1/*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD$"); 22 23/*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28#include <sys/param.h> 29#include <sys/sockio.h> 30#include <sys/sysctl.h> 31#include <sys/lock.h> 32#include <sys/mutex.h> 33#include <sys/mbuf.h> 34#include <sys/kernel.h> 35#include <sys/socket.h> 36#include <sys/systm.h> 37#include <sys/malloc.h> 38#include <sys/module.h> 39#include <sys/bus.h> 40#include <sys/endian.h> 41#include <sys/linker.h> 42#include <sys/firmware.h> 43#include <sys/kdb.h> 44 45#include <machine/bus.h> 46#include <machine/resource.h> 47#include <sys/rman.h> 48 49#include <net/bpf.h> 50#include <net/if.h> 51#include <net/if_arp.h> 52#include <net/ethernet.h> 53#include <net/if_dl.h> 54#include <net/if_media.h> 55#include <net/if_types.h> 56 57#include <netinet/in.h> 58#include <netinet/in_systm.h> 59#include <netinet/in_var.h> 60#include <netinet/if_ether.h> 61#include <netinet/ip.h> 62 63#include <net80211/ieee80211_var.h> 64#include <net80211/ieee80211_regdomain.h> 65#include <net80211/ieee80211_radiotap.h> 66#include <net80211/ieee80211_ratectl.h> 67 68#include <dev/usb/usb.h> 69#include <dev/usb/usbdi.h> 70#include "usbdevs.h" 71 72#define USB_DEBUG_VAR run_debug 73#include <dev/usb/usb_debug.h> 74#include <dev/usb/usb_msctest.h> 75 76#include <dev/usb/wlan/if_runreg.h> 77#include <dev/usb/wlan/if_runvar.h> 78 79#ifdef USB_DEBUG 80#define RUN_DEBUG 81#endif 82 83#ifdef RUN_DEBUG 84int run_debug = 0; 85static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 87 "run debug level"); 88#endif 89 90#define IEEE80211_HAS_ADDR4(wh) \ 91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 92 93/* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99static const STRUCT_USB_HOST_ID run_devs[] = { 100#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101#define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103#define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, RT2870_1), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCGNM2), 235 RUN_DEV(MOTOROLA4, RT2770), 236 RUN_DEV(MOTOROLA4, RT3070), 237 RUN_DEV(MSI, RT3070_1), 238 RUN_DEV(MSI, RT3070_2), 239 RUN_DEV(MSI, RT3070_3), 240 RUN_DEV(MSI, RT3070_4), 241 RUN_DEV(MSI, RT3070_5), 242 RUN_DEV(MSI, RT3070_6), 243 RUN_DEV(MSI, RT3070_7), 244 RUN_DEV(MSI, RT3070_8), 245 RUN_DEV(MSI, RT3070_9), 246 RUN_DEV(MSI, RT3070_10), 247 RUN_DEV(MSI, RT3070_11), 248 RUN_DEV(OVISLINK, RT3072), 249 RUN_DEV(PARA, RT3070), 250 RUN_DEV(PEGATRON, RT2870), 251 RUN_DEV(PEGATRON, RT3070), 252 RUN_DEV(PEGATRON, RT3070_2), 253 RUN_DEV(PEGATRON, RT3070_3), 254 RUN_DEV(PHILIPS, RT2870), 255 RUN_DEV(PLANEX2, GWUS300MINIS), 256 RUN_DEV(PLANEX2, GWUSMICRON), 257 RUN_DEV(PLANEX2, RT2870), 258 RUN_DEV(PLANEX2, RT3070), 259 RUN_DEV(QCOM, RT2870), 260 RUN_DEV(QUANTA, RT3070), 261 RUN_DEV(RALINK, RT2070), 262 RUN_DEV(RALINK, RT2770), 263 RUN_DEV(RALINK, RT2870), 264 RUN_DEV(RALINK, RT3070), 265 RUN_DEV(RALINK, RT3071), 266 RUN_DEV(RALINK, RT3072), 267 RUN_DEV(RALINK, RT3370), 268 RUN_DEV(RALINK, RT3572), 269 RUN_DEV(RALINK, RT3573), 270 RUN_DEV(RALINK, RT5370), 271 RUN_DEV(RALINK, RT5572), 272 RUN_DEV(RALINK, RT8070), 273 RUN_DEV(SAMSUNG, WIS09ABGN), 274 RUN_DEV(SAMSUNG2, RT2870_1), 275 RUN_DEV(SENAO, RT2870_1), 276 RUN_DEV(SENAO, RT2870_2), 277 RUN_DEV(SENAO, RT2870_3), 278 RUN_DEV(SENAO, RT2870_4), 279 RUN_DEV(SENAO, RT3070), 280 RUN_DEV(SENAO, RT3071), 281 RUN_DEV(SENAO, RT3072_1), 282 RUN_DEV(SENAO, RT3072_2), 283 RUN_DEV(SENAO, RT3072_3), 284 RUN_DEV(SENAO, RT3072_4), 285 RUN_DEV(SENAO, RT3072_5), 286 RUN_DEV(SITECOMEU, RT2770), 287 RUN_DEV(SITECOMEU, RT2870_1), 288 RUN_DEV(SITECOMEU, RT2870_2), 289 RUN_DEV(SITECOMEU, RT2870_3), 290 RUN_DEV(SITECOMEU, RT2870_4), 291 RUN_DEV(SITECOMEU, RT3070), 292 RUN_DEV(SITECOMEU, RT3070_2), 293 RUN_DEV(SITECOMEU, RT3070_3), 294 RUN_DEV(SITECOMEU, RT3070_4), 295 RUN_DEV(SITECOMEU, RT3071), 296 RUN_DEV(SITECOMEU, RT3072_1), 297 RUN_DEV(SITECOMEU, RT3072_2), 298 RUN_DEV(SITECOMEU, RT3072_3), 299 RUN_DEV(SITECOMEU, RT3072_4), 300 RUN_DEV(SITECOMEU, RT3072_5), 301 RUN_DEV(SITECOMEU, RT3072_6), 302 RUN_DEV(SITECOMEU, WL608), 303 RUN_DEV(SPARKLAN, RT2870_1), 304 RUN_DEV(SPARKLAN, RT3070), 305 RUN_DEV(SWEEX2, LW153), 306 RUN_DEV(SWEEX2, LW303), 307 RUN_DEV(SWEEX2, LW313), 308 RUN_DEV(TOSHIBA, RT3070), 309 RUN_DEV(UMEDIA, RT2870_1), 310 RUN_DEV(ZCOM, RT2870_1), 311 RUN_DEV(ZCOM, RT2870_2), 312 RUN_DEV(ZINWELL, RT2870_1), 313 RUN_DEV(ZINWELL, RT2870_2), 314 RUN_DEV(ZINWELL, RT3070), 315 RUN_DEV(ZINWELL, RT3072_1), 316 RUN_DEV(ZINWELL, RT3072_2), 317 RUN_DEV(ZYXEL, RT2870_1), 318 RUN_DEV(ZYXEL, RT2870_2), 319 RUN_DEV_EJECT(ZYXEL, NWD2705), 320 RUN_DEV_EJECT(RALINK, RT_STOR), 321#undef RUN_DEV_EJECT 322#undef RUN_DEV 323}; 324 325static device_probe_t run_match; 326static device_attach_t run_attach; 327static device_detach_t run_detach; 328 329static usb_callback_t run_bulk_rx_callback; 330static usb_callback_t run_bulk_tx_callback0; 331static usb_callback_t run_bulk_tx_callback1; 332static usb_callback_t run_bulk_tx_callback2; 333static usb_callback_t run_bulk_tx_callback3; 334static usb_callback_t run_bulk_tx_callback4; 335static usb_callback_t run_bulk_tx_callback5; 336 337static void run_autoinst(void *, struct usb_device *, 338 struct usb_attach_arg *); 339static int run_driver_loaded(struct module *, int, void *); 340static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 341 usb_error_t error, u_int index); 342static struct ieee80211vap *run_vap_create(struct ieee80211com *, 343 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 344 const uint8_t [IEEE80211_ADDR_LEN], 345 const uint8_t [IEEE80211_ADDR_LEN]); 346static void run_vap_delete(struct ieee80211vap *); 347static void run_cmdq_cb(void *, int); 348static void run_setup_tx_list(struct run_softc *, 349 struct run_endpoint_queue *); 350static void run_unsetup_tx_list(struct run_softc *, 351 struct run_endpoint_queue *); 352static int run_load_microcode(struct run_softc *); 353static int run_reset(struct run_softc *); 354static usb_error_t run_do_request(struct run_softc *, 355 struct usb_device_request *, void *); 356static int run_read(struct run_softc *, uint16_t, uint32_t *); 357static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 358static int run_write_2(struct run_softc *, uint16_t, uint16_t); 359static int run_write(struct run_softc *, uint16_t, uint32_t); 360static int run_write_region_1(struct run_softc *, uint16_t, 361 const uint8_t *, int); 362static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 363static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 364static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 365static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 366static int run_rt2870_rf_write(struct run_softc *, uint32_t); 367static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 368static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 369static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 370static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 371static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 372static const char *run_get_rf(uint16_t); 373static void run_rt3593_get_txpower(struct run_softc *); 374static void run_get_txpower(struct run_softc *); 375static int run_read_eeprom(struct run_softc *); 376static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 377 const uint8_t mac[IEEE80211_ADDR_LEN]); 378static int run_media_change(struct ifnet *); 379static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 380static int run_wme_update(struct ieee80211com *); 381static void run_wme_update_cb(void *); 382static void run_key_update_begin(struct ieee80211vap *); 383static void run_key_update_end(struct ieee80211vap *); 384static void run_key_set_cb(void *); 385static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 386 const uint8_t mac[IEEE80211_ADDR_LEN]); 387static void run_key_delete_cb(void *); 388static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 389static void run_ratectl_to(void *); 390static void run_ratectl_cb(void *, int); 391static void run_drain_fifo(void *); 392static void run_iter_func(void *, struct ieee80211_node *); 393static void run_newassoc_cb(void *); 394static void run_newassoc(struct ieee80211_node *, int); 395static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 396static void run_tx_free(struct run_endpoint_queue *pq, 397 struct run_tx_data *, int); 398static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 399static int run_tx(struct run_softc *, struct mbuf *, 400 struct ieee80211_node *); 401static int run_tx_mgt(struct run_softc *, struct mbuf *, 402 struct ieee80211_node *); 403static int run_sendprot(struct run_softc *, const struct mbuf *, 404 struct ieee80211_node *, int, int); 405static int run_tx_param(struct run_softc *, struct mbuf *, 406 struct ieee80211_node *, 407 const struct ieee80211_bpf_params *); 408static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 409 const struct ieee80211_bpf_params *); 410static void run_start(struct ifnet *); 411static int run_ioctl(struct ifnet *, u_long, caddr_t); 412static void run_iq_calib(struct run_softc *, u_int); 413static void run_set_agc(struct run_softc *, uint8_t); 414static void run_select_chan_group(struct run_softc *, int); 415static void run_set_rx_antenna(struct run_softc *, int); 416static void run_rt2870_set_chan(struct run_softc *, u_int); 417static void run_rt3070_set_chan(struct run_softc *, u_int); 418static void run_rt3572_set_chan(struct run_softc *, u_int); 419static void run_rt3593_set_chan(struct run_softc *, u_int); 420static void run_rt5390_set_chan(struct run_softc *, u_int); 421static void run_rt5592_set_chan(struct run_softc *, u_int); 422static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 423static void run_set_channel(struct ieee80211com *); 424static void run_scan_start(struct ieee80211com *); 425static void run_scan_end(struct ieee80211com *); 426static void run_update_beacon(struct ieee80211vap *, int); 427static void run_update_beacon_cb(void *); 428static void run_updateprot(struct ieee80211com *); 429static void run_updateprot_cb(void *); 430static void run_usb_timeout_cb(void *); 431static void run_reset_livelock(struct run_softc *); 432static void run_enable_tsf_sync(struct run_softc *); 433static void run_enable_mrr(struct run_softc *); 434static void run_set_txpreamble(struct run_softc *); 435static void run_set_basicrates(struct run_softc *); 436static void run_set_leds(struct run_softc *, uint16_t); 437static void run_set_bssid(struct run_softc *, const uint8_t *); 438static void run_set_macaddr(struct run_softc *, const uint8_t *); 439static void run_updateslot(struct ifnet *); 440static void run_updateslot_cb(void *); 441static void run_update_mcast(struct ifnet *); 442static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 443static void run_update_promisc_locked(struct ifnet *); 444static void run_update_promisc(struct ifnet *); 445static void run_rt5390_bbp_init(struct run_softc *); 446static int run_bbp_init(struct run_softc *); 447static int run_rt3070_rf_init(struct run_softc *); 448static void run_rt3593_rf_init(struct run_softc *); 449static void run_rt5390_rf_init(struct run_softc *); 450static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 451 uint8_t *); 452static void run_rt3070_rf_setup(struct run_softc *); 453static void run_rt3593_rf_setup(struct run_softc *); 454static void run_rt5390_rf_setup(struct run_softc *); 455static int run_txrx_enable(struct run_softc *); 456static void run_adjust_freq_offset(struct run_softc *); 457static void run_init(void *); 458static void run_init_locked(struct run_softc *); 459static void run_stop(void *); 460static void run_delay(struct run_softc *, u_int); 461 462static eventhandler_tag run_etag; 463 464static const struct rt2860_rate { 465 uint8_t rate; 466 uint8_t mcs; 467 enum ieee80211_phytype phy; 468 uint8_t ctl_ridx; 469 uint16_t sp_ack_dur; 470 uint16_t lp_ack_dur; 471} rt2860_rates[] = { 472 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 473 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 474 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 475 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 476 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 477 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 478 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 479 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 480 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 481 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 482 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 483 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 484}; 485 486static const struct { 487 uint16_t reg; 488 uint32_t val; 489} rt2870_def_mac[] = { 490 RT2870_DEF_MAC 491}; 492 493static const struct { 494 uint8_t reg; 495 uint8_t val; 496} rt2860_def_bbp[] = { 497 RT2860_DEF_BBP 498},rt5390_def_bbp[] = { 499 RT5390_DEF_BBP 500},rt5592_def_bbp[] = { 501 RT5592_DEF_BBP 502}; 503 504/* 505 * Default values for BBP register R196 for RT5592. 506 */ 507static const uint8_t rt5592_bbp_r196[] = { 508 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 509 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 510 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 511 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 512 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 513 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 514 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 515 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 516 0x2e, 0x36, 0x30, 0x6e 517}; 518 519static const struct rfprog { 520 uint8_t chan; 521 uint32_t r1, r2, r3, r4; 522} rt2860_rf2850[] = { 523 RT2860_RF2850 524}; 525 526struct { 527 uint8_t n, r, k; 528} rt3070_freqs[] = { 529 RT3070_RF3052 530}; 531 532static const struct rt5592_freqs { 533 uint16_t n; 534 uint8_t k, m, r; 535} rt5592_freqs_20mhz[] = { 536 RT5592_RF5592_20MHZ 537},rt5592_freqs_40mhz[] = { 538 RT5592_RF5592_40MHZ 539}; 540 541static const struct { 542 uint8_t reg; 543 uint8_t val; 544} rt3070_def_rf[] = { 545 RT3070_DEF_RF 546},rt3572_def_rf[] = { 547 RT3572_DEF_RF 548},rt3593_def_rf[] = { 549 RT3593_DEF_RF 550},rt5390_def_rf[] = { 551 RT5390_DEF_RF 552},rt5392_def_rf[] = { 553 RT5392_DEF_RF 554},rt5592_def_rf[] = { 555 RT5592_DEF_RF 556},rt5592_2ghz_def_rf[] = { 557 RT5592_2GHZ_DEF_RF 558},rt5592_5ghz_def_rf[] = { 559 RT5592_5GHZ_DEF_RF 560}; 561 562static const struct { 563 u_int firstchan; 564 u_int lastchan; 565 uint8_t reg; 566 uint8_t val; 567} rt5592_chan_5ghz[] = { 568 RT5592_CHAN_5GHZ 569}; 570 571static const struct usb_config run_config[RUN_N_XFER] = { 572 [RUN_BULK_TX_BE] = { 573 .type = UE_BULK, 574 .endpoint = UE_ADDR_ANY, 575 .ep_index = 0, 576 .direction = UE_DIR_OUT, 577 .bufsize = RUN_MAX_TXSZ, 578 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 579 .callback = run_bulk_tx_callback0, 580 .timeout = 5000, /* ms */ 581 }, 582 [RUN_BULK_TX_BK] = { 583 .type = UE_BULK, 584 .endpoint = UE_ADDR_ANY, 585 .direction = UE_DIR_OUT, 586 .ep_index = 1, 587 .bufsize = RUN_MAX_TXSZ, 588 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 589 .callback = run_bulk_tx_callback1, 590 .timeout = 5000, /* ms */ 591 }, 592 [RUN_BULK_TX_VI] = { 593 .type = UE_BULK, 594 .endpoint = UE_ADDR_ANY, 595 .direction = UE_DIR_OUT, 596 .ep_index = 2, 597 .bufsize = RUN_MAX_TXSZ, 598 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 599 .callback = run_bulk_tx_callback2, 600 .timeout = 5000, /* ms */ 601 }, 602 [RUN_BULK_TX_VO] = { 603 .type = UE_BULK, 604 .endpoint = UE_ADDR_ANY, 605 .direction = UE_DIR_OUT, 606 .ep_index = 3, 607 .bufsize = RUN_MAX_TXSZ, 608 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 609 .callback = run_bulk_tx_callback3, 610 .timeout = 5000, /* ms */ 611 }, 612 [RUN_BULK_TX_HCCA] = { 613 .type = UE_BULK, 614 .endpoint = UE_ADDR_ANY, 615 .direction = UE_DIR_OUT, 616 .ep_index = 4, 617 .bufsize = RUN_MAX_TXSZ, 618 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 619 .callback = run_bulk_tx_callback4, 620 .timeout = 5000, /* ms */ 621 }, 622 [RUN_BULK_TX_PRIO] = { 623 .type = UE_BULK, 624 .endpoint = UE_ADDR_ANY, 625 .direction = UE_DIR_OUT, 626 .ep_index = 5, 627 .bufsize = RUN_MAX_TXSZ, 628 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 629 .callback = run_bulk_tx_callback5, 630 .timeout = 5000, /* ms */ 631 }, 632 [RUN_BULK_RX] = { 633 .type = UE_BULK, 634 .endpoint = UE_ADDR_ANY, 635 .direction = UE_DIR_IN, 636 .bufsize = RUN_MAX_RXSZ, 637 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 638 .callback = run_bulk_rx_callback, 639 } 640}; 641 642static void 643run_autoinst(void *arg, struct usb_device *udev, 644 struct usb_attach_arg *uaa) 645{ 646 struct usb_interface *iface; 647 struct usb_interface_descriptor *id; 648 649 if (uaa->dev_state != UAA_DEV_READY) 650 return; 651 652 iface = usbd_get_iface(udev, 0); 653 if (iface == NULL) 654 return; 655 id = iface->idesc; 656 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 657 return; 658 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 659 return; 660 661 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 662 uaa->dev_state = UAA_DEV_EJECTING; 663} 664 665static int 666run_driver_loaded(struct module *mod, int what, void *arg) 667{ 668 switch (what) { 669 case MOD_LOAD: 670 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 671 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 672 break; 673 case MOD_UNLOAD: 674 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 675 break; 676 default: 677 return (EOPNOTSUPP); 678 } 679 return (0); 680} 681 682static int 683run_match(device_t self) 684{ 685 struct usb_attach_arg *uaa = device_get_ivars(self); 686 687 if (uaa->usb_mode != USB_MODE_HOST) 688 return (ENXIO); 689 if (uaa->info.bConfigIndex != 0) 690 return (ENXIO); 691 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 692 return (ENXIO); 693 694 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 695} 696 697static int 698run_attach(device_t self) 699{ 700 struct run_softc *sc = device_get_softc(self); 701 struct usb_attach_arg *uaa = device_get_ivars(self); 702 struct ieee80211com *ic; 703 struct ifnet *ifp; 704 uint32_t ver; 705 int ntries, error; 706 uint8_t iface_index, bands; 707 708 device_set_usb_desc(self); 709 sc->sc_udev = uaa->device; 710 sc->sc_dev = self; 711 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 712 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 713 714 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 715 MTX_NETWORK_LOCK, MTX_DEF); 716 717 iface_index = RT2860_IFACE_INDEX; 718 719 error = usbd_transfer_setup(uaa->device, &iface_index, 720 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 721 if (error) { 722 device_printf(self, "could not allocate USB transfers, " 723 "err=%s\n", usbd_errstr(error)); 724 goto detach; 725 } 726 727 RUN_LOCK(sc); 728 729 /* wait for the chip to settle */ 730 for (ntries = 0; ntries < 100; ntries++) { 731 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 732 RUN_UNLOCK(sc); 733 goto detach; 734 } 735 if (ver != 0 && ver != 0xffffffff) 736 break; 737 run_delay(sc, 10); 738 } 739 if (ntries == 100) { 740 device_printf(sc->sc_dev, 741 "timeout waiting for NIC to initialize\n"); 742 RUN_UNLOCK(sc); 743 goto detach; 744 } 745 sc->mac_ver = ver >> 16; 746 sc->mac_rev = ver & 0xffff; 747 748 /* retrieve RF rev. no and various other things from EEPROM */ 749 run_read_eeprom(sc); 750 751 device_printf(sc->sc_dev, 752 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 753 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 754 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 755 756 RUN_UNLOCK(sc); 757 758 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 759 if (ifp == NULL) { 760 device_printf(sc->sc_dev, "can not if_alloc()\n"); 761 goto detach; 762 } 763 ic = ifp->if_l2com; 764 765 ifp->if_softc = sc; 766 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 767 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 768 ifp->if_init = run_init; 769 ifp->if_ioctl = run_ioctl; 770 ifp->if_start = run_start; 771 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 772 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 773 IFQ_SET_READY(&ifp->if_snd); 774 775 ic->ic_ifp = ifp; 776 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 777 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 778 779 /* set device capabilities */ 780 ic->ic_caps = 781 IEEE80211_C_STA | /* station mode supported */ 782 IEEE80211_C_MONITOR | /* monitor mode supported */ 783 IEEE80211_C_IBSS | 784 IEEE80211_C_HOSTAP | 785 IEEE80211_C_WDS | /* 4-address traffic works */ 786 IEEE80211_C_MBSS | 787 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 788 IEEE80211_C_SHSLOT | /* short slot time supported */ 789 IEEE80211_C_WME | /* WME */ 790 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 791 792 ic->ic_cryptocaps = 793 IEEE80211_CRYPTO_WEP | 794 IEEE80211_CRYPTO_AES_CCM | 795 IEEE80211_CRYPTO_TKIPMIC | 796 IEEE80211_CRYPTO_TKIP; 797 798 ic->ic_flags |= IEEE80211_F_DATAPAD; 799 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 800 801 bands = 0; 802 setbit(&bands, IEEE80211_MODE_11B); 803 setbit(&bands, IEEE80211_MODE_11G); 804 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 805 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 806 sc->rf_rev == RT5592_RF_5592) 807 setbit(&bands, IEEE80211_MODE_11A); 808 ieee80211_init_channels(ic, NULL, &bands); 809 810 ieee80211_ifattach(ic, sc->sc_bssid); 811 812 ic->ic_scan_start = run_scan_start; 813 ic->ic_scan_end = run_scan_end; 814 ic->ic_set_channel = run_set_channel; 815 ic->ic_node_alloc = run_node_alloc; 816 ic->ic_newassoc = run_newassoc; 817 ic->ic_updateslot = run_updateslot; 818 ic->ic_update_mcast = run_update_mcast; 819 ic->ic_wme.wme_update = run_wme_update; 820 ic->ic_raw_xmit = run_raw_xmit; 821 ic->ic_update_promisc = run_update_promisc; 822 823 ic->ic_vap_create = run_vap_create; 824 ic->ic_vap_delete = run_vap_delete; 825 826 ieee80211_radiotap_attach(ic, 827 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 828 RUN_TX_RADIOTAP_PRESENT, 829 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 830 RUN_RX_RADIOTAP_PRESENT); 831 832 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 833 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 834 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 835 836 if (bootverbose) 837 ieee80211_announce(ic); 838 839 return (0); 840 841detach: 842 run_detach(self); 843 return (ENXIO); 844} 845 846static int 847run_detach(device_t self) 848{ 849 struct run_softc *sc = device_get_softc(self); 850 struct ifnet *ifp = sc->sc_ifp; 851 struct ieee80211com *ic; 852 int i; 853 854 RUN_LOCK(sc); 855 sc->sc_detached = 1; 856 RUN_UNLOCK(sc); 857 858 /* stop all USB transfers */ 859 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 860 861 RUN_LOCK(sc); 862 sc->ratectl_run = RUN_RATECTL_OFF; 863 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 864 865 /* free TX list, if any */ 866 for (i = 0; i != RUN_EP_QUEUES; i++) 867 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 868 RUN_UNLOCK(sc); 869 870 if (ifp) { 871 ic = ifp->if_l2com; 872 /* drain tasks */ 873 usb_callout_drain(&sc->ratectl_ch); 874 ieee80211_draintask(ic, &sc->cmdq_task); 875 ieee80211_draintask(ic, &sc->ratectl_task); 876 ieee80211_ifdetach(ic); 877 if_free(ifp); 878 } 879 880 mtx_destroy(&sc->sc_mtx); 881 882 return (0); 883} 884 885static struct ieee80211vap * 886run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 887 enum ieee80211_opmode opmode, int flags, 888 const uint8_t bssid[IEEE80211_ADDR_LEN], 889 const uint8_t mac[IEEE80211_ADDR_LEN]) 890{ 891 struct ifnet *ifp = ic->ic_ifp; 892 struct run_softc *sc = ifp->if_softc; 893 struct run_vap *rvp; 894 struct ieee80211vap *vap; 895 int i; 896 897 if (sc->rvp_cnt >= RUN_VAP_MAX) { 898 if_printf(ifp, "number of VAPs maxed out\n"); 899 return (NULL); 900 } 901 902 switch (opmode) { 903 case IEEE80211_M_STA: 904 /* enable s/w bmiss handling for sta mode */ 905 flags |= IEEE80211_CLONE_NOBEACONS; 906 /* fall though */ 907 case IEEE80211_M_IBSS: 908 case IEEE80211_M_MONITOR: 909 case IEEE80211_M_HOSTAP: 910 case IEEE80211_M_MBSS: 911 /* other than WDS vaps, only one at a time */ 912 if (!TAILQ_EMPTY(&ic->ic_vaps)) 913 return (NULL); 914 break; 915 case IEEE80211_M_WDS: 916 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 917 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 918 continue; 919 /* WDS vap's always share the local mac address. */ 920 flags &= ~IEEE80211_CLONE_BSSID; 921 break; 922 } 923 if (vap == NULL) { 924 if_printf(ifp, "wds only supported in ap mode\n"); 925 return (NULL); 926 } 927 break; 928 default: 929 if_printf(ifp, "unknown opmode %d\n", opmode); 930 return (NULL); 931 } 932 933 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 934 M_80211_VAP, M_NOWAIT | M_ZERO); 935 if (rvp == NULL) 936 return (NULL); 937 vap = &rvp->vap; 938 939 if (ieee80211_vap_setup(ic, vap, name, unit, 940 opmode, flags, bssid, mac) != 0) { 941 /* out of memory */ 942 free(rvp, M_80211_VAP); 943 return (NULL); 944 } 945 946 vap->iv_key_update_begin = run_key_update_begin; 947 vap->iv_key_update_end = run_key_update_end; 948 vap->iv_update_beacon = run_update_beacon; 949 vap->iv_max_aid = RT2870_WCID_MAX; 950 /* 951 * To delete the right key from h/w, we need wcid. 952 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 953 * and matching wcid will be written into there. So, cast 954 * some spells to remove 'const' from ieee80211_key{} 955 */ 956 vap->iv_key_delete = (void *)run_key_delete; 957 vap->iv_key_set = (void *)run_key_set; 958 959 /* override state transition machine */ 960 rvp->newstate = vap->iv_newstate; 961 vap->iv_newstate = run_newstate; 962 963 ieee80211_ratectl_init(vap); 964 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 965 966 /* complete setup */ 967 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 968 969 /* make sure id is always unique */ 970 for (i = 0; i < RUN_VAP_MAX; i++) { 971 if((sc->rvp_bmap & 1 << i) == 0){ 972 sc->rvp_bmap |= 1 << i; 973 rvp->rvp_id = i; 974 break; 975 } 976 } 977 if (sc->rvp_cnt++ == 0) 978 ic->ic_opmode = opmode; 979 980 if (opmode == IEEE80211_M_HOSTAP) 981 sc->cmdq_run = RUN_CMDQ_GO; 982 983 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 984 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 985 986 return (vap); 987} 988 989static void 990run_vap_delete(struct ieee80211vap *vap) 991{ 992 struct run_vap *rvp = RUN_VAP(vap); 993 struct ifnet *ifp; 994 struct ieee80211com *ic; 995 struct run_softc *sc; 996 uint8_t rvp_id; 997 998 if (vap == NULL) 999 return; 1000 1001 ic = vap->iv_ic; 1002 ifp = ic->ic_ifp; 1003 1004 sc = ifp->if_softc; 1005 1006 RUN_LOCK(sc); 1007 1008 m_freem(rvp->beacon_mbuf); 1009 rvp->beacon_mbuf = NULL; 1010 1011 rvp_id = rvp->rvp_id; 1012 sc->ratectl_run &= ~(1 << rvp_id); 1013 sc->rvp_bmap &= ~(1 << rvp_id); 1014 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1015 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1016 --sc->rvp_cnt; 1017 1018 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1019 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1020 1021 RUN_UNLOCK(sc); 1022 1023 ieee80211_ratectl_deinit(vap); 1024 ieee80211_vap_detach(vap); 1025 free(rvp, M_80211_VAP); 1026} 1027 1028/* 1029 * There are numbers of functions need to be called in context thread. 1030 * Rather than creating taskqueue event for each of those functions, 1031 * here is all-for-one taskqueue callback function. This function 1032 * gurantees deferred functions are executed in the same order they 1033 * were enqueued. 1034 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1035 */ 1036static void 1037run_cmdq_cb(void *arg, int pending) 1038{ 1039 struct run_softc *sc = arg; 1040 uint8_t i; 1041 1042 /* call cmdq[].func locked */ 1043 RUN_LOCK(sc); 1044 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1045 i = sc->cmdq_exec, pending--) { 1046 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1047 if (sc->cmdq_run == RUN_CMDQ_GO) { 1048 /* 1049 * If arg0 is NULL, callback func needs more 1050 * than one arg. So, pass ptr to cmdq struct. 1051 */ 1052 if (sc->cmdq[i].arg0) 1053 sc->cmdq[i].func(sc->cmdq[i].arg0); 1054 else 1055 sc->cmdq[i].func(&sc->cmdq[i]); 1056 } 1057 sc->cmdq[i].arg0 = NULL; 1058 sc->cmdq[i].func = NULL; 1059 sc->cmdq_exec++; 1060 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1061 } 1062 RUN_UNLOCK(sc); 1063} 1064 1065static void 1066run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1067{ 1068 struct run_tx_data *data; 1069 1070 memset(pq, 0, sizeof(*pq)); 1071 1072 STAILQ_INIT(&pq->tx_qh); 1073 STAILQ_INIT(&pq->tx_fh); 1074 1075 for (data = &pq->tx_data[0]; 1076 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1077 data->sc = sc; 1078 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1079 } 1080 pq->tx_nfree = RUN_TX_RING_COUNT; 1081} 1082 1083static void 1084run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1085{ 1086 struct run_tx_data *data; 1087 1088 /* make sure any subsequent use of the queues will fail */ 1089 pq->tx_nfree = 0; 1090 STAILQ_INIT(&pq->tx_fh); 1091 STAILQ_INIT(&pq->tx_qh); 1092 1093 /* free up all node references and mbufs */ 1094 for (data = &pq->tx_data[0]; 1095 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1096 if (data->m != NULL) { 1097 m_freem(data->m); 1098 data->m = NULL; 1099 } 1100 if (data->ni != NULL) { 1101 ieee80211_free_node(data->ni); 1102 data->ni = NULL; 1103 } 1104 } 1105} 1106 1107static int 1108run_load_microcode(struct run_softc *sc) 1109{ 1110 usb_device_request_t req; 1111 const struct firmware *fw; 1112 const u_char *base; 1113 uint32_t tmp; 1114 int ntries, error; 1115 const uint64_t *temp; 1116 uint64_t bytes; 1117 1118 RUN_UNLOCK(sc); 1119 fw = firmware_get("runfw"); 1120 RUN_LOCK(sc); 1121 if (fw == NULL) { 1122 device_printf(sc->sc_dev, 1123 "failed loadfirmware of file %s\n", "runfw"); 1124 return ENOENT; 1125 } 1126 1127 if (fw->datasize != 8192) { 1128 device_printf(sc->sc_dev, 1129 "invalid firmware size (should be 8KB)\n"); 1130 error = EINVAL; 1131 goto fail; 1132 } 1133 1134 /* 1135 * RT3071/RT3072 use a different firmware 1136 * run-rt2870 (8KB) contains both, 1137 * first half (4KB) is for rt2870, 1138 * last half is for rt3071. 1139 */ 1140 base = fw->data; 1141 if ((sc->mac_ver) != 0x2860 && 1142 (sc->mac_ver) != 0x2872 && 1143 (sc->mac_ver) != 0x3070) { 1144 base += 4096; 1145 } 1146 1147 /* cheap sanity check */ 1148 temp = fw->data; 1149 bytes = *temp; 1150 if (bytes != be64toh(0xffffff0210280210ULL)) { 1151 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1152 error = EINVAL; 1153 goto fail; 1154 } 1155 1156 /* write microcode image */ 1157 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1158 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1159 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1160 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1161 } 1162 1163 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1164 req.bRequest = RT2870_RESET; 1165 USETW(req.wValue, 8); 1166 USETW(req.wIndex, 0); 1167 USETW(req.wLength, 0); 1168 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1169 != 0) { 1170 device_printf(sc->sc_dev, "firmware reset failed\n"); 1171 goto fail; 1172 } 1173 1174 run_delay(sc, 10); 1175 1176 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1177 run_write(sc, RT2860_H2M_MAILBOX, 0); 1178 run_write(sc, RT2860_H2M_INTSRC, 0); 1179 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1180 goto fail; 1181 1182 /* wait until microcontroller is ready */ 1183 for (ntries = 0; ntries < 1000; ntries++) { 1184 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1185 goto fail; 1186 if (tmp & RT2860_MCU_READY) 1187 break; 1188 run_delay(sc, 10); 1189 } 1190 if (ntries == 1000) { 1191 device_printf(sc->sc_dev, 1192 "timeout waiting for MCU to initialize\n"); 1193 error = ETIMEDOUT; 1194 goto fail; 1195 } 1196 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1197 (base == fw->data) ? "RT2870" : "RT3071", 1198 *(base + 4092), *(base + 4093)); 1199 1200fail: 1201 firmware_put(fw, FIRMWARE_UNLOAD); 1202 return (error); 1203} 1204 1205static int 1206run_reset(struct run_softc *sc) 1207{ 1208 usb_device_request_t req; 1209 1210 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1211 req.bRequest = RT2870_RESET; 1212 USETW(req.wValue, 1); 1213 USETW(req.wIndex, 0); 1214 USETW(req.wLength, 0); 1215 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1216} 1217 1218static usb_error_t 1219run_do_request(struct run_softc *sc, 1220 struct usb_device_request *req, void *data) 1221{ 1222 usb_error_t err; 1223 int ntries = 10; 1224 1225 RUN_LOCK_ASSERT(sc, MA_OWNED); 1226 1227 while (ntries--) { 1228 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1229 req, data, 0, NULL, 250 /* ms */); 1230 if (err == 0) 1231 break; 1232 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1233 usbd_errstr(err)); 1234 run_delay(sc, 10); 1235 } 1236 return (err); 1237} 1238 1239static int 1240run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1241{ 1242 uint32_t tmp; 1243 int error; 1244 1245 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1246 if (error == 0) 1247 *val = le32toh(tmp); 1248 else 1249 *val = 0xffffffff; 1250 return (error); 1251} 1252 1253static int 1254run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1255{ 1256 usb_device_request_t req; 1257 1258 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1259 req.bRequest = RT2870_READ_REGION_1; 1260 USETW(req.wValue, 0); 1261 USETW(req.wIndex, reg); 1262 USETW(req.wLength, len); 1263 1264 return (run_do_request(sc, &req, buf)); 1265} 1266 1267static int 1268run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1269{ 1270 usb_device_request_t req; 1271 1272 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1273 req.bRequest = RT2870_WRITE_2; 1274 USETW(req.wValue, val); 1275 USETW(req.wIndex, reg); 1276 USETW(req.wLength, 0); 1277 1278 return (run_do_request(sc, &req, NULL)); 1279} 1280 1281static int 1282run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1283{ 1284 int error; 1285 1286 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1287 error = run_write_2(sc, reg + 2, val >> 16); 1288 return (error); 1289} 1290 1291static int 1292run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1293 int len) 1294{ 1295#if 1 1296 int i, error = 0; 1297 /* 1298 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1299 * We thus issue multiple WRITE_2 commands instead. 1300 */ 1301 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1302 for (i = 0; i < len && error == 0; i += 2) 1303 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1304 return (error); 1305#else 1306 usb_device_request_t req; 1307 int error = 0; 1308 1309 /* 1310 * NOTE: It appears the WRITE_REGION_1 command cannot be 1311 * passed a huge amount of data, which will crash the 1312 * firmware. Limit amount of data passed to 64-bytes at a 1313 * time. 1314 */ 1315 while (len > 0) { 1316 int delta = 64; 1317 if (delta > len) 1318 delta = len; 1319 1320 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1321 req.bRequest = RT2870_WRITE_REGION_1; 1322 USETW(req.wValue, 0); 1323 USETW(req.wIndex, reg); 1324 USETW(req.wLength, delta); 1325 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1326 if (error != 0) 1327 break; 1328 reg += delta; 1329 buf += delta; 1330 len -= delta; 1331 } 1332 return (error); 1333#endif 1334} 1335 1336static int 1337run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1338{ 1339 int i, error = 0; 1340 1341 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1342 for (i = 0; i < len && error == 0; i += 4) 1343 error = run_write(sc, reg + i, val); 1344 return (error); 1345} 1346 1347static int 1348run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1349{ 1350 uint32_t tmp; 1351 uint16_t reg; 1352 int error, ntries; 1353 1354 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1355 return (error); 1356 1357 if (count == 2) 1358 addr *= 2; 1359 /*- 1360 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1361 * DATA0: F E D C 1362 * DATA1: B A 9 8 1363 * DATA2: 7 6 5 4 1364 * DATA3: 3 2 1 0 1365 */ 1366 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1367 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1368 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1369 for (ntries = 0; ntries < 100; ntries++) { 1370 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1371 return (error); 1372 if (!(tmp & RT3070_EFSROM_KICK)) 1373 break; 1374 run_delay(sc, 2); 1375 } 1376 if (ntries == 100) 1377 return (ETIMEDOUT); 1378 1379 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1380 *val = 0xffff; /* address not found */ 1381 return (0); 1382 } 1383 /* determine to which 32-bit register our 16-bit word belongs */ 1384 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1385 if ((error = run_read(sc, reg, &tmp)) != 0) 1386 return (error); 1387 1388 tmp >>= (8 * (addr & 0x3)); 1389 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1390 1391 return (0); 1392} 1393 1394/* Read 16-bit from eFUSE ROM for RT3xxx. */ 1395static int 1396run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1397{ 1398 return (run_efuse_read(sc, addr, val, 2)); 1399} 1400 1401static int 1402run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1403{ 1404 usb_device_request_t req; 1405 uint16_t tmp; 1406 int error; 1407 1408 addr *= 2; 1409 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1410 req.bRequest = RT2870_EEPROM_READ; 1411 USETW(req.wValue, 0); 1412 USETW(req.wIndex, addr); 1413 USETW(req.wLength, sizeof(tmp)); 1414 1415 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1416 if (error == 0) 1417 *val = le16toh(tmp); 1418 else 1419 *val = 0xffff; 1420 return (error); 1421} 1422 1423static __inline int 1424run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1425{ 1426 /* either eFUSE ROM or EEPROM */ 1427 return sc->sc_srom_read(sc, addr, val); 1428} 1429 1430static int 1431run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1432{ 1433 uint32_t tmp; 1434 int error, ntries; 1435 1436 for (ntries = 0; ntries < 10; ntries++) { 1437 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1438 return (error); 1439 if (!(tmp & RT2860_RF_REG_CTRL)) 1440 break; 1441 } 1442 if (ntries == 10) 1443 return (ETIMEDOUT); 1444 1445 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1446} 1447 1448static int 1449run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1450{ 1451 uint32_t tmp; 1452 int error, ntries; 1453 1454 for (ntries = 0; ntries < 100; ntries++) { 1455 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1456 return (error); 1457 if (!(tmp & RT3070_RF_KICK)) 1458 break; 1459 } 1460 if (ntries == 100) 1461 return (ETIMEDOUT); 1462 1463 tmp = RT3070_RF_KICK | reg << 8; 1464 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1465 return (error); 1466 1467 for (ntries = 0; ntries < 100; ntries++) { 1468 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1469 return (error); 1470 if (!(tmp & RT3070_RF_KICK)) 1471 break; 1472 } 1473 if (ntries == 100) 1474 return (ETIMEDOUT); 1475 1476 *val = tmp & 0xff; 1477 return (0); 1478} 1479 1480static int 1481run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1482{ 1483 uint32_t tmp; 1484 int error, ntries; 1485 1486 for (ntries = 0; ntries < 10; ntries++) { 1487 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1488 return (error); 1489 if (!(tmp & RT3070_RF_KICK)) 1490 break; 1491 } 1492 if (ntries == 10) 1493 return (ETIMEDOUT); 1494 1495 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1496 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1497} 1498 1499static int 1500run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1501{ 1502 uint32_t tmp; 1503 int ntries, error; 1504 1505 for (ntries = 0; ntries < 10; ntries++) { 1506 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1507 return (error); 1508 if (!(tmp & RT2860_BBP_CSR_KICK)) 1509 break; 1510 } 1511 if (ntries == 10) 1512 return (ETIMEDOUT); 1513 1514 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1515 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1516 return (error); 1517 1518 for (ntries = 0; ntries < 10; ntries++) { 1519 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1520 return (error); 1521 if (!(tmp & RT2860_BBP_CSR_KICK)) 1522 break; 1523 } 1524 if (ntries == 10) 1525 return (ETIMEDOUT); 1526 1527 *val = tmp & 0xff; 1528 return (0); 1529} 1530 1531static int 1532run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1533{ 1534 uint32_t tmp; 1535 int ntries, error; 1536 1537 for (ntries = 0; ntries < 10; ntries++) { 1538 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1539 return (error); 1540 if (!(tmp & RT2860_BBP_CSR_KICK)) 1541 break; 1542 } 1543 if (ntries == 10) 1544 return (ETIMEDOUT); 1545 1546 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1547 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1548} 1549 1550/* 1551 * Send a command to the 8051 microcontroller unit. 1552 */ 1553static int 1554run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1555{ 1556 uint32_t tmp; 1557 int error, ntries; 1558 1559 for (ntries = 0; ntries < 100; ntries++) { 1560 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1561 return error; 1562 if (!(tmp & RT2860_H2M_BUSY)) 1563 break; 1564 } 1565 if (ntries == 100) 1566 return ETIMEDOUT; 1567 1568 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1569 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1570 error = run_write(sc, RT2860_HOST_CMD, cmd); 1571 return (error); 1572} 1573 1574/* 1575 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1576 * Used to adjust per-rate Tx power registers. 1577 */ 1578static __inline uint32_t 1579b4inc(uint32_t b32, int8_t delta) 1580{ 1581 int8_t i, b4; 1582 1583 for (i = 0; i < 8; i++) { 1584 b4 = b32 & 0xf; 1585 b4 += delta; 1586 if (b4 < 0) 1587 b4 = 0; 1588 else if (b4 > 0xf) 1589 b4 = 0xf; 1590 b32 = b32 >> 4 | b4 << 28; 1591 } 1592 return (b32); 1593} 1594 1595static const char * 1596run_get_rf(uint16_t rev) 1597{ 1598 switch (rev) { 1599 case RT2860_RF_2820: return "RT2820"; 1600 case RT2860_RF_2850: return "RT2850"; 1601 case RT2860_RF_2720: return "RT2720"; 1602 case RT2860_RF_2750: return "RT2750"; 1603 case RT3070_RF_3020: return "RT3020"; 1604 case RT3070_RF_2020: return "RT2020"; 1605 case RT3070_RF_3021: return "RT3021"; 1606 case RT3070_RF_3022: return "RT3022"; 1607 case RT3070_RF_3052: return "RT3052"; 1608 case RT3593_RF_3053: return "RT3053"; 1609 case RT5592_RF_5592: return "RT5592"; 1610 case RT5390_RF_5370: return "RT5370"; 1611 case RT5390_RF_5372: return "RT5372"; 1612 } 1613 return ("unknown"); 1614} 1615 1616static void 1617run_rt3593_get_txpower(struct run_softc *sc) 1618{ 1619 uint16_t addr, val; 1620 int i; 1621 1622 /* Read power settings for 2GHz channels. */ 1623 for (i = 0; i < 14; i += 2) { 1624 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1625 RT2860_EEPROM_PWR2GHZ_BASE1; 1626 run_srom_read(sc, addr + i / 2, &val); 1627 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1628 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1629 1630 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1631 RT2860_EEPROM_PWR2GHZ_BASE2; 1632 run_srom_read(sc, addr + i / 2, &val); 1633 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1634 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1635 1636 if (sc->ntxchains == 3) { 1637 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1638 &val); 1639 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1640 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1641 } 1642 } 1643 /* Fix broken Tx power entries. */ 1644 for (i = 0; i < 14; i++) { 1645 if (sc->txpow1[i] > 31) 1646 sc->txpow1[i] = 5; 1647 if (sc->txpow2[i] > 31) 1648 sc->txpow2[i] = 5; 1649 if (sc->ntxchains == 3) { 1650 if (sc->txpow3[i] > 31) 1651 sc->txpow3[i] = 5; 1652 } 1653 } 1654 /* Read power settings for 5GHz channels. */ 1655 for (i = 0; i < 40; i += 2) { 1656 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1657 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1658 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1659 1660 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1661 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1662 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1663 1664 if (sc->ntxchains == 3) { 1665 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1666 &val); 1667 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1668 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1669 } 1670 } 1671} 1672 1673static void 1674run_get_txpower(struct run_softc *sc) 1675{ 1676 uint16_t val; 1677 int i; 1678 1679 /* Read power settings for 2GHz channels. */ 1680 for (i = 0; i < 14; i += 2) { 1681 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1682 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1683 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1684 1685 if (sc->mac_ver != 0x5390) { 1686 run_srom_read(sc, 1687 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1688 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1689 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1690 } 1691 } 1692 /* Fix broken Tx power entries. */ 1693 for (i = 0; i < 14; i++) { 1694 if (sc->mac_ver >= 0x5390) { 1695 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1696 sc->txpow1[i] = 5; 1697 } else { 1698 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1699 sc->txpow1[i] = 5; 1700 } 1701 if (sc->mac_ver > 0x5390) { 1702 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1703 sc->txpow2[i] = 5; 1704 } else if (sc->mac_ver < 0x5390) { 1705 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1706 sc->txpow2[i] = 5; 1707 } 1708 DPRINTF("chan %d: power1=%d, power2=%d\n", 1709 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1710 } 1711 /* Read power settings for 5GHz channels. */ 1712 for (i = 0; i < 40; i += 2) { 1713 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1714 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1715 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1716 1717 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1718 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1719 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1720 } 1721 /* Fix broken Tx power entries. */ 1722 for (i = 0; i < 40; i++ ) { 1723 if (sc->mac_ver != 0x5592) { 1724 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1725 sc->txpow1[14 + i] = 5; 1726 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1727 sc->txpow2[14 + i] = 5; 1728 } 1729 DPRINTF("chan %d: power1=%d, power2=%d\n", 1730 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1731 sc->txpow2[14 + i]); 1732 } 1733} 1734 1735static int 1736run_read_eeprom(struct run_softc *sc) 1737{ 1738 int8_t delta_2ghz, delta_5ghz; 1739 uint32_t tmp; 1740 uint16_t val; 1741 int ridx, ant, i; 1742 1743 /* check whether the ROM is eFUSE ROM or EEPROM */ 1744 sc->sc_srom_read = run_eeprom_read_2; 1745 if (sc->mac_ver >= 0x3070) { 1746 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1747 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1748 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1749 sc->sc_srom_read = run_efuse_read_2; 1750 } 1751 1752 /* read ROM version */ 1753 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1754 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1755 1756 /* read MAC address */ 1757 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1758 sc->sc_bssid[0] = val & 0xff; 1759 sc->sc_bssid[1] = val >> 8; 1760 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1761 sc->sc_bssid[2] = val & 0xff; 1762 sc->sc_bssid[3] = val >> 8; 1763 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1764 sc->sc_bssid[4] = val & 0xff; 1765 sc->sc_bssid[5] = val >> 8; 1766 1767 if (sc->mac_ver < 0x3593) { 1768 /* read vender BBP settings */ 1769 for (i = 0; i < 10; i++) { 1770 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1771 sc->bbp[i].val = val & 0xff; 1772 sc->bbp[i].reg = val >> 8; 1773 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1774 sc->bbp[i].val); 1775 } 1776 if (sc->mac_ver >= 0x3071) { 1777 /* read vendor RF settings */ 1778 for (i = 0; i < 10; i++) { 1779 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1780 &val); 1781 sc->rf[i].val = val & 0xff; 1782 sc->rf[i].reg = val >> 8; 1783 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1784 sc->rf[i].val); 1785 } 1786 } 1787 } 1788 1789 /* read RF frequency offset from EEPROM */ 1790 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1791 RT3593_EEPROM_FREQ, &val); 1792 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1793 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1794 1795 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1796 RT3593_EEPROM_FREQ_LEDS, &val); 1797 if (val >> 8 != 0xff) { 1798 /* read LEDs operating mode */ 1799 sc->leds = val >> 8; 1800 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1801 RT3593_EEPROM_LED1, &sc->led[0]); 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1803 RT3593_EEPROM_LED2, &sc->led[1]); 1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1805 RT3593_EEPROM_LED3, &sc->led[2]); 1806 } else { 1807 /* broken EEPROM, use default settings */ 1808 sc->leds = 0x01; 1809 sc->led[0] = 0x5555; 1810 sc->led[1] = 0x2221; 1811 sc->led[2] = 0x5627; /* differs from RT2860 */ 1812 } 1813 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1814 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1815 1816 /* read RF information */ 1817 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1818 run_srom_read(sc, 0x00, &val); 1819 else 1820 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1821 1822 if (val == 0xffff) { 1823 device_printf(sc->sc_dev, 1824 "invalid EEPROM antenna info, using default\n"); 1825 DPRINTF("invalid EEPROM antenna info, using default\n"); 1826 if (sc->mac_ver == 0x3572) { 1827 /* default to RF3052 2T2R */ 1828 sc->rf_rev = RT3070_RF_3052; 1829 sc->ntxchains = 2; 1830 sc->nrxchains = 2; 1831 } else if (sc->mac_ver >= 0x3070) { 1832 /* default to RF3020 1T1R */ 1833 sc->rf_rev = RT3070_RF_3020; 1834 sc->ntxchains = 1; 1835 sc->nrxchains = 1; 1836 } else { 1837 /* default to RF2820 1T2R */ 1838 sc->rf_rev = RT2860_RF_2820; 1839 sc->ntxchains = 1; 1840 sc->nrxchains = 2; 1841 } 1842 } else { 1843 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1844 sc->rf_rev = val; 1845 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1846 } else 1847 sc->rf_rev = (val >> 8) & 0xf; 1848 sc->ntxchains = (val >> 4) & 0xf; 1849 sc->nrxchains = val & 0xf; 1850 } 1851 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1852 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1853 1854 /* check if RF supports automatic Tx access gain control */ 1855 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1856 DPRINTF("EEPROM CFG 0x%04x\n", val); 1857 /* check if driver should patch the DAC issue */ 1858 if ((val >> 8) != 0xff) 1859 sc->patch_dac = (val >> 15) & 1; 1860 if ((val & 0xff) != 0xff) { 1861 sc->ext_5ghz_lna = (val >> 3) & 1; 1862 sc->ext_2ghz_lna = (val >> 2) & 1; 1863 /* check if RF supports automatic Tx access gain control */ 1864 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1865 /* check if we have a hardware radio switch */ 1866 sc->rfswitch = val & 1; 1867 } 1868 1869 /* Read Tx power settings. */ 1870 if (sc->mac_ver == 0x3593) 1871 run_rt3593_get_txpower(sc); 1872 else 1873 run_get_txpower(sc); 1874 1875 /* read Tx power compensation for each Tx rate */ 1876 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1877 delta_2ghz = delta_5ghz = 0; 1878 if ((val & 0xff) != 0xff && (val & 0x80)) { 1879 delta_2ghz = val & 0xf; 1880 if (!(val & 0x40)) /* negative number */ 1881 delta_2ghz = -delta_2ghz; 1882 } 1883 val >>= 8; 1884 if ((val & 0xff) != 0xff && (val & 0x80)) { 1885 delta_5ghz = val & 0xf; 1886 if (!(val & 0x40)) /* negative number */ 1887 delta_5ghz = -delta_5ghz; 1888 } 1889 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1890 delta_2ghz, delta_5ghz); 1891 1892 for (ridx = 0; ridx < 5; ridx++) { 1893 uint32_t reg; 1894 1895 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1896 reg = val; 1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1898 reg |= (uint32_t)val << 16; 1899 1900 sc->txpow20mhz[ridx] = reg; 1901 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1902 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1903 1904 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1905 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1906 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1907 } 1908 1909 /* Read RSSI offsets and LNA gains from EEPROM. */ 1910 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1911 RT3593_EEPROM_RSSI1_2GHZ, &val); 1912 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1913 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1914 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1915 RT3593_EEPROM_RSSI2_2GHZ, &val); 1916 if (sc->mac_ver >= 0x3070) { 1917 if (sc->mac_ver == 0x3593) { 1918 sc->txmixgain_2ghz = 0; 1919 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1920 } else { 1921 /* 1922 * On RT3070 chips (limited to 2 Rx chains), this ROM 1923 * field contains the Tx mixer gain for the 2GHz band. 1924 */ 1925 if ((val & 0xff) != 0xff) 1926 sc->txmixgain_2ghz = val & 0x7; 1927 } 1928 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1929 } else 1930 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1931 if (sc->mac_ver == 0x3593) 1932 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1933 sc->lna[2] = val >> 8; /* channel group 2 */ 1934 1935 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1936 RT3593_EEPROM_RSSI1_5GHZ, &val); 1937 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1938 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1939 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1940 RT3593_EEPROM_RSSI2_5GHZ, &val); 1941 if (sc->mac_ver == 0x3572) { 1942 /* 1943 * On RT3572 chips (limited to 2 Rx chains), this ROM 1944 * field contains the Tx mixer gain for the 5GHz band. 1945 */ 1946 if ((val & 0xff) != 0xff) 1947 sc->txmixgain_5ghz = val & 0x7; 1948 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1949 } else 1950 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1951 if (sc->mac_ver == 0x3593) { 1952 sc->txmixgain_5ghz = 0; 1953 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1954 } 1955 sc->lna[3] = val >> 8; /* channel group 3 */ 1956 1957 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1958 RT3593_EEPROM_LNA, &val); 1959 sc->lna[0] = val & 0xff; /* channel group 0 */ 1960 sc->lna[1] = val >> 8; /* channel group 1 */ 1961 1962 /* fix broken 5GHz LNA entries */ 1963 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1964 DPRINTF("invalid LNA for channel group %d\n", 2); 1965 sc->lna[2] = sc->lna[1]; 1966 } 1967 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1968 DPRINTF("invalid LNA for channel group %d\n", 3); 1969 sc->lna[3] = sc->lna[1]; 1970 } 1971 1972 /* fix broken RSSI offset entries */ 1973 for (ant = 0; ant < 3; ant++) { 1974 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1975 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1976 ant + 1, sc->rssi_2ghz[ant]); 1977 sc->rssi_2ghz[ant] = 0; 1978 } 1979 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1980 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1981 ant + 1, sc->rssi_5ghz[ant]); 1982 sc->rssi_5ghz[ant] = 0; 1983 } 1984 } 1985 return (0); 1986} 1987 1988static struct ieee80211_node * 1989run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1990{ 1991 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1992} 1993 1994static int 1995run_media_change(struct ifnet *ifp) 1996{ 1997 struct ieee80211vap *vap = ifp->if_softc; 1998 struct ieee80211com *ic = vap->iv_ic; 1999 const struct ieee80211_txparam *tp; 2000 struct run_softc *sc = ic->ic_ifp->if_softc; 2001 uint8_t rate, ridx; 2002 int error; 2003 2004 RUN_LOCK(sc); 2005 2006 error = ieee80211_media_change(ifp); 2007 if (error != ENETRESET) { 2008 RUN_UNLOCK(sc); 2009 return (error); 2010 } 2011 2012 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2013 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2014 struct ieee80211_node *ni; 2015 struct run_node *rn; 2016 2017 rate = ic->ic_sup_rates[ic->ic_curmode]. 2018 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2019 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2020 if (rt2860_rates[ridx].rate == rate) 2021 break; 2022 ni = ieee80211_ref_node(vap->iv_bss); 2023 rn = (struct run_node *)ni; 2024 rn->fix_ridx = ridx; 2025 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2026 ieee80211_free_node(ni); 2027 } 2028 2029#if 0 2030 if ((ifp->if_flags & IFF_UP) && 2031 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 2032 run_init_locked(sc); 2033 } 2034#endif 2035 2036 RUN_UNLOCK(sc); 2037 2038 return (0); 2039} 2040 2041static int 2042run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2043{ 2044 const struct ieee80211_txparam *tp; 2045 struct ieee80211com *ic = vap->iv_ic; 2046 struct run_softc *sc = ic->ic_ifp->if_softc; 2047 struct run_vap *rvp = RUN_VAP(vap); 2048 enum ieee80211_state ostate; 2049 uint32_t sta[3]; 2050 uint32_t tmp; 2051 uint8_t ratectl; 2052 uint8_t restart_ratectl = 0; 2053 uint8_t bid = 1 << rvp->rvp_id; 2054 2055 ostate = vap->iv_state; 2056 DPRINTF("%s -> %s\n", 2057 ieee80211_state_name[ostate], 2058 ieee80211_state_name[nstate]); 2059 2060 IEEE80211_UNLOCK(ic); 2061 RUN_LOCK(sc); 2062 2063 ratectl = sc->ratectl_run; /* remember current state */ 2064 sc->ratectl_run = RUN_RATECTL_OFF; 2065 usb_callout_stop(&sc->ratectl_ch); 2066 2067 if (ostate == IEEE80211_S_RUN) { 2068 /* turn link LED off */ 2069 run_set_leds(sc, RT2860_LED_RADIO); 2070 } 2071 2072 switch (nstate) { 2073 case IEEE80211_S_INIT: 2074 restart_ratectl = 1; 2075 2076 if (ostate != IEEE80211_S_RUN) 2077 break; 2078 2079 ratectl &= ~bid; 2080 sc->runbmap &= ~bid; 2081 2082 /* abort TSF synchronization if there is no vap running */ 2083 if (--sc->running == 0) { 2084 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2085 run_write(sc, RT2860_BCN_TIME_CFG, 2086 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2087 RT2860_TBTT_TIMER_EN)); 2088 } 2089 break; 2090 2091 case IEEE80211_S_RUN: 2092 if (!(sc->runbmap & bid)) { 2093 if(sc->running++) 2094 restart_ratectl = 1; 2095 sc->runbmap |= bid; 2096 } 2097 2098 m_freem(rvp->beacon_mbuf); 2099 rvp->beacon_mbuf = NULL; 2100 2101 switch (vap->iv_opmode) { 2102 case IEEE80211_M_HOSTAP: 2103 case IEEE80211_M_MBSS: 2104 sc->ap_running |= bid; 2105 ic->ic_opmode = vap->iv_opmode; 2106 run_update_beacon_cb(vap); 2107 break; 2108 case IEEE80211_M_IBSS: 2109 sc->adhoc_running |= bid; 2110 if (!sc->ap_running) 2111 ic->ic_opmode = vap->iv_opmode; 2112 run_update_beacon_cb(vap); 2113 break; 2114 case IEEE80211_M_STA: 2115 sc->sta_running |= bid; 2116 if (!sc->ap_running && !sc->adhoc_running) 2117 ic->ic_opmode = vap->iv_opmode; 2118 2119 /* read statistic counters (clear on read) */ 2120 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2121 (uint8_t *)sta, sizeof sta); 2122 2123 break; 2124 default: 2125 ic->ic_opmode = vap->iv_opmode; 2126 break; 2127 } 2128 2129 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2130 struct ieee80211_node *ni; 2131 2132 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2133 RUN_UNLOCK(sc); 2134 IEEE80211_LOCK(ic); 2135 return (-1); 2136 } 2137 run_updateslot(ic->ic_ifp); 2138 run_enable_mrr(sc); 2139 run_set_txpreamble(sc); 2140 run_set_basicrates(sc); 2141 ni = ieee80211_ref_node(vap->iv_bss); 2142 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2143 run_set_bssid(sc, ni->ni_bssid); 2144 ieee80211_free_node(ni); 2145 run_enable_tsf_sync(sc); 2146 2147 /* enable automatic rate adaptation */ 2148 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2149 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2150 ratectl |= bid; 2151 } 2152 2153 /* turn link LED on */ 2154 run_set_leds(sc, RT2860_LED_RADIO | 2155 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2156 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2157 2158 break; 2159 default: 2160 DPRINTFN(6, "undefined case\n"); 2161 break; 2162 } 2163 2164 /* restart amrr for running VAPs */ 2165 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2166 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2167 2168 RUN_UNLOCK(sc); 2169 IEEE80211_LOCK(ic); 2170 2171 return(rvp->newstate(vap, nstate, arg)); 2172} 2173 2174/* ARGSUSED */ 2175static void 2176run_wme_update_cb(void *arg) 2177{ 2178 struct ieee80211com *ic = arg; 2179 struct run_softc *sc = ic->ic_ifp->if_softc; 2180 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2181 int aci, error = 0; 2182 2183 RUN_LOCK_ASSERT(sc, MA_OWNED); 2184 2185 /* update MAC TX configuration registers */ 2186 for (aci = 0; aci < WME_NUM_AC; aci++) { 2187 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2188 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2189 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2190 wmesp->wme_params[aci].wmep_aifsn << 8 | 2191 wmesp->wme_params[aci].wmep_txopLimit); 2192 if (error) goto err; 2193 } 2194 2195 /* update SCH/DMA registers too */ 2196 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2197 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2198 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2199 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2200 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2201 if (error) goto err; 2202 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2203 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2204 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2205 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2206 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2207 if (error) goto err; 2208 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2209 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2210 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2211 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2212 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2213 if (error) goto err; 2214 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2215 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2216 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2217 if (error) goto err; 2218 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2219 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2220 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2221 2222err: 2223 if (error) 2224 DPRINTF("WME update failed\n"); 2225 2226 return; 2227} 2228 2229static int 2230run_wme_update(struct ieee80211com *ic) 2231{ 2232 struct run_softc *sc = ic->ic_ifp->if_softc; 2233 2234 /* sometime called wothout lock */ 2235 if (mtx_owned(&ic->ic_comlock.mtx)) { 2236 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2237 DPRINTF("cmdq_store=%d\n", i); 2238 sc->cmdq[i].func = run_wme_update_cb; 2239 sc->cmdq[i].arg0 = ic; 2240 ieee80211_runtask(ic, &sc->cmdq_task); 2241 return (0); 2242 } 2243 2244 RUN_LOCK(sc); 2245 run_wme_update_cb(ic); 2246 RUN_UNLOCK(sc); 2247 2248 /* return whatever, upper layer desn't care anyway */ 2249 return (0); 2250} 2251 2252static void 2253run_key_update_begin(struct ieee80211vap *vap) 2254{ 2255 /* 2256 * To avoid out-of-order events, both run_key_set() and 2257 * _delete() are deferred and handled by run_cmdq_cb(). 2258 * So, there is nothing we need to do here. 2259 */ 2260} 2261 2262static void 2263run_key_update_end(struct ieee80211vap *vap) 2264{ 2265 /* null */ 2266} 2267 2268static void 2269run_key_set_cb(void *arg) 2270{ 2271 struct run_cmdq *cmdq = arg; 2272 struct ieee80211vap *vap = cmdq->arg1; 2273 struct ieee80211_key *k = cmdq->k; 2274 struct ieee80211com *ic = vap->iv_ic; 2275 struct run_softc *sc = ic->ic_ifp->if_softc; 2276 struct ieee80211_node *ni; 2277 uint32_t attr; 2278 uint16_t base, associd; 2279 uint8_t mode, wcid, iv[8]; 2280 2281 RUN_LOCK_ASSERT(sc, MA_OWNED); 2282 2283 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2284 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2285 else 2286 ni = vap->iv_bss; 2287 associd = (ni != NULL) ? ni->ni_associd : 0; 2288 2289 /* map net80211 cipher to RT2860 security mode */ 2290 switch (k->wk_cipher->ic_cipher) { 2291 case IEEE80211_CIPHER_WEP: 2292 if(k->wk_keylen < 8) 2293 mode = RT2860_MODE_WEP40; 2294 else 2295 mode = RT2860_MODE_WEP104; 2296 break; 2297 case IEEE80211_CIPHER_TKIP: 2298 mode = RT2860_MODE_TKIP; 2299 break; 2300 case IEEE80211_CIPHER_AES_CCM: 2301 mode = RT2860_MODE_AES_CCMP; 2302 break; 2303 default: 2304 DPRINTF("undefined case\n"); 2305 return; 2306 } 2307 2308 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2309 associd, k->wk_keyix, mode, 2310 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2311 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2312 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2313 2314 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2315 wcid = 0; /* NB: update WCID0 for group keys */ 2316 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2317 } else { 2318 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2319 1 : RUN_AID2WCID(associd); 2320 base = RT2860_PKEY(wcid); 2321 } 2322 2323 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2324 if(run_write_region_1(sc, base, k->wk_key, 16)) 2325 return; 2326 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2327 return; 2328 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2329 return; 2330 } else { 2331 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2332 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2333 return; 2334 } 2335 2336 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2337 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2338 /* set initial packet number in IV+EIV */ 2339 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2340 memset(iv, 0, sizeof iv); 2341 iv[3] = vap->iv_def_txkey << 6; 2342 } else { 2343 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2344 iv[0] = k->wk_keytsc >> 8; 2345 iv[1] = (iv[0] | 0x20) & 0x7f; 2346 iv[2] = k->wk_keytsc; 2347 } else /* CCMP */ { 2348 iv[0] = k->wk_keytsc; 2349 iv[1] = k->wk_keytsc >> 8; 2350 iv[2] = 0; 2351 } 2352 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2353 iv[4] = k->wk_keytsc >> 16; 2354 iv[5] = k->wk_keytsc >> 24; 2355 iv[6] = k->wk_keytsc >> 32; 2356 iv[7] = k->wk_keytsc >> 40; 2357 } 2358 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2359 return; 2360 } 2361 2362 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2363 /* install group key */ 2364 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2365 return; 2366 attr &= ~(0xf << (k->wk_keyix * 4)); 2367 attr |= mode << (k->wk_keyix * 4); 2368 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2369 return; 2370 } else { 2371 /* install pairwise key */ 2372 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2373 return; 2374 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2375 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2376 return; 2377 } 2378 2379 /* TODO create a pass-thru key entry? */ 2380 2381 /* need wcid to delete the right key later */ 2382 k->wk_pad = wcid; 2383} 2384 2385/* 2386 * Don't have to be deferred, but in order to keep order of 2387 * execution, i.e. with run_key_delete(), defer this and let 2388 * run_cmdq_cb() maintain the order. 2389 * 2390 * return 0 on error 2391 */ 2392static int 2393run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2394 const uint8_t mac[IEEE80211_ADDR_LEN]) 2395{ 2396 struct ieee80211com *ic = vap->iv_ic; 2397 struct run_softc *sc = ic->ic_ifp->if_softc; 2398 uint32_t i; 2399 2400 i = RUN_CMDQ_GET(&sc->cmdq_store); 2401 DPRINTF("cmdq_store=%d\n", i); 2402 sc->cmdq[i].func = run_key_set_cb; 2403 sc->cmdq[i].arg0 = NULL; 2404 sc->cmdq[i].arg1 = vap; 2405 sc->cmdq[i].k = k; 2406 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2407 ieee80211_runtask(ic, &sc->cmdq_task); 2408 2409 /* 2410 * To make sure key will be set when hostapd 2411 * calls iv_key_set() before if_init(). 2412 */ 2413 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2414 RUN_LOCK(sc); 2415 sc->cmdq_key_set = RUN_CMDQ_GO; 2416 RUN_UNLOCK(sc); 2417 } 2418 2419 return (1); 2420} 2421 2422/* 2423 * If wlan is destroyed without being brought down i.e. without 2424 * wlan down or wpa_cli terminate, this function is called after 2425 * vap is gone. Don't refer it. 2426 */ 2427static void 2428run_key_delete_cb(void *arg) 2429{ 2430 struct run_cmdq *cmdq = arg; 2431 struct run_softc *sc = cmdq->arg1; 2432 struct ieee80211_key *k = &cmdq->key; 2433 uint32_t attr; 2434 uint8_t wcid; 2435 2436 RUN_LOCK_ASSERT(sc, MA_OWNED); 2437 2438 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2439 /* remove group key */ 2440 DPRINTF("removing group key\n"); 2441 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2442 attr &= ~(0xf << (k->wk_keyix * 4)); 2443 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2444 } else { 2445 /* remove pairwise key */ 2446 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2447 /* matching wcid was written to wk_pad in run_key_set() */ 2448 wcid = k->wk_pad; 2449 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2450 attr &= ~0xf; 2451 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2452 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2453 } 2454 2455 k->wk_pad = 0; 2456} 2457 2458/* 2459 * return 0 on error 2460 */ 2461static int 2462run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2463{ 2464 struct ieee80211com *ic = vap->iv_ic; 2465 struct run_softc *sc = ic->ic_ifp->if_softc; 2466 struct ieee80211_key *k0; 2467 uint32_t i; 2468 2469 /* 2470 * When called back, key might be gone. So, make a copy 2471 * of some values need to delete keys before deferring. 2472 * But, because of LOR with node lock, cannot use lock here. 2473 * So, use atomic instead. 2474 */ 2475 i = RUN_CMDQ_GET(&sc->cmdq_store); 2476 DPRINTF("cmdq_store=%d\n", i); 2477 sc->cmdq[i].func = run_key_delete_cb; 2478 sc->cmdq[i].arg0 = NULL; 2479 sc->cmdq[i].arg1 = sc; 2480 k0 = &sc->cmdq[i].key; 2481 k0->wk_flags = k->wk_flags; 2482 k0->wk_keyix = k->wk_keyix; 2483 /* matching wcid was written to wk_pad in run_key_set() */ 2484 k0->wk_pad = k->wk_pad; 2485 ieee80211_runtask(ic, &sc->cmdq_task); 2486 return (1); /* return fake success */ 2487 2488} 2489 2490static void 2491run_ratectl_to(void *arg) 2492{ 2493 struct run_softc *sc = arg; 2494 2495 /* do it in a process context, so it can go sleep */ 2496 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2497 /* next timeout will be rescheduled in the callback task */ 2498} 2499 2500/* ARGSUSED */ 2501static void 2502run_ratectl_cb(void *arg, int pending) 2503{ 2504 struct run_softc *sc = arg; 2505 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2506 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2507 2508 if (vap == NULL) 2509 return; 2510 2511 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2512 /* 2513 * run_reset_livelock() doesn't do anything with AMRR, 2514 * but Ralink wants us to call it every 1 sec. So, we 2515 * piggyback here rather than creating another callout. 2516 * Livelock may occur only in HOSTAP or IBSS mode 2517 * (when h/w is sending beacons). 2518 */ 2519 RUN_LOCK(sc); 2520 run_reset_livelock(sc); 2521 /* just in case, there are some stats to drain */ 2522 run_drain_fifo(sc); 2523 RUN_UNLOCK(sc); 2524 } 2525 2526 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2527 2528 RUN_LOCK(sc); 2529 if(sc->ratectl_run != RUN_RATECTL_OFF) 2530 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2531 RUN_UNLOCK(sc); 2532} 2533 2534static void 2535run_drain_fifo(void *arg) 2536{ 2537 struct run_softc *sc = arg; 2538 struct ifnet *ifp = sc->sc_ifp; 2539 uint32_t stat; 2540 uint16_t (*wstat)[3]; 2541 uint8_t wcid, mcs, pid; 2542 int8_t retry; 2543 2544 RUN_LOCK_ASSERT(sc, MA_OWNED); 2545 2546 for (;;) { 2547 /* drain Tx status FIFO (maxsize = 16) */ 2548 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2549 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2550 if (!(stat & RT2860_TXQ_VLD)) 2551 break; 2552 2553 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2554 2555 /* if no ACK was requested, no feedback is available */ 2556 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2557 wcid == 0) 2558 continue; 2559 2560 /* 2561 * Even though each stat is Tx-complete-status like format, 2562 * the device can poll stats. Because there is no guarantee 2563 * that the referring node is still around when read the stats. 2564 * So that, if we use ieee80211_ratectl_tx_update(), we will 2565 * have hard time not to refer already freed node. 2566 * 2567 * To eliminate such page faults, we poll stats in softc. 2568 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2569 */ 2570 wstat = &(sc->wcid_stats[wcid]); 2571 (*wstat)[RUN_TXCNT]++; 2572 if (stat & RT2860_TXQ_OK) 2573 (*wstat)[RUN_SUCCESS]++; 2574 else 2575 ifp->if_oerrors++; 2576 /* 2577 * Check if there were retries, ie if the Tx success rate is 2578 * different from the requested rate. Note that it works only 2579 * because we do not allow rate fallback from OFDM to CCK. 2580 */ 2581 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2582 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2583 if ((retry = pid -1 - mcs) > 0) { 2584 (*wstat)[RUN_TXCNT] += retry; 2585 (*wstat)[RUN_RETRY] += retry; 2586 } 2587 } 2588 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2589 2590 sc->fifo_cnt = 0; 2591} 2592 2593static void 2594run_iter_func(void *arg, struct ieee80211_node *ni) 2595{ 2596 struct run_softc *sc = arg; 2597 struct ieee80211vap *vap = ni->ni_vap; 2598 struct ieee80211com *ic = ni->ni_ic; 2599 struct ifnet *ifp = ic->ic_ifp; 2600 struct run_node *rn = (void *)ni; 2601 union run_stats sta[2]; 2602 uint16_t (*wstat)[3]; 2603 int txcnt, success, retrycnt, error; 2604 2605 RUN_LOCK(sc); 2606 2607 /* Check for special case */ 2608 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2609 ni != vap->iv_bss) 2610 goto fail; 2611 2612 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2613 vap->iv_opmode == IEEE80211_M_STA)) { 2614 /* read statistic counters (clear on read) and update AMRR state */ 2615 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2616 sizeof sta); 2617 if (error != 0) 2618 goto fail; 2619 2620 /* count failed TX as errors */ 2621 ifp->if_oerrors += le16toh(sta[0].error.fail); 2622 2623 retrycnt = le16toh(sta[1].tx.retry); 2624 success = le16toh(sta[1].tx.success); 2625 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2626 2627 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2628 retrycnt, success, le16toh(sta[0].error.fail)); 2629 } else { 2630 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2631 2632 if (wstat == &(sc->wcid_stats[0]) || 2633 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2634 goto fail; 2635 2636 txcnt = (*wstat)[RUN_TXCNT]; 2637 success = (*wstat)[RUN_SUCCESS]; 2638 retrycnt = (*wstat)[RUN_RETRY]; 2639 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2640 retrycnt, txcnt, success); 2641 2642 memset(wstat, 0, sizeof(*wstat)); 2643 } 2644 2645 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2646 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2647 2648fail: 2649 RUN_UNLOCK(sc); 2650 2651 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2652} 2653 2654static void 2655run_newassoc_cb(void *arg) 2656{ 2657 struct run_cmdq *cmdq = arg; 2658 struct ieee80211_node *ni = cmdq->arg1; 2659 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2660 uint8_t wcid = cmdq->wcid; 2661 2662 RUN_LOCK_ASSERT(sc, MA_OWNED); 2663 2664 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2665 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2666 2667 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2668} 2669 2670static void 2671run_newassoc(struct ieee80211_node *ni, int isnew) 2672{ 2673 struct run_node *rn = (void *)ni; 2674 struct ieee80211_rateset *rs = &ni->ni_rates; 2675 struct ieee80211vap *vap = ni->ni_vap; 2676 struct ieee80211com *ic = vap->iv_ic; 2677 struct run_softc *sc = ic->ic_ifp->if_softc; 2678 uint8_t rate; 2679 uint8_t ridx; 2680 uint8_t wcid; 2681 int i, j; 2682 2683 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2684 1 : RUN_AID2WCID(ni->ni_associd); 2685 2686 if (wcid > RT2870_WCID_MAX) { 2687 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2688 return; 2689 } 2690 2691 /* only interested in true associations */ 2692 if (isnew && ni->ni_associd != 0) { 2693 2694 /* 2695 * This function could is called though timeout function. 2696 * Need to defer. 2697 */ 2698 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2699 DPRINTF("cmdq_store=%d\n", cnt); 2700 sc->cmdq[cnt].func = run_newassoc_cb; 2701 sc->cmdq[cnt].arg0 = NULL; 2702 sc->cmdq[cnt].arg1 = ni; 2703 sc->cmdq[cnt].wcid = wcid; 2704 ieee80211_runtask(ic, &sc->cmdq_task); 2705 } 2706 2707 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2708 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2709 2710 for (i = 0; i < rs->rs_nrates; i++) { 2711 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2712 /* convert 802.11 rate to hardware rate index */ 2713 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2714 if (rt2860_rates[ridx].rate == rate) 2715 break; 2716 rn->ridx[i] = ridx; 2717 /* determine rate of control response frames */ 2718 for (j = i; j >= 0; j--) { 2719 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2720 rt2860_rates[rn->ridx[i]].phy == 2721 rt2860_rates[rn->ridx[j]].phy) 2722 break; 2723 } 2724 if (j >= 0) { 2725 rn->ctl_ridx[i] = rn->ridx[j]; 2726 } else { 2727 /* no basic rate found, use mandatory one */ 2728 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2729 } 2730 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2731 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2732 } 2733 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2734 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2735 if (rt2860_rates[ridx].rate == rate) 2736 break; 2737 rn->mgt_ridx = ridx; 2738 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2739 2740 RUN_LOCK(sc); 2741 if(sc->ratectl_run != RUN_RATECTL_OFF) 2742 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2743 RUN_UNLOCK(sc); 2744} 2745 2746/* 2747 * Return the Rx chain with the highest RSSI for a given frame. 2748 */ 2749static __inline uint8_t 2750run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2751{ 2752 uint8_t rxchain = 0; 2753 2754 if (sc->nrxchains > 1) { 2755 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2756 rxchain = 1; 2757 if (sc->nrxchains > 2) 2758 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2759 rxchain = 2; 2760 } 2761 return (rxchain); 2762} 2763 2764static void 2765run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2766{ 2767 struct ifnet *ifp = sc->sc_ifp; 2768 struct ieee80211com *ic = ifp->if_l2com; 2769 struct ieee80211_frame *wh; 2770 struct ieee80211_node *ni; 2771 struct rt2870_rxd *rxd; 2772 struct rt2860_rxwi *rxwi; 2773 uint32_t flags; 2774 uint16_t len, rxwisize; 2775 uint8_t ant, rssi; 2776 int8_t nf; 2777 2778 rxwi = mtod(m, struct rt2860_rxwi *); 2779 len = le16toh(rxwi->len) & 0xfff; 2780 rxwisize = sizeof(struct rt2860_rxwi); 2781 if (sc->mac_ver == 0x5592) 2782 rxwisize += sizeof(uint64_t); 2783 else if (sc->mac_ver == 0x3593) 2784 rxwisize += sizeof(uint32_t); 2785 if (__predict_false(len > dmalen)) { 2786 m_freem(m); 2787 ifp->if_ierrors++; 2788 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2789 return; 2790 } 2791 /* Rx descriptor is located at the end */ 2792 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2793 flags = le32toh(rxd->flags); 2794 2795 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2796 m_freem(m); 2797 ifp->if_ierrors++; 2798 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2799 return; 2800 } 2801 2802 m->m_data += rxwisize; 2803 m->m_pkthdr.len = m->m_len -= rxwisize; 2804 2805 wh = mtod(m, struct ieee80211_frame *); 2806 2807 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2808 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2809 m->m_flags |= M_WEP; 2810 } 2811 2812 if (flags & RT2860_RX_L2PAD) { 2813 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2814 len += 2; 2815 } 2816 2817 ni = ieee80211_find_rxnode(ic, 2818 mtod(m, struct ieee80211_frame_min *)); 2819 2820 if (__predict_false(flags & RT2860_RX_MICERR)) { 2821 /* report MIC failures to net80211 for TKIP */ 2822 if (ni != NULL) 2823 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2824 rxwi->keyidx); 2825 m_freem(m); 2826 ifp->if_ierrors++; 2827 DPRINTF("MIC error. Someone is lying.\n"); 2828 return; 2829 } 2830 2831 ant = run_maxrssi_chain(sc, rxwi); 2832 rssi = rxwi->rssi[ant]; 2833 nf = run_rssi2dbm(sc, rssi, ant); 2834 2835 m->m_pkthdr.rcvif = ifp; 2836 m->m_pkthdr.len = m->m_len = len; 2837 2838 if (ni != NULL) { 2839 (void)ieee80211_input(ni, m, rssi, nf); 2840 ieee80211_free_node(ni); 2841 } else { 2842 (void)ieee80211_input_all(ic, m, rssi, nf); 2843 } 2844 2845 if (__predict_false(ieee80211_radiotap_active(ic))) { 2846 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2847 uint16_t phy; 2848 2849 tap->wr_flags = 0; 2850 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2851 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2852 tap->wr_antsignal = rssi; 2853 tap->wr_antenna = ant; 2854 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2855 tap->wr_rate = 2; /* in case it can't be found below */ 2856 phy = le16toh(rxwi->phy); 2857 switch (phy & RT2860_PHY_MODE) { 2858 case RT2860_PHY_CCK: 2859 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2860 case 0: tap->wr_rate = 2; break; 2861 case 1: tap->wr_rate = 4; break; 2862 case 2: tap->wr_rate = 11; break; 2863 case 3: tap->wr_rate = 22; break; 2864 } 2865 if (phy & RT2860_PHY_SHPRE) 2866 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2867 break; 2868 case RT2860_PHY_OFDM: 2869 switch (phy & RT2860_PHY_MCS) { 2870 case 0: tap->wr_rate = 12; break; 2871 case 1: tap->wr_rate = 18; break; 2872 case 2: tap->wr_rate = 24; break; 2873 case 3: tap->wr_rate = 36; break; 2874 case 4: tap->wr_rate = 48; break; 2875 case 5: tap->wr_rate = 72; break; 2876 case 6: tap->wr_rate = 96; break; 2877 case 7: tap->wr_rate = 108; break; 2878 } 2879 break; 2880 } 2881 } 2882} 2883 2884static void 2885run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2886{ 2887 struct run_softc *sc = usbd_xfer_softc(xfer); 2888 struct ifnet *ifp = sc->sc_ifp; 2889 struct mbuf *m = NULL; 2890 struct mbuf *m0; 2891 uint32_t dmalen; 2892 uint16_t rxwisize; 2893 int xferlen; 2894 2895 rxwisize = sizeof(struct rt2860_rxwi); 2896 if (sc->mac_ver == 0x5592) 2897 rxwisize += sizeof(uint64_t); 2898 else if (sc->mac_ver == 0x3593) 2899 rxwisize += sizeof(uint32_t); 2900 2901 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2902 2903 switch (USB_GET_STATE(xfer)) { 2904 case USB_ST_TRANSFERRED: 2905 2906 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2907 2908 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2909 sizeof(struct rt2870_rxd))) { 2910 DPRINTF("xfer too short %d\n", xferlen); 2911 goto tr_setup; 2912 } 2913 2914 m = sc->rx_m; 2915 sc->rx_m = NULL; 2916 2917 /* FALLTHROUGH */ 2918 case USB_ST_SETUP: 2919tr_setup: 2920 if (sc->rx_m == NULL) { 2921 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2922 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2923 } 2924 if (sc->rx_m == NULL) { 2925 DPRINTF("could not allocate mbuf - idle with stall\n"); 2926 ifp->if_ierrors++; 2927 usbd_xfer_set_stall(xfer); 2928 usbd_xfer_set_frames(xfer, 0); 2929 } else { 2930 /* 2931 * Directly loading a mbuf cluster into DMA to 2932 * save some data copying. This works because 2933 * there is only one cluster. 2934 */ 2935 usbd_xfer_set_frame_data(xfer, 0, 2936 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2937 usbd_xfer_set_frames(xfer, 1); 2938 } 2939 usbd_transfer_submit(xfer); 2940 break; 2941 2942 default: /* Error */ 2943 if (error != USB_ERR_CANCELLED) { 2944 /* try to clear stall first */ 2945 usbd_xfer_set_stall(xfer); 2946 2947 if (error == USB_ERR_TIMEOUT) 2948 device_printf(sc->sc_dev, "device timeout\n"); 2949 2950 ifp->if_ierrors++; 2951 2952 goto tr_setup; 2953 } 2954 if (sc->rx_m != NULL) { 2955 m_freem(sc->rx_m); 2956 sc->rx_m = NULL; 2957 } 2958 break; 2959 } 2960 2961 if (m == NULL) 2962 return; 2963 2964 /* inputting all the frames must be last */ 2965 2966 RUN_UNLOCK(sc); 2967 2968 m->m_pkthdr.len = m->m_len = xferlen; 2969 2970 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2971 for(;;) { 2972 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2973 2974 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2975 ((dmalen & 3) != 0)) { 2976 DPRINTF("bad DMA length %u\n", dmalen); 2977 break; 2978 } 2979 if ((dmalen + 8) > (uint32_t)xferlen) { 2980 DPRINTF("bad DMA length %u > %d\n", 2981 dmalen + 8, xferlen); 2982 break; 2983 } 2984 2985 /* If it is the last one or a single frame, we won't copy. */ 2986 if ((xferlen -= dmalen + 8) <= 8) { 2987 /* trim 32-bit DMA-len header */ 2988 m->m_data += 4; 2989 m->m_pkthdr.len = m->m_len -= 4; 2990 run_rx_frame(sc, m, dmalen); 2991 m = NULL; /* don't free source buffer */ 2992 break; 2993 } 2994 2995 /* copy aggregated frames to another mbuf */ 2996 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2997 if (__predict_false(m0 == NULL)) { 2998 DPRINTF("could not allocate mbuf\n"); 2999 ifp->if_ierrors++; 3000 break; 3001 } 3002 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3003 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3004 m0->m_pkthdr.len = m0->m_len = 3005 dmalen + sizeof(struct rt2870_rxd); 3006 run_rx_frame(sc, m0, dmalen); 3007 3008 /* update data ptr */ 3009 m->m_data += dmalen + 8; 3010 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3011 } 3012 3013 /* make sure we free the source buffer, if any */ 3014 m_freem(m); 3015 3016 RUN_LOCK(sc); 3017} 3018 3019static void 3020run_tx_free(struct run_endpoint_queue *pq, 3021 struct run_tx_data *data, int txerr) 3022{ 3023 if (data->m != NULL) { 3024 if (data->m->m_flags & M_TXCB) 3025 ieee80211_process_callback(data->ni, data->m, 3026 txerr ? ETIMEDOUT : 0); 3027 m_freem(data->m); 3028 data->m = NULL; 3029 3030 if (data->ni == NULL) { 3031 DPRINTF("no node\n"); 3032 } else { 3033 ieee80211_free_node(data->ni); 3034 data->ni = NULL; 3035 } 3036 } 3037 3038 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3039 pq->tx_nfree++; 3040} 3041 3042static void 3043run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3044{ 3045 struct run_softc *sc = usbd_xfer_softc(xfer); 3046 struct ifnet *ifp = sc->sc_ifp; 3047 struct ieee80211com *ic = ifp->if_l2com; 3048 struct run_tx_data *data; 3049 struct ieee80211vap *vap = NULL; 3050 struct usb_page_cache *pc; 3051 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3052 struct mbuf *m; 3053 usb_frlength_t size; 3054 int actlen; 3055 int sumlen; 3056 3057 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3058 3059 switch (USB_GET_STATE(xfer)) { 3060 case USB_ST_TRANSFERRED: 3061 DPRINTFN(11, "transfer complete: %d " 3062 "bytes @ index %d\n", actlen, index); 3063 3064 data = usbd_xfer_get_priv(xfer); 3065 3066 run_tx_free(pq, data, 0); 3067 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 3068 3069 usbd_xfer_set_priv(xfer, NULL); 3070 3071 ifp->if_opackets++; 3072 3073 /* FALLTHROUGH */ 3074 case USB_ST_SETUP: 3075tr_setup: 3076 data = STAILQ_FIRST(&pq->tx_qh); 3077 if (data == NULL) 3078 break; 3079 3080 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3081 3082 m = data->m; 3083 size = (sc->mac_ver == 0x5592) ? 3084 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3085 if ((m->m_pkthdr.len + 3086 size + 3 + 8) > RUN_MAX_TXSZ) { 3087 DPRINTF("data overflow, %u bytes\n", 3088 m->m_pkthdr.len); 3089 3090 ifp->if_oerrors++; 3091 3092 run_tx_free(pq, data, 1); 3093 3094 goto tr_setup; 3095 } 3096 3097 pc = usbd_xfer_get_frame(xfer, 0); 3098 usbd_copy_in(pc, 0, &data->desc, size); 3099 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3100 size += m->m_pkthdr.len; 3101 /* 3102 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3103 * 4-byte padding), and be sure to zero those trailing 3104 * bytes: 3105 */ 3106 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3107 size += ((-size) & 3) + 8; 3108 3109 vap = data->ni->ni_vap; 3110 if (ieee80211_radiotap_active_vap(vap)) { 3111 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3112 struct rt2860_txwi *txwi = 3113 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3114 tap->wt_flags = 0; 3115 tap->wt_rate = rt2860_rates[data->ridx].rate; 3116 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3117 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3118 tap->wt_hwqueue = index; 3119 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3120 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3121 3122 ieee80211_radiotap_tx(vap, m); 3123 } 3124 3125 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3126 m->m_pkthdr.len, size, index); 3127 3128 usbd_xfer_set_frame_len(xfer, 0, size); 3129 usbd_xfer_set_priv(xfer, data); 3130 3131 usbd_transfer_submit(xfer); 3132 3133 RUN_UNLOCK(sc); 3134 run_start(ifp); 3135 RUN_LOCK(sc); 3136 3137 break; 3138 3139 default: 3140 DPRINTF("USB transfer error, %s\n", 3141 usbd_errstr(error)); 3142 3143 data = usbd_xfer_get_priv(xfer); 3144 3145 ifp->if_oerrors++; 3146 3147 if (data != NULL) { 3148 if(data->ni != NULL) 3149 vap = data->ni->ni_vap; 3150 run_tx_free(pq, data, error); 3151 usbd_xfer_set_priv(xfer, NULL); 3152 } 3153 if (vap == NULL) 3154 vap = TAILQ_FIRST(&ic->ic_vaps); 3155 3156 if (error != USB_ERR_CANCELLED) { 3157 if (error == USB_ERR_TIMEOUT) { 3158 device_printf(sc->sc_dev, "device timeout\n"); 3159 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3160 DPRINTF("cmdq_store=%d\n", i); 3161 sc->cmdq[i].func = run_usb_timeout_cb; 3162 sc->cmdq[i].arg0 = vap; 3163 ieee80211_runtask(ic, &sc->cmdq_task); 3164 } 3165 3166 /* 3167 * Try to clear stall first, also if other 3168 * errors occur, hence clearing stall 3169 * introduces a 50 ms delay: 3170 */ 3171 usbd_xfer_set_stall(xfer); 3172 goto tr_setup; 3173 } 3174 break; 3175 } 3176} 3177 3178static void 3179run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3180{ 3181 run_bulk_tx_callbackN(xfer, error, 0); 3182} 3183 3184static void 3185run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3186{ 3187 run_bulk_tx_callbackN(xfer, error, 1); 3188} 3189 3190static void 3191run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3192{ 3193 run_bulk_tx_callbackN(xfer, error, 2); 3194} 3195 3196static void 3197run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3198{ 3199 run_bulk_tx_callbackN(xfer, error, 3); 3200} 3201 3202static void 3203run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3204{ 3205 run_bulk_tx_callbackN(xfer, error, 4); 3206} 3207 3208static void 3209run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3210{ 3211 run_bulk_tx_callbackN(xfer, error, 5); 3212} 3213 3214static void 3215run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3216{ 3217 struct mbuf *m = data->m; 3218 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3219 struct ieee80211vap *vap = data->ni->ni_vap; 3220 struct ieee80211_frame *wh; 3221 struct rt2870_txd *txd; 3222 struct rt2860_txwi *txwi; 3223 uint16_t xferlen, txwisize; 3224 uint16_t mcs; 3225 uint8_t ridx = data->ridx; 3226 uint8_t pad; 3227 3228 /* get MCS code from rate index */ 3229 mcs = rt2860_rates[ridx].mcs; 3230 3231 txwisize = (sc->mac_ver == 0x5592) ? 3232 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3233 xferlen = txwisize + m->m_pkthdr.len; 3234 3235 /* roundup to 32-bit alignment */ 3236 xferlen = (xferlen + 3) & ~3; 3237 3238 txd = (struct rt2870_txd *)&data->desc; 3239 txd->len = htole16(xferlen); 3240 3241 wh = mtod(m, struct ieee80211_frame *); 3242 3243 /* 3244 * Ether both are true or both are false, the header 3245 * are nicely aligned to 32-bit. So, no L2 padding. 3246 */ 3247 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3248 pad = 0; 3249 else 3250 pad = 2; 3251 3252 /* setup TX Wireless Information */ 3253 txwi = (struct rt2860_txwi *)(txd + 1); 3254 txwi->len = htole16(m->m_pkthdr.len - pad); 3255 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3256 mcs |= RT2860_PHY_CCK; 3257 if (ridx != RT2860_RIDX_CCK1 && 3258 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3259 mcs |= RT2860_PHY_SHPRE; 3260 } else 3261 mcs |= RT2860_PHY_OFDM; 3262 txwi->phy = htole16(mcs); 3263 3264 /* check if RTS/CTS or CTS-to-self protection is required */ 3265 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3266 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3267 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3268 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3269 txwi->txop |= RT2860_TX_TXOP_HT; 3270 else 3271 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3272 3273 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3274 txwi->xflags |= RT2860_TX_NSEQ; 3275} 3276 3277/* This function must be called locked */ 3278static int 3279run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3280{ 3281 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3282 struct ieee80211vap *vap = ni->ni_vap; 3283 struct ieee80211_frame *wh; 3284 struct ieee80211_channel *chan; 3285 const struct ieee80211_txparam *tp; 3286 struct run_node *rn = (void *)ni; 3287 struct run_tx_data *data; 3288 struct rt2870_txd *txd; 3289 struct rt2860_txwi *txwi; 3290 uint16_t qos; 3291 uint16_t dur; 3292 uint16_t qid; 3293 uint8_t type; 3294 uint8_t tid; 3295 uint8_t ridx; 3296 uint8_t ctl_ridx; 3297 uint8_t qflags; 3298 uint8_t xflags = 0; 3299 int hasqos; 3300 3301 RUN_LOCK_ASSERT(sc, MA_OWNED); 3302 3303 wh = mtod(m, struct ieee80211_frame *); 3304 3305 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3306 3307 /* 3308 * There are 7 bulk endpoints: 1 for RX 3309 * and 6 for TX (4 EDCAs + HCCA + Prio). 3310 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3311 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3312 */ 3313 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3314 uint8_t *frm; 3315 3316 if(IEEE80211_HAS_ADDR4(wh)) 3317 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3318 else 3319 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3320 3321 qos = le16toh(*(const uint16_t *)frm); 3322 tid = qos & IEEE80211_QOS_TID; 3323 qid = TID_TO_WME_AC(tid); 3324 } else { 3325 qos = 0; 3326 tid = 0; 3327 qid = WME_AC_BE; 3328 } 3329 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3330 3331 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3332 qos, qid, tid, qflags); 3333 3334 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3335 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3336 3337 /* pickup a rate index */ 3338 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3339 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3340 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3341 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3342 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3343 } else { 3344 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3345 ridx = rn->fix_ridx; 3346 else 3347 ridx = rn->amrr_ridx; 3348 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3349 } 3350 3351 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3352 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3353 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3354 xflags |= RT2860_TX_ACK; 3355 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3356 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3357 else 3358 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3359 USETW(wh->i_dur, dur); 3360 } 3361 3362 /* reserve slots for mgmt packets, just in case */ 3363 if (sc->sc_epq[qid].tx_nfree < 3) { 3364 DPRINTFN(10, "tx ring %d is full\n", qid); 3365 return (-1); 3366 } 3367 3368 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3369 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3370 sc->sc_epq[qid].tx_nfree--; 3371 3372 txd = (struct rt2870_txd *)&data->desc; 3373 txd->flags = qflags; 3374 txwi = (struct rt2860_txwi *)(txd + 1); 3375 txwi->xflags = xflags; 3376 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3377 txwi->wcid = 0; 3378 else 3379 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3380 1 : RUN_AID2WCID(ni->ni_associd); 3381 3382 /* clear leftover garbage bits */ 3383 txwi->flags = 0; 3384 txwi->txop = 0; 3385 3386 data->m = m; 3387 data->ni = ni; 3388 data->ridx = ridx; 3389 3390 run_set_tx_desc(sc, data); 3391 3392 /* 3393 * The chip keeps track of 2 kind of Tx stats, 3394 * * TX_STAT_FIFO, for per WCID stats, and 3395 * * TX_STA_CNT0 for all-TX-in-one stats. 3396 * 3397 * To use FIFO stats, we need to store MCS into the driver-private 3398 * PacketID field. So that, we can tell whose stats when we read them. 3399 * We add 1 to the MCS because setting the PacketID field to 0 means 3400 * that we don't want feedback in TX_STAT_FIFO. 3401 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3402 * 3403 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3404 */ 3405 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3406 vap->iv_opmode == IEEE80211_M_MBSS) { 3407 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3408 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3409 3410 /* 3411 * Unlike PCI based devices, we don't get any interrupt from 3412 * USB devices, so we simulate FIFO-is-full interrupt here. 3413 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3414 * quickly get fulled. To prevent overflow, increment a counter on 3415 * every FIFO stat request, so we know how many slots are left. 3416 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3417 * are used only in those modes. 3418 * We just drain stats. AMRR gets updated every 1 sec by 3419 * run_ratectl_cb() via callout. 3420 * Call it early. Otherwise overflow. 3421 */ 3422 if (sc->fifo_cnt++ == 10) { 3423 /* 3424 * With multiple vaps or if_bridge, if_start() is called 3425 * with a non-sleepable lock, tcpinp. So, need to defer. 3426 */ 3427 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3428 DPRINTFN(6, "cmdq_store=%d\n", i); 3429 sc->cmdq[i].func = run_drain_fifo; 3430 sc->cmdq[i].arg0 = sc; 3431 ieee80211_runtask(ic, &sc->cmdq_task); 3432 } 3433 } 3434 3435 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3436 3437 usbd_transfer_start(sc->sc_xfer[qid]); 3438 3439 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3440 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3441 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3442 3443 return (0); 3444} 3445 3446static int 3447run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3448{ 3449 struct ifnet *ifp = sc->sc_ifp; 3450 struct ieee80211com *ic = ifp->if_l2com; 3451 struct run_node *rn = (void *)ni; 3452 struct run_tx_data *data; 3453 struct ieee80211_frame *wh; 3454 struct rt2870_txd *txd; 3455 struct rt2860_txwi *txwi; 3456 uint16_t dur; 3457 uint8_t ridx = rn->mgt_ridx; 3458 uint8_t type; 3459 uint8_t xflags = 0; 3460 uint8_t wflags = 0; 3461 3462 RUN_LOCK_ASSERT(sc, MA_OWNED); 3463 3464 wh = mtod(m, struct ieee80211_frame *); 3465 3466 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3467 3468 /* tell hardware to add timestamp for probe responses */ 3469 if ((wh->i_fc[0] & 3470 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3471 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3472 wflags |= RT2860_TX_TS; 3473 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3474 xflags |= RT2860_TX_ACK; 3475 3476 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3477 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3478 USETW(wh->i_dur, dur); 3479 } 3480 3481 if (sc->sc_epq[0].tx_nfree == 0) { 3482 /* let caller free mbuf */ 3483 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3484 return (EIO); 3485 } 3486 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3487 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3488 sc->sc_epq[0].tx_nfree--; 3489 3490 txd = (struct rt2870_txd *)&data->desc; 3491 txd->flags = RT2860_TX_QSEL_EDCA; 3492 txwi = (struct rt2860_txwi *)(txd + 1); 3493 txwi->wcid = 0xff; 3494 txwi->flags = wflags; 3495 txwi->xflags = xflags; 3496 txwi->txop = 0; /* clear leftover garbage bits */ 3497 3498 data->m = m; 3499 data->ni = ni; 3500 data->ridx = ridx; 3501 3502 run_set_tx_desc(sc, data); 3503 3504 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3505 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3506 rt2860_rates[ridx].rate); 3507 3508 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3509 3510 usbd_transfer_start(sc->sc_xfer[0]); 3511 3512 return (0); 3513} 3514 3515static int 3516run_sendprot(struct run_softc *sc, 3517 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3518{ 3519 struct ieee80211com *ic = ni->ni_ic; 3520 struct ieee80211_frame *wh; 3521 struct run_tx_data *data; 3522 struct rt2870_txd *txd; 3523 struct rt2860_txwi *txwi; 3524 struct mbuf *mprot; 3525 int ridx; 3526 int protrate; 3527 int ackrate; 3528 int pktlen; 3529 int isshort; 3530 uint16_t dur; 3531 uint8_t type; 3532 uint8_t wflags = 0; 3533 uint8_t xflags = 0; 3534 3535 RUN_LOCK_ASSERT(sc, MA_OWNED); 3536 3537 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3538 ("protection %d", prot)); 3539 3540 wh = mtod(m, struct ieee80211_frame *); 3541 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3542 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3543 3544 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3545 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3546 3547 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3548 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3549 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3550 wflags = RT2860_TX_FRAG; 3551 3552 /* check that there are free slots before allocating the mbuf */ 3553 if (sc->sc_epq[0].tx_nfree == 0) { 3554 /* let caller free mbuf */ 3555 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3556 return (ENOBUFS); 3557 } 3558 3559 if (prot == IEEE80211_PROT_RTSCTS) { 3560 /* NB: CTS is the same size as an ACK */ 3561 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3562 xflags |= RT2860_TX_ACK; 3563 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3564 } else { 3565 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3566 } 3567 if (mprot == NULL) { 3568 sc->sc_ifp->if_oerrors++; 3569 DPRINTF("could not allocate mbuf\n"); 3570 return (ENOBUFS); 3571 } 3572 3573 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3574 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3575 sc->sc_epq[0].tx_nfree--; 3576 3577 txd = (struct rt2870_txd *)&data->desc; 3578 txd->flags = RT2860_TX_QSEL_EDCA; 3579 txwi = (struct rt2860_txwi *)(txd + 1); 3580 txwi->wcid = 0xff; 3581 txwi->flags = wflags; 3582 txwi->xflags = xflags; 3583 txwi->txop = 0; /* clear leftover garbage bits */ 3584 3585 data->m = mprot; 3586 data->ni = ieee80211_ref_node(ni); 3587 3588 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3589 if (rt2860_rates[ridx].rate == protrate) 3590 break; 3591 data->ridx = ridx; 3592 3593 run_set_tx_desc(sc, data); 3594 3595 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3596 m->m_pkthdr.len, rate); 3597 3598 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3599 3600 usbd_transfer_start(sc->sc_xfer[0]); 3601 3602 return (0); 3603} 3604 3605static int 3606run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3607 const struct ieee80211_bpf_params *params) 3608{ 3609 struct ieee80211com *ic = ni->ni_ic; 3610 struct ieee80211_frame *wh; 3611 struct run_tx_data *data; 3612 struct rt2870_txd *txd; 3613 struct rt2860_txwi *txwi; 3614 uint8_t type; 3615 uint8_t ridx; 3616 uint8_t rate; 3617 uint8_t opflags = 0; 3618 uint8_t xflags = 0; 3619 int error; 3620 3621 RUN_LOCK_ASSERT(sc, MA_OWNED); 3622 3623 KASSERT(params != NULL, ("no raw xmit params")); 3624 3625 wh = mtod(m, struct ieee80211_frame *); 3626 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3627 3628 rate = params->ibp_rate0; 3629 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3630 /* let caller free mbuf */ 3631 return (EINVAL); 3632 } 3633 3634 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3635 xflags |= RT2860_TX_ACK; 3636 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3637 error = run_sendprot(sc, m, ni, 3638 params->ibp_flags & IEEE80211_BPF_RTS ? 3639 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3640 rate); 3641 if (error) { 3642 /* let caller free mbuf */ 3643 return error; 3644 } 3645 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3646 } 3647 3648 if (sc->sc_epq[0].tx_nfree == 0) { 3649 /* let caller free mbuf */ 3650 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3651 DPRINTF("sending raw frame, but tx ring is full\n"); 3652 return (EIO); 3653 } 3654 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3655 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3656 sc->sc_epq[0].tx_nfree--; 3657 3658 txd = (struct rt2870_txd *)&data->desc; 3659 txd->flags = RT2860_TX_QSEL_EDCA; 3660 txwi = (struct rt2860_txwi *)(txd + 1); 3661 txwi->wcid = 0xff; 3662 txwi->xflags = xflags; 3663 txwi->txop = opflags; 3664 txwi->flags = 0; /* clear leftover garbage bits */ 3665 3666 data->m = m; 3667 data->ni = ni; 3668 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3669 if (rt2860_rates[ridx].rate == rate) 3670 break; 3671 data->ridx = ridx; 3672 3673 run_set_tx_desc(sc, data); 3674 3675 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3676 m->m_pkthdr.len, rate); 3677 3678 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3679 3680 usbd_transfer_start(sc->sc_xfer[0]); 3681 3682 return (0); 3683} 3684 3685static int 3686run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3687 const struct ieee80211_bpf_params *params) 3688{ 3689 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3690 struct run_softc *sc = ifp->if_softc; 3691 int error = 0; 3692 3693 RUN_LOCK(sc); 3694 3695 /* prevent management frames from being sent if we're not ready */ 3696 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3697 error = ENETDOWN; 3698 goto done; 3699 } 3700 3701 if (params == NULL) { 3702 /* tx mgt packet */ 3703 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3704 ifp->if_oerrors++; 3705 DPRINTF("mgt tx failed\n"); 3706 goto done; 3707 } 3708 } else { 3709 /* tx raw packet with param */ 3710 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3711 ifp->if_oerrors++; 3712 DPRINTF("tx with param failed\n"); 3713 goto done; 3714 } 3715 } 3716 3717 ifp->if_opackets++; 3718 3719done: 3720 RUN_UNLOCK(sc); 3721 3722 if (error != 0) { 3723 if(m != NULL) 3724 m_freem(m); 3725 ieee80211_free_node(ni); 3726 } 3727 3728 return (error); 3729} 3730 3731static void 3732run_start(struct ifnet *ifp) 3733{ 3734 struct run_softc *sc = ifp->if_softc; 3735 struct ieee80211_node *ni; 3736 struct mbuf *m; 3737 3738 RUN_LOCK(sc); 3739 3740 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3741 RUN_UNLOCK(sc); 3742 return; 3743 } 3744 3745 for (;;) { 3746 /* send data frames */ 3747 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3748 if (m == NULL) 3749 break; 3750 3751 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3752 if (run_tx(sc, m, ni) != 0) { 3753 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3754 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3755 break; 3756 } 3757 } 3758 3759 RUN_UNLOCK(sc); 3760} 3761 3762static int 3763run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3764{ 3765 struct run_softc *sc = ifp->if_softc; 3766 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3767 struct ifreq *ifr = (struct ifreq *) data; 3768 int startall = 0; 3769 int error; 3770 3771 RUN_LOCK(sc); 3772 error = sc->sc_detached ? ENXIO : 0; 3773 RUN_UNLOCK(sc); 3774 if (error) 3775 return (error); 3776 3777 switch (cmd) { 3778 case SIOCSIFFLAGS: 3779 RUN_LOCK(sc); 3780 if (ifp->if_flags & IFF_UP) { 3781 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3782 startall = 1; 3783 run_init_locked(sc); 3784 } else 3785 run_update_promisc_locked(ifp); 3786 } else { 3787 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3788 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3789 run_stop(sc); 3790 } 3791 } 3792 RUN_UNLOCK(sc); 3793 if (startall) 3794 ieee80211_start_all(ic); 3795 break; 3796 case SIOCGIFMEDIA: 3797 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3798 break; 3799 case SIOCGIFADDR: 3800 error = ether_ioctl(ifp, cmd, data); 3801 break; 3802 default: 3803 error = EINVAL; 3804 break; 3805 } 3806 3807 return (error); 3808} 3809 3810static void 3811run_iq_calib(struct run_softc *sc, u_int chan) 3812{ 3813 uint16_t val; 3814 3815 /* Tx0 IQ gain. */ 3816 run_bbp_write(sc, 158, 0x2c); 3817 if (chan <= 14) 3818 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3819 else if (chan <= 64) { 3820 run_efuse_read(sc, 3821 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3822 &val, 1); 3823 } else if (chan <= 138) { 3824 run_efuse_read(sc, 3825 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3826 &val, 1); 3827 } else if (chan <= 165) { 3828 run_efuse_read(sc, 3829 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3830 &val, 1); 3831 } else 3832 val = 0; 3833 run_bbp_write(sc, 159, val); 3834 3835 /* Tx0 IQ phase. */ 3836 run_bbp_write(sc, 158, 0x2d); 3837 if (chan <= 14) { 3838 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3839 &val, 1); 3840 } else if (chan <= 64) { 3841 run_efuse_read(sc, 3842 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3843 &val, 1); 3844 } else if (chan <= 138) { 3845 run_efuse_read(sc, 3846 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3847 &val, 1); 3848 } else if (chan <= 165) { 3849 run_efuse_read(sc, 3850 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3851 &val, 1); 3852 } else 3853 val = 0; 3854 run_bbp_write(sc, 159, val); 3855 3856 /* Tx1 IQ gain. */ 3857 run_bbp_write(sc, 158, 0x4a); 3858 if (chan <= 14) { 3859 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3860 &val, 1); 3861 } else if (chan <= 64) { 3862 run_efuse_read(sc, 3863 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3864 &val, 1); 3865 } else if (chan <= 138) { 3866 run_efuse_read(sc, 3867 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3868 &val, 1); 3869 } else if (chan <= 165) { 3870 run_efuse_read(sc, 3871 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3872 &val, 1); 3873 } else 3874 val = 0; 3875 run_bbp_write(sc, 159, val); 3876 3877 /* Tx1 IQ phase. */ 3878 run_bbp_write(sc, 158, 0x4b); 3879 if (chan <= 14) { 3880 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3881 &val, 1); 3882 } else if (chan <= 64) { 3883 run_efuse_read(sc, 3884 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3885 &val, 1); 3886 } else if (chan <= 138) { 3887 run_efuse_read(sc, 3888 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3889 &val, 1); 3890 } else if (chan <= 165) { 3891 run_efuse_read(sc, 3892 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3893 &val, 1); 3894 } else 3895 val = 0; 3896 run_bbp_write(sc, 159, val); 3897 3898 /* RF IQ compensation control. */ 3899 run_bbp_write(sc, 158, 0x04); 3900 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3901 &val, 1); 3902 run_bbp_write(sc, 159, val); 3903 3904 /* RF IQ imbalance compensation control. */ 3905 run_bbp_write(sc, 158, 0x03); 3906 run_efuse_read(sc, 3907 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3908 run_bbp_write(sc, 159, val); 3909} 3910 3911static void 3912run_set_agc(struct run_softc *sc, uint8_t agc) 3913{ 3914 uint8_t bbp; 3915 3916 if (sc->mac_ver == 0x3572) { 3917 run_bbp_read(sc, 27, &bbp); 3918 bbp &= ~(0x3 << 5); 3919 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3920 run_bbp_write(sc, 66, agc); 3921 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3922 run_bbp_write(sc, 66, agc); 3923 } else 3924 run_bbp_write(sc, 66, agc); 3925} 3926 3927static void 3928run_select_chan_group(struct run_softc *sc, int group) 3929{ 3930 uint32_t tmp; 3931 uint8_t agc; 3932 3933 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3934 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3935 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3936 if (sc->mac_ver < 0x3572) 3937 run_bbp_write(sc, 86, 0x00); 3938 3939 if (sc->mac_ver == 0x3593) { 3940 run_bbp_write(sc, 77, 0x98); 3941 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3942 } 3943 3944 if (group == 0) { 3945 if (sc->ext_2ghz_lna) { 3946 if (sc->mac_ver >= 0x5390) 3947 run_bbp_write(sc, 75, 0x52); 3948 else { 3949 run_bbp_write(sc, 82, 0x62); 3950 run_bbp_write(sc, 75, 0x46); 3951 } 3952 } else { 3953 if (sc->mac_ver == 0x5592) { 3954 run_bbp_write(sc, 79, 0x1c); 3955 run_bbp_write(sc, 80, 0x0e); 3956 run_bbp_write(sc, 81, 0x3a); 3957 run_bbp_write(sc, 82, 0x62); 3958 3959 run_bbp_write(sc, 195, 0x80); 3960 run_bbp_write(sc, 196, 0xe0); 3961 run_bbp_write(sc, 195, 0x81); 3962 run_bbp_write(sc, 196, 0x1f); 3963 run_bbp_write(sc, 195, 0x82); 3964 run_bbp_write(sc, 196, 0x38); 3965 run_bbp_write(sc, 195, 0x83); 3966 run_bbp_write(sc, 196, 0x32); 3967 run_bbp_write(sc, 195, 0x85); 3968 run_bbp_write(sc, 196, 0x28); 3969 run_bbp_write(sc, 195, 0x86); 3970 run_bbp_write(sc, 196, 0x19); 3971 } else if (sc->mac_ver >= 0x5390) 3972 run_bbp_write(sc, 75, 0x50); 3973 else { 3974 run_bbp_write(sc, 82, 3975 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3976 run_bbp_write(sc, 75, 0x50); 3977 } 3978 } 3979 } else { 3980 if (sc->mac_ver == 0x5592) { 3981 run_bbp_write(sc, 79, 0x18); 3982 run_bbp_write(sc, 80, 0x08); 3983 run_bbp_write(sc, 81, 0x38); 3984 run_bbp_write(sc, 82, 0x92); 3985 3986 run_bbp_write(sc, 195, 0x80); 3987 run_bbp_write(sc, 196, 0xf0); 3988 run_bbp_write(sc, 195, 0x81); 3989 run_bbp_write(sc, 196, 0x1e); 3990 run_bbp_write(sc, 195, 0x82); 3991 run_bbp_write(sc, 196, 0x28); 3992 run_bbp_write(sc, 195, 0x83); 3993 run_bbp_write(sc, 196, 0x20); 3994 run_bbp_write(sc, 195, 0x85); 3995 run_bbp_write(sc, 196, 0x7f); 3996 run_bbp_write(sc, 195, 0x86); 3997 run_bbp_write(sc, 196, 0x7f); 3998 } else if (sc->mac_ver == 0x3572) 3999 run_bbp_write(sc, 82, 0x94); 4000 else 4001 run_bbp_write(sc, 82, 4002 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4003 if (sc->ext_5ghz_lna) 4004 run_bbp_write(sc, 75, 0x46); 4005 else 4006 run_bbp_write(sc, 75, 0x50); 4007 } 4008 4009 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4010 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4011 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4012 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4013 4014 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4015 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4016 if (sc->mac_ver == 0x3593) 4017 tmp |= 1 << 29 | 1 << 28; 4018 if (sc->nrxchains > 1) 4019 tmp |= RT2860_LNA_PE1_EN; 4020 if (group == 0) { /* 2GHz */ 4021 tmp |= RT2860_PA_PE_G0_EN; 4022 if (sc->ntxchains > 1) 4023 tmp |= RT2860_PA_PE_G1_EN; 4024 if (sc->mac_ver == 0x3593) { 4025 if (sc->ntxchains > 2) 4026 tmp |= 1 << 25; 4027 } 4028 } else { /* 5GHz */ 4029 tmp |= RT2860_PA_PE_A0_EN; 4030 if (sc->ntxchains > 1) 4031 tmp |= RT2860_PA_PE_A1_EN; 4032 } 4033 if (sc->mac_ver == 0x3572) { 4034 run_rt3070_rf_write(sc, 8, 0x00); 4035 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4036 run_rt3070_rf_write(sc, 8, 0x80); 4037 } else 4038 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4039 4040 if (sc->mac_ver == 0x5592) { 4041 run_bbp_write(sc, 195, 0x8d); 4042 run_bbp_write(sc, 196, 0x1a); 4043 } 4044 4045 if (sc->mac_ver == 0x3593) { 4046 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4047 tmp &= ~0x01010000; 4048 if (group == 0) 4049 tmp |= 0x00010000; 4050 tmp = (tmp & ~0x00009090) | 0x00000090; 4051 run_write(sc, RT2860_GPIO_CTRL, tmp); 4052 } 4053 4054 /* set initial AGC value */ 4055 if (group == 0) { /* 2GHz band */ 4056 if (sc->mac_ver >= 0x3070) 4057 agc = 0x1c + sc->lna[0] * 2; 4058 else 4059 agc = 0x2e + sc->lna[0]; 4060 } else { /* 5GHz band */ 4061 if (sc->mac_ver == 0x5592) 4062 agc = 0x24 + sc->lna[group] * 2; 4063 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4064 agc = 0x22 + (sc->lna[group] * 5) / 3; 4065 else 4066 agc = 0x32 + (sc->lna[group] * 5) / 3; 4067 } 4068 run_set_agc(sc, agc); 4069} 4070 4071static void 4072run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4073{ 4074 const struct rfprog *rfprog = rt2860_rf2850; 4075 uint32_t r2, r3, r4; 4076 int8_t txpow1, txpow2; 4077 int i; 4078 4079 /* find the settings for this channel (we know it exists) */ 4080 for (i = 0; rfprog[i].chan != chan; i++); 4081 4082 r2 = rfprog[i].r2; 4083 if (sc->ntxchains == 1) 4084 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4085 if (sc->nrxchains == 1) 4086 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4087 else if (sc->nrxchains == 2) 4088 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4089 4090 /* use Tx power values from EEPROM */ 4091 txpow1 = sc->txpow1[i]; 4092 txpow2 = sc->txpow2[i]; 4093 4094 /* Initialize RF R3 and R4. */ 4095 r3 = rfprog[i].r3 & 0xffffc1ff; 4096 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4097 if (chan > 14) { 4098 if (txpow1 >= 0) { 4099 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4100 r3 |= (txpow1 << 10) | (1 << 9); 4101 } else { 4102 txpow1 += 7; 4103 4104 /* txpow1 is not possible larger than 15. */ 4105 r3 |= (txpow1 << 10); 4106 } 4107 if (txpow2 >= 0) { 4108 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4109 r4 |= (txpow2 << 7) | (1 << 6); 4110 } else { 4111 txpow2 += 7; 4112 r4 |= (txpow2 << 7); 4113 } 4114 } else { 4115 /* Set Tx0 power. */ 4116 r3 |= (txpow1 << 9); 4117 4118 /* Set frequency offset and Tx1 power. */ 4119 r4 |= (txpow2 << 6); 4120 } 4121 4122 run_rt2870_rf_write(sc, rfprog[i].r1); 4123 run_rt2870_rf_write(sc, r2); 4124 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4125 run_rt2870_rf_write(sc, r4); 4126 4127 run_delay(sc, 10); 4128 4129 run_rt2870_rf_write(sc, rfprog[i].r1); 4130 run_rt2870_rf_write(sc, r2); 4131 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4132 run_rt2870_rf_write(sc, r4); 4133 4134 run_delay(sc, 10); 4135 4136 run_rt2870_rf_write(sc, rfprog[i].r1); 4137 run_rt2870_rf_write(sc, r2); 4138 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4139 run_rt2870_rf_write(sc, r4); 4140} 4141 4142static void 4143run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4144{ 4145 int8_t txpow1, txpow2; 4146 uint8_t rf; 4147 int i; 4148 4149 /* find the settings for this channel (we know it exists) */ 4150 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4151 4152 /* use Tx power values from EEPROM */ 4153 txpow1 = sc->txpow1[i]; 4154 txpow2 = sc->txpow2[i]; 4155 4156 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4157 4158 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4159 run_rt3070_rf_read(sc, 3, &rf); 4160 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4161 run_rt3070_rf_write(sc, 3, rf); 4162 4163 run_rt3070_rf_read(sc, 6, &rf); 4164 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4165 run_rt3070_rf_write(sc, 6, rf); 4166 4167 /* set Tx0 power */ 4168 run_rt3070_rf_read(sc, 12, &rf); 4169 rf = (rf & ~0x1f) | txpow1; 4170 run_rt3070_rf_write(sc, 12, rf); 4171 4172 /* set Tx1 power */ 4173 run_rt3070_rf_read(sc, 13, &rf); 4174 rf = (rf & ~0x1f) | txpow2; 4175 run_rt3070_rf_write(sc, 13, rf); 4176 4177 run_rt3070_rf_read(sc, 1, &rf); 4178 rf &= ~0xfc; 4179 if (sc->ntxchains == 1) 4180 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4181 else if (sc->ntxchains == 2) 4182 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4183 if (sc->nrxchains == 1) 4184 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4185 else if (sc->nrxchains == 2) 4186 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4187 run_rt3070_rf_write(sc, 1, rf); 4188 4189 /* set RF offset */ 4190 run_rt3070_rf_read(sc, 23, &rf); 4191 rf = (rf & ~0x7f) | sc->freq; 4192 run_rt3070_rf_write(sc, 23, rf); 4193 4194 /* program RF filter */ 4195 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4196 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4197 run_rt3070_rf_write(sc, 24, rf); 4198 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4199 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4200 run_rt3070_rf_write(sc, 31, rf); 4201 4202 /* enable RF tuning */ 4203 run_rt3070_rf_read(sc, 7, &rf); 4204 run_rt3070_rf_write(sc, 7, rf | 0x01); 4205} 4206 4207static void 4208run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4209{ 4210 int8_t txpow1, txpow2; 4211 uint32_t tmp; 4212 uint8_t rf; 4213 int i; 4214 4215 /* find the settings for this channel (we know it exists) */ 4216 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4217 4218 /* use Tx power values from EEPROM */ 4219 txpow1 = sc->txpow1[i]; 4220 txpow2 = sc->txpow2[i]; 4221 4222 if (chan <= 14) { 4223 run_bbp_write(sc, 25, sc->bbp25); 4224 run_bbp_write(sc, 26, sc->bbp26); 4225 } else { 4226 /* enable IQ phase correction */ 4227 run_bbp_write(sc, 25, 0x09); 4228 run_bbp_write(sc, 26, 0xff); 4229 } 4230 4231 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4232 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4233 run_rt3070_rf_read(sc, 6, &rf); 4234 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4235 rf |= (chan <= 14) ? 0x08 : 0x04; 4236 run_rt3070_rf_write(sc, 6, rf); 4237 4238 /* set PLL mode */ 4239 run_rt3070_rf_read(sc, 5, &rf); 4240 rf &= ~(0x08 | 0x04); 4241 rf |= (chan <= 14) ? 0x04 : 0x08; 4242 run_rt3070_rf_write(sc, 5, rf); 4243 4244 /* set Tx power for chain 0 */ 4245 if (chan <= 14) 4246 rf = 0x60 | txpow1; 4247 else 4248 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4249 run_rt3070_rf_write(sc, 12, rf); 4250 4251 /* set Tx power for chain 1 */ 4252 if (chan <= 14) 4253 rf = 0x60 | txpow2; 4254 else 4255 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4256 run_rt3070_rf_write(sc, 13, rf); 4257 4258 /* set Tx/Rx streams */ 4259 run_rt3070_rf_read(sc, 1, &rf); 4260 rf &= ~0xfc; 4261 if (sc->ntxchains == 1) 4262 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4263 else if (sc->ntxchains == 2) 4264 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4265 if (sc->nrxchains == 1) 4266 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4267 else if (sc->nrxchains == 2) 4268 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4269 run_rt3070_rf_write(sc, 1, rf); 4270 4271 /* set RF offset */ 4272 run_rt3070_rf_read(sc, 23, &rf); 4273 rf = (rf & ~0x7f) | sc->freq; 4274 run_rt3070_rf_write(sc, 23, rf); 4275 4276 /* program RF filter */ 4277 rf = sc->rf24_20mhz; 4278 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4279 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4280 4281 /* enable RF tuning */ 4282 run_rt3070_rf_read(sc, 7, &rf); 4283 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4284 run_rt3070_rf_write(sc, 7, rf); 4285 4286 /* TSSI */ 4287 rf = (chan <= 14) ? 0xc3 : 0xc0; 4288 run_rt3070_rf_write(sc, 9, rf); 4289 4290 /* set loop filter 1 */ 4291 run_rt3070_rf_write(sc, 10, 0xf1); 4292 /* set loop filter 2 */ 4293 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4294 4295 /* set tx_mx2_ic */ 4296 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4297 /* set tx_mx1_ic */ 4298 if (chan <= 14) 4299 rf = 0x48 | sc->txmixgain_2ghz; 4300 else 4301 rf = 0x78 | sc->txmixgain_5ghz; 4302 run_rt3070_rf_write(sc, 16, rf); 4303 4304 /* set tx_lo1 */ 4305 run_rt3070_rf_write(sc, 17, 0x23); 4306 /* set tx_lo2 */ 4307 if (chan <= 14) 4308 rf = 0x93; 4309 else if (chan <= 64) 4310 rf = 0xb7; 4311 else if (chan <= 128) 4312 rf = 0x74; 4313 else 4314 rf = 0x72; 4315 run_rt3070_rf_write(sc, 19, rf); 4316 4317 /* set rx_lo1 */ 4318 if (chan <= 14) 4319 rf = 0xb3; 4320 else if (chan <= 64) 4321 rf = 0xf6; 4322 else if (chan <= 128) 4323 rf = 0xf4; 4324 else 4325 rf = 0xf3; 4326 run_rt3070_rf_write(sc, 20, rf); 4327 4328 /* set pfd_delay */ 4329 if (chan <= 14) 4330 rf = 0x15; 4331 else if (chan <= 64) 4332 rf = 0x3d; 4333 else 4334 rf = 0x01; 4335 run_rt3070_rf_write(sc, 25, rf); 4336 4337 /* set rx_lo2 */ 4338 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4339 /* set ldo_rf_vc */ 4340 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4341 /* set drv_cc */ 4342 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4343 4344 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4345 tmp &= ~0x8080; 4346 if (chan <= 14) 4347 tmp |= 0x80; 4348 run_write(sc, RT2860_GPIO_CTRL, tmp); 4349 4350 /* enable RF tuning */ 4351 run_rt3070_rf_read(sc, 7, &rf); 4352 run_rt3070_rf_write(sc, 7, rf | 0x01); 4353 4354 run_delay(sc, 2); 4355} 4356 4357static void 4358run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4359{ 4360 int8_t txpow1, txpow2, txpow3; 4361 uint8_t h20mhz, rf; 4362 int i; 4363 4364 /* find the settings for this channel (we know it exists) */ 4365 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4366 4367 /* use Tx power values from EEPROM */ 4368 txpow1 = sc->txpow1[i]; 4369 txpow2 = sc->txpow2[i]; 4370 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4371 4372 if (chan <= 14) { 4373 run_bbp_write(sc, 25, sc->bbp25); 4374 run_bbp_write(sc, 26, sc->bbp26); 4375 } else { 4376 /* Enable IQ phase correction. */ 4377 run_bbp_write(sc, 25, 0x09); 4378 run_bbp_write(sc, 26, 0xff); 4379 } 4380 4381 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4382 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4383 run_rt3070_rf_read(sc, 11, &rf); 4384 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4385 run_rt3070_rf_write(sc, 11, rf); 4386 4387 /* Set pll_idoh. */ 4388 run_rt3070_rf_read(sc, 11, &rf); 4389 rf &= ~0x4c; 4390 rf |= (chan <= 14) ? 0x44 : 0x48; 4391 run_rt3070_rf_write(sc, 11, rf); 4392 4393 if (chan <= 14) 4394 rf = txpow1 & 0x1f; 4395 else 4396 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4397 run_rt3070_rf_write(sc, 53, rf); 4398 4399 if (chan <= 14) 4400 rf = txpow2 & 0x1f; 4401 else 4402 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4403 run_rt3070_rf_write(sc, 55, rf); 4404 4405 if (chan <= 14) 4406 rf = txpow3 & 0x1f; 4407 else 4408 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4409 run_rt3070_rf_write(sc, 54, rf); 4410 4411 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4412 if (sc->ntxchains == 3) 4413 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4414 else 4415 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4416 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4417 run_rt3070_rf_write(sc, 1, rf); 4418 4419 run_adjust_freq_offset(sc); 4420 4421 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4422 4423 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4424 run_rt3070_rf_read(sc, 30, &rf); 4425 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4426 run_rt3070_rf_write(sc, 30, rf); 4427 4428 run_rt3070_rf_read(sc, 36, &rf); 4429 if (chan <= 14) 4430 rf |= 0x80; 4431 else 4432 rf &= ~0x80; 4433 run_rt3070_rf_write(sc, 36, rf); 4434 4435 /* Set vcolo_bs. */ 4436 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4437 /* Set pfd_delay. */ 4438 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4439 4440 /* Set vco bias current control. */ 4441 run_rt3070_rf_read(sc, 6, &rf); 4442 rf &= ~0xc0; 4443 if (chan <= 14) 4444 rf |= 0x40; 4445 else if (chan <= 128) 4446 rf |= 0x80; 4447 else 4448 rf |= 0x40; 4449 run_rt3070_rf_write(sc, 6, rf); 4450 4451 run_rt3070_rf_read(sc, 30, &rf); 4452 rf = (rf & ~0x18) | 0x10; 4453 run_rt3070_rf_write(sc, 30, rf); 4454 4455 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4456 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4457 4458 run_rt3070_rf_read(sc, 51, &rf); 4459 rf = (rf & ~0x03) | 0x01; 4460 run_rt3070_rf_write(sc, 51, rf); 4461 /* Set tx_mx1_cc. */ 4462 run_rt3070_rf_read(sc, 51, &rf); 4463 rf &= ~0x1c; 4464 rf |= (chan <= 14) ? 0x14 : 0x10; 4465 run_rt3070_rf_write(sc, 51, rf); 4466 /* Set tx_mx1_ic. */ 4467 run_rt3070_rf_read(sc, 51, &rf); 4468 rf &= ~0xe0; 4469 rf |= (chan <= 14) ? 0x60 : 0x40; 4470 run_rt3070_rf_write(sc, 51, rf); 4471 /* Set tx_lo1_ic. */ 4472 run_rt3070_rf_read(sc, 49, &rf); 4473 rf &= ~0x1c; 4474 rf |= (chan <= 14) ? 0x0c : 0x08; 4475 run_rt3070_rf_write(sc, 49, rf); 4476 /* Set tx_lo1_en. */ 4477 run_rt3070_rf_read(sc, 50, &rf); 4478 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4479 /* Set drv_cc. */ 4480 run_rt3070_rf_read(sc, 57, &rf); 4481 rf &= ~0xfc; 4482 rf |= (chan <= 14) ? 0x6c : 0x3c; 4483 run_rt3070_rf_write(sc, 57, rf); 4484 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4485 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4486 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4487 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4488 /* Enable VCO calibration. */ 4489 run_rt3070_rf_read(sc, 3, &rf); 4490 rf &= ~RT5390_VCOCAL; 4491 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4492 run_rt3070_rf_write(sc, 3, rf); 4493 4494 if (chan <= 14) 4495 rf = 0x23; 4496 else if (chan <= 64) 4497 rf = 0x36; 4498 else if (chan <= 128) 4499 rf = 0x32; 4500 else 4501 rf = 0x30; 4502 run_rt3070_rf_write(sc, 39, rf); 4503 if (chan <= 14) 4504 rf = 0xbb; 4505 else if (chan <= 64) 4506 rf = 0xeb; 4507 else if (chan <= 128) 4508 rf = 0xb3; 4509 else 4510 rf = 0x9b; 4511 run_rt3070_rf_write(sc, 45, rf); 4512 4513 /* Set FEQ/AEQ control. */ 4514 run_bbp_write(sc, 105, 0x34); 4515} 4516 4517static void 4518run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4519{ 4520 int8_t txpow1, txpow2; 4521 uint8_t rf; 4522 int i; 4523 4524 /* find the settings for this channel (we know it exists) */ 4525 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4526 4527 /* use Tx power values from EEPROM */ 4528 txpow1 = sc->txpow1[i]; 4529 txpow2 = sc->txpow2[i]; 4530 4531 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4532 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4533 run_rt3070_rf_read(sc, 11, &rf); 4534 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4535 run_rt3070_rf_write(sc, 11, rf); 4536 4537 run_rt3070_rf_read(sc, 49, &rf); 4538 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4539 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4540 if ((rf & 0x3f) > 0x27) 4541 rf = (rf & ~0x3f) | 0x27; 4542 run_rt3070_rf_write(sc, 49, rf); 4543 4544 if (sc->mac_ver == 0x5392) { 4545 run_rt3070_rf_read(sc, 50, &rf); 4546 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4547 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4548 if ((rf & 0x3f) > 0x27) 4549 rf = (rf & ~0x3f) | 0x27; 4550 run_rt3070_rf_write(sc, 50, rf); 4551 } 4552 4553 run_rt3070_rf_read(sc, 1, &rf); 4554 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4555 if (sc->mac_ver == 0x5392) 4556 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4557 run_rt3070_rf_write(sc, 1, rf); 4558 4559 if (sc->mac_ver != 0x5392) { 4560 run_rt3070_rf_read(sc, 2, &rf); 4561 rf |= 0x80; 4562 run_rt3070_rf_write(sc, 2, rf); 4563 run_delay(sc, 10); 4564 rf &= 0x7f; 4565 run_rt3070_rf_write(sc, 2, rf); 4566 } 4567 4568 run_adjust_freq_offset(sc); 4569 4570 if (sc->mac_ver == 0x5392) { 4571 /* Fix for RT5392C. */ 4572 if (sc->mac_rev >= 0x0223) { 4573 if (chan <= 4) 4574 rf = 0x0f; 4575 else if (chan >= 5 && chan <= 7) 4576 rf = 0x0e; 4577 else 4578 rf = 0x0d; 4579 run_rt3070_rf_write(sc, 23, rf); 4580 4581 if (chan <= 4) 4582 rf = 0x0c; 4583 else if (chan == 5) 4584 rf = 0x0b; 4585 else if (chan >= 6 && chan <= 7) 4586 rf = 0x0a; 4587 else if (chan >= 8 && chan <= 10) 4588 rf = 0x09; 4589 else 4590 rf = 0x08; 4591 run_rt3070_rf_write(sc, 59, rf); 4592 } else { 4593 if (chan <= 11) 4594 rf = 0x0f; 4595 else 4596 rf = 0x0b; 4597 run_rt3070_rf_write(sc, 59, rf); 4598 } 4599 } else { 4600 /* Fix for RT5390F. */ 4601 if (sc->mac_rev >= 0x0502) { 4602 if (chan <= 11) 4603 rf = 0x43; 4604 else 4605 rf = 0x23; 4606 run_rt3070_rf_write(sc, 55, rf); 4607 4608 if (chan <= 11) 4609 rf = 0x0f; 4610 else if (chan == 12) 4611 rf = 0x0d; 4612 else 4613 rf = 0x0b; 4614 run_rt3070_rf_write(sc, 59, rf); 4615 } else { 4616 run_rt3070_rf_write(sc, 55, 0x44); 4617 run_rt3070_rf_write(sc, 59, 0x8f); 4618 } 4619 } 4620 4621 /* Enable VCO calibration. */ 4622 run_rt3070_rf_read(sc, 3, &rf); 4623 rf |= RT5390_VCOCAL; 4624 run_rt3070_rf_write(sc, 3, rf); 4625} 4626 4627static void 4628run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4629{ 4630 const struct rt5592_freqs *freqs; 4631 uint32_t tmp; 4632 uint8_t reg, rf, txpow_bound; 4633 int8_t txpow1, txpow2; 4634 int i; 4635 4636 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4637 freqs = (tmp & RT5592_SEL_XTAL) ? 4638 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4639 4640 /* find the settings for this channel (we know it exists) */ 4641 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4642 4643 /* use Tx power values from EEPROM */ 4644 txpow1 = sc->txpow1[i]; 4645 txpow2 = sc->txpow2[i]; 4646 4647 run_read(sc, RT3070_LDO_CFG0, &tmp); 4648 tmp &= ~0x1c000000; 4649 if (chan > 14) 4650 tmp |= 0x14000000; 4651 run_write(sc, RT3070_LDO_CFG0, tmp); 4652 4653 /* N setting. */ 4654 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4655 run_rt3070_rf_read(sc, 9, &rf); 4656 rf &= ~(1 << 4); 4657 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4658 run_rt3070_rf_write(sc, 9, rf); 4659 4660 /* K setting. */ 4661 run_rt3070_rf_read(sc, 9, &rf); 4662 rf &= ~0x0f; 4663 rf |= (freqs->k & 0x0f); 4664 run_rt3070_rf_write(sc, 9, rf); 4665 4666 /* Mode setting. */ 4667 run_rt3070_rf_read(sc, 11, &rf); 4668 rf &= ~0x0c; 4669 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4670 run_rt3070_rf_write(sc, 11, rf); 4671 run_rt3070_rf_read(sc, 9, &rf); 4672 rf &= ~(1 << 7); 4673 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4674 run_rt3070_rf_write(sc, 9, rf); 4675 4676 /* R setting. */ 4677 run_rt3070_rf_read(sc, 11, &rf); 4678 rf &= ~0x03; 4679 rf |= (freqs->r - 0x1); 4680 run_rt3070_rf_write(sc, 11, rf); 4681 4682 if (chan <= 14) { 4683 /* Initialize RF registers for 2GHZ. */ 4684 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4685 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4686 rt5592_2ghz_def_rf[i].val); 4687 } 4688 4689 rf = (chan <= 10) ? 0x07 : 0x06; 4690 run_rt3070_rf_write(sc, 23, rf); 4691 run_rt3070_rf_write(sc, 59, rf); 4692 4693 run_rt3070_rf_write(sc, 55, 0x43); 4694 4695 /* 4696 * RF R49/R50 Tx power ALC code. 4697 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4698 */ 4699 reg = 2; 4700 txpow_bound = 0x27; 4701 } else { 4702 /* Initialize RF registers for 5GHZ. */ 4703 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4704 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4705 rt5592_5ghz_def_rf[i].val); 4706 } 4707 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4708 if (chan >= rt5592_chan_5ghz[i].firstchan && 4709 chan <= rt5592_chan_5ghz[i].lastchan) { 4710 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4711 rt5592_chan_5ghz[i].val); 4712 } 4713 } 4714 4715 /* 4716 * RF R49/R50 Tx power ALC code. 4717 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4718 */ 4719 reg = 3; 4720 txpow_bound = 0x2b; 4721 } 4722 4723 /* RF R49 ch0 Tx power ALC code. */ 4724 run_rt3070_rf_read(sc, 49, &rf); 4725 rf &= ~0xc0; 4726 rf |= (reg << 6); 4727 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4728 if ((rf & 0x3f) > txpow_bound) 4729 rf = (rf & ~0x3f) | txpow_bound; 4730 run_rt3070_rf_write(sc, 49, rf); 4731 4732 /* RF R50 ch1 Tx power ALC code. */ 4733 run_rt3070_rf_read(sc, 50, &rf); 4734 rf &= ~(1 << 7 | 1 << 6); 4735 rf |= (reg << 6); 4736 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4737 if ((rf & 0x3f) > txpow_bound) 4738 rf = (rf & ~0x3f) | txpow_bound; 4739 run_rt3070_rf_write(sc, 50, rf); 4740 4741 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4742 run_rt3070_rf_read(sc, 1, &rf); 4743 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4744 if (sc->ntxchains > 1) 4745 rf |= RT3070_TX1_PD; 4746 if (sc->nrxchains > 1) 4747 rf |= RT3070_RX1_PD; 4748 run_rt3070_rf_write(sc, 1, rf); 4749 4750 run_rt3070_rf_write(sc, 6, 0xe4); 4751 4752 run_rt3070_rf_write(sc, 30, 0x10); 4753 run_rt3070_rf_write(sc, 31, 0x80); 4754 run_rt3070_rf_write(sc, 32, 0x80); 4755 4756 run_adjust_freq_offset(sc); 4757 4758 /* Enable VCO calibration. */ 4759 run_rt3070_rf_read(sc, 3, &rf); 4760 rf |= RT5390_VCOCAL; 4761 run_rt3070_rf_write(sc, 3, rf); 4762} 4763 4764static void 4765run_set_rx_antenna(struct run_softc *sc, int aux) 4766{ 4767 uint32_t tmp; 4768 uint8_t bbp152; 4769 4770 if (aux) { 4771 if (sc->rf_rev == RT5390_RF_5370) { 4772 run_bbp_read(sc, 152, &bbp152); 4773 run_bbp_write(sc, 152, bbp152 & ~0x80); 4774 } else { 4775 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4776 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4777 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4778 } 4779 } else { 4780 if (sc->rf_rev == RT5390_RF_5370) { 4781 run_bbp_read(sc, 152, &bbp152); 4782 run_bbp_write(sc, 152, bbp152 | 0x80); 4783 } else { 4784 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4785 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4786 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4787 } 4788 } 4789} 4790 4791static int 4792run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4793{ 4794 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4795 u_int chan, group; 4796 4797 chan = ieee80211_chan2ieee(ic, c); 4798 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4799 return (EINVAL); 4800 4801 if (sc->mac_ver == 0x5592) 4802 run_rt5592_set_chan(sc, chan); 4803 else if (sc->mac_ver >= 0x5390) 4804 run_rt5390_set_chan(sc, chan); 4805 else if (sc->mac_ver == 0x3593) 4806 run_rt3593_set_chan(sc, chan); 4807 else if (sc->mac_ver == 0x3572) 4808 run_rt3572_set_chan(sc, chan); 4809 else if (sc->mac_ver >= 0x3070) 4810 run_rt3070_set_chan(sc, chan); 4811 else 4812 run_rt2870_set_chan(sc, chan); 4813 4814 /* determine channel group */ 4815 if (chan <= 14) 4816 group = 0; 4817 else if (chan <= 64) 4818 group = 1; 4819 else if (chan <= 128) 4820 group = 2; 4821 else 4822 group = 3; 4823 4824 /* XXX necessary only when group has changed! */ 4825 run_select_chan_group(sc, group); 4826 4827 run_delay(sc, 10); 4828 4829 /* Perform IQ calibration. */ 4830 if (sc->mac_ver >= 0x5392) 4831 run_iq_calib(sc, chan); 4832 4833 return (0); 4834} 4835 4836static void 4837run_set_channel(struct ieee80211com *ic) 4838{ 4839 struct run_softc *sc = ic->ic_ifp->if_softc; 4840 4841 RUN_LOCK(sc); 4842 run_set_chan(sc, ic->ic_curchan); 4843 RUN_UNLOCK(sc); 4844 4845 return; 4846} 4847 4848static void 4849run_scan_start(struct ieee80211com *ic) 4850{ 4851 struct run_softc *sc = ic->ic_ifp->if_softc; 4852 uint32_t tmp; 4853 4854 RUN_LOCK(sc); 4855 4856 /* abort TSF synchronization */ 4857 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4858 run_write(sc, RT2860_BCN_TIME_CFG, 4859 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4860 RT2860_TBTT_TIMER_EN)); 4861 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4862 4863 RUN_UNLOCK(sc); 4864 4865 return; 4866} 4867 4868static void 4869run_scan_end(struct ieee80211com *ic) 4870{ 4871 struct run_softc *sc = ic->ic_ifp->if_softc; 4872 4873 RUN_LOCK(sc); 4874 4875 run_enable_tsf_sync(sc); 4876 /* XXX keep local copy */ 4877 run_set_bssid(sc, sc->sc_bssid); 4878 4879 RUN_UNLOCK(sc); 4880 4881 return; 4882} 4883 4884/* 4885 * Could be called from ieee80211_node_timeout() 4886 * (non-sleepable thread) 4887 */ 4888static void 4889run_update_beacon(struct ieee80211vap *vap, int item) 4890{ 4891 struct ieee80211com *ic = vap->iv_ic; 4892 struct run_softc *sc = ic->ic_ifp->if_softc; 4893 struct run_vap *rvp = RUN_VAP(vap); 4894 int mcast = 0; 4895 uint32_t i; 4896 4897 KASSERT(vap != NULL, ("no beacon")); 4898 4899 switch (item) { 4900 case IEEE80211_BEACON_ERP: 4901 run_updateslot(ic->ic_ifp); 4902 break; 4903 case IEEE80211_BEACON_HTINFO: 4904 run_updateprot(ic); 4905 break; 4906 case IEEE80211_BEACON_TIM: 4907 mcast = 1; /*TODO*/ 4908 break; 4909 default: 4910 break; 4911 } 4912 4913 setbit(rvp->bo.bo_flags, item); 4914 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4915 4916 i = RUN_CMDQ_GET(&sc->cmdq_store); 4917 DPRINTF("cmdq_store=%d\n", i); 4918 sc->cmdq[i].func = run_update_beacon_cb; 4919 sc->cmdq[i].arg0 = vap; 4920 ieee80211_runtask(ic, &sc->cmdq_task); 4921 4922 return; 4923} 4924 4925static void 4926run_update_beacon_cb(void *arg) 4927{ 4928 struct ieee80211vap *vap = arg; 4929 struct run_vap *rvp = RUN_VAP(vap); 4930 struct ieee80211com *ic = vap->iv_ic; 4931 struct run_softc *sc = ic->ic_ifp->if_softc; 4932 struct rt2860_txwi txwi; 4933 struct mbuf *m; 4934 uint16_t txwisize; 4935 uint8_t ridx; 4936 4937 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4938 return; 4939 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4940 return; 4941 4942 /* 4943 * No need to call ieee80211_beacon_update(), run_update_beacon() 4944 * is taking care of apropriate calls. 4945 */ 4946 if (rvp->beacon_mbuf == NULL) { 4947 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4948 &rvp->bo); 4949 if (rvp->beacon_mbuf == NULL) 4950 return; 4951 } 4952 m = rvp->beacon_mbuf; 4953 4954 memset(&txwi, 0, sizeof(txwi)); 4955 txwi.wcid = 0xff; 4956 txwi.len = htole16(m->m_pkthdr.len); 4957 4958 /* send beacons at the lowest available rate */ 4959 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4960 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4961 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4962 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4963 txwi.phy |= htole16(RT2860_PHY_OFDM); 4964 txwi.txop = RT2860_TX_TXOP_HT; 4965 txwi.flags = RT2860_TX_TS; 4966 txwi.xflags = RT2860_TX_NSEQ; 4967 4968 txwisize = (sc->mac_ver == 0x5592) ? 4969 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4970 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4971 txwisize); 4972 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4973 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4974} 4975 4976static void 4977run_updateprot(struct ieee80211com *ic) 4978{ 4979 struct run_softc *sc = ic->ic_ifp->if_softc; 4980 uint32_t i; 4981 4982 i = RUN_CMDQ_GET(&sc->cmdq_store); 4983 DPRINTF("cmdq_store=%d\n", i); 4984 sc->cmdq[i].func = run_updateprot_cb; 4985 sc->cmdq[i].arg0 = ic; 4986 ieee80211_runtask(ic, &sc->cmdq_task); 4987} 4988 4989static void 4990run_updateprot_cb(void *arg) 4991{ 4992 struct ieee80211com *ic = arg; 4993 struct run_softc *sc = ic->ic_ifp->if_softc; 4994 uint32_t tmp; 4995 4996 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4997 /* setup protection frame rate (MCS code) */ 4998 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4999 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5000 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5001 5002 /* CCK frames don't require protection */ 5003 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5004 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5005 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5006 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5007 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5008 tmp |= RT2860_PROT_CTRL_CTS; 5009 } 5010 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5011} 5012 5013static void 5014run_usb_timeout_cb(void *arg) 5015{ 5016 struct ieee80211vap *vap = arg; 5017 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 5018 5019 RUN_LOCK_ASSERT(sc, MA_OWNED); 5020 5021 if(vap->iv_state == IEEE80211_S_RUN && 5022 vap->iv_opmode != IEEE80211_M_STA) 5023 run_reset_livelock(sc); 5024 else if (vap->iv_state == IEEE80211_S_SCAN) { 5025 DPRINTF("timeout caused by scan\n"); 5026 /* cancel bgscan */ 5027 ieee80211_cancel_scan(vap); 5028 } else 5029 DPRINTF("timeout by unknown cause\n"); 5030} 5031 5032static void 5033run_reset_livelock(struct run_softc *sc) 5034{ 5035 uint32_t tmp; 5036 5037 RUN_LOCK_ASSERT(sc, MA_OWNED); 5038 5039 /* 5040 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5041 * can run into a livelock and start sending CTS-to-self frames like 5042 * crazy if protection is enabled. Reset MAC/BBP for a while 5043 */ 5044 run_read(sc, RT2860_DEBUG, &tmp); 5045 DPRINTFN(3, "debug reg %08x\n", tmp); 5046 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5047 DPRINTF("CTS-to-self livelock detected\n"); 5048 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5049 run_delay(sc, 1); 5050 run_write(sc, RT2860_MAC_SYS_CTRL, 5051 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5052 } 5053} 5054 5055static void 5056run_update_promisc_locked(struct ifnet *ifp) 5057{ 5058 struct run_softc *sc = ifp->if_softc; 5059 uint32_t tmp; 5060 5061 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5062 5063 tmp |= RT2860_DROP_UC_NOME; 5064 if (ifp->if_flags & IFF_PROMISC) 5065 tmp &= ~RT2860_DROP_UC_NOME; 5066 5067 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5068 5069 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 5070 "entering" : "leaving"); 5071} 5072 5073static void 5074run_update_promisc(struct ifnet *ifp) 5075{ 5076 struct run_softc *sc = ifp->if_softc; 5077 5078 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 5079 return; 5080 5081 RUN_LOCK(sc); 5082 run_update_promisc_locked(ifp); 5083 RUN_UNLOCK(sc); 5084} 5085 5086static void 5087run_enable_tsf_sync(struct run_softc *sc) 5088{ 5089 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5090 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5091 uint32_t tmp; 5092 5093 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5094 ic->ic_opmode); 5095 5096 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5097 tmp &= ~0x1fffff; 5098 tmp |= vap->iv_bss->ni_intval * 16; 5099 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5100 5101 if (ic->ic_opmode == IEEE80211_M_STA) { 5102 /* 5103 * Local TSF is always updated with remote TSF on beacon 5104 * reception. 5105 */ 5106 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5107 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5108 tmp |= RT2860_BCN_TX_EN; 5109 /* 5110 * Local TSF is updated with remote TSF on beacon reception 5111 * only if the remote TSF is greater than local TSF. 5112 */ 5113 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5114 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5115 ic->ic_opmode == IEEE80211_M_MBSS) { 5116 tmp |= RT2860_BCN_TX_EN; 5117 /* SYNC with nobody */ 5118 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5119 } else { 5120 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5121 return; 5122 } 5123 5124 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5125} 5126 5127static void 5128run_enable_mrr(struct run_softc *sc) 5129{ 5130#define CCK(mcs) (mcs) 5131#define OFDM(mcs) (1 << 3 | (mcs)) 5132 run_write(sc, RT2860_LG_FBK_CFG0, 5133 OFDM(6) << 28 | /* 54->48 */ 5134 OFDM(5) << 24 | /* 48->36 */ 5135 OFDM(4) << 20 | /* 36->24 */ 5136 OFDM(3) << 16 | /* 24->18 */ 5137 OFDM(2) << 12 | /* 18->12 */ 5138 OFDM(1) << 8 | /* 12-> 9 */ 5139 OFDM(0) << 4 | /* 9-> 6 */ 5140 OFDM(0)); /* 6-> 6 */ 5141 5142 run_write(sc, RT2860_LG_FBK_CFG1, 5143 CCK(2) << 12 | /* 11->5.5 */ 5144 CCK(1) << 8 | /* 5.5-> 2 */ 5145 CCK(0) << 4 | /* 2-> 1 */ 5146 CCK(0)); /* 1-> 1 */ 5147#undef OFDM 5148#undef CCK 5149} 5150 5151static void 5152run_set_txpreamble(struct run_softc *sc) 5153{ 5154 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5155 uint32_t tmp; 5156 5157 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5158 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5159 tmp |= RT2860_CCK_SHORT_EN; 5160 else 5161 tmp &= ~RT2860_CCK_SHORT_EN; 5162 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5163} 5164 5165static void 5166run_set_basicrates(struct run_softc *sc) 5167{ 5168 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5169 5170 /* set basic rates mask */ 5171 if (ic->ic_curmode == IEEE80211_MODE_11B) 5172 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5173 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5174 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5175 else /* 11g */ 5176 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5177} 5178 5179static void 5180run_set_leds(struct run_softc *sc, uint16_t which) 5181{ 5182 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5183 which | (sc->leds & 0x7f)); 5184} 5185 5186static void 5187run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5188{ 5189 run_write(sc, RT2860_MAC_BSSID_DW0, 5190 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5191 run_write(sc, RT2860_MAC_BSSID_DW1, 5192 bssid[4] | bssid[5] << 8); 5193} 5194 5195static void 5196run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5197{ 5198 run_write(sc, RT2860_MAC_ADDR_DW0, 5199 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5200 run_write(sc, RT2860_MAC_ADDR_DW1, 5201 addr[4] | addr[5] << 8 | 0xff << 16); 5202} 5203 5204static void 5205run_updateslot(struct ifnet *ifp) 5206{ 5207 struct run_softc *sc = ifp->if_softc; 5208 struct ieee80211com *ic = ifp->if_l2com; 5209 uint32_t i; 5210 5211 i = RUN_CMDQ_GET(&sc->cmdq_store); 5212 DPRINTF("cmdq_store=%d\n", i); 5213 sc->cmdq[i].func = run_updateslot_cb; 5214 sc->cmdq[i].arg0 = ifp; 5215 ieee80211_runtask(ic, &sc->cmdq_task); 5216 5217 return; 5218} 5219 5220/* ARGSUSED */ 5221static void 5222run_updateslot_cb(void *arg) 5223{ 5224 struct ifnet *ifp = arg; 5225 struct run_softc *sc = ifp->if_softc; 5226 struct ieee80211com *ic = ifp->if_l2com; 5227 uint32_t tmp; 5228 5229 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5230 tmp &= ~0xff; 5231 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5232 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5233} 5234 5235static void 5236run_update_mcast(struct ifnet *ifp) 5237{ 5238 /* h/w filter supports getting everything or nothing */ 5239 ifp->if_flags |= IFF_ALLMULTI; 5240} 5241 5242static int8_t 5243run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5244{ 5245 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5246 struct ieee80211_channel *c = ic->ic_curchan; 5247 int delta; 5248 5249 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5250 u_int chan = ieee80211_chan2ieee(ic, c); 5251 delta = sc->rssi_5ghz[rxchain]; 5252 5253 /* determine channel group */ 5254 if (chan <= 64) 5255 delta -= sc->lna[1]; 5256 else if (chan <= 128) 5257 delta -= sc->lna[2]; 5258 else 5259 delta -= sc->lna[3]; 5260 } else 5261 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5262 5263 return (-12 - delta - rssi); 5264} 5265 5266static void 5267run_rt5390_bbp_init(struct run_softc *sc) 5268{ 5269 int i; 5270 uint8_t bbp; 5271 5272 /* Apply maximum likelihood detection for 2 stream case. */ 5273 run_bbp_read(sc, 105, &bbp); 5274 if (sc->nrxchains > 1) 5275 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5276 5277 /* Avoid data lost and CRC error. */ 5278 run_bbp_read(sc, 4, &bbp); 5279 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5280 5281 if (sc->mac_ver == 0x5592) { 5282 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5283 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5284 rt5592_def_bbp[i].val); 5285 } 5286 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5287 run_bbp_write(sc, 195, i + 0x80); 5288 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5289 } 5290 } else { 5291 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5292 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5293 rt5390_def_bbp[i].val); 5294 } 5295 } 5296 if (sc->mac_ver == 0x5392) { 5297 run_bbp_write(sc, 88, 0x90); 5298 run_bbp_write(sc, 95, 0x9a); 5299 run_bbp_write(sc, 98, 0x12); 5300 run_bbp_write(sc, 106, 0x12); 5301 run_bbp_write(sc, 134, 0xd0); 5302 run_bbp_write(sc, 135, 0xf6); 5303 run_bbp_write(sc, 148, 0x84); 5304 } 5305 5306 run_bbp_read(sc, 152, &bbp); 5307 run_bbp_write(sc, 152, bbp | 0x80); 5308 5309 /* Fix BBP254 for RT5592C. */ 5310 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5311 run_bbp_read(sc, 254, &bbp); 5312 run_bbp_write(sc, 254, bbp | 0x80); 5313 } 5314 5315 /* Disable hardware antenna diversity. */ 5316 if (sc->mac_ver == 0x5390) 5317 run_bbp_write(sc, 154, 0); 5318 5319 /* Initialize Rx CCK/OFDM frequency offset report. */ 5320 run_bbp_write(sc, 142, 1); 5321 run_bbp_write(sc, 143, 57); 5322} 5323 5324static int 5325run_bbp_init(struct run_softc *sc) 5326{ 5327 int i, error, ntries; 5328 uint8_t bbp0; 5329 5330 /* wait for BBP to wake up */ 5331 for (ntries = 0; ntries < 20; ntries++) { 5332 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5333 return error; 5334 if (bbp0 != 0 && bbp0 != 0xff) 5335 break; 5336 } 5337 if (ntries == 20) 5338 return (ETIMEDOUT); 5339 5340 /* initialize BBP registers to default values */ 5341 if (sc->mac_ver >= 0x5390) 5342 run_rt5390_bbp_init(sc); 5343 else { 5344 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5345 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5346 rt2860_def_bbp[i].val); 5347 } 5348 } 5349 5350 if (sc->mac_ver == 0x3593) { 5351 run_bbp_write(sc, 79, 0x13); 5352 run_bbp_write(sc, 80, 0x05); 5353 run_bbp_write(sc, 81, 0x33); 5354 run_bbp_write(sc, 86, 0x46); 5355 run_bbp_write(sc, 137, 0x0f); 5356 } 5357 5358 /* fix BBP84 for RT2860E */ 5359 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5360 run_bbp_write(sc, 84, 0x19); 5361 5362 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5363 sc->mac_ver != 0x5592)) { 5364 run_bbp_write(sc, 79, 0x13); 5365 run_bbp_write(sc, 80, 0x05); 5366 run_bbp_write(sc, 81, 0x33); 5367 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5368 run_bbp_write(sc, 69, 0x16); 5369 run_bbp_write(sc, 73, 0x12); 5370 } 5371 return (0); 5372} 5373 5374static int 5375run_rt3070_rf_init(struct run_softc *sc) 5376{ 5377 uint32_t tmp; 5378 uint8_t bbp4, mingain, rf, target; 5379 int i; 5380 5381 run_rt3070_rf_read(sc, 30, &rf); 5382 /* toggle RF R30 bit 7 */ 5383 run_rt3070_rf_write(sc, 30, rf | 0x80); 5384 run_delay(sc, 10); 5385 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5386 5387 /* initialize RF registers to default value */ 5388 if (sc->mac_ver == 0x3572) { 5389 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5390 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5391 rt3572_def_rf[i].val); 5392 } 5393 } else { 5394 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5395 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5396 rt3070_def_rf[i].val); 5397 } 5398 } 5399 5400 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5401 /* 5402 * Change voltage from 1.2V to 1.35V for RT3070. 5403 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5404 * in RT3070(F). 5405 */ 5406 run_read(sc, RT3070_LDO_CFG0, &tmp); 5407 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5408 run_write(sc, RT3070_LDO_CFG0, tmp); 5409 5410 } else if (sc->mac_ver == 0x3071) { 5411 run_rt3070_rf_read(sc, 6, &rf); 5412 run_rt3070_rf_write(sc, 6, rf | 0x40); 5413 run_rt3070_rf_write(sc, 31, 0x14); 5414 5415 run_read(sc, RT3070_LDO_CFG0, &tmp); 5416 tmp &= ~0x1f000000; 5417 if (sc->mac_rev < 0x0211) 5418 tmp |= 0x0d000000; /* 1.3V */ 5419 else 5420 tmp |= 0x01000000; /* 1.2V */ 5421 run_write(sc, RT3070_LDO_CFG0, tmp); 5422 5423 /* patch LNA_PE_G1 */ 5424 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5425 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5426 5427 } else if (sc->mac_ver == 0x3572) { 5428 run_rt3070_rf_read(sc, 6, &rf); 5429 run_rt3070_rf_write(sc, 6, rf | 0x40); 5430 5431 /* increase voltage from 1.2V to 1.35V */ 5432 run_read(sc, RT3070_LDO_CFG0, &tmp); 5433 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5434 run_write(sc, RT3070_LDO_CFG0, tmp); 5435 5436 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5437 run_delay(sc, 1); /* wait for 1msec */ 5438 /* decrease voltage back to 1.2V */ 5439 tmp = (tmp & ~0x1f000000) | 0x01000000; 5440 run_write(sc, RT3070_LDO_CFG0, tmp); 5441 } 5442 } 5443 5444 /* select 20MHz bandwidth */ 5445 run_rt3070_rf_read(sc, 31, &rf); 5446 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5447 5448 /* calibrate filter for 20MHz bandwidth */ 5449 sc->rf24_20mhz = 0x1f; /* default value */ 5450 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5451 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5452 5453 /* select 40MHz bandwidth */ 5454 run_bbp_read(sc, 4, &bbp4); 5455 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5456 run_rt3070_rf_read(sc, 31, &rf); 5457 run_rt3070_rf_write(sc, 31, rf | 0x20); 5458 5459 /* calibrate filter for 40MHz bandwidth */ 5460 sc->rf24_40mhz = 0x2f; /* default value */ 5461 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5462 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5463 5464 /* go back to 20MHz bandwidth */ 5465 run_bbp_read(sc, 4, &bbp4); 5466 run_bbp_write(sc, 4, bbp4 & ~0x18); 5467 5468 if (sc->mac_ver == 0x3572) { 5469 /* save default BBP registers 25 and 26 values */ 5470 run_bbp_read(sc, 25, &sc->bbp25); 5471 run_bbp_read(sc, 26, &sc->bbp26); 5472 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5473 run_rt3070_rf_write(sc, 27, 0x03); 5474 5475 run_read(sc, RT3070_OPT_14, &tmp); 5476 run_write(sc, RT3070_OPT_14, tmp | 1); 5477 5478 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5479 run_rt3070_rf_read(sc, 17, &rf); 5480 rf &= ~RT3070_TX_LO1; 5481 if ((sc->mac_ver == 0x3070 || 5482 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5483 !sc->ext_2ghz_lna) 5484 rf |= 0x20; /* fix for long range Rx issue */ 5485 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5486 if (sc->txmixgain_2ghz >= mingain) 5487 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5488 run_rt3070_rf_write(sc, 17, rf); 5489 } 5490 5491 if (sc->mac_ver == 0x3071) { 5492 run_rt3070_rf_read(sc, 1, &rf); 5493 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5494 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5495 run_rt3070_rf_write(sc, 1, rf); 5496 5497 run_rt3070_rf_read(sc, 15, &rf); 5498 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5499 5500 run_rt3070_rf_read(sc, 20, &rf); 5501 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5502 5503 run_rt3070_rf_read(sc, 21, &rf); 5504 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5505 } 5506 5507 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5508 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5509 run_rt3070_rf_read(sc, 27, &rf); 5510 rf &= ~0x77; 5511 if (sc->mac_rev < 0x0211) 5512 rf |= 0x03; 5513 run_rt3070_rf_write(sc, 27, rf); 5514 } 5515 return (0); 5516} 5517 5518static void 5519run_rt3593_rf_init(struct run_softc *sc) 5520{ 5521 uint32_t tmp; 5522 uint8_t rf; 5523 int i; 5524 5525 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5526 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5527 tmp &= ~(1 << 4 | 1 << 7); 5528 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5529 5530 /* Initialize RF registers to default value. */ 5531 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5532 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5533 rt3593_def_rf[i].val); 5534 } 5535 5536 /* Toggle RF R2 to initiate calibration. */ 5537 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5538 5539 /* Initialize RF frequency offset. */ 5540 run_adjust_freq_offset(sc); 5541 5542 run_rt3070_rf_read(sc, 18, &rf); 5543 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5544 5545 /* 5546 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5547 * decrease voltage back to 1.2V. 5548 */ 5549 run_read(sc, RT3070_LDO_CFG0, &tmp); 5550 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5551 run_write(sc, RT3070_LDO_CFG0, tmp); 5552 run_delay(sc, 1); 5553 tmp = (tmp & ~0x1f000000) | 0x01000000; 5554 run_write(sc, RT3070_LDO_CFG0, tmp); 5555 5556 sc->rf24_20mhz = 0x1f; 5557 sc->rf24_40mhz = 0x2f; 5558 5559 /* Save default BBP registers 25 and 26 values. */ 5560 run_bbp_read(sc, 25, &sc->bbp25); 5561 run_bbp_read(sc, 26, &sc->bbp26); 5562 5563 run_read(sc, RT3070_OPT_14, &tmp); 5564 run_write(sc, RT3070_OPT_14, tmp | 1); 5565} 5566 5567static void 5568run_rt5390_rf_init(struct run_softc *sc) 5569{ 5570 uint32_t tmp; 5571 uint8_t rf; 5572 int i; 5573 5574 /* Toggle RF R2 to initiate calibration. */ 5575 if (sc->mac_ver == 0x5390) { 5576 run_rt3070_rf_read(sc, 2, &rf); 5577 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5578 run_delay(sc, 10); 5579 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5580 } else { 5581 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5582 run_delay(sc, 10); 5583 } 5584 5585 /* Initialize RF registers to default value. */ 5586 if (sc->mac_ver == 0x5592) { 5587 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5588 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5589 rt5592_def_rf[i].val); 5590 } 5591 /* Initialize RF frequency offset. */ 5592 run_adjust_freq_offset(sc); 5593 } else if (sc->mac_ver == 0x5392) { 5594 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5595 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5596 rt5392_def_rf[i].val); 5597 } 5598 if (sc->mac_rev >= 0x0223) { 5599 run_rt3070_rf_write(sc, 23, 0x0f); 5600 run_rt3070_rf_write(sc, 24, 0x3e); 5601 run_rt3070_rf_write(sc, 51, 0x32); 5602 run_rt3070_rf_write(sc, 53, 0x22); 5603 run_rt3070_rf_write(sc, 56, 0xc1); 5604 run_rt3070_rf_write(sc, 59, 0x0f); 5605 } 5606 } else { 5607 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5608 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5609 rt5390_def_rf[i].val); 5610 } 5611 if (sc->mac_rev >= 0x0502) { 5612 run_rt3070_rf_write(sc, 6, 0xe0); 5613 run_rt3070_rf_write(sc, 25, 0x80); 5614 run_rt3070_rf_write(sc, 46, 0x73); 5615 run_rt3070_rf_write(sc, 53, 0x00); 5616 run_rt3070_rf_write(sc, 56, 0x42); 5617 run_rt3070_rf_write(sc, 61, 0xd1); 5618 } 5619 } 5620 5621 sc->rf24_20mhz = 0x1f; /* default value */ 5622 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5623 5624 if (sc->mac_rev < 0x0211) 5625 run_rt3070_rf_write(sc, 27, 0x3); 5626 5627 run_read(sc, RT3070_OPT_14, &tmp); 5628 run_write(sc, RT3070_OPT_14, tmp | 1); 5629} 5630 5631static int 5632run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5633 uint8_t *val) 5634{ 5635 uint8_t rf22, rf24; 5636 uint8_t bbp55_pb, bbp55_sb, delta; 5637 int ntries; 5638 5639 /* program filter */ 5640 run_rt3070_rf_read(sc, 24, &rf24); 5641 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5642 run_rt3070_rf_write(sc, 24, rf24); 5643 5644 /* enable baseband loopback mode */ 5645 run_rt3070_rf_read(sc, 22, &rf22); 5646 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5647 5648 /* set power and frequency of passband test tone */ 5649 run_bbp_write(sc, 24, 0x00); 5650 for (ntries = 0; ntries < 100; ntries++) { 5651 /* transmit test tone */ 5652 run_bbp_write(sc, 25, 0x90); 5653 run_delay(sc, 10); 5654 /* read received power */ 5655 run_bbp_read(sc, 55, &bbp55_pb); 5656 if (bbp55_pb != 0) 5657 break; 5658 } 5659 if (ntries == 100) 5660 return (ETIMEDOUT); 5661 5662 /* set power and frequency of stopband test tone */ 5663 run_bbp_write(sc, 24, 0x06); 5664 for (ntries = 0; ntries < 100; ntries++) { 5665 /* transmit test tone */ 5666 run_bbp_write(sc, 25, 0x90); 5667 run_delay(sc, 10); 5668 /* read received power */ 5669 run_bbp_read(sc, 55, &bbp55_sb); 5670 5671 delta = bbp55_pb - bbp55_sb; 5672 if (delta > target) 5673 break; 5674 5675 /* reprogram filter */ 5676 rf24++; 5677 run_rt3070_rf_write(sc, 24, rf24); 5678 } 5679 if (ntries < 100) { 5680 if (rf24 != init) 5681 rf24--; /* backtrack */ 5682 *val = rf24; 5683 run_rt3070_rf_write(sc, 24, rf24); 5684 } 5685 5686 /* restore initial state */ 5687 run_bbp_write(sc, 24, 0x00); 5688 5689 /* disable baseband loopback mode */ 5690 run_rt3070_rf_read(sc, 22, &rf22); 5691 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5692 5693 return (0); 5694} 5695 5696static void 5697run_rt3070_rf_setup(struct run_softc *sc) 5698{ 5699 uint8_t bbp, rf; 5700 int i; 5701 5702 if (sc->mac_ver == 0x3572) { 5703 /* enable DC filter */ 5704 if (sc->mac_rev >= 0x0201) 5705 run_bbp_write(sc, 103, 0xc0); 5706 5707 run_bbp_read(sc, 138, &bbp); 5708 if (sc->ntxchains == 1) 5709 bbp |= 0x20; /* turn off DAC1 */ 5710 if (sc->nrxchains == 1) 5711 bbp &= ~0x02; /* turn off ADC1 */ 5712 run_bbp_write(sc, 138, bbp); 5713 5714 if (sc->mac_rev >= 0x0211) { 5715 /* improve power consumption */ 5716 run_bbp_read(sc, 31, &bbp); 5717 run_bbp_write(sc, 31, bbp & ~0x03); 5718 } 5719 5720 run_rt3070_rf_read(sc, 16, &rf); 5721 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5722 run_rt3070_rf_write(sc, 16, rf); 5723 5724 } else if (sc->mac_ver == 0x3071) { 5725 if (sc->mac_rev >= 0x0211) { 5726 /* enable DC filter */ 5727 run_bbp_write(sc, 103, 0xc0); 5728 5729 /* improve power consumption */ 5730 run_bbp_read(sc, 31, &bbp); 5731 run_bbp_write(sc, 31, bbp & ~0x03); 5732 } 5733 5734 run_bbp_read(sc, 138, &bbp); 5735 if (sc->ntxchains == 1) 5736 bbp |= 0x20; /* turn off DAC1 */ 5737 if (sc->nrxchains == 1) 5738 bbp &= ~0x02; /* turn off ADC1 */ 5739 run_bbp_write(sc, 138, bbp); 5740 5741 run_write(sc, RT2860_TX_SW_CFG1, 0); 5742 if (sc->mac_rev < 0x0211) { 5743 run_write(sc, RT2860_TX_SW_CFG2, 5744 sc->patch_dac ? 0x2c : 0x0f); 5745 } else 5746 run_write(sc, RT2860_TX_SW_CFG2, 0); 5747 5748 } else if (sc->mac_ver == 0x3070) { 5749 if (sc->mac_rev >= 0x0201) { 5750 /* enable DC filter */ 5751 run_bbp_write(sc, 103, 0xc0); 5752 5753 /* improve power consumption */ 5754 run_bbp_read(sc, 31, &bbp); 5755 run_bbp_write(sc, 31, bbp & ~0x03); 5756 } 5757 5758 if (sc->mac_rev < 0x0201) { 5759 run_write(sc, RT2860_TX_SW_CFG1, 0); 5760 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5761 } else 5762 run_write(sc, RT2860_TX_SW_CFG2, 0); 5763 } 5764 5765 /* initialize RF registers from ROM for >=RT3071*/ 5766 if (sc->mac_ver >= 0x3071) { 5767 for (i = 0; i < 10; i++) { 5768 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5769 continue; 5770 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5771 } 5772 } 5773} 5774 5775static void 5776run_rt3593_rf_setup(struct run_softc *sc) 5777{ 5778 uint8_t bbp, rf; 5779 5780 if (sc->mac_rev >= 0x0211) { 5781 /* Enable DC filter. */ 5782 run_bbp_write(sc, 103, 0xc0); 5783 } 5784 run_write(sc, RT2860_TX_SW_CFG1, 0); 5785 if (sc->mac_rev < 0x0211) { 5786 run_write(sc, RT2860_TX_SW_CFG2, 5787 sc->patch_dac ? 0x2c : 0x0f); 5788 } else 5789 run_write(sc, RT2860_TX_SW_CFG2, 0); 5790 5791 run_rt3070_rf_read(sc, 50, &rf); 5792 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5793 5794 run_rt3070_rf_read(sc, 51, &rf); 5795 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5796 ((sc->txmixgain_2ghz & 0x07) << 2); 5797 run_rt3070_rf_write(sc, 51, rf); 5798 5799 run_rt3070_rf_read(sc, 38, &rf); 5800 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5801 5802 run_rt3070_rf_read(sc, 39, &rf); 5803 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5804 5805 run_rt3070_rf_read(sc, 1, &rf); 5806 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5807 5808 run_rt3070_rf_read(sc, 30, &rf); 5809 rf = (rf & ~0x18) | 0x10; 5810 run_rt3070_rf_write(sc, 30, rf); 5811 5812 /* Apply maximum likelihood detection for 2 stream case. */ 5813 run_bbp_read(sc, 105, &bbp); 5814 if (sc->nrxchains > 1) 5815 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5816 5817 /* Avoid data lost and CRC error. */ 5818 run_bbp_read(sc, 4, &bbp); 5819 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5820 5821 run_bbp_write(sc, 92, 0x02); 5822 run_bbp_write(sc, 82, 0x82); 5823 run_bbp_write(sc, 106, 0x05); 5824 run_bbp_write(sc, 104, 0x92); 5825 run_bbp_write(sc, 88, 0x90); 5826 run_bbp_write(sc, 148, 0xc8); 5827 run_bbp_write(sc, 47, 0x48); 5828 run_bbp_write(sc, 120, 0x50); 5829 5830 run_bbp_write(sc, 163, 0x9d); 5831 5832 /* SNR mapping. */ 5833 run_bbp_write(sc, 142, 0x06); 5834 run_bbp_write(sc, 143, 0xa0); 5835 run_bbp_write(sc, 142, 0x07); 5836 run_bbp_write(sc, 143, 0xa1); 5837 run_bbp_write(sc, 142, 0x08); 5838 run_bbp_write(sc, 143, 0xa2); 5839 5840 run_bbp_write(sc, 31, 0x08); 5841 run_bbp_write(sc, 68, 0x0b); 5842 run_bbp_write(sc, 105, 0x04); 5843} 5844 5845static void 5846run_rt5390_rf_setup(struct run_softc *sc) 5847{ 5848 uint8_t bbp, rf; 5849 5850 if (sc->mac_rev >= 0x0211) { 5851 /* Enable DC filter. */ 5852 run_bbp_write(sc, 103, 0xc0); 5853 5854 if (sc->mac_ver != 0x5592) { 5855 /* Improve power consumption. */ 5856 run_bbp_read(sc, 31, &bbp); 5857 run_bbp_write(sc, 31, bbp & ~0x03); 5858 } 5859 } 5860 5861 run_bbp_read(sc, 138, &bbp); 5862 if (sc->ntxchains == 1) 5863 bbp |= 0x20; /* turn off DAC1 */ 5864 if (sc->nrxchains == 1) 5865 bbp &= ~0x02; /* turn off ADC1 */ 5866 run_bbp_write(sc, 138, bbp); 5867 5868 run_rt3070_rf_read(sc, 38, &rf); 5869 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5870 5871 run_rt3070_rf_read(sc, 39, &rf); 5872 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5873 5874 /* Avoid data lost and CRC error. */ 5875 run_bbp_read(sc, 4, &bbp); 5876 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5877 5878 run_rt3070_rf_read(sc, 30, &rf); 5879 rf = (rf & ~0x18) | 0x10; 5880 run_rt3070_rf_write(sc, 30, rf); 5881 5882 if (sc->mac_ver != 0x5592) { 5883 run_write(sc, RT2860_TX_SW_CFG1, 0); 5884 if (sc->mac_rev < 0x0211) { 5885 run_write(sc, RT2860_TX_SW_CFG2, 5886 sc->patch_dac ? 0x2c : 0x0f); 5887 } else 5888 run_write(sc, RT2860_TX_SW_CFG2, 0); 5889 } 5890} 5891 5892static int 5893run_txrx_enable(struct run_softc *sc) 5894{ 5895 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5896 uint32_t tmp; 5897 int error, ntries; 5898 5899 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5900 for (ntries = 0; ntries < 200; ntries++) { 5901 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5902 return (error); 5903 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5904 break; 5905 run_delay(sc, 50); 5906 } 5907 if (ntries == 200) 5908 return (ETIMEDOUT); 5909 5910 run_delay(sc, 50); 5911 5912 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5913 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5914 5915 /* enable Rx bulk aggregation (set timeout and limit) */ 5916 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5917 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5918 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5919 5920 /* set Rx filter */ 5921 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5922 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5923 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5924 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5925 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5926 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5927 if (ic->ic_opmode == IEEE80211_M_STA) 5928 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5929 } 5930 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5931 5932 run_write(sc, RT2860_MAC_SYS_CTRL, 5933 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5934 5935 return (0); 5936} 5937 5938static void 5939run_adjust_freq_offset(struct run_softc *sc) 5940{ 5941 uint8_t rf, tmp; 5942 5943 run_rt3070_rf_read(sc, 17, &rf); 5944 tmp = rf; 5945 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5946 rf = MIN(rf, 0x5f); 5947 5948 if (tmp != rf) 5949 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5950} 5951 5952static void 5953run_init_locked(struct run_softc *sc) 5954{ 5955 struct ifnet *ifp = sc->sc_ifp; 5956 struct ieee80211com *ic = ifp->if_l2com; 5957 uint32_t tmp; 5958 uint8_t bbp1, bbp3; 5959 int i; 5960 int ridx; 5961 int ntries; 5962 5963 if (ic->ic_nrunning > 1) 5964 return; 5965 5966 run_stop(sc); 5967 5968 if (run_load_microcode(sc) != 0) { 5969 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5970 goto fail; 5971 } 5972 5973 for (ntries = 0; ntries < 100; ntries++) { 5974 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5975 goto fail; 5976 if (tmp != 0 && tmp != 0xffffffff) 5977 break; 5978 run_delay(sc, 10); 5979 } 5980 if (ntries == 100) 5981 goto fail; 5982 5983 for (i = 0; i != RUN_EP_QUEUES; i++) 5984 run_setup_tx_list(sc, &sc->sc_epq[i]); 5985 5986 run_set_macaddr(sc, IF_LLADDR(ifp)); 5987 5988 for (ntries = 0; ntries < 100; ntries++) { 5989 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5990 goto fail; 5991 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5992 break; 5993 run_delay(sc, 10); 5994 } 5995 if (ntries == 100) { 5996 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5997 goto fail; 5998 } 5999 tmp &= 0xff0; 6000 tmp |= RT2860_TX_WB_DDONE; 6001 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6002 6003 /* turn off PME_OEN to solve high-current issue */ 6004 run_read(sc, RT2860_SYS_CTRL, &tmp); 6005 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6006 6007 run_write(sc, RT2860_MAC_SYS_CTRL, 6008 RT2860_BBP_HRST | RT2860_MAC_SRST); 6009 run_write(sc, RT2860_USB_DMA_CFG, 0); 6010 6011 if (run_reset(sc) != 0) { 6012 device_printf(sc->sc_dev, "could not reset chipset\n"); 6013 goto fail; 6014 } 6015 6016 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6017 6018 /* init Tx power for all Tx rates (from EEPROM) */ 6019 for (ridx = 0; ridx < 5; ridx++) { 6020 if (sc->txpow20mhz[ridx] == 0xffffffff) 6021 continue; 6022 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6023 } 6024 6025 for (i = 0; i < nitems(rt2870_def_mac); i++) 6026 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6027 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6028 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6029 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6030 6031 if (sc->mac_ver >= 0x5390) { 6032 run_write(sc, RT2860_TX_SW_CFG0, 6033 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6034 if (sc->mac_ver >= 0x5392) { 6035 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6036 if (sc->mac_ver == 0x5592) { 6037 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6038 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6039 } else { 6040 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6041 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6042 } 6043 } 6044 } else if (sc->mac_ver == 0x3593) { 6045 run_write(sc, RT2860_TX_SW_CFG0, 6046 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6047 } else if (sc->mac_ver >= 0x3070) { 6048 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6049 run_write(sc, RT2860_TX_SW_CFG0, 6050 4 << RT2860_DLY_PAPE_EN_SHIFT); 6051 } 6052 6053 /* wait while MAC is busy */ 6054 for (ntries = 0; ntries < 100; ntries++) { 6055 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6056 goto fail; 6057 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6058 break; 6059 run_delay(sc, 10); 6060 } 6061 if (ntries == 100) 6062 goto fail; 6063 6064 /* clear Host to MCU mailbox */ 6065 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6066 run_write(sc, RT2860_H2M_MAILBOX, 0); 6067 run_delay(sc, 10); 6068 6069 if (run_bbp_init(sc) != 0) { 6070 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6071 goto fail; 6072 } 6073 6074 /* abort TSF synchronization */ 6075 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6076 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6077 RT2860_TBTT_TIMER_EN); 6078 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6079 6080 /* clear RX WCID search table */ 6081 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6082 /* clear WCID attribute table */ 6083 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6084 6085 /* hostapd sets a key before init. So, don't clear it. */ 6086 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6087 /* clear shared key table */ 6088 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6089 /* clear shared key mode */ 6090 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6091 } 6092 6093 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6094 tmp = (tmp & ~0xff) | 0x1e; 6095 run_write(sc, RT2860_US_CYC_CNT, tmp); 6096 6097 if (sc->mac_rev != 0x0101) 6098 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6099 6100 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6101 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6102 6103 /* write vendor-specific BBP values (from EEPROM) */ 6104 if (sc->mac_ver < 0x3593) { 6105 for (i = 0; i < 10; i++) { 6106 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6107 continue; 6108 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6109 } 6110 } 6111 6112 /* select Main antenna for 1T1R devices */ 6113 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6114 run_set_rx_antenna(sc, 0); 6115 6116 /* send LEDs operating mode to microcontroller */ 6117 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6118 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6119 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6120 6121 if (sc->mac_ver >= 0x5390) 6122 run_rt5390_rf_init(sc); 6123 else if (sc->mac_ver == 0x3593) 6124 run_rt3593_rf_init(sc); 6125 else if (sc->mac_ver >= 0x3070) 6126 run_rt3070_rf_init(sc); 6127 6128 /* disable non-existing Rx chains */ 6129 run_bbp_read(sc, 3, &bbp3); 6130 bbp3 &= ~(1 << 3 | 1 << 4); 6131 if (sc->nrxchains == 2) 6132 bbp3 |= 1 << 3; 6133 else if (sc->nrxchains == 3) 6134 bbp3 |= 1 << 4; 6135 run_bbp_write(sc, 3, bbp3); 6136 6137 /* disable non-existing Tx chains */ 6138 run_bbp_read(sc, 1, &bbp1); 6139 if (sc->ntxchains == 1) 6140 bbp1 &= ~(1 << 3 | 1 << 4); 6141 run_bbp_write(sc, 1, bbp1); 6142 6143 if (sc->mac_ver >= 0x5390) 6144 run_rt5390_rf_setup(sc); 6145 else if (sc->mac_ver == 0x3593) 6146 run_rt3593_rf_setup(sc); 6147 else if (sc->mac_ver >= 0x3070) 6148 run_rt3070_rf_setup(sc); 6149 6150 /* select default channel */ 6151 run_set_chan(sc, ic->ic_curchan); 6152 6153 /* setup initial protection mode */ 6154 run_updateprot_cb(ic); 6155 6156 /* turn radio LED on */ 6157 run_set_leds(sc, RT2860_LED_RADIO); 6158 6159 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 6160 ifp->if_drv_flags |= IFF_DRV_RUNNING; 6161 sc->cmdq_run = RUN_CMDQ_GO; 6162 6163 for (i = 0; i != RUN_N_XFER; i++) 6164 usbd_xfer_set_stall(sc->sc_xfer[i]); 6165 6166 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6167 6168 if (run_txrx_enable(sc) != 0) 6169 goto fail; 6170 6171 return; 6172 6173fail: 6174 run_stop(sc); 6175} 6176 6177static void 6178run_init(void *arg) 6179{ 6180 struct run_softc *sc = arg; 6181 struct ifnet *ifp = sc->sc_ifp; 6182 struct ieee80211com *ic = ifp->if_l2com; 6183 6184 RUN_LOCK(sc); 6185 run_init_locked(sc); 6186 RUN_UNLOCK(sc); 6187 6188 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6189 ieee80211_start_all(ic); 6190} 6191 6192static void 6193run_stop(void *arg) 6194{ 6195 struct run_softc *sc = (struct run_softc *)arg; 6196 struct ifnet *ifp = sc->sc_ifp; 6197 uint32_t tmp; 6198 int i; 6199 int ntries; 6200 6201 RUN_LOCK_ASSERT(sc, MA_OWNED); 6202 6203 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6204 run_set_leds(sc, 0); /* turn all LEDs off */ 6205 6206 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 6207 6208 sc->ratectl_run = RUN_RATECTL_OFF; 6209 sc->cmdq_run = sc->cmdq_key_set; 6210 6211 RUN_UNLOCK(sc); 6212 6213 for(i = 0; i < RUN_N_XFER; i++) 6214 usbd_transfer_drain(sc->sc_xfer[i]); 6215 6216 RUN_LOCK(sc); 6217 6218 if (sc->rx_m != NULL) { 6219 m_free(sc->rx_m); 6220 sc->rx_m = NULL; 6221 } 6222 6223 /* Disable Tx/Rx DMA. */ 6224 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6225 return; 6226 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6227 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6228 6229 for (ntries = 0; ntries < 100; ntries++) { 6230 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6231 return; 6232 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6233 break; 6234 run_delay(sc, 10); 6235 } 6236 if (ntries == 100) { 6237 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6238 return; 6239 } 6240 6241 /* disable Tx/Rx */ 6242 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6243 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6244 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6245 6246 /* wait for pending Tx to complete */ 6247 for (ntries = 0; ntries < 100; ntries++) { 6248 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6249 DPRINTF("Cannot read Tx queue count\n"); 6250 break; 6251 } 6252 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6253 DPRINTF("All Tx cleared\n"); 6254 break; 6255 } 6256 run_delay(sc, 10); 6257 } 6258 if (ntries >= 100) 6259 DPRINTF("There are still pending Tx\n"); 6260 run_delay(sc, 10); 6261 run_write(sc, RT2860_USB_DMA_CFG, 0); 6262 6263 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6264 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6265 6266 for (i = 0; i != RUN_EP_QUEUES; i++) 6267 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6268} 6269 6270static void 6271run_delay(struct run_softc *sc, u_int ms) 6272{ 6273 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6274 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6275} 6276 6277static device_method_t run_methods[] = { 6278 /* Device interface */ 6279 DEVMETHOD(device_probe, run_match), 6280 DEVMETHOD(device_attach, run_attach), 6281 DEVMETHOD(device_detach, run_detach), 6282 DEVMETHOD_END 6283}; 6284 6285static driver_t run_driver = { 6286 .name = "run", 6287 .methods = run_methods, 6288 .size = sizeof(struct run_softc) 6289}; 6290 6291static devclass_t run_devclass; 6292 6293DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6294MODULE_DEPEND(run, wlan, 1, 1, 1); 6295MODULE_DEPEND(run, usb, 1, 1, 1); 6296MODULE_DEPEND(run, firmware, 1, 1, 1); 6297MODULE_VERSION(run, 1); 6298