1/*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD: stable/11/sys/dev/usb/wlan/if_run.c 346006 2019-04-07 13:26:45Z avos $"); 22 23/*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28#include <sys/param.h> 29#include <sys/sockio.h> 30#include <sys/sysctl.h> 31#include <sys/lock.h> 32#include <sys/mutex.h> 33#include <sys/mbuf.h> 34#include <sys/kernel.h> 35#include <sys/socket.h> 36#include <sys/systm.h> 37#include <sys/malloc.h> 38#include <sys/module.h> 39#include <sys/bus.h> 40#include <sys/endian.h> 41#include <sys/linker.h> 42#include <sys/firmware.h> 43#include <sys/kdb.h> 44 45#include <net/bpf.h> 46#include <net/if.h> 47#include <net/if_var.h> 48#include <net/if_arp.h> 49#include <net/ethernet.h> 50#include <net/if_dl.h> 51#include <net/if_media.h> 52#include <net/if_types.h> 53 54#include <netinet/in.h> 55#include <netinet/in_systm.h> 56#include <netinet/in_var.h> 57#include <netinet/if_ether.h> 58#include <netinet/ip.h> 59 60#include <net80211/ieee80211_var.h> 61#include <net80211/ieee80211_regdomain.h> 62#include <net80211/ieee80211_radiotap.h> 63#include <net80211/ieee80211_ratectl.h> 64 65#include <dev/usb/usb.h> 66#include <dev/usb/usbdi.h> 67#include "usbdevs.h" 68 69#define USB_DEBUG_VAR run_debug 70#include <dev/usb/usb_debug.h> 71#include <dev/usb/usb_msctest.h> 72 73#include <dev/usb/wlan/if_runreg.h> 74#include <dev/usb/wlan/if_runvar.h> 75 76#ifdef USB_DEBUG 77#define RUN_DEBUG 78#endif 79 80#ifdef RUN_DEBUG 81int run_debug = 0; 82static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 83SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 84 "run debug level"); 85#endif 86 87#define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 88 89/* 90 * Because of LOR in run_key_delete(), use atomic instead. 91 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 92 */ 93#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 94 95static const STRUCT_USB_HOST_ID run_devs[] = { 96#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 97#define RUN_DEV_EJECT(v,p) \ 98 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 99#define RUN_EJECT 1 100 RUN_DEV(ABOCOM, RT2770), 101 RUN_DEV(ABOCOM, RT2870), 102 RUN_DEV(ABOCOM, RT3070), 103 RUN_DEV(ABOCOM, RT3071), 104 RUN_DEV(ABOCOM, RT3072), 105 RUN_DEV(ABOCOM2, RT2870_1), 106 RUN_DEV(ACCTON, RT2770), 107 RUN_DEV(ACCTON, RT2870_1), 108 RUN_DEV(ACCTON, RT2870_2), 109 RUN_DEV(ACCTON, RT2870_3), 110 RUN_DEV(ACCTON, RT2870_4), 111 RUN_DEV(ACCTON, RT2870_5), 112 RUN_DEV(ACCTON, RT3070), 113 RUN_DEV(ACCTON, RT3070_1), 114 RUN_DEV(ACCTON, RT3070_2), 115 RUN_DEV(ACCTON, RT3070_3), 116 RUN_DEV(ACCTON, RT3070_4), 117 RUN_DEV(ACCTON, RT3070_5), 118 RUN_DEV(AIRTIES, RT3070), 119 RUN_DEV(ALLWIN, RT2070), 120 RUN_DEV(ALLWIN, RT2770), 121 RUN_DEV(ALLWIN, RT2870), 122 RUN_DEV(ALLWIN, RT3070), 123 RUN_DEV(ALLWIN, RT3071), 124 RUN_DEV(ALLWIN, RT3072), 125 RUN_DEV(ALLWIN, RT3572), 126 RUN_DEV(AMIGO, RT2870_1), 127 RUN_DEV(AMIGO, RT2870_2), 128 RUN_DEV(AMIT, CGWLUSB2GNR), 129 RUN_DEV(AMIT, RT2870_1), 130 RUN_DEV(AMIT2, RT2870), 131 RUN_DEV(ASUS, RT2870_1), 132 RUN_DEV(ASUS, RT2870_2), 133 RUN_DEV(ASUS, RT2870_3), 134 RUN_DEV(ASUS, RT2870_4), 135 RUN_DEV(ASUS, RT2870_5), 136 RUN_DEV(ASUS, USBN13), 137 RUN_DEV(ASUS, RT3070_1), 138 RUN_DEV(ASUS, USBN66), 139 RUN_DEV(ASUS, USB_N53), 140 RUN_DEV(ASUS2, USBN11), 141 RUN_DEV(AZUREWAVE, RT2870_1), 142 RUN_DEV(AZUREWAVE, RT2870_2), 143 RUN_DEV(AZUREWAVE, RT3070_1), 144 RUN_DEV(AZUREWAVE, RT3070_2), 145 RUN_DEV(AZUREWAVE, RT3070_3), 146 RUN_DEV(BELKIN, F9L1103), 147 RUN_DEV(BELKIN, F5D8053V3), 148 RUN_DEV(BELKIN, F5D8055), 149 RUN_DEV(BELKIN, F5D8055V2), 150 RUN_DEV(BELKIN, F6D4050V1), 151 RUN_DEV(BELKIN, F6D4050V2), 152 RUN_DEV(BELKIN, RT2870_1), 153 RUN_DEV(BELKIN, RT2870_2), 154 RUN_DEV(CISCOLINKSYS, AE1000), 155 RUN_DEV(CISCOLINKSYS2, RT3070), 156 RUN_DEV(CISCOLINKSYS3, RT3070), 157 RUN_DEV(CONCEPTRONIC2, RT2870_1), 158 RUN_DEV(CONCEPTRONIC2, RT2870_2), 159 RUN_DEV(CONCEPTRONIC2, RT2870_3), 160 RUN_DEV(CONCEPTRONIC2, RT2870_4), 161 RUN_DEV(CONCEPTRONIC2, RT2870_5), 162 RUN_DEV(CONCEPTRONIC2, RT2870_6), 163 RUN_DEV(CONCEPTRONIC2, RT2870_7), 164 RUN_DEV(CONCEPTRONIC2, RT2870_8), 165 RUN_DEV(CONCEPTRONIC2, RT3070_1), 166 RUN_DEV(CONCEPTRONIC2, RT3070_2), 167 RUN_DEV(CONCEPTRONIC2, VIGORN61), 168 RUN_DEV(COREGA, CGWLUSB300GNM), 169 RUN_DEV(COREGA, RT2870_1), 170 RUN_DEV(COREGA, RT2870_2), 171 RUN_DEV(COREGA, RT2870_3), 172 RUN_DEV(COREGA, RT3070), 173 RUN_DEV(CYBERTAN, RT2870), 174 RUN_DEV(DLINK, RT2870), 175 RUN_DEV(DLINK, RT3072), 176 RUN_DEV(DLINK, DWA127), 177 RUN_DEV(DLINK, DWA140B3), 178 RUN_DEV(DLINK, DWA160B2), 179 RUN_DEV(DLINK, DWA140D1), 180 RUN_DEV(DLINK, DWA162), 181 RUN_DEV(DLINK2, DWA130), 182 RUN_DEV(DLINK2, RT2870_1), 183 RUN_DEV(DLINK2, RT2870_2), 184 RUN_DEV(DLINK2, RT3070_1), 185 RUN_DEV(DLINK2, RT3070_2), 186 RUN_DEV(DLINK2, RT3070_3), 187 RUN_DEV(DLINK2, RT3070_4), 188 RUN_DEV(DLINK2, RT3070_5), 189 RUN_DEV(DLINK2, RT3072), 190 RUN_DEV(DLINK2, RT3072_1), 191 RUN_DEV(EDIMAX, EW7717), 192 RUN_DEV(EDIMAX, EW7718), 193 RUN_DEV(EDIMAX, EW7733UND), 194 RUN_DEV(EDIMAX, RT2870_1), 195 RUN_DEV(ENCORE, RT3070_1), 196 RUN_DEV(ENCORE, RT3070_2), 197 RUN_DEV(ENCORE, RT3070_3), 198 RUN_DEV(GIGABYTE, GNWB31N), 199 RUN_DEV(GIGABYTE, GNWB32L), 200 RUN_DEV(GIGABYTE, RT2870_1), 201 RUN_DEV(GIGASET, RT3070_1), 202 RUN_DEV(GIGASET, RT3070_2), 203 RUN_DEV(GUILLEMOT, HWNU300), 204 RUN_DEV(HAWKING, HWUN2), 205 RUN_DEV(HAWKING, RT2870_1), 206 RUN_DEV(HAWKING, RT2870_2), 207 RUN_DEV(HAWKING, RT3070), 208 RUN_DEV(IODATA, RT3072_1), 209 RUN_DEV(IODATA, RT3072_2), 210 RUN_DEV(IODATA, RT3072_3), 211 RUN_DEV(IODATA, RT3072_4), 212 RUN_DEV(LINKSYS4, RT3070), 213 RUN_DEV(LINKSYS4, WUSB100), 214 RUN_DEV(LINKSYS4, WUSB54GCV3), 215 RUN_DEV(LINKSYS4, WUSB600N), 216 RUN_DEV(LINKSYS4, WUSB600NV2), 217 RUN_DEV(LOGITEC, RT2870_1), 218 RUN_DEV(LOGITEC, RT2870_2), 219 RUN_DEV(LOGITEC, RT2870_3), 220 RUN_DEV(LOGITEC, LANW300NU2), 221 RUN_DEV(LOGITEC, LANW150NU2), 222 RUN_DEV(LOGITEC, LANW300NU2S), 223 RUN_DEV(MELCO, WLIUCG300HP), 224 RUN_DEV(MELCO, RT2870_2), 225 RUN_DEV(MELCO, WLIUCAG300N), 226 RUN_DEV(MELCO, WLIUCG300N), 227 RUN_DEV(MELCO, WLIUCG301N), 228 RUN_DEV(MELCO, WLIUCGN), 229 RUN_DEV(MELCO, WLIUCGNM), 230 RUN_DEV(MELCO, WLIUCG300HPV1), 231 RUN_DEV(MELCO, WLIUCGNM2), 232 RUN_DEV(MOTOROLA4, RT2770), 233 RUN_DEV(MOTOROLA4, RT3070), 234 RUN_DEV(MSI, RT3070_1), 235 RUN_DEV(MSI, RT3070_2), 236 RUN_DEV(MSI, RT3070_3), 237 RUN_DEV(MSI, RT3070_4), 238 RUN_DEV(MSI, RT3070_5), 239 RUN_DEV(MSI, RT3070_6), 240 RUN_DEV(MSI, RT3070_7), 241 RUN_DEV(MSI, RT3070_8), 242 RUN_DEV(MSI, RT3070_9), 243 RUN_DEV(MSI, RT3070_10), 244 RUN_DEV(MSI, RT3070_11), 245 RUN_DEV(NETGEAR, WNDA4100), 246 RUN_DEV(OVISLINK, RT3072), 247 RUN_DEV(PARA, RT3070), 248 RUN_DEV(PEGATRON, RT2870), 249 RUN_DEV(PEGATRON, RT3070), 250 RUN_DEV(PEGATRON, RT3070_2), 251 RUN_DEV(PEGATRON, RT3070_3), 252 RUN_DEV(PHILIPS, RT2870), 253 RUN_DEV(PLANEX2, GWUS300MINIS), 254 RUN_DEV(PLANEX2, GWUSMICRON), 255 RUN_DEV(PLANEX2, RT2870), 256 RUN_DEV(PLANEX2, RT3070), 257 RUN_DEV(QCOM, RT2870), 258 RUN_DEV(QUANTA, RT3070), 259 RUN_DEV(RALINK, RT2070), 260 RUN_DEV(RALINK, RT2770), 261 RUN_DEV(RALINK, RT2870), 262 RUN_DEV(RALINK, RT3070), 263 RUN_DEV(RALINK, RT3071), 264 RUN_DEV(RALINK, RT3072), 265 RUN_DEV(RALINK, RT3370), 266 RUN_DEV(RALINK, RT3572), 267 RUN_DEV(RALINK, RT3573), 268 RUN_DEV(RALINK, RT5370), 269 RUN_DEV(RALINK, RT5572), 270 RUN_DEV(RALINK, RT8070), 271 RUN_DEV(SAMSUNG, WIS09ABGN), 272 RUN_DEV(SAMSUNG2, RT2870_1), 273 RUN_DEV(SENAO, RT2870_1), 274 RUN_DEV(SENAO, RT2870_2), 275 RUN_DEV(SENAO, RT2870_3), 276 RUN_DEV(SENAO, RT2870_4), 277 RUN_DEV(SENAO, RT3070), 278 RUN_DEV(SENAO, RT3071), 279 RUN_DEV(SENAO, RT3072_1), 280 RUN_DEV(SENAO, RT3072_2), 281 RUN_DEV(SENAO, RT3072_3), 282 RUN_DEV(SENAO, RT3072_4), 283 RUN_DEV(SENAO, RT3072_5), 284 RUN_DEV(SITECOMEU, RT2770), 285 RUN_DEV(SITECOMEU, RT2870_1), 286 RUN_DEV(SITECOMEU, RT2870_2), 287 RUN_DEV(SITECOMEU, RT2870_3), 288 RUN_DEV(SITECOMEU, RT2870_4), 289 RUN_DEV(SITECOMEU, RT3070), 290 RUN_DEV(SITECOMEU, RT3070_2), 291 RUN_DEV(SITECOMEU, RT3070_3), 292 RUN_DEV(SITECOMEU, RT3070_4), 293 RUN_DEV(SITECOMEU, RT3071), 294 RUN_DEV(SITECOMEU, RT3072_1), 295 RUN_DEV(SITECOMEU, RT3072_2), 296 RUN_DEV(SITECOMEU, RT3072_3), 297 RUN_DEV(SITECOMEU, RT3072_4), 298 RUN_DEV(SITECOMEU, RT3072_5), 299 RUN_DEV(SITECOMEU, RT3072_6), 300 RUN_DEV(SITECOMEU, WL608), 301 RUN_DEV(SPARKLAN, RT2870_1), 302 RUN_DEV(SPARKLAN, RT3070), 303 RUN_DEV(SWEEX2, LW153), 304 RUN_DEV(SWEEX2, LW303), 305 RUN_DEV(SWEEX2, LW313), 306 RUN_DEV(TOSHIBA, RT3070), 307 RUN_DEV(UMEDIA, RT2870_1), 308 RUN_DEV(ZCOM, RT2870_1), 309 RUN_DEV(ZCOM, RT2870_2), 310 RUN_DEV(ZINWELL, RT2870_1), 311 RUN_DEV(ZINWELL, RT2870_2), 312 RUN_DEV(ZINWELL, RT3070), 313 RUN_DEV(ZINWELL, RT3072_1), 314 RUN_DEV(ZINWELL, RT3072_2), 315 RUN_DEV(ZYXEL, RT2870_1), 316 RUN_DEV(ZYXEL, RT2870_2), 317 RUN_DEV(ZYXEL, RT3070), 318 RUN_DEV_EJECT(ZYXEL, NWD2705), 319 RUN_DEV_EJECT(RALINK, RT_STOR), 320#undef RUN_DEV_EJECT 321#undef RUN_DEV 322}; 323 324static device_probe_t run_match; 325static device_attach_t run_attach; 326static device_detach_t run_detach; 327 328static usb_callback_t run_bulk_rx_callback; 329static usb_callback_t run_bulk_tx_callback0; 330static usb_callback_t run_bulk_tx_callback1; 331static usb_callback_t run_bulk_tx_callback2; 332static usb_callback_t run_bulk_tx_callback3; 333static usb_callback_t run_bulk_tx_callback4; 334static usb_callback_t run_bulk_tx_callback5; 335 336static void run_autoinst(void *, struct usb_device *, 337 struct usb_attach_arg *); 338static int run_driver_loaded(struct module *, int, void *); 339static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 340 usb_error_t error, u_int index); 341static struct ieee80211vap *run_vap_create(struct ieee80211com *, 342 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 343 const uint8_t [IEEE80211_ADDR_LEN], 344 const uint8_t [IEEE80211_ADDR_LEN]); 345static void run_vap_delete(struct ieee80211vap *); 346static void run_cmdq_cb(void *, int); 347static void run_setup_tx_list(struct run_softc *, 348 struct run_endpoint_queue *); 349static void run_unsetup_tx_list(struct run_softc *, 350 struct run_endpoint_queue *); 351static int run_load_microcode(struct run_softc *); 352static int run_reset(struct run_softc *); 353static usb_error_t run_do_request(struct run_softc *, 354 struct usb_device_request *, void *); 355static int run_read(struct run_softc *, uint16_t, uint32_t *); 356static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 357static int run_write_2(struct run_softc *, uint16_t, uint16_t); 358static int run_write(struct run_softc *, uint16_t, uint32_t); 359static int run_write_region_1(struct run_softc *, uint16_t, 360 const uint8_t *, int); 361static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 362static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 363static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 364static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 365static int run_rt2870_rf_write(struct run_softc *, uint32_t); 366static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 367static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 368static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 369static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 370static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 371static const char *run_get_rf(uint16_t); 372static void run_rt3593_get_txpower(struct run_softc *); 373static void run_get_txpower(struct run_softc *); 374static int run_read_eeprom(struct run_softc *); 375static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 376 const uint8_t mac[IEEE80211_ADDR_LEN]); 377static int run_media_change(struct ifnet *); 378static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 379static int run_wme_update(struct ieee80211com *); 380static void run_key_set_cb(void *); 381static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 382static void run_key_delete_cb(void *); 383static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 384static void run_ratectl_to(void *); 385static void run_ratectl_cb(void *, int); 386static void run_drain_fifo(void *); 387static void run_iter_func(void *, struct ieee80211_node *); 388static void run_newassoc_cb(void *); 389static void run_newassoc(struct ieee80211_node *, int); 390static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 391 const struct ieee80211_rx_stats *, int, int); 392static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 393static void run_tx_free(struct run_endpoint_queue *pq, 394 struct run_tx_data *, int); 395static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 396static int run_tx(struct run_softc *, struct mbuf *, 397 struct ieee80211_node *); 398static int run_tx_mgt(struct run_softc *, struct mbuf *, 399 struct ieee80211_node *); 400static int run_sendprot(struct run_softc *, const struct mbuf *, 401 struct ieee80211_node *, int, int); 402static int run_tx_param(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *, 404 const struct ieee80211_bpf_params *); 405static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 406 const struct ieee80211_bpf_params *); 407static int run_transmit(struct ieee80211com *, struct mbuf *); 408static void run_start(struct run_softc *); 409static void run_parent(struct ieee80211com *); 410static void run_iq_calib(struct run_softc *, u_int); 411static void run_set_agc(struct run_softc *, uint8_t); 412static void run_select_chan_group(struct run_softc *, int); 413static void run_set_rx_antenna(struct run_softc *, int); 414static void run_rt2870_set_chan(struct run_softc *, u_int); 415static void run_rt3070_set_chan(struct run_softc *, u_int); 416static void run_rt3572_set_chan(struct run_softc *, u_int); 417static void run_rt3593_set_chan(struct run_softc *, u_int); 418static void run_rt5390_set_chan(struct run_softc *, u_int); 419static void run_rt5592_set_chan(struct run_softc *, u_int); 420static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 421static void run_set_channel(struct ieee80211com *); 422static void run_getradiocaps(struct ieee80211com *, int, int *, 423 struct ieee80211_channel[]); 424static void run_scan_start(struct ieee80211com *); 425static void run_scan_end(struct ieee80211com *); 426static void run_update_beacon(struct ieee80211vap *, int); 427static void run_update_beacon_cb(void *); 428static void run_updateprot(struct ieee80211com *); 429static void run_updateprot_cb(void *); 430static void run_usb_timeout_cb(void *); 431static void run_reset_livelock(struct run_softc *); 432static void run_enable_tsf_sync(struct run_softc *); 433static void run_enable_tsf(struct run_softc *); 434static void run_disable_tsf(struct run_softc *); 435static void run_get_tsf(struct run_softc *, uint64_t *); 436static void run_enable_mrr(struct run_softc *); 437static void run_set_txpreamble(struct run_softc *); 438static void run_set_basicrates(struct run_softc *); 439static void run_set_leds(struct run_softc *, uint16_t); 440static void run_set_bssid(struct run_softc *, const uint8_t *); 441static void run_set_macaddr(struct run_softc *, const uint8_t *); 442static void run_updateslot(struct ieee80211com *); 443static void run_updateslot_cb(void *); 444static void run_update_mcast(struct ieee80211com *); 445static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 446static void run_update_promisc_locked(struct run_softc *); 447static void run_update_promisc(struct ieee80211com *); 448static void run_rt5390_bbp_init(struct run_softc *); 449static int run_bbp_init(struct run_softc *); 450static int run_rt3070_rf_init(struct run_softc *); 451static void run_rt3593_rf_init(struct run_softc *); 452static void run_rt5390_rf_init(struct run_softc *); 453static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 454 uint8_t *); 455static void run_rt3070_rf_setup(struct run_softc *); 456static void run_rt3593_rf_setup(struct run_softc *); 457static void run_rt5390_rf_setup(struct run_softc *); 458static int run_txrx_enable(struct run_softc *); 459static void run_adjust_freq_offset(struct run_softc *); 460static void run_init_locked(struct run_softc *); 461static void run_stop(void *); 462static void run_delay(struct run_softc *, u_int); 463 464static eventhandler_tag run_etag; 465 466static const struct rt2860_rate { 467 uint8_t rate; 468 uint8_t mcs; 469 enum ieee80211_phytype phy; 470 uint8_t ctl_ridx; 471 uint16_t sp_ack_dur; 472 uint16_t lp_ack_dur; 473} rt2860_rates[] = { 474 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 475 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 476 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 477 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 478 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 479 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 480 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 481 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 482 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 483 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 484 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 485 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 486}; 487 488static const struct { 489 uint16_t reg; 490 uint32_t val; 491} rt2870_def_mac[] = { 492 RT2870_DEF_MAC 493}; 494 495static const struct { 496 uint8_t reg; 497 uint8_t val; 498} rt2860_def_bbp[] = { 499 RT2860_DEF_BBP 500},rt5390_def_bbp[] = { 501 RT5390_DEF_BBP 502},rt5592_def_bbp[] = { 503 RT5592_DEF_BBP 504}; 505 506/* 507 * Default values for BBP register R196 for RT5592. 508 */ 509static const uint8_t rt5592_bbp_r196[] = { 510 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 511 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 512 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 513 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 514 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 515 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 516 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 517 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 518 0x2e, 0x36, 0x30, 0x6e 519}; 520 521static const struct rfprog { 522 uint8_t chan; 523 uint32_t r1, r2, r3, r4; 524} rt2860_rf2850[] = { 525 RT2860_RF2850 526}; 527 528struct { 529 uint8_t n, r, k; 530} rt3070_freqs[] = { 531 RT3070_RF3052 532}; 533 534static const struct rt5592_freqs { 535 uint16_t n; 536 uint8_t k, m, r; 537} rt5592_freqs_20mhz[] = { 538 RT5592_RF5592_20MHZ 539},rt5592_freqs_40mhz[] = { 540 RT5592_RF5592_40MHZ 541}; 542 543static const struct { 544 uint8_t reg; 545 uint8_t val; 546} rt3070_def_rf[] = { 547 RT3070_DEF_RF 548},rt3572_def_rf[] = { 549 RT3572_DEF_RF 550},rt3593_def_rf[] = { 551 RT3593_DEF_RF 552},rt5390_def_rf[] = { 553 RT5390_DEF_RF 554},rt5392_def_rf[] = { 555 RT5392_DEF_RF 556},rt5592_def_rf[] = { 557 RT5592_DEF_RF 558},rt5592_2ghz_def_rf[] = { 559 RT5592_2GHZ_DEF_RF 560},rt5592_5ghz_def_rf[] = { 561 RT5592_5GHZ_DEF_RF 562}; 563 564static const struct { 565 u_int firstchan; 566 u_int lastchan; 567 uint8_t reg; 568 uint8_t val; 569} rt5592_chan_5ghz[] = { 570 RT5592_CHAN_5GHZ 571}; 572 573static const struct usb_config run_config[RUN_N_XFER] = { 574 [RUN_BULK_TX_BE] = { 575 .type = UE_BULK, 576 .endpoint = UE_ADDR_ANY, 577 .ep_index = 0, 578 .direction = UE_DIR_OUT, 579 .bufsize = RUN_MAX_TXSZ, 580 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 581 .callback = run_bulk_tx_callback0, 582 .timeout = 5000, /* ms */ 583 }, 584 [RUN_BULK_TX_BK] = { 585 .type = UE_BULK, 586 .endpoint = UE_ADDR_ANY, 587 .direction = UE_DIR_OUT, 588 .ep_index = 1, 589 .bufsize = RUN_MAX_TXSZ, 590 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 591 .callback = run_bulk_tx_callback1, 592 .timeout = 5000, /* ms */ 593 }, 594 [RUN_BULK_TX_VI] = { 595 .type = UE_BULK, 596 .endpoint = UE_ADDR_ANY, 597 .direction = UE_DIR_OUT, 598 .ep_index = 2, 599 .bufsize = RUN_MAX_TXSZ, 600 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 601 .callback = run_bulk_tx_callback2, 602 .timeout = 5000, /* ms */ 603 }, 604 [RUN_BULK_TX_VO] = { 605 .type = UE_BULK, 606 .endpoint = UE_ADDR_ANY, 607 .direction = UE_DIR_OUT, 608 .ep_index = 3, 609 .bufsize = RUN_MAX_TXSZ, 610 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 611 .callback = run_bulk_tx_callback3, 612 .timeout = 5000, /* ms */ 613 }, 614 [RUN_BULK_TX_HCCA] = { 615 .type = UE_BULK, 616 .endpoint = UE_ADDR_ANY, 617 .direction = UE_DIR_OUT, 618 .ep_index = 4, 619 .bufsize = RUN_MAX_TXSZ, 620 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 621 .callback = run_bulk_tx_callback4, 622 .timeout = 5000, /* ms */ 623 }, 624 [RUN_BULK_TX_PRIO] = { 625 .type = UE_BULK, 626 .endpoint = UE_ADDR_ANY, 627 .direction = UE_DIR_OUT, 628 .ep_index = 5, 629 .bufsize = RUN_MAX_TXSZ, 630 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 631 .callback = run_bulk_tx_callback5, 632 .timeout = 5000, /* ms */ 633 }, 634 [RUN_BULK_RX] = { 635 .type = UE_BULK, 636 .endpoint = UE_ADDR_ANY, 637 .direction = UE_DIR_IN, 638 .bufsize = RUN_MAX_RXSZ, 639 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 640 .callback = run_bulk_rx_callback, 641 } 642}; 643 644static void 645run_autoinst(void *arg, struct usb_device *udev, 646 struct usb_attach_arg *uaa) 647{ 648 struct usb_interface *iface; 649 struct usb_interface_descriptor *id; 650 651 if (uaa->dev_state != UAA_DEV_READY) 652 return; 653 654 iface = usbd_get_iface(udev, 0); 655 if (iface == NULL) 656 return; 657 id = iface->idesc; 658 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 659 return; 660 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 661 return; 662 663 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 664 uaa->dev_state = UAA_DEV_EJECTING; 665} 666 667static int 668run_driver_loaded(struct module *mod, int what, void *arg) 669{ 670 switch (what) { 671 case MOD_LOAD: 672 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 673 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 674 break; 675 case MOD_UNLOAD: 676 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 677 break; 678 default: 679 return (EOPNOTSUPP); 680 } 681 return (0); 682} 683 684static int 685run_match(device_t self) 686{ 687 struct usb_attach_arg *uaa = device_get_ivars(self); 688 689 if (uaa->usb_mode != USB_MODE_HOST) 690 return (ENXIO); 691 if (uaa->info.bConfigIndex != 0) 692 return (ENXIO); 693 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 694 return (ENXIO); 695 696 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 697} 698 699static int 700run_attach(device_t self) 701{ 702 struct run_softc *sc = device_get_softc(self); 703 struct usb_attach_arg *uaa = device_get_ivars(self); 704 struct ieee80211com *ic = &sc->sc_ic; 705 uint32_t ver; 706 uint8_t iface_index; 707 int ntries, error; 708 709 device_set_usb_desc(self); 710 sc->sc_udev = uaa->device; 711 sc->sc_dev = self; 712 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 713 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 714 715 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 716 MTX_NETWORK_LOCK, MTX_DEF); 717 mbufq_init(&sc->sc_snd, ifqmaxlen); 718 719 iface_index = RT2860_IFACE_INDEX; 720 721 error = usbd_transfer_setup(uaa->device, &iface_index, 722 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 723 if (error) { 724 device_printf(self, "could not allocate USB transfers, " 725 "err=%s\n", usbd_errstr(error)); 726 goto detach; 727 } 728 729 RUN_LOCK(sc); 730 731 /* wait for the chip to settle */ 732 for (ntries = 0; ntries < 100; ntries++) { 733 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 734 RUN_UNLOCK(sc); 735 goto detach; 736 } 737 if (ver != 0 && ver != 0xffffffff) 738 break; 739 run_delay(sc, 10); 740 } 741 if (ntries == 100) { 742 device_printf(sc->sc_dev, 743 "timeout waiting for NIC to initialize\n"); 744 RUN_UNLOCK(sc); 745 goto detach; 746 } 747 sc->mac_ver = ver >> 16; 748 sc->mac_rev = ver & 0xffff; 749 750 /* retrieve RF rev. no and various other things from EEPROM */ 751 run_read_eeprom(sc); 752 753 device_printf(sc->sc_dev, 754 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 755 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 756 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 757 758 RUN_UNLOCK(sc); 759 760 ic->ic_softc = sc; 761 ic->ic_name = device_get_nameunit(self); 762 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 763 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 764 765 /* set device capabilities */ 766 ic->ic_caps = 767 IEEE80211_C_STA | /* station mode supported */ 768 IEEE80211_C_MONITOR | /* monitor mode supported */ 769 IEEE80211_C_IBSS | 770 IEEE80211_C_HOSTAP | 771 IEEE80211_C_WDS | /* 4-address traffic works */ 772 IEEE80211_C_MBSS | 773 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 774 IEEE80211_C_SHSLOT | /* short slot time supported */ 775 IEEE80211_C_WME | /* WME */ 776 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 777 778 ic->ic_cryptocaps = 779 IEEE80211_CRYPTO_WEP | 780 IEEE80211_CRYPTO_AES_CCM | 781 IEEE80211_CRYPTO_TKIPMIC | 782 IEEE80211_CRYPTO_TKIP; 783 784 ic->ic_flags |= IEEE80211_F_DATAPAD; 785 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 786 787 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 788 ic->ic_channels); 789 790 ieee80211_ifattach(ic); 791 792 ic->ic_scan_start = run_scan_start; 793 ic->ic_scan_end = run_scan_end; 794 ic->ic_set_channel = run_set_channel; 795 ic->ic_getradiocaps = run_getradiocaps; 796 ic->ic_node_alloc = run_node_alloc; 797 ic->ic_newassoc = run_newassoc; 798 ic->ic_updateslot = run_updateslot; 799 ic->ic_update_mcast = run_update_mcast; 800 ic->ic_wme.wme_update = run_wme_update; 801 ic->ic_raw_xmit = run_raw_xmit; 802 ic->ic_update_promisc = run_update_promisc; 803 ic->ic_vap_create = run_vap_create; 804 ic->ic_vap_delete = run_vap_delete; 805 ic->ic_transmit = run_transmit; 806 ic->ic_parent = run_parent; 807 808 ieee80211_radiotap_attach(ic, 809 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 810 RUN_TX_RADIOTAP_PRESENT, 811 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 812 RUN_RX_RADIOTAP_PRESENT); 813 814 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 815 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 816 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 817 818 if (bootverbose) 819 ieee80211_announce(ic); 820 821 return (0); 822 823detach: 824 run_detach(self); 825 return (ENXIO); 826} 827 828static void 829run_drain_mbufq(struct run_softc *sc) 830{ 831 struct mbuf *m; 832 struct ieee80211_node *ni; 833 834 RUN_LOCK_ASSERT(sc, MA_OWNED); 835 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 836 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 837 m->m_pkthdr.rcvif = NULL; 838 ieee80211_free_node(ni); 839 m_freem(m); 840 } 841} 842 843static int 844run_detach(device_t self) 845{ 846 struct run_softc *sc = device_get_softc(self); 847 struct ieee80211com *ic = &sc->sc_ic; 848 int i; 849 850 RUN_LOCK(sc); 851 sc->sc_detached = 1; 852 RUN_UNLOCK(sc); 853 854 /* stop all USB transfers */ 855 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 856 857 RUN_LOCK(sc); 858 sc->ratectl_run = RUN_RATECTL_OFF; 859 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 860 861 /* free TX list, if any */ 862 for (i = 0; i != RUN_EP_QUEUES; i++) 863 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 864 865 /* Free TX queue */ 866 run_drain_mbufq(sc); 867 RUN_UNLOCK(sc); 868 869 if (sc->sc_ic.ic_softc == sc) { 870 /* drain tasks */ 871 usb_callout_drain(&sc->ratectl_ch); 872 ieee80211_draintask(ic, &sc->cmdq_task); 873 ieee80211_draintask(ic, &sc->ratectl_task); 874 ieee80211_ifdetach(ic); 875 } 876 877 mtx_destroy(&sc->sc_mtx); 878 879 return (0); 880} 881 882static struct ieee80211vap * 883run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 884 enum ieee80211_opmode opmode, int flags, 885 const uint8_t bssid[IEEE80211_ADDR_LEN], 886 const uint8_t mac[IEEE80211_ADDR_LEN]) 887{ 888 struct run_softc *sc = ic->ic_softc; 889 struct run_vap *rvp; 890 struct ieee80211vap *vap; 891 int i; 892 893 if (sc->rvp_cnt >= RUN_VAP_MAX) { 894 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 895 return (NULL); 896 } 897 898 switch (opmode) { 899 case IEEE80211_M_STA: 900 /* enable s/w bmiss handling for sta mode */ 901 flags |= IEEE80211_CLONE_NOBEACONS; 902 /* fall though */ 903 case IEEE80211_M_IBSS: 904 case IEEE80211_M_MONITOR: 905 case IEEE80211_M_HOSTAP: 906 case IEEE80211_M_MBSS: 907 /* other than WDS vaps, only one at a time */ 908 if (!TAILQ_EMPTY(&ic->ic_vaps)) 909 return (NULL); 910 break; 911 case IEEE80211_M_WDS: 912 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 913 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 914 continue; 915 /* WDS vap's always share the local mac address. */ 916 flags &= ~IEEE80211_CLONE_BSSID; 917 break; 918 } 919 if (vap == NULL) { 920 device_printf(sc->sc_dev, 921 "wds only supported in ap mode\n"); 922 return (NULL); 923 } 924 break; 925 default: 926 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 927 return (NULL); 928 } 929 930 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 931 vap = &rvp->vap; 932 933 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 934 bssid) != 0) { 935 /* out of memory */ 936 free(rvp, M_80211_VAP); 937 return (NULL); 938 } 939 940 vap->iv_update_beacon = run_update_beacon; 941 vap->iv_max_aid = RT2870_WCID_MAX; 942 /* 943 * To delete the right key from h/w, we need wcid. 944 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 945 * and matching wcid will be written into there. So, cast 946 * some spells to remove 'const' from ieee80211_key{} 947 */ 948 vap->iv_key_delete = (void *)run_key_delete; 949 vap->iv_key_set = (void *)run_key_set; 950 951 /* override state transition machine */ 952 rvp->newstate = vap->iv_newstate; 953 vap->iv_newstate = run_newstate; 954 if (opmode == IEEE80211_M_IBSS) { 955 rvp->recv_mgmt = vap->iv_recv_mgmt; 956 vap->iv_recv_mgmt = run_recv_mgmt; 957 } 958 959 ieee80211_ratectl_init(vap); 960 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 961 962 /* complete setup */ 963 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 964 mac); 965 966 /* make sure id is always unique */ 967 for (i = 0; i < RUN_VAP_MAX; i++) { 968 if((sc->rvp_bmap & 1 << i) == 0){ 969 sc->rvp_bmap |= 1 << i; 970 rvp->rvp_id = i; 971 break; 972 } 973 } 974 if (sc->rvp_cnt++ == 0) 975 ic->ic_opmode = opmode; 976 977 if (opmode == IEEE80211_M_HOSTAP) 978 sc->cmdq_run = RUN_CMDQ_GO; 979 980 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 981 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 982 983 return (vap); 984} 985 986static void 987run_vap_delete(struct ieee80211vap *vap) 988{ 989 struct run_vap *rvp = RUN_VAP(vap); 990 struct ieee80211com *ic; 991 struct run_softc *sc; 992 uint8_t rvp_id; 993 994 if (vap == NULL) 995 return; 996 997 ic = vap->iv_ic; 998 sc = ic->ic_softc; 999 1000 RUN_LOCK(sc); 1001 1002 m_freem(rvp->beacon_mbuf); 1003 rvp->beacon_mbuf = NULL; 1004 1005 rvp_id = rvp->rvp_id; 1006 sc->ratectl_run &= ~(1 << rvp_id); 1007 sc->rvp_bmap &= ~(1 << rvp_id); 1008 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1009 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1010 --sc->rvp_cnt; 1011 1012 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1013 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1014 1015 RUN_UNLOCK(sc); 1016 1017 ieee80211_ratectl_deinit(vap); 1018 ieee80211_vap_detach(vap); 1019 free(rvp, M_80211_VAP); 1020} 1021 1022/* 1023 * There are numbers of functions need to be called in context thread. 1024 * Rather than creating taskqueue event for each of those functions, 1025 * here is all-for-one taskqueue callback function. This function 1026 * guarantees deferred functions are executed in the same order they 1027 * were enqueued. 1028 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1029 */ 1030static void 1031run_cmdq_cb(void *arg, int pending) 1032{ 1033 struct run_softc *sc = arg; 1034 uint8_t i; 1035 1036 /* call cmdq[].func locked */ 1037 RUN_LOCK(sc); 1038 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1039 i = sc->cmdq_exec, pending--) { 1040 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1041 if (sc->cmdq_run == RUN_CMDQ_GO) { 1042 /* 1043 * If arg0 is NULL, callback func needs more 1044 * than one arg. So, pass ptr to cmdq struct. 1045 */ 1046 if (sc->cmdq[i].arg0) 1047 sc->cmdq[i].func(sc->cmdq[i].arg0); 1048 else 1049 sc->cmdq[i].func(&sc->cmdq[i]); 1050 } 1051 sc->cmdq[i].arg0 = NULL; 1052 sc->cmdq[i].func = NULL; 1053 sc->cmdq_exec++; 1054 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1055 } 1056 RUN_UNLOCK(sc); 1057} 1058 1059static void 1060run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1061{ 1062 struct run_tx_data *data; 1063 1064 memset(pq, 0, sizeof(*pq)); 1065 1066 STAILQ_INIT(&pq->tx_qh); 1067 STAILQ_INIT(&pq->tx_fh); 1068 1069 for (data = &pq->tx_data[0]; 1070 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1071 data->sc = sc; 1072 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1073 } 1074 pq->tx_nfree = RUN_TX_RING_COUNT; 1075} 1076 1077static void 1078run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1079{ 1080 struct run_tx_data *data; 1081 1082 /* make sure any subsequent use of the queues will fail */ 1083 pq->tx_nfree = 0; 1084 STAILQ_INIT(&pq->tx_fh); 1085 STAILQ_INIT(&pq->tx_qh); 1086 1087 /* free up all node references and mbufs */ 1088 for (data = &pq->tx_data[0]; 1089 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1090 if (data->m != NULL) { 1091 m_freem(data->m); 1092 data->m = NULL; 1093 } 1094 if (data->ni != NULL) { 1095 ieee80211_free_node(data->ni); 1096 data->ni = NULL; 1097 } 1098 } 1099} 1100 1101static int 1102run_load_microcode(struct run_softc *sc) 1103{ 1104 usb_device_request_t req; 1105 const struct firmware *fw; 1106 const u_char *base; 1107 uint32_t tmp; 1108 int ntries, error; 1109 const uint64_t *temp; 1110 uint64_t bytes; 1111 1112 RUN_UNLOCK(sc); 1113 fw = firmware_get("runfw"); 1114 RUN_LOCK(sc); 1115 if (fw == NULL) { 1116 device_printf(sc->sc_dev, 1117 "failed loadfirmware of file %s\n", "runfw"); 1118 return ENOENT; 1119 } 1120 1121 if (fw->datasize != 8192) { 1122 device_printf(sc->sc_dev, 1123 "invalid firmware size (should be 8KB)\n"); 1124 error = EINVAL; 1125 goto fail; 1126 } 1127 1128 /* 1129 * RT3071/RT3072 use a different firmware 1130 * run-rt2870 (8KB) contains both, 1131 * first half (4KB) is for rt2870, 1132 * last half is for rt3071. 1133 */ 1134 base = fw->data; 1135 if ((sc->mac_ver) != 0x2860 && 1136 (sc->mac_ver) != 0x2872 && 1137 (sc->mac_ver) != 0x3070) { 1138 base += 4096; 1139 } 1140 1141 /* cheap sanity check */ 1142 temp = fw->data; 1143 bytes = *temp; 1144 if (bytes != be64toh(0xffffff0210280210ULL)) { 1145 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1146 error = EINVAL; 1147 goto fail; 1148 } 1149 1150 /* write microcode image */ 1151 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1152 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1153 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1154 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1155 } 1156 1157 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1158 req.bRequest = RT2870_RESET; 1159 USETW(req.wValue, 8); 1160 USETW(req.wIndex, 0); 1161 USETW(req.wLength, 0); 1162 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1163 != 0) { 1164 device_printf(sc->sc_dev, "firmware reset failed\n"); 1165 goto fail; 1166 } 1167 1168 run_delay(sc, 10); 1169 1170 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1171 run_write(sc, RT2860_H2M_MAILBOX, 0); 1172 run_write(sc, RT2860_H2M_INTSRC, 0); 1173 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1174 goto fail; 1175 1176 /* wait until microcontroller is ready */ 1177 for (ntries = 0; ntries < 1000; ntries++) { 1178 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1179 goto fail; 1180 if (tmp & RT2860_MCU_READY) 1181 break; 1182 run_delay(sc, 10); 1183 } 1184 if (ntries == 1000) { 1185 device_printf(sc->sc_dev, 1186 "timeout waiting for MCU to initialize\n"); 1187 error = ETIMEDOUT; 1188 goto fail; 1189 } 1190 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1191 (base == fw->data) ? "RT2870" : "RT3071", 1192 *(base + 4092), *(base + 4093)); 1193 1194fail: 1195 firmware_put(fw, FIRMWARE_UNLOAD); 1196 return (error); 1197} 1198 1199static int 1200run_reset(struct run_softc *sc) 1201{ 1202 usb_device_request_t req; 1203 1204 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1205 req.bRequest = RT2870_RESET; 1206 USETW(req.wValue, 1); 1207 USETW(req.wIndex, 0); 1208 USETW(req.wLength, 0); 1209 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1210} 1211 1212static usb_error_t 1213run_do_request(struct run_softc *sc, 1214 struct usb_device_request *req, void *data) 1215{ 1216 usb_error_t err; 1217 int ntries = 10; 1218 1219 RUN_LOCK_ASSERT(sc, MA_OWNED); 1220 1221 while (ntries--) { 1222 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1223 req, data, 0, NULL, 250 /* ms */); 1224 if (err == 0) 1225 break; 1226 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1227 usbd_errstr(err)); 1228 run_delay(sc, 10); 1229 } 1230 return (err); 1231} 1232 1233static int 1234run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1235{ 1236 uint32_t tmp; 1237 int error; 1238 1239 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1240 if (error == 0) 1241 *val = le32toh(tmp); 1242 else 1243 *val = 0xffffffff; 1244 return (error); 1245} 1246 1247static int 1248run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1249{ 1250 usb_device_request_t req; 1251 1252 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1253 req.bRequest = RT2870_READ_REGION_1; 1254 USETW(req.wValue, 0); 1255 USETW(req.wIndex, reg); 1256 USETW(req.wLength, len); 1257 1258 return (run_do_request(sc, &req, buf)); 1259} 1260 1261static int 1262run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1263{ 1264 usb_device_request_t req; 1265 1266 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1267 req.bRequest = RT2870_WRITE_2; 1268 USETW(req.wValue, val); 1269 USETW(req.wIndex, reg); 1270 USETW(req.wLength, 0); 1271 1272 return (run_do_request(sc, &req, NULL)); 1273} 1274 1275static int 1276run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1277{ 1278 int error; 1279 1280 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1281 error = run_write_2(sc, reg + 2, val >> 16); 1282 return (error); 1283} 1284 1285static int 1286run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1287 int len) 1288{ 1289#if 1 1290 int i, error = 0; 1291 /* 1292 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1293 * We thus issue multiple WRITE_2 commands instead. 1294 */ 1295 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1296 for (i = 0; i < len && error == 0; i += 2) 1297 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1298 return (error); 1299#else 1300 usb_device_request_t req; 1301 int error = 0; 1302 1303 /* 1304 * NOTE: It appears the WRITE_REGION_1 command cannot be 1305 * passed a huge amount of data, which will crash the 1306 * firmware. Limit amount of data passed to 64-bytes at a 1307 * time. 1308 */ 1309 while (len > 0) { 1310 int delta = 64; 1311 if (delta > len) 1312 delta = len; 1313 1314 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1315 req.bRequest = RT2870_WRITE_REGION_1; 1316 USETW(req.wValue, 0); 1317 USETW(req.wIndex, reg); 1318 USETW(req.wLength, delta); 1319 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1320 if (error != 0) 1321 break; 1322 reg += delta; 1323 buf += delta; 1324 len -= delta; 1325 } 1326 return (error); 1327#endif 1328} 1329 1330static int 1331run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1332{ 1333 int i, error = 0; 1334 1335 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1336 for (i = 0; i < len && error == 0; i += 4) 1337 error = run_write(sc, reg + i, val); 1338 return (error); 1339} 1340 1341static int 1342run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1343{ 1344 uint32_t tmp; 1345 uint16_t reg; 1346 int error, ntries; 1347 1348 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1349 return (error); 1350 1351 if (count == 2) 1352 addr *= 2; 1353 /*- 1354 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1355 * DATA0: F E D C 1356 * DATA1: B A 9 8 1357 * DATA2: 7 6 5 4 1358 * DATA3: 3 2 1 0 1359 */ 1360 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1361 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1362 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1363 for (ntries = 0; ntries < 100; ntries++) { 1364 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1365 return (error); 1366 if (!(tmp & RT3070_EFSROM_KICK)) 1367 break; 1368 run_delay(sc, 2); 1369 } 1370 if (ntries == 100) 1371 return (ETIMEDOUT); 1372 1373 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1374 *val = 0xffff; /* address not found */ 1375 return (0); 1376 } 1377 /* determine to which 32-bit register our 16-bit word belongs */ 1378 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1379 if ((error = run_read(sc, reg, &tmp)) != 0) 1380 return (error); 1381 1382 tmp >>= (8 * (addr & 0x3)); 1383 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1384 1385 return (0); 1386} 1387 1388/* Read 16-bit from eFUSE ROM for RT3xxx. */ 1389static int 1390run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1391{ 1392 return (run_efuse_read(sc, addr, val, 2)); 1393} 1394 1395static int 1396run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1397{ 1398 usb_device_request_t req; 1399 uint16_t tmp; 1400 int error; 1401 1402 addr *= 2; 1403 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1404 req.bRequest = RT2870_EEPROM_READ; 1405 USETW(req.wValue, 0); 1406 USETW(req.wIndex, addr); 1407 USETW(req.wLength, sizeof(tmp)); 1408 1409 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1410 if (error == 0) 1411 *val = le16toh(tmp); 1412 else 1413 *val = 0xffff; 1414 return (error); 1415} 1416 1417static __inline int 1418run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1419{ 1420 /* either eFUSE ROM or EEPROM */ 1421 return sc->sc_srom_read(sc, addr, val); 1422} 1423 1424static int 1425run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1426{ 1427 uint32_t tmp; 1428 int error, ntries; 1429 1430 for (ntries = 0; ntries < 10; ntries++) { 1431 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1432 return (error); 1433 if (!(tmp & RT2860_RF_REG_CTRL)) 1434 break; 1435 } 1436 if (ntries == 10) 1437 return (ETIMEDOUT); 1438 1439 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1440} 1441 1442static int 1443run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1444{ 1445 uint32_t tmp; 1446 int error, ntries; 1447 1448 for (ntries = 0; ntries < 100; ntries++) { 1449 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1450 return (error); 1451 if (!(tmp & RT3070_RF_KICK)) 1452 break; 1453 } 1454 if (ntries == 100) 1455 return (ETIMEDOUT); 1456 1457 tmp = RT3070_RF_KICK | reg << 8; 1458 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1459 return (error); 1460 1461 for (ntries = 0; ntries < 100; ntries++) { 1462 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1463 return (error); 1464 if (!(tmp & RT3070_RF_KICK)) 1465 break; 1466 } 1467 if (ntries == 100) 1468 return (ETIMEDOUT); 1469 1470 *val = tmp & 0xff; 1471 return (0); 1472} 1473 1474static int 1475run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1476{ 1477 uint32_t tmp; 1478 int error, ntries; 1479 1480 for (ntries = 0; ntries < 10; ntries++) { 1481 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1482 return (error); 1483 if (!(tmp & RT3070_RF_KICK)) 1484 break; 1485 } 1486 if (ntries == 10) 1487 return (ETIMEDOUT); 1488 1489 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1490 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1491} 1492 1493static int 1494run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1495{ 1496 uint32_t tmp; 1497 int ntries, error; 1498 1499 for (ntries = 0; ntries < 10; ntries++) { 1500 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1501 return (error); 1502 if (!(tmp & RT2860_BBP_CSR_KICK)) 1503 break; 1504 } 1505 if (ntries == 10) 1506 return (ETIMEDOUT); 1507 1508 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1509 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1510 return (error); 1511 1512 for (ntries = 0; ntries < 10; ntries++) { 1513 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1514 return (error); 1515 if (!(tmp & RT2860_BBP_CSR_KICK)) 1516 break; 1517 } 1518 if (ntries == 10) 1519 return (ETIMEDOUT); 1520 1521 *val = tmp & 0xff; 1522 return (0); 1523} 1524 1525static int 1526run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1527{ 1528 uint32_t tmp; 1529 int ntries, error; 1530 1531 for (ntries = 0; ntries < 10; ntries++) { 1532 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1533 return (error); 1534 if (!(tmp & RT2860_BBP_CSR_KICK)) 1535 break; 1536 } 1537 if (ntries == 10) 1538 return (ETIMEDOUT); 1539 1540 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1541 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1542} 1543 1544/* 1545 * Send a command to the 8051 microcontroller unit. 1546 */ 1547static int 1548run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1549{ 1550 uint32_t tmp; 1551 int error, ntries; 1552 1553 for (ntries = 0; ntries < 100; ntries++) { 1554 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1555 return error; 1556 if (!(tmp & RT2860_H2M_BUSY)) 1557 break; 1558 } 1559 if (ntries == 100) 1560 return ETIMEDOUT; 1561 1562 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1563 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1564 error = run_write(sc, RT2860_HOST_CMD, cmd); 1565 return (error); 1566} 1567 1568/* 1569 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1570 * Used to adjust per-rate Tx power registers. 1571 */ 1572static __inline uint32_t 1573b4inc(uint32_t b32, int8_t delta) 1574{ 1575 int8_t i, b4; 1576 1577 for (i = 0; i < 8; i++) { 1578 b4 = b32 & 0xf; 1579 b4 += delta; 1580 if (b4 < 0) 1581 b4 = 0; 1582 else if (b4 > 0xf) 1583 b4 = 0xf; 1584 b32 = b32 >> 4 | b4 << 28; 1585 } 1586 return (b32); 1587} 1588 1589static const char * 1590run_get_rf(uint16_t rev) 1591{ 1592 switch (rev) { 1593 case RT2860_RF_2820: return "RT2820"; 1594 case RT2860_RF_2850: return "RT2850"; 1595 case RT2860_RF_2720: return "RT2720"; 1596 case RT2860_RF_2750: return "RT2750"; 1597 case RT3070_RF_3020: return "RT3020"; 1598 case RT3070_RF_2020: return "RT2020"; 1599 case RT3070_RF_3021: return "RT3021"; 1600 case RT3070_RF_3022: return "RT3022"; 1601 case RT3070_RF_3052: return "RT3052"; 1602 case RT3593_RF_3053: return "RT3053"; 1603 case RT5592_RF_5592: return "RT5592"; 1604 case RT5390_RF_5370: return "RT5370"; 1605 case RT5390_RF_5372: return "RT5372"; 1606 } 1607 return ("unknown"); 1608} 1609 1610static void 1611run_rt3593_get_txpower(struct run_softc *sc) 1612{ 1613 uint16_t addr, val; 1614 int i; 1615 1616 /* Read power settings for 2GHz channels. */ 1617 for (i = 0; i < 14; i += 2) { 1618 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1619 RT2860_EEPROM_PWR2GHZ_BASE1; 1620 run_srom_read(sc, addr + i / 2, &val); 1621 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1622 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1623 1624 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1625 RT2860_EEPROM_PWR2GHZ_BASE2; 1626 run_srom_read(sc, addr + i / 2, &val); 1627 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1628 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1629 1630 if (sc->ntxchains == 3) { 1631 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1632 &val); 1633 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1634 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1635 } 1636 } 1637 /* Fix broken Tx power entries. */ 1638 for (i = 0; i < 14; i++) { 1639 if (sc->txpow1[i] > 31) 1640 sc->txpow1[i] = 5; 1641 if (sc->txpow2[i] > 31) 1642 sc->txpow2[i] = 5; 1643 if (sc->ntxchains == 3) { 1644 if (sc->txpow3[i] > 31) 1645 sc->txpow3[i] = 5; 1646 } 1647 } 1648 /* Read power settings for 5GHz channels. */ 1649 for (i = 0; i < 40; i += 2) { 1650 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1651 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1652 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1653 1654 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1655 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1656 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1657 1658 if (sc->ntxchains == 3) { 1659 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1660 &val); 1661 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1662 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1663 } 1664 } 1665} 1666 1667static void 1668run_get_txpower(struct run_softc *sc) 1669{ 1670 uint16_t val; 1671 int i; 1672 1673 /* Read power settings for 2GHz channels. */ 1674 for (i = 0; i < 14; i += 2) { 1675 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1676 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1677 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1678 1679 if (sc->mac_ver != 0x5390) { 1680 run_srom_read(sc, 1681 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1682 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1683 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1684 } 1685 } 1686 /* Fix broken Tx power entries. */ 1687 for (i = 0; i < 14; i++) { 1688 if (sc->mac_ver >= 0x5390) { 1689 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1690 sc->txpow1[i] = 5; 1691 } else { 1692 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1693 sc->txpow1[i] = 5; 1694 } 1695 if (sc->mac_ver > 0x5390) { 1696 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1697 sc->txpow2[i] = 5; 1698 } else if (sc->mac_ver < 0x5390) { 1699 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1700 sc->txpow2[i] = 5; 1701 } 1702 DPRINTF("chan %d: power1=%d, power2=%d\n", 1703 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1704 } 1705 /* Read power settings for 5GHz channels. */ 1706 for (i = 0; i < 40; i += 2) { 1707 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1708 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1709 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1710 1711 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1712 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1713 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1714 } 1715 /* Fix broken Tx power entries. */ 1716 for (i = 0; i < 40; i++ ) { 1717 if (sc->mac_ver != 0x5592) { 1718 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1719 sc->txpow1[14 + i] = 5; 1720 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1721 sc->txpow2[14 + i] = 5; 1722 } 1723 DPRINTF("chan %d: power1=%d, power2=%d\n", 1724 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1725 sc->txpow2[14 + i]); 1726 } 1727} 1728 1729static int 1730run_read_eeprom(struct run_softc *sc) 1731{ 1732 struct ieee80211com *ic = &sc->sc_ic; 1733 int8_t delta_2ghz, delta_5ghz; 1734 uint32_t tmp; 1735 uint16_t val; 1736 int ridx, ant, i; 1737 1738 /* check whether the ROM is eFUSE ROM or EEPROM */ 1739 sc->sc_srom_read = run_eeprom_read_2; 1740 if (sc->mac_ver >= 0x3070) { 1741 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1742 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1743 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1744 sc->sc_srom_read = run_efuse_read_2; 1745 } 1746 1747 /* read ROM version */ 1748 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1749 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1750 1751 /* read MAC address */ 1752 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1753 ic->ic_macaddr[0] = val & 0xff; 1754 ic->ic_macaddr[1] = val >> 8; 1755 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1756 ic->ic_macaddr[2] = val & 0xff; 1757 ic->ic_macaddr[3] = val >> 8; 1758 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1759 ic->ic_macaddr[4] = val & 0xff; 1760 ic->ic_macaddr[5] = val >> 8; 1761 1762 if (sc->mac_ver < 0x3593) { 1763 /* read vender BBP settings */ 1764 for (i = 0; i < 10; i++) { 1765 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1766 sc->bbp[i].val = val & 0xff; 1767 sc->bbp[i].reg = val >> 8; 1768 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1769 sc->bbp[i].val); 1770 } 1771 if (sc->mac_ver >= 0x3071) { 1772 /* read vendor RF settings */ 1773 for (i = 0; i < 10; i++) { 1774 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1775 &val); 1776 sc->rf[i].val = val & 0xff; 1777 sc->rf[i].reg = val >> 8; 1778 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1779 sc->rf[i].val); 1780 } 1781 } 1782 } 1783 1784 /* read RF frequency offset from EEPROM */ 1785 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1786 RT3593_EEPROM_FREQ, &val); 1787 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1788 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1789 1790 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1791 RT3593_EEPROM_FREQ_LEDS, &val); 1792 if (val >> 8 != 0xff) { 1793 /* read LEDs operating mode */ 1794 sc->leds = val >> 8; 1795 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1796 RT3593_EEPROM_LED1, &sc->led[0]); 1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1798 RT3593_EEPROM_LED2, &sc->led[1]); 1799 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1800 RT3593_EEPROM_LED3, &sc->led[2]); 1801 } else { 1802 /* broken EEPROM, use default settings */ 1803 sc->leds = 0x01; 1804 sc->led[0] = 0x5555; 1805 sc->led[1] = 0x2221; 1806 sc->led[2] = 0x5627; /* differs from RT2860 */ 1807 } 1808 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1809 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1810 1811 /* read RF information */ 1812 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1813 run_srom_read(sc, 0x00, &val); 1814 else 1815 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1816 1817 if (val == 0xffff) { 1818 device_printf(sc->sc_dev, 1819 "invalid EEPROM antenna info, using default\n"); 1820 DPRINTF("invalid EEPROM antenna info, using default\n"); 1821 if (sc->mac_ver == 0x3572) { 1822 /* default to RF3052 2T2R */ 1823 sc->rf_rev = RT3070_RF_3052; 1824 sc->ntxchains = 2; 1825 sc->nrxchains = 2; 1826 } else if (sc->mac_ver >= 0x3070) { 1827 /* default to RF3020 1T1R */ 1828 sc->rf_rev = RT3070_RF_3020; 1829 sc->ntxchains = 1; 1830 sc->nrxchains = 1; 1831 } else { 1832 /* default to RF2820 1T2R */ 1833 sc->rf_rev = RT2860_RF_2820; 1834 sc->ntxchains = 1; 1835 sc->nrxchains = 2; 1836 } 1837 } else { 1838 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1839 sc->rf_rev = val; 1840 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1841 } else 1842 sc->rf_rev = (val >> 8) & 0xf; 1843 sc->ntxchains = (val >> 4) & 0xf; 1844 sc->nrxchains = val & 0xf; 1845 } 1846 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1847 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1848 1849 /* check if RF supports automatic Tx access gain control */ 1850 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1851 DPRINTF("EEPROM CFG 0x%04x\n", val); 1852 /* check if driver should patch the DAC issue */ 1853 if ((val >> 8) != 0xff) 1854 sc->patch_dac = (val >> 15) & 1; 1855 if ((val & 0xff) != 0xff) { 1856 sc->ext_5ghz_lna = (val >> 3) & 1; 1857 sc->ext_2ghz_lna = (val >> 2) & 1; 1858 /* check if RF supports automatic Tx access gain control */ 1859 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1860 /* check if we have a hardware radio switch */ 1861 sc->rfswitch = val & 1; 1862 } 1863 1864 /* Read Tx power settings. */ 1865 if (sc->mac_ver == 0x3593) 1866 run_rt3593_get_txpower(sc); 1867 else 1868 run_get_txpower(sc); 1869 1870 /* read Tx power compensation for each Tx rate */ 1871 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1872 delta_2ghz = delta_5ghz = 0; 1873 if ((val & 0xff) != 0xff && (val & 0x80)) { 1874 delta_2ghz = val & 0xf; 1875 if (!(val & 0x40)) /* negative number */ 1876 delta_2ghz = -delta_2ghz; 1877 } 1878 val >>= 8; 1879 if ((val & 0xff) != 0xff && (val & 0x80)) { 1880 delta_5ghz = val & 0xf; 1881 if (!(val & 0x40)) /* negative number */ 1882 delta_5ghz = -delta_5ghz; 1883 } 1884 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1885 delta_2ghz, delta_5ghz); 1886 1887 for (ridx = 0; ridx < 5; ridx++) { 1888 uint32_t reg; 1889 1890 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1891 reg = val; 1892 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1893 reg |= (uint32_t)val << 16; 1894 1895 sc->txpow20mhz[ridx] = reg; 1896 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1897 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1898 1899 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1900 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1901 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1902 } 1903 1904 /* Read RSSI offsets and LNA gains from EEPROM. */ 1905 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1906 RT3593_EEPROM_RSSI1_2GHZ, &val); 1907 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1908 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1909 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1910 RT3593_EEPROM_RSSI2_2GHZ, &val); 1911 if (sc->mac_ver >= 0x3070) { 1912 if (sc->mac_ver == 0x3593) { 1913 sc->txmixgain_2ghz = 0; 1914 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1915 } else { 1916 /* 1917 * On RT3070 chips (limited to 2 Rx chains), this ROM 1918 * field contains the Tx mixer gain for the 2GHz band. 1919 */ 1920 if ((val & 0xff) != 0xff) 1921 sc->txmixgain_2ghz = val & 0x7; 1922 } 1923 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1924 } else 1925 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1926 if (sc->mac_ver == 0x3593) 1927 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1928 sc->lna[2] = val >> 8; /* channel group 2 */ 1929 1930 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1931 RT3593_EEPROM_RSSI1_5GHZ, &val); 1932 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1933 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1934 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1935 RT3593_EEPROM_RSSI2_5GHZ, &val); 1936 if (sc->mac_ver == 0x3572) { 1937 /* 1938 * On RT3572 chips (limited to 2 Rx chains), this ROM 1939 * field contains the Tx mixer gain for the 5GHz band. 1940 */ 1941 if ((val & 0xff) != 0xff) 1942 sc->txmixgain_5ghz = val & 0x7; 1943 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1944 } else 1945 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1946 if (sc->mac_ver == 0x3593) { 1947 sc->txmixgain_5ghz = 0; 1948 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1949 } 1950 sc->lna[3] = val >> 8; /* channel group 3 */ 1951 1952 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1953 RT3593_EEPROM_LNA, &val); 1954 sc->lna[0] = val & 0xff; /* channel group 0 */ 1955 sc->lna[1] = val >> 8; /* channel group 1 */ 1956 1957 /* fix broken 5GHz LNA entries */ 1958 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1959 DPRINTF("invalid LNA for channel group %d\n", 2); 1960 sc->lna[2] = sc->lna[1]; 1961 } 1962 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1963 DPRINTF("invalid LNA for channel group %d\n", 3); 1964 sc->lna[3] = sc->lna[1]; 1965 } 1966 1967 /* fix broken RSSI offset entries */ 1968 for (ant = 0; ant < 3; ant++) { 1969 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1970 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1971 ant + 1, sc->rssi_2ghz[ant]); 1972 sc->rssi_2ghz[ant] = 0; 1973 } 1974 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1975 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1976 ant + 1, sc->rssi_5ghz[ant]); 1977 sc->rssi_5ghz[ant] = 0; 1978 } 1979 } 1980 return (0); 1981} 1982 1983static struct ieee80211_node * 1984run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1985{ 1986 return malloc(sizeof (struct run_node), M_80211_NODE, 1987 M_NOWAIT | M_ZERO); 1988} 1989 1990static int 1991run_media_change(struct ifnet *ifp) 1992{ 1993 struct ieee80211vap *vap = ifp->if_softc; 1994 struct ieee80211com *ic = vap->iv_ic; 1995 const struct ieee80211_txparam *tp; 1996 struct run_softc *sc = ic->ic_softc; 1997 uint8_t rate, ridx; 1998 int error; 1999 2000 RUN_LOCK(sc); 2001 2002 error = ieee80211_media_change(ifp); 2003 if (error != ENETRESET) { 2004 RUN_UNLOCK(sc); 2005 return (error); 2006 } 2007 2008 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2009 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2010 struct ieee80211_node *ni; 2011 struct run_node *rn; 2012 2013 rate = ic->ic_sup_rates[ic->ic_curmode]. 2014 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2015 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2016 if (rt2860_rates[ridx].rate == rate) 2017 break; 2018 ni = ieee80211_ref_node(vap->iv_bss); 2019 rn = RUN_NODE(ni); 2020 rn->fix_ridx = ridx; 2021 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2022 ieee80211_free_node(ni); 2023 } 2024 2025#if 0 2026 if ((ifp->if_flags & IFF_UP) && 2027 (ifp->if_drv_flags & RUN_RUNNING)){ 2028 run_init_locked(sc); 2029 } 2030#endif 2031 2032 RUN_UNLOCK(sc); 2033 2034 return (0); 2035} 2036 2037static int 2038run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2039{ 2040 const struct ieee80211_txparam *tp; 2041 struct ieee80211com *ic = vap->iv_ic; 2042 struct run_softc *sc = ic->ic_softc; 2043 struct run_vap *rvp = RUN_VAP(vap); 2044 enum ieee80211_state ostate; 2045 uint32_t sta[3]; 2046 uint8_t ratectl; 2047 uint8_t restart_ratectl = 0; 2048 uint8_t bid = 1 << rvp->rvp_id; 2049 2050 ostate = vap->iv_state; 2051 DPRINTF("%s -> %s\n", 2052 ieee80211_state_name[ostate], 2053 ieee80211_state_name[nstate]); 2054 2055 IEEE80211_UNLOCK(ic); 2056 RUN_LOCK(sc); 2057 2058 ratectl = sc->ratectl_run; /* remember current state */ 2059 sc->ratectl_run = RUN_RATECTL_OFF; 2060 usb_callout_stop(&sc->ratectl_ch); 2061 2062 if (ostate == IEEE80211_S_RUN) { 2063 /* turn link LED off */ 2064 run_set_leds(sc, RT2860_LED_RADIO); 2065 } 2066 2067 switch (nstate) { 2068 case IEEE80211_S_INIT: 2069 restart_ratectl = 1; 2070 2071 if (ostate != IEEE80211_S_RUN) 2072 break; 2073 2074 ratectl &= ~bid; 2075 sc->runbmap &= ~bid; 2076 2077 /* abort TSF synchronization if there is no vap running */ 2078 if (--sc->running == 0) 2079 run_disable_tsf(sc); 2080 break; 2081 2082 case IEEE80211_S_RUN: 2083 if (!(sc->runbmap & bid)) { 2084 if(sc->running++) 2085 restart_ratectl = 1; 2086 sc->runbmap |= bid; 2087 } 2088 2089 m_freem(rvp->beacon_mbuf); 2090 rvp->beacon_mbuf = NULL; 2091 2092 switch (vap->iv_opmode) { 2093 case IEEE80211_M_HOSTAP: 2094 case IEEE80211_M_MBSS: 2095 sc->ap_running |= bid; 2096 ic->ic_opmode = vap->iv_opmode; 2097 run_update_beacon_cb(vap); 2098 break; 2099 case IEEE80211_M_IBSS: 2100 sc->adhoc_running |= bid; 2101 if (!sc->ap_running) 2102 ic->ic_opmode = vap->iv_opmode; 2103 run_update_beacon_cb(vap); 2104 break; 2105 case IEEE80211_M_STA: 2106 sc->sta_running |= bid; 2107 if (!sc->ap_running && !sc->adhoc_running) 2108 ic->ic_opmode = vap->iv_opmode; 2109 2110 /* read statistic counters (clear on read) */ 2111 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2112 (uint8_t *)sta, sizeof sta); 2113 2114 break; 2115 default: 2116 ic->ic_opmode = vap->iv_opmode; 2117 break; 2118 } 2119 2120 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2121 struct ieee80211_node *ni; 2122 2123 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2124 RUN_UNLOCK(sc); 2125 IEEE80211_LOCK(ic); 2126 return (-1); 2127 } 2128 run_updateslot(ic); 2129 run_enable_mrr(sc); 2130 run_set_txpreamble(sc); 2131 run_set_basicrates(sc); 2132 ni = ieee80211_ref_node(vap->iv_bss); 2133 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2134 run_set_bssid(sc, sc->sc_bssid); 2135 ieee80211_free_node(ni); 2136 run_enable_tsf_sync(sc); 2137 2138 /* enable automatic rate adaptation */ 2139 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2140 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2141 ratectl |= bid; 2142 } else 2143 run_enable_tsf(sc); 2144 2145 /* turn link LED on */ 2146 run_set_leds(sc, RT2860_LED_RADIO | 2147 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2148 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2149 2150 break; 2151 default: 2152 DPRINTFN(6, "undefined case\n"); 2153 break; 2154 } 2155 2156 /* restart amrr for running VAPs */ 2157 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2158 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2159 2160 RUN_UNLOCK(sc); 2161 IEEE80211_LOCK(ic); 2162 2163 return(rvp->newstate(vap, nstate, arg)); 2164} 2165 2166static int 2167run_wme_update(struct ieee80211com *ic) 2168{ 2169 struct run_softc *sc = ic->ic_softc; 2170 const struct wmeParams *ac = 2171 ic->ic_wme.wme_chanParams.cap_wmeParams; 2172 int aci, error = 0; 2173 2174 /* update MAC TX configuration registers */ 2175 RUN_LOCK(sc); 2176 for (aci = 0; aci < WME_NUM_AC; aci++) { 2177 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2178 ac[aci].wmep_logcwmax << 16 | 2179 ac[aci].wmep_logcwmin << 12 | 2180 ac[aci].wmep_aifsn << 8 | 2181 ac[aci].wmep_txopLimit); 2182 if (error) goto err; 2183 } 2184 2185 /* update SCH/DMA registers too */ 2186 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2187 ac[WME_AC_VO].wmep_aifsn << 12 | 2188 ac[WME_AC_VI].wmep_aifsn << 8 | 2189 ac[WME_AC_BK].wmep_aifsn << 4 | 2190 ac[WME_AC_BE].wmep_aifsn); 2191 if (error) goto err; 2192 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2193 ac[WME_AC_VO].wmep_logcwmin << 12 | 2194 ac[WME_AC_VI].wmep_logcwmin << 8 | 2195 ac[WME_AC_BK].wmep_logcwmin << 4 | 2196 ac[WME_AC_BE].wmep_logcwmin); 2197 if (error) goto err; 2198 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2199 ac[WME_AC_VO].wmep_logcwmax << 12 | 2200 ac[WME_AC_VI].wmep_logcwmax << 8 | 2201 ac[WME_AC_BK].wmep_logcwmax << 4 | 2202 ac[WME_AC_BE].wmep_logcwmax); 2203 if (error) goto err; 2204 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2205 ac[WME_AC_BK].wmep_txopLimit << 16 | 2206 ac[WME_AC_BE].wmep_txopLimit); 2207 if (error) goto err; 2208 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2209 ac[WME_AC_VO].wmep_txopLimit << 16 | 2210 ac[WME_AC_VI].wmep_txopLimit); 2211 2212err: 2213 RUN_UNLOCK(sc); 2214 if (error) 2215 DPRINTF("WME update failed\n"); 2216 2217 return (error); 2218} 2219 2220static void 2221run_key_set_cb(void *arg) 2222{ 2223 struct run_cmdq *cmdq = arg; 2224 struct ieee80211vap *vap = cmdq->arg1; 2225 struct ieee80211_key *k = cmdq->k; 2226 struct ieee80211com *ic = vap->iv_ic; 2227 struct run_softc *sc = ic->ic_softc; 2228 struct ieee80211_node *ni; 2229 u_int cipher = k->wk_cipher->ic_cipher; 2230 uint32_t attr; 2231 uint16_t base, associd; 2232 uint8_t mode, wcid, iv[8]; 2233 2234 RUN_LOCK_ASSERT(sc, MA_OWNED); 2235 2236 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2237 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2238 else 2239 ni = vap->iv_bss; 2240 associd = (ni != NULL) ? ni->ni_associd : 0; 2241 2242 /* map net80211 cipher to RT2860 security mode */ 2243 switch (cipher) { 2244 case IEEE80211_CIPHER_WEP: 2245 if(k->wk_keylen < 8) 2246 mode = RT2860_MODE_WEP40; 2247 else 2248 mode = RT2860_MODE_WEP104; 2249 break; 2250 case IEEE80211_CIPHER_TKIP: 2251 mode = RT2860_MODE_TKIP; 2252 break; 2253 case IEEE80211_CIPHER_AES_CCM: 2254 mode = RT2860_MODE_AES_CCMP; 2255 break; 2256 default: 2257 DPRINTF("undefined case\n"); 2258 return; 2259 } 2260 2261 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2262 associd, k->wk_keyix, mode, 2263 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2264 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2265 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2266 2267 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2268 wcid = 0; /* NB: update WCID0 for group keys */ 2269 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2270 } else { 2271 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2272 1 : RUN_AID2WCID(associd); 2273 base = RT2860_PKEY(wcid); 2274 } 2275 2276 if (cipher == IEEE80211_CIPHER_TKIP) { 2277 if(run_write_region_1(sc, base, k->wk_key, 16)) 2278 return; 2279 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2280 return; 2281 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2282 return; 2283 } else { 2284 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2285 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2286 return; 2287 } 2288 2289 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2290 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2291 /* set initial packet number in IV+EIV */ 2292 if (cipher == IEEE80211_CIPHER_WEP) { 2293 memset(iv, 0, sizeof iv); 2294 iv[3] = vap->iv_def_txkey << 6; 2295 } else { 2296 if (cipher == IEEE80211_CIPHER_TKIP) { 2297 iv[0] = k->wk_keytsc >> 8; 2298 iv[1] = (iv[0] | 0x20) & 0x7f; 2299 iv[2] = k->wk_keytsc; 2300 } else /* CCMP */ { 2301 iv[0] = k->wk_keytsc; 2302 iv[1] = k->wk_keytsc >> 8; 2303 iv[2] = 0; 2304 } 2305 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2306 iv[4] = k->wk_keytsc >> 16; 2307 iv[5] = k->wk_keytsc >> 24; 2308 iv[6] = k->wk_keytsc >> 32; 2309 iv[7] = k->wk_keytsc >> 40; 2310 } 2311 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2312 return; 2313 } 2314 2315 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2316 /* install group key */ 2317 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2318 return; 2319 attr &= ~(0xf << (k->wk_keyix * 4)); 2320 attr |= mode << (k->wk_keyix * 4); 2321 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2322 return; 2323 } else { 2324 /* install pairwise key */ 2325 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2326 return; 2327 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2328 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2329 return; 2330 } 2331 2332 /* TODO create a pass-thru key entry? */ 2333 2334 /* need wcid to delete the right key later */ 2335 k->wk_pad = wcid; 2336} 2337 2338/* 2339 * Don't have to be deferred, but in order to keep order of 2340 * execution, i.e. with run_key_delete(), defer this and let 2341 * run_cmdq_cb() maintain the order. 2342 * 2343 * return 0 on error 2344 */ 2345static int 2346run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2347{ 2348 struct ieee80211com *ic = vap->iv_ic; 2349 struct run_softc *sc = ic->ic_softc; 2350 uint32_t i; 2351 2352 i = RUN_CMDQ_GET(&sc->cmdq_store); 2353 DPRINTF("cmdq_store=%d\n", i); 2354 sc->cmdq[i].func = run_key_set_cb; 2355 sc->cmdq[i].arg0 = NULL; 2356 sc->cmdq[i].arg1 = vap; 2357 sc->cmdq[i].k = k; 2358 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2359 ieee80211_runtask(ic, &sc->cmdq_task); 2360 2361 /* 2362 * To make sure key will be set when hostapd 2363 * calls iv_key_set() before if_init(). 2364 */ 2365 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2366 RUN_LOCK(sc); 2367 sc->cmdq_key_set = RUN_CMDQ_GO; 2368 RUN_UNLOCK(sc); 2369 } 2370 2371 return (1); 2372} 2373 2374/* 2375 * If wlan is destroyed without being brought down i.e. without 2376 * wlan down or wpa_cli terminate, this function is called after 2377 * vap is gone. Don't refer it. 2378 */ 2379static void 2380run_key_delete_cb(void *arg) 2381{ 2382 struct run_cmdq *cmdq = arg; 2383 struct run_softc *sc = cmdq->arg1; 2384 struct ieee80211_key *k = &cmdq->key; 2385 uint32_t attr; 2386 uint8_t wcid; 2387 2388 RUN_LOCK_ASSERT(sc, MA_OWNED); 2389 2390 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2391 /* remove group key */ 2392 DPRINTF("removing group key\n"); 2393 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2394 attr &= ~(0xf << (k->wk_keyix * 4)); 2395 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2396 } else { 2397 /* remove pairwise key */ 2398 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2399 /* matching wcid was written to wk_pad in run_key_set() */ 2400 wcid = k->wk_pad; 2401 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2402 attr &= ~0xf; 2403 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2404 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2405 } 2406 2407 k->wk_pad = 0; 2408} 2409 2410/* 2411 * return 0 on error 2412 */ 2413static int 2414run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2415{ 2416 struct ieee80211com *ic = vap->iv_ic; 2417 struct run_softc *sc = ic->ic_softc; 2418 struct ieee80211_key *k0; 2419 uint32_t i; 2420 2421 /* 2422 * When called back, key might be gone. So, make a copy 2423 * of some values need to delete keys before deferring. 2424 * But, because of LOR with node lock, cannot use lock here. 2425 * So, use atomic instead. 2426 */ 2427 i = RUN_CMDQ_GET(&sc->cmdq_store); 2428 DPRINTF("cmdq_store=%d\n", i); 2429 sc->cmdq[i].func = run_key_delete_cb; 2430 sc->cmdq[i].arg0 = NULL; 2431 sc->cmdq[i].arg1 = sc; 2432 k0 = &sc->cmdq[i].key; 2433 k0->wk_flags = k->wk_flags; 2434 k0->wk_keyix = k->wk_keyix; 2435 /* matching wcid was written to wk_pad in run_key_set() */ 2436 k0->wk_pad = k->wk_pad; 2437 ieee80211_runtask(ic, &sc->cmdq_task); 2438 return (1); /* return fake success */ 2439 2440} 2441 2442static void 2443run_ratectl_to(void *arg) 2444{ 2445 struct run_softc *sc = arg; 2446 2447 /* do it in a process context, so it can go sleep */ 2448 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2449 /* next timeout will be rescheduled in the callback task */ 2450} 2451 2452/* ARGSUSED */ 2453static void 2454run_ratectl_cb(void *arg, int pending) 2455{ 2456 struct run_softc *sc = arg; 2457 struct ieee80211com *ic = &sc->sc_ic; 2458 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2459 2460 if (vap == NULL) 2461 return; 2462 2463 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2464 /* 2465 * run_reset_livelock() doesn't do anything with AMRR, 2466 * but Ralink wants us to call it every 1 sec. So, we 2467 * piggyback here rather than creating another callout. 2468 * Livelock may occur only in HOSTAP or IBSS mode 2469 * (when h/w is sending beacons). 2470 */ 2471 RUN_LOCK(sc); 2472 run_reset_livelock(sc); 2473 /* just in case, there are some stats to drain */ 2474 run_drain_fifo(sc); 2475 RUN_UNLOCK(sc); 2476 } 2477 2478 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2479 2480 RUN_LOCK(sc); 2481 if(sc->ratectl_run != RUN_RATECTL_OFF) 2482 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2483 RUN_UNLOCK(sc); 2484} 2485 2486static void 2487run_drain_fifo(void *arg) 2488{ 2489 struct run_softc *sc = arg; 2490 uint32_t stat; 2491 uint16_t (*wstat)[3]; 2492 uint8_t wcid, mcs, pid; 2493 int8_t retry; 2494 2495 RUN_LOCK_ASSERT(sc, MA_OWNED); 2496 2497 for (;;) { 2498 /* drain Tx status FIFO (maxsize = 16) */ 2499 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2500 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2501 if (!(stat & RT2860_TXQ_VLD)) 2502 break; 2503 2504 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2505 2506 /* if no ACK was requested, no feedback is available */ 2507 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2508 wcid == 0) 2509 continue; 2510 2511 /* 2512 * Even though each stat is Tx-complete-status like format, 2513 * the device can poll stats. Because there is no guarantee 2514 * that the referring node is still around when read the stats. 2515 * So that, if we use ieee80211_ratectl_tx_update(), we will 2516 * have hard time not to refer already freed node. 2517 * 2518 * To eliminate such page faults, we poll stats in softc. 2519 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2520 */ 2521 wstat = &(sc->wcid_stats[wcid]); 2522 (*wstat)[RUN_TXCNT]++; 2523 if (stat & RT2860_TXQ_OK) 2524 (*wstat)[RUN_SUCCESS]++; 2525 else 2526 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2527 /* 2528 * Check if there were retries, ie if the Tx success rate is 2529 * different from the requested rate. Note that it works only 2530 * because we do not allow rate fallback from OFDM to CCK. 2531 */ 2532 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2533 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2534 if ((retry = pid -1 - mcs) > 0) { 2535 (*wstat)[RUN_TXCNT] += retry; 2536 (*wstat)[RUN_RETRY] += retry; 2537 } 2538 } 2539 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2540 2541 sc->fifo_cnt = 0; 2542} 2543 2544static void 2545run_iter_func(void *arg, struct ieee80211_node *ni) 2546{ 2547 struct run_softc *sc = arg; 2548 struct ieee80211vap *vap = ni->ni_vap; 2549 struct run_node *rn = RUN_NODE(ni); 2550 union run_stats sta[2]; 2551 uint16_t (*wstat)[3]; 2552 int txcnt, success, retrycnt, error; 2553 2554 RUN_LOCK(sc); 2555 2556 /* Check for special case */ 2557 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2558 ni != vap->iv_bss) 2559 goto fail; 2560 2561 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2562 vap->iv_opmode == IEEE80211_M_STA)) { 2563 /* read statistic counters (clear on read) and update AMRR state */ 2564 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2565 sizeof sta); 2566 if (error != 0) 2567 goto fail; 2568 2569 /* count failed TX as errors */ 2570 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2571 le16toh(sta[0].error.fail)); 2572 2573 retrycnt = le16toh(sta[1].tx.retry); 2574 success = le16toh(sta[1].tx.success); 2575 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2576 2577 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2578 retrycnt, success, le16toh(sta[0].error.fail)); 2579 } else { 2580 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2581 2582 if (wstat == &(sc->wcid_stats[0]) || 2583 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2584 goto fail; 2585 2586 txcnt = (*wstat)[RUN_TXCNT]; 2587 success = (*wstat)[RUN_SUCCESS]; 2588 retrycnt = (*wstat)[RUN_RETRY]; 2589 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2590 retrycnt, txcnt, success); 2591 2592 memset(wstat, 0, sizeof(*wstat)); 2593 } 2594 2595 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2596 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2597 2598fail: 2599 RUN_UNLOCK(sc); 2600 2601 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2602} 2603 2604static void 2605run_newassoc_cb(void *arg) 2606{ 2607 struct run_cmdq *cmdq = arg; 2608 struct ieee80211_node *ni = cmdq->arg1; 2609 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2610 uint8_t wcid = cmdq->wcid; 2611 2612 RUN_LOCK_ASSERT(sc, MA_OWNED); 2613 2614 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2615 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2616 2617 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2618} 2619 2620static void 2621run_newassoc(struct ieee80211_node *ni, int isnew) 2622{ 2623 struct run_node *rn = RUN_NODE(ni); 2624 struct ieee80211_rateset *rs = &ni->ni_rates; 2625 struct ieee80211vap *vap = ni->ni_vap; 2626 struct ieee80211com *ic = vap->iv_ic; 2627 struct run_softc *sc = ic->ic_softc; 2628 uint8_t rate; 2629 uint8_t ridx; 2630 uint8_t wcid; 2631 int i, j; 2632 2633 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2634 1 : RUN_AID2WCID(ni->ni_associd); 2635 2636 if (wcid > RT2870_WCID_MAX) { 2637 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2638 return; 2639 } 2640 2641 /* only interested in true associations */ 2642 if (isnew && ni->ni_associd != 0) { 2643 2644 /* 2645 * This function could is called though timeout function. 2646 * Need to defer. 2647 */ 2648 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2649 DPRINTF("cmdq_store=%d\n", cnt); 2650 sc->cmdq[cnt].func = run_newassoc_cb; 2651 sc->cmdq[cnt].arg0 = NULL; 2652 sc->cmdq[cnt].arg1 = ni; 2653 sc->cmdq[cnt].wcid = wcid; 2654 ieee80211_runtask(ic, &sc->cmdq_task); 2655 } 2656 2657 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2658 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2659 2660 for (i = 0; i < rs->rs_nrates; i++) { 2661 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2662 /* convert 802.11 rate to hardware rate index */ 2663 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2664 if (rt2860_rates[ridx].rate == rate) 2665 break; 2666 rn->ridx[i] = ridx; 2667 /* determine rate of control response frames */ 2668 for (j = i; j >= 0; j--) { 2669 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2670 rt2860_rates[rn->ridx[i]].phy == 2671 rt2860_rates[rn->ridx[j]].phy) 2672 break; 2673 } 2674 if (j >= 0) { 2675 rn->ctl_ridx[i] = rn->ridx[j]; 2676 } else { 2677 /* no basic rate found, use mandatory one */ 2678 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2679 } 2680 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2681 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2682 } 2683 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2684 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2685 if (rt2860_rates[ridx].rate == rate) 2686 break; 2687 rn->mgt_ridx = ridx; 2688 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2689 2690 RUN_LOCK(sc); 2691 if(sc->ratectl_run != RUN_RATECTL_OFF) 2692 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2693 RUN_UNLOCK(sc); 2694} 2695 2696/* 2697 * Return the Rx chain with the highest RSSI for a given frame. 2698 */ 2699static __inline uint8_t 2700run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2701{ 2702 uint8_t rxchain = 0; 2703 2704 if (sc->nrxchains > 1) { 2705 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2706 rxchain = 1; 2707 if (sc->nrxchains > 2) 2708 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2709 rxchain = 2; 2710 } 2711 return (rxchain); 2712} 2713 2714static void 2715run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2716 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2717{ 2718 struct ieee80211vap *vap = ni->ni_vap; 2719 struct run_softc *sc = vap->iv_ic->ic_softc; 2720 struct run_vap *rvp = RUN_VAP(vap); 2721 uint64_t ni_tstamp, rx_tstamp; 2722 2723 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2724 2725 if (vap->iv_state == IEEE80211_S_RUN && 2726 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2727 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2728 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2729 RUN_LOCK(sc); 2730 run_get_tsf(sc, &rx_tstamp); 2731 RUN_UNLOCK(sc); 2732 rx_tstamp = le64toh(rx_tstamp); 2733 2734 if (ni_tstamp >= rx_tstamp) { 2735 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2736 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2737 (void) ieee80211_ibss_merge(ni); 2738 } 2739 } 2740} 2741 2742static void 2743run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2744{ 2745 struct ieee80211com *ic = &sc->sc_ic; 2746 struct ieee80211_frame *wh; 2747 struct ieee80211_node *ni; 2748 struct rt2870_rxd *rxd; 2749 struct rt2860_rxwi *rxwi; 2750 uint32_t flags; 2751 uint16_t len, rxwisize; 2752 uint8_t ant, rssi; 2753 int8_t nf; 2754 2755 rxwisize = sizeof(struct rt2860_rxwi); 2756 if (sc->mac_ver == 0x5592) 2757 rxwisize += sizeof(uint64_t); 2758 else if (sc->mac_ver == 0x3593) 2759 rxwisize += sizeof(uint32_t); 2760 2761 if (__predict_false(dmalen < 2762 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2763 DPRINTF("payload is too short: dma length %u < %zu\n", 2764 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2765 goto fail; 2766 } 2767 2768 rxwi = mtod(m, struct rt2860_rxwi *); 2769 len = le16toh(rxwi->len) & 0xfff; 2770 2771 if (__predict_false(len > dmalen - rxwisize)) { 2772 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2773 goto fail; 2774 } 2775 2776 /* Rx descriptor is located at the end */ 2777 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2778 flags = le32toh(rxd->flags); 2779 2780 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2781 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2782 goto fail; 2783 } 2784 2785 if (flags & RT2860_RX_L2PAD) { 2786 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2787 len += 2; 2788 } 2789 2790 m->m_data += rxwisize; 2791 m->m_pkthdr.len = m->m_len = len; 2792 2793 wh = mtod(m, struct ieee80211_frame *); 2794 2795 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 && 2796 (flags & RT2860_RX_DEC) != 0) { 2797 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2798 m->m_flags |= M_WEP; 2799 } 2800 2801 if (len >= sizeof(struct ieee80211_frame_min)) { 2802 ni = ieee80211_find_rxnode(ic, 2803 mtod(m, struct ieee80211_frame_min *)); 2804 } else 2805 ni = NULL; 2806 2807 if (__predict_false(flags & RT2860_RX_MICERR)) { 2808 /* report MIC failures to net80211 for TKIP */ 2809 if (ni != NULL) 2810 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2811 rxwi->keyidx); 2812 DPRINTF("MIC error. Someone is lying.\n"); 2813 goto fail; 2814 } 2815 2816 ant = run_maxrssi_chain(sc, rxwi); 2817 rssi = rxwi->rssi[ant]; 2818 nf = run_rssi2dbm(sc, rssi, ant); 2819 2820 if (__predict_false(ieee80211_radiotap_active(ic))) { 2821 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2822 uint16_t phy; 2823 2824 tap->wr_flags = 0; 2825 if (flags & RT2860_RX_L2PAD) 2826 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 2827 tap->wr_antsignal = rssi; 2828 tap->wr_antenna = ant; 2829 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2830 tap->wr_rate = 2; /* in case it can't be found below */ 2831 RUN_LOCK(sc); 2832 run_get_tsf(sc, &tap->wr_tsf); 2833 RUN_UNLOCK(sc); 2834 phy = le16toh(rxwi->phy); 2835 switch (phy & RT2860_PHY_MODE) { 2836 case RT2860_PHY_CCK: 2837 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2838 case 0: tap->wr_rate = 2; break; 2839 case 1: tap->wr_rate = 4; break; 2840 case 2: tap->wr_rate = 11; break; 2841 case 3: tap->wr_rate = 22; break; 2842 } 2843 if (phy & RT2860_PHY_SHPRE) 2844 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2845 break; 2846 case RT2860_PHY_OFDM: 2847 switch (phy & RT2860_PHY_MCS) { 2848 case 0: tap->wr_rate = 12; break; 2849 case 1: tap->wr_rate = 18; break; 2850 case 2: tap->wr_rate = 24; break; 2851 case 3: tap->wr_rate = 36; break; 2852 case 4: tap->wr_rate = 48; break; 2853 case 5: tap->wr_rate = 72; break; 2854 case 6: tap->wr_rate = 96; break; 2855 case 7: tap->wr_rate = 108; break; 2856 } 2857 break; 2858 } 2859 } 2860 2861 if (ni != NULL) { 2862 (void)ieee80211_input(ni, m, rssi, nf); 2863 ieee80211_free_node(ni); 2864 } else { 2865 (void)ieee80211_input_all(ic, m, rssi, nf); 2866 } 2867 2868 return; 2869 2870fail: 2871 m_freem(m); 2872 counter_u64_add(ic->ic_ierrors, 1); 2873} 2874 2875static void 2876run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2877{ 2878 struct run_softc *sc = usbd_xfer_softc(xfer); 2879 struct ieee80211com *ic = &sc->sc_ic; 2880 struct mbuf *m = NULL; 2881 struct mbuf *m0; 2882 uint32_t dmalen, mbuf_len; 2883 uint16_t rxwisize; 2884 int xferlen; 2885 2886 rxwisize = sizeof(struct rt2860_rxwi); 2887 if (sc->mac_ver == 0x5592) 2888 rxwisize += sizeof(uint64_t); 2889 else if (sc->mac_ver == 0x3593) 2890 rxwisize += sizeof(uint32_t); 2891 2892 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2893 2894 switch (USB_GET_STATE(xfer)) { 2895 case USB_ST_TRANSFERRED: 2896 2897 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2898 2899 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2900 sizeof(struct rt2870_rxd))) { 2901 DPRINTF("xfer too short %d\n", xferlen); 2902 goto tr_setup; 2903 } 2904 2905 m = sc->rx_m; 2906 sc->rx_m = NULL; 2907 2908 /* FALLTHROUGH */ 2909 case USB_ST_SETUP: 2910tr_setup: 2911 if (sc->rx_m == NULL) { 2912 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2913 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2914 } 2915 if (sc->rx_m == NULL) { 2916 DPRINTF("could not allocate mbuf - idle with stall\n"); 2917 counter_u64_add(ic->ic_ierrors, 1); 2918 usbd_xfer_set_stall(xfer); 2919 usbd_xfer_set_frames(xfer, 0); 2920 } else { 2921 /* 2922 * Directly loading a mbuf cluster into DMA to 2923 * save some data copying. This works because 2924 * there is only one cluster. 2925 */ 2926 usbd_xfer_set_frame_data(xfer, 0, 2927 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2928 usbd_xfer_set_frames(xfer, 1); 2929 } 2930 usbd_transfer_submit(xfer); 2931 break; 2932 2933 default: /* Error */ 2934 if (error != USB_ERR_CANCELLED) { 2935 /* try to clear stall first */ 2936 usbd_xfer_set_stall(xfer); 2937 if (error == USB_ERR_TIMEOUT) 2938 device_printf(sc->sc_dev, "device timeout\n"); 2939 counter_u64_add(ic->ic_ierrors, 1); 2940 goto tr_setup; 2941 } 2942 if (sc->rx_m != NULL) { 2943 m_freem(sc->rx_m); 2944 sc->rx_m = NULL; 2945 } 2946 break; 2947 } 2948 2949 if (m == NULL) 2950 return; 2951 2952 /* inputting all the frames must be last */ 2953 2954 RUN_UNLOCK(sc); 2955 2956 m->m_pkthdr.len = m->m_len = xferlen; 2957 2958 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2959 for(;;) { 2960 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2961 2962 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2963 ((dmalen & 3) != 0)) { 2964 DPRINTF("bad DMA length %u\n", dmalen); 2965 break; 2966 } 2967 if ((dmalen + 8) > (uint32_t)xferlen) { 2968 DPRINTF("bad DMA length %u > %d\n", 2969 dmalen + 8, xferlen); 2970 break; 2971 } 2972 2973 /* If it is the last one or a single frame, we won't copy. */ 2974 if ((xferlen -= dmalen + 8) <= 8) { 2975 /* trim 32-bit DMA-len header */ 2976 m->m_data += 4; 2977 m->m_pkthdr.len = m->m_len -= 4; 2978 run_rx_frame(sc, m, dmalen); 2979 m = NULL; /* don't free source buffer */ 2980 break; 2981 } 2982 2983 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 2984 if (__predict_false(mbuf_len > MCLBYTES)) { 2985 DPRINTF("payload is too big: mbuf_len %u\n", mbuf_len); 2986 counter_u64_add(ic->ic_ierrors, 1); 2987 break; 2988 } 2989 2990 /* copy aggregated frames to another mbuf */ 2991 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2992 if (__predict_false(m0 == NULL)) { 2993 DPRINTF("could not allocate mbuf\n"); 2994 counter_u64_add(ic->ic_ierrors, 1); 2995 break; 2996 } 2997 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2998 mbuf_len, mtod(m0, caddr_t)); 2999 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3000 run_rx_frame(sc, m0, dmalen); 3001 3002 /* update data ptr */ 3003 m->m_data += mbuf_len + 4; 3004 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3005 } 3006 3007 /* make sure we free the source buffer, if any */ 3008 m_freem(m); 3009 3010 RUN_LOCK(sc); 3011} 3012 3013static void 3014run_tx_free(struct run_endpoint_queue *pq, 3015 struct run_tx_data *data, int txerr) 3016{ 3017 3018 ieee80211_tx_complete(data->ni, data->m, txerr); 3019 3020 data->m = NULL; 3021 data->ni = NULL; 3022 3023 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3024 pq->tx_nfree++; 3025} 3026 3027static void 3028run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3029{ 3030 struct run_softc *sc = usbd_xfer_softc(xfer); 3031 struct ieee80211com *ic = &sc->sc_ic; 3032 struct run_tx_data *data; 3033 struct ieee80211vap *vap = NULL; 3034 struct usb_page_cache *pc; 3035 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3036 struct mbuf *m; 3037 usb_frlength_t size; 3038 int actlen; 3039 int sumlen; 3040 3041 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3042 3043 switch (USB_GET_STATE(xfer)) { 3044 case USB_ST_TRANSFERRED: 3045 DPRINTFN(11, "transfer complete: %d " 3046 "bytes @ index %d\n", actlen, index); 3047 3048 data = usbd_xfer_get_priv(xfer); 3049 run_tx_free(pq, data, 0); 3050 usbd_xfer_set_priv(xfer, NULL); 3051 3052 /* FALLTHROUGH */ 3053 case USB_ST_SETUP: 3054tr_setup: 3055 data = STAILQ_FIRST(&pq->tx_qh); 3056 if (data == NULL) 3057 break; 3058 3059 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3060 3061 m = data->m; 3062 size = (sc->mac_ver == 0x5592) ? 3063 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3064 if ((m->m_pkthdr.len + 3065 size + 3 + 8) > RUN_MAX_TXSZ) { 3066 DPRINTF("data overflow, %u bytes\n", 3067 m->m_pkthdr.len); 3068 run_tx_free(pq, data, 1); 3069 goto tr_setup; 3070 } 3071 3072 pc = usbd_xfer_get_frame(xfer, 0); 3073 usbd_copy_in(pc, 0, &data->desc, size); 3074 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3075 size += m->m_pkthdr.len; 3076 /* 3077 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3078 * 4-byte padding), and be sure to zero those trailing 3079 * bytes: 3080 */ 3081 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3082 size += ((-size) & 3) + 8; 3083 3084 vap = data->ni->ni_vap; 3085 if (ieee80211_radiotap_active_vap(vap)) { 3086 const struct ieee80211_frame *wh; 3087 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3088 struct rt2860_txwi *txwi = 3089 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3090 int has_l2pad; 3091 3092 wh = mtod(m, struct ieee80211_frame *); 3093 has_l2pad = IEEE80211_HAS_ADDR4(wh) != 3094 IEEE80211_QOS_HAS_SEQ(wh); 3095 3096 tap->wt_flags = 0; 3097 tap->wt_rate = rt2860_rates[data->ridx].rate; 3098 tap->wt_hwqueue = index; 3099 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3100 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3101 if (has_l2pad) 3102 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 3103 3104 ieee80211_radiotap_tx(vap, m); 3105 } 3106 3107 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3108 m->m_pkthdr.len, size, index); 3109 3110 usbd_xfer_set_frame_len(xfer, 0, size); 3111 usbd_xfer_set_priv(xfer, data); 3112 usbd_transfer_submit(xfer); 3113 run_start(sc); 3114 3115 break; 3116 3117 default: 3118 DPRINTF("USB transfer error, %s\n", 3119 usbd_errstr(error)); 3120 3121 data = usbd_xfer_get_priv(xfer); 3122 3123 if (data != NULL) { 3124 if(data->ni != NULL) 3125 vap = data->ni->ni_vap; 3126 run_tx_free(pq, data, error); 3127 usbd_xfer_set_priv(xfer, NULL); 3128 } 3129 3130 if (vap == NULL) 3131 vap = TAILQ_FIRST(&ic->ic_vaps); 3132 3133 if (error != USB_ERR_CANCELLED) { 3134 if (error == USB_ERR_TIMEOUT) { 3135 device_printf(sc->sc_dev, "device timeout\n"); 3136 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3137 DPRINTF("cmdq_store=%d\n", i); 3138 sc->cmdq[i].func = run_usb_timeout_cb; 3139 sc->cmdq[i].arg0 = vap; 3140 ieee80211_runtask(ic, &sc->cmdq_task); 3141 } 3142 3143 /* 3144 * Try to clear stall first, also if other 3145 * errors occur, hence clearing stall 3146 * introduces a 50 ms delay: 3147 */ 3148 usbd_xfer_set_stall(xfer); 3149 goto tr_setup; 3150 } 3151 break; 3152 } 3153} 3154 3155static void 3156run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3157{ 3158 run_bulk_tx_callbackN(xfer, error, 0); 3159} 3160 3161static void 3162run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3163{ 3164 run_bulk_tx_callbackN(xfer, error, 1); 3165} 3166 3167static void 3168run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3169{ 3170 run_bulk_tx_callbackN(xfer, error, 2); 3171} 3172 3173static void 3174run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3175{ 3176 run_bulk_tx_callbackN(xfer, error, 3); 3177} 3178 3179static void 3180run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3181{ 3182 run_bulk_tx_callbackN(xfer, error, 4); 3183} 3184 3185static void 3186run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3187{ 3188 run_bulk_tx_callbackN(xfer, error, 5); 3189} 3190 3191static void 3192run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3193{ 3194 struct mbuf *m = data->m; 3195 struct ieee80211com *ic = &sc->sc_ic; 3196 struct ieee80211vap *vap = data->ni->ni_vap; 3197 struct ieee80211_frame *wh; 3198 struct rt2870_txd *txd; 3199 struct rt2860_txwi *txwi; 3200 uint16_t xferlen, txwisize; 3201 uint16_t mcs; 3202 uint8_t ridx = data->ridx; 3203 uint8_t pad; 3204 3205 /* get MCS code from rate index */ 3206 mcs = rt2860_rates[ridx].mcs; 3207 3208 txwisize = (sc->mac_ver == 0x5592) ? 3209 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3210 xferlen = txwisize + m->m_pkthdr.len; 3211 3212 /* roundup to 32-bit alignment */ 3213 xferlen = (xferlen + 3) & ~3; 3214 3215 txd = (struct rt2870_txd *)&data->desc; 3216 txd->len = htole16(xferlen); 3217 3218 wh = mtod(m, struct ieee80211_frame *); 3219 3220 /* 3221 * Ether both are true or both are false, the header 3222 * are nicely aligned to 32-bit. So, no L2 padding. 3223 */ 3224 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3225 pad = 0; 3226 else 3227 pad = 2; 3228 3229 /* setup TX Wireless Information */ 3230 txwi = (struct rt2860_txwi *)(txd + 1); 3231 txwi->len = htole16(m->m_pkthdr.len - pad); 3232 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3233 mcs |= RT2860_PHY_CCK; 3234 if (ridx != RT2860_RIDX_CCK1 && 3235 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3236 mcs |= RT2860_PHY_SHPRE; 3237 } else 3238 mcs |= RT2860_PHY_OFDM; 3239 txwi->phy = htole16(mcs); 3240 3241 /* check if RTS/CTS or CTS-to-self protection is required */ 3242 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3243 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3244 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3245 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3246 txwi->txop |= RT2860_TX_TXOP_HT; 3247 else 3248 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3249 3250 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3251 txwi->xflags |= RT2860_TX_NSEQ; 3252} 3253 3254/* This function must be called locked */ 3255static int 3256run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3257{ 3258 struct ieee80211com *ic = &sc->sc_ic; 3259 struct ieee80211vap *vap = ni->ni_vap; 3260 struct ieee80211_frame *wh; 3261 struct ieee80211_channel *chan; 3262 const struct ieee80211_txparam *tp; 3263 struct run_node *rn = RUN_NODE(ni); 3264 struct run_tx_data *data; 3265 struct rt2870_txd *txd; 3266 struct rt2860_txwi *txwi; 3267 uint16_t qos; 3268 uint16_t dur; 3269 uint16_t qid; 3270 uint8_t type; 3271 uint8_t tid; 3272 uint8_t ridx; 3273 uint8_t ctl_ridx; 3274 uint8_t qflags; 3275 uint8_t xflags = 0; 3276 int hasqos; 3277 3278 RUN_LOCK_ASSERT(sc, MA_OWNED); 3279 3280 wh = mtod(m, struct ieee80211_frame *); 3281 3282 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3283 3284 /* 3285 * There are 7 bulk endpoints: 1 for RX 3286 * and 6 for TX (4 EDCAs + HCCA + Prio). 3287 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3288 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3289 */ 3290 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3291 uint8_t *frm; 3292 3293 frm = ieee80211_getqos(wh); 3294 qos = le16toh(*(const uint16_t *)frm); 3295 tid = qos & IEEE80211_QOS_TID; 3296 qid = TID_TO_WME_AC(tid); 3297 } else { 3298 qos = 0; 3299 tid = 0; 3300 qid = WME_AC_BE; 3301 } 3302 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3303 3304 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3305 qos, qid, tid, qflags); 3306 3307 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3308 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3309 3310 /* pickup a rate index */ 3311 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3312 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3313 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3314 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3315 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3316 } else { 3317 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3318 ridx = rn->fix_ridx; 3319 else 3320 ridx = rn->amrr_ridx; 3321 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3322 } 3323 3324 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3325 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3326 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3327 xflags |= RT2860_TX_ACK; 3328 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3329 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3330 else 3331 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3332 USETW(wh->i_dur, dur); 3333 } 3334 3335 /* reserve slots for mgmt packets, just in case */ 3336 if (sc->sc_epq[qid].tx_nfree < 3) { 3337 DPRINTFN(10, "tx ring %d is full\n", qid); 3338 return (-1); 3339 } 3340 3341 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3342 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3343 sc->sc_epq[qid].tx_nfree--; 3344 3345 txd = (struct rt2870_txd *)&data->desc; 3346 txd->flags = qflags; 3347 txwi = (struct rt2860_txwi *)(txd + 1); 3348 txwi->xflags = xflags; 3349 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3350 txwi->wcid = 0; 3351 else 3352 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3353 1 : RUN_AID2WCID(ni->ni_associd); 3354 3355 /* clear leftover garbage bits */ 3356 txwi->flags = 0; 3357 txwi->txop = 0; 3358 3359 data->m = m; 3360 data->ni = ni; 3361 data->ridx = ridx; 3362 3363 run_set_tx_desc(sc, data); 3364 3365 /* 3366 * The chip keeps track of 2 kind of Tx stats, 3367 * * TX_STAT_FIFO, for per WCID stats, and 3368 * * TX_STA_CNT0 for all-TX-in-one stats. 3369 * 3370 * To use FIFO stats, we need to store MCS into the driver-private 3371 * PacketID field. So that, we can tell whose stats when we read them. 3372 * We add 1 to the MCS because setting the PacketID field to 0 means 3373 * that we don't want feedback in TX_STAT_FIFO. 3374 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3375 * 3376 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3377 */ 3378 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3379 vap->iv_opmode == IEEE80211_M_MBSS) { 3380 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3381 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3382 3383 /* 3384 * Unlike PCI based devices, we don't get any interrupt from 3385 * USB devices, so we simulate FIFO-is-full interrupt here. 3386 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3387 * quickly get fulled. To prevent overflow, increment a counter on 3388 * every FIFO stat request, so we know how many slots are left. 3389 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3390 * are used only in those modes. 3391 * We just drain stats. AMRR gets updated every 1 sec by 3392 * run_ratectl_cb() via callout. 3393 * Call it early. Otherwise overflow. 3394 */ 3395 if (sc->fifo_cnt++ == 10) { 3396 /* 3397 * With multiple vaps or if_bridge, if_start() is called 3398 * with a non-sleepable lock, tcpinp. So, need to defer. 3399 */ 3400 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3401 DPRINTFN(6, "cmdq_store=%d\n", i); 3402 sc->cmdq[i].func = run_drain_fifo; 3403 sc->cmdq[i].arg0 = sc; 3404 ieee80211_runtask(ic, &sc->cmdq_task); 3405 } 3406 } 3407 3408 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3409 3410 usbd_transfer_start(sc->sc_xfer[qid]); 3411 3412 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3413 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3414 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3415 3416 return (0); 3417} 3418 3419static int 3420run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3421{ 3422 struct ieee80211com *ic = &sc->sc_ic; 3423 struct run_node *rn = RUN_NODE(ni); 3424 struct run_tx_data *data; 3425 struct ieee80211_frame *wh; 3426 struct rt2870_txd *txd; 3427 struct rt2860_txwi *txwi; 3428 uint16_t dur; 3429 uint8_t ridx = rn->mgt_ridx; 3430 uint8_t type; 3431 uint8_t xflags = 0; 3432 uint8_t wflags = 0; 3433 3434 RUN_LOCK_ASSERT(sc, MA_OWNED); 3435 3436 wh = mtod(m, struct ieee80211_frame *); 3437 3438 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3439 3440 /* tell hardware to add timestamp for probe responses */ 3441 if ((wh->i_fc[0] & 3442 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3443 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3444 wflags |= RT2860_TX_TS; 3445 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3446 xflags |= RT2860_TX_ACK; 3447 3448 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3449 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3450 USETW(wh->i_dur, dur); 3451 } 3452 3453 if (sc->sc_epq[0].tx_nfree == 0) 3454 /* let caller free mbuf */ 3455 return (EIO); 3456 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3457 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3458 sc->sc_epq[0].tx_nfree--; 3459 3460 txd = (struct rt2870_txd *)&data->desc; 3461 txd->flags = RT2860_TX_QSEL_EDCA; 3462 txwi = (struct rt2860_txwi *)(txd + 1); 3463 txwi->wcid = 0xff; 3464 txwi->flags = wflags; 3465 txwi->xflags = xflags; 3466 txwi->txop = 0; /* clear leftover garbage bits */ 3467 3468 data->m = m; 3469 data->ni = ni; 3470 data->ridx = ridx; 3471 3472 run_set_tx_desc(sc, data); 3473 3474 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3475 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3476 rt2860_rates[ridx].rate); 3477 3478 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3479 3480 usbd_transfer_start(sc->sc_xfer[0]); 3481 3482 return (0); 3483} 3484 3485static int 3486run_sendprot(struct run_softc *sc, 3487 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3488{ 3489 struct ieee80211com *ic = ni->ni_ic; 3490 struct ieee80211_frame *wh; 3491 struct run_tx_data *data; 3492 struct rt2870_txd *txd; 3493 struct rt2860_txwi *txwi; 3494 struct mbuf *mprot; 3495 int ridx; 3496 int protrate; 3497 int ackrate; 3498 int pktlen; 3499 int isshort; 3500 uint16_t dur; 3501 uint8_t type; 3502 uint8_t wflags = 0; 3503 uint8_t xflags = 0; 3504 3505 RUN_LOCK_ASSERT(sc, MA_OWNED); 3506 3507 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3508 ("protection %d", prot)); 3509 3510 wh = mtod(m, struct ieee80211_frame *); 3511 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3512 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3513 3514 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3515 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3516 3517 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3518 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3519 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3520 wflags = RT2860_TX_FRAG; 3521 3522 /* check that there are free slots before allocating the mbuf */ 3523 if (sc->sc_epq[0].tx_nfree == 0) 3524 /* let caller free mbuf */ 3525 return (ENOBUFS); 3526 3527 if (prot == IEEE80211_PROT_RTSCTS) { 3528 /* NB: CTS is the same size as an ACK */ 3529 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3530 xflags |= RT2860_TX_ACK; 3531 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3532 } else { 3533 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3534 } 3535 if (mprot == NULL) { 3536 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3537 DPRINTF("could not allocate mbuf\n"); 3538 return (ENOBUFS); 3539 } 3540 3541 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3542 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3543 sc->sc_epq[0].tx_nfree--; 3544 3545 txd = (struct rt2870_txd *)&data->desc; 3546 txd->flags = RT2860_TX_QSEL_EDCA; 3547 txwi = (struct rt2860_txwi *)(txd + 1); 3548 txwi->wcid = 0xff; 3549 txwi->flags = wflags; 3550 txwi->xflags = xflags; 3551 txwi->txop = 0; /* clear leftover garbage bits */ 3552 3553 data->m = mprot; 3554 data->ni = ieee80211_ref_node(ni); 3555 3556 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3557 if (rt2860_rates[ridx].rate == protrate) 3558 break; 3559 data->ridx = ridx; 3560 3561 run_set_tx_desc(sc, data); 3562 3563 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3564 m->m_pkthdr.len, rate); 3565 3566 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3567 3568 usbd_transfer_start(sc->sc_xfer[0]); 3569 3570 return (0); 3571} 3572 3573static int 3574run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3575 const struct ieee80211_bpf_params *params) 3576{ 3577 struct ieee80211com *ic = ni->ni_ic; 3578 struct ieee80211_frame *wh; 3579 struct run_tx_data *data; 3580 struct rt2870_txd *txd; 3581 struct rt2860_txwi *txwi; 3582 uint8_t type; 3583 uint8_t ridx; 3584 uint8_t rate; 3585 uint8_t opflags = 0; 3586 uint8_t xflags = 0; 3587 int error; 3588 3589 RUN_LOCK_ASSERT(sc, MA_OWNED); 3590 3591 KASSERT(params != NULL, ("no raw xmit params")); 3592 3593 wh = mtod(m, struct ieee80211_frame *); 3594 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3595 3596 rate = params->ibp_rate0; 3597 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3598 /* let caller free mbuf */ 3599 return (EINVAL); 3600 } 3601 3602 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3603 xflags |= RT2860_TX_ACK; 3604 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3605 error = run_sendprot(sc, m, ni, 3606 params->ibp_flags & IEEE80211_BPF_RTS ? 3607 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3608 rate); 3609 if (error) { 3610 /* let caller free mbuf */ 3611 return error; 3612 } 3613 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3614 } 3615 3616 if (sc->sc_epq[0].tx_nfree == 0) { 3617 /* let caller free mbuf */ 3618 DPRINTF("sending raw frame, but tx ring is full\n"); 3619 return (EIO); 3620 } 3621 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3622 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3623 sc->sc_epq[0].tx_nfree--; 3624 3625 txd = (struct rt2870_txd *)&data->desc; 3626 txd->flags = RT2860_TX_QSEL_EDCA; 3627 txwi = (struct rt2860_txwi *)(txd + 1); 3628 txwi->wcid = 0xff; 3629 txwi->xflags = xflags; 3630 txwi->txop = opflags; 3631 txwi->flags = 0; /* clear leftover garbage bits */ 3632 3633 data->m = m; 3634 data->ni = ni; 3635 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3636 if (rt2860_rates[ridx].rate == rate) 3637 break; 3638 data->ridx = ridx; 3639 3640 run_set_tx_desc(sc, data); 3641 3642 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3643 m->m_pkthdr.len, rate); 3644 3645 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3646 3647 usbd_transfer_start(sc->sc_xfer[0]); 3648 3649 return (0); 3650} 3651 3652static int 3653run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3654 const struct ieee80211_bpf_params *params) 3655{ 3656 struct run_softc *sc = ni->ni_ic->ic_softc; 3657 int error = 0; 3658 3659 RUN_LOCK(sc); 3660 3661 /* prevent management frames from being sent if we're not ready */ 3662 if (!(sc->sc_flags & RUN_RUNNING)) { 3663 error = ENETDOWN; 3664 goto done; 3665 } 3666 3667 if (params == NULL) { 3668 /* tx mgt packet */ 3669 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3670 DPRINTF("mgt tx failed\n"); 3671 goto done; 3672 } 3673 } else { 3674 /* tx raw packet with param */ 3675 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3676 DPRINTF("tx with param failed\n"); 3677 goto done; 3678 } 3679 } 3680 3681done: 3682 RUN_UNLOCK(sc); 3683 3684 if (error != 0) { 3685 if(m != NULL) 3686 m_freem(m); 3687 } 3688 3689 return (error); 3690} 3691 3692static int 3693run_transmit(struct ieee80211com *ic, struct mbuf *m) 3694{ 3695 struct run_softc *sc = ic->ic_softc; 3696 int error; 3697 3698 RUN_LOCK(sc); 3699 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3700 RUN_UNLOCK(sc); 3701 return (ENXIO); 3702 } 3703 error = mbufq_enqueue(&sc->sc_snd, m); 3704 if (error) { 3705 RUN_UNLOCK(sc); 3706 return (error); 3707 } 3708 run_start(sc); 3709 RUN_UNLOCK(sc); 3710 3711 return (0); 3712} 3713 3714static void 3715run_start(struct run_softc *sc) 3716{ 3717 struct ieee80211_node *ni; 3718 struct mbuf *m; 3719 3720 RUN_LOCK_ASSERT(sc, MA_OWNED); 3721 3722 if ((sc->sc_flags & RUN_RUNNING) == 0) 3723 return; 3724 3725 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3726 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3727 if (run_tx(sc, m, ni) != 0) { 3728 mbufq_prepend(&sc->sc_snd, m); 3729 break; 3730 } 3731 } 3732} 3733 3734static void 3735run_parent(struct ieee80211com *ic) 3736{ 3737 struct run_softc *sc = ic->ic_softc; 3738 int startall = 0; 3739 3740 RUN_LOCK(sc); 3741 if (sc->sc_detached) { 3742 RUN_UNLOCK(sc); 3743 return; 3744 } 3745 3746 if (ic->ic_nrunning > 0) { 3747 if (!(sc->sc_flags & RUN_RUNNING)) { 3748 startall = 1; 3749 run_init_locked(sc); 3750 } else 3751 run_update_promisc_locked(sc); 3752 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3753 run_stop(sc); 3754 RUN_UNLOCK(sc); 3755 if (startall) 3756 ieee80211_start_all(ic); 3757} 3758 3759static void 3760run_iq_calib(struct run_softc *sc, u_int chan) 3761{ 3762 uint16_t val; 3763 3764 /* Tx0 IQ gain. */ 3765 run_bbp_write(sc, 158, 0x2c); 3766 if (chan <= 14) 3767 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3768 else if (chan <= 64) { 3769 run_efuse_read(sc, 3770 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3771 &val, 1); 3772 } else if (chan <= 138) { 3773 run_efuse_read(sc, 3774 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3775 &val, 1); 3776 } else if (chan <= 165) { 3777 run_efuse_read(sc, 3778 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3779 &val, 1); 3780 } else 3781 val = 0; 3782 run_bbp_write(sc, 159, val); 3783 3784 /* Tx0 IQ phase. */ 3785 run_bbp_write(sc, 158, 0x2d); 3786 if (chan <= 14) { 3787 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3788 &val, 1); 3789 } else if (chan <= 64) { 3790 run_efuse_read(sc, 3791 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3792 &val, 1); 3793 } else if (chan <= 138) { 3794 run_efuse_read(sc, 3795 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3796 &val, 1); 3797 } else if (chan <= 165) { 3798 run_efuse_read(sc, 3799 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3800 &val, 1); 3801 } else 3802 val = 0; 3803 run_bbp_write(sc, 159, val); 3804 3805 /* Tx1 IQ gain. */ 3806 run_bbp_write(sc, 158, 0x4a); 3807 if (chan <= 14) { 3808 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3809 &val, 1); 3810 } else if (chan <= 64) { 3811 run_efuse_read(sc, 3812 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3813 &val, 1); 3814 } else if (chan <= 138) { 3815 run_efuse_read(sc, 3816 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3817 &val, 1); 3818 } else if (chan <= 165) { 3819 run_efuse_read(sc, 3820 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3821 &val, 1); 3822 } else 3823 val = 0; 3824 run_bbp_write(sc, 159, val); 3825 3826 /* Tx1 IQ phase. */ 3827 run_bbp_write(sc, 158, 0x4b); 3828 if (chan <= 14) { 3829 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3830 &val, 1); 3831 } else if (chan <= 64) { 3832 run_efuse_read(sc, 3833 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3834 &val, 1); 3835 } else if (chan <= 138) { 3836 run_efuse_read(sc, 3837 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3838 &val, 1); 3839 } else if (chan <= 165) { 3840 run_efuse_read(sc, 3841 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3842 &val, 1); 3843 } else 3844 val = 0; 3845 run_bbp_write(sc, 159, val); 3846 3847 /* RF IQ compensation control. */ 3848 run_bbp_write(sc, 158, 0x04); 3849 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3850 &val, 1); 3851 run_bbp_write(sc, 159, val); 3852 3853 /* RF IQ imbalance compensation control. */ 3854 run_bbp_write(sc, 158, 0x03); 3855 run_efuse_read(sc, 3856 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3857 run_bbp_write(sc, 159, val); 3858} 3859 3860static void 3861run_set_agc(struct run_softc *sc, uint8_t agc) 3862{ 3863 uint8_t bbp; 3864 3865 if (sc->mac_ver == 0x3572) { 3866 run_bbp_read(sc, 27, &bbp); 3867 bbp &= ~(0x3 << 5); 3868 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3869 run_bbp_write(sc, 66, agc); 3870 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3871 run_bbp_write(sc, 66, agc); 3872 } else 3873 run_bbp_write(sc, 66, agc); 3874} 3875 3876static void 3877run_select_chan_group(struct run_softc *sc, int group) 3878{ 3879 uint32_t tmp; 3880 uint8_t agc; 3881 3882 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3883 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3884 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3885 if (sc->mac_ver < 0x3572) 3886 run_bbp_write(sc, 86, 0x00); 3887 3888 if (sc->mac_ver == 0x3593) { 3889 run_bbp_write(sc, 77, 0x98); 3890 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3891 } 3892 3893 if (group == 0) { 3894 if (sc->ext_2ghz_lna) { 3895 if (sc->mac_ver >= 0x5390) 3896 run_bbp_write(sc, 75, 0x52); 3897 else { 3898 run_bbp_write(sc, 82, 0x62); 3899 run_bbp_write(sc, 75, 0x46); 3900 } 3901 } else { 3902 if (sc->mac_ver == 0x5592) { 3903 run_bbp_write(sc, 79, 0x1c); 3904 run_bbp_write(sc, 80, 0x0e); 3905 run_bbp_write(sc, 81, 0x3a); 3906 run_bbp_write(sc, 82, 0x62); 3907 3908 run_bbp_write(sc, 195, 0x80); 3909 run_bbp_write(sc, 196, 0xe0); 3910 run_bbp_write(sc, 195, 0x81); 3911 run_bbp_write(sc, 196, 0x1f); 3912 run_bbp_write(sc, 195, 0x82); 3913 run_bbp_write(sc, 196, 0x38); 3914 run_bbp_write(sc, 195, 0x83); 3915 run_bbp_write(sc, 196, 0x32); 3916 run_bbp_write(sc, 195, 0x85); 3917 run_bbp_write(sc, 196, 0x28); 3918 run_bbp_write(sc, 195, 0x86); 3919 run_bbp_write(sc, 196, 0x19); 3920 } else if (sc->mac_ver >= 0x5390) 3921 run_bbp_write(sc, 75, 0x50); 3922 else { 3923 run_bbp_write(sc, 82, 3924 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3925 run_bbp_write(sc, 75, 0x50); 3926 } 3927 } 3928 } else { 3929 if (sc->mac_ver == 0x5592) { 3930 run_bbp_write(sc, 79, 0x18); 3931 run_bbp_write(sc, 80, 0x08); 3932 run_bbp_write(sc, 81, 0x38); 3933 run_bbp_write(sc, 82, 0x92); 3934 3935 run_bbp_write(sc, 195, 0x80); 3936 run_bbp_write(sc, 196, 0xf0); 3937 run_bbp_write(sc, 195, 0x81); 3938 run_bbp_write(sc, 196, 0x1e); 3939 run_bbp_write(sc, 195, 0x82); 3940 run_bbp_write(sc, 196, 0x28); 3941 run_bbp_write(sc, 195, 0x83); 3942 run_bbp_write(sc, 196, 0x20); 3943 run_bbp_write(sc, 195, 0x85); 3944 run_bbp_write(sc, 196, 0x7f); 3945 run_bbp_write(sc, 195, 0x86); 3946 run_bbp_write(sc, 196, 0x7f); 3947 } else if (sc->mac_ver == 0x3572) 3948 run_bbp_write(sc, 82, 0x94); 3949 else 3950 run_bbp_write(sc, 82, 3951 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3952 if (sc->ext_5ghz_lna) 3953 run_bbp_write(sc, 75, 0x46); 3954 else 3955 run_bbp_write(sc, 75, 0x50); 3956 } 3957 3958 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3959 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3960 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3961 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3962 3963 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3964 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3965 if (sc->mac_ver == 0x3593) 3966 tmp |= 1 << 29 | 1 << 28; 3967 if (sc->nrxchains > 1) 3968 tmp |= RT2860_LNA_PE1_EN; 3969 if (group == 0) { /* 2GHz */ 3970 tmp |= RT2860_PA_PE_G0_EN; 3971 if (sc->ntxchains > 1) 3972 tmp |= RT2860_PA_PE_G1_EN; 3973 if (sc->mac_ver == 0x3593) { 3974 if (sc->ntxchains > 2) 3975 tmp |= 1 << 25; 3976 } 3977 } else { /* 5GHz */ 3978 tmp |= RT2860_PA_PE_A0_EN; 3979 if (sc->ntxchains > 1) 3980 tmp |= RT2860_PA_PE_A1_EN; 3981 } 3982 if (sc->mac_ver == 0x3572) { 3983 run_rt3070_rf_write(sc, 8, 0x00); 3984 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3985 run_rt3070_rf_write(sc, 8, 0x80); 3986 } else 3987 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3988 3989 if (sc->mac_ver == 0x5592) { 3990 run_bbp_write(sc, 195, 0x8d); 3991 run_bbp_write(sc, 196, 0x1a); 3992 } 3993 3994 if (sc->mac_ver == 0x3593) { 3995 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3996 tmp &= ~0x01010000; 3997 if (group == 0) 3998 tmp |= 0x00010000; 3999 tmp = (tmp & ~0x00009090) | 0x00000090; 4000 run_write(sc, RT2860_GPIO_CTRL, tmp); 4001 } 4002 4003 /* set initial AGC value */ 4004 if (group == 0) { /* 2GHz band */ 4005 if (sc->mac_ver >= 0x3070) 4006 agc = 0x1c + sc->lna[0] * 2; 4007 else 4008 agc = 0x2e + sc->lna[0]; 4009 } else { /* 5GHz band */ 4010 if (sc->mac_ver == 0x5592) 4011 agc = 0x24 + sc->lna[group] * 2; 4012 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4013 agc = 0x22 + (sc->lna[group] * 5) / 3; 4014 else 4015 agc = 0x32 + (sc->lna[group] * 5) / 3; 4016 } 4017 run_set_agc(sc, agc); 4018} 4019 4020static void 4021run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4022{ 4023 const struct rfprog *rfprog = rt2860_rf2850; 4024 uint32_t r2, r3, r4; 4025 int8_t txpow1, txpow2; 4026 int i; 4027 4028 /* find the settings for this channel (we know it exists) */ 4029 for (i = 0; rfprog[i].chan != chan; i++); 4030 4031 r2 = rfprog[i].r2; 4032 if (sc->ntxchains == 1) 4033 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4034 if (sc->nrxchains == 1) 4035 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4036 else if (sc->nrxchains == 2) 4037 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4038 4039 /* use Tx power values from EEPROM */ 4040 txpow1 = sc->txpow1[i]; 4041 txpow2 = sc->txpow2[i]; 4042 4043 /* Initialize RF R3 and R4. */ 4044 r3 = rfprog[i].r3 & 0xffffc1ff; 4045 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4046 if (chan > 14) { 4047 if (txpow1 >= 0) { 4048 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4049 r3 |= (txpow1 << 10) | (1 << 9); 4050 } else { 4051 txpow1 += 7; 4052 4053 /* txpow1 is not possible larger than 15. */ 4054 r3 |= (txpow1 << 10); 4055 } 4056 if (txpow2 >= 0) { 4057 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4058 r4 |= (txpow2 << 7) | (1 << 6); 4059 } else { 4060 txpow2 += 7; 4061 r4 |= (txpow2 << 7); 4062 } 4063 } else { 4064 /* Set Tx0 power. */ 4065 r3 |= (txpow1 << 9); 4066 4067 /* Set frequency offset and Tx1 power. */ 4068 r4 |= (txpow2 << 6); 4069 } 4070 4071 run_rt2870_rf_write(sc, rfprog[i].r1); 4072 run_rt2870_rf_write(sc, r2); 4073 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4074 run_rt2870_rf_write(sc, r4); 4075 4076 run_delay(sc, 10); 4077 4078 run_rt2870_rf_write(sc, rfprog[i].r1); 4079 run_rt2870_rf_write(sc, r2); 4080 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4081 run_rt2870_rf_write(sc, r4); 4082 4083 run_delay(sc, 10); 4084 4085 run_rt2870_rf_write(sc, rfprog[i].r1); 4086 run_rt2870_rf_write(sc, r2); 4087 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4088 run_rt2870_rf_write(sc, r4); 4089} 4090 4091static void 4092run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4093{ 4094 int8_t txpow1, txpow2; 4095 uint8_t rf; 4096 int i; 4097 4098 /* find the settings for this channel (we know it exists) */ 4099 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4100 4101 /* use Tx power values from EEPROM */ 4102 txpow1 = sc->txpow1[i]; 4103 txpow2 = sc->txpow2[i]; 4104 4105 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4106 4107 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4108 run_rt3070_rf_read(sc, 3, &rf); 4109 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4110 run_rt3070_rf_write(sc, 3, rf); 4111 4112 run_rt3070_rf_read(sc, 6, &rf); 4113 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4114 run_rt3070_rf_write(sc, 6, rf); 4115 4116 /* set Tx0 power */ 4117 run_rt3070_rf_read(sc, 12, &rf); 4118 rf = (rf & ~0x1f) | txpow1; 4119 run_rt3070_rf_write(sc, 12, rf); 4120 4121 /* set Tx1 power */ 4122 run_rt3070_rf_read(sc, 13, &rf); 4123 rf = (rf & ~0x1f) | txpow2; 4124 run_rt3070_rf_write(sc, 13, rf); 4125 4126 run_rt3070_rf_read(sc, 1, &rf); 4127 rf &= ~0xfc; 4128 if (sc->ntxchains == 1) 4129 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4130 else if (sc->ntxchains == 2) 4131 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4132 if (sc->nrxchains == 1) 4133 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4134 else if (sc->nrxchains == 2) 4135 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4136 run_rt3070_rf_write(sc, 1, rf); 4137 4138 /* set RF offset */ 4139 run_rt3070_rf_read(sc, 23, &rf); 4140 rf = (rf & ~0x7f) | sc->freq; 4141 run_rt3070_rf_write(sc, 23, rf); 4142 4143 /* program RF filter */ 4144 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4145 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4146 run_rt3070_rf_write(sc, 24, rf); 4147 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4148 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4149 run_rt3070_rf_write(sc, 31, rf); 4150 4151 /* enable RF tuning */ 4152 run_rt3070_rf_read(sc, 7, &rf); 4153 run_rt3070_rf_write(sc, 7, rf | 0x01); 4154} 4155 4156static void 4157run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4158{ 4159 int8_t txpow1, txpow2; 4160 uint32_t tmp; 4161 uint8_t rf; 4162 int i; 4163 4164 /* find the settings for this channel (we know it exists) */ 4165 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4166 4167 /* use Tx power values from EEPROM */ 4168 txpow1 = sc->txpow1[i]; 4169 txpow2 = sc->txpow2[i]; 4170 4171 if (chan <= 14) { 4172 run_bbp_write(sc, 25, sc->bbp25); 4173 run_bbp_write(sc, 26, sc->bbp26); 4174 } else { 4175 /* enable IQ phase correction */ 4176 run_bbp_write(sc, 25, 0x09); 4177 run_bbp_write(sc, 26, 0xff); 4178 } 4179 4180 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4181 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4182 run_rt3070_rf_read(sc, 6, &rf); 4183 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4184 rf |= (chan <= 14) ? 0x08 : 0x04; 4185 run_rt3070_rf_write(sc, 6, rf); 4186 4187 /* set PLL mode */ 4188 run_rt3070_rf_read(sc, 5, &rf); 4189 rf &= ~(0x08 | 0x04); 4190 rf |= (chan <= 14) ? 0x04 : 0x08; 4191 run_rt3070_rf_write(sc, 5, rf); 4192 4193 /* set Tx power for chain 0 */ 4194 if (chan <= 14) 4195 rf = 0x60 | txpow1; 4196 else 4197 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4198 run_rt3070_rf_write(sc, 12, rf); 4199 4200 /* set Tx power for chain 1 */ 4201 if (chan <= 14) 4202 rf = 0x60 | txpow2; 4203 else 4204 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4205 run_rt3070_rf_write(sc, 13, rf); 4206 4207 /* set Tx/Rx streams */ 4208 run_rt3070_rf_read(sc, 1, &rf); 4209 rf &= ~0xfc; 4210 if (sc->ntxchains == 1) 4211 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4212 else if (sc->ntxchains == 2) 4213 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4214 if (sc->nrxchains == 1) 4215 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4216 else if (sc->nrxchains == 2) 4217 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4218 run_rt3070_rf_write(sc, 1, rf); 4219 4220 /* set RF offset */ 4221 run_rt3070_rf_read(sc, 23, &rf); 4222 rf = (rf & ~0x7f) | sc->freq; 4223 run_rt3070_rf_write(sc, 23, rf); 4224 4225 /* program RF filter */ 4226 rf = sc->rf24_20mhz; 4227 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4228 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4229 4230 /* enable RF tuning */ 4231 run_rt3070_rf_read(sc, 7, &rf); 4232 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4233 run_rt3070_rf_write(sc, 7, rf); 4234 4235 /* TSSI */ 4236 rf = (chan <= 14) ? 0xc3 : 0xc0; 4237 run_rt3070_rf_write(sc, 9, rf); 4238 4239 /* set loop filter 1 */ 4240 run_rt3070_rf_write(sc, 10, 0xf1); 4241 /* set loop filter 2 */ 4242 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4243 4244 /* set tx_mx2_ic */ 4245 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4246 /* set tx_mx1_ic */ 4247 if (chan <= 14) 4248 rf = 0x48 | sc->txmixgain_2ghz; 4249 else 4250 rf = 0x78 | sc->txmixgain_5ghz; 4251 run_rt3070_rf_write(sc, 16, rf); 4252 4253 /* set tx_lo1 */ 4254 run_rt3070_rf_write(sc, 17, 0x23); 4255 /* set tx_lo2 */ 4256 if (chan <= 14) 4257 rf = 0x93; 4258 else if (chan <= 64) 4259 rf = 0xb7; 4260 else if (chan <= 128) 4261 rf = 0x74; 4262 else 4263 rf = 0x72; 4264 run_rt3070_rf_write(sc, 19, rf); 4265 4266 /* set rx_lo1 */ 4267 if (chan <= 14) 4268 rf = 0xb3; 4269 else if (chan <= 64) 4270 rf = 0xf6; 4271 else if (chan <= 128) 4272 rf = 0xf4; 4273 else 4274 rf = 0xf3; 4275 run_rt3070_rf_write(sc, 20, rf); 4276 4277 /* set pfd_delay */ 4278 if (chan <= 14) 4279 rf = 0x15; 4280 else if (chan <= 64) 4281 rf = 0x3d; 4282 else 4283 rf = 0x01; 4284 run_rt3070_rf_write(sc, 25, rf); 4285 4286 /* set rx_lo2 */ 4287 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4288 /* set ldo_rf_vc */ 4289 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4290 /* set drv_cc */ 4291 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4292 4293 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4294 tmp &= ~0x8080; 4295 if (chan <= 14) 4296 tmp |= 0x80; 4297 run_write(sc, RT2860_GPIO_CTRL, tmp); 4298 4299 /* enable RF tuning */ 4300 run_rt3070_rf_read(sc, 7, &rf); 4301 run_rt3070_rf_write(sc, 7, rf | 0x01); 4302 4303 run_delay(sc, 2); 4304} 4305 4306static void 4307run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4308{ 4309 int8_t txpow1, txpow2, txpow3; 4310 uint8_t h20mhz, rf; 4311 int i; 4312 4313 /* find the settings for this channel (we know it exists) */ 4314 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4315 4316 /* use Tx power values from EEPROM */ 4317 txpow1 = sc->txpow1[i]; 4318 txpow2 = sc->txpow2[i]; 4319 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4320 4321 if (chan <= 14) { 4322 run_bbp_write(sc, 25, sc->bbp25); 4323 run_bbp_write(sc, 26, sc->bbp26); 4324 } else { 4325 /* Enable IQ phase correction. */ 4326 run_bbp_write(sc, 25, 0x09); 4327 run_bbp_write(sc, 26, 0xff); 4328 } 4329 4330 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4331 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4332 run_rt3070_rf_read(sc, 11, &rf); 4333 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4334 run_rt3070_rf_write(sc, 11, rf); 4335 4336 /* Set pll_idoh. */ 4337 run_rt3070_rf_read(sc, 11, &rf); 4338 rf &= ~0x4c; 4339 rf |= (chan <= 14) ? 0x44 : 0x48; 4340 run_rt3070_rf_write(sc, 11, rf); 4341 4342 if (chan <= 14) 4343 rf = txpow1 & 0x1f; 4344 else 4345 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4346 run_rt3070_rf_write(sc, 53, rf); 4347 4348 if (chan <= 14) 4349 rf = txpow2 & 0x1f; 4350 else 4351 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4352 run_rt3070_rf_write(sc, 55, rf); 4353 4354 if (chan <= 14) 4355 rf = txpow3 & 0x1f; 4356 else 4357 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4358 run_rt3070_rf_write(sc, 54, rf); 4359 4360 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4361 if (sc->ntxchains == 3) 4362 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4363 else 4364 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4365 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4366 run_rt3070_rf_write(sc, 1, rf); 4367 4368 run_adjust_freq_offset(sc); 4369 4370 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4371 4372 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4373 run_rt3070_rf_read(sc, 30, &rf); 4374 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4375 run_rt3070_rf_write(sc, 30, rf); 4376 4377 run_rt3070_rf_read(sc, 36, &rf); 4378 if (chan <= 14) 4379 rf |= 0x80; 4380 else 4381 rf &= ~0x80; 4382 run_rt3070_rf_write(sc, 36, rf); 4383 4384 /* Set vcolo_bs. */ 4385 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4386 /* Set pfd_delay. */ 4387 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4388 4389 /* Set vco bias current control. */ 4390 run_rt3070_rf_read(sc, 6, &rf); 4391 rf &= ~0xc0; 4392 if (chan <= 14) 4393 rf |= 0x40; 4394 else if (chan <= 128) 4395 rf |= 0x80; 4396 else 4397 rf |= 0x40; 4398 run_rt3070_rf_write(sc, 6, rf); 4399 4400 run_rt3070_rf_read(sc, 30, &rf); 4401 rf = (rf & ~0x18) | 0x10; 4402 run_rt3070_rf_write(sc, 30, rf); 4403 4404 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4405 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4406 4407 run_rt3070_rf_read(sc, 51, &rf); 4408 rf = (rf & ~0x03) | 0x01; 4409 run_rt3070_rf_write(sc, 51, rf); 4410 /* Set tx_mx1_cc. */ 4411 run_rt3070_rf_read(sc, 51, &rf); 4412 rf &= ~0x1c; 4413 rf |= (chan <= 14) ? 0x14 : 0x10; 4414 run_rt3070_rf_write(sc, 51, rf); 4415 /* Set tx_mx1_ic. */ 4416 run_rt3070_rf_read(sc, 51, &rf); 4417 rf &= ~0xe0; 4418 rf |= (chan <= 14) ? 0x60 : 0x40; 4419 run_rt3070_rf_write(sc, 51, rf); 4420 /* Set tx_lo1_ic. */ 4421 run_rt3070_rf_read(sc, 49, &rf); 4422 rf &= ~0x1c; 4423 rf |= (chan <= 14) ? 0x0c : 0x08; 4424 run_rt3070_rf_write(sc, 49, rf); 4425 /* Set tx_lo1_en. */ 4426 run_rt3070_rf_read(sc, 50, &rf); 4427 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4428 /* Set drv_cc. */ 4429 run_rt3070_rf_read(sc, 57, &rf); 4430 rf &= ~0xfc; 4431 rf |= (chan <= 14) ? 0x6c : 0x3c; 4432 run_rt3070_rf_write(sc, 57, rf); 4433 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4434 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4435 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4436 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4437 /* Enable VCO calibration. */ 4438 run_rt3070_rf_read(sc, 3, &rf); 4439 rf &= ~RT5390_VCOCAL; 4440 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4441 run_rt3070_rf_write(sc, 3, rf); 4442 4443 if (chan <= 14) 4444 rf = 0x23; 4445 else if (chan <= 64) 4446 rf = 0x36; 4447 else if (chan <= 128) 4448 rf = 0x32; 4449 else 4450 rf = 0x30; 4451 run_rt3070_rf_write(sc, 39, rf); 4452 if (chan <= 14) 4453 rf = 0xbb; 4454 else if (chan <= 64) 4455 rf = 0xeb; 4456 else if (chan <= 128) 4457 rf = 0xb3; 4458 else 4459 rf = 0x9b; 4460 run_rt3070_rf_write(sc, 45, rf); 4461 4462 /* Set FEQ/AEQ control. */ 4463 run_bbp_write(sc, 105, 0x34); 4464} 4465 4466static void 4467run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4468{ 4469 int8_t txpow1, txpow2; 4470 uint8_t rf; 4471 int i; 4472 4473 /* find the settings for this channel (we know it exists) */ 4474 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4475 4476 /* use Tx power values from EEPROM */ 4477 txpow1 = sc->txpow1[i]; 4478 txpow2 = sc->txpow2[i]; 4479 4480 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4481 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4482 run_rt3070_rf_read(sc, 11, &rf); 4483 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4484 run_rt3070_rf_write(sc, 11, rf); 4485 4486 run_rt3070_rf_read(sc, 49, &rf); 4487 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4488 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4489 if ((rf & 0x3f) > 0x27) 4490 rf = (rf & ~0x3f) | 0x27; 4491 run_rt3070_rf_write(sc, 49, rf); 4492 4493 if (sc->mac_ver == 0x5392) { 4494 run_rt3070_rf_read(sc, 50, &rf); 4495 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4496 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4497 if ((rf & 0x3f) > 0x27) 4498 rf = (rf & ~0x3f) | 0x27; 4499 run_rt3070_rf_write(sc, 50, rf); 4500 } 4501 4502 run_rt3070_rf_read(sc, 1, &rf); 4503 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4504 if (sc->mac_ver == 0x5392) 4505 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4506 run_rt3070_rf_write(sc, 1, rf); 4507 4508 if (sc->mac_ver != 0x5392) { 4509 run_rt3070_rf_read(sc, 2, &rf); 4510 rf |= 0x80; 4511 run_rt3070_rf_write(sc, 2, rf); 4512 run_delay(sc, 10); 4513 rf &= 0x7f; 4514 run_rt3070_rf_write(sc, 2, rf); 4515 } 4516 4517 run_adjust_freq_offset(sc); 4518 4519 if (sc->mac_ver == 0x5392) { 4520 /* Fix for RT5392C. */ 4521 if (sc->mac_rev >= 0x0223) { 4522 if (chan <= 4) 4523 rf = 0x0f; 4524 else if (chan >= 5 && chan <= 7) 4525 rf = 0x0e; 4526 else 4527 rf = 0x0d; 4528 run_rt3070_rf_write(sc, 23, rf); 4529 4530 if (chan <= 4) 4531 rf = 0x0c; 4532 else if (chan == 5) 4533 rf = 0x0b; 4534 else if (chan >= 6 && chan <= 7) 4535 rf = 0x0a; 4536 else if (chan >= 8 && chan <= 10) 4537 rf = 0x09; 4538 else 4539 rf = 0x08; 4540 run_rt3070_rf_write(sc, 59, rf); 4541 } else { 4542 if (chan <= 11) 4543 rf = 0x0f; 4544 else 4545 rf = 0x0b; 4546 run_rt3070_rf_write(sc, 59, rf); 4547 } 4548 } else { 4549 /* Fix for RT5390F. */ 4550 if (sc->mac_rev >= 0x0502) { 4551 if (chan <= 11) 4552 rf = 0x43; 4553 else 4554 rf = 0x23; 4555 run_rt3070_rf_write(sc, 55, rf); 4556 4557 if (chan <= 11) 4558 rf = 0x0f; 4559 else if (chan == 12) 4560 rf = 0x0d; 4561 else 4562 rf = 0x0b; 4563 run_rt3070_rf_write(sc, 59, rf); 4564 } else { 4565 run_rt3070_rf_write(sc, 55, 0x44); 4566 run_rt3070_rf_write(sc, 59, 0x8f); 4567 } 4568 } 4569 4570 /* Enable VCO calibration. */ 4571 run_rt3070_rf_read(sc, 3, &rf); 4572 rf |= RT5390_VCOCAL; 4573 run_rt3070_rf_write(sc, 3, rf); 4574} 4575 4576static void 4577run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4578{ 4579 const struct rt5592_freqs *freqs; 4580 uint32_t tmp; 4581 uint8_t reg, rf, txpow_bound; 4582 int8_t txpow1, txpow2; 4583 int i; 4584 4585 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4586 freqs = (tmp & RT5592_SEL_XTAL) ? 4587 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4588 4589 /* find the settings for this channel (we know it exists) */ 4590 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4591 4592 /* use Tx power values from EEPROM */ 4593 txpow1 = sc->txpow1[i]; 4594 txpow2 = sc->txpow2[i]; 4595 4596 run_read(sc, RT3070_LDO_CFG0, &tmp); 4597 tmp &= ~0x1c000000; 4598 if (chan > 14) 4599 tmp |= 0x14000000; 4600 run_write(sc, RT3070_LDO_CFG0, tmp); 4601 4602 /* N setting. */ 4603 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4604 run_rt3070_rf_read(sc, 9, &rf); 4605 rf &= ~(1 << 4); 4606 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4607 run_rt3070_rf_write(sc, 9, rf); 4608 4609 /* K setting. */ 4610 run_rt3070_rf_read(sc, 9, &rf); 4611 rf &= ~0x0f; 4612 rf |= (freqs->k & 0x0f); 4613 run_rt3070_rf_write(sc, 9, rf); 4614 4615 /* Mode setting. */ 4616 run_rt3070_rf_read(sc, 11, &rf); 4617 rf &= ~0x0c; 4618 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4619 run_rt3070_rf_write(sc, 11, rf); 4620 run_rt3070_rf_read(sc, 9, &rf); 4621 rf &= ~(1 << 7); 4622 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4623 run_rt3070_rf_write(sc, 9, rf); 4624 4625 /* R setting. */ 4626 run_rt3070_rf_read(sc, 11, &rf); 4627 rf &= ~0x03; 4628 rf |= (freqs->r - 0x1); 4629 run_rt3070_rf_write(sc, 11, rf); 4630 4631 if (chan <= 14) { 4632 /* Initialize RF registers for 2GHZ. */ 4633 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4634 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4635 rt5592_2ghz_def_rf[i].val); 4636 } 4637 4638 rf = (chan <= 10) ? 0x07 : 0x06; 4639 run_rt3070_rf_write(sc, 23, rf); 4640 run_rt3070_rf_write(sc, 59, rf); 4641 4642 run_rt3070_rf_write(sc, 55, 0x43); 4643 4644 /* 4645 * RF R49/R50 Tx power ALC code. 4646 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4647 */ 4648 reg = 2; 4649 txpow_bound = 0x27; 4650 } else { 4651 /* Initialize RF registers for 5GHZ. */ 4652 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4653 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4654 rt5592_5ghz_def_rf[i].val); 4655 } 4656 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4657 if (chan >= rt5592_chan_5ghz[i].firstchan && 4658 chan <= rt5592_chan_5ghz[i].lastchan) { 4659 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4660 rt5592_chan_5ghz[i].val); 4661 } 4662 } 4663 4664 /* 4665 * RF R49/R50 Tx power ALC code. 4666 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4667 */ 4668 reg = 3; 4669 txpow_bound = 0x2b; 4670 } 4671 4672 /* RF R49 ch0 Tx power ALC code. */ 4673 run_rt3070_rf_read(sc, 49, &rf); 4674 rf &= ~0xc0; 4675 rf |= (reg << 6); 4676 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4677 if ((rf & 0x3f) > txpow_bound) 4678 rf = (rf & ~0x3f) | txpow_bound; 4679 run_rt3070_rf_write(sc, 49, rf); 4680 4681 /* RF R50 ch1 Tx power ALC code. */ 4682 run_rt3070_rf_read(sc, 50, &rf); 4683 rf &= ~(1 << 7 | 1 << 6); 4684 rf |= (reg << 6); 4685 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4686 if ((rf & 0x3f) > txpow_bound) 4687 rf = (rf & ~0x3f) | txpow_bound; 4688 run_rt3070_rf_write(sc, 50, rf); 4689 4690 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4691 run_rt3070_rf_read(sc, 1, &rf); 4692 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4693 if (sc->ntxchains > 1) 4694 rf |= RT3070_TX1_PD; 4695 if (sc->nrxchains > 1) 4696 rf |= RT3070_RX1_PD; 4697 run_rt3070_rf_write(sc, 1, rf); 4698 4699 run_rt3070_rf_write(sc, 6, 0xe4); 4700 4701 run_rt3070_rf_write(sc, 30, 0x10); 4702 run_rt3070_rf_write(sc, 31, 0x80); 4703 run_rt3070_rf_write(sc, 32, 0x80); 4704 4705 run_adjust_freq_offset(sc); 4706 4707 /* Enable VCO calibration. */ 4708 run_rt3070_rf_read(sc, 3, &rf); 4709 rf |= RT5390_VCOCAL; 4710 run_rt3070_rf_write(sc, 3, rf); 4711} 4712 4713static void 4714run_set_rx_antenna(struct run_softc *sc, int aux) 4715{ 4716 uint32_t tmp; 4717 uint8_t bbp152; 4718 4719 if (aux) { 4720 if (sc->rf_rev == RT5390_RF_5370) { 4721 run_bbp_read(sc, 152, &bbp152); 4722 run_bbp_write(sc, 152, bbp152 & ~0x80); 4723 } else { 4724 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4725 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4726 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4727 } 4728 } else { 4729 if (sc->rf_rev == RT5390_RF_5370) { 4730 run_bbp_read(sc, 152, &bbp152); 4731 run_bbp_write(sc, 152, bbp152 | 0x80); 4732 } else { 4733 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4734 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4735 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4736 } 4737 } 4738} 4739 4740static int 4741run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4742{ 4743 struct ieee80211com *ic = &sc->sc_ic; 4744 u_int chan, group; 4745 4746 chan = ieee80211_chan2ieee(ic, c); 4747 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4748 return (EINVAL); 4749 4750 if (sc->mac_ver == 0x5592) 4751 run_rt5592_set_chan(sc, chan); 4752 else if (sc->mac_ver >= 0x5390) 4753 run_rt5390_set_chan(sc, chan); 4754 else if (sc->mac_ver == 0x3593) 4755 run_rt3593_set_chan(sc, chan); 4756 else if (sc->mac_ver == 0x3572) 4757 run_rt3572_set_chan(sc, chan); 4758 else if (sc->mac_ver >= 0x3070) 4759 run_rt3070_set_chan(sc, chan); 4760 else 4761 run_rt2870_set_chan(sc, chan); 4762 4763 /* determine channel group */ 4764 if (chan <= 14) 4765 group = 0; 4766 else if (chan <= 64) 4767 group = 1; 4768 else if (chan <= 128) 4769 group = 2; 4770 else 4771 group = 3; 4772 4773 /* XXX necessary only when group has changed! */ 4774 run_select_chan_group(sc, group); 4775 4776 run_delay(sc, 10); 4777 4778 /* Perform IQ calibration. */ 4779 if (sc->mac_ver >= 0x5392) 4780 run_iq_calib(sc, chan); 4781 4782 return (0); 4783} 4784 4785static void 4786run_set_channel(struct ieee80211com *ic) 4787{ 4788 struct run_softc *sc = ic->ic_softc; 4789 4790 RUN_LOCK(sc); 4791 run_set_chan(sc, ic->ic_curchan); 4792 RUN_UNLOCK(sc); 4793 4794 return; 4795} 4796 4797static void 4798run_getradiocaps(struct ieee80211com *ic, 4799 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4800{ 4801 struct run_softc *sc = ic->ic_softc; 4802 uint8_t bands[IEEE80211_MODE_BYTES]; 4803 4804 memset(bands, 0, sizeof(bands)); 4805 setbit(bands, IEEE80211_MODE_11B); 4806 setbit(bands, IEEE80211_MODE_11G); 4807 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4808 4809 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4810 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4811 sc->rf_rev == RT5592_RF_5592) { 4812 setbit(bands, IEEE80211_MODE_11A); 4813 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4814 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4815 } 4816} 4817 4818static void 4819run_scan_start(struct ieee80211com *ic) 4820{ 4821 struct run_softc *sc = ic->ic_softc; 4822 4823 RUN_LOCK(sc); 4824 4825 /* abort TSF synchronization */ 4826 run_disable_tsf(sc); 4827 run_set_bssid(sc, ieee80211broadcastaddr); 4828 4829 RUN_UNLOCK(sc); 4830 4831 return; 4832} 4833 4834static void 4835run_scan_end(struct ieee80211com *ic) 4836{ 4837 struct run_softc *sc = ic->ic_softc; 4838 4839 RUN_LOCK(sc); 4840 4841 run_enable_tsf_sync(sc); 4842 run_set_bssid(sc, sc->sc_bssid); 4843 4844 RUN_UNLOCK(sc); 4845 4846 return; 4847} 4848 4849/* 4850 * Could be called from ieee80211_node_timeout() 4851 * (non-sleepable thread) 4852 */ 4853static void 4854run_update_beacon(struct ieee80211vap *vap, int item) 4855{ 4856 struct ieee80211com *ic = vap->iv_ic; 4857 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4858 struct ieee80211_node *ni = vap->iv_bss; 4859 struct run_softc *sc = ic->ic_softc; 4860 struct run_vap *rvp = RUN_VAP(vap); 4861 int mcast = 0; 4862 uint32_t i; 4863 4864 switch (item) { 4865 case IEEE80211_BEACON_ERP: 4866 run_updateslot(ic); 4867 break; 4868 case IEEE80211_BEACON_HTINFO: 4869 run_updateprot(ic); 4870 break; 4871 case IEEE80211_BEACON_TIM: 4872 mcast = 1; /*TODO*/ 4873 break; 4874 default: 4875 break; 4876 } 4877 4878 setbit(bo->bo_flags, item); 4879 if (rvp->beacon_mbuf == NULL) { 4880 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4881 if (rvp->beacon_mbuf == NULL) 4882 return; 4883 } 4884 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4885 4886 i = RUN_CMDQ_GET(&sc->cmdq_store); 4887 DPRINTF("cmdq_store=%d\n", i); 4888 sc->cmdq[i].func = run_update_beacon_cb; 4889 sc->cmdq[i].arg0 = vap; 4890 ieee80211_runtask(ic, &sc->cmdq_task); 4891 4892 return; 4893} 4894 4895static void 4896run_update_beacon_cb(void *arg) 4897{ 4898 struct ieee80211vap *vap = arg; 4899 struct ieee80211_node *ni = vap->iv_bss; 4900 struct run_vap *rvp = RUN_VAP(vap); 4901 struct ieee80211com *ic = vap->iv_ic; 4902 struct run_softc *sc = ic->ic_softc; 4903 struct rt2860_txwi txwi; 4904 struct mbuf *m; 4905 uint16_t txwisize; 4906 uint8_t ridx; 4907 4908 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4909 return; 4910 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4911 return; 4912 4913 /* 4914 * No need to call ieee80211_beacon_update(), run_update_beacon() 4915 * is taking care of appropriate calls. 4916 */ 4917 if (rvp->beacon_mbuf == NULL) { 4918 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4919 if (rvp->beacon_mbuf == NULL) 4920 return; 4921 } 4922 m = rvp->beacon_mbuf; 4923 4924 memset(&txwi, 0, sizeof(txwi)); 4925 txwi.wcid = 0xff; 4926 txwi.len = htole16(m->m_pkthdr.len); 4927 4928 /* send beacons at the lowest available rate */ 4929 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4930 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4931 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4932 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4933 txwi.phy |= htole16(RT2860_PHY_OFDM); 4934 txwi.txop = RT2860_TX_TXOP_HT; 4935 txwi.flags = RT2860_TX_TS; 4936 txwi.xflags = RT2860_TX_NSEQ; 4937 4938 txwisize = (sc->mac_ver == 0x5592) ? 4939 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4940 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4941 txwisize); 4942 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4943 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4944} 4945 4946static void 4947run_updateprot(struct ieee80211com *ic) 4948{ 4949 struct run_softc *sc = ic->ic_softc; 4950 uint32_t i; 4951 4952 i = RUN_CMDQ_GET(&sc->cmdq_store); 4953 DPRINTF("cmdq_store=%d\n", i); 4954 sc->cmdq[i].func = run_updateprot_cb; 4955 sc->cmdq[i].arg0 = ic; 4956 ieee80211_runtask(ic, &sc->cmdq_task); 4957} 4958 4959static void 4960run_updateprot_cb(void *arg) 4961{ 4962 struct ieee80211com *ic = arg; 4963 struct run_softc *sc = ic->ic_softc; 4964 uint32_t tmp; 4965 4966 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4967 /* setup protection frame rate (MCS code) */ 4968 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4969 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4970 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4971 4972 /* CCK frames don't require protection */ 4973 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4974 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4975 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4976 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4977 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4978 tmp |= RT2860_PROT_CTRL_CTS; 4979 } 4980 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4981} 4982 4983static void 4984run_usb_timeout_cb(void *arg) 4985{ 4986 struct ieee80211vap *vap = arg; 4987 struct run_softc *sc = vap->iv_ic->ic_softc; 4988 4989 RUN_LOCK_ASSERT(sc, MA_OWNED); 4990 4991 if(vap->iv_state == IEEE80211_S_RUN && 4992 vap->iv_opmode != IEEE80211_M_STA) 4993 run_reset_livelock(sc); 4994 else if (vap->iv_state == IEEE80211_S_SCAN) { 4995 DPRINTF("timeout caused by scan\n"); 4996 /* cancel bgscan */ 4997 ieee80211_cancel_scan(vap); 4998 } else 4999 DPRINTF("timeout by unknown cause\n"); 5000} 5001 5002static void 5003run_reset_livelock(struct run_softc *sc) 5004{ 5005 uint32_t tmp; 5006 5007 RUN_LOCK_ASSERT(sc, MA_OWNED); 5008 5009 /* 5010 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5011 * can run into a livelock and start sending CTS-to-self frames like 5012 * crazy if protection is enabled. Reset MAC/BBP for a while 5013 */ 5014 run_read(sc, RT2860_DEBUG, &tmp); 5015 DPRINTFN(3, "debug reg %08x\n", tmp); 5016 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5017 DPRINTF("CTS-to-self livelock detected\n"); 5018 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5019 run_delay(sc, 1); 5020 run_write(sc, RT2860_MAC_SYS_CTRL, 5021 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5022 } 5023} 5024 5025static void 5026run_update_promisc_locked(struct run_softc *sc) 5027{ 5028 uint32_t tmp; 5029 5030 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5031 5032 tmp |= RT2860_DROP_UC_NOME; 5033 if (sc->sc_ic.ic_promisc > 0) 5034 tmp &= ~RT2860_DROP_UC_NOME; 5035 5036 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5037 5038 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5039 "entering" : "leaving"); 5040} 5041 5042static void 5043run_update_promisc(struct ieee80211com *ic) 5044{ 5045 struct run_softc *sc = ic->ic_softc; 5046 5047 if ((sc->sc_flags & RUN_RUNNING) == 0) 5048 return; 5049 5050 RUN_LOCK(sc); 5051 run_update_promisc_locked(sc); 5052 RUN_UNLOCK(sc); 5053} 5054 5055static void 5056run_enable_tsf_sync(struct run_softc *sc) 5057{ 5058 struct ieee80211com *ic = &sc->sc_ic; 5059 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5060 uint32_t tmp; 5061 5062 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5063 ic->ic_opmode); 5064 5065 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5066 tmp &= ~0x1fffff; 5067 tmp |= vap->iv_bss->ni_intval * 16; 5068 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5069 5070 if (ic->ic_opmode == IEEE80211_M_STA) { 5071 /* 5072 * Local TSF is always updated with remote TSF on beacon 5073 * reception. 5074 */ 5075 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5076 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5077 tmp |= RT2860_BCN_TX_EN; 5078 /* 5079 * Local TSF is updated with remote TSF on beacon reception 5080 * only if the remote TSF is greater than local TSF. 5081 */ 5082 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5083 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5084 ic->ic_opmode == IEEE80211_M_MBSS) { 5085 tmp |= RT2860_BCN_TX_EN; 5086 /* SYNC with nobody */ 5087 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5088 } else { 5089 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5090 return; 5091 } 5092 5093 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5094} 5095 5096static void 5097run_enable_tsf(struct run_softc *sc) 5098{ 5099 uint32_t tmp; 5100 5101 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5102 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5103 tmp |= RT2860_TSF_TIMER_EN; 5104 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5105 } 5106} 5107 5108static void 5109run_disable_tsf(struct run_softc *sc) 5110{ 5111 uint32_t tmp; 5112 5113 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5114 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5115 RT2860_TBTT_TIMER_EN); 5116 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5117 } 5118} 5119 5120static void 5121run_get_tsf(struct run_softc *sc, uint64_t *buf) 5122{ 5123 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5124 sizeof(*buf)); 5125} 5126 5127static void 5128run_enable_mrr(struct run_softc *sc) 5129{ 5130#define CCK(mcs) (mcs) 5131#define OFDM(mcs) (1 << 3 | (mcs)) 5132 run_write(sc, RT2860_LG_FBK_CFG0, 5133 OFDM(6) << 28 | /* 54->48 */ 5134 OFDM(5) << 24 | /* 48->36 */ 5135 OFDM(4) << 20 | /* 36->24 */ 5136 OFDM(3) << 16 | /* 24->18 */ 5137 OFDM(2) << 12 | /* 18->12 */ 5138 OFDM(1) << 8 | /* 12-> 9 */ 5139 OFDM(0) << 4 | /* 9-> 6 */ 5140 OFDM(0)); /* 6-> 6 */ 5141 5142 run_write(sc, RT2860_LG_FBK_CFG1, 5143 CCK(2) << 12 | /* 11->5.5 */ 5144 CCK(1) << 8 | /* 5.5-> 2 */ 5145 CCK(0) << 4 | /* 2-> 1 */ 5146 CCK(0)); /* 1-> 1 */ 5147#undef OFDM 5148#undef CCK 5149} 5150 5151static void 5152run_set_txpreamble(struct run_softc *sc) 5153{ 5154 struct ieee80211com *ic = &sc->sc_ic; 5155 uint32_t tmp; 5156 5157 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5158 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5159 tmp |= RT2860_CCK_SHORT_EN; 5160 else 5161 tmp &= ~RT2860_CCK_SHORT_EN; 5162 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5163} 5164 5165static void 5166run_set_basicrates(struct run_softc *sc) 5167{ 5168 struct ieee80211com *ic = &sc->sc_ic; 5169 5170 /* set basic rates mask */ 5171 if (ic->ic_curmode == IEEE80211_MODE_11B) 5172 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5173 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5174 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5175 else /* 11g */ 5176 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5177} 5178 5179static void 5180run_set_leds(struct run_softc *sc, uint16_t which) 5181{ 5182 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5183 which | (sc->leds & 0x7f)); 5184} 5185 5186static void 5187run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5188{ 5189 run_write(sc, RT2860_MAC_BSSID_DW0, 5190 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5191 run_write(sc, RT2860_MAC_BSSID_DW1, 5192 bssid[4] | bssid[5] << 8); 5193} 5194 5195static void 5196run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5197{ 5198 run_write(sc, RT2860_MAC_ADDR_DW0, 5199 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5200 run_write(sc, RT2860_MAC_ADDR_DW1, 5201 addr[4] | addr[5] << 8 | 0xff << 16); 5202} 5203 5204static void 5205run_updateslot(struct ieee80211com *ic) 5206{ 5207 struct run_softc *sc = ic->ic_softc; 5208 uint32_t i; 5209 5210 i = RUN_CMDQ_GET(&sc->cmdq_store); 5211 DPRINTF("cmdq_store=%d\n", i); 5212 sc->cmdq[i].func = run_updateslot_cb; 5213 sc->cmdq[i].arg0 = ic; 5214 ieee80211_runtask(ic, &sc->cmdq_task); 5215 5216 return; 5217} 5218 5219/* ARGSUSED */ 5220static void 5221run_updateslot_cb(void *arg) 5222{ 5223 struct ieee80211com *ic = arg; 5224 struct run_softc *sc = ic->ic_softc; 5225 uint32_t tmp; 5226 5227 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5228 tmp &= ~0xff; 5229 tmp |= IEEE80211_GET_SLOTTIME(ic); 5230 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5231} 5232 5233static void 5234run_update_mcast(struct ieee80211com *ic) 5235{ 5236} 5237 5238static int8_t 5239run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5240{ 5241 struct ieee80211com *ic = &sc->sc_ic; 5242 struct ieee80211_channel *c = ic->ic_curchan; 5243 int delta; 5244 5245 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5246 u_int chan = ieee80211_chan2ieee(ic, c); 5247 delta = sc->rssi_5ghz[rxchain]; 5248 5249 /* determine channel group */ 5250 if (chan <= 64) 5251 delta -= sc->lna[1]; 5252 else if (chan <= 128) 5253 delta -= sc->lna[2]; 5254 else 5255 delta -= sc->lna[3]; 5256 } else 5257 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5258 5259 return (-12 - delta - rssi); 5260} 5261 5262static void 5263run_rt5390_bbp_init(struct run_softc *sc) 5264{ 5265 u_int i; 5266 uint8_t bbp; 5267 5268 /* Apply maximum likelihood detection for 2 stream case. */ 5269 run_bbp_read(sc, 105, &bbp); 5270 if (sc->nrxchains > 1) 5271 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5272 5273 /* Avoid data lost and CRC error. */ 5274 run_bbp_read(sc, 4, &bbp); 5275 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5276 5277 if (sc->mac_ver == 0x5592) { 5278 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5279 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5280 rt5592_def_bbp[i].val); 5281 } 5282 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5283 run_bbp_write(sc, 195, i + 0x80); 5284 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5285 } 5286 } else { 5287 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5288 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5289 rt5390_def_bbp[i].val); 5290 } 5291 } 5292 if (sc->mac_ver == 0x5392) { 5293 run_bbp_write(sc, 88, 0x90); 5294 run_bbp_write(sc, 95, 0x9a); 5295 run_bbp_write(sc, 98, 0x12); 5296 run_bbp_write(sc, 106, 0x12); 5297 run_bbp_write(sc, 134, 0xd0); 5298 run_bbp_write(sc, 135, 0xf6); 5299 run_bbp_write(sc, 148, 0x84); 5300 } 5301 5302 run_bbp_read(sc, 152, &bbp); 5303 run_bbp_write(sc, 152, bbp | 0x80); 5304 5305 /* Fix BBP254 for RT5592C. */ 5306 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5307 run_bbp_read(sc, 254, &bbp); 5308 run_bbp_write(sc, 254, bbp | 0x80); 5309 } 5310 5311 /* Disable hardware antenna diversity. */ 5312 if (sc->mac_ver == 0x5390) 5313 run_bbp_write(sc, 154, 0); 5314 5315 /* Initialize Rx CCK/OFDM frequency offset report. */ 5316 run_bbp_write(sc, 142, 1); 5317 run_bbp_write(sc, 143, 57); 5318} 5319 5320static int 5321run_bbp_init(struct run_softc *sc) 5322{ 5323 int i, error, ntries; 5324 uint8_t bbp0; 5325 5326 /* wait for BBP to wake up */ 5327 for (ntries = 0; ntries < 20; ntries++) { 5328 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5329 return error; 5330 if (bbp0 != 0 && bbp0 != 0xff) 5331 break; 5332 } 5333 if (ntries == 20) 5334 return (ETIMEDOUT); 5335 5336 /* initialize BBP registers to default values */ 5337 if (sc->mac_ver >= 0x5390) 5338 run_rt5390_bbp_init(sc); 5339 else { 5340 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5341 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5342 rt2860_def_bbp[i].val); 5343 } 5344 } 5345 5346 if (sc->mac_ver == 0x3593) { 5347 run_bbp_write(sc, 79, 0x13); 5348 run_bbp_write(sc, 80, 0x05); 5349 run_bbp_write(sc, 81, 0x33); 5350 run_bbp_write(sc, 86, 0x46); 5351 run_bbp_write(sc, 137, 0x0f); 5352 } 5353 5354 /* fix BBP84 for RT2860E */ 5355 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5356 run_bbp_write(sc, 84, 0x19); 5357 5358 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5359 sc->mac_ver != 0x5592)) { 5360 run_bbp_write(sc, 79, 0x13); 5361 run_bbp_write(sc, 80, 0x05); 5362 run_bbp_write(sc, 81, 0x33); 5363 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5364 run_bbp_write(sc, 69, 0x16); 5365 run_bbp_write(sc, 73, 0x12); 5366 } 5367 return (0); 5368} 5369 5370static int 5371run_rt3070_rf_init(struct run_softc *sc) 5372{ 5373 uint32_t tmp; 5374 uint8_t bbp4, mingain, rf, target; 5375 u_int i; 5376 5377 run_rt3070_rf_read(sc, 30, &rf); 5378 /* toggle RF R30 bit 7 */ 5379 run_rt3070_rf_write(sc, 30, rf | 0x80); 5380 run_delay(sc, 10); 5381 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5382 5383 /* initialize RF registers to default value */ 5384 if (sc->mac_ver == 0x3572) { 5385 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5386 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5387 rt3572_def_rf[i].val); 5388 } 5389 } else { 5390 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5391 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5392 rt3070_def_rf[i].val); 5393 } 5394 } 5395 5396 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5397 /* 5398 * Change voltage from 1.2V to 1.35V for RT3070. 5399 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5400 * in RT3070(F). 5401 */ 5402 run_read(sc, RT3070_LDO_CFG0, &tmp); 5403 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5404 run_write(sc, RT3070_LDO_CFG0, tmp); 5405 5406 } else if (sc->mac_ver == 0x3071) { 5407 run_rt3070_rf_read(sc, 6, &rf); 5408 run_rt3070_rf_write(sc, 6, rf | 0x40); 5409 run_rt3070_rf_write(sc, 31, 0x14); 5410 5411 run_read(sc, RT3070_LDO_CFG0, &tmp); 5412 tmp &= ~0x1f000000; 5413 if (sc->mac_rev < 0x0211) 5414 tmp |= 0x0d000000; /* 1.3V */ 5415 else 5416 tmp |= 0x01000000; /* 1.2V */ 5417 run_write(sc, RT3070_LDO_CFG0, tmp); 5418 5419 /* patch LNA_PE_G1 */ 5420 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5421 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5422 5423 } else if (sc->mac_ver == 0x3572) { 5424 run_rt3070_rf_read(sc, 6, &rf); 5425 run_rt3070_rf_write(sc, 6, rf | 0x40); 5426 5427 /* increase voltage from 1.2V to 1.35V */ 5428 run_read(sc, RT3070_LDO_CFG0, &tmp); 5429 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5430 run_write(sc, RT3070_LDO_CFG0, tmp); 5431 5432 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5433 run_delay(sc, 1); /* wait for 1msec */ 5434 /* decrease voltage back to 1.2V */ 5435 tmp = (tmp & ~0x1f000000) | 0x01000000; 5436 run_write(sc, RT3070_LDO_CFG0, tmp); 5437 } 5438 } 5439 5440 /* select 20MHz bandwidth */ 5441 run_rt3070_rf_read(sc, 31, &rf); 5442 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5443 5444 /* calibrate filter for 20MHz bandwidth */ 5445 sc->rf24_20mhz = 0x1f; /* default value */ 5446 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5447 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5448 5449 /* select 40MHz bandwidth */ 5450 run_bbp_read(sc, 4, &bbp4); 5451 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5452 run_rt3070_rf_read(sc, 31, &rf); 5453 run_rt3070_rf_write(sc, 31, rf | 0x20); 5454 5455 /* calibrate filter for 40MHz bandwidth */ 5456 sc->rf24_40mhz = 0x2f; /* default value */ 5457 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5458 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5459 5460 /* go back to 20MHz bandwidth */ 5461 run_bbp_read(sc, 4, &bbp4); 5462 run_bbp_write(sc, 4, bbp4 & ~0x18); 5463 5464 if (sc->mac_ver == 0x3572) { 5465 /* save default BBP registers 25 and 26 values */ 5466 run_bbp_read(sc, 25, &sc->bbp25); 5467 run_bbp_read(sc, 26, &sc->bbp26); 5468 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5469 run_rt3070_rf_write(sc, 27, 0x03); 5470 5471 run_read(sc, RT3070_OPT_14, &tmp); 5472 run_write(sc, RT3070_OPT_14, tmp | 1); 5473 5474 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5475 run_rt3070_rf_read(sc, 17, &rf); 5476 rf &= ~RT3070_TX_LO1; 5477 if ((sc->mac_ver == 0x3070 || 5478 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5479 !sc->ext_2ghz_lna) 5480 rf |= 0x20; /* fix for long range Rx issue */ 5481 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5482 if (sc->txmixgain_2ghz >= mingain) 5483 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5484 run_rt3070_rf_write(sc, 17, rf); 5485 } 5486 5487 if (sc->mac_ver == 0x3071) { 5488 run_rt3070_rf_read(sc, 1, &rf); 5489 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5490 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5491 run_rt3070_rf_write(sc, 1, rf); 5492 5493 run_rt3070_rf_read(sc, 15, &rf); 5494 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5495 5496 run_rt3070_rf_read(sc, 20, &rf); 5497 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5498 5499 run_rt3070_rf_read(sc, 21, &rf); 5500 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5501 } 5502 5503 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5504 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5505 run_rt3070_rf_read(sc, 27, &rf); 5506 rf &= ~0x77; 5507 if (sc->mac_rev < 0x0211) 5508 rf |= 0x03; 5509 run_rt3070_rf_write(sc, 27, rf); 5510 } 5511 return (0); 5512} 5513 5514static void 5515run_rt3593_rf_init(struct run_softc *sc) 5516{ 5517 uint32_t tmp; 5518 uint8_t rf; 5519 u_int i; 5520 5521 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5522 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5523 tmp &= ~(1 << 4 | 1 << 7); 5524 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5525 5526 /* Initialize RF registers to default value. */ 5527 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5528 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5529 rt3593_def_rf[i].val); 5530 } 5531 5532 /* Toggle RF R2 to initiate calibration. */ 5533 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5534 5535 /* Initialize RF frequency offset. */ 5536 run_adjust_freq_offset(sc); 5537 5538 run_rt3070_rf_read(sc, 18, &rf); 5539 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5540 5541 /* 5542 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5543 * decrease voltage back to 1.2V. 5544 */ 5545 run_read(sc, RT3070_LDO_CFG0, &tmp); 5546 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5547 run_write(sc, RT3070_LDO_CFG0, tmp); 5548 run_delay(sc, 1); 5549 tmp = (tmp & ~0x1f000000) | 0x01000000; 5550 run_write(sc, RT3070_LDO_CFG0, tmp); 5551 5552 sc->rf24_20mhz = 0x1f; 5553 sc->rf24_40mhz = 0x2f; 5554 5555 /* Save default BBP registers 25 and 26 values. */ 5556 run_bbp_read(sc, 25, &sc->bbp25); 5557 run_bbp_read(sc, 26, &sc->bbp26); 5558 5559 run_read(sc, RT3070_OPT_14, &tmp); 5560 run_write(sc, RT3070_OPT_14, tmp | 1); 5561} 5562 5563static void 5564run_rt5390_rf_init(struct run_softc *sc) 5565{ 5566 uint32_t tmp; 5567 uint8_t rf; 5568 u_int i; 5569 5570 /* Toggle RF R2 to initiate calibration. */ 5571 if (sc->mac_ver == 0x5390) { 5572 run_rt3070_rf_read(sc, 2, &rf); 5573 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5574 run_delay(sc, 10); 5575 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5576 } else { 5577 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5578 run_delay(sc, 10); 5579 } 5580 5581 /* Initialize RF registers to default value. */ 5582 if (sc->mac_ver == 0x5592) { 5583 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5584 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5585 rt5592_def_rf[i].val); 5586 } 5587 /* Initialize RF frequency offset. */ 5588 run_adjust_freq_offset(sc); 5589 } else if (sc->mac_ver == 0x5392) { 5590 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5591 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5592 rt5392_def_rf[i].val); 5593 } 5594 if (sc->mac_rev >= 0x0223) { 5595 run_rt3070_rf_write(sc, 23, 0x0f); 5596 run_rt3070_rf_write(sc, 24, 0x3e); 5597 run_rt3070_rf_write(sc, 51, 0x32); 5598 run_rt3070_rf_write(sc, 53, 0x22); 5599 run_rt3070_rf_write(sc, 56, 0xc1); 5600 run_rt3070_rf_write(sc, 59, 0x0f); 5601 } 5602 } else { 5603 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5604 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5605 rt5390_def_rf[i].val); 5606 } 5607 if (sc->mac_rev >= 0x0502) { 5608 run_rt3070_rf_write(sc, 6, 0xe0); 5609 run_rt3070_rf_write(sc, 25, 0x80); 5610 run_rt3070_rf_write(sc, 46, 0x73); 5611 run_rt3070_rf_write(sc, 53, 0x00); 5612 run_rt3070_rf_write(sc, 56, 0x42); 5613 run_rt3070_rf_write(sc, 61, 0xd1); 5614 } 5615 } 5616 5617 sc->rf24_20mhz = 0x1f; /* default value */ 5618 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5619 5620 if (sc->mac_rev < 0x0211) 5621 run_rt3070_rf_write(sc, 27, 0x3); 5622 5623 run_read(sc, RT3070_OPT_14, &tmp); 5624 run_write(sc, RT3070_OPT_14, tmp | 1); 5625} 5626 5627static int 5628run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5629 uint8_t *val) 5630{ 5631 uint8_t rf22, rf24; 5632 uint8_t bbp55_pb, bbp55_sb, delta; 5633 int ntries; 5634 5635 /* program filter */ 5636 run_rt3070_rf_read(sc, 24, &rf24); 5637 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5638 run_rt3070_rf_write(sc, 24, rf24); 5639 5640 /* enable baseband loopback mode */ 5641 run_rt3070_rf_read(sc, 22, &rf22); 5642 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5643 5644 /* set power and frequency of passband test tone */ 5645 run_bbp_write(sc, 24, 0x00); 5646 for (ntries = 0; ntries < 100; ntries++) { 5647 /* transmit test tone */ 5648 run_bbp_write(sc, 25, 0x90); 5649 run_delay(sc, 10); 5650 /* read received power */ 5651 run_bbp_read(sc, 55, &bbp55_pb); 5652 if (bbp55_pb != 0) 5653 break; 5654 } 5655 if (ntries == 100) 5656 return (ETIMEDOUT); 5657 5658 /* set power and frequency of stopband test tone */ 5659 run_bbp_write(sc, 24, 0x06); 5660 for (ntries = 0; ntries < 100; ntries++) { 5661 /* transmit test tone */ 5662 run_bbp_write(sc, 25, 0x90); 5663 run_delay(sc, 10); 5664 /* read received power */ 5665 run_bbp_read(sc, 55, &bbp55_sb); 5666 5667 delta = bbp55_pb - bbp55_sb; 5668 if (delta > target) 5669 break; 5670 5671 /* reprogram filter */ 5672 rf24++; 5673 run_rt3070_rf_write(sc, 24, rf24); 5674 } 5675 if (ntries < 100) { 5676 if (rf24 != init) 5677 rf24--; /* backtrack */ 5678 *val = rf24; 5679 run_rt3070_rf_write(sc, 24, rf24); 5680 } 5681 5682 /* restore initial state */ 5683 run_bbp_write(sc, 24, 0x00); 5684 5685 /* disable baseband loopback mode */ 5686 run_rt3070_rf_read(sc, 22, &rf22); 5687 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5688 5689 return (0); 5690} 5691 5692static void 5693run_rt3070_rf_setup(struct run_softc *sc) 5694{ 5695 uint8_t bbp, rf; 5696 int i; 5697 5698 if (sc->mac_ver == 0x3572) { 5699 /* enable DC filter */ 5700 if (sc->mac_rev >= 0x0201) 5701 run_bbp_write(sc, 103, 0xc0); 5702 5703 run_bbp_read(sc, 138, &bbp); 5704 if (sc->ntxchains == 1) 5705 bbp |= 0x20; /* turn off DAC1 */ 5706 if (sc->nrxchains == 1) 5707 bbp &= ~0x02; /* turn off ADC1 */ 5708 run_bbp_write(sc, 138, bbp); 5709 5710 if (sc->mac_rev >= 0x0211) { 5711 /* improve power consumption */ 5712 run_bbp_read(sc, 31, &bbp); 5713 run_bbp_write(sc, 31, bbp & ~0x03); 5714 } 5715 5716 run_rt3070_rf_read(sc, 16, &rf); 5717 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5718 run_rt3070_rf_write(sc, 16, rf); 5719 5720 } else if (sc->mac_ver == 0x3071) { 5721 if (sc->mac_rev >= 0x0211) { 5722 /* enable DC filter */ 5723 run_bbp_write(sc, 103, 0xc0); 5724 5725 /* improve power consumption */ 5726 run_bbp_read(sc, 31, &bbp); 5727 run_bbp_write(sc, 31, bbp & ~0x03); 5728 } 5729 5730 run_bbp_read(sc, 138, &bbp); 5731 if (sc->ntxchains == 1) 5732 bbp |= 0x20; /* turn off DAC1 */ 5733 if (sc->nrxchains == 1) 5734 bbp &= ~0x02; /* turn off ADC1 */ 5735 run_bbp_write(sc, 138, bbp); 5736 5737 run_write(sc, RT2860_TX_SW_CFG1, 0); 5738 if (sc->mac_rev < 0x0211) { 5739 run_write(sc, RT2860_TX_SW_CFG2, 5740 sc->patch_dac ? 0x2c : 0x0f); 5741 } else 5742 run_write(sc, RT2860_TX_SW_CFG2, 0); 5743 5744 } else if (sc->mac_ver == 0x3070) { 5745 if (sc->mac_rev >= 0x0201) { 5746 /* enable DC filter */ 5747 run_bbp_write(sc, 103, 0xc0); 5748 5749 /* improve power consumption */ 5750 run_bbp_read(sc, 31, &bbp); 5751 run_bbp_write(sc, 31, bbp & ~0x03); 5752 } 5753 5754 if (sc->mac_rev < 0x0201) { 5755 run_write(sc, RT2860_TX_SW_CFG1, 0); 5756 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5757 } else 5758 run_write(sc, RT2860_TX_SW_CFG2, 0); 5759 } 5760 5761 /* initialize RF registers from ROM for >=RT3071*/ 5762 if (sc->mac_ver >= 0x3071) { 5763 for (i = 0; i < 10; i++) { 5764 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5765 continue; 5766 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5767 } 5768 } 5769} 5770 5771static void 5772run_rt3593_rf_setup(struct run_softc *sc) 5773{ 5774 uint8_t bbp, rf; 5775 5776 if (sc->mac_rev >= 0x0211) { 5777 /* Enable DC filter. */ 5778 run_bbp_write(sc, 103, 0xc0); 5779 } 5780 run_write(sc, RT2860_TX_SW_CFG1, 0); 5781 if (sc->mac_rev < 0x0211) { 5782 run_write(sc, RT2860_TX_SW_CFG2, 5783 sc->patch_dac ? 0x2c : 0x0f); 5784 } else 5785 run_write(sc, RT2860_TX_SW_CFG2, 0); 5786 5787 run_rt3070_rf_read(sc, 50, &rf); 5788 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5789 5790 run_rt3070_rf_read(sc, 51, &rf); 5791 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5792 ((sc->txmixgain_2ghz & 0x07) << 2); 5793 run_rt3070_rf_write(sc, 51, rf); 5794 5795 run_rt3070_rf_read(sc, 38, &rf); 5796 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5797 5798 run_rt3070_rf_read(sc, 39, &rf); 5799 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5800 5801 run_rt3070_rf_read(sc, 1, &rf); 5802 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5803 5804 run_rt3070_rf_read(sc, 30, &rf); 5805 rf = (rf & ~0x18) | 0x10; 5806 run_rt3070_rf_write(sc, 30, rf); 5807 5808 /* Apply maximum likelihood detection for 2 stream case. */ 5809 run_bbp_read(sc, 105, &bbp); 5810 if (sc->nrxchains > 1) 5811 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5812 5813 /* Avoid data lost and CRC error. */ 5814 run_bbp_read(sc, 4, &bbp); 5815 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5816 5817 run_bbp_write(sc, 92, 0x02); 5818 run_bbp_write(sc, 82, 0x82); 5819 run_bbp_write(sc, 106, 0x05); 5820 run_bbp_write(sc, 104, 0x92); 5821 run_bbp_write(sc, 88, 0x90); 5822 run_bbp_write(sc, 148, 0xc8); 5823 run_bbp_write(sc, 47, 0x48); 5824 run_bbp_write(sc, 120, 0x50); 5825 5826 run_bbp_write(sc, 163, 0x9d); 5827 5828 /* SNR mapping. */ 5829 run_bbp_write(sc, 142, 0x06); 5830 run_bbp_write(sc, 143, 0xa0); 5831 run_bbp_write(sc, 142, 0x07); 5832 run_bbp_write(sc, 143, 0xa1); 5833 run_bbp_write(sc, 142, 0x08); 5834 run_bbp_write(sc, 143, 0xa2); 5835 5836 run_bbp_write(sc, 31, 0x08); 5837 run_bbp_write(sc, 68, 0x0b); 5838 run_bbp_write(sc, 105, 0x04); 5839} 5840 5841static void 5842run_rt5390_rf_setup(struct run_softc *sc) 5843{ 5844 uint8_t bbp, rf; 5845 5846 if (sc->mac_rev >= 0x0211) { 5847 /* Enable DC filter. */ 5848 run_bbp_write(sc, 103, 0xc0); 5849 5850 if (sc->mac_ver != 0x5592) { 5851 /* Improve power consumption. */ 5852 run_bbp_read(sc, 31, &bbp); 5853 run_bbp_write(sc, 31, bbp & ~0x03); 5854 } 5855 } 5856 5857 run_bbp_read(sc, 138, &bbp); 5858 if (sc->ntxchains == 1) 5859 bbp |= 0x20; /* turn off DAC1 */ 5860 if (sc->nrxchains == 1) 5861 bbp &= ~0x02; /* turn off ADC1 */ 5862 run_bbp_write(sc, 138, bbp); 5863 5864 run_rt3070_rf_read(sc, 38, &rf); 5865 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5866 5867 run_rt3070_rf_read(sc, 39, &rf); 5868 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5869 5870 /* Avoid data lost and CRC error. */ 5871 run_bbp_read(sc, 4, &bbp); 5872 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5873 5874 run_rt3070_rf_read(sc, 30, &rf); 5875 rf = (rf & ~0x18) | 0x10; 5876 run_rt3070_rf_write(sc, 30, rf); 5877 5878 if (sc->mac_ver != 0x5592) { 5879 run_write(sc, RT2860_TX_SW_CFG1, 0); 5880 if (sc->mac_rev < 0x0211) { 5881 run_write(sc, RT2860_TX_SW_CFG2, 5882 sc->patch_dac ? 0x2c : 0x0f); 5883 } else 5884 run_write(sc, RT2860_TX_SW_CFG2, 0); 5885 } 5886} 5887 5888static int 5889run_txrx_enable(struct run_softc *sc) 5890{ 5891 struct ieee80211com *ic = &sc->sc_ic; 5892 uint32_t tmp; 5893 int error, ntries; 5894 5895 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5896 for (ntries = 0; ntries < 200; ntries++) { 5897 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5898 return (error); 5899 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5900 break; 5901 run_delay(sc, 50); 5902 } 5903 if (ntries == 200) 5904 return (ETIMEDOUT); 5905 5906 run_delay(sc, 50); 5907 5908 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5909 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5910 5911 /* enable Rx bulk aggregation (set timeout and limit) */ 5912 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5913 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5914 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5915 5916 /* set Rx filter */ 5917 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5918 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5919 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5920 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5921 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5922 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5923 if (ic->ic_opmode == IEEE80211_M_STA) 5924 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5925 } 5926 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5927 5928 run_write(sc, RT2860_MAC_SYS_CTRL, 5929 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5930 5931 return (0); 5932} 5933 5934static void 5935run_adjust_freq_offset(struct run_softc *sc) 5936{ 5937 uint8_t rf, tmp; 5938 5939 run_rt3070_rf_read(sc, 17, &rf); 5940 tmp = rf; 5941 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5942 rf = MIN(rf, 0x5f); 5943 5944 if (tmp != rf) 5945 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5946} 5947 5948static void 5949run_init_locked(struct run_softc *sc) 5950{ 5951 struct ieee80211com *ic = &sc->sc_ic; 5952 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5953 uint32_t tmp; 5954 uint8_t bbp1, bbp3; 5955 int i; 5956 int ridx; 5957 int ntries; 5958 5959 if (ic->ic_nrunning > 1) 5960 return; 5961 5962 run_stop(sc); 5963 5964 if (run_load_microcode(sc) != 0) { 5965 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5966 goto fail; 5967 } 5968 5969 for (ntries = 0; ntries < 100; ntries++) { 5970 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5971 goto fail; 5972 if (tmp != 0 && tmp != 0xffffffff) 5973 break; 5974 run_delay(sc, 10); 5975 } 5976 if (ntries == 100) 5977 goto fail; 5978 5979 for (i = 0; i != RUN_EP_QUEUES; i++) 5980 run_setup_tx_list(sc, &sc->sc_epq[i]); 5981 5982 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5983 5984 for (ntries = 0; ntries < 100; ntries++) { 5985 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5986 goto fail; 5987 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5988 break; 5989 run_delay(sc, 10); 5990 } 5991 if (ntries == 100) { 5992 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5993 goto fail; 5994 } 5995 tmp &= 0xff0; 5996 tmp |= RT2860_TX_WB_DDONE; 5997 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5998 5999 /* turn off PME_OEN to solve high-current issue */ 6000 run_read(sc, RT2860_SYS_CTRL, &tmp); 6001 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6002 6003 run_write(sc, RT2860_MAC_SYS_CTRL, 6004 RT2860_BBP_HRST | RT2860_MAC_SRST); 6005 run_write(sc, RT2860_USB_DMA_CFG, 0); 6006 6007 if (run_reset(sc) != 0) { 6008 device_printf(sc->sc_dev, "could not reset chipset\n"); 6009 goto fail; 6010 } 6011 6012 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6013 6014 /* init Tx power for all Tx rates (from EEPROM) */ 6015 for (ridx = 0; ridx < 5; ridx++) { 6016 if (sc->txpow20mhz[ridx] == 0xffffffff) 6017 continue; 6018 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6019 } 6020 6021 for (i = 0; i < nitems(rt2870_def_mac); i++) 6022 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6023 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6024 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6025 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6026 6027 if (sc->mac_ver >= 0x5390) { 6028 run_write(sc, RT2860_TX_SW_CFG0, 6029 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6030 if (sc->mac_ver >= 0x5392) { 6031 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6032 if (sc->mac_ver == 0x5592) { 6033 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6034 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6035 } else { 6036 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6037 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6038 } 6039 } 6040 } else if (sc->mac_ver == 0x3593) { 6041 run_write(sc, RT2860_TX_SW_CFG0, 6042 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6043 } else if (sc->mac_ver >= 0x3070) { 6044 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6045 run_write(sc, RT2860_TX_SW_CFG0, 6046 4 << RT2860_DLY_PAPE_EN_SHIFT); 6047 } 6048 6049 /* wait while MAC is busy */ 6050 for (ntries = 0; ntries < 100; ntries++) { 6051 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6052 goto fail; 6053 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6054 break; 6055 run_delay(sc, 10); 6056 } 6057 if (ntries == 100) 6058 goto fail; 6059 6060 /* clear Host to MCU mailbox */ 6061 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6062 run_write(sc, RT2860_H2M_MAILBOX, 0); 6063 run_delay(sc, 10); 6064 6065 if (run_bbp_init(sc) != 0) { 6066 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6067 goto fail; 6068 } 6069 6070 /* abort TSF synchronization */ 6071 run_disable_tsf(sc); 6072 6073 /* clear RX WCID search table */ 6074 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6075 /* clear WCID attribute table */ 6076 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6077 6078 /* hostapd sets a key before init. So, don't clear it. */ 6079 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6080 /* clear shared key table */ 6081 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6082 /* clear shared key mode */ 6083 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6084 } 6085 6086 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6087 tmp = (tmp & ~0xff) | 0x1e; 6088 run_write(sc, RT2860_US_CYC_CNT, tmp); 6089 6090 if (sc->mac_rev != 0x0101) 6091 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6092 6093 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6094 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6095 6096 /* write vendor-specific BBP values (from EEPROM) */ 6097 if (sc->mac_ver < 0x3593) { 6098 for (i = 0; i < 10; i++) { 6099 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6100 continue; 6101 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6102 } 6103 } 6104 6105 /* select Main antenna for 1T1R devices */ 6106 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6107 run_set_rx_antenna(sc, 0); 6108 6109 /* send LEDs operating mode to microcontroller */ 6110 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6111 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6112 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6113 6114 if (sc->mac_ver >= 0x5390) 6115 run_rt5390_rf_init(sc); 6116 else if (sc->mac_ver == 0x3593) 6117 run_rt3593_rf_init(sc); 6118 else if (sc->mac_ver >= 0x3070) 6119 run_rt3070_rf_init(sc); 6120 6121 /* disable non-existing Rx chains */ 6122 run_bbp_read(sc, 3, &bbp3); 6123 bbp3 &= ~(1 << 3 | 1 << 4); 6124 if (sc->nrxchains == 2) 6125 bbp3 |= 1 << 3; 6126 else if (sc->nrxchains == 3) 6127 bbp3 |= 1 << 4; 6128 run_bbp_write(sc, 3, bbp3); 6129 6130 /* disable non-existing Tx chains */ 6131 run_bbp_read(sc, 1, &bbp1); 6132 if (sc->ntxchains == 1) 6133 bbp1 &= ~(1 << 3 | 1 << 4); 6134 run_bbp_write(sc, 1, bbp1); 6135 6136 if (sc->mac_ver >= 0x5390) 6137 run_rt5390_rf_setup(sc); 6138 else if (sc->mac_ver == 0x3593) 6139 run_rt3593_rf_setup(sc); 6140 else if (sc->mac_ver >= 0x3070) 6141 run_rt3070_rf_setup(sc); 6142 6143 /* select default channel */ 6144 run_set_chan(sc, ic->ic_curchan); 6145 6146 /* setup initial protection mode */ 6147 run_updateprot_cb(ic); 6148 6149 /* turn radio LED on */ 6150 run_set_leds(sc, RT2860_LED_RADIO); 6151 6152 sc->sc_flags |= RUN_RUNNING; 6153 sc->cmdq_run = RUN_CMDQ_GO; 6154 6155 for (i = 0; i != RUN_N_XFER; i++) 6156 usbd_xfer_set_stall(sc->sc_xfer[i]); 6157 6158 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6159 6160 if (run_txrx_enable(sc) != 0) 6161 goto fail; 6162 6163 return; 6164 6165fail: 6166 run_stop(sc); 6167} 6168 6169static void 6170run_stop(void *arg) 6171{ 6172 struct run_softc *sc = (struct run_softc *)arg; 6173 uint32_t tmp; 6174 int i; 6175 int ntries; 6176 6177 RUN_LOCK_ASSERT(sc, MA_OWNED); 6178 6179 if (sc->sc_flags & RUN_RUNNING) 6180 run_set_leds(sc, 0); /* turn all LEDs off */ 6181 6182 sc->sc_flags &= ~RUN_RUNNING; 6183 6184 sc->ratectl_run = RUN_RATECTL_OFF; 6185 sc->cmdq_run = sc->cmdq_key_set; 6186 6187 RUN_UNLOCK(sc); 6188 6189 for(i = 0; i < RUN_N_XFER; i++) 6190 usbd_transfer_drain(sc->sc_xfer[i]); 6191 6192 RUN_LOCK(sc); 6193 6194 run_drain_mbufq(sc); 6195 6196 if (sc->rx_m != NULL) { 6197 m_free(sc->rx_m); 6198 sc->rx_m = NULL; 6199 } 6200 6201 /* Disable Tx/Rx DMA. */ 6202 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6203 return; 6204 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6205 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6206 6207 for (ntries = 0; ntries < 100; ntries++) { 6208 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6209 return; 6210 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6211 break; 6212 run_delay(sc, 10); 6213 } 6214 if (ntries == 100) { 6215 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6216 return; 6217 } 6218 6219 /* disable Tx/Rx */ 6220 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6221 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6222 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6223 6224 /* wait for pending Tx to complete */ 6225 for (ntries = 0; ntries < 100; ntries++) { 6226 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6227 DPRINTF("Cannot read Tx queue count\n"); 6228 break; 6229 } 6230 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6231 DPRINTF("All Tx cleared\n"); 6232 break; 6233 } 6234 run_delay(sc, 10); 6235 } 6236 if (ntries >= 100) 6237 DPRINTF("There are still pending Tx\n"); 6238 run_delay(sc, 10); 6239 run_write(sc, RT2860_USB_DMA_CFG, 0); 6240 6241 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6242 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6243 6244 for (i = 0; i != RUN_EP_QUEUES; i++) 6245 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6246} 6247 6248static void 6249run_delay(struct run_softc *sc, u_int ms) 6250{ 6251 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6252 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6253} 6254 6255static device_method_t run_methods[] = { 6256 /* Device interface */ 6257 DEVMETHOD(device_probe, run_match), 6258 DEVMETHOD(device_attach, run_attach), 6259 DEVMETHOD(device_detach, run_detach), 6260 DEVMETHOD_END 6261}; 6262 6263static driver_t run_driver = { 6264 .name = "run", 6265 .methods = run_methods, 6266 .size = sizeof(struct run_softc) 6267}; 6268 6269static devclass_t run_devclass; 6270 6271DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6272MODULE_DEPEND(run, wlan, 1, 1, 1); 6273MODULE_DEPEND(run, usb, 1, 1, 1); 6274MODULE_DEPEND(run, firmware, 1, 1, 1); 6275MODULE_VERSION(run, 1); 6276USB_PNP_HOST_INFO(run_devs); 6277