1/*-
2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#include <sys/cdefs.h>
21__FBSDID("$FreeBSD: head/sys/dev/usb/wlan/if_run.c 283527 2015-05-25 13:51:13Z glebius $");
22
23/*-
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
26 */
27
28#include <sys/param.h>
29#include <sys/sockio.h>
30#include <sys/sysctl.h>
31#include <sys/lock.h>
32#include <sys/mutex.h>
33#include <sys/mbuf.h>
34#include <sys/kernel.h>
35#include <sys/socket.h>
36#include <sys/systm.h>
37#include <sys/malloc.h>
38#include <sys/module.h>
39#include <sys/bus.h>
40#include <sys/endian.h>
41#include <sys/linker.h>
42#include <sys/firmware.h>
43#include <sys/kdb.h>
44
45#include <machine/bus.h>
46#include <machine/resource.h>
47#include <sys/rman.h>
48
49#include <net/bpf.h>
50#include <net/if.h>
51#include <net/if_var.h>
52#include <net/if_arp.h>
53#include <net/ethernet.h>
54#include <net/if_dl.h>
55#include <net/if_media.h>
56#include <net/if_types.h>
57
58#include <netinet/in.h>
59#include <netinet/in_systm.h>
60#include <netinet/in_var.h>
61#include <netinet/if_ether.h>
62#include <netinet/ip.h>
63
64#include <net80211/ieee80211_var.h>
65#include <net80211/ieee80211_regdomain.h>
66#include <net80211/ieee80211_radiotap.h>
67#include <net80211/ieee80211_ratectl.h>
68
69#include <dev/usb/usb.h>
70#include <dev/usb/usbdi.h>
71#include "usbdevs.h"
72
73#define USB_DEBUG_VAR run_debug
74#include <dev/usb/usb_debug.h>
75#include <dev/usb/usb_msctest.h>
76
77#include <dev/usb/wlan/if_runreg.h>
78#include <dev/usb/wlan/if_runvar.h>
79
80#ifdef USB_DEBUG
81#define RUN_DEBUG
82#endif
83
84#ifdef RUN_DEBUG
85int run_debug = 0;
86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
88 "run debug level");
89#endif
90
91#define IEEE80211_HAS_ADDR4(wh) \
92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
93
94/*
95 * Because of LOR in run_key_delete(), use atomic instead.
96 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
97 */
98#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
99
100static const STRUCT_USB_HOST_ID run_devs[] = {
101#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
102#define RUN_DEV_EJECT(v,p) \
103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
104#define RUN_EJECT 1
105 RUN_DEV(ABOCOM, RT2770),
106 RUN_DEV(ABOCOM, RT2870),
107 RUN_DEV(ABOCOM, RT3070),
108 RUN_DEV(ABOCOM, RT3071),
109 RUN_DEV(ABOCOM, RT3072),
110 RUN_DEV(ABOCOM2, RT2870_1),
111 RUN_DEV(ACCTON, RT2770),
112 RUN_DEV(ACCTON, RT2870_1),
113 RUN_DEV(ACCTON, RT2870_2),
114 RUN_DEV(ACCTON, RT2870_3),
115 RUN_DEV(ACCTON, RT2870_4),
116 RUN_DEV(ACCTON, RT2870_5),
117 RUN_DEV(ACCTON, RT3070),
118 RUN_DEV(ACCTON, RT3070_1),
119 RUN_DEV(ACCTON, RT3070_2),
120 RUN_DEV(ACCTON, RT3070_3),
121 RUN_DEV(ACCTON, RT3070_4),
122 RUN_DEV(ACCTON, RT3070_5),
123 RUN_DEV(AIRTIES, RT3070),
124 RUN_DEV(ALLWIN, RT2070),
125 RUN_DEV(ALLWIN, RT2770),
126 RUN_DEV(ALLWIN, RT2870),
127 RUN_DEV(ALLWIN, RT3070),
128 RUN_DEV(ALLWIN, RT3071),
129 RUN_DEV(ALLWIN, RT3072),
130 RUN_DEV(ALLWIN, RT3572),
131 RUN_DEV(AMIGO, RT2870_1),
132 RUN_DEV(AMIGO, RT2870_2),
133 RUN_DEV(AMIT, CGWLUSB2GNR),
134 RUN_DEV(AMIT, RT2870_1),
135 RUN_DEV(AMIT2, RT2870),
136 RUN_DEV(ASUS, RT2870_1),
137 RUN_DEV(ASUS, RT2870_2),
138 RUN_DEV(ASUS, RT2870_3),
139 RUN_DEV(ASUS, RT2870_4),
140 RUN_DEV(ASUS, RT2870_5),
141 RUN_DEV(ASUS, USBN13),
142 RUN_DEV(ASUS, RT3070_1),
143 RUN_DEV(ASUS, USBN66),
144 RUN_DEV(ASUS, USB_N53),
145 RUN_DEV(ASUS2, USBN11),
146 RUN_DEV(AZUREWAVE, RT2870_1),
147 RUN_DEV(AZUREWAVE, RT2870_2),
148 RUN_DEV(AZUREWAVE, RT3070_1),
149 RUN_DEV(AZUREWAVE, RT3070_2),
150 RUN_DEV(AZUREWAVE, RT3070_3),
151 RUN_DEV(BELKIN, F9L1103),
152 RUN_DEV(BELKIN, F5D8053V3),
153 RUN_DEV(BELKIN, F5D8055),
154 RUN_DEV(BELKIN, F5D8055V2),
155 RUN_DEV(BELKIN, F6D4050V1),
156 RUN_DEV(BELKIN, F6D4050V2),
157 RUN_DEV(BELKIN, RT2870_1),
158 RUN_DEV(BELKIN, RT2870_2),
159 RUN_DEV(CISCOLINKSYS, AE1000),
160 RUN_DEV(CISCOLINKSYS2, RT3070),
161 RUN_DEV(CISCOLINKSYS3, RT3070),
162 RUN_DEV(CONCEPTRONIC2, RT2870_1),
163 RUN_DEV(CONCEPTRONIC2, RT2870_2),
164 RUN_DEV(CONCEPTRONIC2, RT2870_3),
165 RUN_DEV(CONCEPTRONIC2, RT2870_4),
166 RUN_DEV(CONCEPTRONIC2, RT2870_5),
167 RUN_DEV(CONCEPTRONIC2, RT2870_6),
168 RUN_DEV(CONCEPTRONIC2, RT2870_7),
169 RUN_DEV(CONCEPTRONIC2, RT2870_8),
170 RUN_DEV(CONCEPTRONIC2, RT3070_1),
171 RUN_DEV(CONCEPTRONIC2, RT3070_2),
172 RUN_DEV(CONCEPTRONIC2, VIGORN61),
173 RUN_DEV(COREGA, CGWLUSB300GNM),
174 RUN_DEV(COREGA, RT2870_1),
175 RUN_DEV(COREGA, RT2870_2),
176 RUN_DEV(COREGA, RT2870_3),
177 RUN_DEV(COREGA, RT3070),
178 RUN_DEV(CYBERTAN, RT2870),
179 RUN_DEV(DLINK, RT2870),
180 RUN_DEV(DLINK, RT3072),
181 RUN_DEV(DLINK, DWA127),
182 RUN_DEV(DLINK, DWA140B3),
183 RUN_DEV(DLINK, DWA160B2),
184 RUN_DEV(DLINK, DWA140D1),
185 RUN_DEV(DLINK, DWA162),
186 RUN_DEV(DLINK2, DWA130),
187 RUN_DEV(DLINK2, RT2870_1),
188 RUN_DEV(DLINK2, RT2870_2),
189 RUN_DEV(DLINK2, RT3070_1),
190 RUN_DEV(DLINK2, RT3070_2),
191 RUN_DEV(DLINK2, RT3070_3),
192 RUN_DEV(DLINK2, RT3070_4),
193 RUN_DEV(DLINK2, RT3070_5),
194 RUN_DEV(DLINK2, RT3072),
195 RUN_DEV(DLINK2, RT3072_1),
196 RUN_DEV(EDIMAX, EW7717),
197 RUN_DEV(EDIMAX, EW7718),
198 RUN_DEV(EDIMAX, EW7733UND),
199 RUN_DEV(EDIMAX, RT2870_1),
200 RUN_DEV(ENCORE, RT3070_1),
201 RUN_DEV(ENCORE, RT3070_2),
202 RUN_DEV(ENCORE, RT3070_3),
203 RUN_DEV(GIGABYTE, GNWB31N),
204 RUN_DEV(GIGABYTE, GNWB32L),
205 RUN_DEV(GIGABYTE, RT2870_1),
206 RUN_DEV(GIGASET, RT3070_1),
207 RUN_DEV(GIGASET, RT3070_2),
208 RUN_DEV(GUILLEMOT, HWNU300),
209 RUN_DEV(HAWKING, HWUN2),
210 RUN_DEV(HAWKING, RT2870_1),
211 RUN_DEV(HAWKING, RT2870_2),
212 RUN_DEV(HAWKING, RT3070),
213 RUN_DEV(IODATA, RT3072_1),
214 RUN_DEV(IODATA, RT3072_2),
215 RUN_DEV(IODATA, RT3072_3),
216 RUN_DEV(IODATA, RT3072_4),
217 RUN_DEV(LINKSYS4, RT3070),
218 RUN_DEV(LINKSYS4, WUSB100),
219 RUN_DEV(LINKSYS4, WUSB54GCV3),
220 RUN_DEV(LINKSYS4, WUSB600N),
221 RUN_DEV(LINKSYS4, WUSB600NV2),
222 RUN_DEV(LOGITEC, RT2870_1),
223 RUN_DEV(LOGITEC, RT2870_2),
224 RUN_DEV(LOGITEC, RT2870_3),
225 RUN_DEV(LOGITEC, LANW300NU2),
226 RUN_DEV(LOGITEC, LANW150NU2),
227 RUN_DEV(LOGITEC, LANW300NU2S),
228 RUN_DEV(MELCO, WLIUCG300HP),
229 RUN_DEV(MELCO, RT2870_2),
230 RUN_DEV(MELCO, WLIUCAG300N),
231 RUN_DEV(MELCO, WLIUCG300N),
232 RUN_DEV(MELCO, WLIUCG301N),
233 RUN_DEV(MELCO, WLIUCGN),
234 RUN_DEV(MELCO, WLIUCGNM),
235 RUN_DEV(MELCO, WLIUCG300HPV1),
236 RUN_DEV(MELCO, WLIUCGNM2),
237 RUN_DEV(MOTOROLA4, RT2770),
238 RUN_DEV(MOTOROLA4, RT3070),
239 RUN_DEV(MSI, RT3070_1),
240 RUN_DEV(MSI, RT3070_2),
241 RUN_DEV(MSI, RT3070_3),
242 RUN_DEV(MSI, RT3070_4),
243 RUN_DEV(MSI, RT3070_5),
244 RUN_DEV(MSI, RT3070_6),
245 RUN_DEV(MSI, RT3070_7),
246 RUN_DEV(MSI, RT3070_8),
247 RUN_DEV(MSI, RT3070_9),
248 RUN_DEV(MSI, RT3070_10),
249 RUN_DEV(MSI, RT3070_11),
250 RUN_DEV(OVISLINK, RT3072),
251 RUN_DEV(PARA, RT3070),
252 RUN_DEV(PEGATRON, RT2870),
253 RUN_DEV(PEGATRON, RT3070),
254 RUN_DEV(PEGATRON, RT3070_2),
255 RUN_DEV(PEGATRON, RT3070_3),
256 RUN_DEV(PHILIPS, RT2870),
257 RUN_DEV(PLANEX2, GWUS300MINIS),
258 RUN_DEV(PLANEX2, GWUSMICRON),
259 RUN_DEV(PLANEX2, RT2870),
260 RUN_DEV(PLANEX2, RT3070),
261 RUN_DEV(QCOM, RT2870),
262 RUN_DEV(QUANTA, RT3070),
263 RUN_DEV(RALINK, RT2070),
264 RUN_DEV(RALINK, RT2770),
265 RUN_DEV(RALINK, RT2870),
266 RUN_DEV(RALINK, RT3070),
267 RUN_DEV(RALINK, RT3071),
268 RUN_DEV(RALINK, RT3072),
269 RUN_DEV(RALINK, RT3370),
270 RUN_DEV(RALINK, RT3572),
271 RUN_DEV(RALINK, RT3573),
272 RUN_DEV(RALINK, RT5370),
273 RUN_DEV(RALINK, RT5572),
274 RUN_DEV(RALINK, RT8070),
275 RUN_DEV(SAMSUNG, WIS09ABGN),
276 RUN_DEV(SAMSUNG2, RT2870_1),
277 RUN_DEV(SENAO, RT2870_1),
278 RUN_DEV(SENAO, RT2870_2),
279 RUN_DEV(SENAO, RT2870_3),
280 RUN_DEV(SENAO, RT2870_4),
281 RUN_DEV(SENAO, RT3070),
282 RUN_DEV(SENAO, RT3071),
283 RUN_DEV(SENAO, RT3072_1),
284 RUN_DEV(SENAO, RT3072_2),
285 RUN_DEV(SENAO, RT3072_3),
286 RUN_DEV(SENAO, RT3072_4),
287 RUN_DEV(SENAO, RT3072_5),
288 RUN_DEV(SITECOMEU, RT2770),
289 RUN_DEV(SITECOMEU, RT2870_1),
290 RUN_DEV(SITECOMEU, RT2870_2),
291 RUN_DEV(SITECOMEU, RT2870_3),
292 RUN_DEV(SITECOMEU, RT2870_4),
293 RUN_DEV(SITECOMEU, RT3070),
294 RUN_DEV(SITECOMEU, RT3070_2),
295 RUN_DEV(SITECOMEU, RT3070_3),
296 RUN_DEV(SITECOMEU, RT3070_4),
297 RUN_DEV(SITECOMEU, RT3071),
298 RUN_DEV(SITECOMEU, RT3072_1),
299 RUN_DEV(SITECOMEU, RT3072_2),
300 RUN_DEV(SITECOMEU, RT3072_3),
301 RUN_DEV(SITECOMEU, RT3072_4),
302 RUN_DEV(SITECOMEU, RT3072_5),
303 RUN_DEV(SITECOMEU, RT3072_6),
304 RUN_DEV(SITECOMEU, WL608),
305 RUN_DEV(SPARKLAN, RT2870_1),
306 RUN_DEV(SPARKLAN, RT3070),
307 RUN_DEV(SWEEX2, LW153),
308 RUN_DEV(SWEEX2, LW303),
309 RUN_DEV(SWEEX2, LW313),
310 RUN_DEV(TOSHIBA, RT3070),
311 RUN_DEV(UMEDIA, RT2870_1),
312 RUN_DEV(ZCOM, RT2870_1),
313 RUN_DEV(ZCOM, RT2870_2),
314 RUN_DEV(ZINWELL, RT2870_1),
315 RUN_DEV(ZINWELL, RT2870_2),
316 RUN_DEV(ZINWELL, RT3070),
317 RUN_DEV(ZINWELL, RT3072_1),
318 RUN_DEV(ZINWELL, RT3072_2),
319 RUN_DEV(ZYXEL, RT2870_1),
320 RUN_DEV(ZYXEL, RT2870_2),
321 RUN_DEV(ZYXEL, RT3070),
322 RUN_DEV_EJECT(ZYXEL, NWD2705),
323 RUN_DEV_EJECT(RALINK, RT_STOR),
324#undef RUN_DEV_EJECT
325#undef RUN_DEV
326};
327
328static device_probe_t run_match;
329static device_attach_t run_attach;
330static device_detach_t run_detach;
331
332static usb_callback_t run_bulk_rx_callback;
333static usb_callback_t run_bulk_tx_callback0;
334static usb_callback_t run_bulk_tx_callback1;
335static usb_callback_t run_bulk_tx_callback2;
336static usb_callback_t run_bulk_tx_callback3;
337static usb_callback_t run_bulk_tx_callback4;
338static usb_callback_t run_bulk_tx_callback5;
339
340static void run_autoinst(void *, struct usb_device *,
341 struct usb_attach_arg *);
342static int run_driver_loaded(struct module *, int, void *);
343static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
344 usb_error_t error, u_int index);
345static struct ieee80211vap *run_vap_create(struct ieee80211com *,
346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
347 const uint8_t [IEEE80211_ADDR_LEN],
348 const uint8_t [IEEE80211_ADDR_LEN]);
349static void run_vap_delete(struct ieee80211vap *);
350static void run_cmdq_cb(void *, int);
351static void run_setup_tx_list(struct run_softc *,
352 struct run_endpoint_queue *);
353static void run_unsetup_tx_list(struct run_softc *,
354 struct run_endpoint_queue *);
355static int run_load_microcode(struct run_softc *);
356static int run_reset(struct run_softc *);
357static usb_error_t run_do_request(struct run_softc *,
358 struct usb_device_request *, void *);
359static int run_read(struct run_softc *, uint16_t, uint32_t *);
360static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
361static int run_write_2(struct run_softc *, uint16_t, uint16_t);
362static int run_write(struct run_softc *, uint16_t, uint32_t);
363static int run_write_region_1(struct run_softc *, uint16_t,
364 const uint8_t *, int);
365static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
366static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
367static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
368static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
369static int run_rt2870_rf_write(struct run_softc *, uint32_t);
370static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
371static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
372static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
373static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
374static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
375static const char *run_get_rf(uint16_t);
376static void run_rt3593_get_txpower(struct run_softc *);
377static void run_get_txpower(struct run_softc *);
378static int run_read_eeprom(struct run_softc *);
379static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
380 const uint8_t mac[IEEE80211_ADDR_LEN]);
381static int run_media_change(struct ifnet *);
382static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
383static int run_wme_update(struct ieee80211com *);
384static void run_wme_update_cb(void *);
385static void run_key_update_begin(struct ieee80211vap *);
386static void run_key_update_end(struct ieee80211vap *);
387static void run_key_set_cb(void *);
388static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
389 const uint8_t mac[IEEE80211_ADDR_LEN]);
390static void run_key_delete_cb(void *);
391static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
392static void run_ratectl_to(void *);
393static void run_ratectl_cb(void *, int);
394static void run_drain_fifo(void *);
395static void run_iter_func(void *, struct ieee80211_node *);
396static void run_newassoc_cb(void *);
397static void run_newassoc(struct ieee80211_node *, int);
398static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
399static void run_tx_free(struct run_endpoint_queue *pq,
400 struct run_tx_data *, int);
401static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
402static int run_tx(struct run_softc *, struct mbuf *,
403 struct ieee80211_node *);
404static int run_tx_mgt(struct run_softc *, struct mbuf *,
405 struct ieee80211_node *);
406static int run_sendprot(struct run_softc *, const struct mbuf *,
407 struct ieee80211_node *, int, int);
408static int run_tx_param(struct run_softc *, struct mbuf *,
409 struct ieee80211_node *,
410 const struct ieee80211_bpf_params *);
411static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
412 const struct ieee80211_bpf_params *);
413static void run_start(struct ifnet *);
414static int run_ioctl(struct ifnet *, u_long, caddr_t);
415static void run_iq_calib(struct run_softc *, u_int);
416static void run_set_agc(struct run_softc *, uint8_t);
417static void run_select_chan_group(struct run_softc *, int);
418static void run_set_rx_antenna(struct run_softc *, int);
419static void run_rt2870_set_chan(struct run_softc *, u_int);
420static void run_rt3070_set_chan(struct run_softc *, u_int);
421static void run_rt3572_set_chan(struct run_softc *, u_int);
422static void run_rt3593_set_chan(struct run_softc *, u_int);
423static void run_rt5390_set_chan(struct run_softc *, u_int);
424static void run_rt5592_set_chan(struct run_softc *, u_int);
425static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
426static void run_set_channel(struct ieee80211com *);
427static void run_scan_start(struct ieee80211com *);
428static void run_scan_end(struct ieee80211com *);
429static void run_update_beacon(struct ieee80211vap *, int);
430static void run_update_beacon_cb(void *);
431static void run_updateprot(struct ieee80211com *);
432static void run_updateprot_cb(void *);
433static void run_usb_timeout_cb(void *);
434static void run_reset_livelock(struct run_softc *);
435static void run_enable_tsf_sync(struct run_softc *);
436static void run_enable_mrr(struct run_softc *);
437static void run_set_txpreamble(struct run_softc *);
438static void run_set_basicrates(struct run_softc *);
439static void run_set_leds(struct run_softc *, uint16_t);
440static void run_set_bssid(struct run_softc *, const uint8_t *);
441static void run_set_macaddr(struct run_softc *, const uint8_t *);
442static void run_updateslot(struct ifnet *);
443static void run_updateslot_cb(void *);
444static void run_update_mcast(struct ifnet *);
445static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
446static void run_update_promisc_locked(struct ifnet *);
447static void run_update_promisc(struct ifnet *);
448static void run_rt5390_bbp_init(struct run_softc *);
449static int run_bbp_init(struct run_softc *);
450static int run_rt3070_rf_init(struct run_softc *);
451static void run_rt3593_rf_init(struct run_softc *);
452static void run_rt5390_rf_init(struct run_softc *);
453static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
454 uint8_t *);
455static void run_rt3070_rf_setup(struct run_softc *);
456static void run_rt3593_rf_setup(struct run_softc *);
457static void run_rt5390_rf_setup(struct run_softc *);
458static int run_txrx_enable(struct run_softc *);
459static void run_adjust_freq_offset(struct run_softc *);
460static void run_init(void *);
461static void run_init_locked(struct run_softc *);
462static void run_stop(void *);
463static void run_delay(struct run_softc *, u_int);
464
465static eventhandler_tag run_etag;
466
467static const struct rt2860_rate {
468 uint8_t rate;
469 uint8_t mcs;
470 enum ieee80211_phytype phy;
471 uint8_t ctl_ridx;
472 uint16_t sp_ack_dur;
473 uint16_t lp_ack_dur;
474} rt2860_rates[] = {
475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
487};
488
489static const struct {
490 uint16_t reg;
491 uint32_t val;
492} rt2870_def_mac[] = {
493 RT2870_DEF_MAC
494};
495
496static const struct {
497 uint8_t reg;
498 uint8_t val;
499} rt2860_def_bbp[] = {
500 RT2860_DEF_BBP
501},rt5390_def_bbp[] = {
502 RT5390_DEF_BBP
503},rt5592_def_bbp[] = {
504 RT5592_DEF_BBP
505};
506
507/*
508 * Default values for BBP register R196 for RT5592.
509 */
510static const uint8_t rt5592_bbp_r196[] = {
511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
519 0x2e, 0x36, 0x30, 0x6e
520};
521
522static const struct rfprog {
523 uint8_t chan;
524 uint32_t r1, r2, r3, r4;
525} rt2860_rf2850[] = {
526 RT2860_RF2850
527};
528
529struct {
530 uint8_t n, r, k;
531} rt3070_freqs[] = {
532 RT3070_RF3052
533};
534
535static const struct rt5592_freqs {
536 uint16_t n;
537 uint8_t k, m, r;
538} rt5592_freqs_20mhz[] = {
539 RT5592_RF5592_20MHZ
540},rt5592_freqs_40mhz[] = {
541 RT5592_RF5592_40MHZ
542};
543
544static const struct {
545 uint8_t reg;
546 uint8_t val;
547} rt3070_def_rf[] = {
548 RT3070_DEF_RF
549},rt3572_def_rf[] = {
550 RT3572_DEF_RF
551},rt3593_def_rf[] = {
552 RT3593_DEF_RF
553},rt5390_def_rf[] = {
554 RT5390_DEF_RF
555},rt5392_def_rf[] = {
556 RT5392_DEF_RF
557},rt5592_def_rf[] = {
558 RT5592_DEF_RF
559},rt5592_2ghz_def_rf[] = {
560 RT5592_2GHZ_DEF_RF
561},rt5592_5ghz_def_rf[] = {
562 RT5592_5GHZ_DEF_RF
563};
564
565static const struct {
566 u_int firstchan;
567 u_int lastchan;
568 uint8_t reg;
569 uint8_t val;
570} rt5592_chan_5ghz[] = {
571 RT5592_CHAN_5GHZ
572};
573
574static const struct usb_config run_config[RUN_N_XFER] = {
575 [RUN_BULK_TX_BE] = {
576 .type = UE_BULK,
577 .endpoint = UE_ADDR_ANY,
578 .ep_index = 0,
579 .direction = UE_DIR_OUT,
580 .bufsize = RUN_MAX_TXSZ,
581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
582 .callback = run_bulk_tx_callback0,
583 .timeout = 5000, /* ms */
584 },
585 [RUN_BULK_TX_BK] = {
586 .type = UE_BULK,
587 .endpoint = UE_ADDR_ANY,
588 .direction = UE_DIR_OUT,
589 .ep_index = 1,
590 .bufsize = RUN_MAX_TXSZ,
591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
592 .callback = run_bulk_tx_callback1,
593 .timeout = 5000, /* ms */
594 },
595 [RUN_BULK_TX_VI] = {
596 .type = UE_BULK,
597 .endpoint = UE_ADDR_ANY,
598 .direction = UE_DIR_OUT,
599 .ep_index = 2,
600 .bufsize = RUN_MAX_TXSZ,
601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
602 .callback = run_bulk_tx_callback2,
603 .timeout = 5000, /* ms */
604 },
605 [RUN_BULK_TX_VO] = {
606 .type = UE_BULK,
607 .endpoint = UE_ADDR_ANY,
608 .direction = UE_DIR_OUT,
609 .ep_index = 3,
610 .bufsize = RUN_MAX_TXSZ,
611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
612 .callback = run_bulk_tx_callback3,
613 .timeout = 5000, /* ms */
614 },
615 [RUN_BULK_TX_HCCA] = {
616 .type = UE_BULK,
617 .endpoint = UE_ADDR_ANY,
618 .direction = UE_DIR_OUT,
619 .ep_index = 4,
620 .bufsize = RUN_MAX_TXSZ,
621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
622 .callback = run_bulk_tx_callback4,
623 .timeout = 5000, /* ms */
624 },
625 [RUN_BULK_TX_PRIO] = {
626 .type = UE_BULK,
627 .endpoint = UE_ADDR_ANY,
628 .direction = UE_DIR_OUT,
629 .ep_index = 5,
630 .bufsize = RUN_MAX_TXSZ,
631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
632 .callback = run_bulk_tx_callback5,
633 .timeout = 5000, /* ms */
634 },
635 [RUN_BULK_RX] = {
636 .type = UE_BULK,
637 .endpoint = UE_ADDR_ANY,
638 .direction = UE_DIR_IN,
639 .bufsize = RUN_MAX_RXSZ,
640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
641 .callback = run_bulk_rx_callback,
642 }
643};
644
645static void
646run_autoinst(void *arg, struct usb_device *udev,
647 struct usb_attach_arg *uaa)
648{
649 struct usb_interface *iface;
650 struct usb_interface_descriptor *id;
651
652 if (uaa->dev_state != UAA_DEV_READY)
653 return;
654
655 iface = usbd_get_iface(udev, 0);
656 if (iface == NULL)
657 return;
658 id = iface->idesc;
659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
660 return;
661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
662 return;
663
664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
665 uaa->dev_state = UAA_DEV_EJECTING;
666}
667
668static int
669run_driver_loaded(struct module *mod, int what, void *arg)
670{
671 switch (what) {
672 case MOD_LOAD:
673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
675 break;
676 case MOD_UNLOAD:
677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
678 break;
679 default:
680 return (EOPNOTSUPP);
681 }
682 return (0);
683}
684
685static int
686run_match(device_t self)
687{
688 struct usb_attach_arg *uaa = device_get_ivars(self);
689
690 if (uaa->usb_mode != USB_MODE_HOST)
691 return (ENXIO);
692 if (uaa->info.bConfigIndex != 0)
693 return (ENXIO);
694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
695 return (ENXIO);
696
697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
698}
699
700static int
701run_attach(device_t self)
702{
703 struct run_softc *sc = device_get_softc(self);
704 struct usb_attach_arg *uaa = device_get_ivars(self);
705 struct ieee80211com *ic;
706 struct ifnet *ifp;
707 uint32_t ver;
708 int ntries, error;
709 uint8_t iface_index, bands;
710
711 device_set_usb_desc(self);
712 sc->sc_udev = uaa->device;
713 sc->sc_dev = self;
714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
716
717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
718 MTX_NETWORK_LOCK, MTX_DEF);
719
720 iface_index = RT2860_IFACE_INDEX;
721
722 error = usbd_transfer_setup(uaa->device, &iface_index,
723 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
724 if (error) {
725 device_printf(self, "could not allocate USB transfers, "
726 "err=%s\n", usbd_errstr(error));
727 goto detach;
728 }
729
730 RUN_LOCK(sc);
731
732 /* wait for the chip to settle */
733 for (ntries = 0; ntries < 100; ntries++) {
734 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
735 RUN_UNLOCK(sc);
736 goto detach;
737 }
738 if (ver != 0 && ver != 0xffffffff)
739 break;
740 run_delay(sc, 10);
741 }
742 if (ntries == 100) {
743 device_printf(sc->sc_dev,
744 "timeout waiting for NIC to initialize\n");
745 RUN_UNLOCK(sc);
746 goto detach;
747 }
748 sc->mac_ver = ver >> 16;
749 sc->mac_rev = ver & 0xffff;
750
751 /* retrieve RF rev. no and various other things from EEPROM */
752 run_read_eeprom(sc);
753
754 device_printf(sc->sc_dev,
755 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
756 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
757 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid));
758
759 RUN_UNLOCK(sc);
760
761 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
762 if (ifp == NULL) {
763 device_printf(sc->sc_dev, "can not if_alloc()\n");
764 goto detach;
765 }
766 ic = ifp->if_l2com;
767
768 ifp->if_softc = sc;
769 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
770 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
771 ifp->if_init = run_init;
772 ifp->if_ioctl = run_ioctl;
773 ifp->if_start = run_start;
774 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
775 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
776 IFQ_SET_READY(&ifp->if_snd);
777
778 ic->ic_ifp = ifp;
779 ic->ic_name = device_get_nameunit(self);
780 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
781 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
782
783 /* set device capabilities */
784 ic->ic_caps =
785 IEEE80211_C_STA | /* station mode supported */
786 IEEE80211_C_MONITOR | /* monitor mode supported */
787 IEEE80211_C_IBSS |
788 IEEE80211_C_HOSTAP |
789 IEEE80211_C_WDS | /* 4-address traffic works */
790 IEEE80211_C_MBSS |
791 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
792 IEEE80211_C_SHSLOT | /* short slot time supported */
793 IEEE80211_C_WME | /* WME */
794 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
795
796 ic->ic_cryptocaps =
797 IEEE80211_CRYPTO_WEP |
798 IEEE80211_CRYPTO_AES_CCM |
799 IEEE80211_CRYPTO_TKIPMIC |
800 IEEE80211_CRYPTO_TKIP;
801
802 ic->ic_flags |= IEEE80211_F_DATAPAD;
803 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
804
805 bands = 0;
806 setbit(&bands, IEEE80211_MODE_11B);
807 setbit(&bands, IEEE80211_MODE_11G);
808 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
809 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
810 sc->rf_rev == RT5592_RF_5592)
811 setbit(&bands, IEEE80211_MODE_11A);
812 ieee80211_init_channels(ic, NULL, &bands);
813
814 ieee80211_ifattach(ic, sc->sc_bssid);
815
816 ic->ic_scan_start = run_scan_start;
817 ic->ic_scan_end = run_scan_end;
818 ic->ic_set_channel = run_set_channel;
819 ic->ic_node_alloc = run_node_alloc;
820 ic->ic_newassoc = run_newassoc;
821 ic->ic_updateslot = run_updateslot;
822 ic->ic_update_mcast = run_update_mcast;
823 ic->ic_wme.wme_update = run_wme_update;
824 ic->ic_raw_xmit = run_raw_xmit;
825 ic->ic_update_promisc = run_update_promisc;
826
827 ic->ic_vap_create = run_vap_create;
828 ic->ic_vap_delete = run_vap_delete;
829
830 ieee80211_radiotap_attach(ic,
831 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
832 RUN_TX_RADIOTAP_PRESENT,
833 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
834 RUN_RX_RADIOTAP_PRESENT);
835
836 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
837 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
838 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
839
840 if (bootverbose)
841 ieee80211_announce(ic);
842
843 return (0);
844
845detach:
846 run_detach(self);
847 return (ENXIO);
848}
849
850static int
851run_detach(device_t self)
852{
853 struct run_softc *sc = device_get_softc(self);
854 struct ifnet *ifp = sc->sc_ifp;
855 struct ieee80211com *ic;
856 int i;
857
858 RUN_LOCK(sc);
859 sc->sc_detached = 1;
860 RUN_UNLOCK(sc);
861
862 /* stop all USB transfers */
863 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
864
865 RUN_LOCK(sc);
866 sc->ratectl_run = RUN_RATECTL_OFF;
867 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
868
869 /* free TX list, if any */
870 for (i = 0; i != RUN_EP_QUEUES; i++)
871 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
872 RUN_UNLOCK(sc);
873
874 if (ifp) {
875 ic = ifp->if_l2com;
876 /* drain tasks */
877 usb_callout_drain(&sc->ratectl_ch);
878 ieee80211_draintask(ic, &sc->cmdq_task);
879 ieee80211_draintask(ic, &sc->ratectl_task);
880 ieee80211_ifdetach(ic);
881 if_free(ifp);
882 }
883
884 mtx_destroy(&sc->sc_mtx);
885
886 return (0);
887}
888
889static struct ieee80211vap *
890run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
891 enum ieee80211_opmode opmode, int flags,
892 const uint8_t bssid[IEEE80211_ADDR_LEN],
893 const uint8_t mac[IEEE80211_ADDR_LEN])
894{
895 struct ifnet *ifp = ic->ic_ifp;
896 struct run_softc *sc = ifp->if_softc;
897 struct run_vap *rvp;
898 struct ieee80211vap *vap;
899 int i;
900
901 if (sc->rvp_cnt >= RUN_VAP_MAX) {
902 if_printf(ifp, "number of VAPs maxed out\n");
903 return (NULL);
904 }
905
906 switch (opmode) {
907 case IEEE80211_M_STA:
908 /* enable s/w bmiss handling for sta mode */
909 flags |= IEEE80211_CLONE_NOBEACONS;
910 /* fall though */
911 case IEEE80211_M_IBSS:
912 case IEEE80211_M_MONITOR:
913 case IEEE80211_M_HOSTAP:
914 case IEEE80211_M_MBSS:
915 /* other than WDS vaps, only one at a time */
916 if (!TAILQ_EMPTY(&ic->ic_vaps))
917 return (NULL);
918 break;
919 case IEEE80211_M_WDS:
920 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
921 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
922 continue;
923 /* WDS vap's always share the local mac address. */
924 flags &= ~IEEE80211_CLONE_BSSID;
925 break;
926 }
927 if (vap == NULL) {
928 if_printf(ifp, "wds only supported in ap mode\n");
929 return (NULL);
930 }
931 break;
932 default:
933 if_printf(ifp, "unknown opmode %d\n", opmode);
934 return (NULL);
935 }
936
937 rvp = (struct run_vap *) malloc(sizeof(struct run_vap),
938 M_80211_VAP, M_NOWAIT | M_ZERO);
939 if (rvp == NULL)
940 return (NULL);
941 vap = &rvp->vap;
942
943 if (ieee80211_vap_setup(ic, vap, name, unit,
944 opmode, flags, bssid, mac) != 0) {
945 /* out of memory */
946 free(rvp, M_80211_VAP);
947 return (NULL);
948 }
949
950 vap->iv_key_update_begin = run_key_update_begin;
951 vap->iv_key_update_end = run_key_update_end;
952 vap->iv_update_beacon = run_update_beacon;
953 vap->iv_max_aid = RT2870_WCID_MAX;
954 /*
955 * To delete the right key from h/w, we need wcid.
956 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
957 * and matching wcid will be written into there. So, cast
958 * some spells to remove 'const' from ieee80211_key{}
959 */
960 vap->iv_key_delete = (void *)run_key_delete;
961 vap->iv_key_set = (void *)run_key_set;
962
963 /* override state transition machine */
964 rvp->newstate = vap->iv_newstate;
965 vap->iv_newstate = run_newstate;
966
967 ieee80211_ratectl_init(vap);
968 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
969
970 /* complete setup */
971 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
972
973 /* make sure id is always unique */
974 for (i = 0; i < RUN_VAP_MAX; i++) {
975 if((sc->rvp_bmap & 1 << i) == 0){
976 sc->rvp_bmap |= 1 << i;
977 rvp->rvp_id = i;
978 break;
979 }
980 }
981 if (sc->rvp_cnt++ == 0)
982 ic->ic_opmode = opmode;
983
984 if (opmode == IEEE80211_M_HOSTAP)
985 sc->cmdq_run = RUN_CMDQ_GO;
986
987 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
988 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
989
990 return (vap);
991}
992
993static void
994run_vap_delete(struct ieee80211vap *vap)
995{
996 struct run_vap *rvp = RUN_VAP(vap);
997 struct ifnet *ifp;
998 struct ieee80211com *ic;
999 struct run_softc *sc;
1000 uint8_t rvp_id;
1001
1002 if (vap == NULL)
1003 return;
1004
1005 ic = vap->iv_ic;
1006 ifp = ic->ic_ifp;
1007
1008 sc = ifp->if_softc;
1009
1010 RUN_LOCK(sc);
1011
1012 m_freem(rvp->beacon_mbuf);
1013 rvp->beacon_mbuf = NULL;
1014
1015 rvp_id = rvp->rvp_id;
1016 sc->ratectl_run &= ~(1 << rvp_id);
1017 sc->rvp_bmap &= ~(1 << rvp_id);
1018 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1019 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1020 --sc->rvp_cnt;
1021
1022 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1023 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1024
1025 RUN_UNLOCK(sc);
1026
1027 ieee80211_ratectl_deinit(vap);
1028 ieee80211_vap_detach(vap);
1029 free(rvp, M_80211_VAP);
1030}
1031
1032/*
1033 * There are numbers of functions need to be called in context thread.
1034 * Rather than creating taskqueue event for each of those functions,
1035 * here is all-for-one taskqueue callback function. This function
1036 * gurantees deferred functions are executed in the same order they
1037 * were enqueued.
1038 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1039 */
1040static void
1041run_cmdq_cb(void *arg, int pending)
1042{
1043 struct run_softc *sc = arg;
1044 uint8_t i;
1045
1046 /* call cmdq[].func locked */
1047 RUN_LOCK(sc);
1048 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1049 i = sc->cmdq_exec, pending--) {
1050 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1051 if (sc->cmdq_run == RUN_CMDQ_GO) {
1052 /*
1053 * If arg0 is NULL, callback func needs more
1054 * than one arg. So, pass ptr to cmdq struct.
1055 */
1056 if (sc->cmdq[i].arg0)
1057 sc->cmdq[i].func(sc->cmdq[i].arg0);
1058 else
1059 sc->cmdq[i].func(&sc->cmdq[i]);
1060 }
1061 sc->cmdq[i].arg0 = NULL;
1062 sc->cmdq[i].func = NULL;
1063 sc->cmdq_exec++;
1064 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1065 }
1066 RUN_UNLOCK(sc);
1067}
1068
1069static void
1070run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1071{
1072 struct run_tx_data *data;
1073
1074 memset(pq, 0, sizeof(*pq));
1075
1076 STAILQ_INIT(&pq->tx_qh);
1077 STAILQ_INIT(&pq->tx_fh);
1078
1079 for (data = &pq->tx_data[0];
1080 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1081 data->sc = sc;
1082 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1083 }
1084 pq->tx_nfree = RUN_TX_RING_COUNT;
1085}
1086
1087static void
1088run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1089{
1090 struct run_tx_data *data;
1091
1092 /* make sure any subsequent use of the queues will fail */
1093 pq->tx_nfree = 0;
1094 STAILQ_INIT(&pq->tx_fh);
1095 STAILQ_INIT(&pq->tx_qh);
1096
1097 /* free up all node references and mbufs */
1098 for (data = &pq->tx_data[0];
1099 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1100 if (data->m != NULL) {
1101 m_freem(data->m);
1102 data->m = NULL;
1103 }
1104 if (data->ni != NULL) {
1105 ieee80211_free_node(data->ni);
1106 data->ni = NULL;
1107 }
1108 }
1109}
1110
1111static int
1112run_load_microcode(struct run_softc *sc)
1113{
1114 usb_device_request_t req;
1115 const struct firmware *fw;
1116 const u_char *base;
1117 uint32_t tmp;
1118 int ntries, error;
1119 const uint64_t *temp;
1120 uint64_t bytes;
1121
1122 RUN_UNLOCK(sc);
1123 fw = firmware_get("runfw");
1124 RUN_LOCK(sc);
1125 if (fw == NULL) {
1126 device_printf(sc->sc_dev,
1127 "failed loadfirmware of file %s\n", "runfw");
1128 return ENOENT;
1129 }
1130
1131 if (fw->datasize != 8192) {
1132 device_printf(sc->sc_dev,
1133 "invalid firmware size (should be 8KB)\n");
1134 error = EINVAL;
1135 goto fail;
1136 }
1137
1138 /*
1139 * RT3071/RT3072 use a different firmware
1140 * run-rt2870 (8KB) contains both,
1141 * first half (4KB) is for rt2870,
1142 * last half is for rt3071.
1143 */
1144 base = fw->data;
1145 if ((sc->mac_ver) != 0x2860 &&
1146 (sc->mac_ver) != 0x2872 &&
1147 (sc->mac_ver) != 0x3070) {
1148 base += 4096;
1149 }
1150
1151 /* cheap sanity check */
1152 temp = fw->data;
1153 bytes = *temp;
1154 if (bytes != be64toh(0xffffff0210280210ULL)) {
1155 device_printf(sc->sc_dev, "firmware checksum failed\n");
1156 error = EINVAL;
1157 goto fail;
1158 }
1159
1160 /* write microcode image */
1161 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1162 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1163 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1164 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1165 }
1166
1167 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1168 req.bRequest = RT2870_RESET;
1169 USETW(req.wValue, 8);
1170 USETW(req.wIndex, 0);
1171 USETW(req.wLength, 0);
1172 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1173 != 0) {
1174 device_printf(sc->sc_dev, "firmware reset failed\n");
1175 goto fail;
1176 }
1177
1178 run_delay(sc, 10);
1179
1180 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1181 run_write(sc, RT2860_H2M_MAILBOX, 0);
1182 run_write(sc, RT2860_H2M_INTSRC, 0);
1183 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1184 goto fail;
1185
1186 /* wait until microcontroller is ready */
1187 for (ntries = 0; ntries < 1000; ntries++) {
1188 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1189 goto fail;
1190 if (tmp & RT2860_MCU_READY)
1191 break;
1192 run_delay(sc, 10);
1193 }
1194 if (ntries == 1000) {
1195 device_printf(sc->sc_dev,
1196 "timeout waiting for MCU to initialize\n");
1197 error = ETIMEDOUT;
1198 goto fail;
1199 }
1200 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1201 (base == fw->data) ? "RT2870" : "RT3071",
1202 *(base + 4092), *(base + 4093));
1203
1204fail:
1205 firmware_put(fw, FIRMWARE_UNLOAD);
1206 return (error);
1207}
1208
1209static int
1210run_reset(struct run_softc *sc)
1211{
1212 usb_device_request_t req;
1213
1214 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1215 req.bRequest = RT2870_RESET;
1216 USETW(req.wValue, 1);
1217 USETW(req.wIndex, 0);
1218 USETW(req.wLength, 0);
1219 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1220}
1221
1222static usb_error_t
1223run_do_request(struct run_softc *sc,
1224 struct usb_device_request *req, void *data)
1225{
1226 usb_error_t err;
1227 int ntries = 10;
1228
1229 RUN_LOCK_ASSERT(sc, MA_OWNED);
1230
1231 while (ntries--) {
1232 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1233 req, data, 0, NULL, 250 /* ms */);
1234 if (err == 0)
1235 break;
1236 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1237 usbd_errstr(err));
1238 run_delay(sc, 10);
1239 }
1240 return (err);
1241}
1242
1243static int
1244run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1245{
1246 uint32_t tmp;
1247 int error;
1248
1249 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1250 if (error == 0)
1251 *val = le32toh(tmp);
1252 else
1253 *val = 0xffffffff;
1254 return (error);
1255}
1256
1257static int
1258run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1259{
1260 usb_device_request_t req;
1261
1262 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1263 req.bRequest = RT2870_READ_REGION_1;
1264 USETW(req.wValue, 0);
1265 USETW(req.wIndex, reg);
1266 USETW(req.wLength, len);
1267
1268 return (run_do_request(sc, &req, buf));
1269}
1270
1271static int
1272run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1273{
1274 usb_device_request_t req;
1275
1276 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1277 req.bRequest = RT2870_WRITE_2;
1278 USETW(req.wValue, val);
1279 USETW(req.wIndex, reg);
1280 USETW(req.wLength, 0);
1281
1282 return (run_do_request(sc, &req, NULL));
1283}
1284
1285static int
1286run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1287{
1288 int error;
1289
1290 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1291 error = run_write_2(sc, reg + 2, val >> 16);
1292 return (error);
1293}
1294
1295static int
1296run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1297 int len)
1298{
1299#if 1
1300 int i, error = 0;
1301 /*
1302 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1303 * We thus issue multiple WRITE_2 commands instead.
1304 */
1305 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1306 for (i = 0; i < len && error == 0; i += 2)
1307 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1308 return (error);
1309#else
1310 usb_device_request_t req;
1311 int error = 0;
1312
1313 /*
1314 * NOTE: It appears the WRITE_REGION_1 command cannot be
1315 * passed a huge amount of data, which will crash the
1316 * firmware. Limit amount of data passed to 64-bytes at a
1317 * time.
1318 */
1319 while (len > 0) {
1320 int delta = 64;
1321 if (delta > len)
1322 delta = len;
1323
1324 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1325 req.bRequest = RT2870_WRITE_REGION_1;
1326 USETW(req.wValue, 0);
1327 USETW(req.wIndex, reg);
1328 USETW(req.wLength, delta);
1329 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1330 if (error != 0)
1331 break;
1332 reg += delta;
1333 buf += delta;
1334 len -= delta;
1335 }
1336 return (error);
1337#endif
1338}
1339
1340static int
1341run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1342{
1343 int i, error = 0;
1344
1345 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1346 for (i = 0; i < len && error == 0; i += 4)
1347 error = run_write(sc, reg + i, val);
1348 return (error);
1349}
1350
1351static int
1352run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1353{
1354 uint32_t tmp;
1355 uint16_t reg;
1356 int error, ntries;
1357
1358 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1359 return (error);
1360
1361 if (count == 2)
1362 addr *= 2;
1363 /*-
1364 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1365 * DATA0: F E D C
1366 * DATA1: B A 9 8
1367 * DATA2: 7 6 5 4
1368 * DATA3: 3 2 1 0
1369 */
1370 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1371 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1372 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1373 for (ntries = 0; ntries < 100; ntries++) {
1374 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1375 return (error);
1376 if (!(tmp & RT3070_EFSROM_KICK))
1377 break;
1378 run_delay(sc, 2);
1379 }
1380 if (ntries == 100)
1381 return (ETIMEDOUT);
1382
1383 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1384 *val = 0xffff; /* address not found */
1385 return (0);
1386 }
1387 /* determine to which 32-bit register our 16-bit word belongs */
1388 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1389 if ((error = run_read(sc, reg, &tmp)) != 0)
1390 return (error);
1391
1392 tmp >>= (8 * (addr & 0x3));
1393 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1394
1395 return (0);
1396}
1397
1398/* Read 16-bit from eFUSE ROM for RT3xxx. */
1399static int
1400run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1401{
1402 return (run_efuse_read(sc, addr, val, 2));
1403}
1404
1405static int
1406run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1407{
1408 usb_device_request_t req;
1409 uint16_t tmp;
1410 int error;
1411
1412 addr *= 2;
1413 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1414 req.bRequest = RT2870_EEPROM_READ;
1415 USETW(req.wValue, 0);
1416 USETW(req.wIndex, addr);
1417 USETW(req.wLength, sizeof(tmp));
1418
1419 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1420 if (error == 0)
1421 *val = le16toh(tmp);
1422 else
1423 *val = 0xffff;
1424 return (error);
1425}
1426
1427static __inline int
1428run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1429{
1430 /* either eFUSE ROM or EEPROM */
1431 return sc->sc_srom_read(sc, addr, val);
1432}
1433
1434static int
1435run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1436{
1437 uint32_t tmp;
1438 int error, ntries;
1439
1440 for (ntries = 0; ntries < 10; ntries++) {
1441 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1442 return (error);
1443 if (!(tmp & RT2860_RF_REG_CTRL))
1444 break;
1445 }
1446 if (ntries == 10)
1447 return (ETIMEDOUT);
1448
1449 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1450}
1451
1452static int
1453run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1454{
1455 uint32_t tmp;
1456 int error, ntries;
1457
1458 for (ntries = 0; ntries < 100; ntries++) {
1459 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1460 return (error);
1461 if (!(tmp & RT3070_RF_KICK))
1462 break;
1463 }
1464 if (ntries == 100)
1465 return (ETIMEDOUT);
1466
1467 tmp = RT3070_RF_KICK | reg << 8;
1468 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1469 return (error);
1470
1471 for (ntries = 0; ntries < 100; ntries++) {
1472 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1473 return (error);
1474 if (!(tmp & RT3070_RF_KICK))
1475 break;
1476 }
1477 if (ntries == 100)
1478 return (ETIMEDOUT);
1479
1480 *val = tmp & 0xff;
1481 return (0);
1482}
1483
1484static int
1485run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1486{
1487 uint32_t tmp;
1488 int error, ntries;
1489
1490 for (ntries = 0; ntries < 10; ntries++) {
1491 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1492 return (error);
1493 if (!(tmp & RT3070_RF_KICK))
1494 break;
1495 }
1496 if (ntries == 10)
1497 return (ETIMEDOUT);
1498
1499 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1500 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1501}
1502
1503static int
1504run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1505{
1506 uint32_t tmp;
1507 int ntries, error;
1508
1509 for (ntries = 0; ntries < 10; ntries++) {
1510 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1511 return (error);
1512 if (!(tmp & RT2860_BBP_CSR_KICK))
1513 break;
1514 }
1515 if (ntries == 10)
1516 return (ETIMEDOUT);
1517
1518 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1519 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1520 return (error);
1521
1522 for (ntries = 0; ntries < 10; ntries++) {
1523 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1524 return (error);
1525 if (!(tmp & RT2860_BBP_CSR_KICK))
1526 break;
1527 }
1528 if (ntries == 10)
1529 return (ETIMEDOUT);
1530
1531 *val = tmp & 0xff;
1532 return (0);
1533}
1534
1535static int
1536run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1537{
1538 uint32_t tmp;
1539 int ntries, error;
1540
1541 for (ntries = 0; ntries < 10; ntries++) {
1542 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1543 return (error);
1544 if (!(tmp & RT2860_BBP_CSR_KICK))
1545 break;
1546 }
1547 if (ntries == 10)
1548 return (ETIMEDOUT);
1549
1550 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1551 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1552}
1553
1554/*
1555 * Send a command to the 8051 microcontroller unit.
1556 */
1557static int
1558run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1559{
1560 uint32_t tmp;
1561 int error, ntries;
1562
1563 for (ntries = 0; ntries < 100; ntries++) {
1564 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1565 return error;
1566 if (!(tmp & RT2860_H2M_BUSY))
1567 break;
1568 }
1569 if (ntries == 100)
1570 return ETIMEDOUT;
1571
1572 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1573 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1574 error = run_write(sc, RT2860_HOST_CMD, cmd);
1575 return (error);
1576}
1577
1578/*
1579 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1580 * Used to adjust per-rate Tx power registers.
1581 */
1582static __inline uint32_t
1583b4inc(uint32_t b32, int8_t delta)
1584{
1585 int8_t i, b4;
1586
1587 for (i = 0; i < 8; i++) {
1588 b4 = b32 & 0xf;
1589 b4 += delta;
1590 if (b4 < 0)
1591 b4 = 0;
1592 else if (b4 > 0xf)
1593 b4 = 0xf;
1594 b32 = b32 >> 4 | b4 << 28;
1595 }
1596 return (b32);
1597}
1598
1599static const char *
1600run_get_rf(uint16_t rev)
1601{
1602 switch (rev) {
1603 case RT2860_RF_2820: return "RT2820";
1604 case RT2860_RF_2850: return "RT2850";
1605 case RT2860_RF_2720: return "RT2720";
1606 case RT2860_RF_2750: return "RT2750";
1607 case RT3070_RF_3020: return "RT3020";
1608 case RT3070_RF_2020: return "RT2020";
1609 case RT3070_RF_3021: return "RT3021";
1610 case RT3070_RF_3022: return "RT3022";
1611 case RT3070_RF_3052: return "RT3052";
1612 case RT3593_RF_3053: return "RT3053";
1613 case RT5592_RF_5592: return "RT5592";
1614 case RT5390_RF_5370: return "RT5370";
1615 case RT5390_RF_5372: return "RT5372";
1616 }
1617 return ("unknown");
1618}
1619
1620static void
1621run_rt3593_get_txpower(struct run_softc *sc)
1622{
1623 uint16_t addr, val;
1624 int i;
1625
1626 /* Read power settings for 2GHz channels. */
1627 for (i = 0; i < 14; i += 2) {
1628 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1629 RT2860_EEPROM_PWR2GHZ_BASE1;
1630 run_srom_read(sc, addr + i / 2, &val);
1631 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1632 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1633
1634 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1635 RT2860_EEPROM_PWR2GHZ_BASE2;
1636 run_srom_read(sc, addr + i / 2, &val);
1637 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1638 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1639
1640 if (sc->ntxchains == 3) {
1641 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1642 &val);
1643 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1644 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1645 }
1646 }
1647 /* Fix broken Tx power entries. */
1648 for (i = 0; i < 14; i++) {
1649 if (sc->txpow1[i] > 31)
1650 sc->txpow1[i] = 5;
1651 if (sc->txpow2[i] > 31)
1652 sc->txpow2[i] = 5;
1653 if (sc->ntxchains == 3) {
1654 if (sc->txpow3[i] > 31)
1655 sc->txpow3[i] = 5;
1656 }
1657 }
1658 /* Read power settings for 5GHz channels. */
1659 for (i = 0; i < 40; i += 2) {
1660 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1661 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1662 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1663
1664 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1665 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1666 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1667
1668 if (sc->ntxchains == 3) {
1669 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1670 &val);
1671 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1672 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1673 }
1674 }
1675}
1676
1677static void
1678run_get_txpower(struct run_softc *sc)
1679{
1680 uint16_t val;
1681 int i;
1682
1683 /* Read power settings for 2GHz channels. */
1684 for (i = 0; i < 14; i += 2) {
1685 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1686 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1687 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1688
1689 if (sc->mac_ver != 0x5390) {
1690 run_srom_read(sc,
1691 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1692 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1693 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1694 }
1695 }
1696 /* Fix broken Tx power entries. */
1697 for (i = 0; i < 14; i++) {
1698 if (sc->mac_ver >= 0x5390) {
1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1700 sc->txpow1[i] = 5;
1701 } else {
1702 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1703 sc->txpow1[i] = 5;
1704 }
1705 if (sc->mac_ver > 0x5390) {
1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1707 sc->txpow2[i] = 5;
1708 } else if (sc->mac_ver < 0x5390) {
1709 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1710 sc->txpow2[i] = 5;
1711 }
1712 DPRINTF("chan %d: power1=%d, power2=%d\n",
1713 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1714 }
1715 /* Read power settings for 5GHz channels. */
1716 for (i = 0; i < 40; i += 2) {
1717 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1718 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1719 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1720
1721 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1722 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1723 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1724 }
1725 /* Fix broken Tx power entries. */
1726 for (i = 0; i < 40; i++ ) {
1727 if (sc->mac_ver != 0x5592) {
1728 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1729 sc->txpow1[14 + i] = 5;
1730 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1731 sc->txpow2[14 + i] = 5;
1732 }
1733 DPRINTF("chan %d: power1=%d, power2=%d\n",
1734 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1735 sc->txpow2[14 + i]);
1736 }
1737}
1738
1739static int
1740run_read_eeprom(struct run_softc *sc)
1741{
1742 int8_t delta_2ghz, delta_5ghz;
1743 uint32_t tmp;
1744 uint16_t val;
1745 int ridx, ant, i;
1746
1747 /* check whether the ROM is eFUSE ROM or EEPROM */
1748 sc->sc_srom_read = run_eeprom_read_2;
1749 if (sc->mac_ver >= 0x3070) {
1750 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1751 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1752 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1753 sc->sc_srom_read = run_efuse_read_2;
1754 }
1755
1756 /* read ROM version */
1757 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1758 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1759
1760 /* read MAC address */
1761 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1762 sc->sc_bssid[0] = val & 0xff;
1763 sc->sc_bssid[1] = val >> 8;
1764 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1765 sc->sc_bssid[2] = val & 0xff;
1766 sc->sc_bssid[3] = val >> 8;
1767 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1768 sc->sc_bssid[4] = val & 0xff;
1769 sc->sc_bssid[5] = val >> 8;
1770
1771 if (sc->mac_ver < 0x3593) {
1772 /* read vender BBP settings */
1773 for (i = 0; i < 10; i++) {
1774 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1775 sc->bbp[i].val = val & 0xff;
1776 sc->bbp[i].reg = val >> 8;
1777 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1778 sc->bbp[i].val);
1779 }
1780 if (sc->mac_ver >= 0x3071) {
1781 /* read vendor RF settings */
1782 for (i = 0; i < 10; i++) {
1783 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1784 &val);
1785 sc->rf[i].val = val & 0xff;
1786 sc->rf[i].reg = val >> 8;
1787 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1788 sc->rf[i].val);
1789 }
1790 }
1791 }
1792
1793 /* read RF frequency offset from EEPROM */
1794 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1795 RT3593_EEPROM_FREQ, &val);
1796 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1797 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1798
1799 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1800 RT3593_EEPROM_FREQ_LEDS, &val);
1801 if (val >> 8 != 0xff) {
1802 /* read LEDs operating mode */
1803 sc->leds = val >> 8;
1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1805 RT3593_EEPROM_LED1, &sc->led[0]);
1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1807 RT3593_EEPROM_LED2, &sc->led[1]);
1808 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1809 RT3593_EEPROM_LED3, &sc->led[2]);
1810 } else {
1811 /* broken EEPROM, use default settings */
1812 sc->leds = 0x01;
1813 sc->led[0] = 0x5555;
1814 sc->led[1] = 0x2221;
1815 sc->led[2] = 0x5627; /* differs from RT2860 */
1816 }
1817 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1818 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1819
1820 /* read RF information */
1821 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1822 run_srom_read(sc, 0x00, &val);
1823 else
1824 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1825
1826 if (val == 0xffff) {
1827 device_printf(sc->sc_dev,
1828 "invalid EEPROM antenna info, using default\n");
1829 DPRINTF("invalid EEPROM antenna info, using default\n");
1830 if (sc->mac_ver == 0x3572) {
1831 /* default to RF3052 2T2R */
1832 sc->rf_rev = RT3070_RF_3052;
1833 sc->ntxchains = 2;
1834 sc->nrxchains = 2;
1835 } else if (sc->mac_ver >= 0x3070) {
1836 /* default to RF3020 1T1R */
1837 sc->rf_rev = RT3070_RF_3020;
1838 sc->ntxchains = 1;
1839 sc->nrxchains = 1;
1840 } else {
1841 /* default to RF2820 1T2R */
1842 sc->rf_rev = RT2860_RF_2820;
1843 sc->ntxchains = 1;
1844 sc->nrxchains = 2;
1845 }
1846 } else {
1847 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1848 sc->rf_rev = val;
1849 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1850 } else
1851 sc->rf_rev = (val >> 8) & 0xf;
1852 sc->ntxchains = (val >> 4) & 0xf;
1853 sc->nrxchains = val & 0xf;
1854 }
1855 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1856 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1857
1858 /* check if RF supports automatic Tx access gain control */
1859 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1860 DPRINTF("EEPROM CFG 0x%04x\n", val);
1861 /* check if driver should patch the DAC issue */
1862 if ((val >> 8) != 0xff)
1863 sc->patch_dac = (val >> 15) & 1;
1864 if ((val & 0xff) != 0xff) {
1865 sc->ext_5ghz_lna = (val >> 3) & 1;
1866 sc->ext_2ghz_lna = (val >> 2) & 1;
1867 /* check if RF supports automatic Tx access gain control */
1868 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1869 /* check if we have a hardware radio switch */
1870 sc->rfswitch = val & 1;
1871 }
1872
1873 /* Read Tx power settings. */
1874 if (sc->mac_ver == 0x3593)
1875 run_rt3593_get_txpower(sc);
1876 else
1877 run_get_txpower(sc);
1878
1879 /* read Tx power compensation for each Tx rate */
1880 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1881 delta_2ghz = delta_5ghz = 0;
1882 if ((val & 0xff) != 0xff && (val & 0x80)) {
1883 delta_2ghz = val & 0xf;
1884 if (!(val & 0x40)) /* negative number */
1885 delta_2ghz = -delta_2ghz;
1886 }
1887 val >>= 8;
1888 if ((val & 0xff) != 0xff && (val & 0x80)) {
1889 delta_5ghz = val & 0xf;
1890 if (!(val & 0x40)) /* negative number */
1891 delta_5ghz = -delta_5ghz;
1892 }
1893 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1894 delta_2ghz, delta_5ghz);
1895
1896 for (ridx = 0; ridx < 5; ridx++) {
1897 uint32_t reg;
1898
1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1900 reg = val;
1901 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1902 reg |= (uint32_t)val << 16;
1903
1904 sc->txpow20mhz[ridx] = reg;
1905 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1906 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1907
1908 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1909 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1910 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1911 }
1912
1913 /* Read RSSI offsets and LNA gains from EEPROM. */
1914 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1915 RT3593_EEPROM_RSSI1_2GHZ, &val);
1916 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1917 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1918 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1919 RT3593_EEPROM_RSSI2_2GHZ, &val);
1920 if (sc->mac_ver >= 0x3070) {
1921 if (sc->mac_ver == 0x3593) {
1922 sc->txmixgain_2ghz = 0;
1923 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1924 } else {
1925 /*
1926 * On RT3070 chips (limited to 2 Rx chains), this ROM
1927 * field contains the Tx mixer gain for the 2GHz band.
1928 */
1929 if ((val & 0xff) != 0xff)
1930 sc->txmixgain_2ghz = val & 0x7;
1931 }
1932 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1933 } else
1934 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1935 if (sc->mac_ver == 0x3593)
1936 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1937 sc->lna[2] = val >> 8; /* channel group 2 */
1938
1939 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1940 RT3593_EEPROM_RSSI1_5GHZ, &val);
1941 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1942 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1943 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1944 RT3593_EEPROM_RSSI2_5GHZ, &val);
1945 if (sc->mac_ver == 0x3572) {
1946 /*
1947 * On RT3572 chips (limited to 2 Rx chains), this ROM
1948 * field contains the Tx mixer gain for the 5GHz band.
1949 */
1950 if ((val & 0xff) != 0xff)
1951 sc->txmixgain_5ghz = val & 0x7;
1952 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1953 } else
1954 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1955 if (sc->mac_ver == 0x3593) {
1956 sc->txmixgain_5ghz = 0;
1957 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1958 }
1959 sc->lna[3] = val >> 8; /* channel group 3 */
1960
1961 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1962 RT3593_EEPROM_LNA, &val);
1963 sc->lna[0] = val & 0xff; /* channel group 0 */
1964 sc->lna[1] = val >> 8; /* channel group 1 */
1965
1966 /* fix broken 5GHz LNA entries */
1967 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1968 DPRINTF("invalid LNA for channel group %d\n", 2);
1969 sc->lna[2] = sc->lna[1];
1970 }
1971 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1972 DPRINTF("invalid LNA for channel group %d\n", 3);
1973 sc->lna[3] = sc->lna[1];
1974 }
1975
1976 /* fix broken RSSI offset entries */
1977 for (ant = 0; ant < 3; ant++) {
1978 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1979 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1980 ant + 1, sc->rssi_2ghz[ant]);
1981 sc->rssi_2ghz[ant] = 0;
1982 }
1983 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1984 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1985 ant + 1, sc->rssi_5ghz[ant]);
1986 sc->rssi_5ghz[ant] = 0;
1987 }
1988 }
1989 return (0);
1990}
1991
1992static struct ieee80211_node *
1993run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1994{
1995 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
1996}
1997
1998static int
1999run_media_change(struct ifnet *ifp)
2000{
2001 struct ieee80211vap *vap = ifp->if_softc;
2002 struct ieee80211com *ic = vap->iv_ic;
2003 const struct ieee80211_txparam *tp;
2004 struct run_softc *sc = ic->ic_ifp->if_softc;
2005 uint8_t rate, ridx;
2006 int error;
2007
2008 RUN_LOCK(sc);
2009
2010 error = ieee80211_media_change(ifp);
2011 if (error != ENETRESET) {
2012 RUN_UNLOCK(sc);
2013 return (error);
2014 }
2015
2016 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2017 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2018 struct ieee80211_node *ni;
2019 struct run_node *rn;
2020
2021 rate = ic->ic_sup_rates[ic->ic_curmode].
2022 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2023 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2024 if (rt2860_rates[ridx].rate == rate)
2025 break;
2026 ni = ieee80211_ref_node(vap->iv_bss);
2027 rn = (struct run_node *)ni;
2028 rn->fix_ridx = ridx;
2029 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2030 ieee80211_free_node(ni);
2031 }
2032
2033#if 0
2034 if ((ifp->if_flags & IFF_UP) &&
2035 (ifp->if_drv_flags & IFF_DRV_RUNNING)){
2036 run_init_locked(sc);
2037 }
2038#endif
2039
2040 RUN_UNLOCK(sc);
2041
2042 return (0);
2043}
2044
2045static int
2046run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2047{
2048 const struct ieee80211_txparam *tp;
2049 struct ieee80211com *ic = vap->iv_ic;
2050 struct run_softc *sc = ic->ic_ifp->if_softc;
2051 struct run_vap *rvp = RUN_VAP(vap);
2052 enum ieee80211_state ostate;
2053 uint32_t sta[3];
2054 uint32_t tmp;
2055 uint8_t ratectl;
2056 uint8_t restart_ratectl = 0;
2057 uint8_t bid = 1 << rvp->rvp_id;
2058
2059 ostate = vap->iv_state;
2060 DPRINTF("%s -> %s\n",
2061 ieee80211_state_name[ostate],
2062 ieee80211_state_name[nstate]);
2063
2064 IEEE80211_UNLOCK(ic);
2065 RUN_LOCK(sc);
2066
2067 ratectl = sc->ratectl_run; /* remember current state */
2068 sc->ratectl_run = RUN_RATECTL_OFF;
2069 usb_callout_stop(&sc->ratectl_ch);
2070
2071 if (ostate == IEEE80211_S_RUN) {
2072 /* turn link LED off */
2073 run_set_leds(sc, RT2860_LED_RADIO);
2074 }
2075
2076 switch (nstate) {
2077 case IEEE80211_S_INIT:
2078 restart_ratectl = 1;
2079
2080 if (ostate != IEEE80211_S_RUN)
2081 break;
2082
2083 ratectl &= ~bid;
2084 sc->runbmap &= ~bid;
2085
2086 /* abort TSF synchronization if there is no vap running */
2087 if (--sc->running == 0) {
2088 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2089 run_write(sc, RT2860_BCN_TIME_CFG,
2090 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2091 RT2860_TBTT_TIMER_EN));
2092 }
2093 break;
2094
2095 case IEEE80211_S_RUN:
2096 if (!(sc->runbmap & bid)) {
2097 if(sc->running++)
2098 restart_ratectl = 1;
2099 sc->runbmap |= bid;
2100 }
2101
2102 m_freem(rvp->beacon_mbuf);
2103 rvp->beacon_mbuf = NULL;
2104
2105 switch (vap->iv_opmode) {
2106 case IEEE80211_M_HOSTAP:
2107 case IEEE80211_M_MBSS:
2108 sc->ap_running |= bid;
2109 ic->ic_opmode = vap->iv_opmode;
2110 run_update_beacon_cb(vap);
2111 break;
2112 case IEEE80211_M_IBSS:
2113 sc->adhoc_running |= bid;
2114 if (!sc->ap_running)
2115 ic->ic_opmode = vap->iv_opmode;
2116 run_update_beacon_cb(vap);
2117 break;
2118 case IEEE80211_M_STA:
2119 sc->sta_running |= bid;
2120 if (!sc->ap_running && !sc->adhoc_running)
2121 ic->ic_opmode = vap->iv_opmode;
2122
2123 /* read statistic counters (clear on read) */
2124 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2125 (uint8_t *)sta, sizeof sta);
2126
2127 break;
2128 default:
2129 ic->ic_opmode = vap->iv_opmode;
2130 break;
2131 }
2132
2133 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2134 struct ieee80211_node *ni;
2135
2136 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2137 RUN_UNLOCK(sc);
2138 IEEE80211_LOCK(ic);
2139 return (-1);
2140 }
2141 run_updateslot(ic->ic_ifp);
2142 run_enable_mrr(sc);
2143 run_set_txpreamble(sc);
2144 run_set_basicrates(sc);
2145 ni = ieee80211_ref_node(vap->iv_bss);
2146 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2147 run_set_bssid(sc, ni->ni_bssid);
2148 ieee80211_free_node(ni);
2149 run_enable_tsf_sync(sc);
2150
2151 /* enable automatic rate adaptation */
2152 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2153 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2154 ratectl |= bid;
2155 }
2156
2157 /* turn link LED on */
2158 run_set_leds(sc, RT2860_LED_RADIO |
2159 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2160 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2161
2162 break;
2163 default:
2164 DPRINTFN(6, "undefined case\n");
2165 break;
2166 }
2167
2168 /* restart amrr for running VAPs */
2169 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2170 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2171
2172 RUN_UNLOCK(sc);
2173 IEEE80211_LOCK(ic);
2174
2175 return(rvp->newstate(vap, nstate, arg));
2176}
2177
2178/* ARGSUSED */
2179static void
2180run_wme_update_cb(void *arg)
2181{
2182 struct ieee80211com *ic = arg;
2183 struct run_softc *sc = ic->ic_ifp->if_softc;
2184 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
2185 int aci, error = 0;
2186
2187 RUN_LOCK_ASSERT(sc, MA_OWNED);
2188
2189 /* update MAC TX configuration registers */
2190 for (aci = 0; aci < WME_NUM_AC; aci++) {
2191 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2192 wmesp->wme_params[aci].wmep_logcwmax << 16 |
2193 wmesp->wme_params[aci].wmep_logcwmin << 12 |
2194 wmesp->wme_params[aci].wmep_aifsn << 8 |
2195 wmesp->wme_params[aci].wmep_txopLimit);
2196 if (error) goto err;
2197 }
2198
2199 /* update SCH/DMA registers too */
2200 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2201 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
2202 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
2203 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
2204 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
2205 if (error) goto err;
2206 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2207 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
2208 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
2209 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
2210 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
2211 if (error) goto err;
2212 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2213 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
2214 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
2215 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
2216 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
2217 if (error) goto err;
2218 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2219 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
2220 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
2221 if (error) goto err;
2222 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2223 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
2224 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
2225
2226err:
2227 if (error)
2228 DPRINTF("WME update failed\n");
2229
2230 return;
2231}
2232
2233static int
2234run_wme_update(struct ieee80211com *ic)
2235{
2236 struct run_softc *sc = ic->ic_ifp->if_softc;
2237
2238 /* sometime called wothout lock */
2239 if (mtx_owned(&ic->ic_comlock.mtx)) {
2240 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2241 DPRINTF("cmdq_store=%d\n", i);
2242 sc->cmdq[i].func = run_wme_update_cb;
2243 sc->cmdq[i].arg0 = ic;
2244 ieee80211_runtask(ic, &sc->cmdq_task);
2245 return (0);
2246 }
2247
2248 RUN_LOCK(sc);
2249 run_wme_update_cb(ic);
2250 RUN_UNLOCK(sc);
2251
2252 /* return whatever, upper layer desn't care anyway */
2253 return (0);
2254}
2255
2256static void
2257run_key_update_begin(struct ieee80211vap *vap)
2258{
2259 /*
2260 * To avoid out-of-order events, both run_key_set() and
2261 * _delete() are deferred and handled by run_cmdq_cb().
2262 * So, there is nothing we need to do here.
2263 */
2264}
2265
2266static void
2267run_key_update_end(struct ieee80211vap *vap)
2268{
2269 /* null */
2270}
2271
2272static void
2273run_key_set_cb(void *arg)
2274{
2275 struct run_cmdq *cmdq = arg;
2276 struct ieee80211vap *vap = cmdq->arg1;
2277 struct ieee80211_key *k = cmdq->k;
2278 struct ieee80211com *ic = vap->iv_ic;
2279 struct run_softc *sc = ic->ic_ifp->if_softc;
2280 struct ieee80211_node *ni;
2281 uint32_t attr;
2282 uint16_t base, associd;
2283 uint8_t mode, wcid, iv[8];
2284
2285 RUN_LOCK_ASSERT(sc, MA_OWNED);
2286
2287 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2288 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2289 else
2290 ni = vap->iv_bss;
2291 associd = (ni != NULL) ? ni->ni_associd : 0;
2292
2293 /* map net80211 cipher to RT2860 security mode */
2294 switch (k->wk_cipher->ic_cipher) {
2295 case IEEE80211_CIPHER_WEP:
2296 if(k->wk_keylen < 8)
2297 mode = RT2860_MODE_WEP40;
2298 else
2299 mode = RT2860_MODE_WEP104;
2300 break;
2301 case IEEE80211_CIPHER_TKIP:
2302 mode = RT2860_MODE_TKIP;
2303 break;
2304 case IEEE80211_CIPHER_AES_CCM:
2305 mode = RT2860_MODE_AES_CCMP;
2306 break;
2307 default:
2308 DPRINTF("undefined case\n");
2309 return;
2310 }
2311
2312 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2313 associd, k->wk_keyix, mode,
2314 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2315 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2316 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2317
2318 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2319 wcid = 0; /* NB: update WCID0 for group keys */
2320 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2321 } else {
2322 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2323 1 : RUN_AID2WCID(associd);
2324 base = RT2860_PKEY(wcid);
2325 }
2326
2327 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2328 if(run_write_region_1(sc, base, k->wk_key, 16))
2329 return;
2330 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2331 return;
2332 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2333 return;
2334 } else {
2335 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2336 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2337 return;
2338 }
2339
2340 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2341 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2342 /* set initial packet number in IV+EIV */
2343 if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
2344 memset(iv, 0, sizeof iv);
2345 iv[3] = vap->iv_def_txkey << 6;
2346 } else {
2347 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2348 iv[0] = k->wk_keytsc >> 8;
2349 iv[1] = (iv[0] | 0x20) & 0x7f;
2350 iv[2] = k->wk_keytsc;
2351 } else /* CCMP */ {
2352 iv[0] = k->wk_keytsc;
2353 iv[1] = k->wk_keytsc >> 8;
2354 iv[2] = 0;
2355 }
2356 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2357 iv[4] = k->wk_keytsc >> 16;
2358 iv[5] = k->wk_keytsc >> 24;
2359 iv[6] = k->wk_keytsc >> 32;
2360 iv[7] = k->wk_keytsc >> 40;
2361 }
2362 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2363 return;
2364 }
2365
2366 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2367 /* install group key */
2368 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2369 return;
2370 attr &= ~(0xf << (k->wk_keyix * 4));
2371 attr |= mode << (k->wk_keyix * 4);
2372 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2373 return;
2374 } else {
2375 /* install pairwise key */
2376 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2377 return;
2378 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2379 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2380 return;
2381 }
2382
2383 /* TODO create a pass-thru key entry? */
2384
2385 /* need wcid to delete the right key later */
2386 k->wk_pad = wcid;
2387}
2388
2389/*
2390 * Don't have to be deferred, but in order to keep order of
2391 * execution, i.e. with run_key_delete(), defer this and let
2392 * run_cmdq_cb() maintain the order.
2393 *
2394 * return 0 on error
2395 */
2396static int
2397run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2398 const uint8_t mac[IEEE80211_ADDR_LEN])
2399{
2400 struct ieee80211com *ic = vap->iv_ic;
2401 struct run_softc *sc = ic->ic_ifp->if_softc;
2402 uint32_t i;
2403
2404 i = RUN_CMDQ_GET(&sc->cmdq_store);
2405 DPRINTF("cmdq_store=%d\n", i);
2406 sc->cmdq[i].func = run_key_set_cb;
2407 sc->cmdq[i].arg0 = NULL;
2408 sc->cmdq[i].arg1 = vap;
2409 sc->cmdq[i].k = k;
2410 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2411 ieee80211_runtask(ic, &sc->cmdq_task);
2412
2413 /*
2414 * To make sure key will be set when hostapd
2415 * calls iv_key_set() before if_init().
2416 */
2417 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2418 RUN_LOCK(sc);
2419 sc->cmdq_key_set = RUN_CMDQ_GO;
2420 RUN_UNLOCK(sc);
2421 }
2422
2423 return (1);
2424}
2425
2426/*
2427 * If wlan is destroyed without being brought down i.e. without
2428 * wlan down or wpa_cli terminate, this function is called after
2429 * vap is gone. Don't refer it.
2430 */
2431static void
2432run_key_delete_cb(void *arg)
2433{
2434 struct run_cmdq *cmdq = arg;
2435 struct run_softc *sc = cmdq->arg1;
2436 struct ieee80211_key *k = &cmdq->key;
2437 uint32_t attr;
2438 uint8_t wcid;
2439
2440 RUN_LOCK_ASSERT(sc, MA_OWNED);
2441
2442 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2443 /* remove group key */
2444 DPRINTF("removing group key\n");
2445 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2446 attr &= ~(0xf << (k->wk_keyix * 4));
2447 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2448 } else {
2449 /* remove pairwise key */
2450 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2451 /* matching wcid was written to wk_pad in run_key_set() */
2452 wcid = k->wk_pad;
2453 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2454 attr &= ~0xf;
2455 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2456 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2457 }
2458
2459 k->wk_pad = 0;
2460}
2461
2462/*
2463 * return 0 on error
2464 */
2465static int
2466run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2467{
2468 struct ieee80211com *ic = vap->iv_ic;
2469 struct run_softc *sc = ic->ic_ifp->if_softc;
2470 struct ieee80211_key *k0;
2471 uint32_t i;
2472
2473 /*
2474 * When called back, key might be gone. So, make a copy
2475 * of some values need to delete keys before deferring.
2476 * But, because of LOR with node lock, cannot use lock here.
2477 * So, use atomic instead.
2478 */
2479 i = RUN_CMDQ_GET(&sc->cmdq_store);
2480 DPRINTF("cmdq_store=%d\n", i);
2481 sc->cmdq[i].func = run_key_delete_cb;
2482 sc->cmdq[i].arg0 = NULL;
2483 sc->cmdq[i].arg1 = sc;
2484 k0 = &sc->cmdq[i].key;
2485 k0->wk_flags = k->wk_flags;
2486 k0->wk_keyix = k->wk_keyix;
2487 /* matching wcid was written to wk_pad in run_key_set() */
2488 k0->wk_pad = k->wk_pad;
2489 ieee80211_runtask(ic, &sc->cmdq_task);
2490 return (1); /* return fake success */
2491
2492}
2493
2494static void
2495run_ratectl_to(void *arg)
2496{
2497 struct run_softc *sc = arg;
2498
2499 /* do it in a process context, so it can go sleep */
2500 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2501 /* next timeout will be rescheduled in the callback task */
2502}
2503
2504/* ARGSUSED */
2505static void
2506run_ratectl_cb(void *arg, int pending)
2507{
2508 struct run_softc *sc = arg;
2509 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2510 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2511
2512 if (vap == NULL)
2513 return;
2514
2515 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2516 /*
2517 * run_reset_livelock() doesn't do anything with AMRR,
2518 * but Ralink wants us to call it every 1 sec. So, we
2519 * piggyback here rather than creating another callout.
2520 * Livelock may occur only in HOSTAP or IBSS mode
2521 * (when h/w is sending beacons).
2522 */
2523 RUN_LOCK(sc);
2524 run_reset_livelock(sc);
2525 /* just in case, there are some stats to drain */
2526 run_drain_fifo(sc);
2527 RUN_UNLOCK(sc);
2528 }
2529
2530 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2531
2532 RUN_LOCK(sc);
2533 if(sc->ratectl_run != RUN_RATECTL_OFF)
2534 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2535 RUN_UNLOCK(sc);
2536}
2537
2538static void
2539run_drain_fifo(void *arg)
2540{
2541 struct run_softc *sc = arg;
2542 struct ifnet *ifp = sc->sc_ifp;
2543 uint32_t stat;
2544 uint16_t (*wstat)[3];
2545 uint8_t wcid, mcs, pid;
2546 int8_t retry;
2547
2548 RUN_LOCK_ASSERT(sc, MA_OWNED);
2549
2550 for (;;) {
2551 /* drain Tx status FIFO (maxsize = 16) */
2552 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2553 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2554 if (!(stat & RT2860_TXQ_VLD))
2555 break;
2556
2557 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2558
2559 /* if no ACK was requested, no feedback is available */
2560 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2561 wcid == 0)
2562 continue;
2563
2564 /*
2565 * Even though each stat is Tx-complete-status like format,
2566 * the device can poll stats. Because there is no guarantee
2567 * that the referring node is still around when read the stats.
2568 * So that, if we use ieee80211_ratectl_tx_update(), we will
2569 * have hard time not to refer already freed node.
2570 *
2571 * To eliminate such page faults, we poll stats in softc.
2572 * Then, update the rates later with ieee80211_ratectl_tx_update().
2573 */
2574 wstat = &(sc->wcid_stats[wcid]);
2575 (*wstat)[RUN_TXCNT]++;
2576 if (stat & RT2860_TXQ_OK)
2577 (*wstat)[RUN_SUCCESS]++;
2578 else
2579 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
2580 /*
2581 * Check if there were retries, ie if the Tx success rate is
2582 * different from the requested rate. Note that it works only
2583 * because we do not allow rate fallback from OFDM to CCK.
2584 */
2585 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2586 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2587 if ((retry = pid -1 - mcs) > 0) {
2588 (*wstat)[RUN_TXCNT] += retry;
2589 (*wstat)[RUN_RETRY] += retry;
2590 }
2591 }
2592 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2593
2594 sc->fifo_cnt = 0;
2595}
2596
2597static void
2598run_iter_func(void *arg, struct ieee80211_node *ni)
2599{
2600 struct run_softc *sc = arg;
2601 struct ieee80211vap *vap = ni->ni_vap;
2602 struct ieee80211com *ic = ni->ni_ic;
2603 struct ifnet *ifp = ic->ic_ifp;
2604 struct run_node *rn = (void *)ni;
2605 union run_stats sta[2];
2606 uint16_t (*wstat)[3];
2607 int txcnt, success, retrycnt, error;
2608
2609 RUN_LOCK(sc);
2610
2611 /* Check for special case */
2612 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2613 ni != vap->iv_bss)
2614 goto fail;
2615
2616 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2617 vap->iv_opmode == IEEE80211_M_STA)) {
2618 /* read statistic counters (clear on read) and update AMRR state */
2619 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2620 sizeof sta);
2621 if (error != 0)
2622 goto fail;
2623
2624 /* count failed TX as errors */
2625 if_inc_counter(ifp, IFCOUNTER_OERRORS, le16toh(sta[0].error.fail));
2626
2627 retrycnt = le16toh(sta[1].tx.retry);
2628 success = le16toh(sta[1].tx.success);
2629 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2630
2631 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2632 retrycnt, success, le16toh(sta[0].error.fail));
2633 } else {
2634 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2635
2636 if (wstat == &(sc->wcid_stats[0]) ||
2637 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2638 goto fail;
2639
2640 txcnt = (*wstat)[RUN_TXCNT];
2641 success = (*wstat)[RUN_SUCCESS];
2642 retrycnt = (*wstat)[RUN_RETRY];
2643 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2644 retrycnt, txcnt, success);
2645
2646 memset(wstat, 0, sizeof(*wstat));
2647 }
2648
2649 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2650 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2651
2652fail:
2653 RUN_UNLOCK(sc);
2654
2655 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2656}
2657
2658static void
2659run_newassoc_cb(void *arg)
2660{
2661 struct run_cmdq *cmdq = arg;
2662 struct ieee80211_node *ni = cmdq->arg1;
2663 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2664 uint8_t wcid = cmdq->wcid;
2665
2666 RUN_LOCK_ASSERT(sc, MA_OWNED);
2667
2668 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2669 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2670
2671 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2672}
2673
2674static void
2675run_newassoc(struct ieee80211_node *ni, int isnew)
2676{
2677 struct run_node *rn = (void *)ni;
2678 struct ieee80211_rateset *rs = &ni->ni_rates;
2679 struct ieee80211vap *vap = ni->ni_vap;
2680 struct ieee80211com *ic = vap->iv_ic;
2681 struct run_softc *sc = ic->ic_ifp->if_softc;
2682 uint8_t rate;
2683 uint8_t ridx;
2684 uint8_t wcid;
2685 int i, j;
2686
2687 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2688 1 : RUN_AID2WCID(ni->ni_associd);
2689
2690 if (wcid > RT2870_WCID_MAX) {
2691 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2692 return;
2693 }
2694
2695 /* only interested in true associations */
2696 if (isnew && ni->ni_associd != 0) {
2697
2698 /*
2699 * This function could is called though timeout function.
2700 * Need to defer.
2701 */
2702 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2703 DPRINTF("cmdq_store=%d\n", cnt);
2704 sc->cmdq[cnt].func = run_newassoc_cb;
2705 sc->cmdq[cnt].arg0 = NULL;
2706 sc->cmdq[cnt].arg1 = ni;
2707 sc->cmdq[cnt].wcid = wcid;
2708 ieee80211_runtask(ic, &sc->cmdq_task);
2709 }
2710
2711 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2712 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2713
2714 for (i = 0; i < rs->rs_nrates; i++) {
2715 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2716 /* convert 802.11 rate to hardware rate index */
2717 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2718 if (rt2860_rates[ridx].rate == rate)
2719 break;
2720 rn->ridx[i] = ridx;
2721 /* determine rate of control response frames */
2722 for (j = i; j >= 0; j--) {
2723 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2724 rt2860_rates[rn->ridx[i]].phy ==
2725 rt2860_rates[rn->ridx[j]].phy)
2726 break;
2727 }
2728 if (j >= 0) {
2729 rn->ctl_ridx[i] = rn->ridx[j];
2730 } else {
2731 /* no basic rate found, use mandatory one */
2732 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2733 }
2734 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2735 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2736 }
2737 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2738 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2739 if (rt2860_rates[ridx].rate == rate)
2740 break;
2741 rn->mgt_ridx = ridx;
2742 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2743
2744 RUN_LOCK(sc);
2745 if(sc->ratectl_run != RUN_RATECTL_OFF)
2746 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2747 RUN_UNLOCK(sc);
2748}
2749
2750/*
2751 * Return the Rx chain with the highest RSSI for a given frame.
2752 */
2753static __inline uint8_t
2754run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2755{
2756 uint8_t rxchain = 0;
2757
2758 if (sc->nrxchains > 1) {
2759 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2760 rxchain = 1;
2761 if (sc->nrxchains > 2)
2762 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2763 rxchain = 2;
2764 }
2765 return (rxchain);
2766}
2767
2768static void
2769run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2770{
2771 struct ifnet *ifp = sc->sc_ifp;
2772 struct ieee80211com *ic = ifp->if_l2com;
2773 struct ieee80211_frame *wh;
2774 struct ieee80211_node *ni;
2775 struct rt2870_rxd *rxd;
2776 struct rt2860_rxwi *rxwi;
2777 uint32_t flags;
2778 uint16_t len, rxwisize;
2779 uint8_t ant, rssi;
2780 int8_t nf;
2781
2782 rxwi = mtod(m, struct rt2860_rxwi *);
2783 len = le16toh(rxwi->len) & 0xfff;
2784 rxwisize = sizeof(struct rt2860_rxwi);
2785 if (sc->mac_ver == 0x5592)
2786 rxwisize += sizeof(uint64_t);
2787 else if (sc->mac_ver == 0x3593)
2788 rxwisize += sizeof(uint32_t);
2789 if (__predict_false(len > dmalen)) {
2790 m_freem(m);
2791 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2792 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2793 return;
2794 }
2795 /* Rx descriptor is located at the end */
2796 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2797 flags = le32toh(rxd->flags);
2798
2799 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2800 m_freem(m);
2801 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2802 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2803 return;
2804 }
2805
2806 m->m_data += rxwisize;
2807 m->m_pkthdr.len = m->m_len -= rxwisize;
2808
2809 wh = mtod(m, struct ieee80211_frame *);
2810
2811 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2812 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2813 m->m_flags |= M_WEP;
2814 }
2815
2816 if (flags & RT2860_RX_L2PAD) {
2817 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2818 len += 2;
2819 }
2820
2821 ni = ieee80211_find_rxnode(ic,
2822 mtod(m, struct ieee80211_frame_min *));
2823
2824 if (__predict_false(flags & RT2860_RX_MICERR)) {
2825 /* report MIC failures to net80211 for TKIP */
2826 if (ni != NULL)
2827 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2828 rxwi->keyidx);
2829 m_freem(m);
2830 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2831 DPRINTF("MIC error. Someone is lying.\n");
2832 return;
2833 }
2834
2835 ant = run_maxrssi_chain(sc, rxwi);
2836 rssi = rxwi->rssi[ant];
2837 nf = run_rssi2dbm(sc, rssi, ant);
2838
2839 m->m_pkthdr.rcvif = ifp;
2840 m->m_pkthdr.len = m->m_len = len;
2841
2842 if (ni != NULL) {
2843 (void)ieee80211_input(ni, m, rssi, nf);
2844 ieee80211_free_node(ni);
2845 } else {
2846 (void)ieee80211_input_all(ic, m, rssi, nf);
2847 }
2848
2849 if (__predict_false(ieee80211_radiotap_active(ic))) {
2850 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2851 uint16_t phy;
2852
2853 tap->wr_flags = 0;
2854 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2855 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2856 tap->wr_antsignal = rssi;
2857 tap->wr_antenna = ant;
2858 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2859 tap->wr_rate = 2; /* in case it can't be found below */
2860 phy = le16toh(rxwi->phy);
2861 switch (phy & RT2860_PHY_MODE) {
2862 case RT2860_PHY_CCK:
2863 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2864 case 0: tap->wr_rate = 2; break;
2865 case 1: tap->wr_rate = 4; break;
2866 case 2: tap->wr_rate = 11; break;
2867 case 3: tap->wr_rate = 22; break;
2868 }
2869 if (phy & RT2860_PHY_SHPRE)
2870 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2871 break;
2872 case RT2860_PHY_OFDM:
2873 switch (phy & RT2860_PHY_MCS) {
2874 case 0: tap->wr_rate = 12; break;
2875 case 1: tap->wr_rate = 18; break;
2876 case 2: tap->wr_rate = 24; break;
2877 case 3: tap->wr_rate = 36; break;
2878 case 4: tap->wr_rate = 48; break;
2879 case 5: tap->wr_rate = 72; break;
2880 case 6: tap->wr_rate = 96; break;
2881 case 7: tap->wr_rate = 108; break;
2882 }
2883 break;
2884 }
2885 }
2886}
2887
2888static void
2889run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2890{
2891 struct run_softc *sc = usbd_xfer_softc(xfer);
2892 struct ifnet *ifp = sc->sc_ifp;
2893 struct mbuf *m = NULL;
2894 struct mbuf *m0;
2895 uint32_t dmalen;
2896 uint16_t rxwisize;
2897 int xferlen;
2898
2899 rxwisize = sizeof(struct rt2860_rxwi);
2900 if (sc->mac_ver == 0x5592)
2901 rxwisize += sizeof(uint64_t);
2902 else if (sc->mac_ver == 0x3593)
2903 rxwisize += sizeof(uint32_t);
2904
2905 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2906
2907 switch (USB_GET_STATE(xfer)) {
2908 case USB_ST_TRANSFERRED:
2909
2910 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2911
2912 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2913 sizeof(struct rt2870_rxd))) {
2914 DPRINTF("xfer too short %d\n", xferlen);
2915 goto tr_setup;
2916 }
2917
2918 m = sc->rx_m;
2919 sc->rx_m = NULL;
2920
2921 /* FALLTHROUGH */
2922 case USB_ST_SETUP:
2923tr_setup:
2924 if (sc->rx_m == NULL) {
2925 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2926 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2927 }
2928 if (sc->rx_m == NULL) {
2929 DPRINTF("could not allocate mbuf - idle with stall\n");
2930 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2931 usbd_xfer_set_stall(xfer);
2932 usbd_xfer_set_frames(xfer, 0);
2933 } else {
2934 /*
2935 * Directly loading a mbuf cluster into DMA to
2936 * save some data copying. This works because
2937 * there is only one cluster.
2938 */
2939 usbd_xfer_set_frame_data(xfer, 0,
2940 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2941 usbd_xfer_set_frames(xfer, 1);
2942 }
2943 usbd_transfer_submit(xfer);
2944 break;
2945
2946 default: /* Error */
2947 if (error != USB_ERR_CANCELLED) {
2948 /* try to clear stall first */
2949 usbd_xfer_set_stall(xfer);
2950
2951 if (error == USB_ERR_TIMEOUT)
2952 device_printf(sc->sc_dev, "device timeout\n");
2953
2954 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2955
2956 goto tr_setup;
2957 }
2958 if (sc->rx_m != NULL) {
2959 m_freem(sc->rx_m);
2960 sc->rx_m = NULL;
2961 }
2962 break;
2963 }
2964
2965 if (m == NULL)
2966 return;
2967
2968 /* inputting all the frames must be last */
2969
2970 RUN_UNLOCK(sc);
2971
2972 m->m_pkthdr.len = m->m_len = xferlen;
2973
2974 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2975 for(;;) {
2976 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2977
2978 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2979 ((dmalen & 3) != 0)) {
2980 DPRINTF("bad DMA length %u\n", dmalen);
2981 break;
2982 }
2983 if ((dmalen + 8) > (uint32_t)xferlen) {
2984 DPRINTF("bad DMA length %u > %d\n",
2985 dmalen + 8, xferlen);
2986 break;
2987 }
2988
2989 /* If it is the last one or a single frame, we won't copy. */
2990 if ((xferlen -= dmalen + 8) <= 8) {
2991 /* trim 32-bit DMA-len header */
2992 m->m_data += 4;
2993 m->m_pkthdr.len = m->m_len -= 4;
2994 run_rx_frame(sc, m, dmalen);
2995 m = NULL; /* don't free source buffer */
2996 break;
2997 }
2998
2999 /* copy aggregated frames to another mbuf */
3000 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3001 if (__predict_false(m0 == NULL)) {
3002 DPRINTF("could not allocate mbuf\n");
3003 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
3004 break;
3005 }
3006 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3007 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3008 m0->m_pkthdr.len = m0->m_len =
3009 dmalen + sizeof(struct rt2870_rxd);
3010 run_rx_frame(sc, m0, dmalen);
3011
3012 /* update data ptr */
3013 m->m_data += dmalen + 8;
3014 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3015 }
3016
3017 /* make sure we free the source buffer, if any */
3018 m_freem(m);
3019
3020 RUN_LOCK(sc);
3021}
3022
3023static void
3024run_tx_free(struct run_endpoint_queue *pq,
3025 struct run_tx_data *data, int txerr)
3026{
3027 if (data->m != NULL) {
3028 if (data->m->m_flags & M_TXCB)
3029 ieee80211_process_callback(data->ni, data->m,
3030 txerr ? ETIMEDOUT : 0);
3031 m_freem(data->m);
3032 data->m = NULL;
3033
3034 if (data->ni == NULL) {
3035 DPRINTF("no node\n");
3036 } else {
3037 ieee80211_free_node(data->ni);
3038 data->ni = NULL;
3039 }
3040 }
3041
3042 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3043 pq->tx_nfree++;
3044}
3045
3046static void
3047run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3048{
3049 struct run_softc *sc = usbd_xfer_softc(xfer);
3050 struct ifnet *ifp = sc->sc_ifp;
3051 struct ieee80211com *ic = ifp->if_l2com;
3052 struct run_tx_data *data;
3053 struct ieee80211vap *vap = NULL;
3054 struct usb_page_cache *pc;
3055 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3056 struct mbuf *m;
3057 usb_frlength_t size;
3058 int actlen;
3059 int sumlen;
3060
3061 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3062
3063 switch (USB_GET_STATE(xfer)) {
3064 case USB_ST_TRANSFERRED:
3065 DPRINTFN(11, "transfer complete: %d "
3066 "bytes @ index %d\n", actlen, index);
3067
3068 data = usbd_xfer_get_priv(xfer);
3069
3070 run_tx_free(pq, data, 0);
3071 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
3072
3073 usbd_xfer_set_priv(xfer, NULL);
3074
3075 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
3076
3077 /* FALLTHROUGH */
3078 case USB_ST_SETUP:
3079tr_setup:
3080 data = STAILQ_FIRST(&pq->tx_qh);
3081 if (data == NULL)
3082 break;
3083
3084 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3085
3086 m = data->m;
3087 size = (sc->mac_ver == 0x5592) ?
3088 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3089 if ((m->m_pkthdr.len +
3090 size + 3 + 8) > RUN_MAX_TXSZ) {
3091 DPRINTF("data overflow, %u bytes\n",
3092 m->m_pkthdr.len);
3093
3094 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3095
3096 run_tx_free(pq, data, 1);
3097
3098 goto tr_setup;
3099 }
3100
3101 pc = usbd_xfer_get_frame(xfer, 0);
3102 usbd_copy_in(pc, 0, &data->desc, size);
3103 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3104 size += m->m_pkthdr.len;
3105 /*
3106 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3107 * 4-byte padding), and be sure to zero those trailing
3108 * bytes:
3109 */
3110 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3111 size += ((-size) & 3) + 8;
3112
3113 vap = data->ni->ni_vap;
3114 if (ieee80211_radiotap_active_vap(vap)) {
3115 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3116 struct rt2860_txwi *txwi =
3117 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3118 tap->wt_flags = 0;
3119 tap->wt_rate = rt2860_rates[data->ridx].rate;
3120 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3121 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3122 tap->wt_hwqueue = index;
3123 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3124 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3125
3126 ieee80211_radiotap_tx(vap, m);
3127 }
3128
3129 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3130 m->m_pkthdr.len, size, index);
3131
3132 usbd_xfer_set_frame_len(xfer, 0, size);
3133 usbd_xfer_set_priv(xfer, data);
3134
3135 usbd_transfer_submit(xfer);
3136
3137 RUN_UNLOCK(sc);
3138 run_start(ifp);
3139 RUN_LOCK(sc);
3140
3141 break;
3142
3143 default:
3144 DPRINTF("USB transfer error, %s\n",
3145 usbd_errstr(error));
3146
3147 data = usbd_xfer_get_priv(xfer);
3148
3149 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3150
3151 if (data != NULL) {
3152 if(data->ni != NULL)
3153 vap = data->ni->ni_vap;
3154 run_tx_free(pq, data, error);
3155 usbd_xfer_set_priv(xfer, NULL);
3156 }
3157 if (vap == NULL)
3158 vap = TAILQ_FIRST(&ic->ic_vaps);
3159
3160 if (error != USB_ERR_CANCELLED) {
3161 if (error == USB_ERR_TIMEOUT) {
3162 device_printf(sc->sc_dev, "device timeout\n");
3163 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3164 DPRINTF("cmdq_store=%d\n", i);
3165 sc->cmdq[i].func = run_usb_timeout_cb;
3166 sc->cmdq[i].arg0 = vap;
3167 ieee80211_runtask(ic, &sc->cmdq_task);
3168 }
3169
3170 /*
3171 * Try to clear stall first, also if other
3172 * errors occur, hence clearing stall
3173 * introduces a 50 ms delay:
3174 */
3175 usbd_xfer_set_stall(xfer);
3176 goto tr_setup;
3177 }
3178 break;
3179 }
3180}
3181
3182static void
3183run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3184{
3185 run_bulk_tx_callbackN(xfer, error, 0);
3186}
3187
3188static void
3189run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3190{
3191 run_bulk_tx_callbackN(xfer, error, 1);
3192}
3193
3194static void
3195run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3196{
3197 run_bulk_tx_callbackN(xfer, error, 2);
3198}
3199
3200static void
3201run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3202{
3203 run_bulk_tx_callbackN(xfer, error, 3);
3204}
3205
3206static void
3207run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3208{
3209 run_bulk_tx_callbackN(xfer, error, 4);
3210}
3211
3212static void
3213run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3214{
3215 run_bulk_tx_callbackN(xfer, error, 5);
3216}
3217
3218static void
3219run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3220{
3221 struct mbuf *m = data->m;
3222 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3223 struct ieee80211vap *vap = data->ni->ni_vap;
3224 struct ieee80211_frame *wh;
3225 struct rt2870_txd *txd;
3226 struct rt2860_txwi *txwi;
3227 uint16_t xferlen, txwisize;
3228 uint16_t mcs;
3229 uint8_t ridx = data->ridx;
3230 uint8_t pad;
3231
3232 /* get MCS code from rate index */
3233 mcs = rt2860_rates[ridx].mcs;
3234
3235 txwisize = (sc->mac_ver == 0x5592) ?
3236 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3237 xferlen = txwisize + m->m_pkthdr.len;
3238
3239 /* roundup to 32-bit alignment */
3240 xferlen = (xferlen + 3) & ~3;
3241
3242 txd = (struct rt2870_txd *)&data->desc;
3243 txd->len = htole16(xferlen);
3244
3245 wh = mtod(m, struct ieee80211_frame *);
3246
3247 /*
3248 * Ether both are true or both are false, the header
3249 * are nicely aligned to 32-bit. So, no L2 padding.
3250 */
3251 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3252 pad = 0;
3253 else
3254 pad = 2;
3255
3256 /* setup TX Wireless Information */
3257 txwi = (struct rt2860_txwi *)(txd + 1);
3258 txwi->len = htole16(m->m_pkthdr.len - pad);
3259 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3260 mcs |= RT2860_PHY_CCK;
3261 if (ridx != RT2860_RIDX_CCK1 &&
3262 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3263 mcs |= RT2860_PHY_SHPRE;
3264 } else
3265 mcs |= RT2860_PHY_OFDM;
3266 txwi->phy = htole16(mcs);
3267
3268 /* check if RTS/CTS or CTS-to-self protection is required */
3269 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3270 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3271 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3272 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3273 txwi->txop |= RT2860_TX_TXOP_HT;
3274 else
3275 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3276
3277 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3278 txwi->xflags |= RT2860_TX_NSEQ;
3279}
3280
3281/* This function must be called locked */
3282static int
3283run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3284{
3285 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3286 struct ieee80211vap *vap = ni->ni_vap;
3287 struct ieee80211_frame *wh;
3288 struct ieee80211_channel *chan;
3289 const struct ieee80211_txparam *tp;
3290 struct run_node *rn = (void *)ni;
3291 struct run_tx_data *data;
3292 struct rt2870_txd *txd;
3293 struct rt2860_txwi *txwi;
3294 uint16_t qos;
3295 uint16_t dur;
3296 uint16_t qid;
3297 uint8_t type;
3298 uint8_t tid;
3299 uint8_t ridx;
3300 uint8_t ctl_ridx;
3301 uint8_t qflags;
3302 uint8_t xflags = 0;
3303 int hasqos;
3304
3305 RUN_LOCK_ASSERT(sc, MA_OWNED);
3306
3307 wh = mtod(m, struct ieee80211_frame *);
3308
3309 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3310
3311 /*
3312 * There are 7 bulk endpoints: 1 for RX
3313 * and 6 for TX (4 EDCAs + HCCA + Prio).
3314 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3315 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3316 */
3317 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3318 uint8_t *frm;
3319
3320 if(IEEE80211_HAS_ADDR4(wh))
3321 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3322 else
3323 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3324
3325 qos = le16toh(*(const uint16_t *)frm);
3326 tid = qos & IEEE80211_QOS_TID;
3327 qid = TID_TO_WME_AC(tid);
3328 } else {
3329 qos = 0;
3330 tid = 0;
3331 qid = WME_AC_BE;
3332 }
3333 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3334
3335 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3336 qos, qid, tid, qflags);
3337
3338 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3339 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3340
3341 /* pickup a rate index */
3342 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3343 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3344 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3345 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3346 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3347 } else {
3348 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3349 ridx = rn->fix_ridx;
3350 else
3351 ridx = rn->amrr_ridx;
3352 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3353 }
3354
3355 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3356 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3357 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3358 xflags |= RT2860_TX_ACK;
3359 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3360 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3361 else
3362 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3363 USETW(wh->i_dur, dur);
3364 }
3365
3366 /* reserve slots for mgmt packets, just in case */
3367 if (sc->sc_epq[qid].tx_nfree < 3) {
3368 DPRINTFN(10, "tx ring %d is full\n", qid);
3369 return (-1);
3370 }
3371
3372 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3373 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3374 sc->sc_epq[qid].tx_nfree--;
3375
3376 txd = (struct rt2870_txd *)&data->desc;
3377 txd->flags = qflags;
3378 txwi = (struct rt2860_txwi *)(txd + 1);
3379 txwi->xflags = xflags;
3380 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3381 txwi->wcid = 0;
3382 else
3383 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3384 1 : RUN_AID2WCID(ni->ni_associd);
3385
3386 /* clear leftover garbage bits */
3387 txwi->flags = 0;
3388 txwi->txop = 0;
3389
3390 data->m = m;
3391 data->ni = ni;
3392 data->ridx = ridx;
3393
3394 run_set_tx_desc(sc, data);
3395
3396 /*
3397 * The chip keeps track of 2 kind of Tx stats,
3398 * * TX_STAT_FIFO, for per WCID stats, and
3399 * * TX_STA_CNT0 for all-TX-in-one stats.
3400 *
3401 * To use FIFO stats, we need to store MCS into the driver-private
3402 * PacketID field. So that, we can tell whose stats when we read them.
3403 * We add 1 to the MCS because setting the PacketID field to 0 means
3404 * that we don't want feedback in TX_STAT_FIFO.
3405 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3406 *
3407 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3408 */
3409 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3410 vap->iv_opmode == IEEE80211_M_MBSS) {
3411 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3412 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3413
3414 /*
3415 * Unlike PCI based devices, we don't get any interrupt from
3416 * USB devices, so we simulate FIFO-is-full interrupt here.
3417 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3418 * quickly get fulled. To prevent overflow, increment a counter on
3419 * every FIFO stat request, so we know how many slots are left.
3420 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3421 * are used only in those modes.
3422 * We just drain stats. AMRR gets updated every 1 sec by
3423 * run_ratectl_cb() via callout.
3424 * Call it early. Otherwise overflow.
3425 */
3426 if (sc->fifo_cnt++ == 10) {
3427 /*
3428 * With multiple vaps or if_bridge, if_start() is called
3429 * with a non-sleepable lock, tcpinp. So, need to defer.
3430 */
3431 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3432 DPRINTFN(6, "cmdq_store=%d\n", i);
3433 sc->cmdq[i].func = run_drain_fifo;
3434 sc->cmdq[i].arg0 = sc;
3435 ieee80211_runtask(ic, &sc->cmdq_task);
3436 }
3437 }
3438
3439 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3440
3441 usbd_transfer_start(sc->sc_xfer[qid]);
3442
3443 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3444 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3445 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3446
3447 return (0);
3448}
3449
3450static int
3451run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3452{
3453 struct ifnet *ifp = sc->sc_ifp;
3454 struct ieee80211com *ic = ifp->if_l2com;
3455 struct run_node *rn = (void *)ni;
3456 struct run_tx_data *data;
3457 struct ieee80211_frame *wh;
3458 struct rt2870_txd *txd;
3459 struct rt2860_txwi *txwi;
3460 uint16_t dur;
3461 uint8_t ridx = rn->mgt_ridx;
3462 uint8_t type;
3463 uint8_t xflags = 0;
3464 uint8_t wflags = 0;
3465
3466 RUN_LOCK_ASSERT(sc, MA_OWNED);
3467
3468 wh = mtod(m, struct ieee80211_frame *);
3469
3470 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3471
3472 /* tell hardware to add timestamp for probe responses */
3473 if ((wh->i_fc[0] &
3474 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3475 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3476 wflags |= RT2860_TX_TS;
3477 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3478 xflags |= RT2860_TX_ACK;
3479
3480 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3481 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3482 USETW(wh->i_dur, dur);
3483 }
3484
3485 if (sc->sc_epq[0].tx_nfree == 0) {
3486 /* let caller free mbuf */
3487 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3488 return (EIO);
3489 }
3490 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3491 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3492 sc->sc_epq[0].tx_nfree--;
3493
3494 txd = (struct rt2870_txd *)&data->desc;
3495 txd->flags = RT2860_TX_QSEL_EDCA;
3496 txwi = (struct rt2860_txwi *)(txd + 1);
3497 txwi->wcid = 0xff;
3498 txwi->flags = wflags;
3499 txwi->xflags = xflags;
3500 txwi->txop = 0; /* clear leftover garbage bits */
3501
3502 data->m = m;
3503 data->ni = ni;
3504 data->ridx = ridx;
3505
3506 run_set_tx_desc(sc, data);
3507
3508 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3509 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3510 rt2860_rates[ridx].rate);
3511
3512 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3513
3514 usbd_transfer_start(sc->sc_xfer[0]);
3515
3516 return (0);
3517}
3518
3519static int
3520run_sendprot(struct run_softc *sc,
3521 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3522{
3523 struct ieee80211com *ic = ni->ni_ic;
3524 struct ieee80211_frame *wh;
3525 struct run_tx_data *data;
3526 struct rt2870_txd *txd;
3527 struct rt2860_txwi *txwi;
3528 struct mbuf *mprot;
3529 int ridx;
3530 int protrate;
3531 int ackrate;
3532 int pktlen;
3533 int isshort;
3534 uint16_t dur;
3535 uint8_t type;
3536 uint8_t wflags = 0;
3537 uint8_t xflags = 0;
3538
3539 RUN_LOCK_ASSERT(sc, MA_OWNED);
3540
3541 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3542 ("protection %d", prot));
3543
3544 wh = mtod(m, struct ieee80211_frame *);
3545 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3546 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3547
3548 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3549 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3550
3551 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3552 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3553 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3554 wflags = RT2860_TX_FRAG;
3555
3556 /* check that there are free slots before allocating the mbuf */
3557 if (sc->sc_epq[0].tx_nfree == 0) {
3558 /* let caller free mbuf */
3559 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3560 return (ENOBUFS);
3561 }
3562
3563 if (prot == IEEE80211_PROT_RTSCTS) {
3564 /* NB: CTS is the same size as an ACK */
3565 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3566 xflags |= RT2860_TX_ACK;
3567 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3568 } else {
3569 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3570 }
3571 if (mprot == NULL) {
3572 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
3573 DPRINTF("could not allocate mbuf\n");
3574 return (ENOBUFS);
3575 }
3576
3577 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3578 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3579 sc->sc_epq[0].tx_nfree--;
3580
3581 txd = (struct rt2870_txd *)&data->desc;
3582 txd->flags = RT2860_TX_QSEL_EDCA;
3583 txwi = (struct rt2860_txwi *)(txd + 1);
3584 txwi->wcid = 0xff;
3585 txwi->flags = wflags;
3586 txwi->xflags = xflags;
3587 txwi->txop = 0; /* clear leftover garbage bits */
3588
3589 data->m = mprot;
3590 data->ni = ieee80211_ref_node(ni);
3591
3592 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3593 if (rt2860_rates[ridx].rate == protrate)
3594 break;
3595 data->ridx = ridx;
3596
3597 run_set_tx_desc(sc, data);
3598
3599 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3600 m->m_pkthdr.len, rate);
3601
3602 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3603
3604 usbd_transfer_start(sc->sc_xfer[0]);
3605
3606 return (0);
3607}
3608
3609static int
3610run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3611 const struct ieee80211_bpf_params *params)
3612{
3613 struct ieee80211com *ic = ni->ni_ic;
3614 struct ieee80211_frame *wh;
3615 struct run_tx_data *data;
3616 struct rt2870_txd *txd;
3617 struct rt2860_txwi *txwi;
3618 uint8_t type;
3619 uint8_t ridx;
3620 uint8_t rate;
3621 uint8_t opflags = 0;
3622 uint8_t xflags = 0;
3623 int error;
3624
3625 RUN_LOCK_ASSERT(sc, MA_OWNED);
3626
3627 KASSERT(params != NULL, ("no raw xmit params"));
3628
3629 wh = mtod(m, struct ieee80211_frame *);
3630 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3631
3632 rate = params->ibp_rate0;
3633 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3634 /* let caller free mbuf */
3635 return (EINVAL);
3636 }
3637
3638 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3639 xflags |= RT2860_TX_ACK;
3640 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3641 error = run_sendprot(sc, m, ni,
3642 params->ibp_flags & IEEE80211_BPF_RTS ?
3643 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3644 rate);
3645 if (error) {
3646 /* let caller free mbuf */
3647 return error;
3648 }
3649 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3650 }
3651
3652 if (sc->sc_epq[0].tx_nfree == 0) {
3653 /* let caller free mbuf */
3654 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3655 DPRINTF("sending raw frame, but tx ring is full\n");
3656 return (EIO);
3657 }
3658 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3659 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3660 sc->sc_epq[0].tx_nfree--;
3661
3662 txd = (struct rt2870_txd *)&data->desc;
3663 txd->flags = RT2860_TX_QSEL_EDCA;
3664 txwi = (struct rt2860_txwi *)(txd + 1);
3665 txwi->wcid = 0xff;
3666 txwi->xflags = xflags;
3667 txwi->txop = opflags;
3668 txwi->flags = 0; /* clear leftover garbage bits */
3669
3670 data->m = m;
3671 data->ni = ni;
3672 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3673 if (rt2860_rates[ridx].rate == rate)
3674 break;
3675 data->ridx = ridx;
3676
3677 run_set_tx_desc(sc, data);
3678
3679 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3680 m->m_pkthdr.len, rate);
3681
3682 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3683
3684 usbd_transfer_start(sc->sc_xfer[0]);
3685
3686 return (0);
3687}
3688
3689static int
3690run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3691 const struct ieee80211_bpf_params *params)
3692{
3693 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3694 struct run_softc *sc = ifp->if_softc;
3695 int error = 0;
3696
3697 RUN_LOCK(sc);
3698
3699 /* prevent management frames from being sent if we're not ready */
3700 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
3701 error = ENETDOWN;
3702 goto done;
3703 }
3704
3705 if (params == NULL) {
3706 /* tx mgt packet */
3707 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3708 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3709 DPRINTF("mgt tx failed\n");
3710 goto done;
3711 }
3712 } else {
3713 /* tx raw packet with param */
3714 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3715 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3716 DPRINTF("tx with param failed\n");
3717 goto done;
3718 }
3719 }
3720
3721 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
3722
3723done:
3724 RUN_UNLOCK(sc);
3725
3726 if (error != 0) {
3727 if(m != NULL)
3728 m_freem(m);
3729 ieee80211_free_node(ni);
3730 }
3731
3732 return (error);
3733}
3734
3735static void
3736run_start(struct ifnet *ifp)
3737{
3738 struct run_softc *sc = ifp->if_softc;
3739 struct ieee80211_node *ni;
3740 struct mbuf *m;
3741
3742 RUN_LOCK(sc);
3743
3744 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3745 RUN_UNLOCK(sc);
3746 return;
3747 }
3748
3749 for (;;) {
3750 /* send data frames */
3751 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3752 if (m == NULL)
3753 break;
3754
3755 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3756 if (run_tx(sc, m, ni) != 0) {
3757 IFQ_DRV_PREPEND(&ifp->if_snd, m);
3758 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3759 break;
3760 }
3761 }
3762
3763 RUN_UNLOCK(sc);
3764}
3765
3766static int
3767run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3768{
3769 struct run_softc *sc = ifp->if_softc;
3770 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3771 struct ifreq *ifr = (struct ifreq *) data;
3772 int startall = 0;
3773 int error;
3774
3775 RUN_LOCK(sc);
3776 error = sc->sc_detached ? ENXIO : 0;
3777 RUN_UNLOCK(sc);
3778 if (error)
3779 return (error);
3780
3781 switch (cmd) {
3782 case SIOCSIFFLAGS:
3783 RUN_LOCK(sc);
3784 if (ifp->if_flags & IFF_UP) {
3785 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){
3786 startall = 1;
3787 run_init_locked(sc);
3788 } else
3789 run_update_promisc_locked(ifp);
3790 } else {
3791 if (ifp->if_drv_flags & IFF_DRV_RUNNING &&
3792 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
3793 run_stop(sc);
3794 }
3795 }
3796 RUN_UNLOCK(sc);
3797 if (startall)
3798 ieee80211_start_all(ic);
3799 break;
3800 case SIOCGIFMEDIA:
3801 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3802 break;
3803 case SIOCGIFADDR:
3804 error = ether_ioctl(ifp, cmd, data);
3805 break;
3806 default:
3807 error = EINVAL;
3808 break;
3809 }
3810
3811 return (error);
3812}
3813
3814static void
3815run_iq_calib(struct run_softc *sc, u_int chan)
3816{
3817 uint16_t val;
3818
3819 /* Tx0 IQ gain. */
3820 run_bbp_write(sc, 158, 0x2c);
3821 if (chan <= 14)
3822 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3823 else if (chan <= 64) {
3824 run_efuse_read(sc,
3825 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3826 &val, 1);
3827 } else if (chan <= 138) {
3828 run_efuse_read(sc,
3829 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3830 &val, 1);
3831 } else if (chan <= 165) {
3832 run_efuse_read(sc,
3833 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3834 &val, 1);
3835 } else
3836 val = 0;
3837 run_bbp_write(sc, 159, val);
3838
3839 /* Tx0 IQ phase. */
3840 run_bbp_write(sc, 158, 0x2d);
3841 if (chan <= 14) {
3842 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3843 &val, 1);
3844 } else if (chan <= 64) {
3845 run_efuse_read(sc,
3846 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3847 &val, 1);
3848 } else if (chan <= 138) {
3849 run_efuse_read(sc,
3850 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3851 &val, 1);
3852 } else if (chan <= 165) {
3853 run_efuse_read(sc,
3854 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3855 &val, 1);
3856 } else
3857 val = 0;
3858 run_bbp_write(sc, 159, val);
3859
3860 /* Tx1 IQ gain. */
3861 run_bbp_write(sc, 158, 0x4a);
3862 if (chan <= 14) {
3863 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3864 &val, 1);
3865 } else if (chan <= 64) {
3866 run_efuse_read(sc,
3867 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3868 &val, 1);
3869 } else if (chan <= 138) {
3870 run_efuse_read(sc,
3871 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3872 &val, 1);
3873 } else if (chan <= 165) {
3874 run_efuse_read(sc,
3875 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3876 &val, 1);
3877 } else
3878 val = 0;
3879 run_bbp_write(sc, 159, val);
3880
3881 /* Tx1 IQ phase. */
3882 run_bbp_write(sc, 158, 0x4b);
3883 if (chan <= 14) {
3884 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3885 &val, 1);
3886 } else if (chan <= 64) {
3887 run_efuse_read(sc,
3888 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3889 &val, 1);
3890 } else if (chan <= 138) {
3891 run_efuse_read(sc,
3892 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3893 &val, 1);
3894 } else if (chan <= 165) {
3895 run_efuse_read(sc,
3896 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3897 &val, 1);
3898 } else
3899 val = 0;
3900 run_bbp_write(sc, 159, val);
3901
3902 /* RF IQ compensation control. */
3903 run_bbp_write(sc, 158, 0x04);
3904 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3905 &val, 1);
3906 run_bbp_write(sc, 159, val);
3907
3908 /* RF IQ imbalance compensation control. */
3909 run_bbp_write(sc, 158, 0x03);
3910 run_efuse_read(sc,
3911 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3912 run_bbp_write(sc, 159, val);
3913}
3914
3915static void
3916run_set_agc(struct run_softc *sc, uint8_t agc)
3917{
3918 uint8_t bbp;
3919
3920 if (sc->mac_ver == 0x3572) {
3921 run_bbp_read(sc, 27, &bbp);
3922 bbp &= ~(0x3 << 5);
3923 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3924 run_bbp_write(sc, 66, agc);
3925 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3926 run_bbp_write(sc, 66, agc);
3927 } else
3928 run_bbp_write(sc, 66, agc);
3929}
3930
3931static void
3932run_select_chan_group(struct run_softc *sc, int group)
3933{
3934 uint32_t tmp;
3935 uint8_t agc;
3936
3937 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3938 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3939 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3940 if (sc->mac_ver < 0x3572)
3941 run_bbp_write(sc, 86, 0x00);
3942
3943 if (sc->mac_ver == 0x3593) {
3944 run_bbp_write(sc, 77, 0x98);
3945 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3946 }
3947
3948 if (group == 0) {
3949 if (sc->ext_2ghz_lna) {
3950 if (sc->mac_ver >= 0x5390)
3951 run_bbp_write(sc, 75, 0x52);
3952 else {
3953 run_bbp_write(sc, 82, 0x62);
3954 run_bbp_write(sc, 75, 0x46);
3955 }
3956 } else {
3957 if (sc->mac_ver == 0x5592) {
3958 run_bbp_write(sc, 79, 0x1c);
3959 run_bbp_write(sc, 80, 0x0e);
3960 run_bbp_write(sc, 81, 0x3a);
3961 run_bbp_write(sc, 82, 0x62);
3962
3963 run_bbp_write(sc, 195, 0x80);
3964 run_bbp_write(sc, 196, 0xe0);
3965 run_bbp_write(sc, 195, 0x81);
3966 run_bbp_write(sc, 196, 0x1f);
3967 run_bbp_write(sc, 195, 0x82);
3968 run_bbp_write(sc, 196, 0x38);
3969 run_bbp_write(sc, 195, 0x83);
3970 run_bbp_write(sc, 196, 0x32);
3971 run_bbp_write(sc, 195, 0x85);
3972 run_bbp_write(sc, 196, 0x28);
3973 run_bbp_write(sc, 195, 0x86);
3974 run_bbp_write(sc, 196, 0x19);
3975 } else if (sc->mac_ver >= 0x5390)
3976 run_bbp_write(sc, 75, 0x50);
3977 else {
3978 run_bbp_write(sc, 82,
3979 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3980 run_bbp_write(sc, 75, 0x50);
3981 }
3982 }
3983 } else {
3984 if (sc->mac_ver == 0x5592) {
3985 run_bbp_write(sc, 79, 0x18);
3986 run_bbp_write(sc, 80, 0x08);
3987 run_bbp_write(sc, 81, 0x38);
3988 run_bbp_write(sc, 82, 0x92);
3989
3990 run_bbp_write(sc, 195, 0x80);
3991 run_bbp_write(sc, 196, 0xf0);
3992 run_bbp_write(sc, 195, 0x81);
3993 run_bbp_write(sc, 196, 0x1e);
3994 run_bbp_write(sc, 195, 0x82);
3995 run_bbp_write(sc, 196, 0x28);
3996 run_bbp_write(sc, 195, 0x83);
3997 run_bbp_write(sc, 196, 0x20);
3998 run_bbp_write(sc, 195, 0x85);
3999 run_bbp_write(sc, 196, 0x7f);
4000 run_bbp_write(sc, 195, 0x86);
4001 run_bbp_write(sc, 196, 0x7f);
4002 } else if (sc->mac_ver == 0x3572)
4003 run_bbp_write(sc, 82, 0x94);
4004 else
4005 run_bbp_write(sc, 82,
4006 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4007 if (sc->ext_5ghz_lna)
4008 run_bbp_write(sc, 75, 0x46);
4009 else
4010 run_bbp_write(sc, 75, 0x50);
4011 }
4012
4013 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4014 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4015 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4016 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4017
4018 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4019 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4020 if (sc->mac_ver == 0x3593)
4021 tmp |= 1 << 29 | 1 << 28;
4022 if (sc->nrxchains > 1)
4023 tmp |= RT2860_LNA_PE1_EN;
4024 if (group == 0) { /* 2GHz */
4025 tmp |= RT2860_PA_PE_G0_EN;
4026 if (sc->ntxchains > 1)
4027 tmp |= RT2860_PA_PE_G1_EN;
4028 if (sc->mac_ver == 0x3593) {
4029 if (sc->ntxchains > 2)
4030 tmp |= 1 << 25;
4031 }
4032 } else { /* 5GHz */
4033 tmp |= RT2860_PA_PE_A0_EN;
4034 if (sc->ntxchains > 1)
4035 tmp |= RT2860_PA_PE_A1_EN;
4036 }
4037 if (sc->mac_ver == 0x3572) {
4038 run_rt3070_rf_write(sc, 8, 0x00);
4039 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4040 run_rt3070_rf_write(sc, 8, 0x80);
4041 } else
4042 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4043
4044 if (sc->mac_ver == 0x5592) {
4045 run_bbp_write(sc, 195, 0x8d);
4046 run_bbp_write(sc, 196, 0x1a);
4047 }
4048
4049 if (sc->mac_ver == 0x3593) {
4050 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4051 tmp &= ~0x01010000;
4052 if (group == 0)
4053 tmp |= 0x00010000;
4054 tmp = (tmp & ~0x00009090) | 0x00000090;
4055 run_write(sc, RT2860_GPIO_CTRL, tmp);
4056 }
4057
4058 /* set initial AGC value */
4059 if (group == 0) { /* 2GHz band */
4060 if (sc->mac_ver >= 0x3070)
4061 agc = 0x1c + sc->lna[0] * 2;
4062 else
4063 agc = 0x2e + sc->lna[0];
4064 } else { /* 5GHz band */
4065 if (sc->mac_ver == 0x5592)
4066 agc = 0x24 + sc->lna[group] * 2;
4067 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4068 agc = 0x22 + (sc->lna[group] * 5) / 3;
4069 else
4070 agc = 0x32 + (sc->lna[group] * 5) / 3;
4071 }
4072 run_set_agc(sc, agc);
4073}
4074
4075static void
4076run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4077{
4078 const struct rfprog *rfprog = rt2860_rf2850;
4079 uint32_t r2, r3, r4;
4080 int8_t txpow1, txpow2;
4081 int i;
4082
4083 /* find the settings for this channel (we know it exists) */
4084 for (i = 0; rfprog[i].chan != chan; i++);
4085
4086 r2 = rfprog[i].r2;
4087 if (sc->ntxchains == 1)
4088 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4089 if (sc->nrxchains == 1)
4090 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4091 else if (sc->nrxchains == 2)
4092 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4093
4094 /* use Tx power values from EEPROM */
4095 txpow1 = sc->txpow1[i];
4096 txpow2 = sc->txpow2[i];
4097
4098 /* Initialize RF R3 and R4. */
4099 r3 = rfprog[i].r3 & 0xffffc1ff;
4100 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4101 if (chan > 14) {
4102 if (txpow1 >= 0) {
4103 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4104 r3 |= (txpow1 << 10) | (1 << 9);
4105 } else {
4106 txpow1 += 7;
4107
4108 /* txpow1 is not possible larger than 15. */
4109 r3 |= (txpow1 << 10);
4110 }
4111 if (txpow2 >= 0) {
4112 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4113 r4 |= (txpow2 << 7) | (1 << 6);
4114 } else {
4115 txpow2 += 7;
4116 r4 |= (txpow2 << 7);
4117 }
4118 } else {
4119 /* Set Tx0 power. */
4120 r3 |= (txpow1 << 9);
4121
4122 /* Set frequency offset and Tx1 power. */
4123 r4 |= (txpow2 << 6);
4124 }
4125
4126 run_rt2870_rf_write(sc, rfprog[i].r1);
4127 run_rt2870_rf_write(sc, r2);
4128 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4129 run_rt2870_rf_write(sc, r4);
4130
4131 run_delay(sc, 10);
4132
4133 run_rt2870_rf_write(sc, rfprog[i].r1);
4134 run_rt2870_rf_write(sc, r2);
4135 run_rt2870_rf_write(sc, r3 | (1 << 2));
4136 run_rt2870_rf_write(sc, r4);
4137
4138 run_delay(sc, 10);
4139
4140 run_rt2870_rf_write(sc, rfprog[i].r1);
4141 run_rt2870_rf_write(sc, r2);
4142 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4143 run_rt2870_rf_write(sc, r4);
4144}
4145
4146static void
4147run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4148{
4149 int8_t txpow1, txpow2;
4150 uint8_t rf;
4151 int i;
4152
4153 /* find the settings for this channel (we know it exists) */
4154 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4155
4156 /* use Tx power values from EEPROM */
4157 txpow1 = sc->txpow1[i];
4158 txpow2 = sc->txpow2[i];
4159
4160 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4161
4162 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4163 run_rt3070_rf_read(sc, 3, &rf);
4164 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4165 run_rt3070_rf_write(sc, 3, rf);
4166
4167 run_rt3070_rf_read(sc, 6, &rf);
4168 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4169 run_rt3070_rf_write(sc, 6, rf);
4170
4171 /* set Tx0 power */
4172 run_rt3070_rf_read(sc, 12, &rf);
4173 rf = (rf & ~0x1f) | txpow1;
4174 run_rt3070_rf_write(sc, 12, rf);
4175
4176 /* set Tx1 power */
4177 run_rt3070_rf_read(sc, 13, &rf);
4178 rf = (rf & ~0x1f) | txpow2;
4179 run_rt3070_rf_write(sc, 13, rf);
4180
4181 run_rt3070_rf_read(sc, 1, &rf);
4182 rf &= ~0xfc;
4183 if (sc->ntxchains == 1)
4184 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4185 else if (sc->ntxchains == 2)
4186 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4187 if (sc->nrxchains == 1)
4188 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4189 else if (sc->nrxchains == 2)
4190 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4191 run_rt3070_rf_write(sc, 1, rf);
4192
4193 /* set RF offset */
4194 run_rt3070_rf_read(sc, 23, &rf);
4195 rf = (rf & ~0x7f) | sc->freq;
4196 run_rt3070_rf_write(sc, 23, rf);
4197
4198 /* program RF filter */
4199 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4200 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4201 run_rt3070_rf_write(sc, 24, rf);
4202 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4203 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4204 run_rt3070_rf_write(sc, 31, rf);
4205
4206 /* enable RF tuning */
4207 run_rt3070_rf_read(sc, 7, &rf);
4208 run_rt3070_rf_write(sc, 7, rf | 0x01);
4209}
4210
4211static void
4212run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4213{
4214 int8_t txpow1, txpow2;
4215 uint32_t tmp;
4216 uint8_t rf;
4217 int i;
4218
4219 /* find the settings for this channel (we know it exists) */
4220 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4221
4222 /* use Tx power values from EEPROM */
4223 txpow1 = sc->txpow1[i];
4224 txpow2 = sc->txpow2[i];
4225
4226 if (chan <= 14) {
4227 run_bbp_write(sc, 25, sc->bbp25);
4228 run_bbp_write(sc, 26, sc->bbp26);
4229 } else {
4230 /* enable IQ phase correction */
4231 run_bbp_write(sc, 25, 0x09);
4232 run_bbp_write(sc, 26, 0xff);
4233 }
4234
4235 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4236 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4237 run_rt3070_rf_read(sc, 6, &rf);
4238 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4239 rf |= (chan <= 14) ? 0x08 : 0x04;
4240 run_rt3070_rf_write(sc, 6, rf);
4241
4242 /* set PLL mode */
4243 run_rt3070_rf_read(sc, 5, &rf);
4244 rf &= ~(0x08 | 0x04);
4245 rf |= (chan <= 14) ? 0x04 : 0x08;
4246 run_rt3070_rf_write(sc, 5, rf);
4247
4248 /* set Tx power for chain 0 */
4249 if (chan <= 14)
4250 rf = 0x60 | txpow1;
4251 else
4252 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4253 run_rt3070_rf_write(sc, 12, rf);
4254
4255 /* set Tx power for chain 1 */
4256 if (chan <= 14)
4257 rf = 0x60 | txpow2;
4258 else
4259 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4260 run_rt3070_rf_write(sc, 13, rf);
4261
4262 /* set Tx/Rx streams */
4263 run_rt3070_rf_read(sc, 1, &rf);
4264 rf &= ~0xfc;
4265 if (sc->ntxchains == 1)
4266 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4267 else if (sc->ntxchains == 2)
4268 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4269 if (sc->nrxchains == 1)
4270 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4271 else if (sc->nrxchains == 2)
4272 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4273 run_rt3070_rf_write(sc, 1, rf);
4274
4275 /* set RF offset */
4276 run_rt3070_rf_read(sc, 23, &rf);
4277 rf = (rf & ~0x7f) | sc->freq;
4278 run_rt3070_rf_write(sc, 23, rf);
4279
4280 /* program RF filter */
4281 rf = sc->rf24_20mhz;
4282 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4283 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4284
4285 /* enable RF tuning */
4286 run_rt3070_rf_read(sc, 7, &rf);
4287 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4288 run_rt3070_rf_write(sc, 7, rf);
4289
4290 /* TSSI */
4291 rf = (chan <= 14) ? 0xc3 : 0xc0;
4292 run_rt3070_rf_write(sc, 9, rf);
4293
4294 /* set loop filter 1 */
4295 run_rt3070_rf_write(sc, 10, 0xf1);
4296 /* set loop filter 2 */
4297 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4298
4299 /* set tx_mx2_ic */
4300 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4301 /* set tx_mx1_ic */
4302 if (chan <= 14)
4303 rf = 0x48 | sc->txmixgain_2ghz;
4304 else
4305 rf = 0x78 | sc->txmixgain_5ghz;
4306 run_rt3070_rf_write(sc, 16, rf);
4307
4308 /* set tx_lo1 */
4309 run_rt3070_rf_write(sc, 17, 0x23);
4310 /* set tx_lo2 */
4311 if (chan <= 14)
4312 rf = 0x93;
4313 else if (chan <= 64)
4314 rf = 0xb7;
4315 else if (chan <= 128)
4316 rf = 0x74;
4317 else
4318 rf = 0x72;
4319 run_rt3070_rf_write(sc, 19, rf);
4320
4321 /* set rx_lo1 */
4322 if (chan <= 14)
4323 rf = 0xb3;
4324 else if (chan <= 64)
4325 rf = 0xf6;
4326 else if (chan <= 128)
4327 rf = 0xf4;
4328 else
4329 rf = 0xf3;
4330 run_rt3070_rf_write(sc, 20, rf);
4331
4332 /* set pfd_delay */
4333 if (chan <= 14)
4334 rf = 0x15;
4335 else if (chan <= 64)
4336 rf = 0x3d;
4337 else
4338 rf = 0x01;
4339 run_rt3070_rf_write(sc, 25, rf);
4340
4341 /* set rx_lo2 */
4342 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4343 /* set ldo_rf_vc */
4344 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4345 /* set drv_cc */
4346 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4347
4348 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4349 tmp &= ~0x8080;
4350 if (chan <= 14)
4351 tmp |= 0x80;
4352 run_write(sc, RT2860_GPIO_CTRL, tmp);
4353
4354 /* enable RF tuning */
4355 run_rt3070_rf_read(sc, 7, &rf);
4356 run_rt3070_rf_write(sc, 7, rf | 0x01);
4357
4358 run_delay(sc, 2);
4359}
4360
4361static void
4362run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4363{
4364 int8_t txpow1, txpow2, txpow3;
4365 uint8_t h20mhz, rf;
4366 int i;
4367
4368 /* find the settings for this channel (we know it exists) */
4369 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4370
4371 /* use Tx power values from EEPROM */
4372 txpow1 = sc->txpow1[i];
4373 txpow2 = sc->txpow2[i];
4374 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4375
4376 if (chan <= 14) {
4377 run_bbp_write(sc, 25, sc->bbp25);
4378 run_bbp_write(sc, 26, sc->bbp26);
4379 } else {
4380 /* Enable IQ phase correction. */
4381 run_bbp_write(sc, 25, 0x09);
4382 run_bbp_write(sc, 26, 0xff);
4383 }
4384
4385 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4386 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4387 run_rt3070_rf_read(sc, 11, &rf);
4388 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4389 run_rt3070_rf_write(sc, 11, rf);
4390
4391 /* Set pll_idoh. */
4392 run_rt3070_rf_read(sc, 11, &rf);
4393 rf &= ~0x4c;
4394 rf |= (chan <= 14) ? 0x44 : 0x48;
4395 run_rt3070_rf_write(sc, 11, rf);
4396
4397 if (chan <= 14)
4398 rf = txpow1 & 0x1f;
4399 else
4400 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4401 run_rt3070_rf_write(sc, 53, rf);
4402
4403 if (chan <= 14)
4404 rf = txpow2 & 0x1f;
4405 else
4406 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4407 run_rt3070_rf_write(sc, 55, rf);
4408
4409 if (chan <= 14)
4410 rf = txpow3 & 0x1f;
4411 else
4412 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4413 run_rt3070_rf_write(sc, 54, rf);
4414
4415 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4416 if (sc->ntxchains == 3)
4417 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4418 else
4419 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4420 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4421 run_rt3070_rf_write(sc, 1, rf);
4422
4423 run_adjust_freq_offset(sc);
4424
4425 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4426
4427 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4428 run_rt3070_rf_read(sc, 30, &rf);
4429 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4430 run_rt3070_rf_write(sc, 30, rf);
4431
4432 run_rt3070_rf_read(sc, 36, &rf);
4433 if (chan <= 14)
4434 rf |= 0x80;
4435 else
4436 rf &= ~0x80;
4437 run_rt3070_rf_write(sc, 36, rf);
4438
4439 /* Set vcolo_bs. */
4440 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4441 /* Set pfd_delay. */
4442 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4443
4444 /* Set vco bias current control. */
4445 run_rt3070_rf_read(sc, 6, &rf);
4446 rf &= ~0xc0;
4447 if (chan <= 14)
4448 rf |= 0x40;
4449 else if (chan <= 128)
4450 rf |= 0x80;
4451 else
4452 rf |= 0x40;
4453 run_rt3070_rf_write(sc, 6, rf);
4454
4455 run_rt3070_rf_read(sc, 30, &rf);
4456 rf = (rf & ~0x18) | 0x10;
4457 run_rt3070_rf_write(sc, 30, rf);
4458
4459 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4460 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4461
4462 run_rt3070_rf_read(sc, 51, &rf);
4463 rf = (rf & ~0x03) | 0x01;
4464 run_rt3070_rf_write(sc, 51, rf);
4465 /* Set tx_mx1_cc. */
4466 run_rt3070_rf_read(sc, 51, &rf);
4467 rf &= ~0x1c;
4468 rf |= (chan <= 14) ? 0x14 : 0x10;
4469 run_rt3070_rf_write(sc, 51, rf);
4470 /* Set tx_mx1_ic. */
4471 run_rt3070_rf_read(sc, 51, &rf);
4472 rf &= ~0xe0;
4473 rf |= (chan <= 14) ? 0x60 : 0x40;
4474 run_rt3070_rf_write(sc, 51, rf);
4475 /* Set tx_lo1_ic. */
4476 run_rt3070_rf_read(sc, 49, &rf);
4477 rf &= ~0x1c;
4478 rf |= (chan <= 14) ? 0x0c : 0x08;
4479 run_rt3070_rf_write(sc, 49, rf);
4480 /* Set tx_lo1_en. */
4481 run_rt3070_rf_read(sc, 50, &rf);
4482 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4483 /* Set drv_cc. */
4484 run_rt3070_rf_read(sc, 57, &rf);
4485 rf &= ~0xfc;
4486 rf |= (chan <= 14) ? 0x6c : 0x3c;
4487 run_rt3070_rf_write(sc, 57, rf);
4488 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4489 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4490 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4491 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4492 /* Enable VCO calibration. */
4493 run_rt3070_rf_read(sc, 3, &rf);
4494 rf &= ~RT5390_VCOCAL;
4495 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4496 run_rt3070_rf_write(sc, 3, rf);
4497
4498 if (chan <= 14)
4499 rf = 0x23;
4500 else if (chan <= 64)
4501 rf = 0x36;
4502 else if (chan <= 128)
4503 rf = 0x32;
4504 else
4505 rf = 0x30;
4506 run_rt3070_rf_write(sc, 39, rf);
4507 if (chan <= 14)
4508 rf = 0xbb;
4509 else if (chan <= 64)
4510 rf = 0xeb;
4511 else if (chan <= 128)
4512 rf = 0xb3;
4513 else
4514 rf = 0x9b;
4515 run_rt3070_rf_write(sc, 45, rf);
4516
4517 /* Set FEQ/AEQ control. */
4518 run_bbp_write(sc, 105, 0x34);
4519}
4520
4521static void
4522run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4523{
4524 int8_t txpow1, txpow2;
4525 uint8_t rf;
4526 int i;
4527
4528 /* find the settings for this channel (we know it exists) */
4529 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4530
4531 /* use Tx power values from EEPROM */
4532 txpow1 = sc->txpow1[i];
4533 txpow2 = sc->txpow2[i];
4534
4535 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4536 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4537 run_rt3070_rf_read(sc, 11, &rf);
4538 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4539 run_rt3070_rf_write(sc, 11, rf);
4540
4541 run_rt3070_rf_read(sc, 49, &rf);
4542 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4543 /* The valid range of the RF R49 is 0x00 to 0x27. */
4544 if ((rf & 0x3f) > 0x27)
4545 rf = (rf & ~0x3f) | 0x27;
4546 run_rt3070_rf_write(sc, 49, rf);
4547
4548 if (sc->mac_ver == 0x5392) {
4549 run_rt3070_rf_read(sc, 50, &rf);
4550 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4551 /* The valid range of the RF R50 is 0x00 to 0x27. */
4552 if ((rf & 0x3f) > 0x27)
4553 rf = (rf & ~0x3f) | 0x27;
4554 run_rt3070_rf_write(sc, 50, rf);
4555 }
4556
4557 run_rt3070_rf_read(sc, 1, &rf);
4558 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4559 if (sc->mac_ver == 0x5392)
4560 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4561 run_rt3070_rf_write(sc, 1, rf);
4562
4563 if (sc->mac_ver != 0x5392) {
4564 run_rt3070_rf_read(sc, 2, &rf);
4565 rf |= 0x80;
4566 run_rt3070_rf_write(sc, 2, rf);
4567 run_delay(sc, 10);
4568 rf &= 0x7f;
4569 run_rt3070_rf_write(sc, 2, rf);
4570 }
4571
4572 run_adjust_freq_offset(sc);
4573
4574 if (sc->mac_ver == 0x5392) {
4575 /* Fix for RT5392C. */
4576 if (sc->mac_rev >= 0x0223) {
4577 if (chan <= 4)
4578 rf = 0x0f;
4579 else if (chan >= 5 && chan <= 7)
4580 rf = 0x0e;
4581 else
4582 rf = 0x0d;
4583 run_rt3070_rf_write(sc, 23, rf);
4584
4585 if (chan <= 4)
4586 rf = 0x0c;
4587 else if (chan == 5)
4588 rf = 0x0b;
4589 else if (chan >= 6 && chan <= 7)
4590 rf = 0x0a;
4591 else if (chan >= 8 && chan <= 10)
4592 rf = 0x09;
4593 else
4594 rf = 0x08;
4595 run_rt3070_rf_write(sc, 59, rf);
4596 } else {
4597 if (chan <= 11)
4598 rf = 0x0f;
4599 else
4600 rf = 0x0b;
4601 run_rt3070_rf_write(sc, 59, rf);
4602 }
4603 } else {
4604 /* Fix for RT5390F. */
4605 if (sc->mac_rev >= 0x0502) {
4606 if (chan <= 11)
4607 rf = 0x43;
4608 else
4609 rf = 0x23;
4610 run_rt3070_rf_write(sc, 55, rf);
4611
4612 if (chan <= 11)
4613 rf = 0x0f;
4614 else if (chan == 12)
4615 rf = 0x0d;
4616 else
4617 rf = 0x0b;
4618 run_rt3070_rf_write(sc, 59, rf);
4619 } else {
4620 run_rt3070_rf_write(sc, 55, 0x44);
4621 run_rt3070_rf_write(sc, 59, 0x8f);
4622 }
4623 }
4624
4625 /* Enable VCO calibration. */
4626 run_rt3070_rf_read(sc, 3, &rf);
4627 rf |= RT5390_VCOCAL;
4628 run_rt3070_rf_write(sc, 3, rf);
4629}
4630
4631static void
4632run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4633{
4634 const struct rt5592_freqs *freqs;
4635 uint32_t tmp;
4636 uint8_t reg, rf, txpow_bound;
4637 int8_t txpow1, txpow2;
4638 int i;
4639
4640 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4641 freqs = (tmp & RT5592_SEL_XTAL) ?
4642 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4643
4644 /* find the settings for this channel (we know it exists) */
4645 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4646
4647 /* use Tx power values from EEPROM */
4648 txpow1 = sc->txpow1[i];
4649 txpow2 = sc->txpow2[i];
4650
4651 run_read(sc, RT3070_LDO_CFG0, &tmp);
4652 tmp &= ~0x1c000000;
4653 if (chan > 14)
4654 tmp |= 0x14000000;
4655 run_write(sc, RT3070_LDO_CFG0, tmp);
4656
4657 /* N setting. */
4658 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4659 run_rt3070_rf_read(sc, 9, &rf);
4660 rf &= ~(1 << 4);
4661 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4662 run_rt3070_rf_write(sc, 9, rf);
4663
4664 /* K setting. */
4665 run_rt3070_rf_read(sc, 9, &rf);
4666 rf &= ~0x0f;
4667 rf |= (freqs->k & 0x0f);
4668 run_rt3070_rf_write(sc, 9, rf);
4669
4670 /* Mode setting. */
4671 run_rt3070_rf_read(sc, 11, &rf);
4672 rf &= ~0x0c;
4673 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4674 run_rt3070_rf_write(sc, 11, rf);
4675 run_rt3070_rf_read(sc, 9, &rf);
4676 rf &= ~(1 << 7);
4677 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4678 run_rt3070_rf_write(sc, 9, rf);
4679
4680 /* R setting. */
4681 run_rt3070_rf_read(sc, 11, &rf);
4682 rf &= ~0x03;
4683 rf |= (freqs->r - 0x1);
4684 run_rt3070_rf_write(sc, 11, rf);
4685
4686 if (chan <= 14) {
4687 /* Initialize RF registers for 2GHZ. */
4688 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4689 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4690 rt5592_2ghz_def_rf[i].val);
4691 }
4692
4693 rf = (chan <= 10) ? 0x07 : 0x06;
4694 run_rt3070_rf_write(sc, 23, rf);
4695 run_rt3070_rf_write(sc, 59, rf);
4696
4697 run_rt3070_rf_write(sc, 55, 0x43);
4698
4699 /*
4700 * RF R49/R50 Tx power ALC code.
4701 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4702 */
4703 reg = 2;
4704 txpow_bound = 0x27;
4705 } else {
4706 /* Initialize RF registers for 5GHZ. */
4707 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4708 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4709 rt5592_5ghz_def_rf[i].val);
4710 }
4711 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4712 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4713 chan <= rt5592_chan_5ghz[i].lastchan) {
4714 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4715 rt5592_chan_5ghz[i].val);
4716 }
4717 }
4718
4719 /*
4720 * RF R49/R50 Tx power ALC code.
4721 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4722 */
4723 reg = 3;
4724 txpow_bound = 0x2b;
4725 }
4726
4727 /* RF R49 ch0 Tx power ALC code. */
4728 run_rt3070_rf_read(sc, 49, &rf);
4729 rf &= ~0xc0;
4730 rf |= (reg << 6);
4731 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4732 if ((rf & 0x3f) > txpow_bound)
4733 rf = (rf & ~0x3f) | txpow_bound;
4734 run_rt3070_rf_write(sc, 49, rf);
4735
4736 /* RF R50 ch1 Tx power ALC code. */
4737 run_rt3070_rf_read(sc, 50, &rf);
4738 rf &= ~(1 << 7 | 1 << 6);
4739 rf |= (reg << 6);
4740 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4741 if ((rf & 0x3f) > txpow_bound)
4742 rf = (rf & ~0x3f) | txpow_bound;
4743 run_rt3070_rf_write(sc, 50, rf);
4744
4745 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4746 run_rt3070_rf_read(sc, 1, &rf);
4747 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4748 if (sc->ntxchains > 1)
4749 rf |= RT3070_TX1_PD;
4750 if (sc->nrxchains > 1)
4751 rf |= RT3070_RX1_PD;
4752 run_rt3070_rf_write(sc, 1, rf);
4753
4754 run_rt3070_rf_write(sc, 6, 0xe4);
4755
4756 run_rt3070_rf_write(sc, 30, 0x10);
4757 run_rt3070_rf_write(sc, 31, 0x80);
4758 run_rt3070_rf_write(sc, 32, 0x80);
4759
4760 run_adjust_freq_offset(sc);
4761
4762 /* Enable VCO calibration. */
4763 run_rt3070_rf_read(sc, 3, &rf);
4764 rf |= RT5390_VCOCAL;
4765 run_rt3070_rf_write(sc, 3, rf);
4766}
4767
4768static void
4769run_set_rx_antenna(struct run_softc *sc, int aux)
4770{
4771 uint32_t tmp;
4772 uint8_t bbp152;
4773
4774 if (aux) {
4775 if (sc->rf_rev == RT5390_RF_5370) {
4776 run_bbp_read(sc, 152, &bbp152);
4777 run_bbp_write(sc, 152, bbp152 & ~0x80);
4778 } else {
4779 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4780 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4781 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4782 }
4783 } else {
4784 if (sc->rf_rev == RT5390_RF_5370) {
4785 run_bbp_read(sc, 152, &bbp152);
4786 run_bbp_write(sc, 152, bbp152 | 0x80);
4787 } else {
4788 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4789 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4790 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4791 }
4792 }
4793}
4794
4795static int
4796run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4797{
4798 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4799 u_int chan, group;
4800
4801 chan = ieee80211_chan2ieee(ic, c);
4802 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4803 return (EINVAL);
4804
4805 if (sc->mac_ver == 0x5592)
4806 run_rt5592_set_chan(sc, chan);
4807 else if (sc->mac_ver >= 0x5390)
4808 run_rt5390_set_chan(sc, chan);
4809 else if (sc->mac_ver == 0x3593)
4810 run_rt3593_set_chan(sc, chan);
4811 else if (sc->mac_ver == 0x3572)
4812 run_rt3572_set_chan(sc, chan);
4813 else if (sc->mac_ver >= 0x3070)
4814 run_rt3070_set_chan(sc, chan);
4815 else
4816 run_rt2870_set_chan(sc, chan);
4817
4818 /* determine channel group */
4819 if (chan <= 14)
4820 group = 0;
4821 else if (chan <= 64)
4822 group = 1;
4823 else if (chan <= 128)
4824 group = 2;
4825 else
4826 group = 3;
4827
4828 /* XXX necessary only when group has changed! */
4829 run_select_chan_group(sc, group);
4830
4831 run_delay(sc, 10);
4832
4833 /* Perform IQ calibration. */
4834 if (sc->mac_ver >= 0x5392)
4835 run_iq_calib(sc, chan);
4836
4837 return (0);
4838}
4839
4840static void
4841run_set_channel(struct ieee80211com *ic)
4842{
4843 struct run_softc *sc = ic->ic_ifp->if_softc;
4844
4845 RUN_LOCK(sc);
4846 run_set_chan(sc, ic->ic_curchan);
4847 RUN_UNLOCK(sc);
4848
4849 return;
4850}
4851
4852static void
4853run_scan_start(struct ieee80211com *ic)
4854{
4855 struct run_softc *sc = ic->ic_ifp->if_softc;
4856 uint32_t tmp;
4857
4858 RUN_LOCK(sc);
4859
4860 /* abort TSF synchronization */
4861 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4862 run_write(sc, RT2860_BCN_TIME_CFG,
4863 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4864 RT2860_TBTT_TIMER_EN));
4865 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
4866
4867 RUN_UNLOCK(sc);
4868
4869 return;
4870}
4871
4872static void
4873run_scan_end(struct ieee80211com *ic)
4874{
4875 struct run_softc *sc = ic->ic_ifp->if_softc;
4876
4877 RUN_LOCK(sc);
4878
4879 run_enable_tsf_sync(sc);
4880 /* XXX keep local copy */
4881 run_set_bssid(sc, sc->sc_bssid);
4882
4883 RUN_UNLOCK(sc);
4884
4885 return;
4886}
4887
4888/*
4889 * Could be called from ieee80211_node_timeout()
4890 * (non-sleepable thread)
4891 */
4892static void
4893run_update_beacon(struct ieee80211vap *vap, int item)
4894{
4895 struct ieee80211com *ic = vap->iv_ic;
4896 struct run_softc *sc = ic->ic_ifp->if_softc;
4897 struct run_vap *rvp = RUN_VAP(vap);
4898 int mcast = 0;
4899 uint32_t i;
4900
4901 KASSERT(vap != NULL, ("no beacon"));
4902
4903 switch (item) {
4904 case IEEE80211_BEACON_ERP:
4905 run_updateslot(ic->ic_ifp);
4906 break;
4907 case IEEE80211_BEACON_HTINFO:
4908 run_updateprot(ic);
4909 break;
4910 case IEEE80211_BEACON_TIM:
4911 mcast = 1; /*TODO*/
4912 break;
4913 default:
4914 break;
4915 }
4916
4917 setbit(rvp->bo.bo_flags, item);
4918 if (rvp->beacon_mbuf == NULL) {
4919 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4920 &rvp->bo);
4921 if (rvp->beacon_mbuf == NULL)
4922 return;
4923 }
4924 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast);
4925
4926 i = RUN_CMDQ_GET(&sc->cmdq_store);
4927 DPRINTF("cmdq_store=%d\n", i);
4928 sc->cmdq[i].func = run_update_beacon_cb;
4929 sc->cmdq[i].arg0 = vap;
4930 ieee80211_runtask(ic, &sc->cmdq_task);
4931
4932 return;
4933}
4934
4935static void
4936run_update_beacon_cb(void *arg)
4937{
4938 struct ieee80211vap *vap = arg;
4939 struct run_vap *rvp = RUN_VAP(vap);
4940 struct ieee80211com *ic = vap->iv_ic;
4941 struct run_softc *sc = ic->ic_ifp->if_softc;
4942 struct rt2860_txwi txwi;
4943 struct mbuf *m;
4944 uint16_t txwisize;
4945 uint8_t ridx;
4946
4947 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
4948 return;
4949 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4950 return;
4951
4952 /*
4953 * No need to call ieee80211_beacon_update(), run_update_beacon()
4954 * is taking care of apropriate calls.
4955 */
4956 if (rvp->beacon_mbuf == NULL) {
4957 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4958 &rvp->bo);
4959 if (rvp->beacon_mbuf == NULL)
4960 return;
4961 }
4962 m = rvp->beacon_mbuf;
4963
4964 memset(&txwi, 0, sizeof(txwi));
4965 txwi.wcid = 0xff;
4966 txwi.len = htole16(m->m_pkthdr.len);
4967
4968 /* send beacons at the lowest available rate */
4969 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4970 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4971 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4972 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4973 txwi.phy |= htole16(RT2860_PHY_OFDM);
4974 txwi.txop = RT2860_TX_TXOP_HT;
4975 txwi.flags = RT2860_TX_TS;
4976 txwi.xflags = RT2860_TX_NSEQ;
4977
4978 txwisize = (sc->mac_ver == 0x5592) ?
4979 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4980 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4981 txwisize);
4982 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4983 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4984}
4985
4986static void
4987run_updateprot(struct ieee80211com *ic)
4988{
4989 struct run_softc *sc = ic->ic_ifp->if_softc;
4990 uint32_t i;
4991
4992 i = RUN_CMDQ_GET(&sc->cmdq_store);
4993 DPRINTF("cmdq_store=%d\n", i);
4994 sc->cmdq[i].func = run_updateprot_cb;
4995 sc->cmdq[i].arg0 = ic;
4996 ieee80211_runtask(ic, &sc->cmdq_task);
4997}
4998
4999static void
5000run_updateprot_cb(void *arg)
5001{
5002 struct ieee80211com *ic = arg;
5003 struct run_softc *sc = ic->ic_ifp->if_softc;
5004 uint32_t tmp;
5005
5006 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5007 /* setup protection frame rate (MCS code) */
5008 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5009 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5010 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5011
5012 /* CCK frames don't require protection */
5013 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5014 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5015 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5016 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5017 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5018 tmp |= RT2860_PROT_CTRL_CTS;
5019 }
5020 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5021}
5022
5023static void
5024run_usb_timeout_cb(void *arg)
5025{
5026 struct ieee80211vap *vap = arg;
5027 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
5028
5029 RUN_LOCK_ASSERT(sc, MA_OWNED);
5030
5031 if(vap->iv_state == IEEE80211_S_RUN &&
5032 vap->iv_opmode != IEEE80211_M_STA)
5033 run_reset_livelock(sc);
5034 else if (vap->iv_state == IEEE80211_S_SCAN) {
5035 DPRINTF("timeout caused by scan\n");
5036 /* cancel bgscan */
5037 ieee80211_cancel_scan(vap);
5038 } else
5039 DPRINTF("timeout by unknown cause\n");
5040}
5041
5042static void
5043run_reset_livelock(struct run_softc *sc)
5044{
5045 uint32_t tmp;
5046
5047 RUN_LOCK_ASSERT(sc, MA_OWNED);
5048
5049 /*
5050 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5051 * can run into a livelock and start sending CTS-to-self frames like
5052 * crazy if protection is enabled. Reset MAC/BBP for a while
5053 */
5054 run_read(sc, RT2860_DEBUG, &tmp);
5055 DPRINTFN(3, "debug reg %08x\n", tmp);
5056 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5057 DPRINTF("CTS-to-self livelock detected\n");
5058 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5059 run_delay(sc, 1);
5060 run_write(sc, RT2860_MAC_SYS_CTRL,
5061 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5062 }
5063}
5064
5065static void
5066run_update_promisc_locked(struct ifnet *ifp)
5067{
5068 struct run_softc *sc = ifp->if_softc;
5069 uint32_t tmp;
5070
5071 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5072
5073 tmp |= RT2860_DROP_UC_NOME;
5074 if (ifp->if_flags & IFF_PROMISC)
5075 tmp &= ~RT2860_DROP_UC_NOME;
5076
5077 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5078
5079 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
5080 "entering" : "leaving");
5081}
5082
5083static void
5084run_update_promisc(struct ifnet *ifp)
5085{
5086 struct run_softc *sc = ifp->if_softc;
5087
5088 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
5089 return;
5090
5091 RUN_LOCK(sc);
5092 run_update_promisc_locked(ifp);
5093 RUN_UNLOCK(sc);
5094}
5095
5096static void
5097run_enable_tsf_sync(struct run_softc *sc)
5098{
5099 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5100 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5101 uint32_t tmp;
5102
5103 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5104 ic->ic_opmode);
5105
5106 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5107 tmp &= ~0x1fffff;
5108 tmp |= vap->iv_bss->ni_intval * 16;
5109 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5110
5111 if (ic->ic_opmode == IEEE80211_M_STA) {
5112 /*
5113 * Local TSF is always updated with remote TSF on beacon
5114 * reception.
5115 */
5116 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5117 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5118 tmp |= RT2860_BCN_TX_EN;
5119 /*
5120 * Local TSF is updated with remote TSF on beacon reception
5121 * only if the remote TSF is greater than local TSF.
5122 */
5123 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5124 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5125 ic->ic_opmode == IEEE80211_M_MBSS) {
5126 tmp |= RT2860_BCN_TX_EN;
5127 /* SYNC with nobody */
5128 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5129 } else {
5130 DPRINTF("Enabling TSF failed. undefined opmode\n");
5131 return;
5132 }
5133
5134 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5135}
5136
5137static void
5138run_enable_mrr(struct run_softc *sc)
5139{
5140#define CCK(mcs) (mcs)
5141#define OFDM(mcs) (1 << 3 | (mcs))
5142 run_write(sc, RT2860_LG_FBK_CFG0,
5143 OFDM(6) << 28 | /* 54->48 */
5144 OFDM(5) << 24 | /* 48->36 */
5145 OFDM(4) << 20 | /* 36->24 */
5146 OFDM(3) << 16 | /* 24->18 */
5147 OFDM(2) << 12 | /* 18->12 */
5148 OFDM(1) << 8 | /* 12-> 9 */
5149 OFDM(0) << 4 | /* 9-> 6 */
5150 OFDM(0)); /* 6-> 6 */
5151
5152 run_write(sc, RT2860_LG_FBK_CFG1,
5153 CCK(2) << 12 | /* 11->5.5 */
5154 CCK(1) << 8 | /* 5.5-> 2 */
5155 CCK(0) << 4 | /* 2-> 1 */
5156 CCK(0)); /* 1-> 1 */
5157#undef OFDM
5158#undef CCK
5159}
5160
5161static void
5162run_set_txpreamble(struct run_softc *sc)
5163{
5164 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5165 uint32_t tmp;
5166
5167 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5168 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5169 tmp |= RT2860_CCK_SHORT_EN;
5170 else
5171 tmp &= ~RT2860_CCK_SHORT_EN;
5172 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5173}
5174
5175static void
5176run_set_basicrates(struct run_softc *sc)
5177{
5178 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5179
5180 /* set basic rates mask */
5181 if (ic->ic_curmode == IEEE80211_MODE_11B)
5182 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5183 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5184 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5185 else /* 11g */
5186 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5187}
5188
5189static void
5190run_set_leds(struct run_softc *sc, uint16_t which)
5191{
5192 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5193 which | (sc->leds & 0x7f));
5194}
5195
5196static void
5197run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5198{
5199 run_write(sc, RT2860_MAC_BSSID_DW0,
5200 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5201 run_write(sc, RT2860_MAC_BSSID_DW1,
5202 bssid[4] | bssid[5] << 8);
5203}
5204
5205static void
5206run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5207{
5208 run_write(sc, RT2860_MAC_ADDR_DW0,
5209 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5210 run_write(sc, RT2860_MAC_ADDR_DW1,
5211 addr[4] | addr[5] << 8 | 0xff << 16);
5212}
5213
5214static void
5215run_updateslot(struct ifnet *ifp)
5216{
5217 struct run_softc *sc = ifp->if_softc;
5218 struct ieee80211com *ic = ifp->if_l2com;
5219 uint32_t i;
5220
5221 i = RUN_CMDQ_GET(&sc->cmdq_store);
5222 DPRINTF("cmdq_store=%d\n", i);
5223 sc->cmdq[i].func = run_updateslot_cb;
5224 sc->cmdq[i].arg0 = ifp;
5225 ieee80211_runtask(ic, &sc->cmdq_task);
5226
5227 return;
5228}
5229
5230/* ARGSUSED */
5231static void
5232run_updateslot_cb(void *arg)
5233{
5234 struct ifnet *ifp = arg;
5235 struct run_softc *sc = ifp->if_softc;
5236 struct ieee80211com *ic = ifp->if_l2com;
5237 uint32_t tmp;
5238
5239 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5240 tmp &= ~0xff;
5241 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
5242 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5243}
5244
5245static void
5246run_update_mcast(struct ifnet *ifp)
5247{
5248 /* h/w filter supports getting everything or nothing */
5249 ifp->if_flags |= IFF_ALLMULTI;
5250}
5251
5252static int8_t
5253run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5254{
5255 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5256 struct ieee80211_channel *c = ic->ic_curchan;
5257 int delta;
5258
5259 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5260 u_int chan = ieee80211_chan2ieee(ic, c);
5261 delta = sc->rssi_5ghz[rxchain];
5262
5263 /* determine channel group */
5264 if (chan <= 64)
5265 delta -= sc->lna[1];
5266 else if (chan <= 128)
5267 delta -= sc->lna[2];
5268 else
5269 delta -= sc->lna[3];
5270 } else
5271 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5272
5273 return (-12 - delta - rssi);
5274}
5275
5276static void
5277run_rt5390_bbp_init(struct run_softc *sc)
5278{
5279 int i;
5280 uint8_t bbp;
5281
5282 /* Apply maximum likelihood detection for 2 stream case. */
5283 run_bbp_read(sc, 105, &bbp);
5284 if (sc->nrxchains > 1)
5285 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5286
5287 /* Avoid data lost and CRC error. */
5288 run_bbp_read(sc, 4, &bbp);
5289 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5290
5291 if (sc->mac_ver == 0x5592) {
5292 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5293 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5294 rt5592_def_bbp[i].val);
5295 }
5296 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5297 run_bbp_write(sc, 195, i + 0x80);
5298 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5299 }
5300 } else {
5301 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5302 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5303 rt5390_def_bbp[i].val);
5304 }
5305 }
5306 if (sc->mac_ver == 0x5392) {
5307 run_bbp_write(sc, 88, 0x90);
5308 run_bbp_write(sc, 95, 0x9a);
5309 run_bbp_write(sc, 98, 0x12);
5310 run_bbp_write(sc, 106, 0x12);
5311 run_bbp_write(sc, 134, 0xd0);
5312 run_bbp_write(sc, 135, 0xf6);
5313 run_bbp_write(sc, 148, 0x84);
5314 }
5315
5316 run_bbp_read(sc, 152, &bbp);
5317 run_bbp_write(sc, 152, bbp | 0x80);
5318
5319 /* Fix BBP254 for RT5592C. */
5320 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5321 run_bbp_read(sc, 254, &bbp);
5322 run_bbp_write(sc, 254, bbp | 0x80);
5323 }
5324
5325 /* Disable hardware antenna diversity. */
5326 if (sc->mac_ver == 0x5390)
5327 run_bbp_write(sc, 154, 0);
5328
5329 /* Initialize Rx CCK/OFDM frequency offset report. */
5330 run_bbp_write(sc, 142, 1);
5331 run_bbp_write(sc, 143, 57);
5332}
5333
5334static int
5335run_bbp_init(struct run_softc *sc)
5336{
5337 int i, error, ntries;
5338 uint8_t bbp0;
5339
5340 /* wait for BBP to wake up */
5341 for (ntries = 0; ntries < 20; ntries++) {
5342 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5343 return error;
5344 if (bbp0 != 0 && bbp0 != 0xff)
5345 break;
5346 }
5347 if (ntries == 20)
5348 return (ETIMEDOUT);
5349
5350 /* initialize BBP registers to default values */
5351 if (sc->mac_ver >= 0x5390)
5352 run_rt5390_bbp_init(sc);
5353 else {
5354 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5355 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5356 rt2860_def_bbp[i].val);
5357 }
5358 }
5359
5360 if (sc->mac_ver == 0x3593) {
5361 run_bbp_write(sc, 79, 0x13);
5362 run_bbp_write(sc, 80, 0x05);
5363 run_bbp_write(sc, 81, 0x33);
5364 run_bbp_write(sc, 86, 0x46);
5365 run_bbp_write(sc, 137, 0x0f);
5366 }
5367
5368 /* fix BBP84 for RT2860E */
5369 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5370 run_bbp_write(sc, 84, 0x19);
5371
5372 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5373 sc->mac_ver != 0x5592)) {
5374 run_bbp_write(sc, 79, 0x13);
5375 run_bbp_write(sc, 80, 0x05);
5376 run_bbp_write(sc, 81, 0x33);
5377 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5378 run_bbp_write(sc, 69, 0x16);
5379 run_bbp_write(sc, 73, 0x12);
5380 }
5381 return (0);
5382}
5383
5384static int
5385run_rt3070_rf_init(struct run_softc *sc)
5386{
5387 uint32_t tmp;
5388 uint8_t bbp4, mingain, rf, target;
5389 int i;
5390
5391 run_rt3070_rf_read(sc, 30, &rf);
5392 /* toggle RF R30 bit 7 */
5393 run_rt3070_rf_write(sc, 30, rf | 0x80);
5394 run_delay(sc, 10);
5395 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5396
5397 /* initialize RF registers to default value */
5398 if (sc->mac_ver == 0x3572) {
5399 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5400 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5401 rt3572_def_rf[i].val);
5402 }
5403 } else {
5404 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5405 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5406 rt3070_def_rf[i].val);
5407 }
5408 }
5409
5410 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5411 /*
5412 * Change voltage from 1.2V to 1.35V for RT3070.
5413 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5414 * in RT3070(F).
5415 */
5416 run_read(sc, RT3070_LDO_CFG0, &tmp);
5417 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5418 run_write(sc, RT3070_LDO_CFG0, tmp);
5419
5420 } else if (sc->mac_ver == 0x3071) {
5421 run_rt3070_rf_read(sc, 6, &rf);
5422 run_rt3070_rf_write(sc, 6, rf | 0x40);
5423 run_rt3070_rf_write(sc, 31, 0x14);
5424
5425 run_read(sc, RT3070_LDO_CFG0, &tmp);
5426 tmp &= ~0x1f000000;
5427 if (sc->mac_rev < 0x0211)
5428 tmp |= 0x0d000000; /* 1.3V */
5429 else
5430 tmp |= 0x01000000; /* 1.2V */
5431 run_write(sc, RT3070_LDO_CFG0, tmp);
5432
5433 /* patch LNA_PE_G1 */
5434 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5435 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5436
5437 } else if (sc->mac_ver == 0x3572) {
5438 run_rt3070_rf_read(sc, 6, &rf);
5439 run_rt3070_rf_write(sc, 6, rf | 0x40);
5440
5441 /* increase voltage from 1.2V to 1.35V */
5442 run_read(sc, RT3070_LDO_CFG0, &tmp);
5443 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5444 run_write(sc, RT3070_LDO_CFG0, tmp);
5445
5446 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5447 run_delay(sc, 1); /* wait for 1msec */
5448 /* decrease voltage back to 1.2V */
5449 tmp = (tmp & ~0x1f000000) | 0x01000000;
5450 run_write(sc, RT3070_LDO_CFG0, tmp);
5451 }
5452 }
5453
5454 /* select 20MHz bandwidth */
5455 run_rt3070_rf_read(sc, 31, &rf);
5456 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5457
5458 /* calibrate filter for 20MHz bandwidth */
5459 sc->rf24_20mhz = 0x1f; /* default value */
5460 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5461 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5462
5463 /* select 40MHz bandwidth */
5464 run_bbp_read(sc, 4, &bbp4);
5465 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5466 run_rt3070_rf_read(sc, 31, &rf);
5467 run_rt3070_rf_write(sc, 31, rf | 0x20);
5468
5469 /* calibrate filter for 40MHz bandwidth */
5470 sc->rf24_40mhz = 0x2f; /* default value */
5471 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5472 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5473
5474 /* go back to 20MHz bandwidth */
5475 run_bbp_read(sc, 4, &bbp4);
5476 run_bbp_write(sc, 4, bbp4 & ~0x18);
5477
5478 if (sc->mac_ver == 0x3572) {
5479 /* save default BBP registers 25 and 26 values */
5480 run_bbp_read(sc, 25, &sc->bbp25);
5481 run_bbp_read(sc, 26, &sc->bbp26);
5482 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5483 run_rt3070_rf_write(sc, 27, 0x03);
5484
5485 run_read(sc, RT3070_OPT_14, &tmp);
5486 run_write(sc, RT3070_OPT_14, tmp | 1);
5487
5488 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5489 run_rt3070_rf_read(sc, 17, &rf);
5490 rf &= ~RT3070_TX_LO1;
5491 if ((sc->mac_ver == 0x3070 ||
5492 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5493 !sc->ext_2ghz_lna)
5494 rf |= 0x20; /* fix for long range Rx issue */
5495 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5496 if (sc->txmixgain_2ghz >= mingain)
5497 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5498 run_rt3070_rf_write(sc, 17, rf);
5499 }
5500
5501 if (sc->mac_ver == 0x3071) {
5502 run_rt3070_rf_read(sc, 1, &rf);
5503 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5504 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5505 run_rt3070_rf_write(sc, 1, rf);
5506
5507 run_rt3070_rf_read(sc, 15, &rf);
5508 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5509
5510 run_rt3070_rf_read(sc, 20, &rf);
5511 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5512
5513 run_rt3070_rf_read(sc, 21, &rf);
5514 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5515 }
5516
5517 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5518 /* fix Tx to Rx IQ glitch by raising RF voltage */
5519 run_rt3070_rf_read(sc, 27, &rf);
5520 rf &= ~0x77;
5521 if (sc->mac_rev < 0x0211)
5522 rf |= 0x03;
5523 run_rt3070_rf_write(sc, 27, rf);
5524 }
5525 return (0);
5526}
5527
5528static void
5529run_rt3593_rf_init(struct run_softc *sc)
5530{
5531 uint32_t tmp;
5532 uint8_t rf;
5533 int i;
5534
5535 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5536 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5537 tmp &= ~(1 << 4 | 1 << 7);
5538 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5539
5540 /* Initialize RF registers to default value. */
5541 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5542 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5543 rt3593_def_rf[i].val);
5544 }
5545
5546 /* Toggle RF R2 to initiate calibration. */
5547 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5548
5549 /* Initialize RF frequency offset. */
5550 run_adjust_freq_offset(sc);
5551
5552 run_rt3070_rf_read(sc, 18, &rf);
5553 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5554
5555 /*
5556 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5557 * decrease voltage back to 1.2V.
5558 */
5559 run_read(sc, RT3070_LDO_CFG0, &tmp);
5560 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5561 run_write(sc, RT3070_LDO_CFG0, tmp);
5562 run_delay(sc, 1);
5563 tmp = (tmp & ~0x1f000000) | 0x01000000;
5564 run_write(sc, RT3070_LDO_CFG0, tmp);
5565
5566 sc->rf24_20mhz = 0x1f;
5567 sc->rf24_40mhz = 0x2f;
5568
5569 /* Save default BBP registers 25 and 26 values. */
5570 run_bbp_read(sc, 25, &sc->bbp25);
5571 run_bbp_read(sc, 26, &sc->bbp26);
5572
5573 run_read(sc, RT3070_OPT_14, &tmp);
5574 run_write(sc, RT3070_OPT_14, tmp | 1);
5575}
5576
5577static void
5578run_rt5390_rf_init(struct run_softc *sc)
5579{
5580 uint32_t tmp;
5581 uint8_t rf;
5582 int i;
5583
5584 /* Toggle RF R2 to initiate calibration. */
5585 if (sc->mac_ver == 0x5390) {
5586 run_rt3070_rf_read(sc, 2, &rf);
5587 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5588 run_delay(sc, 10);
5589 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5590 } else {
5591 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5592 run_delay(sc, 10);
5593 }
5594
5595 /* Initialize RF registers to default value. */
5596 if (sc->mac_ver == 0x5592) {
5597 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5598 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5599 rt5592_def_rf[i].val);
5600 }
5601 /* Initialize RF frequency offset. */
5602 run_adjust_freq_offset(sc);
5603 } else if (sc->mac_ver == 0x5392) {
5604 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5605 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5606 rt5392_def_rf[i].val);
5607 }
5608 if (sc->mac_rev >= 0x0223) {
5609 run_rt3070_rf_write(sc, 23, 0x0f);
5610 run_rt3070_rf_write(sc, 24, 0x3e);
5611 run_rt3070_rf_write(sc, 51, 0x32);
5612 run_rt3070_rf_write(sc, 53, 0x22);
5613 run_rt3070_rf_write(sc, 56, 0xc1);
5614 run_rt3070_rf_write(sc, 59, 0x0f);
5615 }
5616 } else {
5617 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5618 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5619 rt5390_def_rf[i].val);
5620 }
5621 if (sc->mac_rev >= 0x0502) {
5622 run_rt3070_rf_write(sc, 6, 0xe0);
5623 run_rt3070_rf_write(sc, 25, 0x80);
5624 run_rt3070_rf_write(sc, 46, 0x73);
5625 run_rt3070_rf_write(sc, 53, 0x00);
5626 run_rt3070_rf_write(sc, 56, 0x42);
5627 run_rt3070_rf_write(sc, 61, 0xd1);
5628 }
5629 }
5630
5631 sc->rf24_20mhz = 0x1f; /* default value */
5632 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5633
5634 if (sc->mac_rev < 0x0211)
5635 run_rt3070_rf_write(sc, 27, 0x3);
5636
5637 run_read(sc, RT3070_OPT_14, &tmp);
5638 run_write(sc, RT3070_OPT_14, tmp | 1);
5639}
5640
5641static int
5642run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5643 uint8_t *val)
5644{
5645 uint8_t rf22, rf24;
5646 uint8_t bbp55_pb, bbp55_sb, delta;
5647 int ntries;
5648
5649 /* program filter */
5650 run_rt3070_rf_read(sc, 24, &rf24);
5651 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5652 run_rt3070_rf_write(sc, 24, rf24);
5653
5654 /* enable baseband loopback mode */
5655 run_rt3070_rf_read(sc, 22, &rf22);
5656 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5657
5658 /* set power and frequency of passband test tone */
5659 run_bbp_write(sc, 24, 0x00);
5660 for (ntries = 0; ntries < 100; ntries++) {
5661 /* transmit test tone */
5662 run_bbp_write(sc, 25, 0x90);
5663 run_delay(sc, 10);
5664 /* read received power */
5665 run_bbp_read(sc, 55, &bbp55_pb);
5666 if (bbp55_pb != 0)
5667 break;
5668 }
5669 if (ntries == 100)
5670 return (ETIMEDOUT);
5671
5672 /* set power and frequency of stopband test tone */
5673 run_bbp_write(sc, 24, 0x06);
5674 for (ntries = 0; ntries < 100; ntries++) {
5675 /* transmit test tone */
5676 run_bbp_write(sc, 25, 0x90);
5677 run_delay(sc, 10);
5678 /* read received power */
5679 run_bbp_read(sc, 55, &bbp55_sb);
5680
5681 delta = bbp55_pb - bbp55_sb;
5682 if (delta > target)
5683 break;
5684
5685 /* reprogram filter */
5686 rf24++;
5687 run_rt3070_rf_write(sc, 24, rf24);
5688 }
5689 if (ntries < 100) {
5690 if (rf24 != init)
5691 rf24--; /* backtrack */
5692 *val = rf24;
5693 run_rt3070_rf_write(sc, 24, rf24);
5694 }
5695
5696 /* restore initial state */
5697 run_bbp_write(sc, 24, 0x00);
5698
5699 /* disable baseband loopback mode */
5700 run_rt3070_rf_read(sc, 22, &rf22);
5701 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5702
5703 return (0);
5704}
5705
5706static void
5707run_rt3070_rf_setup(struct run_softc *sc)
5708{
5709 uint8_t bbp, rf;
5710 int i;
5711
5712 if (sc->mac_ver == 0x3572) {
5713 /* enable DC filter */
5714 if (sc->mac_rev >= 0x0201)
5715 run_bbp_write(sc, 103, 0xc0);
5716
5717 run_bbp_read(sc, 138, &bbp);
5718 if (sc->ntxchains == 1)
5719 bbp |= 0x20; /* turn off DAC1 */
5720 if (sc->nrxchains == 1)
5721 bbp &= ~0x02; /* turn off ADC1 */
5722 run_bbp_write(sc, 138, bbp);
5723
5724 if (sc->mac_rev >= 0x0211) {
5725 /* improve power consumption */
5726 run_bbp_read(sc, 31, &bbp);
5727 run_bbp_write(sc, 31, bbp & ~0x03);
5728 }
5729
5730 run_rt3070_rf_read(sc, 16, &rf);
5731 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5732 run_rt3070_rf_write(sc, 16, rf);
5733
5734 } else if (sc->mac_ver == 0x3071) {
5735 if (sc->mac_rev >= 0x0211) {
5736 /* enable DC filter */
5737 run_bbp_write(sc, 103, 0xc0);
5738
5739 /* improve power consumption */
5740 run_bbp_read(sc, 31, &bbp);
5741 run_bbp_write(sc, 31, bbp & ~0x03);
5742 }
5743
5744 run_bbp_read(sc, 138, &bbp);
5745 if (sc->ntxchains == 1)
5746 bbp |= 0x20; /* turn off DAC1 */
5747 if (sc->nrxchains == 1)
5748 bbp &= ~0x02; /* turn off ADC1 */
5749 run_bbp_write(sc, 138, bbp);
5750
5751 run_write(sc, RT2860_TX_SW_CFG1, 0);
5752 if (sc->mac_rev < 0x0211) {
5753 run_write(sc, RT2860_TX_SW_CFG2,
5754 sc->patch_dac ? 0x2c : 0x0f);
5755 } else
5756 run_write(sc, RT2860_TX_SW_CFG2, 0);
5757
5758 } else if (sc->mac_ver == 0x3070) {
5759 if (sc->mac_rev >= 0x0201) {
5760 /* enable DC filter */
5761 run_bbp_write(sc, 103, 0xc0);
5762
5763 /* improve power consumption */
5764 run_bbp_read(sc, 31, &bbp);
5765 run_bbp_write(sc, 31, bbp & ~0x03);
5766 }
5767
5768 if (sc->mac_rev < 0x0201) {
5769 run_write(sc, RT2860_TX_SW_CFG1, 0);
5770 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5771 } else
5772 run_write(sc, RT2860_TX_SW_CFG2, 0);
5773 }
5774
5775 /* initialize RF registers from ROM for >=RT3071*/
5776 if (sc->mac_ver >= 0x3071) {
5777 for (i = 0; i < 10; i++) {
5778 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5779 continue;
5780 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5781 }
5782 }
5783}
5784
5785static void
5786run_rt3593_rf_setup(struct run_softc *sc)
5787{
5788 uint8_t bbp, rf;
5789
5790 if (sc->mac_rev >= 0x0211) {
5791 /* Enable DC filter. */
5792 run_bbp_write(sc, 103, 0xc0);
5793 }
5794 run_write(sc, RT2860_TX_SW_CFG1, 0);
5795 if (sc->mac_rev < 0x0211) {
5796 run_write(sc, RT2860_TX_SW_CFG2,
5797 sc->patch_dac ? 0x2c : 0x0f);
5798 } else
5799 run_write(sc, RT2860_TX_SW_CFG2, 0);
5800
5801 run_rt3070_rf_read(sc, 50, &rf);
5802 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5803
5804 run_rt3070_rf_read(sc, 51, &rf);
5805 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5806 ((sc->txmixgain_2ghz & 0x07) << 2);
5807 run_rt3070_rf_write(sc, 51, rf);
5808
5809 run_rt3070_rf_read(sc, 38, &rf);
5810 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5811
5812 run_rt3070_rf_read(sc, 39, &rf);
5813 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5814
5815 run_rt3070_rf_read(sc, 1, &rf);
5816 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5817
5818 run_rt3070_rf_read(sc, 30, &rf);
5819 rf = (rf & ~0x18) | 0x10;
5820 run_rt3070_rf_write(sc, 30, rf);
5821
5822 /* Apply maximum likelihood detection for 2 stream case. */
5823 run_bbp_read(sc, 105, &bbp);
5824 if (sc->nrxchains > 1)
5825 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5826
5827 /* Avoid data lost and CRC error. */
5828 run_bbp_read(sc, 4, &bbp);
5829 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5830
5831 run_bbp_write(sc, 92, 0x02);
5832 run_bbp_write(sc, 82, 0x82);
5833 run_bbp_write(sc, 106, 0x05);
5834 run_bbp_write(sc, 104, 0x92);
5835 run_bbp_write(sc, 88, 0x90);
5836 run_bbp_write(sc, 148, 0xc8);
5837 run_bbp_write(sc, 47, 0x48);
5838 run_bbp_write(sc, 120, 0x50);
5839
5840 run_bbp_write(sc, 163, 0x9d);
5841
5842 /* SNR mapping. */
5843 run_bbp_write(sc, 142, 0x06);
5844 run_bbp_write(sc, 143, 0xa0);
5845 run_bbp_write(sc, 142, 0x07);
5846 run_bbp_write(sc, 143, 0xa1);
5847 run_bbp_write(sc, 142, 0x08);
5848 run_bbp_write(sc, 143, 0xa2);
5849
5850 run_bbp_write(sc, 31, 0x08);
5851 run_bbp_write(sc, 68, 0x0b);
5852 run_bbp_write(sc, 105, 0x04);
5853}
5854
5855static void
5856run_rt5390_rf_setup(struct run_softc *sc)
5857{
5858 uint8_t bbp, rf;
5859
5860 if (sc->mac_rev >= 0x0211) {
5861 /* Enable DC filter. */
5862 run_bbp_write(sc, 103, 0xc0);
5863
5864 if (sc->mac_ver != 0x5592) {
5865 /* Improve power consumption. */
5866 run_bbp_read(sc, 31, &bbp);
5867 run_bbp_write(sc, 31, bbp & ~0x03);
5868 }
5869 }
5870
5871 run_bbp_read(sc, 138, &bbp);
5872 if (sc->ntxchains == 1)
5873 bbp |= 0x20; /* turn off DAC1 */
5874 if (sc->nrxchains == 1)
5875 bbp &= ~0x02; /* turn off ADC1 */
5876 run_bbp_write(sc, 138, bbp);
5877
5878 run_rt3070_rf_read(sc, 38, &rf);
5879 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5880
5881 run_rt3070_rf_read(sc, 39, &rf);
5882 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5883
5884 /* Avoid data lost and CRC error. */
5885 run_bbp_read(sc, 4, &bbp);
5886 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5887
5888 run_rt3070_rf_read(sc, 30, &rf);
5889 rf = (rf & ~0x18) | 0x10;
5890 run_rt3070_rf_write(sc, 30, rf);
5891
5892 if (sc->mac_ver != 0x5592) {
5893 run_write(sc, RT2860_TX_SW_CFG1, 0);
5894 if (sc->mac_rev < 0x0211) {
5895 run_write(sc, RT2860_TX_SW_CFG2,
5896 sc->patch_dac ? 0x2c : 0x0f);
5897 } else
5898 run_write(sc, RT2860_TX_SW_CFG2, 0);
5899 }
5900}
5901
5902static int
5903run_txrx_enable(struct run_softc *sc)
5904{
5905 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5906 uint32_t tmp;
5907 int error, ntries;
5908
5909 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5910 for (ntries = 0; ntries < 200; ntries++) {
5911 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5912 return (error);
5913 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5914 break;
5915 run_delay(sc, 50);
5916 }
5917 if (ntries == 200)
5918 return (ETIMEDOUT);
5919
5920 run_delay(sc, 50);
5921
5922 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5923 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5924
5925 /* enable Rx bulk aggregation (set timeout and limit) */
5926 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5927 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5928 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5929
5930 /* set Rx filter */
5931 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5932 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5933 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5934 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5935 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5936 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5937 if (ic->ic_opmode == IEEE80211_M_STA)
5938 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5939 }
5940 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5941
5942 run_write(sc, RT2860_MAC_SYS_CTRL,
5943 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5944
5945 return (0);
5946}
5947
5948static void
5949run_adjust_freq_offset(struct run_softc *sc)
5950{
5951 uint8_t rf, tmp;
5952
5953 run_rt3070_rf_read(sc, 17, &rf);
5954 tmp = rf;
5955 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5956 rf = MIN(rf, 0x5f);
5957
5958 if (tmp != rf)
5959 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5960}
5961
5962static void
5963run_init_locked(struct run_softc *sc)
5964{
5965 struct ifnet *ifp = sc->sc_ifp;
5966 struct ieee80211com *ic = ifp->if_l2com;
5967 uint32_t tmp;
5968 uint8_t bbp1, bbp3;
5969 int i;
5970 int ridx;
5971 int ntries;
5972
5973 if (ic->ic_nrunning > 1)
5974 return;
5975
5976 run_stop(sc);
5977
5978 if (run_load_microcode(sc) != 0) {
5979 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
5980 goto fail;
5981 }
5982
5983 for (ntries = 0; ntries < 100; ntries++) {
5984 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
5985 goto fail;
5986 if (tmp != 0 && tmp != 0xffffffff)
5987 break;
5988 run_delay(sc, 10);
5989 }
5990 if (ntries == 100)
5991 goto fail;
5992
5993 for (i = 0; i != RUN_EP_QUEUES; i++)
5994 run_setup_tx_list(sc, &sc->sc_epq[i]);
5995
5996 run_set_macaddr(sc, IF_LLADDR(ifp));
5997
5998 for (ntries = 0; ntries < 100; ntries++) {
5999 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6000 goto fail;
6001 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6002 break;
6003 run_delay(sc, 10);
6004 }
6005 if (ntries == 100) {
6006 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6007 goto fail;
6008 }
6009 tmp &= 0xff0;
6010 tmp |= RT2860_TX_WB_DDONE;
6011 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6012
6013 /* turn off PME_OEN to solve high-current issue */
6014 run_read(sc, RT2860_SYS_CTRL, &tmp);
6015 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6016
6017 run_write(sc, RT2860_MAC_SYS_CTRL,
6018 RT2860_BBP_HRST | RT2860_MAC_SRST);
6019 run_write(sc, RT2860_USB_DMA_CFG, 0);
6020
6021 if (run_reset(sc) != 0) {
6022 device_printf(sc->sc_dev, "could not reset chipset\n");
6023 goto fail;
6024 }
6025
6026 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6027
6028 /* init Tx power for all Tx rates (from EEPROM) */
6029 for (ridx = 0; ridx < 5; ridx++) {
6030 if (sc->txpow20mhz[ridx] == 0xffffffff)
6031 continue;
6032 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6033 }
6034
6035 for (i = 0; i < nitems(rt2870_def_mac); i++)
6036 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6037 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6038 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6039 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6040
6041 if (sc->mac_ver >= 0x5390) {
6042 run_write(sc, RT2860_TX_SW_CFG0,
6043 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6044 if (sc->mac_ver >= 0x5392) {
6045 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6046 if (sc->mac_ver == 0x5592) {
6047 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6048 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6049 } else {
6050 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6051 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6052 }
6053 }
6054 } else if (sc->mac_ver == 0x3593) {
6055 run_write(sc, RT2860_TX_SW_CFG0,
6056 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6057 } else if (sc->mac_ver >= 0x3070) {
6058 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6059 run_write(sc, RT2860_TX_SW_CFG0,
6060 4 << RT2860_DLY_PAPE_EN_SHIFT);
6061 }
6062
6063 /* wait while MAC is busy */
6064 for (ntries = 0; ntries < 100; ntries++) {
6065 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6066 goto fail;
6067 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6068 break;
6069 run_delay(sc, 10);
6070 }
6071 if (ntries == 100)
6072 goto fail;
6073
6074 /* clear Host to MCU mailbox */
6075 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6076 run_write(sc, RT2860_H2M_MAILBOX, 0);
6077 run_delay(sc, 10);
6078
6079 if (run_bbp_init(sc) != 0) {
6080 device_printf(sc->sc_dev, "could not initialize BBP\n");
6081 goto fail;
6082 }
6083
6084 /* abort TSF synchronization */
6085 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6086 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6087 RT2860_TBTT_TIMER_EN);
6088 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6089
6090 /* clear RX WCID search table */
6091 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6092 /* clear WCID attribute table */
6093 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6094
6095 /* hostapd sets a key before init. So, don't clear it. */
6096 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6097 /* clear shared key table */
6098 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6099 /* clear shared key mode */
6100 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6101 }
6102
6103 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6104 tmp = (tmp & ~0xff) | 0x1e;
6105 run_write(sc, RT2860_US_CYC_CNT, tmp);
6106
6107 if (sc->mac_rev != 0x0101)
6108 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6109
6110 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6111 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6112
6113 /* write vendor-specific BBP values (from EEPROM) */
6114 if (sc->mac_ver < 0x3593) {
6115 for (i = 0; i < 10; i++) {
6116 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6117 continue;
6118 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6119 }
6120 }
6121
6122 /* select Main antenna for 1T1R devices */
6123 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6124 run_set_rx_antenna(sc, 0);
6125
6126 /* send LEDs operating mode to microcontroller */
6127 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6128 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6129 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6130
6131 if (sc->mac_ver >= 0x5390)
6132 run_rt5390_rf_init(sc);
6133 else if (sc->mac_ver == 0x3593)
6134 run_rt3593_rf_init(sc);
6135 else if (sc->mac_ver >= 0x3070)
6136 run_rt3070_rf_init(sc);
6137
6138 /* disable non-existing Rx chains */
6139 run_bbp_read(sc, 3, &bbp3);
6140 bbp3 &= ~(1 << 3 | 1 << 4);
6141 if (sc->nrxchains == 2)
6142 bbp3 |= 1 << 3;
6143 else if (sc->nrxchains == 3)
6144 bbp3 |= 1 << 4;
6145 run_bbp_write(sc, 3, bbp3);
6146
6147 /* disable non-existing Tx chains */
6148 run_bbp_read(sc, 1, &bbp1);
6149 if (sc->ntxchains == 1)
6150 bbp1 &= ~(1 << 3 | 1 << 4);
6151 run_bbp_write(sc, 1, bbp1);
6152
6153 if (sc->mac_ver >= 0x5390)
6154 run_rt5390_rf_setup(sc);
6155 else if (sc->mac_ver == 0x3593)
6156 run_rt3593_rf_setup(sc);
6157 else if (sc->mac_ver >= 0x3070)
6158 run_rt3070_rf_setup(sc);
6159
6160 /* select default channel */
6161 run_set_chan(sc, ic->ic_curchan);
6162
6163 /* setup initial protection mode */
6164 run_updateprot_cb(ic);
6165
6166 /* turn radio LED on */
6167 run_set_leds(sc, RT2860_LED_RADIO);
6168
6169 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
6170 ifp->if_drv_flags |= IFF_DRV_RUNNING;
6171 sc->cmdq_run = RUN_CMDQ_GO;
6172
6173 for (i = 0; i != RUN_N_XFER; i++)
6174 usbd_xfer_set_stall(sc->sc_xfer[i]);
6175
6176 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6177
6178 if (run_txrx_enable(sc) != 0)
6179 goto fail;
6180
6181 return;
6182
6183fail:
6184 run_stop(sc);
6185}
6186
6187static void
6188run_init(void *arg)
6189{
6190 struct run_softc *sc = arg;
6191 struct ifnet *ifp = sc->sc_ifp;
6192 struct ieee80211com *ic = ifp->if_l2com;
6193
6194 RUN_LOCK(sc);
6195 run_init_locked(sc);
6196 RUN_UNLOCK(sc);
6197
6198 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6199 ieee80211_start_all(ic);
6200}
6201
6202static void
6203run_stop(void *arg)
6204{
6205 struct run_softc *sc = (struct run_softc *)arg;
6206 struct ifnet *ifp = sc->sc_ifp;
6207 uint32_t tmp;
6208 int i;
6209 int ntries;
6210
6211 RUN_LOCK_ASSERT(sc, MA_OWNED);
6212
6213 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6214 run_set_leds(sc, 0); /* turn all LEDs off */
6215
6216 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
6217
6218 sc->ratectl_run = RUN_RATECTL_OFF;
6219 sc->cmdq_run = sc->cmdq_key_set;
6220
6221 RUN_UNLOCK(sc);
6222
6223 for(i = 0; i < RUN_N_XFER; i++)
6224 usbd_transfer_drain(sc->sc_xfer[i]);
6225
6226 RUN_LOCK(sc);
6227
6228 if (sc->rx_m != NULL) {
6229 m_free(sc->rx_m);
6230 sc->rx_m = NULL;
6231 }
6232
6233 /* Disable Tx/Rx DMA. */
6234 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6235 return;
6236 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6237 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6238
6239 for (ntries = 0; ntries < 100; ntries++) {
6240 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6241 return;
6242 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6243 break;
6244 run_delay(sc, 10);
6245 }
6246 if (ntries == 100) {
6247 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6248 return;
6249 }
6250
6251 /* disable Tx/Rx */
6252 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6253 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6254 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6255
6256 /* wait for pending Tx to complete */
6257 for (ntries = 0; ntries < 100; ntries++) {
6258 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6259 DPRINTF("Cannot read Tx queue count\n");
6260 break;
6261 }
6262 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6263 DPRINTF("All Tx cleared\n");
6264 break;
6265 }
6266 run_delay(sc, 10);
6267 }
6268 if (ntries >= 100)
6269 DPRINTF("There are still pending Tx\n");
6270 run_delay(sc, 10);
6271 run_write(sc, RT2860_USB_DMA_CFG, 0);
6272
6273 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6274 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6275
6276 for (i = 0; i != RUN_EP_QUEUES; i++)
6277 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6278}
6279
6280static void
6281run_delay(struct run_softc *sc, u_int ms)
6282{
6283 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6284 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6285}
6286
6287static device_method_t run_methods[] = {
6288 /* Device interface */
6289 DEVMETHOD(device_probe, run_match),
6290 DEVMETHOD(device_attach, run_attach),
6291 DEVMETHOD(device_detach, run_detach),
6292 DEVMETHOD_END
6293};
6294
6295static driver_t run_driver = {
6296 .name = "run",
6297 .methods = run_methods,
6298 .size = sizeof(struct run_softc)
6299};
6300
6301static devclass_t run_devclass;
6302
6303DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6304MODULE_DEPEND(run, wlan, 1, 1, 1);
6305MODULE_DEPEND(run, usb, 1, 1, 1);
6306MODULE_DEPEND(run, firmware, 1, 1, 1);
6307MODULE_VERSION(run, 1);