22
23/*-
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
26 */
27
28#include <sys/param.h>
29#include <sys/sockio.h>
30#include <sys/sysctl.h>
31#include <sys/lock.h>
32#include <sys/mutex.h>
33#include <sys/mbuf.h>
34#include <sys/kernel.h>
35#include <sys/socket.h>
36#include <sys/systm.h>
37#include <sys/malloc.h>
38#include <sys/module.h>
39#include <sys/bus.h>
40#include <sys/endian.h>
41#include <sys/linker.h>
42#include <sys/firmware.h>
43#include <sys/kdb.h>
44
45#include <machine/bus.h>
46#include <machine/resource.h>
47#include <sys/rman.h>
48
49#include <net/bpf.h>
50#include <net/if.h>
51#include <net/if_var.h>
52#include <net/if_arp.h>
53#include <net/ethernet.h>
54#include <net/if_dl.h>
55#include <net/if_media.h>
56#include <net/if_types.h>
57
58#include <netinet/in.h>
59#include <netinet/in_systm.h>
60#include <netinet/in_var.h>
61#include <netinet/if_ether.h>
62#include <netinet/ip.h>
63
64#include <net80211/ieee80211_var.h>
65#include <net80211/ieee80211_regdomain.h>
66#include <net80211/ieee80211_radiotap.h>
67#include <net80211/ieee80211_ratectl.h>
68
69#include <dev/usb/usb.h>
70#include <dev/usb/usbdi.h>
71#include "usbdevs.h"
72
73#define USB_DEBUG_VAR run_debug
74#include <dev/usb/usb_debug.h>
75#include <dev/usb/usb_msctest.h>
76
77#include <dev/usb/wlan/if_runreg.h>
78#include <dev/usb/wlan/if_runvar.h>
79
80#ifdef USB_DEBUG
81#define RUN_DEBUG
82#endif
83
84#ifdef RUN_DEBUG
85int run_debug = 0;
86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
88 "run debug level");
89#endif
90
91#define IEEE80211_HAS_ADDR4(wh) \
92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
93
94/*
95 * Because of LOR in run_key_delete(), use atomic instead.
96 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
97 */
98#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
99
100static const STRUCT_USB_HOST_ID run_devs[] = {
101#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
102#define RUN_DEV_EJECT(v,p) \
103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
104#define RUN_EJECT 1
105 RUN_DEV(ABOCOM, RT2770),
106 RUN_DEV(ABOCOM, RT2870),
107 RUN_DEV(ABOCOM, RT3070),
108 RUN_DEV(ABOCOM, RT3071),
109 RUN_DEV(ABOCOM, RT3072),
110 RUN_DEV(ABOCOM2, RT2870_1),
111 RUN_DEV(ACCTON, RT2770),
112 RUN_DEV(ACCTON, RT2870_1),
113 RUN_DEV(ACCTON, RT2870_2),
114 RUN_DEV(ACCTON, RT2870_3),
115 RUN_DEV(ACCTON, RT2870_4),
116 RUN_DEV(ACCTON, RT2870_5),
117 RUN_DEV(ACCTON, RT3070),
118 RUN_DEV(ACCTON, RT3070_1),
119 RUN_DEV(ACCTON, RT3070_2),
120 RUN_DEV(ACCTON, RT3070_3),
121 RUN_DEV(ACCTON, RT3070_4),
122 RUN_DEV(ACCTON, RT3070_5),
123 RUN_DEV(AIRTIES, RT3070),
124 RUN_DEV(ALLWIN, RT2070),
125 RUN_DEV(ALLWIN, RT2770),
126 RUN_DEV(ALLWIN, RT2870),
127 RUN_DEV(ALLWIN, RT3070),
128 RUN_DEV(ALLWIN, RT3071),
129 RUN_DEV(ALLWIN, RT3072),
130 RUN_DEV(ALLWIN, RT3572),
131 RUN_DEV(AMIGO, RT2870_1),
132 RUN_DEV(AMIGO, RT2870_2),
133 RUN_DEV(AMIT, CGWLUSB2GNR),
134 RUN_DEV(AMIT, RT2870_1),
135 RUN_DEV(AMIT2, RT2870),
136 RUN_DEV(ASUS, RT2870_1),
137 RUN_DEV(ASUS, RT2870_2),
138 RUN_DEV(ASUS, RT2870_3),
139 RUN_DEV(ASUS, RT2870_4),
140 RUN_DEV(ASUS, RT2870_5),
141 RUN_DEV(ASUS, USBN13),
142 RUN_DEV(ASUS, RT3070_1),
143 RUN_DEV(ASUS, USBN66),
144 RUN_DEV(ASUS, USB_N53),
145 RUN_DEV(ASUS2, USBN11),
146 RUN_DEV(AZUREWAVE, RT2870_1),
147 RUN_DEV(AZUREWAVE, RT2870_2),
148 RUN_DEV(AZUREWAVE, RT3070_1),
149 RUN_DEV(AZUREWAVE, RT3070_2),
150 RUN_DEV(AZUREWAVE, RT3070_3),
151 RUN_DEV(BELKIN, F9L1103),
152 RUN_DEV(BELKIN, F5D8053V3),
153 RUN_DEV(BELKIN, F5D8055),
154 RUN_DEV(BELKIN, F5D8055V2),
155 RUN_DEV(BELKIN, F6D4050V1),
156 RUN_DEV(BELKIN, F6D4050V2),
157 RUN_DEV(BELKIN, RT2870_1),
158 RUN_DEV(BELKIN, RT2870_2),
159 RUN_DEV(CISCOLINKSYS, AE1000),
160 RUN_DEV(CISCOLINKSYS2, RT3070),
161 RUN_DEV(CISCOLINKSYS3, RT3070),
162 RUN_DEV(CONCEPTRONIC2, RT2870_1),
163 RUN_DEV(CONCEPTRONIC2, RT2870_2),
164 RUN_DEV(CONCEPTRONIC2, RT2870_3),
165 RUN_DEV(CONCEPTRONIC2, RT2870_4),
166 RUN_DEV(CONCEPTRONIC2, RT2870_5),
167 RUN_DEV(CONCEPTRONIC2, RT2870_6),
168 RUN_DEV(CONCEPTRONIC2, RT2870_7),
169 RUN_DEV(CONCEPTRONIC2, RT2870_8),
170 RUN_DEV(CONCEPTRONIC2, RT3070_1),
171 RUN_DEV(CONCEPTRONIC2, RT3070_2),
172 RUN_DEV(CONCEPTRONIC2, VIGORN61),
173 RUN_DEV(COREGA, CGWLUSB300GNM),
174 RUN_DEV(COREGA, RT2870_1),
175 RUN_DEV(COREGA, RT2870_2),
176 RUN_DEV(COREGA, RT2870_3),
177 RUN_DEV(COREGA, RT3070),
178 RUN_DEV(CYBERTAN, RT2870),
179 RUN_DEV(DLINK, RT2870),
180 RUN_DEV(DLINK, RT3072),
181 RUN_DEV(DLINK, DWA127),
182 RUN_DEV(DLINK, DWA140B3),
183 RUN_DEV(DLINK, DWA160B2),
184 RUN_DEV(DLINK, DWA140D1),
185 RUN_DEV(DLINK, DWA162),
186 RUN_DEV(DLINK2, DWA130),
187 RUN_DEV(DLINK2, RT2870_1),
188 RUN_DEV(DLINK2, RT2870_2),
189 RUN_DEV(DLINK2, RT3070_1),
190 RUN_DEV(DLINK2, RT3070_2),
191 RUN_DEV(DLINK2, RT3070_3),
192 RUN_DEV(DLINK2, RT3070_4),
193 RUN_DEV(DLINK2, RT3070_5),
194 RUN_DEV(DLINK2, RT3072),
195 RUN_DEV(DLINK2, RT3072_1),
196 RUN_DEV(EDIMAX, EW7717),
197 RUN_DEV(EDIMAX, EW7718),
198 RUN_DEV(EDIMAX, EW7733UND),
199 RUN_DEV(EDIMAX, RT2870_1),
200 RUN_DEV(ENCORE, RT3070_1),
201 RUN_DEV(ENCORE, RT3070_2),
202 RUN_DEV(ENCORE, RT3070_3),
203 RUN_DEV(GIGABYTE, GNWB31N),
204 RUN_DEV(GIGABYTE, GNWB32L),
205 RUN_DEV(GIGABYTE, RT2870_1),
206 RUN_DEV(GIGASET, RT3070_1),
207 RUN_DEV(GIGASET, RT3070_2),
208 RUN_DEV(GUILLEMOT, HWNU300),
209 RUN_DEV(HAWKING, HWUN2),
210 RUN_DEV(HAWKING, RT2870_1),
211 RUN_DEV(HAWKING, RT2870_2),
212 RUN_DEV(HAWKING, RT3070),
213 RUN_DEV(IODATA, RT3072_1),
214 RUN_DEV(IODATA, RT3072_2),
215 RUN_DEV(IODATA, RT3072_3),
216 RUN_DEV(IODATA, RT3072_4),
217 RUN_DEV(LINKSYS4, RT3070),
218 RUN_DEV(LINKSYS4, WUSB100),
219 RUN_DEV(LINKSYS4, WUSB54GCV3),
220 RUN_DEV(LINKSYS4, WUSB600N),
221 RUN_DEV(LINKSYS4, WUSB600NV2),
222 RUN_DEV(LOGITEC, RT2870_1),
223 RUN_DEV(LOGITEC, RT2870_2),
224 RUN_DEV(LOGITEC, RT2870_3),
225 RUN_DEV(LOGITEC, LANW300NU2),
226 RUN_DEV(LOGITEC, LANW150NU2),
227 RUN_DEV(LOGITEC, LANW300NU2S),
228 RUN_DEV(MELCO, WLIUCG300HP),
229 RUN_DEV(MELCO, RT2870_2),
230 RUN_DEV(MELCO, WLIUCAG300N),
231 RUN_DEV(MELCO, WLIUCG300N),
232 RUN_DEV(MELCO, WLIUCG301N),
233 RUN_DEV(MELCO, WLIUCGN),
234 RUN_DEV(MELCO, WLIUCGNM),
235 RUN_DEV(MELCO, WLIUCG300HPV1),
236 RUN_DEV(MELCO, WLIUCGNM2),
237 RUN_DEV(MOTOROLA4, RT2770),
238 RUN_DEV(MOTOROLA4, RT3070),
239 RUN_DEV(MSI, RT3070_1),
240 RUN_DEV(MSI, RT3070_2),
241 RUN_DEV(MSI, RT3070_3),
242 RUN_DEV(MSI, RT3070_4),
243 RUN_DEV(MSI, RT3070_5),
244 RUN_DEV(MSI, RT3070_6),
245 RUN_DEV(MSI, RT3070_7),
246 RUN_DEV(MSI, RT3070_8),
247 RUN_DEV(MSI, RT3070_9),
248 RUN_DEV(MSI, RT3070_10),
249 RUN_DEV(MSI, RT3070_11),
250 RUN_DEV(OVISLINK, RT3072),
251 RUN_DEV(PARA, RT3070),
252 RUN_DEV(PEGATRON, RT2870),
253 RUN_DEV(PEGATRON, RT3070),
254 RUN_DEV(PEGATRON, RT3070_2),
255 RUN_DEV(PEGATRON, RT3070_3),
256 RUN_DEV(PHILIPS, RT2870),
257 RUN_DEV(PLANEX2, GWUS300MINIS),
258 RUN_DEV(PLANEX2, GWUSMICRON),
259 RUN_DEV(PLANEX2, RT2870),
260 RUN_DEV(PLANEX2, RT3070),
261 RUN_DEV(QCOM, RT2870),
262 RUN_DEV(QUANTA, RT3070),
263 RUN_DEV(RALINK, RT2070),
264 RUN_DEV(RALINK, RT2770),
265 RUN_DEV(RALINK, RT2870),
266 RUN_DEV(RALINK, RT3070),
267 RUN_DEV(RALINK, RT3071),
268 RUN_DEV(RALINK, RT3072),
269 RUN_DEV(RALINK, RT3370),
270 RUN_DEV(RALINK, RT3572),
271 RUN_DEV(RALINK, RT3573),
272 RUN_DEV(RALINK, RT5370),
273 RUN_DEV(RALINK, RT5572),
274 RUN_DEV(RALINK, RT8070),
275 RUN_DEV(SAMSUNG, WIS09ABGN),
276 RUN_DEV(SAMSUNG2, RT2870_1),
277 RUN_DEV(SENAO, RT2870_1),
278 RUN_DEV(SENAO, RT2870_2),
279 RUN_DEV(SENAO, RT2870_3),
280 RUN_DEV(SENAO, RT2870_4),
281 RUN_DEV(SENAO, RT3070),
282 RUN_DEV(SENAO, RT3071),
283 RUN_DEV(SENAO, RT3072_1),
284 RUN_DEV(SENAO, RT3072_2),
285 RUN_DEV(SENAO, RT3072_3),
286 RUN_DEV(SENAO, RT3072_4),
287 RUN_DEV(SENAO, RT3072_5),
288 RUN_DEV(SITECOMEU, RT2770),
289 RUN_DEV(SITECOMEU, RT2870_1),
290 RUN_DEV(SITECOMEU, RT2870_2),
291 RUN_DEV(SITECOMEU, RT2870_3),
292 RUN_DEV(SITECOMEU, RT2870_4),
293 RUN_DEV(SITECOMEU, RT3070),
294 RUN_DEV(SITECOMEU, RT3070_2),
295 RUN_DEV(SITECOMEU, RT3070_3),
296 RUN_DEV(SITECOMEU, RT3070_4),
297 RUN_DEV(SITECOMEU, RT3071),
298 RUN_DEV(SITECOMEU, RT3072_1),
299 RUN_DEV(SITECOMEU, RT3072_2),
300 RUN_DEV(SITECOMEU, RT3072_3),
301 RUN_DEV(SITECOMEU, RT3072_4),
302 RUN_DEV(SITECOMEU, RT3072_5),
303 RUN_DEV(SITECOMEU, RT3072_6),
304 RUN_DEV(SITECOMEU, WL608),
305 RUN_DEV(SPARKLAN, RT2870_1),
306 RUN_DEV(SPARKLAN, RT3070),
307 RUN_DEV(SWEEX2, LW153),
308 RUN_DEV(SWEEX2, LW303),
309 RUN_DEV(SWEEX2, LW313),
310 RUN_DEV(TOSHIBA, RT3070),
311 RUN_DEV(UMEDIA, RT2870_1),
312 RUN_DEV(ZCOM, RT2870_1),
313 RUN_DEV(ZCOM, RT2870_2),
314 RUN_DEV(ZINWELL, RT2870_1),
315 RUN_DEV(ZINWELL, RT2870_2),
316 RUN_DEV(ZINWELL, RT3070),
317 RUN_DEV(ZINWELL, RT3072_1),
318 RUN_DEV(ZINWELL, RT3072_2),
319 RUN_DEV(ZYXEL, RT2870_1),
320 RUN_DEV(ZYXEL, RT2870_2),
321 RUN_DEV(ZYXEL, RT3070),
322 RUN_DEV_EJECT(ZYXEL, NWD2705),
323 RUN_DEV_EJECT(RALINK, RT_STOR),
324#undef RUN_DEV_EJECT
325#undef RUN_DEV
326};
327
328static device_probe_t run_match;
329static device_attach_t run_attach;
330static device_detach_t run_detach;
331
332static usb_callback_t run_bulk_rx_callback;
333static usb_callback_t run_bulk_tx_callback0;
334static usb_callback_t run_bulk_tx_callback1;
335static usb_callback_t run_bulk_tx_callback2;
336static usb_callback_t run_bulk_tx_callback3;
337static usb_callback_t run_bulk_tx_callback4;
338static usb_callback_t run_bulk_tx_callback5;
339
340static void run_autoinst(void *, struct usb_device *,
341 struct usb_attach_arg *);
342static int run_driver_loaded(struct module *, int, void *);
343static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
344 usb_error_t error, u_int index);
345static struct ieee80211vap *run_vap_create(struct ieee80211com *,
346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
347 const uint8_t [IEEE80211_ADDR_LEN],
348 const uint8_t [IEEE80211_ADDR_LEN]);
349static void run_vap_delete(struct ieee80211vap *);
350static void run_cmdq_cb(void *, int);
351static void run_setup_tx_list(struct run_softc *,
352 struct run_endpoint_queue *);
353static void run_unsetup_tx_list(struct run_softc *,
354 struct run_endpoint_queue *);
355static int run_load_microcode(struct run_softc *);
356static int run_reset(struct run_softc *);
357static usb_error_t run_do_request(struct run_softc *,
358 struct usb_device_request *, void *);
359static int run_read(struct run_softc *, uint16_t, uint32_t *);
360static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
361static int run_write_2(struct run_softc *, uint16_t, uint16_t);
362static int run_write(struct run_softc *, uint16_t, uint32_t);
363static int run_write_region_1(struct run_softc *, uint16_t,
364 const uint8_t *, int);
365static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
366static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
367static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
368static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
369static int run_rt2870_rf_write(struct run_softc *, uint32_t);
370static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
371static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
372static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
373static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
374static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
375static const char *run_get_rf(uint16_t);
376static void run_rt3593_get_txpower(struct run_softc *);
377static void run_get_txpower(struct run_softc *);
378static int run_read_eeprom(struct run_softc *);
379static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
380 const uint8_t mac[IEEE80211_ADDR_LEN]);
381static int run_media_change(struct ifnet *);
382static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
383static int run_wme_update(struct ieee80211com *);
384static void run_wme_update_cb(void *);
385static void run_key_update_begin(struct ieee80211vap *);
386static void run_key_update_end(struct ieee80211vap *);
387static void run_key_set_cb(void *);
388static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
389 const uint8_t mac[IEEE80211_ADDR_LEN]);
390static void run_key_delete_cb(void *);
391static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
392static void run_ratectl_to(void *);
393static void run_ratectl_cb(void *, int);
394static void run_drain_fifo(void *);
395static void run_iter_func(void *, struct ieee80211_node *);
396static void run_newassoc_cb(void *);
397static void run_newassoc(struct ieee80211_node *, int);
398static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
399static void run_tx_free(struct run_endpoint_queue *pq,
400 struct run_tx_data *, int);
401static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
402static int run_tx(struct run_softc *, struct mbuf *,
403 struct ieee80211_node *);
404static int run_tx_mgt(struct run_softc *, struct mbuf *,
405 struct ieee80211_node *);
406static int run_sendprot(struct run_softc *, const struct mbuf *,
407 struct ieee80211_node *, int, int);
408static int run_tx_param(struct run_softc *, struct mbuf *,
409 struct ieee80211_node *,
410 const struct ieee80211_bpf_params *);
411static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
412 const struct ieee80211_bpf_params *);
413static void run_start(struct ifnet *);
414static int run_ioctl(struct ifnet *, u_long, caddr_t);
415static void run_iq_calib(struct run_softc *, u_int);
416static void run_set_agc(struct run_softc *, uint8_t);
417static void run_select_chan_group(struct run_softc *, int);
418static void run_set_rx_antenna(struct run_softc *, int);
419static void run_rt2870_set_chan(struct run_softc *, u_int);
420static void run_rt3070_set_chan(struct run_softc *, u_int);
421static void run_rt3572_set_chan(struct run_softc *, u_int);
422static void run_rt3593_set_chan(struct run_softc *, u_int);
423static void run_rt5390_set_chan(struct run_softc *, u_int);
424static void run_rt5592_set_chan(struct run_softc *, u_int);
425static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
426static void run_set_channel(struct ieee80211com *);
427static void run_scan_start(struct ieee80211com *);
428static void run_scan_end(struct ieee80211com *);
429static void run_update_beacon(struct ieee80211vap *, int);
430static void run_update_beacon_cb(void *);
431static void run_updateprot(struct ieee80211com *);
432static void run_updateprot_cb(void *);
433static void run_usb_timeout_cb(void *);
434static void run_reset_livelock(struct run_softc *);
435static void run_enable_tsf_sync(struct run_softc *);
436static void run_enable_mrr(struct run_softc *);
437static void run_set_txpreamble(struct run_softc *);
438static void run_set_basicrates(struct run_softc *);
439static void run_set_leds(struct run_softc *, uint16_t);
440static void run_set_bssid(struct run_softc *, const uint8_t *);
441static void run_set_macaddr(struct run_softc *, const uint8_t *);
442static void run_updateslot(struct ifnet *);
443static void run_updateslot_cb(void *);
444static void run_update_mcast(struct ifnet *);
445static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
446static void run_update_promisc_locked(struct ifnet *);
447static void run_update_promisc(struct ifnet *);
448static void run_rt5390_bbp_init(struct run_softc *);
449static int run_bbp_init(struct run_softc *);
450static int run_rt3070_rf_init(struct run_softc *);
451static void run_rt3593_rf_init(struct run_softc *);
452static void run_rt5390_rf_init(struct run_softc *);
453static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
454 uint8_t *);
455static void run_rt3070_rf_setup(struct run_softc *);
456static void run_rt3593_rf_setup(struct run_softc *);
457static void run_rt5390_rf_setup(struct run_softc *);
458static int run_txrx_enable(struct run_softc *);
459static void run_adjust_freq_offset(struct run_softc *);
460static void run_init(void *);
461static void run_init_locked(struct run_softc *);
462static void run_stop(void *);
463static void run_delay(struct run_softc *, u_int);
464
465static eventhandler_tag run_etag;
466
467static const struct rt2860_rate {
468 uint8_t rate;
469 uint8_t mcs;
470 enum ieee80211_phytype phy;
471 uint8_t ctl_ridx;
472 uint16_t sp_ack_dur;
473 uint16_t lp_ack_dur;
474} rt2860_rates[] = {
475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
487};
488
489static const struct {
490 uint16_t reg;
491 uint32_t val;
492} rt2870_def_mac[] = {
493 RT2870_DEF_MAC
494};
495
496static const struct {
497 uint8_t reg;
498 uint8_t val;
499} rt2860_def_bbp[] = {
500 RT2860_DEF_BBP
501},rt5390_def_bbp[] = {
502 RT5390_DEF_BBP
503},rt5592_def_bbp[] = {
504 RT5592_DEF_BBP
505};
506
507/*
508 * Default values for BBP register R196 for RT5592.
509 */
510static const uint8_t rt5592_bbp_r196[] = {
511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
519 0x2e, 0x36, 0x30, 0x6e
520};
521
522static const struct rfprog {
523 uint8_t chan;
524 uint32_t r1, r2, r3, r4;
525} rt2860_rf2850[] = {
526 RT2860_RF2850
527};
528
529struct {
530 uint8_t n, r, k;
531} rt3070_freqs[] = {
532 RT3070_RF3052
533};
534
535static const struct rt5592_freqs {
536 uint16_t n;
537 uint8_t k, m, r;
538} rt5592_freqs_20mhz[] = {
539 RT5592_RF5592_20MHZ
540},rt5592_freqs_40mhz[] = {
541 RT5592_RF5592_40MHZ
542};
543
544static const struct {
545 uint8_t reg;
546 uint8_t val;
547} rt3070_def_rf[] = {
548 RT3070_DEF_RF
549},rt3572_def_rf[] = {
550 RT3572_DEF_RF
551},rt3593_def_rf[] = {
552 RT3593_DEF_RF
553},rt5390_def_rf[] = {
554 RT5390_DEF_RF
555},rt5392_def_rf[] = {
556 RT5392_DEF_RF
557},rt5592_def_rf[] = {
558 RT5592_DEF_RF
559},rt5592_2ghz_def_rf[] = {
560 RT5592_2GHZ_DEF_RF
561},rt5592_5ghz_def_rf[] = {
562 RT5592_5GHZ_DEF_RF
563};
564
565static const struct {
566 u_int firstchan;
567 u_int lastchan;
568 uint8_t reg;
569 uint8_t val;
570} rt5592_chan_5ghz[] = {
571 RT5592_CHAN_5GHZ
572};
573
574static const struct usb_config run_config[RUN_N_XFER] = {
575 [RUN_BULK_TX_BE] = {
576 .type = UE_BULK,
577 .endpoint = UE_ADDR_ANY,
578 .ep_index = 0,
579 .direction = UE_DIR_OUT,
580 .bufsize = RUN_MAX_TXSZ,
581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
582 .callback = run_bulk_tx_callback0,
583 .timeout = 5000, /* ms */
584 },
585 [RUN_BULK_TX_BK] = {
586 .type = UE_BULK,
587 .endpoint = UE_ADDR_ANY,
588 .direction = UE_DIR_OUT,
589 .ep_index = 1,
590 .bufsize = RUN_MAX_TXSZ,
591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
592 .callback = run_bulk_tx_callback1,
593 .timeout = 5000, /* ms */
594 },
595 [RUN_BULK_TX_VI] = {
596 .type = UE_BULK,
597 .endpoint = UE_ADDR_ANY,
598 .direction = UE_DIR_OUT,
599 .ep_index = 2,
600 .bufsize = RUN_MAX_TXSZ,
601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
602 .callback = run_bulk_tx_callback2,
603 .timeout = 5000, /* ms */
604 },
605 [RUN_BULK_TX_VO] = {
606 .type = UE_BULK,
607 .endpoint = UE_ADDR_ANY,
608 .direction = UE_DIR_OUT,
609 .ep_index = 3,
610 .bufsize = RUN_MAX_TXSZ,
611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
612 .callback = run_bulk_tx_callback3,
613 .timeout = 5000, /* ms */
614 },
615 [RUN_BULK_TX_HCCA] = {
616 .type = UE_BULK,
617 .endpoint = UE_ADDR_ANY,
618 .direction = UE_DIR_OUT,
619 .ep_index = 4,
620 .bufsize = RUN_MAX_TXSZ,
621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
622 .callback = run_bulk_tx_callback4,
623 .timeout = 5000, /* ms */
624 },
625 [RUN_BULK_TX_PRIO] = {
626 .type = UE_BULK,
627 .endpoint = UE_ADDR_ANY,
628 .direction = UE_DIR_OUT,
629 .ep_index = 5,
630 .bufsize = RUN_MAX_TXSZ,
631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
632 .callback = run_bulk_tx_callback5,
633 .timeout = 5000, /* ms */
634 },
635 [RUN_BULK_RX] = {
636 .type = UE_BULK,
637 .endpoint = UE_ADDR_ANY,
638 .direction = UE_DIR_IN,
639 .bufsize = RUN_MAX_RXSZ,
640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
641 .callback = run_bulk_rx_callback,
642 }
643};
644
645static void
646run_autoinst(void *arg, struct usb_device *udev,
647 struct usb_attach_arg *uaa)
648{
649 struct usb_interface *iface;
650 struct usb_interface_descriptor *id;
651
652 if (uaa->dev_state != UAA_DEV_READY)
653 return;
654
655 iface = usbd_get_iface(udev, 0);
656 if (iface == NULL)
657 return;
658 id = iface->idesc;
659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
660 return;
661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
662 return;
663
664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
665 uaa->dev_state = UAA_DEV_EJECTING;
666}
667
668static int
669run_driver_loaded(struct module *mod, int what, void *arg)
670{
671 switch (what) {
672 case MOD_LOAD:
673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
675 break;
676 case MOD_UNLOAD:
677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
678 break;
679 default:
680 return (EOPNOTSUPP);
681 }
682 return (0);
683}
684
685static int
686run_match(device_t self)
687{
688 struct usb_attach_arg *uaa = device_get_ivars(self);
689
690 if (uaa->usb_mode != USB_MODE_HOST)
691 return (ENXIO);
692 if (uaa->info.bConfigIndex != 0)
693 return (ENXIO);
694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
695 return (ENXIO);
696
697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
698}
699
700static int
701run_attach(device_t self)
702{
703 struct run_softc *sc = device_get_softc(self);
704 struct usb_attach_arg *uaa = device_get_ivars(self);
705 struct ieee80211com *ic;
706 struct ifnet *ifp;
707 uint32_t ver;
708 int ntries, error;
709 uint8_t iface_index, bands;
710
711 device_set_usb_desc(self);
712 sc->sc_udev = uaa->device;
713 sc->sc_dev = self;
714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
716
717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
718 MTX_NETWORK_LOCK, MTX_DEF);
719
720 iface_index = RT2860_IFACE_INDEX;
721
722 error = usbd_transfer_setup(uaa->device, &iface_index,
723 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
724 if (error) {
725 device_printf(self, "could not allocate USB transfers, "
726 "err=%s\n", usbd_errstr(error));
727 goto detach;
728 }
729
730 RUN_LOCK(sc);
731
732 /* wait for the chip to settle */
733 for (ntries = 0; ntries < 100; ntries++) {
734 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
735 RUN_UNLOCK(sc);
736 goto detach;
737 }
738 if (ver != 0 && ver != 0xffffffff)
739 break;
740 run_delay(sc, 10);
741 }
742 if (ntries == 100) {
743 device_printf(sc->sc_dev,
744 "timeout waiting for NIC to initialize\n");
745 RUN_UNLOCK(sc);
746 goto detach;
747 }
748 sc->mac_ver = ver >> 16;
749 sc->mac_rev = ver & 0xffff;
750
751 /* retrieve RF rev. no and various other things from EEPROM */
752 run_read_eeprom(sc);
753
754 device_printf(sc->sc_dev,
755 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
756 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
757 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid));
758
759 RUN_UNLOCK(sc);
760
761 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
762 if (ifp == NULL) {
763 device_printf(sc->sc_dev, "can not if_alloc()\n");
764 goto detach;
765 }
766 ic = ifp->if_l2com;
767
768 ifp->if_softc = sc;
769 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
770 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
771 ifp->if_init = run_init;
772 ifp->if_ioctl = run_ioctl;
773 ifp->if_start = run_start;
774 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
775 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
776 IFQ_SET_READY(&ifp->if_snd);
777
778 ic->ic_ifp = ifp;
|
780 ic->ic_name = device_get_nameunit(self);
781 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
782 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
783
784 /* set device capabilities */
785 ic->ic_caps =
786 IEEE80211_C_STA | /* station mode supported */
787 IEEE80211_C_MONITOR | /* monitor mode supported */
788 IEEE80211_C_IBSS |
789 IEEE80211_C_HOSTAP |
790 IEEE80211_C_WDS | /* 4-address traffic works */
791 IEEE80211_C_MBSS |
792 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
793 IEEE80211_C_SHSLOT | /* short slot time supported */
794 IEEE80211_C_WME | /* WME */
795 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
796
797 ic->ic_cryptocaps =
798 IEEE80211_CRYPTO_WEP |
799 IEEE80211_CRYPTO_AES_CCM |
800 IEEE80211_CRYPTO_TKIPMIC |
801 IEEE80211_CRYPTO_TKIP;
802
803 ic->ic_flags |= IEEE80211_F_DATAPAD;
804 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
805
806 bands = 0;
807 setbit(&bands, IEEE80211_MODE_11B);
808 setbit(&bands, IEEE80211_MODE_11G);
809 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
810 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
811 sc->rf_rev == RT5592_RF_5592)
812 setbit(&bands, IEEE80211_MODE_11A);
813 ieee80211_init_channels(ic, NULL, &bands);
814
815 ieee80211_ifattach(ic, sc->sc_bssid);
816
817 ic->ic_scan_start = run_scan_start;
818 ic->ic_scan_end = run_scan_end;
819 ic->ic_set_channel = run_set_channel;
820 ic->ic_node_alloc = run_node_alloc;
821 ic->ic_newassoc = run_newassoc;
822 ic->ic_updateslot = run_updateslot;
823 ic->ic_update_mcast = run_update_mcast;
824 ic->ic_wme.wme_update = run_wme_update;
825 ic->ic_raw_xmit = run_raw_xmit;
826 ic->ic_update_promisc = run_update_promisc;
827
828 ic->ic_vap_create = run_vap_create;
829 ic->ic_vap_delete = run_vap_delete;
830
831 ieee80211_radiotap_attach(ic,
832 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
833 RUN_TX_RADIOTAP_PRESENT,
834 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
835 RUN_RX_RADIOTAP_PRESENT);
836
837 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
838 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
839 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
840
841 if (bootverbose)
842 ieee80211_announce(ic);
843
844 return (0);
845
846detach:
847 run_detach(self);
848 return (ENXIO);
849}
850
851static int
852run_detach(device_t self)
853{
854 struct run_softc *sc = device_get_softc(self);
855 struct ifnet *ifp = sc->sc_ifp;
856 struct ieee80211com *ic;
857 int i;
858
859 RUN_LOCK(sc);
860 sc->sc_detached = 1;
861 RUN_UNLOCK(sc);
862
863 /* stop all USB transfers */
864 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
865
866 RUN_LOCK(sc);
867 sc->ratectl_run = RUN_RATECTL_OFF;
868 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
869
870 /* free TX list, if any */
871 for (i = 0; i != RUN_EP_QUEUES; i++)
872 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
873 RUN_UNLOCK(sc);
874
875 if (ifp) {
876 ic = ifp->if_l2com;
877 /* drain tasks */
878 usb_callout_drain(&sc->ratectl_ch);
879 ieee80211_draintask(ic, &sc->cmdq_task);
880 ieee80211_draintask(ic, &sc->ratectl_task);
881 ieee80211_ifdetach(ic);
882 if_free(ifp);
883 }
884
885 mtx_destroy(&sc->sc_mtx);
886
887 return (0);
888}
889
890static struct ieee80211vap *
891run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
892 enum ieee80211_opmode opmode, int flags,
893 const uint8_t bssid[IEEE80211_ADDR_LEN],
894 const uint8_t mac[IEEE80211_ADDR_LEN])
895{
896 struct ifnet *ifp = ic->ic_ifp;
897 struct run_softc *sc = ifp->if_softc;
898 struct run_vap *rvp;
899 struct ieee80211vap *vap;
900 int i;
901
902 if (sc->rvp_cnt >= RUN_VAP_MAX) {
903 if_printf(ifp, "number of VAPs maxed out\n");
904 return (NULL);
905 }
906
907 switch (opmode) {
908 case IEEE80211_M_STA:
909 /* enable s/w bmiss handling for sta mode */
910 flags |= IEEE80211_CLONE_NOBEACONS;
911 /* fall though */
912 case IEEE80211_M_IBSS:
913 case IEEE80211_M_MONITOR:
914 case IEEE80211_M_HOSTAP:
915 case IEEE80211_M_MBSS:
916 /* other than WDS vaps, only one at a time */
917 if (!TAILQ_EMPTY(&ic->ic_vaps))
918 return (NULL);
919 break;
920 case IEEE80211_M_WDS:
921 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
922 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
923 continue;
924 /* WDS vap's always share the local mac address. */
925 flags &= ~IEEE80211_CLONE_BSSID;
926 break;
927 }
928 if (vap == NULL) {
929 if_printf(ifp, "wds only supported in ap mode\n");
930 return (NULL);
931 }
932 break;
933 default:
934 if_printf(ifp, "unknown opmode %d\n", opmode);
935 return (NULL);
936 }
937
938 rvp = (struct run_vap *) malloc(sizeof(struct run_vap),
939 M_80211_VAP, M_NOWAIT | M_ZERO);
940 if (rvp == NULL)
941 return (NULL);
942 vap = &rvp->vap;
943
944 if (ieee80211_vap_setup(ic, vap, name, unit,
945 opmode, flags, bssid, mac) != 0) {
946 /* out of memory */
947 free(rvp, M_80211_VAP);
948 return (NULL);
949 }
950
951 vap->iv_key_update_begin = run_key_update_begin;
952 vap->iv_key_update_end = run_key_update_end;
953 vap->iv_update_beacon = run_update_beacon;
954 vap->iv_max_aid = RT2870_WCID_MAX;
955 /*
956 * To delete the right key from h/w, we need wcid.
957 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
958 * and matching wcid will be written into there. So, cast
959 * some spells to remove 'const' from ieee80211_key{}
960 */
961 vap->iv_key_delete = (void *)run_key_delete;
962 vap->iv_key_set = (void *)run_key_set;
963
964 /* override state transition machine */
965 rvp->newstate = vap->iv_newstate;
966 vap->iv_newstate = run_newstate;
967
968 ieee80211_ratectl_init(vap);
969 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
970
971 /* complete setup */
972 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
973
974 /* make sure id is always unique */
975 for (i = 0; i < RUN_VAP_MAX; i++) {
976 if((sc->rvp_bmap & 1 << i) == 0){
977 sc->rvp_bmap |= 1 << i;
978 rvp->rvp_id = i;
979 break;
980 }
981 }
982 if (sc->rvp_cnt++ == 0)
983 ic->ic_opmode = opmode;
984
985 if (opmode == IEEE80211_M_HOSTAP)
986 sc->cmdq_run = RUN_CMDQ_GO;
987
988 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
989 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
990
991 return (vap);
992}
993
994static void
995run_vap_delete(struct ieee80211vap *vap)
996{
997 struct run_vap *rvp = RUN_VAP(vap);
998 struct ifnet *ifp;
999 struct ieee80211com *ic;
1000 struct run_softc *sc;
1001 uint8_t rvp_id;
1002
1003 if (vap == NULL)
1004 return;
1005
1006 ic = vap->iv_ic;
1007 ifp = ic->ic_ifp;
1008
1009 sc = ifp->if_softc;
1010
1011 RUN_LOCK(sc);
1012
1013 m_freem(rvp->beacon_mbuf);
1014 rvp->beacon_mbuf = NULL;
1015
1016 rvp_id = rvp->rvp_id;
1017 sc->ratectl_run &= ~(1 << rvp_id);
1018 sc->rvp_bmap &= ~(1 << rvp_id);
1019 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1020 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1021 --sc->rvp_cnt;
1022
1023 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1024 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1025
1026 RUN_UNLOCK(sc);
1027
1028 ieee80211_ratectl_deinit(vap);
1029 ieee80211_vap_detach(vap);
1030 free(rvp, M_80211_VAP);
1031}
1032
1033/*
1034 * There are numbers of functions need to be called in context thread.
1035 * Rather than creating taskqueue event for each of those functions,
1036 * here is all-for-one taskqueue callback function. This function
1037 * gurantees deferred functions are executed in the same order they
1038 * were enqueued.
1039 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1040 */
1041static void
1042run_cmdq_cb(void *arg, int pending)
1043{
1044 struct run_softc *sc = arg;
1045 uint8_t i;
1046
1047 /* call cmdq[].func locked */
1048 RUN_LOCK(sc);
1049 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1050 i = sc->cmdq_exec, pending--) {
1051 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
1052 if (sc->cmdq_run == RUN_CMDQ_GO) {
1053 /*
1054 * If arg0 is NULL, callback func needs more
1055 * than one arg. So, pass ptr to cmdq struct.
1056 */
1057 if (sc->cmdq[i].arg0)
1058 sc->cmdq[i].func(sc->cmdq[i].arg0);
1059 else
1060 sc->cmdq[i].func(&sc->cmdq[i]);
1061 }
1062 sc->cmdq[i].arg0 = NULL;
1063 sc->cmdq[i].func = NULL;
1064 sc->cmdq_exec++;
1065 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1066 }
1067 RUN_UNLOCK(sc);
1068}
1069
1070static void
1071run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1072{
1073 struct run_tx_data *data;
1074
1075 memset(pq, 0, sizeof(*pq));
1076
1077 STAILQ_INIT(&pq->tx_qh);
1078 STAILQ_INIT(&pq->tx_fh);
1079
1080 for (data = &pq->tx_data[0];
1081 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1082 data->sc = sc;
1083 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1084 }
1085 pq->tx_nfree = RUN_TX_RING_COUNT;
1086}
1087
1088static void
1089run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1090{
1091 struct run_tx_data *data;
1092
1093 /* make sure any subsequent use of the queues will fail */
1094 pq->tx_nfree = 0;
1095 STAILQ_INIT(&pq->tx_fh);
1096 STAILQ_INIT(&pq->tx_qh);
1097
1098 /* free up all node references and mbufs */
1099 for (data = &pq->tx_data[0];
1100 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1101 if (data->m != NULL) {
1102 m_freem(data->m);
1103 data->m = NULL;
1104 }
1105 if (data->ni != NULL) {
1106 ieee80211_free_node(data->ni);
1107 data->ni = NULL;
1108 }
1109 }
1110}
1111
1112static int
1113run_load_microcode(struct run_softc *sc)
1114{
1115 usb_device_request_t req;
1116 const struct firmware *fw;
1117 const u_char *base;
1118 uint32_t tmp;
1119 int ntries, error;
1120 const uint64_t *temp;
1121 uint64_t bytes;
1122
1123 RUN_UNLOCK(sc);
1124 fw = firmware_get("runfw");
1125 RUN_LOCK(sc);
1126 if (fw == NULL) {
1127 device_printf(sc->sc_dev,
1128 "failed loadfirmware of file %s\n", "runfw");
1129 return ENOENT;
1130 }
1131
1132 if (fw->datasize != 8192) {
1133 device_printf(sc->sc_dev,
1134 "invalid firmware size (should be 8KB)\n");
1135 error = EINVAL;
1136 goto fail;
1137 }
1138
1139 /*
1140 * RT3071/RT3072 use a different firmware
1141 * run-rt2870 (8KB) contains both,
1142 * first half (4KB) is for rt2870,
1143 * last half is for rt3071.
1144 */
1145 base = fw->data;
1146 if ((sc->mac_ver) != 0x2860 &&
1147 (sc->mac_ver) != 0x2872 &&
1148 (sc->mac_ver) != 0x3070) {
1149 base += 4096;
1150 }
1151
1152 /* cheap sanity check */
1153 temp = fw->data;
1154 bytes = *temp;
1155 if (bytes != be64toh(0xffffff0210280210ULL)) {
1156 device_printf(sc->sc_dev, "firmware checksum failed\n");
1157 error = EINVAL;
1158 goto fail;
1159 }
1160
1161 /* write microcode image */
1162 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1163 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1164 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1165 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1166 }
1167
1168 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1169 req.bRequest = RT2870_RESET;
1170 USETW(req.wValue, 8);
1171 USETW(req.wIndex, 0);
1172 USETW(req.wLength, 0);
1173 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1174 != 0) {
1175 device_printf(sc->sc_dev, "firmware reset failed\n");
1176 goto fail;
1177 }
1178
1179 run_delay(sc, 10);
1180
1181 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1182 run_write(sc, RT2860_H2M_MAILBOX, 0);
1183 run_write(sc, RT2860_H2M_INTSRC, 0);
1184 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1185 goto fail;
1186
1187 /* wait until microcontroller is ready */
1188 for (ntries = 0; ntries < 1000; ntries++) {
1189 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1190 goto fail;
1191 if (tmp & RT2860_MCU_READY)
1192 break;
1193 run_delay(sc, 10);
1194 }
1195 if (ntries == 1000) {
1196 device_printf(sc->sc_dev,
1197 "timeout waiting for MCU to initialize\n");
1198 error = ETIMEDOUT;
1199 goto fail;
1200 }
1201 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1202 (base == fw->data) ? "RT2870" : "RT3071",
1203 *(base + 4092), *(base + 4093));
1204
1205fail:
1206 firmware_put(fw, FIRMWARE_UNLOAD);
1207 return (error);
1208}
1209
1210static int
1211run_reset(struct run_softc *sc)
1212{
1213 usb_device_request_t req;
1214
1215 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1216 req.bRequest = RT2870_RESET;
1217 USETW(req.wValue, 1);
1218 USETW(req.wIndex, 0);
1219 USETW(req.wLength, 0);
1220 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1221}
1222
1223static usb_error_t
1224run_do_request(struct run_softc *sc,
1225 struct usb_device_request *req, void *data)
1226{
1227 usb_error_t err;
1228 int ntries = 10;
1229
1230 RUN_LOCK_ASSERT(sc, MA_OWNED);
1231
1232 while (ntries--) {
1233 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1234 req, data, 0, NULL, 250 /* ms */);
1235 if (err == 0)
1236 break;
1237 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1238 usbd_errstr(err));
1239 run_delay(sc, 10);
1240 }
1241 return (err);
1242}
1243
1244static int
1245run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1246{
1247 uint32_t tmp;
1248 int error;
1249
1250 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1251 if (error == 0)
1252 *val = le32toh(tmp);
1253 else
1254 *val = 0xffffffff;
1255 return (error);
1256}
1257
1258static int
1259run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1260{
1261 usb_device_request_t req;
1262
1263 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1264 req.bRequest = RT2870_READ_REGION_1;
1265 USETW(req.wValue, 0);
1266 USETW(req.wIndex, reg);
1267 USETW(req.wLength, len);
1268
1269 return (run_do_request(sc, &req, buf));
1270}
1271
1272static int
1273run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1274{
1275 usb_device_request_t req;
1276
1277 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1278 req.bRequest = RT2870_WRITE_2;
1279 USETW(req.wValue, val);
1280 USETW(req.wIndex, reg);
1281 USETW(req.wLength, 0);
1282
1283 return (run_do_request(sc, &req, NULL));
1284}
1285
1286static int
1287run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1288{
1289 int error;
1290
1291 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1292 error = run_write_2(sc, reg + 2, val >> 16);
1293 return (error);
1294}
1295
1296static int
1297run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1298 int len)
1299{
1300#if 1
1301 int i, error = 0;
1302 /*
1303 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1304 * We thus issue multiple WRITE_2 commands instead.
1305 */
1306 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1307 for (i = 0; i < len && error == 0; i += 2)
1308 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1309 return (error);
1310#else
1311 usb_device_request_t req;
1312 int error = 0;
1313
1314 /*
1315 * NOTE: It appears the WRITE_REGION_1 command cannot be
1316 * passed a huge amount of data, which will crash the
1317 * firmware. Limit amount of data passed to 64-bytes at a
1318 * time.
1319 */
1320 while (len > 0) {
1321 int delta = 64;
1322 if (delta > len)
1323 delta = len;
1324
1325 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1326 req.bRequest = RT2870_WRITE_REGION_1;
1327 USETW(req.wValue, 0);
1328 USETW(req.wIndex, reg);
1329 USETW(req.wLength, delta);
1330 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1331 if (error != 0)
1332 break;
1333 reg += delta;
1334 buf += delta;
1335 len -= delta;
1336 }
1337 return (error);
1338#endif
1339}
1340
1341static int
1342run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1343{
1344 int i, error = 0;
1345
1346 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1347 for (i = 0; i < len && error == 0; i += 4)
1348 error = run_write(sc, reg + i, val);
1349 return (error);
1350}
1351
1352static int
1353run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1354{
1355 uint32_t tmp;
1356 uint16_t reg;
1357 int error, ntries;
1358
1359 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1360 return (error);
1361
1362 if (count == 2)
1363 addr *= 2;
1364 /*-
1365 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1366 * DATA0: F E D C
1367 * DATA1: B A 9 8
1368 * DATA2: 7 6 5 4
1369 * DATA3: 3 2 1 0
1370 */
1371 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1372 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1373 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1374 for (ntries = 0; ntries < 100; ntries++) {
1375 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1376 return (error);
1377 if (!(tmp & RT3070_EFSROM_KICK))
1378 break;
1379 run_delay(sc, 2);
1380 }
1381 if (ntries == 100)
1382 return (ETIMEDOUT);
1383
1384 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1385 *val = 0xffff; /* address not found */
1386 return (0);
1387 }
1388 /* determine to which 32-bit register our 16-bit word belongs */
1389 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1390 if ((error = run_read(sc, reg, &tmp)) != 0)
1391 return (error);
1392
1393 tmp >>= (8 * (addr & 0x3));
1394 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1395
1396 return (0);
1397}
1398
1399/* Read 16-bit from eFUSE ROM for RT3xxx. */
1400static int
1401run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1402{
1403 return (run_efuse_read(sc, addr, val, 2));
1404}
1405
1406static int
1407run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1408{
1409 usb_device_request_t req;
1410 uint16_t tmp;
1411 int error;
1412
1413 addr *= 2;
1414 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1415 req.bRequest = RT2870_EEPROM_READ;
1416 USETW(req.wValue, 0);
1417 USETW(req.wIndex, addr);
1418 USETW(req.wLength, sizeof(tmp));
1419
1420 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1421 if (error == 0)
1422 *val = le16toh(tmp);
1423 else
1424 *val = 0xffff;
1425 return (error);
1426}
1427
1428static __inline int
1429run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1430{
1431 /* either eFUSE ROM or EEPROM */
1432 return sc->sc_srom_read(sc, addr, val);
1433}
1434
1435static int
1436run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1437{
1438 uint32_t tmp;
1439 int error, ntries;
1440
1441 for (ntries = 0; ntries < 10; ntries++) {
1442 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1443 return (error);
1444 if (!(tmp & RT2860_RF_REG_CTRL))
1445 break;
1446 }
1447 if (ntries == 10)
1448 return (ETIMEDOUT);
1449
1450 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1451}
1452
1453static int
1454run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1455{
1456 uint32_t tmp;
1457 int error, ntries;
1458
1459 for (ntries = 0; ntries < 100; ntries++) {
1460 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1461 return (error);
1462 if (!(tmp & RT3070_RF_KICK))
1463 break;
1464 }
1465 if (ntries == 100)
1466 return (ETIMEDOUT);
1467
1468 tmp = RT3070_RF_KICK | reg << 8;
1469 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1470 return (error);
1471
1472 for (ntries = 0; ntries < 100; ntries++) {
1473 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1474 return (error);
1475 if (!(tmp & RT3070_RF_KICK))
1476 break;
1477 }
1478 if (ntries == 100)
1479 return (ETIMEDOUT);
1480
1481 *val = tmp & 0xff;
1482 return (0);
1483}
1484
1485static int
1486run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1487{
1488 uint32_t tmp;
1489 int error, ntries;
1490
1491 for (ntries = 0; ntries < 10; ntries++) {
1492 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1493 return (error);
1494 if (!(tmp & RT3070_RF_KICK))
1495 break;
1496 }
1497 if (ntries == 10)
1498 return (ETIMEDOUT);
1499
1500 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1501 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1502}
1503
1504static int
1505run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1506{
1507 uint32_t tmp;
1508 int ntries, error;
1509
1510 for (ntries = 0; ntries < 10; ntries++) {
1511 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1512 return (error);
1513 if (!(tmp & RT2860_BBP_CSR_KICK))
1514 break;
1515 }
1516 if (ntries == 10)
1517 return (ETIMEDOUT);
1518
1519 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1520 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1521 return (error);
1522
1523 for (ntries = 0; ntries < 10; ntries++) {
1524 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1525 return (error);
1526 if (!(tmp & RT2860_BBP_CSR_KICK))
1527 break;
1528 }
1529 if (ntries == 10)
1530 return (ETIMEDOUT);
1531
1532 *val = tmp & 0xff;
1533 return (0);
1534}
1535
1536static int
1537run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1538{
1539 uint32_t tmp;
1540 int ntries, error;
1541
1542 for (ntries = 0; ntries < 10; ntries++) {
1543 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1544 return (error);
1545 if (!(tmp & RT2860_BBP_CSR_KICK))
1546 break;
1547 }
1548 if (ntries == 10)
1549 return (ETIMEDOUT);
1550
1551 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1552 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1553}
1554
1555/*
1556 * Send a command to the 8051 microcontroller unit.
1557 */
1558static int
1559run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1560{
1561 uint32_t tmp;
1562 int error, ntries;
1563
1564 for (ntries = 0; ntries < 100; ntries++) {
1565 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1566 return error;
1567 if (!(tmp & RT2860_H2M_BUSY))
1568 break;
1569 }
1570 if (ntries == 100)
1571 return ETIMEDOUT;
1572
1573 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1574 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1575 error = run_write(sc, RT2860_HOST_CMD, cmd);
1576 return (error);
1577}
1578
1579/*
1580 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1581 * Used to adjust per-rate Tx power registers.
1582 */
1583static __inline uint32_t
1584b4inc(uint32_t b32, int8_t delta)
1585{
1586 int8_t i, b4;
1587
1588 for (i = 0; i < 8; i++) {
1589 b4 = b32 & 0xf;
1590 b4 += delta;
1591 if (b4 < 0)
1592 b4 = 0;
1593 else if (b4 > 0xf)
1594 b4 = 0xf;
1595 b32 = b32 >> 4 | b4 << 28;
1596 }
1597 return (b32);
1598}
1599
1600static const char *
1601run_get_rf(uint16_t rev)
1602{
1603 switch (rev) {
1604 case RT2860_RF_2820: return "RT2820";
1605 case RT2860_RF_2850: return "RT2850";
1606 case RT2860_RF_2720: return "RT2720";
1607 case RT2860_RF_2750: return "RT2750";
1608 case RT3070_RF_3020: return "RT3020";
1609 case RT3070_RF_2020: return "RT2020";
1610 case RT3070_RF_3021: return "RT3021";
1611 case RT3070_RF_3022: return "RT3022";
1612 case RT3070_RF_3052: return "RT3052";
1613 case RT3593_RF_3053: return "RT3053";
1614 case RT5592_RF_5592: return "RT5592";
1615 case RT5390_RF_5370: return "RT5370";
1616 case RT5390_RF_5372: return "RT5372";
1617 }
1618 return ("unknown");
1619}
1620
1621static void
1622run_rt3593_get_txpower(struct run_softc *sc)
1623{
1624 uint16_t addr, val;
1625 int i;
1626
1627 /* Read power settings for 2GHz channels. */
1628 for (i = 0; i < 14; i += 2) {
1629 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1630 RT2860_EEPROM_PWR2GHZ_BASE1;
1631 run_srom_read(sc, addr + i / 2, &val);
1632 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1633 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1634
1635 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1636 RT2860_EEPROM_PWR2GHZ_BASE2;
1637 run_srom_read(sc, addr + i / 2, &val);
1638 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1639 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1640
1641 if (sc->ntxchains == 3) {
1642 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1643 &val);
1644 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1645 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1646 }
1647 }
1648 /* Fix broken Tx power entries. */
1649 for (i = 0; i < 14; i++) {
1650 if (sc->txpow1[i] > 31)
1651 sc->txpow1[i] = 5;
1652 if (sc->txpow2[i] > 31)
1653 sc->txpow2[i] = 5;
1654 if (sc->ntxchains == 3) {
1655 if (sc->txpow3[i] > 31)
1656 sc->txpow3[i] = 5;
1657 }
1658 }
1659 /* Read power settings for 5GHz channels. */
1660 for (i = 0; i < 40; i += 2) {
1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1662 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1663 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1664
1665 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1666 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1667 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1668
1669 if (sc->ntxchains == 3) {
1670 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1671 &val);
1672 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1673 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1674 }
1675 }
1676}
1677
1678static void
1679run_get_txpower(struct run_softc *sc)
1680{
1681 uint16_t val;
1682 int i;
1683
1684 /* Read power settings for 2GHz channels. */
1685 for (i = 0; i < 14; i += 2) {
1686 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1687 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1688 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1689
1690 if (sc->mac_ver != 0x5390) {
1691 run_srom_read(sc,
1692 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1693 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1694 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1695 }
1696 }
1697 /* Fix broken Tx power entries. */
1698 for (i = 0; i < 14; i++) {
1699 if (sc->mac_ver >= 0x5390) {
1700 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27)
1701 sc->txpow1[i] = 5;
1702 } else {
1703 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1704 sc->txpow1[i] = 5;
1705 }
1706 if (sc->mac_ver > 0x5390) {
1707 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27)
1708 sc->txpow2[i] = 5;
1709 } else if (sc->mac_ver < 0x5390) {
1710 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1711 sc->txpow2[i] = 5;
1712 }
1713 DPRINTF("chan %d: power1=%d, power2=%d\n",
1714 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1715 }
1716 /* Read power settings for 5GHz channels. */
1717 for (i = 0; i < 40; i += 2) {
1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1719 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1720 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1721
1722 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1723 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1724 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1725 }
1726 /* Fix broken Tx power entries. */
1727 for (i = 0; i < 40; i++ ) {
1728 if (sc->mac_ver != 0x5592) {
1729 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1730 sc->txpow1[14 + i] = 5;
1731 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1732 sc->txpow2[14 + i] = 5;
1733 }
1734 DPRINTF("chan %d: power1=%d, power2=%d\n",
1735 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1736 sc->txpow2[14 + i]);
1737 }
1738}
1739
1740static int
1741run_read_eeprom(struct run_softc *sc)
1742{
1743 int8_t delta_2ghz, delta_5ghz;
1744 uint32_t tmp;
1745 uint16_t val;
1746 int ridx, ant, i;
1747
1748 /* check whether the ROM is eFUSE ROM or EEPROM */
1749 sc->sc_srom_read = run_eeprom_read_2;
1750 if (sc->mac_ver >= 0x3070) {
1751 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1752 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1753 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1754 sc->sc_srom_read = run_efuse_read_2;
1755 }
1756
1757 /* read ROM version */
1758 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1759 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1760
1761 /* read MAC address */
1762 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1763 sc->sc_bssid[0] = val & 0xff;
1764 sc->sc_bssid[1] = val >> 8;
1765 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1766 sc->sc_bssid[2] = val & 0xff;
1767 sc->sc_bssid[3] = val >> 8;
1768 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1769 sc->sc_bssid[4] = val & 0xff;
1770 sc->sc_bssid[5] = val >> 8;
1771
1772 if (sc->mac_ver < 0x3593) {
1773 /* read vender BBP settings */
1774 for (i = 0; i < 10; i++) {
1775 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1776 sc->bbp[i].val = val & 0xff;
1777 sc->bbp[i].reg = val >> 8;
1778 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg,
1779 sc->bbp[i].val);
1780 }
1781 if (sc->mac_ver >= 0x3071) {
1782 /* read vendor RF settings */
1783 for (i = 0; i < 10; i++) {
1784 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1785 &val);
1786 sc->rf[i].val = val & 0xff;
1787 sc->rf[i].reg = val >> 8;
1788 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1789 sc->rf[i].val);
1790 }
1791 }
1792 }
1793
1794 /* read RF frequency offset from EEPROM */
1795 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1796 RT3593_EEPROM_FREQ, &val);
1797 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1798 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1799
1800 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1801 RT3593_EEPROM_FREQ_LEDS, &val);
1802 if (val >> 8 != 0xff) {
1803 /* read LEDs operating mode */
1804 sc->leds = val >> 8;
1805 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1806 RT3593_EEPROM_LED1, &sc->led[0]);
1807 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1808 RT3593_EEPROM_LED2, &sc->led[1]);
1809 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1810 RT3593_EEPROM_LED3, &sc->led[2]);
1811 } else {
1812 /* broken EEPROM, use default settings */
1813 sc->leds = 0x01;
1814 sc->led[0] = 0x5555;
1815 sc->led[1] = 0x2221;
1816 sc->led[2] = 0x5627; /* differs from RT2860 */
1817 }
1818 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1819 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1820
1821 /* read RF information */
1822 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1823 run_srom_read(sc, 0x00, &val);
1824 else
1825 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1826
1827 if (val == 0xffff) {
1828 device_printf(sc->sc_dev,
1829 "invalid EEPROM antenna info, using default\n");
1830 DPRINTF("invalid EEPROM antenna info, using default\n");
1831 if (sc->mac_ver == 0x3572) {
1832 /* default to RF3052 2T2R */
1833 sc->rf_rev = RT3070_RF_3052;
1834 sc->ntxchains = 2;
1835 sc->nrxchains = 2;
1836 } else if (sc->mac_ver >= 0x3070) {
1837 /* default to RF3020 1T1R */
1838 sc->rf_rev = RT3070_RF_3020;
1839 sc->ntxchains = 1;
1840 sc->nrxchains = 1;
1841 } else {
1842 /* default to RF2820 1T2R */
1843 sc->rf_rev = RT2860_RF_2820;
1844 sc->ntxchains = 1;
1845 sc->nrxchains = 2;
1846 }
1847 } else {
1848 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1849 sc->rf_rev = val;
1850 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1851 } else
1852 sc->rf_rev = (val >> 8) & 0xf;
1853 sc->ntxchains = (val >> 4) & 0xf;
1854 sc->nrxchains = val & 0xf;
1855 }
1856 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n",
1857 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1858
1859 /* check if RF supports automatic Tx access gain control */
1860 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1861 DPRINTF("EEPROM CFG 0x%04x\n", val);
1862 /* check if driver should patch the DAC issue */
1863 if ((val >> 8) != 0xff)
1864 sc->patch_dac = (val >> 15) & 1;
1865 if ((val & 0xff) != 0xff) {
1866 sc->ext_5ghz_lna = (val >> 3) & 1;
1867 sc->ext_2ghz_lna = (val >> 2) & 1;
1868 /* check if RF supports automatic Tx access gain control */
1869 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1870 /* check if we have a hardware radio switch */
1871 sc->rfswitch = val & 1;
1872 }
1873
1874 /* Read Tx power settings. */
1875 if (sc->mac_ver == 0x3593)
1876 run_rt3593_get_txpower(sc);
1877 else
1878 run_get_txpower(sc);
1879
1880 /* read Tx power compensation for each Tx rate */
1881 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1882 delta_2ghz = delta_5ghz = 0;
1883 if ((val & 0xff) != 0xff && (val & 0x80)) {
1884 delta_2ghz = val & 0xf;
1885 if (!(val & 0x40)) /* negative number */
1886 delta_2ghz = -delta_2ghz;
1887 }
1888 val >>= 8;
1889 if ((val & 0xff) != 0xff && (val & 0x80)) {
1890 delta_5ghz = val & 0xf;
1891 if (!(val & 0x40)) /* negative number */
1892 delta_5ghz = -delta_5ghz;
1893 }
1894 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1895 delta_2ghz, delta_5ghz);
1896
1897 for (ridx = 0; ridx < 5; ridx++) {
1898 uint32_t reg;
1899
1900 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1901 reg = val;
1902 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1903 reg |= (uint32_t)val << 16;
1904
1905 sc->txpow20mhz[ridx] = reg;
1906 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1907 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1908
1909 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1910 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1911 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1912 }
1913
1914 /* Read RSSI offsets and LNA gains from EEPROM. */
1915 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1916 RT3593_EEPROM_RSSI1_2GHZ, &val);
1917 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1918 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1919 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1920 RT3593_EEPROM_RSSI2_2GHZ, &val);
1921 if (sc->mac_ver >= 0x3070) {
1922 if (sc->mac_ver == 0x3593) {
1923 sc->txmixgain_2ghz = 0;
1924 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1925 } else {
1926 /*
1927 * On RT3070 chips (limited to 2 Rx chains), this ROM
1928 * field contains the Tx mixer gain for the 2GHz band.
1929 */
1930 if ((val & 0xff) != 0xff)
1931 sc->txmixgain_2ghz = val & 0x7;
1932 }
1933 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1934 } else
1935 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1936 if (sc->mac_ver == 0x3593)
1937 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1938 sc->lna[2] = val >> 8; /* channel group 2 */
1939
1940 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1941 RT3593_EEPROM_RSSI1_5GHZ, &val);
1942 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1943 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1944 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1945 RT3593_EEPROM_RSSI2_5GHZ, &val);
1946 if (sc->mac_ver == 0x3572) {
1947 /*
1948 * On RT3572 chips (limited to 2 Rx chains), this ROM
1949 * field contains the Tx mixer gain for the 5GHz band.
1950 */
1951 if ((val & 0xff) != 0xff)
1952 sc->txmixgain_5ghz = val & 0x7;
1953 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1954 } else
1955 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1956 if (sc->mac_ver == 0x3593) {
1957 sc->txmixgain_5ghz = 0;
1958 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1959 }
1960 sc->lna[3] = val >> 8; /* channel group 3 */
1961
1962 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1963 RT3593_EEPROM_LNA, &val);
1964 sc->lna[0] = val & 0xff; /* channel group 0 */
1965 sc->lna[1] = val >> 8; /* channel group 1 */
1966
1967 /* fix broken 5GHz LNA entries */
1968 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1969 DPRINTF("invalid LNA for channel group %d\n", 2);
1970 sc->lna[2] = sc->lna[1];
1971 }
1972 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1973 DPRINTF("invalid LNA for channel group %d\n", 3);
1974 sc->lna[3] = sc->lna[1];
1975 }
1976
1977 /* fix broken RSSI offset entries */
1978 for (ant = 0; ant < 3; ant++) {
1979 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1980 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1981 ant + 1, sc->rssi_2ghz[ant]);
1982 sc->rssi_2ghz[ant] = 0;
1983 }
1984 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1985 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1986 ant + 1, sc->rssi_5ghz[ant]);
1987 sc->rssi_5ghz[ant] = 0;
1988 }
1989 }
1990 return (0);
1991}
1992
1993static struct ieee80211_node *
1994run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1995{
1996 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
1997}
1998
1999static int
2000run_media_change(struct ifnet *ifp)
2001{
2002 struct ieee80211vap *vap = ifp->if_softc;
2003 struct ieee80211com *ic = vap->iv_ic;
2004 const struct ieee80211_txparam *tp;
2005 struct run_softc *sc = ic->ic_ifp->if_softc;
2006 uint8_t rate, ridx;
2007 int error;
2008
2009 RUN_LOCK(sc);
2010
2011 error = ieee80211_media_change(ifp);
2012 if (error != ENETRESET) {
2013 RUN_UNLOCK(sc);
2014 return (error);
2015 }
2016
2017 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2018 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2019 struct ieee80211_node *ni;
2020 struct run_node *rn;
2021
2022 rate = ic->ic_sup_rates[ic->ic_curmode].
2023 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2024 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2025 if (rt2860_rates[ridx].rate == rate)
2026 break;
2027 ni = ieee80211_ref_node(vap->iv_bss);
2028 rn = (struct run_node *)ni;
2029 rn->fix_ridx = ridx;
2030 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
2031 ieee80211_free_node(ni);
2032 }
2033
2034#if 0
2035 if ((ifp->if_flags & IFF_UP) &&
2036 (ifp->if_drv_flags & IFF_DRV_RUNNING)){
2037 run_init_locked(sc);
2038 }
2039#endif
2040
2041 RUN_UNLOCK(sc);
2042
2043 return (0);
2044}
2045
2046static int
2047run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2048{
2049 const struct ieee80211_txparam *tp;
2050 struct ieee80211com *ic = vap->iv_ic;
2051 struct run_softc *sc = ic->ic_ifp->if_softc;
2052 struct run_vap *rvp = RUN_VAP(vap);
2053 enum ieee80211_state ostate;
2054 uint32_t sta[3];
2055 uint32_t tmp;
2056 uint8_t ratectl;
2057 uint8_t restart_ratectl = 0;
2058 uint8_t bid = 1 << rvp->rvp_id;
2059
2060 ostate = vap->iv_state;
2061 DPRINTF("%s -> %s\n",
2062 ieee80211_state_name[ostate],
2063 ieee80211_state_name[nstate]);
2064
2065 IEEE80211_UNLOCK(ic);
2066 RUN_LOCK(sc);
2067
2068 ratectl = sc->ratectl_run; /* remember current state */
2069 sc->ratectl_run = RUN_RATECTL_OFF;
2070 usb_callout_stop(&sc->ratectl_ch);
2071
2072 if (ostate == IEEE80211_S_RUN) {
2073 /* turn link LED off */
2074 run_set_leds(sc, RT2860_LED_RADIO);
2075 }
2076
2077 switch (nstate) {
2078 case IEEE80211_S_INIT:
2079 restart_ratectl = 1;
2080
2081 if (ostate != IEEE80211_S_RUN)
2082 break;
2083
2084 ratectl &= ~bid;
2085 sc->runbmap &= ~bid;
2086
2087 /* abort TSF synchronization if there is no vap running */
2088 if (--sc->running == 0) {
2089 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2090 run_write(sc, RT2860_BCN_TIME_CFG,
2091 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2092 RT2860_TBTT_TIMER_EN));
2093 }
2094 break;
2095
2096 case IEEE80211_S_RUN:
2097 if (!(sc->runbmap & bid)) {
2098 if(sc->running++)
2099 restart_ratectl = 1;
2100 sc->runbmap |= bid;
2101 }
2102
2103 m_freem(rvp->beacon_mbuf);
2104 rvp->beacon_mbuf = NULL;
2105
2106 switch (vap->iv_opmode) {
2107 case IEEE80211_M_HOSTAP:
2108 case IEEE80211_M_MBSS:
2109 sc->ap_running |= bid;
2110 ic->ic_opmode = vap->iv_opmode;
2111 run_update_beacon_cb(vap);
2112 break;
2113 case IEEE80211_M_IBSS:
2114 sc->adhoc_running |= bid;
2115 if (!sc->ap_running)
2116 ic->ic_opmode = vap->iv_opmode;
2117 run_update_beacon_cb(vap);
2118 break;
2119 case IEEE80211_M_STA:
2120 sc->sta_running |= bid;
2121 if (!sc->ap_running && !sc->adhoc_running)
2122 ic->ic_opmode = vap->iv_opmode;
2123
2124 /* read statistic counters (clear on read) */
2125 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2126 (uint8_t *)sta, sizeof sta);
2127
2128 break;
2129 default:
2130 ic->ic_opmode = vap->iv_opmode;
2131 break;
2132 }
2133
2134 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2135 struct ieee80211_node *ni;
2136
2137 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2138 RUN_UNLOCK(sc);
2139 IEEE80211_LOCK(ic);
2140 return (-1);
2141 }
2142 run_updateslot(ic->ic_ifp);
2143 run_enable_mrr(sc);
2144 run_set_txpreamble(sc);
2145 run_set_basicrates(sc);
2146 ni = ieee80211_ref_node(vap->iv_bss);
2147 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2148 run_set_bssid(sc, ni->ni_bssid);
2149 ieee80211_free_node(ni);
2150 run_enable_tsf_sync(sc);
2151
2152 /* enable automatic rate adaptation */
2153 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2154 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2155 ratectl |= bid;
2156 }
2157
2158 /* turn link LED on */
2159 run_set_leds(sc, RT2860_LED_RADIO |
2160 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2161 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2162
2163 break;
2164 default:
2165 DPRINTFN(6, "undefined case\n");
2166 break;
2167 }
2168
2169 /* restart amrr for running VAPs */
2170 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2171 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2172
2173 RUN_UNLOCK(sc);
2174 IEEE80211_LOCK(ic);
2175
2176 return(rvp->newstate(vap, nstate, arg));
2177}
2178
2179/* ARGSUSED */
2180static void
2181run_wme_update_cb(void *arg)
2182{
2183 struct ieee80211com *ic = arg;
2184 struct run_softc *sc = ic->ic_ifp->if_softc;
2185 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
2186 int aci, error = 0;
2187
2188 RUN_LOCK_ASSERT(sc, MA_OWNED);
2189
2190 /* update MAC TX configuration registers */
2191 for (aci = 0; aci < WME_NUM_AC; aci++) {
2192 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2193 wmesp->wme_params[aci].wmep_logcwmax << 16 |
2194 wmesp->wme_params[aci].wmep_logcwmin << 12 |
2195 wmesp->wme_params[aci].wmep_aifsn << 8 |
2196 wmesp->wme_params[aci].wmep_txopLimit);
2197 if (error) goto err;
2198 }
2199
2200 /* update SCH/DMA registers too */
2201 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2202 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
2203 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
2204 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
2205 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
2206 if (error) goto err;
2207 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2208 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
2209 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
2210 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
2211 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
2212 if (error) goto err;
2213 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2214 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
2215 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
2216 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
2217 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
2218 if (error) goto err;
2219 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2220 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
2221 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
2222 if (error) goto err;
2223 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2224 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
2225 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
2226
2227err:
2228 if (error)
2229 DPRINTF("WME update failed\n");
2230
2231 return;
2232}
2233
2234static int
2235run_wme_update(struct ieee80211com *ic)
2236{
2237 struct run_softc *sc = ic->ic_ifp->if_softc;
2238
2239 /* sometime called wothout lock */
2240 if (mtx_owned(&ic->ic_comlock.mtx)) {
2241 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2242 DPRINTF("cmdq_store=%d\n", i);
2243 sc->cmdq[i].func = run_wme_update_cb;
2244 sc->cmdq[i].arg0 = ic;
2245 ieee80211_runtask(ic, &sc->cmdq_task);
2246 return (0);
2247 }
2248
2249 RUN_LOCK(sc);
2250 run_wme_update_cb(ic);
2251 RUN_UNLOCK(sc);
2252
2253 /* return whatever, upper layer desn't care anyway */
2254 return (0);
2255}
2256
2257static void
2258run_key_update_begin(struct ieee80211vap *vap)
2259{
2260 /*
2261 * To avoid out-of-order events, both run_key_set() and
2262 * _delete() are deferred and handled by run_cmdq_cb().
2263 * So, there is nothing we need to do here.
2264 */
2265}
2266
2267static void
2268run_key_update_end(struct ieee80211vap *vap)
2269{
2270 /* null */
2271}
2272
2273static void
2274run_key_set_cb(void *arg)
2275{
2276 struct run_cmdq *cmdq = arg;
2277 struct ieee80211vap *vap = cmdq->arg1;
2278 struct ieee80211_key *k = cmdq->k;
2279 struct ieee80211com *ic = vap->iv_ic;
2280 struct run_softc *sc = ic->ic_ifp->if_softc;
2281 struct ieee80211_node *ni;
2282 uint32_t attr;
2283 uint16_t base, associd;
2284 uint8_t mode, wcid, iv[8];
2285
2286 RUN_LOCK_ASSERT(sc, MA_OWNED);
2287
2288 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2289 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2290 else
2291 ni = vap->iv_bss;
2292 associd = (ni != NULL) ? ni->ni_associd : 0;
2293
2294 /* map net80211 cipher to RT2860 security mode */
2295 switch (k->wk_cipher->ic_cipher) {
2296 case IEEE80211_CIPHER_WEP:
2297 if(k->wk_keylen < 8)
2298 mode = RT2860_MODE_WEP40;
2299 else
2300 mode = RT2860_MODE_WEP104;
2301 break;
2302 case IEEE80211_CIPHER_TKIP:
2303 mode = RT2860_MODE_TKIP;
2304 break;
2305 case IEEE80211_CIPHER_AES_CCM:
2306 mode = RT2860_MODE_AES_CCMP;
2307 break;
2308 default:
2309 DPRINTF("undefined case\n");
2310 return;
2311 }
2312
2313 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2314 associd, k->wk_keyix, mode,
2315 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2316 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2317 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2318
2319 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2320 wcid = 0; /* NB: update WCID0 for group keys */
2321 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2322 } else {
2323 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2324 1 : RUN_AID2WCID(associd);
2325 base = RT2860_PKEY(wcid);
2326 }
2327
2328 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2329 if(run_write_region_1(sc, base, k->wk_key, 16))
2330 return;
2331 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2332 return;
2333 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2334 return;
2335 } else {
2336 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2337 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2338 return;
2339 }
2340
2341 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2342 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2343 /* set initial packet number in IV+EIV */
2344 if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
2345 memset(iv, 0, sizeof iv);
2346 iv[3] = vap->iv_def_txkey << 6;
2347 } else {
2348 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2349 iv[0] = k->wk_keytsc >> 8;
2350 iv[1] = (iv[0] | 0x20) & 0x7f;
2351 iv[2] = k->wk_keytsc;
2352 } else /* CCMP */ {
2353 iv[0] = k->wk_keytsc;
2354 iv[1] = k->wk_keytsc >> 8;
2355 iv[2] = 0;
2356 }
2357 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2358 iv[4] = k->wk_keytsc >> 16;
2359 iv[5] = k->wk_keytsc >> 24;
2360 iv[6] = k->wk_keytsc >> 32;
2361 iv[7] = k->wk_keytsc >> 40;
2362 }
2363 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2364 return;
2365 }
2366
2367 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2368 /* install group key */
2369 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2370 return;
2371 attr &= ~(0xf << (k->wk_keyix * 4));
2372 attr |= mode << (k->wk_keyix * 4);
2373 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2374 return;
2375 } else {
2376 /* install pairwise key */
2377 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2378 return;
2379 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2380 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2381 return;
2382 }
2383
2384 /* TODO create a pass-thru key entry? */
2385
2386 /* need wcid to delete the right key later */
2387 k->wk_pad = wcid;
2388}
2389
2390/*
2391 * Don't have to be deferred, but in order to keep order of
2392 * execution, i.e. with run_key_delete(), defer this and let
2393 * run_cmdq_cb() maintain the order.
2394 *
2395 * return 0 on error
2396 */
2397static int
2398run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2399 const uint8_t mac[IEEE80211_ADDR_LEN])
2400{
2401 struct ieee80211com *ic = vap->iv_ic;
2402 struct run_softc *sc = ic->ic_ifp->if_softc;
2403 uint32_t i;
2404
2405 i = RUN_CMDQ_GET(&sc->cmdq_store);
2406 DPRINTF("cmdq_store=%d\n", i);
2407 sc->cmdq[i].func = run_key_set_cb;
2408 sc->cmdq[i].arg0 = NULL;
2409 sc->cmdq[i].arg1 = vap;
2410 sc->cmdq[i].k = k;
2411 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2412 ieee80211_runtask(ic, &sc->cmdq_task);
2413
2414 /*
2415 * To make sure key will be set when hostapd
2416 * calls iv_key_set() before if_init().
2417 */
2418 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2419 RUN_LOCK(sc);
2420 sc->cmdq_key_set = RUN_CMDQ_GO;
2421 RUN_UNLOCK(sc);
2422 }
2423
2424 return (1);
2425}
2426
2427/*
2428 * If wlan is destroyed without being brought down i.e. without
2429 * wlan down or wpa_cli terminate, this function is called after
2430 * vap is gone. Don't refer it.
2431 */
2432static void
2433run_key_delete_cb(void *arg)
2434{
2435 struct run_cmdq *cmdq = arg;
2436 struct run_softc *sc = cmdq->arg1;
2437 struct ieee80211_key *k = &cmdq->key;
2438 uint32_t attr;
2439 uint8_t wcid;
2440
2441 RUN_LOCK_ASSERT(sc, MA_OWNED);
2442
2443 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2444 /* remove group key */
2445 DPRINTF("removing group key\n");
2446 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2447 attr &= ~(0xf << (k->wk_keyix * 4));
2448 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2449 } else {
2450 /* remove pairwise key */
2451 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2452 /* matching wcid was written to wk_pad in run_key_set() */
2453 wcid = k->wk_pad;
2454 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2455 attr &= ~0xf;
2456 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2457 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2458 }
2459
2460 k->wk_pad = 0;
2461}
2462
2463/*
2464 * return 0 on error
2465 */
2466static int
2467run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2468{
2469 struct ieee80211com *ic = vap->iv_ic;
2470 struct run_softc *sc = ic->ic_ifp->if_softc;
2471 struct ieee80211_key *k0;
2472 uint32_t i;
2473
2474 /*
2475 * When called back, key might be gone. So, make a copy
2476 * of some values need to delete keys before deferring.
2477 * But, because of LOR with node lock, cannot use lock here.
2478 * So, use atomic instead.
2479 */
2480 i = RUN_CMDQ_GET(&sc->cmdq_store);
2481 DPRINTF("cmdq_store=%d\n", i);
2482 sc->cmdq[i].func = run_key_delete_cb;
2483 sc->cmdq[i].arg0 = NULL;
2484 sc->cmdq[i].arg1 = sc;
2485 k0 = &sc->cmdq[i].key;
2486 k0->wk_flags = k->wk_flags;
2487 k0->wk_keyix = k->wk_keyix;
2488 /* matching wcid was written to wk_pad in run_key_set() */
2489 k0->wk_pad = k->wk_pad;
2490 ieee80211_runtask(ic, &sc->cmdq_task);
2491 return (1); /* return fake success */
2492
2493}
2494
2495static void
2496run_ratectl_to(void *arg)
2497{
2498 struct run_softc *sc = arg;
2499
2500 /* do it in a process context, so it can go sleep */
2501 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2502 /* next timeout will be rescheduled in the callback task */
2503}
2504
2505/* ARGSUSED */
2506static void
2507run_ratectl_cb(void *arg, int pending)
2508{
2509 struct run_softc *sc = arg;
2510 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2511 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2512
2513 if (vap == NULL)
2514 return;
2515
2516 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2517 /*
2518 * run_reset_livelock() doesn't do anything with AMRR,
2519 * but Ralink wants us to call it every 1 sec. So, we
2520 * piggyback here rather than creating another callout.
2521 * Livelock may occur only in HOSTAP or IBSS mode
2522 * (when h/w is sending beacons).
2523 */
2524 RUN_LOCK(sc);
2525 run_reset_livelock(sc);
2526 /* just in case, there are some stats to drain */
2527 run_drain_fifo(sc);
2528 RUN_UNLOCK(sc);
2529 }
2530
2531 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2532
2533 RUN_LOCK(sc);
2534 if(sc->ratectl_run != RUN_RATECTL_OFF)
2535 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2536 RUN_UNLOCK(sc);
2537}
2538
2539static void
2540run_drain_fifo(void *arg)
2541{
2542 struct run_softc *sc = arg;
2543 struct ifnet *ifp = sc->sc_ifp;
2544 uint32_t stat;
2545 uint16_t (*wstat)[3];
2546 uint8_t wcid, mcs, pid;
2547 int8_t retry;
2548
2549 RUN_LOCK_ASSERT(sc, MA_OWNED);
2550
2551 for (;;) {
2552 /* drain Tx status FIFO (maxsize = 16) */
2553 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2554 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2555 if (!(stat & RT2860_TXQ_VLD))
2556 break;
2557
2558 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2559
2560 /* if no ACK was requested, no feedback is available */
2561 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2562 wcid == 0)
2563 continue;
2564
2565 /*
2566 * Even though each stat is Tx-complete-status like format,
2567 * the device can poll stats. Because there is no guarantee
2568 * that the referring node is still around when read the stats.
2569 * So that, if we use ieee80211_ratectl_tx_update(), we will
2570 * have hard time not to refer already freed node.
2571 *
2572 * To eliminate such page faults, we poll stats in softc.
2573 * Then, update the rates later with ieee80211_ratectl_tx_update().
2574 */
2575 wstat = &(sc->wcid_stats[wcid]);
2576 (*wstat)[RUN_TXCNT]++;
2577 if (stat & RT2860_TXQ_OK)
2578 (*wstat)[RUN_SUCCESS]++;
2579 else
2580 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
2581 /*
2582 * Check if there were retries, ie if the Tx success rate is
2583 * different from the requested rate. Note that it works only
2584 * because we do not allow rate fallback from OFDM to CCK.
2585 */
2586 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2587 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2588 if ((retry = pid -1 - mcs) > 0) {
2589 (*wstat)[RUN_TXCNT] += retry;
2590 (*wstat)[RUN_RETRY] += retry;
2591 }
2592 }
2593 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2594
2595 sc->fifo_cnt = 0;
2596}
2597
2598static void
2599run_iter_func(void *arg, struct ieee80211_node *ni)
2600{
2601 struct run_softc *sc = arg;
2602 struct ieee80211vap *vap = ni->ni_vap;
2603 struct ieee80211com *ic = ni->ni_ic;
2604 struct ifnet *ifp = ic->ic_ifp;
2605 struct run_node *rn = (void *)ni;
2606 union run_stats sta[2];
2607 uint16_t (*wstat)[3];
2608 int txcnt, success, retrycnt, error;
2609
2610 RUN_LOCK(sc);
2611
2612 /* Check for special case */
2613 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2614 ni != vap->iv_bss)
2615 goto fail;
2616
2617 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2618 vap->iv_opmode == IEEE80211_M_STA)) {
2619 /* read statistic counters (clear on read) and update AMRR state */
2620 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2621 sizeof sta);
2622 if (error != 0)
2623 goto fail;
2624
2625 /* count failed TX as errors */
2626 if_inc_counter(ifp, IFCOUNTER_OERRORS, le16toh(sta[0].error.fail));
2627
2628 retrycnt = le16toh(sta[1].tx.retry);
2629 success = le16toh(sta[1].tx.success);
2630 txcnt = retrycnt + success + le16toh(sta[0].error.fail);
2631
2632 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
2633 retrycnt, success, le16toh(sta[0].error.fail));
2634 } else {
2635 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2636
2637 if (wstat == &(sc->wcid_stats[0]) ||
2638 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2639 goto fail;
2640
2641 txcnt = (*wstat)[RUN_TXCNT];
2642 success = (*wstat)[RUN_SUCCESS];
2643 retrycnt = (*wstat)[RUN_RETRY];
2644 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
2645 retrycnt, txcnt, success);
2646
2647 memset(wstat, 0, sizeof(*wstat));
2648 }
2649
2650 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
2651 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2652
2653fail:
2654 RUN_UNLOCK(sc);
2655
2656 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2657}
2658
2659static void
2660run_newassoc_cb(void *arg)
2661{
2662 struct run_cmdq *cmdq = arg;
2663 struct ieee80211_node *ni = cmdq->arg1;
2664 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2665 uint8_t wcid = cmdq->wcid;
2666
2667 RUN_LOCK_ASSERT(sc, MA_OWNED);
2668
2669 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2670 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2671
2672 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2673}
2674
2675static void
2676run_newassoc(struct ieee80211_node *ni, int isnew)
2677{
2678 struct run_node *rn = (void *)ni;
2679 struct ieee80211_rateset *rs = &ni->ni_rates;
2680 struct ieee80211vap *vap = ni->ni_vap;
2681 struct ieee80211com *ic = vap->iv_ic;
2682 struct run_softc *sc = ic->ic_ifp->if_softc;
2683 uint8_t rate;
2684 uint8_t ridx;
2685 uint8_t wcid;
2686 int i, j;
2687
2688 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2689 1 : RUN_AID2WCID(ni->ni_associd);
2690
2691 if (wcid > RT2870_WCID_MAX) {
2692 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2693 return;
2694 }
2695
2696 /* only interested in true associations */
2697 if (isnew && ni->ni_associd != 0) {
2698
2699 /*
2700 * This function could is called though timeout function.
2701 * Need to defer.
2702 */
2703 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2704 DPRINTF("cmdq_store=%d\n", cnt);
2705 sc->cmdq[cnt].func = run_newassoc_cb;
2706 sc->cmdq[cnt].arg0 = NULL;
2707 sc->cmdq[cnt].arg1 = ni;
2708 sc->cmdq[cnt].wcid = wcid;
2709 ieee80211_runtask(ic, &sc->cmdq_task);
2710 }
2711
2712 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2713 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2714
2715 for (i = 0; i < rs->rs_nrates; i++) {
2716 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2717 /* convert 802.11 rate to hardware rate index */
2718 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2719 if (rt2860_rates[ridx].rate == rate)
2720 break;
2721 rn->ridx[i] = ridx;
2722 /* determine rate of control response frames */
2723 for (j = i; j >= 0; j--) {
2724 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2725 rt2860_rates[rn->ridx[i]].phy ==
2726 rt2860_rates[rn->ridx[j]].phy)
2727 break;
2728 }
2729 if (j >= 0) {
2730 rn->ctl_ridx[i] = rn->ridx[j];
2731 } else {
2732 /* no basic rate found, use mandatory one */
2733 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2734 }
2735 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2736 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2737 }
2738 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2739 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2740 if (rt2860_rates[ridx].rate == rate)
2741 break;
2742 rn->mgt_ridx = ridx;
2743 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2744
2745 RUN_LOCK(sc);
2746 if(sc->ratectl_run != RUN_RATECTL_OFF)
2747 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2748 RUN_UNLOCK(sc);
2749}
2750
2751/*
2752 * Return the Rx chain with the highest RSSI for a given frame.
2753 */
2754static __inline uint8_t
2755run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2756{
2757 uint8_t rxchain = 0;
2758
2759 if (sc->nrxchains > 1) {
2760 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2761 rxchain = 1;
2762 if (sc->nrxchains > 2)
2763 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2764 rxchain = 2;
2765 }
2766 return (rxchain);
2767}
2768
2769static void
2770run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2771{
2772 struct ifnet *ifp = sc->sc_ifp;
2773 struct ieee80211com *ic = ifp->if_l2com;
2774 struct ieee80211_frame *wh;
2775 struct ieee80211_node *ni;
2776 struct rt2870_rxd *rxd;
2777 struct rt2860_rxwi *rxwi;
2778 uint32_t flags;
2779 uint16_t len, rxwisize;
2780 uint8_t ant, rssi;
2781 int8_t nf;
2782
2783 rxwi = mtod(m, struct rt2860_rxwi *);
2784 len = le16toh(rxwi->len) & 0xfff;
2785 rxwisize = sizeof(struct rt2860_rxwi);
2786 if (sc->mac_ver == 0x5592)
2787 rxwisize += sizeof(uint64_t);
2788 else if (sc->mac_ver == 0x3593)
2789 rxwisize += sizeof(uint32_t);
2790 if (__predict_false(len > dmalen)) {
2791 m_freem(m);
2792 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2793 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2794 return;
2795 }
2796 /* Rx descriptor is located at the end */
2797 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2798 flags = le32toh(rxd->flags);
2799
2800 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2801 m_freem(m);
2802 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2803 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2804 return;
2805 }
2806
2807 m->m_data += rxwisize;
2808 m->m_pkthdr.len = m->m_len -= rxwisize;
2809
2810 wh = mtod(m, struct ieee80211_frame *);
2811
2812 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2813 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2814 m->m_flags |= M_WEP;
2815 }
2816
2817 if (flags & RT2860_RX_L2PAD) {
2818 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2819 len += 2;
2820 }
2821
2822 ni = ieee80211_find_rxnode(ic,
2823 mtod(m, struct ieee80211_frame_min *));
2824
2825 if (__predict_false(flags & RT2860_RX_MICERR)) {
2826 /* report MIC failures to net80211 for TKIP */
2827 if (ni != NULL)
2828 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2829 rxwi->keyidx);
2830 m_freem(m);
2831 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2832 DPRINTF("MIC error. Someone is lying.\n");
2833 return;
2834 }
2835
2836 ant = run_maxrssi_chain(sc, rxwi);
2837 rssi = rxwi->rssi[ant];
2838 nf = run_rssi2dbm(sc, rssi, ant);
2839
2840 m->m_pkthdr.rcvif = ifp;
2841 m->m_pkthdr.len = m->m_len = len;
2842
2843 if (ni != NULL) {
2844 (void)ieee80211_input(ni, m, rssi, nf);
2845 ieee80211_free_node(ni);
2846 } else {
2847 (void)ieee80211_input_all(ic, m, rssi, nf);
2848 }
2849
2850 if (__predict_false(ieee80211_radiotap_active(ic))) {
2851 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2852 uint16_t phy;
2853
2854 tap->wr_flags = 0;
2855 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2856 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2857 tap->wr_antsignal = rssi;
2858 tap->wr_antenna = ant;
2859 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2860 tap->wr_rate = 2; /* in case it can't be found below */
2861 phy = le16toh(rxwi->phy);
2862 switch (phy & RT2860_PHY_MODE) {
2863 case RT2860_PHY_CCK:
2864 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2865 case 0: tap->wr_rate = 2; break;
2866 case 1: tap->wr_rate = 4; break;
2867 case 2: tap->wr_rate = 11; break;
2868 case 3: tap->wr_rate = 22; break;
2869 }
2870 if (phy & RT2860_PHY_SHPRE)
2871 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2872 break;
2873 case RT2860_PHY_OFDM:
2874 switch (phy & RT2860_PHY_MCS) {
2875 case 0: tap->wr_rate = 12; break;
2876 case 1: tap->wr_rate = 18; break;
2877 case 2: tap->wr_rate = 24; break;
2878 case 3: tap->wr_rate = 36; break;
2879 case 4: tap->wr_rate = 48; break;
2880 case 5: tap->wr_rate = 72; break;
2881 case 6: tap->wr_rate = 96; break;
2882 case 7: tap->wr_rate = 108; break;
2883 }
2884 break;
2885 }
2886 }
2887}
2888
2889static void
2890run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2891{
2892 struct run_softc *sc = usbd_xfer_softc(xfer);
2893 struct ifnet *ifp = sc->sc_ifp;
2894 struct mbuf *m = NULL;
2895 struct mbuf *m0;
2896 uint32_t dmalen;
2897 uint16_t rxwisize;
2898 int xferlen;
2899
2900 rxwisize = sizeof(struct rt2860_rxwi);
2901 if (sc->mac_ver == 0x5592)
2902 rxwisize += sizeof(uint64_t);
2903 else if (sc->mac_ver == 0x3593)
2904 rxwisize += sizeof(uint32_t);
2905
2906 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2907
2908 switch (USB_GET_STATE(xfer)) {
2909 case USB_ST_TRANSFERRED:
2910
2911 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2912
2913 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2914 sizeof(struct rt2870_rxd))) {
2915 DPRINTF("xfer too short %d\n", xferlen);
2916 goto tr_setup;
2917 }
2918
2919 m = sc->rx_m;
2920 sc->rx_m = NULL;
2921
2922 /* FALLTHROUGH */
2923 case USB_ST_SETUP:
2924tr_setup:
2925 if (sc->rx_m == NULL) {
2926 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2927 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2928 }
2929 if (sc->rx_m == NULL) {
2930 DPRINTF("could not allocate mbuf - idle with stall\n");
2931 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2932 usbd_xfer_set_stall(xfer);
2933 usbd_xfer_set_frames(xfer, 0);
2934 } else {
2935 /*
2936 * Directly loading a mbuf cluster into DMA to
2937 * save some data copying. This works because
2938 * there is only one cluster.
2939 */
2940 usbd_xfer_set_frame_data(xfer, 0,
2941 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2942 usbd_xfer_set_frames(xfer, 1);
2943 }
2944 usbd_transfer_submit(xfer);
2945 break;
2946
2947 default: /* Error */
2948 if (error != USB_ERR_CANCELLED) {
2949 /* try to clear stall first */
2950 usbd_xfer_set_stall(xfer);
2951
2952 if (error == USB_ERR_TIMEOUT)
2953 device_printf(sc->sc_dev, "device timeout\n");
2954
2955 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2956
2957 goto tr_setup;
2958 }
2959 if (sc->rx_m != NULL) {
2960 m_freem(sc->rx_m);
2961 sc->rx_m = NULL;
2962 }
2963 break;
2964 }
2965
2966 if (m == NULL)
2967 return;
2968
2969 /* inputting all the frames must be last */
2970
2971 RUN_UNLOCK(sc);
2972
2973 m->m_pkthdr.len = m->m_len = xferlen;
2974
2975 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2976 for(;;) {
2977 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2978
2979 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
2980 ((dmalen & 3) != 0)) {
2981 DPRINTF("bad DMA length %u\n", dmalen);
2982 break;
2983 }
2984 if ((dmalen + 8) > (uint32_t)xferlen) {
2985 DPRINTF("bad DMA length %u > %d\n",
2986 dmalen + 8, xferlen);
2987 break;
2988 }
2989
2990 /* If it is the last one or a single frame, we won't copy. */
2991 if ((xferlen -= dmalen + 8) <= 8) {
2992 /* trim 32-bit DMA-len header */
2993 m->m_data += 4;
2994 m->m_pkthdr.len = m->m_len -= 4;
2995 run_rx_frame(sc, m, dmalen);
2996 m = NULL; /* don't free source buffer */
2997 break;
2998 }
2999
3000 /* copy aggregated frames to another mbuf */
3001 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3002 if (__predict_false(m0 == NULL)) {
3003 DPRINTF("could not allocate mbuf\n");
3004 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
3005 break;
3006 }
3007 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3008 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3009 m0->m_pkthdr.len = m0->m_len =
3010 dmalen + sizeof(struct rt2870_rxd);
3011 run_rx_frame(sc, m0, dmalen);
3012
3013 /* update data ptr */
3014 m->m_data += dmalen + 8;
3015 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3016 }
3017
3018 /* make sure we free the source buffer, if any */
3019 m_freem(m);
3020
3021 RUN_LOCK(sc);
3022}
3023
3024static void
3025run_tx_free(struct run_endpoint_queue *pq,
3026 struct run_tx_data *data, int txerr)
3027{
3028 if (data->m != NULL) {
3029 if (data->m->m_flags & M_TXCB)
3030 ieee80211_process_callback(data->ni, data->m,
3031 txerr ? ETIMEDOUT : 0);
3032 m_freem(data->m);
3033 data->m = NULL;
3034
3035 if (data->ni == NULL) {
3036 DPRINTF("no node\n");
3037 } else {
3038 ieee80211_free_node(data->ni);
3039 data->ni = NULL;
3040 }
3041 }
3042
3043 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3044 pq->tx_nfree++;
3045}
3046
3047static void
3048run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3049{
3050 struct run_softc *sc = usbd_xfer_softc(xfer);
3051 struct ifnet *ifp = sc->sc_ifp;
3052 struct ieee80211com *ic = ifp->if_l2com;
3053 struct run_tx_data *data;
3054 struct ieee80211vap *vap = NULL;
3055 struct usb_page_cache *pc;
3056 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3057 struct mbuf *m;
3058 usb_frlength_t size;
3059 int actlen;
3060 int sumlen;
3061
3062 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3063
3064 switch (USB_GET_STATE(xfer)) {
3065 case USB_ST_TRANSFERRED:
3066 DPRINTFN(11, "transfer complete: %d "
3067 "bytes @ index %d\n", actlen, index);
3068
3069 data = usbd_xfer_get_priv(xfer);
3070
3071 run_tx_free(pq, data, 0);
3072 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
3073
3074 usbd_xfer_set_priv(xfer, NULL);
3075
3076 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
3077
3078 /* FALLTHROUGH */
3079 case USB_ST_SETUP:
3080tr_setup:
3081 data = STAILQ_FIRST(&pq->tx_qh);
3082 if (data == NULL)
3083 break;
3084
3085 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3086
3087 m = data->m;
3088 size = (sc->mac_ver == 0x5592) ?
3089 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3090 if ((m->m_pkthdr.len +
3091 size + 3 + 8) > RUN_MAX_TXSZ) {
3092 DPRINTF("data overflow, %u bytes\n",
3093 m->m_pkthdr.len);
3094
3095 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3096
3097 run_tx_free(pq, data, 1);
3098
3099 goto tr_setup;
3100 }
3101
3102 pc = usbd_xfer_get_frame(xfer, 0);
3103 usbd_copy_in(pc, 0, &data->desc, size);
3104 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3105 size += m->m_pkthdr.len;
3106 /*
3107 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3108 * 4-byte padding), and be sure to zero those trailing
3109 * bytes:
3110 */
3111 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3112 size += ((-size) & 3) + 8;
3113
3114 vap = data->ni->ni_vap;
3115 if (ieee80211_radiotap_active_vap(vap)) {
3116 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3117 struct rt2860_txwi *txwi =
3118 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3119 tap->wt_flags = 0;
3120 tap->wt_rate = rt2860_rates[data->ridx].rate;
3121 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3122 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3123 tap->wt_hwqueue = index;
3124 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3125 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3126
3127 ieee80211_radiotap_tx(vap, m);
3128 }
3129
3130 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n",
3131 m->m_pkthdr.len, size, index);
3132
3133 usbd_xfer_set_frame_len(xfer, 0, size);
3134 usbd_xfer_set_priv(xfer, data);
3135
3136 usbd_transfer_submit(xfer);
3137
3138 RUN_UNLOCK(sc);
3139 run_start(ifp);
3140 RUN_LOCK(sc);
3141
3142 break;
3143
3144 default:
3145 DPRINTF("USB transfer error, %s\n",
3146 usbd_errstr(error));
3147
3148 data = usbd_xfer_get_priv(xfer);
3149
3150 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3151
3152 if (data != NULL) {
3153 if(data->ni != NULL)
3154 vap = data->ni->ni_vap;
3155 run_tx_free(pq, data, error);
3156 usbd_xfer_set_priv(xfer, NULL);
3157 }
3158 if (vap == NULL)
3159 vap = TAILQ_FIRST(&ic->ic_vaps);
3160
3161 if (error != USB_ERR_CANCELLED) {
3162 if (error == USB_ERR_TIMEOUT) {
3163 device_printf(sc->sc_dev, "device timeout\n");
3164 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3165 DPRINTF("cmdq_store=%d\n", i);
3166 sc->cmdq[i].func = run_usb_timeout_cb;
3167 sc->cmdq[i].arg0 = vap;
3168 ieee80211_runtask(ic, &sc->cmdq_task);
3169 }
3170
3171 /*
3172 * Try to clear stall first, also if other
3173 * errors occur, hence clearing stall
3174 * introduces a 50 ms delay:
3175 */
3176 usbd_xfer_set_stall(xfer);
3177 goto tr_setup;
3178 }
3179 break;
3180 }
3181}
3182
3183static void
3184run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3185{
3186 run_bulk_tx_callbackN(xfer, error, 0);
3187}
3188
3189static void
3190run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3191{
3192 run_bulk_tx_callbackN(xfer, error, 1);
3193}
3194
3195static void
3196run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3197{
3198 run_bulk_tx_callbackN(xfer, error, 2);
3199}
3200
3201static void
3202run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3203{
3204 run_bulk_tx_callbackN(xfer, error, 3);
3205}
3206
3207static void
3208run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3209{
3210 run_bulk_tx_callbackN(xfer, error, 4);
3211}
3212
3213static void
3214run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3215{
3216 run_bulk_tx_callbackN(xfer, error, 5);
3217}
3218
3219static void
3220run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3221{
3222 struct mbuf *m = data->m;
3223 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3224 struct ieee80211vap *vap = data->ni->ni_vap;
3225 struct ieee80211_frame *wh;
3226 struct rt2870_txd *txd;
3227 struct rt2860_txwi *txwi;
3228 uint16_t xferlen, txwisize;
3229 uint16_t mcs;
3230 uint8_t ridx = data->ridx;
3231 uint8_t pad;
3232
3233 /* get MCS code from rate index */
3234 mcs = rt2860_rates[ridx].mcs;
3235
3236 txwisize = (sc->mac_ver == 0x5592) ?
3237 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3238 xferlen = txwisize + m->m_pkthdr.len;
3239
3240 /* roundup to 32-bit alignment */
3241 xferlen = (xferlen + 3) & ~3;
3242
3243 txd = (struct rt2870_txd *)&data->desc;
3244 txd->len = htole16(xferlen);
3245
3246 wh = mtod(m, struct ieee80211_frame *);
3247
3248 /*
3249 * Ether both are true or both are false, the header
3250 * are nicely aligned to 32-bit. So, no L2 padding.
3251 */
3252 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3253 pad = 0;
3254 else
3255 pad = 2;
3256
3257 /* setup TX Wireless Information */
3258 txwi = (struct rt2860_txwi *)(txd + 1);
3259 txwi->len = htole16(m->m_pkthdr.len - pad);
3260 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3261 mcs |= RT2860_PHY_CCK;
3262 if (ridx != RT2860_RIDX_CCK1 &&
3263 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3264 mcs |= RT2860_PHY_SHPRE;
3265 } else
3266 mcs |= RT2860_PHY_OFDM;
3267 txwi->phy = htole16(mcs);
3268
3269 /* check if RTS/CTS or CTS-to-self protection is required */
3270 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3271 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3272 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3273 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3274 txwi->txop |= RT2860_TX_TXOP_HT;
3275 else
3276 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3277
3278 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3279 txwi->xflags |= RT2860_TX_NSEQ;
3280}
3281
3282/* This function must be called locked */
3283static int
3284run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3285{
3286 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3287 struct ieee80211vap *vap = ni->ni_vap;
3288 struct ieee80211_frame *wh;
3289 struct ieee80211_channel *chan;
3290 const struct ieee80211_txparam *tp;
3291 struct run_node *rn = (void *)ni;
3292 struct run_tx_data *data;
3293 struct rt2870_txd *txd;
3294 struct rt2860_txwi *txwi;
3295 uint16_t qos;
3296 uint16_t dur;
3297 uint16_t qid;
3298 uint8_t type;
3299 uint8_t tid;
3300 uint8_t ridx;
3301 uint8_t ctl_ridx;
3302 uint8_t qflags;
3303 uint8_t xflags = 0;
3304 int hasqos;
3305
3306 RUN_LOCK_ASSERT(sc, MA_OWNED);
3307
3308 wh = mtod(m, struct ieee80211_frame *);
3309
3310 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3311
3312 /*
3313 * There are 7 bulk endpoints: 1 for RX
3314 * and 6 for TX (4 EDCAs + HCCA + Prio).
3315 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3316 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3317 */
3318 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3319 uint8_t *frm;
3320
3321 if(IEEE80211_HAS_ADDR4(wh))
3322 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3323 else
3324 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3325
3326 qos = le16toh(*(const uint16_t *)frm);
3327 tid = qos & IEEE80211_QOS_TID;
3328 qid = TID_TO_WME_AC(tid);
3329 } else {
3330 qos = 0;
3331 tid = 0;
3332 qid = WME_AC_BE;
3333 }
3334 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3335
3336 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3337 qos, qid, tid, qflags);
3338
3339 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
3340 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
3341
3342 /* pickup a rate index */
3343 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3344 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3345 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3346 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3347 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3348 } else {
3349 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3350 ridx = rn->fix_ridx;
3351 else
3352 ridx = rn->amrr_ridx;
3353 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3354 }
3355
3356 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3357 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3358 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3359 xflags |= RT2860_TX_ACK;
3360 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3361 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3362 else
3363 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3364 USETW(wh->i_dur, dur);
3365 }
3366
3367 /* reserve slots for mgmt packets, just in case */
3368 if (sc->sc_epq[qid].tx_nfree < 3) {
3369 DPRINTFN(10, "tx ring %d is full\n", qid);
3370 return (-1);
3371 }
3372
3373 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3374 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3375 sc->sc_epq[qid].tx_nfree--;
3376
3377 txd = (struct rt2870_txd *)&data->desc;
3378 txd->flags = qflags;
3379 txwi = (struct rt2860_txwi *)(txd + 1);
3380 txwi->xflags = xflags;
3381 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3382 txwi->wcid = 0;
3383 else
3384 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3385 1 : RUN_AID2WCID(ni->ni_associd);
3386
3387 /* clear leftover garbage bits */
3388 txwi->flags = 0;
3389 txwi->txop = 0;
3390
3391 data->m = m;
3392 data->ni = ni;
3393 data->ridx = ridx;
3394
3395 run_set_tx_desc(sc, data);
3396
3397 /*
3398 * The chip keeps track of 2 kind of Tx stats,
3399 * * TX_STAT_FIFO, for per WCID stats, and
3400 * * TX_STA_CNT0 for all-TX-in-one stats.
3401 *
3402 * To use FIFO stats, we need to store MCS into the driver-private
3403 * PacketID field. So that, we can tell whose stats when we read them.
3404 * We add 1 to the MCS because setting the PacketID field to 0 means
3405 * that we don't want feedback in TX_STAT_FIFO.
3406 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3407 *
3408 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3409 */
3410 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3411 vap->iv_opmode == IEEE80211_M_MBSS) {
3412 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3413 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3414
3415 /*
3416 * Unlike PCI based devices, we don't get any interrupt from
3417 * USB devices, so we simulate FIFO-is-full interrupt here.
3418 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3419 * quickly get fulled. To prevent overflow, increment a counter on
3420 * every FIFO stat request, so we know how many slots are left.
3421 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3422 * are used only in those modes.
3423 * We just drain stats. AMRR gets updated every 1 sec by
3424 * run_ratectl_cb() via callout.
3425 * Call it early. Otherwise overflow.
3426 */
3427 if (sc->fifo_cnt++ == 10) {
3428 /*
3429 * With multiple vaps or if_bridge, if_start() is called
3430 * with a non-sleepable lock, tcpinp. So, need to defer.
3431 */
3432 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3433 DPRINTFN(6, "cmdq_store=%d\n", i);
3434 sc->cmdq[i].func = run_drain_fifo;
3435 sc->cmdq[i].arg0 = sc;
3436 ieee80211_runtask(ic, &sc->cmdq_task);
3437 }
3438 }
3439
3440 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3441
3442 usbd_transfer_start(sc->sc_xfer[qid]);
3443
3444 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n",
3445 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3446 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3447
3448 return (0);
3449}
3450
3451static int
3452run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3453{
3454 struct ifnet *ifp = sc->sc_ifp;
3455 struct ieee80211com *ic = ifp->if_l2com;
3456 struct run_node *rn = (void *)ni;
3457 struct run_tx_data *data;
3458 struct ieee80211_frame *wh;
3459 struct rt2870_txd *txd;
3460 struct rt2860_txwi *txwi;
3461 uint16_t dur;
3462 uint8_t ridx = rn->mgt_ridx;
3463 uint8_t type;
3464 uint8_t xflags = 0;
3465 uint8_t wflags = 0;
3466
3467 RUN_LOCK_ASSERT(sc, MA_OWNED);
3468
3469 wh = mtod(m, struct ieee80211_frame *);
3470
3471 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3472
3473 /* tell hardware to add timestamp for probe responses */
3474 if ((wh->i_fc[0] &
3475 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3476 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3477 wflags |= RT2860_TX_TS;
3478 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3479 xflags |= RT2860_TX_ACK;
3480
3481 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3482 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3483 USETW(wh->i_dur, dur);
3484 }
3485
3486 if (sc->sc_epq[0].tx_nfree == 0) {
3487 /* let caller free mbuf */
3488 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3489 return (EIO);
3490 }
3491 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3492 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3493 sc->sc_epq[0].tx_nfree--;
3494
3495 txd = (struct rt2870_txd *)&data->desc;
3496 txd->flags = RT2860_TX_QSEL_EDCA;
3497 txwi = (struct rt2860_txwi *)(txd + 1);
3498 txwi->wcid = 0xff;
3499 txwi->flags = wflags;
3500 txwi->xflags = xflags;
3501 txwi->txop = 0; /* clear leftover garbage bits */
3502
3503 data->m = m;
3504 data->ni = ni;
3505 data->ridx = ridx;
3506
3507 run_set_tx_desc(sc, data);
3508
3509 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3510 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)),
3511 rt2860_rates[ridx].rate);
3512
3513 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3514
3515 usbd_transfer_start(sc->sc_xfer[0]);
3516
3517 return (0);
3518}
3519
3520static int
3521run_sendprot(struct run_softc *sc,
3522 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3523{
3524 struct ieee80211com *ic = ni->ni_ic;
3525 struct ieee80211_frame *wh;
3526 struct run_tx_data *data;
3527 struct rt2870_txd *txd;
3528 struct rt2860_txwi *txwi;
3529 struct mbuf *mprot;
3530 int ridx;
3531 int protrate;
3532 int ackrate;
3533 int pktlen;
3534 int isshort;
3535 uint16_t dur;
3536 uint8_t type;
3537 uint8_t wflags = 0;
3538 uint8_t xflags = 0;
3539
3540 RUN_LOCK_ASSERT(sc, MA_OWNED);
3541
3542 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3543 ("protection %d", prot));
3544
3545 wh = mtod(m, struct ieee80211_frame *);
3546 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3547 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3548
3549 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3550 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3551
3552 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3553 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
3554 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3555 wflags = RT2860_TX_FRAG;
3556
3557 /* check that there are free slots before allocating the mbuf */
3558 if (sc->sc_epq[0].tx_nfree == 0) {
3559 /* let caller free mbuf */
3560 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3561 return (ENOBUFS);
3562 }
3563
3564 if (prot == IEEE80211_PROT_RTSCTS) {
3565 /* NB: CTS is the same size as an ACK */
3566 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3567 xflags |= RT2860_TX_ACK;
3568 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3569 } else {
3570 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3571 }
3572 if (mprot == NULL) {
3573 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
3574 DPRINTF("could not allocate mbuf\n");
3575 return (ENOBUFS);
3576 }
3577
3578 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3579 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3580 sc->sc_epq[0].tx_nfree--;
3581
3582 txd = (struct rt2870_txd *)&data->desc;
3583 txd->flags = RT2860_TX_QSEL_EDCA;
3584 txwi = (struct rt2860_txwi *)(txd + 1);
3585 txwi->wcid = 0xff;
3586 txwi->flags = wflags;
3587 txwi->xflags = xflags;
3588 txwi->txop = 0; /* clear leftover garbage bits */
3589
3590 data->m = mprot;
3591 data->ni = ieee80211_ref_node(ni);
3592
3593 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3594 if (rt2860_rates[ridx].rate == protrate)
3595 break;
3596 data->ridx = ridx;
3597
3598 run_set_tx_desc(sc, data);
3599
3600 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3601 m->m_pkthdr.len, rate);
3602
3603 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3604
3605 usbd_transfer_start(sc->sc_xfer[0]);
3606
3607 return (0);
3608}
3609
3610static int
3611run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3612 const struct ieee80211_bpf_params *params)
3613{
3614 struct ieee80211com *ic = ni->ni_ic;
3615 struct ieee80211_frame *wh;
3616 struct run_tx_data *data;
3617 struct rt2870_txd *txd;
3618 struct rt2860_txwi *txwi;
3619 uint8_t type;
3620 uint8_t ridx;
3621 uint8_t rate;
3622 uint8_t opflags = 0;
3623 uint8_t xflags = 0;
3624 int error;
3625
3626 RUN_LOCK_ASSERT(sc, MA_OWNED);
3627
3628 KASSERT(params != NULL, ("no raw xmit params"));
3629
3630 wh = mtod(m, struct ieee80211_frame *);
3631 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3632
3633 rate = params->ibp_rate0;
3634 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3635 /* let caller free mbuf */
3636 return (EINVAL);
3637 }
3638
3639 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3640 xflags |= RT2860_TX_ACK;
3641 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3642 error = run_sendprot(sc, m, ni,
3643 params->ibp_flags & IEEE80211_BPF_RTS ?
3644 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3645 rate);
3646 if (error) {
3647 /* let caller free mbuf */
3648 return error;
3649 }
3650 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3651 }
3652
3653 if (sc->sc_epq[0].tx_nfree == 0) {
3654 /* let caller free mbuf */
3655 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3656 DPRINTF("sending raw frame, but tx ring is full\n");
3657 return (EIO);
3658 }
3659 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3660 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3661 sc->sc_epq[0].tx_nfree--;
3662
3663 txd = (struct rt2870_txd *)&data->desc;
3664 txd->flags = RT2860_TX_QSEL_EDCA;
3665 txwi = (struct rt2860_txwi *)(txd + 1);
3666 txwi->wcid = 0xff;
3667 txwi->xflags = xflags;
3668 txwi->txop = opflags;
3669 txwi->flags = 0; /* clear leftover garbage bits */
3670
3671 data->m = m;
3672 data->ni = ni;
3673 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3674 if (rt2860_rates[ridx].rate == rate)
3675 break;
3676 data->ridx = ridx;
3677
3678 run_set_tx_desc(sc, data);
3679
3680 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3681 m->m_pkthdr.len, rate);
3682
3683 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3684
3685 usbd_transfer_start(sc->sc_xfer[0]);
3686
3687 return (0);
3688}
3689
3690static int
3691run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3692 const struct ieee80211_bpf_params *params)
3693{
3694 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3695 struct run_softc *sc = ifp->if_softc;
3696 int error = 0;
3697
3698 RUN_LOCK(sc);
3699
3700 /* prevent management frames from being sent if we're not ready */
3701 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
3702 error = ENETDOWN;
3703 goto done;
3704 }
3705
3706 if (params == NULL) {
3707 /* tx mgt packet */
3708 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3709 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3710 DPRINTF("mgt tx failed\n");
3711 goto done;
3712 }
3713 } else {
3714 /* tx raw packet with param */
3715 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3716 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3717 DPRINTF("tx with param failed\n");
3718 goto done;
3719 }
3720 }
3721
3722 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
3723
3724done:
3725 RUN_UNLOCK(sc);
3726
3727 if (error != 0) {
3728 if(m != NULL)
3729 m_freem(m);
3730 ieee80211_free_node(ni);
3731 }
3732
3733 return (error);
3734}
3735
3736static void
3737run_start(struct ifnet *ifp)
3738{
3739 struct run_softc *sc = ifp->if_softc;
3740 struct ieee80211_node *ni;
3741 struct mbuf *m;
3742
3743 RUN_LOCK(sc);
3744
3745 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3746 RUN_UNLOCK(sc);
3747 return;
3748 }
3749
3750 for (;;) {
3751 /* send data frames */
3752 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3753 if (m == NULL)
3754 break;
3755
3756 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3757 if (run_tx(sc, m, ni) != 0) {
3758 IFQ_DRV_PREPEND(&ifp->if_snd, m);
3759 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3760 break;
3761 }
3762 }
3763
3764 RUN_UNLOCK(sc);
3765}
3766
3767static int
3768run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3769{
3770 struct run_softc *sc = ifp->if_softc;
3771 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3772 struct ifreq *ifr = (struct ifreq *) data;
3773 int startall = 0;
3774 int error;
3775
3776 RUN_LOCK(sc);
3777 error = sc->sc_detached ? ENXIO : 0;
3778 RUN_UNLOCK(sc);
3779 if (error)
3780 return (error);
3781
3782 switch (cmd) {
3783 case SIOCSIFFLAGS:
3784 RUN_LOCK(sc);
3785 if (ifp->if_flags & IFF_UP) {
3786 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){
3787 startall = 1;
3788 run_init_locked(sc);
3789 } else
3790 run_update_promisc_locked(ifp);
3791 } else {
3792 if (ifp->if_drv_flags & IFF_DRV_RUNNING &&
3793 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
3794 run_stop(sc);
3795 }
3796 }
3797 RUN_UNLOCK(sc);
3798 if (startall)
3799 ieee80211_start_all(ic);
3800 break;
3801 case SIOCGIFMEDIA:
3802 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3803 break;
3804 case SIOCGIFADDR:
3805 error = ether_ioctl(ifp, cmd, data);
3806 break;
3807 default:
3808 error = EINVAL;
3809 break;
3810 }
3811
3812 return (error);
3813}
3814
3815static void
3816run_iq_calib(struct run_softc *sc, u_int chan)
3817{
3818 uint16_t val;
3819
3820 /* Tx0 IQ gain. */
3821 run_bbp_write(sc, 158, 0x2c);
3822 if (chan <= 14)
3823 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3824 else if (chan <= 64) {
3825 run_efuse_read(sc,
3826 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3827 &val, 1);
3828 } else if (chan <= 138) {
3829 run_efuse_read(sc,
3830 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3831 &val, 1);
3832 } else if (chan <= 165) {
3833 run_efuse_read(sc,
3834 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3835 &val, 1);
3836 } else
3837 val = 0;
3838 run_bbp_write(sc, 159, val);
3839
3840 /* Tx0 IQ phase. */
3841 run_bbp_write(sc, 158, 0x2d);
3842 if (chan <= 14) {
3843 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3844 &val, 1);
3845 } else if (chan <= 64) {
3846 run_efuse_read(sc,
3847 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3848 &val, 1);
3849 } else if (chan <= 138) {
3850 run_efuse_read(sc,
3851 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3852 &val, 1);
3853 } else if (chan <= 165) {
3854 run_efuse_read(sc,
3855 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3856 &val, 1);
3857 } else
3858 val = 0;
3859 run_bbp_write(sc, 159, val);
3860
3861 /* Tx1 IQ gain. */
3862 run_bbp_write(sc, 158, 0x4a);
3863 if (chan <= 14) {
3864 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3865 &val, 1);
3866 } else if (chan <= 64) {
3867 run_efuse_read(sc,
3868 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3869 &val, 1);
3870 } else if (chan <= 138) {
3871 run_efuse_read(sc,
3872 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3873 &val, 1);
3874 } else if (chan <= 165) {
3875 run_efuse_read(sc,
3876 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3877 &val, 1);
3878 } else
3879 val = 0;
3880 run_bbp_write(sc, 159, val);
3881
3882 /* Tx1 IQ phase. */
3883 run_bbp_write(sc, 158, 0x4b);
3884 if (chan <= 14) {
3885 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3886 &val, 1);
3887 } else if (chan <= 64) {
3888 run_efuse_read(sc,
3889 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3890 &val, 1);
3891 } else if (chan <= 138) {
3892 run_efuse_read(sc,
3893 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3894 &val, 1);
3895 } else if (chan <= 165) {
3896 run_efuse_read(sc,
3897 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3898 &val, 1);
3899 } else
3900 val = 0;
3901 run_bbp_write(sc, 159, val);
3902
3903 /* RF IQ compensation control. */
3904 run_bbp_write(sc, 158, 0x04);
3905 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3906 &val, 1);
3907 run_bbp_write(sc, 159, val);
3908
3909 /* RF IQ imbalance compensation control. */
3910 run_bbp_write(sc, 158, 0x03);
3911 run_efuse_read(sc,
3912 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3913 run_bbp_write(sc, 159, val);
3914}
3915
3916static void
3917run_set_agc(struct run_softc *sc, uint8_t agc)
3918{
3919 uint8_t bbp;
3920
3921 if (sc->mac_ver == 0x3572) {
3922 run_bbp_read(sc, 27, &bbp);
3923 bbp &= ~(0x3 << 5);
3924 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3925 run_bbp_write(sc, 66, agc);
3926 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3927 run_bbp_write(sc, 66, agc);
3928 } else
3929 run_bbp_write(sc, 66, agc);
3930}
3931
3932static void
3933run_select_chan_group(struct run_softc *sc, int group)
3934{
3935 uint32_t tmp;
3936 uint8_t agc;
3937
3938 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3939 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3940 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3941 if (sc->mac_ver < 0x3572)
3942 run_bbp_write(sc, 86, 0x00);
3943
3944 if (sc->mac_ver == 0x3593) {
3945 run_bbp_write(sc, 77, 0x98);
3946 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3947 }
3948
3949 if (group == 0) {
3950 if (sc->ext_2ghz_lna) {
3951 if (sc->mac_ver >= 0x5390)
3952 run_bbp_write(sc, 75, 0x52);
3953 else {
3954 run_bbp_write(sc, 82, 0x62);
3955 run_bbp_write(sc, 75, 0x46);
3956 }
3957 } else {
3958 if (sc->mac_ver == 0x5592) {
3959 run_bbp_write(sc, 79, 0x1c);
3960 run_bbp_write(sc, 80, 0x0e);
3961 run_bbp_write(sc, 81, 0x3a);
3962 run_bbp_write(sc, 82, 0x62);
3963
3964 run_bbp_write(sc, 195, 0x80);
3965 run_bbp_write(sc, 196, 0xe0);
3966 run_bbp_write(sc, 195, 0x81);
3967 run_bbp_write(sc, 196, 0x1f);
3968 run_bbp_write(sc, 195, 0x82);
3969 run_bbp_write(sc, 196, 0x38);
3970 run_bbp_write(sc, 195, 0x83);
3971 run_bbp_write(sc, 196, 0x32);
3972 run_bbp_write(sc, 195, 0x85);
3973 run_bbp_write(sc, 196, 0x28);
3974 run_bbp_write(sc, 195, 0x86);
3975 run_bbp_write(sc, 196, 0x19);
3976 } else if (sc->mac_ver >= 0x5390)
3977 run_bbp_write(sc, 75, 0x50);
3978 else {
3979 run_bbp_write(sc, 82,
3980 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3981 run_bbp_write(sc, 75, 0x50);
3982 }
3983 }
3984 } else {
3985 if (sc->mac_ver == 0x5592) {
3986 run_bbp_write(sc, 79, 0x18);
3987 run_bbp_write(sc, 80, 0x08);
3988 run_bbp_write(sc, 81, 0x38);
3989 run_bbp_write(sc, 82, 0x92);
3990
3991 run_bbp_write(sc, 195, 0x80);
3992 run_bbp_write(sc, 196, 0xf0);
3993 run_bbp_write(sc, 195, 0x81);
3994 run_bbp_write(sc, 196, 0x1e);
3995 run_bbp_write(sc, 195, 0x82);
3996 run_bbp_write(sc, 196, 0x28);
3997 run_bbp_write(sc, 195, 0x83);
3998 run_bbp_write(sc, 196, 0x20);
3999 run_bbp_write(sc, 195, 0x85);
4000 run_bbp_write(sc, 196, 0x7f);
4001 run_bbp_write(sc, 195, 0x86);
4002 run_bbp_write(sc, 196, 0x7f);
4003 } else if (sc->mac_ver == 0x3572)
4004 run_bbp_write(sc, 82, 0x94);
4005 else
4006 run_bbp_write(sc, 82,
4007 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4008 if (sc->ext_5ghz_lna)
4009 run_bbp_write(sc, 75, 0x46);
4010 else
4011 run_bbp_write(sc, 75, 0x50);
4012 }
4013
4014 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4015 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4016 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4017 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4018
4019 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4020 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4021 if (sc->mac_ver == 0x3593)
4022 tmp |= 1 << 29 | 1 << 28;
4023 if (sc->nrxchains > 1)
4024 tmp |= RT2860_LNA_PE1_EN;
4025 if (group == 0) { /* 2GHz */
4026 tmp |= RT2860_PA_PE_G0_EN;
4027 if (sc->ntxchains > 1)
4028 tmp |= RT2860_PA_PE_G1_EN;
4029 if (sc->mac_ver == 0x3593) {
4030 if (sc->ntxchains > 2)
4031 tmp |= 1 << 25;
4032 }
4033 } else { /* 5GHz */
4034 tmp |= RT2860_PA_PE_A0_EN;
4035 if (sc->ntxchains > 1)
4036 tmp |= RT2860_PA_PE_A1_EN;
4037 }
4038 if (sc->mac_ver == 0x3572) {
4039 run_rt3070_rf_write(sc, 8, 0x00);
4040 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4041 run_rt3070_rf_write(sc, 8, 0x80);
4042 } else
4043 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4044
4045 if (sc->mac_ver == 0x5592) {
4046 run_bbp_write(sc, 195, 0x8d);
4047 run_bbp_write(sc, 196, 0x1a);
4048 }
4049
4050 if (sc->mac_ver == 0x3593) {
4051 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4052 tmp &= ~0x01010000;
4053 if (group == 0)
4054 tmp |= 0x00010000;
4055 tmp = (tmp & ~0x00009090) | 0x00000090;
4056 run_write(sc, RT2860_GPIO_CTRL, tmp);
4057 }
4058
4059 /* set initial AGC value */
4060 if (group == 0) { /* 2GHz band */
4061 if (sc->mac_ver >= 0x3070)
4062 agc = 0x1c + sc->lna[0] * 2;
4063 else
4064 agc = 0x2e + sc->lna[0];
4065 } else { /* 5GHz band */
4066 if (sc->mac_ver == 0x5592)
4067 agc = 0x24 + sc->lna[group] * 2;
4068 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4069 agc = 0x22 + (sc->lna[group] * 5) / 3;
4070 else
4071 agc = 0x32 + (sc->lna[group] * 5) / 3;
4072 }
4073 run_set_agc(sc, agc);
4074}
4075
4076static void
4077run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4078{
4079 const struct rfprog *rfprog = rt2860_rf2850;
4080 uint32_t r2, r3, r4;
4081 int8_t txpow1, txpow2;
4082 int i;
4083
4084 /* find the settings for this channel (we know it exists) */
4085 for (i = 0; rfprog[i].chan != chan; i++);
4086
4087 r2 = rfprog[i].r2;
4088 if (sc->ntxchains == 1)
4089 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4090 if (sc->nrxchains == 1)
4091 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4092 else if (sc->nrxchains == 2)
4093 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4094
4095 /* use Tx power values from EEPROM */
4096 txpow1 = sc->txpow1[i];
4097 txpow2 = sc->txpow2[i];
4098
4099 /* Initialize RF R3 and R4. */
4100 r3 = rfprog[i].r3 & 0xffffc1ff;
4101 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4102 if (chan > 14) {
4103 if (txpow1 >= 0) {
4104 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4105 r3 |= (txpow1 << 10) | (1 << 9);
4106 } else {
4107 txpow1 += 7;
4108
4109 /* txpow1 is not possible larger than 15. */
4110 r3 |= (txpow1 << 10);
4111 }
4112 if (txpow2 >= 0) {
4113 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4114 r4 |= (txpow2 << 7) | (1 << 6);
4115 } else {
4116 txpow2 += 7;
4117 r4 |= (txpow2 << 7);
4118 }
4119 } else {
4120 /* Set Tx0 power. */
4121 r3 |= (txpow1 << 9);
4122
4123 /* Set frequency offset and Tx1 power. */
4124 r4 |= (txpow2 << 6);
4125 }
4126
4127 run_rt2870_rf_write(sc, rfprog[i].r1);
4128 run_rt2870_rf_write(sc, r2);
4129 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4130 run_rt2870_rf_write(sc, r4);
4131
4132 run_delay(sc, 10);
4133
4134 run_rt2870_rf_write(sc, rfprog[i].r1);
4135 run_rt2870_rf_write(sc, r2);
4136 run_rt2870_rf_write(sc, r3 | (1 << 2));
4137 run_rt2870_rf_write(sc, r4);
4138
4139 run_delay(sc, 10);
4140
4141 run_rt2870_rf_write(sc, rfprog[i].r1);
4142 run_rt2870_rf_write(sc, r2);
4143 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4144 run_rt2870_rf_write(sc, r4);
4145}
4146
4147static void
4148run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4149{
4150 int8_t txpow1, txpow2;
4151 uint8_t rf;
4152 int i;
4153
4154 /* find the settings for this channel (we know it exists) */
4155 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4156
4157 /* use Tx power values from EEPROM */
4158 txpow1 = sc->txpow1[i];
4159 txpow2 = sc->txpow2[i];
4160
4161 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4162
4163 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4164 run_rt3070_rf_read(sc, 3, &rf);
4165 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4166 run_rt3070_rf_write(sc, 3, rf);
4167
4168 run_rt3070_rf_read(sc, 6, &rf);
4169 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4170 run_rt3070_rf_write(sc, 6, rf);
4171
4172 /* set Tx0 power */
4173 run_rt3070_rf_read(sc, 12, &rf);
4174 rf = (rf & ~0x1f) | txpow1;
4175 run_rt3070_rf_write(sc, 12, rf);
4176
4177 /* set Tx1 power */
4178 run_rt3070_rf_read(sc, 13, &rf);
4179 rf = (rf & ~0x1f) | txpow2;
4180 run_rt3070_rf_write(sc, 13, rf);
4181
4182 run_rt3070_rf_read(sc, 1, &rf);
4183 rf &= ~0xfc;
4184 if (sc->ntxchains == 1)
4185 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4186 else if (sc->ntxchains == 2)
4187 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4188 if (sc->nrxchains == 1)
4189 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4190 else if (sc->nrxchains == 2)
4191 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4192 run_rt3070_rf_write(sc, 1, rf);
4193
4194 /* set RF offset */
4195 run_rt3070_rf_read(sc, 23, &rf);
4196 rf = (rf & ~0x7f) | sc->freq;
4197 run_rt3070_rf_write(sc, 23, rf);
4198
4199 /* program RF filter */
4200 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4201 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4202 run_rt3070_rf_write(sc, 24, rf);
4203 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4204 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4205 run_rt3070_rf_write(sc, 31, rf);
4206
4207 /* enable RF tuning */
4208 run_rt3070_rf_read(sc, 7, &rf);
4209 run_rt3070_rf_write(sc, 7, rf | 0x01);
4210}
4211
4212static void
4213run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4214{
4215 int8_t txpow1, txpow2;
4216 uint32_t tmp;
4217 uint8_t rf;
4218 int i;
4219
4220 /* find the settings for this channel (we know it exists) */
4221 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4222
4223 /* use Tx power values from EEPROM */
4224 txpow1 = sc->txpow1[i];
4225 txpow2 = sc->txpow2[i];
4226
4227 if (chan <= 14) {
4228 run_bbp_write(sc, 25, sc->bbp25);
4229 run_bbp_write(sc, 26, sc->bbp26);
4230 } else {
4231 /* enable IQ phase correction */
4232 run_bbp_write(sc, 25, 0x09);
4233 run_bbp_write(sc, 26, 0xff);
4234 }
4235
4236 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4237 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4238 run_rt3070_rf_read(sc, 6, &rf);
4239 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4240 rf |= (chan <= 14) ? 0x08 : 0x04;
4241 run_rt3070_rf_write(sc, 6, rf);
4242
4243 /* set PLL mode */
4244 run_rt3070_rf_read(sc, 5, &rf);
4245 rf &= ~(0x08 | 0x04);
4246 rf |= (chan <= 14) ? 0x04 : 0x08;
4247 run_rt3070_rf_write(sc, 5, rf);
4248
4249 /* set Tx power for chain 0 */
4250 if (chan <= 14)
4251 rf = 0x60 | txpow1;
4252 else
4253 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4254 run_rt3070_rf_write(sc, 12, rf);
4255
4256 /* set Tx power for chain 1 */
4257 if (chan <= 14)
4258 rf = 0x60 | txpow2;
4259 else
4260 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4261 run_rt3070_rf_write(sc, 13, rf);
4262
4263 /* set Tx/Rx streams */
4264 run_rt3070_rf_read(sc, 1, &rf);
4265 rf &= ~0xfc;
4266 if (sc->ntxchains == 1)
4267 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4268 else if (sc->ntxchains == 2)
4269 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4270 if (sc->nrxchains == 1)
4271 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4272 else if (sc->nrxchains == 2)
4273 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4274 run_rt3070_rf_write(sc, 1, rf);
4275
4276 /* set RF offset */
4277 run_rt3070_rf_read(sc, 23, &rf);
4278 rf = (rf & ~0x7f) | sc->freq;
4279 run_rt3070_rf_write(sc, 23, rf);
4280
4281 /* program RF filter */
4282 rf = sc->rf24_20mhz;
4283 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4284 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4285
4286 /* enable RF tuning */
4287 run_rt3070_rf_read(sc, 7, &rf);
4288 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4289 run_rt3070_rf_write(sc, 7, rf);
4290
4291 /* TSSI */
4292 rf = (chan <= 14) ? 0xc3 : 0xc0;
4293 run_rt3070_rf_write(sc, 9, rf);
4294
4295 /* set loop filter 1 */
4296 run_rt3070_rf_write(sc, 10, 0xf1);
4297 /* set loop filter 2 */
4298 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4299
4300 /* set tx_mx2_ic */
4301 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4302 /* set tx_mx1_ic */
4303 if (chan <= 14)
4304 rf = 0x48 | sc->txmixgain_2ghz;
4305 else
4306 rf = 0x78 | sc->txmixgain_5ghz;
4307 run_rt3070_rf_write(sc, 16, rf);
4308
4309 /* set tx_lo1 */
4310 run_rt3070_rf_write(sc, 17, 0x23);
4311 /* set tx_lo2 */
4312 if (chan <= 14)
4313 rf = 0x93;
4314 else if (chan <= 64)
4315 rf = 0xb7;
4316 else if (chan <= 128)
4317 rf = 0x74;
4318 else
4319 rf = 0x72;
4320 run_rt3070_rf_write(sc, 19, rf);
4321
4322 /* set rx_lo1 */
4323 if (chan <= 14)
4324 rf = 0xb3;
4325 else if (chan <= 64)
4326 rf = 0xf6;
4327 else if (chan <= 128)
4328 rf = 0xf4;
4329 else
4330 rf = 0xf3;
4331 run_rt3070_rf_write(sc, 20, rf);
4332
4333 /* set pfd_delay */
4334 if (chan <= 14)
4335 rf = 0x15;
4336 else if (chan <= 64)
4337 rf = 0x3d;
4338 else
4339 rf = 0x01;
4340 run_rt3070_rf_write(sc, 25, rf);
4341
4342 /* set rx_lo2 */
4343 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4344 /* set ldo_rf_vc */
4345 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4346 /* set drv_cc */
4347 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4348
4349 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4350 tmp &= ~0x8080;
4351 if (chan <= 14)
4352 tmp |= 0x80;
4353 run_write(sc, RT2860_GPIO_CTRL, tmp);
4354
4355 /* enable RF tuning */
4356 run_rt3070_rf_read(sc, 7, &rf);
4357 run_rt3070_rf_write(sc, 7, rf | 0x01);
4358
4359 run_delay(sc, 2);
4360}
4361
4362static void
4363run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4364{
4365 int8_t txpow1, txpow2, txpow3;
4366 uint8_t h20mhz, rf;
4367 int i;
4368
4369 /* find the settings for this channel (we know it exists) */
4370 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4371
4372 /* use Tx power values from EEPROM */
4373 txpow1 = sc->txpow1[i];
4374 txpow2 = sc->txpow2[i];
4375 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4376
4377 if (chan <= 14) {
4378 run_bbp_write(sc, 25, sc->bbp25);
4379 run_bbp_write(sc, 26, sc->bbp26);
4380 } else {
4381 /* Enable IQ phase correction. */
4382 run_bbp_write(sc, 25, 0x09);
4383 run_bbp_write(sc, 26, 0xff);
4384 }
4385
4386 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4387 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4388 run_rt3070_rf_read(sc, 11, &rf);
4389 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4390 run_rt3070_rf_write(sc, 11, rf);
4391
4392 /* Set pll_idoh. */
4393 run_rt3070_rf_read(sc, 11, &rf);
4394 rf &= ~0x4c;
4395 rf |= (chan <= 14) ? 0x44 : 0x48;
4396 run_rt3070_rf_write(sc, 11, rf);
4397
4398 if (chan <= 14)
4399 rf = txpow1 & 0x1f;
4400 else
4401 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4402 run_rt3070_rf_write(sc, 53, rf);
4403
4404 if (chan <= 14)
4405 rf = txpow2 & 0x1f;
4406 else
4407 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4408 run_rt3070_rf_write(sc, 55, rf);
4409
4410 if (chan <= 14)
4411 rf = txpow3 & 0x1f;
4412 else
4413 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4414 run_rt3070_rf_write(sc, 54, rf);
4415
4416 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4417 if (sc->ntxchains == 3)
4418 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4419 else
4420 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4421 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4422 run_rt3070_rf_write(sc, 1, rf);
4423
4424 run_adjust_freq_offset(sc);
4425
4426 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4427
4428 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4429 run_rt3070_rf_read(sc, 30, &rf);
4430 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4431 run_rt3070_rf_write(sc, 30, rf);
4432
4433 run_rt3070_rf_read(sc, 36, &rf);
4434 if (chan <= 14)
4435 rf |= 0x80;
4436 else
4437 rf &= ~0x80;
4438 run_rt3070_rf_write(sc, 36, rf);
4439
4440 /* Set vcolo_bs. */
4441 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4442 /* Set pfd_delay. */
4443 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4444
4445 /* Set vco bias current control. */
4446 run_rt3070_rf_read(sc, 6, &rf);
4447 rf &= ~0xc0;
4448 if (chan <= 14)
4449 rf |= 0x40;
4450 else if (chan <= 128)
4451 rf |= 0x80;
4452 else
4453 rf |= 0x40;
4454 run_rt3070_rf_write(sc, 6, rf);
4455
4456 run_rt3070_rf_read(sc, 30, &rf);
4457 rf = (rf & ~0x18) | 0x10;
4458 run_rt3070_rf_write(sc, 30, rf);
4459
4460 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4461 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4462
4463 run_rt3070_rf_read(sc, 51, &rf);
4464 rf = (rf & ~0x03) | 0x01;
4465 run_rt3070_rf_write(sc, 51, rf);
4466 /* Set tx_mx1_cc. */
4467 run_rt3070_rf_read(sc, 51, &rf);
4468 rf &= ~0x1c;
4469 rf |= (chan <= 14) ? 0x14 : 0x10;
4470 run_rt3070_rf_write(sc, 51, rf);
4471 /* Set tx_mx1_ic. */
4472 run_rt3070_rf_read(sc, 51, &rf);
4473 rf &= ~0xe0;
4474 rf |= (chan <= 14) ? 0x60 : 0x40;
4475 run_rt3070_rf_write(sc, 51, rf);
4476 /* Set tx_lo1_ic. */
4477 run_rt3070_rf_read(sc, 49, &rf);
4478 rf &= ~0x1c;
4479 rf |= (chan <= 14) ? 0x0c : 0x08;
4480 run_rt3070_rf_write(sc, 49, rf);
4481 /* Set tx_lo1_en. */
4482 run_rt3070_rf_read(sc, 50, &rf);
4483 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4484 /* Set drv_cc. */
4485 run_rt3070_rf_read(sc, 57, &rf);
4486 rf &= ~0xfc;
4487 rf |= (chan <= 14) ? 0x6c : 0x3c;
4488 run_rt3070_rf_write(sc, 57, rf);
4489 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4490 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4491 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4492 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4493 /* Enable VCO calibration. */
4494 run_rt3070_rf_read(sc, 3, &rf);
4495 rf &= ~RT5390_VCOCAL;
4496 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4497 run_rt3070_rf_write(sc, 3, rf);
4498
4499 if (chan <= 14)
4500 rf = 0x23;
4501 else if (chan <= 64)
4502 rf = 0x36;
4503 else if (chan <= 128)
4504 rf = 0x32;
4505 else
4506 rf = 0x30;
4507 run_rt3070_rf_write(sc, 39, rf);
4508 if (chan <= 14)
4509 rf = 0xbb;
4510 else if (chan <= 64)
4511 rf = 0xeb;
4512 else if (chan <= 128)
4513 rf = 0xb3;
4514 else
4515 rf = 0x9b;
4516 run_rt3070_rf_write(sc, 45, rf);
4517
4518 /* Set FEQ/AEQ control. */
4519 run_bbp_write(sc, 105, 0x34);
4520}
4521
4522static void
4523run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4524{
4525 int8_t txpow1, txpow2;
4526 uint8_t rf;
4527 int i;
4528
4529 /* find the settings for this channel (we know it exists) */
4530 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4531
4532 /* use Tx power values from EEPROM */
4533 txpow1 = sc->txpow1[i];
4534 txpow2 = sc->txpow2[i];
4535
4536 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4537 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4538 run_rt3070_rf_read(sc, 11, &rf);
4539 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4540 run_rt3070_rf_write(sc, 11, rf);
4541
4542 run_rt3070_rf_read(sc, 49, &rf);
4543 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4544 /* The valid range of the RF R49 is 0x00 to 0x27. */
4545 if ((rf & 0x3f) > 0x27)
4546 rf = (rf & ~0x3f) | 0x27;
4547 run_rt3070_rf_write(sc, 49, rf);
4548
4549 if (sc->mac_ver == 0x5392) {
4550 run_rt3070_rf_read(sc, 50, &rf);
4551 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4552 /* The valid range of the RF R50 is 0x00 to 0x27. */
4553 if ((rf & 0x3f) > 0x27)
4554 rf = (rf & ~0x3f) | 0x27;
4555 run_rt3070_rf_write(sc, 50, rf);
4556 }
4557
4558 run_rt3070_rf_read(sc, 1, &rf);
4559 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4560 if (sc->mac_ver == 0x5392)
4561 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4562 run_rt3070_rf_write(sc, 1, rf);
4563
4564 if (sc->mac_ver != 0x5392) {
4565 run_rt3070_rf_read(sc, 2, &rf);
4566 rf |= 0x80;
4567 run_rt3070_rf_write(sc, 2, rf);
4568 run_delay(sc, 10);
4569 rf &= 0x7f;
4570 run_rt3070_rf_write(sc, 2, rf);
4571 }
4572
4573 run_adjust_freq_offset(sc);
4574
4575 if (sc->mac_ver == 0x5392) {
4576 /* Fix for RT5392C. */
4577 if (sc->mac_rev >= 0x0223) {
4578 if (chan <= 4)
4579 rf = 0x0f;
4580 else if (chan >= 5 && chan <= 7)
4581 rf = 0x0e;
4582 else
4583 rf = 0x0d;
4584 run_rt3070_rf_write(sc, 23, rf);
4585
4586 if (chan <= 4)
4587 rf = 0x0c;
4588 else if (chan == 5)
4589 rf = 0x0b;
4590 else if (chan >= 6 && chan <= 7)
4591 rf = 0x0a;
4592 else if (chan >= 8 && chan <= 10)
4593 rf = 0x09;
4594 else
4595 rf = 0x08;
4596 run_rt3070_rf_write(sc, 59, rf);
4597 } else {
4598 if (chan <= 11)
4599 rf = 0x0f;
4600 else
4601 rf = 0x0b;
4602 run_rt3070_rf_write(sc, 59, rf);
4603 }
4604 } else {
4605 /* Fix for RT5390F. */
4606 if (sc->mac_rev >= 0x0502) {
4607 if (chan <= 11)
4608 rf = 0x43;
4609 else
4610 rf = 0x23;
4611 run_rt3070_rf_write(sc, 55, rf);
4612
4613 if (chan <= 11)
4614 rf = 0x0f;
4615 else if (chan == 12)
4616 rf = 0x0d;
4617 else
4618 rf = 0x0b;
4619 run_rt3070_rf_write(sc, 59, rf);
4620 } else {
4621 run_rt3070_rf_write(sc, 55, 0x44);
4622 run_rt3070_rf_write(sc, 59, 0x8f);
4623 }
4624 }
4625
4626 /* Enable VCO calibration. */
4627 run_rt3070_rf_read(sc, 3, &rf);
4628 rf |= RT5390_VCOCAL;
4629 run_rt3070_rf_write(sc, 3, rf);
4630}
4631
4632static void
4633run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4634{
4635 const struct rt5592_freqs *freqs;
4636 uint32_t tmp;
4637 uint8_t reg, rf, txpow_bound;
4638 int8_t txpow1, txpow2;
4639 int i;
4640
4641 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4642 freqs = (tmp & RT5592_SEL_XTAL) ?
4643 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4644
4645 /* find the settings for this channel (we know it exists) */
4646 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4647
4648 /* use Tx power values from EEPROM */
4649 txpow1 = sc->txpow1[i];
4650 txpow2 = sc->txpow2[i];
4651
4652 run_read(sc, RT3070_LDO_CFG0, &tmp);
4653 tmp &= ~0x1c000000;
4654 if (chan > 14)
4655 tmp |= 0x14000000;
4656 run_write(sc, RT3070_LDO_CFG0, tmp);
4657
4658 /* N setting. */
4659 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4660 run_rt3070_rf_read(sc, 9, &rf);
4661 rf &= ~(1 << 4);
4662 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4663 run_rt3070_rf_write(sc, 9, rf);
4664
4665 /* K setting. */
4666 run_rt3070_rf_read(sc, 9, &rf);
4667 rf &= ~0x0f;
4668 rf |= (freqs->k & 0x0f);
4669 run_rt3070_rf_write(sc, 9, rf);
4670
4671 /* Mode setting. */
4672 run_rt3070_rf_read(sc, 11, &rf);
4673 rf &= ~0x0c;
4674 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4675 run_rt3070_rf_write(sc, 11, rf);
4676 run_rt3070_rf_read(sc, 9, &rf);
4677 rf &= ~(1 << 7);
4678 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4679 run_rt3070_rf_write(sc, 9, rf);
4680
4681 /* R setting. */
4682 run_rt3070_rf_read(sc, 11, &rf);
4683 rf &= ~0x03;
4684 rf |= (freqs->r - 0x1);
4685 run_rt3070_rf_write(sc, 11, rf);
4686
4687 if (chan <= 14) {
4688 /* Initialize RF registers for 2GHZ. */
4689 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4690 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4691 rt5592_2ghz_def_rf[i].val);
4692 }
4693
4694 rf = (chan <= 10) ? 0x07 : 0x06;
4695 run_rt3070_rf_write(sc, 23, rf);
4696 run_rt3070_rf_write(sc, 59, rf);
4697
4698 run_rt3070_rf_write(sc, 55, 0x43);
4699
4700 /*
4701 * RF R49/R50 Tx power ALC code.
4702 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4703 */
4704 reg = 2;
4705 txpow_bound = 0x27;
4706 } else {
4707 /* Initialize RF registers for 5GHZ. */
4708 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4709 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4710 rt5592_5ghz_def_rf[i].val);
4711 }
4712 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4713 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4714 chan <= rt5592_chan_5ghz[i].lastchan) {
4715 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4716 rt5592_chan_5ghz[i].val);
4717 }
4718 }
4719
4720 /*
4721 * RF R49/R50 Tx power ALC code.
4722 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4723 */
4724 reg = 3;
4725 txpow_bound = 0x2b;
4726 }
4727
4728 /* RF R49 ch0 Tx power ALC code. */
4729 run_rt3070_rf_read(sc, 49, &rf);
4730 rf &= ~0xc0;
4731 rf |= (reg << 6);
4732 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4733 if ((rf & 0x3f) > txpow_bound)
4734 rf = (rf & ~0x3f) | txpow_bound;
4735 run_rt3070_rf_write(sc, 49, rf);
4736
4737 /* RF R50 ch1 Tx power ALC code. */
4738 run_rt3070_rf_read(sc, 50, &rf);
4739 rf &= ~(1 << 7 | 1 << 6);
4740 rf |= (reg << 6);
4741 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4742 if ((rf & 0x3f) > txpow_bound)
4743 rf = (rf & ~0x3f) | txpow_bound;
4744 run_rt3070_rf_write(sc, 50, rf);
4745
4746 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4747 run_rt3070_rf_read(sc, 1, &rf);
4748 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4749 if (sc->ntxchains > 1)
4750 rf |= RT3070_TX1_PD;
4751 if (sc->nrxchains > 1)
4752 rf |= RT3070_RX1_PD;
4753 run_rt3070_rf_write(sc, 1, rf);
4754
4755 run_rt3070_rf_write(sc, 6, 0xe4);
4756
4757 run_rt3070_rf_write(sc, 30, 0x10);
4758 run_rt3070_rf_write(sc, 31, 0x80);
4759 run_rt3070_rf_write(sc, 32, 0x80);
4760
4761 run_adjust_freq_offset(sc);
4762
4763 /* Enable VCO calibration. */
4764 run_rt3070_rf_read(sc, 3, &rf);
4765 rf |= RT5390_VCOCAL;
4766 run_rt3070_rf_write(sc, 3, rf);
4767}
4768
4769static void
4770run_set_rx_antenna(struct run_softc *sc, int aux)
4771{
4772 uint32_t tmp;
4773 uint8_t bbp152;
4774
4775 if (aux) {
4776 if (sc->rf_rev == RT5390_RF_5370) {
4777 run_bbp_read(sc, 152, &bbp152);
4778 run_bbp_write(sc, 152, bbp152 & ~0x80);
4779 } else {
4780 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4781 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4782 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4783 }
4784 } else {
4785 if (sc->rf_rev == RT5390_RF_5370) {
4786 run_bbp_read(sc, 152, &bbp152);
4787 run_bbp_write(sc, 152, bbp152 | 0x80);
4788 } else {
4789 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4790 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4791 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4792 }
4793 }
4794}
4795
4796static int
4797run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4798{
4799 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4800 u_int chan, group;
4801
4802 chan = ieee80211_chan2ieee(ic, c);
4803 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4804 return (EINVAL);
4805
4806 if (sc->mac_ver == 0x5592)
4807 run_rt5592_set_chan(sc, chan);
4808 else if (sc->mac_ver >= 0x5390)
4809 run_rt5390_set_chan(sc, chan);
4810 else if (sc->mac_ver == 0x3593)
4811 run_rt3593_set_chan(sc, chan);
4812 else if (sc->mac_ver == 0x3572)
4813 run_rt3572_set_chan(sc, chan);
4814 else if (sc->mac_ver >= 0x3070)
4815 run_rt3070_set_chan(sc, chan);
4816 else
4817 run_rt2870_set_chan(sc, chan);
4818
4819 /* determine channel group */
4820 if (chan <= 14)
4821 group = 0;
4822 else if (chan <= 64)
4823 group = 1;
4824 else if (chan <= 128)
4825 group = 2;
4826 else
4827 group = 3;
4828
4829 /* XXX necessary only when group has changed! */
4830 run_select_chan_group(sc, group);
4831
4832 run_delay(sc, 10);
4833
4834 /* Perform IQ calibration. */
4835 if (sc->mac_ver >= 0x5392)
4836 run_iq_calib(sc, chan);
4837
4838 return (0);
4839}
4840
4841static void
4842run_set_channel(struct ieee80211com *ic)
4843{
4844 struct run_softc *sc = ic->ic_ifp->if_softc;
4845
4846 RUN_LOCK(sc);
4847 run_set_chan(sc, ic->ic_curchan);
4848 RUN_UNLOCK(sc);
4849
4850 return;
4851}
4852
4853static void
4854run_scan_start(struct ieee80211com *ic)
4855{
4856 struct run_softc *sc = ic->ic_ifp->if_softc;
4857 uint32_t tmp;
4858
4859 RUN_LOCK(sc);
4860
4861 /* abort TSF synchronization */
4862 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4863 run_write(sc, RT2860_BCN_TIME_CFG,
4864 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4865 RT2860_TBTT_TIMER_EN));
4866 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
4867
4868 RUN_UNLOCK(sc);
4869
4870 return;
4871}
4872
4873static void
4874run_scan_end(struct ieee80211com *ic)
4875{
4876 struct run_softc *sc = ic->ic_ifp->if_softc;
4877
4878 RUN_LOCK(sc);
4879
4880 run_enable_tsf_sync(sc);
4881 /* XXX keep local copy */
4882 run_set_bssid(sc, sc->sc_bssid);
4883
4884 RUN_UNLOCK(sc);
4885
4886 return;
4887}
4888
4889/*
4890 * Could be called from ieee80211_node_timeout()
4891 * (non-sleepable thread)
4892 */
4893static void
4894run_update_beacon(struct ieee80211vap *vap, int item)
4895{
4896 struct ieee80211com *ic = vap->iv_ic;
4897 struct run_softc *sc = ic->ic_ifp->if_softc;
4898 struct run_vap *rvp = RUN_VAP(vap);
4899 int mcast = 0;
4900 uint32_t i;
4901
4902 KASSERT(vap != NULL, ("no beacon"));
4903
4904 switch (item) {
4905 case IEEE80211_BEACON_ERP:
4906 run_updateslot(ic->ic_ifp);
4907 break;
4908 case IEEE80211_BEACON_HTINFO:
4909 run_updateprot(ic);
4910 break;
4911 case IEEE80211_BEACON_TIM:
4912 mcast = 1; /*TODO*/
4913 break;
4914 default:
4915 break;
4916 }
4917
4918 setbit(rvp->bo.bo_flags, item);
4919 if (rvp->beacon_mbuf == NULL) {
4920 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4921 &rvp->bo);
4922 if (rvp->beacon_mbuf == NULL)
4923 return;
4924 }
4925 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast);
4926
4927 i = RUN_CMDQ_GET(&sc->cmdq_store);
4928 DPRINTF("cmdq_store=%d\n", i);
4929 sc->cmdq[i].func = run_update_beacon_cb;
4930 sc->cmdq[i].arg0 = vap;
4931 ieee80211_runtask(ic, &sc->cmdq_task);
4932
4933 return;
4934}
4935
4936static void
4937run_update_beacon_cb(void *arg)
4938{
4939 struct ieee80211vap *vap = arg;
4940 struct run_vap *rvp = RUN_VAP(vap);
4941 struct ieee80211com *ic = vap->iv_ic;
4942 struct run_softc *sc = ic->ic_ifp->if_softc;
4943 struct rt2860_txwi txwi;
4944 struct mbuf *m;
4945 uint16_t txwisize;
4946 uint8_t ridx;
4947
4948 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
4949 return;
4950 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4951 return;
4952
4953 /*
4954 * No need to call ieee80211_beacon_update(), run_update_beacon()
4955 * is taking care of apropriate calls.
4956 */
4957 if (rvp->beacon_mbuf == NULL) {
4958 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
4959 &rvp->bo);
4960 if (rvp->beacon_mbuf == NULL)
4961 return;
4962 }
4963 m = rvp->beacon_mbuf;
4964
4965 memset(&txwi, 0, sizeof(txwi));
4966 txwi.wcid = 0xff;
4967 txwi.len = htole16(m->m_pkthdr.len);
4968
4969 /* send beacons at the lowest available rate */
4970 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4971 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4972 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4973 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4974 txwi.phy |= htole16(RT2860_PHY_OFDM);
4975 txwi.txop = RT2860_TX_TXOP_HT;
4976 txwi.flags = RT2860_TX_TS;
4977 txwi.xflags = RT2860_TX_NSEQ;
4978
4979 txwisize = (sc->mac_ver == 0x5592) ?
4980 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4981 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4982 txwisize);
4983 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4984 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4985}
4986
4987static void
4988run_updateprot(struct ieee80211com *ic)
4989{
4990 struct run_softc *sc = ic->ic_ifp->if_softc;
4991 uint32_t i;
4992
4993 i = RUN_CMDQ_GET(&sc->cmdq_store);
4994 DPRINTF("cmdq_store=%d\n", i);
4995 sc->cmdq[i].func = run_updateprot_cb;
4996 sc->cmdq[i].arg0 = ic;
4997 ieee80211_runtask(ic, &sc->cmdq_task);
4998}
4999
5000static void
5001run_updateprot_cb(void *arg)
5002{
5003 struct ieee80211com *ic = arg;
5004 struct run_softc *sc = ic->ic_ifp->if_softc;
5005 uint32_t tmp;
5006
5007 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5008 /* setup protection frame rate (MCS code) */
5009 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5010 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5011 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5012
5013 /* CCK frames don't require protection */
5014 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5015 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5016 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5017 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5018 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5019 tmp |= RT2860_PROT_CTRL_CTS;
5020 }
5021 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5022}
5023
5024static void
5025run_usb_timeout_cb(void *arg)
5026{
5027 struct ieee80211vap *vap = arg;
5028 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
5029
5030 RUN_LOCK_ASSERT(sc, MA_OWNED);
5031
5032 if(vap->iv_state == IEEE80211_S_RUN &&
5033 vap->iv_opmode != IEEE80211_M_STA)
5034 run_reset_livelock(sc);
5035 else if (vap->iv_state == IEEE80211_S_SCAN) {
5036 DPRINTF("timeout caused by scan\n");
5037 /* cancel bgscan */
5038 ieee80211_cancel_scan(vap);
5039 } else
5040 DPRINTF("timeout by unknown cause\n");
5041}
5042
5043static void
5044run_reset_livelock(struct run_softc *sc)
5045{
5046 uint32_t tmp;
5047
5048 RUN_LOCK_ASSERT(sc, MA_OWNED);
5049
5050 /*
5051 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5052 * can run into a livelock and start sending CTS-to-self frames like
5053 * crazy if protection is enabled. Reset MAC/BBP for a while
5054 */
5055 run_read(sc, RT2860_DEBUG, &tmp);
5056 DPRINTFN(3, "debug reg %08x\n", tmp);
5057 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5058 DPRINTF("CTS-to-self livelock detected\n");
5059 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5060 run_delay(sc, 1);
5061 run_write(sc, RT2860_MAC_SYS_CTRL,
5062 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5063 }
5064}
5065
5066static void
5067run_update_promisc_locked(struct ifnet *ifp)
5068{
5069 struct run_softc *sc = ifp->if_softc;
5070 uint32_t tmp;
5071
5072 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5073
5074 tmp |= RT2860_DROP_UC_NOME;
5075 if (ifp->if_flags & IFF_PROMISC)
5076 tmp &= ~RT2860_DROP_UC_NOME;
5077
5078 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5079
5080 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
5081 "entering" : "leaving");
5082}
5083
5084static void
5085run_update_promisc(struct ifnet *ifp)
5086{
5087 struct run_softc *sc = ifp->if_softc;
5088
5089 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
5090 return;
5091
5092 RUN_LOCK(sc);
5093 run_update_promisc_locked(ifp);
5094 RUN_UNLOCK(sc);
5095}
5096
5097static void
5098run_enable_tsf_sync(struct run_softc *sc)
5099{
5100 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5101 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5102 uint32_t tmp;
5103
5104 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id,
5105 ic->ic_opmode);
5106
5107 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5108 tmp &= ~0x1fffff;
5109 tmp |= vap->iv_bss->ni_intval * 16;
5110 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5111
5112 if (ic->ic_opmode == IEEE80211_M_STA) {
5113 /*
5114 * Local TSF is always updated with remote TSF on beacon
5115 * reception.
5116 */
5117 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5118 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5119 tmp |= RT2860_BCN_TX_EN;
5120 /*
5121 * Local TSF is updated with remote TSF on beacon reception
5122 * only if the remote TSF is greater than local TSF.
5123 */
5124 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5125 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5126 ic->ic_opmode == IEEE80211_M_MBSS) {
5127 tmp |= RT2860_BCN_TX_EN;
5128 /* SYNC with nobody */
5129 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5130 } else {
5131 DPRINTF("Enabling TSF failed. undefined opmode\n");
5132 return;
5133 }
5134
5135 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5136}
5137
5138static void
5139run_enable_mrr(struct run_softc *sc)
5140{
5141#define CCK(mcs) (mcs)
5142#define OFDM(mcs) (1 << 3 | (mcs))
5143 run_write(sc, RT2860_LG_FBK_CFG0,
5144 OFDM(6) << 28 | /* 54->48 */
5145 OFDM(5) << 24 | /* 48->36 */
5146 OFDM(4) << 20 | /* 36->24 */
5147 OFDM(3) << 16 | /* 24->18 */
5148 OFDM(2) << 12 | /* 18->12 */
5149 OFDM(1) << 8 | /* 12-> 9 */
5150 OFDM(0) << 4 | /* 9-> 6 */
5151 OFDM(0)); /* 6-> 6 */
5152
5153 run_write(sc, RT2860_LG_FBK_CFG1,
5154 CCK(2) << 12 | /* 11->5.5 */
5155 CCK(1) << 8 | /* 5.5-> 2 */
5156 CCK(0) << 4 | /* 2-> 1 */
5157 CCK(0)); /* 1-> 1 */
5158#undef OFDM
5159#undef CCK
5160}
5161
5162static void
5163run_set_txpreamble(struct run_softc *sc)
5164{
5165 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5166 uint32_t tmp;
5167
5168 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5169 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5170 tmp |= RT2860_CCK_SHORT_EN;
5171 else
5172 tmp &= ~RT2860_CCK_SHORT_EN;
5173 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5174}
5175
5176static void
5177run_set_basicrates(struct run_softc *sc)
5178{
5179 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5180
5181 /* set basic rates mask */
5182 if (ic->ic_curmode == IEEE80211_MODE_11B)
5183 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5184 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5185 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5186 else /* 11g */
5187 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5188}
5189
5190static void
5191run_set_leds(struct run_softc *sc, uint16_t which)
5192{
5193 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5194 which | (sc->leds & 0x7f));
5195}
5196
5197static void
5198run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5199{
5200 run_write(sc, RT2860_MAC_BSSID_DW0,
5201 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5202 run_write(sc, RT2860_MAC_BSSID_DW1,
5203 bssid[4] | bssid[5] << 8);
5204}
5205
5206static void
5207run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5208{
5209 run_write(sc, RT2860_MAC_ADDR_DW0,
5210 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5211 run_write(sc, RT2860_MAC_ADDR_DW1,
5212 addr[4] | addr[5] << 8 | 0xff << 16);
5213}
5214
5215static void
5216run_updateslot(struct ifnet *ifp)
5217{
5218 struct run_softc *sc = ifp->if_softc;
5219 struct ieee80211com *ic = ifp->if_l2com;
5220 uint32_t i;
5221
5222 i = RUN_CMDQ_GET(&sc->cmdq_store);
5223 DPRINTF("cmdq_store=%d\n", i);
5224 sc->cmdq[i].func = run_updateslot_cb;
5225 sc->cmdq[i].arg0 = ifp;
5226 ieee80211_runtask(ic, &sc->cmdq_task);
5227
5228 return;
5229}
5230
5231/* ARGSUSED */
5232static void
5233run_updateslot_cb(void *arg)
5234{
5235 struct ifnet *ifp = arg;
5236 struct run_softc *sc = ifp->if_softc;
5237 struct ieee80211com *ic = ifp->if_l2com;
5238 uint32_t tmp;
5239
5240 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5241 tmp &= ~0xff;
5242 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
5243 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5244}
5245
5246static void
5247run_update_mcast(struct ifnet *ifp)
5248{
5249 /* h/w filter supports getting everything or nothing */
5250 ifp->if_flags |= IFF_ALLMULTI;
5251}
5252
5253static int8_t
5254run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5255{
5256 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5257 struct ieee80211_channel *c = ic->ic_curchan;
5258 int delta;
5259
5260 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5261 u_int chan = ieee80211_chan2ieee(ic, c);
5262 delta = sc->rssi_5ghz[rxchain];
5263
5264 /* determine channel group */
5265 if (chan <= 64)
5266 delta -= sc->lna[1];
5267 else if (chan <= 128)
5268 delta -= sc->lna[2];
5269 else
5270 delta -= sc->lna[3];
5271 } else
5272 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5273
5274 return (-12 - delta - rssi);
5275}
5276
5277static void
5278run_rt5390_bbp_init(struct run_softc *sc)
5279{
5280 int i;
5281 uint8_t bbp;
5282
5283 /* Apply maximum likelihood detection for 2 stream case. */
5284 run_bbp_read(sc, 105, &bbp);
5285 if (sc->nrxchains > 1)
5286 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5287
5288 /* Avoid data lost and CRC error. */
5289 run_bbp_read(sc, 4, &bbp);
5290 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5291
5292 if (sc->mac_ver == 0x5592) {
5293 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5294 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5295 rt5592_def_bbp[i].val);
5296 }
5297 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5298 run_bbp_write(sc, 195, i + 0x80);
5299 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5300 }
5301 } else {
5302 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5303 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5304 rt5390_def_bbp[i].val);
5305 }
5306 }
5307 if (sc->mac_ver == 0x5392) {
5308 run_bbp_write(sc, 88, 0x90);
5309 run_bbp_write(sc, 95, 0x9a);
5310 run_bbp_write(sc, 98, 0x12);
5311 run_bbp_write(sc, 106, 0x12);
5312 run_bbp_write(sc, 134, 0xd0);
5313 run_bbp_write(sc, 135, 0xf6);
5314 run_bbp_write(sc, 148, 0x84);
5315 }
5316
5317 run_bbp_read(sc, 152, &bbp);
5318 run_bbp_write(sc, 152, bbp | 0x80);
5319
5320 /* Fix BBP254 for RT5592C. */
5321 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5322 run_bbp_read(sc, 254, &bbp);
5323 run_bbp_write(sc, 254, bbp | 0x80);
5324 }
5325
5326 /* Disable hardware antenna diversity. */
5327 if (sc->mac_ver == 0x5390)
5328 run_bbp_write(sc, 154, 0);
5329
5330 /* Initialize Rx CCK/OFDM frequency offset report. */
5331 run_bbp_write(sc, 142, 1);
5332 run_bbp_write(sc, 143, 57);
5333}
5334
5335static int
5336run_bbp_init(struct run_softc *sc)
5337{
5338 int i, error, ntries;
5339 uint8_t bbp0;
5340
5341 /* wait for BBP to wake up */
5342 for (ntries = 0; ntries < 20; ntries++) {
5343 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5344 return error;
5345 if (bbp0 != 0 && bbp0 != 0xff)
5346 break;
5347 }
5348 if (ntries == 20)
5349 return (ETIMEDOUT);
5350
5351 /* initialize BBP registers to default values */
5352 if (sc->mac_ver >= 0x5390)
5353 run_rt5390_bbp_init(sc);
5354 else {
5355 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5356 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5357 rt2860_def_bbp[i].val);
5358 }
5359 }
5360
5361 if (sc->mac_ver == 0x3593) {
5362 run_bbp_write(sc, 79, 0x13);
5363 run_bbp_write(sc, 80, 0x05);
5364 run_bbp_write(sc, 81, 0x33);
5365 run_bbp_write(sc, 86, 0x46);
5366 run_bbp_write(sc, 137, 0x0f);
5367 }
5368
5369 /* fix BBP84 for RT2860E */
5370 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5371 run_bbp_write(sc, 84, 0x19);
5372
5373 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5374 sc->mac_ver != 0x5592)) {
5375 run_bbp_write(sc, 79, 0x13);
5376 run_bbp_write(sc, 80, 0x05);
5377 run_bbp_write(sc, 81, 0x33);
5378 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5379 run_bbp_write(sc, 69, 0x16);
5380 run_bbp_write(sc, 73, 0x12);
5381 }
5382 return (0);
5383}
5384
5385static int
5386run_rt3070_rf_init(struct run_softc *sc)
5387{
5388 uint32_t tmp;
5389 uint8_t bbp4, mingain, rf, target;
5390 int i;
5391
5392 run_rt3070_rf_read(sc, 30, &rf);
5393 /* toggle RF R30 bit 7 */
5394 run_rt3070_rf_write(sc, 30, rf | 0x80);
5395 run_delay(sc, 10);
5396 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5397
5398 /* initialize RF registers to default value */
5399 if (sc->mac_ver == 0x3572) {
5400 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5401 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5402 rt3572_def_rf[i].val);
5403 }
5404 } else {
5405 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5406 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5407 rt3070_def_rf[i].val);
5408 }
5409 }
5410
5411 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5412 /*
5413 * Change voltage from 1.2V to 1.35V for RT3070.
5414 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5415 * in RT3070(F).
5416 */
5417 run_read(sc, RT3070_LDO_CFG0, &tmp);
5418 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5419 run_write(sc, RT3070_LDO_CFG0, tmp);
5420
5421 } else if (sc->mac_ver == 0x3071) {
5422 run_rt3070_rf_read(sc, 6, &rf);
5423 run_rt3070_rf_write(sc, 6, rf | 0x40);
5424 run_rt3070_rf_write(sc, 31, 0x14);
5425
5426 run_read(sc, RT3070_LDO_CFG0, &tmp);
5427 tmp &= ~0x1f000000;
5428 if (sc->mac_rev < 0x0211)
5429 tmp |= 0x0d000000; /* 1.3V */
5430 else
5431 tmp |= 0x01000000; /* 1.2V */
5432 run_write(sc, RT3070_LDO_CFG0, tmp);
5433
5434 /* patch LNA_PE_G1 */
5435 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5436 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5437
5438 } else if (sc->mac_ver == 0x3572) {
5439 run_rt3070_rf_read(sc, 6, &rf);
5440 run_rt3070_rf_write(sc, 6, rf | 0x40);
5441
5442 /* increase voltage from 1.2V to 1.35V */
5443 run_read(sc, RT3070_LDO_CFG0, &tmp);
5444 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5445 run_write(sc, RT3070_LDO_CFG0, tmp);
5446
5447 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5448 run_delay(sc, 1); /* wait for 1msec */
5449 /* decrease voltage back to 1.2V */
5450 tmp = (tmp & ~0x1f000000) | 0x01000000;
5451 run_write(sc, RT3070_LDO_CFG0, tmp);
5452 }
5453 }
5454
5455 /* select 20MHz bandwidth */
5456 run_rt3070_rf_read(sc, 31, &rf);
5457 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5458
5459 /* calibrate filter for 20MHz bandwidth */
5460 sc->rf24_20mhz = 0x1f; /* default value */
5461 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5462 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5463
5464 /* select 40MHz bandwidth */
5465 run_bbp_read(sc, 4, &bbp4);
5466 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5467 run_rt3070_rf_read(sc, 31, &rf);
5468 run_rt3070_rf_write(sc, 31, rf | 0x20);
5469
5470 /* calibrate filter for 40MHz bandwidth */
5471 sc->rf24_40mhz = 0x2f; /* default value */
5472 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5473 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5474
5475 /* go back to 20MHz bandwidth */
5476 run_bbp_read(sc, 4, &bbp4);
5477 run_bbp_write(sc, 4, bbp4 & ~0x18);
5478
5479 if (sc->mac_ver == 0x3572) {
5480 /* save default BBP registers 25 and 26 values */
5481 run_bbp_read(sc, 25, &sc->bbp25);
5482 run_bbp_read(sc, 26, &sc->bbp26);
5483 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5484 run_rt3070_rf_write(sc, 27, 0x03);
5485
5486 run_read(sc, RT3070_OPT_14, &tmp);
5487 run_write(sc, RT3070_OPT_14, tmp | 1);
5488
5489 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5490 run_rt3070_rf_read(sc, 17, &rf);
5491 rf &= ~RT3070_TX_LO1;
5492 if ((sc->mac_ver == 0x3070 ||
5493 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5494 !sc->ext_2ghz_lna)
5495 rf |= 0x20; /* fix for long range Rx issue */
5496 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5497 if (sc->txmixgain_2ghz >= mingain)
5498 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5499 run_rt3070_rf_write(sc, 17, rf);
5500 }
5501
5502 if (sc->mac_ver == 0x3071) {
5503 run_rt3070_rf_read(sc, 1, &rf);
5504 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5505 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5506 run_rt3070_rf_write(sc, 1, rf);
5507
5508 run_rt3070_rf_read(sc, 15, &rf);
5509 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5510
5511 run_rt3070_rf_read(sc, 20, &rf);
5512 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5513
5514 run_rt3070_rf_read(sc, 21, &rf);
5515 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5516 }
5517
5518 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5519 /* fix Tx to Rx IQ glitch by raising RF voltage */
5520 run_rt3070_rf_read(sc, 27, &rf);
5521 rf &= ~0x77;
5522 if (sc->mac_rev < 0x0211)
5523 rf |= 0x03;
5524 run_rt3070_rf_write(sc, 27, rf);
5525 }
5526 return (0);
5527}
5528
5529static void
5530run_rt3593_rf_init(struct run_softc *sc)
5531{
5532 uint32_t tmp;
5533 uint8_t rf;
5534 int i;
5535
5536 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5537 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5538 tmp &= ~(1 << 4 | 1 << 7);
5539 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5540
5541 /* Initialize RF registers to default value. */
5542 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5543 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5544 rt3593_def_rf[i].val);
5545 }
5546
5547 /* Toggle RF R2 to initiate calibration. */
5548 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5549
5550 /* Initialize RF frequency offset. */
5551 run_adjust_freq_offset(sc);
5552
5553 run_rt3070_rf_read(sc, 18, &rf);
5554 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5555
5556 /*
5557 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5558 * decrease voltage back to 1.2V.
5559 */
5560 run_read(sc, RT3070_LDO_CFG0, &tmp);
5561 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5562 run_write(sc, RT3070_LDO_CFG0, tmp);
5563 run_delay(sc, 1);
5564 tmp = (tmp & ~0x1f000000) | 0x01000000;
5565 run_write(sc, RT3070_LDO_CFG0, tmp);
5566
5567 sc->rf24_20mhz = 0x1f;
5568 sc->rf24_40mhz = 0x2f;
5569
5570 /* Save default BBP registers 25 and 26 values. */
5571 run_bbp_read(sc, 25, &sc->bbp25);
5572 run_bbp_read(sc, 26, &sc->bbp26);
5573
5574 run_read(sc, RT3070_OPT_14, &tmp);
5575 run_write(sc, RT3070_OPT_14, tmp | 1);
5576}
5577
5578static void
5579run_rt5390_rf_init(struct run_softc *sc)
5580{
5581 uint32_t tmp;
5582 uint8_t rf;
5583 int i;
5584
5585 /* Toggle RF R2 to initiate calibration. */
5586 if (sc->mac_ver == 0x5390) {
5587 run_rt3070_rf_read(sc, 2, &rf);
5588 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5589 run_delay(sc, 10);
5590 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5591 } else {
5592 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5593 run_delay(sc, 10);
5594 }
5595
5596 /* Initialize RF registers to default value. */
5597 if (sc->mac_ver == 0x5592) {
5598 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5599 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5600 rt5592_def_rf[i].val);
5601 }
5602 /* Initialize RF frequency offset. */
5603 run_adjust_freq_offset(sc);
5604 } else if (sc->mac_ver == 0x5392) {
5605 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5606 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5607 rt5392_def_rf[i].val);
5608 }
5609 if (sc->mac_rev >= 0x0223) {
5610 run_rt3070_rf_write(sc, 23, 0x0f);
5611 run_rt3070_rf_write(sc, 24, 0x3e);
5612 run_rt3070_rf_write(sc, 51, 0x32);
5613 run_rt3070_rf_write(sc, 53, 0x22);
5614 run_rt3070_rf_write(sc, 56, 0xc1);
5615 run_rt3070_rf_write(sc, 59, 0x0f);
5616 }
5617 } else {
5618 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5619 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5620 rt5390_def_rf[i].val);
5621 }
5622 if (sc->mac_rev >= 0x0502) {
5623 run_rt3070_rf_write(sc, 6, 0xe0);
5624 run_rt3070_rf_write(sc, 25, 0x80);
5625 run_rt3070_rf_write(sc, 46, 0x73);
5626 run_rt3070_rf_write(sc, 53, 0x00);
5627 run_rt3070_rf_write(sc, 56, 0x42);
5628 run_rt3070_rf_write(sc, 61, 0xd1);
5629 }
5630 }
5631
5632 sc->rf24_20mhz = 0x1f; /* default value */
5633 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5634
5635 if (sc->mac_rev < 0x0211)
5636 run_rt3070_rf_write(sc, 27, 0x3);
5637
5638 run_read(sc, RT3070_OPT_14, &tmp);
5639 run_write(sc, RT3070_OPT_14, tmp | 1);
5640}
5641
5642static int
5643run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5644 uint8_t *val)
5645{
5646 uint8_t rf22, rf24;
5647 uint8_t bbp55_pb, bbp55_sb, delta;
5648 int ntries;
5649
5650 /* program filter */
5651 run_rt3070_rf_read(sc, 24, &rf24);
5652 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5653 run_rt3070_rf_write(sc, 24, rf24);
5654
5655 /* enable baseband loopback mode */
5656 run_rt3070_rf_read(sc, 22, &rf22);
5657 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5658
5659 /* set power and frequency of passband test tone */
5660 run_bbp_write(sc, 24, 0x00);
5661 for (ntries = 0; ntries < 100; ntries++) {
5662 /* transmit test tone */
5663 run_bbp_write(sc, 25, 0x90);
5664 run_delay(sc, 10);
5665 /* read received power */
5666 run_bbp_read(sc, 55, &bbp55_pb);
5667 if (bbp55_pb != 0)
5668 break;
5669 }
5670 if (ntries == 100)
5671 return (ETIMEDOUT);
5672
5673 /* set power and frequency of stopband test tone */
5674 run_bbp_write(sc, 24, 0x06);
5675 for (ntries = 0; ntries < 100; ntries++) {
5676 /* transmit test tone */
5677 run_bbp_write(sc, 25, 0x90);
5678 run_delay(sc, 10);
5679 /* read received power */
5680 run_bbp_read(sc, 55, &bbp55_sb);
5681
5682 delta = bbp55_pb - bbp55_sb;
5683 if (delta > target)
5684 break;
5685
5686 /* reprogram filter */
5687 rf24++;
5688 run_rt3070_rf_write(sc, 24, rf24);
5689 }
5690 if (ntries < 100) {
5691 if (rf24 != init)
5692 rf24--; /* backtrack */
5693 *val = rf24;
5694 run_rt3070_rf_write(sc, 24, rf24);
5695 }
5696
5697 /* restore initial state */
5698 run_bbp_write(sc, 24, 0x00);
5699
5700 /* disable baseband loopback mode */
5701 run_rt3070_rf_read(sc, 22, &rf22);
5702 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5703
5704 return (0);
5705}
5706
5707static void
5708run_rt3070_rf_setup(struct run_softc *sc)
5709{
5710 uint8_t bbp, rf;
5711 int i;
5712
5713 if (sc->mac_ver == 0x3572) {
5714 /* enable DC filter */
5715 if (sc->mac_rev >= 0x0201)
5716 run_bbp_write(sc, 103, 0xc0);
5717
5718 run_bbp_read(sc, 138, &bbp);
5719 if (sc->ntxchains == 1)
5720 bbp |= 0x20; /* turn off DAC1 */
5721 if (sc->nrxchains == 1)
5722 bbp &= ~0x02; /* turn off ADC1 */
5723 run_bbp_write(sc, 138, bbp);
5724
5725 if (sc->mac_rev >= 0x0211) {
5726 /* improve power consumption */
5727 run_bbp_read(sc, 31, &bbp);
5728 run_bbp_write(sc, 31, bbp & ~0x03);
5729 }
5730
5731 run_rt3070_rf_read(sc, 16, &rf);
5732 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5733 run_rt3070_rf_write(sc, 16, rf);
5734
5735 } else if (sc->mac_ver == 0x3071) {
5736 if (sc->mac_rev >= 0x0211) {
5737 /* enable DC filter */
5738 run_bbp_write(sc, 103, 0xc0);
5739
5740 /* improve power consumption */
5741 run_bbp_read(sc, 31, &bbp);
5742 run_bbp_write(sc, 31, bbp & ~0x03);
5743 }
5744
5745 run_bbp_read(sc, 138, &bbp);
5746 if (sc->ntxchains == 1)
5747 bbp |= 0x20; /* turn off DAC1 */
5748 if (sc->nrxchains == 1)
5749 bbp &= ~0x02; /* turn off ADC1 */
5750 run_bbp_write(sc, 138, bbp);
5751
5752 run_write(sc, RT2860_TX_SW_CFG1, 0);
5753 if (sc->mac_rev < 0x0211) {
5754 run_write(sc, RT2860_TX_SW_CFG2,
5755 sc->patch_dac ? 0x2c : 0x0f);
5756 } else
5757 run_write(sc, RT2860_TX_SW_CFG2, 0);
5758
5759 } else if (sc->mac_ver == 0x3070) {
5760 if (sc->mac_rev >= 0x0201) {
5761 /* enable DC filter */
5762 run_bbp_write(sc, 103, 0xc0);
5763
5764 /* improve power consumption */
5765 run_bbp_read(sc, 31, &bbp);
5766 run_bbp_write(sc, 31, bbp & ~0x03);
5767 }
5768
5769 if (sc->mac_rev < 0x0201) {
5770 run_write(sc, RT2860_TX_SW_CFG1, 0);
5771 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5772 } else
5773 run_write(sc, RT2860_TX_SW_CFG2, 0);
5774 }
5775
5776 /* initialize RF registers from ROM for >=RT3071*/
5777 if (sc->mac_ver >= 0x3071) {
5778 for (i = 0; i < 10; i++) {
5779 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5780 continue;
5781 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5782 }
5783 }
5784}
5785
5786static void
5787run_rt3593_rf_setup(struct run_softc *sc)
5788{
5789 uint8_t bbp, rf;
5790
5791 if (sc->mac_rev >= 0x0211) {
5792 /* Enable DC filter. */
5793 run_bbp_write(sc, 103, 0xc0);
5794 }
5795 run_write(sc, RT2860_TX_SW_CFG1, 0);
5796 if (sc->mac_rev < 0x0211) {
5797 run_write(sc, RT2860_TX_SW_CFG2,
5798 sc->patch_dac ? 0x2c : 0x0f);
5799 } else
5800 run_write(sc, RT2860_TX_SW_CFG2, 0);
5801
5802 run_rt3070_rf_read(sc, 50, &rf);
5803 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5804
5805 run_rt3070_rf_read(sc, 51, &rf);
5806 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5807 ((sc->txmixgain_2ghz & 0x07) << 2);
5808 run_rt3070_rf_write(sc, 51, rf);
5809
5810 run_rt3070_rf_read(sc, 38, &rf);
5811 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5812
5813 run_rt3070_rf_read(sc, 39, &rf);
5814 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5815
5816 run_rt3070_rf_read(sc, 1, &rf);
5817 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5818
5819 run_rt3070_rf_read(sc, 30, &rf);
5820 rf = (rf & ~0x18) | 0x10;
5821 run_rt3070_rf_write(sc, 30, rf);
5822
5823 /* Apply maximum likelihood detection for 2 stream case. */
5824 run_bbp_read(sc, 105, &bbp);
5825 if (sc->nrxchains > 1)
5826 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5827
5828 /* Avoid data lost and CRC error. */
5829 run_bbp_read(sc, 4, &bbp);
5830 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5831
5832 run_bbp_write(sc, 92, 0x02);
5833 run_bbp_write(sc, 82, 0x82);
5834 run_bbp_write(sc, 106, 0x05);
5835 run_bbp_write(sc, 104, 0x92);
5836 run_bbp_write(sc, 88, 0x90);
5837 run_bbp_write(sc, 148, 0xc8);
5838 run_bbp_write(sc, 47, 0x48);
5839 run_bbp_write(sc, 120, 0x50);
5840
5841 run_bbp_write(sc, 163, 0x9d);
5842
5843 /* SNR mapping. */
5844 run_bbp_write(sc, 142, 0x06);
5845 run_bbp_write(sc, 143, 0xa0);
5846 run_bbp_write(sc, 142, 0x07);
5847 run_bbp_write(sc, 143, 0xa1);
5848 run_bbp_write(sc, 142, 0x08);
5849 run_bbp_write(sc, 143, 0xa2);
5850
5851 run_bbp_write(sc, 31, 0x08);
5852 run_bbp_write(sc, 68, 0x0b);
5853 run_bbp_write(sc, 105, 0x04);
5854}
5855
5856static void
5857run_rt5390_rf_setup(struct run_softc *sc)
5858{
5859 uint8_t bbp, rf;
5860
5861 if (sc->mac_rev >= 0x0211) {
5862 /* Enable DC filter. */
5863 run_bbp_write(sc, 103, 0xc0);
5864
5865 if (sc->mac_ver != 0x5592) {
5866 /* Improve power consumption. */
5867 run_bbp_read(sc, 31, &bbp);
5868 run_bbp_write(sc, 31, bbp & ~0x03);
5869 }
5870 }
5871
5872 run_bbp_read(sc, 138, &bbp);
5873 if (sc->ntxchains == 1)
5874 bbp |= 0x20; /* turn off DAC1 */
5875 if (sc->nrxchains == 1)
5876 bbp &= ~0x02; /* turn off ADC1 */
5877 run_bbp_write(sc, 138, bbp);
5878
5879 run_rt3070_rf_read(sc, 38, &rf);
5880 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5881
5882 run_rt3070_rf_read(sc, 39, &rf);
5883 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5884
5885 /* Avoid data lost and CRC error. */
5886 run_bbp_read(sc, 4, &bbp);
5887 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5888
5889 run_rt3070_rf_read(sc, 30, &rf);
5890 rf = (rf & ~0x18) | 0x10;
5891 run_rt3070_rf_write(sc, 30, rf);
5892
5893 if (sc->mac_ver != 0x5592) {
5894 run_write(sc, RT2860_TX_SW_CFG1, 0);
5895 if (sc->mac_rev < 0x0211) {
5896 run_write(sc, RT2860_TX_SW_CFG2,
5897 sc->patch_dac ? 0x2c : 0x0f);
5898 } else
5899 run_write(sc, RT2860_TX_SW_CFG2, 0);
5900 }
5901}
5902
5903static int
5904run_txrx_enable(struct run_softc *sc)
5905{
5906 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
5907 uint32_t tmp;
5908 int error, ntries;
5909
5910 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5911 for (ntries = 0; ntries < 200; ntries++) {
5912 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5913 return (error);
5914 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5915 break;
5916 run_delay(sc, 50);
5917 }
5918 if (ntries == 200)
5919 return (ETIMEDOUT);
5920
5921 run_delay(sc, 50);
5922
5923 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5924 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5925
5926 /* enable Rx bulk aggregation (set timeout and limit) */
5927 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5928 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5929 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5930
5931 /* set Rx filter */
5932 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5933 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5934 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5935 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5936 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5937 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5938 if (ic->ic_opmode == IEEE80211_M_STA)
5939 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5940 }
5941 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5942
5943 run_write(sc, RT2860_MAC_SYS_CTRL,
5944 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5945
5946 return (0);
5947}
5948
5949static void
5950run_adjust_freq_offset(struct run_softc *sc)
5951{
5952 uint8_t rf, tmp;
5953
5954 run_rt3070_rf_read(sc, 17, &rf);
5955 tmp = rf;
5956 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5957 rf = MIN(rf, 0x5f);
5958
5959 if (tmp != rf)
5960 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5961}
5962
5963static void
5964run_init_locked(struct run_softc *sc)
5965{
5966 struct ifnet *ifp = sc->sc_ifp;
5967 struct ieee80211com *ic = ifp->if_l2com;
5968 uint32_t tmp;
5969 uint8_t bbp1, bbp3;
5970 int i;
5971 int ridx;
5972 int ntries;
5973
5974 if (ic->ic_nrunning > 1)
5975 return;
5976
5977 run_stop(sc);
5978
5979 if (run_load_microcode(sc) != 0) {
5980 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
5981 goto fail;
5982 }
5983
5984 for (ntries = 0; ntries < 100; ntries++) {
5985 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
5986 goto fail;
5987 if (tmp != 0 && tmp != 0xffffffff)
5988 break;
5989 run_delay(sc, 10);
5990 }
5991 if (ntries == 100)
5992 goto fail;
5993
5994 for (i = 0; i != RUN_EP_QUEUES; i++)
5995 run_setup_tx_list(sc, &sc->sc_epq[i]);
5996
5997 run_set_macaddr(sc, IF_LLADDR(ifp));
5998
5999 for (ntries = 0; ntries < 100; ntries++) {
6000 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6001 goto fail;
6002 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6003 break;
6004 run_delay(sc, 10);
6005 }
6006 if (ntries == 100) {
6007 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6008 goto fail;
6009 }
6010 tmp &= 0xff0;
6011 tmp |= RT2860_TX_WB_DDONE;
6012 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6013
6014 /* turn off PME_OEN to solve high-current issue */
6015 run_read(sc, RT2860_SYS_CTRL, &tmp);
6016 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6017
6018 run_write(sc, RT2860_MAC_SYS_CTRL,
6019 RT2860_BBP_HRST | RT2860_MAC_SRST);
6020 run_write(sc, RT2860_USB_DMA_CFG, 0);
6021
6022 if (run_reset(sc) != 0) {
6023 device_printf(sc->sc_dev, "could not reset chipset\n");
6024 goto fail;
6025 }
6026
6027 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6028
6029 /* init Tx power for all Tx rates (from EEPROM) */
6030 for (ridx = 0; ridx < 5; ridx++) {
6031 if (sc->txpow20mhz[ridx] == 0xffffffff)
6032 continue;
6033 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6034 }
6035
6036 for (i = 0; i < nitems(rt2870_def_mac); i++)
6037 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6038 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6039 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6040 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6041
6042 if (sc->mac_ver >= 0x5390) {
6043 run_write(sc, RT2860_TX_SW_CFG0,
6044 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6045 if (sc->mac_ver >= 0x5392) {
6046 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6047 if (sc->mac_ver == 0x5592) {
6048 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6049 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6050 } else {
6051 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6052 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6053 }
6054 }
6055 } else if (sc->mac_ver == 0x3593) {
6056 run_write(sc, RT2860_TX_SW_CFG0,
6057 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6058 } else if (sc->mac_ver >= 0x3070) {
6059 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6060 run_write(sc, RT2860_TX_SW_CFG0,
6061 4 << RT2860_DLY_PAPE_EN_SHIFT);
6062 }
6063
6064 /* wait while MAC is busy */
6065 for (ntries = 0; ntries < 100; ntries++) {
6066 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6067 goto fail;
6068 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6069 break;
6070 run_delay(sc, 10);
6071 }
6072 if (ntries == 100)
6073 goto fail;
6074
6075 /* clear Host to MCU mailbox */
6076 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6077 run_write(sc, RT2860_H2M_MAILBOX, 0);
6078 run_delay(sc, 10);
6079
6080 if (run_bbp_init(sc) != 0) {
6081 device_printf(sc->sc_dev, "could not initialize BBP\n");
6082 goto fail;
6083 }
6084
6085 /* abort TSF synchronization */
6086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6087 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6088 RT2860_TBTT_TIMER_EN);
6089 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6090
6091 /* clear RX WCID search table */
6092 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6093 /* clear WCID attribute table */
6094 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6095
6096 /* hostapd sets a key before init. So, don't clear it. */
6097 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6098 /* clear shared key table */
6099 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6100 /* clear shared key mode */
6101 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6102 }
6103
6104 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6105 tmp = (tmp & ~0xff) | 0x1e;
6106 run_write(sc, RT2860_US_CYC_CNT, tmp);
6107
6108 if (sc->mac_rev != 0x0101)
6109 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6110
6111 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6112 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6113
6114 /* write vendor-specific BBP values (from EEPROM) */
6115 if (sc->mac_ver < 0x3593) {
6116 for (i = 0; i < 10; i++) {
6117 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6118 continue;
6119 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6120 }
6121 }
6122
6123 /* select Main antenna for 1T1R devices */
6124 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6125 run_set_rx_antenna(sc, 0);
6126
6127 /* send LEDs operating mode to microcontroller */
6128 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6129 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6130 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6131
6132 if (sc->mac_ver >= 0x5390)
6133 run_rt5390_rf_init(sc);
6134 else if (sc->mac_ver == 0x3593)
6135 run_rt3593_rf_init(sc);
6136 else if (sc->mac_ver >= 0x3070)
6137 run_rt3070_rf_init(sc);
6138
6139 /* disable non-existing Rx chains */
6140 run_bbp_read(sc, 3, &bbp3);
6141 bbp3 &= ~(1 << 3 | 1 << 4);
6142 if (sc->nrxchains == 2)
6143 bbp3 |= 1 << 3;
6144 else if (sc->nrxchains == 3)
6145 bbp3 |= 1 << 4;
6146 run_bbp_write(sc, 3, bbp3);
6147
6148 /* disable non-existing Tx chains */
6149 run_bbp_read(sc, 1, &bbp1);
6150 if (sc->ntxchains == 1)
6151 bbp1 &= ~(1 << 3 | 1 << 4);
6152 run_bbp_write(sc, 1, bbp1);
6153
6154 if (sc->mac_ver >= 0x5390)
6155 run_rt5390_rf_setup(sc);
6156 else if (sc->mac_ver == 0x3593)
6157 run_rt3593_rf_setup(sc);
6158 else if (sc->mac_ver >= 0x3070)
6159 run_rt3070_rf_setup(sc);
6160
6161 /* select default channel */
6162 run_set_chan(sc, ic->ic_curchan);
6163
6164 /* setup initial protection mode */
6165 run_updateprot_cb(ic);
6166
6167 /* turn radio LED on */
6168 run_set_leds(sc, RT2860_LED_RADIO);
6169
6170 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
6171 ifp->if_drv_flags |= IFF_DRV_RUNNING;
6172 sc->cmdq_run = RUN_CMDQ_GO;
6173
6174 for (i = 0; i != RUN_N_XFER; i++)
6175 usbd_xfer_set_stall(sc->sc_xfer[i]);
6176
6177 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6178
6179 if (run_txrx_enable(sc) != 0)
6180 goto fail;
6181
6182 return;
6183
6184fail:
6185 run_stop(sc);
6186}
6187
6188static void
6189run_init(void *arg)
6190{
6191 struct run_softc *sc = arg;
6192 struct ifnet *ifp = sc->sc_ifp;
6193 struct ieee80211com *ic = ifp->if_l2com;
6194
6195 RUN_LOCK(sc);
6196 run_init_locked(sc);
6197 RUN_UNLOCK(sc);
6198
6199 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6200 ieee80211_start_all(ic);
6201}
6202
6203static void
6204run_stop(void *arg)
6205{
6206 struct run_softc *sc = (struct run_softc *)arg;
6207 struct ifnet *ifp = sc->sc_ifp;
6208 uint32_t tmp;
6209 int i;
6210 int ntries;
6211
6212 RUN_LOCK_ASSERT(sc, MA_OWNED);
6213
6214 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
6215 run_set_leds(sc, 0); /* turn all LEDs off */
6216
6217 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
6218
6219 sc->ratectl_run = RUN_RATECTL_OFF;
6220 sc->cmdq_run = sc->cmdq_key_set;
6221
6222 RUN_UNLOCK(sc);
6223
6224 for(i = 0; i < RUN_N_XFER; i++)
6225 usbd_transfer_drain(sc->sc_xfer[i]);
6226
6227 RUN_LOCK(sc);
6228
6229 if (sc->rx_m != NULL) {
6230 m_free(sc->rx_m);
6231 sc->rx_m = NULL;
6232 }
6233
6234 /* Disable Tx/Rx DMA. */
6235 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6236 return;
6237 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6238 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6239
6240 for (ntries = 0; ntries < 100; ntries++) {
6241 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6242 return;
6243 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6244 break;
6245 run_delay(sc, 10);
6246 }
6247 if (ntries == 100) {
6248 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6249 return;
6250 }
6251
6252 /* disable Tx/Rx */
6253 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6254 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6255 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6256
6257 /* wait for pending Tx to complete */
6258 for (ntries = 0; ntries < 100; ntries++) {
6259 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6260 DPRINTF("Cannot read Tx queue count\n");
6261 break;
6262 }
6263 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6264 DPRINTF("All Tx cleared\n");
6265 break;
6266 }
6267 run_delay(sc, 10);
6268 }
6269 if (ntries >= 100)
6270 DPRINTF("There are still pending Tx\n");
6271 run_delay(sc, 10);
6272 run_write(sc, RT2860_USB_DMA_CFG, 0);
6273
6274 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6275 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6276
6277 for (i = 0; i != RUN_EP_QUEUES; i++)
6278 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6279}
6280
6281static void
6282run_delay(struct run_softc *sc, u_int ms)
6283{
6284 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6285 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6286}
6287
6288static device_method_t run_methods[] = {
6289 /* Device interface */
6290 DEVMETHOD(device_probe, run_match),
6291 DEVMETHOD(device_attach, run_attach),
6292 DEVMETHOD(device_detach, run_detach),
6293 DEVMETHOD_END
6294};
6295
6296static driver_t run_driver = {
6297 .name = "run",
6298 .methods = run_methods,
6299 .size = sizeof(struct run_softc)
6300};
6301
6302static devclass_t run_devclass;
6303
6304DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6305MODULE_DEPEND(run, wlan, 1, 1, 1);
6306MODULE_DEPEND(run, usb, 1, 1, 1);
6307MODULE_DEPEND(run, firmware, 1, 1, 1);
6308MODULE_VERSION(run, 1);
|