if_run.c revision 289028
1/*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD: head/sys/dev/usb/wlan/if_run.c 289028 2015-10-08 12:55:21Z gavin $"); 22 23/*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28#include <sys/param.h> 29#include <sys/sockio.h> 30#include <sys/sysctl.h> 31#include <sys/lock.h> 32#include <sys/mutex.h> 33#include <sys/mbuf.h> 34#include <sys/kernel.h> 35#include <sys/socket.h> 36#include <sys/systm.h> 37#include <sys/malloc.h> 38#include <sys/module.h> 39#include <sys/bus.h> 40#include <sys/endian.h> 41#include <sys/linker.h> 42#include <sys/firmware.h> 43#include <sys/kdb.h> 44 45#include <machine/bus.h> 46#include <machine/resource.h> 47#include <sys/rman.h> 48 49#include <net/bpf.h> 50#include <net/if.h> 51#include <net/if_var.h> 52#include <net/if_arp.h> 53#include <net/ethernet.h> 54#include <net/if_dl.h> 55#include <net/if_media.h> 56#include <net/if_types.h> 57 58#include <netinet/in.h> 59#include <netinet/in_systm.h> 60#include <netinet/in_var.h> 61#include <netinet/if_ether.h> 62#include <netinet/ip.h> 63 64#include <net80211/ieee80211_var.h> 65#include <net80211/ieee80211_regdomain.h> 66#include <net80211/ieee80211_radiotap.h> 67#include <net80211/ieee80211_ratectl.h> 68 69#include <dev/usb/usb.h> 70#include <dev/usb/usbdi.h> 71#include "usbdevs.h" 72 73#define USB_DEBUG_VAR run_debug 74#include <dev/usb/usb_debug.h> 75#include <dev/usb/usb_msctest.h> 76 77#include <dev/usb/wlan/if_runreg.h> 78#include <dev/usb/wlan/if_runvar.h> 79 80#ifdef USB_DEBUG 81#define RUN_DEBUG 82#endif 83 84#ifdef RUN_DEBUG 85int run_debug = 0; 86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89#endif 90 91#define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93/* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99static const STRUCT_USB_HOST_ID run_devs[] = { 100#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101#define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103#define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(NETGEAR, WNDA4100), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324#undef RUN_DEV_EJECT 325#undef RUN_DEV 326}; 327 328static device_probe_t run_match; 329static device_attach_t run_attach; 330static device_detach_t run_detach; 331 332static usb_callback_t run_bulk_rx_callback; 333static usb_callback_t run_bulk_tx_callback0; 334static usb_callback_t run_bulk_tx_callback1; 335static usb_callback_t run_bulk_tx_callback2; 336static usb_callback_t run_bulk_tx_callback3; 337static usb_callback_t run_bulk_tx_callback4; 338static usb_callback_t run_bulk_tx_callback5; 339 340static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342static int run_driver_loaded(struct module *, int, void *); 343static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349static void run_vap_delete(struct ieee80211vap *); 350static void run_cmdq_cb(void *, int); 351static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355static int run_load_microcode(struct run_softc *); 356static int run_reset(struct run_softc *); 357static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359static int run_read(struct run_softc *, uint16_t, uint32_t *); 360static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362static int run_write(struct run_softc *, uint16_t, uint32_t); 363static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375static const char *run_get_rf(uint16_t); 376static void run_rt3593_get_txpower(struct run_softc *); 377static void run_get_txpower(struct run_softc *); 378static int run_read_eeprom(struct run_softc *); 379static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381static int run_media_change(struct ifnet *); 382static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383static int run_wme_update(struct ieee80211com *); 384static void run_wme_update_cb(void *); 385static void run_key_set_cb(void *); 386static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 387static void run_key_delete_cb(void *); 388static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 389static void run_ratectl_to(void *); 390static void run_ratectl_cb(void *, int); 391static void run_drain_fifo(void *); 392static void run_iter_func(void *, struct ieee80211_node *); 393static void run_newassoc_cb(void *); 394static void run_newassoc(struct ieee80211_node *, int); 395static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 396 const struct ieee80211_rx_stats *, int, int); 397static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 398static void run_tx_free(struct run_endpoint_queue *pq, 399 struct run_tx_data *, int); 400static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 401static int run_tx(struct run_softc *, struct mbuf *, 402 struct ieee80211_node *); 403static int run_tx_mgt(struct run_softc *, struct mbuf *, 404 struct ieee80211_node *); 405static int run_sendprot(struct run_softc *, const struct mbuf *, 406 struct ieee80211_node *, int, int); 407static int run_tx_param(struct run_softc *, struct mbuf *, 408 struct ieee80211_node *, 409 const struct ieee80211_bpf_params *); 410static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 411 const struct ieee80211_bpf_params *); 412static int run_transmit(struct ieee80211com *, struct mbuf *); 413static void run_start(struct run_softc *); 414static void run_parent(struct ieee80211com *); 415static void run_iq_calib(struct run_softc *, u_int); 416static void run_set_agc(struct run_softc *, uint8_t); 417static void run_select_chan_group(struct run_softc *, int); 418static void run_set_rx_antenna(struct run_softc *, int); 419static void run_rt2870_set_chan(struct run_softc *, u_int); 420static void run_rt3070_set_chan(struct run_softc *, u_int); 421static void run_rt3572_set_chan(struct run_softc *, u_int); 422static void run_rt3593_set_chan(struct run_softc *, u_int); 423static void run_rt5390_set_chan(struct run_softc *, u_int); 424static void run_rt5592_set_chan(struct run_softc *, u_int); 425static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 426static void run_set_channel(struct ieee80211com *); 427static void run_scan_start(struct ieee80211com *); 428static void run_scan_end(struct ieee80211com *); 429static void run_update_beacon(struct ieee80211vap *, int); 430static void run_update_beacon_cb(void *); 431static void run_updateprot(struct ieee80211com *); 432static void run_updateprot_cb(void *); 433static void run_usb_timeout_cb(void *); 434static void run_reset_livelock(struct run_softc *); 435static void run_enable_tsf_sync(struct run_softc *); 436static void run_enable_tsf(struct run_softc *); 437static void run_get_tsf(struct run_softc *, uint64_t *); 438static void run_enable_mrr(struct run_softc *); 439static void run_set_txpreamble(struct run_softc *); 440static void run_set_basicrates(struct run_softc *); 441static void run_set_leds(struct run_softc *, uint16_t); 442static void run_set_bssid(struct run_softc *, const uint8_t *); 443static void run_set_macaddr(struct run_softc *, const uint8_t *); 444static void run_updateslot(struct ieee80211com *); 445static void run_updateslot_cb(void *); 446static void run_update_mcast(struct ieee80211com *); 447static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 448static void run_update_promisc_locked(struct run_softc *); 449static void run_update_promisc(struct ieee80211com *); 450static void run_rt5390_bbp_init(struct run_softc *); 451static int run_bbp_init(struct run_softc *); 452static int run_rt3070_rf_init(struct run_softc *); 453static void run_rt3593_rf_init(struct run_softc *); 454static void run_rt5390_rf_init(struct run_softc *); 455static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 456 uint8_t *); 457static void run_rt3070_rf_setup(struct run_softc *); 458static void run_rt3593_rf_setup(struct run_softc *); 459static void run_rt5390_rf_setup(struct run_softc *); 460static int run_txrx_enable(struct run_softc *); 461static void run_adjust_freq_offset(struct run_softc *); 462static void run_init_locked(struct run_softc *); 463static void run_stop(void *); 464static void run_delay(struct run_softc *, u_int); 465 466static eventhandler_tag run_etag; 467 468static const struct rt2860_rate { 469 uint8_t rate; 470 uint8_t mcs; 471 enum ieee80211_phytype phy; 472 uint8_t ctl_ridx; 473 uint16_t sp_ack_dur; 474 uint16_t lp_ack_dur; 475} rt2860_rates[] = { 476 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 477 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 478 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 479 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 480 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 481 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 482 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 483 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 484 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 485 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 486 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 487 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 488}; 489 490static const struct { 491 uint16_t reg; 492 uint32_t val; 493} rt2870_def_mac[] = { 494 RT2870_DEF_MAC 495}; 496 497static const struct { 498 uint8_t reg; 499 uint8_t val; 500} rt2860_def_bbp[] = { 501 RT2860_DEF_BBP 502},rt5390_def_bbp[] = { 503 RT5390_DEF_BBP 504},rt5592_def_bbp[] = { 505 RT5592_DEF_BBP 506}; 507 508/* 509 * Default values for BBP register R196 for RT5592. 510 */ 511static const uint8_t rt5592_bbp_r196[] = { 512 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 513 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 514 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 515 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 516 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 517 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 518 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 519 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 520 0x2e, 0x36, 0x30, 0x6e 521}; 522 523static const struct rfprog { 524 uint8_t chan; 525 uint32_t r1, r2, r3, r4; 526} rt2860_rf2850[] = { 527 RT2860_RF2850 528}; 529 530struct { 531 uint8_t n, r, k; 532} rt3070_freqs[] = { 533 RT3070_RF3052 534}; 535 536static const struct rt5592_freqs { 537 uint16_t n; 538 uint8_t k, m, r; 539} rt5592_freqs_20mhz[] = { 540 RT5592_RF5592_20MHZ 541},rt5592_freqs_40mhz[] = { 542 RT5592_RF5592_40MHZ 543}; 544 545static const struct { 546 uint8_t reg; 547 uint8_t val; 548} rt3070_def_rf[] = { 549 RT3070_DEF_RF 550},rt3572_def_rf[] = { 551 RT3572_DEF_RF 552},rt3593_def_rf[] = { 553 RT3593_DEF_RF 554},rt5390_def_rf[] = { 555 RT5390_DEF_RF 556},rt5392_def_rf[] = { 557 RT5392_DEF_RF 558},rt5592_def_rf[] = { 559 RT5592_DEF_RF 560},rt5592_2ghz_def_rf[] = { 561 RT5592_2GHZ_DEF_RF 562},rt5592_5ghz_def_rf[] = { 563 RT5592_5GHZ_DEF_RF 564}; 565 566static const struct { 567 u_int firstchan; 568 u_int lastchan; 569 uint8_t reg; 570 uint8_t val; 571} rt5592_chan_5ghz[] = { 572 RT5592_CHAN_5GHZ 573}; 574 575static const struct usb_config run_config[RUN_N_XFER] = { 576 [RUN_BULK_TX_BE] = { 577 .type = UE_BULK, 578 .endpoint = UE_ADDR_ANY, 579 .ep_index = 0, 580 .direction = UE_DIR_OUT, 581 .bufsize = RUN_MAX_TXSZ, 582 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 583 .callback = run_bulk_tx_callback0, 584 .timeout = 5000, /* ms */ 585 }, 586 [RUN_BULK_TX_BK] = { 587 .type = UE_BULK, 588 .endpoint = UE_ADDR_ANY, 589 .direction = UE_DIR_OUT, 590 .ep_index = 1, 591 .bufsize = RUN_MAX_TXSZ, 592 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 593 .callback = run_bulk_tx_callback1, 594 .timeout = 5000, /* ms */ 595 }, 596 [RUN_BULK_TX_VI] = { 597 .type = UE_BULK, 598 .endpoint = UE_ADDR_ANY, 599 .direction = UE_DIR_OUT, 600 .ep_index = 2, 601 .bufsize = RUN_MAX_TXSZ, 602 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 603 .callback = run_bulk_tx_callback2, 604 .timeout = 5000, /* ms */ 605 }, 606 [RUN_BULK_TX_VO] = { 607 .type = UE_BULK, 608 .endpoint = UE_ADDR_ANY, 609 .direction = UE_DIR_OUT, 610 .ep_index = 3, 611 .bufsize = RUN_MAX_TXSZ, 612 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 613 .callback = run_bulk_tx_callback3, 614 .timeout = 5000, /* ms */ 615 }, 616 [RUN_BULK_TX_HCCA] = { 617 .type = UE_BULK, 618 .endpoint = UE_ADDR_ANY, 619 .direction = UE_DIR_OUT, 620 .ep_index = 4, 621 .bufsize = RUN_MAX_TXSZ, 622 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 623 .callback = run_bulk_tx_callback4, 624 .timeout = 5000, /* ms */ 625 }, 626 [RUN_BULK_TX_PRIO] = { 627 .type = UE_BULK, 628 .endpoint = UE_ADDR_ANY, 629 .direction = UE_DIR_OUT, 630 .ep_index = 5, 631 .bufsize = RUN_MAX_TXSZ, 632 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 633 .callback = run_bulk_tx_callback5, 634 .timeout = 5000, /* ms */ 635 }, 636 [RUN_BULK_RX] = { 637 .type = UE_BULK, 638 .endpoint = UE_ADDR_ANY, 639 .direction = UE_DIR_IN, 640 .bufsize = RUN_MAX_RXSZ, 641 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 642 .callback = run_bulk_rx_callback, 643 } 644}; 645 646static void 647run_autoinst(void *arg, struct usb_device *udev, 648 struct usb_attach_arg *uaa) 649{ 650 struct usb_interface *iface; 651 struct usb_interface_descriptor *id; 652 653 if (uaa->dev_state != UAA_DEV_READY) 654 return; 655 656 iface = usbd_get_iface(udev, 0); 657 if (iface == NULL) 658 return; 659 id = iface->idesc; 660 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 661 return; 662 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 663 return; 664 665 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 666 uaa->dev_state = UAA_DEV_EJECTING; 667} 668 669static int 670run_driver_loaded(struct module *mod, int what, void *arg) 671{ 672 switch (what) { 673 case MOD_LOAD: 674 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 675 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 676 break; 677 case MOD_UNLOAD: 678 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 679 break; 680 default: 681 return (EOPNOTSUPP); 682 } 683 return (0); 684} 685 686static int 687run_match(device_t self) 688{ 689 struct usb_attach_arg *uaa = device_get_ivars(self); 690 691 if (uaa->usb_mode != USB_MODE_HOST) 692 return (ENXIO); 693 if (uaa->info.bConfigIndex != 0) 694 return (ENXIO); 695 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 696 return (ENXIO); 697 698 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 699} 700 701static int 702run_attach(device_t self) 703{ 704 struct run_softc *sc = device_get_softc(self); 705 struct usb_attach_arg *uaa = device_get_ivars(self); 706 struct ieee80211com *ic = &sc->sc_ic; 707 uint32_t ver; 708 int ntries, error; 709 uint8_t iface_index, bands; 710 711 device_set_usb_desc(self); 712 sc->sc_udev = uaa->device; 713 sc->sc_dev = self; 714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 716 717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 718 MTX_NETWORK_LOCK, MTX_DEF); 719 mbufq_init(&sc->sc_snd, ifqmaxlen); 720 721 iface_index = RT2860_IFACE_INDEX; 722 723 error = usbd_transfer_setup(uaa->device, &iface_index, 724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 725 if (error) { 726 device_printf(self, "could not allocate USB transfers, " 727 "err=%s\n", usbd_errstr(error)); 728 goto detach; 729 } 730 731 RUN_LOCK(sc); 732 733 /* wait for the chip to settle */ 734 for (ntries = 0; ntries < 100; ntries++) { 735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 736 RUN_UNLOCK(sc); 737 goto detach; 738 } 739 if (ver != 0 && ver != 0xffffffff) 740 break; 741 run_delay(sc, 10); 742 } 743 if (ntries == 100) { 744 device_printf(sc->sc_dev, 745 "timeout waiting for NIC to initialize\n"); 746 RUN_UNLOCK(sc); 747 goto detach; 748 } 749 sc->mac_ver = ver >> 16; 750 sc->mac_rev = ver & 0xffff; 751 752 /* retrieve RF rev. no and various other things from EEPROM */ 753 run_read_eeprom(sc); 754 755 device_printf(sc->sc_dev, 756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 759 760 RUN_UNLOCK(sc); 761 762 ic->ic_softc = sc; 763 ic->ic_name = device_get_nameunit(self); 764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 766 767 /* set device capabilities */ 768 ic->ic_caps = 769 IEEE80211_C_STA | /* station mode supported */ 770 IEEE80211_C_MONITOR | /* monitor mode supported */ 771 IEEE80211_C_IBSS | 772 IEEE80211_C_HOSTAP | 773 IEEE80211_C_WDS | /* 4-address traffic works */ 774 IEEE80211_C_MBSS | 775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 776 IEEE80211_C_SHSLOT | /* short slot time supported */ 777 IEEE80211_C_WME | /* WME */ 778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 779 780 ic->ic_cryptocaps = 781 IEEE80211_CRYPTO_WEP | 782 IEEE80211_CRYPTO_AES_CCM | 783 IEEE80211_CRYPTO_TKIPMIC | 784 IEEE80211_CRYPTO_TKIP; 785 786 ic->ic_flags |= IEEE80211_F_DATAPAD; 787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 788 789 bands = 0; 790 setbit(&bands, IEEE80211_MODE_11B); 791 setbit(&bands, IEEE80211_MODE_11G); 792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 794 sc->rf_rev == RT5592_RF_5592) 795 setbit(&bands, IEEE80211_MODE_11A); 796 ieee80211_init_channels(ic, NULL, &bands); 797 798 ieee80211_ifattach(ic); 799 800 ic->ic_scan_start = run_scan_start; 801 ic->ic_scan_end = run_scan_end; 802 ic->ic_set_channel = run_set_channel; 803 ic->ic_node_alloc = run_node_alloc; 804 ic->ic_newassoc = run_newassoc; 805 ic->ic_updateslot = run_updateslot; 806 ic->ic_update_mcast = run_update_mcast; 807 ic->ic_wme.wme_update = run_wme_update; 808 ic->ic_raw_xmit = run_raw_xmit; 809 ic->ic_update_promisc = run_update_promisc; 810 ic->ic_vap_create = run_vap_create; 811 ic->ic_vap_delete = run_vap_delete; 812 ic->ic_transmit = run_transmit; 813 ic->ic_parent = run_parent; 814 815 ieee80211_radiotap_attach(ic, 816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 817 RUN_TX_RADIOTAP_PRESENT, 818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 819 RUN_RX_RADIOTAP_PRESENT); 820 821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 824 825 if (bootverbose) 826 ieee80211_announce(ic); 827 828 return (0); 829 830detach: 831 run_detach(self); 832 return (ENXIO); 833} 834 835static void 836run_drain_mbufq(struct run_softc *sc) 837{ 838 struct mbuf *m; 839 struct ieee80211_node *ni; 840 841 RUN_LOCK_ASSERT(sc, MA_OWNED); 842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 844 m->m_pkthdr.rcvif = NULL; 845 ieee80211_free_node(ni); 846 m_freem(m); 847 } 848} 849 850static int 851run_detach(device_t self) 852{ 853 struct run_softc *sc = device_get_softc(self); 854 struct ieee80211com *ic = &sc->sc_ic; 855 int i; 856 857 RUN_LOCK(sc); 858 sc->sc_detached = 1; 859 RUN_UNLOCK(sc); 860 861 /* stop all USB transfers */ 862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 863 864 RUN_LOCK(sc); 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 872 /* Free TX queue */ 873 run_drain_mbufq(sc); 874 RUN_UNLOCK(sc); 875 876 if (sc->sc_ic.ic_softc == sc) { 877 /* drain tasks */ 878 usb_callout_drain(&sc->ratectl_ch); 879 ieee80211_draintask(ic, &sc->cmdq_task); 880 ieee80211_draintask(ic, &sc->ratectl_task); 881 ieee80211_ifdetach(ic); 882 } 883 884 mtx_destroy(&sc->sc_mtx); 885 886 return (0); 887} 888 889static struct ieee80211vap * 890run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 891 enum ieee80211_opmode opmode, int flags, 892 const uint8_t bssid[IEEE80211_ADDR_LEN], 893 const uint8_t mac[IEEE80211_ADDR_LEN]) 894{ 895 struct run_softc *sc = ic->ic_softc; 896 struct run_vap *rvp; 897 struct ieee80211vap *vap; 898 int i; 899 900 if (sc->rvp_cnt >= RUN_VAP_MAX) { 901 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 902 return (NULL); 903 } 904 905 switch (opmode) { 906 case IEEE80211_M_STA: 907 /* enable s/w bmiss handling for sta mode */ 908 flags |= IEEE80211_CLONE_NOBEACONS; 909 /* fall though */ 910 case IEEE80211_M_IBSS: 911 case IEEE80211_M_MONITOR: 912 case IEEE80211_M_HOSTAP: 913 case IEEE80211_M_MBSS: 914 /* other than WDS vaps, only one at a time */ 915 if (!TAILQ_EMPTY(&ic->ic_vaps)) 916 return (NULL); 917 break; 918 case IEEE80211_M_WDS: 919 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 920 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 921 continue; 922 /* WDS vap's always share the local mac address. */ 923 flags &= ~IEEE80211_CLONE_BSSID; 924 break; 925 } 926 if (vap == NULL) { 927 device_printf(sc->sc_dev, 928 "wds only supported in ap mode\n"); 929 return (NULL); 930 } 931 break; 932 default: 933 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 934 return (NULL); 935 } 936 937 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 938 vap = &rvp->vap; 939 940 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 941 bssid) != 0) { 942 /* out of memory */ 943 free(rvp, M_80211_VAP); 944 return (NULL); 945 } 946 947 vap->iv_update_beacon = run_update_beacon; 948 vap->iv_max_aid = RT2870_WCID_MAX; 949 /* 950 * To delete the right key from h/w, we need wcid. 951 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 952 * and matching wcid will be written into there. So, cast 953 * some spells to remove 'const' from ieee80211_key{} 954 */ 955 vap->iv_key_delete = (void *)run_key_delete; 956 vap->iv_key_set = (void *)run_key_set; 957 958 /* override state transition machine */ 959 rvp->newstate = vap->iv_newstate; 960 vap->iv_newstate = run_newstate; 961 if (opmode == IEEE80211_M_IBSS) { 962 rvp->recv_mgmt = vap->iv_recv_mgmt; 963 vap->iv_recv_mgmt = run_recv_mgmt; 964 } 965 966 ieee80211_ratectl_init(vap); 967 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 968 969 /* complete setup */ 970 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 971 mac); 972 973 /* make sure id is always unique */ 974 for (i = 0; i < RUN_VAP_MAX; i++) { 975 if((sc->rvp_bmap & 1 << i) == 0){ 976 sc->rvp_bmap |= 1 << i; 977 rvp->rvp_id = i; 978 break; 979 } 980 } 981 if (sc->rvp_cnt++ == 0) 982 ic->ic_opmode = opmode; 983 984 if (opmode == IEEE80211_M_HOSTAP) 985 sc->cmdq_run = RUN_CMDQ_GO; 986 987 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 988 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 989 990 return (vap); 991} 992 993static void 994run_vap_delete(struct ieee80211vap *vap) 995{ 996 struct run_vap *rvp = RUN_VAP(vap); 997 struct ieee80211com *ic; 998 struct run_softc *sc; 999 uint8_t rvp_id; 1000 1001 if (vap == NULL) 1002 return; 1003 1004 ic = vap->iv_ic; 1005 sc = ic->ic_softc; 1006 1007 RUN_LOCK(sc); 1008 1009 m_freem(rvp->beacon_mbuf); 1010 rvp->beacon_mbuf = NULL; 1011 1012 rvp_id = rvp->rvp_id; 1013 sc->ratectl_run &= ~(1 << rvp_id); 1014 sc->rvp_bmap &= ~(1 << rvp_id); 1015 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1016 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1017 --sc->rvp_cnt; 1018 1019 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1020 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1021 1022 RUN_UNLOCK(sc); 1023 1024 ieee80211_ratectl_deinit(vap); 1025 ieee80211_vap_detach(vap); 1026 free(rvp, M_80211_VAP); 1027} 1028 1029/* 1030 * There are numbers of functions need to be called in context thread. 1031 * Rather than creating taskqueue event for each of those functions, 1032 * here is all-for-one taskqueue callback function. This function 1033 * gurantees deferred functions are executed in the same order they 1034 * were enqueued. 1035 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1036 */ 1037static void 1038run_cmdq_cb(void *arg, int pending) 1039{ 1040 struct run_softc *sc = arg; 1041 uint8_t i; 1042 1043 /* call cmdq[].func locked */ 1044 RUN_LOCK(sc); 1045 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1046 i = sc->cmdq_exec, pending--) { 1047 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1048 if (sc->cmdq_run == RUN_CMDQ_GO) { 1049 /* 1050 * If arg0 is NULL, callback func needs more 1051 * than one arg. So, pass ptr to cmdq struct. 1052 */ 1053 if (sc->cmdq[i].arg0) 1054 sc->cmdq[i].func(sc->cmdq[i].arg0); 1055 else 1056 sc->cmdq[i].func(&sc->cmdq[i]); 1057 } 1058 sc->cmdq[i].arg0 = NULL; 1059 sc->cmdq[i].func = NULL; 1060 sc->cmdq_exec++; 1061 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1062 } 1063 RUN_UNLOCK(sc); 1064} 1065 1066static void 1067run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1068{ 1069 struct run_tx_data *data; 1070 1071 memset(pq, 0, sizeof(*pq)); 1072 1073 STAILQ_INIT(&pq->tx_qh); 1074 STAILQ_INIT(&pq->tx_fh); 1075 1076 for (data = &pq->tx_data[0]; 1077 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1078 data->sc = sc; 1079 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1080 } 1081 pq->tx_nfree = RUN_TX_RING_COUNT; 1082} 1083 1084static void 1085run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1086{ 1087 struct run_tx_data *data; 1088 1089 /* make sure any subsequent use of the queues will fail */ 1090 pq->tx_nfree = 0; 1091 STAILQ_INIT(&pq->tx_fh); 1092 STAILQ_INIT(&pq->tx_qh); 1093 1094 /* free up all node references and mbufs */ 1095 for (data = &pq->tx_data[0]; 1096 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1097 if (data->m != NULL) { 1098 m_freem(data->m); 1099 data->m = NULL; 1100 } 1101 if (data->ni != NULL) { 1102 ieee80211_free_node(data->ni); 1103 data->ni = NULL; 1104 } 1105 } 1106} 1107 1108static int 1109run_load_microcode(struct run_softc *sc) 1110{ 1111 usb_device_request_t req; 1112 const struct firmware *fw; 1113 const u_char *base; 1114 uint32_t tmp; 1115 int ntries, error; 1116 const uint64_t *temp; 1117 uint64_t bytes; 1118 1119 RUN_UNLOCK(sc); 1120 fw = firmware_get("runfw"); 1121 RUN_LOCK(sc); 1122 if (fw == NULL) { 1123 device_printf(sc->sc_dev, 1124 "failed loadfirmware of file %s\n", "runfw"); 1125 return ENOENT; 1126 } 1127 1128 if (fw->datasize != 8192) { 1129 device_printf(sc->sc_dev, 1130 "invalid firmware size (should be 8KB)\n"); 1131 error = EINVAL; 1132 goto fail; 1133 } 1134 1135 /* 1136 * RT3071/RT3072 use a different firmware 1137 * run-rt2870 (8KB) contains both, 1138 * first half (4KB) is for rt2870, 1139 * last half is for rt3071. 1140 */ 1141 base = fw->data; 1142 if ((sc->mac_ver) != 0x2860 && 1143 (sc->mac_ver) != 0x2872 && 1144 (sc->mac_ver) != 0x3070) { 1145 base += 4096; 1146 } 1147 1148 /* cheap sanity check */ 1149 temp = fw->data; 1150 bytes = *temp; 1151 if (bytes != be64toh(0xffffff0210280210ULL)) { 1152 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1153 error = EINVAL; 1154 goto fail; 1155 } 1156 1157 /* write microcode image */ 1158 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1159 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1160 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1161 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1162 } 1163 1164 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1165 req.bRequest = RT2870_RESET; 1166 USETW(req.wValue, 8); 1167 USETW(req.wIndex, 0); 1168 USETW(req.wLength, 0); 1169 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1170 != 0) { 1171 device_printf(sc->sc_dev, "firmware reset failed\n"); 1172 goto fail; 1173 } 1174 1175 run_delay(sc, 10); 1176 1177 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1178 run_write(sc, RT2860_H2M_MAILBOX, 0); 1179 run_write(sc, RT2860_H2M_INTSRC, 0); 1180 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1181 goto fail; 1182 1183 /* wait until microcontroller is ready */ 1184 for (ntries = 0; ntries < 1000; ntries++) { 1185 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1186 goto fail; 1187 if (tmp & RT2860_MCU_READY) 1188 break; 1189 run_delay(sc, 10); 1190 } 1191 if (ntries == 1000) { 1192 device_printf(sc->sc_dev, 1193 "timeout waiting for MCU to initialize\n"); 1194 error = ETIMEDOUT; 1195 goto fail; 1196 } 1197 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1198 (base == fw->data) ? "RT2870" : "RT3071", 1199 *(base + 4092), *(base + 4093)); 1200 1201fail: 1202 firmware_put(fw, FIRMWARE_UNLOAD); 1203 return (error); 1204} 1205 1206static int 1207run_reset(struct run_softc *sc) 1208{ 1209 usb_device_request_t req; 1210 1211 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1212 req.bRequest = RT2870_RESET; 1213 USETW(req.wValue, 1); 1214 USETW(req.wIndex, 0); 1215 USETW(req.wLength, 0); 1216 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1217} 1218 1219static usb_error_t 1220run_do_request(struct run_softc *sc, 1221 struct usb_device_request *req, void *data) 1222{ 1223 usb_error_t err; 1224 int ntries = 10; 1225 1226 RUN_LOCK_ASSERT(sc, MA_OWNED); 1227 1228 while (ntries--) { 1229 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1230 req, data, 0, NULL, 250 /* ms */); 1231 if (err == 0) 1232 break; 1233 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1234 usbd_errstr(err)); 1235 run_delay(sc, 10); 1236 } 1237 return (err); 1238} 1239 1240static int 1241run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1242{ 1243 uint32_t tmp; 1244 int error; 1245 1246 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1247 if (error == 0) 1248 *val = le32toh(tmp); 1249 else 1250 *val = 0xffffffff; 1251 return (error); 1252} 1253 1254static int 1255run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1256{ 1257 usb_device_request_t req; 1258 1259 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1260 req.bRequest = RT2870_READ_REGION_1; 1261 USETW(req.wValue, 0); 1262 USETW(req.wIndex, reg); 1263 USETW(req.wLength, len); 1264 1265 return (run_do_request(sc, &req, buf)); 1266} 1267 1268static int 1269run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1270{ 1271 usb_device_request_t req; 1272 1273 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1274 req.bRequest = RT2870_WRITE_2; 1275 USETW(req.wValue, val); 1276 USETW(req.wIndex, reg); 1277 USETW(req.wLength, 0); 1278 1279 return (run_do_request(sc, &req, NULL)); 1280} 1281 1282static int 1283run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1284{ 1285 int error; 1286 1287 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1288 error = run_write_2(sc, reg + 2, val >> 16); 1289 return (error); 1290} 1291 1292static int 1293run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1294 int len) 1295{ 1296#if 1 1297 int i, error = 0; 1298 /* 1299 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1300 * We thus issue multiple WRITE_2 commands instead. 1301 */ 1302 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1303 for (i = 0; i < len && error == 0; i += 2) 1304 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1305 return (error); 1306#else 1307 usb_device_request_t req; 1308 int error = 0; 1309 1310 /* 1311 * NOTE: It appears the WRITE_REGION_1 command cannot be 1312 * passed a huge amount of data, which will crash the 1313 * firmware. Limit amount of data passed to 64-bytes at a 1314 * time. 1315 */ 1316 while (len > 0) { 1317 int delta = 64; 1318 if (delta > len) 1319 delta = len; 1320 1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1322 req.bRequest = RT2870_WRITE_REGION_1; 1323 USETW(req.wValue, 0); 1324 USETW(req.wIndex, reg); 1325 USETW(req.wLength, delta); 1326 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1327 if (error != 0) 1328 break; 1329 reg += delta; 1330 buf += delta; 1331 len -= delta; 1332 } 1333 return (error); 1334#endif 1335} 1336 1337static int 1338run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1339{ 1340 int i, error = 0; 1341 1342 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1343 for (i = 0; i < len && error == 0; i += 4) 1344 error = run_write(sc, reg + i, val); 1345 return (error); 1346} 1347 1348static int 1349run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1350{ 1351 uint32_t tmp; 1352 uint16_t reg; 1353 int error, ntries; 1354 1355 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1356 return (error); 1357 1358 if (count == 2) 1359 addr *= 2; 1360 /*- 1361 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1362 * DATA0: F E D C 1363 * DATA1: B A 9 8 1364 * DATA2: 7 6 5 4 1365 * DATA3: 3 2 1 0 1366 */ 1367 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1368 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1369 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1370 for (ntries = 0; ntries < 100; ntries++) { 1371 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1372 return (error); 1373 if (!(tmp & RT3070_EFSROM_KICK)) 1374 break; 1375 run_delay(sc, 2); 1376 } 1377 if (ntries == 100) 1378 return (ETIMEDOUT); 1379 1380 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1381 *val = 0xffff; /* address not found */ 1382 return (0); 1383 } 1384 /* determine to which 32-bit register our 16-bit word belongs */ 1385 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1386 if ((error = run_read(sc, reg, &tmp)) != 0) 1387 return (error); 1388 1389 tmp >>= (8 * (addr & 0x3)); 1390 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1391 1392 return (0); 1393} 1394 1395/* Read 16-bit from eFUSE ROM for RT3xxx. */ 1396static int 1397run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1398{ 1399 return (run_efuse_read(sc, addr, val, 2)); 1400} 1401 1402static int 1403run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1404{ 1405 usb_device_request_t req; 1406 uint16_t tmp; 1407 int error; 1408 1409 addr *= 2; 1410 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1411 req.bRequest = RT2870_EEPROM_READ; 1412 USETW(req.wValue, 0); 1413 USETW(req.wIndex, addr); 1414 USETW(req.wLength, sizeof(tmp)); 1415 1416 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1417 if (error == 0) 1418 *val = le16toh(tmp); 1419 else 1420 *val = 0xffff; 1421 return (error); 1422} 1423 1424static __inline int 1425run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1426{ 1427 /* either eFUSE ROM or EEPROM */ 1428 return sc->sc_srom_read(sc, addr, val); 1429} 1430 1431static int 1432run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1433{ 1434 uint32_t tmp; 1435 int error, ntries; 1436 1437 for (ntries = 0; ntries < 10; ntries++) { 1438 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1439 return (error); 1440 if (!(tmp & RT2860_RF_REG_CTRL)) 1441 break; 1442 } 1443 if (ntries == 10) 1444 return (ETIMEDOUT); 1445 1446 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1447} 1448 1449static int 1450run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1451{ 1452 uint32_t tmp; 1453 int error, ntries; 1454 1455 for (ntries = 0; ntries < 100; ntries++) { 1456 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1457 return (error); 1458 if (!(tmp & RT3070_RF_KICK)) 1459 break; 1460 } 1461 if (ntries == 100) 1462 return (ETIMEDOUT); 1463 1464 tmp = RT3070_RF_KICK | reg << 8; 1465 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1466 return (error); 1467 1468 for (ntries = 0; ntries < 100; ntries++) { 1469 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1470 return (error); 1471 if (!(tmp & RT3070_RF_KICK)) 1472 break; 1473 } 1474 if (ntries == 100) 1475 return (ETIMEDOUT); 1476 1477 *val = tmp & 0xff; 1478 return (0); 1479} 1480 1481static int 1482run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1483{ 1484 uint32_t tmp; 1485 int error, ntries; 1486 1487 for (ntries = 0; ntries < 10; ntries++) { 1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1489 return (error); 1490 if (!(tmp & RT3070_RF_KICK)) 1491 break; 1492 } 1493 if (ntries == 10) 1494 return (ETIMEDOUT); 1495 1496 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1497 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1498} 1499 1500static int 1501run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1502{ 1503 uint32_t tmp; 1504 int ntries, error; 1505 1506 for (ntries = 0; ntries < 10; ntries++) { 1507 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1508 return (error); 1509 if (!(tmp & RT2860_BBP_CSR_KICK)) 1510 break; 1511 } 1512 if (ntries == 10) 1513 return (ETIMEDOUT); 1514 1515 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1516 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1517 return (error); 1518 1519 for (ntries = 0; ntries < 10; ntries++) { 1520 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1521 return (error); 1522 if (!(tmp & RT2860_BBP_CSR_KICK)) 1523 break; 1524 } 1525 if (ntries == 10) 1526 return (ETIMEDOUT); 1527 1528 *val = tmp & 0xff; 1529 return (0); 1530} 1531 1532static int 1533run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1534{ 1535 uint32_t tmp; 1536 int ntries, error; 1537 1538 for (ntries = 0; ntries < 10; ntries++) { 1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1540 return (error); 1541 if (!(tmp & RT2860_BBP_CSR_KICK)) 1542 break; 1543 } 1544 if (ntries == 10) 1545 return (ETIMEDOUT); 1546 1547 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1548 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1549} 1550 1551/* 1552 * Send a command to the 8051 microcontroller unit. 1553 */ 1554static int 1555run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1556{ 1557 uint32_t tmp; 1558 int error, ntries; 1559 1560 for (ntries = 0; ntries < 100; ntries++) { 1561 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1562 return error; 1563 if (!(tmp & RT2860_H2M_BUSY)) 1564 break; 1565 } 1566 if (ntries == 100) 1567 return ETIMEDOUT; 1568 1569 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1570 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1571 error = run_write(sc, RT2860_HOST_CMD, cmd); 1572 return (error); 1573} 1574 1575/* 1576 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1577 * Used to adjust per-rate Tx power registers. 1578 */ 1579static __inline uint32_t 1580b4inc(uint32_t b32, int8_t delta) 1581{ 1582 int8_t i, b4; 1583 1584 for (i = 0; i < 8; i++) { 1585 b4 = b32 & 0xf; 1586 b4 += delta; 1587 if (b4 < 0) 1588 b4 = 0; 1589 else if (b4 > 0xf) 1590 b4 = 0xf; 1591 b32 = b32 >> 4 | b4 << 28; 1592 } 1593 return (b32); 1594} 1595 1596static const char * 1597run_get_rf(uint16_t rev) 1598{ 1599 switch (rev) { 1600 case RT2860_RF_2820: return "RT2820"; 1601 case RT2860_RF_2850: return "RT2850"; 1602 case RT2860_RF_2720: return "RT2720"; 1603 case RT2860_RF_2750: return "RT2750"; 1604 case RT3070_RF_3020: return "RT3020"; 1605 case RT3070_RF_2020: return "RT2020"; 1606 case RT3070_RF_3021: return "RT3021"; 1607 case RT3070_RF_3022: return "RT3022"; 1608 case RT3070_RF_3052: return "RT3052"; 1609 case RT3593_RF_3053: return "RT3053"; 1610 case RT5592_RF_5592: return "RT5592"; 1611 case RT5390_RF_5370: return "RT5370"; 1612 case RT5390_RF_5372: return "RT5372"; 1613 } 1614 return ("unknown"); 1615} 1616 1617static void 1618run_rt3593_get_txpower(struct run_softc *sc) 1619{ 1620 uint16_t addr, val; 1621 int i; 1622 1623 /* Read power settings for 2GHz channels. */ 1624 for (i = 0; i < 14; i += 2) { 1625 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1626 RT2860_EEPROM_PWR2GHZ_BASE1; 1627 run_srom_read(sc, addr + i / 2, &val); 1628 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1629 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1630 1631 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1632 RT2860_EEPROM_PWR2GHZ_BASE2; 1633 run_srom_read(sc, addr + i / 2, &val); 1634 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1635 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1636 1637 if (sc->ntxchains == 3) { 1638 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1639 &val); 1640 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1641 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1642 } 1643 } 1644 /* Fix broken Tx power entries. */ 1645 for (i = 0; i < 14; i++) { 1646 if (sc->txpow1[i] > 31) 1647 sc->txpow1[i] = 5; 1648 if (sc->txpow2[i] > 31) 1649 sc->txpow2[i] = 5; 1650 if (sc->ntxchains == 3) { 1651 if (sc->txpow3[i] > 31) 1652 sc->txpow3[i] = 5; 1653 } 1654 } 1655 /* Read power settings for 5GHz channels. */ 1656 for (i = 0; i < 40; i += 2) { 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1658 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1660 1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1662 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1663 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1664 1665 if (sc->ntxchains == 3) { 1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1667 &val); 1668 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1669 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1670 } 1671 } 1672} 1673 1674static void 1675run_get_txpower(struct run_softc *sc) 1676{ 1677 uint16_t val; 1678 int i; 1679 1680 /* Read power settings for 2GHz channels. */ 1681 for (i = 0; i < 14; i += 2) { 1682 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1683 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1684 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1685 1686 if (sc->mac_ver != 0x5390) { 1687 run_srom_read(sc, 1688 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1689 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1690 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1691 } 1692 } 1693 /* Fix broken Tx power entries. */ 1694 for (i = 0; i < 14; i++) { 1695 if (sc->mac_ver >= 0x5390) { 1696 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1697 sc->txpow1[i] = 5; 1698 } else { 1699 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1700 sc->txpow1[i] = 5; 1701 } 1702 if (sc->mac_ver > 0x5390) { 1703 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1704 sc->txpow2[i] = 5; 1705 } else if (sc->mac_ver < 0x5390) { 1706 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1707 sc->txpow2[i] = 5; 1708 } 1709 DPRINTF("chan %d: power1=%d, power2=%d\n", 1710 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1711 } 1712 /* Read power settings for 5GHz channels. */ 1713 for (i = 0; i < 40; i += 2) { 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1715 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1717 1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1719 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1720 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1721 } 1722 /* Fix broken Tx power entries. */ 1723 for (i = 0; i < 40; i++ ) { 1724 if (sc->mac_ver != 0x5592) { 1725 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1726 sc->txpow1[14 + i] = 5; 1727 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1728 sc->txpow2[14 + i] = 5; 1729 } 1730 DPRINTF("chan %d: power1=%d, power2=%d\n", 1731 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1732 sc->txpow2[14 + i]); 1733 } 1734} 1735 1736static int 1737run_read_eeprom(struct run_softc *sc) 1738{ 1739 struct ieee80211com *ic = &sc->sc_ic; 1740 int8_t delta_2ghz, delta_5ghz; 1741 uint32_t tmp; 1742 uint16_t val; 1743 int ridx, ant, i; 1744 1745 /* check whether the ROM is eFUSE ROM or EEPROM */ 1746 sc->sc_srom_read = run_eeprom_read_2; 1747 if (sc->mac_ver >= 0x3070) { 1748 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1749 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1750 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1751 sc->sc_srom_read = run_efuse_read_2; 1752 } 1753 1754 /* read ROM version */ 1755 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1756 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1757 1758 /* read MAC address */ 1759 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1760 ic->ic_macaddr[0] = val & 0xff; 1761 ic->ic_macaddr[1] = val >> 8; 1762 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1763 ic->ic_macaddr[2] = val & 0xff; 1764 ic->ic_macaddr[3] = val >> 8; 1765 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1766 ic->ic_macaddr[4] = val & 0xff; 1767 ic->ic_macaddr[5] = val >> 8; 1768 1769 if (sc->mac_ver < 0x3593) { 1770 /* read vender BBP settings */ 1771 for (i = 0; i < 10; i++) { 1772 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1773 sc->bbp[i].val = val & 0xff; 1774 sc->bbp[i].reg = val >> 8; 1775 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1776 sc->bbp[i].val); 1777 } 1778 if (sc->mac_ver >= 0x3071) { 1779 /* read vendor RF settings */ 1780 for (i = 0; i < 10; i++) { 1781 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1782 &val); 1783 sc->rf[i].val = val & 0xff; 1784 sc->rf[i].reg = val >> 8; 1785 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1786 sc->rf[i].val); 1787 } 1788 } 1789 } 1790 1791 /* read RF frequency offset from EEPROM */ 1792 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1793 RT3593_EEPROM_FREQ, &val); 1794 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1795 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1796 1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1798 RT3593_EEPROM_FREQ_LEDS, &val); 1799 if (val >> 8 != 0xff) { 1800 /* read LEDs operating mode */ 1801 sc->leds = val >> 8; 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1803 RT3593_EEPROM_LED1, &sc->led[0]); 1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1805 RT3593_EEPROM_LED2, &sc->led[1]); 1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1807 RT3593_EEPROM_LED3, &sc->led[2]); 1808 } else { 1809 /* broken EEPROM, use default settings */ 1810 sc->leds = 0x01; 1811 sc->led[0] = 0x5555; 1812 sc->led[1] = 0x2221; 1813 sc->led[2] = 0x5627; /* differs from RT2860 */ 1814 } 1815 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1816 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1817 1818 /* read RF information */ 1819 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1820 run_srom_read(sc, 0x00, &val); 1821 else 1822 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1823 1824 if (val == 0xffff) { 1825 device_printf(sc->sc_dev, 1826 "invalid EEPROM antenna info, using default\n"); 1827 DPRINTF("invalid EEPROM antenna info, using default\n"); 1828 if (sc->mac_ver == 0x3572) { 1829 /* default to RF3052 2T2R */ 1830 sc->rf_rev = RT3070_RF_3052; 1831 sc->ntxchains = 2; 1832 sc->nrxchains = 2; 1833 } else if (sc->mac_ver >= 0x3070) { 1834 /* default to RF3020 1T1R */ 1835 sc->rf_rev = RT3070_RF_3020; 1836 sc->ntxchains = 1; 1837 sc->nrxchains = 1; 1838 } else { 1839 /* default to RF2820 1T2R */ 1840 sc->rf_rev = RT2860_RF_2820; 1841 sc->ntxchains = 1; 1842 sc->nrxchains = 2; 1843 } 1844 } else { 1845 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1846 sc->rf_rev = val; 1847 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1848 } else 1849 sc->rf_rev = (val >> 8) & 0xf; 1850 sc->ntxchains = (val >> 4) & 0xf; 1851 sc->nrxchains = val & 0xf; 1852 } 1853 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1854 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1855 1856 /* check if RF supports automatic Tx access gain control */ 1857 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1858 DPRINTF("EEPROM CFG 0x%04x\n", val); 1859 /* check if driver should patch the DAC issue */ 1860 if ((val >> 8) != 0xff) 1861 sc->patch_dac = (val >> 15) & 1; 1862 if ((val & 0xff) != 0xff) { 1863 sc->ext_5ghz_lna = (val >> 3) & 1; 1864 sc->ext_2ghz_lna = (val >> 2) & 1; 1865 /* check if RF supports automatic Tx access gain control */ 1866 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1867 /* check if we have a hardware radio switch */ 1868 sc->rfswitch = val & 1; 1869 } 1870 1871 /* Read Tx power settings. */ 1872 if (sc->mac_ver == 0x3593) 1873 run_rt3593_get_txpower(sc); 1874 else 1875 run_get_txpower(sc); 1876 1877 /* read Tx power compensation for each Tx rate */ 1878 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1879 delta_2ghz = delta_5ghz = 0; 1880 if ((val & 0xff) != 0xff && (val & 0x80)) { 1881 delta_2ghz = val & 0xf; 1882 if (!(val & 0x40)) /* negative number */ 1883 delta_2ghz = -delta_2ghz; 1884 } 1885 val >>= 8; 1886 if ((val & 0xff) != 0xff && (val & 0x80)) { 1887 delta_5ghz = val & 0xf; 1888 if (!(val & 0x40)) /* negative number */ 1889 delta_5ghz = -delta_5ghz; 1890 } 1891 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1892 delta_2ghz, delta_5ghz); 1893 1894 for (ridx = 0; ridx < 5; ridx++) { 1895 uint32_t reg; 1896 1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1898 reg = val; 1899 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1900 reg |= (uint32_t)val << 16; 1901 1902 sc->txpow20mhz[ridx] = reg; 1903 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1904 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1905 1906 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1907 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1908 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1909 } 1910 1911 /* Read RSSI offsets and LNA gains from EEPROM. */ 1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1913 RT3593_EEPROM_RSSI1_2GHZ, &val); 1914 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1915 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1917 RT3593_EEPROM_RSSI2_2GHZ, &val); 1918 if (sc->mac_ver >= 0x3070) { 1919 if (sc->mac_ver == 0x3593) { 1920 sc->txmixgain_2ghz = 0; 1921 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1922 } else { 1923 /* 1924 * On RT3070 chips (limited to 2 Rx chains), this ROM 1925 * field contains the Tx mixer gain for the 2GHz band. 1926 */ 1927 if ((val & 0xff) != 0xff) 1928 sc->txmixgain_2ghz = val & 0x7; 1929 } 1930 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1931 } else 1932 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1933 if (sc->mac_ver == 0x3593) 1934 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1935 sc->lna[2] = val >> 8; /* channel group 2 */ 1936 1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1938 RT3593_EEPROM_RSSI1_5GHZ, &val); 1939 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1940 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1942 RT3593_EEPROM_RSSI2_5GHZ, &val); 1943 if (sc->mac_ver == 0x3572) { 1944 /* 1945 * On RT3572 chips (limited to 2 Rx chains), this ROM 1946 * field contains the Tx mixer gain for the 5GHz band. 1947 */ 1948 if ((val & 0xff) != 0xff) 1949 sc->txmixgain_5ghz = val & 0x7; 1950 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1951 } else 1952 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1953 if (sc->mac_ver == 0x3593) { 1954 sc->txmixgain_5ghz = 0; 1955 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1956 } 1957 sc->lna[3] = val >> 8; /* channel group 3 */ 1958 1959 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1960 RT3593_EEPROM_LNA, &val); 1961 sc->lna[0] = val & 0xff; /* channel group 0 */ 1962 sc->lna[1] = val >> 8; /* channel group 1 */ 1963 1964 /* fix broken 5GHz LNA entries */ 1965 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1966 DPRINTF("invalid LNA for channel group %d\n", 2); 1967 sc->lna[2] = sc->lna[1]; 1968 } 1969 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1970 DPRINTF("invalid LNA for channel group %d\n", 3); 1971 sc->lna[3] = sc->lna[1]; 1972 } 1973 1974 /* fix broken RSSI offset entries */ 1975 for (ant = 0; ant < 3; ant++) { 1976 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1977 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1978 ant + 1, sc->rssi_2ghz[ant]); 1979 sc->rssi_2ghz[ant] = 0; 1980 } 1981 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1982 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1983 ant + 1, sc->rssi_5ghz[ant]); 1984 sc->rssi_5ghz[ant] = 0; 1985 } 1986 } 1987 return (0); 1988} 1989 1990static struct ieee80211_node * 1991run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1992{ 1993 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1994} 1995 1996static int 1997run_media_change(struct ifnet *ifp) 1998{ 1999 struct ieee80211vap *vap = ifp->if_softc; 2000 struct ieee80211com *ic = vap->iv_ic; 2001 const struct ieee80211_txparam *tp; 2002 struct run_softc *sc = ic->ic_softc; 2003 uint8_t rate, ridx; 2004 int error; 2005 2006 RUN_LOCK(sc); 2007 2008 error = ieee80211_media_change(ifp); 2009 if (error != ENETRESET) { 2010 RUN_UNLOCK(sc); 2011 return (error); 2012 } 2013 2014 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2015 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2016 struct ieee80211_node *ni; 2017 struct run_node *rn; 2018 2019 rate = ic->ic_sup_rates[ic->ic_curmode]. 2020 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2021 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2022 if (rt2860_rates[ridx].rate == rate) 2023 break; 2024 ni = ieee80211_ref_node(vap->iv_bss); 2025 rn = RUN_NODE(ni); 2026 rn->fix_ridx = ridx; 2027 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2028 ieee80211_free_node(ni); 2029 } 2030 2031#if 0 2032 if ((ifp->if_flags & IFF_UP) && 2033 (ifp->if_drv_flags & RUN_RUNNING)){ 2034 run_init_locked(sc); 2035 } 2036#endif 2037 2038 RUN_UNLOCK(sc); 2039 2040 return (0); 2041} 2042 2043static int 2044run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2045{ 2046 const struct ieee80211_txparam *tp; 2047 struct ieee80211com *ic = vap->iv_ic; 2048 struct run_softc *sc = ic->ic_softc; 2049 struct run_vap *rvp = RUN_VAP(vap); 2050 enum ieee80211_state ostate; 2051 uint32_t sta[3]; 2052 uint32_t tmp; 2053 uint8_t ratectl; 2054 uint8_t restart_ratectl = 0; 2055 uint8_t bid = 1 << rvp->rvp_id; 2056 2057 ostate = vap->iv_state; 2058 DPRINTF("%s -> %s\n", 2059 ieee80211_state_name[ostate], 2060 ieee80211_state_name[nstate]); 2061 2062 IEEE80211_UNLOCK(ic); 2063 RUN_LOCK(sc); 2064 2065 ratectl = sc->ratectl_run; /* remember current state */ 2066 sc->ratectl_run = RUN_RATECTL_OFF; 2067 usb_callout_stop(&sc->ratectl_ch); 2068 2069 if (ostate == IEEE80211_S_RUN) { 2070 /* turn link LED off */ 2071 run_set_leds(sc, RT2860_LED_RADIO); 2072 } 2073 2074 switch (nstate) { 2075 case IEEE80211_S_INIT: 2076 restart_ratectl = 1; 2077 2078 if (ostate != IEEE80211_S_RUN) 2079 break; 2080 2081 ratectl &= ~bid; 2082 sc->runbmap &= ~bid; 2083 2084 /* abort TSF synchronization if there is no vap running */ 2085 if (--sc->running == 0) { 2086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2087 run_write(sc, RT2860_BCN_TIME_CFG, 2088 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2089 RT2860_TBTT_TIMER_EN)); 2090 } 2091 break; 2092 2093 case IEEE80211_S_RUN: 2094 if (!(sc->runbmap & bid)) { 2095 if(sc->running++) 2096 restart_ratectl = 1; 2097 sc->runbmap |= bid; 2098 } 2099 2100 m_freem(rvp->beacon_mbuf); 2101 rvp->beacon_mbuf = NULL; 2102 2103 switch (vap->iv_opmode) { 2104 case IEEE80211_M_HOSTAP: 2105 case IEEE80211_M_MBSS: 2106 sc->ap_running |= bid; 2107 ic->ic_opmode = vap->iv_opmode; 2108 run_update_beacon_cb(vap); 2109 break; 2110 case IEEE80211_M_IBSS: 2111 sc->adhoc_running |= bid; 2112 if (!sc->ap_running) 2113 ic->ic_opmode = vap->iv_opmode; 2114 run_update_beacon_cb(vap); 2115 break; 2116 case IEEE80211_M_STA: 2117 sc->sta_running |= bid; 2118 if (!sc->ap_running && !sc->adhoc_running) 2119 ic->ic_opmode = vap->iv_opmode; 2120 2121 /* read statistic counters (clear on read) */ 2122 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2123 (uint8_t *)sta, sizeof sta); 2124 2125 break; 2126 default: 2127 ic->ic_opmode = vap->iv_opmode; 2128 break; 2129 } 2130 2131 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2132 struct ieee80211_node *ni; 2133 2134 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2135 RUN_UNLOCK(sc); 2136 IEEE80211_LOCK(ic); 2137 return (-1); 2138 } 2139 run_updateslot(ic); 2140 run_enable_mrr(sc); 2141 run_set_txpreamble(sc); 2142 run_set_basicrates(sc); 2143 ni = ieee80211_ref_node(vap->iv_bss); 2144 IEEE80211_ADDR_COPY(ic->ic_macaddr, ni->ni_bssid); 2145 run_set_bssid(sc, ni->ni_bssid); 2146 ieee80211_free_node(ni); 2147 run_enable_tsf_sync(sc); 2148 2149 /* enable automatic rate adaptation */ 2150 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2151 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2152 ratectl |= bid; 2153 } else 2154 run_enable_tsf(sc); 2155 2156 /* turn link LED on */ 2157 run_set_leds(sc, RT2860_LED_RADIO | 2158 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2159 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2160 2161 break; 2162 default: 2163 DPRINTFN(6, "undefined case\n"); 2164 break; 2165 } 2166 2167 /* restart amrr for running VAPs */ 2168 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2169 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2170 2171 RUN_UNLOCK(sc); 2172 IEEE80211_LOCK(ic); 2173 2174 return(rvp->newstate(vap, nstate, arg)); 2175} 2176 2177/* ARGSUSED */ 2178static void 2179run_wme_update_cb(void *arg) 2180{ 2181 struct ieee80211com *ic = arg; 2182 struct run_softc *sc = ic->ic_softc; 2183 const struct wmeParams *ac = 2184 ic->ic_wme.wme_chanParams.cap_wmeParams; 2185 int aci, error = 0; 2186 2187 RUN_LOCK_ASSERT(sc, MA_OWNED); 2188 2189 /* update MAC TX configuration registers */ 2190 for (aci = 0; aci < WME_NUM_AC; aci++) { 2191 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2192 ac[aci].wmep_logcwmax << 16 | 2193 ac[aci].wmep_logcwmin << 12 | 2194 ac[aci].wmep_aifsn << 8 | 2195 ac[aci].wmep_txopLimit); 2196 if (error) goto err; 2197 } 2198 2199 /* update SCH/DMA registers too */ 2200 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2201 ac[WME_AC_VO].wmep_aifsn << 12 | 2202 ac[WME_AC_VI].wmep_aifsn << 8 | 2203 ac[WME_AC_BK].wmep_aifsn << 4 | 2204 ac[WME_AC_BE].wmep_aifsn); 2205 if (error) goto err; 2206 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2207 ac[WME_AC_VO].wmep_logcwmin << 12 | 2208 ac[WME_AC_VI].wmep_logcwmin << 8 | 2209 ac[WME_AC_BK].wmep_logcwmin << 4 | 2210 ac[WME_AC_BE].wmep_logcwmin); 2211 if (error) goto err; 2212 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2213 ac[WME_AC_VO].wmep_logcwmax << 12 | 2214 ac[WME_AC_VI].wmep_logcwmax << 8 | 2215 ac[WME_AC_BK].wmep_logcwmax << 4 | 2216 ac[WME_AC_BE].wmep_logcwmax); 2217 if (error) goto err; 2218 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2219 ac[WME_AC_BK].wmep_txopLimit << 16 | 2220 ac[WME_AC_BE].wmep_txopLimit); 2221 if (error) goto err; 2222 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2223 ac[WME_AC_VO].wmep_txopLimit << 16 | 2224 ac[WME_AC_VI].wmep_txopLimit); 2225 2226err: 2227 if (error) 2228 DPRINTF("WME update failed\n"); 2229 2230 return; 2231} 2232 2233static int 2234run_wme_update(struct ieee80211com *ic) 2235{ 2236 struct run_softc *sc = ic->ic_softc; 2237 2238 /* sometime called wothout lock */ 2239 if (mtx_owned(&ic->ic_comlock.mtx)) { 2240 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2241 DPRINTF("cmdq_store=%d\n", i); 2242 sc->cmdq[i].func = run_wme_update_cb; 2243 sc->cmdq[i].arg0 = ic; 2244 ieee80211_runtask(ic, &sc->cmdq_task); 2245 return (0); 2246 } 2247 2248 RUN_LOCK(sc); 2249 run_wme_update_cb(ic); 2250 RUN_UNLOCK(sc); 2251 2252 /* return whatever, upper layer doesn't care anyway */ 2253 return (0); 2254} 2255 2256static void 2257run_key_set_cb(void *arg) 2258{ 2259 struct run_cmdq *cmdq = arg; 2260 struct ieee80211vap *vap = cmdq->arg1; 2261 struct ieee80211_key *k = cmdq->k; 2262 struct ieee80211com *ic = vap->iv_ic; 2263 struct run_softc *sc = ic->ic_softc; 2264 struct ieee80211_node *ni; 2265 u_int cipher = k->wk_cipher->ic_cipher; 2266 uint32_t attr; 2267 uint16_t base, associd; 2268 uint8_t mode, wcid, iv[8]; 2269 2270 RUN_LOCK_ASSERT(sc, MA_OWNED); 2271 2272 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2273 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2274 else 2275 ni = vap->iv_bss; 2276 associd = (ni != NULL) ? ni->ni_associd : 0; 2277 2278 /* map net80211 cipher to RT2860 security mode */ 2279 switch (cipher) { 2280 case IEEE80211_CIPHER_WEP: 2281 if(k->wk_keylen < 8) 2282 mode = RT2860_MODE_WEP40; 2283 else 2284 mode = RT2860_MODE_WEP104; 2285 break; 2286 case IEEE80211_CIPHER_TKIP: 2287 mode = RT2860_MODE_TKIP; 2288 break; 2289 case IEEE80211_CIPHER_AES_CCM: 2290 mode = RT2860_MODE_AES_CCMP; 2291 break; 2292 default: 2293 DPRINTF("undefined case\n"); 2294 return; 2295 } 2296 2297 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2298 associd, k->wk_keyix, mode, 2299 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2300 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2301 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2302 2303 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2304 wcid = 0; /* NB: update WCID0 for group keys */ 2305 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2306 } else { 2307 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2308 1 : RUN_AID2WCID(associd); 2309 base = RT2860_PKEY(wcid); 2310 } 2311 2312 if (cipher == IEEE80211_CIPHER_TKIP) { 2313 if(run_write_region_1(sc, base, k->wk_key, 16)) 2314 return; 2315 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2316 return; 2317 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2318 return; 2319 } else { 2320 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2321 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2322 return; 2323 } 2324 2325 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2326 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2327 /* set initial packet number in IV+EIV */ 2328 if (cipher == IEEE80211_CIPHER_WEP) { 2329 memset(iv, 0, sizeof iv); 2330 iv[3] = vap->iv_def_txkey << 6; 2331 } else { 2332 if (cipher == IEEE80211_CIPHER_TKIP) { 2333 iv[0] = k->wk_keytsc >> 8; 2334 iv[1] = (iv[0] | 0x20) & 0x7f; 2335 iv[2] = k->wk_keytsc; 2336 } else /* CCMP */ { 2337 iv[0] = k->wk_keytsc; 2338 iv[1] = k->wk_keytsc >> 8; 2339 iv[2] = 0; 2340 } 2341 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2342 iv[4] = k->wk_keytsc >> 16; 2343 iv[5] = k->wk_keytsc >> 24; 2344 iv[6] = k->wk_keytsc >> 32; 2345 iv[7] = k->wk_keytsc >> 40; 2346 } 2347 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2348 return; 2349 } 2350 2351 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2352 /* install group key */ 2353 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2354 return; 2355 attr &= ~(0xf << (k->wk_keyix * 4)); 2356 attr |= mode << (k->wk_keyix * 4); 2357 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2358 return; 2359 } else { 2360 /* install pairwise key */ 2361 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2362 return; 2363 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2364 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2365 return; 2366 } 2367 2368 /* TODO create a pass-thru key entry? */ 2369 2370 /* need wcid to delete the right key later */ 2371 k->wk_pad = wcid; 2372} 2373 2374/* 2375 * Don't have to be deferred, but in order to keep order of 2376 * execution, i.e. with run_key_delete(), defer this and let 2377 * run_cmdq_cb() maintain the order. 2378 * 2379 * return 0 on error 2380 */ 2381static int 2382run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2383{ 2384 struct ieee80211com *ic = vap->iv_ic; 2385 struct run_softc *sc = ic->ic_softc; 2386 uint32_t i; 2387 2388 i = RUN_CMDQ_GET(&sc->cmdq_store); 2389 DPRINTF("cmdq_store=%d\n", i); 2390 sc->cmdq[i].func = run_key_set_cb; 2391 sc->cmdq[i].arg0 = NULL; 2392 sc->cmdq[i].arg1 = vap; 2393 sc->cmdq[i].k = k; 2394 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2395 ieee80211_runtask(ic, &sc->cmdq_task); 2396 2397 /* 2398 * To make sure key will be set when hostapd 2399 * calls iv_key_set() before if_init(). 2400 */ 2401 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2402 RUN_LOCK(sc); 2403 sc->cmdq_key_set = RUN_CMDQ_GO; 2404 RUN_UNLOCK(sc); 2405 } 2406 2407 return (1); 2408} 2409 2410/* 2411 * If wlan is destroyed without being brought down i.e. without 2412 * wlan down or wpa_cli terminate, this function is called after 2413 * vap is gone. Don't refer it. 2414 */ 2415static void 2416run_key_delete_cb(void *arg) 2417{ 2418 struct run_cmdq *cmdq = arg; 2419 struct run_softc *sc = cmdq->arg1; 2420 struct ieee80211_key *k = &cmdq->key; 2421 uint32_t attr; 2422 uint8_t wcid; 2423 2424 RUN_LOCK_ASSERT(sc, MA_OWNED); 2425 2426 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2427 /* remove group key */ 2428 DPRINTF("removing group key\n"); 2429 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2430 attr &= ~(0xf << (k->wk_keyix * 4)); 2431 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2432 } else { 2433 /* remove pairwise key */ 2434 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2435 /* matching wcid was written to wk_pad in run_key_set() */ 2436 wcid = k->wk_pad; 2437 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2438 attr &= ~0xf; 2439 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2440 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2441 } 2442 2443 k->wk_pad = 0; 2444} 2445 2446/* 2447 * return 0 on error 2448 */ 2449static int 2450run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2451{ 2452 struct ieee80211com *ic = vap->iv_ic; 2453 struct run_softc *sc = ic->ic_softc; 2454 struct ieee80211_key *k0; 2455 uint32_t i; 2456 2457 /* 2458 * When called back, key might be gone. So, make a copy 2459 * of some values need to delete keys before deferring. 2460 * But, because of LOR with node lock, cannot use lock here. 2461 * So, use atomic instead. 2462 */ 2463 i = RUN_CMDQ_GET(&sc->cmdq_store); 2464 DPRINTF("cmdq_store=%d\n", i); 2465 sc->cmdq[i].func = run_key_delete_cb; 2466 sc->cmdq[i].arg0 = NULL; 2467 sc->cmdq[i].arg1 = sc; 2468 k0 = &sc->cmdq[i].key; 2469 k0->wk_flags = k->wk_flags; 2470 k0->wk_keyix = k->wk_keyix; 2471 /* matching wcid was written to wk_pad in run_key_set() */ 2472 k0->wk_pad = k->wk_pad; 2473 ieee80211_runtask(ic, &sc->cmdq_task); 2474 return (1); /* return fake success */ 2475 2476} 2477 2478static void 2479run_ratectl_to(void *arg) 2480{ 2481 struct run_softc *sc = arg; 2482 2483 /* do it in a process context, so it can go sleep */ 2484 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2485 /* next timeout will be rescheduled in the callback task */ 2486} 2487 2488/* ARGSUSED */ 2489static void 2490run_ratectl_cb(void *arg, int pending) 2491{ 2492 struct run_softc *sc = arg; 2493 struct ieee80211com *ic = &sc->sc_ic; 2494 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2495 2496 if (vap == NULL) 2497 return; 2498 2499 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2500 /* 2501 * run_reset_livelock() doesn't do anything with AMRR, 2502 * but Ralink wants us to call it every 1 sec. So, we 2503 * piggyback here rather than creating another callout. 2504 * Livelock may occur only in HOSTAP or IBSS mode 2505 * (when h/w is sending beacons). 2506 */ 2507 RUN_LOCK(sc); 2508 run_reset_livelock(sc); 2509 /* just in case, there are some stats to drain */ 2510 run_drain_fifo(sc); 2511 RUN_UNLOCK(sc); 2512 } 2513 2514 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2515 2516 RUN_LOCK(sc); 2517 if(sc->ratectl_run != RUN_RATECTL_OFF) 2518 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2519 RUN_UNLOCK(sc); 2520} 2521 2522static void 2523run_drain_fifo(void *arg) 2524{ 2525 struct run_softc *sc = arg; 2526 uint32_t stat; 2527 uint16_t (*wstat)[3]; 2528 uint8_t wcid, mcs, pid; 2529 int8_t retry; 2530 2531 RUN_LOCK_ASSERT(sc, MA_OWNED); 2532 2533 for (;;) { 2534 /* drain Tx status FIFO (maxsize = 16) */ 2535 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2536 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2537 if (!(stat & RT2860_TXQ_VLD)) 2538 break; 2539 2540 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2541 2542 /* if no ACK was requested, no feedback is available */ 2543 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2544 wcid == 0) 2545 continue; 2546 2547 /* 2548 * Even though each stat is Tx-complete-status like format, 2549 * the device can poll stats. Because there is no guarantee 2550 * that the referring node is still around when read the stats. 2551 * So that, if we use ieee80211_ratectl_tx_update(), we will 2552 * have hard time not to refer already freed node. 2553 * 2554 * To eliminate such page faults, we poll stats in softc. 2555 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2556 */ 2557 wstat = &(sc->wcid_stats[wcid]); 2558 (*wstat)[RUN_TXCNT]++; 2559 if (stat & RT2860_TXQ_OK) 2560 (*wstat)[RUN_SUCCESS]++; 2561 else 2562 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2563 /* 2564 * Check if there were retries, ie if the Tx success rate is 2565 * different from the requested rate. Note that it works only 2566 * because we do not allow rate fallback from OFDM to CCK. 2567 */ 2568 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2569 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2570 if ((retry = pid -1 - mcs) > 0) { 2571 (*wstat)[RUN_TXCNT] += retry; 2572 (*wstat)[RUN_RETRY] += retry; 2573 } 2574 } 2575 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2576 2577 sc->fifo_cnt = 0; 2578} 2579 2580static void 2581run_iter_func(void *arg, struct ieee80211_node *ni) 2582{ 2583 struct run_softc *sc = arg; 2584 struct ieee80211vap *vap = ni->ni_vap; 2585 struct run_node *rn = RUN_NODE(ni); 2586 union run_stats sta[2]; 2587 uint16_t (*wstat)[3]; 2588 int txcnt, success, retrycnt, error; 2589 2590 RUN_LOCK(sc); 2591 2592 /* Check for special case */ 2593 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2594 ni != vap->iv_bss) 2595 goto fail; 2596 2597 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2598 vap->iv_opmode == IEEE80211_M_STA)) { 2599 /* read statistic counters (clear on read) and update AMRR state */ 2600 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2601 sizeof sta); 2602 if (error != 0) 2603 goto fail; 2604 2605 /* count failed TX as errors */ 2606 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2607 le16toh(sta[0].error.fail)); 2608 2609 retrycnt = le16toh(sta[1].tx.retry); 2610 success = le16toh(sta[1].tx.success); 2611 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2612 2613 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2614 retrycnt, success, le16toh(sta[0].error.fail)); 2615 } else { 2616 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2617 2618 if (wstat == &(sc->wcid_stats[0]) || 2619 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2620 goto fail; 2621 2622 txcnt = (*wstat)[RUN_TXCNT]; 2623 success = (*wstat)[RUN_SUCCESS]; 2624 retrycnt = (*wstat)[RUN_RETRY]; 2625 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2626 retrycnt, txcnt, success); 2627 2628 memset(wstat, 0, sizeof(*wstat)); 2629 } 2630 2631 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2632 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2633 2634fail: 2635 RUN_UNLOCK(sc); 2636 2637 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2638} 2639 2640static void 2641run_newassoc_cb(void *arg) 2642{ 2643 struct run_cmdq *cmdq = arg; 2644 struct ieee80211_node *ni = cmdq->arg1; 2645 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2646 uint8_t wcid = cmdq->wcid; 2647 2648 RUN_LOCK_ASSERT(sc, MA_OWNED); 2649 2650 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2651 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2652 2653 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2654} 2655 2656static void 2657run_newassoc(struct ieee80211_node *ni, int isnew) 2658{ 2659 struct run_node *rn = RUN_NODE(ni); 2660 struct ieee80211_rateset *rs = &ni->ni_rates; 2661 struct ieee80211vap *vap = ni->ni_vap; 2662 struct ieee80211com *ic = vap->iv_ic; 2663 struct run_softc *sc = ic->ic_softc; 2664 uint8_t rate; 2665 uint8_t ridx; 2666 uint8_t wcid; 2667 int i, j; 2668 2669 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2670 1 : RUN_AID2WCID(ni->ni_associd); 2671 2672 if (wcid > RT2870_WCID_MAX) { 2673 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2674 return; 2675 } 2676 2677 /* only interested in true associations */ 2678 if (isnew && ni->ni_associd != 0) { 2679 2680 /* 2681 * This function could is called though timeout function. 2682 * Need to defer. 2683 */ 2684 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2685 DPRINTF("cmdq_store=%d\n", cnt); 2686 sc->cmdq[cnt].func = run_newassoc_cb; 2687 sc->cmdq[cnt].arg0 = NULL; 2688 sc->cmdq[cnt].arg1 = ni; 2689 sc->cmdq[cnt].wcid = wcid; 2690 ieee80211_runtask(ic, &sc->cmdq_task); 2691 } 2692 2693 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2694 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2695 2696 for (i = 0; i < rs->rs_nrates; i++) { 2697 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2698 /* convert 802.11 rate to hardware rate index */ 2699 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2700 if (rt2860_rates[ridx].rate == rate) 2701 break; 2702 rn->ridx[i] = ridx; 2703 /* determine rate of control response frames */ 2704 for (j = i; j >= 0; j--) { 2705 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2706 rt2860_rates[rn->ridx[i]].phy == 2707 rt2860_rates[rn->ridx[j]].phy) 2708 break; 2709 } 2710 if (j >= 0) { 2711 rn->ctl_ridx[i] = rn->ridx[j]; 2712 } else { 2713 /* no basic rate found, use mandatory one */ 2714 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2715 } 2716 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2717 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2718 } 2719 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2720 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2721 if (rt2860_rates[ridx].rate == rate) 2722 break; 2723 rn->mgt_ridx = ridx; 2724 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2725 2726 RUN_LOCK(sc); 2727 if(sc->ratectl_run != RUN_RATECTL_OFF) 2728 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2729 RUN_UNLOCK(sc); 2730} 2731 2732/* 2733 * Return the Rx chain with the highest RSSI for a given frame. 2734 */ 2735static __inline uint8_t 2736run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2737{ 2738 uint8_t rxchain = 0; 2739 2740 if (sc->nrxchains > 1) { 2741 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2742 rxchain = 1; 2743 if (sc->nrxchains > 2) 2744 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2745 rxchain = 2; 2746 } 2747 return (rxchain); 2748} 2749 2750static void 2751run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2752 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2753{ 2754 struct ieee80211vap *vap = ni->ni_vap; 2755 struct run_softc *sc = vap->iv_ic->ic_softc; 2756 struct run_vap *rvp = RUN_VAP(vap); 2757 uint64_t ni_tstamp, rx_tstamp; 2758 2759 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2760 2761 if (vap->iv_state == IEEE80211_S_RUN && 2762 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2763 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2764 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2765 RUN_LOCK(sc); 2766 run_get_tsf(sc, &rx_tstamp); 2767 RUN_UNLOCK(sc); 2768 rx_tstamp = le64toh(rx_tstamp); 2769 2770 if (ni_tstamp >= rx_tstamp) { 2771 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2772 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2773 (void) ieee80211_ibss_merge(ni); 2774 } 2775 } 2776} 2777 2778static void 2779run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2780{ 2781 struct ieee80211com *ic = &sc->sc_ic; 2782 struct ieee80211_frame *wh; 2783 struct ieee80211_node *ni; 2784 struct rt2870_rxd *rxd; 2785 struct rt2860_rxwi *rxwi; 2786 uint32_t flags; 2787 uint16_t len, rxwisize; 2788 uint8_t ant, rssi; 2789 int8_t nf; 2790 2791 rxwi = mtod(m, struct rt2860_rxwi *); 2792 len = le16toh(rxwi->len) & 0xfff; 2793 rxwisize = sizeof(struct rt2860_rxwi); 2794 if (sc->mac_ver == 0x5592) 2795 rxwisize += sizeof(uint64_t); 2796 else if (sc->mac_ver == 0x3593) 2797 rxwisize += sizeof(uint32_t); 2798 if (__predict_false(len > dmalen)) { 2799 m_freem(m); 2800 counter_u64_add(ic->ic_ierrors, 1); 2801 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2802 return; 2803 } 2804 /* Rx descriptor is located at the end */ 2805 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2806 flags = le32toh(rxd->flags); 2807 2808 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2809 m_freem(m); 2810 counter_u64_add(ic->ic_ierrors, 1); 2811 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2812 return; 2813 } 2814 2815 m->m_data += rxwisize; 2816 m->m_pkthdr.len = m->m_len -= rxwisize; 2817 2818 wh = mtod(m, struct ieee80211_frame *); 2819 2820 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2821 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2822 m->m_flags |= M_WEP; 2823 } 2824 2825 if (flags & RT2860_RX_L2PAD) { 2826 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2827 len += 2; 2828 } 2829 2830 ni = ieee80211_find_rxnode(ic, 2831 mtod(m, struct ieee80211_frame_min *)); 2832 2833 if (__predict_false(flags & RT2860_RX_MICERR)) { 2834 /* report MIC failures to net80211 for TKIP */ 2835 if (ni != NULL) 2836 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2837 rxwi->keyidx); 2838 m_freem(m); 2839 counter_u64_add(ic->ic_ierrors, 1); 2840 DPRINTF("MIC error. Someone is lying.\n"); 2841 return; 2842 } 2843 2844 ant = run_maxrssi_chain(sc, rxwi); 2845 rssi = rxwi->rssi[ant]; 2846 nf = run_rssi2dbm(sc, rssi, ant); 2847 2848 m->m_pkthdr.len = m->m_len = len; 2849 2850 if (ni != NULL) { 2851 (void)ieee80211_input(ni, m, rssi, nf); 2852 ieee80211_free_node(ni); 2853 } else { 2854 (void)ieee80211_input_all(ic, m, rssi, nf); 2855 } 2856 2857 if (__predict_false(ieee80211_radiotap_active(ic))) { 2858 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2859 uint16_t phy; 2860 2861 tap->wr_flags = 0; 2862 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2863 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2864 tap->wr_antsignal = rssi; 2865 tap->wr_antenna = ant; 2866 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2867 tap->wr_rate = 2; /* in case it can't be found below */ 2868 run_get_tsf(sc, &tap->wr_tsf); 2869 phy = le16toh(rxwi->phy); 2870 switch (phy & RT2860_PHY_MODE) { 2871 case RT2860_PHY_CCK: 2872 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2873 case 0: tap->wr_rate = 2; break; 2874 case 1: tap->wr_rate = 4; break; 2875 case 2: tap->wr_rate = 11; break; 2876 case 3: tap->wr_rate = 22; break; 2877 } 2878 if (phy & RT2860_PHY_SHPRE) 2879 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2880 break; 2881 case RT2860_PHY_OFDM: 2882 switch (phy & RT2860_PHY_MCS) { 2883 case 0: tap->wr_rate = 12; break; 2884 case 1: tap->wr_rate = 18; break; 2885 case 2: tap->wr_rate = 24; break; 2886 case 3: tap->wr_rate = 36; break; 2887 case 4: tap->wr_rate = 48; break; 2888 case 5: tap->wr_rate = 72; break; 2889 case 6: tap->wr_rate = 96; break; 2890 case 7: tap->wr_rate = 108; break; 2891 } 2892 break; 2893 } 2894 } 2895} 2896 2897static void 2898run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2899{ 2900 struct run_softc *sc = usbd_xfer_softc(xfer); 2901 struct ieee80211com *ic = &sc->sc_ic; 2902 struct mbuf *m = NULL; 2903 struct mbuf *m0; 2904 uint32_t dmalen; 2905 uint16_t rxwisize; 2906 int xferlen; 2907 2908 rxwisize = sizeof(struct rt2860_rxwi); 2909 if (sc->mac_ver == 0x5592) 2910 rxwisize += sizeof(uint64_t); 2911 else if (sc->mac_ver == 0x3593) 2912 rxwisize += sizeof(uint32_t); 2913 2914 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2915 2916 switch (USB_GET_STATE(xfer)) { 2917 case USB_ST_TRANSFERRED: 2918 2919 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2920 2921 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2922 sizeof(struct rt2870_rxd))) { 2923 DPRINTF("xfer too short %d\n", xferlen); 2924 goto tr_setup; 2925 } 2926 2927 m = sc->rx_m; 2928 sc->rx_m = NULL; 2929 2930 /* FALLTHROUGH */ 2931 case USB_ST_SETUP: 2932tr_setup: 2933 if (sc->rx_m == NULL) { 2934 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2935 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2936 } 2937 if (sc->rx_m == NULL) { 2938 DPRINTF("could not allocate mbuf - idle with stall\n"); 2939 counter_u64_add(ic->ic_ierrors, 1); 2940 usbd_xfer_set_stall(xfer); 2941 usbd_xfer_set_frames(xfer, 0); 2942 } else { 2943 /* 2944 * Directly loading a mbuf cluster into DMA to 2945 * save some data copying. This works because 2946 * there is only one cluster. 2947 */ 2948 usbd_xfer_set_frame_data(xfer, 0, 2949 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2950 usbd_xfer_set_frames(xfer, 1); 2951 } 2952 usbd_transfer_submit(xfer); 2953 break; 2954 2955 default: /* Error */ 2956 if (error != USB_ERR_CANCELLED) { 2957 /* try to clear stall first */ 2958 usbd_xfer_set_stall(xfer); 2959 if (error == USB_ERR_TIMEOUT) 2960 device_printf(sc->sc_dev, "device timeout\n"); 2961 counter_u64_add(ic->ic_ierrors, 1); 2962 goto tr_setup; 2963 } 2964 if (sc->rx_m != NULL) { 2965 m_freem(sc->rx_m); 2966 sc->rx_m = NULL; 2967 } 2968 break; 2969 } 2970 2971 if (m == NULL) 2972 return; 2973 2974 /* inputting all the frames must be last */ 2975 2976 RUN_UNLOCK(sc); 2977 2978 m->m_pkthdr.len = m->m_len = xferlen; 2979 2980 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2981 for(;;) { 2982 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2983 2984 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2985 ((dmalen & 3) != 0)) { 2986 DPRINTF("bad DMA length %u\n", dmalen); 2987 break; 2988 } 2989 if ((dmalen + 8) > (uint32_t)xferlen) { 2990 DPRINTF("bad DMA length %u > %d\n", 2991 dmalen + 8, xferlen); 2992 break; 2993 } 2994 2995 /* If it is the last one or a single frame, we won't copy. */ 2996 if ((xferlen -= dmalen + 8) <= 8) { 2997 /* trim 32-bit DMA-len header */ 2998 m->m_data += 4; 2999 m->m_pkthdr.len = m->m_len -= 4; 3000 run_rx_frame(sc, m, dmalen); 3001 m = NULL; /* don't free source buffer */ 3002 break; 3003 } 3004 3005 /* copy aggregated frames to another mbuf */ 3006 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3007 if (__predict_false(m0 == NULL)) { 3008 DPRINTF("could not allocate mbuf\n"); 3009 counter_u64_add(ic->ic_ierrors, 1); 3010 break; 3011 } 3012 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3013 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3014 m0->m_pkthdr.len = m0->m_len = 3015 dmalen + sizeof(struct rt2870_rxd); 3016 run_rx_frame(sc, m0, dmalen); 3017 3018 /* update data ptr */ 3019 m->m_data += dmalen + 8; 3020 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3021 } 3022 3023 /* make sure we free the source buffer, if any */ 3024 m_freem(m); 3025 3026 RUN_LOCK(sc); 3027} 3028 3029static void 3030run_tx_free(struct run_endpoint_queue *pq, 3031 struct run_tx_data *data, int txerr) 3032{ 3033 if (data->m != NULL) { 3034 if (data->m->m_flags & M_TXCB) 3035 ieee80211_process_callback(data->ni, data->m, 3036 txerr ? ETIMEDOUT : 0); 3037 m_freem(data->m); 3038 data->m = NULL; 3039 3040 if (data->ni == NULL) { 3041 DPRINTF("no node\n"); 3042 } else { 3043 ieee80211_free_node(data->ni); 3044 data->ni = NULL; 3045 } 3046 } 3047 3048 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3049 pq->tx_nfree++; 3050} 3051 3052static void 3053run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3054{ 3055 struct run_softc *sc = usbd_xfer_softc(xfer); 3056 struct ieee80211com *ic = &sc->sc_ic; 3057 struct run_tx_data *data; 3058 struct ieee80211vap *vap = NULL; 3059 struct usb_page_cache *pc; 3060 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3061 struct mbuf *m; 3062 usb_frlength_t size; 3063 int actlen; 3064 int sumlen; 3065 3066 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3067 3068 switch (USB_GET_STATE(xfer)) { 3069 case USB_ST_TRANSFERRED: 3070 DPRINTFN(11, "transfer complete: %d " 3071 "bytes @ index %d\n", actlen, index); 3072 3073 data = usbd_xfer_get_priv(xfer); 3074 run_tx_free(pq, data, 0); 3075 usbd_xfer_set_priv(xfer, NULL); 3076 3077 /* FALLTHROUGH */ 3078 case USB_ST_SETUP: 3079tr_setup: 3080 data = STAILQ_FIRST(&pq->tx_qh); 3081 if (data == NULL) 3082 break; 3083 3084 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3085 3086 m = data->m; 3087 size = (sc->mac_ver == 0x5592) ? 3088 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3089 if ((m->m_pkthdr.len + 3090 size + 3 + 8) > RUN_MAX_TXSZ) { 3091 DPRINTF("data overflow, %u bytes\n", 3092 m->m_pkthdr.len); 3093 run_tx_free(pq, data, 1); 3094 goto tr_setup; 3095 } 3096 3097 pc = usbd_xfer_get_frame(xfer, 0); 3098 usbd_copy_in(pc, 0, &data->desc, size); 3099 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3100 size += m->m_pkthdr.len; 3101 /* 3102 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3103 * 4-byte padding), and be sure to zero those trailing 3104 * bytes: 3105 */ 3106 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3107 size += ((-size) & 3) + 8; 3108 3109 vap = data->ni->ni_vap; 3110 if (ieee80211_radiotap_active_vap(vap)) { 3111 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3112 struct rt2860_txwi *txwi = 3113 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3114 tap->wt_flags = 0; 3115 tap->wt_rate = rt2860_rates[data->ridx].rate; 3116 run_get_tsf(sc, &tap->wt_tsf); 3117 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3118 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3119 tap->wt_hwqueue = index; 3120 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3121 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3122 3123 ieee80211_radiotap_tx(vap, m); 3124 } 3125 3126 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3127 m->m_pkthdr.len, size, index); 3128 3129 usbd_xfer_set_frame_len(xfer, 0, size); 3130 usbd_xfer_set_priv(xfer, data); 3131 usbd_transfer_submit(xfer); 3132 run_start(sc); 3133 3134 break; 3135 3136 default: 3137 DPRINTF("USB transfer error, %s\n", 3138 usbd_errstr(error)); 3139 3140 data = usbd_xfer_get_priv(xfer); 3141 3142 if (data != NULL) { 3143 if(data->ni != NULL) 3144 vap = data->ni->ni_vap; 3145 run_tx_free(pq, data, error); 3146 usbd_xfer_set_priv(xfer, NULL); 3147 } 3148 3149 if (vap == NULL) 3150 vap = TAILQ_FIRST(&ic->ic_vaps); 3151 3152 if (error != USB_ERR_CANCELLED) { 3153 if (error == USB_ERR_TIMEOUT) { 3154 device_printf(sc->sc_dev, "device timeout\n"); 3155 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3156 DPRINTF("cmdq_store=%d\n", i); 3157 sc->cmdq[i].func = run_usb_timeout_cb; 3158 sc->cmdq[i].arg0 = vap; 3159 ieee80211_runtask(ic, &sc->cmdq_task); 3160 } 3161 3162 /* 3163 * Try to clear stall first, also if other 3164 * errors occur, hence clearing stall 3165 * introduces a 50 ms delay: 3166 */ 3167 usbd_xfer_set_stall(xfer); 3168 goto tr_setup; 3169 } 3170 break; 3171 } 3172} 3173 3174static void 3175run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3176{ 3177 run_bulk_tx_callbackN(xfer, error, 0); 3178} 3179 3180static void 3181run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3182{ 3183 run_bulk_tx_callbackN(xfer, error, 1); 3184} 3185 3186static void 3187run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3188{ 3189 run_bulk_tx_callbackN(xfer, error, 2); 3190} 3191 3192static void 3193run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3194{ 3195 run_bulk_tx_callbackN(xfer, error, 3); 3196} 3197 3198static void 3199run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3200{ 3201 run_bulk_tx_callbackN(xfer, error, 4); 3202} 3203 3204static void 3205run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3206{ 3207 run_bulk_tx_callbackN(xfer, error, 5); 3208} 3209 3210static void 3211run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3212{ 3213 struct mbuf *m = data->m; 3214 struct ieee80211com *ic = &sc->sc_ic; 3215 struct ieee80211vap *vap = data->ni->ni_vap; 3216 struct ieee80211_frame *wh; 3217 struct rt2870_txd *txd; 3218 struct rt2860_txwi *txwi; 3219 uint16_t xferlen, txwisize; 3220 uint16_t mcs; 3221 uint8_t ridx = data->ridx; 3222 uint8_t pad; 3223 3224 /* get MCS code from rate index */ 3225 mcs = rt2860_rates[ridx].mcs; 3226 3227 txwisize = (sc->mac_ver == 0x5592) ? 3228 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3229 xferlen = txwisize + m->m_pkthdr.len; 3230 3231 /* roundup to 32-bit alignment */ 3232 xferlen = (xferlen + 3) & ~3; 3233 3234 txd = (struct rt2870_txd *)&data->desc; 3235 txd->len = htole16(xferlen); 3236 3237 wh = mtod(m, struct ieee80211_frame *); 3238 3239 /* 3240 * Ether both are true or both are false, the header 3241 * are nicely aligned to 32-bit. So, no L2 padding. 3242 */ 3243 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3244 pad = 0; 3245 else 3246 pad = 2; 3247 3248 /* setup TX Wireless Information */ 3249 txwi = (struct rt2860_txwi *)(txd + 1); 3250 txwi->len = htole16(m->m_pkthdr.len - pad); 3251 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3252 mcs |= RT2860_PHY_CCK; 3253 if (ridx != RT2860_RIDX_CCK1 && 3254 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3255 mcs |= RT2860_PHY_SHPRE; 3256 } else 3257 mcs |= RT2860_PHY_OFDM; 3258 txwi->phy = htole16(mcs); 3259 3260 /* check if RTS/CTS or CTS-to-self protection is required */ 3261 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3262 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3263 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3264 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3265 txwi->txop |= RT2860_TX_TXOP_HT; 3266 else 3267 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3268 3269 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3270 txwi->xflags |= RT2860_TX_NSEQ; 3271} 3272 3273/* This function must be called locked */ 3274static int 3275run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3276{ 3277 struct ieee80211com *ic = &sc->sc_ic; 3278 struct ieee80211vap *vap = ni->ni_vap; 3279 struct ieee80211_frame *wh; 3280 struct ieee80211_channel *chan; 3281 const struct ieee80211_txparam *tp; 3282 struct run_node *rn = RUN_NODE(ni); 3283 struct run_tx_data *data; 3284 struct rt2870_txd *txd; 3285 struct rt2860_txwi *txwi; 3286 uint16_t qos; 3287 uint16_t dur; 3288 uint16_t qid; 3289 uint8_t type; 3290 uint8_t tid; 3291 uint8_t ridx; 3292 uint8_t ctl_ridx; 3293 uint8_t qflags; 3294 uint8_t xflags = 0; 3295 int hasqos; 3296 3297 RUN_LOCK_ASSERT(sc, MA_OWNED); 3298 3299 wh = mtod(m, struct ieee80211_frame *); 3300 3301 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3302 3303 /* 3304 * There are 7 bulk endpoints: 1 for RX 3305 * and 6 for TX (4 EDCAs + HCCA + Prio). 3306 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3307 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3308 */ 3309 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3310 uint8_t *frm; 3311 3312 if(IEEE80211_HAS_ADDR4(wh)) 3313 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3314 else 3315 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3316 3317 qos = le16toh(*(const uint16_t *)frm); 3318 tid = qos & IEEE80211_QOS_TID; 3319 qid = TID_TO_WME_AC(tid); 3320 } else { 3321 qos = 0; 3322 tid = 0; 3323 qid = WME_AC_BE; 3324 } 3325 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3326 3327 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3328 qos, qid, tid, qflags); 3329 3330 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3331 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3332 3333 /* pickup a rate index */ 3334 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3335 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3336 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3337 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3338 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3339 } else { 3340 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3341 ridx = rn->fix_ridx; 3342 else 3343 ridx = rn->amrr_ridx; 3344 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3345 } 3346 3347 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3348 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3349 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3350 xflags |= RT2860_TX_ACK; 3351 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3352 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3353 else 3354 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3355 USETW(wh->i_dur, dur); 3356 } 3357 3358 /* reserve slots for mgmt packets, just in case */ 3359 if (sc->sc_epq[qid].tx_nfree < 3) { 3360 DPRINTFN(10, "tx ring %d is full\n", qid); 3361 return (-1); 3362 } 3363 3364 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3365 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3366 sc->sc_epq[qid].tx_nfree--; 3367 3368 txd = (struct rt2870_txd *)&data->desc; 3369 txd->flags = qflags; 3370 txwi = (struct rt2860_txwi *)(txd + 1); 3371 txwi->xflags = xflags; 3372 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3373 txwi->wcid = 0; 3374 else 3375 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3376 1 : RUN_AID2WCID(ni->ni_associd); 3377 3378 /* clear leftover garbage bits */ 3379 txwi->flags = 0; 3380 txwi->txop = 0; 3381 3382 data->m = m; 3383 data->ni = ni; 3384 data->ridx = ridx; 3385 3386 run_set_tx_desc(sc, data); 3387 3388 /* 3389 * The chip keeps track of 2 kind of Tx stats, 3390 * * TX_STAT_FIFO, for per WCID stats, and 3391 * * TX_STA_CNT0 for all-TX-in-one stats. 3392 * 3393 * To use FIFO stats, we need to store MCS into the driver-private 3394 * PacketID field. So that, we can tell whose stats when we read them. 3395 * We add 1 to the MCS because setting the PacketID field to 0 means 3396 * that we don't want feedback in TX_STAT_FIFO. 3397 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3398 * 3399 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3400 */ 3401 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3402 vap->iv_opmode == IEEE80211_M_MBSS) { 3403 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3404 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3405 3406 /* 3407 * Unlike PCI based devices, we don't get any interrupt from 3408 * USB devices, so we simulate FIFO-is-full interrupt here. 3409 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3410 * quickly get fulled. To prevent overflow, increment a counter on 3411 * every FIFO stat request, so we know how many slots are left. 3412 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3413 * are used only in those modes. 3414 * We just drain stats. AMRR gets updated every 1 sec by 3415 * run_ratectl_cb() via callout. 3416 * Call it early. Otherwise overflow. 3417 */ 3418 if (sc->fifo_cnt++ == 10) { 3419 /* 3420 * With multiple vaps or if_bridge, if_start() is called 3421 * with a non-sleepable lock, tcpinp. So, need to defer. 3422 */ 3423 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3424 DPRINTFN(6, "cmdq_store=%d\n", i); 3425 sc->cmdq[i].func = run_drain_fifo; 3426 sc->cmdq[i].arg0 = sc; 3427 ieee80211_runtask(ic, &sc->cmdq_task); 3428 } 3429 } 3430 3431 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3432 3433 usbd_transfer_start(sc->sc_xfer[qid]); 3434 3435 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3436 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3437 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3438 3439 return (0); 3440} 3441 3442static int 3443run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3444{ 3445 struct ieee80211com *ic = &sc->sc_ic; 3446 struct run_node *rn = RUN_NODE(ni); 3447 struct run_tx_data *data; 3448 struct ieee80211_frame *wh; 3449 struct rt2870_txd *txd; 3450 struct rt2860_txwi *txwi; 3451 uint16_t dur; 3452 uint8_t ridx = rn->mgt_ridx; 3453 uint8_t type; 3454 uint8_t xflags = 0; 3455 uint8_t wflags = 0; 3456 3457 RUN_LOCK_ASSERT(sc, MA_OWNED); 3458 3459 wh = mtod(m, struct ieee80211_frame *); 3460 3461 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3462 3463 /* tell hardware to add timestamp for probe responses */ 3464 if ((wh->i_fc[0] & 3465 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3466 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3467 wflags |= RT2860_TX_TS; 3468 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3469 xflags |= RT2860_TX_ACK; 3470 3471 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3472 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3473 USETW(wh->i_dur, dur); 3474 } 3475 3476 if (sc->sc_epq[0].tx_nfree == 0) 3477 /* let caller free mbuf */ 3478 return (EIO); 3479 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3480 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3481 sc->sc_epq[0].tx_nfree--; 3482 3483 txd = (struct rt2870_txd *)&data->desc; 3484 txd->flags = RT2860_TX_QSEL_EDCA; 3485 txwi = (struct rt2860_txwi *)(txd + 1); 3486 txwi->wcid = 0xff; 3487 txwi->flags = wflags; 3488 txwi->xflags = xflags; 3489 txwi->txop = 0; /* clear leftover garbage bits */ 3490 3491 data->m = m; 3492 data->ni = ni; 3493 data->ridx = ridx; 3494 3495 run_set_tx_desc(sc, data); 3496 3497 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3498 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3499 rt2860_rates[ridx].rate); 3500 3501 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3502 3503 usbd_transfer_start(sc->sc_xfer[0]); 3504 3505 return (0); 3506} 3507 3508static int 3509run_sendprot(struct run_softc *sc, 3510 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3511{ 3512 struct ieee80211com *ic = ni->ni_ic; 3513 struct ieee80211_frame *wh; 3514 struct run_tx_data *data; 3515 struct rt2870_txd *txd; 3516 struct rt2860_txwi *txwi; 3517 struct mbuf *mprot; 3518 int ridx; 3519 int protrate; 3520 int ackrate; 3521 int pktlen; 3522 int isshort; 3523 uint16_t dur; 3524 uint8_t type; 3525 uint8_t wflags = 0; 3526 uint8_t xflags = 0; 3527 3528 RUN_LOCK_ASSERT(sc, MA_OWNED); 3529 3530 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3531 ("protection %d", prot)); 3532 3533 wh = mtod(m, struct ieee80211_frame *); 3534 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3535 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3536 3537 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3538 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3539 3540 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3541 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3542 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3543 wflags = RT2860_TX_FRAG; 3544 3545 /* check that there are free slots before allocating the mbuf */ 3546 if (sc->sc_epq[0].tx_nfree == 0) 3547 /* let caller free mbuf */ 3548 return (ENOBUFS); 3549 3550 if (prot == IEEE80211_PROT_RTSCTS) { 3551 /* NB: CTS is the same size as an ACK */ 3552 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3553 xflags |= RT2860_TX_ACK; 3554 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3555 } else { 3556 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3557 } 3558 if (mprot == NULL) { 3559 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3560 DPRINTF("could not allocate mbuf\n"); 3561 return (ENOBUFS); 3562 } 3563 3564 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3565 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3566 sc->sc_epq[0].tx_nfree--; 3567 3568 txd = (struct rt2870_txd *)&data->desc; 3569 txd->flags = RT2860_TX_QSEL_EDCA; 3570 txwi = (struct rt2860_txwi *)(txd + 1); 3571 txwi->wcid = 0xff; 3572 txwi->flags = wflags; 3573 txwi->xflags = xflags; 3574 txwi->txop = 0; /* clear leftover garbage bits */ 3575 3576 data->m = mprot; 3577 data->ni = ieee80211_ref_node(ni); 3578 3579 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3580 if (rt2860_rates[ridx].rate == protrate) 3581 break; 3582 data->ridx = ridx; 3583 3584 run_set_tx_desc(sc, data); 3585 3586 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3587 m->m_pkthdr.len, rate); 3588 3589 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3590 3591 usbd_transfer_start(sc->sc_xfer[0]); 3592 3593 return (0); 3594} 3595 3596static int 3597run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3598 const struct ieee80211_bpf_params *params) 3599{ 3600 struct ieee80211com *ic = ni->ni_ic; 3601 struct ieee80211_frame *wh; 3602 struct run_tx_data *data; 3603 struct rt2870_txd *txd; 3604 struct rt2860_txwi *txwi; 3605 uint8_t type; 3606 uint8_t ridx; 3607 uint8_t rate; 3608 uint8_t opflags = 0; 3609 uint8_t xflags = 0; 3610 int error; 3611 3612 RUN_LOCK_ASSERT(sc, MA_OWNED); 3613 3614 KASSERT(params != NULL, ("no raw xmit params")); 3615 3616 wh = mtod(m, struct ieee80211_frame *); 3617 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3618 3619 rate = params->ibp_rate0; 3620 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3621 /* let caller free mbuf */ 3622 return (EINVAL); 3623 } 3624 3625 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3626 xflags |= RT2860_TX_ACK; 3627 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3628 error = run_sendprot(sc, m, ni, 3629 params->ibp_flags & IEEE80211_BPF_RTS ? 3630 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3631 rate); 3632 if (error) { 3633 /* let caller free mbuf */ 3634 return error; 3635 } 3636 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3637 } 3638 3639 if (sc->sc_epq[0].tx_nfree == 0) { 3640 /* let caller free mbuf */ 3641 DPRINTF("sending raw frame, but tx ring is full\n"); 3642 return (EIO); 3643 } 3644 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3645 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3646 sc->sc_epq[0].tx_nfree--; 3647 3648 txd = (struct rt2870_txd *)&data->desc; 3649 txd->flags = RT2860_TX_QSEL_EDCA; 3650 txwi = (struct rt2860_txwi *)(txd + 1); 3651 txwi->wcid = 0xff; 3652 txwi->xflags = xflags; 3653 txwi->txop = opflags; 3654 txwi->flags = 0; /* clear leftover garbage bits */ 3655 3656 data->m = m; 3657 data->ni = ni; 3658 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3659 if (rt2860_rates[ridx].rate == rate) 3660 break; 3661 data->ridx = ridx; 3662 3663 run_set_tx_desc(sc, data); 3664 3665 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3666 m->m_pkthdr.len, rate); 3667 3668 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3669 3670 usbd_transfer_start(sc->sc_xfer[0]); 3671 3672 return (0); 3673} 3674 3675static int 3676run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3677 const struct ieee80211_bpf_params *params) 3678{ 3679 struct run_softc *sc = ni->ni_ic->ic_softc; 3680 int error = 0; 3681 3682 RUN_LOCK(sc); 3683 3684 /* prevent management frames from being sent if we're not ready */ 3685 if (!(sc->sc_flags & RUN_RUNNING)) { 3686 error = ENETDOWN; 3687 goto done; 3688 } 3689 3690 if (params == NULL) { 3691 /* tx mgt packet */ 3692 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3693 DPRINTF("mgt tx failed\n"); 3694 goto done; 3695 } 3696 } else { 3697 /* tx raw packet with param */ 3698 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3699 DPRINTF("tx with param failed\n"); 3700 goto done; 3701 } 3702 } 3703 3704done: 3705 RUN_UNLOCK(sc); 3706 3707 if (error != 0) { 3708 if(m != NULL) 3709 m_freem(m); 3710 ieee80211_free_node(ni); 3711 } 3712 3713 return (error); 3714} 3715 3716static int 3717run_transmit(struct ieee80211com *ic, struct mbuf *m) 3718{ 3719 struct run_softc *sc = ic->ic_softc; 3720 int error; 3721 3722 RUN_LOCK(sc); 3723 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3724 RUN_UNLOCK(sc); 3725 return (ENXIO); 3726 } 3727 error = mbufq_enqueue(&sc->sc_snd, m); 3728 if (error) { 3729 RUN_UNLOCK(sc); 3730 return (error); 3731 } 3732 run_start(sc); 3733 RUN_UNLOCK(sc); 3734 3735 return (0); 3736} 3737 3738static void 3739run_start(struct run_softc *sc) 3740{ 3741 struct ieee80211_node *ni; 3742 struct mbuf *m; 3743 3744 RUN_LOCK_ASSERT(sc, MA_OWNED); 3745 3746 if ((sc->sc_flags & RUN_RUNNING) == 0) 3747 return; 3748 3749 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3750 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3751 if (run_tx(sc, m, ni) != 0) { 3752 mbufq_prepend(&sc->sc_snd, m); 3753 break; 3754 } 3755 } 3756} 3757 3758static void 3759run_parent(struct ieee80211com *ic) 3760{ 3761 struct run_softc *sc = ic->ic_softc; 3762 int startall = 0; 3763 3764 RUN_LOCK(sc); 3765 if (sc->sc_detached) { 3766 RUN_UNLOCK(sc); 3767 return; 3768 } 3769 3770 if (ic->ic_nrunning > 0) { 3771 if (!(sc->sc_flags & RUN_RUNNING)) { 3772 startall = 1; 3773 run_init_locked(sc); 3774 } else 3775 run_update_promisc_locked(sc); 3776 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3777 run_stop(sc); 3778 RUN_UNLOCK(sc); 3779 if (startall) 3780 ieee80211_start_all(ic); 3781} 3782 3783static void 3784run_iq_calib(struct run_softc *sc, u_int chan) 3785{ 3786 uint16_t val; 3787 3788 /* Tx0 IQ gain. */ 3789 run_bbp_write(sc, 158, 0x2c); 3790 if (chan <= 14) 3791 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3792 else if (chan <= 64) { 3793 run_efuse_read(sc, 3794 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3795 &val, 1); 3796 } else if (chan <= 138) { 3797 run_efuse_read(sc, 3798 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3799 &val, 1); 3800 } else if (chan <= 165) { 3801 run_efuse_read(sc, 3802 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3803 &val, 1); 3804 } else 3805 val = 0; 3806 run_bbp_write(sc, 159, val); 3807 3808 /* Tx0 IQ phase. */ 3809 run_bbp_write(sc, 158, 0x2d); 3810 if (chan <= 14) { 3811 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3812 &val, 1); 3813 } else if (chan <= 64) { 3814 run_efuse_read(sc, 3815 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3816 &val, 1); 3817 } else if (chan <= 138) { 3818 run_efuse_read(sc, 3819 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3820 &val, 1); 3821 } else if (chan <= 165) { 3822 run_efuse_read(sc, 3823 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3824 &val, 1); 3825 } else 3826 val = 0; 3827 run_bbp_write(sc, 159, val); 3828 3829 /* Tx1 IQ gain. */ 3830 run_bbp_write(sc, 158, 0x4a); 3831 if (chan <= 14) { 3832 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3833 &val, 1); 3834 } else if (chan <= 64) { 3835 run_efuse_read(sc, 3836 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3837 &val, 1); 3838 } else if (chan <= 138) { 3839 run_efuse_read(sc, 3840 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3841 &val, 1); 3842 } else if (chan <= 165) { 3843 run_efuse_read(sc, 3844 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3845 &val, 1); 3846 } else 3847 val = 0; 3848 run_bbp_write(sc, 159, val); 3849 3850 /* Tx1 IQ phase. */ 3851 run_bbp_write(sc, 158, 0x4b); 3852 if (chan <= 14) { 3853 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3854 &val, 1); 3855 } else if (chan <= 64) { 3856 run_efuse_read(sc, 3857 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3858 &val, 1); 3859 } else if (chan <= 138) { 3860 run_efuse_read(sc, 3861 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3862 &val, 1); 3863 } else if (chan <= 165) { 3864 run_efuse_read(sc, 3865 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3866 &val, 1); 3867 } else 3868 val = 0; 3869 run_bbp_write(sc, 159, val); 3870 3871 /* RF IQ compensation control. */ 3872 run_bbp_write(sc, 158, 0x04); 3873 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3874 &val, 1); 3875 run_bbp_write(sc, 159, val); 3876 3877 /* RF IQ imbalance compensation control. */ 3878 run_bbp_write(sc, 158, 0x03); 3879 run_efuse_read(sc, 3880 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3881 run_bbp_write(sc, 159, val); 3882} 3883 3884static void 3885run_set_agc(struct run_softc *sc, uint8_t agc) 3886{ 3887 uint8_t bbp; 3888 3889 if (sc->mac_ver == 0x3572) { 3890 run_bbp_read(sc, 27, &bbp); 3891 bbp &= ~(0x3 << 5); 3892 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3893 run_bbp_write(sc, 66, agc); 3894 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3895 run_bbp_write(sc, 66, agc); 3896 } else 3897 run_bbp_write(sc, 66, agc); 3898} 3899 3900static void 3901run_select_chan_group(struct run_softc *sc, int group) 3902{ 3903 uint32_t tmp; 3904 uint8_t agc; 3905 3906 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3907 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3908 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3909 if (sc->mac_ver < 0x3572) 3910 run_bbp_write(sc, 86, 0x00); 3911 3912 if (sc->mac_ver == 0x3593) { 3913 run_bbp_write(sc, 77, 0x98); 3914 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3915 } 3916 3917 if (group == 0) { 3918 if (sc->ext_2ghz_lna) { 3919 if (sc->mac_ver >= 0x5390) 3920 run_bbp_write(sc, 75, 0x52); 3921 else { 3922 run_bbp_write(sc, 82, 0x62); 3923 run_bbp_write(sc, 75, 0x46); 3924 } 3925 } else { 3926 if (sc->mac_ver == 0x5592) { 3927 run_bbp_write(sc, 79, 0x1c); 3928 run_bbp_write(sc, 80, 0x0e); 3929 run_bbp_write(sc, 81, 0x3a); 3930 run_bbp_write(sc, 82, 0x62); 3931 3932 run_bbp_write(sc, 195, 0x80); 3933 run_bbp_write(sc, 196, 0xe0); 3934 run_bbp_write(sc, 195, 0x81); 3935 run_bbp_write(sc, 196, 0x1f); 3936 run_bbp_write(sc, 195, 0x82); 3937 run_bbp_write(sc, 196, 0x38); 3938 run_bbp_write(sc, 195, 0x83); 3939 run_bbp_write(sc, 196, 0x32); 3940 run_bbp_write(sc, 195, 0x85); 3941 run_bbp_write(sc, 196, 0x28); 3942 run_bbp_write(sc, 195, 0x86); 3943 run_bbp_write(sc, 196, 0x19); 3944 } else if (sc->mac_ver >= 0x5390) 3945 run_bbp_write(sc, 75, 0x50); 3946 else { 3947 run_bbp_write(sc, 82, 3948 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3949 run_bbp_write(sc, 75, 0x50); 3950 } 3951 } 3952 } else { 3953 if (sc->mac_ver == 0x5592) { 3954 run_bbp_write(sc, 79, 0x18); 3955 run_bbp_write(sc, 80, 0x08); 3956 run_bbp_write(sc, 81, 0x38); 3957 run_bbp_write(sc, 82, 0x92); 3958 3959 run_bbp_write(sc, 195, 0x80); 3960 run_bbp_write(sc, 196, 0xf0); 3961 run_bbp_write(sc, 195, 0x81); 3962 run_bbp_write(sc, 196, 0x1e); 3963 run_bbp_write(sc, 195, 0x82); 3964 run_bbp_write(sc, 196, 0x28); 3965 run_bbp_write(sc, 195, 0x83); 3966 run_bbp_write(sc, 196, 0x20); 3967 run_bbp_write(sc, 195, 0x85); 3968 run_bbp_write(sc, 196, 0x7f); 3969 run_bbp_write(sc, 195, 0x86); 3970 run_bbp_write(sc, 196, 0x7f); 3971 } else if (sc->mac_ver == 0x3572) 3972 run_bbp_write(sc, 82, 0x94); 3973 else 3974 run_bbp_write(sc, 82, 3975 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3976 if (sc->ext_5ghz_lna) 3977 run_bbp_write(sc, 75, 0x46); 3978 else 3979 run_bbp_write(sc, 75, 0x50); 3980 } 3981 3982 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3983 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3984 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3985 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3986 3987 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3988 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3989 if (sc->mac_ver == 0x3593) 3990 tmp |= 1 << 29 | 1 << 28; 3991 if (sc->nrxchains > 1) 3992 tmp |= RT2860_LNA_PE1_EN; 3993 if (group == 0) { /* 2GHz */ 3994 tmp |= RT2860_PA_PE_G0_EN; 3995 if (sc->ntxchains > 1) 3996 tmp |= RT2860_PA_PE_G1_EN; 3997 if (sc->mac_ver == 0x3593) { 3998 if (sc->ntxchains > 2) 3999 tmp |= 1 << 25; 4000 } 4001 } else { /* 5GHz */ 4002 tmp |= RT2860_PA_PE_A0_EN; 4003 if (sc->ntxchains > 1) 4004 tmp |= RT2860_PA_PE_A1_EN; 4005 } 4006 if (sc->mac_ver == 0x3572) { 4007 run_rt3070_rf_write(sc, 8, 0x00); 4008 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4009 run_rt3070_rf_write(sc, 8, 0x80); 4010 } else 4011 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4012 4013 if (sc->mac_ver == 0x5592) { 4014 run_bbp_write(sc, 195, 0x8d); 4015 run_bbp_write(sc, 196, 0x1a); 4016 } 4017 4018 if (sc->mac_ver == 0x3593) { 4019 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4020 tmp &= ~0x01010000; 4021 if (group == 0) 4022 tmp |= 0x00010000; 4023 tmp = (tmp & ~0x00009090) | 0x00000090; 4024 run_write(sc, RT2860_GPIO_CTRL, tmp); 4025 } 4026 4027 /* set initial AGC value */ 4028 if (group == 0) { /* 2GHz band */ 4029 if (sc->mac_ver >= 0x3070) 4030 agc = 0x1c + sc->lna[0] * 2; 4031 else 4032 agc = 0x2e + sc->lna[0]; 4033 } else { /* 5GHz band */ 4034 if (sc->mac_ver == 0x5592) 4035 agc = 0x24 + sc->lna[group] * 2; 4036 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4037 agc = 0x22 + (sc->lna[group] * 5) / 3; 4038 else 4039 agc = 0x32 + (sc->lna[group] * 5) / 3; 4040 } 4041 run_set_agc(sc, agc); 4042} 4043 4044static void 4045run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4046{ 4047 const struct rfprog *rfprog = rt2860_rf2850; 4048 uint32_t r2, r3, r4; 4049 int8_t txpow1, txpow2; 4050 int i; 4051 4052 /* find the settings for this channel (we know it exists) */ 4053 for (i = 0; rfprog[i].chan != chan; i++); 4054 4055 r2 = rfprog[i].r2; 4056 if (sc->ntxchains == 1) 4057 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4058 if (sc->nrxchains == 1) 4059 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4060 else if (sc->nrxchains == 2) 4061 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4062 4063 /* use Tx power values from EEPROM */ 4064 txpow1 = sc->txpow1[i]; 4065 txpow2 = sc->txpow2[i]; 4066 4067 /* Initialize RF R3 and R4. */ 4068 r3 = rfprog[i].r3 & 0xffffc1ff; 4069 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4070 if (chan > 14) { 4071 if (txpow1 >= 0) { 4072 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4073 r3 |= (txpow1 << 10) | (1 << 9); 4074 } else { 4075 txpow1 += 7; 4076 4077 /* txpow1 is not possible larger than 15. */ 4078 r3 |= (txpow1 << 10); 4079 } 4080 if (txpow2 >= 0) { 4081 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4082 r4 |= (txpow2 << 7) | (1 << 6); 4083 } else { 4084 txpow2 += 7; 4085 r4 |= (txpow2 << 7); 4086 } 4087 } else { 4088 /* Set Tx0 power. */ 4089 r3 |= (txpow1 << 9); 4090 4091 /* Set frequency offset and Tx1 power. */ 4092 r4 |= (txpow2 << 6); 4093 } 4094 4095 run_rt2870_rf_write(sc, rfprog[i].r1); 4096 run_rt2870_rf_write(sc, r2); 4097 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4098 run_rt2870_rf_write(sc, r4); 4099 4100 run_delay(sc, 10); 4101 4102 run_rt2870_rf_write(sc, rfprog[i].r1); 4103 run_rt2870_rf_write(sc, r2); 4104 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4105 run_rt2870_rf_write(sc, r4); 4106 4107 run_delay(sc, 10); 4108 4109 run_rt2870_rf_write(sc, rfprog[i].r1); 4110 run_rt2870_rf_write(sc, r2); 4111 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4112 run_rt2870_rf_write(sc, r4); 4113} 4114 4115static void 4116run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4117{ 4118 int8_t txpow1, txpow2; 4119 uint8_t rf; 4120 int i; 4121 4122 /* find the settings for this channel (we know it exists) */ 4123 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4124 4125 /* use Tx power values from EEPROM */ 4126 txpow1 = sc->txpow1[i]; 4127 txpow2 = sc->txpow2[i]; 4128 4129 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4130 4131 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4132 run_rt3070_rf_read(sc, 3, &rf); 4133 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4134 run_rt3070_rf_write(sc, 3, rf); 4135 4136 run_rt3070_rf_read(sc, 6, &rf); 4137 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4138 run_rt3070_rf_write(sc, 6, rf); 4139 4140 /* set Tx0 power */ 4141 run_rt3070_rf_read(sc, 12, &rf); 4142 rf = (rf & ~0x1f) | txpow1; 4143 run_rt3070_rf_write(sc, 12, rf); 4144 4145 /* set Tx1 power */ 4146 run_rt3070_rf_read(sc, 13, &rf); 4147 rf = (rf & ~0x1f) | txpow2; 4148 run_rt3070_rf_write(sc, 13, rf); 4149 4150 run_rt3070_rf_read(sc, 1, &rf); 4151 rf &= ~0xfc; 4152 if (sc->ntxchains == 1) 4153 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4154 else if (sc->ntxchains == 2) 4155 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4156 if (sc->nrxchains == 1) 4157 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4158 else if (sc->nrxchains == 2) 4159 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4160 run_rt3070_rf_write(sc, 1, rf); 4161 4162 /* set RF offset */ 4163 run_rt3070_rf_read(sc, 23, &rf); 4164 rf = (rf & ~0x7f) | sc->freq; 4165 run_rt3070_rf_write(sc, 23, rf); 4166 4167 /* program RF filter */ 4168 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4169 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4170 run_rt3070_rf_write(sc, 24, rf); 4171 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4172 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4173 run_rt3070_rf_write(sc, 31, rf); 4174 4175 /* enable RF tuning */ 4176 run_rt3070_rf_read(sc, 7, &rf); 4177 run_rt3070_rf_write(sc, 7, rf | 0x01); 4178} 4179 4180static void 4181run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4182{ 4183 int8_t txpow1, txpow2; 4184 uint32_t tmp; 4185 uint8_t rf; 4186 int i; 4187 4188 /* find the settings for this channel (we know it exists) */ 4189 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4190 4191 /* use Tx power values from EEPROM */ 4192 txpow1 = sc->txpow1[i]; 4193 txpow2 = sc->txpow2[i]; 4194 4195 if (chan <= 14) { 4196 run_bbp_write(sc, 25, sc->bbp25); 4197 run_bbp_write(sc, 26, sc->bbp26); 4198 } else { 4199 /* enable IQ phase correction */ 4200 run_bbp_write(sc, 25, 0x09); 4201 run_bbp_write(sc, 26, 0xff); 4202 } 4203 4204 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4205 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4206 run_rt3070_rf_read(sc, 6, &rf); 4207 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4208 rf |= (chan <= 14) ? 0x08 : 0x04; 4209 run_rt3070_rf_write(sc, 6, rf); 4210 4211 /* set PLL mode */ 4212 run_rt3070_rf_read(sc, 5, &rf); 4213 rf &= ~(0x08 | 0x04); 4214 rf |= (chan <= 14) ? 0x04 : 0x08; 4215 run_rt3070_rf_write(sc, 5, rf); 4216 4217 /* set Tx power for chain 0 */ 4218 if (chan <= 14) 4219 rf = 0x60 | txpow1; 4220 else 4221 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4222 run_rt3070_rf_write(sc, 12, rf); 4223 4224 /* set Tx power for chain 1 */ 4225 if (chan <= 14) 4226 rf = 0x60 | txpow2; 4227 else 4228 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4229 run_rt3070_rf_write(sc, 13, rf); 4230 4231 /* set Tx/Rx streams */ 4232 run_rt3070_rf_read(sc, 1, &rf); 4233 rf &= ~0xfc; 4234 if (sc->ntxchains == 1) 4235 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4236 else if (sc->ntxchains == 2) 4237 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4238 if (sc->nrxchains == 1) 4239 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4240 else if (sc->nrxchains == 2) 4241 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4242 run_rt3070_rf_write(sc, 1, rf); 4243 4244 /* set RF offset */ 4245 run_rt3070_rf_read(sc, 23, &rf); 4246 rf = (rf & ~0x7f) | sc->freq; 4247 run_rt3070_rf_write(sc, 23, rf); 4248 4249 /* program RF filter */ 4250 rf = sc->rf24_20mhz; 4251 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4252 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4253 4254 /* enable RF tuning */ 4255 run_rt3070_rf_read(sc, 7, &rf); 4256 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4257 run_rt3070_rf_write(sc, 7, rf); 4258 4259 /* TSSI */ 4260 rf = (chan <= 14) ? 0xc3 : 0xc0; 4261 run_rt3070_rf_write(sc, 9, rf); 4262 4263 /* set loop filter 1 */ 4264 run_rt3070_rf_write(sc, 10, 0xf1); 4265 /* set loop filter 2 */ 4266 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4267 4268 /* set tx_mx2_ic */ 4269 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4270 /* set tx_mx1_ic */ 4271 if (chan <= 14) 4272 rf = 0x48 | sc->txmixgain_2ghz; 4273 else 4274 rf = 0x78 | sc->txmixgain_5ghz; 4275 run_rt3070_rf_write(sc, 16, rf); 4276 4277 /* set tx_lo1 */ 4278 run_rt3070_rf_write(sc, 17, 0x23); 4279 /* set tx_lo2 */ 4280 if (chan <= 14) 4281 rf = 0x93; 4282 else if (chan <= 64) 4283 rf = 0xb7; 4284 else if (chan <= 128) 4285 rf = 0x74; 4286 else 4287 rf = 0x72; 4288 run_rt3070_rf_write(sc, 19, rf); 4289 4290 /* set rx_lo1 */ 4291 if (chan <= 14) 4292 rf = 0xb3; 4293 else if (chan <= 64) 4294 rf = 0xf6; 4295 else if (chan <= 128) 4296 rf = 0xf4; 4297 else 4298 rf = 0xf3; 4299 run_rt3070_rf_write(sc, 20, rf); 4300 4301 /* set pfd_delay */ 4302 if (chan <= 14) 4303 rf = 0x15; 4304 else if (chan <= 64) 4305 rf = 0x3d; 4306 else 4307 rf = 0x01; 4308 run_rt3070_rf_write(sc, 25, rf); 4309 4310 /* set rx_lo2 */ 4311 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4312 /* set ldo_rf_vc */ 4313 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4314 /* set drv_cc */ 4315 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4316 4317 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4318 tmp &= ~0x8080; 4319 if (chan <= 14) 4320 tmp |= 0x80; 4321 run_write(sc, RT2860_GPIO_CTRL, tmp); 4322 4323 /* enable RF tuning */ 4324 run_rt3070_rf_read(sc, 7, &rf); 4325 run_rt3070_rf_write(sc, 7, rf | 0x01); 4326 4327 run_delay(sc, 2); 4328} 4329 4330static void 4331run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4332{ 4333 int8_t txpow1, txpow2, txpow3; 4334 uint8_t h20mhz, rf; 4335 int i; 4336 4337 /* find the settings for this channel (we know it exists) */ 4338 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4339 4340 /* use Tx power values from EEPROM */ 4341 txpow1 = sc->txpow1[i]; 4342 txpow2 = sc->txpow2[i]; 4343 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4344 4345 if (chan <= 14) { 4346 run_bbp_write(sc, 25, sc->bbp25); 4347 run_bbp_write(sc, 26, sc->bbp26); 4348 } else { 4349 /* Enable IQ phase correction. */ 4350 run_bbp_write(sc, 25, 0x09); 4351 run_bbp_write(sc, 26, 0xff); 4352 } 4353 4354 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4355 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4356 run_rt3070_rf_read(sc, 11, &rf); 4357 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4358 run_rt3070_rf_write(sc, 11, rf); 4359 4360 /* Set pll_idoh. */ 4361 run_rt3070_rf_read(sc, 11, &rf); 4362 rf &= ~0x4c; 4363 rf |= (chan <= 14) ? 0x44 : 0x48; 4364 run_rt3070_rf_write(sc, 11, rf); 4365 4366 if (chan <= 14) 4367 rf = txpow1 & 0x1f; 4368 else 4369 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4370 run_rt3070_rf_write(sc, 53, rf); 4371 4372 if (chan <= 14) 4373 rf = txpow2 & 0x1f; 4374 else 4375 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4376 run_rt3070_rf_write(sc, 55, rf); 4377 4378 if (chan <= 14) 4379 rf = txpow3 & 0x1f; 4380 else 4381 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4382 run_rt3070_rf_write(sc, 54, rf); 4383 4384 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4385 if (sc->ntxchains == 3) 4386 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4387 else 4388 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4389 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4390 run_rt3070_rf_write(sc, 1, rf); 4391 4392 run_adjust_freq_offset(sc); 4393 4394 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4395 4396 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4397 run_rt3070_rf_read(sc, 30, &rf); 4398 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4399 run_rt3070_rf_write(sc, 30, rf); 4400 4401 run_rt3070_rf_read(sc, 36, &rf); 4402 if (chan <= 14) 4403 rf |= 0x80; 4404 else 4405 rf &= ~0x80; 4406 run_rt3070_rf_write(sc, 36, rf); 4407 4408 /* Set vcolo_bs. */ 4409 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4410 /* Set pfd_delay. */ 4411 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4412 4413 /* Set vco bias current control. */ 4414 run_rt3070_rf_read(sc, 6, &rf); 4415 rf &= ~0xc0; 4416 if (chan <= 14) 4417 rf |= 0x40; 4418 else if (chan <= 128) 4419 rf |= 0x80; 4420 else 4421 rf |= 0x40; 4422 run_rt3070_rf_write(sc, 6, rf); 4423 4424 run_rt3070_rf_read(sc, 30, &rf); 4425 rf = (rf & ~0x18) | 0x10; 4426 run_rt3070_rf_write(sc, 30, rf); 4427 4428 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4429 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4430 4431 run_rt3070_rf_read(sc, 51, &rf); 4432 rf = (rf & ~0x03) | 0x01; 4433 run_rt3070_rf_write(sc, 51, rf); 4434 /* Set tx_mx1_cc. */ 4435 run_rt3070_rf_read(sc, 51, &rf); 4436 rf &= ~0x1c; 4437 rf |= (chan <= 14) ? 0x14 : 0x10; 4438 run_rt3070_rf_write(sc, 51, rf); 4439 /* Set tx_mx1_ic. */ 4440 run_rt3070_rf_read(sc, 51, &rf); 4441 rf &= ~0xe0; 4442 rf |= (chan <= 14) ? 0x60 : 0x40; 4443 run_rt3070_rf_write(sc, 51, rf); 4444 /* Set tx_lo1_ic. */ 4445 run_rt3070_rf_read(sc, 49, &rf); 4446 rf &= ~0x1c; 4447 rf |= (chan <= 14) ? 0x0c : 0x08; 4448 run_rt3070_rf_write(sc, 49, rf); 4449 /* Set tx_lo1_en. */ 4450 run_rt3070_rf_read(sc, 50, &rf); 4451 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4452 /* Set drv_cc. */ 4453 run_rt3070_rf_read(sc, 57, &rf); 4454 rf &= ~0xfc; 4455 rf |= (chan <= 14) ? 0x6c : 0x3c; 4456 run_rt3070_rf_write(sc, 57, rf); 4457 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4458 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4459 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4460 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4461 /* Enable VCO calibration. */ 4462 run_rt3070_rf_read(sc, 3, &rf); 4463 rf &= ~RT5390_VCOCAL; 4464 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4465 run_rt3070_rf_write(sc, 3, rf); 4466 4467 if (chan <= 14) 4468 rf = 0x23; 4469 else if (chan <= 64) 4470 rf = 0x36; 4471 else if (chan <= 128) 4472 rf = 0x32; 4473 else 4474 rf = 0x30; 4475 run_rt3070_rf_write(sc, 39, rf); 4476 if (chan <= 14) 4477 rf = 0xbb; 4478 else if (chan <= 64) 4479 rf = 0xeb; 4480 else if (chan <= 128) 4481 rf = 0xb3; 4482 else 4483 rf = 0x9b; 4484 run_rt3070_rf_write(sc, 45, rf); 4485 4486 /* Set FEQ/AEQ control. */ 4487 run_bbp_write(sc, 105, 0x34); 4488} 4489 4490static void 4491run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4492{ 4493 int8_t txpow1, txpow2; 4494 uint8_t rf; 4495 int i; 4496 4497 /* find the settings for this channel (we know it exists) */ 4498 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4499 4500 /* use Tx power values from EEPROM */ 4501 txpow1 = sc->txpow1[i]; 4502 txpow2 = sc->txpow2[i]; 4503 4504 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4505 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4506 run_rt3070_rf_read(sc, 11, &rf); 4507 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4508 run_rt3070_rf_write(sc, 11, rf); 4509 4510 run_rt3070_rf_read(sc, 49, &rf); 4511 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4512 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4513 if ((rf & 0x3f) > 0x27) 4514 rf = (rf & ~0x3f) | 0x27; 4515 run_rt3070_rf_write(sc, 49, rf); 4516 4517 if (sc->mac_ver == 0x5392) { 4518 run_rt3070_rf_read(sc, 50, &rf); 4519 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4520 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4521 if ((rf & 0x3f) > 0x27) 4522 rf = (rf & ~0x3f) | 0x27; 4523 run_rt3070_rf_write(sc, 50, rf); 4524 } 4525 4526 run_rt3070_rf_read(sc, 1, &rf); 4527 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4528 if (sc->mac_ver == 0x5392) 4529 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4530 run_rt3070_rf_write(sc, 1, rf); 4531 4532 if (sc->mac_ver != 0x5392) { 4533 run_rt3070_rf_read(sc, 2, &rf); 4534 rf |= 0x80; 4535 run_rt3070_rf_write(sc, 2, rf); 4536 run_delay(sc, 10); 4537 rf &= 0x7f; 4538 run_rt3070_rf_write(sc, 2, rf); 4539 } 4540 4541 run_adjust_freq_offset(sc); 4542 4543 if (sc->mac_ver == 0x5392) { 4544 /* Fix for RT5392C. */ 4545 if (sc->mac_rev >= 0x0223) { 4546 if (chan <= 4) 4547 rf = 0x0f; 4548 else if (chan >= 5 && chan <= 7) 4549 rf = 0x0e; 4550 else 4551 rf = 0x0d; 4552 run_rt3070_rf_write(sc, 23, rf); 4553 4554 if (chan <= 4) 4555 rf = 0x0c; 4556 else if (chan == 5) 4557 rf = 0x0b; 4558 else if (chan >= 6 && chan <= 7) 4559 rf = 0x0a; 4560 else if (chan >= 8 && chan <= 10) 4561 rf = 0x09; 4562 else 4563 rf = 0x08; 4564 run_rt3070_rf_write(sc, 59, rf); 4565 } else { 4566 if (chan <= 11) 4567 rf = 0x0f; 4568 else 4569 rf = 0x0b; 4570 run_rt3070_rf_write(sc, 59, rf); 4571 } 4572 } else { 4573 /* Fix for RT5390F. */ 4574 if (sc->mac_rev >= 0x0502) { 4575 if (chan <= 11) 4576 rf = 0x43; 4577 else 4578 rf = 0x23; 4579 run_rt3070_rf_write(sc, 55, rf); 4580 4581 if (chan <= 11) 4582 rf = 0x0f; 4583 else if (chan == 12) 4584 rf = 0x0d; 4585 else 4586 rf = 0x0b; 4587 run_rt3070_rf_write(sc, 59, rf); 4588 } else { 4589 run_rt3070_rf_write(sc, 55, 0x44); 4590 run_rt3070_rf_write(sc, 59, 0x8f); 4591 } 4592 } 4593 4594 /* Enable VCO calibration. */ 4595 run_rt3070_rf_read(sc, 3, &rf); 4596 rf |= RT5390_VCOCAL; 4597 run_rt3070_rf_write(sc, 3, rf); 4598} 4599 4600static void 4601run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4602{ 4603 const struct rt5592_freqs *freqs; 4604 uint32_t tmp; 4605 uint8_t reg, rf, txpow_bound; 4606 int8_t txpow1, txpow2; 4607 int i; 4608 4609 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4610 freqs = (tmp & RT5592_SEL_XTAL) ? 4611 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4612 4613 /* find the settings for this channel (we know it exists) */ 4614 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4615 4616 /* use Tx power values from EEPROM */ 4617 txpow1 = sc->txpow1[i]; 4618 txpow2 = sc->txpow2[i]; 4619 4620 run_read(sc, RT3070_LDO_CFG0, &tmp); 4621 tmp &= ~0x1c000000; 4622 if (chan > 14) 4623 tmp |= 0x14000000; 4624 run_write(sc, RT3070_LDO_CFG0, tmp); 4625 4626 /* N setting. */ 4627 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4628 run_rt3070_rf_read(sc, 9, &rf); 4629 rf &= ~(1 << 4); 4630 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4631 run_rt3070_rf_write(sc, 9, rf); 4632 4633 /* K setting. */ 4634 run_rt3070_rf_read(sc, 9, &rf); 4635 rf &= ~0x0f; 4636 rf |= (freqs->k & 0x0f); 4637 run_rt3070_rf_write(sc, 9, rf); 4638 4639 /* Mode setting. */ 4640 run_rt3070_rf_read(sc, 11, &rf); 4641 rf &= ~0x0c; 4642 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4643 run_rt3070_rf_write(sc, 11, rf); 4644 run_rt3070_rf_read(sc, 9, &rf); 4645 rf &= ~(1 << 7); 4646 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4647 run_rt3070_rf_write(sc, 9, rf); 4648 4649 /* R setting. */ 4650 run_rt3070_rf_read(sc, 11, &rf); 4651 rf &= ~0x03; 4652 rf |= (freqs->r - 0x1); 4653 run_rt3070_rf_write(sc, 11, rf); 4654 4655 if (chan <= 14) { 4656 /* Initialize RF registers for 2GHZ. */ 4657 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4658 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4659 rt5592_2ghz_def_rf[i].val); 4660 } 4661 4662 rf = (chan <= 10) ? 0x07 : 0x06; 4663 run_rt3070_rf_write(sc, 23, rf); 4664 run_rt3070_rf_write(sc, 59, rf); 4665 4666 run_rt3070_rf_write(sc, 55, 0x43); 4667 4668 /* 4669 * RF R49/R50 Tx power ALC code. 4670 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4671 */ 4672 reg = 2; 4673 txpow_bound = 0x27; 4674 } else { 4675 /* Initialize RF registers for 5GHZ. */ 4676 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4677 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4678 rt5592_5ghz_def_rf[i].val); 4679 } 4680 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4681 if (chan >= rt5592_chan_5ghz[i].firstchan && 4682 chan <= rt5592_chan_5ghz[i].lastchan) { 4683 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4684 rt5592_chan_5ghz[i].val); 4685 } 4686 } 4687 4688 /* 4689 * RF R49/R50 Tx power ALC code. 4690 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4691 */ 4692 reg = 3; 4693 txpow_bound = 0x2b; 4694 } 4695 4696 /* RF R49 ch0 Tx power ALC code. */ 4697 run_rt3070_rf_read(sc, 49, &rf); 4698 rf &= ~0xc0; 4699 rf |= (reg << 6); 4700 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4701 if ((rf & 0x3f) > txpow_bound) 4702 rf = (rf & ~0x3f) | txpow_bound; 4703 run_rt3070_rf_write(sc, 49, rf); 4704 4705 /* RF R50 ch1 Tx power ALC code. */ 4706 run_rt3070_rf_read(sc, 50, &rf); 4707 rf &= ~(1 << 7 | 1 << 6); 4708 rf |= (reg << 6); 4709 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4710 if ((rf & 0x3f) > txpow_bound) 4711 rf = (rf & ~0x3f) | txpow_bound; 4712 run_rt3070_rf_write(sc, 50, rf); 4713 4714 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4715 run_rt3070_rf_read(sc, 1, &rf); 4716 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4717 if (sc->ntxchains > 1) 4718 rf |= RT3070_TX1_PD; 4719 if (sc->nrxchains > 1) 4720 rf |= RT3070_RX1_PD; 4721 run_rt3070_rf_write(sc, 1, rf); 4722 4723 run_rt3070_rf_write(sc, 6, 0xe4); 4724 4725 run_rt3070_rf_write(sc, 30, 0x10); 4726 run_rt3070_rf_write(sc, 31, 0x80); 4727 run_rt3070_rf_write(sc, 32, 0x80); 4728 4729 run_adjust_freq_offset(sc); 4730 4731 /* Enable VCO calibration. */ 4732 run_rt3070_rf_read(sc, 3, &rf); 4733 rf |= RT5390_VCOCAL; 4734 run_rt3070_rf_write(sc, 3, rf); 4735} 4736 4737static void 4738run_set_rx_antenna(struct run_softc *sc, int aux) 4739{ 4740 uint32_t tmp; 4741 uint8_t bbp152; 4742 4743 if (aux) { 4744 if (sc->rf_rev == RT5390_RF_5370) { 4745 run_bbp_read(sc, 152, &bbp152); 4746 run_bbp_write(sc, 152, bbp152 & ~0x80); 4747 } else { 4748 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4749 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4750 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4751 } 4752 } else { 4753 if (sc->rf_rev == RT5390_RF_5370) { 4754 run_bbp_read(sc, 152, &bbp152); 4755 run_bbp_write(sc, 152, bbp152 | 0x80); 4756 } else { 4757 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4758 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4759 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4760 } 4761 } 4762} 4763 4764static int 4765run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4766{ 4767 struct ieee80211com *ic = &sc->sc_ic; 4768 u_int chan, group; 4769 4770 chan = ieee80211_chan2ieee(ic, c); 4771 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4772 return (EINVAL); 4773 4774 if (sc->mac_ver == 0x5592) 4775 run_rt5592_set_chan(sc, chan); 4776 else if (sc->mac_ver >= 0x5390) 4777 run_rt5390_set_chan(sc, chan); 4778 else if (sc->mac_ver == 0x3593) 4779 run_rt3593_set_chan(sc, chan); 4780 else if (sc->mac_ver == 0x3572) 4781 run_rt3572_set_chan(sc, chan); 4782 else if (sc->mac_ver >= 0x3070) 4783 run_rt3070_set_chan(sc, chan); 4784 else 4785 run_rt2870_set_chan(sc, chan); 4786 4787 /* determine channel group */ 4788 if (chan <= 14) 4789 group = 0; 4790 else if (chan <= 64) 4791 group = 1; 4792 else if (chan <= 128) 4793 group = 2; 4794 else 4795 group = 3; 4796 4797 /* XXX necessary only when group has changed! */ 4798 run_select_chan_group(sc, group); 4799 4800 run_delay(sc, 10); 4801 4802 /* Perform IQ calibration. */ 4803 if (sc->mac_ver >= 0x5392) 4804 run_iq_calib(sc, chan); 4805 4806 return (0); 4807} 4808 4809static void 4810run_set_channel(struct ieee80211com *ic) 4811{ 4812 struct run_softc *sc = ic->ic_softc; 4813 4814 RUN_LOCK(sc); 4815 run_set_chan(sc, ic->ic_curchan); 4816 RUN_UNLOCK(sc); 4817 4818 return; 4819} 4820 4821static void 4822run_scan_start(struct ieee80211com *ic) 4823{ 4824 struct run_softc *sc = ic->ic_softc; 4825 uint32_t tmp; 4826 4827 RUN_LOCK(sc); 4828 4829 /* abort TSF synchronization */ 4830 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4831 run_write(sc, RT2860_BCN_TIME_CFG, 4832 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4833 RT2860_TBTT_TIMER_EN)); 4834 run_set_bssid(sc, ieee80211broadcastaddr); 4835 4836 RUN_UNLOCK(sc); 4837 4838 return; 4839} 4840 4841static void 4842run_scan_end(struct ieee80211com *ic) 4843{ 4844 struct run_softc *sc = ic->ic_softc; 4845 4846 RUN_LOCK(sc); 4847 4848 run_enable_tsf_sync(sc); 4849 /* XXX keep local copy */ 4850 run_set_bssid(sc, ic->ic_macaddr); 4851 4852 RUN_UNLOCK(sc); 4853 4854 return; 4855} 4856 4857/* 4858 * Could be called from ieee80211_node_timeout() 4859 * (non-sleepable thread) 4860 */ 4861static void 4862run_update_beacon(struct ieee80211vap *vap, int item) 4863{ 4864 struct ieee80211com *ic = vap->iv_ic; 4865 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4866 struct ieee80211_node *ni = vap->iv_bss; 4867 struct run_softc *sc = ic->ic_softc; 4868 struct run_vap *rvp = RUN_VAP(vap); 4869 int mcast = 0; 4870 uint32_t i; 4871 4872 switch (item) { 4873 case IEEE80211_BEACON_ERP: 4874 run_updateslot(ic); 4875 break; 4876 case IEEE80211_BEACON_HTINFO: 4877 run_updateprot(ic); 4878 break; 4879 case IEEE80211_BEACON_TIM: 4880 mcast = 1; /*TODO*/ 4881 break; 4882 default: 4883 break; 4884 } 4885 4886 setbit(bo->bo_flags, item); 4887 if (rvp->beacon_mbuf == NULL) { 4888 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4889 if (rvp->beacon_mbuf == NULL) 4890 return; 4891 } 4892 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4893 4894 i = RUN_CMDQ_GET(&sc->cmdq_store); 4895 DPRINTF("cmdq_store=%d\n", i); 4896 sc->cmdq[i].func = run_update_beacon_cb; 4897 sc->cmdq[i].arg0 = vap; 4898 ieee80211_runtask(ic, &sc->cmdq_task); 4899 4900 return; 4901} 4902 4903static void 4904run_update_beacon_cb(void *arg) 4905{ 4906 struct ieee80211vap *vap = arg; 4907 struct ieee80211_node *ni = vap->iv_bss; 4908 struct run_vap *rvp = RUN_VAP(vap); 4909 struct ieee80211com *ic = vap->iv_ic; 4910 struct run_softc *sc = ic->ic_softc; 4911 struct rt2860_txwi txwi; 4912 struct mbuf *m; 4913 uint16_t txwisize; 4914 uint8_t ridx; 4915 4916 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4917 return; 4918 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4919 return; 4920 4921 /* 4922 * No need to call ieee80211_beacon_update(), run_update_beacon() 4923 * is taking care of apropriate calls. 4924 */ 4925 if (rvp->beacon_mbuf == NULL) { 4926 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4927 if (rvp->beacon_mbuf == NULL) 4928 return; 4929 } 4930 m = rvp->beacon_mbuf; 4931 4932 memset(&txwi, 0, sizeof(txwi)); 4933 txwi.wcid = 0xff; 4934 txwi.len = htole16(m->m_pkthdr.len); 4935 4936 /* send beacons at the lowest available rate */ 4937 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4938 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4939 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4940 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4941 txwi.phy |= htole16(RT2860_PHY_OFDM); 4942 txwi.txop = RT2860_TX_TXOP_HT; 4943 txwi.flags = RT2860_TX_TS; 4944 txwi.xflags = RT2860_TX_NSEQ; 4945 4946 txwisize = (sc->mac_ver == 0x5592) ? 4947 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4948 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4949 txwisize); 4950 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4951 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4952} 4953 4954static void 4955run_updateprot(struct ieee80211com *ic) 4956{ 4957 struct run_softc *sc = ic->ic_softc; 4958 uint32_t i; 4959 4960 i = RUN_CMDQ_GET(&sc->cmdq_store); 4961 DPRINTF("cmdq_store=%d\n", i); 4962 sc->cmdq[i].func = run_updateprot_cb; 4963 sc->cmdq[i].arg0 = ic; 4964 ieee80211_runtask(ic, &sc->cmdq_task); 4965} 4966 4967static void 4968run_updateprot_cb(void *arg) 4969{ 4970 struct ieee80211com *ic = arg; 4971 struct run_softc *sc = ic->ic_softc; 4972 uint32_t tmp; 4973 4974 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4975 /* setup protection frame rate (MCS code) */ 4976 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4977 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4978 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4979 4980 /* CCK frames don't require protection */ 4981 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4982 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4983 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4984 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4985 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4986 tmp |= RT2860_PROT_CTRL_CTS; 4987 } 4988 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4989} 4990 4991static void 4992run_usb_timeout_cb(void *arg) 4993{ 4994 struct ieee80211vap *vap = arg; 4995 struct run_softc *sc = vap->iv_ic->ic_softc; 4996 4997 RUN_LOCK_ASSERT(sc, MA_OWNED); 4998 4999 if(vap->iv_state == IEEE80211_S_RUN && 5000 vap->iv_opmode != IEEE80211_M_STA) 5001 run_reset_livelock(sc); 5002 else if (vap->iv_state == IEEE80211_S_SCAN) { 5003 DPRINTF("timeout caused by scan\n"); 5004 /* cancel bgscan */ 5005 ieee80211_cancel_scan(vap); 5006 } else 5007 DPRINTF("timeout by unknown cause\n"); 5008} 5009 5010static void 5011run_reset_livelock(struct run_softc *sc) 5012{ 5013 uint32_t tmp; 5014 5015 RUN_LOCK_ASSERT(sc, MA_OWNED); 5016 5017 /* 5018 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5019 * can run into a livelock and start sending CTS-to-self frames like 5020 * crazy if protection is enabled. Reset MAC/BBP for a while 5021 */ 5022 run_read(sc, RT2860_DEBUG, &tmp); 5023 DPRINTFN(3, "debug reg %08x\n", tmp); 5024 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5025 DPRINTF("CTS-to-self livelock detected\n"); 5026 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5027 run_delay(sc, 1); 5028 run_write(sc, RT2860_MAC_SYS_CTRL, 5029 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5030 } 5031} 5032 5033static void 5034run_update_promisc_locked(struct run_softc *sc) 5035{ 5036 uint32_t tmp; 5037 5038 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5039 5040 tmp |= RT2860_DROP_UC_NOME; 5041 if (sc->sc_ic.ic_promisc > 0) 5042 tmp &= ~RT2860_DROP_UC_NOME; 5043 5044 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5045 5046 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5047 "entering" : "leaving"); 5048} 5049 5050static void 5051run_update_promisc(struct ieee80211com *ic) 5052{ 5053 struct run_softc *sc = ic->ic_softc; 5054 5055 if ((sc->sc_flags & RUN_RUNNING) == 0) 5056 return; 5057 5058 RUN_LOCK(sc); 5059 run_update_promisc_locked(sc); 5060 RUN_UNLOCK(sc); 5061} 5062 5063static void 5064run_enable_tsf_sync(struct run_softc *sc) 5065{ 5066 struct ieee80211com *ic = &sc->sc_ic; 5067 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5068 uint32_t tmp; 5069 5070 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5071 ic->ic_opmode); 5072 5073 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5074 tmp &= ~0x1fffff; 5075 tmp |= vap->iv_bss->ni_intval * 16; 5076 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5077 5078 if (ic->ic_opmode == IEEE80211_M_STA) { 5079 /* 5080 * Local TSF is always updated with remote TSF on beacon 5081 * reception. 5082 */ 5083 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5084 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5085 tmp |= RT2860_BCN_TX_EN; 5086 /* 5087 * Local TSF is updated with remote TSF on beacon reception 5088 * only if the remote TSF is greater than local TSF. 5089 */ 5090 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5091 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5092 ic->ic_opmode == IEEE80211_M_MBSS) { 5093 tmp |= RT2860_BCN_TX_EN; 5094 /* SYNC with nobody */ 5095 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5096 } else { 5097 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5098 return; 5099 } 5100 5101 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5102} 5103 5104static void 5105run_enable_tsf(struct run_softc *sc) 5106{ 5107 uint32_t tmp; 5108 5109 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5110 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5111 tmp |= RT2860_TSF_TIMER_EN; 5112 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5113 } 5114} 5115 5116static void 5117run_get_tsf(struct run_softc *sc, uint64_t *buf) 5118{ 5119 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5120 sizeof(*buf)); 5121} 5122 5123static void 5124run_enable_mrr(struct run_softc *sc) 5125{ 5126#define CCK(mcs) (mcs) 5127#define OFDM(mcs) (1 << 3 | (mcs)) 5128 run_write(sc, RT2860_LG_FBK_CFG0, 5129 OFDM(6) << 28 | /* 54->48 */ 5130 OFDM(5) << 24 | /* 48->36 */ 5131 OFDM(4) << 20 | /* 36->24 */ 5132 OFDM(3) << 16 | /* 24->18 */ 5133 OFDM(2) << 12 | /* 18->12 */ 5134 OFDM(1) << 8 | /* 12-> 9 */ 5135 OFDM(0) << 4 | /* 9-> 6 */ 5136 OFDM(0)); /* 6-> 6 */ 5137 5138 run_write(sc, RT2860_LG_FBK_CFG1, 5139 CCK(2) << 12 | /* 11->5.5 */ 5140 CCK(1) << 8 | /* 5.5-> 2 */ 5141 CCK(0) << 4 | /* 2-> 1 */ 5142 CCK(0)); /* 1-> 1 */ 5143#undef OFDM 5144#undef CCK 5145} 5146 5147static void 5148run_set_txpreamble(struct run_softc *sc) 5149{ 5150 struct ieee80211com *ic = &sc->sc_ic; 5151 uint32_t tmp; 5152 5153 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5154 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5155 tmp |= RT2860_CCK_SHORT_EN; 5156 else 5157 tmp &= ~RT2860_CCK_SHORT_EN; 5158 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5159} 5160 5161static void 5162run_set_basicrates(struct run_softc *sc) 5163{ 5164 struct ieee80211com *ic = &sc->sc_ic; 5165 5166 /* set basic rates mask */ 5167 if (ic->ic_curmode == IEEE80211_MODE_11B) 5168 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5169 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5170 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5171 else /* 11g */ 5172 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5173} 5174 5175static void 5176run_set_leds(struct run_softc *sc, uint16_t which) 5177{ 5178 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5179 which | (sc->leds & 0x7f)); 5180} 5181 5182static void 5183run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5184{ 5185 run_write(sc, RT2860_MAC_BSSID_DW0, 5186 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5187 run_write(sc, RT2860_MAC_BSSID_DW1, 5188 bssid[4] | bssid[5] << 8); 5189} 5190 5191static void 5192run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5193{ 5194 run_write(sc, RT2860_MAC_ADDR_DW0, 5195 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5196 run_write(sc, RT2860_MAC_ADDR_DW1, 5197 addr[4] | addr[5] << 8 | 0xff << 16); 5198} 5199 5200static void 5201run_updateslot(struct ieee80211com *ic) 5202{ 5203 struct run_softc *sc = ic->ic_softc; 5204 uint32_t i; 5205 5206 i = RUN_CMDQ_GET(&sc->cmdq_store); 5207 DPRINTF("cmdq_store=%d\n", i); 5208 sc->cmdq[i].func = run_updateslot_cb; 5209 sc->cmdq[i].arg0 = ic; 5210 ieee80211_runtask(ic, &sc->cmdq_task); 5211 5212 return; 5213} 5214 5215/* ARGSUSED */ 5216static void 5217run_updateslot_cb(void *arg) 5218{ 5219 struct ieee80211com *ic = arg; 5220 struct run_softc *sc = ic->ic_softc; 5221 uint32_t tmp; 5222 5223 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5224 tmp &= ~0xff; 5225 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5226 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5227} 5228 5229static void 5230run_update_mcast(struct ieee80211com *ic) 5231{ 5232} 5233 5234static int8_t 5235run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5236{ 5237 struct ieee80211com *ic = &sc->sc_ic; 5238 struct ieee80211_channel *c = ic->ic_curchan; 5239 int delta; 5240 5241 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5242 u_int chan = ieee80211_chan2ieee(ic, c); 5243 delta = sc->rssi_5ghz[rxchain]; 5244 5245 /* determine channel group */ 5246 if (chan <= 64) 5247 delta -= sc->lna[1]; 5248 else if (chan <= 128) 5249 delta -= sc->lna[2]; 5250 else 5251 delta -= sc->lna[3]; 5252 } else 5253 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5254 5255 return (-12 - delta - rssi); 5256} 5257 5258static void 5259run_rt5390_bbp_init(struct run_softc *sc) 5260{ 5261 int i; 5262 uint8_t bbp; 5263 5264 /* Apply maximum likelihood detection for 2 stream case. */ 5265 run_bbp_read(sc, 105, &bbp); 5266 if (sc->nrxchains > 1) 5267 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5268 5269 /* Avoid data lost and CRC error. */ 5270 run_bbp_read(sc, 4, &bbp); 5271 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5272 5273 if (sc->mac_ver == 0x5592) { 5274 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5275 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5276 rt5592_def_bbp[i].val); 5277 } 5278 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5279 run_bbp_write(sc, 195, i + 0x80); 5280 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5281 } 5282 } else { 5283 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5284 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5285 rt5390_def_bbp[i].val); 5286 } 5287 } 5288 if (sc->mac_ver == 0x5392) { 5289 run_bbp_write(sc, 88, 0x90); 5290 run_bbp_write(sc, 95, 0x9a); 5291 run_bbp_write(sc, 98, 0x12); 5292 run_bbp_write(sc, 106, 0x12); 5293 run_bbp_write(sc, 134, 0xd0); 5294 run_bbp_write(sc, 135, 0xf6); 5295 run_bbp_write(sc, 148, 0x84); 5296 } 5297 5298 run_bbp_read(sc, 152, &bbp); 5299 run_bbp_write(sc, 152, bbp | 0x80); 5300 5301 /* Fix BBP254 for RT5592C. */ 5302 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5303 run_bbp_read(sc, 254, &bbp); 5304 run_bbp_write(sc, 254, bbp | 0x80); 5305 } 5306 5307 /* Disable hardware antenna diversity. */ 5308 if (sc->mac_ver == 0x5390) 5309 run_bbp_write(sc, 154, 0); 5310 5311 /* Initialize Rx CCK/OFDM frequency offset report. */ 5312 run_bbp_write(sc, 142, 1); 5313 run_bbp_write(sc, 143, 57); 5314} 5315 5316static int 5317run_bbp_init(struct run_softc *sc) 5318{ 5319 int i, error, ntries; 5320 uint8_t bbp0; 5321 5322 /* wait for BBP to wake up */ 5323 for (ntries = 0; ntries < 20; ntries++) { 5324 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5325 return error; 5326 if (bbp0 != 0 && bbp0 != 0xff) 5327 break; 5328 } 5329 if (ntries == 20) 5330 return (ETIMEDOUT); 5331 5332 /* initialize BBP registers to default values */ 5333 if (sc->mac_ver >= 0x5390) 5334 run_rt5390_bbp_init(sc); 5335 else { 5336 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5337 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5338 rt2860_def_bbp[i].val); 5339 } 5340 } 5341 5342 if (sc->mac_ver == 0x3593) { 5343 run_bbp_write(sc, 79, 0x13); 5344 run_bbp_write(sc, 80, 0x05); 5345 run_bbp_write(sc, 81, 0x33); 5346 run_bbp_write(sc, 86, 0x46); 5347 run_bbp_write(sc, 137, 0x0f); 5348 } 5349 5350 /* fix BBP84 for RT2860E */ 5351 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5352 run_bbp_write(sc, 84, 0x19); 5353 5354 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5355 sc->mac_ver != 0x5592)) { 5356 run_bbp_write(sc, 79, 0x13); 5357 run_bbp_write(sc, 80, 0x05); 5358 run_bbp_write(sc, 81, 0x33); 5359 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5360 run_bbp_write(sc, 69, 0x16); 5361 run_bbp_write(sc, 73, 0x12); 5362 } 5363 return (0); 5364} 5365 5366static int 5367run_rt3070_rf_init(struct run_softc *sc) 5368{ 5369 uint32_t tmp; 5370 uint8_t bbp4, mingain, rf, target; 5371 int i; 5372 5373 run_rt3070_rf_read(sc, 30, &rf); 5374 /* toggle RF R30 bit 7 */ 5375 run_rt3070_rf_write(sc, 30, rf | 0x80); 5376 run_delay(sc, 10); 5377 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5378 5379 /* initialize RF registers to default value */ 5380 if (sc->mac_ver == 0x3572) { 5381 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5382 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5383 rt3572_def_rf[i].val); 5384 } 5385 } else { 5386 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5387 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5388 rt3070_def_rf[i].val); 5389 } 5390 } 5391 5392 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5393 /* 5394 * Change voltage from 1.2V to 1.35V for RT3070. 5395 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5396 * in RT3070(F). 5397 */ 5398 run_read(sc, RT3070_LDO_CFG0, &tmp); 5399 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5400 run_write(sc, RT3070_LDO_CFG0, tmp); 5401 5402 } else if (sc->mac_ver == 0x3071) { 5403 run_rt3070_rf_read(sc, 6, &rf); 5404 run_rt3070_rf_write(sc, 6, rf | 0x40); 5405 run_rt3070_rf_write(sc, 31, 0x14); 5406 5407 run_read(sc, RT3070_LDO_CFG0, &tmp); 5408 tmp &= ~0x1f000000; 5409 if (sc->mac_rev < 0x0211) 5410 tmp |= 0x0d000000; /* 1.3V */ 5411 else 5412 tmp |= 0x01000000; /* 1.2V */ 5413 run_write(sc, RT3070_LDO_CFG0, tmp); 5414 5415 /* patch LNA_PE_G1 */ 5416 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5417 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5418 5419 } else if (sc->mac_ver == 0x3572) { 5420 run_rt3070_rf_read(sc, 6, &rf); 5421 run_rt3070_rf_write(sc, 6, rf | 0x40); 5422 5423 /* increase voltage from 1.2V to 1.35V */ 5424 run_read(sc, RT3070_LDO_CFG0, &tmp); 5425 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5426 run_write(sc, RT3070_LDO_CFG0, tmp); 5427 5428 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5429 run_delay(sc, 1); /* wait for 1msec */ 5430 /* decrease voltage back to 1.2V */ 5431 tmp = (tmp & ~0x1f000000) | 0x01000000; 5432 run_write(sc, RT3070_LDO_CFG0, tmp); 5433 } 5434 } 5435 5436 /* select 20MHz bandwidth */ 5437 run_rt3070_rf_read(sc, 31, &rf); 5438 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5439 5440 /* calibrate filter for 20MHz bandwidth */ 5441 sc->rf24_20mhz = 0x1f; /* default value */ 5442 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5443 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5444 5445 /* select 40MHz bandwidth */ 5446 run_bbp_read(sc, 4, &bbp4); 5447 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5448 run_rt3070_rf_read(sc, 31, &rf); 5449 run_rt3070_rf_write(sc, 31, rf | 0x20); 5450 5451 /* calibrate filter for 40MHz bandwidth */ 5452 sc->rf24_40mhz = 0x2f; /* default value */ 5453 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5454 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5455 5456 /* go back to 20MHz bandwidth */ 5457 run_bbp_read(sc, 4, &bbp4); 5458 run_bbp_write(sc, 4, bbp4 & ~0x18); 5459 5460 if (sc->mac_ver == 0x3572) { 5461 /* save default BBP registers 25 and 26 values */ 5462 run_bbp_read(sc, 25, &sc->bbp25); 5463 run_bbp_read(sc, 26, &sc->bbp26); 5464 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5465 run_rt3070_rf_write(sc, 27, 0x03); 5466 5467 run_read(sc, RT3070_OPT_14, &tmp); 5468 run_write(sc, RT3070_OPT_14, tmp | 1); 5469 5470 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5471 run_rt3070_rf_read(sc, 17, &rf); 5472 rf &= ~RT3070_TX_LO1; 5473 if ((sc->mac_ver == 0x3070 || 5474 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5475 !sc->ext_2ghz_lna) 5476 rf |= 0x20; /* fix for long range Rx issue */ 5477 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5478 if (sc->txmixgain_2ghz >= mingain) 5479 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5480 run_rt3070_rf_write(sc, 17, rf); 5481 } 5482 5483 if (sc->mac_ver == 0x3071) { 5484 run_rt3070_rf_read(sc, 1, &rf); 5485 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5486 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5487 run_rt3070_rf_write(sc, 1, rf); 5488 5489 run_rt3070_rf_read(sc, 15, &rf); 5490 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5491 5492 run_rt3070_rf_read(sc, 20, &rf); 5493 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5494 5495 run_rt3070_rf_read(sc, 21, &rf); 5496 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5497 } 5498 5499 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5500 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5501 run_rt3070_rf_read(sc, 27, &rf); 5502 rf &= ~0x77; 5503 if (sc->mac_rev < 0x0211) 5504 rf |= 0x03; 5505 run_rt3070_rf_write(sc, 27, rf); 5506 } 5507 return (0); 5508} 5509 5510static void 5511run_rt3593_rf_init(struct run_softc *sc) 5512{ 5513 uint32_t tmp; 5514 uint8_t rf; 5515 int i; 5516 5517 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5518 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5519 tmp &= ~(1 << 4 | 1 << 7); 5520 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5521 5522 /* Initialize RF registers to default value. */ 5523 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5524 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5525 rt3593_def_rf[i].val); 5526 } 5527 5528 /* Toggle RF R2 to initiate calibration. */ 5529 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5530 5531 /* Initialize RF frequency offset. */ 5532 run_adjust_freq_offset(sc); 5533 5534 run_rt3070_rf_read(sc, 18, &rf); 5535 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5536 5537 /* 5538 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5539 * decrease voltage back to 1.2V. 5540 */ 5541 run_read(sc, RT3070_LDO_CFG0, &tmp); 5542 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5543 run_write(sc, RT3070_LDO_CFG0, tmp); 5544 run_delay(sc, 1); 5545 tmp = (tmp & ~0x1f000000) | 0x01000000; 5546 run_write(sc, RT3070_LDO_CFG0, tmp); 5547 5548 sc->rf24_20mhz = 0x1f; 5549 sc->rf24_40mhz = 0x2f; 5550 5551 /* Save default BBP registers 25 and 26 values. */ 5552 run_bbp_read(sc, 25, &sc->bbp25); 5553 run_bbp_read(sc, 26, &sc->bbp26); 5554 5555 run_read(sc, RT3070_OPT_14, &tmp); 5556 run_write(sc, RT3070_OPT_14, tmp | 1); 5557} 5558 5559static void 5560run_rt5390_rf_init(struct run_softc *sc) 5561{ 5562 uint32_t tmp; 5563 uint8_t rf; 5564 int i; 5565 5566 /* Toggle RF R2 to initiate calibration. */ 5567 if (sc->mac_ver == 0x5390) { 5568 run_rt3070_rf_read(sc, 2, &rf); 5569 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5570 run_delay(sc, 10); 5571 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5572 } else { 5573 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5574 run_delay(sc, 10); 5575 } 5576 5577 /* Initialize RF registers to default value. */ 5578 if (sc->mac_ver == 0x5592) { 5579 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5580 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5581 rt5592_def_rf[i].val); 5582 } 5583 /* Initialize RF frequency offset. */ 5584 run_adjust_freq_offset(sc); 5585 } else if (sc->mac_ver == 0x5392) { 5586 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5587 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5588 rt5392_def_rf[i].val); 5589 } 5590 if (sc->mac_rev >= 0x0223) { 5591 run_rt3070_rf_write(sc, 23, 0x0f); 5592 run_rt3070_rf_write(sc, 24, 0x3e); 5593 run_rt3070_rf_write(sc, 51, 0x32); 5594 run_rt3070_rf_write(sc, 53, 0x22); 5595 run_rt3070_rf_write(sc, 56, 0xc1); 5596 run_rt3070_rf_write(sc, 59, 0x0f); 5597 } 5598 } else { 5599 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5600 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5601 rt5390_def_rf[i].val); 5602 } 5603 if (sc->mac_rev >= 0x0502) { 5604 run_rt3070_rf_write(sc, 6, 0xe0); 5605 run_rt3070_rf_write(sc, 25, 0x80); 5606 run_rt3070_rf_write(sc, 46, 0x73); 5607 run_rt3070_rf_write(sc, 53, 0x00); 5608 run_rt3070_rf_write(sc, 56, 0x42); 5609 run_rt3070_rf_write(sc, 61, 0xd1); 5610 } 5611 } 5612 5613 sc->rf24_20mhz = 0x1f; /* default value */ 5614 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5615 5616 if (sc->mac_rev < 0x0211) 5617 run_rt3070_rf_write(sc, 27, 0x3); 5618 5619 run_read(sc, RT3070_OPT_14, &tmp); 5620 run_write(sc, RT3070_OPT_14, tmp | 1); 5621} 5622 5623static int 5624run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5625 uint8_t *val) 5626{ 5627 uint8_t rf22, rf24; 5628 uint8_t bbp55_pb, bbp55_sb, delta; 5629 int ntries; 5630 5631 /* program filter */ 5632 run_rt3070_rf_read(sc, 24, &rf24); 5633 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5634 run_rt3070_rf_write(sc, 24, rf24); 5635 5636 /* enable baseband loopback mode */ 5637 run_rt3070_rf_read(sc, 22, &rf22); 5638 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5639 5640 /* set power and frequency of passband test tone */ 5641 run_bbp_write(sc, 24, 0x00); 5642 for (ntries = 0; ntries < 100; ntries++) { 5643 /* transmit test tone */ 5644 run_bbp_write(sc, 25, 0x90); 5645 run_delay(sc, 10); 5646 /* read received power */ 5647 run_bbp_read(sc, 55, &bbp55_pb); 5648 if (bbp55_pb != 0) 5649 break; 5650 } 5651 if (ntries == 100) 5652 return (ETIMEDOUT); 5653 5654 /* set power and frequency of stopband test tone */ 5655 run_bbp_write(sc, 24, 0x06); 5656 for (ntries = 0; ntries < 100; ntries++) { 5657 /* transmit test tone */ 5658 run_bbp_write(sc, 25, 0x90); 5659 run_delay(sc, 10); 5660 /* read received power */ 5661 run_bbp_read(sc, 55, &bbp55_sb); 5662 5663 delta = bbp55_pb - bbp55_sb; 5664 if (delta > target) 5665 break; 5666 5667 /* reprogram filter */ 5668 rf24++; 5669 run_rt3070_rf_write(sc, 24, rf24); 5670 } 5671 if (ntries < 100) { 5672 if (rf24 != init) 5673 rf24--; /* backtrack */ 5674 *val = rf24; 5675 run_rt3070_rf_write(sc, 24, rf24); 5676 } 5677 5678 /* restore initial state */ 5679 run_bbp_write(sc, 24, 0x00); 5680 5681 /* disable baseband loopback mode */ 5682 run_rt3070_rf_read(sc, 22, &rf22); 5683 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5684 5685 return (0); 5686} 5687 5688static void 5689run_rt3070_rf_setup(struct run_softc *sc) 5690{ 5691 uint8_t bbp, rf; 5692 int i; 5693 5694 if (sc->mac_ver == 0x3572) { 5695 /* enable DC filter */ 5696 if (sc->mac_rev >= 0x0201) 5697 run_bbp_write(sc, 103, 0xc0); 5698 5699 run_bbp_read(sc, 138, &bbp); 5700 if (sc->ntxchains == 1) 5701 bbp |= 0x20; /* turn off DAC1 */ 5702 if (sc->nrxchains == 1) 5703 bbp &= ~0x02; /* turn off ADC1 */ 5704 run_bbp_write(sc, 138, bbp); 5705 5706 if (sc->mac_rev >= 0x0211) { 5707 /* improve power consumption */ 5708 run_bbp_read(sc, 31, &bbp); 5709 run_bbp_write(sc, 31, bbp & ~0x03); 5710 } 5711 5712 run_rt3070_rf_read(sc, 16, &rf); 5713 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5714 run_rt3070_rf_write(sc, 16, rf); 5715 5716 } else if (sc->mac_ver == 0x3071) { 5717 if (sc->mac_rev >= 0x0211) { 5718 /* enable DC filter */ 5719 run_bbp_write(sc, 103, 0xc0); 5720 5721 /* improve power consumption */ 5722 run_bbp_read(sc, 31, &bbp); 5723 run_bbp_write(sc, 31, bbp & ~0x03); 5724 } 5725 5726 run_bbp_read(sc, 138, &bbp); 5727 if (sc->ntxchains == 1) 5728 bbp |= 0x20; /* turn off DAC1 */ 5729 if (sc->nrxchains == 1) 5730 bbp &= ~0x02; /* turn off ADC1 */ 5731 run_bbp_write(sc, 138, bbp); 5732 5733 run_write(sc, RT2860_TX_SW_CFG1, 0); 5734 if (sc->mac_rev < 0x0211) { 5735 run_write(sc, RT2860_TX_SW_CFG2, 5736 sc->patch_dac ? 0x2c : 0x0f); 5737 } else 5738 run_write(sc, RT2860_TX_SW_CFG2, 0); 5739 5740 } else if (sc->mac_ver == 0x3070) { 5741 if (sc->mac_rev >= 0x0201) { 5742 /* enable DC filter */ 5743 run_bbp_write(sc, 103, 0xc0); 5744 5745 /* improve power consumption */ 5746 run_bbp_read(sc, 31, &bbp); 5747 run_bbp_write(sc, 31, bbp & ~0x03); 5748 } 5749 5750 if (sc->mac_rev < 0x0201) { 5751 run_write(sc, RT2860_TX_SW_CFG1, 0); 5752 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5753 } else 5754 run_write(sc, RT2860_TX_SW_CFG2, 0); 5755 } 5756 5757 /* initialize RF registers from ROM for >=RT3071*/ 5758 if (sc->mac_ver >= 0x3071) { 5759 for (i = 0; i < 10; i++) { 5760 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5761 continue; 5762 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5763 } 5764 } 5765} 5766 5767static void 5768run_rt3593_rf_setup(struct run_softc *sc) 5769{ 5770 uint8_t bbp, rf; 5771 5772 if (sc->mac_rev >= 0x0211) { 5773 /* Enable DC filter. */ 5774 run_bbp_write(sc, 103, 0xc0); 5775 } 5776 run_write(sc, RT2860_TX_SW_CFG1, 0); 5777 if (sc->mac_rev < 0x0211) { 5778 run_write(sc, RT2860_TX_SW_CFG2, 5779 sc->patch_dac ? 0x2c : 0x0f); 5780 } else 5781 run_write(sc, RT2860_TX_SW_CFG2, 0); 5782 5783 run_rt3070_rf_read(sc, 50, &rf); 5784 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5785 5786 run_rt3070_rf_read(sc, 51, &rf); 5787 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5788 ((sc->txmixgain_2ghz & 0x07) << 2); 5789 run_rt3070_rf_write(sc, 51, rf); 5790 5791 run_rt3070_rf_read(sc, 38, &rf); 5792 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5793 5794 run_rt3070_rf_read(sc, 39, &rf); 5795 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5796 5797 run_rt3070_rf_read(sc, 1, &rf); 5798 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5799 5800 run_rt3070_rf_read(sc, 30, &rf); 5801 rf = (rf & ~0x18) | 0x10; 5802 run_rt3070_rf_write(sc, 30, rf); 5803 5804 /* Apply maximum likelihood detection for 2 stream case. */ 5805 run_bbp_read(sc, 105, &bbp); 5806 if (sc->nrxchains > 1) 5807 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5808 5809 /* Avoid data lost and CRC error. */ 5810 run_bbp_read(sc, 4, &bbp); 5811 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5812 5813 run_bbp_write(sc, 92, 0x02); 5814 run_bbp_write(sc, 82, 0x82); 5815 run_bbp_write(sc, 106, 0x05); 5816 run_bbp_write(sc, 104, 0x92); 5817 run_bbp_write(sc, 88, 0x90); 5818 run_bbp_write(sc, 148, 0xc8); 5819 run_bbp_write(sc, 47, 0x48); 5820 run_bbp_write(sc, 120, 0x50); 5821 5822 run_bbp_write(sc, 163, 0x9d); 5823 5824 /* SNR mapping. */ 5825 run_bbp_write(sc, 142, 0x06); 5826 run_bbp_write(sc, 143, 0xa0); 5827 run_bbp_write(sc, 142, 0x07); 5828 run_bbp_write(sc, 143, 0xa1); 5829 run_bbp_write(sc, 142, 0x08); 5830 run_bbp_write(sc, 143, 0xa2); 5831 5832 run_bbp_write(sc, 31, 0x08); 5833 run_bbp_write(sc, 68, 0x0b); 5834 run_bbp_write(sc, 105, 0x04); 5835} 5836 5837static void 5838run_rt5390_rf_setup(struct run_softc *sc) 5839{ 5840 uint8_t bbp, rf; 5841 5842 if (sc->mac_rev >= 0x0211) { 5843 /* Enable DC filter. */ 5844 run_bbp_write(sc, 103, 0xc0); 5845 5846 if (sc->mac_ver != 0x5592) { 5847 /* Improve power consumption. */ 5848 run_bbp_read(sc, 31, &bbp); 5849 run_bbp_write(sc, 31, bbp & ~0x03); 5850 } 5851 } 5852 5853 run_bbp_read(sc, 138, &bbp); 5854 if (sc->ntxchains == 1) 5855 bbp |= 0x20; /* turn off DAC1 */ 5856 if (sc->nrxchains == 1) 5857 bbp &= ~0x02; /* turn off ADC1 */ 5858 run_bbp_write(sc, 138, bbp); 5859 5860 run_rt3070_rf_read(sc, 38, &rf); 5861 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5862 5863 run_rt3070_rf_read(sc, 39, &rf); 5864 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5865 5866 /* Avoid data lost and CRC error. */ 5867 run_bbp_read(sc, 4, &bbp); 5868 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5869 5870 run_rt3070_rf_read(sc, 30, &rf); 5871 rf = (rf & ~0x18) | 0x10; 5872 run_rt3070_rf_write(sc, 30, rf); 5873 5874 if (sc->mac_ver != 0x5592) { 5875 run_write(sc, RT2860_TX_SW_CFG1, 0); 5876 if (sc->mac_rev < 0x0211) { 5877 run_write(sc, RT2860_TX_SW_CFG2, 5878 sc->patch_dac ? 0x2c : 0x0f); 5879 } else 5880 run_write(sc, RT2860_TX_SW_CFG2, 0); 5881 } 5882} 5883 5884static int 5885run_txrx_enable(struct run_softc *sc) 5886{ 5887 struct ieee80211com *ic = &sc->sc_ic; 5888 uint32_t tmp; 5889 int error, ntries; 5890 5891 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5892 for (ntries = 0; ntries < 200; ntries++) { 5893 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5894 return (error); 5895 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5896 break; 5897 run_delay(sc, 50); 5898 } 5899 if (ntries == 200) 5900 return (ETIMEDOUT); 5901 5902 run_delay(sc, 50); 5903 5904 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5905 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5906 5907 /* enable Rx bulk aggregation (set timeout and limit) */ 5908 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5909 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5910 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5911 5912 /* set Rx filter */ 5913 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5914 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5915 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5916 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5917 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5918 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5919 if (ic->ic_opmode == IEEE80211_M_STA) 5920 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5921 } 5922 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5923 5924 run_write(sc, RT2860_MAC_SYS_CTRL, 5925 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5926 5927 return (0); 5928} 5929 5930static void 5931run_adjust_freq_offset(struct run_softc *sc) 5932{ 5933 uint8_t rf, tmp; 5934 5935 run_rt3070_rf_read(sc, 17, &rf); 5936 tmp = rf; 5937 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5938 rf = MIN(rf, 0x5f); 5939 5940 if (tmp != rf) 5941 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5942} 5943 5944static void 5945run_init_locked(struct run_softc *sc) 5946{ 5947 struct ieee80211com *ic = &sc->sc_ic; 5948 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5949 uint32_t tmp; 5950 uint8_t bbp1, bbp3; 5951 int i; 5952 int ridx; 5953 int ntries; 5954 5955 if (ic->ic_nrunning > 1) 5956 return; 5957 5958 run_stop(sc); 5959 5960 if (run_load_microcode(sc) != 0) { 5961 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5962 goto fail; 5963 } 5964 5965 for (ntries = 0; ntries < 100; ntries++) { 5966 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5967 goto fail; 5968 if (tmp != 0 && tmp != 0xffffffff) 5969 break; 5970 run_delay(sc, 10); 5971 } 5972 if (ntries == 100) 5973 goto fail; 5974 5975 for (i = 0; i != RUN_EP_QUEUES; i++) 5976 run_setup_tx_list(sc, &sc->sc_epq[i]); 5977 5978 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5979 5980 for (ntries = 0; ntries < 100; ntries++) { 5981 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5982 goto fail; 5983 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5984 break; 5985 run_delay(sc, 10); 5986 } 5987 if (ntries == 100) { 5988 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5989 goto fail; 5990 } 5991 tmp &= 0xff0; 5992 tmp |= RT2860_TX_WB_DDONE; 5993 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5994 5995 /* turn off PME_OEN to solve high-current issue */ 5996 run_read(sc, RT2860_SYS_CTRL, &tmp); 5997 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5998 5999 run_write(sc, RT2860_MAC_SYS_CTRL, 6000 RT2860_BBP_HRST | RT2860_MAC_SRST); 6001 run_write(sc, RT2860_USB_DMA_CFG, 0); 6002 6003 if (run_reset(sc) != 0) { 6004 device_printf(sc->sc_dev, "could not reset chipset\n"); 6005 goto fail; 6006 } 6007 6008 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6009 6010 /* init Tx power for all Tx rates (from EEPROM) */ 6011 for (ridx = 0; ridx < 5; ridx++) { 6012 if (sc->txpow20mhz[ridx] == 0xffffffff) 6013 continue; 6014 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6015 } 6016 6017 for (i = 0; i < nitems(rt2870_def_mac); i++) 6018 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6019 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6020 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6021 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6022 6023 if (sc->mac_ver >= 0x5390) { 6024 run_write(sc, RT2860_TX_SW_CFG0, 6025 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6026 if (sc->mac_ver >= 0x5392) { 6027 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6028 if (sc->mac_ver == 0x5592) { 6029 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6030 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6031 } else { 6032 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6033 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6034 } 6035 } 6036 } else if (sc->mac_ver == 0x3593) { 6037 run_write(sc, RT2860_TX_SW_CFG0, 6038 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6039 } else if (sc->mac_ver >= 0x3070) { 6040 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6041 run_write(sc, RT2860_TX_SW_CFG0, 6042 4 << RT2860_DLY_PAPE_EN_SHIFT); 6043 } 6044 6045 /* wait while MAC is busy */ 6046 for (ntries = 0; ntries < 100; ntries++) { 6047 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6048 goto fail; 6049 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6050 break; 6051 run_delay(sc, 10); 6052 } 6053 if (ntries == 100) 6054 goto fail; 6055 6056 /* clear Host to MCU mailbox */ 6057 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6058 run_write(sc, RT2860_H2M_MAILBOX, 0); 6059 run_delay(sc, 10); 6060 6061 if (run_bbp_init(sc) != 0) { 6062 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6063 goto fail; 6064 } 6065 6066 /* abort TSF synchronization */ 6067 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6068 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6069 RT2860_TBTT_TIMER_EN); 6070 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6071 6072 /* clear RX WCID search table */ 6073 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6074 /* clear WCID attribute table */ 6075 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6076 6077 /* hostapd sets a key before init. So, don't clear it. */ 6078 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6079 /* clear shared key table */ 6080 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6081 /* clear shared key mode */ 6082 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6083 } 6084 6085 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6086 tmp = (tmp & ~0xff) | 0x1e; 6087 run_write(sc, RT2860_US_CYC_CNT, tmp); 6088 6089 if (sc->mac_rev != 0x0101) 6090 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6091 6092 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6093 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6094 6095 /* write vendor-specific BBP values (from EEPROM) */ 6096 if (sc->mac_ver < 0x3593) { 6097 for (i = 0; i < 10; i++) { 6098 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6099 continue; 6100 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6101 } 6102 } 6103 6104 /* select Main antenna for 1T1R devices */ 6105 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6106 run_set_rx_antenna(sc, 0); 6107 6108 /* send LEDs operating mode to microcontroller */ 6109 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6110 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6111 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6112 6113 if (sc->mac_ver >= 0x5390) 6114 run_rt5390_rf_init(sc); 6115 else if (sc->mac_ver == 0x3593) 6116 run_rt3593_rf_init(sc); 6117 else if (sc->mac_ver >= 0x3070) 6118 run_rt3070_rf_init(sc); 6119 6120 /* disable non-existing Rx chains */ 6121 run_bbp_read(sc, 3, &bbp3); 6122 bbp3 &= ~(1 << 3 | 1 << 4); 6123 if (sc->nrxchains == 2) 6124 bbp3 |= 1 << 3; 6125 else if (sc->nrxchains == 3) 6126 bbp3 |= 1 << 4; 6127 run_bbp_write(sc, 3, bbp3); 6128 6129 /* disable non-existing Tx chains */ 6130 run_bbp_read(sc, 1, &bbp1); 6131 if (sc->ntxchains == 1) 6132 bbp1 &= ~(1 << 3 | 1 << 4); 6133 run_bbp_write(sc, 1, bbp1); 6134 6135 if (sc->mac_ver >= 0x5390) 6136 run_rt5390_rf_setup(sc); 6137 else if (sc->mac_ver == 0x3593) 6138 run_rt3593_rf_setup(sc); 6139 else if (sc->mac_ver >= 0x3070) 6140 run_rt3070_rf_setup(sc); 6141 6142 /* select default channel */ 6143 run_set_chan(sc, ic->ic_curchan); 6144 6145 /* setup initial protection mode */ 6146 run_updateprot_cb(ic); 6147 6148 /* turn radio LED on */ 6149 run_set_leds(sc, RT2860_LED_RADIO); 6150 6151 sc->sc_flags |= RUN_RUNNING; 6152 sc->cmdq_run = RUN_CMDQ_GO; 6153 6154 for (i = 0; i != RUN_N_XFER; i++) 6155 usbd_xfer_set_stall(sc->sc_xfer[i]); 6156 6157 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6158 6159 if (run_txrx_enable(sc) != 0) 6160 goto fail; 6161 6162 return; 6163 6164fail: 6165 run_stop(sc); 6166} 6167 6168static void 6169run_stop(void *arg) 6170{ 6171 struct run_softc *sc = (struct run_softc *)arg; 6172 uint32_t tmp; 6173 int i; 6174 int ntries; 6175 6176 RUN_LOCK_ASSERT(sc, MA_OWNED); 6177 6178 if (sc->sc_flags & RUN_RUNNING) 6179 run_set_leds(sc, 0); /* turn all LEDs off */ 6180 6181 sc->sc_flags &= ~RUN_RUNNING; 6182 6183 sc->ratectl_run = RUN_RATECTL_OFF; 6184 sc->cmdq_run = sc->cmdq_key_set; 6185 6186 RUN_UNLOCK(sc); 6187 6188 for(i = 0; i < RUN_N_XFER; i++) 6189 usbd_transfer_drain(sc->sc_xfer[i]); 6190 6191 RUN_LOCK(sc); 6192 6193 run_drain_mbufq(sc); 6194 6195 if (sc->rx_m != NULL) { 6196 m_free(sc->rx_m); 6197 sc->rx_m = NULL; 6198 } 6199 6200 /* Disable Tx/Rx DMA. */ 6201 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6202 return; 6203 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6204 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6205 6206 for (ntries = 0; ntries < 100; ntries++) { 6207 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6208 return; 6209 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6210 break; 6211 run_delay(sc, 10); 6212 } 6213 if (ntries == 100) { 6214 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6215 return; 6216 } 6217 6218 /* disable Tx/Rx */ 6219 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6220 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6221 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6222 6223 /* wait for pending Tx to complete */ 6224 for (ntries = 0; ntries < 100; ntries++) { 6225 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6226 DPRINTF("Cannot read Tx queue count\n"); 6227 break; 6228 } 6229 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6230 DPRINTF("All Tx cleared\n"); 6231 break; 6232 } 6233 run_delay(sc, 10); 6234 } 6235 if (ntries >= 100) 6236 DPRINTF("There are still pending Tx\n"); 6237 run_delay(sc, 10); 6238 run_write(sc, RT2860_USB_DMA_CFG, 0); 6239 6240 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6241 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6242 6243 for (i = 0; i != RUN_EP_QUEUES; i++) 6244 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6245} 6246 6247static void 6248run_delay(struct run_softc *sc, u_int ms) 6249{ 6250 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6251 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6252} 6253 6254static device_method_t run_methods[] = { 6255 /* Device interface */ 6256 DEVMETHOD(device_probe, run_match), 6257 DEVMETHOD(device_attach, run_attach), 6258 DEVMETHOD(device_detach, run_detach), 6259 DEVMETHOD_END 6260}; 6261 6262static driver_t run_driver = { 6263 .name = "run", 6264 .methods = run_methods, 6265 .size = sizeof(struct run_softc) 6266}; 6267 6268static devclass_t run_devclass; 6269 6270DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6271MODULE_DEPEND(run, wlan, 1, 1, 1); 6272MODULE_DEPEND(run, usb, 1, 1, 1); 6273MODULE_DEPEND(run, firmware, 1, 1, 1); 6274MODULE_VERSION(run, 1); 6275