1/*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD: releng/11.0/sys/dev/usb/wlan/if_run.c 301302 2016-06-04 07:18:39Z adrian $"); 22 23/*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28#include <sys/param.h> 29#include <sys/sockio.h> 30#include <sys/sysctl.h> 31#include <sys/lock.h> 32#include <sys/mutex.h> 33#include <sys/mbuf.h> 34#include <sys/kernel.h> 35#include <sys/socket.h> 36#include <sys/systm.h> 37#include <sys/malloc.h> 38#include <sys/module.h> 39#include <sys/bus.h> 40#include <sys/endian.h> 41#include <sys/linker.h> 42#include <sys/firmware.h> 43#include <sys/kdb.h> 44 45#include <machine/bus.h> 46#include <machine/resource.h> 47#include <sys/rman.h> 48 49#include <net/bpf.h> 50#include <net/if.h> 51#include <net/if_var.h> 52#include <net/if_arp.h> 53#include <net/ethernet.h> 54#include <net/if_dl.h> 55#include <net/if_media.h> 56#include <net/if_types.h> 57 58#include <netinet/in.h> 59#include <netinet/in_systm.h> 60#include <netinet/in_var.h> 61#include <netinet/if_ether.h> 62#include <netinet/ip.h> 63 64#include <net80211/ieee80211_var.h> 65#include <net80211/ieee80211_regdomain.h> 66#include <net80211/ieee80211_radiotap.h> 67#include <net80211/ieee80211_ratectl.h> 68 69#include <dev/usb/usb.h> 70#include <dev/usb/usbdi.h> 71#include "usbdevs.h" 72 73#define USB_DEBUG_VAR run_debug 74#include <dev/usb/usb_debug.h> 75#include <dev/usb/usb_msctest.h> 76 77#include <dev/usb/wlan/if_runreg.h> 78#include <dev/usb/wlan/if_runvar.h> 79 80#ifdef USB_DEBUG 81#define RUN_DEBUG 82#endif 83 84#ifdef RUN_DEBUG 85int run_debug = 0; 86static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89#endif 90 91#define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 92 93/* 94 * Because of LOR in run_key_delete(), use atomic instead. 95 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 96 */ 97#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 98 99static const STRUCT_USB_HOST_ID run_devs[] = { 100#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 101#define RUN_DEV_EJECT(v,p) \ 102 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 103#define RUN_EJECT 1 104 RUN_DEV(ABOCOM, RT2770), 105 RUN_DEV(ABOCOM, RT2870), 106 RUN_DEV(ABOCOM, RT3070), 107 RUN_DEV(ABOCOM, RT3071), 108 RUN_DEV(ABOCOM, RT3072), 109 RUN_DEV(ABOCOM2, RT2870_1), 110 RUN_DEV(ACCTON, RT2770), 111 RUN_DEV(ACCTON, RT2870_1), 112 RUN_DEV(ACCTON, RT2870_2), 113 RUN_DEV(ACCTON, RT2870_3), 114 RUN_DEV(ACCTON, RT2870_4), 115 RUN_DEV(ACCTON, RT2870_5), 116 RUN_DEV(ACCTON, RT3070), 117 RUN_DEV(ACCTON, RT3070_1), 118 RUN_DEV(ACCTON, RT3070_2), 119 RUN_DEV(ACCTON, RT3070_3), 120 RUN_DEV(ACCTON, RT3070_4), 121 RUN_DEV(ACCTON, RT3070_5), 122 RUN_DEV(AIRTIES, RT3070), 123 RUN_DEV(ALLWIN, RT2070), 124 RUN_DEV(ALLWIN, RT2770), 125 RUN_DEV(ALLWIN, RT2870), 126 RUN_DEV(ALLWIN, RT3070), 127 RUN_DEV(ALLWIN, RT3071), 128 RUN_DEV(ALLWIN, RT3072), 129 RUN_DEV(ALLWIN, RT3572), 130 RUN_DEV(AMIGO, RT2870_1), 131 RUN_DEV(AMIGO, RT2870_2), 132 RUN_DEV(AMIT, CGWLUSB2GNR), 133 RUN_DEV(AMIT, RT2870_1), 134 RUN_DEV(AMIT2, RT2870), 135 RUN_DEV(ASUS, RT2870_1), 136 RUN_DEV(ASUS, RT2870_2), 137 RUN_DEV(ASUS, RT2870_3), 138 RUN_DEV(ASUS, RT2870_4), 139 RUN_DEV(ASUS, RT2870_5), 140 RUN_DEV(ASUS, USBN13), 141 RUN_DEV(ASUS, RT3070_1), 142 RUN_DEV(ASUS, USBN66), 143 RUN_DEV(ASUS, USB_N53), 144 RUN_DEV(ASUS2, USBN11), 145 RUN_DEV(AZUREWAVE, RT2870_1), 146 RUN_DEV(AZUREWAVE, RT2870_2), 147 RUN_DEV(AZUREWAVE, RT3070_1), 148 RUN_DEV(AZUREWAVE, RT3070_2), 149 RUN_DEV(AZUREWAVE, RT3070_3), 150 RUN_DEV(BELKIN, F9L1103), 151 RUN_DEV(BELKIN, F5D8053V3), 152 RUN_DEV(BELKIN, F5D8055), 153 RUN_DEV(BELKIN, F5D8055V2), 154 RUN_DEV(BELKIN, F6D4050V1), 155 RUN_DEV(BELKIN, F6D4050V2), 156 RUN_DEV(BELKIN, RT2870_1), 157 RUN_DEV(BELKIN, RT2870_2), 158 RUN_DEV(CISCOLINKSYS, AE1000), 159 RUN_DEV(CISCOLINKSYS2, RT3070), 160 RUN_DEV(CISCOLINKSYS3, RT3070), 161 RUN_DEV(CONCEPTRONIC2, RT2870_1), 162 RUN_DEV(CONCEPTRONIC2, RT2870_2), 163 RUN_DEV(CONCEPTRONIC2, RT2870_3), 164 RUN_DEV(CONCEPTRONIC2, RT2870_4), 165 RUN_DEV(CONCEPTRONIC2, RT2870_5), 166 RUN_DEV(CONCEPTRONIC2, RT2870_6), 167 RUN_DEV(CONCEPTRONIC2, RT2870_7), 168 RUN_DEV(CONCEPTRONIC2, RT2870_8), 169 RUN_DEV(CONCEPTRONIC2, RT3070_1), 170 RUN_DEV(CONCEPTRONIC2, RT3070_2), 171 RUN_DEV(CONCEPTRONIC2, VIGORN61), 172 RUN_DEV(COREGA, CGWLUSB300GNM), 173 RUN_DEV(COREGA, RT2870_1), 174 RUN_DEV(COREGA, RT2870_2), 175 RUN_DEV(COREGA, RT2870_3), 176 RUN_DEV(COREGA, RT3070), 177 RUN_DEV(CYBERTAN, RT2870), 178 RUN_DEV(DLINK, RT2870), 179 RUN_DEV(DLINK, RT3072), 180 RUN_DEV(DLINK, DWA127), 181 RUN_DEV(DLINK, DWA140B3), 182 RUN_DEV(DLINK, DWA160B2), 183 RUN_DEV(DLINK, DWA140D1), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, WLIUCG300HP), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCG300HPV1), 235 RUN_DEV(MELCO, WLIUCGNM2), 236 RUN_DEV(MOTOROLA4, RT2770), 237 RUN_DEV(MOTOROLA4, RT3070), 238 RUN_DEV(MSI, RT3070_1), 239 RUN_DEV(MSI, RT3070_2), 240 RUN_DEV(MSI, RT3070_3), 241 RUN_DEV(MSI, RT3070_4), 242 RUN_DEV(MSI, RT3070_5), 243 RUN_DEV(MSI, RT3070_6), 244 RUN_DEV(MSI, RT3070_7), 245 RUN_DEV(MSI, RT3070_8), 246 RUN_DEV(MSI, RT3070_9), 247 RUN_DEV(MSI, RT3070_10), 248 RUN_DEV(MSI, RT3070_11), 249 RUN_DEV(NETGEAR, WNDA4100), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324#undef RUN_DEV_EJECT 325#undef RUN_DEV 326}; 327 328static device_probe_t run_match; 329static device_attach_t run_attach; 330static device_detach_t run_detach; 331 332static usb_callback_t run_bulk_rx_callback; 333static usb_callback_t run_bulk_tx_callback0; 334static usb_callback_t run_bulk_tx_callback1; 335static usb_callback_t run_bulk_tx_callback2; 336static usb_callback_t run_bulk_tx_callback3; 337static usb_callback_t run_bulk_tx_callback4; 338static usb_callback_t run_bulk_tx_callback5; 339 340static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342static int run_driver_loaded(struct module *, int, void *); 343static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349static void run_vap_delete(struct ieee80211vap *); 350static void run_cmdq_cb(void *, int); 351static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355static int run_load_microcode(struct run_softc *); 356static int run_reset(struct run_softc *); 357static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359static int run_read(struct run_softc *, uint16_t, uint32_t *); 360static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362static int run_write(struct run_softc *, uint16_t, uint32_t); 363static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375static const char *run_get_rf(uint16_t); 376static void run_rt3593_get_txpower(struct run_softc *); 377static void run_get_txpower(struct run_softc *); 378static int run_read_eeprom(struct run_softc *); 379static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381static int run_media_change(struct ifnet *); 382static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383static int run_wme_update(struct ieee80211com *); 384static void run_key_set_cb(void *); 385static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 386static void run_key_delete_cb(void *); 387static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 388static void run_ratectl_to(void *); 389static void run_ratectl_cb(void *, int); 390static void run_drain_fifo(void *); 391static void run_iter_func(void *, struct ieee80211_node *); 392static void run_newassoc_cb(void *); 393static void run_newassoc(struct ieee80211_node *, int); 394static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 395 const struct ieee80211_rx_stats *, int, int); 396static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 397static void run_tx_free(struct run_endpoint_queue *pq, 398 struct run_tx_data *, int); 399static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 400static int run_tx(struct run_softc *, struct mbuf *, 401 struct ieee80211_node *); 402static int run_tx_mgt(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404static int run_sendprot(struct run_softc *, const struct mbuf *, 405 struct ieee80211_node *, int, int); 406static int run_tx_param(struct run_softc *, struct mbuf *, 407 struct ieee80211_node *, 408 const struct ieee80211_bpf_params *); 409static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 410 const struct ieee80211_bpf_params *); 411static int run_transmit(struct ieee80211com *, struct mbuf *); 412static void run_start(struct run_softc *); 413static void run_parent(struct ieee80211com *); 414static void run_iq_calib(struct run_softc *, u_int); 415static void run_set_agc(struct run_softc *, uint8_t); 416static void run_select_chan_group(struct run_softc *, int); 417static void run_set_rx_antenna(struct run_softc *, int); 418static void run_rt2870_set_chan(struct run_softc *, u_int); 419static void run_rt3070_set_chan(struct run_softc *, u_int); 420static void run_rt3572_set_chan(struct run_softc *, u_int); 421static void run_rt3593_set_chan(struct run_softc *, u_int); 422static void run_rt5390_set_chan(struct run_softc *, u_int); 423static void run_rt5592_set_chan(struct run_softc *, u_int); 424static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 425static void run_set_channel(struct ieee80211com *); 426static void run_getradiocaps(struct ieee80211com *, int, int *, 427 struct ieee80211_channel[]); 428static void run_scan_start(struct ieee80211com *); 429static void run_scan_end(struct ieee80211com *); 430static void run_update_beacon(struct ieee80211vap *, int); 431static void run_update_beacon_cb(void *); 432static void run_updateprot(struct ieee80211com *); 433static void run_updateprot_cb(void *); 434static void run_usb_timeout_cb(void *); 435static void run_reset_livelock(struct run_softc *); 436static void run_enable_tsf_sync(struct run_softc *); 437static void run_enable_tsf(struct run_softc *); 438static void run_get_tsf(struct run_softc *, uint64_t *); 439static void run_enable_mrr(struct run_softc *); 440static void run_set_txpreamble(struct run_softc *); 441static void run_set_basicrates(struct run_softc *); 442static void run_set_leds(struct run_softc *, uint16_t); 443static void run_set_bssid(struct run_softc *, const uint8_t *); 444static void run_set_macaddr(struct run_softc *, const uint8_t *); 445static void run_updateslot(struct ieee80211com *); 446static void run_updateslot_cb(void *); 447static void run_update_mcast(struct ieee80211com *); 448static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 449static void run_update_promisc_locked(struct run_softc *); 450static void run_update_promisc(struct ieee80211com *); 451static void run_rt5390_bbp_init(struct run_softc *); 452static int run_bbp_init(struct run_softc *); 453static int run_rt3070_rf_init(struct run_softc *); 454static void run_rt3593_rf_init(struct run_softc *); 455static void run_rt5390_rf_init(struct run_softc *); 456static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 457 uint8_t *); 458static void run_rt3070_rf_setup(struct run_softc *); 459static void run_rt3593_rf_setup(struct run_softc *); 460static void run_rt5390_rf_setup(struct run_softc *); 461static int run_txrx_enable(struct run_softc *); 462static void run_adjust_freq_offset(struct run_softc *); 463static void run_init_locked(struct run_softc *); 464static void run_stop(void *); 465static void run_delay(struct run_softc *, u_int); 466 467static eventhandler_tag run_etag; 468 469static const struct rt2860_rate { 470 uint8_t rate; 471 uint8_t mcs; 472 enum ieee80211_phytype phy; 473 uint8_t ctl_ridx; 474 uint16_t sp_ack_dur; 475 uint16_t lp_ack_dur; 476} rt2860_rates[] = { 477 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 478 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 479 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 480 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 481 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 482 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 483 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 484 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 485 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 486 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 487 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 488 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 489}; 490 491static const struct { 492 uint16_t reg; 493 uint32_t val; 494} rt2870_def_mac[] = { 495 RT2870_DEF_MAC 496}; 497 498static const struct { 499 uint8_t reg; 500 uint8_t val; 501} rt2860_def_bbp[] = { 502 RT2860_DEF_BBP 503},rt5390_def_bbp[] = { 504 RT5390_DEF_BBP 505},rt5592_def_bbp[] = { 506 RT5592_DEF_BBP 507}; 508 509/* 510 * Default values for BBP register R196 for RT5592. 511 */ 512static const uint8_t rt5592_bbp_r196[] = { 513 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 514 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 515 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 516 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 517 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 518 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 519 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 520 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 521 0x2e, 0x36, 0x30, 0x6e 522}; 523 524static const struct rfprog { 525 uint8_t chan; 526 uint32_t r1, r2, r3, r4; 527} rt2860_rf2850[] = { 528 RT2860_RF2850 529}; 530 531struct { 532 uint8_t n, r, k; 533} rt3070_freqs[] = { 534 RT3070_RF3052 535}; 536 537static const struct rt5592_freqs { 538 uint16_t n; 539 uint8_t k, m, r; 540} rt5592_freqs_20mhz[] = { 541 RT5592_RF5592_20MHZ 542},rt5592_freqs_40mhz[] = { 543 RT5592_RF5592_40MHZ 544}; 545 546static const struct { 547 uint8_t reg; 548 uint8_t val; 549} rt3070_def_rf[] = { 550 RT3070_DEF_RF 551},rt3572_def_rf[] = { 552 RT3572_DEF_RF 553},rt3593_def_rf[] = { 554 RT3593_DEF_RF 555},rt5390_def_rf[] = { 556 RT5390_DEF_RF 557},rt5392_def_rf[] = { 558 RT5392_DEF_RF 559},rt5592_def_rf[] = { 560 RT5592_DEF_RF 561},rt5592_2ghz_def_rf[] = { 562 RT5592_2GHZ_DEF_RF 563},rt5592_5ghz_def_rf[] = { 564 RT5592_5GHZ_DEF_RF 565}; 566 567static const struct { 568 u_int firstchan; 569 u_int lastchan; 570 uint8_t reg; 571 uint8_t val; 572} rt5592_chan_5ghz[] = { 573 RT5592_CHAN_5GHZ 574}; 575 576static const struct usb_config run_config[RUN_N_XFER] = { 577 [RUN_BULK_TX_BE] = { 578 .type = UE_BULK, 579 .endpoint = UE_ADDR_ANY, 580 .ep_index = 0, 581 .direction = UE_DIR_OUT, 582 .bufsize = RUN_MAX_TXSZ, 583 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 584 .callback = run_bulk_tx_callback0, 585 .timeout = 5000, /* ms */ 586 }, 587 [RUN_BULK_TX_BK] = { 588 .type = UE_BULK, 589 .endpoint = UE_ADDR_ANY, 590 .direction = UE_DIR_OUT, 591 .ep_index = 1, 592 .bufsize = RUN_MAX_TXSZ, 593 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 594 .callback = run_bulk_tx_callback1, 595 .timeout = 5000, /* ms */ 596 }, 597 [RUN_BULK_TX_VI] = { 598 .type = UE_BULK, 599 .endpoint = UE_ADDR_ANY, 600 .direction = UE_DIR_OUT, 601 .ep_index = 2, 602 .bufsize = RUN_MAX_TXSZ, 603 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 604 .callback = run_bulk_tx_callback2, 605 .timeout = 5000, /* ms */ 606 }, 607 [RUN_BULK_TX_VO] = { 608 .type = UE_BULK, 609 .endpoint = UE_ADDR_ANY, 610 .direction = UE_DIR_OUT, 611 .ep_index = 3, 612 .bufsize = RUN_MAX_TXSZ, 613 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 614 .callback = run_bulk_tx_callback3, 615 .timeout = 5000, /* ms */ 616 }, 617 [RUN_BULK_TX_HCCA] = { 618 .type = UE_BULK, 619 .endpoint = UE_ADDR_ANY, 620 .direction = UE_DIR_OUT, 621 .ep_index = 4, 622 .bufsize = RUN_MAX_TXSZ, 623 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 624 .callback = run_bulk_tx_callback4, 625 .timeout = 5000, /* ms */ 626 }, 627 [RUN_BULK_TX_PRIO] = { 628 .type = UE_BULK, 629 .endpoint = UE_ADDR_ANY, 630 .direction = UE_DIR_OUT, 631 .ep_index = 5, 632 .bufsize = RUN_MAX_TXSZ, 633 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 634 .callback = run_bulk_tx_callback5, 635 .timeout = 5000, /* ms */ 636 }, 637 [RUN_BULK_RX] = { 638 .type = UE_BULK, 639 .endpoint = UE_ADDR_ANY, 640 .direction = UE_DIR_IN, 641 .bufsize = RUN_MAX_RXSZ, 642 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 643 .callback = run_bulk_rx_callback, 644 } 645}; 646 647static void 648run_autoinst(void *arg, struct usb_device *udev, 649 struct usb_attach_arg *uaa) 650{ 651 struct usb_interface *iface; 652 struct usb_interface_descriptor *id; 653 654 if (uaa->dev_state != UAA_DEV_READY) 655 return; 656 657 iface = usbd_get_iface(udev, 0); 658 if (iface == NULL) 659 return; 660 id = iface->idesc; 661 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 662 return; 663 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 664 return; 665 666 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 667 uaa->dev_state = UAA_DEV_EJECTING; 668} 669 670static int 671run_driver_loaded(struct module *mod, int what, void *arg) 672{ 673 switch (what) { 674 case MOD_LOAD: 675 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 676 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 677 break; 678 case MOD_UNLOAD: 679 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 680 break; 681 default: 682 return (EOPNOTSUPP); 683 } 684 return (0); 685} 686 687static int 688run_match(device_t self) 689{ 690 struct usb_attach_arg *uaa = device_get_ivars(self); 691 692 if (uaa->usb_mode != USB_MODE_HOST) 693 return (ENXIO); 694 if (uaa->info.bConfigIndex != 0) 695 return (ENXIO); 696 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 697 return (ENXIO); 698 699 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 700} 701 702static int 703run_attach(device_t self) 704{ 705 struct run_softc *sc = device_get_softc(self); 706 struct usb_attach_arg *uaa = device_get_ivars(self); 707 struct ieee80211com *ic = &sc->sc_ic; 708 uint32_t ver; 709 uint8_t iface_index; 710 int ntries, error; 711 712 device_set_usb_desc(self); 713 sc->sc_udev = uaa->device; 714 sc->sc_dev = self; 715 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 716 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 717 718 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 719 MTX_NETWORK_LOCK, MTX_DEF); 720 mbufq_init(&sc->sc_snd, ifqmaxlen); 721 722 iface_index = RT2860_IFACE_INDEX; 723 724 error = usbd_transfer_setup(uaa->device, &iface_index, 725 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 726 if (error) { 727 device_printf(self, "could not allocate USB transfers, " 728 "err=%s\n", usbd_errstr(error)); 729 goto detach; 730 } 731 732 RUN_LOCK(sc); 733 734 /* wait for the chip to settle */ 735 for (ntries = 0; ntries < 100; ntries++) { 736 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 737 RUN_UNLOCK(sc); 738 goto detach; 739 } 740 if (ver != 0 && ver != 0xffffffff) 741 break; 742 run_delay(sc, 10); 743 } 744 if (ntries == 100) { 745 device_printf(sc->sc_dev, 746 "timeout waiting for NIC to initialize\n"); 747 RUN_UNLOCK(sc); 748 goto detach; 749 } 750 sc->mac_ver = ver >> 16; 751 sc->mac_rev = ver & 0xffff; 752 753 /* retrieve RF rev. no and various other things from EEPROM */ 754 run_read_eeprom(sc); 755 756 device_printf(sc->sc_dev, 757 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 758 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 759 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 760 761 RUN_UNLOCK(sc); 762 763 ic->ic_softc = sc; 764 ic->ic_name = device_get_nameunit(self); 765 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 766 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 767 768 /* set device capabilities */ 769 ic->ic_caps = 770 IEEE80211_C_STA | /* station mode supported */ 771 IEEE80211_C_MONITOR | /* monitor mode supported */ 772 IEEE80211_C_IBSS | 773 IEEE80211_C_HOSTAP | 774 IEEE80211_C_WDS | /* 4-address traffic works */ 775 IEEE80211_C_MBSS | 776 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 777 IEEE80211_C_SHSLOT | /* short slot time supported */ 778 IEEE80211_C_WME | /* WME */ 779 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 780 781 ic->ic_cryptocaps = 782 IEEE80211_CRYPTO_WEP | 783 IEEE80211_CRYPTO_AES_CCM | 784 IEEE80211_CRYPTO_TKIPMIC | 785 IEEE80211_CRYPTO_TKIP; 786 787 ic->ic_flags |= IEEE80211_F_DATAPAD; 788 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 789 790 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 791 ic->ic_channels); 792 793 ieee80211_ifattach(ic); 794 795 ic->ic_scan_start = run_scan_start; 796 ic->ic_scan_end = run_scan_end; 797 ic->ic_set_channel = run_set_channel; 798 ic->ic_getradiocaps = run_getradiocaps; 799 ic->ic_node_alloc = run_node_alloc; 800 ic->ic_newassoc = run_newassoc; 801 ic->ic_updateslot = run_updateslot; 802 ic->ic_update_mcast = run_update_mcast; 803 ic->ic_wme.wme_update = run_wme_update; 804 ic->ic_raw_xmit = run_raw_xmit; 805 ic->ic_update_promisc = run_update_promisc; 806 ic->ic_vap_create = run_vap_create; 807 ic->ic_vap_delete = run_vap_delete; 808 ic->ic_transmit = run_transmit; 809 ic->ic_parent = run_parent; 810 811 ieee80211_radiotap_attach(ic, 812 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 813 RUN_TX_RADIOTAP_PRESENT, 814 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 815 RUN_RX_RADIOTAP_PRESENT); 816 817 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 818 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 819 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 820 821 if (bootverbose) 822 ieee80211_announce(ic); 823 824 return (0); 825 826detach: 827 run_detach(self); 828 return (ENXIO); 829} 830 831static void 832run_drain_mbufq(struct run_softc *sc) 833{ 834 struct mbuf *m; 835 struct ieee80211_node *ni; 836 837 RUN_LOCK_ASSERT(sc, MA_OWNED); 838 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 839 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 840 m->m_pkthdr.rcvif = NULL; 841 ieee80211_free_node(ni); 842 m_freem(m); 843 } 844} 845 846static int 847run_detach(device_t self) 848{ 849 struct run_softc *sc = device_get_softc(self); 850 struct ieee80211com *ic = &sc->sc_ic; 851 int i; 852 853 RUN_LOCK(sc); 854 sc->sc_detached = 1; 855 RUN_UNLOCK(sc); 856 857 /* stop all USB transfers */ 858 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 859 860 RUN_LOCK(sc); 861 sc->ratectl_run = RUN_RATECTL_OFF; 862 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 863 864 /* free TX list, if any */ 865 for (i = 0; i != RUN_EP_QUEUES; i++) 866 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 867 868 /* Free TX queue */ 869 run_drain_mbufq(sc); 870 RUN_UNLOCK(sc); 871 872 if (sc->sc_ic.ic_softc == sc) { 873 /* drain tasks */ 874 usb_callout_drain(&sc->ratectl_ch); 875 ieee80211_draintask(ic, &sc->cmdq_task); 876 ieee80211_draintask(ic, &sc->ratectl_task); 877 ieee80211_ifdetach(ic); 878 } 879 880 mtx_destroy(&sc->sc_mtx); 881 882 return (0); 883} 884 885static struct ieee80211vap * 886run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 887 enum ieee80211_opmode opmode, int flags, 888 const uint8_t bssid[IEEE80211_ADDR_LEN], 889 const uint8_t mac[IEEE80211_ADDR_LEN]) 890{ 891 struct run_softc *sc = ic->ic_softc; 892 struct run_vap *rvp; 893 struct ieee80211vap *vap; 894 int i; 895 896 if (sc->rvp_cnt >= RUN_VAP_MAX) { 897 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 898 return (NULL); 899 } 900 901 switch (opmode) { 902 case IEEE80211_M_STA: 903 /* enable s/w bmiss handling for sta mode */ 904 flags |= IEEE80211_CLONE_NOBEACONS; 905 /* fall though */ 906 case IEEE80211_M_IBSS: 907 case IEEE80211_M_MONITOR: 908 case IEEE80211_M_HOSTAP: 909 case IEEE80211_M_MBSS: 910 /* other than WDS vaps, only one at a time */ 911 if (!TAILQ_EMPTY(&ic->ic_vaps)) 912 return (NULL); 913 break; 914 case IEEE80211_M_WDS: 915 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 916 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 917 continue; 918 /* WDS vap's always share the local mac address. */ 919 flags &= ~IEEE80211_CLONE_BSSID; 920 break; 921 } 922 if (vap == NULL) { 923 device_printf(sc->sc_dev, 924 "wds only supported in ap mode\n"); 925 return (NULL); 926 } 927 break; 928 default: 929 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 930 return (NULL); 931 } 932 933 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 934 vap = &rvp->vap; 935 936 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 937 bssid) != 0) { 938 /* out of memory */ 939 free(rvp, M_80211_VAP); 940 return (NULL); 941 } 942 943 vap->iv_update_beacon = run_update_beacon; 944 vap->iv_max_aid = RT2870_WCID_MAX; 945 /* 946 * To delete the right key from h/w, we need wcid. 947 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 948 * and matching wcid will be written into there. So, cast 949 * some spells to remove 'const' from ieee80211_key{} 950 */ 951 vap->iv_key_delete = (void *)run_key_delete; 952 vap->iv_key_set = (void *)run_key_set; 953 954 /* override state transition machine */ 955 rvp->newstate = vap->iv_newstate; 956 vap->iv_newstate = run_newstate; 957 if (opmode == IEEE80211_M_IBSS) { 958 rvp->recv_mgmt = vap->iv_recv_mgmt; 959 vap->iv_recv_mgmt = run_recv_mgmt; 960 } 961 962 ieee80211_ratectl_init(vap); 963 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 964 965 /* complete setup */ 966 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 967 mac); 968 969 /* make sure id is always unique */ 970 for (i = 0; i < RUN_VAP_MAX; i++) { 971 if((sc->rvp_bmap & 1 << i) == 0){ 972 sc->rvp_bmap |= 1 << i; 973 rvp->rvp_id = i; 974 break; 975 } 976 } 977 if (sc->rvp_cnt++ == 0) 978 ic->ic_opmode = opmode; 979 980 if (opmode == IEEE80211_M_HOSTAP) 981 sc->cmdq_run = RUN_CMDQ_GO; 982 983 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 984 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 985 986 return (vap); 987} 988 989static void 990run_vap_delete(struct ieee80211vap *vap) 991{ 992 struct run_vap *rvp = RUN_VAP(vap); 993 struct ieee80211com *ic; 994 struct run_softc *sc; 995 uint8_t rvp_id; 996 997 if (vap == NULL) 998 return; 999 1000 ic = vap->iv_ic; 1001 sc = ic->ic_softc; 1002 1003 RUN_LOCK(sc); 1004 1005 m_freem(rvp->beacon_mbuf); 1006 rvp->beacon_mbuf = NULL; 1007 1008 rvp_id = rvp->rvp_id; 1009 sc->ratectl_run &= ~(1 << rvp_id); 1010 sc->rvp_bmap &= ~(1 << rvp_id); 1011 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1012 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1013 --sc->rvp_cnt; 1014 1015 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1016 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1017 1018 RUN_UNLOCK(sc); 1019 1020 ieee80211_ratectl_deinit(vap); 1021 ieee80211_vap_detach(vap); 1022 free(rvp, M_80211_VAP); 1023} 1024 1025/* 1026 * There are numbers of functions need to be called in context thread. 1027 * Rather than creating taskqueue event for each of those functions, 1028 * here is all-for-one taskqueue callback function. This function 1029 * guarantees deferred functions are executed in the same order they 1030 * were enqueued. 1031 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1032 */ 1033static void 1034run_cmdq_cb(void *arg, int pending) 1035{ 1036 struct run_softc *sc = arg; 1037 uint8_t i; 1038 1039 /* call cmdq[].func locked */ 1040 RUN_LOCK(sc); 1041 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1042 i = sc->cmdq_exec, pending--) { 1043 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1044 if (sc->cmdq_run == RUN_CMDQ_GO) { 1045 /* 1046 * If arg0 is NULL, callback func needs more 1047 * than one arg. So, pass ptr to cmdq struct. 1048 */ 1049 if (sc->cmdq[i].arg0) 1050 sc->cmdq[i].func(sc->cmdq[i].arg0); 1051 else 1052 sc->cmdq[i].func(&sc->cmdq[i]); 1053 } 1054 sc->cmdq[i].arg0 = NULL; 1055 sc->cmdq[i].func = NULL; 1056 sc->cmdq_exec++; 1057 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1058 } 1059 RUN_UNLOCK(sc); 1060} 1061 1062static void 1063run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1064{ 1065 struct run_tx_data *data; 1066 1067 memset(pq, 0, sizeof(*pq)); 1068 1069 STAILQ_INIT(&pq->tx_qh); 1070 STAILQ_INIT(&pq->tx_fh); 1071 1072 for (data = &pq->tx_data[0]; 1073 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1074 data->sc = sc; 1075 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1076 } 1077 pq->tx_nfree = RUN_TX_RING_COUNT; 1078} 1079 1080static void 1081run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1082{ 1083 struct run_tx_data *data; 1084 1085 /* make sure any subsequent use of the queues will fail */ 1086 pq->tx_nfree = 0; 1087 STAILQ_INIT(&pq->tx_fh); 1088 STAILQ_INIT(&pq->tx_qh); 1089 1090 /* free up all node references and mbufs */ 1091 for (data = &pq->tx_data[0]; 1092 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1093 if (data->m != NULL) { 1094 m_freem(data->m); 1095 data->m = NULL; 1096 } 1097 if (data->ni != NULL) { 1098 ieee80211_free_node(data->ni); 1099 data->ni = NULL; 1100 } 1101 } 1102} 1103 1104static int 1105run_load_microcode(struct run_softc *sc) 1106{ 1107 usb_device_request_t req; 1108 const struct firmware *fw; 1109 const u_char *base; 1110 uint32_t tmp; 1111 int ntries, error; 1112 const uint64_t *temp; 1113 uint64_t bytes; 1114 1115 RUN_UNLOCK(sc); 1116 fw = firmware_get("runfw"); 1117 RUN_LOCK(sc); 1118 if (fw == NULL) { 1119 device_printf(sc->sc_dev, 1120 "failed loadfirmware of file %s\n", "runfw"); 1121 return ENOENT; 1122 } 1123 1124 if (fw->datasize != 8192) { 1125 device_printf(sc->sc_dev, 1126 "invalid firmware size (should be 8KB)\n"); 1127 error = EINVAL; 1128 goto fail; 1129 } 1130 1131 /* 1132 * RT3071/RT3072 use a different firmware 1133 * run-rt2870 (8KB) contains both, 1134 * first half (4KB) is for rt2870, 1135 * last half is for rt3071. 1136 */ 1137 base = fw->data; 1138 if ((sc->mac_ver) != 0x2860 && 1139 (sc->mac_ver) != 0x2872 && 1140 (sc->mac_ver) != 0x3070) { 1141 base += 4096; 1142 } 1143 1144 /* cheap sanity check */ 1145 temp = fw->data; 1146 bytes = *temp; 1147 if (bytes != be64toh(0xffffff0210280210ULL)) { 1148 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1149 error = EINVAL; 1150 goto fail; 1151 } 1152 1153 /* write microcode image */ 1154 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1155 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1156 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1157 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1158 } 1159 1160 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1161 req.bRequest = RT2870_RESET; 1162 USETW(req.wValue, 8); 1163 USETW(req.wIndex, 0); 1164 USETW(req.wLength, 0); 1165 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1166 != 0) { 1167 device_printf(sc->sc_dev, "firmware reset failed\n"); 1168 goto fail; 1169 } 1170 1171 run_delay(sc, 10); 1172 1173 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1174 run_write(sc, RT2860_H2M_MAILBOX, 0); 1175 run_write(sc, RT2860_H2M_INTSRC, 0); 1176 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1177 goto fail; 1178 1179 /* wait until microcontroller is ready */ 1180 for (ntries = 0; ntries < 1000; ntries++) { 1181 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1182 goto fail; 1183 if (tmp & RT2860_MCU_READY) 1184 break; 1185 run_delay(sc, 10); 1186 } 1187 if (ntries == 1000) { 1188 device_printf(sc->sc_dev, 1189 "timeout waiting for MCU to initialize\n"); 1190 error = ETIMEDOUT; 1191 goto fail; 1192 } 1193 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1194 (base == fw->data) ? "RT2870" : "RT3071", 1195 *(base + 4092), *(base + 4093)); 1196 1197fail: 1198 firmware_put(fw, FIRMWARE_UNLOAD); 1199 return (error); 1200} 1201 1202static int 1203run_reset(struct run_softc *sc) 1204{ 1205 usb_device_request_t req; 1206 1207 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1208 req.bRequest = RT2870_RESET; 1209 USETW(req.wValue, 1); 1210 USETW(req.wIndex, 0); 1211 USETW(req.wLength, 0); 1212 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1213} 1214 1215static usb_error_t 1216run_do_request(struct run_softc *sc, 1217 struct usb_device_request *req, void *data) 1218{ 1219 usb_error_t err; 1220 int ntries = 10; 1221 1222 RUN_LOCK_ASSERT(sc, MA_OWNED); 1223 1224 while (ntries--) { 1225 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1226 req, data, 0, NULL, 250 /* ms */); 1227 if (err == 0) 1228 break; 1229 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1230 usbd_errstr(err)); 1231 run_delay(sc, 10); 1232 } 1233 return (err); 1234} 1235 1236static int 1237run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1238{ 1239 uint32_t tmp; 1240 int error; 1241 1242 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1243 if (error == 0) 1244 *val = le32toh(tmp); 1245 else 1246 *val = 0xffffffff; 1247 return (error); 1248} 1249 1250static int 1251run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1252{ 1253 usb_device_request_t req; 1254 1255 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1256 req.bRequest = RT2870_READ_REGION_1; 1257 USETW(req.wValue, 0); 1258 USETW(req.wIndex, reg); 1259 USETW(req.wLength, len); 1260 1261 return (run_do_request(sc, &req, buf)); 1262} 1263 1264static int 1265run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1266{ 1267 usb_device_request_t req; 1268 1269 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1270 req.bRequest = RT2870_WRITE_2; 1271 USETW(req.wValue, val); 1272 USETW(req.wIndex, reg); 1273 USETW(req.wLength, 0); 1274 1275 return (run_do_request(sc, &req, NULL)); 1276} 1277 1278static int 1279run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1280{ 1281 int error; 1282 1283 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1284 error = run_write_2(sc, reg + 2, val >> 16); 1285 return (error); 1286} 1287 1288static int 1289run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1290 int len) 1291{ 1292#if 1 1293 int i, error = 0; 1294 /* 1295 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1296 * We thus issue multiple WRITE_2 commands instead. 1297 */ 1298 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1299 for (i = 0; i < len && error == 0; i += 2) 1300 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1301 return (error); 1302#else 1303 usb_device_request_t req; 1304 int error = 0; 1305 1306 /* 1307 * NOTE: It appears the WRITE_REGION_1 command cannot be 1308 * passed a huge amount of data, which will crash the 1309 * firmware. Limit amount of data passed to 64-bytes at a 1310 * time. 1311 */ 1312 while (len > 0) { 1313 int delta = 64; 1314 if (delta > len) 1315 delta = len; 1316 1317 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1318 req.bRequest = RT2870_WRITE_REGION_1; 1319 USETW(req.wValue, 0); 1320 USETW(req.wIndex, reg); 1321 USETW(req.wLength, delta); 1322 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1323 if (error != 0) 1324 break; 1325 reg += delta; 1326 buf += delta; 1327 len -= delta; 1328 } 1329 return (error); 1330#endif 1331} 1332 1333static int 1334run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1335{ 1336 int i, error = 0; 1337 1338 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1339 for (i = 0; i < len && error == 0; i += 4) 1340 error = run_write(sc, reg + i, val); 1341 return (error); 1342} 1343 1344static int 1345run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1346{ 1347 uint32_t tmp; 1348 uint16_t reg; 1349 int error, ntries; 1350 1351 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1352 return (error); 1353 1354 if (count == 2) 1355 addr *= 2; 1356 /*- 1357 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1358 * DATA0: F E D C 1359 * DATA1: B A 9 8 1360 * DATA2: 7 6 5 4 1361 * DATA3: 3 2 1 0 1362 */ 1363 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1364 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1365 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1366 for (ntries = 0; ntries < 100; ntries++) { 1367 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1368 return (error); 1369 if (!(tmp & RT3070_EFSROM_KICK)) 1370 break; 1371 run_delay(sc, 2); 1372 } 1373 if (ntries == 100) 1374 return (ETIMEDOUT); 1375 1376 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1377 *val = 0xffff; /* address not found */ 1378 return (0); 1379 } 1380 /* determine to which 32-bit register our 16-bit word belongs */ 1381 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1382 if ((error = run_read(sc, reg, &tmp)) != 0) 1383 return (error); 1384 1385 tmp >>= (8 * (addr & 0x3)); 1386 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1387 1388 return (0); 1389} 1390 1391/* Read 16-bit from eFUSE ROM for RT3xxx. */ 1392static int 1393run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1394{ 1395 return (run_efuse_read(sc, addr, val, 2)); 1396} 1397 1398static int 1399run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1400{ 1401 usb_device_request_t req; 1402 uint16_t tmp; 1403 int error; 1404 1405 addr *= 2; 1406 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1407 req.bRequest = RT2870_EEPROM_READ; 1408 USETW(req.wValue, 0); 1409 USETW(req.wIndex, addr); 1410 USETW(req.wLength, sizeof(tmp)); 1411 1412 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1413 if (error == 0) 1414 *val = le16toh(tmp); 1415 else 1416 *val = 0xffff; 1417 return (error); 1418} 1419 1420static __inline int 1421run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1422{ 1423 /* either eFUSE ROM or EEPROM */ 1424 return sc->sc_srom_read(sc, addr, val); 1425} 1426 1427static int 1428run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1429{ 1430 uint32_t tmp; 1431 int error, ntries; 1432 1433 for (ntries = 0; ntries < 10; ntries++) { 1434 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1435 return (error); 1436 if (!(tmp & RT2860_RF_REG_CTRL)) 1437 break; 1438 } 1439 if (ntries == 10) 1440 return (ETIMEDOUT); 1441 1442 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1443} 1444 1445static int 1446run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1447{ 1448 uint32_t tmp; 1449 int error, ntries; 1450 1451 for (ntries = 0; ntries < 100; ntries++) { 1452 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1453 return (error); 1454 if (!(tmp & RT3070_RF_KICK)) 1455 break; 1456 } 1457 if (ntries == 100) 1458 return (ETIMEDOUT); 1459 1460 tmp = RT3070_RF_KICK | reg << 8; 1461 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1462 return (error); 1463 1464 for (ntries = 0; ntries < 100; ntries++) { 1465 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1466 return (error); 1467 if (!(tmp & RT3070_RF_KICK)) 1468 break; 1469 } 1470 if (ntries == 100) 1471 return (ETIMEDOUT); 1472 1473 *val = tmp & 0xff; 1474 return (0); 1475} 1476 1477static int 1478run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1479{ 1480 uint32_t tmp; 1481 int error, ntries; 1482 1483 for (ntries = 0; ntries < 10; ntries++) { 1484 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1485 return (error); 1486 if (!(tmp & RT3070_RF_KICK)) 1487 break; 1488 } 1489 if (ntries == 10) 1490 return (ETIMEDOUT); 1491 1492 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1493 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1494} 1495 1496static int 1497run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1498{ 1499 uint32_t tmp; 1500 int ntries, error; 1501 1502 for (ntries = 0; ntries < 10; ntries++) { 1503 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1504 return (error); 1505 if (!(tmp & RT2860_BBP_CSR_KICK)) 1506 break; 1507 } 1508 if (ntries == 10) 1509 return (ETIMEDOUT); 1510 1511 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1512 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1513 return (error); 1514 1515 for (ntries = 0; ntries < 10; ntries++) { 1516 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1517 return (error); 1518 if (!(tmp & RT2860_BBP_CSR_KICK)) 1519 break; 1520 } 1521 if (ntries == 10) 1522 return (ETIMEDOUT); 1523 1524 *val = tmp & 0xff; 1525 return (0); 1526} 1527 1528static int 1529run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1530{ 1531 uint32_t tmp; 1532 int ntries, error; 1533 1534 for (ntries = 0; ntries < 10; ntries++) { 1535 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1536 return (error); 1537 if (!(tmp & RT2860_BBP_CSR_KICK)) 1538 break; 1539 } 1540 if (ntries == 10) 1541 return (ETIMEDOUT); 1542 1543 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1544 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1545} 1546 1547/* 1548 * Send a command to the 8051 microcontroller unit. 1549 */ 1550static int 1551run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1552{ 1553 uint32_t tmp; 1554 int error, ntries; 1555 1556 for (ntries = 0; ntries < 100; ntries++) { 1557 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1558 return error; 1559 if (!(tmp & RT2860_H2M_BUSY)) 1560 break; 1561 } 1562 if (ntries == 100) 1563 return ETIMEDOUT; 1564 1565 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1566 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1567 error = run_write(sc, RT2860_HOST_CMD, cmd); 1568 return (error); 1569} 1570 1571/* 1572 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1573 * Used to adjust per-rate Tx power registers. 1574 */ 1575static __inline uint32_t 1576b4inc(uint32_t b32, int8_t delta) 1577{ 1578 int8_t i, b4; 1579 1580 for (i = 0; i < 8; i++) { 1581 b4 = b32 & 0xf; 1582 b4 += delta; 1583 if (b4 < 0) 1584 b4 = 0; 1585 else if (b4 > 0xf) 1586 b4 = 0xf; 1587 b32 = b32 >> 4 | b4 << 28; 1588 } 1589 return (b32); 1590} 1591 1592static const char * 1593run_get_rf(uint16_t rev) 1594{ 1595 switch (rev) { 1596 case RT2860_RF_2820: return "RT2820"; 1597 case RT2860_RF_2850: return "RT2850"; 1598 case RT2860_RF_2720: return "RT2720"; 1599 case RT2860_RF_2750: return "RT2750"; 1600 case RT3070_RF_3020: return "RT3020"; 1601 case RT3070_RF_2020: return "RT2020"; 1602 case RT3070_RF_3021: return "RT3021"; 1603 case RT3070_RF_3022: return "RT3022"; 1604 case RT3070_RF_3052: return "RT3052"; 1605 case RT3593_RF_3053: return "RT3053"; 1606 case RT5592_RF_5592: return "RT5592"; 1607 case RT5390_RF_5370: return "RT5370"; 1608 case RT5390_RF_5372: return "RT5372"; 1609 } 1610 return ("unknown"); 1611} 1612 1613static void 1614run_rt3593_get_txpower(struct run_softc *sc) 1615{ 1616 uint16_t addr, val; 1617 int i; 1618 1619 /* Read power settings for 2GHz channels. */ 1620 for (i = 0; i < 14; i += 2) { 1621 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1622 RT2860_EEPROM_PWR2GHZ_BASE1; 1623 run_srom_read(sc, addr + i / 2, &val); 1624 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1625 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1626 1627 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1628 RT2860_EEPROM_PWR2GHZ_BASE2; 1629 run_srom_read(sc, addr + i / 2, &val); 1630 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1631 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1632 1633 if (sc->ntxchains == 3) { 1634 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1635 &val); 1636 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1637 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1638 } 1639 } 1640 /* Fix broken Tx power entries. */ 1641 for (i = 0; i < 14; i++) { 1642 if (sc->txpow1[i] > 31) 1643 sc->txpow1[i] = 5; 1644 if (sc->txpow2[i] > 31) 1645 sc->txpow2[i] = 5; 1646 if (sc->ntxchains == 3) { 1647 if (sc->txpow3[i] > 31) 1648 sc->txpow3[i] = 5; 1649 } 1650 } 1651 /* Read power settings for 5GHz channels. */ 1652 for (i = 0; i < 40; i += 2) { 1653 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1654 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1655 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1656 1657 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1658 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1659 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1660 1661 if (sc->ntxchains == 3) { 1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1663 &val); 1664 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1665 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1666 } 1667 } 1668} 1669 1670static void 1671run_get_txpower(struct run_softc *sc) 1672{ 1673 uint16_t val; 1674 int i; 1675 1676 /* Read power settings for 2GHz channels. */ 1677 for (i = 0; i < 14; i += 2) { 1678 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1679 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1680 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1681 1682 if (sc->mac_ver != 0x5390) { 1683 run_srom_read(sc, 1684 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1685 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1686 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1687 } 1688 } 1689 /* Fix broken Tx power entries. */ 1690 for (i = 0; i < 14; i++) { 1691 if (sc->mac_ver >= 0x5390) { 1692 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1693 sc->txpow1[i] = 5; 1694 } else { 1695 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1696 sc->txpow1[i] = 5; 1697 } 1698 if (sc->mac_ver > 0x5390) { 1699 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1700 sc->txpow2[i] = 5; 1701 } else if (sc->mac_ver < 0x5390) { 1702 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1703 sc->txpow2[i] = 5; 1704 } 1705 DPRINTF("chan %d: power1=%d, power2=%d\n", 1706 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1707 } 1708 /* Read power settings for 5GHz channels. */ 1709 for (i = 0; i < 40; i += 2) { 1710 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1711 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1712 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1713 1714 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1715 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1716 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1717 } 1718 /* Fix broken Tx power entries. */ 1719 for (i = 0; i < 40; i++ ) { 1720 if (sc->mac_ver != 0x5592) { 1721 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1722 sc->txpow1[14 + i] = 5; 1723 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1724 sc->txpow2[14 + i] = 5; 1725 } 1726 DPRINTF("chan %d: power1=%d, power2=%d\n", 1727 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1728 sc->txpow2[14 + i]); 1729 } 1730} 1731 1732static int 1733run_read_eeprom(struct run_softc *sc) 1734{ 1735 struct ieee80211com *ic = &sc->sc_ic; 1736 int8_t delta_2ghz, delta_5ghz; 1737 uint32_t tmp; 1738 uint16_t val; 1739 int ridx, ant, i; 1740 1741 /* check whether the ROM is eFUSE ROM or EEPROM */ 1742 sc->sc_srom_read = run_eeprom_read_2; 1743 if (sc->mac_ver >= 0x3070) { 1744 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1745 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1746 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1747 sc->sc_srom_read = run_efuse_read_2; 1748 } 1749 1750 /* read ROM version */ 1751 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1752 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1753 1754 /* read MAC address */ 1755 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1756 ic->ic_macaddr[0] = val & 0xff; 1757 ic->ic_macaddr[1] = val >> 8; 1758 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1759 ic->ic_macaddr[2] = val & 0xff; 1760 ic->ic_macaddr[3] = val >> 8; 1761 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1762 ic->ic_macaddr[4] = val & 0xff; 1763 ic->ic_macaddr[5] = val >> 8; 1764 1765 if (sc->mac_ver < 0x3593) { 1766 /* read vender BBP settings */ 1767 for (i = 0; i < 10; i++) { 1768 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1769 sc->bbp[i].val = val & 0xff; 1770 sc->bbp[i].reg = val >> 8; 1771 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1772 sc->bbp[i].val); 1773 } 1774 if (sc->mac_ver >= 0x3071) { 1775 /* read vendor RF settings */ 1776 for (i = 0; i < 10; i++) { 1777 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1778 &val); 1779 sc->rf[i].val = val & 0xff; 1780 sc->rf[i].reg = val >> 8; 1781 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1782 sc->rf[i].val); 1783 } 1784 } 1785 } 1786 1787 /* read RF frequency offset from EEPROM */ 1788 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1789 RT3593_EEPROM_FREQ, &val); 1790 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1791 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1792 1793 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1794 RT3593_EEPROM_FREQ_LEDS, &val); 1795 if (val >> 8 != 0xff) { 1796 /* read LEDs operating mode */ 1797 sc->leds = val >> 8; 1798 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1799 RT3593_EEPROM_LED1, &sc->led[0]); 1800 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1801 RT3593_EEPROM_LED2, &sc->led[1]); 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1803 RT3593_EEPROM_LED3, &sc->led[2]); 1804 } else { 1805 /* broken EEPROM, use default settings */ 1806 sc->leds = 0x01; 1807 sc->led[0] = 0x5555; 1808 sc->led[1] = 0x2221; 1809 sc->led[2] = 0x5627; /* differs from RT2860 */ 1810 } 1811 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1812 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1813 1814 /* read RF information */ 1815 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1816 run_srom_read(sc, 0x00, &val); 1817 else 1818 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1819 1820 if (val == 0xffff) { 1821 device_printf(sc->sc_dev, 1822 "invalid EEPROM antenna info, using default\n"); 1823 DPRINTF("invalid EEPROM antenna info, using default\n"); 1824 if (sc->mac_ver == 0x3572) { 1825 /* default to RF3052 2T2R */ 1826 sc->rf_rev = RT3070_RF_3052; 1827 sc->ntxchains = 2; 1828 sc->nrxchains = 2; 1829 } else if (sc->mac_ver >= 0x3070) { 1830 /* default to RF3020 1T1R */ 1831 sc->rf_rev = RT3070_RF_3020; 1832 sc->ntxchains = 1; 1833 sc->nrxchains = 1; 1834 } else { 1835 /* default to RF2820 1T2R */ 1836 sc->rf_rev = RT2860_RF_2820; 1837 sc->ntxchains = 1; 1838 sc->nrxchains = 2; 1839 } 1840 } else { 1841 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1842 sc->rf_rev = val; 1843 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1844 } else 1845 sc->rf_rev = (val >> 8) & 0xf; 1846 sc->ntxchains = (val >> 4) & 0xf; 1847 sc->nrxchains = val & 0xf; 1848 } 1849 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1850 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1851 1852 /* check if RF supports automatic Tx access gain control */ 1853 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1854 DPRINTF("EEPROM CFG 0x%04x\n", val); 1855 /* check if driver should patch the DAC issue */ 1856 if ((val >> 8) != 0xff) 1857 sc->patch_dac = (val >> 15) & 1; 1858 if ((val & 0xff) != 0xff) { 1859 sc->ext_5ghz_lna = (val >> 3) & 1; 1860 sc->ext_2ghz_lna = (val >> 2) & 1; 1861 /* check if RF supports automatic Tx access gain control */ 1862 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1863 /* check if we have a hardware radio switch */ 1864 sc->rfswitch = val & 1; 1865 } 1866 1867 /* Read Tx power settings. */ 1868 if (sc->mac_ver == 0x3593) 1869 run_rt3593_get_txpower(sc); 1870 else 1871 run_get_txpower(sc); 1872 1873 /* read Tx power compensation for each Tx rate */ 1874 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1875 delta_2ghz = delta_5ghz = 0; 1876 if ((val & 0xff) != 0xff && (val & 0x80)) { 1877 delta_2ghz = val & 0xf; 1878 if (!(val & 0x40)) /* negative number */ 1879 delta_2ghz = -delta_2ghz; 1880 } 1881 val >>= 8; 1882 if ((val & 0xff) != 0xff && (val & 0x80)) { 1883 delta_5ghz = val & 0xf; 1884 if (!(val & 0x40)) /* negative number */ 1885 delta_5ghz = -delta_5ghz; 1886 } 1887 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1888 delta_2ghz, delta_5ghz); 1889 1890 for (ridx = 0; ridx < 5; ridx++) { 1891 uint32_t reg; 1892 1893 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1894 reg = val; 1895 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1896 reg |= (uint32_t)val << 16; 1897 1898 sc->txpow20mhz[ridx] = reg; 1899 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1900 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1901 1902 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1903 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1904 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1905 } 1906 1907 /* Read RSSI offsets and LNA gains from EEPROM. */ 1908 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1909 RT3593_EEPROM_RSSI1_2GHZ, &val); 1910 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1911 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1913 RT3593_EEPROM_RSSI2_2GHZ, &val); 1914 if (sc->mac_ver >= 0x3070) { 1915 if (sc->mac_ver == 0x3593) { 1916 sc->txmixgain_2ghz = 0; 1917 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1918 } else { 1919 /* 1920 * On RT3070 chips (limited to 2 Rx chains), this ROM 1921 * field contains the Tx mixer gain for the 2GHz band. 1922 */ 1923 if ((val & 0xff) != 0xff) 1924 sc->txmixgain_2ghz = val & 0x7; 1925 } 1926 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1927 } else 1928 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1929 if (sc->mac_ver == 0x3593) 1930 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1931 sc->lna[2] = val >> 8; /* channel group 2 */ 1932 1933 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1934 RT3593_EEPROM_RSSI1_5GHZ, &val); 1935 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1936 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1937 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1938 RT3593_EEPROM_RSSI2_5GHZ, &val); 1939 if (sc->mac_ver == 0x3572) { 1940 /* 1941 * On RT3572 chips (limited to 2 Rx chains), this ROM 1942 * field contains the Tx mixer gain for the 5GHz band. 1943 */ 1944 if ((val & 0xff) != 0xff) 1945 sc->txmixgain_5ghz = val & 0x7; 1946 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1947 } else 1948 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1949 if (sc->mac_ver == 0x3593) { 1950 sc->txmixgain_5ghz = 0; 1951 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1952 } 1953 sc->lna[3] = val >> 8; /* channel group 3 */ 1954 1955 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1956 RT3593_EEPROM_LNA, &val); 1957 sc->lna[0] = val & 0xff; /* channel group 0 */ 1958 sc->lna[1] = val >> 8; /* channel group 1 */ 1959 1960 /* fix broken 5GHz LNA entries */ 1961 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1962 DPRINTF("invalid LNA for channel group %d\n", 2); 1963 sc->lna[2] = sc->lna[1]; 1964 } 1965 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1966 DPRINTF("invalid LNA for channel group %d\n", 3); 1967 sc->lna[3] = sc->lna[1]; 1968 } 1969 1970 /* fix broken RSSI offset entries */ 1971 for (ant = 0; ant < 3; ant++) { 1972 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1973 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1974 ant + 1, sc->rssi_2ghz[ant]); 1975 sc->rssi_2ghz[ant] = 0; 1976 } 1977 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1978 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1979 ant + 1, sc->rssi_5ghz[ant]); 1980 sc->rssi_5ghz[ant] = 0; 1981 } 1982 } 1983 return (0); 1984} 1985 1986static struct ieee80211_node * 1987run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1988{ 1989 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1990} 1991 1992static int 1993run_media_change(struct ifnet *ifp) 1994{ 1995 struct ieee80211vap *vap = ifp->if_softc; 1996 struct ieee80211com *ic = vap->iv_ic; 1997 const struct ieee80211_txparam *tp; 1998 struct run_softc *sc = ic->ic_softc; 1999 uint8_t rate, ridx; 2000 int error; 2001 2002 RUN_LOCK(sc); 2003 2004 error = ieee80211_media_change(ifp); 2005 if (error != ENETRESET) { 2006 RUN_UNLOCK(sc); 2007 return (error); 2008 } 2009 2010 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2011 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2012 struct ieee80211_node *ni; 2013 struct run_node *rn; 2014 2015 rate = ic->ic_sup_rates[ic->ic_curmode]. 2016 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2017 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2018 if (rt2860_rates[ridx].rate == rate) 2019 break; 2020 ni = ieee80211_ref_node(vap->iv_bss); 2021 rn = RUN_NODE(ni); 2022 rn->fix_ridx = ridx; 2023 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2024 ieee80211_free_node(ni); 2025 } 2026 2027#if 0 2028 if ((ifp->if_flags & IFF_UP) && 2029 (ifp->if_drv_flags & RUN_RUNNING)){ 2030 run_init_locked(sc); 2031 } 2032#endif 2033 2034 RUN_UNLOCK(sc); 2035 2036 return (0); 2037} 2038 2039static int 2040run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2041{ 2042 const struct ieee80211_txparam *tp; 2043 struct ieee80211com *ic = vap->iv_ic; 2044 struct run_softc *sc = ic->ic_softc; 2045 struct run_vap *rvp = RUN_VAP(vap); 2046 enum ieee80211_state ostate; 2047 uint32_t sta[3]; 2048 uint32_t tmp; 2049 uint8_t ratectl; 2050 uint8_t restart_ratectl = 0; 2051 uint8_t bid = 1 << rvp->rvp_id; 2052 2053 ostate = vap->iv_state; 2054 DPRINTF("%s -> %s\n", 2055 ieee80211_state_name[ostate], 2056 ieee80211_state_name[nstate]); 2057 2058 IEEE80211_UNLOCK(ic); 2059 RUN_LOCK(sc); 2060 2061 ratectl = sc->ratectl_run; /* remember current state */ 2062 sc->ratectl_run = RUN_RATECTL_OFF; 2063 usb_callout_stop(&sc->ratectl_ch); 2064 2065 if (ostate == IEEE80211_S_RUN) { 2066 /* turn link LED off */ 2067 run_set_leds(sc, RT2860_LED_RADIO); 2068 } 2069 2070 switch (nstate) { 2071 case IEEE80211_S_INIT: 2072 restart_ratectl = 1; 2073 2074 if (ostate != IEEE80211_S_RUN) 2075 break; 2076 2077 ratectl &= ~bid; 2078 sc->runbmap &= ~bid; 2079 2080 /* abort TSF synchronization if there is no vap running */ 2081 if (--sc->running == 0) { 2082 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2083 run_write(sc, RT2860_BCN_TIME_CFG, 2084 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2085 RT2860_TBTT_TIMER_EN)); 2086 } 2087 break; 2088 2089 case IEEE80211_S_RUN: 2090 if (!(sc->runbmap & bid)) { 2091 if(sc->running++) 2092 restart_ratectl = 1; 2093 sc->runbmap |= bid; 2094 } 2095 2096 m_freem(rvp->beacon_mbuf); 2097 rvp->beacon_mbuf = NULL; 2098 2099 switch (vap->iv_opmode) { 2100 case IEEE80211_M_HOSTAP: 2101 case IEEE80211_M_MBSS: 2102 sc->ap_running |= bid; 2103 ic->ic_opmode = vap->iv_opmode; 2104 run_update_beacon_cb(vap); 2105 break; 2106 case IEEE80211_M_IBSS: 2107 sc->adhoc_running |= bid; 2108 if (!sc->ap_running) 2109 ic->ic_opmode = vap->iv_opmode; 2110 run_update_beacon_cb(vap); 2111 break; 2112 case IEEE80211_M_STA: 2113 sc->sta_running |= bid; 2114 if (!sc->ap_running && !sc->adhoc_running) 2115 ic->ic_opmode = vap->iv_opmode; 2116 2117 /* read statistic counters (clear on read) */ 2118 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2119 (uint8_t *)sta, sizeof sta); 2120 2121 break; 2122 default: 2123 ic->ic_opmode = vap->iv_opmode; 2124 break; 2125 } 2126 2127 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2128 struct ieee80211_node *ni; 2129 2130 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2131 RUN_UNLOCK(sc); 2132 IEEE80211_LOCK(ic); 2133 return (-1); 2134 } 2135 run_updateslot(ic); 2136 run_enable_mrr(sc); 2137 run_set_txpreamble(sc); 2138 run_set_basicrates(sc); 2139 ni = ieee80211_ref_node(vap->iv_bss); 2140 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2141 run_set_bssid(sc, sc->sc_bssid); 2142 ieee80211_free_node(ni); 2143 run_enable_tsf_sync(sc); 2144 2145 /* enable automatic rate adaptation */ 2146 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2147 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2148 ratectl |= bid; 2149 } else 2150 run_enable_tsf(sc); 2151 2152 /* turn link LED on */ 2153 run_set_leds(sc, RT2860_LED_RADIO | 2154 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2155 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2156 2157 break; 2158 default: 2159 DPRINTFN(6, "undefined case\n"); 2160 break; 2161 } 2162 2163 /* restart amrr for running VAPs */ 2164 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2165 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2166 2167 RUN_UNLOCK(sc); 2168 IEEE80211_LOCK(ic); 2169 2170 return(rvp->newstate(vap, nstate, arg)); 2171} 2172 2173static int 2174run_wme_update(struct ieee80211com *ic) 2175{ 2176 struct run_softc *sc = ic->ic_softc; 2177 const struct wmeParams *ac = 2178 ic->ic_wme.wme_chanParams.cap_wmeParams; 2179 int aci, error = 0; 2180 2181 /* update MAC TX configuration registers */ 2182 RUN_LOCK(sc); 2183 for (aci = 0; aci < WME_NUM_AC; aci++) { 2184 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2185 ac[aci].wmep_logcwmax << 16 | 2186 ac[aci].wmep_logcwmin << 12 | 2187 ac[aci].wmep_aifsn << 8 | 2188 ac[aci].wmep_txopLimit); 2189 if (error) goto err; 2190 } 2191 2192 /* update SCH/DMA registers too */ 2193 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2194 ac[WME_AC_VO].wmep_aifsn << 12 | 2195 ac[WME_AC_VI].wmep_aifsn << 8 | 2196 ac[WME_AC_BK].wmep_aifsn << 4 | 2197 ac[WME_AC_BE].wmep_aifsn); 2198 if (error) goto err; 2199 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2200 ac[WME_AC_VO].wmep_logcwmin << 12 | 2201 ac[WME_AC_VI].wmep_logcwmin << 8 | 2202 ac[WME_AC_BK].wmep_logcwmin << 4 | 2203 ac[WME_AC_BE].wmep_logcwmin); 2204 if (error) goto err; 2205 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2206 ac[WME_AC_VO].wmep_logcwmax << 12 | 2207 ac[WME_AC_VI].wmep_logcwmax << 8 | 2208 ac[WME_AC_BK].wmep_logcwmax << 4 | 2209 ac[WME_AC_BE].wmep_logcwmax); 2210 if (error) goto err; 2211 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2212 ac[WME_AC_BK].wmep_txopLimit << 16 | 2213 ac[WME_AC_BE].wmep_txopLimit); 2214 if (error) goto err; 2215 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2216 ac[WME_AC_VO].wmep_txopLimit << 16 | 2217 ac[WME_AC_VI].wmep_txopLimit); 2218 2219err: 2220 RUN_UNLOCK(sc); 2221 if (error) 2222 DPRINTF("WME update failed\n"); 2223 2224 return (error); 2225} 2226 2227static void 2228run_key_set_cb(void *arg) 2229{ 2230 struct run_cmdq *cmdq = arg; 2231 struct ieee80211vap *vap = cmdq->arg1; 2232 struct ieee80211_key *k = cmdq->k; 2233 struct ieee80211com *ic = vap->iv_ic; 2234 struct run_softc *sc = ic->ic_softc; 2235 struct ieee80211_node *ni; 2236 u_int cipher = k->wk_cipher->ic_cipher; 2237 uint32_t attr; 2238 uint16_t base, associd; 2239 uint8_t mode, wcid, iv[8]; 2240 2241 RUN_LOCK_ASSERT(sc, MA_OWNED); 2242 2243 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2244 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2245 else 2246 ni = vap->iv_bss; 2247 associd = (ni != NULL) ? ni->ni_associd : 0; 2248 2249 /* map net80211 cipher to RT2860 security mode */ 2250 switch (cipher) { 2251 case IEEE80211_CIPHER_WEP: 2252 if(k->wk_keylen < 8) 2253 mode = RT2860_MODE_WEP40; 2254 else 2255 mode = RT2860_MODE_WEP104; 2256 break; 2257 case IEEE80211_CIPHER_TKIP: 2258 mode = RT2860_MODE_TKIP; 2259 break; 2260 case IEEE80211_CIPHER_AES_CCM: 2261 mode = RT2860_MODE_AES_CCMP; 2262 break; 2263 default: 2264 DPRINTF("undefined case\n"); 2265 return; 2266 } 2267 2268 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2269 associd, k->wk_keyix, mode, 2270 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2271 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2272 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2273 2274 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2275 wcid = 0; /* NB: update WCID0 for group keys */ 2276 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2277 } else { 2278 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2279 1 : RUN_AID2WCID(associd); 2280 base = RT2860_PKEY(wcid); 2281 } 2282 2283 if (cipher == IEEE80211_CIPHER_TKIP) { 2284 if(run_write_region_1(sc, base, k->wk_key, 16)) 2285 return; 2286 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2287 return; 2288 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2289 return; 2290 } else { 2291 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2292 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2293 return; 2294 } 2295 2296 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2297 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2298 /* set initial packet number in IV+EIV */ 2299 if (cipher == IEEE80211_CIPHER_WEP) { 2300 memset(iv, 0, sizeof iv); 2301 iv[3] = vap->iv_def_txkey << 6; 2302 } else { 2303 if (cipher == IEEE80211_CIPHER_TKIP) { 2304 iv[0] = k->wk_keytsc >> 8; 2305 iv[1] = (iv[0] | 0x20) & 0x7f; 2306 iv[2] = k->wk_keytsc; 2307 } else /* CCMP */ { 2308 iv[0] = k->wk_keytsc; 2309 iv[1] = k->wk_keytsc >> 8; 2310 iv[2] = 0; 2311 } 2312 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2313 iv[4] = k->wk_keytsc >> 16; 2314 iv[5] = k->wk_keytsc >> 24; 2315 iv[6] = k->wk_keytsc >> 32; 2316 iv[7] = k->wk_keytsc >> 40; 2317 } 2318 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2319 return; 2320 } 2321 2322 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2323 /* install group key */ 2324 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2325 return; 2326 attr &= ~(0xf << (k->wk_keyix * 4)); 2327 attr |= mode << (k->wk_keyix * 4); 2328 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2329 return; 2330 } else { 2331 /* install pairwise key */ 2332 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2333 return; 2334 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2335 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2336 return; 2337 } 2338 2339 /* TODO create a pass-thru key entry? */ 2340 2341 /* need wcid to delete the right key later */ 2342 k->wk_pad = wcid; 2343} 2344 2345/* 2346 * Don't have to be deferred, but in order to keep order of 2347 * execution, i.e. with run_key_delete(), defer this and let 2348 * run_cmdq_cb() maintain the order. 2349 * 2350 * return 0 on error 2351 */ 2352static int 2353run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2354{ 2355 struct ieee80211com *ic = vap->iv_ic; 2356 struct run_softc *sc = ic->ic_softc; 2357 uint32_t i; 2358 2359 i = RUN_CMDQ_GET(&sc->cmdq_store); 2360 DPRINTF("cmdq_store=%d\n", i); 2361 sc->cmdq[i].func = run_key_set_cb; 2362 sc->cmdq[i].arg0 = NULL; 2363 sc->cmdq[i].arg1 = vap; 2364 sc->cmdq[i].k = k; 2365 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2366 ieee80211_runtask(ic, &sc->cmdq_task); 2367 2368 /* 2369 * To make sure key will be set when hostapd 2370 * calls iv_key_set() before if_init(). 2371 */ 2372 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2373 RUN_LOCK(sc); 2374 sc->cmdq_key_set = RUN_CMDQ_GO; 2375 RUN_UNLOCK(sc); 2376 } 2377 2378 return (1); 2379} 2380 2381/* 2382 * If wlan is destroyed without being brought down i.e. without 2383 * wlan down or wpa_cli terminate, this function is called after 2384 * vap is gone. Don't refer it. 2385 */ 2386static void 2387run_key_delete_cb(void *arg) 2388{ 2389 struct run_cmdq *cmdq = arg; 2390 struct run_softc *sc = cmdq->arg1; 2391 struct ieee80211_key *k = &cmdq->key; 2392 uint32_t attr; 2393 uint8_t wcid; 2394 2395 RUN_LOCK_ASSERT(sc, MA_OWNED); 2396 2397 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2398 /* remove group key */ 2399 DPRINTF("removing group key\n"); 2400 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2401 attr &= ~(0xf << (k->wk_keyix * 4)); 2402 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2403 } else { 2404 /* remove pairwise key */ 2405 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2406 /* matching wcid was written to wk_pad in run_key_set() */ 2407 wcid = k->wk_pad; 2408 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2409 attr &= ~0xf; 2410 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2411 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2412 } 2413 2414 k->wk_pad = 0; 2415} 2416 2417/* 2418 * return 0 on error 2419 */ 2420static int 2421run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2422{ 2423 struct ieee80211com *ic = vap->iv_ic; 2424 struct run_softc *sc = ic->ic_softc; 2425 struct ieee80211_key *k0; 2426 uint32_t i; 2427 2428 /* 2429 * When called back, key might be gone. So, make a copy 2430 * of some values need to delete keys before deferring. 2431 * But, because of LOR with node lock, cannot use lock here. 2432 * So, use atomic instead. 2433 */ 2434 i = RUN_CMDQ_GET(&sc->cmdq_store); 2435 DPRINTF("cmdq_store=%d\n", i); 2436 sc->cmdq[i].func = run_key_delete_cb; 2437 sc->cmdq[i].arg0 = NULL; 2438 sc->cmdq[i].arg1 = sc; 2439 k0 = &sc->cmdq[i].key; 2440 k0->wk_flags = k->wk_flags; 2441 k0->wk_keyix = k->wk_keyix; 2442 /* matching wcid was written to wk_pad in run_key_set() */ 2443 k0->wk_pad = k->wk_pad; 2444 ieee80211_runtask(ic, &sc->cmdq_task); 2445 return (1); /* return fake success */ 2446 2447} 2448 2449static void 2450run_ratectl_to(void *arg) 2451{ 2452 struct run_softc *sc = arg; 2453 2454 /* do it in a process context, so it can go sleep */ 2455 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2456 /* next timeout will be rescheduled in the callback task */ 2457} 2458 2459/* ARGSUSED */ 2460static void 2461run_ratectl_cb(void *arg, int pending) 2462{ 2463 struct run_softc *sc = arg; 2464 struct ieee80211com *ic = &sc->sc_ic; 2465 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2466 2467 if (vap == NULL) 2468 return; 2469 2470 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2471 /* 2472 * run_reset_livelock() doesn't do anything with AMRR, 2473 * but Ralink wants us to call it every 1 sec. So, we 2474 * piggyback here rather than creating another callout. 2475 * Livelock may occur only in HOSTAP or IBSS mode 2476 * (when h/w is sending beacons). 2477 */ 2478 RUN_LOCK(sc); 2479 run_reset_livelock(sc); 2480 /* just in case, there are some stats to drain */ 2481 run_drain_fifo(sc); 2482 RUN_UNLOCK(sc); 2483 } 2484 2485 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2486 2487 RUN_LOCK(sc); 2488 if(sc->ratectl_run != RUN_RATECTL_OFF) 2489 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2490 RUN_UNLOCK(sc); 2491} 2492 2493static void 2494run_drain_fifo(void *arg) 2495{ 2496 struct run_softc *sc = arg; 2497 uint32_t stat; 2498 uint16_t (*wstat)[3]; 2499 uint8_t wcid, mcs, pid; 2500 int8_t retry; 2501 2502 RUN_LOCK_ASSERT(sc, MA_OWNED); 2503 2504 for (;;) { 2505 /* drain Tx status FIFO (maxsize = 16) */ 2506 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2507 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2508 if (!(stat & RT2860_TXQ_VLD)) 2509 break; 2510 2511 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2512 2513 /* if no ACK was requested, no feedback is available */ 2514 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2515 wcid == 0) 2516 continue; 2517 2518 /* 2519 * Even though each stat is Tx-complete-status like format, 2520 * the device can poll stats. Because there is no guarantee 2521 * that the referring node is still around when read the stats. 2522 * So that, if we use ieee80211_ratectl_tx_update(), we will 2523 * have hard time not to refer already freed node. 2524 * 2525 * To eliminate such page faults, we poll stats in softc. 2526 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2527 */ 2528 wstat = &(sc->wcid_stats[wcid]); 2529 (*wstat)[RUN_TXCNT]++; 2530 if (stat & RT2860_TXQ_OK) 2531 (*wstat)[RUN_SUCCESS]++; 2532 else 2533 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2534 /* 2535 * Check if there were retries, ie if the Tx success rate is 2536 * different from the requested rate. Note that it works only 2537 * because we do not allow rate fallback from OFDM to CCK. 2538 */ 2539 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2540 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2541 if ((retry = pid -1 - mcs) > 0) { 2542 (*wstat)[RUN_TXCNT] += retry; 2543 (*wstat)[RUN_RETRY] += retry; 2544 } 2545 } 2546 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2547 2548 sc->fifo_cnt = 0; 2549} 2550 2551static void 2552run_iter_func(void *arg, struct ieee80211_node *ni) 2553{ 2554 struct run_softc *sc = arg; 2555 struct ieee80211vap *vap = ni->ni_vap; 2556 struct run_node *rn = RUN_NODE(ni); 2557 union run_stats sta[2]; 2558 uint16_t (*wstat)[3]; 2559 int txcnt, success, retrycnt, error; 2560 2561 RUN_LOCK(sc); 2562 2563 /* Check for special case */ 2564 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2565 ni != vap->iv_bss) 2566 goto fail; 2567 2568 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2569 vap->iv_opmode == IEEE80211_M_STA)) { 2570 /* read statistic counters (clear on read) and update AMRR state */ 2571 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2572 sizeof sta); 2573 if (error != 0) 2574 goto fail; 2575 2576 /* count failed TX as errors */ 2577 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2578 le16toh(sta[0].error.fail)); 2579 2580 retrycnt = le16toh(sta[1].tx.retry); 2581 success = le16toh(sta[1].tx.success); 2582 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2583 2584 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2585 retrycnt, success, le16toh(sta[0].error.fail)); 2586 } else { 2587 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2588 2589 if (wstat == &(sc->wcid_stats[0]) || 2590 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2591 goto fail; 2592 2593 txcnt = (*wstat)[RUN_TXCNT]; 2594 success = (*wstat)[RUN_SUCCESS]; 2595 retrycnt = (*wstat)[RUN_RETRY]; 2596 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2597 retrycnt, txcnt, success); 2598 2599 memset(wstat, 0, sizeof(*wstat)); 2600 } 2601 2602 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2603 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2604 2605fail: 2606 RUN_UNLOCK(sc); 2607 2608 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2609} 2610 2611static void 2612run_newassoc_cb(void *arg) 2613{ 2614 struct run_cmdq *cmdq = arg; 2615 struct ieee80211_node *ni = cmdq->arg1; 2616 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2617 uint8_t wcid = cmdq->wcid; 2618 2619 RUN_LOCK_ASSERT(sc, MA_OWNED); 2620 2621 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2622 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2623 2624 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2625} 2626 2627static void 2628run_newassoc(struct ieee80211_node *ni, int isnew) 2629{ 2630 struct run_node *rn = RUN_NODE(ni); 2631 struct ieee80211_rateset *rs = &ni->ni_rates; 2632 struct ieee80211vap *vap = ni->ni_vap; 2633 struct ieee80211com *ic = vap->iv_ic; 2634 struct run_softc *sc = ic->ic_softc; 2635 uint8_t rate; 2636 uint8_t ridx; 2637 uint8_t wcid; 2638 int i, j; 2639 2640 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2641 1 : RUN_AID2WCID(ni->ni_associd); 2642 2643 if (wcid > RT2870_WCID_MAX) { 2644 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2645 return; 2646 } 2647 2648 /* only interested in true associations */ 2649 if (isnew && ni->ni_associd != 0) { 2650 2651 /* 2652 * This function could is called though timeout function. 2653 * Need to defer. 2654 */ 2655 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2656 DPRINTF("cmdq_store=%d\n", cnt); 2657 sc->cmdq[cnt].func = run_newassoc_cb; 2658 sc->cmdq[cnt].arg0 = NULL; 2659 sc->cmdq[cnt].arg1 = ni; 2660 sc->cmdq[cnt].wcid = wcid; 2661 ieee80211_runtask(ic, &sc->cmdq_task); 2662 } 2663 2664 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2665 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2666 2667 for (i = 0; i < rs->rs_nrates; i++) { 2668 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2669 /* convert 802.11 rate to hardware rate index */ 2670 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2671 if (rt2860_rates[ridx].rate == rate) 2672 break; 2673 rn->ridx[i] = ridx; 2674 /* determine rate of control response frames */ 2675 for (j = i; j >= 0; j--) { 2676 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2677 rt2860_rates[rn->ridx[i]].phy == 2678 rt2860_rates[rn->ridx[j]].phy) 2679 break; 2680 } 2681 if (j >= 0) { 2682 rn->ctl_ridx[i] = rn->ridx[j]; 2683 } else { 2684 /* no basic rate found, use mandatory one */ 2685 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2686 } 2687 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2688 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2689 } 2690 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2691 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2692 if (rt2860_rates[ridx].rate == rate) 2693 break; 2694 rn->mgt_ridx = ridx; 2695 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2696 2697 RUN_LOCK(sc); 2698 if(sc->ratectl_run != RUN_RATECTL_OFF) 2699 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2700 RUN_UNLOCK(sc); 2701} 2702 2703/* 2704 * Return the Rx chain with the highest RSSI for a given frame. 2705 */ 2706static __inline uint8_t 2707run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2708{ 2709 uint8_t rxchain = 0; 2710 2711 if (sc->nrxchains > 1) { 2712 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2713 rxchain = 1; 2714 if (sc->nrxchains > 2) 2715 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2716 rxchain = 2; 2717 } 2718 return (rxchain); 2719} 2720 2721static void 2722run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2723 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2724{ 2725 struct ieee80211vap *vap = ni->ni_vap; 2726 struct run_softc *sc = vap->iv_ic->ic_softc; 2727 struct run_vap *rvp = RUN_VAP(vap); 2728 uint64_t ni_tstamp, rx_tstamp; 2729 2730 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2731 2732 if (vap->iv_state == IEEE80211_S_RUN && 2733 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2734 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2735 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2736 RUN_LOCK(sc); 2737 run_get_tsf(sc, &rx_tstamp); 2738 RUN_UNLOCK(sc); 2739 rx_tstamp = le64toh(rx_tstamp); 2740 2741 if (ni_tstamp >= rx_tstamp) { 2742 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2743 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2744 (void) ieee80211_ibss_merge(ni); 2745 } 2746 } 2747} 2748 2749static void 2750run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2751{ 2752 struct ieee80211com *ic = &sc->sc_ic; 2753 struct ieee80211_frame *wh; 2754 struct ieee80211_node *ni; 2755 struct rt2870_rxd *rxd; 2756 struct rt2860_rxwi *rxwi; 2757 uint32_t flags; 2758 uint16_t len, rxwisize; 2759 uint8_t ant, rssi; 2760 int8_t nf; 2761 2762 rxwi = mtod(m, struct rt2860_rxwi *); 2763 len = le16toh(rxwi->len) & 0xfff; 2764 rxwisize = sizeof(struct rt2860_rxwi); 2765 if (sc->mac_ver == 0x5592) 2766 rxwisize += sizeof(uint64_t); 2767 else if (sc->mac_ver == 0x3593) 2768 rxwisize += sizeof(uint32_t); 2769 if (__predict_false(len > dmalen)) { 2770 m_freem(m); 2771 counter_u64_add(ic->ic_ierrors, 1); 2772 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2773 return; 2774 } 2775 /* Rx descriptor is located at the end */ 2776 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2777 flags = le32toh(rxd->flags); 2778 2779 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2780 m_freem(m); 2781 counter_u64_add(ic->ic_ierrors, 1); 2782 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2783 return; 2784 } 2785 2786 m->m_data += rxwisize; 2787 m->m_pkthdr.len = m->m_len -= rxwisize; 2788 2789 wh = mtod(m, struct ieee80211_frame *); 2790 2791 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2792 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2793 m->m_flags |= M_WEP; 2794 } 2795 2796 if (flags & RT2860_RX_L2PAD) { 2797 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2798 len += 2; 2799 } 2800 2801 ni = ieee80211_find_rxnode(ic, 2802 mtod(m, struct ieee80211_frame_min *)); 2803 2804 if (__predict_false(flags & RT2860_RX_MICERR)) { 2805 /* report MIC failures to net80211 for TKIP */ 2806 if (ni != NULL) 2807 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2808 rxwi->keyidx); 2809 m_freem(m); 2810 counter_u64_add(ic->ic_ierrors, 1); 2811 DPRINTF("MIC error. Someone is lying.\n"); 2812 return; 2813 } 2814 2815 ant = run_maxrssi_chain(sc, rxwi); 2816 rssi = rxwi->rssi[ant]; 2817 nf = run_rssi2dbm(sc, rssi, ant); 2818 2819 m->m_pkthdr.len = m->m_len = len; 2820 2821 if (__predict_false(ieee80211_radiotap_active(ic))) { 2822 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2823 uint16_t phy; 2824 2825 tap->wr_flags = 0; 2826 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2827 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2828 tap->wr_antsignal = rssi; 2829 tap->wr_antenna = ant; 2830 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2831 tap->wr_rate = 2; /* in case it can't be found below */ 2832 RUN_LOCK(sc); 2833 run_get_tsf(sc, &tap->wr_tsf); 2834 RUN_UNLOCK(sc); 2835 phy = le16toh(rxwi->phy); 2836 switch (phy & RT2860_PHY_MODE) { 2837 case RT2860_PHY_CCK: 2838 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2839 case 0: tap->wr_rate = 2; break; 2840 case 1: tap->wr_rate = 4; break; 2841 case 2: tap->wr_rate = 11; break; 2842 case 3: tap->wr_rate = 22; break; 2843 } 2844 if (phy & RT2860_PHY_SHPRE) 2845 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2846 break; 2847 case RT2860_PHY_OFDM: 2848 switch (phy & RT2860_PHY_MCS) { 2849 case 0: tap->wr_rate = 12; break; 2850 case 1: tap->wr_rate = 18; break; 2851 case 2: tap->wr_rate = 24; break; 2852 case 3: tap->wr_rate = 36; break; 2853 case 4: tap->wr_rate = 48; break; 2854 case 5: tap->wr_rate = 72; break; 2855 case 6: tap->wr_rate = 96; break; 2856 case 7: tap->wr_rate = 108; break; 2857 } 2858 break; 2859 } 2860 } 2861 2862 if (ni != NULL) { 2863 (void)ieee80211_input(ni, m, rssi, nf); 2864 ieee80211_free_node(ni); 2865 } else { 2866 (void)ieee80211_input_all(ic, m, rssi, nf); 2867 } 2868} 2869 2870static void 2871run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2872{ 2873 struct run_softc *sc = usbd_xfer_softc(xfer); 2874 struct ieee80211com *ic = &sc->sc_ic; 2875 struct mbuf *m = NULL; 2876 struct mbuf *m0; 2877 uint32_t dmalen; 2878 uint16_t rxwisize; 2879 int xferlen; 2880 2881 rxwisize = sizeof(struct rt2860_rxwi); 2882 if (sc->mac_ver == 0x5592) 2883 rxwisize += sizeof(uint64_t); 2884 else if (sc->mac_ver == 0x3593) 2885 rxwisize += sizeof(uint32_t); 2886 2887 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2888 2889 switch (USB_GET_STATE(xfer)) { 2890 case USB_ST_TRANSFERRED: 2891 2892 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2893 2894 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2895 sizeof(struct rt2870_rxd))) { 2896 DPRINTF("xfer too short %d\n", xferlen); 2897 goto tr_setup; 2898 } 2899 2900 m = sc->rx_m; 2901 sc->rx_m = NULL; 2902 2903 /* FALLTHROUGH */ 2904 case USB_ST_SETUP: 2905tr_setup: 2906 if (sc->rx_m == NULL) { 2907 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2908 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2909 } 2910 if (sc->rx_m == NULL) { 2911 DPRINTF("could not allocate mbuf - idle with stall\n"); 2912 counter_u64_add(ic->ic_ierrors, 1); 2913 usbd_xfer_set_stall(xfer); 2914 usbd_xfer_set_frames(xfer, 0); 2915 } else { 2916 /* 2917 * Directly loading a mbuf cluster into DMA to 2918 * save some data copying. This works because 2919 * there is only one cluster. 2920 */ 2921 usbd_xfer_set_frame_data(xfer, 0, 2922 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2923 usbd_xfer_set_frames(xfer, 1); 2924 } 2925 usbd_transfer_submit(xfer); 2926 break; 2927 2928 default: /* Error */ 2929 if (error != USB_ERR_CANCELLED) { 2930 /* try to clear stall first */ 2931 usbd_xfer_set_stall(xfer); 2932 if (error == USB_ERR_TIMEOUT) 2933 device_printf(sc->sc_dev, "device timeout\n"); 2934 counter_u64_add(ic->ic_ierrors, 1); 2935 goto tr_setup; 2936 } 2937 if (sc->rx_m != NULL) { 2938 m_freem(sc->rx_m); 2939 sc->rx_m = NULL; 2940 } 2941 break; 2942 } 2943 2944 if (m == NULL) 2945 return; 2946 2947 /* inputting all the frames must be last */ 2948 2949 RUN_UNLOCK(sc); 2950 2951 m->m_pkthdr.len = m->m_len = xferlen; 2952 2953 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2954 for(;;) { 2955 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2956 2957 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2958 ((dmalen & 3) != 0)) { 2959 DPRINTF("bad DMA length %u\n", dmalen); 2960 break; 2961 } 2962 if ((dmalen + 8) > (uint32_t)xferlen) { 2963 DPRINTF("bad DMA length %u > %d\n", 2964 dmalen + 8, xferlen); 2965 break; 2966 } 2967 2968 /* If it is the last one or a single frame, we won't copy. */ 2969 if ((xferlen -= dmalen + 8) <= 8) { 2970 /* trim 32-bit DMA-len header */ 2971 m->m_data += 4; 2972 m->m_pkthdr.len = m->m_len -= 4; 2973 run_rx_frame(sc, m, dmalen); 2974 m = NULL; /* don't free source buffer */ 2975 break; 2976 } 2977 2978 /* copy aggregated frames to another mbuf */ 2979 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2980 if (__predict_false(m0 == NULL)) { 2981 DPRINTF("could not allocate mbuf\n"); 2982 counter_u64_add(ic->ic_ierrors, 1); 2983 break; 2984 } 2985 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2986 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2987 m0->m_pkthdr.len = m0->m_len = 2988 dmalen + sizeof(struct rt2870_rxd); 2989 run_rx_frame(sc, m0, dmalen); 2990 2991 /* update data ptr */ 2992 m->m_data += dmalen + 8; 2993 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2994 } 2995 2996 /* make sure we free the source buffer, if any */ 2997 m_freem(m); 2998 2999 RUN_LOCK(sc); 3000} 3001 3002static void 3003run_tx_free(struct run_endpoint_queue *pq, 3004 struct run_tx_data *data, int txerr) 3005{ 3006 3007 ieee80211_tx_complete(data->ni, data->m, txerr); 3008 3009 data->m = NULL; 3010 data->ni = NULL; 3011 3012 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3013 pq->tx_nfree++; 3014} 3015 3016static void 3017run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3018{ 3019 struct run_softc *sc = usbd_xfer_softc(xfer); 3020 struct ieee80211com *ic = &sc->sc_ic; 3021 struct run_tx_data *data; 3022 struct ieee80211vap *vap = NULL; 3023 struct usb_page_cache *pc; 3024 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3025 struct mbuf *m; 3026 usb_frlength_t size; 3027 int actlen; 3028 int sumlen; 3029 3030 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3031 3032 switch (USB_GET_STATE(xfer)) { 3033 case USB_ST_TRANSFERRED: 3034 DPRINTFN(11, "transfer complete: %d " 3035 "bytes @ index %d\n", actlen, index); 3036 3037 data = usbd_xfer_get_priv(xfer); 3038 run_tx_free(pq, data, 0); 3039 usbd_xfer_set_priv(xfer, NULL); 3040 3041 /* FALLTHROUGH */ 3042 case USB_ST_SETUP: 3043tr_setup: 3044 data = STAILQ_FIRST(&pq->tx_qh); 3045 if (data == NULL) 3046 break; 3047 3048 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3049 3050 m = data->m; 3051 size = (sc->mac_ver == 0x5592) ? 3052 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3053 if ((m->m_pkthdr.len + 3054 size + 3 + 8) > RUN_MAX_TXSZ) { 3055 DPRINTF("data overflow, %u bytes\n", 3056 m->m_pkthdr.len); 3057 run_tx_free(pq, data, 1); 3058 goto tr_setup; 3059 } 3060 3061 pc = usbd_xfer_get_frame(xfer, 0); 3062 usbd_copy_in(pc, 0, &data->desc, size); 3063 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3064 size += m->m_pkthdr.len; 3065 /* 3066 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3067 * 4-byte padding), and be sure to zero those trailing 3068 * bytes: 3069 */ 3070 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3071 size += ((-size) & 3) + 8; 3072 3073 vap = data->ni->ni_vap; 3074 if (ieee80211_radiotap_active_vap(vap)) { 3075 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3076 struct rt2860_txwi *txwi = 3077 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3078 tap->wt_flags = 0; 3079 tap->wt_rate = rt2860_rates[data->ridx].rate; 3080 run_get_tsf(sc, &tap->wt_tsf); 3081 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3082 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3083 tap->wt_hwqueue = index; 3084 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3085 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3086 3087 ieee80211_radiotap_tx(vap, m); 3088 } 3089 3090 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3091 m->m_pkthdr.len, size, index); 3092 3093 usbd_xfer_set_frame_len(xfer, 0, size); 3094 usbd_xfer_set_priv(xfer, data); 3095 usbd_transfer_submit(xfer); 3096 run_start(sc); 3097 3098 break; 3099 3100 default: 3101 DPRINTF("USB transfer error, %s\n", 3102 usbd_errstr(error)); 3103 3104 data = usbd_xfer_get_priv(xfer); 3105 3106 if (data != NULL) { 3107 if(data->ni != NULL) 3108 vap = data->ni->ni_vap; 3109 run_tx_free(pq, data, error); 3110 usbd_xfer_set_priv(xfer, NULL); 3111 } 3112 3113 if (vap == NULL) 3114 vap = TAILQ_FIRST(&ic->ic_vaps); 3115 3116 if (error != USB_ERR_CANCELLED) { 3117 if (error == USB_ERR_TIMEOUT) { 3118 device_printf(sc->sc_dev, "device timeout\n"); 3119 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3120 DPRINTF("cmdq_store=%d\n", i); 3121 sc->cmdq[i].func = run_usb_timeout_cb; 3122 sc->cmdq[i].arg0 = vap; 3123 ieee80211_runtask(ic, &sc->cmdq_task); 3124 } 3125 3126 /* 3127 * Try to clear stall first, also if other 3128 * errors occur, hence clearing stall 3129 * introduces a 50 ms delay: 3130 */ 3131 usbd_xfer_set_stall(xfer); 3132 goto tr_setup; 3133 } 3134 break; 3135 } 3136} 3137 3138static void 3139run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3140{ 3141 run_bulk_tx_callbackN(xfer, error, 0); 3142} 3143 3144static void 3145run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3146{ 3147 run_bulk_tx_callbackN(xfer, error, 1); 3148} 3149 3150static void 3151run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3152{ 3153 run_bulk_tx_callbackN(xfer, error, 2); 3154} 3155 3156static void 3157run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3158{ 3159 run_bulk_tx_callbackN(xfer, error, 3); 3160} 3161 3162static void 3163run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3164{ 3165 run_bulk_tx_callbackN(xfer, error, 4); 3166} 3167 3168static void 3169run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3170{ 3171 run_bulk_tx_callbackN(xfer, error, 5); 3172} 3173 3174static void 3175run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3176{ 3177 struct mbuf *m = data->m; 3178 struct ieee80211com *ic = &sc->sc_ic; 3179 struct ieee80211vap *vap = data->ni->ni_vap; 3180 struct ieee80211_frame *wh; 3181 struct rt2870_txd *txd; 3182 struct rt2860_txwi *txwi; 3183 uint16_t xferlen, txwisize; 3184 uint16_t mcs; 3185 uint8_t ridx = data->ridx; 3186 uint8_t pad; 3187 3188 /* get MCS code from rate index */ 3189 mcs = rt2860_rates[ridx].mcs; 3190 3191 txwisize = (sc->mac_ver == 0x5592) ? 3192 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3193 xferlen = txwisize + m->m_pkthdr.len; 3194 3195 /* roundup to 32-bit alignment */ 3196 xferlen = (xferlen + 3) & ~3; 3197 3198 txd = (struct rt2870_txd *)&data->desc; 3199 txd->len = htole16(xferlen); 3200 3201 wh = mtod(m, struct ieee80211_frame *); 3202 3203 /* 3204 * Ether both are true or both are false, the header 3205 * are nicely aligned to 32-bit. So, no L2 padding. 3206 */ 3207 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3208 pad = 0; 3209 else 3210 pad = 2; 3211 3212 /* setup TX Wireless Information */ 3213 txwi = (struct rt2860_txwi *)(txd + 1); 3214 txwi->len = htole16(m->m_pkthdr.len - pad); 3215 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3216 mcs |= RT2860_PHY_CCK; 3217 if (ridx != RT2860_RIDX_CCK1 && 3218 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3219 mcs |= RT2860_PHY_SHPRE; 3220 } else 3221 mcs |= RT2860_PHY_OFDM; 3222 txwi->phy = htole16(mcs); 3223 3224 /* check if RTS/CTS or CTS-to-self protection is required */ 3225 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3226 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3227 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3228 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3229 txwi->txop |= RT2860_TX_TXOP_HT; 3230 else 3231 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3232 3233 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3234 txwi->xflags |= RT2860_TX_NSEQ; 3235} 3236 3237/* This function must be called locked */ 3238static int 3239run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3240{ 3241 struct ieee80211com *ic = &sc->sc_ic; 3242 struct ieee80211vap *vap = ni->ni_vap; 3243 struct ieee80211_frame *wh; 3244 struct ieee80211_channel *chan; 3245 const struct ieee80211_txparam *tp; 3246 struct run_node *rn = RUN_NODE(ni); 3247 struct run_tx_data *data; 3248 struct rt2870_txd *txd; 3249 struct rt2860_txwi *txwi; 3250 uint16_t qos; 3251 uint16_t dur; 3252 uint16_t qid; 3253 uint8_t type; 3254 uint8_t tid; 3255 uint8_t ridx; 3256 uint8_t ctl_ridx; 3257 uint8_t qflags; 3258 uint8_t xflags = 0; 3259 int hasqos; 3260 3261 RUN_LOCK_ASSERT(sc, MA_OWNED); 3262 3263 wh = mtod(m, struct ieee80211_frame *); 3264 3265 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3266 3267 /* 3268 * There are 7 bulk endpoints: 1 for RX 3269 * and 6 for TX (4 EDCAs + HCCA + Prio). 3270 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3271 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3272 */ 3273 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3274 uint8_t *frm; 3275 3276 if(IEEE80211_HAS_ADDR4(wh)) 3277 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3278 else 3279 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3280 3281 qos = le16toh(*(const uint16_t *)frm); 3282 tid = qos & IEEE80211_QOS_TID; 3283 qid = TID_TO_WME_AC(tid); 3284 } else { 3285 qos = 0; 3286 tid = 0; 3287 qid = WME_AC_BE; 3288 } 3289 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3290 3291 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3292 qos, qid, tid, qflags); 3293 3294 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3295 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3296 3297 /* pickup a rate index */ 3298 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3299 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3300 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3301 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3302 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3303 } else { 3304 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3305 ridx = rn->fix_ridx; 3306 else 3307 ridx = rn->amrr_ridx; 3308 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3309 } 3310 3311 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3312 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3313 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3314 xflags |= RT2860_TX_ACK; 3315 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3316 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3317 else 3318 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3319 USETW(wh->i_dur, dur); 3320 } 3321 3322 /* reserve slots for mgmt packets, just in case */ 3323 if (sc->sc_epq[qid].tx_nfree < 3) { 3324 DPRINTFN(10, "tx ring %d is full\n", qid); 3325 return (-1); 3326 } 3327 3328 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3329 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3330 sc->sc_epq[qid].tx_nfree--; 3331 3332 txd = (struct rt2870_txd *)&data->desc; 3333 txd->flags = qflags; 3334 txwi = (struct rt2860_txwi *)(txd + 1); 3335 txwi->xflags = xflags; 3336 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3337 txwi->wcid = 0; 3338 else 3339 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3340 1 : RUN_AID2WCID(ni->ni_associd); 3341 3342 /* clear leftover garbage bits */ 3343 txwi->flags = 0; 3344 txwi->txop = 0; 3345 3346 data->m = m; 3347 data->ni = ni; 3348 data->ridx = ridx; 3349 3350 run_set_tx_desc(sc, data); 3351 3352 /* 3353 * The chip keeps track of 2 kind of Tx stats, 3354 * * TX_STAT_FIFO, for per WCID stats, and 3355 * * TX_STA_CNT0 for all-TX-in-one stats. 3356 * 3357 * To use FIFO stats, we need to store MCS into the driver-private 3358 * PacketID field. So that, we can tell whose stats when we read them. 3359 * We add 1 to the MCS because setting the PacketID field to 0 means 3360 * that we don't want feedback in TX_STAT_FIFO. 3361 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3362 * 3363 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3364 */ 3365 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3366 vap->iv_opmode == IEEE80211_M_MBSS) { 3367 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3368 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3369 3370 /* 3371 * Unlike PCI based devices, we don't get any interrupt from 3372 * USB devices, so we simulate FIFO-is-full interrupt here. 3373 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3374 * quickly get fulled. To prevent overflow, increment a counter on 3375 * every FIFO stat request, so we know how many slots are left. 3376 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3377 * are used only in those modes. 3378 * We just drain stats. AMRR gets updated every 1 sec by 3379 * run_ratectl_cb() via callout. 3380 * Call it early. Otherwise overflow. 3381 */ 3382 if (sc->fifo_cnt++ == 10) { 3383 /* 3384 * With multiple vaps or if_bridge, if_start() is called 3385 * with a non-sleepable lock, tcpinp. So, need to defer. 3386 */ 3387 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3388 DPRINTFN(6, "cmdq_store=%d\n", i); 3389 sc->cmdq[i].func = run_drain_fifo; 3390 sc->cmdq[i].arg0 = sc; 3391 ieee80211_runtask(ic, &sc->cmdq_task); 3392 } 3393 } 3394 3395 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3396 3397 usbd_transfer_start(sc->sc_xfer[qid]); 3398 3399 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3400 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3401 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3402 3403 return (0); 3404} 3405 3406static int 3407run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3408{ 3409 struct ieee80211com *ic = &sc->sc_ic; 3410 struct run_node *rn = RUN_NODE(ni); 3411 struct run_tx_data *data; 3412 struct ieee80211_frame *wh; 3413 struct rt2870_txd *txd; 3414 struct rt2860_txwi *txwi; 3415 uint16_t dur; 3416 uint8_t ridx = rn->mgt_ridx; 3417 uint8_t type; 3418 uint8_t xflags = 0; 3419 uint8_t wflags = 0; 3420 3421 RUN_LOCK_ASSERT(sc, MA_OWNED); 3422 3423 wh = mtod(m, struct ieee80211_frame *); 3424 3425 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3426 3427 /* tell hardware to add timestamp for probe responses */ 3428 if ((wh->i_fc[0] & 3429 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3430 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3431 wflags |= RT2860_TX_TS; 3432 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3433 xflags |= RT2860_TX_ACK; 3434 3435 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3436 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3437 USETW(wh->i_dur, dur); 3438 } 3439 3440 if (sc->sc_epq[0].tx_nfree == 0) 3441 /* let caller free mbuf */ 3442 return (EIO); 3443 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3444 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3445 sc->sc_epq[0].tx_nfree--; 3446 3447 txd = (struct rt2870_txd *)&data->desc; 3448 txd->flags = RT2860_TX_QSEL_EDCA; 3449 txwi = (struct rt2860_txwi *)(txd + 1); 3450 txwi->wcid = 0xff; 3451 txwi->flags = wflags; 3452 txwi->xflags = xflags; 3453 txwi->txop = 0; /* clear leftover garbage bits */ 3454 3455 data->m = m; 3456 data->ni = ni; 3457 data->ridx = ridx; 3458 3459 run_set_tx_desc(sc, data); 3460 3461 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3462 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3463 rt2860_rates[ridx].rate); 3464 3465 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3466 3467 usbd_transfer_start(sc->sc_xfer[0]); 3468 3469 return (0); 3470} 3471 3472static int 3473run_sendprot(struct run_softc *sc, 3474 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3475{ 3476 struct ieee80211com *ic = ni->ni_ic; 3477 struct ieee80211_frame *wh; 3478 struct run_tx_data *data; 3479 struct rt2870_txd *txd; 3480 struct rt2860_txwi *txwi; 3481 struct mbuf *mprot; 3482 int ridx; 3483 int protrate; 3484 int ackrate; 3485 int pktlen; 3486 int isshort; 3487 uint16_t dur; 3488 uint8_t type; 3489 uint8_t wflags = 0; 3490 uint8_t xflags = 0; 3491 3492 RUN_LOCK_ASSERT(sc, MA_OWNED); 3493 3494 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3495 ("protection %d", prot)); 3496 3497 wh = mtod(m, struct ieee80211_frame *); 3498 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3499 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3500 3501 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3502 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3503 3504 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3505 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3506 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3507 wflags = RT2860_TX_FRAG; 3508 3509 /* check that there are free slots before allocating the mbuf */ 3510 if (sc->sc_epq[0].tx_nfree == 0) 3511 /* let caller free mbuf */ 3512 return (ENOBUFS); 3513 3514 if (prot == IEEE80211_PROT_RTSCTS) { 3515 /* NB: CTS is the same size as an ACK */ 3516 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3517 xflags |= RT2860_TX_ACK; 3518 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3519 } else { 3520 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3521 } 3522 if (mprot == NULL) { 3523 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3524 DPRINTF("could not allocate mbuf\n"); 3525 return (ENOBUFS); 3526 } 3527 3528 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3529 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3530 sc->sc_epq[0].tx_nfree--; 3531 3532 txd = (struct rt2870_txd *)&data->desc; 3533 txd->flags = RT2860_TX_QSEL_EDCA; 3534 txwi = (struct rt2860_txwi *)(txd + 1); 3535 txwi->wcid = 0xff; 3536 txwi->flags = wflags; 3537 txwi->xflags = xflags; 3538 txwi->txop = 0; /* clear leftover garbage bits */ 3539 3540 data->m = mprot; 3541 data->ni = ieee80211_ref_node(ni); 3542 3543 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3544 if (rt2860_rates[ridx].rate == protrate) 3545 break; 3546 data->ridx = ridx; 3547 3548 run_set_tx_desc(sc, data); 3549 3550 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3551 m->m_pkthdr.len, rate); 3552 3553 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3554 3555 usbd_transfer_start(sc->sc_xfer[0]); 3556 3557 return (0); 3558} 3559 3560static int 3561run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3562 const struct ieee80211_bpf_params *params) 3563{ 3564 struct ieee80211com *ic = ni->ni_ic; 3565 struct ieee80211_frame *wh; 3566 struct run_tx_data *data; 3567 struct rt2870_txd *txd; 3568 struct rt2860_txwi *txwi; 3569 uint8_t type; 3570 uint8_t ridx; 3571 uint8_t rate; 3572 uint8_t opflags = 0; 3573 uint8_t xflags = 0; 3574 int error; 3575 3576 RUN_LOCK_ASSERT(sc, MA_OWNED); 3577 3578 KASSERT(params != NULL, ("no raw xmit params")); 3579 3580 wh = mtod(m, struct ieee80211_frame *); 3581 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3582 3583 rate = params->ibp_rate0; 3584 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3585 /* let caller free mbuf */ 3586 return (EINVAL); 3587 } 3588 3589 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3590 xflags |= RT2860_TX_ACK; 3591 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3592 error = run_sendprot(sc, m, ni, 3593 params->ibp_flags & IEEE80211_BPF_RTS ? 3594 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3595 rate); 3596 if (error) { 3597 /* let caller free mbuf */ 3598 return error; 3599 } 3600 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3601 } 3602 3603 if (sc->sc_epq[0].tx_nfree == 0) { 3604 /* let caller free mbuf */ 3605 DPRINTF("sending raw frame, but tx ring is full\n"); 3606 return (EIO); 3607 } 3608 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3609 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3610 sc->sc_epq[0].tx_nfree--; 3611 3612 txd = (struct rt2870_txd *)&data->desc; 3613 txd->flags = RT2860_TX_QSEL_EDCA; 3614 txwi = (struct rt2860_txwi *)(txd + 1); 3615 txwi->wcid = 0xff; 3616 txwi->xflags = xflags; 3617 txwi->txop = opflags; 3618 txwi->flags = 0; /* clear leftover garbage bits */ 3619 3620 data->m = m; 3621 data->ni = ni; 3622 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3623 if (rt2860_rates[ridx].rate == rate) 3624 break; 3625 data->ridx = ridx; 3626 3627 run_set_tx_desc(sc, data); 3628 3629 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3630 m->m_pkthdr.len, rate); 3631 3632 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3633 3634 usbd_transfer_start(sc->sc_xfer[0]); 3635 3636 return (0); 3637} 3638 3639static int 3640run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3641 const struct ieee80211_bpf_params *params) 3642{ 3643 struct run_softc *sc = ni->ni_ic->ic_softc; 3644 int error = 0; 3645 3646 RUN_LOCK(sc); 3647 3648 /* prevent management frames from being sent if we're not ready */ 3649 if (!(sc->sc_flags & RUN_RUNNING)) { 3650 error = ENETDOWN; 3651 goto done; 3652 } 3653 3654 if (params == NULL) { 3655 /* tx mgt packet */ 3656 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3657 DPRINTF("mgt tx failed\n"); 3658 goto done; 3659 } 3660 } else { 3661 /* tx raw packet with param */ 3662 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3663 DPRINTF("tx with param failed\n"); 3664 goto done; 3665 } 3666 } 3667 3668done: 3669 RUN_UNLOCK(sc); 3670 3671 if (error != 0) { 3672 if(m != NULL) 3673 m_freem(m); 3674 } 3675 3676 return (error); 3677} 3678 3679static int 3680run_transmit(struct ieee80211com *ic, struct mbuf *m) 3681{ 3682 struct run_softc *sc = ic->ic_softc; 3683 int error; 3684 3685 RUN_LOCK(sc); 3686 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3687 RUN_UNLOCK(sc); 3688 return (ENXIO); 3689 } 3690 error = mbufq_enqueue(&sc->sc_snd, m); 3691 if (error) { 3692 RUN_UNLOCK(sc); 3693 return (error); 3694 } 3695 run_start(sc); 3696 RUN_UNLOCK(sc); 3697 3698 return (0); 3699} 3700 3701static void 3702run_start(struct run_softc *sc) 3703{ 3704 struct ieee80211_node *ni; 3705 struct mbuf *m; 3706 3707 RUN_LOCK_ASSERT(sc, MA_OWNED); 3708 3709 if ((sc->sc_flags & RUN_RUNNING) == 0) 3710 return; 3711 3712 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3713 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3714 if (run_tx(sc, m, ni) != 0) { 3715 mbufq_prepend(&sc->sc_snd, m); 3716 break; 3717 } 3718 } 3719} 3720 3721static void 3722run_parent(struct ieee80211com *ic) 3723{ 3724 struct run_softc *sc = ic->ic_softc; 3725 int startall = 0; 3726 3727 RUN_LOCK(sc); 3728 if (sc->sc_detached) { 3729 RUN_UNLOCK(sc); 3730 return; 3731 } 3732 3733 if (ic->ic_nrunning > 0) { 3734 if (!(sc->sc_flags & RUN_RUNNING)) { 3735 startall = 1; 3736 run_init_locked(sc); 3737 } else 3738 run_update_promisc_locked(sc); 3739 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3740 run_stop(sc); 3741 RUN_UNLOCK(sc); 3742 if (startall) 3743 ieee80211_start_all(ic); 3744} 3745 3746static void 3747run_iq_calib(struct run_softc *sc, u_int chan) 3748{ 3749 uint16_t val; 3750 3751 /* Tx0 IQ gain. */ 3752 run_bbp_write(sc, 158, 0x2c); 3753 if (chan <= 14) 3754 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3755 else if (chan <= 64) { 3756 run_efuse_read(sc, 3757 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3758 &val, 1); 3759 } else if (chan <= 138) { 3760 run_efuse_read(sc, 3761 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3762 &val, 1); 3763 } else if (chan <= 165) { 3764 run_efuse_read(sc, 3765 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3766 &val, 1); 3767 } else 3768 val = 0; 3769 run_bbp_write(sc, 159, val); 3770 3771 /* Tx0 IQ phase. */ 3772 run_bbp_write(sc, 158, 0x2d); 3773 if (chan <= 14) { 3774 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3775 &val, 1); 3776 } else if (chan <= 64) { 3777 run_efuse_read(sc, 3778 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3779 &val, 1); 3780 } else if (chan <= 138) { 3781 run_efuse_read(sc, 3782 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3783 &val, 1); 3784 } else if (chan <= 165) { 3785 run_efuse_read(sc, 3786 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3787 &val, 1); 3788 } else 3789 val = 0; 3790 run_bbp_write(sc, 159, val); 3791 3792 /* Tx1 IQ gain. */ 3793 run_bbp_write(sc, 158, 0x4a); 3794 if (chan <= 14) { 3795 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3796 &val, 1); 3797 } else if (chan <= 64) { 3798 run_efuse_read(sc, 3799 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3800 &val, 1); 3801 } else if (chan <= 138) { 3802 run_efuse_read(sc, 3803 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3804 &val, 1); 3805 } else if (chan <= 165) { 3806 run_efuse_read(sc, 3807 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3808 &val, 1); 3809 } else 3810 val = 0; 3811 run_bbp_write(sc, 159, val); 3812 3813 /* Tx1 IQ phase. */ 3814 run_bbp_write(sc, 158, 0x4b); 3815 if (chan <= 14) { 3816 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3817 &val, 1); 3818 } else if (chan <= 64) { 3819 run_efuse_read(sc, 3820 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3821 &val, 1); 3822 } else if (chan <= 138) { 3823 run_efuse_read(sc, 3824 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3825 &val, 1); 3826 } else if (chan <= 165) { 3827 run_efuse_read(sc, 3828 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3829 &val, 1); 3830 } else 3831 val = 0; 3832 run_bbp_write(sc, 159, val); 3833 3834 /* RF IQ compensation control. */ 3835 run_bbp_write(sc, 158, 0x04); 3836 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3837 &val, 1); 3838 run_bbp_write(sc, 159, val); 3839 3840 /* RF IQ imbalance compensation control. */ 3841 run_bbp_write(sc, 158, 0x03); 3842 run_efuse_read(sc, 3843 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3844 run_bbp_write(sc, 159, val); 3845} 3846 3847static void 3848run_set_agc(struct run_softc *sc, uint8_t agc) 3849{ 3850 uint8_t bbp; 3851 3852 if (sc->mac_ver == 0x3572) { 3853 run_bbp_read(sc, 27, &bbp); 3854 bbp &= ~(0x3 << 5); 3855 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3856 run_bbp_write(sc, 66, agc); 3857 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3858 run_bbp_write(sc, 66, agc); 3859 } else 3860 run_bbp_write(sc, 66, agc); 3861} 3862 3863static void 3864run_select_chan_group(struct run_softc *sc, int group) 3865{ 3866 uint32_t tmp; 3867 uint8_t agc; 3868 3869 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3870 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3871 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3872 if (sc->mac_ver < 0x3572) 3873 run_bbp_write(sc, 86, 0x00); 3874 3875 if (sc->mac_ver == 0x3593) { 3876 run_bbp_write(sc, 77, 0x98); 3877 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3878 } 3879 3880 if (group == 0) { 3881 if (sc->ext_2ghz_lna) { 3882 if (sc->mac_ver >= 0x5390) 3883 run_bbp_write(sc, 75, 0x52); 3884 else { 3885 run_bbp_write(sc, 82, 0x62); 3886 run_bbp_write(sc, 75, 0x46); 3887 } 3888 } else { 3889 if (sc->mac_ver == 0x5592) { 3890 run_bbp_write(sc, 79, 0x1c); 3891 run_bbp_write(sc, 80, 0x0e); 3892 run_bbp_write(sc, 81, 0x3a); 3893 run_bbp_write(sc, 82, 0x62); 3894 3895 run_bbp_write(sc, 195, 0x80); 3896 run_bbp_write(sc, 196, 0xe0); 3897 run_bbp_write(sc, 195, 0x81); 3898 run_bbp_write(sc, 196, 0x1f); 3899 run_bbp_write(sc, 195, 0x82); 3900 run_bbp_write(sc, 196, 0x38); 3901 run_bbp_write(sc, 195, 0x83); 3902 run_bbp_write(sc, 196, 0x32); 3903 run_bbp_write(sc, 195, 0x85); 3904 run_bbp_write(sc, 196, 0x28); 3905 run_bbp_write(sc, 195, 0x86); 3906 run_bbp_write(sc, 196, 0x19); 3907 } else if (sc->mac_ver >= 0x5390) 3908 run_bbp_write(sc, 75, 0x50); 3909 else { 3910 run_bbp_write(sc, 82, 3911 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3912 run_bbp_write(sc, 75, 0x50); 3913 } 3914 } 3915 } else { 3916 if (sc->mac_ver == 0x5592) { 3917 run_bbp_write(sc, 79, 0x18); 3918 run_bbp_write(sc, 80, 0x08); 3919 run_bbp_write(sc, 81, 0x38); 3920 run_bbp_write(sc, 82, 0x92); 3921 3922 run_bbp_write(sc, 195, 0x80); 3923 run_bbp_write(sc, 196, 0xf0); 3924 run_bbp_write(sc, 195, 0x81); 3925 run_bbp_write(sc, 196, 0x1e); 3926 run_bbp_write(sc, 195, 0x82); 3927 run_bbp_write(sc, 196, 0x28); 3928 run_bbp_write(sc, 195, 0x83); 3929 run_bbp_write(sc, 196, 0x20); 3930 run_bbp_write(sc, 195, 0x85); 3931 run_bbp_write(sc, 196, 0x7f); 3932 run_bbp_write(sc, 195, 0x86); 3933 run_bbp_write(sc, 196, 0x7f); 3934 } else if (sc->mac_ver == 0x3572) 3935 run_bbp_write(sc, 82, 0x94); 3936 else 3937 run_bbp_write(sc, 82, 3938 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3939 if (sc->ext_5ghz_lna) 3940 run_bbp_write(sc, 75, 0x46); 3941 else 3942 run_bbp_write(sc, 75, 0x50); 3943 } 3944 3945 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3946 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3947 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3948 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3949 3950 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3951 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3952 if (sc->mac_ver == 0x3593) 3953 tmp |= 1 << 29 | 1 << 28; 3954 if (sc->nrxchains > 1) 3955 tmp |= RT2860_LNA_PE1_EN; 3956 if (group == 0) { /* 2GHz */ 3957 tmp |= RT2860_PA_PE_G0_EN; 3958 if (sc->ntxchains > 1) 3959 tmp |= RT2860_PA_PE_G1_EN; 3960 if (sc->mac_ver == 0x3593) { 3961 if (sc->ntxchains > 2) 3962 tmp |= 1 << 25; 3963 } 3964 } else { /* 5GHz */ 3965 tmp |= RT2860_PA_PE_A0_EN; 3966 if (sc->ntxchains > 1) 3967 tmp |= RT2860_PA_PE_A1_EN; 3968 } 3969 if (sc->mac_ver == 0x3572) { 3970 run_rt3070_rf_write(sc, 8, 0x00); 3971 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3972 run_rt3070_rf_write(sc, 8, 0x80); 3973 } else 3974 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3975 3976 if (sc->mac_ver == 0x5592) { 3977 run_bbp_write(sc, 195, 0x8d); 3978 run_bbp_write(sc, 196, 0x1a); 3979 } 3980 3981 if (sc->mac_ver == 0x3593) { 3982 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3983 tmp &= ~0x01010000; 3984 if (group == 0) 3985 tmp |= 0x00010000; 3986 tmp = (tmp & ~0x00009090) | 0x00000090; 3987 run_write(sc, RT2860_GPIO_CTRL, tmp); 3988 } 3989 3990 /* set initial AGC value */ 3991 if (group == 0) { /* 2GHz band */ 3992 if (sc->mac_ver >= 0x3070) 3993 agc = 0x1c + sc->lna[0] * 2; 3994 else 3995 agc = 0x2e + sc->lna[0]; 3996 } else { /* 5GHz band */ 3997 if (sc->mac_ver == 0x5592) 3998 agc = 0x24 + sc->lna[group] * 2; 3999 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4000 agc = 0x22 + (sc->lna[group] * 5) / 3; 4001 else 4002 agc = 0x32 + (sc->lna[group] * 5) / 3; 4003 } 4004 run_set_agc(sc, agc); 4005} 4006 4007static void 4008run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4009{ 4010 const struct rfprog *rfprog = rt2860_rf2850; 4011 uint32_t r2, r3, r4; 4012 int8_t txpow1, txpow2; 4013 int i; 4014 4015 /* find the settings for this channel (we know it exists) */ 4016 for (i = 0; rfprog[i].chan != chan; i++); 4017 4018 r2 = rfprog[i].r2; 4019 if (sc->ntxchains == 1) 4020 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4021 if (sc->nrxchains == 1) 4022 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4023 else if (sc->nrxchains == 2) 4024 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4025 4026 /* use Tx power values from EEPROM */ 4027 txpow1 = sc->txpow1[i]; 4028 txpow2 = sc->txpow2[i]; 4029 4030 /* Initialize RF R3 and R4. */ 4031 r3 = rfprog[i].r3 & 0xffffc1ff; 4032 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4033 if (chan > 14) { 4034 if (txpow1 >= 0) { 4035 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4036 r3 |= (txpow1 << 10) | (1 << 9); 4037 } else { 4038 txpow1 += 7; 4039 4040 /* txpow1 is not possible larger than 15. */ 4041 r3 |= (txpow1 << 10); 4042 } 4043 if (txpow2 >= 0) { 4044 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4045 r4 |= (txpow2 << 7) | (1 << 6); 4046 } else { 4047 txpow2 += 7; 4048 r4 |= (txpow2 << 7); 4049 } 4050 } else { 4051 /* Set Tx0 power. */ 4052 r3 |= (txpow1 << 9); 4053 4054 /* Set frequency offset and Tx1 power. */ 4055 r4 |= (txpow2 << 6); 4056 } 4057 4058 run_rt2870_rf_write(sc, rfprog[i].r1); 4059 run_rt2870_rf_write(sc, r2); 4060 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4061 run_rt2870_rf_write(sc, r4); 4062 4063 run_delay(sc, 10); 4064 4065 run_rt2870_rf_write(sc, rfprog[i].r1); 4066 run_rt2870_rf_write(sc, r2); 4067 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4068 run_rt2870_rf_write(sc, r4); 4069 4070 run_delay(sc, 10); 4071 4072 run_rt2870_rf_write(sc, rfprog[i].r1); 4073 run_rt2870_rf_write(sc, r2); 4074 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4075 run_rt2870_rf_write(sc, r4); 4076} 4077 4078static void 4079run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4080{ 4081 int8_t txpow1, txpow2; 4082 uint8_t rf; 4083 int i; 4084 4085 /* find the settings for this channel (we know it exists) */ 4086 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4087 4088 /* use Tx power values from EEPROM */ 4089 txpow1 = sc->txpow1[i]; 4090 txpow2 = sc->txpow2[i]; 4091 4092 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4093 4094 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4095 run_rt3070_rf_read(sc, 3, &rf); 4096 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4097 run_rt3070_rf_write(sc, 3, rf); 4098 4099 run_rt3070_rf_read(sc, 6, &rf); 4100 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4101 run_rt3070_rf_write(sc, 6, rf); 4102 4103 /* set Tx0 power */ 4104 run_rt3070_rf_read(sc, 12, &rf); 4105 rf = (rf & ~0x1f) | txpow1; 4106 run_rt3070_rf_write(sc, 12, rf); 4107 4108 /* set Tx1 power */ 4109 run_rt3070_rf_read(sc, 13, &rf); 4110 rf = (rf & ~0x1f) | txpow2; 4111 run_rt3070_rf_write(sc, 13, rf); 4112 4113 run_rt3070_rf_read(sc, 1, &rf); 4114 rf &= ~0xfc; 4115 if (sc->ntxchains == 1) 4116 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4117 else if (sc->ntxchains == 2) 4118 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4119 if (sc->nrxchains == 1) 4120 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4121 else if (sc->nrxchains == 2) 4122 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4123 run_rt3070_rf_write(sc, 1, rf); 4124 4125 /* set RF offset */ 4126 run_rt3070_rf_read(sc, 23, &rf); 4127 rf = (rf & ~0x7f) | sc->freq; 4128 run_rt3070_rf_write(sc, 23, rf); 4129 4130 /* program RF filter */ 4131 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4132 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4133 run_rt3070_rf_write(sc, 24, rf); 4134 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4135 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4136 run_rt3070_rf_write(sc, 31, rf); 4137 4138 /* enable RF tuning */ 4139 run_rt3070_rf_read(sc, 7, &rf); 4140 run_rt3070_rf_write(sc, 7, rf | 0x01); 4141} 4142 4143static void 4144run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4145{ 4146 int8_t txpow1, txpow2; 4147 uint32_t tmp; 4148 uint8_t rf; 4149 int i; 4150 4151 /* find the settings for this channel (we know it exists) */ 4152 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4153 4154 /* use Tx power values from EEPROM */ 4155 txpow1 = sc->txpow1[i]; 4156 txpow2 = sc->txpow2[i]; 4157 4158 if (chan <= 14) { 4159 run_bbp_write(sc, 25, sc->bbp25); 4160 run_bbp_write(sc, 26, sc->bbp26); 4161 } else { 4162 /* enable IQ phase correction */ 4163 run_bbp_write(sc, 25, 0x09); 4164 run_bbp_write(sc, 26, 0xff); 4165 } 4166 4167 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4168 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4169 run_rt3070_rf_read(sc, 6, &rf); 4170 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4171 rf |= (chan <= 14) ? 0x08 : 0x04; 4172 run_rt3070_rf_write(sc, 6, rf); 4173 4174 /* set PLL mode */ 4175 run_rt3070_rf_read(sc, 5, &rf); 4176 rf &= ~(0x08 | 0x04); 4177 rf |= (chan <= 14) ? 0x04 : 0x08; 4178 run_rt3070_rf_write(sc, 5, rf); 4179 4180 /* set Tx power for chain 0 */ 4181 if (chan <= 14) 4182 rf = 0x60 | txpow1; 4183 else 4184 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4185 run_rt3070_rf_write(sc, 12, rf); 4186 4187 /* set Tx power for chain 1 */ 4188 if (chan <= 14) 4189 rf = 0x60 | txpow2; 4190 else 4191 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4192 run_rt3070_rf_write(sc, 13, rf); 4193 4194 /* set Tx/Rx streams */ 4195 run_rt3070_rf_read(sc, 1, &rf); 4196 rf &= ~0xfc; 4197 if (sc->ntxchains == 1) 4198 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4199 else if (sc->ntxchains == 2) 4200 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4201 if (sc->nrxchains == 1) 4202 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4203 else if (sc->nrxchains == 2) 4204 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4205 run_rt3070_rf_write(sc, 1, rf); 4206 4207 /* set RF offset */ 4208 run_rt3070_rf_read(sc, 23, &rf); 4209 rf = (rf & ~0x7f) | sc->freq; 4210 run_rt3070_rf_write(sc, 23, rf); 4211 4212 /* program RF filter */ 4213 rf = sc->rf24_20mhz; 4214 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4215 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4216 4217 /* enable RF tuning */ 4218 run_rt3070_rf_read(sc, 7, &rf); 4219 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4220 run_rt3070_rf_write(sc, 7, rf); 4221 4222 /* TSSI */ 4223 rf = (chan <= 14) ? 0xc3 : 0xc0; 4224 run_rt3070_rf_write(sc, 9, rf); 4225 4226 /* set loop filter 1 */ 4227 run_rt3070_rf_write(sc, 10, 0xf1); 4228 /* set loop filter 2 */ 4229 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4230 4231 /* set tx_mx2_ic */ 4232 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4233 /* set tx_mx1_ic */ 4234 if (chan <= 14) 4235 rf = 0x48 | sc->txmixgain_2ghz; 4236 else 4237 rf = 0x78 | sc->txmixgain_5ghz; 4238 run_rt3070_rf_write(sc, 16, rf); 4239 4240 /* set tx_lo1 */ 4241 run_rt3070_rf_write(sc, 17, 0x23); 4242 /* set tx_lo2 */ 4243 if (chan <= 14) 4244 rf = 0x93; 4245 else if (chan <= 64) 4246 rf = 0xb7; 4247 else if (chan <= 128) 4248 rf = 0x74; 4249 else 4250 rf = 0x72; 4251 run_rt3070_rf_write(sc, 19, rf); 4252 4253 /* set rx_lo1 */ 4254 if (chan <= 14) 4255 rf = 0xb3; 4256 else if (chan <= 64) 4257 rf = 0xf6; 4258 else if (chan <= 128) 4259 rf = 0xf4; 4260 else 4261 rf = 0xf3; 4262 run_rt3070_rf_write(sc, 20, rf); 4263 4264 /* set pfd_delay */ 4265 if (chan <= 14) 4266 rf = 0x15; 4267 else if (chan <= 64) 4268 rf = 0x3d; 4269 else 4270 rf = 0x01; 4271 run_rt3070_rf_write(sc, 25, rf); 4272 4273 /* set rx_lo2 */ 4274 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4275 /* set ldo_rf_vc */ 4276 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4277 /* set drv_cc */ 4278 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4279 4280 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4281 tmp &= ~0x8080; 4282 if (chan <= 14) 4283 tmp |= 0x80; 4284 run_write(sc, RT2860_GPIO_CTRL, tmp); 4285 4286 /* enable RF tuning */ 4287 run_rt3070_rf_read(sc, 7, &rf); 4288 run_rt3070_rf_write(sc, 7, rf | 0x01); 4289 4290 run_delay(sc, 2); 4291} 4292 4293static void 4294run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4295{ 4296 int8_t txpow1, txpow2, txpow3; 4297 uint8_t h20mhz, rf; 4298 int i; 4299 4300 /* find the settings for this channel (we know it exists) */ 4301 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4302 4303 /* use Tx power values from EEPROM */ 4304 txpow1 = sc->txpow1[i]; 4305 txpow2 = sc->txpow2[i]; 4306 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4307 4308 if (chan <= 14) { 4309 run_bbp_write(sc, 25, sc->bbp25); 4310 run_bbp_write(sc, 26, sc->bbp26); 4311 } else { 4312 /* Enable IQ phase correction. */ 4313 run_bbp_write(sc, 25, 0x09); 4314 run_bbp_write(sc, 26, 0xff); 4315 } 4316 4317 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4318 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4319 run_rt3070_rf_read(sc, 11, &rf); 4320 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4321 run_rt3070_rf_write(sc, 11, rf); 4322 4323 /* Set pll_idoh. */ 4324 run_rt3070_rf_read(sc, 11, &rf); 4325 rf &= ~0x4c; 4326 rf |= (chan <= 14) ? 0x44 : 0x48; 4327 run_rt3070_rf_write(sc, 11, rf); 4328 4329 if (chan <= 14) 4330 rf = txpow1 & 0x1f; 4331 else 4332 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4333 run_rt3070_rf_write(sc, 53, rf); 4334 4335 if (chan <= 14) 4336 rf = txpow2 & 0x1f; 4337 else 4338 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4339 run_rt3070_rf_write(sc, 55, rf); 4340 4341 if (chan <= 14) 4342 rf = txpow3 & 0x1f; 4343 else 4344 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4345 run_rt3070_rf_write(sc, 54, rf); 4346 4347 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4348 if (sc->ntxchains == 3) 4349 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4350 else 4351 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4352 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4353 run_rt3070_rf_write(sc, 1, rf); 4354 4355 run_adjust_freq_offset(sc); 4356 4357 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4358 4359 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4360 run_rt3070_rf_read(sc, 30, &rf); 4361 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4362 run_rt3070_rf_write(sc, 30, rf); 4363 4364 run_rt3070_rf_read(sc, 36, &rf); 4365 if (chan <= 14) 4366 rf |= 0x80; 4367 else 4368 rf &= ~0x80; 4369 run_rt3070_rf_write(sc, 36, rf); 4370 4371 /* Set vcolo_bs. */ 4372 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4373 /* Set pfd_delay. */ 4374 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4375 4376 /* Set vco bias current control. */ 4377 run_rt3070_rf_read(sc, 6, &rf); 4378 rf &= ~0xc0; 4379 if (chan <= 14) 4380 rf |= 0x40; 4381 else if (chan <= 128) 4382 rf |= 0x80; 4383 else 4384 rf |= 0x40; 4385 run_rt3070_rf_write(sc, 6, rf); 4386 4387 run_rt3070_rf_read(sc, 30, &rf); 4388 rf = (rf & ~0x18) | 0x10; 4389 run_rt3070_rf_write(sc, 30, rf); 4390 4391 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4392 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4393 4394 run_rt3070_rf_read(sc, 51, &rf); 4395 rf = (rf & ~0x03) | 0x01; 4396 run_rt3070_rf_write(sc, 51, rf); 4397 /* Set tx_mx1_cc. */ 4398 run_rt3070_rf_read(sc, 51, &rf); 4399 rf &= ~0x1c; 4400 rf |= (chan <= 14) ? 0x14 : 0x10; 4401 run_rt3070_rf_write(sc, 51, rf); 4402 /* Set tx_mx1_ic. */ 4403 run_rt3070_rf_read(sc, 51, &rf); 4404 rf &= ~0xe0; 4405 rf |= (chan <= 14) ? 0x60 : 0x40; 4406 run_rt3070_rf_write(sc, 51, rf); 4407 /* Set tx_lo1_ic. */ 4408 run_rt3070_rf_read(sc, 49, &rf); 4409 rf &= ~0x1c; 4410 rf |= (chan <= 14) ? 0x0c : 0x08; 4411 run_rt3070_rf_write(sc, 49, rf); 4412 /* Set tx_lo1_en. */ 4413 run_rt3070_rf_read(sc, 50, &rf); 4414 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4415 /* Set drv_cc. */ 4416 run_rt3070_rf_read(sc, 57, &rf); 4417 rf &= ~0xfc; 4418 rf |= (chan <= 14) ? 0x6c : 0x3c; 4419 run_rt3070_rf_write(sc, 57, rf); 4420 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4421 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4422 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4423 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4424 /* Enable VCO calibration. */ 4425 run_rt3070_rf_read(sc, 3, &rf); 4426 rf &= ~RT5390_VCOCAL; 4427 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4428 run_rt3070_rf_write(sc, 3, rf); 4429 4430 if (chan <= 14) 4431 rf = 0x23; 4432 else if (chan <= 64) 4433 rf = 0x36; 4434 else if (chan <= 128) 4435 rf = 0x32; 4436 else 4437 rf = 0x30; 4438 run_rt3070_rf_write(sc, 39, rf); 4439 if (chan <= 14) 4440 rf = 0xbb; 4441 else if (chan <= 64) 4442 rf = 0xeb; 4443 else if (chan <= 128) 4444 rf = 0xb3; 4445 else 4446 rf = 0x9b; 4447 run_rt3070_rf_write(sc, 45, rf); 4448 4449 /* Set FEQ/AEQ control. */ 4450 run_bbp_write(sc, 105, 0x34); 4451} 4452 4453static void 4454run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4455{ 4456 int8_t txpow1, txpow2; 4457 uint8_t rf; 4458 int i; 4459 4460 /* find the settings for this channel (we know it exists) */ 4461 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4462 4463 /* use Tx power values from EEPROM */ 4464 txpow1 = sc->txpow1[i]; 4465 txpow2 = sc->txpow2[i]; 4466 4467 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4468 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4469 run_rt3070_rf_read(sc, 11, &rf); 4470 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4471 run_rt3070_rf_write(sc, 11, rf); 4472 4473 run_rt3070_rf_read(sc, 49, &rf); 4474 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4475 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4476 if ((rf & 0x3f) > 0x27) 4477 rf = (rf & ~0x3f) | 0x27; 4478 run_rt3070_rf_write(sc, 49, rf); 4479 4480 if (sc->mac_ver == 0x5392) { 4481 run_rt3070_rf_read(sc, 50, &rf); 4482 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4483 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4484 if ((rf & 0x3f) > 0x27) 4485 rf = (rf & ~0x3f) | 0x27; 4486 run_rt3070_rf_write(sc, 50, rf); 4487 } 4488 4489 run_rt3070_rf_read(sc, 1, &rf); 4490 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4491 if (sc->mac_ver == 0x5392) 4492 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4493 run_rt3070_rf_write(sc, 1, rf); 4494 4495 if (sc->mac_ver != 0x5392) { 4496 run_rt3070_rf_read(sc, 2, &rf); 4497 rf |= 0x80; 4498 run_rt3070_rf_write(sc, 2, rf); 4499 run_delay(sc, 10); 4500 rf &= 0x7f; 4501 run_rt3070_rf_write(sc, 2, rf); 4502 } 4503 4504 run_adjust_freq_offset(sc); 4505 4506 if (sc->mac_ver == 0x5392) { 4507 /* Fix for RT5392C. */ 4508 if (sc->mac_rev >= 0x0223) { 4509 if (chan <= 4) 4510 rf = 0x0f; 4511 else if (chan >= 5 && chan <= 7) 4512 rf = 0x0e; 4513 else 4514 rf = 0x0d; 4515 run_rt3070_rf_write(sc, 23, rf); 4516 4517 if (chan <= 4) 4518 rf = 0x0c; 4519 else if (chan == 5) 4520 rf = 0x0b; 4521 else if (chan >= 6 && chan <= 7) 4522 rf = 0x0a; 4523 else if (chan >= 8 && chan <= 10) 4524 rf = 0x09; 4525 else 4526 rf = 0x08; 4527 run_rt3070_rf_write(sc, 59, rf); 4528 } else { 4529 if (chan <= 11) 4530 rf = 0x0f; 4531 else 4532 rf = 0x0b; 4533 run_rt3070_rf_write(sc, 59, rf); 4534 } 4535 } else { 4536 /* Fix for RT5390F. */ 4537 if (sc->mac_rev >= 0x0502) { 4538 if (chan <= 11) 4539 rf = 0x43; 4540 else 4541 rf = 0x23; 4542 run_rt3070_rf_write(sc, 55, rf); 4543 4544 if (chan <= 11) 4545 rf = 0x0f; 4546 else if (chan == 12) 4547 rf = 0x0d; 4548 else 4549 rf = 0x0b; 4550 run_rt3070_rf_write(sc, 59, rf); 4551 } else { 4552 run_rt3070_rf_write(sc, 55, 0x44); 4553 run_rt3070_rf_write(sc, 59, 0x8f); 4554 } 4555 } 4556 4557 /* Enable VCO calibration. */ 4558 run_rt3070_rf_read(sc, 3, &rf); 4559 rf |= RT5390_VCOCAL; 4560 run_rt3070_rf_write(sc, 3, rf); 4561} 4562 4563static void 4564run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4565{ 4566 const struct rt5592_freqs *freqs; 4567 uint32_t tmp; 4568 uint8_t reg, rf, txpow_bound; 4569 int8_t txpow1, txpow2; 4570 int i; 4571 4572 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4573 freqs = (tmp & RT5592_SEL_XTAL) ? 4574 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4575 4576 /* find the settings for this channel (we know it exists) */ 4577 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4578 4579 /* use Tx power values from EEPROM */ 4580 txpow1 = sc->txpow1[i]; 4581 txpow2 = sc->txpow2[i]; 4582 4583 run_read(sc, RT3070_LDO_CFG0, &tmp); 4584 tmp &= ~0x1c000000; 4585 if (chan > 14) 4586 tmp |= 0x14000000; 4587 run_write(sc, RT3070_LDO_CFG0, tmp); 4588 4589 /* N setting. */ 4590 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4591 run_rt3070_rf_read(sc, 9, &rf); 4592 rf &= ~(1 << 4); 4593 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4594 run_rt3070_rf_write(sc, 9, rf); 4595 4596 /* K setting. */ 4597 run_rt3070_rf_read(sc, 9, &rf); 4598 rf &= ~0x0f; 4599 rf |= (freqs->k & 0x0f); 4600 run_rt3070_rf_write(sc, 9, rf); 4601 4602 /* Mode setting. */ 4603 run_rt3070_rf_read(sc, 11, &rf); 4604 rf &= ~0x0c; 4605 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4606 run_rt3070_rf_write(sc, 11, rf); 4607 run_rt3070_rf_read(sc, 9, &rf); 4608 rf &= ~(1 << 7); 4609 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4610 run_rt3070_rf_write(sc, 9, rf); 4611 4612 /* R setting. */ 4613 run_rt3070_rf_read(sc, 11, &rf); 4614 rf &= ~0x03; 4615 rf |= (freqs->r - 0x1); 4616 run_rt3070_rf_write(sc, 11, rf); 4617 4618 if (chan <= 14) { 4619 /* Initialize RF registers for 2GHZ. */ 4620 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4621 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4622 rt5592_2ghz_def_rf[i].val); 4623 } 4624 4625 rf = (chan <= 10) ? 0x07 : 0x06; 4626 run_rt3070_rf_write(sc, 23, rf); 4627 run_rt3070_rf_write(sc, 59, rf); 4628 4629 run_rt3070_rf_write(sc, 55, 0x43); 4630 4631 /* 4632 * RF R49/R50 Tx power ALC code. 4633 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4634 */ 4635 reg = 2; 4636 txpow_bound = 0x27; 4637 } else { 4638 /* Initialize RF registers for 5GHZ. */ 4639 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4640 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4641 rt5592_5ghz_def_rf[i].val); 4642 } 4643 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4644 if (chan >= rt5592_chan_5ghz[i].firstchan && 4645 chan <= rt5592_chan_5ghz[i].lastchan) { 4646 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4647 rt5592_chan_5ghz[i].val); 4648 } 4649 } 4650 4651 /* 4652 * RF R49/R50 Tx power ALC code. 4653 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4654 */ 4655 reg = 3; 4656 txpow_bound = 0x2b; 4657 } 4658 4659 /* RF R49 ch0 Tx power ALC code. */ 4660 run_rt3070_rf_read(sc, 49, &rf); 4661 rf &= ~0xc0; 4662 rf |= (reg << 6); 4663 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4664 if ((rf & 0x3f) > txpow_bound) 4665 rf = (rf & ~0x3f) | txpow_bound; 4666 run_rt3070_rf_write(sc, 49, rf); 4667 4668 /* RF R50 ch1 Tx power ALC code. */ 4669 run_rt3070_rf_read(sc, 50, &rf); 4670 rf &= ~(1 << 7 | 1 << 6); 4671 rf |= (reg << 6); 4672 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4673 if ((rf & 0x3f) > txpow_bound) 4674 rf = (rf & ~0x3f) | txpow_bound; 4675 run_rt3070_rf_write(sc, 50, rf); 4676 4677 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4678 run_rt3070_rf_read(sc, 1, &rf); 4679 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4680 if (sc->ntxchains > 1) 4681 rf |= RT3070_TX1_PD; 4682 if (sc->nrxchains > 1) 4683 rf |= RT3070_RX1_PD; 4684 run_rt3070_rf_write(sc, 1, rf); 4685 4686 run_rt3070_rf_write(sc, 6, 0xe4); 4687 4688 run_rt3070_rf_write(sc, 30, 0x10); 4689 run_rt3070_rf_write(sc, 31, 0x80); 4690 run_rt3070_rf_write(sc, 32, 0x80); 4691 4692 run_adjust_freq_offset(sc); 4693 4694 /* Enable VCO calibration. */ 4695 run_rt3070_rf_read(sc, 3, &rf); 4696 rf |= RT5390_VCOCAL; 4697 run_rt3070_rf_write(sc, 3, rf); 4698} 4699 4700static void 4701run_set_rx_antenna(struct run_softc *sc, int aux) 4702{ 4703 uint32_t tmp; 4704 uint8_t bbp152; 4705 4706 if (aux) { 4707 if (sc->rf_rev == RT5390_RF_5370) { 4708 run_bbp_read(sc, 152, &bbp152); 4709 run_bbp_write(sc, 152, bbp152 & ~0x80); 4710 } else { 4711 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4712 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4713 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4714 } 4715 } else { 4716 if (sc->rf_rev == RT5390_RF_5370) { 4717 run_bbp_read(sc, 152, &bbp152); 4718 run_bbp_write(sc, 152, bbp152 | 0x80); 4719 } else { 4720 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4721 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4722 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4723 } 4724 } 4725} 4726 4727static int 4728run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4729{ 4730 struct ieee80211com *ic = &sc->sc_ic; 4731 u_int chan, group; 4732 4733 chan = ieee80211_chan2ieee(ic, c); 4734 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4735 return (EINVAL); 4736 4737 if (sc->mac_ver == 0x5592) 4738 run_rt5592_set_chan(sc, chan); 4739 else if (sc->mac_ver >= 0x5390) 4740 run_rt5390_set_chan(sc, chan); 4741 else if (sc->mac_ver == 0x3593) 4742 run_rt3593_set_chan(sc, chan); 4743 else if (sc->mac_ver == 0x3572) 4744 run_rt3572_set_chan(sc, chan); 4745 else if (sc->mac_ver >= 0x3070) 4746 run_rt3070_set_chan(sc, chan); 4747 else 4748 run_rt2870_set_chan(sc, chan); 4749 4750 /* determine channel group */ 4751 if (chan <= 14) 4752 group = 0; 4753 else if (chan <= 64) 4754 group = 1; 4755 else if (chan <= 128) 4756 group = 2; 4757 else 4758 group = 3; 4759 4760 /* XXX necessary only when group has changed! */ 4761 run_select_chan_group(sc, group); 4762 4763 run_delay(sc, 10); 4764 4765 /* Perform IQ calibration. */ 4766 if (sc->mac_ver >= 0x5392) 4767 run_iq_calib(sc, chan); 4768 4769 return (0); 4770} 4771 4772static void 4773run_set_channel(struct ieee80211com *ic) 4774{ 4775 struct run_softc *sc = ic->ic_softc; 4776 4777 RUN_LOCK(sc); 4778 run_set_chan(sc, ic->ic_curchan); 4779 RUN_UNLOCK(sc); 4780 4781 return; 4782} 4783 4784static void 4785run_getradiocaps(struct ieee80211com *ic, 4786 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4787{ 4788 struct run_softc *sc = ic->ic_softc; 4789 uint8_t bands[IEEE80211_MODE_BYTES]; 4790 4791 memset(bands, 0, sizeof(bands)); 4792 setbit(bands, IEEE80211_MODE_11B); 4793 setbit(bands, IEEE80211_MODE_11G); 4794 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans, 4795 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0); 4796 4797 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4798 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4799 sc->rf_rev == RT5592_RF_5592) { 4800 setbit(bands, IEEE80211_MODE_11A); 4801 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4802 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4803 } 4804} 4805 4806static void 4807run_scan_start(struct ieee80211com *ic) 4808{ 4809 struct run_softc *sc = ic->ic_softc; 4810 uint32_t tmp; 4811 4812 RUN_LOCK(sc); 4813 4814 /* abort TSF synchronization */ 4815 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4816 run_write(sc, RT2860_BCN_TIME_CFG, 4817 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4818 RT2860_TBTT_TIMER_EN)); 4819 run_set_bssid(sc, ieee80211broadcastaddr); 4820 4821 RUN_UNLOCK(sc); 4822 4823 return; 4824} 4825 4826static void 4827run_scan_end(struct ieee80211com *ic) 4828{ 4829 struct run_softc *sc = ic->ic_softc; 4830 4831 RUN_LOCK(sc); 4832 4833 run_enable_tsf_sync(sc); 4834 run_set_bssid(sc, sc->sc_bssid); 4835 4836 RUN_UNLOCK(sc); 4837 4838 return; 4839} 4840 4841/* 4842 * Could be called from ieee80211_node_timeout() 4843 * (non-sleepable thread) 4844 */ 4845static void 4846run_update_beacon(struct ieee80211vap *vap, int item) 4847{ 4848 struct ieee80211com *ic = vap->iv_ic; 4849 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4850 struct ieee80211_node *ni = vap->iv_bss; 4851 struct run_softc *sc = ic->ic_softc; 4852 struct run_vap *rvp = RUN_VAP(vap); 4853 int mcast = 0; 4854 uint32_t i; 4855 4856 switch (item) { 4857 case IEEE80211_BEACON_ERP: 4858 run_updateslot(ic); 4859 break; 4860 case IEEE80211_BEACON_HTINFO: 4861 run_updateprot(ic); 4862 break; 4863 case IEEE80211_BEACON_TIM: 4864 mcast = 1; /*TODO*/ 4865 break; 4866 default: 4867 break; 4868 } 4869 4870 setbit(bo->bo_flags, item); 4871 if (rvp->beacon_mbuf == NULL) { 4872 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4873 if (rvp->beacon_mbuf == NULL) 4874 return; 4875 } 4876 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4877 4878 i = RUN_CMDQ_GET(&sc->cmdq_store); 4879 DPRINTF("cmdq_store=%d\n", i); 4880 sc->cmdq[i].func = run_update_beacon_cb; 4881 sc->cmdq[i].arg0 = vap; 4882 ieee80211_runtask(ic, &sc->cmdq_task); 4883 4884 return; 4885} 4886 4887static void 4888run_update_beacon_cb(void *arg) 4889{ 4890 struct ieee80211vap *vap = arg; 4891 struct ieee80211_node *ni = vap->iv_bss; 4892 struct run_vap *rvp = RUN_VAP(vap); 4893 struct ieee80211com *ic = vap->iv_ic; 4894 struct run_softc *sc = ic->ic_softc; 4895 struct rt2860_txwi txwi; 4896 struct mbuf *m; 4897 uint16_t txwisize; 4898 uint8_t ridx; 4899 4900 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4901 return; 4902 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4903 return; 4904 4905 /* 4906 * No need to call ieee80211_beacon_update(), run_update_beacon() 4907 * is taking care of appropriate calls. 4908 */ 4909 if (rvp->beacon_mbuf == NULL) { 4910 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4911 if (rvp->beacon_mbuf == NULL) 4912 return; 4913 } 4914 m = rvp->beacon_mbuf; 4915 4916 memset(&txwi, 0, sizeof(txwi)); 4917 txwi.wcid = 0xff; 4918 txwi.len = htole16(m->m_pkthdr.len); 4919 4920 /* send beacons at the lowest available rate */ 4921 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4922 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4923 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4924 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4925 txwi.phy |= htole16(RT2860_PHY_OFDM); 4926 txwi.txop = RT2860_TX_TXOP_HT; 4927 txwi.flags = RT2860_TX_TS; 4928 txwi.xflags = RT2860_TX_NSEQ; 4929 4930 txwisize = (sc->mac_ver == 0x5592) ? 4931 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4932 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4933 txwisize); 4934 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4935 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4936} 4937 4938static void 4939run_updateprot(struct ieee80211com *ic) 4940{ 4941 struct run_softc *sc = ic->ic_softc; 4942 uint32_t i; 4943 4944 i = RUN_CMDQ_GET(&sc->cmdq_store); 4945 DPRINTF("cmdq_store=%d\n", i); 4946 sc->cmdq[i].func = run_updateprot_cb; 4947 sc->cmdq[i].arg0 = ic; 4948 ieee80211_runtask(ic, &sc->cmdq_task); 4949} 4950 4951static void 4952run_updateprot_cb(void *arg) 4953{ 4954 struct ieee80211com *ic = arg; 4955 struct run_softc *sc = ic->ic_softc; 4956 uint32_t tmp; 4957 4958 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4959 /* setup protection frame rate (MCS code) */ 4960 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4961 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4962 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4963 4964 /* CCK frames don't require protection */ 4965 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4966 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4967 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4968 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4969 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4970 tmp |= RT2860_PROT_CTRL_CTS; 4971 } 4972 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4973} 4974 4975static void 4976run_usb_timeout_cb(void *arg) 4977{ 4978 struct ieee80211vap *vap = arg; 4979 struct run_softc *sc = vap->iv_ic->ic_softc; 4980 4981 RUN_LOCK_ASSERT(sc, MA_OWNED); 4982 4983 if(vap->iv_state == IEEE80211_S_RUN && 4984 vap->iv_opmode != IEEE80211_M_STA) 4985 run_reset_livelock(sc); 4986 else if (vap->iv_state == IEEE80211_S_SCAN) { 4987 DPRINTF("timeout caused by scan\n"); 4988 /* cancel bgscan */ 4989 ieee80211_cancel_scan(vap); 4990 } else 4991 DPRINTF("timeout by unknown cause\n"); 4992} 4993 4994static void 4995run_reset_livelock(struct run_softc *sc) 4996{ 4997 uint32_t tmp; 4998 4999 RUN_LOCK_ASSERT(sc, MA_OWNED); 5000 5001 /* 5002 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5003 * can run into a livelock and start sending CTS-to-self frames like 5004 * crazy if protection is enabled. Reset MAC/BBP for a while 5005 */ 5006 run_read(sc, RT2860_DEBUG, &tmp); 5007 DPRINTFN(3, "debug reg %08x\n", tmp); 5008 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5009 DPRINTF("CTS-to-self livelock detected\n"); 5010 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5011 run_delay(sc, 1); 5012 run_write(sc, RT2860_MAC_SYS_CTRL, 5013 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5014 } 5015} 5016 5017static void 5018run_update_promisc_locked(struct run_softc *sc) 5019{ 5020 uint32_t tmp; 5021 5022 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5023 5024 tmp |= RT2860_DROP_UC_NOME; 5025 if (sc->sc_ic.ic_promisc > 0) 5026 tmp &= ~RT2860_DROP_UC_NOME; 5027 5028 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5029 5030 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5031 "entering" : "leaving"); 5032} 5033 5034static void 5035run_update_promisc(struct ieee80211com *ic) 5036{ 5037 struct run_softc *sc = ic->ic_softc; 5038 5039 if ((sc->sc_flags & RUN_RUNNING) == 0) 5040 return; 5041 5042 RUN_LOCK(sc); 5043 run_update_promisc_locked(sc); 5044 RUN_UNLOCK(sc); 5045} 5046 5047static void 5048run_enable_tsf_sync(struct run_softc *sc) 5049{ 5050 struct ieee80211com *ic = &sc->sc_ic; 5051 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5052 uint32_t tmp; 5053 5054 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5055 ic->ic_opmode); 5056 5057 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5058 tmp &= ~0x1fffff; 5059 tmp |= vap->iv_bss->ni_intval * 16; 5060 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5061 5062 if (ic->ic_opmode == IEEE80211_M_STA) { 5063 /* 5064 * Local TSF is always updated with remote TSF on beacon 5065 * reception. 5066 */ 5067 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5068 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5069 tmp |= RT2860_BCN_TX_EN; 5070 /* 5071 * Local TSF is updated with remote TSF on beacon reception 5072 * only if the remote TSF is greater than local TSF. 5073 */ 5074 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5075 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5076 ic->ic_opmode == IEEE80211_M_MBSS) { 5077 tmp |= RT2860_BCN_TX_EN; 5078 /* SYNC with nobody */ 5079 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5080 } else { 5081 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5082 return; 5083 } 5084 5085 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5086} 5087 5088static void 5089run_enable_tsf(struct run_softc *sc) 5090{ 5091 uint32_t tmp; 5092 5093 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5094 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5095 tmp |= RT2860_TSF_TIMER_EN; 5096 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5097 } 5098} 5099 5100static void 5101run_get_tsf(struct run_softc *sc, uint64_t *buf) 5102{ 5103 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5104 sizeof(*buf)); 5105} 5106 5107static void 5108run_enable_mrr(struct run_softc *sc) 5109{ 5110#define CCK(mcs) (mcs) 5111#define OFDM(mcs) (1 << 3 | (mcs)) 5112 run_write(sc, RT2860_LG_FBK_CFG0, 5113 OFDM(6) << 28 | /* 54->48 */ 5114 OFDM(5) << 24 | /* 48->36 */ 5115 OFDM(4) << 20 | /* 36->24 */ 5116 OFDM(3) << 16 | /* 24->18 */ 5117 OFDM(2) << 12 | /* 18->12 */ 5118 OFDM(1) << 8 | /* 12-> 9 */ 5119 OFDM(0) << 4 | /* 9-> 6 */ 5120 OFDM(0)); /* 6-> 6 */ 5121 5122 run_write(sc, RT2860_LG_FBK_CFG1, 5123 CCK(2) << 12 | /* 11->5.5 */ 5124 CCK(1) << 8 | /* 5.5-> 2 */ 5125 CCK(0) << 4 | /* 2-> 1 */ 5126 CCK(0)); /* 1-> 1 */ 5127#undef OFDM 5128#undef CCK 5129} 5130 5131static void 5132run_set_txpreamble(struct run_softc *sc) 5133{ 5134 struct ieee80211com *ic = &sc->sc_ic; 5135 uint32_t tmp; 5136 5137 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5138 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5139 tmp |= RT2860_CCK_SHORT_EN; 5140 else 5141 tmp &= ~RT2860_CCK_SHORT_EN; 5142 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5143} 5144 5145static void 5146run_set_basicrates(struct run_softc *sc) 5147{ 5148 struct ieee80211com *ic = &sc->sc_ic; 5149 5150 /* set basic rates mask */ 5151 if (ic->ic_curmode == IEEE80211_MODE_11B) 5152 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5153 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5154 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5155 else /* 11g */ 5156 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5157} 5158 5159static void 5160run_set_leds(struct run_softc *sc, uint16_t which) 5161{ 5162 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5163 which | (sc->leds & 0x7f)); 5164} 5165 5166static void 5167run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5168{ 5169 run_write(sc, RT2860_MAC_BSSID_DW0, 5170 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5171 run_write(sc, RT2860_MAC_BSSID_DW1, 5172 bssid[4] | bssid[5] << 8); 5173} 5174 5175static void 5176run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5177{ 5178 run_write(sc, RT2860_MAC_ADDR_DW0, 5179 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5180 run_write(sc, RT2860_MAC_ADDR_DW1, 5181 addr[4] | addr[5] << 8 | 0xff << 16); 5182} 5183 5184static void 5185run_updateslot(struct ieee80211com *ic) 5186{ 5187 struct run_softc *sc = ic->ic_softc; 5188 uint32_t i; 5189 5190 i = RUN_CMDQ_GET(&sc->cmdq_store); 5191 DPRINTF("cmdq_store=%d\n", i); 5192 sc->cmdq[i].func = run_updateslot_cb; 5193 sc->cmdq[i].arg0 = ic; 5194 ieee80211_runtask(ic, &sc->cmdq_task); 5195 5196 return; 5197} 5198 5199/* ARGSUSED */ 5200static void 5201run_updateslot_cb(void *arg) 5202{ 5203 struct ieee80211com *ic = arg; 5204 struct run_softc *sc = ic->ic_softc; 5205 uint32_t tmp; 5206 5207 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5208 tmp &= ~0xff; 5209 tmp |= IEEE80211_GET_SLOTTIME(ic); 5210 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5211} 5212 5213static void 5214run_update_mcast(struct ieee80211com *ic) 5215{ 5216} 5217 5218static int8_t 5219run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5220{ 5221 struct ieee80211com *ic = &sc->sc_ic; 5222 struct ieee80211_channel *c = ic->ic_curchan; 5223 int delta; 5224 5225 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5226 u_int chan = ieee80211_chan2ieee(ic, c); 5227 delta = sc->rssi_5ghz[rxchain]; 5228 5229 /* determine channel group */ 5230 if (chan <= 64) 5231 delta -= sc->lna[1]; 5232 else if (chan <= 128) 5233 delta -= sc->lna[2]; 5234 else 5235 delta -= sc->lna[3]; 5236 } else 5237 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5238 5239 return (-12 - delta - rssi); 5240} 5241 5242static void 5243run_rt5390_bbp_init(struct run_softc *sc) 5244{ 5245 u_int i; 5246 uint8_t bbp; 5247 5248 /* Apply maximum likelihood detection for 2 stream case. */ 5249 run_bbp_read(sc, 105, &bbp); 5250 if (sc->nrxchains > 1) 5251 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5252 5253 /* Avoid data lost and CRC error. */ 5254 run_bbp_read(sc, 4, &bbp); 5255 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5256 5257 if (sc->mac_ver == 0x5592) { 5258 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5259 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5260 rt5592_def_bbp[i].val); 5261 } 5262 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5263 run_bbp_write(sc, 195, i + 0x80); 5264 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5265 } 5266 } else { 5267 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5268 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5269 rt5390_def_bbp[i].val); 5270 } 5271 } 5272 if (sc->mac_ver == 0x5392) { 5273 run_bbp_write(sc, 88, 0x90); 5274 run_bbp_write(sc, 95, 0x9a); 5275 run_bbp_write(sc, 98, 0x12); 5276 run_bbp_write(sc, 106, 0x12); 5277 run_bbp_write(sc, 134, 0xd0); 5278 run_bbp_write(sc, 135, 0xf6); 5279 run_bbp_write(sc, 148, 0x84); 5280 } 5281 5282 run_bbp_read(sc, 152, &bbp); 5283 run_bbp_write(sc, 152, bbp | 0x80); 5284 5285 /* Fix BBP254 for RT5592C. */ 5286 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5287 run_bbp_read(sc, 254, &bbp); 5288 run_bbp_write(sc, 254, bbp | 0x80); 5289 } 5290 5291 /* Disable hardware antenna diversity. */ 5292 if (sc->mac_ver == 0x5390) 5293 run_bbp_write(sc, 154, 0); 5294 5295 /* Initialize Rx CCK/OFDM frequency offset report. */ 5296 run_bbp_write(sc, 142, 1); 5297 run_bbp_write(sc, 143, 57); 5298} 5299 5300static int 5301run_bbp_init(struct run_softc *sc) 5302{ 5303 int i, error, ntries; 5304 uint8_t bbp0; 5305 5306 /* wait for BBP to wake up */ 5307 for (ntries = 0; ntries < 20; ntries++) { 5308 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5309 return error; 5310 if (bbp0 != 0 && bbp0 != 0xff) 5311 break; 5312 } 5313 if (ntries == 20) 5314 return (ETIMEDOUT); 5315 5316 /* initialize BBP registers to default values */ 5317 if (sc->mac_ver >= 0x5390) 5318 run_rt5390_bbp_init(sc); 5319 else { 5320 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5321 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5322 rt2860_def_bbp[i].val); 5323 } 5324 } 5325 5326 if (sc->mac_ver == 0x3593) { 5327 run_bbp_write(sc, 79, 0x13); 5328 run_bbp_write(sc, 80, 0x05); 5329 run_bbp_write(sc, 81, 0x33); 5330 run_bbp_write(sc, 86, 0x46); 5331 run_bbp_write(sc, 137, 0x0f); 5332 } 5333 5334 /* fix BBP84 for RT2860E */ 5335 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5336 run_bbp_write(sc, 84, 0x19); 5337 5338 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5339 sc->mac_ver != 0x5592)) { 5340 run_bbp_write(sc, 79, 0x13); 5341 run_bbp_write(sc, 80, 0x05); 5342 run_bbp_write(sc, 81, 0x33); 5343 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5344 run_bbp_write(sc, 69, 0x16); 5345 run_bbp_write(sc, 73, 0x12); 5346 } 5347 return (0); 5348} 5349 5350static int 5351run_rt3070_rf_init(struct run_softc *sc) 5352{ 5353 uint32_t tmp; 5354 uint8_t bbp4, mingain, rf, target; 5355 u_int i; 5356 5357 run_rt3070_rf_read(sc, 30, &rf); 5358 /* toggle RF R30 bit 7 */ 5359 run_rt3070_rf_write(sc, 30, rf | 0x80); 5360 run_delay(sc, 10); 5361 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5362 5363 /* initialize RF registers to default value */ 5364 if (sc->mac_ver == 0x3572) { 5365 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5366 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5367 rt3572_def_rf[i].val); 5368 } 5369 } else { 5370 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5371 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5372 rt3070_def_rf[i].val); 5373 } 5374 } 5375 5376 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5377 /* 5378 * Change voltage from 1.2V to 1.35V for RT3070. 5379 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5380 * in RT3070(F). 5381 */ 5382 run_read(sc, RT3070_LDO_CFG0, &tmp); 5383 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5384 run_write(sc, RT3070_LDO_CFG0, tmp); 5385 5386 } else if (sc->mac_ver == 0x3071) { 5387 run_rt3070_rf_read(sc, 6, &rf); 5388 run_rt3070_rf_write(sc, 6, rf | 0x40); 5389 run_rt3070_rf_write(sc, 31, 0x14); 5390 5391 run_read(sc, RT3070_LDO_CFG0, &tmp); 5392 tmp &= ~0x1f000000; 5393 if (sc->mac_rev < 0x0211) 5394 tmp |= 0x0d000000; /* 1.3V */ 5395 else 5396 tmp |= 0x01000000; /* 1.2V */ 5397 run_write(sc, RT3070_LDO_CFG0, tmp); 5398 5399 /* patch LNA_PE_G1 */ 5400 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5401 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5402 5403 } else if (sc->mac_ver == 0x3572) { 5404 run_rt3070_rf_read(sc, 6, &rf); 5405 run_rt3070_rf_write(sc, 6, rf | 0x40); 5406 5407 /* increase voltage from 1.2V to 1.35V */ 5408 run_read(sc, RT3070_LDO_CFG0, &tmp); 5409 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5410 run_write(sc, RT3070_LDO_CFG0, tmp); 5411 5412 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5413 run_delay(sc, 1); /* wait for 1msec */ 5414 /* decrease voltage back to 1.2V */ 5415 tmp = (tmp & ~0x1f000000) | 0x01000000; 5416 run_write(sc, RT3070_LDO_CFG0, tmp); 5417 } 5418 } 5419 5420 /* select 20MHz bandwidth */ 5421 run_rt3070_rf_read(sc, 31, &rf); 5422 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5423 5424 /* calibrate filter for 20MHz bandwidth */ 5425 sc->rf24_20mhz = 0x1f; /* default value */ 5426 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5427 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5428 5429 /* select 40MHz bandwidth */ 5430 run_bbp_read(sc, 4, &bbp4); 5431 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5432 run_rt3070_rf_read(sc, 31, &rf); 5433 run_rt3070_rf_write(sc, 31, rf | 0x20); 5434 5435 /* calibrate filter for 40MHz bandwidth */ 5436 sc->rf24_40mhz = 0x2f; /* default value */ 5437 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5438 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5439 5440 /* go back to 20MHz bandwidth */ 5441 run_bbp_read(sc, 4, &bbp4); 5442 run_bbp_write(sc, 4, bbp4 & ~0x18); 5443 5444 if (sc->mac_ver == 0x3572) { 5445 /* save default BBP registers 25 and 26 values */ 5446 run_bbp_read(sc, 25, &sc->bbp25); 5447 run_bbp_read(sc, 26, &sc->bbp26); 5448 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5449 run_rt3070_rf_write(sc, 27, 0x03); 5450 5451 run_read(sc, RT3070_OPT_14, &tmp); 5452 run_write(sc, RT3070_OPT_14, tmp | 1); 5453 5454 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5455 run_rt3070_rf_read(sc, 17, &rf); 5456 rf &= ~RT3070_TX_LO1; 5457 if ((sc->mac_ver == 0x3070 || 5458 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5459 !sc->ext_2ghz_lna) 5460 rf |= 0x20; /* fix for long range Rx issue */ 5461 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5462 if (sc->txmixgain_2ghz >= mingain) 5463 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5464 run_rt3070_rf_write(sc, 17, rf); 5465 } 5466 5467 if (sc->mac_ver == 0x3071) { 5468 run_rt3070_rf_read(sc, 1, &rf); 5469 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5470 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5471 run_rt3070_rf_write(sc, 1, rf); 5472 5473 run_rt3070_rf_read(sc, 15, &rf); 5474 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5475 5476 run_rt3070_rf_read(sc, 20, &rf); 5477 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5478 5479 run_rt3070_rf_read(sc, 21, &rf); 5480 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5481 } 5482 5483 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5484 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5485 run_rt3070_rf_read(sc, 27, &rf); 5486 rf &= ~0x77; 5487 if (sc->mac_rev < 0x0211) 5488 rf |= 0x03; 5489 run_rt3070_rf_write(sc, 27, rf); 5490 } 5491 return (0); 5492} 5493 5494static void 5495run_rt3593_rf_init(struct run_softc *sc) 5496{ 5497 uint32_t tmp; 5498 uint8_t rf; 5499 u_int i; 5500 5501 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5502 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5503 tmp &= ~(1 << 4 | 1 << 7); 5504 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5505 5506 /* Initialize RF registers to default value. */ 5507 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5508 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5509 rt3593_def_rf[i].val); 5510 } 5511 5512 /* Toggle RF R2 to initiate calibration. */ 5513 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5514 5515 /* Initialize RF frequency offset. */ 5516 run_adjust_freq_offset(sc); 5517 5518 run_rt3070_rf_read(sc, 18, &rf); 5519 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5520 5521 /* 5522 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5523 * decrease voltage back to 1.2V. 5524 */ 5525 run_read(sc, RT3070_LDO_CFG0, &tmp); 5526 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5527 run_write(sc, RT3070_LDO_CFG0, tmp); 5528 run_delay(sc, 1); 5529 tmp = (tmp & ~0x1f000000) | 0x01000000; 5530 run_write(sc, RT3070_LDO_CFG0, tmp); 5531 5532 sc->rf24_20mhz = 0x1f; 5533 sc->rf24_40mhz = 0x2f; 5534 5535 /* Save default BBP registers 25 and 26 values. */ 5536 run_bbp_read(sc, 25, &sc->bbp25); 5537 run_bbp_read(sc, 26, &sc->bbp26); 5538 5539 run_read(sc, RT3070_OPT_14, &tmp); 5540 run_write(sc, RT3070_OPT_14, tmp | 1); 5541} 5542 5543static void 5544run_rt5390_rf_init(struct run_softc *sc) 5545{ 5546 uint32_t tmp; 5547 uint8_t rf; 5548 u_int i; 5549 5550 /* Toggle RF R2 to initiate calibration. */ 5551 if (sc->mac_ver == 0x5390) { 5552 run_rt3070_rf_read(sc, 2, &rf); 5553 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5554 run_delay(sc, 10); 5555 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5556 } else { 5557 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5558 run_delay(sc, 10); 5559 } 5560 5561 /* Initialize RF registers to default value. */ 5562 if (sc->mac_ver == 0x5592) { 5563 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5564 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5565 rt5592_def_rf[i].val); 5566 } 5567 /* Initialize RF frequency offset. */ 5568 run_adjust_freq_offset(sc); 5569 } else if (sc->mac_ver == 0x5392) { 5570 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5571 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5572 rt5392_def_rf[i].val); 5573 } 5574 if (sc->mac_rev >= 0x0223) { 5575 run_rt3070_rf_write(sc, 23, 0x0f); 5576 run_rt3070_rf_write(sc, 24, 0x3e); 5577 run_rt3070_rf_write(sc, 51, 0x32); 5578 run_rt3070_rf_write(sc, 53, 0x22); 5579 run_rt3070_rf_write(sc, 56, 0xc1); 5580 run_rt3070_rf_write(sc, 59, 0x0f); 5581 } 5582 } else { 5583 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5584 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5585 rt5390_def_rf[i].val); 5586 } 5587 if (sc->mac_rev >= 0x0502) { 5588 run_rt3070_rf_write(sc, 6, 0xe0); 5589 run_rt3070_rf_write(sc, 25, 0x80); 5590 run_rt3070_rf_write(sc, 46, 0x73); 5591 run_rt3070_rf_write(sc, 53, 0x00); 5592 run_rt3070_rf_write(sc, 56, 0x42); 5593 run_rt3070_rf_write(sc, 61, 0xd1); 5594 } 5595 } 5596 5597 sc->rf24_20mhz = 0x1f; /* default value */ 5598 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5599 5600 if (sc->mac_rev < 0x0211) 5601 run_rt3070_rf_write(sc, 27, 0x3); 5602 5603 run_read(sc, RT3070_OPT_14, &tmp); 5604 run_write(sc, RT3070_OPT_14, tmp | 1); 5605} 5606 5607static int 5608run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5609 uint8_t *val) 5610{ 5611 uint8_t rf22, rf24; 5612 uint8_t bbp55_pb, bbp55_sb, delta; 5613 int ntries; 5614 5615 /* program filter */ 5616 run_rt3070_rf_read(sc, 24, &rf24); 5617 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5618 run_rt3070_rf_write(sc, 24, rf24); 5619 5620 /* enable baseband loopback mode */ 5621 run_rt3070_rf_read(sc, 22, &rf22); 5622 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5623 5624 /* set power and frequency of passband test tone */ 5625 run_bbp_write(sc, 24, 0x00); 5626 for (ntries = 0; ntries < 100; ntries++) { 5627 /* transmit test tone */ 5628 run_bbp_write(sc, 25, 0x90); 5629 run_delay(sc, 10); 5630 /* read received power */ 5631 run_bbp_read(sc, 55, &bbp55_pb); 5632 if (bbp55_pb != 0) 5633 break; 5634 } 5635 if (ntries == 100) 5636 return (ETIMEDOUT); 5637 5638 /* set power and frequency of stopband test tone */ 5639 run_bbp_write(sc, 24, 0x06); 5640 for (ntries = 0; ntries < 100; ntries++) { 5641 /* transmit test tone */ 5642 run_bbp_write(sc, 25, 0x90); 5643 run_delay(sc, 10); 5644 /* read received power */ 5645 run_bbp_read(sc, 55, &bbp55_sb); 5646 5647 delta = bbp55_pb - bbp55_sb; 5648 if (delta > target) 5649 break; 5650 5651 /* reprogram filter */ 5652 rf24++; 5653 run_rt3070_rf_write(sc, 24, rf24); 5654 } 5655 if (ntries < 100) { 5656 if (rf24 != init) 5657 rf24--; /* backtrack */ 5658 *val = rf24; 5659 run_rt3070_rf_write(sc, 24, rf24); 5660 } 5661 5662 /* restore initial state */ 5663 run_bbp_write(sc, 24, 0x00); 5664 5665 /* disable baseband loopback mode */ 5666 run_rt3070_rf_read(sc, 22, &rf22); 5667 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5668 5669 return (0); 5670} 5671 5672static void 5673run_rt3070_rf_setup(struct run_softc *sc) 5674{ 5675 uint8_t bbp, rf; 5676 int i; 5677 5678 if (sc->mac_ver == 0x3572) { 5679 /* enable DC filter */ 5680 if (sc->mac_rev >= 0x0201) 5681 run_bbp_write(sc, 103, 0xc0); 5682 5683 run_bbp_read(sc, 138, &bbp); 5684 if (sc->ntxchains == 1) 5685 bbp |= 0x20; /* turn off DAC1 */ 5686 if (sc->nrxchains == 1) 5687 bbp &= ~0x02; /* turn off ADC1 */ 5688 run_bbp_write(sc, 138, bbp); 5689 5690 if (sc->mac_rev >= 0x0211) { 5691 /* improve power consumption */ 5692 run_bbp_read(sc, 31, &bbp); 5693 run_bbp_write(sc, 31, bbp & ~0x03); 5694 } 5695 5696 run_rt3070_rf_read(sc, 16, &rf); 5697 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5698 run_rt3070_rf_write(sc, 16, rf); 5699 5700 } else if (sc->mac_ver == 0x3071) { 5701 if (sc->mac_rev >= 0x0211) { 5702 /* enable DC filter */ 5703 run_bbp_write(sc, 103, 0xc0); 5704 5705 /* improve power consumption */ 5706 run_bbp_read(sc, 31, &bbp); 5707 run_bbp_write(sc, 31, bbp & ~0x03); 5708 } 5709 5710 run_bbp_read(sc, 138, &bbp); 5711 if (sc->ntxchains == 1) 5712 bbp |= 0x20; /* turn off DAC1 */ 5713 if (sc->nrxchains == 1) 5714 bbp &= ~0x02; /* turn off ADC1 */ 5715 run_bbp_write(sc, 138, bbp); 5716 5717 run_write(sc, RT2860_TX_SW_CFG1, 0); 5718 if (sc->mac_rev < 0x0211) { 5719 run_write(sc, RT2860_TX_SW_CFG2, 5720 sc->patch_dac ? 0x2c : 0x0f); 5721 } else 5722 run_write(sc, RT2860_TX_SW_CFG2, 0); 5723 5724 } else if (sc->mac_ver == 0x3070) { 5725 if (sc->mac_rev >= 0x0201) { 5726 /* enable DC filter */ 5727 run_bbp_write(sc, 103, 0xc0); 5728 5729 /* improve power consumption */ 5730 run_bbp_read(sc, 31, &bbp); 5731 run_bbp_write(sc, 31, bbp & ~0x03); 5732 } 5733 5734 if (sc->mac_rev < 0x0201) { 5735 run_write(sc, RT2860_TX_SW_CFG1, 0); 5736 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5737 } else 5738 run_write(sc, RT2860_TX_SW_CFG2, 0); 5739 } 5740 5741 /* initialize RF registers from ROM for >=RT3071*/ 5742 if (sc->mac_ver >= 0x3071) { 5743 for (i = 0; i < 10; i++) { 5744 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5745 continue; 5746 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5747 } 5748 } 5749} 5750 5751static void 5752run_rt3593_rf_setup(struct run_softc *sc) 5753{ 5754 uint8_t bbp, rf; 5755 5756 if (sc->mac_rev >= 0x0211) { 5757 /* Enable DC filter. */ 5758 run_bbp_write(sc, 103, 0xc0); 5759 } 5760 run_write(sc, RT2860_TX_SW_CFG1, 0); 5761 if (sc->mac_rev < 0x0211) { 5762 run_write(sc, RT2860_TX_SW_CFG2, 5763 sc->patch_dac ? 0x2c : 0x0f); 5764 } else 5765 run_write(sc, RT2860_TX_SW_CFG2, 0); 5766 5767 run_rt3070_rf_read(sc, 50, &rf); 5768 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5769 5770 run_rt3070_rf_read(sc, 51, &rf); 5771 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5772 ((sc->txmixgain_2ghz & 0x07) << 2); 5773 run_rt3070_rf_write(sc, 51, rf); 5774 5775 run_rt3070_rf_read(sc, 38, &rf); 5776 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5777 5778 run_rt3070_rf_read(sc, 39, &rf); 5779 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5780 5781 run_rt3070_rf_read(sc, 1, &rf); 5782 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5783 5784 run_rt3070_rf_read(sc, 30, &rf); 5785 rf = (rf & ~0x18) | 0x10; 5786 run_rt3070_rf_write(sc, 30, rf); 5787 5788 /* Apply maximum likelihood detection for 2 stream case. */ 5789 run_bbp_read(sc, 105, &bbp); 5790 if (sc->nrxchains > 1) 5791 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5792 5793 /* Avoid data lost and CRC error. */ 5794 run_bbp_read(sc, 4, &bbp); 5795 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5796 5797 run_bbp_write(sc, 92, 0x02); 5798 run_bbp_write(sc, 82, 0x82); 5799 run_bbp_write(sc, 106, 0x05); 5800 run_bbp_write(sc, 104, 0x92); 5801 run_bbp_write(sc, 88, 0x90); 5802 run_bbp_write(sc, 148, 0xc8); 5803 run_bbp_write(sc, 47, 0x48); 5804 run_bbp_write(sc, 120, 0x50); 5805 5806 run_bbp_write(sc, 163, 0x9d); 5807 5808 /* SNR mapping. */ 5809 run_bbp_write(sc, 142, 0x06); 5810 run_bbp_write(sc, 143, 0xa0); 5811 run_bbp_write(sc, 142, 0x07); 5812 run_bbp_write(sc, 143, 0xa1); 5813 run_bbp_write(sc, 142, 0x08); 5814 run_bbp_write(sc, 143, 0xa2); 5815 5816 run_bbp_write(sc, 31, 0x08); 5817 run_bbp_write(sc, 68, 0x0b); 5818 run_bbp_write(sc, 105, 0x04); 5819} 5820 5821static void 5822run_rt5390_rf_setup(struct run_softc *sc) 5823{ 5824 uint8_t bbp, rf; 5825 5826 if (sc->mac_rev >= 0x0211) { 5827 /* Enable DC filter. */ 5828 run_bbp_write(sc, 103, 0xc0); 5829 5830 if (sc->mac_ver != 0x5592) { 5831 /* Improve power consumption. */ 5832 run_bbp_read(sc, 31, &bbp); 5833 run_bbp_write(sc, 31, bbp & ~0x03); 5834 } 5835 } 5836 5837 run_bbp_read(sc, 138, &bbp); 5838 if (sc->ntxchains == 1) 5839 bbp |= 0x20; /* turn off DAC1 */ 5840 if (sc->nrxchains == 1) 5841 bbp &= ~0x02; /* turn off ADC1 */ 5842 run_bbp_write(sc, 138, bbp); 5843 5844 run_rt3070_rf_read(sc, 38, &rf); 5845 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5846 5847 run_rt3070_rf_read(sc, 39, &rf); 5848 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5849 5850 /* Avoid data lost and CRC error. */ 5851 run_bbp_read(sc, 4, &bbp); 5852 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5853 5854 run_rt3070_rf_read(sc, 30, &rf); 5855 rf = (rf & ~0x18) | 0x10; 5856 run_rt3070_rf_write(sc, 30, rf); 5857 5858 if (sc->mac_ver != 0x5592) { 5859 run_write(sc, RT2860_TX_SW_CFG1, 0); 5860 if (sc->mac_rev < 0x0211) { 5861 run_write(sc, RT2860_TX_SW_CFG2, 5862 sc->patch_dac ? 0x2c : 0x0f); 5863 } else 5864 run_write(sc, RT2860_TX_SW_CFG2, 0); 5865 } 5866} 5867 5868static int 5869run_txrx_enable(struct run_softc *sc) 5870{ 5871 struct ieee80211com *ic = &sc->sc_ic; 5872 uint32_t tmp; 5873 int error, ntries; 5874 5875 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5876 for (ntries = 0; ntries < 200; ntries++) { 5877 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5878 return (error); 5879 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5880 break; 5881 run_delay(sc, 50); 5882 } 5883 if (ntries == 200) 5884 return (ETIMEDOUT); 5885 5886 run_delay(sc, 50); 5887 5888 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5889 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5890 5891 /* enable Rx bulk aggregation (set timeout and limit) */ 5892 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5893 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5894 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5895 5896 /* set Rx filter */ 5897 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5898 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5899 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5900 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5901 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5902 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5903 if (ic->ic_opmode == IEEE80211_M_STA) 5904 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5905 } 5906 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5907 5908 run_write(sc, RT2860_MAC_SYS_CTRL, 5909 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5910 5911 return (0); 5912} 5913 5914static void 5915run_adjust_freq_offset(struct run_softc *sc) 5916{ 5917 uint8_t rf, tmp; 5918 5919 run_rt3070_rf_read(sc, 17, &rf); 5920 tmp = rf; 5921 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5922 rf = MIN(rf, 0x5f); 5923 5924 if (tmp != rf) 5925 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5926} 5927 5928static void 5929run_init_locked(struct run_softc *sc) 5930{ 5931 struct ieee80211com *ic = &sc->sc_ic; 5932 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5933 uint32_t tmp; 5934 uint8_t bbp1, bbp3; 5935 int i; 5936 int ridx; 5937 int ntries; 5938 5939 if (ic->ic_nrunning > 1) 5940 return; 5941 5942 run_stop(sc); 5943 5944 if (run_load_microcode(sc) != 0) { 5945 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5946 goto fail; 5947 } 5948 5949 for (ntries = 0; ntries < 100; ntries++) { 5950 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5951 goto fail; 5952 if (tmp != 0 && tmp != 0xffffffff) 5953 break; 5954 run_delay(sc, 10); 5955 } 5956 if (ntries == 100) 5957 goto fail; 5958 5959 for (i = 0; i != RUN_EP_QUEUES; i++) 5960 run_setup_tx_list(sc, &sc->sc_epq[i]); 5961 5962 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5963 5964 for (ntries = 0; ntries < 100; ntries++) { 5965 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5966 goto fail; 5967 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5968 break; 5969 run_delay(sc, 10); 5970 } 5971 if (ntries == 100) { 5972 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5973 goto fail; 5974 } 5975 tmp &= 0xff0; 5976 tmp |= RT2860_TX_WB_DDONE; 5977 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5978 5979 /* turn off PME_OEN to solve high-current issue */ 5980 run_read(sc, RT2860_SYS_CTRL, &tmp); 5981 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5982 5983 run_write(sc, RT2860_MAC_SYS_CTRL, 5984 RT2860_BBP_HRST | RT2860_MAC_SRST); 5985 run_write(sc, RT2860_USB_DMA_CFG, 0); 5986 5987 if (run_reset(sc) != 0) { 5988 device_printf(sc->sc_dev, "could not reset chipset\n"); 5989 goto fail; 5990 } 5991 5992 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 5993 5994 /* init Tx power for all Tx rates (from EEPROM) */ 5995 for (ridx = 0; ridx < 5; ridx++) { 5996 if (sc->txpow20mhz[ridx] == 0xffffffff) 5997 continue; 5998 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 5999 } 6000 6001 for (i = 0; i < nitems(rt2870_def_mac); i++) 6002 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6003 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6004 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6005 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6006 6007 if (sc->mac_ver >= 0x5390) { 6008 run_write(sc, RT2860_TX_SW_CFG0, 6009 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6010 if (sc->mac_ver >= 0x5392) { 6011 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6012 if (sc->mac_ver == 0x5592) { 6013 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6014 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6015 } else { 6016 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6017 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6018 } 6019 } 6020 } else if (sc->mac_ver == 0x3593) { 6021 run_write(sc, RT2860_TX_SW_CFG0, 6022 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6023 } else if (sc->mac_ver >= 0x3070) { 6024 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6025 run_write(sc, RT2860_TX_SW_CFG0, 6026 4 << RT2860_DLY_PAPE_EN_SHIFT); 6027 } 6028 6029 /* wait while MAC is busy */ 6030 for (ntries = 0; ntries < 100; ntries++) { 6031 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6032 goto fail; 6033 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6034 break; 6035 run_delay(sc, 10); 6036 } 6037 if (ntries == 100) 6038 goto fail; 6039 6040 /* clear Host to MCU mailbox */ 6041 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6042 run_write(sc, RT2860_H2M_MAILBOX, 0); 6043 run_delay(sc, 10); 6044 6045 if (run_bbp_init(sc) != 0) { 6046 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6047 goto fail; 6048 } 6049 6050 /* abort TSF synchronization */ 6051 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6052 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6053 RT2860_TBTT_TIMER_EN); 6054 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6055 6056 /* clear RX WCID search table */ 6057 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6058 /* clear WCID attribute table */ 6059 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6060 6061 /* hostapd sets a key before init. So, don't clear it. */ 6062 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6063 /* clear shared key table */ 6064 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6065 /* clear shared key mode */ 6066 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6067 } 6068 6069 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6070 tmp = (tmp & ~0xff) | 0x1e; 6071 run_write(sc, RT2860_US_CYC_CNT, tmp); 6072 6073 if (sc->mac_rev != 0x0101) 6074 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6075 6076 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6077 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6078 6079 /* write vendor-specific BBP values (from EEPROM) */ 6080 if (sc->mac_ver < 0x3593) { 6081 for (i = 0; i < 10; i++) { 6082 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6083 continue; 6084 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6085 } 6086 } 6087 6088 /* select Main antenna for 1T1R devices */ 6089 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6090 run_set_rx_antenna(sc, 0); 6091 6092 /* send LEDs operating mode to microcontroller */ 6093 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6094 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6095 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6096 6097 if (sc->mac_ver >= 0x5390) 6098 run_rt5390_rf_init(sc); 6099 else if (sc->mac_ver == 0x3593) 6100 run_rt3593_rf_init(sc); 6101 else if (sc->mac_ver >= 0x3070) 6102 run_rt3070_rf_init(sc); 6103 6104 /* disable non-existing Rx chains */ 6105 run_bbp_read(sc, 3, &bbp3); 6106 bbp3 &= ~(1 << 3 | 1 << 4); 6107 if (sc->nrxchains == 2) 6108 bbp3 |= 1 << 3; 6109 else if (sc->nrxchains == 3) 6110 bbp3 |= 1 << 4; 6111 run_bbp_write(sc, 3, bbp3); 6112 6113 /* disable non-existing Tx chains */ 6114 run_bbp_read(sc, 1, &bbp1); 6115 if (sc->ntxchains == 1) 6116 bbp1 &= ~(1 << 3 | 1 << 4); 6117 run_bbp_write(sc, 1, bbp1); 6118 6119 if (sc->mac_ver >= 0x5390) 6120 run_rt5390_rf_setup(sc); 6121 else if (sc->mac_ver == 0x3593) 6122 run_rt3593_rf_setup(sc); 6123 else if (sc->mac_ver >= 0x3070) 6124 run_rt3070_rf_setup(sc); 6125 6126 /* select default channel */ 6127 run_set_chan(sc, ic->ic_curchan); 6128 6129 /* setup initial protection mode */ 6130 run_updateprot_cb(ic); 6131 6132 /* turn radio LED on */ 6133 run_set_leds(sc, RT2860_LED_RADIO); 6134 6135 sc->sc_flags |= RUN_RUNNING; 6136 sc->cmdq_run = RUN_CMDQ_GO; 6137 6138 for (i = 0; i != RUN_N_XFER; i++) 6139 usbd_xfer_set_stall(sc->sc_xfer[i]); 6140 6141 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6142 6143 if (run_txrx_enable(sc) != 0) 6144 goto fail; 6145 6146 return; 6147 6148fail: 6149 run_stop(sc); 6150} 6151 6152static void 6153run_stop(void *arg) 6154{ 6155 struct run_softc *sc = (struct run_softc *)arg; 6156 uint32_t tmp; 6157 int i; 6158 int ntries; 6159 6160 RUN_LOCK_ASSERT(sc, MA_OWNED); 6161 6162 if (sc->sc_flags & RUN_RUNNING) 6163 run_set_leds(sc, 0); /* turn all LEDs off */ 6164 6165 sc->sc_flags &= ~RUN_RUNNING; 6166 6167 sc->ratectl_run = RUN_RATECTL_OFF; 6168 sc->cmdq_run = sc->cmdq_key_set; 6169 6170 RUN_UNLOCK(sc); 6171 6172 for(i = 0; i < RUN_N_XFER; i++) 6173 usbd_transfer_drain(sc->sc_xfer[i]); 6174 6175 RUN_LOCK(sc); 6176 6177 run_drain_mbufq(sc); 6178 6179 if (sc->rx_m != NULL) { 6180 m_free(sc->rx_m); 6181 sc->rx_m = NULL; 6182 } 6183 6184 /* Disable Tx/Rx DMA. */ 6185 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6186 return; 6187 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6188 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6189 6190 for (ntries = 0; ntries < 100; ntries++) { 6191 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6192 return; 6193 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6194 break; 6195 run_delay(sc, 10); 6196 } 6197 if (ntries == 100) { 6198 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6199 return; 6200 } 6201 6202 /* disable Tx/Rx */ 6203 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6204 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6205 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6206 6207 /* wait for pending Tx to complete */ 6208 for (ntries = 0; ntries < 100; ntries++) { 6209 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6210 DPRINTF("Cannot read Tx queue count\n"); 6211 break; 6212 } 6213 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6214 DPRINTF("All Tx cleared\n"); 6215 break; 6216 } 6217 run_delay(sc, 10); 6218 } 6219 if (ntries >= 100) 6220 DPRINTF("There are still pending Tx\n"); 6221 run_delay(sc, 10); 6222 run_write(sc, RT2860_USB_DMA_CFG, 0); 6223 6224 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6225 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6226 6227 for (i = 0; i != RUN_EP_QUEUES; i++) 6228 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6229} 6230 6231static void 6232run_delay(struct run_softc *sc, u_int ms) 6233{ 6234 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6235 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6236} 6237 6238static device_method_t run_methods[] = { 6239 /* Device interface */ 6240 DEVMETHOD(device_probe, run_match), 6241 DEVMETHOD(device_attach, run_attach), 6242 DEVMETHOD(device_detach, run_detach), 6243 DEVMETHOD_END 6244}; 6245 6246static driver_t run_driver = { 6247 .name = "run", 6248 .methods = run_methods, 6249 .size = sizeof(struct run_softc) 6250}; 6251 6252static devclass_t run_devclass; 6253 6254DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6255MODULE_DEPEND(run, wlan, 1, 1, 1); 6256MODULE_DEPEND(run, usb, 1, 1, 1); 6257MODULE_DEPEND(run, firmware, 1, 1, 1); 6258MODULE_VERSION(run, 1); 6259USB_PNP_HOST_INFO(run_devs); 6260