22
23/*-
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
26 */
27
28#include <sys/param.h>
29#include <sys/sockio.h>
30#include <sys/sysctl.h>
31#include <sys/lock.h>
32#include <sys/mutex.h>
33#include <sys/mbuf.h>
34#include <sys/kernel.h>
35#include <sys/socket.h>
36#include <sys/systm.h>
37#include <sys/malloc.h>
38#include <sys/module.h>
39#include <sys/bus.h>
40#include <sys/endian.h>
41#include <sys/linker.h>
42#include <sys/firmware.h>
43#include <sys/kdb.h>
44
45#include <machine/bus.h>
46#include <machine/resource.h>
47#include <sys/rman.h>
48
49#include <net/bpf.h>
50#include <net/if.h>
51#include <net/if_var.h>
52#include <net/if_arp.h>
53#include <net/ethernet.h>
54#include <net/if_dl.h>
55#include <net/if_media.h>
56#include <net/if_types.h>
57
58#include <netinet/in.h>
59#include <netinet/in_systm.h>
60#include <netinet/in_var.h>
61#include <netinet/if_ether.h>
62#include <netinet/ip.h>
63
64#include <net80211/ieee80211_var.h>
65#include <net80211/ieee80211_regdomain.h>
66#include <net80211/ieee80211_radiotap.h>
67#include <net80211/ieee80211_ratectl.h>
68
69#include <dev/usb/usb.h>
70#include <dev/usb/usbdi.h>
71#include "usbdevs.h"
72
73#define USB_DEBUG_VAR run_debug
74#include <dev/usb/usb_debug.h>
75#include <dev/usb/usb_msctest.h>
76
77#include <dev/usb/wlan/if_runreg.h>
78#include <dev/usb/wlan/if_runvar.h>
79
80#ifdef USB_DEBUG
81#define RUN_DEBUG
82#endif
83
84#ifdef RUN_DEBUG
85int run_debug = 0;
86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
88 "run debug level");
89#endif
90
91#define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
92
93/*
94 * Because of LOR in run_key_delete(), use atomic instead.
95 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
96 */
97#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
98
99static const STRUCT_USB_HOST_ID run_devs[] = {
100#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
101#define RUN_DEV_EJECT(v,p) \
102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
103#define RUN_EJECT 1
104 RUN_DEV(ABOCOM, RT2770),
105 RUN_DEV(ABOCOM, RT2870),
106 RUN_DEV(ABOCOM, RT3070),
107 RUN_DEV(ABOCOM, RT3071),
108 RUN_DEV(ABOCOM, RT3072),
109 RUN_DEV(ABOCOM2, RT2870_1),
110 RUN_DEV(ACCTON, RT2770),
111 RUN_DEV(ACCTON, RT2870_1),
112 RUN_DEV(ACCTON, RT2870_2),
113 RUN_DEV(ACCTON, RT2870_3),
114 RUN_DEV(ACCTON, RT2870_4),
115 RUN_DEV(ACCTON, RT2870_5),
116 RUN_DEV(ACCTON, RT3070),
117 RUN_DEV(ACCTON, RT3070_1),
118 RUN_DEV(ACCTON, RT3070_2),
119 RUN_DEV(ACCTON, RT3070_3),
120 RUN_DEV(ACCTON, RT3070_4),
121 RUN_DEV(ACCTON, RT3070_5),
122 RUN_DEV(AIRTIES, RT3070),
123 RUN_DEV(ALLWIN, RT2070),
124 RUN_DEV(ALLWIN, RT2770),
125 RUN_DEV(ALLWIN, RT2870),
126 RUN_DEV(ALLWIN, RT3070),
127 RUN_DEV(ALLWIN, RT3071),
128 RUN_DEV(ALLWIN, RT3072),
129 RUN_DEV(ALLWIN, RT3572),
130 RUN_DEV(AMIGO, RT2870_1),
131 RUN_DEV(AMIGO, RT2870_2),
132 RUN_DEV(AMIT, CGWLUSB2GNR),
133 RUN_DEV(AMIT, RT2870_1),
134 RUN_DEV(AMIT2, RT2870),
135 RUN_DEV(ASUS, RT2870_1),
136 RUN_DEV(ASUS, RT2870_2),
137 RUN_DEV(ASUS, RT2870_3),
138 RUN_DEV(ASUS, RT2870_4),
139 RUN_DEV(ASUS, RT2870_5),
140 RUN_DEV(ASUS, USBN13),
141 RUN_DEV(ASUS, RT3070_1),
142 RUN_DEV(ASUS, USBN66),
143 RUN_DEV(ASUS, USB_N53),
144 RUN_DEV(ASUS2, USBN11),
145 RUN_DEV(AZUREWAVE, RT2870_1),
146 RUN_DEV(AZUREWAVE, RT2870_2),
147 RUN_DEV(AZUREWAVE, RT3070_1),
148 RUN_DEV(AZUREWAVE, RT3070_2),
149 RUN_DEV(AZUREWAVE, RT3070_3),
150 RUN_DEV(BELKIN, F9L1103),
151 RUN_DEV(BELKIN, F5D8053V3),
152 RUN_DEV(BELKIN, F5D8055),
153 RUN_DEV(BELKIN, F5D8055V2),
154 RUN_DEV(BELKIN, F6D4050V1),
155 RUN_DEV(BELKIN, F6D4050V2),
156 RUN_DEV(BELKIN, RT2870_1),
157 RUN_DEV(BELKIN, RT2870_2),
158 RUN_DEV(CISCOLINKSYS, AE1000),
159 RUN_DEV(CISCOLINKSYS2, RT3070),
160 RUN_DEV(CISCOLINKSYS3, RT3070),
161 RUN_DEV(CONCEPTRONIC2, RT2870_1),
162 RUN_DEV(CONCEPTRONIC2, RT2870_2),
163 RUN_DEV(CONCEPTRONIC2, RT2870_3),
164 RUN_DEV(CONCEPTRONIC2, RT2870_4),
165 RUN_DEV(CONCEPTRONIC2, RT2870_5),
166 RUN_DEV(CONCEPTRONIC2, RT2870_6),
167 RUN_DEV(CONCEPTRONIC2, RT2870_7),
168 RUN_DEV(CONCEPTRONIC2, RT2870_8),
169 RUN_DEV(CONCEPTRONIC2, RT3070_1),
170 RUN_DEV(CONCEPTRONIC2, RT3070_2),
171 RUN_DEV(CONCEPTRONIC2, VIGORN61),
172 RUN_DEV(COREGA, CGWLUSB300GNM),
173 RUN_DEV(COREGA, RT2870_1),
174 RUN_DEV(COREGA, RT2870_2),
175 RUN_DEV(COREGA, RT2870_3),
176 RUN_DEV(COREGA, RT3070),
177 RUN_DEV(CYBERTAN, RT2870),
178 RUN_DEV(DLINK, RT2870),
179 RUN_DEV(DLINK, RT3072),
180 RUN_DEV(DLINK, DWA127),
181 RUN_DEV(DLINK, DWA140B3),
182 RUN_DEV(DLINK, DWA160B2),
183 RUN_DEV(DLINK, DWA140D1),
184 RUN_DEV(DLINK, DWA162),
185 RUN_DEV(DLINK2, DWA130),
186 RUN_DEV(DLINK2, RT2870_1),
187 RUN_DEV(DLINK2, RT2870_2),
188 RUN_DEV(DLINK2, RT3070_1),
189 RUN_DEV(DLINK2, RT3070_2),
190 RUN_DEV(DLINK2, RT3070_3),
191 RUN_DEV(DLINK2, RT3070_4),
192 RUN_DEV(DLINK2, RT3070_5),
193 RUN_DEV(DLINK2, RT3072),
194 RUN_DEV(DLINK2, RT3072_1),
195 RUN_DEV(EDIMAX, EW7717),
196 RUN_DEV(EDIMAX, EW7718),
197 RUN_DEV(EDIMAX, EW7733UND),
198 RUN_DEV(EDIMAX, RT2870_1),
199 RUN_DEV(ENCORE, RT3070_1),
200 RUN_DEV(ENCORE, RT3070_2),
201 RUN_DEV(ENCORE, RT3070_3),
202 RUN_DEV(GIGABYTE, GNWB31N),
203 RUN_DEV(GIGABYTE, GNWB32L),
204 RUN_DEV(GIGABYTE, RT2870_1),
205 RUN_DEV(GIGASET, RT3070_1),
206 RUN_DEV(GIGASET, RT3070_2),
207 RUN_DEV(GUILLEMOT, HWNU300),
208 RUN_DEV(HAWKING, HWUN2),
209 RUN_DEV(HAWKING, RT2870_1),
210 RUN_DEV(HAWKING, RT2870_2),
211 RUN_DEV(HAWKING, RT3070),
212 RUN_DEV(IODATA, RT3072_1),
213 RUN_DEV(IODATA, RT3072_2),
214 RUN_DEV(IODATA, RT3072_3),
215 RUN_DEV(IODATA, RT3072_4),
216 RUN_DEV(LINKSYS4, RT3070),
217 RUN_DEV(LINKSYS4, WUSB100),
218 RUN_DEV(LINKSYS4, WUSB54GCV3),
219 RUN_DEV(LINKSYS4, WUSB600N),
220 RUN_DEV(LINKSYS4, WUSB600NV2),
221 RUN_DEV(LOGITEC, RT2870_1),
222 RUN_DEV(LOGITEC, RT2870_2),
223 RUN_DEV(LOGITEC, RT2870_3),
224 RUN_DEV(LOGITEC, LANW300NU2),
225 RUN_DEV(LOGITEC, LANW150NU2),
226 RUN_DEV(LOGITEC, LANW300NU2S),
227 RUN_DEV(MELCO, WLIUCG300HP),
228 RUN_DEV(MELCO, RT2870_2),
229 RUN_DEV(MELCO, WLIUCAG300N),
230 RUN_DEV(MELCO, WLIUCG300N),
231 RUN_DEV(MELCO, WLIUCG301N),
232 RUN_DEV(MELCO, WLIUCGN),
233 RUN_DEV(MELCO, WLIUCGNM),
234 RUN_DEV(MELCO, WLIUCG300HPV1),
235 RUN_DEV(MELCO, WLIUCGNM2),
236 RUN_DEV(MOTOROLA4, RT2770),
237 RUN_DEV(MOTOROLA4, RT3070),
238 RUN_DEV(MSI, RT3070_1),
239 RUN_DEV(MSI, RT3070_2),
240 RUN_DEV(MSI, RT3070_3),
241 RUN_DEV(MSI, RT3070_4),
242 RUN_DEV(MSI, RT3070_5),
243 RUN_DEV(MSI, RT3070_6),
244 RUN_DEV(MSI, RT3070_7),
245 RUN_DEV(MSI, RT3070_8),
246 RUN_DEV(MSI, RT3070_9),
247 RUN_DEV(MSI, RT3070_10),
248 RUN_DEV(MSI, RT3070_11),
249 RUN_DEV(NETGEAR, WNDA4100),
250 RUN_DEV(OVISLINK, RT3072),
251 RUN_DEV(PARA, RT3070),
252 RUN_DEV(PEGATRON, RT2870),
253 RUN_DEV(PEGATRON, RT3070),
254 RUN_DEV(PEGATRON, RT3070_2),
255 RUN_DEV(PEGATRON, RT3070_3),
256 RUN_DEV(PHILIPS, RT2870),
257 RUN_DEV(PLANEX2, GWUS300MINIS),
258 RUN_DEV(PLANEX2, GWUSMICRON),
259 RUN_DEV(PLANEX2, RT2870),
260 RUN_DEV(PLANEX2, RT3070),
261 RUN_DEV(QCOM, RT2870),
262 RUN_DEV(QUANTA, RT3070),
263 RUN_DEV(RALINK, RT2070),
264 RUN_DEV(RALINK, RT2770),
265 RUN_DEV(RALINK, RT2870),
266 RUN_DEV(RALINK, RT3070),
267 RUN_DEV(RALINK, RT3071),
268 RUN_DEV(RALINK, RT3072),
269 RUN_DEV(RALINK, RT3370),
270 RUN_DEV(RALINK, RT3572),
271 RUN_DEV(RALINK, RT3573),
272 RUN_DEV(RALINK, RT5370),
273 RUN_DEV(RALINK, RT5572),
274 RUN_DEV(RALINK, RT8070),
275 RUN_DEV(SAMSUNG, WIS09ABGN),
276 RUN_DEV(SAMSUNG2, RT2870_1),
277 RUN_DEV(SENAO, RT2870_1),
278 RUN_DEV(SENAO, RT2870_2),
279 RUN_DEV(SENAO, RT2870_3),
280 RUN_DEV(SENAO, RT2870_4),
281 RUN_DEV(SENAO, RT3070),
282 RUN_DEV(SENAO, RT3071),
283 RUN_DEV(SENAO, RT3072_1),
284 RUN_DEV(SENAO, RT3072_2),
285 RUN_DEV(SENAO, RT3072_3),
286 RUN_DEV(SENAO, RT3072_4),
287 RUN_DEV(SENAO, RT3072_5),
288 RUN_DEV(SITECOMEU, RT2770),
289 RUN_DEV(SITECOMEU, RT2870_1),
290 RUN_DEV(SITECOMEU, RT2870_2),
291 RUN_DEV(SITECOMEU, RT2870_3),
292 RUN_DEV(SITECOMEU, RT2870_4),
293 RUN_DEV(SITECOMEU, RT3070),
294 RUN_DEV(SITECOMEU, RT3070_2),
295 RUN_DEV(SITECOMEU, RT3070_3),
296 RUN_DEV(SITECOMEU, RT3070_4),
297 RUN_DEV(SITECOMEU, RT3071),
298 RUN_DEV(SITECOMEU, RT3072_1),
299 RUN_DEV(SITECOMEU, RT3072_2),
300 RUN_DEV(SITECOMEU, RT3072_3),
301 RUN_DEV(SITECOMEU, RT3072_4),
302 RUN_DEV(SITECOMEU, RT3072_5),
303 RUN_DEV(SITECOMEU, RT3072_6),
304 RUN_DEV(SITECOMEU, WL608),
305 RUN_DEV(SPARKLAN, RT2870_1),
306 RUN_DEV(SPARKLAN, RT3070),
307 RUN_DEV(SWEEX2, LW153),
308 RUN_DEV(SWEEX2, LW303),
309 RUN_DEV(SWEEX2, LW313),
310 RUN_DEV(TOSHIBA, RT3070),
311 RUN_DEV(UMEDIA, RT2870_1),
312 RUN_DEV(ZCOM, RT2870_1),
313 RUN_DEV(ZCOM, RT2870_2),
314 RUN_DEV(ZINWELL, RT2870_1),
315 RUN_DEV(ZINWELL, RT2870_2),
316 RUN_DEV(ZINWELL, RT3070),
317 RUN_DEV(ZINWELL, RT3072_1),
318 RUN_DEV(ZINWELL, RT3072_2),
319 RUN_DEV(ZYXEL, RT2870_1),
320 RUN_DEV(ZYXEL, RT2870_2),
321 RUN_DEV(ZYXEL, RT3070),
322 RUN_DEV_EJECT(ZYXEL, NWD2705),
323 RUN_DEV_EJECT(RALINK, RT_STOR),
324#undef RUN_DEV_EJECT
325#undef RUN_DEV
326};
327
328static device_probe_t run_match;
329static device_attach_t run_attach;
330static device_detach_t run_detach;
331
332static usb_callback_t run_bulk_rx_callback;
333static usb_callback_t run_bulk_tx_callback0;
334static usb_callback_t run_bulk_tx_callback1;
335static usb_callback_t run_bulk_tx_callback2;
336static usb_callback_t run_bulk_tx_callback3;
337static usb_callback_t run_bulk_tx_callback4;
338static usb_callback_t run_bulk_tx_callback5;
339
340static void run_autoinst(void *, struct usb_device *,
341 struct usb_attach_arg *);
342static int run_driver_loaded(struct module *, int, void *);
343static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
344 usb_error_t error, u_int index);
345static struct ieee80211vap *run_vap_create(struct ieee80211com *,
346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
347 const uint8_t [IEEE80211_ADDR_LEN],
348 const uint8_t [IEEE80211_ADDR_LEN]);
349static void run_vap_delete(struct ieee80211vap *);
350static void run_cmdq_cb(void *, int);
351static void run_setup_tx_list(struct run_softc *,
352 struct run_endpoint_queue *);
353static void run_unsetup_tx_list(struct run_softc *,
354 struct run_endpoint_queue *);
355static int run_load_microcode(struct run_softc *);
356static int run_reset(struct run_softc *);
357static usb_error_t run_do_request(struct run_softc *,
358 struct usb_device_request *, void *);
359static int run_read(struct run_softc *, uint16_t, uint32_t *);
360static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
361static int run_write_2(struct run_softc *, uint16_t, uint16_t);
362static int run_write(struct run_softc *, uint16_t, uint32_t);
363static int run_write_region_1(struct run_softc *, uint16_t,
364 const uint8_t *, int);
365static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
366static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
367static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
368static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
369static int run_rt2870_rf_write(struct run_softc *, uint32_t);
370static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
371static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
372static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
373static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
374static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
375static const char *run_get_rf(uint16_t);
376static void run_rt3593_get_txpower(struct run_softc *);
377static void run_get_txpower(struct run_softc *);
378static int run_read_eeprom(struct run_softc *);
379static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
380 const uint8_t mac[IEEE80211_ADDR_LEN]);
381static int run_media_change(struct ifnet *);
382static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
383static int run_wme_update(struct ieee80211com *);
384static void run_key_set_cb(void *);
385static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
386static void run_key_delete_cb(void *);
387static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
388static void run_ratectl_to(void *);
389static void run_ratectl_cb(void *, int);
390static void run_drain_fifo(void *);
391static void run_iter_func(void *, struct ieee80211_node *);
392static void run_newassoc_cb(void *);
393static void run_newassoc(struct ieee80211_node *, int);
394static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
395 const struct ieee80211_rx_stats *, int, int);
396static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
397static void run_tx_free(struct run_endpoint_queue *pq,
398 struct run_tx_data *, int);
399static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
400static int run_tx(struct run_softc *, struct mbuf *,
401 struct ieee80211_node *);
402static int run_tx_mgt(struct run_softc *, struct mbuf *,
403 struct ieee80211_node *);
404static int run_sendprot(struct run_softc *, const struct mbuf *,
405 struct ieee80211_node *, int, int);
406static int run_tx_param(struct run_softc *, struct mbuf *,
407 struct ieee80211_node *,
408 const struct ieee80211_bpf_params *);
409static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
410 const struct ieee80211_bpf_params *);
411static int run_transmit(struct ieee80211com *, struct mbuf *);
412static void run_start(struct run_softc *);
413static void run_parent(struct ieee80211com *);
414static void run_iq_calib(struct run_softc *, u_int);
415static void run_set_agc(struct run_softc *, uint8_t);
416static void run_select_chan_group(struct run_softc *, int);
417static void run_set_rx_antenna(struct run_softc *, int);
418static void run_rt2870_set_chan(struct run_softc *, u_int);
419static void run_rt3070_set_chan(struct run_softc *, u_int);
420static void run_rt3572_set_chan(struct run_softc *, u_int);
421static void run_rt3593_set_chan(struct run_softc *, u_int);
422static void run_rt5390_set_chan(struct run_softc *, u_int);
423static void run_rt5592_set_chan(struct run_softc *, u_int);
424static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
425static void run_set_channel(struct ieee80211com *);
426static void run_scan_start(struct ieee80211com *);
427static void run_scan_end(struct ieee80211com *);
428static void run_update_beacon(struct ieee80211vap *, int);
429static void run_update_beacon_cb(void *);
430static void run_updateprot(struct ieee80211com *);
431static void run_updateprot_cb(void *);
432static void run_usb_timeout_cb(void *);
433static void run_reset_livelock(struct run_softc *);
434static void run_enable_tsf_sync(struct run_softc *);
435static void run_enable_tsf(struct run_softc *);
436static void run_get_tsf(struct run_softc *, uint64_t *);
437static void run_enable_mrr(struct run_softc *);
438static void run_set_txpreamble(struct run_softc *);
439static void run_set_basicrates(struct run_softc *);
440static void run_set_leds(struct run_softc *, uint16_t);
441static void run_set_bssid(struct run_softc *, const uint8_t *);
442static void run_set_macaddr(struct run_softc *, const uint8_t *);
443static void run_updateslot(struct ieee80211com *);
444static void run_updateslot_cb(void *);
445static void run_update_mcast(struct ieee80211com *);
446static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
447static void run_update_promisc_locked(struct run_softc *);
448static void run_update_promisc(struct ieee80211com *);
449static void run_rt5390_bbp_init(struct run_softc *);
450static int run_bbp_init(struct run_softc *);
451static int run_rt3070_rf_init(struct run_softc *);
452static void run_rt3593_rf_init(struct run_softc *);
453static void run_rt5390_rf_init(struct run_softc *);
454static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
455 uint8_t *);
456static void run_rt3070_rf_setup(struct run_softc *);
457static void run_rt3593_rf_setup(struct run_softc *);
458static void run_rt5390_rf_setup(struct run_softc *);
459static int run_txrx_enable(struct run_softc *);
460static void run_adjust_freq_offset(struct run_softc *);
461static void run_init_locked(struct run_softc *);
462static void run_stop(void *);
463static void run_delay(struct run_softc *, u_int);
464
465static eventhandler_tag run_etag;
466
467static const struct rt2860_rate {
468 uint8_t rate;
469 uint8_t mcs;
470 enum ieee80211_phytype phy;
471 uint8_t ctl_ridx;
472 uint16_t sp_ack_dur;
473 uint16_t lp_ack_dur;
474} rt2860_rates[] = {
475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
487};
488
489static const struct {
490 uint16_t reg;
491 uint32_t val;
492} rt2870_def_mac[] = {
493 RT2870_DEF_MAC
494};
495
496static const struct {
497 uint8_t reg;
498 uint8_t val;
499} rt2860_def_bbp[] = {
500 RT2860_DEF_BBP
501},rt5390_def_bbp[] = {
502 RT5390_DEF_BBP
503},rt5592_def_bbp[] = {
504 RT5592_DEF_BBP
505};
506
507/*
508 * Default values for BBP register R196 for RT5592.
509 */
510static const uint8_t rt5592_bbp_r196[] = {
511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
519 0x2e, 0x36, 0x30, 0x6e
520};
521
522static const struct rfprog {
523 uint8_t chan;
524 uint32_t r1, r2, r3, r4;
525} rt2860_rf2850[] = {
526 RT2860_RF2850
527};
528
529struct {
530 uint8_t n, r, k;
531} rt3070_freqs[] = {
532 RT3070_RF3052
533};
534
535static const struct rt5592_freqs {
536 uint16_t n;
537 uint8_t k, m, r;
538} rt5592_freqs_20mhz[] = {
539 RT5592_RF5592_20MHZ
540},rt5592_freqs_40mhz[] = {
541 RT5592_RF5592_40MHZ
542};
543
544static const struct {
545 uint8_t reg;
546 uint8_t val;
547} rt3070_def_rf[] = {
548 RT3070_DEF_RF
549},rt3572_def_rf[] = {
550 RT3572_DEF_RF
551},rt3593_def_rf[] = {
552 RT3593_DEF_RF
553},rt5390_def_rf[] = {
554 RT5390_DEF_RF
555},rt5392_def_rf[] = {
556 RT5392_DEF_RF
557},rt5592_def_rf[] = {
558 RT5592_DEF_RF
559},rt5592_2ghz_def_rf[] = {
560 RT5592_2GHZ_DEF_RF
561},rt5592_5ghz_def_rf[] = {
562 RT5592_5GHZ_DEF_RF
563};
564
565static const struct {
566 u_int firstchan;
567 u_int lastchan;
568 uint8_t reg;
569 uint8_t val;
570} rt5592_chan_5ghz[] = {
571 RT5592_CHAN_5GHZ
572};
573
574static const struct usb_config run_config[RUN_N_XFER] = {
575 [RUN_BULK_TX_BE] = {
576 .type = UE_BULK,
577 .endpoint = UE_ADDR_ANY,
578 .ep_index = 0,
579 .direction = UE_DIR_OUT,
580 .bufsize = RUN_MAX_TXSZ,
581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
582 .callback = run_bulk_tx_callback0,
583 .timeout = 5000, /* ms */
584 },
585 [RUN_BULK_TX_BK] = {
586 .type = UE_BULK,
587 .endpoint = UE_ADDR_ANY,
588 .direction = UE_DIR_OUT,
589 .ep_index = 1,
590 .bufsize = RUN_MAX_TXSZ,
591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
592 .callback = run_bulk_tx_callback1,
593 .timeout = 5000, /* ms */
594 },
595 [RUN_BULK_TX_VI] = {
596 .type = UE_BULK,
597 .endpoint = UE_ADDR_ANY,
598 .direction = UE_DIR_OUT,
599 .ep_index = 2,
600 .bufsize = RUN_MAX_TXSZ,
601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
602 .callback = run_bulk_tx_callback2,
603 .timeout = 5000, /* ms */
604 },
605 [RUN_BULK_TX_VO] = {
606 .type = UE_BULK,
607 .endpoint = UE_ADDR_ANY,
608 .direction = UE_DIR_OUT,
609 .ep_index = 3,
610 .bufsize = RUN_MAX_TXSZ,
611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
612 .callback = run_bulk_tx_callback3,
613 .timeout = 5000, /* ms */
614 },
615 [RUN_BULK_TX_HCCA] = {
616 .type = UE_BULK,
617 .endpoint = UE_ADDR_ANY,
618 .direction = UE_DIR_OUT,
619 .ep_index = 4,
620 .bufsize = RUN_MAX_TXSZ,
621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
622 .callback = run_bulk_tx_callback4,
623 .timeout = 5000, /* ms */
624 },
625 [RUN_BULK_TX_PRIO] = {
626 .type = UE_BULK,
627 .endpoint = UE_ADDR_ANY,
628 .direction = UE_DIR_OUT,
629 .ep_index = 5,
630 .bufsize = RUN_MAX_TXSZ,
631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
632 .callback = run_bulk_tx_callback5,
633 .timeout = 5000, /* ms */
634 },
635 [RUN_BULK_RX] = {
636 .type = UE_BULK,
637 .endpoint = UE_ADDR_ANY,
638 .direction = UE_DIR_IN,
639 .bufsize = RUN_MAX_RXSZ,
640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
641 .callback = run_bulk_rx_callback,
642 }
643};
644
645static void
646run_autoinst(void *arg, struct usb_device *udev,
647 struct usb_attach_arg *uaa)
648{
649 struct usb_interface *iface;
650 struct usb_interface_descriptor *id;
651
652 if (uaa->dev_state != UAA_DEV_READY)
653 return;
654
655 iface = usbd_get_iface(udev, 0);
656 if (iface == NULL)
657 return;
658 id = iface->idesc;
659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
660 return;
661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
662 return;
663
664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
665 uaa->dev_state = UAA_DEV_EJECTING;
666}
667
668static int
669run_driver_loaded(struct module *mod, int what, void *arg)
670{
671 switch (what) {
672 case MOD_LOAD:
673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
675 break;
676 case MOD_UNLOAD:
677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
678 break;
679 default:
680 return (EOPNOTSUPP);
681 }
682 return (0);
683}
684
685static int
686run_match(device_t self)
687{
688 struct usb_attach_arg *uaa = device_get_ivars(self);
689
690 if (uaa->usb_mode != USB_MODE_HOST)
691 return (ENXIO);
692 if (uaa->info.bConfigIndex != 0)
693 return (ENXIO);
694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
695 return (ENXIO);
696
697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
698}
699
700static int
701run_attach(device_t self)
702{
703 struct run_softc *sc = device_get_softc(self);
704 struct usb_attach_arg *uaa = device_get_ivars(self);
705 struct ieee80211com *ic = &sc->sc_ic;
706 uint32_t ver;
707 uint8_t bands[IEEE80211_MODE_BYTES];
708 uint8_t iface_index;
709 int ntries, error;
710
711 device_set_usb_desc(self);
712 sc->sc_udev = uaa->device;
713 sc->sc_dev = self;
714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
716
717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
718 MTX_NETWORK_LOCK, MTX_DEF);
719 mbufq_init(&sc->sc_snd, ifqmaxlen);
720
721 iface_index = RT2860_IFACE_INDEX;
722
723 error = usbd_transfer_setup(uaa->device, &iface_index,
724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
725 if (error) {
726 device_printf(self, "could not allocate USB transfers, "
727 "err=%s\n", usbd_errstr(error));
728 goto detach;
729 }
730
731 RUN_LOCK(sc);
732
733 /* wait for the chip to settle */
734 for (ntries = 0; ntries < 100; ntries++) {
735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
736 RUN_UNLOCK(sc);
737 goto detach;
738 }
739 if (ver != 0 && ver != 0xffffffff)
740 break;
741 run_delay(sc, 10);
742 }
743 if (ntries == 100) {
744 device_printf(sc->sc_dev,
745 "timeout waiting for NIC to initialize\n");
746 RUN_UNLOCK(sc);
747 goto detach;
748 }
749 sc->mac_ver = ver >> 16;
750 sc->mac_rev = ver & 0xffff;
751
752 /* retrieve RF rev. no and various other things from EEPROM */
753 run_read_eeprom(sc);
754
755 device_printf(sc->sc_dev,
756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
759
760 RUN_UNLOCK(sc);
761
762 ic->ic_softc = sc;
763 ic->ic_name = device_get_nameunit(self);
764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
766
767 /* set device capabilities */
768 ic->ic_caps =
769 IEEE80211_C_STA | /* station mode supported */
770 IEEE80211_C_MONITOR | /* monitor mode supported */
771 IEEE80211_C_IBSS |
772 IEEE80211_C_HOSTAP |
773 IEEE80211_C_WDS | /* 4-address traffic works */
774 IEEE80211_C_MBSS |
775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
776 IEEE80211_C_SHSLOT | /* short slot time supported */
777 IEEE80211_C_WME | /* WME */
778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
779
780 ic->ic_cryptocaps =
781 IEEE80211_CRYPTO_WEP |
782 IEEE80211_CRYPTO_AES_CCM |
783 IEEE80211_CRYPTO_TKIPMIC |
784 IEEE80211_CRYPTO_TKIP;
785
786 ic->ic_flags |= IEEE80211_F_DATAPAD;
787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
788
789 memset(bands, 0, sizeof(bands));
790 setbit(bands, IEEE80211_MODE_11B);
791 setbit(bands, IEEE80211_MODE_11G);
792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
794 sc->rf_rev == RT5592_RF_5592)
795 setbit(bands, IEEE80211_MODE_11A);
796 ieee80211_init_channels(ic, NULL, bands);
797
798 ieee80211_ifattach(ic);
799
800 ic->ic_scan_start = run_scan_start;
801 ic->ic_scan_end = run_scan_end;
802 ic->ic_set_channel = run_set_channel;
803 ic->ic_node_alloc = run_node_alloc;
804 ic->ic_newassoc = run_newassoc;
805 ic->ic_updateslot = run_updateslot;
806 ic->ic_update_mcast = run_update_mcast;
807 ic->ic_wme.wme_update = run_wme_update;
808 ic->ic_raw_xmit = run_raw_xmit;
809 ic->ic_update_promisc = run_update_promisc;
810 ic->ic_vap_create = run_vap_create;
811 ic->ic_vap_delete = run_vap_delete;
812 ic->ic_transmit = run_transmit;
813 ic->ic_parent = run_parent;
814
815 ieee80211_radiotap_attach(ic,
816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
817 RUN_TX_RADIOTAP_PRESENT,
818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
819 RUN_RX_RADIOTAP_PRESENT);
820
821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
824
825 if (bootverbose)
826 ieee80211_announce(ic);
827
828 return (0);
829
830detach:
831 run_detach(self);
832 return (ENXIO);
833}
834
835static void
836run_drain_mbufq(struct run_softc *sc)
837{
838 struct mbuf *m;
839 struct ieee80211_node *ni;
840
841 RUN_LOCK_ASSERT(sc, MA_OWNED);
842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
844 m->m_pkthdr.rcvif = NULL;
845 ieee80211_free_node(ni);
846 m_freem(m);
847 }
848}
849
850static int
851run_detach(device_t self)
852{
853 struct run_softc *sc = device_get_softc(self);
854 struct ieee80211com *ic = &sc->sc_ic;
855 int i;
856
857 RUN_LOCK(sc);
858 sc->sc_detached = 1;
859 RUN_UNLOCK(sc);
860
861 /* stop all USB transfers */
862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
863
864 RUN_LOCK(sc);
865 sc->ratectl_run = RUN_RATECTL_OFF;
866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
867
868 /* free TX list, if any */
869 for (i = 0; i != RUN_EP_QUEUES; i++)
870 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
871
872 /* Free TX queue */
873 run_drain_mbufq(sc);
874 RUN_UNLOCK(sc);
875
876 if (sc->sc_ic.ic_softc == sc) {
877 /* drain tasks */
878 usb_callout_drain(&sc->ratectl_ch);
879 ieee80211_draintask(ic, &sc->cmdq_task);
880 ieee80211_draintask(ic, &sc->ratectl_task);
881 ieee80211_ifdetach(ic);
882 }
883
884 mtx_destroy(&sc->sc_mtx);
885
886 return (0);
887}
888
889static struct ieee80211vap *
890run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
891 enum ieee80211_opmode opmode, int flags,
892 const uint8_t bssid[IEEE80211_ADDR_LEN],
893 const uint8_t mac[IEEE80211_ADDR_LEN])
894{
895 struct run_softc *sc = ic->ic_softc;
896 struct run_vap *rvp;
897 struct ieee80211vap *vap;
898 int i;
899
900 if (sc->rvp_cnt >= RUN_VAP_MAX) {
901 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
902 return (NULL);
903 }
904
905 switch (opmode) {
906 case IEEE80211_M_STA:
907 /* enable s/w bmiss handling for sta mode */
908 flags |= IEEE80211_CLONE_NOBEACONS;
909 /* fall though */
910 case IEEE80211_M_IBSS:
911 case IEEE80211_M_MONITOR:
912 case IEEE80211_M_HOSTAP:
913 case IEEE80211_M_MBSS:
914 /* other than WDS vaps, only one at a time */
915 if (!TAILQ_EMPTY(&ic->ic_vaps))
916 return (NULL);
917 break;
918 case IEEE80211_M_WDS:
919 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
920 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
921 continue;
922 /* WDS vap's always share the local mac address. */
923 flags &= ~IEEE80211_CLONE_BSSID;
924 break;
925 }
926 if (vap == NULL) {
927 device_printf(sc->sc_dev,
928 "wds only supported in ap mode\n");
929 return (NULL);
930 }
931 break;
932 default:
933 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
934 return (NULL);
935 }
936
937 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
938 vap = &rvp->vap;
939
940 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
941 bssid) != 0) {
942 /* out of memory */
943 free(rvp, M_80211_VAP);
944 return (NULL);
945 }
946
947 vap->iv_update_beacon = run_update_beacon;
948 vap->iv_max_aid = RT2870_WCID_MAX;
949 /*
950 * To delete the right key from h/w, we need wcid.
951 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
952 * and matching wcid will be written into there. So, cast
953 * some spells to remove 'const' from ieee80211_key{}
954 */
955 vap->iv_key_delete = (void *)run_key_delete;
956 vap->iv_key_set = (void *)run_key_set;
957
958 /* override state transition machine */
959 rvp->newstate = vap->iv_newstate;
960 vap->iv_newstate = run_newstate;
961 if (opmode == IEEE80211_M_IBSS) {
962 rvp->recv_mgmt = vap->iv_recv_mgmt;
963 vap->iv_recv_mgmt = run_recv_mgmt;
964 }
965
966 ieee80211_ratectl_init(vap);
967 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
968
969 /* complete setup */
970 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
971 mac);
972
973 /* make sure id is always unique */
974 for (i = 0; i < RUN_VAP_MAX; i++) {
975 if((sc->rvp_bmap & 1 << i) == 0){
976 sc->rvp_bmap |= 1 << i;
977 rvp->rvp_id = i;
978 break;
979 }
980 }
981 if (sc->rvp_cnt++ == 0)
982 ic->ic_opmode = opmode;
983
984 if (opmode == IEEE80211_M_HOSTAP)
985 sc->cmdq_run = RUN_CMDQ_GO;
986
987 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
988 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
989
990 return (vap);
991}
992
993static void
994run_vap_delete(struct ieee80211vap *vap)
995{
996 struct run_vap *rvp = RUN_VAP(vap);
997 struct ieee80211com *ic;
998 struct run_softc *sc;
999 uint8_t rvp_id;
1000
1001 if (vap == NULL)
1002 return;
1003
1004 ic = vap->iv_ic;
1005 sc = ic->ic_softc;
1006
1007 RUN_LOCK(sc);
1008
1009 m_freem(rvp->beacon_mbuf);
1010 rvp->beacon_mbuf = NULL;
1011
1012 rvp_id = rvp->rvp_id;
1013 sc->ratectl_run &= ~(1 << rvp_id);
1014 sc->rvp_bmap &= ~(1 << rvp_id);
1015 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1016 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1017 --sc->rvp_cnt;
1018
1019 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1020 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1021
1022 RUN_UNLOCK(sc);
1023
1024 ieee80211_ratectl_deinit(vap);
1025 ieee80211_vap_detach(vap);
1026 free(rvp, M_80211_VAP);
1027}
1028
1029/*
1030 * There are numbers of functions need to be called in context thread.
1031 * Rather than creating taskqueue event for each of those functions,
1032 * here is all-for-one taskqueue callback function. This function
1033 * guarantees deferred functions are executed in the same order they
1034 * were enqueued.
1035 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1036 */
1037static void
1038run_cmdq_cb(void *arg, int pending)
1039{
1040 struct run_softc *sc = arg;
1041 uint8_t i;
1042
1043 /* call cmdq[].func locked */
1044 RUN_LOCK(sc);
1045 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1046 i = sc->cmdq_exec, pending--) {
1047 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1048 if (sc->cmdq_run == RUN_CMDQ_GO) {
1049 /*
1050 * If arg0 is NULL, callback func needs more
1051 * than one arg. So, pass ptr to cmdq struct.
1052 */
1053 if (sc->cmdq[i].arg0)
1054 sc->cmdq[i].func(sc->cmdq[i].arg0);
1055 else
1056 sc->cmdq[i].func(&sc->cmdq[i]);
1057 }
1058 sc->cmdq[i].arg0 = NULL;
1059 sc->cmdq[i].func = NULL;
1060 sc->cmdq_exec++;
1061 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1062 }
1063 RUN_UNLOCK(sc);
1064}
1065
1066static void
1067run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1068{
1069 struct run_tx_data *data;
1070
1071 memset(pq, 0, sizeof(*pq));
1072
1073 STAILQ_INIT(&pq->tx_qh);
1074 STAILQ_INIT(&pq->tx_fh);
1075
1076 for (data = &pq->tx_data[0];
1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1078 data->sc = sc;
1079 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1080 }
1081 pq->tx_nfree = RUN_TX_RING_COUNT;
1082}
1083
1084static void
1085run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1086{
1087 struct run_tx_data *data;
1088
1089 /* make sure any subsequent use of the queues will fail */
1090 pq->tx_nfree = 0;
1091 STAILQ_INIT(&pq->tx_fh);
1092 STAILQ_INIT(&pq->tx_qh);
1093
1094 /* free up all node references and mbufs */
1095 for (data = &pq->tx_data[0];
1096 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1097 if (data->m != NULL) {
1098 m_freem(data->m);
1099 data->m = NULL;
1100 }
1101 if (data->ni != NULL) {
1102 ieee80211_free_node(data->ni);
1103 data->ni = NULL;
1104 }
1105 }
1106}
1107
1108static int
1109run_load_microcode(struct run_softc *sc)
1110{
1111 usb_device_request_t req;
1112 const struct firmware *fw;
1113 const u_char *base;
1114 uint32_t tmp;
1115 int ntries, error;
1116 const uint64_t *temp;
1117 uint64_t bytes;
1118
1119 RUN_UNLOCK(sc);
1120 fw = firmware_get("runfw");
1121 RUN_LOCK(sc);
1122 if (fw == NULL) {
1123 device_printf(sc->sc_dev,
1124 "failed loadfirmware of file %s\n", "runfw");
1125 return ENOENT;
1126 }
1127
1128 if (fw->datasize != 8192) {
1129 device_printf(sc->sc_dev,
1130 "invalid firmware size (should be 8KB)\n");
1131 error = EINVAL;
1132 goto fail;
1133 }
1134
1135 /*
1136 * RT3071/RT3072 use a different firmware
1137 * run-rt2870 (8KB) contains both,
1138 * first half (4KB) is for rt2870,
1139 * last half is for rt3071.
1140 */
1141 base = fw->data;
1142 if ((sc->mac_ver) != 0x2860 &&
1143 (sc->mac_ver) != 0x2872 &&
1144 (sc->mac_ver) != 0x3070) {
1145 base += 4096;
1146 }
1147
1148 /* cheap sanity check */
1149 temp = fw->data;
1150 bytes = *temp;
1151 if (bytes != be64toh(0xffffff0210280210ULL)) {
1152 device_printf(sc->sc_dev, "firmware checksum failed\n");
1153 error = EINVAL;
1154 goto fail;
1155 }
1156
1157 /* write microcode image */
1158 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1159 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1160 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1161 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1162 }
1163
1164 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1165 req.bRequest = RT2870_RESET;
1166 USETW(req.wValue, 8);
1167 USETW(req.wIndex, 0);
1168 USETW(req.wLength, 0);
1169 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1170 != 0) {
1171 device_printf(sc->sc_dev, "firmware reset failed\n");
1172 goto fail;
1173 }
1174
1175 run_delay(sc, 10);
1176
1177 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1178 run_write(sc, RT2860_H2M_MAILBOX, 0);
1179 run_write(sc, RT2860_H2M_INTSRC, 0);
1180 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1181 goto fail;
1182
1183 /* wait until microcontroller is ready */
1184 for (ntries = 0; ntries < 1000; ntries++) {
1185 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1186 goto fail;
1187 if (tmp & RT2860_MCU_READY)
1188 break;
1189 run_delay(sc, 10);
1190 }
1191 if (ntries == 1000) {
1192 device_printf(sc->sc_dev,
1193 "timeout waiting for MCU to initialize\n");
1194 error = ETIMEDOUT;
1195 goto fail;
1196 }
1197 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1198 (base == fw->data) ? "RT2870" : "RT3071",
1199 *(base + 4092), *(base + 4093));
1200
1201fail:
1202 firmware_put(fw, FIRMWARE_UNLOAD);
1203 return (error);
1204}
1205
1206static int
1207run_reset(struct run_softc *sc)
1208{
1209 usb_device_request_t req;
1210
1211 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1212 req.bRequest = RT2870_RESET;
1213 USETW(req.wValue, 1);
1214 USETW(req.wIndex, 0);
1215 USETW(req.wLength, 0);
1216 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1217}
1218
1219static usb_error_t
1220run_do_request(struct run_softc *sc,
1221 struct usb_device_request *req, void *data)
1222{
1223 usb_error_t err;
1224 int ntries = 10;
1225
1226 RUN_LOCK_ASSERT(sc, MA_OWNED);
1227
1228 while (ntries--) {
1229 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1230 req, data, 0, NULL, 250 /* ms */);
1231 if (err == 0)
1232 break;
1233 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1234 usbd_errstr(err));
1235 run_delay(sc, 10);
1236 }
1237 return (err);
1238}
1239
1240static int
1241run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1242{
1243 uint32_t tmp;
1244 int error;
1245
1246 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1247 if (error == 0)
1248 *val = le32toh(tmp);
1249 else
1250 *val = 0xffffffff;
1251 return (error);
1252}
1253
1254static int
1255run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1256{
1257 usb_device_request_t req;
1258
1259 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1260 req.bRequest = RT2870_READ_REGION_1;
1261 USETW(req.wValue, 0);
1262 USETW(req.wIndex, reg);
1263 USETW(req.wLength, len);
1264
1265 return (run_do_request(sc, &req, buf));
1266}
1267
1268static int
1269run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1270{
1271 usb_device_request_t req;
1272
1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1274 req.bRequest = RT2870_WRITE_2;
1275 USETW(req.wValue, val);
1276 USETW(req.wIndex, reg);
1277 USETW(req.wLength, 0);
1278
1279 return (run_do_request(sc, &req, NULL));
1280}
1281
1282static int
1283run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1284{
1285 int error;
1286
1287 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1288 error = run_write_2(sc, reg + 2, val >> 16);
1289 return (error);
1290}
1291
1292static int
1293run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1294 int len)
1295{
1296#if 1
1297 int i, error = 0;
1298 /*
1299 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1300 * We thus issue multiple WRITE_2 commands instead.
1301 */
1302 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1303 for (i = 0; i < len && error == 0; i += 2)
1304 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1305 return (error);
1306#else
1307 usb_device_request_t req;
1308 int error = 0;
1309
1310 /*
1311 * NOTE: It appears the WRITE_REGION_1 command cannot be
1312 * passed a huge amount of data, which will crash the
1313 * firmware. Limit amount of data passed to 64-bytes at a
1314 * time.
1315 */
1316 while (len > 0) {
1317 int delta = 64;
1318 if (delta > len)
1319 delta = len;
1320
1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1322 req.bRequest = RT2870_WRITE_REGION_1;
1323 USETW(req.wValue, 0);
1324 USETW(req.wIndex, reg);
1325 USETW(req.wLength, delta);
1326 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1327 if (error != 0)
1328 break;
1329 reg += delta;
1330 buf += delta;
1331 len -= delta;
1332 }
1333 return (error);
1334#endif
1335}
1336
1337static int
1338run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1339{
1340 int i, error = 0;
1341
1342 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1343 for (i = 0; i < len && error == 0; i += 4)
1344 error = run_write(sc, reg + i, val);
1345 return (error);
1346}
1347
1348static int
1349run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1350{
1351 uint32_t tmp;
1352 uint16_t reg;
1353 int error, ntries;
1354
1355 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1356 return (error);
1357
1358 if (count == 2)
1359 addr *= 2;
1360 /*-
1361 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1362 * DATA0: F E D C
1363 * DATA1: B A 9 8
1364 * DATA2: 7 6 5 4
1365 * DATA3: 3 2 1 0
1366 */
1367 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1368 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1369 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1370 for (ntries = 0; ntries < 100; ntries++) {
1371 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1372 return (error);
1373 if (!(tmp & RT3070_EFSROM_KICK))
1374 break;
1375 run_delay(sc, 2);
1376 }
1377 if (ntries == 100)
1378 return (ETIMEDOUT);
1379
1380 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1381 *val = 0xffff; /* address not found */
1382 return (0);
1383 }
1384 /* determine to which 32-bit register our 16-bit word belongs */
1385 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1386 if ((error = run_read(sc, reg, &tmp)) != 0)
1387 return (error);
1388
1389 tmp >>= (8 * (addr & 0x3));
1390 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1391
1392 return (0);
1393}
1394
1395/* Read 16-bit from eFUSE ROM for RT3xxx. */
1396static int
1397run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1398{
1399 return (run_efuse_read(sc, addr, val, 2));
1400}
1401
1402static int
1403run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1404{
1405 usb_device_request_t req;
1406 uint16_t tmp;
1407 int error;
1408
1409 addr *= 2;
1410 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1411 req.bRequest = RT2870_EEPROM_READ;
1412 USETW(req.wValue, 0);
1413 USETW(req.wIndex, addr);
1414 USETW(req.wLength, sizeof(tmp));
1415
1416 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1417 if (error == 0)
1418 *val = le16toh(tmp);
1419 else
1420 *val = 0xffff;
1421 return (error);
1422}
1423
1424static __inline int
1425run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1426{
1427 /* either eFUSE ROM or EEPROM */
1428 return sc->sc_srom_read(sc, addr, val);
1429}
1430
1431static int
1432run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1433{
1434 uint32_t tmp;
1435 int error, ntries;
1436
1437 for (ntries = 0; ntries < 10; ntries++) {
1438 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1439 return (error);
1440 if (!(tmp & RT2860_RF_REG_CTRL))
1441 break;
1442 }
1443 if (ntries == 10)
1444 return (ETIMEDOUT);
1445
1446 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1447}
1448
1449static int
1450run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1451{
1452 uint32_t tmp;
1453 int error, ntries;
1454
1455 for (ntries = 0; ntries < 100; ntries++) {
1456 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1457 return (error);
1458 if (!(tmp & RT3070_RF_KICK))
1459 break;
1460 }
1461 if (ntries == 100)
1462 return (ETIMEDOUT);
1463
1464 tmp = RT3070_RF_KICK | reg << 8;
1465 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1466 return (error);
1467
1468 for (ntries = 0; ntries < 100; ntries++) {
1469 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1470 return (error);
1471 if (!(tmp & RT3070_RF_KICK))
1472 break;
1473 }
1474 if (ntries == 100)
1475 return (ETIMEDOUT);
1476
1477 *val = tmp & 0xff;
1478 return (0);
1479}
1480
1481static int
1482run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1483{
1484 uint32_t tmp;
1485 int error, ntries;
1486
1487 for (ntries = 0; ntries < 10; ntries++) {
1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1489 return (error);
1490 if (!(tmp & RT3070_RF_KICK))
1491 break;
1492 }
1493 if (ntries == 10)
1494 return (ETIMEDOUT);
1495
1496 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1497 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1498}
1499
1500static int
1501run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1502{
1503 uint32_t tmp;
1504 int ntries, error;
1505
1506 for (ntries = 0; ntries < 10; ntries++) {
1507 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1508 return (error);
1509 if (!(tmp & RT2860_BBP_CSR_KICK))
1510 break;
1511 }
1512 if (ntries == 10)
1513 return (ETIMEDOUT);
1514
1515 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1516 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1517 return (error);
1518
1519 for (ntries = 0; ntries < 10; ntries++) {
1520 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1521 return (error);
1522 if (!(tmp & RT2860_BBP_CSR_KICK))
1523 break;
1524 }
1525 if (ntries == 10)
1526 return (ETIMEDOUT);
1527
1528 *val = tmp & 0xff;
1529 return (0);
1530}
1531
1532static int
1533run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1534{
1535 uint32_t tmp;
1536 int ntries, error;
1537
1538 for (ntries = 0; ntries < 10; ntries++) {
1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1540 return (error);
1541 if (!(tmp & RT2860_BBP_CSR_KICK))
1542 break;
1543 }
1544 if (ntries == 10)
1545 return (ETIMEDOUT);
1546
1547 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1548 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1549}
1550
1551/*
1552 * Send a command to the 8051 microcontroller unit.
1553 */
1554static int
1555run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1556{
1557 uint32_t tmp;
1558 int error, ntries;
1559
1560 for (ntries = 0; ntries < 100; ntries++) {
1561 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1562 return error;
1563 if (!(tmp & RT2860_H2M_BUSY))
1564 break;
1565 }
1566 if (ntries == 100)
1567 return ETIMEDOUT;
1568
1569 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1570 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1571 error = run_write(sc, RT2860_HOST_CMD, cmd);
1572 return (error);
1573}
1574
1575/*
1576 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1577 * Used to adjust per-rate Tx power registers.
1578 */
1579static __inline uint32_t
1580b4inc(uint32_t b32, int8_t delta)
1581{
1582 int8_t i, b4;
1583
1584 for (i = 0; i < 8; i++) {
1585 b4 = b32 & 0xf;
1586 b4 += delta;
1587 if (b4 < 0)
1588 b4 = 0;
1589 else if (b4 > 0xf)
1590 b4 = 0xf;
1591 b32 = b32 >> 4 | b4 << 28;
1592 }
1593 return (b32);
1594}
1595
1596static const char *
1597run_get_rf(uint16_t rev)
1598{
1599 switch (rev) {
1600 case RT2860_RF_2820: return "RT2820";
1601 case RT2860_RF_2850: return "RT2850";
1602 case RT2860_RF_2720: return "RT2720";
1603 case RT2860_RF_2750: return "RT2750";
1604 case RT3070_RF_3020: return "RT3020";
1605 case RT3070_RF_2020: return "RT2020";
1606 case RT3070_RF_3021: return "RT3021";
1607 case RT3070_RF_3022: return "RT3022";
1608 case RT3070_RF_3052: return "RT3052";
1609 case RT3593_RF_3053: return "RT3053";
1610 case RT5592_RF_5592: return "RT5592";
1611 case RT5390_RF_5370: return "RT5370";
1612 case RT5390_RF_5372: return "RT5372";
1613 }
1614 return ("unknown");
1615}
1616
1617static void
1618run_rt3593_get_txpower(struct run_softc *sc)
1619{
1620 uint16_t addr, val;
1621 int i;
1622
1623 /* Read power settings for 2GHz channels. */
1624 for (i = 0; i < 14; i += 2) {
1625 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1626 RT2860_EEPROM_PWR2GHZ_BASE1;
1627 run_srom_read(sc, addr + i / 2, &val);
1628 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1629 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1630
1631 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1632 RT2860_EEPROM_PWR2GHZ_BASE2;
1633 run_srom_read(sc, addr + i / 2, &val);
1634 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1635 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1636
1637 if (sc->ntxchains == 3) {
1638 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1639 &val);
1640 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1641 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1642 }
1643 }
1644 /* Fix broken Tx power entries. */
1645 for (i = 0; i < 14; i++) {
1646 if (sc->txpow1[i] > 31)
1647 sc->txpow1[i] = 5;
1648 if (sc->txpow2[i] > 31)
1649 sc->txpow2[i] = 5;
1650 if (sc->ntxchains == 3) {
1651 if (sc->txpow3[i] > 31)
1652 sc->txpow3[i] = 5;
1653 }
1654 }
1655 /* Read power settings for 5GHz channels. */
1656 for (i = 0; i < 40; i += 2) {
1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1658 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1659 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1660
1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1662 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1663 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1664
1665 if (sc->ntxchains == 3) {
1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1667 &val);
1668 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1669 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1670 }
1671 }
1672}
1673
1674static void
1675run_get_txpower(struct run_softc *sc)
1676{
1677 uint16_t val;
1678 int i;
1679
1680 /* Read power settings for 2GHz channels. */
1681 for (i = 0; i < 14; i += 2) {
1682 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1683 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1684 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1685
1686 if (sc->mac_ver != 0x5390) {
1687 run_srom_read(sc,
1688 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1689 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1690 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1691 }
1692 }
1693 /* Fix broken Tx power entries. */
1694 for (i = 0; i < 14; i++) {
1695 if (sc->mac_ver >= 0x5390) {
1696 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1697 sc->txpow1[i] = 5;
1698 } else {
1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1700 sc->txpow1[i] = 5;
1701 }
1702 if (sc->mac_ver > 0x5390) {
1703 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1704 sc->txpow2[i] = 5;
1705 } else if (sc->mac_ver < 0x5390) {
1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1707 sc->txpow2[i] = 5;
1708 }
1709 DPRINTF("chan %d: power1=%d, power2=%d\n",
1710 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1711 }
1712 /* Read power settings for 5GHz channels. */
1713 for (i = 0; i < 40; i += 2) {
1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1715 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1716 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1717
1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1719 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1720 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1721 }
1722 /* Fix broken Tx power entries. */
1723 for (i = 0; i < 40; i++ ) {
1724 if (sc->mac_ver != 0x5592) {
1725 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1726 sc->txpow1[14 + i] = 5;
1727 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1728 sc->txpow2[14 + i] = 5;
1729 }
1730 DPRINTF("chan %d: power1=%d, power2=%d\n",
1731 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1732 sc->txpow2[14 + i]);
1733 }
1734}
1735
1736static int
1737run_read_eeprom(struct run_softc *sc)
1738{
1739 struct ieee80211com *ic = &sc->sc_ic;
1740 int8_t delta_2ghz, delta_5ghz;
1741 uint32_t tmp;
1742 uint16_t val;
1743 int ridx, ant, i;
1744
1745 /* check whether the ROM is eFUSE ROM or EEPROM */
1746 sc->sc_srom_read = run_eeprom_read_2;
1747 if (sc->mac_ver >= 0x3070) {
1748 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1749 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1750 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1751 sc->sc_srom_read = run_efuse_read_2;
1752 }
1753
1754 /* read ROM version */
1755 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1756 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1757
1758 /* read MAC address */
1759 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1760 ic->ic_macaddr[0] = val & 0xff;
1761 ic->ic_macaddr[1] = val >> 8;
1762 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1763 ic->ic_macaddr[2] = val & 0xff;
1764 ic->ic_macaddr[3] = val >> 8;
1765 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1766 ic->ic_macaddr[4] = val & 0xff;
1767 ic->ic_macaddr[5] = val >> 8;
1768
1769 if (sc->mac_ver < 0x3593) {
1770 /* read vender BBP settings */
1771 for (i = 0; i < 10; i++) {
1772 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1773 sc->bbp[i].val = val & 0xff;
1774 sc->bbp[i].reg = val >> 8;
1775 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1776 sc->bbp[i].val);
1777 }
1778 if (sc->mac_ver >= 0x3071) {
1779 /* read vendor RF settings */
1780 for (i = 0; i < 10; i++) {
1781 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1782 &val);
1783 sc->rf[i].val = val & 0xff;
1784 sc->rf[i].reg = val >> 8;
1785 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1786 sc->rf[i].val);
1787 }
1788 }
1789 }
1790
1791 /* read RF frequency offset from EEPROM */
1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1793 RT3593_EEPROM_FREQ, &val);
1794 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1795 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1796
1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1798 RT3593_EEPROM_FREQ_LEDS, &val);
1799 if (val >> 8 != 0xff) {
1800 /* read LEDs operating mode */
1801 sc->leds = val >> 8;
1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1803 RT3593_EEPROM_LED1, &sc->led[0]);
1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1805 RT3593_EEPROM_LED2, &sc->led[1]);
1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1807 RT3593_EEPROM_LED3, &sc->led[2]);
1808 } else {
1809 /* broken EEPROM, use default settings */
1810 sc->leds = 0x01;
1811 sc->led[0] = 0x5555;
1812 sc->led[1] = 0x2221;
1813 sc->led[2] = 0x5627; /* differs from RT2860 */
1814 }
1815 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1816 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1817
1818 /* read RF information */
1819 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1820 run_srom_read(sc, 0x00, &val);
1821 else
1822 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1823
1824 if (val == 0xffff) {
1825 device_printf(sc->sc_dev,
1826 "invalid EEPROM antenna info, using default\n");
1827 DPRINTF("invalid EEPROM antenna info, using default\n");
1828 if (sc->mac_ver == 0x3572) {
1829 /* default to RF3052 2T2R */
1830 sc->rf_rev = RT3070_RF_3052;
1831 sc->ntxchains = 2;
1832 sc->nrxchains = 2;
1833 } else if (sc->mac_ver >= 0x3070) {
1834 /* default to RF3020 1T1R */
1835 sc->rf_rev = RT3070_RF_3020;
1836 sc->ntxchains = 1;
1837 sc->nrxchains = 1;
1838 } else {
1839 /* default to RF2820 1T2R */
1840 sc->rf_rev = RT2860_RF_2820;
1841 sc->ntxchains = 1;
1842 sc->nrxchains = 2;
1843 }
1844 } else {
1845 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1846 sc->rf_rev = val;
1847 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1848 } else
1849 sc->rf_rev = (val >> 8) & 0xf;
1850 sc->ntxchains = (val >> 4) & 0xf;
1851 sc->nrxchains = val & 0xf;
1852 }
1853 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1854 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1855
1856 /* check if RF supports automatic Tx access gain control */
1857 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1858 DPRINTF("EEPROM CFG 0x%04x\n", val);
1859 /* check if driver should patch the DAC issue */
1860 if ((val >> 8) != 0xff)
1861 sc->patch_dac = (val >> 15) & 1;
1862 if ((val & 0xff) != 0xff) {
1863 sc->ext_5ghz_lna = (val >> 3) & 1;
1864 sc->ext_2ghz_lna = (val >> 2) & 1;
1865 /* check if RF supports automatic Tx access gain control */
1866 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1867 /* check if we have a hardware radio switch */
1868 sc->rfswitch = val & 1;
1869 }
1870
1871 /* Read Tx power settings. */
1872 if (sc->mac_ver == 0x3593)
1873 run_rt3593_get_txpower(sc);
1874 else
1875 run_get_txpower(sc);
1876
1877 /* read Tx power compensation for each Tx rate */
1878 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1879 delta_2ghz = delta_5ghz = 0;
1880 if ((val & 0xff) != 0xff && (val & 0x80)) {
1881 delta_2ghz = val & 0xf;
1882 if (!(val & 0x40)) /* negative number */
1883 delta_2ghz = -delta_2ghz;
1884 }
1885 val >>= 8;
1886 if ((val & 0xff) != 0xff && (val & 0x80)) {
1887 delta_5ghz = val & 0xf;
1888 if (!(val & 0x40)) /* negative number */
1889 delta_5ghz = -delta_5ghz;
1890 }
1891 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1892 delta_2ghz, delta_5ghz);
1893
1894 for (ridx = 0; ridx < 5; ridx++) {
1895 uint32_t reg;
1896
1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1898 reg = val;
1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1900 reg |= (uint32_t)val << 16;
1901
1902 sc->txpow20mhz[ridx] = reg;
1903 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1904 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1905
1906 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1907 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1908 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1909 }
1910
1911 /* Read RSSI offsets and LNA gains from EEPROM. */
1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1913 RT3593_EEPROM_RSSI1_2GHZ, &val);
1914 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1915 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1917 RT3593_EEPROM_RSSI2_2GHZ, &val);
1918 if (sc->mac_ver >= 0x3070) {
1919 if (sc->mac_ver == 0x3593) {
1920 sc->txmixgain_2ghz = 0;
1921 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1922 } else {
1923 /*
1924 * On RT3070 chips (limited to 2 Rx chains), this ROM
1925 * field contains the Tx mixer gain for the 2GHz band.
1926 */
1927 if ((val & 0xff) != 0xff)
1928 sc->txmixgain_2ghz = val & 0x7;
1929 }
1930 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1931 } else
1932 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1933 if (sc->mac_ver == 0x3593)
1934 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1935 sc->lna[2] = val >> 8; /* channel group 2 */
1936
1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1938 RT3593_EEPROM_RSSI1_5GHZ, &val);
1939 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1940 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1942 RT3593_EEPROM_RSSI2_5GHZ, &val);
1943 if (sc->mac_ver == 0x3572) {
1944 /*
1945 * On RT3572 chips (limited to 2 Rx chains), this ROM
1946 * field contains the Tx mixer gain for the 5GHz band.
1947 */
1948 if ((val & 0xff) != 0xff)
1949 sc->txmixgain_5ghz = val & 0x7;
1950 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1951 } else
1952 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1953 if (sc->mac_ver == 0x3593) {
1954 sc->txmixgain_5ghz = 0;
1955 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1956 }
1957 sc->lna[3] = val >> 8; /* channel group 3 */
1958
1959 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1960 RT3593_EEPROM_LNA, &val);
1961 sc->lna[0] = val & 0xff; /* channel group 0 */
1962 sc->lna[1] = val >> 8; /* channel group 1 */
1963
1964 /* fix broken 5GHz LNA entries */
1965 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1966 DPRINTF("invalid LNA for channel group %d\n", 2);
1967 sc->lna[2] = sc->lna[1];
1968 }
1969 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1970 DPRINTF("invalid LNA for channel group %d\n", 3);
1971 sc->lna[3] = sc->lna[1];
1972 }
1973
1974 /* fix broken RSSI offset entries */
1975 for (ant = 0; ant < 3; ant++) {
1976 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1977 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1978 ant + 1, sc->rssi_2ghz[ant]);
1979 sc->rssi_2ghz[ant] = 0;
1980 }
1981 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1982 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1983 ant + 1, sc->rssi_5ghz[ant]);
1984 sc->rssi_5ghz[ant] = 0;
1985 }
1986 }
1987 return (0);
1988}
1989
1990static struct ieee80211_node *
1991run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1992{
1993 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
1994}
1995
1996static int
1997run_media_change(struct ifnet *ifp)
1998{
1999 struct ieee80211vap *vap = ifp->if_softc;
2000 struct ieee80211com *ic = vap->iv_ic;
2001 const struct ieee80211_txparam *tp;
2002 struct run_softc *sc = ic->ic_softc;
2003 uint8_t rate, ridx;
2004 int error;
2005
2006 RUN_LOCK(sc);
2007
2008 error = ieee80211_media_change(ifp);
2009 if (error != ENETRESET) {
2010 RUN_UNLOCK(sc);
2011 return (error);
2012 }
2013
2014 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2015 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2016 struct ieee80211_node *ni;
2017 struct run_node *rn;
2018
2019 rate = ic->ic_sup_rates[ic->ic_curmode].
2020 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2021 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2022 if (rt2860_rates[ridx].rate == rate)
2023 break;
2024 ni = ieee80211_ref_node(vap->iv_bss);
2025 rn = RUN_NODE(ni);
2026 rn->fix_ridx = ridx;
2027 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2028 ieee80211_free_node(ni);
2029 }
2030
2031#if 0
2032 if ((ifp->if_flags & IFF_UP) &&
2033 (ifp->if_drv_flags & RUN_RUNNING)){
2034 run_init_locked(sc);
2035 }
2036#endif
2037
2038 RUN_UNLOCK(sc);
2039
2040 return (0);
2041}
2042
2043static int
2044run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2045{
2046 const struct ieee80211_txparam *tp;
2047 struct ieee80211com *ic = vap->iv_ic;
2048 struct run_softc *sc = ic->ic_softc;
2049 struct run_vap *rvp = RUN_VAP(vap);
2050 enum ieee80211_state ostate;
2051 uint32_t sta[3];
2052 uint32_t tmp;
2053 uint8_t ratectl;
2054 uint8_t restart_ratectl = 0;
2055 uint8_t bid = 1 << rvp->rvp_id;
2056
2057 ostate = vap->iv_state;
2058 DPRINTF("%s -> %s\n",
2059 ieee80211_state_name[ostate],
2060 ieee80211_state_name[nstate]);
2061
2062 IEEE80211_UNLOCK(ic);
2063 RUN_LOCK(sc);
2064
2065 ratectl = sc->ratectl_run; /* remember current state */
2066 sc->ratectl_run = RUN_RATECTL_OFF;
2067 usb_callout_stop(&sc->ratectl_ch);
2068
2069 if (ostate == IEEE80211_S_RUN) {
2070 /* turn link LED off */
2071 run_set_leds(sc, RT2860_LED_RADIO);
2072 }
2073
2074 switch (nstate) {
2075 case IEEE80211_S_INIT:
2076 restart_ratectl = 1;
2077
2078 if (ostate != IEEE80211_S_RUN)
2079 break;
2080
2081 ratectl &= ~bid;
2082 sc->runbmap &= ~bid;
2083
2084 /* abort TSF synchronization if there is no vap running */
2085 if (--sc->running == 0) {
2086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2087 run_write(sc, RT2860_BCN_TIME_CFG,
2088 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2089 RT2860_TBTT_TIMER_EN));
2090 }
2091 break;
2092
2093 case IEEE80211_S_RUN:
2094 if (!(sc->runbmap & bid)) {
2095 if(sc->running++)
2096 restart_ratectl = 1;
2097 sc->runbmap |= bid;
2098 }
2099
2100 m_freem(rvp->beacon_mbuf);
2101 rvp->beacon_mbuf = NULL;
2102
2103 switch (vap->iv_opmode) {
2104 case IEEE80211_M_HOSTAP:
2105 case IEEE80211_M_MBSS:
2106 sc->ap_running |= bid;
2107 ic->ic_opmode = vap->iv_opmode;
2108 run_update_beacon_cb(vap);
2109 break;
2110 case IEEE80211_M_IBSS:
2111 sc->adhoc_running |= bid;
2112 if (!sc->ap_running)
2113 ic->ic_opmode = vap->iv_opmode;
2114 run_update_beacon_cb(vap);
2115 break;
2116 case IEEE80211_M_STA:
2117 sc->sta_running |= bid;
2118 if (!sc->ap_running && !sc->adhoc_running)
2119 ic->ic_opmode = vap->iv_opmode;
2120
2121 /* read statistic counters (clear on read) */
2122 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2123 (uint8_t *)sta, sizeof sta);
2124
2125 break;
2126 default:
2127 ic->ic_opmode = vap->iv_opmode;
2128 break;
2129 }
2130
2131 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2132 struct ieee80211_node *ni;
2133
2134 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2135 RUN_UNLOCK(sc);
2136 IEEE80211_LOCK(ic);
2137 return (-1);
2138 }
2139 run_updateslot(ic);
2140 run_enable_mrr(sc);
2141 run_set_txpreamble(sc);
2142 run_set_basicrates(sc);
2143 ni = ieee80211_ref_node(vap->iv_bss);
2144 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2145 run_set_bssid(sc, sc->sc_bssid);
2146 ieee80211_free_node(ni);
2147 run_enable_tsf_sync(sc);
2148
2149 /* enable automatic rate adaptation */
2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2152 ratectl |= bid;
2153 } else
2154 run_enable_tsf(sc);
2155
2156 /* turn link LED on */
2157 run_set_leds(sc, RT2860_LED_RADIO |
2158 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2159 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2160
2161 break;
2162 default:
2163 DPRINTFN(6, "undefined case\n");
2164 break;
2165 }
2166
2167 /* restart amrr for running VAPs */
2168 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2169 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2170
2171 RUN_UNLOCK(sc);
2172 IEEE80211_LOCK(ic);
2173
2174 return(rvp->newstate(vap, nstate, arg));
2175}
2176
2177static int
2178run_wme_update(struct ieee80211com *ic)
2179{
2180 struct run_softc *sc = ic->ic_softc;
2181 const struct wmeParams *ac =
2182 ic->ic_wme.wme_chanParams.cap_wmeParams;
2183 int aci, error = 0;
2184
2185 /* update MAC TX configuration registers */
2186 RUN_LOCK(sc);
2187 for (aci = 0; aci < WME_NUM_AC; aci++) {
2188 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2189 ac[aci].wmep_logcwmax << 16 |
2190 ac[aci].wmep_logcwmin << 12 |
2191 ac[aci].wmep_aifsn << 8 |
2192 ac[aci].wmep_txopLimit);
2193 if (error) goto err;
2194 }
2195
2196 /* update SCH/DMA registers too */
2197 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2198 ac[WME_AC_VO].wmep_aifsn << 12 |
2199 ac[WME_AC_VI].wmep_aifsn << 8 |
2200 ac[WME_AC_BK].wmep_aifsn << 4 |
2201 ac[WME_AC_BE].wmep_aifsn);
2202 if (error) goto err;
2203 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2204 ac[WME_AC_VO].wmep_logcwmin << 12 |
2205 ac[WME_AC_VI].wmep_logcwmin << 8 |
2206 ac[WME_AC_BK].wmep_logcwmin << 4 |
2207 ac[WME_AC_BE].wmep_logcwmin);
2208 if (error) goto err;
2209 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2210 ac[WME_AC_VO].wmep_logcwmax << 12 |
2211 ac[WME_AC_VI].wmep_logcwmax << 8 |
2212 ac[WME_AC_BK].wmep_logcwmax << 4 |
2213 ac[WME_AC_BE].wmep_logcwmax);
2214 if (error) goto err;
2215 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2216 ac[WME_AC_BK].wmep_txopLimit << 16 |
2217 ac[WME_AC_BE].wmep_txopLimit);
2218 if (error) goto err;
2219 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2220 ac[WME_AC_VO].wmep_txopLimit << 16 |
2221 ac[WME_AC_VI].wmep_txopLimit);
2222
2223err:
2224 RUN_UNLOCK(sc);
2225 if (error)
2226 DPRINTF("WME update failed\n");
2227
2228 return (error);
2229}
2230
2231static void
2232run_key_set_cb(void *arg)
2233{
2234 struct run_cmdq *cmdq = arg;
2235 struct ieee80211vap *vap = cmdq->arg1;
2236 struct ieee80211_key *k = cmdq->k;
2237 struct ieee80211com *ic = vap->iv_ic;
2238 struct run_softc *sc = ic->ic_softc;
2239 struct ieee80211_node *ni;
2240 u_int cipher = k->wk_cipher->ic_cipher;
2241 uint32_t attr;
2242 uint16_t base, associd;
2243 uint8_t mode, wcid, iv[8];
2244
2245 RUN_LOCK_ASSERT(sc, MA_OWNED);
2246
2247 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2248 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2249 else
2250 ni = vap->iv_bss;
2251 associd = (ni != NULL) ? ni->ni_associd : 0;
2252
2253 /* map net80211 cipher to RT2860 security mode */
2254 switch (cipher) {
2255 case IEEE80211_CIPHER_WEP:
2256 if(k->wk_keylen < 8)
2257 mode = RT2860_MODE_WEP40;
2258 else
2259 mode = RT2860_MODE_WEP104;
2260 break;
2261 case IEEE80211_CIPHER_TKIP:
2262 mode = RT2860_MODE_TKIP;
2263 break;
2264 case IEEE80211_CIPHER_AES_CCM:
2265 mode = RT2860_MODE_AES_CCMP;
2266 break;
2267 default:
2268 DPRINTF("undefined case\n");
2269 return;
2270 }
2271
2272 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2273 associd, k->wk_keyix, mode,
2274 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2275 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2276 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2277
2278 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2279 wcid = 0; /* NB: update WCID0 for group keys */
2280 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2281 } else {
2282 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2283 1 : RUN_AID2WCID(associd);
2284 base = RT2860_PKEY(wcid);
2285 }
2286
2287 if (cipher == IEEE80211_CIPHER_TKIP) {
2288 if(run_write_region_1(sc, base, k->wk_key, 16))
2289 return;
2290 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2291 return;
2292 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2293 return;
2294 } else {
2295 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2296 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2297 return;
2298 }
2299
2300 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2301 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2302 /* set initial packet number in IV+EIV */
2303 if (cipher == IEEE80211_CIPHER_WEP) {
2304 memset(iv, 0, sizeof iv);
2305 iv[3] = vap->iv_def_txkey << 6;
2306 } else {
2307 if (cipher == IEEE80211_CIPHER_TKIP) {
2308 iv[0] = k->wk_keytsc >> 8;
2309 iv[1] = (iv[0] | 0x20) & 0x7f;
2310 iv[2] = k->wk_keytsc;
2311 } else /* CCMP */ {
2312 iv[0] = k->wk_keytsc;
2313 iv[1] = k->wk_keytsc >> 8;
2314 iv[2] = 0;
2315 }
2316 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2317 iv[4] = k->wk_keytsc >> 16;
2318 iv[5] = k->wk_keytsc >> 24;
2319 iv[6] = k->wk_keytsc >> 32;
2320 iv[7] = k->wk_keytsc >> 40;
2321 }
2322 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2323 return;
2324 }
2325
2326 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2327 /* install group key */
2328 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2329 return;
2330 attr &= ~(0xf << (k->wk_keyix * 4));
2331 attr |= mode << (k->wk_keyix * 4);
2332 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2333 return;
2334 } else {
2335 /* install pairwise key */
2336 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2337 return;
2338 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2339 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2340 return;
2341 }
2342
2343 /* TODO create a pass-thru key entry? */
2344
2345 /* need wcid to delete the right key later */
2346 k->wk_pad = wcid;
2347}
2348
2349/*
2350 * Don't have to be deferred, but in order to keep order of
2351 * execution, i.e. with run_key_delete(), defer this and let
2352 * run_cmdq_cb() maintain the order.
2353 *
2354 * return 0 on error
2355 */
2356static int
2357run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2358{
2359 struct ieee80211com *ic = vap->iv_ic;
2360 struct run_softc *sc = ic->ic_softc;
2361 uint32_t i;
2362
2363 i = RUN_CMDQ_GET(&sc->cmdq_store);
2364 DPRINTF("cmdq_store=%d\n", i);
2365 sc->cmdq[i].func = run_key_set_cb;
2366 sc->cmdq[i].arg0 = NULL;
2367 sc->cmdq[i].arg1 = vap;
2368 sc->cmdq[i].k = k;
2369 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2370 ieee80211_runtask(ic, &sc->cmdq_task);
2371
2372 /*
2373 * To make sure key will be set when hostapd
2374 * calls iv_key_set() before if_init().
2375 */
2376 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2377 RUN_LOCK(sc);
2378 sc->cmdq_key_set = RUN_CMDQ_GO;
2379 RUN_UNLOCK(sc);
2380 }
2381
2382 return (1);
2383}
2384
2385/*
2386 * If wlan is destroyed without being brought down i.e. without
2387 * wlan down or wpa_cli terminate, this function is called after
2388 * vap is gone. Don't refer it.
2389 */
2390static void
2391run_key_delete_cb(void *arg)
2392{
2393 struct run_cmdq *cmdq = arg;
2394 struct run_softc *sc = cmdq->arg1;
2395 struct ieee80211_key *k = &cmdq->key;
2396 uint32_t attr;
2397 uint8_t wcid;
2398
2399 RUN_LOCK_ASSERT(sc, MA_OWNED);
2400
2401 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2402 /* remove group key */
2403 DPRINTF("removing group key\n");
2404 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2405 attr &= ~(0xf << (k->wk_keyix * 4));
2406 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2407 } else {
2408 /* remove pairwise key */
2409 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2410 /* matching wcid was written to wk_pad in run_key_set() */
2411 wcid = k->wk_pad;
2412 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2413 attr &= ~0xf;
2414 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2415 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2416 }
2417
2418 k->wk_pad = 0;
2419}
2420
2421/*
2422 * return 0 on error
2423 */
2424static int
2425run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2426{
2427 struct ieee80211com *ic = vap->iv_ic;
2428 struct run_softc *sc = ic->ic_softc;
2429 struct ieee80211_key *k0;
2430 uint32_t i;
2431
2432 /*
2433 * When called back, key might be gone. So, make a copy
2434 * of some values need to delete keys before deferring.
2435 * But, because of LOR with node lock, cannot use lock here.
2436 * So, use atomic instead.
2437 */
2438 i = RUN_CMDQ_GET(&sc->cmdq_store);
2439 DPRINTF("cmdq_store=%d\n", i);
2440 sc->cmdq[i].func = run_key_delete_cb;
2441 sc->cmdq[i].arg0 = NULL;
2442 sc->cmdq[i].arg1 = sc;
2443 k0 = &sc->cmdq[i].key;
2444 k0->wk_flags = k->wk_flags;
2445 k0->wk_keyix = k->wk_keyix;
2446 /* matching wcid was written to wk_pad in run_key_set() */
2447 k0->wk_pad = k->wk_pad;
2448 ieee80211_runtask(ic, &sc->cmdq_task);
2449 return (1); /* return fake success */
2450
2451}
2452
2453static void
2454run_ratectl_to(void *arg)
2455{
2456 struct run_softc *sc = arg;
2457
2458 /* do it in a process context, so it can go sleep */
2459 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2460 /* next timeout will be rescheduled in the callback task */
2461}
2462
2463/* ARGSUSED */
2464static void
2465run_ratectl_cb(void *arg, int pending)
2466{
2467 struct run_softc *sc = arg;
2468 struct ieee80211com *ic = &sc->sc_ic;
2469 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2470
2471 if (vap == NULL)
2472 return;
2473
2474 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2475 /*
2476 * run_reset_livelock() doesn't do anything with AMRR,
2477 * but Ralink wants us to call it every 1 sec. So, we
2478 * piggyback here rather than creating another callout.
2479 * Livelock may occur only in HOSTAP or IBSS mode
2480 * (when h/w is sending beacons).
2481 */
2482 RUN_LOCK(sc);
2483 run_reset_livelock(sc);
2484 /* just in case, there are some stats to drain */
2485 run_drain_fifo(sc);
2486 RUN_UNLOCK(sc);
2487 }
2488
2489 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2490
2491 RUN_LOCK(sc);
2492 if(sc->ratectl_run != RUN_RATECTL_OFF)
2493 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2494 RUN_UNLOCK(sc);
2495}
2496
2497static void
2498run_drain_fifo(void *arg)
2499{
2500 struct run_softc *sc = arg;
2501 uint32_t stat;
2502 uint16_t (*wstat)[3];
2503 uint8_t wcid, mcs, pid;
2504 int8_t retry;
2505
2506 RUN_LOCK_ASSERT(sc, MA_OWNED);
2507
2508 for (;;) {
2509 /* drain Tx status FIFO (maxsize = 16) */
2510 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2511 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2512 if (!(stat & RT2860_TXQ_VLD))
2513 break;
2514
2515 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2516
2517 /* if no ACK was requested, no feedback is available */
2518 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2519 wcid == 0)
2520 continue;
2521
2522 /*
2523 * Even though each stat is Tx-complete-status like format,
2524 * the device can poll stats. Because there is no guarantee
2525 * that the referring node is still around when read the stats.
2526 * So that, if we use ieee80211_ratectl_tx_update(), we will
2527 * have hard time not to refer already freed node.
2528 *
2529 * To eliminate such page faults, we poll stats in softc.
2530 * Then, update the rates later with ieee80211_ratectl_tx_update().
2531 */
2532 wstat = &(sc->wcid_stats[wcid]);
2533 (*wstat)[RUN_TXCNT]++;
2534 if (stat & RT2860_TXQ_OK)
2535 (*wstat)[RUN_SUCCESS]++;
2536 else
2537 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2538 /*
2539 * Check if there were retries, ie if the Tx success rate is
2540 * different from the requested rate. Note that it works only
2541 * because we do not allow rate fallback from OFDM to CCK.
2542 */
2543 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2544 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2545 if ((retry = pid -1 - mcs) > 0) {
2546 (*wstat)[RUN_TXCNT] += retry;
2547 (*wstat)[RUN_RETRY] += retry;
2548 }
2549 }
2550 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2551
2552 sc->fifo_cnt = 0;
2553}
2554
2555static void
2556run_iter_func(void *arg, struct ieee80211_node *ni)
2557{
2558 struct run_softc *sc = arg;
2559 struct ieee80211vap *vap = ni->ni_vap;
2560 struct run_node *rn = RUN_NODE(ni);
2561 union run_stats sta[2];
2562 uint16_t (*wstat)[3];
2563 int txcnt, success, retrycnt, error;
2564
2565 RUN_LOCK(sc);
2566
2567 /* Check for special case */
2568 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2569 ni != vap->iv_bss)
2570 goto fail;
2571
2572 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2573 vap->iv_opmode == IEEE80211_M_STA)) {
2574 /* read statistic counters (clear on read) and update AMRR state */
2575 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2576 sizeof sta);
2577 if (error != 0)
2578 goto fail;
2579
2580 /* count failed TX as errors */
2581 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2582 le16toh(sta[0].error.fail));
2583
2584 retrycnt = le16toh(sta[1].tx.retry);
2585 success = le16toh(sta[1].tx.success);
2586 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2587
2588 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2589 retrycnt, success, le16toh(sta[0].error.fail));
2590 } else {
2591 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2592
2593 if (wstat == &(sc->wcid_stats[0]) ||
2594 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2595 goto fail;
2596
2597 txcnt = (*wstat)[RUN_TXCNT];
2598 success = (*wstat)[RUN_SUCCESS];
2599 retrycnt = (*wstat)[RUN_RETRY];
2600 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2601 retrycnt, txcnt, success);
2602
2603 memset(wstat, 0, sizeof(*wstat));
2604 }
2605
2606 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2607 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2608
2609fail:
2610 RUN_UNLOCK(sc);
2611
2612 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2613}
2614
2615static void
2616run_newassoc_cb(void *arg)
2617{
2618 struct run_cmdq *cmdq = arg;
2619 struct ieee80211_node *ni = cmdq->arg1;
2620 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2621 uint8_t wcid = cmdq->wcid;
2622
2623 RUN_LOCK_ASSERT(sc, MA_OWNED);
2624
2625 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2626 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2627
2628 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2629}
2630
2631static void
2632run_newassoc(struct ieee80211_node *ni, int isnew)
2633{
2634 struct run_node *rn = RUN_NODE(ni);
2635 struct ieee80211_rateset *rs = &ni->ni_rates;
2636 struct ieee80211vap *vap = ni->ni_vap;
2637 struct ieee80211com *ic = vap->iv_ic;
2638 struct run_softc *sc = ic->ic_softc;
2639 uint8_t rate;
2640 uint8_t ridx;
2641 uint8_t wcid;
2642 int i, j;
2643
2644 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2645 1 : RUN_AID2WCID(ni->ni_associd);
2646
2647 if (wcid > RT2870_WCID_MAX) {
2648 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2649 return;
2650 }
2651
2652 /* only interested in true associations */
2653 if (isnew && ni->ni_associd != 0) {
2654
2655 /*
2656 * This function could is called though timeout function.
2657 * Need to defer.
2658 */
2659 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2660 DPRINTF("cmdq_store=%d\n", cnt);
2661 sc->cmdq[cnt].func = run_newassoc_cb;
2662 sc->cmdq[cnt].arg0 = NULL;
2663 sc->cmdq[cnt].arg1 = ni;
2664 sc->cmdq[cnt].wcid = wcid;
2665 ieee80211_runtask(ic, &sc->cmdq_task);
2666 }
2667
2668 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2669 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2670
2671 for (i = 0; i < rs->rs_nrates; i++) {
2672 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2673 /* convert 802.11 rate to hardware rate index */
2674 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2675 if (rt2860_rates[ridx].rate == rate)
2676 break;
2677 rn->ridx[i] = ridx;
2678 /* determine rate of control response frames */
2679 for (j = i; j >= 0; j--) {
2680 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2681 rt2860_rates[rn->ridx[i]].phy ==
2682 rt2860_rates[rn->ridx[j]].phy)
2683 break;
2684 }
2685 if (j >= 0) {
2686 rn->ctl_ridx[i] = rn->ridx[j];
2687 } else {
2688 /* no basic rate found, use mandatory one */
2689 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2690 }
2691 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2692 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2693 }
2694 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2695 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2696 if (rt2860_rates[ridx].rate == rate)
2697 break;
2698 rn->mgt_ridx = ridx;
2699 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2700
2701 RUN_LOCK(sc);
2702 if(sc->ratectl_run != RUN_RATECTL_OFF)
2703 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2704 RUN_UNLOCK(sc);
2705}
2706
2707/*
2708 * Return the Rx chain with the highest RSSI for a given frame.
2709 */
2710static __inline uint8_t
2711run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2712{
2713 uint8_t rxchain = 0;
2714
2715 if (sc->nrxchains > 1) {
2716 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2717 rxchain = 1;
2718 if (sc->nrxchains > 2)
2719 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2720 rxchain = 2;
2721 }
2722 return (rxchain);
2723}
2724
2725static void
2726run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2727 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2728{
2729 struct ieee80211vap *vap = ni->ni_vap;
2730 struct run_softc *sc = vap->iv_ic->ic_softc;
2731 struct run_vap *rvp = RUN_VAP(vap);
2732 uint64_t ni_tstamp, rx_tstamp;
2733
2734 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2735
2736 if (vap->iv_state == IEEE80211_S_RUN &&
2737 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2738 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2739 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2740 RUN_LOCK(sc);
2741 run_get_tsf(sc, &rx_tstamp);
2742 RUN_UNLOCK(sc);
2743 rx_tstamp = le64toh(rx_tstamp);
2744
2745 if (ni_tstamp >= rx_tstamp) {
2746 DPRINTF("ibss merge, tsf %ju tstamp %ju\n",
2747 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2748 (void) ieee80211_ibss_merge(ni);
2749 }
2750 }
2751}
2752
2753static void
2754run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2755{
2756 struct ieee80211com *ic = &sc->sc_ic;
2757 struct ieee80211_frame *wh;
2758 struct ieee80211_node *ni;
2759 struct rt2870_rxd *rxd;
2760 struct rt2860_rxwi *rxwi;
2761 uint32_t flags;
2762 uint16_t len, rxwisize;
2763 uint8_t ant, rssi;
2764 int8_t nf;
2765
2766 rxwi = mtod(m, struct rt2860_rxwi *);
2767 len = le16toh(rxwi->len) & 0xfff;
2768 rxwisize = sizeof(struct rt2860_rxwi);
2769 if (sc->mac_ver == 0x5592)
2770 rxwisize += sizeof(uint64_t);
2771 else if (sc->mac_ver == 0x3593)
2772 rxwisize += sizeof(uint32_t);
2773 if (__predict_false(len > dmalen)) {
2774 m_freem(m);
2775 counter_u64_add(ic->ic_ierrors, 1);
2776 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2777 return;
2778 }
2779 /* Rx descriptor is located at the end */
2780 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2781 flags = le32toh(rxd->flags);
2782
2783 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2784 m_freem(m);
2785 counter_u64_add(ic->ic_ierrors, 1);
2786 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2787 return;
2788 }
2789
2790 m->m_data += rxwisize;
2791 m->m_pkthdr.len = m->m_len -= rxwisize;
2792
2793 wh = mtod(m, struct ieee80211_frame *);
2794
2795 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2796 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2797 m->m_flags |= M_WEP;
2798 }
2799
2800 if (flags & RT2860_RX_L2PAD) {
2801 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2802 len += 2;
2803 }
2804
2805 ni = ieee80211_find_rxnode(ic,
2806 mtod(m, struct ieee80211_frame_min *));
2807
2808 if (__predict_false(flags & RT2860_RX_MICERR)) {
2809 /* report MIC failures to net80211 for TKIP */
2810 if (ni != NULL)
2811 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2812 rxwi->keyidx);
2813 m_freem(m);
2814 counter_u64_add(ic->ic_ierrors, 1);
2815 DPRINTF("MIC error. Someone is lying.\n");
2816 return;
2817 }
2818
2819 ant = run_maxrssi_chain(sc, rxwi);
2820 rssi = rxwi->rssi[ant];
2821 nf = run_rssi2dbm(sc, rssi, ant);
2822
2823 m->m_pkthdr.len = m->m_len = len;
2824
2825 if (__predict_false(ieee80211_radiotap_active(ic))) {
2826 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2827 uint16_t phy;
2828
2829 tap->wr_flags = 0;
2830 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2831 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2832 tap->wr_antsignal = rssi;
2833 tap->wr_antenna = ant;
2834 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2835 tap->wr_rate = 2; /* in case it can't be found below */
2836 run_get_tsf(sc, &tap->wr_tsf);
2837 phy = le16toh(rxwi->phy);
2838 switch (phy & RT2860_PHY_MODE) {
2839 case RT2860_PHY_CCK:
2840 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2841 case 0: tap->wr_rate = 2; break;
2842 case 1: tap->wr_rate = 4; break;
2843 case 2: tap->wr_rate = 11; break;
2844 case 3: tap->wr_rate = 22; break;
2845 }
2846 if (phy & RT2860_PHY_SHPRE)
2847 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2848 break;
2849 case RT2860_PHY_OFDM:
2850 switch (phy & RT2860_PHY_MCS) {
2851 case 0: tap->wr_rate = 12; break;
2852 case 1: tap->wr_rate = 18; break;
2853 case 2: tap->wr_rate = 24; break;
2854 case 3: tap->wr_rate = 36; break;
2855 case 4: tap->wr_rate = 48; break;
2856 case 5: tap->wr_rate = 72; break;
2857 case 6: tap->wr_rate = 96; break;
2858 case 7: tap->wr_rate = 108; break;
2859 }
2860 break;
2861 }
2862 }
2863
2864 if (ni != NULL) {
2865 (void)ieee80211_input(ni, m, rssi, nf);
2866 ieee80211_free_node(ni);
2867 } else {
2868 (void)ieee80211_input_all(ic, m, rssi, nf);
2869 }
2870}
2871
2872static void
2873run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2874{
2875 struct run_softc *sc = usbd_xfer_softc(xfer);
2876 struct ieee80211com *ic = &sc->sc_ic;
2877 struct mbuf *m = NULL;
2878 struct mbuf *m0;
2879 uint32_t dmalen;
2880 uint16_t rxwisize;
2881 int xferlen;
2882
2883 rxwisize = sizeof(struct rt2860_rxwi);
2884 if (sc->mac_ver == 0x5592)
2885 rxwisize += sizeof(uint64_t);
2886 else if (sc->mac_ver == 0x3593)
2887 rxwisize += sizeof(uint32_t);
2888
2889 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2890
2891 switch (USB_GET_STATE(xfer)) {
2892 case USB_ST_TRANSFERRED:
2893
2894 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2895
2896 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2897 sizeof(struct rt2870_rxd))) {
2898 DPRINTF("xfer too short %d\n", xferlen);
2899 goto tr_setup;
2900 }
2901
2902 m = sc->rx_m;
2903 sc->rx_m = NULL;
2904
2905 /* FALLTHROUGH */
2906 case USB_ST_SETUP:
2907tr_setup:
2908 if (sc->rx_m == NULL) {
2909 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2910 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2911 }
2912 if (sc->rx_m == NULL) {
2913 DPRINTF("could not allocate mbuf - idle with stall\n");
2914 counter_u64_add(ic->ic_ierrors, 1);
2915 usbd_xfer_set_stall(xfer);
2916 usbd_xfer_set_frames(xfer, 0);
2917 } else {
2918 /*
2919 * Directly loading a mbuf cluster into DMA to
2920 * save some data copying. This works because
2921 * there is only one cluster.
2922 */
2923 usbd_xfer_set_frame_data(xfer, 0,
2924 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2925 usbd_xfer_set_frames(xfer, 1);
2926 }
2927 usbd_transfer_submit(xfer);
2928 break;
2929
2930 default: /* Error */
2931 if (error != USB_ERR_CANCELLED) {
2932 /* try to clear stall first */
2933 usbd_xfer_set_stall(xfer);
2934 if (error == USB_ERR_TIMEOUT)
2935 device_printf(sc->sc_dev, "device timeout\n");
2936 counter_u64_add(ic->ic_ierrors, 1);
2937 goto tr_setup;
2938 }
2939 if (sc->rx_m != NULL) {
2940 m_freem(sc->rx_m);
2941 sc->rx_m = NULL;
2942 }
2943 break;
2944 }
2945
2946 if (m == NULL)
2947 return;
2948
2949 /* inputting all the frames must be last */
2950
2951 RUN_UNLOCK(sc);
2952
2953 m->m_pkthdr.len = m->m_len = xferlen;
2954
2955 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2956 for(;;) {
2957 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2958
2959 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2960 ((dmalen & 3) != 0)) {
2961 DPRINTF("bad DMA length %u\n", dmalen);
2962 break;
2963 }
2964 if ((dmalen + 8) > (uint32_t)xferlen) {
2965 DPRINTF("bad DMA length %u > %d\n",
2966 dmalen + 8, xferlen);
2967 break;
2968 }
2969
2970 /* If it is the last one or a single frame, we won't copy. */
2971 if ((xferlen -= dmalen + 8) <= 8) {
2972 /* trim 32-bit DMA-len header */
2973 m->m_data += 4;
2974 m->m_pkthdr.len = m->m_len -= 4;
2975 run_rx_frame(sc, m, dmalen);
2976 m = NULL; /* don't free source buffer */
2977 break;
2978 }
2979
2980 /* copy aggregated frames to another mbuf */
2981 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
2982 if (__predict_false(m0 == NULL)) {
2983 DPRINTF("could not allocate mbuf\n");
2984 counter_u64_add(ic->ic_ierrors, 1);
2985 break;
2986 }
2987 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
2988 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
2989 m0->m_pkthdr.len = m0->m_len =
2990 dmalen + sizeof(struct rt2870_rxd);
2991 run_rx_frame(sc, m0, dmalen);
2992
2993 /* update data ptr */
2994 m->m_data += dmalen + 8;
2995 m->m_pkthdr.len = m->m_len -= dmalen + 8;
2996 }
2997
2998 /* make sure we free the source buffer, if any */
2999 m_freem(m);
3000
3001 RUN_LOCK(sc);
3002}
3003
3004static void
3005run_tx_free(struct run_endpoint_queue *pq,
3006 struct run_tx_data *data, int txerr)
3007{
3008
3009 ieee80211_tx_complete(data->ni, data->m, txerr);
3010
3011 data->m = NULL;
3012 data->ni = NULL;
3013
3014 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3015 pq->tx_nfree++;
3016}
3017
3018static void
3019run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3020{
3021 struct run_softc *sc = usbd_xfer_softc(xfer);
3022 struct ieee80211com *ic = &sc->sc_ic;
3023 struct run_tx_data *data;
3024 struct ieee80211vap *vap = NULL;
3025 struct usb_page_cache *pc;
3026 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3027 struct mbuf *m;
3028 usb_frlength_t size;
3029 int actlen;
3030 int sumlen;
3031
3032 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3033
3034 switch (USB_GET_STATE(xfer)) {
3035 case USB_ST_TRANSFERRED:
3036 DPRINTFN(11, "transfer complete: %d "
3037 "bytes @ index %d\n", actlen, index);
3038
3039 data = usbd_xfer_get_priv(xfer);
3040 run_tx_free(pq, data, 0);
3041 usbd_xfer_set_priv(xfer, NULL);
3042
3043 /* FALLTHROUGH */
3044 case USB_ST_SETUP:
3045tr_setup:
3046 data = STAILQ_FIRST(&pq->tx_qh);
3047 if (data == NULL)
3048 break;
3049
3050 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3051
3052 m = data->m;
3053 size = (sc->mac_ver == 0x5592) ?
3054 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3055 if ((m->m_pkthdr.len +
3056 size + 3 + 8) > RUN_MAX_TXSZ) {
3057 DPRINTF("data overflow, %u bytes\n",
3058 m->m_pkthdr.len);
3059 run_tx_free(pq, data, 1);
3060 goto tr_setup;
3061 }
3062
3063 pc = usbd_xfer_get_frame(xfer, 0);
3064 usbd_copy_in(pc, 0, &data->desc, size);
3065 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3066 size += m->m_pkthdr.len;
3067 /*
3068 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3069 * 4-byte padding), and be sure to zero those trailing
3070 * bytes:
3071 */
3072 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3073 size += ((-size) & 3) + 8;
3074
3075 vap = data->ni->ni_vap;
3076 if (ieee80211_radiotap_active_vap(vap)) {
3077 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3078 struct rt2860_txwi *txwi =
3079 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3080 tap->wt_flags = 0;
3081 tap->wt_rate = rt2860_rates[data->ridx].rate;
3082 run_get_tsf(sc, &tap->wt_tsf);
3083 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3084 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3085 tap->wt_hwqueue = index;
3086 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3087 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3088
3089 ieee80211_radiotap_tx(vap, m);
3090 }
3091
3092 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3093 m->m_pkthdr.len, size, index);
3094
3095 usbd_xfer_set_frame_len(xfer, 0, size);
3096 usbd_xfer_set_priv(xfer, data);
3097 usbd_transfer_submit(xfer);
3098 run_start(sc);
3099
3100 break;
3101
3102 default:
3103 DPRINTF("USB transfer error, %s\n",
3104 usbd_errstr(error));
3105
3106 data = usbd_xfer_get_priv(xfer);
3107
3108 if (data != NULL) {
3109 if(data->ni != NULL)
3110 vap = data->ni->ni_vap;
3111 run_tx_free(pq, data, error);
3112 usbd_xfer_set_priv(xfer, NULL);
3113 }
3114
3115 if (vap == NULL)
3116 vap = TAILQ_FIRST(&ic->ic_vaps);
3117
3118 if (error != USB_ERR_CANCELLED) {
3119 if (error == USB_ERR_TIMEOUT) {
3120 device_printf(sc->sc_dev, "device timeout\n");
3121 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3122 DPRINTF("cmdq_store=%d\n", i);
3123 sc->cmdq[i].func = run_usb_timeout_cb;
3124 sc->cmdq[i].arg0 = vap;
3125 ieee80211_runtask(ic, &sc->cmdq_task);
3126 }
3127
3128 /*
3129 * Try to clear stall first, also if other
3130 * errors occur, hence clearing stall
3131 * introduces a 50 ms delay:
3132 */
3133 usbd_xfer_set_stall(xfer);
3134 goto tr_setup;
3135 }
3136 break;
3137 }
3138}
3139
3140static void
3141run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3142{
3143 run_bulk_tx_callbackN(xfer, error, 0);
3144}
3145
3146static void
3147run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3148{
3149 run_bulk_tx_callbackN(xfer, error, 1);
3150}
3151
3152static void
3153run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3154{
3155 run_bulk_tx_callbackN(xfer, error, 2);
3156}
3157
3158static void
3159run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3160{
3161 run_bulk_tx_callbackN(xfer, error, 3);
3162}
3163
3164static void
3165run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3166{
3167 run_bulk_tx_callbackN(xfer, error, 4);
3168}
3169
3170static void
3171run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3172{
3173 run_bulk_tx_callbackN(xfer, error, 5);
3174}
3175
3176static void
3177run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3178{
3179 struct mbuf *m = data->m;
3180 struct ieee80211com *ic = &sc->sc_ic;
3181 struct ieee80211vap *vap = data->ni->ni_vap;
3182 struct ieee80211_frame *wh;
3183 struct rt2870_txd *txd;
3184 struct rt2860_txwi *txwi;
3185 uint16_t xferlen, txwisize;
3186 uint16_t mcs;
3187 uint8_t ridx = data->ridx;
3188 uint8_t pad;
3189
3190 /* get MCS code from rate index */
3191 mcs = rt2860_rates[ridx].mcs;
3192
3193 txwisize = (sc->mac_ver == 0x5592) ?
3194 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3195 xferlen = txwisize + m->m_pkthdr.len;
3196
3197 /* roundup to 32-bit alignment */
3198 xferlen = (xferlen + 3) & ~3;
3199
3200 txd = (struct rt2870_txd *)&data->desc;
3201 txd->len = htole16(xferlen);
3202
3203 wh = mtod(m, struct ieee80211_frame *);
3204
3205 /*
3206 * Ether both are true or both are false, the header
3207 * are nicely aligned to 32-bit. So, no L2 padding.
3208 */
3209 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3210 pad = 0;
3211 else
3212 pad = 2;
3213
3214 /* setup TX Wireless Information */
3215 txwi = (struct rt2860_txwi *)(txd + 1);
3216 txwi->len = htole16(m->m_pkthdr.len - pad);
3217 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3218 mcs |= RT2860_PHY_CCK;
3219 if (ridx != RT2860_RIDX_CCK1 &&
3220 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3221 mcs |= RT2860_PHY_SHPRE;
3222 } else
3223 mcs |= RT2860_PHY_OFDM;
3224 txwi->phy = htole16(mcs);
3225
3226 /* check if RTS/CTS or CTS-to-self protection is required */
3227 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3228 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3229 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3230 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3231 txwi->txop |= RT2860_TX_TXOP_HT;
3232 else
3233 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3234
3235 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3236 txwi->xflags |= RT2860_TX_NSEQ;
3237}
3238
3239/* This function must be called locked */
3240static int
3241run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3242{
3243 struct ieee80211com *ic = &sc->sc_ic;
3244 struct ieee80211vap *vap = ni->ni_vap;
3245 struct ieee80211_frame *wh;
3246 struct ieee80211_channel *chan;
3247 const struct ieee80211_txparam *tp;
3248 struct run_node *rn = RUN_NODE(ni);
3249 struct run_tx_data *data;
3250 struct rt2870_txd *txd;
3251 struct rt2860_txwi *txwi;
3252 uint16_t qos;
3253 uint16_t dur;
3254 uint16_t qid;
3255 uint8_t type;
3256 uint8_t tid;
3257 uint8_t ridx;
3258 uint8_t ctl_ridx;
3259 uint8_t qflags;
3260 uint8_t xflags = 0;
3261 int hasqos;
3262
3263 RUN_LOCK_ASSERT(sc, MA_OWNED);
3264
3265 wh = mtod(m, struct ieee80211_frame *);
3266
3267 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3268
3269 /*
3270 * There are 7 bulk endpoints: 1 for RX
3271 * and 6 for TX (4 EDCAs + HCCA + Prio).
3272 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3273 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3274 */
3275 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3276 uint8_t *frm;
3277
3278 if(IEEE80211_HAS_ADDR4(wh))
3279 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3280 else
3281 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3282
3283 qos = le16toh(*(const uint16_t *)frm);
3284 tid = qos & IEEE80211_QOS_TID;
3285 qid = TID_TO_WME_AC(tid);
3286 } else {
3287 qos = 0;
3288 tid = 0;
3289 qid = WME_AC_BE;
3290 }
3291 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3292
3293 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3294 qos, qid, tid, qflags);
3295
3296 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3297 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3298
3299 /* pickup a rate index */
3300 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3301 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3302 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3303 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3304 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3305 } else {
3306 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3307 ridx = rn->fix_ridx;
3308 else
3309 ridx = rn->amrr_ridx;
3310 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3311 }
3312
3313 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3314 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3315 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3316 xflags |= RT2860_TX_ACK;
3317 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3318 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3319 else
3320 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3321 USETW(wh->i_dur, dur);
3322 }
3323
3324 /* reserve slots for mgmt packets, just in case */
3325 if (sc->sc_epq[qid].tx_nfree < 3) {
3326 DPRINTFN(10, "tx ring %d is full\n", qid);
3327 return (-1);
3328 }
3329
3330 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3331 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3332 sc->sc_epq[qid].tx_nfree--;
3333
3334 txd = (struct rt2870_txd *)&data->desc;
3335 txd->flags = qflags;
3336 txwi = (struct rt2860_txwi *)(txd + 1);
3337 txwi->xflags = xflags;
3338 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3339 txwi->wcid = 0;
3340 else
3341 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3342 1 : RUN_AID2WCID(ni->ni_associd);
3343
3344 /* clear leftover garbage bits */
3345 txwi->flags = 0;
3346 txwi->txop = 0;
3347
3348 data->m = m;
3349 data->ni = ni;
3350 data->ridx = ridx;
3351
3352 run_set_tx_desc(sc, data);
3353
3354 /*
3355 * The chip keeps track of 2 kind of Tx stats,
3356 * * TX_STAT_FIFO, for per WCID stats, and
3357 * * TX_STA_CNT0 for all-TX-in-one stats.
3358 *
3359 * To use FIFO stats, we need to store MCS into the driver-private
3360 * PacketID field. So that, we can tell whose stats when we read them.
3361 * We add 1 to the MCS because setting the PacketID field to 0 means
3362 * that we don't want feedback in TX_STAT_FIFO.
3363 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3364 *
3365 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3366 */
3367 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3368 vap->iv_opmode == IEEE80211_M_MBSS) {
3369 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3370 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3371
3372 /*
3373 * Unlike PCI based devices, we don't get any interrupt from
3374 * USB devices, so we simulate FIFO-is-full interrupt here.
3375 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3376 * quickly get fulled. To prevent overflow, increment a counter on
3377 * every FIFO stat request, so we know how many slots are left.
3378 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3379 * are used only in those modes.
3380 * We just drain stats. AMRR gets updated every 1 sec by
3381 * run_ratectl_cb() via callout.
3382 * Call it early. Otherwise overflow.
3383 */
3384 if (sc->fifo_cnt++ == 10) {
3385 /*
3386 * With multiple vaps or if_bridge, if_start() is called
3387 * with a non-sleepable lock, tcpinp. So, need to defer.
3388 */
3389 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3390 DPRINTFN(6, "cmdq_store=%d\n", i);
3391 sc->cmdq[i].func = run_drain_fifo;
3392 sc->cmdq[i].arg0 = sc;
3393 ieee80211_runtask(ic, &sc->cmdq_task);
3394 }
3395 }
3396
3397 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3398
3399 usbd_transfer_start(sc->sc_xfer[qid]);
3400
3401 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3402 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3403 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3404
3405 return (0);
3406}
3407
3408static int
3409run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3410{
3411 struct ieee80211com *ic = &sc->sc_ic;
3412 struct run_node *rn = RUN_NODE(ni);
3413 struct run_tx_data *data;
3414 struct ieee80211_frame *wh;
3415 struct rt2870_txd *txd;
3416 struct rt2860_txwi *txwi;
3417 uint16_t dur;
3418 uint8_t ridx = rn->mgt_ridx;
3419 uint8_t type;
3420 uint8_t xflags = 0;
3421 uint8_t wflags = 0;
3422
3423 RUN_LOCK_ASSERT(sc, MA_OWNED);
3424
3425 wh = mtod(m, struct ieee80211_frame *);
3426
3427 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3428
3429 /* tell hardware to add timestamp for probe responses */
3430 if ((wh->i_fc[0] &
3431 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3432 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3433 wflags |= RT2860_TX_TS;
3434 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3435 xflags |= RT2860_TX_ACK;
3436
3437 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3438 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3439 USETW(wh->i_dur, dur);
3440 }
3441
3442 if (sc->sc_epq[0].tx_nfree == 0)
3443 /* let caller free mbuf */
3444 return (EIO);
3445 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3446 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3447 sc->sc_epq[0].tx_nfree--;
3448
3449 txd = (struct rt2870_txd *)&data->desc;
3450 txd->flags = RT2860_TX_QSEL_EDCA;
3451 txwi = (struct rt2860_txwi *)(txd + 1);
3452 txwi->wcid = 0xff;
3453 txwi->flags = wflags;
3454 txwi->xflags = xflags;
3455 txwi->txop = 0; /* clear leftover garbage bits */
3456
3457 data->m = m;
3458 data->ni = ni;
3459 data->ridx = ridx;
3460
3461 run_set_tx_desc(sc, data);
3462
3463 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3464 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3465 rt2860_rates[ridx].rate);
3466
3467 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3468
3469 usbd_transfer_start(sc->sc_xfer[0]);
3470
3471 return (0);
3472}
3473
3474static int
3475run_sendprot(struct run_softc *sc,
3476 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3477{
3478 struct ieee80211com *ic = ni->ni_ic;
3479 struct ieee80211_frame *wh;
3480 struct run_tx_data *data;
3481 struct rt2870_txd *txd;
3482 struct rt2860_txwi *txwi;
3483 struct mbuf *mprot;
3484 int ridx;
3485 int protrate;
3486 int ackrate;
3487 int pktlen;
3488 int isshort;
3489 uint16_t dur;
3490 uint8_t type;
3491 uint8_t wflags = 0;
3492 uint8_t xflags = 0;
3493
3494 RUN_LOCK_ASSERT(sc, MA_OWNED);
3495
3496 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3497 ("protection %d", prot));
3498
3499 wh = mtod(m, struct ieee80211_frame *);
3500 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3501 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3502
3503 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3504 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3505
3506 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3507 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3508 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3509 wflags = RT2860_TX_FRAG;
3510
3511 /* check that there are free slots before allocating the mbuf */
3512 if (sc->sc_epq[0].tx_nfree == 0)
3513 /* let caller free mbuf */
3514 return (ENOBUFS);
3515
3516 if (prot == IEEE80211_PROT_RTSCTS) {
3517 /* NB: CTS is the same size as an ACK */
3518 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3519 xflags |= RT2860_TX_ACK;
3520 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3521 } else {
3522 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3523 }
3524 if (mprot == NULL) {
3525 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3526 DPRINTF("could not allocate mbuf\n");
3527 return (ENOBUFS);
3528 }
3529
3530 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3531 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3532 sc->sc_epq[0].tx_nfree--;
3533
3534 txd = (struct rt2870_txd *)&data->desc;
3535 txd->flags = RT2860_TX_QSEL_EDCA;
3536 txwi = (struct rt2860_txwi *)(txd + 1);
3537 txwi->wcid = 0xff;
3538 txwi->flags = wflags;
3539 txwi->xflags = xflags;
3540 txwi->txop = 0; /* clear leftover garbage bits */
3541
3542 data->m = mprot;
3543 data->ni = ieee80211_ref_node(ni);
3544
3545 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3546 if (rt2860_rates[ridx].rate == protrate)
3547 break;
3548 data->ridx = ridx;
3549
3550 run_set_tx_desc(sc, data);
3551
3552 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3553 m->m_pkthdr.len, rate);
3554
3555 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3556
3557 usbd_transfer_start(sc->sc_xfer[0]);
3558
3559 return (0);
3560}
3561
3562static int
3563run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3564 const struct ieee80211_bpf_params *params)
3565{
3566 struct ieee80211com *ic = ni->ni_ic;
3567 struct ieee80211_frame *wh;
3568 struct run_tx_data *data;
3569 struct rt2870_txd *txd;
3570 struct rt2860_txwi *txwi;
3571 uint8_t type;
3572 uint8_t ridx;
3573 uint8_t rate;
3574 uint8_t opflags = 0;
3575 uint8_t xflags = 0;
3576 int error;
3577
3578 RUN_LOCK_ASSERT(sc, MA_OWNED);
3579
3580 KASSERT(params != NULL, ("no raw xmit params"));
3581
3582 wh = mtod(m, struct ieee80211_frame *);
3583 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3584
3585 rate = params->ibp_rate0;
3586 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3587 /* let caller free mbuf */
3588 return (EINVAL);
3589 }
3590
3591 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3592 xflags |= RT2860_TX_ACK;
3593 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3594 error = run_sendprot(sc, m, ni,
3595 params->ibp_flags & IEEE80211_BPF_RTS ?
3596 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3597 rate);
3598 if (error) {
3599 /* let caller free mbuf */
3600 return error;
3601 }
3602 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3603 }
3604
3605 if (sc->sc_epq[0].tx_nfree == 0) {
3606 /* let caller free mbuf */
3607 DPRINTF("sending raw frame, but tx ring is full\n");
3608 return (EIO);
3609 }
3610 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3611 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3612 sc->sc_epq[0].tx_nfree--;
3613
3614 txd = (struct rt2870_txd *)&data->desc;
3615 txd->flags = RT2860_TX_QSEL_EDCA;
3616 txwi = (struct rt2860_txwi *)(txd + 1);
3617 txwi->wcid = 0xff;
3618 txwi->xflags = xflags;
3619 txwi->txop = opflags;
3620 txwi->flags = 0; /* clear leftover garbage bits */
3621
3622 data->m = m;
3623 data->ni = ni;
3624 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3625 if (rt2860_rates[ridx].rate == rate)
3626 break;
3627 data->ridx = ridx;
3628
3629 run_set_tx_desc(sc, data);
3630
3631 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3632 m->m_pkthdr.len, rate);
3633
3634 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3635
3636 usbd_transfer_start(sc->sc_xfer[0]);
3637
3638 return (0);
3639}
3640
3641static int
3642run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3643 const struct ieee80211_bpf_params *params)
3644{
3645 struct run_softc *sc = ni->ni_ic->ic_softc;
3646 int error = 0;
3647
3648 RUN_LOCK(sc);
3649
3650 /* prevent management frames from being sent if we're not ready */
3651 if (!(sc->sc_flags & RUN_RUNNING)) {
3652 error = ENETDOWN;
3653 goto done;
3654 }
3655
3656 if (params == NULL) {
3657 /* tx mgt packet */
3658 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3659 DPRINTF("mgt tx failed\n");
3660 goto done;
3661 }
3662 } else {
3663 /* tx raw packet with param */
3664 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3665 DPRINTF("tx with param failed\n");
3666 goto done;
3667 }
3668 }
3669
3670done:
3671 RUN_UNLOCK(sc);
3672
3673 if (error != 0) {
3674 if(m != NULL)
3675 m_freem(m);
3676 }
3677
3678 return (error);
3679}
3680
3681static int
3682run_transmit(struct ieee80211com *ic, struct mbuf *m)
3683{
3684 struct run_softc *sc = ic->ic_softc;
3685 int error;
3686
3687 RUN_LOCK(sc);
3688 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3689 RUN_UNLOCK(sc);
3690 return (ENXIO);
3691 }
3692 error = mbufq_enqueue(&sc->sc_snd, m);
3693 if (error) {
3694 RUN_UNLOCK(sc);
3695 return (error);
3696 }
3697 run_start(sc);
3698 RUN_UNLOCK(sc);
3699
3700 return (0);
3701}
3702
3703static void
3704run_start(struct run_softc *sc)
3705{
3706 struct ieee80211_node *ni;
3707 struct mbuf *m;
3708
3709 RUN_LOCK_ASSERT(sc, MA_OWNED);
3710
3711 if ((sc->sc_flags & RUN_RUNNING) == 0)
3712 return;
3713
3714 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3715 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3716 if (run_tx(sc, m, ni) != 0) {
3717 mbufq_prepend(&sc->sc_snd, m);
3718 break;
3719 }
3720 }
3721}
3722
3723static void
3724run_parent(struct ieee80211com *ic)
3725{
3726 struct run_softc *sc = ic->ic_softc;
3727 int startall = 0;
3728
3729 RUN_LOCK(sc);
3730 if (sc->sc_detached) {
3731 RUN_UNLOCK(sc);
3732 return;
3733 }
3734
3735 if (ic->ic_nrunning > 0) {
3736 if (!(sc->sc_flags & RUN_RUNNING)) {
3737 startall = 1;
3738 run_init_locked(sc);
3739 } else
3740 run_update_promisc_locked(sc);
3741 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3742 run_stop(sc);
3743 RUN_UNLOCK(sc);
3744 if (startall)
3745 ieee80211_start_all(ic);
3746}
3747
3748static void
3749run_iq_calib(struct run_softc *sc, u_int chan)
3750{
3751 uint16_t val;
3752
3753 /* Tx0 IQ gain. */
3754 run_bbp_write(sc, 158, 0x2c);
3755 if (chan <= 14)
3756 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3757 else if (chan <= 64) {
3758 run_efuse_read(sc,
3759 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3760 &val, 1);
3761 } else if (chan <= 138) {
3762 run_efuse_read(sc,
3763 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3764 &val, 1);
3765 } else if (chan <= 165) {
3766 run_efuse_read(sc,
3767 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3768 &val, 1);
3769 } else
3770 val = 0;
3771 run_bbp_write(sc, 159, val);
3772
3773 /* Tx0 IQ phase. */
3774 run_bbp_write(sc, 158, 0x2d);
3775 if (chan <= 14) {
3776 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3777 &val, 1);
3778 } else if (chan <= 64) {
3779 run_efuse_read(sc,
3780 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3781 &val, 1);
3782 } else if (chan <= 138) {
3783 run_efuse_read(sc,
3784 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3785 &val, 1);
3786 } else if (chan <= 165) {
3787 run_efuse_read(sc,
3788 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3789 &val, 1);
3790 } else
3791 val = 0;
3792 run_bbp_write(sc, 159, val);
3793
3794 /* Tx1 IQ gain. */
3795 run_bbp_write(sc, 158, 0x4a);
3796 if (chan <= 14) {
3797 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3798 &val, 1);
3799 } else if (chan <= 64) {
3800 run_efuse_read(sc,
3801 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3802 &val, 1);
3803 } else if (chan <= 138) {
3804 run_efuse_read(sc,
3805 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3806 &val, 1);
3807 } else if (chan <= 165) {
3808 run_efuse_read(sc,
3809 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3810 &val, 1);
3811 } else
3812 val = 0;
3813 run_bbp_write(sc, 159, val);
3814
3815 /* Tx1 IQ phase. */
3816 run_bbp_write(sc, 158, 0x4b);
3817 if (chan <= 14) {
3818 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3819 &val, 1);
3820 } else if (chan <= 64) {
3821 run_efuse_read(sc,
3822 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3823 &val, 1);
3824 } else if (chan <= 138) {
3825 run_efuse_read(sc,
3826 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3827 &val, 1);
3828 } else if (chan <= 165) {
3829 run_efuse_read(sc,
3830 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3831 &val, 1);
3832 } else
3833 val = 0;
3834 run_bbp_write(sc, 159, val);
3835
3836 /* RF IQ compensation control. */
3837 run_bbp_write(sc, 158, 0x04);
3838 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3839 &val, 1);
3840 run_bbp_write(sc, 159, val);
3841
3842 /* RF IQ imbalance compensation control. */
3843 run_bbp_write(sc, 158, 0x03);
3844 run_efuse_read(sc,
3845 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3846 run_bbp_write(sc, 159, val);
3847}
3848
3849static void
3850run_set_agc(struct run_softc *sc, uint8_t agc)
3851{
3852 uint8_t bbp;
3853
3854 if (sc->mac_ver == 0x3572) {
3855 run_bbp_read(sc, 27, &bbp);
3856 bbp &= ~(0x3 << 5);
3857 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3858 run_bbp_write(sc, 66, agc);
3859 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3860 run_bbp_write(sc, 66, agc);
3861 } else
3862 run_bbp_write(sc, 66, agc);
3863}
3864
3865static void
3866run_select_chan_group(struct run_softc *sc, int group)
3867{
3868 uint32_t tmp;
3869 uint8_t agc;
3870
3871 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3872 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3873 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3874 if (sc->mac_ver < 0x3572)
3875 run_bbp_write(sc, 86, 0x00);
3876
3877 if (sc->mac_ver == 0x3593) {
3878 run_bbp_write(sc, 77, 0x98);
3879 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3880 }
3881
3882 if (group == 0) {
3883 if (sc->ext_2ghz_lna) {
3884 if (sc->mac_ver >= 0x5390)
3885 run_bbp_write(sc, 75, 0x52);
3886 else {
3887 run_bbp_write(sc, 82, 0x62);
3888 run_bbp_write(sc, 75, 0x46);
3889 }
3890 } else {
3891 if (sc->mac_ver == 0x5592) {
3892 run_bbp_write(sc, 79, 0x1c);
3893 run_bbp_write(sc, 80, 0x0e);
3894 run_bbp_write(sc, 81, 0x3a);
3895 run_bbp_write(sc, 82, 0x62);
3896
3897 run_bbp_write(sc, 195, 0x80);
3898 run_bbp_write(sc, 196, 0xe0);
3899 run_bbp_write(sc, 195, 0x81);
3900 run_bbp_write(sc, 196, 0x1f);
3901 run_bbp_write(sc, 195, 0x82);
3902 run_bbp_write(sc, 196, 0x38);
3903 run_bbp_write(sc, 195, 0x83);
3904 run_bbp_write(sc, 196, 0x32);
3905 run_bbp_write(sc, 195, 0x85);
3906 run_bbp_write(sc, 196, 0x28);
3907 run_bbp_write(sc, 195, 0x86);
3908 run_bbp_write(sc, 196, 0x19);
3909 } else if (sc->mac_ver >= 0x5390)
3910 run_bbp_write(sc, 75, 0x50);
3911 else {
3912 run_bbp_write(sc, 82,
3913 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3914 run_bbp_write(sc, 75, 0x50);
3915 }
3916 }
3917 } else {
3918 if (sc->mac_ver == 0x5592) {
3919 run_bbp_write(sc, 79, 0x18);
3920 run_bbp_write(sc, 80, 0x08);
3921 run_bbp_write(sc, 81, 0x38);
3922 run_bbp_write(sc, 82, 0x92);
3923
3924 run_bbp_write(sc, 195, 0x80);
3925 run_bbp_write(sc, 196, 0xf0);
3926 run_bbp_write(sc, 195, 0x81);
3927 run_bbp_write(sc, 196, 0x1e);
3928 run_bbp_write(sc, 195, 0x82);
3929 run_bbp_write(sc, 196, 0x28);
3930 run_bbp_write(sc, 195, 0x83);
3931 run_bbp_write(sc, 196, 0x20);
3932 run_bbp_write(sc, 195, 0x85);
3933 run_bbp_write(sc, 196, 0x7f);
3934 run_bbp_write(sc, 195, 0x86);
3935 run_bbp_write(sc, 196, 0x7f);
3936 } else if (sc->mac_ver == 0x3572)
3937 run_bbp_write(sc, 82, 0x94);
3938 else
3939 run_bbp_write(sc, 82,
3940 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
3941 if (sc->ext_5ghz_lna)
3942 run_bbp_write(sc, 75, 0x46);
3943 else
3944 run_bbp_write(sc, 75, 0x50);
3945 }
3946
3947 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
3948 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
3949 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
3950 run_write(sc, RT2860_TX_BAND_CFG, tmp);
3951
3952 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
3953 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
3954 if (sc->mac_ver == 0x3593)
3955 tmp |= 1 << 29 | 1 << 28;
3956 if (sc->nrxchains > 1)
3957 tmp |= RT2860_LNA_PE1_EN;
3958 if (group == 0) { /* 2GHz */
3959 tmp |= RT2860_PA_PE_G0_EN;
3960 if (sc->ntxchains > 1)
3961 tmp |= RT2860_PA_PE_G1_EN;
3962 if (sc->mac_ver == 0x3593) {
3963 if (sc->ntxchains > 2)
3964 tmp |= 1 << 25;
3965 }
3966 } else { /* 5GHz */
3967 tmp |= RT2860_PA_PE_A0_EN;
3968 if (sc->ntxchains > 1)
3969 tmp |= RT2860_PA_PE_A1_EN;
3970 }
3971 if (sc->mac_ver == 0x3572) {
3972 run_rt3070_rf_write(sc, 8, 0x00);
3973 run_write(sc, RT2860_TX_PIN_CFG, tmp);
3974 run_rt3070_rf_write(sc, 8, 0x80);
3975 } else
3976 run_write(sc, RT2860_TX_PIN_CFG, tmp);
3977
3978 if (sc->mac_ver == 0x5592) {
3979 run_bbp_write(sc, 195, 0x8d);
3980 run_bbp_write(sc, 196, 0x1a);
3981 }
3982
3983 if (sc->mac_ver == 0x3593) {
3984 run_read(sc, RT2860_GPIO_CTRL, &tmp);
3985 tmp &= ~0x01010000;
3986 if (group == 0)
3987 tmp |= 0x00010000;
3988 tmp = (tmp & ~0x00009090) | 0x00000090;
3989 run_write(sc, RT2860_GPIO_CTRL, tmp);
3990 }
3991
3992 /* set initial AGC value */
3993 if (group == 0) { /* 2GHz band */
3994 if (sc->mac_ver >= 0x3070)
3995 agc = 0x1c + sc->lna[0] * 2;
3996 else
3997 agc = 0x2e + sc->lna[0];
3998 } else { /* 5GHz band */
3999 if (sc->mac_ver == 0x5592)
4000 agc = 0x24 + sc->lna[group] * 2;
4001 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4002 agc = 0x22 + (sc->lna[group] * 5) / 3;
4003 else
4004 agc = 0x32 + (sc->lna[group] * 5) / 3;
4005 }
4006 run_set_agc(sc, agc);
4007}
4008
4009static void
4010run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4011{
4012 const struct rfprog *rfprog = rt2860_rf2850;
4013 uint32_t r2, r3, r4;
4014 int8_t txpow1, txpow2;
4015 int i;
4016
4017 /* find the settings for this channel (we know it exists) */
4018 for (i = 0; rfprog[i].chan != chan; i++);
4019
4020 r2 = rfprog[i].r2;
4021 if (sc->ntxchains == 1)
4022 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4023 if (sc->nrxchains == 1)
4024 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4025 else if (sc->nrxchains == 2)
4026 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4027
4028 /* use Tx power values from EEPROM */
4029 txpow1 = sc->txpow1[i];
4030 txpow2 = sc->txpow2[i];
4031
4032 /* Initialize RF R3 and R4. */
4033 r3 = rfprog[i].r3 & 0xffffc1ff;
4034 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4035 if (chan > 14) {
4036 if (txpow1 >= 0) {
4037 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4038 r3 |= (txpow1 << 10) | (1 << 9);
4039 } else {
4040 txpow1 += 7;
4041
4042 /* txpow1 is not possible larger than 15. */
4043 r3 |= (txpow1 << 10);
4044 }
4045 if (txpow2 >= 0) {
4046 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4047 r4 |= (txpow2 << 7) | (1 << 6);
4048 } else {
4049 txpow2 += 7;
4050 r4 |= (txpow2 << 7);
4051 }
4052 } else {
4053 /* Set Tx0 power. */
4054 r3 |= (txpow1 << 9);
4055
4056 /* Set frequency offset and Tx1 power. */
4057 r4 |= (txpow2 << 6);
4058 }
4059
4060 run_rt2870_rf_write(sc, rfprog[i].r1);
4061 run_rt2870_rf_write(sc, r2);
4062 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4063 run_rt2870_rf_write(sc, r4);
4064
4065 run_delay(sc, 10);
4066
4067 run_rt2870_rf_write(sc, rfprog[i].r1);
4068 run_rt2870_rf_write(sc, r2);
4069 run_rt2870_rf_write(sc, r3 | (1 << 2));
4070 run_rt2870_rf_write(sc, r4);
4071
4072 run_delay(sc, 10);
4073
4074 run_rt2870_rf_write(sc, rfprog[i].r1);
4075 run_rt2870_rf_write(sc, r2);
4076 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4077 run_rt2870_rf_write(sc, r4);
4078}
4079
4080static void
4081run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4082{
4083 int8_t txpow1, txpow2;
4084 uint8_t rf;
4085 int i;
4086
4087 /* find the settings for this channel (we know it exists) */
4088 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4089
4090 /* use Tx power values from EEPROM */
4091 txpow1 = sc->txpow1[i];
4092 txpow2 = sc->txpow2[i];
4093
4094 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4095
4096 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4097 run_rt3070_rf_read(sc, 3, &rf);
4098 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4099 run_rt3070_rf_write(sc, 3, rf);
4100
4101 run_rt3070_rf_read(sc, 6, &rf);
4102 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4103 run_rt3070_rf_write(sc, 6, rf);
4104
4105 /* set Tx0 power */
4106 run_rt3070_rf_read(sc, 12, &rf);
4107 rf = (rf & ~0x1f) | txpow1;
4108 run_rt3070_rf_write(sc, 12, rf);
4109
4110 /* set Tx1 power */
4111 run_rt3070_rf_read(sc, 13, &rf);
4112 rf = (rf & ~0x1f) | txpow2;
4113 run_rt3070_rf_write(sc, 13, rf);
4114
4115 run_rt3070_rf_read(sc, 1, &rf);
4116 rf &= ~0xfc;
4117 if (sc->ntxchains == 1)
4118 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4119 else if (sc->ntxchains == 2)
4120 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4121 if (sc->nrxchains == 1)
4122 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4123 else if (sc->nrxchains == 2)
4124 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4125 run_rt3070_rf_write(sc, 1, rf);
4126
4127 /* set RF offset */
4128 run_rt3070_rf_read(sc, 23, &rf);
4129 rf = (rf & ~0x7f) | sc->freq;
4130 run_rt3070_rf_write(sc, 23, rf);
4131
4132 /* program RF filter */
4133 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4134 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4135 run_rt3070_rf_write(sc, 24, rf);
4136 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4137 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4138 run_rt3070_rf_write(sc, 31, rf);
4139
4140 /* enable RF tuning */
4141 run_rt3070_rf_read(sc, 7, &rf);
4142 run_rt3070_rf_write(sc, 7, rf | 0x01);
4143}
4144
4145static void
4146run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4147{
4148 int8_t txpow1, txpow2;
4149 uint32_t tmp;
4150 uint8_t rf;
4151 int i;
4152
4153 /* find the settings for this channel (we know it exists) */
4154 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4155
4156 /* use Tx power values from EEPROM */
4157 txpow1 = sc->txpow1[i];
4158 txpow2 = sc->txpow2[i];
4159
4160 if (chan <= 14) {
4161 run_bbp_write(sc, 25, sc->bbp25);
4162 run_bbp_write(sc, 26, sc->bbp26);
4163 } else {
4164 /* enable IQ phase correction */
4165 run_bbp_write(sc, 25, 0x09);
4166 run_bbp_write(sc, 26, 0xff);
4167 }
4168
4169 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4170 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4171 run_rt3070_rf_read(sc, 6, &rf);
4172 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4173 rf |= (chan <= 14) ? 0x08 : 0x04;
4174 run_rt3070_rf_write(sc, 6, rf);
4175
4176 /* set PLL mode */
4177 run_rt3070_rf_read(sc, 5, &rf);
4178 rf &= ~(0x08 | 0x04);
4179 rf |= (chan <= 14) ? 0x04 : 0x08;
4180 run_rt3070_rf_write(sc, 5, rf);
4181
4182 /* set Tx power for chain 0 */
4183 if (chan <= 14)
4184 rf = 0x60 | txpow1;
4185 else
4186 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4187 run_rt3070_rf_write(sc, 12, rf);
4188
4189 /* set Tx power for chain 1 */
4190 if (chan <= 14)
4191 rf = 0x60 | txpow2;
4192 else
4193 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4194 run_rt3070_rf_write(sc, 13, rf);
4195
4196 /* set Tx/Rx streams */
4197 run_rt3070_rf_read(sc, 1, &rf);
4198 rf &= ~0xfc;
4199 if (sc->ntxchains == 1)
4200 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4201 else if (sc->ntxchains == 2)
4202 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4203 if (sc->nrxchains == 1)
4204 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4205 else if (sc->nrxchains == 2)
4206 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4207 run_rt3070_rf_write(sc, 1, rf);
4208
4209 /* set RF offset */
4210 run_rt3070_rf_read(sc, 23, &rf);
4211 rf = (rf & ~0x7f) | sc->freq;
4212 run_rt3070_rf_write(sc, 23, rf);
4213
4214 /* program RF filter */
4215 rf = sc->rf24_20mhz;
4216 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4217 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4218
4219 /* enable RF tuning */
4220 run_rt3070_rf_read(sc, 7, &rf);
4221 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4222 run_rt3070_rf_write(sc, 7, rf);
4223
4224 /* TSSI */
4225 rf = (chan <= 14) ? 0xc3 : 0xc0;
4226 run_rt3070_rf_write(sc, 9, rf);
4227
4228 /* set loop filter 1 */
4229 run_rt3070_rf_write(sc, 10, 0xf1);
4230 /* set loop filter 2 */
4231 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4232
4233 /* set tx_mx2_ic */
4234 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4235 /* set tx_mx1_ic */
4236 if (chan <= 14)
4237 rf = 0x48 | sc->txmixgain_2ghz;
4238 else
4239 rf = 0x78 | sc->txmixgain_5ghz;
4240 run_rt3070_rf_write(sc, 16, rf);
4241
4242 /* set tx_lo1 */
4243 run_rt3070_rf_write(sc, 17, 0x23);
4244 /* set tx_lo2 */
4245 if (chan <= 14)
4246 rf = 0x93;
4247 else if (chan <= 64)
4248 rf = 0xb7;
4249 else if (chan <= 128)
4250 rf = 0x74;
4251 else
4252 rf = 0x72;
4253 run_rt3070_rf_write(sc, 19, rf);
4254
4255 /* set rx_lo1 */
4256 if (chan <= 14)
4257 rf = 0xb3;
4258 else if (chan <= 64)
4259 rf = 0xf6;
4260 else if (chan <= 128)
4261 rf = 0xf4;
4262 else
4263 rf = 0xf3;
4264 run_rt3070_rf_write(sc, 20, rf);
4265
4266 /* set pfd_delay */
4267 if (chan <= 14)
4268 rf = 0x15;
4269 else if (chan <= 64)
4270 rf = 0x3d;
4271 else
4272 rf = 0x01;
4273 run_rt3070_rf_write(sc, 25, rf);
4274
4275 /* set rx_lo2 */
4276 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4277 /* set ldo_rf_vc */
4278 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4279 /* set drv_cc */
4280 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4281
4282 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4283 tmp &= ~0x8080;
4284 if (chan <= 14)
4285 tmp |= 0x80;
4286 run_write(sc, RT2860_GPIO_CTRL, tmp);
4287
4288 /* enable RF tuning */
4289 run_rt3070_rf_read(sc, 7, &rf);
4290 run_rt3070_rf_write(sc, 7, rf | 0x01);
4291
4292 run_delay(sc, 2);
4293}
4294
4295static void
4296run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4297{
4298 int8_t txpow1, txpow2, txpow3;
4299 uint8_t h20mhz, rf;
4300 int i;
4301
4302 /* find the settings for this channel (we know it exists) */
4303 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4304
4305 /* use Tx power values from EEPROM */
4306 txpow1 = sc->txpow1[i];
4307 txpow2 = sc->txpow2[i];
4308 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4309
4310 if (chan <= 14) {
4311 run_bbp_write(sc, 25, sc->bbp25);
4312 run_bbp_write(sc, 26, sc->bbp26);
4313 } else {
4314 /* Enable IQ phase correction. */
4315 run_bbp_write(sc, 25, 0x09);
4316 run_bbp_write(sc, 26, 0xff);
4317 }
4318
4319 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4320 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4321 run_rt3070_rf_read(sc, 11, &rf);
4322 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4323 run_rt3070_rf_write(sc, 11, rf);
4324
4325 /* Set pll_idoh. */
4326 run_rt3070_rf_read(sc, 11, &rf);
4327 rf &= ~0x4c;
4328 rf |= (chan <= 14) ? 0x44 : 0x48;
4329 run_rt3070_rf_write(sc, 11, rf);
4330
4331 if (chan <= 14)
4332 rf = txpow1 & 0x1f;
4333 else
4334 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4335 run_rt3070_rf_write(sc, 53, rf);
4336
4337 if (chan <= 14)
4338 rf = txpow2 & 0x1f;
4339 else
4340 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4341 run_rt3070_rf_write(sc, 55, rf);
4342
4343 if (chan <= 14)
4344 rf = txpow3 & 0x1f;
4345 else
4346 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4347 run_rt3070_rf_write(sc, 54, rf);
4348
4349 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4350 if (sc->ntxchains == 3)
4351 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4352 else
4353 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4354 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4355 run_rt3070_rf_write(sc, 1, rf);
4356
4357 run_adjust_freq_offset(sc);
4358
4359 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4360
4361 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4362 run_rt3070_rf_read(sc, 30, &rf);
4363 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4364 run_rt3070_rf_write(sc, 30, rf);
4365
4366 run_rt3070_rf_read(sc, 36, &rf);
4367 if (chan <= 14)
4368 rf |= 0x80;
4369 else
4370 rf &= ~0x80;
4371 run_rt3070_rf_write(sc, 36, rf);
4372
4373 /* Set vcolo_bs. */
4374 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4375 /* Set pfd_delay. */
4376 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4377
4378 /* Set vco bias current control. */
4379 run_rt3070_rf_read(sc, 6, &rf);
4380 rf &= ~0xc0;
4381 if (chan <= 14)
4382 rf |= 0x40;
4383 else if (chan <= 128)
4384 rf |= 0x80;
4385 else
4386 rf |= 0x40;
4387 run_rt3070_rf_write(sc, 6, rf);
4388
4389 run_rt3070_rf_read(sc, 30, &rf);
4390 rf = (rf & ~0x18) | 0x10;
4391 run_rt3070_rf_write(sc, 30, rf);
4392
4393 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4394 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4395
4396 run_rt3070_rf_read(sc, 51, &rf);
4397 rf = (rf & ~0x03) | 0x01;
4398 run_rt3070_rf_write(sc, 51, rf);
4399 /* Set tx_mx1_cc. */
4400 run_rt3070_rf_read(sc, 51, &rf);
4401 rf &= ~0x1c;
4402 rf |= (chan <= 14) ? 0x14 : 0x10;
4403 run_rt3070_rf_write(sc, 51, rf);
4404 /* Set tx_mx1_ic. */
4405 run_rt3070_rf_read(sc, 51, &rf);
4406 rf &= ~0xe0;
4407 rf |= (chan <= 14) ? 0x60 : 0x40;
4408 run_rt3070_rf_write(sc, 51, rf);
4409 /* Set tx_lo1_ic. */
4410 run_rt3070_rf_read(sc, 49, &rf);
4411 rf &= ~0x1c;
4412 rf |= (chan <= 14) ? 0x0c : 0x08;
4413 run_rt3070_rf_write(sc, 49, rf);
4414 /* Set tx_lo1_en. */
4415 run_rt3070_rf_read(sc, 50, &rf);
4416 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4417 /* Set drv_cc. */
4418 run_rt3070_rf_read(sc, 57, &rf);
4419 rf &= ~0xfc;
4420 rf |= (chan <= 14) ? 0x6c : 0x3c;
4421 run_rt3070_rf_write(sc, 57, rf);
4422 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4423 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4424 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4425 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4426 /* Enable VCO calibration. */
4427 run_rt3070_rf_read(sc, 3, &rf);
4428 rf &= ~RT5390_VCOCAL;
4429 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4430 run_rt3070_rf_write(sc, 3, rf);
4431
4432 if (chan <= 14)
4433 rf = 0x23;
4434 else if (chan <= 64)
4435 rf = 0x36;
4436 else if (chan <= 128)
4437 rf = 0x32;
4438 else
4439 rf = 0x30;
4440 run_rt3070_rf_write(sc, 39, rf);
4441 if (chan <= 14)
4442 rf = 0xbb;
4443 else if (chan <= 64)
4444 rf = 0xeb;
4445 else if (chan <= 128)
4446 rf = 0xb3;
4447 else
4448 rf = 0x9b;
4449 run_rt3070_rf_write(sc, 45, rf);
4450
4451 /* Set FEQ/AEQ control. */
4452 run_bbp_write(sc, 105, 0x34);
4453}
4454
4455static void
4456run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4457{
4458 int8_t txpow1, txpow2;
4459 uint8_t rf;
4460 int i;
4461
4462 /* find the settings for this channel (we know it exists) */
4463 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4464
4465 /* use Tx power values from EEPROM */
4466 txpow1 = sc->txpow1[i];
4467 txpow2 = sc->txpow2[i];
4468
4469 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4470 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4471 run_rt3070_rf_read(sc, 11, &rf);
4472 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4473 run_rt3070_rf_write(sc, 11, rf);
4474
4475 run_rt3070_rf_read(sc, 49, &rf);
4476 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4477 /* The valid range of the RF R49 is 0x00 to 0x27. */
4478 if ((rf & 0x3f) > 0x27)
4479 rf = (rf & ~0x3f) | 0x27;
4480 run_rt3070_rf_write(sc, 49, rf);
4481
4482 if (sc->mac_ver == 0x5392) {
4483 run_rt3070_rf_read(sc, 50, &rf);
4484 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4485 /* The valid range of the RF R50 is 0x00 to 0x27. */
4486 if ((rf & 0x3f) > 0x27)
4487 rf = (rf & ~0x3f) | 0x27;
4488 run_rt3070_rf_write(sc, 50, rf);
4489 }
4490
4491 run_rt3070_rf_read(sc, 1, &rf);
4492 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4493 if (sc->mac_ver == 0x5392)
4494 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4495 run_rt3070_rf_write(sc, 1, rf);
4496
4497 if (sc->mac_ver != 0x5392) {
4498 run_rt3070_rf_read(sc, 2, &rf);
4499 rf |= 0x80;
4500 run_rt3070_rf_write(sc, 2, rf);
4501 run_delay(sc, 10);
4502 rf &= 0x7f;
4503 run_rt3070_rf_write(sc, 2, rf);
4504 }
4505
4506 run_adjust_freq_offset(sc);
4507
4508 if (sc->mac_ver == 0x5392) {
4509 /* Fix for RT5392C. */
4510 if (sc->mac_rev >= 0x0223) {
4511 if (chan <= 4)
4512 rf = 0x0f;
4513 else if (chan >= 5 && chan <= 7)
4514 rf = 0x0e;
4515 else
4516 rf = 0x0d;
4517 run_rt3070_rf_write(sc, 23, rf);
4518
4519 if (chan <= 4)
4520 rf = 0x0c;
4521 else if (chan == 5)
4522 rf = 0x0b;
4523 else if (chan >= 6 && chan <= 7)
4524 rf = 0x0a;
4525 else if (chan >= 8 && chan <= 10)
4526 rf = 0x09;
4527 else
4528 rf = 0x08;
4529 run_rt3070_rf_write(sc, 59, rf);
4530 } else {
4531 if (chan <= 11)
4532 rf = 0x0f;
4533 else
4534 rf = 0x0b;
4535 run_rt3070_rf_write(sc, 59, rf);
4536 }
4537 } else {
4538 /* Fix for RT5390F. */
4539 if (sc->mac_rev >= 0x0502) {
4540 if (chan <= 11)
4541 rf = 0x43;
4542 else
4543 rf = 0x23;
4544 run_rt3070_rf_write(sc, 55, rf);
4545
4546 if (chan <= 11)
4547 rf = 0x0f;
4548 else if (chan == 12)
4549 rf = 0x0d;
4550 else
4551 rf = 0x0b;
4552 run_rt3070_rf_write(sc, 59, rf);
4553 } else {
4554 run_rt3070_rf_write(sc, 55, 0x44);
4555 run_rt3070_rf_write(sc, 59, 0x8f);
4556 }
4557 }
4558
4559 /* Enable VCO calibration. */
4560 run_rt3070_rf_read(sc, 3, &rf);
4561 rf |= RT5390_VCOCAL;
4562 run_rt3070_rf_write(sc, 3, rf);
4563}
4564
4565static void
4566run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4567{
4568 const struct rt5592_freqs *freqs;
4569 uint32_t tmp;
4570 uint8_t reg, rf, txpow_bound;
4571 int8_t txpow1, txpow2;
4572 int i;
4573
4574 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4575 freqs = (tmp & RT5592_SEL_XTAL) ?
4576 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4577
4578 /* find the settings for this channel (we know it exists) */
4579 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4580
4581 /* use Tx power values from EEPROM */
4582 txpow1 = sc->txpow1[i];
4583 txpow2 = sc->txpow2[i];
4584
4585 run_read(sc, RT3070_LDO_CFG0, &tmp);
4586 tmp &= ~0x1c000000;
4587 if (chan > 14)
4588 tmp |= 0x14000000;
4589 run_write(sc, RT3070_LDO_CFG0, tmp);
4590
4591 /* N setting. */
4592 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4593 run_rt3070_rf_read(sc, 9, &rf);
4594 rf &= ~(1 << 4);
4595 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4596 run_rt3070_rf_write(sc, 9, rf);
4597
4598 /* K setting. */
4599 run_rt3070_rf_read(sc, 9, &rf);
4600 rf &= ~0x0f;
4601 rf |= (freqs->k & 0x0f);
4602 run_rt3070_rf_write(sc, 9, rf);
4603
4604 /* Mode setting. */
4605 run_rt3070_rf_read(sc, 11, &rf);
4606 rf &= ~0x0c;
4607 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4608 run_rt3070_rf_write(sc, 11, rf);
4609 run_rt3070_rf_read(sc, 9, &rf);
4610 rf &= ~(1 << 7);
4611 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4612 run_rt3070_rf_write(sc, 9, rf);
4613
4614 /* R setting. */
4615 run_rt3070_rf_read(sc, 11, &rf);
4616 rf &= ~0x03;
4617 rf |= (freqs->r - 0x1);
4618 run_rt3070_rf_write(sc, 11, rf);
4619
4620 if (chan <= 14) {
4621 /* Initialize RF registers for 2GHZ. */
4622 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4623 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4624 rt5592_2ghz_def_rf[i].val);
4625 }
4626
4627 rf = (chan <= 10) ? 0x07 : 0x06;
4628 run_rt3070_rf_write(sc, 23, rf);
4629 run_rt3070_rf_write(sc, 59, rf);
4630
4631 run_rt3070_rf_write(sc, 55, 0x43);
4632
4633 /*
4634 * RF R49/R50 Tx power ALC code.
4635 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4636 */
4637 reg = 2;
4638 txpow_bound = 0x27;
4639 } else {
4640 /* Initialize RF registers for 5GHZ. */
4641 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4642 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4643 rt5592_5ghz_def_rf[i].val);
4644 }
4645 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4646 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4647 chan <= rt5592_chan_5ghz[i].lastchan) {
4648 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4649 rt5592_chan_5ghz[i].val);
4650 }
4651 }
4652
4653 /*
4654 * RF R49/R50 Tx power ALC code.
4655 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4656 */
4657 reg = 3;
4658 txpow_bound = 0x2b;
4659 }
4660
4661 /* RF R49 ch0 Tx power ALC code. */
4662 run_rt3070_rf_read(sc, 49, &rf);
4663 rf &= ~0xc0;
4664 rf |= (reg << 6);
4665 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4666 if ((rf & 0x3f) > txpow_bound)
4667 rf = (rf & ~0x3f) | txpow_bound;
4668 run_rt3070_rf_write(sc, 49, rf);
4669
4670 /* RF R50 ch1 Tx power ALC code. */
4671 run_rt3070_rf_read(sc, 50, &rf);
4672 rf &= ~(1 << 7 | 1 << 6);
4673 rf |= (reg << 6);
4674 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4675 if ((rf & 0x3f) > txpow_bound)
4676 rf = (rf & ~0x3f) | txpow_bound;
4677 run_rt3070_rf_write(sc, 50, rf);
4678
4679 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4680 run_rt3070_rf_read(sc, 1, &rf);
4681 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4682 if (sc->ntxchains > 1)
4683 rf |= RT3070_TX1_PD;
4684 if (sc->nrxchains > 1)
4685 rf |= RT3070_RX1_PD;
4686 run_rt3070_rf_write(sc, 1, rf);
4687
4688 run_rt3070_rf_write(sc, 6, 0xe4);
4689
4690 run_rt3070_rf_write(sc, 30, 0x10);
4691 run_rt3070_rf_write(sc, 31, 0x80);
4692 run_rt3070_rf_write(sc, 32, 0x80);
4693
4694 run_adjust_freq_offset(sc);
4695
4696 /* Enable VCO calibration. */
4697 run_rt3070_rf_read(sc, 3, &rf);
4698 rf |= RT5390_VCOCAL;
4699 run_rt3070_rf_write(sc, 3, rf);
4700}
4701
4702static void
4703run_set_rx_antenna(struct run_softc *sc, int aux)
4704{
4705 uint32_t tmp;
4706 uint8_t bbp152;
4707
4708 if (aux) {
4709 if (sc->rf_rev == RT5390_RF_5370) {
4710 run_bbp_read(sc, 152, &bbp152);
4711 run_bbp_write(sc, 152, bbp152 & ~0x80);
4712 } else {
4713 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4714 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4715 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4716 }
4717 } else {
4718 if (sc->rf_rev == RT5390_RF_5370) {
4719 run_bbp_read(sc, 152, &bbp152);
4720 run_bbp_write(sc, 152, bbp152 | 0x80);
4721 } else {
4722 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4723 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4724 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4725 }
4726 }
4727}
4728
4729static int
4730run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4731{
4732 struct ieee80211com *ic = &sc->sc_ic;
4733 u_int chan, group;
4734
4735 chan = ieee80211_chan2ieee(ic, c);
4736 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4737 return (EINVAL);
4738
4739 if (sc->mac_ver == 0x5592)
4740 run_rt5592_set_chan(sc, chan);
4741 else if (sc->mac_ver >= 0x5390)
4742 run_rt5390_set_chan(sc, chan);
4743 else if (sc->mac_ver == 0x3593)
4744 run_rt3593_set_chan(sc, chan);
4745 else if (sc->mac_ver == 0x3572)
4746 run_rt3572_set_chan(sc, chan);
4747 else if (sc->mac_ver >= 0x3070)
4748 run_rt3070_set_chan(sc, chan);
4749 else
4750 run_rt2870_set_chan(sc, chan);
4751
4752 /* determine channel group */
4753 if (chan <= 14)
4754 group = 0;
4755 else if (chan <= 64)
4756 group = 1;
4757 else if (chan <= 128)
4758 group = 2;
4759 else
4760 group = 3;
4761
4762 /* XXX necessary only when group has changed! */
4763 run_select_chan_group(sc, group);
4764
4765 run_delay(sc, 10);
4766
4767 /* Perform IQ calibration. */
4768 if (sc->mac_ver >= 0x5392)
4769 run_iq_calib(sc, chan);
4770
4771 return (0);
4772}
4773
4774static void
4775run_set_channel(struct ieee80211com *ic)
4776{
4777 struct run_softc *sc = ic->ic_softc;
4778
4779 RUN_LOCK(sc);
4780 run_set_chan(sc, ic->ic_curchan);
4781 RUN_UNLOCK(sc);
4782
4783 return;
4784}
4785
4786static void
4787run_scan_start(struct ieee80211com *ic)
4788{
4789 struct run_softc *sc = ic->ic_softc;
4790 uint32_t tmp;
4791
4792 RUN_LOCK(sc);
4793
4794 /* abort TSF synchronization */
4795 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4796 run_write(sc, RT2860_BCN_TIME_CFG,
4797 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4798 RT2860_TBTT_TIMER_EN));
4799 run_set_bssid(sc, ieee80211broadcastaddr);
4800
4801 RUN_UNLOCK(sc);
4802
4803 return;
4804}
4805
4806static void
4807run_scan_end(struct ieee80211com *ic)
4808{
4809 struct run_softc *sc = ic->ic_softc;
4810
4811 RUN_LOCK(sc);
4812
4813 run_enable_tsf_sync(sc);
4814 run_set_bssid(sc, sc->sc_bssid);
4815
4816 RUN_UNLOCK(sc);
4817
4818 return;
4819}
4820
4821/*
4822 * Could be called from ieee80211_node_timeout()
4823 * (non-sleepable thread)
4824 */
4825static void
4826run_update_beacon(struct ieee80211vap *vap, int item)
4827{
4828 struct ieee80211com *ic = vap->iv_ic;
4829 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4830 struct ieee80211_node *ni = vap->iv_bss;
4831 struct run_softc *sc = ic->ic_softc;
4832 struct run_vap *rvp = RUN_VAP(vap);
4833 int mcast = 0;
4834 uint32_t i;
4835
4836 switch (item) {
4837 case IEEE80211_BEACON_ERP:
4838 run_updateslot(ic);
4839 break;
4840 case IEEE80211_BEACON_HTINFO:
4841 run_updateprot(ic);
4842 break;
4843 case IEEE80211_BEACON_TIM:
4844 mcast = 1; /*TODO*/
4845 break;
4846 default:
4847 break;
4848 }
4849
4850 setbit(bo->bo_flags, item);
4851 if (rvp->beacon_mbuf == NULL) {
4852 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4853 if (rvp->beacon_mbuf == NULL)
4854 return;
4855 }
4856 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
4857
4858 i = RUN_CMDQ_GET(&sc->cmdq_store);
4859 DPRINTF("cmdq_store=%d\n", i);
4860 sc->cmdq[i].func = run_update_beacon_cb;
4861 sc->cmdq[i].arg0 = vap;
4862 ieee80211_runtask(ic, &sc->cmdq_task);
4863
4864 return;
4865}
4866
4867static void
4868run_update_beacon_cb(void *arg)
4869{
4870 struct ieee80211vap *vap = arg;
4871 struct ieee80211_node *ni = vap->iv_bss;
4872 struct run_vap *rvp = RUN_VAP(vap);
4873 struct ieee80211com *ic = vap->iv_ic;
4874 struct run_softc *sc = ic->ic_softc;
4875 struct rt2860_txwi txwi;
4876 struct mbuf *m;
4877 uint16_t txwisize;
4878 uint8_t ridx;
4879
4880 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
4881 return;
4882 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4883 return;
4884
4885 /*
4886 * No need to call ieee80211_beacon_update(), run_update_beacon()
4887 * is taking care of appropriate calls.
4888 */
4889 if (rvp->beacon_mbuf == NULL) {
4890 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4891 if (rvp->beacon_mbuf == NULL)
4892 return;
4893 }
4894 m = rvp->beacon_mbuf;
4895
4896 memset(&txwi, 0, sizeof(txwi));
4897 txwi.wcid = 0xff;
4898 txwi.len = htole16(m->m_pkthdr.len);
4899
4900 /* send beacons at the lowest available rate */
4901 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4902 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4903 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4904 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4905 txwi.phy |= htole16(RT2860_PHY_OFDM);
4906 txwi.txop = RT2860_TX_TXOP_HT;
4907 txwi.flags = RT2860_TX_TS;
4908 txwi.xflags = RT2860_TX_NSEQ;
4909
4910 txwisize = (sc->mac_ver == 0x5592) ?
4911 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4912 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4913 txwisize);
4914 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4915 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4916}
4917
4918static void
4919run_updateprot(struct ieee80211com *ic)
4920{
4921 struct run_softc *sc = ic->ic_softc;
4922 uint32_t i;
4923
4924 i = RUN_CMDQ_GET(&sc->cmdq_store);
4925 DPRINTF("cmdq_store=%d\n", i);
4926 sc->cmdq[i].func = run_updateprot_cb;
4927 sc->cmdq[i].arg0 = ic;
4928 ieee80211_runtask(ic, &sc->cmdq_task);
4929}
4930
4931static void
4932run_updateprot_cb(void *arg)
4933{
4934 struct ieee80211com *ic = arg;
4935 struct run_softc *sc = ic->ic_softc;
4936 uint32_t tmp;
4937
4938 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
4939 /* setup protection frame rate (MCS code) */
4940 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
4941 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
4942 rt2860_rates[RT2860_RIDX_CCK11].mcs;
4943
4944 /* CCK frames don't require protection */
4945 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
4946 if (ic->ic_flags & IEEE80211_F_USEPROT) {
4947 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
4948 tmp |= RT2860_PROT_CTRL_RTS_CTS;
4949 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
4950 tmp |= RT2860_PROT_CTRL_CTS;
4951 }
4952 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
4953}
4954
4955static void
4956run_usb_timeout_cb(void *arg)
4957{
4958 struct ieee80211vap *vap = arg;
4959 struct run_softc *sc = vap->iv_ic->ic_softc;
4960
4961 RUN_LOCK_ASSERT(sc, MA_OWNED);
4962
4963 if(vap->iv_state == IEEE80211_S_RUN &&
4964 vap->iv_opmode != IEEE80211_M_STA)
4965 run_reset_livelock(sc);
4966 else if (vap->iv_state == IEEE80211_S_SCAN) {
4967 DPRINTF("timeout caused by scan\n");
4968 /* cancel bgscan */
4969 ieee80211_cancel_scan(vap);
4970 } else
4971 DPRINTF("timeout by unknown cause\n");
4972}
4973
4974static void
4975run_reset_livelock(struct run_softc *sc)
4976{
4977 uint32_t tmp;
4978
4979 RUN_LOCK_ASSERT(sc, MA_OWNED);
4980
4981 /*
4982 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
4983 * can run into a livelock and start sending CTS-to-self frames like
4984 * crazy if protection is enabled. Reset MAC/BBP for a while
4985 */
4986 run_read(sc, RT2860_DEBUG, &tmp);
4987 DPRINTFN(3, "debug reg %08x\n", tmp);
4988 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
4989 DPRINTF("CTS-to-self livelock detected\n");
4990 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
4991 run_delay(sc, 1);
4992 run_write(sc, RT2860_MAC_SYS_CTRL,
4993 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
4994 }
4995}
4996
4997static void
4998run_update_promisc_locked(struct run_softc *sc)
4999{
5000 uint32_t tmp;
5001
5002 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5003
5004 tmp |= RT2860_DROP_UC_NOME;
5005 if (sc->sc_ic.ic_promisc > 0)
5006 tmp &= ~RT2860_DROP_UC_NOME;
5007
5008 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5009
5010 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ?
5011 "entering" : "leaving");
5012}
5013
5014static void
5015run_update_promisc(struct ieee80211com *ic)
5016{
5017 struct run_softc *sc = ic->ic_softc;
5018
5019 if ((sc->sc_flags & RUN_RUNNING) == 0)
5020 return;
5021
5022 RUN_LOCK(sc);
5023 run_update_promisc_locked(sc);
5024 RUN_UNLOCK(sc);
5025}
5026
5027static void
5028run_enable_tsf_sync(struct run_softc *sc)
5029{
5030 struct ieee80211com *ic = &sc->sc_ic;
5031 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5032 uint32_t tmp;
5033
5034 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5035 ic->ic_opmode);
5036
5037 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5038 tmp &= ~0x1fffff;
5039 tmp |= vap->iv_bss->ni_intval * 16;
5040 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5041
5042 if (ic->ic_opmode == IEEE80211_M_STA) {
5043 /*
5044 * Local TSF is always updated with remote TSF on beacon
5045 * reception.
5046 */
5047 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5048 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5049 tmp |= RT2860_BCN_TX_EN;
5050 /*
5051 * Local TSF is updated with remote TSF on beacon reception
5052 * only if the remote TSF is greater than local TSF.
5053 */
5054 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5055 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5056 ic->ic_opmode == IEEE80211_M_MBSS) {
5057 tmp |= RT2860_BCN_TX_EN;
5058 /* SYNC with nobody */
5059 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5060 } else {
5061 DPRINTF("Enabling TSF failed. undefined opmode\n");
5062 return;
5063 }
5064
5065 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5066}
5067
5068static void
5069run_enable_tsf(struct run_softc *sc)
5070{
5071 uint32_t tmp;
5072
5073 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5074 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5075 tmp |= RT2860_TSF_TIMER_EN;
5076 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5077 }
5078}
5079
5080static void
5081run_get_tsf(struct run_softc *sc, uint64_t *buf)
5082{
5083 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5084 sizeof(*buf));
5085}
5086
5087static void
5088run_enable_mrr(struct run_softc *sc)
5089{
5090#define CCK(mcs) (mcs)
5091#define OFDM(mcs) (1 << 3 | (mcs))
5092 run_write(sc, RT2860_LG_FBK_CFG0,
5093 OFDM(6) << 28 | /* 54->48 */
5094 OFDM(5) << 24 | /* 48->36 */
5095 OFDM(4) << 20 | /* 36->24 */
5096 OFDM(3) << 16 | /* 24->18 */
5097 OFDM(2) << 12 | /* 18->12 */
5098 OFDM(1) << 8 | /* 12-> 9 */
5099 OFDM(0) << 4 | /* 9-> 6 */
5100 OFDM(0)); /* 6-> 6 */
5101
5102 run_write(sc, RT2860_LG_FBK_CFG1,
5103 CCK(2) << 12 | /* 11->5.5 */
5104 CCK(1) << 8 | /* 5.5-> 2 */
5105 CCK(0) << 4 | /* 2-> 1 */
5106 CCK(0)); /* 1-> 1 */
5107#undef OFDM
5108#undef CCK
5109}
5110
5111static void
5112run_set_txpreamble(struct run_softc *sc)
5113{
5114 struct ieee80211com *ic = &sc->sc_ic;
5115 uint32_t tmp;
5116
5117 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5118 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5119 tmp |= RT2860_CCK_SHORT_EN;
5120 else
5121 tmp &= ~RT2860_CCK_SHORT_EN;
5122 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5123}
5124
5125static void
5126run_set_basicrates(struct run_softc *sc)
5127{
5128 struct ieee80211com *ic = &sc->sc_ic;
5129
5130 /* set basic rates mask */
5131 if (ic->ic_curmode == IEEE80211_MODE_11B)
5132 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5133 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5134 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5135 else /* 11g */
5136 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5137}
5138
5139static void
5140run_set_leds(struct run_softc *sc, uint16_t which)
5141{
5142 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5143 which | (sc->leds & 0x7f));
5144}
5145
5146static void
5147run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5148{
5149 run_write(sc, RT2860_MAC_BSSID_DW0,
5150 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5151 run_write(sc, RT2860_MAC_BSSID_DW1,
5152 bssid[4] | bssid[5] << 8);
5153}
5154
5155static void
5156run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5157{
5158 run_write(sc, RT2860_MAC_ADDR_DW0,
5159 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5160 run_write(sc, RT2860_MAC_ADDR_DW1,
5161 addr[4] | addr[5] << 8 | 0xff << 16);
5162}
5163
5164static void
5165run_updateslot(struct ieee80211com *ic)
5166{
5167 struct run_softc *sc = ic->ic_softc;
5168 uint32_t i;
5169
5170 i = RUN_CMDQ_GET(&sc->cmdq_store);
5171 DPRINTF("cmdq_store=%d\n", i);
5172 sc->cmdq[i].func = run_updateslot_cb;
5173 sc->cmdq[i].arg0 = ic;
5174 ieee80211_runtask(ic, &sc->cmdq_task);
5175
5176 return;
5177}
5178
5179/* ARGSUSED */
5180static void
5181run_updateslot_cb(void *arg)
5182{
5183 struct ieee80211com *ic = arg;
5184 struct run_softc *sc = ic->ic_softc;
5185 uint32_t tmp;
5186
5187 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5188 tmp &= ~0xff;
5189 tmp |= IEEE80211_GET_SLOTTIME(ic);
5190 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5191}
5192
5193static void
5194run_update_mcast(struct ieee80211com *ic)
5195{
5196}
5197
5198static int8_t
5199run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5200{
5201 struct ieee80211com *ic = &sc->sc_ic;
5202 struct ieee80211_channel *c = ic->ic_curchan;
5203 int delta;
5204
5205 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5206 u_int chan = ieee80211_chan2ieee(ic, c);
5207 delta = sc->rssi_5ghz[rxchain];
5208
5209 /* determine channel group */
5210 if (chan <= 64)
5211 delta -= sc->lna[1];
5212 else if (chan <= 128)
5213 delta -= sc->lna[2];
5214 else
5215 delta -= sc->lna[3];
5216 } else
5217 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5218
5219 return (-12 - delta - rssi);
5220}
5221
5222static void
5223run_rt5390_bbp_init(struct run_softc *sc)
5224{
| 22
23/*-
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
26 */
27
28#include <sys/param.h>
29#include <sys/sockio.h>
30#include <sys/sysctl.h>
31#include <sys/lock.h>
32#include <sys/mutex.h>
33#include <sys/mbuf.h>
34#include <sys/kernel.h>
35#include <sys/socket.h>
36#include <sys/systm.h>
37#include <sys/malloc.h>
38#include <sys/module.h>
39#include <sys/bus.h>
40#include <sys/endian.h>
41#include <sys/linker.h>
42#include <sys/firmware.h>
43#include <sys/kdb.h>
44
45#include <machine/bus.h>
46#include <machine/resource.h>
47#include <sys/rman.h>
48
49#include <net/bpf.h>
50#include <net/if.h>
51#include <net/if_var.h>
52#include <net/if_arp.h>
53#include <net/ethernet.h>
54#include <net/if_dl.h>
55#include <net/if_media.h>
56#include <net/if_types.h>
57
58#include <netinet/in.h>
59#include <netinet/in_systm.h>
60#include <netinet/in_var.h>
61#include <netinet/if_ether.h>
62#include <netinet/ip.h>
63
64#include <net80211/ieee80211_var.h>
65#include <net80211/ieee80211_regdomain.h>
66#include <net80211/ieee80211_radiotap.h>
67#include <net80211/ieee80211_ratectl.h>
68
69#include <dev/usb/usb.h>
70#include <dev/usb/usbdi.h>
71#include "usbdevs.h"
72
73#define USB_DEBUG_VAR run_debug
74#include <dev/usb/usb_debug.h>
75#include <dev/usb/usb_msctest.h>
76
77#include <dev/usb/wlan/if_runreg.h>
78#include <dev/usb/wlan/if_runvar.h>
79
80#ifdef USB_DEBUG
81#define RUN_DEBUG
82#endif
83
84#ifdef RUN_DEBUG
85int run_debug = 0;
86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
88 "run debug level");
89#endif
90
91#define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
92
93/*
94 * Because of LOR in run_key_delete(), use atomic instead.
95 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
96 */
97#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
98
99static const STRUCT_USB_HOST_ID run_devs[] = {
100#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
101#define RUN_DEV_EJECT(v,p) \
102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
103#define RUN_EJECT 1
104 RUN_DEV(ABOCOM, RT2770),
105 RUN_DEV(ABOCOM, RT2870),
106 RUN_DEV(ABOCOM, RT3070),
107 RUN_DEV(ABOCOM, RT3071),
108 RUN_DEV(ABOCOM, RT3072),
109 RUN_DEV(ABOCOM2, RT2870_1),
110 RUN_DEV(ACCTON, RT2770),
111 RUN_DEV(ACCTON, RT2870_1),
112 RUN_DEV(ACCTON, RT2870_2),
113 RUN_DEV(ACCTON, RT2870_3),
114 RUN_DEV(ACCTON, RT2870_4),
115 RUN_DEV(ACCTON, RT2870_5),
116 RUN_DEV(ACCTON, RT3070),
117 RUN_DEV(ACCTON, RT3070_1),
118 RUN_DEV(ACCTON, RT3070_2),
119 RUN_DEV(ACCTON, RT3070_3),
120 RUN_DEV(ACCTON, RT3070_4),
121 RUN_DEV(ACCTON, RT3070_5),
122 RUN_DEV(AIRTIES, RT3070),
123 RUN_DEV(ALLWIN, RT2070),
124 RUN_DEV(ALLWIN, RT2770),
125 RUN_DEV(ALLWIN, RT2870),
126 RUN_DEV(ALLWIN, RT3070),
127 RUN_DEV(ALLWIN, RT3071),
128 RUN_DEV(ALLWIN, RT3072),
129 RUN_DEV(ALLWIN, RT3572),
130 RUN_DEV(AMIGO, RT2870_1),
131 RUN_DEV(AMIGO, RT2870_2),
132 RUN_DEV(AMIT, CGWLUSB2GNR),
133 RUN_DEV(AMIT, RT2870_1),
134 RUN_DEV(AMIT2, RT2870),
135 RUN_DEV(ASUS, RT2870_1),
136 RUN_DEV(ASUS, RT2870_2),
137 RUN_DEV(ASUS, RT2870_3),
138 RUN_DEV(ASUS, RT2870_4),
139 RUN_DEV(ASUS, RT2870_5),
140 RUN_DEV(ASUS, USBN13),
141 RUN_DEV(ASUS, RT3070_1),
142 RUN_DEV(ASUS, USBN66),
143 RUN_DEV(ASUS, USB_N53),
144 RUN_DEV(ASUS2, USBN11),
145 RUN_DEV(AZUREWAVE, RT2870_1),
146 RUN_DEV(AZUREWAVE, RT2870_2),
147 RUN_DEV(AZUREWAVE, RT3070_1),
148 RUN_DEV(AZUREWAVE, RT3070_2),
149 RUN_DEV(AZUREWAVE, RT3070_3),
150 RUN_DEV(BELKIN, F9L1103),
151 RUN_DEV(BELKIN, F5D8053V3),
152 RUN_DEV(BELKIN, F5D8055),
153 RUN_DEV(BELKIN, F5D8055V2),
154 RUN_DEV(BELKIN, F6D4050V1),
155 RUN_DEV(BELKIN, F6D4050V2),
156 RUN_DEV(BELKIN, RT2870_1),
157 RUN_DEV(BELKIN, RT2870_2),
158 RUN_DEV(CISCOLINKSYS, AE1000),
159 RUN_DEV(CISCOLINKSYS2, RT3070),
160 RUN_DEV(CISCOLINKSYS3, RT3070),
161 RUN_DEV(CONCEPTRONIC2, RT2870_1),
162 RUN_DEV(CONCEPTRONIC2, RT2870_2),
163 RUN_DEV(CONCEPTRONIC2, RT2870_3),
164 RUN_DEV(CONCEPTRONIC2, RT2870_4),
165 RUN_DEV(CONCEPTRONIC2, RT2870_5),
166 RUN_DEV(CONCEPTRONIC2, RT2870_6),
167 RUN_DEV(CONCEPTRONIC2, RT2870_7),
168 RUN_DEV(CONCEPTRONIC2, RT2870_8),
169 RUN_DEV(CONCEPTRONIC2, RT3070_1),
170 RUN_DEV(CONCEPTRONIC2, RT3070_2),
171 RUN_DEV(CONCEPTRONIC2, VIGORN61),
172 RUN_DEV(COREGA, CGWLUSB300GNM),
173 RUN_DEV(COREGA, RT2870_1),
174 RUN_DEV(COREGA, RT2870_2),
175 RUN_DEV(COREGA, RT2870_3),
176 RUN_DEV(COREGA, RT3070),
177 RUN_DEV(CYBERTAN, RT2870),
178 RUN_DEV(DLINK, RT2870),
179 RUN_DEV(DLINK, RT3072),
180 RUN_DEV(DLINK, DWA127),
181 RUN_DEV(DLINK, DWA140B3),
182 RUN_DEV(DLINK, DWA160B2),
183 RUN_DEV(DLINK, DWA140D1),
184 RUN_DEV(DLINK, DWA162),
185 RUN_DEV(DLINK2, DWA130),
186 RUN_DEV(DLINK2, RT2870_1),
187 RUN_DEV(DLINK2, RT2870_2),
188 RUN_DEV(DLINK2, RT3070_1),
189 RUN_DEV(DLINK2, RT3070_2),
190 RUN_DEV(DLINK2, RT3070_3),
191 RUN_DEV(DLINK2, RT3070_4),
192 RUN_DEV(DLINK2, RT3070_5),
193 RUN_DEV(DLINK2, RT3072),
194 RUN_DEV(DLINK2, RT3072_1),
195 RUN_DEV(EDIMAX, EW7717),
196 RUN_DEV(EDIMAX, EW7718),
197 RUN_DEV(EDIMAX, EW7733UND),
198 RUN_DEV(EDIMAX, RT2870_1),
199 RUN_DEV(ENCORE, RT3070_1),
200 RUN_DEV(ENCORE, RT3070_2),
201 RUN_DEV(ENCORE, RT3070_3),
202 RUN_DEV(GIGABYTE, GNWB31N),
203 RUN_DEV(GIGABYTE, GNWB32L),
204 RUN_DEV(GIGABYTE, RT2870_1),
205 RUN_DEV(GIGASET, RT3070_1),
206 RUN_DEV(GIGASET, RT3070_2),
207 RUN_DEV(GUILLEMOT, HWNU300),
208 RUN_DEV(HAWKING, HWUN2),
209 RUN_DEV(HAWKING, RT2870_1),
210 RUN_DEV(HAWKING, RT2870_2),
211 RUN_DEV(HAWKING, RT3070),
212 RUN_DEV(IODATA, RT3072_1),
213 RUN_DEV(IODATA, RT3072_2),
214 RUN_DEV(IODATA, RT3072_3),
215 RUN_DEV(IODATA, RT3072_4),
216 RUN_DEV(LINKSYS4, RT3070),
217 RUN_DEV(LINKSYS4, WUSB100),
218 RUN_DEV(LINKSYS4, WUSB54GCV3),
219 RUN_DEV(LINKSYS4, WUSB600N),
220 RUN_DEV(LINKSYS4, WUSB600NV2),
221 RUN_DEV(LOGITEC, RT2870_1),
222 RUN_DEV(LOGITEC, RT2870_2),
223 RUN_DEV(LOGITEC, RT2870_3),
224 RUN_DEV(LOGITEC, LANW300NU2),
225 RUN_DEV(LOGITEC, LANW150NU2),
226 RUN_DEV(LOGITEC, LANW300NU2S),
227 RUN_DEV(MELCO, WLIUCG300HP),
228 RUN_DEV(MELCO, RT2870_2),
229 RUN_DEV(MELCO, WLIUCAG300N),
230 RUN_DEV(MELCO, WLIUCG300N),
231 RUN_DEV(MELCO, WLIUCG301N),
232 RUN_DEV(MELCO, WLIUCGN),
233 RUN_DEV(MELCO, WLIUCGNM),
234 RUN_DEV(MELCO, WLIUCG300HPV1),
235 RUN_DEV(MELCO, WLIUCGNM2),
236 RUN_DEV(MOTOROLA4, RT2770),
237 RUN_DEV(MOTOROLA4, RT3070),
238 RUN_DEV(MSI, RT3070_1),
239 RUN_DEV(MSI, RT3070_2),
240 RUN_DEV(MSI, RT3070_3),
241 RUN_DEV(MSI, RT3070_4),
242 RUN_DEV(MSI, RT3070_5),
243 RUN_DEV(MSI, RT3070_6),
244 RUN_DEV(MSI, RT3070_7),
245 RUN_DEV(MSI, RT3070_8),
246 RUN_DEV(MSI, RT3070_9),
247 RUN_DEV(MSI, RT3070_10),
248 RUN_DEV(MSI, RT3070_11),
249 RUN_DEV(NETGEAR, WNDA4100),
250 RUN_DEV(OVISLINK, RT3072),
251 RUN_DEV(PARA, RT3070),
252 RUN_DEV(PEGATRON, RT2870),
253 RUN_DEV(PEGATRON, RT3070),
254 RUN_DEV(PEGATRON, RT3070_2),
255 RUN_DEV(PEGATRON, RT3070_3),
256 RUN_DEV(PHILIPS, RT2870),
257 RUN_DEV(PLANEX2, GWUS300MINIS),
258 RUN_DEV(PLANEX2, GWUSMICRON),
259 RUN_DEV(PLANEX2, RT2870),
260 RUN_DEV(PLANEX2, RT3070),
261 RUN_DEV(QCOM, RT2870),
262 RUN_DEV(QUANTA, RT3070),
263 RUN_DEV(RALINK, RT2070),
264 RUN_DEV(RALINK, RT2770),
265 RUN_DEV(RALINK, RT2870),
266 RUN_DEV(RALINK, RT3070),
267 RUN_DEV(RALINK, RT3071),
268 RUN_DEV(RALINK, RT3072),
269 RUN_DEV(RALINK, RT3370),
270 RUN_DEV(RALINK, RT3572),
271 RUN_DEV(RALINK, RT3573),
272 RUN_DEV(RALINK, RT5370),
273 RUN_DEV(RALINK, RT5572),
274 RUN_DEV(RALINK, RT8070),
275 RUN_DEV(SAMSUNG, WIS09ABGN),
276 RUN_DEV(SAMSUNG2, RT2870_1),
277 RUN_DEV(SENAO, RT2870_1),
278 RUN_DEV(SENAO, RT2870_2),
279 RUN_DEV(SENAO, RT2870_3),
280 RUN_DEV(SENAO, RT2870_4),
281 RUN_DEV(SENAO, RT3070),
282 RUN_DEV(SENAO, RT3071),
283 RUN_DEV(SENAO, RT3072_1),
284 RUN_DEV(SENAO, RT3072_2),
285 RUN_DEV(SENAO, RT3072_3),
286 RUN_DEV(SENAO, RT3072_4),
287 RUN_DEV(SENAO, RT3072_5),
288 RUN_DEV(SITECOMEU, RT2770),
289 RUN_DEV(SITECOMEU, RT2870_1),
290 RUN_DEV(SITECOMEU, RT2870_2),
291 RUN_DEV(SITECOMEU, RT2870_3),
292 RUN_DEV(SITECOMEU, RT2870_4),
293 RUN_DEV(SITECOMEU, RT3070),
294 RUN_DEV(SITECOMEU, RT3070_2),
295 RUN_DEV(SITECOMEU, RT3070_3),
296 RUN_DEV(SITECOMEU, RT3070_4),
297 RUN_DEV(SITECOMEU, RT3071),
298 RUN_DEV(SITECOMEU, RT3072_1),
299 RUN_DEV(SITECOMEU, RT3072_2),
300 RUN_DEV(SITECOMEU, RT3072_3),
301 RUN_DEV(SITECOMEU, RT3072_4),
302 RUN_DEV(SITECOMEU, RT3072_5),
303 RUN_DEV(SITECOMEU, RT3072_6),
304 RUN_DEV(SITECOMEU, WL608),
305 RUN_DEV(SPARKLAN, RT2870_1),
306 RUN_DEV(SPARKLAN, RT3070),
307 RUN_DEV(SWEEX2, LW153),
308 RUN_DEV(SWEEX2, LW303),
309 RUN_DEV(SWEEX2, LW313),
310 RUN_DEV(TOSHIBA, RT3070),
311 RUN_DEV(UMEDIA, RT2870_1),
312 RUN_DEV(ZCOM, RT2870_1),
313 RUN_DEV(ZCOM, RT2870_2),
314 RUN_DEV(ZINWELL, RT2870_1),
315 RUN_DEV(ZINWELL, RT2870_2),
316 RUN_DEV(ZINWELL, RT3070),
317 RUN_DEV(ZINWELL, RT3072_1),
318 RUN_DEV(ZINWELL, RT3072_2),
319 RUN_DEV(ZYXEL, RT2870_1),
320 RUN_DEV(ZYXEL, RT2870_2),
321 RUN_DEV(ZYXEL, RT3070),
322 RUN_DEV_EJECT(ZYXEL, NWD2705),
323 RUN_DEV_EJECT(RALINK, RT_STOR),
324#undef RUN_DEV_EJECT
325#undef RUN_DEV
326};
327
328static device_probe_t run_match;
329static device_attach_t run_attach;
330static device_detach_t run_detach;
331
332static usb_callback_t run_bulk_rx_callback;
333static usb_callback_t run_bulk_tx_callback0;
334static usb_callback_t run_bulk_tx_callback1;
335static usb_callback_t run_bulk_tx_callback2;
336static usb_callback_t run_bulk_tx_callback3;
337static usb_callback_t run_bulk_tx_callback4;
338static usb_callback_t run_bulk_tx_callback5;
339
340static void run_autoinst(void *, struct usb_device *,
341 struct usb_attach_arg *);
342static int run_driver_loaded(struct module *, int, void *);
343static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
344 usb_error_t error, u_int index);
345static struct ieee80211vap *run_vap_create(struct ieee80211com *,
346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
347 const uint8_t [IEEE80211_ADDR_LEN],
348 const uint8_t [IEEE80211_ADDR_LEN]);
349static void run_vap_delete(struct ieee80211vap *);
350static void run_cmdq_cb(void *, int);
351static void run_setup_tx_list(struct run_softc *,
352 struct run_endpoint_queue *);
353static void run_unsetup_tx_list(struct run_softc *,
354 struct run_endpoint_queue *);
355static int run_load_microcode(struct run_softc *);
356static int run_reset(struct run_softc *);
357static usb_error_t run_do_request(struct run_softc *,
358 struct usb_device_request *, void *);
359static int run_read(struct run_softc *, uint16_t, uint32_t *);
360static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
361static int run_write_2(struct run_softc *, uint16_t, uint16_t);
362static int run_write(struct run_softc *, uint16_t, uint32_t);
363static int run_write_region_1(struct run_softc *, uint16_t,
364 const uint8_t *, int);
365static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
366static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
367static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
368static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
369static int run_rt2870_rf_write(struct run_softc *, uint32_t);
370static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
371static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
372static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
373static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
374static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
375static const char *run_get_rf(uint16_t);
376static void run_rt3593_get_txpower(struct run_softc *);
377static void run_get_txpower(struct run_softc *);
378static int run_read_eeprom(struct run_softc *);
379static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
380 const uint8_t mac[IEEE80211_ADDR_LEN]);
381static int run_media_change(struct ifnet *);
382static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
383static int run_wme_update(struct ieee80211com *);
384static void run_key_set_cb(void *);
385static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
386static void run_key_delete_cb(void *);
387static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
388static void run_ratectl_to(void *);
389static void run_ratectl_cb(void *, int);
390static void run_drain_fifo(void *);
391static void run_iter_func(void *, struct ieee80211_node *);
392static void run_newassoc_cb(void *);
393static void run_newassoc(struct ieee80211_node *, int);
394static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
395 const struct ieee80211_rx_stats *, int, int);
396static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
397static void run_tx_free(struct run_endpoint_queue *pq,
398 struct run_tx_data *, int);
399static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
400static int run_tx(struct run_softc *, struct mbuf *,
401 struct ieee80211_node *);
402static int run_tx_mgt(struct run_softc *, struct mbuf *,
403 struct ieee80211_node *);
404static int run_sendprot(struct run_softc *, const struct mbuf *,
405 struct ieee80211_node *, int, int);
406static int run_tx_param(struct run_softc *, struct mbuf *,
407 struct ieee80211_node *,
408 const struct ieee80211_bpf_params *);
409static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
410 const struct ieee80211_bpf_params *);
411static int run_transmit(struct ieee80211com *, struct mbuf *);
412static void run_start(struct run_softc *);
413static void run_parent(struct ieee80211com *);
414static void run_iq_calib(struct run_softc *, u_int);
415static void run_set_agc(struct run_softc *, uint8_t);
416static void run_select_chan_group(struct run_softc *, int);
417static void run_set_rx_antenna(struct run_softc *, int);
418static void run_rt2870_set_chan(struct run_softc *, u_int);
419static void run_rt3070_set_chan(struct run_softc *, u_int);
420static void run_rt3572_set_chan(struct run_softc *, u_int);
421static void run_rt3593_set_chan(struct run_softc *, u_int);
422static void run_rt5390_set_chan(struct run_softc *, u_int);
423static void run_rt5592_set_chan(struct run_softc *, u_int);
424static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
425static void run_set_channel(struct ieee80211com *);
426static void run_scan_start(struct ieee80211com *);
427static void run_scan_end(struct ieee80211com *);
428static void run_update_beacon(struct ieee80211vap *, int);
429static void run_update_beacon_cb(void *);
430static void run_updateprot(struct ieee80211com *);
431static void run_updateprot_cb(void *);
432static void run_usb_timeout_cb(void *);
433static void run_reset_livelock(struct run_softc *);
434static void run_enable_tsf_sync(struct run_softc *);
435static void run_enable_tsf(struct run_softc *);
436static void run_get_tsf(struct run_softc *, uint64_t *);
437static void run_enable_mrr(struct run_softc *);
438static void run_set_txpreamble(struct run_softc *);
439static void run_set_basicrates(struct run_softc *);
440static void run_set_leds(struct run_softc *, uint16_t);
441static void run_set_bssid(struct run_softc *, const uint8_t *);
442static void run_set_macaddr(struct run_softc *, const uint8_t *);
443static void run_updateslot(struct ieee80211com *);
444static void run_updateslot_cb(void *);
445static void run_update_mcast(struct ieee80211com *);
446static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
447static void run_update_promisc_locked(struct run_softc *);
448static void run_update_promisc(struct ieee80211com *);
449static void run_rt5390_bbp_init(struct run_softc *);
450static int run_bbp_init(struct run_softc *);
451static int run_rt3070_rf_init(struct run_softc *);
452static void run_rt3593_rf_init(struct run_softc *);
453static void run_rt5390_rf_init(struct run_softc *);
454static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
455 uint8_t *);
456static void run_rt3070_rf_setup(struct run_softc *);
457static void run_rt3593_rf_setup(struct run_softc *);
458static void run_rt5390_rf_setup(struct run_softc *);
459static int run_txrx_enable(struct run_softc *);
460static void run_adjust_freq_offset(struct run_softc *);
461static void run_init_locked(struct run_softc *);
462static void run_stop(void *);
463static void run_delay(struct run_softc *, u_int);
464
465static eventhandler_tag run_etag;
466
467static const struct rt2860_rate {
468 uint8_t rate;
469 uint8_t mcs;
470 enum ieee80211_phytype phy;
471 uint8_t ctl_ridx;
472 uint16_t sp_ack_dur;
473 uint16_t lp_ack_dur;
474} rt2860_rates[] = {
475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
487};
488
489static const struct {
490 uint16_t reg;
491 uint32_t val;
492} rt2870_def_mac[] = {
493 RT2870_DEF_MAC
494};
495
496static const struct {
497 uint8_t reg;
498 uint8_t val;
499} rt2860_def_bbp[] = {
500 RT2860_DEF_BBP
501},rt5390_def_bbp[] = {
502 RT5390_DEF_BBP
503},rt5592_def_bbp[] = {
504 RT5592_DEF_BBP
505};
506
507/*
508 * Default values for BBP register R196 for RT5592.
509 */
510static const uint8_t rt5592_bbp_r196[] = {
511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
519 0x2e, 0x36, 0x30, 0x6e
520};
521
522static const struct rfprog {
523 uint8_t chan;
524 uint32_t r1, r2, r3, r4;
525} rt2860_rf2850[] = {
526 RT2860_RF2850
527};
528
529struct {
530 uint8_t n, r, k;
531} rt3070_freqs[] = {
532 RT3070_RF3052
533};
534
535static const struct rt5592_freqs {
536 uint16_t n;
537 uint8_t k, m, r;
538} rt5592_freqs_20mhz[] = {
539 RT5592_RF5592_20MHZ
540},rt5592_freqs_40mhz[] = {
541 RT5592_RF5592_40MHZ
542};
543
544static const struct {
545 uint8_t reg;
546 uint8_t val;
547} rt3070_def_rf[] = {
548 RT3070_DEF_RF
549},rt3572_def_rf[] = {
550 RT3572_DEF_RF
551},rt3593_def_rf[] = {
552 RT3593_DEF_RF
553},rt5390_def_rf[] = {
554 RT5390_DEF_RF
555},rt5392_def_rf[] = {
556 RT5392_DEF_RF
557},rt5592_def_rf[] = {
558 RT5592_DEF_RF
559},rt5592_2ghz_def_rf[] = {
560 RT5592_2GHZ_DEF_RF
561},rt5592_5ghz_def_rf[] = {
562 RT5592_5GHZ_DEF_RF
563};
564
565static const struct {
566 u_int firstchan;
567 u_int lastchan;
568 uint8_t reg;
569 uint8_t val;
570} rt5592_chan_5ghz[] = {
571 RT5592_CHAN_5GHZ
572};
573
574static const struct usb_config run_config[RUN_N_XFER] = {
575 [RUN_BULK_TX_BE] = {
576 .type = UE_BULK,
577 .endpoint = UE_ADDR_ANY,
578 .ep_index = 0,
579 .direction = UE_DIR_OUT,
580 .bufsize = RUN_MAX_TXSZ,
581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
582 .callback = run_bulk_tx_callback0,
583 .timeout = 5000, /* ms */
584 },
585 [RUN_BULK_TX_BK] = {
586 .type = UE_BULK,
587 .endpoint = UE_ADDR_ANY,
588 .direction = UE_DIR_OUT,
589 .ep_index = 1,
590 .bufsize = RUN_MAX_TXSZ,
591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
592 .callback = run_bulk_tx_callback1,
593 .timeout = 5000, /* ms */
594 },
595 [RUN_BULK_TX_VI] = {
596 .type = UE_BULK,
597 .endpoint = UE_ADDR_ANY,
598 .direction = UE_DIR_OUT,
599 .ep_index = 2,
600 .bufsize = RUN_MAX_TXSZ,
601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
602 .callback = run_bulk_tx_callback2,
603 .timeout = 5000, /* ms */
604 },
605 [RUN_BULK_TX_VO] = {
606 .type = UE_BULK,
607 .endpoint = UE_ADDR_ANY,
608 .direction = UE_DIR_OUT,
609 .ep_index = 3,
610 .bufsize = RUN_MAX_TXSZ,
611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
612 .callback = run_bulk_tx_callback3,
613 .timeout = 5000, /* ms */
614 },
615 [RUN_BULK_TX_HCCA] = {
616 .type = UE_BULK,
617 .endpoint = UE_ADDR_ANY,
618 .direction = UE_DIR_OUT,
619 .ep_index = 4,
620 .bufsize = RUN_MAX_TXSZ,
621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
622 .callback = run_bulk_tx_callback4,
623 .timeout = 5000, /* ms */
624 },
625 [RUN_BULK_TX_PRIO] = {
626 .type = UE_BULK,
627 .endpoint = UE_ADDR_ANY,
628 .direction = UE_DIR_OUT,
629 .ep_index = 5,
630 .bufsize = RUN_MAX_TXSZ,
631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
632 .callback = run_bulk_tx_callback5,
633 .timeout = 5000, /* ms */
634 },
635 [RUN_BULK_RX] = {
636 .type = UE_BULK,
637 .endpoint = UE_ADDR_ANY,
638 .direction = UE_DIR_IN,
639 .bufsize = RUN_MAX_RXSZ,
640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
641 .callback = run_bulk_rx_callback,
642 }
643};
644
645static void
646run_autoinst(void *arg, struct usb_device *udev,
647 struct usb_attach_arg *uaa)
648{
649 struct usb_interface *iface;
650 struct usb_interface_descriptor *id;
651
652 if (uaa->dev_state != UAA_DEV_READY)
653 return;
654
655 iface = usbd_get_iface(udev, 0);
656 if (iface == NULL)
657 return;
658 id = iface->idesc;
659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
660 return;
661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
662 return;
663
664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
665 uaa->dev_state = UAA_DEV_EJECTING;
666}
667
668static int
669run_driver_loaded(struct module *mod, int what, void *arg)
670{
671 switch (what) {
672 case MOD_LOAD:
673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
675 break;
676 case MOD_UNLOAD:
677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
678 break;
679 default:
680 return (EOPNOTSUPP);
681 }
682 return (0);
683}
684
685static int
686run_match(device_t self)
687{
688 struct usb_attach_arg *uaa = device_get_ivars(self);
689
690 if (uaa->usb_mode != USB_MODE_HOST)
691 return (ENXIO);
692 if (uaa->info.bConfigIndex != 0)
693 return (ENXIO);
694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
695 return (ENXIO);
696
697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
698}
699
700static int
701run_attach(device_t self)
702{
703 struct run_softc *sc = device_get_softc(self);
704 struct usb_attach_arg *uaa = device_get_ivars(self);
705 struct ieee80211com *ic = &sc->sc_ic;
706 uint32_t ver;
707 uint8_t bands[IEEE80211_MODE_BYTES];
708 uint8_t iface_index;
709 int ntries, error;
710
711 device_set_usb_desc(self);
712 sc->sc_udev = uaa->device;
713 sc->sc_dev = self;
714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
716
717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
718 MTX_NETWORK_LOCK, MTX_DEF);
719 mbufq_init(&sc->sc_snd, ifqmaxlen);
720
721 iface_index = RT2860_IFACE_INDEX;
722
723 error = usbd_transfer_setup(uaa->device, &iface_index,
724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
725 if (error) {
726 device_printf(self, "could not allocate USB transfers, "
727 "err=%s\n", usbd_errstr(error));
728 goto detach;
729 }
730
731 RUN_LOCK(sc);
732
733 /* wait for the chip to settle */
734 for (ntries = 0; ntries < 100; ntries++) {
735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
736 RUN_UNLOCK(sc);
737 goto detach;
738 }
739 if (ver != 0 && ver != 0xffffffff)
740 break;
741 run_delay(sc, 10);
742 }
743 if (ntries == 100) {
744 device_printf(sc->sc_dev,
745 "timeout waiting for NIC to initialize\n");
746 RUN_UNLOCK(sc);
747 goto detach;
748 }
749 sc->mac_ver = ver >> 16;
750 sc->mac_rev = ver & 0xffff;
751
752 /* retrieve RF rev. no and various other things from EEPROM */
753 run_read_eeprom(sc);
754
755 device_printf(sc->sc_dev,
756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
759
760 RUN_UNLOCK(sc);
761
762 ic->ic_softc = sc;
763 ic->ic_name = device_get_nameunit(self);
764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
766
767 /* set device capabilities */
768 ic->ic_caps =
769 IEEE80211_C_STA | /* station mode supported */
770 IEEE80211_C_MONITOR | /* monitor mode supported */
771 IEEE80211_C_IBSS |
772 IEEE80211_C_HOSTAP |
773 IEEE80211_C_WDS | /* 4-address traffic works */
774 IEEE80211_C_MBSS |
775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
776 IEEE80211_C_SHSLOT | /* short slot time supported */
777 IEEE80211_C_WME | /* WME */
778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
779
780 ic->ic_cryptocaps =
781 IEEE80211_CRYPTO_WEP |
782 IEEE80211_CRYPTO_AES_CCM |
783 IEEE80211_CRYPTO_TKIPMIC |
784 IEEE80211_CRYPTO_TKIP;
785
786 ic->ic_flags |= IEEE80211_F_DATAPAD;
787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
788
789 memset(bands, 0, sizeof(bands));
790 setbit(bands, IEEE80211_MODE_11B);
791 setbit(bands, IEEE80211_MODE_11G);
792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
794 sc->rf_rev == RT5592_RF_5592)
795 setbit(bands, IEEE80211_MODE_11A);
796 ieee80211_init_channels(ic, NULL, bands);
797
798 ieee80211_ifattach(ic);
799
800 ic->ic_scan_start = run_scan_start;
801 ic->ic_scan_end = run_scan_end;
802 ic->ic_set_channel = run_set_channel;
803 ic->ic_node_alloc = run_node_alloc;
804 ic->ic_newassoc = run_newassoc;
805 ic->ic_updateslot = run_updateslot;
806 ic->ic_update_mcast = run_update_mcast;
807 ic->ic_wme.wme_update = run_wme_update;
808 ic->ic_raw_xmit = run_raw_xmit;
809 ic->ic_update_promisc = run_update_promisc;
810 ic->ic_vap_create = run_vap_create;
811 ic->ic_vap_delete = run_vap_delete;
812 ic->ic_transmit = run_transmit;
813 ic->ic_parent = run_parent;
814
815 ieee80211_radiotap_attach(ic,
816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
817 RUN_TX_RADIOTAP_PRESENT,
818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
819 RUN_RX_RADIOTAP_PRESENT);
820
821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
824
825 if (bootverbose)
826 ieee80211_announce(ic);
827
828 return (0);
829
830detach:
831 run_detach(self);
832 return (ENXIO);
833}
834
835static void
836run_drain_mbufq(struct run_softc *sc)
837{
838 struct mbuf *m;
839 struct ieee80211_node *ni;
840
841 RUN_LOCK_ASSERT(sc, MA_OWNED);
842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
844 m->m_pkthdr.rcvif = NULL;
845 ieee80211_free_node(ni);
846 m_freem(m);
847 }
848}
849
850static int
851run_detach(device_t self)
852{
853 struct run_softc *sc = device_get_softc(self);
854 struct ieee80211com *ic = &sc->sc_ic;
855 int i;
856
857 RUN_LOCK(sc);
858 sc->sc_detached = 1;
859 RUN_UNLOCK(sc);
860
861 /* stop all USB transfers */
862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
863
864 RUN_LOCK(sc);
865 sc->ratectl_run = RUN_RATECTL_OFF;
866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
867
868 /* free TX list, if any */
869 for (i = 0; i != RUN_EP_QUEUES; i++)
870 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
871
872 /* Free TX queue */
873 run_drain_mbufq(sc);
874 RUN_UNLOCK(sc);
875
876 if (sc->sc_ic.ic_softc == sc) {
877 /* drain tasks */
878 usb_callout_drain(&sc->ratectl_ch);
879 ieee80211_draintask(ic, &sc->cmdq_task);
880 ieee80211_draintask(ic, &sc->ratectl_task);
881 ieee80211_ifdetach(ic);
882 }
883
884 mtx_destroy(&sc->sc_mtx);
885
886 return (0);
887}
888
889static struct ieee80211vap *
890run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
891 enum ieee80211_opmode opmode, int flags,
892 const uint8_t bssid[IEEE80211_ADDR_LEN],
893 const uint8_t mac[IEEE80211_ADDR_LEN])
894{
895 struct run_softc *sc = ic->ic_softc;
896 struct run_vap *rvp;
897 struct ieee80211vap *vap;
898 int i;
899
900 if (sc->rvp_cnt >= RUN_VAP_MAX) {
901 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
902 return (NULL);
903 }
904
905 switch (opmode) {
906 case IEEE80211_M_STA:
907 /* enable s/w bmiss handling for sta mode */
908 flags |= IEEE80211_CLONE_NOBEACONS;
909 /* fall though */
910 case IEEE80211_M_IBSS:
911 case IEEE80211_M_MONITOR:
912 case IEEE80211_M_HOSTAP:
913 case IEEE80211_M_MBSS:
914 /* other than WDS vaps, only one at a time */
915 if (!TAILQ_EMPTY(&ic->ic_vaps))
916 return (NULL);
917 break;
918 case IEEE80211_M_WDS:
919 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
920 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
921 continue;
922 /* WDS vap's always share the local mac address. */
923 flags &= ~IEEE80211_CLONE_BSSID;
924 break;
925 }
926 if (vap == NULL) {
927 device_printf(sc->sc_dev,
928 "wds only supported in ap mode\n");
929 return (NULL);
930 }
931 break;
932 default:
933 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
934 return (NULL);
935 }
936
937 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
938 vap = &rvp->vap;
939
940 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
941 bssid) != 0) {
942 /* out of memory */
943 free(rvp, M_80211_VAP);
944 return (NULL);
945 }
946
947 vap->iv_update_beacon = run_update_beacon;
948 vap->iv_max_aid = RT2870_WCID_MAX;
949 /*
950 * To delete the right key from h/w, we need wcid.
951 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
952 * and matching wcid will be written into there. So, cast
953 * some spells to remove 'const' from ieee80211_key{}
954 */
955 vap->iv_key_delete = (void *)run_key_delete;
956 vap->iv_key_set = (void *)run_key_set;
957
958 /* override state transition machine */
959 rvp->newstate = vap->iv_newstate;
960 vap->iv_newstate = run_newstate;
961 if (opmode == IEEE80211_M_IBSS) {
962 rvp->recv_mgmt = vap->iv_recv_mgmt;
963 vap->iv_recv_mgmt = run_recv_mgmt;
964 }
965
966 ieee80211_ratectl_init(vap);
967 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
968
969 /* complete setup */
970 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
971 mac);
972
973 /* make sure id is always unique */
974 for (i = 0; i < RUN_VAP_MAX; i++) {
975 if((sc->rvp_bmap & 1 << i) == 0){
976 sc->rvp_bmap |= 1 << i;
977 rvp->rvp_id = i;
978 break;
979 }
980 }
981 if (sc->rvp_cnt++ == 0)
982 ic->ic_opmode = opmode;
983
984 if (opmode == IEEE80211_M_HOSTAP)
985 sc->cmdq_run = RUN_CMDQ_GO;
986
987 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
988 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
989
990 return (vap);
991}
992
993static void
994run_vap_delete(struct ieee80211vap *vap)
995{
996 struct run_vap *rvp = RUN_VAP(vap);
997 struct ieee80211com *ic;
998 struct run_softc *sc;
999 uint8_t rvp_id;
1000
1001 if (vap == NULL)
1002 return;
1003
1004 ic = vap->iv_ic;
1005 sc = ic->ic_softc;
1006
1007 RUN_LOCK(sc);
1008
1009 m_freem(rvp->beacon_mbuf);
1010 rvp->beacon_mbuf = NULL;
1011
1012 rvp_id = rvp->rvp_id;
1013 sc->ratectl_run &= ~(1 << rvp_id);
1014 sc->rvp_bmap &= ~(1 << rvp_id);
1015 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1016 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1017 --sc->rvp_cnt;
1018
1019 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1020 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1021
1022 RUN_UNLOCK(sc);
1023
1024 ieee80211_ratectl_deinit(vap);
1025 ieee80211_vap_detach(vap);
1026 free(rvp, M_80211_VAP);
1027}
1028
1029/*
1030 * There are numbers of functions need to be called in context thread.
1031 * Rather than creating taskqueue event for each of those functions,
1032 * here is all-for-one taskqueue callback function. This function
1033 * guarantees deferred functions are executed in the same order they
1034 * were enqueued.
1035 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1036 */
1037static void
1038run_cmdq_cb(void *arg, int pending)
1039{
1040 struct run_softc *sc = arg;
1041 uint8_t i;
1042
1043 /* call cmdq[].func locked */
1044 RUN_LOCK(sc);
1045 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1046 i = sc->cmdq_exec, pending--) {
1047 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1048 if (sc->cmdq_run == RUN_CMDQ_GO) {
1049 /*
1050 * If arg0 is NULL, callback func needs more
1051 * than one arg. So, pass ptr to cmdq struct.
1052 */
1053 if (sc->cmdq[i].arg0)
1054 sc->cmdq[i].func(sc->cmdq[i].arg0);
1055 else
1056 sc->cmdq[i].func(&sc->cmdq[i]);
1057 }
1058 sc->cmdq[i].arg0 = NULL;
1059 sc->cmdq[i].func = NULL;
1060 sc->cmdq_exec++;
1061 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1062 }
1063 RUN_UNLOCK(sc);
1064}
1065
1066static void
1067run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1068{
1069 struct run_tx_data *data;
1070
1071 memset(pq, 0, sizeof(*pq));
1072
1073 STAILQ_INIT(&pq->tx_qh);
1074 STAILQ_INIT(&pq->tx_fh);
1075
1076 for (data = &pq->tx_data[0];
1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1078 data->sc = sc;
1079 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1080 }
1081 pq->tx_nfree = RUN_TX_RING_COUNT;
1082}
1083
1084static void
1085run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1086{
1087 struct run_tx_data *data;
1088
1089 /* make sure any subsequent use of the queues will fail */
1090 pq->tx_nfree = 0;
1091 STAILQ_INIT(&pq->tx_fh);
1092 STAILQ_INIT(&pq->tx_qh);
1093
1094 /* free up all node references and mbufs */
1095 for (data = &pq->tx_data[0];
1096 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1097 if (data->m != NULL) {
1098 m_freem(data->m);
1099 data->m = NULL;
1100 }
1101 if (data->ni != NULL) {
1102 ieee80211_free_node(data->ni);
1103 data->ni = NULL;
1104 }
1105 }
1106}
1107
1108static int
1109run_load_microcode(struct run_softc *sc)
1110{
1111 usb_device_request_t req;
1112 const struct firmware *fw;
1113 const u_char *base;
1114 uint32_t tmp;
1115 int ntries, error;
1116 const uint64_t *temp;
1117 uint64_t bytes;
1118
1119 RUN_UNLOCK(sc);
1120 fw = firmware_get("runfw");
1121 RUN_LOCK(sc);
1122 if (fw == NULL) {
1123 device_printf(sc->sc_dev,
1124 "failed loadfirmware of file %s\n", "runfw");
1125 return ENOENT;
1126 }
1127
1128 if (fw->datasize != 8192) {
1129 device_printf(sc->sc_dev,
1130 "invalid firmware size (should be 8KB)\n");
1131 error = EINVAL;
1132 goto fail;
1133 }
1134
1135 /*
1136 * RT3071/RT3072 use a different firmware
1137 * run-rt2870 (8KB) contains both,
1138 * first half (4KB) is for rt2870,
1139 * last half is for rt3071.
1140 */
1141 base = fw->data;
1142 if ((sc->mac_ver) != 0x2860 &&
1143 (sc->mac_ver) != 0x2872 &&
1144 (sc->mac_ver) != 0x3070) {
1145 base += 4096;
1146 }
1147
1148 /* cheap sanity check */
1149 temp = fw->data;
1150 bytes = *temp;
1151 if (bytes != be64toh(0xffffff0210280210ULL)) {
1152 device_printf(sc->sc_dev, "firmware checksum failed\n");
1153 error = EINVAL;
1154 goto fail;
1155 }
1156
1157 /* write microcode image */
1158 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1159 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1160 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1161 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1162 }
1163
1164 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1165 req.bRequest = RT2870_RESET;
1166 USETW(req.wValue, 8);
1167 USETW(req.wIndex, 0);
1168 USETW(req.wLength, 0);
1169 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1170 != 0) {
1171 device_printf(sc->sc_dev, "firmware reset failed\n");
1172 goto fail;
1173 }
1174
1175 run_delay(sc, 10);
1176
1177 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1178 run_write(sc, RT2860_H2M_MAILBOX, 0);
1179 run_write(sc, RT2860_H2M_INTSRC, 0);
1180 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1181 goto fail;
1182
1183 /* wait until microcontroller is ready */
1184 for (ntries = 0; ntries < 1000; ntries++) {
1185 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1186 goto fail;
1187 if (tmp & RT2860_MCU_READY)
1188 break;
1189 run_delay(sc, 10);
1190 }
1191 if (ntries == 1000) {
1192 device_printf(sc->sc_dev,
1193 "timeout waiting for MCU to initialize\n");
1194 error = ETIMEDOUT;
1195 goto fail;
1196 }
1197 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1198 (base == fw->data) ? "RT2870" : "RT3071",
1199 *(base + 4092), *(base + 4093));
1200
1201fail:
1202 firmware_put(fw, FIRMWARE_UNLOAD);
1203 return (error);
1204}
1205
1206static int
1207run_reset(struct run_softc *sc)
1208{
1209 usb_device_request_t req;
1210
1211 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1212 req.bRequest = RT2870_RESET;
1213 USETW(req.wValue, 1);
1214 USETW(req.wIndex, 0);
1215 USETW(req.wLength, 0);
1216 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1217}
1218
1219static usb_error_t
1220run_do_request(struct run_softc *sc,
1221 struct usb_device_request *req, void *data)
1222{
1223 usb_error_t err;
1224 int ntries = 10;
1225
1226 RUN_LOCK_ASSERT(sc, MA_OWNED);
1227
1228 while (ntries--) {
1229 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1230 req, data, 0, NULL, 250 /* ms */);
1231 if (err == 0)
1232 break;
1233 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1234 usbd_errstr(err));
1235 run_delay(sc, 10);
1236 }
1237 return (err);
1238}
1239
1240static int
1241run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1242{
1243 uint32_t tmp;
1244 int error;
1245
1246 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1247 if (error == 0)
1248 *val = le32toh(tmp);
1249 else
1250 *val = 0xffffffff;
1251 return (error);
1252}
1253
1254static int
1255run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1256{
1257 usb_device_request_t req;
1258
1259 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1260 req.bRequest = RT2870_READ_REGION_1;
1261 USETW(req.wValue, 0);
1262 USETW(req.wIndex, reg);
1263 USETW(req.wLength, len);
1264
1265 return (run_do_request(sc, &req, buf));
1266}
1267
1268static int
1269run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1270{
1271 usb_device_request_t req;
1272
1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1274 req.bRequest = RT2870_WRITE_2;
1275 USETW(req.wValue, val);
1276 USETW(req.wIndex, reg);
1277 USETW(req.wLength, 0);
1278
1279 return (run_do_request(sc, &req, NULL));
1280}
1281
1282static int
1283run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1284{
1285 int error;
1286
1287 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1288 error = run_write_2(sc, reg + 2, val >> 16);
1289 return (error);
1290}
1291
1292static int
1293run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1294 int len)
1295{
1296#if 1
1297 int i, error = 0;
1298 /*
1299 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1300 * We thus issue multiple WRITE_2 commands instead.
1301 */
1302 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1303 for (i = 0; i < len && error == 0; i += 2)
1304 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1305 return (error);
1306#else
1307 usb_device_request_t req;
1308 int error = 0;
1309
1310 /*
1311 * NOTE: It appears the WRITE_REGION_1 command cannot be
1312 * passed a huge amount of data, which will crash the
1313 * firmware. Limit amount of data passed to 64-bytes at a
1314 * time.
1315 */
1316 while (len > 0) {
1317 int delta = 64;
1318 if (delta > len)
1319 delta = len;
1320
1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1322 req.bRequest = RT2870_WRITE_REGION_1;
1323 USETW(req.wValue, 0);
1324 USETW(req.wIndex, reg);
1325 USETW(req.wLength, delta);
1326 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1327 if (error != 0)
1328 break;
1329 reg += delta;
1330 buf += delta;
1331 len -= delta;
1332 }
1333 return (error);
1334#endif
1335}
1336
1337static int
1338run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1339{
1340 int i, error = 0;
1341
1342 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1343 for (i = 0; i < len && error == 0; i += 4)
1344 error = run_write(sc, reg + i, val);
1345 return (error);
1346}
1347
1348static int
1349run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1350{
1351 uint32_t tmp;
1352 uint16_t reg;
1353 int error, ntries;
1354
1355 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1356 return (error);
1357
1358 if (count == 2)
1359 addr *= 2;
1360 /*-
1361 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1362 * DATA0: F E D C
1363 * DATA1: B A 9 8
1364 * DATA2: 7 6 5 4
1365 * DATA3: 3 2 1 0
1366 */
1367 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1368 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1369 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1370 for (ntries = 0; ntries < 100; ntries++) {
1371 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1372 return (error);
1373 if (!(tmp & RT3070_EFSROM_KICK))
1374 break;
1375 run_delay(sc, 2);
1376 }
1377 if (ntries == 100)
1378 return (ETIMEDOUT);
1379
1380 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1381 *val = 0xffff; /* address not found */
1382 return (0);
1383 }
1384 /* determine to which 32-bit register our 16-bit word belongs */
1385 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1386 if ((error = run_read(sc, reg, &tmp)) != 0)
1387 return (error);
1388
1389 tmp >>= (8 * (addr & 0x3));
1390 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1391
1392 return (0);
1393}
1394
1395/* Read 16-bit from eFUSE ROM for RT3xxx. */
1396static int
1397run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1398{
1399 return (run_efuse_read(sc, addr, val, 2));
1400}
1401
1402static int
1403run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1404{
1405 usb_device_request_t req;
1406 uint16_t tmp;
1407 int error;
1408
1409 addr *= 2;
1410 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1411 req.bRequest = RT2870_EEPROM_READ;
1412 USETW(req.wValue, 0);
1413 USETW(req.wIndex, addr);
1414 USETW(req.wLength, sizeof(tmp));
1415
1416 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1417 if (error == 0)
1418 *val = le16toh(tmp);
1419 else
1420 *val = 0xffff;
1421 return (error);
1422}
1423
1424static __inline int
1425run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1426{
1427 /* either eFUSE ROM or EEPROM */
1428 return sc->sc_srom_read(sc, addr, val);
1429}
1430
1431static int
1432run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1433{
1434 uint32_t tmp;
1435 int error, ntries;
1436
1437 for (ntries = 0; ntries < 10; ntries++) {
1438 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1439 return (error);
1440 if (!(tmp & RT2860_RF_REG_CTRL))
1441 break;
1442 }
1443 if (ntries == 10)
1444 return (ETIMEDOUT);
1445
1446 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1447}
1448
1449static int
1450run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1451{
1452 uint32_t tmp;
1453 int error, ntries;
1454
1455 for (ntries = 0; ntries < 100; ntries++) {
1456 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1457 return (error);
1458 if (!(tmp & RT3070_RF_KICK))
1459 break;
1460 }
1461 if (ntries == 100)
1462 return (ETIMEDOUT);
1463
1464 tmp = RT3070_RF_KICK | reg << 8;
1465 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1466 return (error);
1467
1468 for (ntries = 0; ntries < 100; ntries++) {
1469 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1470 return (error);
1471 if (!(tmp & RT3070_RF_KICK))
1472 break;
1473 }
1474 if (ntries == 100)
1475 return (ETIMEDOUT);
1476
1477 *val = tmp & 0xff;
1478 return (0);
1479}
1480
1481static int
1482run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1483{
1484 uint32_t tmp;
1485 int error, ntries;
1486
1487 for (ntries = 0; ntries < 10; ntries++) {
1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1489 return (error);
1490 if (!(tmp & RT3070_RF_KICK))
1491 break;
1492 }
1493 if (ntries == 10)
1494 return (ETIMEDOUT);
1495
1496 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1497 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1498}
1499
1500static int
1501run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1502{
1503 uint32_t tmp;
1504 int ntries, error;
1505
1506 for (ntries = 0; ntries < 10; ntries++) {
1507 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1508 return (error);
1509 if (!(tmp & RT2860_BBP_CSR_KICK))
1510 break;
1511 }
1512 if (ntries == 10)
1513 return (ETIMEDOUT);
1514
1515 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1516 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1517 return (error);
1518
1519 for (ntries = 0; ntries < 10; ntries++) {
1520 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1521 return (error);
1522 if (!(tmp & RT2860_BBP_CSR_KICK))
1523 break;
1524 }
1525 if (ntries == 10)
1526 return (ETIMEDOUT);
1527
1528 *val = tmp & 0xff;
1529 return (0);
1530}
1531
1532static int
1533run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1534{
1535 uint32_t tmp;
1536 int ntries, error;
1537
1538 for (ntries = 0; ntries < 10; ntries++) {
1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1540 return (error);
1541 if (!(tmp & RT2860_BBP_CSR_KICK))
1542 break;
1543 }
1544 if (ntries == 10)
1545 return (ETIMEDOUT);
1546
1547 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1548 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1549}
1550
1551/*
1552 * Send a command to the 8051 microcontroller unit.
1553 */
1554static int
1555run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1556{
1557 uint32_t tmp;
1558 int error, ntries;
1559
1560 for (ntries = 0; ntries < 100; ntries++) {
1561 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1562 return error;
1563 if (!(tmp & RT2860_H2M_BUSY))
1564 break;
1565 }
1566 if (ntries == 100)
1567 return ETIMEDOUT;
1568
1569 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1570 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1571 error = run_write(sc, RT2860_HOST_CMD, cmd);
1572 return (error);
1573}
1574
1575/*
1576 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1577 * Used to adjust per-rate Tx power registers.
1578 */
1579static __inline uint32_t
1580b4inc(uint32_t b32, int8_t delta)
1581{
1582 int8_t i, b4;
1583
1584 for (i = 0; i < 8; i++) {
1585 b4 = b32 & 0xf;
1586 b4 += delta;
1587 if (b4 < 0)
1588 b4 = 0;
1589 else if (b4 > 0xf)
1590 b4 = 0xf;
1591 b32 = b32 >> 4 | b4 << 28;
1592 }
1593 return (b32);
1594}
1595
1596static const char *
1597run_get_rf(uint16_t rev)
1598{
1599 switch (rev) {
1600 case RT2860_RF_2820: return "RT2820";
1601 case RT2860_RF_2850: return "RT2850";
1602 case RT2860_RF_2720: return "RT2720";
1603 case RT2860_RF_2750: return "RT2750";
1604 case RT3070_RF_3020: return "RT3020";
1605 case RT3070_RF_2020: return "RT2020";
1606 case RT3070_RF_3021: return "RT3021";
1607 case RT3070_RF_3022: return "RT3022";
1608 case RT3070_RF_3052: return "RT3052";
1609 case RT3593_RF_3053: return "RT3053";
1610 case RT5592_RF_5592: return "RT5592";
1611 case RT5390_RF_5370: return "RT5370";
1612 case RT5390_RF_5372: return "RT5372";
1613 }
1614 return ("unknown");
1615}
1616
1617static void
1618run_rt3593_get_txpower(struct run_softc *sc)
1619{
1620 uint16_t addr, val;
1621 int i;
1622
1623 /* Read power settings for 2GHz channels. */
1624 for (i = 0; i < 14; i += 2) {
1625 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1626 RT2860_EEPROM_PWR2GHZ_BASE1;
1627 run_srom_read(sc, addr + i / 2, &val);
1628 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1629 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1630
1631 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1632 RT2860_EEPROM_PWR2GHZ_BASE2;
1633 run_srom_read(sc, addr + i / 2, &val);
1634 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1635 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1636
1637 if (sc->ntxchains == 3) {
1638 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1639 &val);
1640 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1641 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1642 }
1643 }
1644 /* Fix broken Tx power entries. */
1645 for (i = 0; i < 14; i++) {
1646 if (sc->txpow1[i] > 31)
1647 sc->txpow1[i] = 5;
1648 if (sc->txpow2[i] > 31)
1649 sc->txpow2[i] = 5;
1650 if (sc->ntxchains == 3) {
1651 if (sc->txpow3[i] > 31)
1652 sc->txpow3[i] = 5;
1653 }
1654 }
1655 /* Read power settings for 5GHz channels. */
1656 for (i = 0; i < 40; i += 2) {
1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1658 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1659 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1660
1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1662 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1663 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1664
1665 if (sc->ntxchains == 3) {
1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1667 &val);
1668 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1669 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1670 }
1671 }
1672}
1673
1674static void
1675run_get_txpower(struct run_softc *sc)
1676{
1677 uint16_t val;
1678 int i;
1679
1680 /* Read power settings for 2GHz channels. */
1681 for (i = 0; i < 14; i += 2) {
1682 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1683 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1684 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1685
1686 if (sc->mac_ver != 0x5390) {
1687 run_srom_read(sc,
1688 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1689 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1690 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1691 }
1692 }
1693 /* Fix broken Tx power entries. */
1694 for (i = 0; i < 14; i++) {
1695 if (sc->mac_ver >= 0x5390) {
1696 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1697 sc->txpow1[i] = 5;
1698 } else {
1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1700 sc->txpow1[i] = 5;
1701 }
1702 if (sc->mac_ver > 0x5390) {
1703 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1704 sc->txpow2[i] = 5;
1705 } else if (sc->mac_ver < 0x5390) {
1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1707 sc->txpow2[i] = 5;
1708 }
1709 DPRINTF("chan %d: power1=%d, power2=%d\n",
1710 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1711 }
1712 /* Read power settings for 5GHz channels. */
1713 for (i = 0; i < 40; i += 2) {
1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1715 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1716 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1717
1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1719 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1720 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1721 }
1722 /* Fix broken Tx power entries. */
1723 for (i = 0; i < 40; i++ ) {
1724 if (sc->mac_ver != 0x5592) {
1725 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1726 sc->txpow1[14 + i] = 5;
1727 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1728 sc->txpow2[14 + i] = 5;
1729 }
1730 DPRINTF("chan %d: power1=%d, power2=%d\n",
1731 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1732 sc->txpow2[14 + i]);
1733 }
1734}
1735
1736static int
1737run_read_eeprom(struct run_softc *sc)
1738{
1739 struct ieee80211com *ic = &sc->sc_ic;
1740 int8_t delta_2ghz, delta_5ghz;
1741 uint32_t tmp;
1742 uint16_t val;
1743 int ridx, ant, i;
1744
1745 /* check whether the ROM is eFUSE ROM or EEPROM */
1746 sc->sc_srom_read = run_eeprom_read_2;
1747 if (sc->mac_ver >= 0x3070) {
1748 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1749 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1750 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1751 sc->sc_srom_read = run_efuse_read_2;
1752 }
1753
1754 /* read ROM version */
1755 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1756 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1757
1758 /* read MAC address */
1759 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1760 ic->ic_macaddr[0] = val & 0xff;
1761 ic->ic_macaddr[1] = val >> 8;
1762 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1763 ic->ic_macaddr[2] = val & 0xff;
1764 ic->ic_macaddr[3] = val >> 8;
1765 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1766 ic->ic_macaddr[4] = val & 0xff;
1767 ic->ic_macaddr[5] = val >> 8;
1768
1769 if (sc->mac_ver < 0x3593) {
1770 /* read vender BBP settings */
1771 for (i = 0; i < 10; i++) {
1772 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1773 sc->bbp[i].val = val & 0xff;
1774 sc->bbp[i].reg = val >> 8;
1775 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1776 sc->bbp[i].val);
1777 }
1778 if (sc->mac_ver >= 0x3071) {
1779 /* read vendor RF settings */
1780 for (i = 0; i < 10; i++) {
1781 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1782 &val);
1783 sc->rf[i].val = val & 0xff;
1784 sc->rf[i].reg = val >> 8;
1785 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1786 sc->rf[i].val);
1787 }
1788 }
1789 }
1790
1791 /* read RF frequency offset from EEPROM */
1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1793 RT3593_EEPROM_FREQ, &val);
1794 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1795 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1796
1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1798 RT3593_EEPROM_FREQ_LEDS, &val);
1799 if (val >> 8 != 0xff) {
1800 /* read LEDs operating mode */
1801 sc->leds = val >> 8;
1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1803 RT3593_EEPROM_LED1, &sc->led[0]);
1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1805 RT3593_EEPROM_LED2, &sc->led[1]);
1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1807 RT3593_EEPROM_LED3, &sc->led[2]);
1808 } else {
1809 /* broken EEPROM, use default settings */
1810 sc->leds = 0x01;
1811 sc->led[0] = 0x5555;
1812 sc->led[1] = 0x2221;
1813 sc->led[2] = 0x5627; /* differs from RT2860 */
1814 }
1815 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1816 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1817
1818 /* read RF information */
1819 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1820 run_srom_read(sc, 0x00, &val);
1821 else
1822 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1823
1824 if (val == 0xffff) {
1825 device_printf(sc->sc_dev,
1826 "invalid EEPROM antenna info, using default\n");
1827 DPRINTF("invalid EEPROM antenna info, using default\n");
1828 if (sc->mac_ver == 0x3572) {
1829 /* default to RF3052 2T2R */
1830 sc->rf_rev = RT3070_RF_3052;
1831 sc->ntxchains = 2;
1832 sc->nrxchains = 2;
1833 } else if (sc->mac_ver >= 0x3070) {
1834 /* default to RF3020 1T1R */
1835 sc->rf_rev = RT3070_RF_3020;
1836 sc->ntxchains = 1;
1837 sc->nrxchains = 1;
1838 } else {
1839 /* default to RF2820 1T2R */
1840 sc->rf_rev = RT2860_RF_2820;
1841 sc->ntxchains = 1;
1842 sc->nrxchains = 2;
1843 }
1844 } else {
1845 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1846 sc->rf_rev = val;
1847 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1848 } else
1849 sc->rf_rev = (val >> 8) & 0xf;
1850 sc->ntxchains = (val >> 4) & 0xf;
1851 sc->nrxchains = val & 0xf;
1852 }
1853 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1854 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1855
1856 /* check if RF supports automatic Tx access gain control */
1857 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1858 DPRINTF("EEPROM CFG 0x%04x\n", val);
1859 /* check if driver should patch the DAC issue */
1860 if ((val >> 8) != 0xff)
1861 sc->patch_dac = (val >> 15) & 1;
1862 if ((val & 0xff) != 0xff) {
1863 sc->ext_5ghz_lna = (val >> 3) & 1;
1864 sc->ext_2ghz_lna = (val >> 2) & 1;
1865 /* check if RF supports automatic Tx access gain control */
1866 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1867 /* check if we have a hardware radio switch */
1868 sc->rfswitch = val & 1;
1869 }
1870
1871 /* Read Tx power settings. */
1872 if (sc->mac_ver == 0x3593)
1873 run_rt3593_get_txpower(sc);
1874 else
1875 run_get_txpower(sc);
1876
1877 /* read Tx power compensation for each Tx rate */
1878 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1879 delta_2ghz = delta_5ghz = 0;
1880 if ((val & 0xff) != 0xff && (val & 0x80)) {
1881 delta_2ghz = val & 0xf;
1882 if (!(val & 0x40)) /* negative number */
1883 delta_2ghz = -delta_2ghz;
1884 }
1885 val >>= 8;
1886 if ((val & 0xff) != 0xff && (val & 0x80)) {
1887 delta_5ghz = val & 0xf;
1888 if (!(val & 0x40)) /* negative number */
1889 delta_5ghz = -delta_5ghz;
1890 }
1891 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1892 delta_2ghz, delta_5ghz);
1893
1894 for (ridx = 0; ridx < 5; ridx++) {
1895 uint32_t reg;
1896
1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1898 reg = val;
1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1900 reg |= (uint32_t)val << 16;
1901
1902 sc->txpow20mhz[ridx] = reg;
1903 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1904 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1905
1906 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1907 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1908 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1909 }
1910
1911 /* Read RSSI offsets and LNA gains from EEPROM. */
1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1913 RT3593_EEPROM_RSSI1_2GHZ, &val);
1914 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1915 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1917 RT3593_EEPROM_RSSI2_2GHZ, &val);
1918 if (sc->mac_ver >= 0x3070) {
1919 if (sc->mac_ver == 0x3593) {
1920 sc->txmixgain_2ghz = 0;
1921 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1922 } else {
1923 /*
1924 * On RT3070 chips (limited to 2 Rx chains), this ROM
1925 * field contains the Tx mixer gain for the 2GHz band.
1926 */
1927 if ((val & 0xff) != 0xff)
1928 sc->txmixgain_2ghz = val & 0x7;
1929 }
1930 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1931 } else
1932 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1933 if (sc->mac_ver == 0x3593)
1934 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1935 sc->lna[2] = val >> 8; /* channel group 2 */
1936
1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1938 RT3593_EEPROM_RSSI1_5GHZ, &val);
1939 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1940 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1942 RT3593_EEPROM_RSSI2_5GHZ, &val);
1943 if (sc->mac_ver == 0x3572) {
1944 /*
1945 * On RT3572 chips (limited to 2 Rx chains), this ROM
1946 * field contains the Tx mixer gain for the 5GHz band.
1947 */
1948 if ((val & 0xff) != 0xff)
1949 sc->txmixgain_5ghz = val & 0x7;
1950 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1951 } else
1952 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1953 if (sc->mac_ver == 0x3593) {
1954 sc->txmixgain_5ghz = 0;
1955 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1956 }
1957 sc->lna[3] = val >> 8; /* channel group 3 */
1958
1959 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1960 RT3593_EEPROM_LNA, &val);
1961 sc->lna[0] = val & 0xff; /* channel group 0 */
1962 sc->lna[1] = val >> 8; /* channel group 1 */
1963
1964 /* fix broken 5GHz LNA entries */
1965 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1966 DPRINTF("invalid LNA for channel group %d\n", 2);
1967 sc->lna[2] = sc->lna[1];
1968 }
1969 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1970 DPRINTF("invalid LNA for channel group %d\n", 3);
1971 sc->lna[3] = sc->lna[1];
1972 }
1973
1974 /* fix broken RSSI offset entries */
1975 for (ant = 0; ant < 3; ant++) {
1976 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1977 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1978 ant + 1, sc->rssi_2ghz[ant]);
1979 sc->rssi_2ghz[ant] = 0;
1980 }
1981 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1982 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1983 ant + 1, sc->rssi_5ghz[ant]);
1984 sc->rssi_5ghz[ant] = 0;
1985 }
1986 }
1987 return (0);
1988}
1989
1990static struct ieee80211_node *
1991run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1992{
1993 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
1994}
1995
1996static int
1997run_media_change(struct ifnet *ifp)
1998{
1999 struct ieee80211vap *vap = ifp->if_softc;
2000 struct ieee80211com *ic = vap->iv_ic;
2001 const struct ieee80211_txparam *tp;
2002 struct run_softc *sc = ic->ic_softc;
2003 uint8_t rate, ridx;
2004 int error;
2005
2006 RUN_LOCK(sc);
2007
2008 error = ieee80211_media_change(ifp);
2009 if (error != ENETRESET) {
2010 RUN_UNLOCK(sc);
2011 return (error);
2012 }
2013
2014 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2015 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2016 struct ieee80211_node *ni;
2017 struct run_node *rn;
2018
2019 rate = ic->ic_sup_rates[ic->ic_curmode].
2020 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2021 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2022 if (rt2860_rates[ridx].rate == rate)
2023 break;
2024 ni = ieee80211_ref_node(vap->iv_bss);
2025 rn = RUN_NODE(ni);
2026 rn->fix_ridx = ridx;
2027 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2028 ieee80211_free_node(ni);
2029 }
2030
2031#if 0
2032 if ((ifp->if_flags & IFF_UP) &&
2033 (ifp->if_drv_flags & RUN_RUNNING)){
2034 run_init_locked(sc);
2035 }
2036#endif
2037
2038 RUN_UNLOCK(sc);
2039
2040 return (0);
2041}
2042
2043static int
2044run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2045{
2046 const struct ieee80211_txparam *tp;
2047 struct ieee80211com *ic = vap->iv_ic;
2048 struct run_softc *sc = ic->ic_softc;
2049 struct run_vap *rvp = RUN_VAP(vap);
2050 enum ieee80211_state ostate;
2051 uint32_t sta[3];
2052 uint32_t tmp;
2053 uint8_t ratectl;
2054 uint8_t restart_ratectl = 0;
2055 uint8_t bid = 1 << rvp->rvp_id;
2056
2057 ostate = vap->iv_state;
2058 DPRINTF("%s -> %s\n",
2059 ieee80211_state_name[ostate],
2060 ieee80211_state_name[nstate]);
2061
2062 IEEE80211_UNLOCK(ic);
2063 RUN_LOCK(sc);
2064
2065 ratectl = sc->ratectl_run; /* remember current state */
2066 sc->ratectl_run = RUN_RATECTL_OFF;
2067 usb_callout_stop(&sc->ratectl_ch);
2068
2069 if (ostate == IEEE80211_S_RUN) {
2070 /* turn link LED off */
2071 run_set_leds(sc, RT2860_LED_RADIO);
2072 }
2073
2074 switch (nstate) {
2075 case IEEE80211_S_INIT:
2076 restart_ratectl = 1;
2077
2078 if (ostate != IEEE80211_S_RUN)
2079 break;
2080
2081 ratectl &= ~bid;
2082 sc->runbmap &= ~bid;
2083
2084 /* abort TSF synchronization if there is no vap running */
2085 if (--sc->running == 0) {
2086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2087 run_write(sc, RT2860_BCN_TIME_CFG,
2088 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2089 RT2860_TBTT_TIMER_EN));
2090 }
2091 break;
2092
2093 case IEEE80211_S_RUN:
2094 if (!(sc->runbmap & bid)) {
2095 if(sc->running++)
2096 restart_ratectl = 1;
2097 sc->runbmap |= bid;
2098 }
2099
2100 m_freem(rvp->beacon_mbuf);
2101 rvp->beacon_mbuf = NULL;
2102
2103 switch (vap->iv_opmode) {
2104 case IEEE80211_M_HOSTAP:
2105 case IEEE80211_M_MBSS:
2106 sc->ap_running |= bid;
2107 ic->ic_opmode = vap->iv_opmode;
2108 run_update_beacon_cb(vap);
2109 break;
2110 case IEEE80211_M_IBSS:
2111 sc->adhoc_running |= bid;
2112 if (!sc->ap_running)
2113 ic->ic_opmode = vap->iv_opmode;
2114 run_update_beacon_cb(vap);
2115 break;
2116 case IEEE80211_M_STA:
2117 sc->sta_running |= bid;
2118 if (!sc->ap_running && !sc->adhoc_running)
2119 ic->ic_opmode = vap->iv_opmode;
2120
2121 /* read statistic counters (clear on read) */
2122 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2123 (uint8_t *)sta, sizeof sta);
2124
2125 break;
2126 default:
2127 ic->ic_opmode = vap->iv_opmode;
2128 break;
2129 }
2130
2131 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2132 struct ieee80211_node *ni;
2133
2134 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2135 RUN_UNLOCK(sc);
2136 IEEE80211_LOCK(ic);
2137 return (-1);
2138 }
2139 run_updateslot(ic);
2140 run_enable_mrr(sc);
2141 run_set_txpreamble(sc);
2142 run_set_basicrates(sc);
2143 ni = ieee80211_ref_node(vap->iv_bss);
2144 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2145 run_set_bssid(sc, sc->sc_bssid);
2146 ieee80211_free_node(ni);
2147 run_enable_tsf_sync(sc);
2148
2149 /* enable automatic rate adaptation */
2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2152 ratectl |= bid;
2153 } else
2154 run_enable_tsf(sc);
2155
2156 /* turn link LED on */
2157 run_set_leds(sc, RT2860_LED_RADIO |
2158 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2159 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2160
2161 break;
2162 default:
2163 DPRINTFN(6, "undefined case\n");
2164 break;
2165 }
2166
2167 /* restart amrr for running VAPs */
2168 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2169 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2170
2171 RUN_UNLOCK(sc);
2172 IEEE80211_LOCK(ic);
2173
2174 return(rvp->newstate(vap, nstate, arg));
2175}
2176
2177static int
2178run_wme_update(struct ieee80211com *ic)
2179{
2180 struct run_softc *sc = ic->ic_softc;
2181 const struct wmeParams *ac =
2182 ic->ic_wme.wme_chanParams.cap_wmeParams;
2183 int aci, error = 0;
2184
2185 /* update MAC TX configuration registers */
2186 RUN_LOCK(sc);
2187 for (aci = 0; aci < WME_NUM_AC; aci++) {
2188 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2189 ac[aci].wmep_logcwmax << 16 |
2190 ac[aci].wmep_logcwmin << 12 |
2191 ac[aci].wmep_aifsn << 8 |
2192 ac[aci].wmep_txopLimit);
2193 if (error) goto err;
2194 }
2195
2196 /* update SCH/DMA registers too */
2197 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2198 ac[WME_AC_VO].wmep_aifsn << 12 |
2199 ac[WME_AC_VI].wmep_aifsn << 8 |
2200 ac[WME_AC_BK].wmep_aifsn << 4 |
2201 ac[WME_AC_BE].wmep_aifsn);
2202 if (error) goto err;
2203 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2204 ac[WME_AC_VO].wmep_logcwmin << 12 |
2205 ac[WME_AC_VI].wmep_logcwmin << 8 |
2206 ac[WME_AC_BK].wmep_logcwmin << 4 |
2207 ac[WME_AC_BE].wmep_logcwmin);
2208 if (error) goto err;
2209 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2210 ac[WME_AC_VO].wmep_logcwmax << 12 |
2211 ac[WME_AC_VI].wmep_logcwmax << 8 |
2212 ac[WME_AC_BK].wmep_logcwmax << 4 |
2213 ac[WME_AC_BE].wmep_logcwmax);
2214 if (error) goto err;
2215 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2216 ac[WME_AC_BK].wmep_txopLimit << 16 |
2217 ac[WME_AC_BE].wmep_txopLimit);
2218 if (error) goto err;
2219 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2220 ac[WME_AC_VO].wmep_txopLimit << 16 |
2221 ac[WME_AC_VI].wmep_txopLimit);
2222
2223err:
2224 RUN_UNLOCK(sc);
2225 if (error)
2226 DPRINTF("WME update failed\n");
2227
2228 return (error);
2229}
2230
2231static void
2232run_key_set_cb(void *arg)
2233{
2234 struct run_cmdq *cmdq = arg;
2235 struct ieee80211vap *vap = cmdq->arg1;
2236 struct ieee80211_key *k = cmdq->k;
2237 struct ieee80211com *ic = vap->iv_ic;
2238 struct run_softc *sc = ic->ic_softc;
2239 struct ieee80211_node *ni;
2240 u_int cipher = k->wk_cipher->ic_cipher;
2241 uint32_t attr;
2242 uint16_t base, associd;
2243 uint8_t mode, wcid, iv[8];
2244
2245 RUN_LOCK_ASSERT(sc, MA_OWNED);
2246
2247 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2248 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2249 else
2250 ni = vap->iv_bss;
2251 associd = (ni != NULL) ? ni->ni_associd : 0;
2252
2253 /* map net80211 cipher to RT2860 security mode */
2254 switch (cipher) {
2255 case IEEE80211_CIPHER_WEP:
2256 if(k->wk_keylen < 8)
2257 mode = RT2860_MODE_WEP40;
2258 else
2259 mode = RT2860_MODE_WEP104;
2260 break;
2261 case IEEE80211_CIPHER_TKIP:
2262 mode = RT2860_MODE_TKIP;
2263 break;
2264 case IEEE80211_CIPHER_AES_CCM:
2265 mode = RT2860_MODE_AES_CCMP;
2266 break;
2267 default:
2268 DPRINTF("undefined case\n");
2269 return;
2270 }
2271
2272 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2273 associd, k->wk_keyix, mode,
2274 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2275 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2276 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2277
2278 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2279 wcid = 0; /* NB: update WCID0 for group keys */
2280 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2281 } else {
2282 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2283 1 : RUN_AID2WCID(associd);
2284 base = RT2860_PKEY(wcid);
2285 }
2286
2287 if (cipher == IEEE80211_CIPHER_TKIP) {
2288 if(run_write_region_1(sc, base, k->wk_key, 16))
2289 return;
2290 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2291 return;
2292 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2293 return;
2294 } else {
2295 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2296 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2297 return;
2298 }
2299
2300 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2301 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2302 /* set initial packet number in IV+EIV */
2303 if (cipher == IEEE80211_CIPHER_WEP) {
2304 memset(iv, 0, sizeof iv);
2305 iv[3] = vap->iv_def_txkey << 6;
2306 } else {
2307 if (cipher == IEEE80211_CIPHER_TKIP) {
2308 iv[0] = k->wk_keytsc >> 8;
2309 iv[1] = (iv[0] | 0x20) & 0x7f;
2310 iv[2] = k->wk_keytsc;
2311 } else /* CCMP */ {
2312 iv[0] = k->wk_keytsc;
2313 iv[1] = k->wk_keytsc >> 8;
2314 iv[2] = 0;
2315 }
2316 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2317 iv[4] = k->wk_keytsc >> 16;
2318 iv[5] = k->wk_keytsc >> 24;
2319 iv[6] = k->wk_keytsc >> 32;
2320 iv[7] = k->wk_keytsc >> 40;
2321 }
2322 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2323 return;
2324 }
2325
2326 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2327 /* install group key */
2328 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2329 return;
2330 attr &= ~(0xf << (k->wk_keyix * 4));
2331 attr |= mode << (k->wk_keyix * 4);
2332 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2333 return;
2334 } else {
2335 /* install pairwise key */
2336 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2337 return;
2338 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2339 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2340 return;
2341 }
2342
2343 /* TODO create a pass-thru key entry? */
2344
2345 /* need wcid to delete the right key later */
2346 k->wk_pad = wcid;
2347}
2348
2349/*
2350 * Don't have to be deferred, but in order to keep order of
2351 * execution, i.e. with run_key_delete(), defer this and let
2352 * run_cmdq_cb() maintain the order.
2353 *
2354 * return 0 on error
2355 */
2356static int
2357run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2358{
2359 struct ieee80211com *ic = vap->iv_ic;
2360 struct run_softc *sc = ic->ic_softc;
2361 uint32_t i;
2362
2363 i = RUN_CMDQ_GET(&sc->cmdq_store);
2364 DPRINTF("cmdq_store=%d\n", i);
2365 sc->cmdq[i].func = run_key_set_cb;
2366 sc->cmdq[i].arg0 = NULL;
2367 sc->cmdq[i].arg1 = vap;
2368 sc->cmdq[i].k = k;
2369 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2370 ieee80211_runtask(ic, &sc->cmdq_task);
2371
2372 /*
2373 * To make sure key will be set when hostapd
2374 * calls iv_key_set() before if_init().
2375 */
2376 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2377 RUN_LOCK(sc);
2378 sc->cmdq_key_set = RUN_CMDQ_GO;
2379 RUN_UNLOCK(sc);
2380 }
2381
2382 return (1);
2383}
2384
2385/*
2386 * If wlan is destroyed without being brought down i.e. without
2387 * wlan down or wpa_cli terminate, this function is called after
2388 * vap is gone. Don't refer it.
2389 */
2390static void
2391run_key_delete_cb(void *arg)
2392{
2393 struct run_cmdq *cmdq = arg;
2394 struct run_softc *sc = cmdq->arg1;
2395 struct ieee80211_key *k = &cmdq->key;
2396 uint32_t attr;
2397 uint8_t wcid;
2398
2399 RUN_LOCK_ASSERT(sc, MA_OWNED);
2400
2401 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2402 /* remove group key */
2403 DPRINTF("removing group key\n");
2404 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2405 attr &= ~(0xf << (k->wk_keyix * 4));
2406 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2407 } else {
2408 /* remove pairwise key */
2409 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2410 /* matching wcid was written to wk_pad in run_key_set() */
2411 wcid = k->wk_pad;
2412 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2413 attr &= ~0xf;
2414 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2415 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2416 }
2417
2418 k->wk_pad = 0;
2419}
2420
2421/*
2422 * return 0 on error
2423 */
2424static int
2425run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2426{
2427 struct ieee80211com *ic = vap->iv_ic;
2428 struct run_softc *sc = ic->ic_softc;
2429 struct ieee80211_key *k0;
2430 uint32_t i;
2431
2432 /*
2433 * When called back, key might be gone. So, make a copy
2434 * of some values need to delete keys before deferring.
2435 * But, because of LOR with node lock, cannot use lock here.
2436 * So, use atomic instead.
2437 */
2438 i = RUN_CMDQ_GET(&sc->cmdq_store);
2439 DPRINTF("cmdq_store=%d\n", i);
2440 sc->cmdq[i].func = run_key_delete_cb;
2441 sc->cmdq[i].arg0 = NULL;
2442 sc->cmdq[i].arg1 = sc;
2443 k0 = &sc->cmdq[i].key;
2444 k0->wk_flags = k->wk_flags;
2445 k0->wk_keyix = k->wk_keyix;
2446 /* matching wcid was written to wk_pad in run_key_set() */
2447 k0->wk_pad = k->wk_pad;
2448 ieee80211_runtask(ic, &sc->cmdq_task);
2449 return (1); /* return fake success */
2450
2451}
2452
2453static void
2454run_ratectl_to(void *arg)
2455{
2456 struct run_softc *sc = arg;
2457
2458 /* do it in a process context, so it can go sleep */
2459 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2460 /* next timeout will be rescheduled in the callback task */
2461}
2462
2463/* ARGSUSED */
2464static void
2465run_ratectl_cb(void *arg, int pending)
2466{
2467 struct run_softc *sc = arg;
2468 struct ieee80211com *ic = &sc->sc_ic;
2469 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2470
2471 if (vap == NULL)
2472 return;
2473
2474 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2475 /*
2476 * run_reset_livelock() doesn't do anything with AMRR,
2477 * but Ralink wants us to call it every 1 sec. So, we
2478 * piggyback here rather than creating another callout.
2479 * Livelock may occur only in HOSTAP or IBSS mode
2480 * (when h/w is sending beacons).
2481 */
2482 RUN_LOCK(sc);
2483 run_reset_livelock(sc);
2484 /* just in case, there are some stats to drain */
2485 run_drain_fifo(sc);
2486 RUN_UNLOCK(sc);
2487 }
2488
2489 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2490
2491 RUN_LOCK(sc);
2492 if(sc->ratectl_run != RUN_RATECTL_OFF)
2493 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2494 RUN_UNLOCK(sc);
2495}
2496
2497static void
2498run_drain_fifo(void *arg)
2499{
2500 struct run_softc *sc = arg;
2501 uint32_t stat;
2502 uint16_t (*wstat)[3];
2503 uint8_t wcid, mcs, pid;
2504 int8_t retry;
2505
2506 RUN_LOCK_ASSERT(sc, MA_OWNED);
2507
2508 for (;;) {
2509 /* drain Tx status FIFO (maxsize = 16) */
2510 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2511 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2512 if (!(stat & RT2860_TXQ_VLD))
2513 break;
2514
2515 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2516
2517 /* if no ACK was requested, no feedback is available */
2518 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2519 wcid == 0)
2520 continue;
2521
2522 /*
2523 * Even though each stat is Tx-complete-status like format,
2524 * the device can poll stats. Because there is no guarantee
2525 * that the referring node is still around when read the stats.
2526 * So that, if we use ieee80211_ratectl_tx_update(), we will
2527 * have hard time not to refer already freed node.
2528 *
2529 * To eliminate such page faults, we poll stats in softc.
2530 * Then, update the rates later with ieee80211_ratectl_tx_update().
2531 */
2532 wstat = &(sc->wcid_stats[wcid]);
2533 (*wstat)[RUN_TXCNT]++;
2534 if (stat & RT2860_TXQ_OK)
2535 (*wstat)[RUN_SUCCESS]++;
2536 else
2537 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2538 /*
2539 * Check if there were retries, ie if the Tx success rate is
2540 * different from the requested rate. Note that it works only
2541 * because we do not allow rate fallback from OFDM to CCK.
2542 */
2543 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2544 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2545 if ((retry = pid -1 - mcs) > 0) {
2546 (*wstat)[RUN_TXCNT] += retry;
2547 (*wstat)[RUN_RETRY] += retry;
2548 }
2549 }
2550 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2551
2552 sc->fifo_cnt = 0;
2553}
2554
2555static void
2556run_iter_func(void *arg, struct ieee80211_node *ni)
2557{
2558 struct run_softc *sc = arg;
2559 struct ieee80211vap *vap = ni->ni_vap;
2560 struct run_node *rn = RUN_NODE(ni);
2561 union run_stats sta[2];
2562 uint16_t (*wstat)[3];
2563 int txcnt, success, retrycnt, error;
2564
2565 RUN_LOCK(sc);
2566
2567 /* Check for special case */
2568 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2569 ni != vap->iv_bss)
2570 goto fail;
2571
2572 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2573 vap->iv_opmode == IEEE80211_M_STA)) {
2574 /* read statistic counters (clear on read) and update AMRR state */
2575 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2576 sizeof sta);
2577 if (error != 0)
2578 goto fail;
2579
2580 /* count failed TX as errors */
2581 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2582 le16toh(sta[0].error.fail));
2583
2584 retrycnt = le16toh(sta[1].tx.retry);
2585 success = le16toh(sta[1].tx.success);
2586 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2587
2588 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2589 retrycnt, success, le16toh(sta[0].error.fail));
2590 } else {
2591 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2592
2593 if (wstat == &(sc->wcid_stats[0]) ||
2594 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2595 goto fail;
2596
2597 txcnt = (*wstat)[RUN_TXCNT];
2598 success = (*wstat)[RUN_SUCCESS];
2599 retrycnt = (*wstat)[RUN_RETRY];
2600 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2601 retrycnt, txcnt, success);
2602
2603 memset(wstat, 0, sizeof(*wstat));
2604 }
2605
2606 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2607 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2608
2609fail:
2610 RUN_UNLOCK(sc);
2611
2612 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2613}
2614
2615static void
2616run_newassoc_cb(void *arg)
2617{
2618 struct run_cmdq *cmdq = arg;
2619 struct ieee80211_node *ni = cmdq->arg1;
2620 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2621 uint8_t wcid = cmdq->wcid;
2622
2623 RUN_LOCK_ASSERT(sc, MA_OWNED);
2624
2625 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2626 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2627
2628 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2629}
2630
2631static void
2632run_newassoc(struct ieee80211_node *ni, int isnew)
2633{
2634 struct run_node *rn = RUN_NODE(ni);
2635 struct ieee80211_rateset *rs = &ni->ni_rates;
2636 struct ieee80211vap *vap = ni->ni_vap;
2637 struct ieee80211com *ic = vap->iv_ic;
2638 struct run_softc *sc = ic->ic_softc;
2639 uint8_t rate;
2640 uint8_t ridx;
2641 uint8_t wcid;
2642 int i, j;
2643
2644 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2645 1 : RUN_AID2WCID(ni->ni_associd);
2646
2647 if (wcid > RT2870_WCID_MAX) {
2648 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2649 return;
2650 }
2651
2652 /* only interested in true associations */
2653 if (isnew && ni->ni_associd != 0) {
2654
2655 /*
2656 * This function could is called though timeout function.
2657 * Need to defer.
2658 */
2659 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2660 DPRINTF("cmdq_store=%d\n", cnt);
2661 sc->cmdq[cnt].func = run_newassoc_cb;
2662 sc->cmdq[cnt].arg0 = NULL;
2663 sc->cmdq[cnt].arg1 = ni;
2664 sc->cmdq[cnt].wcid = wcid;
2665 ieee80211_runtask(ic, &sc->cmdq_task);
2666 }
2667
2668 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2669 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2670
2671 for (i = 0; i < rs->rs_nrates; i++) {
2672 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2673 /* convert 802.11 rate to hardware rate index */
2674 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2675 if (rt2860_rates[ridx].rate == rate)
2676 break;
2677 rn->ridx[i] = ridx;
2678 /* determine rate of control response frames */
2679 for (j = i; j >= 0; j--) {
2680 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2681 rt2860_rates[rn->ridx[i]].phy ==
2682 rt2860_rates[rn->ridx[j]].phy)
2683 break;
2684 }
2685 if (j >= 0) {
2686 rn->ctl_ridx[i] = rn->ridx[j];
2687 } else {
2688 /* no basic rate found, use mandatory one */
2689 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2690 }
2691 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2692 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2693 }
2694 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2695 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2696 if (rt2860_rates[ridx].rate == rate)
2697 break;
2698 rn->mgt_ridx = ridx;
2699 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2700
2701 RUN_LOCK(sc);
2702 if(sc->ratectl_run != RUN_RATECTL_OFF)
2703 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2704 RUN_UNLOCK(sc);
2705}
2706
2707/*
2708 * Return the Rx chain with the highest RSSI for a given frame.
2709 */
2710static __inline uint8_t
2711run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2712{
2713 uint8_t rxchain = 0;
2714
2715 if (sc->nrxchains > 1) {
2716 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2717 rxchain = 1;
2718 if (sc->nrxchains > 2)
2719 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2720 rxchain = 2;
2721 }
2722 return (rxchain);
2723}
2724
2725static void
2726run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2727 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2728{
2729 struct ieee80211vap *vap = ni->ni_vap;
2730 struct run_softc *sc = vap->iv_ic->ic_softc;
2731 struct run_vap *rvp = RUN_VAP(vap);
2732 uint64_t ni_tstamp, rx_tstamp;
2733
2734 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2735
2736 if (vap->iv_state == IEEE80211_S_RUN &&
2737 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2738 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2739 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2740 RUN_LOCK(sc);
2741 run_get_tsf(sc, &rx_tstamp);
2742 RUN_UNLOCK(sc);
2743 rx_tstamp = le64toh(rx_tstamp);
2744
2745 if (ni_tstamp >= rx_tstamp) {
2746 DPRINTF("ibss merge, tsf %ju tstamp %ju\n",
2747 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2748 (void) ieee80211_ibss_merge(ni);
2749 }
2750 }
2751}
2752
2753static void
2754run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2755{
2756 struct ieee80211com *ic = &sc->sc_ic;
2757 struct ieee80211_frame *wh;
2758 struct ieee80211_node *ni;
2759 struct rt2870_rxd *rxd;
2760 struct rt2860_rxwi *rxwi;
2761 uint32_t flags;
2762 uint16_t len, rxwisize;
2763 uint8_t ant, rssi;
2764 int8_t nf;
2765
2766 rxwi = mtod(m, struct rt2860_rxwi *);
2767 len = le16toh(rxwi->len) & 0xfff;
2768 rxwisize = sizeof(struct rt2860_rxwi);
2769 if (sc->mac_ver == 0x5592)
2770 rxwisize += sizeof(uint64_t);
2771 else if (sc->mac_ver == 0x3593)
2772 rxwisize += sizeof(uint32_t);
2773 if (__predict_false(len > dmalen)) {
2774 m_freem(m);
2775 counter_u64_add(ic->ic_ierrors, 1);
2776 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2777 return;
2778 }
2779 /* Rx descriptor is located at the end */
2780 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2781 flags = le32toh(rxd->flags);
2782
2783 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2784 m_freem(m);
2785 counter_u64_add(ic->ic_ierrors, 1);
2786 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2787 return;
2788 }
2789
2790 m->m_data += rxwisize;
2791 m->m_pkthdr.len = m->m_len -= rxwisize;
2792
2793 wh = mtod(m, struct ieee80211_frame *);
2794
2795 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2796 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2797 m->m_flags |= M_WEP;
2798 }
2799
2800 if (flags & RT2860_RX_L2PAD) {
2801 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2802 len += 2;
2803 }
2804
2805 ni = ieee80211_find_rxnode(ic,
2806 mtod(m, struct ieee80211_frame_min *));
2807
2808 if (__predict_false(flags & RT2860_RX_MICERR)) {
2809 /* report MIC failures to net80211 for TKIP */
2810 if (ni != NULL)
2811 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2812 rxwi->keyidx);
2813 m_freem(m);
2814 counter_u64_add(ic->ic_ierrors, 1);
2815 DPRINTF("MIC error. Someone is lying.\n");
2816 return;
2817 }
2818
2819 ant = run_maxrssi_chain(sc, rxwi);
2820 rssi = rxwi->rssi[ant];
2821 nf = run_rssi2dbm(sc, rssi, ant);
2822
2823 m->m_pkthdr.len = m->m_len = len;
2824
2825 if (__predict_false(ieee80211_radiotap_active(ic))) {
2826 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2827 uint16_t phy;
2828
2829 tap->wr_flags = 0;
2830 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2831 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2832 tap->wr_antsignal = rssi;
2833 tap->wr_antenna = ant;
2834 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2835 tap->wr_rate = 2; /* in case it can't be found below */
2836 run_get_tsf(sc, &tap->wr_tsf);
2837 phy = le16toh(rxwi->phy);
2838 switch (phy & RT2860_PHY_MODE) {
2839 case RT2860_PHY_CCK:
2840 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2841 case 0: tap->wr_rate = 2; break;
2842 case 1: tap->wr_rate = 4; break;
2843 case 2: tap->wr_rate = 11; break;
2844 case 3: tap->wr_rate = 22; break;
2845 }
2846 if (phy & RT2860_PHY_SHPRE)
2847 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2848 break;
2849 case RT2860_PHY_OFDM:
2850 switch (phy & RT2860_PHY_MCS) {
2851 case 0: tap->wr_rate = 12; break;
2852 case 1: tap->wr_rate = 18; break;
2853 case 2: tap->wr_rate = 24; break;
2854 case 3: tap->wr_rate = 36; break;
2855 case 4: tap->wr_rate = 48; break;
2856 case 5: tap->wr_rate = 72; break;
2857 case 6: tap->wr_rate = 96; break;
2858 case 7: tap->wr_rate = 108; break;
2859 }
2860 break;
2861 }
2862 }
2863
2864 if (ni != NULL) {
2865 (void)ieee80211_input(ni, m, rssi, nf);
2866 ieee80211_free_node(ni);
2867 } else {
2868 (void)ieee80211_input_all(ic, m, rssi, nf);
2869 }
2870}
2871
2872static void
2873run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2874{
2875 struct run_softc *sc = usbd_xfer_softc(xfer);
2876 struct ieee80211com *ic = &sc->sc_ic;
2877 struct mbuf *m = NULL;
2878 struct mbuf *m0;
2879 uint32_t dmalen;
2880 uint16_t rxwisize;
2881 int xferlen;
2882
2883 rxwisize = sizeof(struct rt2860_rxwi);
2884 if (sc->mac_ver == 0x5592)
2885 rxwisize += sizeof(uint64_t);
2886 else if (sc->mac_ver == 0x3593)
2887 rxwisize += sizeof(uint32_t);
2888
2889 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2890
2891 switch (USB_GET_STATE(xfer)) {
2892 case USB_ST_TRANSFERRED:
2893
2894 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2895
2896 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2897 sizeof(struct rt2870_rxd))) {
2898 DPRINTF("xfer too short %d\n", xferlen);
2899 goto tr_setup;
2900 }
2901
2902 m = sc->rx_m;
2903 sc->rx_m = NULL;
2904
2905 /* FALLTHROUGH */
2906 case USB_ST_SETUP:
2907tr_setup:
2908 if (sc->rx_m == NULL) {
2909 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2910 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2911 }
2912 if (sc->rx_m == NULL) {
2913 DPRINTF("could not allocate mbuf - idle with stall\n");
2914 counter_u64_add(ic->ic_ierrors, 1);
2915 usbd_xfer_set_stall(xfer);
2916 usbd_xfer_set_frames(xfer, 0);
2917 } else {
2918 /*
2919 * Directly loading a mbuf cluster into DMA to
2920 * save some data copying. This works because
2921 * there is only one cluster.
2922 */
2923 usbd_xfer_set_frame_data(xfer, 0,
2924 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2925 usbd_xfer_set_frames(xfer, 1);
2926 }
2927 usbd_transfer_submit(xfer);
2928 break;
2929
2930 default: /* Error */
2931 if (error != USB_ERR_CANCELLED) {
2932 /* try to clear stall first */
2933 usbd_xfer_set_stall(xfer);
2934 if (error == USB_ERR_TIMEOUT)
2935 device_printf(sc->sc_dev, "device timeout\n");
2936 counter_u64_add(ic->ic_ierrors, 1);
2937 goto tr_setup;
2938 }
2939 if (sc->rx_m != NULL) {
2940 m_freem(sc->rx_m);
2941 sc->rx_m = NULL;
2942 }
2943 break;
2944 }
2945
2946 if (m == NULL)
2947 return;
2948
2949 /* inputting all the frames must be last */
2950
2951 RUN_UNLOCK(sc);
2952
2953 m->m_pkthdr.len = m->m_len = xferlen;
2954
2955 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2956 for(;;) {
2957 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2958
2959 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2960 ((dmalen & 3) != 0)) {
2961 DPRINTF("bad DMA length %u\n", dmalen);
2962 break;
2963 }
2964 if ((dmalen + 8) > (uint32_t)xferlen) {
2965 DPRINTF("bad DMA length %u > %d\n",
2966 dmalen + 8, xferlen);
2967 break;
2968 }
2969
2970 /* If it is the last one or a single frame, we won't copy. */
2971 if ((xferlen -= dmalen + 8) <= 8) {
2972 /* trim 32-bit DMA-len header */
2973 m->m_data += 4;
2974 m->m_pkthdr.len = m->m_len -= 4;
2975 run_rx_frame(sc, m, dmalen);
2976 m = NULL; /* don't free source buffer */
2977 break;
2978 }
2979
2980 /* copy aggregated frames to another mbuf */
2981 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
2982 if (__predict_false(m0 == NULL)) {
2983 DPRINTF("could not allocate mbuf\n");
2984 counter_u64_add(ic->ic_ierrors, 1);
2985 break;
2986 }
2987 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
2988 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
2989 m0->m_pkthdr.len = m0->m_len =
2990 dmalen + sizeof(struct rt2870_rxd);
2991 run_rx_frame(sc, m0, dmalen);
2992
2993 /* update data ptr */
2994 m->m_data += dmalen + 8;
2995 m->m_pkthdr.len = m->m_len -= dmalen + 8;
2996 }
2997
2998 /* make sure we free the source buffer, if any */
2999 m_freem(m);
3000
3001 RUN_LOCK(sc);
3002}
3003
3004static void
3005run_tx_free(struct run_endpoint_queue *pq,
3006 struct run_tx_data *data, int txerr)
3007{
3008
3009 ieee80211_tx_complete(data->ni, data->m, txerr);
3010
3011 data->m = NULL;
3012 data->ni = NULL;
3013
3014 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3015 pq->tx_nfree++;
3016}
3017
3018static void
3019run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3020{
3021 struct run_softc *sc = usbd_xfer_softc(xfer);
3022 struct ieee80211com *ic = &sc->sc_ic;
3023 struct run_tx_data *data;
3024 struct ieee80211vap *vap = NULL;
3025 struct usb_page_cache *pc;
3026 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3027 struct mbuf *m;
3028 usb_frlength_t size;
3029 int actlen;
3030 int sumlen;
3031
3032 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3033
3034 switch (USB_GET_STATE(xfer)) {
3035 case USB_ST_TRANSFERRED:
3036 DPRINTFN(11, "transfer complete: %d "
3037 "bytes @ index %d\n", actlen, index);
3038
3039 data = usbd_xfer_get_priv(xfer);
3040 run_tx_free(pq, data, 0);
3041 usbd_xfer_set_priv(xfer, NULL);
3042
3043 /* FALLTHROUGH */
3044 case USB_ST_SETUP:
3045tr_setup:
3046 data = STAILQ_FIRST(&pq->tx_qh);
3047 if (data == NULL)
3048 break;
3049
3050 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3051
3052 m = data->m;
3053 size = (sc->mac_ver == 0x5592) ?
3054 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3055 if ((m->m_pkthdr.len +
3056 size + 3 + 8) > RUN_MAX_TXSZ) {
3057 DPRINTF("data overflow, %u bytes\n",
3058 m->m_pkthdr.len);
3059 run_tx_free(pq, data, 1);
3060 goto tr_setup;
3061 }
3062
3063 pc = usbd_xfer_get_frame(xfer, 0);
3064 usbd_copy_in(pc, 0, &data->desc, size);
3065 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3066 size += m->m_pkthdr.len;
3067 /*
3068 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3069 * 4-byte padding), and be sure to zero those trailing
3070 * bytes:
3071 */
3072 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3073 size += ((-size) & 3) + 8;
3074
3075 vap = data->ni->ni_vap;
3076 if (ieee80211_radiotap_active_vap(vap)) {
3077 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3078 struct rt2860_txwi *txwi =
3079 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3080 tap->wt_flags = 0;
3081 tap->wt_rate = rt2860_rates[data->ridx].rate;
3082 run_get_tsf(sc, &tap->wt_tsf);
3083 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3084 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3085 tap->wt_hwqueue = index;
3086 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3087 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3088
3089 ieee80211_radiotap_tx(vap, m);
3090 }
3091
3092 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3093 m->m_pkthdr.len, size, index);
3094
3095 usbd_xfer_set_frame_len(xfer, 0, size);
3096 usbd_xfer_set_priv(xfer, data);
3097 usbd_transfer_submit(xfer);
3098 run_start(sc);
3099
3100 break;
3101
3102 default:
3103 DPRINTF("USB transfer error, %s\n",
3104 usbd_errstr(error));
3105
3106 data = usbd_xfer_get_priv(xfer);
3107
3108 if (data != NULL) {
3109 if(data->ni != NULL)
3110 vap = data->ni->ni_vap;
3111 run_tx_free(pq, data, error);
3112 usbd_xfer_set_priv(xfer, NULL);
3113 }
3114
3115 if (vap == NULL)
3116 vap = TAILQ_FIRST(&ic->ic_vaps);
3117
3118 if (error != USB_ERR_CANCELLED) {
3119 if (error == USB_ERR_TIMEOUT) {
3120 device_printf(sc->sc_dev, "device timeout\n");
3121 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3122 DPRINTF("cmdq_store=%d\n", i);
3123 sc->cmdq[i].func = run_usb_timeout_cb;
3124 sc->cmdq[i].arg0 = vap;
3125 ieee80211_runtask(ic, &sc->cmdq_task);
3126 }
3127
3128 /*
3129 * Try to clear stall first, also if other
3130 * errors occur, hence clearing stall
3131 * introduces a 50 ms delay:
3132 */
3133 usbd_xfer_set_stall(xfer);
3134 goto tr_setup;
3135 }
3136 break;
3137 }
3138}
3139
3140static void
3141run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3142{
3143 run_bulk_tx_callbackN(xfer, error, 0);
3144}
3145
3146static void
3147run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3148{
3149 run_bulk_tx_callbackN(xfer, error, 1);
3150}
3151
3152static void
3153run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3154{
3155 run_bulk_tx_callbackN(xfer, error, 2);
3156}
3157
3158static void
3159run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3160{
3161 run_bulk_tx_callbackN(xfer, error, 3);
3162}
3163
3164static void
3165run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3166{
3167 run_bulk_tx_callbackN(xfer, error, 4);
3168}
3169
3170static void
3171run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3172{
3173 run_bulk_tx_callbackN(xfer, error, 5);
3174}
3175
3176static void
3177run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3178{
3179 struct mbuf *m = data->m;
3180 struct ieee80211com *ic = &sc->sc_ic;
3181 struct ieee80211vap *vap = data->ni->ni_vap;
3182 struct ieee80211_frame *wh;
3183 struct rt2870_txd *txd;
3184 struct rt2860_txwi *txwi;
3185 uint16_t xferlen, txwisize;
3186 uint16_t mcs;
3187 uint8_t ridx = data->ridx;
3188 uint8_t pad;
3189
3190 /* get MCS code from rate index */
3191 mcs = rt2860_rates[ridx].mcs;
3192
3193 txwisize = (sc->mac_ver == 0x5592) ?
3194 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3195 xferlen = txwisize + m->m_pkthdr.len;
3196
3197 /* roundup to 32-bit alignment */
3198 xferlen = (xferlen + 3) & ~3;
3199
3200 txd = (struct rt2870_txd *)&data->desc;
3201 txd->len = htole16(xferlen);
3202
3203 wh = mtod(m, struct ieee80211_frame *);
3204
3205 /*
3206 * Ether both are true or both are false, the header
3207 * are nicely aligned to 32-bit. So, no L2 padding.
3208 */
3209 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3210 pad = 0;
3211 else
3212 pad = 2;
3213
3214 /* setup TX Wireless Information */
3215 txwi = (struct rt2860_txwi *)(txd + 1);
3216 txwi->len = htole16(m->m_pkthdr.len - pad);
3217 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3218 mcs |= RT2860_PHY_CCK;
3219 if (ridx != RT2860_RIDX_CCK1 &&
3220 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3221 mcs |= RT2860_PHY_SHPRE;
3222 } else
3223 mcs |= RT2860_PHY_OFDM;
3224 txwi->phy = htole16(mcs);
3225
3226 /* check if RTS/CTS or CTS-to-self protection is required */
3227 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3228 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3229 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3230 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3231 txwi->txop |= RT2860_TX_TXOP_HT;
3232 else
3233 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3234
3235 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3236 txwi->xflags |= RT2860_TX_NSEQ;
3237}
3238
3239/* This function must be called locked */
3240static int
3241run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3242{
3243 struct ieee80211com *ic = &sc->sc_ic;
3244 struct ieee80211vap *vap = ni->ni_vap;
3245 struct ieee80211_frame *wh;
3246 struct ieee80211_channel *chan;
3247 const struct ieee80211_txparam *tp;
3248 struct run_node *rn = RUN_NODE(ni);
3249 struct run_tx_data *data;
3250 struct rt2870_txd *txd;
3251 struct rt2860_txwi *txwi;
3252 uint16_t qos;
3253 uint16_t dur;
3254 uint16_t qid;
3255 uint8_t type;
3256 uint8_t tid;
3257 uint8_t ridx;
3258 uint8_t ctl_ridx;
3259 uint8_t qflags;
3260 uint8_t xflags = 0;
3261 int hasqos;
3262
3263 RUN_LOCK_ASSERT(sc, MA_OWNED);
3264
3265 wh = mtod(m, struct ieee80211_frame *);
3266
3267 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3268
3269 /*
3270 * There are 7 bulk endpoints: 1 for RX
3271 * and 6 for TX (4 EDCAs + HCCA + Prio).
3272 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3273 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3274 */
3275 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3276 uint8_t *frm;
3277
3278 if(IEEE80211_HAS_ADDR4(wh))
3279 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3280 else
3281 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3282
3283 qos = le16toh(*(const uint16_t *)frm);
3284 tid = qos & IEEE80211_QOS_TID;
3285 qid = TID_TO_WME_AC(tid);
3286 } else {
3287 qos = 0;
3288 tid = 0;
3289 qid = WME_AC_BE;
3290 }
3291 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3292
3293 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3294 qos, qid, tid, qflags);
3295
3296 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3297 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3298
3299 /* pickup a rate index */
3300 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3301 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3302 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3303 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3304 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3305 } else {
3306 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3307 ridx = rn->fix_ridx;
3308 else
3309 ridx = rn->amrr_ridx;
3310 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3311 }
3312
3313 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3314 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3315 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3316 xflags |= RT2860_TX_ACK;
3317 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3318 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3319 else
3320 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3321 USETW(wh->i_dur, dur);
3322 }
3323
3324 /* reserve slots for mgmt packets, just in case */
3325 if (sc->sc_epq[qid].tx_nfree < 3) {
3326 DPRINTFN(10, "tx ring %d is full\n", qid);
3327 return (-1);
3328 }
3329
3330 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3331 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3332 sc->sc_epq[qid].tx_nfree--;
3333
3334 txd = (struct rt2870_txd *)&data->desc;
3335 txd->flags = qflags;
3336 txwi = (struct rt2860_txwi *)(txd + 1);
3337 txwi->xflags = xflags;
3338 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3339 txwi->wcid = 0;
3340 else
3341 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3342 1 : RUN_AID2WCID(ni->ni_associd);
3343
3344 /* clear leftover garbage bits */
3345 txwi->flags = 0;
3346 txwi->txop = 0;
3347
3348 data->m = m;
3349 data->ni = ni;
3350 data->ridx = ridx;
3351
3352 run_set_tx_desc(sc, data);
3353
3354 /*
3355 * The chip keeps track of 2 kind of Tx stats,
3356 * * TX_STAT_FIFO, for per WCID stats, and
3357 * * TX_STA_CNT0 for all-TX-in-one stats.
3358 *
3359 * To use FIFO stats, we need to store MCS into the driver-private
3360 * PacketID field. So that, we can tell whose stats when we read them.
3361 * We add 1 to the MCS because setting the PacketID field to 0 means
3362 * that we don't want feedback in TX_STAT_FIFO.
3363 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3364 *
3365 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3366 */
3367 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3368 vap->iv_opmode == IEEE80211_M_MBSS) {
3369 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3370 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3371
3372 /*
3373 * Unlike PCI based devices, we don't get any interrupt from
3374 * USB devices, so we simulate FIFO-is-full interrupt here.
3375 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3376 * quickly get fulled. To prevent overflow, increment a counter on
3377 * every FIFO stat request, so we know how many slots are left.
3378 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3379 * are used only in those modes.
3380 * We just drain stats. AMRR gets updated every 1 sec by
3381 * run_ratectl_cb() via callout.
3382 * Call it early. Otherwise overflow.
3383 */
3384 if (sc->fifo_cnt++ == 10) {
3385 /*
3386 * With multiple vaps or if_bridge, if_start() is called
3387 * with a non-sleepable lock, tcpinp. So, need to defer.
3388 */
3389 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3390 DPRINTFN(6, "cmdq_store=%d\n", i);
3391 sc->cmdq[i].func = run_drain_fifo;
3392 sc->cmdq[i].arg0 = sc;
3393 ieee80211_runtask(ic, &sc->cmdq_task);
3394 }
3395 }
3396
3397 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3398
3399 usbd_transfer_start(sc->sc_xfer[qid]);
3400
3401 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3402 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3403 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3404
3405 return (0);
3406}
3407
3408static int
3409run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3410{
3411 struct ieee80211com *ic = &sc->sc_ic;
3412 struct run_node *rn = RUN_NODE(ni);
3413 struct run_tx_data *data;
3414 struct ieee80211_frame *wh;
3415 struct rt2870_txd *txd;
3416 struct rt2860_txwi *txwi;
3417 uint16_t dur;
3418 uint8_t ridx = rn->mgt_ridx;
3419 uint8_t type;
3420 uint8_t xflags = 0;
3421 uint8_t wflags = 0;
3422
3423 RUN_LOCK_ASSERT(sc, MA_OWNED);
3424
3425 wh = mtod(m, struct ieee80211_frame *);
3426
3427 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3428
3429 /* tell hardware to add timestamp for probe responses */
3430 if ((wh->i_fc[0] &
3431 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3432 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3433 wflags |= RT2860_TX_TS;
3434 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3435 xflags |= RT2860_TX_ACK;
3436
3437 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3438 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3439 USETW(wh->i_dur, dur);
3440 }
3441
3442 if (sc->sc_epq[0].tx_nfree == 0)
3443 /* let caller free mbuf */
3444 return (EIO);
3445 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3446 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3447 sc->sc_epq[0].tx_nfree--;
3448
3449 txd = (struct rt2870_txd *)&data->desc;
3450 txd->flags = RT2860_TX_QSEL_EDCA;
3451 txwi = (struct rt2860_txwi *)(txd + 1);
3452 txwi->wcid = 0xff;
3453 txwi->flags = wflags;
3454 txwi->xflags = xflags;
3455 txwi->txop = 0; /* clear leftover garbage bits */
3456
3457 data->m = m;
3458 data->ni = ni;
3459 data->ridx = ridx;
3460
3461 run_set_tx_desc(sc, data);
3462
3463 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3464 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3465 rt2860_rates[ridx].rate);
3466
3467 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3468
3469 usbd_transfer_start(sc->sc_xfer[0]);
3470
3471 return (0);
3472}
3473
3474static int
3475run_sendprot(struct run_softc *sc,
3476 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3477{
3478 struct ieee80211com *ic = ni->ni_ic;
3479 struct ieee80211_frame *wh;
3480 struct run_tx_data *data;
3481 struct rt2870_txd *txd;
3482 struct rt2860_txwi *txwi;
3483 struct mbuf *mprot;
3484 int ridx;
3485 int protrate;
3486 int ackrate;
3487 int pktlen;
3488 int isshort;
3489 uint16_t dur;
3490 uint8_t type;
3491 uint8_t wflags = 0;
3492 uint8_t xflags = 0;
3493
3494 RUN_LOCK_ASSERT(sc, MA_OWNED);
3495
3496 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3497 ("protection %d", prot));
3498
3499 wh = mtod(m, struct ieee80211_frame *);
3500 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3501 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3502
3503 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3504 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3505
3506 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3507 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3508 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3509 wflags = RT2860_TX_FRAG;
3510
3511 /* check that there are free slots before allocating the mbuf */
3512 if (sc->sc_epq[0].tx_nfree == 0)
3513 /* let caller free mbuf */
3514 return (ENOBUFS);
3515
3516 if (prot == IEEE80211_PROT_RTSCTS) {
3517 /* NB: CTS is the same size as an ACK */
3518 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3519 xflags |= RT2860_TX_ACK;
3520 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3521 } else {
3522 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3523 }
3524 if (mprot == NULL) {
3525 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3526 DPRINTF("could not allocate mbuf\n");
3527 return (ENOBUFS);
3528 }
3529
3530 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3531 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3532 sc->sc_epq[0].tx_nfree--;
3533
3534 txd = (struct rt2870_txd *)&data->desc;
3535 txd->flags = RT2860_TX_QSEL_EDCA;
3536 txwi = (struct rt2860_txwi *)(txd + 1);
3537 txwi->wcid = 0xff;
3538 txwi->flags = wflags;
3539 txwi->xflags = xflags;
3540 txwi->txop = 0; /* clear leftover garbage bits */
3541
3542 data->m = mprot;
3543 data->ni = ieee80211_ref_node(ni);
3544
3545 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3546 if (rt2860_rates[ridx].rate == protrate)
3547 break;
3548 data->ridx = ridx;
3549
3550 run_set_tx_desc(sc, data);
3551
3552 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3553 m->m_pkthdr.len, rate);
3554
3555 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3556
3557 usbd_transfer_start(sc->sc_xfer[0]);
3558
3559 return (0);
3560}
3561
3562static int
3563run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3564 const struct ieee80211_bpf_params *params)
3565{
3566 struct ieee80211com *ic = ni->ni_ic;
3567 struct ieee80211_frame *wh;
3568 struct run_tx_data *data;
3569 struct rt2870_txd *txd;
3570 struct rt2860_txwi *txwi;
3571 uint8_t type;
3572 uint8_t ridx;
3573 uint8_t rate;
3574 uint8_t opflags = 0;
3575 uint8_t xflags = 0;
3576 int error;
3577
3578 RUN_LOCK_ASSERT(sc, MA_OWNED);
3579
3580 KASSERT(params != NULL, ("no raw xmit params"));
3581
3582 wh = mtod(m, struct ieee80211_frame *);
3583 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3584
3585 rate = params->ibp_rate0;
3586 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3587 /* let caller free mbuf */
3588 return (EINVAL);
3589 }
3590
3591 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3592 xflags |= RT2860_TX_ACK;
3593 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3594 error = run_sendprot(sc, m, ni,
3595 params->ibp_flags & IEEE80211_BPF_RTS ?
3596 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3597 rate);
3598 if (error) {
3599 /* let caller free mbuf */
3600 return error;
3601 }
3602 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3603 }
3604
3605 if (sc->sc_epq[0].tx_nfree == 0) {
3606 /* let caller free mbuf */
3607 DPRINTF("sending raw frame, but tx ring is full\n");
3608 return (EIO);
3609 }
3610 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3611 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3612 sc->sc_epq[0].tx_nfree--;
3613
3614 txd = (struct rt2870_txd *)&data->desc;
3615 txd->flags = RT2860_TX_QSEL_EDCA;
3616 txwi = (struct rt2860_txwi *)(txd + 1);
3617 txwi->wcid = 0xff;
3618 txwi->xflags = xflags;
3619 txwi->txop = opflags;
3620 txwi->flags = 0; /* clear leftover garbage bits */
3621
3622 data->m = m;
3623 data->ni = ni;
3624 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3625 if (rt2860_rates[ridx].rate == rate)
3626 break;
3627 data->ridx = ridx;
3628
3629 run_set_tx_desc(sc, data);
3630
3631 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3632 m->m_pkthdr.len, rate);
3633
3634 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3635
3636 usbd_transfer_start(sc->sc_xfer[0]);
3637
3638 return (0);
3639}
3640
3641static int
3642run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3643 const struct ieee80211_bpf_params *params)
3644{
3645 struct run_softc *sc = ni->ni_ic->ic_softc;
3646 int error = 0;
3647
3648 RUN_LOCK(sc);
3649
3650 /* prevent management frames from being sent if we're not ready */
3651 if (!(sc->sc_flags & RUN_RUNNING)) {
3652 error = ENETDOWN;
3653 goto done;
3654 }
3655
3656 if (params == NULL) {
3657 /* tx mgt packet */
3658 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3659 DPRINTF("mgt tx failed\n");
3660 goto done;
3661 }
3662 } else {
3663 /* tx raw packet with param */
3664 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3665 DPRINTF("tx with param failed\n");
3666 goto done;
3667 }
3668 }
3669
3670done:
3671 RUN_UNLOCK(sc);
3672
3673 if (error != 0) {
3674 if(m != NULL)
3675 m_freem(m);
3676 }
3677
3678 return (error);
3679}
3680
3681static int
3682run_transmit(struct ieee80211com *ic, struct mbuf *m)
3683{
3684 struct run_softc *sc = ic->ic_softc;
3685 int error;
3686
3687 RUN_LOCK(sc);
3688 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3689 RUN_UNLOCK(sc);
3690 return (ENXIO);
3691 }
3692 error = mbufq_enqueue(&sc->sc_snd, m);
3693 if (error) {
3694 RUN_UNLOCK(sc);
3695 return (error);
3696 }
3697 run_start(sc);
3698 RUN_UNLOCK(sc);
3699
3700 return (0);
3701}
3702
3703static void
3704run_start(struct run_softc *sc)
3705{
3706 struct ieee80211_node *ni;
3707 struct mbuf *m;
3708
3709 RUN_LOCK_ASSERT(sc, MA_OWNED);
3710
3711 if ((sc->sc_flags & RUN_RUNNING) == 0)
3712 return;
3713
3714 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3715 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3716 if (run_tx(sc, m, ni) != 0) {
3717 mbufq_prepend(&sc->sc_snd, m);
3718 break;
3719 }
3720 }
3721}
3722
3723static void
3724run_parent(struct ieee80211com *ic)
3725{
3726 struct run_softc *sc = ic->ic_softc;
3727 int startall = 0;
3728
3729 RUN_LOCK(sc);
3730 if (sc->sc_detached) {
3731 RUN_UNLOCK(sc);
3732 return;
3733 }
3734
3735 if (ic->ic_nrunning > 0) {
3736 if (!(sc->sc_flags & RUN_RUNNING)) {
3737 startall = 1;
3738 run_init_locked(sc);
3739 } else
3740 run_update_promisc_locked(sc);
3741 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3742 run_stop(sc);
3743 RUN_UNLOCK(sc);
3744 if (startall)
3745 ieee80211_start_all(ic);
3746}
3747
3748static void
3749run_iq_calib(struct run_softc *sc, u_int chan)
3750{
3751 uint16_t val;
3752
3753 /* Tx0 IQ gain. */
3754 run_bbp_write(sc, 158, 0x2c);
3755 if (chan <= 14)
3756 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3757 else if (chan <= 64) {
3758 run_efuse_read(sc,
3759 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3760 &val, 1);
3761 } else if (chan <= 138) {
3762 run_efuse_read(sc,
3763 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3764 &val, 1);
3765 } else if (chan <= 165) {
3766 run_efuse_read(sc,
3767 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3768 &val, 1);
3769 } else
3770 val = 0;
3771 run_bbp_write(sc, 159, val);
3772
3773 /* Tx0 IQ phase. */
3774 run_bbp_write(sc, 158, 0x2d);
3775 if (chan <= 14) {
3776 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3777 &val, 1);
3778 } else if (chan <= 64) {
3779 run_efuse_read(sc,
3780 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3781 &val, 1);
3782 } else if (chan <= 138) {
3783 run_efuse_read(sc,
3784 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3785 &val, 1);
3786 } else if (chan <= 165) {
3787 run_efuse_read(sc,
3788 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3789 &val, 1);
3790 } else
3791 val = 0;
3792 run_bbp_write(sc, 159, val);
3793
3794 /* Tx1 IQ gain. */
3795 run_bbp_write(sc, 158, 0x4a);
3796 if (chan <= 14) {
3797 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3798 &val, 1);
3799 } else if (chan <= 64) {
3800 run_efuse_read(sc,
3801 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3802 &val, 1);
3803 } else if (chan <= 138) {
3804 run_efuse_read(sc,
3805 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3806 &val, 1);
3807 } else if (chan <= 165) {
3808 run_efuse_read(sc,
3809 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3810 &val, 1);
3811 } else
3812 val = 0;
3813 run_bbp_write(sc, 159, val);
3814
3815 /* Tx1 IQ phase. */
3816 run_bbp_write(sc, 158, 0x4b);
3817 if (chan <= 14) {
3818 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3819 &val, 1);
3820 } else if (chan <= 64) {
3821 run_efuse_read(sc,
3822 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3823 &val, 1);
3824 } else if (chan <= 138) {
3825 run_efuse_read(sc,
3826 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3827 &val, 1);
3828 } else if (chan <= 165) {
3829 run_efuse_read(sc,
3830 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3831 &val, 1);
3832 } else
3833 val = 0;
3834 run_bbp_write(sc, 159, val);
3835
3836 /* RF IQ compensation control. */
3837 run_bbp_write(sc, 158, 0x04);
3838 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3839 &val, 1);
3840 run_bbp_write(sc, 159, val);
3841
3842 /* RF IQ imbalance compensation control. */
3843 run_bbp_write(sc, 158, 0x03);
3844 run_efuse_read(sc,
3845 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3846 run_bbp_write(sc, 159, val);
3847}
3848
3849static void
3850run_set_agc(struct run_softc *sc, uint8_t agc)
3851{
3852 uint8_t bbp;
3853
3854 if (sc->mac_ver == 0x3572) {
3855 run_bbp_read(sc, 27, &bbp);
3856 bbp &= ~(0x3 << 5);
3857 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3858 run_bbp_write(sc, 66, agc);
3859 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3860 run_bbp_write(sc, 66, agc);
3861 } else
3862 run_bbp_write(sc, 66, agc);
3863}
3864
3865static void
3866run_select_chan_group(struct run_softc *sc, int group)
3867{
3868 uint32_t tmp;
3869 uint8_t agc;
3870
3871 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3872 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3873 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3874 if (sc->mac_ver < 0x3572)
3875 run_bbp_write(sc, 86, 0x00);
3876
3877 if (sc->mac_ver == 0x3593) {
3878 run_bbp_write(sc, 77, 0x98);
3879 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3880 }
3881
3882 if (group == 0) {
3883 if (sc->ext_2ghz_lna) {
3884 if (sc->mac_ver >= 0x5390)
3885 run_bbp_write(sc, 75, 0x52);
3886 else {
3887 run_bbp_write(sc, 82, 0x62);
3888 run_bbp_write(sc, 75, 0x46);
3889 }
3890 } else {
3891 if (sc->mac_ver == 0x5592) {
3892 run_bbp_write(sc, 79, 0x1c);
3893 run_bbp_write(sc, 80, 0x0e);
3894 run_bbp_write(sc, 81, 0x3a);
3895 run_bbp_write(sc, 82, 0x62);
3896
3897 run_bbp_write(sc, 195, 0x80);
3898 run_bbp_write(sc, 196, 0xe0);
3899 run_bbp_write(sc, 195, 0x81);
3900 run_bbp_write(sc, 196, 0x1f);
3901 run_bbp_write(sc, 195, 0x82);
3902 run_bbp_write(sc, 196, 0x38);
3903 run_bbp_write(sc, 195, 0x83);
3904 run_bbp_write(sc, 196, 0x32);
3905 run_bbp_write(sc, 195, 0x85);
3906 run_bbp_write(sc, 196, 0x28);
3907 run_bbp_write(sc, 195, 0x86);
3908 run_bbp_write(sc, 196, 0x19);
3909 } else if (sc->mac_ver >= 0x5390)
3910 run_bbp_write(sc, 75, 0x50);
3911 else {
3912 run_bbp_write(sc, 82,
3913 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3914 run_bbp_write(sc, 75, 0x50);
3915 }
3916 }
3917 } else {
3918 if (sc->mac_ver == 0x5592) {
3919 run_bbp_write(sc, 79, 0x18);
3920 run_bbp_write(sc, 80, 0x08);
3921 run_bbp_write(sc, 81, 0x38);
3922 run_bbp_write(sc, 82, 0x92);
3923
3924 run_bbp_write(sc, 195, 0x80);
3925 run_bbp_write(sc, 196, 0xf0);
3926 run_bbp_write(sc, 195, 0x81);
3927 run_bbp_write(sc, 196, 0x1e);
3928 run_bbp_write(sc, 195, 0x82);
3929 run_bbp_write(sc, 196, 0x28);
3930 run_bbp_write(sc, 195, 0x83);
3931 run_bbp_write(sc, 196, 0x20);
3932 run_bbp_write(sc, 195, 0x85);
3933 run_bbp_write(sc, 196, 0x7f);
3934 run_bbp_write(sc, 195, 0x86);
3935 run_bbp_write(sc, 196, 0x7f);
3936 } else if (sc->mac_ver == 0x3572)
3937 run_bbp_write(sc, 82, 0x94);
3938 else
3939 run_bbp_write(sc, 82,
3940 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
3941 if (sc->ext_5ghz_lna)
3942 run_bbp_write(sc, 75, 0x46);
3943 else
3944 run_bbp_write(sc, 75, 0x50);
3945 }
3946
3947 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
3948 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
3949 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
3950 run_write(sc, RT2860_TX_BAND_CFG, tmp);
3951
3952 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
3953 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
3954 if (sc->mac_ver == 0x3593)
3955 tmp |= 1 << 29 | 1 << 28;
3956 if (sc->nrxchains > 1)
3957 tmp |= RT2860_LNA_PE1_EN;
3958 if (group == 0) { /* 2GHz */
3959 tmp |= RT2860_PA_PE_G0_EN;
3960 if (sc->ntxchains > 1)
3961 tmp |= RT2860_PA_PE_G1_EN;
3962 if (sc->mac_ver == 0x3593) {
3963 if (sc->ntxchains > 2)
3964 tmp |= 1 << 25;
3965 }
3966 } else { /* 5GHz */
3967 tmp |= RT2860_PA_PE_A0_EN;
3968 if (sc->ntxchains > 1)
3969 tmp |= RT2860_PA_PE_A1_EN;
3970 }
3971 if (sc->mac_ver == 0x3572) {
3972 run_rt3070_rf_write(sc, 8, 0x00);
3973 run_write(sc, RT2860_TX_PIN_CFG, tmp);
3974 run_rt3070_rf_write(sc, 8, 0x80);
3975 } else
3976 run_write(sc, RT2860_TX_PIN_CFG, tmp);
3977
3978 if (sc->mac_ver == 0x5592) {
3979 run_bbp_write(sc, 195, 0x8d);
3980 run_bbp_write(sc, 196, 0x1a);
3981 }
3982
3983 if (sc->mac_ver == 0x3593) {
3984 run_read(sc, RT2860_GPIO_CTRL, &tmp);
3985 tmp &= ~0x01010000;
3986 if (group == 0)
3987 tmp |= 0x00010000;
3988 tmp = (tmp & ~0x00009090) | 0x00000090;
3989 run_write(sc, RT2860_GPIO_CTRL, tmp);
3990 }
3991
3992 /* set initial AGC value */
3993 if (group == 0) { /* 2GHz band */
3994 if (sc->mac_ver >= 0x3070)
3995 agc = 0x1c + sc->lna[0] * 2;
3996 else
3997 agc = 0x2e + sc->lna[0];
3998 } else { /* 5GHz band */
3999 if (sc->mac_ver == 0x5592)
4000 agc = 0x24 + sc->lna[group] * 2;
4001 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4002 agc = 0x22 + (sc->lna[group] * 5) / 3;
4003 else
4004 agc = 0x32 + (sc->lna[group] * 5) / 3;
4005 }
4006 run_set_agc(sc, agc);
4007}
4008
4009static void
4010run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4011{
4012 const struct rfprog *rfprog = rt2860_rf2850;
4013 uint32_t r2, r3, r4;
4014 int8_t txpow1, txpow2;
4015 int i;
4016
4017 /* find the settings for this channel (we know it exists) */
4018 for (i = 0; rfprog[i].chan != chan; i++);
4019
4020 r2 = rfprog[i].r2;
4021 if (sc->ntxchains == 1)
4022 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4023 if (sc->nrxchains == 1)
4024 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4025 else if (sc->nrxchains == 2)
4026 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4027
4028 /* use Tx power values from EEPROM */
4029 txpow1 = sc->txpow1[i];
4030 txpow2 = sc->txpow2[i];
4031
4032 /* Initialize RF R3 and R4. */
4033 r3 = rfprog[i].r3 & 0xffffc1ff;
4034 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4035 if (chan > 14) {
4036 if (txpow1 >= 0) {
4037 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4038 r3 |= (txpow1 << 10) | (1 << 9);
4039 } else {
4040 txpow1 += 7;
4041
4042 /* txpow1 is not possible larger than 15. */
4043 r3 |= (txpow1 << 10);
4044 }
4045 if (txpow2 >= 0) {
4046 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4047 r4 |= (txpow2 << 7) | (1 << 6);
4048 } else {
4049 txpow2 += 7;
4050 r4 |= (txpow2 << 7);
4051 }
4052 } else {
4053 /* Set Tx0 power. */
4054 r3 |= (txpow1 << 9);
4055
4056 /* Set frequency offset and Tx1 power. */
4057 r4 |= (txpow2 << 6);
4058 }
4059
4060 run_rt2870_rf_write(sc, rfprog[i].r1);
4061 run_rt2870_rf_write(sc, r2);
4062 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4063 run_rt2870_rf_write(sc, r4);
4064
4065 run_delay(sc, 10);
4066
4067 run_rt2870_rf_write(sc, rfprog[i].r1);
4068 run_rt2870_rf_write(sc, r2);
4069 run_rt2870_rf_write(sc, r3 | (1 << 2));
4070 run_rt2870_rf_write(sc, r4);
4071
4072 run_delay(sc, 10);
4073
4074 run_rt2870_rf_write(sc, rfprog[i].r1);
4075 run_rt2870_rf_write(sc, r2);
4076 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4077 run_rt2870_rf_write(sc, r4);
4078}
4079
4080static void
4081run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4082{
4083 int8_t txpow1, txpow2;
4084 uint8_t rf;
4085 int i;
4086
4087 /* find the settings for this channel (we know it exists) */
4088 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4089
4090 /* use Tx power values from EEPROM */
4091 txpow1 = sc->txpow1[i];
4092 txpow2 = sc->txpow2[i];
4093
4094 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4095
4096 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4097 run_rt3070_rf_read(sc, 3, &rf);
4098 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4099 run_rt3070_rf_write(sc, 3, rf);
4100
4101 run_rt3070_rf_read(sc, 6, &rf);
4102 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4103 run_rt3070_rf_write(sc, 6, rf);
4104
4105 /* set Tx0 power */
4106 run_rt3070_rf_read(sc, 12, &rf);
4107 rf = (rf & ~0x1f) | txpow1;
4108 run_rt3070_rf_write(sc, 12, rf);
4109
4110 /* set Tx1 power */
4111 run_rt3070_rf_read(sc, 13, &rf);
4112 rf = (rf & ~0x1f) | txpow2;
4113 run_rt3070_rf_write(sc, 13, rf);
4114
4115 run_rt3070_rf_read(sc, 1, &rf);
4116 rf &= ~0xfc;
4117 if (sc->ntxchains == 1)
4118 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4119 else if (sc->ntxchains == 2)
4120 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4121 if (sc->nrxchains == 1)
4122 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4123 else if (sc->nrxchains == 2)
4124 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4125 run_rt3070_rf_write(sc, 1, rf);
4126
4127 /* set RF offset */
4128 run_rt3070_rf_read(sc, 23, &rf);
4129 rf = (rf & ~0x7f) | sc->freq;
4130 run_rt3070_rf_write(sc, 23, rf);
4131
4132 /* program RF filter */
4133 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4134 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4135 run_rt3070_rf_write(sc, 24, rf);
4136 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4137 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4138 run_rt3070_rf_write(sc, 31, rf);
4139
4140 /* enable RF tuning */
4141 run_rt3070_rf_read(sc, 7, &rf);
4142 run_rt3070_rf_write(sc, 7, rf | 0x01);
4143}
4144
4145static void
4146run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4147{
4148 int8_t txpow1, txpow2;
4149 uint32_t tmp;
4150 uint8_t rf;
4151 int i;
4152
4153 /* find the settings for this channel (we know it exists) */
4154 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4155
4156 /* use Tx power values from EEPROM */
4157 txpow1 = sc->txpow1[i];
4158 txpow2 = sc->txpow2[i];
4159
4160 if (chan <= 14) {
4161 run_bbp_write(sc, 25, sc->bbp25);
4162 run_bbp_write(sc, 26, sc->bbp26);
4163 } else {
4164 /* enable IQ phase correction */
4165 run_bbp_write(sc, 25, 0x09);
4166 run_bbp_write(sc, 26, 0xff);
4167 }
4168
4169 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4170 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4171 run_rt3070_rf_read(sc, 6, &rf);
4172 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4173 rf |= (chan <= 14) ? 0x08 : 0x04;
4174 run_rt3070_rf_write(sc, 6, rf);
4175
4176 /* set PLL mode */
4177 run_rt3070_rf_read(sc, 5, &rf);
4178 rf &= ~(0x08 | 0x04);
4179 rf |= (chan <= 14) ? 0x04 : 0x08;
4180 run_rt3070_rf_write(sc, 5, rf);
4181
4182 /* set Tx power for chain 0 */
4183 if (chan <= 14)
4184 rf = 0x60 | txpow1;
4185 else
4186 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4187 run_rt3070_rf_write(sc, 12, rf);
4188
4189 /* set Tx power for chain 1 */
4190 if (chan <= 14)
4191 rf = 0x60 | txpow2;
4192 else
4193 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4194 run_rt3070_rf_write(sc, 13, rf);
4195
4196 /* set Tx/Rx streams */
4197 run_rt3070_rf_read(sc, 1, &rf);
4198 rf &= ~0xfc;
4199 if (sc->ntxchains == 1)
4200 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4201 else if (sc->ntxchains == 2)
4202 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4203 if (sc->nrxchains == 1)
4204 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4205 else if (sc->nrxchains == 2)
4206 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4207 run_rt3070_rf_write(sc, 1, rf);
4208
4209 /* set RF offset */
4210 run_rt3070_rf_read(sc, 23, &rf);
4211 rf = (rf & ~0x7f) | sc->freq;
4212 run_rt3070_rf_write(sc, 23, rf);
4213
4214 /* program RF filter */
4215 rf = sc->rf24_20mhz;
4216 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4217 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4218
4219 /* enable RF tuning */
4220 run_rt3070_rf_read(sc, 7, &rf);
4221 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4222 run_rt3070_rf_write(sc, 7, rf);
4223
4224 /* TSSI */
4225 rf = (chan <= 14) ? 0xc3 : 0xc0;
4226 run_rt3070_rf_write(sc, 9, rf);
4227
4228 /* set loop filter 1 */
4229 run_rt3070_rf_write(sc, 10, 0xf1);
4230 /* set loop filter 2 */
4231 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4232
4233 /* set tx_mx2_ic */
4234 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4235 /* set tx_mx1_ic */
4236 if (chan <= 14)
4237 rf = 0x48 | sc->txmixgain_2ghz;
4238 else
4239 rf = 0x78 | sc->txmixgain_5ghz;
4240 run_rt3070_rf_write(sc, 16, rf);
4241
4242 /* set tx_lo1 */
4243 run_rt3070_rf_write(sc, 17, 0x23);
4244 /* set tx_lo2 */
4245 if (chan <= 14)
4246 rf = 0x93;
4247 else if (chan <= 64)
4248 rf = 0xb7;
4249 else if (chan <= 128)
4250 rf = 0x74;
4251 else
4252 rf = 0x72;
4253 run_rt3070_rf_write(sc, 19, rf);
4254
4255 /* set rx_lo1 */
4256 if (chan <= 14)
4257 rf = 0xb3;
4258 else if (chan <= 64)
4259 rf = 0xf6;
4260 else if (chan <= 128)
4261 rf = 0xf4;
4262 else
4263 rf = 0xf3;
4264 run_rt3070_rf_write(sc, 20, rf);
4265
4266 /* set pfd_delay */
4267 if (chan <= 14)
4268 rf = 0x15;
4269 else if (chan <= 64)
4270 rf = 0x3d;
4271 else
4272 rf = 0x01;
4273 run_rt3070_rf_write(sc, 25, rf);
4274
4275 /* set rx_lo2 */
4276 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4277 /* set ldo_rf_vc */
4278 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4279 /* set drv_cc */
4280 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4281
4282 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4283 tmp &= ~0x8080;
4284 if (chan <= 14)
4285 tmp |= 0x80;
4286 run_write(sc, RT2860_GPIO_CTRL, tmp);
4287
4288 /* enable RF tuning */
4289 run_rt3070_rf_read(sc, 7, &rf);
4290 run_rt3070_rf_write(sc, 7, rf | 0x01);
4291
4292 run_delay(sc, 2);
4293}
4294
4295static void
4296run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4297{
4298 int8_t txpow1, txpow2, txpow3;
4299 uint8_t h20mhz, rf;
4300 int i;
4301
4302 /* find the settings for this channel (we know it exists) */
4303 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4304
4305 /* use Tx power values from EEPROM */
4306 txpow1 = sc->txpow1[i];
4307 txpow2 = sc->txpow2[i];
4308 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4309
4310 if (chan <= 14) {
4311 run_bbp_write(sc, 25, sc->bbp25);
4312 run_bbp_write(sc, 26, sc->bbp26);
4313 } else {
4314 /* Enable IQ phase correction. */
4315 run_bbp_write(sc, 25, 0x09);
4316 run_bbp_write(sc, 26, 0xff);
4317 }
4318
4319 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4320 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4321 run_rt3070_rf_read(sc, 11, &rf);
4322 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4323 run_rt3070_rf_write(sc, 11, rf);
4324
4325 /* Set pll_idoh. */
4326 run_rt3070_rf_read(sc, 11, &rf);
4327 rf &= ~0x4c;
4328 rf |= (chan <= 14) ? 0x44 : 0x48;
4329 run_rt3070_rf_write(sc, 11, rf);
4330
4331 if (chan <= 14)
4332 rf = txpow1 & 0x1f;
4333 else
4334 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4335 run_rt3070_rf_write(sc, 53, rf);
4336
4337 if (chan <= 14)
4338 rf = txpow2 & 0x1f;
4339 else
4340 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4341 run_rt3070_rf_write(sc, 55, rf);
4342
4343 if (chan <= 14)
4344 rf = txpow3 & 0x1f;
4345 else
4346 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4347 run_rt3070_rf_write(sc, 54, rf);
4348
4349 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4350 if (sc->ntxchains == 3)
4351 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4352 else
4353 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4354 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4355 run_rt3070_rf_write(sc, 1, rf);
4356
4357 run_adjust_freq_offset(sc);
4358
4359 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4360
4361 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4362 run_rt3070_rf_read(sc, 30, &rf);
4363 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4364 run_rt3070_rf_write(sc, 30, rf);
4365
4366 run_rt3070_rf_read(sc, 36, &rf);
4367 if (chan <= 14)
4368 rf |= 0x80;
4369 else
4370 rf &= ~0x80;
4371 run_rt3070_rf_write(sc, 36, rf);
4372
4373 /* Set vcolo_bs. */
4374 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4375 /* Set pfd_delay. */
4376 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4377
4378 /* Set vco bias current control. */
4379 run_rt3070_rf_read(sc, 6, &rf);
4380 rf &= ~0xc0;
4381 if (chan <= 14)
4382 rf |= 0x40;
4383 else if (chan <= 128)
4384 rf |= 0x80;
4385 else
4386 rf |= 0x40;
4387 run_rt3070_rf_write(sc, 6, rf);
4388
4389 run_rt3070_rf_read(sc, 30, &rf);
4390 rf = (rf & ~0x18) | 0x10;
4391 run_rt3070_rf_write(sc, 30, rf);
4392
4393 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4394 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4395
4396 run_rt3070_rf_read(sc, 51, &rf);
4397 rf = (rf & ~0x03) | 0x01;
4398 run_rt3070_rf_write(sc, 51, rf);
4399 /* Set tx_mx1_cc. */
4400 run_rt3070_rf_read(sc, 51, &rf);
4401 rf &= ~0x1c;
4402 rf |= (chan <= 14) ? 0x14 : 0x10;
4403 run_rt3070_rf_write(sc, 51, rf);
4404 /* Set tx_mx1_ic. */
4405 run_rt3070_rf_read(sc, 51, &rf);
4406 rf &= ~0xe0;
4407 rf |= (chan <= 14) ? 0x60 : 0x40;
4408 run_rt3070_rf_write(sc, 51, rf);
4409 /* Set tx_lo1_ic. */
4410 run_rt3070_rf_read(sc, 49, &rf);
4411 rf &= ~0x1c;
4412 rf |= (chan <= 14) ? 0x0c : 0x08;
4413 run_rt3070_rf_write(sc, 49, rf);
4414 /* Set tx_lo1_en. */
4415 run_rt3070_rf_read(sc, 50, &rf);
4416 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4417 /* Set drv_cc. */
4418 run_rt3070_rf_read(sc, 57, &rf);
4419 rf &= ~0xfc;
4420 rf |= (chan <= 14) ? 0x6c : 0x3c;
4421 run_rt3070_rf_write(sc, 57, rf);
4422 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4423 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4424 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4425 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4426 /* Enable VCO calibration. */
4427 run_rt3070_rf_read(sc, 3, &rf);
4428 rf &= ~RT5390_VCOCAL;
4429 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4430 run_rt3070_rf_write(sc, 3, rf);
4431
4432 if (chan <= 14)
4433 rf = 0x23;
4434 else if (chan <= 64)
4435 rf = 0x36;
4436 else if (chan <= 128)
4437 rf = 0x32;
4438 else
4439 rf = 0x30;
4440 run_rt3070_rf_write(sc, 39, rf);
4441 if (chan <= 14)
4442 rf = 0xbb;
4443 else if (chan <= 64)
4444 rf = 0xeb;
4445 else if (chan <= 128)
4446 rf = 0xb3;
4447 else
4448 rf = 0x9b;
4449 run_rt3070_rf_write(sc, 45, rf);
4450
4451 /* Set FEQ/AEQ control. */
4452 run_bbp_write(sc, 105, 0x34);
4453}
4454
4455static void
4456run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4457{
4458 int8_t txpow1, txpow2;
4459 uint8_t rf;
4460 int i;
4461
4462 /* find the settings for this channel (we know it exists) */
4463 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4464
4465 /* use Tx power values from EEPROM */
4466 txpow1 = sc->txpow1[i];
4467 txpow2 = sc->txpow2[i];
4468
4469 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4470 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4471 run_rt3070_rf_read(sc, 11, &rf);
4472 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4473 run_rt3070_rf_write(sc, 11, rf);
4474
4475 run_rt3070_rf_read(sc, 49, &rf);
4476 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4477 /* The valid range of the RF R49 is 0x00 to 0x27. */
4478 if ((rf & 0x3f) > 0x27)
4479 rf = (rf & ~0x3f) | 0x27;
4480 run_rt3070_rf_write(sc, 49, rf);
4481
4482 if (sc->mac_ver == 0x5392) {
4483 run_rt3070_rf_read(sc, 50, &rf);
4484 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4485 /* The valid range of the RF R50 is 0x00 to 0x27. */
4486 if ((rf & 0x3f) > 0x27)
4487 rf = (rf & ~0x3f) | 0x27;
4488 run_rt3070_rf_write(sc, 50, rf);
4489 }
4490
4491 run_rt3070_rf_read(sc, 1, &rf);
4492 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4493 if (sc->mac_ver == 0x5392)
4494 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4495 run_rt3070_rf_write(sc, 1, rf);
4496
4497 if (sc->mac_ver != 0x5392) {
4498 run_rt3070_rf_read(sc, 2, &rf);
4499 rf |= 0x80;
4500 run_rt3070_rf_write(sc, 2, rf);
4501 run_delay(sc, 10);
4502 rf &= 0x7f;
4503 run_rt3070_rf_write(sc, 2, rf);
4504 }
4505
4506 run_adjust_freq_offset(sc);
4507
4508 if (sc->mac_ver == 0x5392) {
4509 /* Fix for RT5392C. */
4510 if (sc->mac_rev >= 0x0223) {
4511 if (chan <= 4)
4512 rf = 0x0f;
4513 else if (chan >= 5 && chan <= 7)
4514 rf = 0x0e;
4515 else
4516 rf = 0x0d;
4517 run_rt3070_rf_write(sc, 23, rf);
4518
4519 if (chan <= 4)
4520 rf = 0x0c;
4521 else if (chan == 5)
4522 rf = 0x0b;
4523 else if (chan >= 6 && chan <= 7)
4524 rf = 0x0a;
4525 else if (chan >= 8 && chan <= 10)
4526 rf = 0x09;
4527 else
4528 rf = 0x08;
4529 run_rt3070_rf_write(sc, 59, rf);
4530 } else {
4531 if (chan <= 11)
4532 rf = 0x0f;
4533 else
4534 rf = 0x0b;
4535 run_rt3070_rf_write(sc, 59, rf);
4536 }
4537 } else {
4538 /* Fix for RT5390F. */
4539 if (sc->mac_rev >= 0x0502) {
4540 if (chan <= 11)
4541 rf = 0x43;
4542 else
4543 rf = 0x23;
4544 run_rt3070_rf_write(sc, 55, rf);
4545
4546 if (chan <= 11)
4547 rf = 0x0f;
4548 else if (chan == 12)
4549 rf = 0x0d;
4550 else
4551 rf = 0x0b;
4552 run_rt3070_rf_write(sc, 59, rf);
4553 } else {
4554 run_rt3070_rf_write(sc, 55, 0x44);
4555 run_rt3070_rf_write(sc, 59, 0x8f);
4556 }
4557 }
4558
4559 /* Enable VCO calibration. */
4560 run_rt3070_rf_read(sc, 3, &rf);
4561 rf |= RT5390_VCOCAL;
4562 run_rt3070_rf_write(sc, 3, rf);
4563}
4564
4565static void
4566run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4567{
4568 const struct rt5592_freqs *freqs;
4569 uint32_t tmp;
4570 uint8_t reg, rf, txpow_bound;
4571 int8_t txpow1, txpow2;
4572 int i;
4573
4574 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4575 freqs = (tmp & RT5592_SEL_XTAL) ?
4576 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4577
4578 /* find the settings for this channel (we know it exists) */
4579 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4580
4581 /* use Tx power values from EEPROM */
4582 txpow1 = sc->txpow1[i];
4583 txpow2 = sc->txpow2[i];
4584
4585 run_read(sc, RT3070_LDO_CFG0, &tmp);
4586 tmp &= ~0x1c000000;
4587 if (chan > 14)
4588 tmp |= 0x14000000;
4589 run_write(sc, RT3070_LDO_CFG0, tmp);
4590
4591 /* N setting. */
4592 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4593 run_rt3070_rf_read(sc, 9, &rf);
4594 rf &= ~(1 << 4);
4595 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4596 run_rt3070_rf_write(sc, 9, rf);
4597
4598 /* K setting. */
4599 run_rt3070_rf_read(sc, 9, &rf);
4600 rf &= ~0x0f;
4601 rf |= (freqs->k & 0x0f);
4602 run_rt3070_rf_write(sc, 9, rf);
4603
4604 /* Mode setting. */
4605 run_rt3070_rf_read(sc, 11, &rf);
4606 rf &= ~0x0c;
4607 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4608 run_rt3070_rf_write(sc, 11, rf);
4609 run_rt3070_rf_read(sc, 9, &rf);
4610 rf &= ~(1 << 7);
4611 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4612 run_rt3070_rf_write(sc, 9, rf);
4613
4614 /* R setting. */
4615 run_rt3070_rf_read(sc, 11, &rf);
4616 rf &= ~0x03;
4617 rf |= (freqs->r - 0x1);
4618 run_rt3070_rf_write(sc, 11, rf);
4619
4620 if (chan <= 14) {
4621 /* Initialize RF registers for 2GHZ. */
4622 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4623 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4624 rt5592_2ghz_def_rf[i].val);
4625 }
4626
4627 rf = (chan <= 10) ? 0x07 : 0x06;
4628 run_rt3070_rf_write(sc, 23, rf);
4629 run_rt3070_rf_write(sc, 59, rf);
4630
4631 run_rt3070_rf_write(sc, 55, 0x43);
4632
4633 /*
4634 * RF R49/R50 Tx power ALC code.
4635 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4636 */
4637 reg = 2;
4638 txpow_bound = 0x27;
4639 } else {
4640 /* Initialize RF registers for 5GHZ. */
4641 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4642 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4643 rt5592_5ghz_def_rf[i].val);
4644 }
4645 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4646 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4647 chan <= rt5592_chan_5ghz[i].lastchan) {
4648 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4649 rt5592_chan_5ghz[i].val);
4650 }
4651 }
4652
4653 /*
4654 * RF R49/R50 Tx power ALC code.
4655 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4656 */
4657 reg = 3;
4658 txpow_bound = 0x2b;
4659 }
4660
4661 /* RF R49 ch0 Tx power ALC code. */
4662 run_rt3070_rf_read(sc, 49, &rf);
4663 rf &= ~0xc0;
4664 rf |= (reg << 6);
4665 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4666 if ((rf & 0x3f) > txpow_bound)
4667 rf = (rf & ~0x3f) | txpow_bound;
4668 run_rt3070_rf_write(sc, 49, rf);
4669
4670 /* RF R50 ch1 Tx power ALC code. */
4671 run_rt3070_rf_read(sc, 50, &rf);
4672 rf &= ~(1 << 7 | 1 << 6);
4673 rf |= (reg << 6);
4674 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4675 if ((rf & 0x3f) > txpow_bound)
4676 rf = (rf & ~0x3f) | txpow_bound;
4677 run_rt3070_rf_write(sc, 50, rf);
4678
4679 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4680 run_rt3070_rf_read(sc, 1, &rf);
4681 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4682 if (sc->ntxchains > 1)
4683 rf |= RT3070_TX1_PD;
4684 if (sc->nrxchains > 1)
4685 rf |= RT3070_RX1_PD;
4686 run_rt3070_rf_write(sc, 1, rf);
4687
4688 run_rt3070_rf_write(sc, 6, 0xe4);
4689
4690 run_rt3070_rf_write(sc, 30, 0x10);
4691 run_rt3070_rf_write(sc, 31, 0x80);
4692 run_rt3070_rf_write(sc, 32, 0x80);
4693
4694 run_adjust_freq_offset(sc);
4695
4696 /* Enable VCO calibration. */
4697 run_rt3070_rf_read(sc, 3, &rf);
4698 rf |= RT5390_VCOCAL;
4699 run_rt3070_rf_write(sc, 3, rf);
4700}
4701
4702static void
4703run_set_rx_antenna(struct run_softc *sc, int aux)
4704{
4705 uint32_t tmp;
4706 uint8_t bbp152;
4707
4708 if (aux) {
4709 if (sc->rf_rev == RT5390_RF_5370) {
4710 run_bbp_read(sc, 152, &bbp152);
4711 run_bbp_write(sc, 152, bbp152 & ~0x80);
4712 } else {
4713 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4714 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4715 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4716 }
4717 } else {
4718 if (sc->rf_rev == RT5390_RF_5370) {
4719 run_bbp_read(sc, 152, &bbp152);
4720 run_bbp_write(sc, 152, bbp152 | 0x80);
4721 } else {
4722 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4723 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4724 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4725 }
4726 }
4727}
4728
4729static int
4730run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4731{
4732 struct ieee80211com *ic = &sc->sc_ic;
4733 u_int chan, group;
4734
4735 chan = ieee80211_chan2ieee(ic, c);
4736 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4737 return (EINVAL);
4738
4739 if (sc->mac_ver == 0x5592)
4740 run_rt5592_set_chan(sc, chan);
4741 else if (sc->mac_ver >= 0x5390)
4742 run_rt5390_set_chan(sc, chan);
4743 else if (sc->mac_ver == 0x3593)
4744 run_rt3593_set_chan(sc, chan);
4745 else if (sc->mac_ver == 0x3572)
4746 run_rt3572_set_chan(sc, chan);
4747 else if (sc->mac_ver >= 0x3070)
4748 run_rt3070_set_chan(sc, chan);
4749 else
4750 run_rt2870_set_chan(sc, chan);
4751
4752 /* determine channel group */
4753 if (chan <= 14)
4754 group = 0;
4755 else if (chan <= 64)
4756 group = 1;
4757 else if (chan <= 128)
4758 group = 2;
4759 else
4760 group = 3;
4761
4762 /* XXX necessary only when group has changed! */
4763 run_select_chan_group(sc, group);
4764
4765 run_delay(sc, 10);
4766
4767 /* Perform IQ calibration. */
4768 if (sc->mac_ver >= 0x5392)
4769 run_iq_calib(sc, chan);
4770
4771 return (0);
4772}
4773
4774static void
4775run_set_channel(struct ieee80211com *ic)
4776{
4777 struct run_softc *sc = ic->ic_softc;
4778
4779 RUN_LOCK(sc);
4780 run_set_chan(sc, ic->ic_curchan);
4781 RUN_UNLOCK(sc);
4782
4783 return;
4784}
4785
4786static void
4787run_scan_start(struct ieee80211com *ic)
4788{
4789 struct run_softc *sc = ic->ic_softc;
4790 uint32_t tmp;
4791
4792 RUN_LOCK(sc);
4793
4794 /* abort TSF synchronization */
4795 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4796 run_write(sc, RT2860_BCN_TIME_CFG,
4797 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4798 RT2860_TBTT_TIMER_EN));
4799 run_set_bssid(sc, ieee80211broadcastaddr);
4800
4801 RUN_UNLOCK(sc);
4802
4803 return;
4804}
4805
4806static void
4807run_scan_end(struct ieee80211com *ic)
4808{
4809 struct run_softc *sc = ic->ic_softc;
4810
4811 RUN_LOCK(sc);
4812
4813 run_enable_tsf_sync(sc);
4814 run_set_bssid(sc, sc->sc_bssid);
4815
4816 RUN_UNLOCK(sc);
4817
4818 return;
4819}
4820
4821/*
4822 * Could be called from ieee80211_node_timeout()
4823 * (non-sleepable thread)
4824 */
4825static void
4826run_update_beacon(struct ieee80211vap *vap, int item)
4827{
4828 struct ieee80211com *ic = vap->iv_ic;
4829 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4830 struct ieee80211_node *ni = vap->iv_bss;
4831 struct run_softc *sc = ic->ic_softc;
4832 struct run_vap *rvp = RUN_VAP(vap);
4833 int mcast = 0;
4834 uint32_t i;
4835
4836 switch (item) {
4837 case IEEE80211_BEACON_ERP:
4838 run_updateslot(ic);
4839 break;
4840 case IEEE80211_BEACON_HTINFO:
4841 run_updateprot(ic);
4842 break;
4843 case IEEE80211_BEACON_TIM:
4844 mcast = 1; /*TODO*/
4845 break;
4846 default:
4847 break;
4848 }
4849
4850 setbit(bo->bo_flags, item);
4851 if (rvp->beacon_mbuf == NULL) {
4852 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4853 if (rvp->beacon_mbuf == NULL)
4854 return;
4855 }
4856 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
4857
4858 i = RUN_CMDQ_GET(&sc->cmdq_store);
4859 DPRINTF("cmdq_store=%d\n", i);
4860 sc->cmdq[i].func = run_update_beacon_cb;
4861 sc->cmdq[i].arg0 = vap;
4862 ieee80211_runtask(ic, &sc->cmdq_task);
4863
4864 return;
4865}
4866
4867static void
4868run_update_beacon_cb(void *arg)
4869{
4870 struct ieee80211vap *vap = arg;
4871 struct ieee80211_node *ni = vap->iv_bss;
4872 struct run_vap *rvp = RUN_VAP(vap);
4873 struct ieee80211com *ic = vap->iv_ic;
4874 struct run_softc *sc = ic->ic_softc;
4875 struct rt2860_txwi txwi;
4876 struct mbuf *m;
4877 uint16_t txwisize;
4878 uint8_t ridx;
4879
4880 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
4881 return;
4882 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4883 return;
4884
4885 /*
4886 * No need to call ieee80211_beacon_update(), run_update_beacon()
4887 * is taking care of appropriate calls.
4888 */
4889 if (rvp->beacon_mbuf == NULL) {
4890 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4891 if (rvp->beacon_mbuf == NULL)
4892 return;
4893 }
4894 m = rvp->beacon_mbuf;
4895
4896 memset(&txwi, 0, sizeof(txwi));
4897 txwi.wcid = 0xff;
4898 txwi.len = htole16(m->m_pkthdr.len);
4899
4900 /* send beacons at the lowest available rate */
4901 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4902 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4903 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4904 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4905 txwi.phy |= htole16(RT2860_PHY_OFDM);
4906 txwi.txop = RT2860_TX_TXOP_HT;
4907 txwi.flags = RT2860_TX_TS;
4908 txwi.xflags = RT2860_TX_NSEQ;
4909
4910 txwisize = (sc->mac_ver == 0x5592) ?
4911 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4912 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4913 txwisize);
4914 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4915 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4916}
4917
4918static void
4919run_updateprot(struct ieee80211com *ic)
4920{
4921 struct run_softc *sc = ic->ic_softc;
4922 uint32_t i;
4923
4924 i = RUN_CMDQ_GET(&sc->cmdq_store);
4925 DPRINTF("cmdq_store=%d\n", i);
4926 sc->cmdq[i].func = run_updateprot_cb;
4927 sc->cmdq[i].arg0 = ic;
4928 ieee80211_runtask(ic, &sc->cmdq_task);
4929}
4930
4931static void
4932run_updateprot_cb(void *arg)
4933{
4934 struct ieee80211com *ic = arg;
4935 struct run_softc *sc = ic->ic_softc;
4936 uint32_t tmp;
4937
4938 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
4939 /* setup protection frame rate (MCS code) */
4940 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
4941 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
4942 rt2860_rates[RT2860_RIDX_CCK11].mcs;
4943
4944 /* CCK frames don't require protection */
4945 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
4946 if (ic->ic_flags & IEEE80211_F_USEPROT) {
4947 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
4948 tmp |= RT2860_PROT_CTRL_RTS_CTS;
4949 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
4950 tmp |= RT2860_PROT_CTRL_CTS;
4951 }
4952 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
4953}
4954
4955static void
4956run_usb_timeout_cb(void *arg)
4957{
4958 struct ieee80211vap *vap = arg;
4959 struct run_softc *sc = vap->iv_ic->ic_softc;
4960
4961 RUN_LOCK_ASSERT(sc, MA_OWNED);
4962
4963 if(vap->iv_state == IEEE80211_S_RUN &&
4964 vap->iv_opmode != IEEE80211_M_STA)
4965 run_reset_livelock(sc);
4966 else if (vap->iv_state == IEEE80211_S_SCAN) {
4967 DPRINTF("timeout caused by scan\n");
4968 /* cancel bgscan */
4969 ieee80211_cancel_scan(vap);
4970 } else
4971 DPRINTF("timeout by unknown cause\n");
4972}
4973
4974static void
4975run_reset_livelock(struct run_softc *sc)
4976{
4977 uint32_t tmp;
4978
4979 RUN_LOCK_ASSERT(sc, MA_OWNED);
4980
4981 /*
4982 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
4983 * can run into a livelock and start sending CTS-to-self frames like
4984 * crazy if protection is enabled. Reset MAC/BBP for a while
4985 */
4986 run_read(sc, RT2860_DEBUG, &tmp);
4987 DPRINTFN(3, "debug reg %08x\n", tmp);
4988 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
4989 DPRINTF("CTS-to-self livelock detected\n");
4990 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
4991 run_delay(sc, 1);
4992 run_write(sc, RT2860_MAC_SYS_CTRL,
4993 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
4994 }
4995}
4996
4997static void
4998run_update_promisc_locked(struct run_softc *sc)
4999{
5000 uint32_t tmp;
5001
5002 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5003
5004 tmp |= RT2860_DROP_UC_NOME;
5005 if (sc->sc_ic.ic_promisc > 0)
5006 tmp &= ~RT2860_DROP_UC_NOME;
5007
5008 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5009
5010 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ?
5011 "entering" : "leaving");
5012}
5013
5014static void
5015run_update_promisc(struct ieee80211com *ic)
5016{
5017 struct run_softc *sc = ic->ic_softc;
5018
5019 if ((sc->sc_flags & RUN_RUNNING) == 0)
5020 return;
5021
5022 RUN_LOCK(sc);
5023 run_update_promisc_locked(sc);
5024 RUN_UNLOCK(sc);
5025}
5026
5027static void
5028run_enable_tsf_sync(struct run_softc *sc)
5029{
5030 struct ieee80211com *ic = &sc->sc_ic;
5031 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5032 uint32_t tmp;
5033
5034 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5035 ic->ic_opmode);
5036
5037 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5038 tmp &= ~0x1fffff;
5039 tmp |= vap->iv_bss->ni_intval * 16;
5040 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5041
5042 if (ic->ic_opmode == IEEE80211_M_STA) {
5043 /*
5044 * Local TSF is always updated with remote TSF on beacon
5045 * reception.
5046 */
5047 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5048 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5049 tmp |= RT2860_BCN_TX_EN;
5050 /*
5051 * Local TSF is updated with remote TSF on beacon reception
5052 * only if the remote TSF is greater than local TSF.
5053 */
5054 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5055 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5056 ic->ic_opmode == IEEE80211_M_MBSS) {
5057 tmp |= RT2860_BCN_TX_EN;
5058 /* SYNC with nobody */
5059 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5060 } else {
5061 DPRINTF("Enabling TSF failed. undefined opmode\n");
5062 return;
5063 }
5064
5065 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5066}
5067
5068static void
5069run_enable_tsf(struct run_softc *sc)
5070{
5071 uint32_t tmp;
5072
5073 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5074 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5075 tmp |= RT2860_TSF_TIMER_EN;
5076 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5077 }
5078}
5079
5080static void
5081run_get_tsf(struct run_softc *sc, uint64_t *buf)
5082{
5083 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5084 sizeof(*buf));
5085}
5086
5087static void
5088run_enable_mrr(struct run_softc *sc)
5089{
5090#define CCK(mcs) (mcs)
5091#define OFDM(mcs) (1 << 3 | (mcs))
5092 run_write(sc, RT2860_LG_FBK_CFG0,
5093 OFDM(6) << 28 | /* 54->48 */
5094 OFDM(5) << 24 | /* 48->36 */
5095 OFDM(4) << 20 | /* 36->24 */
5096 OFDM(3) << 16 | /* 24->18 */
5097 OFDM(2) << 12 | /* 18->12 */
5098 OFDM(1) << 8 | /* 12-> 9 */
5099 OFDM(0) << 4 | /* 9-> 6 */
5100 OFDM(0)); /* 6-> 6 */
5101
5102 run_write(sc, RT2860_LG_FBK_CFG1,
5103 CCK(2) << 12 | /* 11->5.5 */
5104 CCK(1) << 8 | /* 5.5-> 2 */
5105 CCK(0) << 4 | /* 2-> 1 */
5106 CCK(0)); /* 1-> 1 */
5107#undef OFDM
5108#undef CCK
5109}
5110
5111static void
5112run_set_txpreamble(struct run_softc *sc)
5113{
5114 struct ieee80211com *ic = &sc->sc_ic;
5115 uint32_t tmp;
5116
5117 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5118 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5119 tmp |= RT2860_CCK_SHORT_EN;
5120 else
5121 tmp &= ~RT2860_CCK_SHORT_EN;
5122 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5123}
5124
5125static void
5126run_set_basicrates(struct run_softc *sc)
5127{
5128 struct ieee80211com *ic = &sc->sc_ic;
5129
5130 /* set basic rates mask */
5131 if (ic->ic_curmode == IEEE80211_MODE_11B)
5132 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5133 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5134 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5135 else /* 11g */
5136 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5137}
5138
5139static void
5140run_set_leds(struct run_softc *sc, uint16_t which)
5141{
5142 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5143 which | (sc->leds & 0x7f));
5144}
5145
5146static void
5147run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5148{
5149 run_write(sc, RT2860_MAC_BSSID_DW0,
5150 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5151 run_write(sc, RT2860_MAC_BSSID_DW1,
5152 bssid[4] | bssid[5] << 8);
5153}
5154
5155static void
5156run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5157{
5158 run_write(sc, RT2860_MAC_ADDR_DW0,
5159 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5160 run_write(sc, RT2860_MAC_ADDR_DW1,
5161 addr[4] | addr[5] << 8 | 0xff << 16);
5162}
5163
5164static void
5165run_updateslot(struct ieee80211com *ic)
5166{
5167 struct run_softc *sc = ic->ic_softc;
5168 uint32_t i;
5169
5170 i = RUN_CMDQ_GET(&sc->cmdq_store);
5171 DPRINTF("cmdq_store=%d\n", i);
5172 sc->cmdq[i].func = run_updateslot_cb;
5173 sc->cmdq[i].arg0 = ic;
5174 ieee80211_runtask(ic, &sc->cmdq_task);
5175
5176 return;
5177}
5178
5179/* ARGSUSED */
5180static void
5181run_updateslot_cb(void *arg)
5182{
5183 struct ieee80211com *ic = arg;
5184 struct run_softc *sc = ic->ic_softc;
5185 uint32_t tmp;
5186
5187 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5188 tmp &= ~0xff;
5189 tmp |= IEEE80211_GET_SLOTTIME(ic);
5190 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5191}
5192
5193static void
5194run_update_mcast(struct ieee80211com *ic)
5195{
5196}
5197
5198static int8_t
5199run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5200{
5201 struct ieee80211com *ic = &sc->sc_ic;
5202 struct ieee80211_channel *c = ic->ic_curchan;
5203 int delta;
5204
5205 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5206 u_int chan = ieee80211_chan2ieee(ic, c);
5207 delta = sc->rssi_5ghz[rxchain];
5208
5209 /* determine channel group */
5210 if (chan <= 64)
5211 delta -= sc->lna[1];
5212 else if (chan <= 128)
5213 delta -= sc->lna[2];
5214 else
5215 delta -= sc->lna[3];
5216 } else
5217 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5218
5219 return (-12 - delta - rssi);
5220}
5221
5222static void
5223run_rt5390_bbp_init(struct run_softc *sc)
5224{
|