if_run.c revision 259812
1/*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD: head/sys/dev/usb/wlan/if_run.c 259812 2013-12-24 07:02:05Z kevlo $"); 22 23/*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28#include <sys/param.h> 29#include <sys/sockio.h> 30#include <sys/sysctl.h> 31#include <sys/lock.h> 32#include <sys/mutex.h> 33#include <sys/mbuf.h> 34#include <sys/kernel.h> 35#include <sys/socket.h> 36#include <sys/systm.h> 37#include <sys/malloc.h> 38#include <sys/module.h> 39#include <sys/bus.h> 40#include <sys/endian.h> 41#include <sys/linker.h> 42#include <sys/firmware.h> 43#include <sys/kdb.h> 44 45#include <machine/bus.h> 46#include <machine/resource.h> 47#include <sys/rman.h> 48 49#include <net/bpf.h> 50#include <net/if.h> 51#include <net/if_var.h> 52#include <net/if_arp.h> 53#include <net/ethernet.h> 54#include <net/if_dl.h> 55#include <net/if_media.h> 56#include <net/if_types.h> 57 58#include <netinet/in.h> 59#include <netinet/in_systm.h> 60#include <netinet/in_var.h> 61#include <netinet/if_ether.h> 62#include <netinet/ip.h> 63 64#include <net80211/ieee80211_var.h> 65#include <net80211/ieee80211_regdomain.h> 66#include <net80211/ieee80211_radiotap.h> 67#include <net80211/ieee80211_ratectl.h> 68 69#include <dev/usb/usb.h> 70#include <dev/usb/usbdi.h> 71#include "usbdevs.h" 72 73#define USB_DEBUG_VAR run_debug 74#include <dev/usb/usb_debug.h> 75#include <dev/usb/usb_msctest.h> 76 77#include <dev/usb/wlan/if_runreg.h> 78#include <dev/usb/wlan/if_runvar.h> 79 80#ifdef USB_DEBUG 81#define RUN_DEBUG 82#endif 83 84#ifdef RUN_DEBUG 85int run_debug = 0; 86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 88 "run debug level"); 89#endif 90 91#define IEEE80211_HAS_ADDR4(wh) \ 92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 93 94/* 95 * Because of LOR in run_key_delete(), use atomic instead. 96 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 97 */ 98#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 99 100static const STRUCT_USB_HOST_ID run_devs[] = { 101#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 102#define RUN_DEV_EJECT(v,p) \ 103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, 0) } 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USB_N53), 143 RUN_DEV(ASUS2, USBN11), 144 RUN_DEV(AZUREWAVE, RT2870_1), 145 RUN_DEV(AZUREWAVE, RT2870_2), 146 RUN_DEV(AZUREWAVE, RT3070_1), 147 RUN_DEV(AZUREWAVE, RT3070_2), 148 RUN_DEV(AZUREWAVE, RT3070_3), 149 RUN_DEV(BELKIN, F5D8053V3), 150 RUN_DEV(BELKIN, F5D8055), 151 RUN_DEV(BELKIN, F5D8055V2), 152 RUN_DEV(BELKIN, F6D4050V1), 153 RUN_DEV(BELKIN, F6D4050V2), 154 RUN_DEV(BELKIN, RT2870_1), 155 RUN_DEV(BELKIN, RT2870_2), 156 RUN_DEV(CISCOLINKSYS, AE1000), 157 RUN_DEV(CISCOLINKSYS2, RT3070), 158 RUN_DEV(CISCOLINKSYS3, RT3070), 159 RUN_DEV(CONCEPTRONIC2, RT2870_1), 160 RUN_DEV(CONCEPTRONIC2, RT2870_2), 161 RUN_DEV(CONCEPTRONIC2, RT2870_3), 162 RUN_DEV(CONCEPTRONIC2, RT2870_4), 163 RUN_DEV(CONCEPTRONIC2, RT2870_5), 164 RUN_DEV(CONCEPTRONIC2, RT2870_6), 165 RUN_DEV(CONCEPTRONIC2, RT2870_7), 166 RUN_DEV(CONCEPTRONIC2, RT2870_8), 167 RUN_DEV(CONCEPTRONIC2, RT3070_1), 168 RUN_DEV(CONCEPTRONIC2, RT3070_2), 169 RUN_DEV(CONCEPTRONIC2, VIGORN61), 170 RUN_DEV(COREGA, CGWLUSB300GNM), 171 RUN_DEV(COREGA, RT2870_1), 172 RUN_DEV(COREGA, RT2870_2), 173 RUN_DEV(COREGA, RT2870_3), 174 RUN_DEV(COREGA, RT3070), 175 RUN_DEV(CYBERTAN, RT2870), 176 RUN_DEV(DLINK, RT2870), 177 RUN_DEV(DLINK, RT3072), 178 RUN_DEV(DLINK, DWA127), 179 RUN_DEV(DLINK, DWA140B3), 180 RUN_DEV(DLINK, DWA160B2), 181 RUN_DEV(DLINK2, DWA130), 182 RUN_DEV(DLINK2, RT2870_1), 183 RUN_DEV(DLINK2, RT2870_2), 184 RUN_DEV(DLINK2, RT3070_1), 185 RUN_DEV(DLINK2, RT3070_2), 186 RUN_DEV(DLINK2, RT3070_3), 187 RUN_DEV(DLINK2, RT3070_4), 188 RUN_DEV(DLINK2, RT3070_5), 189 RUN_DEV(DLINK2, RT3072), 190 RUN_DEV(DLINK2, RT3072_1), 191 RUN_DEV(EDIMAX, EW7717), 192 RUN_DEV(EDIMAX, EW7718), 193 RUN_DEV(EDIMAX, RT2870_1), 194 RUN_DEV(ENCORE, RT3070_1), 195 RUN_DEV(ENCORE, RT3070_2), 196 RUN_DEV(ENCORE, RT3070_3), 197 RUN_DEV(GIGABYTE, GNWB31N), 198 RUN_DEV(GIGABYTE, GNWB32L), 199 RUN_DEV(GIGABYTE, RT2870_1), 200 RUN_DEV(GIGASET, RT3070_1), 201 RUN_DEV(GIGASET, RT3070_2), 202 RUN_DEV(GUILLEMOT, HWNU300), 203 RUN_DEV(HAWKING, HWUN2), 204 RUN_DEV(HAWKING, RT2870_1), 205 RUN_DEV(HAWKING, RT2870_2), 206 RUN_DEV(HAWKING, RT3070), 207 RUN_DEV(IODATA, RT3072_1), 208 RUN_DEV(IODATA, RT3072_2), 209 RUN_DEV(IODATA, RT3072_3), 210 RUN_DEV(IODATA, RT3072_4), 211 RUN_DEV(LINKSYS4, RT3070), 212 RUN_DEV(LINKSYS4, WUSB100), 213 RUN_DEV(LINKSYS4, WUSB54GCV3), 214 RUN_DEV(LINKSYS4, WUSB600N), 215 RUN_DEV(LINKSYS4, WUSB600NV2), 216 RUN_DEV(LOGITEC, RT2870_1), 217 RUN_DEV(LOGITEC, RT2870_2), 218 RUN_DEV(LOGITEC, RT2870_3), 219 RUN_DEV(LOGITEC, LANW300NU2), 220 RUN_DEV(LOGITEC, LANW150NU2), 221 RUN_DEV(LOGITEC, LANW300NU2S), 222 RUN_DEV(MELCO, RT2870_1), 223 RUN_DEV(MELCO, RT2870_2), 224 RUN_DEV(MELCO, WLIUCAG300N), 225 RUN_DEV(MELCO, WLIUCG300N), 226 RUN_DEV(MELCO, WLIUCG301N), 227 RUN_DEV(MELCO, WLIUCGN), 228 RUN_DEV(MELCO, WLIUCGNM), 229 RUN_DEV(MELCO, WLIUCGNM2), 230 RUN_DEV(MOTOROLA4, RT2770), 231 RUN_DEV(MOTOROLA4, RT3070), 232 RUN_DEV(MSI, RT3070_1), 233 RUN_DEV(MSI, RT3070_2), 234 RUN_DEV(MSI, RT3070_3), 235 RUN_DEV(MSI, RT3070_4), 236 RUN_DEV(MSI, RT3070_5), 237 RUN_DEV(MSI, RT3070_6), 238 RUN_DEV(MSI, RT3070_7), 239 RUN_DEV(MSI, RT3070_8), 240 RUN_DEV(MSI, RT3070_9), 241 RUN_DEV(MSI, RT3070_10), 242 RUN_DEV(MSI, RT3070_11), 243 RUN_DEV(OVISLINK, RT3072), 244 RUN_DEV(PARA, RT3070), 245 RUN_DEV(PEGATRON, RT2870), 246 RUN_DEV(PEGATRON, RT3070), 247 RUN_DEV(PEGATRON, RT3070_2), 248 RUN_DEV(PEGATRON, RT3070_3), 249 RUN_DEV(PHILIPS, RT2870), 250 RUN_DEV(PLANEX2, GWUS300MINIS), 251 RUN_DEV(PLANEX2, GWUSMICRON), 252 RUN_DEV(PLANEX2, RT2870), 253 RUN_DEV(PLANEX2, RT3070), 254 RUN_DEV(QCOM, RT2870), 255 RUN_DEV(QUANTA, RT3070), 256 RUN_DEV(RALINK, RT2070), 257 RUN_DEV(RALINK, RT2770), 258 RUN_DEV(RALINK, RT2870), 259 RUN_DEV(RALINK, RT3070), 260 RUN_DEV(RALINK, RT3071), 261 RUN_DEV(RALINK, RT3072), 262 RUN_DEV(RALINK, RT3370), 263 RUN_DEV(RALINK, RT3572), 264 RUN_DEV(RALINK, RT5370), 265 RUN_DEV(RALINK, RT5572), 266 RUN_DEV(RALINK, RT8070), 267 RUN_DEV(SAMSUNG, WIS09ABGN), 268 RUN_DEV(SAMSUNG2, RT2870_1), 269 RUN_DEV(SENAO, RT2870_1), 270 RUN_DEV(SENAO, RT2870_2), 271 RUN_DEV(SENAO, RT2870_3), 272 RUN_DEV(SENAO, RT2870_4), 273 RUN_DEV(SENAO, RT3070), 274 RUN_DEV(SENAO, RT3071), 275 RUN_DEV(SENAO, RT3072_1), 276 RUN_DEV(SENAO, RT3072_2), 277 RUN_DEV(SENAO, RT3072_3), 278 RUN_DEV(SENAO, RT3072_4), 279 RUN_DEV(SENAO, RT3072_5), 280 RUN_DEV(SITECOMEU, RT2770), 281 RUN_DEV(SITECOMEU, RT2870_1), 282 RUN_DEV(SITECOMEU, RT2870_2), 283 RUN_DEV(SITECOMEU, RT2870_3), 284 RUN_DEV(SITECOMEU, RT2870_4), 285 RUN_DEV(SITECOMEU, RT3070), 286 RUN_DEV(SITECOMEU, RT3070_2), 287 RUN_DEV(SITECOMEU, RT3070_3), 288 RUN_DEV(SITECOMEU, RT3070_4), 289 RUN_DEV(SITECOMEU, RT3071), 290 RUN_DEV(SITECOMEU, RT3072_1), 291 RUN_DEV(SITECOMEU, RT3072_2), 292 RUN_DEV(SITECOMEU, RT3072_3), 293 RUN_DEV(SITECOMEU, RT3072_4), 294 RUN_DEV(SITECOMEU, RT3072_5), 295 RUN_DEV(SITECOMEU, RT3072_6), 296 RUN_DEV(SITECOMEU, WL608), 297 RUN_DEV(SPARKLAN, RT2870_1), 298 RUN_DEV(SPARKLAN, RT3070), 299 RUN_DEV(SWEEX2, LW153), 300 RUN_DEV(SWEEX2, LW303), 301 RUN_DEV(SWEEX2, LW313), 302 RUN_DEV(TOSHIBA, RT3070), 303 RUN_DEV(UMEDIA, RT2870_1), 304 RUN_DEV(ZCOM, RT2870_1), 305 RUN_DEV(ZCOM, RT2870_2), 306 RUN_DEV(ZINWELL, RT2870_1), 307 RUN_DEV(ZINWELL, RT2870_2), 308 RUN_DEV(ZINWELL, RT3070), 309 RUN_DEV(ZINWELL, RT3072_1), 310 RUN_DEV(ZINWELL, RT3072_2), 311 RUN_DEV(ZYXEL, RT2870_1), 312 RUN_DEV(ZYXEL, RT2870_2), 313 RUN_DEV_EJECT(RALINK, RT_STOR), 314#undef RUN_DEV_EJECT 315#undef RUN_DEV 316}; 317 318static device_probe_t run_match; 319static device_attach_t run_attach; 320static device_detach_t run_detach; 321 322static usb_callback_t run_bulk_rx_callback; 323static usb_callback_t run_bulk_tx_callback0; 324static usb_callback_t run_bulk_tx_callback1; 325static usb_callback_t run_bulk_tx_callback2; 326static usb_callback_t run_bulk_tx_callback3; 327static usb_callback_t run_bulk_tx_callback4; 328static usb_callback_t run_bulk_tx_callback5; 329 330static void run_autoinst(void *, struct usb_device *, 331 struct usb_attach_arg *); 332static int run_driver_loaded(struct module *, int, void *); 333static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 334 usb_error_t error, u_int index); 335static struct ieee80211vap *run_vap_create(struct ieee80211com *, 336 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 337 const uint8_t [IEEE80211_ADDR_LEN], 338 const uint8_t [IEEE80211_ADDR_LEN]); 339static void run_vap_delete(struct ieee80211vap *); 340static void run_cmdq_cb(void *, int); 341static void run_setup_tx_list(struct run_softc *, 342 struct run_endpoint_queue *); 343static void run_unsetup_tx_list(struct run_softc *, 344 struct run_endpoint_queue *); 345static int run_load_microcode(struct run_softc *); 346static int run_reset(struct run_softc *); 347static usb_error_t run_do_request(struct run_softc *, 348 struct usb_device_request *, void *); 349static int run_read(struct run_softc *, uint16_t, uint32_t *); 350static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 351static int run_write_2(struct run_softc *, uint16_t, uint16_t); 352static int run_write(struct run_softc *, uint16_t, uint32_t); 353static int run_write_region_1(struct run_softc *, uint16_t, 354 const uint8_t *, int); 355static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 356static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 357static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 358static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 359static int run_rt2870_rf_write(struct run_softc *, uint32_t); 360static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 361static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 362static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 363static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 364static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 365static const char *run_get_rf(uint16_t); 366static int run_read_eeprom(struct run_softc *); 367static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 368 const uint8_t mac[IEEE80211_ADDR_LEN]); 369static int run_media_change(struct ifnet *); 370static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 371static int run_wme_update(struct ieee80211com *); 372static void run_wme_update_cb(void *); 373static void run_key_update_begin(struct ieee80211vap *); 374static void run_key_update_end(struct ieee80211vap *); 375static void run_key_set_cb(void *); 376static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 377 const uint8_t mac[IEEE80211_ADDR_LEN]); 378static void run_key_delete_cb(void *); 379static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 380static void run_ratectl_to(void *); 381static void run_ratectl_cb(void *, int); 382static void run_drain_fifo(void *); 383static void run_iter_func(void *, struct ieee80211_node *); 384static void run_newassoc_cb(void *); 385static void run_newassoc(struct ieee80211_node *, int); 386static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 387static void run_tx_free(struct run_endpoint_queue *pq, 388 struct run_tx_data *, int); 389static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 390static int run_tx(struct run_softc *, struct mbuf *, 391 struct ieee80211_node *); 392static int run_tx_mgt(struct run_softc *, struct mbuf *, 393 struct ieee80211_node *); 394static int run_sendprot(struct run_softc *, const struct mbuf *, 395 struct ieee80211_node *, int, int); 396static int run_tx_param(struct run_softc *, struct mbuf *, 397 struct ieee80211_node *, 398 const struct ieee80211_bpf_params *); 399static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 400 const struct ieee80211_bpf_params *); 401static void run_start(struct ifnet *); 402static int run_ioctl(struct ifnet *, u_long, caddr_t); 403static void run_iq_calib(struct run_softc *, u_int); 404static void run_set_agc(struct run_softc *, uint8_t); 405static void run_select_chan_group(struct run_softc *, int); 406static void run_set_rx_antenna(struct run_softc *, int); 407static void run_rt2870_set_chan(struct run_softc *, u_int); 408static void run_rt3070_set_chan(struct run_softc *, u_int); 409static void run_rt3572_set_chan(struct run_softc *, u_int); 410static void run_rt5390_set_chan(struct run_softc *, u_int); 411static void run_rt5592_set_chan(struct run_softc *, u_int); 412static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 413static void run_set_channel(struct ieee80211com *); 414static void run_scan_start(struct ieee80211com *); 415static void run_scan_end(struct ieee80211com *); 416static void run_update_beacon(struct ieee80211vap *, int); 417static void run_update_beacon_cb(void *); 418static void run_updateprot(struct ieee80211com *); 419static void run_updateprot_cb(void *); 420static void run_usb_timeout_cb(void *); 421static void run_reset_livelock(struct run_softc *); 422static void run_enable_tsf_sync(struct run_softc *); 423static void run_enable_mrr(struct run_softc *); 424static void run_set_txpreamble(struct run_softc *); 425static void run_set_basicrates(struct run_softc *); 426static void run_set_leds(struct run_softc *, uint16_t); 427static void run_set_bssid(struct run_softc *, const uint8_t *); 428static void run_set_macaddr(struct run_softc *, const uint8_t *); 429static void run_updateslot(struct ifnet *); 430static void run_updateslot_cb(void *); 431static void run_update_mcast(struct ifnet *); 432static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 433static void run_update_promisc_locked(struct ifnet *); 434static void run_update_promisc(struct ifnet *); 435static void run_rt5390_bbp_init(struct run_softc *); 436static int run_bbp_init(struct run_softc *); 437static int run_rt3070_rf_init(struct run_softc *); 438static void run_rt5390_rf_init(struct run_softc *); 439static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 440 uint8_t *); 441static void run_rt3070_rf_setup(struct run_softc *); 442static int run_txrx_enable(struct run_softc *); 443static void run_adjust_freq_offset(struct run_softc *); 444static void run_init(void *); 445static void run_init_locked(struct run_softc *); 446static void run_stop(void *); 447static void run_delay(struct run_softc *, u_int); 448 449static eventhandler_tag run_etag; 450 451static const struct rt2860_rate { 452 uint8_t rate; 453 uint8_t mcs; 454 enum ieee80211_phytype phy; 455 uint8_t ctl_ridx; 456 uint16_t sp_ack_dur; 457 uint16_t lp_ack_dur; 458} rt2860_rates[] = { 459 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 460 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 461 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 462 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 463 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 464 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 465 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 466 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 467 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 468 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 469 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 470 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 471}; 472 473static const struct { 474 uint16_t reg; 475 uint32_t val; 476} rt2870_def_mac[] = { 477 RT2870_DEF_MAC 478}; 479 480static const struct { 481 uint8_t reg; 482 uint8_t val; 483} rt2860_def_bbp[] = { 484 RT2860_DEF_BBP 485},rt5390_def_bbp[] = { 486 RT5390_DEF_BBP 487},rt5592_def_bbp[] = { 488 RT5592_DEF_BBP 489}; 490 491/* 492 * Default values for BBP register R196 for RT5592. 493 */ 494static const uint8_t rt5592_bbp_r196[] = { 495 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 496 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 497 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 498 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 499 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 500 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 501 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 502 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 503 0x2e, 0x36, 0x30, 0x6e 504}; 505 506static const struct rfprog { 507 uint8_t chan; 508 uint32_t r1, r2, r3, r4; 509} rt2860_rf2850[] = { 510 RT2860_RF2850 511}; 512 513struct { 514 uint8_t n, r, k; 515} rt3070_freqs[] = { 516 RT3070_RF3052 517}; 518 519static const struct rt5592_freqs { 520 uint16_t n; 521 uint8_t k, m, r; 522} rt5592_freqs_20mhz[] = { 523 RT5592_RF5592_20MHZ 524},rt5592_freqs_40mhz[] = { 525 RT5592_RF5592_40MHZ 526}; 527 528static const struct { 529 uint8_t reg; 530 uint8_t val; 531} rt3070_def_rf[] = { 532 RT3070_DEF_RF 533},rt3572_def_rf[] = { 534 RT3572_DEF_RF 535},rt5390_def_rf[] = { 536 RT5390_DEF_RF 537},rt5392_def_rf[] = { 538 RT5392_DEF_RF 539},rt5592_def_rf[] = { 540 RT5592_DEF_RF 541},rt5592_2ghz_def_rf[] = { 542 RT5592_2GHZ_DEF_RF 543},rt5592_5ghz_def_rf[] = { 544 RT5592_5GHZ_DEF_RF 545}; 546 547static const struct { 548 u_int firstchan; 549 u_int lastchan; 550 uint8_t reg; 551 uint8_t val; 552} rt5592_chan_5ghz[] = { 553 RT5592_CHAN_5GHZ 554}; 555 556static const struct usb_config run_config[RUN_N_XFER] = { 557 [RUN_BULK_TX_BE] = { 558 .type = UE_BULK, 559 .endpoint = UE_ADDR_ANY, 560 .ep_index = 0, 561 .direction = UE_DIR_OUT, 562 .bufsize = RUN_MAX_TXSZ, 563 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 564 .callback = run_bulk_tx_callback0, 565 .timeout = 5000, /* ms */ 566 }, 567 [RUN_BULK_TX_BK] = { 568 .type = UE_BULK, 569 .endpoint = UE_ADDR_ANY, 570 .direction = UE_DIR_OUT, 571 .ep_index = 1, 572 .bufsize = RUN_MAX_TXSZ, 573 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 574 .callback = run_bulk_tx_callback1, 575 .timeout = 5000, /* ms */ 576 }, 577 [RUN_BULK_TX_VI] = { 578 .type = UE_BULK, 579 .endpoint = UE_ADDR_ANY, 580 .direction = UE_DIR_OUT, 581 .ep_index = 2, 582 .bufsize = RUN_MAX_TXSZ, 583 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 584 .callback = run_bulk_tx_callback2, 585 .timeout = 5000, /* ms */ 586 }, 587 [RUN_BULK_TX_VO] = { 588 .type = UE_BULK, 589 .endpoint = UE_ADDR_ANY, 590 .direction = UE_DIR_OUT, 591 .ep_index = 3, 592 .bufsize = RUN_MAX_TXSZ, 593 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 594 .callback = run_bulk_tx_callback3, 595 .timeout = 5000, /* ms */ 596 }, 597 [RUN_BULK_TX_HCCA] = { 598 .type = UE_BULK, 599 .endpoint = UE_ADDR_ANY, 600 .direction = UE_DIR_OUT, 601 .ep_index = 4, 602 .bufsize = RUN_MAX_TXSZ, 603 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 604 .callback = run_bulk_tx_callback4, 605 .timeout = 5000, /* ms */ 606 }, 607 [RUN_BULK_TX_PRIO] = { 608 .type = UE_BULK, 609 .endpoint = UE_ADDR_ANY, 610 .direction = UE_DIR_OUT, 611 .ep_index = 5, 612 .bufsize = RUN_MAX_TXSZ, 613 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 614 .callback = run_bulk_tx_callback5, 615 .timeout = 5000, /* ms */ 616 }, 617 [RUN_BULK_RX] = { 618 .type = UE_BULK, 619 .endpoint = UE_ADDR_ANY, 620 .direction = UE_DIR_IN, 621 .bufsize = RUN_MAX_RXSZ, 622 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 623 .callback = run_bulk_rx_callback, 624 } 625}; 626 627static void 628run_autoinst(void *arg, struct usb_device *udev, 629 struct usb_attach_arg *uaa) 630{ 631 struct usb_interface *iface; 632 struct usb_interface_descriptor *id; 633 634 if (uaa->dev_state != UAA_DEV_READY) 635 return; 636 637 iface = usbd_get_iface(udev, 0); 638 if (iface == NULL) 639 return; 640 id = iface->idesc; 641 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 642 return; 643 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 644 return; 645 646 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 647 uaa->dev_state = UAA_DEV_EJECTING; 648} 649 650static int 651run_driver_loaded(struct module *mod, int what, void *arg) 652{ 653 switch (what) { 654 case MOD_LOAD: 655 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 656 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 657 break; 658 case MOD_UNLOAD: 659 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 660 break; 661 default: 662 return (EOPNOTSUPP); 663 } 664 return (0); 665} 666 667static int 668run_match(device_t self) 669{ 670 struct usb_attach_arg *uaa = device_get_ivars(self); 671 672 if (uaa->usb_mode != USB_MODE_HOST) 673 return (ENXIO); 674 if (uaa->info.bConfigIndex != 0) 675 return (ENXIO); 676 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 677 return (ENXIO); 678 679 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 680} 681 682static int 683run_attach(device_t self) 684{ 685 struct run_softc *sc = device_get_softc(self); 686 struct usb_attach_arg *uaa = device_get_ivars(self); 687 struct ieee80211com *ic; 688 struct ifnet *ifp; 689 uint32_t ver; 690 int ntries, error; 691 uint8_t iface_index, bands; 692 693 device_set_usb_desc(self); 694 sc->sc_udev = uaa->device; 695 sc->sc_dev = self; 696 697 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 698 MTX_NETWORK_LOCK, MTX_DEF); 699 700 iface_index = RT2860_IFACE_INDEX; 701 702 error = usbd_transfer_setup(uaa->device, &iface_index, 703 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 704 if (error) { 705 device_printf(self, "could not allocate USB transfers, " 706 "err=%s\n", usbd_errstr(error)); 707 goto detach; 708 } 709 710 RUN_LOCK(sc); 711 712 /* wait for the chip to settle */ 713 for (ntries = 0; ntries < 100; ntries++) { 714 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 715 RUN_UNLOCK(sc); 716 goto detach; 717 } 718 if (ver != 0 && ver != 0xffffffff) 719 break; 720 run_delay(sc, 10); 721 } 722 if (ntries == 100) { 723 device_printf(sc->sc_dev, 724 "timeout waiting for NIC to initialize\n"); 725 RUN_UNLOCK(sc); 726 goto detach; 727 } 728 sc->mac_ver = ver >> 16; 729 sc->mac_rev = ver & 0xffff; 730 731 /* retrieve RF rev. no and various other things from EEPROM */ 732 run_read_eeprom(sc); 733 734 device_printf(sc->sc_dev, 735 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 736 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 737 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 738 739 RUN_UNLOCK(sc); 740 741 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 742 if (ifp == NULL) { 743 device_printf(sc->sc_dev, "can not if_alloc()\n"); 744 goto detach; 745 } 746 ic = ifp->if_l2com; 747 748 ifp->if_softc = sc; 749 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 750 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 751 ifp->if_init = run_init; 752 ifp->if_ioctl = run_ioctl; 753 ifp->if_start = run_start; 754 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 755 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 756 IFQ_SET_READY(&ifp->if_snd); 757 758 ic->ic_ifp = ifp; 759 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 760 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 761 762 /* set device capabilities */ 763 ic->ic_caps = 764 IEEE80211_C_STA | /* station mode supported */ 765 IEEE80211_C_MONITOR | /* monitor mode supported */ 766 IEEE80211_C_IBSS | 767 IEEE80211_C_HOSTAP | 768 IEEE80211_C_WDS | /* 4-address traffic works */ 769 IEEE80211_C_MBSS | 770 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 771 IEEE80211_C_SHSLOT | /* short slot time supported */ 772 IEEE80211_C_WME | /* WME */ 773 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 774 775 ic->ic_cryptocaps = 776 IEEE80211_CRYPTO_WEP | 777 IEEE80211_CRYPTO_AES_CCM | 778 IEEE80211_CRYPTO_TKIPMIC | 779 IEEE80211_CRYPTO_TKIP; 780 781 ic->ic_flags |= IEEE80211_F_DATAPAD; 782 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 783 784 bands = 0; 785 setbit(&bands, IEEE80211_MODE_11B); 786 setbit(&bands, IEEE80211_MODE_11G); 787 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 788 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT5592_RF_5592) 789 setbit(&bands, IEEE80211_MODE_11A); 790 ieee80211_init_channels(ic, NULL, &bands); 791 792 ieee80211_ifattach(ic, sc->sc_bssid); 793 794 ic->ic_scan_start = run_scan_start; 795 ic->ic_scan_end = run_scan_end; 796 ic->ic_set_channel = run_set_channel; 797 ic->ic_node_alloc = run_node_alloc; 798 ic->ic_newassoc = run_newassoc; 799 ic->ic_updateslot = run_updateslot; 800 ic->ic_update_mcast = run_update_mcast; 801 ic->ic_wme.wme_update = run_wme_update; 802 ic->ic_raw_xmit = run_raw_xmit; 803 ic->ic_update_promisc = run_update_promisc; 804 805 ic->ic_vap_create = run_vap_create; 806 ic->ic_vap_delete = run_vap_delete; 807 808 ieee80211_radiotap_attach(ic, 809 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 810 RUN_TX_RADIOTAP_PRESENT, 811 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 812 RUN_RX_RADIOTAP_PRESENT); 813 814 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 815 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 816 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 817 818 if (bootverbose) 819 ieee80211_announce(ic); 820 821 return (0); 822 823detach: 824 run_detach(self); 825 return (ENXIO); 826} 827 828static int 829run_detach(device_t self) 830{ 831 struct run_softc *sc = device_get_softc(self); 832 struct ifnet *ifp = sc->sc_ifp; 833 struct ieee80211com *ic; 834 int i; 835 836 RUN_LOCK(sc); 837 sc->sc_detached = 1; 838 RUN_UNLOCK(sc); 839 840 /* stop all USB transfers */ 841 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 842 843 RUN_LOCK(sc); 844 sc->ratectl_run = RUN_RATECTL_OFF; 845 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 846 847 /* free TX list, if any */ 848 for (i = 0; i != RUN_EP_QUEUES; i++) 849 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 850 RUN_UNLOCK(sc); 851 852 if (ifp) { 853 ic = ifp->if_l2com; 854 /* drain tasks */ 855 usb_callout_drain(&sc->ratectl_ch); 856 ieee80211_draintask(ic, &sc->cmdq_task); 857 ieee80211_draintask(ic, &sc->ratectl_task); 858 ieee80211_ifdetach(ic); 859 if_free(ifp); 860 } 861 862 mtx_destroy(&sc->sc_mtx); 863 864 return (0); 865} 866 867static struct ieee80211vap * 868run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 869 enum ieee80211_opmode opmode, int flags, 870 const uint8_t bssid[IEEE80211_ADDR_LEN], 871 const uint8_t mac[IEEE80211_ADDR_LEN]) 872{ 873 struct ifnet *ifp = ic->ic_ifp; 874 struct run_softc *sc = ifp->if_softc; 875 struct run_vap *rvp; 876 struct ieee80211vap *vap; 877 int i; 878 879 if (sc->rvp_cnt >= RUN_VAP_MAX) { 880 if_printf(ifp, "number of VAPs maxed out\n"); 881 return (NULL); 882 } 883 884 switch (opmode) { 885 case IEEE80211_M_STA: 886 /* enable s/w bmiss handling for sta mode */ 887 flags |= IEEE80211_CLONE_NOBEACONS; 888 /* fall though */ 889 case IEEE80211_M_IBSS: 890 case IEEE80211_M_MONITOR: 891 case IEEE80211_M_HOSTAP: 892 case IEEE80211_M_MBSS: 893 /* other than WDS vaps, only one at a time */ 894 if (!TAILQ_EMPTY(&ic->ic_vaps)) 895 return (NULL); 896 break; 897 case IEEE80211_M_WDS: 898 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 899 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 900 continue; 901 /* WDS vap's always share the local mac address. */ 902 flags &= ~IEEE80211_CLONE_BSSID; 903 break; 904 } 905 if (vap == NULL) { 906 if_printf(ifp, "wds only supported in ap mode\n"); 907 return (NULL); 908 } 909 break; 910 default: 911 if_printf(ifp, "unknown opmode %d\n", opmode); 912 return (NULL); 913 } 914 915 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 916 M_80211_VAP, M_NOWAIT | M_ZERO); 917 if (rvp == NULL) 918 return (NULL); 919 vap = &rvp->vap; 920 921 if (ieee80211_vap_setup(ic, vap, name, unit, 922 opmode, flags, bssid, mac) != 0) { 923 /* out of memory */ 924 free(rvp, M_80211_VAP); 925 return (NULL); 926 } 927 928 vap->iv_key_update_begin = run_key_update_begin; 929 vap->iv_key_update_end = run_key_update_end; 930 vap->iv_update_beacon = run_update_beacon; 931 vap->iv_max_aid = RT2870_WCID_MAX; 932 /* 933 * To delete the right key from h/w, we need wcid. 934 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 935 * and matching wcid will be written into there. So, cast 936 * some spells to remove 'const' from ieee80211_key{} 937 */ 938 vap->iv_key_delete = (void *)run_key_delete; 939 vap->iv_key_set = (void *)run_key_set; 940 941 /* override state transition machine */ 942 rvp->newstate = vap->iv_newstate; 943 vap->iv_newstate = run_newstate; 944 945 ieee80211_ratectl_init(vap); 946 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 947 948 /* complete setup */ 949 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 950 951 /* make sure id is always unique */ 952 for (i = 0; i < RUN_VAP_MAX; i++) { 953 if((sc->rvp_bmap & 1 << i) == 0){ 954 sc->rvp_bmap |= 1 << i; 955 rvp->rvp_id = i; 956 break; 957 } 958 } 959 if (sc->rvp_cnt++ == 0) 960 ic->ic_opmode = opmode; 961 962 if (opmode == IEEE80211_M_HOSTAP) 963 sc->cmdq_run = RUN_CMDQ_GO; 964 965 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 966 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 967 968 return (vap); 969} 970 971static void 972run_vap_delete(struct ieee80211vap *vap) 973{ 974 struct run_vap *rvp = RUN_VAP(vap); 975 struct ifnet *ifp; 976 struct ieee80211com *ic; 977 struct run_softc *sc; 978 uint8_t rvp_id; 979 980 if (vap == NULL) 981 return; 982 983 ic = vap->iv_ic; 984 ifp = ic->ic_ifp; 985 986 sc = ifp->if_softc; 987 988 RUN_LOCK(sc); 989 990 m_freem(rvp->beacon_mbuf); 991 rvp->beacon_mbuf = NULL; 992 993 rvp_id = rvp->rvp_id; 994 sc->ratectl_run &= ~(1 << rvp_id); 995 sc->rvp_bmap &= ~(1 << rvp_id); 996 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 997 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 998 --sc->rvp_cnt; 999 1000 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1001 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1002 1003 RUN_UNLOCK(sc); 1004 1005 ieee80211_ratectl_deinit(vap); 1006 ieee80211_vap_detach(vap); 1007 free(rvp, M_80211_VAP); 1008} 1009 1010/* 1011 * There are numbers of functions need to be called in context thread. 1012 * Rather than creating taskqueue event for each of those functions, 1013 * here is all-for-one taskqueue callback function. This function 1014 * gurantees deferred functions are executed in the same order they 1015 * were enqueued. 1016 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1017 */ 1018static void 1019run_cmdq_cb(void *arg, int pending) 1020{ 1021 struct run_softc *sc = arg; 1022 uint8_t i; 1023 1024 /* call cmdq[].func locked */ 1025 RUN_LOCK(sc); 1026 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1027 i = sc->cmdq_exec, pending--) { 1028 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1029 if (sc->cmdq_run == RUN_CMDQ_GO) { 1030 /* 1031 * If arg0 is NULL, callback func needs more 1032 * than one arg. So, pass ptr to cmdq struct. 1033 */ 1034 if (sc->cmdq[i].arg0) 1035 sc->cmdq[i].func(sc->cmdq[i].arg0); 1036 else 1037 sc->cmdq[i].func(&sc->cmdq[i]); 1038 } 1039 sc->cmdq[i].arg0 = NULL; 1040 sc->cmdq[i].func = NULL; 1041 sc->cmdq_exec++; 1042 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1043 } 1044 RUN_UNLOCK(sc); 1045} 1046 1047static void 1048run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1049{ 1050 struct run_tx_data *data; 1051 1052 memset(pq, 0, sizeof(*pq)); 1053 1054 STAILQ_INIT(&pq->tx_qh); 1055 STAILQ_INIT(&pq->tx_fh); 1056 1057 for (data = &pq->tx_data[0]; 1058 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1059 data->sc = sc; 1060 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1061 } 1062 pq->tx_nfree = RUN_TX_RING_COUNT; 1063} 1064 1065static void 1066run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1067{ 1068 struct run_tx_data *data; 1069 1070 /* make sure any subsequent use of the queues will fail */ 1071 pq->tx_nfree = 0; 1072 STAILQ_INIT(&pq->tx_fh); 1073 STAILQ_INIT(&pq->tx_qh); 1074 1075 /* free up all node references and mbufs */ 1076 for (data = &pq->tx_data[0]; 1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1078 if (data->m != NULL) { 1079 m_freem(data->m); 1080 data->m = NULL; 1081 } 1082 if (data->ni != NULL) { 1083 ieee80211_free_node(data->ni); 1084 data->ni = NULL; 1085 } 1086 } 1087} 1088 1089static int 1090run_load_microcode(struct run_softc *sc) 1091{ 1092 usb_device_request_t req; 1093 const struct firmware *fw; 1094 const u_char *base; 1095 uint32_t tmp; 1096 int ntries, error; 1097 const uint64_t *temp; 1098 uint64_t bytes; 1099 1100 RUN_UNLOCK(sc); 1101 fw = firmware_get("runfw"); 1102 RUN_LOCK(sc); 1103 if (fw == NULL) { 1104 device_printf(sc->sc_dev, 1105 "failed loadfirmware of file %s\n", "runfw"); 1106 return ENOENT; 1107 } 1108 1109 if (fw->datasize != 8192) { 1110 device_printf(sc->sc_dev, 1111 "invalid firmware size (should be 8KB)\n"); 1112 error = EINVAL; 1113 goto fail; 1114 } 1115 1116 /* 1117 * RT3071/RT3072 use a different firmware 1118 * run-rt2870 (8KB) contains both, 1119 * first half (4KB) is for rt2870, 1120 * last half is for rt3071. 1121 */ 1122 base = fw->data; 1123 if ((sc->mac_ver) != 0x2860 && 1124 (sc->mac_ver) != 0x2872 && 1125 (sc->mac_ver) != 0x3070) { 1126 base += 4096; 1127 } 1128 1129 /* cheap sanity check */ 1130 temp = fw->data; 1131 bytes = *temp; 1132 if (bytes != be64toh(0xffffff0210280210ULL)) { 1133 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1134 error = EINVAL; 1135 goto fail; 1136 } 1137 1138 /* write microcode image */ 1139 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1140 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1141 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1142 1143 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1144 req.bRequest = RT2870_RESET; 1145 USETW(req.wValue, 8); 1146 USETW(req.wIndex, 0); 1147 USETW(req.wLength, 0); 1148 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1149 != 0) { 1150 device_printf(sc->sc_dev, "firmware reset failed\n"); 1151 goto fail; 1152 } 1153 1154 run_delay(sc, 10); 1155 1156 run_write(sc, RT2860_H2M_MAILBOX, 0); 1157 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1158 goto fail; 1159 1160 /* wait until microcontroller is ready */ 1161 for (ntries = 0; ntries < 1000; ntries++) { 1162 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1163 goto fail; 1164 } 1165 if (tmp & RT2860_MCU_READY) 1166 break; 1167 run_delay(sc, 10); 1168 } 1169 if (ntries == 1000) { 1170 device_printf(sc->sc_dev, 1171 "timeout waiting for MCU to initialize\n"); 1172 error = ETIMEDOUT; 1173 goto fail; 1174 } 1175 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1176 (base == fw->data) ? "RT2870" : "RT3071", 1177 *(base + 4092), *(base + 4093)); 1178 1179fail: 1180 firmware_put(fw, FIRMWARE_UNLOAD); 1181 return (error); 1182} 1183 1184static int 1185run_reset(struct run_softc *sc) 1186{ 1187 usb_device_request_t req; 1188 1189 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1190 req.bRequest = RT2870_RESET; 1191 USETW(req.wValue, 1); 1192 USETW(req.wIndex, 0); 1193 USETW(req.wLength, 0); 1194 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1195} 1196 1197static usb_error_t 1198run_do_request(struct run_softc *sc, 1199 struct usb_device_request *req, void *data) 1200{ 1201 usb_error_t err; 1202 int ntries = 10; 1203 1204 RUN_LOCK_ASSERT(sc, MA_OWNED); 1205 1206 while (ntries--) { 1207 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1208 req, data, 0, NULL, 250 /* ms */); 1209 if (err == 0) 1210 break; 1211 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1212 usbd_errstr(err)); 1213 run_delay(sc, 10); 1214 } 1215 return (err); 1216} 1217 1218static int 1219run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1220{ 1221 uint32_t tmp; 1222 int error; 1223 1224 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1225 if (error == 0) 1226 *val = le32toh(tmp); 1227 else 1228 *val = 0xffffffff; 1229 return (error); 1230} 1231 1232static int 1233run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1234{ 1235 usb_device_request_t req; 1236 1237 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1238 req.bRequest = RT2870_READ_REGION_1; 1239 USETW(req.wValue, 0); 1240 USETW(req.wIndex, reg); 1241 USETW(req.wLength, len); 1242 1243 return (run_do_request(sc, &req, buf)); 1244} 1245 1246static int 1247run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1248{ 1249 usb_device_request_t req; 1250 1251 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1252 req.bRequest = RT2870_WRITE_2; 1253 USETW(req.wValue, val); 1254 USETW(req.wIndex, reg); 1255 USETW(req.wLength, 0); 1256 1257 return (run_do_request(sc, &req, NULL)); 1258} 1259 1260static int 1261run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1262{ 1263 int error; 1264 1265 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1266 error = run_write_2(sc, reg + 2, val >> 16); 1267 return (error); 1268} 1269 1270static int 1271run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1272 int len) 1273{ 1274#if 1 1275 int i, error = 0; 1276 /* 1277 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1278 * We thus issue multiple WRITE_2 commands instead. 1279 */ 1280 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1281 for (i = 0; i < len && error == 0; i += 2) 1282 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1283 return (error); 1284#else 1285 usb_device_request_t req; 1286 int error = 0; 1287 1288 /* 1289 * NOTE: It appears the WRITE_REGION_1 command cannot be 1290 * passed a huge amount of data, which will crash the 1291 * firmware. Limit amount of data passed to 64-bytes at a 1292 * time. 1293 */ 1294 while (len > 0) { 1295 int delta = 64; 1296 if (delta > len) 1297 delta = len; 1298 1299 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1300 req.bRequest = RT2870_WRITE_REGION_1; 1301 USETW(req.wValue, 0); 1302 USETW(req.wIndex, reg); 1303 USETW(req.wLength, delta); 1304 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1305 if (error != 0) 1306 break; 1307 reg += delta; 1308 buf += delta; 1309 len -= delta; 1310 } 1311 return (error); 1312#endif 1313} 1314 1315static int 1316run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1317{ 1318 int i, error = 0; 1319 1320 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1321 for (i = 0; i < len && error == 0; i += 4) 1322 error = run_write(sc, reg + i, val); 1323 return (error); 1324} 1325 1326static int 1327run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1328{ 1329 uint32_t tmp; 1330 uint16_t reg; 1331 int error, ntries; 1332 1333 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1334 return (error); 1335 1336 if (count == 2) 1337 addr *= 2; 1338 /*- 1339 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1340 * DATA0: F E D C 1341 * DATA1: B A 9 8 1342 * DATA2: 7 6 5 4 1343 * DATA3: 3 2 1 0 1344 */ 1345 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1346 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1347 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1348 for (ntries = 0; ntries < 100; ntries++) { 1349 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1350 return (error); 1351 if (!(tmp & RT3070_EFSROM_KICK)) 1352 break; 1353 run_delay(sc, 2); 1354 } 1355 if (ntries == 100) 1356 return (ETIMEDOUT); 1357 1358 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1359 *val = 0xffff; /* address not found */ 1360 return (0); 1361 } 1362 /* determine to which 32-bit register our 16-bit word belongs */ 1363 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1364 if ((error = run_read(sc, reg, &tmp)) != 0) 1365 return (error); 1366 1367 if (count == 2) 1368 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1369 else { 1370 tmp >>= (8 *(addr & 0x3)); 1371 memmove(val, &tmp, sizeof(*val)); 1372 } 1373 return (0); 1374} 1375 1376 1377/* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1378static int 1379run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1380{ 1381 return (run_efuse_read(sc, addr, val, 2)); 1382} 1383 1384static int 1385run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1386{ 1387 usb_device_request_t req; 1388 uint16_t tmp; 1389 int error; 1390 1391 addr *= 2; 1392 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1393 req.bRequest = RT2870_EEPROM_READ; 1394 USETW(req.wValue, 0); 1395 USETW(req.wIndex, addr); 1396 USETW(req.wLength, sizeof tmp); 1397 1398 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1399 if (error == 0) 1400 *val = le16toh(tmp); 1401 else 1402 *val = 0xffff; 1403 return (error); 1404} 1405 1406static __inline int 1407run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1408{ 1409 /* either eFUSE ROM or EEPROM */ 1410 return sc->sc_srom_read(sc, addr, val); 1411} 1412 1413static int 1414run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1415{ 1416 uint32_t tmp; 1417 int error, ntries; 1418 1419 for (ntries = 0; ntries < 10; ntries++) { 1420 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1421 return (error); 1422 if (!(tmp & RT2860_RF_REG_CTRL)) 1423 break; 1424 } 1425 if (ntries == 10) 1426 return (ETIMEDOUT); 1427 1428 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1429} 1430 1431static int 1432run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1433{ 1434 uint32_t tmp; 1435 int error, ntries; 1436 1437 for (ntries = 0; ntries < 100; ntries++) { 1438 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1439 return (error); 1440 if (!(tmp & RT3070_RF_KICK)) 1441 break; 1442 } 1443 if (ntries == 100) 1444 return (ETIMEDOUT); 1445 1446 tmp = RT3070_RF_KICK | reg << 8; 1447 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1448 return (error); 1449 1450 for (ntries = 0; ntries < 100; ntries++) { 1451 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1452 return (error); 1453 if (!(tmp & RT3070_RF_KICK)) 1454 break; 1455 } 1456 if (ntries == 100) 1457 return (ETIMEDOUT); 1458 1459 *val = tmp & 0xff; 1460 return (0); 1461} 1462 1463static int 1464run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1465{ 1466 uint32_t tmp; 1467 int error, ntries; 1468 1469 for (ntries = 0; ntries < 10; ntries++) { 1470 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1471 return (error); 1472 if (!(tmp & RT3070_RF_KICK)) 1473 break; 1474 } 1475 if (ntries == 10) 1476 return (ETIMEDOUT); 1477 1478 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1479 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1480} 1481 1482static int 1483run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1484{ 1485 uint32_t tmp; 1486 int ntries, error; 1487 1488 for (ntries = 0; ntries < 10; ntries++) { 1489 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1490 return (error); 1491 if (!(tmp & RT2860_BBP_CSR_KICK)) 1492 break; 1493 } 1494 if (ntries == 10) 1495 return (ETIMEDOUT); 1496 1497 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1498 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1499 return (error); 1500 1501 for (ntries = 0; ntries < 10; ntries++) { 1502 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1503 return (error); 1504 if (!(tmp & RT2860_BBP_CSR_KICK)) 1505 break; 1506 } 1507 if (ntries == 10) 1508 return (ETIMEDOUT); 1509 1510 *val = tmp & 0xff; 1511 return (0); 1512} 1513 1514static int 1515run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1516{ 1517 uint32_t tmp; 1518 int ntries, error; 1519 1520 for (ntries = 0; ntries < 10; ntries++) { 1521 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1522 return (error); 1523 if (!(tmp & RT2860_BBP_CSR_KICK)) 1524 break; 1525 } 1526 if (ntries == 10) 1527 return (ETIMEDOUT); 1528 1529 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1530 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1531} 1532 1533/* 1534 * Send a command to the 8051 microcontroller unit. 1535 */ 1536static int 1537run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1538{ 1539 uint32_t tmp; 1540 int error, ntries; 1541 1542 for (ntries = 0; ntries < 100; ntries++) { 1543 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1544 return error; 1545 if (!(tmp & RT2860_H2M_BUSY)) 1546 break; 1547 } 1548 if (ntries == 100) 1549 return ETIMEDOUT; 1550 1551 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1552 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1553 error = run_write(sc, RT2860_HOST_CMD, cmd); 1554 return (error); 1555} 1556 1557/* 1558 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1559 * Used to adjust per-rate Tx power registers. 1560 */ 1561static __inline uint32_t 1562b4inc(uint32_t b32, int8_t delta) 1563{ 1564 int8_t i, b4; 1565 1566 for (i = 0; i < 8; i++) { 1567 b4 = b32 & 0xf; 1568 b4 += delta; 1569 if (b4 < 0) 1570 b4 = 0; 1571 else if (b4 > 0xf) 1572 b4 = 0xf; 1573 b32 = b32 >> 4 | b4 << 28; 1574 } 1575 return (b32); 1576} 1577 1578static const char * 1579run_get_rf(uint16_t rev) 1580{ 1581 switch (rev) { 1582 case RT2860_RF_2820: return "RT2820"; 1583 case RT2860_RF_2850: return "RT2850"; 1584 case RT2860_RF_2720: return "RT2720"; 1585 case RT2860_RF_2750: return "RT2750"; 1586 case RT3070_RF_3020: return "RT3020"; 1587 case RT3070_RF_2020: return "RT2020"; 1588 case RT3070_RF_3021: return "RT3021"; 1589 case RT3070_RF_3022: return "RT3022"; 1590 case RT3070_RF_3052: return "RT3052"; 1591 case RT5592_RF_5592: return "RT5592"; 1592 case RT5390_RF_5370: return "RT5370"; 1593 case RT5390_RF_5372: return "RT5372"; 1594 } 1595 return ("unknown"); 1596} 1597 1598static int 1599run_read_eeprom(struct run_softc *sc) 1600{ 1601 int8_t delta_2ghz, delta_5ghz; 1602 uint32_t tmp; 1603 uint16_t val; 1604 int ridx, ant, i; 1605 1606 /* check whether the ROM is eFUSE ROM or EEPROM */ 1607 sc->sc_srom_read = run_eeprom_read_2; 1608 if (sc->mac_ver >= 0x3070) { 1609 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1610 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1611 if (tmp & RT3070_SEL_EFUSE) 1612 sc->sc_srom_read = run_efuse_read_2; 1613 } 1614 1615 /* read ROM version */ 1616 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1617 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1618 1619 /* read MAC address */ 1620 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1621 sc->sc_bssid[0] = val & 0xff; 1622 sc->sc_bssid[1] = val >> 8; 1623 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1624 sc->sc_bssid[2] = val & 0xff; 1625 sc->sc_bssid[3] = val >> 8; 1626 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1627 sc->sc_bssid[4] = val & 0xff; 1628 sc->sc_bssid[5] = val >> 8; 1629 1630 if (sc->mac_ver < 0x5390) { 1631 /* read vender BBP settings */ 1632 for (i = 0; i < 10; i++) { 1633 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1634 sc->bbp[i].val = val & 0xff; 1635 sc->bbp[i].reg = val >> 8; 1636 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1637 sc->bbp[i].val); 1638 } 1639 if (sc->mac_ver >= 0x3071) { 1640 /* read vendor RF settings */ 1641 for (i = 0; i < 10; i++) { 1642 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1643 &val); 1644 sc->rf[i].val = val & 0xff; 1645 sc->rf[i].reg = val >> 8; 1646 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1647 sc->rf[i].val); 1648 } 1649 } 1650 } 1651 1652 /* read RF frequency offset from EEPROM */ 1653 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1654 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1655 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1656 1657 if (val >> 8 != 0xff) { 1658 /* read LEDs operating mode */ 1659 sc->leds = val >> 8; 1660 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1661 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1662 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1663 } else { 1664 /* broken EEPROM, use default settings */ 1665 sc->leds = 0x01; 1666 sc->led[0] = 0x5555; 1667 sc->led[1] = 0x2221; 1668 sc->led[2] = 0x5627; /* differs from RT2860 */ 1669 } 1670 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1671 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1672 1673 /* read RF information */ 1674 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1675 run_srom_read(sc, 0x00, &val); 1676 else 1677 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1678 1679 if (val == 0xffff) { 1680 DPRINTF("invalid EEPROM antenna info, using default\n"); 1681 if (sc->mac_ver == 0x3572) { 1682 /* default to RF3052 2T2R */ 1683 sc->rf_rev = RT3070_RF_3052; 1684 sc->ntxchains = 2; 1685 sc->nrxchains = 2; 1686 } else if (sc->mac_ver >= 0x3070) { 1687 /* default to RF3020 1T1R */ 1688 sc->rf_rev = RT3070_RF_3020; 1689 sc->ntxchains = 1; 1690 sc->nrxchains = 1; 1691 } else { 1692 /* default to RF2820 1T2R */ 1693 sc->rf_rev = RT2860_RF_2820; 1694 sc->ntxchains = 1; 1695 sc->nrxchains = 2; 1696 } 1697 } else { 1698 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1699 sc->rf_rev = val; 1700 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1701 } else 1702 sc->rf_rev = (val >> 8) & 0xf; 1703 sc->ntxchains = (val >> 4) & 0xf; 1704 sc->nrxchains = val & 0xf; 1705 } 1706 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1707 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1708 1709 /* check if RF supports automatic Tx access gain control */ 1710 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1711 DPRINTF("EEPROM CFG 0x%04x\n", val); 1712 /* check if driver should patch the DAC issue */ 1713 if ((val >> 8) != 0xff) 1714 sc->patch_dac = (val >> 15) & 1; 1715 if ((val & 0xff) != 0xff) { 1716 sc->ext_5ghz_lna = (val >> 3) & 1; 1717 sc->ext_2ghz_lna = (val >> 2) & 1; 1718 /* check if RF supports automatic Tx access gain control */ 1719 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1720 /* check if we have a hardware radio switch */ 1721 sc->rfswitch = val & 1; 1722 } 1723 1724 /* read power settings for 2GHz channels */ 1725 for (i = 0; i < 14; i += 2) { 1726 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1727 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1728 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1729 1730 if (sc->mac_ver != 0x5390) { 1731 run_srom_read(sc, 1732 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1733 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1734 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1735 } 1736 } 1737 /* fix broken Tx power entries */ 1738 for (i = 0; i < 14; i++) { 1739 if (sc->mac_ver >= 0x5390) { 1740 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1741 sc->txpow1[i] = 5; 1742 } else { 1743 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1744 sc->txpow1[i] = 5; 1745 } 1746 if (sc->mac_ver > 0x5390) { 1747 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1748 sc->txpow2[i] = 5; 1749 } else if (sc->mac_ver < 0x5390) { 1750 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1751 sc->txpow2[i] = 5; 1752 } 1753 DPRINTF("chan %d: power1=%d, power2=%d\n", 1754 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1755 } 1756 /* read power settings for 5GHz channels */ 1757 for (i = 0; i < 40; i += 2) { 1758 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1759 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1760 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1761 1762 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1763 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1764 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1765 } 1766 /* fix broken Tx power entries */ 1767 for (i = 0; i < 40; i++ ) { 1768 if (sc->mac_ver != 0x5592) { 1769 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1770 sc->txpow1[14 + i] = 5; 1771 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1772 sc->txpow2[14 + i] = 5; 1773 } 1774 DPRINTF("chan %d: power1=%d, power2=%d\n", 1775 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1776 sc->txpow2[14 + i]); 1777 } 1778 1779 /* read Tx power compensation for each Tx rate */ 1780 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1781 delta_2ghz = delta_5ghz = 0; 1782 if ((val & 0xff) != 0xff && (val & 0x80)) { 1783 delta_2ghz = val & 0xf; 1784 if (!(val & 0x40)) /* negative number */ 1785 delta_2ghz = -delta_2ghz; 1786 } 1787 val >>= 8; 1788 if ((val & 0xff) != 0xff && (val & 0x80)) { 1789 delta_5ghz = val & 0xf; 1790 if (!(val & 0x40)) /* negative number */ 1791 delta_5ghz = -delta_5ghz; 1792 } 1793 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1794 delta_2ghz, delta_5ghz); 1795 1796 for (ridx = 0; ridx < 5; ridx++) { 1797 uint32_t reg; 1798 1799 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1800 reg = val; 1801 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1802 reg |= (uint32_t)val << 16; 1803 1804 sc->txpow20mhz[ridx] = reg; 1805 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1806 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1807 1808 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1809 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1810 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1811 } 1812 1813 /* read RSSI offsets and LNA gains from EEPROM */ 1814 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1815 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1816 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1817 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1818 if (sc->mac_ver >= 0x3070) { 1819 /* 1820 * On RT3070 chips (limited to 2 Rx chains), this ROM 1821 * field contains the Tx mixer gain for the 2GHz band. 1822 */ 1823 if ((val & 0xff) != 0xff) 1824 sc->txmixgain_2ghz = val & 0x7; 1825 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1826 } else 1827 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1828 sc->lna[2] = val >> 8; /* channel group 2 */ 1829 1830 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1831 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1832 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1833 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1834 if (sc->mac_ver == 0x3572) { 1835 /* 1836 * On RT3572 chips (limited to 2 Rx chains), this ROM 1837 * field contains the Tx mixer gain for the 5GHz band. 1838 */ 1839 if ((val & 0xff) != 0xff) 1840 sc->txmixgain_5ghz = val & 0x7; 1841 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1842 } else 1843 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1844 sc->lna[3] = val >> 8; /* channel group 3 */ 1845 1846 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1847 sc->lna[0] = val & 0xff; /* channel group 0 */ 1848 sc->lna[1] = val >> 8; /* channel group 1 */ 1849 1850 /* fix broken 5GHz LNA entries */ 1851 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1852 DPRINTF("invalid LNA for channel group %d\n", 2); 1853 sc->lna[2] = sc->lna[1]; 1854 } 1855 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1856 DPRINTF("invalid LNA for channel group %d\n", 3); 1857 sc->lna[3] = sc->lna[1]; 1858 } 1859 1860 /* fix broken RSSI offset entries */ 1861 for (ant = 0; ant < 3; ant++) { 1862 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1863 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1864 ant + 1, sc->rssi_2ghz[ant]); 1865 sc->rssi_2ghz[ant] = 0; 1866 } 1867 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1868 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1869 ant + 1, sc->rssi_5ghz[ant]); 1870 sc->rssi_5ghz[ant] = 0; 1871 } 1872 } 1873 return (0); 1874} 1875 1876static struct ieee80211_node * 1877run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1878{ 1879 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1880} 1881 1882static int 1883run_media_change(struct ifnet *ifp) 1884{ 1885 struct ieee80211vap *vap = ifp->if_softc; 1886 struct ieee80211com *ic = vap->iv_ic; 1887 const struct ieee80211_txparam *tp; 1888 struct run_softc *sc = ic->ic_ifp->if_softc; 1889 uint8_t rate, ridx; 1890 int error; 1891 1892 RUN_LOCK(sc); 1893 1894 error = ieee80211_media_change(ifp); 1895 if (error != ENETRESET) { 1896 RUN_UNLOCK(sc); 1897 return (error); 1898 } 1899 1900 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1901 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1902 struct ieee80211_node *ni; 1903 struct run_node *rn; 1904 1905 rate = ic->ic_sup_rates[ic->ic_curmode]. 1906 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1907 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1908 if (rt2860_rates[ridx].rate == rate) 1909 break; 1910 ni = ieee80211_ref_node(vap->iv_bss); 1911 rn = (struct run_node *)ni; 1912 rn->fix_ridx = ridx; 1913 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1914 ieee80211_free_node(ni); 1915 } 1916 1917#if 0 1918 if ((ifp->if_flags & IFF_UP) && 1919 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1920 run_init_locked(sc); 1921 } 1922#endif 1923 1924 RUN_UNLOCK(sc); 1925 1926 return (0); 1927} 1928 1929static int 1930run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1931{ 1932 const struct ieee80211_txparam *tp; 1933 struct ieee80211com *ic = vap->iv_ic; 1934 struct run_softc *sc = ic->ic_ifp->if_softc; 1935 struct run_vap *rvp = RUN_VAP(vap); 1936 enum ieee80211_state ostate; 1937 uint32_t sta[3]; 1938 uint32_t tmp; 1939 uint8_t ratectl; 1940 uint8_t restart_ratectl = 0; 1941 uint8_t bid = 1 << rvp->rvp_id; 1942 1943 ostate = vap->iv_state; 1944 DPRINTF("%s -> %s\n", 1945 ieee80211_state_name[ostate], 1946 ieee80211_state_name[nstate]); 1947 1948 IEEE80211_UNLOCK(ic); 1949 RUN_LOCK(sc); 1950 1951 ratectl = sc->ratectl_run; /* remember current state */ 1952 sc->ratectl_run = RUN_RATECTL_OFF; 1953 usb_callout_stop(&sc->ratectl_ch); 1954 1955 if (ostate == IEEE80211_S_RUN) { 1956 /* turn link LED off */ 1957 run_set_leds(sc, RT2860_LED_RADIO); 1958 } 1959 1960 switch (nstate) { 1961 case IEEE80211_S_INIT: 1962 restart_ratectl = 1; 1963 1964 if (ostate != IEEE80211_S_RUN) 1965 break; 1966 1967 ratectl &= ~bid; 1968 sc->runbmap &= ~bid; 1969 1970 /* abort TSF synchronization if there is no vap running */ 1971 if (--sc->running == 0) { 1972 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1973 run_write(sc, RT2860_BCN_TIME_CFG, 1974 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1975 RT2860_TBTT_TIMER_EN)); 1976 } 1977 break; 1978 1979 case IEEE80211_S_RUN: 1980 if (!(sc->runbmap & bid)) { 1981 if(sc->running++) 1982 restart_ratectl = 1; 1983 sc->runbmap |= bid; 1984 } 1985 1986 m_freem(rvp->beacon_mbuf); 1987 rvp->beacon_mbuf = NULL; 1988 1989 switch (vap->iv_opmode) { 1990 case IEEE80211_M_HOSTAP: 1991 case IEEE80211_M_MBSS: 1992 sc->ap_running |= bid; 1993 ic->ic_opmode = vap->iv_opmode; 1994 run_update_beacon_cb(vap); 1995 break; 1996 case IEEE80211_M_IBSS: 1997 sc->adhoc_running |= bid; 1998 if (!sc->ap_running) 1999 ic->ic_opmode = vap->iv_opmode; 2000 run_update_beacon_cb(vap); 2001 break; 2002 case IEEE80211_M_STA: 2003 sc->sta_running |= bid; 2004 if (!sc->ap_running && !sc->adhoc_running) 2005 ic->ic_opmode = vap->iv_opmode; 2006 2007 /* read statistic counters (clear on read) */ 2008 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2009 (uint8_t *)sta, sizeof sta); 2010 2011 break; 2012 default: 2013 ic->ic_opmode = vap->iv_opmode; 2014 break; 2015 } 2016 2017 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2018 struct ieee80211_node *ni; 2019 2020 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2021 RUN_UNLOCK(sc); 2022 IEEE80211_LOCK(ic); 2023 return (-1); 2024 } 2025 run_updateslot(ic->ic_ifp); 2026 run_enable_mrr(sc); 2027 run_set_txpreamble(sc); 2028 run_set_basicrates(sc); 2029 ni = ieee80211_ref_node(vap->iv_bss); 2030 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2031 run_set_bssid(sc, ni->ni_bssid); 2032 ieee80211_free_node(ni); 2033 run_enable_tsf_sync(sc); 2034 2035 /* enable automatic rate adaptation */ 2036 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2037 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2038 ratectl |= bid; 2039 } 2040 2041 /* turn link LED on */ 2042 run_set_leds(sc, RT2860_LED_RADIO | 2043 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2044 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2045 2046 break; 2047 default: 2048 DPRINTFN(6, "undefined case\n"); 2049 break; 2050 } 2051 2052 /* restart amrr for running VAPs */ 2053 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2054 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2055 2056 RUN_UNLOCK(sc); 2057 IEEE80211_LOCK(ic); 2058 2059 return(rvp->newstate(vap, nstate, arg)); 2060} 2061 2062/* ARGSUSED */ 2063static void 2064run_wme_update_cb(void *arg) 2065{ 2066 struct ieee80211com *ic = arg; 2067 struct run_softc *sc = ic->ic_ifp->if_softc; 2068 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2069 int aci, error = 0; 2070 2071 RUN_LOCK_ASSERT(sc, MA_OWNED); 2072 2073 /* update MAC TX configuration registers */ 2074 for (aci = 0; aci < WME_NUM_AC; aci++) { 2075 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2076 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2077 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2078 wmesp->wme_params[aci].wmep_aifsn << 8 | 2079 wmesp->wme_params[aci].wmep_txopLimit); 2080 if (error) goto err; 2081 } 2082 2083 /* update SCH/DMA registers too */ 2084 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2085 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2086 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2087 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2088 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2089 if (error) goto err; 2090 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2091 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2092 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2093 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2094 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2095 if (error) goto err; 2096 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2097 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2098 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2099 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2100 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2101 if (error) goto err; 2102 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2103 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2104 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2105 if (error) goto err; 2106 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2107 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2108 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2109 2110err: 2111 if (error) 2112 DPRINTF("WME update failed\n"); 2113 2114 return; 2115} 2116 2117static int 2118run_wme_update(struct ieee80211com *ic) 2119{ 2120 struct run_softc *sc = ic->ic_ifp->if_softc; 2121 2122 /* sometime called wothout lock */ 2123 if (mtx_owned(&ic->ic_comlock.mtx)) { 2124 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2125 DPRINTF("cmdq_store=%d\n", i); 2126 sc->cmdq[i].func = run_wme_update_cb; 2127 sc->cmdq[i].arg0 = ic; 2128 ieee80211_runtask(ic, &sc->cmdq_task); 2129 return (0); 2130 } 2131 2132 RUN_LOCK(sc); 2133 run_wme_update_cb(ic); 2134 RUN_UNLOCK(sc); 2135 2136 /* return whatever, upper layer desn't care anyway */ 2137 return (0); 2138} 2139 2140static void 2141run_key_update_begin(struct ieee80211vap *vap) 2142{ 2143 /* 2144 * To avoid out-of-order events, both run_key_set() and 2145 * _delete() are deferred and handled by run_cmdq_cb(). 2146 * So, there is nothing we need to do here. 2147 */ 2148} 2149 2150static void 2151run_key_update_end(struct ieee80211vap *vap) 2152{ 2153 /* null */ 2154} 2155 2156static void 2157run_key_set_cb(void *arg) 2158{ 2159 struct run_cmdq *cmdq = arg; 2160 struct ieee80211vap *vap = cmdq->arg1; 2161 struct ieee80211_key *k = cmdq->k; 2162 struct ieee80211com *ic = vap->iv_ic; 2163 struct run_softc *sc = ic->ic_ifp->if_softc; 2164 struct ieee80211_node *ni; 2165 uint32_t attr; 2166 uint16_t base, associd; 2167 uint8_t mode, wcid, iv[8]; 2168 2169 RUN_LOCK_ASSERT(sc, MA_OWNED); 2170 2171 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2172 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2173 else 2174 ni = vap->iv_bss; 2175 associd = (ni != NULL) ? ni->ni_associd : 0; 2176 2177 /* map net80211 cipher to RT2860 security mode */ 2178 switch (k->wk_cipher->ic_cipher) { 2179 case IEEE80211_CIPHER_WEP: 2180 if(k->wk_keylen < 8) 2181 mode = RT2860_MODE_WEP40; 2182 else 2183 mode = RT2860_MODE_WEP104; 2184 break; 2185 case IEEE80211_CIPHER_TKIP: 2186 mode = RT2860_MODE_TKIP; 2187 break; 2188 case IEEE80211_CIPHER_AES_CCM: 2189 mode = RT2860_MODE_AES_CCMP; 2190 break; 2191 default: 2192 DPRINTF("undefined case\n"); 2193 return; 2194 } 2195 2196 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2197 associd, k->wk_keyix, mode, 2198 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2199 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2200 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2201 2202 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2203 wcid = 0; /* NB: update WCID0 for group keys */ 2204 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2205 } else { 2206 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2207 1 : RUN_AID2WCID(associd); 2208 base = RT2860_PKEY(wcid); 2209 } 2210 2211 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2212 if(run_write_region_1(sc, base, k->wk_key, 16)) 2213 return; 2214 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2215 return; 2216 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2217 return; 2218 } else { 2219 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2220 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2221 return; 2222 } 2223 2224 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2225 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2226 /* set initial packet number in IV+EIV */ 2227 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2228 memset(iv, 0, sizeof iv); 2229 iv[3] = vap->iv_def_txkey << 6; 2230 } else { 2231 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2232 iv[0] = k->wk_keytsc >> 8; 2233 iv[1] = (iv[0] | 0x20) & 0x7f; 2234 iv[2] = k->wk_keytsc; 2235 } else /* CCMP */ { 2236 iv[0] = k->wk_keytsc; 2237 iv[1] = k->wk_keytsc >> 8; 2238 iv[2] = 0; 2239 } 2240 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2241 iv[4] = k->wk_keytsc >> 16; 2242 iv[5] = k->wk_keytsc >> 24; 2243 iv[6] = k->wk_keytsc >> 32; 2244 iv[7] = k->wk_keytsc >> 40; 2245 } 2246 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2247 return; 2248 } 2249 2250 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2251 /* install group key */ 2252 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2253 return; 2254 attr &= ~(0xf << (k->wk_keyix * 4)); 2255 attr |= mode << (k->wk_keyix * 4); 2256 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2257 return; 2258 } else { 2259 /* install pairwise key */ 2260 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2261 return; 2262 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2263 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2264 return; 2265 } 2266 2267 /* TODO create a pass-thru key entry? */ 2268 2269 /* need wcid to delete the right key later */ 2270 k->wk_pad = wcid; 2271} 2272 2273/* 2274 * Don't have to be deferred, but in order to keep order of 2275 * execution, i.e. with run_key_delete(), defer this and let 2276 * run_cmdq_cb() maintain the order. 2277 * 2278 * return 0 on error 2279 */ 2280static int 2281run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2282 const uint8_t mac[IEEE80211_ADDR_LEN]) 2283{ 2284 struct ieee80211com *ic = vap->iv_ic; 2285 struct run_softc *sc = ic->ic_ifp->if_softc; 2286 uint32_t i; 2287 2288 i = RUN_CMDQ_GET(&sc->cmdq_store); 2289 DPRINTF("cmdq_store=%d\n", i); 2290 sc->cmdq[i].func = run_key_set_cb; 2291 sc->cmdq[i].arg0 = NULL; 2292 sc->cmdq[i].arg1 = vap; 2293 sc->cmdq[i].k = k; 2294 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2295 ieee80211_runtask(ic, &sc->cmdq_task); 2296 2297 /* 2298 * To make sure key will be set when hostapd 2299 * calls iv_key_set() before if_init(). 2300 */ 2301 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2302 RUN_LOCK(sc); 2303 sc->cmdq_key_set = RUN_CMDQ_GO; 2304 RUN_UNLOCK(sc); 2305 } 2306 2307 return (1); 2308} 2309 2310/* 2311 * If wlan is destroyed without being brought down i.e. without 2312 * wlan down or wpa_cli terminate, this function is called after 2313 * vap is gone. Don't refer it. 2314 */ 2315static void 2316run_key_delete_cb(void *arg) 2317{ 2318 struct run_cmdq *cmdq = arg; 2319 struct run_softc *sc = cmdq->arg1; 2320 struct ieee80211_key *k = &cmdq->key; 2321 uint32_t attr; 2322 uint8_t wcid; 2323 2324 RUN_LOCK_ASSERT(sc, MA_OWNED); 2325 2326 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2327 /* remove group key */ 2328 DPRINTF("removing group key\n"); 2329 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2330 attr &= ~(0xf << (k->wk_keyix * 4)); 2331 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2332 } else { 2333 /* remove pairwise key */ 2334 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2335 /* matching wcid was written to wk_pad in run_key_set() */ 2336 wcid = k->wk_pad; 2337 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2338 attr &= ~0xf; 2339 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2340 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2341 } 2342 2343 k->wk_pad = 0; 2344} 2345 2346/* 2347 * return 0 on error 2348 */ 2349static int 2350run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2351{ 2352 struct ieee80211com *ic = vap->iv_ic; 2353 struct run_softc *sc = ic->ic_ifp->if_softc; 2354 struct ieee80211_key *k0; 2355 uint32_t i; 2356 2357 /* 2358 * When called back, key might be gone. So, make a copy 2359 * of some values need to delete keys before deferring. 2360 * But, because of LOR with node lock, cannot use lock here. 2361 * So, use atomic instead. 2362 */ 2363 i = RUN_CMDQ_GET(&sc->cmdq_store); 2364 DPRINTF("cmdq_store=%d\n", i); 2365 sc->cmdq[i].func = run_key_delete_cb; 2366 sc->cmdq[i].arg0 = NULL; 2367 sc->cmdq[i].arg1 = sc; 2368 k0 = &sc->cmdq[i].key; 2369 k0->wk_flags = k->wk_flags; 2370 k0->wk_keyix = k->wk_keyix; 2371 /* matching wcid was written to wk_pad in run_key_set() */ 2372 k0->wk_pad = k->wk_pad; 2373 ieee80211_runtask(ic, &sc->cmdq_task); 2374 return (1); /* return fake success */ 2375 2376} 2377 2378static void 2379run_ratectl_to(void *arg) 2380{ 2381 struct run_softc *sc = arg; 2382 2383 /* do it in a process context, so it can go sleep */ 2384 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2385 /* next timeout will be rescheduled in the callback task */ 2386} 2387 2388/* ARGSUSED */ 2389static void 2390run_ratectl_cb(void *arg, int pending) 2391{ 2392 struct run_softc *sc = arg; 2393 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2394 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2395 2396 if (vap == NULL) 2397 return; 2398 2399 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2400 run_iter_func(sc, vap->iv_bss); 2401 else { 2402 /* 2403 * run_reset_livelock() doesn't do anything with AMRR, 2404 * but Ralink wants us to call it every 1 sec. So, we 2405 * piggyback here rather than creating another callout. 2406 * Livelock may occur only in HOSTAP or IBSS mode 2407 * (when h/w is sending beacons). 2408 */ 2409 RUN_LOCK(sc); 2410 run_reset_livelock(sc); 2411 /* just in case, there are some stats to drain */ 2412 run_drain_fifo(sc); 2413 RUN_UNLOCK(sc); 2414 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2415 } 2416 2417 RUN_LOCK(sc); 2418 if(sc->ratectl_run != RUN_RATECTL_OFF) 2419 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2420 RUN_UNLOCK(sc); 2421} 2422 2423static void 2424run_drain_fifo(void *arg) 2425{ 2426 struct run_softc *sc = arg; 2427 struct ifnet *ifp = sc->sc_ifp; 2428 uint32_t stat; 2429 uint16_t (*wstat)[3]; 2430 uint8_t wcid, mcs, pid; 2431 int8_t retry; 2432 2433 RUN_LOCK_ASSERT(sc, MA_OWNED); 2434 2435 for (;;) { 2436 /* drain Tx status FIFO (maxsize = 16) */ 2437 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2438 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2439 if (!(stat & RT2860_TXQ_VLD)) 2440 break; 2441 2442 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2443 2444 /* if no ACK was requested, no feedback is available */ 2445 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2446 wcid == 0) 2447 continue; 2448 2449 /* 2450 * Even though each stat is Tx-complete-status like format, 2451 * the device can poll stats. Because there is no guarantee 2452 * that the referring node is still around when read the stats. 2453 * So that, if we use ieee80211_ratectl_tx_update(), we will 2454 * have hard time not to refer already freed node. 2455 * 2456 * To eliminate such page faults, we poll stats in softc. 2457 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2458 */ 2459 wstat = &(sc->wcid_stats[wcid]); 2460 (*wstat)[RUN_TXCNT]++; 2461 if (stat & RT2860_TXQ_OK) 2462 (*wstat)[RUN_SUCCESS]++; 2463 else 2464 ifp->if_oerrors++; 2465 /* 2466 * Check if there were retries, ie if the Tx success rate is 2467 * different from the requested rate. Note that it works only 2468 * because we do not allow rate fallback from OFDM to CCK. 2469 */ 2470 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2471 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2472 if ((retry = pid -1 - mcs) > 0) { 2473 (*wstat)[RUN_TXCNT] += retry; 2474 (*wstat)[RUN_RETRY] += retry; 2475 } 2476 } 2477 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2478 2479 sc->fifo_cnt = 0; 2480} 2481 2482static void 2483run_iter_func(void *arg, struct ieee80211_node *ni) 2484{ 2485 struct run_softc *sc = arg; 2486 struct ieee80211vap *vap = ni->ni_vap; 2487 struct ieee80211com *ic = ni->ni_ic; 2488 struct ifnet *ifp = ic->ic_ifp; 2489 struct run_node *rn = (void *)ni; 2490 union run_stats sta[2]; 2491 uint16_t (*wstat)[3]; 2492 int txcnt, success, retrycnt, error; 2493 2494 RUN_LOCK(sc); 2495 2496 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2497 vap->iv_opmode == IEEE80211_M_STA)) { 2498 /* read statistic counters (clear on read) and update AMRR state */ 2499 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2500 sizeof sta); 2501 if (error != 0) 2502 goto fail; 2503 2504 /* count failed TX as errors */ 2505 ifp->if_oerrors += le16toh(sta[0].error.fail); 2506 2507 retrycnt = le16toh(sta[1].tx.retry); 2508 success = le16toh(sta[1].tx.success); 2509 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2510 2511 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2512 retrycnt, success, le16toh(sta[0].error.fail)); 2513 } else { 2514 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2515 2516 if (wstat == &(sc->wcid_stats[0]) || 2517 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2518 goto fail; 2519 2520 txcnt = (*wstat)[RUN_TXCNT]; 2521 success = (*wstat)[RUN_SUCCESS]; 2522 retrycnt = (*wstat)[RUN_RETRY]; 2523 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2524 retrycnt, txcnt, success); 2525 2526 memset(wstat, 0, sizeof(*wstat)); 2527 } 2528 2529 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2530 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2531 2532fail: 2533 RUN_UNLOCK(sc); 2534 2535 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2536} 2537 2538static void 2539run_newassoc_cb(void *arg) 2540{ 2541 struct run_cmdq *cmdq = arg; 2542 struct ieee80211_node *ni = cmdq->arg1; 2543 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2544 uint8_t wcid = cmdq->wcid; 2545 2546 RUN_LOCK_ASSERT(sc, MA_OWNED); 2547 2548 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2549 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2550 2551 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2552} 2553 2554static void 2555run_newassoc(struct ieee80211_node *ni, int isnew) 2556{ 2557 struct run_node *rn = (void *)ni; 2558 struct ieee80211_rateset *rs = &ni->ni_rates; 2559 struct ieee80211vap *vap = ni->ni_vap; 2560 struct ieee80211com *ic = vap->iv_ic; 2561 struct run_softc *sc = ic->ic_ifp->if_softc; 2562 uint8_t rate; 2563 uint8_t ridx; 2564 uint8_t wcid; 2565 int i, j; 2566 2567 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2568 1 : RUN_AID2WCID(ni->ni_associd); 2569 2570 if (wcid > RT2870_WCID_MAX) { 2571 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2572 return; 2573 } 2574 2575 /* only interested in true associations */ 2576 if (isnew && ni->ni_associd != 0) { 2577 2578 /* 2579 * This function could is called though timeout function. 2580 * Need to defer. 2581 */ 2582 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2583 DPRINTF("cmdq_store=%d\n", cnt); 2584 sc->cmdq[cnt].func = run_newassoc_cb; 2585 sc->cmdq[cnt].arg0 = NULL; 2586 sc->cmdq[cnt].arg1 = ni; 2587 sc->cmdq[cnt].wcid = wcid; 2588 ieee80211_runtask(ic, &sc->cmdq_task); 2589 } 2590 2591 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2592 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2593 2594 for (i = 0; i < rs->rs_nrates; i++) { 2595 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2596 /* convert 802.11 rate to hardware rate index */ 2597 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2598 if (rt2860_rates[ridx].rate == rate) 2599 break; 2600 rn->ridx[i] = ridx; 2601 /* determine rate of control response frames */ 2602 for (j = i; j >= 0; j--) { 2603 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2604 rt2860_rates[rn->ridx[i]].phy == 2605 rt2860_rates[rn->ridx[j]].phy) 2606 break; 2607 } 2608 if (j >= 0) { 2609 rn->ctl_ridx[i] = rn->ridx[j]; 2610 } else { 2611 /* no basic rate found, use mandatory one */ 2612 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2613 } 2614 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2615 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2616 } 2617 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2618 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2619 if (rt2860_rates[ridx].rate == rate) 2620 break; 2621 rn->mgt_ridx = ridx; 2622 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2623 2624 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2625} 2626 2627/* 2628 * Return the Rx chain with the highest RSSI for a given frame. 2629 */ 2630static __inline uint8_t 2631run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2632{ 2633 uint8_t rxchain = 0; 2634 2635 if (sc->nrxchains > 1) { 2636 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2637 rxchain = 1; 2638 if (sc->nrxchains > 2) 2639 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2640 rxchain = 2; 2641 } 2642 return (rxchain); 2643} 2644 2645static void 2646run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2647{ 2648 struct ifnet *ifp = sc->sc_ifp; 2649 struct ieee80211com *ic = ifp->if_l2com; 2650 struct ieee80211_frame *wh; 2651 struct ieee80211_node *ni; 2652 struct rt2870_rxd *rxd; 2653 struct rt2860_rxwi *rxwi; 2654 uint32_t flags; 2655 uint16_t len, rxwisize; 2656 uint8_t ant, rssi; 2657 int8_t nf; 2658 2659 rxwi = mtod(m, struct rt2860_rxwi *); 2660 len = le16toh(rxwi->len) & 0xfff; 2661 rxwisize = (sc->mac_ver == 0x5592) ? 2662 sizeof(struct rt2860_rxwi) + sizeof(uint64_t) : 2663 sizeof(struct rt2860_rxwi); 2664 if (__predict_false(len > dmalen)) { 2665 m_freem(m); 2666 ifp->if_ierrors++; 2667 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2668 return; 2669 } 2670 /* Rx descriptor is located at the end */ 2671 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2672 flags = le32toh(rxd->flags); 2673 2674 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2675 m_freem(m); 2676 ifp->if_ierrors++; 2677 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2678 return; 2679 } 2680 2681 m->m_data += rxwisize; 2682 m->m_pkthdr.len = m->m_len -= rxwisize; 2683 2684 wh = mtod(m, struct ieee80211_frame *); 2685 2686 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2687 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2688 m->m_flags |= M_WEP; 2689 } 2690 2691 if (flags & RT2860_RX_L2PAD) { 2692 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2693 len += 2; 2694 } 2695 2696 ni = ieee80211_find_rxnode(ic, 2697 mtod(m, struct ieee80211_frame_min *)); 2698 2699 if (__predict_false(flags & RT2860_RX_MICERR)) { 2700 /* report MIC failures to net80211 for TKIP */ 2701 if (ni != NULL) 2702 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2703 rxwi->keyidx); 2704 m_freem(m); 2705 ifp->if_ierrors++; 2706 DPRINTF("MIC error. Someone is lying.\n"); 2707 return; 2708 } 2709 2710 ant = run_maxrssi_chain(sc, rxwi); 2711 rssi = rxwi->rssi[ant]; 2712 nf = run_rssi2dbm(sc, rssi, ant); 2713 2714 m->m_pkthdr.rcvif = ifp; 2715 m->m_pkthdr.len = m->m_len = len; 2716 2717 if (ni != NULL) { 2718 (void)ieee80211_input(ni, m, rssi, nf); 2719 ieee80211_free_node(ni); 2720 } else { 2721 (void)ieee80211_input_all(ic, m, rssi, nf); 2722 } 2723 2724 if (__predict_false(ieee80211_radiotap_active(ic))) { 2725 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2726 uint16_t phy; 2727 2728 tap->wr_flags = 0; 2729 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2730 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2731 tap->wr_antsignal = rssi; 2732 tap->wr_antenna = ant; 2733 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2734 tap->wr_rate = 2; /* in case it can't be found below */ 2735 phy = le16toh(rxwi->phy); 2736 switch (phy & RT2860_PHY_MODE) { 2737 case RT2860_PHY_CCK: 2738 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2739 case 0: tap->wr_rate = 2; break; 2740 case 1: tap->wr_rate = 4; break; 2741 case 2: tap->wr_rate = 11; break; 2742 case 3: tap->wr_rate = 22; break; 2743 } 2744 if (phy & RT2860_PHY_SHPRE) 2745 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2746 break; 2747 case RT2860_PHY_OFDM: 2748 switch (phy & RT2860_PHY_MCS) { 2749 case 0: tap->wr_rate = 12; break; 2750 case 1: tap->wr_rate = 18; break; 2751 case 2: tap->wr_rate = 24; break; 2752 case 3: tap->wr_rate = 36; break; 2753 case 4: tap->wr_rate = 48; break; 2754 case 5: tap->wr_rate = 72; break; 2755 case 6: tap->wr_rate = 96; break; 2756 case 7: tap->wr_rate = 108; break; 2757 } 2758 break; 2759 } 2760 } 2761} 2762 2763static void 2764run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2765{ 2766 struct run_softc *sc = usbd_xfer_softc(xfer); 2767 struct ifnet *ifp = sc->sc_ifp; 2768 struct mbuf *m = NULL; 2769 struct mbuf *m0; 2770 uint32_t dmalen; 2771 uint16_t rxwisize; 2772 int xferlen; 2773 2774 rxwisize = (sc->mac_ver == 0x5592) ? 2775 sizeof(struct rt2860_rxwi) + sizeof(uint64_t) : 2776 sizeof(struct rt2860_rxwi); 2777 2778 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2779 2780 switch (USB_GET_STATE(xfer)) { 2781 case USB_ST_TRANSFERRED: 2782 2783 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2784 2785 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2786 sizeof(struct rt2870_rxd))) { 2787 DPRINTF("xfer too short %d\n", xferlen); 2788 goto tr_setup; 2789 } 2790 2791 m = sc->rx_m; 2792 sc->rx_m = NULL; 2793 2794 /* FALLTHROUGH */ 2795 case USB_ST_SETUP: 2796tr_setup: 2797 if (sc->rx_m == NULL) { 2798 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2799 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2800 } 2801 if (sc->rx_m == NULL) { 2802 DPRINTF("could not allocate mbuf - idle with stall\n"); 2803 ifp->if_ierrors++; 2804 usbd_xfer_set_stall(xfer); 2805 usbd_xfer_set_frames(xfer, 0); 2806 } else { 2807 /* 2808 * Directly loading a mbuf cluster into DMA to 2809 * save some data copying. This works because 2810 * there is only one cluster. 2811 */ 2812 usbd_xfer_set_frame_data(xfer, 0, 2813 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2814 usbd_xfer_set_frames(xfer, 1); 2815 } 2816 usbd_transfer_submit(xfer); 2817 break; 2818 2819 default: /* Error */ 2820 if (error != USB_ERR_CANCELLED) { 2821 /* try to clear stall first */ 2822 usbd_xfer_set_stall(xfer); 2823 2824 if (error == USB_ERR_TIMEOUT) 2825 device_printf(sc->sc_dev, "device timeout\n"); 2826 2827 ifp->if_ierrors++; 2828 2829 goto tr_setup; 2830 } 2831 if (sc->rx_m != NULL) { 2832 m_freem(sc->rx_m); 2833 sc->rx_m = NULL; 2834 } 2835 break; 2836 } 2837 2838 if (m == NULL) 2839 return; 2840 2841 /* inputting all the frames must be last */ 2842 2843 RUN_UNLOCK(sc); 2844 2845 m->m_pkthdr.len = m->m_len = xferlen; 2846 2847 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2848 for(;;) { 2849 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2850 2851 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2852 ((dmalen & 3) != 0)) { 2853 DPRINTF("bad DMA length %u\n", dmalen); 2854 break; 2855 } 2856 if ((dmalen + 8) > (uint32_t)xferlen) { 2857 DPRINTF("bad DMA length %u > %d\n", 2858 dmalen + 8, xferlen); 2859 break; 2860 } 2861 2862 /* If it is the last one or a single frame, we won't copy. */ 2863 if ((xferlen -= dmalen + 8) <= 8) { 2864 /* trim 32-bit DMA-len header */ 2865 m->m_data += 4; 2866 m->m_pkthdr.len = m->m_len -= 4; 2867 run_rx_frame(sc, m, dmalen); 2868 m = NULL; /* don't free source buffer */ 2869 break; 2870 } 2871 2872 /* copy aggregated frames to another mbuf */ 2873 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2874 if (__predict_false(m0 == NULL)) { 2875 DPRINTF("could not allocate mbuf\n"); 2876 ifp->if_ierrors++; 2877 break; 2878 } 2879 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2880 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2881 m0->m_pkthdr.len = m0->m_len = 2882 dmalen + sizeof(struct rt2870_rxd); 2883 run_rx_frame(sc, m0, dmalen); 2884 2885 /* update data ptr */ 2886 m->m_data += dmalen + 8; 2887 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2888 } 2889 2890 /* make sure we free the source buffer, if any */ 2891 m_freem(m); 2892 2893 RUN_LOCK(sc); 2894} 2895 2896static void 2897run_tx_free(struct run_endpoint_queue *pq, 2898 struct run_tx_data *data, int txerr) 2899{ 2900 if (data->m != NULL) { 2901 if (data->m->m_flags & M_TXCB) 2902 ieee80211_process_callback(data->ni, data->m, 2903 txerr ? ETIMEDOUT : 0); 2904 m_freem(data->m); 2905 data->m = NULL; 2906 2907 if (data->ni == NULL) { 2908 DPRINTF("no node\n"); 2909 } else { 2910 ieee80211_free_node(data->ni); 2911 data->ni = NULL; 2912 } 2913 } 2914 2915 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2916 pq->tx_nfree++; 2917} 2918 2919static void 2920run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 2921{ 2922 struct run_softc *sc = usbd_xfer_softc(xfer); 2923 struct ifnet *ifp = sc->sc_ifp; 2924 struct ieee80211com *ic = ifp->if_l2com; 2925 struct run_tx_data *data; 2926 struct ieee80211vap *vap = NULL; 2927 struct usb_page_cache *pc; 2928 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2929 struct mbuf *m; 2930 usb_frlength_t size; 2931 int actlen; 2932 int sumlen; 2933 2934 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2935 2936 switch (USB_GET_STATE(xfer)) { 2937 case USB_ST_TRANSFERRED: 2938 DPRINTFN(11, "transfer complete: %d " 2939 "bytes @ index %d\n", actlen, index); 2940 2941 data = usbd_xfer_get_priv(xfer); 2942 2943 run_tx_free(pq, data, 0); 2944 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2945 2946 usbd_xfer_set_priv(xfer, NULL); 2947 2948 ifp->if_opackets++; 2949 2950 /* FALLTHROUGH */ 2951 case USB_ST_SETUP: 2952tr_setup: 2953 data = STAILQ_FIRST(&pq->tx_qh); 2954 if (data == NULL) 2955 break; 2956 2957 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2958 2959 m = data->m; 2960 size = (sc->mac_ver == 0x5592) ? 2961 RUN_MAX_TXSZ + sizeof(uint32_t) : RUN_MAX_TXSZ; 2962 if ((m->m_pkthdr.len + 2963 sizeof(data->desc) + 3 + 8) > size) { 2964 DPRINTF("data overflow, %u bytes\n", 2965 m->m_pkthdr.len); 2966 2967 ifp->if_oerrors++; 2968 2969 run_tx_free(pq, data, 1); 2970 2971 goto tr_setup; 2972 } 2973 2974 pc = usbd_xfer_get_frame(xfer, 0); 2975 size = (sc->mac_ver == 0x5592) ? 2976 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 2977 usbd_copy_in(pc, 0, &data->desc, size); 2978 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2979 size += m->m_pkthdr.len; 2980 /* 2981 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 2982 * 4-byte padding), and be sure to zero those trailing 2983 * bytes: 2984 */ 2985 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 2986 size += ((-size) & 3) + 8; 2987 2988 vap = data->ni->ni_vap; 2989 if (ieee80211_radiotap_active_vap(vap)) { 2990 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2991 struct rt2860_txwi *txwi = 2992 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2993 tap->wt_flags = 0; 2994 tap->wt_rate = rt2860_rates[data->ridx].rate; 2995 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 2996 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 2997 tap->wt_hwqueue = index; 2998 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2999 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3000 3001 ieee80211_radiotap_tx(vap, m); 3002 } 3003 3004 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3005 m->m_pkthdr.len, size, index); 3006 3007 usbd_xfer_set_frame_len(xfer, 0, size); 3008 usbd_xfer_set_priv(xfer, data); 3009 3010 usbd_transfer_submit(xfer); 3011 3012 RUN_UNLOCK(sc); 3013 run_start(ifp); 3014 RUN_LOCK(sc); 3015 3016 break; 3017 3018 default: 3019 DPRINTF("USB transfer error, %s\n", 3020 usbd_errstr(error)); 3021 3022 data = usbd_xfer_get_priv(xfer); 3023 3024 ifp->if_oerrors++; 3025 3026 if (data != NULL) { 3027 if(data->ni != NULL) 3028 vap = data->ni->ni_vap; 3029 run_tx_free(pq, data, error); 3030 usbd_xfer_set_priv(xfer, NULL); 3031 } 3032 if (vap == NULL) 3033 vap = TAILQ_FIRST(&ic->ic_vaps); 3034 3035 if (error != USB_ERR_CANCELLED) { 3036 if (error == USB_ERR_TIMEOUT) { 3037 device_printf(sc->sc_dev, "device timeout\n"); 3038 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3039 DPRINTF("cmdq_store=%d\n", i); 3040 sc->cmdq[i].func = run_usb_timeout_cb; 3041 sc->cmdq[i].arg0 = vap; 3042 ieee80211_runtask(ic, &sc->cmdq_task); 3043 } 3044 3045 /* 3046 * Try to clear stall first, also if other 3047 * errors occur, hence clearing stall 3048 * introduces a 50 ms delay: 3049 */ 3050 usbd_xfer_set_stall(xfer); 3051 goto tr_setup; 3052 } 3053 break; 3054 } 3055} 3056 3057static void 3058run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3059{ 3060 run_bulk_tx_callbackN(xfer, error, 0); 3061} 3062 3063static void 3064run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3065{ 3066 run_bulk_tx_callbackN(xfer, error, 1); 3067} 3068 3069static void 3070run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3071{ 3072 run_bulk_tx_callbackN(xfer, error, 2); 3073} 3074 3075static void 3076run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3077{ 3078 run_bulk_tx_callbackN(xfer, error, 3); 3079} 3080 3081static void 3082run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3083{ 3084 run_bulk_tx_callbackN(xfer, error, 4); 3085} 3086 3087static void 3088run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3089{ 3090 run_bulk_tx_callbackN(xfer, error, 5); 3091} 3092 3093static void 3094run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3095{ 3096 struct mbuf *m = data->m; 3097 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3098 struct ieee80211vap *vap = data->ni->ni_vap; 3099 struct ieee80211_frame *wh; 3100 struct rt2870_txd *txd; 3101 struct rt2860_txwi *txwi; 3102 uint16_t xferlen, txwisize; 3103 uint16_t mcs; 3104 uint8_t ridx = data->ridx; 3105 uint8_t pad; 3106 3107 /* get MCS code from rate index */ 3108 mcs = rt2860_rates[ridx].mcs; 3109 3110 txwisize = (sc->mac_ver == 0x5592) ? 3111 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3112 xferlen = txwisize + m->m_pkthdr.len; 3113 3114 /* roundup to 32-bit alignment */ 3115 xferlen = (xferlen + 3) & ~3; 3116 3117 txd = (struct rt2870_txd *)&data->desc; 3118 txd->len = htole16(xferlen); 3119 3120 wh = mtod(m, struct ieee80211_frame *); 3121 3122 /* 3123 * Ether both are true or both are false, the header 3124 * are nicely aligned to 32-bit. So, no L2 padding. 3125 */ 3126 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3127 pad = 0; 3128 else 3129 pad = 2; 3130 3131 /* setup TX Wireless Information */ 3132 txwi = (struct rt2860_txwi *)(txd + 1); 3133 txwi->len = htole16(m->m_pkthdr.len - pad); 3134 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3135 txwi->phy = htole16(RT2860_PHY_CCK); 3136 if (ridx != RT2860_RIDX_CCK1 && 3137 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3138 mcs |= RT2860_PHY_SHPRE; 3139 } else 3140 txwi->phy = htole16(RT2860_PHY_OFDM); 3141 txwi->phy |= htole16(mcs); 3142 3143 /* check if RTS/CTS or CTS-to-self protection is required */ 3144 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3145 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3146 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3147 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3148 txwi->txop |= RT2860_TX_TXOP_HT; 3149 else 3150 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3151 3152 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3153 txwi->xflags |= RT2860_TX_NSEQ; 3154} 3155 3156/* This function must be called locked */ 3157static int 3158run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3159{ 3160 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3161 struct ieee80211vap *vap = ni->ni_vap; 3162 struct ieee80211_frame *wh; 3163 struct ieee80211_channel *chan; 3164 const struct ieee80211_txparam *tp; 3165 struct run_node *rn = (void *)ni; 3166 struct run_tx_data *data; 3167 struct rt2870_txd *txd; 3168 struct rt2860_txwi *txwi; 3169 uint16_t qos; 3170 uint16_t dur; 3171 uint16_t qid; 3172 uint8_t type; 3173 uint8_t tid; 3174 uint8_t ridx; 3175 uint8_t ctl_ridx; 3176 uint8_t qflags; 3177 uint8_t xflags = 0; 3178 int hasqos; 3179 3180 RUN_LOCK_ASSERT(sc, MA_OWNED); 3181 3182 wh = mtod(m, struct ieee80211_frame *); 3183 3184 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3185 3186 /* 3187 * There are 7 bulk endpoints: 1 for RX 3188 * and 6 for TX (4 EDCAs + HCCA + Prio). 3189 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3190 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3191 */ 3192 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3193 uint8_t *frm; 3194 3195 if(IEEE80211_HAS_ADDR4(wh)) 3196 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3197 else 3198 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3199 3200 qos = le16toh(*(const uint16_t *)frm); 3201 tid = qos & IEEE80211_QOS_TID; 3202 qid = TID_TO_WME_AC(tid); 3203 } else { 3204 qos = 0; 3205 tid = 0; 3206 qid = WME_AC_BE; 3207 } 3208 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3209 3210 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3211 qos, qid, tid, qflags); 3212 3213 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3214 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3215 3216 /* pickup a rate index */ 3217 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3218 type != IEEE80211_FC0_TYPE_DATA) { 3219 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3220 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3221 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3222 } else { 3223 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3224 ridx = rn->fix_ridx; 3225 else 3226 ridx = rn->amrr_ridx; 3227 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3228 } 3229 3230 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3231 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3232 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3233 xflags |= RT2860_TX_ACK; 3234 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3235 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3236 else 3237 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3238 USETW(wh->i_dur, dur); 3239 } 3240 3241 /* reserve slots for mgmt packets, just in case */ 3242 if (sc->sc_epq[qid].tx_nfree < 3) { 3243 DPRINTFN(10, "tx ring %d is full\n", qid); 3244 return (-1); 3245 } 3246 3247 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3248 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3249 sc->sc_epq[qid].tx_nfree--; 3250 3251 txd = (struct rt2870_txd *)&data->desc; 3252 txd->flags = qflags; 3253 txwi = (struct rt2860_txwi *)(txd + 1); 3254 txwi->xflags = xflags; 3255 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3256 txwi->wcid = 0; 3257 else 3258 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3259 1 : RUN_AID2WCID(ni->ni_associd); 3260 3261 /* clear leftover garbage bits */ 3262 txwi->flags = 0; 3263 txwi->txop = 0; 3264 3265 data->m = m; 3266 data->ni = ni; 3267 data->ridx = ridx; 3268 3269 run_set_tx_desc(sc, data); 3270 3271 /* 3272 * The chip keeps track of 2 kind of Tx stats, 3273 * * TX_STAT_FIFO, for per WCID stats, and 3274 * * TX_STA_CNT0 for all-TX-in-one stats. 3275 * 3276 * To use FIFO stats, we need to store MCS into the driver-private 3277 * PacketID field. So that, we can tell whose stats when we read them. 3278 * We add 1 to the MCS because setting the PacketID field to 0 means 3279 * that we don't want feedback in TX_STAT_FIFO. 3280 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3281 * 3282 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3283 */ 3284 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3285 vap->iv_opmode == IEEE80211_M_MBSS) { 3286 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3287 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3288 3289 /* 3290 * Unlike PCI based devices, we don't get any interrupt from 3291 * USB devices, so we simulate FIFO-is-full interrupt here. 3292 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3293 * quickly get fulled. To prevent overflow, increment a counter on 3294 * every FIFO stat request, so we know how many slots are left. 3295 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3296 * are used only in those modes. 3297 * We just drain stats. AMRR gets updated every 1 sec by 3298 * run_ratectl_cb() via callout. 3299 * Call it early. Otherwise overflow. 3300 */ 3301 if (sc->fifo_cnt++ == 10) { 3302 /* 3303 * With multiple vaps or if_bridge, if_start() is called 3304 * with a non-sleepable lock, tcpinp. So, need to defer. 3305 */ 3306 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3307 DPRINTFN(6, "cmdq_store=%d\n", i); 3308 sc->cmdq[i].func = run_drain_fifo; 3309 sc->cmdq[i].arg0 = sc; 3310 ieee80211_runtask(ic, &sc->cmdq_task); 3311 } 3312 } 3313 3314 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3315 3316 usbd_transfer_start(sc->sc_xfer[qid]); 3317 3318 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3319 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3320 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3321 3322 return (0); 3323} 3324 3325static int 3326run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3327{ 3328 struct ifnet *ifp = sc->sc_ifp; 3329 struct ieee80211com *ic = ifp->if_l2com; 3330 struct run_node *rn = (void *)ni; 3331 struct run_tx_data *data; 3332 struct ieee80211_frame *wh; 3333 struct rt2870_txd *txd; 3334 struct rt2860_txwi *txwi; 3335 uint16_t dur; 3336 uint8_t ridx = rn->mgt_ridx; 3337 uint8_t type; 3338 uint8_t xflags = 0; 3339 uint8_t wflags = 0; 3340 3341 RUN_LOCK_ASSERT(sc, MA_OWNED); 3342 3343 wh = mtod(m, struct ieee80211_frame *); 3344 3345 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3346 3347 /* tell hardware to add timestamp for probe responses */ 3348 if ((wh->i_fc[0] & 3349 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3350 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3351 wflags |= RT2860_TX_TS; 3352 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3353 xflags |= RT2860_TX_ACK; 3354 3355 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3356 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3357 USETW(wh->i_dur, dur); 3358 } 3359 3360 if (sc->sc_epq[0].tx_nfree == 0) { 3361 /* let caller free mbuf */ 3362 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3363 return (EIO); 3364 } 3365 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3366 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3367 sc->sc_epq[0].tx_nfree--; 3368 3369 txd = (struct rt2870_txd *)&data->desc; 3370 txd->flags = RT2860_TX_QSEL_EDCA; 3371 txwi = (struct rt2860_txwi *)(txd + 1); 3372 txwi->wcid = 0xff; 3373 txwi->flags = wflags; 3374 txwi->xflags = xflags; 3375 txwi->txop = 0; /* clear leftover garbage bits */ 3376 3377 data->m = m; 3378 data->ni = ni; 3379 data->ridx = ridx; 3380 3381 run_set_tx_desc(sc, data); 3382 3383 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3384 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3385 rt2860_rates[ridx].rate); 3386 3387 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3388 3389 usbd_transfer_start(sc->sc_xfer[0]); 3390 3391 return (0); 3392} 3393 3394static int 3395run_sendprot(struct run_softc *sc, 3396 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3397{ 3398 struct ieee80211com *ic = ni->ni_ic; 3399 struct ieee80211_frame *wh; 3400 struct run_tx_data *data; 3401 struct rt2870_txd *txd; 3402 struct rt2860_txwi *txwi; 3403 struct mbuf *mprot; 3404 int ridx; 3405 int protrate; 3406 int ackrate; 3407 int pktlen; 3408 int isshort; 3409 uint16_t dur; 3410 uint8_t type; 3411 uint8_t wflags = 0; 3412 uint8_t xflags = 0; 3413 3414 RUN_LOCK_ASSERT(sc, MA_OWNED); 3415 3416 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3417 ("protection %d", prot)); 3418 3419 wh = mtod(m, struct ieee80211_frame *); 3420 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3421 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3422 3423 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3424 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3425 3426 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3427 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3428 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3429 wflags = RT2860_TX_FRAG; 3430 3431 /* check that there are free slots before allocating the mbuf */ 3432 if (sc->sc_epq[0].tx_nfree == 0) { 3433 /* let caller free mbuf */ 3434 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3435 return (ENOBUFS); 3436 } 3437 3438 if (prot == IEEE80211_PROT_RTSCTS) { 3439 /* NB: CTS is the same size as an ACK */ 3440 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3441 xflags |= RT2860_TX_ACK; 3442 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3443 } else { 3444 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3445 } 3446 if (mprot == NULL) { 3447 sc->sc_ifp->if_oerrors++; 3448 DPRINTF("could not allocate mbuf\n"); 3449 return (ENOBUFS); 3450 } 3451 3452 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3453 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3454 sc->sc_epq[0].tx_nfree--; 3455 3456 txd = (struct rt2870_txd *)&data->desc; 3457 txd->flags = RT2860_TX_QSEL_EDCA; 3458 txwi = (struct rt2860_txwi *)(txd + 1); 3459 txwi->wcid = 0xff; 3460 txwi->flags = wflags; 3461 txwi->xflags = xflags; 3462 txwi->txop = 0; /* clear leftover garbage bits */ 3463 3464 data->m = mprot; 3465 data->ni = ieee80211_ref_node(ni); 3466 3467 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3468 if (rt2860_rates[ridx].rate == protrate) 3469 break; 3470 data->ridx = ridx; 3471 3472 run_set_tx_desc(sc, data); 3473 3474 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3475 m->m_pkthdr.len, rate); 3476 3477 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3478 3479 usbd_transfer_start(sc->sc_xfer[0]); 3480 3481 return (0); 3482} 3483 3484static int 3485run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3486 const struct ieee80211_bpf_params *params) 3487{ 3488 struct ieee80211com *ic = ni->ni_ic; 3489 struct ieee80211_frame *wh; 3490 struct run_tx_data *data; 3491 struct rt2870_txd *txd; 3492 struct rt2860_txwi *txwi; 3493 uint8_t type; 3494 uint8_t ridx; 3495 uint8_t rate; 3496 uint8_t opflags = 0; 3497 uint8_t xflags = 0; 3498 int error; 3499 3500 RUN_LOCK_ASSERT(sc, MA_OWNED); 3501 3502 KASSERT(params != NULL, ("no raw xmit params")); 3503 3504 wh = mtod(m, struct ieee80211_frame *); 3505 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3506 3507 rate = params->ibp_rate0; 3508 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3509 /* let caller free mbuf */ 3510 return (EINVAL); 3511 } 3512 3513 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3514 xflags |= RT2860_TX_ACK; 3515 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3516 error = run_sendprot(sc, m, ni, 3517 params->ibp_flags & IEEE80211_BPF_RTS ? 3518 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3519 rate); 3520 if (error) { 3521 /* let caller free mbuf */ 3522 return error; 3523 } 3524 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3525 } 3526 3527 if (sc->sc_epq[0].tx_nfree == 0) { 3528 /* let caller free mbuf */ 3529 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3530 DPRINTF("sending raw frame, but tx ring is full\n"); 3531 return (EIO); 3532 } 3533 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3534 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3535 sc->sc_epq[0].tx_nfree--; 3536 3537 txd = (struct rt2870_txd *)&data->desc; 3538 txd->flags = RT2860_TX_QSEL_EDCA; 3539 txwi = (struct rt2860_txwi *)(txd + 1); 3540 txwi->wcid = 0xff; 3541 txwi->xflags = xflags; 3542 txwi->txop = opflags; 3543 txwi->flags = 0; /* clear leftover garbage bits */ 3544 3545 data->m = m; 3546 data->ni = ni; 3547 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3548 if (rt2860_rates[ridx].rate == rate) 3549 break; 3550 data->ridx = ridx; 3551 3552 run_set_tx_desc(sc, data); 3553 3554 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3555 m->m_pkthdr.len, rate); 3556 3557 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3558 3559 usbd_transfer_start(sc->sc_xfer[0]); 3560 3561 return (0); 3562} 3563 3564static int 3565run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3566 const struct ieee80211_bpf_params *params) 3567{ 3568 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3569 struct run_softc *sc = ifp->if_softc; 3570 int error = 0; 3571 3572 RUN_LOCK(sc); 3573 3574 /* prevent management frames from being sent if we're not ready */ 3575 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3576 error = ENETDOWN; 3577 goto done; 3578 } 3579 3580 if (params == NULL) { 3581 /* tx mgt packet */ 3582 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3583 ifp->if_oerrors++; 3584 DPRINTF("mgt tx failed\n"); 3585 goto done; 3586 } 3587 } else { 3588 /* tx raw packet with param */ 3589 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3590 ifp->if_oerrors++; 3591 DPRINTF("tx with param failed\n"); 3592 goto done; 3593 } 3594 } 3595 3596 ifp->if_opackets++; 3597 3598done: 3599 RUN_UNLOCK(sc); 3600 3601 if (error != 0) { 3602 if(m != NULL) 3603 m_freem(m); 3604 ieee80211_free_node(ni); 3605 } 3606 3607 return (error); 3608} 3609 3610static void 3611run_start(struct ifnet *ifp) 3612{ 3613 struct run_softc *sc = ifp->if_softc; 3614 struct ieee80211_node *ni; 3615 struct mbuf *m; 3616 3617 RUN_LOCK(sc); 3618 3619 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3620 RUN_UNLOCK(sc); 3621 return; 3622 } 3623 3624 for (;;) { 3625 /* send data frames */ 3626 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3627 if (m == NULL) 3628 break; 3629 3630 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3631 if (run_tx(sc, m, ni) != 0) { 3632 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3633 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3634 break; 3635 } 3636 } 3637 3638 RUN_UNLOCK(sc); 3639} 3640 3641static int 3642run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3643{ 3644 struct run_softc *sc = ifp->if_softc; 3645 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3646 struct ifreq *ifr = (struct ifreq *) data; 3647 int startall = 0; 3648 int error; 3649 3650 RUN_LOCK(sc); 3651 error = sc->sc_detached ? ENXIO : 0; 3652 RUN_UNLOCK(sc); 3653 if (error) 3654 return (error); 3655 3656 switch (cmd) { 3657 case SIOCSIFFLAGS: 3658 RUN_LOCK(sc); 3659 if (ifp->if_flags & IFF_UP) { 3660 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3661 startall = 1; 3662 run_init_locked(sc); 3663 } else 3664 run_update_promisc_locked(ifp); 3665 } else { 3666 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3667 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3668 run_stop(sc); 3669 } 3670 } 3671 RUN_UNLOCK(sc); 3672 if (startall) 3673 ieee80211_start_all(ic); 3674 break; 3675 case SIOCGIFMEDIA: 3676 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3677 break; 3678 case SIOCGIFADDR: 3679 error = ether_ioctl(ifp, cmd, data); 3680 break; 3681 default: 3682 error = EINVAL; 3683 break; 3684 } 3685 3686 return (error); 3687} 3688 3689static void 3690run_iq_calib(struct run_softc *sc, u_int chan) 3691{ 3692 uint16_t val; 3693 3694 /* Tx0 IQ gain. */ 3695 run_bbp_write(sc, 158, 0x2c); 3696 if (chan <= 14) 3697 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3698 else if (chan <= 64) { 3699 run_efuse_read(sc, 3700 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3701 &val, 1); 3702 } else if (chan <= 138) { 3703 run_efuse_read(sc, 3704 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3705 &val, 1); 3706 } else if (chan <= 165) { 3707 run_efuse_read(sc, 3708 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3709 &val, 1); 3710 } else 3711 val = 0; 3712 run_bbp_write(sc, 159, val); 3713 3714 /* Tx0 IQ phase. */ 3715 run_bbp_write(sc, 158, 0x2d); 3716 if (chan <= 14) { 3717 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3718 &val, 1); 3719 } else if (chan <= 64) { 3720 run_efuse_read(sc, 3721 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3722 &val, 1); 3723 } else if (chan <= 138) { 3724 run_efuse_read(sc, 3725 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3726 &val, 1); 3727 } else if (chan <= 165) { 3728 run_efuse_read(sc, 3729 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3730 &val, 1); 3731 } else 3732 val = 0; 3733 run_bbp_write(sc, 159, val); 3734 3735 /* Tx1 IQ gain. */ 3736 run_bbp_write(sc, 158, 0x4a); 3737 if (chan <= 14) { 3738 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3739 &val, 1); 3740 } else if (chan <= 64) { 3741 run_efuse_read(sc, 3742 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3743 &val, 1); 3744 } else if (chan <= 138) { 3745 run_efuse_read(sc, 3746 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3747 &val, 1); 3748 } else if (chan <= 165) { 3749 run_efuse_read(sc, 3750 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3751 &val, 1); 3752 } else 3753 val = 0; 3754 run_bbp_write(sc, 159, val); 3755 3756 /* Tx1 IQ phase. */ 3757 run_bbp_write(sc, 158, 0x4b); 3758 if (chan <= 14) { 3759 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3760 &val, 1); 3761 } else if (chan <= 64) { 3762 run_efuse_read(sc, 3763 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3764 &val, 1); 3765 } else if (chan <= 138) { 3766 run_efuse_read(sc, 3767 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3768 &val, 1); 3769 } else if (chan <= 165) { 3770 run_efuse_read(sc, 3771 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3772 &val, 1); 3773 } else 3774 val = 0; 3775 run_bbp_write(sc, 159, val); 3776 3777 /* RF IQ compensation control. */ 3778 run_bbp_write(sc, 158, 0x04); 3779 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3780 &val, 1); 3781 run_bbp_write(sc, 159, val); 3782 3783 /* RF IQ imbalance compensation control. */ 3784 run_bbp_write(sc, 158, 0x03); 3785 run_efuse_read(sc, 3786 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3787 run_bbp_write(sc, 159, val); 3788} 3789 3790static void 3791run_set_agc(struct run_softc *sc, uint8_t agc) 3792{ 3793 uint8_t bbp; 3794 3795 if (sc->mac_ver == 0x3572) { 3796 run_bbp_read(sc, 27, &bbp); 3797 bbp &= ~(0x3 << 5); 3798 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3799 run_bbp_write(sc, 66, agc); 3800 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3801 run_bbp_write(sc, 66, agc); 3802 } else 3803 run_bbp_write(sc, 66, agc); 3804} 3805 3806static void 3807run_select_chan_group(struct run_softc *sc, int group) 3808{ 3809 uint32_t tmp; 3810 uint8_t agc; 3811 3812 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3813 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3814 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3815 if (sc->mac_ver < 0x3572) 3816 run_bbp_write(sc, 86, 0x00); 3817 3818 if (group == 0) { 3819 if (sc->ext_2ghz_lna) { 3820 if (sc->mac_ver >= 0x5390) 3821 run_bbp_write(sc, 75, 0x52); 3822 else { 3823 run_bbp_write(sc, 82, 0x62); 3824 run_bbp_write(sc, 75, 0x46); 3825 } 3826 } else { 3827 if (sc->mac_ver == 0x5592) { 3828 run_bbp_write(sc, 79, 0x1c); 3829 run_bbp_write(sc, 80, 0x0e); 3830 run_bbp_write(sc, 81, 0x3a); 3831 run_bbp_write(sc, 82, 0x62); 3832 3833 run_bbp_write(sc, 195, 0x80); 3834 run_bbp_write(sc, 196, 0xe0); 3835 run_bbp_write(sc, 195, 0x81); 3836 run_bbp_write(sc, 196, 0x1f); 3837 run_bbp_write(sc, 195, 0x82); 3838 run_bbp_write(sc, 196, 0x38); 3839 run_bbp_write(sc, 195, 0x83); 3840 run_bbp_write(sc, 196, 0x32); 3841 run_bbp_write(sc, 195, 0x85); 3842 run_bbp_write(sc, 196, 0x28); 3843 run_bbp_write(sc, 195, 0x86); 3844 run_bbp_write(sc, 196, 0x19); 3845 } else if (sc->mac_ver >= 0x5390) 3846 run_bbp_write(sc, 75, 0x50); 3847 else { 3848 run_bbp_write(sc, 82, 0x84); 3849 run_bbp_write(sc, 75, 0x50); 3850 } 3851 } 3852 } else { 3853 if (sc->mac_ver == 0x5592) { 3854 run_bbp_write(sc, 79, 0x18); 3855 run_bbp_write(sc, 80, 0x08); 3856 run_bbp_write(sc, 81, 0x38); 3857 run_bbp_write(sc, 82, 0x92); 3858 3859 run_bbp_write(sc, 195, 0x80); 3860 run_bbp_write(sc, 196, 0xf0); 3861 run_bbp_write(sc, 195, 0x81); 3862 run_bbp_write(sc, 196, 0x1e); 3863 run_bbp_write(sc, 195, 0x82); 3864 run_bbp_write(sc, 196, 0x28); 3865 run_bbp_write(sc, 195, 0x83); 3866 run_bbp_write(sc, 196, 0x20); 3867 run_bbp_write(sc, 195, 0x85); 3868 run_bbp_write(sc, 196, 0x7f); 3869 run_bbp_write(sc, 195, 0x86); 3870 run_bbp_write(sc, 196, 0x7f); 3871 } else if (sc->mac_ver == 0x3572) 3872 run_bbp_write(sc, 82, 0x94); 3873 else 3874 run_bbp_write(sc, 82, 0xf2); 3875 if (sc->ext_5ghz_lna) 3876 run_bbp_write(sc, 75, 0x46); 3877 else 3878 run_bbp_write(sc, 75, 0x50); 3879 } 3880 3881 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3882 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3883 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3884 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3885 3886 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3887 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3888 if (sc->nrxchains > 1) 3889 tmp |= RT2860_LNA_PE1_EN; 3890 if (group == 0) { /* 2GHz */ 3891 tmp |= RT2860_PA_PE_G0_EN; 3892 if (sc->ntxchains > 1) 3893 tmp |= RT2860_PA_PE_G1_EN; 3894 } else { /* 5GHz */ 3895 tmp |= RT2860_PA_PE_A0_EN; 3896 if (sc->ntxchains > 1) 3897 tmp |= RT2860_PA_PE_A1_EN; 3898 } 3899 if (sc->mac_ver == 0x3572) { 3900 run_rt3070_rf_write(sc, 8, 0x00); 3901 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3902 run_rt3070_rf_write(sc, 8, 0x80); 3903 } else 3904 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3905 3906 if (sc->mac_ver == 0x5592) { 3907 run_bbp_write(sc, 195, 0x8d); 3908 run_bbp_write(sc, 196, 0x1a); 3909 } 3910 3911 /* set initial AGC value */ 3912 if (group == 0) { /* 2GHz band */ 3913 if (sc->mac_ver >= 0x3070) 3914 agc = 0x1c + sc->lna[0] * 2; 3915 else 3916 agc = 0x2e + sc->lna[0]; 3917 } else { /* 5GHz band */ 3918 if (sc->mac_ver == 0x5592) 3919 agc = 0x24 + sc->lna[group] * 2; 3920 else if (sc->mac_ver == 0x3572) 3921 agc = 0x22 + (sc->lna[group] * 5) / 3; 3922 else 3923 agc = 0x32 + (sc->lna[group] * 5) / 3; 3924 } 3925 run_set_agc(sc, agc); 3926} 3927 3928static void 3929run_rt2870_set_chan(struct run_softc *sc, u_int chan) 3930{ 3931 const struct rfprog *rfprog = rt2860_rf2850; 3932 uint32_t r2, r3, r4; 3933 int8_t txpow1, txpow2; 3934 int i; 3935 3936 /* find the settings for this channel (we know it exists) */ 3937 for (i = 0; rfprog[i].chan != chan; i++); 3938 3939 r2 = rfprog[i].r2; 3940 if (sc->ntxchains == 1) 3941 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 3942 if (sc->nrxchains == 1) 3943 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 3944 else if (sc->nrxchains == 2) 3945 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 3946 3947 /* use Tx power values from EEPROM */ 3948 txpow1 = sc->txpow1[i]; 3949 txpow2 = sc->txpow2[i]; 3950 3951 /* Initialize RF R3 and R4. */ 3952 r3 = rfprog[i].r3 & 0xffffc1ff; 3953 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 3954 if (chan > 14) { 3955 if (txpow1 >= 0) { 3956 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 3957 r3 |= (txpow1 << 10) | (1 << 9); 3958 } else { 3959 txpow1 += 7; 3960 3961 /* txpow1 is not possible larger than 15. */ 3962 r3 |= (txpow1 << 10); 3963 } 3964 if (txpow2 >= 0) { 3965 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 3966 r4 |= (txpow2 << 7) | (1 << 6); 3967 } else { 3968 txpow2 += 7; 3969 r4 |= (txpow2 << 7); 3970 } 3971 } else { 3972 /* Set Tx0 power. */ 3973 r3 |= (txpow1 << 9); 3974 3975 /* Set frequency offset and Tx1 power. */ 3976 r4 |= (txpow2 << 6); 3977 } 3978 3979 run_rt2870_rf_write(sc, rfprog[i].r1); 3980 run_rt2870_rf_write(sc, r2); 3981 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 3982 run_rt2870_rf_write(sc, r4); 3983 3984 run_delay(sc, 10); 3985 3986 run_rt2870_rf_write(sc, rfprog[i].r1); 3987 run_rt2870_rf_write(sc, r2); 3988 run_rt2870_rf_write(sc, r3 | (1 << 2)); 3989 run_rt2870_rf_write(sc, r4); 3990 3991 run_delay(sc, 10); 3992 3993 run_rt2870_rf_write(sc, rfprog[i].r1); 3994 run_rt2870_rf_write(sc, r2); 3995 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 3996 run_rt2870_rf_write(sc, r4); 3997} 3998 3999static void 4000run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4001{ 4002 int8_t txpow1, txpow2; 4003 uint8_t rf; 4004 int i; 4005 4006 /* find the settings for this channel (we know it exists) */ 4007 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4008 4009 /* use Tx power values from EEPROM */ 4010 txpow1 = sc->txpow1[i]; 4011 txpow2 = sc->txpow2[i]; 4012 4013 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4014 4015 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4016 run_rt3070_rf_read(sc, 3, &rf); 4017 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4018 run_rt3070_rf_write(sc, 3, rf); 4019 4020 run_rt3070_rf_read(sc, 6, &rf); 4021 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4022 run_rt3070_rf_write(sc, 6, rf); 4023 4024 /* set Tx0 power */ 4025 run_rt3070_rf_read(sc, 12, &rf); 4026 rf = (rf & ~0x1f) | txpow1; 4027 run_rt3070_rf_write(sc, 12, rf); 4028 4029 /* set Tx1 power */ 4030 run_rt3070_rf_read(sc, 13, &rf); 4031 rf = (rf & ~0x1f) | txpow2; 4032 run_rt3070_rf_write(sc, 13, rf); 4033 4034 run_rt3070_rf_read(sc, 1, &rf); 4035 rf &= ~0xfc; 4036 if (sc->ntxchains == 1) 4037 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4038 else if (sc->ntxchains == 2) 4039 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4040 if (sc->nrxchains == 1) 4041 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4042 else if (sc->nrxchains == 2) 4043 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4044 run_rt3070_rf_write(sc, 1, rf); 4045 4046 /* set RF offset */ 4047 run_rt3070_rf_read(sc, 23, &rf); 4048 rf = (rf & ~0x7f) | sc->freq; 4049 run_rt3070_rf_write(sc, 23, rf); 4050 4051 /* program RF filter */ 4052 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4053 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4054 run_rt3070_rf_write(sc, 24, rf); 4055 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4056 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4057 run_rt3070_rf_write(sc, 31, rf); 4058 4059 /* enable RF tuning */ 4060 run_rt3070_rf_read(sc, 7, &rf); 4061 run_rt3070_rf_write(sc, 7, rf | 0x01); 4062} 4063 4064static void 4065run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4066{ 4067 int8_t txpow1, txpow2; 4068 uint32_t tmp; 4069 uint8_t rf; 4070 int i; 4071 4072 /* find the settings for this channel (we know it exists) */ 4073 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4074 4075 /* use Tx power values from EEPROM */ 4076 txpow1 = sc->txpow1[i]; 4077 txpow2 = sc->txpow2[i]; 4078 4079 if (chan <= 14) { 4080 run_bbp_write(sc, 25, sc->bbp25); 4081 run_bbp_write(sc, 26, sc->bbp26); 4082 } else { 4083 /* enable IQ phase correction */ 4084 run_bbp_write(sc, 25, 0x09); 4085 run_bbp_write(sc, 26, 0xff); 4086 } 4087 4088 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4089 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4090 run_rt3070_rf_read(sc, 6, &rf); 4091 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4092 rf |= (chan <= 14) ? 0x08 : 0x04; 4093 run_rt3070_rf_write(sc, 6, rf); 4094 4095 /* set PLL mode */ 4096 run_rt3070_rf_read(sc, 5, &rf); 4097 rf &= ~(0x08 | 0x04); 4098 rf |= (chan <= 14) ? 0x04 : 0x08; 4099 run_rt3070_rf_write(sc, 5, rf); 4100 4101 /* set Tx power for chain 0 */ 4102 if (chan <= 14) 4103 rf = 0x60 | txpow1; 4104 else 4105 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4106 run_rt3070_rf_write(sc, 12, rf); 4107 4108 /* set Tx power for chain 1 */ 4109 if (chan <= 14) 4110 rf = 0x60 | txpow2; 4111 else 4112 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4113 run_rt3070_rf_write(sc, 13, rf); 4114 4115 /* set Tx/Rx streams */ 4116 run_rt3070_rf_read(sc, 1, &rf); 4117 rf &= ~0xfc; 4118 if (sc->ntxchains == 1) 4119 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4120 else if (sc->ntxchains == 2) 4121 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4122 if (sc->nrxchains == 1) 4123 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4124 else if (sc->nrxchains == 2) 4125 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4126 run_rt3070_rf_write(sc, 1, rf); 4127 4128 /* set RF offset */ 4129 run_rt3070_rf_read(sc, 23, &rf); 4130 rf = (rf & ~0x7f) | sc->freq; 4131 run_rt3070_rf_write(sc, 23, rf); 4132 4133 /* program RF filter */ 4134 rf = sc->rf24_20mhz; 4135 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4136 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4137 4138 /* enable RF tuning */ 4139 run_rt3070_rf_read(sc, 7, &rf); 4140 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4141 run_rt3070_rf_write(sc, 7, rf); 4142 4143 /* TSSI */ 4144 rf = (chan <= 14) ? 0xc3 : 0xc0; 4145 run_rt3070_rf_write(sc, 9, rf); 4146 4147 /* set loop filter 1 */ 4148 run_rt3070_rf_write(sc, 10, 0xf1); 4149 /* set loop filter 2 */ 4150 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4151 4152 /* set tx_mx2_ic */ 4153 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4154 /* set tx_mx1_ic */ 4155 if (chan <= 14) 4156 rf = 0x48 | sc->txmixgain_2ghz; 4157 else 4158 rf = 0x78 | sc->txmixgain_5ghz; 4159 run_rt3070_rf_write(sc, 16, rf); 4160 4161 /* set tx_lo1 */ 4162 run_rt3070_rf_write(sc, 17, 0x23); 4163 /* set tx_lo2 */ 4164 if (chan <= 14) 4165 rf = 0x93; 4166 else if (chan <= 64) 4167 rf = 0xb7; 4168 else if (chan <= 128) 4169 rf = 0x74; 4170 else 4171 rf = 0x72; 4172 run_rt3070_rf_write(sc, 19, rf); 4173 4174 /* set rx_lo1 */ 4175 if (chan <= 14) 4176 rf = 0xb3; 4177 else if (chan <= 64) 4178 rf = 0xf6; 4179 else if (chan <= 128) 4180 rf = 0xf4; 4181 else 4182 rf = 0xf3; 4183 run_rt3070_rf_write(sc, 20, rf); 4184 4185 /* set pfd_delay */ 4186 if (chan <= 14) 4187 rf = 0x15; 4188 else if (chan <= 64) 4189 rf = 0x3d; 4190 else 4191 rf = 0x01; 4192 run_rt3070_rf_write(sc, 25, rf); 4193 4194 /* set rx_lo2 */ 4195 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4196 /* set ldo_rf_vc */ 4197 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4198 /* set drv_cc */ 4199 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4200 4201 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4202 tmp &= ~0x8080; 4203 if (chan <= 14) 4204 tmp |= 0x80; 4205 run_write(sc, RT2860_GPIO_CTRL, tmp); 4206 4207 /* enable RF tuning */ 4208 run_rt3070_rf_read(sc, 7, &rf); 4209 run_rt3070_rf_write(sc, 7, rf | 0x01); 4210 4211 run_delay(sc, 2); 4212} 4213 4214static void 4215run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4216{ 4217 int8_t txpow1, txpow2; 4218 uint8_t rf; 4219 int i; 4220 4221 /* find the settings for this channel (we know it exists) */ 4222 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4223 4224 /* use Tx power values from EEPROM */ 4225 txpow1 = sc->txpow1[i]; 4226 txpow2 = sc->txpow2[i]; 4227 4228 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4229 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4230 run_rt3070_rf_read(sc, 11, &rf); 4231 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4232 run_rt3070_rf_write(sc, 11, rf); 4233 4234 run_rt3070_rf_read(sc, 49, &rf); 4235 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4236 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4237 if ((rf & 0x3f) > 0x27) 4238 rf = (rf & ~0x3f) | 0x27; 4239 run_rt3070_rf_write(sc, 49, rf); 4240 4241 if (sc->mac_ver == 0x5392) { 4242 run_rt3070_rf_read(sc, 50, &rf); 4243 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4244 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4245 if ((rf & 0x3f) > 0x27) 4246 rf = (rf & ~0x3f) | 0x27; 4247 run_rt3070_rf_write(sc, 50, rf); 4248 } 4249 4250 run_rt3070_rf_read(sc, 1, &rf); 4251 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4252 if (sc->mac_ver == 0x5392) 4253 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4254 run_rt3070_rf_write(sc, 1, rf); 4255 4256 if (sc->mac_ver != 0x5392) { 4257 run_rt3070_rf_read(sc, 2, &rf); 4258 rf |= 0x80; 4259 run_rt3070_rf_write(sc, 2, rf); 4260 run_delay(sc, 10); 4261 rf &= 0x7f; 4262 run_rt3070_rf_write(sc, 2, rf); 4263 } 4264 4265 run_adjust_freq_offset(sc); 4266 4267 if (sc->mac_ver == 0x5392) { 4268 /* Fix for RT5392C. */ 4269 if (sc->mac_rev >= 0x0223) { 4270 if (chan <= 4) 4271 rf = 0x0f; 4272 else if (chan >= 5 && chan <= 7) 4273 rf = 0x0e; 4274 else 4275 rf = 0x0d; 4276 run_rt3070_rf_write(sc, 23, rf); 4277 4278 if (chan <= 4) 4279 rf = 0x0c; 4280 else if (chan == 5) 4281 rf = 0x0b; 4282 else if (chan >= 6 && chan <= 7) 4283 rf = 0x0a; 4284 else if (chan >= 8 && chan <= 10) 4285 rf = 0x09; 4286 else 4287 rf = 0x08; 4288 run_rt3070_rf_write(sc, 59, rf); 4289 } else { 4290 if (chan <= 11) 4291 rf = 0x0f; 4292 else 4293 rf = 0x0b; 4294 run_rt3070_rf_write(sc, 59, rf); 4295 } 4296 } else { 4297 /* Fix for RT5390F. */ 4298 if (sc->mac_rev >= 0x0502) { 4299 if (chan <= 11) 4300 rf = 0x43; 4301 else 4302 rf = 0x23; 4303 run_rt3070_rf_write(sc, 55, rf); 4304 4305 if (chan <= 11) 4306 rf = 0x0f; 4307 else if (chan == 12) 4308 rf = 0x0d; 4309 else 4310 rf = 0x0b; 4311 run_rt3070_rf_write(sc, 59, rf); 4312 } else { 4313 run_rt3070_rf_write(sc, 55, 0x44); 4314 run_rt3070_rf_write(sc, 59, 0x8f); 4315 } 4316 } 4317 4318 /* Enable VCO calibration. */ 4319 run_rt3070_rf_read(sc, 3, &rf); 4320 rf |= RT5390_VCOCAL; 4321 run_rt3070_rf_write(sc, 3, rf); 4322} 4323 4324static void 4325run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4326{ 4327 const struct rt5592_freqs *freqs; 4328 uint32_t tmp; 4329 uint8_t reg, rf, txpow_bound; 4330 int8_t txpow1, txpow2; 4331 int i; 4332 4333 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4334 freqs = (tmp & RT5592_SEL_XTAL) ? 4335 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4336 4337 /* find the settings for this channel (we know it exists) */ 4338 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4339 4340 /* use Tx power values from EEPROM */ 4341 txpow1 = sc->txpow1[i]; 4342 txpow2 = sc->txpow2[i]; 4343 4344 run_read(sc, RT3070_LDO_CFG0, &tmp); 4345 tmp &= ~0x1c000000; 4346 if (chan > 14) 4347 tmp |= 0x14000000; 4348 run_write(sc, RT3070_LDO_CFG0, tmp); 4349 4350 /* N setting. */ 4351 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4352 run_rt3070_rf_read(sc, 9, &rf); 4353 rf &= ~(1 << 4); 4354 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4355 run_rt3070_rf_write(sc, 9, rf); 4356 4357 /* K setting. */ 4358 run_rt3070_rf_read(sc, 9, &rf); 4359 rf &= ~0x0f; 4360 rf |= (freqs->k & 0x0f); 4361 run_rt3070_rf_write(sc, 9, rf); 4362 4363 /* Mode setting. */ 4364 run_rt3070_rf_read(sc, 11, &rf); 4365 rf &= ~0x0c; 4366 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4367 run_rt3070_rf_write(sc, 11, rf); 4368 run_rt3070_rf_read(sc, 9, &rf); 4369 rf &= ~(1 << 7); 4370 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4371 run_rt3070_rf_write(sc, 9, rf); 4372 4373 /* R setting. */ 4374 run_rt3070_rf_read(sc, 11, &rf); 4375 rf &= ~0x03; 4376 rf |= (freqs->r - 0x1); 4377 run_rt3070_rf_write(sc, 11, rf); 4378 4379 if (chan <= 14) { 4380 /* Initialize RF registers for 2GHZ. */ 4381 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4382 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4383 rt5592_2ghz_def_rf[i].val); 4384 } 4385 4386 rf = (chan <= 10) ? 0x07 : 0x06; 4387 run_rt3070_rf_write(sc, 23, rf); 4388 run_rt3070_rf_write(sc, 59, rf); 4389 4390 run_rt3070_rf_write(sc, 55, 0x43); 4391 4392 /* 4393 * RF R49/R50 Tx power ALC code. 4394 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4395 */ 4396 reg = 2; 4397 txpow_bound = 0x27; 4398 } else { 4399 /* Initialize RF registers for 5GHZ. */ 4400 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4401 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4402 rt5592_5ghz_def_rf[i].val); 4403 } 4404 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4405 if (chan >= rt5592_chan_5ghz[i].firstchan && 4406 chan <= rt5592_chan_5ghz[i].lastchan) { 4407 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4408 rt5592_chan_5ghz[i].val); 4409 } 4410 } 4411 4412 /* 4413 * RF R49/R50 Tx power ALC code. 4414 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4415 */ 4416 reg = 3; 4417 txpow_bound = 0x2b; 4418 } 4419 4420 /* RF R49 ch0 Tx power ALC code. */ 4421 run_rt3070_rf_read(sc, 49, &rf); 4422 rf &= ~0xc0; 4423 rf |= (reg << 6); 4424 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4425 if ((rf & 0x3f) > txpow_bound) 4426 rf = (rf & ~0x3f) | txpow_bound; 4427 run_rt3070_rf_write(sc, 49, rf); 4428 4429 /* RF R50 ch1 Tx power ALC code. */ 4430 run_rt3070_rf_read(sc, 50, &rf); 4431 rf &= ~(1 << 7 | 1 << 6); 4432 rf |= (reg << 6); 4433 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4434 if ((rf & 0x3f) > txpow_bound) 4435 rf = (rf & ~0x3f) | txpow_bound; 4436 run_rt3070_rf_write(sc, 50, rf); 4437 4438 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4439 run_rt3070_rf_read(sc, 1, &rf); 4440 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4441 if (sc->ntxchains > 1) 4442 rf |= RT3070_TX1_PD; 4443 if (sc->nrxchains > 1) 4444 rf |= RT3070_RX1_PD; 4445 run_rt3070_rf_write(sc, 1, rf); 4446 4447 run_rt3070_rf_write(sc, 6, 0xe4); 4448 4449 run_rt3070_rf_write(sc, 30, 0x10); 4450 run_rt3070_rf_write(sc, 31, 0x80); 4451 run_rt3070_rf_write(sc, 32, 0x80); 4452 4453 run_adjust_freq_offset(sc); 4454 4455 /* Enable VCO calibration. */ 4456 run_rt3070_rf_read(sc, 3, &rf); 4457 rf |= RT5390_VCOCAL; 4458 run_rt3070_rf_write(sc, 3, rf); 4459} 4460 4461static void 4462run_set_rx_antenna(struct run_softc *sc, int aux) 4463{ 4464 uint32_t tmp; 4465 uint8_t bbp152; 4466 4467 if (aux) { 4468 if (sc->rf_rev == RT5390_RF_5370) { 4469 run_bbp_read(sc, 152, &bbp152); 4470 run_bbp_write(sc, 152, bbp152 & ~0x80); 4471 } else { 4472 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4473 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4474 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4475 } 4476 } else { 4477 if (sc->rf_rev == RT5390_RF_5370) { 4478 run_bbp_read(sc, 152, &bbp152); 4479 run_bbp_write(sc, 152, bbp152 | 0x80); 4480 } else { 4481 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4482 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4483 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4484 } 4485 } 4486} 4487 4488static int 4489run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4490{ 4491 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4492 u_int chan, group; 4493 4494 chan = ieee80211_chan2ieee(ic, c); 4495 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4496 return (EINVAL); 4497 4498 if (sc->mac_ver == 0x5592) 4499 run_rt5592_set_chan(sc, chan); 4500 else if (sc->mac_ver >= 0x5390) 4501 run_rt5390_set_chan(sc, chan); 4502 else if (sc->mac_ver == 0x3572) 4503 run_rt3572_set_chan(sc, chan); 4504 else if (sc->mac_ver >= 0x3070) 4505 run_rt3070_set_chan(sc, chan); 4506 else 4507 run_rt2870_set_chan(sc, chan); 4508 4509 /* determine channel group */ 4510 if (chan <= 14) 4511 group = 0; 4512 else if (chan <= 64) 4513 group = 1; 4514 else if (chan <= 128) 4515 group = 2; 4516 else 4517 group = 3; 4518 4519 /* XXX necessary only when group has changed! */ 4520 run_select_chan_group(sc, group); 4521 4522 run_delay(sc, 10); 4523 4524 /* Perform IQ calibration. */ 4525 if (sc->mac_ver >= 0x5392) 4526 run_iq_calib(sc, chan); 4527 4528 return (0); 4529} 4530 4531static void 4532run_set_channel(struct ieee80211com *ic) 4533{ 4534 struct run_softc *sc = ic->ic_ifp->if_softc; 4535 4536 RUN_LOCK(sc); 4537 run_set_chan(sc, ic->ic_curchan); 4538 RUN_UNLOCK(sc); 4539 4540 return; 4541} 4542 4543static void 4544run_scan_start(struct ieee80211com *ic) 4545{ 4546 struct run_softc *sc = ic->ic_ifp->if_softc; 4547 uint32_t tmp; 4548 4549 RUN_LOCK(sc); 4550 4551 /* abort TSF synchronization */ 4552 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4553 run_write(sc, RT2860_BCN_TIME_CFG, 4554 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4555 RT2860_TBTT_TIMER_EN)); 4556 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4557 4558 RUN_UNLOCK(sc); 4559 4560 return; 4561} 4562 4563static void 4564run_scan_end(struct ieee80211com *ic) 4565{ 4566 struct run_softc *sc = ic->ic_ifp->if_softc; 4567 4568 RUN_LOCK(sc); 4569 4570 run_enable_tsf_sync(sc); 4571 /* XXX keep local copy */ 4572 run_set_bssid(sc, sc->sc_bssid); 4573 4574 RUN_UNLOCK(sc); 4575 4576 return; 4577} 4578 4579/* 4580 * Could be called from ieee80211_node_timeout() 4581 * (non-sleepable thread) 4582 */ 4583static void 4584run_update_beacon(struct ieee80211vap *vap, int item) 4585{ 4586 struct ieee80211com *ic = vap->iv_ic; 4587 struct run_softc *sc = ic->ic_ifp->if_softc; 4588 struct run_vap *rvp = RUN_VAP(vap); 4589 int mcast = 0; 4590 uint32_t i; 4591 4592 KASSERT(vap != NULL, ("no beacon")); 4593 4594 switch (item) { 4595 case IEEE80211_BEACON_ERP: 4596 run_updateslot(ic->ic_ifp); 4597 break; 4598 case IEEE80211_BEACON_HTINFO: 4599 run_updateprot(ic); 4600 break; 4601 case IEEE80211_BEACON_TIM: 4602 mcast = 1; /*TODO*/ 4603 break; 4604 default: 4605 break; 4606 } 4607 4608 setbit(rvp->bo.bo_flags, item); 4609 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4610 4611 i = RUN_CMDQ_GET(&sc->cmdq_store); 4612 DPRINTF("cmdq_store=%d\n", i); 4613 sc->cmdq[i].func = run_update_beacon_cb; 4614 sc->cmdq[i].arg0 = vap; 4615 ieee80211_runtask(ic, &sc->cmdq_task); 4616 4617 return; 4618} 4619 4620static void 4621run_update_beacon_cb(void *arg) 4622{ 4623 struct ieee80211vap *vap = arg; 4624 struct run_vap *rvp = RUN_VAP(vap); 4625 struct ieee80211com *ic = vap->iv_ic; 4626 struct run_softc *sc = ic->ic_ifp->if_softc; 4627 struct rt2860_txwi txwi; 4628 struct mbuf *m; 4629 uint16_t txwisize; 4630 uint8_t ridx; 4631 4632 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4633 return; 4634 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4635 return; 4636 4637 /* 4638 * No need to call ieee80211_beacon_update(), run_update_beacon() 4639 * is taking care of apropriate calls. 4640 */ 4641 if (rvp->beacon_mbuf == NULL) { 4642 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4643 &rvp->bo); 4644 if (rvp->beacon_mbuf == NULL) 4645 return; 4646 } 4647 m = rvp->beacon_mbuf; 4648 4649 memset(&txwi, 0, sizeof(txwi)); 4650 txwi.wcid = 0xff; 4651 txwi.len = htole16(m->m_pkthdr.len); 4652 4653 /* send beacons at the lowest available rate */ 4654 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4655 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4656 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4657 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4658 txwi.phy |= htole16(RT2860_PHY_OFDM); 4659 txwi.txop = RT2860_TX_TXOP_HT; 4660 txwi.flags = RT2860_TX_TS; 4661 txwi.xflags = RT2860_TX_NSEQ; 4662 4663 txwisize = (sc->mac_ver == 0x5592) ? 4664 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4665 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4666 txwisize); 4667 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4668 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4669} 4670 4671static void 4672run_updateprot(struct ieee80211com *ic) 4673{ 4674 struct run_softc *sc = ic->ic_ifp->if_softc; 4675 uint32_t i; 4676 4677 i = RUN_CMDQ_GET(&sc->cmdq_store); 4678 DPRINTF("cmdq_store=%d\n", i); 4679 sc->cmdq[i].func = run_updateprot_cb; 4680 sc->cmdq[i].arg0 = ic; 4681 ieee80211_runtask(ic, &sc->cmdq_task); 4682} 4683 4684static void 4685run_updateprot_cb(void *arg) 4686{ 4687 struct ieee80211com *ic = arg; 4688 struct run_softc *sc = ic->ic_ifp->if_softc; 4689 uint32_t tmp; 4690 4691 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4692 /* setup protection frame rate (MCS code) */ 4693 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4694 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4695 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4696 4697 /* CCK frames don't require protection */ 4698 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4699 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4700 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4701 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4702 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4703 tmp |= RT2860_PROT_CTRL_CTS; 4704 } 4705 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4706} 4707 4708static void 4709run_usb_timeout_cb(void *arg) 4710{ 4711 struct ieee80211vap *vap = arg; 4712 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4713 4714 RUN_LOCK_ASSERT(sc, MA_OWNED); 4715 4716 if(vap->iv_state == IEEE80211_S_RUN && 4717 vap->iv_opmode != IEEE80211_M_STA) 4718 run_reset_livelock(sc); 4719 else if (vap->iv_state == IEEE80211_S_SCAN) { 4720 DPRINTF("timeout caused by scan\n"); 4721 /* cancel bgscan */ 4722 ieee80211_cancel_scan(vap); 4723 } else 4724 DPRINTF("timeout by unknown cause\n"); 4725} 4726 4727static void 4728run_reset_livelock(struct run_softc *sc) 4729{ 4730 uint32_t tmp; 4731 4732 RUN_LOCK_ASSERT(sc, MA_OWNED); 4733 4734 /* 4735 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4736 * can run into a livelock and start sending CTS-to-self frames like 4737 * crazy if protection is enabled. Reset MAC/BBP for a while 4738 */ 4739 run_read(sc, RT2860_DEBUG, &tmp); 4740 DPRINTFN(3, "debug reg %08x\n", tmp); 4741 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4742 DPRINTF("CTS-to-self livelock detected\n"); 4743 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4744 run_delay(sc, 1); 4745 run_write(sc, RT2860_MAC_SYS_CTRL, 4746 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4747 } 4748} 4749 4750static void 4751run_update_promisc_locked(struct ifnet *ifp) 4752{ 4753 struct run_softc *sc = ifp->if_softc; 4754 uint32_t tmp; 4755 4756 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4757 4758 tmp |= RT2860_DROP_UC_NOME; 4759 if (ifp->if_flags & IFF_PROMISC) 4760 tmp &= ~RT2860_DROP_UC_NOME; 4761 4762 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4763 4764 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4765 "entering" : "leaving"); 4766} 4767 4768static void 4769run_update_promisc(struct ifnet *ifp) 4770{ 4771 struct run_softc *sc = ifp->if_softc; 4772 4773 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4774 return; 4775 4776 RUN_LOCK(sc); 4777 run_update_promisc_locked(ifp); 4778 RUN_UNLOCK(sc); 4779} 4780 4781static void 4782run_enable_tsf_sync(struct run_softc *sc) 4783{ 4784 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4785 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4786 uint32_t tmp; 4787 4788 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 4789 ic->ic_opmode); 4790 4791 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4792 tmp &= ~0x1fffff; 4793 tmp |= vap->iv_bss->ni_intval * 16; 4794 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4795 4796 if (ic->ic_opmode == IEEE80211_M_STA) { 4797 /* 4798 * Local TSF is always updated with remote TSF on beacon 4799 * reception. 4800 */ 4801 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4802 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4803 tmp |= RT2860_BCN_TX_EN; 4804 /* 4805 * Local TSF is updated with remote TSF on beacon reception 4806 * only if the remote TSF is greater than local TSF. 4807 */ 4808 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4809 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4810 ic->ic_opmode == IEEE80211_M_MBSS) { 4811 tmp |= RT2860_BCN_TX_EN; 4812 /* SYNC with nobody */ 4813 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4814 } else { 4815 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4816 return; 4817 } 4818 4819 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4820} 4821 4822static void 4823run_enable_mrr(struct run_softc *sc) 4824{ 4825#define CCK(mcs) (mcs) 4826#define OFDM(mcs) (1 << 3 | (mcs)) 4827 run_write(sc, RT2860_LG_FBK_CFG0, 4828 OFDM(6) << 28 | /* 54->48 */ 4829 OFDM(5) << 24 | /* 48->36 */ 4830 OFDM(4) << 20 | /* 36->24 */ 4831 OFDM(3) << 16 | /* 24->18 */ 4832 OFDM(2) << 12 | /* 18->12 */ 4833 OFDM(1) << 8 | /* 12-> 9 */ 4834 OFDM(0) << 4 | /* 9-> 6 */ 4835 OFDM(0)); /* 6-> 6 */ 4836 4837 run_write(sc, RT2860_LG_FBK_CFG1, 4838 CCK(2) << 12 | /* 11->5.5 */ 4839 CCK(1) << 8 | /* 5.5-> 2 */ 4840 CCK(0) << 4 | /* 2-> 1 */ 4841 CCK(0)); /* 1-> 1 */ 4842#undef OFDM 4843#undef CCK 4844} 4845 4846static void 4847run_set_txpreamble(struct run_softc *sc) 4848{ 4849 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4850 uint32_t tmp; 4851 4852 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4853 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4854 tmp |= RT2860_CCK_SHORT_EN; 4855 else 4856 tmp &= ~RT2860_CCK_SHORT_EN; 4857 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4858} 4859 4860static void 4861run_set_basicrates(struct run_softc *sc) 4862{ 4863 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4864 4865 /* set basic rates mask */ 4866 if (ic->ic_curmode == IEEE80211_MODE_11B) 4867 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4868 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4869 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4870 else /* 11g */ 4871 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4872} 4873 4874static void 4875run_set_leds(struct run_softc *sc, uint16_t which) 4876{ 4877 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4878 which | (sc->leds & 0x7f)); 4879} 4880 4881static void 4882run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4883{ 4884 run_write(sc, RT2860_MAC_BSSID_DW0, 4885 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4886 run_write(sc, RT2860_MAC_BSSID_DW1, 4887 bssid[4] | bssid[5] << 8); 4888} 4889 4890static void 4891run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4892{ 4893 run_write(sc, RT2860_MAC_ADDR_DW0, 4894 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4895 run_write(sc, RT2860_MAC_ADDR_DW1, 4896 addr[4] | addr[5] << 8 | 0xff << 16); 4897} 4898 4899static void 4900run_updateslot(struct ifnet *ifp) 4901{ 4902 struct run_softc *sc = ifp->if_softc; 4903 struct ieee80211com *ic = ifp->if_l2com; 4904 uint32_t i; 4905 4906 i = RUN_CMDQ_GET(&sc->cmdq_store); 4907 DPRINTF("cmdq_store=%d\n", i); 4908 sc->cmdq[i].func = run_updateslot_cb; 4909 sc->cmdq[i].arg0 = ifp; 4910 ieee80211_runtask(ic, &sc->cmdq_task); 4911 4912 return; 4913} 4914 4915/* ARGSUSED */ 4916static void 4917run_updateslot_cb(void *arg) 4918{ 4919 struct ifnet *ifp = arg; 4920 struct run_softc *sc = ifp->if_softc; 4921 struct ieee80211com *ic = ifp->if_l2com; 4922 uint32_t tmp; 4923 4924 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4925 tmp &= ~0xff; 4926 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4927 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4928} 4929 4930static void 4931run_update_mcast(struct ifnet *ifp) 4932{ 4933 /* h/w filter supports getting everything or nothing */ 4934 ifp->if_flags |= IFF_ALLMULTI; 4935} 4936 4937static int8_t 4938run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4939{ 4940 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4941 struct ieee80211_channel *c = ic->ic_curchan; 4942 int delta; 4943 4944 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4945 u_int chan = ieee80211_chan2ieee(ic, c); 4946 delta = sc->rssi_5ghz[rxchain]; 4947 4948 /* determine channel group */ 4949 if (chan <= 64) 4950 delta -= sc->lna[1]; 4951 else if (chan <= 128) 4952 delta -= sc->lna[2]; 4953 else 4954 delta -= sc->lna[3]; 4955 } else 4956 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4957 4958 return (-12 - delta - rssi); 4959} 4960 4961static void 4962run_rt5390_bbp_init(struct run_softc *sc) 4963{ 4964 int i; 4965 uint8_t bbp; 4966 4967 /* Apply maximum likelihood detection for 2 stream case. */ 4968 run_bbp_read(sc, 105, &bbp); 4969 if (sc->nrxchains > 1) 4970 run_bbp_write(sc, 105, bbp | RT5390_MLD); 4971 4972 /* Avoid data lost and CRC error. */ 4973 run_bbp_read(sc, 4, &bbp); 4974 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 4975 4976 if (sc->mac_ver == 0x5592) { 4977 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 4978 run_bbp_write(sc, rt5592_def_bbp[i].reg, 4979 rt5592_def_bbp[i].val); 4980 } 4981 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 4982 run_bbp_write(sc, 195, i + 0x80); 4983 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 4984 } 4985 } else { 4986 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 4987 run_bbp_write(sc, rt5390_def_bbp[i].reg, 4988 rt5390_def_bbp[i].val); 4989 } 4990 } 4991 if (sc->mac_ver == 0x5392) { 4992 run_bbp_write(sc, 88, 0x90); 4993 run_bbp_write(sc, 95, 0x9a); 4994 run_bbp_write(sc, 98, 0x12); 4995 run_bbp_write(sc, 106, 0x12); 4996 run_bbp_write(sc, 134, 0xd0); 4997 run_bbp_write(sc, 135, 0xf6); 4998 run_bbp_write(sc, 148, 0x84); 4999 } 5000 5001 run_bbp_read(sc, 152, &bbp); 5002 run_bbp_write(sc, 152, bbp | 0x80); 5003 5004 /* Fix BBP254 for RT5592C. */ 5005 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5006 run_bbp_read(sc, 254, &bbp); 5007 run_bbp_write(sc, 254, bbp | 0x80); 5008 } 5009 5010 /* Disable hardware antenna diversity. */ 5011 if (sc->mac_ver == 0x5390) 5012 run_bbp_write(sc, 154, 0); 5013 5014 /* Initialize Rx CCK/OFDM frequency offset report. */ 5015 run_bbp_write(sc, 142, 1); 5016 run_bbp_write(sc, 143, 57); 5017} 5018 5019static int 5020run_bbp_init(struct run_softc *sc) 5021{ 5022 int i, error, ntries; 5023 uint8_t bbp0; 5024 5025 /* wait for BBP to wake up */ 5026 for (ntries = 0; ntries < 20; ntries++) { 5027 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5028 return error; 5029 if (bbp0 != 0 && bbp0 != 0xff) 5030 break; 5031 } 5032 if (ntries == 20) 5033 return (ETIMEDOUT); 5034 5035 /* initialize BBP registers to default values */ 5036 if (sc->mac_ver >= 0x5390) 5037 run_rt5390_bbp_init(sc); 5038 else { 5039 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5040 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5041 rt2860_def_bbp[i].val); 5042 } 5043 } 5044 5045 /* fix BBP84 for RT2860E */ 5046 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5047 run_bbp_write(sc, 84, 0x19); 5048 5049 if (sc->mac_ver >= 0x3070 && sc->mac_ver != 0x5592) { 5050 run_bbp_write(sc, 79, 0x13); 5051 run_bbp_write(sc, 80, 0x05); 5052 run_bbp_write(sc, 81, 0x33); 5053 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5054 run_bbp_write(sc, 69, 0x16); 5055 run_bbp_write(sc, 73, 0x12); 5056 } 5057 return (0); 5058} 5059 5060static int 5061run_rt3070_rf_init(struct run_softc *sc) 5062{ 5063 uint32_t tmp; 5064 uint8_t bbp4, mingain, rf, target; 5065 int i; 5066 5067 run_rt3070_rf_read(sc, 30, &rf); 5068 /* toggle RF R30 bit 7 */ 5069 run_rt3070_rf_write(sc, 30, rf | 0x80); 5070 run_delay(sc, 10); 5071 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5072 5073 /* initialize RF registers to default value */ 5074 if (sc->mac_ver == 0x3572) { 5075 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5076 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5077 rt3572_def_rf[i].val); 5078 } 5079 } else { 5080 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5081 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5082 rt3070_def_rf[i].val); 5083 } 5084 } 5085 5086 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5087 /* 5088 * Change voltage from 1.2V to 1.35V for RT3070. 5089 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5090 * in RT3070(F). 5091 */ 5092 run_read(sc, RT3070_LDO_CFG0, &tmp); 5093 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5094 run_write(sc, RT3070_LDO_CFG0, tmp); 5095 5096 } else if (sc->mac_ver == 0x3071) { 5097 run_rt3070_rf_read(sc, 6, &rf); 5098 run_rt3070_rf_write(sc, 6, rf | 0x40); 5099 run_rt3070_rf_write(sc, 31, 0x14); 5100 5101 run_read(sc, RT3070_LDO_CFG0, &tmp); 5102 tmp &= ~0x1f000000; 5103 if (sc->mac_rev < 0x0211) 5104 tmp |= 0x0d000000; /* 1.3V */ 5105 else 5106 tmp |= 0x01000000; /* 1.2V */ 5107 run_write(sc, RT3070_LDO_CFG0, tmp); 5108 5109 /* patch LNA_PE_G1 */ 5110 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5111 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5112 5113 } else if (sc->mac_ver == 0x3572) { 5114 run_rt3070_rf_read(sc, 6, &rf); 5115 run_rt3070_rf_write(sc, 6, rf | 0x40); 5116 5117 /* increase voltage from 1.2V to 1.35V */ 5118 run_read(sc, RT3070_LDO_CFG0, &tmp); 5119 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5120 run_write(sc, RT3070_LDO_CFG0, tmp); 5121 5122 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5123 run_delay(sc, 1); /* wait for 1msec */ 5124 /* decrease voltage back to 1.2V */ 5125 tmp = (tmp & ~0x1f000000) | 0x01000000; 5126 run_write(sc, RT3070_LDO_CFG0, tmp); 5127 } 5128 } 5129 5130 /* select 20MHz bandwidth */ 5131 run_rt3070_rf_read(sc, 31, &rf); 5132 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5133 5134 /* calibrate filter for 20MHz bandwidth */ 5135 sc->rf24_20mhz = 0x1f; /* default value */ 5136 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5137 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5138 5139 /* select 40MHz bandwidth */ 5140 run_bbp_read(sc, 4, &bbp4); 5141 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5142 run_rt3070_rf_read(sc, 31, &rf); 5143 run_rt3070_rf_write(sc, 31, rf | 0x20); 5144 5145 /* calibrate filter for 40MHz bandwidth */ 5146 sc->rf24_40mhz = 0x2f; /* default value */ 5147 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5148 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5149 5150 /* go back to 20MHz bandwidth */ 5151 run_bbp_read(sc, 4, &bbp4); 5152 run_bbp_write(sc, 4, bbp4 & ~0x18); 5153 5154 if (sc->mac_ver == 0x3572) { 5155 /* save default BBP registers 25 and 26 values */ 5156 run_bbp_read(sc, 25, &sc->bbp25); 5157 run_bbp_read(sc, 26, &sc->bbp26); 5158 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5159 run_rt3070_rf_write(sc, 27, 0x03); 5160 5161 run_read(sc, RT3070_OPT_14, &tmp); 5162 run_write(sc, RT3070_OPT_14, tmp | 1); 5163 5164 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5165 run_rt3070_rf_read(sc, 17, &rf); 5166 rf &= ~RT3070_TX_LO1; 5167 if ((sc->mac_ver == 0x3070 || 5168 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5169 !sc->ext_2ghz_lna) 5170 rf |= 0x20; /* fix for long range Rx issue */ 5171 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5172 if (sc->txmixgain_2ghz >= mingain) 5173 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5174 run_rt3070_rf_write(sc, 17, rf); 5175 } 5176 5177 if (sc->mac_rev == 0x3071) { 5178 run_rt3070_rf_read(sc, 1, &rf); 5179 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5180 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5181 run_rt3070_rf_write(sc, 1, rf); 5182 5183 run_rt3070_rf_read(sc, 15, &rf); 5184 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5185 5186 run_rt3070_rf_read(sc, 20, &rf); 5187 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5188 5189 run_rt3070_rf_read(sc, 21, &rf); 5190 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5191 } 5192 5193 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5194 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5195 run_rt3070_rf_read(sc, 27, &rf); 5196 rf &= ~0x77; 5197 if (sc->mac_rev < 0x0211) 5198 rf |= 0x03; 5199 run_rt3070_rf_write(sc, 27, rf); 5200 } 5201 return (0); 5202} 5203 5204static void 5205run_rt5390_rf_init(struct run_softc *sc) 5206{ 5207 uint32_t tmp; 5208 uint8_t rf; 5209 int i; 5210 5211 /* Toggle RF R2 to initiate calibration. */ 5212 if (sc->mac_ver == 0x5390) { 5213 run_rt3070_rf_read(sc, 2, &rf); 5214 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5215 run_delay(sc, 10); 5216 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5217 } else { 5218 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5219 run_delay(sc, 10); 5220 } 5221 5222 /* Initialize RF registers to default value. */ 5223 if (sc->mac_ver == 0x5592) { 5224 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5225 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5226 rt5592_def_rf[i].val); 5227 } 5228 /* Initialize RF frequency offset. */ 5229 run_adjust_freq_offset(sc); 5230 } else if (sc->mac_ver == 0x5392) { 5231 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5232 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5233 rt5392_def_rf[i].val); 5234 } 5235 if (sc->mac_rev >= 0x0223) { 5236 run_rt3070_rf_write(sc, 23, 0x0f); 5237 run_rt3070_rf_write(sc, 24, 0x3e); 5238 run_rt3070_rf_write(sc, 51, 0x32); 5239 run_rt3070_rf_write(sc, 53, 0x22); 5240 run_rt3070_rf_write(sc, 56, 0xc1); 5241 run_rt3070_rf_write(sc, 59, 0x0f); 5242 } 5243 } else { 5244 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5245 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5246 rt5390_def_rf[i].val); 5247 } 5248 if (sc->mac_rev >= 0x0502) { 5249 run_rt3070_rf_write(sc, 6, 0xe0); 5250 run_rt3070_rf_write(sc, 25, 0x80); 5251 run_rt3070_rf_write(sc, 46, 0x73); 5252 run_rt3070_rf_write(sc, 53, 0x00); 5253 run_rt3070_rf_write(sc, 56, 0x42); 5254 run_rt3070_rf_write(sc, 61, 0xd1); 5255 } 5256 } 5257 5258 sc->rf24_20mhz = 0x1f; /* default value */ 5259 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5260 5261 if (sc->mac_rev < 0x0211) 5262 run_rt3070_rf_write(sc, 27, 0x3); 5263 5264 run_read(sc, RT3070_OPT_14, &tmp); 5265 run_write(sc, RT3070_OPT_14, tmp | 1); 5266} 5267 5268static int 5269run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5270 uint8_t *val) 5271{ 5272 uint8_t rf22, rf24; 5273 uint8_t bbp55_pb, bbp55_sb, delta; 5274 int ntries; 5275 5276 /* program filter */ 5277 run_rt3070_rf_read(sc, 24, &rf24); 5278 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5279 run_rt3070_rf_write(sc, 24, rf24); 5280 5281 /* enable baseband loopback mode */ 5282 run_rt3070_rf_read(sc, 22, &rf22); 5283 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5284 5285 /* set power and frequency of passband test tone */ 5286 run_bbp_write(sc, 24, 0x00); 5287 for (ntries = 0; ntries < 100; ntries++) { 5288 /* transmit test tone */ 5289 run_bbp_write(sc, 25, 0x90); 5290 run_delay(sc, 10); 5291 /* read received power */ 5292 run_bbp_read(sc, 55, &bbp55_pb); 5293 if (bbp55_pb != 0) 5294 break; 5295 } 5296 if (ntries == 100) 5297 return (ETIMEDOUT); 5298 5299 /* set power and frequency of stopband test tone */ 5300 run_bbp_write(sc, 24, 0x06); 5301 for (ntries = 0; ntries < 100; ntries++) { 5302 /* transmit test tone */ 5303 run_bbp_write(sc, 25, 0x90); 5304 run_delay(sc, 10); 5305 /* read received power */ 5306 run_bbp_read(sc, 55, &bbp55_sb); 5307 5308 delta = bbp55_pb - bbp55_sb; 5309 if (delta > target) 5310 break; 5311 5312 /* reprogram filter */ 5313 rf24++; 5314 run_rt3070_rf_write(sc, 24, rf24); 5315 } 5316 if (ntries < 100) { 5317 if (rf24 != init) 5318 rf24--; /* backtrack */ 5319 *val = rf24; 5320 run_rt3070_rf_write(sc, 24, rf24); 5321 } 5322 5323 /* restore initial state */ 5324 run_bbp_write(sc, 24, 0x00); 5325 5326 /* disable baseband loopback mode */ 5327 run_rt3070_rf_read(sc, 22, &rf22); 5328 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5329 5330 return (0); 5331} 5332 5333static void 5334run_rt3070_rf_setup(struct run_softc *sc) 5335{ 5336 uint8_t bbp, rf; 5337 int i; 5338 5339 if (sc->mac_ver >= 0x5390) { 5340 if (sc->mac_rev >= 0x0211) { 5341 /* Enable DC filter. */ 5342 run_bbp_write(sc, 103, 0xc0); 5343 5344 if (sc->mac_ver != 0x5592) { 5345 /* Improve power consumption. */ 5346 run_bbp_read(sc, 31, &bbp); 5347 run_bbp_write(sc, 31, bbp & ~0x03); 5348 } 5349 } 5350 5351 run_bbp_read(sc, 138, &bbp); 5352 if (sc->ntxchains == 1) 5353 bbp |= 0x20; /* turn off DAC1 */ 5354 if (sc->nrxchains == 1) 5355 bbp &= ~0x02; /* turn off ADC1 */ 5356 run_bbp_write(sc, 138, bbp); 5357 5358 run_rt3070_rf_read(sc, 38, &rf); 5359 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5360 5361 run_rt3070_rf_read(sc, 39, &rf); 5362 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5363 5364 /* Avoid data lost and CRC error. */ 5365 run_bbp_read(sc, 4, &bbp); 5366 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5367 5368 run_rt3070_rf_read(sc, 30, &rf); 5369 rf = (rf & ~0x18) | 0x10; 5370 run_rt3070_rf_write(sc, 30, rf); 5371 5372 if (sc->mac_ver != 0x5592) { 5373 run_write(sc, RT2860_TX_SW_CFG1, 0); 5374 if (sc->mac_rev < 0x0211) { 5375 run_write(sc, RT2860_TX_SW_CFG2, 5376 sc->patch_dac ? 0x2c : 0x0f); 5377 } else 5378 run_write(sc, RT2860_TX_SW_CFG2, 0); 5379 } 5380 5381 } else if (sc->mac_ver == 0x3572) { 5382 /* enable DC filter */ 5383 if (sc->mac_rev >= 0x0201) 5384 run_bbp_write(sc, 103, 0xc0); 5385 5386 run_bbp_read(sc, 138, &bbp); 5387 if (sc->ntxchains == 1) 5388 bbp |= 0x20; /* turn off DAC1 */ 5389 if (sc->nrxchains == 1) 5390 bbp &= ~0x02; /* turn off ADC1 */ 5391 run_bbp_write(sc, 138, bbp); 5392 5393 if (sc->mac_rev >= 0x0211) { 5394 /* improve power consumption */ 5395 run_bbp_read(sc, 31, &bbp); 5396 run_bbp_write(sc, 31, bbp & ~0x03); 5397 } 5398 5399 run_rt3070_rf_read(sc, 16, &rf); 5400 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5401 run_rt3070_rf_write(sc, 16, rf); 5402 5403 } else if (sc->mac_ver == 0x3071) { 5404 if (sc->mac_rev >= 0x0211) { 5405 /* enable DC filter */ 5406 run_bbp_write(sc, 103, 0xc0); 5407 5408 /* improve power consumption */ 5409 run_bbp_read(sc, 31, &bbp); 5410 run_bbp_write(sc, 31, bbp & ~0x03); 5411 } 5412 5413 run_bbp_read(sc, 138, &bbp); 5414 if (sc->ntxchains == 1) 5415 bbp |= 0x20; /* turn off DAC1 */ 5416 if (sc->nrxchains == 1) 5417 bbp &= ~0x02; /* turn off ADC1 */ 5418 run_bbp_write(sc, 138, bbp); 5419 5420 run_write(sc, RT2860_TX_SW_CFG1, 0); 5421 if (sc->mac_rev < 0x0211) { 5422 run_write(sc, RT2860_TX_SW_CFG2, 5423 sc->patch_dac ? 0x2c : 0x0f); 5424 } else 5425 run_write(sc, RT2860_TX_SW_CFG2, 0); 5426 5427 } else if (sc->mac_ver == 0x3070) { 5428 if (sc->mac_rev >= 0x0201) { 5429 /* enable DC filter */ 5430 run_bbp_write(sc, 103, 0xc0); 5431 5432 /* improve power consumption */ 5433 run_bbp_read(sc, 31, &bbp); 5434 run_bbp_write(sc, 31, bbp & ~0x03); 5435 } 5436 5437 if (sc->mac_rev < 0x0201) { 5438 run_write(sc, RT2860_TX_SW_CFG1, 0); 5439 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5440 } else 5441 run_write(sc, RT2860_TX_SW_CFG2, 0); 5442 } 5443 5444 /* initialize RF registers from ROM for >=RT3071*/ 5445 if (sc->mac_ver >= 0x3071 && sc->mac_ver < 0x5390) { 5446 for (i = 0; i < 10; i++) { 5447 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5448 continue; 5449 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5450 } 5451 } 5452} 5453 5454static int 5455run_txrx_enable(struct run_softc *sc) 5456{ 5457 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5458 uint32_t tmp; 5459 int error, ntries; 5460 5461 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5462 for (ntries = 0; ntries < 200; ntries++) { 5463 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5464 return (error); 5465 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5466 break; 5467 run_delay(sc, 50); 5468 } 5469 if (ntries == 200) 5470 return (ETIMEDOUT); 5471 5472 run_delay(sc, 50); 5473 5474 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5475 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5476 5477 /* enable Rx bulk aggregation (set timeout and limit) */ 5478 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5479 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5480 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5481 5482 /* set Rx filter */ 5483 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5484 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5485 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5486 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5487 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5488 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5489 if (ic->ic_opmode == IEEE80211_M_STA) 5490 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5491 } 5492 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5493 5494 run_write(sc, RT2860_MAC_SYS_CTRL, 5495 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5496 5497 return (0); 5498} 5499 5500static void 5501run_adjust_freq_offset(struct run_softc *sc) 5502{ 5503 uint8_t rf, tmp; 5504 5505 run_rt3070_rf_read(sc, 17, &rf); 5506 tmp = rf; 5507 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5508 rf = MIN(rf, 0x5f); 5509 5510 if (tmp != rf) 5511 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5512} 5513 5514static void 5515run_init_locked(struct run_softc *sc) 5516{ 5517 struct ifnet *ifp = sc->sc_ifp; 5518 struct ieee80211com *ic = ifp->if_l2com; 5519 uint32_t tmp; 5520 uint8_t bbp1, bbp3; 5521 int i; 5522 int ridx; 5523 int ntries; 5524 5525 if (ic->ic_nrunning > 1) 5526 return; 5527 5528 run_stop(sc); 5529 5530 if (run_load_microcode(sc) != 0) { 5531 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5532 goto fail; 5533 } 5534 5535 for (ntries = 0; ntries < 100; ntries++) { 5536 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5537 goto fail; 5538 if (tmp != 0 && tmp != 0xffffffff) 5539 break; 5540 run_delay(sc, 10); 5541 } 5542 if (ntries == 100) 5543 goto fail; 5544 5545 for (i = 0; i != RUN_EP_QUEUES; i++) 5546 run_setup_tx_list(sc, &sc->sc_epq[i]); 5547 5548 run_set_macaddr(sc, IF_LLADDR(ifp)); 5549 5550 for (ntries = 0; ntries < 100; ntries++) { 5551 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5552 goto fail; 5553 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5554 break; 5555 run_delay(sc, 10); 5556 } 5557 if (ntries == 100) { 5558 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5559 goto fail; 5560 } 5561 tmp &= 0xff0; 5562 tmp |= RT2860_TX_WB_DDONE; 5563 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5564 5565 /* turn off PME_OEN to solve high-current issue */ 5566 run_read(sc, RT2860_SYS_CTRL, &tmp); 5567 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5568 5569 run_write(sc, RT2860_MAC_SYS_CTRL, 5570 RT2860_BBP_HRST | RT2860_MAC_SRST); 5571 run_write(sc, RT2860_USB_DMA_CFG, 0); 5572 5573 if (run_reset(sc) != 0) { 5574 device_printf(sc->sc_dev, "could not reset chipset\n"); 5575 goto fail; 5576 } 5577 5578 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5579 5580 /* init Tx power for all Tx rates (from EEPROM) */ 5581 for (ridx = 0; ridx < 5; ridx++) { 5582 if (sc->txpow20mhz[ridx] == 0xffffffff) 5583 continue; 5584 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5585 } 5586 5587 for (i = 0; i < nitems(rt2870_def_mac); i++) 5588 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 5589 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 5590 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 5591 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 5592 5593 if (sc->mac_ver >= 0x5390) { 5594 run_write(sc, RT2860_TX_SW_CFG0, 5595 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 5596 if (sc->mac_ver >= 0x5392) { 5597 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 5598 if (sc->mac_ver == 0x5592) { 5599 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 5600 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 5601 } else { 5602 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 5603 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 5604 } 5605 } 5606 } else if (sc->mac_ver >= 0x3070) { 5607 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 5608 run_write(sc, RT2860_TX_SW_CFG0, 5609 4 << RT2860_DLY_PAPE_EN_SHIFT); 5610 } 5611 5612 /* wait while MAC is busy */ 5613 for (ntries = 0; ntries < 100; ntries++) { 5614 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 5615 goto fail; 5616 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 5617 break; 5618 run_delay(sc, 10); 5619 } 5620 if (ntries == 100) 5621 goto fail; 5622 5623 /* clear Host to MCU mailbox */ 5624 run_write(sc, RT2860_H2M_BBPAGENT, 0); 5625 run_write(sc, RT2860_H2M_MAILBOX, 0); 5626 run_delay(sc, 10); 5627 5628 if (run_bbp_init(sc) != 0) { 5629 device_printf(sc->sc_dev, "could not initialize BBP\n"); 5630 goto fail; 5631 } 5632 5633 /* abort TSF synchronization */ 5634 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5635 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5636 RT2860_TBTT_TIMER_EN); 5637 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5638 5639 /* clear RX WCID search table */ 5640 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 5641 /* clear WCID attribute table */ 5642 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 5643 5644 /* hostapd sets a key before init. So, don't clear it. */ 5645 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 5646 /* clear shared key table */ 5647 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 5648 /* clear shared key mode */ 5649 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 5650 } 5651 5652 run_read(sc, RT2860_US_CYC_CNT, &tmp); 5653 tmp = (tmp & ~0xff) | 0x1e; 5654 run_write(sc, RT2860_US_CYC_CNT, tmp); 5655 5656 if (sc->mac_rev != 0x0101) 5657 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 5658 5659 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 5660 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 5661 5662 /* write vendor-specific BBP values (from EEPROM) */ 5663 if (sc->mac_ver < 0x5390) { 5664 for (i = 0; i < 10; i++) { 5665 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 5666 continue; 5667 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 5668 } 5669 } 5670 5671 /* select Main antenna for 1T1R devices */ 5672 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 5673 run_set_rx_antenna(sc, 0); 5674 5675 /* send LEDs operating mode to microcontroller */ 5676 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 5677 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 5678 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 5679 5680 if (sc->mac_ver >= 0x5390) 5681 run_rt5390_rf_init(sc); 5682 else if (sc->mac_ver >= 0x3070) 5683 run_rt3070_rf_init(sc); 5684 5685 /* disable non-existing Rx chains */ 5686 run_bbp_read(sc, 3, &bbp3); 5687 bbp3 &= ~(1 << 3 | 1 << 4); 5688 if (sc->nrxchains == 2) 5689 bbp3 |= 1 << 3; 5690 else if (sc->nrxchains == 3) 5691 bbp3 |= 1 << 4; 5692 run_bbp_write(sc, 3, bbp3); 5693 5694 /* disable non-existing Tx chains */ 5695 run_bbp_read(sc, 1, &bbp1); 5696 if (sc->ntxchains == 1) 5697 bbp1 &= ~(1 << 3 | 1 << 4); 5698 run_bbp_write(sc, 1, bbp1); 5699 5700 if (sc->mac_ver >= 0x3070) 5701 run_rt3070_rf_setup(sc); 5702 5703 /* select default channel */ 5704 run_set_chan(sc, ic->ic_curchan); 5705 5706 /* setup initial protection mode */ 5707 run_updateprot_cb(ic); 5708 5709 /* turn radio LED on */ 5710 run_set_leds(sc, RT2860_LED_RADIO); 5711 5712 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 5713 ifp->if_drv_flags |= IFF_DRV_RUNNING; 5714 sc->cmdq_run = RUN_CMDQ_GO; 5715 5716 for (i = 0; i != RUN_N_XFER; i++) 5717 usbd_xfer_set_stall(sc->sc_xfer[i]); 5718 5719 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 5720 5721 if (run_txrx_enable(sc) != 0) 5722 goto fail; 5723 5724 return; 5725 5726fail: 5727 run_stop(sc); 5728} 5729 5730static void 5731run_init(void *arg) 5732{ 5733 struct run_softc *sc = arg; 5734 struct ifnet *ifp = sc->sc_ifp; 5735 struct ieee80211com *ic = ifp->if_l2com; 5736 5737 RUN_LOCK(sc); 5738 run_init_locked(sc); 5739 RUN_UNLOCK(sc); 5740 5741 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 5742 ieee80211_start_all(ic); 5743} 5744 5745static void 5746run_stop(void *arg) 5747{ 5748 struct run_softc *sc = (struct run_softc *)arg; 5749 struct ifnet *ifp = sc->sc_ifp; 5750 uint32_t tmp; 5751 int i; 5752 int ntries; 5753 5754 RUN_LOCK_ASSERT(sc, MA_OWNED); 5755 5756 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 5757 run_set_leds(sc, 0); /* turn all LEDs off */ 5758 5759 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 5760 5761 sc->ratectl_run = RUN_RATECTL_OFF; 5762 sc->cmdq_run = sc->cmdq_key_set; 5763 5764 RUN_UNLOCK(sc); 5765 5766 for(i = 0; i < RUN_N_XFER; i++) 5767 usbd_transfer_drain(sc->sc_xfer[i]); 5768 5769 RUN_LOCK(sc); 5770 5771 if (sc->rx_m != NULL) { 5772 m_free(sc->rx_m); 5773 sc->rx_m = NULL; 5774 } 5775 5776 /* Disable Tx/Rx DMA. */ 5777 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5778 return; 5779 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 5780 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5781 5782 for (ntries = 0; ntries < 100; ntries++) { 5783 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5784 return; 5785 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5786 break; 5787 run_delay(sc, 10); 5788 } 5789 if (ntries == 100) { 5790 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5791 return; 5792 } 5793 5794 /* disable Tx/Rx */ 5795 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 5796 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5797 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 5798 5799 /* wait for pending Tx to complete */ 5800 for (ntries = 0; ntries < 100; ntries++) { 5801 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 5802 DPRINTF("Cannot read Tx queue count\n"); 5803 break; 5804 } 5805 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 5806 DPRINTF("All Tx cleared\n"); 5807 break; 5808 } 5809 run_delay(sc, 10); 5810 } 5811 if (ntries >= 100) 5812 DPRINTF("There are still pending Tx\n"); 5813 run_delay(sc, 10); 5814 run_write(sc, RT2860_USB_DMA_CFG, 0); 5815 5816 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 5817 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5818 5819 for (i = 0; i != RUN_EP_QUEUES; i++) 5820 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 5821} 5822 5823static void 5824run_delay(struct run_softc *sc, u_int ms) 5825{ 5826 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 5827 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 5828} 5829 5830static device_method_t run_methods[] = { 5831 /* Device interface */ 5832 DEVMETHOD(device_probe, run_match), 5833 DEVMETHOD(device_attach, run_attach), 5834 DEVMETHOD(device_detach, run_detach), 5835 DEVMETHOD_END 5836}; 5837 5838static driver_t run_driver = { 5839 .name = "run", 5840 .methods = run_methods, 5841 .size = sizeof(struct run_softc) 5842}; 5843 5844static devclass_t run_devclass; 5845 5846DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 5847MODULE_DEPEND(run, wlan, 1, 1, 1); 5848MODULE_DEPEND(run, usb, 1, 1, 1); 5849MODULE_DEPEND(run, firmware, 1, 1, 1); 5850MODULE_VERSION(run, 1); 5851