if_run.c revision 227309
1/*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/cdefs.h> 20__FBSDID("$FreeBSD: head/sys/dev/usb/wlan/if_run.c 227309 2011-11-07 15:43:11Z ed $"); 21 22/*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27#include <sys/param.h> 28#include <sys/sockio.h> 29#include <sys/sysctl.h> 30#include <sys/lock.h> 31#include <sys/mutex.h> 32#include <sys/mbuf.h> 33#include <sys/kernel.h> 34#include <sys/socket.h> 35#include <sys/systm.h> 36#include <sys/malloc.h> 37#include <sys/module.h> 38#include <sys/bus.h> 39#include <sys/endian.h> 40#include <sys/linker.h> 41#include <sys/firmware.h> 42#include <sys/kdb.h> 43 44#include <machine/bus.h> 45#include <machine/resource.h> 46#include <sys/rman.h> 47 48#include <net/bpf.h> 49#include <net/if.h> 50#include <net/if_arp.h> 51#include <net/ethernet.h> 52#include <net/if_dl.h> 53#include <net/if_media.h> 54#include <net/if_types.h> 55 56#include <netinet/in.h> 57#include <netinet/in_systm.h> 58#include <netinet/in_var.h> 59#include <netinet/if_ether.h> 60#include <netinet/ip.h> 61 62#include <net80211/ieee80211_var.h> 63#include <net80211/ieee80211_regdomain.h> 64#include <net80211/ieee80211_radiotap.h> 65#include <net80211/ieee80211_ratectl.h> 66 67#include <dev/usb/usb.h> 68#include <dev/usb/usbdi.h> 69#include "usbdevs.h" 70 71#define USB_DEBUG_VAR run_debug 72#include <dev/usb/usb_debug.h> 73 74#include <dev/usb/wlan/if_runreg.h> 75#include <dev/usb/wlan/if_runvar.h> 76 77#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 78 79#ifdef USB_DEBUG 80#define RUN_DEBUG 81#endif 82 83#ifdef RUN_DEBUG 84int run_debug = 0; 85static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 86SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 87 "run debug level"); 88#endif 89 90#define IEEE80211_HAS_ADDR4(wh) \ 91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 92 93/* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99static const STRUCT_USB_HOST_ID run_devs[] = { 100#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS2, USBN11), 140 RUN_DEV(AZUREWAVE, RT2870_1), 141 RUN_DEV(AZUREWAVE, RT2870_2), 142 RUN_DEV(AZUREWAVE, RT3070_1), 143 RUN_DEV(AZUREWAVE, RT3070_2), 144 RUN_DEV(AZUREWAVE, RT3070_3), 145 RUN_DEV(BELKIN, F5D8053V3), 146 RUN_DEV(BELKIN, F5D8055), 147 RUN_DEV(BELKIN, F5D8055V2), 148 RUN_DEV(BELKIN, F6D4050V1), 149 RUN_DEV(BELKIN, RT2870_1), 150 RUN_DEV(BELKIN, RT2870_2), 151 RUN_DEV(CISCOLINKSYS, AE1000), 152 RUN_DEV(CISCOLINKSYS2, RT3070), 153 RUN_DEV(CISCOLINKSYS3, RT3070), 154 RUN_DEV(CONCEPTRONIC2, RT2870_1), 155 RUN_DEV(CONCEPTRONIC2, RT2870_2), 156 RUN_DEV(CONCEPTRONIC2, RT2870_3), 157 RUN_DEV(CONCEPTRONIC2, RT2870_4), 158 RUN_DEV(CONCEPTRONIC2, RT2870_5), 159 RUN_DEV(CONCEPTRONIC2, RT2870_6), 160 RUN_DEV(CONCEPTRONIC2, RT2870_7), 161 RUN_DEV(CONCEPTRONIC2, RT2870_8), 162 RUN_DEV(CONCEPTRONIC2, RT3070_1), 163 RUN_DEV(CONCEPTRONIC2, RT3070_2), 164 RUN_DEV(CONCEPTRONIC2, VIGORN61), 165 RUN_DEV(COREGA, CGWLUSB300GNM), 166 RUN_DEV(COREGA, RT2870_1), 167 RUN_DEV(COREGA, RT2870_2), 168 RUN_DEV(COREGA, RT2870_3), 169 RUN_DEV(COREGA, RT3070), 170 RUN_DEV(CYBERTAN, RT2870), 171 RUN_DEV(DLINK, RT2870), 172 RUN_DEV(DLINK, RT3072), 173 RUN_DEV(DLINK2, DWA130), 174 RUN_DEV(DLINK2, RT2870_1), 175 RUN_DEV(DLINK2, RT2870_2), 176 RUN_DEV(DLINK2, RT3070_1), 177 RUN_DEV(DLINK2, RT3070_2), 178 RUN_DEV(DLINK2, RT3070_3), 179 RUN_DEV(DLINK2, RT3070_4), 180 RUN_DEV(DLINK2, RT3070_5), 181 RUN_DEV(DLINK2, RT3072), 182 RUN_DEV(DLINK2, RT3072_1), 183 RUN_DEV(EDIMAX, EW7717), 184 RUN_DEV(EDIMAX, EW7718), 185 RUN_DEV(EDIMAX, RT2870_1), 186 RUN_DEV(ENCORE, RT3070_1), 187 RUN_DEV(ENCORE, RT3070_2), 188 RUN_DEV(ENCORE, RT3070_3), 189 RUN_DEV(GIGABYTE, GNWB31N), 190 RUN_DEV(GIGABYTE, GNWB32L), 191 RUN_DEV(GIGABYTE, RT2870_1), 192 RUN_DEV(GIGASET, RT3070_1), 193 RUN_DEV(GIGASET, RT3070_2), 194 RUN_DEV(GUILLEMOT, HWNU300), 195 RUN_DEV(HAWKING, HWUN2), 196 RUN_DEV(HAWKING, RT2870_1), 197 RUN_DEV(HAWKING, RT2870_2), 198 RUN_DEV(HAWKING, RT3070), 199 RUN_DEV(IODATA, RT3072_1), 200 RUN_DEV(IODATA, RT3072_2), 201 RUN_DEV(IODATA, RT3072_3), 202 RUN_DEV(IODATA, RT3072_4), 203 RUN_DEV(LINKSYS4, RT3070), 204 RUN_DEV(LINKSYS4, WUSB100), 205 RUN_DEV(LINKSYS4, WUSB54GCV3), 206 RUN_DEV(LINKSYS4, WUSB600N), 207 RUN_DEV(LINKSYS4, WUSB600NV2), 208 RUN_DEV(LOGITEC, RT2870_1), 209 RUN_DEV(LOGITEC, RT2870_2), 210 RUN_DEV(LOGITEC, RT2870_3), 211 RUN_DEV(MELCO, RT2870_1), 212 RUN_DEV(MELCO, RT2870_2), 213 RUN_DEV(MELCO, WLIUCAG300N), 214 RUN_DEV(MELCO, WLIUCG300N), 215 RUN_DEV(MELCO, WLIUCG301N), 216 RUN_DEV(MELCO, WLIUCGN), 217 RUN_DEV(MOTOROLA4, RT2770), 218 RUN_DEV(MOTOROLA4, RT3070), 219 RUN_DEV(MSI, RT3070_1), 220 RUN_DEV(MSI, RT3070_2), 221 RUN_DEV(MSI, RT3070_3), 222 RUN_DEV(MSI, RT3070_4), 223 RUN_DEV(MSI, RT3070_5), 224 RUN_DEV(MSI, RT3070_6), 225 RUN_DEV(MSI, RT3070_7), 226 RUN_DEV(MSI, RT3070_8), 227 RUN_DEV(MSI, RT3070_9), 228 RUN_DEV(MSI, RT3070_10), 229 RUN_DEV(MSI, RT3070_11), 230 RUN_DEV(OVISLINK, RT3072), 231 RUN_DEV(PARA, RT3070), 232 RUN_DEV(PEGATRON, RT2870), 233 RUN_DEV(PEGATRON, RT3070), 234 RUN_DEV(PEGATRON, RT3070_2), 235 RUN_DEV(PEGATRON, RT3070_3), 236 RUN_DEV(PHILIPS, RT2870), 237 RUN_DEV(PLANEX2, GWUS300MINIS), 238 RUN_DEV(PLANEX2, GWUSMICRON), 239 RUN_DEV(PLANEX2, RT2870), 240 RUN_DEV(PLANEX2, RT3070), 241 RUN_DEV(QCOM, RT2870), 242 RUN_DEV(QUANTA, RT3070), 243 RUN_DEV(RALINK, RT2070), 244 RUN_DEV(RALINK, RT2770), 245 RUN_DEV(RALINK, RT2870), 246 RUN_DEV(RALINK, RT3070), 247 RUN_DEV(RALINK, RT3071), 248 RUN_DEV(RALINK, RT3072), 249 RUN_DEV(RALINK, RT3370), 250 RUN_DEV(RALINK, RT3572), 251 RUN_DEV(RALINK, RT8070), 252 RUN_DEV(SAMSUNG, WIS09ABGN), 253 RUN_DEV(SAMSUNG2, RT2870_1), 254 RUN_DEV(SENAO, RT2870_1), 255 RUN_DEV(SENAO, RT2870_2), 256 RUN_DEV(SENAO, RT2870_3), 257 RUN_DEV(SENAO, RT2870_4), 258 RUN_DEV(SENAO, RT3070), 259 RUN_DEV(SENAO, RT3071), 260 RUN_DEV(SENAO, RT3072_1), 261 RUN_DEV(SENAO, RT3072_2), 262 RUN_DEV(SENAO, RT3072_3), 263 RUN_DEV(SENAO, RT3072_4), 264 RUN_DEV(SENAO, RT3072_5), 265 RUN_DEV(SITECOMEU, RT2770), 266 RUN_DEV(SITECOMEU, RT2870_1), 267 RUN_DEV(SITECOMEU, RT2870_2), 268 RUN_DEV(SITECOMEU, RT2870_3), 269 RUN_DEV(SITECOMEU, RT2870_4), 270 RUN_DEV(SITECOMEU, RT3070), 271 RUN_DEV(SITECOMEU, RT3070_2), 272 RUN_DEV(SITECOMEU, RT3070_3), 273 RUN_DEV(SITECOMEU, RT3070_4), 274 RUN_DEV(SITECOMEU, RT3071), 275 RUN_DEV(SITECOMEU, RT3072_1), 276 RUN_DEV(SITECOMEU, RT3072_2), 277 RUN_DEV(SITECOMEU, RT3072_3), 278 RUN_DEV(SITECOMEU, RT3072_4), 279 RUN_DEV(SITECOMEU, RT3072_5), 280 RUN_DEV(SITECOMEU, RT3072_6), 281 RUN_DEV(SITECOMEU, WL608), 282 RUN_DEV(SPARKLAN, RT2870_1), 283 RUN_DEV(SPARKLAN, RT3070), 284 RUN_DEV(SWEEX2, LW153), 285 RUN_DEV(SWEEX2, LW303), 286 RUN_DEV(SWEEX2, LW313), 287 RUN_DEV(TOSHIBA, RT3070), 288 RUN_DEV(UMEDIA, RT2870_1), 289 RUN_DEV(ZCOM, RT2870_1), 290 RUN_DEV(ZCOM, RT2870_2), 291 RUN_DEV(ZINWELL, RT2870_1), 292 RUN_DEV(ZINWELL, RT2870_2), 293 RUN_DEV(ZINWELL, RT3070), 294 RUN_DEV(ZINWELL, RT3072_1), 295 RUN_DEV(ZINWELL, RT3072_2), 296 RUN_DEV(ZYXEL, RT2870_1), 297 RUN_DEV(ZYXEL, RT2870_2), 298#undef RUN_DEV 299}; 300 301static device_probe_t run_match; 302static device_attach_t run_attach; 303static device_detach_t run_detach; 304 305static usb_callback_t run_bulk_rx_callback; 306static usb_callback_t run_bulk_tx_callback0; 307static usb_callback_t run_bulk_tx_callback1; 308static usb_callback_t run_bulk_tx_callback2; 309static usb_callback_t run_bulk_tx_callback3; 310static usb_callback_t run_bulk_tx_callback4; 311static usb_callback_t run_bulk_tx_callback5; 312 313static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 314 usb_error_t error, unsigned int index); 315static struct ieee80211vap *run_vap_create(struct ieee80211com *, 316 const char name[IFNAMSIZ], int unit, int opmode, int flags, 317 const uint8_t bssid[IEEE80211_ADDR_LEN], const uint8_t 318 mac[IEEE80211_ADDR_LEN]); 319static void run_vap_delete(struct ieee80211vap *); 320static void run_cmdq_cb(void *, int); 321static void run_setup_tx_list(struct run_softc *, 322 struct run_endpoint_queue *); 323static void run_unsetup_tx_list(struct run_softc *, 324 struct run_endpoint_queue *); 325static int run_load_microcode(struct run_softc *); 326static int run_reset(struct run_softc *); 327static usb_error_t run_do_request(struct run_softc *, 328 struct usb_device_request *, void *); 329static int run_read(struct run_softc *, uint16_t, uint32_t *); 330static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 331static int run_write_2(struct run_softc *, uint16_t, uint16_t); 332static int run_write(struct run_softc *, uint16_t, uint32_t); 333static int run_write_region_1(struct run_softc *, uint16_t, 334 const uint8_t *, int); 335static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 336static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 337static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 338static int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t); 339static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 340static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 341static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 342static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 343static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 344static const char *run_get_rf(int); 345static int run_read_eeprom(struct run_softc *); 346static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 347 const uint8_t mac[IEEE80211_ADDR_LEN]); 348static int run_media_change(struct ifnet *); 349static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 350static int run_wme_update(struct ieee80211com *); 351static void run_wme_update_cb(void *); 352static void run_key_update_begin(struct ieee80211vap *); 353static void run_key_update_end(struct ieee80211vap *); 354static void run_key_set_cb(void *); 355static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 356 const uint8_t mac[IEEE80211_ADDR_LEN]); 357static void run_key_delete_cb(void *); 358static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 359static void run_ratectl_to(void *); 360static void run_ratectl_cb(void *, int); 361static void run_drain_fifo(void *); 362static void run_iter_func(void *, struct ieee80211_node *); 363static void run_newassoc_cb(void *); 364static void run_newassoc(struct ieee80211_node *, int); 365static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 366static void run_tx_free(struct run_endpoint_queue *pq, 367 struct run_tx_data *, int); 368static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 369static int run_tx(struct run_softc *, struct mbuf *, 370 struct ieee80211_node *); 371static int run_tx_mgt(struct run_softc *, struct mbuf *, 372 struct ieee80211_node *); 373static int run_sendprot(struct run_softc *, const struct mbuf *, 374 struct ieee80211_node *, int, int); 375static int run_tx_param(struct run_softc *, struct mbuf *, 376 struct ieee80211_node *, 377 const struct ieee80211_bpf_params *); 378static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 379 const struct ieee80211_bpf_params *); 380static void run_start(struct ifnet *); 381static int run_ioctl(struct ifnet *, u_long, caddr_t); 382static void run_set_agc(struct run_softc *, uint8_t); 383static void run_select_chan_group(struct run_softc *, int); 384static void run_set_rx_antenna(struct run_softc *, int); 385static void run_rt2870_set_chan(struct run_softc *, u_int); 386static void run_rt3070_set_chan(struct run_softc *, u_int); 387static void run_rt3572_set_chan(struct run_softc *, u_int); 388static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 389static void run_set_channel(struct ieee80211com *); 390static void run_scan_start(struct ieee80211com *); 391static void run_scan_end(struct ieee80211com *); 392static void run_update_beacon(struct ieee80211vap *, int); 393static void run_update_beacon_cb(void *); 394static void run_updateprot(struct ieee80211com *); 395static void run_updateprot_cb(void *); 396static void run_usb_timeout_cb(void *); 397static void run_reset_livelock(struct run_softc *); 398static void run_enable_tsf_sync(struct run_softc *); 399static void run_enable_mrr(struct run_softc *); 400static void run_set_txpreamble(struct run_softc *); 401static void run_set_basicrates(struct run_softc *); 402static void run_set_leds(struct run_softc *, uint16_t); 403static void run_set_bssid(struct run_softc *, const uint8_t *); 404static void run_set_macaddr(struct run_softc *, const uint8_t *); 405static void run_updateslot(struct ifnet *); 406static void run_updateslot_cb(void *); 407static void run_update_mcast(struct ifnet *); 408static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 409static void run_update_promisc_locked(struct ifnet *); 410static void run_update_promisc(struct ifnet *); 411static int run_bbp_init(struct run_softc *); 412static int run_rt3070_rf_init(struct run_softc *); 413static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 414 uint8_t *); 415static void run_rt3070_rf_setup(struct run_softc *); 416static int run_txrx_enable(struct run_softc *); 417static void run_init(void *); 418static void run_init_locked(struct run_softc *); 419static void run_stop(void *); 420static void run_delay(struct run_softc *, unsigned int); 421 422static const struct { 423 uint16_t reg; 424 uint32_t val; 425} rt2870_def_mac[] = { 426 RT2870_DEF_MAC 427}; 428 429static const struct { 430 uint8_t reg; 431 uint8_t val; 432} rt2860_def_bbp[] = { 433 RT2860_DEF_BBP 434}; 435 436static const struct rfprog { 437 uint8_t chan; 438 uint32_t r1, r2, r3, r4; 439} rt2860_rf2850[] = { 440 RT2860_RF2850 441}; 442 443struct { 444 uint8_t n, r, k; 445} rt3070_freqs[] = { 446 RT3070_RF3052 447}; 448 449static const struct { 450 uint8_t reg; 451 uint8_t val; 452} rt3070_def_rf[] = { 453 RT3070_DEF_RF 454},rt3572_def_rf[] = { 455 RT3572_DEF_RF 456}; 457 458static const struct usb_config run_config[RUN_N_XFER] = { 459 [RUN_BULK_TX_BE] = { 460 .type = UE_BULK, 461 .endpoint = UE_ADDR_ANY, 462 .ep_index = 0, 463 .direction = UE_DIR_OUT, 464 .bufsize = RUN_MAX_TXSZ, 465 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 466 .callback = run_bulk_tx_callback0, 467 .timeout = 5000, /* ms */ 468 }, 469 [RUN_BULK_TX_BK] = { 470 .type = UE_BULK, 471 .endpoint = UE_ADDR_ANY, 472 .direction = UE_DIR_OUT, 473 .ep_index = 1, 474 .bufsize = RUN_MAX_TXSZ, 475 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 476 .callback = run_bulk_tx_callback1, 477 .timeout = 5000, /* ms */ 478 }, 479 [RUN_BULK_TX_VI] = { 480 .type = UE_BULK, 481 .endpoint = UE_ADDR_ANY, 482 .direction = UE_DIR_OUT, 483 .ep_index = 2, 484 .bufsize = RUN_MAX_TXSZ, 485 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 486 .callback = run_bulk_tx_callback2, 487 .timeout = 5000, /* ms */ 488 }, 489 [RUN_BULK_TX_VO] = { 490 .type = UE_BULK, 491 .endpoint = UE_ADDR_ANY, 492 .direction = UE_DIR_OUT, 493 .ep_index = 3, 494 .bufsize = RUN_MAX_TXSZ, 495 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 496 .callback = run_bulk_tx_callback3, 497 .timeout = 5000, /* ms */ 498 }, 499 [RUN_BULK_TX_HCCA] = { 500 .type = UE_BULK, 501 .endpoint = UE_ADDR_ANY, 502 .direction = UE_DIR_OUT, 503 .ep_index = 4, 504 .bufsize = RUN_MAX_TXSZ, 505 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 506 .callback = run_bulk_tx_callback4, 507 .timeout = 5000, /* ms */ 508 }, 509 [RUN_BULK_TX_PRIO] = { 510 .type = UE_BULK, 511 .endpoint = UE_ADDR_ANY, 512 .direction = UE_DIR_OUT, 513 .ep_index = 5, 514 .bufsize = RUN_MAX_TXSZ, 515 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 516 .callback = run_bulk_tx_callback5, 517 .timeout = 5000, /* ms */ 518 }, 519 [RUN_BULK_RX] = { 520 .type = UE_BULK, 521 .endpoint = UE_ADDR_ANY, 522 .direction = UE_DIR_IN, 523 .bufsize = RUN_MAX_RXSZ, 524 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 525 .callback = run_bulk_rx_callback, 526 } 527}; 528 529static int 530run_match(device_t self) 531{ 532 struct usb_attach_arg *uaa = device_get_ivars(self); 533 534 if (uaa->usb_mode != USB_MODE_HOST) 535 return (ENXIO); 536 if (uaa->info.bConfigIndex != 0) 537 return (ENXIO); 538 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 539 return (ENXIO); 540 541 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 542} 543 544static int 545run_attach(device_t self) 546{ 547 struct run_softc *sc = device_get_softc(self); 548 struct usb_attach_arg *uaa = device_get_ivars(self); 549 struct ieee80211com *ic; 550 struct ifnet *ifp; 551 uint32_t ver; 552 int i, ntries, error; 553 uint8_t iface_index, bands; 554 555 device_set_usb_desc(self); 556 sc->sc_udev = uaa->device; 557 sc->sc_dev = self; 558 559 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 560 MTX_NETWORK_LOCK, MTX_DEF); 561 562 iface_index = RT2860_IFACE_INDEX; 563 564 error = usbd_transfer_setup(uaa->device, &iface_index, 565 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 566 if (error) { 567 device_printf(self, "could not allocate USB transfers, " 568 "err=%s\n", usbd_errstr(error)); 569 goto detach; 570 } 571 572 RUN_LOCK(sc); 573 574 /* wait for the chip to settle */ 575 for (ntries = 0; ntries < 100; ntries++) { 576 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 577 RUN_UNLOCK(sc); 578 goto detach; 579 } 580 if (ver != 0 && ver != 0xffffffff) 581 break; 582 run_delay(sc, 10); 583 } 584 if (ntries == 100) { 585 device_printf(sc->sc_dev, 586 "timeout waiting for NIC to initialize\n"); 587 RUN_UNLOCK(sc); 588 goto detach; 589 } 590 sc->mac_ver = ver >> 16; 591 sc->mac_rev = ver & 0xffff; 592 593 /* retrieve RF rev. no and various other things from EEPROM */ 594 run_read_eeprom(sc); 595 596 device_printf(sc->sc_dev, 597 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 598 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 599 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 600 601 if ((error = run_load_microcode(sc)) != 0) { 602 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 603 RUN_UNLOCK(sc); 604 goto detach; 605 } 606 607 RUN_UNLOCK(sc); 608 609 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 610 if (ifp == NULL) { 611 device_printf(sc->sc_dev, "can not if_alloc()\n"); 612 goto detach; 613 } 614 ic = ifp->if_l2com; 615 616 ifp->if_softc = sc; 617 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 618 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 619 ifp->if_init = run_init; 620 ifp->if_ioctl = run_ioctl; 621 ifp->if_start = run_start; 622 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 623 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 624 IFQ_SET_READY(&ifp->if_snd); 625 626 ic->ic_ifp = ifp; 627 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 628 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 629 630 /* set device capabilities */ 631 ic->ic_caps = 632 IEEE80211_C_STA | /* station mode supported */ 633 IEEE80211_C_MONITOR | /* monitor mode supported */ 634 IEEE80211_C_IBSS | 635 IEEE80211_C_HOSTAP | 636 IEEE80211_C_WDS | /* 4-address traffic works */ 637 IEEE80211_C_MBSS | 638 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 639 IEEE80211_C_SHSLOT | /* short slot time supported */ 640 IEEE80211_C_WME | /* WME */ 641 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 642 643 ic->ic_cryptocaps = 644 IEEE80211_CRYPTO_WEP | 645 IEEE80211_CRYPTO_AES_CCM | 646 IEEE80211_CRYPTO_TKIPMIC | 647 IEEE80211_CRYPTO_TKIP; 648 649 ic->ic_flags |= IEEE80211_F_DATAPAD; 650 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 651 652 bands = 0; 653 setbit(&bands, IEEE80211_MODE_11B); 654 setbit(&bands, IEEE80211_MODE_11G); 655 ieee80211_init_channels(ic, NULL, &bands); 656 657 /* 658 * Do this by own because h/w supports 659 * more channels than ieee80211_init_channels() 660 */ 661 if (sc->rf_rev == RT2860_RF_2750 || 662 sc->rf_rev == RT2860_RF_2850 || 663 sc->rf_rev == RT3070_RF_3052) { 664 /* set supported .11a rates */ 665 for (i = 14; i < nitems(rt2860_rf2850); i++) { 666 uint8_t chan = rt2860_rf2850[i].chan; 667 ic->ic_channels[ic->ic_nchans].ic_freq = 668 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A); 669 ic->ic_channels[ic->ic_nchans].ic_ieee = chan; 670 ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A; 671 ic->ic_channels[ic->ic_nchans].ic_extieee = 0; 672 ic->ic_nchans++; 673 } 674 } 675 676 ieee80211_ifattach(ic, sc->sc_bssid); 677 678 ic->ic_scan_start = run_scan_start; 679 ic->ic_scan_end = run_scan_end; 680 ic->ic_set_channel = run_set_channel; 681 ic->ic_node_alloc = run_node_alloc; 682 ic->ic_newassoc = run_newassoc; 683 ic->ic_updateslot = run_updateslot; 684 ic->ic_update_mcast = run_update_mcast; 685 ic->ic_wme.wme_update = run_wme_update; 686 ic->ic_raw_xmit = run_raw_xmit; 687 ic->ic_update_promisc = run_update_promisc; 688 689 ic->ic_vap_create = run_vap_create; 690 ic->ic_vap_delete = run_vap_delete; 691 692 ieee80211_radiotap_attach(ic, 693 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 694 RUN_TX_RADIOTAP_PRESENT, 695 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 696 RUN_RX_RADIOTAP_PRESENT); 697 698 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 699 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 700 callout_init((struct callout *)&sc->ratectl_ch, 1); 701 702 if (bootverbose) 703 ieee80211_announce(ic); 704 705 return (0); 706 707detach: 708 run_detach(self); 709 return (ENXIO); 710} 711 712static int 713run_detach(device_t self) 714{ 715 struct run_softc *sc = device_get_softc(self); 716 struct ifnet *ifp = sc->sc_ifp; 717 struct ieee80211com *ic; 718 int i; 719 720 /* stop all USB transfers */ 721 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 722 723 RUN_LOCK(sc); 724 725 sc->ratectl_run = RUN_RATECTL_OFF; 726 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 727 728 /* free TX list, if any */ 729 for (i = 0; i != RUN_EP_QUEUES; i++) 730 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 731 RUN_UNLOCK(sc); 732 733 if (ifp) { 734 ic = ifp->if_l2com; 735 /* drain tasks */ 736 usb_callout_drain(&sc->ratectl_ch); 737 ieee80211_draintask(ic, &sc->cmdq_task); 738 ieee80211_draintask(ic, &sc->ratectl_task); 739 ieee80211_ifdetach(ic); 740 if_free(ifp); 741 } 742 743 mtx_destroy(&sc->sc_mtx); 744 745 return (0); 746} 747 748static struct ieee80211vap * 749run_vap_create(struct ieee80211com *ic, 750 const char name[IFNAMSIZ], int unit, int opmode, int flags, 751 const uint8_t bssid[IEEE80211_ADDR_LEN], 752 const uint8_t mac[IEEE80211_ADDR_LEN]) 753{ 754 struct ifnet *ifp = ic->ic_ifp; 755 struct run_softc *sc = ifp->if_softc; 756 struct run_vap *rvp; 757 struct ieee80211vap *vap; 758 int i; 759 760 if (sc->rvp_cnt >= RUN_VAP_MAX) { 761 if_printf(ifp, "number of VAPs maxed out\n"); 762 return (NULL); 763 } 764 765 switch (opmode) { 766 case IEEE80211_M_STA: 767 /* enable s/w bmiss handling for sta mode */ 768 flags |= IEEE80211_CLONE_NOBEACONS; 769 /* fall though */ 770 case IEEE80211_M_IBSS: 771 case IEEE80211_M_MONITOR: 772 case IEEE80211_M_HOSTAP: 773 case IEEE80211_M_MBSS: 774 /* other than WDS vaps, only one at a time */ 775 if (!TAILQ_EMPTY(&ic->ic_vaps)) 776 return (NULL); 777 break; 778 case IEEE80211_M_WDS: 779 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 780 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 781 continue; 782 /* WDS vap's always share the local mac address. */ 783 flags &= ~IEEE80211_CLONE_BSSID; 784 break; 785 } 786 if (vap == NULL) { 787 if_printf(ifp, "wds only supported in ap mode\n"); 788 return (NULL); 789 } 790 break; 791 default: 792 if_printf(ifp, "unknown opmode %d\n", opmode); 793 return (NULL); 794 } 795 796 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 797 M_80211_VAP, M_NOWAIT | M_ZERO); 798 if (rvp == NULL) 799 return (NULL); 800 vap = &rvp->vap; 801 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 802 803 vap->iv_key_update_begin = run_key_update_begin; 804 vap->iv_key_update_end = run_key_update_end; 805 vap->iv_update_beacon = run_update_beacon; 806 vap->iv_max_aid = RT2870_WCID_MAX; 807 /* 808 * To delete the right key from h/w, we need wcid. 809 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 810 * and matching wcid will be written into there. So, cast 811 * some spells to remove 'const' from ieee80211_key{} 812 */ 813 vap->iv_key_delete = (void *)run_key_delete; 814 vap->iv_key_set = (void *)run_key_set; 815 816 /* override state transition machine */ 817 rvp->newstate = vap->iv_newstate; 818 vap->iv_newstate = run_newstate; 819 820 ieee80211_ratectl_init(vap); 821 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 822 823 /* complete setup */ 824 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 825 826 /* make sure id is always unique */ 827 for (i = 0; i < RUN_VAP_MAX; i++) { 828 if((sc->rvp_bmap & 1 << i) == 0){ 829 sc->rvp_bmap |= 1 << i; 830 rvp->rvp_id = i; 831 break; 832 } 833 } 834 if (sc->rvp_cnt++ == 0) 835 ic->ic_opmode = opmode; 836 837 if (opmode == IEEE80211_M_HOSTAP) 838 sc->cmdq_run = RUN_CMDQ_GO; 839 840 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 841 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 842 843 return (vap); 844} 845 846static void 847run_vap_delete(struct ieee80211vap *vap) 848{ 849 struct run_vap *rvp = RUN_VAP(vap); 850 struct ifnet *ifp; 851 struct ieee80211com *ic; 852 struct run_softc *sc; 853 uint8_t rvp_id; 854 855 if (vap == NULL) 856 return; 857 858 ic = vap->iv_ic; 859 ifp = ic->ic_ifp; 860 861 sc = ifp->if_softc; 862 863 RUN_LOCK(sc); 864 865 m_freem(rvp->beacon_mbuf); 866 rvp->beacon_mbuf = NULL; 867 868 rvp_id = rvp->rvp_id; 869 sc->ratectl_run &= ~(1 << rvp_id); 870 sc->rvp_bmap &= ~(1 << rvp_id); 871 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 872 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 873 --sc->rvp_cnt; 874 875 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 876 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 877 878 RUN_UNLOCK(sc); 879 880 ieee80211_ratectl_deinit(vap); 881 ieee80211_vap_detach(vap); 882 free(rvp, M_80211_VAP); 883} 884 885/* 886 * There are numbers of functions need to be called in context thread. 887 * Rather than creating taskqueue event for each of those functions, 888 * here is all-for-one taskqueue callback function. This function 889 * gurantees deferred functions are executed in the same order they 890 * were enqueued. 891 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 892 */ 893static void 894run_cmdq_cb(void *arg, int pending) 895{ 896 struct run_softc *sc = arg; 897 uint8_t i; 898 899 /* call cmdq[].func locked */ 900 RUN_LOCK(sc); 901 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 902 i = sc->cmdq_exec, pending--) { 903 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 904 if (sc->cmdq_run == RUN_CMDQ_GO) { 905 /* 906 * If arg0 is NULL, callback func needs more 907 * than one arg. So, pass ptr to cmdq struct. 908 */ 909 if (sc->cmdq[i].arg0) 910 sc->cmdq[i].func(sc->cmdq[i].arg0); 911 else 912 sc->cmdq[i].func(&sc->cmdq[i]); 913 } 914 sc->cmdq[i].arg0 = NULL; 915 sc->cmdq[i].func = NULL; 916 sc->cmdq_exec++; 917 sc->cmdq_exec &= RUN_CMDQ_MASQ; 918 } 919 RUN_UNLOCK(sc); 920} 921 922static void 923run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 924{ 925 struct run_tx_data *data; 926 927 memset(pq, 0, sizeof(*pq)); 928 929 STAILQ_INIT(&pq->tx_qh); 930 STAILQ_INIT(&pq->tx_fh); 931 932 for (data = &pq->tx_data[0]; 933 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 934 data->sc = sc; 935 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 936 } 937 pq->tx_nfree = RUN_TX_RING_COUNT; 938} 939 940static void 941run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 942{ 943 struct run_tx_data *data; 944 945 /* make sure any subsequent use of the queues will fail */ 946 pq->tx_nfree = 0; 947 STAILQ_INIT(&pq->tx_fh); 948 STAILQ_INIT(&pq->tx_qh); 949 950 /* free up all node references and mbufs */ 951 for (data = &pq->tx_data[0]; 952 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 953 if (data->m != NULL) { 954 m_freem(data->m); 955 data->m = NULL; 956 } 957 if (data->ni != NULL) { 958 ieee80211_free_node(data->ni); 959 data->ni = NULL; 960 } 961 } 962} 963 964static int 965run_load_microcode(struct run_softc *sc) 966{ 967 usb_device_request_t req; 968 const struct firmware *fw; 969 const u_char *base; 970 uint32_t tmp; 971 int ntries, error; 972 const uint64_t *temp; 973 uint64_t bytes; 974 975 RUN_UNLOCK(sc); 976 fw = firmware_get("runfw"); 977 RUN_LOCK(sc); 978 if (fw == NULL) { 979 device_printf(sc->sc_dev, 980 "failed loadfirmware of file %s\n", "runfw"); 981 return ENOENT; 982 } 983 984 if (fw->datasize != 8192) { 985 device_printf(sc->sc_dev, 986 "invalid firmware size (should be 8KB)\n"); 987 error = EINVAL; 988 goto fail; 989 } 990 991 /* 992 * RT3071/RT3072 use a different firmware 993 * run-rt2870 (8KB) contains both, 994 * first half (4KB) is for rt2870, 995 * last half is for rt3071. 996 */ 997 base = fw->data; 998 if ((sc->mac_ver) != 0x2860 && 999 (sc->mac_ver) != 0x2872 && 1000 (sc->mac_ver) != 0x3070) { 1001 base += 4096; 1002 } 1003 1004 /* cheap sanity check */ 1005 temp = fw->data; 1006 bytes = *temp; 1007 if (bytes != be64toh(0xffffff0210280210)) { 1008 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1009 error = EINVAL; 1010 goto fail; 1011 } 1012 1013 run_read(sc, RT2860_ASIC_VER_ID, &tmp); 1014 /* write microcode image */ 1015 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1016 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1017 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1018 1019 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1020 req.bRequest = RT2870_RESET; 1021 USETW(req.wValue, 8); 1022 USETW(req.wIndex, 0); 1023 USETW(req.wLength, 0); 1024 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1025 != 0) { 1026 device_printf(sc->sc_dev, "firmware reset failed\n"); 1027 goto fail; 1028 } 1029 1030 run_delay(sc, 10); 1031 1032 run_write(sc, RT2860_H2M_MAILBOX, 0); 1033 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1034 goto fail; 1035 1036 /* wait until microcontroller is ready */ 1037 for (ntries = 0; ntries < 1000; ntries++) { 1038 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1039 goto fail; 1040 } 1041 if (tmp & RT2860_MCU_READY) 1042 break; 1043 run_delay(sc, 10); 1044 } 1045 if (ntries == 1000) { 1046 device_printf(sc->sc_dev, 1047 "timeout waiting for MCU to initialize\n"); 1048 error = ETIMEDOUT; 1049 goto fail; 1050 } 1051 device_printf(sc->sc_dev, "firmware %s loaded\n", 1052 (base == fw->data) ? "RT2870" : "RT3071"); 1053 1054fail: 1055 firmware_put(fw, FIRMWARE_UNLOAD); 1056 return (error); 1057} 1058 1059int 1060run_reset(struct run_softc *sc) 1061{ 1062 usb_device_request_t req; 1063 1064 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1065 req.bRequest = RT2870_RESET; 1066 USETW(req.wValue, 1); 1067 USETW(req.wIndex, 0); 1068 USETW(req.wLength, 0); 1069 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1070} 1071 1072static usb_error_t 1073run_do_request(struct run_softc *sc, 1074 struct usb_device_request *req, void *data) 1075{ 1076 usb_error_t err; 1077 int ntries = 10; 1078 1079 RUN_LOCK_ASSERT(sc, MA_OWNED); 1080 1081 while (ntries--) { 1082 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1083 req, data, 0, NULL, 250 /* ms */); 1084 if (err == 0) 1085 break; 1086 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1087 usbd_errstr(err)); 1088 run_delay(sc, 10); 1089 } 1090 return (err); 1091} 1092 1093static int 1094run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1095{ 1096 uint32_t tmp; 1097 int error; 1098 1099 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1100 if (error == 0) 1101 *val = le32toh(tmp); 1102 else 1103 *val = 0xffffffff; 1104 return (error); 1105} 1106 1107static int 1108run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1109{ 1110 usb_device_request_t req; 1111 1112 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1113 req.bRequest = RT2870_READ_REGION_1; 1114 USETW(req.wValue, 0); 1115 USETW(req.wIndex, reg); 1116 USETW(req.wLength, len); 1117 1118 return (run_do_request(sc, &req, buf)); 1119} 1120 1121static int 1122run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1123{ 1124 usb_device_request_t req; 1125 1126 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1127 req.bRequest = RT2870_WRITE_2; 1128 USETW(req.wValue, val); 1129 USETW(req.wIndex, reg); 1130 USETW(req.wLength, 0); 1131 1132 return (run_do_request(sc, &req, NULL)); 1133} 1134 1135static int 1136run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1137{ 1138 int error; 1139 1140 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1141 error = run_write_2(sc, reg + 2, val >> 16); 1142 return (error); 1143} 1144 1145static int 1146run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1147 int len) 1148{ 1149#if 1 1150 int i, error = 0; 1151 /* 1152 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1153 * We thus issue multiple WRITE_2 commands instead. 1154 */ 1155 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1156 for (i = 0; i < len && error == 0; i += 2) 1157 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1158 return (error); 1159#else 1160 usb_device_request_t req; 1161 1162 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1163 req.bRequest = RT2870_WRITE_REGION_1; 1164 USETW(req.wValue, 0); 1165 USETW(req.wIndex, reg); 1166 USETW(req.wLength, len); 1167 return (run_do_request(sc, &req, buf)); 1168#endif 1169} 1170 1171static int 1172run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1173{ 1174 int i, error = 0; 1175 1176 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1177 for (i = 0; i < len && error == 0; i += 4) 1178 error = run_write(sc, reg + i, val); 1179 return (error); 1180} 1181 1182/* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1183static int 1184run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1185{ 1186 uint32_t tmp; 1187 uint16_t reg; 1188 int error, ntries; 1189 1190 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1191 return (error); 1192 1193 addr *= 2; 1194 /*- 1195 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1196 * DATA0: F E D C 1197 * DATA1: B A 9 8 1198 * DATA2: 7 6 5 4 1199 * DATA3: 3 2 1 0 1200 */ 1201 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1202 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1203 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1204 for (ntries = 0; ntries < 100; ntries++) { 1205 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1206 return (error); 1207 if (!(tmp & RT3070_EFSROM_KICK)) 1208 break; 1209 run_delay(sc, 2); 1210 } 1211 if (ntries == 100) 1212 return (ETIMEDOUT); 1213 1214 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1215 *val = 0xffff; /* address not found */ 1216 return (0); 1217 } 1218 /* determine to which 32-bit register our 16-bit word belongs */ 1219 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1220 if ((error = run_read(sc, reg, &tmp)) != 0) 1221 return (error); 1222 1223 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1224 return (0); 1225} 1226 1227static int 1228run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1229{ 1230 usb_device_request_t req; 1231 uint16_t tmp; 1232 int error; 1233 1234 addr *= 2; 1235 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1236 req.bRequest = RT2870_EEPROM_READ; 1237 USETW(req.wValue, 0); 1238 USETW(req.wIndex, addr); 1239 USETW(req.wLength, sizeof tmp); 1240 1241 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1242 if (error == 0) 1243 *val = le16toh(tmp); 1244 else 1245 *val = 0xffff; 1246 return (error); 1247} 1248 1249static __inline int 1250run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1251{ 1252 /* either eFUSE ROM or EEPROM */ 1253 return sc->sc_srom_read(sc, addr, val); 1254} 1255 1256static int 1257run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val) 1258{ 1259 uint32_t tmp; 1260 int error, ntries; 1261 1262 for (ntries = 0; ntries < 10; ntries++) { 1263 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1264 return (error); 1265 if (!(tmp & RT2860_RF_REG_CTRL)) 1266 break; 1267 } 1268 if (ntries == 10) 1269 return (ETIMEDOUT); 1270 1271 /* RF registers are 24-bit on the RT2860 */ 1272 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 1273 (val & 0x3fffff) << 2 | (reg & 3); 1274 return (run_write(sc, RT2860_RF_CSR_CFG0, tmp)); 1275} 1276 1277static int 1278run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1279{ 1280 uint32_t tmp; 1281 int error, ntries; 1282 1283 for (ntries = 0; ntries < 100; ntries++) { 1284 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1285 return (error); 1286 if (!(tmp & RT3070_RF_KICK)) 1287 break; 1288 } 1289 if (ntries == 100) 1290 return (ETIMEDOUT); 1291 1292 tmp = RT3070_RF_KICK | reg << 8; 1293 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1294 return (error); 1295 1296 for (ntries = 0; ntries < 100; ntries++) { 1297 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1298 return (error); 1299 if (!(tmp & RT3070_RF_KICK)) 1300 break; 1301 } 1302 if (ntries == 100) 1303 return (ETIMEDOUT); 1304 1305 *val = tmp & 0xff; 1306 return (0); 1307} 1308 1309static int 1310run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1311{ 1312 uint32_t tmp; 1313 int error, ntries; 1314 1315 for (ntries = 0; ntries < 10; ntries++) { 1316 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1317 return (error); 1318 if (!(tmp & RT3070_RF_KICK)) 1319 break; 1320 } 1321 if (ntries == 10) 1322 return (ETIMEDOUT); 1323 1324 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1325 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1326} 1327 1328static int 1329run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1330{ 1331 uint32_t tmp; 1332 int ntries, error; 1333 1334 for (ntries = 0; ntries < 10; ntries++) { 1335 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1336 return (error); 1337 if (!(tmp & RT2860_BBP_CSR_KICK)) 1338 break; 1339 } 1340 if (ntries == 10) 1341 return (ETIMEDOUT); 1342 1343 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1344 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1345 return (error); 1346 1347 for (ntries = 0; ntries < 10; ntries++) { 1348 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1349 return (error); 1350 if (!(tmp & RT2860_BBP_CSR_KICK)) 1351 break; 1352 } 1353 if (ntries == 10) 1354 return (ETIMEDOUT); 1355 1356 *val = tmp & 0xff; 1357 return (0); 1358} 1359 1360static int 1361run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1362{ 1363 uint32_t tmp; 1364 int ntries, error; 1365 1366 for (ntries = 0; ntries < 10; ntries++) { 1367 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1368 return (error); 1369 if (!(tmp & RT2860_BBP_CSR_KICK)) 1370 break; 1371 } 1372 if (ntries == 10) 1373 return (ETIMEDOUT); 1374 1375 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1376 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1377} 1378 1379/* 1380 * Send a command to the 8051 microcontroller unit. 1381 */ 1382static int 1383run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1384{ 1385 uint32_t tmp; 1386 int error, ntries; 1387 1388 for (ntries = 0; ntries < 100; ntries++) { 1389 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1390 return error; 1391 if (!(tmp & RT2860_H2M_BUSY)) 1392 break; 1393 } 1394 if (ntries == 100) 1395 return ETIMEDOUT; 1396 1397 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1398 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1399 error = run_write(sc, RT2860_HOST_CMD, cmd); 1400 return (error); 1401} 1402 1403/* 1404 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1405 * Used to adjust per-rate Tx power registers. 1406 */ 1407static __inline uint32_t 1408b4inc(uint32_t b32, int8_t delta) 1409{ 1410 int8_t i, b4; 1411 1412 for (i = 0; i < 8; i++) { 1413 b4 = b32 & 0xf; 1414 b4 += delta; 1415 if (b4 < 0) 1416 b4 = 0; 1417 else if (b4 > 0xf) 1418 b4 = 0xf; 1419 b32 = b32 >> 4 | b4 << 28; 1420 } 1421 return (b32); 1422} 1423 1424static const char * 1425run_get_rf(int rev) 1426{ 1427 switch (rev) { 1428 case RT2860_RF_2820: return "RT2820"; 1429 case RT2860_RF_2850: return "RT2850"; 1430 case RT2860_RF_2720: return "RT2720"; 1431 case RT2860_RF_2750: return "RT2750"; 1432 case RT3070_RF_3020: return "RT3020"; 1433 case RT3070_RF_2020: return "RT2020"; 1434 case RT3070_RF_3021: return "RT3021"; 1435 case RT3070_RF_3022: return "RT3022"; 1436 case RT3070_RF_3052: return "RT3052"; 1437 } 1438 return ("unknown"); 1439} 1440 1441int 1442run_read_eeprom(struct run_softc *sc) 1443{ 1444 int8_t delta_2ghz, delta_5ghz; 1445 uint32_t tmp; 1446 uint16_t val; 1447 int ridx, ant, i; 1448 1449 /* check whether the ROM is eFUSE ROM or EEPROM */ 1450 sc->sc_srom_read = run_eeprom_read_2; 1451 if (sc->mac_ver >= 0x3070) { 1452 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1453 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1454 if (tmp & RT3070_SEL_EFUSE) 1455 sc->sc_srom_read = run_efuse_read_2; 1456 } 1457 1458 /* read ROM version */ 1459 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1460 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1461 1462 /* read MAC address */ 1463 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1464 sc->sc_bssid[0] = val & 0xff; 1465 sc->sc_bssid[1] = val >> 8; 1466 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1467 sc->sc_bssid[2] = val & 0xff; 1468 sc->sc_bssid[3] = val >> 8; 1469 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1470 sc->sc_bssid[4] = val & 0xff; 1471 sc->sc_bssid[5] = val >> 8; 1472 1473 /* read vender BBP settings */ 1474 for (i = 0; i < 10; i++) { 1475 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1476 sc->bbp[i].val = val & 0xff; 1477 sc->bbp[i].reg = val >> 8; 1478 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1479 } 1480 if (sc->mac_ver >= 0x3071) { 1481 /* read vendor RF settings */ 1482 for (i = 0; i < 10; i++) { 1483 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val); 1484 sc->rf[i].val = val & 0xff; 1485 sc->rf[i].reg = val >> 8; 1486 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1487 sc->rf[i].val); 1488 } 1489 } 1490 1491 /* read RF frequency offset from EEPROM */ 1492 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1493 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1494 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1495 1496 if (val >> 8 != 0xff) { 1497 /* read LEDs operating mode */ 1498 sc->leds = val >> 8; 1499 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1500 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1501 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1502 } else { 1503 /* broken EEPROM, use default settings */ 1504 sc->leds = 0x01; 1505 sc->led[0] = 0x5555; 1506 sc->led[1] = 0x2221; 1507 sc->led[2] = 0x5627; /* differs from RT2860 */ 1508 } 1509 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1510 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1511 1512 /* read RF information */ 1513 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1514 if (val == 0xffff) { 1515 DPRINTF("invalid EEPROM antenna info, using default\n"); 1516 if (sc->mac_ver == 0x3572) { 1517 /* default to RF3052 2T2R */ 1518 sc->rf_rev = RT3070_RF_3052; 1519 sc->ntxchains = 2; 1520 sc->nrxchains = 2; 1521 } else if (sc->mac_ver >= 0x3070) { 1522 /* default to RF3020 1T1R */ 1523 sc->rf_rev = RT3070_RF_3020; 1524 sc->ntxchains = 1; 1525 sc->nrxchains = 1; 1526 } else { 1527 /* default to RF2820 1T2R */ 1528 sc->rf_rev = RT2860_RF_2820; 1529 sc->ntxchains = 1; 1530 sc->nrxchains = 2; 1531 } 1532 } else { 1533 sc->rf_rev = (val >> 8) & 0xf; 1534 sc->ntxchains = (val >> 4) & 0xf; 1535 sc->nrxchains = val & 0xf; 1536 } 1537 DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1538 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1539 1540 /* check if RF supports automatic Tx access gain control */ 1541 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1542 DPRINTF("EEPROM CFG 0x%04x\n", val); 1543 /* check if driver should patch the DAC issue */ 1544 if ((val >> 8) != 0xff) 1545 sc->patch_dac = (val >> 15) & 1; 1546 if ((val & 0xff) != 0xff) { 1547 sc->ext_5ghz_lna = (val >> 3) & 1; 1548 sc->ext_2ghz_lna = (val >> 2) & 1; 1549 /* check if RF supports automatic Tx access gain control */ 1550 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1551 /* check if we have a hardware radio switch */ 1552 sc->rfswitch = val & 1; 1553 } 1554 1555 /* read power settings for 2GHz channels */ 1556 for (i = 0; i < 14; i += 2) { 1557 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1558 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1559 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1560 1561 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1562 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1563 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1564 } 1565 /* fix broken Tx power entries */ 1566 for (i = 0; i < 14; i++) { 1567 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1568 sc->txpow1[i] = 5; 1569 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1570 sc->txpow2[i] = 5; 1571 DPRINTF("chan %d: power1=%d, power2=%d\n", 1572 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1573 } 1574 /* read power settings for 5GHz channels */ 1575 for (i = 0; i < 40; i += 2) { 1576 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1577 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1578 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1579 1580 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1581 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1582 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1583 } 1584 /* fix broken Tx power entries */ 1585 for (i = 0; i < 40; i++) { 1586 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1587 sc->txpow1[14 + i] = 5; 1588 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1589 sc->txpow2[14 + i] = 5; 1590 DPRINTF("chan %d: power1=%d, power2=%d\n", 1591 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1592 sc->txpow2[14 + i]); 1593 } 1594 1595 /* read Tx power compensation for each Tx rate */ 1596 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1597 delta_2ghz = delta_5ghz = 0; 1598 if ((val & 0xff) != 0xff && (val & 0x80)) { 1599 delta_2ghz = val & 0xf; 1600 if (!(val & 0x40)) /* negative number */ 1601 delta_2ghz = -delta_2ghz; 1602 } 1603 val >>= 8; 1604 if ((val & 0xff) != 0xff && (val & 0x80)) { 1605 delta_5ghz = val & 0xf; 1606 if (!(val & 0x40)) /* negative number */ 1607 delta_5ghz = -delta_5ghz; 1608 } 1609 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1610 delta_2ghz, delta_5ghz); 1611 1612 for (ridx = 0; ridx < 5; ridx++) { 1613 uint32_t reg; 1614 1615 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1616 reg = val; 1617 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1618 reg |= (uint32_t)val << 16; 1619 1620 sc->txpow20mhz[ridx] = reg; 1621 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1622 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1623 1624 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1625 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1626 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1627 } 1628 1629 /* read RSSI offsets and LNA gains from EEPROM */ 1630 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1631 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1632 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1633 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1634 if (sc->mac_ver >= 0x3070) { 1635 /* 1636 * On RT3070 chips (limited to 2 Rx chains), this ROM 1637 * field contains the Tx mixer gain for the 2GHz band. 1638 */ 1639 if ((val & 0xff) != 0xff) 1640 sc->txmixgain_2ghz = val & 0x7; 1641 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1642 } else 1643 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1644 sc->lna[2] = val >> 8; /* channel group 2 */ 1645 1646 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1647 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1648 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1649 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1650 if (sc->mac_ver == 0x3572) { 1651 /* 1652 * On RT3572 chips (limited to 2 Rx chains), this ROM 1653 * field contains the Tx mixer gain for the 5GHz band. 1654 */ 1655 if ((val & 0xff) != 0xff) 1656 sc->txmixgain_5ghz = val & 0x7; 1657 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1658 } else 1659 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1660 sc->lna[3] = val >> 8; /* channel group 3 */ 1661 1662 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1663 sc->lna[0] = val & 0xff; /* channel group 0 */ 1664 sc->lna[1] = val >> 8; /* channel group 1 */ 1665 1666 /* fix broken 5GHz LNA entries */ 1667 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1668 DPRINTF("invalid LNA for channel group %d\n", 2); 1669 sc->lna[2] = sc->lna[1]; 1670 } 1671 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1672 DPRINTF("invalid LNA for channel group %d\n", 3); 1673 sc->lna[3] = sc->lna[1]; 1674 } 1675 1676 /* fix broken RSSI offset entries */ 1677 for (ant = 0; ant < 3; ant++) { 1678 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1679 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1680 ant + 1, sc->rssi_2ghz[ant]); 1681 sc->rssi_2ghz[ant] = 0; 1682 } 1683 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1684 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1685 ant + 1, sc->rssi_5ghz[ant]); 1686 sc->rssi_5ghz[ant] = 0; 1687 } 1688 } 1689 return (0); 1690} 1691 1692static struct ieee80211_node * 1693run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1694{ 1695 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1696} 1697 1698static int 1699run_media_change(struct ifnet *ifp) 1700{ 1701 struct ieee80211vap *vap = ifp->if_softc; 1702 struct ieee80211com *ic = vap->iv_ic; 1703 const struct ieee80211_txparam *tp; 1704 struct run_softc *sc = ic->ic_ifp->if_softc; 1705 uint8_t rate, ridx; 1706 int error; 1707 1708 RUN_LOCK(sc); 1709 1710 error = ieee80211_media_change(ifp); 1711 if (error != ENETRESET) { 1712 RUN_UNLOCK(sc); 1713 return (error); 1714 } 1715 1716 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1717 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1718 struct ieee80211_node *ni; 1719 struct run_node *rn; 1720 1721 rate = ic->ic_sup_rates[ic->ic_curmode]. 1722 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1723 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1724 if (rt2860_rates[ridx].rate == rate) 1725 break; 1726 ni = ieee80211_ref_node(vap->iv_bss); 1727 rn = (struct run_node *)ni; 1728 rn->fix_ridx = ridx; 1729 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1730 ieee80211_free_node(ni); 1731 } 1732 1733#if 0 1734 if ((ifp->if_flags & IFF_UP) && 1735 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 1736 run_init_locked(sc); 1737 } 1738#endif 1739 1740 RUN_UNLOCK(sc); 1741 1742 return (0); 1743} 1744 1745static int 1746run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1747{ 1748 const struct ieee80211_txparam *tp; 1749 struct ieee80211com *ic = vap->iv_ic; 1750 struct run_softc *sc = ic->ic_ifp->if_softc; 1751 struct run_vap *rvp = RUN_VAP(vap); 1752 enum ieee80211_state ostate; 1753 uint32_t sta[3]; 1754 uint32_t tmp; 1755 uint8_t ratectl; 1756 uint8_t restart_ratectl = 0; 1757 uint8_t bid = 1 << rvp->rvp_id; 1758 1759 ostate = vap->iv_state; 1760 DPRINTF("%s -> %s\n", 1761 ieee80211_state_name[ostate], 1762 ieee80211_state_name[nstate]); 1763 1764 IEEE80211_UNLOCK(ic); 1765 RUN_LOCK(sc); 1766 1767 ratectl = sc->ratectl_run; /* remember current state */ 1768 sc->ratectl_run = RUN_RATECTL_OFF; 1769 usb_callout_stop(&sc->ratectl_ch); 1770 1771 if (ostate == IEEE80211_S_RUN) { 1772 /* turn link LED off */ 1773 run_set_leds(sc, RT2860_LED_RADIO); 1774 } 1775 1776 switch (nstate) { 1777 case IEEE80211_S_INIT: 1778 restart_ratectl = 1; 1779 1780 if (ostate != IEEE80211_S_RUN) 1781 break; 1782 1783 ratectl &= ~bid; 1784 sc->runbmap &= ~bid; 1785 1786 /* abort TSF synchronization if there is no vap running */ 1787 if (--sc->running == 0) { 1788 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1789 run_write(sc, RT2860_BCN_TIME_CFG, 1790 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1791 RT2860_TBTT_TIMER_EN)); 1792 } 1793 break; 1794 1795 case IEEE80211_S_RUN: 1796 if (!(sc->runbmap & bid)) { 1797 if(sc->running++) 1798 restart_ratectl = 1; 1799 sc->runbmap |= bid; 1800 } 1801 1802 m_freem(rvp->beacon_mbuf); 1803 rvp->beacon_mbuf = NULL; 1804 1805 switch (vap->iv_opmode) { 1806 case IEEE80211_M_HOSTAP: 1807 case IEEE80211_M_MBSS: 1808 sc->ap_running |= bid; 1809 ic->ic_opmode = vap->iv_opmode; 1810 run_update_beacon_cb(vap); 1811 break; 1812 case IEEE80211_M_IBSS: 1813 sc->adhoc_running |= bid; 1814 if (!sc->ap_running) 1815 ic->ic_opmode = vap->iv_opmode; 1816 run_update_beacon_cb(vap); 1817 break; 1818 case IEEE80211_M_STA: 1819 sc->sta_running |= bid; 1820 if (!sc->ap_running && !sc->adhoc_running) 1821 ic->ic_opmode = vap->iv_opmode; 1822 1823 /* read statistic counters (clear on read) */ 1824 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1825 (uint8_t *)sta, sizeof sta); 1826 1827 break; 1828 default: 1829 ic->ic_opmode = vap->iv_opmode; 1830 break; 1831 } 1832 1833 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1834 struct ieee80211_node *ni; 1835 1836 run_updateslot(ic->ic_ifp); 1837 run_enable_mrr(sc); 1838 run_set_txpreamble(sc); 1839 run_set_basicrates(sc); 1840 ni = ieee80211_ref_node(vap->iv_bss); 1841 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1842 run_set_bssid(sc, ni->ni_bssid); 1843 ieee80211_free_node(ni); 1844 run_enable_tsf_sync(sc); 1845 1846 /* enable automatic rate adaptation */ 1847 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1848 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1849 ratectl |= bid; 1850 } 1851 1852 /* turn link LED on */ 1853 run_set_leds(sc, RT2860_LED_RADIO | 1854 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1855 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1856 1857 break; 1858 default: 1859 DPRINTFN(6, "undefined case\n"); 1860 break; 1861 } 1862 1863 /* restart amrr for running VAPs */ 1864 if ((sc->ratectl_run = ratectl) && restart_ratectl) 1865 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 1866 1867 RUN_UNLOCK(sc); 1868 IEEE80211_LOCK(ic); 1869 1870 return(rvp->newstate(vap, nstate, arg)); 1871} 1872 1873/* ARGSUSED */ 1874static void 1875run_wme_update_cb(void *arg) 1876{ 1877 struct ieee80211com *ic = arg; 1878 struct run_softc *sc = ic->ic_ifp->if_softc; 1879 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 1880 int aci, error = 0; 1881 1882 RUN_LOCK_ASSERT(sc, MA_OWNED); 1883 1884 /* update MAC TX configuration registers */ 1885 for (aci = 0; aci < WME_NUM_AC; aci++) { 1886 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 1887 wmesp->wme_params[aci].wmep_logcwmax << 16 | 1888 wmesp->wme_params[aci].wmep_logcwmin << 12 | 1889 wmesp->wme_params[aci].wmep_aifsn << 8 | 1890 wmesp->wme_params[aci].wmep_txopLimit); 1891 if (error) goto err; 1892 } 1893 1894 /* update SCH/DMA registers too */ 1895 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 1896 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 1897 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 1898 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 1899 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 1900 if (error) goto err; 1901 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 1902 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 1903 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 1904 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 1905 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 1906 if (error) goto err; 1907 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 1908 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 1909 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 1910 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 1911 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 1912 if (error) goto err; 1913 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 1914 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 1915 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 1916 if (error) goto err; 1917 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 1918 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 1919 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 1920 1921err: 1922 if (error) 1923 DPRINTF("WME update failed\n"); 1924 1925 return; 1926} 1927 1928static int 1929run_wme_update(struct ieee80211com *ic) 1930{ 1931 struct run_softc *sc = ic->ic_ifp->if_softc; 1932 1933 /* sometime called wothout lock */ 1934 if (mtx_owned(&ic->ic_comlock.mtx)) { 1935 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 1936 DPRINTF("cmdq_store=%d\n", i); 1937 sc->cmdq[i].func = run_wme_update_cb; 1938 sc->cmdq[i].arg0 = ic; 1939 ieee80211_runtask(ic, &sc->cmdq_task); 1940 return (0); 1941 } 1942 1943 RUN_LOCK(sc); 1944 run_wme_update_cb(ic); 1945 RUN_UNLOCK(sc); 1946 1947 /* return whatever, upper layer desn't care anyway */ 1948 return (0); 1949} 1950 1951static void 1952run_key_update_begin(struct ieee80211vap *vap) 1953{ 1954 /* 1955 * To avoid out-of-order events, both run_key_set() and 1956 * _delete() are deferred and handled by run_cmdq_cb(). 1957 * So, there is nothing we need to do here. 1958 */ 1959} 1960 1961static void 1962run_key_update_end(struct ieee80211vap *vap) 1963{ 1964 /* null */ 1965} 1966 1967static void 1968run_key_set_cb(void *arg) 1969{ 1970 struct run_cmdq *cmdq = arg; 1971 struct ieee80211vap *vap = cmdq->arg1; 1972 struct ieee80211_key *k = cmdq->k; 1973 struct ieee80211com *ic = vap->iv_ic; 1974 struct run_softc *sc = ic->ic_ifp->if_softc; 1975 struct ieee80211_node *ni; 1976 uint32_t attr; 1977 uint16_t base, associd; 1978 uint8_t mode, wcid, iv[8]; 1979 1980 RUN_LOCK_ASSERT(sc, MA_OWNED); 1981 1982 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 1983 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 1984 else 1985 ni = vap->iv_bss; 1986 associd = (ni != NULL) ? ni->ni_associd : 0; 1987 1988 /* map net80211 cipher to RT2860 security mode */ 1989 switch (k->wk_cipher->ic_cipher) { 1990 case IEEE80211_CIPHER_WEP: 1991 if(k->wk_keylen < 8) 1992 mode = RT2860_MODE_WEP40; 1993 else 1994 mode = RT2860_MODE_WEP104; 1995 break; 1996 case IEEE80211_CIPHER_TKIP: 1997 mode = RT2860_MODE_TKIP; 1998 break; 1999 case IEEE80211_CIPHER_AES_CCM: 2000 mode = RT2860_MODE_AES_CCMP; 2001 break; 2002 default: 2003 DPRINTF("undefined case\n"); 2004 return; 2005 } 2006 2007 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2008 associd, k->wk_keyix, mode, 2009 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2010 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2011 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2012 2013 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2014 wcid = 0; /* NB: update WCID0 for group keys */ 2015 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2016 } else { 2017 wcid = RUN_AID2WCID(associd); 2018 base = RT2860_PKEY(wcid); 2019 } 2020 2021 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2022 if(run_write_region_1(sc, base, k->wk_key, 16)) 2023 return; 2024 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2025 return; 2026 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2027 return; 2028 } else { 2029 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2030 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2031 return; 2032 } 2033 2034 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2035 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2036 /* set initial packet number in IV+EIV */ 2037 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2038 memset(iv, 0, sizeof iv); 2039 iv[3] = vap->iv_def_txkey << 6; 2040 } else { 2041 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2042 iv[0] = k->wk_keytsc >> 8; 2043 iv[1] = (iv[0] | 0x20) & 0x7f; 2044 iv[2] = k->wk_keytsc; 2045 } else /* CCMP */ { 2046 iv[0] = k->wk_keytsc; 2047 iv[1] = k->wk_keytsc >> 8; 2048 iv[2] = 0; 2049 } 2050 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2051 iv[4] = k->wk_keytsc >> 16; 2052 iv[5] = k->wk_keytsc >> 24; 2053 iv[6] = k->wk_keytsc >> 32; 2054 iv[7] = k->wk_keytsc >> 40; 2055 } 2056 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2057 return; 2058 } 2059 2060 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2061 /* install group key */ 2062 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2063 return; 2064 attr &= ~(0xf << (k->wk_keyix * 4)); 2065 attr |= mode << (k->wk_keyix * 4); 2066 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2067 return; 2068 } else { 2069 /* install pairwise key */ 2070 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2071 return; 2072 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2073 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2074 return; 2075 } 2076 2077 /* TODO create a pass-thru key entry? */ 2078 2079 /* need wcid to delete the right key later */ 2080 k->wk_pad = wcid; 2081} 2082 2083/* 2084 * Don't have to be deferred, but in order to keep order of 2085 * execution, i.e. with run_key_delete(), defer this and let 2086 * run_cmdq_cb() maintain the order. 2087 * 2088 * return 0 on error 2089 */ 2090static int 2091run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2092 const uint8_t mac[IEEE80211_ADDR_LEN]) 2093{ 2094 struct ieee80211com *ic = vap->iv_ic; 2095 struct run_softc *sc = ic->ic_ifp->if_softc; 2096 uint32_t i; 2097 2098 i = RUN_CMDQ_GET(&sc->cmdq_store); 2099 DPRINTF("cmdq_store=%d\n", i); 2100 sc->cmdq[i].func = run_key_set_cb; 2101 sc->cmdq[i].arg0 = NULL; 2102 sc->cmdq[i].arg1 = vap; 2103 sc->cmdq[i].k = k; 2104 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2105 ieee80211_runtask(ic, &sc->cmdq_task); 2106 2107 /* 2108 * To make sure key will be set when hostapd 2109 * calls iv_key_set() before if_init(). 2110 */ 2111 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2112 RUN_LOCK(sc); 2113 sc->cmdq_key_set = RUN_CMDQ_GO; 2114 RUN_UNLOCK(sc); 2115 } 2116 2117 return (1); 2118} 2119 2120/* 2121 * If wlan is destroyed without being brought down i.e. without 2122 * wlan down or wpa_cli terminate, this function is called after 2123 * vap is gone. Don't refer it. 2124 */ 2125static void 2126run_key_delete_cb(void *arg) 2127{ 2128 struct run_cmdq *cmdq = arg; 2129 struct run_softc *sc = cmdq->arg1; 2130 struct ieee80211_key *k = &cmdq->key; 2131 uint32_t attr; 2132 uint8_t wcid; 2133 2134 RUN_LOCK_ASSERT(sc, MA_OWNED); 2135 2136 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2137 /* remove group key */ 2138 DPRINTF("removing group key\n"); 2139 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2140 attr &= ~(0xf << (k->wk_keyix * 4)); 2141 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2142 } else { 2143 /* remove pairwise key */ 2144 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2145 /* matching wcid was written to wk_pad in run_key_set() */ 2146 wcid = k->wk_pad; 2147 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2148 attr &= ~0xf; 2149 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2150 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2151 } 2152 2153 k->wk_pad = 0; 2154} 2155 2156/* 2157 * return 0 on error 2158 */ 2159static int 2160run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2161{ 2162 struct ieee80211com *ic = vap->iv_ic; 2163 struct run_softc *sc = ic->ic_ifp->if_softc; 2164 struct ieee80211_key *k0; 2165 uint32_t i; 2166 2167 /* 2168 * When called back, key might be gone. So, make a copy 2169 * of some values need to delete keys before deferring. 2170 * But, because of LOR with node lock, cannot use lock here. 2171 * So, use atomic instead. 2172 */ 2173 i = RUN_CMDQ_GET(&sc->cmdq_store); 2174 DPRINTF("cmdq_store=%d\n", i); 2175 sc->cmdq[i].func = run_key_delete_cb; 2176 sc->cmdq[i].arg0 = NULL; 2177 sc->cmdq[i].arg1 = sc; 2178 k0 = &sc->cmdq[i].key; 2179 k0->wk_flags = k->wk_flags; 2180 k0->wk_keyix = k->wk_keyix; 2181 /* matching wcid was written to wk_pad in run_key_set() */ 2182 k0->wk_pad = k->wk_pad; 2183 ieee80211_runtask(ic, &sc->cmdq_task); 2184 return (1); /* return fake success */ 2185 2186} 2187 2188static void 2189run_ratectl_to(void *arg) 2190{ 2191 struct run_softc *sc = arg; 2192 2193 /* do it in a process context, so it can go sleep */ 2194 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2195 /* next timeout will be rescheduled in the callback task */ 2196} 2197 2198/* ARGSUSED */ 2199static void 2200run_ratectl_cb(void *arg, int pending) 2201{ 2202 struct run_softc *sc = arg; 2203 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2204 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2205 2206 if (vap == NULL) 2207 return; 2208 2209 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2210 run_iter_func(sc, vap->iv_bss); 2211 else { 2212 /* 2213 * run_reset_livelock() doesn't do anything with AMRR, 2214 * but Ralink wants us to call it every 1 sec. So, we 2215 * piggyback here rather than creating another callout. 2216 * Livelock may occur only in HOSTAP or IBSS mode 2217 * (when h/w is sending beacons). 2218 */ 2219 RUN_LOCK(sc); 2220 run_reset_livelock(sc); 2221 /* just in case, there are some stats to drain */ 2222 run_drain_fifo(sc); 2223 RUN_UNLOCK(sc); 2224 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2225 } 2226 2227 if(sc->ratectl_run != RUN_RATECTL_OFF) 2228 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2229} 2230 2231static void 2232run_drain_fifo(void *arg) 2233{ 2234 struct run_softc *sc = arg; 2235 struct ifnet *ifp = sc->sc_ifp; 2236 uint32_t stat; 2237 uint16_t (*wstat)[3]; 2238 uint8_t wcid, mcs, pid; 2239 int8_t retry; 2240 2241 RUN_LOCK_ASSERT(sc, MA_OWNED); 2242 2243 for (;;) { 2244 /* drain Tx status FIFO (maxsize = 16) */ 2245 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2246 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2247 if (!(stat & RT2860_TXQ_VLD)) 2248 break; 2249 2250 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2251 2252 /* if no ACK was requested, no feedback is available */ 2253 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2254 wcid == 0) 2255 continue; 2256 2257 /* 2258 * Even though each stat is Tx-complete-status like format, 2259 * the device can poll stats. Because there is no guarantee 2260 * that the referring node is still around when read the stats. 2261 * So that, if we use ieee80211_ratectl_tx_update(), we will 2262 * have hard time not to refer already freed node. 2263 * 2264 * To eliminate such page faults, we poll stats in softc. 2265 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2266 */ 2267 wstat = &(sc->wcid_stats[wcid]); 2268 (*wstat)[RUN_TXCNT]++; 2269 if (stat & RT2860_TXQ_OK) 2270 (*wstat)[RUN_SUCCESS]++; 2271 else 2272 ifp->if_oerrors++; 2273 /* 2274 * Check if there were retries, ie if the Tx success rate is 2275 * different from the requested rate. Note that it works only 2276 * because we do not allow rate fallback from OFDM to CCK. 2277 */ 2278 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2279 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2280 if ((retry = pid -1 - mcs) > 0) { 2281 (*wstat)[RUN_TXCNT] += retry; 2282 (*wstat)[RUN_RETRY] += retry; 2283 } 2284 } 2285 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2286 2287 sc->fifo_cnt = 0; 2288} 2289 2290static void 2291run_iter_func(void *arg, struct ieee80211_node *ni) 2292{ 2293 struct run_softc *sc = arg; 2294 struct ieee80211vap *vap = ni->ni_vap; 2295 struct ieee80211com *ic = ni->ni_ic; 2296 struct ifnet *ifp = ic->ic_ifp; 2297 struct run_node *rn = (void *)ni; 2298 union run_stats sta[2]; 2299 uint16_t (*wstat)[3]; 2300 int txcnt, success, retrycnt, error; 2301 2302 RUN_LOCK(sc); 2303 2304 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2305 vap->iv_opmode == IEEE80211_M_STA)) { 2306 /* read statistic counters (clear on read) and update AMRR state */ 2307 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2308 sizeof sta); 2309 if (error != 0) 2310 goto fail; 2311 2312 /* count failed TX as errors */ 2313 ifp->if_oerrors += le16toh(sta[0].error.fail); 2314 2315 retrycnt = le16toh(sta[1].tx.retry); 2316 success = le16toh(sta[1].tx.success); 2317 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2318 2319 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2320 retrycnt, success, le16toh(sta[0].error.fail)); 2321 } else { 2322 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2323 2324 if (wstat == &(sc->wcid_stats[0]) || 2325 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2326 goto fail; 2327 2328 txcnt = (*wstat)[RUN_TXCNT]; 2329 success = (*wstat)[RUN_SUCCESS]; 2330 retrycnt = (*wstat)[RUN_RETRY]; 2331 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2332 retrycnt, txcnt, success); 2333 2334 memset(wstat, 0, sizeof(*wstat)); 2335 } 2336 2337 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2338 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2339 2340fail: 2341 RUN_UNLOCK(sc); 2342 2343 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2344} 2345 2346static void 2347run_newassoc_cb(void *arg) 2348{ 2349 struct run_cmdq *cmdq = arg; 2350 struct ieee80211_node *ni = cmdq->arg1; 2351 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2352 uint8_t wcid = cmdq->wcid; 2353 2354 RUN_LOCK_ASSERT(sc, MA_OWNED); 2355 2356 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2357 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2358 2359 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2360} 2361 2362static void 2363run_newassoc(struct ieee80211_node *ni, int isnew) 2364{ 2365 struct run_node *rn = (void *)ni; 2366 struct ieee80211_rateset *rs = &ni->ni_rates; 2367 struct ieee80211vap *vap = ni->ni_vap; 2368 struct ieee80211com *ic = vap->iv_ic; 2369 struct run_softc *sc = ic->ic_ifp->if_softc; 2370 uint8_t rate; 2371 uint8_t ridx; 2372 uint8_t wcid = RUN_AID2WCID(ni->ni_associd); 2373 int i, j; 2374 2375 if (wcid > RT2870_WCID_MAX) { 2376 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2377 return; 2378 } 2379 2380 /* only interested in true associations */ 2381 if (isnew && ni->ni_associd != 0) { 2382 2383 /* 2384 * This function could is called though timeout function. 2385 * Need to defer. 2386 */ 2387 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2388 DPRINTF("cmdq_store=%d\n", cnt); 2389 sc->cmdq[cnt].func = run_newassoc_cb; 2390 sc->cmdq[cnt].arg0 = NULL; 2391 sc->cmdq[cnt].arg1 = ni; 2392 sc->cmdq[cnt].wcid = wcid; 2393 ieee80211_runtask(ic, &sc->cmdq_task); 2394 } 2395 2396 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2397 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2398 2399 for (i = 0; i < rs->rs_nrates; i++) { 2400 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2401 /* convert 802.11 rate to hardware rate index */ 2402 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2403 if (rt2860_rates[ridx].rate == rate) 2404 break; 2405 rn->ridx[i] = ridx; 2406 /* determine rate of control response frames */ 2407 for (j = i; j >= 0; j--) { 2408 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2409 rt2860_rates[rn->ridx[i]].phy == 2410 rt2860_rates[rn->ridx[j]].phy) 2411 break; 2412 } 2413 if (j >= 0) { 2414 rn->ctl_ridx[i] = rn->ridx[j]; 2415 } else { 2416 /* no basic rate found, use mandatory one */ 2417 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2418 } 2419 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2420 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2421 } 2422 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2423 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2424 if (rt2860_rates[ridx].rate == rate) 2425 break; 2426 rn->mgt_ridx = ridx; 2427 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2428 2429 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2430} 2431 2432/* 2433 * Return the Rx chain with the highest RSSI for a given frame. 2434 */ 2435static __inline uint8_t 2436run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2437{ 2438 uint8_t rxchain = 0; 2439 2440 if (sc->nrxchains > 1) { 2441 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2442 rxchain = 1; 2443 if (sc->nrxchains > 2) 2444 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2445 rxchain = 2; 2446 } 2447 return (rxchain); 2448} 2449 2450static void 2451run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2452{ 2453 struct ifnet *ifp = sc->sc_ifp; 2454 struct ieee80211com *ic = ifp->if_l2com; 2455 struct ieee80211_frame *wh; 2456 struct ieee80211_node *ni; 2457 struct rt2870_rxd *rxd; 2458 struct rt2860_rxwi *rxwi; 2459 uint32_t flags; 2460 uint16_t len, phy; 2461 uint8_t ant, rssi; 2462 int8_t nf; 2463 2464 rxwi = mtod(m, struct rt2860_rxwi *); 2465 len = le16toh(rxwi->len) & 0xfff; 2466 if (__predict_false(len > dmalen)) { 2467 m_freem(m); 2468 ifp->if_ierrors++; 2469 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2470 return; 2471 } 2472 /* Rx descriptor is located at the end */ 2473 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2474 flags = le32toh(rxd->flags); 2475 2476 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2477 m_freem(m); 2478 ifp->if_ierrors++; 2479 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2480 return; 2481 } 2482 2483 m->m_data += sizeof(struct rt2860_rxwi); 2484 m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi); 2485 2486 wh = mtod(m, struct ieee80211_frame *); 2487 2488 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2489 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2490 m->m_flags |= M_WEP; 2491 } 2492 2493 if (flags & RT2860_RX_L2PAD) { 2494 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2495 len += 2; 2496 } 2497 2498 ni = ieee80211_find_rxnode(ic, 2499 mtod(m, struct ieee80211_frame_min *)); 2500 2501 if (__predict_false(flags & RT2860_RX_MICERR)) { 2502 /* report MIC failures to net80211 for TKIP */ 2503 if (ni != NULL) 2504 ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx); 2505 m_freem(m); 2506 ifp->if_ierrors++; 2507 DPRINTF("MIC error. Someone is lying.\n"); 2508 return; 2509 } 2510 2511 ant = run_maxrssi_chain(sc, rxwi); 2512 rssi = rxwi->rssi[ant]; 2513 nf = run_rssi2dbm(sc, rssi, ant); 2514 2515 m->m_pkthdr.rcvif = ifp; 2516 m->m_pkthdr.len = m->m_len = len; 2517 2518 if (ni != NULL) { 2519 (void)ieee80211_input(ni, m, rssi, nf); 2520 ieee80211_free_node(ni); 2521 } else { 2522 (void)ieee80211_input_all(ic, m, rssi, nf); 2523 } 2524 2525 if (__predict_false(ieee80211_radiotap_active(ic))) { 2526 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2527 2528 tap->wr_flags = 0; 2529 tap->wr_chan_freq = htole16(ic->ic_bsschan->ic_freq); 2530 tap->wr_chan_flags = htole16(ic->ic_bsschan->ic_flags); 2531 tap->wr_antsignal = rssi; 2532 tap->wr_antenna = ant; 2533 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2534 tap->wr_rate = 2; /* in case it can't be found below */ 2535 phy = le16toh(rxwi->phy); 2536 switch (phy & RT2860_PHY_MODE) { 2537 case RT2860_PHY_CCK: 2538 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2539 case 0: tap->wr_rate = 2; break; 2540 case 1: tap->wr_rate = 4; break; 2541 case 2: tap->wr_rate = 11; break; 2542 case 3: tap->wr_rate = 22; break; 2543 } 2544 if (phy & RT2860_PHY_SHPRE) 2545 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2546 break; 2547 case RT2860_PHY_OFDM: 2548 switch (phy & RT2860_PHY_MCS) { 2549 case 0: tap->wr_rate = 12; break; 2550 case 1: tap->wr_rate = 18; break; 2551 case 2: tap->wr_rate = 24; break; 2552 case 3: tap->wr_rate = 36; break; 2553 case 4: tap->wr_rate = 48; break; 2554 case 5: tap->wr_rate = 72; break; 2555 case 6: tap->wr_rate = 96; break; 2556 case 7: tap->wr_rate = 108; break; 2557 } 2558 break; 2559 } 2560 } 2561} 2562 2563static void 2564run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2565{ 2566 struct run_softc *sc = usbd_xfer_softc(xfer); 2567 struct ifnet *ifp = sc->sc_ifp; 2568 struct mbuf *m = NULL; 2569 struct mbuf *m0; 2570 uint32_t dmalen; 2571 int xferlen; 2572 2573 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2574 2575 switch (USB_GET_STATE(xfer)) { 2576 case USB_ST_TRANSFERRED: 2577 2578 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2579 2580 if (xferlen < sizeof (uint32_t) + 2581 sizeof (struct rt2860_rxwi) + sizeof (struct rt2870_rxd)) { 2582 DPRINTF("xfer too short %d\n", xferlen); 2583 goto tr_setup; 2584 } 2585 2586 m = sc->rx_m; 2587 sc->rx_m = NULL; 2588 2589 /* FALLTHROUGH */ 2590 case USB_ST_SETUP: 2591tr_setup: 2592 if (sc->rx_m == NULL) { 2593 sc->rx_m = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR, 2594 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2595 } 2596 if (sc->rx_m == NULL) { 2597 DPRINTF("could not allocate mbuf - idle with stall\n"); 2598 ifp->if_ierrors++; 2599 usbd_xfer_set_stall(xfer); 2600 usbd_xfer_set_frames(xfer, 0); 2601 } else { 2602 /* 2603 * Directly loading a mbuf cluster into DMA to 2604 * save some data copying. This works because 2605 * there is only one cluster. 2606 */ 2607 usbd_xfer_set_frame_data(xfer, 0, 2608 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2609 usbd_xfer_set_frames(xfer, 1); 2610 } 2611 usbd_transfer_submit(xfer); 2612 break; 2613 2614 default: /* Error */ 2615 if (error != USB_ERR_CANCELLED) { 2616 /* try to clear stall first */ 2617 usbd_xfer_set_stall(xfer); 2618 2619 if (error == USB_ERR_TIMEOUT) 2620 device_printf(sc->sc_dev, "device timeout\n"); 2621 2622 ifp->if_ierrors++; 2623 2624 goto tr_setup; 2625 } 2626 if (sc->rx_m != NULL) { 2627 m_freem(sc->rx_m); 2628 sc->rx_m = NULL; 2629 } 2630 break; 2631 } 2632 2633 if (m == NULL) 2634 return; 2635 2636 /* inputting all the frames must be last */ 2637 2638 RUN_UNLOCK(sc); 2639 2640 m->m_pkthdr.len = m->m_len = xferlen; 2641 2642 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2643 for(;;) { 2644 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2645 2646 if ((dmalen == 0) || ((dmalen & 3) != 0)) { 2647 DPRINTF("bad DMA length %u\n", dmalen); 2648 break; 2649 } 2650 if ((dmalen + 8) > xferlen) { 2651 DPRINTF("bad DMA length %u > %d\n", 2652 dmalen + 8, xferlen); 2653 break; 2654 } 2655 2656 /* If it is the last one or a single frame, we won't copy. */ 2657 if ((xferlen -= dmalen + 8) <= 8) { 2658 /* trim 32-bit DMA-len header */ 2659 m->m_data += 4; 2660 m->m_pkthdr.len = m->m_len -= 4; 2661 run_rx_frame(sc, m, dmalen); 2662 break; 2663 } 2664 2665 /* copy aggregated frames to another mbuf */ 2666 m0 = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 2667 if (__predict_false(m0 == NULL)) { 2668 DPRINTF("could not allocate mbuf\n"); 2669 ifp->if_ierrors++; 2670 break; 2671 } 2672 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2673 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2674 m0->m_pkthdr.len = m0->m_len = 2675 dmalen + sizeof(struct rt2870_rxd); 2676 run_rx_frame(sc, m0, dmalen); 2677 2678 /* update data ptr */ 2679 m->m_data += dmalen + 8; 2680 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2681 } 2682 2683 RUN_LOCK(sc); 2684} 2685 2686static void 2687run_tx_free(struct run_endpoint_queue *pq, 2688 struct run_tx_data *data, int txerr) 2689{ 2690 if (data->m != NULL) { 2691 if (data->m->m_flags & M_TXCB) 2692 ieee80211_process_callback(data->ni, data->m, 2693 txerr ? ETIMEDOUT : 0); 2694 m_freem(data->m); 2695 data->m = NULL; 2696 2697 if (data->ni == NULL) { 2698 DPRINTF("no node\n"); 2699 } else { 2700 ieee80211_free_node(data->ni); 2701 data->ni = NULL; 2702 } 2703 } 2704 2705 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2706 pq->tx_nfree++; 2707} 2708 2709static void 2710run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, unsigned int index) 2711{ 2712 struct run_softc *sc = usbd_xfer_softc(xfer); 2713 struct ifnet *ifp = sc->sc_ifp; 2714 struct ieee80211com *ic = ifp->if_l2com; 2715 struct run_tx_data *data; 2716 struct ieee80211vap *vap = NULL; 2717 struct usb_page_cache *pc; 2718 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2719 struct mbuf *m; 2720 usb_frlength_t size; 2721 unsigned int len; 2722 int actlen; 2723 int sumlen; 2724 2725 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2726 2727 switch (USB_GET_STATE(xfer)) { 2728 case USB_ST_TRANSFERRED: 2729 DPRINTFN(11, "transfer complete: %d " 2730 "bytes @ index %d\n", actlen, index); 2731 2732 data = usbd_xfer_get_priv(xfer); 2733 2734 run_tx_free(pq, data, 0); 2735 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 2736 2737 usbd_xfer_set_priv(xfer, NULL); 2738 2739 ifp->if_opackets++; 2740 2741 /* FALLTHROUGH */ 2742 case USB_ST_SETUP: 2743tr_setup: 2744 data = STAILQ_FIRST(&pq->tx_qh); 2745 if (data == NULL) 2746 break; 2747 2748 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2749 2750 m = data->m; 2751 if (m->m_pkthdr.len > RUN_MAX_TXSZ) { 2752 DPRINTF("data overflow, %u bytes\n", 2753 m->m_pkthdr.len); 2754 2755 ifp->if_oerrors++; 2756 2757 run_tx_free(pq, data, 1); 2758 2759 goto tr_setup; 2760 } 2761 2762 pc = usbd_xfer_get_frame(xfer, 0); 2763 size = sizeof(data->desc); 2764 usbd_copy_in(pc, 0, &data->desc, size); 2765 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2766 2767 vap = data->ni->ni_vap; 2768 if (ieee80211_radiotap_active_vap(vap)) { 2769 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2770 struct rt2860_txwi *txwi = 2771 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2772 2773 tap->wt_flags = 0; 2774 tap->wt_rate = rt2860_rates[data->ridx].rate; 2775 tap->wt_chan_freq = htole16(vap->iv_bss->ni_chan->ic_freq); 2776 tap->wt_chan_flags = htole16(vap->iv_bss->ni_chan->ic_flags); 2777 tap->wt_hwqueue = index; 2778 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2779 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2780 2781 ieee80211_radiotap_tx(vap, m); 2782 } 2783 2784 /* align end on a 4-bytes boundary */ 2785 len = (size + IEEE80211_CRC_LEN + m->m_pkthdr.len + 3) & ~3; 2786 2787 DPRINTFN(11, "sending frame len=%u xferlen=%u @ index %d\n", 2788 m->m_pkthdr.len, len, index); 2789 2790 usbd_xfer_set_frame_len(xfer, 0, len); 2791 usbd_xfer_set_priv(xfer, data); 2792 2793 usbd_transfer_submit(xfer); 2794 2795 RUN_UNLOCK(sc); 2796 run_start(ifp); 2797 RUN_LOCK(sc); 2798 2799 break; 2800 2801 default: 2802 DPRINTF("USB transfer error, %s\n", 2803 usbd_errstr(error)); 2804 2805 data = usbd_xfer_get_priv(xfer); 2806 2807 ifp->if_oerrors++; 2808 2809 if (data != NULL) { 2810 if(data->ni != NULL) 2811 vap = data->ni->ni_vap; 2812 run_tx_free(pq, data, error); 2813 usbd_xfer_set_priv(xfer, NULL); 2814 } 2815 if (vap == NULL) 2816 vap = TAILQ_FIRST(&ic->ic_vaps); 2817 2818 if (error != USB_ERR_CANCELLED) { 2819 if (error == USB_ERR_TIMEOUT) { 2820 device_printf(sc->sc_dev, "device timeout\n"); 2821 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2822 DPRINTF("cmdq_store=%d\n", i); 2823 sc->cmdq[i].func = run_usb_timeout_cb; 2824 sc->cmdq[i].arg0 = vap; 2825 ieee80211_runtask(ic, &sc->cmdq_task); 2826 } 2827 2828 /* 2829 * Try to clear stall first, also if other 2830 * errors occur, hence clearing stall 2831 * introduces a 50 ms delay: 2832 */ 2833 usbd_xfer_set_stall(xfer); 2834 goto tr_setup; 2835 } 2836 break; 2837 } 2838} 2839 2840static void 2841run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 2842{ 2843 run_bulk_tx_callbackN(xfer, error, 0); 2844} 2845 2846static void 2847run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 2848{ 2849 run_bulk_tx_callbackN(xfer, error, 1); 2850} 2851 2852static void 2853run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 2854{ 2855 run_bulk_tx_callbackN(xfer, error, 2); 2856} 2857 2858static void 2859run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 2860{ 2861 run_bulk_tx_callbackN(xfer, error, 3); 2862} 2863 2864static void 2865run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 2866{ 2867 run_bulk_tx_callbackN(xfer, error, 4); 2868} 2869 2870static void 2871run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 2872{ 2873 run_bulk_tx_callbackN(xfer, error, 5); 2874} 2875 2876static void 2877run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 2878{ 2879 struct mbuf *m = data->m; 2880 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2881 struct ieee80211vap *vap = data->ni->ni_vap; 2882 struct ieee80211_frame *wh; 2883 struct rt2870_txd *txd; 2884 struct rt2860_txwi *txwi; 2885 uint16_t xferlen; 2886 uint16_t mcs; 2887 uint8_t ridx = data->ridx; 2888 uint8_t pad; 2889 2890 /* get MCS code from rate index */ 2891 mcs = rt2860_rates[ridx].mcs; 2892 2893 xferlen = sizeof(*txwi) + m->m_pkthdr.len; 2894 2895 /* roundup to 32-bit alignment */ 2896 xferlen = (xferlen + 3) & ~3; 2897 2898 txd = (struct rt2870_txd *)&data->desc; 2899 txd->len = htole16(xferlen); 2900 2901 wh = mtod(m, struct ieee80211_frame *); 2902 2903 /* 2904 * Ether both are true or both are false, the header 2905 * are nicely aligned to 32-bit. So, no L2 padding. 2906 */ 2907 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 2908 pad = 0; 2909 else 2910 pad = 2; 2911 2912 /* setup TX Wireless Information */ 2913 txwi = (struct rt2860_txwi *)(txd + 1); 2914 txwi->len = htole16(m->m_pkthdr.len - pad); 2915 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2916 txwi->phy = htole16(RT2860_PHY_CCK); 2917 if (ridx != RT2860_RIDX_CCK1 && 2918 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2919 mcs |= RT2860_PHY_SHPRE; 2920 } else 2921 txwi->phy = htole16(RT2860_PHY_OFDM); 2922 txwi->phy |= htole16(mcs); 2923 2924 /* check if RTS/CTS or CTS-to-self protection is required */ 2925 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2926 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 2927 ((ic->ic_flags & IEEE80211_F_USEPROT) && 2928 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 2929 txwi->txop |= RT2860_TX_TXOP_HT; 2930 else 2931 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 2932 2933 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 2934 txwi->xflags |= RT2860_TX_NSEQ; 2935} 2936 2937/* This function must be called locked */ 2938static int 2939run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2940{ 2941 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2942 struct ieee80211vap *vap = ni->ni_vap; 2943 struct ieee80211_frame *wh; 2944 struct ieee80211_channel *chan; 2945 const struct ieee80211_txparam *tp; 2946 struct run_node *rn = (void *)ni; 2947 struct run_tx_data *data; 2948 struct rt2870_txd *txd; 2949 struct rt2860_txwi *txwi; 2950 uint16_t qos; 2951 uint16_t dur; 2952 uint16_t qid; 2953 uint8_t type; 2954 uint8_t tid; 2955 uint8_t ridx; 2956 uint8_t ctl_ridx; 2957 uint8_t qflags; 2958 uint8_t xflags = 0; 2959 int hasqos; 2960 2961 RUN_LOCK_ASSERT(sc, MA_OWNED); 2962 2963 wh = mtod(m, struct ieee80211_frame *); 2964 2965 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2966 2967 /* 2968 * There are 7 bulk endpoints: 1 for RX 2969 * and 6 for TX (4 EDCAs + HCCA + Prio). 2970 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 2971 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 2972 */ 2973 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 2974 uint8_t *frm; 2975 2976 if(IEEE80211_HAS_ADDR4(wh)) 2977 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 2978 else 2979 frm =((struct ieee80211_qosframe *)wh)->i_qos; 2980 2981 qos = le16toh(*(const uint16_t *)frm); 2982 tid = qos & IEEE80211_QOS_TID; 2983 qid = TID_TO_WME_AC(tid); 2984 } else { 2985 qos = 0; 2986 tid = 0; 2987 qid = WME_AC_BE; 2988 } 2989 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 2990 2991 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 2992 qos, qid, tid, qflags); 2993 2994 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 2995 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 2996 2997 /* pickup a rate index */ 2998 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 2999 type != IEEE80211_FC0_TYPE_DATA) { 3000 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3001 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3002 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3003 } else { 3004 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3005 ridx = rn->fix_ridx; 3006 else 3007 ridx = rn->amrr_ridx; 3008 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3009 } 3010 3011 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3012 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3013 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3014 xflags |= RT2860_TX_ACK; 3015 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3016 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3017 else 3018 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3019 *(uint16_t *)wh->i_dur = htole16(dur); 3020 } 3021 3022 /* reserve slots for mgmt packets, just in case */ 3023 if (sc->sc_epq[qid].tx_nfree < 3) { 3024 DPRINTFN(10, "tx ring %d is full\n", qid); 3025 return (-1); 3026 } 3027 3028 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3029 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3030 sc->sc_epq[qid].tx_nfree--; 3031 3032 txd = (struct rt2870_txd *)&data->desc; 3033 txd->flags = qflags; 3034 txwi = (struct rt2860_txwi *)(txd + 1); 3035 txwi->xflags = xflags; 3036 txwi->wcid = IEEE80211_IS_MULTICAST(wh->i_addr1) ? 3037 0 : RUN_AID2WCID(ni->ni_associd); 3038 /* clear leftover garbage bits */ 3039 txwi->flags = 0; 3040 txwi->txop = 0; 3041 3042 data->m = m; 3043 data->ni = ni; 3044 data->ridx = ridx; 3045 3046 run_set_tx_desc(sc, data); 3047 3048 /* 3049 * The chip keeps track of 2 kind of Tx stats, 3050 * * TX_STAT_FIFO, for per WCID stats, and 3051 * * TX_STA_CNT0 for all-TX-in-one stats. 3052 * 3053 * To use FIFO stats, we need to store MCS into the driver-private 3054 * PacketID field. So that, we can tell whose stats when we read them. 3055 * We add 1 to the MCS because setting the PacketID field to 0 means 3056 * that we don't want feedback in TX_STAT_FIFO. 3057 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3058 * 3059 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3060 */ 3061 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3062 vap->iv_opmode == IEEE80211_M_MBSS) { 3063 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3064 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3065 3066 /* 3067 * Unlike PCI based devices, we don't get any interrupt from 3068 * USB devices, so we simulate FIFO-is-full interrupt here. 3069 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3070 * quickly get fulled. To prevent overflow, increment a counter on 3071 * every FIFO stat request, so we know how many slots are left. 3072 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3073 * are used only in those modes. 3074 * We just drain stats. AMRR gets updated every 1 sec by 3075 * run_ratectl_cb() via callout. 3076 * Call it early. Otherwise overflow. 3077 */ 3078 if (sc->fifo_cnt++ == 10) { 3079 /* 3080 * With multiple vaps or if_bridge, if_start() is called 3081 * with a non-sleepable lock, tcpinp. So, need to defer. 3082 */ 3083 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3084 DPRINTFN(6, "cmdq_store=%d\n", i); 3085 sc->cmdq[i].func = run_drain_fifo; 3086 sc->cmdq[i].arg0 = sc; 3087 ieee80211_runtask(ic, &sc->cmdq_task); 3088 } 3089 } 3090 3091 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3092 3093 usbd_transfer_start(sc->sc_xfer[qid]); 3094 3095 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len + 3096 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3097 rt2860_rates[ridx].rate, qid); 3098 3099 return (0); 3100} 3101 3102static int 3103run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3104{ 3105 struct ifnet *ifp = sc->sc_ifp; 3106 struct ieee80211com *ic = ifp->if_l2com; 3107 struct run_node *rn = (void *)ni; 3108 struct run_tx_data *data; 3109 struct ieee80211_frame *wh; 3110 struct rt2870_txd *txd; 3111 struct rt2860_txwi *txwi; 3112 uint16_t dur; 3113 uint8_t ridx = rn->mgt_ridx; 3114 uint8_t type; 3115 uint8_t xflags = 0; 3116 uint8_t wflags = 0; 3117 3118 RUN_LOCK_ASSERT(sc, MA_OWNED); 3119 3120 wh = mtod(m, struct ieee80211_frame *); 3121 3122 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3123 3124 /* tell hardware to add timestamp for probe responses */ 3125 if ((wh->i_fc[0] & 3126 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3127 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3128 wflags |= RT2860_TX_TS; 3129 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3130 xflags |= RT2860_TX_ACK; 3131 3132 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3133 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3134 *(uint16_t *)wh->i_dur = htole16(dur); 3135 } 3136 3137 if (sc->sc_epq[0].tx_nfree == 0) { 3138 /* let caller free mbuf */ 3139 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3140 return (EIO); 3141 } 3142 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3143 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3144 sc->sc_epq[0].tx_nfree--; 3145 3146 txd = (struct rt2870_txd *)&data->desc; 3147 txd->flags = RT2860_TX_QSEL_EDCA; 3148 txwi = (struct rt2860_txwi *)(txd + 1); 3149 txwi->wcid = 0xff; 3150 txwi->flags = wflags; 3151 txwi->xflags = xflags; 3152 txwi->txop = 0; /* clear leftover garbage bits */ 3153 3154 data->m = m; 3155 data->ni = ni; 3156 data->ridx = ridx; 3157 3158 run_set_tx_desc(sc, data); 3159 3160 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3161 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3162 rt2860_rates[ridx].rate); 3163 3164 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3165 3166 usbd_transfer_start(sc->sc_xfer[0]); 3167 3168 return (0); 3169} 3170 3171static int 3172run_sendprot(struct run_softc *sc, 3173 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3174{ 3175 struct ieee80211com *ic = ni->ni_ic; 3176 struct ieee80211_frame *wh; 3177 struct run_tx_data *data; 3178 struct rt2870_txd *txd; 3179 struct rt2860_txwi *txwi; 3180 struct mbuf *mprot; 3181 int ridx; 3182 int protrate; 3183 int ackrate; 3184 int pktlen; 3185 int isshort; 3186 uint16_t dur; 3187 uint8_t type; 3188 uint8_t wflags = 0; 3189 uint8_t xflags = 0; 3190 3191 RUN_LOCK_ASSERT(sc, MA_OWNED); 3192 3193 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3194 ("protection %d", prot)); 3195 3196 wh = mtod(m, struct ieee80211_frame *); 3197 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3198 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3199 3200 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3201 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3202 3203 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3204 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3205 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3206 wflags = RT2860_TX_FRAG; 3207 3208 /* check that there are free slots before allocating the mbuf */ 3209 if (sc->sc_epq[0].tx_nfree == 0) { 3210 /* let caller free mbuf */ 3211 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3212 return (ENOBUFS); 3213 } 3214 3215 if (prot == IEEE80211_PROT_RTSCTS) { 3216 /* NB: CTS is the same size as an ACK */ 3217 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3218 xflags |= RT2860_TX_ACK; 3219 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3220 } else { 3221 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3222 } 3223 if (mprot == NULL) { 3224 sc->sc_ifp->if_oerrors++; 3225 DPRINTF("could not allocate mbuf\n"); 3226 return (ENOBUFS); 3227 } 3228 3229 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3230 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3231 sc->sc_epq[0].tx_nfree--; 3232 3233 txd = (struct rt2870_txd *)&data->desc; 3234 txd->flags = RT2860_TX_QSEL_EDCA; 3235 txwi = (struct rt2860_txwi *)(txd + 1); 3236 txwi->wcid = 0xff; 3237 txwi->flags = wflags; 3238 txwi->xflags = xflags; 3239 txwi->txop = 0; /* clear leftover garbage bits */ 3240 3241 data->m = mprot; 3242 data->ni = ieee80211_ref_node(ni); 3243 3244 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3245 if (rt2860_rates[ridx].rate == protrate) 3246 break; 3247 data->ridx = ridx; 3248 3249 run_set_tx_desc(sc, data); 3250 3251 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3252 m->m_pkthdr.len, rate); 3253 3254 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3255 3256 usbd_transfer_start(sc->sc_xfer[0]); 3257 3258 return (0); 3259} 3260 3261static int 3262run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3263 const struct ieee80211_bpf_params *params) 3264{ 3265 struct ieee80211com *ic = ni->ni_ic; 3266 struct ieee80211_frame *wh; 3267 struct run_tx_data *data; 3268 struct rt2870_txd *txd; 3269 struct rt2860_txwi *txwi; 3270 uint8_t type; 3271 uint8_t ridx; 3272 uint8_t rate; 3273 uint8_t opflags = 0; 3274 uint8_t xflags = 0; 3275 int error; 3276 3277 RUN_LOCK_ASSERT(sc, MA_OWNED); 3278 3279 KASSERT(params != NULL, ("no raw xmit params")); 3280 3281 wh = mtod(m, struct ieee80211_frame *); 3282 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3283 3284 rate = params->ibp_rate0; 3285 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3286 /* let caller free mbuf */ 3287 return (EINVAL); 3288 } 3289 3290 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3291 xflags |= RT2860_TX_ACK; 3292 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3293 error = run_sendprot(sc, m, ni, 3294 params->ibp_flags & IEEE80211_BPF_RTS ? 3295 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3296 rate); 3297 if (error) { 3298 /* let caller free mbuf */ 3299 return error; 3300 } 3301 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3302 } 3303 3304 if (sc->sc_epq[0].tx_nfree == 0) { 3305 /* let caller free mbuf */ 3306 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3307 DPRINTF("sending raw frame, but tx ring is full\n"); 3308 return (EIO); 3309 } 3310 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3311 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3312 sc->sc_epq[0].tx_nfree--; 3313 3314 txd = (struct rt2870_txd *)&data->desc; 3315 txd->flags = RT2860_TX_QSEL_EDCA; 3316 txwi = (struct rt2860_txwi *)(txd + 1); 3317 txwi->wcid = 0xff; 3318 txwi->xflags = xflags; 3319 txwi->txop = opflags; 3320 txwi->flags = 0; /* clear leftover garbage bits */ 3321 3322 data->m = m; 3323 data->ni = ni; 3324 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3325 if (rt2860_rates[ridx].rate == rate) 3326 break; 3327 data->ridx = ridx; 3328 3329 run_set_tx_desc(sc, data); 3330 3331 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3332 m->m_pkthdr.len, rate); 3333 3334 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3335 3336 usbd_transfer_start(sc->sc_xfer[0]); 3337 3338 return (0); 3339} 3340 3341static int 3342run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3343 const struct ieee80211_bpf_params *params) 3344{ 3345 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3346 struct run_softc *sc = ifp->if_softc; 3347 int error = 0; 3348 3349 RUN_LOCK(sc); 3350 3351 /* prevent management frames from being sent if we're not ready */ 3352 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3353 error = ENETDOWN; 3354 goto done; 3355 } 3356 3357 if (params == NULL) { 3358 /* tx mgt packet */ 3359 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3360 ifp->if_oerrors++; 3361 DPRINTF("mgt tx failed\n"); 3362 goto done; 3363 } 3364 } else { 3365 /* tx raw packet with param */ 3366 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3367 ifp->if_oerrors++; 3368 DPRINTF("tx with param failed\n"); 3369 goto done; 3370 } 3371 } 3372 3373 ifp->if_opackets++; 3374 3375done: 3376 RUN_UNLOCK(sc); 3377 3378 if (error != 0) { 3379 if(m != NULL) 3380 m_freem(m); 3381 ieee80211_free_node(ni); 3382 } 3383 3384 return (error); 3385} 3386 3387static void 3388run_start(struct ifnet *ifp) 3389{ 3390 struct run_softc *sc = ifp->if_softc; 3391 struct ieee80211_node *ni; 3392 struct mbuf *m; 3393 3394 RUN_LOCK(sc); 3395 3396 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3397 RUN_UNLOCK(sc); 3398 return; 3399 } 3400 3401 for (;;) { 3402 /* send data frames */ 3403 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3404 if (m == NULL) 3405 break; 3406 3407 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3408 if (run_tx(sc, m, ni) != 0) { 3409 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3410 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3411 break; 3412 } 3413 } 3414 3415 RUN_UNLOCK(sc); 3416} 3417 3418static int 3419run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3420{ 3421 struct run_softc *sc = ifp->if_softc; 3422 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3423 struct ifreq *ifr = (struct ifreq *) data; 3424 int startall = 0; 3425 int error = 0; 3426 3427 switch (cmd) { 3428 case SIOCSIFFLAGS: 3429 RUN_LOCK(sc); 3430 if (ifp->if_flags & IFF_UP) { 3431 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3432 startall = 1; 3433 run_init_locked(sc); 3434 } else 3435 run_update_promisc_locked(ifp); 3436 } else { 3437 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3438 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3439 run_stop(sc); 3440 } 3441 } 3442 RUN_UNLOCK(sc); 3443 if (startall) 3444 ieee80211_start_all(ic); 3445 break; 3446 case SIOCGIFMEDIA: 3447 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3448 break; 3449 case SIOCGIFADDR: 3450 error = ether_ioctl(ifp, cmd, data); 3451 break; 3452 default: 3453 error = EINVAL; 3454 break; 3455 } 3456 3457 return (error); 3458} 3459 3460static void 3461run_set_agc(struct run_softc *sc, uint8_t agc) 3462{ 3463 uint8_t bbp; 3464 3465 if (sc->mac_ver == 0x3572) { 3466 run_bbp_read(sc, 27, &bbp); 3467 bbp &= ~(0x3 << 5); 3468 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3469 run_bbp_write(sc, 66, agc); 3470 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3471 run_bbp_write(sc, 66, agc); 3472 } else 3473 run_bbp_write(sc, 66, agc); 3474} 3475 3476static void 3477run_select_chan_group(struct run_softc *sc, int group) 3478{ 3479 uint32_t tmp; 3480 uint8_t agc; 3481 3482 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3483 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3484 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3485 run_bbp_write(sc, 86, 0x00); 3486 3487 if (group == 0) { 3488 if (sc->ext_2ghz_lna) { 3489 run_bbp_write(sc, 82, 0x62); 3490 run_bbp_write(sc, 75, 0x46); 3491 } else { 3492 run_bbp_write(sc, 82, 0x84); 3493 run_bbp_write(sc, 75, 0x50); 3494 } 3495 } else { 3496 if (sc->mac_ver == 0x3572) 3497 run_bbp_write(sc, 82, 0x94); 3498 else 3499 run_bbp_write(sc, 82, 0xf2); 3500 if (sc->ext_5ghz_lna) 3501 run_bbp_write(sc, 75, 0x46); 3502 else 3503 run_bbp_write(sc, 75, 0x50); 3504 } 3505 3506 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3507 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3508 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3509 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3510 3511 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3512 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3513 if (sc->nrxchains > 1) 3514 tmp |= RT2860_LNA_PE1_EN; 3515 if (group == 0) { /* 2GHz */ 3516 tmp |= RT2860_PA_PE_G0_EN; 3517 if (sc->ntxchains > 1) 3518 tmp |= RT2860_PA_PE_G1_EN; 3519 } else { /* 5GHz */ 3520 tmp |= RT2860_PA_PE_A0_EN; 3521 if (sc->ntxchains > 1) 3522 tmp |= RT2860_PA_PE_A1_EN; 3523 } 3524 if (sc->mac_ver == 0x3572) { 3525 run_rt3070_rf_write(sc, 8, 0x00); 3526 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3527 run_rt3070_rf_write(sc, 8, 0x80); 3528 } else 3529 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3530 3531 /* set initial AGC value */ 3532 if (group == 0) { /* 2GHz band */ 3533 if (sc->mac_ver >= 0x3070) 3534 agc = 0x1c + sc->lna[0] * 2; 3535 else 3536 agc = 0x2e + sc->lna[0]; 3537 } else { /* 5GHz band */ 3538 if (sc->mac_ver == 0x3572) 3539 agc = 0x22 + (sc->lna[group] * 5) / 3; 3540 else 3541 agc = 0x32 + (sc->lna[group] * 5) / 3; 3542 } 3543 run_set_agc(sc, agc); 3544} 3545 3546static void 3547run_rt2870_set_chan(struct run_softc *sc, uint32_t chan) 3548{ 3549 const struct rfprog *rfprog = rt2860_rf2850; 3550 uint32_t r2, r3, r4; 3551 int8_t txpow1, txpow2; 3552 int i; 3553 3554 /* find the settings for this channel (we know it exists) */ 3555 for (i = 0; rfprog[i].chan != chan; i++); 3556 3557 r2 = rfprog[i].r2; 3558 if (sc->ntxchains == 1) 3559 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 3560 if (sc->nrxchains == 1) 3561 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3562 else if (sc->nrxchains == 2) 3563 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 3564 3565 /* use Tx power values from EEPROM */ 3566 txpow1 = sc->txpow1[i]; 3567 txpow2 = sc->txpow2[i]; 3568 if (chan > 14) { 3569 if (txpow1 >= 0) 3570 txpow1 = txpow1 << 1 | 1; 3571 else 3572 txpow1 = (7 + txpow1) << 1; 3573 if (txpow2 >= 0) 3574 txpow2 = txpow2 << 1 | 1; 3575 else 3576 txpow2 = (7 + txpow2) << 1; 3577 } 3578 r3 = rfprog[i].r3 | txpow1 << 7; 3579 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 3580 3581 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3582 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3583 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3584 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3585 3586 run_delay(sc, 10); 3587 3588 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3589 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3590 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1); 3591 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3592 3593 run_delay(sc, 10); 3594 3595 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3596 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3597 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3598 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3599} 3600 3601static void 3602run_rt3070_set_chan(struct run_softc *sc, uint32_t chan) 3603{ 3604 int8_t txpow1, txpow2; 3605 uint8_t rf; 3606 int i; 3607 3608 /* RT3070 is 2GHz only */ 3609 KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n")); 3610 3611 /* find the settings for this channel (we know it exists) */ 3612 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3613 3614 /* use Tx power values from EEPROM */ 3615 txpow1 = sc->txpow1[i]; 3616 txpow2 = sc->txpow2[i]; 3617 3618 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3619 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3620 run_rt3070_rf_read(sc, 6, &rf); 3621 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3622 run_rt3070_rf_write(sc, 6, rf); 3623 3624 /* set Tx0 power */ 3625 run_rt3070_rf_read(sc, 12, &rf); 3626 rf = (rf & ~0x1f) | txpow1; 3627 run_rt3070_rf_write(sc, 12, rf); 3628 3629 /* set Tx1 power */ 3630 run_rt3070_rf_read(sc, 13, &rf); 3631 rf = (rf & ~0x1f) | txpow2; 3632 run_rt3070_rf_write(sc, 13, rf); 3633 3634 run_rt3070_rf_read(sc, 1, &rf); 3635 rf &= ~0xfc; 3636 if (sc->ntxchains == 1) 3637 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3638 else if (sc->ntxchains == 2) 3639 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3640 if (sc->nrxchains == 1) 3641 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3642 else if (sc->nrxchains == 2) 3643 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3644 run_rt3070_rf_write(sc, 1, rf); 3645 3646 /* set RF offset */ 3647 run_rt3070_rf_read(sc, 23, &rf); 3648 rf = (rf & ~0x7f) | sc->freq; 3649 run_rt3070_rf_write(sc, 23, rf); 3650 3651 /* program RF filter */ 3652 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 3653 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3654 run_rt3070_rf_write(sc, 24, rf); 3655 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 3656 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3657 run_rt3070_rf_write(sc, 31, rf); 3658 3659 /* enable RF tuning */ 3660 run_rt3070_rf_read(sc, 7, &rf); 3661 run_rt3070_rf_write(sc, 7, rf | 0x01); 3662} 3663 3664static void 3665run_rt3572_set_chan(struct run_softc *sc, u_int chan) 3666{ 3667 int8_t txpow1, txpow2; 3668 uint32_t tmp; 3669 uint8_t rf; 3670 int i; 3671 3672 /* find the settings for this channel (we know it exists) */ 3673 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3674 3675 /* use Tx power values from EEPROM */ 3676 txpow1 = sc->txpow1[i]; 3677 txpow2 = sc->txpow2[i]; 3678 3679 if (chan <= 14) { 3680 run_bbp_write(sc, 25, sc->bbp25); 3681 run_bbp_write(sc, 26, sc->bbp26); 3682 } else { 3683 /* enable IQ phase correction */ 3684 run_bbp_write(sc, 25, 0x09); 3685 run_bbp_write(sc, 26, 0xff); 3686 } 3687 3688 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3689 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3690 run_rt3070_rf_read(sc, 6, &rf); 3691 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 3692 rf |= (chan <= 14) ? 0x08 : 0x04; 3693 run_rt3070_rf_write(sc, 6, rf); 3694 3695 /* set PLL mode */ 3696 run_rt3070_rf_read(sc, 5, &rf); 3697 rf &= ~(0x08 | 0x04); 3698 rf |= (chan <= 14) ? 0x04 : 0x08; 3699 run_rt3070_rf_write(sc, 5, rf); 3700 3701 /* set Tx power for chain 0 */ 3702 if (chan <= 14) 3703 rf = 0x60 | txpow1; 3704 else 3705 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 3706 run_rt3070_rf_write(sc, 12, rf); 3707 3708 /* set Tx power for chain 1 */ 3709 if (chan <= 14) 3710 rf = 0x60 | txpow2; 3711 else 3712 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 3713 run_rt3070_rf_write(sc, 13, rf); 3714 3715 /* set Tx/Rx streams */ 3716 run_rt3070_rf_read(sc, 1, &rf); 3717 rf &= ~0xfc; 3718 if (sc->ntxchains == 1) 3719 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3720 else if (sc->ntxchains == 2) 3721 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3722 if (sc->nrxchains == 1) 3723 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3724 else if (sc->nrxchains == 2) 3725 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3726 run_rt3070_rf_write(sc, 1, rf); 3727 3728 /* set RF offset */ 3729 run_rt3070_rf_read(sc, 23, &rf); 3730 rf = (rf & ~0x7f) | sc->freq; 3731 run_rt3070_rf_write(sc, 23, rf); 3732 3733 /* program RF filter */ 3734 rf = sc->rf24_20mhz; 3735 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 3736 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 3737 3738 /* enable RF tuning */ 3739 run_rt3070_rf_read(sc, 7, &rf); 3740 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 3741 run_rt3070_rf_write(sc, 7, rf); 3742 3743 /* TSSI */ 3744 rf = (chan <= 14) ? 0xc3 : 0xc0; 3745 run_rt3070_rf_write(sc, 9, rf); 3746 3747 /* set loop filter 1 */ 3748 run_rt3070_rf_write(sc, 10, 0xf1); 3749 /* set loop filter 2 */ 3750 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 3751 3752 /* set tx_mx2_ic */ 3753 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 3754 /* set tx_mx1_ic */ 3755 if (chan <= 14) 3756 rf = 0x48 | sc->txmixgain_2ghz; 3757 else 3758 rf = 0x78 | sc->txmixgain_5ghz; 3759 run_rt3070_rf_write(sc, 16, rf); 3760 3761 /* set tx_lo1 */ 3762 run_rt3070_rf_write(sc, 17, 0x23); 3763 /* set tx_lo2 */ 3764 if (chan <= 14) 3765 rf = 0x93; 3766 else if (chan <= 64) 3767 rf = 0xb7; 3768 else if (chan <= 128) 3769 rf = 0x74; 3770 else 3771 rf = 0x72; 3772 run_rt3070_rf_write(sc, 19, rf); 3773 3774 /* set rx_lo1 */ 3775 if (chan <= 14) 3776 rf = 0xb3; 3777 else if (chan <= 64) 3778 rf = 0xf6; 3779 else if (chan <= 128) 3780 rf = 0xf4; 3781 else 3782 rf = 0xf3; 3783 run_rt3070_rf_write(sc, 20, rf); 3784 3785 /* set pfd_delay */ 3786 if (chan <= 14) 3787 rf = 0x15; 3788 else if (chan <= 64) 3789 rf = 0x3d; 3790 else 3791 rf = 0x01; 3792 run_rt3070_rf_write(sc, 25, rf); 3793 3794 /* set rx_lo2 */ 3795 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 3796 /* set ldo_rf_vc */ 3797 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 3798 /* set drv_cc */ 3799 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 3800 3801 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3802 tmp &= ~0x8080; 3803 if (chan <= 14) 3804 tmp |= 0x80; 3805 run_write(sc, RT2860_GPIO_CTRL, tmp); 3806 3807 /* enable RF tuning */ 3808 run_rt3070_rf_read(sc, 7, &rf); 3809 run_rt3070_rf_write(sc, 7, rf | 0x01); 3810 3811 run_delay(sc, 2); 3812} 3813 3814static void 3815run_set_rx_antenna(struct run_softc *sc, int aux) 3816{ 3817 uint32_t tmp; 3818 3819 if (aux) { 3820 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 3821 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3822 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 3823 } else { 3824 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 3825 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3826 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 3827 } 3828} 3829 3830static int 3831run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 3832{ 3833 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3834 uint32_t chan, group; 3835 3836 chan = ieee80211_chan2ieee(ic, c); 3837 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 3838 return (EINVAL); 3839 3840 if (sc->mac_ver == 0x3572) 3841 run_rt3572_set_chan(sc, chan); 3842 else if (sc->mac_ver >= 0x3070) 3843 run_rt3070_set_chan(sc, chan); 3844 else 3845 run_rt2870_set_chan(sc, chan); 3846 3847 /* determine channel group */ 3848 if (chan <= 14) 3849 group = 0; 3850 else if (chan <= 64) 3851 group = 1; 3852 else if (chan <= 128) 3853 group = 2; 3854 else 3855 group = 3; 3856 3857 /* XXX necessary only when group has changed! */ 3858 run_select_chan_group(sc, group); 3859 3860 run_delay(sc, 10); 3861 3862 return (0); 3863} 3864 3865static void 3866run_set_channel(struct ieee80211com *ic) 3867{ 3868 struct run_softc *sc = ic->ic_ifp->if_softc; 3869 3870 RUN_LOCK(sc); 3871 run_set_chan(sc, ic->ic_curchan); 3872 RUN_UNLOCK(sc); 3873 3874 return; 3875} 3876 3877static void 3878run_scan_start(struct ieee80211com *ic) 3879{ 3880 struct run_softc *sc = ic->ic_ifp->if_softc; 3881 uint32_t tmp; 3882 3883 RUN_LOCK(sc); 3884 3885 /* abort TSF synchronization */ 3886 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 3887 run_write(sc, RT2860_BCN_TIME_CFG, 3888 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 3889 RT2860_TBTT_TIMER_EN)); 3890 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 3891 3892 RUN_UNLOCK(sc); 3893 3894 return; 3895} 3896 3897static void 3898run_scan_end(struct ieee80211com *ic) 3899{ 3900 struct run_softc *sc = ic->ic_ifp->if_softc; 3901 3902 RUN_LOCK(sc); 3903 3904 run_enable_tsf_sync(sc); 3905 /* XXX keep local copy */ 3906 run_set_bssid(sc, sc->sc_bssid); 3907 3908 RUN_UNLOCK(sc); 3909 3910 return; 3911} 3912 3913/* 3914 * Could be called from ieee80211_node_timeout() 3915 * (non-sleepable thread) 3916 */ 3917static void 3918run_update_beacon(struct ieee80211vap *vap, int item) 3919{ 3920 struct ieee80211com *ic = vap->iv_ic; 3921 struct run_softc *sc = ic->ic_ifp->if_softc; 3922 struct run_vap *rvp = RUN_VAP(vap); 3923 int mcast = 0; 3924 uint32_t i; 3925 3926 KASSERT(vap != NULL, ("no beacon")); 3927 3928 switch (item) { 3929 case IEEE80211_BEACON_ERP: 3930 run_updateslot(ic->ic_ifp); 3931 break; 3932 case IEEE80211_BEACON_HTINFO: 3933 run_updateprot(ic); 3934 break; 3935 case IEEE80211_BEACON_TIM: 3936 mcast = 1; /*TODO*/ 3937 break; 3938 default: 3939 break; 3940 } 3941 3942 setbit(rvp->bo.bo_flags, item); 3943 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 3944 3945 i = RUN_CMDQ_GET(&sc->cmdq_store); 3946 DPRINTF("cmdq_store=%d\n", i); 3947 sc->cmdq[i].func = run_update_beacon_cb; 3948 sc->cmdq[i].arg0 = vap; 3949 ieee80211_runtask(ic, &sc->cmdq_task); 3950 3951 return; 3952} 3953 3954static void 3955run_update_beacon_cb(void *arg) 3956{ 3957 struct ieee80211vap *vap = arg; 3958 struct run_vap *rvp = RUN_VAP(vap); 3959 struct ieee80211com *ic = vap->iv_ic; 3960 struct run_softc *sc = ic->ic_ifp->if_softc; 3961 struct rt2860_txwi txwi; 3962 struct mbuf *m; 3963 uint8_t ridx; 3964 3965 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 3966 return; 3967 3968 /* 3969 * No need to call ieee80211_beacon_update(), run_update_beacon() 3970 * is taking care of apropriate calls. 3971 */ 3972 if (rvp->beacon_mbuf == NULL) { 3973 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 3974 &rvp->bo); 3975 if (rvp->beacon_mbuf == NULL) 3976 return; 3977 } 3978 m = rvp->beacon_mbuf; 3979 3980 memset(&txwi, 0, sizeof txwi); 3981 txwi.wcid = 0xff; 3982 txwi.len = htole16(m->m_pkthdr.len); 3983 /* send beacons at the lowest available rate */ 3984 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3985 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3986 txwi.phy = htole16(rt2860_rates[ridx].mcs); 3987 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 3988 txwi.phy |= htole16(RT2860_PHY_OFDM); 3989 txwi.txop = RT2860_TX_TXOP_HT; 3990 txwi.flags = RT2860_TX_TS; 3991 txwi.xflags = RT2860_TX_NSEQ; 3992 3993 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), 3994 (uint8_t *)&txwi, sizeof txwi); 3995 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + sizeof txwi, 3996 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); /* roundup len */ 3997 3998 return; 3999} 4000 4001static void 4002run_updateprot(struct ieee80211com *ic) 4003{ 4004 struct run_softc *sc = ic->ic_ifp->if_softc; 4005 uint32_t i; 4006 4007 i = RUN_CMDQ_GET(&sc->cmdq_store); 4008 DPRINTF("cmdq_store=%d\n", i); 4009 sc->cmdq[i].func = run_updateprot_cb; 4010 sc->cmdq[i].arg0 = ic; 4011 ieee80211_runtask(ic, &sc->cmdq_task); 4012} 4013 4014static void 4015run_updateprot_cb(void *arg) 4016{ 4017 struct ieee80211com *ic = arg; 4018 struct run_softc *sc = ic->ic_ifp->if_softc; 4019 uint32_t tmp; 4020 4021 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4022 /* setup protection frame rate (MCS code) */ 4023 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4024 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4025 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4026 4027 /* CCK frames don't require protection */ 4028 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4029 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4030 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4031 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4032 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4033 tmp |= RT2860_PROT_CTRL_CTS; 4034 } 4035 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4036} 4037 4038static void 4039run_usb_timeout_cb(void *arg) 4040{ 4041 struct ieee80211vap *vap = arg; 4042 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4043 4044 RUN_LOCK_ASSERT(sc, MA_OWNED); 4045 4046 if(vap->iv_state == IEEE80211_S_RUN && 4047 vap->iv_opmode != IEEE80211_M_STA) 4048 run_reset_livelock(sc); 4049 else if (vap->iv_state == IEEE80211_S_SCAN) { 4050 DPRINTF("timeout caused by scan\n"); 4051 /* cancel bgscan */ 4052 ieee80211_cancel_scan(vap); 4053 } else 4054 DPRINTF("timeout by unknown cause\n"); 4055} 4056 4057static void 4058run_reset_livelock(struct run_softc *sc) 4059{ 4060 uint32_t tmp; 4061 4062 RUN_LOCK_ASSERT(sc, MA_OWNED); 4063 4064 /* 4065 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4066 * can run into a livelock and start sending CTS-to-self frames like 4067 * crazy if protection is enabled. Reset MAC/BBP for a while 4068 */ 4069 run_read(sc, RT2860_DEBUG, &tmp); 4070 DPRINTFN(3, "debug reg %08x\n", tmp); 4071 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4072 DPRINTF("CTS-to-self livelock detected\n"); 4073 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4074 run_delay(sc, 1); 4075 run_write(sc, RT2860_MAC_SYS_CTRL, 4076 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4077 } 4078} 4079 4080static void 4081run_update_promisc_locked(struct ifnet *ifp) 4082{ 4083 struct run_softc *sc = ifp->if_softc; 4084 uint32_t tmp; 4085 4086 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4087 4088 tmp |= RT2860_DROP_UC_NOME; 4089 if (ifp->if_flags & IFF_PROMISC) 4090 tmp &= ~RT2860_DROP_UC_NOME; 4091 4092 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4093 4094 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4095 "entering" : "leaving"); 4096} 4097 4098static void 4099run_update_promisc(struct ifnet *ifp) 4100{ 4101 struct run_softc *sc = ifp->if_softc; 4102 4103 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 4104 return; 4105 4106 RUN_LOCK(sc); 4107 run_update_promisc_locked(ifp); 4108 RUN_UNLOCK(sc); 4109} 4110 4111static void 4112run_enable_tsf_sync(struct run_softc *sc) 4113{ 4114 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4115 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4116 uint32_t tmp; 4117 4118 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode); 4119 4120 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4121 tmp &= ~0x1fffff; 4122 tmp |= vap->iv_bss->ni_intval * 16; 4123 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4124 4125 if (ic->ic_opmode == IEEE80211_M_STA) { 4126 /* 4127 * Local TSF is always updated with remote TSF on beacon 4128 * reception. 4129 */ 4130 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4131 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4132 tmp |= RT2860_BCN_TX_EN; 4133 /* 4134 * Local TSF is updated with remote TSF on beacon reception 4135 * only if the remote TSF is greater than local TSF. 4136 */ 4137 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4138 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4139 ic->ic_opmode == IEEE80211_M_MBSS) { 4140 tmp |= RT2860_BCN_TX_EN; 4141 /* SYNC with nobody */ 4142 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4143 } else { 4144 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4145 return; 4146 } 4147 4148 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4149} 4150 4151static void 4152run_enable_mrr(struct run_softc *sc) 4153{ 4154#define CCK(mcs) (mcs) 4155#define OFDM(mcs) (1 << 3 | (mcs)) 4156 run_write(sc, RT2860_LG_FBK_CFG0, 4157 OFDM(6) << 28 | /* 54->48 */ 4158 OFDM(5) << 24 | /* 48->36 */ 4159 OFDM(4) << 20 | /* 36->24 */ 4160 OFDM(3) << 16 | /* 24->18 */ 4161 OFDM(2) << 12 | /* 18->12 */ 4162 OFDM(1) << 8 | /* 12-> 9 */ 4163 OFDM(0) << 4 | /* 9-> 6 */ 4164 OFDM(0)); /* 6-> 6 */ 4165 4166 run_write(sc, RT2860_LG_FBK_CFG1, 4167 CCK(2) << 12 | /* 11->5.5 */ 4168 CCK(1) << 8 | /* 5.5-> 2 */ 4169 CCK(0) << 4 | /* 2-> 1 */ 4170 CCK(0)); /* 1-> 1 */ 4171#undef OFDM 4172#undef CCK 4173} 4174 4175static void 4176run_set_txpreamble(struct run_softc *sc) 4177{ 4178 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4179 uint32_t tmp; 4180 4181 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4182 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4183 tmp |= RT2860_CCK_SHORT_EN; 4184 else 4185 tmp &= ~RT2860_CCK_SHORT_EN; 4186 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4187} 4188 4189static void 4190run_set_basicrates(struct run_softc *sc) 4191{ 4192 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4193 4194 /* set basic rates mask */ 4195 if (ic->ic_curmode == IEEE80211_MODE_11B) 4196 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4197 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4198 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4199 else /* 11g */ 4200 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4201} 4202 4203static void 4204run_set_leds(struct run_softc *sc, uint16_t which) 4205{ 4206 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4207 which | (sc->leds & 0x7f)); 4208} 4209 4210static void 4211run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4212{ 4213 run_write(sc, RT2860_MAC_BSSID_DW0, 4214 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4215 run_write(sc, RT2860_MAC_BSSID_DW1, 4216 bssid[4] | bssid[5] << 8); 4217} 4218 4219static void 4220run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4221{ 4222 run_write(sc, RT2860_MAC_ADDR_DW0, 4223 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4224 run_write(sc, RT2860_MAC_ADDR_DW1, 4225 addr[4] | addr[5] << 8 | 0xff << 16); 4226} 4227 4228static void 4229run_updateslot(struct ifnet *ifp) 4230{ 4231 struct run_softc *sc = ifp->if_softc; 4232 struct ieee80211com *ic = ifp->if_l2com; 4233 uint32_t i; 4234 4235 i = RUN_CMDQ_GET(&sc->cmdq_store); 4236 DPRINTF("cmdq_store=%d\n", i); 4237 sc->cmdq[i].func = run_updateslot_cb; 4238 sc->cmdq[i].arg0 = ifp; 4239 ieee80211_runtask(ic, &sc->cmdq_task); 4240 4241 return; 4242} 4243 4244/* ARGSUSED */ 4245static void 4246run_updateslot_cb(void *arg) 4247{ 4248 struct ifnet *ifp = arg; 4249 struct run_softc *sc = ifp->if_softc; 4250 struct ieee80211com *ic = ifp->if_l2com; 4251 uint32_t tmp; 4252 4253 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4254 tmp &= ~0xff; 4255 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4256 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4257} 4258 4259static void 4260run_update_mcast(struct ifnet *ifp) 4261{ 4262 /* h/w filter supports getting everything or nothing */ 4263 ifp->if_flags |= IFF_ALLMULTI; 4264} 4265 4266static int8_t 4267run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4268{ 4269 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4270 struct ieee80211_channel *c = ic->ic_curchan; 4271 int delta; 4272 4273 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4274 uint32_t chan = ieee80211_chan2ieee(ic, c); 4275 delta = sc->rssi_5ghz[rxchain]; 4276 4277 /* determine channel group */ 4278 if (chan <= 64) 4279 delta -= sc->lna[1]; 4280 else if (chan <= 128) 4281 delta -= sc->lna[2]; 4282 else 4283 delta -= sc->lna[3]; 4284 } else 4285 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4286 4287 return (-12 - delta - rssi); 4288} 4289 4290static int 4291run_bbp_init(struct run_softc *sc) 4292{ 4293 int i, error, ntries; 4294 uint8_t bbp0; 4295 4296 /* wait for BBP to wake up */ 4297 for (ntries = 0; ntries < 20; ntries++) { 4298 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4299 return error; 4300 if (bbp0 != 0 && bbp0 != 0xff) 4301 break; 4302 } 4303 if (ntries == 20) 4304 return (ETIMEDOUT); 4305 4306 /* initialize BBP registers to default values */ 4307 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 4308 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4309 rt2860_def_bbp[i].val); 4310 } 4311 4312 /* fix BBP84 for RT2860E */ 4313 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4314 run_bbp_write(sc, 84, 0x19); 4315 4316 if (sc->mac_ver >= 0x3070) { 4317 run_bbp_write(sc, 79, 0x13); 4318 run_bbp_write(sc, 80, 0x05); 4319 run_bbp_write(sc, 81, 0x33); 4320 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 4321 run_bbp_write(sc, 69, 0x16); 4322 run_bbp_write(sc, 73, 0x12); 4323 } 4324 return (0); 4325} 4326 4327static int 4328run_rt3070_rf_init(struct run_softc *sc) 4329{ 4330 uint32_t tmp; 4331 uint8_t rf, target, bbp4; 4332 int i; 4333 4334 run_rt3070_rf_read(sc, 30, &rf); 4335 /* toggle RF R30 bit 7 */ 4336 run_rt3070_rf_write(sc, 30, rf | 0x80); 4337 run_delay(sc, 10); 4338 run_rt3070_rf_write(sc, 30, rf & ~0x80); 4339 4340 /* initialize RF registers to default value */ 4341 if (sc->mac_ver == 0x3572) { 4342 for (i = 0; i < nitems(rt3572_def_rf); i++) { 4343 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 4344 rt3572_def_rf[i].val); 4345 } 4346 } else { 4347 for (i = 0; i < nitems(rt3070_def_rf); i++) { 4348 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 4349 rt3070_def_rf[i].val); 4350 } 4351 } 4352 4353 if (sc->mac_ver == 0x3070) { 4354 /* change voltage from 1.2V to 1.35V for RT3070 */ 4355 run_read(sc, RT3070_LDO_CFG0, &tmp); 4356 tmp = (tmp & ~0x0f000000) | 0x0d000000; 4357 run_write(sc, RT3070_LDO_CFG0, tmp); 4358 4359 } else if (sc->mac_ver == 0x3071) { 4360 run_rt3070_rf_read(sc, 6, &rf); 4361 run_rt3070_rf_write(sc, 6, rf | 0x40); 4362 run_rt3070_rf_write(sc, 31, 0x14); 4363 4364 run_read(sc, RT3070_LDO_CFG0, &tmp); 4365 tmp &= ~0x1f000000; 4366 if (sc->mac_rev < 0x0211) 4367 tmp |= 0x0d000000; /* 1.3V */ 4368 else 4369 tmp |= 0x01000000; /* 1.2V */ 4370 run_write(sc, RT3070_LDO_CFG0, tmp); 4371 4372 /* patch LNA_PE_G1 */ 4373 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 4374 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 4375 4376 } else if (sc->mac_ver == 0x3572) { 4377 run_rt3070_rf_read(sc, 6, &rf); 4378 run_rt3070_rf_write(sc, 6, rf | 0x40); 4379 4380 /* increase voltage from 1.2V to 1.35V */ 4381 run_read(sc, RT3070_LDO_CFG0, &tmp); 4382 tmp = (tmp & ~0x1f000000) | 0x0d000000; 4383 run_write(sc, RT3070_LDO_CFG0, tmp); 4384 4385 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 4386 run_delay(sc, 1); /* wait for 1msec */ 4387 /* decrease voltage back to 1.2V */ 4388 tmp = (tmp & ~0x1f000000) | 0x01000000; 4389 run_write(sc, RT3070_LDO_CFG0, tmp); 4390 } 4391 } 4392 4393 /* select 20MHz bandwidth */ 4394 run_rt3070_rf_read(sc, 31, &rf); 4395 run_rt3070_rf_write(sc, 31, rf & ~0x20); 4396 4397 /* calibrate filter for 20MHz bandwidth */ 4398 sc->rf24_20mhz = 0x1f; /* default value */ 4399 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 4400 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 4401 4402 /* select 40MHz bandwidth */ 4403 run_bbp_read(sc, 4, &bbp4); 4404 run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10); 4405 run_rt3070_rf_read(sc, 31, &rf); 4406 run_rt3070_rf_write(sc, 31, rf | 0x20); 4407 4408 /* calibrate filter for 40MHz bandwidth */ 4409 sc->rf24_40mhz = 0x2f; /* default value */ 4410 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 4411 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 4412 4413 /* go back to 20MHz bandwidth */ 4414 run_bbp_read(sc, 4, &bbp4); 4415 run_bbp_write(sc, 4, bbp4 & ~0x18); 4416 4417 if (sc->mac_ver == 0x3572) { 4418 /* save default BBP registers 25 and 26 values */ 4419 run_bbp_read(sc, 25, &sc->bbp25); 4420 run_bbp_read(sc, 26, &sc->bbp26); 4421 } else if (sc->mac_rev < 0x0211) 4422 run_rt3070_rf_write(sc, 27, 0x03); 4423 4424 run_read(sc, RT3070_OPT_14, &tmp); 4425 run_write(sc, RT3070_OPT_14, tmp | 1); 4426 4427 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4428 run_rt3070_rf_read(sc, 17, &rf); 4429 rf &= ~RT3070_TX_LO1; 4430 if ((sc->mac_ver == 0x3070 || 4431 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 4432 !sc->ext_2ghz_lna) 4433 rf |= 0x20; /* fix for long range Rx issue */ 4434 if (sc->txmixgain_2ghz >= 1) 4435 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 4436 run_rt3070_rf_write(sc, 17, rf); 4437 } 4438 4439 if (sc->mac_rev == 0x3071) { 4440 run_rt3070_rf_read(sc, 1, &rf); 4441 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 4442 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 4443 run_rt3070_rf_write(sc, 1, rf); 4444 4445 run_rt3070_rf_read(sc, 15, &rf); 4446 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 4447 4448 run_rt3070_rf_read(sc, 20, &rf); 4449 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 4450 4451 run_rt3070_rf_read(sc, 21, &rf); 4452 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 4453 } 4454 4455 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4456 /* fix Tx to Rx IQ glitch by raising RF voltage */ 4457 run_rt3070_rf_read(sc, 27, &rf); 4458 rf &= ~0x77; 4459 if (sc->mac_rev < 0x0211) 4460 rf |= 0x03; 4461 run_rt3070_rf_write(sc, 27, rf); 4462 } 4463 return (0); 4464} 4465 4466static int 4467run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 4468 uint8_t *val) 4469{ 4470 uint8_t rf22, rf24; 4471 uint8_t bbp55_pb, bbp55_sb, delta; 4472 int ntries; 4473 4474 /* program filter */ 4475 run_rt3070_rf_read(sc, 24, &rf24); 4476 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 4477 run_rt3070_rf_write(sc, 24, rf24); 4478 4479 /* enable baseband loopback mode */ 4480 run_rt3070_rf_read(sc, 22, &rf22); 4481 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 4482 4483 /* set power and frequency of passband test tone */ 4484 run_bbp_write(sc, 24, 0x00); 4485 for (ntries = 0; ntries < 100; ntries++) { 4486 /* transmit test tone */ 4487 run_bbp_write(sc, 25, 0x90); 4488 run_delay(sc, 10); 4489 /* read received power */ 4490 run_bbp_read(sc, 55, &bbp55_pb); 4491 if (bbp55_pb != 0) 4492 break; 4493 } 4494 if (ntries == 100) 4495 return ETIMEDOUT; 4496 4497 /* set power and frequency of stopband test tone */ 4498 run_bbp_write(sc, 24, 0x06); 4499 for (ntries = 0; ntries < 100; ntries++) { 4500 /* transmit test tone */ 4501 run_bbp_write(sc, 25, 0x90); 4502 run_delay(sc, 10); 4503 /* read received power */ 4504 run_bbp_read(sc, 55, &bbp55_sb); 4505 4506 delta = bbp55_pb - bbp55_sb; 4507 if (delta > target) 4508 break; 4509 4510 /* reprogram filter */ 4511 rf24++; 4512 run_rt3070_rf_write(sc, 24, rf24); 4513 } 4514 if (ntries < 100) { 4515 if (rf24 != init) 4516 rf24--; /* backtrack */ 4517 *val = rf24; 4518 run_rt3070_rf_write(sc, 24, rf24); 4519 } 4520 4521 /* restore initial state */ 4522 run_bbp_write(sc, 24, 0x00); 4523 4524 /* disable baseband loopback mode */ 4525 run_rt3070_rf_read(sc, 22, &rf22); 4526 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 4527 4528 return (0); 4529} 4530 4531static void 4532run_rt3070_rf_setup(struct run_softc *sc) 4533{ 4534 uint8_t bbp, rf; 4535 int i; 4536 4537 if (sc->mac_ver == 0x3572) { 4538 /* enable DC filter */ 4539 if (sc->mac_rev >= 0x0201) 4540 run_bbp_write(sc, 103, 0xc0); 4541 4542 run_bbp_read(sc, 138, &bbp); 4543 if (sc->ntxchains == 1) 4544 bbp |= 0x20; /* turn off DAC1 */ 4545 if (sc->nrxchains == 1) 4546 bbp &= ~0x02; /* turn off ADC1 */ 4547 run_bbp_write(sc, 138, bbp); 4548 4549 if (sc->mac_rev >= 0x0211) { 4550 /* improve power consumption */ 4551 run_bbp_read(sc, 31, &bbp); 4552 run_bbp_write(sc, 31, bbp & ~0x03); 4553 } 4554 4555 run_rt3070_rf_read(sc, 16, &rf); 4556 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 4557 run_rt3070_rf_write(sc, 16, rf); 4558 4559 } else if (sc->mac_ver == 0x3071) { 4560 /* enable DC filter */ 4561 if (sc->mac_rev >= 0x0201) 4562 run_bbp_write(sc, 103, 0xc0); 4563 4564 run_bbp_read(sc, 138, &bbp); 4565 if (sc->ntxchains == 1) 4566 bbp |= 0x20; /* turn off DAC1 */ 4567 if (sc->nrxchains == 1) 4568 bbp &= ~0x02; /* turn off ADC1 */ 4569 run_bbp_write(sc, 138, bbp); 4570 4571 if (sc->mac_rev >= 0x0211) { 4572 /* improve power consumption */ 4573 run_bbp_read(sc, 31, &bbp); 4574 run_bbp_write(sc, 31, bbp & ~0x03); 4575 } 4576 4577 run_write(sc, RT2860_TX_SW_CFG1, 0); 4578 if (sc->mac_rev < 0x0211) { 4579 run_write(sc, RT2860_TX_SW_CFG2, 4580 sc->patch_dac ? 0x2c : 0x0f); 4581 } else 4582 run_write(sc, RT2860_TX_SW_CFG2, 0); 4583 4584 } else if (sc->mac_ver == 0x3070) { 4585 if (sc->mac_rev >= 0x0201) { 4586 /* enable DC filter */ 4587 run_bbp_write(sc, 103, 0xc0); 4588 4589 /* improve power consumption */ 4590 run_bbp_read(sc, 31, &bbp); 4591 run_bbp_write(sc, 31, bbp & ~0x03); 4592 } 4593 4594 if (sc->mac_rev < 0x0211) { 4595 run_write(sc, RT2860_TX_SW_CFG1, 0); 4596 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 4597 } else 4598 run_write(sc, RT2860_TX_SW_CFG2, 0); 4599 } 4600 4601 /* initialize RF registers from ROM for >=RT3071*/ 4602 if (sc->mac_ver >= 0x3071) { 4603 for (i = 0; i < 10; i++) { 4604 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 4605 continue; 4606 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 4607 } 4608 } 4609} 4610 4611static int 4612run_txrx_enable(struct run_softc *sc) 4613{ 4614 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4615 uint32_t tmp; 4616 int error, ntries; 4617 4618 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 4619 for (ntries = 0; ntries < 200; ntries++) { 4620 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 4621 return error; 4622 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4623 break; 4624 run_delay(sc, 50); 4625 } 4626 if (ntries == 200) 4627 return ETIMEDOUT; 4628 4629 run_delay(sc, 50); 4630 4631 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 4632 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4633 4634 /* enable Rx bulk aggregation (set timeout and limit) */ 4635 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 4636 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 4637 run_write(sc, RT2860_USB_DMA_CFG, tmp); 4638 4639 /* set Rx filter */ 4640 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 4641 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 4642 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 4643 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 4644 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 4645 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 4646 if (ic->ic_opmode == IEEE80211_M_STA) 4647 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 4648 } 4649 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4650 4651 run_write(sc, RT2860_MAC_SYS_CTRL, 4652 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4653 4654 return (0); 4655} 4656 4657static void 4658run_init_locked(struct run_softc *sc) 4659{ 4660 struct ifnet *ifp = sc->sc_ifp; 4661 struct ieee80211com *ic = ifp->if_l2com; 4662 uint32_t tmp; 4663 uint8_t bbp1, bbp3; 4664 int i; 4665 int ridx; 4666 int ntries; 4667 4668 if (ic->ic_nrunning > 1) 4669 return; 4670 4671 run_stop(sc); 4672 4673 for (ntries = 0; ntries < 100; ntries++) { 4674 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 4675 goto fail; 4676 if (tmp != 0 && tmp != 0xffffffff) 4677 break; 4678 run_delay(sc, 10); 4679 } 4680 if (ntries == 100) 4681 goto fail; 4682 4683 for (i = 0; i != RUN_EP_QUEUES; i++) 4684 run_setup_tx_list(sc, &sc->sc_epq[i]); 4685 4686 run_set_macaddr(sc, IF_LLADDR(ifp)); 4687 4688 for (ntries = 0; ntries < 100; ntries++) { 4689 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 4690 goto fail; 4691 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4692 break; 4693 run_delay(sc, 10); 4694 } 4695 if (ntries == 100) { 4696 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 4697 goto fail; 4698 } 4699 tmp &= 0xff0; 4700 tmp |= RT2860_TX_WB_DDONE; 4701 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4702 4703 /* turn off PME_OEN to solve high-current issue */ 4704 run_read(sc, RT2860_SYS_CTRL, &tmp); 4705 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 4706 4707 run_write(sc, RT2860_MAC_SYS_CTRL, 4708 RT2860_BBP_HRST | RT2860_MAC_SRST); 4709 run_write(sc, RT2860_USB_DMA_CFG, 0); 4710 4711 if (run_reset(sc) != 0) { 4712 device_printf(sc->sc_dev, "could not reset chipset\n"); 4713 goto fail; 4714 } 4715 4716 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4717 4718 /* init Tx power for all Tx rates (from EEPROM) */ 4719 for (ridx = 0; ridx < 5; ridx++) { 4720 if (sc->txpow20mhz[ridx] == 0xffffffff) 4721 continue; 4722 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 4723 } 4724 4725 for (i = 0; i < nitems(rt2870_def_mac); i++) 4726 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 4727 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 4728 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 4729 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 4730 4731 if (sc->mac_ver >= 0x3070) { 4732 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 4733 run_write(sc, RT2860_TX_SW_CFG0, 4734 4 << RT2860_DLY_PAPE_EN_SHIFT); 4735 } 4736 4737 /* wait while MAC is busy */ 4738 for (ntries = 0; ntries < 100; ntries++) { 4739 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 4740 goto fail; 4741 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 4742 break; 4743 run_delay(sc, 10); 4744 } 4745 if (ntries == 100) 4746 goto fail; 4747 4748 /* clear Host to MCU mailbox */ 4749 run_write(sc, RT2860_H2M_BBPAGENT, 0); 4750 run_write(sc, RT2860_H2M_MAILBOX, 0); 4751 run_delay(sc, 10); 4752 4753 if (run_bbp_init(sc) != 0) { 4754 device_printf(sc->sc_dev, "could not initialize BBP\n"); 4755 goto fail; 4756 } 4757 4758 /* abort TSF synchronization */ 4759 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4760 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4761 RT2860_TBTT_TIMER_EN); 4762 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4763 4764 /* clear RX WCID search table */ 4765 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 4766 /* clear WCID attribute table */ 4767 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 4768 4769 /* hostapd sets a key before init. So, don't clear it. */ 4770 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 4771 /* clear shared key table */ 4772 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 4773 /* clear shared key mode */ 4774 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 4775 } 4776 4777 run_read(sc, RT2860_US_CYC_CNT, &tmp); 4778 tmp = (tmp & ~0xff) | 0x1e; 4779 run_write(sc, RT2860_US_CYC_CNT, tmp); 4780 4781 if (sc->mac_rev != 0x0101) 4782 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 4783 4784 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 4785 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 4786 4787 /* write vendor-specific BBP values (from EEPROM) */ 4788 for (i = 0; i < 10; i++) { 4789 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 4790 continue; 4791 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 4792 } 4793 4794 /* select Main antenna for 1T1R devices */ 4795 if (sc->rf_rev == RT3070_RF_3020) 4796 run_set_rx_antenna(sc, 0); 4797 4798 /* send LEDs operating mode to microcontroller */ 4799 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 4800 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 4801 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 4802 4803 if (sc->mac_ver >= 0x3070) 4804 run_rt3070_rf_init(sc); 4805 4806 /* disable non-existing Rx chains */ 4807 run_bbp_read(sc, 3, &bbp3); 4808 bbp3 &= ~(1 << 3 | 1 << 4); 4809 if (sc->nrxchains == 2) 4810 bbp3 |= 1 << 3; 4811 else if (sc->nrxchains == 3) 4812 bbp3 |= 1 << 4; 4813 run_bbp_write(sc, 3, bbp3); 4814 4815 /* disable non-existing Tx chains */ 4816 run_bbp_read(sc, 1, &bbp1); 4817 if (sc->ntxchains == 1) 4818 bbp1 &= ~(1 << 3 | 1 << 4); 4819 run_bbp_write(sc, 1, bbp1); 4820 4821 if (sc->mac_ver >= 0x3070) 4822 run_rt3070_rf_setup(sc); 4823 4824 /* select default channel */ 4825 run_set_chan(sc, ic->ic_curchan); 4826 4827 /* setup initial protection mode */ 4828 run_updateprot_cb(ic); 4829 4830 /* turn radio LED on */ 4831 run_set_leds(sc, RT2860_LED_RADIO); 4832 4833 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 4834 ifp->if_drv_flags |= IFF_DRV_RUNNING; 4835 sc->cmdq_run = RUN_CMDQ_GO; 4836 4837 for (i = 0; i != RUN_N_XFER; i++) 4838 usbd_xfer_set_stall(sc->sc_xfer[i]); 4839 4840 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 4841 4842 if (run_txrx_enable(sc) != 0) 4843 goto fail; 4844 4845 return; 4846 4847fail: 4848 run_stop(sc); 4849} 4850 4851static void 4852run_init(void *arg) 4853{ 4854 struct run_softc *sc = arg; 4855 struct ifnet *ifp = sc->sc_ifp; 4856 struct ieee80211com *ic = ifp->if_l2com; 4857 4858 RUN_LOCK(sc); 4859 run_init_locked(sc); 4860 RUN_UNLOCK(sc); 4861 4862 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4863 ieee80211_start_all(ic); 4864} 4865 4866static void 4867run_stop(void *arg) 4868{ 4869 struct run_softc *sc = (struct run_softc *)arg; 4870 struct ifnet *ifp = sc->sc_ifp; 4871 uint32_t tmp; 4872 int i; 4873 int ntries; 4874 4875 RUN_LOCK_ASSERT(sc, MA_OWNED); 4876 4877 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 4878 run_set_leds(sc, 0); /* turn all LEDs off */ 4879 4880 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 4881 4882 sc->ratectl_run = RUN_RATECTL_OFF; 4883 sc->cmdq_run = sc->cmdq_key_set; 4884 4885 RUN_UNLOCK(sc); 4886 4887 for(i = 0; i < RUN_N_XFER; i++) 4888 usbd_transfer_drain(sc->sc_xfer[i]); 4889 4890 RUN_LOCK(sc); 4891 4892 if (sc->rx_m != NULL) { 4893 m_free(sc->rx_m); 4894 sc->rx_m = NULL; 4895 } 4896 4897 /* disable Tx/Rx */ 4898 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 4899 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4900 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 4901 4902 /* wait for pending Tx to complete */ 4903 for (ntries = 0; ntries < 100; ntries++) { 4904 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 4905 DPRINTF("Cannot read Tx queue count\n"); 4906 break; 4907 } 4908 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 4909 DPRINTF("All Tx cleared\n"); 4910 break; 4911 } 4912 run_delay(sc, 10); 4913 } 4914 if (ntries >= 100) 4915 DPRINTF("There are still pending Tx\n"); 4916 run_delay(sc, 10); 4917 run_write(sc, RT2860_USB_DMA_CFG, 0); 4918 4919 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 4920 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4921 4922 for (i = 0; i != RUN_EP_QUEUES; i++) 4923 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 4924 4925 return; 4926} 4927 4928static void 4929run_delay(struct run_softc *sc, unsigned int ms) 4930{ 4931 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 4932 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 4933} 4934 4935static device_method_t run_methods[] = { 4936 /* Device interface */ 4937 DEVMETHOD(device_probe, run_match), 4938 DEVMETHOD(device_attach, run_attach), 4939 DEVMETHOD(device_detach, run_detach), 4940 4941 { 0, 0 } 4942}; 4943 4944static driver_t run_driver = { 4945 "run", 4946 run_methods, 4947 sizeof(struct run_softc) 4948}; 4949 4950static devclass_t run_devclass; 4951 4952DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0); 4953MODULE_DEPEND(run, wlan, 1, 1, 1); 4954MODULE_DEPEND(run, usb, 1, 1, 1); 4955MODULE_DEPEND(run, firmware, 1, 1, 1); 4956MODULE_VERSION(run, 1); 4957