usb/wlan/if_run.c

178676Ssam/*-
198429Srpaulo * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
178676Ssam * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
178676Ssam * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
178676Ssam *
178676Ssam * Permission to use, copy, modify, and distribute this software for any
178676Ssam * purpose with or without fee is hereby granted, provided that the above
178676Ssam * copyright notice and this permission notice appear in all copies.
178676Ssam *
178676Ssam * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
178676Ssam * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
178676Ssam * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
178676Ssam * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
178676Ssam * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
178676Ssam * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
178676Ssam * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
178676Ssam */
178676Ssam
178676Ssam#include <sys/cdefs.h>
178676Ssam__FBSDID("$FreeBSD: head/sys/dev/usb/wlan/if_run.c 245047 2013-01-04 20:44:17Z hselasky $");
178676Ssam
201209Srpaulo/*-
201209Srpaulo * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver.
178676Ssam * http://www.ralinktech.com/
178676Ssam */
178676Ssam
178676Ssam#include <sys/param.h>
178676Ssam#include <sys/sockio.h>
178676Ssam#include <sys/sysctl.h>
178676Ssam#include <sys/lock.h>
178676Ssam#include <sys/mutex.h>
178676Ssam#include <sys/mbuf.h>
178676Ssam#include <sys/kernel.h>
178676Ssam#include <sys/socket.h>
178676Ssam#include <sys/systm.h>
178676Ssam#include <sys/malloc.h>
178676Ssam#include <sys/module.h>
178676Ssam#include <sys/bus.h>
178676Ssam#include <sys/endian.h>
178676Ssam#include <sys/linker.h>
178676Ssam#include <sys/firmware.h>
178676Ssam#include <sys/kdb.h>
178676Ssam
178676Ssam#include <machine/bus.h>
178676Ssam#include <machine/resource.h>
178676Ssam#include <sys/rman.h>
178676Ssam
178676Ssam#include <net/bpf.h>
178676Ssam#include <net/if.h>
178676Ssam#include <net/if_arp.h>
178676Ssam#include <net/ethernet.h>
178676Ssam#include <net/if_dl.h>
178676Ssam#include <net/if_media.h>
178676Ssam#include <net/if_types.h>
178676Ssam
178676Ssam#include <netinet/in.h>
178676Ssam#include <netinet/in_systm.h>
178676Ssam#include <netinet/in_var.h>
178676Ssam#include <netinet/if_ether.h>
178676Ssam#include <netinet/ip.h>
178676Ssam
178676Ssam#include <net80211/ieee80211_var.h>
178676Ssam#include <net80211/ieee80211_regdomain.h>
178676Ssam#include <net80211/ieee80211_radiotap.h>
178676Ssam#include <net80211/ieee80211_ratectl.h>
178676Ssam
178676Ssam#include <dev/usb/usb.h>
178676Ssam#include <dev/usb/usbdi.h>
178676Ssam#include "usbdevs.h"
206358Srpaulo
178676Ssam#define USB_DEBUG_VAR run_debug
178676Ssam#include <dev/usb/usb_debug.h>
178676Ssam
178676Ssam#include <dev/usb/wlan/if_runreg.h>
220723Sbschmidt#include <dev/usb/wlan/if_runvar.h>
220723Sbschmidt
220723Sbschmidt#define	N(_a) ((int)(sizeof((_a)) / sizeof((_a)[0])))
220723Sbschmidt
220723Sbschmidt#ifdef	USB_DEBUG
220723Sbschmidt#define RUN_DEBUG
220895Sbschmidt#endif
220895Sbschmidt
220895Sbschmidt#ifdef	RUN_DEBUG
220895Sbschmidtint run_debug = 0;
220895Sbschmidtstatic SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
220895SbschmidtSYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
220895Sbschmidt    "run debug level");
220895Sbschmidt#endif
220895Sbschmidt
220895Sbschmidt#define IEEE80211_HAS_ADDR4(wh) \
220895Sbschmidt	(((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
220895Sbschmidt
220895Sbschmidt/*
220895Sbschmidt * Because of LOR in run_key_delete(), use atomic instead.
221634Sbschmidt * '& RUN_CMDQ_MASQ' is to loop cmdq[].
220895Sbschmidt */
220895Sbschmidt#define RUN_CMDQ_GET(c)	(atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
221634Sbschmidt
220895Sbschmidtstatic const STRUCT_USB_HOST_ID run_devs[] = {
220895Sbschmidt#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
220895Sbschmidt    RUN_DEV(ABOCOM,		RT2770),
220895Sbschmidt    RUN_DEV(ABOCOM,		RT2870),
220895Sbschmidt    RUN_DEV(ABOCOM,		RT3070),
220895Sbschmidt    RUN_DEV(ABOCOM,		RT3071),
220895Sbschmidt    RUN_DEV(ABOCOM,		RT3072),
220895Sbschmidt    RUN_DEV(ABOCOM2,		RT2870_1),
220895Sbschmidt    RUN_DEV(ACCTON,		RT2770),
220723Sbschmidt    RUN_DEV(ACCTON,		RT2870_1),
220723Sbschmidt    RUN_DEV(ACCTON,		RT2870_2),
220723Sbschmidt    RUN_DEV(ACCTON,		RT2870_3),
178676Ssam    RUN_DEV(ACCTON,		RT2870_4),
178676Ssam    RUN_DEV(ACCTON,		RT2870_5),
220728Sbschmidt    RUN_DEV(ACCTON,		RT3070),
220728Sbschmidt    RUN_DEV(ACCTON,		RT3070_1),
206477Sbschmidt    RUN_DEV(ACCTON,		RT3070_2),
220723Sbschmidt    RUN_DEV(ACCTON,		RT3070_3),
178676Ssam    RUN_DEV(ACCTON,		RT3070_4),
178676Ssam    RUN_DEV(ACCTON,		RT3070_5),
178676Ssam    RUN_DEV(AIRTIES,		RT3070),
178676Ssam    RUN_DEV(ALLWIN,		RT2070),
178676Ssam    RUN_DEV(ALLWIN,		RT2770),
206474Sbschmidt    RUN_DEV(ALLWIN,		RT2870),
220723Sbschmidt    RUN_DEV(ALLWIN,		RT3070),
220723Sbschmidt    RUN_DEV(ALLWIN,		RT3071),
220723Sbschmidt    RUN_DEV(ALLWIN,		RT3072),
206477Sbschmidt    RUN_DEV(ALLWIN,		RT3572),
206477Sbschmidt    RUN_DEV(AMIGO,		RT2870_1),
206477Sbschmidt    RUN_DEV(AMIGO,		RT2870_2),
206477Sbschmidt    RUN_DEV(AMIT,		CGWLUSB2GNR),
206474Sbschmidt    RUN_DEV(AMIT,		RT2870_1),
178676Ssam    RUN_DEV(AMIT2,		RT2870),
220691Sbschmidt    RUN_DEV(ASUS,		RT2870_1),
178676Ssam    RUN_DEV(ASUS,		RT2870_2),
206477Sbschmidt    RUN_DEV(ASUS,		RT2870_3),
206477Sbschmidt    RUN_DEV(ASUS,		RT2870_4),
206477Sbschmidt    RUN_DEV(ASUS,		RT2870_5),
206477Sbschmidt    RUN_DEV(ASUS,		USBN13),
206477Sbschmidt    RUN_DEV(ASUS,		RT3070_1),
206477Sbschmidt    RUN_DEV(ASUS,		USB_N53),
206477Sbschmidt    RUN_DEV(ASUS2,		USBN11),
206477Sbschmidt    RUN_DEV(AZUREWAVE,		RT2870_1),
206477Sbschmidt    RUN_DEV(AZUREWAVE,		RT2870_2),
206477Sbschmidt    RUN_DEV(AZUREWAVE,		RT3070_1),
206477Sbschmidt    RUN_DEV(AZUREWAVE,		RT3070_2),
206477Sbschmidt    RUN_DEV(AZUREWAVE,		RT3070_3),
178676Ssam    RUN_DEV(BELKIN,		F5D8053V3),
206477Sbschmidt    RUN_DEV(BELKIN,		F5D8055),
206477Sbschmidt    RUN_DEV(BELKIN,		F5D8055V2),
206477Sbschmidt    RUN_DEV(BELKIN,		F6D4050V1),
206477Sbschmidt    RUN_DEV(BELKIN,		RT2870_1),
198429Srpaulo    RUN_DEV(BELKIN,		RT2870_2),
206477Sbschmidt    RUN_DEV(CISCOLINKSYS,	AE1000),
206477Sbschmidt    RUN_DEV(CISCOLINKSYS2,	RT3070),
206477Sbschmidt    RUN_DEV(CISCOLINKSYS3,	RT3070),
206474Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT2870_1),
206474Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT2870_2),
206474Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT2870_3),
220726Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT2870_4),
220723Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT2870_5),
220723Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT2870_6),
220723Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT2870_7),
220723Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT2870_8),
220726Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT3070_1),
206477Sbschmidt    RUN_DEV(CONCEPTRONIC2,	RT3070_2),
206477Sbschmidt    RUN_DEV(CONCEPTRONIC2,	VIGORN61),
198429Srpaulo    RUN_DEV(COREGA,		CGWLUSB300GNM),
220715Sbschmidt    RUN_DEV(COREGA,		RT2870_1),
206477Sbschmidt    RUN_DEV(COREGA,		RT2870_2),
206477Sbschmidt    RUN_DEV(COREGA,		RT2870_3),
220667Sbschmidt    RUN_DEV(COREGA,		RT3070),
206477Sbschmidt    RUN_DEV(CYBERTAN,		RT2870),
198429Srpaulo    RUN_DEV(DLINK,		RT2870),
206477Sbschmidt    RUN_DEV(DLINK,		RT3072),
178676Ssam    RUN_DEV(DLINK2,		DWA130),
206477Sbschmidt    RUN_DEV(DLINK2,		RT2870_1),
201209Srpaulo    RUN_DEV(DLINK2,		RT2870_2),
220674Sbschmidt    RUN_DEV(DLINK2,		RT3070_1),
220674Sbschmidt    RUN_DEV(DLINK2,		RT3070_2),
206477Sbschmidt    RUN_DEV(DLINK2,		RT3070_3),
198429Srpaulo    RUN_DEV(DLINK2,		RT3070_4),
206477Sbschmidt    RUN_DEV(DLINK2,		RT3070_5),
198429Srpaulo    RUN_DEV(DLINK2,		RT3072),
206477Sbschmidt    RUN_DEV(DLINK2,		RT3072_1),
198429Srpaulo    RUN_DEV(EDIMAX,		EW7717),
206477Sbschmidt    RUN_DEV(EDIMAX,		EW7718),
198429Srpaulo    RUN_DEV(EDIMAX,		RT2870_1),
221651Sbschmidt    RUN_DEV(ENCORE,		RT3070_1),
206477Sbschmidt    RUN_DEV(ENCORE,		RT3070_2),
206477Sbschmidt    RUN_DEV(ENCORE,		RT3070_3),
206477Sbschmidt    RUN_DEV(GIGABYTE,		GNWB31N),
206477Sbschmidt    RUN_DEV(GIGABYTE,		GNWB32L),
206477Sbschmidt    RUN_DEV(GIGABYTE,		RT2870_1),
206477Sbschmidt    RUN_DEV(GIGASET,		RT3070_1),
206477Sbschmidt    RUN_DEV(GIGASET,		RT3070_2),
198429Srpaulo    RUN_DEV(GUILLEMOT,		HWNU300),
206477Sbschmidt    RUN_DEV(HAWKING,		HWUN2),
198429Srpaulo    RUN_DEV(HAWKING,		RT2870_1),
206475Sbschmidt    RUN_DEV(HAWKING,		RT2870_2),
206477Sbschmidt    RUN_DEV(HAWKING,		RT3070),
206475Sbschmidt    RUN_DEV(IODATA,		RT3072_1),
206477Sbschmidt    RUN_DEV(IODATA,		RT3072_2),
220720Sbschmidt    RUN_DEV(IODATA,		RT3072_3),
220720Sbschmidt    RUN_DEV(IODATA,		RT3072_4),
220720Sbschmidt    RUN_DEV(LINKSYS4,		RT3070),
220720Sbschmidt    RUN_DEV(LINKSYS4,		WUSB100),
198429Srpaulo    RUN_DEV(LINKSYS4,		WUSB54GCV3),
198429Srpaulo    RUN_DEV(LINKSYS4,		WUSB600N),
206477Sbschmidt    RUN_DEV(LINKSYS4,		WUSB600NV2),
206477Sbschmidt    RUN_DEV(LOGITEC,		RT2870_1),
220667Sbschmidt    RUN_DEV(LOGITEC,		RT2870_2),
206477Sbschmidt    RUN_DEV(LOGITEC,		RT2870_3),
206477Sbschmidt    RUN_DEV(LOGITEC,		LANW300NU2),
206477Sbschmidt    RUN_DEV(LOGITEC,		LANW150NU2),
198429Srpaulo    RUN_DEV(MELCO,		RT2870_1),
206477Sbschmidt    RUN_DEV(MELCO,		RT2870_2),
198429Srpaulo    RUN_DEV(MELCO,		WLIUCAG300N),
220715Sbschmidt    RUN_DEV(MELCO,		WLIUCG300N),
220715Sbschmidt    RUN_DEV(MELCO,		WLIUCG301N),
206477Sbschmidt    RUN_DEV(MELCO,		WLIUCGN),
220721Sbschmidt    RUN_DEV(MELCO,		WLIUCGNM),
201209Srpaulo    RUN_DEV(MELCO,		WLIUCGNM2),
206477Sbschmidt    RUN_DEV(MOTOROLA4,		RT2770),
206477Sbschmidt    RUN_DEV(MOTOROLA4,		RT3070),
206477Sbschmidt    RUN_DEV(MSI,		RT3070_1),
206477Sbschmidt    RUN_DEV(MSI,		RT3070_2),
206477Sbschmidt    RUN_DEV(MSI,		RT3070_3),
201882Skeramida    RUN_DEV(MSI,		RT3070_4),
206477Sbschmidt    RUN_DEV(MSI,		RT3070_5),
201882Skeramida    RUN_DEV(MSI,		RT3070_6),
206477Sbschmidt    RUN_DEV(MSI,		RT3070_7),
206477Sbschmidt    RUN_DEV(MSI,		RT3070_8),
206477Sbschmidt    RUN_DEV(MSI,		RT3070_9),
206477Sbschmidt    RUN_DEV(MSI,		RT3070_10),
206477Sbschmidt    RUN_DEV(MSI,		RT3070_11),
206477Sbschmidt    RUN_DEV(OVISLINK,		RT3072),
206477Sbschmidt    RUN_DEV(PARA,		RT3070),
178676Ssam    RUN_DEV(PEGATRON,		RT2870),
206477Sbschmidt    RUN_DEV(PEGATRON,		RT3070),
206477Sbschmidt    RUN_DEV(PEGATRON,		RT3070_2),
206477Sbschmidt    RUN_DEV(PEGATRON,		RT3070_3),
206477Sbschmidt    RUN_DEV(PHILIPS,		RT2870),
206477Sbschmidt    RUN_DEV(PLANEX2,		GWUS300MINIS),
178676Ssam    RUN_DEV(PLANEX2,		GWUSMICRON),
206477Sbschmidt    RUN_DEV(PLANEX2,		RT2870),
206477Sbschmidt    RUN_DEV(PLANEX2,		RT3070),
220662Sbschmidt    RUN_DEV(QCOM,		RT2870),
220891Sbschmidt    RUN_DEV(QUANTA,		RT3070),
206477Sbschmidt    RUN_DEV(RALINK,		RT2070),
220634Sbschmidt    RUN_DEV(RALINK,		RT2770),
206477Sbschmidt    RUN_DEV(RALINK,		RT2870),
206477Sbschmidt    RUN_DEV(RALINK,		RT3070),
206477Sbschmidt    RUN_DEV(RALINK,		RT3071),
221650Sbschmidt    RUN_DEV(RALINK,		RT3072),
221650Sbschmidt    RUN_DEV(RALINK,		RT3370),
221650Sbschmidt    RUN_DEV(RALINK,		RT3572),
221650Sbschmidt    RUN_DEV(RALINK,		RT8070),
221651Sbschmidt    RUN_DEV(SAMSUNG,		WIS09ABGN),
221651Sbschmidt    RUN_DEV(SAMSUNG2,		RT2870_1),
221651Sbschmidt    RUN_DEV(SENAO,		RT2870_1),
221651Sbschmidt    RUN_DEV(SENAO,		RT2870_2),
206474Sbschmidt    RUN_DEV(SENAO,		RT2870_3),
206474Sbschmidt    RUN_DEV(SENAO,		RT2870_4),
221651Sbschmidt    RUN_DEV(SENAO,		RT3070),
221651Sbschmidt    RUN_DEV(SENAO,		RT3071),
206474Sbschmidt    RUN_DEV(SENAO,		RT3072_1),
221651Sbschmidt    RUN_DEV(SENAO,		RT3072_2),
221651Sbschmidt    RUN_DEV(SENAO,		RT3072_3),
220726Sbschmidt    RUN_DEV(SENAO,		RT3072_4),
206474Sbschmidt    RUN_DEV(SENAO,		RT3072_5),
221651Sbschmidt    RUN_DEV(SITECOMEU,		RT2770),
221651Sbschmidt    RUN_DEV(SITECOMEU,		RT2870_1),
220726Sbschmidt    RUN_DEV(SITECOMEU,		RT2870_2),
220674Sbschmidt    RUN_DEV(SITECOMEU,		RT2870_3),
220674Sbschmidt    RUN_DEV(SITECOMEU,		RT2870_4),
206477Sbschmidt    RUN_DEV(SITECOMEU,		RT3070),
220677Sbschmidt    RUN_DEV(SITECOMEU,		RT3070_2),
220676Sbschmidt    RUN_DEV(SITECOMEU,		RT3070_3),
206477Sbschmidt    RUN_DEV(SITECOMEU,		RT3070_4),
206477Sbschmidt    RUN_DEV(SITECOMEU,		RT3071),
206477Sbschmidt    RUN_DEV(SITECOMEU,		RT3072_1),
198429Srpaulo    RUN_DEV(SITECOMEU,		RT3072_2),
206477Sbschmidt    RUN_DEV(SITECOMEU,		RT3072_3),
206477Sbschmidt    RUN_DEV(SITECOMEU,		RT3072_4),
198429Srpaulo    RUN_DEV(SITECOMEU,		RT3072_5),
206477Sbschmidt    RUN_DEV(SITECOMEU,		RT3072_6),
210111Sbschmidt    RUN_DEV(SITECOMEU,		WL608),
210111Sbschmidt    RUN_DEV(SPARKLAN,		RT2870_1),
210111Sbschmidt    RUN_DEV(SPARKLAN,		RT3070),
210111Sbschmidt    RUN_DEV(SWEEX2,		LW153),
206477Sbschmidt    RUN_DEV(SWEEX2,		LW303),
206477Sbschmidt    RUN_DEV(SWEEX2,		LW313),
206477Sbschmidt    RUN_DEV(TOSHIBA,		RT3070),
206477Sbschmidt    RUN_DEV(UMEDIA,		RT2870_1),
206477Sbschmidt    RUN_DEV(ZCOM,		RT2870_1),
206477Sbschmidt    RUN_DEV(ZCOM,		RT2870_2),
206477Sbschmidt    RUN_DEV(ZINWELL,		RT2870_1),
206477Sbschmidt    RUN_DEV(ZINWELL,		RT2870_2),
206477Sbschmidt    RUN_DEV(ZINWELL,		RT3070),
206477Sbschmidt    RUN_DEV(ZINWELL,		RT3072_1),
220723Sbschmidt    RUN_DEV(ZINWELL,		RT3072_2),
220723Sbschmidt    RUN_DEV(ZYXEL,		RT2870_1),
206477Sbschmidt    RUN_DEV(ZYXEL,		RT2870_2),
206477Sbschmidt#undef RUN_DEV
206477Sbschmidt};
206477Sbschmidt
220726Sbschmidtstatic device_probe_t	run_match;
220726Sbschmidtstatic device_attach_t	run_attach;
220726Sbschmidtstatic device_detach_t	run_detach;
220726Sbschmidt
220726Sbschmidtstatic usb_callback_t	run_bulk_rx_callback;
198429Srpaulostatic usb_callback_t	run_bulk_tx_callback0;
178676Ssamstatic usb_callback_t	run_bulk_tx_callback1;
178676Ssamstatic usb_callback_t	run_bulk_tx_callback2;
178676Ssamstatic usb_callback_t	run_bulk_tx_callback3;
178676Ssamstatic usb_callback_t	run_bulk_tx_callback4;
178676Ssamstatic usb_callback_t	run_bulk_tx_callback5;
178676Ssam
178676Ssamstatic void	run_bulk_tx_callbackN(struct usb_xfer *xfer,
178676Ssam		    usb_error_t error, unsigned int index);
178676Ssamstatic struct ieee80211vap *run_vap_create(struct ieee80211com *,
178676Ssam		    const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
178676Ssam		    const uint8_t [IEEE80211_ADDR_LEN],
178676Ssam		    const uint8_t [IEEE80211_ADDR_LEN]);
178676Ssamstatic void	run_vap_delete(struct ieee80211vap *);
178676Ssamstatic void	run_cmdq_cb(void *, int);
178676Ssamstatic void	run_setup_tx_list(struct run_softc *,
178676Ssam		    struct run_endpoint_queue *);
178676Ssamstatic void	run_unsetup_tx_list(struct run_softc *,
178676Ssam		    struct run_endpoint_queue *);
178676Ssamstatic int	run_load_microcode(struct run_softc *);
178676Ssamstatic int	run_reset(struct run_softc *);
178676Ssamstatic usb_error_t run_do_request(struct run_softc *,
178676Ssam		    struct usb_device_request *, void *);
178676Ssamstatic int	run_read(struct run_softc *, uint16_t, uint32_t *);
178676Ssamstatic int	run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
178676Ssamstatic int	run_write_2(struct run_softc *, uint16_t, uint16_t);
178676Ssamstatic int	run_write(struct run_softc *, uint16_t, uint32_t);
220723Sbschmidtstatic int	run_write_region_1(struct run_softc *, uint16_t,
220723Sbschmidt		    const uint8_t *, int);
220723Sbschmidtstatic int	run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
220723Sbschmidtstatic int	run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
220723Sbschmidtstatic int	run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
220723Sbschmidtstatic int	run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t);
220723Sbschmidtstatic int	run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
220723Sbschmidtstatic int	run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
220723Sbschmidtstatic int	run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
220723Sbschmidtstatic int	run_bbp_write(struct run_softc *, uint8_t, uint8_t);
220723Sbschmidtstatic int	run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
220723Sbschmidtstatic const char *run_get_rf(int);
220723Sbschmidtstatic int	run_read_eeprom(struct run_softc *);
220723Sbschmidtstatic struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
220723Sbschmidt			    const uint8_t mac[IEEE80211_ADDR_LEN]);
220723Sbschmidtstatic int	run_media_change(struct ifnet *);
220723Sbschmidtstatic int	run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
220723Sbschmidtstatic int	run_wme_update(struct ieee80211com *);
220723Sbschmidtstatic void	run_wme_update_cb(void *);
220723Sbschmidtstatic void	run_key_update_begin(struct ieee80211vap *);
220723Sbschmidtstatic void	run_key_update_end(struct ieee80211vap *);
220723Sbschmidtstatic void	run_key_set_cb(void *);
220723Sbschmidtstatic int	run_key_set(struct ieee80211vap *, struct ieee80211_key *,
220723Sbschmidt			    const uint8_t mac[IEEE80211_ADDR_LEN]);
220723Sbschmidtstatic void	run_key_delete_cb(void *);
220723Sbschmidtstatic int	run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
220723Sbschmidtstatic void	run_ratectl_to(void *);
220723Sbschmidtstatic void	run_ratectl_cb(void *, int);
220723Sbschmidtstatic void	run_drain_fifo(void *);
220723Sbschmidtstatic void	run_iter_func(void *, struct ieee80211_node *);
220723Sbschmidtstatic void	run_newassoc_cb(void *);
220723Sbschmidtstatic void	run_newassoc(struct ieee80211_node *, int);
220723Sbschmidtstatic void	run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
220723Sbschmidtstatic void	run_tx_free(struct run_endpoint_queue *pq,
220723Sbschmidt		    struct run_tx_data *, int);
220723Sbschmidtstatic void	run_set_tx_desc(struct run_softc *, struct run_tx_data *);
220723Sbschmidtstatic int	run_tx(struct run_softc *, struct mbuf *,
220723Sbschmidt		    struct ieee80211_node *);
220723Sbschmidtstatic int	run_tx_mgt(struct run_softc *, struct mbuf *,
220723Sbschmidt		    struct ieee80211_node *);
220723Sbschmidtstatic int	run_sendprot(struct run_softc *, const struct mbuf *,
220723Sbschmidt		    struct ieee80211_node *, int, int);
178676Ssamstatic int	run_tx_param(struct run_softc *, struct mbuf *,
178676Ssam		    struct ieee80211_node *,
178676Ssam		    const struct ieee80211_bpf_params *);
178676Ssamstatic int	run_raw_xmit(struct ieee80211_node *, struct mbuf *,
220723Sbschmidt		    const struct ieee80211_bpf_params *);
220723Sbschmidtstatic void	run_start(struct ifnet *);
220723Sbschmidtstatic int	run_ioctl(struct ifnet *, u_long, caddr_t);
220723Sbschmidtstatic void	run_set_agc(struct run_softc *, uint8_t);
220723Sbschmidtstatic void	run_select_chan_group(struct run_softc *, int);
220723Sbschmidtstatic void	run_set_rx_antenna(struct run_softc *, int);
220723Sbschmidtstatic void	run_rt2870_set_chan(struct run_softc *, u_int);
220723Sbschmidtstatic void	run_rt3070_set_chan(struct run_softc *, u_int);
220723Sbschmidtstatic void	run_rt3572_set_chan(struct run_softc *, u_int);
178676Ssamstatic int	run_set_chan(struct run_softc *, struct ieee80211_channel *);
178676Ssamstatic void	run_set_channel(struct ieee80211com *);
220723Sbschmidtstatic void	run_scan_start(struct ieee80211com *);
220723Sbschmidtstatic void	run_scan_end(struct ieee80211com *);
220723Sbschmidtstatic void	run_update_beacon(struct ieee80211vap *, int);
220726Sbschmidtstatic void	run_update_beacon_cb(void *);
178676Ssamstatic void	run_updateprot(struct ieee80211com *);
220723Sbschmidtstatic void	run_updateprot_cb(void *);
178676Ssamstatic void	run_usb_timeout_cb(void *);
220723Sbschmidtstatic void	run_reset_livelock(struct run_softc *);
220726Sbschmidtstatic void	run_enable_tsf_sync(struct run_softc *);
220723Sbschmidtstatic void	run_enable_mrr(struct run_softc *);
220723Sbschmidtstatic void	run_set_txpreamble(struct run_softc *);
220723Sbschmidtstatic void	run_set_basicrates(struct run_softc *);
220723Sbschmidtstatic void	run_set_leds(struct run_softc *, uint16_t);
178676Ssamstatic void	run_set_bssid(struct run_softc *, const uint8_t *);
178676Ssamstatic void	run_set_macaddr(struct run_softc *, const uint8_t *);
178676Ssamstatic void	run_updateslot(struct ifnet *);
198429Srpaulostatic void	run_updateslot_cb(void *);
178676Ssamstatic void	run_update_mcast(struct ifnet *);
198429Srpaulostatic int8_t	run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
198429Srpaulostatic void	run_update_promisc_locked(struct ifnet *);
198429Srpaulostatic void	run_update_promisc(struct ifnet *);
198429Srpaulostatic int	run_bbp_init(struct run_softc *);
198429Srpaulostatic int	run_rt3070_rf_init(struct run_softc *);
198429Srpaulostatic int	run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
198429Srpaulo		    uint8_t *);
198429Srpaulostatic void	run_rt3070_rf_setup(struct run_softc *);
178676Ssamstatic int	run_txrx_enable(struct run_softc *);
178676Ssamstatic void	run_init(void *);
178676Ssamstatic void	run_init_locked(struct run_softc *);
178676Ssamstatic void	run_stop(void *);
178676Ssamstatic void	run_delay(struct run_softc *, unsigned int);
178676Ssam
178676Ssamstatic const struct {
178676Ssam	uint16_t	reg;
220721Sbschmidt	uint32_t	val;
184233Smav} rt2870_def_mac[] = {
190526Ssam	RT2870_DEF_MAC
178676Ssam};
178676Ssam
178676Ssamstatic const struct {
198429Srpaulo	uint8_t	reg;
198429Srpaulo	uint8_t	val;
198429Srpaulo} rt2860_def_bbp[] = {
198429Srpaulo	RT2860_DEF_BBP
219902Sjhb};
198429Srpaulo
198429Srpaulostatic const struct rfprog {
198429Srpaulo	uint8_t		chan;
178676Ssam	uint32_t	r1, r2, r3, r4;
178676Ssam} rt2860_rf2850[] = {
198429Srpaulo	RT2860_RF2850
178676Ssam};
178676Ssam
198429Srpaulostruct {
220721Sbschmidt	uint8_t	n, r, k;
220721Sbschmidt} rt3070_freqs[] = {
198429Srpaulo	RT3070_RF3052
198429Srpaulo};
220721Sbschmidt
220721Sbschmidtstatic const struct {
198429Srpaulo	uint8_t	reg;
198429Srpaulo	uint8_t	val;
198429Srpaulo} rt3070_def_rf[] = {
178676Ssam	RT3070_DEF_RF
178676Ssam},rt3572_def_rf[] = {
198429Srpaulo	RT3572_DEF_RF
178676Ssam};
198429Srpaulo
220726Sbschmidtstatic const struct usb_config run_config[RUN_N_XFER] = {
220724Sbschmidt    [RUN_BULK_TX_BE] = {
198429Srpaulo	.type = UE_BULK,
178676Ssam	.endpoint = UE_ADDR_ANY,
178676Ssam	.ep_index = 0,
178676Ssam	.direction = UE_DIR_OUT,
178676Ssam	.bufsize = RUN_MAX_TXSZ,
220726Sbschmidt	.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
178676Ssam	.callback = run_bulk_tx_callback0,
184233Smav	.timeout = 5000,	/* ms */
184233Smav    },
184233Smav    [RUN_BULK_TX_BK] = {
220725Sbschmidt	.type = UE_BULK,
178676Ssam	.endpoint = UE_ADDR_ANY,
198429Srpaulo	.direction = UE_DIR_OUT,
178676Ssam	.ep_index = 1,
220724Sbschmidt	.bufsize = RUN_MAX_TXSZ,
178676Ssam	.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
198429Srpaulo	.callback = run_bulk_tx_callback1,
178676Ssam	.timeout = 5000,	/* ms */
178676Ssam    },
178676Ssam    [RUN_BULK_TX_VI] = {
178676Ssam	.type = UE_BULK,
220728Sbschmidt	.endpoint = UE_ADDR_ANY,
220728Sbschmidt	.direction = UE_DIR_OUT,
220728Sbschmidt	.ep_index = 2,
220728Sbschmidt	.bufsize = RUN_MAX_TXSZ,
220728Sbschmidt	.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
220728Sbschmidt	.callback = run_bulk_tx_callback2,
220728Sbschmidt	.timeout = 5000,	/* ms */
220728Sbschmidt    },
220728Sbschmidt    [RUN_BULK_TX_VO] = {
198429Srpaulo	.type = UE_BULK,
198429Srpaulo	.endpoint = UE_ADDR_ANY,
198429Srpaulo	.direction = UE_DIR_OUT,
220726Sbschmidt	.ep_index = 3,
198429Srpaulo	.bufsize = RUN_MAX_TXSZ,
178676Ssam	.flags = {.pipe_bof = 1,.force_short_xfer = 1,},
178676Ssam	.callback = run_bulk_tx_callback3,
178676Ssam	.timeout = 5000,	/* ms */
198429Srpaulo    },
220726Sbschmidt    [RUN_BULK_TX_HCCA] = {
178676Ssam	.type = UE_BULK,
198429Srpaulo	.endpoint = UE_ADDR_ANY,
198429Srpaulo	.direction = UE_DIR_OUT,
178676Ssam	.ep_index = 4,
178676Ssam	.bufsize = RUN_MAX_TXSZ,
178676Ssam	.flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
198429Srpaulo	.callback = run_bulk_tx_callback4,
220726Sbschmidt	.timeout = 5000,	/* ms */
178676Ssam    },
220724Sbschmidt    [RUN_BULK_TX_PRIO] = {
178676Ssam	.type = UE_BULK,
178676Ssam	.endpoint = UE_ADDR_ANY,
178676Ssam	.direction = UE_DIR_OUT,
201209Srpaulo	.ep_index = 5,
201209Srpaulo	.bufsize = RUN_MAX_TXSZ,
201209Srpaulo	.flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
220724Sbschmidt	.callback = run_bulk_tx_callback5,
220724Sbschmidt	.timeout = 5000,	/* ms */
201209Srpaulo    },
201209Srpaulo    [RUN_BULK_RX] = {
201209Srpaulo	.type = UE_BULK,
198429Srpaulo	.endpoint = UE_ADDR_ANY,
220726Sbschmidt	.direction = UE_DIR_IN,
178676Ssam	.bufsize = RUN_MAX_RXSZ,
220726Sbschmidt	.flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
178676Ssam	.callback = run_bulk_rx_callback,
178676Ssam    }
178676Ssam};
220725Sbschmidt
220728Sbschmidtstatic int
220726Sbschmidtrun_match(device_t self)
178676Ssam{
220724Sbschmidt	struct usb_attach_arg *uaa = device_get_ivars(self);
220724Sbschmidt
178676Ssam	if (uaa->usb_mode != USB_MODE_HOST)
178676Ssam		return (ENXIO);
178676Ssam	if (uaa->info.bConfigIndex != 0)
178676Ssam		return (ENXIO);
198429Srpaulo	if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
220726Sbschmidt		return (ENXIO);
220724Sbschmidt
220724Sbschmidt	return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
178676Ssam}
178676Ssam
178676Ssamstatic int
198429Srpaulorun_attach(device_t self)
198429Srpaulo{
198429Srpaulo	struct run_softc *sc = device_get_softc(self);
178676Ssam	struct usb_attach_arg *uaa = device_get_ivars(self);
178676Ssam	struct ieee80211com *ic;
178676Ssam	struct ifnet *ifp;
178676Ssam	uint32_t ver;
178676Ssam	int i, ntries, error;
220726Sbschmidt	uint8_t iface_index, bands;
178676Ssam
198429Srpaulo	device_set_usb_desc(self);
178676Ssam	sc->sc_udev = uaa->device;
178676Ssam	sc->sc_dev = self;
178676Ssam
198429Srpaulo	mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
178676Ssam	    MTX_NETWORK_LOCK, MTX_DEF);
178957Ssam
178957Ssam	iface_index = RT2860_IFACE_INDEX;
178676Ssam
178676Ssam	error = usbd_transfer_setup(uaa->device, &iface_index,
178676Ssam	    sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
178676Ssam	if (error) {
178676Ssam		device_printf(self, "could not allocate USB transfers, "
178676Ssam		    "err=%s\n", usbd_errstr(error));
178676Ssam		goto detach;
178676Ssam	}
178676Ssam
221640Sbschmidt	RUN_LOCK(sc);
221640Sbschmidt
221640Sbschmidt	/* wait for the chip to settle */
221642Sbschmidt	for (ntries = 0; ntries < 100; ntries++) {
221642Sbschmidt		if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
221642Sbschmidt			RUN_UNLOCK(sc);
221642Sbschmidt			goto detach;
221642Sbschmidt		}
221642Sbschmidt		if (ver != 0 && ver != 0xffffffff)
221642Sbschmidt			break;
221642Sbschmidt		run_delay(sc, 10);
221642Sbschmidt	}
221642Sbschmidt	if (ntries == 100) {
221642Sbschmidt		device_printf(sc->sc_dev,
221642Sbschmidt		    "timeout waiting for NIC to initialize\n");
221642Sbschmidt		RUN_UNLOCK(sc);
221642Sbschmidt		goto detach;
221642Sbschmidt	}
221642Sbschmidt	sc->mac_ver = ver >> 16;
221642Sbschmidt	sc->mac_rev = ver & 0xffff;
221642Sbschmidt
221642Sbschmidt	/* retrieve RF rev. no and various other things from EEPROM */
221642Sbschmidt	run_read_eeprom(sc);
221642Sbschmidt
221642Sbschmidt	device_printf(sc->sc_dev,
221657Sbschmidt	    "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
221657Sbschmidt	    sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
221657Sbschmidt	    sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid));
221657Sbschmidt
221657Sbschmidt	RUN_UNLOCK(sc);
221657Sbschmidt
221657Sbschmidt	ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
221657Sbschmidt	if (ifp == NULL) {
221657Sbschmidt		device_printf(sc->sc_dev, "can not if_alloc()\n");
221657Sbschmidt		goto detach;
201209Srpaulo	}
221657Sbschmidt	ic = ifp->if_l2com;
221657Sbschmidt
221657Sbschmidt	ifp->if_softc = sc;
178678Ssam	if_initname(ifp, "run", device_get_unit(sc->sc_dev));
201209Srpaulo	ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
221657Sbschmidt	ifp->if_init = run_init;
221657Sbschmidt	ifp->if_ioctl = run_ioctl;
221657Sbschmidt	ifp->if_start = run_start;
221657Sbschmidt	IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
221657Sbschmidt	ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
201209Srpaulo	IFQ_SET_READY(&ifp->if_snd);
221657Sbschmidt
221657Sbschmidt	ic->ic_ifp = ifp;
201209Srpaulo	ic->ic_phytype = IEEE80211_T_OFDM;	/* not only, but not used */
178676Ssam	ic->ic_opmode = IEEE80211_M_STA;	/* default to BSS mode */
178676Ssam
178676Ssam	/* set device capabilities */
178676Ssam	ic->ic_caps =
178676Ssam	    IEEE80211_C_STA |		/* station mode supported */
178676Ssam	    IEEE80211_C_MONITOR |	/* monitor mode supported */
207554Ssobomax	    IEEE80211_C_IBSS |
207554Ssobomax	    IEEE80211_C_HOSTAP |
178676Ssam	    IEEE80211_C_WDS |		/* 4-address traffic works */
178676Ssam	    IEEE80211_C_MBSS |
190526Ssam	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
178676Ssam	    IEEE80211_C_SHSLOT |	/* short slot time supported */
178676Ssam	    IEEE80211_C_WME |		/* WME */
178676Ssam	    IEEE80211_C_WPA;		/* WPA1|WPA2(RSN) */
178676Ssam
221650Sbschmidt	ic->ic_cryptocaps =
220723Sbschmidt	    IEEE80211_CRYPTO_WEP |
221650Sbschmidt	    IEEE80211_CRYPTO_AES_CCM |
220723Sbschmidt	    IEEE80211_CRYPTO_TKIPMIC |
221651Sbschmidt	    IEEE80211_CRYPTO_TKIP;
221651Sbschmidt
221651Sbschmidt	ic->ic_flags |= IEEE80211_F_DATAPAD;
221651Sbschmidt	ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
221651Sbschmidt
221651Sbschmidt	bands = 0;
220715Sbschmidt	setbit(&bands, IEEE80211_MODE_11B);
220721Sbschmidt	setbit(&bands, IEEE80211_MODE_11G);
201209Srpaulo	ieee80211_init_channels(ic, NULL, &bands);
198429Srpaulo
198429Srpaulo	/*
198429Srpaulo	 * Do this by own because h/w supports
198429Srpaulo	 * more channels than ieee80211_init_channels()
198429Srpaulo	 */
201209Srpaulo	if (sc->rf_rev == RT2860_RF_2750 ||
178676Ssam	    sc->rf_rev == RT2860_RF_2850 ||
198429Srpaulo	    sc->rf_rev == RT3070_RF_3052) {
220667Sbschmidt		/* set supported .11a rates */
220667Sbschmidt		for (i = 14; i < N(rt2860_rf2850); i++) {
220667Sbschmidt			uint8_t chan = rt2860_rf2850[i].chan;
220726Sbschmidt			ic->ic_channels[ic->ic_nchans].ic_freq =
220726Sbschmidt			    ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A);
220726Sbschmidt			ic->ic_channels[ic->ic_nchans].ic_ieee = chan;
220667Sbschmidt			ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A;
178676Ssam			ic->ic_channels[ic->ic_nchans].ic_extieee = 0;
178676Ssam			ic->ic_nchans++;
198429Srpaulo		}
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	ieee80211_ifattach(ic, sc->sc_bssid);
178676Ssam
198429Srpaulo	ic->ic_scan_start = run_scan_start;
220724Sbschmidt	ic->ic_scan_end = run_scan_end;
198429Srpaulo	ic->ic_set_channel = run_set_channel;
198429Srpaulo	ic->ic_node_alloc = run_node_alloc;
198429Srpaulo	ic->ic_newassoc = run_newassoc;
178676Ssam	ic->ic_updateslot = run_updateslot;
220724Sbschmidt	ic->ic_update_mcast = run_update_mcast;
220724Sbschmidt	ic->ic_wme.wme_update = run_wme_update;
178676Ssam	ic->ic_raw_xmit = run_raw_xmit;
178676Ssam	ic->ic_update_promisc = run_update_promisc;
220635Sbschmidt
178676Ssam	ic->ic_vap_create = run_vap_create;
178676Ssam	ic->ic_vap_delete = run_vap_delete;
178676Ssam
220728Sbschmidt	ieee80211_radiotap_attach(ic,
220728Sbschmidt	    &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
178676Ssam		RUN_TX_RADIOTAP_PRESENT,
220728Sbschmidt	    &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
198429Srpaulo		RUN_RX_RADIOTAP_PRESENT);
220728Sbschmidt
220728Sbschmidt	TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
220728Sbschmidt	TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
220728Sbschmidt	callout_init((struct callout *)&sc->ratectl_ch, 1);
220728Sbschmidt
220728Sbschmidt	if (bootverbose)
220728Sbschmidt		ieee80211_announce(ic);
220728Sbschmidt
220728Sbschmidt	return (0);
220728Sbschmidt
220728Sbschmidtdetach:
220728Sbschmidt	run_detach(self);
220728Sbschmidt	return (ENXIO);
220728Sbschmidt}
220728Sbschmidt
221651Sbschmidtstatic int
220728Sbschmidtrun_detach(device_t self)
220728Sbschmidt{
220728Sbschmidt	struct run_softc *sc = device_get_softc(self);
220728Sbschmidt	struct ifnet *ifp = sc->sc_ifp;
220728Sbschmidt	struct ieee80211com *ic;
220728Sbschmidt	int i;
220728Sbschmidt
220728Sbschmidt	/* stop all USB transfers */
220728Sbschmidt	usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
220728Sbschmidt
220728Sbschmidt	RUN_LOCK(sc);
220728Sbschmidt
220728Sbschmidt	sc->ratectl_run = RUN_RATECTL_OFF;
220728Sbschmidt	sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
220728Sbschmidt
220728Sbschmidt	/* free TX list, if any */
220728Sbschmidt	for (i = 0; i != RUN_EP_QUEUES; i++)
220728Sbschmidt		run_unsetup_tx_list(sc, &sc->sc_epq[i]);
220728Sbschmidt	RUN_UNLOCK(sc);
220728Sbschmidt
220728Sbschmidt	if (ifp) {
220728Sbschmidt		ic = ifp->if_l2com;
220728Sbschmidt		/* drain tasks */
220728Sbschmidt		usb_callout_drain(&sc->ratectl_ch);
220728Sbschmidt		ieee80211_draintask(ic, &sc->cmdq_task);
220728Sbschmidt		ieee80211_draintask(ic, &sc->ratectl_task);
220728Sbschmidt		ieee80211_ifdetach(ic);
220728Sbschmidt		if_free(ifp);
220728Sbschmidt	}
220728Sbschmidt
220728Sbschmidt	mtx_destroy(&sc->sc_mtx);
220728Sbschmidt
220728Sbschmidt	return (0);
220728Sbschmidt}
220728Sbschmidt
220728Sbschmidtstatic struct ieee80211vap *
220728Sbschmidtrun_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
221651Sbschmidt    enum ieee80211_opmode opmode, int flags,
220728Sbschmidt    const uint8_t bssid[IEEE80211_ADDR_LEN],
220728Sbschmidt    const uint8_t mac[IEEE80211_ADDR_LEN])
220728Sbschmidt{
220728Sbschmidt	struct ifnet *ifp = ic->ic_ifp;
220728Sbschmidt	struct run_softc *sc = ifp->if_softc;
220728Sbschmidt	struct run_vap *rvp;
220728Sbschmidt	struct ieee80211vap *vap;
220728Sbschmidt	int i;
220866Sbschmidt
220866Sbschmidt	if (sc->rvp_cnt >= RUN_VAP_MAX) {
220728Sbschmidt		if_printf(ifp, "number of VAPs maxed out\n");
198429Srpaulo		return (NULL);
198429Srpaulo	}
201209Srpaulo
198439Srpaulo	switch (opmode) {
220727Sbschmidt	case IEEE80211_M_STA:
201209Srpaulo		/* enable s/w bmiss handling for sta mode */
201209Srpaulo		flags |= IEEE80211_CLONE_NOBEACONS;
198429Srpaulo		/* fall though */
198429Srpaulo	case IEEE80211_M_IBSS:
201209Srpaulo	case IEEE80211_M_MONITOR:
198439Srpaulo	case IEEE80211_M_HOSTAP:
198429Srpaulo	case IEEE80211_M_MBSS:
198429Srpaulo		/* other than WDS vaps, only one at a time */
198429Srpaulo		if (!TAILQ_EMPTY(&ic->ic_vaps))
201209Srpaulo			return (NULL);
198439Srpaulo		break;
198429Srpaulo	case IEEE80211_M_WDS:
198429Srpaulo		TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
206444Sbschmidt			if(vap->iv_opmode != IEEE80211_M_HOSTAP)
198439Srpaulo				continue;
198429Srpaulo			/* WDS vap's always share the local mac address. */
198429Srpaulo			flags &= ~IEEE80211_CLONE_BSSID;
201209Srpaulo			break;
198439Srpaulo		}
220728Sbschmidt		if (vap == NULL) {
201209Srpaulo			if_printf(ifp, "wds only supported in ap mode\n");
220727Sbschmidt			return (NULL);
201209Srpaulo		}
201209Srpaulo		break;
201209Srpaulo	default:
198429Srpaulo		if_printf(ifp, "unknown opmode %d\n", opmode);
198429Srpaulo		return (NULL);
201209Srpaulo	}
210109Sbschmidt
220867Sbschmidt	rvp = (struct run_vap *) malloc(sizeof(struct run_vap),
220867Sbschmidt	    M_80211_VAP, M_NOWAIT | M_ZERO);
220867Sbschmidt	if (rvp == NULL)
198429Srpaulo		return (NULL);
210109Sbschmidt	vap = &rvp->vap;
210109Sbschmidt	ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac);
220894Sbschmidt
220894Sbschmidt	vap->iv_key_update_begin = run_key_update_begin;
220891Sbschmidt	vap->iv_key_update_end = run_key_update_end;
220894Sbschmidt	vap->iv_update_beacon = run_update_beacon;
220894Sbschmidt	vap->iv_max_aid = RT2870_WCID_MAX;
210109Sbschmidt	/*
198429Srpaulo	 * To delete the right key from h/w, we need wcid.
198429Srpaulo	 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
198429Srpaulo	 * and matching wcid will be written into there. So, cast
220728Sbschmidt	 * some spells to remove 'const' from ieee80211_key{}
198429Srpaulo	 */
220728Sbschmidt	vap->iv_key_delete = (void *)run_key_delete;
178676Ssam	vap->iv_key_set = (void *)run_key_set;
178676Ssam
178676Ssam	/* override state transition machine */
198429Srpaulo	rvp->newstate = vap->iv_newstate;
178676Ssam	vap->iv_newstate = run_newstate;
206477Sbschmidt
198429Srpaulo	ieee80211_ratectl_init(vap);
178676Ssam	ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
178676Ssam
178676Ssam	/* complete setup */
178676Ssam	ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
198429Srpaulo
198429Srpaulo	/* make sure id is always unique */
198429Srpaulo	for (i = 0; i < RUN_VAP_MAX; i++) {
198429Srpaulo		if((sc->rvp_bmap & 1 << i) == 0){
198429Srpaulo			sc->rvp_bmap |= 1 << i;
178676Ssam			rvp->rvp_id = i;
178676Ssam			break;
220723Sbschmidt		}
220723Sbschmidt	}
220723Sbschmidt	if (sc->rvp_cnt++ == 0)
220723Sbschmidt		ic->ic_opmode = opmode;
220723Sbschmidt
220723Sbschmidt	if (opmode == IEEE80211_M_HOSTAP)
220723Sbschmidt		sc->cmdq_run = RUN_CMDQ_GO;
220723Sbschmidt
220723Sbschmidt	DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
220723Sbschmidt	    rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
220723Sbschmidt
220723Sbschmidt	return (vap);
220723Sbschmidt}
178676Ssam
178676Ssamstatic void
220726Sbschmidtrun_vap_delete(struct ieee80211vap *vap)
220726Sbschmidt{
220726Sbschmidt	struct run_vap *rvp = RUN_VAP(vap);
178676Ssam	struct ifnet *ifp;
178676Ssam	struct ieee80211com *ic;
178676Ssam	struct run_softc *sc;
178676Ssam	uint8_t rvp_id;
178676Ssam
178676Ssam	if (vap == NULL)
178676Ssam		return;
178676Ssam
178676Ssam	ic = vap->iv_ic;
178676Ssam	ifp = ic->ic_ifp;
178676Ssam
178676Ssam	sc = ifp->if_softc;
178676Ssam
198429Srpaulo	RUN_LOCK(sc);
178676Ssam
178676Ssam	m_freem(rvp->beacon_mbuf);
178676Ssam	rvp->beacon_mbuf = NULL;
206358Srpaulo
198429Srpaulo	rvp_id = rvp->rvp_id;
206476Sbschmidt	sc->ratectl_run &= ~(1 << rvp_id);
178676Ssam	sc->rvp_bmap &= ~(1 << rvp_id);
178676Ssam	run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
178676Ssam	run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
178676Ssam	--sc->rvp_cnt;
178676Ssam
178676Ssam	DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
178676Ssam	    vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
178676Ssam
178676Ssam	RUN_UNLOCK(sc);
206358Srpaulo
178676Ssam	ieee80211_ratectl_deinit(vap);
178676Ssam	ieee80211_vap_detach(vap);
178676Ssam	free(rvp, M_80211_VAP);
178676Ssam}
206477Sbschmidt
220635Sbschmidt/*
178676Ssam * There are numbers of functions need to be called in context thread.
178676Ssam * Rather than creating taskqueue event for each of those functions,
198429Srpaulo * here is all-for-one taskqueue callback function. This function
198429Srpaulo * gurantees deferred functions are executed in the same order they
220721Sbschmidt * were enqueued.
178676Ssam * '& RUN_CMDQ_MASQ' is to loop cmdq[].
198429Srpaulo */
198429Srpaulostatic void
198429Srpaulorun_cmdq_cb(void *arg, int pending)
198429Srpaulo{
198429Srpaulo	struct run_softc *sc = arg;
198429Srpaulo	uint8_t i;
198429Srpaulo
198429Srpaulo	/* call cmdq[].func locked */
220667Sbschmidt	RUN_LOCK(sc);
220667Sbschmidt	for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
198429Srpaulo	    i = sc->cmdq_exec, pending--) {
198429Srpaulo		DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
198429Srpaulo		if (sc->cmdq_run == RUN_CMDQ_GO) {
220725Sbschmidt			/*
220723Sbschmidt			 * If arg0 is NULL, callback func needs more
220723Sbschmidt			 * than one arg. So, pass ptr to cmdq struct.
220723Sbschmidt			 */
220723Sbschmidt			if (sc->cmdq[i].arg0)
220723Sbschmidt				sc->cmdq[i].func(sc->cmdq[i].arg0);
220723Sbschmidt			else
220723Sbschmidt				sc->cmdq[i].func(&sc->cmdq[i]);
201209Srpaulo		}
198429Srpaulo		sc->cmdq[i].arg0 = NULL;
220728Sbschmidt		sc->cmdq[i].func = NULL;
220728Sbschmidt		sc->cmdq_exec++;
198429Srpaulo		sc->cmdq_exec &= RUN_CMDQ_MASQ;
198429Srpaulo	}
201209Srpaulo	RUN_UNLOCK(sc);
201209Srpaulo}
198429Srpaulo
198429Srpaulostatic void
198429Srpaulorun_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
198429Srpaulo{
198429Srpaulo	struct run_tx_data *data;
198429Srpaulo
198429Srpaulo	memset(pq, 0, sizeof(*pq));
198429Srpaulo
198429Srpaulo	STAILQ_INIT(&pq->tx_qh);
178676Ssam	STAILQ_INIT(&pq->tx_fh);
178676Ssam
178676Ssam	for (data = &pq->tx_data[0];
178676Ssam	    data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
220723Sbschmidt		data->sc = sc;
220723Sbschmidt		STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
220723Sbschmidt	}
220723Sbschmidt	pq->tx_nfree = RUN_TX_RING_COUNT;
220723Sbschmidt}
220723Sbschmidt
220723Sbschmidtstatic void
220723Sbschmidtrun_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
220723Sbschmidt{
220723Sbschmidt	struct run_tx_data *data;
220723Sbschmidt
220723Sbschmidt	/* make sure any subsequent use of the queues will fail */
220723Sbschmidt	pq->tx_nfree = 0;
220723Sbschmidt	STAILQ_INIT(&pq->tx_fh);
220723Sbschmidt	STAILQ_INIT(&pq->tx_qh);
220723Sbschmidt
220723Sbschmidt	/* free up all node references and mbufs */
220723Sbschmidt	for (data = &pq->tx_data[0];
220723Sbschmidt	    data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
220723Sbschmidt		if (data->m != NULL) {
220723Sbschmidt			m_freem(data->m);
220723Sbschmidt			data->m = NULL;
220723Sbschmidt		}
220723Sbschmidt		if (data->ni != NULL) {
220723Sbschmidt			ieee80211_free_node(data->ni);
220723Sbschmidt			data->ni = NULL;
220723Sbschmidt		}
220723Sbschmidt	}
220723Sbschmidt}
220723Sbschmidt
220723Sbschmidtstatic int
220723Sbschmidtrun_load_microcode(struct run_softc *sc)
220723Sbschmidt{
220723Sbschmidt	usb_device_request_t req;
220723Sbschmidt	const struct firmware *fw;
220723Sbschmidt	const u_char *base;
220723Sbschmidt	uint32_t tmp;
220723Sbschmidt	int ntries, error;
220723Sbschmidt	const uint64_t *temp;
220723Sbschmidt	uint64_t bytes;
220723Sbschmidt
220723Sbschmidt	RUN_UNLOCK(sc);
220723Sbschmidt	fw = firmware_get("runfw");
220723Sbschmidt	RUN_LOCK(sc);
198429Srpaulo	if (fw == NULL) {
178676Ssam		device_printf(sc->sc_dev,
198429Srpaulo		    "failed loadfirmware of file %s\n", "runfw");
178676Ssam		return ENOENT;
198429Srpaulo	}
198429Srpaulo
178676Ssam	if (fw->datasize != 8192) {
198429Srpaulo		device_printf(sc->sc_dev,
198429Srpaulo		    "invalid firmware size (should be 8KB)\n");
198429Srpaulo		error = EINVAL;
220726Sbschmidt		goto fail;
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	/*
198429Srpaulo	 * RT3071/RT3072 use a different firmware
198429Srpaulo	 * run-rt2870 (8KB) contains both,
198429Srpaulo	 * first half (4KB) is for rt2870,
198429Srpaulo	 * last half is for rt3071.
198429Srpaulo	 */
198429Srpaulo	base = fw->data;
198429Srpaulo	if ((sc->mac_ver) != 0x2860 &&
198429Srpaulo	    (sc->mac_ver) != 0x2872 &&
198429Srpaulo	    (sc->mac_ver) != 0x3070) {
198429Srpaulo		base += 4096;
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	/* cheap sanity check */
198429Srpaulo	temp = fw->data;
201209Srpaulo	bytes = *temp;
198429Srpaulo	if (bytes != be64toh(0xffffff0210280210)) {
198429Srpaulo		device_printf(sc->sc_dev, "firmware checksum failed\n");
198429Srpaulo		error = EINVAL;
198429Srpaulo		goto fail;
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	run_read(sc, RT2860_ASIC_VER_ID, &tmp);
201209Srpaulo	/* write microcode image */
198429Srpaulo	run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
198429Srpaulo	run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
198429Srpaulo	run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
198429Srpaulo
198429Srpaulo	req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
198429Srpaulo	req.bRequest = RT2870_RESET;
198429Srpaulo	USETW(req.wValue, 8);
198429Srpaulo	USETW(req.wIndex, 0);
198429Srpaulo	USETW(req.wLength, 0);
198429Srpaulo	if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
198429Srpaulo	    != 0) {
198429Srpaulo		device_printf(sc->sc_dev, "firmware reset failed\n");
198429Srpaulo		goto fail;
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	run_delay(sc, 10);
198429Srpaulo
198429Srpaulo	run_write(sc, RT2860_H2M_MAILBOX, 0);
198429Srpaulo	if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
198429Srpaulo		goto fail;
198429Srpaulo
198429Srpaulo	/* wait until microcontroller is ready */
198429Srpaulo	for (ntries = 0; ntries < 1000; ntries++) {
198429Srpaulo		if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) {
198429Srpaulo			goto fail;
198429Srpaulo		}
198429Srpaulo		if (tmp & RT2860_MCU_READY)
201209Srpaulo			break;
198429Srpaulo		run_delay(sc, 10);
198429Srpaulo	}
198429Srpaulo	if (ntries == 1000) {
198429Srpaulo		device_printf(sc->sc_dev,
198429Srpaulo		    "timeout waiting for MCU to initialize\n");
198429Srpaulo		error = ETIMEDOUT;
198429Srpaulo		goto fail;
201209Srpaulo	}
198429Srpaulo	device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
198429Srpaulo	    (base == fw->data) ? "RT2870" : "RT3071",
198429Srpaulo	    *(base + 4092), *(base + 4093));
198429Srpaulo
198429Srpaulofail:
198429Srpaulo	firmware_put(fw, FIRMWARE_UNLOAD);
198429Srpaulo	return (error);
198429Srpaulo}
198429Srpaulo
198429Srpauloint
198429Srpaulorun_reset(struct run_softc *sc)
198429Srpaulo{
198429Srpaulo	usb_device_request_t req;
198429Srpaulo
198429Srpaulo	req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
198429Srpaulo	req.bRequest = RT2870_RESET;
198429Srpaulo	USETW(req.wValue, 1);
198429Srpaulo	USETW(req.wIndex, 0);
198429Srpaulo	USETW(req.wLength, 0);
198429Srpaulo	return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic usb_error_t
198429Srpaulorun_do_request(struct run_softc *sc,
198429Srpaulo    struct usb_device_request *req, void *data)
198429Srpaulo{
198429Srpaulo	usb_error_t err;
198429Srpaulo	int ntries = 10;
198429Srpaulo
198429Srpaulo	RUN_LOCK_ASSERT(sc, MA_OWNED);
198429Srpaulo
198429Srpaulo	while (ntries--) {
206477Sbschmidt		err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
198429Srpaulo		    req, data, 0, NULL, 250 /* ms */);
198429Srpaulo		if (err == 0)
198429Srpaulo			break;
198429Srpaulo		DPRINTFN(1, "Control request failed, %s (retrying)\n",
198429Srpaulo		    usbd_errstr(err));
198429Srpaulo		run_delay(sc, 10);
198429Srpaulo	}
198429Srpaulo	return (err);
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic int
198429Srpaulorun_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
198429Srpaulo{
198429Srpaulo	uint32_t tmp;
198429Srpaulo	int error;
198429Srpaulo
198429Srpaulo	error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
198429Srpaulo	if (error == 0)
198429Srpaulo		*val = le32toh(tmp);
198429Srpaulo	else
198429Srpaulo		*val = 0xffffffff;
198429Srpaulo	return (error);
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic int
198429Srpaulorun_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
198429Srpaulo{
198429Srpaulo	usb_device_request_t req;
198429Srpaulo
198429Srpaulo	req.bmRequestType = UT_READ_VENDOR_DEVICE;
206477Sbschmidt	req.bRequest = RT2870_READ_REGION_1;
198429Srpaulo	USETW(req.wValue, 0);
198429Srpaulo	USETW(req.wIndex, reg);
203934Sbschmidt	USETW(req.wLength, len);
201209Srpaulo
198429Srpaulo	return (run_do_request(sc, &req, buf));
201209Srpaulo}
220726Sbschmidt
198429Srpaulostatic int
198429Srpaulorun_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
220726Sbschmidt{
198429Srpaulo	usb_device_request_t req;
198429Srpaulo
198429Srpaulo	req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
198429Srpaulo	req.bRequest = RT2870_WRITE_2;
198429Srpaulo	USETW(req.wValue, val);
198429Srpaulo	USETW(req.wIndex, reg);
201209Srpaulo	USETW(req.wLength, 0);
201209Srpaulo
201209Srpaulo	return (run_do_request(sc, &req, NULL));
201209Srpaulo}
201209Srpaulo
198429Srpaulostatic int
198429Srpaulorun_write(struct run_softc *sc, uint16_t reg, uint32_t val)
198429Srpaulo{
198429Srpaulo	int error;
198429Srpaulo
201209Srpaulo	if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
203934Sbschmidt		error = run_write_2(sc, reg + 2, val >> 16);
203934Sbschmidt	return (error);
201209Srpaulo}
201209Srpaulo
201209Srpaulostatic int
201209Srpaulorun_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
203934Sbschmidt    int len)
201209Srpaulo{
201209Srpaulo#if 1
201209Srpaulo	int i, error = 0;
201209Srpaulo	/*
201209Srpaulo	 * NB: the WRITE_REGION_1 command is not stable on RT2860.
201209Srpaulo	 * We thus issue multiple WRITE_2 commands instead.
203934Sbschmidt	 */
201209Srpaulo	KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
201209Srpaulo	for (i = 0; i < len && error == 0; i += 2)
203934Sbschmidt		error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
201209Srpaulo	return (error);
201209Srpaulo#else
203934Sbschmidt	usb_device_request_t req;
201209Srpaulo
178676Ssam	req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
178676Ssam	req.bRequest = RT2870_WRITE_REGION_1;
178676Ssam	USETW(req.wValue, 0);
206477Sbschmidt	USETW(req.wIndex, reg);
198429Srpaulo	USETW(req.wLength, len);
198429Srpaulo	return (run_do_request(sc, &req, buf));
220723Sbschmidt#endif
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic int
201209Srpaulorun_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
198429Srpaulo{
198429Srpaulo	int i, error = 0;
201209Srpaulo
198429Srpaulo	KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
198429Srpaulo	for (i = 0; i < len && error == 0; i += 4)
198429Srpaulo		error = run_write(sc, reg + i, val);
198429Srpaulo	return (error);
198429Srpaulo}
201209Srpaulo
198429Srpaulo/* Read 16-bit from eFUSE ROM (RT3070 only.) */
198429Srpaulostatic int
198429Srpaulorun_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
198429Srpaulo{
198429Srpaulo	uint32_t tmp;
198429Srpaulo	uint16_t reg;
198429Srpaulo	int error, ntries;
198429Srpaulo
198429Srpaulo	if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
198429Srpaulo		return (error);
198429Srpaulo
198429Srpaulo	addr *= 2;
198429Srpaulo	/*-
198429Srpaulo	 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
198429Srpaulo	 * DATA0: F E D C
198429Srpaulo	 * DATA1: B A 9 8
198429Srpaulo	 * DATA2: 7 6 5 4
198429Srpaulo	 * DATA3: 3 2 1 0
198429Srpaulo	 */
198429Srpaulo	tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
198429Srpaulo	tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
198429Srpaulo	run_write(sc, RT3070_EFUSE_CTRL, tmp);
198429Srpaulo	for (ntries = 0; ntries < 100; ntries++) {
198429Srpaulo		if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
198429Srpaulo			return (error);
178676Ssam		if (!(tmp & RT3070_EFSROM_KICK))
178676Ssam			break;
178676Ssam		run_delay(sc, 2);
198429Srpaulo	}
198429Srpaulo	if (ntries == 100)
198429Srpaulo		return (ETIMEDOUT);
198429Srpaulo
178676Ssam	if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
178676Ssam		*val = 0xffff;	/* address not found */
198429Srpaulo		return (0);
178676Ssam	}
220691Sbschmidt	/* determine to which 32-bit register our 16-bit word belongs */
178676Ssam	reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
198429Srpaulo	if ((error = run_read(sc, reg, &tmp)) != 0)
178676Ssam		return (error);
220723Sbschmidt
178676Ssam	*val = (addr & 2) ? tmp >> 16 : tmp & 0xffff;
178676Ssam	return (0);
198429Srpaulo}
178676Ssam
220691Sbschmidtstatic int
220711Sbschmidtrun_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
178676Ssam{
220711Sbschmidt	usb_device_request_t req;
178676Ssam	uint16_t tmp;
220691Sbschmidt	int error;
220711Sbschmidt
178676Ssam	addr *= 2;
220711Sbschmidt	req.bmRequestType = UT_READ_VENDOR_DEVICE;
220691Sbschmidt	req.bRequest = RT2870_EEPROM_READ;
220691Sbschmidt	USETW(req.wValue, 0);
220711Sbschmidt	USETW(req.wIndex, addr);
178676Ssam	USETW(req.wLength, sizeof tmp);
178676Ssam
220704Sbschmidt	error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
220704Sbschmidt	if (error == 0)
178676Ssam		*val = le16toh(tmp);
178676Ssam	else
220726Sbschmidt		*val = 0xffff;
178676Ssam	return (error);
220726Sbschmidt}
220726Sbschmidt
178676Ssamstatic __inline int
178676Ssamrun_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
178676Ssam{
206477Sbschmidt	/* either eFUSE ROM or EEPROM */
178676Ssam	return sc->sc_srom_read(sc, addr, val);
178676Ssam}
220701Sbschmidt
220701Sbschmidtstatic int
220701Sbschmidtrun_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val)
220701Sbschmidt{
220701Sbschmidt	uint32_t tmp;
178676Ssam	int error, ntries;
220701Sbschmidt
178676Ssam	for (ntries = 0; ntries < 10; ntries++) {
220701Sbschmidt		if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
220701Sbschmidt			return (error);
220701Sbschmidt		if (!(tmp & RT2860_RF_REG_CTRL))
220701Sbschmidt			break;
178676Ssam	}
220701Sbschmidt	if (ntries == 10)
178676Ssam		return (ETIMEDOUT);
178676Ssam
178676Ssam	/* RF registers are 24-bit on the RT2860 */
206477Sbschmidt	tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT |
198429Srpaulo	    (val & 0x3fffff) << 2 | (reg & 3);
178676Ssam	return (run_write(sc, RT2860_RF_CSR_CFG0, tmp));
198429Srpaulo}
220691Sbschmidt
220728Sbschmidtstatic int
178676Ssamrun_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
178676Ssam{
206477Sbschmidt	uint32_t tmp;
198429Srpaulo	int error, ntries;
178676Ssam
198429Srpaulo	for (ntries = 0; ntries < 100; ntries++) {
178676Ssam		if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
178676Ssam			return (error);
206477Sbschmidt		if (!(tmp & RT3070_RF_KICK))
178676Ssam			break;
178676Ssam	}
198429Srpaulo	if (ntries == 100)
220691Sbschmidt		return (ETIMEDOUT);
178676Ssam
178676Ssam	tmp = RT3070_RF_KICK | reg << 8;
206477Sbschmidt	if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
178676Ssam		return (error);
178676Ssam
178676Ssam	for (ntries = 0; ntries < 100; ntries++) {
178676Ssam		if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
178676Ssam			return (error);
206477Sbschmidt		if (!(tmp & RT3070_RF_KICK))
201209Srpaulo			break;
201209Srpaulo	}
201209Srpaulo	if (ntries == 100)
220691Sbschmidt		return (ETIMEDOUT);
220691Sbschmidt
201209Srpaulo	*val = tmp & 0xff;
201209Srpaulo	return (0);
206477Sbschmidt}
201209Srpaulo
201209Srpaulostatic int
201209Srpaulorun_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
201209Srpaulo{
201209Srpaulo	uint32_t tmp;
206477Sbschmidt	int error, ntries;
178676Ssam
178676Ssam	for (ntries = 0; ntries < 10; ntries++) {
198429Srpaulo		if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
220728Sbschmidt			return (error);
178676Ssam		if (!(tmp & RT3070_RF_KICK))
178676Ssam			break;
206477Sbschmidt	}
178676Ssam	if (ntries == 10)
178676Ssam		return (ETIMEDOUT);
178676Ssam
178676Ssam	tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
178676Ssam	return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
206477Sbschmidt}
178676Ssam
178676Ssamstatic int
198429Srpaulorun_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
178676Ssam{
178676Ssam	uint32_t tmp;
178676Ssam	int ntries, error;
178676Ssam
198429Srpaulo	for (ntries = 0; ntries < 10; ntries++) {
198429Srpaulo		if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
220691Sbschmidt			return (error);
220691Sbschmidt		if (!(tmp & RT2860_BBP_CSR_KICK))
178676Ssam			break;
178676Ssam	}
220711Sbschmidt	if (ntries == 10)
178676Ssam		return (ETIMEDOUT);
178676Ssam
178676Ssam	tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
178676Ssam	if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
220702Sbschmidt		return (error);
220702Sbschmidt
220702Sbschmidt	for (ntries = 0; ntries < 10; ntries++) {
198429Srpaulo		if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
198429Srpaulo			return (error);
220711Sbschmidt		if (!(tmp & RT2860_BBP_CSR_KICK))
178676Ssam			break;
198429Srpaulo	}
198429Srpaulo	if (ntries == 10)
178676Ssam		return (ETIMEDOUT);
220702Sbschmidt
220702Sbschmidt	*val = tmp & 0xff;
220702Sbschmidt	return (0);
220702Sbschmidt}
220702Sbschmidt
198429Srpaulostatic int
198429Srpaulorun_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
220711Sbschmidt{
198429Srpaulo	uint32_t tmp;
198429Srpaulo	int ntries, error;
198429Srpaulo
198429Srpaulo	for (ntries = 0; ntries < 10; ntries++) {
178676Ssam		if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
198429Srpaulo			return (error);
178676Ssam		if (!(tmp & RT2860_BBP_CSR_KICK))
178676Ssam			break;
178676Ssam	}
178676Ssam	if (ntries == 10)
178676Ssam		return (ETIMEDOUT);
201209Srpaulo
178676Ssam	tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
178676Ssam	return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
220711Sbschmidt}
178676Ssam
178676Ssam/*
178676Ssam * Send a command to the 8051 microcontroller unit.
198429Srpaulo */
220692Sbschmidtstatic int
220692Sbschmidtrun_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
198439Srpaulo{
178676Ssam	uint32_t tmp;
220711Sbschmidt	int error, ntries;
220710Sbschmidt
178676Ssam	for (ntries = 0; ntries < 100; ntries++) {
178676Ssam		if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
198429Srpaulo			return error;
201209Srpaulo		if (!(tmp & RT2860_H2M_BUSY))
220692Sbschmidt			break;
220692Sbschmidt	}
178676Ssam	if (ntries == 100)
178676Ssam		return ETIMEDOUT;
220711Sbschmidt
220711Sbschmidt	tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
178676Ssam	if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
178676Ssam		error = run_write(sc, RT2860_HOST_CMD, cmd);
178676Ssam	return (error);
198429Srpaulo}
178676Ssam
178676Ssam/*
220726Sbschmidt * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
178676Ssam * Used to adjust per-rate Tx power registers.
178676Ssam */
220726Sbschmidtstatic __inline uint32_t
178676Ssamb4inc(uint32_t b32, int8_t delta)
220726Sbschmidt{
220726Sbschmidt	int8_t i, b4;
178676Ssam
178676Ssam	for (i = 0; i < 8; i++) {
178676Ssam		b4 = b32 & 0xf;
206477Sbschmidt		b4 += delta;
178676Ssam		if (b4 < 0)
178676Ssam			b4 = 0;
178676Ssam		else if (b4 > 0xf)
178676Ssam			b4 = 0xf;
198429Srpaulo		b32 = b32 >> 4 | b4 << 28;
198429Srpaulo	}
198429Srpaulo	return (b32);
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic const char *
198429Srpaulorun_get_rf(int rev)
198429Srpaulo{
198429Srpaulo	switch (rev) {
198429Srpaulo	case RT2860_RF_2820:	return "RT2820";
178676Ssam	case RT2860_RF_2850:	return "RT2850";
198429Srpaulo	case RT2860_RF_2720:	return "RT2720";
178676Ssam	case RT2860_RF_2750:	return "RT2750";
178676Ssam	case RT3070_RF_3020:	return "RT3020";
206477Sbschmidt	case RT3070_RF_2020:	return "RT2020";
178676Ssam	case RT3070_RF_3021:	return "RT3021";
178676Ssam	case RT3070_RF_3022:	return "RT3022";
178676Ssam	case RT3070_RF_3052:	return "RT3052";
178676Ssam	}
178676Ssam	return ("unknown");
198429Srpaulo}
178676Ssam
198429Srpauloint
198429Srpaulorun_read_eeprom(struct run_softc *sc)
198429Srpaulo{
198429Srpaulo	int8_t delta_2ghz, delta_5ghz;
201209Srpaulo	uint32_t tmp;
198439Srpaulo	uint16_t val;
201209Srpaulo	int ridx, ant, i;
198429Srpaulo
220710Sbschmidt	/* check whether the ROM is eFUSE ROM or EEPROM */
198429Srpaulo	sc->sc_srom_read = run_eeprom_read_2;
201209Srpaulo	if (sc->mac_ver >= 0x3070) {
201209Srpaulo		run_read(sc, RT3070_EFUSE_CTRL, &tmp);
198429Srpaulo		DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
220701Sbschmidt		if (tmp & RT3070_SEL_EFUSE)
220701Sbschmidt			sc->sc_srom_read = run_efuse_read_2;
220701Sbschmidt	}
220701Sbschmidt
178676Ssam	/* read ROM version */
178676Ssam	run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
206477Sbschmidt	DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
178676Ssam
178676Ssam	/* read MAC address */
220723Sbschmidt	run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
178676Ssam	sc->sc_bssid[0] = val & 0xff;
178676Ssam	sc->sc_bssid[1] = val >> 8;
178676Ssam	run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
178676Ssam	sc->sc_bssid[2] = val & 0xff;
178676Ssam	sc->sc_bssid[3] = val >> 8;
178676Ssam	run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
178676Ssam	sc->sc_bssid[4] = val & 0xff;
220725Sbschmidt	sc->sc_bssid[5] = val >> 8;
220726Sbschmidt
220691Sbschmidt	/* read vender BBP settings */
220691Sbschmidt	for (i = 0; i < 10; i++) {
178676Ssam		run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
178676Ssam		sc->bbp[i].val = val & 0xff;
198429Srpaulo		sc->bbp[i].reg = val >> 8;
178676Ssam		DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
178676Ssam	}
178676Ssam	if (sc->mac_ver >= 0x3071) {
198429Srpaulo		/* read vendor RF settings */
220726Sbschmidt		for (i = 0; i < 10; i++) {
220691Sbschmidt			run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val);
220691Sbschmidt			sc->rf[i].val = val & 0xff;
178676Ssam			sc->rf[i].reg = val >> 8;
178676Ssam			DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
198429Srpaulo			    sc->rf[i].val);
178676Ssam		}
178676Ssam	}
178676Ssam
178676Ssam	/* read RF frequency offset from EEPROM */
198429Srpaulo	run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val);
220726Sbschmidt	sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
220726Sbschmidt	DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
220726Sbschmidt
198429Srpaulo	if (val >> 8 != 0xff) {
198429Srpaulo		/* read LEDs operating mode */
220711Sbschmidt		sc->leds = val >> 8;
178676Ssam		run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]);
198429Srpaulo		run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]);
198429Srpaulo		run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]);
178676Ssam	} else {
198429Srpaulo		/* broken EEPROM, use default settings */
178676Ssam		sc->leds = 0x01;
178676Ssam		sc->led[0] = 0x5555;
178676Ssam		sc->led[1] = 0x2221;
198429Srpaulo		sc->led[2] = 0x5627;	/* differs from RT2860 */
198429Srpaulo	}
198429Srpaulo	DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
198429Srpaulo	    sc->leds, sc->led[0], sc->led[1], sc->led[2]);
201209Srpaulo
178676Ssam	/* read RF information */
178676Ssam	run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
220711Sbschmidt	if (val == 0xffff) {
178676Ssam		DPRINTF("invalid EEPROM antenna info, using default\n");
178676Ssam		if (sc->mac_ver == 0x3572) {
178676Ssam			/* default to RF3052 2T2R */
178676Ssam			sc->rf_rev = RT3070_RF_3052;
178676Ssam			sc->ntxchains = 2;
220726Sbschmidt			sc->nrxchains = 2;
220726Sbschmidt		} else if (sc->mac_ver >= 0x3070) {
178676Ssam			/* default to RF3020 1T1R */
178676Ssam			sc->rf_rev = RT3070_RF_3020;
178676Ssam			sc->ntxchains = 1;
206477Sbschmidt			sc->nrxchains = 1;
178676Ssam		} else {
178676Ssam			/* default to RF2820 1T2R */
198429Srpaulo			sc->rf_rev = RT2860_RF_2820;
178676Ssam			sc->ntxchains = 1;
178676Ssam			sc->nrxchains = 2;
178676Ssam		}
178676Ssam	} else {
178676Ssam		sc->rf_rev = (val >> 8) & 0xf;
220704Sbschmidt		sc->ntxchains = (val >> 4) & 0xf;
220704Sbschmidt		sc->nrxchains = val & 0xf;
201209Srpaulo	}
178676Ssam	DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n",
178676Ssam	    sc->rf_rev, sc->ntxchains, sc->nrxchains);
178676Ssam
178676Ssam	/* check if RF supports automatic Tx access gain control */
198429Srpaulo	run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
198429Srpaulo	DPRINTF("EEPROM CFG 0x%04x\n", val);
198439Srpaulo	/* check if driver should patch the DAC issue */
198439Srpaulo	if ((val >> 8) != 0xff)
198429Srpaulo		sc->patch_dac = (val >> 15) & 1;
178676Ssam	if ((val & 0xff) != 0xff) {
178676Ssam		sc->ext_5ghz_lna = (val >> 3) & 1;
178676Ssam		sc->ext_2ghz_lna = (val >> 2) & 1;
178676Ssam		/* check if RF supports automatic Tx access gain control */
206477Sbschmidt		sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
178676Ssam		/* check if we have a hardware radio switch */
178676Ssam		sc->rfswitch = val & 1;
178676Ssam	}
178676Ssam
178676Ssam	/* read power settings for 2GHz channels */
178676Ssam	for (i = 0; i < 14; i += 2) {
178676Ssam		run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
201209Srpaulo		sc->txpow1[i + 0] = (int8_t)(val & 0xff);
201209Srpaulo		sc->txpow1[i + 1] = (int8_t)(val >> 8);
178676Ssam
201209Srpaulo		run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
201209Srpaulo		sc->txpow2[i + 0] = (int8_t)(val & 0xff);
201209Srpaulo		sc->txpow2[i + 1] = (int8_t)(val >> 8);
201209Srpaulo	}
201209Srpaulo	/* fix broken Tx power entries */
178676Ssam	for (i = 0; i < 14; i++) {
201209Srpaulo		if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
201209Srpaulo			sc->txpow1[i] = 5;
178676Ssam		if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
220701Sbschmidt			sc->txpow2[i] = 5;
220701Sbschmidt		DPRINTF("chan %d: power1=%d, power2=%d\n",
220701Sbschmidt		    rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
220701Sbschmidt	}
178676Ssam	/* read power settings for 5GHz channels */
178676Ssam	for (i = 0; i < 40; i += 2) {
206477Sbschmidt		run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
201209Srpaulo		sc->txpow1[i + 14] = (int8_t)(val & 0xff);
201209Srpaulo		sc->txpow1[i + 15] = (int8_t)(val >> 8);
201209Srpaulo
201209Srpaulo		run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
201209Srpaulo		sc->txpow2[i + 14] = (int8_t)(val & 0xff);
201209Srpaulo		sc->txpow2[i + 15] = (int8_t)(val >> 8);
201209Srpaulo	}
201209Srpaulo	/* fix broken Tx power entries */
201209Srpaulo	for (i = 0; i < 40; i++) {
220725Sbschmidt		if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
201209Srpaulo			sc->txpow1[14 + i] = 5;
201209Srpaulo		if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
201209Srpaulo			sc->txpow2[14 + i] = 5;
201209Srpaulo		DPRINTF("chan %d: power1=%d, power2=%d\n",
201209Srpaulo		    rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
201209Srpaulo		    sc->txpow2[14 + i]);
201209Srpaulo	}
201209Srpaulo
201209Srpaulo	/* read Tx power compensation for each Tx rate */
201209Srpaulo	run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
201209Srpaulo	delta_2ghz = delta_5ghz = 0;
201209Srpaulo	if ((val & 0xff) != 0xff && (val & 0x80)) {
201209Srpaulo		delta_2ghz = val & 0xf;
201209Srpaulo		if (!(val & 0x40))	/* negative number */
206477Sbschmidt			delta_2ghz = -delta_2ghz;
198429Srpaulo	}
178676Ssam	val >>= 8;
220728Sbschmidt	if ((val & 0xff) != 0xff && (val & 0x80)) {
220723Sbschmidt		delta_5ghz = val & 0xf;
198429Srpaulo		if (!(val & 0x40))	/* negative number */
178676Ssam			delta_5ghz = -delta_5ghz;
198429Srpaulo	}
198429Srpaulo	DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
198429Srpaulo	    delta_2ghz, delta_5ghz);
198429Srpaulo
198429Srpaulo	for (ridx = 0; ridx < 5; ridx++) {
198429Srpaulo		uint32_t reg;
178676Ssam
201209Srpaulo		run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
220726Sbschmidt		reg = val;
201209Srpaulo		run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
220726Sbschmidt		reg |= (uint32_t)val << 16;
220726Sbschmidt
201209Srpaulo		sc->txpow20mhz[ridx] = reg;
201209Srpaulo		sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
201209Srpaulo		sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
198429Srpaulo
198429Srpaulo		DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
198429Srpaulo		    "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
198429Srpaulo		    sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
220726Sbschmidt	}
220726Sbschmidt
198429Srpaulo	/* read RSSI offsets and LNA gains from EEPROM */
198429Srpaulo	run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val);
198429Srpaulo	sc->rssi_2ghz[0] = val & 0xff;	/* Ant A */
201209Srpaulo	sc->rssi_2ghz[1] = val >> 8;	/* Ant B */
220726Sbschmidt	run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val);
201209Srpaulo	if (sc->mac_ver >= 0x3070) {
201209Srpaulo		/*
201209Srpaulo		 * On RT3070 chips (limited to 2 Rx chains), this ROM
201209Srpaulo		 * field contains the Tx mixer gain for the 2GHz band.
201209Srpaulo		 */
198429Srpaulo		if ((val & 0xff) != 0xff)
178676Ssam			sc->txmixgain_2ghz = val & 0x7;
220729Sbschmidt		DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
220729Sbschmidt	} else
220729Sbschmidt		sc->rssi_2ghz[2] = val & 0xff;	/* Ant C */
220729Sbschmidt	sc->lna[2] = val >> 8;		/* channel group 2 */
220729Sbschmidt
220729Sbschmidt	run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val);
198429Srpaulo	sc->rssi_5ghz[0] = val & 0xff;	/* Ant A */
198429Srpaulo	sc->rssi_5ghz[1] = val >> 8;	/* Ant B */
198429Srpaulo	run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val);
220727Sbschmidt	if (sc->mac_ver == 0x3572) {
220727Sbschmidt		/*
220727Sbschmidt		 * On RT3572 chips (limited to 2 Rx chains), this ROM
220727Sbschmidt		 * field contains the Tx mixer gain for the 5GHz band.
220727Sbschmidt		 */
178676Ssam		if ((val & 0xff) != 0xff)
198429Srpaulo			sc->txmixgain_5ghz = val & 0x7;
198429Srpaulo		DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
178676Ssam	} else
198429Srpaulo		sc->rssi_5ghz[2] = val & 0xff;	/* Ant C */
220728Sbschmidt	sc->lna[3] = val >> 8;		/* channel group 3 */
178676Ssam
201209Srpaulo	run_srom_read(sc, RT2860_EEPROM_LNA, &val);
201209Srpaulo	sc->lna[0] = val & 0xff;	/* channel group 0 */
198429Srpaulo	sc->lna[1] = val >> 8;		/* channel group 1 */
198429Srpaulo
178676Ssam	/* fix broken 5GHz LNA entries */
178676Ssam	if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
206477Sbschmidt		DPRINTF("invalid LNA for channel group %d\n", 2);
198429Srpaulo		sc->lna[2] = sc->lna[1];
178676Ssam	}
201209Srpaulo	if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
220723Sbschmidt		DPRINTF("invalid LNA for channel group %d\n", 3);
198429Srpaulo		sc->lna[3] = sc->lna[1];
178676Ssam	}
220725Sbschmidt
198429Srpaulo	/* fix broken RSSI offset entries */
178676Ssam	for (ant = 0; ant < 3; ant++) {
220725Sbschmidt		if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
221636Sbschmidt			DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
201209Srpaulo			    ant + 1, sc->rssi_2ghz[ant]);
201209Srpaulo			sc->rssi_2ghz[ant] = 0;
201209Srpaulo		}
198429Srpaulo		if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
198429Srpaulo			DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
198429Srpaulo			    ant + 1, sc->rssi_5ghz[ant]);
198429Srpaulo			sc->rssi_5ghz[ant] = 0;
198429Srpaulo		}
198429Srpaulo	}
198429Srpaulo	return (0);
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic struct ieee80211_node *
198429Srpaulorun_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
198429Srpaulo{
198429Srpaulo	return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic int
198429Srpaulorun_media_change(struct ifnet *ifp)
198429Srpaulo{
198429Srpaulo	struct ieee80211vap *vap = ifp->if_softc;
198429Srpaulo	struct ieee80211com *ic = vap->iv_ic;
198429Srpaulo	const struct ieee80211_txparam *tp;
198429Srpaulo	struct run_softc *sc = ic->ic_ifp->if_softc;
198429Srpaulo	uint8_t rate, ridx;
198429Srpaulo	int error;
198429Srpaulo
201209Srpaulo	RUN_LOCK(sc);
198429Srpaulo
198429Srpaulo	error = ieee80211_media_change(ifp);
178676Ssam	if (error != ENETRESET) {
198429Srpaulo		RUN_UNLOCK(sc);
178676Ssam		return (error);
178676Ssam	}
198429Srpaulo
206477Sbschmidt	tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
198429Srpaulo	if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
178676Ssam		struct ieee80211_node *ni;
198429Srpaulo		struct run_node	*rn;
198429Srpaulo
198429Srpaulo		rate = ic->ic_sup_rates[ic->ic_curmode].
178676Ssam		    rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
198429Srpaulo		for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
198429Srpaulo			if (rt2860_rates[ridx].rate == rate)
198429Srpaulo				break;
198429Srpaulo		ni = ieee80211_ref_node(vap->iv_bss);
198429Srpaulo		rn = (struct run_node *)ni;
198429Srpaulo		rn->fix_ridx = ridx;
198429Srpaulo		DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
198429Srpaulo		ieee80211_free_node(ni);
198429Srpaulo	}
198429Srpaulo
198429Srpaulo#if 0
198429Srpaulo	if ((ifp->if_flags & IFF_UP) &&
198429Srpaulo	    (ifp->if_drv_flags &  IFF_DRV_RUNNING)){
198429Srpaulo		run_init_locked(sc);
198429Srpaulo	}
198429Srpaulo#endif
198429Srpaulo
198429Srpaulo	RUN_UNLOCK(sc);
198429Srpaulo
198429Srpaulo	return (0);
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic int
198429Srpaulorun_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
178676Ssam{
198429Srpaulo	const struct ieee80211_txparam *tp;
178676Ssam	struct ieee80211com *ic = vap->iv_ic;
206477Sbschmidt	struct run_softc *sc = ic->ic_ifp->if_softc;
198429Srpaulo	struct run_vap *rvp = RUN_VAP(vap);
178676Ssam	enum ieee80211_state ostate;
206444Sbschmidt	uint32_t sta[3];
220674Sbschmidt	uint32_t tmp;
220723Sbschmidt	uint8_t ratectl;
220723Sbschmidt	uint8_t restart_ratectl = 0;
198429Srpaulo	uint8_t bid = 1 << rvp->rvp_id;
178676Ssam
220725Sbschmidt	ostate = vap->iv_state;
198429Srpaulo	DPRINTF("%s -> %s\n",
198429Srpaulo		ieee80211_state_name[ostate],
198429Srpaulo		ieee80211_state_name[nstate]);
198429Srpaulo
178676Ssam	IEEE80211_UNLOCK(ic);
220725Sbschmidt	RUN_LOCK(sc);
221636Sbschmidt
221635Sbschmidt	ratectl = sc->ratectl_run; /* remember current state */
221635Sbschmidt	sc->ratectl_run = RUN_RATECTL_OFF;
221635Sbschmidt	usb_callout_stop(&sc->ratectl_ch);
221635Sbschmidt
201209Srpaulo	if (ostate == IEEE80211_S_RUN) {
198429Srpaulo		/* turn link LED off */
178676Ssam		run_set_leds(sc, RT2860_LED_RADIO);
201209Srpaulo	}
201209Srpaulo
201209Srpaulo	switch (nstate) {
201209Srpaulo	case IEEE80211_S_INIT:
198429Srpaulo		restart_ratectl = 1;
198429Srpaulo
206444Sbschmidt		if (ostate != IEEE80211_S_RUN)
206444Sbschmidt			break;
220726Sbschmidt
220726Sbschmidt		ratectl &= ~bid;
210108Sbschmidt		sc->runbmap &= ~bid;
206444Sbschmidt
198429Srpaulo		/* abort TSF synchronization if there is no vap running */
201209Srpaulo		if (--sc->running == 0) {
198429Srpaulo			run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
220674Sbschmidt			run_write(sc, RT2860_BCN_TIME_CFG,
198429Srpaulo			    tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
198429Srpaulo			    RT2860_TBTT_TIMER_EN));
220674Sbschmidt		}
201209Srpaulo		break;
220674Sbschmidt
220674Sbschmidt	case IEEE80211_S_RUN:
220674Sbschmidt		if (!(sc->runbmap & bid)) {
220674Sbschmidt			if(sc->running++)
220674Sbschmidt				restart_ratectl = 1;
220674Sbschmidt			sc->runbmap |= bid;
220674Sbschmidt		}
178676Ssam
178676Ssam		m_freem(rvp->beacon_mbuf);
178676Ssam		rvp->beacon_mbuf = NULL;
201209Srpaulo
201209Srpaulo		switch (vap->iv_opmode) {
201209Srpaulo		case IEEE80211_M_HOSTAP:
201209Srpaulo		case IEEE80211_M_MBSS:
201209Srpaulo			sc->ap_running |= bid;
201209Srpaulo			ic->ic_opmode = vap->iv_opmode;
201209Srpaulo			run_update_beacon_cb(vap);
201209Srpaulo			break;
201209Srpaulo		case IEEE80211_M_IBSS:
201209Srpaulo			sc->adhoc_running |= bid;
201209Srpaulo			if (!sc->ap_running)
201209Srpaulo				ic->ic_opmode = vap->iv_opmode;
201209Srpaulo			run_update_beacon_cb(vap);
201209Srpaulo			break;
201209Srpaulo		case IEEE80211_M_STA:
201209Srpaulo			sc->sta_running |= bid;
201209Srpaulo			if (!sc->ap_running && !sc->adhoc_running)
201209Srpaulo				ic->ic_opmode = vap->iv_opmode;
201209Srpaulo
201209Srpaulo			/* read statistic counters (clear on read) */
201209Srpaulo			run_read_region_1(sc, RT2860_TX_STA_CNT0,
201209Srpaulo			    (uint8_t *)sta, sizeof sta);
198429Srpaulo
201209Srpaulo			break;
178676Ssam		default:
198429Srpaulo			ic->ic_opmode = vap->iv_opmode;
198429Srpaulo			break;
201209Srpaulo		}
201209Srpaulo
198429Srpaulo		if (vap->iv_opmode != IEEE80211_M_MONITOR) {
220687Sbschmidt			struct ieee80211_node *ni;
220687Sbschmidt
178676Ssam			if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
198429Srpaulo				RUN_UNLOCK(sc);
198429Srpaulo				IEEE80211_LOCK(ic);
198429Srpaulo				return (-1);
198429Srpaulo			}
198429Srpaulo			run_updateslot(ic->ic_ifp);
198429Srpaulo			run_enable_mrr(sc);
198429Srpaulo			run_set_txpreamble(sc);
198429Srpaulo			run_set_basicrates(sc);
198429Srpaulo			ni = ieee80211_ref_node(vap->iv_bss);
201209Srpaulo			IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
178676Ssam			run_set_bssid(sc, ni->ni_bssid);
198429Srpaulo			ieee80211_free_node(ni);
198429Srpaulo			run_enable_tsf_sync(sc);
198429Srpaulo
198429Srpaulo			/* enable automatic rate adaptation */
206445Sbschmidt			tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
201209Srpaulo			if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
220726Sbschmidt				ratectl |= bid;
198429Srpaulo		}
198429Srpaulo
198429Srpaulo		/* turn link LED on */
198429Srpaulo		run_set_leds(sc, RT2860_LED_RADIO |
198429Srpaulo		    (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
198429Srpaulo		     RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
220726Sbschmidt
198429Srpaulo		break;
178676Ssam	default:
220723Sbschmidt		DPRINTFN(6, "undefined case\n");
220723Sbschmidt		break;
220723Sbschmidt	}
220723Sbschmidt
220723Sbschmidt	/* restart amrr for running VAPs */
220726Sbschmidt	if ((sc->ratectl_run = ratectl) && restart_ratectl)
220726Sbschmidt		usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
220723Sbschmidt
221636Sbschmidt	RUN_UNLOCK(sc);
221636Sbschmidt	IEEE80211_LOCK(ic);
221636Sbschmidt
221636Sbschmidt	return(rvp->newstate(vap, nstate, arg));
221636Sbschmidt}
221636Sbschmidt
178676Ssam/* ARGSUSED */
178676Ssamstatic void
178676Ssamrun_wme_update_cb(void *arg)
198429Srpaulo{
201209Srpaulo	struct ieee80211com *ic = arg;
178676Ssam	struct run_softc *sc = ic->ic_ifp->if_softc;
198429Srpaulo	struct ieee80211_wme_state *wmesp = &ic->ic_wme;
198429Srpaulo	int aci, error = 0;
201209Srpaulo
201209Srpaulo	RUN_LOCK_ASSERT(sc, MA_OWNED);
198429Srpaulo
221636Sbschmidt	/* update MAC TX configuration registers */
221636Sbschmidt	for (aci = 0; aci < WME_NUM_AC; aci++) {
178676Ssam		error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
221636Sbschmidt		    wmesp->wme_params[aci].wmep_logcwmax << 16 |
221636Sbschmidt		    wmesp->wme_params[aci].wmep_logcwmin << 12 |
221636Sbschmidt		    wmesp->wme_params[aci].wmep_aifsn  <<  8 |
198429Srpaulo		    wmesp->wme_params[aci].wmep_txopLimit);
221636Sbschmidt		if (error) goto err;
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	/* update SCH/DMA registers too */
198429Srpaulo	error = run_write(sc, RT2860_WMM_AIFSN_CFG,
198429Srpaulo	    wmesp->wme_params[WME_AC_VO].wmep_aifsn  << 12 |
198429Srpaulo	    wmesp->wme_params[WME_AC_VI].wmep_aifsn  <<  8 |
221636Sbschmidt	    wmesp->wme_params[WME_AC_BK].wmep_aifsn  <<  4 |
221636Sbschmidt	    wmesp->wme_params[WME_AC_BE].wmep_aifsn);
221636Sbschmidt	if (error) goto err;
198429Srpaulo	error = run_write(sc, RT2860_WMM_CWMIN_CFG,
198429Srpaulo	    wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
198429Srpaulo	    wmesp->wme_params[WME_AC_VI].wmep_logcwmin <<  8 |
198429Srpaulo	    wmesp->wme_params[WME_AC_BK].wmep_logcwmin <<  4 |
221636Sbschmidt	    wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
221636Sbschmidt	if (error) goto err;
198429Srpaulo	error = run_write(sc, RT2860_WMM_CWMAX_CFG,
198429Srpaulo	    wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
221636Sbschmidt	    wmesp->wme_params[WME_AC_VI].wmep_logcwmax <<  8 |
198429Srpaulo	    wmesp->wme_params[WME_AC_BK].wmep_logcwmax <<  4 |
198429Srpaulo	    wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
198429Srpaulo	if (error) goto err;
221636Sbschmidt	error = run_write(sc, RT2860_WMM_TXOP0_CFG,
198429Srpaulo	    wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
198429Srpaulo	    wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
221636Sbschmidt	if (error) goto err;
221636Sbschmidt	error = run_write(sc, RT2860_WMM_TXOP1_CFG,
198429Srpaulo	    wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
198429Srpaulo	    wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
178676Ssam
198429Srpauloerr:
198429Srpaulo	if (error)
221636Sbschmidt		DPRINTF("WME update failed\n");
178676Ssam
198429Srpaulo	return;
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic int
221636Sbschmidtrun_wme_update(struct ieee80211com *ic)
198429Srpaulo{
198429Srpaulo	struct run_softc *sc = ic->ic_ifp->if_softc;
198429Srpaulo
198429Srpaulo	/* sometime called wothout lock */
221636Sbschmidt	if (mtx_owned(&ic->ic_comlock.mtx)) {
178676Ssam		uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
198429Srpaulo		DPRINTF("cmdq_store=%d\n", i);
178676Ssam		sc->cmdq[i].func = run_wme_update_cb;
198429Srpaulo		sc->cmdq[i].arg0 = ic;
201209Srpaulo		ieee80211_runtask(ic, &sc->cmdq_task);
198429Srpaulo		return (0);
198429Srpaulo	}
198429Srpaulo
178676Ssam	RUN_LOCK(sc);
201209Srpaulo	run_wme_update_cb(ic);
201209Srpaulo	RUN_UNLOCK(sc);
201209Srpaulo
198429Srpaulo	/* return whatever, upper layer desn't care anyway */
201209Srpaulo	return (0);
198429Srpaulo}
201209Srpaulo
198429Srpaulostatic void
178676Ssamrun_key_update_begin(struct ieee80211vap *vap)
178676Ssam{
220723Sbschmidt	/*
220723Sbschmidt	 * To avoid out-of-order events, both run_key_set() and
220723Sbschmidt	 * _delete() are deferred and handled by run_cmdq_cb().
221636Sbschmidt	 * So, there is nothing we need to do here.
220723Sbschmidt	 */
221636Sbschmidt}
221636Sbschmidt
221636Sbschmidtstatic void
221636Sbschmidtrun_key_update_end(struct ieee80211vap *vap)
221636Sbschmidt{
221636Sbschmidt	/* null */
221636Sbschmidt}
221636Sbschmidt
221636Sbschmidtstatic void
220723Sbschmidtrun_key_set_cb(void *arg)
221636Sbschmidt{
221636Sbschmidt	struct run_cmdq *cmdq = arg;
221636Sbschmidt	struct ieee80211vap *vap = cmdq->arg1;
221636Sbschmidt	struct ieee80211_key *k = cmdq->k;
221636Sbschmidt	struct ieee80211com *ic = vap->iv_ic;
221636Sbschmidt	struct run_softc *sc = ic->ic_ifp->if_softc;
221636Sbschmidt	struct ieee80211_node *ni;
220723Sbschmidt	uint32_t attr;
220723Sbschmidt	uint16_t base, associd;
220723Sbschmidt	uint8_t mode, wcid, iv[8];
220723Sbschmidt
220723Sbschmidt	RUN_LOCK_ASSERT(sc, MA_OWNED);
220723Sbschmidt
220723Sbschmidt	if (vap->iv_opmode == IEEE80211_M_HOSTAP)
220723Sbschmidt		ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
220723Sbschmidt	else
220723Sbschmidt		ni = vap->iv_bss;
220723Sbschmidt	associd = (ni != NULL) ? ni->ni_associd : 0;
220723Sbschmidt
220723Sbschmidt	/* map net80211 cipher to RT2860 security mode */
220723Sbschmidt	switch (k->wk_cipher->ic_cipher) {
220723Sbschmidt	case IEEE80211_CIPHER_WEP:
220723Sbschmidt		if(k->wk_keylen < 8)
220723Sbschmidt			mode = RT2860_MODE_WEP40;
220723Sbschmidt		else
220723Sbschmidt			mode = RT2860_MODE_WEP104;
220723Sbschmidt		break;
220723Sbschmidt	case IEEE80211_CIPHER_TKIP:
220723Sbschmidt		mode = RT2860_MODE_TKIP;
220723Sbschmidt		break;
220723Sbschmidt	case IEEE80211_CIPHER_AES_CCM:
220723Sbschmidt		mode = RT2860_MODE_AES_CCMP;
220723Sbschmidt		break;
220723Sbschmidt	default:
220723Sbschmidt		DPRINTF("undefined case\n");
220723Sbschmidt		return;
220723Sbschmidt	}
220723Sbschmidt
201209Srpaulo	DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
201209Srpaulo	    associd, k->wk_keyix, mode,
206477Sbschmidt	    (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
201209Srpaulo	    (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
201209Srpaulo	    (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
201209Srpaulo
221637Sbschmidt	if (k->wk_flags & IEEE80211_KEY_GROUP) {
221637Sbschmidt		wcid = 0;	/* NB: update WCID0 for group keys */
221637Sbschmidt		base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
201209Srpaulo	} else {
201209Srpaulo		wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
221637Sbschmidt		    1 : RUN_AID2WCID(associd);
221637Sbschmidt		base = RT2860_PKEY(wcid);
201209Srpaulo	}
201209Srpaulo
201209Srpaulo	if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
201209Srpaulo		if(run_write_region_1(sc, base, k->wk_key, 16))
201209Srpaulo			return;
201209Srpaulo		if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8))	/* wk_txmic */
201209Srpaulo			return;
221637Sbschmidt		if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8))	/* wk_rxmic */
221637Sbschmidt			return;
201209Srpaulo	} else {
201209Srpaulo		/* roundup len to 16-bit: XXX fix write_region_1() instead */
201209Srpaulo		if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
201209Srpaulo			return;
201209Srpaulo	}
201209Srpaulo
201209Srpaulo	if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
201209Srpaulo	    (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
201209Srpaulo		/* set initial packet number in IV+EIV */
201209Srpaulo		if (k->wk_cipher == IEEE80211_CIPHER_WEP) {
201209Srpaulo			memset(iv, 0, sizeof iv);
201209Srpaulo			iv[3] = vap->iv_def_txkey << 6;
201209Srpaulo		} else {
201209Srpaulo			if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
221637Sbschmidt				iv[0] = k->wk_keytsc >> 8;
221637Sbschmidt				iv[1] = (iv[0] | 0x20) & 0x7f;
221637Sbschmidt				iv[2] = k->wk_keytsc;
221637Sbschmidt			} else /* CCMP */ {
221637Sbschmidt				iv[0] = k->wk_keytsc;
221637Sbschmidt				iv[1] = k->wk_keytsc >> 8;
221637Sbschmidt				iv[2] = 0;
221637Sbschmidt			}
221637Sbschmidt			iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
221637Sbschmidt			iv[4] = k->wk_keytsc >> 16;
221637Sbschmidt			iv[5] = k->wk_keytsc >> 24;
221637Sbschmidt			iv[6] = k->wk_keytsc >> 32;
221637Sbschmidt			iv[7] = k->wk_keytsc >> 40;
221637Sbschmidt		}
221637Sbschmidt		if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
221637Sbschmidt			return;
221637Sbschmidt	}
221637Sbschmidt
221637Sbschmidt	if (k->wk_flags & IEEE80211_KEY_GROUP) {
221637Sbschmidt		/* install group key */
221637Sbschmidt		if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
221637Sbschmidt			return;
221637Sbschmidt		attr &= ~(0xf << (k->wk_keyix * 4));
221637Sbschmidt		attr |= mode << (k->wk_keyix * 4);
221637Sbschmidt		if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
221637Sbschmidt			return;
221637Sbschmidt	} else {
201209Srpaulo		/* install pairwise key */
201209Srpaulo		if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
201209Srpaulo			return;
206477Sbschmidt		attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
198429Srpaulo		if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
178676Ssam			return;
198429Srpaulo	}
198429Srpaulo
178676Ssam	/* TODO create a pass-thru key entry? */
221648Sbschmidt
221648Sbschmidt	/* need wcid to delete the right key later */
221648Sbschmidt	k->wk_pad = wcid;
221648Sbschmidt}
221648Sbschmidt
221648Sbschmidt/*
221648Sbschmidt * Don't have to be deferred, but in order to keep order of
221648Sbschmidt * execution, i.e. with run_key_delete(), defer this and let
221648Sbschmidt * run_cmdq_cb() maintain the order.
221648Sbschmidt *
221648Sbschmidt * return 0 on error
221648Sbschmidt */
221648Sbschmidtstatic int
221648Sbschmidtrun_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
221648Sbschmidt		const uint8_t mac[IEEE80211_ADDR_LEN])
221648Sbschmidt{
221648Sbschmidt	struct ieee80211com *ic = vap->iv_ic;
221648Sbschmidt	struct run_softc *sc = ic->ic_ifp->if_softc;
221648Sbschmidt	uint32_t i;
221648Sbschmidt
220715Sbschmidt	i = RUN_CMDQ_GET(&sc->cmdq_store);
220715Sbschmidt	DPRINTF("cmdq_store=%d\n", i);
220715Sbschmidt	sc->cmdq[i].func = run_key_set_cb;
221648Sbschmidt	sc->cmdq[i].arg0 = NULL;
221648Sbschmidt	sc->cmdq[i].arg1 = vap;
220715Sbschmidt	sc->cmdq[i].k = k;
221649Sbschmidt	IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
221648Sbschmidt	ieee80211_runtask(ic, &sc->cmdq_task);
220715Sbschmidt
221648Sbschmidt	/*
221649Sbschmidt	 * To make sure key will be set when hostapd
221649Sbschmidt	 * calls iv_key_set() before if_init().
221648Sbschmidt	 */
221649Sbschmidt	if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
221649Sbschmidt		RUN_LOCK(sc);
221649Sbschmidt		sc->cmdq_key_set = RUN_CMDQ_GO;
221649Sbschmidt		RUN_UNLOCK(sc);
221649Sbschmidt	}
221649Sbschmidt
221649Sbschmidt	return (1);
221649Sbschmidt}
221649Sbschmidt
221649Sbschmidt/*
221649Sbschmidt * If wlan is destroyed without being brought down i.e. without
221649Sbschmidt * wlan down or wpa_cli terminate, this function is called after
221649Sbschmidt * vap is gone. Don't refer it.
221649Sbschmidt */
221649Sbschmidtstatic void
221649Sbschmidtrun_key_delete_cb(void *arg)
221649Sbschmidt{
221649Sbschmidt	struct run_cmdq *cmdq = arg;
221649Sbschmidt	struct run_softc *sc = cmdq->arg1;
221649Sbschmidt	struct ieee80211_key *k = &cmdq->key;
221649Sbschmidt	uint32_t attr;
221649Sbschmidt	uint8_t wcid;
221649Sbschmidt
221649Sbschmidt	RUN_LOCK_ASSERT(sc, MA_OWNED);
221649Sbschmidt
221648Sbschmidt	if (k->wk_flags & IEEE80211_KEY_GROUP) {
221649Sbschmidt		/* remove group key */
221649Sbschmidt		DPRINTF("removing group key\n");
221649Sbschmidt		run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
221649Sbschmidt		attr &= ~(0xf << (k->wk_keyix * 4));
221649Sbschmidt		run_write(sc, RT2860_SKEY_MODE_0_7, attr);
221649Sbschmidt	} else {
221649Sbschmidt		/* remove pairwise key */
221649Sbschmidt		DPRINTF("removing key for wcid %x\n", k->wk_pad);
220715Sbschmidt		/* matching wcid was written to wk_pad in run_key_set() */
220715Sbschmidt		wcid = k->wk_pad;
220715Sbschmidt		run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
206477Sbschmidt		attr &= ~0xf;
198429Srpaulo		run_write(sc, RT2860_WCID_ATTR(wcid), attr);
178676Ssam		run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
220726Sbschmidt	}
220726Sbschmidt
220726Sbschmidt	k->wk_pad = 0;
198429Srpaulo}
198429Srpaulo
198429Srpaulo/*
178676Ssam * return 0 on error
206477Sbschmidt */
198429Srpaulostatic int
198429Srpaulorun_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
198429Srpaulo{
198429Srpaulo	struct ieee80211com *ic = vap->iv_ic;
198429Srpaulo	struct run_softc *sc = ic->ic_ifp->if_softc;
220688Sbschmidt	struct ieee80211_key *k0;
178676Ssam	uint32_t i;
198429Srpaulo
220726Sbschmidt	/*
178676Ssam	 * When called back, key might be gone. So, make a copy
198429Srpaulo	 * of some values need to delete keys before deferring.
198429Srpaulo	 * But, because of LOR with node lock, cannot use lock here.
220667Sbschmidt	 * So, use atomic instead.
178676Ssam	 */
210114Sbschmidt	i = RUN_CMDQ_GET(&sc->cmdq_store);
210114Sbschmidt	DPRINTF("cmdq_store=%d\n", i);
210114Sbschmidt	sc->cmdq[i].func = run_key_delete_cb;
210114Sbschmidt	sc->cmdq[i].arg0 = NULL;
210114Sbschmidt	sc->cmdq[i].arg1 = sc;
210114Sbschmidt	k0 = &sc->cmdq[i].key;
210114Sbschmidt	k0->wk_flags = k->wk_flags;
210114Sbschmidt	k0->wk_keyix = k->wk_keyix;
210114Sbschmidt	/* matching wcid was written to wk_pad in run_key_set() */
210114Sbschmidt	k0->wk_pad = k->wk_pad;
210114Sbschmidt	ieee80211_runtask(ic, &sc->cmdq_task);
210114Sbschmidt	return (1);	/* return fake success */
210114Sbschmidt
198439Srpaulo}
198439Srpaulo
220667Sbschmidtstatic void
220667Sbschmidtrun_ratectl_to(void *arg)
220688Sbschmidt{
220688Sbschmidt	struct run_softc *sc = arg;
220688Sbschmidt
220688Sbschmidt	/* do it in a process context, so it can go sleep */
210114Sbschmidt	ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
210114Sbschmidt	/* next timeout will be rescheduled in the callback task */
210114Sbschmidt}
198429Srpaulo
210114Sbschmidt/* ARGSUSED */
210114Sbschmidtstatic void
220667Sbschmidtrun_ratectl_cb(void *arg, int pending)
220667Sbschmidt{
210114Sbschmidt	struct run_softc *sc = arg;
210114Sbschmidt	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
210114Sbschmidt	struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
210114Sbschmidt
198429Srpaulo	if (vap == NULL)
198429Srpaulo		return;
198429Srpaulo
198429Srpaulo	if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA)
220688Sbschmidt		run_iter_func(sc, vap->iv_bss);
220688Sbschmidt	else {
220688Sbschmidt		/*
220688Sbschmidt		 * run_reset_livelock() doesn't do anything with AMRR,
210114Sbschmidt		 * but Ralink wants us to call it every 1 sec. So, we
210114Sbschmidt		 * piggyback here rather than creating another callout.
220667Sbschmidt		 * Livelock may occur only in HOSTAP or IBSS mode
220667Sbschmidt		 * (when h/w is sending beacons).
220667Sbschmidt		 */
220667Sbschmidt		RUN_LOCK(sc);
210114Sbschmidt		run_reset_livelock(sc);
210114Sbschmidt		/* just in case, there are some stats to drain */
178676Ssam		run_drain_fifo(sc);
198429Srpaulo		RUN_UNLOCK(sc);
198429Srpaulo		ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
220688Sbschmidt	}
220688Sbschmidt
198429Srpaulo	if(sc->ratectl_run != RUN_RATECTL_OFF)
178676Ssam		usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
178676Ssam}
220667Sbschmidt
220667Sbschmidtstatic void
220667Sbschmidtrun_drain_fifo(void *arg)
220667Sbschmidt{
220667Sbschmidt	struct run_softc *sc = arg;
220667Sbschmidt	struct ifnet *ifp = sc->sc_ifp;
220667Sbschmidt	uint32_t stat;
220667Sbschmidt	uint16_t (*wstat)[3];
220667Sbschmidt	uint8_t wcid, mcs, pid;
220667Sbschmidt	int8_t retry;
220667Sbschmidt
220667Sbschmidt	RUN_LOCK_ASSERT(sc, MA_OWNED);
220667Sbschmidt
220667Sbschmidt	for (;;) {
220667Sbschmidt		/* drain Tx status FIFO (maxsize = 16) */
220667Sbschmidt		run_read(sc, RT2860_TX_STAT_FIFO, &stat);
220667Sbschmidt		DPRINTFN(4, "tx stat 0x%08x\n", stat);
220667Sbschmidt		if (!(stat & RT2860_TXQ_VLD))
220667Sbschmidt			break;
220667Sbschmidt
220667Sbschmidt		wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
198429Srpaulo
198429Srpaulo		/* if no ACK was requested, no feedback is available */
198429Srpaulo		if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
198429Srpaulo		    wcid == 0)
206477Sbschmidt			continue;
198429Srpaulo
198429Srpaulo		/*
178676Ssam		 * Even though each stat is Tx-complete-status like format,
198429Srpaulo		 * the device can poll stats. Because there is no guarantee
198429Srpaulo		 * that the referring node is still around when read the stats.
198429Srpaulo		 * So that, if we use ieee80211_ratectl_tx_update(), we will
202986Srpaulo		 * have hard time not to refer already freed node.
198429Srpaulo		 *
198429Srpaulo		 * To eliminate such page faults, we poll stats in softc.
198429Srpaulo		 * Then, update the rates later with ieee80211_ratectl_tx_update().
198429Srpaulo		 */
178676Ssam		wstat = &(sc->wcid_stats[wcid]);
178676Ssam		(*wstat)[RUN_TXCNT]++;
198429Srpaulo		if (stat & RT2860_TXQ_OK)
198429Srpaulo			(*wstat)[RUN_SUCCESS]++;
198429Srpaulo		else
198429Srpaulo			ifp->if_oerrors++;
206477Sbschmidt		/*
198429Srpaulo		 * Check if there were retries, ie if the Tx success rate is
178676Ssam		 * different from the requested rate. Note that it works only
178676Ssam		 * because we do not allow rate fallback from OFDM to CCK.
220728Sbschmidt		 */
178676Ssam		mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
178676Ssam		pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
178676Ssam		if ((retry = pid -1 - mcs) > 0) {
178676Ssam			(*wstat)[RUN_TXCNT] += retry;
178676Ssam			(*wstat)[RUN_RETRY] += retry;
198429Srpaulo		}
178676Ssam	}
178676Ssam	DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
178676Ssam
198429Srpaulo	sc->fifo_cnt = 0;
198429Srpaulo}
178676Ssam
198429Srpaulostatic void
198429Srpaulorun_iter_func(void *arg, struct ieee80211_node *ni)
178676Ssam{
178676Ssam	struct run_softc *sc = arg;
201209Srpaulo	struct ieee80211vap *vap = ni->ni_vap;
178676Ssam	struct ieee80211com *ic = ni->ni_ic;
178676Ssam	struct ifnet *ifp = ic->ic_ifp;
178676Ssam	struct run_node *rn = (void *)ni;
178676Ssam	union run_stats sta[2];
178676Ssam	uint16_t (*wstat)[3];
178676Ssam	int txcnt, success, retrycnt, error;
201209Srpaulo
198439Srpaulo	RUN_LOCK(sc);
178676Ssam
178676Ssam	if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
220724Sbschmidt	    vap->iv_opmode == IEEE80211_M_STA)) {
220724Sbschmidt		/* read statistic counters (clear on read) and update AMRR state */
178676Ssam		error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
178676Ssam		    sizeof sta);
198429Srpaulo		if (error != 0)
198429Srpaulo			goto fail;
198429Srpaulo
198429Srpaulo		/* count failed TX as errors */
178676Ssam		ifp->if_oerrors += le16toh(sta[0].error.fail);
178676Ssam
178676Ssam		retrycnt = le16toh(sta[1].tx.retry);
178676Ssam		success = le16toh(sta[1].tx.success);
178676Ssam		txcnt = retrycnt + success + le16toh(sta[0].error.fail);
198429Srpaulo
198429Srpaulo		DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n",
198429Srpaulo			retrycnt, success, le16toh(sta[0].error.fail));
198429Srpaulo	} else {
220724Sbschmidt		wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
198429Srpaulo
178676Ssam		if (wstat == &(sc->wcid_stats[0]) ||
178676Ssam		    wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
178676Ssam			goto fail;
198429Srpaulo
198429Srpaulo		txcnt = (*wstat)[RUN_TXCNT];
178676Ssam		success = (*wstat)[RUN_SUCCESS];
178676Ssam		retrycnt = (*wstat)[RUN_RETRY];
178676Ssam		DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n",
178676Ssam		    retrycnt, txcnt, success);
178676Ssam
178676Ssam		memset(wstat, 0, sizeof(*wstat));
220692Sbschmidt	}
198429Srpaulo
178676Ssam	ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt);
178676Ssam	rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
178676Ssam
178676Ssamfail:
178676Ssam	RUN_UNLOCK(sc);
201209Srpaulo
201209Srpaulo	DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
220692Sbschmidt}
220692Sbschmidt
178676Ssamstatic void
178676Ssamrun_newassoc_cb(void *arg)
178676Ssam{
198429Srpaulo	struct run_cmdq *cmdq = arg;
220693Sbschmidt	struct ieee80211_node *ni = cmdq->arg1;
220693Sbschmidt	struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
220693Sbschmidt	uint8_t wcid = cmdq->wcid;
220693Sbschmidt
220693Sbschmidt	RUN_LOCK_ASSERT(sc, MA_OWNED);
220693Sbschmidt
220693Sbschmidt	run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
220693Sbschmidt	    ni->ni_macaddr, IEEE80211_ADDR_LEN);
220693Sbschmidt
220693Sbschmidt	memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
220693Sbschmidt}
220693Sbschmidt
178676Ssamstatic void
178676Ssamrun_newassoc(struct ieee80211_node *ni, int isnew)
178676Ssam{
178676Ssam	struct run_node *rn = (void *)ni;
178676Ssam	struct ieee80211_rateset *rs = &ni->ni_rates;
198429Srpaulo	struct ieee80211vap *vap = ni->ni_vap;
198429Srpaulo	struct ieee80211com *ic = vap->iv_ic;
198429Srpaulo	struct run_softc *sc = ic->ic_ifp->if_softc;
201209Srpaulo	uint8_t rate;
201209Srpaulo	uint8_t ridx;
198429Srpaulo	uint8_t wcid;
198429Srpaulo	int i, j;
178676Ssam
178676Ssam	wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
178676Ssam	    1 : RUN_AID2WCID(ni->ni_associd);
178676Ssam
198429Srpaulo	if (wcid > RT2870_WCID_MAX) {
178676Ssam		device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
178676Ssam		return;
178676Ssam	}
178676Ssam
178676Ssam	/* only interested in true associations */
220728Sbschmidt	if (isnew && ni->ni_associd != 0) {
220689Sbschmidt
192468Ssam		/*
178676Ssam		 * This function could is called though timeout function.
178676Ssam		 * Need to defer.
178676Ssam		 */
201209Srpaulo		uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
192468Ssam		DPRINTF("cmdq_store=%d\n", cnt);
220723Sbschmidt		sc->cmdq[cnt].func = run_newassoc_cb;
220723Sbschmidt		sc->cmdq[cnt].arg0 = NULL;
220723Sbschmidt		sc->cmdq[cnt].arg1 = ni;
201209Srpaulo		sc->cmdq[cnt].wcid = wcid;
201209Srpaulo		ieee80211_runtask(ic, &sc->cmdq_task);
201209Srpaulo	}
201209Srpaulo
201209Srpaulo	DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
201209Srpaulo	    isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
201209Srpaulo
201209Srpaulo	for (i = 0; i < rs->rs_nrates; i++) {
201209Srpaulo		rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
201209Srpaulo		/* convert 802.11 rate to hardware rate index */
201209Srpaulo		for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
201209Srpaulo			if (rt2860_rates[ridx].rate == rate)
201209Srpaulo				break;
201209Srpaulo		rn->ridx[i] = ridx;
201209Srpaulo		/* determine rate of control response frames */
201209Srpaulo		for (j = i; j >= 0; j--) {
201209Srpaulo			if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
201209Srpaulo			    rt2860_rates[rn->ridx[i]].phy ==
178676Ssam			    rt2860_rates[rn->ridx[j]].phy)
178676Ssam				break;
178676Ssam		}
178676Ssam		if (j >= 0) {
198429Srpaulo			rn->ctl_ridx[i] = rn->ridx[j];
178676Ssam		} else {
221650Sbschmidt			/* no basic rate found, use mandatory one */
221650Sbschmidt			rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
220726Sbschmidt		}
198429Srpaulo		DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
178676Ssam		    rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
178676Ssam	}
220726Sbschmidt	rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
178676Ssam	for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
178676Ssam		if (rt2860_rates[ridx].rate == rate)
178676Ssam			break;
178676Ssam	rn->mgt_ridx = ridx;
201209Srpaulo	DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
206477Sbschmidt
201209Srpaulo	usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
201209Srpaulo}
201209Srpaulo
221651Sbschmidt/*
221651Sbschmidt * Return the Rx chain with the highest RSSI for a given frame.
221651Sbschmidt */
201209Srpaulostatic __inline uint8_t
201209Srpaulorun_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
221651Sbschmidt{
221651Sbschmidt	uint8_t rxchain = 0;
221651Sbschmidt
221651Sbschmidt	if (sc->nrxchains > 1) {
201209Srpaulo		if (rxwi->rssi[1] > rxwi->rssi[rxchain])
220704Sbschmidt			rxchain = 1;
220704Sbschmidt		if (sc->nrxchains > 2)
221651Sbschmidt			if (rxwi->rssi[2] > rxwi->rssi[rxchain])
221651Sbschmidt				rxchain = 2;
221651Sbschmidt	}
221651Sbschmidt	return (rxchain);
221651Sbschmidt}
221651Sbschmidt
221651Sbschmidtstatic void
221651Sbschmidtrun_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
221651Sbschmidt{
221651Sbschmidt	struct ifnet *ifp = sc->sc_ifp;
221651Sbschmidt	struct ieee80211com *ic = ifp->if_l2com;
221651Sbschmidt	struct ieee80211_frame *wh;
221651Sbschmidt	struct ieee80211_node *ni;
221651Sbschmidt	struct rt2870_rxd *rxd;
221651Sbschmidt	struct rt2860_rxwi *rxwi;
221651Sbschmidt	uint32_t flags;
221651Sbschmidt	uint16_t len, phy;
221651Sbschmidt	uint8_t ant, rssi;
221651Sbschmidt	int8_t nf;
221651Sbschmidt
221651Sbschmidt	rxwi = mtod(m, struct rt2860_rxwi *);
221651Sbschmidt	len = le16toh(rxwi->len) & 0xfff;
221651Sbschmidt	if (__predict_false(len > dmalen)) {
221651Sbschmidt		m_freem(m);
221651Sbschmidt		ifp->if_ierrors++;
221651Sbschmidt		DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
221651Sbschmidt		return;
221651Sbschmidt	}
221651Sbschmidt	/* Rx descriptor is located at the end */
201209Srpaulo	rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
201209Srpaulo	flags = le32toh(rxd->flags);
198429Srpaulo
220674Sbschmidt	if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
220674Sbschmidt		m_freem(m);
220674Sbschmidt		ifp->if_ierrors++;
220674Sbschmidt		DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
220674Sbschmidt		return;
220674Sbschmidt	}
220674Sbschmidt
220674Sbschmidt	m->m_data += sizeof(struct rt2860_rxwi);
220674Sbschmidt	m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi);
220674Sbschmidt
220674Sbschmidt	wh = mtod(m, struct ieee80211_frame *);
220674Sbschmidt
220674Sbschmidt	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
220674Sbschmidt		wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
220674Sbschmidt		m->m_flags |= M_WEP;
220674Sbschmidt	}
220674Sbschmidt
220674Sbschmidt	if (flags & RT2860_RX_L2PAD) {
220674Sbschmidt		DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
220867Sbschmidt		len += 2;
220867Sbschmidt	}
220867Sbschmidt
220674Sbschmidt	ni = ieee80211_find_rxnode(ic,
220674Sbschmidt	    mtod(m, struct ieee80211_frame_min *));
220674Sbschmidt
220674Sbschmidt	if (__predict_false(flags & RT2860_RX_MICERR)) {
220674Sbschmidt		/* report MIC failures to net80211 for TKIP */
220674Sbschmidt		if (ni != NULL)
220674Sbschmidt			ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx);
220674Sbschmidt		m_freem(m);
220674Sbschmidt		ifp->if_ierrors++;
220674Sbschmidt		DPRINTF("MIC error. Someone is lying.\n");
220674Sbschmidt		return;
220674Sbschmidt	}
220674Sbschmidt
220674Sbschmidt	ant = run_maxrssi_chain(sc, rxwi);
220674Sbschmidt	rssi = rxwi->rssi[ant];
220674Sbschmidt	nf = run_rssi2dbm(sc, rssi, ant);
220674Sbschmidt
220674Sbschmidt	m->m_pkthdr.rcvif = ifp;
220674Sbschmidt	m->m_pkthdr.len = m->m_len = len;
220674Sbschmidt
220674Sbschmidt	if (ni != NULL) {
220674Sbschmidt		(void)ieee80211_input(ni, m, rssi, nf);
220674Sbschmidt		ieee80211_free_node(ni);
220674Sbschmidt	} else {
220674Sbschmidt		(void)ieee80211_input_all(ic, m, rssi, nf);
220674Sbschmidt	}
220674Sbschmidt
220674Sbschmidt	if (__predict_false(ieee80211_radiotap_active(ic))) {
220674Sbschmidt		struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
220674Sbschmidt
220674Sbschmidt		tap->wr_flags = 0;
220674Sbschmidt		tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
220674Sbschmidt		tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
220674Sbschmidt		tap->wr_antsignal = rssi;
220674Sbschmidt		tap->wr_antenna = ant;
220674Sbschmidt		tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
220674Sbschmidt		tap->wr_rate = 2;	/* in case it can't be found below */
198429Srpaulo		phy = le16toh(rxwi->phy);
198429Srpaulo		switch (phy & RT2860_PHY_MODE) {
198429Srpaulo		case RT2860_PHY_CCK:
206477Sbschmidt			switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
198429Srpaulo			case 0:	tap->wr_rate =   2; break;
198429Srpaulo			case 1:	tap->wr_rate =   4; break;
198429Srpaulo			case 2:	tap->wr_rate =  11; break;
220728Sbschmidt			case 3:	tap->wr_rate =  22; break;
178676Ssam			}
178676Ssam			if (phy & RT2860_PHY_SHPRE)
178676Ssam				tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
178676Ssam			break;
178676Ssam		case RT2860_PHY_OFDM:
198429Srpaulo			switch (phy & RT2860_PHY_MCS) {
178676Ssam			case 0:	tap->wr_rate =  12; break;
220725Sbschmidt			case 1:	tap->wr_rate =  18; break;
178676Ssam			case 2:	tap->wr_rate =  24; break;
178676Ssam			case 3:	tap->wr_rate =  36; break;
178676Ssam			case 4:	tap->wr_rate =  48; break;
178676Ssam			case 5:	tap->wr_rate =  72; break;
202986Srpaulo			case 6:	tap->wr_rate =  96; break;
220724Sbschmidt			case 7:	tap->wr_rate = 108; break;
220724Sbschmidt			}
220724Sbschmidt			break;
220667Sbschmidt		}
178676Ssam	}
198429Srpaulo}
178676Ssam
198429Srpaulostatic void
178676Ssamrun_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
220728Sbschmidt{
178676Ssam	struct run_softc *sc = usbd_xfer_softc(xfer);
178676Ssam	struct ifnet *ifp = sc->sc_ifp;
178676Ssam	struct mbuf *m = NULL;
220725Sbschmidt	struct mbuf *m0;
198429Srpaulo	uint32_t dmalen;
198429Srpaulo	int xferlen;
178676Ssam
178676Ssam	usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
178676Ssam
198429Srpaulo	switch (USB_GET_STATE(xfer)) {
178676Ssam	case USB_ST_TRANSFERRED:
178676Ssam
178676Ssam		DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
178676Ssam
198429Srpaulo		if (xferlen < (int)(sizeof(uint32_t) +
198429Srpaulo		    sizeof(struct rt2860_rxwi) + sizeof(struct rt2870_rxd))) {
178676Ssam			DPRINTF("xfer too short %d\n", xferlen);
178676Ssam			goto tr_setup;
178676Ssam		}
178676Ssam
178676Ssam		m = sc->rx_m;
178676Ssam		sc->rx_m = NULL;
198429Srpaulo
178676Ssam		/* FALLTHROUGH */
178676Ssam	case USB_ST_SETUP:
178676Ssamtr_setup:
178676Ssam		if (sc->rx_m == NULL) {
198429Srpaulo			sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
198429Srpaulo			    MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
198429Srpaulo		}
198429Srpaulo		if (sc->rx_m == NULL) {
206477Sbschmidt			DPRINTF("could not allocate mbuf - idle with stall\n");
198429Srpaulo			ifp->if_ierrors++;
198429Srpaulo			usbd_xfer_set_stall(xfer);
178676Ssam			usbd_xfer_set_frames(xfer, 0);
198429Srpaulo		} else {
221651Sbschmidt			/*
221651Sbschmidt			 * Directly loading a mbuf cluster into DMA to
198429Srpaulo			 * save some data copying. This works because
221651Sbschmidt			 * there is only one cluster.
221651Sbschmidt			 */
221651Sbschmidt			usbd_xfer_set_frame_data(xfer, 0,
198429Srpaulo			    mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
198429Srpaulo			usbd_xfer_set_frames(xfer, 1);
201209Srpaulo		}
201209Srpaulo		usbd_transfer_submit(xfer);
198429Srpaulo		break;
201209Srpaulo
207001Sbschmidt	default:	/* Error */
221651Sbschmidt		if (error != USB_ERR_CANCELLED) {
221651Sbschmidt			/* try to clear stall first */
221651Sbschmidt			usbd_xfer_set_stall(xfer);
221651Sbschmidt
221651Sbschmidt			if (error == USB_ERR_TIMEOUT)
221651Sbschmidt				device_printf(sc->sc_dev, "device timeout\n");
221651Sbschmidt
198429Srpaulo			ifp->if_ierrors++;
198429Srpaulo
206477Sbschmidt			goto tr_setup;
198429Srpaulo		}
198429Srpaulo		if (sc->rx_m != NULL) {
198429Srpaulo			m_freem(sc->rx_m);
198429Srpaulo			sc->rx_m = NULL;
221651Sbschmidt		}
221651Sbschmidt		break;
198429Srpaulo	}
221651Sbschmidt
221651Sbschmidt	if (m == NULL)
221651Sbschmidt		return;
198429Srpaulo
198429Srpaulo	/* inputting all the frames must be last */
201209Srpaulo
201209Srpaulo	RUN_UNLOCK(sc);
198429Srpaulo
198429Srpaulo	m->m_pkthdr.len = m->m_len = xferlen;
201209Srpaulo
198429Srpaulo	/* HW can aggregate multiple 802.11 frames in a single USB xfer */
198429Srpaulo	for(;;) {
201209Srpaulo		dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
202986Srpaulo
207001Sbschmidt		if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
221651Sbschmidt		    ((dmalen & 3) != 0)) {
221651Sbschmidt			DPRINTF("bad DMA length %u\n", dmalen);
221651Sbschmidt			break;
221651Sbschmidt		}
221651Sbschmidt		if ((dmalen + 8) > (uint32_t)xferlen) {
221651Sbschmidt			DPRINTF("bad DMA length %u > %d\n",
221651Sbschmidt			dmalen + 8, xferlen);
198429Srpaulo			break;
198429Srpaulo		}
198429Srpaulo
198429Srpaulo		/* If it is the last one or a single frame, we won't copy. */
198429Srpaulo		if ((xferlen -= dmalen + 8) <= 8) {
206477Sbschmidt			/* trim 32-bit DMA-len header */
201209Srpaulo			m->m_data += 4;
198429Srpaulo			m->m_pkthdr.len = m->m_len -= 4;
198429Srpaulo			run_rx_frame(sc, m, dmalen);
178676Ssam			break;
178676Ssam		}
178676Ssam
178676Ssam		/* copy aggregated frames to another mbuf */
178676Ssam		m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
206358Srpaulo		if (__predict_false(m0 == NULL)) {
178676Ssam			DPRINTF("could not allocate mbuf\n");
178676Ssam			ifp->if_ierrors++;
178676Ssam			break;
198429Srpaulo		}
201209Srpaulo		m_copydata(m, 4 /* skip 32-bit DMA-len header */,
201209Srpaulo		    dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
178676Ssam		m0->m_pkthdr.len = m0->m_len =
178676Ssam		    dmalen + sizeof(struct rt2870_rxd);
206358Srpaulo		run_rx_frame(sc, m0, dmalen);
178676Ssam
178676Ssam		/* update data ptr */
178676Ssam		m->m_data += dmalen + 8;
178676Ssam		m->m_pkthdr.len = m->m_len -= dmalen + 8;
178676Ssam	}
178676Ssam
178676Ssam	RUN_LOCK(sc);
178676Ssam}
178676Ssam
178676Ssamstatic void
178676Ssamrun_tx_free(struct run_endpoint_queue *pq,
178676Ssam    struct run_tx_data *data, int txerr)
178676Ssam{
178676Ssam	if (data->m != NULL) {
178676Ssam		if (data->m->m_flags & M_TXCB)
178676Ssam			ieee80211_process_callback(data->ni, data->m,
178676Ssam			    txerr ? ETIMEDOUT : 0);
178676Ssam		m_freem(data->m);
178676Ssam		data->m = NULL;
178676Ssam
178676Ssam		if (data->ni == NULL) {
178676Ssam			DPRINTF("no node\n");
178676Ssam		} else {
201209Srpaulo			ieee80211_free_node(data->ni);
201209Srpaulo			data->ni = NULL;
201209Srpaulo		}
201209Srpaulo	}
220719Sbschmidt
201209Srpaulo	STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
206358Srpaulo	pq->tx_nfree++;
206358Srpaulo}
201209Srpaulo
220719Sbschmidtstatic void
206358Srpaulorun_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, unsigned int index)
206358Srpaulo{
201209Srpaulo	struct run_softc *sc = usbd_xfer_softc(xfer);
178676Ssam	struct ifnet *ifp = sc->sc_ifp;
178676Ssam	struct ieee80211com *ic = ifp->if_l2com;
178676Ssam	struct run_tx_data *data;
178676Ssam	struct ieee80211vap *vap = NULL;
198429Srpaulo	struct usb_page_cache *pc;
198429Srpaulo	struct run_endpoint_queue *pq = &sc->sc_epq[index];
198429Srpaulo	struct mbuf *m;
198429Srpaulo	usb_frlength_t size;
198429Srpaulo	int actlen;
198429Srpaulo	int sumlen;
198429Srpaulo
198429Srpaulo	usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
178676Ssam
178676Ssam	switch (USB_GET_STATE(xfer)) {
198429Srpaulo	case USB_ST_TRANSFERRED:
198429Srpaulo		DPRINTFN(11, "transfer complete: %d "
198429Srpaulo		    "bytes @ index %d\n", actlen, index);
198429Srpaulo
206477Sbschmidt		data = usbd_xfer_get_priv(xfer);
198429Srpaulo
178676Ssam		run_tx_free(pq, data, 0);
178676Ssam		ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
178676Ssam
178676Ssam		usbd_xfer_set_priv(xfer, NULL);
178676Ssam
198429Srpaulo		ifp->if_opackets++;
178676Ssam
178676Ssam		/* FALLTHROUGH */
178676Ssam	case USB_ST_SETUP:
198429Srpaulotr_setup:
178676Ssam		data = STAILQ_FIRST(&pq->tx_qh);
220704Sbschmidt		if (data == NULL)
220704Sbschmidt			break;
201209Srpaulo
178676Ssam		STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
178676Ssam
178676Ssam		m = data->m;
198439Srpaulo		if ((m->m_pkthdr.len +
178676Ssam		    sizeof(data->desc) + 3 + 8) > RUN_MAX_TXSZ) {
178676Ssam			DPRINTF("data overflow, %u bytes\n",
221651Sbschmidt			    m->m_pkthdr.len);
221651Sbschmidt
221651Sbschmidt			ifp->if_oerrors++;
221651Sbschmidt
221651Sbschmidt			run_tx_free(pq, data, 1);
221651Sbschmidt
221651Sbschmidt			goto tr_setup;
221651Sbschmidt		}
221651Sbschmidt
221651Sbschmidt		pc = usbd_xfer_get_frame(xfer, 0);
221651Sbschmidt		size = sizeof(data->desc);
221651Sbschmidt		usbd_copy_in(pc, 0, &data->desc, size);
221651Sbschmidt		usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
221651Sbschmidt		size += m->m_pkthdr.len;
221651Sbschmidt		/*
221651Sbschmidt		 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
221651Sbschmidt		 * 4-byte padding), and be sure to zero those trailing
221651Sbschmidt		 * bytes:
221651Sbschmidt		 */
221651Sbschmidt		usbd_frame_zero(pc, size, ((-size) & 3) + 8);
221651Sbschmidt		size += ((-size) & 3) + 8;
221651Sbschmidt
221651Sbschmidt		vap = data->ni->ni_vap;
221651Sbschmidt		if (ieee80211_radiotap_active_vap(vap)) {
221651Sbschmidt			struct run_tx_radiotap_header *tap = &sc->sc_txtap;
221651Sbschmidt			struct rt2860_txwi *txwi =
221651Sbschmidt			    (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
221651Sbschmidt
221651Sbschmidt			tap->wt_flags = 0;
221651Sbschmidt			tap->wt_rate = rt2860_rates[data->ridx].rate;
221651Sbschmidt			tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
221651Sbschmidt			tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
221651Sbschmidt			tap->wt_hwqueue = index;
221651Sbschmidt			if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
221651Sbschmidt				tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
221651Sbschmidt
221651Sbschmidt			ieee80211_radiotap_tx(vap, m);
221651Sbschmidt		}
221651Sbschmidt
221651Sbschmidt		DPRINTFN(11, "sending frame len=%u/%u  @ index %d\n",
221651Sbschmidt		    m->m_pkthdr.len, size, index);
221651Sbschmidt
221651Sbschmidt		usbd_xfer_set_frame_len(xfer, 0, size);
221651Sbschmidt		usbd_xfer_set_priv(xfer, data);
221651Sbschmidt
221651Sbschmidt		usbd_transfer_submit(xfer);
221651Sbschmidt
221651Sbschmidt		RUN_UNLOCK(sc);
221651Sbschmidt		run_start(ifp);
221651Sbschmidt		RUN_LOCK(sc);
221651Sbschmidt
221651Sbschmidt		break;
221651Sbschmidt
221651Sbschmidt	default:
221651Sbschmidt		DPRINTF("USB transfer error, %s\n",
221651Sbschmidt		    usbd_errstr(error));
221651Sbschmidt
221651Sbschmidt		data = usbd_xfer_get_priv(xfer);
221651Sbschmidt
221651Sbschmidt		ifp->if_oerrors++;
221651Sbschmidt
221651Sbschmidt		if (data != NULL) {
221651Sbschmidt			if(data->ni != NULL)
221651Sbschmidt				vap = data->ni->ni_vap;
221651Sbschmidt			run_tx_free(pq, data, error);
221651Sbschmidt			usbd_xfer_set_priv(xfer, NULL);
221651Sbschmidt		}
221651Sbschmidt		if (vap == NULL)
221651Sbschmidt			vap = TAILQ_FIRST(&ic->ic_vaps);
221651Sbschmidt
221651Sbschmidt		if (error != USB_ERR_CANCELLED) {
221651Sbschmidt			if (error == USB_ERR_TIMEOUT) {
221651Sbschmidt				device_printf(sc->sc_dev, "device timeout\n");
221651Sbschmidt				uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
221651Sbschmidt				DPRINTF("cmdq_store=%d\n", i);
221651Sbschmidt				sc->cmdq[i].func = run_usb_timeout_cb;
221651Sbschmidt				sc->cmdq[i].arg0 = vap;
221651Sbschmidt				ieee80211_runtask(ic, &sc->cmdq_task);
221651Sbschmidt			}
221651Sbschmidt
221651Sbschmidt			/*
221651Sbschmidt			 * Try to clear stall first, also if other
221651Sbschmidt			 * errors occur, hence clearing stall
221651Sbschmidt			 * introduces a 50 ms delay:
221651Sbschmidt			 */
221651Sbschmidt			usbd_xfer_set_stall(xfer);
221651Sbschmidt			goto tr_setup;
221651Sbschmidt		}
221651Sbschmidt		break;
221651Sbschmidt	}
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic void
206477Sbschmidtrun_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
178676Ssam{
178676Ssam	run_bulk_tx_callbackN(xfer, error, 0);
220728Sbschmidt}
178676Ssam
178676Ssamstatic void
178676Ssamrun_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
178676Ssam{
178676Ssam	run_bulk_tx_callbackN(xfer, error, 1);
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic void
198429Srpaulorun_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
178676Ssam{
178676Ssam	run_bulk_tx_callbackN(xfer, error, 2);
198429Srpaulo}
178676Ssam
201209Srpaulostatic void
201209Srpaulorun_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
198429Srpaulo{
198429Srpaulo	run_bulk_tx_callbackN(xfer, error, 3);
178676Ssam}
178676Ssam
198439Srpaulostatic void
178676Ssamrun_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
178676Ssam{
178676Ssam	run_bulk_tx_callbackN(xfer, error, 4);
198429Srpaulo}
198429Srpaulo
178676Ssamstatic void
178676Ssamrun_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
198429Srpaulo{
198429Srpaulo	run_bulk_tx_callbackN(xfer, error, 5);
178676Ssam}
178676Ssam
198429Srpaulostatic void
198429Srpaulorun_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
198429Srpaulo{
198429Srpaulo	struct mbuf *m = data->m;
178676Ssam	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
178676Ssam	struct ieee80211vap *vap = data->ni->ni_vap;
201209Srpaulo	struct ieee80211_frame *wh;
201209Srpaulo	struct rt2870_txd *txd;
201209Srpaulo	struct rt2860_txwi *txwi;
201209Srpaulo	uint16_t xferlen;
201209Srpaulo	uint16_t mcs;
178676Ssam	uint8_t ridx = data->ridx;
198429Srpaulo	uint8_t pad;
220728Sbschmidt
178676Ssam	/* get MCS code from rate index */
178676Ssam	mcs = rt2860_rates[ridx].mcs;
178676Ssam
178676Ssam	xferlen = sizeof(*txwi) + m->m_pkthdr.len;
198429Srpaulo
178676Ssam	/* roundup to 32-bit alignment */
178676Ssam	xferlen = (xferlen + 3) & ~3;
198429Srpaulo
198429Srpaulo	txd = (struct rt2870_txd *)&data->desc;
178676Ssam	txd->len = htole16(xferlen);
178676Ssam
202986Srpaulo	wh = mtod(m, struct ieee80211_frame *);
178676Ssam
201209Srpaulo	/*
201209Srpaulo	 * Ether both are true or both are false, the header
202986Srpaulo	 * are nicely aligned to 32-bit. So, no L2 padding.
201209Srpaulo	 */
178676Ssam	if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
178676Ssam		pad = 0;
178676Ssam	else
178676Ssam		pad = 2;
178676Ssam
178676Ssam	/* setup TX Wireless Information */
178676Ssam	txwi = (struct rt2860_txwi *)(txd + 1);
220660Sbschmidt	txwi->len = htole16(m->m_pkthdr.len - pad);
220660Sbschmidt	if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
220660Sbschmidt		txwi->phy = htole16(RT2860_PHY_CCK);
220660Sbschmidt		if (ridx != RT2860_RIDX_CCK1 &&
220660Sbschmidt		    (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
220660Sbschmidt			mcs |= RT2860_PHY_SHPRE;
220660Sbschmidt	} else
220660Sbschmidt		txwi->phy = htole16(RT2860_PHY_OFDM);
220660Sbschmidt	txwi->phy |= htole16(mcs);
201209Srpaulo
178676Ssam	/* check if RTS/CTS or CTS-to-self protection is required */
178676Ssam	if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
198429Srpaulo	    (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
198429Srpaulo	     ((ic->ic_flags & IEEE80211_F_USEPROT) &&
178676Ssam	      rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
178676Ssam		txwi->txop |= RT2860_TX_TXOP_HT;
178676Ssam	else
198429Srpaulo		txwi->txop |= RT2860_TX_TXOP_BACKOFF;
201209Srpaulo
201209Srpaulo	if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
178676Ssam		txwi->xflags |= RT2860_TX_NSEQ;
178676Ssam}
178676Ssam
178676Ssam/* This function must be called locked */
178676Ssamstatic int
178676Ssamrun_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
178676Ssam{
198429Srpaulo	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
178676Ssam	struct ieee80211vap *vap = ni->ni_vap;
178676Ssam	struct ieee80211_frame *wh;
178676Ssam	struct ieee80211_channel *chan;
201209Srpaulo	const struct ieee80211_txparam *tp;
178676Ssam	struct run_node *rn = (void *)ni;
178676Ssam	struct run_tx_data *data;
198429Srpaulo	struct rt2870_txd *txd;
198429Srpaulo	struct rt2860_txwi *txwi;
178676Ssam	uint16_t qos;
178676Ssam	uint16_t dur;
198429Srpaulo	uint16_t qid;
198429Srpaulo	uint8_t type;
178676Ssam	uint8_t tid;
178676Ssam	uint8_t ridx;
178676Ssam	uint8_t ctl_ridx;
178676Ssam	uint8_t qflags;
178676Ssam	uint8_t xflags = 0;
178676Ssam	int hasqos;
178676Ssam
201209Srpaulo	RUN_LOCK_ASSERT(sc, MA_OWNED);
201209Srpaulo
178676Ssam	wh = mtod(m, struct ieee80211_frame *);
178676Ssam
178676Ssam	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
178676Ssam
198429Srpaulo	/*
198429Srpaulo	 * There are 7 bulk endpoints: 1 for RX
178676Ssam	 * and 6 for TX (4 EDCAs + HCCA + Prio).
178676Ssam	 * Update 03-14-2009:  some devices like the Planex GW-US300MiniS
178676Ssam	 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
201209Srpaulo	 */
201209Srpaulo	if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
178676Ssam		uint8_t *frm;
178676Ssam
178676Ssam		if(IEEE80211_HAS_ADDR4(wh))
178676Ssam			frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
178676Ssam		else
198429Srpaulo			frm =((struct ieee80211_qosframe *)wh)->i_qos;
198429Srpaulo
178676Ssam		qos = le16toh(*(const uint16_t *)frm);
178676Ssam		tid = qos & IEEE80211_QOS_TID;
178676Ssam		qid = TID_TO_WME_AC(tid);
201209Srpaulo	} else {
201209Srpaulo		qos = 0;
178676Ssam		tid = 0;
178676Ssam		qid = WME_AC_BE;
178676Ssam	}
178676Ssam	qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
201209Srpaulo
191746Sthompsa	DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
201209Srpaulo	    qos, qid, tid, qflags);
178676Ssam
178676Ssam	chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
198429Srpaulo	tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
220674Sbschmidt
198429Srpaulo	/* pickup a rate index */
198429Srpaulo	if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
198429Srpaulo	    type != IEEE80211_FC0_TYPE_DATA) {
201209Srpaulo		ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
198429Srpaulo		    RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
198429Srpaulo		ctl_ridx = rt2860_rates[ridx].ctl_ridx;
178676Ssam	} else {
198429Srpaulo		if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
178676Ssam			ridx = rn->fix_ridx;
178676Ssam		else
178676Ssam			ridx = rn->amrr_ridx;
198429Srpaulo		ctl_ridx = rt2860_rates[ridx].ctl_ridx;
178676Ssam	}
198429Srpaulo
178676Ssam	if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
178676Ssam	    (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
198429Srpaulo	     IEEE80211_QOS_ACKPOLICY_NOACK)) {
198429Srpaulo		xflags |= RT2860_TX_ACK;
198429Srpaulo		if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
198429Srpaulo			dur = rt2860_rates[ctl_ridx].sp_ack_dur;
206477Sbschmidt		else
198429Srpaulo			dur = rt2860_rates[ctl_ridx].lp_ack_dur;
198429Srpaulo		*(uint16_t *)wh->i_dur = htole16(dur);
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	/* reserve slots for mgmt packets, just in case */
198429Srpaulo	if (sc->sc_epq[qid].tx_nfree < 3) {
198429Srpaulo		DPRINTFN(10, "tx ring %d is full\n", qid);
198429Srpaulo		return (-1);
198429Srpaulo	}
220728Sbschmidt
198429Srpaulo	data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
198429Srpaulo	STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
198429Srpaulo	sc->sc_epq[qid].tx_nfree--;
198429Srpaulo
198429Srpaulo	txd = (struct rt2870_txd *)&data->desc;
206477Sbschmidt	txd->flags = qflags;
191746Sthompsa	txwi = (struct rt2860_txwi *)(txd + 1);
191746Sthompsa	txwi->xflags = xflags;
191746Sthompsa	if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
191746Sthompsa		txwi->wcid = 0;
198429Srpaulo	} else {
191746Sthompsa		txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
191746Sthompsa		    1 : RUN_AID2WCID(ni->ni_associd);
191746Sthompsa	}
191746Sthompsa	/* clear leftover garbage bits */
198429Srpaulo	txwi->flags = 0;
198429Srpaulo	txwi->txop = 0;
191746Sthompsa
191746Sthompsa	data->m = m;
191746Sthompsa	data->ni = ni;
191746Sthompsa	data->ridx = ridx;
191746Sthompsa
198429Srpaulo	run_set_tx_desc(sc, data);
198429Srpaulo
198429Srpaulo	/*
198429Srpaulo	 * The chip keeps track of 2 kind of Tx stats,
198429Srpaulo	 *  * TX_STAT_FIFO, for per WCID stats, and
206477Sbschmidt	 *  * TX_STA_CNT0 for all-TX-in-one stats.
201209Srpaulo	 *
191746Sthompsa	 * To use FIFO stats, we need to store MCS into the driver-private
198429Srpaulo 	 * PacketID field. So that, we can tell whose stats when we read them.
198429Srpaulo 	 * We add 1 to the MCS because setting the PacketID field to 0 means
191746Sthompsa 	 * that we don't want feedback in TX_STAT_FIFO.
191746Sthompsa 	 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
191746Sthompsa 	 *
201209Srpaulo 	 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
201209Srpaulo 	 */
201209Srpaulo	if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
198429Srpaulo	    vap->iv_opmode == IEEE80211_M_MBSS) {
198429Srpaulo		uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
198429Srpaulo		txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
220728Sbschmidt
220726Sbschmidt		/*
220726Sbschmidt		 * Unlike PCI based devices, we don't get any interrupt from
198429Srpaulo		 * USB devices, so we simulate FIFO-is-full interrupt here.
198429Srpaulo		 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
198429Srpaulo		 * quickly get fulled. To prevent overflow, increment a counter on
220726Sbschmidt		 * every FIFO stat request, so we know how many slots are left.
198429Srpaulo		 * We do this only in HOSTAP or multiple vap mode since FIFO stats
198429Srpaulo		 * are used only in those modes.
198429Srpaulo		 * We just drain stats. AMRR gets updated every 1 sec by
198429Srpaulo		 * run_ratectl_cb() via callout.
198429Srpaulo		 * Call it early. Otherwise overflow.
198429Srpaulo		 */
198429Srpaulo		if (sc->fifo_cnt++ == 10) {
198429Srpaulo			/*
220726Sbschmidt			 * With multiple vaps or if_bridge, if_start() is called
198429Srpaulo			 * with a non-sleepable lock, tcpinp. So, need to defer.
198429Srpaulo			 */
198429Srpaulo			uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
198429Srpaulo			DPRINTFN(6, "cmdq_store=%d\n", i);
198429Srpaulo			sc->cmdq[i].func = run_drain_fifo;
198429Srpaulo			sc->cmdq[i].arg0 = sc;
198429Srpaulo			ieee80211_runtask(ic, &sc->cmdq_task);
198429Srpaulo		}
198429Srpaulo	}
198429Srpaulo
198429Srpaulo        STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
198429Srpaulo
198429Srpaulo	usbd_transfer_start(sc->sc_xfer[qid]);
198429Srpaulo
198429Srpaulo	DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len +
198429Srpaulo	    (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)),
198429Srpaulo	    rt2860_rates[ridx].rate, qid);
198429Srpaulo
198429Srpaulo	return (0);
220728Sbschmidt}
198429Srpaulo
198429Srpaulostatic int
198429Srpaulorun_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
198429Srpaulo{
198429Srpaulo	struct ifnet *ifp = sc->sc_ifp;
191746Sthompsa	struct ieee80211com *ic = ifp->if_l2com;
191746Sthompsa	struct run_node *rn = (void *)ni;
206477Sbschmidt	struct run_tx_data *data;
178676Ssam	struct ieee80211_frame *wh;
178676Ssam	struct rt2870_txd *txd;
178676Ssam	struct rt2860_txwi *txwi;
198429Srpaulo	uint16_t dur;
201209Srpaulo	uint8_t ridx = rn->mgt_ridx;
178676Ssam	uint8_t type;
178676Ssam	uint8_t xflags = 0;
178676Ssam	uint8_t wflags = 0;
198429Srpaulo
201209Srpaulo	RUN_LOCK_ASSERT(sc, MA_OWNED);
178676Ssam
201209Srpaulo	wh = mtod(m, struct ieee80211_frame *);
201209Srpaulo
201209Srpaulo	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
201209Srpaulo
201209Srpaulo	/* tell hardware to add timestamp for probe responses */
201209Srpaulo	if ((wh->i_fc[0] &
201209Srpaulo	    (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
201209Srpaulo	    (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
201209Srpaulo		wflags |= RT2860_TX_TS;
206444Sbschmidt	else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
206444Sbschmidt		xflags |= RT2860_TX_ACK;
206444Sbschmidt
206444Sbschmidt		dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
201209Srpaulo		    ic->ic_flags & IEEE80211_F_SHPREAMBLE);
201209Srpaulo		*(uint16_t *)wh->i_dur = htole16(dur);
201209Srpaulo	}
201209Srpaulo
201209Srpaulo	if (sc->sc_epq[0].tx_nfree == 0) {
201209Srpaulo		/* let caller free mbuf */
201209Srpaulo		ifp->if_drv_flags |= IFF_DRV_OACTIVE;
201209Srpaulo		return (EIO);
178676Ssam	}
198429Srpaulo	data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
198429Srpaulo	STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
201209Srpaulo	sc->sc_epq[0].tx_nfree--;
198429Srpaulo
178676Ssam	txd = (struct rt2870_txd *)&data->desc;
198429Srpaulo	txd->flags = RT2860_TX_QSEL_EDCA;
198429Srpaulo	txwi = (struct rt2860_txwi *)(txd + 1);
201209Srpaulo	txwi->wcid = 0xff;
201209Srpaulo	txwi->flags = wflags;
178676Ssam	txwi->xflags = xflags;
198429Srpaulo	txwi->txop = 0;	/* clear leftover garbage bits */
191746Sthompsa
201209Srpaulo	data->m = m;
198429Srpaulo	data->ni = ni;
198429Srpaulo	data->ridx = ridx;
198429Srpaulo
198429Srpaulo	run_set_tx_desc(sc, data);
198429Srpaulo
198429Srpaulo	DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
220724Sbschmidt	    (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)),
220724Sbschmidt	    rt2860_rates[ridx].rate);
220725Sbschmidt
201209Srpaulo	STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
201209Srpaulo
201209Srpaulo	usbd_transfer_start(sc->sc_xfer[0]);
178676Ssam
178676Ssam	return (0);
201209Srpaulo}
201209Srpaulo
201209Srpaulostatic int
201209Srpaulorun_sendprot(struct run_softc *sc,
201209Srpaulo    const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
201209Srpaulo{
201209Srpaulo	struct ieee80211com *ic = ni->ni_ic;
201209Srpaulo	struct ieee80211_frame *wh;
201209Srpaulo	struct run_tx_data *data;
201209Srpaulo	struct rt2870_txd *txd;
201209Srpaulo	struct rt2860_txwi *txwi;
201209Srpaulo	struct mbuf *mprot;
201209Srpaulo	int ridx;
201209Srpaulo	int protrate;
201209Srpaulo	int ackrate;
178676Ssam	int pktlen;
201209Srpaulo	int isshort;
201209Srpaulo	uint16_t dur;
201209Srpaulo	uint8_t type;
198429Srpaulo	uint8_t wflags = 0;
201209Srpaulo	uint8_t xflags = 0;
198429Srpaulo
198429Srpaulo	RUN_LOCK_ASSERT(sc, MA_OWNED);
198429Srpaulo
198429Srpaulo	KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
198429Srpaulo	    ("protection %d", prot));
198429Srpaulo
198429Srpaulo	wh = mtod(m, struct ieee80211_frame *);
201209Srpaulo	pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
198429Srpaulo	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
201209Srpaulo
201209Srpaulo	protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
198429Srpaulo	ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
178676Ssam
178676Ssam	isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
178676Ssam	dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
198429Srpaulo	    + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
198429Srpaulo	wflags = RT2860_TX_FRAG;
220725Sbschmidt
198429Srpaulo	/* check that there are free slots before allocating the mbuf */
206477Sbschmidt	if (sc->sc_epq[0].tx_nfree == 0) {
198429Srpaulo		/* let caller free mbuf */
198429Srpaulo		sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
178676Ssam		return (ENOBUFS);
198429Srpaulo	}
178676Ssam
198429Srpaulo	if (prot == IEEE80211_PROT_RTSCTS) {
198439Srpaulo		/* NB: CTS is the same size as an ACK */
198439Srpaulo		dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
201209Srpaulo		xflags |= RT2860_TX_ACK;
198429Srpaulo		mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
198439Srpaulo	} else {
198439Srpaulo		mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
198439Srpaulo	}
198429Srpaulo	if (mprot == NULL) {
198429Srpaulo		sc->sc_ifp->if_oerrors++;
206477Sbschmidt		DPRINTF("could not allocate mbuf\n");
198429Srpaulo		return (ENOBUFS);
198429Srpaulo	}
198429Srpaulo
198429Srpaulo        data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
198429Srpaulo        STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
198429Srpaulo        sc->sc_epq[0].tx_nfree--;
198439Srpaulo
198439Srpaulo	txd = (struct rt2870_txd *)&data->desc;
198439Srpaulo	txd->flags = RT2860_TX_QSEL_EDCA;
198429Srpaulo	txwi = (struct rt2860_txwi *)(txd + 1);
198439Srpaulo	txwi->wcid = 0xff;
198439Srpaulo	txwi->flags = wflags;
198439Srpaulo	txwi->xflags = xflags;
198429Srpaulo	txwi->txop = 0;	/* clear leftover garbage bits */
198429Srpaulo
206475Sbschmidt	data->m = mprot;
206477Sbschmidt	data->ni = ieee80211_ref_node(ni);
198429Srpaulo
198429Srpaulo	for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
198429Srpaulo		if (rt2860_rates[ridx].rate == protrate)
198429Srpaulo			break;
198429Srpaulo	data->ridx = ridx;
198439Srpaulo
198439Srpaulo	run_set_tx_desc(sc, data);
198439Srpaulo
198429Srpaulo        DPRINTFN(1, "sending prot len=%u rate=%u\n",
198439Srpaulo            m->m_pkthdr.len, rate);
206443Sbschmidt
198439Srpaulo        STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
198429Srpaulo
206475Sbschmidt	usbd_transfer_start(sc->sc_xfer[0]);
198429Srpaulo
206477Sbschmidt	return (0);
220720Sbschmidt}
178676Ssam
221651Sbschmidtstatic int
198429Srpaulorun_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
178676Ssam    const struct ieee80211_bpf_params *params)
178676Ssam{
198429Srpaulo	struct ieee80211com *ic = ni->ni_ic;
220720Sbschmidt	struct ieee80211_frame *wh;
178676Ssam	struct run_tx_data *data;
178676Ssam	struct rt2870_txd *txd;
178676Ssam	struct rt2860_txwi *txwi;
178676Ssam	uint8_t type;
178676Ssam	uint8_t ridx;
198429Srpaulo	uint8_t rate;
220700Sbschmidt	uint8_t opflags = 0;
178676Ssam	uint8_t xflags = 0;
220720Sbschmidt	int error;
178676Ssam
220723Sbschmidt	RUN_LOCK_ASSERT(sc, MA_OWNED);
220723Sbschmidt
220720Sbschmidt	KASSERT(params != NULL, ("no raw xmit params"));
178676Ssam
178676Ssam	wh = mtod(m, struct ieee80211_frame *);
178676Ssam	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
198429Srpaulo
198429Srpaulo	rate = params->ibp_rate0;
178676Ssam	if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
178676Ssam		/* let caller free mbuf */
220720Sbschmidt		return (EINVAL);
220720Sbschmidt	}
220720Sbschmidt
220720Sbschmidt	if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
220720Sbschmidt		xflags |= RT2860_TX_ACK;
220720Sbschmidt	if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
220720Sbschmidt		error = run_sendprot(sc, m, ni,
220720Sbschmidt		    params->ibp_flags & IEEE80211_BPF_RTS ?
220720Sbschmidt			IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
220720Sbschmidt		    rate);
221651Sbschmidt		if (error) {
221651Sbschmidt			/* let caller free mbuf */
221651Sbschmidt			return error;
221651Sbschmidt		}
221651Sbschmidt		opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
221651Sbschmidt	}
221651Sbschmidt
221651Sbschmidt	if (sc->sc_epq[0].tx_nfree == 0) {
221651Sbschmidt		/* let caller free mbuf */
221651Sbschmidt		sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
198429Srpaulo		DPRINTF("sending raw frame, but tx ring is full\n");
198429Srpaulo		return (EIO);
198429Srpaulo	}
198429Srpaulo        data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
201209Srpaulo        STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
178676Ssam        sc->sc_epq[0].tx_nfree--;
178676Ssam
198429Srpaulo	txd = (struct rt2870_txd *)&data->desc;
178676Ssam	txd->flags = RT2860_TX_QSEL_EDCA;
178676Ssam	txwi = (struct rt2860_txwi *)(txd + 1);
178676Ssam	txwi->wcid = 0xff;
178676Ssam	txwi->xflags = xflags;
206358Srpaulo	txwi->txop = opflags;
206358Srpaulo	txwi->flags = 0;	/* clear leftover garbage bits */
178676Ssam
178676Ssam        data->m = m;
221648Sbschmidt        data->ni = ni;
178676Ssam	for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
198429Srpaulo		if (rt2860_rates[ridx].rate == rate)
178676Ssam			break;
220725Sbschmidt	data->ridx = ridx;
198429Srpaulo
178676Ssam        run_set_tx_desc(sc, data);
198429Srpaulo
178676Ssam        DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
178676Ssam            m->m_pkthdr.len, rate);
220725Sbschmidt
198429Srpaulo        STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
198429Srpaulo
198429Srpaulo	usbd_transfer_start(sc->sc_xfer[0]);
178676Ssam
192468Ssam        return (0);
178676Ssam}
178676Ssam
178676Ssamstatic int
221648Sbschmidtrun_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
178676Ssam    const struct ieee80211_bpf_params *params)
178676Ssam{
178676Ssam	struct ifnet *ifp = ni->ni_ic->ic_ifp;
198429Srpaulo	struct run_softc *sc = ifp->if_softc;
178676Ssam	int error = 0;
178676Ssam
198429Srpaulo	RUN_LOCK(sc);
198429Srpaulo
198429Srpaulo	/* prevent management frames from being sent if we're not ready */
198429Srpaulo	if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
198429Srpaulo		error =  ENETDOWN;
198429Srpaulo		goto done;
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	if (params == NULL) {
198429Srpaulo		/* tx mgt packet */
198429Srpaulo		if ((error = run_tx_mgt(sc, m, ni)) != 0) {
198429Srpaulo			ifp->if_oerrors++;
220720Sbschmidt			DPRINTF("mgt tx failed\n");
220720Sbschmidt			goto done;
220720Sbschmidt		}
220720Sbschmidt	} else {
220720Sbschmidt		/* tx raw packet with param */
220720Sbschmidt		if ((error = run_tx_param(sc, m, ni, params)) != 0) {
198429Srpaulo			ifp->if_oerrors++;
198429Srpaulo			DPRINTF("tx with param failed\n");
198429Srpaulo			goto done;
198429Srpaulo		}
178676Ssam	}
198429Srpaulo
198429Srpaulo	ifp->if_opackets++;
178676Ssam
198429Srpaulodone:
198429Srpaulo	RUN_UNLOCK(sc);
198429Srpaulo
198429Srpaulo	if (error != 0) {
198429Srpaulo		if(m != NULL)
178676Ssam			m_freem(m);
201209Srpaulo		ieee80211_free_node(ni);
178676Ssam	}
198429Srpaulo
178676Ssam	return (error);
198429Srpaulo}
178676Ssam
198429Srpaulostatic void
198429Srpaulorun_start(struct ifnet *ifp)
198429Srpaulo{
198429Srpaulo	struct run_softc *sc = ifp->if_softc;
198429Srpaulo	struct ieee80211_node *ni;
198429Srpaulo	struct mbuf *m;
198429Srpaulo
198429Srpaulo	RUN_LOCK(sc);
201209Srpaulo
178676Ssam	if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
198429Srpaulo		RUN_UNLOCK(sc);
198429Srpaulo		return;
220728Sbschmidt	}
198429Srpaulo
198429Srpaulo	for (;;) {
198429Srpaulo		/* send data frames */
178676Ssam		IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
178676Ssam		if (m == NULL)
178676Ssam			break;
198429Srpaulo
178676Ssam		ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
178676Ssam		if (run_tx(sc, m, ni) != 0) {
178676Ssam			IFQ_DRV_PREPEND(&ifp->if_snd, m);
178676Ssam			ifp->if_drv_flags |= IFF_DRV_OACTIVE;
198429Srpaulo			break;
178676Ssam		}
198429Srpaulo	}
178676Ssam
198429Srpaulo	RUN_UNLOCK(sc);
178676Ssam}
178676Ssam
201209Srpaulostatic int
178676Ssamrun_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
178676Ssam{
178676Ssam	struct run_softc *sc = ifp->if_softc;
178676Ssam	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
178676Ssam	struct ifreq *ifr = (struct ifreq *) data;
198429Srpaulo	int startall = 0;
220720Sbschmidt	int error = 0;
201209Srpaulo
201209Srpaulo	switch (cmd) {
178676Ssam	case SIOCSIFFLAGS:
221648Sbschmidt		RUN_LOCK(sc);
220728Sbschmidt		if (ifp->if_flags & IFF_UP) {
201209Srpaulo			if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){
201209Srpaulo				startall = 1;
198429Srpaulo				run_init_locked(sc);
201209Srpaulo			} else
221648Sbschmidt				run_update_promisc_locked(ifp);
201209Srpaulo		} else {
220715Sbschmidt			if (ifp->if_drv_flags & IFF_DRV_RUNNING &&
201209Srpaulo			    (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) {
201209Srpaulo					run_stop(sc);
198429Srpaulo			}
201209Srpaulo		}
201209Srpaulo		RUN_UNLOCK(sc);
178676Ssam		if (startall)
198429Srpaulo			ieee80211_start_all(ic);
178676Ssam		break;
178676Ssam	case SIOCGIFMEDIA:
198429Srpaulo		error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
198429Srpaulo		break;
198429Srpaulo	case SIOCGIFADDR:
198429Srpaulo		error = ether_ioctl(ifp, cmd, data);
198429Srpaulo		break;
220700Sbschmidt	default:
220700Sbschmidt		error = EINVAL;
220700Sbschmidt		break;
220700Sbschmidt	}
220700Sbschmidt
220700Sbschmidt	return (error);
220700Sbschmidt}
220700Sbschmidt
178676Ssamstatic void
220700Sbschmidtrun_set_agc(struct run_softc *sc, uint8_t agc)
220700Sbschmidt{
220700Sbschmidt	uint8_t bbp;
220700Sbschmidt
220700Sbschmidt	if (sc->mac_ver == 0x3572) {
220700Sbschmidt		run_bbp_read(sc, 27, &bbp);
220700Sbschmidt		bbp &= ~(0x3 << 5);
220700Sbschmidt		run_bbp_write(sc, 27, bbp | 0 << 5);	/* select Rx0 */
220700Sbschmidt		run_bbp_write(sc, 66, agc);
220700Sbschmidt		run_bbp_write(sc, 27, bbp | 1 << 5);	/* select Rx1 */
220700Sbschmidt		run_bbp_write(sc, 66, agc);
220700Sbschmidt	} else
178676Ssam		run_bbp_write(sc, 66, agc);
178676Ssam}
220700Sbschmidt
198429Srpaulostatic void
178676Ssamrun_select_chan_group(struct run_softc *sc, int group)
178676Ssam{
178676Ssam	uint32_t tmp;
178676Ssam	uint8_t agc;
198429Srpaulo
178676Ssam	run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
178676Ssam	run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
178676Ssam	run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
198429Srpaulo	run_bbp_write(sc, 86, 0x00);
178676Ssam
198429Srpaulo	if (group == 0) {
220700Sbschmidt		if (sc->ext_2ghz_lna) {
220700Sbschmidt			run_bbp_write(sc, 82, 0x62);
220700Sbschmidt			run_bbp_write(sc, 75, 0x46);
198429Srpaulo		} else {
201209Srpaulo			run_bbp_write(sc, 82, 0x84);
201209Srpaulo			run_bbp_write(sc, 75, 0x50);
198429Srpaulo		}
198429Srpaulo	} else {
220700Sbschmidt		if (sc->mac_ver == 0x3572)
178676Ssam			run_bbp_write(sc, 82, 0x94);
220700Sbschmidt		else
220700Sbschmidt			run_bbp_write(sc, 82, 0xf2);
220700Sbschmidt		if (sc->ext_5ghz_lna)
220700Sbschmidt			run_bbp_write(sc, 75, 0x46);
178676Ssam		else
178676Ssam			run_bbp_write(sc, 75, 0x50);
201209Srpaulo	}
201209Srpaulo
198429Srpaulo	run_read(sc, RT2860_TX_BAND_CFG, &tmp);
198429Srpaulo	tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
198429Srpaulo	tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
178676Ssam	run_write(sc, RT2860_TX_BAND_CFG, tmp);
198429Srpaulo
220728Sbschmidt	/* enable appropriate Power Amplifiers and Low Noise Amplifiers */
178676Ssam	tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
198429Srpaulo	if (sc->nrxchains > 1)
178676Ssam		tmp |= RT2860_LNA_PE1_EN;
198429Srpaulo	if (group == 0) {	/* 2GHz */
178676Ssam		tmp |= RT2860_PA_PE_G0_EN;
198429Srpaulo		if (sc->ntxchains > 1)
198429Srpaulo			tmp |= RT2860_PA_PE_G1_EN;
198429Srpaulo	} else {		/* 5GHz */
178676Ssam		tmp |= RT2860_PA_PE_A0_EN;
178676Ssam		if (sc->ntxchains > 1)
178676Ssam			tmp |= RT2860_PA_PE_A1_EN;
178676Ssam	}
178676Ssam	if (sc->mac_ver == 0x3572) {
201209Srpaulo		run_rt3070_rf_write(sc, 8, 0x00);
220720Sbschmidt		run_write(sc, RT2860_TX_PIN_CFG, tmp);
178676Ssam		run_rt3070_rf_write(sc, 8, 0x80);
221651Sbschmidt	} else
178676Ssam		run_write(sc, RT2860_TX_PIN_CFG, tmp);
198429Srpaulo
198429Srpaulo	/* set initial AGC value */
198429Srpaulo	if (group == 0) {	/* 2GHz band */
198429Srpaulo		if (sc->mac_ver >= 0x3070)
198429Srpaulo			agc = 0x1c + sc->lna[0] * 2;
220720Sbschmidt		else
178676Ssam			agc = 0x2e + sc->lna[0];
178676Ssam	} else {		/* 5GHz band */
220700Sbschmidt		if (sc->mac_ver == 0x3572)
220700Sbschmidt			agc = 0x22 + (sc->lna[group] * 5) / 3;
198429Srpaulo		else
198429Srpaulo			agc = 0x32 + (sc->lna[group] * 5) / 3;
220720Sbschmidt	}
201209Srpaulo	run_set_agc(sc, agc);
178676Ssam}
198429Srpaulo
178676Ssamstatic void
201209Srpaulorun_rt2870_set_chan(struct run_softc *sc, uint32_t chan)
198429Srpaulo{
198429Srpaulo	const struct rfprog *rfprog = rt2860_rf2850;
198429Srpaulo	uint32_t r2, r3, r4;
220720Sbschmidt	int8_t txpow1, txpow2;
220720Sbschmidt	int i;
220720Sbschmidt
178676Ssam	/* find the settings for this channel (we know it exists) */
178676Ssam	for (i = 0; rfprog[i].chan != chan; i++);
178676Ssam
198429Srpaulo	r2 = rfprog[i].r2;
198429Srpaulo	if (sc->ntxchains == 1)
221648Sbschmidt		r2 |= 1 << 12;		/* 1T: disable Tx chain 2 */
221648Sbschmidt	if (sc->nrxchains == 1)
198429Srpaulo		r2 |= 1 << 15 | 1 << 4;	/* 1R: disable Rx chains 2 & 3 */
201209Srpaulo	else if (sc->nrxchains == 2)
198429Srpaulo		r2 |= 1 << 4;		/* 2R: disable Rx chain 3 */
198429Srpaulo
198429Srpaulo	/* use Tx power values from EEPROM */
201209Srpaulo	txpow1 = sc->txpow1[i];
198429Srpaulo	txpow2 = sc->txpow2[i];
201209Srpaulo	if (chan > 14) {
198429Srpaulo		if (txpow1 >= 0)
198429Srpaulo			txpow1 = txpow1 << 1 | 1;
198429Srpaulo		else
198429Srpaulo			txpow1 = (7 + txpow1) << 1;
198429Srpaulo		if (txpow2 >= 0)
198429Srpaulo			txpow2 = txpow2 << 1 | 1;
198429Srpaulo		else
201209Srpaulo			txpow2 = (7 + txpow2) << 1;
198429Srpaulo	}
198429Srpaulo	r3 = rfprog[i].r3 | txpow1 << 7;
198429Srpaulo	r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4;
198429Srpaulo
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1);
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF2, r2);
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF3, r3);
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF4, r4);
198429Srpaulo
198429Srpaulo	run_delay(sc, 10);
198429Srpaulo
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1);
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF2, r2);
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1);
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF4, r4);
198429Srpaulo
198429Srpaulo	run_delay(sc, 10);
198429Srpaulo
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1);
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF2, r2);
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF3, r3);
198429Srpaulo	run_rt2870_rf_write(sc, RT2860_RF4, r4);
198429Srpaulo}
198429Srpaulo
220725Sbschmidtstatic void
198429Srpaulorun_rt3070_set_chan(struct run_softc *sc, uint32_t chan)
198429Srpaulo{
198429Srpaulo	int8_t txpow1, txpow2;
198429Srpaulo	uint8_t rf;
198429Srpaulo	int i;
198429Srpaulo
198429Srpaulo	/* RT3070 is 2GHz only */
198429Srpaulo	KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n"));
198429Srpaulo
198429Srpaulo	/* find the settings for this channel (we know it exists) */
198429Srpaulo	for (i = 0; rt2860_rf2850[i].chan != chan; i++);
198429Srpaulo
201209Srpaulo	/* use Tx power values from EEPROM */
198429Srpaulo	txpow1 = sc->txpow1[i];
198429Srpaulo	txpow2 = sc->txpow2[i];
198429Srpaulo
198429Srpaulo	run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
198429Srpaulo	run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
198429Srpaulo	run_rt3070_rf_read(sc, 6, &rf);
198429Srpaulo	rf = (rf & ~0x03) | rt3070_freqs[i].r;
198429Srpaulo	run_rt3070_rf_write(sc, 6, rf);
198429Srpaulo
198429Srpaulo	/* set Tx0 power */
198429Srpaulo	run_rt3070_rf_read(sc, 12, &rf);
201209Srpaulo	rf = (rf & ~0x1f) | txpow1;
198429Srpaulo	run_rt3070_rf_write(sc, 12, rf);
198429Srpaulo
198429Srpaulo	/* set Tx1 power */
198429Srpaulo	run_rt3070_rf_read(sc, 13, &rf);
220728Sbschmidt	rf = (rf & ~0x1f) | txpow2;
198429Srpaulo	run_rt3070_rf_write(sc, 13, rf);
198429Srpaulo
198429Srpaulo	run_rt3070_rf_read(sc, 1, &rf);
221648Sbschmidt	rf &= ~0xfc;
221648Sbschmidt	if (sc->ntxchains == 1)
221648Sbschmidt		rf |= 1 << 7 | 1 << 5;	/* 1T: disable Tx chains 2 & 3 */
221648Sbschmidt	else if (sc->ntxchains == 2)
201209Srpaulo		rf |= 1 << 7;		/* 2T: disable Tx chain 3 */
201209Srpaulo	if (sc->nrxchains == 1)
201209Srpaulo		rf |= 1 << 6 | 1 << 4;	/* 1R: disable Rx chains 2 & 3 */
221648Sbschmidt	else if (sc->nrxchains == 2)
198429Srpaulo		rf |= 1 << 6;		/* 2R: disable Rx chain 3 */
220694Sbschmidt	run_rt3070_rf_write(sc, 1, rf);
220694Sbschmidt
198429Srpaulo	/* set RF offset */
198429Srpaulo	run_rt3070_rf_read(sc, 23, &rf);
198429Srpaulo	rf = (rf & ~0x7f) | sc->freq;
198429Srpaulo	run_rt3070_rf_write(sc, 23, rf);
198429Srpaulo
201209Srpaulo	/* program RF filter */
198429Srpaulo	run_rt3070_rf_read(sc, 24, &rf);	/* Tx */
198429Srpaulo	rf = (rf & ~0x3f) | sc->rf24_20mhz;
198429Srpaulo	run_rt3070_rf_write(sc, 24, rf);
220700Sbschmidt	run_rt3070_rf_read(sc, 31, &rf);	/* Rx */
220700Sbschmidt	rf = (rf & ~0x3f) | sc->rf24_20mhz;
220700Sbschmidt	run_rt3070_rf_write(sc, 31, rf);
220700Sbschmidt
220700Sbschmidt	/* enable RF tuning */
220700Sbschmidt	run_rt3070_rf_read(sc, 7, &rf);
220700Sbschmidt	run_rt3070_rf_write(sc, 7, rf | 0x01);
220700Sbschmidt}
178676Ssam
220700Sbschmidtstatic void
220700Sbschmidtrun_rt3572_set_chan(struct run_softc *sc, u_int chan)
220700Sbschmidt{
220700Sbschmidt	int8_t txpow1, txpow2;
220700Sbschmidt	uint32_t tmp;
220700Sbschmidt	uint8_t rf;
220700Sbschmidt	int i;
220700Sbschmidt
220700Sbschmidt	/* find the settings for this channel (we know it exists) */
220700Sbschmidt	for (i = 0; rt2860_rf2850[i].chan != chan; i++);
220700Sbschmidt
220700Sbschmidt	/* use Tx power values from EEPROM */
178676Ssam	txpow1 = sc->txpow1[i];
178676Ssam	txpow2 = sc->txpow2[i];
220700Sbschmidt
201209Srpaulo	if (chan <= 14) {
178676Ssam		run_bbp_write(sc, 25, sc->bbp25);
178676Ssam		run_bbp_write(sc, 26, sc->bbp26);
178676Ssam	} else {
178676Ssam		/* enable IQ phase correction */
201209Srpaulo		run_bbp_write(sc, 25, 0x09);
178676Ssam		run_bbp_write(sc, 26, 0xff);
178676Ssam	}
178676Ssam
201209Srpaulo	run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
178676Ssam	run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
198429Srpaulo	run_rt3070_rf_read(sc, 6, &rf);
220700Sbschmidt	rf  = (rf & ~0x0f) | rt3070_freqs[i].r;
220700Sbschmidt	rf |= (chan <= 14) ? 0x08 : 0x04;
220700Sbschmidt	run_rt3070_rf_write(sc, 6, rf);
198429Srpaulo
201209Srpaulo	/* set PLL mode */
201209Srpaulo	run_rt3070_rf_read(sc, 5, &rf);
198429Srpaulo	rf &= ~(0x08 | 0x04);
198429Srpaulo	rf |= (chan <= 14) ? 0x04 : 0x08;
220700Sbschmidt	run_rt3070_rf_write(sc, 5, rf);
178676Ssam
220700Sbschmidt	/* set Tx power for chain 0 */
220700Sbschmidt	if (chan <= 14)
220700Sbschmidt		rf = 0x60 | txpow1;
220700Sbschmidt	else
178676Ssam		rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
178676Ssam	run_rt3070_rf_write(sc, 12, rf);
201209Srpaulo
201209Srpaulo	/* set Tx power for chain 1 */
201209Srpaulo	if (chan <= 14)
201209Srpaulo		rf = 0x60 | txpow2;
201209Srpaulo	else
201209Srpaulo		rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
198429Srpaulo	run_rt3070_rf_write(sc, 13, rf);
220728Sbschmidt
178676Ssam	/* set Tx/Rx streams */
198429Srpaulo	run_rt3070_rf_read(sc, 1, &rf);
178676Ssam	rf &= ~0xfc;
198429Srpaulo	if (sc->ntxchains == 1)
178676Ssam		rf |= 1 << 7 | 1 << 5;  /* 1T: disable Tx chains 2 & 3 */
198429Srpaulo	else if (sc->ntxchains == 2)
198429Srpaulo		rf |= 1 << 7;           /* 2T: disable Tx chain 3 */
198429Srpaulo	if (sc->nrxchains == 1)
178676Ssam		rf |= 1 << 6 | 1 << 4;  /* 1R: disable Rx chains 2 & 3 */
178676Ssam	else if (sc->nrxchains == 2)
178676Ssam		rf |= 1 << 6;           /* 2R: disable Rx chain 3 */
178676Ssam	run_rt3070_rf_write(sc, 1, rf);
178676Ssam
178676Ssam	/* set RF offset */
220720Sbschmidt	run_rt3070_rf_read(sc, 23, &rf);
178676Ssam	rf = (rf & ~0x7f) | sc->freq;
178676Ssam	run_rt3070_rf_write(sc, 23, rf);
178676Ssam
178676Ssam	/* program RF filter */
198429Srpaulo	rf = sc->rf24_20mhz;
178676Ssam	run_rt3070_rf_write(sc, 24, rf);	/* Tx */
178676Ssam	run_rt3070_rf_write(sc, 31, rf);	/* Rx */
178676Ssam
178676Ssam	/* enable RF tuning */
178676Ssam	run_rt3070_rf_read(sc, 7, &rf);
178676Ssam	rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
178676Ssam	run_rt3070_rf_write(sc, 7, rf);
178676Ssam
178676Ssam	/* TSSI */
178676Ssam	rf = (chan <= 14) ? 0xc3 : 0xc0;
178676Ssam	run_rt3070_rf_write(sc, 9, rf);
178676Ssam
178676Ssam	/* set loop filter 1 */
220720Sbschmidt	run_rt3070_rf_write(sc, 10, 0xf1);
178676Ssam	/* set loop filter 2 */
178676Ssam	run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
178676Ssam
178676Ssam	/* set tx_mx2_ic */
178676Ssam	run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
220720Sbschmidt	/* set tx_mx1_ic */
178676Ssam	if (chan <= 14)
178676Ssam		rf = 0x48 | sc->txmixgain_2ghz;
178676Ssam	else
178676Ssam		rf = 0x78 | sc->txmixgain_5ghz;
178676Ssam	run_rt3070_rf_write(sc, 16, rf);
178676Ssam
220667Sbschmidt	/* set tx_lo1 */
220667Sbschmidt	run_rt3070_rf_write(sc, 17, 0x23);
178676Ssam	/* set tx_lo2 */
178676Ssam	if (chan <= 14)
178676Ssam		rf = 0x93;
178676Ssam	else if (chan <= 64)
206477Sbschmidt		rf = 0xb7;
198429Srpaulo	else if (chan <= 128)
198429Srpaulo		rf = 0x74;
198429Srpaulo	else
198429Srpaulo		rf = 0x72;
198429Srpaulo	run_rt3070_rf_write(sc, 19, rf);
198429Srpaulo
198429Srpaulo	/* set rx_lo1 */
198429Srpaulo	if (chan <= 14)
198429Srpaulo		rf = 0xb3;
206477Sbschmidt	else if (chan <= 64)
198429Srpaulo		rf = 0xf6;
198429Srpaulo	else if (chan <= 128)
198429Srpaulo		rf = 0xf4;
198429Srpaulo	else
198429Srpaulo		rf = 0xf3;
198429Srpaulo	run_rt3070_rf_write(sc, 20, rf);
198429Srpaulo
198429Srpaulo	/* set pfd_delay */
220720Sbschmidt	if (chan <= 14)
220720Sbschmidt		rf = 0x15;
220720Sbschmidt	else if (chan <= 64)
220720Sbschmidt		rf = 0x3d;
198429Srpaulo	else
198429Srpaulo		rf = 0x01;
198429Srpaulo	run_rt3070_rf_write(sc, 25, rf);
198429Srpaulo
198429Srpaulo	/* set rx_lo2 */
198429Srpaulo	run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
198429Srpaulo	/* set ldo_rf_vc */
198429Srpaulo	run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
198429Srpaulo	/* set drv_cc */
220720Sbschmidt	run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
220720Sbschmidt
198429Srpaulo	run_read(sc, RT2860_GPIO_CTRL, &tmp);
220720Sbschmidt	tmp &= ~0x8080;
198429Srpaulo	if (chan <= 14)
198429Srpaulo		tmp |= 0x80;
198429Srpaulo	run_write(sc, RT2860_GPIO_CTRL, tmp);
198429Srpaulo
198429Srpaulo	/* enable RF tuning */
178676Ssam	run_rt3070_rf_read(sc, 7, &rf);
220667Sbschmidt	run_rt3070_rf_write(sc, 7, rf | 0x01);
178676Ssam
220667Sbschmidt	run_delay(sc, 2);
220667Sbschmidt}
220667Sbschmidt
178676Ssamstatic void
220667Sbschmidtrun_set_rx_antenna(struct run_softc *sc, int aux)
220667Sbschmidt{
220667Sbschmidt	uint32_t tmp;
220667Sbschmidt
220668Sbschmidt	if (aux) {
220668Sbschmidt		run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
220667Sbschmidt		run_read(sc, RT2860_GPIO_CTRL, &tmp);
220667Sbschmidt		run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
220667Sbschmidt	} else {
220667Sbschmidt		run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
178676Ssam		run_read(sc, RT2860_GPIO_CTRL, &tmp);
220667Sbschmidt		run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
178676Ssam	}
178676Ssam}
206477Sbschmidt
178676Ssamstatic int
178676Ssamrun_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
178676Ssam{
178676Ssam	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
201209Srpaulo	uint32_t chan, group;
178676Ssam
201209Srpaulo	chan = ieee80211_chan2ieee(ic, c);
178676Ssam	if (chan == 0 || chan == IEEE80211_CHAN_ANY)
178676Ssam		return (EINVAL);
220723Sbschmidt
220723Sbschmidt	if (sc->mac_ver == 0x3572)
220723Sbschmidt		run_rt3572_set_chan(sc, chan);
178676Ssam	else if (sc->mac_ver >= 0x3070)
178704Sthompsa		run_rt3070_set_chan(sc, chan);
178676Ssam	else
178676Ssam		run_rt2870_set_chan(sc, chan);
178676Ssam
201209Srpaulo	/* determine channel group */
201209Srpaulo	if (chan <= 14)
201209Srpaulo		group = 0;
201209Srpaulo	else if (chan <= 64)
178676Ssam		group = 1;
178676Ssam	else if (chan <= 128)
178676Ssam		group = 2;
178676Ssam	else
178676Ssam		group = 3;
178704Sthompsa
178704Sthompsa	/* XXX necessary only when group has changed! */
178704Sthompsa	run_select_chan_group(sc, group);
201209Srpaulo
201209Srpaulo	run_delay(sc, 10);
178676Ssam
178676Ssam	return (0);
178676Ssam}
178676Ssam
178704Sthompsastatic void
178704Sthompsarun_set_channel(struct ieee80211com *ic)
178704Sthompsa{
178676Ssam	struct run_softc *sc = ic->ic_ifp->if_softc;
178676Ssam
178676Ssam	RUN_LOCK(sc);
178676Ssam	run_set_chan(sc, ic->ic_curchan);
178676Ssam	RUN_UNLOCK(sc);
178676Ssam
178676Ssam	return;
206477Sbschmidt}
178676Ssam
178676Ssamstatic void
221651Sbschmidtrun_scan_start(struct ieee80211com *ic)
178676Ssam{
178676Ssam	struct run_softc *sc = ic->ic_ifp->if_softc;
198429Srpaulo	uint32_t tmp;
178676Ssam
198439Srpaulo	RUN_LOCK(sc);
178676Ssam
198439Srpaulo	/* abort TSF synchronization */
178676Ssam	run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
221650Sbschmidt	run_write(sc, RT2860_BCN_TIME_CFG,
221650Sbschmidt	    tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
178676Ssam	    RT2860_TBTT_TIMER_EN));
178676Ssam	run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
198429Srpaulo
198429Srpaulo	RUN_UNLOCK(sc);
178676Ssam
198439Srpaulo	return;
198439Srpaulo}
198439Srpaulo
198439Srpaulostatic void
201209Srpaulorun_scan_end(struct ieee80211com *ic)
198439Srpaulo{
198439Srpaulo	struct run_softc *sc = ic->ic_ifp->if_softc;
198439Srpaulo
201209Srpaulo	RUN_LOCK(sc);
198439Srpaulo
198439Srpaulo	run_enable_tsf_sync(sc);
198439Srpaulo	/* XXX keep local copy */
198439Srpaulo	run_set_bssid(sc, sc->sc_bssid);
198439Srpaulo
198439Srpaulo	RUN_UNLOCK(sc);
198439Srpaulo
198439Srpaulo	return;
198439Srpaulo}
198439Srpaulo
198439Srpaulo/*
178676Ssam * Could be called from ieee80211_node_timeout()
178676Ssam * (non-sleepable thread)
178676Ssam */
178676Ssamstatic void
178676Ssamrun_update_beacon(struct ieee80211vap *vap, int item)
178676Ssam{
198429Srpaulo	struct ieee80211com *ic = vap->iv_ic;
198429Srpaulo	struct run_softc *sc = ic->ic_ifp->if_softc;
198429Srpaulo	struct run_vap *rvp = RUN_VAP(vap);
178676Ssam	int mcast = 0;
178676Ssam	uint32_t i;
178676Ssam
178676Ssam	KASSERT(vap != NULL, ("no beacon"));
178676Ssam
198439Srpaulo	switch (item) {
201209Srpaulo	case IEEE80211_BEACON_ERP:
198439Srpaulo		run_updateslot(ic->ic_ifp);
198439Srpaulo		break;
201209Srpaulo	case IEEE80211_BEACON_HTINFO:
198439Srpaulo		run_updateprot(ic);
198439Srpaulo		break;
198439Srpaulo	case IEEE80211_BEACON_TIM:
198439Srpaulo		mcast = 1;	/*TODO*/
198439Srpaulo		break;
198429Srpaulo	default:
220728Sbschmidt		break;
198429Srpaulo	}
198429Srpaulo
178676Ssam	setbit(rvp->bo.bo_flags, item);
198429Srpaulo	ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast);
178676Ssam
198439Srpaulo	i = RUN_CMDQ_GET(&sc->cmdq_store);
178676Ssam	DPRINTF("cmdq_store=%d\n", i);
178676Ssam	sc->cmdq[i].func = run_update_beacon_cb;
206477Sbschmidt	sc->cmdq[i].arg0 = vap;
198429Srpaulo	ieee80211_runtask(ic, &sc->cmdq_task);
198429Srpaulo
198429Srpaulo	return;
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic void
198429Srpaulorun_update_beacon_cb(void *arg)
198429Srpaulo{
198429Srpaulo	struct ieee80211vap *vap = arg;
198429Srpaulo	struct run_vap *rvp = RUN_VAP(vap);
198429Srpaulo	struct ieee80211com *ic = vap->iv_ic;
198429Srpaulo	struct run_softc *sc = ic->ic_ifp->if_softc;
198429Srpaulo	struct rt2860_txwi txwi;
198429Srpaulo	struct mbuf *m;
198429Srpaulo	uint8_t ridx;
198429Srpaulo
198429Srpaulo	if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
198429Srpaulo		return;
206477Sbschmidt	if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
198429Srpaulo		return;
198429Srpaulo
198429Srpaulo	/*
198429Srpaulo	 * No need to call ieee80211_beacon_update(), run_update_beacon()
198429Srpaulo	 * is taking care of apropriate calls.
198429Srpaulo	 */
206477Sbschmidt	if (rvp->beacon_mbuf == NULL) {
220715Sbschmidt		rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss,
178676Ssam		    &rvp->bo);
220715Sbschmidt		if (rvp->beacon_mbuf == NULL)
220715Sbschmidt			return;
198429Srpaulo	}
220715Sbschmidt	m = rvp->beacon_mbuf;
221648Sbschmidt
178676Ssam	memset(&txwi, 0, sizeof txwi);
198429Srpaulo	txwi.wcid = 0xff;
201209Srpaulo	txwi.len = htole16(m->m_pkthdr.len);
178676Ssam	/* send beacons at the lowest available rate */
198429Srpaulo	ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
220715Sbschmidt	    RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
198429Srpaulo	txwi.phy = htole16(rt2860_rates[ridx].mcs);
201209Srpaulo	if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
221651Sbschmidt	        txwi.phy |= htole16(RT2860_PHY_OFDM);
198429Srpaulo	txwi.txop = RT2860_TX_TXOP_HT;
198429Srpaulo	txwi.flags = RT2860_TX_TS;
198429Srpaulo	txwi.xflags = RT2860_TX_NSEQ;
220715Sbschmidt
221649Sbschmidt	run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id),
221649Sbschmidt	    (uint8_t *)&txwi, sizeof txwi);
221649Sbschmidt	run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + sizeof txwi,
221649Sbschmidt	    mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);	/* roundup len */
178676Ssam
221649Sbschmidt	return;
221649Sbschmidt}
221649Sbschmidt
221649Sbschmidtstatic void
221648Sbschmidtrun_updateprot(struct ieee80211com *ic)
221648Sbschmidt{
221649Sbschmidt	struct run_softc *sc = ic->ic_ifp->if_softc;
221649Sbschmidt	uint32_t i;
221649Sbschmidt
221649Sbschmidt	i = RUN_CMDQ_GET(&sc->cmdq_store);
220715Sbschmidt	DPRINTF("cmdq_store=%d\n", i);
220715Sbschmidt	sc->cmdq[i].func = run_updateprot_cb;
220715Sbschmidt	sc->cmdq[i].arg0 = ic;
178676Ssam	ieee80211_runtask(ic, &sc->cmdq_task);
220715Sbschmidt}
178676Ssam
178676Ssamstatic void
178676Ssamrun_updateprot_cb(void *arg)
198429Srpaulo{
178676Ssam	struct ieee80211com *ic = arg;
206477Sbschmidt	struct run_softc *sc = ic->ic_ifp->if_softc;
201209Srpaulo	uint32_t tmp;
178676Ssam
220728Sbschmidt	tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
198429Srpaulo	/* setup protection frame rate (MCS code) */
220715Sbschmidt	tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
178676Ssam	    rt2860_rates[RT2860_RIDX_OFDM6].mcs :
220715Sbschmidt	    rt2860_rates[RT2860_RIDX_CCK11].mcs;
220715Sbschmidt
220715Sbschmidt	/* CCK frames don't require protection */
178676Ssam	run_write(sc, RT2860_CCK_PROT_CFG, tmp);
178676Ssam	if (ic->ic_flags & IEEE80211_F_USEPROT) {
198429Srpaulo		if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
220728Sbschmidt			tmp |= RT2860_PROT_CTRL_RTS_CTS;
198429Srpaulo		else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
220728Sbschmidt			tmp |= RT2860_PROT_CTRL_CTS;
198429Srpaulo	}
178676Ssam	run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
220715Sbschmidt}
220715Sbschmidt
220715Sbschmidtstatic void
220715Sbschmidtrun_usb_timeout_cb(void *arg)
220728Sbschmidt{
220715Sbschmidt	struct ieee80211vap *vap = arg;
220715Sbschmidt	struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
220715Sbschmidt
220715Sbschmidt	RUN_LOCK_ASSERT(sc, MA_OWNED);
220715Sbschmidt
220715Sbschmidt	if(vap->iv_state == IEEE80211_S_RUN &&
220715Sbschmidt	    vap->iv_opmode != IEEE80211_M_STA)
220715Sbschmidt		run_reset_livelock(sc);
221648Sbschmidt	else if (vap->iv_state == IEEE80211_S_SCAN) {
220715Sbschmidt		DPRINTF("timeout caused by scan\n");
221648Sbschmidt		/* cancel bgscan */
221648Sbschmidt		ieee80211_cancel_scan(vap);
220715Sbschmidt	} else
220715Sbschmidt		DPRINTF("timeout by unknown cause\n");
221648Sbschmidt}
220715Sbschmidt
220715Sbschmidtstatic void
178676Ssamrun_reset_livelock(struct run_softc *sc)
178676Ssam{
206477Sbschmidt	uint32_t tmp;
220721Sbschmidt
178676Ssam	RUN_LOCK_ASSERT(sc, MA_OWNED);
178676Ssam
178676Ssam	/*
178676Ssam	 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
220721Sbschmidt	 * can run into a livelock and start sending CTS-to-self frames like
178676Ssam	 * crazy if protection is enabled.  Reset MAC/BBP for a while
178676Ssam	 */
178676Ssam	run_read(sc, RT2860_DEBUG, &tmp);
220721Sbschmidt	DPRINTFN(3, "debug reg %08x\n", tmp);
220721Sbschmidt	if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
220721Sbschmidt		DPRINTF("CTS-to-self livelock detected\n");
220721Sbschmidt		run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
220721Sbschmidt		run_delay(sc, 1);
220721Sbschmidt		run_write(sc, RT2860_MAC_SYS_CTRL,
220721Sbschmidt		    RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
220721Sbschmidt	}
178676Ssam}
201209Srpaulo
178676Ssamstatic void
220725Sbschmidtrun_update_promisc_locked(struct ifnet *ifp)
178676Ssam{
201209Srpaulo	struct run_softc *sc = ifp->if_softc;
178676Ssam        uint32_t tmp;
178676Ssam
178676Ssam	run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
178676Ssam
201209Srpaulo	tmp |= RT2860_DROP_UC_NOME;
201209Srpaulo        if (ifp->if_flags & IFF_PROMISC)
201209Srpaulo		tmp &= ~RT2860_DROP_UC_NOME;
201209Srpaulo
201209Srpaulo	run_write(sc, RT2860_RX_FILTR_CFG, tmp);
201209Srpaulo
206477Sbschmidt        DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
178676Ssam            "entering" : "leaving");
178676Ssam}
178676Ssam
178676Ssamstatic void
198429Srpaulorun_update_promisc(struct ifnet *ifp)
198429Srpaulo{
198429Srpaulo	struct run_softc *sc = ifp->if_softc;
178676Ssam
198429Srpaulo	if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
178676Ssam		return;
178676Ssam
198429Srpaulo	RUN_LOCK(sc);
178676Ssam	run_update_promisc_locked(ifp);
178676Ssam	RUN_UNLOCK(sc);
178676Ssam}
201209Srpaulo
201209Srpaulostatic void
178676Ssamrun_enable_tsf_sync(struct run_softc *sc)
206477Sbschmidt{
178676Ssam	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
178676Ssam	struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
178676Ssam	uint32_t tmp;
201209Srpaulo
178676Ssam	DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode);
198429Srpaulo
178676Ssam	run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
201209Srpaulo	tmp &= ~0x1fffff;
201209Srpaulo	tmp |= vap->iv_bss->ni_intval * 16;
201209Srpaulo	tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
201209Srpaulo
201209Srpaulo	if (ic->ic_opmode == IEEE80211_M_STA) {
201209Srpaulo		/*
178676Ssam		 * Local TSF is always updated with remote TSF on beacon
201209Srpaulo		 * reception.
220726Sbschmidt		 */
178676Ssam		tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
178676Ssam	} else if (ic->ic_opmode == IEEE80211_M_IBSS) {
178676Ssam	        tmp |= RT2860_BCN_TX_EN;
206477Sbschmidt	        /*
198429Srpaulo	         * Local TSF is updated with remote TSF on beacon reception
178676Ssam	         * only if the remote TSF is greater than local TSF.
198429Srpaulo	         */
178676Ssam	        tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
178676Ssam	} else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
198429Srpaulo		    ic->ic_opmode == IEEE80211_M_MBSS) {
198429Srpaulo	        tmp |= RT2860_BCN_TX_EN;
198429Srpaulo	        /* SYNC with nobody */
198429Srpaulo	        tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
178676Ssam	} else {
198429Srpaulo		DPRINTF("Enabling TSF failed. undefined opmode\n");
220634Sbschmidt		return;
198429Srpaulo	}
198429Srpaulo
178676Ssam	run_write(sc, RT2860_BCN_TIME_CFG, tmp);
198429Srpaulo}
198429Srpaulo
178676Ssamstatic void
198429Srpaulorun_enable_mrr(struct run_softc *sc)
178676Ssam{
178676Ssam#define CCK(mcs)	(mcs)
206477Sbschmidt#define OFDM(mcs)	(1 << 3 | (mcs))
198429Srpaulo	run_write(sc, RT2860_LG_FBK_CFG0,
178676Ssam	    OFDM(6) << 28 |	/* 54->48 */
201882Skeramida	    OFDM(5) << 24 |	/* 48->36 */
201882Skeramida	    OFDM(4) << 20 |	/* 36->24 */
201882Skeramida	    OFDM(3) << 16 |	/* 24->18 */
220725Sbschmidt	    OFDM(2) << 12 |	/* 18->12 */
178676Ssam	    OFDM(1) <<  8 |	/* 12-> 9 */
178676Ssam	    OFDM(0) <<  4 |	/*  9-> 6 */
198429Srpaulo	    OFDM(0));		/*  6-> 6 */
198429Srpaulo
198429Srpaulo	run_write(sc, RT2860_LG_FBK_CFG1,
201882Skeramida	    CCK(2) << 12 |	/* 11->5.5 */
178676Ssam	    CCK(1) <<  8 |	/* 5.5-> 2 */
178676Ssam	    CCK(0) <<  4 |	/*   2-> 1 */
178676Ssam	    CCK(0));		/*   1-> 1 */
178676Ssam#undef OFDM
198429Srpaulo#undef CCK
178676Ssam}
178676Ssam
178676Ssamstatic void
206477Sbschmidtrun_set_txpreamble(struct run_softc *sc)
201882Skeramida{
201882Skeramida	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
178676Ssam	uint32_t tmp;
198429Srpaulo
178676Ssam	run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
178676Ssam	if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
198429Srpaulo		tmp |= RT2860_CCK_SHORT_EN;
178676Ssam	else
178676Ssam		tmp &= ~RT2860_CCK_SHORT_EN;
178676Ssam	run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
178676Ssam}
178676Ssam
198429Srpaulostatic void
198429Srpaulorun_set_basicrates(struct run_softc *sc)
220723Sbschmidt{
178676Ssam	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
178676Ssam
198429Srpaulo	/* set basic rates mask */
178676Ssam	if (ic->ic_curmode == IEEE80211_MODE_11B)
220687Sbschmidt		run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
220687Sbschmidt	else if (ic->ic_curmode == IEEE80211_MODE_11A)
201209Srpaulo		run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
201209Srpaulo	else	/* 11g */
178676Ssam		run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
178676Ssam}
178676Ssam
178676Ssamstatic void
178676Ssamrun_set_leds(struct run_softc *sc, uint16_t which)
178676Ssam{
178676Ssam	(void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
198429Srpaulo	    which | (sc->leds & 0x7f));
198429Srpaulo}
178676Ssam
178676Ssamstatic void
198429Srpaulorun_set_bssid(struct run_softc *sc, const uint8_t *bssid)
198429Srpaulo{
178676Ssam	run_write(sc, RT2860_MAC_BSSID_DW0,
178676Ssam	    bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
198429Srpaulo	run_write(sc, RT2860_MAC_BSSID_DW1,
178676Ssam	    bssid[4] | bssid[5] << 8);
178676Ssam}
178676Ssam
178676Ssamstatic void
178676Ssamrun_set_macaddr(struct run_softc *sc, const uint8_t *addr)
178676Ssam{
178676Ssam	run_write(sc, RT2860_MAC_ADDR_DW0,
178676Ssam	    addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
178676Ssam	run_write(sc, RT2860_MAC_ADDR_DW1,
201209Srpaulo	    addr[4] | addr[5] << 8 | 0xff << 16);
178676Ssam}
178676Ssam
178676Ssamstatic void
178676Ssamrun_updateslot(struct ifnet *ifp)
178676Ssam{
178676Ssam	struct run_softc *sc = ifp->if_softc;
178676Ssam	struct ieee80211com *ic = ifp->if_l2com;
178676Ssam	uint32_t i;
178676Ssam
178676Ssam	i = RUN_CMDQ_GET(&sc->cmdq_store);
178676Ssam	DPRINTF("cmdq_store=%d\n", i);
178676Ssam	sc->cmdq[i].func = run_updateslot_cb;
178676Ssam	sc->cmdq[i].arg0 = ifp;
201209Srpaulo	ieee80211_runtask(ic, &sc->cmdq_task);
178676Ssam
178676Ssam	return;
178676Ssam}
178676Ssam
198429Srpaulo/* ARGSUSED */
198429Srpaulostatic void
178676Ssamrun_updateslot_cb(void *arg)
178676Ssam{
178676Ssam	struct ifnet *ifp = arg;
178676Ssam	struct run_softc *sc = ifp->if_softc;
198429Srpaulo	struct ieee80211com *ic = ifp->if_l2com;
178676Ssam	uint32_t tmp;
178676Ssam
178676Ssam	run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
178676Ssam	tmp &= ~0xff;
178676Ssam	tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
178676Ssam	run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
178676Ssam}
178676Ssam
178676Ssamstatic void
178676Ssamrun_update_mcast(struct ifnet *ifp)
178676Ssam{
178676Ssam	/* h/w filter supports getting everything or nothing */
178676Ssam	ifp->if_flags |= IFF_ALLMULTI;
178676Ssam}
178676Ssam
178676Ssamstatic int8_t
198429Srpaulorun_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
178676Ssam{
178676Ssam	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
178676Ssam	struct ieee80211_channel *c = ic->ic_curchan;
178676Ssam	int delta;
178676Ssam
178676Ssam	if (IEEE80211_IS_CHAN_5GHZ(c)) {
201209Srpaulo		uint32_t chan = ieee80211_chan2ieee(ic, c);
198429Srpaulo		delta = sc->rssi_5ghz[rxchain];
198429Srpaulo
198429Srpaulo		/* determine channel group */
178676Ssam		if (chan <= 64)
198429Srpaulo			delta -= sc->lna[1];
178676Ssam		else if (chan <= 128)
198429Srpaulo			delta -= sc->lna[2];
198429Srpaulo		else
198429Srpaulo			delta -= sc->lna[3];
198429Srpaulo	} else
198429Srpaulo		delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
198429Srpaulo
198429Srpaulo	return (-12 - delta - rssi);
198429Srpaulo}
198429Srpaulo
178676Ssamstatic int
201209Srpaulorun_bbp_init(struct run_softc *sc)
178676Ssam{
178676Ssam	int i, error, ntries;
178676Ssam	uint8_t bbp0;
178676Ssam
178676Ssam	/* wait for BBP to wake up */
178676Ssam	for (ntries = 0; ntries < 20; ntries++) {
178676Ssam		if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
178676Ssam			return error;
178676Ssam		if (bbp0 != 0 && bbp0 != 0xff)
178676Ssam			break;
178676Ssam	}
178676Ssam	if (ntries == 20)
198429Srpaulo		return (ETIMEDOUT);
178676Ssam
178676Ssam	/* initialize BBP registers to default values */
198429Srpaulo	for (i = 0; i < N(rt2860_def_bbp); i++) {
198429Srpaulo		run_bbp_write(sc, rt2860_def_bbp[i].reg,
178676Ssam		    rt2860_def_bbp[i].val);
178676Ssam	}
178676Ssam
178676Ssam	/* fix BBP84 for RT2860E */
178676Ssam	if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
178676Ssam		run_bbp_write(sc, 84, 0x19);
178676Ssam
178676Ssam	if (sc->mac_ver >= 0x3070) {
178676Ssam		run_bbp_write(sc, 79, 0x13);
178676Ssam		run_bbp_write(sc, 80, 0x05);
178676Ssam		run_bbp_write(sc, 81, 0x33);
178676Ssam	} else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
178676Ssam		run_bbp_write(sc, 69, 0x16);
178676Ssam		run_bbp_write(sc, 73, 0x12);
178676Ssam	}
178676Ssam	return (0);
178676Ssam}
206477Sbschmidt
201882Skeramidastatic int
201882Skeramidarun_rt3070_rf_init(struct run_softc *sc)
198429Srpaulo{
198429Srpaulo	uint32_t tmp;
198429Srpaulo	uint8_t rf, target, bbp4;
198429Srpaulo	int i;
198429Srpaulo
198429Srpaulo	run_rt3070_rf_read(sc, 30, &rf);
198429Srpaulo	/* toggle RF R30 bit 7 */
198429Srpaulo	run_rt3070_rf_write(sc, 30, rf | 0x80);
198429Srpaulo	run_delay(sc, 10);
198429Srpaulo	run_rt3070_rf_write(sc, 30, rf & ~0x80);
198429Srpaulo
198429Srpaulo	/* initialize RF registers to default value */
198429Srpaulo	if (sc->mac_ver == 0x3572) {
198429Srpaulo		for (i = 0; i < N(rt3572_def_rf); i++) {
198429Srpaulo			run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
178676Ssam			    rt3572_def_rf[i].val);
198429Srpaulo		}
178676Ssam	} else {
206477Sbschmidt		for (i = 0; i < N(rt3070_def_rf); i++) {
198429Srpaulo			run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
178676Ssam			    rt3070_def_rf[i].val);
198429Srpaulo		}
198429Srpaulo	}
198429Srpaulo
178676Ssam	if (sc->mac_ver == 0x3070) {
201209Srpaulo		/* change voltage from 1.2V to 1.35V for RT3070 */
198429Srpaulo		run_read(sc, RT3070_LDO_CFG0, &tmp);
178676Ssam		tmp = (tmp & ~0x0f000000) | 0x0d000000;
178676Ssam		run_write(sc, RT3070_LDO_CFG0, tmp);
220689Sbschmidt
220689Sbschmidt	} else if (sc->mac_ver == 0x3071) {
220689Sbschmidt		run_rt3070_rf_read(sc, 6, &rf);
220689Sbschmidt		run_rt3070_rf_write(sc, 6, rf | 0x40);
220689Sbschmidt		run_rt3070_rf_write(sc, 31, 0x14);
220689Sbschmidt
198429Srpaulo		run_read(sc, RT3070_LDO_CFG0, &tmp);
220724Sbschmidt		tmp &= ~0x1f000000;
220724Sbschmidt		if (sc->mac_rev < 0x0211)
220724Sbschmidt			tmp |= 0x0d000000;	/* 1.3V */
178676Ssam		else
178676Ssam			tmp |= 0x01000000;	/* 1.2V */
178676Ssam		run_write(sc, RT3070_LDO_CFG0, tmp);
178676Ssam
206477Sbschmidt		/* patch LNA_PE_G1 */
198429Srpaulo		run_read(sc, RT3070_GPIO_SWITCH, &tmp);
198429Srpaulo		run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
198429Srpaulo
220723Sbschmidt	} else if (sc->mac_ver == 0x3572) {
198429Srpaulo		run_rt3070_rf_read(sc, 6, &rf);
198429Srpaulo		run_rt3070_rf_write(sc, 6, rf | 0x40);
198429Srpaulo
198429Srpaulo		/* increase voltage from 1.2V to 1.35V */
198429Srpaulo		run_read(sc, RT3070_LDO_CFG0, &tmp);
198429Srpaulo		tmp = (tmp & ~0x1f000000) | 0x0d000000;
198429Srpaulo		run_write(sc, RT3070_LDO_CFG0, tmp);
198429Srpaulo
220724Sbschmidt		if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
220724Sbschmidt			run_delay(sc, 1);	/* wait for 1msec */
201822Strasz			/* decrease voltage back to 1.2V */
198429Srpaulo			tmp = (tmp & ~0x1f000000) | 0x01000000;
198429Srpaulo			run_write(sc, RT3070_LDO_CFG0, tmp);
198429Srpaulo		}
198429Srpaulo	}
178676Ssam
198429Srpaulo	/* select 20MHz bandwidth */
178676Ssam	run_rt3070_rf_read(sc, 31, &rf);
206477Sbschmidt	run_rt3070_rf_write(sc, 31, rf & ~0x20);
178676Ssam
178676Ssam	/* calibrate filter for 20MHz bandwidth */
178676Ssam	sc->rf24_20mhz = 0x1f;	/* default value */
178676Ssam	target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
178676Ssam	run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
178676Ssam
198429Srpaulo	/* select 40MHz bandwidth */
198429Srpaulo	run_bbp_read(sc, 4, &bbp4);
198429Srpaulo	run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10);
198429Srpaulo	run_rt3070_rf_read(sc, 31, &rf);
178676Ssam	run_rt3070_rf_write(sc, 31, rf | 0x20);
198429Srpaulo
178676Ssam	/* calibrate filter for 40MHz bandwidth */
178676Ssam	sc->rf24_40mhz = 0x2f;	/* default value */
178676Ssam	target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
178676Ssam	run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
198429Srpaulo
178676Ssam	/* go back to 20MHz bandwidth */
206477Sbschmidt	run_bbp_read(sc, 4, &bbp4);
198429Srpaulo	run_bbp_write(sc, 4, bbp4 & ~0x18);
178676Ssam
178676Ssam	if (sc->mac_ver == 0x3572) {
178676Ssam		/* save default BBP registers 25 and 26 values */
178676Ssam		run_bbp_read(sc, 25, &sc->bbp25);
178676Ssam		run_bbp_read(sc, 26, &sc->bbp26);
178676Ssam	} else if (sc->mac_rev < 0x0211)
178676Ssam		run_rt3070_rf_write(sc, 27, 0x03);
178676Ssam
178676Ssam	run_read(sc, RT3070_OPT_14, &tmp);
220725Sbschmidt	run_write(sc, RT3070_OPT_14, tmp | 1);
178676Ssam
178676Ssam	if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
198429Srpaulo		run_rt3070_rf_read(sc, 17, &rf);
220659Sbschmidt		rf &= ~RT3070_TX_LO1;
198429Srpaulo		if ((sc->mac_ver == 0x3070 ||
178676Ssam		     (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
178676Ssam		    !sc->ext_2ghz_lna)
178676Ssam			rf |= 0x20;	/* fix for long range Rx issue */
201209Srpaulo		if (sc->txmixgain_2ghz >= 1)
201209Srpaulo			rf = (rf & ~0x7) | sc->txmixgain_2ghz;
178676Ssam		run_rt3070_rf_write(sc, 17, rf);
178676Ssam	}
178676Ssam
206477Sbschmidt	if (sc->mac_rev == 0x3071) {
198429Srpaulo		run_rt3070_rf_read(sc, 1, &rf);
198429Srpaulo		rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
201209Srpaulo		rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
201209Srpaulo		run_rt3070_rf_write(sc, 1, rf);
198429Srpaulo
198429Srpaulo		run_rt3070_rf_read(sc, 15, &rf);
220725Sbschmidt		run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
198429Srpaulo
201209Srpaulo		run_rt3070_rf_read(sc, 20, &rf);
201209Srpaulo		run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
201209Srpaulo
201209Srpaulo		run_rt3070_rf_read(sc, 21, &rf);
201209Srpaulo		run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
201209Srpaulo	}
198429Srpaulo
198429Srpaulo	if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
178676Ssam		/* fix Tx to Rx IQ glitch by raising RF voltage */
178676Ssam		run_rt3070_rf_read(sc, 27, &rf);
178676Ssam		rf &= ~0x77;
206477Sbschmidt		if (sc->mac_rev < 0x0211)
178676Ssam			rf |= 0x03;
178676Ssam		run_rt3070_rf_write(sc, 27, rf);
220728Sbschmidt	}
178676Ssam	return (0);
198429Srpaulo}
178676Ssam
178676Ssamstatic int
198429Srpaulorun_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
178676Ssam    uint8_t *val)
178676Ssam{
178676Ssam	uint8_t rf22, rf24;
198429Srpaulo	uint8_t bbp55_pb, bbp55_sb, delta;
201209Srpaulo	int ntries;
201209Srpaulo
206444Sbschmidt	/* program filter */
201209Srpaulo	run_rt3070_rf_read(sc, 24, &rf24);
198429Srpaulo	rf24 = (rf24 & 0xc0) | init;	/* initial filter value */
201209Srpaulo	run_rt3070_rf_write(sc, 24, rf24);
201209Srpaulo
178676Ssam	/* enable baseband loopback mode */
198429Srpaulo	run_rt3070_rf_read(sc, 22, &rf22);
220726Sbschmidt	run_rt3070_rf_write(sc, 22, rf22 | 0x01);
178676Ssam
178676Ssam	/* set power and frequency of passband test tone */
198429Srpaulo	run_bbp_write(sc, 24, 0x00);
220728Sbschmidt	for (ntries = 0; ntries < 100; ntries++) {
198429Srpaulo		/* transmit test tone */
198429Srpaulo		run_bbp_write(sc, 25, 0x90);
198429Srpaulo		run_delay(sc, 10);
198429Srpaulo		/* read received power */
220724Sbschmidt		run_bbp_read(sc, 55, &bbp55_pb);
220724Sbschmidt		if (bbp55_pb != 0)
198429Srpaulo			break;
178676Ssam	}
178676Ssam	if (ntries == 100)
178676Ssam		return ETIMEDOUT;
178676Ssam
178676Ssam	/* set power and frequency of stopband test tone */
198429Srpaulo	run_bbp_write(sc, 24, 0x06);
178676Ssam	for (ntries = 0; ntries < 100; ntries++) {
206477Sbschmidt		/* transmit test tone */
198429Srpaulo		run_bbp_write(sc, 25, 0x90);
178676Ssam		run_delay(sc, 10);
178676Ssam		/* read received power */
220728Sbschmidt		run_bbp_read(sc, 55, &bbp55_sb);
178676Ssam
198429Srpaulo		delta = bbp55_pb - bbp55_sb;
198429Srpaulo		if (delta > target)
178676Ssam			break;
198429Srpaulo
178676Ssam		/* reprogram filter */
178676Ssam		rf24++;
178676Ssam		run_rt3070_rf_write(sc, 24, rf24);
178676Ssam	}
198429Srpaulo	if (ntries < 100) {
178676Ssam		if (rf24 != init)
178676Ssam			rf24--;	/* backtrack */
178676Ssam		*val = rf24;
198429Srpaulo		run_rt3070_rf_write(sc, 24, rf24);
198429Srpaulo	}
198429Srpaulo
178676Ssam	/* restore initial state */
198429Srpaulo	run_bbp_write(sc, 24, 0x00);
210110Sbschmidt
178676Ssam	/* disable baseband loopback mode */
210110Sbschmidt	run_rt3070_rf_read(sc, 22, &rf22);
210110Sbschmidt	run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
210110Sbschmidt
210110Sbschmidt	return (0);
210110Sbschmidt}
210110Sbschmidt
198429Srpaulostatic void
201209Srpaulorun_rt3070_rf_setup(struct run_softc *sc)
201209Srpaulo{
178676Ssam	uint8_t bbp, rf;
220728Sbschmidt	int i;
198429Srpaulo
198429Srpaulo	if (sc->mac_ver == 0x3572) {
198429Srpaulo		/* enable DC filter */
198429Srpaulo		if (sc->mac_rev >= 0x0201)
201209Srpaulo			run_bbp_write(sc, 103, 0xc0);
220728Sbschmidt
198429Srpaulo		run_bbp_read(sc, 138, &bbp);
198429Srpaulo		if (sc->ntxchains == 1)
198429Srpaulo			bbp |= 0x20;	/* turn off DAC1 */
198429Srpaulo		if (sc->nrxchains == 1)
198429Srpaulo			bbp &= ~0x02;	/* turn off ADC1 */
198429Srpaulo		run_bbp_write(sc, 138, bbp);
198429Srpaulo
198429Srpaulo		if (sc->mac_rev >= 0x0211) {
198429Srpaulo			/* improve power consumption */
198429Srpaulo			run_bbp_read(sc, 31, &bbp);
206477Sbschmidt			run_bbp_write(sc, 31, bbp & ~0x03);
198429Srpaulo		}
198429Srpaulo
198429Srpaulo		run_rt3070_rf_read(sc, 16, &rf);
198429Srpaulo		rf = (rf & ~0x07) | sc->txmixgain_2ghz;
198429Srpaulo		run_rt3070_rf_write(sc, 16, rf);
198429Srpaulo
198429Srpaulo	} else if (sc->mac_ver == 0x3071) {
198429Srpaulo		/* enable DC filter */
198429Srpaulo		if (sc->mac_rev >= 0x0201)
198429Srpaulo			run_bbp_write(sc, 103, 0xc0);
198429Srpaulo
198429Srpaulo		run_bbp_read(sc, 138, &bbp);
206477Sbschmidt		if (sc->ntxchains == 1)
198429Srpaulo			bbp |= 0x20;	/* turn off DAC1 */
198429Srpaulo		if (sc->nrxchains == 1)
198429Srpaulo			bbp &= ~0x02;	/* turn off ADC1 */
198429Srpaulo		run_bbp_write(sc, 138, bbp);
198429Srpaulo
220866Sbschmidt		if (sc->mac_rev >= 0x0211) {
198429Srpaulo			/* improve power consumption */
198429Srpaulo			run_bbp_read(sc, 31, &bbp);
198429Srpaulo			run_bbp_write(sc, 31, bbp & ~0x03);
198429Srpaulo		}
198429Srpaulo
198429Srpaulo		run_write(sc, RT2860_TX_SW_CFG1, 0);
198429Srpaulo		if (sc->mac_rev < 0x0211) {
206477Sbschmidt			run_write(sc, RT2860_TX_SW_CFG2,
198429Srpaulo			    sc->patch_dac ? 0x2c : 0x0f);
198429Srpaulo		} else
198429Srpaulo			run_write(sc, RT2860_TX_SW_CFG2, 0);
198429Srpaulo
198429Srpaulo	} else if (sc->mac_ver == 0x3070) {
198429Srpaulo		if (sc->mac_rev >= 0x0201) {
198429Srpaulo			/* enable DC filter */
201209Srpaulo			run_bbp_write(sc, 103, 0xc0);
178676Ssam
201209Srpaulo			/* improve power consumption */
198429Srpaulo			run_bbp_read(sc, 31, &bbp);
178676Ssam			run_bbp_write(sc, 31, bbp & ~0x03);
178676Ssam		}
198429Srpaulo
198429Srpaulo		if (sc->mac_rev < 0x0211) {
178676Ssam			run_write(sc, RT2860_TX_SW_CFG1, 0);
201209Srpaulo			run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
198429Srpaulo		} else
198429Srpaulo			run_write(sc, RT2860_TX_SW_CFG2, 0);
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	/* initialize RF registers from ROM for >=RT3071*/
198429Srpaulo	if (sc->mac_ver >= 0x3071) {
198429Srpaulo		for (i = 0; i < 10; i++) {
178676Ssam			if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
178676Ssam				continue;
178676Ssam			run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
198429Srpaulo		}
201209Srpaulo	}
198429Srpaulo}
178676Ssam
178676Ssamstatic int
206477Sbschmidtrun_txrx_enable(struct run_softc *sc)
198429Srpaulo{
198429Srpaulo	struct ieee80211com *ic = sc->sc_ifp->if_l2com;
198429Srpaulo	uint32_t tmp;
198429Srpaulo	int error, ntries;
220723Sbschmidt
198429Srpaulo	run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
206444Sbschmidt	for (ntries = 0; ntries < 200; ntries++) {
206444Sbschmidt		if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
198429Srpaulo			return error;
198429Srpaulo		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
220866Sbschmidt			break;
198429Srpaulo		run_delay(sc, 50);
198429Srpaulo	}
201209Srpaulo	if (ntries == 200)
201209Srpaulo		return ETIMEDOUT;
201209Srpaulo
201209Srpaulo	run_delay(sc, 50);
201209Srpaulo
201209Srpaulo	tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
201209Srpaulo	run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
206444Sbschmidt
198429Srpaulo	/* enable Rx bulk aggregation (set timeout and limit) */
198429Srpaulo	tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
198429Srpaulo	    RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
198429Srpaulo	run_write(sc, RT2860_USB_DMA_CFG, tmp);
198429Srpaulo
198429Srpaulo	/* set Rx filter */
198429Srpaulo	tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
198429Srpaulo	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
201209Srpaulo		tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
198429Srpaulo		    RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
198429Srpaulo		    RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
198429Srpaulo		    RT2860_DROP_CFACK | RT2860_DROP_CFEND;
178676Ssam		if (ic->ic_opmode == IEEE80211_M_STA)
198429Srpaulo			tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
178676Ssam	}
178676Ssam	run_write(sc, RT2860_RX_FILTR_CFG, tmp);
206477Sbschmidt
178676Ssam	run_write(sc, RT2860_MAC_SYS_CTRL,
178676Ssam	    RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
198429Srpaulo
178676Ssam	return (0);
178676Ssam}
178676Ssam
178676Ssamstatic void
178676Ssamrun_init_locked(struct run_softc *sc)
178676Ssam{
178676Ssam	struct ifnet *ifp = sc->sc_ifp;
198429Srpaulo	struct ieee80211com *ic = ifp->if_l2com;
178676Ssam	uint32_t tmp;
178676Ssam	uint8_t bbp1, bbp3;
178676Ssam	int i;
178676Ssam	int ridx;
178676Ssam	int ntries;
178676Ssam
178676Ssam	if (ic->ic_nrunning > 1)
178676Ssam		return;
201209Srpaulo
178676Ssam	run_stop(sc);
178676Ssam
178676Ssam	if (run_load_microcode(sc) != 0) {
198439Srpaulo		device_printf(sc->sc_dev, "could not load 8051 microcode\n");
198429Srpaulo		goto fail;
178676Ssam	}
198429Srpaulo
220726Sbschmidt	for (ntries = 0; ntries < 100; ntries++) {
178676Ssam		if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
178676Ssam			goto fail;
198429Srpaulo		if (tmp != 0 && tmp != 0xffffffff)
178676Ssam			break;
178676Ssam		run_delay(sc, 10);
220634Sbschmidt	}
178676Ssam	if (ntries == 100)
198429Srpaulo		goto fail;
178676Ssam
178676Ssam	for (i = 0; i != RUN_EP_QUEUES; i++)
178676Ssam		run_setup_tx_list(sc, &sc->sc_epq[i]);
178676Ssam
198429Srpaulo	run_set_macaddr(sc, IF_LLADDR(ifp));
178676Ssam
178676Ssam	for (ntries = 0; ntries < 100; ntries++) {
198429Srpaulo		if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
198429Srpaulo			goto fail;
198429Srpaulo		if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
198429Srpaulo			break;
178676Ssam		run_delay(sc, 10);
178676Ssam	}
198429Srpaulo	if (ntries == 100) {
178676Ssam		device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
178676Ssam		goto fail;
198429Srpaulo	}
198429Srpaulo	tmp &= 0xff0;
198429Srpaulo	tmp |= RT2860_TX_WB_DDONE;
198429Srpaulo	run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
178676Ssam
178676Ssam	/* turn off PME_OEN to solve high-current issue */
198429Srpaulo	run_read(sc, RT2860_SYS_CTRL, &tmp);
178676Ssam	run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
178676Ssam
198429Srpaulo	run_write(sc, RT2860_MAC_SYS_CTRL,
198429Srpaulo	    RT2860_BBP_HRST | RT2860_MAC_SRST);
198429Srpaulo	run_write(sc, RT2860_USB_DMA_CFG, 0);
178676Ssam
178676Ssam	if (run_reset(sc) != 0) {
178676Ssam		device_printf(sc->sc_dev, "could not reset chipset\n");
198429Srpaulo		goto fail;
178676Ssam	}
178676Ssam
198429Srpaulo	run_write(sc, RT2860_MAC_SYS_CTRL, 0);
178676Ssam
198429Srpaulo	/* init Tx power for all Tx rates (from EEPROM) */
178676Ssam	for (ridx = 0; ridx < 5; ridx++) {
178676Ssam		if (sc->txpow20mhz[ridx] == 0xffffffff)
198429Srpaulo			continue;
198429Srpaulo		run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
198429Srpaulo	}
178676Ssam
178676Ssam	for (i = 0; i < N(rt2870_def_mac); i++)
178676Ssam		run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
198429Srpaulo	run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
178676Ssam	run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
178676Ssam	run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
198429Srpaulo
178676Ssam	if (sc->mac_ver >= 0x3070) {
178676Ssam		/* set delay of PA_PE assertion to 1us (unit of 0.25us) */
198429Srpaulo		run_write(sc, RT2860_TX_SW_CFG0,
178676Ssam		    4 << RT2860_DLY_PAPE_EN_SHIFT);
178676Ssam	}
220634Sbschmidt
178676Ssam	/* wait while MAC is busy */
198429Srpaulo	for (ntries = 0; ntries < 100; ntries++) {
178676Ssam		if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
178676Ssam			goto fail;
178676Ssam		if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
178676Ssam			break;
198429Srpaulo		run_delay(sc, 10);
178676Ssam	}
178676Ssam	if (ntries == 100)
178676Ssam		goto fail;
178676Ssam
178676Ssam	/* clear Host to MCU mailbox */
198429Srpaulo	run_write(sc, RT2860_H2M_BBPAGENT, 0);
178676Ssam	run_write(sc, RT2860_H2M_MAILBOX, 0);
178676Ssam	run_delay(sc, 10);
198429Srpaulo
178676Ssam	if (run_bbp_init(sc) != 0) {
198429Srpaulo		device_printf(sc->sc_dev, "could not initialize BBP\n");
198429Srpaulo		goto fail;
178676Ssam	}
178676Ssam
198429Srpaulo	/* abort TSF synchronization */
178676Ssam	run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
198429Srpaulo	tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
178676Ssam	    RT2860_TBTT_TIMER_EN);
178676Ssam	run_write(sc, RT2860_BCN_TIME_CFG, tmp);
198429Srpaulo
178676Ssam	/* clear RX WCID search table */
178676Ssam	run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
178676Ssam	/* clear WCID attribute table */
178676Ssam	run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
178676Ssam
198429Srpaulo	/* hostapd sets a key before init. So, don't clear it. */
198429Srpaulo	if (sc->cmdq_key_set != RUN_CMDQ_GO) {
220726Sbschmidt		/* clear shared key table */
198429Srpaulo		run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
198429Srpaulo		/* clear shared key mode */
198429Srpaulo		run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
178676Ssam	}
178676Ssam
198429Srpaulo	run_read(sc, RT2860_US_CYC_CNT, &tmp);
178676Ssam	tmp = (tmp & ~0xff) | 0x1e;
178676Ssam	run_write(sc, RT2860_US_CYC_CNT, tmp);
178676Ssam
178676Ssam	if (sc->mac_rev != 0x0101)
178676Ssam		run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
178676Ssam
198429Srpaulo	run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
198429Srpaulo	run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
178676Ssam
178676Ssam	/* write vendor-specific BBP values (from EEPROM) */
178676Ssam	for (i = 0; i < 10; i++) {
178676Ssam		if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
178676Ssam			continue;
178676Ssam		run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
198429Srpaulo	}
198429Srpaulo
178676Ssam	/* select Main antenna for 1T1R devices */
178676Ssam	if (sc->rf_rev == RT3070_RF_3020)
206477Sbschmidt		run_set_rx_antenna(sc, 0);
178676Ssam
178676Ssam	/* send LEDs operating mode to microcontroller */
178676Ssam	(void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
220729Sbschmidt	(void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
220729Sbschmidt	(void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
178676Ssam
178676Ssam	if (sc->mac_ver >= 0x3070)
220729Sbschmidt		run_rt3070_rf_init(sc);
178676Ssam
198429Srpaulo	/* disable non-existing Rx chains */
220726Sbschmidt	run_bbp_read(sc, 3, &bbp3);
220726Sbschmidt	bbp3 &= ~(1 << 3 | 1 << 4);
220726Sbschmidt	if (sc->nrxchains == 2)
220726Sbschmidt		bbp3 |= 1 << 3;
220726Sbschmidt	else if (sc->nrxchains == 3)
220726Sbschmidt		bbp3 |= 1 << 4;
198429Srpaulo	run_bbp_write(sc, 3, bbp3);
220726Sbschmidt
220726Sbschmidt	/* disable non-existing Tx chains */
220726Sbschmidt	run_bbp_read(sc, 1, &bbp1);
198429Srpaulo	if (sc->ntxchains == 1)
220726Sbschmidt		bbp1 &= ~(1 << 3 | 1 << 4);
220726Sbschmidt	run_bbp_write(sc, 1, bbp1);
178676Ssam
202986Srpaulo	if (sc->mac_ver >= 0x3070)
178676Ssam		run_rt3070_rf_setup(sc);
198429Srpaulo
198429Srpaulo	/* select default channel */
198429Srpaulo	run_set_chan(sc, ic->ic_curchan);
220729Sbschmidt
220729Sbschmidt	/* setup initial protection mode */
220729Sbschmidt	run_updateprot_cb(ic);
220729Sbschmidt
220729Sbschmidt	/* turn radio LED on */
220729Sbschmidt	run_set_leds(sc, RT2860_LED_RADIO);
220729Sbschmidt
220729Sbschmidt	ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
220729Sbschmidt	ifp->if_drv_flags |= IFF_DRV_RUNNING;
220729Sbschmidt	sc->cmdq_run = RUN_CMDQ_GO;
220729Sbschmidt
220729Sbschmidt	for (i = 0; i != RUN_N_XFER; i++)
220729Sbschmidt		usbd_xfer_set_stall(sc->sc_xfer[i]);
220729Sbschmidt
220729Sbschmidt	usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
178676Ssam
178676Ssam	if (run_txrx_enable(sc) != 0)
198429Srpaulo		goto fail;
198429Srpaulo
198429Srpaulo	return;
198429Srpaulo
206477Sbschmidtfail:
198429Srpaulo	run_stop(sc);
198429Srpaulo}
220723Sbschmidt
198429Srpaulostatic void
198429Srpaulorun_init(void *arg)
220721Sbschmidt{
198429Srpaulo	struct run_softc *sc = arg;
198429Srpaulo	struct ifnet *ifp = sc->sc_ifp;
198429Srpaulo	struct ieee80211com *ic = ifp->if_l2com;
198429Srpaulo
198429Srpaulo	RUN_LOCK(sc);
198429Srpaulo	run_init_locked(sc);
198429Srpaulo	RUN_UNLOCK(sc);
198429Srpaulo
198429Srpaulo	if (ifp->if_drv_flags & IFF_DRV_RUNNING)
198429Srpaulo		ieee80211_start_all(ic);
198429Srpaulo}
198429Srpaulo
198429Srpaulostatic void
198429Srpaulorun_stop(void *arg)
198429Srpaulo{
201209Srpaulo	struct run_softc *sc = (struct run_softc *)arg;
220721Sbschmidt	struct ifnet *ifp = sc->sc_ifp;
220721Sbschmidt	uint32_t tmp;
198429Srpaulo	int i;
198429Srpaulo	int ntries;
198429Srpaulo
198429Srpaulo	RUN_LOCK_ASSERT(sc, MA_OWNED);
198429Srpaulo
198429Srpaulo	if (ifp->if_drv_flags & IFF_DRV_RUNNING)
198429Srpaulo		run_set_leds(sc, 0);	/* turn all LEDs off */
198429Srpaulo
198429Srpaulo	ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
198429Srpaulo
198429Srpaulo	sc->ratectl_run = RUN_RATECTL_OFF;
198429Srpaulo	sc->cmdq_run = sc->cmdq_key_set;
198429Srpaulo
198429Srpaulo	RUN_UNLOCK(sc);
198429Srpaulo
198429Srpaulo	for(i = 0; i < RUN_N_XFER; i++)
198429Srpaulo		usbd_transfer_drain(sc->sc_xfer[i]);
198429Srpaulo
198429Srpaulo	RUN_LOCK(sc);
198429Srpaulo
198429Srpaulo	if (sc->rx_m != NULL) {
198429Srpaulo		m_free(sc->rx_m);
198429Srpaulo		sc->rx_m = NULL;
198429Srpaulo	}
198429Srpaulo
198429Srpaulo	/* disable Tx/Rx */
206477Sbschmidt	run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
220662Sbschmidt	tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
220662Sbschmidt	run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
220662Sbschmidt
220662Sbschmidt	/* wait for pending Tx to complete */
220662Sbschmidt	for (ntries = 0; ntries < 100; ntries++) {
220662Sbschmidt		if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
220662Sbschmidt			DPRINTF("Cannot read Tx queue count\n");
220662Sbschmidt			break;
220662Sbschmidt		}
220662Sbschmidt		if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
220662Sbschmidt			DPRINTF("All Tx cleared\n");
220662Sbschmidt			break;
220662Sbschmidt		}
220662Sbschmidt		run_delay(sc, 10);
220891Sbschmidt	}
220891Sbschmidt	if (ntries >= 100)
220891Sbschmidt		DPRINTF("There are still pending Tx\n");
220891Sbschmidt	run_delay(sc, 10);
220891Sbschmidt	run_write(sc, RT2860_USB_DMA_CFG, 0);
220891Sbschmidt
220891Sbschmidt	run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
220891Sbschmidt	run_write(sc, RT2860_MAC_SYS_CTRL, 0);
220891Sbschmidt
220891Sbschmidt	for (i = 0; i != RUN_EP_QUEUES; i++)
220891Sbschmidt		run_unsetup_tx_list(sc, &sc->sc_epq[i]);
220891Sbschmidt
220891Sbschmidt	return;
220891Sbschmidt}
220891Sbschmidt
220891Sbschmidtstatic void
220891Sbschmidtrun_delay(struct run_softc *sc, unsigned int ms)
220891Sbschmidt{
220891Sbschmidt	usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
220891Sbschmidt	    &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
220891Sbschmidt}
220891Sbschmidt
220891Sbschmidtstatic device_method_t run_methods[] = {
220891Sbschmidt	/* Device interface */
220891Sbschmidt	DEVMETHOD(device_probe,		run_match),
220891Sbschmidt	DEVMETHOD(device_attach,	run_attach),
220891Sbschmidt	DEVMETHOD(device_detach,	run_detach),
220891Sbschmidt
220891Sbschmidt	{ 0, 0 }
220891Sbschmidt};
220891Sbschmidt
220891Sbschmidtstatic driver_t run_driver = {
220891Sbschmidt	.name = "run",
220891Sbschmidt	.methods = run_methods,
220891Sbschmidt	.size = sizeof(struct run_softc)
220891Sbschmidt};
220891Sbschmidt
220891Sbschmidtstatic devclass_t run_devclass;
220891Sbschmidt
220891SbschmidtDRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0);
220891SbschmidtMODULE_DEPEND(run, wlan, 1, 1, 1);
220891SbschmidtMODULE_DEPEND(run, usb, 1, 1, 1);
220891SbschmidtMODULE_DEPEND(run, firmware, 1, 1, 1);
220891SbschmidtMODULE_VERSION(run, 1);
220891Sbschmidt