if_run.c revision 261118
1/*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD: head/sys/dev/usb/wlan/if_run.c 261118 2014-01-24 09:17:29Z kevlo $"); 22 23/*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28#include <sys/param.h> 29#include <sys/sockio.h> 30#include <sys/sysctl.h> 31#include <sys/lock.h> 32#include <sys/mutex.h> 33#include <sys/mbuf.h> 34#include <sys/kernel.h> 35#include <sys/socket.h> 36#include <sys/systm.h> 37#include <sys/malloc.h> 38#include <sys/module.h> 39#include <sys/bus.h> 40#include <sys/endian.h> 41#include <sys/linker.h> 42#include <sys/firmware.h> 43#include <sys/kdb.h> 44 45#include <machine/bus.h> 46#include <machine/resource.h> 47#include <sys/rman.h> 48 49#include <net/bpf.h> 50#include <net/if.h> 51#include <net/if_var.h> 52#include <net/if_arp.h> 53#include <net/ethernet.h> 54#include <net/if_dl.h> 55#include <net/if_media.h> 56#include <net/if_types.h> 57 58#include <netinet/in.h> 59#include <netinet/in_systm.h> 60#include <netinet/in_var.h> 61#include <netinet/if_ether.h> 62#include <netinet/ip.h> 63 64#include <net80211/ieee80211_var.h> 65#include <net80211/ieee80211_regdomain.h> 66#include <net80211/ieee80211_radiotap.h> 67#include <net80211/ieee80211_ratectl.h> 68 69#include <dev/usb/usb.h> 70#include <dev/usb/usbdi.h> 71#include "usbdevs.h" 72 73#define USB_DEBUG_VAR run_debug 74#include <dev/usb/usb_debug.h> 75#include <dev/usb/usb_msctest.h> 76 77#include <dev/usb/wlan/if_runreg.h> 78#include <dev/usb/wlan/if_runvar.h> 79 80#ifdef USB_DEBUG 81#define RUN_DEBUG 82#endif 83 84#ifdef RUN_DEBUG 85int run_debug = 0; 86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 88 "run debug level"); 89#endif 90 91#define IEEE80211_HAS_ADDR4(wh) \ 92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 93 94/* 95 * Because of LOR in run_key_delete(), use atomic instead. 96 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 97 */ 98#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 99 100static const STRUCT_USB_HOST_ID run_devs[] = { 101#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 102#define RUN_DEV_EJECT(v,p) \ 103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, 0) } 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA162), 184 RUN_DEV(DLINK2, DWA130), 185 RUN_DEV(DLINK2, RT2870_1), 186 RUN_DEV(DLINK2, RT2870_2), 187 RUN_DEV(DLINK2, RT3070_1), 188 RUN_DEV(DLINK2, RT3070_2), 189 RUN_DEV(DLINK2, RT3070_3), 190 RUN_DEV(DLINK2, RT3070_4), 191 RUN_DEV(DLINK2, RT3070_5), 192 RUN_DEV(DLINK2, RT3072), 193 RUN_DEV(DLINK2, RT3072_1), 194 RUN_DEV(EDIMAX, EW7717), 195 RUN_DEV(EDIMAX, EW7718), 196 RUN_DEV(EDIMAX, EW7733UND), 197 RUN_DEV(EDIMAX, RT2870_1), 198 RUN_DEV(ENCORE, RT3070_1), 199 RUN_DEV(ENCORE, RT3070_2), 200 RUN_DEV(ENCORE, RT3070_3), 201 RUN_DEV(GIGABYTE, GNWB31N), 202 RUN_DEV(GIGABYTE, GNWB32L), 203 RUN_DEV(GIGABYTE, RT2870_1), 204 RUN_DEV(GIGASET, RT3070_1), 205 RUN_DEV(GIGASET, RT3070_2), 206 RUN_DEV(GUILLEMOT, HWNU300), 207 RUN_DEV(HAWKING, HWUN2), 208 RUN_DEV(HAWKING, RT2870_1), 209 RUN_DEV(HAWKING, RT2870_2), 210 RUN_DEV(HAWKING, RT3070), 211 RUN_DEV(IODATA, RT3072_1), 212 RUN_DEV(IODATA, RT3072_2), 213 RUN_DEV(IODATA, RT3072_3), 214 RUN_DEV(IODATA, RT3072_4), 215 RUN_DEV(LINKSYS4, RT3070), 216 RUN_DEV(LINKSYS4, WUSB100), 217 RUN_DEV(LINKSYS4, WUSB54GCV3), 218 RUN_DEV(LINKSYS4, WUSB600N), 219 RUN_DEV(LINKSYS4, WUSB600NV2), 220 RUN_DEV(LOGITEC, RT2870_1), 221 RUN_DEV(LOGITEC, RT2870_2), 222 RUN_DEV(LOGITEC, RT2870_3), 223 RUN_DEV(LOGITEC, LANW300NU2), 224 RUN_DEV(LOGITEC, LANW150NU2), 225 RUN_DEV(LOGITEC, LANW300NU2S), 226 RUN_DEV(MELCO, RT2870_1), 227 RUN_DEV(MELCO, RT2870_2), 228 RUN_DEV(MELCO, WLIUCAG300N), 229 RUN_DEV(MELCO, WLIUCG300N), 230 RUN_DEV(MELCO, WLIUCG301N), 231 RUN_DEV(MELCO, WLIUCGN), 232 RUN_DEV(MELCO, WLIUCGNM), 233 RUN_DEV(MELCO, WLIUCGNM2), 234 RUN_DEV(MOTOROLA4, RT2770), 235 RUN_DEV(MOTOROLA4, RT3070), 236 RUN_DEV(MSI, RT3070_1), 237 RUN_DEV(MSI, RT3070_2), 238 RUN_DEV(MSI, RT3070_3), 239 RUN_DEV(MSI, RT3070_4), 240 RUN_DEV(MSI, RT3070_5), 241 RUN_DEV(MSI, RT3070_6), 242 RUN_DEV(MSI, RT3070_7), 243 RUN_DEV(MSI, RT3070_8), 244 RUN_DEV(MSI, RT3070_9), 245 RUN_DEV(MSI, RT3070_10), 246 RUN_DEV(MSI, RT3070_11), 247 RUN_DEV(OVISLINK, RT3072), 248 RUN_DEV(PARA, RT3070), 249 RUN_DEV(PEGATRON, RT2870), 250 RUN_DEV(PEGATRON, RT3070), 251 RUN_DEV(PEGATRON, RT3070_2), 252 RUN_DEV(PEGATRON, RT3070_3), 253 RUN_DEV(PHILIPS, RT2870), 254 RUN_DEV(PLANEX2, GWUS300MINIS), 255 RUN_DEV(PLANEX2, GWUSMICRON), 256 RUN_DEV(PLANEX2, RT2870), 257 RUN_DEV(PLANEX2, RT3070), 258 RUN_DEV(QCOM, RT2870), 259 RUN_DEV(QUANTA, RT3070), 260 RUN_DEV(RALINK, RT2070), 261 RUN_DEV(RALINK, RT2770), 262 RUN_DEV(RALINK, RT2870), 263 RUN_DEV(RALINK, RT3070), 264 RUN_DEV(RALINK, RT3071), 265 RUN_DEV(RALINK, RT3072), 266 RUN_DEV(RALINK, RT3370), 267 RUN_DEV(RALINK, RT3572), 268 RUN_DEV(RALINK, RT3573), 269 RUN_DEV(RALINK, RT5370), 270 RUN_DEV(RALINK, RT5572), 271 RUN_DEV(RALINK, RT8070), 272 RUN_DEV(SAMSUNG, WIS09ABGN), 273 RUN_DEV(SAMSUNG2, RT2870_1), 274 RUN_DEV(SENAO, RT2870_1), 275 RUN_DEV(SENAO, RT2870_2), 276 RUN_DEV(SENAO, RT2870_3), 277 RUN_DEV(SENAO, RT2870_4), 278 RUN_DEV(SENAO, RT3070), 279 RUN_DEV(SENAO, RT3071), 280 RUN_DEV(SENAO, RT3072_1), 281 RUN_DEV(SENAO, RT3072_2), 282 RUN_DEV(SENAO, RT3072_3), 283 RUN_DEV(SENAO, RT3072_4), 284 RUN_DEV(SENAO, RT3072_5), 285 RUN_DEV(SITECOMEU, RT2770), 286 RUN_DEV(SITECOMEU, RT2870_1), 287 RUN_DEV(SITECOMEU, RT2870_2), 288 RUN_DEV(SITECOMEU, RT2870_3), 289 RUN_DEV(SITECOMEU, RT2870_4), 290 RUN_DEV(SITECOMEU, RT3070), 291 RUN_DEV(SITECOMEU, RT3070_2), 292 RUN_DEV(SITECOMEU, RT3070_3), 293 RUN_DEV(SITECOMEU, RT3070_4), 294 RUN_DEV(SITECOMEU, RT3071), 295 RUN_DEV(SITECOMEU, RT3072_1), 296 RUN_DEV(SITECOMEU, RT3072_2), 297 RUN_DEV(SITECOMEU, RT3072_3), 298 RUN_DEV(SITECOMEU, RT3072_4), 299 RUN_DEV(SITECOMEU, RT3072_5), 300 RUN_DEV(SITECOMEU, RT3072_6), 301 RUN_DEV(SITECOMEU, WL608), 302 RUN_DEV(SPARKLAN, RT2870_1), 303 RUN_DEV(SPARKLAN, RT3070), 304 RUN_DEV(SWEEX2, LW153), 305 RUN_DEV(SWEEX2, LW303), 306 RUN_DEV(SWEEX2, LW313), 307 RUN_DEV(TOSHIBA, RT3070), 308 RUN_DEV(UMEDIA, RT2870_1), 309 RUN_DEV(ZCOM, RT2870_1), 310 RUN_DEV(ZCOM, RT2870_2), 311 RUN_DEV(ZINWELL, RT2870_1), 312 RUN_DEV(ZINWELL, RT2870_2), 313 RUN_DEV(ZINWELL, RT3070), 314 RUN_DEV(ZINWELL, RT3072_1), 315 RUN_DEV(ZINWELL, RT3072_2), 316 RUN_DEV(ZYXEL, RT2870_1), 317 RUN_DEV(ZYXEL, RT2870_2), 318 RUN_DEV(ZYXEL, NWD2705), 319 RUN_DEV_EJECT(RALINK, RT_STOR), 320#undef RUN_DEV_EJECT 321#undef RUN_DEV 322}; 323 324static device_probe_t run_match; 325static device_attach_t run_attach; 326static device_detach_t run_detach; 327 328static usb_callback_t run_bulk_rx_callback; 329static usb_callback_t run_bulk_tx_callback0; 330static usb_callback_t run_bulk_tx_callback1; 331static usb_callback_t run_bulk_tx_callback2; 332static usb_callback_t run_bulk_tx_callback3; 333static usb_callback_t run_bulk_tx_callback4; 334static usb_callback_t run_bulk_tx_callback5; 335 336static void run_autoinst(void *, struct usb_device *, 337 struct usb_attach_arg *); 338static int run_driver_loaded(struct module *, int, void *); 339static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 340 usb_error_t error, u_int index); 341static struct ieee80211vap *run_vap_create(struct ieee80211com *, 342 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 343 const uint8_t [IEEE80211_ADDR_LEN], 344 const uint8_t [IEEE80211_ADDR_LEN]); 345static void run_vap_delete(struct ieee80211vap *); 346static void run_cmdq_cb(void *, int); 347static void run_setup_tx_list(struct run_softc *, 348 struct run_endpoint_queue *); 349static void run_unsetup_tx_list(struct run_softc *, 350 struct run_endpoint_queue *); 351static int run_load_microcode(struct run_softc *); 352static int run_reset(struct run_softc *); 353static usb_error_t run_do_request(struct run_softc *, 354 struct usb_device_request *, void *); 355static int run_read(struct run_softc *, uint16_t, uint32_t *); 356static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 357static int run_write_2(struct run_softc *, uint16_t, uint16_t); 358static int run_write(struct run_softc *, uint16_t, uint32_t); 359static int run_write_region_1(struct run_softc *, uint16_t, 360 const uint8_t *, int); 361static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 362static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 363static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 364static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 365static int run_rt2870_rf_write(struct run_softc *, uint32_t); 366static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 367static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 368static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 369static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 370static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 371static const char *run_get_rf(uint16_t); 372static void run_rt3593_get_txpower(struct run_softc *); 373static void run_get_txpower(struct run_softc *); 374static int run_read_eeprom(struct run_softc *); 375static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 376 const uint8_t mac[IEEE80211_ADDR_LEN]); 377static int run_media_change(struct ifnet *); 378static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 379static int run_wme_update(struct ieee80211com *); 380static void run_wme_update_cb(void *); 381static void run_key_update_begin(struct ieee80211vap *); 382static void run_key_update_end(struct ieee80211vap *); 383static void run_key_set_cb(void *); 384static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 385 const uint8_t mac[IEEE80211_ADDR_LEN]); 386static void run_key_delete_cb(void *); 387static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 388static void run_ratectl_to(void *); 389static void run_ratectl_cb(void *, int); 390static void run_drain_fifo(void *); 391static void run_iter_func(void *, struct ieee80211_node *); 392static void run_newassoc_cb(void *); 393static void run_newassoc(struct ieee80211_node *, int); 394static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 395static void run_tx_free(struct run_endpoint_queue *pq, 396 struct run_tx_data *, int); 397static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 398static int run_tx(struct run_softc *, struct mbuf *, 399 struct ieee80211_node *); 400static int run_tx_mgt(struct run_softc *, struct mbuf *, 401 struct ieee80211_node *); 402static int run_sendprot(struct run_softc *, const struct mbuf *, 403 struct ieee80211_node *, int, int); 404static int run_tx_param(struct run_softc *, struct mbuf *, 405 struct ieee80211_node *, 406 const struct ieee80211_bpf_params *); 407static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 408 const struct ieee80211_bpf_params *); 409static void run_start(struct ifnet *); 410static int run_ioctl(struct ifnet *, u_long, caddr_t); 411static void run_iq_calib(struct run_softc *, u_int); 412static void run_set_agc(struct run_softc *, uint8_t); 413static void run_select_chan_group(struct run_softc *, int); 414static void run_set_rx_antenna(struct run_softc *, int); 415static void run_rt2870_set_chan(struct run_softc *, u_int); 416static void run_rt3070_set_chan(struct run_softc *, u_int); 417static void run_rt3572_set_chan(struct run_softc *, u_int); 418static void run_rt3593_set_chan(struct run_softc *, u_int); 419static void run_rt5390_set_chan(struct run_softc *, u_int); 420static void run_rt5592_set_chan(struct run_softc *, u_int); 421static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 422static void run_set_channel(struct ieee80211com *); 423static void run_scan_start(struct ieee80211com *); 424static void run_scan_end(struct ieee80211com *); 425static void run_update_beacon(struct ieee80211vap *, int); 426static void run_update_beacon_cb(void *); 427static void run_updateprot(struct ieee80211com *); 428static void run_updateprot_cb(void *); 429static void run_usb_timeout_cb(void *); 430static void run_reset_livelock(struct run_softc *); 431static void run_enable_tsf_sync(struct run_softc *); 432static void run_enable_mrr(struct run_softc *); 433static void run_set_txpreamble(struct run_softc *); 434static void run_set_basicrates(struct run_softc *); 435static void run_set_leds(struct run_softc *, uint16_t); 436static void run_set_bssid(struct run_softc *, const uint8_t *); 437static void run_set_macaddr(struct run_softc *, const uint8_t *); 438static void run_updateslot(struct ifnet *); 439static void run_updateslot_cb(void *); 440static void run_update_mcast(struct ifnet *); 441static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 442static void run_update_promisc_locked(struct ifnet *); 443static void run_update_promisc(struct ifnet *); 444static void run_rt5390_bbp_init(struct run_softc *); 445static int run_bbp_init(struct run_softc *); 446static int run_rt3070_rf_init(struct run_softc *); 447static void run_rt3593_rf_init(struct run_softc *); 448static void run_rt5390_rf_init(struct run_softc *); 449static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 450 uint8_t *); 451static void run_rt3070_rf_setup(struct run_softc *); 452static void run_rt3593_rf_setup(struct run_softc *); 453static void run_rt5390_rf_setup(struct run_softc *); 454static int run_txrx_enable(struct run_softc *); 455static void run_adjust_freq_offset(struct run_softc *); 456static void run_init(void *); 457static void run_init_locked(struct run_softc *); 458static void run_stop(void *); 459static void run_delay(struct run_softc *, u_int); 460 461static eventhandler_tag run_etag; 462 463static const struct rt2860_rate { 464 uint8_t rate; 465 uint8_t mcs; 466 enum ieee80211_phytype phy; 467 uint8_t ctl_ridx; 468 uint16_t sp_ack_dur; 469 uint16_t lp_ack_dur; 470} rt2860_rates[] = { 471 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 472 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 473 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 474 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 475 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 476 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 477 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 478 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 479 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 480 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 481 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 482 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 483}; 484 485static const struct { 486 uint16_t reg; 487 uint32_t val; 488} rt2870_def_mac[] = { 489 RT2870_DEF_MAC 490}; 491 492static const struct { 493 uint8_t reg; 494 uint8_t val; 495} rt2860_def_bbp[] = { 496 RT2860_DEF_BBP 497},rt5390_def_bbp[] = { 498 RT5390_DEF_BBP 499},rt5592_def_bbp[] = { 500 RT5592_DEF_BBP 501}; 502 503/* 504 * Default values for BBP register R196 for RT5592. 505 */ 506static const uint8_t rt5592_bbp_r196[] = { 507 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 508 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 509 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 510 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 511 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 512 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 513 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 514 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 515 0x2e, 0x36, 0x30, 0x6e 516}; 517 518static const struct rfprog { 519 uint8_t chan; 520 uint32_t r1, r2, r3, r4; 521} rt2860_rf2850[] = { 522 RT2860_RF2850 523}; 524 525struct { 526 uint8_t n, r, k; 527} rt3070_freqs[] = { 528 RT3070_RF3052 529}; 530 531static const struct rt5592_freqs { 532 uint16_t n; 533 uint8_t k, m, r; 534} rt5592_freqs_20mhz[] = { 535 RT5592_RF5592_20MHZ 536},rt5592_freqs_40mhz[] = { 537 RT5592_RF5592_40MHZ 538}; 539 540static const struct { 541 uint8_t reg; 542 uint8_t val; 543} rt3070_def_rf[] = { 544 RT3070_DEF_RF 545},rt3572_def_rf[] = { 546 RT3572_DEF_RF 547},rt3593_def_rf[] = { 548 RT3593_DEF_RF 549},rt5390_def_rf[] = { 550 RT5390_DEF_RF 551},rt5392_def_rf[] = { 552 RT5392_DEF_RF 553},rt5592_def_rf[] = { 554 RT5592_DEF_RF 555},rt5592_2ghz_def_rf[] = { 556 RT5592_2GHZ_DEF_RF 557},rt5592_5ghz_def_rf[] = { 558 RT5592_5GHZ_DEF_RF 559}; 560 561static const struct { 562 u_int firstchan; 563 u_int lastchan; 564 uint8_t reg; 565 uint8_t val; 566} rt5592_chan_5ghz[] = { 567 RT5592_CHAN_5GHZ 568}; 569 570static const struct usb_config run_config[RUN_N_XFER] = { 571 [RUN_BULK_TX_BE] = { 572 .type = UE_BULK, 573 .endpoint = UE_ADDR_ANY, 574 .ep_index = 0, 575 .direction = UE_DIR_OUT, 576 .bufsize = RUN_MAX_TXSZ, 577 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 578 .callback = run_bulk_tx_callback0, 579 .timeout = 5000, /* ms */ 580 }, 581 [RUN_BULK_TX_BK] = { 582 .type = UE_BULK, 583 .endpoint = UE_ADDR_ANY, 584 .direction = UE_DIR_OUT, 585 .ep_index = 1, 586 .bufsize = RUN_MAX_TXSZ, 587 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 588 .callback = run_bulk_tx_callback1, 589 .timeout = 5000, /* ms */ 590 }, 591 [RUN_BULK_TX_VI] = { 592 .type = UE_BULK, 593 .endpoint = UE_ADDR_ANY, 594 .direction = UE_DIR_OUT, 595 .ep_index = 2, 596 .bufsize = RUN_MAX_TXSZ, 597 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 598 .callback = run_bulk_tx_callback2, 599 .timeout = 5000, /* ms */ 600 }, 601 [RUN_BULK_TX_VO] = { 602 .type = UE_BULK, 603 .endpoint = UE_ADDR_ANY, 604 .direction = UE_DIR_OUT, 605 .ep_index = 3, 606 .bufsize = RUN_MAX_TXSZ, 607 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 608 .callback = run_bulk_tx_callback3, 609 .timeout = 5000, /* ms */ 610 }, 611 [RUN_BULK_TX_HCCA] = { 612 .type = UE_BULK, 613 .endpoint = UE_ADDR_ANY, 614 .direction = UE_DIR_OUT, 615 .ep_index = 4, 616 .bufsize = RUN_MAX_TXSZ, 617 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 618 .callback = run_bulk_tx_callback4, 619 .timeout = 5000, /* ms */ 620 }, 621 [RUN_BULK_TX_PRIO] = { 622 .type = UE_BULK, 623 .endpoint = UE_ADDR_ANY, 624 .direction = UE_DIR_OUT, 625 .ep_index = 5, 626 .bufsize = RUN_MAX_TXSZ, 627 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 628 .callback = run_bulk_tx_callback5, 629 .timeout = 5000, /* ms */ 630 }, 631 [RUN_BULK_RX] = { 632 .type = UE_BULK, 633 .endpoint = UE_ADDR_ANY, 634 .direction = UE_DIR_IN, 635 .bufsize = RUN_MAX_RXSZ, 636 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 637 .callback = run_bulk_rx_callback, 638 } 639}; 640 641static void 642run_autoinst(void *arg, struct usb_device *udev, 643 struct usb_attach_arg *uaa) 644{ 645 struct usb_interface *iface; 646 struct usb_interface_descriptor *id; 647 648 if (uaa->dev_state != UAA_DEV_READY) 649 return; 650 651 iface = usbd_get_iface(udev, 0); 652 if (iface == NULL) 653 return; 654 id = iface->idesc; 655 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 656 return; 657 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 658 return; 659 660 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 661 uaa->dev_state = UAA_DEV_EJECTING; 662} 663 664static int 665run_driver_loaded(struct module *mod, int what, void *arg) 666{ 667 switch (what) { 668 case MOD_LOAD: 669 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 670 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 671 break; 672 case MOD_UNLOAD: 673 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 674 break; 675 default: 676 return (EOPNOTSUPP); 677 } 678 return (0); 679} 680 681static int 682run_match(device_t self) 683{ 684 struct usb_attach_arg *uaa = device_get_ivars(self); 685 686 if (uaa->usb_mode != USB_MODE_HOST) 687 return (ENXIO); 688 if (uaa->info.bConfigIndex != 0) 689 return (ENXIO); 690 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 691 return (ENXIO); 692 693 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 694} 695 696static int 697run_attach(device_t self) 698{ 699 struct run_softc *sc = device_get_softc(self); 700 struct usb_attach_arg *uaa = device_get_ivars(self); 701 struct ieee80211com *ic; 702 struct ifnet *ifp; 703 uint32_t ver; 704 int ntries, error; 705 uint8_t iface_index, bands; 706 707 device_set_usb_desc(self); 708 sc->sc_udev = uaa->device; 709 sc->sc_dev = self; 710 711 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 712 MTX_NETWORK_LOCK, MTX_DEF); 713 714 iface_index = RT2860_IFACE_INDEX; 715 716 error = usbd_transfer_setup(uaa->device, &iface_index, 717 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 718 if (error) { 719 device_printf(self, "could not allocate USB transfers, " 720 "err=%s\n", usbd_errstr(error)); 721 goto detach; 722 } 723 724 RUN_LOCK(sc); 725 726 /* wait for the chip to settle */ 727 for (ntries = 0; ntries < 100; ntries++) { 728 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 729 RUN_UNLOCK(sc); 730 goto detach; 731 } 732 if (ver != 0 && ver != 0xffffffff) 733 break; 734 run_delay(sc, 10); 735 } 736 if (ntries == 100) { 737 device_printf(sc->sc_dev, 738 "timeout waiting for NIC to initialize\n"); 739 RUN_UNLOCK(sc); 740 goto detach; 741 } 742 sc->mac_ver = ver >> 16; 743 sc->mac_rev = ver & 0xffff; 744 745 /* retrieve RF rev. no and various other things from EEPROM */ 746 run_read_eeprom(sc); 747 748 device_printf(sc->sc_dev, 749 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 750 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 751 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 752 753 RUN_UNLOCK(sc); 754 755 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 756 if (ifp == NULL) { 757 device_printf(sc->sc_dev, "can not if_alloc()\n"); 758 goto detach; 759 } 760 ic = ifp->if_l2com; 761 762 ifp->if_softc = sc; 763 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 764 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 765 ifp->if_init = run_init; 766 ifp->if_ioctl = run_ioctl; 767 ifp->if_start = run_start; 768 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 769 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 770 IFQ_SET_READY(&ifp->if_snd); 771 772 ic->ic_ifp = ifp; 773 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 774 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 775 776 /* set device capabilities */ 777 ic->ic_caps = 778 IEEE80211_C_STA | /* station mode supported */ 779 IEEE80211_C_MONITOR | /* monitor mode supported */ 780 IEEE80211_C_IBSS | 781 IEEE80211_C_HOSTAP | 782 IEEE80211_C_WDS | /* 4-address traffic works */ 783 IEEE80211_C_MBSS | 784 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 785 IEEE80211_C_SHSLOT | /* short slot time supported */ 786 IEEE80211_C_WME | /* WME */ 787 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 788 789 ic->ic_cryptocaps = 790 IEEE80211_CRYPTO_WEP | 791 IEEE80211_CRYPTO_AES_CCM | 792 IEEE80211_CRYPTO_TKIPMIC | 793 IEEE80211_CRYPTO_TKIP; 794 795 ic->ic_flags |= IEEE80211_F_DATAPAD; 796 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 797 798 bands = 0; 799 setbit(&bands, IEEE80211_MODE_11B); 800 setbit(&bands, IEEE80211_MODE_11G); 801 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 802 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 803 sc->rf_rev == RT5592_RF_5592) 804 setbit(&bands, IEEE80211_MODE_11A); 805 ieee80211_init_channels(ic, NULL, &bands); 806 807 ieee80211_ifattach(ic, sc->sc_bssid); 808 809 ic->ic_scan_start = run_scan_start; 810 ic->ic_scan_end = run_scan_end; 811 ic->ic_set_channel = run_set_channel; 812 ic->ic_node_alloc = run_node_alloc; 813 ic->ic_newassoc = run_newassoc; 814 ic->ic_updateslot = run_updateslot; 815 ic->ic_update_mcast = run_update_mcast; 816 ic->ic_wme.wme_update = run_wme_update; 817 ic->ic_raw_xmit = run_raw_xmit; 818 ic->ic_update_promisc = run_update_promisc; 819 820 ic->ic_vap_create = run_vap_create; 821 ic->ic_vap_delete = run_vap_delete; 822 823 ieee80211_radiotap_attach(ic, 824 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 825 RUN_TX_RADIOTAP_PRESENT, 826 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 827 RUN_RX_RADIOTAP_PRESENT); 828 829 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 830 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 831 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 832 833 if (bootverbose) 834 ieee80211_announce(ic); 835 836 return (0); 837 838detach: 839 run_detach(self); 840 return (ENXIO); 841} 842 843static int 844run_detach(device_t self) 845{ 846 struct run_softc *sc = device_get_softc(self); 847 struct ifnet *ifp = sc->sc_ifp; 848 struct ieee80211com *ic; 849 int i; 850 851 RUN_LOCK(sc); 852 sc->sc_detached = 1; 853 RUN_UNLOCK(sc); 854 855 /* stop all USB transfers */ 856 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 857 858 RUN_LOCK(sc); 859 sc->ratectl_run = RUN_RATECTL_OFF; 860 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 861 862 /* free TX list, if any */ 863 for (i = 0; i != RUN_EP_QUEUES; i++) 864 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 865 RUN_UNLOCK(sc); 866 867 if (ifp) { 868 ic = ifp->if_l2com; 869 /* drain tasks */ 870 usb_callout_drain(&sc->ratectl_ch); 871 ieee80211_draintask(ic, &sc->cmdq_task); 872 ieee80211_draintask(ic, &sc->ratectl_task); 873 ieee80211_ifdetach(ic); 874 if_free(ifp); 875 } 876 877 mtx_destroy(&sc->sc_mtx); 878 879 return (0); 880} 881 882static struct ieee80211vap * 883run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 884 enum ieee80211_opmode opmode, int flags, 885 const uint8_t bssid[IEEE80211_ADDR_LEN], 886 const uint8_t mac[IEEE80211_ADDR_LEN]) 887{ 888 struct ifnet *ifp = ic->ic_ifp; 889 struct run_softc *sc = ifp->if_softc; 890 struct run_vap *rvp; 891 struct ieee80211vap *vap; 892 int i; 893 894 if (sc->rvp_cnt >= RUN_VAP_MAX) { 895 if_printf(ifp, "number of VAPs maxed out\n"); 896 return (NULL); 897 } 898 899 switch (opmode) { 900 case IEEE80211_M_STA: 901 /* enable s/w bmiss handling for sta mode */ 902 flags |= IEEE80211_CLONE_NOBEACONS; 903 /* fall though */ 904 case IEEE80211_M_IBSS: 905 case IEEE80211_M_MONITOR: 906 case IEEE80211_M_HOSTAP: 907 case IEEE80211_M_MBSS: 908 /* other than WDS vaps, only one at a time */ 909 if (!TAILQ_EMPTY(&ic->ic_vaps)) 910 return (NULL); 911 break; 912 case IEEE80211_M_WDS: 913 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 914 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 915 continue; 916 /* WDS vap's always share the local mac address. */ 917 flags &= ~IEEE80211_CLONE_BSSID; 918 break; 919 } 920 if (vap == NULL) { 921 if_printf(ifp, "wds only supported in ap mode\n"); 922 return (NULL); 923 } 924 break; 925 default: 926 if_printf(ifp, "unknown opmode %d\n", opmode); 927 return (NULL); 928 } 929 930 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 931 M_80211_VAP, M_NOWAIT | M_ZERO); 932 if (rvp == NULL) 933 return (NULL); 934 vap = &rvp->vap; 935 936 if (ieee80211_vap_setup(ic, vap, name, unit, 937 opmode, flags, bssid, mac) != 0) { 938 /* out of memory */ 939 free(rvp, M_80211_VAP); 940 return (NULL); 941 } 942 943 vap->iv_key_update_begin = run_key_update_begin; 944 vap->iv_key_update_end = run_key_update_end; 945 vap->iv_update_beacon = run_update_beacon; 946 vap->iv_max_aid = RT2870_WCID_MAX; 947 /* 948 * To delete the right key from h/w, we need wcid. 949 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 950 * and matching wcid will be written into there. So, cast 951 * some spells to remove 'const' from ieee80211_key{} 952 */ 953 vap->iv_key_delete = (void *)run_key_delete; 954 vap->iv_key_set = (void *)run_key_set; 955 956 /* override state transition machine */ 957 rvp->newstate = vap->iv_newstate; 958 vap->iv_newstate = run_newstate; 959 960 ieee80211_ratectl_init(vap); 961 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 962 963 /* complete setup */ 964 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 965 966 /* make sure id is always unique */ 967 for (i = 0; i < RUN_VAP_MAX; i++) { 968 if((sc->rvp_bmap & 1 << i) == 0){ 969 sc->rvp_bmap |= 1 << i; 970 rvp->rvp_id = i; 971 break; 972 } 973 } 974 if (sc->rvp_cnt++ == 0) 975 ic->ic_opmode = opmode; 976 977 if (opmode == IEEE80211_M_HOSTAP) 978 sc->cmdq_run = RUN_CMDQ_GO; 979 980 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 981 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 982 983 return (vap); 984} 985 986static void 987run_vap_delete(struct ieee80211vap *vap) 988{ 989 struct run_vap *rvp = RUN_VAP(vap); 990 struct ifnet *ifp; 991 struct ieee80211com *ic; 992 struct run_softc *sc; 993 uint8_t rvp_id; 994 995 if (vap == NULL) 996 return; 997 998 ic = vap->iv_ic; 999 ifp = ic->ic_ifp; 1000 1001 sc = ifp->if_softc; 1002 1003 RUN_LOCK(sc); 1004 1005 m_freem(rvp->beacon_mbuf); 1006 rvp->beacon_mbuf = NULL; 1007 1008 rvp_id = rvp->rvp_id; 1009 sc->ratectl_run &= ~(1 << rvp_id); 1010 sc->rvp_bmap &= ~(1 << rvp_id); 1011 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1012 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1013 --sc->rvp_cnt; 1014 1015 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1016 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1017 1018 RUN_UNLOCK(sc); 1019 1020 ieee80211_ratectl_deinit(vap); 1021 ieee80211_vap_detach(vap); 1022 free(rvp, M_80211_VAP); 1023} 1024 1025/* 1026 * There are numbers of functions need to be called in context thread. 1027 * Rather than creating taskqueue event for each of those functions, 1028 * here is all-for-one taskqueue callback function. This function 1029 * gurantees deferred functions are executed in the same order they 1030 * were enqueued. 1031 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1032 */ 1033static void 1034run_cmdq_cb(void *arg, int pending) 1035{ 1036 struct run_softc *sc = arg; 1037 uint8_t i; 1038 1039 /* call cmdq[].func locked */ 1040 RUN_LOCK(sc); 1041 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1042 i = sc->cmdq_exec, pending--) { 1043 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1044 if (sc->cmdq_run == RUN_CMDQ_GO) { 1045 /* 1046 * If arg0 is NULL, callback func needs more 1047 * than one arg. So, pass ptr to cmdq struct. 1048 */ 1049 if (sc->cmdq[i].arg0) 1050 sc->cmdq[i].func(sc->cmdq[i].arg0); 1051 else 1052 sc->cmdq[i].func(&sc->cmdq[i]); 1053 } 1054 sc->cmdq[i].arg0 = NULL; 1055 sc->cmdq[i].func = NULL; 1056 sc->cmdq_exec++; 1057 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1058 } 1059 RUN_UNLOCK(sc); 1060} 1061 1062static void 1063run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1064{ 1065 struct run_tx_data *data; 1066 1067 memset(pq, 0, sizeof(*pq)); 1068 1069 STAILQ_INIT(&pq->tx_qh); 1070 STAILQ_INIT(&pq->tx_fh); 1071 1072 for (data = &pq->tx_data[0]; 1073 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1074 data->sc = sc; 1075 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1076 } 1077 pq->tx_nfree = RUN_TX_RING_COUNT; 1078} 1079 1080static void 1081run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1082{ 1083 struct run_tx_data *data; 1084 1085 /* make sure any subsequent use of the queues will fail */ 1086 pq->tx_nfree = 0; 1087 STAILQ_INIT(&pq->tx_fh); 1088 STAILQ_INIT(&pq->tx_qh); 1089 1090 /* free up all node references and mbufs */ 1091 for (data = &pq->tx_data[0]; 1092 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1093 if (data->m != NULL) { 1094 m_freem(data->m); 1095 data->m = NULL; 1096 } 1097 if (data->ni != NULL) { 1098 ieee80211_free_node(data->ni); 1099 data->ni = NULL; 1100 } 1101 } 1102} 1103 1104static int 1105run_load_microcode(struct run_softc *sc) 1106{ 1107 usb_device_request_t req; 1108 const struct firmware *fw; 1109 const u_char *base; 1110 uint32_t tmp; 1111 int ntries, error; 1112 const uint64_t *temp; 1113 uint64_t bytes; 1114 1115 RUN_UNLOCK(sc); 1116 fw = firmware_get("runfw"); 1117 RUN_LOCK(sc); 1118 if (fw == NULL) { 1119 device_printf(sc->sc_dev, 1120 "failed loadfirmware of file %s\n", "runfw"); 1121 return ENOENT; 1122 } 1123 1124 if (fw->datasize != 8192) { 1125 device_printf(sc->sc_dev, 1126 "invalid firmware size (should be 8KB)\n"); 1127 error = EINVAL; 1128 goto fail; 1129 } 1130 1131 /* 1132 * RT3071/RT3072 use a different firmware 1133 * run-rt2870 (8KB) contains both, 1134 * first half (4KB) is for rt2870, 1135 * last half is for rt3071. 1136 */ 1137 base = fw->data; 1138 if ((sc->mac_ver) != 0x2860 && 1139 (sc->mac_ver) != 0x2872 && 1140 (sc->mac_ver) != 0x3070) { 1141 base += 4096; 1142 } 1143 1144 /* cheap sanity check */ 1145 temp = fw->data; 1146 bytes = *temp; 1147 if (bytes != be64toh(0xffffff0210280210ULL)) { 1148 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1149 error = EINVAL; 1150 goto fail; 1151 } 1152 1153 /* write microcode image */ 1154 if (sc->mac_ver != 0x3593) { 1155 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1156 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1157 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1158 } 1159 1160 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1161 req.bRequest = RT2870_RESET; 1162 USETW(req.wValue, 8); 1163 USETW(req.wIndex, 0); 1164 USETW(req.wLength, 0); 1165 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1166 != 0) { 1167 device_printf(sc->sc_dev, "firmware reset failed\n"); 1168 goto fail; 1169 } 1170 1171 run_delay(sc, 10); 1172 1173 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1174 run_write(sc, RT2860_H2M_MAILBOX, 0); 1175 run_write(sc, RT2860_H2M_INTSRC, 0); 1176 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1177 goto fail; 1178 1179 /* wait until microcontroller is ready */ 1180 for (ntries = 0; ntries < 1000; ntries++) { 1181 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1182 goto fail; 1183 if (tmp & RT2860_MCU_READY) 1184 break; 1185 run_delay(sc, 10); 1186 } 1187 if (ntries == 1000) { 1188 device_printf(sc->sc_dev, 1189 "timeout waiting for MCU to initialize\n"); 1190 error = ETIMEDOUT; 1191 goto fail; 1192 } 1193 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1194 (base == fw->data) ? "RT2870" : "RT3071", 1195 *(base + 4092), *(base + 4093)); 1196 1197fail: 1198 firmware_put(fw, FIRMWARE_UNLOAD); 1199 return (error); 1200} 1201 1202static int 1203run_reset(struct run_softc *sc) 1204{ 1205 usb_device_request_t req; 1206 1207 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1208 req.bRequest = RT2870_RESET; 1209 USETW(req.wValue, 1); 1210 USETW(req.wIndex, 0); 1211 USETW(req.wLength, 0); 1212 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1213} 1214 1215static usb_error_t 1216run_do_request(struct run_softc *sc, 1217 struct usb_device_request *req, void *data) 1218{ 1219 usb_error_t err; 1220 int ntries = 10; 1221 1222 RUN_LOCK_ASSERT(sc, MA_OWNED); 1223 1224 while (ntries--) { 1225 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1226 req, data, 0, NULL, 250 /* ms */); 1227 if (err == 0) 1228 break; 1229 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1230 usbd_errstr(err)); 1231 run_delay(sc, 10); 1232 } 1233 return (err); 1234} 1235 1236static int 1237run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1238{ 1239 uint32_t tmp; 1240 int error; 1241 1242 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1243 if (error == 0) 1244 *val = le32toh(tmp); 1245 else 1246 *val = 0xffffffff; 1247 return (error); 1248} 1249 1250static int 1251run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1252{ 1253 usb_device_request_t req; 1254 1255 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1256 req.bRequest = RT2870_READ_REGION_1; 1257 USETW(req.wValue, 0); 1258 USETW(req.wIndex, reg); 1259 USETW(req.wLength, len); 1260 1261 return (run_do_request(sc, &req, buf)); 1262} 1263 1264static int 1265run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1266{ 1267 usb_device_request_t req; 1268 1269 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1270 req.bRequest = RT2870_WRITE_2; 1271 USETW(req.wValue, val); 1272 USETW(req.wIndex, reg); 1273 USETW(req.wLength, 0); 1274 1275 return (run_do_request(sc, &req, NULL)); 1276} 1277 1278static int 1279run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1280{ 1281 int error; 1282 1283 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1284 error = run_write_2(sc, reg + 2, val >> 16); 1285 return (error); 1286} 1287 1288static int 1289run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1290 int len) 1291{ 1292#if 1 1293 int i, error = 0; 1294 /* 1295 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1296 * We thus issue multiple WRITE_2 commands instead. 1297 */ 1298 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1299 for (i = 0; i < len && error == 0; i += 2) 1300 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1301 return (error); 1302#else 1303 usb_device_request_t req; 1304 int error = 0; 1305 1306 /* 1307 * NOTE: It appears the WRITE_REGION_1 command cannot be 1308 * passed a huge amount of data, which will crash the 1309 * firmware. Limit amount of data passed to 64-bytes at a 1310 * time. 1311 */ 1312 while (len > 0) { 1313 int delta = 64; 1314 if (delta > len) 1315 delta = len; 1316 1317 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1318 req.bRequest = RT2870_WRITE_REGION_1; 1319 USETW(req.wValue, 0); 1320 USETW(req.wIndex, reg); 1321 USETW(req.wLength, delta); 1322 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1323 if (error != 0) 1324 break; 1325 reg += delta; 1326 buf += delta; 1327 len -= delta; 1328 } 1329 return (error); 1330#endif 1331} 1332 1333static int 1334run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1335{ 1336 int i, error = 0; 1337 1338 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1339 for (i = 0; i < len && error == 0; i += 4) 1340 error = run_write(sc, reg + i, val); 1341 return (error); 1342} 1343 1344static int 1345run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1346{ 1347 uint32_t tmp; 1348 uint16_t reg; 1349 int error, ntries; 1350 1351 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1352 return (error); 1353 1354 if (count == 2) 1355 addr *= 2; 1356 /*- 1357 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1358 * DATA0: F E D C 1359 * DATA1: B A 9 8 1360 * DATA2: 7 6 5 4 1361 * DATA3: 3 2 1 0 1362 */ 1363 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1364 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1365 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1366 for (ntries = 0; ntries < 100; ntries++) { 1367 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1368 return (error); 1369 if (!(tmp & RT3070_EFSROM_KICK)) 1370 break; 1371 run_delay(sc, 2); 1372 } 1373 if (ntries == 100) 1374 return (ETIMEDOUT); 1375 1376 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1377 *val = 0xffff; /* address not found */ 1378 return (0); 1379 } 1380 /* determine to which 32-bit register our 16-bit word belongs */ 1381 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1382 if ((error = run_read(sc, reg, &tmp)) != 0) 1383 return (error); 1384 1385 tmp >>= (8 * (addr & 0x3)); 1386 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1387 1388 return (0); 1389} 1390 1391/* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1392static int 1393run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1394{ 1395 return (run_efuse_read(sc, addr, val, 2)); 1396} 1397 1398static int 1399run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1400{ 1401 usb_device_request_t req; 1402 uint16_t tmp; 1403 int error; 1404 1405 addr *= 2; 1406 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1407 req.bRequest = RT2870_EEPROM_READ; 1408 USETW(req.wValue, 0); 1409 USETW(req.wIndex, addr); 1410 USETW(req.wLength, sizeof(tmp)); 1411 1412 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1413 if (error == 0) 1414 *val = le16toh(tmp); 1415 else 1416 *val = 0xffff; 1417 return (error); 1418} 1419 1420static __inline int 1421run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1422{ 1423 /* either eFUSE ROM or EEPROM */ 1424 return sc->sc_srom_read(sc, addr, val); 1425} 1426 1427static int 1428run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1429{ 1430 uint32_t tmp; 1431 int error, ntries; 1432 1433 for (ntries = 0; ntries < 10; ntries++) { 1434 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1435 return (error); 1436 if (!(tmp & RT2860_RF_REG_CTRL)) 1437 break; 1438 } 1439 if (ntries == 10) 1440 return (ETIMEDOUT); 1441 1442 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1443} 1444 1445static int 1446run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1447{ 1448 uint32_t tmp; 1449 int error, ntries; 1450 1451 for (ntries = 0; ntries < 100; ntries++) { 1452 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1453 return (error); 1454 if (!(tmp & RT3070_RF_KICK)) 1455 break; 1456 } 1457 if (ntries == 100) 1458 return (ETIMEDOUT); 1459 1460 tmp = RT3070_RF_KICK | reg << 8; 1461 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1462 return (error); 1463 1464 for (ntries = 0; ntries < 100; ntries++) { 1465 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1466 return (error); 1467 if (!(tmp & RT3070_RF_KICK)) 1468 break; 1469 } 1470 if (ntries == 100) 1471 return (ETIMEDOUT); 1472 1473 *val = tmp & 0xff; 1474 return (0); 1475} 1476 1477static int 1478run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1479{ 1480 uint32_t tmp; 1481 int error, ntries; 1482 1483 for (ntries = 0; ntries < 10; ntries++) { 1484 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1485 return (error); 1486 if (!(tmp & RT3070_RF_KICK)) 1487 break; 1488 } 1489 if (ntries == 10) 1490 return (ETIMEDOUT); 1491 1492 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1493 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1494} 1495 1496static int 1497run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1498{ 1499 uint32_t tmp; 1500 int ntries, error; 1501 1502 for (ntries = 0; ntries < 10; ntries++) { 1503 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1504 return (error); 1505 if (!(tmp & RT2860_BBP_CSR_KICK)) 1506 break; 1507 } 1508 if (ntries == 10) 1509 return (ETIMEDOUT); 1510 1511 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1512 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1513 return (error); 1514 1515 for (ntries = 0; ntries < 10; ntries++) { 1516 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1517 return (error); 1518 if (!(tmp & RT2860_BBP_CSR_KICK)) 1519 break; 1520 } 1521 if (ntries == 10) 1522 return (ETIMEDOUT); 1523 1524 *val = tmp & 0xff; 1525 return (0); 1526} 1527 1528static int 1529run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1530{ 1531 uint32_t tmp; 1532 int ntries, error; 1533 1534 for (ntries = 0; ntries < 10; ntries++) { 1535 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1536 return (error); 1537 if (!(tmp & RT2860_BBP_CSR_KICK)) 1538 break; 1539 } 1540 if (ntries == 10) 1541 return (ETIMEDOUT); 1542 1543 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1544 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1545} 1546 1547/* 1548 * Send a command to the 8051 microcontroller unit. 1549 */ 1550static int 1551run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1552{ 1553 uint32_t tmp; 1554 int error, ntries; 1555 1556 for (ntries = 0; ntries < 100; ntries++) { 1557 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1558 return error; 1559 if (!(tmp & RT2860_H2M_BUSY)) 1560 break; 1561 } 1562 if (ntries == 100) 1563 return ETIMEDOUT; 1564 1565 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1566 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1567 error = run_write(sc, RT2860_HOST_CMD, cmd); 1568 return (error); 1569} 1570 1571/* 1572 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1573 * Used to adjust per-rate Tx power registers. 1574 */ 1575static __inline uint32_t 1576b4inc(uint32_t b32, int8_t delta) 1577{ 1578 int8_t i, b4; 1579 1580 for (i = 0; i < 8; i++) { 1581 b4 = b32 & 0xf; 1582 b4 += delta; 1583 if (b4 < 0) 1584 b4 = 0; 1585 else if (b4 > 0xf) 1586 b4 = 0xf; 1587 b32 = b32 >> 4 | b4 << 28; 1588 } 1589 return (b32); 1590} 1591 1592static const char * 1593run_get_rf(uint16_t rev) 1594{ 1595 switch (rev) { 1596 case RT2860_RF_2820: return "RT2820"; 1597 case RT2860_RF_2850: return "RT2850"; 1598 case RT2860_RF_2720: return "RT2720"; 1599 case RT2860_RF_2750: return "RT2750"; 1600 case RT3070_RF_3020: return "RT3020"; 1601 case RT3070_RF_2020: return "RT2020"; 1602 case RT3070_RF_3021: return "RT3021"; 1603 case RT3070_RF_3022: return "RT3022"; 1604 case RT3070_RF_3052: return "RT3052"; 1605 case RT3593_RF_3053: return "RT3053"; 1606 case RT5592_RF_5592: return "RT5592"; 1607 case RT5390_RF_5370: return "RT5370"; 1608 case RT5390_RF_5372: return "RT5372"; 1609 } 1610 return ("unknown"); 1611} 1612 1613static void 1614run_rt3593_get_txpower(struct run_softc *sc) 1615{ 1616 uint16_t addr, val; 1617 int i; 1618 1619 /* Read power settings for 2GHz channels. */ 1620 for (i = 0; i < 14; i += 2) { 1621 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1622 RT2860_EEPROM_PWR2GHZ_BASE1; 1623 run_srom_read(sc, addr + i / 2, &val); 1624 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1625 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1626 1627 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1628 RT2860_EEPROM_PWR2GHZ_BASE2; 1629 run_srom_read(sc, addr + i / 2, &val); 1630 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1631 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1632 1633 if (sc->ntxchains == 3) { 1634 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1635 &val); 1636 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1637 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1638 } 1639 } 1640 /* Fix broken Tx power entries. */ 1641 for (i = 0; i < 14; i++) { 1642 if (sc->txpow1[i] > 31) 1643 sc->txpow1[i] = 5; 1644 if (sc->txpow2[i] > 31) 1645 sc->txpow2[i] = 5; 1646 if (sc->ntxchains == 3) { 1647 if (sc->txpow3[i] > 31) 1648 sc->txpow3[i] = 5; 1649 } 1650 } 1651 /* Read power settings for 5GHz channels. */ 1652 for (i = 0; i < 40; i += 2) { 1653 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1654 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1655 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1656 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1658 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1660 1661 if (sc->ntxchains == 3) { 1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1663 &val); 1664 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1665 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1666 } 1667 } 1668} 1669 1670static void 1671run_get_txpower(struct run_softc *sc) 1672{ 1673 uint16_t val; 1674 int i; 1675 1676 /* Read power settings for 2GHz channels. */ 1677 for (i = 0; i < 14; i += 2) { 1678 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1679 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1680 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1681 1682 if (sc->mac_ver != 0x5390) { 1683 run_srom_read(sc, 1684 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1685 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1686 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1687 } 1688 } 1689 /* Fix broken Tx power entries. */ 1690 for (i = 0; i < 14; i++) { 1691 if (sc->mac_ver >= 0x5390) { 1692 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1693 sc->txpow1[i] = 5; 1694 } else { 1695 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1696 sc->txpow1[i] = 5; 1697 } 1698 if (sc->mac_ver > 0x5390) { 1699 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1700 sc->txpow2[i] = 5; 1701 } else if (sc->mac_ver < 0x5390) { 1702 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1703 sc->txpow2[i] = 5; 1704 } 1705 DPRINTF("chan %d: power1=%d, power2=%d\n", 1706 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1707 } 1708 /* Read power settings for 5GHz channels. */ 1709 for (i = 0; i < 40; i += 2) { 1710 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1711 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1712 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1713 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1715 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1717 } 1718 /* Fix broken Tx power entries. */ 1719 for (i = 0; i < 40; i++ ) { 1720 if (sc->mac_ver != 0x5592) { 1721 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1722 sc->txpow1[14 + i] = 5; 1723 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1724 sc->txpow2[14 + i] = 5; 1725 } 1726 DPRINTF("chan %d: power1=%d, power2=%d\n", 1727 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1728 sc->txpow2[14 + i]); 1729 } 1730} 1731 1732static int 1733run_read_eeprom(struct run_softc *sc) 1734{ 1735 int8_t delta_2ghz, delta_5ghz; 1736 uint32_t tmp; 1737 uint16_t val; 1738 int ridx, ant, i; 1739 1740 /* check whether the ROM is eFUSE ROM or EEPROM */ 1741 sc->sc_srom_read = run_eeprom_read_2; 1742 if (sc->mac_ver >= 0x3070) { 1743 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1744 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1745 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1746 sc->sc_srom_read = run_efuse_read_2; 1747 } 1748 1749 /* read ROM version */ 1750 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1751 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1752 1753 /* read MAC address */ 1754 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1755 sc->sc_bssid[0] = val & 0xff; 1756 sc->sc_bssid[1] = val >> 8; 1757 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1758 sc->sc_bssid[2] = val & 0xff; 1759 sc->sc_bssid[3] = val >> 8; 1760 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1761 sc->sc_bssid[4] = val & 0xff; 1762 sc->sc_bssid[5] = val >> 8; 1763 1764 if (sc->mac_ver < 0x3593) { 1765 /* read vender BBP settings */ 1766 for (i = 0; i < 10; i++) { 1767 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1768 sc->bbp[i].val = val & 0xff; 1769 sc->bbp[i].reg = val >> 8; 1770 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1771 sc->bbp[i].val); 1772 } 1773 if (sc->mac_ver >= 0x3071) { 1774 /* read vendor RF settings */ 1775 for (i = 0; i < 10; i++) { 1776 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1777 &val); 1778 sc->rf[i].val = val & 0xff; 1779 sc->rf[i].reg = val >> 8; 1780 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1781 sc->rf[i].val); 1782 } 1783 } 1784 } 1785 1786 /* read RF frequency offset from EEPROM */ 1787 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1788 RT3593_EEPROM_FREQ, &val); 1789 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1790 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1791 1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1793 RT3593_EEPROM_FREQ_LEDS, &val); 1794 if (val >> 8 != 0xff) { 1795 /* read LEDs operating mode */ 1796 sc->leds = val >> 8; 1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1798 RT3593_EEPROM_LED1, &sc->led[0]); 1799 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1800 RT3593_EEPROM_LED2, &sc->led[1]); 1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1802 RT3593_EEPROM_LED3, &sc->led[2]); 1803 } else { 1804 /* broken EEPROM, use default settings */ 1805 sc->leds = 0x01; 1806 sc->led[0] = 0x5555; 1807 sc->led[1] = 0x2221; 1808 sc->led[2] = 0x5627; /* differs from RT2860 */ 1809 } 1810 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1811 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1812 1813 /* read RF information */ 1814 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1815 run_srom_read(sc, 0x00, &val); 1816 else 1817 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1818 1819 if (val == 0xffff) { 1820 device_printf(sc->sc_dev, 1821 "invalid EEPROM antenna info, using default\n"); 1822 DPRINTF("invalid EEPROM antenna info, using default\n"); 1823 if (sc->mac_ver == 0x3572) { 1824 /* default to RF3052 2T2R */ 1825 sc->rf_rev = RT3070_RF_3052; 1826 sc->ntxchains = 2; 1827 sc->nrxchains = 2; 1828 } else if (sc->mac_ver >= 0x3070) { 1829 /* default to RF3020 1T1R */ 1830 sc->rf_rev = RT3070_RF_3020; 1831 sc->ntxchains = 1; 1832 sc->nrxchains = 1; 1833 } else { 1834 /* default to RF2820 1T2R */ 1835 sc->rf_rev = RT2860_RF_2820; 1836 sc->ntxchains = 1; 1837 sc->nrxchains = 2; 1838 } 1839 } else { 1840 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1841 sc->rf_rev = val; 1842 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1843 } else 1844 sc->rf_rev = (val >> 8) & 0xf; 1845 sc->ntxchains = (val >> 4) & 0xf; 1846 sc->nrxchains = val & 0xf; 1847 } 1848 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1849 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1850 1851 /* check if RF supports automatic Tx access gain control */ 1852 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1853 DPRINTF("EEPROM CFG 0x%04x\n", val); 1854 /* check if driver should patch the DAC issue */ 1855 if ((val >> 8) != 0xff) 1856 sc->patch_dac = (val >> 15) & 1; 1857 if ((val & 0xff) != 0xff) { 1858 sc->ext_5ghz_lna = (val >> 3) & 1; 1859 sc->ext_2ghz_lna = (val >> 2) & 1; 1860 /* check if RF supports automatic Tx access gain control */ 1861 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1862 /* check if we have a hardware radio switch */ 1863 sc->rfswitch = val & 1; 1864 } 1865 1866 /* Read Tx power settings. */ 1867 if (sc->mac_ver == 0x3593) 1868 run_rt3593_get_txpower(sc); 1869 else 1870 run_get_txpower(sc); 1871 1872 /* read Tx power compensation for each Tx rate */ 1873 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1874 delta_2ghz = delta_5ghz = 0; 1875 if ((val & 0xff) != 0xff && (val & 0x80)) { 1876 delta_2ghz = val & 0xf; 1877 if (!(val & 0x40)) /* negative number */ 1878 delta_2ghz = -delta_2ghz; 1879 } 1880 val >>= 8; 1881 if ((val & 0xff) != 0xff && (val & 0x80)) { 1882 delta_5ghz = val & 0xf; 1883 if (!(val & 0x40)) /* negative number */ 1884 delta_5ghz = -delta_5ghz; 1885 } 1886 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1887 delta_2ghz, delta_5ghz); 1888 1889 for (ridx = 0; ridx < 5; ridx++) { 1890 uint32_t reg; 1891 1892 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1893 reg = val; 1894 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1895 reg |= (uint32_t)val << 16; 1896 1897 sc->txpow20mhz[ridx] = reg; 1898 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1899 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1900 1901 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1902 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1903 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1904 } 1905 1906 /* Read RSSI offsets and LNA gains from EEPROM. */ 1907 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1908 RT3593_EEPROM_RSSI1_2GHZ, &val); 1909 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1910 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1911 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1912 RT3593_EEPROM_RSSI2_2GHZ, &val); 1913 if (sc->mac_ver >= 0x3070) { 1914 if (sc->mac_ver == 0x3593) { 1915 sc->txmixgain_2ghz = 0; 1916 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1917 } else { 1918 /* 1919 * On RT3070 chips (limited to 2 Rx chains), this ROM 1920 * field contains the Tx mixer gain for the 2GHz band. 1921 */ 1922 if ((val & 0xff) != 0xff) 1923 sc->txmixgain_2ghz = val & 0x7; 1924 } 1925 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1926 } else 1927 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1928 if (sc->mac_ver == 0x3593) 1929 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1930 sc->lna[2] = val >> 8; /* channel group 2 */ 1931 1932 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1933 RT3593_EEPROM_RSSI1_5GHZ, &val); 1934 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1935 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1936 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1937 RT3593_EEPROM_RSSI2_5GHZ, &val); 1938 if (sc->mac_ver == 0x3572) { 1939 /* 1940 * On RT3572 chips (limited to 2 Rx chains), this ROM 1941 * field contains the Tx mixer gain for the 5GHz band. 1942 */ 1943 if ((val & 0xff) != 0xff) 1944 sc->txmixgain_5ghz = val & 0x7; 1945 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1946 } else 1947 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1948 if (sc->mac_ver == 0x3593) { 1949 sc->txmixgain_5ghz = 0; 1950 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1951 } 1952 sc->lna[3] = val >> 8; /* channel group 3 */ 1953 1954 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1955 RT3593_EEPROM_LNA, &val); 1956 sc->lna[0] = val & 0xff; /* channel group 0 */ 1957 sc->lna[1] = val >> 8; /* channel group 1 */ 1958 1959 /* fix broken 5GHz LNA entries */ 1960 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1961 DPRINTF("invalid LNA for channel group %d\n", 2); 1962 sc->lna[2] = sc->lna[1]; 1963 } 1964 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1965 DPRINTF("invalid LNA for channel group %d\n", 3); 1966 sc->lna[3] = sc->lna[1]; 1967 } 1968 1969 /* fix broken RSSI offset entries */ 1970 for (ant = 0; ant < 3; ant++) { 1971 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1972 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1973 ant + 1, sc->rssi_2ghz[ant]); 1974 sc->rssi_2ghz[ant] = 0; 1975 } 1976 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1977 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1978 ant + 1, sc->rssi_5ghz[ant]); 1979 sc->rssi_5ghz[ant] = 0; 1980 } 1981 } 1982 return (0); 1983} 1984 1985static struct ieee80211_node * 1986run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1987{ 1988 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1989} 1990 1991static int 1992run_media_change(struct ifnet *ifp) 1993{ 1994 struct ieee80211vap *vap = ifp->if_softc; 1995 struct ieee80211com *ic = vap->iv_ic; 1996 const struct ieee80211_txparam *tp; 1997 struct run_softc *sc = ic->ic_ifp->if_softc; 1998 uint8_t rate, ridx; 1999 int error; 2000 2001 RUN_LOCK(sc); 2002 2003 error = ieee80211_media_change(ifp); 2004 if (error != ENETRESET) { 2005 RUN_UNLOCK(sc); 2006 return (error); 2007 } 2008 2009 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2010 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2011 struct ieee80211_node *ni; 2012 struct run_node *rn; 2013 2014 rate = ic->ic_sup_rates[ic->ic_curmode]. 2015 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2016 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2017 if (rt2860_rates[ridx].rate == rate) 2018 break; 2019 ni = ieee80211_ref_node(vap->iv_bss); 2020 rn = (struct run_node *)ni; 2021 rn->fix_ridx = ridx; 2022 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2023 ieee80211_free_node(ni); 2024 } 2025 2026#if 0 2027 if ((ifp->if_flags & IFF_UP) && 2028 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 2029 run_init_locked(sc); 2030 } 2031#endif 2032 2033 RUN_UNLOCK(sc); 2034 2035 return (0); 2036} 2037 2038static int 2039run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2040{ 2041 const struct ieee80211_txparam *tp; 2042 struct ieee80211com *ic = vap->iv_ic; 2043 struct run_softc *sc = ic->ic_ifp->if_softc; 2044 struct run_vap *rvp = RUN_VAP(vap); 2045 enum ieee80211_state ostate; 2046 uint32_t sta[3]; 2047 uint32_t tmp; 2048 uint8_t ratectl; 2049 uint8_t restart_ratectl = 0; 2050 uint8_t bid = 1 << rvp->rvp_id; 2051 2052 ostate = vap->iv_state; 2053 DPRINTF("%s -> %s\n", 2054 ieee80211_state_name[ostate], 2055 ieee80211_state_name[nstate]); 2056 2057 IEEE80211_UNLOCK(ic); 2058 RUN_LOCK(sc); 2059 2060 ratectl = sc->ratectl_run; /* remember current state */ 2061 sc->ratectl_run = RUN_RATECTL_OFF; 2062 usb_callout_stop(&sc->ratectl_ch); 2063 2064 if (ostate == IEEE80211_S_RUN) { 2065 /* turn link LED off */ 2066 run_set_leds(sc, RT2860_LED_RADIO); 2067 } 2068 2069 switch (nstate) { 2070 case IEEE80211_S_INIT: 2071 restart_ratectl = 1; 2072 2073 if (ostate != IEEE80211_S_RUN) 2074 break; 2075 2076 ratectl &= ~bid; 2077 sc->runbmap &= ~bid; 2078 2079 /* abort TSF synchronization if there is no vap running */ 2080 if (--sc->running == 0) { 2081 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2082 run_write(sc, RT2860_BCN_TIME_CFG, 2083 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2084 RT2860_TBTT_TIMER_EN)); 2085 } 2086 break; 2087 2088 case IEEE80211_S_RUN: 2089 if (!(sc->runbmap & bid)) { 2090 if(sc->running++) 2091 restart_ratectl = 1; 2092 sc->runbmap |= bid; 2093 } 2094 2095 m_freem(rvp->beacon_mbuf); 2096 rvp->beacon_mbuf = NULL; 2097 2098 switch (vap->iv_opmode) { 2099 case IEEE80211_M_HOSTAP: 2100 case IEEE80211_M_MBSS: 2101 sc->ap_running |= bid; 2102 ic->ic_opmode = vap->iv_opmode; 2103 run_update_beacon_cb(vap); 2104 break; 2105 case IEEE80211_M_IBSS: 2106 sc->adhoc_running |= bid; 2107 if (!sc->ap_running) 2108 ic->ic_opmode = vap->iv_opmode; 2109 run_update_beacon_cb(vap); 2110 break; 2111 case IEEE80211_M_STA: 2112 sc->sta_running |= bid; 2113 if (!sc->ap_running && !sc->adhoc_running) 2114 ic->ic_opmode = vap->iv_opmode; 2115 2116 /* read statistic counters (clear on read) */ 2117 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2118 (uint8_t *)sta, sizeof sta); 2119 2120 break; 2121 default: 2122 ic->ic_opmode = vap->iv_opmode; 2123 break; 2124 } 2125 2126 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2127 struct ieee80211_node *ni; 2128 2129 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2130 RUN_UNLOCK(sc); 2131 IEEE80211_LOCK(ic); 2132 return (-1); 2133 } 2134 run_updateslot(ic->ic_ifp); 2135 run_enable_mrr(sc); 2136 run_set_txpreamble(sc); 2137 run_set_basicrates(sc); 2138 ni = ieee80211_ref_node(vap->iv_bss); 2139 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2140 run_set_bssid(sc, ni->ni_bssid); 2141 ieee80211_free_node(ni); 2142 run_enable_tsf_sync(sc); 2143 2144 /* enable automatic rate adaptation */ 2145 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2146 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2147 ratectl |= bid; 2148 } 2149 2150 /* turn link LED on */ 2151 run_set_leds(sc, RT2860_LED_RADIO | 2152 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2153 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2154 2155 break; 2156 default: 2157 DPRINTFN(6, "undefined case\n"); 2158 break; 2159 } 2160 2161 /* restart amrr for running VAPs */ 2162 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2163 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2164 2165 RUN_UNLOCK(sc); 2166 IEEE80211_LOCK(ic); 2167 2168 return(rvp->newstate(vap, nstate, arg)); 2169} 2170 2171/* ARGSUSED */ 2172static void 2173run_wme_update_cb(void *arg) 2174{ 2175 struct ieee80211com *ic = arg; 2176 struct run_softc *sc = ic->ic_ifp->if_softc; 2177 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2178 int aci, error = 0; 2179 2180 RUN_LOCK_ASSERT(sc, MA_OWNED); 2181 2182 /* update MAC TX configuration registers */ 2183 for (aci = 0; aci < WME_NUM_AC; aci++) { 2184 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2185 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2186 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2187 wmesp->wme_params[aci].wmep_aifsn << 8 | 2188 wmesp->wme_params[aci].wmep_txopLimit); 2189 if (error) goto err; 2190 } 2191 2192 /* update SCH/DMA registers too */ 2193 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2194 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2195 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2196 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2197 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2198 if (error) goto err; 2199 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2200 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2201 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2202 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2203 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2204 if (error) goto err; 2205 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2206 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2207 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2208 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2209 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2210 if (error) goto err; 2211 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2212 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2213 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2214 if (error) goto err; 2215 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2216 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2217 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2218 2219err: 2220 if (error) 2221 DPRINTF("WME update failed\n"); 2222 2223 return; 2224} 2225 2226static int 2227run_wme_update(struct ieee80211com *ic) 2228{ 2229 struct run_softc *sc = ic->ic_ifp->if_softc; 2230 2231 /* sometime called wothout lock */ 2232 if (mtx_owned(&ic->ic_comlock.mtx)) { 2233 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2234 DPRINTF("cmdq_store=%d\n", i); 2235 sc->cmdq[i].func = run_wme_update_cb; 2236 sc->cmdq[i].arg0 = ic; 2237 ieee80211_runtask(ic, &sc->cmdq_task); 2238 return (0); 2239 } 2240 2241 RUN_LOCK(sc); 2242 run_wme_update_cb(ic); 2243 RUN_UNLOCK(sc); 2244 2245 /* return whatever, upper layer desn't care anyway */ 2246 return (0); 2247} 2248 2249static void 2250run_key_update_begin(struct ieee80211vap *vap) 2251{ 2252 /* 2253 * To avoid out-of-order events, both run_key_set() and 2254 * _delete() are deferred and handled by run_cmdq_cb(). 2255 * So, there is nothing we need to do here. 2256 */ 2257} 2258 2259static void 2260run_key_update_end(struct ieee80211vap *vap) 2261{ 2262 /* null */ 2263} 2264 2265static void 2266run_key_set_cb(void *arg) 2267{ 2268 struct run_cmdq *cmdq = arg; 2269 struct ieee80211vap *vap = cmdq->arg1; 2270 struct ieee80211_key *k = cmdq->k; 2271 struct ieee80211com *ic = vap->iv_ic; 2272 struct run_softc *sc = ic->ic_ifp->if_softc; 2273 struct ieee80211_node *ni; 2274 uint32_t attr; 2275 uint16_t base, associd; 2276 uint8_t mode, wcid, iv[8]; 2277 2278 RUN_LOCK_ASSERT(sc, MA_OWNED); 2279 2280 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2281 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2282 else 2283 ni = vap->iv_bss; 2284 associd = (ni != NULL) ? ni->ni_associd : 0; 2285 2286 /* map net80211 cipher to RT2860 security mode */ 2287 switch (k->wk_cipher->ic_cipher) { 2288 case IEEE80211_CIPHER_WEP: 2289 if(k->wk_keylen < 8) 2290 mode = RT2860_MODE_WEP40; 2291 else 2292 mode = RT2860_MODE_WEP104; 2293 break; 2294 case IEEE80211_CIPHER_TKIP: 2295 mode = RT2860_MODE_TKIP; 2296 break; 2297 case IEEE80211_CIPHER_AES_CCM: 2298 mode = RT2860_MODE_AES_CCMP; 2299 break; 2300 default: 2301 DPRINTF("undefined case\n"); 2302 return; 2303 } 2304 2305 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2306 associd, k->wk_keyix, mode, 2307 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2308 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2309 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2310 2311 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2312 wcid = 0; /* NB: update WCID0 for group keys */ 2313 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2314 } else { 2315 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2316 1 : RUN_AID2WCID(associd); 2317 base = RT2860_PKEY(wcid); 2318 } 2319 2320 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2321 if(run_write_region_1(sc, base, k->wk_key, 16)) 2322 return; 2323 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2324 return; 2325 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2326 return; 2327 } else { 2328 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2329 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2330 return; 2331 } 2332 2333 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2334 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2335 /* set initial packet number in IV+EIV */ 2336 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2337 memset(iv, 0, sizeof iv); 2338 iv[3] = vap->iv_def_txkey << 6; 2339 } else { 2340 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2341 iv[0] = k->wk_keytsc >> 8; 2342 iv[1] = (iv[0] | 0x20) & 0x7f; 2343 iv[2] = k->wk_keytsc; 2344 } else /* CCMP */ { 2345 iv[0] = k->wk_keytsc; 2346 iv[1] = k->wk_keytsc >> 8; 2347 iv[2] = 0; 2348 } 2349 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2350 iv[4] = k->wk_keytsc >> 16; 2351 iv[5] = k->wk_keytsc >> 24; 2352 iv[6] = k->wk_keytsc >> 32; 2353 iv[7] = k->wk_keytsc >> 40; 2354 } 2355 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2356 return; 2357 } 2358 2359 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2360 /* install group key */ 2361 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2362 return; 2363 attr &= ~(0xf << (k->wk_keyix * 4)); 2364 attr |= mode << (k->wk_keyix * 4); 2365 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2366 return; 2367 } else { 2368 /* install pairwise key */ 2369 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2370 return; 2371 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2372 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2373 return; 2374 } 2375 2376 /* TODO create a pass-thru key entry? */ 2377 2378 /* need wcid to delete the right key later */ 2379 k->wk_pad = wcid; 2380} 2381 2382/* 2383 * Don't have to be deferred, but in order to keep order of 2384 * execution, i.e. with run_key_delete(), defer this and let 2385 * run_cmdq_cb() maintain the order. 2386 * 2387 * return 0 on error 2388 */ 2389static int 2390run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2391 const uint8_t mac[IEEE80211_ADDR_LEN]) 2392{ 2393 struct ieee80211com *ic = vap->iv_ic; 2394 struct run_softc *sc = ic->ic_ifp->if_softc; 2395 uint32_t i; 2396 2397 i = RUN_CMDQ_GET(&sc->cmdq_store); 2398 DPRINTF("cmdq_store=%d\n", i); 2399 sc->cmdq[i].func = run_key_set_cb; 2400 sc->cmdq[i].arg0 = NULL; 2401 sc->cmdq[i].arg1 = vap; 2402 sc->cmdq[i].k = k; 2403 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2404 ieee80211_runtask(ic, &sc->cmdq_task); 2405 2406 /* 2407 * To make sure key will be set when hostapd 2408 * calls iv_key_set() before if_init(). 2409 */ 2410 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2411 RUN_LOCK(sc); 2412 sc->cmdq_key_set = RUN_CMDQ_GO; 2413 RUN_UNLOCK(sc); 2414 } 2415 2416 return (1); 2417} 2418 2419/* 2420 * If wlan is destroyed without being brought down i.e. without 2421 * wlan down or wpa_cli terminate, this function is called after 2422 * vap is gone. Don't refer it. 2423 */ 2424static void 2425run_key_delete_cb(void *arg) 2426{ 2427 struct run_cmdq *cmdq = arg; 2428 struct run_softc *sc = cmdq->arg1; 2429 struct ieee80211_key *k = &cmdq->key; 2430 uint32_t attr; 2431 uint8_t wcid; 2432 2433 RUN_LOCK_ASSERT(sc, MA_OWNED); 2434 2435 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2436 /* remove group key */ 2437 DPRINTF("removing group key\n"); 2438 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2439 attr &= ~(0xf << (k->wk_keyix * 4)); 2440 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2441 } else { 2442 /* remove pairwise key */ 2443 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2444 /* matching wcid was written to wk_pad in run_key_set() */ 2445 wcid = k->wk_pad; 2446 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2447 attr &= ~0xf; 2448 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2449 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2450 } 2451 2452 k->wk_pad = 0; 2453} 2454 2455/* 2456 * return 0 on error 2457 */ 2458static int 2459run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2460{ 2461 struct ieee80211com *ic = vap->iv_ic; 2462 struct run_softc *sc = ic->ic_ifp->if_softc; 2463 struct ieee80211_key *k0; 2464 uint32_t i; 2465 2466 /* 2467 * When called back, key might be gone. So, make a copy 2468 * of some values need to delete keys before deferring. 2469 * But, because of LOR with node lock, cannot use lock here. 2470 * So, use atomic instead. 2471 */ 2472 i = RUN_CMDQ_GET(&sc->cmdq_store); 2473 DPRINTF("cmdq_store=%d\n", i); 2474 sc->cmdq[i].func = run_key_delete_cb; 2475 sc->cmdq[i].arg0 = NULL; 2476 sc->cmdq[i].arg1 = sc; 2477 k0 = &sc->cmdq[i].key; 2478 k0->wk_flags = k->wk_flags; 2479 k0->wk_keyix = k->wk_keyix; 2480 /* matching wcid was written to wk_pad in run_key_set() */ 2481 k0->wk_pad = k->wk_pad; 2482 ieee80211_runtask(ic, &sc->cmdq_task); 2483 return (1); /* return fake success */ 2484 2485} 2486 2487static void 2488run_ratectl_to(void *arg) 2489{ 2490 struct run_softc *sc = arg; 2491 2492 /* do it in a process context, so it can go sleep */ 2493 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2494 /* next timeout will be rescheduled in the callback task */ 2495} 2496 2497/* ARGSUSED */ 2498static void 2499run_ratectl_cb(void *arg, int pending) 2500{ 2501 struct run_softc *sc = arg; 2502 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2503 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2504 2505 if (vap == NULL) 2506 return; 2507 2508 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2509 run_iter_func(sc, vap->iv_bss); 2510 else { 2511 /* 2512 * run_reset_livelock() doesn't do anything with AMRR, 2513 * but Ralink wants us to call it every 1 sec. So, we 2514 * piggyback here rather than creating another callout. 2515 * Livelock may occur only in HOSTAP or IBSS mode 2516 * (when h/w is sending beacons). 2517 */ 2518 RUN_LOCK(sc); 2519 run_reset_livelock(sc); 2520 /* just in case, there are some stats to drain */ 2521 run_drain_fifo(sc); 2522 RUN_UNLOCK(sc); 2523 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2524 } 2525 2526 RUN_LOCK(sc); 2527 if(sc->ratectl_run != RUN_RATECTL_OFF) 2528 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2529 RUN_UNLOCK(sc); 2530} 2531 2532static void 2533run_drain_fifo(void *arg) 2534{ 2535 struct run_softc *sc = arg; 2536 struct ifnet *ifp = sc->sc_ifp; 2537 uint32_t stat; 2538 uint16_t (*wstat)[3]; 2539 uint8_t wcid, mcs, pid; 2540 int8_t retry; 2541 2542 RUN_LOCK_ASSERT(sc, MA_OWNED); 2543 2544 for (;;) { 2545 /* drain Tx status FIFO (maxsize = 16) */ 2546 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2547 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2548 if (!(stat & RT2860_TXQ_VLD)) 2549 break; 2550 2551 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2552 2553 /* if no ACK was requested, no feedback is available */ 2554 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2555 wcid == 0) 2556 continue; 2557 2558 /* 2559 * Even though each stat is Tx-complete-status like format, 2560 * the device can poll stats. Because there is no guarantee 2561 * that the referring node is still around when read the stats. 2562 * So that, if we use ieee80211_ratectl_tx_update(), we will 2563 * have hard time not to refer already freed node. 2564 * 2565 * To eliminate such page faults, we poll stats in softc. 2566 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2567 */ 2568 wstat = &(sc->wcid_stats[wcid]); 2569 (*wstat)[RUN_TXCNT]++; 2570 if (stat & RT2860_TXQ_OK) 2571 (*wstat)[RUN_SUCCESS]++; 2572 else 2573 ifp->if_oerrors++; 2574 /* 2575 * Check if there were retries, ie if the Tx success rate is 2576 * different from the requested rate. Note that it works only 2577 * because we do not allow rate fallback from OFDM to CCK. 2578 */ 2579 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2580 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2581 if ((retry = pid -1 - mcs) > 0) { 2582 (*wstat)[RUN_TXCNT] += retry; 2583 (*wstat)[RUN_RETRY] += retry; 2584 } 2585 } 2586 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2587 2588 sc->fifo_cnt = 0; 2589} 2590 2591static void 2592run_iter_func(void *arg, struct ieee80211_node *ni) 2593{ 2594 struct run_softc *sc = arg; 2595 struct ieee80211vap *vap = ni->ni_vap; 2596 struct ieee80211com *ic = ni->ni_ic; 2597 struct ifnet *ifp = ic->ic_ifp; 2598 struct run_node *rn = (void *)ni; 2599 union run_stats sta[2]; 2600 uint16_t (*wstat)[3]; 2601 int txcnt, success, retrycnt, error; 2602 2603 RUN_LOCK(sc); 2604 2605 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2606 vap->iv_opmode == IEEE80211_M_STA)) { 2607 /* read statistic counters (clear on read) and update AMRR state */ 2608 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2609 sizeof sta); 2610 if (error != 0) 2611 goto fail; 2612 2613 /* count failed TX as errors */ 2614 ifp->if_oerrors += le16toh(sta[0].error.fail); 2615 2616 retrycnt = le16toh(sta[1].tx.retry); 2617 success = le16toh(sta[1].tx.success); 2618 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2619 2620 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2621 retrycnt, success, le16toh(sta[0].error.fail)); 2622 } else { 2623 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2624 2625 if (wstat == &(sc->wcid_stats[0]) || 2626 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2627 goto fail; 2628 2629 txcnt = (*wstat)[RUN_TXCNT]; 2630 success = (*wstat)[RUN_SUCCESS]; 2631 retrycnt = (*wstat)[RUN_RETRY]; 2632 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2633 retrycnt, txcnt, success); 2634 2635 memset(wstat, 0, sizeof(*wstat)); 2636 } 2637 2638 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2639 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2640 2641fail: 2642 RUN_UNLOCK(sc); 2643 2644 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2645} 2646 2647static void 2648run_newassoc_cb(void *arg) 2649{ 2650 struct run_cmdq *cmdq = arg; 2651 struct ieee80211_node *ni = cmdq->arg1; 2652 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2653 uint8_t wcid = cmdq->wcid; 2654 2655 RUN_LOCK_ASSERT(sc, MA_OWNED); 2656 2657 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2658 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2659 2660 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2661} 2662 2663static void 2664run_newassoc(struct ieee80211_node *ni, int isnew) 2665{ 2666 struct run_node *rn = (void *)ni; 2667 struct ieee80211_rateset *rs = &ni->ni_rates; 2668 struct ieee80211vap *vap = ni->ni_vap; 2669 struct ieee80211com *ic = vap->iv_ic; 2670 struct run_softc *sc = ic->ic_ifp->if_softc; 2671 uint8_t rate; 2672 uint8_t ridx; 2673 uint8_t wcid; 2674 int i, j; 2675 2676 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2677 1 : RUN_AID2WCID(ni->ni_associd); 2678 2679 if (wcid > RT2870_WCID_MAX) { 2680 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2681 return; 2682 } 2683 2684 /* only interested in true associations */ 2685 if (isnew && ni->ni_associd != 0) { 2686 2687 /* 2688 * This function could is called though timeout function. 2689 * Need to defer. 2690 */ 2691 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2692 DPRINTF("cmdq_store=%d\n", cnt); 2693 sc->cmdq[cnt].func = run_newassoc_cb; 2694 sc->cmdq[cnt].arg0 = NULL; 2695 sc->cmdq[cnt].arg1 = ni; 2696 sc->cmdq[cnt].wcid = wcid; 2697 ieee80211_runtask(ic, &sc->cmdq_task); 2698 } 2699 2700 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2701 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2702 2703 for (i = 0; i < rs->rs_nrates; i++) { 2704 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2705 /* convert 802.11 rate to hardware rate index */ 2706 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2707 if (rt2860_rates[ridx].rate == rate) 2708 break; 2709 rn->ridx[i] = ridx; 2710 /* determine rate of control response frames */ 2711 for (j = i; j >= 0; j--) { 2712 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2713 rt2860_rates[rn->ridx[i]].phy == 2714 rt2860_rates[rn->ridx[j]].phy) 2715 break; 2716 } 2717 if (j >= 0) { 2718 rn->ctl_ridx[i] = rn->ridx[j]; 2719 } else { 2720 /* no basic rate found, use mandatory one */ 2721 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2722 } 2723 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2724 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2725 } 2726 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2727 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2728 if (rt2860_rates[ridx].rate == rate) 2729 break; 2730 rn->mgt_ridx = ridx; 2731 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2732 2733 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2734} 2735 2736/* 2737 * Return the Rx chain with the highest RSSI for a given frame. 2738 */ 2739static __inline uint8_t 2740run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2741{ 2742 uint8_t rxchain = 0; 2743 2744 if (sc->nrxchains > 1) { 2745 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2746 rxchain = 1; 2747 if (sc->nrxchains > 2) 2748 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2749 rxchain = 2; 2750 } 2751 return (rxchain); 2752} 2753 2754static void 2755run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2756{ 2757 struct ifnet *ifp = sc->sc_ifp; 2758 struct ieee80211com *ic = ifp->if_l2com; 2759 struct ieee80211_frame *wh; 2760 struct ieee80211_node *ni; 2761 struct rt2870_rxd *rxd; 2762 struct rt2860_rxwi *rxwi; 2763 uint32_t flags; 2764 uint16_t len, rxwisize; 2765 uint8_t ant, rssi; 2766 int8_t nf; 2767 2768 rxwi = mtod(m, struct rt2860_rxwi *); 2769 len = le16toh(rxwi->len) & 0xfff; 2770 rxwisize = sizeof(struct rt2860_rxwi); 2771 if (sc->mac_ver == 0x5592) 2772 rxwisize += sizeof(uint64_t); 2773 else if (sc->mac_ver == 0x3593) 2774 rxwisize += sizeof(uint32_t); 2775 if (__predict_false(len > dmalen)) { 2776 m_freem(m); 2777 ifp->if_ierrors++; 2778 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2779 return; 2780 } 2781 /* Rx descriptor is located at the end */ 2782 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2783 flags = le32toh(rxd->flags); 2784 2785 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2786 m_freem(m); 2787 ifp->if_ierrors++; 2788 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2789 return; 2790 } 2791 2792 m->m_data += rxwisize; 2793 m->m_pkthdr.len = m->m_len -= rxwisize; 2794 2795 wh = mtod(m, struct ieee80211_frame *); 2796 2797 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2798 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2799 m->m_flags |= M_WEP; 2800 } 2801 2802 if (flags & RT2860_RX_L2PAD) { 2803 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2804 len += 2; 2805 } 2806 2807 ni = ieee80211_find_rxnode(ic, 2808 mtod(m, struct ieee80211_frame_min *)); 2809 2810 if (__predict_false(flags & RT2860_RX_MICERR)) { 2811 /* report MIC failures to net80211 for TKIP */ 2812 if (ni != NULL) 2813 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2814 rxwi->keyidx); 2815 m_freem(m); 2816 ifp->if_ierrors++; 2817 DPRINTF("MIC error. Someone is lying.\n"); 2818 return; 2819 } 2820 2821 ant = run_maxrssi_chain(sc, rxwi); 2822 rssi = rxwi->rssi[ant]; 2823 nf = run_rssi2dbm(sc, rssi, ant); 2824 2825 m->m_pkthdr.rcvif = ifp; 2826 m->m_pkthdr.len = m->m_len = len; 2827 2828 if (ni != NULL) { 2829 (void)ieee80211_input(ni, m, rssi, nf); 2830 ieee80211_free_node(ni); 2831 } else { 2832 (void)ieee80211_input_all(ic, m, rssi, nf); 2833 } 2834 2835 if (__predict_false(ieee80211_radiotap_active(ic))) { 2836 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2837 uint16_t phy; 2838 2839 tap->wr_flags = 0; 2840 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2841 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2842 tap->wr_antsignal = rssi; 2843 tap->wr_antenna = ant; 2844 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2845 tap->wr_rate = 2; /* in case it can't be found below */ 2846 phy = le16toh(rxwi->phy); 2847 switch (phy & RT2860_PHY_MODE) { 2848 case RT2860_PHY_CCK: 2849 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2850 case 0: tap->wr_rate = 2; break; 2851 case 1: tap->wr_rate = 4; break; 2852 case 2: tap->wr_rate = 11; break; 2853 case 3: tap->wr_rate = 22; break; 2854 } 2855 if (phy & RT2860_PHY_SHPRE) 2856 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2857 break; 2858 case RT2860_PHY_OFDM: 2859 switch (phy & RT2860_PHY_MCS) { 2860 case 0: tap->wr_rate = 12; break; 2861 case 1: tap->wr_rate = 18; break; 2862 case 2: tap->wr_rate = 24; break; 2863 case 3: tap->wr_rate = 36; break; 2864 case 4: tap->wr_rate = 48; break; 2865 case 5: tap->wr_rate = 72; break; 2866 case 6: tap->wr_rate = 96; break; 2867 case 7: tap->wr_rate = 108; break; 2868 } 2869 break; 2870 } 2871 } 2872} 2873 2874static void 2875run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2876{ 2877 struct run_softc *sc = usbd_xfer_softc(xfer); 2878 struct ifnet *ifp = sc->sc_ifp; 2879 struct mbuf *m = NULL; 2880 struct mbuf *m0; 2881 uint32_t dmalen; 2882 uint16_t rxwisize; 2883 int xferlen; 2884 2885 rxwisize = sizeof(struct rt2860_rxwi); 2886 if (sc->mac_ver == 0x5592) 2887 rxwisize += sizeof(uint64_t); 2888 else if (sc->mac_ver == 0x3593) 2889 rxwisize += sizeof(uint32_t); 2890 2891 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2892 2893 switch (USB_GET_STATE(xfer)) { 2894 case USB_ST_TRANSFERRED: 2895 2896 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2897 2898 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2899 sizeof(struct rt2870_rxd))) { 2900 DPRINTF("xfer too short %d\n", xferlen); 2901 goto tr_setup; 2902 } 2903 2904 m = sc->rx_m; 2905 sc->rx_m = NULL; 2906 2907 /* FALLTHROUGH */ 2908 case USB_ST_SETUP: 2909tr_setup: 2910 if (sc->rx_m == NULL) { 2911 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2912 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2913 } 2914 if (sc->rx_m == NULL) { 2915 DPRINTF("could not allocate mbuf - idle with stall\n"); 2916 ifp->if_ierrors++; 2917 usbd_xfer_set_stall(xfer); 2918 usbd_xfer_set_frames(xfer, 0); 2919 } else { 2920 /* 2921 * Directly loading a mbuf cluster into DMA to 2922 * save some data copying. This works because 2923 * there is only one cluster. 2924 */ 2925 usbd_xfer_set_frame_data(xfer, 0, 2926 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2927 usbd_xfer_set_frames(xfer, 1); 2928 } 2929 usbd_transfer_submit(xfer); 2930 break; 2931 2932 default: /* Error */ 2933 if (error != USB_ERR_CANCELLED) { 2934 /* try to clear stall first */ 2935 usbd_xfer_set_stall(xfer); 2936 2937 if (error == USB_ERR_TIMEOUT) 2938 device_printf(sc->sc_dev, "device timeout\n"); 2939 2940 ifp->if_ierrors++; 2941 2942 goto tr_setup; 2943 } 2944 if (sc->rx_m != NULL) { 2945 m_freem(sc->rx_m); 2946 sc->rx_m = NULL; 2947 } 2948 break; 2949 } 2950 2951 if (m == NULL) 2952 return; 2953 2954 /* inputting all the frames must be last */ 2955 2956 RUN_UNLOCK(sc); 2957 2958 m->m_pkthdr.len = m->m_len = xferlen; 2959 2960 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2961 for(;;) { 2962 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2963 2964 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2965 ((dmalen & 3) != 0)) { 2966 DPRINTF("bad DMA length %u\n", dmalen); 2967 break; 2968 } 2969 if ((dmalen + 8) > (uint32_t)xferlen) { 2970 DPRINTF("bad DMA length %u > %d\n", 2971 dmalen + 8, xferlen); 2972 break; 2973 } 2974 2975 /* If it is the last one or a single frame, we won't copy. */ 2976 if ((xferlen -= dmalen + 8) <= 8) { 2977 /* trim 32-bit DMA-len header */ 2978 m->m_data += 4; 2979 m->m_pkthdr.len = m->m_len -= 4; 2980 run_rx_frame(sc, m, dmalen); 2981 m = NULL; /* don't free source buffer */ 2982 break; 2983 } 2984 2985 /* copy aggregated frames to another mbuf */ 2986 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2987 if (__predict_false(m0 == NULL)) { 2988 DPRINTF("could not allocate mbuf\n"); 2989 ifp->if_ierrors++; 2990 break; 2991 } 2992 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2993 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2994 m0->m_pkthdr.len = m0->m_len = 2995 dmalen + sizeof(struct rt2870_rxd); 2996 run_rx_frame(sc, m0, dmalen); 2997 2998 /* update data ptr */ 2999 m->m_data += dmalen + 8; 3000 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3001 } 3002 3003 /* make sure we free the source buffer, if any */ 3004 m_freem(m); 3005 3006 RUN_LOCK(sc); 3007} 3008 3009static void 3010run_tx_free(struct run_endpoint_queue *pq, 3011 struct run_tx_data *data, int txerr) 3012{ 3013 if (data->m != NULL) { 3014 if (data->m->m_flags & M_TXCB) 3015 ieee80211_process_callback(data->ni, data->m, 3016 txerr ? ETIMEDOUT : 0); 3017 m_freem(data->m); 3018 data->m = NULL; 3019 3020 if (data->ni == NULL) { 3021 DPRINTF("no node\n"); 3022 } else { 3023 ieee80211_free_node(data->ni); 3024 data->ni = NULL; 3025 } 3026 } 3027 3028 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3029 pq->tx_nfree++; 3030} 3031 3032static void 3033run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3034{ 3035 struct run_softc *sc = usbd_xfer_softc(xfer); 3036 struct ifnet *ifp = sc->sc_ifp; 3037 struct ieee80211com *ic = ifp->if_l2com; 3038 struct run_tx_data *data; 3039 struct ieee80211vap *vap = NULL; 3040 struct usb_page_cache *pc; 3041 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3042 struct mbuf *m; 3043 usb_frlength_t size; 3044 int actlen; 3045 int sumlen; 3046 3047 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3048 3049 switch (USB_GET_STATE(xfer)) { 3050 case USB_ST_TRANSFERRED: 3051 DPRINTFN(11, "transfer complete: %d " 3052 "bytes @ index %d\n", actlen, index); 3053 3054 data = usbd_xfer_get_priv(xfer); 3055 3056 run_tx_free(pq, data, 0); 3057 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 3058 3059 usbd_xfer_set_priv(xfer, NULL); 3060 3061 ifp->if_opackets++; 3062 3063 /* FALLTHROUGH */ 3064 case USB_ST_SETUP: 3065tr_setup: 3066 data = STAILQ_FIRST(&pq->tx_qh); 3067 if (data == NULL) 3068 break; 3069 3070 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3071 3072 m = data->m; 3073 size = (sc->mac_ver == 0x5592) ? 3074 RUN_MAX_TXSZ + sizeof(uint32_t) : RUN_MAX_TXSZ; 3075 if ((m->m_pkthdr.len + 3076 sizeof(data->desc) + 3 + 8) > size) { 3077 DPRINTF("data overflow, %u bytes\n", 3078 m->m_pkthdr.len); 3079 3080 ifp->if_oerrors++; 3081 3082 run_tx_free(pq, data, 1); 3083 3084 goto tr_setup; 3085 } 3086 3087 pc = usbd_xfer_get_frame(xfer, 0); 3088 size = (sc->mac_ver == 0x5592) ? 3089 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3090 usbd_copy_in(pc, 0, &data->desc, size); 3091 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3092 size += m->m_pkthdr.len; 3093 /* 3094 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3095 * 4-byte padding), and be sure to zero those trailing 3096 * bytes: 3097 */ 3098 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3099 size += ((-size) & 3) + 8; 3100 3101 vap = data->ni->ni_vap; 3102 if (ieee80211_radiotap_active_vap(vap)) { 3103 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3104 struct rt2860_txwi *txwi = 3105 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3106 tap->wt_flags = 0; 3107 tap->wt_rate = rt2860_rates[data->ridx].rate; 3108 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3109 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3110 tap->wt_hwqueue = index; 3111 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3112 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3113 3114 ieee80211_radiotap_tx(vap, m); 3115 } 3116 3117 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3118 m->m_pkthdr.len, size, index); 3119 3120 usbd_xfer_set_frame_len(xfer, 0, size); 3121 usbd_xfer_set_priv(xfer, data); 3122 3123 usbd_transfer_submit(xfer); 3124 3125 RUN_UNLOCK(sc); 3126 run_start(ifp); 3127 RUN_LOCK(sc); 3128 3129 break; 3130 3131 default: 3132 DPRINTF("USB transfer error, %s\n", 3133 usbd_errstr(error)); 3134 3135 data = usbd_xfer_get_priv(xfer); 3136 3137 ifp->if_oerrors++; 3138 3139 if (data != NULL) { 3140 if(data->ni != NULL) 3141 vap = data->ni->ni_vap; 3142 run_tx_free(pq, data, error); 3143 usbd_xfer_set_priv(xfer, NULL); 3144 } 3145 if (vap == NULL) 3146 vap = TAILQ_FIRST(&ic->ic_vaps); 3147 3148 if (error != USB_ERR_CANCELLED) { 3149 if (error == USB_ERR_TIMEOUT) { 3150 device_printf(sc->sc_dev, "device timeout\n"); 3151 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3152 DPRINTF("cmdq_store=%d\n", i); 3153 sc->cmdq[i].func = run_usb_timeout_cb; 3154 sc->cmdq[i].arg0 = vap; 3155 ieee80211_runtask(ic, &sc->cmdq_task); 3156 } 3157 3158 /* 3159 * Try to clear stall first, also if other 3160 * errors occur, hence clearing stall 3161 * introduces a 50 ms delay: 3162 */ 3163 usbd_xfer_set_stall(xfer); 3164 goto tr_setup; 3165 } 3166 break; 3167 } 3168} 3169 3170static void 3171run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3172{ 3173 run_bulk_tx_callbackN(xfer, error, 0); 3174} 3175 3176static void 3177run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3178{ 3179 run_bulk_tx_callbackN(xfer, error, 1); 3180} 3181 3182static void 3183run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3184{ 3185 run_bulk_tx_callbackN(xfer, error, 2); 3186} 3187 3188static void 3189run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3190{ 3191 run_bulk_tx_callbackN(xfer, error, 3); 3192} 3193 3194static void 3195run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3196{ 3197 run_bulk_tx_callbackN(xfer, error, 4); 3198} 3199 3200static void 3201run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3202{ 3203 run_bulk_tx_callbackN(xfer, error, 5); 3204} 3205 3206static void 3207run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3208{ 3209 struct mbuf *m = data->m; 3210 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3211 struct ieee80211vap *vap = data->ni->ni_vap; 3212 struct ieee80211_frame *wh; 3213 struct rt2870_txd *txd; 3214 struct rt2860_txwi *txwi; 3215 uint16_t xferlen, txwisize; 3216 uint16_t mcs; 3217 uint8_t ridx = data->ridx; 3218 uint8_t pad; 3219 3220 /* get MCS code from rate index */ 3221 mcs = rt2860_rates[ridx].mcs; 3222 3223 txwisize = (sc->mac_ver == 0x5592) ? 3224 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3225 xferlen = txwisize + m->m_pkthdr.len; 3226 3227 /* roundup to 32-bit alignment */ 3228 xferlen = (xferlen + 3) & ~3; 3229 3230 txd = (struct rt2870_txd *)&data->desc; 3231 txd->len = htole16(xferlen); 3232 3233 wh = mtod(m, struct ieee80211_frame *); 3234 3235 /* 3236 * Ether both are true or both are false, the header 3237 * are nicely aligned to 32-bit. So, no L2 padding. 3238 */ 3239 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3240 pad = 0; 3241 else 3242 pad = 2; 3243 3244 /* setup TX Wireless Information */ 3245 txwi = (struct rt2860_txwi *)(txd + 1); 3246 txwi->len = htole16(m->m_pkthdr.len - pad); 3247 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3248 txwi->phy = htole16(RT2860_PHY_CCK); 3249 if (ridx != RT2860_RIDX_CCK1 && 3250 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3251 mcs |= RT2860_PHY_SHPRE; 3252 } else 3253 txwi->phy = htole16(RT2860_PHY_OFDM); 3254 txwi->phy |= htole16(mcs); 3255 3256 /* check if RTS/CTS or CTS-to-self protection is required */ 3257 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3258 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3259 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3260 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3261 txwi->txop |= RT2860_TX_TXOP_HT; 3262 else 3263 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3264 3265 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3266 txwi->xflags |= RT2860_TX_NSEQ; 3267} 3268 3269/* This function must be called locked */ 3270static int 3271run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3272{ 3273 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3274 struct ieee80211vap *vap = ni->ni_vap; 3275 struct ieee80211_frame *wh; 3276 struct ieee80211_channel *chan; 3277 const struct ieee80211_txparam *tp; 3278 struct run_node *rn = (void *)ni; 3279 struct run_tx_data *data; 3280 struct rt2870_txd *txd; 3281 struct rt2860_txwi *txwi; 3282 uint16_t qos; 3283 uint16_t dur; 3284 uint16_t qid; 3285 uint8_t type; 3286 uint8_t tid; 3287 uint8_t ridx; 3288 uint8_t ctl_ridx; 3289 uint8_t qflags; 3290 uint8_t xflags = 0; 3291 int hasqos; 3292 3293 RUN_LOCK_ASSERT(sc, MA_OWNED); 3294 3295 wh = mtod(m, struct ieee80211_frame *); 3296 3297 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3298 3299 /* 3300 * There are 7 bulk endpoints: 1 for RX 3301 * and 6 for TX (4 EDCAs + HCCA + Prio). 3302 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3303 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3304 */ 3305 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3306 uint8_t *frm; 3307 3308 if(IEEE80211_HAS_ADDR4(wh)) 3309 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3310 else 3311 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3312 3313 qos = le16toh(*(const uint16_t *)frm); 3314 tid = qos & IEEE80211_QOS_TID; 3315 qid = TID_TO_WME_AC(tid); 3316 } else { 3317 qos = 0; 3318 tid = 0; 3319 qid = WME_AC_BE; 3320 } 3321 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3322 3323 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3324 qos, qid, tid, qflags); 3325 3326 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3327 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3328 3329 /* pickup a rate index */ 3330 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3331 type != IEEE80211_FC0_TYPE_DATA) { 3332 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3333 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3334 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3335 } else { 3336 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3337 ridx = rn->fix_ridx; 3338 else 3339 ridx = rn->amrr_ridx; 3340 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3341 } 3342 3343 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3344 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3345 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3346 xflags |= RT2860_TX_ACK; 3347 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3348 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3349 else 3350 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3351 USETW(wh->i_dur, dur); 3352 } 3353 3354 /* reserve slots for mgmt packets, just in case */ 3355 if (sc->sc_epq[qid].tx_nfree < 3) { 3356 DPRINTFN(10, "tx ring %d is full\n", qid); 3357 return (-1); 3358 } 3359 3360 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3361 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3362 sc->sc_epq[qid].tx_nfree--; 3363 3364 txd = (struct rt2870_txd *)&data->desc; 3365 txd->flags = qflags; 3366 txwi = (struct rt2860_txwi *)(txd + 1); 3367 txwi->xflags = xflags; 3368 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3369 txwi->wcid = 0; 3370 else 3371 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3372 1 : RUN_AID2WCID(ni->ni_associd); 3373 3374 /* clear leftover garbage bits */ 3375 txwi->flags = 0; 3376 txwi->txop = 0; 3377 3378 data->m = m; 3379 data->ni = ni; 3380 data->ridx = ridx; 3381 3382 run_set_tx_desc(sc, data); 3383 3384 /* 3385 * The chip keeps track of 2 kind of Tx stats, 3386 * * TX_STAT_FIFO, for per WCID stats, and 3387 * * TX_STA_CNT0 for all-TX-in-one stats. 3388 * 3389 * To use FIFO stats, we need to store MCS into the driver-private 3390 * PacketID field. So that, we can tell whose stats when we read them. 3391 * We add 1 to the MCS because setting the PacketID field to 0 means 3392 * that we don't want feedback in TX_STAT_FIFO. 3393 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3394 * 3395 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3396 */ 3397 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3398 vap->iv_opmode == IEEE80211_M_MBSS) { 3399 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3400 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3401 3402 /* 3403 * Unlike PCI based devices, we don't get any interrupt from 3404 * USB devices, so we simulate FIFO-is-full interrupt here. 3405 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3406 * quickly get fulled. To prevent overflow, increment a counter on 3407 * every FIFO stat request, so we know how many slots are left. 3408 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3409 * are used only in those modes. 3410 * We just drain stats. AMRR gets updated every 1 sec by 3411 * run_ratectl_cb() via callout. 3412 * Call it early. Otherwise overflow. 3413 */ 3414 if (sc->fifo_cnt++ == 10) { 3415 /* 3416 * With multiple vaps or if_bridge, if_start() is called 3417 * with a non-sleepable lock, tcpinp. So, need to defer. 3418 */ 3419 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3420 DPRINTFN(6, "cmdq_store=%d\n", i); 3421 sc->cmdq[i].func = run_drain_fifo; 3422 sc->cmdq[i].arg0 = sc; 3423 ieee80211_runtask(ic, &sc->cmdq_task); 3424 } 3425 } 3426 3427 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3428 3429 usbd_transfer_start(sc->sc_xfer[qid]); 3430 3431 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3432 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3433 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3434 3435 return (0); 3436} 3437 3438static int 3439run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3440{ 3441 struct ifnet *ifp = sc->sc_ifp; 3442 struct ieee80211com *ic = ifp->if_l2com; 3443 struct run_node *rn = (void *)ni; 3444 struct run_tx_data *data; 3445 struct ieee80211_frame *wh; 3446 struct rt2870_txd *txd; 3447 struct rt2860_txwi *txwi; 3448 uint16_t dur; 3449 uint8_t ridx = rn->mgt_ridx; 3450 uint8_t type; 3451 uint8_t xflags = 0; 3452 uint8_t wflags = 0; 3453 3454 RUN_LOCK_ASSERT(sc, MA_OWNED); 3455 3456 wh = mtod(m, struct ieee80211_frame *); 3457 3458 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3459 3460 /* tell hardware to add timestamp for probe responses */ 3461 if ((wh->i_fc[0] & 3462 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3463 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3464 wflags |= RT2860_TX_TS; 3465 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3466 xflags |= RT2860_TX_ACK; 3467 3468 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3469 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3470 USETW(wh->i_dur, dur); 3471 } 3472 3473 if (sc->sc_epq[0].tx_nfree == 0) { 3474 /* let caller free mbuf */ 3475 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3476 return (EIO); 3477 } 3478 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3479 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3480 sc->sc_epq[0].tx_nfree--; 3481 3482 txd = (struct rt2870_txd *)&data->desc; 3483 txd->flags = RT2860_TX_QSEL_EDCA; 3484 txwi = (struct rt2860_txwi *)(txd + 1); 3485 txwi->wcid = 0xff; 3486 txwi->flags = wflags; 3487 txwi->xflags = xflags; 3488 txwi->txop = 0; /* clear leftover garbage bits */ 3489 3490 data->m = m; 3491 data->ni = ni; 3492 data->ridx = ridx; 3493 3494 run_set_tx_desc(sc, data); 3495 3496 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3497 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3498 rt2860_rates[ridx].rate); 3499 3500 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3501 3502 usbd_transfer_start(sc->sc_xfer[0]); 3503 3504 return (0); 3505} 3506 3507static int 3508run_sendprot(struct run_softc *sc, 3509 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3510{ 3511 struct ieee80211com *ic = ni->ni_ic; 3512 struct ieee80211_frame *wh; 3513 struct run_tx_data *data; 3514 struct rt2870_txd *txd; 3515 struct rt2860_txwi *txwi; 3516 struct mbuf *mprot; 3517 int ridx; 3518 int protrate; 3519 int ackrate; 3520 int pktlen; 3521 int isshort; 3522 uint16_t dur; 3523 uint8_t type; 3524 uint8_t wflags = 0; 3525 uint8_t xflags = 0; 3526 3527 RUN_LOCK_ASSERT(sc, MA_OWNED); 3528 3529 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3530 ("protection %d", prot)); 3531 3532 wh = mtod(m, struct ieee80211_frame *); 3533 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3534 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3535 3536 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3537 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3538 3539 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3540 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3541 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3542 wflags = RT2860_TX_FRAG; 3543 3544 /* check that there are free slots before allocating the mbuf */ 3545 if (sc->sc_epq[0].tx_nfree == 0) { 3546 /* let caller free mbuf */ 3547 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3548 return (ENOBUFS); 3549 } 3550 3551 if (prot == IEEE80211_PROT_RTSCTS) { 3552 /* NB: CTS is the same size as an ACK */ 3553 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3554 xflags |= RT2860_TX_ACK; 3555 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3556 } else { 3557 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3558 } 3559 if (mprot == NULL) { 3560 sc->sc_ifp->if_oerrors++; 3561 DPRINTF("could not allocate mbuf\n"); 3562 return (ENOBUFS); 3563 } 3564 3565 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3566 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3567 sc->sc_epq[0].tx_nfree--; 3568 3569 txd = (struct rt2870_txd *)&data->desc; 3570 txd->flags = RT2860_TX_QSEL_EDCA; 3571 txwi = (struct rt2860_txwi *)(txd + 1); 3572 txwi->wcid = 0xff; 3573 txwi->flags = wflags; 3574 txwi->xflags = xflags; 3575 txwi->txop = 0; /* clear leftover garbage bits */ 3576 3577 data->m = mprot; 3578 data->ni = ieee80211_ref_node(ni); 3579 3580 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3581 if (rt2860_rates[ridx].rate == protrate) 3582 break; 3583 data->ridx = ridx; 3584 3585 run_set_tx_desc(sc, data); 3586 3587 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3588 m->m_pkthdr.len, rate); 3589 3590 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3591 3592 usbd_transfer_start(sc->sc_xfer[0]); 3593 3594 return (0); 3595} 3596 3597static int 3598run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3599 const struct ieee80211_bpf_params *params) 3600{ 3601 struct ieee80211com *ic = ni->ni_ic; 3602 struct ieee80211_frame *wh; 3603 struct run_tx_data *data; 3604 struct rt2870_txd *txd; 3605 struct rt2860_txwi *txwi; 3606 uint8_t type; 3607 uint8_t ridx; 3608 uint8_t rate; 3609 uint8_t opflags = 0; 3610 uint8_t xflags = 0; 3611 int error; 3612 3613 RUN_LOCK_ASSERT(sc, MA_OWNED); 3614 3615 KASSERT(params != NULL, ("no raw xmit params")); 3616 3617 wh = mtod(m, struct ieee80211_frame *); 3618 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3619 3620 rate = params->ibp_rate0; 3621 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3622 /* let caller free mbuf */ 3623 return (EINVAL); 3624 } 3625 3626 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3627 xflags |= RT2860_TX_ACK; 3628 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3629 error = run_sendprot(sc, m, ni, 3630 params->ibp_flags & IEEE80211_BPF_RTS ? 3631 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3632 rate); 3633 if (error) { 3634 /* let caller free mbuf */ 3635 return error; 3636 } 3637 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3638 } 3639 3640 if (sc->sc_epq[0].tx_nfree == 0) { 3641 /* let caller free mbuf */ 3642 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3643 DPRINTF("sending raw frame, but tx ring is full\n"); 3644 return (EIO); 3645 } 3646 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3647 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3648 sc->sc_epq[0].tx_nfree--; 3649 3650 txd = (struct rt2870_txd *)&data->desc; 3651 txd->flags = RT2860_TX_QSEL_EDCA; 3652 txwi = (struct rt2860_txwi *)(txd + 1); 3653 txwi->wcid = 0xff; 3654 txwi->xflags = xflags; 3655 txwi->txop = opflags; 3656 txwi->flags = 0; /* clear leftover garbage bits */ 3657 3658 data->m = m; 3659 data->ni = ni; 3660 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3661 if (rt2860_rates[ridx].rate == rate) 3662 break; 3663 data->ridx = ridx; 3664 3665 run_set_tx_desc(sc, data); 3666 3667 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3668 m->m_pkthdr.len, rate); 3669 3670 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3671 3672 usbd_transfer_start(sc->sc_xfer[0]); 3673 3674 return (0); 3675} 3676 3677static int 3678run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3679 const struct ieee80211_bpf_params *params) 3680{ 3681 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3682 struct run_softc *sc = ifp->if_softc; 3683 int error = 0; 3684 3685 RUN_LOCK(sc); 3686 3687 /* prevent management frames from being sent if we're not ready */ 3688 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3689 error = ENETDOWN; 3690 goto done; 3691 } 3692 3693 if (params == NULL) { 3694 /* tx mgt packet */ 3695 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3696 ifp->if_oerrors++; 3697 DPRINTF("mgt tx failed\n"); 3698 goto done; 3699 } 3700 } else { 3701 /* tx raw packet with param */ 3702 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3703 ifp->if_oerrors++; 3704 DPRINTF("tx with param failed\n"); 3705 goto done; 3706 } 3707 } 3708 3709 ifp->if_opackets++; 3710 3711done: 3712 RUN_UNLOCK(sc); 3713 3714 if (error != 0) { 3715 if(m != NULL) 3716 m_freem(m); 3717 ieee80211_free_node(ni); 3718 } 3719 3720 return (error); 3721} 3722 3723static void 3724run_start(struct ifnet *ifp) 3725{ 3726 struct run_softc *sc = ifp->if_softc; 3727 struct ieee80211_node *ni; 3728 struct mbuf *m; 3729 3730 RUN_LOCK(sc); 3731 3732 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3733 RUN_UNLOCK(sc); 3734 return; 3735 } 3736 3737 for (;;) { 3738 /* send data frames */ 3739 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3740 if (m == NULL) 3741 break; 3742 3743 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3744 if (run_tx(sc, m, ni) != 0) { 3745 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3746 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3747 break; 3748 } 3749 } 3750 3751 RUN_UNLOCK(sc); 3752} 3753 3754static int 3755run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3756{ 3757 struct run_softc *sc = ifp->if_softc; 3758 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3759 struct ifreq *ifr = (struct ifreq *) data; 3760 int startall = 0; 3761 int error; 3762 3763 RUN_LOCK(sc); 3764 error = sc->sc_detached ? ENXIO : 0; 3765 RUN_UNLOCK(sc); 3766 if (error) 3767 return (error); 3768 3769 switch (cmd) { 3770 case SIOCSIFFLAGS: 3771 RUN_LOCK(sc); 3772 if (ifp->if_flags & IFF_UP) { 3773 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3774 startall = 1; 3775 run_init_locked(sc); 3776 } else 3777 run_update_promisc_locked(ifp); 3778 } else { 3779 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3780 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3781 run_stop(sc); 3782 } 3783 } 3784 RUN_UNLOCK(sc); 3785 if (startall) 3786 ieee80211_start_all(ic); 3787 break; 3788 case SIOCGIFMEDIA: 3789 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3790 break; 3791 case SIOCGIFADDR: 3792 error = ether_ioctl(ifp, cmd, data); 3793 break; 3794 default: 3795 error = EINVAL; 3796 break; 3797 } 3798 3799 return (error); 3800} 3801 3802static void 3803run_iq_calib(struct run_softc *sc, u_int chan) 3804{ 3805 uint16_t val; 3806 3807 /* Tx0 IQ gain. */ 3808 run_bbp_write(sc, 158, 0x2c); 3809 if (chan <= 14) 3810 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3811 else if (chan <= 64) { 3812 run_efuse_read(sc, 3813 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3814 &val, 1); 3815 } else if (chan <= 138) { 3816 run_efuse_read(sc, 3817 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3818 &val, 1); 3819 } else if (chan <= 165) { 3820 run_efuse_read(sc, 3821 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3822 &val, 1); 3823 } else 3824 val = 0; 3825 run_bbp_write(sc, 159, val); 3826 3827 /* Tx0 IQ phase. */ 3828 run_bbp_write(sc, 158, 0x2d); 3829 if (chan <= 14) { 3830 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3831 &val, 1); 3832 } else if (chan <= 64) { 3833 run_efuse_read(sc, 3834 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3835 &val, 1); 3836 } else if (chan <= 138) { 3837 run_efuse_read(sc, 3838 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3839 &val, 1); 3840 } else if (chan <= 165) { 3841 run_efuse_read(sc, 3842 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3843 &val, 1); 3844 } else 3845 val = 0; 3846 run_bbp_write(sc, 159, val); 3847 3848 /* Tx1 IQ gain. */ 3849 run_bbp_write(sc, 158, 0x4a); 3850 if (chan <= 14) { 3851 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3852 &val, 1); 3853 } else if (chan <= 64) { 3854 run_efuse_read(sc, 3855 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3856 &val, 1); 3857 } else if (chan <= 138) { 3858 run_efuse_read(sc, 3859 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3860 &val, 1); 3861 } else if (chan <= 165) { 3862 run_efuse_read(sc, 3863 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3864 &val, 1); 3865 } else 3866 val = 0; 3867 run_bbp_write(sc, 159, val); 3868 3869 /* Tx1 IQ phase. */ 3870 run_bbp_write(sc, 158, 0x4b); 3871 if (chan <= 14) { 3872 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3873 &val, 1); 3874 } else if (chan <= 64) { 3875 run_efuse_read(sc, 3876 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3877 &val, 1); 3878 } else if (chan <= 138) { 3879 run_efuse_read(sc, 3880 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3881 &val, 1); 3882 } else if (chan <= 165) { 3883 run_efuse_read(sc, 3884 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3885 &val, 1); 3886 } else 3887 val = 0; 3888 run_bbp_write(sc, 159, val); 3889 3890 /* RF IQ compensation control. */ 3891 run_bbp_write(sc, 158, 0x04); 3892 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3893 &val, 1); 3894 run_bbp_write(sc, 159, val); 3895 3896 /* RF IQ imbalance compensation control. */ 3897 run_bbp_write(sc, 158, 0x03); 3898 run_efuse_read(sc, 3899 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3900 run_bbp_write(sc, 159, val); 3901} 3902 3903static void 3904run_set_agc(struct run_softc *sc, uint8_t agc) 3905{ 3906 uint8_t bbp; 3907 3908 if (sc->mac_ver == 0x3572) { 3909 run_bbp_read(sc, 27, &bbp); 3910 bbp &= ~(0x3 << 5); 3911 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3912 run_bbp_write(sc, 66, agc); 3913 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3914 run_bbp_write(sc, 66, agc); 3915 } else 3916 run_bbp_write(sc, 66, agc); 3917} 3918 3919static void 3920run_select_chan_group(struct run_softc *sc, int group) 3921{ 3922 uint32_t tmp; 3923 uint8_t agc; 3924 3925 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3926 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3927 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3928 if (sc->mac_ver < 0x3572) 3929 run_bbp_write(sc, 86, 0x00); 3930 3931 if (sc->mac_ver == 0x3593) { 3932 run_bbp_write(sc, 77, 0x98); 3933 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3934 } 3935 3936 if (group == 0) { 3937 if (sc->ext_2ghz_lna) { 3938 if (sc->mac_ver >= 0x5390) 3939 run_bbp_write(sc, 75, 0x52); 3940 else { 3941 run_bbp_write(sc, 82, 0x62); 3942 run_bbp_write(sc, 75, 0x46); 3943 } 3944 } else { 3945 if (sc->mac_ver == 0x5592) { 3946 run_bbp_write(sc, 79, 0x1c); 3947 run_bbp_write(sc, 80, 0x0e); 3948 run_bbp_write(sc, 81, 0x3a); 3949 run_bbp_write(sc, 82, 0x62); 3950 3951 run_bbp_write(sc, 195, 0x80); 3952 run_bbp_write(sc, 196, 0xe0); 3953 run_bbp_write(sc, 195, 0x81); 3954 run_bbp_write(sc, 196, 0x1f); 3955 run_bbp_write(sc, 195, 0x82); 3956 run_bbp_write(sc, 196, 0x38); 3957 run_bbp_write(sc, 195, 0x83); 3958 run_bbp_write(sc, 196, 0x32); 3959 run_bbp_write(sc, 195, 0x85); 3960 run_bbp_write(sc, 196, 0x28); 3961 run_bbp_write(sc, 195, 0x86); 3962 run_bbp_write(sc, 196, 0x19); 3963 } else if (sc->mac_ver >= 0x5390) 3964 run_bbp_write(sc, 75, 0x50); 3965 else { 3966 run_bbp_write(sc, 82, 3967 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3968 run_bbp_write(sc, 75, 0x50); 3969 } 3970 } 3971 } else { 3972 if (sc->mac_ver == 0x5592) { 3973 run_bbp_write(sc, 79, 0x18); 3974 run_bbp_write(sc, 80, 0x08); 3975 run_bbp_write(sc, 81, 0x38); 3976 run_bbp_write(sc, 82, 0x92); 3977 3978 run_bbp_write(sc, 195, 0x80); 3979 run_bbp_write(sc, 196, 0xf0); 3980 run_bbp_write(sc, 195, 0x81); 3981 run_bbp_write(sc, 196, 0x1e); 3982 run_bbp_write(sc, 195, 0x82); 3983 run_bbp_write(sc, 196, 0x28); 3984 run_bbp_write(sc, 195, 0x83); 3985 run_bbp_write(sc, 196, 0x20); 3986 run_bbp_write(sc, 195, 0x85); 3987 run_bbp_write(sc, 196, 0x7f); 3988 run_bbp_write(sc, 195, 0x86); 3989 run_bbp_write(sc, 196, 0x7f); 3990 } else if (sc->mac_ver == 0x3572) 3991 run_bbp_write(sc, 82, 0x94); 3992 else 3993 run_bbp_write(sc, 82, 3994 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3995 if (sc->ext_5ghz_lna) 3996 run_bbp_write(sc, 75, 0x46); 3997 else 3998 run_bbp_write(sc, 75, 0x50); 3999 } 4000 4001 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4002 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4003 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4004 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4005 4006 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4007 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4008 if (sc->mac_ver == 0x3593) 4009 tmp |= 1 << 29 | 1 << 28; 4010 if (sc->nrxchains > 1) 4011 tmp |= RT2860_LNA_PE1_EN; 4012 if (group == 0) { /* 2GHz */ 4013 tmp |= RT2860_PA_PE_G0_EN; 4014 if (sc->ntxchains > 1) 4015 tmp |= RT2860_PA_PE_G1_EN; 4016 if (sc->mac_ver == 0x3593) { 4017 if (sc->ntxchains > 2) 4018 tmp |= 1 << 25; 4019 } 4020 } else { /* 5GHz */ 4021 tmp |= RT2860_PA_PE_A0_EN; 4022 if (sc->ntxchains > 1) 4023 tmp |= RT2860_PA_PE_A1_EN; 4024 } 4025 if (sc->mac_ver == 0x3572) { 4026 run_rt3070_rf_write(sc, 8, 0x00); 4027 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4028 run_rt3070_rf_write(sc, 8, 0x80); 4029 } else 4030 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4031 4032 if (sc->mac_ver == 0x5592) { 4033 run_bbp_write(sc, 195, 0x8d); 4034 run_bbp_write(sc, 196, 0x1a); 4035 } 4036 4037 if (sc->mac_ver == 0x3593) { 4038 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4039 tmp &= ~0x01010000; 4040 if (group == 0) 4041 tmp |= 0x00010000; 4042 tmp = (tmp & ~0x00009090) | 0x00000090; 4043 run_write(sc, RT2860_GPIO_CTRL, tmp); 4044 } 4045 4046 /* set initial AGC value */ 4047 if (group == 0) { /* 2GHz band */ 4048 if (sc->mac_ver >= 0x3070) 4049 agc = 0x1c + sc->lna[0] * 2; 4050 else 4051 agc = 0x2e + sc->lna[0]; 4052 } else { /* 5GHz band */ 4053 if (sc->mac_ver == 0x5592) 4054 agc = 0x24 + sc->lna[group] * 2; 4055 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4056 agc = 0x22 + (sc->lna[group] * 5) / 3; 4057 else 4058 agc = 0x32 + (sc->lna[group] * 5) / 3; 4059 } 4060 run_set_agc(sc, agc); 4061} 4062 4063static void 4064run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4065{ 4066 const struct rfprog *rfprog = rt2860_rf2850; 4067 uint32_t r2, r3, r4; 4068 int8_t txpow1, txpow2; 4069 int i; 4070 4071 /* find the settings for this channel (we know it exists) */ 4072 for (i = 0; rfprog[i].chan != chan; i++); 4073 4074 r2 = rfprog[i].r2; 4075 if (sc->ntxchains == 1) 4076 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4077 if (sc->nrxchains == 1) 4078 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4079 else if (sc->nrxchains == 2) 4080 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4081 4082 /* use Tx power values from EEPROM */ 4083 txpow1 = sc->txpow1[i]; 4084 txpow2 = sc->txpow2[i]; 4085 4086 /* Initialize RF R3 and R4. */ 4087 r3 = rfprog[i].r3 & 0xffffc1ff; 4088 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4089 if (chan > 14) { 4090 if (txpow1 >= 0) { 4091 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4092 r3 |= (txpow1 << 10) | (1 << 9); 4093 } else { 4094 txpow1 += 7; 4095 4096 /* txpow1 is not possible larger than 15. */ 4097 r3 |= (txpow1 << 10); 4098 } 4099 if (txpow2 >= 0) { 4100 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4101 r4 |= (txpow2 << 7) | (1 << 6); 4102 } else { 4103 txpow2 += 7; 4104 r4 |= (txpow2 << 7); 4105 } 4106 } else { 4107 /* Set Tx0 power. */ 4108 r3 |= (txpow1 << 9); 4109 4110 /* Set frequency offset and Tx1 power. */ 4111 r4 |= (txpow2 << 6); 4112 } 4113 4114 run_rt2870_rf_write(sc, rfprog[i].r1); 4115 run_rt2870_rf_write(sc, r2); 4116 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4117 run_rt2870_rf_write(sc, r4); 4118 4119 run_delay(sc, 10); 4120 4121 run_rt2870_rf_write(sc, rfprog[i].r1); 4122 run_rt2870_rf_write(sc, r2); 4123 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4124 run_rt2870_rf_write(sc, r4); 4125 4126 run_delay(sc, 10); 4127 4128 run_rt2870_rf_write(sc, rfprog[i].r1); 4129 run_rt2870_rf_write(sc, r2); 4130 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4131 run_rt2870_rf_write(sc, r4); 4132} 4133 4134static void 4135run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4136{ 4137 int8_t txpow1, txpow2; 4138 uint8_t rf; 4139 int i; 4140 4141 /* find the settings for this channel (we know it exists) */ 4142 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4143 4144 /* use Tx power values from EEPROM */ 4145 txpow1 = sc->txpow1[i]; 4146 txpow2 = sc->txpow2[i]; 4147 4148 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4149 4150 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4151 run_rt3070_rf_read(sc, 3, &rf); 4152 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4153 run_rt3070_rf_write(sc, 3, rf); 4154 4155 run_rt3070_rf_read(sc, 6, &rf); 4156 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4157 run_rt3070_rf_write(sc, 6, rf); 4158 4159 /* set Tx0 power */ 4160 run_rt3070_rf_read(sc, 12, &rf); 4161 rf = (rf & ~0x1f) | txpow1; 4162 run_rt3070_rf_write(sc, 12, rf); 4163 4164 /* set Tx1 power */ 4165 run_rt3070_rf_read(sc, 13, &rf); 4166 rf = (rf & ~0x1f) | txpow2; 4167 run_rt3070_rf_write(sc, 13, rf); 4168 4169 run_rt3070_rf_read(sc, 1, &rf); 4170 rf &= ~0xfc; 4171 if (sc->ntxchains == 1) 4172 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4173 else if (sc->ntxchains == 2) 4174 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4175 if (sc->nrxchains == 1) 4176 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4177 else if (sc->nrxchains == 2) 4178 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4179 run_rt3070_rf_write(sc, 1, rf); 4180 4181 /* set RF offset */ 4182 run_rt3070_rf_read(sc, 23, &rf); 4183 rf = (rf & ~0x7f) | sc->freq; 4184 run_rt3070_rf_write(sc, 23, rf); 4185 4186 /* program RF filter */ 4187 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4188 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4189 run_rt3070_rf_write(sc, 24, rf); 4190 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4191 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4192 run_rt3070_rf_write(sc, 31, rf); 4193 4194 /* enable RF tuning */ 4195 run_rt3070_rf_read(sc, 7, &rf); 4196 run_rt3070_rf_write(sc, 7, rf | 0x01); 4197} 4198 4199static void 4200run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4201{ 4202 int8_t txpow1, txpow2; 4203 uint32_t tmp; 4204 uint8_t rf; 4205 int i; 4206 4207 /* find the settings for this channel (we know it exists) */ 4208 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4209 4210 /* use Tx power values from EEPROM */ 4211 txpow1 = sc->txpow1[i]; 4212 txpow2 = sc->txpow2[i]; 4213 4214 if (chan <= 14) { 4215 run_bbp_write(sc, 25, sc->bbp25); 4216 run_bbp_write(sc, 26, sc->bbp26); 4217 } else { 4218 /* enable IQ phase correction */ 4219 run_bbp_write(sc, 25, 0x09); 4220 run_bbp_write(sc, 26, 0xff); 4221 } 4222 4223 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4224 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4225 run_rt3070_rf_read(sc, 6, &rf); 4226 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4227 rf |= (chan <= 14) ? 0x08 : 0x04; 4228 run_rt3070_rf_write(sc, 6, rf); 4229 4230 /* set PLL mode */ 4231 run_rt3070_rf_read(sc, 5, &rf); 4232 rf &= ~(0x08 | 0x04); 4233 rf |= (chan <= 14) ? 0x04 : 0x08; 4234 run_rt3070_rf_write(sc, 5, rf); 4235 4236 /* set Tx power for chain 0 */ 4237 if (chan <= 14) 4238 rf = 0x60 | txpow1; 4239 else 4240 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4241 run_rt3070_rf_write(sc, 12, rf); 4242 4243 /* set Tx power for chain 1 */ 4244 if (chan <= 14) 4245 rf = 0x60 | txpow2; 4246 else 4247 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4248 run_rt3070_rf_write(sc, 13, rf); 4249 4250 /* set Tx/Rx streams */ 4251 run_rt3070_rf_read(sc, 1, &rf); 4252 rf &= ~0xfc; 4253 if (sc->ntxchains == 1) 4254 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4255 else if (sc->ntxchains == 2) 4256 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4257 if (sc->nrxchains == 1) 4258 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4259 else if (sc->nrxchains == 2) 4260 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4261 run_rt3070_rf_write(sc, 1, rf); 4262 4263 /* set RF offset */ 4264 run_rt3070_rf_read(sc, 23, &rf); 4265 rf = (rf & ~0x7f) | sc->freq; 4266 run_rt3070_rf_write(sc, 23, rf); 4267 4268 /* program RF filter */ 4269 rf = sc->rf24_20mhz; 4270 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4271 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4272 4273 /* enable RF tuning */ 4274 run_rt3070_rf_read(sc, 7, &rf); 4275 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4276 run_rt3070_rf_write(sc, 7, rf); 4277 4278 /* TSSI */ 4279 rf = (chan <= 14) ? 0xc3 : 0xc0; 4280 run_rt3070_rf_write(sc, 9, rf); 4281 4282 /* set loop filter 1 */ 4283 run_rt3070_rf_write(sc, 10, 0xf1); 4284 /* set loop filter 2 */ 4285 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4286 4287 /* set tx_mx2_ic */ 4288 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4289 /* set tx_mx1_ic */ 4290 if (chan <= 14) 4291 rf = 0x48 | sc->txmixgain_2ghz; 4292 else 4293 rf = 0x78 | sc->txmixgain_5ghz; 4294 run_rt3070_rf_write(sc, 16, rf); 4295 4296 /* set tx_lo1 */ 4297 run_rt3070_rf_write(sc, 17, 0x23); 4298 /* set tx_lo2 */ 4299 if (chan <= 14) 4300 rf = 0x93; 4301 else if (chan <= 64) 4302 rf = 0xb7; 4303 else if (chan <= 128) 4304 rf = 0x74; 4305 else 4306 rf = 0x72; 4307 run_rt3070_rf_write(sc, 19, rf); 4308 4309 /* set rx_lo1 */ 4310 if (chan <= 14) 4311 rf = 0xb3; 4312 else if (chan <= 64) 4313 rf = 0xf6; 4314 else if (chan <= 128) 4315 rf = 0xf4; 4316 else 4317 rf = 0xf3; 4318 run_rt3070_rf_write(sc, 20, rf); 4319 4320 /* set pfd_delay */ 4321 if (chan <= 14) 4322 rf = 0x15; 4323 else if (chan <= 64) 4324 rf = 0x3d; 4325 else 4326 rf = 0x01; 4327 run_rt3070_rf_write(sc, 25, rf); 4328 4329 /* set rx_lo2 */ 4330 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4331 /* set ldo_rf_vc */ 4332 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4333 /* set drv_cc */ 4334 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4335 4336 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4337 tmp &= ~0x8080; 4338 if (chan <= 14) 4339 tmp |= 0x80; 4340 run_write(sc, RT2860_GPIO_CTRL, tmp); 4341 4342 /* enable RF tuning */ 4343 run_rt3070_rf_read(sc, 7, &rf); 4344 run_rt3070_rf_write(sc, 7, rf | 0x01); 4345 4346 run_delay(sc, 2); 4347} 4348 4349static void 4350run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4351{ 4352 int8_t txpow1, txpow2, txpow3; 4353 uint8_t h20mhz, rf; 4354 int i; 4355 4356 /* find the settings for this channel (we know it exists) */ 4357 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4358 4359 /* use Tx power values from EEPROM */ 4360 txpow1 = sc->txpow1[i]; 4361 txpow2 = sc->txpow2[i]; 4362 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4363 4364 if (chan <= 14) { 4365 run_bbp_write(sc, 25, sc->bbp25); 4366 run_bbp_write(sc, 26, sc->bbp26); 4367 } else { 4368 /* Enable IQ phase correction. */ 4369 run_bbp_write(sc, 25, 0x09); 4370 run_bbp_write(sc, 26, 0xff); 4371 } 4372 4373 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4374 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4375 run_rt3070_rf_read(sc, 11, &rf); 4376 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4377 run_rt3070_rf_write(sc, 11, rf); 4378 4379 /* Set pll_idoh. */ 4380 run_rt3070_rf_read(sc, 11, &rf); 4381 rf &= ~0x4c; 4382 rf |= (chan <= 14) ? 0x44 : 0x48; 4383 run_rt3070_rf_write(sc, 11, rf); 4384 4385 if (chan <= 14) 4386 rf = txpow1 & 0x1f; 4387 else 4388 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4389 run_rt3070_rf_write(sc, 53, rf); 4390 4391 if (chan <= 14) 4392 rf = txpow2 & 0x1f; 4393 else 4394 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4395 run_rt3070_rf_write(sc, 55, rf); 4396 4397 if (chan <= 14) 4398 rf = txpow3 & 0x1f; 4399 else 4400 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4401 run_rt3070_rf_write(sc, 54, rf); 4402 4403 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4404 if (sc->ntxchains == 3) 4405 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4406 else 4407 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4408 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4409 run_rt3070_rf_write(sc, 1, rf); 4410 4411 run_adjust_freq_offset(sc); 4412 4413 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4414 4415 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4416 run_rt3070_rf_read(sc, 30, &rf); 4417 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4418 run_rt3070_rf_write(sc, 30, rf); 4419 4420 run_rt3070_rf_read(sc, 36, &rf); 4421 if (chan <= 14) 4422 rf |= 0x80; 4423 else 4424 rf &= ~0x80; 4425 run_rt3070_rf_write(sc, 36, rf); 4426 4427 /* Set vcolo_bs. */ 4428 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4429 /* Set pfd_delay. */ 4430 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4431 4432 /* Set vco bias current control. */ 4433 run_rt3070_rf_read(sc, 6, &rf); 4434 rf &= ~0xc0; 4435 if (chan <= 14) 4436 rf |= 0x40; 4437 else if (chan <= 128) 4438 rf |= 0x80; 4439 else 4440 rf |= 0x40; 4441 run_rt3070_rf_write(sc, 6, rf); 4442 4443 run_rt3070_rf_read(sc, 30, &rf); 4444 rf = (rf & ~0x18) | 0x10; 4445 run_rt3070_rf_write(sc, 30, rf); 4446 4447 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4448 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4449 4450 run_rt3070_rf_read(sc, 51, &rf); 4451 rf = (rf & ~0x03) | 0x01; 4452 run_rt3070_rf_write(sc, 51, rf); 4453 /* Set tx_mx1_cc. */ 4454 run_rt3070_rf_read(sc, 51, &rf); 4455 rf &= ~0x1c; 4456 rf |= (chan <= 14) ? 0x14 : 0x10; 4457 run_rt3070_rf_write(sc, 51, rf); 4458 /* Set tx_mx1_ic. */ 4459 run_rt3070_rf_read(sc, 51, &rf); 4460 rf &= ~0xe0; 4461 rf |= (chan <= 14) ? 0x60 : 0x40; 4462 run_rt3070_rf_write(sc, 51, rf); 4463 /* Set tx_lo1_ic. */ 4464 run_rt3070_rf_read(sc, 49, &rf); 4465 rf &= ~0x1c; 4466 rf |= (chan <= 14) ? 0x0c : 0x08; 4467 run_rt3070_rf_write(sc, 49, rf); 4468 /* Set tx_lo1_en. */ 4469 run_rt3070_rf_read(sc, 50, &rf); 4470 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4471 /* Set drv_cc. */ 4472 run_rt3070_rf_read(sc, 57, &rf); 4473 rf &= ~0xfc; 4474 rf |= (chan <= 14) ? 0x6c : 0x3c; 4475 run_rt3070_rf_write(sc, 57, rf); 4476 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4477 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4478 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4479 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4480 /* Enable VCO calibration. */ 4481 run_rt3070_rf_read(sc, 3, &rf); 4482 rf &= ~RT5390_VCOCAL; 4483 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4484 run_rt3070_rf_write(sc, 3, rf); 4485 4486 if (chan <= 14) 4487 rf = 0x23; 4488 else if (chan <= 64) 4489 rf = 0x36; 4490 else if (chan <= 128) 4491 rf = 0x32; 4492 else 4493 rf = 0x30; 4494 run_rt3070_rf_write(sc, 39, rf); 4495 if (chan <= 14) 4496 rf = 0xbb; 4497 else if (chan <= 64) 4498 rf = 0xeb; 4499 else if (chan <= 128) 4500 rf = 0xb3; 4501 else 4502 rf = 0x9b; 4503 run_rt3070_rf_write(sc, 45, rf); 4504 4505 /* Set FEQ/AEQ control. */ 4506 run_bbp_write(sc, 105, 0x34); 4507} 4508 4509static void 4510run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4511{ 4512 int8_t txpow1, txpow2; 4513 uint8_t rf; 4514 int i; 4515 4516 /* find the settings for this channel (we know it exists) */ 4517 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4518 4519 /* use Tx power values from EEPROM */ 4520 txpow1 = sc->txpow1[i]; 4521 txpow2 = sc->txpow2[i]; 4522 4523 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4524 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4525 run_rt3070_rf_read(sc, 11, &rf); 4526 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4527 run_rt3070_rf_write(sc, 11, rf); 4528 4529 run_rt3070_rf_read(sc, 49, &rf); 4530 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4531 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4532 if ((rf & 0x3f) > 0x27) 4533 rf = (rf & ~0x3f) | 0x27; 4534 run_rt3070_rf_write(sc, 49, rf); 4535 4536 if (sc->mac_ver == 0x5392) { 4537 run_rt3070_rf_read(sc, 50, &rf); 4538 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4539 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4540 if ((rf & 0x3f) > 0x27) 4541 rf = (rf & ~0x3f) | 0x27; 4542 run_rt3070_rf_write(sc, 50, rf); 4543 } 4544 4545 run_rt3070_rf_read(sc, 1, &rf); 4546 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4547 if (sc->mac_ver == 0x5392) 4548 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4549 run_rt3070_rf_write(sc, 1, rf); 4550 4551 if (sc->mac_ver != 0x5392) { 4552 run_rt3070_rf_read(sc, 2, &rf); 4553 rf |= 0x80; 4554 run_rt3070_rf_write(sc, 2, rf); 4555 run_delay(sc, 10); 4556 rf &= 0x7f; 4557 run_rt3070_rf_write(sc, 2, rf); 4558 } 4559 4560 run_adjust_freq_offset(sc); 4561 4562 if (sc->mac_ver == 0x5392) { 4563 /* Fix for RT5392C. */ 4564 if (sc->mac_rev >= 0x0223) { 4565 if (chan <= 4) 4566 rf = 0x0f; 4567 else if (chan >= 5 && chan <= 7) 4568 rf = 0x0e; 4569 else 4570 rf = 0x0d; 4571 run_rt3070_rf_write(sc, 23, rf); 4572 4573 if (chan <= 4) 4574 rf = 0x0c; 4575 else if (chan == 5) 4576 rf = 0x0b; 4577 else if (chan >= 6 && chan <= 7) 4578 rf = 0x0a; 4579 else if (chan >= 8 && chan <= 10) 4580 rf = 0x09; 4581 else 4582 rf = 0x08; 4583 run_rt3070_rf_write(sc, 59, rf); 4584 } else { 4585 if (chan <= 11) 4586 rf = 0x0f; 4587 else 4588 rf = 0x0b; 4589 run_rt3070_rf_write(sc, 59, rf); 4590 } 4591 } else { 4592 /* Fix for RT5390F. */ 4593 if (sc->mac_rev >= 0x0502) { 4594 if (chan <= 11) 4595 rf = 0x43; 4596 else 4597 rf = 0x23; 4598 run_rt3070_rf_write(sc, 55, rf); 4599 4600 if (chan <= 11) 4601 rf = 0x0f; 4602 else if (chan == 12) 4603 rf = 0x0d; 4604 else 4605 rf = 0x0b; 4606 run_rt3070_rf_write(sc, 59, rf); 4607 } else { 4608 run_rt3070_rf_write(sc, 55, 0x44); 4609 run_rt3070_rf_write(sc, 59, 0x8f); 4610 } 4611 } 4612 4613 /* Enable VCO calibration. */ 4614 run_rt3070_rf_read(sc, 3, &rf); 4615 rf |= RT5390_VCOCAL; 4616 run_rt3070_rf_write(sc, 3, rf); 4617} 4618 4619static void 4620run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4621{ 4622 const struct rt5592_freqs *freqs; 4623 uint32_t tmp; 4624 uint8_t reg, rf, txpow_bound; 4625 int8_t txpow1, txpow2; 4626 int i; 4627 4628 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4629 freqs = (tmp & RT5592_SEL_XTAL) ? 4630 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4631 4632 /* find the settings for this channel (we know it exists) */ 4633 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4634 4635 /* use Tx power values from EEPROM */ 4636 txpow1 = sc->txpow1[i]; 4637 txpow2 = sc->txpow2[i]; 4638 4639 run_read(sc, RT3070_LDO_CFG0, &tmp); 4640 tmp &= ~0x1c000000; 4641 if (chan > 14) 4642 tmp |= 0x14000000; 4643 run_write(sc, RT3070_LDO_CFG0, tmp); 4644 4645 /* N setting. */ 4646 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4647 run_rt3070_rf_read(sc, 9, &rf); 4648 rf &= ~(1 << 4); 4649 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4650 run_rt3070_rf_write(sc, 9, rf); 4651 4652 /* K setting. */ 4653 run_rt3070_rf_read(sc, 9, &rf); 4654 rf &= ~0x0f; 4655 rf |= (freqs->k & 0x0f); 4656 run_rt3070_rf_write(sc, 9, rf); 4657 4658 /* Mode setting. */ 4659 run_rt3070_rf_read(sc, 11, &rf); 4660 rf &= ~0x0c; 4661 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4662 run_rt3070_rf_write(sc, 11, rf); 4663 run_rt3070_rf_read(sc, 9, &rf); 4664 rf &= ~(1 << 7); 4665 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4666 run_rt3070_rf_write(sc, 9, rf); 4667 4668 /* R setting. */ 4669 run_rt3070_rf_read(sc, 11, &rf); 4670 rf &= ~0x03; 4671 rf |= (freqs->r - 0x1); 4672 run_rt3070_rf_write(sc, 11, rf); 4673 4674 if (chan <= 14) { 4675 /* Initialize RF registers for 2GHZ. */ 4676 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4677 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4678 rt5592_2ghz_def_rf[i].val); 4679 } 4680 4681 rf = (chan <= 10) ? 0x07 : 0x06; 4682 run_rt3070_rf_write(sc, 23, rf); 4683 run_rt3070_rf_write(sc, 59, rf); 4684 4685 run_rt3070_rf_write(sc, 55, 0x43); 4686 4687 /* 4688 * RF R49/R50 Tx power ALC code. 4689 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4690 */ 4691 reg = 2; 4692 txpow_bound = 0x27; 4693 } else { 4694 /* Initialize RF registers for 5GHZ. */ 4695 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4696 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4697 rt5592_5ghz_def_rf[i].val); 4698 } 4699 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4700 if (chan >= rt5592_chan_5ghz[i].firstchan && 4701 chan <= rt5592_chan_5ghz[i].lastchan) { 4702 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4703 rt5592_chan_5ghz[i].val); 4704 } 4705 } 4706 4707 /* 4708 * RF R49/R50 Tx power ALC code. 4709 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4710 */ 4711 reg = 3; 4712 txpow_bound = 0x2b; 4713 } 4714 4715 /* RF R49 ch0 Tx power ALC code. */ 4716 run_rt3070_rf_read(sc, 49, &rf); 4717 rf &= ~0xc0; 4718 rf |= (reg << 6); 4719 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4720 if ((rf & 0x3f) > txpow_bound) 4721 rf = (rf & ~0x3f) | txpow_bound; 4722 run_rt3070_rf_write(sc, 49, rf); 4723 4724 /* RF R50 ch1 Tx power ALC code. */ 4725 run_rt3070_rf_read(sc, 50, &rf); 4726 rf &= ~(1 << 7 | 1 << 6); 4727 rf |= (reg << 6); 4728 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4729 if ((rf & 0x3f) > txpow_bound) 4730 rf = (rf & ~0x3f) | txpow_bound; 4731 run_rt3070_rf_write(sc, 50, rf); 4732 4733 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4734 run_rt3070_rf_read(sc, 1, &rf); 4735 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4736 if (sc->ntxchains > 1) 4737 rf |= RT3070_TX1_PD; 4738 if (sc->nrxchains > 1) 4739 rf |= RT3070_RX1_PD; 4740 run_rt3070_rf_write(sc, 1, rf); 4741 4742 run_rt3070_rf_write(sc, 6, 0xe4); 4743 4744 run_rt3070_rf_write(sc, 30, 0x10); 4745 run_rt3070_rf_write(sc, 31, 0x80); 4746 run_rt3070_rf_write(sc, 32, 0x80); 4747 4748 run_adjust_freq_offset(sc); 4749 4750 /* Enable VCO calibration. */ 4751 run_rt3070_rf_read(sc, 3, &rf); 4752 rf |= RT5390_VCOCAL; 4753 run_rt3070_rf_write(sc, 3, rf); 4754} 4755 4756static void 4757run_set_rx_antenna(struct run_softc *sc, int aux) 4758{ 4759 uint32_t tmp; 4760 uint8_t bbp152; 4761 4762 if (aux) { 4763 if (sc->rf_rev == RT5390_RF_5370) { 4764 run_bbp_read(sc, 152, &bbp152); 4765 run_bbp_write(sc, 152, bbp152 & ~0x80); 4766 } else { 4767 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4768 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4769 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4770 } 4771 } else { 4772 if (sc->rf_rev == RT5390_RF_5370) { 4773 run_bbp_read(sc, 152, &bbp152); 4774 run_bbp_write(sc, 152, bbp152 | 0x80); 4775 } else { 4776 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4777 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4778 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4779 } 4780 } 4781} 4782 4783static int 4784run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4785{ 4786 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4787 u_int chan, group; 4788 4789 chan = ieee80211_chan2ieee(ic, c); 4790 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4791 return (EINVAL); 4792 4793 if (sc->mac_ver == 0x5592) 4794 run_rt5592_set_chan(sc, chan); 4795 else if (sc->mac_ver >= 0x5390) 4796 run_rt5390_set_chan(sc, chan); 4797 else if (sc->mac_ver == 0x3593) 4798 run_rt3593_set_chan(sc, chan); 4799 else if (sc->mac_ver == 0x3572) 4800 run_rt3572_set_chan(sc, chan); 4801 else if (sc->mac_ver >= 0x3070) 4802 run_rt3070_set_chan(sc, chan); 4803 else 4804 run_rt2870_set_chan(sc, chan); 4805 4806 /* determine channel group */ 4807 if (chan <= 14) 4808 group = 0; 4809 else if (chan <= 64) 4810 group = 1; 4811 else if (chan <= 128) 4812 group = 2; 4813 else 4814 group = 3; 4815 4816 /* XXX necessary only when group has changed! */ 4817 run_select_chan_group(sc, group); 4818 4819 run_delay(sc, 10); 4820 4821 /* Perform IQ calibration. */ 4822 if (sc->mac_ver >= 0x5392) 4823 run_iq_calib(sc, chan); 4824 4825 return (0); 4826} 4827 4828static void 4829run_set_channel(struct ieee80211com *ic) 4830{ 4831 struct run_softc *sc = ic->ic_ifp->if_softc; 4832 4833 RUN_LOCK(sc); 4834 run_set_chan(sc, ic->ic_curchan); 4835 RUN_UNLOCK(sc); 4836 4837 return; 4838} 4839 4840static void 4841run_scan_start(struct ieee80211com *ic) 4842{ 4843 struct run_softc *sc = ic->ic_ifp->if_softc; 4844 uint32_t tmp; 4845 4846 RUN_LOCK(sc); 4847 4848 /* abort TSF synchronization */ 4849 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4850 run_write(sc, RT2860_BCN_TIME_CFG, 4851 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4852 RT2860_TBTT_TIMER_EN)); 4853 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4854 4855 RUN_UNLOCK(sc); 4856 4857 return; 4858} 4859 4860static void 4861run_scan_end(struct ieee80211com *ic) 4862{ 4863 struct run_softc *sc = ic->ic_ifp->if_softc; 4864 4865 RUN_LOCK(sc); 4866 4867 run_enable_tsf_sync(sc); 4868 /* XXX keep local copy */ 4869 run_set_bssid(sc, sc->sc_bssid); 4870 4871 RUN_UNLOCK(sc); 4872 4873 return; 4874} 4875 4876/* 4877 * Could be called from ieee80211_node_timeout() 4878 * (non-sleepable thread) 4879 */ 4880static void 4881run_update_beacon(struct ieee80211vap *vap, int item) 4882{ 4883 struct ieee80211com *ic = vap->iv_ic; 4884 struct run_softc *sc = ic->ic_ifp->if_softc; 4885 struct run_vap *rvp = RUN_VAP(vap); 4886 int mcast = 0; 4887 uint32_t i; 4888 4889 KASSERT(vap != NULL, ("no beacon")); 4890 4891 switch (item) { 4892 case IEEE80211_BEACON_ERP: 4893 run_updateslot(ic->ic_ifp); 4894 break; 4895 case IEEE80211_BEACON_HTINFO: 4896 run_updateprot(ic); 4897 break; 4898 case IEEE80211_BEACON_TIM: 4899 mcast = 1; /*TODO*/ 4900 break; 4901 default: 4902 break; 4903 } 4904 4905 setbit(rvp->bo.bo_flags, item); 4906 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4907 4908 i = RUN_CMDQ_GET(&sc->cmdq_store); 4909 DPRINTF("cmdq_store=%d\n", i); 4910 sc->cmdq[i].func = run_update_beacon_cb; 4911 sc->cmdq[i].arg0 = vap; 4912 ieee80211_runtask(ic, &sc->cmdq_task); 4913 4914 return; 4915} 4916 4917static void 4918run_update_beacon_cb(void *arg) 4919{ 4920 struct ieee80211vap *vap = arg; 4921 struct run_vap *rvp = RUN_VAP(vap); 4922 struct ieee80211com *ic = vap->iv_ic; 4923 struct run_softc *sc = ic->ic_ifp->if_softc; 4924 struct rt2860_txwi txwi; 4925 struct mbuf *m; 4926 uint16_t txwisize; 4927 uint8_t ridx; 4928 4929 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4930 return; 4931 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4932 return; 4933 4934 /* 4935 * No need to call ieee80211_beacon_update(), run_update_beacon() 4936 * is taking care of apropriate calls. 4937 */ 4938 if (rvp->beacon_mbuf == NULL) { 4939 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4940 &rvp->bo); 4941 if (rvp->beacon_mbuf == NULL) 4942 return; 4943 } 4944 m = rvp->beacon_mbuf; 4945 4946 memset(&txwi, 0, sizeof(txwi)); 4947 txwi.wcid = 0xff; 4948 txwi.len = htole16(m->m_pkthdr.len); 4949 4950 /* send beacons at the lowest available rate */ 4951 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4952 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4953 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4954 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4955 txwi.phy |= htole16(RT2860_PHY_OFDM); 4956 txwi.txop = RT2860_TX_TXOP_HT; 4957 txwi.flags = RT2860_TX_TS; 4958 txwi.xflags = RT2860_TX_NSEQ; 4959 4960 txwisize = (sc->mac_ver == 0x5592) ? 4961 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4962 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4963 txwisize); 4964 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4965 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4966} 4967 4968static void 4969run_updateprot(struct ieee80211com *ic) 4970{ 4971 struct run_softc *sc = ic->ic_ifp->if_softc; 4972 uint32_t i; 4973 4974 i = RUN_CMDQ_GET(&sc->cmdq_store); 4975 DPRINTF("cmdq_store=%d\n", i); 4976 sc->cmdq[i].func = run_updateprot_cb; 4977 sc->cmdq[i].arg0 = ic; 4978 ieee80211_runtask(ic, &sc->cmdq_task); 4979} 4980 4981static void 4982run_updateprot_cb(void *arg) 4983{ 4984 struct ieee80211com *ic = arg; 4985 struct run_softc *sc = ic->ic_ifp->if_softc; 4986 uint32_t tmp; 4987 4988 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4989 /* setup protection frame rate (MCS code) */ 4990 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4991 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4992 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4993 4994 /* CCK frames don't require protection */ 4995 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4996 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4997 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4998 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4999 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5000 tmp |= RT2860_PROT_CTRL_CTS; 5001 } 5002 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5003} 5004 5005static void 5006run_usb_timeout_cb(void *arg) 5007{ 5008 struct ieee80211vap *vap = arg; 5009 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 5010 5011 RUN_LOCK_ASSERT(sc, MA_OWNED); 5012 5013 if(vap->iv_state == IEEE80211_S_RUN && 5014 vap->iv_opmode != IEEE80211_M_STA) 5015 run_reset_livelock(sc); 5016 else if (vap->iv_state == IEEE80211_S_SCAN) { 5017 DPRINTF("timeout caused by scan\n"); 5018 /* cancel bgscan */ 5019 ieee80211_cancel_scan(vap); 5020 } else 5021 DPRINTF("timeout by unknown cause\n"); 5022} 5023 5024static void 5025run_reset_livelock(struct run_softc *sc) 5026{ 5027 uint32_t tmp; 5028 5029 RUN_LOCK_ASSERT(sc, MA_OWNED); 5030 5031 /* 5032 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5033 * can run into a livelock and start sending CTS-to-self frames like 5034 * crazy if protection is enabled. Reset MAC/BBP for a while 5035 */ 5036 run_read(sc, RT2860_DEBUG, &tmp); 5037 DPRINTFN(3, "debug reg %08x\n", tmp); 5038 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5039 DPRINTF("CTS-to-self livelock detected\n"); 5040 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5041 run_delay(sc, 1); 5042 run_write(sc, RT2860_MAC_SYS_CTRL, 5043 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5044 } 5045} 5046 5047static void 5048run_update_promisc_locked(struct ifnet *ifp) 5049{ 5050 struct run_softc *sc = ifp->if_softc; 5051 uint32_t tmp; 5052 5053 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5054 5055 tmp |= RT2860_DROP_UC_NOME; 5056 if (ifp->if_flags & IFF_PROMISC) 5057 tmp &= ~RT2860_DROP_UC_NOME; 5058 5059 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5060 5061 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 5062 "entering" : "leaving"); 5063} 5064 5065static void 5066run_update_promisc(struct ifnet *ifp) 5067{ 5068 struct run_softc *sc = ifp->if_softc; 5069 5070 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 5071 return; 5072 5073 RUN_LOCK(sc); 5074 run_update_promisc_locked(ifp); 5075 RUN_UNLOCK(sc); 5076} 5077 5078static void 5079run_enable_tsf_sync(struct run_softc *sc) 5080{ 5081 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5082 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5083 uint32_t tmp; 5084 5085 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5086 ic->ic_opmode); 5087 5088 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5089 tmp &= ~0x1fffff; 5090 tmp |= vap->iv_bss->ni_intval * 16; 5091 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5092 5093 if (ic->ic_opmode == IEEE80211_M_STA) { 5094 /* 5095 * Local TSF is always updated with remote TSF on beacon 5096 * reception. 5097 */ 5098 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5099 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5100 tmp |= RT2860_BCN_TX_EN; 5101 /* 5102 * Local TSF is updated with remote TSF on beacon reception 5103 * only if the remote TSF is greater than local TSF. 5104 */ 5105 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5106 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5107 ic->ic_opmode == IEEE80211_M_MBSS) { 5108 tmp |= RT2860_BCN_TX_EN; 5109 /* SYNC with nobody */ 5110 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5111 } else { 5112 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5113 return; 5114 } 5115 5116 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5117} 5118 5119static void 5120run_enable_mrr(struct run_softc *sc) 5121{ 5122#define CCK(mcs) (mcs) 5123#define OFDM(mcs) (1 << 3 | (mcs)) 5124 run_write(sc, RT2860_LG_FBK_CFG0, 5125 OFDM(6) << 28 | /* 54->48 */ 5126 OFDM(5) << 24 | /* 48->36 */ 5127 OFDM(4) << 20 | /* 36->24 */ 5128 OFDM(3) << 16 | /* 24->18 */ 5129 OFDM(2) << 12 | /* 18->12 */ 5130 OFDM(1) << 8 | /* 12-> 9 */ 5131 OFDM(0) << 4 | /* 9-> 6 */ 5132 OFDM(0)); /* 6-> 6 */ 5133 5134 run_write(sc, RT2860_LG_FBK_CFG1, 5135 CCK(2) << 12 | /* 11->5.5 */ 5136 CCK(1) << 8 | /* 5.5-> 2 */ 5137 CCK(0) << 4 | /* 2-> 1 */ 5138 CCK(0)); /* 1-> 1 */ 5139#undef OFDM 5140#undef CCK 5141} 5142 5143static void 5144run_set_txpreamble(struct run_softc *sc) 5145{ 5146 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5147 uint32_t tmp; 5148 5149 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5150 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5151 tmp |= RT2860_CCK_SHORT_EN; 5152 else 5153 tmp &= ~RT2860_CCK_SHORT_EN; 5154 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5155} 5156 5157static void 5158run_set_basicrates(struct run_softc *sc) 5159{ 5160 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5161 5162 /* set basic rates mask */ 5163 if (ic->ic_curmode == IEEE80211_MODE_11B) 5164 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5165 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5166 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5167 else /* 11g */ 5168 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5169} 5170 5171static void 5172run_set_leds(struct run_softc *sc, uint16_t which) 5173{ 5174 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5175 which | (sc->leds & 0x7f)); 5176} 5177 5178static void 5179run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5180{ 5181 run_write(sc, RT2860_MAC_BSSID_DW0, 5182 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5183 run_write(sc, RT2860_MAC_BSSID_DW1, 5184 bssid[4] | bssid[5] << 8); 5185} 5186 5187static void 5188run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5189{ 5190 run_write(sc, RT2860_MAC_ADDR_DW0, 5191 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5192 run_write(sc, RT2860_MAC_ADDR_DW1, 5193 addr[4] | addr[5] << 8 | 0xff << 16); 5194} 5195 5196static void 5197run_updateslot(struct ifnet *ifp) 5198{ 5199 struct run_softc *sc = ifp->if_softc; 5200 struct ieee80211com *ic = ifp->if_l2com; 5201 uint32_t i; 5202 5203 i = RUN_CMDQ_GET(&sc->cmdq_store); 5204 DPRINTF("cmdq_store=%d\n", i); 5205 sc->cmdq[i].func = run_updateslot_cb; 5206 sc->cmdq[i].arg0 = ifp; 5207 ieee80211_runtask(ic, &sc->cmdq_task); 5208 5209 return; 5210} 5211 5212/* ARGSUSED */ 5213static void 5214run_updateslot_cb(void *arg) 5215{ 5216 struct ifnet *ifp = arg; 5217 struct run_softc *sc = ifp->if_softc; 5218 struct ieee80211com *ic = ifp->if_l2com; 5219 uint32_t tmp; 5220 5221 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5222 tmp &= ~0xff; 5223 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5224 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5225} 5226 5227static void 5228run_update_mcast(struct ifnet *ifp) 5229{ 5230 /* h/w filter supports getting everything or nothing */ 5231 ifp->if_flags |= IFF_ALLMULTI; 5232} 5233 5234static int8_t 5235run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5236{ 5237 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5238 struct ieee80211_channel *c = ic->ic_curchan; 5239 int delta; 5240 5241 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5242 u_int chan = ieee80211_chan2ieee(ic, c); 5243 delta = sc->rssi_5ghz[rxchain]; 5244 5245 /* determine channel group */ 5246 if (chan <= 64) 5247 delta -= sc->lna[1]; 5248 else if (chan <= 128) 5249 delta -= sc->lna[2]; 5250 else 5251 delta -= sc->lna[3]; 5252 } else 5253 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5254 5255 return (-12 - delta - rssi); 5256} 5257 5258static void 5259run_rt5390_bbp_init(struct run_softc *sc) 5260{ 5261 int i; 5262 uint8_t bbp; 5263 5264 /* Apply maximum likelihood detection for 2 stream case. */ 5265 run_bbp_read(sc, 105, &bbp); 5266 if (sc->nrxchains > 1) 5267 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5268 5269 /* Avoid data lost and CRC error. */ 5270 run_bbp_read(sc, 4, &bbp); 5271 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5272 5273 if (sc->mac_ver == 0x5592) { 5274 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5275 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5276 rt5592_def_bbp[i].val); 5277 } 5278 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5279 run_bbp_write(sc, 195, i + 0x80); 5280 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5281 } 5282 } else { 5283 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5284 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5285 rt5390_def_bbp[i].val); 5286 } 5287 } 5288 if (sc->mac_ver == 0x5392) { 5289 run_bbp_write(sc, 88, 0x90); 5290 run_bbp_write(sc, 95, 0x9a); 5291 run_bbp_write(sc, 98, 0x12); 5292 run_bbp_write(sc, 106, 0x12); 5293 run_bbp_write(sc, 134, 0xd0); 5294 run_bbp_write(sc, 135, 0xf6); 5295 run_bbp_write(sc, 148, 0x84); 5296 } 5297 5298 run_bbp_read(sc, 152, &bbp); 5299 run_bbp_write(sc, 152, bbp | 0x80); 5300 5301 /* Fix BBP254 for RT5592C. */ 5302 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5303 run_bbp_read(sc, 254, &bbp); 5304 run_bbp_write(sc, 254, bbp | 0x80); 5305 } 5306 5307 /* Disable hardware antenna diversity. */ 5308 if (sc->mac_ver == 0x5390) 5309 run_bbp_write(sc, 154, 0); 5310 5311 /* Initialize Rx CCK/OFDM frequency offset report. */ 5312 run_bbp_write(sc, 142, 1); 5313 run_bbp_write(sc, 143, 57); 5314} 5315 5316static int 5317run_bbp_init(struct run_softc *sc) 5318{ 5319 int i, error, ntries; 5320 uint8_t bbp0; 5321 5322 /* wait for BBP to wake up */ 5323 for (ntries = 0; ntries < 20; ntries++) { 5324 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5325 return error; 5326 if (bbp0 != 0 && bbp0 != 0xff) 5327 break; 5328 } 5329 if (ntries == 20) 5330 return (ETIMEDOUT); 5331 5332 /* initialize BBP registers to default values */ 5333 if (sc->mac_ver >= 0x5390) 5334 run_rt5390_bbp_init(sc); 5335 else { 5336 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5337 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5338 rt2860_def_bbp[i].val); 5339 } 5340 } 5341 5342 if (sc->mac_ver == 0x3593) { 5343 run_bbp_write(sc, 79, 0x13); 5344 run_bbp_write(sc, 80, 0x05); 5345 run_bbp_write(sc, 81, 0x33); 5346 run_bbp_write(sc, 86, 0x46); 5347 run_bbp_write(sc, 137, 0x0f); 5348 } 5349 5350 /* fix BBP84 for RT2860E */ 5351 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5352 run_bbp_write(sc, 84, 0x19); 5353 5354 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5355 sc->mac_ver != 0x5592)) { 5356 run_bbp_write(sc, 79, 0x13); 5357 run_bbp_write(sc, 80, 0x05); 5358 run_bbp_write(sc, 81, 0x33); 5359 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5360 run_bbp_write(sc, 69, 0x16); 5361 run_bbp_write(sc, 73, 0x12); 5362 } 5363 return (0); 5364} 5365 5366static int 5367run_rt3070_rf_init(struct run_softc *sc) 5368{ 5369 uint32_t tmp; 5370 uint8_t bbp4, mingain, rf, target; 5371 int i; 5372 5373 run_rt3070_rf_read(sc, 30, &rf); 5374 /* toggle RF R30 bit 7 */ 5375 run_rt3070_rf_write(sc, 30, rf | 0x80); 5376 run_delay(sc, 10); 5377 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5378 5379 /* initialize RF registers to default value */ 5380 if (sc->mac_ver == 0x3572) { 5381 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5382 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5383 rt3572_def_rf[i].val); 5384 } 5385 } else { 5386 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5387 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5388 rt3070_def_rf[i].val); 5389 } 5390 } 5391 5392 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5393 /* 5394 * Change voltage from 1.2V to 1.35V for RT3070. 5395 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5396 * in RT3070(F). 5397 */ 5398 run_read(sc, RT3070_LDO_CFG0, &tmp); 5399 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5400 run_write(sc, RT3070_LDO_CFG0, tmp); 5401 5402 } else if (sc->mac_ver == 0x3071) { 5403 run_rt3070_rf_read(sc, 6, &rf); 5404 run_rt3070_rf_write(sc, 6, rf | 0x40); 5405 run_rt3070_rf_write(sc, 31, 0x14); 5406 5407 run_read(sc, RT3070_LDO_CFG0, &tmp); 5408 tmp &= ~0x1f000000; 5409 if (sc->mac_rev < 0x0211) 5410 tmp |= 0x0d000000; /* 1.3V */ 5411 else 5412 tmp |= 0x01000000; /* 1.2V */ 5413 run_write(sc, RT3070_LDO_CFG0, tmp); 5414 5415 /* patch LNA_PE_G1 */ 5416 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5417 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5418 5419 } else if (sc->mac_ver == 0x3572) { 5420 run_rt3070_rf_read(sc, 6, &rf); 5421 run_rt3070_rf_write(sc, 6, rf | 0x40); 5422 5423 /* increase voltage from 1.2V to 1.35V */ 5424 run_read(sc, RT3070_LDO_CFG0, &tmp); 5425 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5426 run_write(sc, RT3070_LDO_CFG0, tmp); 5427 5428 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5429 run_delay(sc, 1); /* wait for 1msec */ 5430 /* decrease voltage back to 1.2V */ 5431 tmp = (tmp & ~0x1f000000) | 0x01000000; 5432 run_write(sc, RT3070_LDO_CFG0, tmp); 5433 } 5434 } 5435 5436 /* select 20MHz bandwidth */ 5437 run_rt3070_rf_read(sc, 31, &rf); 5438 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5439 5440 /* calibrate filter for 20MHz bandwidth */ 5441 sc->rf24_20mhz = 0x1f; /* default value */ 5442 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5443 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5444 5445 /* select 40MHz bandwidth */ 5446 run_bbp_read(sc, 4, &bbp4); 5447 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5448 run_rt3070_rf_read(sc, 31, &rf); 5449 run_rt3070_rf_write(sc, 31, rf | 0x20); 5450 5451 /* calibrate filter for 40MHz bandwidth */ 5452 sc->rf24_40mhz = 0x2f; /* default value */ 5453 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5454 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5455 5456 /* go back to 20MHz bandwidth */ 5457 run_bbp_read(sc, 4, &bbp4); 5458 run_bbp_write(sc, 4, bbp4 & ~0x18); 5459 5460 if (sc->mac_ver == 0x3572) { 5461 /* save default BBP registers 25 and 26 values */ 5462 run_bbp_read(sc, 25, &sc->bbp25); 5463 run_bbp_read(sc, 26, &sc->bbp26); 5464 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5465 run_rt3070_rf_write(sc, 27, 0x03); 5466 5467 run_read(sc, RT3070_OPT_14, &tmp); 5468 run_write(sc, RT3070_OPT_14, tmp | 1); 5469 5470 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5471 run_rt3070_rf_read(sc, 17, &rf); 5472 rf &= ~RT3070_TX_LO1; 5473 if ((sc->mac_ver == 0x3070 || 5474 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5475 !sc->ext_2ghz_lna) 5476 rf |= 0x20; /* fix for long range Rx issue */ 5477 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5478 if (sc->txmixgain_2ghz >= mingain) 5479 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5480 run_rt3070_rf_write(sc, 17, rf); 5481 } 5482 5483 if (sc->mac_rev == 0x3071) { 5484 run_rt3070_rf_read(sc, 1, &rf); 5485 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5486 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5487 run_rt3070_rf_write(sc, 1, rf); 5488 5489 run_rt3070_rf_read(sc, 15, &rf); 5490 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5491 5492 run_rt3070_rf_read(sc, 20, &rf); 5493 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5494 5495 run_rt3070_rf_read(sc, 21, &rf); 5496 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5497 } 5498 5499 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5500 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5501 run_rt3070_rf_read(sc, 27, &rf); 5502 rf &= ~0x77; 5503 if (sc->mac_rev < 0x0211) 5504 rf |= 0x03; 5505 run_rt3070_rf_write(sc, 27, rf); 5506 } 5507 return (0); 5508} 5509 5510static void 5511run_rt3593_rf_init(struct run_softc *sc) 5512{ 5513 uint32_t tmp; 5514 uint8_t rf; 5515 int i; 5516 5517 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5518 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5519 tmp &= ~(1 << 4 | 1 << 7); 5520 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5521 5522 /* Initialize RF registers to default value. */ 5523 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5524 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5525 rt3593_def_rf[i].val); 5526 } 5527 5528 /* Toggle RF R2 to initiate calibration. */ 5529 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5530 5531 /* Initialize RF frequency offset. */ 5532 run_adjust_freq_offset(sc); 5533 5534 run_rt3070_rf_read(sc, 18, &rf); 5535 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5536 5537 /* 5538 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5539 * decrease voltage back to 1.2V. 5540 */ 5541 run_read(sc, RT3070_LDO_CFG0, &tmp); 5542 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5543 run_write(sc, RT3070_LDO_CFG0, tmp); 5544 run_delay(sc, 1); 5545 tmp = (tmp & ~0x1f000000) | 0x01000000; 5546 run_write(sc, RT3070_LDO_CFG0, tmp); 5547 5548 sc->rf24_20mhz = 0x1f; 5549 sc->rf24_40mhz = 0x2f; 5550 5551 /* Save default BBP registers 25 and 26 values. */ 5552 run_bbp_read(sc, 25, &sc->bbp25); 5553 run_bbp_read(sc, 26, &sc->bbp26); 5554 5555 run_read(sc, RT3070_OPT_14, &tmp); 5556 run_write(sc, RT3070_OPT_14, tmp | 1); 5557} 5558 5559static void 5560run_rt5390_rf_init(struct run_softc *sc) 5561{ 5562 uint32_t tmp; 5563 uint8_t rf; 5564 int i; 5565 5566 /* Toggle RF R2 to initiate calibration. */ 5567 if (sc->mac_ver == 0x5390) { 5568 run_rt3070_rf_read(sc, 2, &rf); 5569 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5570 run_delay(sc, 10); 5571 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5572 } else { 5573 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5574 run_delay(sc, 10); 5575 } 5576 5577 /* Initialize RF registers to default value. */ 5578 if (sc->mac_ver == 0x5592) { 5579 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5580 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5581 rt5592_def_rf[i].val); 5582 } 5583 /* Initialize RF frequency offset. */ 5584 run_adjust_freq_offset(sc); 5585 } else if (sc->mac_ver == 0x5392) { 5586 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5587 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5588 rt5392_def_rf[i].val); 5589 } 5590 if (sc->mac_rev >= 0x0223) { 5591 run_rt3070_rf_write(sc, 23, 0x0f); 5592 run_rt3070_rf_write(sc, 24, 0x3e); 5593 run_rt3070_rf_write(sc, 51, 0x32); 5594 run_rt3070_rf_write(sc, 53, 0x22); 5595 run_rt3070_rf_write(sc, 56, 0xc1); 5596 run_rt3070_rf_write(sc, 59, 0x0f); 5597 } 5598 } else { 5599 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5600 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5601 rt5390_def_rf[i].val); 5602 } 5603 if (sc->mac_rev >= 0x0502) { 5604 run_rt3070_rf_write(sc, 6, 0xe0); 5605 run_rt3070_rf_write(sc, 25, 0x80); 5606 run_rt3070_rf_write(sc, 46, 0x73); 5607 run_rt3070_rf_write(sc, 53, 0x00); 5608 run_rt3070_rf_write(sc, 56, 0x42); 5609 run_rt3070_rf_write(sc, 61, 0xd1); 5610 } 5611 } 5612 5613 sc->rf24_20mhz = 0x1f; /* default value */ 5614 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5615 5616 if (sc->mac_rev < 0x0211) 5617 run_rt3070_rf_write(sc, 27, 0x3); 5618 5619 run_read(sc, RT3070_OPT_14, &tmp); 5620 run_write(sc, RT3070_OPT_14, tmp | 1); 5621} 5622 5623static int 5624run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5625 uint8_t *val) 5626{ 5627 uint8_t rf22, rf24; 5628 uint8_t bbp55_pb, bbp55_sb, delta; 5629 int ntries; 5630 5631 /* program filter */ 5632 run_rt3070_rf_read(sc, 24, &rf24); 5633 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5634 run_rt3070_rf_write(sc, 24, rf24); 5635 5636 /* enable baseband loopback mode */ 5637 run_rt3070_rf_read(sc, 22, &rf22); 5638 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5639 5640 /* set power and frequency of passband test tone */ 5641 run_bbp_write(sc, 24, 0x00); 5642 for (ntries = 0; ntries < 100; ntries++) { 5643 /* transmit test tone */ 5644 run_bbp_write(sc, 25, 0x90); 5645 run_delay(sc, 10); 5646 /* read received power */ 5647 run_bbp_read(sc, 55, &bbp55_pb); 5648 if (bbp55_pb != 0) 5649 break; 5650 } 5651 if (ntries == 100) 5652 return (ETIMEDOUT); 5653 5654 /* set power and frequency of stopband test tone */ 5655 run_bbp_write(sc, 24, 0x06); 5656 for (ntries = 0; ntries < 100; ntries++) { 5657 /* transmit test tone */ 5658 run_bbp_write(sc, 25, 0x90); 5659 run_delay(sc, 10); 5660 /* read received power */ 5661 run_bbp_read(sc, 55, &bbp55_sb); 5662 5663 delta = bbp55_pb - bbp55_sb; 5664 if (delta > target) 5665 break; 5666 5667 /* reprogram filter */ 5668 rf24++; 5669 run_rt3070_rf_write(sc, 24, rf24); 5670 } 5671 if (ntries < 100) { 5672 if (rf24 != init) 5673 rf24--; /* backtrack */ 5674 *val = rf24; 5675 run_rt3070_rf_write(sc, 24, rf24); 5676 } 5677 5678 /* restore initial state */ 5679 run_bbp_write(sc, 24, 0x00); 5680 5681 /* disable baseband loopback mode */ 5682 run_rt3070_rf_read(sc, 22, &rf22); 5683 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5684 5685 return (0); 5686} 5687 5688static void 5689run_rt3070_rf_setup(struct run_softc *sc) 5690{ 5691 uint8_t bbp, rf; 5692 int i; 5693 5694 if (sc->mac_ver == 0x3572) { 5695 /* enable DC filter */ 5696 if (sc->mac_rev >= 0x0201) 5697 run_bbp_write(sc, 103, 0xc0); 5698 5699 run_bbp_read(sc, 138, &bbp); 5700 if (sc->ntxchains == 1) 5701 bbp |= 0x20; /* turn off DAC1 */ 5702 if (sc->nrxchains == 1) 5703 bbp &= ~0x02; /* turn off ADC1 */ 5704 run_bbp_write(sc, 138, bbp); 5705 5706 if (sc->mac_rev >= 0x0211) { 5707 /* improve power consumption */ 5708 run_bbp_read(sc, 31, &bbp); 5709 run_bbp_write(sc, 31, bbp & ~0x03); 5710 } 5711 5712 run_rt3070_rf_read(sc, 16, &rf); 5713 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5714 run_rt3070_rf_write(sc, 16, rf); 5715 5716 } else if (sc->mac_ver == 0x3071) { 5717 if (sc->mac_rev >= 0x0211) { 5718 /* enable DC filter */ 5719 run_bbp_write(sc, 103, 0xc0); 5720 5721 /* improve power consumption */ 5722 run_bbp_read(sc, 31, &bbp); 5723 run_bbp_write(sc, 31, bbp & ~0x03); 5724 } 5725 5726 run_bbp_read(sc, 138, &bbp); 5727 if (sc->ntxchains == 1) 5728 bbp |= 0x20; /* turn off DAC1 */ 5729 if (sc->nrxchains == 1) 5730 bbp &= ~0x02; /* turn off ADC1 */ 5731 run_bbp_write(sc, 138, bbp); 5732 5733 run_write(sc, RT2860_TX_SW_CFG1, 0); 5734 if (sc->mac_rev < 0x0211) { 5735 run_write(sc, RT2860_TX_SW_CFG2, 5736 sc->patch_dac ? 0x2c : 0x0f); 5737 } else 5738 run_write(sc, RT2860_TX_SW_CFG2, 0); 5739 5740 } else if (sc->mac_ver == 0x3070) { 5741 if (sc->mac_rev >= 0x0201) { 5742 /* enable DC filter */ 5743 run_bbp_write(sc, 103, 0xc0); 5744 5745 /* improve power consumption */ 5746 run_bbp_read(sc, 31, &bbp); 5747 run_bbp_write(sc, 31, bbp & ~0x03); 5748 } 5749 5750 if (sc->mac_rev < 0x0201) { 5751 run_write(sc, RT2860_TX_SW_CFG1, 0); 5752 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5753 } else 5754 run_write(sc, RT2860_TX_SW_CFG2, 0); 5755 } 5756 5757 /* initialize RF registers from ROM for >=RT3071*/ 5758 if (sc->mac_ver >= 0x3071) { 5759 for (i = 0; i < 10; i++) { 5760 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5761 continue; 5762 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5763 } 5764 } 5765} 5766 5767static void 5768run_rt3593_rf_setup(struct run_softc *sc) 5769{ 5770 uint8_t bbp, rf; 5771 5772 if (sc->mac_rev >= 0x0211) { 5773 /* Enable DC filter. */ 5774 run_bbp_write(sc, 103, 0xc0); 5775 } 5776 run_write(sc, RT2860_TX_SW_CFG1, 0); 5777 if (sc->mac_rev < 0x0211) { 5778 run_write(sc, RT2860_TX_SW_CFG2, 5779 sc->patch_dac ? 0x2c : 0x0f); 5780 } else 5781 run_write(sc, RT2860_TX_SW_CFG2, 0); 5782 5783 run_rt3070_rf_read(sc, 50, &rf); 5784 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5785 5786 run_rt3070_rf_read(sc, 51, &rf); 5787 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5788 ((sc->txmixgain_2ghz & 0x07) << 2); 5789 run_rt3070_rf_write(sc, 51, rf); 5790 5791 run_rt3070_rf_read(sc, 38, &rf); 5792 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5793 5794 run_rt3070_rf_read(sc, 39, &rf); 5795 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5796 5797 run_rt3070_rf_read(sc, 1, &rf); 5798 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5799 5800 run_rt3070_rf_read(sc, 30, &rf); 5801 rf = (rf & ~0x18) | 0x10; 5802 run_rt3070_rf_write(sc, 30, rf); 5803 5804 /* Apply maximum likelihood detection for 2 stream case. */ 5805 run_bbp_read(sc, 105, &bbp); 5806 if (sc->nrxchains > 1) 5807 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5808 5809 /* Avoid data lost and CRC error. */ 5810 run_bbp_read(sc, 4, &bbp); 5811 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5812 5813 run_bbp_write(sc, 92, 0x02); 5814 run_bbp_write(sc, 82, 0x82); 5815 run_bbp_write(sc, 106, 0x05); 5816 run_bbp_write(sc, 104, 0x92); 5817 run_bbp_write(sc, 88, 0x90); 5818 run_bbp_write(sc, 148, 0xc8); 5819 run_bbp_write(sc, 47, 0x48); 5820 run_bbp_write(sc, 120, 0x50); 5821 5822 run_bbp_write(sc, 163, 0x9d); 5823 5824 /* SNR mapping. */ 5825 run_bbp_write(sc, 142, 0x06); 5826 run_bbp_write(sc, 143, 0xa0); 5827 run_bbp_write(sc, 142, 0x07); 5828 run_bbp_write(sc, 143, 0xa1); 5829 run_bbp_write(sc, 142, 0x08); 5830 run_bbp_write(sc, 143, 0xa2); 5831 5832 run_bbp_write(sc, 31, 0x08); 5833 run_bbp_write(sc, 68, 0x0b); 5834 run_bbp_write(sc, 105, 0x04); 5835} 5836 5837static void 5838run_rt5390_rf_setup(struct run_softc *sc) 5839{ 5840 uint8_t bbp, rf; 5841 5842 if (sc->mac_rev >= 0x0211) { 5843 /* Enable DC filter. */ 5844 run_bbp_write(sc, 103, 0xc0); 5845 5846 if (sc->mac_ver != 0x5592) { 5847 /* Improve power consumption. */ 5848 run_bbp_read(sc, 31, &bbp); 5849 run_bbp_write(sc, 31, bbp & ~0x03); 5850 } 5851 } 5852 5853 run_bbp_read(sc, 138, &bbp); 5854 if (sc->ntxchains == 1) 5855 bbp |= 0x20; /* turn off DAC1 */ 5856 if (sc->nrxchains == 1) 5857 bbp &= ~0x02; /* turn off ADC1 */ 5858 run_bbp_write(sc, 138, bbp); 5859 5860 run_rt3070_rf_read(sc, 38, &rf); 5861 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5862 5863 run_rt3070_rf_read(sc, 39, &rf); 5864 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5865 5866 /* Avoid data lost and CRC error. */ 5867 run_bbp_read(sc, 4, &bbp); 5868 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5869 5870 run_rt3070_rf_read(sc, 30, &rf); 5871 rf = (rf & ~0x18) | 0x10; 5872 run_rt3070_rf_write(sc, 30, rf); 5873 5874 if (sc->mac_ver != 0x5592) { 5875 run_write(sc, RT2860_TX_SW_CFG1, 0); 5876 if (sc->mac_rev < 0x0211) { 5877 run_write(sc, RT2860_TX_SW_CFG2, 5878 sc->patch_dac ? 0x2c : 0x0f); 5879 } else 5880 run_write(sc, RT2860_TX_SW_CFG2, 0); 5881 } 5882} 5883 5884static int 5885run_txrx_enable(struct run_softc *sc) 5886{ 5887 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5888 uint32_t tmp; 5889 int error, ntries; 5890 5891 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5892 for (ntries = 0; ntries < 200; ntries++) { 5893 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5894 return (error); 5895 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5896 break; 5897 run_delay(sc, 50); 5898 } 5899 if (ntries == 200) 5900 return (ETIMEDOUT); 5901 5902 run_delay(sc, 50); 5903 5904 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5905 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5906 5907 /* enable Rx bulk aggregation (set timeout and limit) */ 5908 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5909 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5910 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5911 5912 /* set Rx filter */ 5913 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5914 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5915 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5916 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5917 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5918 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5919 if (ic->ic_opmode == IEEE80211_M_STA) 5920 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5921 } 5922 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5923 5924 run_write(sc, RT2860_MAC_SYS_CTRL, 5925 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5926 5927 return (0); 5928} 5929 5930static void 5931run_adjust_freq_offset(struct run_softc *sc) 5932{ 5933 uint8_t rf, tmp; 5934 5935 run_rt3070_rf_read(sc, 17, &rf); 5936 tmp = rf; 5937 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5938 rf = MIN(rf, 0x5f); 5939 5940 if (tmp != rf) 5941 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5942} 5943 5944static void 5945run_init_locked(struct run_softc *sc) 5946{ 5947 struct ifnet *ifp = sc->sc_ifp; 5948 struct ieee80211com *ic = ifp->if_l2com; 5949 uint32_t tmp; 5950 uint8_t bbp1, bbp3; 5951 int i; 5952 int ridx; 5953 int ntries; 5954 5955 if (ic->ic_nrunning > 1) 5956 return; 5957 5958 run_stop(sc); 5959 5960 if (run_load_microcode(sc) != 0) { 5961 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5962 goto fail; 5963 } 5964 5965 for (ntries = 0; ntries < 100; ntries++) { 5966 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5967 goto fail; 5968 if (tmp != 0 && tmp != 0xffffffff) 5969 break; 5970 run_delay(sc, 10); 5971 } 5972 if (ntries == 100) 5973 goto fail; 5974 5975 for (i = 0; i != RUN_EP_QUEUES; i++) 5976 run_setup_tx_list(sc, &sc->sc_epq[i]); 5977 5978 run_set_macaddr(sc, IF_LLADDR(ifp)); 5979 5980 for (ntries = 0; ntries < 100; ntries++) { 5981 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5982 goto fail; 5983 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5984 break; 5985 run_delay(sc, 10); 5986 } 5987 if (ntries == 100) { 5988 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5989 goto fail; 5990 } 5991 tmp &= 0xff0; 5992 tmp |= RT2860_TX_WB_DDONE; 5993 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5994 5995 /* turn off PME_OEN to solve high-current issue */ 5996 run_read(sc, RT2860_SYS_CTRL, &tmp); 5997 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5998 5999 run_write(sc, RT2860_MAC_SYS_CTRL, 6000 RT2860_BBP_HRST | RT2860_MAC_SRST); 6001 run_write(sc, RT2860_USB_DMA_CFG, 0); 6002 6003 if (run_reset(sc) != 0) { 6004 device_printf(sc->sc_dev, "could not reset chipset\n"); 6005 goto fail; 6006 } 6007 6008 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6009 6010 /* init Tx power for all Tx rates (from EEPROM) */ 6011 for (ridx = 0; ridx < 5; ridx++) { 6012 if (sc->txpow20mhz[ridx] == 0xffffffff) 6013 continue; 6014 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6015 } 6016 6017 for (i = 0; i < nitems(rt2870_def_mac); i++) 6018 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6019 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6020 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6021 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6022 6023 if (sc->mac_ver >= 0x5390) { 6024 run_write(sc, RT2860_TX_SW_CFG0, 6025 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6026 if (sc->mac_ver >= 0x5392) { 6027 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6028 if (sc->mac_ver == 0x5592) { 6029 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6030 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6031 } else { 6032 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6033 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6034 } 6035 } 6036 } else if (sc->mac_ver == 0x3593) { 6037 run_write(sc, RT2860_TX_SW_CFG0, 6038 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6039 } else if (sc->mac_ver >= 0x3070) { 6040 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6041 run_write(sc, RT2860_TX_SW_CFG0, 6042 4 << RT2860_DLY_PAPE_EN_SHIFT); 6043 } 6044 6045 /* wait while MAC is busy */ 6046 for (ntries = 0; ntries < 100; ntries++) { 6047 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6048 goto fail; 6049 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6050 break; 6051 run_delay(sc, 10); 6052 } 6053 if (ntries == 100) 6054 goto fail; 6055 6056 /* clear Host to MCU mailbox */ 6057 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6058 run_write(sc, RT2860_H2M_MAILBOX, 0); 6059 run_delay(sc, 10); 6060 6061 if (run_bbp_init(sc) != 0) { 6062 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6063 goto fail; 6064 } 6065 6066 /* abort TSF synchronization */ 6067 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6068 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6069 RT2860_TBTT_TIMER_EN); 6070 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6071 6072 /* clear RX WCID search table */ 6073 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6074 /* clear WCID attribute table */ 6075 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6076 6077 /* hostapd sets a key before init. So, don't clear it. */ 6078 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6079 /* clear shared key table */ 6080 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6081 /* clear shared key mode */ 6082 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6083 } 6084 6085 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6086 tmp = (tmp & ~0xff) | 0x1e; 6087 run_write(sc, RT2860_US_CYC_CNT, tmp); 6088 6089 if (sc->mac_rev != 0x0101) 6090 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6091 6092 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6093 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6094 6095 /* write vendor-specific BBP values (from EEPROM) */ 6096 if (sc->mac_ver < 0x3593) { 6097 for (i = 0; i < 10; i++) { 6098 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6099 continue; 6100 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6101 } 6102 } 6103 6104 /* select Main antenna for 1T1R devices */ 6105 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6106 run_set_rx_antenna(sc, 0); 6107 6108 /* send LEDs operating mode to microcontroller */ 6109 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6110 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6111 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6112 6113 if (sc->mac_ver >= 0x5390) 6114 run_rt5390_rf_init(sc); 6115 else if (sc->mac_ver == 0x3593) 6116 run_rt3593_rf_init(sc); 6117 else if (sc->mac_ver >= 0x3070) 6118 run_rt3070_rf_init(sc); 6119 6120 /* disable non-existing Rx chains */ 6121 run_bbp_read(sc, 3, &bbp3); 6122 bbp3 &= ~(1 << 3 | 1 << 4); 6123 if (sc->nrxchains == 2) 6124 bbp3 |= 1 << 3; 6125 else if (sc->nrxchains == 3) 6126 bbp3 |= 1 << 4; 6127 run_bbp_write(sc, 3, bbp3); 6128 6129 /* disable non-existing Tx chains */ 6130 run_bbp_read(sc, 1, &bbp1); 6131 if (sc->ntxchains == 1) 6132 bbp1 &= ~(1 << 3 | 1 << 4); 6133 run_bbp_write(sc, 1, bbp1); 6134 6135 if (sc->mac_ver >= 0x5390) 6136 run_rt5390_rf_setup(sc); 6137 else if (sc->mac_ver == 0x3593) 6138 run_rt3593_rf_setup(sc); 6139 else if (sc->mac_ver >= 0x3070) 6140 run_rt3070_rf_setup(sc); 6141 6142 /* select default channel */ 6143 run_set_chan(sc, ic->ic_curchan); 6144 6145 /* setup initial protection mode */ 6146 run_updateprot_cb(ic); 6147 6148 /* turn radio LED on */ 6149 run_set_leds(sc, RT2860_LED_RADIO); 6150 6151 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 6152 ifp->if_drv_flags |= IFF_DRV_RUNNING; 6153 sc->cmdq_run = RUN_CMDQ_GO; 6154 6155 for (i = 0; i != RUN_N_XFER; i++) 6156 usbd_xfer_set_stall(sc->sc_xfer[i]); 6157 6158 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6159 6160 if (run_txrx_enable(sc) != 0) 6161 goto fail; 6162 6163 return; 6164 6165fail: 6166 run_stop(sc); 6167} 6168 6169static void 6170run_init(void *arg) 6171{ 6172 struct run_softc *sc = arg; 6173 struct ifnet *ifp = sc->sc_ifp; 6174 struct ieee80211com *ic = ifp->if_l2com; 6175 6176 RUN_LOCK(sc); 6177 run_init_locked(sc); 6178 RUN_UNLOCK(sc); 6179 6180 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6181 ieee80211_start_all(ic); 6182} 6183 6184static void 6185run_stop(void *arg) 6186{ 6187 struct run_softc *sc = (struct run_softc *)arg; 6188 struct ifnet *ifp = sc->sc_ifp; 6189 uint32_t tmp; 6190 int i; 6191 int ntries; 6192 6193 RUN_LOCK_ASSERT(sc, MA_OWNED); 6194 6195 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6196 run_set_leds(sc, 0); /* turn all LEDs off */ 6197 6198 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 6199 6200 sc->ratectl_run = RUN_RATECTL_OFF; 6201 sc->cmdq_run = sc->cmdq_key_set; 6202 6203 RUN_UNLOCK(sc); 6204 6205 for(i = 0; i < RUN_N_XFER; i++) 6206 usbd_transfer_drain(sc->sc_xfer[i]); 6207 6208 RUN_LOCK(sc); 6209 6210 if (sc->rx_m != NULL) { 6211 m_free(sc->rx_m); 6212 sc->rx_m = NULL; 6213 } 6214 6215 /* Disable Tx/Rx DMA. */ 6216 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6217 return; 6218 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6219 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6220 6221 for (ntries = 0; ntries < 100; ntries++) { 6222 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6223 return; 6224 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6225 break; 6226 run_delay(sc, 10); 6227 } 6228 if (ntries == 100) { 6229 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6230 return; 6231 } 6232 6233 /* disable Tx/Rx */ 6234 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6235 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6236 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6237 6238 /* wait for pending Tx to complete */ 6239 for (ntries = 0; ntries < 100; ntries++) { 6240 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6241 DPRINTF("Cannot read Tx queue count\n"); 6242 break; 6243 } 6244 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6245 DPRINTF("All Tx cleared\n"); 6246 break; 6247 } 6248 run_delay(sc, 10); 6249 } 6250 if (ntries >= 100) 6251 DPRINTF("There are still pending Tx\n"); 6252 run_delay(sc, 10); 6253 run_write(sc, RT2860_USB_DMA_CFG, 0); 6254 6255 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6256 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6257 6258 for (i = 0; i != RUN_EP_QUEUES; i++) 6259 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6260} 6261 6262static void 6263run_delay(struct run_softc *sc, u_int ms) 6264{ 6265 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6266 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6267} 6268 6269static device_method_t run_methods[] = { 6270 /* Device interface */ 6271 DEVMETHOD(device_probe, run_match), 6272 DEVMETHOD(device_attach, run_attach), 6273 DEVMETHOD(device_detach, run_detach), 6274 DEVMETHOD_END 6275}; 6276 6277static driver_t run_driver = { 6278 .name = "run", 6279 .methods = run_methods, 6280 .size = sizeof(struct run_softc) 6281}; 6282 6283static devclass_t run_devclass; 6284 6285DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6286MODULE_DEPEND(run, wlan, 1, 1, 1); 6287MODULE_DEPEND(run, usb, 1, 1, 1); 6288MODULE_DEPEND(run, firmware, 1, 1, 1); 6289MODULE_VERSION(run, 1); 6290