1/*- 2 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 3 * Copyright (c) 2012 Bernhard Schmidt <bschmidt@FreeBSD.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * 17 * $OpenBSD: rt2860.c,v 1.65 2010/10/23 14:24:54 damien Exp $ 18 */ 19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD: releng/11.0/sys/dev/ral/rt2860.c 301575 2016-06-08 02:37:23Z kevlo $"); 22 23/*- 24 * Ralink Technology RT2860/RT3090/RT3390/RT3562/RT5390/RT5392 chipset driver 25 * http://www.ralinktech.com/ 26 */ 27 28#include <sys/param.h> 29#include <sys/sysctl.h> 30#include <sys/sockio.h> 31#include <sys/mbuf.h> 32#include <sys/kernel.h> 33#include <sys/socket.h> 34#include <sys/systm.h> 35#include <sys/malloc.h> 36#include <sys/lock.h> 37#include <sys/mutex.h> 38#include <sys/module.h> 39#include <sys/bus.h> 40#include <sys/endian.h> 41#include <sys/firmware.h> 42 43#include <machine/bus.h> 44#include <machine/resource.h> 45#include <sys/rman.h> 46 47#include <net/bpf.h> 48#include <net/if.h> 49#include <net/if_var.h> 50#include <net/if_arp.h> 51#include <net/ethernet.h> 52#include <net/if_dl.h> 53#include <net/if_media.h> 54#include <net/if_types.h> 55 56#include <net80211/ieee80211_var.h> 57#include <net80211/ieee80211_radiotap.h> 58#include <net80211/ieee80211_regdomain.h> 59#include <net80211/ieee80211_ratectl.h> 60 61#include <netinet/in.h> 62#include <netinet/in_systm.h> 63#include <netinet/in_var.h> 64#include <netinet/ip.h> 65#include <netinet/if_ether.h> 66 67#include <dev/ral/rt2860reg.h> 68#include <dev/ral/rt2860var.h> 69 70#define RAL_DEBUG 71#ifdef RAL_DEBUG 72#define DPRINTF(x) do { if (sc->sc_debug > 0) printf x; } while (0) 73#define DPRINTFN(n, x) do { if (sc->sc_debug >= (n)) printf x; } while (0) 74#else 75#define DPRINTF(x) 76#define DPRINTFN(n, x) 77#endif 78 79static struct ieee80211vap *rt2860_vap_create(struct ieee80211com *, 80 const char [IFNAMSIZ], int, enum ieee80211_opmode, 81 int, const uint8_t [IEEE80211_ADDR_LEN], 82 const uint8_t [IEEE80211_ADDR_LEN]); 83static void rt2860_vap_delete(struct ieee80211vap *); 84static void rt2860_dma_map_addr(void *, bus_dma_segment_t *, int, int); 85static int rt2860_alloc_tx_ring(struct rt2860_softc *, 86 struct rt2860_tx_ring *); 87static void rt2860_reset_tx_ring(struct rt2860_softc *, 88 struct rt2860_tx_ring *); 89static void rt2860_free_tx_ring(struct rt2860_softc *, 90 struct rt2860_tx_ring *); 91static int rt2860_alloc_tx_pool(struct rt2860_softc *); 92static void rt2860_free_tx_pool(struct rt2860_softc *); 93static int rt2860_alloc_rx_ring(struct rt2860_softc *, 94 struct rt2860_rx_ring *); 95static void rt2860_reset_rx_ring(struct rt2860_softc *, 96 struct rt2860_rx_ring *); 97static void rt2860_free_rx_ring(struct rt2860_softc *, 98 struct rt2860_rx_ring *); 99static void rt2860_updatestats(struct rt2860_softc *); 100static void rt2860_newassoc(struct ieee80211_node *, int); 101static void rt2860_node_free(struct ieee80211_node *); 102#ifdef IEEE80211_HT 103static int rt2860_ampdu_rx_start(struct ieee80211com *, 104 struct ieee80211_node *, uint8_t); 105static void rt2860_ampdu_rx_stop(struct ieee80211com *, 106 struct ieee80211_node *, uint8_t); 107#endif 108static int rt2860_newstate(struct ieee80211vap *, enum ieee80211_state, 109 int); 110static uint16_t rt3090_efuse_read_2(struct rt2860_softc *, uint16_t); 111static uint16_t rt2860_eeprom_read_2(struct rt2860_softc *, uint16_t); 112static void rt2860_intr_coherent(struct rt2860_softc *); 113static void rt2860_drain_stats_fifo(struct rt2860_softc *); 114static void rt2860_tx_intr(struct rt2860_softc *, int); 115static void rt2860_rx_intr(struct rt2860_softc *); 116static void rt2860_tbtt_intr(struct rt2860_softc *); 117static void rt2860_gp_intr(struct rt2860_softc *); 118static int rt2860_tx(struct rt2860_softc *, struct mbuf *, 119 struct ieee80211_node *); 120static int rt2860_raw_xmit(struct ieee80211_node *, struct mbuf *, 121 const struct ieee80211_bpf_params *); 122static int rt2860_tx_raw(struct rt2860_softc *, struct mbuf *, 123 struct ieee80211_node *, 124 const struct ieee80211_bpf_params *params); 125static int rt2860_transmit(struct ieee80211com *, struct mbuf *); 126static void rt2860_start(struct rt2860_softc *); 127static void rt2860_watchdog(void *); 128static void rt2860_parent(struct ieee80211com *); 129static void rt2860_mcu_bbp_write(struct rt2860_softc *, uint8_t, uint8_t); 130static uint8_t rt2860_mcu_bbp_read(struct rt2860_softc *, uint8_t); 131static void rt2860_rf_write(struct rt2860_softc *, uint8_t, uint32_t); 132static uint8_t rt3090_rf_read(struct rt2860_softc *, uint8_t); 133static void rt3090_rf_write(struct rt2860_softc *, uint8_t, uint8_t); 134static int rt2860_mcu_cmd(struct rt2860_softc *, uint8_t, uint16_t, int); 135static void rt2860_enable_mrr(struct rt2860_softc *); 136static void rt2860_set_txpreamble(struct rt2860_softc *); 137static void rt2860_set_basicrates(struct rt2860_softc *, 138 const struct ieee80211_rateset *); 139static void rt2860_scan_start(struct ieee80211com *); 140static void rt2860_scan_end(struct ieee80211com *); 141static void rt2860_getradiocaps(struct ieee80211com *, int, int *, 142 struct ieee80211_channel[]); 143static void rt2860_set_channel(struct ieee80211com *); 144static void rt2860_select_chan_group(struct rt2860_softc *, int); 145static void rt2860_set_chan(struct rt2860_softc *, u_int); 146static void rt3090_set_chan(struct rt2860_softc *, u_int); 147static void rt5390_set_chan(struct rt2860_softc *, u_int); 148static int rt3090_rf_init(struct rt2860_softc *); 149static void rt5390_rf_init(struct rt2860_softc *); 150static void rt3090_rf_wakeup(struct rt2860_softc *); 151static void rt5390_rf_wakeup(struct rt2860_softc *); 152static int rt3090_filter_calib(struct rt2860_softc *, uint8_t, uint8_t, 153 uint8_t *); 154static void rt3090_rf_setup(struct rt2860_softc *); 155static void rt2860_set_leds(struct rt2860_softc *, uint16_t); 156static void rt2860_set_gp_timer(struct rt2860_softc *, int); 157static void rt2860_set_bssid(struct rt2860_softc *, const uint8_t *); 158static void rt2860_set_macaddr(struct rt2860_softc *, const uint8_t *); 159static void rt2860_update_promisc(struct ieee80211com *); 160static void rt2860_updateslot(struct ieee80211com *); 161static void rt2860_updateprot(struct rt2860_softc *); 162static int rt2860_updateedca(struct ieee80211com *); 163#ifdef HW_CRYPTO 164static int rt2860_set_key(struct ieee80211com *, struct ieee80211_node *, 165 struct ieee80211_key *); 166static void rt2860_delete_key(struct ieee80211com *, 167 struct ieee80211_node *, struct ieee80211_key *); 168#endif 169static int8_t rt2860_rssi2dbm(struct rt2860_softc *, uint8_t, uint8_t); 170static const char *rt2860_get_rf(uint16_t); 171static int rt2860_read_eeprom(struct rt2860_softc *, 172 uint8_t macaddr[IEEE80211_ADDR_LEN]); 173static int rt2860_bbp_init(struct rt2860_softc *); 174static void rt5390_bbp_init(struct rt2860_softc *); 175static int rt2860_txrx_enable(struct rt2860_softc *); 176static void rt2860_init(void *); 177static void rt2860_init_locked(struct rt2860_softc *); 178static void rt2860_stop(void *); 179static void rt2860_stop_locked(struct rt2860_softc *); 180static int rt2860_load_microcode(struct rt2860_softc *); 181#ifdef NOT_YET 182static void rt2860_calib(struct rt2860_softc *); 183#endif 184static void rt3090_set_rx_antenna(struct rt2860_softc *, int); 185static void rt2860_switch_chan(struct rt2860_softc *, 186 struct ieee80211_channel *); 187static int rt2860_setup_beacon(struct rt2860_softc *, 188 struct ieee80211vap *); 189static void rt2860_enable_tsf_sync(struct rt2860_softc *); 190 191static const struct { 192 uint32_t reg; 193 uint32_t val; 194} rt2860_def_mac[] = { 195 RT2860_DEF_MAC 196}; 197 198static const struct { 199 uint8_t reg; 200 uint8_t val; 201} rt2860_def_bbp[] = { 202 RT2860_DEF_BBP 203}, rt5390_def_bbp[] = { 204 RT5390_DEF_BBP 205}; 206 207static const struct rfprog { 208 uint8_t chan; 209 uint32_t r1, r2, r3, r4; 210} rt2860_rf2850[] = { 211 RT2860_RF2850 212}; 213 214struct { 215 uint8_t n, r, k; 216} rt3090_freqs[] = { 217 RT3070_RF3052 218}; 219 220static const struct { 221 uint8_t reg; 222 uint8_t val; 223} rt3090_def_rf[] = { 224 RT3070_DEF_RF 225}, rt5390_def_rf[] = { 226 RT5390_DEF_RF 227}, rt5392_def_rf[] = { 228 RT5392_DEF_RF 229}; 230 231static const uint8_t rt2860_chan_2ghz[] = 232 { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14 }; 233static const uint8_t rt2860_chan_5ghz[] = 234 { 36, 38, 40, 44, 46, 48, 52, 54, 56, 60, 62, 64, 100, 102, 104, 235 108, 110, 112, 116, 118, 120, 124, 126, 128, 132, 134, 136, 140, 236 149, 151, 153, 157, 159, 161, 165, 167, 169, 171, 173 }; 237 238int 239rt2860_attach(device_t dev, int id) 240{ 241 struct rt2860_softc *sc = device_get_softc(dev); 242 struct ieee80211com *ic = &sc->sc_ic; 243 uint32_t tmp; 244 int error, ntries, qid; 245 246 sc->sc_dev = dev; 247 sc->sc_debug = 0; 248 249 mtx_init(&sc->sc_mtx, device_get_nameunit(dev), MTX_NETWORK_LOCK, 250 MTX_DEF | MTX_RECURSE); 251 252 callout_init_mtx(&sc->watchdog_ch, &sc->sc_mtx, 0); 253 mbufq_init(&sc->sc_snd, ifqmaxlen); 254 255 /* wait for NIC to initialize */ 256 for (ntries = 0; ntries < 100; ntries++) { 257 tmp = RAL_READ(sc, RT2860_ASIC_VER_ID); 258 if (tmp != 0 && tmp != 0xffffffff) 259 break; 260 DELAY(10); 261 } 262 if (ntries == 100) { 263 device_printf(sc->sc_dev, 264 "timeout waiting for NIC to initialize\n"); 265 error = EIO; 266 goto fail1; 267 } 268 sc->mac_ver = tmp >> 16; 269 sc->mac_rev = tmp & 0xffff; 270 271 if (sc->mac_ver != 0x2860 && 272 (id == 0x0681 || id == 0x0781 || id == 0x1059)) 273 sc->sc_flags |= RT2860_ADVANCED_PS; 274 275 /* retrieve RF rev. no and various other things from EEPROM */ 276 rt2860_read_eeprom(sc, ic->ic_macaddr); 277 device_printf(sc->sc_dev, "MAC/BBP RT%X (rev 0x%04X), " 278 "RF %s (MIMO %dT%dR), address %6D\n", 279 sc->mac_ver, sc->mac_rev, rt2860_get_rf(sc->rf_rev), 280 sc->ntxchains, sc->nrxchains, ic->ic_macaddr, ":"); 281 282 /* 283 * Allocate Tx (4 EDCAs + HCCA + Mgt) and Rx rings. 284 */ 285 for (qid = 0; qid < 6; qid++) { 286 if ((error = rt2860_alloc_tx_ring(sc, &sc->txq[qid])) != 0) { 287 device_printf(sc->sc_dev, 288 "could not allocate Tx ring %d\n", qid); 289 goto fail2; 290 } 291 } 292 293 if ((error = rt2860_alloc_rx_ring(sc, &sc->rxq)) != 0) { 294 device_printf(sc->sc_dev, "could not allocate Rx ring\n"); 295 goto fail2; 296 } 297 298 if ((error = rt2860_alloc_tx_pool(sc)) != 0) { 299 device_printf(sc->sc_dev, "could not allocate Tx pool\n"); 300 goto fail3; 301 } 302 303 /* mgmt ring is broken on RT2860C, use EDCA AC VO ring instead */ 304 sc->mgtqid = (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) ? 305 WME_AC_VO : 5; 306 307 ic->ic_softc = sc; 308 ic->ic_name = device_get_nameunit(dev); 309 ic->ic_opmode = IEEE80211_M_STA; 310 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 311 312 /* set device capabilities */ 313 ic->ic_caps = 314 IEEE80211_C_STA /* station mode */ 315 | IEEE80211_C_IBSS /* ibss, nee adhoc, mode */ 316 | IEEE80211_C_HOSTAP /* hostap mode */ 317 | IEEE80211_C_MONITOR /* monitor mode */ 318 | IEEE80211_C_AHDEMO /* adhoc demo mode */ 319 | IEEE80211_C_WDS /* 4-address traffic works */ 320 | IEEE80211_C_MBSS /* mesh point link mode */ 321 | IEEE80211_C_SHPREAMBLE /* short preamble supported */ 322 | IEEE80211_C_SHSLOT /* short slot time supported */ 323 | IEEE80211_C_WPA /* capable of WPA1+WPA2 */ 324#if 0 325 | IEEE80211_C_BGSCAN /* capable of bg scanning */ 326#endif 327 | IEEE80211_C_WME /* 802.11e */ 328 ; 329 330 rt2860_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 331 ic->ic_channels); 332 333 ieee80211_ifattach(ic); 334 335 ic->ic_wme.wme_update = rt2860_updateedca; 336 ic->ic_scan_start = rt2860_scan_start; 337 ic->ic_scan_end = rt2860_scan_end; 338 ic->ic_getradiocaps = rt2860_getradiocaps; 339 ic->ic_set_channel = rt2860_set_channel; 340 ic->ic_updateslot = rt2860_updateslot; 341 ic->ic_update_promisc = rt2860_update_promisc; 342 ic->ic_raw_xmit = rt2860_raw_xmit; 343 sc->sc_node_free = ic->ic_node_free; 344 ic->ic_node_free = rt2860_node_free; 345 ic->ic_newassoc = rt2860_newassoc; 346 ic->ic_transmit = rt2860_transmit; 347 ic->ic_parent = rt2860_parent; 348 ic->ic_vap_create = rt2860_vap_create; 349 ic->ic_vap_delete = rt2860_vap_delete; 350 351 ieee80211_radiotap_attach(ic, 352 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 353 RT2860_TX_RADIOTAP_PRESENT, 354 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 355 RT2860_RX_RADIOTAP_PRESENT); 356 357#ifdef RAL_DEBUG 358 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev), 359 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO, 360 "debug", CTLFLAG_RW, &sc->sc_debug, 0, "debug msgs"); 361#endif 362 if (bootverbose) 363 ieee80211_announce(ic); 364 365 return 0; 366 367fail3: rt2860_free_rx_ring(sc, &sc->rxq); 368fail2: while (--qid >= 0) 369 rt2860_free_tx_ring(sc, &sc->txq[qid]); 370fail1: mtx_destroy(&sc->sc_mtx); 371 return error; 372} 373 374int 375rt2860_detach(void *xsc) 376{ 377 struct rt2860_softc *sc = xsc; 378 struct ieee80211com *ic = &sc->sc_ic; 379 int qid; 380 381 RAL_LOCK(sc); 382 rt2860_stop_locked(sc); 383 RAL_UNLOCK(sc); 384 385 ieee80211_ifdetach(ic); 386 mbufq_drain(&sc->sc_snd); 387 for (qid = 0; qid < 6; qid++) 388 rt2860_free_tx_ring(sc, &sc->txq[qid]); 389 rt2860_free_rx_ring(sc, &sc->rxq); 390 rt2860_free_tx_pool(sc); 391 392 mtx_destroy(&sc->sc_mtx); 393 394 return 0; 395} 396 397void 398rt2860_shutdown(void *xsc) 399{ 400 struct rt2860_softc *sc = xsc; 401 402 rt2860_stop(sc); 403} 404 405void 406rt2860_suspend(void *xsc) 407{ 408 struct rt2860_softc *sc = xsc; 409 410 rt2860_stop(sc); 411} 412 413void 414rt2860_resume(void *xsc) 415{ 416 struct rt2860_softc *sc = xsc; 417 418 if (sc->sc_ic.ic_nrunning > 0) 419 rt2860_init(sc); 420} 421 422static struct ieee80211vap * 423rt2860_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 424 enum ieee80211_opmode opmode, int flags, 425 const uint8_t bssid[IEEE80211_ADDR_LEN], 426 const uint8_t mac[IEEE80211_ADDR_LEN]) 427{ 428 struct rt2860_softc *sc = ic->ic_softc; 429 struct rt2860_vap *rvp; 430 struct ieee80211vap *vap; 431 432 switch (opmode) { 433 case IEEE80211_M_STA: 434 case IEEE80211_M_IBSS: 435 case IEEE80211_M_AHDEMO: 436 case IEEE80211_M_MONITOR: 437 case IEEE80211_M_HOSTAP: 438 case IEEE80211_M_MBSS: 439 /* XXXRP: TBD */ 440 if (!TAILQ_EMPTY(&ic->ic_vaps)) { 441 device_printf(sc->sc_dev, "only 1 vap supported\n"); 442 return NULL; 443 } 444 if (opmode == IEEE80211_M_STA) 445 flags |= IEEE80211_CLONE_NOBEACONS; 446 break; 447 case IEEE80211_M_WDS: 448 if (TAILQ_EMPTY(&ic->ic_vaps) || 449 ic->ic_opmode != IEEE80211_M_HOSTAP) { 450 device_printf(sc->sc_dev, 451 "wds only supported in ap mode\n"); 452 return NULL; 453 } 454 /* 455 * Silently remove any request for a unique 456 * bssid; WDS vap's always share the local 457 * mac address. 458 */ 459 flags &= ~IEEE80211_CLONE_BSSID; 460 break; 461 default: 462 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 463 return NULL; 464 } 465 rvp = malloc(sizeof(struct rt2860_vap), M_80211_VAP, M_WAITOK | M_ZERO); 466 vap = &rvp->ral_vap; 467 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid); 468 469 /* override state transition machine */ 470 rvp->ral_newstate = vap->iv_newstate; 471 vap->iv_newstate = rt2860_newstate; 472#if 0 473 vap->iv_update_beacon = rt2860_beacon_update; 474#endif 475 476 /* HW supports up to 255 STAs (0-254) in HostAP and IBSS modes */ 477 vap->iv_max_aid = min(IEEE80211_AID_MAX, RT2860_WCID_MAX); 478 479 ieee80211_ratectl_init(vap); 480 /* complete setup */ 481 ieee80211_vap_attach(vap, ieee80211_media_change, 482 ieee80211_media_status, mac); 483 if (TAILQ_FIRST(&ic->ic_vaps) == vap) 484 ic->ic_opmode = opmode; 485 return vap; 486} 487 488static void 489rt2860_vap_delete(struct ieee80211vap *vap) 490{ 491 struct rt2860_vap *rvp = RT2860_VAP(vap); 492 493 ieee80211_ratectl_deinit(vap); 494 ieee80211_vap_detach(vap); 495 free(rvp, M_80211_VAP); 496} 497 498static void 499rt2860_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error) 500{ 501 if (error != 0) 502 return; 503 504 KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg)); 505 506 *(bus_addr_t *)arg = segs[0].ds_addr; 507} 508 509 510static int 511rt2860_alloc_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring) 512{ 513 int size, error; 514 515 size = RT2860_TX_RING_COUNT * sizeof (struct rt2860_txd); 516 517 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0, 518 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 519 size, 1, size, 0, NULL, NULL, &ring->desc_dmat); 520 if (error != 0) { 521 device_printf(sc->sc_dev, "could not create desc DMA tag\n"); 522 goto fail; 523 } 524 525 error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->txd, 526 BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map); 527 if (error != 0) { 528 device_printf(sc->sc_dev, "could not allocate DMA memory\n"); 529 goto fail; 530 } 531 532 error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->txd, 533 size, rt2860_dma_map_addr, &ring->paddr, 0); 534 if (error != 0) { 535 device_printf(sc->sc_dev, "could not load desc DMA map\n"); 536 goto fail; 537 } 538 539 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE); 540 541 return 0; 542 543fail: rt2860_free_tx_ring(sc, ring); 544 return error; 545} 546 547void 548rt2860_reset_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring) 549{ 550 struct rt2860_tx_data *data; 551 int i; 552 553 for (i = 0; i < RT2860_TX_RING_COUNT; i++) { 554 if ((data = ring->data[i]) == NULL) 555 continue; /* nothing mapped in this slot */ 556 557 if (data->m != NULL) { 558 bus_dmamap_sync(sc->txwi_dmat, data->map, 559 BUS_DMASYNC_POSTWRITE); 560 bus_dmamap_unload(sc->txwi_dmat, data->map); 561 m_freem(data->m); 562 data->m = NULL; 563 } 564 if (data->ni != NULL) { 565 ieee80211_free_node(data->ni); 566 data->ni = NULL; 567 } 568 569 SLIST_INSERT_HEAD(&sc->data_pool, data, next); 570 ring->data[i] = NULL; 571 } 572 573 ring->queued = 0; 574 ring->cur = ring->next = 0; 575} 576 577void 578rt2860_free_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring) 579{ 580 struct rt2860_tx_data *data; 581 int i; 582 583 if (ring->txd != NULL) { 584 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, 585 BUS_DMASYNC_POSTWRITE); 586 bus_dmamap_unload(ring->desc_dmat, ring->desc_map); 587 bus_dmamem_free(ring->desc_dmat, ring->txd, ring->desc_map); 588 } 589 if (ring->desc_dmat != NULL) 590 bus_dma_tag_destroy(ring->desc_dmat); 591 592 for (i = 0; i < RT2860_TX_RING_COUNT; i++) { 593 if ((data = ring->data[i]) == NULL) 594 continue; /* nothing mapped in this slot */ 595 596 if (data->m != NULL) { 597 bus_dmamap_sync(sc->txwi_dmat, data->map, 598 BUS_DMASYNC_POSTWRITE); 599 bus_dmamap_unload(sc->txwi_dmat, data->map); 600 m_freem(data->m); 601 } 602 if (data->ni != NULL) 603 ieee80211_free_node(data->ni); 604 605 SLIST_INSERT_HEAD(&sc->data_pool, data, next); 606 } 607} 608 609/* 610 * Allocate a pool of TX Wireless Information blocks. 611 */ 612int 613rt2860_alloc_tx_pool(struct rt2860_softc *sc) 614{ 615 caddr_t vaddr; 616 bus_addr_t paddr; 617 int i, size, error; 618 619 size = RT2860_TX_POOL_COUNT * RT2860_TXWI_DMASZ; 620 621 /* init data_pool early in case of failure.. */ 622 SLIST_INIT(&sc->data_pool); 623 624 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 625 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 626 size, 1, size, 0, NULL, NULL, &sc->txwi_dmat); 627 if (error != 0) { 628 device_printf(sc->sc_dev, "could not create txwi DMA tag\n"); 629 goto fail; 630 } 631 632 error = bus_dmamem_alloc(sc->txwi_dmat, (void **)&sc->txwi_vaddr, 633 BUS_DMA_NOWAIT | BUS_DMA_ZERO, &sc->txwi_map); 634 if (error != 0) { 635 device_printf(sc->sc_dev, "could not allocate DMA memory\n"); 636 goto fail; 637 } 638 639 error = bus_dmamap_load(sc->txwi_dmat, sc->txwi_map, 640 sc->txwi_vaddr, size, rt2860_dma_map_addr, &paddr, 0); 641 if (error != 0) { 642 device_printf(sc->sc_dev, "could not load txwi DMA map\n"); 643 goto fail; 644 } 645 646 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE); 647 648 vaddr = sc->txwi_vaddr; 649 for (i = 0; i < RT2860_TX_POOL_COUNT; i++) { 650 struct rt2860_tx_data *data = &sc->data[i]; 651 652 error = bus_dmamap_create(sc->txwi_dmat, 0, &data->map); 653 if (error != 0) { 654 device_printf(sc->sc_dev, "could not create DMA map\n"); 655 goto fail; 656 } 657 data->txwi = (struct rt2860_txwi *)vaddr; 658 data->paddr = paddr; 659 vaddr += RT2860_TXWI_DMASZ; 660 paddr += RT2860_TXWI_DMASZ; 661 662 SLIST_INSERT_HEAD(&sc->data_pool, data, next); 663 } 664 665 return 0; 666 667fail: rt2860_free_tx_pool(sc); 668 return error; 669} 670 671void 672rt2860_free_tx_pool(struct rt2860_softc *sc) 673{ 674 if (sc->txwi_vaddr != NULL) { 675 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, 676 BUS_DMASYNC_POSTWRITE); 677 bus_dmamap_unload(sc->txwi_dmat, sc->txwi_map); 678 bus_dmamem_free(sc->txwi_dmat, sc->txwi_vaddr, sc->txwi_map); 679 } 680 if (sc->txwi_dmat != NULL) 681 bus_dma_tag_destroy(sc->txwi_dmat); 682 683 while (!SLIST_EMPTY(&sc->data_pool)) { 684 struct rt2860_tx_data *data; 685 data = SLIST_FIRST(&sc->data_pool); 686 bus_dmamap_destroy(sc->txwi_dmat, data->map); 687 SLIST_REMOVE_HEAD(&sc->data_pool, next); 688 } 689} 690 691int 692rt2860_alloc_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring) 693{ 694 bus_addr_t physaddr; 695 int i, size, error; 696 697 size = RT2860_RX_RING_COUNT * sizeof (struct rt2860_rxd); 698 699 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0, 700 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, 701 size, 1, size, 0, NULL, NULL, &ring->desc_dmat); 702 if (error != 0) { 703 device_printf(sc->sc_dev, "could not create desc DMA tag\n"); 704 goto fail; 705 } 706 707 error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->rxd, 708 BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map); 709 if (error != 0) { 710 device_printf(sc->sc_dev, "could not allocate DMA memory\n"); 711 goto fail; 712 } 713 714 error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->rxd, 715 size, rt2860_dma_map_addr, &ring->paddr, 0); 716 if (error != 0) { 717 device_printf(sc->sc_dev, "could not load desc DMA map\n"); 718 goto fail; 719 } 720 721 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0, 722 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 723 1, MCLBYTES, 0, NULL, NULL, &ring->data_dmat); 724 if (error != 0) { 725 device_printf(sc->sc_dev, "could not create data DMA tag\n"); 726 goto fail; 727 } 728 729 for (i = 0; i < RT2860_RX_RING_COUNT; i++) { 730 struct rt2860_rx_data *data = &ring->data[i]; 731 struct rt2860_rxd *rxd = &ring->rxd[i]; 732 733 error = bus_dmamap_create(ring->data_dmat, 0, &data->map); 734 if (error != 0) { 735 device_printf(sc->sc_dev, "could not create DMA map\n"); 736 goto fail; 737 } 738 739 data->m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 740 if (data->m == NULL) { 741 device_printf(sc->sc_dev, 742 "could not allocate rx mbuf\n"); 743 error = ENOMEM; 744 goto fail; 745 } 746 747 error = bus_dmamap_load(ring->data_dmat, data->map, 748 mtod(data->m, void *), MCLBYTES, rt2860_dma_map_addr, 749 &physaddr, 0); 750 if (error != 0) { 751 device_printf(sc->sc_dev, 752 "could not load rx buf DMA map"); 753 goto fail; 754 } 755 756 rxd->sdp0 = htole32(physaddr); 757 rxd->sdl0 = htole16(MCLBYTES); 758 } 759 760 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE); 761 762 return 0; 763 764fail: rt2860_free_rx_ring(sc, ring); 765 return error; 766} 767 768void 769rt2860_reset_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring) 770{ 771 int i; 772 773 for (i = 0; i < RT2860_RX_RING_COUNT; i++) 774 ring->rxd[i].sdl0 &= ~htole16(RT2860_RX_DDONE); 775 776 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE); 777 778 ring->cur = 0; 779} 780 781void 782rt2860_free_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring) 783{ 784 int i; 785 786 if (ring->rxd != NULL) { 787 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, 788 BUS_DMASYNC_POSTWRITE); 789 bus_dmamap_unload(ring->desc_dmat, ring->desc_map); 790 bus_dmamem_free(ring->desc_dmat, ring->rxd, ring->desc_map); 791 } 792 if (ring->desc_dmat != NULL) 793 bus_dma_tag_destroy(ring->desc_dmat); 794 795 for (i = 0; i < RT2860_RX_RING_COUNT; i++) { 796 struct rt2860_rx_data *data = &ring->data[i]; 797 798 if (data->m != NULL) { 799 bus_dmamap_sync(ring->data_dmat, data->map, 800 BUS_DMASYNC_POSTREAD); 801 bus_dmamap_unload(ring->data_dmat, data->map); 802 m_freem(data->m); 803 } 804 if (data->map != NULL) 805 bus_dmamap_destroy(ring->data_dmat, data->map); 806 } 807 if (ring->data_dmat != NULL) 808 bus_dma_tag_destroy(ring->data_dmat); 809} 810 811static void 812rt2860_updatestats(struct rt2860_softc *sc) 813{ 814 struct ieee80211com *ic = &sc->sc_ic; 815 816 /* 817 * In IBSS or HostAP modes (when the hardware sends beacons), the 818 * MAC can run into a livelock and start sending CTS-to-self frames 819 * like crazy if protection is enabled. Fortunately, we can detect 820 * when such a situation occurs and reset the MAC. 821 */ 822 if (ic->ic_curmode != IEEE80211_M_STA) { 823 /* check if we're in a livelock situation.. */ 824 uint32_t tmp = RAL_READ(sc, RT2860_DEBUG); 825 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 826 /* ..and reset MAC/BBP for a while.. */ 827 DPRINTF(("CTS-to-self livelock detected\n")); 828 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 829 RAL_BARRIER_WRITE(sc); 830 DELAY(1); 831 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 832 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 833 } 834 } 835} 836 837static void 838rt2860_newassoc(struct ieee80211_node *ni, int isnew) 839{ 840 struct ieee80211com *ic = ni->ni_ic; 841 struct rt2860_softc *sc = ic->ic_softc; 842 uint8_t wcid; 843 844 wcid = IEEE80211_AID(ni->ni_associd); 845 if (isnew && ni->ni_associd != 0) { 846 sc->wcid2ni[wcid] = ni; 847 848 /* init WCID table entry */ 849 RAL_WRITE_REGION_1(sc, RT2860_WCID_ENTRY(wcid), 850 ni->ni_macaddr, IEEE80211_ADDR_LEN); 851 } 852 DPRINTF(("new assoc isnew=%d addr=%s WCID=%d\n", 853 isnew, ether_sprintf(ni->ni_macaddr), wcid)); 854} 855 856static void 857rt2860_node_free(struct ieee80211_node *ni) 858{ 859 struct ieee80211com *ic = ni->ni_ic; 860 struct rt2860_softc *sc = ic->ic_softc; 861 uint8_t wcid; 862 863 if (ni->ni_associd != 0) { 864 wcid = IEEE80211_AID(ni->ni_associd); 865 866 /* clear Rx WCID search table entry */ 867 RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(wcid), 0, 2); 868 } 869 sc->sc_node_free(ni); 870} 871 872#ifdef IEEE80211_HT 873static int 874rt2860_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni, 875 uint8_t tid) 876{ 877 struct rt2860_softc *sc = ic->ic_softc; 878 uint8_t wcid = ((struct rt2860_node *)ni)->wcid; 879 uint32_t tmp; 880 881 /* update BA session mask */ 882 tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4); 883 tmp |= (1 << tid) << 16; 884 RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp); 885 return 0; 886} 887 888static void 889rt2860_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni, 890 uint8_t tid) 891{ 892 struct rt2860_softc *sc = ic->ic_softc; 893 uint8_t wcid = ((struct rt2860_node *)ni)->wcid; 894 uint32_t tmp; 895 896 /* update BA session mask */ 897 tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4); 898 tmp &= ~((1 << tid) << 16); 899 RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp); 900} 901#endif 902 903static int 904rt2860_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 905{ 906 struct rt2860_vap *rvp = RT2860_VAP(vap); 907 struct ieee80211com *ic = vap->iv_ic; 908 struct rt2860_softc *sc = ic->ic_softc; 909 uint32_t tmp; 910 int error; 911 912 if (vap->iv_state == IEEE80211_S_RUN) { 913 /* turn link LED off */ 914 rt2860_set_leds(sc, RT2860_LED_RADIO); 915 } 916 917 if (nstate == IEEE80211_S_INIT && vap->iv_state == IEEE80211_S_RUN) { 918 /* abort TSF synchronization */ 919 tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG); 920 RAL_WRITE(sc, RT2860_BCN_TIME_CFG, 921 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 922 RT2860_TBTT_TIMER_EN)); 923 } 924 925 rt2860_set_gp_timer(sc, 0); 926 927 error = rvp->ral_newstate(vap, nstate, arg); 928 if (error != 0) 929 return (error); 930 931 if (nstate == IEEE80211_S_RUN) { 932 struct ieee80211_node *ni = vap->iv_bss; 933 934 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 935 rt2860_enable_mrr(sc); 936 rt2860_set_txpreamble(sc); 937 rt2860_set_basicrates(sc, &ni->ni_rates); 938 rt2860_set_bssid(sc, ni->ni_bssid); 939 } 940 941 if (vap->iv_opmode == IEEE80211_M_HOSTAP || 942 vap->iv_opmode == IEEE80211_M_IBSS || 943 vap->iv_opmode == IEEE80211_M_MBSS) { 944 error = rt2860_setup_beacon(sc, vap); 945 if (error != 0) 946 return error; 947 } 948 949 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 950 rt2860_enable_tsf_sync(sc); 951 rt2860_set_gp_timer(sc, 500); 952 } 953 954 /* turn link LED on */ 955 rt2860_set_leds(sc, RT2860_LED_RADIO | 956 (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan) ? 957 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 958 } 959 return error; 960} 961 962/* Read 16-bit from eFUSE ROM (>=RT3071 only.) */ 963static uint16_t 964rt3090_efuse_read_2(struct rt2860_softc *sc, uint16_t addr) 965{ 966 uint32_t tmp; 967 uint16_t reg; 968 int ntries; 969 970 addr *= 2; 971 /*- 972 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 973 * DATA0: F E D C 974 * DATA1: B A 9 8 975 * DATA2: 7 6 5 4 976 * DATA3: 3 2 1 0 977 */ 978 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL); 979 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 980 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 981 RAL_WRITE(sc, RT3070_EFUSE_CTRL, tmp); 982 for (ntries = 0; ntries < 500; ntries++) { 983 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL); 984 if (!(tmp & RT3070_EFSROM_KICK)) 985 break; 986 DELAY(2); 987 } 988 if (ntries == 500) 989 return 0xffff; 990 991 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) 992 return 0xffff; /* address not found */ 993 994 /* determine to which 32-bit register our 16-bit word belongs */ 995 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 996 tmp = RAL_READ(sc, reg); 997 998 return (addr & 2) ? tmp >> 16 : tmp & 0xffff; 999} 1000 1001/* 1002 * Read 16 bits at address 'addr' from the serial EEPROM (either 93C46, 1003 * 93C66 or 93C86). 1004 */ 1005static uint16_t 1006rt2860_eeprom_read_2(struct rt2860_softc *sc, uint16_t addr) 1007{ 1008 uint32_t tmp; 1009 uint16_t val; 1010 int n; 1011 1012 /* clock C once before the first command */ 1013 RT2860_EEPROM_CTL(sc, 0); 1014 1015 RT2860_EEPROM_CTL(sc, RT2860_S); 1016 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C); 1017 RT2860_EEPROM_CTL(sc, RT2860_S); 1018 1019 /* write start bit (1) */ 1020 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D); 1021 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C); 1022 1023 /* write READ opcode (10) */ 1024 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D); 1025 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C); 1026 RT2860_EEPROM_CTL(sc, RT2860_S); 1027 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C); 1028 1029 /* write address (A5-A0 or A7-A0) */ 1030 n = ((RAL_READ(sc, RT2860_PCI_EECTRL) & 0x30) == 0) ? 5 : 7; 1031 for (; n >= 0; n--) { 1032 RT2860_EEPROM_CTL(sc, RT2860_S | 1033 (((addr >> n) & 1) << RT2860_SHIFT_D)); 1034 RT2860_EEPROM_CTL(sc, RT2860_S | 1035 (((addr >> n) & 1) << RT2860_SHIFT_D) | RT2860_C); 1036 } 1037 1038 RT2860_EEPROM_CTL(sc, RT2860_S); 1039 1040 /* read data Q15-Q0 */ 1041 val = 0; 1042 for (n = 15; n >= 0; n--) { 1043 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C); 1044 tmp = RAL_READ(sc, RT2860_PCI_EECTRL); 1045 val |= ((tmp & RT2860_Q) >> RT2860_SHIFT_Q) << n; 1046 RT2860_EEPROM_CTL(sc, RT2860_S); 1047 } 1048 1049 RT2860_EEPROM_CTL(sc, 0); 1050 1051 /* clear Chip Select and clock C */ 1052 RT2860_EEPROM_CTL(sc, RT2860_S); 1053 RT2860_EEPROM_CTL(sc, 0); 1054 RT2860_EEPROM_CTL(sc, RT2860_C); 1055 1056 return val; 1057} 1058 1059static __inline uint16_t 1060rt2860_srom_read(struct rt2860_softc *sc, uint8_t addr) 1061{ 1062 /* either eFUSE ROM or EEPROM */ 1063 return sc->sc_srom_read(sc, addr); 1064} 1065 1066static void 1067rt2860_intr_coherent(struct rt2860_softc *sc) 1068{ 1069 uint32_t tmp; 1070 1071 /* DMA finds data coherent event when checking the DDONE bit */ 1072 1073 DPRINTF(("Tx/Rx Coherent interrupt\n")); 1074 1075 /* restart DMA engine */ 1076 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG); 1077 tmp &= ~(RT2860_TX_WB_DDONE | RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 1078 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp); 1079 1080 (void)rt2860_txrx_enable(sc); 1081} 1082 1083static void 1084rt2860_drain_stats_fifo(struct rt2860_softc *sc) 1085{ 1086 struct ieee80211_node *ni; 1087 uint32_t stat; 1088 int retrycnt; 1089 uint8_t wcid, mcs, pid; 1090 1091 /* drain Tx status FIFO (maxsize = 16) */ 1092 while ((stat = RAL_READ(sc, RT2860_TX_STAT_FIFO)) & RT2860_TXQ_VLD) { 1093 DPRINTFN(4, ("tx stat 0x%08x\n", stat)); 1094 1095 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 1096 ni = sc->wcid2ni[wcid]; 1097 1098 /* if no ACK was requested, no feedback is available */ 1099 if (!(stat & RT2860_TXQ_ACKREQ) || wcid == 0xff || ni == NULL) 1100 continue; 1101 1102 /* update per-STA AMRR stats */ 1103 if (stat & RT2860_TXQ_OK) { 1104 /* 1105 * Check if there were retries, ie if the Tx success 1106 * rate is different from the requested rate. Note 1107 * that it works only because we do not allow rate 1108 * fallback from OFDM to CCK. 1109 */ 1110 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 1111 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 1112 if (mcs + 1 != pid) 1113 retrycnt = 1; 1114 else 1115 retrycnt = 0; 1116 ieee80211_ratectl_tx_complete(ni->ni_vap, ni, 1117 IEEE80211_RATECTL_TX_SUCCESS, &retrycnt, NULL); 1118 } else { 1119 ieee80211_ratectl_tx_complete(ni->ni_vap, ni, 1120 IEEE80211_RATECTL_TX_FAILURE, &retrycnt, NULL); 1121 if_inc_counter(ni->ni_vap->iv_ifp, 1122 IFCOUNTER_OERRORS, 1); 1123 } 1124 } 1125} 1126 1127static void 1128rt2860_tx_intr(struct rt2860_softc *sc, int qid) 1129{ 1130 struct rt2860_tx_ring *ring = &sc->txq[qid]; 1131 uint32_t hw; 1132 1133 rt2860_drain_stats_fifo(sc); 1134 1135 hw = RAL_READ(sc, RT2860_TX_DTX_IDX(qid)); 1136 while (ring->next != hw) { 1137 struct rt2860_tx_data *data = ring->data[ring->next]; 1138 1139 if (data != NULL) { 1140 bus_dmamap_sync(sc->txwi_dmat, data->map, 1141 BUS_DMASYNC_POSTWRITE); 1142 bus_dmamap_unload(sc->txwi_dmat, data->map); 1143 if (data->m->m_flags & M_TXCB) { 1144 ieee80211_process_callback(data->ni, data->m, 1145 0); 1146 } 1147 ieee80211_tx_complete(data->ni, data->m, 0); 1148 data->ni = NULL; 1149 data->m = NULL; 1150 SLIST_INSERT_HEAD(&sc->data_pool, data, next); 1151 ring->data[ring->next] = NULL; 1152 } 1153 ring->queued--; 1154 ring->next = (ring->next + 1) % RT2860_TX_RING_COUNT; 1155 } 1156 1157 sc->sc_tx_timer = 0; 1158 if (ring->queued < RT2860_TX_RING_COUNT) 1159 sc->qfullmsk &= ~(1 << qid); 1160 rt2860_start(sc); 1161} 1162 1163/* 1164 * Return the Rx chain with the highest RSSI for a given frame. 1165 */ 1166static __inline uint8_t 1167rt2860_maxrssi_chain(struct rt2860_softc *sc, const struct rt2860_rxwi *rxwi) 1168{ 1169 uint8_t rxchain = 0; 1170 1171 if (sc->nrxchains > 1) { 1172 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 1173 rxchain = 1; 1174 if (sc->nrxchains > 2) 1175 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 1176 rxchain = 2; 1177 } 1178 return rxchain; 1179} 1180 1181static void 1182rt2860_rx_intr(struct rt2860_softc *sc) 1183{ 1184 struct rt2860_rx_radiotap_header *tap; 1185 struct ieee80211com *ic = &sc->sc_ic; 1186 struct ieee80211_frame *wh; 1187 struct ieee80211_node *ni; 1188 struct mbuf *m, *m1; 1189 bus_addr_t physaddr; 1190 uint32_t hw; 1191 uint16_t phy; 1192 uint8_t ant; 1193 int8_t rssi, nf; 1194 int error; 1195 1196 hw = RAL_READ(sc, RT2860_FS_DRX_IDX) & 0xfff; 1197 while (sc->rxq.cur != hw) { 1198 struct rt2860_rx_data *data = &sc->rxq.data[sc->rxq.cur]; 1199 struct rt2860_rxd *rxd = &sc->rxq.rxd[sc->rxq.cur]; 1200 struct rt2860_rxwi *rxwi; 1201 1202 bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map, 1203 BUS_DMASYNC_POSTREAD); 1204 1205 if (__predict_false(!(rxd->sdl0 & htole16(RT2860_RX_DDONE)))) { 1206 DPRINTF(("RXD DDONE bit not set!\n")); 1207 break; /* should not happen */ 1208 } 1209 1210 if (__predict_false(rxd->flags & 1211 htole32(RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 1212 counter_u64_add(ic->ic_ierrors, 1); 1213 goto skip; 1214 } 1215 1216#ifdef HW_CRYPTO 1217 if (__predict_false(rxd->flags & htole32(RT2860_RX_MICERR))) { 1218 /* report MIC failures to net80211 for TKIP */ 1219 ic->ic_stats.is_rx_locmicfail++; 1220 ieee80211_michael_mic_failure(ic, 0/* XXX */); 1221 counter_u64_add(ic->ic_ierrors, 1); 1222 goto skip; 1223 } 1224#endif 1225 1226 m1 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 1227 if (__predict_false(m1 == NULL)) { 1228 counter_u64_add(ic->ic_ierrors, 1); 1229 goto skip; 1230 } 1231 1232 bus_dmamap_sync(sc->rxq.data_dmat, data->map, 1233 BUS_DMASYNC_POSTREAD); 1234 bus_dmamap_unload(sc->rxq.data_dmat, data->map); 1235 1236 error = bus_dmamap_load(sc->rxq.data_dmat, data->map, 1237 mtod(m1, void *), MCLBYTES, rt2860_dma_map_addr, 1238 &physaddr, 0); 1239 if (__predict_false(error != 0)) { 1240 m_freem(m1); 1241 1242 /* try to reload the old mbuf */ 1243 error = bus_dmamap_load(sc->rxq.data_dmat, data->map, 1244 mtod(data->m, void *), MCLBYTES, 1245 rt2860_dma_map_addr, &physaddr, 0); 1246 if (__predict_false(error != 0)) { 1247 panic("%s: could not load old rx mbuf", 1248 device_get_name(sc->sc_dev)); 1249 } 1250 /* physical address may have changed */ 1251 rxd->sdp0 = htole32(physaddr); 1252 counter_u64_add(ic->ic_ierrors, 1); 1253 goto skip; 1254 } 1255 1256 /* 1257 * New mbuf successfully loaded, update Rx ring and continue 1258 * processing. 1259 */ 1260 m = data->m; 1261 data->m = m1; 1262 rxd->sdp0 = htole32(physaddr); 1263 1264 rxwi = mtod(m, struct rt2860_rxwi *); 1265 1266 /* finalize mbuf */ 1267 m->m_data = (caddr_t)(rxwi + 1); 1268 m->m_pkthdr.len = m->m_len = le16toh(rxwi->len) & 0xfff; 1269 1270 wh = mtod(m, struct ieee80211_frame *); 1271#ifdef HW_CRYPTO 1272 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1273 /* frame is decrypted by hardware */ 1274 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 1275 } 1276#endif 1277 1278 /* HW may insert 2 padding bytes after 802.11 header */ 1279 if (rxd->flags & htole32(RT2860_RX_L2PAD)) { 1280 u_int hdrlen = ieee80211_hdrsize(wh); 1281 ovbcopy(wh, (caddr_t)wh + 2, hdrlen); 1282 m->m_data += 2; 1283 wh = mtod(m, struct ieee80211_frame *); 1284 } 1285 1286 ant = rt2860_maxrssi_chain(sc, rxwi); 1287 rssi = rt2860_rssi2dbm(sc, rxwi->rssi[ant], ant); 1288 nf = RT2860_NOISE_FLOOR; 1289 1290 if (ieee80211_radiotap_active(ic)) { 1291 tap = &sc->sc_rxtap; 1292 tap->wr_flags = 0; 1293 tap->wr_antenna = ant; 1294 tap->wr_antsignal = nf + rssi; 1295 tap->wr_antnoise = nf; 1296 /* in case it can't be found below */ 1297 tap->wr_rate = 2; 1298 phy = le16toh(rxwi->phy); 1299 switch (phy & RT2860_PHY_MODE) { 1300 case RT2860_PHY_CCK: 1301 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 1302 case 0: tap->wr_rate = 2; break; 1303 case 1: tap->wr_rate = 4; break; 1304 case 2: tap->wr_rate = 11; break; 1305 case 3: tap->wr_rate = 22; break; 1306 } 1307 if (phy & RT2860_PHY_SHPRE) 1308 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1309 break; 1310 case RT2860_PHY_OFDM: 1311 switch (phy & RT2860_PHY_MCS) { 1312 case 0: tap->wr_rate = 12; break; 1313 case 1: tap->wr_rate = 18; break; 1314 case 2: tap->wr_rate = 24; break; 1315 case 3: tap->wr_rate = 36; break; 1316 case 4: tap->wr_rate = 48; break; 1317 case 5: tap->wr_rate = 72; break; 1318 case 6: tap->wr_rate = 96; break; 1319 case 7: tap->wr_rate = 108; break; 1320 } 1321 break; 1322 } 1323 } 1324 1325 RAL_UNLOCK(sc); 1326 wh = mtod(m, struct ieee80211_frame *); 1327 1328 /* send the frame to the 802.11 layer */ 1329 ni = ieee80211_find_rxnode(ic, 1330 (struct ieee80211_frame_min *)wh); 1331 if (ni != NULL) { 1332 (void)ieee80211_input(ni, m, rssi - nf, nf); 1333 ieee80211_free_node(ni); 1334 } else 1335 (void)ieee80211_input_all(ic, m, rssi - nf, nf); 1336 1337 RAL_LOCK(sc); 1338 1339skip: rxd->sdl0 &= ~htole16(RT2860_RX_DDONE); 1340 1341 bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map, 1342 BUS_DMASYNC_PREWRITE); 1343 1344 sc->rxq.cur = (sc->rxq.cur + 1) % RT2860_RX_RING_COUNT; 1345 } 1346 1347 /* tell HW what we have processed */ 1348 RAL_WRITE(sc, RT2860_RX_CALC_IDX, 1349 (sc->rxq.cur - 1) % RT2860_RX_RING_COUNT); 1350} 1351 1352static void 1353rt2860_tbtt_intr(struct rt2860_softc *sc) 1354{ 1355#if 0 1356 struct ieee80211com *ic = &sc->sc_ic; 1357 1358#ifndef IEEE80211_STA_ONLY 1359 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 1360 /* one less beacon until next DTIM */ 1361 if (ic->ic_dtim_count == 0) 1362 ic->ic_dtim_count = ic->ic_dtim_period - 1; 1363 else 1364 ic->ic_dtim_count--; 1365 1366 /* update dynamic parts of beacon */ 1367 rt2860_setup_beacon(sc); 1368 1369 /* flush buffered multicast frames */ 1370 if (ic->ic_dtim_count == 0) 1371 ieee80211_notify_dtim(ic); 1372 } 1373#endif 1374 /* check if protection mode has changed */ 1375 if ((sc->sc_ic_flags ^ ic->ic_flags) & IEEE80211_F_USEPROT) { 1376 rt2860_updateprot(sc); 1377 sc->sc_ic_flags = ic->ic_flags; 1378 } 1379#endif 1380} 1381 1382static void 1383rt2860_gp_intr(struct rt2860_softc *sc) 1384{ 1385 struct ieee80211com *ic = &sc->sc_ic; 1386 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 1387 1388 DPRINTFN(2, ("GP timeout state=%d\n", vap->iv_state)); 1389 1390 if (vap->iv_state == IEEE80211_S_RUN) 1391 rt2860_updatestats(sc); 1392} 1393 1394void 1395rt2860_intr(void *arg) 1396{ 1397 struct rt2860_softc *sc = arg; 1398 uint32_t r; 1399 1400 RAL_LOCK(sc); 1401 1402 r = RAL_READ(sc, RT2860_INT_STATUS); 1403 if (__predict_false(r == 0xffffffff)) { 1404 RAL_UNLOCK(sc); 1405 return; /* device likely went away */ 1406 } 1407 if (r == 0) { 1408 RAL_UNLOCK(sc); 1409 return; /* not for us */ 1410 } 1411 1412 /* acknowledge interrupts */ 1413 RAL_WRITE(sc, RT2860_INT_STATUS, r); 1414 1415 if (r & RT2860_TX_RX_COHERENT) 1416 rt2860_intr_coherent(sc); 1417 1418 if (r & RT2860_MAC_INT_2) /* TX status */ 1419 rt2860_drain_stats_fifo(sc); 1420 1421 if (r & RT2860_TX_DONE_INT5) 1422 rt2860_tx_intr(sc, 5); 1423 1424 if (r & RT2860_RX_DONE_INT) 1425 rt2860_rx_intr(sc); 1426 1427 if (r & RT2860_TX_DONE_INT4) 1428 rt2860_tx_intr(sc, 4); 1429 1430 if (r & RT2860_TX_DONE_INT3) 1431 rt2860_tx_intr(sc, 3); 1432 1433 if (r & RT2860_TX_DONE_INT2) 1434 rt2860_tx_intr(sc, 2); 1435 1436 if (r & RT2860_TX_DONE_INT1) 1437 rt2860_tx_intr(sc, 1); 1438 1439 if (r & RT2860_TX_DONE_INT0) 1440 rt2860_tx_intr(sc, 0); 1441 1442 if (r & RT2860_MAC_INT_0) /* TBTT */ 1443 rt2860_tbtt_intr(sc); 1444 1445 if (r & RT2860_MAC_INT_3) /* Auto wakeup */ 1446 /* TBD wakeup */; 1447 1448 if (r & RT2860_MAC_INT_4) /* GP timer */ 1449 rt2860_gp_intr(sc); 1450 1451 RAL_UNLOCK(sc); 1452} 1453 1454static int 1455rt2860_tx(struct rt2860_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 1456{ 1457 struct ieee80211com *ic = &sc->sc_ic; 1458 struct ieee80211vap *vap = ni->ni_vap; 1459 struct rt2860_tx_ring *ring; 1460 struct rt2860_tx_data *data; 1461 struct rt2860_txd *txd; 1462 struct rt2860_txwi *txwi; 1463 struct ieee80211_frame *wh; 1464 const struct ieee80211_txparam *tp; 1465 struct ieee80211_key *k; 1466 struct mbuf *m1; 1467 bus_dma_segment_t segs[RT2860_MAX_SCATTER]; 1468 bus_dma_segment_t *seg; 1469 u_int hdrlen; 1470 uint16_t qos, dur; 1471 uint8_t type, qsel, mcs, pid, tid, qid; 1472 int i, nsegs, ntxds, pad, rate, ridx, error; 1473 1474 /* the data pool contains at least one element, pick the first */ 1475 data = SLIST_FIRST(&sc->data_pool); 1476 1477 wh = mtod(m, struct ieee80211_frame *); 1478 1479 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1480 k = ieee80211_crypto_encap(ni, m); 1481 if (k == NULL) { 1482 m_freem(m); 1483 return ENOBUFS; 1484 } 1485 1486 /* packet header may have moved, reset our local pointer */ 1487 wh = mtod(m, struct ieee80211_frame *); 1488 } 1489 1490 hdrlen = ieee80211_anyhdrsize(wh); 1491 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1492 1493 tp = &vap->iv_txparms[ieee80211_chan2mode(ni->ni_chan)]; 1494 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1495 rate = tp->mcastrate; 1496 } else if (m->m_flags & M_EAPOL) { 1497 rate = tp->mgmtrate; 1498 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1499 rate = tp->ucastrate; 1500 } else { 1501 (void) ieee80211_ratectl_rate(ni, NULL, 0); 1502 rate = ni->ni_txrate; 1503 } 1504 rate &= IEEE80211_RATE_VAL; 1505 1506 qid = M_WME_GETAC(m); 1507 if (IEEE80211_QOS_HAS_SEQ(wh)) { 1508 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0]; 1509 tid = qos & IEEE80211_QOS_TID; 1510 } else { 1511 qos = 0; 1512 tid = 0; 1513 } 1514 ring = &sc->txq[qid]; 1515 ridx = ieee80211_legacy_rate_lookup(ic->ic_rt, rate); 1516 1517 /* get MCS code from rate index */ 1518 mcs = rt2860_rates[ridx].mcs; 1519 1520 /* setup TX Wireless Information */ 1521 txwi = data->txwi; 1522 txwi->flags = 0; 1523 /* let HW generate seq numbers for non-QoS frames */ 1524 txwi->xflags = qos ? 0 : RT2860_TX_NSEQ; 1525 if (type == IEEE80211_FC0_TYPE_DATA) 1526 txwi->wcid = IEEE80211_AID(ni->ni_associd); 1527 else 1528 txwi->wcid = 0xff; 1529 txwi->len = htole16(m->m_pkthdr.len); 1530 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 1531 txwi->phy = htole16(RT2860_PHY_CCK); 1532 if (ridx != RT2860_RIDX_CCK1 && 1533 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 1534 mcs |= RT2860_PHY_SHPRE; 1535 } else 1536 txwi->phy = htole16(RT2860_PHY_OFDM); 1537 txwi->phy |= htole16(mcs); 1538 1539 /* 1540 * We store the MCS code into the driver-private PacketID field. 1541 * The PacketID is latched into TX_STAT_FIFO when Tx completes so 1542 * that we know at which initial rate the frame was transmitted. 1543 * We add 1 to the MCS code because setting the PacketID field to 1544 * 0 means that we don't want feedback in TX_STAT_FIFO. 1545 */ 1546 pid = (mcs + 1) & 0xf; 1547 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 1548 1549 /* check if RTS/CTS or CTS-to-self protection is required */ 1550 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 1551 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 1552 ((ic->ic_flags & IEEE80211_F_USEPROT) && 1553 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 1554 txwi->txop = RT2860_TX_TXOP_HT; 1555 else 1556 txwi->txop = RT2860_TX_TXOP_BACKOFF; 1557 1558 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 1559 (!qos || (qos & IEEE80211_QOS_ACKPOLICY) != 1560 IEEE80211_QOS_ACKPOLICY_NOACK)) { 1561 txwi->xflags |= RT2860_TX_ACK; 1562 1563 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1564 dur = rt2860_rates[ridx].sp_ack_dur; 1565 else 1566 dur = rt2860_rates[ridx].lp_ack_dur; 1567 *(uint16_t *)wh->i_dur = htole16(dur); 1568 } 1569 /* ask MAC to insert timestamp into probe responses */ 1570 if ((wh->i_fc[0] & 1571 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 1572 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 1573 /* NOTE: beacons do not pass through tx_data() */ 1574 txwi->flags |= RT2860_TX_TS; 1575 1576 if (ieee80211_radiotap_active_vap(vap)) { 1577 struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap; 1578 1579 tap->wt_flags = 0; 1580 tap->wt_rate = rate; 1581 if (mcs & RT2860_PHY_SHPRE) 1582 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1583 1584 ieee80211_radiotap_tx(vap, m); 1585 } 1586 1587 pad = (hdrlen + 3) & ~3; 1588 1589 /* copy and trim 802.11 header */ 1590 memcpy(txwi + 1, wh, hdrlen); 1591 m_adj(m, hdrlen); 1592 1593 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs, 1594 &nsegs, 0); 1595 if (__predict_false(error != 0 && error != EFBIG)) { 1596 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 1597 error); 1598 m_freem(m); 1599 return error; 1600 } 1601 if (__predict_true(error == 0)) { 1602 /* determine how many TXDs are required */ 1603 ntxds = 1 + (nsegs / 2); 1604 1605 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) { 1606 /* not enough free TXDs, force mbuf defrag */ 1607 bus_dmamap_unload(sc->txwi_dmat, data->map); 1608 error = EFBIG; 1609 } 1610 } 1611 if (__predict_false(error != 0)) { 1612 m1 = m_defrag(m, M_NOWAIT); 1613 if (m1 == NULL) { 1614 device_printf(sc->sc_dev, 1615 "could not defragment mbuf\n"); 1616 m_freem(m); 1617 return ENOBUFS; 1618 } 1619 m = m1; 1620 1621 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, 1622 segs, &nsegs, 0); 1623 if (__predict_false(error != 0)) { 1624 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 1625 error); 1626 m_freem(m); 1627 return error; 1628 } 1629 1630 /* determine how many TXDs are now required */ 1631 ntxds = 1 + (nsegs / 2); 1632 1633 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) { 1634 /* this is a hopeless case, drop the mbuf! */ 1635 bus_dmamap_unload(sc->txwi_dmat, data->map); 1636 m_freem(m); 1637 return ENOBUFS; 1638 } 1639 } 1640 1641 qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT; 1642 1643 /* first segment is TXWI + 802.11 header */ 1644 txd = &ring->txd[ring->cur]; 1645 txd->sdp0 = htole32(data->paddr); 1646 txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad); 1647 txd->flags = qsel; 1648 1649 /* setup payload segments */ 1650 seg = &segs[0]; 1651 for (i = nsegs; i >= 2; i -= 2) { 1652 txd->sdp1 = htole32(seg->ds_addr); 1653 txd->sdl1 = htole16(seg->ds_len); 1654 seg++; 1655 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT; 1656 /* grab a new Tx descriptor */ 1657 txd = &ring->txd[ring->cur]; 1658 txd->sdp0 = htole32(seg->ds_addr); 1659 txd->sdl0 = htole16(seg->ds_len); 1660 txd->flags = qsel; 1661 seg++; 1662 } 1663 /* finalize last segment */ 1664 if (i > 0) { 1665 txd->sdp1 = htole32(seg->ds_addr); 1666 txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1); 1667 } else { 1668 txd->sdl0 |= htole16(RT2860_TX_LS0); 1669 txd->sdl1 = 0; 1670 } 1671 1672 /* remove from the free pool and link it into the SW Tx slot */ 1673 SLIST_REMOVE_HEAD(&sc->data_pool, next); 1674 data->m = m; 1675 data->ni = ni; 1676 ring->data[ring->cur] = data; 1677 1678 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE); 1679 bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE); 1680 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE); 1681 1682 DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n", 1683 qid, txwi->wcid, nsegs, ridx)); 1684 1685 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT; 1686 ring->queued += ntxds; 1687 if (ring->queued >= RT2860_TX_RING_COUNT) 1688 sc->qfullmsk |= 1 << qid; 1689 1690 /* kick Tx */ 1691 RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur); 1692 1693 return 0; 1694} 1695 1696static int 1697rt2860_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 1698 const struct ieee80211_bpf_params *params) 1699{ 1700 struct ieee80211com *ic = ni->ni_ic; 1701 struct rt2860_softc *sc = ic->ic_softc; 1702 int error; 1703 1704 RAL_LOCK(sc); 1705 1706 /* prevent management frames from being sent if we're not ready */ 1707 if (!(sc->sc_flags & RT2860_RUNNING)) { 1708 RAL_UNLOCK(sc); 1709 m_freem(m); 1710 return ENETDOWN; 1711 } 1712 if (params == NULL) { 1713 /* 1714 * Legacy path; interpret frame contents to decide 1715 * precisely how to send the frame. 1716 */ 1717 error = rt2860_tx(sc, m, ni); 1718 } else { 1719 /* 1720 * Caller supplied explicit parameters to use in 1721 * sending the frame. 1722 */ 1723 error = rt2860_tx_raw(sc, m, ni, params); 1724 } 1725 sc->sc_tx_timer = 5; 1726 RAL_UNLOCK(sc); 1727 return error; 1728} 1729 1730static int 1731rt2860_tx_raw(struct rt2860_softc *sc, struct mbuf *m, 1732 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) 1733{ 1734 struct ieee80211com *ic = &sc->sc_ic; 1735 struct ieee80211vap *vap = ni->ni_vap; 1736 struct rt2860_tx_ring *ring; 1737 struct rt2860_tx_data *data; 1738 struct rt2860_txd *txd; 1739 struct rt2860_txwi *txwi; 1740 struct ieee80211_frame *wh; 1741 struct mbuf *m1; 1742 bus_dma_segment_t segs[RT2860_MAX_SCATTER]; 1743 bus_dma_segment_t *seg; 1744 u_int hdrlen; 1745 uint16_t dur; 1746 uint8_t type, qsel, mcs, pid, tid, qid; 1747 int i, nsegs, ntxds, pad, rate, ridx, error; 1748 1749 /* the data pool contains at least one element, pick the first */ 1750 data = SLIST_FIRST(&sc->data_pool); 1751 1752 wh = mtod(m, struct ieee80211_frame *); 1753 hdrlen = ieee80211_hdrsize(wh); 1754 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1755 1756 /* Choose a TX rate index. */ 1757 rate = params->ibp_rate0; 1758 ridx = ieee80211_legacy_rate_lookup(ic->ic_rt, 1759 rate & IEEE80211_RATE_VAL); 1760 if (ridx == (uint8_t)-1) { 1761 /* XXX fall back to mcast/mgmt rate? */ 1762 m_freem(m); 1763 return EINVAL; 1764 } 1765 1766 qid = params->ibp_pri & 3; 1767 tid = 0; 1768 ring = &sc->txq[qid]; 1769 1770 /* get MCS code from rate index */ 1771 mcs = rt2860_rates[ridx].mcs; 1772 1773 /* setup TX Wireless Information */ 1774 txwi = data->txwi; 1775 txwi->flags = 0; 1776 /* let HW generate seq numbers for non-QoS frames */ 1777 txwi->xflags = params->ibp_pri & 3 ? 0 : RT2860_TX_NSEQ; 1778 txwi->wcid = 0xff; 1779 txwi->len = htole16(m->m_pkthdr.len); 1780 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 1781 txwi->phy = htole16(RT2860_PHY_CCK); 1782 if (ridx != RT2860_RIDX_CCK1 && 1783 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 1784 mcs |= RT2860_PHY_SHPRE; 1785 } else 1786 txwi->phy = htole16(RT2860_PHY_OFDM); 1787 txwi->phy |= htole16(mcs); 1788 1789 /* 1790 * We store the MCS code into the driver-private PacketID field. 1791 * The PacketID is latched into TX_STAT_FIFO when Tx completes so 1792 * that we know at which initial rate the frame was transmitted. 1793 * We add 1 to the MCS code because setting the PacketID field to 1794 * 0 means that we don't want feedback in TX_STAT_FIFO. 1795 */ 1796 pid = (mcs + 1) & 0xf; 1797 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 1798 1799 /* check if RTS/CTS or CTS-to-self protection is required */ 1800 if (params->ibp_flags & IEEE80211_BPF_RTS || 1801 params->ibp_flags & IEEE80211_BPF_CTS) 1802 txwi->txop = RT2860_TX_TXOP_HT; 1803 else 1804 txwi->txop = RT2860_TX_TXOP_BACKOFF; 1805 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) { 1806 txwi->xflags |= RT2860_TX_ACK; 1807 1808 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 1809 dur = rt2860_rates[ridx].sp_ack_dur; 1810 else 1811 dur = rt2860_rates[ridx].lp_ack_dur; 1812 *(uint16_t *)wh->i_dur = htole16(dur); 1813 } 1814 /* ask MAC to insert timestamp into probe responses */ 1815 if ((wh->i_fc[0] & 1816 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 1817 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 1818 /* NOTE: beacons do not pass through tx_data() */ 1819 txwi->flags |= RT2860_TX_TS; 1820 1821 if (ieee80211_radiotap_active_vap(vap)) { 1822 struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap; 1823 1824 tap->wt_flags = 0; 1825 tap->wt_rate = rate; 1826 if (mcs & RT2860_PHY_SHPRE) 1827 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 1828 1829 ieee80211_radiotap_tx(vap, m); 1830 } 1831 1832 pad = (hdrlen + 3) & ~3; 1833 1834 /* copy and trim 802.11 header */ 1835 memcpy(txwi + 1, wh, hdrlen); 1836 m_adj(m, hdrlen); 1837 1838 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs, 1839 &nsegs, 0); 1840 if (__predict_false(error != 0 && error != EFBIG)) { 1841 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 1842 error); 1843 m_freem(m); 1844 return error; 1845 } 1846 if (__predict_true(error == 0)) { 1847 /* determine how many TXDs are required */ 1848 ntxds = 1 + (nsegs / 2); 1849 1850 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) { 1851 /* not enough free TXDs, force mbuf defrag */ 1852 bus_dmamap_unload(sc->txwi_dmat, data->map); 1853 error = EFBIG; 1854 } 1855 } 1856 if (__predict_false(error != 0)) { 1857 m1 = m_defrag(m, M_NOWAIT); 1858 if (m1 == NULL) { 1859 device_printf(sc->sc_dev, 1860 "could not defragment mbuf\n"); 1861 m_freem(m); 1862 return ENOBUFS; 1863 } 1864 m = m1; 1865 1866 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, 1867 segs, &nsegs, 0); 1868 if (__predict_false(error != 0)) { 1869 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n", 1870 error); 1871 m_freem(m); 1872 return error; 1873 } 1874 1875 /* determine how many TXDs are now required */ 1876 ntxds = 1 + (nsegs / 2); 1877 1878 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) { 1879 /* this is a hopeless case, drop the mbuf! */ 1880 bus_dmamap_unload(sc->txwi_dmat, data->map); 1881 m_freem(m); 1882 return ENOBUFS; 1883 } 1884 } 1885 1886 qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT; 1887 1888 /* first segment is TXWI + 802.11 header */ 1889 txd = &ring->txd[ring->cur]; 1890 txd->sdp0 = htole32(data->paddr); 1891 txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad); 1892 txd->flags = qsel; 1893 1894 /* setup payload segments */ 1895 seg = &segs[0]; 1896 for (i = nsegs; i >= 2; i -= 2) { 1897 txd->sdp1 = htole32(seg->ds_addr); 1898 txd->sdl1 = htole16(seg->ds_len); 1899 seg++; 1900 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT; 1901 /* grab a new Tx descriptor */ 1902 txd = &ring->txd[ring->cur]; 1903 txd->sdp0 = htole32(seg->ds_addr); 1904 txd->sdl0 = htole16(seg->ds_len); 1905 txd->flags = qsel; 1906 seg++; 1907 } 1908 /* finalize last segment */ 1909 if (i > 0) { 1910 txd->sdp1 = htole32(seg->ds_addr); 1911 txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1); 1912 } else { 1913 txd->sdl0 |= htole16(RT2860_TX_LS0); 1914 txd->sdl1 = 0; 1915 } 1916 1917 /* remove from the free pool and link it into the SW Tx slot */ 1918 SLIST_REMOVE_HEAD(&sc->data_pool, next); 1919 data->m = m; 1920 data->ni = ni; 1921 ring->data[ring->cur] = data; 1922 1923 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE); 1924 bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE); 1925 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE); 1926 1927 DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n", 1928 qid, txwi->wcid, nsegs, ridx)); 1929 1930 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT; 1931 ring->queued += ntxds; 1932 if (ring->queued >= RT2860_TX_RING_COUNT) 1933 sc->qfullmsk |= 1 << qid; 1934 1935 /* kick Tx */ 1936 RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur); 1937 1938 return 0; 1939} 1940 1941static int 1942rt2860_transmit(struct ieee80211com *ic, struct mbuf *m) 1943{ 1944 struct rt2860_softc *sc = ic->ic_softc; 1945 int error; 1946 1947 RAL_LOCK(sc); 1948 if ((sc->sc_flags & RT2860_RUNNING) == 0) { 1949 RAL_UNLOCK(sc); 1950 return (ENXIO); 1951 } 1952 error = mbufq_enqueue(&sc->sc_snd, m); 1953 if (error) { 1954 RAL_UNLOCK(sc); 1955 return (error); 1956 } 1957 rt2860_start(sc); 1958 RAL_UNLOCK(sc); 1959 1960 return (0); 1961} 1962 1963static void 1964rt2860_start(struct rt2860_softc *sc) 1965{ 1966 struct ieee80211_node *ni; 1967 struct mbuf *m; 1968 1969 RAL_LOCK_ASSERT(sc); 1970 1971 if ((sc->sc_flags & RT2860_RUNNING) == 0) 1972 return; 1973 1974 while (!SLIST_EMPTY(&sc->data_pool) && sc->qfullmsk == 0 && 1975 (m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 1976 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 1977 if (rt2860_tx(sc, m, ni) != 0) { 1978 if_inc_counter(ni->ni_vap->iv_ifp, 1979 IFCOUNTER_OERRORS, 1); 1980 ieee80211_free_node(ni); 1981 continue; 1982 } 1983 sc->sc_tx_timer = 5; 1984 } 1985} 1986 1987static void 1988rt2860_watchdog(void *arg) 1989{ 1990 struct rt2860_softc *sc = arg; 1991 1992 RAL_LOCK_ASSERT(sc); 1993 1994 KASSERT(sc->sc_flags & RT2860_RUNNING, ("not running")); 1995 1996 if (sc->sc_invalid) /* card ejected */ 1997 return; 1998 1999 if (sc->sc_tx_timer > 0 && --sc->sc_tx_timer == 0) { 2000 device_printf(sc->sc_dev, "device timeout\n"); 2001 rt2860_stop_locked(sc); 2002 rt2860_init_locked(sc); 2003 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2004 return; 2005 } 2006 callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc); 2007} 2008 2009static void 2010rt2860_parent(struct ieee80211com *ic) 2011{ 2012 struct rt2860_softc *sc = ic->ic_softc; 2013 int startall = 0; 2014 2015 RAL_LOCK(sc); 2016 if (ic->ic_nrunning> 0) { 2017 if (!(sc->sc_flags & RT2860_RUNNING)) { 2018 rt2860_init_locked(sc); 2019 startall = 1; 2020 } else 2021 rt2860_update_promisc(ic); 2022 } else if (sc->sc_flags & RT2860_RUNNING) 2023 rt2860_stop_locked(sc); 2024 RAL_UNLOCK(sc); 2025 if (startall) 2026 ieee80211_start_all(ic); 2027} 2028 2029/* 2030 * Reading and writing from/to the BBP is different from RT2560 and RT2661. 2031 * We access the BBP through the 8051 microcontroller unit which means that 2032 * the microcode must be loaded first. 2033 */ 2034void 2035rt2860_mcu_bbp_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val) 2036{ 2037 int ntries; 2038 2039 for (ntries = 0; ntries < 100; ntries++) { 2040 if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK)) 2041 break; 2042 DELAY(1); 2043 } 2044 if (ntries == 100) { 2045 device_printf(sc->sc_dev, 2046 "could not write to BBP through MCU\n"); 2047 return; 2048 } 2049 2050 RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL | 2051 RT2860_BBP_CSR_KICK | reg << 8 | val); 2052 RAL_BARRIER_WRITE(sc); 2053 2054 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0); 2055 DELAY(1000); 2056} 2057 2058uint8_t 2059rt2860_mcu_bbp_read(struct rt2860_softc *sc, uint8_t reg) 2060{ 2061 uint32_t val; 2062 int ntries; 2063 2064 for (ntries = 0; ntries < 100; ntries++) { 2065 if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK)) 2066 break; 2067 DELAY(1); 2068 } 2069 if (ntries == 100) { 2070 device_printf(sc->sc_dev, 2071 "could not read from BBP through MCU\n"); 2072 return 0; 2073 } 2074 2075 RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL | 2076 RT2860_BBP_CSR_KICK | RT2860_BBP_CSR_READ | reg << 8); 2077 RAL_BARRIER_WRITE(sc); 2078 2079 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0); 2080 DELAY(1000); 2081 2082 for (ntries = 0; ntries < 100; ntries++) { 2083 val = RAL_READ(sc, RT2860_H2M_BBPAGENT); 2084 if (!(val & RT2860_BBP_CSR_KICK)) 2085 return val & 0xff; 2086 DELAY(1); 2087 } 2088 device_printf(sc->sc_dev, "could not read from BBP through MCU\n"); 2089 2090 return 0; 2091} 2092 2093/* 2094 * Write to one of the 4 programmable 24-bit RF registers. 2095 */ 2096static void 2097rt2860_rf_write(struct rt2860_softc *sc, uint8_t reg, uint32_t val) 2098{ 2099 uint32_t tmp; 2100 int ntries; 2101 2102 for (ntries = 0; ntries < 100; ntries++) { 2103 if (!(RAL_READ(sc, RT2860_RF_CSR_CFG0) & RT2860_RF_REG_CTRL)) 2104 break; 2105 DELAY(1); 2106 } 2107 if (ntries == 100) { 2108 device_printf(sc->sc_dev, "could not write to RF\n"); 2109 return; 2110 } 2111 2112 /* RF registers are 24-bit on the RT2860 */ 2113 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 2114 (val & 0x3fffff) << 2 | (reg & 3); 2115 RAL_WRITE(sc, RT2860_RF_CSR_CFG0, tmp); 2116} 2117 2118static uint8_t 2119rt3090_rf_read(struct rt2860_softc *sc, uint8_t reg) 2120{ 2121 uint32_t tmp; 2122 int ntries; 2123 2124 for (ntries = 0; ntries < 100; ntries++) { 2125 if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK)) 2126 break; 2127 DELAY(1); 2128 } 2129 if (ntries == 100) { 2130 device_printf(sc->sc_dev, "could not read RF register\n"); 2131 return 0xff; 2132 } 2133 tmp = RT3070_RF_KICK | reg << 8; 2134 RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp); 2135 2136 for (ntries = 0; ntries < 100; ntries++) { 2137 tmp = RAL_READ(sc, RT3070_RF_CSR_CFG); 2138 if (!(tmp & RT3070_RF_KICK)) 2139 break; 2140 DELAY(1); 2141 } 2142 if (ntries == 100) { 2143 device_printf(sc->sc_dev, "could not read RF register\n"); 2144 return 0xff; 2145 } 2146 return tmp & 0xff; 2147} 2148 2149void 2150rt3090_rf_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val) 2151{ 2152 uint32_t tmp; 2153 int ntries; 2154 2155 for (ntries = 0; ntries < 10; ntries++) { 2156 if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK)) 2157 break; 2158 DELAY(10); 2159 } 2160 if (ntries == 10) { 2161 device_printf(sc->sc_dev, "could not write to RF\n"); 2162 return; 2163 } 2164 2165 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 2166 RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp); 2167} 2168 2169/* 2170 * Send a command to the 8051 microcontroller unit. 2171 */ 2172int 2173rt2860_mcu_cmd(struct rt2860_softc *sc, uint8_t cmd, uint16_t arg, int wait) 2174{ 2175 int slot, ntries; 2176 uint32_t tmp; 2177 uint8_t cid; 2178 2179 for (ntries = 0; ntries < 100; ntries++) { 2180 if (!(RAL_READ(sc, RT2860_H2M_MAILBOX) & RT2860_H2M_BUSY)) 2181 break; 2182 DELAY(2); 2183 } 2184 if (ntries == 100) 2185 return EIO; 2186 2187 cid = wait ? cmd : RT2860_TOKEN_NO_INTR; 2188 RAL_WRITE(sc, RT2860_H2M_MAILBOX, RT2860_H2M_BUSY | cid << 16 | arg); 2189 RAL_BARRIER_WRITE(sc); 2190 RAL_WRITE(sc, RT2860_HOST_CMD, cmd); 2191 2192 if (!wait) 2193 return 0; 2194 /* wait for the command to complete */ 2195 for (ntries = 0; ntries < 200; ntries++) { 2196 tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_CID); 2197 /* find the command slot */ 2198 for (slot = 0; slot < 4; slot++, tmp >>= 8) 2199 if ((tmp & 0xff) == cid) 2200 break; 2201 if (slot < 4) 2202 break; 2203 DELAY(100); 2204 } 2205 if (ntries == 200) { 2206 /* clear command and status */ 2207 RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 2208 RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 2209 return ETIMEDOUT; 2210 } 2211 /* get command status (1 means success) */ 2212 tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_STATUS); 2213 tmp = (tmp >> (slot * 8)) & 0xff; 2214 DPRINTF(("MCU command=0x%02x slot=%d status=0x%02x\n", 2215 cmd, slot, tmp)); 2216 /* clear command and status */ 2217 RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 2218 RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 2219 return (tmp == 1) ? 0 : EIO; 2220} 2221 2222static void 2223rt2860_enable_mrr(struct rt2860_softc *sc) 2224{ 2225#define CCK(mcs) (mcs) 2226#define OFDM(mcs) (1 << 3 | (mcs)) 2227 RAL_WRITE(sc, RT2860_LG_FBK_CFG0, 2228 OFDM(6) << 28 | /* 54->48 */ 2229 OFDM(5) << 24 | /* 48->36 */ 2230 OFDM(4) << 20 | /* 36->24 */ 2231 OFDM(3) << 16 | /* 24->18 */ 2232 OFDM(2) << 12 | /* 18->12 */ 2233 OFDM(1) << 8 | /* 12-> 9 */ 2234 OFDM(0) << 4 | /* 9-> 6 */ 2235 OFDM(0)); /* 6-> 6 */ 2236 2237 RAL_WRITE(sc, RT2860_LG_FBK_CFG1, 2238 CCK(2) << 12 | /* 11->5.5 */ 2239 CCK(1) << 8 | /* 5.5-> 2 */ 2240 CCK(0) << 4 | /* 2-> 1 */ 2241 CCK(0)); /* 1-> 1 */ 2242#undef OFDM 2243#undef CCK 2244} 2245 2246static void 2247rt2860_set_txpreamble(struct rt2860_softc *sc) 2248{ 2249 struct ieee80211com *ic = &sc->sc_ic; 2250 uint32_t tmp; 2251 2252 tmp = RAL_READ(sc, RT2860_AUTO_RSP_CFG); 2253 tmp &= ~RT2860_CCK_SHORT_EN; 2254 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 2255 tmp |= RT2860_CCK_SHORT_EN; 2256 RAL_WRITE(sc, RT2860_AUTO_RSP_CFG, tmp); 2257} 2258 2259void 2260rt2860_set_basicrates(struct rt2860_softc *sc, 2261 const struct ieee80211_rateset *rs) 2262{ 2263 struct ieee80211com *ic = &sc->sc_ic; 2264 uint32_t mask = 0; 2265 uint8_t rate; 2266 int i; 2267 2268 for (i = 0; i < rs->rs_nrates; i++) { 2269 rate = rs->rs_rates[i]; 2270 2271 if (!(rate & IEEE80211_RATE_BASIC)) 2272 continue; 2273 2274 mask |= 1 << ieee80211_legacy_rate_lookup(ic->ic_rt, 2275 IEEE80211_RV(rate)); 2276 } 2277 2278 RAL_WRITE(sc, RT2860_LEGACY_BASIC_RATE, mask); 2279} 2280 2281static void 2282rt2860_scan_start(struct ieee80211com *ic) 2283{ 2284 struct rt2860_softc *sc = ic->ic_softc; 2285 uint32_t tmp; 2286 2287 tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG); 2288 RAL_WRITE(sc, RT2860_BCN_TIME_CFG, 2289 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2290 RT2860_TBTT_TIMER_EN)); 2291 rt2860_set_gp_timer(sc, 0); 2292} 2293 2294static void 2295rt2860_scan_end(struct ieee80211com *ic) 2296{ 2297 struct rt2860_softc *sc = ic->ic_softc; 2298 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2299 2300 if (vap->iv_state == IEEE80211_S_RUN) { 2301 rt2860_enable_tsf_sync(sc); 2302 rt2860_set_gp_timer(sc, 500); 2303 } 2304} 2305 2306static void 2307rt2860_getradiocaps(struct ieee80211com *ic, int maxchans, int *nchans, 2308 struct ieee80211_channel chans[]) 2309{ 2310 struct rt2860_softc *sc = ic->ic_softc; 2311 uint8_t bands[IEEE80211_MODE_BYTES]; 2312 2313 memset(bands, 0, sizeof(bands)); 2314 setbit(bands, IEEE80211_MODE_11B); 2315 setbit(bands, IEEE80211_MODE_11G); 2316 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 2317 rt2860_chan_2ghz, nitems(rt2860_chan_2ghz), bands, 0); 2318 2319 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850) { 2320 setbit(bands, IEEE80211_MODE_11A); 2321 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 2322 rt2860_chan_5ghz, nitems(rt2860_chan_5ghz), bands, 0); 2323 } 2324} 2325 2326static void 2327rt2860_set_channel(struct ieee80211com *ic) 2328{ 2329 struct rt2860_softc *sc = ic->ic_softc; 2330 2331 RAL_LOCK(sc); 2332 rt2860_switch_chan(sc, ic->ic_curchan); 2333 RAL_UNLOCK(sc); 2334} 2335 2336static void 2337rt2860_select_chan_group(struct rt2860_softc *sc, int group) 2338{ 2339 uint32_t tmp; 2340 uint8_t agc; 2341 2342 rt2860_mcu_bbp_write(sc, 62, 0x37 - sc->lna[group]); 2343 rt2860_mcu_bbp_write(sc, 63, 0x37 - sc->lna[group]); 2344 rt2860_mcu_bbp_write(sc, 64, 0x37 - sc->lna[group]); 2345 rt2860_mcu_bbp_write(sc, 86, 0x00); 2346 2347 if (group == 0) { 2348 if (sc->ext_2ghz_lna) { 2349 rt2860_mcu_bbp_write(sc, 82, 0x62); 2350 rt2860_mcu_bbp_write(sc, 75, 0x46); 2351 } else { 2352 rt2860_mcu_bbp_write(sc, 82, 0x84); 2353 rt2860_mcu_bbp_write(sc, 75, 0x50); 2354 } 2355 } else { 2356 if (sc->ext_5ghz_lna) { 2357 rt2860_mcu_bbp_write(sc, 82, 0xf2); 2358 rt2860_mcu_bbp_write(sc, 75, 0x46); 2359 } else { 2360 rt2860_mcu_bbp_write(sc, 82, 0xf2); 2361 rt2860_mcu_bbp_write(sc, 75, 0x50); 2362 } 2363 } 2364 2365 tmp = RAL_READ(sc, RT2860_TX_BAND_CFG); 2366 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 2367 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 2368 RAL_WRITE(sc, RT2860_TX_BAND_CFG, tmp); 2369 2370 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 2371 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 2372 if (sc->nrxchains > 1) 2373 tmp |= RT2860_LNA_PE1_EN; 2374 if (sc->mac_ver == 0x3593 && sc->nrxchains > 2) 2375 tmp |= RT3593_LNA_PE2_EN; 2376 if (group == 0) { /* 2GHz */ 2377 tmp |= RT2860_PA_PE_G0_EN; 2378 if (sc->ntxchains > 1) 2379 tmp |= RT2860_PA_PE_G1_EN; 2380 if (sc->mac_ver == 0x3593 && sc->ntxchains > 2) 2381 tmp |= RT3593_PA_PE_G2_EN; 2382 } else { /* 5GHz */ 2383 tmp |= RT2860_PA_PE_A0_EN; 2384 if (sc->ntxchains > 1) 2385 tmp |= RT2860_PA_PE_A1_EN; 2386 if (sc->mac_ver == 0x3593 && sc->ntxchains > 2) 2387 tmp |= RT3593_PA_PE_A2_EN; 2388 } 2389 RAL_WRITE(sc, RT2860_TX_PIN_CFG, tmp); 2390 2391 if (sc->mac_ver == 0x3593) { 2392 tmp = RAL_READ(sc, RT2860_GPIO_CTRL); 2393 if (sc->sc_flags & RT2860_PCIE) { 2394 tmp &= ~0x01010000; 2395 if (group == 0) 2396 tmp |= 0x00010000; 2397 } else { 2398 tmp &= ~0x00008080; 2399 if (group == 0) 2400 tmp |= 0x00000080; 2401 } 2402 tmp = (tmp & ~0x00001000) | 0x00000010; 2403 RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp); 2404 } 2405 2406 /* set initial AGC value */ 2407 if (group == 0) { /* 2GHz band */ 2408 if (sc->mac_ver >= 0x3071) 2409 agc = 0x1c + sc->lna[0] * 2; 2410 else 2411 agc = 0x2e + sc->lna[0]; 2412 } else { /* 5GHz band */ 2413 agc = 0x32 + (sc->lna[group] * 5) / 3; 2414 } 2415 rt2860_mcu_bbp_write(sc, 66, agc); 2416 2417 DELAY(1000); 2418} 2419 2420static void 2421rt2860_set_chan(struct rt2860_softc *sc, u_int chan) 2422{ 2423 const struct rfprog *rfprog = rt2860_rf2850; 2424 uint32_t r2, r3, r4; 2425 int8_t txpow1, txpow2; 2426 u_int i; 2427 2428 /* find the settings for this channel (we know it exists) */ 2429 for (i = 0; rfprog[i].chan != chan; i++); 2430 2431 r2 = rfprog[i].r2; 2432 if (sc->ntxchains == 1) 2433 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 2434 if (sc->nrxchains == 1) 2435 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 2436 else if (sc->nrxchains == 2) 2437 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 2438 2439 /* use Tx power values from EEPROM */ 2440 txpow1 = sc->txpow1[i]; 2441 txpow2 = sc->txpow2[i]; 2442 if (chan > 14) { 2443 if (txpow1 >= 0) 2444 txpow1 = txpow1 << 1 | 1; 2445 else 2446 txpow1 = (7 + txpow1) << 1; 2447 if (txpow2 >= 0) 2448 txpow2 = txpow2 << 1 | 1; 2449 else 2450 txpow2 = (7 + txpow2) << 1; 2451 } 2452 r3 = rfprog[i].r3 | txpow1 << 7; 2453 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 2454 2455 rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1); 2456 rt2860_rf_write(sc, RT2860_RF2, r2); 2457 rt2860_rf_write(sc, RT2860_RF3, r3); 2458 rt2860_rf_write(sc, RT2860_RF4, r4); 2459 2460 DELAY(200); 2461 2462 rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1); 2463 rt2860_rf_write(sc, RT2860_RF2, r2); 2464 rt2860_rf_write(sc, RT2860_RF3, r3 | 1); 2465 rt2860_rf_write(sc, RT2860_RF4, r4); 2466 2467 DELAY(200); 2468 2469 rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1); 2470 rt2860_rf_write(sc, RT2860_RF2, r2); 2471 rt2860_rf_write(sc, RT2860_RF3, r3); 2472 rt2860_rf_write(sc, RT2860_RF4, r4); 2473} 2474 2475static void 2476rt3090_set_chan(struct rt2860_softc *sc, u_int chan) 2477{ 2478 int8_t txpow1, txpow2; 2479 uint8_t rf; 2480 int i; 2481 2482 /* RT3090 is 2GHz only */ 2483 KASSERT(chan >= 1 && chan <= 14, ("chan %d not support", chan)); 2484 2485 /* find the settings for this channel (we know it exists) */ 2486 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 2487 2488 /* use Tx power values from EEPROM */ 2489 txpow1 = sc->txpow1[i]; 2490 txpow2 = sc->txpow2[i]; 2491 2492 rt3090_rf_write(sc, 2, rt3090_freqs[i].n); 2493 rf = rt3090_rf_read(sc, 3); 2494 rf = (rf & ~0x0f) | rt3090_freqs[i].k; 2495 rt3090_rf_write(sc, 3, rf); 2496 rf = rt3090_rf_read(sc, 6); 2497 rf = (rf & ~0x03) | rt3090_freqs[i].r; 2498 rt3090_rf_write(sc, 6, rf); 2499 2500 /* set Tx0 power */ 2501 rf = rt3090_rf_read(sc, 12); 2502 rf = (rf & ~0x1f) | txpow1; 2503 rt3090_rf_write(sc, 12, rf); 2504 2505 /* set Tx1 power */ 2506 rf = rt3090_rf_read(sc, 13); 2507 rf = (rf & ~0x1f) | txpow2; 2508 rt3090_rf_write(sc, 13, rf); 2509 2510 rf = rt3090_rf_read(sc, 1); 2511 rf &= ~0xfc; 2512 if (sc->ntxchains == 1) 2513 rf |= RT3070_TX1_PD | RT3070_TX2_PD; 2514 else if (sc->ntxchains == 2) 2515 rf |= RT3070_TX2_PD; 2516 if (sc->nrxchains == 1) 2517 rf |= RT3070_RX1_PD | RT3070_RX2_PD; 2518 else if (sc->nrxchains == 2) 2519 rf |= RT3070_RX2_PD; 2520 rt3090_rf_write(sc, 1, rf); 2521 2522 /* set RF offset */ 2523 rf = rt3090_rf_read(sc, 23); 2524 rf = (rf & ~0x7f) | sc->freq; 2525 rt3090_rf_write(sc, 23, rf); 2526 2527 /* program RF filter */ 2528 rf = rt3090_rf_read(sc, 24); /* Tx */ 2529 rf = (rf & ~0x3f) | sc->rf24_20mhz; 2530 rt3090_rf_write(sc, 24, rf); 2531 rf = rt3090_rf_read(sc, 31); /* Rx */ 2532 rf = (rf & ~0x3f) | sc->rf24_20mhz; 2533 rt3090_rf_write(sc, 31, rf); 2534 2535 /* enable RF tuning */ 2536 rf = rt3090_rf_read(sc, 7); 2537 rt3090_rf_write(sc, 7, rf | RT3070_TUNE); 2538} 2539 2540static void 2541rt5390_set_chan(struct rt2860_softc *sc, u_int chan) 2542{ 2543 uint8_t h20mhz, rf, tmp; 2544 int8_t txpow1, txpow2; 2545 int i; 2546 2547 /* RT5390 is 2GHz only */ 2548 KASSERT(chan >= 1 && chan <= 14, ("chan %d not support", chan)); 2549 2550 /* find the settings for this channel (we know it exists) */ 2551 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 2552 2553 /* use Tx power values from EEPROM */ 2554 txpow1 = sc->txpow1[i]; 2555 txpow2 = sc->txpow2[i]; 2556 2557 rt3090_rf_write(sc, 8, rt3090_freqs[i].n); 2558 rt3090_rf_write(sc, 9, rt3090_freqs[i].k & 0x0f); 2559 rf = rt3090_rf_read(sc, 11); 2560 rf = (rf & ~0x03) | (rt3090_freqs[i].r & 0x03); 2561 rt3090_rf_write(sc, 11, rf); 2562 2563 rf = rt3090_rf_read(sc, 49); 2564 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 2565 /* the valid range of the RF R49 is 0x00~0x27 */ 2566 if ((rf & 0x3f) > 0x27) 2567 rf = (rf & ~0x3f) | 0x27; 2568 rt3090_rf_write(sc, 49, rf); 2569 if (sc->mac_ver == 0x5392) { 2570 rf = rt3090_rf_read(sc, 50); 2571 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 2572 /* the valid range of the RF R50 is 0x00~0x27 */ 2573 if ((rf & 0x3f) > 0x27) 2574 rf = (rf & ~0x3f) | 0x27; 2575 rt3090_rf_write(sc, 50, rf); 2576 } 2577 2578 rf = rt3090_rf_read(sc, 1); 2579 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 2580 if (sc->mac_ver == 0x5392) 2581 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 2582 rt3090_rf_write(sc, 1, rf); 2583 2584 rf = rt3090_rf_read(sc, 2); 2585 rt3090_rf_write(sc, 2, rf | RT3593_RESCAL); 2586 DELAY(1000); 2587 rt3090_rf_write(sc, 2, rf & ~RT3593_RESCAL); 2588 2589 rf = rt3090_rf_read(sc, 17); 2590 tmp = rf; 2591 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 2592 rf = MIN(rf, 0x5f); 2593 if (tmp != rf) 2594 rt2860_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf, 0); 2595 2596 if (sc->mac_ver == 0x5390) { 2597 if (chan <= 4) 2598 rf = 0x73; 2599 else if (chan >= 5 && chan <= 6) 2600 rf = 0x63; 2601 else if (chan >= 7 && chan <= 10) 2602 rf = 0x53; 2603 else 2604 rf = 43; 2605 rt3090_rf_write(sc, 55, rf); 2606 2607 if (chan == 1) 2608 rf = 0x0c; 2609 else if (chan == 2) 2610 rf = 0x0b; 2611 else if (chan == 3) 2612 rf = 0x0a; 2613 else if (chan >= 4 && chan <= 6) 2614 rf = 0x09; 2615 else if (chan >= 7 && chan <= 12) 2616 rf = 0x08; 2617 else if (chan == 13) 2618 rf = 0x07; 2619 else 2620 rf = 0x06; 2621 rt3090_rf_write(sc, 59, rf); 2622 } 2623 2624 /* Tx/Rx h20M */ 2625 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 2626 rf = rt3090_rf_read(sc, 30); 2627 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 2628 rt3090_rf_write(sc, 30, rf); 2629 2630 /* Rx BB filter VCM */ 2631 rf = rt3090_rf_read(sc, 30); 2632 rf = (rf & ~0x18) | 0x10; 2633 rt3090_rf_write(sc, 30, rf); 2634 2635 /* Initiate VCO calibration. */ 2636 rf = rt3090_rf_read(sc, 3); 2637 rf |= RT3593_VCOCAL; 2638 rt3090_rf_write(sc, 3, rf); 2639} 2640 2641static int 2642rt3090_rf_init(struct rt2860_softc *sc) 2643{ 2644 uint32_t tmp; 2645 uint8_t rf, bbp; 2646 int i; 2647 2648 rf = rt3090_rf_read(sc, 30); 2649 /* toggle RF R30 bit 7 */ 2650 rt3090_rf_write(sc, 30, rf | 0x80); 2651 DELAY(1000); 2652 rt3090_rf_write(sc, 30, rf & ~0x80); 2653 2654 tmp = RAL_READ(sc, RT3070_LDO_CFG0); 2655 tmp &= ~0x1f000000; 2656 if (sc->patch_dac && sc->mac_rev < 0x0211) 2657 tmp |= 0x0d000000; /* 1.35V */ 2658 else 2659 tmp |= 0x01000000; /* 1.2V */ 2660 RAL_WRITE(sc, RT3070_LDO_CFG0, tmp); 2661 2662 /* patch LNA_PE_G1 */ 2663 tmp = RAL_READ(sc, RT3070_GPIO_SWITCH); 2664 RAL_WRITE(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 2665 2666 /* initialize RF registers to default value */ 2667 for (i = 0; i < nitems(rt3090_def_rf); i++) { 2668 rt3090_rf_write(sc, rt3090_def_rf[i].reg, 2669 rt3090_def_rf[i].val); 2670 } 2671 2672 /* select 20MHz bandwidth */ 2673 rt3090_rf_write(sc, 31, 0x14); 2674 2675 rf = rt3090_rf_read(sc, 6); 2676 rt3090_rf_write(sc, 6, rf | 0x40); 2677 2678 if (sc->mac_ver != 0x3593) { 2679 /* calibrate filter for 20MHz bandwidth */ 2680 sc->rf24_20mhz = 0x1f; /* default value */ 2681 rt3090_filter_calib(sc, 0x07, 0x16, &sc->rf24_20mhz); 2682 2683 /* select 40MHz bandwidth */ 2684 bbp = rt2860_mcu_bbp_read(sc, 4); 2685 rt2860_mcu_bbp_write(sc, 4, (bbp & ~0x08) | 0x10); 2686 rf = rt3090_rf_read(sc, 31); 2687 rt3090_rf_write(sc, 31, rf | 0x20); 2688 2689 /* calibrate filter for 40MHz bandwidth */ 2690 sc->rf24_40mhz = 0x2f; /* default value */ 2691 rt3090_filter_calib(sc, 0x27, 0x19, &sc->rf24_40mhz); 2692 2693 /* go back to 20MHz bandwidth */ 2694 bbp = rt2860_mcu_bbp_read(sc, 4); 2695 rt2860_mcu_bbp_write(sc, 4, bbp & ~0x18); 2696 } 2697 if (sc->mac_rev < 0x0211) 2698 rt3090_rf_write(sc, 27, 0x03); 2699 2700 tmp = RAL_READ(sc, RT3070_OPT_14); 2701 RAL_WRITE(sc, RT3070_OPT_14, tmp | 1); 2702 2703 if (sc->rf_rev == RT3070_RF_3020) 2704 rt3090_set_rx_antenna(sc, 0); 2705 2706 bbp = rt2860_mcu_bbp_read(sc, 138); 2707 if (sc->mac_ver == 0x3593) { 2708 if (sc->ntxchains == 1) 2709 bbp |= 0x60; /* turn off DAC1 and DAC2 */ 2710 else if (sc->ntxchains == 2) 2711 bbp |= 0x40; /* turn off DAC2 */ 2712 if (sc->nrxchains == 1) 2713 bbp &= ~0x06; /* turn off ADC1 and ADC2 */ 2714 else if (sc->nrxchains == 2) 2715 bbp &= ~0x04; /* turn off ADC2 */ 2716 } else { 2717 if (sc->ntxchains == 1) 2718 bbp |= 0x20; /* turn off DAC1 */ 2719 if (sc->nrxchains == 1) 2720 bbp &= ~0x02; /* turn off ADC1 */ 2721 } 2722 rt2860_mcu_bbp_write(sc, 138, bbp); 2723 2724 rf = rt3090_rf_read(sc, 1); 2725 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 2726 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 2727 rt3090_rf_write(sc, 1, rf); 2728 2729 rf = rt3090_rf_read(sc, 15); 2730 rt3090_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 2731 2732 rf = rt3090_rf_read(sc, 17); 2733 rf &= ~RT3070_TX_LO1; 2734 if (sc->mac_rev >= 0x0211 && !sc->ext_2ghz_lna) 2735 rf |= 0x20; /* fix for long range Rx issue */ 2736 if (sc->txmixgain_2ghz >= 2) 2737 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 2738 rt3090_rf_write(sc, 17, rf); 2739 2740 rf = rt3090_rf_read(sc, 20); 2741 rt3090_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 2742 2743 rf = rt3090_rf_read(sc, 21); 2744 rt3090_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 2745 2746 return (0); 2747} 2748 2749static void 2750rt5390_rf_init(struct rt2860_softc *sc) 2751{ 2752 uint8_t rf, bbp; 2753 int i; 2754 2755 rf = rt3090_rf_read(sc, 2); 2756 /* Toggle RF R2 bit 7. */ 2757 rt3090_rf_write(sc, 2, rf | RT3593_RESCAL); 2758 DELAY(1000); 2759 rt3090_rf_write(sc, 2, rf & ~RT3593_RESCAL); 2760 2761 /* Initialize RF registers to default value. */ 2762 if (sc->mac_ver == 0x5392) { 2763 for (i = 0; i < nitems(rt5392_def_rf); i++) { 2764 rt3090_rf_write(sc, rt5392_def_rf[i].reg, 2765 rt5392_def_rf[i].val); 2766 } 2767 } else { 2768 for (i = 0; i < nitems(rt5390_def_rf); i++) { 2769 rt3090_rf_write(sc, rt5390_def_rf[i].reg, 2770 rt5390_def_rf[i].val); 2771 } 2772 } 2773 2774 sc->rf24_20mhz = 0x1f; 2775 sc->rf24_40mhz = 0x2f; 2776 2777 if (sc->mac_rev < 0x0211) 2778 rt3090_rf_write(sc, 27, 0x03); 2779 2780 /* Set led open drain enable. */ 2781 RAL_WRITE(sc, RT3070_OPT_14, RAL_READ(sc, RT3070_OPT_14) | 1); 2782 2783 RAL_WRITE(sc, RT2860_TX_SW_CFG1, 0); 2784 RAL_WRITE(sc, RT2860_TX_SW_CFG2, 0); 2785 2786 if (sc->mac_ver == 0x5390) 2787 rt3090_set_rx_antenna(sc, 0); 2788 2789 /* Patch RSSI inaccurate issue. */ 2790 rt2860_mcu_bbp_write(sc, 79, 0x13); 2791 rt2860_mcu_bbp_write(sc, 80, 0x05); 2792 rt2860_mcu_bbp_write(sc, 81, 0x33); 2793 2794 /* Enable DC filter. */ 2795 if (sc->mac_rev >= 0x0211) 2796 rt2860_mcu_bbp_write(sc, 103, 0xc0); 2797 2798 bbp = rt2860_mcu_bbp_read(sc, 138); 2799 if (sc->ntxchains == 1) 2800 bbp |= 0x20; /* Turn off DAC1. */ 2801 if (sc->nrxchains == 1) 2802 bbp &= ~0x02; /* Turn off ADC1. */ 2803 rt2860_mcu_bbp_write(sc, 138, bbp); 2804 2805 /* Enable RX LO1 and LO2. */ 2806 rt3090_rf_write(sc, 38, rt3090_rf_read(sc, 38) & ~RT5390_RX_LO1); 2807 rt3090_rf_write(sc, 39, rt3090_rf_read(sc, 39) & ~RT5390_RX_LO2); 2808 2809 /* Avoid data lost and CRC error. */ 2810 rt2860_mcu_bbp_write(sc, 4, 2811 rt2860_mcu_bbp_read(sc, 4) | RT5390_MAC_IF_CTRL); 2812 2813 rf = rt3090_rf_read(sc, 30); 2814 rf = (rf & ~0x18) | 0x10; 2815 rt3090_rf_write(sc, 30, rf); 2816} 2817 2818static void 2819rt3090_rf_wakeup(struct rt2860_softc *sc) 2820{ 2821 uint32_t tmp; 2822 uint8_t rf; 2823 2824 if (sc->mac_ver == 0x3593) { 2825 /* enable VCO */ 2826 rf = rt3090_rf_read(sc, 1); 2827 rt3090_rf_write(sc, 1, rf | RT3593_VCO); 2828 2829 /* initiate VCO calibration */ 2830 rf = rt3090_rf_read(sc, 3); 2831 rt3090_rf_write(sc, 3, rf | RT3593_VCOCAL); 2832 2833 /* enable VCO bias current control */ 2834 rf = rt3090_rf_read(sc, 6); 2835 rt3090_rf_write(sc, 6, rf | RT3593_VCO_IC); 2836 2837 /* initiate res calibration */ 2838 rf = rt3090_rf_read(sc, 2); 2839 rt3090_rf_write(sc, 2, rf | RT3593_RESCAL); 2840 2841 /* set reference current control to 0.33 mA */ 2842 rf = rt3090_rf_read(sc, 22); 2843 rf &= ~RT3593_CP_IC_MASK; 2844 rf |= 1 << RT3593_CP_IC_SHIFT; 2845 rt3090_rf_write(sc, 22, rf); 2846 2847 /* enable RX CTB */ 2848 rf = rt3090_rf_read(sc, 46); 2849 rt3090_rf_write(sc, 46, rf | RT3593_RX_CTB); 2850 2851 rf = rt3090_rf_read(sc, 20); 2852 rf &= ~(RT3593_LDO_RF_VC_MASK | RT3593_LDO_PLL_VC_MASK); 2853 rt3090_rf_write(sc, 20, rf); 2854 } else { 2855 /* enable RF block */ 2856 rf = rt3090_rf_read(sc, 1); 2857 rt3090_rf_write(sc, 1, rf | RT3070_RF_BLOCK); 2858 2859 /* enable VCO bias current control */ 2860 rf = rt3090_rf_read(sc, 7); 2861 rt3090_rf_write(sc, 7, rf | 0x30); 2862 2863 rf = rt3090_rf_read(sc, 9); 2864 rt3090_rf_write(sc, 9, rf | 0x0e); 2865 2866 /* enable RX CTB */ 2867 rf = rt3090_rf_read(sc, 21); 2868 rt3090_rf_write(sc, 21, rf | RT3070_RX_CTB); 2869 2870 /* fix Tx to Rx IQ glitch by raising RF voltage */ 2871 rf = rt3090_rf_read(sc, 27); 2872 rf &= ~0x77; 2873 if (sc->mac_rev < 0x0211) 2874 rf |= 0x03; 2875 rt3090_rf_write(sc, 27, rf); 2876 } 2877 if (sc->patch_dac && sc->mac_rev < 0x0211) { 2878 tmp = RAL_READ(sc, RT3070_LDO_CFG0); 2879 tmp = (tmp & ~0x1f000000) | 0x0d000000; 2880 RAL_WRITE(sc, RT3070_LDO_CFG0, tmp); 2881 } 2882} 2883 2884static void 2885rt5390_rf_wakeup(struct rt2860_softc *sc) 2886{ 2887 uint32_t tmp; 2888 uint8_t rf; 2889 2890 rf = rt3090_rf_read(sc, 1); 2891 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | 2892 RT3070_TX0_PD; 2893 if (sc->mac_ver == 0x5392) 2894 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 2895 rt3090_rf_write(sc, 1, rf); 2896 2897 rf = rt3090_rf_read(sc, 6); 2898 rf |= RT3593_VCO_IC | RT3593_VCOCAL; 2899 if (sc->mac_ver == 0x5390) 2900 rf &= ~RT3593_VCO_IC; 2901 rt3090_rf_write(sc, 6, rf); 2902 2903 rt3090_rf_write(sc, 2, rt3090_rf_read(sc, 2) | RT3593_RESCAL); 2904 2905 rf = rt3090_rf_read(sc, 22); 2906 rf = (rf & ~0xe0) | 0x20; 2907 rt3090_rf_write(sc, 22, rf); 2908 2909 rt3090_rf_write(sc, 42, rt3090_rf_read(sc, 42) | RT5390_RX_CTB); 2910 rt3090_rf_write(sc, 20, rt3090_rf_read(sc, 20) & ~0x77); 2911 rt3090_rf_write(sc, 3, rt3090_rf_read(sc, 3) | RT3593_VCOCAL); 2912 2913 if (sc->patch_dac && sc->mac_rev < 0x0211) { 2914 tmp = RAL_READ(sc, RT3070_LDO_CFG0); 2915 tmp = (tmp & ~0x1f000000) | 0x0d000000; 2916 RAL_WRITE(sc, RT3070_LDO_CFG0, tmp); 2917 } 2918} 2919 2920static int 2921rt3090_filter_calib(struct rt2860_softc *sc, uint8_t init, uint8_t target, 2922 uint8_t *val) 2923{ 2924 uint8_t rf22, rf24; 2925 uint8_t bbp55_pb, bbp55_sb, delta; 2926 int ntries; 2927 2928 /* program filter */ 2929 rf24 = rt3090_rf_read(sc, 24); 2930 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 2931 rt3090_rf_write(sc, 24, rf24); 2932 2933 /* enable baseband loopback mode */ 2934 rf22 = rt3090_rf_read(sc, 22); 2935 rt3090_rf_write(sc, 22, rf22 | RT3070_BB_LOOPBACK); 2936 2937 /* set power and frequency of passband test tone */ 2938 rt2860_mcu_bbp_write(sc, 24, 0x00); 2939 for (ntries = 0; ntries < 100; ntries++) { 2940 /* transmit test tone */ 2941 rt2860_mcu_bbp_write(sc, 25, 0x90); 2942 DELAY(1000); 2943 /* read received power */ 2944 bbp55_pb = rt2860_mcu_bbp_read(sc, 55); 2945 if (bbp55_pb != 0) 2946 break; 2947 } 2948 if (ntries == 100) 2949 return (ETIMEDOUT); 2950 2951 /* set power and frequency of stopband test tone */ 2952 rt2860_mcu_bbp_write(sc, 24, 0x06); 2953 for (ntries = 0; ntries < 100; ntries++) { 2954 /* transmit test tone */ 2955 rt2860_mcu_bbp_write(sc, 25, 0x90); 2956 DELAY(1000); 2957 /* read received power */ 2958 bbp55_sb = rt2860_mcu_bbp_read(sc, 55); 2959 2960 delta = bbp55_pb - bbp55_sb; 2961 if (delta > target) 2962 break; 2963 2964 /* reprogram filter */ 2965 rf24++; 2966 rt3090_rf_write(sc, 24, rf24); 2967 } 2968 if (ntries < 100) { 2969 if (rf24 != init) 2970 rf24--; /* backtrack */ 2971 *val = rf24; 2972 rt3090_rf_write(sc, 24, rf24); 2973 } 2974 2975 /* restore initial state */ 2976 rt2860_mcu_bbp_write(sc, 24, 0x00); 2977 2978 /* disable baseband loopback mode */ 2979 rf22 = rt3090_rf_read(sc, 22); 2980 rt3090_rf_write(sc, 22, rf22 & ~RT3070_BB_LOOPBACK); 2981 2982 return (0); 2983} 2984 2985static void 2986rt3090_rf_setup(struct rt2860_softc *sc) 2987{ 2988 uint8_t bbp; 2989 int i; 2990 2991 if (sc->mac_rev >= 0x0211) { 2992 /* enable DC filter */ 2993 rt2860_mcu_bbp_write(sc, 103, 0xc0); 2994 2995 /* improve power consumption */ 2996 bbp = rt2860_mcu_bbp_read(sc, 31); 2997 rt2860_mcu_bbp_write(sc, 31, bbp & ~0x03); 2998 } 2999 3000 RAL_WRITE(sc, RT2860_TX_SW_CFG1, 0); 3001 if (sc->mac_rev < 0x0211) { 3002 RAL_WRITE(sc, RT2860_TX_SW_CFG2, 3003 sc->patch_dac ? 0x2c : 0x0f); 3004 } else 3005 RAL_WRITE(sc, RT2860_TX_SW_CFG2, 0); 3006 3007 /* initialize RF registers from ROM */ 3008 if (sc->mac_ver < 0x5390) { 3009 for (i = 0; i < 10; i++) { 3010 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 3011 continue; 3012 rt3090_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 3013 } 3014 } 3015} 3016 3017static void 3018rt2860_set_leds(struct rt2860_softc *sc, uint16_t which) 3019{ 3020 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 3021 which | (sc->leds & 0x7f), 0); 3022} 3023 3024/* 3025 * Hardware has a general-purpose programmable timer interrupt that can 3026 * periodically raise MAC_INT_4. 3027 */ 3028static void 3029rt2860_set_gp_timer(struct rt2860_softc *sc, int ms) 3030{ 3031 uint32_t tmp; 3032 3033 /* disable GP timer before reprogramming it */ 3034 tmp = RAL_READ(sc, RT2860_INT_TIMER_EN); 3035 RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp & ~RT2860_GP_TIMER_EN); 3036 3037 if (ms == 0) 3038 return; 3039 3040 tmp = RAL_READ(sc, RT2860_INT_TIMER_CFG); 3041 ms *= 16; /* Unit: 64us */ 3042 tmp = (tmp & 0xffff) | ms << RT2860_GP_TIMER_SHIFT; 3043 RAL_WRITE(sc, RT2860_INT_TIMER_CFG, tmp); 3044 3045 /* enable GP timer */ 3046 tmp = RAL_READ(sc, RT2860_INT_TIMER_EN); 3047 RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp | RT2860_GP_TIMER_EN); 3048} 3049 3050static void 3051rt2860_set_bssid(struct rt2860_softc *sc, const uint8_t *bssid) 3052{ 3053 RAL_WRITE(sc, RT2860_MAC_BSSID_DW0, 3054 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 3055 RAL_WRITE(sc, RT2860_MAC_BSSID_DW1, 3056 bssid[4] | bssid[5] << 8); 3057} 3058 3059static void 3060rt2860_set_macaddr(struct rt2860_softc *sc, const uint8_t *addr) 3061{ 3062 RAL_WRITE(sc, RT2860_MAC_ADDR_DW0, 3063 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 3064 RAL_WRITE(sc, RT2860_MAC_ADDR_DW1, 3065 addr[4] | addr[5] << 8 | 0xff << 16); 3066} 3067 3068static void 3069rt2860_updateslot(struct ieee80211com *ic) 3070{ 3071 struct rt2860_softc *sc = ic->ic_softc; 3072 uint32_t tmp; 3073 3074 tmp = RAL_READ(sc, RT2860_BKOFF_SLOT_CFG); 3075 tmp &= ~0xff; 3076 tmp |= IEEE80211_GET_SLOTTIME(ic); 3077 RAL_WRITE(sc, RT2860_BKOFF_SLOT_CFG, tmp); 3078} 3079 3080static void 3081rt2860_updateprot(struct rt2860_softc *sc) 3082{ 3083 struct ieee80211com *ic = &sc->sc_ic; 3084 uint32_t tmp; 3085 3086 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 3087 /* setup protection frame rate (MCS code) */ 3088 tmp |= IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ? 3089 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 3090 rt2860_rates[RT2860_RIDX_CCK11].mcs; 3091 3092 /* CCK frames don't require protection */ 3093 RAL_WRITE(sc, RT2860_CCK_PROT_CFG, tmp); 3094 3095 if (ic->ic_flags & IEEE80211_F_USEPROT) { 3096 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 3097 tmp |= RT2860_PROT_CTRL_RTS_CTS; 3098 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 3099 tmp |= RT2860_PROT_CTRL_CTS; 3100 } 3101 RAL_WRITE(sc, RT2860_OFDM_PROT_CFG, tmp); 3102} 3103 3104static void 3105rt2860_update_promisc(struct ieee80211com *ic) 3106{ 3107 struct rt2860_softc *sc = ic->ic_softc; 3108 uint32_t tmp; 3109 3110 tmp = RAL_READ(sc, RT2860_RX_FILTR_CFG); 3111 tmp &= ~RT2860_DROP_NOT_MYBSS; 3112 if (ic->ic_promisc == 0) 3113 tmp |= RT2860_DROP_NOT_MYBSS; 3114 RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp); 3115} 3116 3117static int 3118rt2860_updateedca(struct ieee80211com *ic) 3119{ 3120 struct rt2860_softc *sc = ic->ic_softc; 3121 const struct wmeParams *wmep; 3122 int aci; 3123 3124 wmep = ic->ic_wme.wme_chanParams.cap_wmeParams; 3125 3126 /* update MAC TX configuration registers */ 3127 for (aci = 0; aci < WME_NUM_AC; aci++) { 3128 RAL_WRITE(sc, RT2860_EDCA_AC_CFG(aci), 3129 wmep[aci].wmep_logcwmax << 16 | 3130 wmep[aci].wmep_logcwmin << 12 | 3131 wmep[aci].wmep_aifsn << 8 | 3132 wmep[aci].wmep_txopLimit); 3133 } 3134 3135 /* update SCH/DMA registers too */ 3136 RAL_WRITE(sc, RT2860_WMM_AIFSN_CFG, 3137 wmep[WME_AC_VO].wmep_aifsn << 12 | 3138 wmep[WME_AC_VI].wmep_aifsn << 8 | 3139 wmep[WME_AC_BK].wmep_aifsn << 4 | 3140 wmep[WME_AC_BE].wmep_aifsn); 3141 RAL_WRITE(sc, RT2860_WMM_CWMIN_CFG, 3142 wmep[WME_AC_VO].wmep_logcwmin << 12 | 3143 wmep[WME_AC_VI].wmep_logcwmin << 8 | 3144 wmep[WME_AC_BK].wmep_logcwmin << 4 | 3145 wmep[WME_AC_BE].wmep_logcwmin); 3146 RAL_WRITE(sc, RT2860_WMM_CWMAX_CFG, 3147 wmep[WME_AC_VO].wmep_logcwmax << 12 | 3148 wmep[WME_AC_VI].wmep_logcwmax << 8 | 3149 wmep[WME_AC_BK].wmep_logcwmax << 4 | 3150 wmep[WME_AC_BE].wmep_logcwmax); 3151 RAL_WRITE(sc, RT2860_WMM_TXOP0_CFG, 3152 wmep[WME_AC_BK].wmep_txopLimit << 16 | 3153 wmep[WME_AC_BE].wmep_txopLimit); 3154 RAL_WRITE(sc, RT2860_WMM_TXOP1_CFG, 3155 wmep[WME_AC_VO].wmep_txopLimit << 16 | 3156 wmep[WME_AC_VI].wmep_txopLimit); 3157 3158 return 0; 3159} 3160 3161#ifdef HW_CRYPTO 3162static int 3163rt2860_set_key(struct ieee80211com *ic, struct ieee80211_node *ni, 3164 struct ieee80211_key *k) 3165{ 3166 struct rt2860_softc *sc = ic->ic_softc; 3167 bus_size_t base; 3168 uint32_t attr; 3169 uint8_t mode, wcid, iv[8]; 3170 3171 /* defer setting of WEP keys until interface is brought up */ 3172 if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) != 3173 (IFF_UP | IFF_RUNNING)) 3174 return 0; 3175 3176 /* map net80211 cipher to RT2860 security mode */ 3177 switch (k->k_cipher) { 3178 case IEEE80211_CIPHER_WEP40: 3179 mode = RT2860_MODE_WEP40; 3180 break; 3181 case IEEE80211_CIPHER_WEP104: 3182 mode = RT2860_MODE_WEP104; 3183 break; 3184 case IEEE80211_CIPHER_TKIP: 3185 mode = RT2860_MODE_TKIP; 3186 break; 3187 case IEEE80211_CIPHER_CCMP: 3188 mode = RT2860_MODE_AES_CCMP; 3189 break; 3190 default: 3191 return EINVAL; 3192 } 3193 3194 if (k->k_flags & IEEE80211_KEY_GROUP) { 3195 wcid = 0; /* NB: update WCID0 for group keys */ 3196 base = RT2860_SKEY(0, k->k_id); 3197 } else { 3198 wcid = ((struct rt2860_node *)ni)->wcid; 3199 base = RT2860_PKEY(wcid); 3200 } 3201 3202 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 3203 RAL_WRITE_REGION_1(sc, base, k->k_key, 16); 3204#ifndef IEEE80211_STA_ONLY 3205 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 3206 RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[16], 8); 3207 RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[24], 8); 3208 } else 3209#endif 3210 { 3211 RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[24], 8); 3212 RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[16], 8); 3213 } 3214 } else 3215 RAL_WRITE_REGION_1(sc, base, k->k_key, k->k_len); 3216 3217 if (!(k->k_flags & IEEE80211_KEY_GROUP) || 3218 (k->k_flags & IEEE80211_KEY_TX)) { 3219 /* set initial packet number in IV+EIV */ 3220 if (k->k_cipher == IEEE80211_CIPHER_WEP40 || 3221 k->k_cipher == IEEE80211_CIPHER_WEP104) { 3222 uint32_t val = arc4random(); 3223 /* skip weak IVs from Fluhrer/Mantin/Shamir */ 3224 if (val >= 0x03ff00 && (val & 0xf8ff00) == 0x00ff00) 3225 val += 0x000100; 3226 iv[0] = val; 3227 iv[1] = val >> 8; 3228 iv[2] = val >> 16; 3229 iv[3] = k->k_id << 6; 3230 iv[4] = iv[5] = iv[6] = iv[7] = 0; 3231 } else { 3232 if (k->k_cipher == IEEE80211_CIPHER_TKIP) { 3233 iv[0] = k->k_tsc >> 8; 3234 iv[1] = (iv[0] | 0x20) & 0x7f; 3235 iv[2] = k->k_tsc; 3236 } else /* CCMP */ { 3237 iv[0] = k->k_tsc; 3238 iv[1] = k->k_tsc >> 8; 3239 iv[2] = 0; 3240 } 3241 iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV; 3242 iv[4] = k->k_tsc >> 16; 3243 iv[5] = k->k_tsc >> 24; 3244 iv[6] = k->k_tsc >> 32; 3245 iv[7] = k->k_tsc >> 40; 3246 } 3247 RAL_WRITE_REGION_1(sc, RT2860_IVEIV(wcid), iv, 8); 3248 } 3249 3250 if (k->k_flags & IEEE80211_KEY_GROUP) { 3251 /* install group key */ 3252 attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7); 3253 attr &= ~(0xf << (k->k_id * 4)); 3254 attr |= mode << (k->k_id * 4); 3255 RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr); 3256 } else { 3257 /* install pairwise key */ 3258 attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid)); 3259 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 3260 RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr); 3261 } 3262 return 0; 3263} 3264 3265static void 3266rt2860_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni, 3267 struct ieee80211_key *k) 3268{ 3269 struct rt2860_softc *sc = ic->ic_softc; 3270 uint32_t attr; 3271 uint8_t wcid; 3272 3273 if (k->k_flags & IEEE80211_KEY_GROUP) { 3274 /* remove group key */ 3275 attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7); 3276 attr &= ~(0xf << (k->k_id * 4)); 3277 RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr); 3278 3279 } else { 3280 /* remove pairwise key */ 3281 wcid = ((struct rt2860_node *)ni)->wcid; 3282 attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid)); 3283 attr &= ~0xf; 3284 RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr); 3285 } 3286} 3287#endif 3288 3289static int8_t 3290rt2860_rssi2dbm(struct rt2860_softc *sc, uint8_t rssi, uint8_t rxchain) 3291{ 3292 struct ieee80211com *ic = &sc->sc_ic; 3293 struct ieee80211_channel *c = ic->ic_curchan; 3294 int delta; 3295 3296 if (IEEE80211_IS_CHAN_5GHZ(c)) { 3297 u_int chan = ieee80211_chan2ieee(ic, c); 3298 delta = sc->rssi_5ghz[rxchain]; 3299 3300 /* determine channel group */ 3301 if (chan <= 64) 3302 delta -= sc->lna[1]; 3303 else if (chan <= 128) 3304 delta -= sc->lna[2]; 3305 else 3306 delta -= sc->lna[3]; 3307 } else 3308 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 3309 3310 return -12 - delta - rssi; 3311} 3312 3313/* 3314 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 3315 * Used to adjust per-rate Tx power registers. 3316 */ 3317static __inline uint32_t 3318b4inc(uint32_t b32, int8_t delta) 3319{ 3320 int8_t i, b4; 3321 3322 for (i = 0; i < 8; i++) { 3323 b4 = b32 & 0xf; 3324 b4 += delta; 3325 if (b4 < 0) 3326 b4 = 0; 3327 else if (b4 > 0xf) 3328 b4 = 0xf; 3329 b32 = b32 >> 4 | b4 << 28; 3330 } 3331 return b32; 3332} 3333 3334static const char * 3335rt2860_get_rf(uint16_t rev) 3336{ 3337 switch (rev) { 3338 case RT2860_RF_2820: return "RT2820"; 3339 case RT2860_RF_2850: return "RT2850"; 3340 case RT2860_RF_2720: return "RT2720"; 3341 case RT2860_RF_2750: return "RT2750"; 3342 case RT3070_RF_3020: return "RT3020"; 3343 case RT3070_RF_2020: return "RT2020"; 3344 case RT3070_RF_3021: return "RT3021"; 3345 case RT3070_RF_3022: return "RT3022"; 3346 case RT3070_RF_3052: return "RT3052"; 3347 case RT3070_RF_3320: return "RT3320"; 3348 case RT3070_RF_3053: return "RT3053"; 3349 case RT5390_RF_5360: return "RT5360"; 3350 case RT5390_RF_5390: return "RT5390"; 3351 default: return "unknown"; 3352 } 3353} 3354 3355static int 3356rt2860_read_eeprom(struct rt2860_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN]) 3357{ 3358 int8_t delta_2ghz, delta_5ghz; 3359 uint32_t tmp; 3360 uint16_t val; 3361 int ridx, ant, i; 3362 3363 /* check whether the ROM is eFUSE ROM or EEPROM */ 3364 sc->sc_srom_read = rt2860_eeprom_read_2; 3365 if (sc->mac_ver >= 0x3071) { 3366 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL); 3367 DPRINTF(("EFUSE_CTRL=0x%08x\n", tmp)); 3368 if (tmp & RT3070_SEL_EFUSE) 3369 sc->sc_srom_read = rt3090_efuse_read_2; 3370 } 3371 3372#ifdef RAL_DEBUG 3373 /* read EEPROM version */ 3374 val = rt2860_srom_read(sc, RT2860_EEPROM_VERSION); 3375 DPRINTF(("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff)); 3376#endif 3377 3378 /* read MAC address */ 3379 val = rt2860_srom_read(sc, RT2860_EEPROM_MAC01); 3380 macaddr[0] = val & 0xff; 3381 macaddr[1] = val >> 8; 3382 val = rt2860_srom_read(sc, RT2860_EEPROM_MAC23); 3383 macaddr[2] = val & 0xff; 3384 macaddr[3] = val >> 8; 3385 val = rt2860_srom_read(sc, RT2860_EEPROM_MAC45); 3386 macaddr[4] = val & 0xff; 3387 macaddr[5] = val >> 8; 3388 3389#ifdef RAL_DEBUG 3390 /* read country code */ 3391 val = rt2860_srom_read(sc, RT2860_EEPROM_COUNTRY); 3392 DPRINTF(("EEPROM region code=0x%04x\n", val)); 3393#endif 3394 3395 /* read vendor BBP settings */ 3396 for (i = 0; i < 8; i++) { 3397 val = rt2860_srom_read(sc, RT2860_EEPROM_BBP_BASE + i); 3398 sc->bbp[i].val = val & 0xff; 3399 sc->bbp[i].reg = val >> 8; 3400 DPRINTF(("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val)); 3401 } 3402 if (sc->mac_ver >= 0x3071) { 3403 /* read vendor RF settings */ 3404 for (i = 0; i < 10; i++) { 3405 val = rt2860_srom_read(sc, RT3071_EEPROM_RF_BASE + i); 3406 sc->rf[i].val = val & 0xff; 3407 sc->rf[i].reg = val >> 8; 3408 DPRINTF(("RF%d=0x%02x\n", sc->rf[i].reg, 3409 sc->rf[i].val)); 3410 } 3411 } 3412 3413 /* read RF frequency offset from EEPROM */ 3414 val = rt2860_srom_read(sc, RT2860_EEPROM_FREQ_LEDS); 3415 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 3416 DPRINTF(("EEPROM freq offset %d\n", sc->freq & 0xff)); 3417 if ((val >> 8) != 0xff) { 3418 /* read LEDs operating mode */ 3419 sc->leds = val >> 8; 3420 sc->led[0] = rt2860_srom_read(sc, RT2860_EEPROM_LED1); 3421 sc->led[1] = rt2860_srom_read(sc, RT2860_EEPROM_LED2); 3422 sc->led[2] = rt2860_srom_read(sc, RT2860_EEPROM_LED3); 3423 } else { 3424 /* broken EEPROM, use default settings */ 3425 sc->leds = 0x01; 3426 sc->led[0] = 0x5555; 3427 sc->led[1] = 0x2221; 3428 sc->led[2] = 0xa9f8; 3429 } 3430 DPRINTF(("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 3431 sc->leds, sc->led[0], sc->led[1], sc->led[2])); 3432 3433 /* read RF information */ 3434 val = rt2860_srom_read(sc, RT2860_EEPROM_ANTENNA); 3435 if (sc->mac_ver >= 0x5390) 3436 sc->rf_rev = rt2860_srom_read(sc, RT2860_EEPROM_CHIPID); 3437 else 3438 sc->rf_rev = (val >> 8) & 0xf; 3439 sc->ntxchains = (val >> 4) & 0xf; 3440 sc->nrxchains = val & 0xf; 3441 DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n", 3442 sc->rf_rev, sc->ntxchains, sc->nrxchains)); 3443 3444 /* check if RF supports automatic Tx access gain control */ 3445 val = rt2860_srom_read(sc, RT2860_EEPROM_CONFIG); 3446 DPRINTF(("EEPROM CFG 0x%04x\n", val)); 3447 /* check if driver should patch the DAC issue */ 3448 if ((val >> 8) != 0xff) 3449 sc->patch_dac = (val >> 15) & 1; 3450 if ((val & 0xff) != 0xff) { 3451 sc->ext_5ghz_lna = (val >> 3) & 1; 3452 sc->ext_2ghz_lna = (val >> 2) & 1; 3453 /* check if RF supports automatic Tx access gain control */ 3454 sc->calib_2ghz = sc->calib_5ghz = 0; /* XXX (val >> 1) & 1 */ 3455 /* check if we have a hardware radio switch */ 3456 sc->rfswitch = val & 1; 3457 } 3458 if (sc->sc_flags & RT2860_ADVANCED_PS) { 3459 /* read PCIe power save level */ 3460 val = rt2860_srom_read(sc, RT2860_EEPROM_PCIE_PSLEVEL); 3461 if ((val & 0xff) != 0xff) { 3462 sc->pslevel = val & 0x3; 3463 val = rt2860_srom_read(sc, RT2860_EEPROM_REV); 3464 if ((val & 0xff80) != 0x9280) 3465 sc->pslevel = MIN(sc->pslevel, 1); 3466 DPRINTF(("EEPROM PCIe PS Level=%d\n", sc->pslevel)); 3467 } 3468 } 3469 3470 /* read power settings for 2GHz channels */ 3471 for (i = 0; i < 14; i += 2) { 3472 val = rt2860_srom_read(sc, 3473 RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2); 3474 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 3475 sc->txpow1[i + 1] = (int8_t)(val >> 8); 3476 3477 if (sc->mac_ver != 0x5390) { 3478 val = rt2860_srom_read(sc, 3479 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2); 3480 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 3481 sc->txpow2[i + 1] = (int8_t)(val >> 8); 3482 } 3483 } 3484 /* fix broken Tx power entries */ 3485 for (i = 0; i < 14; i++) { 3486 if (sc->txpow1[i] < 0 || 3487 sc->txpow1[i] > ((sc->mac_ver >= 0x5390) ? 39 : 31)) 3488 sc->txpow1[i] = 5; 3489 if (sc->mac_ver != 0x5390) { 3490 if (sc->txpow2[i] < 0 || 3491 sc->txpow2[i] > ((sc->mac_ver == 0x5392) ? 39 : 31)) 3492 sc->txpow2[i] = 5; 3493 } 3494 DPRINTF(("chan %d: power1=%d, power2=%d\n", 3495 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i])); 3496 } 3497 /* read power settings for 5GHz channels */ 3498 for (i = 0; i < 40; i += 2) { 3499 val = rt2860_srom_read(sc, 3500 RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2); 3501 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 3502 sc->txpow1[i + 15] = (int8_t)(val >> 8); 3503 3504 val = rt2860_srom_read(sc, 3505 RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2); 3506 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 3507 sc->txpow2[i + 15] = (int8_t)(val >> 8); 3508 } 3509 /* fix broken Tx power entries */ 3510 for (i = 0; i < 40; i++) { 3511 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 3512 sc->txpow1[14 + i] = 5; 3513 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 3514 sc->txpow2[14 + i] = 5; 3515 DPRINTF(("chan %d: power1=%d, power2=%d\n", 3516 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 3517 sc->txpow2[14 + i])); 3518 } 3519 3520 /* read Tx power compensation for each Tx rate */ 3521 val = rt2860_srom_read(sc, RT2860_EEPROM_DELTAPWR); 3522 delta_2ghz = delta_5ghz = 0; 3523 if ((val & 0xff) != 0xff && (val & 0x80)) { 3524 delta_2ghz = val & 0xf; 3525 if (!(val & 0x40)) /* negative number */ 3526 delta_2ghz = -delta_2ghz; 3527 } 3528 val >>= 8; 3529 if ((val & 0xff) != 0xff && (val & 0x80)) { 3530 delta_5ghz = val & 0xf; 3531 if (!(val & 0x40)) /* negative number */ 3532 delta_5ghz = -delta_5ghz; 3533 } 3534 DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n", 3535 delta_2ghz, delta_5ghz)); 3536 3537 for (ridx = 0; ridx < 5; ridx++) { 3538 uint32_t reg; 3539 3540 val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2); 3541 reg = val; 3542 val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1); 3543 reg |= (uint32_t)val << 16; 3544 3545 sc->txpow20mhz[ridx] = reg; 3546 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 3547 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 3548 3549 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 3550 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 3551 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx])); 3552 } 3553 3554 /* read factory-calibrated samples for temperature compensation */ 3555 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_2GHZ); 3556 sc->tssi_2ghz[0] = val & 0xff; /* [-4] */ 3557 sc->tssi_2ghz[1] = val >> 8; /* [-3] */ 3558 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_2GHZ); 3559 sc->tssi_2ghz[2] = val & 0xff; /* [-2] */ 3560 sc->tssi_2ghz[3] = val >> 8; /* [-1] */ 3561 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_2GHZ); 3562 sc->tssi_2ghz[4] = val & 0xff; /* [+0] */ 3563 sc->tssi_2ghz[5] = val >> 8; /* [+1] */ 3564 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_2GHZ); 3565 sc->tssi_2ghz[6] = val & 0xff; /* [+2] */ 3566 sc->tssi_2ghz[7] = val >> 8; /* [+3] */ 3567 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_2GHZ); 3568 sc->tssi_2ghz[8] = val & 0xff; /* [+4] */ 3569 sc->step_2ghz = val >> 8; 3570 DPRINTF(("TSSI 2GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x " 3571 "0x%02x 0x%02x step=%d\n", sc->tssi_2ghz[0], sc->tssi_2ghz[1], 3572 sc->tssi_2ghz[2], sc->tssi_2ghz[3], sc->tssi_2ghz[4], 3573 sc->tssi_2ghz[5], sc->tssi_2ghz[6], sc->tssi_2ghz[7], 3574 sc->tssi_2ghz[8], sc->step_2ghz)); 3575 /* check that ref value is correct, otherwise disable calibration */ 3576 if (sc->tssi_2ghz[4] == 0xff) 3577 sc->calib_2ghz = 0; 3578 3579 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_5GHZ); 3580 sc->tssi_5ghz[0] = val & 0xff; /* [-4] */ 3581 sc->tssi_5ghz[1] = val >> 8; /* [-3] */ 3582 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_5GHZ); 3583 sc->tssi_5ghz[2] = val & 0xff; /* [-2] */ 3584 sc->tssi_5ghz[3] = val >> 8; /* [-1] */ 3585 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_5GHZ); 3586 sc->tssi_5ghz[4] = val & 0xff; /* [+0] */ 3587 sc->tssi_5ghz[5] = val >> 8; /* [+1] */ 3588 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_5GHZ); 3589 sc->tssi_5ghz[6] = val & 0xff; /* [+2] */ 3590 sc->tssi_5ghz[7] = val >> 8; /* [+3] */ 3591 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_5GHZ); 3592 sc->tssi_5ghz[8] = val & 0xff; /* [+4] */ 3593 sc->step_5ghz = val >> 8; 3594 DPRINTF(("TSSI 5GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x " 3595 "0x%02x 0x%02x step=%d\n", sc->tssi_5ghz[0], sc->tssi_5ghz[1], 3596 sc->tssi_5ghz[2], sc->tssi_5ghz[3], sc->tssi_5ghz[4], 3597 sc->tssi_5ghz[5], sc->tssi_5ghz[6], sc->tssi_5ghz[7], 3598 sc->tssi_5ghz[8], sc->step_5ghz)); 3599 /* check that ref value is correct, otherwise disable calibration */ 3600 if (sc->tssi_5ghz[4] == 0xff) 3601 sc->calib_5ghz = 0; 3602 3603 /* read RSSI offsets and LNA gains from EEPROM */ 3604 val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ); 3605 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 3606 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 3607 val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ); 3608 if (sc->mac_ver >= 0x3071) { 3609 /* 3610 * On RT3090 chips (limited to 2 Rx chains), this ROM 3611 * field contains the Tx mixer gain for the 2GHz band. 3612 */ 3613 if ((val & 0xff) != 0xff) 3614 sc->txmixgain_2ghz = val & 0x7; 3615 DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz)); 3616 } else 3617 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 3618 sc->lna[2] = val >> 8; /* channel group 2 */ 3619 3620 val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ); 3621 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 3622 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 3623 val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ); 3624 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 3625 sc->lna[3] = val >> 8; /* channel group 3 */ 3626 3627 val = rt2860_srom_read(sc, RT2860_EEPROM_LNA); 3628 if (sc->mac_ver >= 0x3071) 3629 sc->lna[0] = RT3090_DEF_LNA; 3630 else /* channel group 0 */ 3631 sc->lna[0] = val & 0xff; 3632 sc->lna[1] = val >> 8; /* channel group 1 */ 3633 3634 /* fix broken 5GHz LNA entries */ 3635 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 3636 DPRINTF(("invalid LNA for channel group %d\n", 2)); 3637 sc->lna[2] = sc->lna[1]; 3638 } 3639 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 3640 DPRINTF(("invalid LNA for channel group %d\n", 3)); 3641 sc->lna[3] = sc->lna[1]; 3642 } 3643 3644 /* fix broken RSSI offset entries */ 3645 for (ant = 0; ant < 3; ant++) { 3646 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 3647 DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n", 3648 ant + 1, sc->rssi_2ghz[ant])); 3649 sc->rssi_2ghz[ant] = 0; 3650 } 3651 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 3652 DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n", 3653 ant + 1, sc->rssi_5ghz[ant])); 3654 sc->rssi_5ghz[ant] = 0; 3655 } 3656 } 3657 3658 return 0; 3659} 3660 3661static int 3662rt2860_bbp_init(struct rt2860_softc *sc) 3663{ 3664 int i, ntries; 3665 3666 /* wait for BBP to wake up */ 3667 for (ntries = 0; ntries < 20; ntries++) { 3668 uint8_t bbp0 = rt2860_mcu_bbp_read(sc, 0); 3669 if (bbp0 != 0 && bbp0 != 0xff) 3670 break; 3671 } 3672 if (ntries == 20) { 3673 device_printf(sc->sc_dev, 3674 "timeout waiting for BBP to wake up\n"); 3675 return (ETIMEDOUT); 3676 } 3677 3678 /* initialize BBP registers to default values */ 3679 if (sc->mac_ver >= 0x5390) 3680 rt5390_bbp_init(sc); 3681 else { 3682 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 3683 rt2860_mcu_bbp_write(sc, rt2860_def_bbp[i].reg, 3684 rt2860_def_bbp[i].val); 3685 } 3686 } 3687 3688 /* fix BBP84 for RT2860E */ 3689 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 3690 rt2860_mcu_bbp_write(sc, 84, 0x19); 3691 3692 if (sc->mac_ver >= 0x3071) { 3693 rt2860_mcu_bbp_write(sc, 79, 0x13); 3694 rt2860_mcu_bbp_write(sc, 80, 0x05); 3695 rt2860_mcu_bbp_write(sc, 81, 0x33); 3696 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 3697 rt2860_mcu_bbp_write(sc, 69, 0x16); 3698 rt2860_mcu_bbp_write(sc, 73, 0x12); 3699 } 3700 3701 return 0; 3702} 3703 3704static void 3705rt5390_bbp_init(struct rt2860_softc *sc) 3706{ 3707 uint8_t bbp; 3708 int i; 3709 3710 /* Apply maximum likelihood detection for 2 stream case. */ 3711 if (sc->nrxchains > 1) { 3712 bbp = rt2860_mcu_bbp_read(sc, 105); 3713 rt2860_mcu_bbp_write(sc, 105, bbp | RT5390_MLD); 3714 } 3715 3716 /* Avoid data lost and CRC error. */ 3717 bbp = rt2860_mcu_bbp_read(sc, 4); 3718 rt2860_mcu_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 3719 3720 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 3721 rt2860_mcu_bbp_write(sc, rt5390_def_bbp[i].reg, 3722 rt5390_def_bbp[i].val); 3723 } 3724 3725 if (sc->mac_ver == 0x5392) { 3726 rt2860_mcu_bbp_write(sc, 84, 0x9a); 3727 rt2860_mcu_bbp_write(sc, 95, 0x9a); 3728 rt2860_mcu_bbp_write(sc, 98, 0x12); 3729 rt2860_mcu_bbp_write(sc, 106, 0x05); 3730 rt2860_mcu_bbp_write(sc, 134, 0xd0); 3731 rt2860_mcu_bbp_write(sc, 135, 0xf6); 3732 } 3733 3734 bbp = rt2860_mcu_bbp_read(sc, 152); 3735 rt2860_mcu_bbp_write(sc, 152, bbp | 0x80); 3736 3737 /* Disable hardware antenna diversity. */ 3738 if (sc->mac_ver == 0x5390) 3739 rt2860_mcu_bbp_write(sc, 154, 0); 3740} 3741 3742static int 3743rt2860_txrx_enable(struct rt2860_softc *sc) 3744{ 3745 struct ieee80211com *ic = &sc->sc_ic; 3746 uint32_t tmp; 3747 int ntries; 3748 3749 /* enable Tx/Rx DMA engine */ 3750 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 3751 RAL_BARRIER_READ_WRITE(sc); 3752 for (ntries = 0; ntries < 200; ntries++) { 3753 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG); 3754 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 3755 break; 3756 DELAY(1000); 3757 } 3758 if (ntries == 200) { 3759 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 3760 return ETIMEDOUT; 3761 } 3762 3763 DELAY(50); 3764 3765 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | 3766 RT2860_WPDMA_BT_SIZE64 << RT2860_WPDMA_BT_SIZE_SHIFT; 3767 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp); 3768 3769 /* set Rx filter */ 3770 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 3771 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 3772 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 3773 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 3774 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 3775 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 3776 if (ic->ic_opmode == IEEE80211_M_STA) 3777 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 3778 } 3779 RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp); 3780 3781 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 3782 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 3783 3784 return 0; 3785} 3786 3787static void 3788rt2860_init(void *arg) 3789{ 3790 struct rt2860_softc *sc = arg; 3791 struct ieee80211com *ic = &sc->sc_ic; 3792 3793 RAL_LOCK(sc); 3794 rt2860_init_locked(sc); 3795 RAL_UNLOCK(sc); 3796 3797 if (sc->sc_flags & RT2860_RUNNING) 3798 ieee80211_start_all(ic); 3799} 3800 3801static void 3802rt2860_init_locked(struct rt2860_softc *sc) 3803{ 3804 struct ieee80211com *ic = &sc->sc_ic; 3805 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3806 uint32_t tmp; 3807 uint8_t bbp1, bbp3; 3808 int i, qid, ridx, ntries, error; 3809 3810 RAL_LOCK_ASSERT(sc); 3811 3812 if (sc->rfswitch) { 3813 /* hardware has a radio switch on GPIO pin 2 */ 3814 if (!(RAL_READ(sc, RT2860_GPIO_CTRL) & (1 << 2))) { 3815 device_printf(sc->sc_dev, 3816 "radio is disabled by hardware switch\n"); 3817#ifdef notyet 3818 rt2860_stop_locked(sc); 3819 return; 3820#endif 3821 } 3822 } 3823 RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE); 3824 3825 /* disable DMA */ 3826 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG); 3827 tmp &= ~(RT2860_RX_DMA_BUSY | RT2860_RX_DMA_EN | RT2860_TX_DMA_BUSY | 3828 RT2860_TX_DMA_EN); 3829 tmp |= RT2860_TX_WB_DDONE; 3830 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp); 3831 3832 /* reset DMA indexes */ 3833 RAL_WRITE(sc, RT2860_WPDMA_RST_IDX, RT2860_RST_DRX_IDX0 | 3834 RT2860_RST_DTX_IDX5 | RT2860_RST_DTX_IDX4 | RT2860_RST_DTX_IDX3 | 3835 RT2860_RST_DTX_IDX2 | RT2860_RST_DTX_IDX1 | RT2860_RST_DTX_IDX0); 3836 3837 /* PBF hardware reset */ 3838 RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f); 3839 RAL_BARRIER_WRITE(sc); 3840 RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00); 3841 3842 if ((error = rt2860_load_microcode(sc)) != 0) { 3843 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 3844 rt2860_stop_locked(sc); 3845 return; 3846 } 3847 3848 rt2860_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 3849 3850 /* init Tx power for all Tx rates (from EEPROM) */ 3851 for (ridx = 0; ridx < 5; ridx++) { 3852 if (sc->txpow20mhz[ridx] == 0xffffffff) 3853 continue; 3854 RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 3855 } 3856 3857 for (ntries = 0; ntries < 100; ntries++) { 3858 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG); 3859 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 3860 break; 3861 DELAY(1000); 3862 } 3863 if (ntries == 100) { 3864 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 3865 rt2860_stop_locked(sc); 3866 return; 3867 } 3868 tmp &= ~(RT2860_RX_DMA_BUSY | RT2860_RX_DMA_EN | RT2860_TX_DMA_BUSY | 3869 RT2860_TX_DMA_EN); 3870 tmp |= RT2860_TX_WB_DDONE; 3871 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp); 3872 3873 /* reset Rx ring and all 6 Tx rings */ 3874 RAL_WRITE(sc, RT2860_WPDMA_RST_IDX, 0x1003f); 3875 3876 /* PBF hardware reset */ 3877 RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f); 3878 RAL_BARRIER_WRITE(sc); 3879 RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00); 3880 3881 RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE | RT2860_IO_RF_PE); 3882 3883 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 3884 RAL_BARRIER_WRITE(sc); 3885 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0); 3886 3887 for (i = 0; i < nitems(rt2860_def_mac); i++) 3888 RAL_WRITE(sc, rt2860_def_mac[i].reg, rt2860_def_mac[i].val); 3889 if (sc->mac_ver >= 0x5390) 3890 RAL_WRITE(sc, RT2860_TX_SW_CFG0, 0x00000404); 3891 else if (sc->mac_ver >= 0x3071) { 3892 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 3893 RAL_WRITE(sc, RT2860_TX_SW_CFG0, 3894 4 << RT2860_DLY_PAPE_EN_SHIFT); 3895 } 3896 3897 if (!(RAL_READ(sc, RT2860_PCI_CFG) & RT2860_PCI_CFG_PCI)) { 3898 sc->sc_flags |= RT2860_PCIE; 3899 /* PCIe has different clock cycle count than PCI */ 3900 tmp = RAL_READ(sc, RT2860_US_CYC_CNT); 3901 tmp = (tmp & ~0xff) | 0x7d; 3902 RAL_WRITE(sc, RT2860_US_CYC_CNT, tmp); 3903 } 3904 3905 /* wait while MAC is busy */ 3906 for (ntries = 0; ntries < 100; ntries++) { 3907 if (!(RAL_READ(sc, RT2860_MAC_STATUS_REG) & 3908 (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 3909 break; 3910 DELAY(1000); 3911 } 3912 if (ntries == 100) { 3913 device_printf(sc->sc_dev, "timeout waiting for MAC\n"); 3914 rt2860_stop_locked(sc); 3915 return; 3916 } 3917 3918 /* clear Host to MCU mailbox */ 3919 RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0); 3920 RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0); 3921 3922 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0); 3923 DELAY(1000); 3924 3925 if ((error = rt2860_bbp_init(sc)) != 0) { 3926 rt2860_stop_locked(sc); 3927 return; 3928 } 3929 3930 /* clear RX WCID search table */ 3931 RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 3932 /* clear pairwise key table */ 3933 RAL_SET_REGION_4(sc, RT2860_PKEY(0), 0, 2048); 3934 /* clear IV/EIV table */ 3935 RAL_SET_REGION_4(sc, RT2860_IVEIV(0), 0, 512); 3936 /* clear WCID attribute table */ 3937 RAL_SET_REGION_4(sc, RT2860_WCID_ATTR(0), 0, 256); 3938 /* clear shared key table */ 3939 RAL_SET_REGION_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 3940 /* clear shared key mode */ 3941 RAL_SET_REGION_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 3942 3943 /* init Tx rings (4 EDCAs + HCCA + Mgt) */ 3944 for (qid = 0; qid < 6; qid++) { 3945 RAL_WRITE(sc, RT2860_TX_BASE_PTR(qid), sc->txq[qid].paddr); 3946 RAL_WRITE(sc, RT2860_TX_MAX_CNT(qid), RT2860_TX_RING_COUNT); 3947 RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), 0); 3948 } 3949 3950 /* init Rx ring */ 3951 RAL_WRITE(sc, RT2860_RX_BASE_PTR, sc->rxq.paddr); 3952 RAL_WRITE(sc, RT2860_RX_MAX_CNT, RT2860_RX_RING_COUNT); 3953 RAL_WRITE(sc, RT2860_RX_CALC_IDX, RT2860_RX_RING_COUNT - 1); 3954 3955 /* setup maximum buffer sizes */ 3956 RAL_WRITE(sc, RT2860_MAX_LEN_CFG, 1 << 12 | 3957 (MCLBYTES - sizeof (struct rt2860_rxwi) - 2)); 3958 3959 for (ntries = 0; ntries < 100; ntries++) { 3960 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG); 3961 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 3962 break; 3963 DELAY(1000); 3964 } 3965 if (ntries == 100) { 3966 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 3967 rt2860_stop_locked(sc); 3968 return; 3969 } 3970 tmp &= ~(RT2860_RX_DMA_BUSY | RT2860_RX_DMA_EN | RT2860_TX_DMA_BUSY | 3971 RT2860_TX_DMA_EN); 3972 tmp |= RT2860_TX_WB_DDONE; 3973 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp); 3974 3975 /* disable interrupts mitigation */ 3976 RAL_WRITE(sc, RT2860_DELAY_INT_CFG, 0); 3977 3978 /* write vendor-specific BBP values (from EEPROM) */ 3979 for (i = 0; i < 8; i++) { 3980 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 3981 continue; 3982 rt2860_mcu_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 3983 } 3984 3985 /* select Main antenna for 1T1R devices */ 3986 if (sc->rf_rev == RT3070_RF_2020 || 3987 sc->rf_rev == RT3070_RF_3020 || 3988 sc->rf_rev == RT3070_RF_3320 || 3989 sc->mac_ver == 0x5390) 3990 rt3090_set_rx_antenna(sc, 0); 3991 3992 /* send LEDs operating mode to microcontroller */ 3993 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0], 0); 3994 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1], 0); 3995 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2], 0); 3996 3997 if (sc->mac_ver >= 0x5390) 3998 rt5390_rf_init(sc); 3999 else if (sc->mac_ver >= 0x3071) { 4000 if ((error = rt3090_rf_init(sc)) != 0) { 4001 rt2860_stop_locked(sc); 4002 return; 4003 } 4004 } 4005 4006 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_SLEEP, 0x02ff, 1); 4007 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_WAKEUP, 0, 1); 4008 4009 if (sc->mac_ver >= 0x5390) 4010 rt5390_rf_wakeup(sc); 4011 else if (sc->mac_ver >= 0x3071) 4012 rt3090_rf_wakeup(sc); 4013 4014 /* disable non-existing Rx chains */ 4015 bbp3 = rt2860_mcu_bbp_read(sc, 3); 4016 bbp3 &= ~(1 << 3 | 1 << 4); 4017 if (sc->nrxchains == 2) 4018 bbp3 |= 1 << 3; 4019 else if (sc->nrxchains == 3) 4020 bbp3 |= 1 << 4; 4021 rt2860_mcu_bbp_write(sc, 3, bbp3); 4022 4023 /* disable non-existing Tx chains */ 4024 bbp1 = rt2860_mcu_bbp_read(sc, 1); 4025 if (sc->ntxchains == 1) 4026 bbp1 = (bbp1 & ~(1 << 3 | 1 << 4)); 4027 else if (sc->mac_ver == 0x3593 && sc->ntxchains == 2) 4028 bbp1 = (bbp1 & ~(1 << 4)) | 1 << 3; 4029 else if (sc->mac_ver == 0x3593 && sc->ntxchains == 3) 4030 bbp1 = (bbp1 & ~(1 << 3)) | 1 << 4; 4031 rt2860_mcu_bbp_write(sc, 1, bbp1); 4032 4033 if (sc->mac_ver >= 0x3071) 4034 rt3090_rf_setup(sc); 4035 4036 /* select default channel */ 4037 rt2860_switch_chan(sc, ic->ic_curchan); 4038 4039 /* reset RF from MCU */ 4040 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0); 4041 4042 /* set RTS threshold */ 4043 tmp = RAL_READ(sc, RT2860_TX_RTS_CFG); 4044 tmp &= ~0xffff00; 4045 tmp |= IEEE80211_RTS_DEFAULT << 8; 4046 RAL_WRITE(sc, RT2860_TX_RTS_CFG, tmp); 4047 4048 /* setup initial protection mode */ 4049 rt2860_updateprot(sc); 4050 4051 /* turn radio LED on */ 4052 rt2860_set_leds(sc, RT2860_LED_RADIO); 4053 4054 /* enable Tx/Rx DMA engine */ 4055 if ((error = rt2860_txrx_enable(sc)) != 0) { 4056 rt2860_stop_locked(sc); 4057 return; 4058 } 4059 4060 /* clear pending interrupts */ 4061 RAL_WRITE(sc, RT2860_INT_STATUS, 0xffffffff); 4062 /* enable interrupts */ 4063 RAL_WRITE(sc, RT2860_INT_MASK, 0x3fffc); 4064 4065 if (sc->sc_flags & RT2860_ADVANCED_PS) 4066 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_PSLEVEL, sc->pslevel, 0); 4067 4068 sc->sc_flags |= RT2860_RUNNING; 4069 4070 callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc); 4071} 4072 4073static void 4074rt2860_stop(void *arg) 4075{ 4076 struct rt2860_softc *sc = arg; 4077 4078 RAL_LOCK(sc); 4079 rt2860_stop_locked(sc); 4080 RAL_UNLOCK(sc); 4081} 4082 4083static void 4084rt2860_stop_locked(struct rt2860_softc *sc) 4085{ 4086 uint32_t tmp; 4087 int qid; 4088 4089 if (sc->sc_flags & RT2860_RUNNING) 4090 rt2860_set_leds(sc, 0); /* turn all LEDs off */ 4091 4092 callout_stop(&sc->watchdog_ch); 4093 sc->sc_tx_timer = 0; 4094 sc->sc_flags &= ~RT2860_RUNNING; 4095 4096 /* disable interrupts */ 4097 RAL_WRITE(sc, RT2860_INT_MASK, 0); 4098 4099 /* disable GP timer */ 4100 rt2860_set_gp_timer(sc, 0); 4101 4102 /* disable Rx */ 4103 tmp = RAL_READ(sc, RT2860_MAC_SYS_CTRL); 4104 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4105 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, tmp); 4106 4107 /* reset adapter */ 4108 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 4109 RAL_BARRIER_WRITE(sc); 4110 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0); 4111 4112 /* reset Tx and Rx rings (and reclaim TXWIs) */ 4113 sc->qfullmsk = 0; 4114 for (qid = 0; qid < 6; qid++) 4115 rt2860_reset_tx_ring(sc, &sc->txq[qid]); 4116 rt2860_reset_rx_ring(sc, &sc->rxq); 4117} 4118 4119int 4120rt2860_load_microcode(struct rt2860_softc *sc) 4121{ 4122 const struct firmware *fp; 4123 int ntries, error; 4124 4125 RAL_LOCK_ASSERT(sc); 4126 4127 RAL_UNLOCK(sc); 4128 fp = firmware_get("rt2860fw"); 4129 RAL_LOCK(sc); 4130 if (fp == NULL) { 4131 device_printf(sc->sc_dev, 4132 "unable to receive rt2860fw firmware image\n"); 4133 return EINVAL; 4134 } 4135 4136 /* set "host program ram write selection" bit */ 4137 RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_HST_PM_SEL); 4138 /* write microcode image */ 4139 RAL_WRITE_REGION_1(sc, RT2860_FW_BASE, fp->data, fp->datasize); 4140 /* kick microcontroller unit */ 4141 RAL_WRITE(sc, RT2860_SYS_CTRL, 0); 4142 RAL_BARRIER_WRITE(sc); 4143 RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_MCU_RESET); 4144 4145 RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0); 4146 RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0); 4147 4148 /* wait until microcontroller is ready */ 4149 RAL_BARRIER_READ_WRITE(sc); 4150 for (ntries = 0; ntries < 1000; ntries++) { 4151 if (RAL_READ(sc, RT2860_SYS_CTRL) & RT2860_MCU_READY) 4152 break; 4153 DELAY(1000); 4154 } 4155 if (ntries == 1000) { 4156 device_printf(sc->sc_dev, 4157 "timeout waiting for MCU to initialize\n"); 4158 error = ETIMEDOUT; 4159 } else 4160 error = 0; 4161 4162 firmware_put(fp, FIRMWARE_UNLOAD); 4163 return error; 4164} 4165 4166/* 4167 * This function is called periodically to adjust Tx power based on 4168 * temperature variation. 4169 */ 4170#ifdef NOT_YET 4171static void 4172rt2860_calib(struct rt2860_softc *sc) 4173{ 4174 struct ieee80211com *ic = &sc->sc_ic; 4175 const uint8_t *tssi; 4176 uint8_t step, bbp49; 4177 int8_t ridx, d; 4178 4179 /* read current temperature */ 4180 bbp49 = rt2860_mcu_bbp_read(sc, 49); 4181 4182 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_bss->ni_chan)) { 4183 tssi = &sc->tssi_2ghz[4]; 4184 step = sc->step_2ghz; 4185 } else { 4186 tssi = &sc->tssi_5ghz[4]; 4187 step = sc->step_5ghz; 4188 } 4189 4190 if (bbp49 < tssi[0]) { /* lower than reference */ 4191 /* use higher Tx power than default */ 4192 for (d = 0; d > -4 && bbp49 <= tssi[d - 1]; d--); 4193 } else if (bbp49 > tssi[0]) { /* greater than reference */ 4194 /* use lower Tx power than default */ 4195 for (d = 0; d < +4 && bbp49 >= tssi[d + 1]; d++); 4196 } else { 4197 /* use default Tx power */ 4198 d = 0; 4199 } 4200 d *= step; 4201 4202 DPRINTF(("BBP49=0x%02x, adjusting Tx power by %d\n", bbp49, d)); 4203 4204 /* write adjusted Tx power values for each Tx rate */ 4205 for (ridx = 0; ridx < 5; ridx++) { 4206 if (sc->txpow20mhz[ridx] == 0xffffffff) 4207 continue; 4208 RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx), 4209 b4inc(sc->txpow20mhz[ridx], d)); 4210 } 4211} 4212#endif 4213 4214static void 4215rt3090_set_rx_antenna(struct rt2860_softc *sc, int aux) 4216{ 4217 uint32_t tmp; 4218 4219 if (aux) { 4220 if (sc->mac_ver == 0x5390) { 4221 rt2860_mcu_bbp_write(sc, 152, 4222 rt2860_mcu_bbp_read(sc, 152) & ~0x80); 4223 } else { 4224 tmp = RAL_READ(sc, RT2860_PCI_EECTRL); 4225 RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp & ~RT2860_C); 4226 tmp = RAL_READ(sc, RT2860_GPIO_CTRL); 4227 RAL_WRITE(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4228 } 4229 } else { 4230 if (sc->mac_ver == 0x5390) { 4231 rt2860_mcu_bbp_write(sc, 152, 4232 rt2860_mcu_bbp_read(sc, 152) | 0x80); 4233 } else { 4234 tmp = RAL_READ(sc, RT2860_PCI_EECTRL); 4235 RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp | RT2860_C); 4236 tmp = RAL_READ(sc, RT2860_GPIO_CTRL); 4237 RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4238 } 4239 } 4240} 4241 4242static void 4243rt2860_switch_chan(struct rt2860_softc *sc, struct ieee80211_channel *c) 4244{ 4245 struct ieee80211com *ic = &sc->sc_ic; 4246 u_int chan, group; 4247 4248 chan = ieee80211_chan2ieee(ic, c); 4249 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4250 return; 4251 4252 if (sc->mac_ver >= 0x5390) 4253 rt5390_set_chan(sc, chan); 4254 else if (sc->mac_ver >= 0x3071) 4255 rt3090_set_chan(sc, chan); 4256 else 4257 rt2860_set_chan(sc, chan); 4258 4259 /* determine channel group */ 4260 if (chan <= 14) 4261 group = 0; 4262 else if (chan <= 64) 4263 group = 1; 4264 else if (chan <= 128) 4265 group = 2; 4266 else 4267 group = 3; 4268 4269 /* XXX necessary only when group has changed! */ 4270 if (sc->mac_ver < 0x5390) 4271 rt2860_select_chan_group(sc, group); 4272 4273 DELAY(1000); 4274} 4275 4276static int 4277rt2860_setup_beacon(struct rt2860_softc *sc, struct ieee80211vap *vap) 4278{ 4279 struct ieee80211com *ic = vap->iv_ic; 4280 struct rt2860_txwi txwi; 4281 struct mbuf *m; 4282 int ridx; 4283 4284 if ((m = ieee80211_beacon_alloc(vap->iv_bss)) == NULL) 4285 return ENOBUFS; 4286 4287 memset(&txwi, 0, sizeof txwi); 4288 txwi.wcid = 0xff; 4289 txwi.len = htole16(m->m_pkthdr.len); 4290 /* send beacons at the lowest available rate */ 4291 ridx = IEEE80211_IS_CHAN_5GHZ(ic->ic_bsschan) ? 4292 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4293 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4294 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4295 txwi.phy |= htole16(RT2860_PHY_OFDM); 4296 txwi.txop = RT2860_TX_TXOP_HT; 4297 txwi.flags = RT2860_TX_TS; 4298 txwi.xflags = RT2860_TX_NSEQ; 4299 4300 RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0), 4301 (uint8_t *)&txwi, sizeof txwi); 4302 RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0) + sizeof txwi, 4303 mtod(m, uint8_t *), m->m_pkthdr.len); 4304 4305 m_freem(m); 4306 4307 return 0; 4308} 4309 4310static void 4311rt2860_enable_tsf_sync(struct rt2860_softc *sc) 4312{ 4313 struct ieee80211com *ic = &sc->sc_ic; 4314 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4315 uint32_t tmp; 4316 4317 tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG); 4318 4319 tmp &= ~0x1fffff; 4320 tmp |= vap->iv_bss->ni_intval * 16; 4321 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4322 if (vap->iv_opmode == IEEE80211_M_STA) { 4323 /* 4324 * Local TSF is always updated with remote TSF on beacon 4325 * reception. 4326 */ 4327 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4328 } 4329 else if (vap->iv_opmode == IEEE80211_M_IBSS || 4330 vap->iv_opmode == IEEE80211_M_MBSS) { 4331 tmp |= RT2860_BCN_TX_EN; 4332 /* 4333 * Local TSF is updated with remote TSF on beacon reception 4334 * only if the remote TSF is greater than local TSF. 4335 */ 4336 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4337 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 4338 tmp |= RT2860_BCN_TX_EN; 4339 /* SYNC with nobody */ 4340 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4341 } 4342 4343 RAL_WRITE(sc, RT2860_BCN_TIME_CFG, tmp); 4344} 4345