if_run.c revision 259545
157434Smarkm/*- 257434Smarkm * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3265420Simp * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4255460Sdes * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 557434Smarkm * Copyright (c) 2013 Kevin Lo 6197679Sdes * 7158519Sdes * Permission to use, copy, modify, and distribute this software for any 8291941Sbdrewery * purpose with or without fee is hereby granted, provided that the above 957434Smarkm * copyright notice and this permission notice appear in all copies. 10255460Sdes * 11255460Sdes * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12197679Sdes * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13255460Sdes * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14197679Sdes * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15275077Sbapt * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 1674818Sru * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17255460Sdes * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18255460Sdes */ 19255460Sdes 20255460Sdes#include <sys/cdefs.h> 21255460Sdes__FBSDID("$FreeBSD: head/sys/dev/usb/wlan/if_run.c 259545 2013-12-18 07:47:50Z kevlo $"); 22255460Sdes 2357434Smarkm/*- 2457434Smarkm * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 2574818Sru * http://www.ralinktech.com/ 26 */ 27 28#include <sys/param.h> 29#include <sys/sockio.h> 30#include <sys/sysctl.h> 31#include <sys/lock.h> 32#include <sys/mutex.h> 33#include <sys/mbuf.h> 34#include <sys/kernel.h> 35#include <sys/socket.h> 36#include <sys/systm.h> 37#include <sys/malloc.h> 38#include <sys/module.h> 39#include <sys/bus.h> 40#include <sys/endian.h> 41#include <sys/linker.h> 42#include <sys/firmware.h> 43#include <sys/kdb.h> 44 45#include <machine/bus.h> 46#include <machine/resource.h> 47#include <sys/rman.h> 48 49#include <net/bpf.h> 50#include <net/if.h> 51#include <net/if_var.h> 52#include <net/if_arp.h> 53#include <net/ethernet.h> 54#include <net/if_dl.h> 55#include <net/if_media.h> 56#include <net/if_types.h> 57 58#include <netinet/in.h> 59#include <netinet/in_systm.h> 60#include <netinet/in_var.h> 61#include <netinet/if_ether.h> 62#include <netinet/ip.h> 63 64#include <net80211/ieee80211_var.h> 65#include <net80211/ieee80211_regdomain.h> 66#include <net80211/ieee80211_radiotap.h> 67#include <net80211/ieee80211_ratectl.h> 68 69#include <dev/usb/usb.h> 70#include <dev/usb/usbdi.h> 71#include "usbdevs.h" 72 73#define USB_DEBUG_VAR run_debug 74#include <dev/usb/usb_debug.h> 75 76#include <dev/usb/wlan/if_runreg.h> 77#include <dev/usb/wlan/if_runvar.h> 78 79#ifdef USB_DEBUG 80#define RUN_DEBUG 81#endif 82 83#ifdef RUN_DEBUG 84int run_debug = 0; 85static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 87 "run debug level"); 88#endif 89 90#define IEEE80211_HAS_ADDR4(wh) \ 91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 92 93/* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99static const STRUCT_USB_HOST_ID run_devs[] = { 100#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS, USB_N53), 140 RUN_DEV(ASUS2, USBN11), 141 RUN_DEV(AZUREWAVE, RT2870_1), 142 RUN_DEV(AZUREWAVE, RT2870_2), 143 RUN_DEV(AZUREWAVE, RT3070_1), 144 RUN_DEV(AZUREWAVE, RT3070_2), 145 RUN_DEV(AZUREWAVE, RT3070_3), 146 RUN_DEV(BELKIN, F5D8053V3), 147 RUN_DEV(BELKIN, F5D8055), 148 RUN_DEV(BELKIN, F5D8055V2), 149 RUN_DEV(BELKIN, F6D4050V1), 150 RUN_DEV(BELKIN, F6D4050V2), 151 RUN_DEV(BELKIN, RT2870_1), 152 RUN_DEV(BELKIN, RT2870_2), 153 RUN_DEV(CISCOLINKSYS, AE1000), 154 RUN_DEV(CISCOLINKSYS2, RT3070), 155 RUN_DEV(CISCOLINKSYS3, RT3070), 156 RUN_DEV(CONCEPTRONIC2, RT2870_1), 157 RUN_DEV(CONCEPTRONIC2, RT2870_2), 158 RUN_DEV(CONCEPTRONIC2, RT2870_3), 159 RUN_DEV(CONCEPTRONIC2, RT2870_4), 160 RUN_DEV(CONCEPTRONIC2, RT2870_5), 161 RUN_DEV(CONCEPTRONIC2, RT2870_6), 162 RUN_DEV(CONCEPTRONIC2, RT2870_7), 163 RUN_DEV(CONCEPTRONIC2, RT2870_8), 164 RUN_DEV(CONCEPTRONIC2, RT3070_1), 165 RUN_DEV(CONCEPTRONIC2, RT3070_2), 166 RUN_DEV(CONCEPTRONIC2, VIGORN61), 167 RUN_DEV(COREGA, CGWLUSB300GNM), 168 RUN_DEV(COREGA, RT2870_1), 169 RUN_DEV(COREGA, RT2870_2), 170 RUN_DEV(COREGA, RT2870_3), 171 RUN_DEV(COREGA, RT3070), 172 RUN_DEV(CYBERTAN, RT2870), 173 RUN_DEV(DLINK, RT2870), 174 RUN_DEV(DLINK, RT3072), 175 RUN_DEV(DLINK, DWA127), 176 RUN_DEV(DLINK, DWA140B3), 177 RUN_DEV(DLINK, DWA160B2), 178 RUN_DEV(DLINK2, DWA130), 179 RUN_DEV(DLINK2, RT2870_1), 180 RUN_DEV(DLINK2, RT2870_2), 181 RUN_DEV(DLINK2, RT3070_1), 182 RUN_DEV(DLINK2, RT3070_2), 183 RUN_DEV(DLINK2, RT3070_3), 184 RUN_DEV(DLINK2, RT3070_4), 185 RUN_DEV(DLINK2, RT3070_5), 186 RUN_DEV(DLINK2, RT3072), 187 RUN_DEV(DLINK2, RT3072_1), 188 RUN_DEV(EDIMAX, EW7717), 189 RUN_DEV(EDIMAX, EW7718), 190 RUN_DEV(EDIMAX, RT2870_1), 191 RUN_DEV(ENCORE, RT3070_1), 192 RUN_DEV(ENCORE, RT3070_2), 193 RUN_DEV(ENCORE, RT3070_3), 194 RUN_DEV(GIGABYTE, GNWB31N), 195 RUN_DEV(GIGABYTE, GNWB32L), 196 RUN_DEV(GIGABYTE, RT2870_1), 197 RUN_DEV(GIGASET, RT3070_1), 198 RUN_DEV(GIGASET, RT3070_2), 199 RUN_DEV(GUILLEMOT, HWNU300), 200 RUN_DEV(HAWKING, HWUN2), 201 RUN_DEV(HAWKING, RT2870_1), 202 RUN_DEV(HAWKING, RT2870_2), 203 RUN_DEV(HAWKING, RT3070), 204 RUN_DEV(IODATA, RT3072_1), 205 RUN_DEV(IODATA, RT3072_2), 206 RUN_DEV(IODATA, RT3072_3), 207 RUN_DEV(IODATA, RT3072_4), 208 RUN_DEV(LINKSYS4, RT3070), 209 RUN_DEV(LINKSYS4, WUSB100), 210 RUN_DEV(LINKSYS4, WUSB54GCV3), 211 RUN_DEV(LINKSYS4, WUSB600N), 212 RUN_DEV(LINKSYS4, WUSB600NV2), 213 RUN_DEV(LOGITEC, RT2870_1), 214 RUN_DEV(LOGITEC, RT2870_2), 215 RUN_DEV(LOGITEC, RT2870_3), 216 RUN_DEV(LOGITEC, LANW300NU2), 217 RUN_DEV(LOGITEC, LANW150NU2), 218 RUN_DEV(LOGITEC, LANW300NU2S), 219 RUN_DEV(MELCO, RT2870_1), 220 RUN_DEV(MELCO, RT2870_2), 221 RUN_DEV(MELCO, WLIUCAG300N), 222 RUN_DEV(MELCO, WLIUCG300N), 223 RUN_DEV(MELCO, WLIUCG301N), 224 RUN_DEV(MELCO, WLIUCGN), 225 RUN_DEV(MELCO, WLIUCGNM), 226 RUN_DEV(MELCO, WLIUCGNM2), 227 RUN_DEV(MOTOROLA4, RT2770), 228 RUN_DEV(MOTOROLA4, RT3070), 229 RUN_DEV(MSI, RT3070_1), 230 RUN_DEV(MSI, RT3070_2), 231 RUN_DEV(MSI, RT3070_3), 232 RUN_DEV(MSI, RT3070_4), 233 RUN_DEV(MSI, RT3070_5), 234 RUN_DEV(MSI, RT3070_6), 235 RUN_DEV(MSI, RT3070_7), 236 RUN_DEV(MSI, RT3070_8), 237 RUN_DEV(MSI, RT3070_9), 238 RUN_DEV(MSI, RT3070_10), 239 RUN_DEV(MSI, RT3070_11), 240 RUN_DEV(OVISLINK, RT3072), 241 RUN_DEV(PARA, RT3070), 242 RUN_DEV(PEGATRON, RT2870), 243 RUN_DEV(PEGATRON, RT3070), 244 RUN_DEV(PEGATRON, RT3070_2), 245 RUN_DEV(PEGATRON, RT3070_3), 246 RUN_DEV(PHILIPS, RT2870), 247 RUN_DEV(PLANEX2, GWUS300MINIS), 248 RUN_DEV(PLANEX2, GWUSMICRON), 249 RUN_DEV(PLANEX2, RT2870), 250 RUN_DEV(PLANEX2, RT3070), 251 RUN_DEV(QCOM, RT2870), 252 RUN_DEV(QUANTA, RT3070), 253 RUN_DEV(RALINK, RT2070), 254 RUN_DEV(RALINK, RT2770), 255 RUN_DEV(RALINK, RT2870), 256 RUN_DEV(RALINK, RT3070), 257 RUN_DEV(RALINK, RT3071), 258 RUN_DEV(RALINK, RT3072), 259 RUN_DEV(RALINK, RT3370), 260 RUN_DEV(RALINK, RT3572), 261 RUN_DEV(RALINK, RT5370), 262 RUN_DEV(RALINK, RT5572), 263 RUN_DEV(RALINK, RT8070), 264 RUN_DEV(SAMSUNG, WIS09ABGN), 265 RUN_DEV(SAMSUNG2, RT2870_1), 266 RUN_DEV(SENAO, RT2870_1), 267 RUN_DEV(SENAO, RT2870_2), 268 RUN_DEV(SENAO, RT2870_3), 269 RUN_DEV(SENAO, RT2870_4), 270 RUN_DEV(SENAO, RT3070), 271 RUN_DEV(SENAO, RT3071), 272 RUN_DEV(SENAO, RT3072_1), 273 RUN_DEV(SENAO, RT3072_2), 274 RUN_DEV(SENAO, RT3072_3), 275 RUN_DEV(SENAO, RT3072_4), 276 RUN_DEV(SENAO, RT3072_5), 277 RUN_DEV(SITECOMEU, RT2770), 278 RUN_DEV(SITECOMEU, RT2870_1), 279 RUN_DEV(SITECOMEU, RT2870_2), 280 RUN_DEV(SITECOMEU, RT2870_3), 281 RUN_DEV(SITECOMEU, RT2870_4), 282 RUN_DEV(SITECOMEU, RT3070), 283 RUN_DEV(SITECOMEU, RT3070_2), 284 RUN_DEV(SITECOMEU, RT3070_3), 285 RUN_DEV(SITECOMEU, RT3070_4), 286 RUN_DEV(SITECOMEU, RT3071), 287 RUN_DEV(SITECOMEU, RT3072_1), 288 RUN_DEV(SITECOMEU, RT3072_2), 289 RUN_DEV(SITECOMEU, RT3072_3), 290 RUN_DEV(SITECOMEU, RT3072_4), 291 RUN_DEV(SITECOMEU, RT3072_5), 292 RUN_DEV(SITECOMEU, RT3072_6), 293 RUN_DEV(SITECOMEU, WL608), 294 RUN_DEV(SPARKLAN, RT2870_1), 295 RUN_DEV(SPARKLAN, RT3070), 296 RUN_DEV(SWEEX2, LW153), 297 RUN_DEV(SWEEX2, LW303), 298 RUN_DEV(SWEEX2, LW313), 299 RUN_DEV(TOSHIBA, RT3070), 300 RUN_DEV(UMEDIA, RT2870_1), 301 RUN_DEV(ZCOM, RT2870_1), 302 RUN_DEV(ZCOM, RT2870_2), 303 RUN_DEV(ZINWELL, RT2870_1), 304 RUN_DEV(ZINWELL, RT2870_2), 305 RUN_DEV(ZINWELL, RT3070), 306 RUN_DEV(ZINWELL, RT3072_1), 307 RUN_DEV(ZINWELL, RT3072_2), 308 RUN_DEV(ZYXEL, RT2870_1), 309 RUN_DEV(ZYXEL, RT2870_2), 310#undef RUN_DEV 311}; 312 313static device_probe_t run_match; 314static device_attach_t run_attach; 315static device_detach_t run_detach; 316 317static usb_callback_t run_bulk_rx_callback; 318static usb_callback_t run_bulk_tx_callback0; 319static usb_callback_t run_bulk_tx_callback1; 320static usb_callback_t run_bulk_tx_callback2; 321static usb_callback_t run_bulk_tx_callback3; 322static usb_callback_t run_bulk_tx_callback4; 323static usb_callback_t run_bulk_tx_callback5; 324 325static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 326 usb_error_t error, u_int index); 327static struct ieee80211vap *run_vap_create(struct ieee80211com *, 328 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 329 const uint8_t [IEEE80211_ADDR_LEN], 330 const uint8_t [IEEE80211_ADDR_LEN]); 331static void run_vap_delete(struct ieee80211vap *); 332static void run_cmdq_cb(void *, int); 333static void run_setup_tx_list(struct run_softc *, 334 struct run_endpoint_queue *); 335static void run_unsetup_tx_list(struct run_softc *, 336 struct run_endpoint_queue *); 337static int run_load_microcode(struct run_softc *); 338static int run_reset(struct run_softc *); 339static usb_error_t run_do_request(struct run_softc *, 340 struct usb_device_request *, void *); 341static int run_read(struct run_softc *, uint16_t, uint32_t *); 342static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 343static int run_write_2(struct run_softc *, uint16_t, uint16_t); 344static int run_write(struct run_softc *, uint16_t, uint32_t); 345static int run_write_region_1(struct run_softc *, uint16_t, 346 const uint8_t *, int); 347static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 348static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 349static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 350static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 351static int run_rt2870_rf_write(struct run_softc *, uint32_t); 352static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 353static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 354static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 355static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 356static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 357static const char *run_get_rf(uint16_t); 358static int run_read_eeprom(struct run_softc *); 359static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 360 const uint8_t mac[IEEE80211_ADDR_LEN]); 361static int run_media_change(struct ifnet *); 362static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 363static int run_wme_update(struct ieee80211com *); 364static void run_wme_update_cb(void *); 365static void run_key_update_begin(struct ieee80211vap *); 366static void run_key_update_end(struct ieee80211vap *); 367static void run_key_set_cb(void *); 368static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 369 const uint8_t mac[IEEE80211_ADDR_LEN]); 370static void run_key_delete_cb(void *); 371static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 372static void run_ratectl_to(void *); 373static void run_ratectl_cb(void *, int); 374static void run_drain_fifo(void *); 375static void run_iter_func(void *, struct ieee80211_node *); 376static void run_newassoc_cb(void *); 377static void run_newassoc(struct ieee80211_node *, int); 378static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 379static void run_tx_free(struct run_endpoint_queue *pq, 380 struct run_tx_data *, int); 381static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 382static int run_tx(struct run_softc *, struct mbuf *, 383 struct ieee80211_node *); 384static int run_tx_mgt(struct run_softc *, struct mbuf *, 385 struct ieee80211_node *); 386static int run_sendprot(struct run_softc *, const struct mbuf *, 387 struct ieee80211_node *, int, int); 388static int run_tx_param(struct run_softc *, struct mbuf *, 389 struct ieee80211_node *, 390 const struct ieee80211_bpf_params *); 391static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 392 const struct ieee80211_bpf_params *); 393static void run_start(struct ifnet *); 394static int run_ioctl(struct ifnet *, u_long, caddr_t); 395static void run_iq_calib(struct run_softc *, u_int); 396static void run_set_agc(struct run_softc *, uint8_t); 397static void run_select_chan_group(struct run_softc *, int); 398static void run_set_rx_antenna(struct run_softc *, int); 399static void run_rt2870_set_chan(struct run_softc *, u_int); 400static void run_rt3070_set_chan(struct run_softc *, u_int); 401static void run_rt3572_set_chan(struct run_softc *, u_int); 402static void run_rt5390_set_chan(struct run_softc *, u_int); 403static void run_rt5592_set_chan(struct run_softc *, u_int); 404static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 405static void run_set_channel(struct ieee80211com *); 406static void run_scan_start(struct ieee80211com *); 407static void run_scan_end(struct ieee80211com *); 408static void run_update_beacon(struct ieee80211vap *, int); 409static void run_update_beacon_cb(void *); 410static void run_updateprot(struct ieee80211com *); 411static void run_updateprot_cb(void *); 412static void run_usb_timeout_cb(void *); 413static void run_reset_livelock(struct run_softc *); 414static void run_enable_tsf_sync(struct run_softc *); 415static void run_enable_mrr(struct run_softc *); 416static void run_set_txpreamble(struct run_softc *); 417static void run_set_basicrates(struct run_softc *); 418static void run_set_leds(struct run_softc *, uint16_t); 419static void run_set_bssid(struct run_softc *, const uint8_t *); 420static void run_set_macaddr(struct run_softc *, const uint8_t *); 421static void run_updateslot(struct ifnet *); 422static void run_updateslot_cb(void *); 423static void run_update_mcast(struct ifnet *); 424static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 425static void run_update_promisc_locked(struct ifnet *); 426static void run_update_promisc(struct ifnet *); 427static void run_rt5390_bbp_init(struct run_softc *); 428static int run_bbp_init(struct run_softc *); 429static int run_rt3070_rf_init(struct run_softc *); 430static void run_rt5390_rf_init(struct run_softc *); 431static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 432 uint8_t *); 433static void run_rt3070_rf_setup(struct run_softc *); 434static int run_txrx_enable(struct run_softc *); 435static void run_adjust_freq_offset(struct run_softc *); 436static void run_init(void *); 437static void run_init_locked(struct run_softc *); 438static void run_stop(void *); 439static void run_delay(struct run_softc *, u_int); 440 441static const struct rt2860_rate { 442 uint8_t rate; 443 uint8_t mcs; 444 enum ieee80211_phytype phy; 445 uint8_t ctl_ridx; 446 uint16_t sp_ack_dur; 447 uint16_t lp_ack_dur; 448} rt2860_rates[] = { 449 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 450 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 451 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 452 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 453 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 454 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 455 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 456 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 457 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 458 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 459 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 460 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 461}; 462 463static const struct { 464 uint16_t reg; 465 uint32_t val; 466} rt2870_def_mac[] = { 467 RT2870_DEF_MAC 468}; 469 470static const struct { 471 uint8_t reg; 472 uint8_t val; 473} rt2860_def_bbp[] = { 474 RT2860_DEF_BBP 475},rt5390_def_bbp[] = { 476 RT5390_DEF_BBP 477},rt5592_def_bbp[] = { 478 RT5592_DEF_BBP 479}; 480 481/* 482 * Default values for BBP register R196 for RT5592. 483 */ 484static const uint8_t rt5592_bbp_r196[] = { 485 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 486 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 487 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 488 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 489 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 490 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 491 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 492 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 493 0x2e, 0x36, 0x30, 0x6e 494}; 495 496static const struct rfprog { 497 uint8_t chan; 498 uint32_t r1, r2, r3, r4; 499} rt2860_rf2850[] = { 500 RT2860_RF2850 501}; 502 503struct { 504 uint8_t n, r, k; 505} rt3070_freqs[] = { 506 RT3070_RF3052 507}; 508 509static const struct rt5592_freqs { 510 uint16_t n; 511 uint8_t k, m, r; 512} rt5592_freqs_20mhz[] = { 513 RT5592_RF5592_20MHZ 514},rt5592_freqs_40mhz[] = { 515 RT5592_RF5592_40MHZ 516}; 517 518static const struct { 519 uint8_t reg; 520 uint8_t val; 521} rt3070_def_rf[] = { 522 RT3070_DEF_RF 523},rt3572_def_rf[] = { 524 RT3572_DEF_RF 525},rt5390_def_rf[] = { 526 RT5390_DEF_RF 527},rt5392_def_rf[] = { 528 RT5392_DEF_RF 529},rt5592_def_rf[] = { 530 RT5592_DEF_RF 531},rt5592_2ghz_def_rf[] = { 532 RT5592_2GHZ_DEF_RF 533},rt5592_5ghz_def_rf[] = { 534 RT5592_5GHZ_DEF_RF 535}; 536 537static const struct { 538 u_int firstchan; 539 u_int lastchan; 540 uint8_t reg; 541 uint8_t val; 542} rt5592_chan_5ghz[] = { 543 RT5592_CHAN_5GHZ 544}; 545 546static const struct usb_config run_config[RUN_N_XFER] = { 547 [RUN_BULK_TX_BE] = { 548 .type = UE_BULK, 549 .endpoint = UE_ADDR_ANY, 550 .ep_index = 0, 551 .direction = UE_DIR_OUT, 552 .bufsize = RUN_MAX_TXSZ, 553 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 554 .callback = run_bulk_tx_callback0, 555 .timeout = 5000, /* ms */ 556 }, 557 [RUN_BULK_TX_BK] = { 558 .type = UE_BULK, 559 .endpoint = UE_ADDR_ANY, 560 .direction = UE_DIR_OUT, 561 .ep_index = 1, 562 .bufsize = RUN_MAX_TXSZ, 563 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 564 .callback = run_bulk_tx_callback1, 565 .timeout = 5000, /* ms */ 566 }, 567 [RUN_BULK_TX_VI] = { 568 .type = UE_BULK, 569 .endpoint = UE_ADDR_ANY, 570 .direction = UE_DIR_OUT, 571 .ep_index = 2, 572 .bufsize = RUN_MAX_TXSZ, 573 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 574 .callback = run_bulk_tx_callback2, 575 .timeout = 5000, /* ms */ 576 }, 577 [RUN_BULK_TX_VO] = { 578 .type = UE_BULK, 579 .endpoint = UE_ADDR_ANY, 580 .direction = UE_DIR_OUT, 581 .ep_index = 3, 582 .bufsize = RUN_MAX_TXSZ, 583 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 584 .callback = run_bulk_tx_callback3, 585 .timeout = 5000, /* ms */ 586 }, 587 [RUN_BULK_TX_HCCA] = { 588 .type = UE_BULK, 589 .endpoint = UE_ADDR_ANY, 590 .direction = UE_DIR_OUT, 591 .ep_index = 4, 592 .bufsize = RUN_MAX_TXSZ, 593 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 594 .callback = run_bulk_tx_callback4, 595 .timeout = 5000, /* ms */ 596 }, 597 [RUN_BULK_TX_PRIO] = { 598 .type = UE_BULK, 599 .endpoint = UE_ADDR_ANY, 600 .direction = UE_DIR_OUT, 601 .ep_index = 5, 602 .bufsize = RUN_MAX_TXSZ, 603 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 604 .callback = run_bulk_tx_callback5, 605 .timeout = 5000, /* ms */ 606 }, 607 [RUN_BULK_RX] = { 608 .type = UE_BULK, 609 .endpoint = UE_ADDR_ANY, 610 .direction = UE_DIR_IN, 611 .bufsize = RUN_MAX_RXSZ, 612 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 613 .callback = run_bulk_rx_callback, 614 } 615}; 616 617static int 618run_match(device_t self) 619{ 620 struct usb_attach_arg *uaa = device_get_ivars(self); 621 622 if (uaa->usb_mode != USB_MODE_HOST) 623 return (ENXIO); 624 if (uaa->info.bConfigIndex != 0) 625 return (ENXIO); 626 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 627 return (ENXIO); 628 629 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 630} 631 632static int 633run_attach(device_t self) 634{ 635 struct run_softc *sc = device_get_softc(self); 636 struct usb_attach_arg *uaa = device_get_ivars(self); 637 struct ieee80211com *ic; 638 struct ifnet *ifp; 639 uint32_t ver; 640 int ntries, error; 641 uint8_t iface_index, bands; 642 643 device_set_usb_desc(self); 644 sc->sc_udev = uaa->device; 645 sc->sc_dev = self; 646 647 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 648 MTX_NETWORK_LOCK, MTX_DEF); 649 650 iface_index = RT2860_IFACE_INDEX; 651 652 error = usbd_transfer_setup(uaa->device, &iface_index, 653 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 654 if (error) { 655 device_printf(self, "could not allocate USB transfers, " 656 "err=%s\n", usbd_errstr(error)); 657 goto detach; 658 } 659 660 RUN_LOCK(sc); 661 662 /* wait for the chip to settle */ 663 for (ntries = 0; ntries < 100; ntries++) { 664 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 665 RUN_UNLOCK(sc); 666 goto detach; 667 } 668 if (ver != 0 && ver != 0xffffffff) 669 break; 670 run_delay(sc, 10); 671 } 672 if (ntries == 100) { 673 device_printf(sc->sc_dev, 674 "timeout waiting for NIC to initialize\n"); 675 RUN_UNLOCK(sc); 676 goto detach; 677 } 678 sc->mac_ver = ver >> 16; 679 sc->mac_rev = ver & 0xffff; 680 681 /* retrieve RF rev. no and various other things from EEPROM */ 682 run_read_eeprom(sc); 683 684 device_printf(sc->sc_dev, 685 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 686 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 687 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 688 689 RUN_UNLOCK(sc); 690 691 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 692 if (ifp == NULL) { 693 device_printf(sc->sc_dev, "can not if_alloc()\n"); 694 goto detach; 695 } 696 ic = ifp->if_l2com; 697 698 ifp->if_softc = sc; 699 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 700 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 701 ifp->if_init = run_init; 702 ifp->if_ioctl = run_ioctl; 703 ifp->if_start = run_start; 704 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 705 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 706 IFQ_SET_READY(&ifp->if_snd); 707 708 ic->ic_ifp = ifp; 709 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 710 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 711 712 /* set device capabilities */ 713 ic->ic_caps = 714 IEEE80211_C_STA | /* station mode supported */ 715 IEEE80211_C_MONITOR | /* monitor mode supported */ 716 IEEE80211_C_IBSS | 717 IEEE80211_C_HOSTAP | 718 IEEE80211_C_WDS | /* 4-address traffic works */ 719 IEEE80211_C_MBSS | 720 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 721 IEEE80211_C_SHSLOT | /* short slot time supported */ 722 IEEE80211_C_WME | /* WME */ 723 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 724 725 ic->ic_cryptocaps = 726 IEEE80211_CRYPTO_WEP | 727 IEEE80211_CRYPTO_AES_CCM | 728 IEEE80211_CRYPTO_TKIPMIC | 729 IEEE80211_CRYPTO_TKIP; 730 731 ic->ic_flags |= IEEE80211_F_DATAPAD; 732 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 733 734 bands = 0; 735 setbit(&bands, IEEE80211_MODE_11B); 736 setbit(&bands, IEEE80211_MODE_11G); 737 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 738 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT5592_RF_5592) 739 setbit(&bands, IEEE80211_MODE_11A); 740 ieee80211_init_channels(ic, NULL, &bands); 741 742 ieee80211_ifattach(ic, sc->sc_bssid); 743 744 ic->ic_scan_start = run_scan_start; 745 ic->ic_scan_end = run_scan_end; 746 ic->ic_set_channel = run_set_channel; 747 ic->ic_node_alloc = run_node_alloc; 748 ic->ic_newassoc = run_newassoc; 749 ic->ic_updateslot = run_updateslot; 750 ic->ic_update_mcast = run_update_mcast; 751 ic->ic_wme.wme_update = run_wme_update; 752 ic->ic_raw_xmit = run_raw_xmit; 753 ic->ic_update_promisc = run_update_promisc; 754 755 ic->ic_vap_create = run_vap_create; 756 ic->ic_vap_delete = run_vap_delete; 757 758 ieee80211_radiotap_attach(ic, 759 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 760 RUN_TX_RADIOTAP_PRESENT, 761 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 762 RUN_RX_RADIOTAP_PRESENT); 763 764 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 765 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 766 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 767 768 if (bootverbose) 769 ieee80211_announce(ic); 770 771 return (0); 772 773detach: 774 run_detach(self); 775 return (ENXIO); 776} 777 778static int 779run_detach(device_t self) 780{ 781 struct run_softc *sc = device_get_softc(self); 782 struct ifnet *ifp = sc->sc_ifp; 783 struct ieee80211com *ic; 784 int i; 785 786 RUN_LOCK(sc); 787 sc->sc_detached = 1; 788 RUN_UNLOCK(sc); 789 790 /* stop all USB transfers */ 791 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 792 793 RUN_LOCK(sc); 794 sc->ratectl_run = RUN_RATECTL_OFF; 795 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 796 797 /* free TX list, if any */ 798 for (i = 0; i != RUN_EP_QUEUES; i++) 799 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 800 RUN_UNLOCK(sc); 801 802 if (ifp) { 803 ic = ifp->if_l2com; 804 /* drain tasks */ 805 usb_callout_drain(&sc->ratectl_ch); 806 ieee80211_draintask(ic, &sc->cmdq_task); 807 ieee80211_draintask(ic, &sc->ratectl_task); 808 ieee80211_ifdetach(ic); 809 if_free(ifp); 810 } 811 812 mtx_destroy(&sc->sc_mtx); 813 814 return (0); 815} 816 817static struct ieee80211vap * 818run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 819 enum ieee80211_opmode opmode, int flags, 820 const uint8_t bssid[IEEE80211_ADDR_LEN], 821 const uint8_t mac[IEEE80211_ADDR_LEN]) 822{ 823 struct ifnet *ifp = ic->ic_ifp; 824 struct run_softc *sc = ifp->if_softc; 825 struct run_vap *rvp; 826 struct ieee80211vap *vap; 827 int i; 828 829 if (sc->rvp_cnt >= RUN_VAP_MAX) { 830 if_printf(ifp, "number of VAPs maxed out\n"); 831 return (NULL); 832 } 833 834 switch (opmode) { 835 case IEEE80211_M_STA: 836 /* enable s/w bmiss handling for sta mode */ 837 flags |= IEEE80211_CLONE_NOBEACONS; 838 /* fall though */ 839 case IEEE80211_M_IBSS: 840 case IEEE80211_M_MONITOR: 841 case IEEE80211_M_HOSTAP: 842 case IEEE80211_M_MBSS: 843 /* other than WDS vaps, only one at a time */ 844 if (!TAILQ_EMPTY(&ic->ic_vaps)) 845 return (NULL); 846 break; 847 case IEEE80211_M_WDS: 848 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 849 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 850 continue; 851 /* WDS vap's always share the local mac address. */ 852 flags &= ~IEEE80211_CLONE_BSSID; 853 break; 854 } 855 if (vap == NULL) { 856 if_printf(ifp, "wds only supported in ap mode\n"); 857 return (NULL); 858 } 859 break; 860 default: 861 if_printf(ifp, "unknown opmode %d\n", opmode); 862 return (NULL); 863 } 864 865 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 866 M_80211_VAP, M_NOWAIT | M_ZERO); 867 if (rvp == NULL) 868 return (NULL); 869 vap = &rvp->vap; 870 871 if (ieee80211_vap_setup(ic, vap, name, unit, 872 opmode, flags, bssid, mac) != 0) { 873 /* out of memory */ 874 free(rvp, M_80211_VAP); 875 return (NULL); 876 } 877 878 vap->iv_key_update_begin = run_key_update_begin; 879 vap->iv_key_update_end = run_key_update_end; 880 vap->iv_update_beacon = run_update_beacon; 881 vap->iv_max_aid = RT2870_WCID_MAX; 882 /* 883 * To delete the right key from h/w, we need wcid. 884 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 885 * and matching wcid will be written into there. So, cast 886 * some spells to remove 'const' from ieee80211_key{} 887 */ 888 vap->iv_key_delete = (void *)run_key_delete; 889 vap->iv_key_set = (void *)run_key_set; 890 891 /* override state transition machine */ 892 rvp->newstate = vap->iv_newstate; 893 vap->iv_newstate = run_newstate; 894 895 ieee80211_ratectl_init(vap); 896 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 897 898 /* complete setup */ 899 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 900 901 /* make sure id is always unique */ 902 for (i = 0; i < RUN_VAP_MAX; i++) { 903 if((sc->rvp_bmap & 1 << i) == 0){ 904 sc->rvp_bmap |= 1 << i; 905 rvp->rvp_id = i; 906 break; 907 } 908 } 909 if (sc->rvp_cnt++ == 0) 910 ic->ic_opmode = opmode; 911 912 if (opmode == IEEE80211_M_HOSTAP) 913 sc->cmdq_run = RUN_CMDQ_GO; 914 915 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 916 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 917 918 return (vap); 919} 920 921static void 922run_vap_delete(struct ieee80211vap *vap) 923{ 924 struct run_vap *rvp = RUN_VAP(vap); 925 struct ifnet *ifp; 926 struct ieee80211com *ic; 927 struct run_softc *sc; 928 uint8_t rvp_id; 929 930 if (vap == NULL) 931 return; 932 933 ic = vap->iv_ic; 934 ifp = ic->ic_ifp; 935 936 sc = ifp->if_softc; 937 938 RUN_LOCK(sc); 939 940 m_freem(rvp->beacon_mbuf); 941 rvp->beacon_mbuf = NULL; 942 943 rvp_id = rvp->rvp_id; 944 sc->ratectl_run &= ~(1 << rvp_id); 945 sc->rvp_bmap &= ~(1 << rvp_id); 946 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 947 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 948 --sc->rvp_cnt; 949 950 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 951 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 952 953 RUN_UNLOCK(sc); 954 955 ieee80211_ratectl_deinit(vap); 956 ieee80211_vap_detach(vap); 957 free(rvp, M_80211_VAP); 958} 959 960/* 961 * There are numbers of functions need to be called in context thread. 962 * Rather than creating taskqueue event for each of those functions, 963 * here is all-for-one taskqueue callback function. This function 964 * gurantees deferred functions are executed in the same order they 965 * were enqueued. 966 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 967 */ 968static void 969run_cmdq_cb(void *arg, int pending) 970{ 971 struct run_softc *sc = arg; 972 uint8_t i; 973 974 /* call cmdq[].func locked */ 975 RUN_LOCK(sc); 976 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 977 i = sc->cmdq_exec, pending--) { 978 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 979 if (sc->cmdq_run == RUN_CMDQ_GO) { 980 /* 981 * If arg0 is NULL, callback func needs more 982 * than one arg. So, pass ptr to cmdq struct. 983 */ 984 if (sc->cmdq[i].arg0) 985 sc->cmdq[i].func(sc->cmdq[i].arg0); 986 else 987 sc->cmdq[i].func(&sc->cmdq[i]); 988 } 989 sc->cmdq[i].arg0 = NULL; 990 sc->cmdq[i].func = NULL; 991 sc->cmdq_exec++; 992 sc->cmdq_exec &= RUN_CMDQ_MASQ; 993 } 994 RUN_UNLOCK(sc); 995} 996 997static void 998run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 999{ 1000 struct run_tx_data *data; 1001 1002 memset(pq, 0, sizeof(*pq)); 1003 1004 STAILQ_INIT(&pq->tx_qh); 1005 STAILQ_INIT(&pq->tx_fh); 1006 1007 for (data = &pq->tx_data[0]; 1008 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1009 data->sc = sc; 1010 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1011 } 1012 pq->tx_nfree = RUN_TX_RING_COUNT; 1013} 1014 1015static void 1016run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1017{ 1018 struct run_tx_data *data; 1019 1020 /* make sure any subsequent use of the queues will fail */ 1021 pq->tx_nfree = 0; 1022 STAILQ_INIT(&pq->tx_fh); 1023 STAILQ_INIT(&pq->tx_qh); 1024 1025 /* free up all node references and mbufs */ 1026 for (data = &pq->tx_data[0]; 1027 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1028 if (data->m != NULL) { 1029 m_freem(data->m); 1030 data->m = NULL; 1031 } 1032 if (data->ni != NULL) { 1033 ieee80211_free_node(data->ni); 1034 data->ni = NULL; 1035 } 1036 } 1037} 1038 1039static int 1040run_load_microcode(struct run_softc *sc) 1041{ 1042 usb_device_request_t req; 1043 const struct firmware *fw; 1044 const u_char *base; 1045 uint32_t tmp; 1046 int ntries, error; 1047 const uint64_t *temp; 1048 uint64_t bytes; 1049 1050 RUN_UNLOCK(sc); 1051 fw = firmware_get("runfw"); 1052 RUN_LOCK(sc); 1053 if (fw == NULL) { 1054 device_printf(sc->sc_dev, 1055 "failed loadfirmware of file %s\n", "runfw"); 1056 return ENOENT; 1057 } 1058 1059 if (fw->datasize != 8192) { 1060 device_printf(sc->sc_dev, 1061 "invalid firmware size (should be 8KB)\n"); 1062 error = EINVAL; 1063 goto fail; 1064 } 1065 1066 /* 1067 * RT3071/RT3072 use a different firmware 1068 * run-rt2870 (8KB) contains both, 1069 * first half (4KB) is for rt2870, 1070 * last half is for rt3071. 1071 */ 1072 base = fw->data; 1073 if ((sc->mac_ver) != 0x2860 && 1074 (sc->mac_ver) != 0x2872 && 1075 (sc->mac_ver) != 0x3070) { 1076 base += 4096; 1077 } 1078 1079 /* cheap sanity check */ 1080 temp = fw->data; 1081 bytes = *temp; 1082 if (bytes != be64toh(0xffffff0210280210ULL)) { 1083 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1084 error = EINVAL; 1085 goto fail; 1086 } 1087 1088 /* write microcode image */ 1089 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1090 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1091 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1092 1093 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1094 req.bRequest = RT2870_RESET; 1095 USETW(req.wValue, 8); 1096 USETW(req.wIndex, 0); 1097 USETW(req.wLength, 0); 1098 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1099 != 0) { 1100 device_printf(sc->sc_dev, "firmware reset failed\n"); 1101 goto fail; 1102 } 1103 1104 run_delay(sc, 10); 1105 1106 run_write(sc, RT2860_H2M_MAILBOX, 0); 1107 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1108 goto fail; 1109 1110 /* wait until microcontroller is ready */ 1111 for (ntries = 0; ntries < 1000; ntries++) { 1112 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1113 goto fail; 1114 } 1115 if (tmp & RT2860_MCU_READY) 1116 break; 1117 run_delay(sc, 10); 1118 } 1119 if (ntries == 1000) { 1120 device_printf(sc->sc_dev, 1121 "timeout waiting for MCU to initialize\n"); 1122 error = ETIMEDOUT; 1123 goto fail; 1124 } 1125 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1126 (base == fw->data) ? "RT2870" : "RT3071", 1127 *(base + 4092), *(base + 4093)); 1128 1129fail: 1130 firmware_put(fw, FIRMWARE_UNLOAD); 1131 return (error); 1132} 1133 1134static int 1135run_reset(struct run_softc *sc) 1136{ 1137 usb_device_request_t req; 1138 1139 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1140 req.bRequest = RT2870_RESET; 1141 USETW(req.wValue, 1); 1142 USETW(req.wIndex, 0); 1143 USETW(req.wLength, 0); 1144 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1145} 1146 1147static usb_error_t 1148run_do_request(struct run_softc *sc, 1149 struct usb_device_request *req, void *data) 1150{ 1151 usb_error_t err; 1152 int ntries = 10; 1153 1154 RUN_LOCK_ASSERT(sc, MA_OWNED); 1155 1156 while (ntries--) { 1157 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1158 req, data, 0, NULL, 250 /* ms */); 1159 if (err == 0) 1160 break; 1161 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1162 usbd_errstr(err)); 1163 run_delay(sc, 10); 1164 } 1165 return (err); 1166} 1167 1168static int 1169run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1170{ 1171 uint32_t tmp; 1172 int error; 1173 1174 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1175 if (error == 0) 1176 *val = le32toh(tmp); 1177 else 1178 *val = 0xffffffff; 1179 return (error); 1180} 1181 1182static int 1183run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1184{ 1185 usb_device_request_t req; 1186 1187 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1188 req.bRequest = RT2870_READ_REGION_1; 1189 USETW(req.wValue, 0); 1190 USETW(req.wIndex, reg); 1191 USETW(req.wLength, len); 1192 1193 return (run_do_request(sc, &req, buf)); 1194} 1195 1196static int 1197run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1198{ 1199 usb_device_request_t req; 1200 1201 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1202 req.bRequest = RT2870_WRITE_2; 1203 USETW(req.wValue, val); 1204 USETW(req.wIndex, reg); 1205 USETW(req.wLength, 0); 1206 1207 return (run_do_request(sc, &req, NULL)); 1208} 1209 1210static int 1211run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1212{ 1213 int error; 1214 1215 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1216 error = run_write_2(sc, reg + 2, val >> 16); 1217 return (error); 1218} 1219 1220static int 1221run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1222 int len) 1223{ 1224#if 1 1225 int i, error = 0; 1226 /* 1227 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1228 * We thus issue multiple WRITE_2 commands instead. 1229 */ 1230 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1231 for (i = 0; i < len && error == 0; i += 2) 1232 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1233 return (error); 1234#else 1235 usb_device_request_t req; 1236 int error = 0; 1237 1238 /* 1239 * NOTE: It appears the WRITE_REGION_1 command cannot be 1240 * passed a huge amount of data, which will crash the 1241 * firmware. Limit amount of data passed to 64-bytes at a 1242 * time. 1243 */ 1244 while (len > 0) { 1245 int delta = 64; 1246 if (delta > len) 1247 delta = len; 1248 1249 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1250 req.bRequest = RT2870_WRITE_REGION_1; 1251 USETW(req.wValue, 0); 1252 USETW(req.wIndex, reg); 1253 USETW(req.wLength, delta); 1254 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1255 if (error != 0) 1256 break; 1257 reg += delta; 1258 buf += delta; 1259 len -= delta; 1260 } 1261 return (error); 1262#endif 1263} 1264 1265static int 1266run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1267{ 1268 int i, error = 0; 1269 1270 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1271 for (i = 0; i < len && error == 0; i += 4) 1272 error = run_write(sc, reg + i, val); 1273 return (error); 1274} 1275 1276static int 1277run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1278{ 1279 uint32_t tmp; 1280 uint16_t reg; 1281 int error, ntries; 1282 1283 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1284 return (error); 1285 1286 if (count == 2) 1287 addr *= 2; 1288 /*- 1289 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1290 * DATA0: F E D C 1291 * DATA1: B A 9 8 1292 * DATA2: 7 6 5 4 1293 * DATA3: 3 2 1 0 1294 */ 1295 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1296 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1297 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1298 for (ntries = 0; ntries < 100; ntries++) { 1299 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1300 return (error); 1301 if (!(tmp & RT3070_EFSROM_KICK)) 1302 break; 1303 run_delay(sc, 2); 1304 } 1305 if (ntries == 100) 1306 return (ETIMEDOUT); 1307 1308 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1309 *val = 0xffff; /* address not found */ 1310 return (0); 1311 } 1312 /* determine to which 32-bit register our 16-bit word belongs */ 1313 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1314 if ((error = run_read(sc, reg, &tmp)) != 0) 1315 return (error); 1316 1317 if (count == 2) 1318 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1319 else { 1320 tmp >>= (8 *(addr & 0x3)); 1321 memmove(val, &tmp, sizeof(*val)); 1322 } 1323 return (0); 1324} 1325 1326 1327/* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1328static int 1329run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1330{ 1331 return (run_efuse_read(sc, addr, val, 2)); 1332} 1333 1334static int 1335run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1336{ 1337 usb_device_request_t req; 1338 uint16_t tmp; 1339 int error; 1340 1341 addr *= 2; 1342 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1343 req.bRequest = RT2870_EEPROM_READ; 1344 USETW(req.wValue, 0); 1345 USETW(req.wIndex, addr); 1346 USETW(req.wLength, sizeof tmp); 1347 1348 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1349 if (error == 0) 1350 *val = le16toh(tmp); 1351 else 1352 *val = 0xffff; 1353 return (error); 1354} 1355 1356static __inline int 1357run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1358{ 1359 /* either eFUSE ROM or EEPROM */ 1360 return sc->sc_srom_read(sc, addr, val); 1361} 1362 1363static int 1364run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1365{ 1366 uint32_t tmp; 1367 int error, ntries; 1368 1369 for (ntries = 0; ntries < 10; ntries++) { 1370 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1371 return (error); 1372 if (!(tmp & RT2860_RF_REG_CTRL)) 1373 break; 1374 } 1375 if (ntries == 10) 1376 return (ETIMEDOUT); 1377 1378 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1379} 1380 1381static int 1382run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1383{ 1384 uint32_t tmp; 1385 int error, ntries; 1386 1387 for (ntries = 0; ntries < 100; ntries++) { 1388 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1389 return (error); 1390 if (!(tmp & RT3070_RF_KICK)) 1391 break; 1392 } 1393 if (ntries == 100) 1394 return (ETIMEDOUT); 1395 1396 tmp = RT3070_RF_KICK | reg << 8; 1397 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1398 return (error); 1399 1400 for (ntries = 0; ntries < 100; ntries++) { 1401 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1402 return (error); 1403 if (!(tmp & RT3070_RF_KICK)) 1404 break; 1405 } 1406 if (ntries == 100) 1407 return (ETIMEDOUT); 1408 1409 *val = tmp & 0xff; 1410 return (0); 1411} 1412 1413static int 1414run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1415{ 1416 uint32_t tmp; 1417 int error, ntries; 1418 1419 for (ntries = 0; ntries < 10; ntries++) { 1420 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1421 return (error); 1422 if (!(tmp & RT3070_RF_KICK)) 1423 break; 1424 } 1425 if (ntries == 10) 1426 return (ETIMEDOUT); 1427 1428 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1429 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1430} 1431 1432static int 1433run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1434{ 1435 uint32_t tmp; 1436 int ntries, error; 1437 1438 for (ntries = 0; ntries < 10; ntries++) { 1439 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1440 return (error); 1441 if (!(tmp & RT2860_BBP_CSR_KICK)) 1442 break; 1443 } 1444 if (ntries == 10) 1445 return (ETIMEDOUT); 1446 1447 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1448 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1449 return (error); 1450 1451 for (ntries = 0; ntries < 10; ntries++) { 1452 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1453 return (error); 1454 if (!(tmp & RT2860_BBP_CSR_KICK)) 1455 break; 1456 } 1457 if (ntries == 10) 1458 return (ETIMEDOUT); 1459 1460 *val = tmp & 0xff; 1461 return (0); 1462} 1463 1464static int 1465run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1466{ 1467 uint32_t tmp; 1468 int ntries, error; 1469 1470 for (ntries = 0; ntries < 10; ntries++) { 1471 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1472 return (error); 1473 if (!(tmp & RT2860_BBP_CSR_KICK)) 1474 break; 1475 } 1476 if (ntries == 10) 1477 return (ETIMEDOUT); 1478 1479 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1480 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1481} 1482 1483/* 1484 * Send a command to the 8051 microcontroller unit. 1485 */ 1486static int 1487run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1488{ 1489 uint32_t tmp; 1490 int error, ntries; 1491 1492 for (ntries = 0; ntries < 100; ntries++) { 1493 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1494 return error; 1495 if (!(tmp & RT2860_H2M_BUSY)) 1496 break; 1497 } 1498 if (ntries == 100) 1499 return ETIMEDOUT; 1500 1501 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1502 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1503 error = run_write(sc, RT2860_HOST_CMD, cmd); 1504 return (error); 1505} 1506 1507/* 1508 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1509 * Used to adjust per-rate Tx power registers. 1510 */ 1511static __inline uint32_t 1512b4inc(uint32_t b32, int8_t delta) 1513{ 1514 int8_t i, b4; 1515 1516 for (i = 0; i < 8; i++) { 1517 b4 = b32 & 0xf; 1518 b4 += delta; 1519 if (b4 < 0) 1520 b4 = 0; 1521 else if (b4 > 0xf) 1522 b4 = 0xf; 1523 b32 = b32 >> 4 | b4 << 28; 1524 } 1525 return (b32); 1526} 1527 1528static const char * 1529run_get_rf(uint16_t rev) 1530{ 1531 switch (rev) { 1532 case RT2860_RF_2820: return "RT2820"; 1533 case RT2860_RF_2850: return "RT2850"; 1534 case RT2860_RF_2720: return "RT2720"; 1535 case RT2860_RF_2750: return "RT2750"; 1536 case RT3070_RF_3020: return "RT3020"; 1537 case RT3070_RF_2020: return "RT2020"; 1538 case RT3070_RF_3021: return "RT3021"; 1539 case RT3070_RF_3022: return "RT3022"; 1540 case RT3070_RF_3052: return "RT3052"; 1541 case RT5592_RF_5592: return "RT5592"; 1542 case RT5390_RF_5370: return "RT5370"; 1543 case RT5390_RF_5372: return "RT5372"; 1544 } 1545 return ("unknown"); 1546} 1547 1548static int 1549run_read_eeprom(struct run_softc *sc) 1550{ 1551 int8_t delta_2ghz, delta_5ghz; 1552 uint32_t tmp; 1553 uint16_t val; 1554 int ridx, ant, i; 1555 1556 /* check whether the ROM is eFUSE ROM or EEPROM */ 1557 sc->sc_srom_read = run_eeprom_read_2; 1558 if (sc->mac_ver >= 0x3070) { 1559 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1560 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1561 if (tmp & RT3070_SEL_EFUSE) 1562 sc->sc_srom_read = run_efuse_read_2; 1563 } 1564 1565 /* read ROM version */ 1566 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1567 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1568 1569 /* read MAC address */ 1570 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1571 sc->sc_bssid[0] = val & 0xff; 1572 sc->sc_bssid[1] = val >> 8; 1573 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1574 sc->sc_bssid[2] = val & 0xff; 1575 sc->sc_bssid[3] = val >> 8; 1576 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1577 sc->sc_bssid[4] = val & 0xff; 1578 sc->sc_bssid[5] = val >> 8; 1579 1580 if (sc->mac_ver < 0x5390) { 1581 /* read vender BBP settings */ 1582 for (i = 0; i < 10; i++) { 1583 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1584 sc->bbp[i].val = val & 0xff; 1585 sc->bbp[i].reg = val >> 8; 1586 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1587 sc->bbp[i].val); 1588 } 1589 if (sc->mac_ver >= 0x3071) { 1590 /* read vendor RF settings */ 1591 for (i = 0; i < 10; i++) { 1592 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1593 &val); 1594 sc->rf[i].val = val & 0xff; 1595 sc->rf[i].reg = val >> 8; 1596 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1597 sc->rf[i].val); 1598 } 1599 } 1600 } 1601 1602 /* read RF frequency offset from EEPROM */ 1603 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1604 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1605 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1606 1607 if (val >> 8 != 0xff) { 1608 /* read LEDs operating mode */ 1609 sc->leds = val >> 8; 1610 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1611 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1612 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1613 } else { 1614 /* broken EEPROM, use default settings */ 1615 sc->leds = 0x01; 1616 sc->led[0] = 0x5555; 1617 sc->led[1] = 0x2221; 1618 sc->led[2] = 0x5627; /* differs from RT2860 */ 1619 } 1620 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1621 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1622 1623 /* read RF information */ 1624 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1625 run_srom_read(sc, 0x00, &val); 1626 else 1627 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1628 1629 if (val == 0xffff) { 1630 DPRINTF("invalid EEPROM antenna info, using default\n"); 1631 if (sc->mac_ver == 0x3572) { 1632 /* default to RF3052 2T2R */ 1633 sc->rf_rev = RT3070_RF_3052; 1634 sc->ntxchains = 2; 1635 sc->nrxchains = 2; 1636 } else if (sc->mac_ver >= 0x3070) { 1637 /* default to RF3020 1T1R */ 1638 sc->rf_rev = RT3070_RF_3020; 1639 sc->ntxchains = 1; 1640 sc->nrxchains = 1; 1641 } else { 1642 /* default to RF2820 1T2R */ 1643 sc->rf_rev = RT2860_RF_2820; 1644 sc->ntxchains = 1; 1645 sc->nrxchains = 2; 1646 } 1647 } else { 1648 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1649 sc->rf_rev = val; 1650 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1651 } else 1652 sc->rf_rev = (val >> 8) & 0xf; 1653 sc->ntxchains = (val >> 4) & 0xf; 1654 sc->nrxchains = val & 0xf; 1655 } 1656 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1657 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1658 1659 /* check if RF supports automatic Tx access gain control */ 1660 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1661 DPRINTF("EEPROM CFG 0x%04x\n", val); 1662 /* check if driver should patch the DAC issue */ 1663 if ((val >> 8) != 0xff) 1664 sc->patch_dac = (val >> 15) & 1; 1665 if ((val & 0xff) != 0xff) { 1666 sc->ext_5ghz_lna = (val >> 3) & 1; 1667 sc->ext_2ghz_lna = (val >> 2) & 1; 1668 /* check if RF supports automatic Tx access gain control */ 1669 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1670 /* check if we have a hardware radio switch */ 1671 sc->rfswitch = val & 1; 1672 } 1673 1674 /* read power settings for 2GHz channels */ 1675 for (i = 0; i < 14; i += 2) { 1676 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1677 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1678 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1679 1680 if (sc->mac_ver != 0x5390) { 1681 run_srom_read(sc, 1682 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1683 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1684 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1685 } 1686 } 1687 /* fix broken Tx power entries */ 1688 for (i = 0; i < 14; i++) { 1689 if (sc->mac_ver >= 0x5390) { 1690 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1691 sc->txpow1[i] = 5; 1692 } else { 1693 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1694 sc->txpow1[i] = 5; 1695 } 1696 if (sc->mac_ver > 0x5390) { 1697 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1698 sc->txpow2[i] = 5; 1699 } else if (sc->mac_ver < 0x5390) { 1700 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1701 sc->txpow2[i] = 5; 1702 } 1703 DPRINTF("chan %d: power1=%d, power2=%d\n", 1704 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1705 } 1706 /* read power settings for 5GHz channels */ 1707 for (i = 0; i < 40; i += 2) { 1708 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1709 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1710 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1711 1712 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1713 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1714 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1715 } 1716 /* fix broken Tx power entries */ 1717 for (i = 0; i < 40; i++ ) { 1718 if (sc->mac_ver != 0x5592) { 1719 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1720 sc->txpow1[14 + i] = 5; 1721 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1722 sc->txpow2[14 + i] = 5; 1723 } 1724 DPRINTF("chan %d: power1=%d, power2=%d\n", 1725 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1726 sc->txpow2[14 + i]); 1727 } 1728 1729 /* read Tx power compensation for each Tx rate */ 1730 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1731 delta_2ghz = delta_5ghz = 0; 1732 if ((val & 0xff) != 0xff && (val & 0x80)) { 1733 delta_2ghz = val & 0xf; 1734 if (!(val & 0x40)) /* negative number */ 1735 delta_2ghz = -delta_2ghz; 1736 } 1737 val >>= 8; 1738 if ((val & 0xff) != 0xff && (val & 0x80)) { 1739 delta_5ghz = val & 0xf; 1740 if (!(val & 0x40)) /* negative number */ 1741 delta_5ghz = -delta_5ghz; 1742 } 1743 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1744 delta_2ghz, delta_5ghz); 1745 1746 for (ridx = 0; ridx < 5; ridx++) { 1747 uint32_t reg; 1748 1749 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1750 reg = val; 1751 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1752 reg |= (uint32_t)val << 16; 1753 1754 sc->txpow20mhz[ridx] = reg; 1755 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1756 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1757 1758 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1759 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1760 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1761 } 1762 1763 /* read RSSI offsets and LNA gains from EEPROM */ 1764 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1765 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1766 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1767 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1768 if (sc->mac_ver >= 0x3070) { 1769 /* 1770 * On RT3070 chips (limited to 2 Rx chains), this ROM 1771 * field contains the Tx mixer gain for the 2GHz band. 1772 */ 1773 if ((val & 0xff) != 0xff) 1774 sc->txmixgain_2ghz = val & 0x7; 1775 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1776 } else 1777 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1778 sc->lna[2] = val >> 8; /* channel group 2 */ 1779 1780 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1781 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1782 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1783 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1784 if (sc->mac_ver == 0x3572) { 1785 /* 1786 * On RT3572 chips (limited to 2 Rx chains), this ROM 1787 * field contains the Tx mixer gain for the 5GHz band. 1788 */ 1789 if ((val & 0xff) != 0xff) 1790 sc->txmixgain_5ghz = val & 0x7; 1791 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1792 } else 1793 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1794 sc->lna[3] = val >> 8; /* channel group 3 */ 1795 1796 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1797 sc->lna[0] = val & 0xff; /* channel group 0 */ 1798 sc->lna[1] = val >> 8; /* channel group 1 */ 1799 1800 /* fix broken 5GHz LNA entries */ 1801 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1802 DPRINTF("invalid LNA for channel group %d\n", 2); 1803 sc->lna[2] = sc->lna[1]; 1804 } 1805 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1806 DPRINTF("invalid LNA for channel group %d\n", 3); 1807 sc->lna[3] = sc->lna[1]; 1808 } 1809 1810 /* fix broken RSSI offset entries */ 1811 for (ant = 0; ant < 3; ant++) { 1812 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1813 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1814 ant + 1, sc->rssi_2ghz[ant]); 1815 sc->rssi_2ghz[ant] = 0; 1816 } 1817 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1818 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1819 ant + 1, sc->rssi_5ghz[ant]); 1820 sc->rssi_5ghz[ant] = 0; 1821 } 1822 } 1823 return (0); 1824} 1825 1826static struct ieee80211_node * 1827run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1828{ 1829 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1830} 1831 1832static int 1833run_media_change(struct ifnet *ifp) 1834{ 1835 struct ieee80211vap *vap = ifp->if_softc; 1836 struct ieee80211com *ic = vap->iv_ic; 1837 const struct ieee80211_txparam *tp; 1838 struct run_softc *sc = ic->ic_ifp->if_softc; 1839 uint8_t rate, ridx; 1840 int error; 1841 1842 RUN_LOCK(sc); 1843 1844 error = ieee80211_media_change(ifp); 1845 if (error != ENETRESET) { 1846 RUN_UNLOCK(sc); 1847 return (error); 1848 } 1849 1850 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1851 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1852 struct ieee80211_node *ni; 1853 struct run_node *rn; 1854 1855 rate = ic->ic_sup_rates[ic->ic_curmode]. 1856 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1857 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1858 if (rt2860_rates[ridx].rate == rate) 1859 break; 1860 ni = ieee80211_ref_node(vap->iv_bss); 1861 rn = (struct run_node *)ni; 1862 rn->fix_ridx = ridx; 1863 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1864 ieee80211_free_node(ni); 1865 } 1866 1867#if 0 1868 if ((ifp->if_flags & IFF_UP) && 1869 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1870 run_init_locked(sc); 1871 } 1872#endif 1873 1874 RUN_UNLOCK(sc); 1875 1876 return (0); 1877} 1878 1879static int 1880run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1881{ 1882 const struct ieee80211_txparam *tp; 1883 struct ieee80211com *ic = vap->iv_ic; 1884 struct run_softc *sc = ic->ic_ifp->if_softc; 1885 struct run_vap *rvp = RUN_VAP(vap); 1886 enum ieee80211_state ostate; 1887 uint32_t sta[3]; 1888 uint32_t tmp; 1889 uint8_t ratectl; 1890 uint8_t restart_ratectl = 0; 1891 uint8_t bid = 1 << rvp->rvp_id; 1892 1893 ostate = vap->iv_state; 1894 DPRINTF("%s -> %s\n", 1895 ieee80211_state_name[ostate], 1896 ieee80211_state_name[nstate]); 1897 1898 IEEE80211_UNLOCK(ic); 1899 RUN_LOCK(sc); 1900 1901 ratectl = sc->ratectl_run; /* remember current state */ 1902 sc->ratectl_run = RUN_RATECTL_OFF; 1903 usb_callout_stop(&sc->ratectl_ch); 1904 1905 if (ostate == IEEE80211_S_RUN) { 1906 /* turn link LED off */ 1907 run_set_leds(sc, RT2860_LED_RADIO); 1908 } 1909 1910 switch (nstate) { 1911 case IEEE80211_S_INIT: 1912 restart_ratectl = 1; 1913 1914 if (ostate != IEEE80211_S_RUN) 1915 break; 1916 1917 ratectl &= ~bid; 1918 sc->runbmap &= ~bid; 1919 1920 /* abort TSF synchronization if there is no vap running */ 1921 if (--sc->running == 0) { 1922 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1923 run_write(sc, RT2860_BCN_TIME_CFG, 1924 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1925 RT2860_TBTT_TIMER_EN)); 1926 } 1927 break; 1928 1929 case IEEE80211_S_RUN: 1930 if (!(sc->runbmap & bid)) { 1931 if(sc->running++) 1932 restart_ratectl = 1; 1933 sc->runbmap |= bid; 1934 } 1935 1936 m_freem(rvp->beacon_mbuf); 1937 rvp->beacon_mbuf = NULL; 1938 1939 switch (vap->iv_opmode) { 1940 case IEEE80211_M_HOSTAP: 1941 case IEEE80211_M_MBSS: 1942 sc->ap_running |= bid; 1943 ic->ic_opmode = vap->iv_opmode; 1944 run_update_beacon_cb(vap); 1945 break; 1946 case IEEE80211_M_IBSS: 1947 sc->adhoc_running |= bid; 1948 if (!sc->ap_running) 1949 ic->ic_opmode = vap->iv_opmode; 1950 run_update_beacon_cb(vap); 1951 break; 1952 case IEEE80211_M_STA: 1953 sc->sta_running |= bid; 1954 if (!sc->ap_running && !sc->adhoc_running) 1955 ic->ic_opmode = vap->iv_opmode; 1956 1957 /* read statistic counters (clear on read) */ 1958 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1959 (uint8_t *)sta, sizeof sta); 1960 1961 break; 1962 default: 1963 ic->ic_opmode = vap->iv_opmode; 1964 break; 1965 } 1966 1967 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1968 struct ieee80211_node *ni; 1969 1970 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 1971 RUN_UNLOCK(sc); 1972 IEEE80211_LOCK(ic); 1973 return (-1); 1974 } 1975 run_updateslot(ic->ic_ifp); 1976 run_enable_mrr(sc); 1977 run_set_txpreamble(sc); 1978 run_set_basicrates(sc); 1979 ni = ieee80211_ref_node(vap->iv_bss); 1980 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1981 run_set_bssid(sc, ni->ni_bssid); 1982 ieee80211_free_node(ni); 1983 run_enable_tsf_sync(sc); 1984 1985 /* enable automatic rate adaptation */ 1986 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1987 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1988 ratectl |= bid; 1989 } 1990 1991 /* turn link LED on */ 1992 run_set_leds(sc, RT2860_LED_RADIO | 1993 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1994 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1995 1996 break; 1997 default: 1998 DPRINTFN(6, "undefined case\n"); 1999 break; 2000 } 2001 2002 /* restart amrr for running VAPs */ 2003 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2004 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2005 2006 RUN_UNLOCK(sc); 2007 IEEE80211_LOCK(ic); 2008 2009 return(rvp->newstate(vap, nstate, arg)); 2010} 2011 2012/* ARGSUSED */ 2013static void 2014run_wme_update_cb(void *arg) 2015{ 2016 struct ieee80211com *ic = arg; 2017 struct run_softc *sc = ic->ic_ifp->if_softc; 2018 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2019 int aci, error = 0; 2020 2021 RUN_LOCK_ASSERT(sc, MA_OWNED); 2022 2023 /* update MAC TX configuration registers */ 2024 for (aci = 0; aci < WME_NUM_AC; aci++) { 2025 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2026 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2027 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2028 wmesp->wme_params[aci].wmep_aifsn << 8 | 2029 wmesp->wme_params[aci].wmep_txopLimit); 2030 if (error) goto err; 2031 } 2032 2033 /* update SCH/DMA registers too */ 2034 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2035 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2036 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2037 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2038 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2039 if (error) goto err; 2040 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2041 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2042 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2043 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2044 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2045 if (error) goto err; 2046 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2047 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2048 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2049 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2050 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2051 if (error) goto err; 2052 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2053 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2054 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2055 if (error) goto err; 2056 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2057 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2058 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2059 2060err: 2061 if (error) 2062 DPRINTF("WME update failed\n"); 2063 2064 return; 2065} 2066 2067static int 2068run_wme_update(struct ieee80211com *ic) 2069{ 2070 struct run_softc *sc = ic->ic_ifp->if_softc; 2071 2072 /* sometime called wothout lock */ 2073 if (mtx_owned(&ic->ic_comlock.mtx)) { 2074 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2075 DPRINTF("cmdq_store=%d\n", i); 2076 sc->cmdq[i].func = run_wme_update_cb; 2077 sc->cmdq[i].arg0 = ic; 2078 ieee80211_runtask(ic, &sc->cmdq_task); 2079 return (0); 2080 } 2081 2082 RUN_LOCK(sc); 2083 run_wme_update_cb(ic); 2084 RUN_UNLOCK(sc); 2085 2086 /* return whatever, upper layer desn't care anyway */ 2087 return (0); 2088} 2089 2090static void 2091run_key_update_begin(struct ieee80211vap *vap) 2092{ 2093 /* 2094 * To avoid out-of-order events, both run_key_set() and 2095 * _delete() are deferred and handled by run_cmdq_cb(). 2096 * So, there is nothing we need to do here. 2097 */ 2098} 2099 2100static void 2101run_key_update_end(struct ieee80211vap *vap) 2102{ 2103 /* null */ 2104} 2105 2106static void 2107run_key_set_cb(void *arg) 2108{ 2109 struct run_cmdq *cmdq = arg; 2110 struct ieee80211vap *vap = cmdq->arg1; 2111 struct ieee80211_key *k = cmdq->k; 2112 struct ieee80211com *ic = vap->iv_ic; 2113 struct run_softc *sc = ic->ic_ifp->if_softc; 2114 struct ieee80211_node *ni; 2115 uint32_t attr; 2116 uint16_t base, associd; 2117 uint8_t mode, wcid, iv[8]; 2118 2119 RUN_LOCK_ASSERT(sc, MA_OWNED); 2120 2121 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2122 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2123 else 2124 ni = vap->iv_bss; 2125 associd = (ni != NULL) ? ni->ni_associd : 0; 2126 2127 /* map net80211 cipher to RT2860 security mode */ 2128 switch (k->wk_cipher->ic_cipher) { 2129 case IEEE80211_CIPHER_WEP: 2130 if(k->wk_keylen < 8) 2131 mode = RT2860_MODE_WEP40; 2132 else 2133 mode = RT2860_MODE_WEP104; 2134 break; 2135 case IEEE80211_CIPHER_TKIP: 2136 mode = RT2860_MODE_TKIP; 2137 break; 2138 case IEEE80211_CIPHER_AES_CCM: 2139 mode = RT2860_MODE_AES_CCMP; 2140 break; 2141 default: 2142 DPRINTF("undefined case\n"); 2143 return; 2144 } 2145 2146 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2147 associd, k->wk_keyix, mode, 2148 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2149 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2150 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2151 2152 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2153 wcid = 0; /* NB: update WCID0 for group keys */ 2154 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2155 } else { 2156 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2157 1 : RUN_AID2WCID(associd); 2158 base = RT2860_PKEY(wcid); 2159 } 2160 2161 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2162 if(run_write_region_1(sc, base, k->wk_key, 16)) 2163 return; 2164 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2165 return; 2166 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2167 return; 2168 } else { 2169 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2170 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2171 return; 2172 } 2173 2174 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2175 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2176 /* set initial packet number in IV+EIV */ 2177 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2178 memset(iv, 0, sizeof iv); 2179 iv[3] = vap->iv_def_txkey << 6; 2180 } else { 2181 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2182 iv[0] = k->wk_keytsc >> 8; 2183 iv[1] = (iv[0] | 0x20) & 0x7f; 2184 iv[2] = k->wk_keytsc; 2185 } else /* CCMP */ { 2186 iv[0] = k->wk_keytsc; 2187 iv[1] = k->wk_keytsc >> 8; 2188 iv[2] = 0; 2189 } 2190 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2191 iv[4] = k->wk_keytsc >> 16; 2192 iv[5] = k->wk_keytsc >> 24; 2193 iv[6] = k->wk_keytsc >> 32; 2194 iv[7] = k->wk_keytsc >> 40; 2195 } 2196 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2197 return; 2198 } 2199 2200 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2201 /* install group key */ 2202 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2203 return; 2204 attr &= ~(0xf << (k->wk_keyix * 4)); 2205 attr |= mode << (k->wk_keyix * 4); 2206 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2207 return; 2208 } else { 2209 /* install pairwise key */ 2210 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2211 return; 2212 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2213 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2214 return; 2215 } 2216 2217 /* TODO create a pass-thru key entry? */ 2218 2219 /* need wcid to delete the right key later */ 2220 k->wk_pad = wcid; 2221} 2222 2223/* 2224 * Don't have to be deferred, but in order to keep order of 2225 * execution, i.e. with run_key_delete(), defer this and let 2226 * run_cmdq_cb() maintain the order. 2227 * 2228 * return 0 on error 2229 */ 2230static int 2231run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2232 const uint8_t mac[IEEE80211_ADDR_LEN]) 2233{ 2234 struct ieee80211com *ic = vap->iv_ic; 2235 struct run_softc *sc = ic->ic_ifp->if_softc; 2236 uint32_t i; 2237 2238 i = RUN_CMDQ_GET(&sc->cmdq_store); 2239 DPRINTF("cmdq_store=%d\n", i); 2240 sc->cmdq[i].func = run_key_set_cb; 2241 sc->cmdq[i].arg0 = NULL; 2242 sc->cmdq[i].arg1 = vap; 2243 sc->cmdq[i].k = k; 2244 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2245 ieee80211_runtask(ic, &sc->cmdq_task); 2246 2247 /* 2248 * To make sure key will be set when hostapd 2249 * calls iv_key_set() before if_init(). 2250 */ 2251 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2252 RUN_LOCK(sc); 2253 sc->cmdq_key_set = RUN_CMDQ_GO; 2254 RUN_UNLOCK(sc); 2255 } 2256 2257 return (1); 2258} 2259 2260/* 2261 * If wlan is destroyed without being brought down i.e. without 2262 * wlan down or wpa_cli terminate, this function is called after 2263 * vap is gone. Don't refer it. 2264 */ 2265static void 2266run_key_delete_cb(void *arg) 2267{ 2268 struct run_cmdq *cmdq = arg; 2269 struct run_softc *sc = cmdq->arg1; 2270 struct ieee80211_key *k = &cmdq->key; 2271 uint32_t attr; 2272 uint8_t wcid; 2273 2274 RUN_LOCK_ASSERT(sc, MA_OWNED); 2275 2276 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2277 /* remove group key */ 2278 DPRINTF("removing group key\n"); 2279 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2280 attr &= ~(0xf << (k->wk_keyix * 4)); 2281 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2282 } else { 2283 /* remove pairwise key */ 2284 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2285 /* matching wcid was written to wk_pad in run_key_set() */ 2286 wcid = k->wk_pad; 2287 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2288 attr &= ~0xf; 2289 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2290 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2291 } 2292 2293 k->wk_pad = 0; 2294} 2295 2296/* 2297 * return 0 on error 2298 */ 2299static int 2300run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2301{ 2302 struct ieee80211com *ic = vap->iv_ic; 2303 struct run_softc *sc = ic->ic_ifp->if_softc; 2304 struct ieee80211_key *k0; 2305 uint32_t i; 2306 2307 /* 2308 * When called back, key might be gone. So, make a copy 2309 * of some values need to delete keys before deferring. 2310 * But, because of LOR with node lock, cannot use lock here. 2311 * So, use atomic instead. 2312 */ 2313 i = RUN_CMDQ_GET(&sc->cmdq_store); 2314 DPRINTF("cmdq_store=%d\n", i); 2315 sc->cmdq[i].func = run_key_delete_cb; 2316 sc->cmdq[i].arg0 = NULL; 2317 sc->cmdq[i].arg1 = sc; 2318 k0 = &sc->cmdq[i].key; 2319 k0->wk_flags = k->wk_flags; 2320 k0->wk_keyix = k->wk_keyix; 2321 /* matching wcid was written to wk_pad in run_key_set() */ 2322 k0->wk_pad = k->wk_pad; 2323 ieee80211_runtask(ic, &sc->cmdq_task); 2324 return (1); /* return fake success */ 2325 2326} 2327 2328static void 2329run_ratectl_to(void *arg) 2330{ 2331 struct run_softc *sc = arg; 2332 2333 /* do it in a process context, so it can go sleep */ 2334 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2335 /* next timeout will be rescheduled in the callback task */ 2336} 2337 2338/* ARGSUSED */ 2339static void 2340run_ratectl_cb(void *arg, int pending) 2341{ 2342 struct run_softc *sc = arg; 2343 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2344 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2345 2346 if (vap == NULL) 2347 return; 2348 2349 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2350 run_iter_func(sc, vap->iv_bss); 2351 else { 2352 /* 2353 * run_reset_livelock() doesn't do anything with AMRR, 2354 * but Ralink wants us to call it every 1 sec. So, we 2355 * piggyback here rather than creating another callout. 2356 * Livelock may occur only in HOSTAP or IBSS mode 2357 * (when h/w is sending beacons). 2358 */ 2359 RUN_LOCK(sc); 2360 run_reset_livelock(sc); 2361 /* just in case, there are some stats to drain */ 2362 run_drain_fifo(sc); 2363 RUN_UNLOCK(sc); 2364 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2365 } 2366 2367 RUN_LOCK(sc); 2368 if(sc->ratectl_run != RUN_RATECTL_OFF) 2369 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2370 RUN_UNLOCK(sc); 2371} 2372 2373static void 2374run_drain_fifo(void *arg) 2375{ 2376 struct run_softc *sc = arg; 2377 struct ifnet *ifp = sc->sc_ifp; 2378 uint32_t stat; 2379 uint16_t (*wstat)[3]; 2380 uint8_t wcid, mcs, pid; 2381 int8_t retry; 2382 2383 RUN_LOCK_ASSERT(sc, MA_OWNED); 2384 2385 for (;;) { 2386 /* drain Tx status FIFO (maxsize = 16) */ 2387 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2388 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2389 if (!(stat & RT2860_TXQ_VLD)) 2390 break; 2391 2392 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2393 2394 /* if no ACK was requested, no feedback is available */ 2395 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2396 wcid == 0) 2397 continue; 2398 2399 /* 2400 * Even though each stat is Tx-complete-status like format, 2401 * the device can poll stats. Because there is no guarantee 2402 * that the referring node is still around when read the stats. 2403 * So that, if we use ieee80211_ratectl_tx_update(), we will 2404 * have hard time not to refer already freed node. 2405 * 2406 * To eliminate such page faults, we poll stats in softc. 2407 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2408 */ 2409 wstat = &(sc->wcid_stats[wcid]); 2410 (*wstat)[RUN_TXCNT]++; 2411 if (stat & RT2860_TXQ_OK) 2412 (*wstat)[RUN_SUCCESS]++; 2413 else 2414 ifp->if_oerrors++; 2415 /* 2416 * Check if there were retries, ie if the Tx success rate is 2417 * different from the requested rate. Note that it works only 2418 * because we do not allow rate fallback from OFDM to CCK. 2419 */ 2420 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2421 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2422 if ((retry = pid -1 - mcs) > 0) { 2423 (*wstat)[RUN_TXCNT] += retry; 2424 (*wstat)[RUN_RETRY] += retry; 2425 } 2426 } 2427 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2428 2429 sc->fifo_cnt = 0; 2430} 2431 2432static void 2433run_iter_func(void *arg, struct ieee80211_node *ni) 2434{ 2435 struct run_softc *sc = arg; 2436 struct ieee80211vap *vap = ni->ni_vap; 2437 struct ieee80211com *ic = ni->ni_ic; 2438 struct ifnet *ifp = ic->ic_ifp; 2439 struct run_node *rn = (void *)ni; 2440 union run_stats sta[2]; 2441 uint16_t (*wstat)[3]; 2442 int txcnt, success, retrycnt, error; 2443 2444 RUN_LOCK(sc); 2445 2446 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2447 vap->iv_opmode == IEEE80211_M_STA)) { 2448 /* read statistic counters (clear on read) and update AMRR state */ 2449 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2450 sizeof sta); 2451 if (error != 0) 2452 goto fail; 2453 2454 /* count failed TX as errors */ 2455 ifp->if_oerrors += le16toh(sta[0].error.fail); 2456 2457 retrycnt = le16toh(sta[1].tx.retry); 2458 success = le16toh(sta[1].tx.success); 2459 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2460 2461 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2462 retrycnt, success, le16toh(sta[0].error.fail)); 2463 } else { 2464 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2465 2466 if (wstat == &(sc->wcid_stats[0]) || 2467 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2468 goto fail; 2469 2470 txcnt = (*wstat)[RUN_TXCNT]; 2471 success = (*wstat)[RUN_SUCCESS]; 2472 retrycnt = (*wstat)[RUN_RETRY]; 2473 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2474 retrycnt, txcnt, success); 2475 2476 memset(wstat, 0, sizeof(*wstat)); 2477 } 2478 2479 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2480 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2481 2482fail: 2483 RUN_UNLOCK(sc); 2484 2485 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2486} 2487 2488static void 2489run_newassoc_cb(void *arg) 2490{ 2491 struct run_cmdq *cmdq = arg; 2492 struct ieee80211_node *ni = cmdq->arg1; 2493 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2494 uint8_t wcid = cmdq->wcid; 2495 2496 RUN_LOCK_ASSERT(sc, MA_OWNED); 2497 2498 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2499 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2500 2501 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2502} 2503 2504static void 2505run_newassoc(struct ieee80211_node *ni, int isnew) 2506{ 2507 struct run_node *rn = (void *)ni; 2508 struct ieee80211_rateset *rs = &ni->ni_rates; 2509 struct ieee80211vap *vap = ni->ni_vap; 2510 struct ieee80211com *ic = vap->iv_ic; 2511 struct run_softc *sc = ic->ic_ifp->if_softc; 2512 uint8_t rate; 2513 uint8_t ridx; 2514 uint8_t wcid; 2515 int i, j; 2516 2517 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2518 1 : RUN_AID2WCID(ni->ni_associd); 2519 2520 if (wcid > RT2870_WCID_MAX) { 2521 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2522 return; 2523 } 2524 2525 /* only interested in true associations */ 2526 if (isnew && ni->ni_associd != 0) { 2527 2528 /* 2529 * This function could is called though timeout function. 2530 * Need to defer. 2531 */ 2532 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2533 DPRINTF("cmdq_store=%d\n", cnt); 2534 sc->cmdq[cnt].func = run_newassoc_cb; 2535 sc->cmdq[cnt].arg0 = NULL; 2536 sc->cmdq[cnt].arg1 = ni; 2537 sc->cmdq[cnt].wcid = wcid; 2538 ieee80211_runtask(ic, &sc->cmdq_task); 2539 } 2540 2541 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2542 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2543 2544 for (i = 0; i < rs->rs_nrates; i++) { 2545 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2546 /* convert 802.11 rate to hardware rate index */ 2547 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2548 if (rt2860_rates[ridx].rate == rate) 2549 break; 2550 rn->ridx[i] = ridx; 2551 /* determine rate of control response frames */ 2552 for (j = i; j >= 0; j--) { 2553 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2554 rt2860_rates[rn->ridx[i]].phy == 2555 rt2860_rates[rn->ridx[j]].phy) 2556 break; 2557 } 2558 if (j >= 0) { 2559 rn->ctl_ridx[i] = rn->ridx[j]; 2560 } else { 2561 /* no basic rate found, use mandatory one */ 2562 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2563 } 2564 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2565 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2566 } 2567 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2568 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2569 if (rt2860_rates[ridx].rate == rate) 2570 break; 2571 rn->mgt_ridx = ridx; 2572 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2573 2574 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2575} 2576 2577/* 2578 * Return the Rx chain with the highest RSSI for a given frame. 2579 */ 2580static __inline uint8_t 2581run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2582{ 2583 uint8_t rxchain = 0; 2584 2585 if (sc->nrxchains > 1) { 2586 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2587 rxchain = 1; 2588 if (sc->nrxchains > 2) 2589 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2590 rxchain = 2; 2591 } 2592 return (rxchain); 2593} 2594 2595static void 2596run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2597{ 2598 struct ifnet *ifp = sc->sc_ifp; 2599 struct ieee80211com *ic = ifp->if_l2com; 2600 struct ieee80211_frame *wh; 2601 struct ieee80211_node *ni; 2602 struct rt2870_rxd *rxd; 2603 struct rt2860_rxwi *rxwi; 2604 uint32_t flags; 2605 uint16_t len, rxwisize; 2606 uint8_t ant, rssi; 2607 int8_t nf; 2608 2609 rxwi = mtod(m, struct rt2860_rxwi *); 2610 len = le16toh(rxwi->len) & 0xfff; 2611 rxwisize = (sc->mac_ver == 0x5592) ? 2612 sizeof(struct rt2860_rxwi) + sizeof(uint64_t) : 2613 sizeof(struct rt2860_rxwi); 2614 if (__predict_false(len > dmalen)) { 2615 m_freem(m); 2616 ifp->if_ierrors++; 2617 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2618 return; 2619 } 2620 /* Rx descriptor is located at the end */ 2621 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2622 flags = le32toh(rxd->flags); 2623 2624 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2625 m_freem(m); 2626 ifp->if_ierrors++; 2627 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2628 return; 2629 } 2630 2631 m->m_data += rxwisize; 2632 m->m_pkthdr.len = m->m_len -= rxwisize; 2633 2634 wh = mtod(m, struct ieee80211_frame *); 2635 2636 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2637 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2638 m->m_flags |= M_WEP; 2639 } 2640 2641 if (flags & RT2860_RX_L2PAD) { 2642 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2643 len += 2; 2644 } 2645 2646 ni = ieee80211_find_rxnode(ic, 2647 mtod(m, struct ieee80211_frame_min *)); 2648 2649 if (__predict_false(flags & RT2860_RX_MICERR)) { 2650 /* report MIC failures to net80211 for TKIP */ 2651 if (ni != NULL) 2652 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2653 rxwi->keyidx); 2654 m_freem(m); 2655 ifp->if_ierrors++; 2656 DPRINTF("MIC error. Someone is lying.\n"); 2657 return; 2658 } 2659 2660 ant = run_maxrssi_chain(sc, rxwi); 2661 rssi = rxwi->rssi[ant]; 2662 nf = run_rssi2dbm(sc, rssi, ant); 2663 2664 m->m_pkthdr.rcvif = ifp; 2665 m->m_pkthdr.len = m->m_len = len; 2666 2667 if (ni != NULL) { 2668 (void)ieee80211_input(ni, m, rssi, nf); 2669 ieee80211_free_node(ni); 2670 } else { 2671 (void)ieee80211_input_all(ic, m, rssi, nf); 2672 } 2673 2674 if (__predict_false(ieee80211_radiotap_active(ic))) { 2675 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2676 uint16_t phy; 2677 2678 tap->wr_flags = 0; 2679 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2680 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2681 tap->wr_antsignal = rssi; 2682 tap->wr_antenna = ant; 2683 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2684 tap->wr_rate = 2; /* in case it can't be found below */ 2685 phy = le16toh(rxwi->phy); 2686 switch (phy & RT2860_PHY_MODE) { 2687 case RT2860_PHY_CCK: 2688 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2689 case 0: tap->wr_rate = 2; break; 2690 case 1: tap->wr_rate = 4; break; 2691 case 2: tap->wr_rate = 11; break; 2692 case 3: tap->wr_rate = 22; break; 2693 } 2694 if (phy & RT2860_PHY_SHPRE) 2695 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2696 break; 2697 case RT2860_PHY_OFDM: 2698 switch (phy & RT2860_PHY_MCS) { 2699 case 0: tap->wr_rate = 12; break; 2700 case 1: tap->wr_rate = 18; break; 2701 case 2: tap->wr_rate = 24; break; 2702 case 3: tap->wr_rate = 36; break; 2703 case 4: tap->wr_rate = 48; break; 2704 case 5: tap->wr_rate = 72; break; 2705 case 6: tap->wr_rate = 96; break; 2706 case 7: tap->wr_rate = 108; break; 2707 } 2708 break; 2709 } 2710 } 2711} 2712 2713static void 2714run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2715{ 2716 struct run_softc *sc = usbd_xfer_softc(xfer); 2717 struct ifnet *ifp = sc->sc_ifp; 2718 struct mbuf *m = NULL; 2719 struct mbuf *m0; 2720 uint32_t dmalen; 2721 uint16_t rxwisize; 2722 int xferlen; 2723 2724 rxwisize = (sc->mac_ver == 0x5592) ? 2725 sizeof(struct rt2860_rxwi) + sizeof(uint64_t) : 2726 sizeof(struct rt2860_rxwi); 2727 2728 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2729 2730 switch (USB_GET_STATE(xfer)) { 2731 case USB_ST_TRANSFERRED: 2732 2733 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2734 2735 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2736 sizeof(struct rt2870_rxd))) { 2737 DPRINTF("xfer too short %d\n", xferlen); 2738 goto tr_setup; 2739 } 2740 2741 m = sc->rx_m; 2742 sc->rx_m = NULL; 2743 2744 /* FALLTHROUGH */ 2745 case USB_ST_SETUP: 2746tr_setup: 2747 if (sc->rx_m == NULL) { 2748 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2749 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2750 } 2751 if (sc->rx_m == NULL) { 2752 DPRINTF("could not allocate mbuf - idle with stall\n"); 2753 ifp->if_ierrors++; 2754 usbd_xfer_set_stall(xfer); 2755 usbd_xfer_set_frames(xfer, 0); 2756 } else { 2757 /* 2758 * Directly loading a mbuf cluster into DMA to 2759 * save some data copying. This works because 2760 * there is only one cluster. 2761 */ 2762 usbd_xfer_set_frame_data(xfer, 0, 2763 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2764 usbd_xfer_set_frames(xfer, 1); 2765 } 2766 usbd_transfer_submit(xfer); 2767 break; 2768 2769 default: /* Error */ 2770 if (error != USB_ERR_CANCELLED) { 2771 /* try to clear stall first */ 2772 usbd_xfer_set_stall(xfer); 2773 2774 if (error == USB_ERR_TIMEOUT) 2775 device_printf(sc->sc_dev, "device timeout\n"); 2776 2777 ifp->if_ierrors++; 2778 2779 goto tr_setup; 2780 } 2781 if (sc->rx_m != NULL) { 2782 m_freem(sc->rx_m); 2783 sc->rx_m = NULL; 2784 } 2785 break; 2786 } 2787 2788 if (m == NULL) 2789 return; 2790 2791 /* inputting all the frames must be last */ 2792 2793 RUN_UNLOCK(sc); 2794 2795 m->m_pkthdr.len = m->m_len = xferlen; 2796 2797 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2798 for(;;) { 2799 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2800 2801 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2802 ((dmalen & 3) != 0)) { 2803 DPRINTF("bad DMA length %u\n", dmalen); 2804 break; 2805 } 2806 if ((dmalen + 8) > (uint32_t)xferlen) { 2807 DPRINTF("bad DMA length %u > %d\n", 2808 dmalen + 8, xferlen); 2809 break; 2810 } 2811 2812 /* If it is the last one or a single frame, we won't copy. */ 2813 if ((xferlen -= dmalen + 8) <= 8) { 2814 /* trim 32-bit DMA-len header */ 2815 m->m_data += 4; 2816 m->m_pkthdr.len = m->m_len -= 4; 2817 run_rx_frame(sc, m, dmalen); 2818 m = NULL; /* don't free source buffer */ 2819 break; 2820 } 2821 2822 /* copy aggregated frames to another mbuf */ 2823 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2824 if (__predict_false(m0 == NULL)) { 2825 DPRINTF("could not allocate mbuf\n"); 2826 ifp->if_ierrors++; 2827 break; 2828 } 2829 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2830 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2831 m0->m_pkthdr.len = m0->m_len = 2832 dmalen + sizeof(struct rt2870_rxd); 2833 run_rx_frame(sc, m0, dmalen); 2834 2835 /* update data ptr */ 2836 m->m_data += dmalen + 8; 2837 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2838 } 2839 2840 /* make sure we free the source buffer, if any */ 2841 m_freem(m); 2842 2843 RUN_LOCK(sc); 2844} 2845 2846static void 2847run_tx_free(struct run_endpoint_queue *pq, 2848 struct run_tx_data *data, int txerr) 2849{ 2850 if (data->m != NULL) { 2851 if (data->m->m_flags & M_TXCB) 2852 ieee80211_process_callback(data->ni, data->m, 2853 txerr ? ETIMEDOUT : 0); 2854 m_freem(data->m); 2855 data->m = NULL; 2856 2857 if (data->ni == NULL) { 2858 DPRINTF("no node\n"); 2859 } else { 2860 ieee80211_free_node(data->ni); 2861 data->ni = NULL; 2862 } 2863 } 2864 2865 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2866 pq->tx_nfree++; 2867} 2868 2869static void 2870run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 2871{ 2872 struct run_softc *sc = usbd_xfer_softc(xfer); 2873 struct ifnet *ifp = sc->sc_ifp; 2874 struct ieee80211com *ic = ifp->if_l2com; 2875 struct run_tx_data *data; 2876 struct ieee80211vap *vap = NULL; 2877 struct usb_page_cache *pc; 2878 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2879 struct mbuf *m; 2880 usb_frlength_t size; 2881 int actlen; 2882 int sumlen; 2883 2884 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2885 2886 switch (USB_GET_STATE(xfer)) { 2887 case USB_ST_TRANSFERRED: 2888 DPRINTFN(11, "transfer complete: %d " 2889 "bytes @ index %d\n", actlen, index); 2890 2891 data = usbd_xfer_get_priv(xfer); 2892 2893 run_tx_free(pq, data, 0); 2894 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2895 2896 usbd_xfer_set_priv(xfer, NULL); 2897 2898 ifp->if_opackets++; 2899 2900 /* FALLTHROUGH */ 2901 case USB_ST_SETUP: 2902tr_setup: 2903 data = STAILQ_FIRST(&pq->tx_qh); 2904 if (data == NULL) 2905 break; 2906 2907 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2908 2909 m = data->m; 2910 size = (sc->mac_ver == 0x5592) ? 2911 RUN_MAX_TXSZ + sizeof(uint32_t) : RUN_MAX_TXSZ; 2912 if ((m->m_pkthdr.len + 2913 sizeof(data->desc) + 3 + 8) > size) { 2914 DPRINTF("data overflow, %u bytes\n", 2915 m->m_pkthdr.len); 2916 2917 ifp->if_oerrors++; 2918 2919 run_tx_free(pq, data, 1); 2920 2921 goto tr_setup; 2922 } 2923 2924 pc = usbd_xfer_get_frame(xfer, 0); 2925 size = (sc->mac_ver == 0x5592) ? 2926 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 2927 usbd_copy_in(pc, 0, &data->desc, size); 2928 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2929 size += m->m_pkthdr.len; 2930 /* 2931 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 2932 * 4-byte padding), and be sure to zero those trailing 2933 * bytes: 2934 */ 2935 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 2936 size += ((-size) & 3) + 8; 2937 2938 vap = data->ni->ni_vap; 2939 if (ieee80211_radiotap_active_vap(vap)) { 2940 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2941 struct rt2860_txwi *txwi = 2942 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2943 tap->wt_flags = 0; 2944 tap->wt_rate = rt2860_rates[data->ridx].rate; 2945 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 2946 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 2947 tap->wt_hwqueue = index; 2948 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2949 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2950 2951 ieee80211_radiotap_tx(vap, m); 2952 } 2953 2954 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 2955 m->m_pkthdr.len, size, index); 2956 2957 usbd_xfer_set_frame_len(xfer, 0, size); 2958 usbd_xfer_set_priv(xfer, data); 2959 2960 usbd_transfer_submit(xfer); 2961 2962 RUN_UNLOCK(sc); 2963 run_start(ifp); 2964 RUN_LOCK(sc); 2965 2966 break; 2967 2968 default: 2969 DPRINTF("USB transfer error, %s\n", 2970 usbd_errstr(error)); 2971 2972 data = usbd_xfer_get_priv(xfer); 2973 2974 ifp->if_oerrors++; 2975 2976 if (data != NULL) { 2977 if(data->ni != NULL) 2978 vap = data->ni->ni_vap; 2979 run_tx_free(pq, data, error); 2980 usbd_xfer_set_priv(xfer, NULL); 2981 } 2982 if (vap == NULL) 2983 vap = TAILQ_FIRST(&ic->ic_vaps); 2984 2985 if (error != USB_ERR_CANCELLED) { 2986 if (error == USB_ERR_TIMEOUT) { 2987 device_printf(sc->sc_dev, "device timeout\n"); 2988 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2989 DPRINTF("cmdq_store=%d\n", i); 2990 sc->cmdq[i].func = run_usb_timeout_cb; 2991 sc->cmdq[i].arg0 = vap; 2992 ieee80211_runtask(ic, &sc->cmdq_task); 2993 } 2994 2995 /* 2996 * Try to clear stall first, also if other 2997 * errors occur, hence clearing stall 2998 * introduces a 50 ms delay: 2999 */ 3000 usbd_xfer_set_stall(xfer); 3001 goto tr_setup; 3002 } 3003 break; 3004 } 3005} 3006 3007static void 3008run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3009{ 3010 run_bulk_tx_callbackN(xfer, error, 0); 3011} 3012 3013static void 3014run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3015{ 3016 run_bulk_tx_callbackN(xfer, error, 1); 3017} 3018 3019static void 3020run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3021{ 3022 run_bulk_tx_callbackN(xfer, error, 2); 3023} 3024 3025static void 3026run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3027{ 3028 run_bulk_tx_callbackN(xfer, error, 3); 3029} 3030 3031static void 3032run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3033{ 3034 run_bulk_tx_callbackN(xfer, error, 4); 3035} 3036 3037static void 3038run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3039{ 3040 run_bulk_tx_callbackN(xfer, error, 5); 3041} 3042 3043static void 3044run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3045{ 3046 struct mbuf *m = data->m; 3047 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3048 struct ieee80211vap *vap = data->ni->ni_vap; 3049 struct ieee80211_frame *wh; 3050 struct rt2870_txd *txd; 3051 struct rt2860_txwi *txwi; 3052 uint16_t xferlen, txwisize; 3053 uint16_t mcs; 3054 uint8_t ridx = data->ridx; 3055 uint8_t pad; 3056 3057 /* get MCS code from rate index */ 3058 mcs = rt2860_rates[ridx].mcs; 3059 3060 txwisize = (sc->mac_ver == 0x5592) ? 3061 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3062 xferlen = txwisize + m->m_pkthdr.len; 3063 3064 /* roundup to 32-bit alignment */ 3065 xferlen = (xferlen + 3) & ~3; 3066 3067 txd = (struct rt2870_txd *)&data->desc; 3068 txd->len = htole16(xferlen); 3069 3070 wh = mtod(m, struct ieee80211_frame *); 3071 3072 /* 3073 * Ether both are true or both are false, the header 3074 * are nicely aligned to 32-bit. So, no L2 padding. 3075 */ 3076 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3077 pad = 0; 3078 else 3079 pad = 2; 3080 3081 /* setup TX Wireless Information */ 3082 txwi = (struct rt2860_txwi *)(txd + 1); 3083 txwi->len = htole16(m->m_pkthdr.len - pad); 3084 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3085 txwi->phy = htole16(RT2860_PHY_CCK); 3086 if (ridx != RT2860_RIDX_CCK1 && 3087 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3088 mcs |= RT2860_PHY_SHPRE; 3089 } else 3090 txwi->phy = htole16(RT2860_PHY_OFDM); 3091 txwi->phy |= htole16(mcs); 3092 3093 /* check if RTS/CTS or CTS-to-self protection is required */ 3094 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3095 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3096 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3097 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3098 txwi->txop |= RT2860_TX_TXOP_HT; 3099 else 3100 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3101 3102 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3103 txwi->xflags |= RT2860_TX_NSEQ; 3104} 3105 3106/* This function must be called locked */ 3107static int 3108run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3109{ 3110 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3111 struct ieee80211vap *vap = ni->ni_vap; 3112 struct ieee80211_frame *wh; 3113 struct ieee80211_channel *chan; 3114 const struct ieee80211_txparam *tp; 3115 struct run_node *rn = (void *)ni; 3116 struct run_tx_data *data; 3117 struct rt2870_txd *txd; 3118 struct rt2860_txwi *txwi; 3119 uint16_t qos; 3120 uint16_t dur; 3121 uint16_t qid; 3122 uint8_t type; 3123 uint8_t tid; 3124 uint8_t ridx; 3125 uint8_t ctl_ridx; 3126 uint8_t qflags; 3127 uint8_t xflags = 0; 3128 int hasqos; 3129 3130 RUN_LOCK_ASSERT(sc, MA_OWNED); 3131 3132 wh = mtod(m, struct ieee80211_frame *); 3133 3134 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3135 3136 /* 3137 * There are 7 bulk endpoints: 1 for RX 3138 * and 6 for TX (4 EDCAs + HCCA + Prio). 3139 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3140 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3141 */ 3142 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3143 uint8_t *frm; 3144 3145 if(IEEE80211_HAS_ADDR4(wh)) 3146 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3147 else 3148 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3149 3150 qos = le16toh(*(const uint16_t *)frm); 3151 tid = qos & IEEE80211_QOS_TID; 3152 qid = TID_TO_WME_AC(tid); 3153 } else { 3154 qos = 0; 3155 tid = 0; 3156 qid = WME_AC_BE; 3157 } 3158 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3159 3160 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3161 qos, qid, tid, qflags); 3162 3163 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3164 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3165 3166 /* pickup a rate index */ 3167 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3168 type != IEEE80211_FC0_TYPE_DATA) { 3169 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3170 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3171 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3172 } else { 3173 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3174 ridx = rn->fix_ridx; 3175 else 3176 ridx = rn->amrr_ridx; 3177 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3178 } 3179 3180 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3181 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3182 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3183 xflags |= RT2860_TX_ACK; 3184 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3185 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3186 else 3187 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3188 USETW(wh->i_dur, dur); 3189 } 3190 3191 /* reserve slots for mgmt packets, just in case */ 3192 if (sc->sc_epq[qid].tx_nfree < 3) { 3193 DPRINTFN(10, "tx ring %d is full\n", qid); 3194 return (-1); 3195 } 3196 3197 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3198 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3199 sc->sc_epq[qid].tx_nfree--; 3200 3201 txd = (struct rt2870_txd *)&data->desc; 3202 txd->flags = qflags; 3203 txwi = (struct rt2860_txwi *)(txd + 1); 3204 txwi->xflags = xflags; 3205 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3206 txwi->wcid = 0; 3207 else 3208 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3209 1 : RUN_AID2WCID(ni->ni_associd); 3210 3211 /* clear leftover garbage bits */ 3212 txwi->flags = 0; 3213 txwi->txop = 0; 3214 3215 data->m = m; 3216 data->ni = ni; 3217 data->ridx = ridx; 3218 3219 run_set_tx_desc(sc, data); 3220 3221 /* 3222 * The chip keeps track of 2 kind of Tx stats, 3223 * * TX_STAT_FIFO, for per WCID stats, and 3224 * * TX_STA_CNT0 for all-TX-in-one stats. 3225 * 3226 * To use FIFO stats, we need to store MCS into the driver-private 3227 * PacketID field. So that, we can tell whose stats when we read them. 3228 * We add 1 to the MCS because setting the PacketID field to 0 means 3229 * that we don't want feedback in TX_STAT_FIFO. 3230 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3231 * 3232 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3233 */ 3234 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3235 vap->iv_opmode == IEEE80211_M_MBSS) { 3236 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3237 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3238 3239 /* 3240 * Unlike PCI based devices, we don't get any interrupt from 3241 * USB devices, so we simulate FIFO-is-full interrupt here. 3242 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3243 * quickly get fulled. To prevent overflow, increment a counter on 3244 * every FIFO stat request, so we know how many slots are left. 3245 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3246 * are used only in those modes. 3247 * We just drain stats. AMRR gets updated every 1 sec by 3248 * run_ratectl_cb() via callout. 3249 * Call it early. Otherwise overflow. 3250 */ 3251 if (sc->fifo_cnt++ == 10) { 3252 /* 3253 * With multiple vaps or if_bridge, if_start() is called 3254 * with a non-sleepable lock, tcpinp. So, need to defer. 3255 */ 3256 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3257 DPRINTFN(6, "cmdq_store=%d\n", i); 3258 sc->cmdq[i].func = run_drain_fifo; 3259 sc->cmdq[i].arg0 = sc; 3260 ieee80211_runtask(ic, &sc->cmdq_task); 3261 } 3262 } 3263 3264 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3265 3266 usbd_transfer_start(sc->sc_xfer[qid]); 3267 3268 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3269 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3270 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3271 3272 return (0); 3273} 3274 3275static int 3276run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3277{ 3278 struct ifnet *ifp = sc->sc_ifp; 3279 struct ieee80211com *ic = ifp->if_l2com; 3280 struct run_node *rn = (void *)ni; 3281 struct run_tx_data *data; 3282 struct ieee80211_frame *wh; 3283 struct rt2870_txd *txd; 3284 struct rt2860_txwi *txwi; 3285 uint16_t dur; 3286 uint8_t ridx = rn->mgt_ridx; 3287 uint8_t type; 3288 uint8_t xflags = 0; 3289 uint8_t wflags = 0; 3290 3291 RUN_LOCK_ASSERT(sc, MA_OWNED); 3292 3293 wh = mtod(m, struct ieee80211_frame *); 3294 3295 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3296 3297 /* tell hardware to add timestamp for probe responses */ 3298 if ((wh->i_fc[0] & 3299 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3300 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3301 wflags |= RT2860_TX_TS; 3302 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3303 xflags |= RT2860_TX_ACK; 3304 3305 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3306 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3307 USETW(wh->i_dur, dur); 3308 } 3309 3310 if (sc->sc_epq[0].tx_nfree == 0) { 3311 /* let caller free mbuf */ 3312 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3313 return (EIO); 3314 } 3315 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3316 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3317 sc->sc_epq[0].tx_nfree--; 3318 3319 txd = (struct rt2870_txd *)&data->desc; 3320 txd->flags = RT2860_TX_QSEL_EDCA; 3321 txwi = (struct rt2860_txwi *)(txd + 1); 3322 txwi->wcid = 0xff; 3323 txwi->flags = wflags; 3324 txwi->xflags = xflags; 3325 txwi->txop = 0; /* clear leftover garbage bits */ 3326 3327 data->m = m; 3328 data->ni = ni; 3329 data->ridx = ridx; 3330 3331 run_set_tx_desc(sc, data); 3332 3333 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3334 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3335 rt2860_rates[ridx].rate); 3336 3337 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3338 3339 usbd_transfer_start(sc->sc_xfer[0]); 3340 3341 return (0); 3342} 3343 3344static int 3345run_sendprot(struct run_softc *sc, 3346 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3347{ 3348 struct ieee80211com *ic = ni->ni_ic; 3349 struct ieee80211_frame *wh; 3350 struct run_tx_data *data; 3351 struct rt2870_txd *txd; 3352 struct rt2860_txwi *txwi; 3353 struct mbuf *mprot; 3354 int ridx; 3355 int protrate; 3356 int ackrate; 3357 int pktlen; 3358 int isshort; 3359 uint16_t dur; 3360 uint8_t type; 3361 uint8_t wflags = 0; 3362 uint8_t xflags = 0; 3363 3364 RUN_LOCK_ASSERT(sc, MA_OWNED); 3365 3366 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3367 ("protection %d", prot)); 3368 3369 wh = mtod(m, struct ieee80211_frame *); 3370 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3371 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3372 3373 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3374 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3375 3376 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3377 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3378 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3379 wflags = RT2860_TX_FRAG; 3380 3381 /* check that there are free slots before allocating the mbuf */ 3382 if (sc->sc_epq[0].tx_nfree == 0) { 3383 /* let caller free mbuf */ 3384 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3385 return (ENOBUFS); 3386 } 3387 3388 if (prot == IEEE80211_PROT_RTSCTS) { 3389 /* NB: CTS is the same size as an ACK */ 3390 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3391 xflags |= RT2860_TX_ACK; 3392 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3393 } else { 3394 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3395 } 3396 if (mprot == NULL) { 3397 sc->sc_ifp->if_oerrors++; 3398 DPRINTF("could not allocate mbuf\n"); 3399 return (ENOBUFS); 3400 } 3401 3402 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3403 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3404 sc->sc_epq[0].tx_nfree--; 3405 3406 txd = (struct rt2870_txd *)&data->desc; 3407 txd->flags = RT2860_TX_QSEL_EDCA; 3408 txwi = (struct rt2860_txwi *)(txd + 1); 3409 txwi->wcid = 0xff; 3410 txwi->flags = wflags; 3411 txwi->xflags = xflags; 3412 txwi->txop = 0; /* clear leftover garbage bits */ 3413 3414 data->m = mprot; 3415 data->ni = ieee80211_ref_node(ni); 3416 3417 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3418 if (rt2860_rates[ridx].rate == protrate) 3419 break; 3420 data->ridx = ridx; 3421 3422 run_set_tx_desc(sc, data); 3423 3424 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3425 m->m_pkthdr.len, rate); 3426 3427 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3428 3429 usbd_transfer_start(sc->sc_xfer[0]); 3430 3431 return (0); 3432} 3433 3434static int 3435run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3436 const struct ieee80211_bpf_params *params) 3437{ 3438 struct ieee80211com *ic = ni->ni_ic; 3439 struct ieee80211_frame *wh; 3440 struct run_tx_data *data; 3441 struct rt2870_txd *txd; 3442 struct rt2860_txwi *txwi; 3443 uint8_t type; 3444 uint8_t ridx; 3445 uint8_t rate; 3446 uint8_t opflags = 0; 3447 uint8_t xflags = 0; 3448 int error; 3449 3450 RUN_LOCK_ASSERT(sc, MA_OWNED); 3451 3452 KASSERT(params != NULL, ("no raw xmit params")); 3453 3454 wh = mtod(m, struct ieee80211_frame *); 3455 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3456 3457 rate = params->ibp_rate0; 3458 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3459 /* let caller free mbuf */ 3460 return (EINVAL); 3461 } 3462 3463 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3464 xflags |= RT2860_TX_ACK; 3465 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3466 error = run_sendprot(sc, m, ni, 3467 params->ibp_flags & IEEE80211_BPF_RTS ? 3468 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3469 rate); 3470 if (error) { 3471 /* let caller free mbuf */ 3472 return error; 3473 } 3474 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3475 } 3476 3477 if (sc->sc_epq[0].tx_nfree == 0) { 3478 /* let caller free mbuf */ 3479 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3480 DPRINTF("sending raw frame, but tx ring is full\n"); 3481 return (EIO); 3482 } 3483 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3484 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3485 sc->sc_epq[0].tx_nfree--; 3486 3487 txd = (struct rt2870_txd *)&data->desc; 3488 txd->flags = RT2860_TX_QSEL_EDCA; 3489 txwi = (struct rt2860_txwi *)(txd + 1); 3490 txwi->wcid = 0xff; 3491 txwi->xflags = xflags; 3492 txwi->txop = opflags; 3493 txwi->flags = 0; /* clear leftover garbage bits */ 3494 3495 data->m = m; 3496 data->ni = ni; 3497 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3498 if (rt2860_rates[ridx].rate == rate) 3499 break; 3500 data->ridx = ridx; 3501 3502 run_set_tx_desc(sc, data); 3503 3504 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3505 m->m_pkthdr.len, rate); 3506 3507 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3508 3509 usbd_transfer_start(sc->sc_xfer[0]); 3510 3511 return (0); 3512} 3513 3514static int 3515run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3516 const struct ieee80211_bpf_params *params) 3517{ 3518 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3519 struct run_softc *sc = ifp->if_softc; 3520 int error = 0; 3521 3522 RUN_LOCK(sc); 3523 3524 /* prevent management frames from being sent if we're not ready */ 3525 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3526 error = ENETDOWN; 3527 goto done; 3528 } 3529 3530 if (params == NULL) { 3531 /* tx mgt packet */ 3532 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3533 ifp->if_oerrors++; 3534 DPRINTF("mgt tx failed\n"); 3535 goto done; 3536 } 3537 } else { 3538 /* tx raw packet with param */ 3539 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3540 ifp->if_oerrors++; 3541 DPRINTF("tx with param failed\n"); 3542 goto done; 3543 } 3544 } 3545 3546 ifp->if_opackets++; 3547 3548done: 3549 RUN_UNLOCK(sc); 3550 3551 if (error != 0) { 3552 if(m != NULL) 3553 m_freem(m); 3554 ieee80211_free_node(ni); 3555 } 3556 3557 return (error); 3558} 3559 3560static void 3561run_start(struct ifnet *ifp) 3562{ 3563 struct run_softc *sc = ifp->if_softc; 3564 struct ieee80211_node *ni; 3565 struct mbuf *m; 3566 3567 RUN_LOCK(sc); 3568 3569 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3570 RUN_UNLOCK(sc); 3571 return; 3572 } 3573 3574 for (;;) { 3575 /* send data frames */ 3576 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3577 if (m == NULL) 3578 break; 3579 3580 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3581 if (run_tx(sc, m, ni) != 0) { 3582 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3583 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3584 break; 3585 } 3586 } 3587 3588 RUN_UNLOCK(sc); 3589} 3590 3591static int 3592run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3593{ 3594 struct run_softc *sc = ifp->if_softc; 3595 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3596 struct ifreq *ifr = (struct ifreq *) data; 3597 int startall = 0; 3598 int error; 3599 3600 RUN_LOCK(sc); 3601 error = sc->sc_detached ? ENXIO : 0; 3602 RUN_UNLOCK(sc); 3603 if (error) 3604 return (error); 3605 3606 switch (cmd) { 3607 case SIOCSIFFLAGS: 3608 RUN_LOCK(sc); 3609 if (ifp->if_flags & IFF_UP) { 3610 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3611 startall = 1; 3612 run_init_locked(sc); 3613 } else 3614 run_update_promisc_locked(ifp); 3615 } else { 3616 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3617 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3618 run_stop(sc); 3619 } 3620 } 3621 RUN_UNLOCK(sc); 3622 if (startall) 3623 ieee80211_start_all(ic); 3624 break; 3625 case SIOCGIFMEDIA: 3626 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3627 break; 3628 case SIOCGIFADDR: 3629 error = ether_ioctl(ifp, cmd, data); 3630 break; 3631 default: 3632 error = EINVAL; 3633 break; 3634 } 3635 3636 return (error); 3637} 3638 3639static void 3640run_iq_calib(struct run_softc *sc, u_int chan) 3641{ 3642 uint16_t val; 3643 3644 /* Tx0 IQ gain. */ 3645 run_bbp_write(sc, 158, 0x2c); 3646 if (chan <= 14) 3647 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3648 else if (chan <= 64) { 3649 run_efuse_read(sc, 3650 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3651 &val, 1); 3652 } else if (chan <= 138) { 3653 run_efuse_read(sc, 3654 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3655 &val, 1); 3656 } else if (chan <= 165) { 3657 run_efuse_read(sc, 3658 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3659 &val, 1); 3660 } else 3661 val = 0; 3662 run_bbp_write(sc, 159, val & 0xff); 3663 3664 /* Tx0 IQ phase. */ 3665 run_bbp_write(sc, 158, 0x2d); 3666 if (chan <= 14) { 3667 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3668 &val, 1); 3669 } else if (chan <= 64) { 3670 run_efuse_read(sc, 3671 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3672 &val, 1); 3673 } else if (chan <= 138) { 3674 run_efuse_read(sc, 3675 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3676 &val, 1); 3677 } else if (chan <= 165) { 3678 run_efuse_read(sc, 3679 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3680 &val, 1); 3681 } else 3682 val = 0; 3683 run_bbp_write(sc, 159, val & 0xff); 3684 3685 /* Tx1 IQ gain. */ 3686 run_bbp_write(sc, 158, 0x4a); 3687 if (chan <= 14) { 3688 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3689 &val, 1); 3690 } else if (chan <= 64) { 3691 run_efuse_read(sc, 3692 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3693 &val, 1); 3694 } else if (chan <= 138) { 3695 run_efuse_read(sc, 3696 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3697 &val, 1); 3698 } else if (chan <= 165) { 3699 run_efuse_read(sc, 3700 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3701 &val, 1); 3702 } else 3703 val = 0; 3704 run_bbp_write(sc, 159, val & 0xff); 3705 3706 /* Tx1 IQ phase. */ 3707 run_bbp_write(sc, 158, 0x4b); 3708 if (chan <= 14) { 3709 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3710 &val, 1); 3711 } else if (chan <= 64) { 3712 run_efuse_read(sc, 3713 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3714 &val, 1); 3715 } else if (chan <= 138) { 3716 run_efuse_read(sc, 3717 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3718 &val, 1); 3719 } else if (chan <= 165) { 3720 run_efuse_read(sc, 3721 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3722 &val, 1); 3723 } else 3724 val = 0; 3725 run_bbp_write(sc, 159, val & 0xff); 3726 3727 /* RF IQ compensation control. */ 3728 run_bbp_write(sc, 158, 0x04); 3729 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3730 &val, 1); 3731 run_bbp_write(sc, 159, val & 0xff); 3732 3733 /* RF IQ imbalance compensation control. */ 3734 run_bbp_write(sc, 158, 0x03); 3735 run_efuse_read(sc, 3736 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3737 run_bbp_write(sc, 159, val & 0xff); 3738} 3739 3740static void 3741run_set_agc(struct run_softc *sc, uint8_t agc) 3742{ 3743 uint8_t bbp; 3744 3745 if (sc->mac_ver == 0x3572) { 3746 run_bbp_read(sc, 27, &bbp); 3747 bbp &= ~(0x3 << 5); 3748 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3749 run_bbp_write(sc, 66, agc); 3750 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3751 run_bbp_write(sc, 66, agc); 3752 } else 3753 run_bbp_write(sc, 66, agc); 3754} 3755 3756static void 3757run_select_chan_group(struct run_softc *sc, int group) 3758{ 3759 uint32_t tmp; 3760 uint8_t agc; 3761 3762 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3763 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3764 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3765 if (sc->mac_ver < 0x3572) 3766 run_bbp_write(sc, 86, 0x00); 3767 3768 if (group == 0) { 3769 if (sc->ext_2ghz_lna) { 3770 if (sc->mac_ver >= 0x5390) 3771 run_bbp_write(sc, 75, 0x52); 3772 else { 3773 run_bbp_write(sc, 82, 0x62); 3774 run_bbp_write(sc, 75, 0x46); 3775 } 3776 } else { 3777 if (sc->mac_ver == 0x5592) { 3778 run_bbp_write(sc, 79, 0x1c); 3779 run_bbp_write(sc, 80, 0x0e); 3780 run_bbp_write(sc, 81, 0x3a); 3781 run_bbp_write(sc, 82, 0x62); 3782 3783 run_bbp_write(sc, 195, 0x80); 3784 run_bbp_write(sc, 196, 0xe0); 3785 run_bbp_write(sc, 195, 0x81); 3786 run_bbp_write(sc, 196, 0x1f); 3787 run_bbp_write(sc, 195, 0x82); 3788 run_bbp_write(sc, 196, 0x38); 3789 run_bbp_write(sc, 195, 0x83); 3790 run_bbp_write(sc, 196, 0x32); 3791 run_bbp_write(sc, 195, 0x85); 3792 run_bbp_write(sc, 196, 0x28); 3793 run_bbp_write(sc, 195, 0x86); 3794 run_bbp_write(sc, 196, 0x19); 3795 } else if (sc->mac_ver >= 0x5390) 3796 run_bbp_write(sc, 75, 0x50); 3797 else { 3798 run_bbp_write(sc, 82, 0x84); 3799 run_bbp_write(sc, 75, 0x50); 3800 } 3801 } 3802 } else { 3803 if (sc->mac_ver == 0x5592) { 3804 run_bbp_write(sc, 79, 0x18); 3805 run_bbp_write(sc, 80, 0x08); 3806 run_bbp_write(sc, 81, 0x38); 3807 run_bbp_write(sc, 82, 0x92); 3808 3809 run_bbp_write(sc, 195, 0x80); 3810 run_bbp_write(sc, 196, 0xf0); 3811 run_bbp_write(sc, 195, 0x81); 3812 run_bbp_write(sc, 196, 0x1e); 3813 run_bbp_write(sc, 195, 0x82); 3814 run_bbp_write(sc, 196, 0x28); 3815 run_bbp_write(sc, 195, 0x83); 3816 run_bbp_write(sc, 196, 0x20); 3817 run_bbp_write(sc, 195, 0x85); 3818 run_bbp_write(sc, 196, 0x7f); 3819 run_bbp_write(sc, 195, 0x86); 3820 run_bbp_write(sc, 196, 0x7f); 3821 } else if (sc->mac_ver == 0x3572) 3822 run_bbp_write(sc, 82, 0x94); 3823 else 3824 run_bbp_write(sc, 82, 0xf2); 3825 if (sc->ext_5ghz_lna) 3826 run_bbp_write(sc, 75, 0x46); 3827 else 3828 run_bbp_write(sc, 75, 0x50); 3829 } 3830 3831 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3832 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3833 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3834 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3835 3836 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3837 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3838 if (sc->nrxchains > 1) 3839 tmp |= RT2860_LNA_PE1_EN; 3840 if (group == 0) { /* 2GHz */ 3841 tmp |= RT2860_PA_PE_G0_EN; 3842 if (sc->ntxchains > 1) 3843 tmp |= RT2860_PA_PE_G1_EN; 3844 } else { /* 5GHz */ 3845 tmp |= RT2860_PA_PE_A0_EN; 3846 if (sc->ntxchains > 1) 3847 tmp |= RT2860_PA_PE_A1_EN; 3848 } 3849 if (sc->mac_ver == 0x3572) { 3850 run_rt3070_rf_write(sc, 8, 0x00); 3851 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3852 run_rt3070_rf_write(sc, 8, 0x80); 3853 } else 3854 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3855 3856 if (sc->mac_ver == 0x5592) { 3857 run_bbp_write(sc, 195, 0x8d); 3858 run_bbp_write(sc, 196, 0x1a); 3859 } 3860 3861 /* set initial AGC value */ 3862 if (group == 0) { /* 2GHz band */ 3863 if (sc->mac_ver >= 0x3070) 3864 agc = 0x1c + sc->lna[0] * 2; 3865 else 3866 agc = 0x2e + sc->lna[0]; 3867 } else { /* 5GHz band */ 3868 if (sc->mac_ver == 0x5592) 3869 agc = 0x24 + sc->lna[group] * 2; 3870 else if (sc->mac_ver == 0x3572) 3871 agc = 0x22 + (sc->lna[group] * 5) / 3; 3872 else 3873 agc = 0x32 + (sc->lna[group] * 5) / 3; 3874 } 3875 run_set_agc(sc, agc); 3876} 3877 3878static void 3879run_rt2870_set_chan(struct run_softc *sc, u_int chan) 3880{ 3881 const struct rfprog *rfprog = rt2860_rf2850; 3882 uint32_t r2, r3, r4; 3883 int8_t txpow1, txpow2; 3884 int i; 3885 3886 /* find the settings for this channel (we know it exists) */ 3887 for (i = 0; rfprog[i].chan != chan; i++); 3888 3889 r2 = rfprog[i].r2; 3890 if (sc->ntxchains == 1) 3891 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 3892 if (sc->nrxchains == 1) 3893 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 3894 else if (sc->nrxchains == 2) 3895 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 3896 3897 /* use Tx power values from EEPROM */ 3898 txpow1 = sc->txpow1[i]; 3899 txpow2 = sc->txpow2[i]; 3900 3901 /* Initialize RF R3 and R4. */ 3902 r3 = rfprog[i].r3 & 0xffffc1ff; 3903 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 3904 if (chan > 14) { 3905 if (txpow1 >= 0) { 3906 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 3907 r3 |= (txpow1 << 10) | (1 << 9); 3908 } else { 3909 txpow1 += 7; 3910 3911 /* txpow1 is not possible larger than 15. */ 3912 r3 |= (txpow1 << 10); 3913 } 3914 if (txpow2 >= 0) { 3915 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 3916 r4 |= (txpow2 << 7) | (1 << 6); 3917 } else { 3918 txpow2 += 7; 3919 r4 |= (txpow2 << 7); 3920 } 3921 } else { 3922 /* Set Tx0 power. */ 3923 r3 |= (txpow1 << 9); 3924 3925 /* Set frequency offset and Tx1 power. */ 3926 r4 |= (txpow2 << 6); 3927 } 3928 3929 run_rt2870_rf_write(sc, rfprog[i].r1); 3930 run_rt2870_rf_write(sc, r2); 3931 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 3932 run_rt2870_rf_write(sc, r4); 3933 3934 run_delay(sc, 10); 3935 3936 run_rt2870_rf_write(sc, rfprog[i].r1); 3937 run_rt2870_rf_write(sc, r2); 3938 run_rt2870_rf_write(sc, r3 | (1 << 2)); 3939 run_rt2870_rf_write(sc, r4); 3940 3941 run_delay(sc, 10); 3942 3943 run_rt2870_rf_write(sc, rfprog[i].r1); 3944 run_rt2870_rf_write(sc, r2); 3945 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 3946 run_rt2870_rf_write(sc, r4); 3947} 3948 3949static void 3950run_rt3070_set_chan(struct run_softc *sc, u_int chan) 3951{ 3952 int8_t txpow1, txpow2; 3953 uint8_t rf; 3954 int i; 3955 3956 /* find the settings for this channel (we know it exists) */ 3957 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3958 3959 /* use Tx power values from EEPROM */ 3960 txpow1 = sc->txpow1[i]; 3961 txpow2 = sc->txpow2[i]; 3962 3963 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3964 3965 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 3966 run_rt3070_rf_read(sc, 3, &rf); 3967 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 3968 run_rt3070_rf_write(sc, 3, rf); 3969 3970 run_rt3070_rf_read(sc, 6, &rf); 3971 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3972 run_rt3070_rf_write(sc, 6, rf); 3973 3974 /* set Tx0 power */ 3975 run_rt3070_rf_read(sc, 12, &rf); 3976 rf = (rf & ~0x1f) | txpow1; 3977 run_rt3070_rf_write(sc, 12, rf); 3978 3979 /* set Tx1 power */ 3980 run_rt3070_rf_read(sc, 13, &rf); 3981 rf = (rf & ~0x1f) | txpow2; 3982 run_rt3070_rf_write(sc, 13, rf); 3983 3984 run_rt3070_rf_read(sc, 1, &rf); 3985 rf &= ~0xfc; 3986 if (sc->ntxchains == 1) 3987 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3988 else if (sc->ntxchains == 2) 3989 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3990 if (sc->nrxchains == 1) 3991 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3992 else if (sc->nrxchains == 2) 3993 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3994 run_rt3070_rf_write(sc, 1, rf); 3995 3996 /* set RF offset */ 3997 run_rt3070_rf_read(sc, 23, &rf); 3998 rf = (rf & ~0x7f) | sc->freq; 3999 run_rt3070_rf_write(sc, 23, rf); 4000 4001 /* program RF filter */ 4002 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4003 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4004 run_rt3070_rf_write(sc, 24, rf); 4005 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4006 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4007 run_rt3070_rf_write(sc, 31, rf); 4008 4009 /* enable RF tuning */ 4010 run_rt3070_rf_read(sc, 7, &rf); 4011 run_rt3070_rf_write(sc, 7, rf | 0x01); 4012} 4013 4014static void 4015run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4016{ 4017 int8_t txpow1, txpow2; 4018 uint32_t tmp; 4019 uint8_t rf; 4020 int i; 4021 4022 /* find the settings for this channel (we know it exists) */ 4023 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4024 4025 /* use Tx power values from EEPROM */ 4026 txpow1 = sc->txpow1[i]; 4027 txpow2 = sc->txpow2[i]; 4028 4029 if (chan <= 14) { 4030 run_bbp_write(sc, 25, sc->bbp25); 4031 run_bbp_write(sc, 26, sc->bbp26); 4032 } else { 4033 /* enable IQ phase correction */ 4034 run_bbp_write(sc, 25, 0x09); 4035 run_bbp_write(sc, 26, 0xff); 4036 } 4037 4038 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4039 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4040 run_rt3070_rf_read(sc, 6, &rf); 4041 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4042 rf |= (chan <= 14) ? 0x08 : 0x04; 4043 run_rt3070_rf_write(sc, 6, rf); 4044 4045 /* set PLL mode */ 4046 run_rt3070_rf_read(sc, 5, &rf); 4047 rf &= ~(0x08 | 0x04); 4048 rf |= (chan <= 14) ? 0x04 : 0x08; 4049 run_rt3070_rf_write(sc, 5, rf); 4050 4051 /* set Tx power for chain 0 */ 4052 if (chan <= 14) 4053 rf = 0x60 | txpow1; 4054 else 4055 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4056 run_rt3070_rf_write(sc, 12, rf); 4057 4058 /* set Tx power for chain 1 */ 4059 if (chan <= 14) 4060 rf = 0x60 | txpow2; 4061 else 4062 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4063 run_rt3070_rf_write(sc, 13, rf); 4064 4065 /* set Tx/Rx streams */ 4066 run_rt3070_rf_read(sc, 1, &rf); 4067 rf &= ~0xfc; 4068 if (sc->ntxchains == 1) 4069 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4070 else if (sc->ntxchains == 2) 4071 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4072 if (sc->nrxchains == 1) 4073 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4074 else if (sc->nrxchains == 2) 4075 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4076 run_rt3070_rf_write(sc, 1, rf); 4077 4078 /* set RF offset */ 4079 run_rt3070_rf_read(sc, 23, &rf); 4080 rf = (rf & ~0x7f) | sc->freq; 4081 run_rt3070_rf_write(sc, 23, rf); 4082 4083 /* program RF filter */ 4084 rf = sc->rf24_20mhz; 4085 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4086 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4087 4088 /* enable RF tuning */ 4089 run_rt3070_rf_read(sc, 7, &rf); 4090 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4091 run_rt3070_rf_write(sc, 7, rf); 4092 4093 /* TSSI */ 4094 rf = (chan <= 14) ? 0xc3 : 0xc0; 4095 run_rt3070_rf_write(sc, 9, rf); 4096 4097 /* set loop filter 1 */ 4098 run_rt3070_rf_write(sc, 10, 0xf1); 4099 /* set loop filter 2 */ 4100 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4101 4102 /* set tx_mx2_ic */ 4103 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4104 /* set tx_mx1_ic */ 4105 if (chan <= 14) 4106 rf = 0x48 | sc->txmixgain_2ghz; 4107 else 4108 rf = 0x78 | sc->txmixgain_5ghz; 4109 run_rt3070_rf_write(sc, 16, rf); 4110 4111 /* set tx_lo1 */ 4112 run_rt3070_rf_write(sc, 17, 0x23); 4113 /* set tx_lo2 */ 4114 if (chan <= 14) 4115 rf = 0x93; 4116 else if (chan <= 64) 4117 rf = 0xb7; 4118 else if (chan <= 128) 4119 rf = 0x74; 4120 else 4121 rf = 0x72; 4122 run_rt3070_rf_write(sc, 19, rf); 4123 4124 /* set rx_lo1 */ 4125 if (chan <= 14) 4126 rf = 0xb3; 4127 else if (chan <= 64) 4128 rf = 0xf6; 4129 else if (chan <= 128) 4130 rf = 0xf4; 4131 else 4132 rf = 0xf3; 4133 run_rt3070_rf_write(sc, 20, rf); 4134 4135 /* set pfd_delay */ 4136 if (chan <= 14) 4137 rf = 0x15; 4138 else if (chan <= 64) 4139 rf = 0x3d; 4140 else 4141 rf = 0x01; 4142 run_rt3070_rf_write(sc, 25, rf); 4143 4144 /* set rx_lo2 */ 4145 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4146 /* set ldo_rf_vc */ 4147 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4148 /* set drv_cc */ 4149 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4150 4151 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4152 tmp &= ~0x8080; 4153 if (chan <= 14) 4154 tmp |= 0x80; 4155 run_write(sc, RT2860_GPIO_CTRL, tmp); 4156 4157 /* enable RF tuning */ 4158 run_rt3070_rf_read(sc, 7, &rf); 4159 run_rt3070_rf_write(sc, 7, rf | 0x01); 4160 4161 run_delay(sc, 2); 4162} 4163 4164static void 4165run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4166{ 4167 int8_t txpow1, txpow2; 4168 uint8_t rf; 4169 int i; 4170 4171 /* find the settings for this channel (we know it exists) */ 4172 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4173 4174 /* use Tx power values from EEPROM */ 4175 txpow1 = sc->txpow1[i]; 4176 txpow2 = sc->txpow2[i]; 4177 4178 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4179 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4180 run_rt3070_rf_read(sc, 11, &rf); 4181 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4182 run_rt3070_rf_write(sc, 11, rf); 4183 4184 run_rt3070_rf_read(sc, 49, &rf); 4185 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4186 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4187 if ((rf & 0x3f) > 0x27) 4188 rf = (rf & ~0x3f) | 0x27; 4189 run_rt3070_rf_write(sc, 49, rf); 4190 4191 if (sc->mac_ver == 0x5392) { 4192 run_rt3070_rf_read(sc, 50, &rf); 4193 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4194 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4195 if ((rf & 0x3f) > 0x27) 4196 rf = (rf & ~0x3f) | 0x27; 4197 run_rt3070_rf_write(sc, 50, rf); 4198 } 4199 4200 run_rt3070_rf_read(sc, 1, &rf); 4201 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4202 if (sc->mac_ver == 0x5392) 4203 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4204 run_rt3070_rf_write(sc, 1, rf); 4205 4206 if (sc->mac_ver != 0x5392) { 4207 run_rt3070_rf_read(sc, 2, &rf); 4208 rf |= 0x80; 4209 run_rt3070_rf_write(sc, 2, rf); 4210 run_delay(sc, 10); 4211 rf &= 0x7f; 4212 run_rt3070_rf_write(sc, 2, rf); 4213 } 4214 4215 run_adjust_freq_offset(sc); 4216 4217 if (sc->mac_ver == 0x5392) { 4218 /* Fix for RT5392C. */ 4219 if (sc->mac_rev >= 0x0223) { 4220 if (chan <= 4) 4221 rf = 0x0f; 4222 else if (chan >= 5 && chan <= 7) 4223 rf = 0x0e; 4224 else 4225 rf = 0x0d; 4226 run_rt3070_rf_write(sc, 23, rf); 4227 4228 if (chan <= 4) 4229 rf = 0x0c; 4230 else if (chan == 5) 4231 rf = 0x0b; 4232 else if (chan >= 6 && chan <= 7) 4233 rf = 0x0a; 4234 else if (chan >= 8 && chan <= 10) 4235 rf = 0x09; 4236 else 4237 rf = 0x08; 4238 run_rt3070_rf_write(sc, 59, rf); 4239 } else { 4240 if (chan <= 11) 4241 rf = 0x0f; 4242 else 4243 rf = 0x0b; 4244 run_rt3070_rf_write(sc, 59, rf); 4245 } 4246 } else { 4247 /* Fix for RT5390F. */ 4248 if (sc->mac_rev >= 0x0502) { 4249 if (chan <= 11) 4250 rf = 0x43; 4251 else 4252 rf = 0x23; 4253 run_rt3070_rf_write(sc, 55, rf); 4254 4255 if (chan <= 11) 4256 rf = 0x0f; 4257 else if (chan == 12) 4258 rf = 0x0d; 4259 else 4260 rf = 0x0b; 4261 run_rt3070_rf_write(sc, 59, rf); 4262 } else { 4263 run_rt3070_rf_write(sc, 55, 0x44); 4264 run_rt3070_rf_write(sc, 59, 0x8f); 4265 } 4266 } 4267 4268 /* Enable VCO calibration. */ 4269 run_rt3070_rf_read(sc, 3, &rf); 4270 rf |= RT5390_VCOCAL; 4271 run_rt3070_rf_write(sc, 3, rf); 4272} 4273 4274static void 4275run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4276{ 4277 const struct rt5592_freqs *freqs; 4278 uint32_t tmp; 4279 uint8_t reg, rf, txpow_bound; 4280 int8_t txpow1, txpow2; 4281 int i; 4282 4283 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4284 freqs = (tmp & RT5592_SEL_XTAL) ? 4285 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4286 4287 /* find the settings for this channel (we know it exists) */ 4288 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4289 4290 /* use Tx power values from EEPROM */ 4291 txpow1 = sc->txpow1[i]; 4292 txpow2 = sc->txpow2[i]; 4293 4294 run_read(sc, RT3070_LDO_CFG0, &tmp); 4295 tmp &= ~0x1c000000; 4296 if (chan > 14) 4297 tmp |= 0x14000000; 4298 run_write(sc, RT3070_LDO_CFG0, tmp); 4299 4300 /* N setting. */ 4301 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4302 run_rt3070_rf_read(sc, 9, &rf); 4303 rf &= ~(1 << 4); 4304 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4305 run_rt3070_rf_write(sc, 9, rf); 4306 4307 /* K setting. */ 4308 run_rt3070_rf_read(sc, 9, &rf); 4309 rf &= ~0x0f; 4310 rf |= (freqs->k & 0x0f); 4311 run_rt3070_rf_write(sc, 9, rf); 4312 4313 /* Mode setting. */ 4314 run_rt3070_rf_read(sc, 11, &rf); 4315 rf &= ~0x0c; 4316 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4317 run_rt3070_rf_write(sc, 11, rf); 4318 run_rt3070_rf_read(sc, 9, &rf); 4319 rf &= ~(1 << 7); 4320 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4321 run_rt3070_rf_write(sc, 9, rf); 4322 4323 /* R setting. */ 4324 run_rt3070_rf_read(sc, 11, &rf); 4325 rf &= ~0x03; 4326 rf |= (freqs->r - 0x1); 4327 run_rt3070_rf_write(sc, 11, rf); 4328 4329 if (chan <= 14) { 4330 /* Initialize RF registers for 2GHZ. */ 4331 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4332 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4333 rt5592_2ghz_def_rf[i].val); 4334 } 4335 4336 rf = (chan <= 10) ? 0x07 : 0x06; 4337 run_rt3070_rf_write(sc, 23, rf); 4338 run_rt3070_rf_write(sc, 59, rf); 4339 4340 run_rt3070_rf_write(sc, 55, 0x43); 4341 4342 /* 4343 * RF R49/R50 Tx power ALC code. 4344 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4345 */ 4346 reg = 2; 4347 txpow_bound = 0x27; 4348 } else { 4349 /* Initialize RF registers for 5GHZ. */ 4350 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4351 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4352 rt5592_5ghz_def_rf[i].val); 4353 } 4354 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4355 if (chan >= rt5592_chan_5ghz[i].firstchan && 4356 chan <= rt5592_chan_5ghz[i].lastchan) { 4357 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4358 rt5592_chan_5ghz[i].val); 4359 } 4360 } 4361 4362 /* 4363 * RF R49/R50 Tx power ALC code. 4364 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4365 */ 4366 reg = 3; 4367 txpow_bound = 0x2b; 4368 } 4369 4370 /* RF R49 ch0 Tx power ALC code. */ 4371 run_rt3070_rf_read(sc, 49, &rf); 4372 rf &= ~0xc0; 4373 rf |= (reg << 6); 4374 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4375 if ((rf & 0x3f) > txpow_bound) 4376 rf = (rf & ~0x3f) | txpow_bound; 4377 run_rt3070_rf_write(sc, 49, rf); 4378 4379 /* RF R50 ch1 Tx power ALC code. */ 4380 run_rt3070_rf_read(sc, 50, &rf); 4381 rf &= ~(1 << 7 | 1 << 6); 4382 rf |= (reg << 6); 4383 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4384 if ((rf & 0x3f) > txpow_bound) 4385 rf = (rf & ~0x3f) | txpow_bound; 4386 run_rt3070_rf_write(sc, 50, rf); 4387 4388 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4389 run_rt3070_rf_read(sc, 1, &rf); 4390 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4391 if (sc->ntxchains > 1) 4392 rf |= RT3070_TX1_PD; 4393 if (sc->nrxchains > 1) 4394 rf |= RT3070_RX1_PD; 4395 run_rt3070_rf_write(sc, 1, rf); 4396 4397 run_rt3070_rf_write(sc, 6, 0xe4); 4398 4399 run_rt3070_rf_write(sc, 30, 0x10); 4400 run_rt3070_rf_write(sc, 31, 0x80); 4401 run_rt3070_rf_write(sc, 32, 0x80); 4402 4403 run_adjust_freq_offset(sc); 4404 4405 /* Enable VCO calibration. */ 4406 run_rt3070_rf_read(sc, 3, &rf); 4407 rf |= RT5390_VCOCAL; 4408 run_rt3070_rf_write(sc, 3, rf); 4409} 4410 4411static void 4412run_set_rx_antenna(struct run_softc *sc, int aux) 4413{ 4414 uint32_t tmp; 4415 uint8_t bbp152; 4416 4417 if (aux) { 4418 if (sc->rf_rev == RT5390_RF_5370) { 4419 run_bbp_read(sc, 152, &bbp152); 4420 run_bbp_write(sc, 152, bbp152 & ~0x80); 4421 } else { 4422 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4423 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4424 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4425 } 4426 } else { 4427 if (sc->rf_rev == RT5390_RF_5370) { 4428 run_bbp_read(sc, 152, &bbp152); 4429 run_bbp_write(sc, 152, bbp152 | 0x80); 4430 } else { 4431 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4432 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4433 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4434 } 4435 } 4436} 4437 4438static int 4439run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4440{ 4441 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4442 u_int chan, group; 4443 4444 chan = ieee80211_chan2ieee(ic, c); 4445 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4446 return (EINVAL); 4447 4448 if (sc->mac_ver == 0x5592) 4449 run_rt5592_set_chan(sc, chan); 4450 else if (sc->mac_ver >= 0x5390) 4451 run_rt5390_set_chan(sc, chan); 4452 else if (sc->mac_ver == 0x3572) 4453 run_rt3572_set_chan(sc, chan); 4454 else if (sc->mac_ver >= 0x3070) 4455 run_rt3070_set_chan(sc, chan); 4456 else 4457 run_rt2870_set_chan(sc, chan); 4458 4459 /* determine channel group */ 4460 if (chan <= 14) 4461 group = 0; 4462 else if (chan <= 64) 4463 group = 1; 4464 else if (chan <= 128) 4465 group = 2; 4466 else 4467 group = 3; 4468 4469 /* XXX necessary only when group has changed! */ 4470 run_select_chan_group(sc, group); 4471 4472 run_delay(sc, 10); 4473 4474 /* Perform IQ calibration. */ 4475 if (sc->mac_ver >= 0x5392) 4476 run_iq_calib(sc, chan); 4477 4478 return (0); 4479} 4480 4481static void 4482run_set_channel(struct ieee80211com *ic) 4483{ 4484 struct run_softc *sc = ic->ic_ifp->if_softc; 4485 4486 RUN_LOCK(sc); 4487 run_set_chan(sc, ic->ic_curchan); 4488 RUN_UNLOCK(sc); 4489 4490 return; 4491} 4492 4493static void 4494run_scan_start(struct ieee80211com *ic) 4495{ 4496 struct run_softc *sc = ic->ic_ifp->if_softc; 4497 uint32_t tmp; 4498 4499 RUN_LOCK(sc); 4500 4501 /* abort TSF synchronization */ 4502 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4503 run_write(sc, RT2860_BCN_TIME_CFG, 4504 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4505 RT2860_TBTT_TIMER_EN)); 4506 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4507 4508 RUN_UNLOCK(sc); 4509 4510 return; 4511} 4512 4513static void 4514run_scan_end(struct ieee80211com *ic) 4515{ 4516 struct run_softc *sc = ic->ic_ifp->if_softc; 4517 4518 RUN_LOCK(sc); 4519 4520 run_enable_tsf_sync(sc); 4521 /* XXX keep local copy */ 4522 run_set_bssid(sc, sc->sc_bssid); 4523 4524 RUN_UNLOCK(sc); 4525 4526 return; 4527} 4528 4529/* 4530 * Could be called from ieee80211_node_timeout() 4531 * (non-sleepable thread) 4532 */ 4533static void 4534run_update_beacon(struct ieee80211vap *vap, int item) 4535{ 4536 struct ieee80211com *ic = vap->iv_ic; 4537 struct run_softc *sc = ic->ic_ifp->if_softc; 4538 struct run_vap *rvp = RUN_VAP(vap); 4539 int mcast = 0; 4540 uint32_t i; 4541 4542 KASSERT(vap != NULL, ("no beacon")); 4543 4544 switch (item) { 4545 case IEEE80211_BEACON_ERP: 4546 run_updateslot(ic->ic_ifp); 4547 break; 4548 case IEEE80211_BEACON_HTINFO: 4549 run_updateprot(ic); 4550 break; 4551 case IEEE80211_BEACON_TIM: 4552 mcast = 1; /*TODO*/ 4553 break; 4554 default: 4555 break; 4556 } 4557 4558 setbit(rvp->bo.bo_flags, item); 4559 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4560 4561 i = RUN_CMDQ_GET(&sc->cmdq_store); 4562 DPRINTF("cmdq_store=%d\n", i); 4563 sc->cmdq[i].func = run_update_beacon_cb; 4564 sc->cmdq[i].arg0 = vap; 4565 ieee80211_runtask(ic, &sc->cmdq_task); 4566 4567 return; 4568} 4569 4570static void 4571run_update_beacon_cb(void *arg) 4572{ 4573 struct ieee80211vap *vap = arg; 4574 struct run_vap *rvp = RUN_VAP(vap); 4575 struct ieee80211com *ic = vap->iv_ic; 4576 struct run_softc *sc = ic->ic_ifp->if_softc; 4577 struct rt2860_txwi txwi; 4578 struct mbuf *m; 4579 uint16_t txwisize; 4580 uint8_t ridx; 4581 4582 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4583 return; 4584 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4585 return; 4586 4587 /* 4588 * No need to call ieee80211_beacon_update(), run_update_beacon() 4589 * is taking care of apropriate calls. 4590 */ 4591 if (rvp->beacon_mbuf == NULL) { 4592 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4593 &rvp->bo); 4594 if (rvp->beacon_mbuf == NULL) 4595 return; 4596 } 4597 m = rvp->beacon_mbuf; 4598 4599 memset(&txwi, 0, sizeof(txwi)); 4600 txwi.wcid = 0xff; 4601 txwi.len = htole16(m->m_pkthdr.len); 4602 4603 /* send beacons at the lowest available rate */ 4604 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4605 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4606 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4607 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4608 txwi.phy |= htole16(RT2860_PHY_OFDM); 4609 txwi.txop = RT2860_TX_TXOP_HT; 4610 txwi.flags = RT2860_TX_TS; 4611 txwi.xflags = RT2860_TX_NSEQ; 4612 4613 txwisize = (sc->mac_ver == 0x5592) ? 4614 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4615 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4616 txwisize); 4617 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4618 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4619} 4620 4621static void 4622run_updateprot(struct ieee80211com *ic) 4623{ 4624 struct run_softc *sc = ic->ic_ifp->if_softc; 4625 uint32_t i; 4626 4627 i = RUN_CMDQ_GET(&sc->cmdq_store); 4628 DPRINTF("cmdq_store=%d\n", i); 4629 sc->cmdq[i].func = run_updateprot_cb; 4630 sc->cmdq[i].arg0 = ic; 4631 ieee80211_runtask(ic, &sc->cmdq_task); 4632} 4633 4634static void 4635run_updateprot_cb(void *arg) 4636{ 4637 struct ieee80211com *ic = arg; 4638 struct run_softc *sc = ic->ic_ifp->if_softc; 4639 uint32_t tmp; 4640 4641 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4642 /* setup protection frame rate (MCS code) */ 4643 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4644 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4645 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4646 4647 /* CCK frames don't require protection */ 4648 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4649 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4650 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4651 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4652 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4653 tmp |= RT2860_PROT_CTRL_CTS; 4654 } 4655 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4656} 4657 4658static void 4659run_usb_timeout_cb(void *arg) 4660{ 4661 struct ieee80211vap *vap = arg; 4662 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4663 4664 RUN_LOCK_ASSERT(sc, MA_OWNED); 4665 4666 if(vap->iv_state == IEEE80211_S_RUN && 4667 vap->iv_opmode != IEEE80211_M_STA) 4668 run_reset_livelock(sc); 4669 else if (vap->iv_state == IEEE80211_S_SCAN) { 4670 DPRINTF("timeout caused by scan\n"); 4671 /* cancel bgscan */ 4672 ieee80211_cancel_scan(vap); 4673 } else 4674 DPRINTF("timeout by unknown cause\n"); 4675} 4676 4677static void 4678run_reset_livelock(struct run_softc *sc) 4679{ 4680 uint32_t tmp; 4681 4682 RUN_LOCK_ASSERT(sc, MA_OWNED); 4683 4684 /* 4685 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4686 * can run into a livelock and start sending CTS-to-self frames like 4687 * crazy if protection is enabled. Reset MAC/BBP for a while 4688 */ 4689 run_read(sc, RT2860_DEBUG, &tmp); 4690 DPRINTFN(3, "debug reg %08x\n", tmp); 4691 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4692 DPRINTF("CTS-to-self livelock detected\n"); 4693 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4694 run_delay(sc, 1); 4695 run_write(sc, RT2860_MAC_SYS_CTRL, 4696 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4697 } 4698} 4699 4700static void 4701run_update_promisc_locked(struct ifnet *ifp) 4702{ 4703 struct run_softc *sc = ifp->if_softc; 4704 uint32_t tmp; 4705 4706 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4707 4708 tmp |= RT2860_DROP_UC_NOME; 4709 if (ifp->if_flags & IFF_PROMISC) 4710 tmp &= ~RT2860_DROP_UC_NOME; 4711 4712 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4713 4714 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4715 "entering" : "leaving"); 4716} 4717 4718static void 4719run_update_promisc(struct ifnet *ifp) 4720{ 4721 struct run_softc *sc = ifp->if_softc; 4722 4723 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4724 return; 4725 4726 RUN_LOCK(sc); 4727 run_update_promisc_locked(ifp); 4728 RUN_UNLOCK(sc); 4729} 4730 4731static void 4732run_enable_tsf_sync(struct run_softc *sc) 4733{ 4734 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4735 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4736 uint32_t tmp; 4737 4738 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 4739 ic->ic_opmode); 4740 4741 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4742 tmp &= ~0x1fffff; 4743 tmp |= vap->iv_bss->ni_intval * 16; 4744 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4745 4746 if (ic->ic_opmode == IEEE80211_M_STA) { 4747 /* 4748 * Local TSF is always updated with remote TSF on beacon 4749 * reception. 4750 */ 4751 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4752 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4753 tmp |= RT2860_BCN_TX_EN; 4754 /* 4755 * Local TSF is updated with remote TSF on beacon reception 4756 * only if the remote TSF is greater than local TSF. 4757 */ 4758 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4759 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4760 ic->ic_opmode == IEEE80211_M_MBSS) { 4761 tmp |= RT2860_BCN_TX_EN; 4762 /* SYNC with nobody */ 4763 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4764 } else { 4765 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4766 return; 4767 } 4768 4769 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4770} 4771 4772static void 4773run_enable_mrr(struct run_softc *sc) 4774{ 4775#define CCK(mcs) (mcs) 4776#define OFDM(mcs) (1 << 3 | (mcs)) 4777 run_write(sc, RT2860_LG_FBK_CFG0, 4778 OFDM(6) << 28 | /* 54->48 */ 4779 OFDM(5) << 24 | /* 48->36 */ 4780 OFDM(4) << 20 | /* 36->24 */ 4781 OFDM(3) << 16 | /* 24->18 */ 4782 OFDM(2) << 12 | /* 18->12 */ 4783 OFDM(1) << 8 | /* 12-> 9 */ 4784 OFDM(0) << 4 | /* 9-> 6 */ 4785 OFDM(0)); /* 6-> 6 */ 4786 4787 run_write(sc, RT2860_LG_FBK_CFG1, 4788 CCK(2) << 12 | /* 11->5.5 */ 4789 CCK(1) << 8 | /* 5.5-> 2 */ 4790 CCK(0) << 4 | /* 2-> 1 */ 4791 CCK(0)); /* 1-> 1 */ 4792#undef OFDM 4793#undef CCK 4794} 4795 4796static void 4797run_set_txpreamble(struct run_softc *sc) 4798{ 4799 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4800 uint32_t tmp; 4801 4802 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4803 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4804 tmp |= RT2860_CCK_SHORT_EN; 4805 else 4806 tmp &= ~RT2860_CCK_SHORT_EN; 4807 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4808} 4809 4810static void 4811run_set_basicrates(struct run_softc *sc) 4812{ 4813 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4814 4815 /* set basic rates mask */ 4816 if (ic->ic_curmode == IEEE80211_MODE_11B) 4817 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4818 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4819 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4820 else /* 11g */ 4821 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4822} 4823 4824static void 4825run_set_leds(struct run_softc *sc, uint16_t which) 4826{ 4827 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4828 which | (sc->leds & 0x7f)); 4829} 4830 4831static void 4832run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4833{ 4834 run_write(sc, RT2860_MAC_BSSID_DW0, 4835 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4836 run_write(sc, RT2860_MAC_BSSID_DW1, 4837 bssid[4] | bssid[5] << 8); 4838} 4839 4840static void 4841run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4842{ 4843 run_write(sc, RT2860_MAC_ADDR_DW0, 4844 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4845 run_write(sc, RT2860_MAC_ADDR_DW1, 4846 addr[4] | addr[5] << 8 | 0xff << 16); 4847} 4848 4849static void 4850run_updateslot(struct ifnet *ifp) 4851{ 4852 struct run_softc *sc = ifp->if_softc; 4853 struct ieee80211com *ic = ifp->if_l2com; 4854 uint32_t i; 4855 4856 i = RUN_CMDQ_GET(&sc->cmdq_store); 4857 DPRINTF("cmdq_store=%d\n", i); 4858 sc->cmdq[i].func = run_updateslot_cb; 4859 sc->cmdq[i].arg0 = ifp; 4860 ieee80211_runtask(ic, &sc->cmdq_task); 4861 4862 return; 4863} 4864 4865/* ARGSUSED */ 4866static void 4867run_updateslot_cb(void *arg) 4868{ 4869 struct ifnet *ifp = arg; 4870 struct run_softc *sc = ifp->if_softc; 4871 struct ieee80211com *ic = ifp->if_l2com; 4872 uint32_t tmp; 4873 4874 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4875 tmp &= ~0xff; 4876 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4877 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4878} 4879 4880static void 4881run_update_mcast(struct ifnet *ifp) 4882{ 4883 /* h/w filter supports getting everything or nothing */ 4884 ifp->if_flags |= IFF_ALLMULTI; 4885} 4886 4887static int8_t 4888run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4889{ 4890 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4891 struct ieee80211_channel *c = ic->ic_curchan; 4892 int delta; 4893 4894 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4895 u_int chan = ieee80211_chan2ieee(ic, c); 4896 delta = sc->rssi_5ghz[rxchain]; 4897 4898 /* determine channel group */ 4899 if (chan <= 64) 4900 delta -= sc->lna[1]; 4901 else if (chan <= 128) 4902 delta -= sc->lna[2]; 4903 else 4904 delta -= sc->lna[3]; 4905 } else 4906 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4907 4908 return (-12 - delta - rssi); 4909} 4910 4911static void 4912run_rt5390_bbp_init(struct run_softc *sc) 4913{ 4914 int i; 4915 uint8_t bbp; 4916 4917 /* Apply maximum likelihood detection for 2 stream case. */ 4918 run_bbp_read(sc, 105, &bbp); 4919 if (sc->nrxchains > 1) 4920 run_bbp_write(sc, 105, bbp | RT5390_MLD); 4921 4922 /* Avoid data lost and CRC error. */ 4923 run_bbp_read(sc, 4, &bbp); 4924 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 4925 4926 if (sc->mac_ver == 0x5592) { 4927 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 4928 run_bbp_write(sc, rt5592_def_bbp[i].reg, 4929 rt5592_def_bbp[i].val); 4930 } 4931 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 4932 run_bbp_write(sc, 195, i + 0x80); 4933 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 4934 } 4935 } else { 4936 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 4937 run_bbp_write(sc, rt5390_def_bbp[i].reg, 4938 rt5390_def_bbp[i].val); 4939 } 4940 } 4941 if (sc->mac_ver == 0x5392) { 4942 run_bbp_write(sc, 88, 0x90); 4943 run_bbp_write(sc, 95, 0x9a); 4944 run_bbp_write(sc, 98, 0x12); 4945 run_bbp_write(sc, 106, 0x12); 4946 run_bbp_write(sc, 134, 0xd0); 4947 run_bbp_write(sc, 135, 0xf6); 4948 run_bbp_write(sc, 148, 0x84); 4949 } 4950 4951 run_bbp_read(sc, 152, &bbp); 4952 run_bbp_write(sc, 152, bbp | 0x80); 4953 4954 /* Fix BBP254 for RT5592C. */ 4955 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 4956 run_bbp_read(sc, 254, &bbp); 4957 run_bbp_write(sc, 254, bbp | 0x80); 4958 } 4959 4960 /* Disable hardware antenna diversity. */ 4961 if (sc->mac_ver == 0x5390) 4962 run_bbp_write(sc, 154, 0); 4963 4964 /* Initialize Rx CCK/OFDM frequency offset report. */ 4965 run_bbp_write(sc, 142, 1); 4966 run_bbp_write(sc, 143, 57); 4967} 4968 4969static int 4970run_bbp_init(struct run_softc *sc) 4971{ 4972 int i, error, ntries; 4973 uint8_t bbp0; 4974 4975 /* wait for BBP to wake up */ 4976 for (ntries = 0; ntries < 20; ntries++) { 4977 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4978 return error; 4979 if (bbp0 != 0 && bbp0 != 0xff) 4980 break; 4981 } 4982 if (ntries == 20) 4983 return (ETIMEDOUT); 4984 4985 /* initialize BBP registers to default values */ 4986 if (sc->mac_ver >= 0x5390) 4987 run_rt5390_bbp_init(sc); 4988 else { 4989 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 4990 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4991 rt2860_def_bbp[i].val); 4992 } 4993 } 4994 4995 /* fix BBP84 for RT2860E */ 4996 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4997 run_bbp_write(sc, 84, 0x19); 4998 4999 if (sc->mac_ver >= 0x3070 && sc->mac_ver != 0x5592) { 5000 run_bbp_write(sc, 79, 0x13); 5001 run_bbp_write(sc, 80, 0x05); 5002 run_bbp_write(sc, 81, 0x33); 5003 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5004 run_bbp_write(sc, 69, 0x16); 5005 run_bbp_write(sc, 73, 0x12); 5006 } 5007 return (0); 5008} 5009 5010static int 5011run_rt3070_rf_init(struct run_softc *sc) 5012{ 5013 uint32_t tmp; 5014 uint8_t bbp4, mingain, rf, target; 5015 int i; 5016 5017 run_rt3070_rf_read(sc, 30, &rf); 5018 /* toggle RF R30 bit 7 */ 5019 run_rt3070_rf_write(sc, 30, rf | 0x80); 5020 run_delay(sc, 10); 5021 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5022 5023 /* initialize RF registers to default value */ 5024 if (sc->mac_ver == 0x3572) { 5025 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5026 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5027 rt3572_def_rf[i].val); 5028 } 5029 } else { 5030 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5031 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5032 rt3070_def_rf[i].val); 5033 } 5034 } 5035 5036 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5037 /* 5038 * Change voltage from 1.2V to 1.35V for RT3070. 5039 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5040 * in RT3070(F). 5041 */ 5042 run_read(sc, RT3070_LDO_CFG0, &tmp); 5043 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5044 run_write(sc, RT3070_LDO_CFG0, tmp); 5045 5046 } else if (sc->mac_ver == 0x3071) { 5047 run_rt3070_rf_read(sc, 6, &rf); 5048 run_rt3070_rf_write(sc, 6, rf | 0x40); 5049 run_rt3070_rf_write(sc, 31, 0x14); 5050 5051 run_read(sc, RT3070_LDO_CFG0, &tmp); 5052 tmp &= ~0x1f000000; 5053 if (sc->mac_rev < 0x0211) 5054 tmp |= 0x0d000000; /* 1.3V */ 5055 else 5056 tmp |= 0x01000000; /* 1.2V */ 5057 run_write(sc, RT3070_LDO_CFG0, tmp); 5058 5059 /* patch LNA_PE_G1 */ 5060 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5061 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5062 5063 } else if (sc->mac_ver == 0x3572) { 5064 run_rt3070_rf_read(sc, 6, &rf); 5065 run_rt3070_rf_write(sc, 6, rf | 0x40); 5066 5067 /* increase voltage from 1.2V to 1.35V */ 5068 run_read(sc, RT3070_LDO_CFG0, &tmp); 5069 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5070 run_write(sc, RT3070_LDO_CFG0, tmp); 5071 5072 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5073 run_delay(sc, 1); /* wait for 1msec */ 5074 /* decrease voltage back to 1.2V */ 5075 tmp = (tmp & ~0x1f000000) | 0x01000000; 5076 run_write(sc, RT3070_LDO_CFG0, tmp); 5077 } 5078 } 5079 5080 /* select 20MHz bandwidth */ 5081 run_rt3070_rf_read(sc, 31, &rf); 5082 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5083 5084 /* calibrate filter for 20MHz bandwidth */ 5085 sc->rf24_20mhz = 0x1f; /* default value */ 5086 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5087 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5088 5089 /* select 40MHz bandwidth */ 5090 run_bbp_read(sc, 4, &bbp4); 5091 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5092 run_rt3070_rf_read(sc, 31, &rf); 5093 run_rt3070_rf_write(sc, 31, rf | 0x20); 5094 5095 /* calibrate filter for 40MHz bandwidth */ 5096 sc->rf24_40mhz = 0x2f; /* default value */ 5097 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5098 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5099 5100 /* go back to 20MHz bandwidth */ 5101 run_bbp_read(sc, 4, &bbp4); 5102 run_bbp_write(sc, 4, bbp4 & ~0x18); 5103 5104 if (sc->mac_ver == 0x3572) { 5105 /* save default BBP registers 25 and 26 values */ 5106 run_bbp_read(sc, 25, &sc->bbp25); 5107 run_bbp_read(sc, 26, &sc->bbp26); 5108 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5109 run_rt3070_rf_write(sc, 27, 0x03); 5110 5111 run_read(sc, RT3070_OPT_14, &tmp); 5112 run_write(sc, RT3070_OPT_14, tmp | 1); 5113 5114 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5115 run_rt3070_rf_read(sc, 17, &rf); 5116 rf &= ~RT3070_TX_LO1; 5117 if ((sc->mac_ver == 0x3070 || 5118 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5119 !sc->ext_2ghz_lna) 5120 rf |= 0x20; /* fix for long range Rx issue */ 5121 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5122 if (sc->txmixgain_2ghz >= mingain) 5123 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5124 run_rt3070_rf_write(sc, 17, rf); 5125 } 5126 5127 if (sc->mac_rev == 0x3071) { 5128 run_rt3070_rf_read(sc, 1, &rf); 5129 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5130 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5131 run_rt3070_rf_write(sc, 1, rf); 5132 5133 run_rt3070_rf_read(sc, 15, &rf); 5134 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5135 5136 run_rt3070_rf_read(sc, 20, &rf); 5137 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5138 5139 run_rt3070_rf_read(sc, 21, &rf); 5140 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5141 } 5142 5143 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5144 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5145 run_rt3070_rf_read(sc, 27, &rf); 5146 rf &= ~0x77; 5147 if (sc->mac_rev < 0x0211) 5148 rf |= 0x03; 5149 run_rt3070_rf_write(sc, 27, rf); 5150 } 5151 return (0); 5152} 5153 5154static void 5155run_rt5390_rf_init(struct run_softc *sc) 5156{ 5157 uint32_t tmp; 5158 uint8_t rf; 5159 int i; 5160 5161 /* Toggle RF R2 to initiate calibration. */ 5162 if (sc->mac_ver == 0x5390) { 5163 run_rt3070_rf_read(sc, 2, &rf); 5164 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5165 run_delay(sc, 10); 5166 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5167 } else { 5168 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5169 run_delay(sc, 10); 5170 } 5171 5172 /* Initialize RF registers to default value. */ 5173 if (sc->mac_ver == 0x5592) { 5174 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5175 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5176 rt5592_def_rf[i].val); 5177 } 5178 /* Initialize RF frequency offset. */ 5179 run_adjust_freq_offset(sc); 5180 } else if (sc->mac_ver == 0x5392) { 5181 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5182 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5183 rt5392_def_rf[i].val); 5184 } 5185 if (sc->mac_rev >= 0x0223) { 5186 run_rt3070_rf_write(sc, 23, 0x0f); 5187 run_rt3070_rf_write(sc, 24, 0x3e); 5188 run_rt3070_rf_write(sc, 51, 0x32); 5189 run_rt3070_rf_write(sc, 53, 0x22); 5190 run_rt3070_rf_write(sc, 56, 0xc1); 5191 run_rt3070_rf_write(sc, 59, 0x0f); 5192 } 5193 } else { 5194 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5195 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5196 rt5390_def_rf[i].val); 5197 } 5198 if (sc->mac_rev >= 0x0502) { 5199 run_rt3070_rf_write(sc, 6, 0xe0); 5200 run_rt3070_rf_write(sc, 25, 0x80); 5201 run_rt3070_rf_write(sc, 46, 0x73); 5202 run_rt3070_rf_write(sc, 53, 0x00); 5203 run_rt3070_rf_write(sc, 56, 0x42); 5204 run_rt3070_rf_write(sc, 61, 0xd1); 5205 } 5206 } 5207 5208 sc->rf24_20mhz = 0x1f; /* default value */ 5209 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5210 5211 if (sc->mac_rev < 0x0211) 5212 run_rt3070_rf_write(sc, 27, 0x3); 5213 5214 run_read(sc, RT3070_OPT_14, &tmp); 5215 run_write(sc, RT3070_OPT_14, tmp | 1); 5216} 5217 5218static int 5219run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5220 uint8_t *val) 5221{ 5222 uint8_t rf22, rf24; 5223 uint8_t bbp55_pb, bbp55_sb, delta; 5224 int ntries; 5225 5226 /* program filter */ 5227 run_rt3070_rf_read(sc, 24, &rf24); 5228 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5229 run_rt3070_rf_write(sc, 24, rf24); 5230 5231 /* enable baseband loopback mode */ 5232 run_rt3070_rf_read(sc, 22, &rf22); 5233 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5234 5235 /* set power and frequency of passband test tone */ 5236 run_bbp_write(sc, 24, 0x00); 5237 for (ntries = 0; ntries < 100; ntries++) { 5238 /* transmit test tone */ 5239 run_bbp_write(sc, 25, 0x90); 5240 run_delay(sc, 10); 5241 /* read received power */ 5242 run_bbp_read(sc, 55, &bbp55_pb); 5243 if (bbp55_pb != 0) 5244 break; 5245 } 5246 if (ntries == 100) 5247 return (ETIMEDOUT); 5248 5249 /* set power and frequency of stopband test tone */ 5250 run_bbp_write(sc, 24, 0x06); 5251 for (ntries = 0; ntries < 100; ntries++) { 5252 /* transmit test tone */ 5253 run_bbp_write(sc, 25, 0x90); 5254 run_delay(sc, 10); 5255 /* read received power */ 5256 run_bbp_read(sc, 55, &bbp55_sb); 5257 5258 delta = bbp55_pb - bbp55_sb; 5259 if (delta > target) 5260 break; 5261 5262 /* reprogram filter */ 5263 rf24++; 5264 run_rt3070_rf_write(sc, 24, rf24); 5265 } 5266 if (ntries < 100) { 5267 if (rf24 != init) 5268 rf24--; /* backtrack */ 5269 *val = rf24; 5270 run_rt3070_rf_write(sc, 24, rf24); 5271 } 5272 5273 /* restore initial state */ 5274 run_bbp_write(sc, 24, 0x00); 5275 5276 /* disable baseband loopback mode */ 5277 run_rt3070_rf_read(sc, 22, &rf22); 5278 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5279 5280 return (0); 5281} 5282 5283static void 5284run_rt3070_rf_setup(struct run_softc *sc) 5285{ 5286 uint8_t bbp, rf; 5287 int i; 5288 5289 if (sc->mac_ver >= 0x5390) { 5290 if (sc->mac_rev >= 0x0211) { 5291 /* Enable DC filter. */ 5292 run_bbp_write(sc, 103, 0xc0); 5293 5294 if (sc->mac_ver != 0x5592) { 5295 /* Improve power consumption. */ 5296 run_bbp_read(sc, 31, &bbp); 5297 run_bbp_write(sc, 31, bbp & ~0x03); 5298 } 5299 } 5300 5301 run_bbp_read(sc, 138, &bbp); 5302 if (sc->ntxchains == 1) 5303 bbp |= 0x20; /* turn off DAC1 */ 5304 if (sc->nrxchains == 1) 5305 bbp &= ~0x02; /* turn off ADC1 */ 5306 run_bbp_write(sc, 138, bbp); 5307 5308 run_rt3070_rf_read(sc, 38, &rf); 5309 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5310 5311 run_rt3070_rf_read(sc, 39, &rf); 5312 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5313 5314 /* Avoid data lost and CRC error. */ 5315 run_bbp_read(sc, 4, &bbp); 5316 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5317 5318 run_rt3070_rf_read(sc, 30, &rf); 5319 rf = (rf & ~0x18) | 0x10; 5320 run_rt3070_rf_write(sc, 30, rf); 5321 5322 if (sc->mac_ver != 0x5592) { 5323 run_write(sc, RT2860_TX_SW_CFG1, 0); 5324 if (sc->mac_rev < 0x0211) { 5325 run_write(sc, RT2860_TX_SW_CFG2, 5326 sc->patch_dac ? 0x2c : 0x0f); 5327 } else 5328 run_write(sc, RT2860_TX_SW_CFG2, 0); 5329 } 5330 5331 } else if (sc->mac_ver == 0x3572) { 5332 /* enable DC filter */ 5333 if (sc->mac_rev >= 0x0201) 5334 run_bbp_write(sc, 103, 0xc0); 5335 5336 run_bbp_read(sc, 138, &bbp); 5337 if (sc->ntxchains == 1) 5338 bbp |= 0x20; /* turn off DAC1 */ 5339 if (sc->nrxchains == 1) 5340 bbp &= ~0x02; /* turn off ADC1 */ 5341 run_bbp_write(sc, 138, bbp); 5342 5343 if (sc->mac_rev >= 0x0211) { 5344 /* improve power consumption */ 5345 run_bbp_read(sc, 31, &bbp); 5346 run_bbp_write(sc, 31, bbp & ~0x03); 5347 } 5348 5349 run_rt3070_rf_read(sc, 16, &rf); 5350 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5351 run_rt3070_rf_write(sc, 16, rf); 5352 5353 } else if (sc->mac_ver == 0x3071) { 5354 if (sc->mac_rev >= 0x0211) { 5355 /* enable DC filter */ 5356 run_bbp_write(sc, 103, 0xc0); 5357 5358 /* improve power consumption */ 5359 run_bbp_read(sc, 31, &bbp); 5360 run_bbp_write(sc, 31, bbp & ~0x03); 5361 } 5362 5363 run_bbp_read(sc, 138, &bbp); 5364 if (sc->ntxchains == 1) 5365 bbp |= 0x20; /* turn off DAC1 */ 5366 if (sc->nrxchains == 1) 5367 bbp &= ~0x02; /* turn off ADC1 */ 5368 run_bbp_write(sc, 138, bbp); 5369 5370 run_write(sc, RT2860_TX_SW_CFG1, 0); 5371 if (sc->mac_rev < 0x0211) { 5372 run_write(sc, RT2860_TX_SW_CFG2, 5373 sc->patch_dac ? 0x2c : 0x0f); 5374 } else 5375 run_write(sc, RT2860_TX_SW_CFG2, 0); 5376 5377 } else if (sc->mac_ver == 0x3070) { 5378 if (sc->mac_rev >= 0x0201) { 5379 /* enable DC filter */ 5380 run_bbp_write(sc, 103, 0xc0); 5381 5382 /* improve power consumption */ 5383 run_bbp_read(sc, 31, &bbp); 5384 run_bbp_write(sc, 31, bbp & ~0x03); 5385 } 5386 5387 if (sc->mac_rev < 0x0201) { 5388 run_write(sc, RT2860_TX_SW_CFG1, 0); 5389 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5390 } else 5391 run_write(sc, RT2860_TX_SW_CFG2, 0); 5392 } 5393 5394 /* initialize RF registers from ROM for >=RT3071*/ 5395 if (sc->mac_ver >= 0x3071 && sc->mac_ver < 0x5390) { 5396 for (i = 0; i < 10; i++) { 5397 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5398 continue; 5399 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5400 } 5401 } 5402} 5403 5404static int 5405run_txrx_enable(struct run_softc *sc) 5406{ 5407 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5408 uint32_t tmp; 5409 int error, ntries; 5410 5411 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5412 for (ntries = 0; ntries < 200; ntries++) { 5413 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5414 return (error); 5415 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5416 break; 5417 run_delay(sc, 50); 5418 } 5419 if (ntries == 200) 5420 return (ETIMEDOUT); 5421 5422 run_delay(sc, 50); 5423 5424 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5425 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5426 5427 /* enable Rx bulk aggregation (set timeout and limit) */ 5428 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5429 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5430 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5431 5432 /* set Rx filter */ 5433 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5434 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5435 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5436 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5437 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5438 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5439 if (ic->ic_opmode == IEEE80211_M_STA) 5440 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5441 } 5442 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5443 5444 run_write(sc, RT2860_MAC_SYS_CTRL, 5445 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5446 5447 return (0); 5448} 5449 5450static void 5451run_adjust_freq_offset(struct run_softc *sc) 5452{ 5453 uint8_t rf, tmp; 5454 5455 run_rt3070_rf_read(sc, 17, &rf); 5456 tmp = rf; 5457 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5458 rf = MIN(rf, 0x5f); 5459 5460 if (tmp != rf) 5461 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5462} 5463 5464static void 5465run_init_locked(struct run_softc *sc) 5466{ 5467 struct ifnet *ifp = sc->sc_ifp; 5468 struct ieee80211com *ic = ifp->if_l2com; 5469 uint32_t tmp; 5470 uint8_t bbp1, bbp3; 5471 int i; 5472 int ridx; 5473 int ntries; 5474 5475 if (ic->ic_nrunning > 1) 5476 return; 5477 5478 run_stop(sc); 5479 5480 if (run_load_microcode(sc) != 0) { 5481 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5482 goto fail; 5483 } 5484 5485 for (ntries = 0; ntries < 100; ntries++) { 5486 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5487 goto fail; 5488 if (tmp != 0 && tmp != 0xffffffff) 5489 break; 5490 run_delay(sc, 10); 5491 } 5492 if (ntries == 100) 5493 goto fail; 5494 5495 for (i = 0; i != RUN_EP_QUEUES; i++) 5496 run_setup_tx_list(sc, &sc->sc_epq[i]); 5497 5498 run_set_macaddr(sc, IF_LLADDR(ifp)); 5499 5500 for (ntries = 0; ntries < 100; ntries++) { 5501 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5502 goto fail; 5503 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5504 break; 5505 run_delay(sc, 10); 5506 } 5507 if (ntries == 100) { 5508 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5509 goto fail; 5510 } 5511 tmp &= 0xff0; 5512 tmp |= RT2860_TX_WB_DDONE; 5513 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5514 5515 /* turn off PME_OEN to solve high-current issue */ 5516 run_read(sc, RT2860_SYS_CTRL, &tmp); 5517 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5518 5519 run_write(sc, RT2860_MAC_SYS_CTRL, 5520 RT2860_BBP_HRST | RT2860_MAC_SRST); 5521 run_write(sc, RT2860_USB_DMA_CFG, 0); 5522 5523 if (run_reset(sc) != 0) { 5524 device_printf(sc->sc_dev, "could not reset chipset\n"); 5525 goto fail; 5526 } 5527 5528 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5529 5530 /* init Tx power for all Tx rates (from EEPROM) */ 5531 for (ridx = 0; ridx < 5; ridx++) { 5532 if (sc->txpow20mhz[ridx] == 0xffffffff) 5533 continue; 5534 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5535 } 5536 5537 for (i = 0; i < nitems(rt2870_def_mac); i++) 5538 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 5539 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 5540 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 5541 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 5542 5543 if (sc->mac_ver >= 0x5390) { 5544 run_write(sc, RT2860_TX_SW_CFG0, 5545 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 5546 if (sc->mac_ver >= 0x5392) { 5547 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 5548 if (sc->mac_ver == 0x5592) { 5549 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 5550 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 5551 } else { 5552 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 5553 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 5554 } 5555 } 5556 } else if (sc->mac_ver >= 0x3070) { 5557 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 5558 run_write(sc, RT2860_TX_SW_CFG0, 5559 4 << RT2860_DLY_PAPE_EN_SHIFT); 5560 } 5561 5562 /* wait while MAC is busy */ 5563 for (ntries = 0; ntries < 100; ntries++) { 5564 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 5565 goto fail; 5566 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 5567 break; 5568 run_delay(sc, 10); 5569 } 5570 if (ntries == 100) 5571 goto fail; 5572 5573 /* clear Host to MCU mailbox */ 5574 run_write(sc, RT2860_H2M_BBPAGENT, 0); 5575 run_write(sc, RT2860_H2M_MAILBOX, 0); 5576 run_delay(sc, 10); 5577 5578 if (run_bbp_init(sc) != 0) { 5579 device_printf(sc->sc_dev, "could not initialize BBP\n"); 5580 goto fail; 5581 } 5582 5583 /* abort TSF synchronization */ 5584 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5585 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5586 RT2860_TBTT_TIMER_EN); 5587 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5588 5589 /* clear RX WCID search table */ 5590 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 5591 /* clear WCID attribute table */ 5592 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 5593 5594 /* hostapd sets a key before init. So, don't clear it. */ 5595 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 5596 /* clear shared key table */ 5597 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 5598 /* clear shared key mode */ 5599 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 5600 } 5601 5602 run_read(sc, RT2860_US_CYC_CNT, &tmp); 5603 tmp = (tmp & ~0xff) | 0x1e; 5604 run_write(sc, RT2860_US_CYC_CNT, tmp); 5605 5606 if (sc->mac_rev != 0x0101) 5607 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 5608 5609 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 5610 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 5611 5612 /* write vendor-specific BBP values (from EEPROM) */ 5613 if (sc->mac_ver < 0x5390) { 5614 for (i = 0; i < 10; i++) { 5615 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 5616 continue; 5617 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 5618 } 5619 } 5620 5621 /* select Main antenna for 1T1R devices */ 5622 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 5623 run_set_rx_antenna(sc, 0); 5624 5625 /* send LEDs operating mode to microcontroller */ 5626 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 5627 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 5628 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 5629 5630 if (sc->mac_ver >= 0x5390) 5631 run_rt5390_rf_init(sc); 5632 else if (sc->mac_ver >= 0x3070) 5633 run_rt3070_rf_init(sc); 5634 5635 /* disable non-existing Rx chains */ 5636 run_bbp_read(sc, 3, &bbp3); 5637 bbp3 &= ~(1 << 3 | 1 << 4); 5638 if (sc->nrxchains == 2) 5639 bbp3 |= 1 << 3; 5640 else if (sc->nrxchains == 3) 5641 bbp3 |= 1 << 4; 5642 run_bbp_write(sc, 3, bbp3); 5643 5644 /* disable non-existing Tx chains */ 5645 run_bbp_read(sc, 1, &bbp1); 5646 if (sc->ntxchains == 1) 5647 bbp1 &= ~(1 << 3 | 1 << 4); 5648 run_bbp_write(sc, 1, bbp1); 5649 5650 if (sc->mac_ver >= 0x3070) 5651 run_rt3070_rf_setup(sc); 5652 5653 /* select default channel */ 5654 run_set_chan(sc, ic->ic_curchan); 5655 5656 /* setup initial protection mode */ 5657 run_updateprot_cb(ic); 5658 5659 /* turn radio LED on */ 5660 run_set_leds(sc, RT2860_LED_RADIO); 5661 5662 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 5663 ifp->if_drv_flags |= IFF_DRV_RUNNING; 5664 sc->cmdq_run = RUN_CMDQ_GO; 5665 5666 for (i = 0; i != RUN_N_XFER; i++) 5667 usbd_xfer_set_stall(sc->sc_xfer[i]); 5668 5669 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 5670 5671 if (run_txrx_enable(sc) != 0) 5672 goto fail; 5673 5674 return; 5675 5676fail: 5677 run_stop(sc); 5678} 5679 5680static void 5681run_init(void *arg) 5682{ 5683 struct run_softc *sc = arg; 5684 struct ifnet *ifp = sc->sc_ifp; 5685 struct ieee80211com *ic = ifp->if_l2com; 5686 5687 RUN_LOCK(sc); 5688 run_init_locked(sc); 5689 RUN_UNLOCK(sc); 5690 5691 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 5692 ieee80211_start_all(ic); 5693} 5694 5695static void 5696run_stop(void *arg) 5697{ 5698 struct run_softc *sc = (struct run_softc *)arg; 5699 struct ifnet *ifp = sc->sc_ifp; 5700 uint32_t tmp; 5701 int i; 5702 int ntries; 5703 5704 RUN_LOCK_ASSERT(sc, MA_OWNED); 5705 5706 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 5707 run_set_leds(sc, 0); /* turn all LEDs off */ 5708 5709 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 5710 5711 sc->ratectl_run = RUN_RATECTL_OFF; 5712 sc->cmdq_run = sc->cmdq_key_set; 5713 5714 RUN_UNLOCK(sc); 5715 5716 for(i = 0; i < RUN_N_XFER; i++) 5717 usbd_transfer_drain(sc->sc_xfer[i]); 5718 5719 RUN_LOCK(sc); 5720 5721 if (sc->rx_m != NULL) { 5722 m_free(sc->rx_m); 5723 sc->rx_m = NULL; 5724 } 5725 5726 /* Disable Tx/Rx DMA. */ 5727 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5728 return; 5729 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 5730 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5731 5732 for (ntries = 0; ntries < 100; ntries++) { 5733 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5734 return; 5735 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5736 break; 5737 run_delay(sc, 10); 5738 } 5739 if (ntries == 100) { 5740 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5741 return; 5742 } 5743 5744 /* disable Tx/Rx */ 5745 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 5746 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5747 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 5748 5749 /* wait for pending Tx to complete */ 5750 for (ntries = 0; ntries < 100; ntries++) { 5751 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 5752 DPRINTF("Cannot read Tx queue count\n"); 5753 break; 5754 } 5755 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 5756 DPRINTF("All Tx cleared\n"); 5757 break; 5758 } 5759 run_delay(sc, 10); 5760 } 5761 if (ntries >= 100) 5762 DPRINTF("There are still pending Tx\n"); 5763 run_delay(sc, 10); 5764 run_write(sc, RT2860_USB_DMA_CFG, 0); 5765 5766 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 5767 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5768 5769 for (i = 0; i != RUN_EP_QUEUES; i++) 5770 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 5771} 5772 5773static void 5774run_delay(struct run_softc *sc, u_int ms) 5775{ 5776 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 5777 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 5778} 5779 5780static device_method_t run_methods[] = { 5781 /* Device interface */ 5782 DEVMETHOD(device_probe, run_match), 5783 DEVMETHOD(device_attach, run_attach), 5784 DEVMETHOD(device_detach, run_detach), 5785 DEVMETHOD_END 5786}; 5787 5788static driver_t run_driver = { 5789 .name = "run", 5790 .methods = run_methods, 5791 .size = sizeof(struct run_softc) 5792}; 5793 5794static devclass_t run_devclass; 5795 5796DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, NULL); 5797MODULE_DEPEND(run, wlan, 1, 1, 1); 5798MODULE_DEPEND(run, usb, 1, 1, 1); 5799MODULE_DEPEND(run, firmware, 1, 1, 1); 5800MODULE_VERSION(run, 1); 5801