1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) \ 92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 93 94 /* 95 * Because of LOR in run_key_delete(), use atomic instead. 96 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 97 */ 98 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 99 100 static const STRUCT_USB_HOST_ID run_devs[] = { 101 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 102 #define RUN_DEV_EJECT(v,p) \ 103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 104 #define RUN_EJECT 1 105 RUN_DEV(ABOCOM, RT2770), 106 RUN_DEV(ABOCOM, RT2870), 107 RUN_DEV(ABOCOM, RT3070), 108 RUN_DEV(ABOCOM, RT3071), 109 RUN_DEV(ABOCOM, RT3072), 110 RUN_DEV(ABOCOM2, RT2870_1), 111 RUN_DEV(ACCTON, RT2770), 112 RUN_DEV(ACCTON, RT2870_1), 113 RUN_DEV(ACCTON, RT2870_2), 114 RUN_DEV(ACCTON, RT2870_3), 115 RUN_DEV(ACCTON, RT2870_4), 116 RUN_DEV(ACCTON, RT2870_5), 117 RUN_DEV(ACCTON, RT3070), 118 RUN_DEV(ACCTON, RT3070_1), 119 RUN_DEV(ACCTON, RT3070_2), 120 RUN_DEV(ACCTON, RT3070_3), 121 RUN_DEV(ACCTON, RT3070_4), 122 RUN_DEV(ACCTON, RT3070_5), 123 RUN_DEV(AIRTIES, RT3070), 124 RUN_DEV(ALLWIN, RT2070), 125 RUN_DEV(ALLWIN, RT2770), 126 RUN_DEV(ALLWIN, RT2870), 127 RUN_DEV(ALLWIN, RT3070), 128 RUN_DEV(ALLWIN, RT3071), 129 RUN_DEV(ALLWIN, RT3072), 130 RUN_DEV(ALLWIN, RT3572), 131 RUN_DEV(AMIGO, RT2870_1), 132 RUN_DEV(AMIGO, RT2870_2), 133 RUN_DEV(AMIT, CGWLUSB2GNR), 134 RUN_DEV(AMIT, RT2870_1), 135 RUN_DEV(AMIT2, RT2870), 136 RUN_DEV(ASUS, RT2870_1), 137 RUN_DEV(ASUS, RT2870_2), 138 RUN_DEV(ASUS, RT2870_3), 139 RUN_DEV(ASUS, RT2870_4), 140 RUN_DEV(ASUS, RT2870_5), 141 RUN_DEV(ASUS, USBN13), 142 RUN_DEV(ASUS, RT3070_1), 143 RUN_DEV(ASUS, USBN66), 144 RUN_DEV(ASUS, USB_N53), 145 RUN_DEV(ASUS2, USBN11), 146 RUN_DEV(AZUREWAVE, RT2870_1), 147 RUN_DEV(AZUREWAVE, RT2870_2), 148 RUN_DEV(AZUREWAVE, RT3070_1), 149 RUN_DEV(AZUREWAVE, RT3070_2), 150 RUN_DEV(AZUREWAVE, RT3070_3), 151 RUN_DEV(BELKIN, F9L1103), 152 RUN_DEV(BELKIN, F5D8053V3), 153 RUN_DEV(BELKIN, F5D8055), 154 RUN_DEV(BELKIN, F5D8055V2), 155 RUN_DEV(BELKIN, F6D4050V1), 156 RUN_DEV(BELKIN, F6D4050V2), 157 RUN_DEV(BELKIN, RT2870_1), 158 RUN_DEV(BELKIN, RT2870_2), 159 RUN_DEV(CISCOLINKSYS, AE1000), 160 RUN_DEV(CISCOLINKSYS2, RT3070), 161 RUN_DEV(CISCOLINKSYS3, RT3070), 162 RUN_DEV(CONCEPTRONIC2, RT2870_1), 163 RUN_DEV(CONCEPTRONIC2, RT2870_2), 164 RUN_DEV(CONCEPTRONIC2, RT2870_3), 165 RUN_DEV(CONCEPTRONIC2, RT2870_4), 166 RUN_DEV(CONCEPTRONIC2, RT2870_5), 167 RUN_DEV(CONCEPTRONIC2, RT2870_6), 168 RUN_DEV(CONCEPTRONIC2, RT2870_7), 169 RUN_DEV(CONCEPTRONIC2, RT2870_8), 170 RUN_DEV(CONCEPTRONIC2, RT3070_1), 171 RUN_DEV(CONCEPTRONIC2, RT3070_2), 172 RUN_DEV(CONCEPTRONIC2, VIGORN61), 173 RUN_DEV(COREGA, CGWLUSB300GNM), 174 RUN_DEV(COREGA, RT2870_1), 175 RUN_DEV(COREGA, RT2870_2), 176 RUN_DEV(COREGA, RT2870_3), 177 RUN_DEV(COREGA, RT3070), 178 RUN_DEV(CYBERTAN, RT2870), 179 RUN_DEV(DLINK, RT2870), 180 RUN_DEV(DLINK, RT3072), 181 RUN_DEV(DLINK, DWA127), 182 RUN_DEV(DLINK, DWA140B3), 183 RUN_DEV(DLINK, DWA160B2), 184 RUN_DEV(DLINK, DWA162), 185 RUN_DEV(DLINK2, DWA130), 186 RUN_DEV(DLINK2, RT2870_1), 187 RUN_DEV(DLINK2, RT2870_2), 188 RUN_DEV(DLINK2, RT3070_1), 189 RUN_DEV(DLINK2, RT3070_2), 190 RUN_DEV(DLINK2, RT3070_3), 191 RUN_DEV(DLINK2, RT3070_4), 192 RUN_DEV(DLINK2, RT3070_5), 193 RUN_DEV(DLINK2, RT3072), 194 RUN_DEV(DLINK2, RT3072_1), 195 RUN_DEV(EDIMAX, EW7717), 196 RUN_DEV(EDIMAX, EW7718), 197 RUN_DEV(EDIMAX, EW7733UND), 198 RUN_DEV(EDIMAX, RT2870_1), 199 RUN_DEV(ENCORE, RT3070_1), 200 RUN_DEV(ENCORE, RT3070_2), 201 RUN_DEV(ENCORE, RT3070_3), 202 RUN_DEV(GIGABYTE, GNWB31N), 203 RUN_DEV(GIGABYTE, GNWB32L), 204 RUN_DEV(GIGABYTE, RT2870_1), 205 RUN_DEV(GIGASET, RT3070_1), 206 RUN_DEV(GIGASET, RT3070_2), 207 RUN_DEV(GUILLEMOT, HWNU300), 208 RUN_DEV(HAWKING, HWUN2), 209 RUN_DEV(HAWKING, RT2870_1), 210 RUN_DEV(HAWKING, RT2870_2), 211 RUN_DEV(HAWKING, RT3070), 212 RUN_DEV(IODATA, RT3072_1), 213 RUN_DEV(IODATA, RT3072_2), 214 RUN_DEV(IODATA, RT3072_3), 215 RUN_DEV(IODATA, RT3072_4), 216 RUN_DEV(LINKSYS4, RT3070), 217 RUN_DEV(LINKSYS4, WUSB100), 218 RUN_DEV(LINKSYS4, WUSB54GCV3), 219 RUN_DEV(LINKSYS4, WUSB600N), 220 RUN_DEV(LINKSYS4, WUSB600NV2), 221 RUN_DEV(LOGITEC, RT2870_1), 222 RUN_DEV(LOGITEC, RT2870_2), 223 RUN_DEV(LOGITEC, RT2870_3), 224 RUN_DEV(LOGITEC, LANW300NU2), 225 RUN_DEV(LOGITEC, LANW150NU2), 226 RUN_DEV(LOGITEC, LANW300NU2S), 227 RUN_DEV(MELCO, RT2870_1), 228 RUN_DEV(MELCO, RT2870_2), 229 RUN_DEV(MELCO, WLIUCAG300N), 230 RUN_DEV(MELCO, WLIUCG300N), 231 RUN_DEV(MELCO, WLIUCG301N), 232 RUN_DEV(MELCO, WLIUCGN), 233 RUN_DEV(MELCO, WLIUCGNM), 234 RUN_DEV(MELCO, WLIUCGNM2), 235 RUN_DEV(MOTOROLA4, RT2770), 236 RUN_DEV(MOTOROLA4, RT3070), 237 RUN_DEV(MSI, RT3070_1), 238 RUN_DEV(MSI, RT3070_2), 239 RUN_DEV(MSI, RT3070_3), 240 RUN_DEV(MSI, RT3070_4), 241 RUN_DEV(MSI, RT3070_5), 242 RUN_DEV(MSI, RT3070_6), 243 RUN_DEV(MSI, RT3070_7), 244 RUN_DEV(MSI, RT3070_8), 245 RUN_DEV(MSI, RT3070_9), 246 RUN_DEV(MSI, RT3070_10), 247 RUN_DEV(MSI, RT3070_11), 248 RUN_DEV(OVISLINK, RT3072), 249 RUN_DEV(PARA, RT3070), 250 RUN_DEV(PEGATRON, RT2870), 251 RUN_DEV(PEGATRON, RT3070), 252 RUN_DEV(PEGATRON, RT3070_2), 253 RUN_DEV(PEGATRON, RT3070_3), 254 RUN_DEV(PHILIPS, RT2870), 255 RUN_DEV(PLANEX2, GWUS300MINIS), 256 RUN_DEV(PLANEX2, GWUSMICRON), 257 RUN_DEV(PLANEX2, RT2870), 258 RUN_DEV(PLANEX2, RT3070), 259 RUN_DEV(QCOM, RT2870), 260 RUN_DEV(QUANTA, RT3070), 261 RUN_DEV(RALINK, RT2070), 262 RUN_DEV(RALINK, RT2770), 263 RUN_DEV(RALINK, RT2870), 264 RUN_DEV(RALINK, RT3070), 265 RUN_DEV(RALINK, RT3071), 266 RUN_DEV(RALINK, RT3072), 267 RUN_DEV(RALINK, RT3370), 268 RUN_DEV(RALINK, RT3572), 269 RUN_DEV(RALINK, RT3573), 270 RUN_DEV(RALINK, RT5370), 271 RUN_DEV(RALINK, RT5572), 272 RUN_DEV(RALINK, RT8070), 273 RUN_DEV(SAMSUNG, WIS09ABGN), 274 RUN_DEV(SAMSUNG2, RT2870_1), 275 RUN_DEV(SENAO, RT2870_1), 276 RUN_DEV(SENAO, RT2870_2), 277 RUN_DEV(SENAO, RT2870_3), 278 RUN_DEV(SENAO, RT2870_4), 279 RUN_DEV(SENAO, RT3070), 280 RUN_DEV(SENAO, RT3071), 281 RUN_DEV(SENAO, RT3072_1), 282 RUN_DEV(SENAO, RT3072_2), 283 RUN_DEV(SENAO, RT3072_3), 284 RUN_DEV(SENAO, RT3072_4), 285 RUN_DEV(SENAO, RT3072_5), 286 RUN_DEV(SITECOMEU, RT2770), 287 RUN_DEV(SITECOMEU, RT2870_1), 288 RUN_DEV(SITECOMEU, RT2870_2), 289 RUN_DEV(SITECOMEU, RT2870_3), 290 RUN_DEV(SITECOMEU, RT2870_4), 291 RUN_DEV(SITECOMEU, RT3070), 292 RUN_DEV(SITECOMEU, RT3070_2), 293 RUN_DEV(SITECOMEU, RT3070_3), 294 RUN_DEV(SITECOMEU, RT3070_4), 295 RUN_DEV(SITECOMEU, RT3071), 296 RUN_DEV(SITECOMEU, RT3072_1), 297 RUN_DEV(SITECOMEU, RT3072_2), 298 RUN_DEV(SITECOMEU, RT3072_3), 299 RUN_DEV(SITECOMEU, RT3072_4), 300 RUN_DEV(SITECOMEU, RT3072_5), 301 RUN_DEV(SITECOMEU, RT3072_6), 302 RUN_DEV(SITECOMEU, WL608), 303 RUN_DEV(SPARKLAN, RT2870_1), 304 RUN_DEV(SPARKLAN, RT3070), 305 RUN_DEV(SWEEX2, LW153), 306 RUN_DEV(SWEEX2, LW303), 307 RUN_DEV(SWEEX2, LW313), 308 RUN_DEV(TOSHIBA, RT3070), 309 RUN_DEV(UMEDIA, RT2870_1), 310 RUN_DEV(ZCOM, RT2870_1), 311 RUN_DEV(ZCOM, RT2870_2), 312 RUN_DEV(ZINWELL, RT2870_1), 313 RUN_DEV(ZINWELL, RT2870_2), 314 RUN_DEV(ZINWELL, RT3070), 315 RUN_DEV(ZINWELL, RT3072_1), 316 RUN_DEV(ZINWELL, RT3072_2), 317 RUN_DEV(ZYXEL, RT2870_1), 318 RUN_DEV(ZYXEL, RT2870_2), 319 RUN_DEV_EJECT(ZYXEL, NWD2705), 320 RUN_DEV_EJECT(RALINK, RT_STOR), 321 #undef RUN_DEV_EJECT 322 #undef RUN_DEV 323 }; 324 325 static device_probe_t run_match; 326 static device_attach_t run_attach; 327 static device_detach_t run_detach; 328 329 static usb_callback_t run_bulk_rx_callback; 330 static usb_callback_t run_bulk_tx_callback0; 331 static usb_callback_t run_bulk_tx_callback1; 332 static usb_callback_t run_bulk_tx_callback2; 333 static usb_callback_t run_bulk_tx_callback3; 334 static usb_callback_t run_bulk_tx_callback4; 335 static usb_callback_t run_bulk_tx_callback5; 336 337 static void run_autoinst(void *, struct usb_device *, 338 struct usb_attach_arg *); 339 static int run_driver_loaded(struct module *, int, void *); 340 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 341 usb_error_t error, u_int index); 342 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 343 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 344 const uint8_t [IEEE80211_ADDR_LEN], 345 const uint8_t [IEEE80211_ADDR_LEN]); 346 static void run_vap_delete(struct ieee80211vap *); 347 static void run_cmdq_cb(void *, int); 348 static void run_setup_tx_list(struct run_softc *, 349 struct run_endpoint_queue *); 350 static void run_unsetup_tx_list(struct run_softc *, 351 struct run_endpoint_queue *); 352 static int run_load_microcode(struct run_softc *); 353 static int run_reset(struct run_softc *); 354 static usb_error_t run_do_request(struct run_softc *, 355 struct usb_device_request *, void *); 356 static int run_read(struct run_softc *, uint16_t, uint32_t *); 357 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 358 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 359 static int run_write(struct run_softc *, uint16_t, uint32_t); 360 static int run_write_region_1(struct run_softc *, uint16_t, 361 const uint8_t *, int); 362 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 363 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 364 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 365 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 366 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 367 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 368 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 369 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 370 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 371 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 372 static const char *run_get_rf(uint16_t); 373 static void run_rt3593_get_txpower(struct run_softc *); 374 static void run_get_txpower(struct run_softc *); 375 static int run_read_eeprom(struct run_softc *); 376 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 377 const uint8_t mac[IEEE80211_ADDR_LEN]); 378 static int run_media_change(struct ifnet *); 379 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 380 static int run_wme_update(struct ieee80211com *); 381 static void run_wme_update_cb(void *); 382 static void run_key_update_begin(struct ieee80211vap *); 383 static void run_key_update_end(struct ieee80211vap *); 384 static void run_key_set_cb(void *); 385 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 386 const uint8_t mac[IEEE80211_ADDR_LEN]); 387 static void run_key_delete_cb(void *); 388 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 389 static void run_ratectl_to(void *); 390 static void run_ratectl_cb(void *, int); 391 static void run_drain_fifo(void *); 392 static void run_iter_func(void *, struct ieee80211_node *); 393 static void run_newassoc_cb(void *); 394 static void run_newassoc(struct ieee80211_node *, int); 395 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 396 static void run_tx_free(struct run_endpoint_queue *pq, 397 struct run_tx_data *, int); 398 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 399 static int run_tx(struct run_softc *, struct mbuf *, 400 struct ieee80211_node *); 401 static int run_tx_mgt(struct run_softc *, struct mbuf *, 402 struct ieee80211_node *); 403 static int run_sendprot(struct run_softc *, const struct mbuf *, 404 struct ieee80211_node *, int, int); 405 static int run_tx_param(struct run_softc *, struct mbuf *, 406 struct ieee80211_node *, 407 const struct ieee80211_bpf_params *); 408 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 409 const struct ieee80211_bpf_params *); 410 static void run_start(struct ifnet *); 411 static int run_ioctl(struct ifnet *, u_long, caddr_t); 412 static void run_iq_calib(struct run_softc *, u_int); 413 static void run_set_agc(struct run_softc *, uint8_t); 414 static void run_select_chan_group(struct run_softc *, int); 415 static void run_set_rx_antenna(struct run_softc *, int); 416 static void run_rt2870_set_chan(struct run_softc *, u_int); 417 static void run_rt3070_set_chan(struct run_softc *, u_int); 418 static void run_rt3572_set_chan(struct run_softc *, u_int); 419 static void run_rt3593_set_chan(struct run_softc *, u_int); 420 static void run_rt5390_set_chan(struct run_softc *, u_int); 421 static void run_rt5592_set_chan(struct run_softc *, u_int); 422 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 423 static void run_set_channel(struct ieee80211com *); 424 static void run_scan_start(struct ieee80211com *); 425 static void run_scan_end(struct ieee80211com *); 426 static void run_update_beacon(struct ieee80211vap *, int); 427 static void run_update_beacon_cb(void *); 428 static void run_updateprot(struct ieee80211com *); 429 static void run_updateprot_cb(void *); 430 static void run_usb_timeout_cb(void *); 431 static void run_reset_livelock(struct run_softc *); 432 static void run_enable_tsf_sync(struct run_softc *); 433 static void run_enable_mrr(struct run_softc *); 434 static void run_set_txpreamble(struct run_softc *); 435 static void run_set_basicrates(struct run_softc *); 436 static void run_set_leds(struct run_softc *, uint16_t); 437 static void run_set_bssid(struct run_softc *, const uint8_t *); 438 static void run_set_macaddr(struct run_softc *, const uint8_t *); 439 static void run_updateslot(struct ifnet *); 440 static void run_updateslot_cb(void *); 441 static void run_update_mcast(struct ifnet *); 442 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 443 static void run_update_promisc_locked(struct ifnet *); 444 static void run_update_promisc(struct ifnet *); 445 static void run_rt5390_bbp_init(struct run_softc *); 446 static int run_bbp_init(struct run_softc *); 447 static int run_rt3070_rf_init(struct run_softc *); 448 static void run_rt3593_rf_init(struct run_softc *); 449 static void run_rt5390_rf_init(struct run_softc *); 450 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 451 uint8_t *); 452 static void run_rt3070_rf_setup(struct run_softc *); 453 static void run_rt3593_rf_setup(struct run_softc *); 454 static void run_rt5390_rf_setup(struct run_softc *); 455 static int run_txrx_enable(struct run_softc *); 456 static void run_adjust_freq_offset(struct run_softc *); 457 static void run_init(void *); 458 static void run_init_locked(struct run_softc *); 459 static void run_stop(void *); 460 static void run_delay(struct run_softc *, u_int); 461 462 static eventhandler_tag run_etag; 463 464 static const struct rt2860_rate { 465 uint8_t rate; 466 uint8_t mcs; 467 enum ieee80211_phytype phy; 468 uint8_t ctl_ridx; 469 uint16_t sp_ack_dur; 470 uint16_t lp_ack_dur; 471 } rt2860_rates[] = { 472 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 473 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 474 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 475 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 476 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 477 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 478 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 479 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 480 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 481 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 482 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 483 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 484 }; 485 486 static const struct { 487 uint16_t reg; 488 uint32_t val; 489 } rt2870_def_mac[] = { 490 RT2870_DEF_MAC 491 }; 492 493 static const struct { 494 uint8_t reg; 495 uint8_t val; 496 } rt2860_def_bbp[] = { 497 RT2860_DEF_BBP 498 },rt5390_def_bbp[] = { 499 RT5390_DEF_BBP 500 },rt5592_def_bbp[] = { 501 RT5592_DEF_BBP 502 }; 503 504 /* 505 * Default values for BBP register R196 for RT5592. 506 */ 507 static const uint8_t rt5592_bbp_r196[] = { 508 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 509 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 510 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 511 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 512 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 513 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 514 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 515 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 516 0x2e, 0x36, 0x30, 0x6e 517 }; 518 519 static const struct rfprog { 520 uint8_t chan; 521 uint32_t r1, r2, r3, r4; 522 } rt2860_rf2850[] = { 523 RT2860_RF2850 524 }; 525 526 struct { 527 uint8_t n, r, k; 528 } rt3070_freqs[] = { 529 RT3070_RF3052 530 }; 531 532 static const struct rt5592_freqs { 533 uint16_t n; 534 uint8_t k, m, r; 535 } rt5592_freqs_20mhz[] = { 536 RT5592_RF5592_20MHZ 537 },rt5592_freqs_40mhz[] = { 538 RT5592_RF5592_40MHZ 539 }; 540 541 static const struct { 542 uint8_t reg; 543 uint8_t val; 544 } rt3070_def_rf[] = { 545 RT3070_DEF_RF 546 },rt3572_def_rf[] = { 547 RT3572_DEF_RF 548 },rt3593_def_rf[] = { 549 RT3593_DEF_RF 550 },rt5390_def_rf[] = { 551 RT5390_DEF_RF 552 },rt5392_def_rf[] = { 553 RT5392_DEF_RF 554 },rt5592_def_rf[] = { 555 RT5592_DEF_RF 556 },rt5592_2ghz_def_rf[] = { 557 RT5592_2GHZ_DEF_RF 558 },rt5592_5ghz_def_rf[] = { 559 RT5592_5GHZ_DEF_RF 560 }; 561 562 static const struct { 563 u_int firstchan; 564 u_int lastchan; 565 uint8_t reg; 566 uint8_t val; 567 } rt5592_chan_5ghz[] = { 568 RT5592_CHAN_5GHZ 569 }; 570 571 static const struct usb_config run_config[RUN_N_XFER] = { 572 [RUN_BULK_TX_BE] = { 573 .type = UE_BULK, 574 .endpoint = UE_ADDR_ANY, 575 .ep_index = 0, 576 .direction = UE_DIR_OUT, 577 .bufsize = RUN_MAX_TXSZ, 578 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 579 .callback = run_bulk_tx_callback0, 580 .timeout = 5000, /* ms */ 581 }, 582 [RUN_BULK_TX_BK] = { 583 .type = UE_BULK, 584 .endpoint = UE_ADDR_ANY, 585 .direction = UE_DIR_OUT, 586 .ep_index = 1, 587 .bufsize = RUN_MAX_TXSZ, 588 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 589 .callback = run_bulk_tx_callback1, 590 .timeout = 5000, /* ms */ 591 }, 592 [RUN_BULK_TX_VI] = { 593 .type = UE_BULK, 594 .endpoint = UE_ADDR_ANY, 595 .direction = UE_DIR_OUT, 596 .ep_index = 2, 597 .bufsize = RUN_MAX_TXSZ, 598 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 599 .callback = run_bulk_tx_callback2, 600 .timeout = 5000, /* ms */ 601 }, 602 [RUN_BULK_TX_VO] = { 603 .type = UE_BULK, 604 .endpoint = UE_ADDR_ANY, 605 .direction = UE_DIR_OUT, 606 .ep_index = 3, 607 .bufsize = RUN_MAX_TXSZ, 608 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 609 .callback = run_bulk_tx_callback3, 610 .timeout = 5000, /* ms */ 611 }, 612 [RUN_BULK_TX_HCCA] = { 613 .type = UE_BULK, 614 .endpoint = UE_ADDR_ANY, 615 .direction = UE_DIR_OUT, 616 .ep_index = 4, 617 .bufsize = RUN_MAX_TXSZ, 618 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 619 .callback = run_bulk_tx_callback4, 620 .timeout = 5000, /* ms */ 621 }, 622 [RUN_BULK_TX_PRIO] = { 623 .type = UE_BULK, 624 .endpoint = UE_ADDR_ANY, 625 .direction = UE_DIR_OUT, 626 .ep_index = 5, 627 .bufsize = RUN_MAX_TXSZ, 628 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 629 .callback = run_bulk_tx_callback5, 630 .timeout = 5000, /* ms */ 631 }, 632 [RUN_BULK_RX] = { 633 .type = UE_BULK, 634 .endpoint = UE_ADDR_ANY, 635 .direction = UE_DIR_IN, 636 .bufsize = RUN_MAX_RXSZ, 637 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 638 .callback = run_bulk_rx_callback, 639 } 640 }; 641 642 static void 643 run_autoinst(void *arg, struct usb_device *udev, 644 struct usb_attach_arg *uaa) 645 { 646 struct usb_interface *iface; 647 struct usb_interface_descriptor *id; 648 649 if (uaa->dev_state != UAA_DEV_READY) 650 return; 651 652 iface = usbd_get_iface(udev, 0); 653 if (iface == NULL) 654 return; 655 id = iface->idesc; 656 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 657 return; 658 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 659 return; 660 661 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 662 uaa->dev_state = UAA_DEV_EJECTING; 663 } 664 665 static int 666 run_driver_loaded(struct module *mod, int what, void *arg) 667 { 668 switch (what) { 669 case MOD_LOAD: 670 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 671 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 672 break; 673 case MOD_UNLOAD: 674 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 675 break; 676 default: 677 return (EOPNOTSUPP); 678 } 679 return (0); 680 } 681 682 static int 683 run_match(device_t self) 684 { 685 struct usb_attach_arg *uaa = device_get_ivars(self); 686 687 if (uaa->usb_mode != USB_MODE_HOST) 688 return (ENXIO); 689 if (uaa->info.bConfigIndex != 0) 690 return (ENXIO); 691 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 692 return (ENXIO); 693 694 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 695 } 696 697 static int 698 run_attach(device_t self) 699 { 700 struct run_softc *sc = device_get_softc(self); 701 struct usb_attach_arg *uaa = device_get_ivars(self); 702 struct ieee80211com *ic; 703 struct ifnet *ifp; 704 uint32_t ver; 705 int ntries, error; 706 uint8_t iface_index, bands; 707 708 device_set_usb_desc(self); 709 sc->sc_udev = uaa->device; 710 sc->sc_dev = self; 711 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 712 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 713 714 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 715 MTX_NETWORK_LOCK, MTX_DEF); 716 717 iface_index = RT2860_IFACE_INDEX; 718 719 error = usbd_transfer_setup(uaa->device, &iface_index, 720 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 721 if (error) { 722 device_printf(self, "could not allocate USB transfers, " 723 "err=%s\n", usbd_errstr(error)); 724 goto detach; 725 } 726 727 RUN_LOCK(sc); 728 729 /* wait for the chip to settle */ 730 for (ntries = 0; ntries < 100; ntries++) { 731 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 732 RUN_UNLOCK(sc); 733 goto detach; 734 } 735 if (ver != 0 && ver != 0xffffffff) 736 break; 737 run_delay(sc, 10); 738 } 739 if (ntries == 100) { 740 device_printf(sc->sc_dev, 741 "timeout waiting for NIC to initialize\n"); 742 RUN_UNLOCK(sc); 743 goto detach; 744 } 745 sc->mac_ver = ver >> 16; 746 sc->mac_rev = ver & 0xffff; 747 748 /* retrieve RF rev. no and various other things from EEPROM */ 749 run_read_eeprom(sc); 750 751 device_printf(sc->sc_dev, 752 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 753 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 754 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 755 756 RUN_UNLOCK(sc); 757 758 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 759 if (ifp == NULL) { 760 device_printf(sc->sc_dev, "can not if_alloc()\n"); 761 goto detach; 762 } 763 ic = ifp->if_l2com; 764 765 ifp->if_softc = sc; 766 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 767 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 768 ifp->if_init = run_init; 769 ifp->if_ioctl = run_ioctl; 770 ifp->if_start = run_start; 771 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 772 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 773 IFQ_SET_READY(&ifp->if_snd); 774 775 ic->ic_ifp = ifp; 776 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 777 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 778 779 /* set device capabilities */ 780 ic->ic_caps = 781 IEEE80211_C_STA | /* station mode supported */ 782 IEEE80211_C_MONITOR | /* monitor mode supported */ 783 IEEE80211_C_IBSS | 784 IEEE80211_C_HOSTAP | 785 IEEE80211_C_WDS | /* 4-address traffic works */ 786 IEEE80211_C_MBSS | 787 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 788 IEEE80211_C_SHSLOT | /* short slot time supported */ 789 IEEE80211_C_WME | /* WME */ 790 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 791 792 ic->ic_cryptocaps = 793 IEEE80211_CRYPTO_WEP | 794 IEEE80211_CRYPTO_AES_CCM | 795 IEEE80211_CRYPTO_TKIPMIC | 796 IEEE80211_CRYPTO_TKIP; 797 798 ic->ic_flags |= IEEE80211_F_DATAPAD; 799 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 800 801 bands = 0; 802 setbit(&bands, IEEE80211_MODE_11B); 803 setbit(&bands, IEEE80211_MODE_11G); 804 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 805 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 806 sc->rf_rev == RT5592_RF_5592) 807 setbit(&bands, IEEE80211_MODE_11A); 808 ieee80211_init_channels(ic, NULL, &bands); 809 810 ieee80211_ifattach(ic, sc->sc_bssid); 811 812 ic->ic_scan_start = run_scan_start; 813 ic->ic_scan_end = run_scan_end; 814 ic->ic_set_channel = run_set_channel; 815 ic->ic_node_alloc = run_node_alloc; 816 ic->ic_newassoc = run_newassoc; 817 ic->ic_updateslot = run_updateslot; 818 ic->ic_update_mcast = run_update_mcast; 819 ic->ic_wme.wme_update = run_wme_update; 820 ic->ic_raw_xmit = run_raw_xmit; 821 ic->ic_update_promisc = run_update_promisc; 822 823 ic->ic_vap_create = run_vap_create; 824 ic->ic_vap_delete = run_vap_delete; 825 826 ieee80211_radiotap_attach(ic, 827 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 828 RUN_TX_RADIOTAP_PRESENT, 829 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 830 RUN_RX_RADIOTAP_PRESENT); 831 832 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 833 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 834 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 835 836 if (bootverbose) 837 ieee80211_announce(ic); 838 839 return (0); 840 841 detach: 842 run_detach(self); 843 return (ENXIO); 844 } 845 846 static int 847 run_detach(device_t self) 848 { 849 struct run_softc *sc = device_get_softc(self); 850 struct ifnet *ifp = sc->sc_ifp; 851 struct ieee80211com *ic; 852 int i; 853 854 RUN_LOCK(sc); 855 sc->sc_detached = 1; 856 RUN_UNLOCK(sc); 857 858 /* stop all USB transfers */ 859 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 860 861 RUN_LOCK(sc); 862 sc->ratectl_run = RUN_RATECTL_OFF; 863 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 864 865 /* free TX list, if any */ 866 for (i = 0; i != RUN_EP_QUEUES; i++) 867 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 868 RUN_UNLOCK(sc); 869 870 if (ifp) { 871 ic = ifp->if_l2com; 872 /* drain tasks */ 873 usb_callout_drain(&sc->ratectl_ch); 874 ieee80211_draintask(ic, &sc->cmdq_task); 875 ieee80211_draintask(ic, &sc->ratectl_task); 876 ieee80211_ifdetach(ic); 877 if_free(ifp); 878 } 879 880 mtx_destroy(&sc->sc_mtx); 881 882 return (0); 883 } 884 885 static struct ieee80211vap * 886 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 887 enum ieee80211_opmode opmode, int flags, 888 const uint8_t bssid[IEEE80211_ADDR_LEN], 889 const uint8_t mac[IEEE80211_ADDR_LEN]) 890 { 891 struct ifnet *ifp = ic->ic_ifp; 892 struct run_softc *sc = ifp->if_softc; 893 struct run_vap *rvp; 894 struct ieee80211vap *vap; 895 int i; 896 897 if (sc->rvp_cnt >= RUN_VAP_MAX) { 898 if_printf(ifp, "number of VAPs maxed out\n"); 899 return (NULL); 900 } 901 902 switch (opmode) { 903 case IEEE80211_M_STA: 904 /* enable s/w bmiss handling for sta mode */ 905 flags |= IEEE80211_CLONE_NOBEACONS; 906 /* fall though */ 907 case IEEE80211_M_IBSS: 908 case IEEE80211_M_MONITOR: 909 case IEEE80211_M_HOSTAP: 910 case IEEE80211_M_MBSS: 911 /* other than WDS vaps, only one at a time */ 912 if (!TAILQ_EMPTY(&ic->ic_vaps)) 913 return (NULL); 914 break; 915 case IEEE80211_M_WDS: 916 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 917 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 918 continue; 919 /* WDS vap's always share the local mac address. */ 920 flags &= ~IEEE80211_CLONE_BSSID; 921 break; 922 } 923 if (vap == NULL) { 924 if_printf(ifp, "wds only supported in ap mode\n"); 925 return (NULL); 926 } 927 break; 928 default: 929 if_printf(ifp, "unknown opmode %d\n", opmode); 930 return (NULL); 931 } 932 933 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 934 M_80211_VAP, M_NOWAIT | M_ZERO); 935 if (rvp == NULL) 936 return (NULL); 937 vap = &rvp->vap; 938 939 if (ieee80211_vap_setup(ic, vap, name, unit, 940 opmode, flags, bssid, mac) != 0) { 941 /* out of memory */ 942 free(rvp, M_80211_VAP); 943 return (NULL); 944 } 945 946 vap->iv_key_update_begin = run_key_update_begin; 947 vap->iv_key_update_end = run_key_update_end; 948 vap->iv_update_beacon = run_update_beacon; 949 vap->iv_max_aid = RT2870_WCID_MAX; 950 /* 951 * To delete the right key from h/w, we need wcid. 952 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 953 * and matching wcid will be written into there. So, cast 954 * some spells to remove 'const' from ieee80211_key{} 955 */ 956 vap->iv_key_delete = (void *)run_key_delete; 957 vap->iv_key_set = (void *)run_key_set; 958 959 /* override state transition machine */ 960 rvp->newstate = vap->iv_newstate; 961 vap->iv_newstate = run_newstate; 962 963 ieee80211_ratectl_init(vap); 964 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 965 966 /* complete setup */ 967 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 968 969 /* make sure id is always unique */ 970 for (i = 0; i < RUN_VAP_MAX; i++) { 971 if((sc->rvp_bmap & 1 << i) == 0){ 972 sc->rvp_bmap |= 1 << i; 973 rvp->rvp_id = i; 974 break; 975 } 976 } 977 if (sc->rvp_cnt++ == 0) 978 ic->ic_opmode = opmode; 979 980 if (opmode == IEEE80211_M_HOSTAP) 981 sc->cmdq_run = RUN_CMDQ_GO; 982 983 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 984 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 985 986 return (vap); 987 } 988 989 static void 990 run_vap_delete(struct ieee80211vap *vap) 991 { 992 struct run_vap *rvp = RUN_VAP(vap); 993 struct ifnet *ifp; 994 struct ieee80211com *ic; 995 struct run_softc *sc; 996 uint8_t rvp_id; 997 998 if (vap == NULL) 999 return; 1000 1001 ic = vap->iv_ic; 1002 ifp = ic->ic_ifp; 1003 1004 sc = ifp->if_softc; 1005 1006 RUN_LOCK(sc); 1007 1008 m_freem(rvp->beacon_mbuf); 1009 rvp->beacon_mbuf = NULL; 1010 1011 rvp_id = rvp->rvp_id; 1012 sc->ratectl_run &= ~(1 << rvp_id); 1013 sc->rvp_bmap &= ~(1 << rvp_id); 1014 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1015 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1016 --sc->rvp_cnt; 1017 1018 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1019 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1020 1021 RUN_UNLOCK(sc); 1022 1023 ieee80211_ratectl_deinit(vap); 1024 ieee80211_vap_detach(vap); 1025 free(rvp, M_80211_VAP); 1026 } 1027 1028 /* 1029 * There are numbers of functions need to be called in context thread. 1030 * Rather than creating taskqueue event for each of those functions, 1031 * here is all-for-one taskqueue callback function. This function 1032 * gurantees deferred functions are executed in the same order they 1033 * were enqueued. 1034 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1035 */ 1036 static void 1037 run_cmdq_cb(void *arg, int pending) 1038 { 1039 struct run_softc *sc = arg; 1040 uint8_t i; 1041 1042 /* call cmdq[].func locked */ 1043 RUN_LOCK(sc); 1044 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1045 i = sc->cmdq_exec, pending--) { 1046 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1047 if (sc->cmdq_run == RUN_CMDQ_GO) { 1048 /* 1049 * If arg0 is NULL, callback func needs more 1050 * than one arg. So, pass ptr to cmdq struct. 1051 */ 1052 if (sc->cmdq[i].arg0) 1053 sc->cmdq[i].func(sc->cmdq[i].arg0); 1054 else 1055 sc->cmdq[i].func(&sc->cmdq[i]); 1056 } 1057 sc->cmdq[i].arg0 = NULL; 1058 sc->cmdq[i].func = NULL; 1059 sc->cmdq_exec++; 1060 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1061 } 1062 RUN_UNLOCK(sc); 1063 } 1064 1065 static void 1066 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1067 { 1068 struct run_tx_data *data; 1069 1070 memset(pq, 0, sizeof(*pq)); 1071 1072 STAILQ_INIT(&pq->tx_qh); 1073 STAILQ_INIT(&pq->tx_fh); 1074 1075 for (data = &pq->tx_data[0]; 1076 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1077 data->sc = sc; 1078 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1079 } 1080 pq->tx_nfree = RUN_TX_RING_COUNT; 1081 } 1082 1083 static void 1084 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1085 { 1086 struct run_tx_data *data; 1087 1088 /* make sure any subsequent use of the queues will fail */ 1089 pq->tx_nfree = 0; 1090 STAILQ_INIT(&pq->tx_fh); 1091 STAILQ_INIT(&pq->tx_qh); 1092 1093 /* free up all node references and mbufs */ 1094 for (data = &pq->tx_data[0]; 1095 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1096 if (data->m != NULL) { 1097 m_freem(data->m); 1098 data->m = NULL; 1099 } 1100 if (data->ni != NULL) { 1101 ieee80211_free_node(data->ni); 1102 data->ni = NULL; 1103 } 1104 } 1105 } 1106 1107 static int 1108 run_load_microcode(struct run_softc *sc) 1109 { 1110 usb_device_request_t req; 1111 const struct firmware *fw; 1112 const u_char *base; 1113 uint32_t tmp; 1114 int ntries, error; 1115 const uint64_t *temp; 1116 uint64_t bytes; 1117 1118 RUN_UNLOCK(sc); 1119 fw = firmware_get("runfw"); 1120 RUN_LOCK(sc); 1121 if (fw == NULL) { 1122 device_printf(sc->sc_dev, 1123 "failed loadfirmware of file %s\n", "runfw"); 1124 return ENOENT; 1125 } 1126 1127 if (fw->datasize != 8192) { 1128 device_printf(sc->sc_dev, 1129 "invalid firmware size (should be 8KB)\n"); 1130 error = EINVAL; 1131 goto fail; 1132 } 1133 1134 /* 1135 * RT3071/RT3072 use a different firmware 1136 * run-rt2870 (8KB) contains both, 1137 * first half (4KB) is for rt2870, 1138 * last half is for rt3071. 1139 */ 1140 base = fw->data; 1141 if ((sc->mac_ver) != 0x2860 && 1142 (sc->mac_ver) != 0x2872 && 1143 (sc->mac_ver) != 0x3070) { 1144 base += 4096; 1145 } 1146 1147 /* cheap sanity check */ 1148 temp = fw->data; 1149 bytes = *temp; 1150 if (bytes != be64toh(0xffffff0210280210ULL)) { 1151 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1152 error = EINVAL; 1153 goto fail; 1154 } 1155 1156 /* write microcode image */ 1157 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1158 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1159 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1160 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1161 } 1162 1163 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1164 req.bRequest = RT2870_RESET; 1165 USETW(req.wValue, 8); 1166 USETW(req.wIndex, 0); 1167 USETW(req.wLength, 0); 1168 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1169 != 0) { 1170 device_printf(sc->sc_dev, "firmware reset failed\n"); 1171 goto fail; 1172 } 1173 1174 run_delay(sc, 10); 1175 1176 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1177 run_write(sc, RT2860_H2M_MAILBOX, 0); 1178 run_write(sc, RT2860_H2M_INTSRC, 0); 1179 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1180 goto fail; 1181 1182 /* wait until microcontroller is ready */ 1183 for (ntries = 0; ntries < 1000; ntries++) { 1184 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1185 goto fail; 1186 if (tmp & RT2860_MCU_READY) 1187 break; 1188 run_delay(sc, 10); 1189 } 1190 if (ntries == 1000) { 1191 device_printf(sc->sc_dev, 1192 "timeout waiting for MCU to initialize\n"); 1193 error = ETIMEDOUT; 1194 goto fail; 1195 } 1196 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1197 (base == fw->data) ? "RT2870" : "RT3071", 1198 *(base + 4092), *(base + 4093)); 1199 1200 fail: 1201 firmware_put(fw, FIRMWARE_UNLOAD); 1202 return (error); 1203 } 1204 1205 static int 1206 run_reset(struct run_softc *sc) 1207 { 1208 usb_device_request_t req; 1209 1210 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1211 req.bRequest = RT2870_RESET; 1212 USETW(req.wValue, 1); 1213 USETW(req.wIndex, 0); 1214 USETW(req.wLength, 0); 1215 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1216 } 1217 1218 static usb_error_t 1219 run_do_request(struct run_softc *sc, 1220 struct usb_device_request *req, void *data) 1221 { 1222 usb_error_t err; 1223 int ntries = 10; 1224 1225 RUN_LOCK_ASSERT(sc, MA_OWNED); 1226 1227 while (ntries--) { 1228 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1229 req, data, 0, NULL, 250 /* ms */); 1230 if (err == 0) 1231 break; 1232 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1233 usbd_errstr(err)); 1234 run_delay(sc, 10); 1235 } 1236 return (err); 1237 } 1238 1239 static int 1240 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1241 { 1242 uint32_t tmp; 1243 int error; 1244 1245 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1246 if (error == 0) 1247 *val = le32toh(tmp); 1248 else 1249 *val = 0xffffffff; 1250 return (error); 1251 } 1252 1253 static int 1254 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1255 { 1256 usb_device_request_t req; 1257 1258 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1259 req.bRequest = RT2870_READ_REGION_1; 1260 USETW(req.wValue, 0); 1261 USETW(req.wIndex, reg); 1262 USETW(req.wLength, len); 1263 1264 return (run_do_request(sc, &req, buf)); 1265 } 1266 1267 static int 1268 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1269 { 1270 usb_device_request_t req; 1271 1272 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1273 req.bRequest = RT2870_WRITE_2; 1274 USETW(req.wValue, val); 1275 USETW(req.wIndex, reg); 1276 USETW(req.wLength, 0); 1277 1278 return (run_do_request(sc, &req, NULL)); 1279 } 1280 1281 static int 1282 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1283 { 1284 int error; 1285 1286 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1287 error = run_write_2(sc, reg + 2, val >> 16); 1288 return (error); 1289 } 1290 1291 static int 1292 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1293 int len) 1294 { 1295 #if 1 1296 int i, error = 0; 1297 /* 1298 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1299 * We thus issue multiple WRITE_2 commands instead. 1300 */ 1301 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1302 for (i = 0; i < len && error == 0; i += 2) 1303 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1304 return (error); 1305 #else 1306 usb_device_request_t req; 1307 int error = 0; 1308 1309 /* 1310 * NOTE: It appears the WRITE_REGION_1 command cannot be 1311 * passed a huge amount of data, which will crash the 1312 * firmware. Limit amount of data passed to 64-bytes at a 1313 * time. 1314 */ 1315 while (len > 0) { 1316 int delta = 64; 1317 if (delta > len) 1318 delta = len; 1319 1320 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1321 req.bRequest = RT2870_WRITE_REGION_1; 1322 USETW(req.wValue, 0); 1323 USETW(req.wIndex, reg); 1324 USETW(req.wLength, delta); 1325 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1326 if (error != 0) 1327 break; 1328 reg += delta; 1329 buf += delta; 1330 len -= delta; 1331 } 1332 return (error); 1333 #endif 1334 } 1335 1336 static int 1337 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1338 { 1339 int i, error = 0; 1340 1341 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1342 for (i = 0; i < len && error == 0; i += 4) 1343 error = run_write(sc, reg + i, val); 1344 return (error); 1345 } 1346 1347 static int 1348 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1349 { 1350 uint32_t tmp; 1351 uint16_t reg; 1352 int error, ntries; 1353 1354 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1355 return (error); 1356 1357 if (count == 2) 1358 addr *= 2; 1359 /*- 1360 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1361 * DATA0: F E D C 1362 * DATA1: B A 9 8 1363 * DATA2: 7 6 5 4 1364 * DATA3: 3 2 1 0 1365 */ 1366 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1367 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1368 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1369 for (ntries = 0; ntries < 100; ntries++) { 1370 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1371 return (error); 1372 if (!(tmp & RT3070_EFSROM_KICK)) 1373 break; 1374 run_delay(sc, 2); 1375 } 1376 if (ntries == 100) 1377 return (ETIMEDOUT); 1378 1379 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1380 *val = 0xffff; /* address not found */ 1381 return (0); 1382 } 1383 /* determine to which 32-bit register our 16-bit word belongs */ 1384 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1385 if ((error = run_read(sc, reg, &tmp)) != 0) 1386 return (error); 1387 1388 tmp >>= (8 * (addr & 0x3)); 1389 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1390 1391 return (0); 1392 } 1393 1394 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1395 static int 1396 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1397 { 1398 return (run_efuse_read(sc, addr, val, 2)); 1399 } 1400 1401 static int 1402 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1403 { 1404 usb_device_request_t req; 1405 uint16_t tmp; 1406 int error; 1407 1408 addr *= 2; 1409 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1410 req.bRequest = RT2870_EEPROM_READ; 1411 USETW(req.wValue, 0); 1412 USETW(req.wIndex, addr); 1413 USETW(req.wLength, sizeof(tmp)); 1414 1415 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1416 if (error == 0) 1417 *val = le16toh(tmp); 1418 else 1419 *val = 0xffff; 1420 return (error); 1421 } 1422 1423 static __inline int 1424 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1425 { 1426 /* either eFUSE ROM or EEPROM */ 1427 return sc->sc_srom_read(sc, addr, val); 1428 } 1429 1430 static int 1431 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1432 { 1433 uint32_t tmp; 1434 int error, ntries; 1435 1436 for (ntries = 0; ntries < 10; ntries++) { 1437 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1438 return (error); 1439 if (!(tmp & RT2860_RF_REG_CTRL)) 1440 break; 1441 } 1442 if (ntries == 10) 1443 return (ETIMEDOUT); 1444 1445 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1446 } 1447 1448 static int 1449 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1450 { 1451 uint32_t tmp; 1452 int error, ntries; 1453 1454 for (ntries = 0; ntries < 100; ntries++) { 1455 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1456 return (error); 1457 if (!(tmp & RT3070_RF_KICK)) 1458 break; 1459 } 1460 if (ntries == 100) 1461 return (ETIMEDOUT); 1462 1463 tmp = RT3070_RF_KICK | reg << 8; 1464 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1465 return (error); 1466 1467 for (ntries = 0; ntries < 100; ntries++) { 1468 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1469 return (error); 1470 if (!(tmp & RT3070_RF_KICK)) 1471 break; 1472 } 1473 if (ntries == 100) 1474 return (ETIMEDOUT); 1475 1476 *val = tmp & 0xff; 1477 return (0); 1478 } 1479 1480 static int 1481 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1482 { 1483 uint32_t tmp; 1484 int error, ntries; 1485 1486 for (ntries = 0; ntries < 10; ntries++) { 1487 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1488 return (error); 1489 if (!(tmp & RT3070_RF_KICK)) 1490 break; 1491 } 1492 if (ntries == 10) 1493 return (ETIMEDOUT); 1494 1495 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1496 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1497 } 1498 1499 static int 1500 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1501 { 1502 uint32_t tmp; 1503 int ntries, error; 1504 1505 for (ntries = 0; ntries < 10; ntries++) { 1506 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1507 return (error); 1508 if (!(tmp & RT2860_BBP_CSR_KICK)) 1509 break; 1510 } 1511 if (ntries == 10) 1512 return (ETIMEDOUT); 1513 1514 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1515 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1516 return (error); 1517 1518 for (ntries = 0; ntries < 10; ntries++) { 1519 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1520 return (error); 1521 if (!(tmp & RT2860_BBP_CSR_KICK)) 1522 break; 1523 } 1524 if (ntries == 10) 1525 return (ETIMEDOUT); 1526 1527 *val = tmp & 0xff; 1528 return (0); 1529 } 1530 1531 static int 1532 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1533 { 1534 uint32_t tmp; 1535 int ntries, error; 1536 1537 for (ntries = 0; ntries < 10; ntries++) { 1538 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1539 return (error); 1540 if (!(tmp & RT2860_BBP_CSR_KICK)) 1541 break; 1542 } 1543 if (ntries == 10) 1544 return (ETIMEDOUT); 1545 1546 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1547 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1548 } 1549 1550 /* 1551 * Send a command to the 8051 microcontroller unit. 1552 */ 1553 static int 1554 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1555 { 1556 uint32_t tmp; 1557 int error, ntries; 1558 1559 for (ntries = 0; ntries < 100; ntries++) { 1560 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1561 return error; 1562 if (!(tmp & RT2860_H2M_BUSY)) 1563 break; 1564 } 1565 if (ntries == 100) 1566 return ETIMEDOUT; 1567 1568 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1569 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1570 error = run_write(sc, RT2860_HOST_CMD, cmd); 1571 return (error); 1572 } 1573 1574 /* 1575 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1576 * Used to adjust per-rate Tx power registers. 1577 */ 1578 static __inline uint32_t 1579 b4inc(uint32_t b32, int8_t delta) 1580 { 1581 int8_t i, b4; 1582 1583 for (i = 0; i < 8; i++) { 1584 b4 = b32 & 0xf; 1585 b4 += delta; 1586 if (b4 < 0) 1587 b4 = 0; 1588 else if (b4 > 0xf) 1589 b4 = 0xf; 1590 b32 = b32 >> 4 | b4 << 28; 1591 } 1592 return (b32); 1593 } 1594 1595 static const char * 1596 run_get_rf(uint16_t rev) 1597 { 1598 switch (rev) { 1599 case RT2860_RF_2820: return "RT2820"; 1600 case RT2860_RF_2850: return "RT2850"; 1601 case RT2860_RF_2720: return "RT2720"; 1602 case RT2860_RF_2750: return "RT2750"; 1603 case RT3070_RF_3020: return "RT3020"; 1604 case RT3070_RF_2020: return "RT2020"; 1605 case RT3070_RF_3021: return "RT3021"; 1606 case RT3070_RF_3022: return "RT3022"; 1607 case RT3070_RF_3052: return "RT3052"; 1608 case RT3593_RF_3053: return "RT3053"; 1609 case RT5592_RF_5592: return "RT5592"; 1610 case RT5390_RF_5370: return "RT5370"; 1611 case RT5390_RF_5372: return "RT5372"; 1612 } 1613 return ("unknown"); 1614 } 1615 1616 static void 1617 run_rt3593_get_txpower(struct run_softc *sc) 1618 { 1619 uint16_t addr, val; 1620 int i; 1621 1622 /* Read power settings for 2GHz channels. */ 1623 for (i = 0; i < 14; i += 2) { 1624 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1625 RT2860_EEPROM_PWR2GHZ_BASE1; 1626 run_srom_read(sc, addr + i / 2, &val); 1627 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1628 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1629 1630 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1631 RT2860_EEPROM_PWR2GHZ_BASE2; 1632 run_srom_read(sc, addr + i / 2, &val); 1633 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1634 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1635 1636 if (sc->ntxchains == 3) { 1637 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1638 &val); 1639 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1640 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1641 } 1642 } 1643 /* Fix broken Tx power entries. */ 1644 for (i = 0; i < 14; i++) { 1645 if (sc->txpow1[i] > 31) 1646 sc->txpow1[i] = 5; 1647 if (sc->txpow2[i] > 31) 1648 sc->txpow2[i] = 5; 1649 if (sc->ntxchains == 3) { 1650 if (sc->txpow3[i] > 31) 1651 sc->txpow3[i] = 5; 1652 } 1653 } 1654 /* Read power settings for 5GHz channels. */ 1655 for (i = 0; i < 40; i += 2) { 1656 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1657 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1658 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1659 1660 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1661 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1662 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1663 1664 if (sc->ntxchains == 3) { 1665 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1666 &val); 1667 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1668 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1669 } 1670 } 1671 } 1672 1673 static void 1674 run_get_txpower(struct run_softc *sc) 1675 { 1676 uint16_t val; 1677 int i; 1678 1679 /* Read power settings for 2GHz channels. */ 1680 for (i = 0; i < 14; i += 2) { 1681 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1682 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1683 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1684 1685 if (sc->mac_ver != 0x5390) { 1686 run_srom_read(sc, 1687 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1688 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1689 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1690 } 1691 } 1692 /* Fix broken Tx power entries. */ 1693 for (i = 0; i < 14; i++) { 1694 if (sc->mac_ver >= 0x5390) { 1695 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1696 sc->txpow1[i] = 5; 1697 } else { 1698 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1699 sc->txpow1[i] = 5; 1700 } 1701 if (sc->mac_ver > 0x5390) { 1702 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1703 sc->txpow2[i] = 5; 1704 } else if (sc->mac_ver < 0x5390) { 1705 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1706 sc->txpow2[i] = 5; 1707 } 1708 DPRINTF("chan %d: power1=%d, power2=%d\n", 1709 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1710 } 1711 /* Read power settings for 5GHz channels. */ 1712 for (i = 0; i < 40; i += 2) { 1713 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1714 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1715 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1716 1717 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1718 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1719 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1720 } 1721 /* Fix broken Tx power entries. */ 1722 for (i = 0; i < 40; i++ ) { 1723 if (sc->mac_ver != 0x5592) { 1724 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1725 sc->txpow1[14 + i] = 5; 1726 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1727 sc->txpow2[14 + i] = 5; 1728 } 1729 DPRINTF("chan %d: power1=%d, power2=%d\n", 1730 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1731 sc->txpow2[14 + i]); 1732 } 1733 } 1734 1735 static int 1736 run_read_eeprom(struct run_softc *sc) 1737 { 1738 int8_t delta_2ghz, delta_5ghz; 1739 uint32_t tmp; 1740 uint16_t val; 1741 int ridx, ant, i; 1742 1743 /* check whether the ROM is eFUSE ROM or EEPROM */ 1744 sc->sc_srom_read = run_eeprom_read_2; 1745 if (sc->mac_ver >= 0x3070) { 1746 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1747 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1748 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1749 sc->sc_srom_read = run_efuse_read_2; 1750 } 1751 1752 /* read ROM version */ 1753 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1754 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1755 1756 /* read MAC address */ 1757 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1758 sc->sc_bssid[0] = val & 0xff; 1759 sc->sc_bssid[1] = val >> 8; 1760 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1761 sc->sc_bssid[2] = val & 0xff; 1762 sc->sc_bssid[3] = val >> 8; 1763 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1764 sc->sc_bssid[4] = val & 0xff; 1765 sc->sc_bssid[5] = val >> 8; 1766 1767 if (sc->mac_ver < 0x3593) { 1768 /* read vender BBP settings */ 1769 for (i = 0; i < 10; i++) { 1770 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1771 sc->bbp[i].val = val & 0xff; 1772 sc->bbp[i].reg = val >> 8; 1773 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1774 sc->bbp[i].val); 1775 } 1776 if (sc->mac_ver >= 0x3071) { 1777 /* read vendor RF settings */ 1778 for (i = 0; i < 10; i++) { 1779 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1780 &val); 1781 sc->rf[i].val = val & 0xff; 1782 sc->rf[i].reg = val >> 8; 1783 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1784 sc->rf[i].val); 1785 } 1786 } 1787 } 1788 1789 /* read RF frequency offset from EEPROM */ 1790 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1791 RT3593_EEPROM_FREQ, &val); 1792 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1793 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1794 1795 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1796 RT3593_EEPROM_FREQ_LEDS, &val); 1797 if (val >> 8 != 0xff) { 1798 /* read LEDs operating mode */ 1799 sc->leds = val >> 8; 1800 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1801 RT3593_EEPROM_LED1, &sc->led[0]); 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1803 RT3593_EEPROM_LED2, &sc->led[1]); 1804 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1805 RT3593_EEPROM_LED3, &sc->led[2]); 1806 } else { 1807 /* broken EEPROM, use default settings */ 1808 sc->leds = 0x01; 1809 sc->led[0] = 0x5555; 1810 sc->led[1] = 0x2221; 1811 sc->led[2] = 0x5627; /* differs from RT2860 */ 1812 } 1813 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1814 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1815 1816 /* read RF information */ 1817 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1818 run_srom_read(sc, 0x00, &val); 1819 else 1820 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1821 1822 if (val == 0xffff) { 1823 device_printf(sc->sc_dev, 1824 "invalid EEPROM antenna info, using default\n"); 1825 DPRINTF("invalid EEPROM antenna info, using default\n"); 1826 if (sc->mac_ver == 0x3572) { 1827 /* default to RF3052 2T2R */ 1828 sc->rf_rev = RT3070_RF_3052; 1829 sc->ntxchains = 2; 1830 sc->nrxchains = 2; 1831 } else if (sc->mac_ver >= 0x3070) { 1832 /* default to RF3020 1T1R */ 1833 sc->rf_rev = RT3070_RF_3020; 1834 sc->ntxchains = 1; 1835 sc->nrxchains = 1; 1836 } else { 1837 /* default to RF2820 1T2R */ 1838 sc->rf_rev = RT2860_RF_2820; 1839 sc->ntxchains = 1; 1840 sc->nrxchains = 2; 1841 } 1842 } else { 1843 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1844 sc->rf_rev = val; 1845 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1846 } else 1847 sc->rf_rev = (val >> 8) & 0xf; 1848 sc->ntxchains = (val >> 4) & 0xf; 1849 sc->nrxchains = val & 0xf; 1850 } 1851 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1852 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1853 1854 /* check if RF supports automatic Tx access gain control */ 1855 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1856 DPRINTF("EEPROM CFG 0x%04x\n", val); 1857 /* check if driver should patch the DAC issue */ 1858 if ((val >> 8) != 0xff) 1859 sc->patch_dac = (val >> 15) & 1; 1860 if ((val & 0xff) != 0xff) { 1861 sc->ext_5ghz_lna = (val >> 3) & 1; 1862 sc->ext_2ghz_lna = (val >> 2) & 1; 1863 /* check if RF supports automatic Tx access gain control */ 1864 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1865 /* check if we have a hardware radio switch */ 1866 sc->rfswitch = val & 1; 1867 } 1868 1869 /* Read Tx power settings. */ 1870 if (sc->mac_ver == 0x3593) 1871 run_rt3593_get_txpower(sc); 1872 else 1873 run_get_txpower(sc); 1874 1875 /* read Tx power compensation for each Tx rate */ 1876 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1877 delta_2ghz = delta_5ghz = 0; 1878 if ((val & 0xff) != 0xff && (val & 0x80)) { 1879 delta_2ghz = val & 0xf; 1880 if (!(val & 0x40)) /* negative number */ 1881 delta_2ghz = -delta_2ghz; 1882 } 1883 val >>= 8; 1884 if ((val & 0xff) != 0xff && (val & 0x80)) { 1885 delta_5ghz = val & 0xf; 1886 if (!(val & 0x40)) /* negative number */ 1887 delta_5ghz = -delta_5ghz; 1888 } 1889 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1890 delta_2ghz, delta_5ghz); 1891 1892 for (ridx = 0; ridx < 5; ridx++) { 1893 uint32_t reg; 1894 1895 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1896 reg = val; 1897 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1898 reg |= (uint32_t)val << 16; 1899 1900 sc->txpow20mhz[ridx] = reg; 1901 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1902 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1903 1904 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1905 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1906 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1907 } 1908 1909 /* Read RSSI offsets and LNA gains from EEPROM. */ 1910 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1911 RT3593_EEPROM_RSSI1_2GHZ, &val); 1912 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1913 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1914 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1915 RT3593_EEPROM_RSSI2_2GHZ, &val); 1916 if (sc->mac_ver >= 0x3070) { 1917 if (sc->mac_ver == 0x3593) { 1918 sc->txmixgain_2ghz = 0; 1919 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1920 } else { 1921 /* 1922 * On RT3070 chips (limited to 2 Rx chains), this ROM 1923 * field contains the Tx mixer gain for the 2GHz band. 1924 */ 1925 if ((val & 0xff) != 0xff) 1926 sc->txmixgain_2ghz = val & 0x7; 1927 } 1928 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1929 } else 1930 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1931 if (sc->mac_ver == 0x3593) 1932 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1933 sc->lna[2] = val >> 8; /* channel group 2 */ 1934 1935 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1936 RT3593_EEPROM_RSSI1_5GHZ, &val); 1937 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1938 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1939 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1940 RT3593_EEPROM_RSSI2_5GHZ, &val); 1941 if (sc->mac_ver == 0x3572) { 1942 /* 1943 * On RT3572 chips (limited to 2 Rx chains), this ROM 1944 * field contains the Tx mixer gain for the 5GHz band. 1945 */ 1946 if ((val & 0xff) != 0xff) 1947 sc->txmixgain_5ghz = val & 0x7; 1948 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1949 } else 1950 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1951 if (sc->mac_ver == 0x3593) { 1952 sc->txmixgain_5ghz = 0; 1953 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1954 } 1955 sc->lna[3] = val >> 8; /* channel group 3 */ 1956 1957 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1958 RT3593_EEPROM_LNA, &val); 1959 sc->lna[0] = val & 0xff; /* channel group 0 */ 1960 sc->lna[1] = val >> 8; /* channel group 1 */ 1961 1962 /* fix broken 5GHz LNA entries */ 1963 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1964 DPRINTF("invalid LNA for channel group %d\n", 2); 1965 sc->lna[2] = sc->lna[1]; 1966 } 1967 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1968 DPRINTF("invalid LNA for channel group %d\n", 3); 1969 sc->lna[3] = sc->lna[1]; 1970 } 1971 1972 /* fix broken RSSI offset entries */ 1973 for (ant = 0; ant < 3; ant++) { 1974 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1975 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1976 ant + 1, sc->rssi_2ghz[ant]); 1977 sc->rssi_2ghz[ant] = 0; 1978 } 1979 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1980 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1981 ant + 1, sc->rssi_5ghz[ant]); 1982 sc->rssi_5ghz[ant] = 0; 1983 } 1984 } 1985 return (0); 1986 } 1987 1988 static struct ieee80211_node * 1989 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1990 { 1991 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1992 } 1993 1994 static int 1995 run_media_change(struct ifnet *ifp) 1996 { 1997 struct ieee80211vap *vap = ifp->if_softc; 1998 struct ieee80211com *ic = vap->iv_ic; 1999 const struct ieee80211_txparam *tp; 2000 struct run_softc *sc = ic->ic_ifp->if_softc; 2001 uint8_t rate, ridx; 2002 int error; 2003 2004 RUN_LOCK(sc); 2005 2006 error = ieee80211_media_change(ifp); 2007 if (error != ENETRESET) { 2008 RUN_UNLOCK(sc); 2009 return (error); 2010 } 2011 2012 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2013 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2014 struct ieee80211_node *ni; 2015 struct run_node *rn; 2016 2017 rate = ic->ic_sup_rates[ic->ic_curmode]. 2018 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2019 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2020 if (rt2860_rates[ridx].rate == rate) 2021 break; 2022 ni = ieee80211_ref_node(vap->iv_bss); 2023 rn = (struct run_node *)ni; 2024 rn->fix_ridx = ridx; 2025 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2026 ieee80211_free_node(ni); 2027 } 2028 2029 #if 0 2030 if ((ifp->if_flags & IFF_UP) && 2031 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 2032 run_init_locked(sc); 2033 } 2034 #endif 2035 2036 RUN_UNLOCK(sc); 2037 2038 return (0); 2039 } 2040 2041 static int 2042 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2043 { 2044 const struct ieee80211_txparam *tp; 2045 struct ieee80211com *ic = vap->iv_ic; 2046 struct run_softc *sc = ic->ic_ifp->if_softc; 2047 struct run_vap *rvp = RUN_VAP(vap); 2048 enum ieee80211_state ostate; 2049 uint32_t sta[3]; 2050 uint32_t tmp; 2051 uint8_t ratectl; 2052 uint8_t restart_ratectl = 0; 2053 uint8_t bid = 1 << rvp->rvp_id; 2054 2055 ostate = vap->iv_state; 2056 DPRINTF("%s -> %s\n", 2057 ieee80211_state_name[ostate], 2058 ieee80211_state_name[nstate]); 2059 2060 IEEE80211_UNLOCK(ic); 2061 RUN_LOCK(sc); 2062 2063 ratectl = sc->ratectl_run; /* remember current state */ 2064 sc->ratectl_run = RUN_RATECTL_OFF; 2065 usb_callout_stop(&sc->ratectl_ch); 2066 2067 if (ostate == IEEE80211_S_RUN) { 2068 /* turn link LED off */ 2069 run_set_leds(sc, RT2860_LED_RADIO); 2070 } 2071 2072 switch (nstate) { 2073 case IEEE80211_S_INIT: 2074 restart_ratectl = 1; 2075 2076 if (ostate != IEEE80211_S_RUN) 2077 break; 2078 2079 ratectl &= ~bid; 2080 sc->runbmap &= ~bid; 2081 2082 /* abort TSF synchronization if there is no vap running */ 2083 if (--sc->running == 0) { 2084 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2085 run_write(sc, RT2860_BCN_TIME_CFG, 2086 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2087 RT2860_TBTT_TIMER_EN)); 2088 } 2089 break; 2090 2091 case IEEE80211_S_RUN: 2092 if (!(sc->runbmap & bid)) { 2093 if(sc->running++) 2094 restart_ratectl = 1; 2095 sc->runbmap |= bid; 2096 } 2097 2098 m_freem(rvp->beacon_mbuf); 2099 rvp->beacon_mbuf = NULL; 2100 2101 switch (vap->iv_opmode) { 2102 case IEEE80211_M_HOSTAP: 2103 case IEEE80211_M_MBSS: 2104 sc->ap_running |= bid; 2105 ic->ic_opmode = vap->iv_opmode; 2106 run_update_beacon_cb(vap); 2107 break; 2108 case IEEE80211_M_IBSS: 2109 sc->adhoc_running |= bid; 2110 if (!sc->ap_running) 2111 ic->ic_opmode = vap->iv_opmode; 2112 run_update_beacon_cb(vap); 2113 break; 2114 case IEEE80211_M_STA: 2115 sc->sta_running |= bid; 2116 if (!sc->ap_running && !sc->adhoc_running) 2117 ic->ic_opmode = vap->iv_opmode; 2118 2119 /* read statistic counters (clear on read) */ 2120 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2121 (uint8_t *)sta, sizeof sta); 2122 2123 break; 2124 default: 2125 ic->ic_opmode = vap->iv_opmode; 2126 break; 2127 } 2128 2129 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2130 struct ieee80211_node *ni; 2131 2132 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2133 RUN_UNLOCK(sc); 2134 IEEE80211_LOCK(ic); 2135 return (-1); 2136 } 2137 run_updateslot(ic->ic_ifp); 2138 run_enable_mrr(sc); 2139 run_set_txpreamble(sc); 2140 run_set_basicrates(sc); 2141 ni = ieee80211_ref_node(vap->iv_bss); 2142 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2143 run_set_bssid(sc, ni->ni_bssid); 2144 ieee80211_free_node(ni); 2145 run_enable_tsf_sync(sc); 2146 2147 /* enable automatic rate adaptation */ 2148 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2149 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2150 ratectl |= bid; 2151 } 2152 2153 /* turn link LED on */ 2154 run_set_leds(sc, RT2860_LED_RADIO | 2155 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2156 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2157 2158 break; 2159 default: 2160 DPRINTFN(6, "undefined case\n"); 2161 break; 2162 } 2163 2164 /* restart amrr for running VAPs */ 2165 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2166 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2167 2168 RUN_UNLOCK(sc); 2169 IEEE80211_LOCK(ic); 2170 2171 return(rvp->newstate(vap, nstate, arg)); 2172 } 2173 2174 /* ARGSUSED */ 2175 static void 2176 run_wme_update_cb(void *arg) 2177 { 2178 struct ieee80211com *ic = arg; 2179 struct run_softc *sc = ic->ic_ifp->if_softc; 2180 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2181 int aci, error = 0; 2182 2183 RUN_LOCK_ASSERT(sc, MA_OWNED); 2184 2185 /* update MAC TX configuration registers */ 2186 for (aci = 0; aci < WME_NUM_AC; aci++) { 2187 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2188 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2189 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2190 wmesp->wme_params[aci].wmep_aifsn << 8 | 2191 wmesp->wme_params[aci].wmep_txopLimit); 2192 if (error) goto err; 2193 } 2194 2195 /* update SCH/DMA registers too */ 2196 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2197 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2198 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2199 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2200 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2201 if (error) goto err; 2202 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2203 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2204 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2205 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2206 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2207 if (error) goto err; 2208 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2209 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2210 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2211 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2212 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2213 if (error) goto err; 2214 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2215 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2216 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2217 if (error) goto err; 2218 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2219 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2220 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2221 2222 err: 2223 if (error) 2224 DPRINTF("WME update failed\n"); 2225 2226 return; 2227 } 2228 2229 static int 2230 run_wme_update(struct ieee80211com *ic) 2231 { 2232 struct run_softc *sc = ic->ic_ifp->if_softc; 2233 2234 /* sometime called wothout lock */ 2235 if (mtx_owned(&ic->ic_comlock.mtx)) { 2236 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2237 DPRINTF("cmdq_store=%d\n", i); 2238 sc->cmdq[i].func = run_wme_update_cb; 2239 sc->cmdq[i].arg0 = ic; 2240 ieee80211_runtask(ic, &sc->cmdq_task); 2241 return (0); 2242 } 2243 2244 RUN_LOCK(sc); 2245 run_wme_update_cb(ic); 2246 RUN_UNLOCK(sc); 2247 2248 /* return whatever, upper layer desn't care anyway */ 2249 return (0); 2250 } 2251 2252 static void 2253 run_key_update_begin(struct ieee80211vap *vap) 2254 { 2255 /* 2256 * To avoid out-of-order events, both run_key_set() and 2257 * _delete() are deferred and handled by run_cmdq_cb(). 2258 * So, there is nothing we need to do here. 2259 */ 2260 } 2261 2262 static void 2263 run_key_update_end(struct ieee80211vap *vap) 2264 { 2265 /* null */ 2266 } 2267 2268 static void 2269 run_key_set_cb(void *arg) 2270 { 2271 struct run_cmdq *cmdq = arg; 2272 struct ieee80211vap *vap = cmdq->arg1; 2273 struct ieee80211_key *k = cmdq->k; 2274 struct ieee80211com *ic = vap->iv_ic; 2275 struct run_softc *sc = ic->ic_ifp->if_softc; 2276 struct ieee80211_node *ni; 2277 uint32_t attr; 2278 uint16_t base, associd; 2279 uint8_t mode, wcid, iv[8]; 2280 2281 RUN_LOCK_ASSERT(sc, MA_OWNED); 2282 2283 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2284 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2285 else 2286 ni = vap->iv_bss; 2287 associd = (ni != NULL) ? ni->ni_associd : 0; 2288 2289 /* map net80211 cipher to RT2860 security mode */ 2290 switch (k->wk_cipher->ic_cipher) { 2291 case IEEE80211_CIPHER_WEP: 2292 if(k->wk_keylen < 8) 2293 mode = RT2860_MODE_WEP40; 2294 else 2295 mode = RT2860_MODE_WEP104; 2296 break; 2297 case IEEE80211_CIPHER_TKIP: 2298 mode = RT2860_MODE_TKIP; 2299 break; 2300 case IEEE80211_CIPHER_AES_CCM: 2301 mode = RT2860_MODE_AES_CCMP; 2302 break; 2303 default: 2304 DPRINTF("undefined case\n"); 2305 return; 2306 } 2307 2308 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2309 associd, k->wk_keyix, mode, 2310 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2311 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2312 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2313 2314 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2315 wcid = 0; /* NB: update WCID0 for group keys */ 2316 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2317 } else { 2318 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2319 1 : RUN_AID2WCID(associd); 2320 base = RT2860_PKEY(wcid); 2321 } 2322 2323 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2324 if(run_write_region_1(sc, base, k->wk_key, 16)) 2325 return; 2326 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2327 return; 2328 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2329 return; 2330 } else { 2331 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2332 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2333 return; 2334 } 2335 2336 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2337 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2338 /* set initial packet number in IV+EIV */ 2339 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2340 memset(iv, 0, sizeof iv); 2341 iv[3] = vap->iv_def_txkey << 6; 2342 } else { 2343 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2344 iv[0] = k->wk_keytsc >> 8; 2345 iv[1] = (iv[0] | 0x20) & 0x7f; 2346 iv[2] = k->wk_keytsc; 2347 } else /* CCMP */ { 2348 iv[0] = k->wk_keytsc; 2349 iv[1] = k->wk_keytsc >> 8; 2350 iv[2] = 0; 2351 } 2352 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2353 iv[4] = k->wk_keytsc >> 16; 2354 iv[5] = k->wk_keytsc >> 24; 2355 iv[6] = k->wk_keytsc >> 32; 2356 iv[7] = k->wk_keytsc >> 40; 2357 } 2358 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2359 return; 2360 } 2361 2362 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2363 /* install group key */ 2364 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2365 return; 2366 attr &= ~(0xf << (k->wk_keyix * 4)); 2367 attr |= mode << (k->wk_keyix * 4); 2368 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2369 return; 2370 } else { 2371 /* install pairwise key */ 2372 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2373 return; 2374 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2375 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2376 return; 2377 } 2378 2379 /* TODO create a pass-thru key entry? */ 2380 2381 /* need wcid to delete the right key later */ 2382 k->wk_pad = wcid; 2383 } 2384 2385 /* 2386 * Don't have to be deferred, but in order to keep order of 2387 * execution, i.e. with run_key_delete(), defer this and let 2388 * run_cmdq_cb() maintain the order. 2389 * 2390 * return 0 on error 2391 */ 2392 static int 2393 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2394 const uint8_t mac[IEEE80211_ADDR_LEN]) 2395 { 2396 struct ieee80211com *ic = vap->iv_ic; 2397 struct run_softc *sc = ic->ic_ifp->if_softc; 2398 uint32_t i; 2399 2400 i = RUN_CMDQ_GET(&sc->cmdq_store); 2401 DPRINTF("cmdq_store=%d\n", i); 2402 sc->cmdq[i].func = run_key_set_cb; 2403 sc->cmdq[i].arg0 = NULL; 2404 sc->cmdq[i].arg1 = vap; 2405 sc->cmdq[i].k = k; 2406 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2407 ieee80211_runtask(ic, &sc->cmdq_task); 2408 2409 /* 2410 * To make sure key will be set when hostapd 2411 * calls iv_key_set() before if_init(). 2412 */ 2413 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2414 RUN_LOCK(sc); 2415 sc->cmdq_key_set = RUN_CMDQ_GO; 2416 RUN_UNLOCK(sc); 2417 } 2418 2419 return (1); 2420 } 2421 2422 /* 2423 * If wlan is destroyed without being brought down i.e. without 2424 * wlan down or wpa_cli terminate, this function is called after 2425 * vap is gone. Don't refer it. 2426 */ 2427 static void 2428 run_key_delete_cb(void *arg) 2429 { 2430 struct run_cmdq *cmdq = arg; 2431 struct run_softc *sc = cmdq->arg1; 2432 struct ieee80211_key *k = &cmdq->key; 2433 uint32_t attr; 2434 uint8_t wcid; 2435 2436 RUN_LOCK_ASSERT(sc, MA_OWNED); 2437 2438 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2439 /* remove group key */ 2440 DPRINTF("removing group key\n"); 2441 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2442 attr &= ~(0xf << (k->wk_keyix * 4)); 2443 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2444 } else { 2445 /* remove pairwise key */ 2446 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2447 /* matching wcid was written to wk_pad in run_key_set() */ 2448 wcid = k->wk_pad; 2449 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2450 attr &= ~0xf; 2451 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2452 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2453 } 2454 2455 k->wk_pad = 0; 2456 } 2457 2458 /* 2459 * return 0 on error 2460 */ 2461 static int 2462 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2463 { 2464 struct ieee80211com *ic = vap->iv_ic; 2465 struct run_softc *sc = ic->ic_ifp->if_softc; 2466 struct ieee80211_key *k0; 2467 uint32_t i; 2468 2469 /* 2470 * When called back, key might be gone. So, make a copy 2471 * of some values need to delete keys before deferring. 2472 * But, because of LOR with node lock, cannot use lock here. 2473 * So, use atomic instead. 2474 */ 2475 i = RUN_CMDQ_GET(&sc->cmdq_store); 2476 DPRINTF("cmdq_store=%d\n", i); 2477 sc->cmdq[i].func = run_key_delete_cb; 2478 sc->cmdq[i].arg0 = NULL; 2479 sc->cmdq[i].arg1 = sc; 2480 k0 = &sc->cmdq[i].key; 2481 k0->wk_flags = k->wk_flags; 2482 k0->wk_keyix = k->wk_keyix; 2483 /* matching wcid was written to wk_pad in run_key_set() */ 2484 k0->wk_pad = k->wk_pad; 2485 ieee80211_runtask(ic, &sc->cmdq_task); 2486 return (1); /* return fake success */ 2487 2488 } 2489 2490 static void 2491 run_ratectl_to(void *arg) 2492 { 2493 struct run_softc *sc = arg; 2494 2495 /* do it in a process context, so it can go sleep */ 2496 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2497 /* next timeout will be rescheduled in the callback task */ 2498 } 2499 2500 /* ARGSUSED */ 2501 static void 2502 run_ratectl_cb(void *arg, int pending) 2503 { 2504 struct run_softc *sc = arg; 2505 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2506 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2507 2508 if (vap == NULL) 2509 return; 2510 2511 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2512 run_iter_func(sc, vap->iv_bss); 2513 else { 2514 /* 2515 * run_reset_livelock() doesn't do anything with AMRR, 2516 * but Ralink wants us to call it every 1 sec. So, we 2517 * piggyback here rather than creating another callout. 2518 * Livelock may occur only in HOSTAP or IBSS mode 2519 * (when h/w is sending beacons). 2520 */ 2521 RUN_LOCK(sc); 2522 run_reset_livelock(sc); 2523 /* just in case, there are some stats to drain */ 2524 run_drain_fifo(sc); 2525 RUN_UNLOCK(sc); 2526 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2527 } 2528 2529 RUN_LOCK(sc); 2530 if(sc->ratectl_run != RUN_RATECTL_OFF) 2531 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2532 RUN_UNLOCK(sc); 2533 } 2534 2535 static void 2536 run_drain_fifo(void *arg) 2537 { 2538 struct run_softc *sc = arg; 2539 struct ifnet *ifp = sc->sc_ifp; 2540 uint32_t stat; 2541 uint16_t (*wstat)[3]; 2542 uint8_t wcid, mcs, pid; 2543 int8_t retry; 2544 2545 RUN_LOCK_ASSERT(sc, MA_OWNED); 2546 2547 for (;;) { 2548 /* drain Tx status FIFO (maxsize = 16) */ 2549 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2550 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2551 if (!(stat & RT2860_TXQ_VLD)) 2552 break; 2553 2554 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2555 2556 /* if no ACK was requested, no feedback is available */ 2557 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2558 wcid == 0) 2559 continue; 2560 2561 /* 2562 * Even though each stat is Tx-complete-status like format, 2563 * the device can poll stats. Because there is no guarantee 2564 * that the referring node is still around when read the stats. 2565 * So that, if we use ieee80211_ratectl_tx_update(), we will 2566 * have hard time not to refer already freed node. 2567 * 2568 * To eliminate such page faults, we poll stats in softc. 2569 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2570 */ 2571 wstat = &(sc->wcid_stats[wcid]); 2572 (*wstat)[RUN_TXCNT]++; 2573 if (stat & RT2860_TXQ_OK) 2574 (*wstat)[RUN_SUCCESS]++; 2575 else 2576 ifp->if_oerrors++; 2577 /* 2578 * Check if there were retries, ie if the Tx success rate is 2579 * different from the requested rate. Note that it works only 2580 * because we do not allow rate fallback from OFDM to CCK. 2581 */ 2582 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2583 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2584 if ((retry = pid -1 - mcs) > 0) { 2585 (*wstat)[RUN_TXCNT] += retry; 2586 (*wstat)[RUN_RETRY] += retry; 2587 } 2588 } 2589 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2590 2591 sc->fifo_cnt = 0; 2592 } 2593 2594 static void 2595 run_iter_func(void *arg, struct ieee80211_node *ni) 2596 { 2597 struct run_softc *sc = arg; 2598 struct ieee80211vap *vap = ni->ni_vap; 2599 struct ieee80211com *ic = ni->ni_ic; 2600 struct ifnet *ifp = ic->ic_ifp; 2601 struct run_node *rn = (void *)ni; 2602 union run_stats sta[2]; 2603 uint16_t (*wstat)[3]; 2604 int txcnt, success, retrycnt, error; 2605 2606 RUN_LOCK(sc); 2607 2608 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2609 vap->iv_opmode == IEEE80211_M_STA)) { 2610 /* read statistic counters (clear on read) and update AMRR state */ 2611 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2612 sizeof sta); 2613 if (error != 0) 2614 goto fail; 2615 2616 /* count failed TX as errors */ 2617 ifp->if_oerrors += le16toh(sta[0].error.fail); 2618 2619 retrycnt = le16toh(sta[1].tx.retry); 2620 success = le16toh(sta[1].tx.success); 2621 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2622 2623 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2624 retrycnt, success, le16toh(sta[0].error.fail)); 2625 } else { 2626 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2627 2628 if (wstat == &(sc->wcid_stats[0]) || 2629 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2630 goto fail; 2631 2632 txcnt = (*wstat)[RUN_TXCNT]; 2633 success = (*wstat)[RUN_SUCCESS]; 2634 retrycnt = (*wstat)[RUN_RETRY]; 2635 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2636 retrycnt, txcnt, success); 2637 2638 memset(wstat, 0, sizeof(*wstat)); 2639 } 2640 2641 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2642 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2643 2644 fail: 2645 RUN_UNLOCK(sc); 2646 2647 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2648 } 2649 2650 static void 2651 run_newassoc_cb(void *arg) 2652 { 2653 struct run_cmdq *cmdq = arg; 2654 struct ieee80211_node *ni = cmdq->arg1; 2655 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2656 uint8_t wcid = cmdq->wcid; 2657 2658 RUN_LOCK_ASSERT(sc, MA_OWNED); 2659 2660 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2661 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2662 2663 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2664 } 2665 2666 static void 2667 run_newassoc(struct ieee80211_node *ni, int isnew) 2668 { 2669 struct run_node *rn = (void *)ni; 2670 struct ieee80211_rateset *rs = &ni->ni_rates; 2671 struct ieee80211vap *vap = ni->ni_vap; 2672 struct ieee80211com *ic = vap->iv_ic; 2673 struct run_softc *sc = ic->ic_ifp->if_softc; 2674 uint8_t rate; 2675 uint8_t ridx; 2676 uint8_t wcid; 2677 int i, j; 2678 2679 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2680 1 : RUN_AID2WCID(ni->ni_associd); 2681 2682 if (wcid > RT2870_WCID_MAX) { 2683 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2684 return; 2685 } 2686 2687 /* only interested in true associations */ 2688 if (isnew && ni->ni_associd != 0) { 2689 2690 /* 2691 * This function could is called though timeout function. 2692 * Need to defer. 2693 */ 2694 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2695 DPRINTF("cmdq_store=%d\n", cnt); 2696 sc->cmdq[cnt].func = run_newassoc_cb; 2697 sc->cmdq[cnt].arg0 = NULL; 2698 sc->cmdq[cnt].arg1 = ni; 2699 sc->cmdq[cnt].wcid = wcid; 2700 ieee80211_runtask(ic, &sc->cmdq_task); 2701 } 2702 2703 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2704 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2705 2706 for (i = 0; i < rs->rs_nrates; i++) { 2707 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2708 /* convert 802.11 rate to hardware rate index */ 2709 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2710 if (rt2860_rates[ridx].rate == rate) 2711 break; 2712 rn->ridx[i] = ridx; 2713 /* determine rate of control response frames */ 2714 for (j = i; j >= 0; j--) { 2715 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2716 rt2860_rates[rn->ridx[i]].phy == 2717 rt2860_rates[rn->ridx[j]].phy) 2718 break; 2719 } 2720 if (j >= 0) { 2721 rn->ctl_ridx[i] = rn->ridx[j]; 2722 } else { 2723 /* no basic rate found, use mandatory one */ 2724 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2725 } 2726 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2727 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2728 } 2729 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2730 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2731 if (rt2860_rates[ridx].rate == rate) 2732 break; 2733 rn->mgt_ridx = ridx; 2734 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2735 2736 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2737 } 2738 2739 /* 2740 * Return the Rx chain with the highest RSSI for a given frame. 2741 */ 2742 static __inline uint8_t 2743 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2744 { 2745 uint8_t rxchain = 0; 2746 2747 if (sc->nrxchains > 1) { 2748 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2749 rxchain = 1; 2750 if (sc->nrxchains > 2) 2751 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2752 rxchain = 2; 2753 } 2754 return (rxchain); 2755 } 2756 2757 static void 2758 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2759 { 2760 struct ifnet *ifp = sc->sc_ifp; 2761 struct ieee80211com *ic = ifp->if_l2com; 2762 struct ieee80211_frame *wh; 2763 struct ieee80211_node *ni; 2764 struct rt2870_rxd *rxd; 2765 struct rt2860_rxwi *rxwi; 2766 uint32_t flags; 2767 uint16_t len, rxwisize; 2768 uint8_t ant, rssi; 2769 int8_t nf; 2770 2771 rxwi = mtod(m, struct rt2860_rxwi *); 2772 len = le16toh(rxwi->len) & 0xfff; 2773 rxwisize = sizeof(struct rt2860_rxwi); 2774 if (sc->mac_ver == 0x5592) 2775 rxwisize += sizeof(uint64_t); 2776 else if (sc->mac_ver == 0x3593) 2777 rxwisize += sizeof(uint32_t); 2778 if (__predict_false(len > dmalen)) { 2779 m_freem(m); 2780 ifp->if_ierrors++; 2781 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2782 return; 2783 } 2784 /* Rx descriptor is located at the end */ 2785 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2786 flags = le32toh(rxd->flags); 2787 2788 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2789 m_freem(m); 2790 ifp->if_ierrors++; 2791 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2792 return; 2793 } 2794 2795 m->m_data += rxwisize; 2796 m->m_pkthdr.len = m->m_len -= rxwisize; 2797 2798 wh = mtod(m, struct ieee80211_frame *); 2799 2800 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2801 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2802 m->m_flags |= M_WEP; 2803 } 2804 2805 if (flags & RT2860_RX_L2PAD) { 2806 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2807 len += 2; 2808 } 2809 2810 ni = ieee80211_find_rxnode(ic, 2811 mtod(m, struct ieee80211_frame_min *)); 2812 2813 if (__predict_false(flags & RT2860_RX_MICERR)) { 2814 /* report MIC failures to net80211 for TKIP */ 2815 if (ni != NULL) 2816 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2817 rxwi->keyidx); 2818 m_freem(m); 2819 ifp->if_ierrors++; 2820 DPRINTF("MIC error. Someone is lying.\n"); 2821 return; 2822 } 2823 2824 ant = run_maxrssi_chain(sc, rxwi); 2825 rssi = rxwi->rssi[ant]; 2826 nf = run_rssi2dbm(sc, rssi, ant); 2827 2828 m->m_pkthdr.rcvif = ifp; 2829 m->m_pkthdr.len = m->m_len = len; 2830 2831 if (ni != NULL) { 2832 (void)ieee80211_input(ni, m, rssi, nf); 2833 ieee80211_free_node(ni); 2834 } else { 2835 (void)ieee80211_input_all(ic, m, rssi, nf); 2836 } 2837 2838 if (__predict_false(ieee80211_radiotap_active(ic))) { 2839 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2840 uint16_t phy; 2841 2842 tap->wr_flags = 0; 2843 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2844 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2845 tap->wr_antsignal = rssi; 2846 tap->wr_antenna = ant; 2847 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2848 tap->wr_rate = 2; /* in case it can't be found below */ 2849 phy = le16toh(rxwi->phy); 2850 switch (phy & RT2860_PHY_MODE) { 2851 case RT2860_PHY_CCK: 2852 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2853 case 0: tap->wr_rate = 2; break; 2854 case 1: tap->wr_rate = 4; break; 2855 case 2: tap->wr_rate = 11; break; 2856 case 3: tap->wr_rate = 22; break; 2857 } 2858 if (phy & RT2860_PHY_SHPRE) 2859 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2860 break; 2861 case RT2860_PHY_OFDM: 2862 switch (phy & RT2860_PHY_MCS) { 2863 case 0: tap->wr_rate = 12; break; 2864 case 1: tap->wr_rate = 18; break; 2865 case 2: tap->wr_rate = 24; break; 2866 case 3: tap->wr_rate = 36; break; 2867 case 4: tap->wr_rate = 48; break; 2868 case 5: tap->wr_rate = 72; break; 2869 case 6: tap->wr_rate = 96; break; 2870 case 7: tap->wr_rate = 108; break; 2871 } 2872 break; 2873 } 2874 } 2875 } 2876 2877 static void 2878 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2879 { 2880 struct run_softc *sc = usbd_xfer_softc(xfer); 2881 struct ifnet *ifp = sc->sc_ifp; 2882 struct mbuf *m = NULL; 2883 struct mbuf *m0; 2884 uint32_t dmalen; 2885 uint16_t rxwisize; 2886 int xferlen; 2887 2888 rxwisize = sizeof(struct rt2860_rxwi); 2889 if (sc->mac_ver == 0x5592) 2890 rxwisize += sizeof(uint64_t); 2891 else if (sc->mac_ver == 0x3593) 2892 rxwisize += sizeof(uint32_t); 2893 2894 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2895 2896 switch (USB_GET_STATE(xfer)) { 2897 case USB_ST_TRANSFERRED: 2898 2899 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2900 2901 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2902 sizeof(struct rt2870_rxd))) { 2903 DPRINTF("xfer too short %d\n", xferlen); 2904 goto tr_setup; 2905 } 2906 2907 m = sc->rx_m; 2908 sc->rx_m = NULL; 2909 2910 /* FALLTHROUGH */ 2911 case USB_ST_SETUP: 2912 tr_setup: 2913 if (sc->rx_m == NULL) { 2914 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2915 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2916 } 2917 if (sc->rx_m == NULL) { 2918 DPRINTF("could not allocate mbuf - idle with stall\n"); 2919 ifp->if_ierrors++; 2920 usbd_xfer_set_stall(xfer); 2921 usbd_xfer_set_frames(xfer, 0); 2922 } else { 2923 /* 2924 * Directly loading a mbuf cluster into DMA to 2925 * save some data copying. This works because 2926 * there is only one cluster. 2927 */ 2928 usbd_xfer_set_frame_data(xfer, 0, 2929 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2930 usbd_xfer_set_frames(xfer, 1); 2931 } 2932 usbd_transfer_submit(xfer); 2933 break; 2934 2935 default: /* Error */ 2936 if (error != USB_ERR_CANCELLED) { 2937 /* try to clear stall first */ 2938 usbd_xfer_set_stall(xfer); 2939 2940 if (error == USB_ERR_TIMEOUT) 2941 device_printf(sc->sc_dev, "device timeout\n"); 2942 2943 ifp->if_ierrors++; 2944 2945 goto tr_setup; 2946 } 2947 if (sc->rx_m != NULL) { 2948 m_freem(sc->rx_m); 2949 sc->rx_m = NULL; 2950 } 2951 break; 2952 } 2953 2954 if (m == NULL) 2955 return; 2956 2957 /* inputting all the frames must be last */ 2958 2959 RUN_UNLOCK(sc); 2960 2961 m->m_pkthdr.len = m->m_len = xferlen; 2962 2963 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2964 for(;;) { 2965 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2966 2967 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2968 ((dmalen & 3) != 0)) { 2969 DPRINTF("bad DMA length %u\n", dmalen); 2970 break; 2971 } 2972 if ((dmalen + 8) > (uint32_t)xferlen) { 2973 DPRINTF("bad DMA length %u > %d\n", 2974 dmalen + 8, xferlen); 2975 break; 2976 } 2977 2978 /* If it is the last one or a single frame, we won't copy. */ 2979 if ((xferlen -= dmalen + 8) <= 8) { 2980 /* trim 32-bit DMA-len header */ 2981 m->m_data += 4; 2982 m->m_pkthdr.len = m->m_len -= 4; 2983 run_rx_frame(sc, m, dmalen); 2984 m = NULL; /* don't free source buffer */ 2985 break; 2986 } 2987 2988 /* copy aggregated frames to another mbuf */ 2989 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 2990 if (__predict_false(m0 == NULL)) { 2991 DPRINTF("could not allocate mbuf\n"); 2992 ifp->if_ierrors++; 2993 break; 2994 } 2995 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2996 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2997 m0->m_pkthdr.len = m0->m_len = 2998 dmalen + sizeof(struct rt2870_rxd); 2999 run_rx_frame(sc, m0, dmalen); 3000 3001 /* update data ptr */ 3002 m->m_data += dmalen + 8; 3003 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3004 } 3005 3006 /* make sure we free the source buffer, if any */ 3007 m_freem(m); 3008 3009 RUN_LOCK(sc); 3010 } 3011 3012 static void 3013 run_tx_free(struct run_endpoint_queue *pq, 3014 struct run_tx_data *data, int txerr) 3015 { 3016 if (data->m != NULL) { 3017 if (data->m->m_flags & M_TXCB) 3018 ieee80211_process_callback(data->ni, data->m, 3019 txerr ? ETIMEDOUT : 0); 3020 m_freem(data->m); 3021 data->m = NULL; 3022 3023 if (data->ni == NULL) { 3024 DPRINTF("no node\n"); 3025 } else { 3026 ieee80211_free_node(data->ni); 3027 data->ni = NULL; 3028 } 3029 } 3030 3031 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3032 pq->tx_nfree++; 3033 } 3034 3035 static void 3036 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3037 { 3038 struct run_softc *sc = usbd_xfer_softc(xfer); 3039 struct ifnet *ifp = sc->sc_ifp; 3040 struct ieee80211com *ic = ifp->if_l2com; 3041 struct run_tx_data *data; 3042 struct ieee80211vap *vap = NULL; 3043 struct usb_page_cache *pc; 3044 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3045 struct mbuf *m; 3046 usb_frlength_t size; 3047 int actlen; 3048 int sumlen; 3049 3050 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3051 3052 switch (USB_GET_STATE(xfer)) { 3053 case USB_ST_TRANSFERRED: 3054 DPRINTFN(11, "transfer complete: %d " 3055 "bytes @ index %d\n", actlen, index); 3056 3057 data = usbd_xfer_get_priv(xfer); 3058 3059 run_tx_free(pq, data, 0); 3060 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 3061 3062 usbd_xfer_set_priv(xfer, NULL); 3063 3064 ifp->if_opackets++; 3065 3066 /* FALLTHROUGH */ 3067 case USB_ST_SETUP: 3068 tr_setup: 3069 data = STAILQ_FIRST(&pq->tx_qh); 3070 if (data == NULL) 3071 break; 3072 3073 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3074 3075 m = data->m; 3076 size = (sc->mac_ver == 0x5592) ? 3077 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3078 if ((m->m_pkthdr.len + 3079 size + 3 + 8) > RUN_MAX_TXSZ) { 3080 DPRINTF("data overflow, %u bytes\n", 3081 m->m_pkthdr.len); 3082 3083 ifp->if_oerrors++; 3084 3085 run_tx_free(pq, data, 1); 3086 3087 goto tr_setup; 3088 } 3089 3090 pc = usbd_xfer_get_frame(xfer, 0); 3091 usbd_copy_in(pc, 0, &data->desc, size); 3092 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3093 size += m->m_pkthdr.len; 3094 /* 3095 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3096 * 4-byte padding), and be sure to zero those trailing 3097 * bytes: 3098 */ 3099 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3100 size += ((-size) & 3) + 8; 3101 3102 vap = data->ni->ni_vap; 3103 if (ieee80211_radiotap_active_vap(vap)) { 3104 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3105 struct rt2860_txwi *txwi = 3106 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3107 tap->wt_flags = 0; 3108 tap->wt_rate = rt2860_rates[data->ridx].rate; 3109 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3110 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3111 tap->wt_hwqueue = index; 3112 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3113 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3114 3115 ieee80211_radiotap_tx(vap, m); 3116 } 3117 3118 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3119 m->m_pkthdr.len, size, index); 3120 3121 usbd_xfer_set_frame_len(xfer, 0, size); 3122 usbd_xfer_set_priv(xfer, data); 3123 3124 usbd_transfer_submit(xfer); 3125 3126 RUN_UNLOCK(sc); 3127 run_start(ifp); 3128 RUN_LOCK(sc); 3129 3130 break; 3131 3132 default: 3133 DPRINTF("USB transfer error, %s\n", 3134 usbd_errstr(error)); 3135 3136 data = usbd_xfer_get_priv(xfer); 3137 3138 ifp->if_oerrors++; 3139 3140 if (data != NULL) { 3141 if(data->ni != NULL) 3142 vap = data->ni->ni_vap; 3143 run_tx_free(pq, data, error); 3144 usbd_xfer_set_priv(xfer, NULL); 3145 } 3146 if (vap == NULL) 3147 vap = TAILQ_FIRST(&ic->ic_vaps); 3148 3149 if (error != USB_ERR_CANCELLED) { 3150 if (error == USB_ERR_TIMEOUT) { 3151 device_printf(sc->sc_dev, "device timeout\n"); 3152 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3153 DPRINTF("cmdq_store=%d\n", i); 3154 sc->cmdq[i].func = run_usb_timeout_cb; 3155 sc->cmdq[i].arg0 = vap; 3156 ieee80211_runtask(ic, &sc->cmdq_task); 3157 } 3158 3159 /* 3160 * Try to clear stall first, also if other 3161 * errors occur, hence clearing stall 3162 * introduces a 50 ms delay: 3163 */ 3164 usbd_xfer_set_stall(xfer); 3165 goto tr_setup; 3166 } 3167 break; 3168 } 3169 } 3170 3171 static void 3172 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3173 { 3174 run_bulk_tx_callbackN(xfer, error, 0); 3175 } 3176 3177 static void 3178 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3179 { 3180 run_bulk_tx_callbackN(xfer, error, 1); 3181 } 3182 3183 static void 3184 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3185 { 3186 run_bulk_tx_callbackN(xfer, error, 2); 3187 } 3188 3189 static void 3190 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3191 { 3192 run_bulk_tx_callbackN(xfer, error, 3); 3193 } 3194 3195 static void 3196 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3197 { 3198 run_bulk_tx_callbackN(xfer, error, 4); 3199 } 3200 3201 static void 3202 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3203 { 3204 run_bulk_tx_callbackN(xfer, error, 5); 3205 } 3206 3207 static void 3208 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3209 { 3210 struct mbuf *m = data->m; 3211 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3212 struct ieee80211vap *vap = data->ni->ni_vap; 3213 struct ieee80211_frame *wh; 3214 struct rt2870_txd *txd; 3215 struct rt2860_txwi *txwi; 3216 uint16_t xferlen, txwisize; 3217 uint16_t mcs; 3218 uint8_t ridx = data->ridx; 3219 uint8_t pad; 3220 3221 /* get MCS code from rate index */ 3222 mcs = rt2860_rates[ridx].mcs; 3223 3224 txwisize = (sc->mac_ver == 0x5592) ? 3225 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3226 xferlen = txwisize + m->m_pkthdr.len; 3227 3228 /* roundup to 32-bit alignment */ 3229 xferlen = (xferlen + 3) & ~3; 3230 3231 txd = (struct rt2870_txd *)&data->desc; 3232 txd->len = htole16(xferlen); 3233 3234 wh = mtod(m, struct ieee80211_frame *); 3235 3236 /* 3237 * Ether both are true or both are false, the header 3238 * are nicely aligned to 32-bit. So, no L2 padding. 3239 */ 3240 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3241 pad = 0; 3242 else 3243 pad = 2; 3244 3245 /* setup TX Wireless Information */ 3246 txwi = (struct rt2860_txwi *)(txd + 1); 3247 txwi->len = htole16(m->m_pkthdr.len - pad); 3248 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3249 txwi->phy = htole16(RT2860_PHY_CCK); 3250 if (ridx != RT2860_RIDX_CCK1 && 3251 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3252 mcs |= RT2860_PHY_SHPRE; 3253 } else 3254 txwi->phy = htole16(RT2860_PHY_OFDM); 3255 txwi->phy |= htole16(mcs); 3256 3257 /* check if RTS/CTS or CTS-to-self protection is required */ 3258 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3259 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3260 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3261 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3262 txwi->txop |= RT2860_TX_TXOP_HT; 3263 else 3264 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3265 3266 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3267 txwi->xflags |= RT2860_TX_NSEQ; 3268 } 3269 3270 /* This function must be called locked */ 3271 static int 3272 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3273 { 3274 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3275 struct ieee80211vap *vap = ni->ni_vap; 3276 struct ieee80211_frame *wh; 3277 struct ieee80211_channel *chan; 3278 const struct ieee80211_txparam *tp; 3279 struct run_node *rn = (void *)ni; 3280 struct run_tx_data *data; 3281 struct rt2870_txd *txd; 3282 struct rt2860_txwi *txwi; 3283 uint16_t qos; 3284 uint16_t dur; 3285 uint16_t qid; 3286 uint8_t type; 3287 uint8_t tid; 3288 uint8_t ridx; 3289 uint8_t ctl_ridx; 3290 uint8_t qflags; 3291 uint8_t xflags = 0; 3292 int hasqos; 3293 3294 RUN_LOCK_ASSERT(sc, MA_OWNED); 3295 3296 wh = mtod(m, struct ieee80211_frame *); 3297 3298 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3299 3300 /* 3301 * There are 7 bulk endpoints: 1 for RX 3302 * and 6 for TX (4 EDCAs + HCCA + Prio). 3303 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3304 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3305 */ 3306 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3307 uint8_t *frm; 3308 3309 if(IEEE80211_HAS_ADDR4(wh)) 3310 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3311 else 3312 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3313 3314 qos = le16toh(*(const uint16_t *)frm); 3315 tid = qos & IEEE80211_QOS_TID; 3316 qid = TID_TO_WME_AC(tid); 3317 } else { 3318 qos = 0; 3319 tid = 0; 3320 qid = WME_AC_BE; 3321 } 3322 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3323 3324 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3325 qos, qid, tid, qflags); 3326 3327 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3328 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3329 3330 /* pickup a rate index */ 3331 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3332 type != IEEE80211_FC0_TYPE_DATA) { 3333 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3334 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3335 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3336 } else { 3337 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3338 ridx = rn->fix_ridx; 3339 else 3340 ridx = rn->amrr_ridx; 3341 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3342 } 3343 3344 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3345 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3346 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3347 xflags |= RT2860_TX_ACK; 3348 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3349 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3350 else 3351 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3352 USETW(wh->i_dur, dur); 3353 } 3354 3355 /* reserve slots for mgmt packets, just in case */ 3356 if (sc->sc_epq[qid].tx_nfree < 3) { 3357 DPRINTFN(10, "tx ring %d is full\n", qid); 3358 return (-1); 3359 } 3360 3361 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3362 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3363 sc->sc_epq[qid].tx_nfree--; 3364 3365 txd = (struct rt2870_txd *)&data->desc; 3366 txd->flags = qflags; 3367 txwi = (struct rt2860_txwi *)(txd + 1); 3368 txwi->xflags = xflags; 3369 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3370 txwi->wcid = 0; 3371 else 3372 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3373 1 : RUN_AID2WCID(ni->ni_associd); 3374 3375 /* clear leftover garbage bits */ 3376 txwi->flags = 0; 3377 txwi->txop = 0; 3378 3379 data->m = m; 3380 data->ni = ni; 3381 data->ridx = ridx; 3382 3383 run_set_tx_desc(sc, data); 3384 3385 /* 3386 * The chip keeps track of 2 kind of Tx stats, 3387 * * TX_STAT_FIFO, for per WCID stats, and 3388 * * TX_STA_CNT0 for all-TX-in-one stats. 3389 * 3390 * To use FIFO stats, we need to store MCS into the driver-private 3391 * PacketID field. So that, we can tell whose stats when we read them. 3392 * We add 1 to the MCS because setting the PacketID field to 0 means 3393 * that we don't want feedback in TX_STAT_FIFO. 3394 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3395 * 3396 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3397 */ 3398 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3399 vap->iv_opmode == IEEE80211_M_MBSS) { 3400 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3401 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3402 3403 /* 3404 * Unlike PCI based devices, we don't get any interrupt from 3405 * USB devices, so we simulate FIFO-is-full interrupt here. 3406 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3407 * quickly get fulled. To prevent overflow, increment a counter on 3408 * every FIFO stat request, so we know how many slots are left. 3409 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3410 * are used only in those modes. 3411 * We just drain stats. AMRR gets updated every 1 sec by 3412 * run_ratectl_cb() via callout. 3413 * Call it early. Otherwise overflow. 3414 */ 3415 if (sc->fifo_cnt++ == 10) { 3416 /* 3417 * With multiple vaps or if_bridge, if_start() is called 3418 * with a non-sleepable lock, tcpinp. So, need to defer. 3419 */ 3420 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3421 DPRINTFN(6, "cmdq_store=%d\n", i); 3422 sc->cmdq[i].func = run_drain_fifo; 3423 sc->cmdq[i].arg0 = sc; 3424 ieee80211_runtask(ic, &sc->cmdq_task); 3425 } 3426 } 3427 3428 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3429 3430 usbd_transfer_start(sc->sc_xfer[qid]); 3431 3432 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3433 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3434 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3435 3436 return (0); 3437 } 3438 3439 static int 3440 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3441 { 3442 struct ifnet *ifp = sc->sc_ifp; 3443 struct ieee80211com *ic = ifp->if_l2com; 3444 struct run_node *rn = (void *)ni; 3445 struct run_tx_data *data; 3446 struct ieee80211_frame *wh; 3447 struct rt2870_txd *txd; 3448 struct rt2860_txwi *txwi; 3449 uint16_t dur; 3450 uint8_t ridx = rn->mgt_ridx; 3451 uint8_t type; 3452 uint8_t xflags = 0; 3453 uint8_t wflags = 0; 3454 3455 RUN_LOCK_ASSERT(sc, MA_OWNED); 3456 3457 wh = mtod(m, struct ieee80211_frame *); 3458 3459 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3460 3461 /* tell hardware to add timestamp for probe responses */ 3462 if ((wh->i_fc[0] & 3463 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3464 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3465 wflags |= RT2860_TX_TS; 3466 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3467 xflags |= RT2860_TX_ACK; 3468 3469 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3470 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3471 USETW(wh->i_dur, dur); 3472 } 3473 3474 if (sc->sc_epq[0].tx_nfree == 0) { 3475 /* let caller free mbuf */ 3476 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3477 return (EIO); 3478 } 3479 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3480 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3481 sc->sc_epq[0].tx_nfree--; 3482 3483 txd = (struct rt2870_txd *)&data->desc; 3484 txd->flags = RT2860_TX_QSEL_EDCA; 3485 txwi = (struct rt2860_txwi *)(txd + 1); 3486 txwi->wcid = 0xff; 3487 txwi->flags = wflags; 3488 txwi->xflags = xflags; 3489 txwi->txop = 0; /* clear leftover garbage bits */ 3490 3491 data->m = m; 3492 data->ni = ni; 3493 data->ridx = ridx; 3494 3495 run_set_tx_desc(sc, data); 3496 3497 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3498 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3499 rt2860_rates[ridx].rate); 3500 3501 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3502 3503 usbd_transfer_start(sc->sc_xfer[0]); 3504 3505 return (0); 3506 } 3507 3508 static int 3509 run_sendprot(struct run_softc *sc, 3510 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3511 { 3512 struct ieee80211com *ic = ni->ni_ic; 3513 struct ieee80211_frame *wh; 3514 struct run_tx_data *data; 3515 struct rt2870_txd *txd; 3516 struct rt2860_txwi *txwi; 3517 struct mbuf *mprot; 3518 int ridx; 3519 int protrate; 3520 int ackrate; 3521 int pktlen; 3522 int isshort; 3523 uint16_t dur; 3524 uint8_t type; 3525 uint8_t wflags = 0; 3526 uint8_t xflags = 0; 3527 3528 RUN_LOCK_ASSERT(sc, MA_OWNED); 3529 3530 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3531 ("protection %d", prot)); 3532 3533 wh = mtod(m, struct ieee80211_frame *); 3534 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3535 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3536 3537 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3538 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3539 3540 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3541 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3542 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3543 wflags = RT2860_TX_FRAG; 3544 3545 /* check that there are free slots before allocating the mbuf */ 3546 if (sc->sc_epq[0].tx_nfree == 0) { 3547 /* let caller free mbuf */ 3548 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3549 return (ENOBUFS); 3550 } 3551 3552 if (prot == IEEE80211_PROT_RTSCTS) { 3553 /* NB: CTS is the same size as an ACK */ 3554 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3555 xflags |= RT2860_TX_ACK; 3556 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3557 } else { 3558 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3559 } 3560 if (mprot == NULL) { 3561 sc->sc_ifp->if_oerrors++; 3562 DPRINTF("could not allocate mbuf\n"); 3563 return (ENOBUFS); 3564 } 3565 3566 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3567 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3568 sc->sc_epq[0].tx_nfree--; 3569 3570 txd = (struct rt2870_txd *)&data->desc; 3571 txd->flags = RT2860_TX_QSEL_EDCA; 3572 txwi = (struct rt2860_txwi *)(txd + 1); 3573 txwi->wcid = 0xff; 3574 txwi->flags = wflags; 3575 txwi->xflags = xflags; 3576 txwi->txop = 0; /* clear leftover garbage bits */ 3577 3578 data->m = mprot; 3579 data->ni = ieee80211_ref_node(ni); 3580 3581 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3582 if (rt2860_rates[ridx].rate == protrate) 3583 break; 3584 data->ridx = ridx; 3585 3586 run_set_tx_desc(sc, data); 3587 3588 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3589 m->m_pkthdr.len, rate); 3590 3591 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3592 3593 usbd_transfer_start(sc->sc_xfer[0]); 3594 3595 return (0); 3596 } 3597 3598 static int 3599 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3600 const struct ieee80211_bpf_params *params) 3601 { 3602 struct ieee80211com *ic = ni->ni_ic; 3603 struct ieee80211_frame *wh; 3604 struct run_tx_data *data; 3605 struct rt2870_txd *txd; 3606 struct rt2860_txwi *txwi; 3607 uint8_t type; 3608 uint8_t ridx; 3609 uint8_t rate; 3610 uint8_t opflags = 0; 3611 uint8_t xflags = 0; 3612 int error; 3613 3614 RUN_LOCK_ASSERT(sc, MA_OWNED); 3615 3616 KASSERT(params != NULL, ("no raw xmit params")); 3617 3618 wh = mtod(m, struct ieee80211_frame *); 3619 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3620 3621 rate = params->ibp_rate0; 3622 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3623 /* let caller free mbuf */ 3624 return (EINVAL); 3625 } 3626 3627 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3628 xflags |= RT2860_TX_ACK; 3629 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3630 error = run_sendprot(sc, m, ni, 3631 params->ibp_flags & IEEE80211_BPF_RTS ? 3632 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3633 rate); 3634 if (error) { 3635 /* let caller free mbuf */ 3636 return error; 3637 } 3638 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3639 } 3640 3641 if (sc->sc_epq[0].tx_nfree == 0) { 3642 /* let caller free mbuf */ 3643 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3644 DPRINTF("sending raw frame, but tx ring is full\n"); 3645 return (EIO); 3646 } 3647 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3648 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3649 sc->sc_epq[0].tx_nfree--; 3650 3651 txd = (struct rt2870_txd *)&data->desc; 3652 txd->flags = RT2860_TX_QSEL_EDCA; 3653 txwi = (struct rt2860_txwi *)(txd + 1); 3654 txwi->wcid = 0xff; 3655 txwi->xflags = xflags; 3656 txwi->txop = opflags; 3657 txwi->flags = 0; /* clear leftover garbage bits */ 3658 3659 data->m = m; 3660 data->ni = ni; 3661 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3662 if (rt2860_rates[ridx].rate == rate) 3663 break; 3664 data->ridx = ridx; 3665 3666 run_set_tx_desc(sc, data); 3667 3668 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3669 m->m_pkthdr.len, rate); 3670 3671 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3672 3673 usbd_transfer_start(sc->sc_xfer[0]); 3674 3675 return (0); 3676 } 3677 3678 static int 3679 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3680 const struct ieee80211_bpf_params *params) 3681 { 3682 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3683 struct run_softc *sc = ifp->if_softc; 3684 int error = 0; 3685 3686 RUN_LOCK(sc); 3687 3688 /* prevent management frames from being sent if we're not ready */ 3689 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3690 error = ENETDOWN; 3691 goto done; 3692 } 3693 3694 if (params == NULL) { 3695 /* tx mgt packet */ 3696 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3697 ifp->if_oerrors++; 3698 DPRINTF("mgt tx failed\n"); 3699 goto done; 3700 } 3701 } else { 3702 /* tx raw packet with param */ 3703 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3704 ifp->if_oerrors++; 3705 DPRINTF("tx with param failed\n"); 3706 goto done; 3707 } 3708 } 3709 3710 ifp->if_opackets++; 3711 3712 done: 3713 RUN_UNLOCK(sc); 3714 3715 if (error != 0) { 3716 if(m != NULL) 3717 m_freem(m); 3718 ieee80211_free_node(ni); 3719 } 3720 3721 return (error); 3722 } 3723 3724 static void 3725 run_start(struct ifnet *ifp) 3726 { 3727 struct run_softc *sc = ifp->if_softc; 3728 struct ieee80211_node *ni; 3729 struct mbuf *m; 3730 3731 RUN_LOCK(sc); 3732 3733 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3734 RUN_UNLOCK(sc); 3735 return; 3736 } 3737 3738 for (;;) { 3739 /* send data frames */ 3740 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3741 if (m == NULL) 3742 break; 3743 3744 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3745 if (run_tx(sc, m, ni) != 0) { 3746 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3747 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3748 break; 3749 } 3750 } 3751 3752 RUN_UNLOCK(sc); 3753 } 3754 3755 static int 3756 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3757 { 3758 struct run_softc *sc = ifp->if_softc; 3759 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3760 struct ifreq *ifr = (struct ifreq *) data; 3761 int startall = 0; 3762 int error; 3763 3764 RUN_LOCK(sc); 3765 error = sc->sc_detached ? ENXIO : 0; 3766 RUN_UNLOCK(sc); 3767 if (error) 3768 return (error); 3769 3770 switch (cmd) { 3771 case SIOCSIFFLAGS: 3772 RUN_LOCK(sc); 3773 if (ifp->if_flags & IFF_UP) { 3774 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3775 startall = 1; 3776 run_init_locked(sc); 3777 } else 3778 run_update_promisc_locked(ifp); 3779 } else { 3780 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3781 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3782 run_stop(sc); 3783 } 3784 } 3785 RUN_UNLOCK(sc); 3786 if (startall) 3787 ieee80211_start_all(ic); 3788 break; 3789 case SIOCGIFMEDIA: 3790 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3791 break; 3792 case SIOCGIFADDR: 3793 error = ether_ioctl(ifp, cmd, data); 3794 break; 3795 default: 3796 error = EINVAL; 3797 break; 3798 } 3799 3800 return (error); 3801 } 3802 3803 static void 3804 run_iq_calib(struct run_softc *sc, u_int chan) 3805 { 3806 uint16_t val; 3807 3808 /* Tx0 IQ gain. */ 3809 run_bbp_write(sc, 158, 0x2c); 3810 if (chan <= 14) 3811 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3812 else if (chan <= 64) { 3813 run_efuse_read(sc, 3814 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3815 &val, 1); 3816 } else if (chan <= 138) { 3817 run_efuse_read(sc, 3818 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3819 &val, 1); 3820 } else if (chan <= 165) { 3821 run_efuse_read(sc, 3822 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3823 &val, 1); 3824 } else 3825 val = 0; 3826 run_bbp_write(sc, 159, val); 3827 3828 /* Tx0 IQ phase. */ 3829 run_bbp_write(sc, 158, 0x2d); 3830 if (chan <= 14) { 3831 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3832 &val, 1); 3833 } else if (chan <= 64) { 3834 run_efuse_read(sc, 3835 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3836 &val, 1); 3837 } else if (chan <= 138) { 3838 run_efuse_read(sc, 3839 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3840 &val, 1); 3841 } else if (chan <= 165) { 3842 run_efuse_read(sc, 3843 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3844 &val, 1); 3845 } else 3846 val = 0; 3847 run_bbp_write(sc, 159, val); 3848 3849 /* Tx1 IQ gain. */ 3850 run_bbp_write(sc, 158, 0x4a); 3851 if (chan <= 14) { 3852 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3853 &val, 1); 3854 } else if (chan <= 64) { 3855 run_efuse_read(sc, 3856 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3857 &val, 1); 3858 } else if (chan <= 138) { 3859 run_efuse_read(sc, 3860 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3861 &val, 1); 3862 } else if (chan <= 165) { 3863 run_efuse_read(sc, 3864 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3865 &val, 1); 3866 } else 3867 val = 0; 3868 run_bbp_write(sc, 159, val); 3869 3870 /* Tx1 IQ phase. */ 3871 run_bbp_write(sc, 158, 0x4b); 3872 if (chan <= 14) { 3873 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3874 &val, 1); 3875 } else if (chan <= 64) { 3876 run_efuse_read(sc, 3877 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3878 &val, 1); 3879 } else if (chan <= 138) { 3880 run_efuse_read(sc, 3881 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3882 &val, 1); 3883 } else if (chan <= 165) { 3884 run_efuse_read(sc, 3885 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3886 &val, 1); 3887 } else 3888 val = 0; 3889 run_bbp_write(sc, 159, val); 3890 3891 /* RF IQ compensation control. */ 3892 run_bbp_write(sc, 158, 0x04); 3893 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3894 &val, 1); 3895 run_bbp_write(sc, 159, val); 3896 3897 /* RF IQ imbalance compensation control. */ 3898 run_bbp_write(sc, 158, 0x03); 3899 run_efuse_read(sc, 3900 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3901 run_bbp_write(sc, 159, val); 3902 } 3903 3904 static void 3905 run_set_agc(struct run_softc *sc, uint8_t agc) 3906 { 3907 uint8_t bbp; 3908 3909 if (sc->mac_ver == 0x3572) { 3910 run_bbp_read(sc, 27, &bbp); 3911 bbp &= ~(0x3 << 5); 3912 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3913 run_bbp_write(sc, 66, agc); 3914 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3915 run_bbp_write(sc, 66, agc); 3916 } else 3917 run_bbp_write(sc, 66, agc); 3918 } 3919 3920 static void 3921 run_select_chan_group(struct run_softc *sc, int group) 3922 { 3923 uint32_t tmp; 3924 uint8_t agc; 3925 3926 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3927 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3928 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3929 if (sc->mac_ver < 0x3572) 3930 run_bbp_write(sc, 86, 0x00); 3931 3932 if (sc->mac_ver == 0x3593) { 3933 run_bbp_write(sc, 77, 0x98); 3934 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3935 } 3936 3937 if (group == 0) { 3938 if (sc->ext_2ghz_lna) { 3939 if (sc->mac_ver >= 0x5390) 3940 run_bbp_write(sc, 75, 0x52); 3941 else { 3942 run_bbp_write(sc, 82, 0x62); 3943 run_bbp_write(sc, 75, 0x46); 3944 } 3945 } else { 3946 if (sc->mac_ver == 0x5592) { 3947 run_bbp_write(sc, 79, 0x1c); 3948 run_bbp_write(sc, 80, 0x0e); 3949 run_bbp_write(sc, 81, 0x3a); 3950 run_bbp_write(sc, 82, 0x62); 3951 3952 run_bbp_write(sc, 195, 0x80); 3953 run_bbp_write(sc, 196, 0xe0); 3954 run_bbp_write(sc, 195, 0x81); 3955 run_bbp_write(sc, 196, 0x1f); 3956 run_bbp_write(sc, 195, 0x82); 3957 run_bbp_write(sc, 196, 0x38); 3958 run_bbp_write(sc, 195, 0x83); 3959 run_bbp_write(sc, 196, 0x32); 3960 run_bbp_write(sc, 195, 0x85); 3961 run_bbp_write(sc, 196, 0x28); 3962 run_bbp_write(sc, 195, 0x86); 3963 run_bbp_write(sc, 196, 0x19); 3964 } else if (sc->mac_ver >= 0x5390) 3965 run_bbp_write(sc, 75, 0x50); 3966 else { 3967 run_bbp_write(sc, 82, 3968 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3969 run_bbp_write(sc, 75, 0x50); 3970 } 3971 } 3972 } else { 3973 if (sc->mac_ver == 0x5592) { 3974 run_bbp_write(sc, 79, 0x18); 3975 run_bbp_write(sc, 80, 0x08); 3976 run_bbp_write(sc, 81, 0x38); 3977 run_bbp_write(sc, 82, 0x92); 3978 3979 run_bbp_write(sc, 195, 0x80); 3980 run_bbp_write(sc, 196, 0xf0); 3981 run_bbp_write(sc, 195, 0x81); 3982 run_bbp_write(sc, 196, 0x1e); 3983 run_bbp_write(sc, 195, 0x82); 3984 run_bbp_write(sc, 196, 0x28); 3985 run_bbp_write(sc, 195, 0x83); 3986 run_bbp_write(sc, 196, 0x20); 3987 run_bbp_write(sc, 195, 0x85); 3988 run_bbp_write(sc, 196, 0x7f); 3989 run_bbp_write(sc, 195, 0x86); 3990 run_bbp_write(sc, 196, 0x7f); 3991 } else if (sc->mac_ver == 0x3572) 3992 run_bbp_write(sc, 82, 0x94); 3993 else 3994 run_bbp_write(sc, 82, 3995 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3996 if (sc->ext_5ghz_lna) 3997 run_bbp_write(sc, 75, 0x46); 3998 else 3999 run_bbp_write(sc, 75, 0x50); 4000 } 4001 4002 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4003 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4004 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4005 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4006 4007 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4008 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4009 if (sc->mac_ver == 0x3593) 4010 tmp |= 1 << 29 | 1 << 28; 4011 if (sc->nrxchains > 1) 4012 tmp |= RT2860_LNA_PE1_EN; 4013 if (group == 0) { /* 2GHz */ 4014 tmp |= RT2860_PA_PE_G0_EN; 4015 if (sc->ntxchains > 1) 4016 tmp |= RT2860_PA_PE_G1_EN; 4017 if (sc->mac_ver == 0x3593) { 4018 if (sc->ntxchains > 2) 4019 tmp |= 1 << 25; 4020 } 4021 } else { /* 5GHz */ 4022 tmp |= RT2860_PA_PE_A0_EN; 4023 if (sc->ntxchains > 1) 4024 tmp |= RT2860_PA_PE_A1_EN; 4025 } 4026 if (sc->mac_ver == 0x3572) { 4027 run_rt3070_rf_write(sc, 8, 0x00); 4028 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4029 run_rt3070_rf_write(sc, 8, 0x80); 4030 } else 4031 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4032 4033 if (sc->mac_ver == 0x5592) { 4034 run_bbp_write(sc, 195, 0x8d); 4035 run_bbp_write(sc, 196, 0x1a); 4036 } 4037 4038 if (sc->mac_ver == 0x3593) { 4039 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4040 tmp &= ~0x01010000; 4041 if (group == 0) 4042 tmp |= 0x00010000; 4043 tmp = (tmp & ~0x00009090) | 0x00000090; 4044 run_write(sc, RT2860_GPIO_CTRL, tmp); 4045 } 4046 4047 /* set initial AGC value */ 4048 if (group == 0) { /* 2GHz band */ 4049 if (sc->mac_ver >= 0x3070) 4050 agc = 0x1c + sc->lna[0] * 2; 4051 else 4052 agc = 0x2e + sc->lna[0]; 4053 } else { /* 5GHz band */ 4054 if (sc->mac_ver == 0x5592) 4055 agc = 0x24 + sc->lna[group] * 2; 4056 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4057 agc = 0x22 + (sc->lna[group] * 5) / 3; 4058 else 4059 agc = 0x32 + (sc->lna[group] * 5) / 3; 4060 } 4061 run_set_agc(sc, agc); 4062 } 4063 4064 static void 4065 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4066 { 4067 const struct rfprog *rfprog = rt2860_rf2850; 4068 uint32_t r2, r3, r4; 4069 int8_t txpow1, txpow2; 4070 int i; 4071 4072 /* find the settings for this channel (we know it exists) */ 4073 for (i = 0; rfprog[i].chan != chan; i++); 4074 4075 r2 = rfprog[i].r2; 4076 if (sc->ntxchains == 1) 4077 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4078 if (sc->nrxchains == 1) 4079 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4080 else if (sc->nrxchains == 2) 4081 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4082 4083 /* use Tx power values from EEPROM */ 4084 txpow1 = sc->txpow1[i]; 4085 txpow2 = sc->txpow2[i]; 4086 4087 /* Initialize RF R3 and R4. */ 4088 r3 = rfprog[i].r3 & 0xffffc1ff; 4089 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4090 if (chan > 14) { 4091 if (txpow1 >= 0) { 4092 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4093 r3 |= (txpow1 << 10) | (1 << 9); 4094 } else { 4095 txpow1 += 7; 4096 4097 /* txpow1 is not possible larger than 15. */ 4098 r3 |= (txpow1 << 10); 4099 } 4100 if (txpow2 >= 0) { 4101 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4102 r4 |= (txpow2 << 7) | (1 << 6); 4103 } else { 4104 txpow2 += 7; 4105 r4 |= (txpow2 << 7); 4106 } 4107 } else { 4108 /* Set Tx0 power. */ 4109 r3 |= (txpow1 << 9); 4110 4111 /* Set frequency offset and Tx1 power. */ 4112 r4 |= (txpow2 << 6); 4113 } 4114 4115 run_rt2870_rf_write(sc, rfprog[i].r1); 4116 run_rt2870_rf_write(sc, r2); 4117 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4118 run_rt2870_rf_write(sc, r4); 4119 4120 run_delay(sc, 10); 4121 4122 run_rt2870_rf_write(sc, rfprog[i].r1); 4123 run_rt2870_rf_write(sc, r2); 4124 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4125 run_rt2870_rf_write(sc, r4); 4126 4127 run_delay(sc, 10); 4128 4129 run_rt2870_rf_write(sc, rfprog[i].r1); 4130 run_rt2870_rf_write(sc, r2); 4131 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4132 run_rt2870_rf_write(sc, r4); 4133 } 4134 4135 static void 4136 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4137 { 4138 int8_t txpow1, txpow2; 4139 uint8_t rf; 4140 int i; 4141 4142 /* find the settings for this channel (we know it exists) */ 4143 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4144 4145 /* use Tx power values from EEPROM */ 4146 txpow1 = sc->txpow1[i]; 4147 txpow2 = sc->txpow2[i]; 4148 4149 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4150 4151 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4152 run_rt3070_rf_read(sc, 3, &rf); 4153 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4154 run_rt3070_rf_write(sc, 3, rf); 4155 4156 run_rt3070_rf_read(sc, 6, &rf); 4157 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4158 run_rt3070_rf_write(sc, 6, rf); 4159 4160 /* set Tx0 power */ 4161 run_rt3070_rf_read(sc, 12, &rf); 4162 rf = (rf & ~0x1f) | txpow1; 4163 run_rt3070_rf_write(sc, 12, rf); 4164 4165 /* set Tx1 power */ 4166 run_rt3070_rf_read(sc, 13, &rf); 4167 rf = (rf & ~0x1f) | txpow2; 4168 run_rt3070_rf_write(sc, 13, rf); 4169 4170 run_rt3070_rf_read(sc, 1, &rf); 4171 rf &= ~0xfc; 4172 if (sc->ntxchains == 1) 4173 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4174 else if (sc->ntxchains == 2) 4175 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4176 if (sc->nrxchains == 1) 4177 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4178 else if (sc->nrxchains == 2) 4179 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4180 run_rt3070_rf_write(sc, 1, rf); 4181 4182 /* set RF offset */ 4183 run_rt3070_rf_read(sc, 23, &rf); 4184 rf = (rf & ~0x7f) | sc->freq; 4185 run_rt3070_rf_write(sc, 23, rf); 4186 4187 /* program RF filter */ 4188 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4189 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4190 run_rt3070_rf_write(sc, 24, rf); 4191 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4192 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4193 run_rt3070_rf_write(sc, 31, rf); 4194 4195 /* enable RF tuning */ 4196 run_rt3070_rf_read(sc, 7, &rf); 4197 run_rt3070_rf_write(sc, 7, rf | 0x01); 4198 } 4199 4200 static void 4201 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4202 { 4203 int8_t txpow1, txpow2; 4204 uint32_t tmp; 4205 uint8_t rf; 4206 int i; 4207 4208 /* find the settings for this channel (we know it exists) */ 4209 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4210 4211 /* use Tx power values from EEPROM */ 4212 txpow1 = sc->txpow1[i]; 4213 txpow2 = sc->txpow2[i]; 4214 4215 if (chan <= 14) { 4216 run_bbp_write(sc, 25, sc->bbp25); 4217 run_bbp_write(sc, 26, sc->bbp26); 4218 } else { 4219 /* enable IQ phase correction */ 4220 run_bbp_write(sc, 25, 0x09); 4221 run_bbp_write(sc, 26, 0xff); 4222 } 4223 4224 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4225 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4226 run_rt3070_rf_read(sc, 6, &rf); 4227 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4228 rf |= (chan <= 14) ? 0x08 : 0x04; 4229 run_rt3070_rf_write(sc, 6, rf); 4230 4231 /* set PLL mode */ 4232 run_rt3070_rf_read(sc, 5, &rf); 4233 rf &= ~(0x08 | 0x04); 4234 rf |= (chan <= 14) ? 0x04 : 0x08; 4235 run_rt3070_rf_write(sc, 5, rf); 4236 4237 /* set Tx power for chain 0 */ 4238 if (chan <= 14) 4239 rf = 0x60 | txpow1; 4240 else 4241 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4242 run_rt3070_rf_write(sc, 12, rf); 4243 4244 /* set Tx power for chain 1 */ 4245 if (chan <= 14) 4246 rf = 0x60 | txpow2; 4247 else 4248 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4249 run_rt3070_rf_write(sc, 13, rf); 4250 4251 /* set Tx/Rx streams */ 4252 run_rt3070_rf_read(sc, 1, &rf); 4253 rf &= ~0xfc; 4254 if (sc->ntxchains == 1) 4255 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4256 else if (sc->ntxchains == 2) 4257 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4258 if (sc->nrxchains == 1) 4259 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4260 else if (sc->nrxchains == 2) 4261 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4262 run_rt3070_rf_write(sc, 1, rf); 4263 4264 /* set RF offset */ 4265 run_rt3070_rf_read(sc, 23, &rf); 4266 rf = (rf & ~0x7f) | sc->freq; 4267 run_rt3070_rf_write(sc, 23, rf); 4268 4269 /* program RF filter */ 4270 rf = sc->rf24_20mhz; 4271 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4272 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4273 4274 /* enable RF tuning */ 4275 run_rt3070_rf_read(sc, 7, &rf); 4276 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4277 run_rt3070_rf_write(sc, 7, rf); 4278 4279 /* TSSI */ 4280 rf = (chan <= 14) ? 0xc3 : 0xc0; 4281 run_rt3070_rf_write(sc, 9, rf); 4282 4283 /* set loop filter 1 */ 4284 run_rt3070_rf_write(sc, 10, 0xf1); 4285 /* set loop filter 2 */ 4286 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4287 4288 /* set tx_mx2_ic */ 4289 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4290 /* set tx_mx1_ic */ 4291 if (chan <= 14) 4292 rf = 0x48 | sc->txmixgain_2ghz; 4293 else 4294 rf = 0x78 | sc->txmixgain_5ghz; 4295 run_rt3070_rf_write(sc, 16, rf); 4296 4297 /* set tx_lo1 */ 4298 run_rt3070_rf_write(sc, 17, 0x23); 4299 /* set tx_lo2 */ 4300 if (chan <= 14) 4301 rf = 0x93; 4302 else if (chan <= 64) 4303 rf = 0xb7; 4304 else if (chan <= 128) 4305 rf = 0x74; 4306 else 4307 rf = 0x72; 4308 run_rt3070_rf_write(sc, 19, rf); 4309 4310 /* set rx_lo1 */ 4311 if (chan <= 14) 4312 rf = 0xb3; 4313 else if (chan <= 64) 4314 rf = 0xf6; 4315 else if (chan <= 128) 4316 rf = 0xf4; 4317 else 4318 rf = 0xf3; 4319 run_rt3070_rf_write(sc, 20, rf); 4320 4321 /* set pfd_delay */ 4322 if (chan <= 14) 4323 rf = 0x15; 4324 else if (chan <= 64) 4325 rf = 0x3d; 4326 else 4327 rf = 0x01; 4328 run_rt3070_rf_write(sc, 25, rf); 4329 4330 /* set rx_lo2 */ 4331 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4332 /* set ldo_rf_vc */ 4333 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4334 /* set drv_cc */ 4335 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4336 4337 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4338 tmp &= ~0x8080; 4339 if (chan <= 14) 4340 tmp |= 0x80; 4341 run_write(sc, RT2860_GPIO_CTRL, tmp); 4342 4343 /* enable RF tuning */ 4344 run_rt3070_rf_read(sc, 7, &rf); 4345 run_rt3070_rf_write(sc, 7, rf | 0x01); 4346 4347 run_delay(sc, 2); 4348 } 4349 4350 static void 4351 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4352 { 4353 int8_t txpow1, txpow2, txpow3; 4354 uint8_t h20mhz, rf; 4355 int i; 4356 4357 /* find the settings for this channel (we know it exists) */ 4358 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4359 4360 /* use Tx power values from EEPROM */ 4361 txpow1 = sc->txpow1[i]; 4362 txpow2 = sc->txpow2[i]; 4363 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4364 4365 if (chan <= 14) { 4366 run_bbp_write(sc, 25, sc->bbp25); 4367 run_bbp_write(sc, 26, sc->bbp26); 4368 } else { 4369 /* Enable IQ phase correction. */ 4370 run_bbp_write(sc, 25, 0x09); 4371 run_bbp_write(sc, 26, 0xff); 4372 } 4373 4374 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4375 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4376 run_rt3070_rf_read(sc, 11, &rf); 4377 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4378 run_rt3070_rf_write(sc, 11, rf); 4379 4380 /* Set pll_idoh. */ 4381 run_rt3070_rf_read(sc, 11, &rf); 4382 rf &= ~0x4c; 4383 rf |= (chan <= 14) ? 0x44 : 0x48; 4384 run_rt3070_rf_write(sc, 11, rf); 4385 4386 if (chan <= 14) 4387 rf = txpow1 & 0x1f; 4388 else 4389 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4390 run_rt3070_rf_write(sc, 53, rf); 4391 4392 if (chan <= 14) 4393 rf = txpow2 & 0x1f; 4394 else 4395 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4396 run_rt3070_rf_write(sc, 55, rf); 4397 4398 if (chan <= 14) 4399 rf = txpow3 & 0x1f; 4400 else 4401 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4402 run_rt3070_rf_write(sc, 54, rf); 4403 4404 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4405 if (sc->ntxchains == 3) 4406 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4407 else 4408 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4409 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4410 run_rt3070_rf_write(sc, 1, rf); 4411 4412 run_adjust_freq_offset(sc); 4413 4414 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4415 4416 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4417 run_rt3070_rf_read(sc, 30, &rf); 4418 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4419 run_rt3070_rf_write(sc, 30, rf); 4420 4421 run_rt3070_rf_read(sc, 36, &rf); 4422 if (chan <= 14) 4423 rf |= 0x80; 4424 else 4425 rf &= ~0x80; 4426 run_rt3070_rf_write(sc, 36, rf); 4427 4428 /* Set vcolo_bs. */ 4429 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4430 /* Set pfd_delay. */ 4431 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4432 4433 /* Set vco bias current control. */ 4434 run_rt3070_rf_read(sc, 6, &rf); 4435 rf &= ~0xc0; 4436 if (chan <= 14) 4437 rf |= 0x40; 4438 else if (chan <= 128) 4439 rf |= 0x80; 4440 else 4441 rf |= 0x40; 4442 run_rt3070_rf_write(sc, 6, rf); 4443 4444 run_rt3070_rf_read(sc, 30, &rf); 4445 rf = (rf & ~0x18) | 0x10; 4446 run_rt3070_rf_write(sc, 30, rf); 4447 4448 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4449 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4450 4451 run_rt3070_rf_read(sc, 51, &rf); 4452 rf = (rf & ~0x03) | 0x01; 4453 run_rt3070_rf_write(sc, 51, rf); 4454 /* Set tx_mx1_cc. */ 4455 run_rt3070_rf_read(sc, 51, &rf); 4456 rf &= ~0x1c; 4457 rf |= (chan <= 14) ? 0x14 : 0x10; 4458 run_rt3070_rf_write(sc, 51, rf); 4459 /* Set tx_mx1_ic. */ 4460 run_rt3070_rf_read(sc, 51, &rf); 4461 rf &= ~0xe0; 4462 rf |= (chan <= 14) ? 0x60 : 0x40; 4463 run_rt3070_rf_write(sc, 51, rf); 4464 /* Set tx_lo1_ic. */ 4465 run_rt3070_rf_read(sc, 49, &rf); 4466 rf &= ~0x1c; 4467 rf |= (chan <= 14) ? 0x0c : 0x08; 4468 run_rt3070_rf_write(sc, 49, rf); 4469 /* Set tx_lo1_en. */ 4470 run_rt3070_rf_read(sc, 50, &rf); 4471 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4472 /* Set drv_cc. */ 4473 run_rt3070_rf_read(sc, 57, &rf); 4474 rf &= ~0xfc; 4475 rf |= (chan <= 14) ? 0x6c : 0x3c; 4476 run_rt3070_rf_write(sc, 57, rf); 4477 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4478 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4479 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4480 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4481 /* Enable VCO calibration. */ 4482 run_rt3070_rf_read(sc, 3, &rf); 4483 rf &= ~RT5390_VCOCAL; 4484 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4485 run_rt3070_rf_write(sc, 3, rf); 4486 4487 if (chan <= 14) 4488 rf = 0x23; 4489 else if (chan <= 64) 4490 rf = 0x36; 4491 else if (chan <= 128) 4492 rf = 0x32; 4493 else 4494 rf = 0x30; 4495 run_rt3070_rf_write(sc, 39, rf); 4496 if (chan <= 14) 4497 rf = 0xbb; 4498 else if (chan <= 64) 4499 rf = 0xeb; 4500 else if (chan <= 128) 4501 rf = 0xb3; 4502 else 4503 rf = 0x9b; 4504 run_rt3070_rf_write(sc, 45, rf); 4505 4506 /* Set FEQ/AEQ control. */ 4507 run_bbp_write(sc, 105, 0x34); 4508 } 4509 4510 static void 4511 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4512 { 4513 int8_t txpow1, txpow2; 4514 uint8_t rf; 4515 int i; 4516 4517 /* find the settings for this channel (we know it exists) */ 4518 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4519 4520 /* use Tx power values from EEPROM */ 4521 txpow1 = sc->txpow1[i]; 4522 txpow2 = sc->txpow2[i]; 4523 4524 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4525 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4526 run_rt3070_rf_read(sc, 11, &rf); 4527 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4528 run_rt3070_rf_write(sc, 11, rf); 4529 4530 run_rt3070_rf_read(sc, 49, &rf); 4531 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4532 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4533 if ((rf & 0x3f) > 0x27) 4534 rf = (rf & ~0x3f) | 0x27; 4535 run_rt3070_rf_write(sc, 49, rf); 4536 4537 if (sc->mac_ver == 0x5392) { 4538 run_rt3070_rf_read(sc, 50, &rf); 4539 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4540 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4541 if ((rf & 0x3f) > 0x27) 4542 rf = (rf & ~0x3f) | 0x27; 4543 run_rt3070_rf_write(sc, 50, rf); 4544 } 4545 4546 run_rt3070_rf_read(sc, 1, &rf); 4547 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4548 if (sc->mac_ver == 0x5392) 4549 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4550 run_rt3070_rf_write(sc, 1, rf); 4551 4552 if (sc->mac_ver != 0x5392) { 4553 run_rt3070_rf_read(sc, 2, &rf); 4554 rf |= 0x80; 4555 run_rt3070_rf_write(sc, 2, rf); 4556 run_delay(sc, 10); 4557 rf &= 0x7f; 4558 run_rt3070_rf_write(sc, 2, rf); 4559 } 4560 4561 run_adjust_freq_offset(sc); 4562 4563 if (sc->mac_ver == 0x5392) { 4564 /* Fix for RT5392C. */ 4565 if (sc->mac_rev >= 0x0223) { 4566 if (chan <= 4) 4567 rf = 0x0f; 4568 else if (chan >= 5 && chan <= 7) 4569 rf = 0x0e; 4570 else 4571 rf = 0x0d; 4572 run_rt3070_rf_write(sc, 23, rf); 4573 4574 if (chan <= 4) 4575 rf = 0x0c; 4576 else if (chan == 5) 4577 rf = 0x0b; 4578 else if (chan >= 6 && chan <= 7) 4579 rf = 0x0a; 4580 else if (chan >= 8 && chan <= 10) 4581 rf = 0x09; 4582 else 4583 rf = 0x08; 4584 run_rt3070_rf_write(sc, 59, rf); 4585 } else { 4586 if (chan <= 11) 4587 rf = 0x0f; 4588 else 4589 rf = 0x0b; 4590 run_rt3070_rf_write(sc, 59, rf); 4591 } 4592 } else { 4593 /* Fix for RT5390F. */ 4594 if (sc->mac_rev >= 0x0502) { 4595 if (chan <= 11) 4596 rf = 0x43; 4597 else 4598 rf = 0x23; 4599 run_rt3070_rf_write(sc, 55, rf); 4600 4601 if (chan <= 11) 4602 rf = 0x0f; 4603 else if (chan == 12) 4604 rf = 0x0d; 4605 else 4606 rf = 0x0b; 4607 run_rt3070_rf_write(sc, 59, rf); 4608 } else { 4609 run_rt3070_rf_write(sc, 55, 0x44); 4610 run_rt3070_rf_write(sc, 59, 0x8f); 4611 } 4612 } 4613 4614 /* Enable VCO calibration. */ 4615 run_rt3070_rf_read(sc, 3, &rf); 4616 rf |= RT5390_VCOCAL; 4617 run_rt3070_rf_write(sc, 3, rf); 4618 } 4619 4620 static void 4621 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4622 { 4623 const struct rt5592_freqs *freqs; 4624 uint32_t tmp; 4625 uint8_t reg, rf, txpow_bound; 4626 int8_t txpow1, txpow2; 4627 int i; 4628 4629 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4630 freqs = (tmp & RT5592_SEL_XTAL) ? 4631 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4632 4633 /* find the settings for this channel (we know it exists) */ 4634 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4635 4636 /* use Tx power values from EEPROM */ 4637 txpow1 = sc->txpow1[i]; 4638 txpow2 = sc->txpow2[i]; 4639 4640 run_read(sc, RT3070_LDO_CFG0, &tmp); 4641 tmp &= ~0x1c000000; 4642 if (chan > 14) 4643 tmp |= 0x14000000; 4644 run_write(sc, RT3070_LDO_CFG0, tmp); 4645 4646 /* N setting. */ 4647 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4648 run_rt3070_rf_read(sc, 9, &rf); 4649 rf &= ~(1 << 4); 4650 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4651 run_rt3070_rf_write(sc, 9, rf); 4652 4653 /* K setting. */ 4654 run_rt3070_rf_read(sc, 9, &rf); 4655 rf &= ~0x0f; 4656 rf |= (freqs->k & 0x0f); 4657 run_rt3070_rf_write(sc, 9, rf); 4658 4659 /* Mode setting. */ 4660 run_rt3070_rf_read(sc, 11, &rf); 4661 rf &= ~0x0c; 4662 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4663 run_rt3070_rf_write(sc, 11, rf); 4664 run_rt3070_rf_read(sc, 9, &rf); 4665 rf &= ~(1 << 7); 4666 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4667 run_rt3070_rf_write(sc, 9, rf); 4668 4669 /* R setting. */ 4670 run_rt3070_rf_read(sc, 11, &rf); 4671 rf &= ~0x03; 4672 rf |= (freqs->r - 0x1); 4673 run_rt3070_rf_write(sc, 11, rf); 4674 4675 if (chan <= 14) { 4676 /* Initialize RF registers for 2GHZ. */ 4677 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4678 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4679 rt5592_2ghz_def_rf[i].val); 4680 } 4681 4682 rf = (chan <= 10) ? 0x07 : 0x06; 4683 run_rt3070_rf_write(sc, 23, rf); 4684 run_rt3070_rf_write(sc, 59, rf); 4685 4686 run_rt3070_rf_write(sc, 55, 0x43); 4687 4688 /* 4689 * RF R49/R50 Tx power ALC code. 4690 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4691 */ 4692 reg = 2; 4693 txpow_bound = 0x27; 4694 } else { 4695 /* Initialize RF registers for 5GHZ. */ 4696 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4697 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4698 rt5592_5ghz_def_rf[i].val); 4699 } 4700 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4701 if (chan >= rt5592_chan_5ghz[i].firstchan && 4702 chan <= rt5592_chan_5ghz[i].lastchan) { 4703 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4704 rt5592_chan_5ghz[i].val); 4705 } 4706 } 4707 4708 /* 4709 * RF R49/R50 Tx power ALC code. 4710 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4711 */ 4712 reg = 3; 4713 txpow_bound = 0x2b; 4714 } 4715 4716 /* RF R49 ch0 Tx power ALC code. */ 4717 run_rt3070_rf_read(sc, 49, &rf); 4718 rf &= ~0xc0; 4719 rf |= (reg << 6); 4720 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4721 if ((rf & 0x3f) > txpow_bound) 4722 rf = (rf & ~0x3f) | txpow_bound; 4723 run_rt3070_rf_write(sc, 49, rf); 4724 4725 /* RF R50 ch1 Tx power ALC code. */ 4726 run_rt3070_rf_read(sc, 50, &rf); 4727 rf &= ~(1 << 7 | 1 << 6); 4728 rf |= (reg << 6); 4729 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4730 if ((rf & 0x3f) > txpow_bound) 4731 rf = (rf & ~0x3f) | txpow_bound; 4732 run_rt3070_rf_write(sc, 50, rf); 4733 4734 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4735 run_rt3070_rf_read(sc, 1, &rf); 4736 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4737 if (sc->ntxchains > 1) 4738 rf |= RT3070_TX1_PD; 4739 if (sc->nrxchains > 1) 4740 rf |= RT3070_RX1_PD; 4741 run_rt3070_rf_write(sc, 1, rf); 4742 4743 run_rt3070_rf_write(sc, 6, 0xe4); 4744 4745 run_rt3070_rf_write(sc, 30, 0x10); 4746 run_rt3070_rf_write(sc, 31, 0x80); 4747 run_rt3070_rf_write(sc, 32, 0x80); 4748 4749 run_adjust_freq_offset(sc); 4750 4751 /* Enable VCO calibration. */ 4752 run_rt3070_rf_read(sc, 3, &rf); 4753 rf |= RT5390_VCOCAL; 4754 run_rt3070_rf_write(sc, 3, rf); 4755 } 4756 4757 static void 4758 run_set_rx_antenna(struct run_softc *sc, int aux) 4759 { 4760 uint32_t tmp; 4761 uint8_t bbp152; 4762 4763 if (aux) { 4764 if (sc->rf_rev == RT5390_RF_5370) { 4765 run_bbp_read(sc, 152, &bbp152); 4766 run_bbp_write(sc, 152, bbp152 & ~0x80); 4767 } else { 4768 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4769 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4770 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4771 } 4772 } else { 4773 if (sc->rf_rev == RT5390_RF_5370) { 4774 run_bbp_read(sc, 152, &bbp152); 4775 run_bbp_write(sc, 152, bbp152 | 0x80); 4776 } else { 4777 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4778 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4779 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4780 } 4781 } 4782 } 4783 4784 static int 4785 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4786 { 4787 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4788 u_int chan, group; 4789 4790 chan = ieee80211_chan2ieee(ic, c); 4791 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4792 return (EINVAL); 4793 4794 if (sc->mac_ver == 0x5592) 4795 run_rt5592_set_chan(sc, chan); 4796 else if (sc->mac_ver >= 0x5390) 4797 run_rt5390_set_chan(sc, chan); 4798 else if (sc->mac_ver == 0x3593) 4799 run_rt3593_set_chan(sc, chan); 4800 else if (sc->mac_ver == 0x3572) 4801 run_rt3572_set_chan(sc, chan); 4802 else if (sc->mac_ver >= 0x3070) 4803 run_rt3070_set_chan(sc, chan); 4804 else 4805 run_rt2870_set_chan(sc, chan); 4806 4807 /* determine channel group */ 4808 if (chan <= 14) 4809 group = 0; 4810 else if (chan <= 64) 4811 group = 1; 4812 else if (chan <= 128) 4813 group = 2; 4814 else 4815 group = 3; 4816 4817 /* XXX necessary only when group has changed! */ 4818 run_select_chan_group(sc, group); 4819 4820 run_delay(sc, 10); 4821 4822 /* Perform IQ calibration. */ 4823 if (sc->mac_ver >= 0x5392) 4824 run_iq_calib(sc, chan); 4825 4826 return (0); 4827 } 4828 4829 static void 4830 run_set_channel(struct ieee80211com *ic) 4831 { 4832 struct run_softc *sc = ic->ic_ifp->if_softc; 4833 4834 RUN_LOCK(sc); 4835 run_set_chan(sc, ic->ic_curchan); 4836 RUN_UNLOCK(sc); 4837 4838 return; 4839 } 4840 4841 static void 4842 run_scan_start(struct ieee80211com *ic) 4843 { 4844 struct run_softc *sc = ic->ic_ifp->if_softc; 4845 uint32_t tmp; 4846 4847 RUN_LOCK(sc); 4848 4849 /* abort TSF synchronization */ 4850 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4851 run_write(sc, RT2860_BCN_TIME_CFG, 4852 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4853 RT2860_TBTT_TIMER_EN)); 4854 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4855 4856 RUN_UNLOCK(sc); 4857 4858 return; 4859 } 4860 4861 static void 4862 run_scan_end(struct ieee80211com *ic) 4863 { 4864 struct run_softc *sc = ic->ic_ifp->if_softc; 4865 4866 RUN_LOCK(sc); 4867 4868 run_enable_tsf_sync(sc); 4869 /* XXX keep local copy */ 4870 run_set_bssid(sc, sc->sc_bssid); 4871 4872 RUN_UNLOCK(sc); 4873 4874 return; 4875 } 4876 4877 /* 4878 * Could be called from ieee80211_node_timeout() 4879 * (non-sleepable thread) 4880 */ 4881 static void 4882 run_update_beacon(struct ieee80211vap *vap, int item) 4883 { 4884 struct ieee80211com *ic = vap->iv_ic; 4885 struct run_softc *sc = ic->ic_ifp->if_softc; 4886 struct run_vap *rvp = RUN_VAP(vap); 4887 int mcast = 0; 4888 uint32_t i; 4889 4890 KASSERT(vap != NULL, ("no beacon")); 4891 4892 switch (item) { 4893 case IEEE80211_BEACON_ERP: 4894 run_updateslot(ic->ic_ifp); 4895 break; 4896 case IEEE80211_BEACON_HTINFO: 4897 run_updateprot(ic); 4898 break; 4899 case IEEE80211_BEACON_TIM: 4900 mcast = 1; /*TODO*/ 4901 break; 4902 default: 4903 break; 4904 } 4905 4906 setbit(rvp->bo.bo_flags, item); 4907 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4908 4909 i = RUN_CMDQ_GET(&sc->cmdq_store); 4910 DPRINTF("cmdq_store=%d\n", i); 4911 sc->cmdq[i].func = run_update_beacon_cb; 4912 sc->cmdq[i].arg0 = vap; 4913 ieee80211_runtask(ic, &sc->cmdq_task); 4914 4915 return; 4916 } 4917 4918 static void 4919 run_update_beacon_cb(void *arg) 4920 { 4921 struct ieee80211vap *vap = arg; 4922 struct run_vap *rvp = RUN_VAP(vap); 4923 struct ieee80211com *ic = vap->iv_ic; 4924 struct run_softc *sc = ic->ic_ifp->if_softc; 4925 struct rt2860_txwi txwi; 4926 struct mbuf *m; 4927 uint16_t txwisize; 4928 uint8_t ridx; 4929 4930 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4931 return; 4932 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4933 return; 4934 4935 /* 4936 * No need to call ieee80211_beacon_update(), run_update_beacon() 4937 * is taking care of apropriate calls. 4938 */ 4939 if (rvp->beacon_mbuf == NULL) { 4940 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4941 &rvp->bo); 4942 if (rvp->beacon_mbuf == NULL) 4943 return; 4944 } 4945 m = rvp->beacon_mbuf; 4946 4947 memset(&txwi, 0, sizeof(txwi)); 4948 txwi.wcid = 0xff; 4949 txwi.len = htole16(m->m_pkthdr.len); 4950 4951 /* send beacons at the lowest available rate */ 4952 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4953 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4954 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4955 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4956 txwi.phy |= htole16(RT2860_PHY_OFDM); 4957 txwi.txop = RT2860_TX_TXOP_HT; 4958 txwi.flags = RT2860_TX_TS; 4959 txwi.xflags = RT2860_TX_NSEQ; 4960 4961 txwisize = (sc->mac_ver == 0x5592) ? 4962 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4963 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4964 txwisize); 4965 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4966 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4967 } 4968 4969 static void 4970 run_updateprot(struct ieee80211com *ic) 4971 { 4972 struct run_softc *sc = ic->ic_ifp->if_softc; 4973 uint32_t i; 4974 4975 i = RUN_CMDQ_GET(&sc->cmdq_store); 4976 DPRINTF("cmdq_store=%d\n", i); 4977 sc->cmdq[i].func = run_updateprot_cb; 4978 sc->cmdq[i].arg0 = ic; 4979 ieee80211_runtask(ic, &sc->cmdq_task); 4980 } 4981 4982 static void 4983 run_updateprot_cb(void *arg) 4984 { 4985 struct ieee80211com *ic = arg; 4986 struct run_softc *sc = ic->ic_ifp->if_softc; 4987 uint32_t tmp; 4988 4989 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4990 /* setup protection frame rate (MCS code) */ 4991 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4992 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4993 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4994 4995 /* CCK frames don't require protection */ 4996 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4997 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4998 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4999 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5000 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5001 tmp |= RT2860_PROT_CTRL_CTS; 5002 } 5003 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5004 } 5005 5006 static void 5007 run_usb_timeout_cb(void *arg) 5008 { 5009 struct ieee80211vap *vap = arg; 5010 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 5011 5012 RUN_LOCK_ASSERT(sc, MA_OWNED); 5013 5014 if(vap->iv_state == IEEE80211_S_RUN && 5015 vap->iv_opmode != IEEE80211_M_STA) 5016 run_reset_livelock(sc); 5017 else if (vap->iv_state == IEEE80211_S_SCAN) { 5018 DPRINTF("timeout caused by scan\n"); 5019 /* cancel bgscan */ 5020 ieee80211_cancel_scan(vap); 5021 } else 5022 DPRINTF("timeout by unknown cause\n"); 5023 } 5024 5025 static void 5026 run_reset_livelock(struct run_softc *sc) 5027 { 5028 uint32_t tmp; 5029 5030 RUN_LOCK_ASSERT(sc, MA_OWNED); 5031 5032 /* 5033 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5034 * can run into a livelock and start sending CTS-to-self frames like 5035 * crazy if protection is enabled. Reset MAC/BBP for a while 5036 */ 5037 run_read(sc, RT2860_DEBUG, &tmp); 5038 DPRINTFN(3, "debug reg %08x\n", tmp); 5039 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5040 DPRINTF("CTS-to-self livelock detected\n"); 5041 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5042 run_delay(sc, 1); 5043 run_write(sc, RT2860_MAC_SYS_CTRL, 5044 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5045 } 5046 } 5047 5048 static void 5049 run_update_promisc_locked(struct ifnet *ifp) 5050 { 5051 struct run_softc *sc = ifp->if_softc; 5052 uint32_t tmp; 5053 5054 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5055 5056 tmp |= RT2860_DROP_UC_NOME; 5057 if (ifp->if_flags & IFF_PROMISC) 5058 tmp &= ~RT2860_DROP_UC_NOME; 5059 5060 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5061 5062 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 5063 "entering" : "leaving"); 5064 } 5065 5066 static void 5067 run_update_promisc(struct ifnet *ifp) 5068 { 5069 struct run_softc *sc = ifp->if_softc; 5070 5071 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 5072 return; 5073 5074 RUN_LOCK(sc); 5075 run_update_promisc_locked(ifp); 5076 RUN_UNLOCK(sc); 5077 } 5078 5079 static void 5080 run_enable_tsf_sync(struct run_softc *sc) 5081 { 5082 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5083 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5084 uint32_t tmp; 5085 5086 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5087 ic->ic_opmode); 5088 5089 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5090 tmp &= ~0x1fffff; 5091 tmp |= vap->iv_bss->ni_intval * 16; 5092 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5093 5094 if (ic->ic_opmode == IEEE80211_M_STA) { 5095 /* 5096 * Local TSF is always updated with remote TSF on beacon 5097 * reception. 5098 */ 5099 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5100 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5101 tmp |= RT2860_BCN_TX_EN; 5102 /* 5103 * Local TSF is updated with remote TSF on beacon reception 5104 * only if the remote TSF is greater than local TSF. 5105 */ 5106 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5107 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5108 ic->ic_opmode == IEEE80211_M_MBSS) { 5109 tmp |= RT2860_BCN_TX_EN; 5110 /* SYNC with nobody */ 5111 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5112 } else { 5113 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5114 return; 5115 } 5116 5117 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5118 } 5119 5120 static void 5121 run_enable_mrr(struct run_softc *sc) 5122 { 5123 #define CCK(mcs) (mcs) 5124 #define OFDM(mcs) (1 << 3 | (mcs)) 5125 run_write(sc, RT2860_LG_FBK_CFG0, 5126 OFDM(6) << 28 | /* 54->48 */ 5127 OFDM(5) << 24 | /* 48->36 */ 5128 OFDM(4) << 20 | /* 36->24 */ 5129 OFDM(3) << 16 | /* 24->18 */ 5130 OFDM(2) << 12 | /* 18->12 */ 5131 OFDM(1) << 8 | /* 12-> 9 */ 5132 OFDM(0) << 4 | /* 9-> 6 */ 5133 OFDM(0)); /* 6-> 6 */ 5134 5135 run_write(sc, RT2860_LG_FBK_CFG1, 5136 CCK(2) << 12 | /* 11->5.5 */ 5137 CCK(1) << 8 | /* 5.5-> 2 */ 5138 CCK(0) << 4 | /* 2-> 1 */ 5139 CCK(0)); /* 1-> 1 */ 5140 #undef OFDM 5141 #undef CCK 5142 } 5143 5144 static void 5145 run_set_txpreamble(struct run_softc *sc) 5146 { 5147 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5148 uint32_t tmp; 5149 5150 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5151 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5152 tmp |= RT2860_CCK_SHORT_EN; 5153 else 5154 tmp &= ~RT2860_CCK_SHORT_EN; 5155 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5156 } 5157 5158 static void 5159 run_set_basicrates(struct run_softc *sc) 5160 { 5161 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5162 5163 /* set basic rates mask */ 5164 if (ic->ic_curmode == IEEE80211_MODE_11B) 5165 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5166 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5167 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5168 else /* 11g */ 5169 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5170 } 5171 5172 static void 5173 run_set_leds(struct run_softc *sc, uint16_t which) 5174 { 5175 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5176 which | (sc->leds & 0x7f)); 5177 } 5178 5179 static void 5180 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5181 { 5182 run_write(sc, RT2860_MAC_BSSID_DW0, 5183 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5184 run_write(sc, RT2860_MAC_BSSID_DW1, 5185 bssid[4] | bssid[5] << 8); 5186 } 5187 5188 static void 5189 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5190 { 5191 run_write(sc, RT2860_MAC_ADDR_DW0, 5192 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5193 run_write(sc, RT2860_MAC_ADDR_DW1, 5194 addr[4] | addr[5] << 8 | 0xff << 16); 5195 } 5196 5197 static void 5198 run_updateslot(struct ifnet *ifp) 5199 { 5200 struct run_softc *sc = ifp->if_softc; 5201 struct ieee80211com *ic = ifp->if_l2com; 5202 uint32_t i; 5203 5204 i = RUN_CMDQ_GET(&sc->cmdq_store); 5205 DPRINTF("cmdq_store=%d\n", i); 5206 sc->cmdq[i].func = run_updateslot_cb; 5207 sc->cmdq[i].arg0 = ifp; 5208 ieee80211_runtask(ic, &sc->cmdq_task); 5209 5210 return; 5211 } 5212 5213 /* ARGSUSED */ 5214 static void 5215 run_updateslot_cb(void *arg) 5216 { 5217 struct ifnet *ifp = arg; 5218 struct run_softc *sc = ifp->if_softc; 5219 struct ieee80211com *ic = ifp->if_l2com; 5220 uint32_t tmp; 5221 5222 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5223 tmp &= ~0xff; 5224 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5225 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5226 } 5227 5228 static void 5229 run_update_mcast(struct ifnet *ifp) 5230 { 5231 /* h/w filter supports getting everything or nothing */ 5232 ifp->if_flags |= IFF_ALLMULTI; 5233 } 5234 5235 static int8_t 5236 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5237 { 5238 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5239 struct ieee80211_channel *c = ic->ic_curchan; 5240 int delta; 5241 5242 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5243 u_int chan = ieee80211_chan2ieee(ic, c); 5244 delta = sc->rssi_5ghz[rxchain]; 5245 5246 /* determine channel group */ 5247 if (chan <= 64) 5248 delta -= sc->lna[1]; 5249 else if (chan <= 128) 5250 delta -= sc->lna[2]; 5251 else 5252 delta -= sc->lna[3]; 5253 } else 5254 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5255 5256 return (-12 - delta - rssi); 5257 } 5258 5259 static void 5260 run_rt5390_bbp_init(struct run_softc *sc) 5261 { 5262 int i; 5263 uint8_t bbp; 5264 5265 /* Apply maximum likelihood detection for 2 stream case. */ 5266 run_bbp_read(sc, 105, &bbp); 5267 if (sc->nrxchains > 1) 5268 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5269 5270 /* Avoid data lost and CRC error. */ 5271 run_bbp_read(sc, 4, &bbp); 5272 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5273 5274 if (sc->mac_ver == 0x5592) { 5275 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5276 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5277 rt5592_def_bbp[i].val); 5278 } 5279 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5280 run_bbp_write(sc, 195, i + 0x80); 5281 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5282 } 5283 } else { 5284 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5285 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5286 rt5390_def_bbp[i].val); 5287 } 5288 } 5289 if (sc->mac_ver == 0x5392) { 5290 run_bbp_write(sc, 88, 0x90); 5291 run_bbp_write(sc, 95, 0x9a); 5292 run_bbp_write(sc, 98, 0x12); 5293 run_bbp_write(sc, 106, 0x12); 5294 run_bbp_write(sc, 134, 0xd0); 5295 run_bbp_write(sc, 135, 0xf6); 5296 run_bbp_write(sc, 148, 0x84); 5297 } 5298 5299 run_bbp_read(sc, 152, &bbp); 5300 run_bbp_write(sc, 152, bbp | 0x80); 5301 5302 /* Fix BBP254 for RT5592C. */ 5303 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5304 run_bbp_read(sc, 254, &bbp); 5305 run_bbp_write(sc, 254, bbp | 0x80); 5306 } 5307 5308 /* Disable hardware antenna diversity. */ 5309 if (sc->mac_ver == 0x5390) 5310 run_bbp_write(sc, 154, 0); 5311 5312 /* Initialize Rx CCK/OFDM frequency offset report. */ 5313 run_bbp_write(sc, 142, 1); 5314 run_bbp_write(sc, 143, 57); 5315 } 5316 5317 static int 5318 run_bbp_init(struct run_softc *sc) 5319 { 5320 int i, error, ntries; 5321 uint8_t bbp0; 5322 5323 /* wait for BBP to wake up */ 5324 for (ntries = 0; ntries < 20; ntries++) { 5325 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5326 return error; 5327 if (bbp0 != 0 && bbp0 != 0xff) 5328 break; 5329 } 5330 if (ntries == 20) 5331 return (ETIMEDOUT); 5332 5333 /* initialize BBP registers to default values */ 5334 if (sc->mac_ver >= 0x5390) 5335 run_rt5390_bbp_init(sc); 5336 else { 5337 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5338 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5339 rt2860_def_bbp[i].val); 5340 } 5341 } 5342 5343 if (sc->mac_ver == 0x3593) { 5344 run_bbp_write(sc, 79, 0x13); 5345 run_bbp_write(sc, 80, 0x05); 5346 run_bbp_write(sc, 81, 0x33); 5347 run_bbp_write(sc, 86, 0x46); 5348 run_bbp_write(sc, 137, 0x0f); 5349 } 5350 5351 /* fix BBP84 for RT2860E */ 5352 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5353 run_bbp_write(sc, 84, 0x19); 5354 5355 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5356 sc->mac_ver != 0x5592)) { 5357 run_bbp_write(sc, 79, 0x13); 5358 run_bbp_write(sc, 80, 0x05); 5359 run_bbp_write(sc, 81, 0x33); 5360 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5361 run_bbp_write(sc, 69, 0x16); 5362 run_bbp_write(sc, 73, 0x12); 5363 } 5364 return (0); 5365 } 5366 5367 static int 5368 run_rt3070_rf_init(struct run_softc *sc) 5369 { 5370 uint32_t tmp; 5371 uint8_t bbp4, mingain, rf, target; 5372 int i; 5373 5374 run_rt3070_rf_read(sc, 30, &rf); 5375 /* toggle RF R30 bit 7 */ 5376 run_rt3070_rf_write(sc, 30, rf | 0x80); 5377 run_delay(sc, 10); 5378 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5379 5380 /* initialize RF registers to default value */ 5381 if (sc->mac_ver == 0x3572) { 5382 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5383 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5384 rt3572_def_rf[i].val); 5385 } 5386 } else { 5387 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5388 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5389 rt3070_def_rf[i].val); 5390 } 5391 } 5392 5393 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5394 /* 5395 * Change voltage from 1.2V to 1.35V for RT3070. 5396 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5397 * in RT3070(F). 5398 */ 5399 run_read(sc, RT3070_LDO_CFG0, &tmp); 5400 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5401 run_write(sc, RT3070_LDO_CFG0, tmp); 5402 5403 } else if (sc->mac_ver == 0x3071) { 5404 run_rt3070_rf_read(sc, 6, &rf); 5405 run_rt3070_rf_write(sc, 6, rf | 0x40); 5406 run_rt3070_rf_write(sc, 31, 0x14); 5407 5408 run_read(sc, RT3070_LDO_CFG0, &tmp); 5409 tmp &= ~0x1f000000; 5410 if (sc->mac_rev < 0x0211) 5411 tmp |= 0x0d000000; /* 1.3V */ 5412 else 5413 tmp |= 0x01000000; /* 1.2V */ 5414 run_write(sc, RT3070_LDO_CFG0, tmp); 5415 5416 /* patch LNA_PE_G1 */ 5417 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5418 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5419 5420 } else if (sc->mac_ver == 0x3572) { 5421 run_rt3070_rf_read(sc, 6, &rf); 5422 run_rt3070_rf_write(sc, 6, rf | 0x40); 5423 5424 /* increase voltage from 1.2V to 1.35V */ 5425 run_read(sc, RT3070_LDO_CFG0, &tmp); 5426 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5427 run_write(sc, RT3070_LDO_CFG0, tmp); 5428 5429 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5430 run_delay(sc, 1); /* wait for 1msec */ 5431 /* decrease voltage back to 1.2V */ 5432 tmp = (tmp & ~0x1f000000) | 0x01000000; 5433 run_write(sc, RT3070_LDO_CFG0, tmp); 5434 } 5435 } 5436 5437 /* select 20MHz bandwidth */ 5438 run_rt3070_rf_read(sc, 31, &rf); 5439 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5440 5441 /* calibrate filter for 20MHz bandwidth */ 5442 sc->rf24_20mhz = 0x1f; /* default value */ 5443 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5444 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5445 5446 /* select 40MHz bandwidth */ 5447 run_bbp_read(sc, 4, &bbp4); 5448 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5449 run_rt3070_rf_read(sc, 31, &rf); 5450 run_rt3070_rf_write(sc, 31, rf | 0x20); 5451 5452 /* calibrate filter for 40MHz bandwidth */ 5453 sc->rf24_40mhz = 0x2f; /* default value */ 5454 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5455 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5456 5457 /* go back to 20MHz bandwidth */ 5458 run_bbp_read(sc, 4, &bbp4); 5459 run_bbp_write(sc, 4, bbp4 & ~0x18); 5460 5461 if (sc->mac_ver == 0x3572) { 5462 /* save default BBP registers 25 and 26 values */ 5463 run_bbp_read(sc, 25, &sc->bbp25); 5464 run_bbp_read(sc, 26, &sc->bbp26); 5465 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5466 run_rt3070_rf_write(sc, 27, 0x03); 5467 5468 run_read(sc, RT3070_OPT_14, &tmp); 5469 run_write(sc, RT3070_OPT_14, tmp | 1); 5470 5471 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5472 run_rt3070_rf_read(sc, 17, &rf); 5473 rf &= ~RT3070_TX_LO1; 5474 if ((sc->mac_ver == 0x3070 || 5475 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5476 !sc->ext_2ghz_lna) 5477 rf |= 0x20; /* fix for long range Rx issue */ 5478 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5479 if (sc->txmixgain_2ghz >= mingain) 5480 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5481 run_rt3070_rf_write(sc, 17, rf); 5482 } 5483 5484 if (sc->mac_rev == 0x3071) { 5485 run_rt3070_rf_read(sc, 1, &rf); 5486 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5487 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5488 run_rt3070_rf_write(sc, 1, rf); 5489 5490 run_rt3070_rf_read(sc, 15, &rf); 5491 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5492 5493 run_rt3070_rf_read(sc, 20, &rf); 5494 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5495 5496 run_rt3070_rf_read(sc, 21, &rf); 5497 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5498 } 5499 5500 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5501 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5502 run_rt3070_rf_read(sc, 27, &rf); 5503 rf &= ~0x77; 5504 if (sc->mac_rev < 0x0211) 5505 rf |= 0x03; 5506 run_rt3070_rf_write(sc, 27, rf); 5507 } 5508 return (0); 5509 } 5510 5511 static void 5512 run_rt3593_rf_init(struct run_softc *sc) 5513 { 5514 uint32_t tmp; 5515 uint8_t rf; 5516 int i; 5517 5518 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5519 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5520 tmp &= ~(1 << 4 | 1 << 7); 5521 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5522 5523 /* Initialize RF registers to default value. */ 5524 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5525 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5526 rt3593_def_rf[i].val); 5527 } 5528 5529 /* Toggle RF R2 to initiate calibration. */ 5530 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5531 5532 /* Initialize RF frequency offset. */ 5533 run_adjust_freq_offset(sc); 5534 5535 run_rt3070_rf_read(sc, 18, &rf); 5536 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5537 5538 /* 5539 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5540 * decrease voltage back to 1.2V. 5541 */ 5542 run_read(sc, RT3070_LDO_CFG0, &tmp); 5543 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5544 run_write(sc, RT3070_LDO_CFG0, tmp); 5545 run_delay(sc, 1); 5546 tmp = (tmp & ~0x1f000000) | 0x01000000; 5547 run_write(sc, RT3070_LDO_CFG0, tmp); 5548 5549 sc->rf24_20mhz = 0x1f; 5550 sc->rf24_40mhz = 0x2f; 5551 5552 /* Save default BBP registers 25 and 26 values. */ 5553 run_bbp_read(sc, 25, &sc->bbp25); 5554 run_bbp_read(sc, 26, &sc->bbp26); 5555 5556 run_read(sc, RT3070_OPT_14, &tmp); 5557 run_write(sc, RT3070_OPT_14, tmp | 1); 5558 } 5559 5560 static void 5561 run_rt5390_rf_init(struct run_softc *sc) 5562 { 5563 uint32_t tmp; 5564 uint8_t rf; 5565 int i; 5566 5567 /* Toggle RF R2 to initiate calibration. */ 5568 if (sc->mac_ver == 0x5390) { 5569 run_rt3070_rf_read(sc, 2, &rf); 5570 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5571 run_delay(sc, 10); 5572 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5573 } else { 5574 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5575 run_delay(sc, 10); 5576 } 5577 5578 /* Initialize RF registers to default value. */ 5579 if (sc->mac_ver == 0x5592) { 5580 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5581 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5582 rt5592_def_rf[i].val); 5583 } 5584 /* Initialize RF frequency offset. */ 5585 run_adjust_freq_offset(sc); 5586 } else if (sc->mac_ver == 0x5392) { 5587 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5588 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5589 rt5392_def_rf[i].val); 5590 } 5591 if (sc->mac_rev >= 0x0223) { 5592 run_rt3070_rf_write(sc, 23, 0x0f); 5593 run_rt3070_rf_write(sc, 24, 0x3e); 5594 run_rt3070_rf_write(sc, 51, 0x32); 5595 run_rt3070_rf_write(sc, 53, 0x22); 5596 run_rt3070_rf_write(sc, 56, 0xc1); 5597 run_rt3070_rf_write(sc, 59, 0x0f); 5598 } 5599 } else { 5600 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5601 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5602 rt5390_def_rf[i].val); 5603 } 5604 if (sc->mac_rev >= 0x0502) { 5605 run_rt3070_rf_write(sc, 6, 0xe0); 5606 run_rt3070_rf_write(sc, 25, 0x80); 5607 run_rt3070_rf_write(sc, 46, 0x73); 5608 run_rt3070_rf_write(sc, 53, 0x00); 5609 run_rt3070_rf_write(sc, 56, 0x42); 5610 run_rt3070_rf_write(sc, 61, 0xd1); 5611 } 5612 } 5613 5614 sc->rf24_20mhz = 0x1f; /* default value */ 5615 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5616 5617 if (sc->mac_rev < 0x0211) 5618 run_rt3070_rf_write(sc, 27, 0x3); 5619 5620 run_read(sc, RT3070_OPT_14, &tmp); 5621 run_write(sc, RT3070_OPT_14, tmp | 1); 5622 } 5623 5624 static int 5625 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5626 uint8_t *val) 5627 { 5628 uint8_t rf22, rf24; 5629 uint8_t bbp55_pb, bbp55_sb, delta; 5630 int ntries; 5631 5632 /* program filter */ 5633 run_rt3070_rf_read(sc, 24, &rf24); 5634 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5635 run_rt3070_rf_write(sc, 24, rf24); 5636 5637 /* enable baseband loopback mode */ 5638 run_rt3070_rf_read(sc, 22, &rf22); 5639 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5640 5641 /* set power and frequency of passband test tone */ 5642 run_bbp_write(sc, 24, 0x00); 5643 for (ntries = 0; ntries < 100; ntries++) { 5644 /* transmit test tone */ 5645 run_bbp_write(sc, 25, 0x90); 5646 run_delay(sc, 10); 5647 /* read received power */ 5648 run_bbp_read(sc, 55, &bbp55_pb); 5649 if (bbp55_pb != 0) 5650 break; 5651 } 5652 if (ntries == 100) 5653 return (ETIMEDOUT); 5654 5655 /* set power and frequency of stopband test tone */ 5656 run_bbp_write(sc, 24, 0x06); 5657 for (ntries = 0; ntries < 100; ntries++) { 5658 /* transmit test tone */ 5659 run_bbp_write(sc, 25, 0x90); 5660 run_delay(sc, 10); 5661 /* read received power */ 5662 run_bbp_read(sc, 55, &bbp55_sb); 5663 5664 delta = bbp55_pb - bbp55_sb; 5665 if (delta > target) 5666 break; 5667 5668 /* reprogram filter */ 5669 rf24++; 5670 run_rt3070_rf_write(sc, 24, rf24); 5671 } 5672 if (ntries < 100) { 5673 if (rf24 != init) 5674 rf24--; /* backtrack */ 5675 *val = rf24; 5676 run_rt3070_rf_write(sc, 24, rf24); 5677 } 5678 5679 /* restore initial state */ 5680 run_bbp_write(sc, 24, 0x00); 5681 5682 /* disable baseband loopback mode */ 5683 run_rt3070_rf_read(sc, 22, &rf22); 5684 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5685 5686 return (0); 5687 } 5688 5689 static void 5690 run_rt3070_rf_setup(struct run_softc *sc) 5691 { 5692 uint8_t bbp, rf; 5693 int i; 5694 5695 if (sc->mac_ver == 0x3572) { 5696 /* enable DC filter */ 5697 if (sc->mac_rev >= 0x0201) 5698 run_bbp_write(sc, 103, 0xc0); 5699 5700 run_bbp_read(sc, 138, &bbp); 5701 if (sc->ntxchains == 1) 5702 bbp |= 0x20; /* turn off DAC1 */ 5703 if (sc->nrxchains == 1) 5704 bbp &= ~0x02; /* turn off ADC1 */ 5705 run_bbp_write(sc, 138, bbp); 5706 5707 if (sc->mac_rev >= 0x0211) { 5708 /* improve power consumption */ 5709 run_bbp_read(sc, 31, &bbp); 5710 run_bbp_write(sc, 31, bbp & ~0x03); 5711 } 5712 5713 run_rt3070_rf_read(sc, 16, &rf); 5714 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5715 run_rt3070_rf_write(sc, 16, rf); 5716 5717 } else if (sc->mac_ver == 0x3071) { 5718 if (sc->mac_rev >= 0x0211) { 5719 /* enable DC filter */ 5720 run_bbp_write(sc, 103, 0xc0); 5721 5722 /* improve power consumption */ 5723 run_bbp_read(sc, 31, &bbp); 5724 run_bbp_write(sc, 31, bbp & ~0x03); 5725 } 5726 5727 run_bbp_read(sc, 138, &bbp); 5728 if (sc->ntxchains == 1) 5729 bbp |= 0x20; /* turn off DAC1 */ 5730 if (sc->nrxchains == 1) 5731 bbp &= ~0x02; /* turn off ADC1 */ 5732 run_bbp_write(sc, 138, bbp); 5733 5734 run_write(sc, RT2860_TX_SW_CFG1, 0); 5735 if (sc->mac_rev < 0x0211) { 5736 run_write(sc, RT2860_TX_SW_CFG2, 5737 sc->patch_dac ? 0x2c : 0x0f); 5738 } else 5739 run_write(sc, RT2860_TX_SW_CFG2, 0); 5740 5741 } else if (sc->mac_ver == 0x3070) { 5742 if (sc->mac_rev >= 0x0201) { 5743 /* enable DC filter */ 5744 run_bbp_write(sc, 103, 0xc0); 5745 5746 /* improve power consumption */ 5747 run_bbp_read(sc, 31, &bbp); 5748 run_bbp_write(sc, 31, bbp & ~0x03); 5749 } 5750 5751 if (sc->mac_rev < 0x0201) { 5752 run_write(sc, RT2860_TX_SW_CFG1, 0); 5753 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5754 } else 5755 run_write(sc, RT2860_TX_SW_CFG2, 0); 5756 } 5757 5758 /* initialize RF registers from ROM for >=RT3071*/ 5759 if (sc->mac_ver >= 0x3071) { 5760 for (i = 0; i < 10; i++) { 5761 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5762 continue; 5763 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5764 } 5765 } 5766 } 5767 5768 static void 5769 run_rt3593_rf_setup(struct run_softc *sc) 5770 { 5771 uint8_t bbp, rf; 5772 5773 if (sc->mac_rev >= 0x0211) { 5774 /* Enable DC filter. */ 5775 run_bbp_write(sc, 103, 0xc0); 5776 } 5777 run_write(sc, RT2860_TX_SW_CFG1, 0); 5778 if (sc->mac_rev < 0x0211) { 5779 run_write(sc, RT2860_TX_SW_CFG2, 5780 sc->patch_dac ? 0x2c : 0x0f); 5781 } else 5782 run_write(sc, RT2860_TX_SW_CFG2, 0); 5783 5784 run_rt3070_rf_read(sc, 50, &rf); 5785 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5786 5787 run_rt3070_rf_read(sc, 51, &rf); 5788 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5789 ((sc->txmixgain_2ghz & 0x07) << 2); 5790 run_rt3070_rf_write(sc, 51, rf); 5791 5792 run_rt3070_rf_read(sc, 38, &rf); 5793 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5794 5795 run_rt3070_rf_read(sc, 39, &rf); 5796 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5797 5798 run_rt3070_rf_read(sc, 1, &rf); 5799 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5800 5801 run_rt3070_rf_read(sc, 30, &rf); 5802 rf = (rf & ~0x18) | 0x10; 5803 run_rt3070_rf_write(sc, 30, rf); 5804 5805 /* Apply maximum likelihood detection for 2 stream case. */ 5806 run_bbp_read(sc, 105, &bbp); 5807 if (sc->nrxchains > 1) 5808 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5809 5810 /* Avoid data lost and CRC error. */ 5811 run_bbp_read(sc, 4, &bbp); 5812 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5813 5814 run_bbp_write(sc, 92, 0x02); 5815 run_bbp_write(sc, 82, 0x82); 5816 run_bbp_write(sc, 106, 0x05); 5817 run_bbp_write(sc, 104, 0x92); 5818 run_bbp_write(sc, 88, 0x90); 5819 run_bbp_write(sc, 148, 0xc8); 5820 run_bbp_write(sc, 47, 0x48); 5821 run_bbp_write(sc, 120, 0x50); 5822 5823 run_bbp_write(sc, 163, 0x9d); 5824 5825 /* SNR mapping. */ 5826 run_bbp_write(sc, 142, 0x06); 5827 run_bbp_write(sc, 143, 0xa0); 5828 run_bbp_write(sc, 142, 0x07); 5829 run_bbp_write(sc, 143, 0xa1); 5830 run_bbp_write(sc, 142, 0x08); 5831 run_bbp_write(sc, 143, 0xa2); 5832 5833 run_bbp_write(sc, 31, 0x08); 5834 run_bbp_write(sc, 68, 0x0b); 5835 run_bbp_write(sc, 105, 0x04); 5836 } 5837 5838 static void 5839 run_rt5390_rf_setup(struct run_softc *sc) 5840 { 5841 uint8_t bbp, rf; 5842 5843 if (sc->mac_rev >= 0x0211) { 5844 /* Enable DC filter. */ 5845 run_bbp_write(sc, 103, 0xc0); 5846 5847 if (sc->mac_ver != 0x5592) { 5848 /* Improve power consumption. */ 5849 run_bbp_read(sc, 31, &bbp); 5850 run_bbp_write(sc, 31, bbp & ~0x03); 5851 } 5852 } 5853 5854 run_bbp_read(sc, 138, &bbp); 5855 if (sc->ntxchains == 1) 5856 bbp |= 0x20; /* turn off DAC1 */ 5857 if (sc->nrxchains == 1) 5858 bbp &= ~0x02; /* turn off ADC1 */ 5859 run_bbp_write(sc, 138, bbp); 5860 5861 run_rt3070_rf_read(sc, 38, &rf); 5862 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5863 5864 run_rt3070_rf_read(sc, 39, &rf); 5865 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5866 5867 /* Avoid data lost and CRC error. */ 5868 run_bbp_read(sc, 4, &bbp); 5869 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5870 5871 run_rt3070_rf_read(sc, 30, &rf); 5872 rf = (rf & ~0x18) | 0x10; 5873 run_rt3070_rf_write(sc, 30, rf); 5874 5875 if (sc->mac_ver != 0x5592) { 5876 run_write(sc, RT2860_TX_SW_CFG1, 0); 5877 if (sc->mac_rev < 0x0211) { 5878 run_write(sc, RT2860_TX_SW_CFG2, 5879 sc->patch_dac ? 0x2c : 0x0f); 5880 } else 5881 run_write(sc, RT2860_TX_SW_CFG2, 0); 5882 } 5883 } 5884 5885 static int 5886 run_txrx_enable(struct run_softc *sc) 5887 { 5888 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5889 uint32_t tmp; 5890 int error, ntries; 5891 5892 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5893 for (ntries = 0; ntries < 200; ntries++) { 5894 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5895 return (error); 5896 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5897 break; 5898 run_delay(sc, 50); 5899 } 5900 if (ntries == 200) 5901 return (ETIMEDOUT); 5902 5903 run_delay(sc, 50); 5904 5905 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5906 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5907 5908 /* enable Rx bulk aggregation (set timeout and limit) */ 5909 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5910 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5911 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5912 5913 /* set Rx filter */ 5914 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5915 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5916 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5917 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5918 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5919 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5920 if (ic->ic_opmode == IEEE80211_M_STA) 5921 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5922 } 5923 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5924 5925 run_write(sc, RT2860_MAC_SYS_CTRL, 5926 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5927 5928 return (0); 5929 } 5930 5931 static void 5932 run_adjust_freq_offset(struct run_softc *sc) 5933 { 5934 uint8_t rf, tmp; 5935 5936 run_rt3070_rf_read(sc, 17, &rf); 5937 tmp = rf; 5938 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5939 rf = MIN(rf, 0x5f); 5940 5941 if (tmp != rf) 5942 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5943 } 5944 5945 static void 5946 run_init_locked(struct run_softc *sc) 5947 { 5948 struct ifnet *ifp = sc->sc_ifp; 5949 struct ieee80211com *ic = ifp->if_l2com; 5950 uint32_t tmp; 5951 uint8_t bbp1, bbp3; 5952 int i; 5953 int ridx; 5954 int ntries; 5955 5956 if (ic->ic_nrunning > 1) 5957 return; 5958 5959 run_stop(sc); 5960 5961 if (run_load_microcode(sc) != 0) { 5962 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5963 goto fail; 5964 } 5965 5966 for (ntries = 0; ntries < 100; ntries++) { 5967 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5968 goto fail; 5969 if (tmp != 0 && tmp != 0xffffffff) 5970 break; 5971 run_delay(sc, 10); 5972 } 5973 if (ntries == 100) 5974 goto fail; 5975 5976 for (i = 0; i != RUN_EP_QUEUES; i++) 5977 run_setup_tx_list(sc, &sc->sc_epq[i]); 5978 5979 run_set_macaddr(sc, IF_LLADDR(ifp)); 5980 5981 for (ntries = 0; ntries < 100; ntries++) { 5982 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5983 goto fail; 5984 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5985 break; 5986 run_delay(sc, 10); 5987 } 5988 if (ntries == 100) { 5989 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5990 goto fail; 5991 } 5992 tmp &= 0xff0; 5993 tmp |= RT2860_TX_WB_DDONE; 5994 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5995 5996 /* turn off PME_OEN to solve high-current issue */ 5997 run_read(sc, RT2860_SYS_CTRL, &tmp); 5998 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5999 6000 run_write(sc, RT2860_MAC_SYS_CTRL, 6001 RT2860_BBP_HRST | RT2860_MAC_SRST); 6002 run_write(sc, RT2860_USB_DMA_CFG, 0); 6003 6004 if (run_reset(sc) != 0) { 6005 device_printf(sc->sc_dev, "could not reset chipset\n"); 6006 goto fail; 6007 } 6008 6009 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6010 6011 /* init Tx power for all Tx rates (from EEPROM) */ 6012 for (ridx = 0; ridx < 5; ridx++) { 6013 if (sc->txpow20mhz[ridx] == 0xffffffff) 6014 continue; 6015 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6016 } 6017 6018 for (i = 0; i < nitems(rt2870_def_mac); i++) 6019 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6020 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6021 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6022 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6023 6024 if (sc->mac_ver >= 0x5390) { 6025 run_write(sc, RT2860_TX_SW_CFG0, 6026 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6027 if (sc->mac_ver >= 0x5392) { 6028 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6029 if (sc->mac_ver == 0x5592) { 6030 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6031 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6032 } else { 6033 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6034 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6035 } 6036 } 6037 } else if (sc->mac_ver == 0x3593) { 6038 run_write(sc, RT2860_TX_SW_CFG0, 6039 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6040 } else if (sc->mac_ver >= 0x3070) { 6041 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6042 run_write(sc, RT2860_TX_SW_CFG0, 6043 4 << RT2860_DLY_PAPE_EN_SHIFT); 6044 } 6045 6046 /* wait while MAC is busy */ 6047 for (ntries = 0; ntries < 100; ntries++) { 6048 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6049 goto fail; 6050 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6051 break; 6052 run_delay(sc, 10); 6053 } 6054 if (ntries == 100) 6055 goto fail; 6056 6057 /* clear Host to MCU mailbox */ 6058 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6059 run_write(sc, RT2860_H2M_MAILBOX, 0); 6060 run_delay(sc, 10); 6061 6062 if (run_bbp_init(sc) != 0) { 6063 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6064 goto fail; 6065 } 6066 6067 /* abort TSF synchronization */ 6068 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6069 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6070 RT2860_TBTT_TIMER_EN); 6071 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6072 6073 /* clear RX WCID search table */ 6074 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6075 /* clear WCID attribute table */ 6076 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6077 6078 /* hostapd sets a key before init. So, don't clear it. */ 6079 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6080 /* clear shared key table */ 6081 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6082 /* clear shared key mode */ 6083 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6084 } 6085 6086 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6087 tmp = (tmp & ~0xff) | 0x1e; 6088 run_write(sc, RT2860_US_CYC_CNT, tmp); 6089 6090 if (sc->mac_rev != 0x0101) 6091 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6092 6093 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6094 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6095 6096 /* write vendor-specific BBP values (from EEPROM) */ 6097 if (sc->mac_ver < 0x3593) { 6098 for (i = 0; i < 10; i++) { 6099 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6100 continue; 6101 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6102 } 6103 } 6104 6105 /* select Main antenna for 1T1R devices */ 6106 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6107 run_set_rx_antenna(sc, 0); 6108 6109 /* send LEDs operating mode to microcontroller */ 6110 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6111 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6112 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6113 6114 if (sc->mac_ver >= 0x5390) 6115 run_rt5390_rf_init(sc); 6116 else if (sc->mac_ver == 0x3593) 6117 run_rt3593_rf_init(sc); 6118 else if (sc->mac_ver >= 0x3070) 6119 run_rt3070_rf_init(sc); 6120 6121 /* disable non-existing Rx chains */ 6122 run_bbp_read(sc, 3, &bbp3); 6123 bbp3 &= ~(1 << 3 | 1 << 4); 6124 if (sc->nrxchains == 2) 6125 bbp3 |= 1 << 3; 6126 else if (sc->nrxchains == 3) 6127 bbp3 |= 1 << 4; 6128 run_bbp_write(sc, 3, bbp3); 6129 6130 /* disable non-existing Tx chains */ 6131 run_bbp_read(sc, 1, &bbp1); 6132 if (sc->ntxchains == 1) 6133 bbp1 &= ~(1 << 3 | 1 << 4); 6134 run_bbp_write(sc, 1, bbp1); 6135 6136 if (sc->mac_ver >= 0x5390) 6137 run_rt5390_rf_setup(sc); 6138 else if (sc->mac_ver == 0x3593) 6139 run_rt3593_rf_setup(sc); 6140 else if (sc->mac_ver >= 0x3070) 6141 run_rt3070_rf_setup(sc); 6142 6143 /* select default channel */ 6144 run_set_chan(sc, ic->ic_curchan); 6145 6146 /* setup initial protection mode */ 6147 run_updateprot_cb(ic); 6148 6149 /* turn radio LED on */ 6150 run_set_leds(sc, RT2860_LED_RADIO); 6151 6152 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 6153 ifp->if_drv_flags |= IFF_DRV_RUNNING; 6154 sc->cmdq_run = RUN_CMDQ_GO; 6155 6156 for (i = 0; i != RUN_N_XFER; i++) 6157 usbd_xfer_set_stall(sc->sc_xfer[i]); 6158 6159 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6160 6161 if (run_txrx_enable(sc) != 0) 6162 goto fail; 6163 6164 return; 6165 6166 fail: 6167 run_stop(sc); 6168 } 6169 6170 static void 6171 run_init(void *arg) 6172 { 6173 struct run_softc *sc = arg; 6174 struct ifnet *ifp = sc->sc_ifp; 6175 struct ieee80211com *ic = ifp->if_l2com; 6176 6177 RUN_LOCK(sc); 6178 run_init_locked(sc); 6179 RUN_UNLOCK(sc); 6180 6181 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6182 ieee80211_start_all(ic); 6183 } 6184 6185 static void 6186 run_stop(void *arg) 6187 { 6188 struct run_softc *sc = (struct run_softc *)arg; 6189 struct ifnet *ifp = sc->sc_ifp; 6190 uint32_t tmp; 6191 int i; 6192 int ntries; 6193 6194 RUN_LOCK_ASSERT(sc, MA_OWNED); 6195 6196 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6197 run_set_leds(sc, 0); /* turn all LEDs off */ 6198 6199 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 6200 6201 sc->ratectl_run = RUN_RATECTL_OFF; 6202 sc->cmdq_run = sc->cmdq_key_set; 6203 6204 RUN_UNLOCK(sc); 6205 6206 for(i = 0; i < RUN_N_XFER; i++) 6207 usbd_transfer_drain(sc->sc_xfer[i]); 6208 6209 RUN_LOCK(sc); 6210 6211 if (sc->rx_m != NULL) { 6212 m_free(sc->rx_m); 6213 sc->rx_m = NULL; 6214 } 6215 6216 /* Disable Tx/Rx DMA. */ 6217 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6218 return; 6219 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6220 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6221 6222 for (ntries = 0; ntries < 100; ntries++) { 6223 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6224 return; 6225 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6226 break; 6227 run_delay(sc, 10); 6228 } 6229 if (ntries == 100) { 6230 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6231 return; 6232 } 6233 6234 /* disable Tx/Rx */ 6235 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6236 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6237 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6238 6239 /* wait for pending Tx to complete */ 6240 for (ntries = 0; ntries < 100; ntries++) { 6241 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6242 DPRINTF("Cannot read Tx queue count\n"); 6243 break; 6244 } 6245 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6246 DPRINTF("All Tx cleared\n"); 6247 break; 6248 } 6249 run_delay(sc, 10); 6250 } 6251 if (ntries >= 100) 6252 DPRINTF("There are still pending Tx\n"); 6253 run_delay(sc, 10); 6254 run_write(sc, RT2860_USB_DMA_CFG, 0); 6255 6256 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6257 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6258 6259 for (i = 0; i != RUN_EP_QUEUES; i++) 6260 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6261 } 6262 6263 static void 6264 run_delay(struct run_softc *sc, u_int ms) 6265 { 6266 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6267 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6268 } 6269 6270 static device_method_t run_methods[] = { 6271 /* Device interface */ 6272 DEVMETHOD(device_probe, run_match), 6273 DEVMETHOD(device_attach, run_attach), 6274 DEVMETHOD(device_detach, run_detach), 6275 DEVMETHOD_END 6276 }; 6277 6278 static driver_t run_driver = { 6279 .name = "run", 6280 .methods = run_methods, 6281 .size = sizeof(struct run_softc) 6282 }; 6283 6284 static devclass_t run_devclass; 6285 6286 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6287 MODULE_DEPEND(run, wlan, 1, 1, 1); 6288 MODULE_DEPEND(run, usb, 1, 1, 1); 6289 MODULE_DEPEND(run, firmware, 1, 1, 1); 6290 MODULE_VERSION(run, 1); 6291