rfprog[i].r1);
4139 run_rt2870_rf_write(sc, r2);
4140 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4141 run_rt2870_rf_write(sc, r4);
4142}
4143
4144static void
4145run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4146{
4147 int8_t txpow1, txpow2;
4148 uint8_t rf;
4149 int i;
4150
4151 /* find the settings for this channel (we know it exists) */
4152 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4153
4154 /* use Tx power values from EEPROM */
4155 txpow1 = sc->txpow1[i];
4156 txpow2 = sc->txpow2[i];
4157
4158 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4159
4160 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4161 run_rt3070_rf_read(sc, 3, &rf);
4162 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4163 run_rt3070_rf_write(sc, 3, rf);
4164
4165 run_rt3070_rf_read(sc, 6, &rf);
4166 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4167 run_rt3070_rf_write(sc, 6, rf);
4168
4169 /* set Tx0 power */
4170 run_rt3070_rf_read(sc, 12, &rf);
4171 rf = (rf & ~0x1f) | txpow1;
4172 run_rt3070_rf_write(sc, 12, rf);
4173
4174 /* set Tx1 power */
4175 run_rt3070_rf_read(sc, 13, &rf);
4176 rf = (rf & ~0x1f) | txpow2;
4177 run_rt3070_rf_write(sc, 13, rf);
4178
4179 run_rt3070_rf_read(sc, 1, &rf);
4180 rf &= ~0xfc;
4181 if (sc->ntxchains == 1)
4182 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4183 else if (sc->ntxchains == 2)
4184 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4185 if (sc->nrxchains == 1)
4186 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4187 else if (sc->nrxchains == 2)
4188 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4189 run_rt3070_rf_write(sc, 1, rf);
4190
4191 /* set RF offset */
4192 run_rt3070_rf_read(sc, 23, &rf);
4193 rf = (rf & ~0x7f) | sc->freq;
4194 run_rt3070_rf_write(sc, 23, rf);
4195
4196 /* program RF filter */
4197 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4198 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4199 run_rt3070_rf_write(sc, 24, rf);
4200 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4201 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4202 run_rt3070_rf_write(sc, 31, rf);
4203
4204 /* enable RF tuning */
4205 run_rt3070_rf_read(sc, 7, &rf);
4206 run_rt3070_rf_write(sc, 7, rf | 0x01);
4207}
4208
4209static void
4210run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4211{
4212 int8_t txpow1, txpow2;
4213 uint32_t tmp;
4214 uint8_t rf;
4215 int i;
4216
4217 /* find the settings for this channel (we know it exists) */
4218 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4219
4220 /* use Tx power values from EEPROM */
4221 txpow1 = sc->txpow1[i];
4222 txpow2 = sc->txpow2[i];
4223
4224 if (chan <= 14) {
4225 run_bbp_write(sc, 25, sc->bbp25);
4226 run_bbp_write(sc, 26, sc->bbp26);
4227 } else {
4228 /* enable IQ phase correction */
4229 run_bbp_write(sc, 25, 0x09);
4230 run_bbp_write(sc, 26, 0xff);
4231 }
4232
4233 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4234 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4235 run_rt3070_rf_read(sc, 6, &rf);
4236 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4237 rf |= (chan <= 14) ? 0x08 : 0x04;
4238 run_rt3070_rf_write(sc, 6, rf);
4239
4240 /* set PLL mode */
4241 run_rt3070_rf_read(sc, 5, &rf);
4242 rf &= ~(0x08 | 0x04);
4243 rf |= (chan <= 14) ? 0x04 : 0x08;
4244 run_rt3070_rf_write(sc, 5, rf);
4245
4246 /* set Tx power for chain 0 */
4247 if (chan <= 14)
4248 rf = 0x60 | txpow1;
4249 else
4250 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4251 run_rt3070_rf_write(sc, 12, rf);
4252
4253 /* set Tx power for chain 1 */
4254 if (chan <= 14)
4255 rf = 0x60 | txpow2;
4256 else
4257 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4258 run_rt3070_rf_write(sc, 13, rf);
4259
4260 /* set Tx/Rx streams */
4261 run_rt3070_rf_read(sc, 1, &rf);
4262 rf &= ~0xfc;
4263 if (sc->ntxchains == 1)
4264 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4265 else if (sc->ntxchains == 2)
4266 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4267 if (sc->nrxchains == 1)
4268 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4269 else if (sc->nrxchains == 2)
4270 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4271 run_rt3070_rf_write(sc, 1, rf);
4272
4273 /* set RF offset */
4274 run_rt3070_rf_read(sc, 23, &rf);
4275 rf = (rf & ~0x7f) | sc->freq;
4276 run_rt3070_rf_write(sc, 23, rf);
4277
4278 /* program RF filter */
4279 rf = sc->rf24_20mhz;
4280 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4281 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4282
4283 /* enable RF tuning */
4284 run_rt3070_rf_read(sc, 7, &rf);
4285 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4286 run_rt3070_rf_write(sc, 7, rf);
4287
4288 /* TSSI */
4289 rf = (chan <= 14) ? 0xc3 : 0xc0;
4290 run_rt3070_rf_write(sc, 9, rf);
4291
4292 /* set loop filter 1 */
4293 run_rt3070_rf_write(sc, 10, 0xf1);
4294 /* set loop filter 2 */
4295 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4296
4297 /* set tx_mx2_ic */
4298 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4299 /* set tx_mx1_ic */
4300 if (chan <= 14)
4301 rf = 0x48 | sc->txmixgain_2ghz;
4302 else
4303 rf = 0x78 | sc->txmixgain_5ghz;
4304 run_rt3070_rf_write(sc, 16, rf);
4305
4306 /* set tx_lo1 */
4307 run_rt3070_rf_write(sc, 17, 0x23);
4308 /* set tx_lo2 */
4309 if (chan <= 14)
4310 rf = 0x93;
4311 else if (chan <= 64)
4312 rf = 0xb7;
4313 else if (chan <= 128)
4314 rf = 0x74;
4315 else
4316 rf = 0x72;
4317 run_rt3070_rf_write(sc, 19, rf);
4318
4319 /* set rx_lo1 */
4320 if (chan <= 14)
4321 rf = 0xb3;
4322 else if (chan <= 64)
4323 rf = 0xf6;
4324 else if (chan <= 128)
4325 rf = 0xf4;
4326 else
4327 rf = 0xf3;
4328 run_rt3070_rf_write(sc, 20, rf);
4329
4330 /* set pfd_delay */
4331 if (chan <= 14)
4332 rf = 0x15;
4333 else if (chan <= 64)
4334 rf = 0x3d;
4335 else
4336 rf = 0x01;
4337 run_rt3070_rf_write(sc, 25, rf);
4338
4339 /* set rx_lo2 */
4340 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4341 /* set ldo_rf_vc */
4342 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4343 /* set drv_cc */
4344 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4345
4346 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4347 tmp &= ~0x8080;
4348 if (chan <= 14)
4349 tmp |= 0x80;
4350 run_write(sc, RT2860_GPIO_CTRL, tmp);
4351
4352 /* enable RF tuning */
4353 run_rt3070_rf_read(sc, 7, &rf);
4354 run_rt3070_rf_write(sc, 7, rf | 0x01);
4355
4356 run_delay(sc, 2);
4357}
4358
4359static void
4360run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4361{
4362 int8_t txpow1, txpow2, txpow3;
4363 uint8_t h20mhz, rf;
4364 int i;
4365
4366 /* find the settings for this channel (we know it exists) */
4367 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4368
4369 /* use Tx power values from EEPROM */
4370 txpow1 = sc->txpow1[i];
4371 txpow2 = sc->txpow2[i];
4372 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4373
4374 if (chan <= 14) {
4375 run_bbp_write(sc, 25, sc->bbp25);
4376 run_bbp_write(sc, 26, sc->bbp26);
4377 } else {
4378 /* Enable IQ phase correction. */
4379 run_bbp_write(sc, 25, 0x09);
4380 run_bbp_write(sc, 26, 0xff);
4381 }
4382
4383 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4384 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4385 run_rt3070_rf_read(sc, 11, &rf);
4386 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4387 run_rt3070_rf_write(sc, 11, rf);
4388
4389 /* Set pll_idoh. */
4390 run_rt3070_rf_read(sc, 11, &rf);
4391 rf &= ~0x4c;
4392 rf |= (chan <= 14) ? 0x44 : 0x48;
4393 run_rt3070_rf_write(sc, 11, rf);
4394
4395 if (chan <= 14)
4396 rf = txpow1 & 0x1f;
4397 else
4398 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4399 run_rt3070_rf_write(sc, 53, rf);
4400
4401 if (chan <= 14)
4402 rf = txpow2 & 0x1f;
4403 else
4404 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4405 run_rt3070_rf_write(sc, 55, rf);
4406
4407 if (chan <= 14)
4408 rf = txpow3 & 0x1f;
4409 else
4410 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4411 run_rt3070_rf_write(sc, 54, rf);
4412
4413 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4414 if (sc->ntxchains == 3)
4415 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4416 else
4417 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4418 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4419 run_rt3070_rf_write(sc, 1, rf);
4420
4421 run_adjust_freq_offset(sc);
4422
4423 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4424
4425 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4426 run_rt3070_rf_read(sc, 30, &rf);
4427 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4428 run_rt3070_rf_write(sc, 30, rf);
4429
4430 run_rt3070_rf_read(sc, 36, &rf);
4431 if (chan <= 14)
4432 rf |= 0x80;
4433 else
4434 rf &= ~0x80;
4435 run_rt3070_rf_write(sc, 36, rf);
4436
4437 /* Set vcolo_bs. */
4438 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4439 /* Set pfd_delay. */
4440 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4441
4442 /* Set vco bias current control. */
4443 run_rt3070_rf_read(sc, 6, &rf);
4444 rf &= ~0xc0;
4445 if (chan <= 14)
4446 rf |= 0x40;
4447 else if (chan <= 128)
4448 rf |= 0x80;
4449 else
4450 rf |= 0x40;
4451 run_rt3070_rf_write(sc, 6, rf);
4452
4453 run_rt3070_rf_read(sc, 30, &rf);
4454 rf = (rf & ~0x18) | 0x10;
4455 run_rt3070_rf_write(sc, 30, rf);
4456
4457 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4458 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4459
4460 run_rt3070_rf_read(sc, 51, &rf);
4461 rf = (rf & ~0x03) | 0x01;
4462 run_rt3070_rf_write(sc, 51, rf);
4463 /* Set tx_mx1_cc. */
4464 run_rt3070_rf_read(sc, 51, &rf);
4465 rf &= ~0x1c;
4466 rf |= (chan <= 14) ? 0x14 : 0x10;
4467 run_rt3070_rf_write(sc, 51, rf);
4468 /* Set tx_mx1_ic. */
4469 run_rt3070_rf_read(sc, 51, &rf);
4470 rf &= ~0xe0;
4471 rf |= (chan <= 14) ? 0x60 : 0x40;
4472 run_rt3070_rf_write(sc, 51, rf);
4473 /* Set tx_lo1_ic. */
4474 run_rt3070_rf_read(sc, 49, &rf);
4475 rf &= ~0x1c;
4476 rf |= (chan <= 14) ? 0x0c : 0x08;
4477 run_rt3070_rf_write(sc, 49, rf);
4478 /* Set tx_lo1_en. */
4479 run_rt3070_rf_read(sc, 50, &rf);
4480 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4481 /* Set drv_cc. */
4482 run_rt3070_rf_read(sc, 57, &rf);
4483 rf &= ~0xfc;
4484 rf |= (chan <= 14) ? 0x6c : 0x3c;
4485 run_rt3070_rf_write(sc, 57, rf);
4486 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4487 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4488 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4489 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4490 /* Enable VCO calibration. */
4491 run_rt3070_rf_read(sc, 3, &rf);
4492 rf &= ~RT5390_VCOCAL;
4493 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4494 run_rt3070_rf_write(sc, 3, rf);
4495
4496 if (chan <= 14)
4497 rf = 0x23;
4498 else if (chan <= 64)
4499 rf = 0x36;
4500 else if (chan <= 128)
4501 rf = 0x32;
4502 else
4503 rf = 0x30;
4504 run_rt3070_rf_write(sc, 39, rf);
4505 if (chan <= 14)
4506 rf = 0xbb;
4507 else if (chan <= 64)
4508 rf = 0xeb;
4509 else if (chan <= 128)
4510 rf = 0xb3;
4511 else
4512 rf = 0x9b;
4513 run_rt3070_rf_write(sc, 45, rf);
4514
4515 /* Set FEQ/AEQ control. */
4516 run_bbp_write(sc, 105, 0x34);
4517}
4518
4519static void
4520run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4521{
4522 int8_t txpow1, txpow2;
4523 uint8_t rf;
4524 int i;
4525
4526 /* find the settings for this channel (we know it exists) */
4527 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4528
4529 /* use Tx power values from EEPROM */
4530 txpow1 = sc->txpow1[i];
4531 txpow2 = sc->txpow2[i];
4532
4533 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4534 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4535 run_rt3070_rf_read(sc, 11, &rf);
4536 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4537 run_rt3070_rf_write(sc, 11, rf);
4538
4539 run_rt3070_rf_read(sc, 49, &rf);
4540 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4541 /* The valid range of the RF R49 is 0x00 to 0x27. */
4542 if ((rf & 0x3f) > 0x27)
4543 rf = (rf & ~0x3f) | 0x27;
4544 run_rt3070_rf_write(sc, 49, rf);
4545
4546 if (sc->mac_ver == 0x5392) {
4547 run_rt3070_rf_read(sc, 50, &rf);
4548 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4549 /* The valid range of the RF R50 is 0x00 to 0x27. */
4550 if ((rf & 0x3f) > 0x27)
4551 rf = (rf & ~0x3f) | 0x27;
4552 run_rt3070_rf_write(sc, 50, rf);
4553 }
4554
4555 run_rt3070_rf_read(sc, 1, &rf);
4556 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4557 if (sc->mac_ver == 0x5392)
4558 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4559 run_rt3070_rf_write(sc, 1, rf);
4560
4561 if (sc->mac_ver != 0x5392) {
4562 run_rt3070_rf_read(sc, 2, &rf);
4563 rf |= 0x80;
4564 run_rt3070_rf_write(sc, 2, rf);
4565 run_delay(sc, 10);
4566 rf &= 0x7f;
4567 run_rt3070_rf_write(sc, 2, rf);
4568 }
4569
4570 run_adjust_freq_offset(sc);
4571
4572 if (sc->mac_ver == 0x5392) {
4573 /* Fix for RT5392C. */
4574 if (sc->mac_rev >= 0x0223) {
4575 if (chan <= 4)
4576 rf = 0x0f;
4577 else if (chan >= 5 && chan <= 7)
4578 rf = 0x0e;
4579 else
4580 rf = 0x0d;
4581 run_rt3070_rf_write(sc, 23, rf);
4582
4583 if (chan <= 4)
4584 rf = 0x0c;
4585 else if (chan == 5)
4586 rf = 0x0b;
4587 else if (chan >= 6 && chan <= 7)
4588 rf = 0x0a;
4589 else if (chan >= 8 && chan <= 10)
4590 rf = 0x09;
4591 else
4592 rf = 0x08;
4593 run_rt3070_rf_write(sc, 59, rf);
4594 } else {
4595 if (chan <= 11)
4596 rf = 0x0f;
4597 else
4598 rf = 0x0b;
4599 run_rt3070_rf_write(sc, 59, rf);
4600 }
4601 } else {
4602 /* Fix for RT5390F. */
4603 if (sc->mac_rev >= 0x0502) {
4604 if (chan <= 11)
4605 rf = 0x43;
4606 else
4607 rf = 0x23;
4608 run_rt3070_rf_write(sc, 55, rf);
4609
4610 if (chan <= 11)
4611 rf = 0x0f;
4612 else if (chan == 12)
4613 rf = 0x0d;
4614 else
4615 rf = 0x0b;
4616 run_rt3070_rf_write(sc, 59, rf);
4617 } else {
4618 run_rt3070_rf_write(sc, 55, 0x44);
4619 run_rt3070_rf_write(sc, 59, 0x8f);
4620 }
4621 }
4622
4623 /* Enable VCO calibration. */
4624 run_rt3070_rf_read(sc, 3, &rf);
4625 rf |= RT5390_VCOCAL;
4626 run_rt3070_rf_write(sc, 3, rf);
4627}
4628
4629static void
4630run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4631{
4632 const struct rt5592_freqs *freqs;
4633 uint32_t tmp;
4634 uint8_t reg, rf, txpow_bound;
4635 int8_t txpow1, txpow2;
4636 int i;
4637
4638 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4639 freqs = (tmp & RT5592_SEL_XTAL) ?
4640 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4641
4642 /* find the settings for this channel (we know it exists) */
4643 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4644
4645 /* use Tx power values from EEPROM */
4646 txpow1 = sc->txpow1[i];
4647 txpow2 = sc->txpow2[i];
4648
4649 run_read(sc, RT3070_LDO_CFG0, &tmp);
4650 tmp &= ~0x1c000000;
4651 if (chan > 14)
4652 tmp |= 0x14000000;
4653 run_write(sc, RT3070_LDO_CFG0, tmp);
4654
4655 /* N setting. */
4656 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4657 run_rt3070_rf_read(sc, 9, &rf);
4658 rf &= ~(1 << 4);
4659 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4660 run_rt3070_rf_write(sc, 9, rf);
4661
4662 /* K setting. */
4663 run_rt3070_rf_read(sc, 9, &rf);
4664 rf &= ~0x0f;
4665 rf |= (freqs->k & 0x0f);
4666 run_rt3070_rf_write(sc, 9, rf);
4667
4668 /* Mode setting. */
4669 run_rt3070_rf_read(sc, 11, &rf);
4670 rf &= ~0x0c;
4671 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4672 run_rt3070_rf_write(sc, 11, rf);
4673 run_rt3070_rf_read(sc, 9, &rf);
4674 rf &= ~(1 << 7);
4675 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4676 run_rt3070_rf_write(sc, 9, rf);
4677
4678 /* R setting. */
4679 run_rt3070_rf_read(sc, 11, &rf);
4680 rf &= ~0x03;
4681 rf |= (freqs->r - 0x1);
4682 run_rt3070_rf_write(sc, 11, rf);
4683
4684 if (chan <= 14) {
4685 /* Initialize RF registers for 2GHZ. */
4686 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4687 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4688 rt5592_2ghz_def_rf[i].val);
4689 }
4690
4691 rf = (chan <= 10) ? 0x07 : 0x06;
4692 run_rt3070_rf_write(sc, 23, rf);
4693 run_rt3070_rf_write(sc, 59, rf);
4694
4695 run_rt3070_rf_write(sc, 55, 0x43);
4696
4697 /*
4698 * RF R49/R50 Tx power ALC code.
4699 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4700 */
4701 reg = 2;
4702 txpow_bound = 0x27;
4703 } else {
4704 /* Initialize RF registers for 5GHZ. */
4705 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4706 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4707 rt5592_5ghz_def_rf[i].val);
4708 }
4709 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4710 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4711 chan <= rt5592_chan_5ghz[i].lastchan) {
4712 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4713 rt5592_chan_5ghz[i].val);
4714 }
4715 }
4716
4717 /*
4718 * RF R49/R50 Tx power ALC code.
4719 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4720 */
4721 reg = 3;
4722 txpow_bound = 0x2b;
4723 }
4724
4725 /* RF R49 ch0 Tx power ALC code. */
4726 run_rt3070_rf_read(sc, 49, &rf);
4727 rf &= ~0xc0;
4728 rf |= (reg << 6);
4729 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4730 if ((rf & 0x3f) > txpow_bound)
4731 rf = (rf & ~0x3f) | txpow_bound;
4732 run_rt3070_rf_write(sc, 49, rf);
4733
4734 /* RF R50 ch1 Tx power ALC code. */
4735 run_rt3070_rf_read(sc, 50, &rf);
4736 rf &= ~(1 << 7 | 1 << 6);
4737 rf |= (reg << 6);
4738 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4739 if ((rf & 0x3f) > txpow_bound)
4740 rf = (rf & ~0x3f) | txpow_bound;
4741 run_rt3070_rf_write(sc, 50, rf);
4742
4743 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4744 run_rt3070_rf_read(sc, 1, &rf);
4745 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4746 if (sc->ntxchains > 1)
4747 rf |= RT3070_TX1_PD;
4748 if (sc->nrxchains > 1)
4749 rf |= RT3070_RX1_PD;
4750 run_rt3070_rf_write(sc, 1, rf);
4751
4752 run_rt3070_rf_write(sc, 6, 0xe4);
4753
4754 run_rt3070_rf_write(sc, 30, 0x10);
4755 run_rt3070_rf_write(sc, 31, 0x80);
4756 run_rt3070_rf_write(sc, 32, 0x80);
4757
4758 run_adjust_freq_offset(sc);
4759
4760 /* Enable VCO calibration. */
4761 run_rt3070_rf_read(sc, 3, &rf);
4762 rf |= RT5390_VCOCAL;
4763 run_rt3070_rf_write(sc, 3, rf);
4764}
4765
4766static void
4767run_set_rx_antenna(struct run_softc *sc, int aux)
4768{
4769 uint32_t tmp;
4770 uint8_t bbp152;
4771
4772 if (aux) {
4773 if (sc->rf_rev == RT5390_RF_5370) {
4774 run_bbp_read(sc, 152, &bbp152);
4775 run_bbp_write(sc, 152, bbp152 & ~0x80);
4776 } else {
4777 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4778 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4779 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4780 }
4781 } else {
4782 if (sc->rf_rev == RT5390_RF_5370) {
4783 run_bbp_read(sc, 152, &bbp152);
4784 run_bbp_write(sc, 152, bbp152 | 0x80);
4785 } else {
4786 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4787 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4788 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4789 }
4790 }
4791}
4792
4793static int
4794run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4795{
4796 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4797 u_int chan, group;
4798
4799 chan = ieee80211_chan2ieee(ic, c);
4800 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4801 return (EINVAL);
4802
4803 if (sc->mac_ver == 0x5592)
4804 run_rt5592_set_chan(sc, chan);
4805 else if (sc->mac_ver >= 0x5390)
4806 run_rt5390_set_chan(sc, chan);
4807 else if (sc->mac_ver == 0x3593)
4808 run_rt3593_set_chan(sc, chan);
4809 else if (sc->mac_ver == 0x3572)
4810 run_rt3572_set_chan(sc, chan);
4811 else if (sc->mac_ver >= 0x3070)
4812 run_rt3070_set_chan(sc, chan);
4813 else
4814 run_rt2870_set_chan(sc, chan);
4815
4816 /* determine channel group */
4817 if (chan <= 14)
4818 group = 0;
4819 else if (chan <= 64)
4820 group = 1;
4821 else if (chan <= 128)
4822 group = 2;
4823 else
4824 group = 3;
4825
4826 /* XXX necessary only when group has changed! */
4827 run_select_chan_group(sc, group);
4828
4829 run_delay(sc, 10);
4830
4831 /* Perform IQ calibration. */
4832 if (sc->mac_ver >= 0x5392)
4833 run_iq_calib(sc, chan);
4834
4835 return (0);
4836}
4837
4838static void
4839run_set_channel(struct ieee80211com *ic)
4840{
4841 struct run_softc *sc = ic->ic_ifp->if_softc;
4842
4843 RUN_LOCK(sc);
4844 run_set_chan(sc, ic->ic_curchan);
4845 RUN_UNLOCK(sc);
4846
4847 return;
4848}
4849
4850static void
4851run_scan_start(struct ieee80211com *ic)
4852{
4853 struct run_softc *sc = ic->ic_ifp->if_softc;
4854 uint32_t tmp;
4855
4856 RUN_LOCK(sc);
4857
4858 /* abort TSF synchronization */
4859 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4860 run_write(sc, RT2860_BCN_TIME_CFG,
4861 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4862 RT2860_TBTT_TIMER_EN));
4863 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
4864
4865 RUN_UNLOCK(sc);
4866
4867 return;
4868}
4869
4870static void
4871run_scan_end(struct ieee80211com *ic)
4872{
4873 struct run_softc *sc = ic->ic_ifp->if_softc;
4874
4875 RUN_LOCK(sc);
4876
4877 run_enable_tsf_sync(sc);
4878 /* XXX keep local copy */
4879 run_set_bssid(sc, sc->sc_bssid);
4880
4881 RUN_UNLOCK(sc);
4882
4883 return;
4884}
4885
4886/*
4887 * Could be called from ieee80211_node_timeout()
4888 * (non-sleepable thread)
4889 */
4890static void
4891run_update_beacon(struct ieee80211vap *vap, int item)
4892{
4893 struct ieee80211com *ic = vap->iv_ic;
4894 struct run_softc *sc = ic->ic_ifp->if_softc;
4895 struct run_vap *rvp = RUN_VAP(vap);
4896 int mcast = 0;
4897 uint32_t i;
4898
4899 KASSERT(vap != NULL, ("no beacon"));
4900
4901 switch (item) {
4902 case IEEE80211_BEACON_ERP:
4903 run_updateslot(ic->ic_ifp);
4904 break;
4905 case IEEE80211_BEACON_HTINFO:
4906 run_updateprot(ic);
4907 break;
4908 case IEEE80211_BEACON_TIM:
4909 mcast = 1; /*TODO*/
4910 break;
4911 default:
4912 break;
4913 }
4914
4915 setbit(rvp->bo.bo_flags, item);
4916 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast);
4917
4918 i = RUN_CMDQ_GET(&sc->cmdq_store);
4919 DPRINTF("cmdq_store=%d\n", i);
4920 sc->cmdq[i].func = run_update_beacon_cb;
4921 sc->cmdq[i].arg0 = vap;
4922 ieee80211_runtask(ic, &sc->cmdq_task);
4923
4924 return;
4925}
4926
4927static void
4928run_update_beacon_cb(void *arg)
4929{
4930 struct ieee80211vap *vap = arg;
4931 struct run_vap *rvp = RUN_VAP(vap);
4932 struct ieee80211com *ic = vap->iv_ic;
4933 struct run_softc *sc = ic->ic_ifp->if_softc;
4934 struct rt2860_txwi txwi;
4935 struct mbuf *m;
4936 uint16_t txwisize;
4937 uint8_t ridx;
4938
4939 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
4940 return;
4941 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4942 return;
4943
4944 /*
4945 * No need to call ieee80211_beacon_update(), run_update_beacon()
4946 * is taking care of apropriate calls.
4947 */
4948 if (rvp->beacon_mbuf == NULL) {
4949 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4950 &rvp->bo);
4951 if (rvp->beacon_mbuf == NULL)
4952 return;
4953 }
4954 m = rvp->beacon_mbuf;
4955
4956 memset(&txwi, 0, sizeof(txwi));
4957 txwi.wcid = 0xff;
4958 txwi.len = htole16(m->m_pkthdr.len);
4959
4960 /* send beacons at the lowest available rate */
4961 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4962 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4963 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4964 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4965 txwi.phy |= htole16(RT2860_PHY_OFDM);
4966 txwi.txop = RT2860_TX_TXOP_HT;
4967 txwi.flags = RT2860_TX_TS;
4968 txwi.xflags = RT2860_TX_NSEQ;
4969
4970 txwisize = (sc->mac_ver == 0x5592) ?
4971 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4972 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4973 txwisize);
4974 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4975 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4976}
4977
4978static void
4979run_updateprot(struct ieee80211com *ic)
4980{
4981 struct run_softc *sc = ic->ic_ifp->if_softc;
4982 uint32_t i;
4983
4984 i = RUN_CMDQ_GET(&sc->cmdq_store);
4985 DPRINTF("cmdq_store=%d\n", i);
4986 sc->cmdq[i].func = run_updateprot_cb;
4987 sc->cmdq[i].arg0 = ic;
4988 ieee80211_runtask(ic, &sc->cmdq_task);
4989}
4990
4991static void
4992run_updateprot_cb(void *arg)
4993{
4994 struct ieee80211com *ic = arg;
4995 struct run_softc *sc = ic->ic_ifp->if_softc;
4996 uint32_t tmp;
4997
4998 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
4999 /* setup protection frame rate (MCS code) */
5000 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5001 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5002 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5003
5004 /* CCK frames don't require protection */
5005 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5006 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5007 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5008 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5009 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5010 tmp |= RT2860_PROT_CTRL_CTS;
5011 }
5012 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5013}
5014
5015static void
5016run_usb_timeout_cb(void *arg)
5017{
5018 struct ieee80211vap *vap = arg;
5019 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
5020
5021 RUN_LOCK_ASSERT(sc, MA_OWNED);
5022
5023 if(vap->iv_state == IEEE80211_S_RUN &&
5024 vap->iv_opmode != IEEE80211_M_STA)
5025 run_reset_livelock(sc);
5026 else if (vap->iv_state == IEEE80211_S_SCAN) {
5027 DPRINTF("timeout caused by scan\n");
5028 /* cancel bgscan */
5029 ieee80211_cancel_scan(vap);
5030 } else
5031 DPRINTF("timeout by unknown cause\n");
5032}
5033
5034static void
5035run_reset_livelock(struct run_softc *sc)
5036{
5037 uint32_t tmp;
5038
5039 RUN_LOCK_ASSERT(sc, MA_OWNED);
5040
5041 /*
5042 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5043 * can run into a livelock and start sending CTS-to-self frames like
5044 * crazy if protection is enabled. Reset MAC/BBP for a while
5045 */
5046 run_read(sc, RT2860_DEBUG, &tmp);
5047 DPRINTFN(3, "debug reg %08x\n", tmp);
5048 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5049 DPRINTF("CTS-to-self livelock detected\n");
5050 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5051 run_delay(sc, 1);
5052 run_write(sc, RT2860_MAC_SYS_CTRL,
5053 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5054 }
5055}
5056
5057static void
5058run_update_promisc_locked(struct ifnet *ifp)
5059{
5060 struct run_softc *sc = ifp->if_softc;
5061 uint32_t tmp;
5062
5063 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5064
5065 tmp |= RT2860_DROP_UC_NOME;
5066 if (ifp->if_flags & IFF_PROMISC)
5067 tmp &= ~RT2860_DROP_UC_NOME;
5068
5069 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5070
5071 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
5072 "entering" : "leaving");
5073}
5074
5075static void
5076run_update_promisc(struct ifnet *ifp)
5077{
5078 struct run_softc *sc = ifp->if_softc;
5079
5080 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
5081 return;
5082
5083 RUN_LOCK(sc);
5084 run_update_promisc_locked(ifp);
5085 RUN_UNLOCK(sc);
5086}
5087
5088static void
5089run_enable_tsf_sync(struct run_softc *sc)
5090{
5091 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5092 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5093 uint32_t tmp;
5094
5095 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5096 ic->ic_opmode);
5097
5098 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5099 tmp &= ~0x1fffff;
5100 tmp |= vap->iv_bss->ni_intval * 16;
5101 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5102
5103 if (ic->ic_opmode == IEEE80211_M_STA) {
5104 /*
5105 * Local TSF is always updated with remote TSF on beacon
5106 * reception.
5107 */
5108 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5109 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5110 tmp |= RT2860_BCN_TX_EN;
5111 /*
5112 * Local TSF is updated with remote TSF on beacon reception
5113 * only if the remote TSF is greater than local TSF.
5114 */
5115 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5116 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5117 ic->ic_opmode == IEEE80211_M_MBSS) {
5118 tmp |= RT2860_BCN_TX_EN;
5119 /* SYNC with nobody */
5120 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5121 } else {
5122 DPRINTF("Enabling TSF failed. undefined opmode\n");
5123 return;
5124 }
5125
5126 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5127}
5128
5129static void
5130run_enable_mrr(struct run_softc *sc)
5131{
5132#define CCK(mcs) (mcs)
5133#define OFDM(mcs) (1 << 3 | (mcs))
5134 run_write(sc, RT2860_LG_FBK_CFG0,
5135 OFDM(6) << 28 | /* 54->48 */
5136 OFDM(5) << 24 | /* 48->36 */
5137 OFDM(4) << 20 | /* 36->24 */
5138 OFDM(3) << 16 | /* 24->18 */
5139 OFDM(2) << 12 | /* 18->12 */
5140 OFDM(1) << 8 | /* 12-> 9 */
5141 OFDM(0) << 4 | /* 9-> 6 */
5142 OFDM(0)); /* 6-> 6 */
5143
5144 run_write(sc, RT2860_LG_FBK_CFG1,
5145 CCK(2) << 12 | /* 11->5.5 */
5146 CCK(1) << 8 | /* 5.5-> 2 */
5147 CCK(0) << 4 | /* 2-> 1 */
5148 CCK(0)); /* 1-> 1 */
5149#undef OFDM
5150#undef CCK
5151}
5152
5153static void
5154run_set_txpreamble(struct run_softc *sc)
5155{
5156 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5157 uint32_t tmp;
5158
5159 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5160 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5161 tmp |= RT2860_CCK_SHORT_EN;
5162 else
5163 tmp &= ~RT2860_CCK_SHORT_EN;
5164 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5165}
5166
5167static void
5168run_set_basicrates(struct run_softc *sc)
5169{
5170 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5171
5172 /* set basic rates mask */
5173 if (ic->ic_curmode == IEEE80211_MODE_11B)
5174 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5175 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5176 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5177 else /* 11g */
5178 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5179}
5180
5181static void
5182run_set_leds(struct run_softc *sc, uint16_t which)
5183{
5184 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5185 which | (sc->leds & 0x7f));
5186}
5187
5188static void
5189run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5190{
5191 run_write(sc, RT2860_MAC_BSSID_DW0,
5192 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5193 run_write(sc, RT2860_MAC_BSSID_DW1,
5194 bssid[4] | bssid[5] << 8);
5195}
5196
5197static void
5198run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5199{
5200 run_write(sc, RT2860_MAC_ADDR_DW0,
5201 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5202 run_write(sc, RT2860_MAC_ADDR_DW1,
5203 addr[4] | addr[5] << 8 | 0xff << 16);
5204}
5205
5206static void
5207run_updateslot(struct ifnet *ifp)
5208{
5209 struct run_softc *sc = ifp->if_softc;
5210 struct ieee80211com *ic = ifp->if_l2com;
5211 uint32_t i;
5212
5213 i = RUN_CMDQ_GET(&sc->cmdq_store);
5214 DPRINTF("cmdq_store=%d\n", i);
5215 sc->cmdq[i].func = run_updateslot_cb;
5216 sc->cmdq[i].arg0 = ifp;
5217 ieee80211_runtask(ic, &sc->cmdq_task);
5218
5219 return;
5220}
5221
5222/* ARGSUSED */
5223static void
5224run_updateslot_cb(void *arg)
5225{
5226 struct ifnet *ifp = arg;
5227 struct run_softc *sc = ifp->if_softc;
5228 struct ieee80211com *ic = ifp->if_l2com;
5229 uint32_t tmp;
5230
5231 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5232 tmp &= ~0xff;
5233 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
5234 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5235}
5236
5237static void
5238run_update_mcast(struct ifnet *ifp)
5239{
5240 /* h/w filter supports getting everything or nothing */
5241 ifp->if_flags |= IFF_ALLMULTI;
5242}
5243
5244static int8_t
5245run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5246{
5247 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5248 struct ieee80211_channel *c = ic->ic_curchan;
5249 int delta;
5250
5251 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5252 u_int chan = ieee80211_chan2ieee(ic, c);
5253 delta = sc->rssi_5ghz[rxchain];
5254
5255 /* determine channel group */
5256 if (chan <= 64)
5257 delta -= sc->lna[1];
5258 else if (chan <= 128)
5259 delta -= sc->lna[2];
5260 else
5261 delta -= sc->lna[3];
5262 } else
5263 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5264
5265 return (-12 - delta - rssi);
5266}
5267
5268static void
5269run_rt5390_bbp_init(struct run_softc *sc)
5270{
5271 int i;
5272 uint8_t bbp;
5273
5274 /* Apply maximum likelihood detection for 2 stream case. */
5275 run_bbp_read(sc, 105, &bbp);
5276 if (sc->nrxchains > 1)
5277 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5278
5279 /* Avoid data lost and CRC error. */
5280 run_bbp_read(sc, 4, &bbp);
5281 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5282
5283 if (sc->mac_ver == 0x5592) {
5284 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5285 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5286 rt5592_def_bbp[i].val);
5287 }
5288 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5289 run_bbp_write(sc, 195, i + 0x80);
5290 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5291 }
5292 } else {
5293 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5294 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5295 rt5390_def_bbp[i].val);
5296 }
5297 }
5298 if (sc->mac_ver == 0x5392) {
5299 run_bbp_write(sc, 88, 0x90);
5300 run_bbp_write(sc, 95, 0x9a);
5301 run_bbp_write(sc, 98, 0x12);
5302 run_bbp_write(sc, 106, 0x12);
5303 run_bbp_write(sc, 134, 0xd0);
5304 run_bbp_write(sc, 135, 0xf6);
5305 run_bbp_write(sc, 148, 0x84);
5306 }
5307
5308 run_bbp_read(sc, 152, &bbp);
5309 run_bbp_write(sc, 152, bbp | 0x80);
5310
5311 /* Fix BBP254 for RT5592C. */
5312 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5313 run_bbp_read(sc, 254, &bbp);
5314 run_bbp_write(sc, 254, bbp | 0x80);
5315 }
5316
5317 /* Disable hardware antenna diversity. */
5318 if (sc->mac_ver == 0x5390)
5319 run_bbp_write(sc, 154, 0);
5320
5321 /* Initialize Rx CCK/OFDM frequency offset report. */
5322 run_bbp_write(sc, 142, 1);
5323 run_bbp_write(sc, 143, 57);
5324}
5325
5326static int
5327run_bbp_init(struct run_softc *sc)
5328{
5329 int i, error, ntries;
5330 uint8_t bbp0;
5331
5332 /* wait for BBP to wake up */
5333 for (ntries = 0; ntries < 20; ntries++) {
5334 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5335 return error;
5336 if (bbp0 != 0 && bbp0 != 0xff)
5337 break;
5338 }
5339 if (ntries == 20)
5340 return (ETIMEDOUT);
5341
5342 /* initialize BBP registers to default values */
5343 if (sc->mac_ver >= 0x5390)
5344 run_rt5390_bbp_init(sc);
5345 else {
5346 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5347 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5348 rt2860_def_bbp[i].val);
5349 }
5350 }
5351
5352 if (sc->mac_ver == 0x3593) {
5353 run_bbp_write(sc, 79, 0x13);
5354 run_bbp_write(sc, 80, 0x05);
5355 run_bbp_write(sc, 81, 0x33);
5356 run_bbp_write(sc, 86, 0x46);
5357 run_bbp_write(sc, 137, 0x0f);
5358 }
5359
5360 /* fix BBP84 for RT2860E */
5361 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5362 run_bbp_write(sc, 84, 0x19);
5363
5364 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5365 sc->mac_ver != 0x5592)) {
5366 run_bbp_write(sc, 79, 0x13);
5367 run_bbp_write(sc, 80, 0x05);
5368 run_bbp_write(sc, 81, 0x33);
5369 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5370 run_bbp_write(sc, 69, 0x16);
5371 run_bbp_write(sc, 73, 0x12);
5372 }
5373 return (0);
5374}
5375
5376static int
5377run_rt3070_rf_init(struct run_softc *sc)
5378{
5379 uint32_t tmp;
5380 uint8_t bbp4, mingain, rf, target;
5381 int i;
5382
5383 run_rt3070_rf_read(sc, 30, &rf);
5384 /* toggle RF R30 bit 7 */
5385 run_rt3070_rf_write(sc, 30, rf | 0x80);
5386 run_delay(sc, 10);
5387 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5388
5389 /* initialize RF registers to default value */
5390 if (sc->mac_ver == 0x3572) {
5391 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5392 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5393 rt3572_def_rf[i].val);
5394 }
5395 } else {
5396 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5397 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5398 rt3070_def_rf[i].val);
5399 }
5400 }
5401
5402 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5403 /*
5404 * Change voltage from 1.2V to 1.35V for RT3070.
5405 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5406 * in RT3070(F).
5407 */
5408 run_read(sc, RT3070_LDO_CFG0, &tmp);
5409 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5410 run_write(sc, RT3070_LDO_CFG0, tmp);
5411
5412 } else if (sc->mac_ver == 0x3071) {
5413 run_rt3070_rf_read(sc, 6, &rf);
5414 run_rt3070_rf_write(sc, 6, rf | 0x40);
5415 run_rt3070_rf_write(sc, 31, 0x14);
5416
5417 run_read(sc, RT3070_LDO_CFG0, &tmp);
5418 tmp &= ~0x1f000000;
5419 if (sc->mac_rev < 0x0211)
5420 tmp |= 0x0d000000; /* 1.3V */
5421 else
5422 tmp |= 0x01000000; /* 1.2V */
5423 run_write(sc, RT3070_LDO_CFG0, tmp);
5424
5425 /* patch LNA_PE_G1 */
5426 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5427 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5428
5429 } else if (sc->mac_ver == 0x3572) {
5430 run_rt3070_rf_read(sc, 6, &rf);
5431 run_rt3070_rf_write(sc, 6, rf | 0x40);
5432
5433 /* increase voltage from 1.2V to 1.35V */
5434 run_read(sc, RT3070_LDO_CFG0, &tmp);
5435 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5436 run_write(sc, RT3070_LDO_CFG0, tmp);
5437
5438 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5439 run_delay(sc, 1); /* wait for 1msec */
5440 /* decrease voltage back to 1.2V */
5441 tmp = (tmp & ~0x1f000000) | 0x01000000;
5442 run_write(sc, RT3070_LDO_CFG0, tmp);
5443 }
5444 }
5445
5446 /* select 20MHz bandwidth */
5447 run_rt3070_rf_read(sc, 31, &rf);
5448 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5449
5450 /* calibrate filter for 20MHz bandwidth */
5451 sc->rf24_20mhz = 0x1f; /* default value */
5452 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5453 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5454
5455 /* select 40MHz bandwidth */
5456 run_bbp_read(sc, 4, &bbp4);
5457 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5458 run_rt3070_rf_read(sc, 31, &rf);
5459 run_rt3070_rf_write(sc, 31, rf | 0x20);
5460
5461 /* calibrate filter for 40MHz bandwidth */
5462 sc->rf24_40mhz = 0x2f; /* default value */
5463 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5464 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5465
5466 /* go back to 20MHz bandwidth */
5467 run_bbp_read(sc, 4, &bbp4);
5468 run_bbp_write(sc, 4, bbp4 & ~0x18);
5469
5470 if (sc->mac_ver == 0x3572) {
5471 /* save default BBP registers 25 and 26 values */
5472 run_bbp_read(sc, 25, &sc->bbp25);
5473 run_bbp_read(sc, 26, &sc->bbp26);
5474 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5475 run_rt3070_rf_write(sc, 27, 0x03);
5476
5477 run_read(sc, RT3070_OPT_14, &tmp);
5478 run_write(sc, RT3070_OPT_14, tmp | 1);
5479
5480 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5481 run_rt3070_rf_read(sc, 17, &rf);
5482 rf &= ~RT3070_TX_LO1;
5483 if ((sc->mac_ver == 0x3070 ||
5484 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5485 !sc->ext_2ghz_lna)
5486 rf |= 0x20; /* fix for long range Rx issue */
5487 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5488 if (sc->txmixgain_2ghz >= mingain)
5489 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5490 run_rt3070_rf_write(sc, 17, rf);
5491 }
5492
|