1/*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/cdefs.h> 21__FBSDID("$FreeBSD$"); 22 23/*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28#include "opt_wlan.h" 29 30#include <sys/param.h> 31#include <sys/eventhandler.h> 32#include <sys/sockio.h> 33#include <sys/sysctl.h> 34#include <sys/lock.h> 35#include <sys/mutex.h> 36#include <sys/mbuf.h> 37#include <sys/kernel.h> 38#include <sys/socket.h> 39#include <sys/systm.h> 40#include <sys/malloc.h> 41#include <sys/module.h> 42#include <sys/bus.h> 43#include <sys/endian.h> 44#include <sys/linker.h> 45#include <sys/firmware.h> 46#include <sys/kdb.h> 47 48#include <net/bpf.h> 49#include <net/if.h> 50#include <net/if_var.h> 51#include <net/if_arp.h> 52#include <net/ethernet.h> 53#include <net/if_dl.h> 54#include <net/if_media.h> 55#include <net/if_types.h> 56 57#include <netinet/in.h> 58#include <netinet/in_systm.h> 59#include <netinet/in_var.h> 60#include <netinet/if_ether.h> 61#include <netinet/ip.h> 62 63#include <net80211/ieee80211_var.h> 64#include <net80211/ieee80211_regdomain.h> 65#include <net80211/ieee80211_radiotap.h> 66#include <net80211/ieee80211_ratectl.h> 67#ifdef IEEE80211_SUPPORT_SUPERG 68#include <net80211/ieee80211_superg.h> 69#endif 70 71#include <dev/usb/usb.h> 72#include <dev/usb/usbdi.h> 73#include "usbdevs.h" 74 75#define USB_DEBUG_VAR run_debug 76#include <dev/usb/usb_debug.h> 77//#include <dev/usb/usb_msctest.h> 78 79#include <dev/usb/wlan/if_runreg.h> 80#include <dev/usb/wlan/if_runvar.h> 81 82#ifdef USB_DEBUG 83#define RUN_DEBUG 84#endif 85 86#ifdef RUN_DEBUG 87int run_debug = 0; 88static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 89 "USB run"); 90SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 91 "run debug level"); 92 93enum { 94 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 95 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 96 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 97 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 98 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 99 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 100 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 101 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 102 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 103 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 104 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 105 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 106 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 107 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 108 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 109 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 110 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 111 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 112 RUN_DEBUG_ANY = 0xffffffff 113}; 114 115#define RUN_DPRINTF(_sc, _m, ...) do { \ 116 if (run_debug & (_m)) \ 117 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 118} while(0) 119#else 120#define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 121#endif 122 123#define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 124 125/* 126 * Because of LOR in run_key_delete(), use atomic instead. 127 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 128 */ 129#define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 130 131static const STRUCT_USB_HOST_ID run_devs[] = { 132#define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 133#define RUN_DEV_EJECT(v,p) \ 134 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 135#define RUN_EJECT 1 136 RUN_DEV(ABOCOM, RT2770), 137 RUN_DEV(ABOCOM, RT2870), 138 RUN_DEV(ABOCOM, RT3070), 139 RUN_DEV(ABOCOM, RT3071), 140 RUN_DEV(ABOCOM, RT3072), 141 RUN_DEV(ABOCOM2, RT2870_1), 142 RUN_DEV(ACCTON, RT2770), 143 RUN_DEV(ACCTON, RT2870_1), 144 RUN_DEV(ACCTON, RT2870_2), 145 RUN_DEV(ACCTON, RT2870_3), 146 RUN_DEV(ACCTON, RT2870_4), 147 RUN_DEV(ACCTON, RT2870_5), 148 RUN_DEV(ACCTON, RT3070), 149 RUN_DEV(ACCTON, RT3070_1), 150 RUN_DEV(ACCTON, RT3070_2), 151 RUN_DEV(ACCTON, RT3070_3), 152 RUN_DEV(ACCTON, RT3070_4), 153 RUN_DEV(ACCTON, RT3070_5), 154 RUN_DEV(AIRTIES, RT3070), 155 RUN_DEV(ALLWIN, RT2070), 156 RUN_DEV(ALLWIN, RT2770), 157 RUN_DEV(ALLWIN, RT2870), 158 RUN_DEV(ALLWIN, RT3070), 159 RUN_DEV(ALLWIN, RT3071), 160 RUN_DEV(ALLWIN, RT3072), 161 RUN_DEV(ALLWIN, RT3572), 162 RUN_DEV(AMIGO, RT2870_1), 163 RUN_DEV(AMIGO, RT2870_2), 164 RUN_DEV(AMIT, CGWLUSB2GNR), 165 RUN_DEV(AMIT, RT2870_1), 166 RUN_DEV(AMIT2, RT2870), 167 RUN_DEV(ASUS, RT2870_1), 168 RUN_DEV(ASUS, RT2870_2), 169 RUN_DEV(ASUS, RT2870_3), 170 RUN_DEV(ASUS, RT2870_4), 171 RUN_DEV(ASUS, RT2870_5), 172 RUN_DEV(ASUS, USBN13), 173 RUN_DEV(ASUS, RT3070_1), 174 RUN_DEV(ASUS, USBN66), 175 RUN_DEV(ASUS, USB_N53), 176 RUN_DEV(ASUS, USBN14), 177 RUN_DEV(ASUS2, USBN11), 178 RUN_DEV(AZUREWAVE, RT2870_1), 179 RUN_DEV(AZUREWAVE, RT2870_2), 180 RUN_DEV(AZUREWAVE, RT3070_1), 181 RUN_DEV(AZUREWAVE, RT3070_2), 182 RUN_DEV(AZUREWAVE, RT3070_3), 183 RUN_DEV(BELKIN, F9L1103), 184 RUN_DEV(BELKIN, F5D8053V3), 185 RUN_DEV(BELKIN, F5D8055), 186 RUN_DEV(BELKIN, F5D8055V2), 187 RUN_DEV(BELKIN, F6D4050V1), 188 RUN_DEV(BELKIN, F6D4050V2), 189 RUN_DEV(BELKIN, RT2870_1), 190 RUN_DEV(BELKIN, RT2870_2), 191 RUN_DEV(CISCOLINKSYS, AE1000), 192 RUN_DEV(CISCOLINKSYS2, RT3070), 193 RUN_DEV(CISCOLINKSYS3, RT3070), 194 RUN_DEV(CONCEPTRONIC2, RT2870_1), 195 RUN_DEV(CONCEPTRONIC2, RT2870_2), 196 RUN_DEV(CONCEPTRONIC2, RT2870_3), 197 RUN_DEV(CONCEPTRONIC2, RT2870_4), 198 RUN_DEV(CONCEPTRONIC2, RT2870_5), 199 RUN_DEV(CONCEPTRONIC2, RT2870_6), 200 RUN_DEV(CONCEPTRONIC2, RT2870_7), 201 RUN_DEV(CONCEPTRONIC2, RT2870_8), 202 RUN_DEV(CONCEPTRONIC2, RT3070_1), 203 RUN_DEV(CONCEPTRONIC2, RT3070_2), 204 RUN_DEV(CONCEPTRONIC2, VIGORN61), 205 RUN_DEV(COREGA, CGWLUSB300GNM), 206 RUN_DEV(COREGA, RT2870_1), 207 RUN_DEV(COREGA, RT2870_2), 208 RUN_DEV(COREGA, RT2870_3), 209 RUN_DEV(COREGA, RT3070), 210 RUN_DEV(CYBERTAN, RT2870), 211 RUN_DEV(DLINK, RT2870), 212 RUN_DEV(DLINK, RT3072), 213 RUN_DEV(DLINK, DWA125A3), 214 RUN_DEV(DLINK, DWA127), 215 RUN_DEV(DLINK, DWA140B3), 216 RUN_DEV(DLINK, DWA160B2), 217 RUN_DEV(DLINK, DWA140D1), 218 RUN_DEV(DLINK, DWA130F1), 219 RUN_DEV(DLINK, DWA162), 220 RUN_DEV(DLINK2, DWA130), 221 RUN_DEV(DLINK2, RT2870_1), 222 RUN_DEV(DLINK2, RT2870_2), 223 RUN_DEV(DLINK2, RT3070_1), 224 RUN_DEV(DLINK2, RT3070_2), 225 RUN_DEV(DLINK2, RT3070_3), 226 RUN_DEV(DLINK2, RT3070_4), 227 RUN_DEV(DLINK2, RT3070_5), 228 RUN_DEV(DLINK2, RT3072), 229 RUN_DEV(DLINK2, RT3072_1), 230 RUN_DEV(EDIMAX, EW7717), 231 RUN_DEV(EDIMAX, EW7718), 232 RUN_DEV(EDIMAX, EW7733UND), 233 RUN_DEV(EDIMAX, RT2870_1), 234 RUN_DEV(ENCORE, RT3070_1), 235 RUN_DEV(ENCORE, RT3070_2), 236 RUN_DEV(ENCORE, RT3070_3), 237 RUN_DEV(GIGABYTE, GNWB31N), 238 RUN_DEV(GIGABYTE, GNWB32L), 239 RUN_DEV(GIGABYTE, RT2870_1), 240 RUN_DEV(GIGASET, RT3070_1), 241 RUN_DEV(GIGASET, RT3070_2), 242 RUN_DEV(GUILLEMOT, HWNU300), 243 RUN_DEV(HAWKING, HWUN2), 244 RUN_DEV(HAWKING, RT2870_1), 245 RUN_DEV(HAWKING, RT2870_2), 246 RUN_DEV(HAWKING, RT3070), 247 RUN_DEV(IODATA, RT3072_1), 248 RUN_DEV(IODATA, RT3072_2), 249 RUN_DEV(IODATA, RT3072_3), 250 RUN_DEV(IODATA, RT3072_4), 251 RUN_DEV(LINKSYS4, RT3070), 252 RUN_DEV(LINKSYS4, WUSB100), 253 RUN_DEV(LINKSYS4, WUSB54GCV3), 254 RUN_DEV(LINKSYS4, WUSB600N), 255 RUN_DEV(LINKSYS4, WUSB600NV2), 256 RUN_DEV(LOGITEC, RT2870_1), 257 RUN_DEV(LOGITEC, RT2870_2), 258 RUN_DEV(LOGITEC, RT2870_3), 259 RUN_DEV(LOGITEC, LANW300NU2), 260 RUN_DEV(LOGITEC, LANW150NU2), 261 RUN_DEV(LOGITEC, LANW300NU2S), 262 RUN_DEV(MELCO, WLIUCG300HP), 263 RUN_DEV(MELCO, RT2870_2), 264 RUN_DEV(MELCO, WLIUCAG300N), 265 RUN_DEV(MELCO, WLIUCG300N), 266 RUN_DEV(MELCO, WLIUCG301N), 267 RUN_DEV(MELCO, WLIUCGN), 268 RUN_DEV(MELCO, WLIUCGNM), 269 RUN_DEV(MELCO, WLIUCG300HPV1), 270 RUN_DEV(MELCO, WLIUCGNM2), 271 RUN_DEV(MOTOROLA4, RT2770), 272 RUN_DEV(MOTOROLA4, RT3070), 273 RUN_DEV(MSI, RT3070_1), 274 RUN_DEV(MSI, RT3070_2), 275 RUN_DEV(MSI, RT3070_3), 276 RUN_DEV(MSI, RT3070_4), 277 RUN_DEV(MSI, RT3070_5), 278 RUN_DEV(MSI, RT3070_6), 279 RUN_DEV(MSI, RT3070_7), 280 RUN_DEV(MSI, RT3070_8), 281 RUN_DEV(MSI, RT3070_9), 282 RUN_DEV(MSI, RT3070_10), 283 RUN_DEV(MSI, RT3070_11), 284 RUN_DEV(NETGEAR, WNDA4100), 285 RUN_DEV(OVISLINK, RT3072), 286 RUN_DEV(PARA, RT3070), 287 RUN_DEV(PEGATRON, RT2870), 288 RUN_DEV(PEGATRON, RT3070), 289 RUN_DEV(PEGATRON, RT3070_2), 290 RUN_DEV(PEGATRON, RT3070_3), 291 RUN_DEV(PHILIPS, RT2870), 292 RUN_DEV(PLANEX2, GWUS300MINIS), 293 RUN_DEV(PLANEX2, GWUSMICRON), 294 RUN_DEV(PLANEX2, RT2870), 295 RUN_DEV(PLANEX2, RT3070), 296 RUN_DEV(QCOM, RT2870), 297 RUN_DEV(QUANTA, RT3070), 298 RUN_DEV(RALINK, RT2070), 299 RUN_DEV(RALINK, RT2770), 300 RUN_DEV(RALINK, RT2870), 301 RUN_DEV(RALINK, RT3070), 302 RUN_DEV(RALINK, RT3071), 303 RUN_DEV(RALINK, RT3072), 304 RUN_DEV(RALINK, RT3370), 305 RUN_DEV(RALINK, RT3572), 306 RUN_DEV(RALINK, RT3573), 307 RUN_DEV(RALINK, RT5370), 308 RUN_DEV(RALINK, RT5372), 309 RUN_DEV(RALINK, RT5572), 310 RUN_DEV(RALINK, RT8070), 311 RUN_DEV(SAMSUNG, WIS09ABGN), 312 RUN_DEV(SAMSUNG2, RT2870_1), 313 RUN_DEV(SENAO, RT2870_1), 314 RUN_DEV(SENAO, RT2870_2), 315 RUN_DEV(SENAO, RT2870_3), 316 RUN_DEV(SENAO, RT2870_4), 317 RUN_DEV(SENAO, RT3070), 318 RUN_DEV(SENAO, RT3071), 319 RUN_DEV(SENAO, RT3072_1), 320 RUN_DEV(SENAO, RT3072_2), 321 RUN_DEV(SENAO, RT3072_3), 322 RUN_DEV(SENAO, RT3072_4), 323 RUN_DEV(SENAO, RT3072_5), 324 RUN_DEV(SITECOMEU, RT2770), 325 RUN_DEV(SITECOMEU, RT2870_1), 326 RUN_DEV(SITECOMEU, RT2870_2), 327 RUN_DEV(SITECOMEU, RT2870_3), 328 RUN_DEV(SITECOMEU, RT2870_4), 329 RUN_DEV(SITECOMEU, RT3070), 330 RUN_DEV(SITECOMEU, RT3070_2), 331 RUN_DEV(SITECOMEU, RT3070_3), 332 RUN_DEV(SITECOMEU, RT3070_4), 333 RUN_DEV(SITECOMEU, RT3071), 334 RUN_DEV(SITECOMEU, RT3072_1), 335 RUN_DEV(SITECOMEU, RT3072_2), 336 RUN_DEV(SITECOMEU, RT3072_3), 337 RUN_DEV(SITECOMEU, RT3072_4), 338 RUN_DEV(SITECOMEU, RT3072_5), 339 RUN_DEV(SITECOMEU, RT3072_6), 340 RUN_DEV(SITECOMEU, WL608), 341 RUN_DEV(SPARKLAN, RT2870_1), 342 RUN_DEV(SPARKLAN, RT3070), 343 RUN_DEV(SWEEX2, LW153), 344 RUN_DEV(SWEEX2, LW303), 345 RUN_DEV(SWEEX2, LW313), 346 RUN_DEV(TOSHIBA, RT3070), 347 RUN_DEV(UMEDIA, RT2870_1), 348 RUN_DEV(ZCOM, RT2870_1), 349 RUN_DEV(ZCOM, RT2870_2), 350 RUN_DEV(ZINWELL, RT2870_1), 351 RUN_DEV(ZINWELL, RT2870_2), 352 RUN_DEV(ZINWELL, RT3070), 353 RUN_DEV(ZINWELL, RT3072_1), 354 RUN_DEV(ZINWELL, RT3072_2), 355 RUN_DEV(ZYXEL, RT2870_1), 356 RUN_DEV(ZYXEL, RT2870_2), 357 RUN_DEV(ZYXEL, RT3070), 358 RUN_DEV_EJECT(ZYXEL, NWD2705), 359 RUN_DEV_EJECT(RALINK, RT_STOR), 360#undef RUN_DEV_EJECT 361#undef RUN_DEV 362}; 363 364static device_probe_t run_match; 365static device_attach_t run_attach; 366static device_detach_t run_detach; 367 368static usb_callback_t run_bulk_rx_callback; 369static usb_callback_t run_bulk_tx_callback0; 370static usb_callback_t run_bulk_tx_callback1; 371static usb_callback_t run_bulk_tx_callback2; 372static usb_callback_t run_bulk_tx_callback3; 373static usb_callback_t run_bulk_tx_callback4; 374static usb_callback_t run_bulk_tx_callback5; 375 376static void run_autoinst(void *, struct usb_device *, 377 struct usb_attach_arg *); 378static int run_driver_loaded(struct module *, int, void *); 379static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 380 usb_error_t error, u_int index); 381static struct ieee80211vap *run_vap_create(struct ieee80211com *, 382 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 383 const uint8_t [IEEE80211_ADDR_LEN], 384 const uint8_t [IEEE80211_ADDR_LEN]); 385static void run_vap_delete(struct ieee80211vap *); 386static void run_cmdq_cb(void *, int); 387static void run_setup_tx_list(struct run_softc *, 388 struct run_endpoint_queue *); 389static void run_unsetup_tx_list(struct run_softc *, 390 struct run_endpoint_queue *); 391static int run_load_microcode(struct run_softc *); 392static int run_reset(struct run_softc *); 393static usb_error_t run_do_request(struct run_softc *, 394 struct usb_device_request *, void *); 395static int run_read(struct run_softc *, uint16_t, uint32_t *); 396static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 397static int run_write_2(struct run_softc *, uint16_t, uint16_t); 398static int run_write(struct run_softc *, uint16_t, uint32_t); 399static int run_write_region_1(struct run_softc *, uint16_t, 400 const uint8_t *, int); 401static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 402static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 403static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 404static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 405static int run_rt2870_rf_write(struct run_softc *, uint32_t); 406static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 407static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 408static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 409static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 410static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 411static const char *run_get_rf(uint16_t); 412static void run_rt3593_get_txpower(struct run_softc *); 413static void run_get_txpower(struct run_softc *); 414static int run_read_eeprom(struct run_softc *); 415static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 416 const uint8_t mac[IEEE80211_ADDR_LEN]); 417static int run_media_change(struct ifnet *); 418static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 419static int run_wme_update(struct ieee80211com *); 420static void run_key_set_cb(void *); 421static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 422static void run_key_delete_cb(void *); 423static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 424static void run_ratectl_to(void *); 425static void run_ratectl_cb(void *, int); 426static void run_drain_fifo(void *); 427static void run_iter_func(void *, struct ieee80211_node *); 428static void run_newassoc_cb(void *); 429static void run_newassoc(struct ieee80211_node *, int); 430static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 431 const struct ieee80211_rx_stats *, int, int); 432static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 433static void run_tx_free(struct run_endpoint_queue *pq, 434 struct run_tx_data *, int); 435static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 436static int run_tx(struct run_softc *, struct mbuf *, 437 struct ieee80211_node *); 438static int run_tx_mgt(struct run_softc *, struct mbuf *, 439 struct ieee80211_node *); 440static int run_sendprot(struct run_softc *, const struct mbuf *, 441 struct ieee80211_node *, int, int); 442static int run_tx_param(struct run_softc *, struct mbuf *, 443 struct ieee80211_node *, 444 const struct ieee80211_bpf_params *); 445static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 446 const struct ieee80211_bpf_params *); 447static int run_transmit(struct ieee80211com *, struct mbuf *); 448static void run_start(struct run_softc *); 449static void run_parent(struct ieee80211com *); 450static void run_iq_calib(struct run_softc *, u_int); 451static void run_set_agc(struct run_softc *, uint8_t); 452static void run_select_chan_group(struct run_softc *, int); 453static void run_set_rx_antenna(struct run_softc *, int); 454static void run_rt2870_set_chan(struct run_softc *, u_int); 455static void run_rt3070_set_chan(struct run_softc *, u_int); 456static void run_rt3572_set_chan(struct run_softc *, u_int); 457static void run_rt3593_set_chan(struct run_softc *, u_int); 458static void run_rt5390_set_chan(struct run_softc *, u_int); 459static void run_rt5592_set_chan(struct run_softc *, u_int); 460static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 461static void run_set_channel(struct ieee80211com *); 462static void run_getradiocaps(struct ieee80211com *, int, int *, 463 struct ieee80211_channel[]); 464static void run_scan_start(struct ieee80211com *); 465static void run_scan_end(struct ieee80211com *); 466static void run_update_beacon(struct ieee80211vap *, int); 467static void run_update_beacon_cb(void *); 468static void run_updateprot(struct ieee80211com *); 469static void run_updateprot_cb(void *); 470static void run_usb_timeout_cb(void *); 471static void run_reset_livelock(struct run_softc *); 472static void run_enable_tsf_sync(struct run_softc *); 473static void run_enable_tsf(struct run_softc *); 474static void run_disable_tsf(struct run_softc *); 475static void run_get_tsf(struct run_softc *, uint64_t *); 476static void run_enable_mrr(struct run_softc *); 477static void run_set_txpreamble(struct run_softc *); 478static void run_set_basicrates(struct run_softc *); 479static void run_set_leds(struct run_softc *, uint16_t); 480static void run_set_bssid(struct run_softc *, const uint8_t *); 481static void run_set_macaddr(struct run_softc *, const uint8_t *); 482static void run_updateslot(struct ieee80211com *); 483static void run_updateslot_cb(void *); 484static void run_update_mcast(struct ieee80211com *); 485static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 486static void run_update_promisc_locked(struct run_softc *); 487static void run_update_promisc(struct ieee80211com *); 488static void run_rt5390_bbp_init(struct run_softc *); 489static int run_bbp_init(struct run_softc *); 490static int run_rt3070_rf_init(struct run_softc *); 491static void run_rt3593_rf_init(struct run_softc *); 492static void run_rt5390_rf_init(struct run_softc *); 493static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 494 uint8_t *); 495static void run_rt3070_rf_setup(struct run_softc *); 496static void run_rt3593_rf_setup(struct run_softc *); 497static void run_rt5390_rf_setup(struct run_softc *); 498static int run_txrx_enable(struct run_softc *); 499static void run_adjust_freq_offset(struct run_softc *); 500static void run_init_locked(struct run_softc *); 501static void run_stop(void *); 502static void run_delay(struct run_softc *, u_int); 503static void run_update_chw(struct ieee80211com *ic); 504static int run_ampdu_enable(struct ieee80211_node *ni, 505 struct ieee80211_tx_ampdu *tap); 506 507static eventhandler_tag run_etag; 508 509static const struct rt2860_rate { 510 uint8_t rate; 511 uint8_t mcs; 512 enum ieee80211_phytype phy; 513 uint8_t ctl_ridx; 514 uint16_t sp_ack_dur; 515 uint16_t lp_ack_dur; 516} rt2860_rates[] = { 517 /* CCK rates (11b) */ 518 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 519 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 520 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 521 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 522 523 /* OFDM rates (11a / 11g) */ 524 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 525 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 526 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 527 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 528 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 529 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 530 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 531 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }, 532 533 /* MCS - single stream */ 534 { 0x80, 0, IEEE80211_T_HT, 4, 60, 60 }, 535 { 0x81, 1, IEEE80211_T_HT, 4, 60, 60 }, 536 { 0x82, 2, IEEE80211_T_HT, 4, 60, 60 }, 537 { 0x83, 3, IEEE80211_T_HT, 4, 60, 60 }, 538 { 0x84, 4, IEEE80211_T_HT, 4, 60, 60 }, 539 { 0x85, 5, IEEE80211_T_HT, 4, 60, 60 }, 540 { 0x86, 6, IEEE80211_T_HT, 4, 60, 60 }, 541 { 0x87, 7, IEEE80211_T_HT, 4, 60, 60 }, 542 543 /* MCS - 2 streams */ 544 { 0x88, 8, IEEE80211_T_HT, 4, 60, 60 }, 545 { 0x89, 9, IEEE80211_T_HT, 4, 60, 60 }, 546 { 0x8a, 10, IEEE80211_T_HT, 4, 60, 60 }, 547 { 0x8b, 11, IEEE80211_T_HT, 4, 60, 60 }, 548 { 0x8c, 12, IEEE80211_T_HT, 4, 60, 60 }, 549 { 0x8d, 13, IEEE80211_T_HT, 4, 60, 60 }, 550 { 0x8e, 14, IEEE80211_T_HT, 4, 60, 60 }, 551 { 0x8f, 15, IEEE80211_T_HT, 4, 60, 60 }, 552 553 /* MCS - 3 streams */ 554 { 0x90, 16, IEEE80211_T_HT, 4, 60, 60 }, 555 { 0x91, 17, IEEE80211_T_HT, 4, 60, 60 }, 556 { 0x92, 18, IEEE80211_T_HT, 4, 60, 60 }, 557 { 0x93, 19, IEEE80211_T_HT, 4, 60, 60 }, 558 { 0x94, 20, IEEE80211_T_HT, 4, 60, 60 }, 559 { 0x95, 21, IEEE80211_T_HT, 4, 60, 60 }, 560 { 0x96, 22, IEEE80211_T_HT, 4, 60, 60 }, 561 { 0x97, 23, IEEE80211_T_HT, 4, 60, 60 }, 562}; 563 564/* These are indexes into the above rt2860_rates[] array */ 565#define RT2860_RIDX_CCK1 0 566#define RT2860_RIDX_CCK11 3 567#define RT2860_RIDX_OFDM6 4 568#define RT2860_RIDX_MCS0 12 569#define RT2860_RIDX_MAX 36 570 571static const struct { 572 uint16_t reg; 573 uint32_t val; 574} rt2870_def_mac[] = { 575 RT2870_DEF_MAC 576}; 577 578static const struct { 579 uint8_t reg; 580 uint8_t val; 581} rt2860_def_bbp[] = { 582 RT2860_DEF_BBP 583},rt5390_def_bbp[] = { 584 RT5390_DEF_BBP 585},rt5592_def_bbp[] = { 586 RT5592_DEF_BBP 587}; 588 589/* 590 * Default values for BBP register R196 for RT5592. 591 */ 592static const uint8_t rt5592_bbp_r196[] = { 593 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 594 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 595 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 596 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 597 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 598 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 599 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 600 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 601 0x2e, 0x36, 0x30, 0x6e 602}; 603 604static const struct rfprog { 605 uint8_t chan; 606 uint32_t r1, r2, r3, r4; 607} rt2860_rf2850[] = { 608 RT2860_RF2850 609}; 610 611struct { 612 uint8_t n, r, k; 613} rt3070_freqs[] = { 614 RT3070_RF3052 615}; 616 617static const struct rt5592_freqs { 618 uint16_t n; 619 uint8_t k, m, r; 620} rt5592_freqs_20mhz[] = { 621 RT5592_RF5592_20MHZ 622},rt5592_freqs_40mhz[] = { 623 RT5592_RF5592_40MHZ 624}; 625 626static const struct { 627 uint8_t reg; 628 uint8_t val; 629} rt3070_def_rf[] = { 630 RT3070_DEF_RF 631},rt3572_def_rf[] = { 632 RT3572_DEF_RF 633},rt3593_def_rf[] = { 634 RT3593_DEF_RF 635},rt5390_def_rf[] = { 636 RT5390_DEF_RF 637},rt5392_def_rf[] = { 638 RT5392_DEF_RF 639},rt5592_def_rf[] = { 640 RT5592_DEF_RF 641},rt5592_2ghz_def_rf[] = { 642 RT5592_2GHZ_DEF_RF 643},rt5592_5ghz_def_rf[] = { 644 RT5592_5GHZ_DEF_RF 645}; 646 647static const struct { 648 u_int firstchan; 649 u_int lastchan; 650 uint8_t reg; 651 uint8_t val; 652} rt5592_chan_5ghz[] = { 653 RT5592_CHAN_5GHZ 654}; 655 656static const struct usb_config run_config[RUN_N_XFER] = { 657 [RUN_BULK_TX_BE] = { 658 .type = UE_BULK, 659 .endpoint = UE_ADDR_ANY, 660 .ep_index = 0, 661 .direction = UE_DIR_OUT, 662 .bufsize = RUN_MAX_TXSZ, 663 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 664 .callback = run_bulk_tx_callback0, 665 .timeout = 5000, /* ms */ 666 }, 667 [RUN_BULK_TX_BK] = { 668 .type = UE_BULK, 669 .endpoint = UE_ADDR_ANY, 670 .direction = UE_DIR_OUT, 671 .ep_index = 1, 672 .bufsize = RUN_MAX_TXSZ, 673 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 674 .callback = run_bulk_tx_callback1, 675 .timeout = 5000, /* ms */ 676 }, 677 [RUN_BULK_TX_VI] = { 678 .type = UE_BULK, 679 .endpoint = UE_ADDR_ANY, 680 .direction = UE_DIR_OUT, 681 .ep_index = 2, 682 .bufsize = RUN_MAX_TXSZ, 683 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 684 .callback = run_bulk_tx_callback2, 685 .timeout = 5000, /* ms */ 686 }, 687 [RUN_BULK_TX_VO] = { 688 .type = UE_BULK, 689 .endpoint = UE_ADDR_ANY, 690 .direction = UE_DIR_OUT, 691 .ep_index = 3, 692 .bufsize = RUN_MAX_TXSZ, 693 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 694 .callback = run_bulk_tx_callback3, 695 .timeout = 5000, /* ms */ 696 }, 697 [RUN_BULK_TX_HCCA] = { 698 .type = UE_BULK, 699 .endpoint = UE_ADDR_ANY, 700 .direction = UE_DIR_OUT, 701 .ep_index = 4, 702 .bufsize = RUN_MAX_TXSZ, 703 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 704 .callback = run_bulk_tx_callback4, 705 .timeout = 5000, /* ms */ 706 }, 707 [RUN_BULK_TX_PRIO] = { 708 .type = UE_BULK, 709 .endpoint = UE_ADDR_ANY, 710 .direction = UE_DIR_OUT, 711 .ep_index = 5, 712 .bufsize = RUN_MAX_TXSZ, 713 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 714 .callback = run_bulk_tx_callback5, 715 .timeout = 5000, /* ms */ 716 }, 717 [RUN_BULK_RX] = { 718 .type = UE_BULK, 719 .endpoint = UE_ADDR_ANY, 720 .direction = UE_DIR_IN, 721 .bufsize = RUN_MAX_RXSZ, 722 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 723 .callback = run_bulk_rx_callback, 724 } 725}; 726 727static void 728run_autoinst(void *arg, struct usb_device *udev, 729 struct usb_attach_arg *uaa) 730{ 731#ifndef __HAIKU__ 732 struct usb_interface *iface; 733 struct usb_interface_descriptor *id; 734 735 if (uaa->dev_state != UAA_DEV_READY) 736 return; 737 738 iface = usbd_get_iface(udev, 0); 739 if (iface == NULL) 740 return; 741 id = iface->idesc; 742 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 743 return; 744 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 745 return; 746 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 747 uaa->dev_state = UAA_DEV_EJECTING; 748#endif 749} 750 751static int 752run_driver_loaded(struct module *mod, int what, void *arg) 753{ 754 switch (what) { 755 case MOD_LOAD: 756 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 757 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 758 break; 759 case MOD_UNLOAD: 760 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 761 break; 762 default: 763 return (EOPNOTSUPP); 764 } 765 return (0); 766} 767 768static int 769run_match(device_t self) 770{ 771 struct usb_attach_arg *uaa = device_get_ivars(self); 772 773 if (uaa->usb_mode != USB_MODE_HOST) 774 return (ENXIO); 775 if (uaa->info.bConfigIndex != 0) 776 return (ENXIO); 777 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 778 return (ENXIO); 779 780 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 781} 782 783static int 784run_attach(device_t self) 785{ 786 struct run_softc *sc = device_get_softc(self); 787 struct usb_attach_arg *uaa = device_get_ivars(self); 788 struct ieee80211com *ic = &sc->sc_ic; 789 uint32_t ver; 790 uint8_t iface_index; 791 int ntries, error; 792 793 device_set_usb_desc(self); 794 sc->sc_udev = uaa->device; 795 sc->sc_dev = self; 796 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 797 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 798 799 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 800 MTX_NETWORK_LOCK, MTX_DEF); 801 mbufq_init(&sc->sc_snd, ifqmaxlen); 802 803 iface_index = RT2860_IFACE_INDEX; 804 805 error = usbd_transfer_setup(uaa->device, &iface_index, 806 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 807 if (error) { 808 device_printf(self, "could not allocate USB transfers, " 809 "err=%s\n", usbd_errstr(error)); 810 goto detach; 811 } 812 813 RUN_LOCK(sc); 814 815 /* wait for the chip to settle */ 816 for (ntries = 0; ntries < 100; ntries++) { 817 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 818 RUN_UNLOCK(sc); 819 goto detach; 820 } 821 if (ver != 0 && ver != 0xffffffff) 822 break; 823 run_delay(sc, 10); 824 } 825 if (ntries == 100) { 826 device_printf(sc->sc_dev, 827 "timeout waiting for NIC to initialize\n"); 828 RUN_UNLOCK(sc); 829 goto detach; 830 } 831 sc->mac_ver = ver >> 16; 832 sc->mac_rev = ver & 0xffff; 833 834 /* retrieve RF rev. no and various other things from EEPROM */ 835 run_read_eeprom(sc); 836 837 device_printf(sc->sc_dev, 838 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 839 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 840 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 841 842 RUN_UNLOCK(sc); 843 844 ic->ic_softc = sc; 845 ic->ic_name = device_get_nameunit(self); 846 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 847 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 848 849 /* set device capabilities */ 850 ic->ic_caps = 851 IEEE80211_C_STA | /* station mode supported */ 852 IEEE80211_C_MONITOR | /* monitor mode supported */ 853 IEEE80211_C_IBSS | 854 IEEE80211_C_HOSTAP | 855 IEEE80211_C_WDS | /* 4-address traffic works */ 856 IEEE80211_C_MBSS | 857 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 858 IEEE80211_C_SHSLOT | /* short slot time supported */ 859 IEEE80211_C_SWAMSDUTX | /* Do software A-MSDU TX */ 860 IEEE80211_C_FF | /* Atheros fast-frames */ 861 IEEE80211_C_WME | /* WME */ 862 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 863 864 /* 865 * RF2020 is not an 11n device. 866 */ 867 if (sc->rf_rev != RT3070_RF_2020) { 868 device_printf(sc->sc_dev, "[HT] Enabling 802.11n\n"); 869 ic->ic_htcaps = 870 IEEE80211_HTC_HT | 871 IEEE80211_HTC_AMPDU | 872 IEEE80211_HTC_AMSDU | 873 IEEE80211_HTCAP_MAXAMSDU_3839 | 874 IEEE80211_HTCAP_SMPS_OFF; 875 876 ic->ic_rxstream = sc->nrxchains; 877 ic->ic_txstream = sc->ntxchains; 878 } 879 880 ic->ic_cryptocaps = 881 IEEE80211_CRYPTO_WEP | 882 IEEE80211_CRYPTO_AES_CCM | 883 IEEE80211_CRYPTO_TKIPMIC | 884 IEEE80211_CRYPTO_TKIP; 885 886 ic->ic_flags |= IEEE80211_F_DATAPAD; 887 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 888 889 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 890 ic->ic_channels); 891 892 ieee80211_ifattach(ic); 893 894 ic->ic_scan_start = run_scan_start; 895 ic->ic_scan_end = run_scan_end; 896 ic->ic_set_channel = run_set_channel; 897 ic->ic_getradiocaps = run_getradiocaps; 898 ic->ic_node_alloc = run_node_alloc; 899 ic->ic_newassoc = run_newassoc; 900 ic->ic_updateslot = run_updateslot; 901 ic->ic_update_mcast = run_update_mcast; 902 ic->ic_wme.wme_update = run_wme_update; 903 ic->ic_raw_xmit = run_raw_xmit; 904 ic->ic_update_promisc = run_update_promisc; 905 ic->ic_vap_create = run_vap_create; 906 ic->ic_vap_delete = run_vap_delete; 907 ic->ic_transmit = run_transmit; 908 ic->ic_parent = run_parent; 909 ic->ic_update_chw = run_update_chw; 910 ic->ic_ampdu_enable = run_ampdu_enable; 911 912 ieee80211_radiotap_attach(ic, 913 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 914 RUN_TX_RADIOTAP_PRESENT, 915 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 916 RUN_RX_RADIOTAP_PRESENT); 917 918 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 919 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 920 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 921 922 if (bootverbose) 923 ieee80211_announce(ic); 924 925 return (0); 926 927detach: 928 run_detach(self); 929 return (ENXIO); 930} 931 932static void 933run_drain_mbufq(struct run_softc *sc) 934{ 935 struct mbuf *m; 936 struct ieee80211_node *ni; 937 938 RUN_LOCK_ASSERT(sc, MA_OWNED); 939 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 940 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 941 m->m_pkthdr.rcvif = NULL; 942 ieee80211_free_node(ni); 943 m_freem(m); 944 } 945} 946 947static int 948run_detach(device_t self) 949{ 950 struct run_softc *sc = device_get_softc(self); 951 struct ieee80211com *ic = &sc->sc_ic; 952 int i; 953 954 RUN_LOCK(sc); 955 sc->sc_detached = 1; 956 RUN_UNLOCK(sc); 957 958 /* stop all USB transfers */ 959 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 960 961 RUN_LOCK(sc); 962 sc->ratectl_run = RUN_RATECTL_OFF; 963 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 964 965 /* free TX list, if any */ 966 for (i = 0; i != RUN_EP_QUEUES; i++) 967 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 968 969 /* Free TX queue */ 970 run_drain_mbufq(sc); 971 RUN_UNLOCK(sc); 972 973 if (sc->sc_ic.ic_softc == sc) { 974 /* drain tasks */ 975 usb_callout_drain(&sc->ratectl_ch); 976 ieee80211_draintask(ic, &sc->cmdq_task); 977 ieee80211_draintask(ic, &sc->ratectl_task); 978 ieee80211_ifdetach(ic); 979 } 980 981 mtx_destroy(&sc->sc_mtx); 982 983 return (0); 984} 985 986static struct ieee80211vap * 987run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 988 enum ieee80211_opmode opmode, int flags, 989 const uint8_t bssid[IEEE80211_ADDR_LEN], 990 const uint8_t mac[IEEE80211_ADDR_LEN]) 991{ 992 struct run_softc *sc = ic->ic_softc; 993 struct run_vap *rvp; 994 struct ieee80211vap *vap; 995 int i; 996 997 if (sc->rvp_cnt >= RUN_VAP_MAX) { 998 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 999 return (NULL); 1000 } 1001 1002 switch (opmode) { 1003 case IEEE80211_M_STA: 1004 /* enable s/w bmiss handling for sta mode */ 1005 flags |= IEEE80211_CLONE_NOBEACONS; 1006 /* fall though */ 1007 case IEEE80211_M_IBSS: 1008 case IEEE80211_M_MONITOR: 1009 case IEEE80211_M_HOSTAP: 1010 case IEEE80211_M_MBSS: 1011 /* other than WDS vaps, only one at a time */ 1012 if (!TAILQ_EMPTY(&ic->ic_vaps)) 1013 return (NULL); 1014 break; 1015 case IEEE80211_M_WDS: 1016 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 1017 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 1018 continue; 1019 /* WDS vap's always share the local mac address. */ 1020 flags &= ~IEEE80211_CLONE_BSSID; 1021 break; 1022 } 1023 if (vap == NULL) { 1024 device_printf(sc->sc_dev, 1025 "wds only supported in ap mode\n"); 1026 return (NULL); 1027 } 1028 break; 1029 default: 1030 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 1031 return (NULL); 1032 } 1033 1034 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 1035 vap = &rvp->vap; 1036 1037 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 1038 bssid) != 0) { 1039 /* out of memory */ 1040 free(rvp, M_80211_VAP); 1041 return (NULL); 1042 } 1043 1044 vap->iv_update_beacon = run_update_beacon; 1045 vap->iv_max_aid = RT2870_WCID_MAX; 1046 1047 /* 1048 * The linux rt2800 driver limits 1 stream devices to a 32KB 1049 * RX AMPDU. 1050 */ 1051 if (ic->ic_rxstream > 1) 1052 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K; 1053 else 1054 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K; 1055 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_2; /* 2uS */ 1056 1057 /* 1058 * To delete the right key from h/w, we need wcid. 1059 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 1060 * and matching wcid will be written into there. So, cast 1061 * some spells to remove 'const' from ieee80211_key{} 1062 */ 1063 vap->iv_key_delete = (void *)run_key_delete; 1064 vap->iv_key_set = (void *)run_key_set; 1065 1066 /* override state transition machine */ 1067 rvp->newstate = vap->iv_newstate; 1068 vap->iv_newstate = run_newstate; 1069 if (opmode == IEEE80211_M_IBSS) { 1070 rvp->recv_mgmt = vap->iv_recv_mgmt; 1071 vap->iv_recv_mgmt = run_recv_mgmt; 1072 } 1073 1074 ieee80211_ratectl_init(vap); 1075 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 1076 1077 /* complete setup */ 1078 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 1079 mac); 1080 1081 /* make sure id is always unique */ 1082 for (i = 0; i < RUN_VAP_MAX; i++) { 1083 if((sc->rvp_bmap & 1 << i) == 0){ 1084 sc->rvp_bmap |= 1 << i; 1085 rvp->rvp_id = i; 1086 break; 1087 } 1088 } 1089 if (sc->rvp_cnt++ == 0) 1090 ic->ic_opmode = opmode; 1091 1092 if (opmode == IEEE80211_M_HOSTAP) 1093 sc->cmdq_run = RUN_CMDQ_GO; 1094 1095 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1096 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1097 1098 return (vap); 1099} 1100 1101static void 1102run_vap_delete(struct ieee80211vap *vap) 1103{ 1104 struct run_vap *rvp = RUN_VAP(vap); 1105 struct ieee80211com *ic; 1106 struct run_softc *sc; 1107 uint8_t rvp_id; 1108 1109 if (vap == NULL) 1110 return; 1111 1112 ic = vap->iv_ic; 1113 sc = ic->ic_softc; 1114 1115 RUN_LOCK(sc); 1116 1117 m_freem(rvp->beacon_mbuf); 1118 rvp->beacon_mbuf = NULL; 1119 1120 rvp_id = rvp->rvp_id; 1121 sc->ratectl_run &= ~(1 << rvp_id); 1122 sc->rvp_bmap &= ~(1 << rvp_id); 1123 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1124 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1125 --sc->rvp_cnt; 1126 1127 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1128 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1129 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1130 1131 RUN_UNLOCK(sc); 1132 1133 ieee80211_ratectl_deinit(vap); 1134 ieee80211_vap_detach(vap); 1135 free(rvp, M_80211_VAP); 1136} 1137 1138/* 1139 * There are numbers of functions need to be called in context thread. 1140 * Rather than creating taskqueue event for each of those functions, 1141 * here is all-for-one taskqueue callback function. This function 1142 * guarantees deferred functions are executed in the same order they 1143 * were enqueued. 1144 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1145 */ 1146static void 1147run_cmdq_cb(void *arg, int pending) 1148{ 1149 struct run_softc *sc = arg; 1150 uint8_t i; 1151 1152 /* call cmdq[].func locked */ 1153 RUN_LOCK(sc); 1154 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1155 i = sc->cmdq_exec, pending--) { 1156 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1157 i, pending); 1158 if (sc->cmdq_run == RUN_CMDQ_GO) { 1159 /* 1160 * If arg0 is NULL, callback func needs more 1161 * than one arg. So, pass ptr to cmdq struct. 1162 */ 1163 if (sc->cmdq[i].arg0) 1164 sc->cmdq[i].func(sc->cmdq[i].arg0); 1165 else 1166 sc->cmdq[i].func(&sc->cmdq[i]); 1167 } 1168 sc->cmdq[i].arg0 = NULL; 1169 sc->cmdq[i].func = NULL; 1170 sc->cmdq_exec++; 1171 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1172 } 1173 RUN_UNLOCK(sc); 1174} 1175 1176static void 1177run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1178{ 1179 struct run_tx_data *data; 1180 1181 memset(pq, 0, sizeof(*pq)); 1182 1183 STAILQ_INIT(&pq->tx_qh); 1184 STAILQ_INIT(&pq->tx_fh); 1185 1186 for (data = &pq->tx_data[0]; 1187 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1188 data->sc = sc; 1189 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1190 } 1191 pq->tx_nfree = RUN_TX_RING_COUNT; 1192} 1193 1194static void 1195run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1196{ 1197 struct run_tx_data *data; 1198 1199 /* make sure any subsequent use of the queues will fail */ 1200 pq->tx_nfree = 0; 1201 STAILQ_INIT(&pq->tx_fh); 1202 STAILQ_INIT(&pq->tx_qh); 1203 1204 /* free up all node references and mbufs */ 1205 for (data = &pq->tx_data[0]; 1206 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1207 if (data->m != NULL) { 1208 m_freem(data->m); 1209 data->m = NULL; 1210 } 1211 if (data->ni != NULL) { 1212 ieee80211_free_node(data->ni); 1213 data->ni = NULL; 1214 } 1215 } 1216} 1217 1218static int 1219run_load_microcode(struct run_softc *sc) 1220{ 1221 usb_device_request_t req; 1222 const struct firmware *fw; 1223 const u_char *base; 1224 uint32_t tmp; 1225 int ntries, error; 1226 const uint64_t *temp; 1227 uint64_t bytes; 1228 1229 RUN_UNLOCK(sc); 1230 fw = firmware_get("runfw"); 1231 RUN_LOCK(sc); 1232 if (fw == NULL) { 1233 device_printf(sc->sc_dev, 1234 "failed loadfirmware of file %s\n", "runfw"); 1235 return ENOENT; 1236 } 1237 1238 if (fw->datasize != 8192) { 1239 device_printf(sc->sc_dev, 1240 "invalid firmware size (should be 8KB)\n"); 1241 error = EINVAL; 1242 goto fail; 1243 } 1244 1245 /* 1246 * RT3071/RT3072 use a different firmware 1247 * run-rt2870 (8KB) contains both, 1248 * first half (4KB) is for rt2870, 1249 * last half is for rt3071. 1250 */ 1251 base = fw->data; 1252 if ((sc->mac_ver) != 0x2860 && 1253 (sc->mac_ver) != 0x2872 && 1254 (sc->mac_ver) != 0x3070) { 1255 base += 4096; 1256 } 1257 1258 /* cheap sanity check */ 1259 temp = fw->data; 1260 bytes = *temp; 1261 if (bytes != be64toh(0xffffff0210280210ULL)) { 1262 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1263 error = EINVAL; 1264 goto fail; 1265 } 1266 1267 /* write microcode image */ 1268 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1269 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1270 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1271 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1272 } 1273 1274 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1275 req.bRequest = RT2870_RESET; 1276 USETW(req.wValue, 8); 1277 USETW(req.wIndex, 0); 1278 USETW(req.wLength, 0); 1279 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1280 != 0) { 1281 device_printf(sc->sc_dev, "firmware reset failed\n"); 1282 goto fail; 1283 } 1284 1285 run_delay(sc, 10); 1286 1287 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1288 run_write(sc, RT2860_H2M_MAILBOX, 0); 1289 run_write(sc, RT2860_H2M_INTSRC, 0); 1290 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1291 goto fail; 1292 1293 /* wait until microcontroller is ready */ 1294 for (ntries = 0; ntries < 1000; ntries++) { 1295 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1296 goto fail; 1297 if (tmp & RT2860_MCU_READY) 1298 break; 1299 run_delay(sc, 10); 1300 } 1301 if (ntries == 1000) { 1302 device_printf(sc->sc_dev, 1303 "timeout waiting for MCU to initialize\n"); 1304 error = ETIMEDOUT; 1305 goto fail; 1306 } 1307 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1308 (base == fw->data) ? "RT2870" : "RT3071", 1309 *(base + 4092), *(base + 4093)); 1310 1311fail: 1312 firmware_put(fw, FIRMWARE_UNLOAD); 1313 return (error); 1314} 1315 1316static int 1317run_reset(struct run_softc *sc) 1318{ 1319 usb_device_request_t req; 1320 1321 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1322 req.bRequest = RT2870_RESET; 1323 USETW(req.wValue, 1); 1324 USETW(req.wIndex, 0); 1325 USETW(req.wLength, 0); 1326 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1327} 1328 1329static usb_error_t 1330run_do_request(struct run_softc *sc, 1331 struct usb_device_request *req, void *data) 1332{ 1333 usb_error_t err; 1334 int ntries = 10; 1335 1336 RUN_LOCK_ASSERT(sc, MA_OWNED); 1337 1338 while (ntries--) { 1339 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1340 req, data, 0, NULL, 250 /* ms */); 1341 if (err == 0) 1342 break; 1343 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1344 "Control request failed, %s (retrying)\n", 1345 usbd_errstr(err)); 1346 run_delay(sc, 10); 1347 } 1348 return (err); 1349} 1350 1351static int 1352run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1353{ 1354 uint32_t tmp; 1355 int error; 1356 1357 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1358 if (error == 0) 1359 *val = le32toh(tmp); 1360 else 1361 *val = 0xffffffff; 1362 return (error); 1363} 1364 1365static int 1366run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1367{ 1368 usb_device_request_t req; 1369 1370 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1371 req.bRequest = RT2870_READ_REGION_1; 1372 USETW(req.wValue, 0); 1373 USETW(req.wIndex, reg); 1374 USETW(req.wLength, len); 1375 1376 return (run_do_request(sc, &req, buf)); 1377} 1378 1379static int 1380run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1381{ 1382 usb_device_request_t req; 1383 1384 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1385 req.bRequest = RT2870_WRITE_2; 1386 USETW(req.wValue, val); 1387 USETW(req.wIndex, reg); 1388 USETW(req.wLength, 0); 1389 1390 return (run_do_request(sc, &req, NULL)); 1391} 1392 1393static int 1394run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1395{ 1396 int error; 1397 1398 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1399 error = run_write_2(sc, reg + 2, val >> 16); 1400 return (error); 1401} 1402 1403static int 1404run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1405 int len) 1406{ 1407#if 1 1408 int i, error = 0; 1409 /* 1410 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1411 * We thus issue multiple WRITE_2 commands instead. 1412 */ 1413 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1414 for (i = 0; i < len && error == 0; i += 2) 1415 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1416 return (error); 1417#else 1418 usb_device_request_t req; 1419 int error = 0; 1420 1421 /* 1422 * NOTE: It appears the WRITE_REGION_1 command cannot be 1423 * passed a huge amount of data, which will crash the 1424 * firmware. Limit amount of data passed to 64-bytes at a 1425 * time. 1426 */ 1427 while (len > 0) { 1428 int delta = 64; 1429 if (delta > len) 1430 delta = len; 1431 1432 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1433 req.bRequest = RT2870_WRITE_REGION_1; 1434 USETW(req.wValue, 0); 1435 USETW(req.wIndex, reg); 1436 USETW(req.wLength, delta); 1437 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1438 if (error != 0) 1439 break; 1440 reg += delta; 1441 buf += delta; 1442 len -= delta; 1443 } 1444 return (error); 1445#endif 1446} 1447 1448static int 1449run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1450{ 1451 int i, error = 0; 1452 1453 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1454 for (i = 0; i < len && error == 0; i += 4) 1455 error = run_write(sc, reg + i, val); 1456 return (error); 1457} 1458 1459static int 1460run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1461{ 1462 uint32_t tmp; 1463 uint16_t reg; 1464 int error, ntries; 1465 1466 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1467 return (error); 1468 1469 if (count == 2) 1470 addr *= 2; 1471 /*- 1472 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1473 * DATA0: F E D C 1474 * DATA1: B A 9 8 1475 * DATA2: 7 6 5 4 1476 * DATA3: 3 2 1 0 1477 */ 1478 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1479 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1480 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1481 for (ntries = 0; ntries < 100; ntries++) { 1482 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1483 return (error); 1484 if (!(tmp & RT3070_EFSROM_KICK)) 1485 break; 1486 run_delay(sc, 2); 1487 } 1488 if (ntries == 100) 1489 return (ETIMEDOUT); 1490 1491 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1492 *val = 0xffff; /* address not found */ 1493 return (0); 1494 } 1495 /* determine to which 32-bit register our 16-bit word belongs */ 1496 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1497 if ((error = run_read(sc, reg, &tmp)) != 0) 1498 return (error); 1499 1500 tmp >>= (8 * (addr & 0x3)); 1501 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1502 1503 return (0); 1504} 1505 1506/* Read 16-bit from eFUSE ROM for RT3xxx. */ 1507static int 1508run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1509{ 1510 return (run_efuse_read(sc, addr, val, 2)); 1511} 1512 1513static int 1514run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1515{ 1516 usb_device_request_t req; 1517 uint16_t tmp; 1518 int error; 1519 1520 addr *= 2; 1521 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1522 req.bRequest = RT2870_EEPROM_READ; 1523 USETW(req.wValue, 0); 1524 USETW(req.wIndex, addr); 1525 USETW(req.wLength, sizeof(tmp)); 1526 1527 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1528 if (error == 0) 1529 *val = le16toh(tmp); 1530 else 1531 *val = 0xffff; 1532 return (error); 1533} 1534 1535static __inline int 1536run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1537{ 1538 /* either eFUSE ROM or EEPROM */ 1539 return sc->sc_srom_read(sc, addr, val); 1540} 1541 1542static int 1543run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1544{ 1545 uint32_t tmp; 1546 int error, ntries; 1547 1548 for (ntries = 0; ntries < 10; ntries++) { 1549 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1550 return (error); 1551 if (!(tmp & RT2860_RF_REG_CTRL)) 1552 break; 1553 } 1554 if (ntries == 10) 1555 return (ETIMEDOUT); 1556 1557 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1558} 1559 1560static int 1561run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1562{ 1563 uint32_t tmp; 1564 int error, ntries; 1565 1566 for (ntries = 0; ntries < 100; ntries++) { 1567 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1568 return (error); 1569 if (!(tmp & RT3070_RF_KICK)) 1570 break; 1571 } 1572 if (ntries == 100) 1573 return (ETIMEDOUT); 1574 1575 tmp = RT3070_RF_KICK | reg << 8; 1576 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1577 return (error); 1578 1579 for (ntries = 0; ntries < 100; ntries++) { 1580 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1581 return (error); 1582 if (!(tmp & RT3070_RF_KICK)) 1583 break; 1584 } 1585 if (ntries == 100) 1586 return (ETIMEDOUT); 1587 1588 *val = tmp & 0xff; 1589 return (0); 1590} 1591 1592static int 1593run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1594{ 1595 uint32_t tmp; 1596 int error, ntries; 1597 1598 for (ntries = 0; ntries < 10; ntries++) { 1599 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1600 return (error); 1601 if (!(tmp & RT3070_RF_KICK)) 1602 break; 1603 } 1604 if (ntries == 10) 1605 return (ETIMEDOUT); 1606 1607 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1608 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1609} 1610 1611static int 1612run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1613{ 1614 uint32_t tmp; 1615 int ntries, error; 1616 1617 for (ntries = 0; ntries < 10; ntries++) { 1618 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1619 return (error); 1620 if (!(tmp & RT2860_BBP_CSR_KICK)) 1621 break; 1622 } 1623 if (ntries == 10) 1624 return (ETIMEDOUT); 1625 1626 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1627 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1628 return (error); 1629 1630 for (ntries = 0; ntries < 10; ntries++) { 1631 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1632 return (error); 1633 if (!(tmp & RT2860_BBP_CSR_KICK)) 1634 break; 1635 } 1636 if (ntries == 10) 1637 return (ETIMEDOUT); 1638 1639 *val = tmp & 0xff; 1640 return (0); 1641} 1642 1643static int 1644run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1645{ 1646 uint32_t tmp; 1647 int ntries, error; 1648 1649 for (ntries = 0; ntries < 10; ntries++) { 1650 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1651 return (error); 1652 if (!(tmp & RT2860_BBP_CSR_KICK)) 1653 break; 1654 } 1655 if (ntries == 10) 1656 return (ETIMEDOUT); 1657 1658 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1659 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1660} 1661 1662/* 1663 * Send a command to the 8051 microcontroller unit. 1664 */ 1665static int 1666run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1667{ 1668 uint32_t tmp; 1669 int error, ntries; 1670 1671 for (ntries = 0; ntries < 100; ntries++) { 1672 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1673 return error; 1674 if (!(tmp & RT2860_H2M_BUSY)) 1675 break; 1676 } 1677 if (ntries == 100) 1678 return ETIMEDOUT; 1679 1680 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1681 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1682 error = run_write(sc, RT2860_HOST_CMD, cmd); 1683 return (error); 1684} 1685 1686/* 1687 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1688 * Used to adjust per-rate Tx power registers. 1689 */ 1690static __inline uint32_t 1691b4inc(uint32_t b32, int8_t delta) 1692{ 1693 int8_t i, b4; 1694 1695 for (i = 0; i < 8; i++) { 1696 b4 = b32 & 0xf; 1697 b4 += delta; 1698 if (b4 < 0) 1699 b4 = 0; 1700 else if (b4 > 0xf) 1701 b4 = 0xf; 1702 b32 = b32 >> 4 | b4 << 28; 1703 } 1704 return (b32); 1705} 1706 1707static const char * 1708run_get_rf(uint16_t rev) 1709{ 1710 switch (rev) { 1711 case RT2860_RF_2820: return "RT2820"; 1712 case RT2860_RF_2850: return "RT2850"; 1713 case RT2860_RF_2720: return "RT2720"; 1714 case RT2860_RF_2750: return "RT2750"; 1715 case RT3070_RF_3020: return "RT3020"; 1716 case RT3070_RF_2020: return "RT2020"; 1717 case RT3070_RF_3021: return "RT3021"; 1718 case RT3070_RF_3022: return "RT3022"; 1719 case RT3070_RF_3052: return "RT3052"; 1720 case RT3593_RF_3053: return "RT3053"; 1721 case RT5592_RF_5592: return "RT5592"; 1722 case RT5390_RF_5370: return "RT5370"; 1723 case RT5390_RF_5372: return "RT5372"; 1724 } 1725 return ("unknown"); 1726} 1727 1728static void 1729run_rt3593_get_txpower(struct run_softc *sc) 1730{ 1731 uint16_t addr, val; 1732 int i; 1733 1734 /* Read power settings for 2GHz channels. */ 1735 for (i = 0; i < 14; i += 2) { 1736 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1737 RT2860_EEPROM_PWR2GHZ_BASE1; 1738 run_srom_read(sc, addr + i / 2, &val); 1739 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1740 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1741 1742 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1743 RT2860_EEPROM_PWR2GHZ_BASE2; 1744 run_srom_read(sc, addr + i / 2, &val); 1745 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1746 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1747 1748 if (sc->ntxchains == 3) { 1749 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1750 &val); 1751 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1752 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1753 } 1754 } 1755 /* Fix broken Tx power entries. */ 1756 for (i = 0; i < 14; i++) { 1757 if (sc->txpow1[i] > 31) 1758 sc->txpow1[i] = 5; 1759 if (sc->txpow2[i] > 31) 1760 sc->txpow2[i] = 5; 1761 if (sc->ntxchains == 3) { 1762 if (sc->txpow3[i] > 31) 1763 sc->txpow3[i] = 5; 1764 } 1765 } 1766 /* Read power settings for 5GHz channels. */ 1767 for (i = 0; i < 40; i += 2) { 1768 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1769 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1770 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1771 1772 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1773 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1774 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1775 1776 if (sc->ntxchains == 3) { 1777 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1778 &val); 1779 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1780 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1781 } 1782 } 1783} 1784 1785static void 1786run_get_txpower(struct run_softc *sc) 1787{ 1788 uint16_t val; 1789 int i; 1790 1791 /* Read power settings for 2GHz channels. */ 1792 for (i = 0; i < 14; i += 2) { 1793 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1794 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1795 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1796 1797 if (sc->mac_ver != 0x5390) { 1798 run_srom_read(sc, 1799 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1800 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1801 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1802 } 1803 } 1804 /* Fix broken Tx power entries. */ 1805 for (i = 0; i < 14; i++) { 1806 if (sc->mac_ver >= 0x5390) { 1807 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1808 sc->txpow1[i] = 5; 1809 } else { 1810 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1811 sc->txpow1[i] = 5; 1812 } 1813 if (sc->mac_ver > 0x5390) { 1814 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1815 sc->txpow2[i] = 5; 1816 } else if (sc->mac_ver < 0x5390) { 1817 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1818 sc->txpow2[i] = 5; 1819 } 1820 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1821 "chan %d: power1=%d, power2=%d\n", 1822 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1823 } 1824 /* Read power settings for 5GHz channels. */ 1825 for (i = 0; i < 40; i += 2) { 1826 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1827 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1828 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1829 1830 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1831 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1832 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1833 } 1834 /* Fix broken Tx power entries. */ 1835 for (i = 0; i < 40; i++ ) { 1836 if (sc->mac_ver != 0x5592) { 1837 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1838 sc->txpow1[14 + i] = 5; 1839 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1840 sc->txpow2[14 + i] = 5; 1841 } 1842 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1843 "chan %d: power1=%d, power2=%d\n", 1844 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1845 sc->txpow2[14 + i]); 1846 } 1847} 1848 1849static int 1850run_read_eeprom(struct run_softc *sc) 1851{ 1852 struct ieee80211com *ic = &sc->sc_ic; 1853 int8_t delta_2ghz, delta_5ghz; 1854 uint32_t tmp; 1855 uint16_t val; 1856 int ridx, ant, i; 1857 1858 /* check whether the ROM is eFUSE ROM or EEPROM */ 1859 sc->sc_srom_read = run_eeprom_read_2; 1860 if (sc->mac_ver >= 0x3070) { 1861 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1862 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1863 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1864 sc->sc_srom_read = run_efuse_read_2; 1865 } 1866 1867 /* read ROM version */ 1868 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1869 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1870 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1871 1872 /* read MAC address */ 1873 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1874 ic->ic_macaddr[0] = val & 0xff; 1875 ic->ic_macaddr[1] = val >> 8; 1876 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1877 ic->ic_macaddr[2] = val & 0xff; 1878 ic->ic_macaddr[3] = val >> 8; 1879 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1880 ic->ic_macaddr[4] = val & 0xff; 1881 ic->ic_macaddr[5] = val >> 8; 1882 1883 if (sc->mac_ver < 0x3593) { 1884 /* read vender BBP settings */ 1885 for (i = 0; i < 10; i++) { 1886 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1887 sc->bbp[i].val = val & 0xff; 1888 sc->bbp[i].reg = val >> 8; 1889 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1890 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1891 } 1892 if (sc->mac_ver >= 0x3071) { 1893 /* read vendor RF settings */ 1894 for (i = 0; i < 10; i++) { 1895 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1896 &val); 1897 sc->rf[i].val = val & 0xff; 1898 sc->rf[i].reg = val >> 8; 1899 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1900 sc->rf[i].reg, sc->rf[i].val); 1901 } 1902 } 1903 } 1904 1905 /* read RF frequency offset from EEPROM */ 1906 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1907 RT3593_EEPROM_FREQ, &val); 1908 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1909 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1910 sc->freq & 0xff); 1911 1912 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1913 RT3593_EEPROM_FREQ_LEDS, &val); 1914 if (val >> 8 != 0xff) { 1915 /* read LEDs operating mode */ 1916 sc->leds = val >> 8; 1917 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1918 RT3593_EEPROM_LED1, &sc->led[0]); 1919 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1920 RT3593_EEPROM_LED2, &sc->led[1]); 1921 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1922 RT3593_EEPROM_LED3, &sc->led[2]); 1923 } else { 1924 /* broken EEPROM, use default settings */ 1925 sc->leds = 0x01; 1926 sc->led[0] = 0x5555; 1927 sc->led[1] = 0x2221; 1928 sc->led[2] = 0x5627; /* differs from RT2860 */ 1929 } 1930 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1931 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1932 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1933 1934 /* read RF information */ 1935 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1936 run_srom_read(sc, 0x00, &val); 1937 else 1938 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1939 1940 if (val == 0xffff) { 1941 device_printf(sc->sc_dev, 1942 "invalid EEPROM antenna info, using default\n"); 1943 if (sc->mac_ver == 0x3572) { 1944 /* default to RF3052 2T2R */ 1945 sc->rf_rev = RT3070_RF_3052; 1946 sc->ntxchains = 2; 1947 sc->nrxchains = 2; 1948 } else if (sc->mac_ver >= 0x3070) { 1949 /* default to RF3020 1T1R */ 1950 sc->rf_rev = RT3070_RF_3020; 1951 sc->ntxchains = 1; 1952 sc->nrxchains = 1; 1953 } else { 1954 /* default to RF2820 1T2R */ 1955 sc->rf_rev = RT2860_RF_2820; 1956 sc->ntxchains = 1; 1957 sc->nrxchains = 2; 1958 } 1959 } else { 1960 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1961 sc->rf_rev = val; 1962 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1963 } else 1964 sc->rf_rev = (val >> 8) & 0xf; 1965 sc->ntxchains = (val >> 4) & 0xf; 1966 sc->nrxchains = val & 0xf; 1967 } 1968 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1969 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1970 1971 /* check if RF supports automatic Tx access gain control */ 1972 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1973 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1974 /* check if driver should patch the DAC issue */ 1975 if ((val >> 8) != 0xff) 1976 sc->patch_dac = (val >> 15) & 1; 1977 if ((val & 0xff) != 0xff) { 1978 sc->ext_5ghz_lna = (val >> 3) & 1; 1979 sc->ext_2ghz_lna = (val >> 2) & 1; 1980 /* check if RF supports automatic Tx access gain control */ 1981 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1982 /* check if we have a hardware radio switch */ 1983 sc->rfswitch = val & 1; 1984 } 1985 1986 /* Read Tx power settings. */ 1987 if (sc->mac_ver == 0x3593) 1988 run_rt3593_get_txpower(sc); 1989 else 1990 run_get_txpower(sc); 1991 1992 /* read Tx power compensation for each Tx rate */ 1993 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1994 delta_2ghz = delta_5ghz = 0; 1995 if ((val & 0xff) != 0xff && (val & 0x80)) { 1996 delta_2ghz = val & 0xf; 1997 if (!(val & 0x40)) /* negative number */ 1998 delta_2ghz = -delta_2ghz; 1999 } 2000 val >>= 8; 2001 if ((val & 0xff) != 0xff && (val & 0x80)) { 2002 delta_5ghz = val & 0xf; 2003 if (!(val & 0x40)) /* negative number */ 2004 delta_5ghz = -delta_5ghz; 2005 } 2006 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 2007 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 2008 2009 for (ridx = 0; ridx < 5; ridx++) { 2010 uint32_t reg; 2011 2012 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 2013 reg = val; 2014 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 2015 reg |= (uint32_t)val << 16; 2016 2017 sc->txpow20mhz[ridx] = reg; 2018 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 2019 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 2020 2021 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 2022 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 2023 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 2024 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 2025 } 2026 2027 /* Read RSSI offsets and LNA gains from EEPROM. */ 2028 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 2029 RT3593_EEPROM_RSSI1_2GHZ, &val); 2030 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 2031 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 2032 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 2033 RT3593_EEPROM_RSSI2_2GHZ, &val); 2034 if (sc->mac_ver >= 0x3070) { 2035 if (sc->mac_ver == 0x3593) { 2036 sc->txmixgain_2ghz = 0; 2037 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2038 } else { 2039 /* 2040 * On RT3070 chips (limited to 2 Rx chains), this ROM 2041 * field contains the Tx mixer gain for the 2GHz band. 2042 */ 2043 if ((val & 0xff) != 0xff) 2044 sc->txmixgain_2ghz = val & 0x7; 2045 } 2046 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 2047 sc->txmixgain_2ghz); 2048 } else 2049 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 2050 if (sc->mac_ver == 0x3593) 2051 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2052 sc->lna[2] = val >> 8; /* channel group 2 */ 2053 2054 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 2055 RT3593_EEPROM_RSSI1_5GHZ, &val); 2056 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 2057 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 2058 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 2059 RT3593_EEPROM_RSSI2_5GHZ, &val); 2060 if (sc->mac_ver == 0x3572) { 2061 /* 2062 * On RT3572 chips (limited to 2 Rx chains), this ROM 2063 * field contains the Tx mixer gain for the 5GHz band. 2064 */ 2065 if ((val & 0xff) != 0xff) 2066 sc->txmixgain_5ghz = val & 0x7; 2067 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 2068 sc->txmixgain_5ghz); 2069 } else 2070 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 2071 if (sc->mac_ver == 0x3593) { 2072 sc->txmixgain_5ghz = 0; 2073 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 2074 } 2075 sc->lna[3] = val >> 8; /* channel group 3 */ 2076 2077 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 2078 RT3593_EEPROM_LNA, &val); 2079 sc->lna[0] = val & 0xff; /* channel group 0 */ 2080 sc->lna[1] = val >> 8; /* channel group 1 */ 2081 2082 /* fix broken 5GHz LNA entries */ 2083 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2084 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2085 "invalid LNA for channel group %d\n", 2); 2086 sc->lna[2] = sc->lna[1]; 2087 } 2088 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2089 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2090 "invalid LNA for channel group %d\n", 3); 2091 sc->lna[3] = sc->lna[1]; 2092 } 2093 2094 /* fix broken RSSI offset entries */ 2095 for (ant = 0; ant < 3; ant++) { 2096 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2097 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2098 "invalid RSSI%d offset: %d (2GHz)\n", 2099 ant + 1, sc->rssi_2ghz[ant]); 2100 sc->rssi_2ghz[ant] = 0; 2101 } 2102 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2103 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2104 "invalid RSSI%d offset: %d (5GHz)\n", 2105 ant + 1, sc->rssi_5ghz[ant]); 2106 sc->rssi_5ghz[ant] = 0; 2107 } 2108 } 2109 return (0); 2110} 2111 2112static struct ieee80211_node * 2113run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2114{ 2115 return malloc(sizeof (struct run_node), M_80211_NODE, 2116 M_NOWAIT | M_ZERO); 2117} 2118 2119static int 2120run_media_change(struct ifnet *ifp) 2121{ 2122 struct ieee80211vap *vap = ifp->if_softc; 2123 struct ieee80211com *ic = vap->iv_ic; 2124 const struct ieee80211_txparam *tp; 2125 struct run_softc *sc = ic->ic_softc; 2126 uint8_t rate, ridx; 2127 int error; 2128 2129 RUN_LOCK(sc); 2130 2131 error = ieee80211_media_change(ifp); 2132 if (error != 0) { 2133 RUN_UNLOCK(sc); 2134 return (error); 2135 } 2136 2137 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2138 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2139 struct ieee80211_node *ni; 2140 struct run_node *rn; 2141 2142 /* XXX TODO: methodize with MCS rates */ 2143 rate = ic->ic_sup_rates[ic->ic_curmode]. 2144 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2145 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2146 if (rt2860_rates[ridx].rate == rate) 2147 break; 2148 2149 ni = ieee80211_ref_node(vap->iv_bss); 2150 rn = RUN_NODE(ni); 2151 rn->fix_ridx = ridx; 2152 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2153 rate, rn->fix_ridx); 2154 ieee80211_free_node(ni); 2155 } 2156 2157#if 0 2158 if ((ifp->if_flags & IFF_UP) && 2159 (ifp->if_drv_flags & RUN_RUNNING)){ 2160 run_init_locked(sc); 2161 } 2162#endif 2163 2164 RUN_UNLOCK(sc); 2165 2166 return (0); 2167} 2168 2169static int 2170run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2171{ 2172 const struct ieee80211_txparam *tp; 2173 struct ieee80211com *ic = vap->iv_ic; 2174 struct run_softc *sc = ic->ic_softc; 2175 struct run_vap *rvp = RUN_VAP(vap); 2176 enum ieee80211_state ostate; 2177 uint32_t sta[3]; 2178 uint8_t ratectl; 2179 uint8_t restart_ratectl = 0; 2180 uint8_t bid = 1 << rvp->rvp_id; 2181 2182 ostate = vap->iv_state; 2183 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2184 ieee80211_state_name[ostate], 2185 ieee80211_state_name[nstate]); 2186 2187 IEEE80211_UNLOCK(ic); 2188 RUN_LOCK(sc); 2189 2190 ratectl = sc->ratectl_run; /* remember current state */ 2191 sc->ratectl_run = RUN_RATECTL_OFF; 2192 usb_callout_stop(&sc->ratectl_ch); 2193 2194 if (ostate == IEEE80211_S_RUN) { 2195 /* turn link LED off */ 2196 run_set_leds(sc, RT2860_LED_RADIO); 2197 } 2198 2199 switch (nstate) { 2200 case IEEE80211_S_INIT: 2201 restart_ratectl = 1; 2202 2203 if (ostate != IEEE80211_S_RUN) 2204 break; 2205 2206 ratectl &= ~bid; 2207 sc->runbmap &= ~bid; 2208 2209 /* abort TSF synchronization if there is no vap running */ 2210 if (--sc->running == 0) 2211 run_disable_tsf(sc); 2212 break; 2213 2214 case IEEE80211_S_RUN: 2215 if (!(sc->runbmap & bid)) { 2216 if(sc->running++) 2217 restart_ratectl = 1; 2218 sc->runbmap |= bid; 2219 } 2220 2221 m_freem(rvp->beacon_mbuf); 2222 rvp->beacon_mbuf = NULL; 2223 2224 switch (vap->iv_opmode) { 2225 case IEEE80211_M_HOSTAP: 2226 case IEEE80211_M_MBSS: 2227 sc->ap_running |= bid; 2228 ic->ic_opmode = vap->iv_opmode; 2229 run_update_beacon_cb(vap); 2230 break; 2231 case IEEE80211_M_IBSS: 2232 sc->adhoc_running |= bid; 2233 if (!sc->ap_running) 2234 ic->ic_opmode = vap->iv_opmode; 2235 run_update_beacon_cb(vap); 2236 break; 2237 case IEEE80211_M_STA: 2238 sc->sta_running |= bid; 2239 if (!sc->ap_running && !sc->adhoc_running) 2240 ic->ic_opmode = vap->iv_opmode; 2241 2242 /* read statistic counters (clear on read) */ 2243 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2244 (uint8_t *)sta, sizeof sta); 2245 2246 break; 2247 default: 2248 ic->ic_opmode = vap->iv_opmode; 2249 break; 2250 } 2251 2252 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2253 struct ieee80211_node *ni; 2254 2255 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2256 RUN_UNLOCK(sc); 2257 IEEE80211_LOCK(ic); 2258 return (-1); 2259 } 2260 run_updateslot(ic); 2261 run_enable_mrr(sc); 2262 run_set_txpreamble(sc); 2263 run_set_basicrates(sc); 2264 ni = ieee80211_ref_node(vap->iv_bss); 2265 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2266 run_set_bssid(sc, sc->sc_bssid); 2267 ieee80211_free_node(ni); 2268 run_enable_tsf_sync(sc); 2269 2270 /* enable automatic rate adaptation */ 2271 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2272 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2273 ratectl |= bid; 2274 } else 2275 run_enable_tsf(sc); 2276 2277 /* turn link LED on */ 2278 run_set_leds(sc, RT2860_LED_RADIO | 2279 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2280 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2281 2282 break; 2283 default: 2284 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2285 break; 2286 } 2287 2288 /* restart amrr for running VAPs */ 2289 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2290 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2291 2292 RUN_UNLOCK(sc); 2293 IEEE80211_LOCK(ic); 2294 2295 return(rvp->newstate(vap, nstate, arg)); 2296} 2297 2298static int 2299run_wme_update(struct ieee80211com *ic) 2300{ 2301 struct chanAccParams chp; 2302 struct run_softc *sc = ic->ic_softc; 2303 const struct wmeParams *ac; 2304 int aci, error = 0; 2305 2306 ieee80211_wme_ic_getparams(ic, &chp); 2307 ac = chp.cap_wmeParams; 2308 2309 /* update MAC TX configuration registers */ 2310 RUN_LOCK(sc); 2311 for (aci = 0; aci < WME_NUM_AC; aci++) { 2312 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2313 ac[aci].wmep_logcwmax << 16 | 2314 ac[aci].wmep_logcwmin << 12 | 2315 ac[aci].wmep_aifsn << 8 | 2316 ac[aci].wmep_txopLimit); 2317 if (error) goto err; 2318 } 2319 2320 /* update SCH/DMA registers too */ 2321 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2322 ac[WME_AC_VO].wmep_aifsn << 12 | 2323 ac[WME_AC_VI].wmep_aifsn << 8 | 2324 ac[WME_AC_BK].wmep_aifsn << 4 | 2325 ac[WME_AC_BE].wmep_aifsn); 2326 if (error) goto err; 2327 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2328 ac[WME_AC_VO].wmep_logcwmin << 12 | 2329 ac[WME_AC_VI].wmep_logcwmin << 8 | 2330 ac[WME_AC_BK].wmep_logcwmin << 4 | 2331 ac[WME_AC_BE].wmep_logcwmin); 2332 if (error) goto err; 2333 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2334 ac[WME_AC_VO].wmep_logcwmax << 12 | 2335 ac[WME_AC_VI].wmep_logcwmax << 8 | 2336 ac[WME_AC_BK].wmep_logcwmax << 4 | 2337 ac[WME_AC_BE].wmep_logcwmax); 2338 if (error) goto err; 2339 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2340 ac[WME_AC_BK].wmep_txopLimit << 16 | 2341 ac[WME_AC_BE].wmep_txopLimit); 2342 if (error) goto err; 2343 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2344 ac[WME_AC_VO].wmep_txopLimit << 16 | 2345 ac[WME_AC_VI].wmep_txopLimit); 2346 2347err: 2348 RUN_UNLOCK(sc); 2349 if (error) 2350 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2351 2352 return (error); 2353} 2354 2355static void 2356run_key_set_cb(void *arg) 2357{ 2358 struct run_cmdq *cmdq = arg; 2359 struct ieee80211vap *vap = cmdq->arg1; 2360 struct ieee80211_key *k = cmdq->k; 2361 struct ieee80211com *ic = vap->iv_ic; 2362 struct run_softc *sc = ic->ic_softc; 2363 struct ieee80211_node *ni; 2364 u_int cipher = k->wk_cipher->ic_cipher; 2365 uint32_t attr; 2366 uint16_t base, associd; 2367 uint8_t mode, wcid, iv[8]; 2368 2369 RUN_LOCK_ASSERT(sc, MA_OWNED); 2370 2371 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2372 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2373 else 2374 ni = vap->iv_bss; 2375 associd = (ni != NULL) ? ni->ni_associd : 0; 2376 2377 /* map net80211 cipher to RT2860 security mode */ 2378 switch (cipher) { 2379 case IEEE80211_CIPHER_WEP: 2380 if(k->wk_keylen < 8) 2381 mode = RT2860_MODE_WEP40; 2382 else 2383 mode = RT2860_MODE_WEP104; 2384 break; 2385 case IEEE80211_CIPHER_TKIP: 2386 mode = RT2860_MODE_TKIP; 2387 break; 2388 case IEEE80211_CIPHER_AES_CCM: 2389 mode = RT2860_MODE_AES_CCMP; 2390 break; 2391 default: 2392 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2393 return; 2394 } 2395 2396 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2397 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2398 associd, k->wk_keyix, mode, 2399 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2400 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2401 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2402 2403 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2404 wcid = 0; /* NB: update WCID0 for group keys */ 2405 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2406 } else { 2407 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2408 1 : RUN_AID2WCID(associd); 2409 base = RT2860_PKEY(wcid); 2410 } 2411 2412 if (cipher == IEEE80211_CIPHER_TKIP) { 2413 if(run_write_region_1(sc, base, k->wk_key, 16)) 2414 return; 2415 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2416 return; 2417 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2418 return; 2419 } else { 2420 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2421 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2422 return; 2423 } 2424 2425 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2426 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2427 /* set initial packet number in IV+EIV */ 2428 if (cipher == IEEE80211_CIPHER_WEP) { 2429 memset(iv, 0, sizeof iv); 2430 iv[3] = vap->iv_def_txkey << 6; 2431 } else { 2432 if (cipher == IEEE80211_CIPHER_TKIP) { 2433 iv[0] = k->wk_keytsc >> 8; 2434 iv[1] = (iv[0] | 0x20) & 0x7f; 2435 iv[2] = k->wk_keytsc; 2436 } else /* CCMP */ { 2437 iv[0] = k->wk_keytsc; 2438 iv[1] = k->wk_keytsc >> 8; 2439 iv[2] = 0; 2440 } 2441 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2442 iv[4] = k->wk_keytsc >> 16; 2443 iv[5] = k->wk_keytsc >> 24; 2444 iv[6] = k->wk_keytsc >> 32; 2445 iv[7] = k->wk_keytsc >> 40; 2446 } 2447 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2448 return; 2449 } 2450 2451 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2452 /* install group key */ 2453 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2454 return; 2455 attr &= ~(0xf << (k->wk_keyix * 4)); 2456 attr |= mode << (k->wk_keyix * 4); 2457 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2458 return; 2459 } else { 2460 /* install pairwise key */ 2461 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2462 return; 2463 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2464 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2465 return; 2466 } 2467 2468 /* TODO create a pass-thru key entry? */ 2469 2470 /* need wcid to delete the right key later */ 2471 k->wk_pad = wcid; 2472} 2473 2474/* 2475 * Don't have to be deferred, but in order to keep order of 2476 * execution, i.e. with run_key_delete(), defer this and let 2477 * run_cmdq_cb() maintain the order. 2478 * 2479 * return 0 on error 2480 */ 2481static int 2482run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2483{ 2484 struct ieee80211com *ic = vap->iv_ic; 2485 struct run_softc *sc = ic->ic_softc; 2486 uint32_t i; 2487 2488 i = RUN_CMDQ_GET(&sc->cmdq_store); 2489 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2490 sc->cmdq[i].func = run_key_set_cb; 2491 sc->cmdq[i].arg0 = NULL; 2492 sc->cmdq[i].arg1 = vap; 2493 sc->cmdq[i].k = k; 2494 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2495 ieee80211_runtask(ic, &sc->cmdq_task); 2496 2497 /* 2498 * To make sure key will be set when hostapd 2499 * calls iv_key_set() before if_init(). 2500 */ 2501 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2502 RUN_LOCK(sc); 2503 sc->cmdq_key_set = RUN_CMDQ_GO; 2504 RUN_UNLOCK(sc); 2505 } 2506 2507 return (1); 2508} 2509 2510/* 2511 * If wlan is destroyed without being brought down i.e. without 2512 * wlan down or wpa_cli terminate, this function is called after 2513 * vap is gone. Don't refer it. 2514 */ 2515static void 2516run_key_delete_cb(void *arg) 2517{ 2518 struct run_cmdq *cmdq = arg; 2519 struct run_softc *sc = cmdq->arg1; 2520 struct ieee80211_key *k = &cmdq->key; 2521 uint32_t attr; 2522 uint8_t wcid; 2523 2524 RUN_LOCK_ASSERT(sc, MA_OWNED); 2525 2526 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2527 /* remove group key */ 2528 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2529 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2530 attr &= ~(0xf << (k->wk_keyix * 4)); 2531 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2532 } else { 2533 /* remove pairwise key */ 2534 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2535 "removing key for wcid %x\n", k->wk_pad); 2536 /* matching wcid was written to wk_pad in run_key_set() */ 2537 wcid = k->wk_pad; 2538 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2539 attr &= ~0xf; 2540 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2541 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2542 } 2543 2544 k->wk_pad = 0; 2545} 2546 2547/* 2548 * return 0 on error 2549 */ 2550static int 2551run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2552{ 2553 struct ieee80211com *ic = vap->iv_ic; 2554 struct run_softc *sc = ic->ic_softc; 2555 struct ieee80211_key *k0; 2556 uint32_t i; 2557 2558 /* 2559 * When called back, key might be gone. So, make a copy 2560 * of some values need to delete keys before deferring. 2561 * But, because of LOR with node lock, cannot use lock here. 2562 * So, use atomic instead. 2563 */ 2564 i = RUN_CMDQ_GET(&sc->cmdq_store); 2565 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2566 sc->cmdq[i].func = run_key_delete_cb; 2567 sc->cmdq[i].arg0 = NULL; 2568 sc->cmdq[i].arg1 = sc; 2569 k0 = &sc->cmdq[i].key; 2570 k0->wk_flags = k->wk_flags; 2571 k0->wk_keyix = k->wk_keyix; 2572 /* matching wcid was written to wk_pad in run_key_set() */ 2573 k0->wk_pad = k->wk_pad; 2574 ieee80211_runtask(ic, &sc->cmdq_task); 2575 return (1); /* return fake success */ 2576 2577} 2578 2579static void 2580run_ratectl_to(void *arg) 2581{ 2582 struct run_softc *sc = arg; 2583 2584 /* do it in a process context, so it can go sleep */ 2585 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2586 /* next timeout will be rescheduled in the callback task */ 2587} 2588 2589/* ARGSUSED */ 2590static void 2591run_ratectl_cb(void *arg, int pending) 2592{ 2593 struct run_softc *sc = arg; 2594 struct ieee80211com *ic = &sc->sc_ic; 2595 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2596 2597 if (vap == NULL) 2598 return; 2599 2600 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2601 /* 2602 * run_reset_livelock() doesn't do anything with AMRR, 2603 * but Ralink wants us to call it every 1 sec. So, we 2604 * piggyback here rather than creating another callout. 2605 * Livelock may occur only in HOSTAP or IBSS mode 2606 * (when h/w is sending beacons). 2607 */ 2608 RUN_LOCK(sc); 2609 run_reset_livelock(sc); 2610 /* just in case, there are some stats to drain */ 2611 run_drain_fifo(sc); 2612 RUN_UNLOCK(sc); 2613 } 2614 2615 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2616 2617 RUN_LOCK(sc); 2618 if(sc->ratectl_run != RUN_RATECTL_OFF) 2619 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2620 RUN_UNLOCK(sc); 2621} 2622 2623static void 2624run_drain_fifo(void *arg) 2625{ 2626 struct run_softc *sc = arg; 2627 uint32_t stat; 2628 uint16_t (*wstat)[3]; 2629 uint8_t wcid, mcs, pid; 2630 int8_t retry; 2631 2632 RUN_LOCK_ASSERT(sc, MA_OWNED); 2633 2634 for (;;) { 2635 /* drain Tx status FIFO (maxsize = 16) */ 2636 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2637 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2638 if (!(stat & RT2860_TXQ_VLD)) 2639 break; 2640 2641 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2642 2643 /* if no ACK was requested, no feedback is available */ 2644 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2645 wcid == 0) 2646 continue; 2647 2648 /* 2649 * Even though each stat is Tx-complete-status like format, 2650 * the device can poll stats. Because there is no guarantee 2651 * that the referring node is still around when read the stats. 2652 * So that, if we use ieee80211_ratectl_tx_update(), we will 2653 * have hard time not to refer already freed node. 2654 * 2655 * To eliminate such page faults, we poll stats in softc. 2656 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2657 */ 2658 wstat = &(sc->wcid_stats[wcid]); 2659 (*wstat)[RUN_TXCNT]++; 2660 if (stat & RT2860_TXQ_OK) 2661 (*wstat)[RUN_SUCCESS]++; 2662 else 2663 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2664 /* 2665 * Check if there were retries, ie if the Tx success rate is 2666 * different from the requested rate. Note that it works only 2667 * because we do not allow rate fallback from OFDM to CCK. 2668 */ 2669 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2670 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2671 if ((retry = pid -1 - mcs) > 0) { 2672 (*wstat)[RUN_TXCNT] += retry; 2673 (*wstat)[RUN_RETRY] += retry; 2674 } 2675 } 2676 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2677 2678 sc->fifo_cnt = 0; 2679} 2680 2681static void 2682run_iter_func(void *arg, struct ieee80211_node *ni) 2683{ 2684 struct run_softc *sc = arg; 2685 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2686 struct ieee80211vap *vap = ni->ni_vap; 2687 struct run_node *rn = RUN_NODE(ni); 2688 union run_stats sta[2]; 2689 uint16_t (*wstat)[3]; 2690 int error, ridx; 2691 2692 RUN_LOCK(sc); 2693 2694 /* Check for special case */ 2695 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2696 ni != vap->iv_bss) 2697 goto fail; 2698 2699 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2700 IEEE80211_RATECTL_TX_STATS_RETRIES; 2701 txs->ni = ni; 2702 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2703 vap->iv_opmode == IEEE80211_M_STA)) { 2704 /* read statistic counters (clear on read) and update AMRR state */ 2705 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2706 sizeof sta); 2707 if (error != 0) 2708 goto fail; 2709 2710 /* count failed TX as errors */ 2711 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2712 le16toh(sta[0].error.fail)); 2713 2714 txs->nretries = le16toh(sta[1].tx.retry); 2715 txs->nsuccess = le16toh(sta[1].tx.success); 2716 /* nretries??? */ 2717 txs->nframes = txs->nretries + txs->nsuccess + 2718 le16toh(sta[0].error.fail); 2719 2720 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2721 "retrycnt=%d success=%d failcnt=%d\n", 2722 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2723 } else { 2724 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2725 2726 if (wstat == &(sc->wcid_stats[0]) || 2727 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2728 goto fail; 2729 2730 txs->nretries = (*wstat)[RUN_RETRY]; 2731 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2732 txs->nframes = (*wstat)[RUN_TXCNT]; 2733 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2734 "retrycnt=%d txcnt=%d success=%d\n", 2735 txs->nretries, txs->nframes, txs->nsuccess); 2736 2737 memset(wstat, 0, sizeof(*wstat)); 2738 } 2739 2740 ieee80211_ratectl_tx_update(vap, txs); 2741 ieee80211_ratectl_rate(ni, NULL, 0); 2742 /* XXX TODO: methodize with MCS rates */ 2743 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2744 if (rt2860_rates[ridx].rate == ni->ni_txrate) 2745 break; 2746 rn->amrr_ridx = ridx; 2747 2748fail: 2749 RUN_UNLOCK(sc); 2750 2751 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, ridx=%d\n", ni->ni_txrate, rn->amrr_ridx); 2752} 2753 2754static void 2755run_newassoc_cb(void *arg) 2756{ 2757 struct run_cmdq *cmdq = arg; 2758 struct ieee80211_node *ni = cmdq->arg1; 2759 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2760 uint8_t wcid = cmdq->wcid; 2761 2762 RUN_LOCK_ASSERT(sc, MA_OWNED); 2763 2764 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2765 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2766 2767 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2768} 2769 2770static void 2771run_newassoc(struct ieee80211_node *ni, int isnew) 2772{ 2773 struct run_node *rn = RUN_NODE(ni); 2774 struct ieee80211vap *vap = ni->ni_vap; 2775 struct ieee80211com *ic = vap->iv_ic; 2776 struct run_softc *sc = ic->ic_softc; 2777 uint8_t rate; 2778 uint8_t ridx; 2779 uint8_t wcid; 2780 2781 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2782 1 : RUN_AID2WCID(ni->ni_associd); 2783 2784 if (wcid > RT2870_WCID_MAX) { 2785 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2786 return; 2787 } 2788 2789 /* only interested in true associations */ 2790 if (isnew && ni->ni_associd != 0) { 2791 /* 2792 * This function could is called though timeout function. 2793 * Need to defer. 2794 */ 2795 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2796 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2797 sc->cmdq[cnt].func = run_newassoc_cb; 2798 sc->cmdq[cnt].arg0 = NULL; 2799 sc->cmdq[cnt].arg1 = ni; 2800 sc->cmdq[cnt].wcid = wcid; 2801 ieee80211_runtask(ic, &sc->cmdq_task); 2802 } 2803 2804 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2805 "new assoc isnew=%d associd=%x addr=%s\n", 2806 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2807 2808 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2809 /* XXX TODO: methodize with MCS rates */ 2810 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2811 if (rt2860_rates[ridx].rate == rate) 2812 break; 2813 rn->mgt_ridx = ridx; 2814 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2815 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2816 2817 RUN_LOCK(sc); 2818 if(sc->ratectl_run != RUN_RATECTL_OFF) 2819 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2820 RUN_UNLOCK(sc); 2821} 2822 2823/* 2824 * Return the Rx chain with the highest RSSI for a given frame. 2825 */ 2826static __inline uint8_t 2827run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2828{ 2829 uint8_t rxchain = 0; 2830 2831 if (sc->nrxchains > 1) { 2832 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2833 rxchain = 1; 2834 if (sc->nrxchains > 2) 2835 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2836 rxchain = 2; 2837 } 2838 return (rxchain); 2839} 2840 2841static void 2842run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2843 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2844{ 2845 struct ieee80211vap *vap = ni->ni_vap; 2846 struct run_softc *sc = vap->iv_ic->ic_softc; 2847 struct run_vap *rvp = RUN_VAP(vap); 2848 uint64_t ni_tstamp, rx_tstamp; 2849 2850 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2851 2852 if (vap->iv_state == IEEE80211_S_RUN && 2853 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2854 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2855 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2856 RUN_LOCK(sc); 2857 run_get_tsf(sc, &rx_tstamp); 2858 RUN_UNLOCK(sc); 2859 rx_tstamp = le64toh(rx_tstamp); 2860 2861 if (ni_tstamp >= rx_tstamp) { 2862 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2863 "ibss merge, tsf %ju tstamp %ju\n", 2864 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2865 (void) ieee80211_ibss_merge(ni); 2866 } 2867 } 2868} 2869 2870static void 2871run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2872{ 2873 struct ieee80211com *ic = &sc->sc_ic; 2874 struct ieee80211_frame *wh; 2875 struct ieee80211_node *ni; 2876 struct epoch_tracker et; 2877 struct rt2870_rxd *rxd; 2878 struct rt2860_rxwi *rxwi; 2879 uint32_t flags; 2880 uint16_t len, rxwisize; 2881 uint8_t ant, rssi; 2882 int8_t nf; 2883 2884 rxwisize = sizeof(struct rt2860_rxwi); 2885 if (sc->mac_ver == 0x5592) 2886 rxwisize += sizeof(uint64_t); 2887 else if (sc->mac_ver == 0x3593) 2888 rxwisize += sizeof(uint32_t); 2889 2890 if (__predict_false(dmalen < 2891 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2892 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2893 "payload is too short: dma length %u < %zu\n", 2894 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2895 goto fail; 2896 } 2897 2898 rxwi = mtod(m, struct rt2860_rxwi *); 2899 len = le16toh(rxwi->len) & 0xfff; 2900 2901 if (__predict_false(len > dmalen - rxwisize)) { 2902 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2903 "bad RXWI length %u > %u\n", len, dmalen); 2904 goto fail; 2905 } 2906 2907 /* Rx descriptor is located at the end */ 2908 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2909 flags = le32toh(rxd->flags); 2910 2911 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2912 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2913 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2914 goto fail; 2915 } 2916 2917 if (flags & RT2860_RX_L2PAD) { 2918 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2919 "received RT2860_RX_L2PAD frame\n"); 2920 len += 2; 2921 } 2922 2923 m->m_data += rxwisize; 2924 m->m_pkthdr.len = m->m_len = len; 2925 2926 wh = mtod(m, struct ieee80211_frame *); 2927 2928 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 && 2929 (flags & RT2860_RX_DEC) != 0) { 2930 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2931 m->m_flags |= M_WEP; 2932 } 2933 2934 if (len >= sizeof(struct ieee80211_frame_min)) { 2935 ni = ieee80211_find_rxnode(ic, 2936 mtod(m, struct ieee80211_frame_min *)); 2937 } else 2938 ni = NULL; 2939 2940 if(ni && ni->ni_flags & IEEE80211_NODE_HT) { 2941 m->m_flags |= M_AMPDU; 2942 } 2943 2944 if (__predict_false(flags & RT2860_RX_MICERR)) { 2945 /* report MIC failures to net80211 for TKIP */ 2946 if (ni != NULL) 2947 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2948 rxwi->keyidx); 2949 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2950 "MIC error. Someone is lying.\n"); 2951 goto fail; 2952 } 2953 2954 ant = run_maxrssi_chain(sc, rxwi); 2955 rssi = rxwi->rssi[ant]; 2956 nf = run_rssi2dbm(sc, rssi, ant); 2957 2958 if (__predict_false(ieee80211_radiotap_active(ic))) { 2959 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2960 uint16_t phy; 2961 2962 tap->wr_flags = 0; 2963 if (flags & RT2860_RX_L2PAD) 2964 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 2965 tap->wr_antsignal = rssi; 2966 tap->wr_antenna = ant; 2967 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2968 tap->wr_rate = 2; /* in case it can't be found below */ 2969 RUN_LOCK(sc); 2970 run_get_tsf(sc, &tap->wr_tsf); 2971 RUN_UNLOCK(sc); 2972 phy = le16toh(rxwi->phy); 2973 switch (phy & RT2860_PHY_MODE) { 2974 case RT2860_PHY_CCK: 2975 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2976 case 0: tap->wr_rate = 2; break; 2977 case 1: tap->wr_rate = 4; break; 2978 case 2: tap->wr_rate = 11; break; 2979 case 3: tap->wr_rate = 22; break; 2980 } 2981 if (phy & RT2860_PHY_SHPRE) 2982 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2983 break; 2984 case RT2860_PHY_OFDM: 2985 switch (phy & RT2860_PHY_MCS) { 2986 case 0: tap->wr_rate = 12; break; 2987 case 1: tap->wr_rate = 18; break; 2988 case 2: tap->wr_rate = 24; break; 2989 case 3: tap->wr_rate = 36; break; 2990 case 4: tap->wr_rate = 48; break; 2991 case 5: tap->wr_rate = 72; break; 2992 case 6: tap->wr_rate = 96; break; 2993 case 7: tap->wr_rate = 108; break; 2994 } 2995 break; 2996 } 2997 } 2998 2999 NET_EPOCH_ENTER(et); 3000 if (ni != NULL) { 3001 (void)ieee80211_input(ni, m, rssi, nf); 3002 ieee80211_free_node(ni); 3003 } else { 3004 (void)ieee80211_input_all(ic, m, rssi, nf); 3005 } 3006 NET_EPOCH_EXIT(et); 3007 3008 return; 3009 3010fail: 3011 m_freem(m); 3012 counter_u64_add(ic->ic_ierrors, 1); 3013} 3014 3015static void 3016run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 3017{ 3018 struct run_softc *sc = usbd_xfer_softc(xfer); 3019 struct ieee80211com *ic = &sc->sc_ic; 3020 struct mbuf *m = NULL; 3021 struct mbuf *m0; 3022 uint32_t dmalen, mbuf_len; 3023 uint16_t rxwisize; 3024 int xferlen; 3025 3026 rxwisize = sizeof(struct rt2860_rxwi); 3027 if (sc->mac_ver == 0x5592) 3028 rxwisize += sizeof(uint64_t); 3029 else if (sc->mac_ver == 0x3593) 3030 rxwisize += sizeof(uint32_t); 3031 3032 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 3033 3034 switch (USB_GET_STATE(xfer)) { 3035 case USB_ST_TRANSFERRED: 3036 3037 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 3038 "rx done, actlen=%d\n", xferlen); 3039 3040 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 3041 sizeof(struct rt2870_rxd))) { 3042 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3043 "xfer too short %d\n", xferlen); 3044 goto tr_setup; 3045 } 3046 3047 m = sc->rx_m; 3048 sc->rx_m = NULL; 3049 3050 /* FALLTHROUGH */ 3051 case USB_ST_SETUP: 3052tr_setup: 3053 if (sc->rx_m == NULL) { 3054 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 3055 RUN_MAX_RXSZ); 3056 } 3057 if (sc->rx_m == NULL) { 3058 RUN_DPRINTF(sc, RUN_DEBUG_RECV | 3059 RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3060 "could not allocate mbuf - idle with stall\n"); 3061 counter_u64_add(ic->ic_ierrors, 1); 3062 usbd_xfer_set_stall(xfer); 3063 usbd_xfer_set_frames(xfer, 0); 3064 } else { 3065 /* 3066 * Directly loading a mbuf cluster into DMA to 3067 * save some data copying. This works because 3068 * there is only one cluster. 3069 */ 3070 usbd_xfer_set_frame_data(xfer, 0, 3071 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3072 usbd_xfer_set_frames(xfer, 1); 3073 } 3074 usbd_transfer_submit(xfer); 3075 break; 3076 3077 default: /* Error */ 3078 if (error != USB_ERR_CANCELLED) { 3079 /* try to clear stall first */ 3080 usbd_xfer_set_stall(xfer); 3081 if (error == USB_ERR_TIMEOUT) 3082 device_printf(sc->sc_dev, "device timeout\n"); 3083 counter_u64_add(ic->ic_ierrors, 1); 3084 goto tr_setup; 3085 } 3086 if (sc->rx_m != NULL) { 3087 m_freem(sc->rx_m); 3088 sc->rx_m = NULL; 3089 } 3090 break; 3091 } 3092 3093 if (m == NULL) 3094 return; 3095 3096 /* inputting all the frames must be last */ 3097 3098 RUN_UNLOCK(sc); 3099 3100 m->m_pkthdr.len = m->m_len = xferlen; 3101 3102 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3103 for(;;) { 3104 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3105 3106 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3107 ((dmalen & 3) != 0)) { 3108 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3109 "bad DMA length %u\n", dmalen); 3110 break; 3111 } 3112 if ((dmalen + 8) > (uint32_t)xferlen) { 3113 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3114 "bad DMA length %u > %d\n", 3115 dmalen + 8, xferlen); 3116 break; 3117 } 3118 3119 /* If it is the last one or a single frame, we won't copy. */ 3120 if ((xferlen -= dmalen + 8) <= 8) { 3121 /* trim 32-bit DMA-len header */ 3122 m->m_data += 4; 3123 m->m_pkthdr.len = m->m_len -= 4; 3124 run_rx_frame(sc, m, dmalen); 3125 m = NULL; /* don't free source buffer */ 3126 break; 3127 } 3128 3129 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3130 if (__predict_false(mbuf_len > MCLBYTES)) { 3131 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3132 "payload is too big: mbuf_len %u\n", mbuf_len); 3133 counter_u64_add(ic->ic_ierrors, 1); 3134 break; 3135 } 3136 3137 /* copy aggregated frames to another mbuf */ 3138 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3139 if (__predict_false(m0 == NULL)) { 3140 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3141 "could not allocate mbuf\n"); 3142 counter_u64_add(ic->ic_ierrors, 1); 3143 break; 3144 } 3145 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3146 mbuf_len, mtod(m0, caddr_t)); 3147 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3148 run_rx_frame(sc, m0, dmalen); 3149 3150 /* update data ptr */ 3151 m->m_data += mbuf_len + 4; 3152 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3153 } 3154 3155 /* make sure we free the source buffer, if any */ 3156 m_freem(m); 3157 3158#ifdef IEEE80211_SUPPORT_SUPERG 3159 ieee80211_ff_age_all(ic, 100); 3160#endif 3161 RUN_LOCK(sc); 3162} 3163 3164static void 3165run_tx_free(struct run_endpoint_queue *pq, 3166 struct run_tx_data *data, int txerr) 3167{ 3168 3169 ieee80211_tx_complete(data->ni, data->m, txerr); 3170 3171 data->m = NULL; 3172 data->ni = NULL; 3173 3174 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3175 pq->tx_nfree++; 3176} 3177 3178static void 3179run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3180{ 3181 struct run_softc *sc = usbd_xfer_softc(xfer); 3182 struct ieee80211com *ic = &sc->sc_ic; 3183 struct run_tx_data *data; 3184 struct ieee80211vap *vap = NULL; 3185 struct usb_page_cache *pc; 3186 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3187 struct mbuf *m; 3188 usb_frlength_t size; 3189 int actlen; 3190 int sumlen; 3191 3192 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3193 3194 switch (USB_GET_STATE(xfer)) { 3195 case USB_ST_TRANSFERRED: 3196 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3197 "transfer complete: %d bytes @ index %d\n", actlen, index); 3198 3199 data = usbd_xfer_get_priv(xfer); 3200 run_tx_free(pq, data, 0); 3201 usbd_xfer_set_priv(xfer, NULL); 3202 3203 /* FALLTHROUGH */ 3204 case USB_ST_SETUP: 3205tr_setup: 3206 data = STAILQ_FIRST(&pq->tx_qh); 3207 if (data == NULL) 3208 break; 3209 3210 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3211 3212 m = data->m; 3213 size = (sc->mac_ver == 0x5592) ? 3214 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3215 if ((m->m_pkthdr.len + 3216 size + 3 + 8) > RUN_MAX_TXSZ) { 3217 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3218 "data overflow, %u bytes\n", m->m_pkthdr.len); 3219 run_tx_free(pq, data, 1); 3220 goto tr_setup; 3221 } 3222 3223 pc = usbd_xfer_get_frame(xfer, 0); 3224 usbd_copy_in(pc, 0, &data->desc, size); 3225 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3226 size += m->m_pkthdr.len; 3227 /* 3228 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3229 * 4-byte padding), and be sure to zero those trailing 3230 * bytes: 3231 */ 3232 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3233 size += ((-size) & 3) + 8; 3234 3235 vap = data->ni->ni_vap; 3236 if (ieee80211_radiotap_active_vap(vap)) { 3237 const struct ieee80211_frame *wh; 3238 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3239 struct rt2860_txwi *txwi = 3240 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3241 int has_l2pad; 3242 3243 wh = mtod(m, struct ieee80211_frame *); 3244 has_l2pad = IEEE80211_HAS_ADDR4(wh) != 3245 IEEE80211_QOS_HAS_SEQ(wh); 3246 3247 tap->wt_flags = 0; 3248 tap->wt_rate = rt2860_rates[data->ridx].rate; 3249 tap->wt_hwqueue = index; 3250 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3251 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3252 if (has_l2pad) 3253 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 3254 3255 ieee80211_radiotap_tx(vap, m); 3256 } 3257 3258 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3259 "sending frame len=%u/%u @ index %d\n", 3260 m->m_pkthdr.len, size, index); 3261 3262 usbd_xfer_set_frame_len(xfer, 0, size); 3263 usbd_xfer_set_priv(xfer, data); 3264 usbd_transfer_submit(xfer); 3265 run_start(sc); 3266 3267 break; 3268 3269 default: 3270 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3271 "USB transfer error, %s\n", usbd_errstr(error)); 3272 3273 data = usbd_xfer_get_priv(xfer); 3274 3275 if (data != NULL) { 3276 if(data->ni != NULL) 3277 vap = data->ni->ni_vap; 3278 run_tx_free(pq, data, error); 3279 usbd_xfer_set_priv(xfer, NULL); 3280 } 3281 3282 if (vap == NULL) 3283 vap = TAILQ_FIRST(&ic->ic_vaps); 3284 3285 if (error != USB_ERR_CANCELLED) { 3286 if (error == USB_ERR_TIMEOUT) { 3287 device_printf(sc->sc_dev, "device timeout\n"); 3288 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3289 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3290 "cmdq_store=%d\n", i); 3291 sc->cmdq[i].func = run_usb_timeout_cb; 3292 sc->cmdq[i].arg0 = vap; 3293 ieee80211_runtask(ic, &sc->cmdq_task); 3294 } 3295 3296 /* 3297 * Try to clear stall first, also if other 3298 * errors occur, hence clearing stall 3299 * introduces a 50 ms delay: 3300 */ 3301 usbd_xfer_set_stall(xfer); 3302 goto tr_setup; 3303 } 3304 break; 3305 } 3306#ifdef IEEE80211_SUPPORT_SUPERG 3307 /* XXX TODO: make this deferred rather than unlock/relock */ 3308 /* XXX TODO: should only do the QoS AC this belongs to */ 3309 if (pq->tx_nfree >= RUN_TX_RING_COUNT) { 3310 RUN_UNLOCK(sc); 3311 ieee80211_ff_flush_all(ic); 3312 RUN_LOCK(sc); 3313 } 3314#endif 3315} 3316 3317static void 3318run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3319{ 3320 run_bulk_tx_callbackN(xfer, error, 0); 3321} 3322 3323static void 3324run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3325{ 3326 run_bulk_tx_callbackN(xfer, error, 1); 3327} 3328 3329static void 3330run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3331{ 3332 run_bulk_tx_callbackN(xfer, error, 2); 3333} 3334 3335static void 3336run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3337{ 3338 run_bulk_tx_callbackN(xfer, error, 3); 3339} 3340 3341static void 3342run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3343{ 3344 run_bulk_tx_callbackN(xfer, error, 4); 3345} 3346 3347static void 3348run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3349{ 3350 run_bulk_tx_callbackN(xfer, error, 5); 3351} 3352 3353static void 3354run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3355{ 3356 struct mbuf *m = data->m; 3357 struct ieee80211com *ic = &sc->sc_ic; 3358 struct ieee80211vap *vap = data->ni->ni_vap; 3359 struct ieee80211_frame *wh; 3360 struct rt2870_txd *txd; 3361 struct rt2860_txwi *txwi; 3362 uint16_t xferlen, txwisize; 3363 uint16_t mcs; 3364 uint8_t ridx = data->ridx; 3365 uint8_t pad; 3366 3367 /* get MCS code from rate index */ 3368 mcs = rt2860_rates[ridx].mcs; 3369 3370 txwisize = (sc->mac_ver == 0x5592) ? 3371 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3372 xferlen = txwisize + m->m_pkthdr.len; 3373 3374 /* roundup to 32-bit alignment */ 3375 xferlen = (xferlen + 3) & ~3; 3376 3377 txd = (struct rt2870_txd *)&data->desc; 3378 txd->len = htole16(xferlen); 3379 3380 wh = mtod(m, struct ieee80211_frame *); 3381 3382 /* 3383 * Ether both are true or both are false, the header 3384 * are nicely aligned to 32-bit. So, no L2 padding. 3385 */ 3386 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3387 pad = 0; 3388 else 3389 pad = 2; 3390 3391 /* setup TX Wireless Information */ 3392 txwi = (struct rt2860_txwi *)(txd + 1); 3393 txwi->len = htole16(m->m_pkthdr.len - pad); 3394 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3395 mcs |= RT2860_PHY_CCK; 3396 if (ridx != RT2860_RIDX_CCK1 && 3397 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3398 mcs |= RT2860_PHY_SHPRE; 3399 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) { 3400 mcs |= RT2860_PHY_OFDM; 3401 } else if (rt2860_rates[ridx].phy == IEEE80211_T_HT) { 3402 /* XXX TODO: [adrian] set short preamble for MCS? */ 3403 mcs |= RT2860_PHY_HT_MIX; /* Mixed, not greenfield */ 3404 } 3405 txwi->phy = htole16(mcs); 3406 3407 /* check if RTS/CTS or CTS-to-self protection is required */ 3408 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3409 ((m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) || 3410 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3411 rt2860_rates[ridx].phy == IEEE80211_T_OFDM) || 3412 ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) && 3413 rt2860_rates[ridx].phy == IEEE80211_T_HT))) 3414 txwi->txop |= RT2860_TX_TXOP_HT; 3415 else 3416 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3417 3418 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3419 txwi->xflags |= RT2860_TX_NSEQ; 3420} 3421 3422/* This function must be called locked */ 3423static int 3424run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3425{ 3426 struct ieee80211com *ic = &sc->sc_ic; 3427 struct ieee80211vap *vap = ni->ni_vap; 3428 struct ieee80211_frame *wh; 3429 const struct ieee80211_txparam *tp = ni->ni_txparms; 3430 struct run_node *rn = RUN_NODE(ni); 3431 struct run_tx_data *data; 3432 struct rt2870_txd *txd; 3433 struct rt2860_txwi *txwi; 3434 uint16_t qos; 3435 uint16_t dur; 3436 uint16_t qid; 3437 uint8_t type; 3438 uint8_t tid; 3439 uint8_t ridx; 3440 uint8_t ctl_ridx; 3441 uint8_t qflags; 3442 uint8_t xflags = 0; 3443 int hasqos; 3444 3445 RUN_LOCK_ASSERT(sc, MA_OWNED); 3446 3447 wh = mtod(m, struct ieee80211_frame *); 3448 3449 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3450 3451 /* 3452 * There are 7 bulk endpoints: 1 for RX 3453 * and 6 for TX (4 EDCAs + HCCA + Prio). 3454 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3455 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3456 */ 3457 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3458 uint8_t *frm; 3459 3460 frm = ieee80211_getqos(wh); 3461 qos = le16toh(*(const uint16_t *)frm); 3462 tid = qos & IEEE80211_QOS_TID; 3463 qid = TID_TO_WME_AC(tid); 3464 } else { 3465 qos = 0; 3466 tid = 0; 3467 qid = WME_AC_BE; 3468 } 3469 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3470 3471 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3472 qos, qid, tid, qflags); 3473 3474 /* pickup a rate index */ 3475 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3476 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3477 /* XXX TODO: methodize for 11n; use MCS0 for 11NA/11NG */ 3478 ridx = (ic->ic_curmode == IEEE80211_MODE_11A || ic->ic_curmode == IEEE80211_MODE_11NA) ? 3479 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3480 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3481 } else { 3482 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3483 ridx = rn->fix_ridx; 3484 else 3485 ridx = rn->amrr_ridx; 3486 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3487 } 3488 3489 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3490 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3491 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3492 xflags |= RT2860_TX_ACK; 3493 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3494 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3495 else 3496 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3497 *(uint16_t *)wh->i_dur = htole16(dur); 3498 } 3499 3500 /* reserve slots for mgmt packets, just in case */ 3501 if (sc->sc_epq[qid].tx_nfree < 3) { 3502 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3503 return (-1); 3504 } 3505 3506 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3507 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3508 sc->sc_epq[qid].tx_nfree--; 3509 3510 txd = (struct rt2870_txd *)&data->desc; 3511 txd->flags = qflags; 3512 txwi = (struct rt2860_txwi *)(txd + 1); 3513 txwi->xflags = xflags; 3514 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3515 txwi->wcid = 0; 3516 else 3517 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3518 1 : RUN_AID2WCID(ni->ni_associd); 3519 3520 /* clear leftover garbage bits */ 3521 txwi->flags = 0; 3522 txwi->txop = 0; 3523 3524 data->m = m; 3525 data->ni = ni; 3526 data->ridx = ridx; 3527 3528 run_set_tx_desc(sc, data); 3529 3530 /* 3531 * The chip keeps track of 2 kind of Tx stats, 3532 * * TX_STAT_FIFO, for per WCID stats, and 3533 * * TX_STA_CNT0 for all-TX-in-one stats. 3534 * 3535 * To use FIFO stats, we need to store MCS into the driver-private 3536 * PacketID field. So that, we can tell whose stats when we read them. 3537 * We add 1 to the MCS because setting the PacketID field to 0 means 3538 * that we don't want feedback in TX_STAT_FIFO. 3539 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3540 * 3541 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3542 */ 3543 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3544 vap->iv_opmode == IEEE80211_M_MBSS) { 3545 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3546 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3547 3548 /* 3549 * Unlike PCI based devices, we don't get any interrupt from 3550 * USB devices, so we simulate FIFO-is-full interrupt here. 3551 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3552 * quickly get fulled. To prevent overflow, increment a counter on 3553 * every FIFO stat request, so we know how many slots are left. 3554 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3555 * are used only in those modes. 3556 * We just drain stats. AMRR gets updated every 1 sec by 3557 * run_ratectl_cb() via callout. 3558 * Call it early. Otherwise overflow. 3559 */ 3560 if (sc->fifo_cnt++ == 10) { 3561 /* 3562 * With multiple vaps or if_bridge, if_start() is called 3563 * with a non-sleepable lock, tcpinp. So, need to defer. 3564 */ 3565 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3566 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3567 sc->cmdq[i].func = run_drain_fifo; 3568 sc->cmdq[i].arg0 = sc; 3569 ieee80211_runtask(ic, &sc->cmdq_task); 3570 } 3571 } 3572 3573 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3574 3575 usbd_transfer_start(sc->sc_xfer[qid]); 3576 3577 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3578 "sending data frame len=%d rate=%d qid=%d\n", 3579 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3580 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3581 3582 return (0); 3583} 3584 3585static int 3586run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3587{ 3588 struct ieee80211com *ic = &sc->sc_ic; 3589 struct run_node *rn = RUN_NODE(ni); 3590 struct run_tx_data *data; 3591 struct ieee80211_frame *wh; 3592 struct rt2870_txd *txd; 3593 struct rt2860_txwi *txwi; 3594 uint16_t dur; 3595 uint8_t ridx = rn->mgt_ridx; 3596 uint8_t xflags = 0; 3597 uint8_t wflags = 0; 3598 3599 RUN_LOCK_ASSERT(sc, MA_OWNED); 3600 3601 wh = mtod(m, struct ieee80211_frame *); 3602 3603 /* tell hardware to add timestamp for probe responses */ 3604 if ((wh->i_fc[0] & 3605 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3606 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3607 wflags |= RT2860_TX_TS; 3608 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3609 xflags |= RT2860_TX_ACK; 3610 3611 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3612 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3613 *(uint16_t *)wh->i_dur = htole16(dur); 3614 } 3615 3616 if (sc->sc_epq[0].tx_nfree == 0) 3617 /* let caller free mbuf */ 3618 return (EIO); 3619 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3620 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3621 sc->sc_epq[0].tx_nfree--; 3622 3623 txd = (struct rt2870_txd *)&data->desc; 3624 txd->flags = RT2860_TX_QSEL_EDCA; 3625 txwi = (struct rt2860_txwi *)(txd + 1); 3626 txwi->wcid = 0xff; 3627 txwi->flags = wflags; 3628 txwi->xflags = xflags; 3629 txwi->txop = 0; /* clear leftover garbage bits */ 3630 3631 data->m = m; 3632 data->ni = ni; 3633 data->ridx = ridx; 3634 3635 run_set_tx_desc(sc, data); 3636 3637 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3638 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3639 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3640 3641 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3642 3643 usbd_transfer_start(sc->sc_xfer[0]); 3644 3645 return (0); 3646} 3647 3648static int 3649run_sendprot(struct run_softc *sc, 3650 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3651{ 3652 struct ieee80211com *ic = ni->ni_ic; 3653 struct run_tx_data *data; 3654 struct rt2870_txd *txd; 3655 struct rt2860_txwi *txwi; 3656 struct mbuf *mprot; 3657 int ridx; 3658 int protrate; 3659 uint8_t wflags = 0; 3660 uint8_t xflags = 0; 3661 3662 RUN_LOCK_ASSERT(sc, MA_OWNED); 3663 3664 /* check that there are free slots before allocating the mbuf */ 3665 if (sc->sc_epq[0].tx_nfree == 0) 3666 /* let caller free mbuf */ 3667 return (ENOBUFS); 3668 3669 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3670 if (mprot == NULL) { 3671 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3672 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3673 return (ENOBUFS); 3674 } 3675 3676 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3677 wflags = RT2860_TX_FRAG; 3678 xflags = 0; 3679 if (prot == IEEE80211_PROT_RTSCTS) 3680 xflags |= RT2860_TX_ACK; 3681 3682 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3683 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3684 sc->sc_epq[0].tx_nfree--; 3685 3686 txd = (struct rt2870_txd *)&data->desc; 3687 txd->flags = RT2860_TX_QSEL_EDCA; 3688 txwi = (struct rt2860_txwi *)(txd + 1); 3689 txwi->wcid = 0xff; 3690 txwi->flags = wflags; 3691 txwi->xflags = xflags; 3692 txwi->txop = 0; /* clear leftover garbage bits */ 3693 3694 data->m = mprot; 3695 data->ni = ieee80211_ref_node(ni); 3696 3697 /* XXX TODO: methodize with MCS rates */ 3698 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3699 if (rt2860_rates[ridx].rate == protrate) 3700 break; 3701 data->ridx = ridx; 3702 3703 run_set_tx_desc(sc, data); 3704 3705 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3706 m->m_pkthdr.len, rate); 3707 3708 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3709 3710 usbd_transfer_start(sc->sc_xfer[0]); 3711 3712 return (0); 3713} 3714 3715static int 3716run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3717 const struct ieee80211_bpf_params *params) 3718{ 3719 struct ieee80211com *ic = ni->ni_ic; 3720 struct run_tx_data *data; 3721 struct rt2870_txd *txd; 3722 struct rt2860_txwi *txwi; 3723 uint8_t ridx; 3724 uint8_t rate; 3725 uint8_t opflags = 0; 3726 uint8_t xflags = 0; 3727 int error; 3728 3729 RUN_LOCK_ASSERT(sc, MA_OWNED); 3730 3731 KASSERT(params != NULL, ("no raw xmit params")); 3732 3733 rate = params->ibp_rate0; 3734 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3735 /* let caller free mbuf */ 3736 return (EINVAL); 3737 } 3738 3739 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3740 xflags |= RT2860_TX_ACK; 3741 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3742 error = run_sendprot(sc, m, ni, 3743 params->ibp_flags & IEEE80211_BPF_RTS ? 3744 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3745 rate); 3746 if (error) { 3747 /* let caller free mbuf */ 3748 return error; 3749 } 3750 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3751 } 3752 3753 if (sc->sc_epq[0].tx_nfree == 0) { 3754 /* let caller free mbuf */ 3755 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3756 "sending raw frame, but tx ring is full\n"); 3757 return (EIO); 3758 } 3759 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3760 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3761 sc->sc_epq[0].tx_nfree--; 3762 3763 txd = (struct rt2870_txd *)&data->desc; 3764 txd->flags = RT2860_TX_QSEL_EDCA; 3765 txwi = (struct rt2860_txwi *)(txd + 1); 3766 txwi->wcid = 0xff; 3767 txwi->xflags = xflags; 3768 txwi->txop = opflags; 3769 txwi->flags = 0; /* clear leftover garbage bits */ 3770 3771 data->m = m; 3772 data->ni = ni; 3773 /* XXX TODO: methodize with MCS rates */ 3774 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3775 if (rt2860_rates[ridx].rate == rate) 3776 break; 3777 data->ridx = ridx; 3778 3779 run_set_tx_desc(sc, data); 3780 3781 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3782 m->m_pkthdr.len, rate); 3783 3784 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3785 3786 usbd_transfer_start(sc->sc_xfer[0]); 3787 3788 return (0); 3789} 3790 3791static int 3792run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3793 const struct ieee80211_bpf_params *params) 3794{ 3795 struct run_softc *sc = ni->ni_ic->ic_softc; 3796 int error = 0; 3797 3798 RUN_LOCK(sc); 3799 3800 /* prevent management frames from being sent if we're not ready */ 3801 if (!(sc->sc_flags & RUN_RUNNING)) { 3802 error = ENETDOWN; 3803 goto done; 3804 } 3805 3806 if (params == NULL) { 3807 /* tx mgt packet */ 3808 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3809 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3810 goto done; 3811 } 3812 } else { 3813 /* tx raw packet with param */ 3814 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3815 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3816 goto done; 3817 } 3818 } 3819 3820done: 3821 RUN_UNLOCK(sc); 3822 3823 if (error != 0) { 3824 if(m != NULL) 3825 m_freem(m); 3826 } 3827 3828 return (error); 3829} 3830 3831static int 3832run_transmit(struct ieee80211com *ic, struct mbuf *m) 3833{ 3834 struct run_softc *sc = ic->ic_softc; 3835 int error; 3836 3837 RUN_LOCK(sc); 3838 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3839 RUN_UNLOCK(sc); 3840 return (ENXIO); 3841 } 3842 error = mbufq_enqueue(&sc->sc_snd, m); 3843 if (error) { 3844 RUN_UNLOCK(sc); 3845 return (error); 3846 } 3847 run_start(sc); 3848 RUN_UNLOCK(sc); 3849 3850 return (0); 3851} 3852 3853static void 3854run_start(struct run_softc *sc) 3855{ 3856 struct ieee80211_node *ni; 3857 struct mbuf *m; 3858 3859 RUN_LOCK_ASSERT(sc, MA_OWNED); 3860 3861 if ((sc->sc_flags & RUN_RUNNING) == 0) 3862 return; 3863 3864 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3865 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3866 if (run_tx(sc, m, ni) != 0) { 3867 mbufq_prepend(&sc->sc_snd, m); 3868 break; 3869 } 3870 } 3871} 3872 3873static void 3874run_parent(struct ieee80211com *ic) 3875{ 3876 struct run_softc *sc = ic->ic_softc; 3877 int startall = 0; 3878 3879 RUN_LOCK(sc); 3880 if (sc->sc_detached) { 3881 RUN_UNLOCK(sc); 3882 return; 3883 } 3884 3885 if (ic->ic_nrunning > 0) { 3886 if (!(sc->sc_flags & RUN_RUNNING)) { 3887 startall = 1; 3888 run_init_locked(sc); 3889 } else 3890 run_update_promisc_locked(sc); 3891 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3892 run_stop(sc); 3893 RUN_UNLOCK(sc); 3894 if (startall) 3895 ieee80211_start_all(ic); 3896} 3897 3898static void 3899run_iq_calib(struct run_softc *sc, u_int chan) 3900{ 3901 uint16_t val; 3902 3903 /* Tx0 IQ gain. */ 3904 run_bbp_write(sc, 158, 0x2c); 3905 if (chan <= 14) 3906 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3907 else if (chan <= 64) { 3908 run_efuse_read(sc, 3909 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3910 &val, 1); 3911 } else if (chan <= 138) { 3912 run_efuse_read(sc, 3913 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3914 &val, 1); 3915 } else if (chan <= 165) { 3916 run_efuse_read(sc, 3917 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3918 &val, 1); 3919 } else 3920 val = 0; 3921 run_bbp_write(sc, 159, val); 3922 3923 /* Tx0 IQ phase. */ 3924 run_bbp_write(sc, 158, 0x2d); 3925 if (chan <= 14) { 3926 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3927 &val, 1); 3928 } else if (chan <= 64) { 3929 run_efuse_read(sc, 3930 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3931 &val, 1); 3932 } else if (chan <= 138) { 3933 run_efuse_read(sc, 3934 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3935 &val, 1); 3936 } else if (chan <= 165) { 3937 run_efuse_read(sc, 3938 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3939 &val, 1); 3940 } else 3941 val = 0; 3942 run_bbp_write(sc, 159, val); 3943 3944 /* Tx1 IQ gain. */ 3945 run_bbp_write(sc, 158, 0x4a); 3946 if (chan <= 14) { 3947 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3948 &val, 1); 3949 } else if (chan <= 64) { 3950 run_efuse_read(sc, 3951 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3952 &val, 1); 3953 } else if (chan <= 138) { 3954 run_efuse_read(sc, 3955 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3956 &val, 1); 3957 } else if (chan <= 165) { 3958 run_efuse_read(sc, 3959 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3960 &val, 1); 3961 } else 3962 val = 0; 3963 run_bbp_write(sc, 159, val); 3964 3965 /* Tx1 IQ phase. */ 3966 run_bbp_write(sc, 158, 0x4b); 3967 if (chan <= 14) { 3968 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3969 &val, 1); 3970 } else if (chan <= 64) { 3971 run_efuse_read(sc, 3972 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3973 &val, 1); 3974 } else if (chan <= 138) { 3975 run_efuse_read(sc, 3976 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3977 &val, 1); 3978 } else if (chan <= 165) { 3979 run_efuse_read(sc, 3980 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3981 &val, 1); 3982 } else 3983 val = 0; 3984 run_bbp_write(sc, 159, val); 3985 3986 /* RF IQ compensation control. */ 3987 run_bbp_write(sc, 158, 0x04); 3988 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3989 &val, 1); 3990 run_bbp_write(sc, 159, val); 3991 3992 /* RF IQ imbalance compensation control. */ 3993 run_bbp_write(sc, 158, 0x03); 3994 run_efuse_read(sc, 3995 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3996 run_bbp_write(sc, 159, val); 3997} 3998 3999static void 4000run_set_agc(struct run_softc *sc, uint8_t agc) 4001{ 4002 uint8_t bbp; 4003 4004 if (sc->mac_ver == 0x3572) { 4005 run_bbp_read(sc, 27, &bbp); 4006 bbp &= ~(0x3 << 5); 4007 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 4008 run_bbp_write(sc, 66, agc); 4009 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 4010 run_bbp_write(sc, 66, agc); 4011 } else 4012 run_bbp_write(sc, 66, agc); 4013} 4014 4015static void 4016run_select_chan_group(struct run_softc *sc, int group) 4017{ 4018 uint32_t tmp; 4019 uint8_t agc; 4020 4021 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 4022 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 4023 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 4024 if (sc->mac_ver < 0x3572) 4025 run_bbp_write(sc, 86, 0x00); 4026 4027 if (sc->mac_ver == 0x3593) { 4028 run_bbp_write(sc, 77, 0x98); 4029 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 4030 } 4031 4032 if (group == 0) { 4033 if (sc->ext_2ghz_lna) { 4034 if (sc->mac_ver >= 0x5390) 4035 run_bbp_write(sc, 75, 0x52); 4036 else { 4037 run_bbp_write(sc, 82, 0x62); 4038 run_bbp_write(sc, 75, 0x46); 4039 } 4040 } else { 4041 if (sc->mac_ver == 0x5592) { 4042 run_bbp_write(sc, 79, 0x1c); 4043 run_bbp_write(sc, 80, 0x0e); 4044 run_bbp_write(sc, 81, 0x3a); 4045 run_bbp_write(sc, 82, 0x62); 4046 4047 run_bbp_write(sc, 195, 0x80); 4048 run_bbp_write(sc, 196, 0xe0); 4049 run_bbp_write(sc, 195, 0x81); 4050 run_bbp_write(sc, 196, 0x1f); 4051 run_bbp_write(sc, 195, 0x82); 4052 run_bbp_write(sc, 196, 0x38); 4053 run_bbp_write(sc, 195, 0x83); 4054 run_bbp_write(sc, 196, 0x32); 4055 run_bbp_write(sc, 195, 0x85); 4056 run_bbp_write(sc, 196, 0x28); 4057 run_bbp_write(sc, 195, 0x86); 4058 run_bbp_write(sc, 196, 0x19); 4059 } else if (sc->mac_ver >= 0x5390) 4060 run_bbp_write(sc, 75, 0x50); 4061 else { 4062 run_bbp_write(sc, 82, 4063 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 4064 run_bbp_write(sc, 75, 0x50); 4065 } 4066 } 4067 } else { 4068 if (sc->mac_ver == 0x5592) { 4069 run_bbp_write(sc, 79, 0x18); 4070 run_bbp_write(sc, 80, 0x08); 4071 run_bbp_write(sc, 81, 0x38); 4072 run_bbp_write(sc, 82, 0x92); 4073 4074 run_bbp_write(sc, 195, 0x80); 4075 run_bbp_write(sc, 196, 0xf0); 4076 run_bbp_write(sc, 195, 0x81); 4077 run_bbp_write(sc, 196, 0x1e); 4078 run_bbp_write(sc, 195, 0x82); 4079 run_bbp_write(sc, 196, 0x28); 4080 run_bbp_write(sc, 195, 0x83); 4081 run_bbp_write(sc, 196, 0x20); 4082 run_bbp_write(sc, 195, 0x85); 4083 run_bbp_write(sc, 196, 0x7f); 4084 run_bbp_write(sc, 195, 0x86); 4085 run_bbp_write(sc, 196, 0x7f); 4086 } else if (sc->mac_ver == 0x3572) 4087 run_bbp_write(sc, 82, 0x94); 4088 else 4089 run_bbp_write(sc, 82, 4090 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4091 if (sc->ext_5ghz_lna) 4092 run_bbp_write(sc, 75, 0x46); 4093 else 4094 run_bbp_write(sc, 75, 0x50); 4095 } 4096 4097 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4098 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4099 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4100 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4101 4102 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4103 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4104 if (sc->mac_ver == 0x3593) 4105 tmp |= 1 << 29 | 1 << 28; 4106 if (sc->nrxchains > 1) 4107 tmp |= RT2860_LNA_PE1_EN; 4108 if (group == 0) { /* 2GHz */ 4109 tmp |= RT2860_PA_PE_G0_EN; 4110 if (sc->ntxchains > 1) 4111 tmp |= RT2860_PA_PE_G1_EN; 4112 if (sc->mac_ver == 0x3593) { 4113 if (sc->ntxchains > 2) 4114 tmp |= 1 << 25; 4115 } 4116 } else { /* 5GHz */ 4117 tmp |= RT2860_PA_PE_A0_EN; 4118 if (sc->ntxchains > 1) 4119 tmp |= RT2860_PA_PE_A1_EN; 4120 } 4121 if (sc->mac_ver == 0x3572) { 4122 run_rt3070_rf_write(sc, 8, 0x00); 4123 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4124 run_rt3070_rf_write(sc, 8, 0x80); 4125 } else 4126 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4127 4128 if (sc->mac_ver == 0x5592) { 4129 run_bbp_write(sc, 195, 0x8d); 4130 run_bbp_write(sc, 196, 0x1a); 4131 } 4132 4133 if (sc->mac_ver == 0x3593) { 4134 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4135 tmp &= ~0x01010000; 4136 if (group == 0) 4137 tmp |= 0x00010000; 4138 tmp = (tmp & ~0x00009090) | 0x00000090; 4139 run_write(sc, RT2860_GPIO_CTRL, tmp); 4140 } 4141 4142 /* set initial AGC value */ 4143 if (group == 0) { /* 2GHz band */ 4144 if (sc->mac_ver >= 0x3070) 4145 agc = 0x1c + sc->lna[0] * 2; 4146 else 4147 agc = 0x2e + sc->lna[0]; 4148 } else { /* 5GHz band */ 4149 if (sc->mac_ver == 0x5592) 4150 agc = 0x24 + sc->lna[group] * 2; 4151 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4152 agc = 0x22 + (sc->lna[group] * 5) / 3; 4153 else 4154 agc = 0x32 + (sc->lna[group] * 5) / 3; 4155 } 4156 run_set_agc(sc, agc); 4157} 4158 4159static void 4160run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4161{ 4162 const struct rfprog *rfprog = rt2860_rf2850; 4163 uint32_t r2, r3, r4; 4164 int8_t txpow1, txpow2; 4165 int i; 4166 4167 /* find the settings for this channel (we know it exists) */ 4168 for (i = 0; rfprog[i].chan != chan; i++); 4169 4170 r2 = rfprog[i].r2; 4171 if (sc->ntxchains == 1) 4172 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4173 if (sc->nrxchains == 1) 4174 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4175 else if (sc->nrxchains == 2) 4176 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4177 4178 /* use Tx power values from EEPROM */ 4179 txpow1 = sc->txpow1[i]; 4180 txpow2 = sc->txpow2[i]; 4181 4182 /* Initialize RF R3 and R4. */ 4183 r3 = rfprog[i].r3 & 0xffffc1ff; 4184 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4185 if (chan > 14) { 4186 if (txpow1 >= 0) { 4187 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4188 r3 |= (txpow1 << 10) | (1 << 9); 4189 } else { 4190 txpow1 += 7; 4191 4192 /* txpow1 is not possible larger than 15. */ 4193 r3 |= (txpow1 << 10); 4194 } 4195 if (txpow2 >= 0) { 4196 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4197 r4 |= (txpow2 << 7) | (1 << 6); 4198 } else { 4199 txpow2 += 7; 4200 r4 |= (txpow2 << 7); 4201 } 4202 } else { 4203 /* Set Tx0 power. */ 4204 r3 |= (txpow1 << 9); 4205 4206 /* Set frequency offset and Tx1 power. */ 4207 r4 |= (txpow2 << 6); 4208 } 4209 4210 run_rt2870_rf_write(sc, rfprog[i].r1); 4211 run_rt2870_rf_write(sc, r2); 4212 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4213 run_rt2870_rf_write(sc, r4); 4214 4215 run_delay(sc, 10); 4216 4217 run_rt2870_rf_write(sc, rfprog[i].r1); 4218 run_rt2870_rf_write(sc, r2); 4219 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4220 run_rt2870_rf_write(sc, r4); 4221 4222 run_delay(sc, 10); 4223 4224 run_rt2870_rf_write(sc, rfprog[i].r1); 4225 run_rt2870_rf_write(sc, r2); 4226 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4227 run_rt2870_rf_write(sc, r4); 4228} 4229 4230static void 4231run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4232{ 4233 int8_t txpow1, txpow2; 4234 uint8_t rf; 4235 int i; 4236 4237 /* find the settings for this channel (we know it exists) */ 4238 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4239 4240 /* use Tx power values from EEPROM */ 4241 txpow1 = sc->txpow1[i]; 4242 txpow2 = sc->txpow2[i]; 4243 4244 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4245 4246 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4247 run_rt3070_rf_read(sc, 3, &rf); 4248 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4249 run_rt3070_rf_write(sc, 3, rf); 4250 4251 run_rt3070_rf_read(sc, 6, &rf); 4252 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4253 run_rt3070_rf_write(sc, 6, rf); 4254 4255 /* set Tx0 power */ 4256 run_rt3070_rf_read(sc, 12, &rf); 4257 rf = (rf & ~0x1f) | txpow1; 4258 run_rt3070_rf_write(sc, 12, rf); 4259 4260 /* set Tx1 power */ 4261 run_rt3070_rf_read(sc, 13, &rf); 4262 rf = (rf & ~0x1f) | txpow2; 4263 run_rt3070_rf_write(sc, 13, rf); 4264 4265 run_rt3070_rf_read(sc, 1, &rf); 4266 rf &= ~0xfc; 4267 if (sc->ntxchains == 1) 4268 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4269 else if (sc->ntxchains == 2) 4270 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4271 if (sc->nrxchains == 1) 4272 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4273 else if (sc->nrxchains == 2) 4274 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4275 run_rt3070_rf_write(sc, 1, rf); 4276 4277 /* set RF offset */ 4278 run_rt3070_rf_read(sc, 23, &rf); 4279 rf = (rf & ~0x7f) | sc->freq; 4280 run_rt3070_rf_write(sc, 23, rf); 4281 4282 /* program RF filter */ 4283 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4284 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4285 run_rt3070_rf_write(sc, 24, rf); 4286 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4287 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4288 run_rt3070_rf_write(sc, 31, rf); 4289 4290 /* enable RF tuning */ 4291 run_rt3070_rf_read(sc, 7, &rf); 4292 run_rt3070_rf_write(sc, 7, rf | 0x01); 4293} 4294 4295static void 4296run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4297{ 4298 int8_t txpow1, txpow2; 4299 uint32_t tmp; 4300 uint8_t rf; 4301 int i; 4302 4303 /* find the settings for this channel (we know it exists) */ 4304 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4305 4306 /* use Tx power values from EEPROM */ 4307 txpow1 = sc->txpow1[i]; 4308 txpow2 = sc->txpow2[i]; 4309 4310 if (chan <= 14) { 4311 run_bbp_write(sc, 25, sc->bbp25); 4312 run_bbp_write(sc, 26, sc->bbp26); 4313 } else { 4314 /* enable IQ phase correction */ 4315 run_bbp_write(sc, 25, 0x09); 4316 run_bbp_write(sc, 26, 0xff); 4317 } 4318 4319 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4320 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4321 run_rt3070_rf_read(sc, 6, &rf); 4322 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4323 rf |= (chan <= 14) ? 0x08 : 0x04; 4324 run_rt3070_rf_write(sc, 6, rf); 4325 4326 /* set PLL mode */ 4327 run_rt3070_rf_read(sc, 5, &rf); 4328 rf &= ~(0x08 | 0x04); 4329 rf |= (chan <= 14) ? 0x04 : 0x08; 4330 run_rt3070_rf_write(sc, 5, rf); 4331 4332 /* set Tx power for chain 0 */ 4333 if (chan <= 14) 4334 rf = 0x60 | txpow1; 4335 else 4336 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4337 run_rt3070_rf_write(sc, 12, rf); 4338 4339 /* set Tx power for chain 1 */ 4340 if (chan <= 14) 4341 rf = 0x60 | txpow2; 4342 else 4343 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4344 run_rt3070_rf_write(sc, 13, rf); 4345 4346 /* set Tx/Rx streams */ 4347 run_rt3070_rf_read(sc, 1, &rf); 4348 rf &= ~0xfc; 4349 if (sc->ntxchains == 1) 4350 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4351 else if (sc->ntxchains == 2) 4352 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4353 if (sc->nrxchains == 1) 4354 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4355 else if (sc->nrxchains == 2) 4356 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4357 run_rt3070_rf_write(sc, 1, rf); 4358 4359 /* set RF offset */ 4360 run_rt3070_rf_read(sc, 23, &rf); 4361 rf = (rf & ~0x7f) | sc->freq; 4362 run_rt3070_rf_write(sc, 23, rf); 4363 4364 /* program RF filter */ 4365 rf = sc->rf24_20mhz; 4366 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4367 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4368 4369 /* enable RF tuning */ 4370 run_rt3070_rf_read(sc, 7, &rf); 4371 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4372 run_rt3070_rf_write(sc, 7, rf); 4373 4374 /* TSSI */ 4375 rf = (chan <= 14) ? 0xc3 : 0xc0; 4376 run_rt3070_rf_write(sc, 9, rf); 4377 4378 /* set loop filter 1 */ 4379 run_rt3070_rf_write(sc, 10, 0xf1); 4380 /* set loop filter 2 */ 4381 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4382 4383 /* set tx_mx2_ic */ 4384 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4385 /* set tx_mx1_ic */ 4386 if (chan <= 14) 4387 rf = 0x48 | sc->txmixgain_2ghz; 4388 else 4389 rf = 0x78 | sc->txmixgain_5ghz; 4390 run_rt3070_rf_write(sc, 16, rf); 4391 4392 /* set tx_lo1 */ 4393 run_rt3070_rf_write(sc, 17, 0x23); 4394 /* set tx_lo2 */ 4395 if (chan <= 14) 4396 rf = 0x93; 4397 else if (chan <= 64) 4398 rf = 0xb7; 4399 else if (chan <= 128) 4400 rf = 0x74; 4401 else 4402 rf = 0x72; 4403 run_rt3070_rf_write(sc, 19, rf); 4404 4405 /* set rx_lo1 */ 4406 if (chan <= 14) 4407 rf = 0xb3; 4408 else if (chan <= 64) 4409 rf = 0xf6; 4410 else if (chan <= 128) 4411 rf = 0xf4; 4412 else 4413 rf = 0xf3; 4414 run_rt3070_rf_write(sc, 20, rf); 4415 4416 /* set pfd_delay */ 4417 if (chan <= 14) 4418 rf = 0x15; 4419 else if (chan <= 64) 4420 rf = 0x3d; 4421 else 4422 rf = 0x01; 4423 run_rt3070_rf_write(sc, 25, rf); 4424 4425 /* set rx_lo2 */ 4426 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4427 /* set ldo_rf_vc */ 4428 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4429 /* set drv_cc */ 4430 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4431 4432 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4433 tmp &= ~0x8080; 4434 if (chan <= 14) 4435 tmp |= 0x80; 4436 run_write(sc, RT2860_GPIO_CTRL, tmp); 4437 4438 /* enable RF tuning */ 4439 run_rt3070_rf_read(sc, 7, &rf); 4440 run_rt3070_rf_write(sc, 7, rf | 0x01); 4441 4442 run_delay(sc, 2); 4443} 4444 4445static void 4446run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4447{ 4448 int8_t txpow1, txpow2, txpow3; 4449 uint8_t h20mhz, rf; 4450 int i; 4451 4452 /* find the settings for this channel (we know it exists) */ 4453 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4454 4455 /* use Tx power values from EEPROM */ 4456 txpow1 = sc->txpow1[i]; 4457 txpow2 = sc->txpow2[i]; 4458 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4459 4460 if (chan <= 14) { 4461 run_bbp_write(sc, 25, sc->bbp25); 4462 run_bbp_write(sc, 26, sc->bbp26); 4463 } else { 4464 /* Enable IQ phase correction. */ 4465 run_bbp_write(sc, 25, 0x09); 4466 run_bbp_write(sc, 26, 0xff); 4467 } 4468 4469 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4470 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4471 run_rt3070_rf_read(sc, 11, &rf); 4472 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4473 run_rt3070_rf_write(sc, 11, rf); 4474 4475 /* Set pll_idoh. */ 4476 run_rt3070_rf_read(sc, 11, &rf); 4477 rf &= ~0x4c; 4478 rf |= (chan <= 14) ? 0x44 : 0x48; 4479 run_rt3070_rf_write(sc, 11, rf); 4480 4481 if (chan <= 14) 4482 rf = txpow1 & 0x1f; 4483 else 4484 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4485 run_rt3070_rf_write(sc, 53, rf); 4486 4487 if (chan <= 14) 4488 rf = txpow2 & 0x1f; 4489 else 4490 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4491 run_rt3070_rf_write(sc, 55, rf); 4492 4493 if (chan <= 14) 4494 rf = txpow3 & 0x1f; 4495 else 4496 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4497 run_rt3070_rf_write(sc, 54, rf); 4498 4499 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4500 if (sc->ntxchains == 3) 4501 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4502 else 4503 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4504 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4505 run_rt3070_rf_write(sc, 1, rf); 4506 4507 run_adjust_freq_offset(sc); 4508 4509 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4510 4511 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4512 run_rt3070_rf_read(sc, 30, &rf); 4513 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4514 run_rt3070_rf_write(sc, 30, rf); 4515 4516 run_rt3070_rf_read(sc, 36, &rf); 4517 if (chan <= 14) 4518 rf |= 0x80; 4519 else 4520 rf &= ~0x80; 4521 run_rt3070_rf_write(sc, 36, rf); 4522 4523 /* Set vcolo_bs. */ 4524 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4525 /* Set pfd_delay. */ 4526 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4527 4528 /* Set vco bias current control. */ 4529 run_rt3070_rf_read(sc, 6, &rf); 4530 rf &= ~0xc0; 4531 if (chan <= 14) 4532 rf |= 0x40; 4533 else if (chan <= 128) 4534 rf |= 0x80; 4535 else 4536 rf |= 0x40; 4537 run_rt3070_rf_write(sc, 6, rf); 4538 4539 run_rt3070_rf_read(sc, 30, &rf); 4540 rf = (rf & ~0x18) | 0x10; 4541 run_rt3070_rf_write(sc, 30, rf); 4542 4543 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4544 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4545 4546 run_rt3070_rf_read(sc, 51, &rf); 4547 rf = (rf & ~0x03) | 0x01; 4548 run_rt3070_rf_write(sc, 51, rf); 4549 /* Set tx_mx1_cc. */ 4550 run_rt3070_rf_read(sc, 51, &rf); 4551 rf &= ~0x1c; 4552 rf |= (chan <= 14) ? 0x14 : 0x10; 4553 run_rt3070_rf_write(sc, 51, rf); 4554 /* Set tx_mx1_ic. */ 4555 run_rt3070_rf_read(sc, 51, &rf); 4556 rf &= ~0xe0; 4557 rf |= (chan <= 14) ? 0x60 : 0x40; 4558 run_rt3070_rf_write(sc, 51, rf); 4559 /* Set tx_lo1_ic. */ 4560 run_rt3070_rf_read(sc, 49, &rf); 4561 rf &= ~0x1c; 4562 rf |= (chan <= 14) ? 0x0c : 0x08; 4563 run_rt3070_rf_write(sc, 49, rf); 4564 /* Set tx_lo1_en. */ 4565 run_rt3070_rf_read(sc, 50, &rf); 4566 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4567 /* Set drv_cc. */ 4568 run_rt3070_rf_read(sc, 57, &rf); 4569 rf &= ~0xfc; 4570 rf |= (chan <= 14) ? 0x6c : 0x3c; 4571 run_rt3070_rf_write(sc, 57, rf); 4572 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4573 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4574 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4575 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4576 /* Enable VCO calibration. */ 4577 run_rt3070_rf_read(sc, 3, &rf); 4578 rf &= ~RT5390_VCOCAL; 4579 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4580 run_rt3070_rf_write(sc, 3, rf); 4581 4582 if (chan <= 14) 4583 rf = 0x23; 4584 else if (chan <= 64) 4585 rf = 0x36; 4586 else if (chan <= 128) 4587 rf = 0x32; 4588 else 4589 rf = 0x30; 4590 run_rt3070_rf_write(sc, 39, rf); 4591 if (chan <= 14) 4592 rf = 0xbb; 4593 else if (chan <= 64) 4594 rf = 0xeb; 4595 else if (chan <= 128) 4596 rf = 0xb3; 4597 else 4598 rf = 0x9b; 4599 run_rt3070_rf_write(sc, 45, rf); 4600 4601 /* Set FEQ/AEQ control. */ 4602 run_bbp_write(sc, 105, 0x34); 4603} 4604 4605static void 4606run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4607{ 4608 int8_t txpow1, txpow2; 4609 uint8_t rf; 4610 int i; 4611 4612 /* find the settings for this channel (we know it exists) */ 4613 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4614 4615 /* use Tx power values from EEPROM */ 4616 txpow1 = sc->txpow1[i]; 4617 txpow2 = sc->txpow2[i]; 4618 4619 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4620 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4621 run_rt3070_rf_read(sc, 11, &rf); 4622 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4623 run_rt3070_rf_write(sc, 11, rf); 4624 4625 run_rt3070_rf_read(sc, 49, &rf); 4626 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4627 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4628 if ((rf & 0x3f) > 0x27) 4629 rf = (rf & ~0x3f) | 0x27; 4630 run_rt3070_rf_write(sc, 49, rf); 4631 4632 if (sc->mac_ver == 0x5392) { 4633 run_rt3070_rf_read(sc, 50, &rf); 4634 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4635 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4636 if ((rf & 0x3f) > 0x27) 4637 rf = (rf & ~0x3f) | 0x27; 4638 run_rt3070_rf_write(sc, 50, rf); 4639 } 4640 4641 run_rt3070_rf_read(sc, 1, &rf); 4642 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4643 if (sc->mac_ver == 0x5392) 4644 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4645 run_rt3070_rf_write(sc, 1, rf); 4646 4647 if (sc->mac_ver != 0x5392) { 4648 run_rt3070_rf_read(sc, 2, &rf); 4649 rf |= 0x80; 4650 run_rt3070_rf_write(sc, 2, rf); 4651 run_delay(sc, 10); 4652 rf &= 0x7f; 4653 run_rt3070_rf_write(sc, 2, rf); 4654 } 4655 4656 run_adjust_freq_offset(sc); 4657 4658 if (sc->mac_ver == 0x5392) { 4659 /* Fix for RT5392C. */ 4660 if (sc->mac_rev >= 0x0223) { 4661 if (chan <= 4) 4662 rf = 0x0f; 4663 else if (chan >= 5 && chan <= 7) 4664 rf = 0x0e; 4665 else 4666 rf = 0x0d; 4667 run_rt3070_rf_write(sc, 23, rf); 4668 4669 if (chan <= 4) 4670 rf = 0x0c; 4671 else if (chan == 5) 4672 rf = 0x0b; 4673 else if (chan >= 6 && chan <= 7) 4674 rf = 0x0a; 4675 else if (chan >= 8 && chan <= 10) 4676 rf = 0x09; 4677 else 4678 rf = 0x08; 4679 run_rt3070_rf_write(sc, 59, rf); 4680 } else { 4681 if (chan <= 11) 4682 rf = 0x0f; 4683 else 4684 rf = 0x0b; 4685 run_rt3070_rf_write(sc, 59, rf); 4686 } 4687 } else { 4688 /* Fix for RT5390F. */ 4689 if (sc->mac_rev >= 0x0502) { 4690 if (chan <= 11) 4691 rf = 0x43; 4692 else 4693 rf = 0x23; 4694 run_rt3070_rf_write(sc, 55, rf); 4695 4696 if (chan <= 11) 4697 rf = 0x0f; 4698 else if (chan == 12) 4699 rf = 0x0d; 4700 else 4701 rf = 0x0b; 4702 run_rt3070_rf_write(sc, 59, rf); 4703 } else { 4704 run_rt3070_rf_write(sc, 55, 0x44); 4705 run_rt3070_rf_write(sc, 59, 0x8f); 4706 } 4707 } 4708 4709 /* Enable VCO calibration. */ 4710 run_rt3070_rf_read(sc, 3, &rf); 4711 rf |= RT5390_VCOCAL; 4712 run_rt3070_rf_write(sc, 3, rf); 4713} 4714 4715static void 4716run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4717{ 4718 const struct rt5592_freqs *freqs; 4719 uint32_t tmp; 4720 uint8_t reg, rf, txpow_bound; 4721 int8_t txpow1, txpow2; 4722 int i; 4723 4724 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4725 freqs = (tmp & RT5592_SEL_XTAL) ? 4726 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4727 4728 /* find the settings for this channel (we know it exists) */ 4729 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4730 4731 /* use Tx power values from EEPROM */ 4732 txpow1 = sc->txpow1[i]; 4733 txpow2 = sc->txpow2[i]; 4734 4735 run_read(sc, RT3070_LDO_CFG0, &tmp); 4736 tmp &= ~0x1c000000; 4737 if (chan > 14) 4738 tmp |= 0x14000000; 4739 run_write(sc, RT3070_LDO_CFG0, tmp); 4740 4741 /* N setting. */ 4742 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4743 run_rt3070_rf_read(sc, 9, &rf); 4744 rf &= ~(1 << 4); 4745 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4746 run_rt3070_rf_write(sc, 9, rf); 4747 4748 /* K setting. */ 4749 run_rt3070_rf_read(sc, 9, &rf); 4750 rf &= ~0x0f; 4751 rf |= (freqs->k & 0x0f); 4752 run_rt3070_rf_write(sc, 9, rf); 4753 4754 /* Mode setting. */ 4755 run_rt3070_rf_read(sc, 11, &rf); 4756 rf &= ~0x0c; 4757 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4758 run_rt3070_rf_write(sc, 11, rf); 4759 run_rt3070_rf_read(sc, 9, &rf); 4760 rf &= ~(1 << 7); 4761 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4762 run_rt3070_rf_write(sc, 9, rf); 4763 4764 /* R setting. */ 4765 run_rt3070_rf_read(sc, 11, &rf); 4766 rf &= ~0x03; 4767 rf |= (freqs->r - 0x1); 4768 run_rt3070_rf_write(sc, 11, rf); 4769 4770 if (chan <= 14) { 4771 /* Initialize RF registers for 2GHZ. */ 4772 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4773 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4774 rt5592_2ghz_def_rf[i].val); 4775 } 4776 4777 rf = (chan <= 10) ? 0x07 : 0x06; 4778 run_rt3070_rf_write(sc, 23, rf); 4779 run_rt3070_rf_write(sc, 59, rf); 4780 4781 run_rt3070_rf_write(sc, 55, 0x43); 4782 4783 /* 4784 * RF R49/R50 Tx power ALC code. 4785 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4786 */ 4787 reg = 2; 4788 txpow_bound = 0x27; 4789 } else { 4790 /* Initialize RF registers for 5GHZ. */ 4791 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4792 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4793 rt5592_5ghz_def_rf[i].val); 4794 } 4795 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4796 if (chan >= rt5592_chan_5ghz[i].firstchan && 4797 chan <= rt5592_chan_5ghz[i].lastchan) { 4798 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4799 rt5592_chan_5ghz[i].val); 4800 } 4801 } 4802 4803 /* 4804 * RF R49/R50 Tx power ALC code. 4805 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4806 */ 4807 reg = 3; 4808 txpow_bound = 0x2b; 4809 } 4810 4811 /* RF R49 ch0 Tx power ALC code. */ 4812 run_rt3070_rf_read(sc, 49, &rf); 4813 rf &= ~0xc0; 4814 rf |= (reg << 6); 4815 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4816 if ((rf & 0x3f) > txpow_bound) 4817 rf = (rf & ~0x3f) | txpow_bound; 4818 run_rt3070_rf_write(sc, 49, rf); 4819 4820 /* RF R50 ch1 Tx power ALC code. */ 4821 run_rt3070_rf_read(sc, 50, &rf); 4822 rf &= ~(1 << 7 | 1 << 6); 4823 rf |= (reg << 6); 4824 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4825 if ((rf & 0x3f) > txpow_bound) 4826 rf = (rf & ~0x3f) | txpow_bound; 4827 run_rt3070_rf_write(sc, 50, rf); 4828 4829 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4830 run_rt3070_rf_read(sc, 1, &rf); 4831 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4832 if (sc->ntxchains > 1) 4833 rf |= RT3070_TX1_PD; 4834 if (sc->nrxchains > 1) 4835 rf |= RT3070_RX1_PD; 4836 run_rt3070_rf_write(sc, 1, rf); 4837 4838 run_rt3070_rf_write(sc, 6, 0xe4); 4839 4840 run_rt3070_rf_write(sc, 30, 0x10); 4841 run_rt3070_rf_write(sc, 31, 0x80); 4842 run_rt3070_rf_write(sc, 32, 0x80); 4843 4844 run_adjust_freq_offset(sc); 4845 4846 /* Enable VCO calibration. */ 4847 run_rt3070_rf_read(sc, 3, &rf); 4848 rf |= RT5390_VCOCAL; 4849 run_rt3070_rf_write(sc, 3, rf); 4850} 4851 4852static void 4853run_set_rx_antenna(struct run_softc *sc, int aux) 4854{ 4855 uint32_t tmp; 4856 uint8_t bbp152; 4857 4858 if (aux) { 4859 if (sc->rf_rev == RT5390_RF_5370) { 4860 run_bbp_read(sc, 152, &bbp152); 4861 run_bbp_write(sc, 152, bbp152 & ~0x80); 4862 } else { 4863 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4864 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4865 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4866 } 4867 } else { 4868 if (sc->rf_rev == RT5390_RF_5370) { 4869 run_bbp_read(sc, 152, &bbp152); 4870 run_bbp_write(sc, 152, bbp152 | 0x80); 4871 } else { 4872 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4873 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4874 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4875 } 4876 } 4877} 4878 4879static int 4880run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4881{ 4882 struct ieee80211com *ic = &sc->sc_ic; 4883 u_int chan, group; 4884 4885 chan = ieee80211_chan2ieee(ic, c); 4886 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4887 return (EINVAL); 4888 4889 if (sc->mac_ver == 0x5592) 4890 run_rt5592_set_chan(sc, chan); 4891 else if (sc->mac_ver >= 0x5390) 4892 run_rt5390_set_chan(sc, chan); 4893 else if (sc->mac_ver == 0x3593) 4894 run_rt3593_set_chan(sc, chan); 4895 else if (sc->mac_ver == 0x3572) 4896 run_rt3572_set_chan(sc, chan); 4897 else if (sc->mac_ver >= 0x3070) 4898 run_rt3070_set_chan(sc, chan); 4899 else 4900 run_rt2870_set_chan(sc, chan); 4901 4902 /* determine channel group */ 4903 if (chan <= 14) 4904 group = 0; 4905 else if (chan <= 64) 4906 group = 1; 4907 else if (chan <= 128) 4908 group = 2; 4909 else 4910 group = 3; 4911 4912 /* XXX necessary only when group has changed! */ 4913 run_select_chan_group(sc, group); 4914 4915 run_delay(sc, 10); 4916 4917 /* Perform IQ calibration. */ 4918 if (sc->mac_ver >= 0x5392) 4919 run_iq_calib(sc, chan); 4920 4921 return (0); 4922} 4923 4924static void 4925run_set_channel(struct ieee80211com *ic) 4926{ 4927 struct run_softc *sc = ic->ic_softc; 4928 4929 RUN_LOCK(sc); 4930 run_set_chan(sc, ic->ic_curchan); 4931 RUN_UNLOCK(sc); 4932 4933 return; 4934} 4935 4936static void 4937run_getradiocaps(struct ieee80211com *ic, 4938 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4939{ 4940 struct run_softc *sc = ic->ic_softc; 4941 uint8_t bands[IEEE80211_MODE_BYTES]; 4942 4943 memset(bands, 0, sizeof(bands)); 4944 setbit(bands, IEEE80211_MODE_11B); 4945 setbit(bands, IEEE80211_MODE_11G); 4946 if (sc->rf_rev != RT3070_RF_2020) 4947 setbit(bands, IEEE80211_MODE_11NG); 4948 4949 /* Note: for now, only support HT20 channels */ 4950 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4951 4952 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4953 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4954 sc->rf_rev == RT5592_RF_5592) { 4955 setbit(bands, IEEE80211_MODE_11A); 4956 if (sc->rf_rev != RT3070_RF_2020) 4957 setbit(bands, IEEE80211_MODE_11NA); 4958 /* Note: for now, only support HT20 channels */ 4959 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4960 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4961 } 4962} 4963 4964static void 4965run_scan_start(struct ieee80211com *ic) 4966{ 4967 struct run_softc *sc = ic->ic_softc; 4968 4969 RUN_LOCK(sc); 4970 4971 /* abort TSF synchronization */ 4972 run_disable_tsf(sc); 4973 run_set_bssid(sc, ieee80211broadcastaddr); 4974 4975 RUN_UNLOCK(sc); 4976 4977 return; 4978} 4979 4980static void 4981run_scan_end(struct ieee80211com *ic) 4982{ 4983 struct run_softc *sc = ic->ic_softc; 4984 4985 RUN_LOCK(sc); 4986 4987 run_enable_tsf_sync(sc); 4988 run_set_bssid(sc, sc->sc_bssid); 4989 4990 RUN_UNLOCK(sc); 4991 4992 return; 4993} 4994 4995/* 4996 * Could be called from ieee80211_node_timeout() 4997 * (non-sleepable thread) 4998 */ 4999static void 5000run_update_beacon(struct ieee80211vap *vap, int item) 5001{ 5002 struct ieee80211com *ic = vap->iv_ic; 5003 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 5004 struct ieee80211_node *ni = vap->iv_bss; 5005 struct run_softc *sc = ic->ic_softc; 5006 struct run_vap *rvp = RUN_VAP(vap); 5007 int mcast = 0; 5008 uint32_t i; 5009 5010 switch (item) { 5011 case IEEE80211_BEACON_ERP: 5012 run_updateslot(ic); 5013 break; 5014 case IEEE80211_BEACON_HTINFO: 5015 run_updateprot(ic); 5016 break; 5017 case IEEE80211_BEACON_TIM: 5018 mcast = 1; /*TODO*/ 5019 break; 5020 default: 5021 break; 5022 } 5023 5024 setbit(bo->bo_flags, item); 5025 if (rvp->beacon_mbuf == NULL) { 5026 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5027 if (rvp->beacon_mbuf == NULL) 5028 return; 5029 } 5030 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 5031 5032 i = RUN_CMDQ_GET(&sc->cmdq_store); 5033 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5034 sc->cmdq[i].func = run_update_beacon_cb; 5035 sc->cmdq[i].arg0 = vap; 5036 ieee80211_runtask(ic, &sc->cmdq_task); 5037 5038 return; 5039} 5040 5041static void 5042run_update_beacon_cb(void *arg) 5043{ 5044 struct ieee80211vap *vap = arg; 5045 struct ieee80211_node *ni = vap->iv_bss; 5046 struct run_vap *rvp = RUN_VAP(vap); 5047 struct ieee80211com *ic = vap->iv_ic; 5048 struct run_softc *sc = ic->ic_softc; 5049 struct rt2860_txwi txwi; 5050 struct mbuf *m; 5051 uint16_t txwisize; 5052 uint8_t ridx; 5053 5054 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 5055 return; 5056 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 5057 return; 5058 5059 /* 5060 * No need to call ieee80211_beacon_update(), run_update_beacon() 5061 * is taking care of appropriate calls. 5062 */ 5063 if (rvp->beacon_mbuf == NULL) { 5064 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 5065 if (rvp->beacon_mbuf == NULL) 5066 return; 5067 } 5068 m = rvp->beacon_mbuf; 5069 5070 memset(&txwi, 0, sizeof(txwi)); 5071 txwi.wcid = 0xff; 5072 txwi.len = htole16(m->m_pkthdr.len); 5073 5074 /* send beacons at the lowest available rate */ 5075 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 5076 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 5077 txwi.phy = htole16(rt2860_rates[ridx].mcs); 5078 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 5079 txwi.phy |= htole16(RT2860_PHY_OFDM); 5080 txwi.txop = RT2860_TX_TXOP_HT; 5081 txwi.flags = RT2860_TX_TS; 5082 txwi.xflags = RT2860_TX_NSEQ; 5083 5084 txwisize = (sc->mac_ver == 0x5592) ? 5085 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 5086 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 5087 txwisize); 5088 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 5089 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 5090} 5091 5092static void 5093run_updateprot(struct ieee80211com *ic) 5094{ 5095 struct run_softc *sc = ic->ic_softc; 5096 uint32_t i; 5097 5098 i = RUN_CMDQ_GET(&sc->cmdq_store); 5099 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5100 sc->cmdq[i].func = run_updateprot_cb; 5101 sc->cmdq[i].arg0 = ic; 5102 ieee80211_runtask(ic, &sc->cmdq_task); 5103} 5104 5105static void 5106run_updateprot_cb(void *arg) 5107{ 5108 struct ieee80211com *ic = arg; 5109 struct run_softc *sc = ic->ic_softc; 5110 uint32_t tmp; 5111 5112 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5113 /* setup protection frame rate (MCS code) */ 5114 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5115 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5116 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5117 5118 /* CCK frames don't require protection */ 5119 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5120 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5121 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5122 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5123 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5124 tmp |= RT2860_PROT_CTRL_CTS; 5125 } 5126 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5127} 5128 5129static void 5130run_usb_timeout_cb(void *arg) 5131{ 5132 struct ieee80211vap *vap = arg; 5133 struct run_softc *sc = vap->iv_ic->ic_softc; 5134 5135 RUN_LOCK_ASSERT(sc, MA_OWNED); 5136 5137 if(vap->iv_state == IEEE80211_S_RUN && 5138 vap->iv_opmode != IEEE80211_M_STA) 5139 run_reset_livelock(sc); 5140 else if (vap->iv_state == IEEE80211_S_SCAN) { 5141 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5142 "timeout caused by scan\n"); 5143 /* cancel bgscan */ 5144 ieee80211_cancel_scan(vap); 5145 } else 5146 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5147 "timeout by unknown cause\n"); 5148} 5149 5150static void 5151run_reset_livelock(struct run_softc *sc) 5152{ 5153 uint32_t tmp; 5154 5155 RUN_LOCK_ASSERT(sc, MA_OWNED); 5156 5157 /* 5158 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5159 * can run into a livelock and start sending CTS-to-self frames like 5160 * crazy if protection is enabled. Reset MAC/BBP for a while 5161 */ 5162 run_read(sc, RT2860_DEBUG, &tmp); 5163 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5164 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5165 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5166 "CTS-to-self livelock detected\n"); 5167 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5168 run_delay(sc, 1); 5169 run_write(sc, RT2860_MAC_SYS_CTRL, 5170 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5171 } 5172} 5173 5174static void 5175run_update_promisc_locked(struct run_softc *sc) 5176{ 5177 uint32_t tmp; 5178 5179 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5180 5181 tmp |= RT2860_DROP_UC_NOME; 5182 if (sc->sc_ic.ic_promisc > 0) 5183 tmp &= ~RT2860_DROP_UC_NOME; 5184 5185 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5186 5187 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5188 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5189} 5190 5191static void 5192run_update_promisc(struct ieee80211com *ic) 5193{ 5194 struct run_softc *sc = ic->ic_softc; 5195 5196 if ((sc->sc_flags & RUN_RUNNING) == 0) 5197 return; 5198 5199 RUN_LOCK(sc); 5200 run_update_promisc_locked(sc); 5201 RUN_UNLOCK(sc); 5202} 5203 5204static void 5205run_enable_tsf_sync(struct run_softc *sc) 5206{ 5207 struct ieee80211com *ic = &sc->sc_ic; 5208 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5209 uint32_t tmp; 5210 5211 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5212 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5213 5214 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5215 tmp &= ~0x1fffff; 5216 tmp |= vap->iv_bss->ni_intval * 16; 5217 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5218 5219 if (ic->ic_opmode == IEEE80211_M_STA) { 5220 /* 5221 * Local TSF is always updated with remote TSF on beacon 5222 * reception. 5223 */ 5224 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5225 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5226 tmp |= RT2860_BCN_TX_EN; 5227 /* 5228 * Local TSF is updated with remote TSF on beacon reception 5229 * only if the remote TSF is greater than local TSF. 5230 */ 5231 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5232 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5233 ic->ic_opmode == IEEE80211_M_MBSS) { 5234 tmp |= RT2860_BCN_TX_EN; 5235 /* SYNC with nobody */ 5236 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5237 } else { 5238 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5239 "Enabling TSF failed. undefined opmode\n"); 5240 return; 5241 } 5242 5243 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5244} 5245 5246static void 5247run_enable_tsf(struct run_softc *sc) 5248{ 5249 uint32_t tmp; 5250 5251 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5252 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5253 tmp |= RT2860_TSF_TIMER_EN; 5254 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5255 } 5256} 5257 5258static void 5259run_disable_tsf(struct run_softc *sc) 5260{ 5261 uint32_t tmp; 5262 5263 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5264 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5265 RT2860_TBTT_TIMER_EN); 5266 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5267 } 5268} 5269 5270static void 5271run_get_tsf(struct run_softc *sc, uint64_t *buf) 5272{ 5273 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5274 sizeof(*buf)); 5275} 5276 5277static void 5278run_enable_mrr(struct run_softc *sc) 5279{ 5280#define CCK(mcs) (mcs) 5281#define OFDM(mcs) (1 << 3 | (mcs)) 5282 run_write(sc, RT2860_LG_FBK_CFG0, 5283 OFDM(6) << 28 | /* 54->48 */ 5284 OFDM(5) << 24 | /* 48->36 */ 5285 OFDM(4) << 20 | /* 36->24 */ 5286 OFDM(3) << 16 | /* 24->18 */ 5287 OFDM(2) << 12 | /* 18->12 */ 5288 OFDM(1) << 8 | /* 12-> 9 */ 5289 OFDM(0) << 4 | /* 9-> 6 */ 5290 OFDM(0)); /* 6-> 6 */ 5291 5292 run_write(sc, RT2860_LG_FBK_CFG1, 5293 CCK(2) << 12 | /* 11->5.5 */ 5294 CCK(1) << 8 | /* 5.5-> 2 */ 5295 CCK(0) << 4 | /* 2-> 1 */ 5296 CCK(0)); /* 1-> 1 */ 5297#undef OFDM 5298#undef CCK 5299} 5300 5301static void 5302run_set_txpreamble(struct run_softc *sc) 5303{ 5304 struct ieee80211com *ic = &sc->sc_ic; 5305 uint32_t tmp; 5306 5307 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5308 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5309 tmp |= RT2860_CCK_SHORT_EN; 5310 else 5311 tmp &= ~RT2860_CCK_SHORT_EN; 5312 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5313} 5314 5315static void 5316run_set_basicrates(struct run_softc *sc) 5317{ 5318 struct ieee80211com *ic = &sc->sc_ic; 5319 5320 /* set basic rates mask */ 5321 if (ic->ic_curmode == IEEE80211_MODE_11B) 5322 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5323 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5324 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5325 else /* 11g */ 5326 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5327} 5328 5329static void 5330run_set_leds(struct run_softc *sc, uint16_t which) 5331{ 5332 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5333 which | (sc->leds & 0x7f)); 5334} 5335 5336static void 5337run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5338{ 5339 run_write(sc, RT2860_MAC_BSSID_DW0, 5340 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5341 run_write(sc, RT2860_MAC_BSSID_DW1, 5342 bssid[4] | bssid[5] << 8); 5343} 5344 5345static void 5346run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5347{ 5348 run_write(sc, RT2860_MAC_ADDR_DW0, 5349 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5350 run_write(sc, RT2860_MAC_ADDR_DW1, 5351 addr[4] | addr[5] << 8 | 0xff << 16); 5352} 5353 5354static void 5355run_updateslot(struct ieee80211com *ic) 5356{ 5357 struct run_softc *sc = ic->ic_softc; 5358 uint32_t i; 5359 5360 i = RUN_CMDQ_GET(&sc->cmdq_store); 5361 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5362 sc->cmdq[i].func = run_updateslot_cb; 5363 sc->cmdq[i].arg0 = ic; 5364 ieee80211_runtask(ic, &sc->cmdq_task); 5365 5366 return; 5367} 5368 5369/* ARGSUSED */ 5370static void 5371run_updateslot_cb(void *arg) 5372{ 5373 struct ieee80211com *ic = arg; 5374 struct run_softc *sc = ic->ic_softc; 5375 uint32_t tmp; 5376 5377 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5378 tmp &= ~0xff; 5379 tmp |= IEEE80211_GET_SLOTTIME(ic); 5380 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5381} 5382 5383static void 5384run_update_mcast(struct ieee80211com *ic) 5385{ 5386} 5387 5388static int8_t 5389run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5390{ 5391 struct ieee80211com *ic = &sc->sc_ic; 5392 struct ieee80211_channel *c = ic->ic_curchan; 5393 int delta; 5394 5395 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5396 u_int chan = ieee80211_chan2ieee(ic, c); 5397 delta = sc->rssi_5ghz[rxchain]; 5398 5399 /* determine channel group */ 5400 if (chan <= 64) 5401 delta -= sc->lna[1]; 5402 else if (chan <= 128) 5403 delta -= sc->lna[2]; 5404 else 5405 delta -= sc->lna[3]; 5406 } else 5407 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5408 5409 return (-12 - delta - rssi); 5410} 5411 5412static void 5413run_rt5390_bbp_init(struct run_softc *sc) 5414{ 5415 u_int i; 5416 uint8_t bbp; 5417 5418 /* Apply maximum likelihood detection for 2 stream case. */ 5419 run_bbp_read(sc, 105, &bbp); 5420 if (sc->nrxchains > 1) 5421 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5422 5423 /* Avoid data lost and CRC error. */ 5424 run_bbp_read(sc, 4, &bbp); 5425 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5426 5427 if (sc->mac_ver == 0x5592) { 5428 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5429 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5430 rt5592_def_bbp[i].val); 5431 } 5432 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5433 run_bbp_write(sc, 195, i + 0x80); 5434 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5435 } 5436 } else { 5437 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5438 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5439 rt5390_def_bbp[i].val); 5440 } 5441 } 5442 if (sc->mac_ver == 0x5392) { 5443 run_bbp_write(sc, 88, 0x90); 5444 run_bbp_write(sc, 95, 0x9a); 5445 run_bbp_write(sc, 98, 0x12); 5446 run_bbp_write(sc, 106, 0x12); 5447 run_bbp_write(sc, 134, 0xd0); 5448 run_bbp_write(sc, 135, 0xf6); 5449 run_bbp_write(sc, 148, 0x84); 5450 } 5451 5452 run_bbp_read(sc, 152, &bbp); 5453 run_bbp_write(sc, 152, bbp | 0x80); 5454 5455 /* Fix BBP254 for RT5592C. */ 5456 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5457 run_bbp_read(sc, 254, &bbp); 5458 run_bbp_write(sc, 254, bbp | 0x80); 5459 } 5460 5461 /* Disable hardware antenna diversity. */ 5462 if (sc->mac_ver == 0x5390) 5463 run_bbp_write(sc, 154, 0); 5464 5465 /* Initialize Rx CCK/OFDM frequency offset report. */ 5466 run_bbp_write(sc, 142, 1); 5467 run_bbp_write(sc, 143, 57); 5468} 5469 5470static int 5471run_bbp_init(struct run_softc *sc) 5472{ 5473 int i, error, ntries; 5474 uint8_t bbp0; 5475 5476 /* wait for BBP to wake up */ 5477 for (ntries = 0; ntries < 20; ntries++) { 5478 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5479 return error; 5480 if (bbp0 != 0 && bbp0 != 0xff) 5481 break; 5482 } 5483 if (ntries == 20) 5484 return (ETIMEDOUT); 5485 5486 /* initialize BBP registers to default values */ 5487 if (sc->mac_ver >= 0x5390) 5488 run_rt5390_bbp_init(sc); 5489 else { 5490 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5491 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5492 rt2860_def_bbp[i].val); 5493 } 5494 } 5495 5496 if (sc->mac_ver == 0x3593) { 5497 run_bbp_write(sc, 79, 0x13); 5498 run_bbp_write(sc, 80, 0x05); 5499 run_bbp_write(sc, 81, 0x33); 5500 run_bbp_write(sc, 86, 0x46); 5501 run_bbp_write(sc, 137, 0x0f); 5502 } 5503 5504 /* fix BBP84 for RT2860E */ 5505 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5506 run_bbp_write(sc, 84, 0x19); 5507 5508 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5509 sc->mac_ver != 0x5592)) { 5510 run_bbp_write(sc, 79, 0x13); 5511 run_bbp_write(sc, 80, 0x05); 5512 run_bbp_write(sc, 81, 0x33); 5513 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5514 run_bbp_write(sc, 69, 0x16); 5515 run_bbp_write(sc, 73, 0x12); 5516 } 5517 return (0); 5518} 5519 5520static int 5521run_rt3070_rf_init(struct run_softc *sc) 5522{ 5523 uint32_t tmp; 5524 uint8_t bbp4, mingain, rf, target; 5525 u_int i; 5526 5527 run_rt3070_rf_read(sc, 30, &rf); 5528 /* toggle RF R30 bit 7 */ 5529 run_rt3070_rf_write(sc, 30, rf | 0x80); 5530 run_delay(sc, 10); 5531 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5532 5533 /* initialize RF registers to default value */ 5534 if (sc->mac_ver == 0x3572) { 5535 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5536 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5537 rt3572_def_rf[i].val); 5538 } 5539 } else { 5540 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5541 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5542 rt3070_def_rf[i].val); 5543 } 5544 } 5545 5546 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5547 /* 5548 * Change voltage from 1.2V to 1.35V for RT3070. 5549 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5550 * in RT3070(F). 5551 */ 5552 run_read(sc, RT3070_LDO_CFG0, &tmp); 5553 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5554 run_write(sc, RT3070_LDO_CFG0, tmp); 5555 5556 } else if (sc->mac_ver == 0x3071) { 5557 run_rt3070_rf_read(sc, 6, &rf); 5558 run_rt3070_rf_write(sc, 6, rf | 0x40); 5559 run_rt3070_rf_write(sc, 31, 0x14); 5560 5561 run_read(sc, RT3070_LDO_CFG0, &tmp); 5562 tmp &= ~0x1f000000; 5563 if (sc->mac_rev < 0x0211) 5564 tmp |= 0x0d000000; /* 1.3V */ 5565 else 5566 tmp |= 0x01000000; /* 1.2V */ 5567 run_write(sc, RT3070_LDO_CFG0, tmp); 5568 5569 /* patch LNA_PE_G1 */ 5570 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5571 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5572 5573 } else if (sc->mac_ver == 0x3572) { 5574 run_rt3070_rf_read(sc, 6, &rf); 5575 run_rt3070_rf_write(sc, 6, rf | 0x40); 5576 5577 /* increase voltage from 1.2V to 1.35V */ 5578 run_read(sc, RT3070_LDO_CFG0, &tmp); 5579 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5580 run_write(sc, RT3070_LDO_CFG0, tmp); 5581 5582 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5583 run_delay(sc, 1); /* wait for 1msec */ 5584 /* decrease voltage back to 1.2V */ 5585 tmp = (tmp & ~0x1f000000) | 0x01000000; 5586 run_write(sc, RT3070_LDO_CFG0, tmp); 5587 } 5588 } 5589 5590 /* select 20MHz bandwidth */ 5591 run_rt3070_rf_read(sc, 31, &rf); 5592 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5593 5594 /* calibrate filter for 20MHz bandwidth */ 5595 sc->rf24_20mhz = 0x1f; /* default value */ 5596 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5597 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5598 5599 /* select 40MHz bandwidth */ 5600 run_bbp_read(sc, 4, &bbp4); 5601 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5602 run_rt3070_rf_read(sc, 31, &rf); 5603 run_rt3070_rf_write(sc, 31, rf | 0x20); 5604 5605 /* calibrate filter for 40MHz bandwidth */ 5606 sc->rf24_40mhz = 0x2f; /* default value */ 5607 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5608 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5609 5610 /* go back to 20MHz bandwidth */ 5611 run_bbp_read(sc, 4, &bbp4); 5612 run_bbp_write(sc, 4, bbp4 & ~0x18); 5613 5614 if (sc->mac_ver == 0x3572) { 5615 /* save default BBP registers 25 and 26 values */ 5616 run_bbp_read(sc, 25, &sc->bbp25); 5617 run_bbp_read(sc, 26, &sc->bbp26); 5618 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5619 run_rt3070_rf_write(sc, 27, 0x03); 5620 5621 run_read(sc, RT3070_OPT_14, &tmp); 5622 run_write(sc, RT3070_OPT_14, tmp | 1); 5623 5624 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5625 run_rt3070_rf_read(sc, 17, &rf); 5626 rf &= ~RT3070_TX_LO1; 5627 if ((sc->mac_ver == 0x3070 || 5628 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5629 !sc->ext_2ghz_lna) 5630 rf |= 0x20; /* fix for long range Rx issue */ 5631 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5632 if (sc->txmixgain_2ghz >= mingain) 5633 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5634 run_rt3070_rf_write(sc, 17, rf); 5635 } 5636 5637 if (sc->mac_ver == 0x3071) { 5638 run_rt3070_rf_read(sc, 1, &rf); 5639 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5640 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5641 run_rt3070_rf_write(sc, 1, rf); 5642 5643 run_rt3070_rf_read(sc, 15, &rf); 5644 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5645 5646 run_rt3070_rf_read(sc, 20, &rf); 5647 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5648 5649 run_rt3070_rf_read(sc, 21, &rf); 5650 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5651 } 5652 5653 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5654 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5655 run_rt3070_rf_read(sc, 27, &rf); 5656 rf &= ~0x77; 5657 if (sc->mac_rev < 0x0211) 5658 rf |= 0x03; 5659 run_rt3070_rf_write(sc, 27, rf); 5660 } 5661 return (0); 5662} 5663 5664static void 5665run_rt3593_rf_init(struct run_softc *sc) 5666{ 5667 uint32_t tmp; 5668 uint8_t rf; 5669 u_int i; 5670 5671 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5672 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5673 tmp &= ~(1 << 4 | 1 << 7); 5674 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5675 5676 /* Initialize RF registers to default value. */ 5677 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5678 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5679 rt3593_def_rf[i].val); 5680 } 5681 5682 /* Toggle RF R2 to initiate calibration. */ 5683 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5684 5685 /* Initialize RF frequency offset. */ 5686 run_adjust_freq_offset(sc); 5687 5688 run_rt3070_rf_read(sc, 18, &rf); 5689 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5690 5691 /* 5692 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5693 * decrease voltage back to 1.2V. 5694 */ 5695 run_read(sc, RT3070_LDO_CFG0, &tmp); 5696 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5697 run_write(sc, RT3070_LDO_CFG0, tmp); 5698 run_delay(sc, 1); 5699 tmp = (tmp & ~0x1f000000) | 0x01000000; 5700 run_write(sc, RT3070_LDO_CFG0, tmp); 5701 5702 sc->rf24_20mhz = 0x1f; 5703 sc->rf24_40mhz = 0x2f; 5704 5705 /* Save default BBP registers 25 and 26 values. */ 5706 run_bbp_read(sc, 25, &sc->bbp25); 5707 run_bbp_read(sc, 26, &sc->bbp26); 5708 5709 run_read(sc, RT3070_OPT_14, &tmp); 5710 run_write(sc, RT3070_OPT_14, tmp | 1); 5711} 5712 5713static void 5714run_rt5390_rf_init(struct run_softc *sc) 5715{ 5716 uint32_t tmp; 5717 uint8_t rf; 5718 u_int i; 5719 5720 /* Toggle RF R2 to initiate calibration. */ 5721 if (sc->mac_ver == 0x5390) { 5722 run_rt3070_rf_read(sc, 2, &rf); 5723 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5724 run_delay(sc, 10); 5725 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5726 } else { 5727 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5728 run_delay(sc, 10); 5729 } 5730 5731 /* Initialize RF registers to default value. */ 5732 if (sc->mac_ver == 0x5592) { 5733 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5734 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5735 rt5592_def_rf[i].val); 5736 } 5737 /* Initialize RF frequency offset. */ 5738 run_adjust_freq_offset(sc); 5739 } else if (sc->mac_ver == 0x5392) { 5740 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5741 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5742 rt5392_def_rf[i].val); 5743 } 5744 if (sc->mac_rev >= 0x0223) { 5745 run_rt3070_rf_write(sc, 23, 0x0f); 5746 run_rt3070_rf_write(sc, 24, 0x3e); 5747 run_rt3070_rf_write(sc, 51, 0x32); 5748 run_rt3070_rf_write(sc, 53, 0x22); 5749 run_rt3070_rf_write(sc, 56, 0xc1); 5750 run_rt3070_rf_write(sc, 59, 0x0f); 5751 } 5752 } else { 5753 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5754 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5755 rt5390_def_rf[i].val); 5756 } 5757 if (sc->mac_rev >= 0x0502) { 5758 run_rt3070_rf_write(sc, 6, 0xe0); 5759 run_rt3070_rf_write(sc, 25, 0x80); 5760 run_rt3070_rf_write(sc, 46, 0x73); 5761 run_rt3070_rf_write(sc, 53, 0x00); 5762 run_rt3070_rf_write(sc, 56, 0x42); 5763 run_rt3070_rf_write(sc, 61, 0xd1); 5764 } 5765 } 5766 5767 sc->rf24_20mhz = 0x1f; /* default value */ 5768 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5769 5770 if (sc->mac_rev < 0x0211) 5771 run_rt3070_rf_write(sc, 27, 0x3); 5772 5773 run_read(sc, RT3070_OPT_14, &tmp); 5774 run_write(sc, RT3070_OPT_14, tmp | 1); 5775} 5776 5777static int 5778run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5779 uint8_t *val) 5780{ 5781 uint8_t rf22, rf24; 5782 uint8_t bbp55_pb, bbp55_sb, delta; 5783 int ntries; 5784 5785 /* program filter */ 5786 run_rt3070_rf_read(sc, 24, &rf24); 5787 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5788 run_rt3070_rf_write(sc, 24, rf24); 5789 5790 /* enable baseband loopback mode */ 5791 run_rt3070_rf_read(sc, 22, &rf22); 5792 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5793 5794 /* set power and frequency of passband test tone */ 5795 run_bbp_write(sc, 24, 0x00); 5796 for (ntries = 0; ntries < 100; ntries++) { 5797 /* transmit test tone */ 5798 run_bbp_write(sc, 25, 0x90); 5799 run_delay(sc, 10); 5800 /* read received power */ 5801 run_bbp_read(sc, 55, &bbp55_pb); 5802 if (bbp55_pb != 0) 5803 break; 5804 } 5805 if (ntries == 100) 5806 return (ETIMEDOUT); 5807 5808 /* set power and frequency of stopband test tone */ 5809 run_bbp_write(sc, 24, 0x06); 5810 for (ntries = 0; ntries < 100; ntries++) { 5811 /* transmit test tone */ 5812 run_bbp_write(sc, 25, 0x90); 5813 run_delay(sc, 10); 5814 /* read received power */ 5815 run_bbp_read(sc, 55, &bbp55_sb); 5816 5817 delta = bbp55_pb - bbp55_sb; 5818 if (delta > target) 5819 break; 5820 5821 /* reprogram filter */ 5822 rf24++; 5823 run_rt3070_rf_write(sc, 24, rf24); 5824 } 5825 if (ntries < 100) { 5826 if (rf24 != init) 5827 rf24--; /* backtrack */ 5828 *val = rf24; 5829 run_rt3070_rf_write(sc, 24, rf24); 5830 } 5831 5832 /* restore initial state */ 5833 run_bbp_write(sc, 24, 0x00); 5834 5835 /* disable baseband loopback mode */ 5836 run_rt3070_rf_read(sc, 22, &rf22); 5837 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5838 5839 return (0); 5840} 5841 5842static void 5843run_rt3070_rf_setup(struct run_softc *sc) 5844{ 5845 uint8_t bbp, rf; 5846 int i; 5847 5848 if (sc->mac_ver == 0x3572) { 5849 /* enable DC filter */ 5850 if (sc->mac_rev >= 0x0201) 5851 run_bbp_write(sc, 103, 0xc0); 5852 5853 run_bbp_read(sc, 138, &bbp); 5854 if (sc->ntxchains == 1) 5855 bbp |= 0x20; /* turn off DAC1 */ 5856 if (sc->nrxchains == 1) 5857 bbp &= ~0x02; /* turn off ADC1 */ 5858 run_bbp_write(sc, 138, bbp); 5859 5860 if (sc->mac_rev >= 0x0211) { 5861 /* improve power consumption */ 5862 run_bbp_read(sc, 31, &bbp); 5863 run_bbp_write(sc, 31, bbp & ~0x03); 5864 } 5865 5866 run_rt3070_rf_read(sc, 16, &rf); 5867 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5868 run_rt3070_rf_write(sc, 16, rf); 5869 5870 } else if (sc->mac_ver == 0x3071) { 5871 if (sc->mac_rev >= 0x0211) { 5872 /* enable DC filter */ 5873 run_bbp_write(sc, 103, 0xc0); 5874 5875 /* improve power consumption */ 5876 run_bbp_read(sc, 31, &bbp); 5877 run_bbp_write(sc, 31, bbp & ~0x03); 5878 } 5879 5880 run_bbp_read(sc, 138, &bbp); 5881 if (sc->ntxchains == 1) 5882 bbp |= 0x20; /* turn off DAC1 */ 5883 if (sc->nrxchains == 1) 5884 bbp &= ~0x02; /* turn off ADC1 */ 5885 run_bbp_write(sc, 138, bbp); 5886 5887 run_write(sc, RT2860_TX_SW_CFG1, 0); 5888 if (sc->mac_rev < 0x0211) { 5889 run_write(sc, RT2860_TX_SW_CFG2, 5890 sc->patch_dac ? 0x2c : 0x0f); 5891 } else 5892 run_write(sc, RT2860_TX_SW_CFG2, 0); 5893 5894 } else if (sc->mac_ver == 0x3070) { 5895 if (sc->mac_rev >= 0x0201) { 5896 /* enable DC filter */ 5897 run_bbp_write(sc, 103, 0xc0); 5898 5899 /* improve power consumption */ 5900 run_bbp_read(sc, 31, &bbp); 5901 run_bbp_write(sc, 31, bbp & ~0x03); 5902 } 5903 5904 if (sc->mac_rev < 0x0201) { 5905 run_write(sc, RT2860_TX_SW_CFG1, 0); 5906 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5907 } else 5908 run_write(sc, RT2860_TX_SW_CFG2, 0); 5909 } 5910 5911 /* initialize RF registers from ROM for >=RT3071*/ 5912 if (sc->mac_ver >= 0x3071) { 5913 for (i = 0; i < 10; i++) { 5914 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5915 continue; 5916 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5917 } 5918 } 5919} 5920 5921static void 5922run_rt3593_rf_setup(struct run_softc *sc) 5923{ 5924 uint8_t bbp, rf; 5925 5926 if (sc->mac_rev >= 0x0211) { 5927 /* Enable DC filter. */ 5928 run_bbp_write(sc, 103, 0xc0); 5929 } 5930 run_write(sc, RT2860_TX_SW_CFG1, 0); 5931 if (sc->mac_rev < 0x0211) { 5932 run_write(sc, RT2860_TX_SW_CFG2, 5933 sc->patch_dac ? 0x2c : 0x0f); 5934 } else 5935 run_write(sc, RT2860_TX_SW_CFG2, 0); 5936 5937 run_rt3070_rf_read(sc, 50, &rf); 5938 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5939 5940 run_rt3070_rf_read(sc, 51, &rf); 5941 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5942 ((sc->txmixgain_2ghz & 0x07) << 2); 5943 run_rt3070_rf_write(sc, 51, rf); 5944 5945 run_rt3070_rf_read(sc, 38, &rf); 5946 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5947 5948 run_rt3070_rf_read(sc, 39, &rf); 5949 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5950 5951 run_rt3070_rf_read(sc, 1, &rf); 5952 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5953 5954 run_rt3070_rf_read(sc, 30, &rf); 5955 rf = (rf & ~0x18) | 0x10; 5956 run_rt3070_rf_write(sc, 30, rf); 5957 5958 /* Apply maximum likelihood detection for 2 stream case. */ 5959 run_bbp_read(sc, 105, &bbp); 5960 if (sc->nrxchains > 1) 5961 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5962 5963 /* Avoid data lost and CRC error. */ 5964 run_bbp_read(sc, 4, &bbp); 5965 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5966 5967 run_bbp_write(sc, 92, 0x02); 5968 run_bbp_write(sc, 82, 0x82); 5969 run_bbp_write(sc, 106, 0x05); 5970 run_bbp_write(sc, 104, 0x92); 5971 run_bbp_write(sc, 88, 0x90); 5972 run_bbp_write(sc, 148, 0xc8); 5973 run_bbp_write(sc, 47, 0x48); 5974 run_bbp_write(sc, 120, 0x50); 5975 5976 run_bbp_write(sc, 163, 0x9d); 5977 5978 /* SNR mapping. */ 5979 run_bbp_write(sc, 142, 0x06); 5980 run_bbp_write(sc, 143, 0xa0); 5981 run_bbp_write(sc, 142, 0x07); 5982 run_bbp_write(sc, 143, 0xa1); 5983 run_bbp_write(sc, 142, 0x08); 5984 run_bbp_write(sc, 143, 0xa2); 5985 5986 run_bbp_write(sc, 31, 0x08); 5987 run_bbp_write(sc, 68, 0x0b); 5988 run_bbp_write(sc, 105, 0x04); 5989} 5990 5991static void 5992run_rt5390_rf_setup(struct run_softc *sc) 5993{ 5994 uint8_t bbp, rf; 5995 5996 if (sc->mac_rev >= 0x0211) { 5997 /* Enable DC filter. */ 5998 run_bbp_write(sc, 103, 0xc0); 5999 6000 if (sc->mac_ver != 0x5592) { 6001 /* Improve power consumption. */ 6002 run_bbp_read(sc, 31, &bbp); 6003 run_bbp_write(sc, 31, bbp & ~0x03); 6004 } 6005 } 6006 6007 run_bbp_read(sc, 138, &bbp); 6008 if (sc->ntxchains == 1) 6009 bbp |= 0x20; /* turn off DAC1 */ 6010 if (sc->nrxchains == 1) 6011 bbp &= ~0x02; /* turn off ADC1 */ 6012 run_bbp_write(sc, 138, bbp); 6013 6014 run_rt3070_rf_read(sc, 38, &rf); 6015 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 6016 6017 run_rt3070_rf_read(sc, 39, &rf); 6018 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 6019 6020 /* Avoid data lost and CRC error. */ 6021 run_bbp_read(sc, 4, &bbp); 6022 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 6023 6024 run_rt3070_rf_read(sc, 30, &rf); 6025 rf = (rf & ~0x18) | 0x10; 6026 run_rt3070_rf_write(sc, 30, rf); 6027 6028 if (sc->mac_ver != 0x5592) { 6029 run_write(sc, RT2860_TX_SW_CFG1, 0); 6030 if (sc->mac_rev < 0x0211) { 6031 run_write(sc, RT2860_TX_SW_CFG2, 6032 sc->patch_dac ? 0x2c : 0x0f); 6033 } else 6034 run_write(sc, RT2860_TX_SW_CFG2, 0); 6035 } 6036} 6037 6038static int 6039run_txrx_enable(struct run_softc *sc) 6040{ 6041 struct ieee80211com *ic = &sc->sc_ic; 6042 uint32_t tmp; 6043 int error, ntries; 6044 6045 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 6046 for (ntries = 0; ntries < 200; ntries++) { 6047 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 6048 return (error); 6049 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6050 break; 6051 run_delay(sc, 50); 6052 } 6053 if (ntries == 200) 6054 return (ETIMEDOUT); 6055 6056 run_delay(sc, 50); 6057 6058 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 6059 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6060 6061 /* enable Rx bulk aggregation (set timeout and limit) */ 6062 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 6063 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 6064 run_write(sc, RT2860_USB_DMA_CFG, tmp); 6065 6066 /* set Rx filter */ 6067 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 6068 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 6069 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 6070 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 6071 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 6072 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 6073 if (ic->ic_opmode == IEEE80211_M_STA) 6074 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 6075 } 6076 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 6077 6078 run_write(sc, RT2860_MAC_SYS_CTRL, 6079 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6080 6081 return (0); 6082} 6083 6084static void 6085run_adjust_freq_offset(struct run_softc *sc) 6086{ 6087 uint8_t rf, tmp; 6088 6089 run_rt3070_rf_read(sc, 17, &rf); 6090 tmp = rf; 6091 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 6092 rf = MIN(rf, 0x5f); 6093 6094 if (tmp != rf) 6095 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 6096} 6097 6098static void 6099run_init_locked(struct run_softc *sc) 6100{ 6101 struct ieee80211com *ic = &sc->sc_ic; 6102 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6103 uint32_t tmp; 6104 uint8_t bbp1, bbp3; 6105 int i; 6106 int ridx; 6107 int ntries; 6108 6109 if (ic->ic_nrunning > 1) 6110 return; 6111 6112 run_stop(sc); 6113 6114 if (run_load_microcode(sc) != 0) { 6115 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6116 goto fail; 6117 } 6118 6119 for (ntries = 0; ntries < 100; ntries++) { 6120 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6121 goto fail; 6122 if (tmp != 0 && tmp != 0xffffffff) 6123 break; 6124 run_delay(sc, 10); 6125 } 6126 if (ntries == 100) 6127 goto fail; 6128 6129 for (i = 0; i != RUN_EP_QUEUES; i++) 6130 run_setup_tx_list(sc, &sc->sc_epq[i]); 6131 6132 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6133 6134 for (ntries = 0; ntries < 100; ntries++) { 6135 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6136 goto fail; 6137 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6138 break; 6139 run_delay(sc, 10); 6140 } 6141 if (ntries == 100) { 6142 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6143 goto fail; 6144 } 6145 tmp &= 0xff0; 6146 tmp |= RT2860_TX_WB_DDONE; 6147 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6148 6149 /* turn off PME_OEN to solve high-current issue */ 6150 run_read(sc, RT2860_SYS_CTRL, &tmp); 6151 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6152 6153 run_write(sc, RT2860_MAC_SYS_CTRL, 6154 RT2860_BBP_HRST | RT2860_MAC_SRST); 6155 run_write(sc, RT2860_USB_DMA_CFG, 0); 6156 6157 if (run_reset(sc) != 0) { 6158 device_printf(sc->sc_dev, "could not reset chipset\n"); 6159 goto fail; 6160 } 6161 6162 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6163 6164 /* init Tx power for all Tx rates (from EEPROM) */ 6165 for (ridx = 0; ridx < 5; ridx++) { 6166 if (sc->txpow20mhz[ridx] == 0xffffffff) 6167 continue; 6168 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6169 } 6170 6171 for (i = 0; i < nitems(rt2870_def_mac); i++) 6172 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6173 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6174 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6175 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6176 6177 if (sc->mac_ver >= 0x5390) { 6178 run_write(sc, RT2860_TX_SW_CFG0, 6179 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6180 if (sc->mac_ver >= 0x5392) { 6181 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6182 if (sc->mac_ver == 0x5592) { 6183 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6184 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6185 } else { 6186 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6187 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6188 } 6189 } 6190 } else if (sc->mac_ver == 0x3593) { 6191 run_write(sc, RT2860_TX_SW_CFG0, 6192 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6193 } else if (sc->mac_ver >= 0x3070) { 6194 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6195 run_write(sc, RT2860_TX_SW_CFG0, 6196 4 << RT2860_DLY_PAPE_EN_SHIFT); 6197 } 6198 6199 /* wait while MAC is busy */ 6200 for (ntries = 0; ntries < 100; ntries++) { 6201 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6202 goto fail; 6203 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6204 break; 6205 run_delay(sc, 10); 6206 } 6207 if (ntries == 100) 6208 goto fail; 6209 6210 /* clear Host to MCU mailbox */ 6211 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6212 run_write(sc, RT2860_H2M_MAILBOX, 0); 6213 run_delay(sc, 10); 6214 6215 if (run_bbp_init(sc) != 0) { 6216 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6217 goto fail; 6218 } 6219 6220 /* abort TSF synchronization */ 6221 run_disable_tsf(sc); 6222 6223 /* clear RX WCID search table */ 6224 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6225 /* clear WCID attribute table */ 6226 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6227 6228 /* hostapd sets a key before init. So, don't clear it. */ 6229 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6230 /* clear shared key table */ 6231 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6232 /* clear shared key mode */ 6233 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6234 } 6235 6236 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6237 tmp = (tmp & ~0xff) | 0x1e; 6238 run_write(sc, RT2860_US_CYC_CNT, tmp); 6239 6240 if (sc->mac_rev != 0x0101) 6241 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6242 6243 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6244 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6245 6246 /* write vendor-specific BBP values (from EEPROM) */ 6247 if (sc->mac_ver < 0x3593) { 6248 for (i = 0; i < 10; i++) { 6249 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6250 continue; 6251 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6252 } 6253 } 6254 6255 /* select Main antenna for 1T1R devices */ 6256 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6257 run_set_rx_antenna(sc, 0); 6258 6259 /* send LEDs operating mode to microcontroller */ 6260 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6261 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6262 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6263 6264 if (sc->mac_ver >= 0x5390) 6265 run_rt5390_rf_init(sc); 6266 else if (sc->mac_ver == 0x3593) 6267 run_rt3593_rf_init(sc); 6268 else if (sc->mac_ver >= 0x3070) 6269 run_rt3070_rf_init(sc); 6270 6271 /* disable non-existing Rx chains */ 6272 run_bbp_read(sc, 3, &bbp3); 6273 bbp3 &= ~(1 << 3 | 1 << 4); 6274 if (sc->nrxchains == 2) 6275 bbp3 |= 1 << 3; 6276 else if (sc->nrxchains == 3) 6277 bbp3 |= 1 << 4; 6278 run_bbp_write(sc, 3, bbp3); 6279 6280 /* disable non-existing Tx chains */ 6281 run_bbp_read(sc, 1, &bbp1); 6282 if (sc->ntxchains == 1) 6283 bbp1 &= ~(1 << 3 | 1 << 4); 6284 run_bbp_write(sc, 1, bbp1); 6285 6286 if (sc->mac_ver >= 0x5390) 6287 run_rt5390_rf_setup(sc); 6288 else if (sc->mac_ver == 0x3593) 6289 run_rt3593_rf_setup(sc); 6290 else if (sc->mac_ver >= 0x3070) 6291 run_rt3070_rf_setup(sc); 6292 6293 /* select default channel */ 6294 run_set_chan(sc, ic->ic_curchan); 6295 6296 /* setup initial protection mode */ 6297 run_updateprot_cb(ic); 6298 6299 /* turn radio LED on */ 6300 run_set_leds(sc, RT2860_LED_RADIO); 6301 6302 /* Set up AUTO_RSP_CFG register for auto response */ 6303 run_write(sc, RT2860_AUTO_RSP_CFG, RT2860_AUTO_RSP_EN | 6304 RT2860_BAC_ACKPOLICY_EN | RT2860_CTS_40M_MODE_EN); 6305 6306 sc->sc_flags |= RUN_RUNNING; 6307 sc->cmdq_run = RUN_CMDQ_GO; 6308 6309 for (i = 0; i != RUN_N_XFER; i++) 6310 usbd_xfer_set_stall(sc->sc_xfer[i]); 6311 6312 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6313 6314 if (run_txrx_enable(sc) != 0) 6315 goto fail; 6316 6317 return; 6318 6319fail: 6320 run_stop(sc); 6321} 6322 6323static void 6324run_stop(void *arg) 6325{ 6326 struct run_softc *sc = (struct run_softc *)arg; 6327 uint32_t tmp; 6328 int i; 6329 int ntries; 6330 6331 RUN_LOCK_ASSERT(sc, MA_OWNED); 6332 6333 if (sc->sc_flags & RUN_RUNNING) 6334 run_set_leds(sc, 0); /* turn all LEDs off */ 6335 6336 sc->sc_flags &= ~RUN_RUNNING; 6337 6338 sc->ratectl_run = RUN_RATECTL_OFF; 6339 sc->cmdq_run = sc->cmdq_key_set; 6340 6341 RUN_UNLOCK(sc); 6342 6343 for(i = 0; i < RUN_N_XFER; i++) 6344 usbd_transfer_drain(sc->sc_xfer[i]); 6345 6346 RUN_LOCK(sc); 6347 6348 run_drain_mbufq(sc); 6349 6350 if (sc->rx_m != NULL) { 6351 m_free(sc->rx_m); 6352 sc->rx_m = NULL; 6353 } 6354 6355 /* Disable Tx/Rx DMA. */ 6356 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6357 return; 6358 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6359 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6360 6361 for (ntries = 0; ntries < 100; ntries++) { 6362 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6363 return; 6364 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6365 break; 6366 run_delay(sc, 10); 6367 } 6368 if (ntries == 100) { 6369 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6370 return; 6371 } 6372 6373 /* disable Tx/Rx */ 6374 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6375 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6376 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6377 6378 /* wait for pending Tx to complete */ 6379 for (ntries = 0; ntries < 100; ntries++) { 6380 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6381 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6382 "Cannot read Tx queue count\n"); 6383 break; 6384 } 6385 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6386 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6387 "All Tx cleared\n"); 6388 break; 6389 } 6390 run_delay(sc, 10); 6391 } 6392 if (ntries >= 100) 6393 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6394 "There are still pending Tx\n"); 6395 run_delay(sc, 10); 6396 run_write(sc, RT2860_USB_DMA_CFG, 0); 6397 6398 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6399 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6400 6401 for (i = 0; i != RUN_EP_QUEUES; i++) 6402 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6403} 6404 6405static void 6406run_delay(struct run_softc *sc, u_int ms) 6407{ 6408 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6409 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6410} 6411 6412static void 6413run_update_chw(struct ieee80211com *ic) 6414{ 6415 6416 printf("%s: TODO\n", __func__); 6417} 6418 6419static int 6420run_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 6421{ 6422 6423 /* For now, no A-MPDU TX support in the driver */ 6424 return (0); 6425} 6426 6427static device_method_t run_methods[] = { 6428 /* Device interface */ 6429 DEVMETHOD(device_probe, run_match), 6430 DEVMETHOD(device_attach, run_attach), 6431 DEVMETHOD(device_detach, run_detach), 6432 DEVMETHOD_END 6433}; 6434 6435static driver_t run_driver = { 6436 .name = "run", 6437 .methods = run_methods, 6438 .size = sizeof(struct run_softc) 6439}; 6440 6441static devclass_t run_devclass; 6442 6443DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6444MODULE_DEPEND(run, wlan, 1, 1, 1); 6445MODULE_DEPEND(run, usb, 1, 1, 1); 6446MODULE_DEPEND(run, firmware, 1, 1, 1); 6447MODULE_VERSION(run, 1); 6448USB_PNP_HOST_INFO(run_devs); 6449