if_run.c revision 259046
1/*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD: head/sys/dev/usb/wlan/if_run.c 259046 2013-12-06 22:13:51Z hselasky $"); 22 23/*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28#include <sys/param.h> 29#include <sys/sockio.h> 30#include <sys/sysctl.h> 31#include <sys/lock.h> 32#include <sys/mutex.h> 33#include <sys/mbuf.h> 34#include <sys/kernel.h> 35#include <sys/socket.h> 36#include <sys/systm.h> 37#include <sys/malloc.h> 38#include <sys/module.h> 39#include <sys/bus.h> 40#include <sys/endian.h> 41#include <sys/linker.h> 42#include <sys/firmware.h> 43#include <sys/kdb.h> 44 45#include <machine/bus.h> 46#include <machine/resource.h> 47#include <sys/rman.h> 48 49#include <net/bpf.h> 50#include <net/if.h> 51#include <net/if_var.h> 52#include <net/if_arp.h> 53#include <net/ethernet.h> 54#include <net/if_dl.h> 55#include <net/if_media.h> 56#include <net/if_types.h> 57 58#include <netinet/in.h> 59#include <netinet/in_systm.h> 60#include <netinet/in_var.h> 61#include <netinet/if_ether.h> 62#include <netinet/ip.h> 63 64#include <net80211/ieee80211_var.h> 65#include <net80211/ieee80211_regdomain.h> 66#include <net80211/ieee80211_radiotap.h> 67#include <net80211/ieee80211_ratectl.h> 68 69#include <dev/usb/usb.h> 70#include <dev/usb/usbdi.h> 71#include "usbdevs.h" 72 73#define USB_DEBUG_VAR run_debug 74#include <dev/usb/usb_debug.h> 75 76#include <dev/usb/wlan/if_runreg.h> 77#include <dev/usb/wlan/if_runvar.h> 78 79#ifdef USB_DEBUG 80#define RUN_DEBUG 81#endif 82 83#ifdef RUN_DEBUG 84int run_debug = 0; 85static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 87 "run debug level"); 88#endif 89 90#define IEEE80211_HAS_ADDR4(wh) \ 91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 92 93/* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99static const STRUCT_USB_HOST_ID run_devs[] = { 100#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS, USB_N53), 140 RUN_DEV(ASUS2, USBN11), 141 RUN_DEV(AZUREWAVE, RT2870_1), 142 RUN_DEV(AZUREWAVE, RT2870_2), 143 RUN_DEV(AZUREWAVE, RT3070_1), 144 RUN_DEV(AZUREWAVE, RT3070_2), 145 RUN_DEV(AZUREWAVE, RT3070_3), 146 RUN_DEV(BELKIN, F5D8053V3), 147 RUN_DEV(BELKIN, F5D8055), 148 RUN_DEV(BELKIN, F5D8055V2), 149 RUN_DEV(BELKIN, F6D4050V1), 150 RUN_DEV(BELKIN, F6D4050V2), 151 RUN_DEV(BELKIN, RT2870_1), 152 RUN_DEV(BELKIN, RT2870_2), 153 RUN_DEV(CISCOLINKSYS, AE1000), 154 RUN_DEV(CISCOLINKSYS2, RT3070), 155 RUN_DEV(CISCOLINKSYS3, RT3070), 156 RUN_DEV(CONCEPTRONIC2, RT2870_1), 157 RUN_DEV(CONCEPTRONIC2, RT2870_2), 158 RUN_DEV(CONCEPTRONIC2, RT2870_3), 159 RUN_DEV(CONCEPTRONIC2, RT2870_4), 160 RUN_DEV(CONCEPTRONIC2, RT2870_5), 161 RUN_DEV(CONCEPTRONIC2, RT2870_6), 162 RUN_DEV(CONCEPTRONIC2, RT2870_7), 163 RUN_DEV(CONCEPTRONIC2, RT2870_8), 164 RUN_DEV(CONCEPTRONIC2, RT3070_1), 165 RUN_DEV(CONCEPTRONIC2, RT3070_2), 166 RUN_DEV(CONCEPTRONIC2, VIGORN61), 167 RUN_DEV(COREGA, CGWLUSB300GNM), 168 RUN_DEV(COREGA, RT2870_1), 169 RUN_DEV(COREGA, RT2870_2), 170 RUN_DEV(COREGA, RT2870_3), 171 RUN_DEV(COREGA, RT3070), 172 RUN_DEV(CYBERTAN, RT2870), 173 RUN_DEV(DLINK, RT2870), 174 RUN_DEV(DLINK, RT3072), 175 RUN_DEV(DLINK, DWA127), 176 RUN_DEV(DLINK, DWA140B3), 177 RUN_DEV(DLINK, DWA160B2), 178 RUN_DEV(DLINK2, DWA130), 179 RUN_DEV(DLINK2, RT2870_1), 180 RUN_DEV(DLINK2, RT2870_2), 181 RUN_DEV(DLINK2, RT3070_1), 182 RUN_DEV(DLINK2, RT3070_2), 183 RUN_DEV(DLINK2, RT3070_3), 184 RUN_DEV(DLINK2, RT3070_4), 185 RUN_DEV(DLINK2, RT3070_5), 186 RUN_DEV(DLINK2, RT3072), 187 RUN_DEV(DLINK2, RT3072_1), 188 RUN_DEV(EDIMAX, EW7717), 189 RUN_DEV(EDIMAX, EW7718), 190 RUN_DEV(EDIMAX, RT2870_1), 191 RUN_DEV(ENCORE, RT3070_1), 192 RUN_DEV(ENCORE, RT3070_2), 193 RUN_DEV(ENCORE, RT3070_3), 194 RUN_DEV(GIGABYTE, GNWB31N), 195 RUN_DEV(GIGABYTE, GNWB32L), 196 RUN_DEV(GIGABYTE, RT2870_1), 197 RUN_DEV(GIGASET, RT3070_1), 198 RUN_DEV(GIGASET, RT3070_2), 199 RUN_DEV(GUILLEMOT, HWNU300), 200 RUN_DEV(HAWKING, HWUN2), 201 RUN_DEV(HAWKING, RT2870_1), 202 RUN_DEV(HAWKING, RT2870_2), 203 RUN_DEV(HAWKING, RT3070), 204 RUN_DEV(IODATA, RT3072_1), 205 RUN_DEV(IODATA, RT3072_2), 206 RUN_DEV(IODATA, RT3072_3), 207 RUN_DEV(IODATA, RT3072_4), 208 RUN_DEV(LINKSYS4, RT3070), 209 RUN_DEV(LINKSYS4, WUSB100), 210 RUN_DEV(LINKSYS4, WUSB54GCV3), 211 RUN_DEV(LINKSYS4, WUSB600N), 212 RUN_DEV(LINKSYS4, WUSB600NV2), 213 RUN_DEV(LOGITEC, RT2870_1), 214 RUN_DEV(LOGITEC, RT2870_2), 215 RUN_DEV(LOGITEC, RT2870_3), 216 RUN_DEV(LOGITEC, LANW300NU2), 217 RUN_DEV(LOGITEC, LANW150NU2), 218 RUN_DEV(LOGITEC, LANW300NU2S), 219 RUN_DEV(MELCO, RT2870_1), 220 RUN_DEV(MELCO, RT2870_2), 221 RUN_DEV(MELCO, WLIUCAG300N), 222 RUN_DEV(MELCO, WLIUCG300N), 223 RUN_DEV(MELCO, WLIUCG301N), 224 RUN_DEV(MELCO, WLIUCGN), 225 RUN_DEV(MELCO, WLIUCGNM), 226 RUN_DEV(MELCO, WLIUCGNM2), 227 RUN_DEV(MOTOROLA4, RT2770), 228 RUN_DEV(MOTOROLA4, RT3070), 229 RUN_DEV(MSI, RT3070_1), 230 RUN_DEV(MSI, RT3070_2), 231 RUN_DEV(MSI, RT3070_3), 232 RUN_DEV(MSI, RT3070_4), 233 RUN_DEV(MSI, RT3070_5), 234 RUN_DEV(MSI, RT3070_6), 235 RUN_DEV(MSI, RT3070_7), 236 RUN_DEV(MSI, RT3070_8), 237 RUN_DEV(MSI, RT3070_9), 238 RUN_DEV(MSI, RT3070_10), 239 RUN_DEV(MSI, RT3070_11), 240 RUN_DEV(OVISLINK, RT3072), 241 RUN_DEV(PARA, RT3070), 242 RUN_DEV(PEGATRON, RT2870), 243 RUN_DEV(PEGATRON, RT3070), 244 RUN_DEV(PEGATRON, RT3070_2), 245 RUN_DEV(PEGATRON, RT3070_3), 246 RUN_DEV(PHILIPS, RT2870), 247 RUN_DEV(PLANEX2, GWUS300MINIS), 248 RUN_DEV(PLANEX2, GWUSMICRON), 249 RUN_DEV(PLANEX2, RT2870), 250 RUN_DEV(PLANEX2, RT3070), 251 RUN_DEV(QCOM, RT2870), 252 RUN_DEV(QUANTA, RT3070), 253 RUN_DEV(RALINK, RT2070), 254 RUN_DEV(RALINK, RT2770), 255 RUN_DEV(RALINK, RT2870), 256 RUN_DEV(RALINK, RT3070), 257 RUN_DEV(RALINK, RT3071), 258 RUN_DEV(RALINK, RT3072), 259 RUN_DEV(RALINK, RT3370), 260 RUN_DEV(RALINK, RT3572), 261 RUN_DEV(RALINK, RT5370), 262 RUN_DEV(RALINK, RT5572), 263 RUN_DEV(RALINK, RT8070), 264 RUN_DEV(SAMSUNG, WIS09ABGN), 265 RUN_DEV(SAMSUNG2, RT2870_1), 266 RUN_DEV(SENAO, RT2870_1), 267 RUN_DEV(SENAO, RT2870_2), 268 RUN_DEV(SENAO, RT2870_3), 269 RUN_DEV(SENAO, RT2870_4), 270 RUN_DEV(SENAO, RT3070), 271 RUN_DEV(SENAO, RT3071), 272 RUN_DEV(SENAO, RT3072_1), 273 RUN_DEV(SENAO, RT3072_2), 274 RUN_DEV(SENAO, RT3072_3), 275 RUN_DEV(SENAO, RT3072_4), 276 RUN_DEV(SENAO, RT3072_5), 277 RUN_DEV(SITECOMEU, RT2770), 278 RUN_DEV(SITECOMEU, RT2870_1), 279 RUN_DEV(SITECOMEU, RT2870_2), 280 RUN_DEV(SITECOMEU, RT2870_3), 281 RUN_DEV(SITECOMEU, RT2870_4), 282 RUN_DEV(SITECOMEU, RT3070), 283 RUN_DEV(SITECOMEU, RT3070_2), 284 RUN_DEV(SITECOMEU, RT3070_3), 285 RUN_DEV(SITECOMEU, RT3070_4), 286 RUN_DEV(SITECOMEU, RT3071), 287 RUN_DEV(SITECOMEU, RT3072_1), 288 RUN_DEV(SITECOMEU, RT3072_2), 289 RUN_DEV(SITECOMEU, RT3072_3), 290 RUN_DEV(SITECOMEU, RT3072_4), 291 RUN_DEV(SITECOMEU, RT3072_5), 292 RUN_DEV(SITECOMEU, RT3072_6), 293 RUN_DEV(SITECOMEU, WL608), 294 RUN_DEV(SPARKLAN, RT2870_1), 295 RUN_DEV(SPARKLAN, RT3070), 296 RUN_DEV(SWEEX2, LW153), 297 RUN_DEV(SWEEX2, LW303), 298 RUN_DEV(SWEEX2, LW313), 299 RUN_DEV(TOSHIBA, RT3070), 300 RUN_DEV(UMEDIA, RT2870_1), 301 RUN_DEV(ZCOM, RT2870_1), 302 RUN_DEV(ZCOM, RT2870_2), 303 RUN_DEV(ZINWELL, RT2870_1), 304 RUN_DEV(ZINWELL, RT2870_2), 305 RUN_DEV(ZINWELL, RT3070), 306 RUN_DEV(ZINWELL, RT3072_1), 307 RUN_DEV(ZINWELL, RT3072_2), 308 RUN_DEV(ZYXEL, RT2870_1), 309 RUN_DEV(ZYXEL, RT2870_2), 310#undef RUN_DEV 311}; 312 313static device_probe_t run_match; 314static device_attach_t run_attach; 315static device_detach_t run_detach; 316 317static usb_callback_t run_bulk_rx_callback; 318static usb_callback_t run_bulk_tx_callback0; 319static usb_callback_t run_bulk_tx_callback1; 320static usb_callback_t run_bulk_tx_callback2; 321static usb_callback_t run_bulk_tx_callback3; 322static usb_callback_t run_bulk_tx_callback4; 323static usb_callback_t run_bulk_tx_callback5; 324 325static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 326 usb_error_t error, u_int index); 327static struct ieee80211vap *run_vap_create(struct ieee80211com *, 328 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 329 const uint8_t [IEEE80211_ADDR_LEN], 330 const uint8_t [IEEE80211_ADDR_LEN]); 331static void run_vap_delete(struct ieee80211vap *); 332static void run_cmdq_cb(void *, int); 333static void run_setup_tx_list(struct run_softc *, 334 struct run_endpoint_queue *); 335static void run_unsetup_tx_list(struct run_softc *, 336 struct run_endpoint_queue *); 337static int run_load_microcode(struct run_softc *); 338static int run_reset(struct run_softc *); 339static usb_error_t run_do_request(struct run_softc *, 340 struct usb_device_request *, void *); 341static int run_read(struct run_softc *, uint16_t, uint32_t *); 342static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 343static int run_write_2(struct run_softc *, uint16_t, uint16_t); 344static int run_write(struct run_softc *, uint16_t, uint32_t); 345static int run_write_region_1(struct run_softc *, uint16_t, 346 const uint8_t *, int); 347static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 348static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 349static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 350static int run_rt2870_rf_write(struct run_softc *, uint32_t); 351static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 352static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 353static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 354static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 355static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 356static const char *run_get_rf(uint16_t); 357static int run_read_eeprom(struct run_softc *); 358static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 359 const uint8_t mac[IEEE80211_ADDR_LEN]); 360static int run_media_change(struct ifnet *); 361static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 362static int run_wme_update(struct ieee80211com *); 363static void run_wme_update_cb(void *); 364static void run_key_update_begin(struct ieee80211vap *); 365static void run_key_update_end(struct ieee80211vap *); 366static void run_key_set_cb(void *); 367static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 368 const uint8_t mac[IEEE80211_ADDR_LEN]); 369static void run_key_delete_cb(void *); 370static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 371static void run_ratectl_to(void *); 372static void run_ratectl_cb(void *, int); 373static void run_drain_fifo(void *); 374static void run_iter_func(void *, struct ieee80211_node *); 375static void run_newassoc_cb(void *); 376static void run_newassoc(struct ieee80211_node *, int); 377static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 378static void run_tx_free(struct run_endpoint_queue *pq, 379 struct run_tx_data *, int); 380static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 381static int run_tx(struct run_softc *, struct mbuf *, 382 struct ieee80211_node *); 383static int run_tx_mgt(struct run_softc *, struct mbuf *, 384 struct ieee80211_node *); 385static int run_sendprot(struct run_softc *, const struct mbuf *, 386 struct ieee80211_node *, int, int); 387static int run_tx_param(struct run_softc *, struct mbuf *, 388 struct ieee80211_node *, 389 const struct ieee80211_bpf_params *); 390static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 391 const struct ieee80211_bpf_params *); 392static void run_start(struct ifnet *); 393static int run_ioctl(struct ifnet *, u_long, caddr_t); 394static void run_set_agc(struct run_softc *, uint8_t); 395static void run_select_chan_group(struct run_softc *, int); 396static void run_set_rx_antenna(struct run_softc *, int); 397static void run_rt2870_set_chan(struct run_softc *, u_int); 398static void run_rt3070_set_chan(struct run_softc *, u_int); 399static void run_rt3572_set_chan(struct run_softc *, u_int); 400static void run_rt5390_set_chan(struct run_softc *, u_int); 401static void run_rt5592_set_chan(struct run_softc *, u_int); 402static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 403static void run_set_channel(struct ieee80211com *); 404static void run_scan_start(struct ieee80211com *); 405static void run_scan_end(struct ieee80211com *); 406static void run_update_beacon(struct ieee80211vap *, int); 407static void run_update_beacon_cb(void *); 408static void run_updateprot(struct ieee80211com *); 409static void run_updateprot_cb(void *); 410static void run_usb_timeout_cb(void *); 411static void run_reset_livelock(struct run_softc *); 412static void run_enable_tsf_sync(struct run_softc *); 413static void run_enable_mrr(struct run_softc *); 414static void run_set_txpreamble(struct run_softc *); 415static void run_set_basicrates(struct run_softc *); 416static void run_set_leds(struct run_softc *, uint16_t); 417static void run_set_bssid(struct run_softc *, const uint8_t *); 418static void run_set_macaddr(struct run_softc *, const uint8_t *); 419static void run_updateslot(struct ifnet *); 420static void run_updateslot_cb(void *); 421static void run_update_mcast(struct ifnet *); 422static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 423static void run_update_promisc_locked(struct ifnet *); 424static void run_update_promisc(struct ifnet *); 425static void run_rt5390_bbp_init(struct run_softc *); 426static int run_bbp_init(struct run_softc *); 427static int run_rt3070_rf_init(struct run_softc *); 428static void run_rt5390_rf_init(struct run_softc *); 429static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 430 uint8_t *); 431static void run_rt3070_rf_setup(struct run_softc *); 432static int run_txrx_enable(struct run_softc *); 433static void run_adjust_freq_offset(struct run_softc *); 434static void run_init(void *); 435static void run_init_locked(struct run_softc *); 436static void run_stop(void *); 437static void run_delay(struct run_softc *, u_int); 438 439static const struct { 440 uint16_t reg; 441 uint32_t val; 442} rt2870_def_mac[] = { 443 RT2870_DEF_MAC 444}; 445 446static const struct { 447 uint8_t reg; 448 uint8_t val; 449} rt2860_def_bbp[] = { 450 RT2860_DEF_BBP 451},rt5390_def_bbp[] = { 452 RT5390_DEF_BBP 453},rt5592_def_bbp[] = { 454 RT5592_DEF_BBP 455}; 456 457/* 458 * Default values for BBP register R196 for RT5592. 459 */ 460static const uint8_t rt5592_bbp_r196[] = { 461 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 462 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 463 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 464 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 465 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 466 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 467 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 468 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 469 0x2e, 0x36, 0x30, 0x6e 470}; 471 472static const struct rfprog { 473 uint8_t chan; 474 uint32_t r1, r2, r3, r4; 475} rt2860_rf2850[] = { 476 RT2860_RF2850 477}; 478 479struct { 480 uint8_t n, r, k; 481} rt3070_freqs[] = { 482 RT3070_RF3052 483}; 484 485static const struct rt5592_freqs { 486 uint16_t n; 487 uint8_t k, m, r; 488} rt5592_freqs_20mhz[] = { 489 RT5592_RF5592_20MHZ 490},rt5592_freqs_40mhz[] = { 491 RT5592_RF5592_40MHZ 492}; 493 494static const struct { 495 uint8_t reg; 496 uint8_t val; 497} rt3070_def_rf[] = { 498 RT3070_DEF_RF 499},rt3572_def_rf[] = { 500 RT3572_DEF_RF 501},rt5390_def_rf[] = { 502 RT5390_DEF_RF 503},rt5392_def_rf[] = { 504 RT5392_DEF_RF 505},rt5592_def_rf[] = { 506 RT5592_DEF_RF 507},rt5592_2ghz_def_rf[] = { 508 RT5592_2GHZ_DEF_RF 509},rt5592_5ghz_def_rf[] = { 510 RT5592_5GHZ_DEF_RF 511}; 512 513static const struct { 514 u_int firstchan; 515 u_int lastchan; 516 uint8_t reg; 517 uint8_t val; 518} rt5592_chan_5ghz[] = { 519 RT5592_CHAN_5GHZ 520}; 521 522static const struct usb_config run_config[RUN_N_XFER] = { 523 [RUN_BULK_TX_BE] = { 524 .type = UE_BULK, 525 .endpoint = UE_ADDR_ANY, 526 .ep_index = 0, 527 .direction = UE_DIR_OUT, 528 .bufsize = RUN_MAX_TXSZ, 529 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 530 .callback = run_bulk_tx_callback0, 531 .timeout = 5000, /* ms */ 532 }, 533 [RUN_BULK_TX_BK] = { 534 .type = UE_BULK, 535 .endpoint = UE_ADDR_ANY, 536 .direction = UE_DIR_OUT, 537 .ep_index = 1, 538 .bufsize = RUN_MAX_TXSZ, 539 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 540 .callback = run_bulk_tx_callback1, 541 .timeout = 5000, /* ms */ 542 }, 543 [RUN_BULK_TX_VI] = { 544 .type = UE_BULK, 545 .endpoint = UE_ADDR_ANY, 546 .direction = UE_DIR_OUT, 547 .ep_index = 2, 548 .bufsize = RUN_MAX_TXSZ, 549 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 550 .callback = run_bulk_tx_callback2, 551 .timeout = 5000, /* ms */ 552 }, 553 [RUN_BULK_TX_VO] = { 554 .type = UE_BULK, 555 .endpoint = UE_ADDR_ANY, 556 .direction = UE_DIR_OUT, 557 .ep_index = 3, 558 .bufsize = RUN_MAX_TXSZ, 559 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 560 .callback = run_bulk_tx_callback3, 561 .timeout = 5000, /* ms */ 562 }, 563 [RUN_BULK_TX_HCCA] = { 564 .type = UE_BULK, 565 .endpoint = UE_ADDR_ANY, 566 .direction = UE_DIR_OUT, 567 .ep_index = 4, 568 .bufsize = RUN_MAX_TXSZ, 569 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 570 .callback = run_bulk_tx_callback4, 571 .timeout = 5000, /* ms */ 572 }, 573 [RUN_BULK_TX_PRIO] = { 574 .type = UE_BULK, 575 .endpoint = UE_ADDR_ANY, 576 .direction = UE_DIR_OUT, 577 .ep_index = 5, 578 .bufsize = RUN_MAX_TXSZ, 579 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 580 .callback = run_bulk_tx_callback5, 581 .timeout = 5000, /* ms */ 582 }, 583 [RUN_BULK_RX] = { 584 .type = UE_BULK, 585 .endpoint = UE_ADDR_ANY, 586 .direction = UE_DIR_IN, 587 .bufsize = RUN_MAX_RXSZ, 588 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 589 .callback = run_bulk_rx_callback, 590 } 591}; 592 593static int 594run_match(device_t self) 595{ 596 struct usb_attach_arg *uaa = device_get_ivars(self); 597 598 if (uaa->usb_mode != USB_MODE_HOST) 599 return (ENXIO); 600 if (uaa->info.bConfigIndex != 0) 601 return (ENXIO); 602 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 603 return (ENXIO); 604 605 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 606} 607 608static int 609run_attach(device_t self) 610{ 611 struct run_softc *sc = device_get_softc(self); 612 struct usb_attach_arg *uaa = device_get_ivars(self); 613 struct ieee80211com *ic; 614 struct ifnet *ifp; 615 uint32_t ver; 616 int ntries, error; 617 uint8_t iface_index, bands; 618 619 device_set_usb_desc(self); 620 sc->sc_udev = uaa->device; 621 sc->sc_dev = self; 622 623 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 624 MTX_NETWORK_LOCK, MTX_DEF); 625 626 iface_index = RT2860_IFACE_INDEX; 627 628 error = usbd_transfer_setup(uaa->device, &iface_index, 629 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 630 if (error) { 631 device_printf(self, "could not allocate USB transfers, " 632 "err=%s\n", usbd_errstr(error)); 633 goto detach; 634 } 635 636 RUN_LOCK(sc); 637 638 /* wait for the chip to settle */ 639 for (ntries = 0; ntries < 100; ntries++) { 640 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 641 RUN_UNLOCK(sc); 642 goto detach; 643 } 644 if (ver != 0 && ver != 0xffffffff) 645 break; 646 run_delay(sc, 10); 647 } 648 if (ntries == 100) { 649 device_printf(sc->sc_dev, 650 "timeout waiting for NIC to initialize\n"); 651 RUN_UNLOCK(sc); 652 goto detach; 653 } 654 sc->mac_ver = ver >> 16; 655 sc->mac_rev = ver & 0xffff; 656 657 /* retrieve RF rev. no and various other things from EEPROM */ 658 run_read_eeprom(sc); 659 660 device_printf(sc->sc_dev, 661 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 662 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 663 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 664 665 RUN_UNLOCK(sc); 666 667 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 668 if (ifp == NULL) { 669 device_printf(sc->sc_dev, "can not if_alloc()\n"); 670 goto detach; 671 } 672 ic = ifp->if_l2com; 673 674 ifp->if_softc = sc; 675 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 676 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 677 ifp->if_init = run_init; 678 ifp->if_ioctl = run_ioctl; 679 ifp->if_start = run_start; 680 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 681 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 682 IFQ_SET_READY(&ifp->if_snd); 683 684 ic->ic_ifp = ifp; 685 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 686 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 687 688 /* set device capabilities */ 689 ic->ic_caps = 690 IEEE80211_C_STA | /* station mode supported */ 691 IEEE80211_C_MONITOR | /* monitor mode supported */ 692 IEEE80211_C_IBSS | 693 IEEE80211_C_HOSTAP | 694 IEEE80211_C_WDS | /* 4-address traffic works */ 695 IEEE80211_C_MBSS | 696 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 697 IEEE80211_C_SHSLOT | /* short slot time supported */ 698 IEEE80211_C_WME | /* WME */ 699 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 700 701 ic->ic_cryptocaps = 702 IEEE80211_CRYPTO_WEP | 703 IEEE80211_CRYPTO_AES_CCM | 704 IEEE80211_CRYPTO_TKIPMIC | 705 IEEE80211_CRYPTO_TKIP; 706 707 ic->ic_flags |= IEEE80211_F_DATAPAD; 708 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 709 710 bands = 0; 711 setbit(&bands, IEEE80211_MODE_11B); 712 setbit(&bands, IEEE80211_MODE_11G); 713 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 714 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT5592_RF_5592) 715 setbit(&bands, IEEE80211_MODE_11A); 716 ieee80211_init_channels(ic, NULL, &bands); 717 718 ieee80211_ifattach(ic, sc->sc_bssid); 719 720 ic->ic_scan_start = run_scan_start; 721 ic->ic_scan_end = run_scan_end; 722 ic->ic_set_channel = run_set_channel; 723 ic->ic_node_alloc = run_node_alloc; 724 ic->ic_newassoc = run_newassoc; 725 ic->ic_updateslot = run_updateslot; 726 ic->ic_update_mcast = run_update_mcast; 727 ic->ic_wme.wme_update = run_wme_update; 728 ic->ic_raw_xmit = run_raw_xmit; 729 ic->ic_update_promisc = run_update_promisc; 730 731 ic->ic_vap_create = run_vap_create; 732 ic->ic_vap_delete = run_vap_delete; 733 734 ieee80211_radiotap_attach(ic, 735 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 736 RUN_TX_RADIOTAP_PRESENT, 737 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 738 RUN_RX_RADIOTAP_PRESENT); 739 740 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 741 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 742 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 743 744 if (bootverbose) 745 ieee80211_announce(ic); 746 747 return (0); 748 749detach: 750 run_detach(self); 751 return (ENXIO); 752} 753 754static int 755run_detach(device_t self) 756{ 757 struct run_softc *sc = device_get_softc(self); 758 struct ifnet *ifp = sc->sc_ifp; 759 struct ieee80211com *ic; 760 int i; 761 762 RUN_LOCK(sc); 763 sc->sc_detached = 1; 764 RUN_UNLOCK(sc); 765 766 /* stop all USB transfers */ 767 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 768 769 RUN_LOCK(sc); 770 sc->ratectl_run = RUN_RATECTL_OFF; 771 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 772 773 /* free TX list, if any */ 774 for (i = 0; i != RUN_EP_QUEUES; i++) 775 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 776 RUN_UNLOCK(sc); 777 778 if (ifp) { 779 ic = ifp->if_l2com; 780 /* drain tasks */ 781 usb_callout_drain(&sc->ratectl_ch); 782 ieee80211_draintask(ic, &sc->cmdq_task); 783 ieee80211_draintask(ic, &sc->ratectl_task); 784 ieee80211_ifdetach(ic); 785 if_free(ifp); 786 } 787 788 mtx_destroy(&sc->sc_mtx); 789 790 return (0); 791} 792 793static struct ieee80211vap * 794run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 795 enum ieee80211_opmode opmode, int flags, 796 const uint8_t bssid[IEEE80211_ADDR_LEN], 797 const uint8_t mac[IEEE80211_ADDR_LEN]) 798{ 799 struct ifnet *ifp = ic->ic_ifp; 800 struct run_softc *sc = ifp->if_softc; 801 struct run_vap *rvp; 802 struct ieee80211vap *vap; 803 int i; 804 805 if (sc->rvp_cnt >= RUN_VAP_MAX) { 806 if_printf(ifp, "number of VAPs maxed out\n"); 807 return (NULL); 808 } 809 810 switch (opmode) { 811 case IEEE80211_M_STA: 812 /* enable s/w bmiss handling for sta mode */ 813 flags |= IEEE80211_CLONE_NOBEACONS; 814 /* fall though */ 815 case IEEE80211_M_IBSS: 816 case IEEE80211_M_MONITOR: 817 case IEEE80211_M_HOSTAP: 818 case IEEE80211_M_MBSS: 819 /* other than WDS vaps, only one at a time */ 820 if (!TAILQ_EMPTY(&ic->ic_vaps)) 821 return (NULL); 822 break; 823 case IEEE80211_M_WDS: 824 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 825 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 826 continue; 827 /* WDS vap's always share the local mac address. */ 828 flags &= ~IEEE80211_CLONE_BSSID; 829 break; 830 } 831 if (vap == NULL) { 832 if_printf(ifp, "wds only supported in ap mode\n"); 833 return (NULL); 834 } 835 break; 836 default: 837 if_printf(ifp, "unknown opmode %d\n", opmode); 838 return (NULL); 839 } 840 841 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 842 M_80211_VAP, M_NOWAIT | M_ZERO); 843 if (rvp == NULL) 844 return (NULL); 845 vap = &rvp->vap; 846 847 if (ieee80211_vap_setup(ic, vap, name, unit, 848 opmode, flags, bssid, mac) != 0) { 849 /* out of memory */ 850 free(rvp, M_80211_VAP); 851 return (NULL); 852 } 853 854 vap->iv_key_update_begin = run_key_update_begin; 855 vap->iv_key_update_end = run_key_update_end; 856 vap->iv_update_beacon = run_update_beacon; 857 vap->iv_max_aid = RT2870_WCID_MAX; 858 /* 859 * To delete the right key from h/w, we need wcid. 860 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 861 * and matching wcid will be written into there. So, cast 862 * some spells to remove 'const' from ieee80211_key{} 863 */ 864 vap->iv_key_delete = (void *)run_key_delete; 865 vap->iv_key_set = (void *)run_key_set; 866 867 /* override state transition machine */ 868 rvp->newstate = vap->iv_newstate; 869 vap->iv_newstate = run_newstate; 870 871 ieee80211_ratectl_init(vap); 872 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 873 874 /* complete setup */ 875 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 876 877 /* make sure id is always unique */ 878 for (i = 0; i < RUN_VAP_MAX; i++) { 879 if((sc->rvp_bmap & 1 << i) == 0){ 880 sc->rvp_bmap |= 1 << i; 881 rvp->rvp_id = i; 882 break; 883 } 884 } 885 if (sc->rvp_cnt++ == 0) 886 ic->ic_opmode = opmode; 887 888 if (opmode == IEEE80211_M_HOSTAP) 889 sc->cmdq_run = RUN_CMDQ_GO; 890 891 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 892 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 893 894 return (vap); 895} 896 897static void 898run_vap_delete(struct ieee80211vap *vap) 899{ 900 struct run_vap *rvp = RUN_VAP(vap); 901 struct ifnet *ifp; 902 struct ieee80211com *ic; 903 struct run_softc *sc; 904 uint8_t rvp_id; 905 906 if (vap == NULL) 907 return; 908 909 ic = vap->iv_ic; 910 ifp = ic->ic_ifp; 911 912 sc = ifp->if_softc; 913 914 RUN_LOCK(sc); 915 916 m_freem(rvp->beacon_mbuf); 917 rvp->beacon_mbuf = NULL; 918 919 rvp_id = rvp->rvp_id; 920 sc->ratectl_run &= ~(1 << rvp_id); 921 sc->rvp_bmap &= ~(1 << rvp_id); 922 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 923 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 924 --sc->rvp_cnt; 925 926 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 927 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 928 929 RUN_UNLOCK(sc); 930 931 ieee80211_ratectl_deinit(vap); 932 ieee80211_vap_detach(vap); 933 free(rvp, M_80211_VAP); 934} 935 936/* 937 * There are numbers of functions need to be called in context thread. 938 * Rather than creating taskqueue event for each of those functions, 939 * here is all-for-one taskqueue callback function. This function 940 * gurantees deferred functions are executed in the same order they 941 * were enqueued. 942 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 943 */ 944static void 945run_cmdq_cb(void *arg, int pending) 946{ 947 struct run_softc *sc = arg; 948 uint8_t i; 949 950 /* call cmdq[].func locked */ 951 RUN_LOCK(sc); 952 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 953 i = sc->cmdq_exec, pending--) { 954 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 955 if (sc->cmdq_run == RUN_CMDQ_GO) { 956 /* 957 * If arg0 is NULL, callback func needs more 958 * than one arg. So, pass ptr to cmdq struct. 959 */ 960 if (sc->cmdq[i].arg0) 961 sc->cmdq[i].func(sc->cmdq[i].arg0); 962 else 963 sc->cmdq[i].func(&sc->cmdq[i]); 964 } 965 sc->cmdq[i].arg0 = NULL; 966 sc->cmdq[i].func = NULL; 967 sc->cmdq_exec++; 968 sc->cmdq_exec &= RUN_CMDQ_MASQ; 969 } 970 RUN_UNLOCK(sc); 971} 972 973static void 974run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 975{ 976 struct run_tx_data *data; 977 978 memset(pq, 0, sizeof(*pq)); 979 980 STAILQ_INIT(&pq->tx_qh); 981 STAILQ_INIT(&pq->tx_fh); 982 983 for (data = &pq->tx_data[0]; 984 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 985 data->sc = sc; 986 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 987 } 988 pq->tx_nfree = RUN_TX_RING_COUNT; 989} 990 991static void 992run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 993{ 994 struct run_tx_data *data; 995 996 /* make sure any subsequent use of the queues will fail */ 997 pq->tx_nfree = 0; 998 STAILQ_INIT(&pq->tx_fh); 999 STAILQ_INIT(&pq->tx_qh); 1000 1001 /* free up all node references and mbufs */ 1002 for (data = &pq->tx_data[0]; 1003 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1004 if (data->m != NULL) { 1005 m_freem(data->m); 1006 data->m = NULL; 1007 } 1008 if (data->ni != NULL) { 1009 ieee80211_free_node(data->ni); 1010 data->ni = NULL; 1011 } 1012 } 1013} 1014 1015static int 1016run_load_microcode(struct run_softc *sc) 1017{ 1018 usb_device_request_t req; 1019 const struct firmware *fw; 1020 const u_char *base; 1021 uint32_t tmp; 1022 int ntries, error; 1023 const uint64_t *temp; 1024 uint64_t bytes; 1025 1026 RUN_UNLOCK(sc); 1027 fw = firmware_get("runfw"); 1028 RUN_LOCK(sc); 1029 if (fw == NULL) { 1030 device_printf(sc->sc_dev, 1031 "failed loadfirmware of file %s\n", "runfw"); 1032 return ENOENT; 1033 } 1034 1035 if (fw->datasize != 8192) { 1036 device_printf(sc->sc_dev, 1037 "invalid firmware size (should be 8KB)\n"); 1038 error = EINVAL; 1039 goto fail; 1040 } 1041 1042 /* 1043 * RT3071/RT3072 use a different firmware 1044 * run-rt2870 (8KB) contains both, 1045 * first half (4KB) is for rt2870, 1046 * last half is for rt3071. 1047 */ 1048 base = fw->data; 1049 if ((sc->mac_ver) != 0x2860 && 1050 (sc->mac_ver) != 0x2872 && 1051 (sc->mac_ver) != 0x3070) { 1052 base += 4096; 1053 } 1054 1055 /* cheap sanity check */ 1056 temp = fw->data; 1057 bytes = *temp; 1058 if (bytes != be64toh(0xffffff0210280210ULL)) { 1059 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1060 error = EINVAL; 1061 goto fail; 1062 } 1063 1064 /* write microcode image */ 1065 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1066 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1067 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1068 1069 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1070 req.bRequest = RT2870_RESET; 1071 USETW(req.wValue, 8); 1072 USETW(req.wIndex, 0); 1073 USETW(req.wLength, 0); 1074 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1075 != 0) { 1076 device_printf(sc->sc_dev, "firmware reset failed\n"); 1077 goto fail; 1078 } 1079 1080 run_delay(sc, 10); 1081 1082 run_write(sc, RT2860_H2M_MAILBOX, 0); 1083 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1084 goto fail; 1085 1086 /* wait until microcontroller is ready */ 1087 for (ntries = 0; ntries < 1000; ntries++) { 1088 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1089 goto fail; 1090 } 1091 if (tmp & RT2860_MCU_READY) 1092 break; 1093 run_delay(sc, 10); 1094 } 1095 if (ntries == 1000) { 1096 device_printf(sc->sc_dev, 1097 "timeout waiting for MCU to initialize\n"); 1098 error = ETIMEDOUT; 1099 goto fail; 1100 } 1101 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1102 (base == fw->data) ? "RT2870" : "RT3071", 1103 *(base + 4092), *(base + 4093)); 1104 1105fail: 1106 firmware_put(fw, FIRMWARE_UNLOAD); 1107 return (error); 1108} 1109 1110static int 1111run_reset(struct run_softc *sc) 1112{ 1113 usb_device_request_t req; 1114 1115 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1116 req.bRequest = RT2870_RESET; 1117 USETW(req.wValue, 1); 1118 USETW(req.wIndex, 0); 1119 USETW(req.wLength, 0); 1120 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1121} 1122 1123static usb_error_t 1124run_do_request(struct run_softc *sc, 1125 struct usb_device_request *req, void *data) 1126{ 1127 usb_error_t err; 1128 int ntries = 10; 1129 1130 RUN_LOCK_ASSERT(sc, MA_OWNED); 1131 1132 while (ntries--) { 1133 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1134 req, data, 0, NULL, 250 /* ms */); 1135 if (err == 0) 1136 break; 1137 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1138 usbd_errstr(err)); 1139 run_delay(sc, 10); 1140 } 1141 return (err); 1142} 1143 1144static int 1145run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1146{ 1147 uint32_t tmp; 1148 int error; 1149 1150 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1151 if (error == 0) 1152 *val = le32toh(tmp); 1153 else 1154 *val = 0xffffffff; 1155 return (error); 1156} 1157 1158static int 1159run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1160{ 1161 usb_device_request_t req; 1162 1163 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1164 req.bRequest = RT2870_READ_REGION_1; 1165 USETW(req.wValue, 0); 1166 USETW(req.wIndex, reg); 1167 USETW(req.wLength, len); 1168 1169 return (run_do_request(sc, &req, buf)); 1170} 1171 1172static int 1173run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1174{ 1175 usb_device_request_t req; 1176 1177 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1178 req.bRequest = RT2870_WRITE_2; 1179 USETW(req.wValue, val); 1180 USETW(req.wIndex, reg); 1181 USETW(req.wLength, 0); 1182 1183 return (run_do_request(sc, &req, NULL)); 1184} 1185 1186static int 1187run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1188{ 1189 int error; 1190 1191 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1192 error = run_write_2(sc, reg + 2, val >> 16); 1193 return (error); 1194} 1195 1196static int 1197run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1198 int len) 1199{ 1200#if 1 1201 int i, error = 0; 1202 /* 1203 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1204 * We thus issue multiple WRITE_2 commands instead. 1205 */ 1206 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1207 for (i = 0; i < len && error == 0; i += 2) 1208 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1209 return (error); 1210#else 1211 usb_device_request_t req; 1212 int error = 0; 1213 1214 /* 1215 * NOTE: It appears the WRITE_REGION_1 command cannot be 1216 * passed a huge amount of data, which will crash the 1217 * firmware. Limit amount of data passed to 64-bytes at a 1218 * time. 1219 */ 1220 while (len > 0) { 1221 int delta = 64; 1222 if (delta > len) 1223 delta = len; 1224 1225 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1226 req.bRequest = RT2870_WRITE_REGION_1; 1227 USETW(req.wValue, 0); 1228 USETW(req.wIndex, reg); 1229 USETW(req.wLength, delta); 1230 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1231 if (error != 0) 1232 break; 1233 reg += delta; 1234 buf += delta; 1235 len -= delta; 1236 } 1237 return (error); 1238#endif 1239} 1240 1241static int 1242run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1243{ 1244 int i, error = 0; 1245 1246 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1247 for (i = 0; i < len && error == 0; i += 4) 1248 error = run_write(sc, reg + i, val); 1249 return (error); 1250} 1251 1252/* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1253static int 1254run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1255{ 1256 uint32_t tmp; 1257 uint16_t reg; 1258 int error, ntries; 1259 1260 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1261 return (error); 1262 1263 addr *= 2; 1264 /*- 1265 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1266 * DATA0: F E D C 1267 * DATA1: B A 9 8 1268 * DATA2: 7 6 5 4 1269 * DATA3: 3 2 1 0 1270 */ 1271 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1272 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1273 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1274 for (ntries = 0; ntries < 100; ntries++) { 1275 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1276 return (error); 1277 if (!(tmp & RT3070_EFSROM_KICK)) 1278 break; 1279 run_delay(sc, 2); 1280 } 1281 if (ntries == 100) 1282 return (ETIMEDOUT); 1283 1284 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1285 *val = 0xffff; /* address not found */ 1286 return (0); 1287 } 1288 /* determine to which 32-bit register our 16-bit word belongs */ 1289 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1290 if ((error = run_read(sc, reg, &tmp)) != 0) 1291 return (error); 1292 1293 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1294 return (0); 1295} 1296 1297static int 1298run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1299{ 1300 usb_device_request_t req; 1301 uint16_t tmp; 1302 int error; 1303 1304 addr *= 2; 1305 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1306 req.bRequest = RT2870_EEPROM_READ; 1307 USETW(req.wValue, 0); 1308 USETW(req.wIndex, addr); 1309 USETW(req.wLength, sizeof tmp); 1310 1311 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1312 if (error == 0) 1313 *val = le16toh(tmp); 1314 else 1315 *val = 0xffff; 1316 return (error); 1317} 1318 1319static __inline int 1320run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1321{ 1322 /* either eFUSE ROM or EEPROM */ 1323 return sc->sc_srom_read(sc, addr, val); 1324} 1325 1326static int 1327run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1328{ 1329 uint32_t tmp; 1330 int error, ntries; 1331 1332 for (ntries = 0; ntries < 10; ntries++) { 1333 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1334 return (error); 1335 if (!(tmp & RT2860_RF_REG_CTRL)) 1336 break; 1337 } 1338 if (ntries == 10) 1339 return (ETIMEDOUT); 1340 1341 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1342} 1343 1344static int 1345run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1346{ 1347 uint32_t tmp; 1348 int error, ntries; 1349 1350 for (ntries = 0; ntries < 100; ntries++) { 1351 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1352 return (error); 1353 if (!(tmp & RT3070_RF_KICK)) 1354 break; 1355 } 1356 if (ntries == 100) 1357 return (ETIMEDOUT); 1358 1359 tmp = RT3070_RF_KICK | reg << 8; 1360 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1361 return (error); 1362 1363 for (ntries = 0; ntries < 100; ntries++) { 1364 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1365 return (error); 1366 if (!(tmp & RT3070_RF_KICK)) 1367 break; 1368 } 1369 if (ntries == 100) 1370 return (ETIMEDOUT); 1371 1372 *val = tmp & 0xff; 1373 return (0); 1374} 1375 1376static int 1377run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1378{ 1379 uint32_t tmp; 1380 int error, ntries; 1381 1382 for (ntries = 0; ntries < 10; ntries++) { 1383 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1384 return (error); 1385 if (!(tmp & RT3070_RF_KICK)) 1386 break; 1387 } 1388 if (ntries == 10) 1389 return (ETIMEDOUT); 1390 1391 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1392 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1393} 1394 1395static int 1396run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1397{ 1398 uint32_t tmp; 1399 int ntries, error; 1400 1401 for (ntries = 0; ntries < 10; ntries++) { 1402 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1403 return (error); 1404 if (!(tmp & RT2860_BBP_CSR_KICK)) 1405 break; 1406 } 1407 if (ntries == 10) 1408 return (ETIMEDOUT); 1409 1410 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1411 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1412 return (error); 1413 1414 for (ntries = 0; ntries < 10; ntries++) { 1415 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1416 return (error); 1417 if (!(tmp & RT2860_BBP_CSR_KICK)) 1418 break; 1419 } 1420 if (ntries == 10) 1421 return (ETIMEDOUT); 1422 1423 *val = tmp & 0xff; 1424 return (0); 1425} 1426 1427static int 1428run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1429{ 1430 uint32_t tmp; 1431 int ntries, error; 1432 1433 for (ntries = 0; ntries < 10; ntries++) { 1434 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1435 return (error); 1436 if (!(tmp & RT2860_BBP_CSR_KICK)) 1437 break; 1438 } 1439 if (ntries == 10) 1440 return (ETIMEDOUT); 1441 1442 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1443 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1444} 1445 1446/* 1447 * Send a command to the 8051 microcontroller unit. 1448 */ 1449static int 1450run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1451{ 1452 uint32_t tmp; 1453 int error, ntries; 1454 1455 for (ntries = 0; ntries < 100; ntries++) { 1456 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1457 return error; 1458 if (!(tmp & RT2860_H2M_BUSY)) 1459 break; 1460 } 1461 if (ntries == 100) 1462 return ETIMEDOUT; 1463 1464 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1465 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1466 error = run_write(sc, RT2860_HOST_CMD, cmd); 1467 return (error); 1468} 1469 1470/* 1471 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1472 * Used to adjust per-rate Tx power registers. 1473 */ 1474static __inline uint32_t 1475b4inc(uint32_t b32, int8_t delta) 1476{ 1477 int8_t i, b4; 1478 1479 for (i = 0; i < 8; i++) { 1480 b4 = b32 & 0xf; 1481 b4 += delta; 1482 if (b4 < 0) 1483 b4 = 0; 1484 else if (b4 > 0xf) 1485 b4 = 0xf; 1486 b32 = b32 >> 4 | b4 << 28; 1487 } 1488 return (b32); 1489} 1490 1491static const char * 1492run_get_rf(uint16_t rev) 1493{ 1494 switch (rev) { 1495 case RT2860_RF_2820: return "RT2820"; 1496 case RT2860_RF_2850: return "RT2850"; 1497 case RT2860_RF_2720: return "RT2720"; 1498 case RT2860_RF_2750: return "RT2750"; 1499 case RT3070_RF_3020: return "RT3020"; 1500 case RT3070_RF_2020: return "RT2020"; 1501 case RT3070_RF_3021: return "RT3021"; 1502 case RT3070_RF_3022: return "RT3022"; 1503 case RT3070_RF_3052: return "RT3052"; 1504 case RT5592_RF_5592: return "RT5592"; 1505 case RT5390_RF_5370: return "RT5370"; 1506 case RT5390_RF_5372: return "RT5372"; 1507 } 1508 return ("unknown"); 1509} 1510 1511static int 1512run_read_eeprom(struct run_softc *sc) 1513{ 1514 int8_t delta_2ghz, delta_5ghz; 1515 uint32_t tmp; 1516 uint16_t val; 1517 int ridx, ant, i; 1518 1519 /* check whether the ROM is eFUSE ROM or EEPROM */ 1520 sc->sc_srom_read = run_eeprom_read_2; 1521 if (sc->mac_ver >= 0x3070) { 1522 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1523 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1524 if (tmp & RT3070_SEL_EFUSE) 1525 sc->sc_srom_read = run_efuse_read_2; 1526 } 1527 1528 /* read ROM version */ 1529 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1530 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1531 1532 /* read MAC address */ 1533 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1534 sc->sc_bssid[0] = val & 0xff; 1535 sc->sc_bssid[1] = val >> 8; 1536 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1537 sc->sc_bssid[2] = val & 0xff; 1538 sc->sc_bssid[3] = val >> 8; 1539 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1540 sc->sc_bssid[4] = val & 0xff; 1541 sc->sc_bssid[5] = val >> 8; 1542 1543 if (sc->mac_ver < 0x5390) { 1544 /* read vender BBP settings */ 1545 for (i = 0; i < 10; i++) { 1546 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1547 sc->bbp[i].val = val & 0xff; 1548 sc->bbp[i].reg = val >> 8; 1549 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1550 sc->bbp[i].val); 1551 } 1552 if (sc->mac_ver >= 0x3071) { 1553 /* read vendor RF settings */ 1554 for (i = 0; i < 10; i++) { 1555 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1556 &val); 1557 sc->rf[i].val = val & 0xff; 1558 sc->rf[i].reg = val >> 8; 1559 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1560 sc->rf[i].val); 1561 } 1562 } 1563 } 1564 1565 /* read RF frequency offset from EEPROM */ 1566 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1567 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1568 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1569 1570 if (val >> 8 != 0xff) { 1571 /* read LEDs operating mode */ 1572 sc->leds = val >> 8; 1573 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1574 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1575 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1576 } else { 1577 /* broken EEPROM, use default settings */ 1578 sc->leds = 0x01; 1579 sc->led[0] = 0x5555; 1580 sc->led[1] = 0x2221; 1581 sc->led[2] = 0x5627; /* differs from RT2860 */ 1582 } 1583 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1584 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1585 1586 /* read RF information */ 1587 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1588 run_srom_read(sc, 0x00, &val); 1589 else 1590 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1591 1592 if (val == 0xffff) { 1593 DPRINTF("invalid EEPROM antenna info, using default\n"); 1594 if (sc->mac_ver == 0x3572) { 1595 /* default to RF3052 2T2R */ 1596 sc->rf_rev = RT3070_RF_3052; 1597 sc->ntxchains = 2; 1598 sc->nrxchains = 2; 1599 } else if (sc->mac_ver >= 0x3070) { 1600 /* default to RF3020 1T1R */ 1601 sc->rf_rev = RT3070_RF_3020; 1602 sc->ntxchains = 1; 1603 sc->nrxchains = 1; 1604 } else { 1605 /* default to RF2820 1T2R */ 1606 sc->rf_rev = RT2860_RF_2820; 1607 sc->ntxchains = 1; 1608 sc->nrxchains = 2; 1609 } 1610 } else { 1611 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1612 sc->rf_rev = val; 1613 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1614 } else 1615 sc->rf_rev = (val >> 8) & 0xf; 1616 sc->ntxchains = (val >> 4) & 0xf; 1617 sc->nrxchains = val & 0xf; 1618 } 1619 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1620 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1621 1622 /* check if RF supports automatic Tx access gain control */ 1623 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1624 DPRINTF("EEPROM CFG 0x%04x\n", val); 1625 /* check if driver should patch the DAC issue */ 1626 if ((val >> 8) != 0xff) 1627 sc->patch_dac = (val >> 15) & 1; 1628 if ((val & 0xff) != 0xff) { 1629 sc->ext_5ghz_lna = (val >> 3) & 1; 1630 sc->ext_2ghz_lna = (val >> 2) & 1; 1631 /* check if RF supports automatic Tx access gain control */ 1632 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1633 /* check if we have a hardware radio switch */ 1634 sc->rfswitch = val & 1; 1635 } 1636 1637 /* read power settings for 2GHz channels */ 1638 for (i = 0; i < 14; i += 2) { 1639 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1640 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1641 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1642 1643 if (sc->mac_ver != 0x5390) { 1644 run_srom_read(sc, 1645 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1646 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1647 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1648 } 1649 } 1650 /* fix broken Tx power entries */ 1651 for (i = 0; i < 14; i++) { 1652 if (sc->mac_ver >= 0x5390) { 1653 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1654 sc->txpow1[i] = 5; 1655 } else { 1656 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1657 sc->txpow1[i] = 5; 1658 } 1659 if (sc->mac_ver > 0x5390) { 1660 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1661 sc->txpow2[i] = 5; 1662 } else if (sc->mac_ver < 0x5390) { 1663 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1664 sc->txpow2[i] = 5; 1665 } 1666 DPRINTF("chan %d: power1=%d, power2=%d\n", 1667 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1668 } 1669 /* read power settings for 5GHz channels */ 1670 for (i = 0; i < 40; i += 2) { 1671 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1672 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1673 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1674 1675 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1676 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1677 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1678 } 1679 /* fix broken Tx power entries */ 1680 for (i = 0; i < 40; i++ ) { 1681 if (sc->mac_ver != 0x5592) { 1682 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1683 sc->txpow1[14 + i] = 5; 1684 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1685 sc->txpow2[14 + i] = 5; 1686 } 1687 DPRINTF("chan %d: power1=%d, power2=%d\n", 1688 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1689 sc->txpow2[14 + i]); 1690 } 1691 1692 /* read Tx power compensation for each Tx rate */ 1693 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1694 delta_2ghz = delta_5ghz = 0; 1695 if ((val & 0xff) != 0xff && (val & 0x80)) { 1696 delta_2ghz = val & 0xf; 1697 if (!(val & 0x40)) /* negative number */ 1698 delta_2ghz = -delta_2ghz; 1699 } 1700 val >>= 8; 1701 if ((val & 0xff) != 0xff && (val & 0x80)) { 1702 delta_5ghz = val & 0xf; 1703 if (!(val & 0x40)) /* negative number */ 1704 delta_5ghz = -delta_5ghz; 1705 } 1706 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1707 delta_2ghz, delta_5ghz); 1708 1709 for (ridx = 0; ridx < 5; ridx++) { 1710 uint32_t reg; 1711 1712 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1713 reg = val; 1714 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1715 reg |= (uint32_t)val << 16; 1716 1717 sc->txpow20mhz[ridx] = reg; 1718 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1719 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1720 1721 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1722 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1723 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1724 } 1725 1726 /* read RSSI offsets and LNA gains from EEPROM */ 1727 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1728 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1729 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1730 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1731 if (sc->mac_ver >= 0x3070) { 1732 /* 1733 * On RT3070 chips (limited to 2 Rx chains), this ROM 1734 * field contains the Tx mixer gain for the 2GHz band. 1735 */ 1736 if ((val & 0xff) != 0xff) 1737 sc->txmixgain_2ghz = val & 0x7; 1738 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1739 } else 1740 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1741 sc->lna[2] = val >> 8; /* channel group 2 */ 1742 1743 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1744 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1745 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1746 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1747 if (sc->mac_ver == 0x3572) { 1748 /* 1749 * On RT3572 chips (limited to 2 Rx chains), this ROM 1750 * field contains the Tx mixer gain for the 5GHz band. 1751 */ 1752 if ((val & 0xff) != 0xff) 1753 sc->txmixgain_5ghz = val & 0x7; 1754 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1755 } else 1756 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1757 sc->lna[3] = val >> 8; /* channel group 3 */ 1758 1759 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1760 sc->lna[0] = val & 0xff; /* channel group 0 */ 1761 sc->lna[1] = val >> 8; /* channel group 1 */ 1762 1763 /* fix broken 5GHz LNA entries */ 1764 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1765 DPRINTF("invalid LNA for channel group %d\n", 2); 1766 sc->lna[2] = sc->lna[1]; 1767 } 1768 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1769 DPRINTF("invalid LNA for channel group %d\n", 3); 1770 sc->lna[3] = sc->lna[1]; 1771 } 1772 1773 /* fix broken RSSI offset entries */ 1774 for (ant = 0; ant < 3; ant++) { 1775 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1776 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1777 ant + 1, sc->rssi_2ghz[ant]); 1778 sc->rssi_2ghz[ant] = 0; 1779 } 1780 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1781 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1782 ant + 1, sc->rssi_5ghz[ant]); 1783 sc->rssi_5ghz[ant] = 0; 1784 } 1785 } 1786 return (0); 1787} 1788 1789static struct ieee80211_node * 1790run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1791{ 1792 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1793} 1794 1795static int 1796run_media_change(struct ifnet *ifp) 1797{ 1798 struct ieee80211vap *vap = ifp->if_softc; 1799 struct ieee80211com *ic = vap->iv_ic; 1800 const struct ieee80211_txparam *tp; 1801 struct run_softc *sc = ic->ic_ifp->if_softc; 1802 uint8_t rate, ridx; 1803 int error; 1804 1805 RUN_LOCK(sc); 1806 1807 error = ieee80211_media_change(ifp); 1808 if (error != ENETRESET) { 1809 RUN_UNLOCK(sc); 1810 return (error); 1811 } 1812 1813 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1814 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1815 struct ieee80211_node *ni; 1816 struct run_node *rn; 1817 1818 rate = ic->ic_sup_rates[ic->ic_curmode]. 1819 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1820 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1821 if (rt2860_rates[ridx].rate == rate) 1822 break; 1823 ni = ieee80211_ref_node(vap->iv_bss); 1824 rn = (struct run_node *)ni; 1825 rn->fix_ridx = ridx; 1826 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1827 ieee80211_free_node(ni); 1828 } 1829 1830#if 0 1831 if ((ifp->if_flags & IFF_UP) && 1832 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1833 run_init_locked(sc); 1834 } 1835#endif 1836 1837 RUN_UNLOCK(sc); 1838 1839 return (0); 1840} 1841 1842static int 1843run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1844{ 1845 const struct ieee80211_txparam *tp; 1846 struct ieee80211com *ic = vap->iv_ic; 1847 struct run_softc *sc = ic->ic_ifp->if_softc; 1848 struct run_vap *rvp = RUN_VAP(vap); 1849 enum ieee80211_state ostate; 1850 uint32_t sta[3]; 1851 uint32_t tmp; 1852 uint8_t ratectl; 1853 uint8_t restart_ratectl = 0; 1854 uint8_t bid = 1 << rvp->rvp_id; 1855 1856 ostate = vap->iv_state; 1857 DPRINTF("%s -> %s\n", 1858 ieee80211_state_name[ostate], 1859 ieee80211_state_name[nstate]); 1860 1861 IEEE80211_UNLOCK(ic); 1862 RUN_LOCK(sc); 1863 1864 ratectl = sc->ratectl_run; /* remember current state */ 1865 sc->ratectl_run = RUN_RATECTL_OFF; 1866 usb_callout_stop(&sc->ratectl_ch); 1867 1868 if (ostate == IEEE80211_S_RUN) { 1869 /* turn link LED off */ 1870 run_set_leds(sc, RT2860_LED_RADIO); 1871 } 1872 1873 switch (nstate) { 1874 case IEEE80211_S_INIT: 1875 restart_ratectl = 1; 1876 1877 if (ostate != IEEE80211_S_RUN) 1878 break; 1879 1880 ratectl &= ~bid; 1881 sc->runbmap &= ~bid; 1882 1883 /* abort TSF synchronization if there is no vap running */ 1884 if (--sc->running == 0) { 1885 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1886 run_write(sc, RT2860_BCN_TIME_CFG, 1887 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1888 RT2860_TBTT_TIMER_EN)); 1889 } 1890 break; 1891 1892 case IEEE80211_S_RUN: 1893 if (!(sc->runbmap & bid)) { 1894 if(sc->running++) 1895 restart_ratectl = 1; 1896 sc->runbmap |= bid; 1897 } 1898 1899 m_freem(rvp->beacon_mbuf); 1900 rvp->beacon_mbuf = NULL; 1901 1902 switch (vap->iv_opmode) { 1903 case IEEE80211_M_HOSTAP: 1904 case IEEE80211_M_MBSS: 1905 sc->ap_running |= bid; 1906 ic->ic_opmode = vap->iv_opmode; 1907 run_update_beacon_cb(vap); 1908 break; 1909 case IEEE80211_M_IBSS: 1910 sc->adhoc_running |= bid; 1911 if (!sc->ap_running) 1912 ic->ic_opmode = vap->iv_opmode; 1913 run_update_beacon_cb(vap); 1914 break; 1915 case IEEE80211_M_STA: 1916 sc->sta_running |= bid; 1917 if (!sc->ap_running && !sc->adhoc_running) 1918 ic->ic_opmode = vap->iv_opmode; 1919 1920 /* read statistic counters (clear on read) */ 1921 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1922 (uint8_t *)sta, sizeof sta); 1923 1924 break; 1925 default: 1926 ic->ic_opmode = vap->iv_opmode; 1927 break; 1928 } 1929 1930 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1931 struct ieee80211_node *ni; 1932 1933 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 1934 RUN_UNLOCK(sc); 1935 IEEE80211_LOCK(ic); 1936 return (-1); 1937 } 1938 run_updateslot(ic->ic_ifp); 1939 run_enable_mrr(sc); 1940 run_set_txpreamble(sc); 1941 run_set_basicrates(sc); 1942 ni = ieee80211_ref_node(vap->iv_bss); 1943 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1944 run_set_bssid(sc, ni->ni_bssid); 1945 ieee80211_free_node(ni); 1946 run_enable_tsf_sync(sc); 1947 1948 /* enable automatic rate adaptation */ 1949 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1950 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1951 ratectl |= bid; 1952 } 1953 1954 /* turn link LED on */ 1955 run_set_leds(sc, RT2860_LED_RADIO | 1956 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1957 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1958 1959 break; 1960 default: 1961 DPRINTFN(6, "undefined case\n"); 1962 break; 1963 } 1964 1965 /* restart amrr for running VAPs */ 1966 if ((sc->ratectl_run = ratectl) && restart_ratectl) 1967 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 1968 1969 RUN_UNLOCK(sc); 1970 IEEE80211_LOCK(ic); 1971 1972 return(rvp->newstate(vap, nstate, arg)); 1973} 1974 1975/* ARGSUSED */ 1976static void 1977run_wme_update_cb(void *arg) 1978{ 1979 struct ieee80211com *ic = arg; 1980 struct run_softc *sc = ic->ic_ifp->if_softc; 1981 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 1982 int aci, error = 0; 1983 1984 RUN_LOCK_ASSERT(sc, MA_OWNED); 1985 1986 /* update MAC TX configuration registers */ 1987 for (aci = 0; aci < WME_NUM_AC; aci++) { 1988 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 1989 wmesp->wme_params[aci].wmep_logcwmax << 16 | 1990 wmesp->wme_params[aci].wmep_logcwmin << 12 | 1991 wmesp->wme_params[aci].wmep_aifsn << 8 | 1992 wmesp->wme_params[aci].wmep_txopLimit); 1993 if (error) goto err; 1994 } 1995 1996 /* update SCH/DMA registers too */ 1997 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 1998 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 1999 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2000 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2001 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2002 if (error) goto err; 2003 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2004 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2005 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2006 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2007 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2008 if (error) goto err; 2009 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2010 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2011 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2012 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2013 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2014 if (error) goto err; 2015 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2016 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2017 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2018 if (error) goto err; 2019 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2020 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2021 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2022 2023err: 2024 if (error) 2025 DPRINTF("WME update failed\n"); 2026 2027 return; 2028} 2029 2030static int 2031run_wme_update(struct ieee80211com *ic) 2032{ 2033 struct run_softc *sc = ic->ic_ifp->if_softc; 2034 2035 /* sometime called wothout lock */ 2036 if (mtx_owned(&ic->ic_comlock.mtx)) { 2037 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2038 DPRINTF("cmdq_store=%d\n", i); 2039 sc->cmdq[i].func = run_wme_update_cb; 2040 sc->cmdq[i].arg0 = ic; 2041 ieee80211_runtask(ic, &sc->cmdq_task); 2042 return (0); 2043 } 2044 2045 RUN_LOCK(sc); 2046 run_wme_update_cb(ic); 2047 RUN_UNLOCK(sc); 2048 2049 /* return whatever, upper layer desn't care anyway */ 2050 return (0); 2051} 2052 2053static void 2054run_key_update_begin(struct ieee80211vap *vap) 2055{ 2056 /* 2057 * To avoid out-of-order events, both run_key_set() and 2058 * _delete() are deferred and handled by run_cmdq_cb(). 2059 * So, there is nothing we need to do here. 2060 */ 2061} 2062 2063static void 2064run_key_update_end(struct ieee80211vap *vap) 2065{ 2066 /* null */ 2067} 2068 2069static void 2070run_key_set_cb(void *arg) 2071{ 2072 struct run_cmdq *cmdq = arg; 2073 struct ieee80211vap *vap = cmdq->arg1; 2074 struct ieee80211_key *k = cmdq->k; 2075 struct ieee80211com *ic = vap->iv_ic; 2076 struct run_softc *sc = ic->ic_ifp->if_softc; 2077 struct ieee80211_node *ni; 2078 uint32_t attr; 2079 uint16_t base, associd; 2080 uint8_t mode, wcid, iv[8]; 2081 2082 RUN_LOCK_ASSERT(sc, MA_OWNED); 2083 2084 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2085 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2086 else 2087 ni = vap->iv_bss; 2088 associd = (ni != NULL) ? ni->ni_associd : 0; 2089 2090 /* map net80211 cipher to RT2860 security mode */ 2091 switch (k->wk_cipher->ic_cipher) { 2092 case IEEE80211_CIPHER_WEP: 2093 if(k->wk_keylen < 8) 2094 mode = RT2860_MODE_WEP40; 2095 else 2096 mode = RT2860_MODE_WEP104; 2097 break; 2098 case IEEE80211_CIPHER_TKIP: 2099 mode = RT2860_MODE_TKIP; 2100 break; 2101 case IEEE80211_CIPHER_AES_CCM: 2102 mode = RT2860_MODE_AES_CCMP; 2103 break; 2104 default: 2105 DPRINTF("undefined case\n"); 2106 return; 2107 } 2108 2109 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2110 associd, k->wk_keyix, mode, 2111 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2112 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2113 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2114 2115 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2116 wcid = 0; /* NB: update WCID0 for group keys */ 2117 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2118 } else { 2119 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2120 1 : RUN_AID2WCID(associd); 2121 base = RT2860_PKEY(wcid); 2122 } 2123 2124 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2125 if(run_write_region_1(sc, base, k->wk_key, 16)) 2126 return; 2127 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2128 return; 2129 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2130 return; 2131 } else { 2132 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2133 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2134 return; 2135 } 2136 2137 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2138 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2139 /* set initial packet number in IV+EIV */ 2140 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2141 memset(iv, 0, sizeof iv); 2142 iv[3] = vap->iv_def_txkey << 6; 2143 } else { 2144 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2145 iv[0] = k->wk_keytsc >> 8; 2146 iv[1] = (iv[0] | 0x20) & 0x7f; 2147 iv[2] = k->wk_keytsc; 2148 } else /* CCMP */ { 2149 iv[0] = k->wk_keytsc; 2150 iv[1] = k->wk_keytsc >> 8; 2151 iv[2] = 0; 2152 } 2153 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2154 iv[4] = k->wk_keytsc >> 16; 2155 iv[5] = k->wk_keytsc >> 24; 2156 iv[6] = k->wk_keytsc >> 32; 2157 iv[7] = k->wk_keytsc >> 40; 2158 } 2159 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2160 return; 2161 } 2162 2163 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2164 /* install group key */ 2165 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2166 return; 2167 attr &= ~(0xf << (k->wk_keyix * 4)); 2168 attr |= mode << (k->wk_keyix * 4); 2169 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2170 return; 2171 } else { 2172 /* install pairwise key */ 2173 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2174 return; 2175 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2176 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2177 return; 2178 } 2179 2180 /* TODO create a pass-thru key entry? */ 2181 2182 /* need wcid to delete the right key later */ 2183 k->wk_pad = wcid; 2184} 2185 2186/* 2187 * Don't have to be deferred, but in order to keep order of 2188 * execution, i.e. with run_key_delete(), defer this and let 2189 * run_cmdq_cb() maintain the order. 2190 * 2191 * return 0 on error 2192 */ 2193static int 2194run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2195 const uint8_t mac[IEEE80211_ADDR_LEN]) 2196{ 2197 struct ieee80211com *ic = vap->iv_ic; 2198 struct run_softc *sc = ic->ic_ifp->if_softc; 2199 uint32_t i; 2200 2201 i = RUN_CMDQ_GET(&sc->cmdq_store); 2202 DPRINTF("cmdq_store=%d\n", i); 2203 sc->cmdq[i].func = run_key_set_cb; 2204 sc->cmdq[i].arg0 = NULL; 2205 sc->cmdq[i].arg1 = vap; 2206 sc->cmdq[i].k = k; 2207 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2208 ieee80211_runtask(ic, &sc->cmdq_task); 2209 2210 /* 2211 * To make sure key will be set when hostapd 2212 * calls iv_key_set() before if_init(). 2213 */ 2214 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2215 RUN_LOCK(sc); 2216 sc->cmdq_key_set = RUN_CMDQ_GO; 2217 RUN_UNLOCK(sc); 2218 } 2219 2220 return (1); 2221} 2222 2223/* 2224 * If wlan is destroyed without being brought down i.e. without 2225 * wlan down or wpa_cli terminate, this function is called after 2226 * vap is gone. Don't refer it. 2227 */ 2228static void 2229run_key_delete_cb(void *arg) 2230{ 2231 struct run_cmdq *cmdq = arg; 2232 struct run_softc *sc = cmdq->arg1; 2233 struct ieee80211_key *k = &cmdq->key; 2234 uint32_t attr; 2235 uint8_t wcid; 2236 2237 RUN_LOCK_ASSERT(sc, MA_OWNED); 2238 2239 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2240 /* remove group key */ 2241 DPRINTF("removing group key\n"); 2242 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2243 attr &= ~(0xf << (k->wk_keyix * 4)); 2244 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2245 } else { 2246 /* remove pairwise key */ 2247 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2248 /* matching wcid was written to wk_pad in run_key_set() */ 2249 wcid = k->wk_pad; 2250 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2251 attr &= ~0xf; 2252 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2253 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2254 } 2255 2256 k->wk_pad = 0; 2257} 2258 2259/* 2260 * return 0 on error 2261 */ 2262static int 2263run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2264{ 2265 struct ieee80211com *ic = vap->iv_ic; 2266 struct run_softc *sc = ic->ic_ifp->if_softc; 2267 struct ieee80211_key *k0; 2268 uint32_t i; 2269 2270 /* 2271 * When called back, key might be gone. So, make a copy 2272 * of some values need to delete keys before deferring. 2273 * But, because of LOR with node lock, cannot use lock here. 2274 * So, use atomic instead. 2275 */ 2276 i = RUN_CMDQ_GET(&sc->cmdq_store); 2277 DPRINTF("cmdq_store=%d\n", i); 2278 sc->cmdq[i].func = run_key_delete_cb; 2279 sc->cmdq[i].arg0 = NULL; 2280 sc->cmdq[i].arg1 = sc; 2281 k0 = &sc->cmdq[i].key; 2282 k0->wk_flags = k->wk_flags; 2283 k0->wk_keyix = k->wk_keyix; 2284 /* matching wcid was written to wk_pad in run_key_set() */ 2285 k0->wk_pad = k->wk_pad; 2286 ieee80211_runtask(ic, &sc->cmdq_task); 2287 return (1); /* return fake success */ 2288 2289} 2290 2291static void 2292run_ratectl_to(void *arg) 2293{ 2294 struct run_softc *sc = arg; 2295 2296 /* do it in a process context, so it can go sleep */ 2297 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2298 /* next timeout will be rescheduled in the callback task */ 2299} 2300 2301/* ARGSUSED */ 2302static void 2303run_ratectl_cb(void *arg, int pending) 2304{ 2305 struct run_softc *sc = arg; 2306 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2307 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2308 2309 if (vap == NULL) 2310 return; 2311 2312 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2313 run_iter_func(sc, vap->iv_bss); 2314 else { 2315 /* 2316 * run_reset_livelock() doesn't do anything with AMRR, 2317 * but Ralink wants us to call it every 1 sec. So, we 2318 * piggyback here rather than creating another callout. 2319 * Livelock may occur only in HOSTAP or IBSS mode 2320 * (when h/w is sending beacons). 2321 */ 2322 RUN_LOCK(sc); 2323 run_reset_livelock(sc); 2324 /* just in case, there are some stats to drain */ 2325 run_drain_fifo(sc); 2326 RUN_UNLOCK(sc); 2327 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2328 } 2329 2330 RUN_LOCK(sc); 2331 if(sc->ratectl_run != RUN_RATECTL_OFF) 2332 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2333 RUN_UNLOCK(sc); 2334} 2335 2336static void 2337run_drain_fifo(void *arg) 2338{ 2339 struct run_softc *sc = arg; 2340 struct ifnet *ifp = sc->sc_ifp; 2341 uint32_t stat; 2342 uint16_t (*wstat)[3]; 2343 uint8_t wcid, mcs, pid; 2344 int8_t retry; 2345 2346 RUN_LOCK_ASSERT(sc, MA_OWNED); 2347 2348 for (;;) { 2349 /* drain Tx status FIFO (maxsize = 16) */ 2350 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2351 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2352 if (!(stat & RT2860_TXQ_VLD)) 2353 break; 2354 2355 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2356 2357 /* if no ACK was requested, no feedback is available */ 2358 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2359 wcid == 0) 2360 continue; 2361 2362 /* 2363 * Even though each stat is Tx-complete-status like format, 2364 * the device can poll stats. Because there is no guarantee 2365 * that the referring node is still around when read the stats. 2366 * So that, if we use ieee80211_ratectl_tx_update(), we will 2367 * have hard time not to refer already freed node. 2368 * 2369 * To eliminate such page faults, we poll stats in softc. 2370 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2371 */ 2372 wstat = &(sc->wcid_stats[wcid]); 2373 (*wstat)[RUN_TXCNT]++; 2374 if (stat & RT2860_TXQ_OK) 2375 (*wstat)[RUN_SUCCESS]++; 2376 else 2377 ifp->if_oerrors++; 2378 /* 2379 * Check if there were retries, ie if the Tx success rate is 2380 * different from the requested rate. Note that it works only 2381 * because we do not allow rate fallback from OFDM to CCK. 2382 */ 2383 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2384 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2385 if ((retry = pid -1 - mcs) > 0) { 2386 (*wstat)[RUN_TXCNT] += retry; 2387 (*wstat)[RUN_RETRY] += retry; 2388 } 2389 } 2390 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2391 2392 sc->fifo_cnt = 0; 2393} 2394 2395static void 2396run_iter_func(void *arg, struct ieee80211_node *ni) 2397{ 2398 struct run_softc *sc = arg; 2399 struct ieee80211vap *vap = ni->ni_vap; 2400 struct ieee80211com *ic = ni->ni_ic; 2401 struct ifnet *ifp = ic->ic_ifp; 2402 struct run_node *rn = (void *)ni; 2403 union run_stats sta[2]; 2404 uint16_t (*wstat)[3]; 2405 int txcnt, success, retrycnt, error; 2406 2407 RUN_LOCK(sc); 2408 2409 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2410 vap->iv_opmode == IEEE80211_M_STA)) { 2411 /* read statistic counters (clear on read) and update AMRR state */ 2412 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2413 sizeof sta); 2414 if (error != 0) 2415 goto fail; 2416 2417 /* count failed TX as errors */ 2418 ifp->if_oerrors += le16toh(sta[0].error.fail); 2419 2420 retrycnt = le16toh(sta[1].tx.retry); 2421 success = le16toh(sta[1].tx.success); 2422 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2423 2424 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2425 retrycnt, success, le16toh(sta[0].error.fail)); 2426 } else { 2427 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2428 2429 if (wstat == &(sc->wcid_stats[0]) || 2430 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2431 goto fail; 2432 2433 txcnt = (*wstat)[RUN_TXCNT]; 2434 success = (*wstat)[RUN_SUCCESS]; 2435 retrycnt = (*wstat)[RUN_RETRY]; 2436 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2437 retrycnt, txcnt, success); 2438 2439 memset(wstat, 0, sizeof(*wstat)); 2440 } 2441 2442 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2443 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2444 2445fail: 2446 RUN_UNLOCK(sc); 2447 2448 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2449} 2450 2451static void 2452run_newassoc_cb(void *arg) 2453{ 2454 struct run_cmdq *cmdq = arg; 2455 struct ieee80211_node *ni = cmdq->arg1; 2456 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2457 uint8_t wcid = cmdq->wcid; 2458 2459 RUN_LOCK_ASSERT(sc, MA_OWNED); 2460 2461 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2462 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2463 2464 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2465} 2466 2467static void 2468run_newassoc(struct ieee80211_node *ni, int isnew) 2469{ 2470 struct run_node *rn = (void *)ni; 2471 struct ieee80211_rateset *rs = &ni->ni_rates; 2472 struct ieee80211vap *vap = ni->ni_vap; 2473 struct ieee80211com *ic = vap->iv_ic; 2474 struct run_softc *sc = ic->ic_ifp->if_softc; 2475 uint8_t rate; 2476 uint8_t ridx; 2477 uint8_t wcid; 2478 int i, j; 2479 2480 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2481 1 : RUN_AID2WCID(ni->ni_associd); 2482 2483 if (wcid > RT2870_WCID_MAX) { 2484 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2485 return; 2486 } 2487 2488 /* only interested in true associations */ 2489 if (isnew && ni->ni_associd != 0) { 2490 2491 /* 2492 * This function could is called though timeout function. 2493 * Need to defer. 2494 */ 2495 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2496 DPRINTF("cmdq_store=%d\n", cnt); 2497 sc->cmdq[cnt].func = run_newassoc_cb; 2498 sc->cmdq[cnt].arg0 = NULL; 2499 sc->cmdq[cnt].arg1 = ni; 2500 sc->cmdq[cnt].wcid = wcid; 2501 ieee80211_runtask(ic, &sc->cmdq_task); 2502 } 2503 2504 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2505 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2506 2507 for (i = 0; i < rs->rs_nrates; i++) { 2508 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2509 /* convert 802.11 rate to hardware rate index */ 2510 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2511 if (rt2860_rates[ridx].rate == rate) 2512 break; 2513 rn->ridx[i] = ridx; 2514 /* determine rate of control response frames */ 2515 for (j = i; j >= 0; j--) { 2516 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2517 rt2860_rates[rn->ridx[i]].phy == 2518 rt2860_rates[rn->ridx[j]].phy) 2519 break; 2520 } 2521 if (j >= 0) { 2522 rn->ctl_ridx[i] = rn->ridx[j]; 2523 } else { 2524 /* no basic rate found, use mandatory one */ 2525 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2526 } 2527 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2528 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2529 } 2530 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2531 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2532 if (rt2860_rates[ridx].rate == rate) 2533 break; 2534 rn->mgt_ridx = ridx; 2535 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2536 2537 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2538} 2539 2540/* 2541 * Return the Rx chain with the highest RSSI for a given frame. 2542 */ 2543static __inline uint8_t 2544run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2545{ 2546 uint8_t rxchain = 0; 2547 2548 if (sc->nrxchains > 1) { 2549 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2550 rxchain = 1; 2551 if (sc->nrxchains > 2) 2552 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2553 rxchain = 2; 2554 } 2555 return (rxchain); 2556} 2557 2558static void 2559run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2560{ 2561 struct ifnet *ifp = sc->sc_ifp; 2562 struct ieee80211com *ic = ifp->if_l2com; 2563 struct ieee80211_frame *wh; 2564 struct ieee80211_node *ni; 2565 struct rt2870_rxd *rxd; 2566 struct rt2860_rxwi *rxwi; 2567 uint32_t flags; 2568 uint16_t len, rxwisize; 2569 uint8_t ant, rssi; 2570 int8_t nf; 2571 2572 rxwi = mtod(m, struct rt2860_rxwi *); 2573 len = le16toh(rxwi->len) & 0xfff; 2574 rxwisize = (sc->mac_ver == 0x5592) ? 2575 sizeof(struct rt2860_rxwi) + sizeof(uint64_t) : 2576 sizeof(struct rt2860_rxwi); 2577 if (__predict_false(len > dmalen)) { 2578 m_freem(m); 2579 ifp->if_ierrors++; 2580 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2581 return; 2582 } 2583 /* Rx descriptor is located at the end */ 2584 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2585 flags = le32toh(rxd->flags); 2586 2587 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2588 m_freem(m); 2589 ifp->if_ierrors++; 2590 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2591 return; 2592 } 2593 2594 m->m_data += rxwisize; 2595 m->m_pkthdr.len = m->m_len -= rxwisize; 2596 2597 wh = mtod(m, struct ieee80211_frame *); 2598 2599 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2600 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2601 m->m_flags |= M_WEP; 2602 } 2603 2604 if (flags & RT2860_RX_L2PAD) { 2605 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2606 len += 2; 2607 } 2608 2609 ni = ieee80211_find_rxnode(ic, 2610 mtod(m, struct ieee80211_frame_min *)); 2611 2612 if (__predict_false(flags & RT2860_RX_MICERR)) { 2613 /* report MIC failures to net80211 for TKIP */ 2614 if (ni != NULL) 2615 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2616 rxwi->keyidx); 2617 m_freem(m); 2618 ifp->if_ierrors++; 2619 DPRINTF("MIC error. Someone is lying.\n"); 2620 return; 2621 } 2622 2623 ant = run_maxrssi_chain(sc, rxwi); 2624 rssi = rxwi->rssi[ant]; 2625 nf = run_rssi2dbm(sc, rssi, ant); 2626 2627 m->m_pkthdr.rcvif = ifp; 2628 m->m_pkthdr.len = m->m_len = len; 2629 2630 if (ni != NULL) { 2631 (void)ieee80211_input(ni, m, rssi, nf); 2632 ieee80211_free_node(ni); 2633 } else { 2634 (void)ieee80211_input_all(ic, m, rssi, nf); 2635 } 2636 2637 if (__predict_false(ieee80211_radiotap_active(ic))) { 2638 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2639 uint16_t phy; 2640 2641 tap->wr_flags = 0; 2642 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2643 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2644 tap->wr_antsignal = rssi; 2645 tap->wr_antenna = ant; 2646 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2647 tap->wr_rate = 2; /* in case it can't be found below */ 2648 phy = le16toh(rxwi->phy); 2649 switch (phy & RT2860_PHY_MODE) { 2650 case RT2860_PHY_CCK: 2651 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2652 case 0: tap->wr_rate = 2; break; 2653 case 1: tap->wr_rate = 4; break; 2654 case 2: tap->wr_rate = 11; break; 2655 case 3: tap->wr_rate = 22; break; 2656 } 2657 if (phy & RT2860_PHY_SHPRE) 2658 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2659 break; 2660 case RT2860_PHY_OFDM: 2661 switch (phy & RT2860_PHY_MCS) { 2662 case 0: tap->wr_rate = 12; break; 2663 case 1: tap->wr_rate = 18; break; 2664 case 2: tap->wr_rate = 24; break; 2665 case 3: tap->wr_rate = 36; break; 2666 case 4: tap->wr_rate = 48; break; 2667 case 5: tap->wr_rate = 72; break; 2668 case 6: tap->wr_rate = 96; break; 2669 case 7: tap->wr_rate = 108; break; 2670 } 2671 break; 2672 } 2673 } 2674} 2675 2676static void 2677run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2678{ 2679 struct run_softc *sc = usbd_xfer_softc(xfer); 2680 struct ifnet *ifp = sc->sc_ifp; 2681 struct mbuf *m = NULL; 2682 struct mbuf *m0; 2683 uint32_t dmalen; 2684 uint16_t rxwisize; 2685 int xferlen; 2686 2687 rxwisize = (sc->mac_ver == 0x5592) ? 2688 sizeof(struct rt2860_rxwi) + sizeof(uint64_t) : 2689 sizeof(struct rt2860_rxwi); 2690 2691 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2692 2693 switch (USB_GET_STATE(xfer)) { 2694 case USB_ST_TRANSFERRED: 2695 2696 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2697 2698 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2699 sizeof(struct rt2870_rxd))) { 2700 DPRINTF("xfer too short %d\n", xferlen); 2701 goto tr_setup; 2702 } 2703 2704 m = sc->rx_m; 2705 sc->rx_m = NULL; 2706 2707 /* FALLTHROUGH */ 2708 case USB_ST_SETUP: 2709tr_setup: 2710 if (sc->rx_m == NULL) { 2711 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2712 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2713 } 2714 if (sc->rx_m == NULL) { 2715 DPRINTF("could not allocate mbuf - idle with stall\n"); 2716 ifp->if_ierrors++; 2717 usbd_xfer_set_stall(xfer); 2718 usbd_xfer_set_frames(xfer, 0); 2719 } else { 2720 /* 2721 * Directly loading a mbuf cluster into DMA to 2722 * save some data copying. This works because 2723 * there is only one cluster. 2724 */ 2725 usbd_xfer_set_frame_data(xfer, 0, 2726 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2727 usbd_xfer_set_frames(xfer, 1); 2728 } 2729 usbd_transfer_submit(xfer); 2730 break; 2731 2732 default: /* Error */ 2733 if (error != USB_ERR_CANCELLED) { 2734 /* try to clear stall first */ 2735 usbd_xfer_set_stall(xfer); 2736 2737 if (error == USB_ERR_TIMEOUT) 2738 device_printf(sc->sc_dev, "device timeout\n"); 2739 2740 ifp->if_ierrors++; 2741 2742 goto tr_setup; 2743 } 2744 if (sc->rx_m != NULL) { 2745 m_freem(sc->rx_m); 2746 sc->rx_m = NULL; 2747 } 2748 break; 2749 } 2750 2751 if (m == NULL) 2752 return; 2753 2754 /* inputting all the frames must be last */ 2755 2756 RUN_UNLOCK(sc); 2757 2758 m->m_pkthdr.len = m->m_len = xferlen; 2759 2760 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2761 for(;;) { 2762 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2763 2764 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2765 ((dmalen & 3) != 0)) { 2766 DPRINTF("bad DMA length %u\n", dmalen); 2767 break; 2768 } 2769 if ((dmalen + 8) > (uint32_t)xferlen) { 2770 DPRINTF("bad DMA length %u > %d\n", 2771 dmalen + 8, xferlen); 2772 break; 2773 } 2774 2775 /* If it is the last one or a single frame, we won't copy. */ 2776 if ((xferlen -= dmalen + 8) <= 8) { 2777 /* trim 32-bit DMA-len header */ 2778 m->m_data += 4; 2779 m->m_pkthdr.len = m->m_len -= 4; 2780 run_rx_frame(sc, m, dmalen); 2781 m = NULL; /* don't free source buffer */ 2782 break; 2783 } 2784 2785 /* copy aggregated frames to another mbuf */ 2786 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2787 if (__predict_false(m0 == NULL)) { 2788 DPRINTF("could not allocate mbuf\n"); 2789 ifp->if_ierrors++; 2790 break; 2791 } 2792 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2793 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2794 m0->m_pkthdr.len = m0->m_len = 2795 dmalen + sizeof(struct rt2870_rxd); 2796 run_rx_frame(sc, m0, dmalen); 2797 2798 /* update data ptr */ 2799 m->m_data += dmalen + 8; 2800 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2801 } 2802 2803 /* make sure we free the source buffer, if any */ 2804 m_freem(m); 2805 2806 RUN_LOCK(sc); 2807} 2808 2809static void 2810run_tx_free(struct run_endpoint_queue *pq, 2811 struct run_tx_data *data, int txerr) 2812{ 2813 if (data->m != NULL) { 2814 if (data->m->m_flags & M_TXCB) 2815 ieee80211_process_callback(data->ni, data->m, 2816 txerr ? ETIMEDOUT : 0); 2817 m_freem(data->m); 2818 data->m = NULL; 2819 2820 if (data->ni == NULL) { 2821 DPRINTF("no node\n"); 2822 } else { 2823 ieee80211_free_node(data->ni); 2824 data->ni = NULL; 2825 } 2826 } 2827 2828 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2829 pq->tx_nfree++; 2830} 2831 2832static void 2833run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 2834{ 2835 struct run_softc *sc = usbd_xfer_softc(xfer); 2836 struct ifnet *ifp = sc->sc_ifp; 2837 struct ieee80211com *ic = ifp->if_l2com; 2838 struct run_tx_data *data; 2839 struct ieee80211vap *vap = NULL; 2840 struct usb_page_cache *pc; 2841 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2842 struct mbuf *m; 2843 usb_frlength_t size; 2844 int actlen; 2845 int sumlen; 2846 2847 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2848 2849 switch (USB_GET_STATE(xfer)) { 2850 case USB_ST_TRANSFERRED: 2851 DPRINTFN(11, "transfer complete: %d " 2852 "bytes @ index %d\n", actlen, index); 2853 2854 data = usbd_xfer_get_priv(xfer); 2855 2856 run_tx_free(pq, data, 0); 2857 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2858 2859 usbd_xfer_set_priv(xfer, NULL); 2860 2861 ifp->if_opackets++; 2862 2863 /* FALLTHROUGH */ 2864 case USB_ST_SETUP: 2865tr_setup: 2866 data = STAILQ_FIRST(&pq->tx_qh); 2867 if (data == NULL) 2868 break; 2869 2870 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2871 2872 m = data->m; 2873 size = (sc->mac_ver == 0x5592) ? 2874 RUN_MAX_TXSZ + sizeof(uint32_t) : RUN_MAX_TXSZ; 2875 if ((m->m_pkthdr.len + 2876 sizeof(data->desc) + 3 + 8) > size) { 2877 DPRINTF("data overflow, %u bytes\n", 2878 m->m_pkthdr.len); 2879 2880 ifp->if_oerrors++; 2881 2882 run_tx_free(pq, data, 1); 2883 2884 goto tr_setup; 2885 } 2886 2887 pc = usbd_xfer_get_frame(xfer, 0); 2888 size = (sc->mac_ver == 0x5592) ? 2889 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 2890 usbd_copy_in(pc, 0, &data->desc, size); 2891 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2892 size += m->m_pkthdr.len; 2893 /* 2894 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 2895 * 4-byte padding), and be sure to zero those trailing 2896 * bytes: 2897 */ 2898 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 2899 size += ((-size) & 3) + 8; 2900 2901 vap = data->ni->ni_vap; 2902 if (ieee80211_radiotap_active_vap(vap)) { 2903 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2904 struct rt2860_txwi *txwi = 2905 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2906 tap->wt_flags = 0; 2907 tap->wt_rate = rt2860_rates[data->ridx].rate; 2908 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 2909 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 2910 tap->wt_hwqueue = index; 2911 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2912 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2913 2914 ieee80211_radiotap_tx(vap, m); 2915 } 2916 2917 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 2918 m->m_pkthdr.len, size, index); 2919 2920 usbd_xfer_set_frame_len(xfer, 0, size); 2921 usbd_xfer_set_priv(xfer, data); 2922 2923 usbd_transfer_submit(xfer); 2924 2925 RUN_UNLOCK(sc); 2926 run_start(ifp); 2927 RUN_LOCK(sc); 2928 2929 break; 2930 2931 default: 2932 DPRINTF("USB transfer error, %s\n", 2933 usbd_errstr(error)); 2934 2935 data = usbd_xfer_get_priv(xfer); 2936 2937 ifp->if_oerrors++; 2938 2939 if (data != NULL) { 2940 if(data->ni != NULL) 2941 vap = data->ni->ni_vap; 2942 run_tx_free(pq, data, error); 2943 usbd_xfer_set_priv(xfer, NULL); 2944 } 2945 if (vap == NULL) 2946 vap = TAILQ_FIRST(&ic->ic_vaps); 2947 2948 if (error != USB_ERR_CANCELLED) { 2949 if (error == USB_ERR_TIMEOUT) { 2950 device_printf(sc->sc_dev, "device timeout\n"); 2951 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2952 DPRINTF("cmdq_store=%d\n", i); 2953 sc->cmdq[i].func = run_usb_timeout_cb; 2954 sc->cmdq[i].arg0 = vap; 2955 ieee80211_runtask(ic, &sc->cmdq_task); 2956 } 2957 2958 /* 2959 * Try to clear stall first, also if other 2960 * errors occur, hence clearing stall 2961 * introduces a 50 ms delay: 2962 */ 2963 usbd_xfer_set_stall(xfer); 2964 goto tr_setup; 2965 } 2966 break; 2967 } 2968} 2969 2970static void 2971run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 2972{ 2973 run_bulk_tx_callbackN(xfer, error, 0); 2974} 2975 2976static void 2977run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 2978{ 2979 run_bulk_tx_callbackN(xfer, error, 1); 2980} 2981 2982static void 2983run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 2984{ 2985 run_bulk_tx_callbackN(xfer, error, 2); 2986} 2987 2988static void 2989run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 2990{ 2991 run_bulk_tx_callbackN(xfer, error, 3); 2992} 2993 2994static void 2995run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 2996{ 2997 run_bulk_tx_callbackN(xfer, error, 4); 2998} 2999 3000static void 3001run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3002{ 3003 run_bulk_tx_callbackN(xfer, error, 5); 3004} 3005 3006static void 3007run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3008{ 3009 struct mbuf *m = data->m; 3010 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3011 struct ieee80211vap *vap = data->ni->ni_vap; 3012 struct ieee80211_frame *wh; 3013 struct rt2870_txd *txd; 3014 struct rt2860_txwi *txwi; 3015 uint16_t xferlen, txwisize; 3016 uint16_t mcs; 3017 uint8_t ridx = data->ridx; 3018 uint8_t pad; 3019 3020 /* get MCS code from rate index */ 3021 mcs = rt2860_rates[ridx].mcs; 3022 3023 txwisize = (sc->mac_ver == 0x5592) ? 3024 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3025 xferlen = txwisize + m->m_pkthdr.len; 3026 3027 /* roundup to 32-bit alignment */ 3028 xferlen = (xferlen + 3) & ~3; 3029 3030 txd = (struct rt2870_txd *)&data->desc; 3031 txd->len = htole16(xferlen); 3032 3033 wh = mtod(m, struct ieee80211_frame *); 3034 3035 /* 3036 * Ether both are true or both are false, the header 3037 * are nicely aligned to 32-bit. So, no L2 padding. 3038 */ 3039 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3040 pad = 0; 3041 else 3042 pad = 2; 3043 3044 /* setup TX Wireless Information */ 3045 txwi = (struct rt2860_txwi *)(txd + 1); 3046 txwi->len = htole16(m->m_pkthdr.len - pad); 3047 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3048 txwi->phy = htole16(RT2860_PHY_CCK); 3049 if (ridx != RT2860_RIDX_CCK1 && 3050 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3051 mcs |= RT2860_PHY_SHPRE; 3052 } else 3053 txwi->phy = htole16(RT2860_PHY_OFDM); 3054 txwi->phy |= htole16(mcs); 3055 3056 /* check if RTS/CTS or CTS-to-self protection is required */ 3057 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3058 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3059 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3060 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3061 txwi->txop |= RT2860_TX_TXOP_HT; 3062 else 3063 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3064 3065 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3066 txwi->xflags |= RT2860_TX_NSEQ; 3067} 3068 3069/* This function must be called locked */ 3070static int 3071run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3072{ 3073 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3074 struct ieee80211vap *vap = ni->ni_vap; 3075 struct ieee80211_frame *wh; 3076 struct ieee80211_channel *chan; 3077 const struct ieee80211_txparam *tp; 3078 struct run_node *rn = (void *)ni; 3079 struct run_tx_data *data; 3080 struct rt2870_txd *txd; 3081 struct rt2860_txwi *txwi; 3082 uint16_t qos; 3083 uint16_t dur; 3084 uint16_t qid; 3085 uint8_t type; 3086 uint8_t tid; 3087 uint8_t ridx; 3088 uint8_t ctl_ridx; 3089 uint8_t qflags; 3090 uint8_t xflags = 0; 3091 int hasqos; 3092 3093 RUN_LOCK_ASSERT(sc, MA_OWNED); 3094 3095 wh = mtod(m, struct ieee80211_frame *); 3096 3097 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3098 3099 /* 3100 * There are 7 bulk endpoints: 1 for RX 3101 * and 6 for TX (4 EDCAs + HCCA + Prio). 3102 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3103 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3104 */ 3105 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3106 uint8_t *frm; 3107 3108 if(IEEE80211_HAS_ADDR4(wh)) 3109 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3110 else 3111 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3112 3113 qos = le16toh(*(const uint16_t *)frm); 3114 tid = qos & IEEE80211_QOS_TID; 3115 qid = TID_TO_WME_AC(tid); 3116 } else { 3117 qos = 0; 3118 tid = 0; 3119 qid = WME_AC_BE; 3120 } 3121 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3122 3123 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3124 qos, qid, tid, qflags); 3125 3126 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3127 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3128 3129 /* pickup a rate index */ 3130 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3131 type != IEEE80211_FC0_TYPE_DATA) { 3132 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3133 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3134 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3135 } else { 3136 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3137 ridx = rn->fix_ridx; 3138 else 3139 ridx = rn->amrr_ridx; 3140 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3141 } 3142 3143 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3144 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3145 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3146 xflags |= RT2860_TX_ACK; 3147 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3148 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3149 else 3150 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3151 USETW(wh->i_dur, dur); 3152 } 3153 3154 /* reserve slots for mgmt packets, just in case */ 3155 if (sc->sc_epq[qid].tx_nfree < 3) { 3156 DPRINTFN(10, "tx ring %d is full\n", qid); 3157 return (-1); 3158 } 3159 3160 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3161 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3162 sc->sc_epq[qid].tx_nfree--; 3163 3164 txd = (struct rt2870_txd *)&data->desc; 3165 txd->flags = qflags; 3166 txwi = (struct rt2860_txwi *)(txd + 1); 3167 txwi->xflags = xflags; 3168 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3169 txwi->wcid = 0; 3170 else 3171 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3172 1 : RUN_AID2WCID(ni->ni_associd); 3173 3174 /* clear leftover garbage bits */ 3175 txwi->flags = 0; 3176 txwi->txop = 0; 3177 3178 data->m = m; 3179 data->ni = ni; 3180 data->ridx = ridx; 3181 3182 run_set_tx_desc(sc, data); 3183 3184 /* 3185 * The chip keeps track of 2 kind of Tx stats, 3186 * * TX_STAT_FIFO, for per WCID stats, and 3187 * * TX_STA_CNT0 for all-TX-in-one stats. 3188 * 3189 * To use FIFO stats, we need to store MCS into the driver-private 3190 * PacketID field. So that, we can tell whose stats when we read them. 3191 * We add 1 to the MCS because setting the PacketID field to 0 means 3192 * that we don't want feedback in TX_STAT_FIFO. 3193 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3194 * 3195 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3196 */ 3197 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3198 vap->iv_opmode == IEEE80211_M_MBSS) { 3199 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3200 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3201 3202 /* 3203 * Unlike PCI based devices, we don't get any interrupt from 3204 * USB devices, so we simulate FIFO-is-full interrupt here. 3205 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3206 * quickly get fulled. To prevent overflow, increment a counter on 3207 * every FIFO stat request, so we know how many slots are left. 3208 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3209 * are used only in those modes. 3210 * We just drain stats. AMRR gets updated every 1 sec by 3211 * run_ratectl_cb() via callout. 3212 * Call it early. Otherwise overflow. 3213 */ 3214 if (sc->fifo_cnt++ == 10) { 3215 /* 3216 * With multiple vaps or if_bridge, if_start() is called 3217 * with a non-sleepable lock, tcpinp. So, need to defer. 3218 */ 3219 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3220 DPRINTFN(6, "cmdq_store=%d\n", i); 3221 sc->cmdq[i].func = run_drain_fifo; 3222 sc->cmdq[i].arg0 = sc; 3223 ieee80211_runtask(ic, &sc->cmdq_task); 3224 } 3225 } 3226 3227 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3228 3229 usbd_transfer_start(sc->sc_xfer[qid]); 3230 3231 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3232 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3233 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3234 3235 return (0); 3236} 3237 3238static int 3239run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3240{ 3241 struct ifnet *ifp = sc->sc_ifp; 3242 struct ieee80211com *ic = ifp->if_l2com; 3243 struct run_node *rn = (void *)ni; 3244 struct run_tx_data *data; 3245 struct ieee80211_frame *wh; 3246 struct rt2870_txd *txd; 3247 struct rt2860_txwi *txwi; 3248 uint16_t dur; 3249 uint8_t ridx = rn->mgt_ridx; 3250 uint8_t type; 3251 uint8_t xflags = 0; 3252 uint8_t wflags = 0; 3253 3254 RUN_LOCK_ASSERT(sc, MA_OWNED); 3255 3256 wh = mtod(m, struct ieee80211_frame *); 3257 3258 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3259 3260 /* tell hardware to add timestamp for probe responses */ 3261 if ((wh->i_fc[0] & 3262 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3263 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3264 wflags |= RT2860_TX_TS; 3265 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3266 xflags |= RT2860_TX_ACK; 3267 3268 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3269 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3270 USETW(wh->i_dur, dur); 3271 } 3272 3273 if (sc->sc_epq[0].tx_nfree == 0) { 3274 /* let caller free mbuf */ 3275 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3276 return (EIO); 3277 } 3278 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3279 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3280 sc->sc_epq[0].tx_nfree--; 3281 3282 txd = (struct rt2870_txd *)&data->desc; 3283 txd->flags = RT2860_TX_QSEL_EDCA; 3284 txwi = (struct rt2860_txwi *)(txd + 1); 3285 txwi->wcid = 0xff; 3286 txwi->flags = wflags; 3287 txwi->xflags = xflags; 3288 txwi->txop = 0; /* clear leftover garbage bits */ 3289 3290 data->m = m; 3291 data->ni = ni; 3292 data->ridx = ridx; 3293 3294 run_set_tx_desc(sc, data); 3295 3296 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3297 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3298 rt2860_rates[ridx].rate); 3299 3300 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3301 3302 usbd_transfer_start(sc->sc_xfer[0]); 3303 3304 return (0); 3305} 3306 3307static int 3308run_sendprot(struct run_softc *sc, 3309 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3310{ 3311 struct ieee80211com *ic = ni->ni_ic; 3312 struct ieee80211_frame *wh; 3313 struct run_tx_data *data; 3314 struct rt2870_txd *txd; 3315 struct rt2860_txwi *txwi; 3316 struct mbuf *mprot; 3317 int ridx; 3318 int protrate; 3319 int ackrate; 3320 int pktlen; 3321 int isshort; 3322 uint16_t dur; 3323 uint8_t type; 3324 uint8_t wflags = 0; 3325 uint8_t xflags = 0; 3326 3327 RUN_LOCK_ASSERT(sc, MA_OWNED); 3328 3329 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3330 ("protection %d", prot)); 3331 3332 wh = mtod(m, struct ieee80211_frame *); 3333 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3334 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3335 3336 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3337 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3338 3339 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3340 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3341 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3342 wflags = RT2860_TX_FRAG; 3343 3344 /* check that there are free slots before allocating the mbuf */ 3345 if (sc->sc_epq[0].tx_nfree == 0) { 3346 /* let caller free mbuf */ 3347 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3348 return (ENOBUFS); 3349 } 3350 3351 if (prot == IEEE80211_PROT_RTSCTS) { 3352 /* NB: CTS is the same size as an ACK */ 3353 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3354 xflags |= RT2860_TX_ACK; 3355 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3356 } else { 3357 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3358 } 3359 if (mprot == NULL) { 3360 sc->sc_ifp->if_oerrors++; 3361 DPRINTF("could not allocate mbuf\n"); 3362 return (ENOBUFS); 3363 } 3364 3365 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3366 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3367 sc->sc_epq[0].tx_nfree--; 3368 3369 txd = (struct rt2870_txd *)&data->desc; 3370 txd->flags = RT2860_TX_QSEL_EDCA; 3371 txwi = (struct rt2860_txwi *)(txd + 1); 3372 txwi->wcid = 0xff; 3373 txwi->flags = wflags; 3374 txwi->xflags = xflags; 3375 txwi->txop = 0; /* clear leftover garbage bits */ 3376 3377 data->m = mprot; 3378 data->ni = ieee80211_ref_node(ni); 3379 3380 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3381 if (rt2860_rates[ridx].rate == protrate) 3382 break; 3383 data->ridx = ridx; 3384 3385 run_set_tx_desc(sc, data); 3386 3387 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3388 m->m_pkthdr.len, rate); 3389 3390 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3391 3392 usbd_transfer_start(sc->sc_xfer[0]); 3393 3394 return (0); 3395} 3396 3397static int 3398run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3399 const struct ieee80211_bpf_params *params) 3400{ 3401 struct ieee80211com *ic = ni->ni_ic; 3402 struct ieee80211_frame *wh; 3403 struct run_tx_data *data; 3404 struct rt2870_txd *txd; 3405 struct rt2860_txwi *txwi; 3406 uint8_t type; 3407 uint8_t ridx; 3408 uint8_t rate; 3409 uint8_t opflags = 0; 3410 uint8_t xflags = 0; 3411 int error; 3412 3413 RUN_LOCK_ASSERT(sc, MA_OWNED); 3414 3415 KASSERT(params != NULL, ("no raw xmit params")); 3416 3417 wh = mtod(m, struct ieee80211_frame *); 3418 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3419 3420 rate = params->ibp_rate0; 3421 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3422 /* let caller free mbuf */ 3423 return (EINVAL); 3424 } 3425 3426 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3427 xflags |= RT2860_TX_ACK; 3428 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3429 error = run_sendprot(sc, m, ni, 3430 params->ibp_flags & IEEE80211_BPF_RTS ? 3431 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3432 rate); 3433 if (error) { 3434 /* let caller free mbuf */ 3435 return error; 3436 } 3437 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3438 } 3439 3440 if (sc->sc_epq[0].tx_nfree == 0) { 3441 /* let caller free mbuf */ 3442 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3443 DPRINTF("sending raw frame, but tx ring is full\n"); 3444 return (EIO); 3445 } 3446 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3447 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3448 sc->sc_epq[0].tx_nfree--; 3449 3450 txd = (struct rt2870_txd *)&data->desc; 3451 txd->flags = RT2860_TX_QSEL_EDCA; 3452 txwi = (struct rt2860_txwi *)(txd + 1); 3453 txwi->wcid = 0xff; 3454 txwi->xflags = xflags; 3455 txwi->txop = opflags; 3456 txwi->flags = 0; /* clear leftover garbage bits */ 3457 3458 data->m = m; 3459 data->ni = ni; 3460 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3461 if (rt2860_rates[ridx].rate == rate) 3462 break; 3463 data->ridx = ridx; 3464 3465 run_set_tx_desc(sc, data); 3466 3467 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3468 m->m_pkthdr.len, rate); 3469 3470 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3471 3472 usbd_transfer_start(sc->sc_xfer[0]); 3473 3474 return (0); 3475} 3476 3477static int 3478run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3479 const struct ieee80211_bpf_params *params) 3480{ 3481 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3482 struct run_softc *sc = ifp->if_softc; 3483 int error = 0; 3484 3485 RUN_LOCK(sc); 3486 3487 /* prevent management frames from being sent if we're not ready */ 3488 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3489 error = ENETDOWN; 3490 goto done; 3491 } 3492 3493 if (params == NULL) { 3494 /* tx mgt packet */ 3495 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3496 ifp->if_oerrors++; 3497 DPRINTF("mgt tx failed\n"); 3498 goto done; 3499 } 3500 } else { 3501 /* tx raw packet with param */ 3502 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3503 ifp->if_oerrors++; 3504 DPRINTF("tx with param failed\n"); 3505 goto done; 3506 } 3507 } 3508 3509 ifp->if_opackets++; 3510 3511done: 3512 RUN_UNLOCK(sc); 3513 3514 if (error != 0) { 3515 if(m != NULL) 3516 m_freem(m); 3517 ieee80211_free_node(ni); 3518 } 3519 3520 return (error); 3521} 3522 3523static void 3524run_start(struct ifnet *ifp) 3525{ 3526 struct run_softc *sc = ifp->if_softc; 3527 struct ieee80211_node *ni; 3528 struct mbuf *m; 3529 3530 RUN_LOCK(sc); 3531 3532 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3533 RUN_UNLOCK(sc); 3534 return; 3535 } 3536 3537 for (;;) { 3538 /* send data frames */ 3539 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3540 if (m == NULL) 3541 break; 3542 3543 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3544 if (run_tx(sc, m, ni) != 0) { 3545 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3546 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3547 break; 3548 } 3549 } 3550 3551 RUN_UNLOCK(sc); 3552} 3553 3554static int 3555run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3556{ 3557 struct run_softc *sc = ifp->if_softc; 3558 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3559 struct ifreq *ifr = (struct ifreq *) data; 3560 int startall = 0; 3561 int error; 3562 3563 RUN_LOCK(sc); 3564 error = sc->sc_detached ? ENXIO : 0; 3565 RUN_UNLOCK(sc); 3566 if (error) 3567 return (error); 3568 3569 switch (cmd) { 3570 case SIOCSIFFLAGS: 3571 RUN_LOCK(sc); 3572 if (ifp->if_flags & IFF_UP) { 3573 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3574 startall = 1; 3575 run_init_locked(sc); 3576 } else 3577 run_update_promisc_locked(ifp); 3578 } else { 3579 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3580 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3581 run_stop(sc); 3582 } 3583 } 3584 RUN_UNLOCK(sc); 3585 if (startall) 3586 ieee80211_start_all(ic); 3587 break; 3588 case SIOCGIFMEDIA: 3589 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3590 break; 3591 case SIOCGIFADDR: 3592 error = ether_ioctl(ifp, cmd, data); 3593 break; 3594 default: 3595 error = EINVAL; 3596 break; 3597 } 3598 3599 return (error); 3600} 3601 3602static void 3603run_set_agc(struct run_softc *sc, uint8_t agc) 3604{ 3605 uint8_t bbp; 3606 3607 if (sc->mac_ver == 0x3572) { 3608 run_bbp_read(sc, 27, &bbp); 3609 bbp &= ~(0x3 << 5); 3610 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3611 run_bbp_write(sc, 66, agc); 3612 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3613 run_bbp_write(sc, 66, agc); 3614 } else 3615 run_bbp_write(sc, 66, agc); 3616} 3617 3618static void 3619run_select_chan_group(struct run_softc *sc, int group) 3620{ 3621 uint32_t tmp; 3622 uint8_t agc; 3623 3624 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3625 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3626 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3627 if (sc->mac_ver < 0x3572) 3628 run_bbp_write(sc, 86, 0x00); 3629 3630 if (group == 0) { 3631 if (sc->ext_2ghz_lna) { 3632 if (sc->mac_ver >= 0x5390) 3633 run_bbp_write(sc, 75, 0x52); 3634 else { 3635 run_bbp_write(sc, 82, 0x62); 3636 run_bbp_write(sc, 75, 0x46); 3637 } 3638 } else { 3639 if (sc->mac_ver == 0x5592) { 3640 run_bbp_write(sc, 79, 0x1c); 3641 run_bbp_write(sc, 80, 0x0e); 3642 run_bbp_write(sc, 81, 0x3a); 3643 run_bbp_write(sc, 82, 0x62); 3644 3645 run_bbp_write(sc, 195, 0x80); 3646 run_bbp_write(sc, 196, 0xe0); 3647 run_bbp_write(sc, 195, 0x81); 3648 run_bbp_write(sc, 196, 0x1f); 3649 run_bbp_write(sc, 195, 0x82); 3650 run_bbp_write(sc, 196, 0x38); 3651 run_bbp_write(sc, 195, 0x83); 3652 run_bbp_write(sc, 196, 0x32); 3653 run_bbp_write(sc, 195, 0x85); 3654 run_bbp_write(sc, 196, 0x28); 3655 run_bbp_write(sc, 195, 0x86); 3656 run_bbp_write(sc, 196, 0x19); 3657 } else if (sc->mac_ver >= 0x5390) 3658 run_bbp_write(sc, 75, 0x50); 3659 else { 3660 run_bbp_write(sc, 82, 0x84); 3661 run_bbp_write(sc, 75, 0x50); 3662 } 3663 } 3664 } else { 3665 if (sc->mac_ver == 0x5592) { 3666 run_bbp_write(sc, 79, 0x18); 3667 run_bbp_write(sc, 80, 0x08); 3668 run_bbp_write(sc, 81, 0x38); 3669 run_bbp_write(sc, 82, 0x92); 3670 3671 run_bbp_write(sc, 195, 0x80); 3672 run_bbp_write(sc, 196, 0xf0); 3673 run_bbp_write(sc, 195, 0x81); 3674 run_bbp_write(sc, 196, 0x1e); 3675 run_bbp_write(sc, 195, 0x82); 3676 run_bbp_write(sc, 196, 0x28); 3677 run_bbp_write(sc, 195, 0x83); 3678 run_bbp_write(sc, 196, 0x20); 3679 run_bbp_write(sc, 195, 0x85); 3680 run_bbp_write(sc, 196, 0x7f); 3681 run_bbp_write(sc, 195, 0x86); 3682 run_bbp_write(sc, 196, 0x7f); 3683 } else if (sc->mac_ver == 0x3572) 3684 run_bbp_write(sc, 82, 0x94); 3685 else 3686 run_bbp_write(sc, 82, 0xf2); 3687 if (sc->ext_5ghz_lna) 3688 run_bbp_write(sc, 75, 0x46); 3689 else 3690 run_bbp_write(sc, 75, 0x50); 3691 } 3692 3693 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3694 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3695 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3696 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3697 3698 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3699 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3700 if (sc->nrxchains > 1) 3701 tmp |= RT2860_LNA_PE1_EN; 3702 if (group == 0) { /* 2GHz */ 3703 tmp |= RT2860_PA_PE_G0_EN; 3704 if (sc->ntxchains > 1) 3705 tmp |= RT2860_PA_PE_G1_EN; 3706 } else { /* 5GHz */ 3707 tmp |= RT2860_PA_PE_A0_EN; 3708 if (sc->ntxchains > 1) 3709 tmp |= RT2860_PA_PE_A1_EN; 3710 } 3711 if (sc->mac_ver == 0x3572) { 3712 run_rt3070_rf_write(sc, 8, 0x00); 3713 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3714 run_rt3070_rf_write(sc, 8, 0x80); 3715 } else 3716 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3717 3718 if (sc->mac_ver == 0x5592) { 3719 run_bbp_write(sc, 195, 0x8d); 3720 run_bbp_write(sc, 196, 0x1a); 3721 } 3722 3723 /* set initial AGC value */ 3724 if (group == 0) { /* 2GHz band */ 3725 if (sc->mac_ver >= 0x3070) 3726 agc = 0x1c + sc->lna[0] * 2; 3727 else 3728 agc = 0x2e + sc->lna[0]; 3729 } else { /* 5GHz band */ 3730 if (sc->mac_ver == 0x5592) 3731 agc = 0x24 + sc->lna[group] * 2; 3732 else if (sc->mac_ver == 0x3572) 3733 agc = 0x22 + (sc->lna[group] * 5) / 3; 3734 else 3735 agc = 0x32 + (sc->lna[group] * 5) / 3; 3736 } 3737 run_set_agc(sc, agc); 3738} 3739 3740static void 3741run_rt2870_set_chan(struct run_softc *sc, u_int chan) 3742{ 3743 const struct rfprog *rfprog = rt2860_rf2850; 3744 uint32_t r2, r3, r4; 3745 int8_t txpow1, txpow2; 3746 int i; 3747 3748 /* find the settings for this channel (we know it exists) */ 3749 for (i = 0; rfprog[i].chan != chan; i++); 3750 3751 r2 = rfprog[i].r2; 3752 if (sc->ntxchains == 1) 3753 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 3754 if (sc->nrxchains == 1) 3755 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 3756 else if (sc->nrxchains == 2) 3757 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 3758 3759 /* use Tx power values from EEPROM */ 3760 txpow1 = sc->txpow1[i]; 3761 txpow2 = sc->txpow2[i]; 3762 3763 /* Initialize RF R3 and R4. */ 3764 r3 = rfprog[i].r3 & 0xffffc1ff; 3765 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 3766 if (chan > 14) { 3767 if (txpow1 >= 0) { 3768 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 3769 r3 |= (txpow1 << 10) | (1 << 9); 3770 } else { 3771 txpow1 += 7; 3772 3773 /* txpow1 is not possible larger than 15. */ 3774 r3 |= (txpow1 << 10); 3775 } 3776 if (txpow2 >= 0) { 3777 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 3778 r4 |= (txpow2 << 7) | (1 << 6); 3779 } else { 3780 txpow2 += 7; 3781 r4 |= (txpow2 << 7); 3782 } 3783 } else { 3784 /* Set Tx0 power. */ 3785 r3 |= (txpow1 << 9); 3786 3787 /* Set frequency offset and Tx1 power. */ 3788 r4 |= (txpow2 << 6); 3789 } 3790 3791 run_rt2870_rf_write(sc, rfprog[i].r1); 3792 run_rt2870_rf_write(sc, r2); 3793 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 3794 run_rt2870_rf_write(sc, r4); 3795 3796 run_delay(sc, 10); 3797 3798 run_rt2870_rf_write(sc, rfprog[i].r1); 3799 run_rt2870_rf_write(sc, r2); 3800 run_rt2870_rf_write(sc, r3 | (1 << 2)); 3801 run_rt2870_rf_write(sc, r4); 3802 3803 run_delay(sc, 10); 3804 3805 run_rt2870_rf_write(sc, rfprog[i].r1); 3806 run_rt2870_rf_write(sc, r2); 3807 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 3808 run_rt2870_rf_write(sc, r4); 3809} 3810 3811static void 3812run_rt3070_set_chan(struct run_softc *sc, u_int chan) 3813{ 3814 int8_t txpow1, txpow2; 3815 uint8_t rf; 3816 int i; 3817 3818 /* find the settings for this channel (we know it exists) */ 3819 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3820 3821 /* use Tx power values from EEPROM */ 3822 txpow1 = sc->txpow1[i]; 3823 txpow2 = sc->txpow2[i]; 3824 3825 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3826 3827 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 3828 run_rt3070_rf_read(sc, 3, &rf); 3829 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 3830 run_rt3070_rf_write(sc, 3, rf); 3831 3832 run_rt3070_rf_read(sc, 6, &rf); 3833 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3834 run_rt3070_rf_write(sc, 6, rf); 3835 3836 /* set Tx0 power */ 3837 run_rt3070_rf_read(sc, 12, &rf); 3838 rf = (rf & ~0x1f) | txpow1; 3839 run_rt3070_rf_write(sc, 12, rf); 3840 3841 /* set Tx1 power */ 3842 run_rt3070_rf_read(sc, 13, &rf); 3843 rf = (rf & ~0x1f) | txpow2; 3844 run_rt3070_rf_write(sc, 13, rf); 3845 3846 run_rt3070_rf_read(sc, 1, &rf); 3847 rf &= ~0xfc; 3848 if (sc->ntxchains == 1) 3849 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3850 else if (sc->ntxchains == 2) 3851 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3852 if (sc->nrxchains == 1) 3853 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3854 else if (sc->nrxchains == 2) 3855 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3856 run_rt3070_rf_write(sc, 1, rf); 3857 3858 /* set RF offset */ 3859 run_rt3070_rf_read(sc, 23, &rf); 3860 rf = (rf & ~0x7f) | sc->freq; 3861 run_rt3070_rf_write(sc, 23, rf); 3862 3863 /* program RF filter */ 3864 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 3865 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3866 run_rt3070_rf_write(sc, 24, rf); 3867 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 3868 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3869 run_rt3070_rf_write(sc, 31, rf); 3870 3871 /* enable RF tuning */ 3872 run_rt3070_rf_read(sc, 7, &rf); 3873 run_rt3070_rf_write(sc, 7, rf | 0x01); 3874} 3875 3876static void 3877run_rt3572_set_chan(struct run_softc *sc, u_int chan) 3878{ 3879 int8_t txpow1, txpow2; 3880 uint32_t tmp; 3881 uint8_t rf; 3882 int i; 3883 3884 /* find the settings for this channel (we know it exists) */ 3885 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3886 3887 /* use Tx power values from EEPROM */ 3888 txpow1 = sc->txpow1[i]; 3889 txpow2 = sc->txpow2[i]; 3890 3891 if (chan <= 14) { 3892 run_bbp_write(sc, 25, sc->bbp25); 3893 run_bbp_write(sc, 26, sc->bbp26); 3894 } else { 3895 /* enable IQ phase correction */ 3896 run_bbp_write(sc, 25, 0x09); 3897 run_bbp_write(sc, 26, 0xff); 3898 } 3899 3900 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3901 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3902 run_rt3070_rf_read(sc, 6, &rf); 3903 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 3904 rf |= (chan <= 14) ? 0x08 : 0x04; 3905 run_rt3070_rf_write(sc, 6, rf); 3906 3907 /* set PLL mode */ 3908 run_rt3070_rf_read(sc, 5, &rf); 3909 rf &= ~(0x08 | 0x04); 3910 rf |= (chan <= 14) ? 0x04 : 0x08; 3911 run_rt3070_rf_write(sc, 5, rf); 3912 3913 /* set Tx power for chain 0 */ 3914 if (chan <= 14) 3915 rf = 0x60 | txpow1; 3916 else 3917 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 3918 run_rt3070_rf_write(sc, 12, rf); 3919 3920 /* set Tx power for chain 1 */ 3921 if (chan <= 14) 3922 rf = 0x60 | txpow2; 3923 else 3924 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 3925 run_rt3070_rf_write(sc, 13, rf); 3926 3927 /* set Tx/Rx streams */ 3928 run_rt3070_rf_read(sc, 1, &rf); 3929 rf &= ~0xfc; 3930 if (sc->ntxchains == 1) 3931 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3932 else if (sc->ntxchains == 2) 3933 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3934 if (sc->nrxchains == 1) 3935 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3936 else if (sc->nrxchains == 2) 3937 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3938 run_rt3070_rf_write(sc, 1, rf); 3939 3940 /* set RF offset */ 3941 run_rt3070_rf_read(sc, 23, &rf); 3942 rf = (rf & ~0x7f) | sc->freq; 3943 run_rt3070_rf_write(sc, 23, rf); 3944 3945 /* program RF filter */ 3946 rf = sc->rf24_20mhz; 3947 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 3948 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 3949 3950 /* enable RF tuning */ 3951 run_rt3070_rf_read(sc, 7, &rf); 3952 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 3953 run_rt3070_rf_write(sc, 7, rf); 3954 3955 /* TSSI */ 3956 rf = (chan <= 14) ? 0xc3 : 0xc0; 3957 run_rt3070_rf_write(sc, 9, rf); 3958 3959 /* set loop filter 1 */ 3960 run_rt3070_rf_write(sc, 10, 0xf1); 3961 /* set loop filter 2 */ 3962 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 3963 3964 /* set tx_mx2_ic */ 3965 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 3966 /* set tx_mx1_ic */ 3967 if (chan <= 14) 3968 rf = 0x48 | sc->txmixgain_2ghz; 3969 else 3970 rf = 0x78 | sc->txmixgain_5ghz; 3971 run_rt3070_rf_write(sc, 16, rf); 3972 3973 /* set tx_lo1 */ 3974 run_rt3070_rf_write(sc, 17, 0x23); 3975 /* set tx_lo2 */ 3976 if (chan <= 14) 3977 rf = 0x93; 3978 else if (chan <= 64) 3979 rf = 0xb7; 3980 else if (chan <= 128) 3981 rf = 0x74; 3982 else 3983 rf = 0x72; 3984 run_rt3070_rf_write(sc, 19, rf); 3985 3986 /* set rx_lo1 */ 3987 if (chan <= 14) 3988 rf = 0xb3; 3989 else if (chan <= 64) 3990 rf = 0xf6; 3991 else if (chan <= 128) 3992 rf = 0xf4; 3993 else 3994 rf = 0xf3; 3995 run_rt3070_rf_write(sc, 20, rf); 3996 3997 /* set pfd_delay */ 3998 if (chan <= 14) 3999 rf = 0x15; 4000 else if (chan <= 64) 4001 rf = 0x3d; 4002 else 4003 rf = 0x01; 4004 run_rt3070_rf_write(sc, 25, rf); 4005 4006 /* set rx_lo2 */ 4007 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4008 /* set ldo_rf_vc */ 4009 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4010 /* set drv_cc */ 4011 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4012 4013 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4014 tmp &= ~0x8080; 4015 if (chan <= 14) 4016 tmp |= 0x80; 4017 run_write(sc, RT2860_GPIO_CTRL, tmp); 4018 4019 /* enable RF tuning */ 4020 run_rt3070_rf_read(sc, 7, &rf); 4021 run_rt3070_rf_write(sc, 7, rf | 0x01); 4022 4023 run_delay(sc, 2); 4024} 4025 4026static void 4027run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4028{ 4029 int8_t txpow1, txpow2; 4030 uint8_t rf; 4031 int i; 4032 4033 /* find the settings for this channel (we know it exists) */ 4034 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4035 4036 /* use Tx power values from EEPROM */ 4037 txpow1 = sc->txpow1[i]; 4038 txpow2 = sc->txpow2[i]; 4039 4040 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4041 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4042 run_rt3070_rf_read(sc, 11, &rf); 4043 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4044 run_rt3070_rf_write(sc, 11, rf); 4045 4046 run_rt3070_rf_read(sc, 49, &rf); 4047 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4048 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4049 if ((rf & 0x3f) > 0x27) 4050 rf = (rf & ~0x3f) | 0x27; 4051 run_rt3070_rf_write(sc, 49, rf); 4052 4053 if (sc->mac_ver == 0x5392) { 4054 run_rt3070_rf_read(sc, 50, &rf); 4055 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4056 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4057 if ((rf & 0x3f) > 0x27) 4058 rf = (rf & ~0x3f) | 0x27; 4059 run_rt3070_rf_write(sc, 50, rf); 4060 } 4061 4062 run_rt3070_rf_read(sc, 1, &rf); 4063 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4064 if (sc->mac_ver == 0x5392) 4065 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4066 run_rt3070_rf_write(sc, 1, rf); 4067 4068 if (sc->mac_ver != 0x5392) { 4069 run_rt3070_rf_read(sc, 2, &rf); 4070 rf |= 0x80; 4071 run_rt3070_rf_write(sc, 2, rf); 4072 run_delay(sc, 10); 4073 rf &= 0x7f; 4074 run_rt3070_rf_write(sc, 2, rf); 4075 } 4076 4077 run_adjust_freq_offset(sc); 4078 4079 if (sc->mac_ver == 0x5392) { 4080 /* Fix for RT5392C. */ 4081 if (sc->mac_rev >= 0x0223) { 4082 if (chan <= 4) 4083 rf = 0x0f; 4084 else if (chan >= 5 && chan <= 7) 4085 rf = 0x0e; 4086 else 4087 rf = 0x0d; 4088 run_rt3070_rf_write(sc, 23, rf); 4089 4090 if (chan <= 4) 4091 rf = 0x0c; 4092 else if (chan == 5) 4093 rf = 0x0b; 4094 else if (chan >= 6 && chan <= 7) 4095 rf = 0x0a; 4096 else if (chan >= 8 && chan <= 10) 4097 rf = 0x09; 4098 else 4099 rf = 0x08; 4100 run_rt3070_rf_write(sc, 59, rf); 4101 } else { 4102 if (chan <= 11) 4103 rf = 0x0f; 4104 else 4105 rf = 0x0b; 4106 run_rt3070_rf_write(sc, 59, rf); 4107 } 4108 } else { 4109 /* Fix for RT5390F. */ 4110 if (sc->mac_rev >= 0x0502) { 4111 if (chan <= 11) 4112 rf = 0x43; 4113 else 4114 rf = 0x23; 4115 run_rt3070_rf_write(sc, 55, rf); 4116 4117 if (chan <= 11) 4118 rf = 0x0f; 4119 else if (chan == 12) 4120 rf = 0x0d; 4121 else 4122 rf = 0x0b; 4123 run_rt3070_rf_write(sc, 59, rf); 4124 } else { 4125 run_rt3070_rf_write(sc, 55, 0x44); 4126 run_rt3070_rf_write(sc, 59, 0x8f); 4127 } 4128 } 4129 4130 /* Enable VCO calibration. */ 4131 run_rt3070_rf_read(sc, 3, &rf); 4132 rf |= RT5390_VCOCAL; 4133 run_rt3070_rf_write(sc, 3, rf); 4134} 4135 4136static void 4137run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4138{ 4139 const struct rt5592_freqs *freqs; 4140 uint32_t tmp; 4141 uint8_t reg, rf, txpow_bound; 4142 int8_t txpow1, txpow2; 4143 int i; 4144 4145 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4146 freqs = (tmp & RT5592_SEL_XTAL) ? 4147 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4148 4149 /* find the settings for this channel (we know it exists) */ 4150 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4151 4152 /* use Tx power values from EEPROM */ 4153 txpow1 = sc->txpow1[i]; 4154 txpow2 = sc->txpow2[i]; 4155 4156 run_read(sc, RT3070_LDO_CFG0, &tmp); 4157 tmp &= ~0x1c000000; 4158 if (chan > 14) 4159 tmp |= 0x14000000; 4160 run_write(sc, RT3070_LDO_CFG0, tmp); 4161 4162 /* N setting. */ 4163 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4164 run_rt3070_rf_read(sc, 9, &rf); 4165 rf &= ~(1 << 4); 4166 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4167 run_rt3070_rf_write(sc, 9, rf); 4168 4169 /* K setting. */ 4170 run_rt3070_rf_read(sc, 9, &rf); 4171 rf &= ~0x0f; 4172 rf |= (freqs->k & 0x0f); 4173 run_rt3070_rf_write(sc, 9, rf); 4174 4175 /* Mode setting. */ 4176 run_rt3070_rf_read(sc, 11, &rf); 4177 rf &= ~0x0c; 4178 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4179 run_rt3070_rf_write(sc, 11, rf); 4180 run_rt3070_rf_read(sc, 9, &rf); 4181 rf &= ~(1 << 7); 4182 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4183 run_rt3070_rf_write(sc, 9, rf); 4184 4185 /* R setting. */ 4186 run_rt3070_rf_read(sc, 11, &rf); 4187 rf &= ~0x03; 4188 rf |= (freqs->r - 0x1); 4189 run_rt3070_rf_write(sc, 11, rf); 4190 4191 if (chan <= 14) { 4192 /* Initialize RF registers for 2GHZ. */ 4193 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4194 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4195 rt5592_2ghz_def_rf[i].val); 4196 } 4197 4198 rf = (chan <= 10) ? 0x07 : 0x06; 4199 run_rt3070_rf_write(sc, 23, rf); 4200 run_rt3070_rf_write(sc, 59, rf); 4201 4202 run_rt3070_rf_write(sc, 55, 0x43); 4203 4204 /* 4205 * RF R49/R50 Tx power ALC code. 4206 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4207 */ 4208 reg = 2; 4209 txpow_bound = 0x27; 4210 } else { 4211 /* Initialize RF registers for 5GHZ. */ 4212 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4213 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4214 rt5592_5ghz_def_rf[i].val); 4215 } 4216 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4217 if (chan >= rt5592_chan_5ghz[i].firstchan && 4218 chan <= rt5592_chan_5ghz[i].lastchan) { 4219 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4220 rt5592_chan_5ghz[i].val); 4221 } 4222 } 4223 4224 /* 4225 * RF R49/R50 Tx power ALC code. 4226 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4227 */ 4228 reg = 3; 4229 txpow_bound = 0x2b; 4230 } 4231 4232 /* RF R49 ch0 Tx power ALC code. */ 4233 run_rt3070_rf_read(sc, 49, &rf); 4234 rf &= ~0xc0; 4235 rf |= (reg << 6); 4236 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4237 if ((rf & 0x3f) > txpow_bound) 4238 rf = (rf & ~0x3f) | txpow_bound; 4239 run_rt3070_rf_write(sc, 49, rf); 4240 4241 /* RF R50 ch1 Tx power ALC code. */ 4242 run_rt3070_rf_read(sc, 50, &rf); 4243 rf &= ~(1 << 7 | 1 << 6); 4244 rf |= (reg << 6); 4245 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4246 if ((rf & 0x3f) > txpow_bound) 4247 rf = (rf & ~0x3f) | txpow_bound; 4248 run_rt3070_rf_write(sc, 50, rf); 4249 4250 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4251 run_rt3070_rf_read(sc, 1, &rf); 4252 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4253 if (sc->ntxchains > 1) 4254 rf |= RT3070_TX1_PD; 4255 if (sc->nrxchains > 1) 4256 rf |= RT3070_RX1_PD; 4257 run_rt3070_rf_write(sc, 1, rf); 4258 4259 run_rt3070_rf_write(sc, 6, 0xe4); 4260 4261 run_rt3070_rf_write(sc, 30, 0x10); 4262 run_rt3070_rf_write(sc, 31, 0x80); 4263 run_rt3070_rf_write(sc, 32, 0x80); 4264 4265 run_adjust_freq_offset(sc); 4266 4267 /* Enable VCO calibration. */ 4268 run_rt3070_rf_read(sc, 3, &rf); 4269 rf |= RT5390_VCOCAL; 4270 run_rt3070_rf_write(sc, 3, rf); 4271} 4272 4273static void 4274run_set_rx_antenna(struct run_softc *sc, int aux) 4275{ 4276 uint32_t tmp; 4277 uint8_t bbp152; 4278 4279 if (aux) { 4280 if (sc->rf_rev == RT5390_RF_5370) { 4281 run_bbp_read(sc, 152, &bbp152); 4282 run_bbp_write(sc, 152, bbp152 & ~0x80); 4283 } else { 4284 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4285 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4286 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4287 } 4288 } else { 4289 if (sc->rf_rev == RT5390_RF_5370) { 4290 run_bbp_read(sc, 152, &bbp152); 4291 run_bbp_write(sc, 152, bbp152 | 0x80); 4292 } else { 4293 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4294 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4295 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4296 } 4297 } 4298} 4299 4300static int 4301run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4302{ 4303 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4304 u_int chan, group; 4305 4306 chan = ieee80211_chan2ieee(ic, c); 4307 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4308 return (EINVAL); 4309 4310 if (sc->mac_ver == 0x5592) 4311 run_rt5592_set_chan(sc, chan); 4312 else if (sc->mac_ver >= 0x5390) 4313 run_rt5390_set_chan(sc, chan); 4314 else if (sc->mac_ver == 0x3572) 4315 run_rt3572_set_chan(sc, chan); 4316 else if (sc->mac_ver >= 0x3070) 4317 run_rt3070_set_chan(sc, chan); 4318 else 4319 run_rt2870_set_chan(sc, chan); 4320 4321 /* determine channel group */ 4322 if (chan <= 14) 4323 group = 0; 4324 else if (chan <= 64) 4325 group = 1; 4326 else if (chan <= 128) 4327 group = 2; 4328 else 4329 group = 3; 4330 4331 /* XXX necessary only when group has changed! */ 4332 run_select_chan_group(sc, group); 4333 4334 run_delay(sc, 10); 4335 4336 return (0); 4337} 4338 4339static void 4340run_set_channel(struct ieee80211com *ic) 4341{ 4342 struct run_softc *sc = ic->ic_ifp->if_softc; 4343 4344 RUN_LOCK(sc); 4345 run_set_chan(sc, ic->ic_curchan); 4346 RUN_UNLOCK(sc); 4347 4348 return; 4349} 4350 4351static void 4352run_scan_start(struct ieee80211com *ic) 4353{ 4354 struct run_softc *sc = ic->ic_ifp->if_softc; 4355 uint32_t tmp; 4356 4357 RUN_LOCK(sc); 4358 4359 /* abort TSF synchronization */ 4360 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4361 run_write(sc, RT2860_BCN_TIME_CFG, 4362 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4363 RT2860_TBTT_TIMER_EN)); 4364 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4365 4366 RUN_UNLOCK(sc); 4367 4368 return; 4369} 4370 4371static void 4372run_scan_end(struct ieee80211com *ic) 4373{ 4374 struct run_softc *sc = ic->ic_ifp->if_softc; 4375 4376 RUN_LOCK(sc); 4377 4378 run_enable_tsf_sync(sc); 4379 /* XXX keep local copy */ 4380 run_set_bssid(sc, sc->sc_bssid); 4381 4382 RUN_UNLOCK(sc); 4383 4384 return; 4385} 4386 4387/* 4388 * Could be called from ieee80211_node_timeout() 4389 * (non-sleepable thread) 4390 */ 4391static void 4392run_update_beacon(struct ieee80211vap *vap, int item) 4393{ 4394 struct ieee80211com *ic = vap->iv_ic; 4395 struct run_softc *sc = ic->ic_ifp->if_softc; 4396 struct run_vap *rvp = RUN_VAP(vap); 4397 int mcast = 0; 4398 uint32_t i; 4399 4400 KASSERT(vap != NULL, ("no beacon")); 4401 4402 switch (item) { 4403 case IEEE80211_BEACON_ERP: 4404 run_updateslot(ic->ic_ifp); 4405 break; 4406 case IEEE80211_BEACON_HTINFO: 4407 run_updateprot(ic); 4408 break; 4409 case IEEE80211_BEACON_TIM: 4410 mcast = 1; /*TODO*/ 4411 break; 4412 default: 4413 break; 4414 } 4415 4416 setbit(rvp->bo.bo_flags, item); 4417 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4418 4419 i = RUN_CMDQ_GET(&sc->cmdq_store); 4420 DPRINTF("cmdq_store=%d\n", i); 4421 sc->cmdq[i].func = run_update_beacon_cb; 4422 sc->cmdq[i].arg0 = vap; 4423 ieee80211_runtask(ic, &sc->cmdq_task); 4424 4425 return; 4426} 4427 4428static void 4429run_update_beacon_cb(void *arg) 4430{ 4431 struct ieee80211vap *vap = arg; 4432 struct run_vap *rvp = RUN_VAP(vap); 4433 struct ieee80211com *ic = vap->iv_ic; 4434 struct run_softc *sc = ic->ic_ifp->if_softc; 4435 struct rt2860_txwi txwi; 4436 struct mbuf *m; 4437 uint16_t txwisize; 4438 uint8_t ridx; 4439 4440 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4441 return; 4442 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4443 return; 4444 4445 /* 4446 * No need to call ieee80211_beacon_update(), run_update_beacon() 4447 * is taking care of apropriate calls. 4448 */ 4449 if (rvp->beacon_mbuf == NULL) { 4450 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4451 &rvp->bo); 4452 if (rvp->beacon_mbuf == NULL) 4453 return; 4454 } 4455 m = rvp->beacon_mbuf; 4456 4457 memset(&txwi, 0, sizeof(txwi)); 4458 txwi.wcid = 0xff; 4459 txwi.len = htole16(m->m_pkthdr.len); 4460 4461 /* send beacons at the lowest available rate */ 4462 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4463 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4464 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4465 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4466 txwi.phy |= htole16(RT2860_PHY_OFDM); 4467 txwi.txop = RT2860_TX_TXOP_HT; 4468 txwi.flags = RT2860_TX_TS; 4469 txwi.xflags = RT2860_TX_NSEQ; 4470 4471 txwisize = (sc->mac_ver == 0x5592) ? 4472 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4473 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4474 txwisize); 4475 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4476 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4477} 4478 4479static void 4480run_updateprot(struct ieee80211com *ic) 4481{ 4482 struct run_softc *sc = ic->ic_ifp->if_softc; 4483 uint32_t i; 4484 4485 i = RUN_CMDQ_GET(&sc->cmdq_store); 4486 DPRINTF("cmdq_store=%d\n", i); 4487 sc->cmdq[i].func = run_updateprot_cb; 4488 sc->cmdq[i].arg0 = ic; 4489 ieee80211_runtask(ic, &sc->cmdq_task); 4490} 4491 4492static void 4493run_updateprot_cb(void *arg) 4494{ 4495 struct ieee80211com *ic = arg; 4496 struct run_softc *sc = ic->ic_ifp->if_softc; 4497 uint32_t tmp; 4498 4499 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4500 /* setup protection frame rate (MCS code) */ 4501 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4502 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4503 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4504 4505 /* CCK frames don't require protection */ 4506 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4507 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4508 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4509 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4510 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4511 tmp |= RT2860_PROT_CTRL_CTS; 4512 } 4513 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4514} 4515 4516static void 4517run_usb_timeout_cb(void *arg) 4518{ 4519 struct ieee80211vap *vap = arg; 4520 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4521 4522 RUN_LOCK_ASSERT(sc, MA_OWNED); 4523 4524 if(vap->iv_state == IEEE80211_S_RUN && 4525 vap->iv_opmode != IEEE80211_M_STA) 4526 run_reset_livelock(sc); 4527 else if (vap->iv_state == IEEE80211_S_SCAN) { 4528 DPRINTF("timeout caused by scan\n"); 4529 /* cancel bgscan */ 4530 ieee80211_cancel_scan(vap); 4531 } else 4532 DPRINTF("timeout by unknown cause\n"); 4533} 4534 4535static void 4536run_reset_livelock(struct run_softc *sc) 4537{ 4538 uint32_t tmp; 4539 4540 RUN_LOCK_ASSERT(sc, MA_OWNED); 4541 4542 /* 4543 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4544 * can run into a livelock and start sending CTS-to-self frames like 4545 * crazy if protection is enabled. Reset MAC/BBP for a while 4546 */ 4547 run_read(sc, RT2860_DEBUG, &tmp); 4548 DPRINTFN(3, "debug reg %08x\n", tmp); 4549 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4550 DPRINTF("CTS-to-self livelock detected\n"); 4551 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4552 run_delay(sc, 1); 4553 run_write(sc, RT2860_MAC_SYS_CTRL, 4554 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4555 } 4556} 4557 4558static void 4559run_update_promisc_locked(struct ifnet *ifp) 4560{ 4561 struct run_softc *sc = ifp->if_softc; 4562 uint32_t tmp; 4563 4564 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4565 4566 tmp |= RT2860_DROP_UC_NOME; 4567 if (ifp->if_flags & IFF_PROMISC) 4568 tmp &= ~RT2860_DROP_UC_NOME; 4569 4570 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4571 4572 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4573 "entering" : "leaving"); 4574} 4575 4576static void 4577run_update_promisc(struct ifnet *ifp) 4578{ 4579 struct run_softc *sc = ifp->if_softc; 4580 4581 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4582 return; 4583 4584 RUN_LOCK(sc); 4585 run_update_promisc_locked(ifp); 4586 RUN_UNLOCK(sc); 4587} 4588 4589static void 4590run_enable_tsf_sync(struct run_softc *sc) 4591{ 4592 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4593 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4594 uint32_t tmp; 4595 4596 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 4597 ic->ic_opmode); 4598 4599 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4600 tmp &= ~0x1fffff; 4601 tmp |= vap->iv_bss->ni_intval * 16; 4602 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4603 4604 if (ic->ic_opmode == IEEE80211_M_STA) { 4605 /* 4606 * Local TSF is always updated with remote TSF on beacon 4607 * reception. 4608 */ 4609 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4610 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4611 tmp |= RT2860_BCN_TX_EN; 4612 /* 4613 * Local TSF is updated with remote TSF on beacon reception 4614 * only if the remote TSF is greater than local TSF. 4615 */ 4616 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4617 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4618 ic->ic_opmode == IEEE80211_M_MBSS) { 4619 tmp |= RT2860_BCN_TX_EN; 4620 /* SYNC with nobody */ 4621 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4622 } else { 4623 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4624 return; 4625 } 4626 4627 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4628} 4629 4630static void 4631run_enable_mrr(struct run_softc *sc) 4632{ 4633#define CCK(mcs) (mcs) 4634#define OFDM(mcs) (1 << 3 | (mcs)) 4635 run_write(sc, RT2860_LG_FBK_CFG0, 4636 OFDM(6) << 28 | /* 54->48 */ 4637 OFDM(5) << 24 | /* 48->36 */ 4638 OFDM(4) << 20 | /* 36->24 */ 4639 OFDM(3) << 16 | /* 24->18 */ 4640 OFDM(2) << 12 | /* 18->12 */ 4641 OFDM(1) << 8 | /* 12-> 9 */ 4642 OFDM(0) << 4 | /* 9-> 6 */ 4643 OFDM(0)); /* 6-> 6 */ 4644 4645 run_write(sc, RT2860_LG_FBK_CFG1, 4646 CCK(2) << 12 | /* 11->5.5 */ 4647 CCK(1) << 8 | /* 5.5-> 2 */ 4648 CCK(0) << 4 | /* 2-> 1 */ 4649 CCK(0)); /* 1-> 1 */ 4650#undef OFDM 4651#undef CCK 4652} 4653 4654static void 4655run_set_txpreamble(struct run_softc *sc) 4656{ 4657 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4658 uint32_t tmp; 4659 4660 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4661 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4662 tmp |= RT2860_CCK_SHORT_EN; 4663 else 4664 tmp &= ~RT2860_CCK_SHORT_EN; 4665 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4666} 4667 4668static void 4669run_set_basicrates(struct run_softc *sc) 4670{ 4671 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4672 4673 /* set basic rates mask */ 4674 if (ic->ic_curmode == IEEE80211_MODE_11B) 4675 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4676 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4677 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4678 else /* 11g */ 4679 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4680} 4681 4682static void 4683run_set_leds(struct run_softc *sc, uint16_t which) 4684{ 4685 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4686 which | (sc->leds & 0x7f)); 4687} 4688 4689static void 4690run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4691{ 4692 run_write(sc, RT2860_MAC_BSSID_DW0, 4693 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4694 run_write(sc, RT2860_MAC_BSSID_DW1, 4695 bssid[4] | bssid[5] << 8); 4696} 4697 4698static void 4699run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4700{ 4701 run_write(sc, RT2860_MAC_ADDR_DW0, 4702 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4703 run_write(sc, RT2860_MAC_ADDR_DW1, 4704 addr[4] | addr[5] << 8 | 0xff << 16); 4705} 4706 4707static void 4708run_updateslot(struct ifnet *ifp) 4709{ 4710 struct run_softc *sc = ifp->if_softc; 4711 struct ieee80211com *ic = ifp->if_l2com; 4712 uint32_t i; 4713 4714 i = RUN_CMDQ_GET(&sc->cmdq_store); 4715 DPRINTF("cmdq_store=%d\n", i); 4716 sc->cmdq[i].func = run_updateslot_cb; 4717 sc->cmdq[i].arg0 = ifp; 4718 ieee80211_runtask(ic, &sc->cmdq_task); 4719 4720 return; 4721} 4722 4723/* ARGSUSED */ 4724static void 4725run_updateslot_cb(void *arg) 4726{ 4727 struct ifnet *ifp = arg; 4728 struct run_softc *sc = ifp->if_softc; 4729 struct ieee80211com *ic = ifp->if_l2com; 4730 uint32_t tmp; 4731 4732 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4733 tmp &= ~0xff; 4734 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4735 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4736} 4737 4738static void 4739run_update_mcast(struct ifnet *ifp) 4740{ 4741 /* h/w filter supports getting everything or nothing */ 4742 ifp->if_flags |= IFF_ALLMULTI; 4743} 4744 4745static int8_t 4746run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4747{ 4748 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4749 struct ieee80211_channel *c = ic->ic_curchan; 4750 int delta; 4751 4752 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4753 u_int chan = ieee80211_chan2ieee(ic, c); 4754 delta = sc->rssi_5ghz[rxchain]; 4755 4756 /* determine channel group */ 4757 if (chan <= 64) 4758 delta -= sc->lna[1]; 4759 else if (chan <= 128) 4760 delta -= sc->lna[2]; 4761 else 4762 delta -= sc->lna[3]; 4763 } else 4764 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4765 4766 return (-12 - delta - rssi); 4767} 4768 4769static void 4770run_rt5390_bbp_init(struct run_softc *sc) 4771{ 4772 int i; 4773 uint8_t bbp; 4774 4775 /* Apply maximum likelihood detection for 2 stream case. */ 4776 run_bbp_read(sc, 105, &bbp); 4777 if (sc->nrxchains > 1) 4778 run_bbp_write(sc, 105, bbp | RT5390_MLD); 4779 4780 /* Avoid data lost and CRC error. */ 4781 run_bbp_read(sc, 4, &bbp); 4782 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 4783 4784 if (sc->mac_ver == 0x5592) { 4785 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 4786 run_bbp_write(sc, rt5592_def_bbp[i].reg, 4787 rt5592_def_bbp[i].val); 4788 } 4789 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 4790 run_bbp_write(sc, 195, i + 0x80); 4791 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 4792 } 4793 } else { 4794 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 4795 run_bbp_write(sc, rt5390_def_bbp[i].reg, 4796 rt5390_def_bbp[i].val); 4797 } 4798 } 4799 if (sc->mac_ver == 0x5392) { 4800 run_bbp_write(sc, 88, 0x90); 4801 run_bbp_write(sc, 95, 0x9a); 4802 run_bbp_write(sc, 98, 0x12); 4803 run_bbp_write(sc, 106, 0x12); 4804 run_bbp_write(sc, 134, 0xd0); 4805 run_bbp_write(sc, 135, 0xf6); 4806 run_bbp_write(sc, 148, 0x84); 4807 } 4808 4809 run_bbp_read(sc, 152, &bbp); 4810 run_bbp_write(sc, 152, bbp | 0x80); 4811 4812 /* Fix BBP254 for RT5592C. */ 4813 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 4814 run_bbp_read(sc, 254, &bbp); 4815 run_bbp_write(sc, 254, bbp | 0x80); 4816 } 4817 4818 /* Disable hardware antenna diversity. */ 4819 if (sc->mac_ver == 0x5390) 4820 run_bbp_write(sc, 154, 0); 4821 4822 /* Initialize Rx CCK/OFDM frequency offset report. */ 4823 run_bbp_write(sc, 142, 1); 4824 run_bbp_write(sc, 143, 57); 4825} 4826 4827static int 4828run_bbp_init(struct run_softc *sc) 4829{ 4830 int i, error, ntries; 4831 uint8_t bbp0; 4832 4833 /* wait for BBP to wake up */ 4834 for (ntries = 0; ntries < 20; ntries++) { 4835 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4836 return error; 4837 if (bbp0 != 0 && bbp0 != 0xff) 4838 break; 4839 } 4840 if (ntries == 20) 4841 return (ETIMEDOUT); 4842 4843 /* initialize BBP registers to default values */ 4844 if (sc->mac_ver >= 0x5390) 4845 run_rt5390_bbp_init(sc); 4846 else { 4847 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 4848 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4849 rt2860_def_bbp[i].val); 4850 } 4851 } 4852 4853 /* fix BBP84 for RT2860E */ 4854 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4855 run_bbp_write(sc, 84, 0x19); 4856 4857 if (sc->mac_ver >= 0x3070 && sc->mac_ver != 0x5592) { 4858 run_bbp_write(sc, 79, 0x13); 4859 run_bbp_write(sc, 80, 0x05); 4860 run_bbp_write(sc, 81, 0x33); 4861 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 4862 run_bbp_write(sc, 69, 0x16); 4863 run_bbp_write(sc, 73, 0x12); 4864 } 4865 return (0); 4866} 4867 4868static int 4869run_rt3070_rf_init(struct run_softc *sc) 4870{ 4871 uint32_t tmp; 4872 uint8_t bbp4, mingain, rf, target; 4873 int i; 4874 4875 run_rt3070_rf_read(sc, 30, &rf); 4876 /* toggle RF R30 bit 7 */ 4877 run_rt3070_rf_write(sc, 30, rf | 0x80); 4878 run_delay(sc, 10); 4879 run_rt3070_rf_write(sc, 30, rf & ~0x80); 4880 4881 /* initialize RF registers to default value */ 4882 if (sc->mac_ver == 0x3572) { 4883 for (i = 0; i < nitems(rt3572_def_rf); i++) { 4884 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 4885 rt3572_def_rf[i].val); 4886 } 4887 } else { 4888 for (i = 0; i < nitems(rt3070_def_rf); i++) { 4889 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 4890 rt3070_def_rf[i].val); 4891 } 4892 } 4893 4894 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 4895 /* 4896 * Change voltage from 1.2V to 1.35V for RT3070. 4897 * The DAC issue (RT3070_LDO_CFG0) has been fixed 4898 * in RT3070(F). 4899 */ 4900 run_read(sc, RT3070_LDO_CFG0, &tmp); 4901 tmp = (tmp & ~0x0f000000) | 0x0d000000; 4902 run_write(sc, RT3070_LDO_CFG0, tmp); 4903 4904 } else if (sc->mac_ver == 0x3071) { 4905 run_rt3070_rf_read(sc, 6, &rf); 4906 run_rt3070_rf_write(sc, 6, rf | 0x40); 4907 run_rt3070_rf_write(sc, 31, 0x14); 4908 4909 run_read(sc, RT3070_LDO_CFG0, &tmp); 4910 tmp &= ~0x1f000000; 4911 if (sc->mac_rev < 0x0211) 4912 tmp |= 0x0d000000; /* 1.3V */ 4913 else 4914 tmp |= 0x01000000; /* 1.2V */ 4915 run_write(sc, RT3070_LDO_CFG0, tmp); 4916 4917 /* patch LNA_PE_G1 */ 4918 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 4919 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 4920 4921 } else if (sc->mac_ver == 0x3572) { 4922 run_rt3070_rf_read(sc, 6, &rf); 4923 run_rt3070_rf_write(sc, 6, rf | 0x40); 4924 4925 /* increase voltage from 1.2V to 1.35V */ 4926 run_read(sc, RT3070_LDO_CFG0, &tmp); 4927 tmp = (tmp & ~0x1f000000) | 0x0d000000; 4928 run_write(sc, RT3070_LDO_CFG0, tmp); 4929 4930 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 4931 run_delay(sc, 1); /* wait for 1msec */ 4932 /* decrease voltage back to 1.2V */ 4933 tmp = (tmp & ~0x1f000000) | 0x01000000; 4934 run_write(sc, RT3070_LDO_CFG0, tmp); 4935 } 4936 } 4937 4938 /* select 20MHz bandwidth */ 4939 run_rt3070_rf_read(sc, 31, &rf); 4940 run_rt3070_rf_write(sc, 31, rf & ~0x20); 4941 4942 /* calibrate filter for 20MHz bandwidth */ 4943 sc->rf24_20mhz = 0x1f; /* default value */ 4944 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 4945 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 4946 4947 /* select 40MHz bandwidth */ 4948 run_bbp_read(sc, 4, &bbp4); 4949 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 4950 run_rt3070_rf_read(sc, 31, &rf); 4951 run_rt3070_rf_write(sc, 31, rf | 0x20); 4952 4953 /* calibrate filter for 40MHz bandwidth */ 4954 sc->rf24_40mhz = 0x2f; /* default value */ 4955 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 4956 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 4957 4958 /* go back to 20MHz bandwidth */ 4959 run_bbp_read(sc, 4, &bbp4); 4960 run_bbp_write(sc, 4, bbp4 & ~0x18); 4961 4962 if (sc->mac_ver == 0x3572) { 4963 /* save default BBP registers 25 and 26 values */ 4964 run_bbp_read(sc, 25, &sc->bbp25); 4965 run_bbp_read(sc, 26, &sc->bbp26); 4966 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 4967 run_rt3070_rf_write(sc, 27, 0x03); 4968 4969 run_read(sc, RT3070_OPT_14, &tmp); 4970 run_write(sc, RT3070_OPT_14, tmp | 1); 4971 4972 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4973 run_rt3070_rf_read(sc, 17, &rf); 4974 rf &= ~RT3070_TX_LO1; 4975 if ((sc->mac_ver == 0x3070 || 4976 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 4977 !sc->ext_2ghz_lna) 4978 rf |= 0x20; /* fix for long range Rx issue */ 4979 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 4980 if (sc->txmixgain_2ghz >= mingain) 4981 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 4982 run_rt3070_rf_write(sc, 17, rf); 4983 } 4984 4985 if (sc->mac_rev == 0x3071) { 4986 run_rt3070_rf_read(sc, 1, &rf); 4987 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 4988 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 4989 run_rt3070_rf_write(sc, 1, rf); 4990 4991 run_rt3070_rf_read(sc, 15, &rf); 4992 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 4993 4994 run_rt3070_rf_read(sc, 20, &rf); 4995 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 4996 4997 run_rt3070_rf_read(sc, 21, &rf); 4998 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 4999 } 5000 5001 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5002 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5003 run_rt3070_rf_read(sc, 27, &rf); 5004 rf &= ~0x77; 5005 if (sc->mac_rev < 0x0211) 5006 rf |= 0x03; 5007 run_rt3070_rf_write(sc, 27, rf); 5008 } 5009 return (0); 5010} 5011 5012static void 5013run_rt5390_rf_init(struct run_softc *sc) 5014{ 5015 uint32_t tmp; 5016 uint8_t rf; 5017 int i; 5018 5019 /* Toggle RF R2 to initiate calibration. */ 5020 if (sc->mac_ver == 0x5390) { 5021 run_rt3070_rf_read(sc, 2, &rf); 5022 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5023 run_delay(sc, 10); 5024 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5025 } else { 5026 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5027 run_delay(sc, 10); 5028 } 5029 5030 /* Initialize RF registers to default value. */ 5031 if (sc->mac_ver == 0x5592) { 5032 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5033 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5034 rt5592_def_rf[i].val); 5035 } 5036 /* Initialize RF frequency offset. */ 5037 run_adjust_freq_offset(sc); 5038 } else if (sc->mac_ver == 0x5392) { 5039 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5040 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5041 rt5392_def_rf[i].val); 5042 } 5043 if (sc->mac_rev >= 0x0223) { 5044 run_rt3070_rf_write(sc, 23, 0x0f); 5045 run_rt3070_rf_write(sc, 24, 0x3e); 5046 run_rt3070_rf_write(sc, 51, 0x32); 5047 run_rt3070_rf_write(sc, 53, 0x22); 5048 run_rt3070_rf_write(sc, 56, 0xc1); 5049 run_rt3070_rf_write(sc, 59, 0x0f); 5050 } 5051 } else { 5052 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5053 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5054 rt5390_def_rf[i].val); 5055 } 5056 if (sc->mac_rev >= 0x0502) { 5057 run_rt3070_rf_write(sc, 6, 0xe0); 5058 run_rt3070_rf_write(sc, 25, 0x80); 5059 run_rt3070_rf_write(sc, 46, 0x73); 5060 run_rt3070_rf_write(sc, 53, 0x00); 5061 run_rt3070_rf_write(sc, 56, 0x42); 5062 run_rt3070_rf_write(sc, 61, 0xd1); 5063 } 5064 } 5065 5066 sc->rf24_20mhz = 0x1f; /* default value */ 5067 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5068 5069 if (sc->mac_rev < 0x0211) 5070 run_rt3070_rf_write(sc, 27, 0x3); 5071 5072 run_read(sc, RT3070_OPT_14, &tmp); 5073 run_write(sc, RT3070_OPT_14, tmp | 1); 5074} 5075 5076static int 5077run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5078 uint8_t *val) 5079{ 5080 uint8_t rf22, rf24; 5081 uint8_t bbp55_pb, bbp55_sb, delta; 5082 int ntries; 5083 5084 /* program filter */ 5085 run_rt3070_rf_read(sc, 24, &rf24); 5086 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5087 run_rt3070_rf_write(sc, 24, rf24); 5088 5089 /* enable baseband loopback mode */ 5090 run_rt3070_rf_read(sc, 22, &rf22); 5091 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5092 5093 /* set power and frequency of passband test tone */ 5094 run_bbp_write(sc, 24, 0x00); 5095 for (ntries = 0; ntries < 100; ntries++) { 5096 /* transmit test tone */ 5097 run_bbp_write(sc, 25, 0x90); 5098 run_delay(sc, 10); 5099 /* read received power */ 5100 run_bbp_read(sc, 55, &bbp55_pb); 5101 if (bbp55_pb != 0) 5102 break; 5103 } 5104 if (ntries == 100) 5105 return (ETIMEDOUT); 5106 5107 /* set power and frequency of stopband test tone */ 5108 run_bbp_write(sc, 24, 0x06); 5109 for (ntries = 0; ntries < 100; ntries++) { 5110 /* transmit test tone */ 5111 run_bbp_write(sc, 25, 0x90); 5112 run_delay(sc, 10); 5113 /* read received power */ 5114 run_bbp_read(sc, 55, &bbp55_sb); 5115 5116 delta = bbp55_pb - bbp55_sb; 5117 if (delta > target) 5118 break; 5119 5120 /* reprogram filter */ 5121 rf24++; 5122 run_rt3070_rf_write(sc, 24, rf24); 5123 } 5124 if (ntries < 100) { 5125 if (rf24 != init) 5126 rf24--; /* backtrack */ 5127 *val = rf24; 5128 run_rt3070_rf_write(sc, 24, rf24); 5129 } 5130 5131 /* restore initial state */ 5132 run_bbp_write(sc, 24, 0x00); 5133 5134 /* disable baseband loopback mode */ 5135 run_rt3070_rf_read(sc, 22, &rf22); 5136 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5137 5138 return (0); 5139} 5140 5141static void 5142run_rt3070_rf_setup(struct run_softc *sc) 5143{ 5144 uint8_t bbp, rf; 5145 int i; 5146 5147 if (sc->mac_ver >= 0x5390) { 5148 if (sc->mac_rev >= 0x0211) { 5149 /* Enable DC filter. */ 5150 run_bbp_write(sc, 103, 0xc0); 5151 5152 if (sc->mac_ver != 0x5592) { 5153 /* Improve power consumption. */ 5154 run_bbp_read(sc, 31, &bbp); 5155 run_bbp_write(sc, 31, bbp & ~0x03); 5156 } 5157 } 5158 5159 run_bbp_read(sc, 138, &bbp); 5160 if (sc->ntxchains == 1) 5161 bbp |= 0x20; /* turn off DAC1 */ 5162 if (sc->nrxchains == 1) 5163 bbp &= ~0x02; /* turn off ADC1 */ 5164 run_bbp_write(sc, 138, bbp); 5165 5166 run_rt3070_rf_read(sc, 38, &rf); 5167 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5168 5169 run_rt3070_rf_read(sc, 39, &rf); 5170 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5171 5172 /* Avoid data lost and CRC error. */ 5173 run_bbp_read(sc, 4, &bbp); 5174 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5175 5176 run_rt3070_rf_read(sc, 30, &rf); 5177 rf = (rf & ~0x18) | 0x10; 5178 run_rt3070_rf_write(sc, 30, rf); 5179 5180 if (sc->mac_ver != 0x5592) { 5181 run_write(sc, RT2860_TX_SW_CFG1, 0); 5182 if (sc->mac_rev < 0x0211) { 5183 run_write(sc, RT2860_TX_SW_CFG2, 5184 sc->patch_dac ? 0x2c : 0x0f); 5185 } else 5186 run_write(sc, RT2860_TX_SW_CFG2, 0); 5187 } 5188 5189 } else if (sc->mac_ver == 0x3572) { 5190 /* enable DC filter */ 5191 if (sc->mac_rev >= 0x0201) 5192 run_bbp_write(sc, 103, 0xc0); 5193 5194 run_bbp_read(sc, 138, &bbp); 5195 if (sc->ntxchains == 1) 5196 bbp |= 0x20; /* turn off DAC1 */ 5197 if (sc->nrxchains == 1) 5198 bbp &= ~0x02; /* turn off ADC1 */ 5199 run_bbp_write(sc, 138, bbp); 5200 5201 if (sc->mac_rev >= 0x0211) { 5202 /* improve power consumption */ 5203 run_bbp_read(sc, 31, &bbp); 5204 run_bbp_write(sc, 31, bbp & ~0x03); 5205 } 5206 5207 run_rt3070_rf_read(sc, 16, &rf); 5208 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5209 run_rt3070_rf_write(sc, 16, rf); 5210 5211 } else if (sc->mac_ver == 0x3071) { 5212 if (sc->mac_rev >= 0x0211) { 5213 /* enable DC filter */ 5214 run_bbp_write(sc, 103, 0xc0); 5215 5216 /* improve power consumption */ 5217 run_bbp_read(sc, 31, &bbp); 5218 run_bbp_write(sc, 31, bbp & ~0x03); 5219 } 5220 5221 run_bbp_read(sc, 138, &bbp); 5222 if (sc->ntxchains == 1) 5223 bbp |= 0x20; /* turn off DAC1 */ 5224 if (sc->nrxchains == 1) 5225 bbp &= ~0x02; /* turn off ADC1 */ 5226 run_bbp_write(sc, 138, bbp); 5227 5228 run_write(sc, RT2860_TX_SW_CFG1, 0); 5229 if (sc->mac_rev < 0x0211) { 5230 run_write(sc, RT2860_TX_SW_CFG2, 5231 sc->patch_dac ? 0x2c : 0x0f); 5232 } else 5233 run_write(sc, RT2860_TX_SW_CFG2, 0); 5234 5235 } else if (sc->mac_ver == 0x3070) { 5236 if (sc->mac_rev >= 0x0201) { 5237 /* enable DC filter */ 5238 run_bbp_write(sc, 103, 0xc0); 5239 5240 /* improve power consumption */ 5241 run_bbp_read(sc, 31, &bbp); 5242 run_bbp_write(sc, 31, bbp & ~0x03); 5243 } 5244 5245 if (sc->mac_rev < 0x0201) { 5246 run_write(sc, RT2860_TX_SW_CFG1, 0); 5247 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5248 } else 5249 run_write(sc, RT2860_TX_SW_CFG2, 0); 5250 } 5251 5252 /* initialize RF registers from ROM for >=RT3071*/ 5253 if (sc->mac_ver >= 0x3071 && sc->mac_ver < 0x5390) { 5254 for (i = 0; i < 10; i++) { 5255 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5256 continue; 5257 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5258 } 5259 } 5260} 5261 5262static int 5263run_txrx_enable(struct run_softc *sc) 5264{ 5265 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5266 uint32_t tmp; 5267 int error, ntries; 5268 5269 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5270 for (ntries = 0; ntries < 200; ntries++) { 5271 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5272 return (error); 5273 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5274 break; 5275 run_delay(sc, 50); 5276 } 5277 if (ntries == 200) 5278 return (ETIMEDOUT); 5279 5280 run_delay(sc, 50); 5281 5282 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5283 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5284 5285 /* enable Rx bulk aggregation (set timeout and limit) */ 5286 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5287 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5288 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5289 5290 /* set Rx filter */ 5291 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5292 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5293 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5294 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5295 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5296 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5297 if (ic->ic_opmode == IEEE80211_M_STA) 5298 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5299 } 5300 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5301 5302 run_write(sc, RT2860_MAC_SYS_CTRL, 5303 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5304 5305 return (0); 5306} 5307 5308static void 5309run_adjust_freq_offset(struct run_softc *sc) 5310{ 5311 uint8_t rf, tmp; 5312 5313 run_rt3070_rf_read(sc, 17, &rf); 5314 tmp = rf; 5315 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5316 rf = MIN(rf, 0x5f); 5317 5318 if (tmp != rf) 5319 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5320} 5321 5322static void 5323run_init_locked(struct run_softc *sc) 5324{ 5325 struct ifnet *ifp = sc->sc_ifp; 5326 struct ieee80211com *ic = ifp->if_l2com; 5327 uint32_t tmp; 5328 uint8_t bbp1, bbp3; 5329 int i; 5330 int ridx; 5331 int ntries; 5332 5333 if (ic->ic_nrunning > 1) 5334 return; 5335 5336 run_stop(sc); 5337 5338 if (run_load_microcode(sc) != 0) { 5339 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5340 goto fail; 5341 } 5342 5343 for (ntries = 0; ntries < 100; ntries++) { 5344 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5345 goto fail; 5346 if (tmp != 0 && tmp != 0xffffffff) 5347 break; 5348 run_delay(sc, 10); 5349 } 5350 if (ntries == 100) 5351 goto fail; 5352 5353 for (i = 0; i != RUN_EP_QUEUES; i++) 5354 run_setup_tx_list(sc, &sc->sc_epq[i]); 5355 5356 run_set_macaddr(sc, IF_LLADDR(ifp)); 5357 5358 for (ntries = 0; ntries < 100; ntries++) { 5359 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5360 goto fail; 5361 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5362 break; 5363 run_delay(sc, 10); 5364 } 5365 if (ntries == 100) { 5366 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5367 goto fail; 5368 } 5369 tmp &= 0xff0; 5370 tmp |= RT2860_TX_WB_DDONE; 5371 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5372 5373 /* turn off PME_OEN to solve high-current issue */ 5374 run_read(sc, RT2860_SYS_CTRL, &tmp); 5375 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5376 5377 run_write(sc, RT2860_MAC_SYS_CTRL, 5378 RT2860_BBP_HRST | RT2860_MAC_SRST); 5379 run_write(sc, RT2860_USB_DMA_CFG, 0); 5380 5381 if (run_reset(sc) != 0) { 5382 device_printf(sc->sc_dev, "could not reset chipset\n"); 5383 goto fail; 5384 } 5385 5386 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5387 5388 /* init Tx power for all Tx rates (from EEPROM) */ 5389 for (ridx = 0; ridx < 5; ridx++) { 5390 if (sc->txpow20mhz[ridx] == 0xffffffff) 5391 continue; 5392 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5393 } 5394 5395 for (i = 0; i < nitems(rt2870_def_mac); i++) 5396 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 5397 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 5398 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 5399 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 5400 5401 if (sc->mac_ver >= 0x5390) { 5402 run_write(sc, RT2860_TX_SW_CFG0, 5403 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 5404 if (sc->mac_ver >= 0x5392) { 5405 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 5406 if (sc->mac_ver == 0x5592) { 5407 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 5408 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 5409 } else { 5410 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 5411 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 5412 } 5413 } 5414 } else if (sc->mac_ver >= 0x3070) { 5415 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 5416 run_write(sc, RT2860_TX_SW_CFG0, 5417 4 << RT2860_DLY_PAPE_EN_SHIFT); 5418 } 5419 5420 /* wait while MAC is busy */ 5421 for (ntries = 0; ntries < 100; ntries++) { 5422 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 5423 goto fail; 5424 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 5425 break; 5426 run_delay(sc, 10); 5427 } 5428 if (ntries == 100) 5429 goto fail; 5430 5431 /* clear Host to MCU mailbox */ 5432 run_write(sc, RT2860_H2M_BBPAGENT, 0); 5433 run_write(sc, RT2860_H2M_MAILBOX, 0); 5434 run_delay(sc, 10); 5435 5436 if (run_bbp_init(sc) != 0) { 5437 device_printf(sc->sc_dev, "could not initialize BBP\n"); 5438 goto fail; 5439 } 5440 5441 /* abort TSF synchronization */ 5442 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5443 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5444 RT2860_TBTT_TIMER_EN); 5445 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5446 5447 /* clear RX WCID search table */ 5448 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 5449 /* clear WCID attribute table */ 5450 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 5451 5452 /* hostapd sets a key before init. So, don't clear it. */ 5453 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 5454 /* clear shared key table */ 5455 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 5456 /* clear shared key mode */ 5457 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 5458 } 5459 5460 run_read(sc, RT2860_US_CYC_CNT, &tmp); 5461 tmp = (tmp & ~0xff) | 0x1e; 5462 run_write(sc, RT2860_US_CYC_CNT, tmp); 5463 5464 if (sc->mac_rev != 0x0101) 5465 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 5466 5467 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 5468 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 5469 5470 /* write vendor-specific BBP values (from EEPROM) */ 5471 if (sc->mac_ver < 0x5390) { 5472 for (i = 0; i < 10; i++) { 5473 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 5474 continue; 5475 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 5476 } 5477 } 5478 5479 /* select Main antenna for 1T1R devices */ 5480 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 5481 run_set_rx_antenna(sc, 0); 5482 5483 /* send LEDs operating mode to microcontroller */ 5484 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 5485 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 5486 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 5487 5488 if (sc->mac_ver >= 0x5390) 5489 run_rt5390_rf_init(sc); 5490 else if (sc->mac_ver >= 0x3070) 5491 run_rt3070_rf_init(sc); 5492 5493 /* disable non-existing Rx chains */ 5494 run_bbp_read(sc, 3, &bbp3); 5495 bbp3 &= ~(1 << 3 | 1 << 4); 5496 if (sc->nrxchains == 2) 5497 bbp3 |= 1 << 3; 5498 else if (sc->nrxchains == 3) 5499 bbp3 |= 1 << 4; 5500 run_bbp_write(sc, 3, bbp3); 5501 5502 /* disable non-existing Tx chains */ 5503 run_bbp_read(sc, 1, &bbp1); 5504 if (sc->ntxchains == 1) 5505 bbp1 &= ~(1 << 3 | 1 << 4); 5506 run_bbp_write(sc, 1, bbp1); 5507 5508 if (sc->mac_ver >= 0x3070) 5509 run_rt3070_rf_setup(sc); 5510 5511 /* select default channel */ 5512 run_set_chan(sc, ic->ic_curchan); 5513 5514 /* setup initial protection mode */ 5515 run_updateprot_cb(ic); 5516 5517 /* turn radio LED on */ 5518 run_set_leds(sc, RT2860_LED_RADIO); 5519 5520 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 5521 ifp->if_drv_flags |= IFF_DRV_RUNNING; 5522 sc->cmdq_run = RUN_CMDQ_GO; 5523 5524 for (i = 0; i != RUN_N_XFER; i++) 5525 usbd_xfer_set_stall(sc->sc_xfer[i]); 5526 5527 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 5528 5529 if (run_txrx_enable(sc) != 0) 5530 goto fail; 5531 5532 return; 5533 5534fail: 5535 run_stop(sc); 5536} 5537 5538static void 5539run_init(void *arg) 5540{ 5541 struct run_softc *sc = arg; 5542 struct ifnet *ifp = sc->sc_ifp; 5543 struct ieee80211com *ic = ifp->if_l2com; 5544 5545 RUN_LOCK(sc); 5546 run_init_locked(sc); 5547 RUN_UNLOCK(sc); 5548 5549 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 5550 ieee80211_start_all(ic); 5551} 5552 5553static void 5554run_stop(void *arg) 5555{ 5556 struct run_softc *sc = (struct run_softc *)arg; 5557 struct ifnet *ifp = sc->sc_ifp; 5558 uint32_t tmp; 5559 int i; 5560 int ntries; 5561 5562 RUN_LOCK_ASSERT(sc, MA_OWNED); 5563 5564 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 5565 run_set_leds(sc, 0); /* turn all LEDs off */ 5566 5567 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 5568 5569 sc->ratectl_run = RUN_RATECTL_OFF; 5570 sc->cmdq_run = sc->cmdq_key_set; 5571 5572 RUN_UNLOCK(sc); 5573 5574 for(i = 0; i < RUN_N_XFER; i++) 5575 usbd_transfer_drain(sc->sc_xfer[i]); 5576 5577 RUN_LOCK(sc); 5578 5579 if (sc->rx_m != NULL) { 5580 m_free(sc->rx_m); 5581 sc->rx_m = NULL; 5582 } 5583 5584 /* Disable Tx/Rx DMA. */ 5585 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5586 return; 5587 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 5588 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5589 5590 for (ntries = 0; ntries < 100; ntries++) { 5591 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5592 return; 5593 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5594 break; 5595 run_delay(sc, 10); 5596 } 5597 if (ntries == 100) { 5598 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5599 return; 5600 } 5601 5602 /* disable Tx/Rx */ 5603 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 5604 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5605 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 5606 5607 /* wait for pending Tx to complete */ 5608 for (ntries = 0; ntries < 100; ntries++) { 5609 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 5610 DPRINTF("Cannot read Tx queue count\n"); 5611 break; 5612 } 5613 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 5614 DPRINTF("All Tx cleared\n"); 5615 break; 5616 } 5617 run_delay(sc, 10); 5618 } 5619 if (ntries >= 100) 5620 DPRINTF("There are still pending Tx\n"); 5621 run_delay(sc, 10); 5622 run_write(sc, RT2860_USB_DMA_CFG, 0); 5623 5624 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 5625 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5626 5627 for (i = 0; i != RUN_EP_QUEUES; i++) 5628 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 5629} 5630 5631static void 5632run_delay(struct run_softc *sc, u_int ms) 5633{ 5634 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 5635 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 5636} 5637 5638static device_method_t run_methods[] = { 5639 /* Device interface */ 5640 DEVMETHOD(device_probe, run_match), 5641 DEVMETHOD(device_attach, run_attach), 5642 DEVMETHOD(device_detach, run_detach), 5643 DEVMETHOD_END 5644}; 5645 5646static driver_t run_driver = { 5647 .name = "run", 5648 .methods = run_methods, 5649 .size = sizeof(struct run_softc) 5650}; 5651 5652static devclass_t run_devclass; 5653 5654DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, NULL); 5655MODULE_DEPEND(run, wlan, 1, 1, 1); 5656MODULE_DEPEND(run, usb, 1, 1, 1); 5657MODULE_DEPEND(run, firmware, 1, 1, 1); 5658MODULE_VERSION(run, 1); 5659