1 /*-
2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 #include <sys/cdefs.h>
21 /*-
22 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
23 * http://www.ralinktech.com/
24 */
25
26 #include "opt_wlan.h"
27
28 #include <sys/param.h>
29 #include <sys/eventhandler.h>
30 #include <sys/sockio.h>
31 #include <sys/sysctl.h>
32 #include <sys/lock.h>
33 #include <sys/mutex.h>
34 #include <sys/mbuf.h>
35 #include <sys/kernel.h>
36 #include <sys/socket.h>
37 #include <sys/systm.h>
38 #include <sys/malloc.h>
39 #include <sys/module.h>
40 #include <sys/bus.h>
41 #include <sys/endian.h>
42 #include <sys/linker.h>
43 #include <sys/firmware.h>
44 #include <sys/kdb.h>
45
46 #include <net/bpf.h>
47 #include <net/if.h>
48 #include <net/if_var.h>
49 #include <net/if_arp.h>
50 #include <net/ethernet.h>
51 #include <net/if_dl.h>
52 #include <net/if_media.h>
53 #include <net/if_types.h>
54
55 #include <netinet/in.h>
56 #include <netinet/in_systm.h>
57 #include <netinet/in_var.h>
58 #include <netinet/if_ether.h>
59 #include <netinet/ip.h>
60
61 #include <net80211/ieee80211_var.h>
62 #include <net80211/ieee80211_regdomain.h>
63 #include <net80211/ieee80211_radiotap.h>
64 #include <net80211/ieee80211_ratectl.h>
65 #ifdef IEEE80211_SUPPORT_SUPERG
66 #include <net80211/ieee80211_superg.h>
67 #endif
68
69 #include <dev/usb/usb.h>
70 #include <dev/usb/usbdi.h>
71 #include "usbdevs.h"
72
73 #define USB_DEBUG_VAR run_debug
74 #include <dev/usb/usb_debug.h>
75 #include <dev/usb/usb_msctest.h>
76
77 #include <dev/usb/wlan/if_runreg.h>
78 #include <dev/usb/wlan/if_runvar.h>
79
80 #ifdef USB_DEBUG
81 #define RUN_DEBUG
82 #endif
83
84 #ifdef RUN_DEBUG
85 int run_debug = 0;
86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
87 "USB run");
88 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
89 "run debug level");
90
91 enum {
92 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
93 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */
94 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */
95 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */
96 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */
97 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */
98 RUN_DEBUG_USB = 0x00000040, /* usb requests */
99 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */
100 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */
101 RUN_DEBUG_INTR = 0x00000200, /* ISR */
102 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */
103 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */
104 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */
105 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */
106 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */
107 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */
108 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */
109 RUN_DEBUG_CMD = 0x00020000, /* command queue */
110 RUN_DEBUG_ANY = 0xffffffff
111 };
112
113 #define RUN_DPRINTF(_sc, _m, ...) do { \
114 if (run_debug & (_m)) \
115 device_printf((_sc)->sc_dev, __VA_ARGS__); \
116 } while(0)
117 #else
118 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0)
119 #endif
120
121 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
122
123 /*
124 * Because of LOR in run_key_delete(), use atomic instead.
125 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
126 */
127 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
128
129 static const STRUCT_USB_HOST_ID run_devs[] = {
130 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
131 #define RUN_DEV_EJECT(v,p) \
132 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
133 #define RUN_EJECT 1
134 RUN_DEV(ABOCOM, RT2770),
135 RUN_DEV(ABOCOM, RT2870),
136 RUN_DEV(ABOCOM, RT3070),
137 RUN_DEV(ABOCOM, RT3071),
138 RUN_DEV(ABOCOM, RT3072),
139 RUN_DEV(ABOCOM2, RT2870_1),
140 RUN_DEV(ACCTON, RT2770),
141 RUN_DEV(ACCTON, RT2870_1),
142 RUN_DEV(ACCTON, RT2870_2),
143 RUN_DEV(ACCTON, RT2870_3),
144 RUN_DEV(ACCTON, RT2870_4),
145 RUN_DEV(ACCTON, RT2870_5),
146 RUN_DEV(ACCTON, RT3070),
147 RUN_DEV(ACCTON, RT3070_1),
148 RUN_DEV(ACCTON, RT3070_2),
149 RUN_DEV(ACCTON, RT3070_3),
150 RUN_DEV(ACCTON, RT3070_4),
151 RUN_DEV(ACCTON, RT3070_5),
152 RUN_DEV(AIRTIES, RT3070),
153 RUN_DEV(ALLWIN, RT2070),
154 RUN_DEV(ALLWIN, RT2770),
155 RUN_DEV(ALLWIN, RT2870),
156 RUN_DEV(ALLWIN, RT3070),
157 RUN_DEV(ALLWIN, RT3071),
158 RUN_DEV(ALLWIN, RT3072),
159 RUN_DEV(ALLWIN, RT3572),
160 RUN_DEV(AMIGO, RT2870_1),
161 RUN_DEV(AMIGO, RT2870_2),
162 RUN_DEV(AMIT, CGWLUSB2GNR),
163 RUN_DEV(AMIT, RT2870_1),
164 RUN_DEV(AMIT2, RT2870),
165 RUN_DEV(ASUS, RT2870_1),
166 RUN_DEV(ASUS, RT2870_2),
167 RUN_DEV(ASUS, RT2870_3),
168 RUN_DEV(ASUS, RT2870_4),
169 RUN_DEV(ASUS, RT2870_5),
170 RUN_DEV(ASUS, USBN13),
171 RUN_DEV(ASUS, RT3070_1),
172 RUN_DEV(ASUS, USBN66),
173 RUN_DEV(ASUS, USB_N53),
174 RUN_DEV(ASUS, USBN14),
175 RUN_DEV(ASUS2, USBN11),
176 RUN_DEV(AZUREWAVE, RT2870_1),
177 RUN_DEV(AZUREWAVE, RT2870_2),
178 RUN_DEV(AZUREWAVE, RT3070_1),
179 RUN_DEV(AZUREWAVE, RT3070_2),
180 RUN_DEV(AZUREWAVE, RT3070_3),
181 RUN_DEV(BELKIN, F9L1103),
182 RUN_DEV(BELKIN, F5D8053V3),
183 RUN_DEV(BELKIN, F5D8055),
184 RUN_DEV(BELKIN, F5D8055V2),
185 RUN_DEV(BELKIN, F6D4050V1),
186 RUN_DEV(BELKIN, F6D4050V2),
187 RUN_DEV(BELKIN, RT2870_1),
188 RUN_DEV(BELKIN, RT2870_2),
189 RUN_DEV(CISCOLINKSYS, AE1000),
190 RUN_DEV(CISCOLINKSYS2, RT3070),
191 RUN_DEV(CISCOLINKSYS3, RT3070),
192 RUN_DEV(CONCEPTRONIC2, RT2870_1),
193 RUN_DEV(CONCEPTRONIC2, RT2870_2),
194 RUN_DEV(CONCEPTRONIC2, RT2870_3),
195 RUN_DEV(CONCEPTRONIC2, RT2870_4),
196 RUN_DEV(CONCEPTRONIC2, RT2870_5),
197 RUN_DEV(CONCEPTRONIC2, RT2870_6),
198 RUN_DEV(CONCEPTRONIC2, RT2870_7),
199 RUN_DEV(CONCEPTRONIC2, RT2870_8),
200 RUN_DEV(CONCEPTRONIC2, RT3070_1),
201 RUN_DEV(CONCEPTRONIC2, RT3070_2),
202 RUN_DEV(CONCEPTRONIC2, VIGORN61),
203 RUN_DEV(COREGA, CGWLUSB300GNM),
204 RUN_DEV(COREGA, RT2870_1),
205 RUN_DEV(COREGA, RT2870_2),
206 RUN_DEV(COREGA, RT2870_3),
207 RUN_DEV(COREGA, RT3070),
208 RUN_DEV(CYBERTAN, RT2870),
209 RUN_DEV(DLINK, RT2870),
210 RUN_DEV(DLINK, RT3072),
211 RUN_DEV(DLINK, DWA125A3),
212 RUN_DEV(DLINK, DWA127),
213 RUN_DEV(DLINK, DWA140B3),
214 RUN_DEV(DLINK, DWA160B2),
215 RUN_DEV(DLINK, DWA140D1),
216 RUN_DEV(DLINK, DWA130F1),
217 RUN_DEV(DLINK, DWA162),
218 RUN_DEV(DLINK2, DWA130),
219 RUN_DEV(DLINK2, RT2870_1),
220 RUN_DEV(DLINK2, RT2870_2),
221 RUN_DEV(DLINK2, RT3070_1),
222 RUN_DEV(DLINK2, RT3070_2),
223 RUN_DEV(DLINK2, RT3070_3),
224 RUN_DEV(DLINK2, RT3070_4),
225 RUN_DEV(DLINK2, RT3070_5),
226 RUN_DEV(DLINK2, RT3072),
227 RUN_DEV(DLINK2, RT3072_1),
228 RUN_DEV(EDIMAX, EW7717),
229 RUN_DEV(EDIMAX, EW7718),
230 RUN_DEV(EDIMAX, EW7733UND),
231 RUN_DEV(EDIMAX, RT2870_1),
232 RUN_DEV(ENCORE, RT3070_1),
233 RUN_DEV(ENCORE, RT3070_2),
234 RUN_DEV(ENCORE, RT3070_3),
235 RUN_DEV(GIGABYTE, GNWB31N),
236 RUN_DEV(GIGABYTE, GNWB32L),
237 RUN_DEV(GIGABYTE, RT2870_1),
238 RUN_DEV(GIGASET, RT3070_1),
239 RUN_DEV(GIGASET, RT3070_2),
240 RUN_DEV(GUILLEMOT, HWNU300),
241 RUN_DEV(HAWKING, HWUN2),
242 RUN_DEV(HAWKING, RT2870_1),
243 RUN_DEV(HAWKING, RT2870_2),
244 RUN_DEV(HAWKING, RT3070),
245 RUN_DEV(IODATA, RT3072_1),
246 RUN_DEV(IODATA, RT3072_2),
247 RUN_DEV(IODATA, RT3072_3),
248 RUN_DEV(IODATA, RT3072_4),
249 RUN_DEV(LINKSYS4, RT3070),
250 RUN_DEV(LINKSYS4, WUSB100),
251 RUN_DEV(LINKSYS4, WUSB54GCV3),
252 RUN_DEV(LINKSYS4, WUSB600N),
253 RUN_DEV(LINKSYS4, WUSB600NV2),
254 RUN_DEV(LOGITEC, RT2870_1),
255 RUN_DEV(LOGITEC, RT2870_2),
256 RUN_DEV(LOGITEC, RT2870_3),
257 RUN_DEV(LOGITEC, LANW300NU2),
258 RUN_DEV(LOGITEC, LANW150NU2),
259 RUN_DEV(LOGITEC, LANW300NU2S),
260 RUN_DEV(MELCO, WLIUCG300HP),
261 RUN_DEV(MELCO, RT2870_2),
262 RUN_DEV(MELCO, WLIUCAG300N),
263 RUN_DEV(MELCO, WLIUCG300N),
264 RUN_DEV(MELCO, WLIUCG301N),
265 RUN_DEV(MELCO, WLIUCGN),
266 RUN_DEV(MELCO, WLIUCGNM),
267 RUN_DEV(MELCO, WLIUCG300HPV1),
268 RUN_DEV(MELCO, WLIUCGNM2),
269 RUN_DEV(MOTOROLA4, RT2770),
270 RUN_DEV(MOTOROLA4, RT3070),
271 RUN_DEV(MSI, RT3070_1),
272 RUN_DEV(MSI, RT3070_2),
273 RUN_DEV(MSI, RT3070_3),
274 RUN_DEV(MSI, RT3070_4),
275 RUN_DEV(MSI, RT3070_5),
276 RUN_DEV(MSI, RT3070_6),
277 RUN_DEV(MSI, RT3070_7),
278 RUN_DEV(MSI, RT3070_8),
279 RUN_DEV(MSI, RT3070_9),
280 RUN_DEV(MSI, RT3070_10),
281 RUN_DEV(MSI, RT3070_11),
282 RUN_DEV(NETGEAR, WNDA4100),
283 RUN_DEV(OVISLINK, RT3072),
284 RUN_DEV(PARA, RT3070),
285 RUN_DEV(PEGATRON, RT2870),
286 RUN_DEV(PEGATRON, RT3070),
287 RUN_DEV(PEGATRON, RT3070_2),
288 RUN_DEV(PEGATRON, RT3070_3),
289 RUN_DEV(PHILIPS, RT2870),
290 RUN_DEV(PLANEX2, GWUS300MINIS),
291 RUN_DEV(PLANEX2, GWUSMICRON),
292 RUN_DEV(PLANEX2, RT2870),
293 RUN_DEV(PLANEX2, RT3070),
294 RUN_DEV(QCOM, RT2870),
295 RUN_DEV(QUANTA, RT3070),
296 RUN_DEV(RALINK, RT2070),
297 RUN_DEV(RALINK, RT2770),
298 RUN_DEV(RALINK, RT2870),
299 RUN_DEV(RALINK, RT3070),
300 RUN_DEV(RALINK, RT3071),
301 RUN_DEV(RALINK, RT3072),
302 RUN_DEV(RALINK, RT3370),
303 RUN_DEV(RALINK, RT3572),
304 RUN_DEV(RALINK, RT3573),
305 RUN_DEV(RALINK, RT5370),
306 RUN_DEV(RALINK, RT5372),
307 RUN_DEV(RALINK, RT5572),
308 RUN_DEV(RALINK, RT8070),
309 RUN_DEV(SAMSUNG, WIS09ABGN),
310 RUN_DEV(SAMSUNG2, RT2870_1),
311 RUN_DEV(SENAO, RT2870_1),
312 RUN_DEV(SENAO, RT2870_2),
313 RUN_DEV(SENAO, RT2870_3),
314 RUN_DEV(SENAO, RT2870_4),
315 RUN_DEV(SENAO, RT3070),
316 RUN_DEV(SENAO, RT3071),
317 RUN_DEV(SENAO, RT3072_1),
318 RUN_DEV(SENAO, RT3072_2),
319 RUN_DEV(SENAO, RT3072_3),
320 RUN_DEV(SENAO, RT3072_4),
321 RUN_DEV(SENAO, RT3072_5),
322 RUN_DEV(SITECOMEU, RT2770),
323 RUN_DEV(SITECOMEU, RT2870_1),
324 RUN_DEV(SITECOMEU, RT2870_2),
325 RUN_DEV(SITECOMEU, RT2870_3),
326 RUN_DEV(SITECOMEU, RT2870_4),
327 RUN_DEV(SITECOMEU, RT3070),
328 RUN_DEV(SITECOMEU, RT3070_2),
329 RUN_DEV(SITECOMEU, RT3070_3),
330 RUN_DEV(SITECOMEU, RT3070_4),
331 RUN_DEV(SITECOMEU, RT3071),
332 RUN_DEV(SITECOMEU, RT3072_1),
333 RUN_DEV(SITECOMEU, RT3072_2),
334 RUN_DEV(SITECOMEU, RT3072_3),
335 RUN_DEV(SITECOMEU, RT3072_4),
336 RUN_DEV(SITECOMEU, RT3072_5),
337 RUN_DEV(SITECOMEU, RT3072_6),
338 RUN_DEV(SITECOMEU, WL608),
339 RUN_DEV(SPARKLAN, RT2870_1),
340 RUN_DEV(SPARKLAN, RT3070),
341 RUN_DEV(SWEEX2, LW153),
342 RUN_DEV(SWEEX2, LW303),
343 RUN_DEV(SWEEX2, LW313),
344 RUN_DEV(TOSHIBA, RT3070),
345 RUN_DEV(UMEDIA, RT2870_1),
346 RUN_DEV(ZCOM, RT2870_1),
347 RUN_DEV(ZCOM, RT2870_2),
348 RUN_DEV(ZINWELL, RT2870_1),
349 RUN_DEV(ZINWELL, RT2870_2),
350 RUN_DEV(ZINWELL, RT3070),
351 RUN_DEV(ZINWELL, RT3072_1),
352 RUN_DEV(ZINWELL, RT3072_2),
353 RUN_DEV(ZYXEL, RT2870_1),
354 RUN_DEV(ZYXEL, RT2870_2),
355 RUN_DEV(ZYXEL, RT3070),
356 RUN_DEV_EJECT(ZYXEL, NWD2705),
357 RUN_DEV_EJECT(RALINK, RT_STOR),
358 #undef RUN_DEV_EJECT
359 #undef RUN_DEV
360 };
361
362 static device_probe_t run_match;
363 static device_attach_t run_attach;
364 static device_detach_t run_detach;
365
366 static usb_callback_t run_bulk_rx_callback;
367 static usb_callback_t run_bulk_tx_callback0;
368 static usb_callback_t run_bulk_tx_callback1;
369 static usb_callback_t run_bulk_tx_callback2;
370 static usb_callback_t run_bulk_tx_callback3;
371 static usb_callback_t run_bulk_tx_callback4;
372 static usb_callback_t run_bulk_tx_callback5;
373
374 static void run_autoinst(void *, struct usb_device *,
375 struct usb_attach_arg *);
376 static int run_driver_loaded(struct module *, int, void *);
377 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
378 usb_error_t error, u_int index);
379 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
380 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
381 const uint8_t [IEEE80211_ADDR_LEN],
382 const uint8_t [IEEE80211_ADDR_LEN]);
383 static void run_vap_delete(struct ieee80211vap *);
384 static void run_cmdq_cb(void *, int);
385 static void run_setup_tx_list(struct run_softc *,
386 struct run_endpoint_queue *);
387 static void run_unsetup_tx_list(struct run_softc *,
388 struct run_endpoint_queue *);
389 static int run_load_microcode(struct run_softc *);
390 static int run_reset(struct run_softc *);
391 static usb_error_t run_do_request(struct run_softc *,
392 struct usb_device_request *, void *);
393 static int run_read(struct run_softc *, uint16_t, uint32_t *);
394 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
395 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
396 static int run_write(struct run_softc *, uint16_t, uint32_t);
397 static int run_write_region_1(struct run_softc *, uint16_t,
398 const uint8_t *, int);
399 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
400 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
401 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
402 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
403 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
404 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
405 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
406 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
407 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
408 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
409 static const char *run_get_rf(uint16_t);
410 static void run_rt3593_get_txpower(struct run_softc *);
411 static void run_get_txpower(struct run_softc *);
412 static int run_read_eeprom(struct run_softc *);
413 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
414 const uint8_t mac[IEEE80211_ADDR_LEN]);
415 static int run_media_change(if_t);
416 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
417 static int run_wme_update(struct ieee80211com *);
418 static void run_key_set_cb(void *);
419 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
420 static void run_key_delete_cb(void *);
421 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
422 static void run_ratectl_to(void *);
423 static void run_ratectl_cb(void *, int);
424 static void run_drain_fifo(void *);
425 static void run_iter_func(void *, struct ieee80211_node *);
426 static void run_newassoc_cb(void *);
427 static void run_newassoc(struct ieee80211_node *, int);
428 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
429 const struct ieee80211_rx_stats *, int, int);
430 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
431 static void run_tx_free(struct run_endpoint_queue *pq,
432 struct run_tx_data *, int);
433 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
434 static int run_tx(struct run_softc *, struct mbuf *,
435 struct ieee80211_node *);
436 static int run_tx_mgt(struct run_softc *, struct mbuf *,
437 struct ieee80211_node *);
438 static int run_sendprot(struct run_softc *, const struct mbuf *,
439 struct ieee80211_node *, int, int);
440 static int run_tx_param(struct run_softc *, struct mbuf *,
441 struct ieee80211_node *,
442 const struct ieee80211_bpf_params *);
443 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
444 const struct ieee80211_bpf_params *);
445 static int run_transmit(struct ieee80211com *, struct mbuf *);
446 static void run_start(struct run_softc *);
447 static void run_parent(struct ieee80211com *);
448 static void run_iq_calib(struct run_softc *, u_int);
449 static void run_set_agc(struct run_softc *, uint8_t);
450 static void run_select_chan_group(struct run_softc *, int);
451 static void run_set_rx_antenna(struct run_softc *, int);
452 static void run_rt2870_set_chan(struct run_softc *, u_int);
453 static void run_rt3070_set_chan(struct run_softc *, u_int);
454 static void run_rt3572_set_chan(struct run_softc *, u_int);
455 static void run_rt3593_set_chan(struct run_softc *, u_int);
456 static void run_rt5390_set_chan(struct run_softc *, u_int);
457 static void run_rt5592_set_chan(struct run_softc *, u_int);
458 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
459 static void run_set_channel(struct ieee80211com *);
460 static void run_getradiocaps(struct ieee80211com *, int, int *,
461 struct ieee80211_channel[]);
462 static void run_scan_start(struct ieee80211com *);
463 static void run_scan_end(struct ieee80211com *);
464 static void run_update_beacon(struct ieee80211vap *, int);
465 static void run_update_beacon_cb(void *);
466 static void run_updateprot(struct ieee80211com *);
467 static void run_updateprot_cb(void *);
468 static void run_usb_timeout_cb(void *);
469 static void run_reset_livelock(struct run_softc *);
470 static void run_enable_tsf_sync(struct run_softc *);
471 static void run_enable_tsf(struct run_softc *);
472 static void run_disable_tsf(struct run_softc *);
473 static void run_get_tsf(struct run_softc *, uint64_t *);
474 static void run_enable_mrr(struct run_softc *);
475 static void run_set_txpreamble(struct run_softc *);
476 static void run_set_basicrates(struct run_softc *);
477 static void run_set_leds(struct run_softc *, uint16_t);
478 static void run_set_bssid(struct run_softc *, const uint8_t *);
479 static void run_set_macaddr(struct run_softc *, const uint8_t *);
480 static void run_updateslot(struct ieee80211com *);
481 static void run_updateslot_cb(void *);
482 static void run_update_mcast(struct ieee80211com *);
483 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
484 static void run_update_promisc_locked(struct run_softc *);
485 static void run_update_promisc(struct ieee80211com *);
486 static void run_rt5390_bbp_init(struct run_softc *);
487 static int run_bbp_init(struct run_softc *);
488 static int run_rt3070_rf_init(struct run_softc *);
489 static void run_rt3593_rf_init(struct run_softc *);
490 static void run_rt5390_rf_init(struct run_softc *);
491 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
492 uint8_t *);
493 static void run_rt3070_rf_setup(struct run_softc *);
494 static void run_rt3593_rf_setup(struct run_softc *);
495 static void run_rt5390_rf_setup(struct run_softc *);
496 static int run_txrx_enable(struct run_softc *);
497 static void run_adjust_freq_offset(struct run_softc *);
498 static void run_init_locked(struct run_softc *);
499 static void run_stop(void *);
500 static void run_delay(struct run_softc *, u_int);
501 static void run_update_chw(struct ieee80211com *ic);
502 static int run_ampdu_enable(struct ieee80211_node *ni,
503 struct ieee80211_tx_ampdu *tap);
504
505 static eventhandler_tag run_etag;
506
507 static const struct rt2860_rate {
508 uint8_t rate;
509 uint8_t mcs;
510 enum ieee80211_phytype phy;
511 uint8_t ctl_ridx;
512 uint16_t sp_ack_dur;
513 uint16_t lp_ack_dur;
514 } rt2860_rates[] = {
515 /* CCK rates (11b) */
516 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
517 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
518 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
519 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
520
521 /* OFDM rates (11a / 11g) */
522 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
523 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
524 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
525 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
526 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
527 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
528 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
529 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 },
530
531 /* MCS - single stream */
532 { 0x80, 0, IEEE80211_T_HT, 4, 60, 60 },
533 { 0x81, 1, IEEE80211_T_HT, 4, 60, 60 },
534 { 0x82, 2, IEEE80211_T_HT, 4, 60, 60 },
535 { 0x83, 3, IEEE80211_T_HT, 4, 60, 60 },
536 { 0x84, 4, IEEE80211_T_HT, 4, 60, 60 },
537 { 0x85, 5, IEEE80211_T_HT, 4, 60, 60 },
538 { 0x86, 6, IEEE80211_T_HT, 4, 60, 60 },
539 { 0x87, 7, IEEE80211_T_HT, 4, 60, 60 },
540
541 /* MCS - 2 streams */
542 { 0x88, 8, IEEE80211_T_HT, 4, 60, 60 },
543 { 0x89, 9, IEEE80211_T_HT, 4, 60, 60 },
544 { 0x8a, 10, IEEE80211_T_HT, 4, 60, 60 },
545 { 0x8b, 11, IEEE80211_T_HT, 4, 60, 60 },
546 { 0x8c, 12, IEEE80211_T_HT, 4, 60, 60 },
547 { 0x8d, 13, IEEE80211_T_HT, 4, 60, 60 },
548 { 0x8e, 14, IEEE80211_T_HT, 4, 60, 60 },
549 { 0x8f, 15, IEEE80211_T_HT, 4, 60, 60 },
550
551 /* MCS - 3 streams */
552 { 0x90, 16, IEEE80211_T_HT, 4, 60, 60 },
553 { 0x91, 17, IEEE80211_T_HT, 4, 60, 60 },
554 { 0x92, 18, IEEE80211_T_HT, 4, 60, 60 },
555 { 0x93, 19, IEEE80211_T_HT, 4, 60, 60 },
556 { 0x94, 20, IEEE80211_T_HT, 4, 60, 60 },
557 { 0x95, 21, IEEE80211_T_HT, 4, 60, 60 },
558 { 0x96, 22, IEEE80211_T_HT, 4, 60, 60 },
559 { 0x97, 23, IEEE80211_T_HT, 4, 60, 60 },
560 };
561
562 /* These are indexes into the above rt2860_rates[] array */
563 #define RT2860_RIDX_CCK1 0
564 #define RT2860_RIDX_CCK11 3
565 #define RT2860_RIDX_OFDM6 4
566 #define RT2860_RIDX_MCS0 12
567 #define RT2860_RIDX_MAX 36
568
569 static const struct {
570 uint16_t reg;
571 uint32_t val;
572 } rt2870_def_mac[] = {
573 RT2870_DEF_MAC
574 };
575
576 static const struct {
577 uint8_t reg;
578 uint8_t val;
579 } rt2860_def_bbp[] = {
580 RT2860_DEF_BBP
581 },rt5390_def_bbp[] = {
582 RT5390_DEF_BBP
583 },rt5592_def_bbp[] = {
584 RT5592_DEF_BBP
585 };
586
587 /*
588 * Default values for BBP register R196 for RT5592.
589 */
590 static const uint8_t rt5592_bbp_r196[] = {
591 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
592 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
593 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
594 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
595 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
596 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
597 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
598 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
599 0x2e, 0x36, 0x30, 0x6e
600 };
601
602 static const struct rfprog {
603 uint8_t chan;
604 uint32_t r1, r2, r3, r4;
605 } rt2860_rf2850[] = {
606 RT2860_RF2850
607 };
608
609 struct {
610 uint8_t n, r, k;
611 } rt3070_freqs[] = {
612 RT3070_RF3052
613 };
614
615 static const struct rt5592_freqs {
616 uint16_t n;
617 uint8_t k, m, r;
618 } rt5592_freqs_20mhz[] = {
619 RT5592_RF5592_20MHZ
620 },rt5592_freqs_40mhz[] = {
621 RT5592_RF5592_40MHZ
622 };
623
624 static const struct {
625 uint8_t reg;
626 uint8_t val;
627 } rt3070_def_rf[] = {
628 RT3070_DEF_RF
629 },rt3572_def_rf[] = {
630 RT3572_DEF_RF
631 },rt3593_def_rf[] = {
632 RT3593_DEF_RF
633 },rt5390_def_rf[] = {
634 RT5390_DEF_RF
635 },rt5392_def_rf[] = {
636 RT5392_DEF_RF
637 },rt5592_def_rf[] = {
638 RT5592_DEF_RF
639 },rt5592_2ghz_def_rf[] = {
640 RT5592_2GHZ_DEF_RF
641 },rt5592_5ghz_def_rf[] = {
642 RT5592_5GHZ_DEF_RF
643 };
644
645 static const struct {
646 u_int firstchan;
647 u_int lastchan;
648 uint8_t reg;
649 uint8_t val;
650 } rt5592_chan_5ghz[] = {
651 RT5592_CHAN_5GHZ
652 };
653
654 static const struct usb_config run_config[RUN_N_XFER] = {
655 [RUN_BULK_TX_BE] = {
656 .type = UE_BULK,
657 .endpoint = UE_ADDR_ANY,
658 .ep_index = 0,
659 .direction = UE_DIR_OUT,
660 .bufsize = RUN_MAX_TXSZ,
661 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
662 .callback = run_bulk_tx_callback0,
663 .timeout = 5000, /* ms */
664 },
665 [RUN_BULK_TX_BK] = {
666 .type = UE_BULK,
667 .endpoint = UE_ADDR_ANY,
668 .direction = UE_DIR_OUT,
669 .ep_index = 1,
670 .bufsize = RUN_MAX_TXSZ,
671 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
672 .callback = run_bulk_tx_callback1,
673 .timeout = 5000, /* ms */
674 },
675 [RUN_BULK_TX_VI] = {
676 .type = UE_BULK,
677 .endpoint = UE_ADDR_ANY,
678 .direction = UE_DIR_OUT,
679 .ep_index = 2,
680 .bufsize = RUN_MAX_TXSZ,
681 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
682 .callback = run_bulk_tx_callback2,
683 .timeout = 5000, /* ms */
684 },
685 [RUN_BULK_TX_VO] = {
686 .type = UE_BULK,
687 .endpoint = UE_ADDR_ANY,
688 .direction = UE_DIR_OUT,
689 .ep_index = 3,
690 .bufsize = RUN_MAX_TXSZ,
691 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
692 .callback = run_bulk_tx_callback3,
693 .timeout = 5000, /* ms */
694 },
695 [RUN_BULK_TX_HCCA] = {
696 .type = UE_BULK,
697 .endpoint = UE_ADDR_ANY,
698 .direction = UE_DIR_OUT,
699 .ep_index = 4,
700 .bufsize = RUN_MAX_TXSZ,
701 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
702 .callback = run_bulk_tx_callback4,
703 .timeout = 5000, /* ms */
704 },
705 [RUN_BULK_TX_PRIO] = {
706 .type = UE_BULK,
707 .endpoint = UE_ADDR_ANY,
708 .direction = UE_DIR_OUT,
709 .ep_index = 5,
710 .bufsize = RUN_MAX_TXSZ,
711 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
712 .callback = run_bulk_tx_callback5,
713 .timeout = 5000, /* ms */
714 },
715 [RUN_BULK_RX] = {
716 .type = UE_BULK,
717 .endpoint = UE_ADDR_ANY,
718 .direction = UE_DIR_IN,
719 .bufsize = RUN_MAX_RXSZ,
720 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
721 .callback = run_bulk_rx_callback,
722 }
723 };
724
725 static void
run_autoinst(void * arg,struct usb_device * udev,struct usb_attach_arg * uaa)726 run_autoinst(void *arg, struct usb_device *udev,
727 struct usb_attach_arg *uaa)
728 {
729 struct usb_interface *iface;
730 struct usb_interface_descriptor *id;
731
732 if (uaa->dev_state != UAA_DEV_READY)
733 return;
734
735 iface = usbd_get_iface(udev, 0);
736 if (iface == NULL)
737 return;
738 id = iface->idesc;
739 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
740 return;
741 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
742 return;
743
744 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
745 uaa->dev_state = UAA_DEV_EJECTING;
746 }
747
748 static int
run_driver_loaded(struct module * mod,int what,void * arg)749 run_driver_loaded(struct module *mod, int what, void *arg)
750 {
751 switch (what) {
752 case MOD_LOAD:
753 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
754 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
755 break;
756 case MOD_UNLOAD:
757 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
758 break;
759 default:
760 return (EOPNOTSUPP);
761 }
762 return (0);
763 }
764
765 static int
run_match(device_t self)766 run_match(device_t self)
767 {
768 struct usb_attach_arg *uaa = device_get_ivars(self);
769
770 if (uaa->usb_mode != USB_MODE_HOST)
771 return (ENXIO);
772 if (uaa->info.bConfigIndex != 0)
773 return (ENXIO);
774 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
775 return (ENXIO);
776
777 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
778 }
779
780 static int
run_attach(device_t self)781 run_attach(device_t self)
782 {
783 struct run_softc *sc = device_get_softc(self);
784 struct usb_attach_arg *uaa = device_get_ivars(self);
785 struct ieee80211com *ic = &sc->sc_ic;
786 uint32_t ver;
787 uint8_t iface_index;
788 int ntries, error;
789
790 device_set_usb_desc(self);
791 sc->sc_udev = uaa->device;
792 sc->sc_dev = self;
793 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
794 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
795
796 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
797 MTX_NETWORK_LOCK, MTX_DEF);
798 mbufq_init(&sc->sc_snd, ifqmaxlen);
799
800 iface_index = RT2860_IFACE_INDEX;
801
802 error = usbd_transfer_setup(uaa->device, &iface_index,
803 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
804 if (error) {
805 device_printf(self, "could not allocate USB transfers, "
806 "err=%s\n", usbd_errstr(error));
807 goto detach;
808 }
809
810 RUN_LOCK(sc);
811
812 /* wait for the chip to settle */
813 for (ntries = 0; ntries < 100; ntries++) {
814 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
815 RUN_UNLOCK(sc);
816 goto detach;
817 }
818 if (ver != 0 && ver != 0xffffffff)
819 break;
820 run_delay(sc, 10);
821 }
822 if (ntries == 100) {
823 device_printf(sc->sc_dev,
824 "timeout waiting for NIC to initialize\n");
825 RUN_UNLOCK(sc);
826 goto detach;
827 }
828 sc->mac_ver = ver >> 16;
829 sc->mac_rev = ver & 0xffff;
830
831 /* retrieve RF rev. no and various other things from EEPROM */
832 run_read_eeprom(sc);
833
834 device_printf(sc->sc_dev,
835 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
836 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
837 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
838
839 RUN_UNLOCK(sc);
840
841 ic->ic_softc = sc;
842 ic->ic_name = device_get_nameunit(self);
843 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
844 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
845
846 /* set device capabilities */
847 ic->ic_caps =
848 IEEE80211_C_STA | /* station mode supported */
849 IEEE80211_C_MONITOR | /* monitor mode supported */
850 IEEE80211_C_IBSS |
851 IEEE80211_C_HOSTAP |
852 IEEE80211_C_WDS | /* 4-address traffic works */
853 IEEE80211_C_MBSS |
854 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
855 IEEE80211_C_SHSLOT | /* short slot time supported */
856 IEEE80211_C_SWAMSDUTX | /* Do software A-MSDU TX */
857 IEEE80211_C_FF | /* Atheros fast-frames */
858 IEEE80211_C_WME | /* WME */
859 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
860
861 /*
862 * RF2020 is not an 11n device.
863 */
864 if (sc->rf_rev != RT3070_RF_2020) {
865 device_printf(sc->sc_dev, "[HT] Enabling 802.11n\n");
866 ic->ic_htcaps =
867 IEEE80211_HTC_HT |
868 IEEE80211_HTC_AMPDU |
869 IEEE80211_HTC_AMSDU |
870 IEEE80211_HTCAP_MAXAMSDU_3839 |
871 IEEE80211_HTCAP_SMPS_OFF;
872
873 ic->ic_rxstream = sc->nrxchains;
874 ic->ic_txstream = sc->ntxchains;
875 }
876
877 ic->ic_cryptocaps =
878 IEEE80211_CRYPTO_WEP |
879 IEEE80211_CRYPTO_AES_CCM |
880 IEEE80211_CRYPTO_TKIPMIC |
881 IEEE80211_CRYPTO_TKIP;
882
883 ic->ic_flags |= IEEE80211_F_DATAPAD;
884 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
885
886 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
887 ic->ic_channels);
888
889 ieee80211_ifattach(ic);
890
891 ic->ic_scan_start = run_scan_start;
892 ic->ic_scan_end = run_scan_end;
893 ic->ic_set_channel = run_set_channel;
894 ic->ic_getradiocaps = run_getradiocaps;
895 ic->ic_node_alloc = run_node_alloc;
896 ic->ic_newassoc = run_newassoc;
897 ic->ic_updateslot = run_updateslot;
898 ic->ic_update_mcast = run_update_mcast;
899 ic->ic_wme.wme_update = run_wme_update;
900 ic->ic_raw_xmit = run_raw_xmit;
901 ic->ic_update_promisc = run_update_promisc;
902 ic->ic_vap_create = run_vap_create;
903 ic->ic_vap_delete = run_vap_delete;
904 ic->ic_transmit = run_transmit;
905 ic->ic_parent = run_parent;
906 ic->ic_update_chw = run_update_chw;
907 ic->ic_ampdu_enable = run_ampdu_enable;
908
909 ieee80211_radiotap_attach(ic,
910 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
911 RUN_TX_RADIOTAP_PRESENT,
912 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
913 RUN_RX_RADIOTAP_PRESENT);
914
915 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
916 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
917 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
918
919 if (bootverbose)
920 ieee80211_announce(ic);
921
922 return (0);
923
924 detach:
925 run_detach(self);
926 return (ENXIO);
927 }
928
929 static void
run_drain_mbufq(struct run_softc * sc)930 run_drain_mbufq(struct run_softc *sc)
931 {
932 struct mbuf *m;
933 struct ieee80211_node *ni;
934
935 RUN_LOCK_ASSERT(sc, MA_OWNED);
936 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
937 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
938 m->m_pkthdr.rcvif = NULL;
939 ieee80211_free_node(ni);
940 m_freem(m);
941 }
942 }
943
944 static int
run_detach(device_t self)945 run_detach(device_t self)
946 {
947 struct run_softc *sc = device_get_softc(self);
948 struct ieee80211com *ic = &sc->sc_ic;
949 int i;
950
951 RUN_LOCK(sc);
952 sc->sc_detached = 1;
953 RUN_UNLOCK(sc);
954
955 /* stop all USB transfers */
956 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
957
958 RUN_LOCK(sc);
959 sc->ratectl_run = RUN_RATECTL_OFF;
960 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
961
962 /* free TX list, if any */
963 for (i = 0; i != RUN_EP_QUEUES; i++)
964 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
965
966 /* Free TX queue */
967 run_drain_mbufq(sc);
968 RUN_UNLOCK(sc);
969
970 if (sc->sc_ic.ic_softc == sc) {
971 /* drain tasks */
972 usb_callout_drain(&sc->ratectl_ch);
973 ieee80211_draintask(ic, &sc->cmdq_task);
974 ieee80211_draintask(ic, &sc->ratectl_task);
975 ieee80211_ifdetach(ic);
976 }
977
978 mtx_destroy(&sc->sc_mtx);
979
980 return (0);
981 }
982
983 static struct ieee80211vap *
run_vap_create(struct ieee80211com * ic,const char name[IFNAMSIZ],int unit,enum ieee80211_opmode opmode,int flags,const uint8_t bssid[IEEE80211_ADDR_LEN],const uint8_t mac[IEEE80211_ADDR_LEN])984 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
985 enum ieee80211_opmode opmode, int flags,
986 const uint8_t bssid[IEEE80211_ADDR_LEN],
987 const uint8_t mac[IEEE80211_ADDR_LEN])
988 {
989 struct run_softc *sc = ic->ic_softc;
990 struct run_vap *rvp;
991 struct ieee80211vap *vap;
992 int i;
993
994 if (sc->rvp_cnt >= RUN_VAP_MAX) {
995 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
996 return (NULL);
997 }
998
999 switch (opmode) {
1000 case IEEE80211_M_STA:
1001 /* enable s/w bmiss handling for sta mode */
1002 flags |= IEEE80211_CLONE_NOBEACONS;
1003 /* fall though */
1004 case IEEE80211_M_IBSS:
1005 case IEEE80211_M_MONITOR:
1006 case IEEE80211_M_HOSTAP:
1007 case IEEE80211_M_MBSS:
1008 /* other than WDS vaps, only one at a time */
1009 if (!TAILQ_EMPTY(&ic->ic_vaps))
1010 return (NULL);
1011 break;
1012 case IEEE80211_M_WDS:
1013 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
1014 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
1015 continue;
1016 /* WDS vap's always share the local mac address. */
1017 flags &= ~IEEE80211_CLONE_BSSID;
1018 break;
1019 }
1020 if (vap == NULL) {
1021 device_printf(sc->sc_dev,
1022 "wds only supported in ap mode\n");
1023 return (NULL);
1024 }
1025 break;
1026 default:
1027 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
1028 return (NULL);
1029 }
1030
1031 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
1032 vap = &rvp->vap;
1033
1034 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
1035 bssid) != 0) {
1036 /* out of memory */
1037 free(rvp, M_80211_VAP);
1038 return (NULL);
1039 }
1040
1041 vap->iv_update_beacon = run_update_beacon;
1042 vap->iv_max_aid = RT2870_WCID_MAX;
1043
1044 /*
1045 * The linux rt2800 driver limits 1 stream devices to a 32KB
1046 * RX AMPDU.
1047 */
1048 if (ic->ic_rxstream > 1)
1049 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K;
1050 else
1051 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K;
1052 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_2; /* 2uS */
1053
1054 /*
1055 * To delete the right key from h/w, we need wcid.
1056 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
1057 * and matching wcid will be written into there. So, cast
1058 * some spells to remove 'const' from ieee80211_key{}
1059 */
1060 vap->iv_key_delete = (void *)run_key_delete;
1061 vap->iv_key_set = (void *)run_key_set;
1062
1063 /* override state transition machine */
1064 rvp->newstate = vap->iv_newstate;
1065 vap->iv_newstate = run_newstate;
1066 if (opmode == IEEE80211_M_IBSS) {
1067 rvp->recv_mgmt = vap->iv_recv_mgmt;
1068 vap->iv_recv_mgmt = run_recv_mgmt;
1069 }
1070
1071 ieee80211_ratectl_init(vap);
1072 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
1073
1074 /* complete setup */
1075 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
1076 mac);
1077
1078 /* make sure id is always unique */
1079 for (i = 0; i < RUN_VAP_MAX; i++) {
1080 if((sc->rvp_bmap & 1 << i) == 0){
1081 sc->rvp_bmap |= 1 << i;
1082 rvp->rvp_id = i;
1083 break;
1084 }
1085 }
1086 if (sc->rvp_cnt++ == 0)
1087 ic->ic_opmode = opmode;
1088
1089 if (opmode == IEEE80211_M_HOSTAP)
1090 sc->cmdq_run = RUN_CMDQ_GO;
1091
1092 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n",
1093 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1094
1095 return (vap);
1096 }
1097
1098 static void
run_vap_delete(struct ieee80211vap * vap)1099 run_vap_delete(struct ieee80211vap *vap)
1100 {
1101 struct run_vap *rvp = RUN_VAP(vap);
1102 struct ieee80211com *ic;
1103 struct run_softc *sc;
1104 uint8_t rvp_id;
1105
1106 if (vap == NULL)
1107 return;
1108
1109 ic = vap->iv_ic;
1110 sc = ic->ic_softc;
1111
1112 RUN_LOCK(sc);
1113
1114 m_freem(rvp->beacon_mbuf);
1115 rvp->beacon_mbuf = NULL;
1116
1117 rvp_id = rvp->rvp_id;
1118 sc->ratectl_run &= ~(1 << rvp_id);
1119 sc->rvp_bmap &= ~(1 << rvp_id);
1120 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1121 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1122 --sc->rvp_cnt;
1123
1124 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
1125 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1126 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1127
1128 RUN_UNLOCK(sc);
1129
1130 ieee80211_ratectl_deinit(vap);
1131 ieee80211_vap_detach(vap);
1132 free(rvp, M_80211_VAP);
1133 }
1134
1135 /*
1136 * There are numbers of functions need to be called in context thread.
1137 * Rather than creating taskqueue event for each of those functions,
1138 * here is all-for-one taskqueue callback function. This function
1139 * guarantees deferred functions are executed in the same order they
1140 * were enqueued.
1141 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1142 */
1143 static void
run_cmdq_cb(void * arg,int pending)1144 run_cmdq_cb(void *arg, int pending)
1145 {
1146 struct run_softc *sc = arg;
1147 uint8_t i;
1148
1149 /* call cmdq[].func locked */
1150 RUN_LOCK(sc);
1151 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1152 i = sc->cmdq_exec, pending--) {
1153 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n",
1154 i, pending);
1155 if (sc->cmdq_run == RUN_CMDQ_GO) {
1156 /*
1157 * If arg0 is NULL, callback func needs more
1158 * than one arg. So, pass ptr to cmdq struct.
1159 */
1160 if (sc->cmdq[i].arg0)
1161 sc->cmdq[i].func(sc->cmdq[i].arg0);
1162 else
1163 sc->cmdq[i].func(&sc->cmdq[i]);
1164 }
1165 sc->cmdq[i].arg0 = NULL;
1166 sc->cmdq[i].func = NULL;
1167 sc->cmdq_exec++;
1168 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1169 }
1170 RUN_UNLOCK(sc);
1171 }
1172
1173 static void
run_setup_tx_list(struct run_softc * sc,struct run_endpoint_queue * pq)1174 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1175 {
1176 struct run_tx_data *data;
1177
1178 memset(pq, 0, sizeof(*pq));
1179
1180 STAILQ_INIT(&pq->tx_qh);
1181 STAILQ_INIT(&pq->tx_fh);
1182
1183 for (data = &pq->tx_data[0];
1184 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1185 data->sc = sc;
1186 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1187 }
1188 pq->tx_nfree = RUN_TX_RING_COUNT;
1189 }
1190
1191 static void
run_unsetup_tx_list(struct run_softc * sc,struct run_endpoint_queue * pq)1192 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1193 {
1194 struct run_tx_data *data;
1195
1196 /* make sure any subsequent use of the queues will fail */
1197 pq->tx_nfree = 0;
1198 STAILQ_INIT(&pq->tx_fh);
1199 STAILQ_INIT(&pq->tx_qh);
1200
1201 /* free up all node references and mbufs */
1202 for (data = &pq->tx_data[0];
1203 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1204 if (data->m != NULL) {
1205 m_freem(data->m);
1206 data->m = NULL;
1207 }
1208 if (data->ni != NULL) {
1209 ieee80211_free_node(data->ni);
1210 data->ni = NULL;
1211 }
1212 }
1213 }
1214
1215 static int
run_load_microcode(struct run_softc * sc)1216 run_load_microcode(struct run_softc *sc)
1217 {
1218 usb_device_request_t req;
1219 const struct firmware *fw;
1220 const u_char *base;
1221 uint32_t tmp;
1222 int ntries, error;
1223 const uint64_t *temp;
1224 uint64_t bytes;
1225
1226 RUN_UNLOCK(sc);
1227 fw = firmware_get("runfw");
1228 RUN_LOCK(sc);
1229 if (fw == NULL) {
1230 device_printf(sc->sc_dev,
1231 "failed loadfirmware of file %s\n", "runfw");
1232 return ENOENT;
1233 }
1234
1235 if (fw->datasize != 8192) {
1236 device_printf(sc->sc_dev,
1237 "invalid firmware size (should be 8KB)\n");
1238 error = EINVAL;
1239 goto fail;
1240 }
1241
1242 /*
1243 * RT3071/RT3072 use a different firmware
1244 * run-rt2870 (8KB) contains both,
1245 * first half (4KB) is for rt2870,
1246 * last half is for rt3071.
1247 */
1248 base = fw->data;
1249 if ((sc->mac_ver) != 0x2860 &&
1250 (sc->mac_ver) != 0x2872 &&
1251 (sc->mac_ver) != 0x3070) {
1252 base += 4096;
1253 }
1254
1255 /* cheap sanity check */
1256 temp = fw->data;
1257 bytes = *temp;
1258 if (bytes != be64toh(0xffffff0210280210ULL)) {
1259 device_printf(sc->sc_dev, "firmware checksum failed\n");
1260 error = EINVAL;
1261 goto fail;
1262 }
1263
1264 /* write microcode image */
1265 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1266 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1267 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1268 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1269 }
1270
1271 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1272 req.bRequest = RT2870_RESET;
1273 USETW(req.wValue, 8);
1274 USETW(req.wIndex, 0);
1275 USETW(req.wLength, 0);
1276 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1277 != 0) {
1278 device_printf(sc->sc_dev, "firmware reset failed\n");
1279 goto fail;
1280 }
1281
1282 run_delay(sc, 10);
1283
1284 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1285 run_write(sc, RT2860_H2M_MAILBOX, 0);
1286 run_write(sc, RT2860_H2M_INTSRC, 0);
1287 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1288 goto fail;
1289
1290 /* wait until microcontroller is ready */
1291 for (ntries = 0; ntries < 1000; ntries++) {
1292 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1293 goto fail;
1294 if (tmp & RT2860_MCU_READY)
1295 break;
1296 run_delay(sc, 10);
1297 }
1298 if (ntries == 1000) {
1299 device_printf(sc->sc_dev,
1300 "timeout waiting for MCU to initialize\n");
1301 error = ETIMEDOUT;
1302 goto fail;
1303 }
1304 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1305 (base == fw->data) ? "RT2870" : "RT3071",
1306 *(base + 4092), *(base + 4093));
1307
1308 fail:
1309 firmware_put(fw, FIRMWARE_UNLOAD);
1310 return (error);
1311 }
1312
1313 static int
run_reset(struct run_softc * sc)1314 run_reset(struct run_softc *sc)
1315 {
1316 usb_device_request_t req;
1317
1318 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1319 req.bRequest = RT2870_RESET;
1320 USETW(req.wValue, 1);
1321 USETW(req.wIndex, 0);
1322 USETW(req.wLength, 0);
1323 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1324 }
1325
1326 static usb_error_t
run_do_request(struct run_softc * sc,struct usb_device_request * req,void * data)1327 run_do_request(struct run_softc *sc,
1328 struct usb_device_request *req, void *data)
1329 {
1330 usb_error_t err;
1331 int ntries = 10;
1332
1333 RUN_LOCK_ASSERT(sc, MA_OWNED);
1334
1335 while (ntries--) {
1336 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1337 req, data, 0, NULL, 250 /* ms */);
1338 if (err == 0)
1339 break;
1340 RUN_DPRINTF(sc, RUN_DEBUG_USB,
1341 "Control request failed, %s (retrying)\n",
1342 usbd_errstr(err));
1343 run_delay(sc, 10);
1344 }
1345 return (err);
1346 }
1347
1348 static int
run_read(struct run_softc * sc,uint16_t reg,uint32_t * val)1349 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1350 {
1351 uint32_t tmp;
1352 int error;
1353
1354 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1355 if (error == 0)
1356 *val = le32toh(tmp);
1357 else
1358 *val = 0xffffffff;
1359 return (error);
1360 }
1361
1362 static int
run_read_region_1(struct run_softc * sc,uint16_t reg,uint8_t * buf,int len)1363 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1364 {
1365 usb_device_request_t req;
1366
1367 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1368 req.bRequest = RT2870_READ_REGION_1;
1369 USETW(req.wValue, 0);
1370 USETW(req.wIndex, reg);
1371 USETW(req.wLength, len);
1372
1373 return (run_do_request(sc, &req, buf));
1374 }
1375
1376 static int
run_write_2(struct run_softc * sc,uint16_t reg,uint16_t val)1377 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1378 {
1379 usb_device_request_t req;
1380
1381 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1382 req.bRequest = RT2870_WRITE_2;
1383 USETW(req.wValue, val);
1384 USETW(req.wIndex, reg);
1385 USETW(req.wLength, 0);
1386
1387 return (run_do_request(sc, &req, NULL));
1388 }
1389
1390 static int
run_write(struct run_softc * sc,uint16_t reg,uint32_t val)1391 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1392 {
1393 int error;
1394
1395 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1396 error = run_write_2(sc, reg + 2, val >> 16);
1397 return (error);
1398 }
1399
1400 static int
run_write_region_1(struct run_softc * sc,uint16_t reg,const uint8_t * buf,int len)1401 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1402 int len)
1403 {
1404 #if 1
1405 int i, error = 0;
1406 /*
1407 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1408 * We thus issue multiple WRITE_2 commands instead.
1409 */
1410 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1411 for (i = 0; i < len && error == 0; i += 2)
1412 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1413 return (error);
1414 #else
1415 usb_device_request_t req;
1416 int error = 0;
1417
1418 /*
1419 * NOTE: It appears the WRITE_REGION_1 command cannot be
1420 * passed a huge amount of data, which will crash the
1421 * firmware. Limit amount of data passed to 64-bytes at a
1422 * time.
1423 */
1424 while (len > 0) {
1425 int delta = 64;
1426 if (delta > len)
1427 delta = len;
1428
1429 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1430 req.bRequest = RT2870_WRITE_REGION_1;
1431 USETW(req.wValue, 0);
1432 USETW(req.wIndex, reg);
1433 USETW(req.wLength, delta);
1434 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1435 if (error != 0)
1436 break;
1437 reg += delta;
1438 buf += delta;
1439 len -= delta;
1440 }
1441 return (error);
1442 #endif
1443 }
1444
1445 static int
run_set_region_4(struct run_softc * sc,uint16_t reg,uint32_t val,int len)1446 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1447 {
1448 int i, error = 0;
1449
1450 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1451 for (i = 0; i < len && error == 0; i += 4)
1452 error = run_write(sc, reg + i, val);
1453 return (error);
1454 }
1455
1456 static int
run_efuse_read(struct run_softc * sc,uint16_t addr,uint16_t * val,int count)1457 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1458 {
1459 uint32_t tmp;
1460 uint16_t reg;
1461 int error, ntries;
1462
1463 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1464 return (error);
1465
1466 if (count == 2)
1467 addr *= 2;
1468 /*-
1469 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1470 * DATA0: F E D C
1471 * DATA1: B A 9 8
1472 * DATA2: 7 6 5 4
1473 * DATA3: 3 2 1 0
1474 */
1475 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1476 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1477 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1478 for (ntries = 0; ntries < 100; ntries++) {
1479 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1480 return (error);
1481 if (!(tmp & RT3070_EFSROM_KICK))
1482 break;
1483 run_delay(sc, 2);
1484 }
1485 if (ntries == 100)
1486 return (ETIMEDOUT);
1487
1488 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1489 *val = 0xffff; /* address not found */
1490 return (0);
1491 }
1492 /* determine to which 32-bit register our 16-bit word belongs */
1493 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1494 if ((error = run_read(sc, reg, &tmp)) != 0)
1495 return (error);
1496
1497 tmp >>= (8 * (addr & 0x3));
1498 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1499
1500 return (0);
1501 }
1502
1503 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1504 static int
run_efuse_read_2(struct run_softc * sc,uint16_t addr,uint16_t * val)1505 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1506 {
1507 return (run_efuse_read(sc, addr, val, 2));
1508 }
1509
1510 static int
run_eeprom_read_2(struct run_softc * sc,uint16_t addr,uint16_t * val)1511 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1512 {
1513 usb_device_request_t req;
1514 uint16_t tmp;
1515 int error;
1516
1517 addr *= 2;
1518 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1519 req.bRequest = RT2870_EEPROM_READ;
1520 USETW(req.wValue, 0);
1521 USETW(req.wIndex, addr);
1522 USETW(req.wLength, sizeof(tmp));
1523
1524 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1525 if (error == 0)
1526 *val = le16toh(tmp);
1527 else
1528 *val = 0xffff;
1529 return (error);
1530 }
1531
1532 static __inline int
run_srom_read(struct run_softc * sc,uint16_t addr,uint16_t * val)1533 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1534 {
1535 /* either eFUSE ROM or EEPROM */
1536 return sc->sc_srom_read(sc, addr, val);
1537 }
1538
1539 static int
run_rt2870_rf_write(struct run_softc * sc,uint32_t val)1540 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1541 {
1542 uint32_t tmp;
1543 int error, ntries;
1544
1545 for (ntries = 0; ntries < 10; ntries++) {
1546 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1547 return (error);
1548 if (!(tmp & RT2860_RF_REG_CTRL))
1549 break;
1550 }
1551 if (ntries == 10)
1552 return (ETIMEDOUT);
1553
1554 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1555 }
1556
1557 static int
run_rt3070_rf_read(struct run_softc * sc,uint8_t reg,uint8_t * val)1558 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1559 {
1560 uint32_t tmp;
1561 int error, ntries;
1562
1563 for (ntries = 0; ntries < 100; ntries++) {
1564 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1565 return (error);
1566 if (!(tmp & RT3070_RF_KICK))
1567 break;
1568 }
1569 if (ntries == 100)
1570 return (ETIMEDOUT);
1571
1572 tmp = RT3070_RF_KICK | reg << 8;
1573 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1574 return (error);
1575
1576 for (ntries = 0; ntries < 100; ntries++) {
1577 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1578 return (error);
1579 if (!(tmp & RT3070_RF_KICK))
1580 break;
1581 }
1582 if (ntries == 100)
1583 return (ETIMEDOUT);
1584
1585 *val = tmp & 0xff;
1586 return (0);
1587 }
1588
1589 static int
run_rt3070_rf_write(struct run_softc * sc,uint8_t reg,uint8_t val)1590 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1591 {
1592 uint32_t tmp;
1593 int error, ntries;
1594
1595 for (ntries = 0; ntries < 10; ntries++) {
1596 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1597 return (error);
1598 if (!(tmp & RT3070_RF_KICK))
1599 break;
1600 }
1601 if (ntries == 10)
1602 return (ETIMEDOUT);
1603
1604 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1605 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1606 }
1607
1608 static int
run_bbp_read(struct run_softc * sc,uint8_t reg,uint8_t * val)1609 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1610 {
1611 uint32_t tmp;
1612 int ntries, error;
1613
1614 for (ntries = 0; ntries < 10; ntries++) {
1615 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1616 return (error);
1617 if (!(tmp & RT2860_BBP_CSR_KICK))
1618 break;
1619 }
1620 if (ntries == 10)
1621 return (ETIMEDOUT);
1622
1623 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1624 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1625 return (error);
1626
1627 for (ntries = 0; ntries < 10; ntries++) {
1628 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1629 return (error);
1630 if (!(tmp & RT2860_BBP_CSR_KICK))
1631 break;
1632 }
1633 if (ntries == 10)
1634 return (ETIMEDOUT);
1635
1636 *val = tmp & 0xff;
1637 return (0);
1638 }
1639
1640 static int
run_bbp_write(struct run_softc * sc,uint8_t reg,uint8_t val)1641 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1642 {
1643 uint32_t tmp;
1644 int ntries, error;
1645
1646 for (ntries = 0; ntries < 10; ntries++) {
1647 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1648 return (error);
1649 if (!(tmp & RT2860_BBP_CSR_KICK))
1650 break;
1651 }
1652 if (ntries == 10)
1653 return (ETIMEDOUT);
1654
1655 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1656 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1657 }
1658
1659 /*
1660 * Send a command to the 8051 microcontroller unit.
1661 */
1662 static int
run_mcu_cmd(struct run_softc * sc,uint8_t cmd,uint16_t arg)1663 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1664 {
1665 uint32_t tmp;
1666 int error, ntries;
1667
1668 for (ntries = 0; ntries < 100; ntries++) {
1669 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1670 return error;
1671 if (!(tmp & RT2860_H2M_BUSY))
1672 break;
1673 }
1674 if (ntries == 100)
1675 return ETIMEDOUT;
1676
1677 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1678 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1679 error = run_write(sc, RT2860_HOST_CMD, cmd);
1680 return (error);
1681 }
1682
1683 /*
1684 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1685 * Used to adjust per-rate Tx power registers.
1686 */
1687 static __inline uint32_t
b4inc(uint32_t b32,int8_t delta)1688 b4inc(uint32_t b32, int8_t delta)
1689 {
1690 int8_t i, b4;
1691
1692 for (i = 0; i < 8; i++) {
1693 b4 = b32 & 0xf;
1694 b4 += delta;
1695 if (b4 < 0)
1696 b4 = 0;
1697 else if (b4 > 0xf)
1698 b4 = 0xf;
1699 b32 = b32 >> 4 | b4 << 28;
1700 }
1701 return (b32);
1702 }
1703
1704 static const char *
run_get_rf(uint16_t rev)1705 run_get_rf(uint16_t rev)
1706 {
1707 switch (rev) {
1708 case RT2860_RF_2820: return "RT2820";
1709 case RT2860_RF_2850: return "RT2850";
1710 case RT2860_RF_2720: return "RT2720";
1711 case RT2860_RF_2750: return "RT2750";
1712 case RT3070_RF_3020: return "RT3020";
1713 case RT3070_RF_2020: return "RT2020";
1714 case RT3070_RF_3021: return "RT3021";
1715 case RT3070_RF_3022: return "RT3022";
1716 case RT3070_RF_3052: return "RT3052";
1717 case RT3593_RF_3053: return "RT3053";
1718 case RT5592_RF_5592: return "RT5592";
1719 case RT5390_RF_5370: return "RT5370";
1720 case RT5390_RF_5372: return "RT5372";
1721 }
1722 return ("unknown");
1723 }
1724
1725 static void
run_rt3593_get_txpower(struct run_softc * sc)1726 run_rt3593_get_txpower(struct run_softc *sc)
1727 {
1728 uint16_t addr, val;
1729 int i;
1730
1731 /* Read power settings for 2GHz channels. */
1732 for (i = 0; i < 14; i += 2) {
1733 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1734 RT2860_EEPROM_PWR2GHZ_BASE1;
1735 run_srom_read(sc, addr + i / 2, &val);
1736 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1737 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1738
1739 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1740 RT2860_EEPROM_PWR2GHZ_BASE2;
1741 run_srom_read(sc, addr + i / 2, &val);
1742 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1743 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1744
1745 if (sc->ntxchains == 3) {
1746 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1747 &val);
1748 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1749 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1750 }
1751 }
1752 /* Fix broken Tx power entries. */
1753 for (i = 0; i < 14; i++) {
1754 if (sc->txpow1[i] > 31)
1755 sc->txpow1[i] = 5;
1756 if (sc->txpow2[i] > 31)
1757 sc->txpow2[i] = 5;
1758 if (sc->ntxchains == 3) {
1759 if (sc->txpow3[i] > 31)
1760 sc->txpow3[i] = 5;
1761 }
1762 }
1763 /* Read power settings for 5GHz channels. */
1764 for (i = 0; i < 40; i += 2) {
1765 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1766 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1767 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1768
1769 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1770 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1771 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1772
1773 if (sc->ntxchains == 3) {
1774 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1775 &val);
1776 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1777 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1778 }
1779 }
1780 }
1781
1782 static void
run_get_txpower(struct run_softc * sc)1783 run_get_txpower(struct run_softc *sc)
1784 {
1785 uint16_t val;
1786 int i;
1787
1788 /* Read power settings for 2GHz channels. */
1789 for (i = 0; i < 14; i += 2) {
1790 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1791 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1792 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1793
1794 if (sc->mac_ver != 0x5390) {
1795 run_srom_read(sc,
1796 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1797 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1798 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1799 }
1800 }
1801 /* Fix broken Tx power entries. */
1802 for (i = 0; i < 14; i++) {
1803 if (sc->mac_ver >= 0x5390) {
1804 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1805 sc->txpow1[i] = 5;
1806 } else {
1807 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1808 sc->txpow1[i] = 5;
1809 }
1810 if (sc->mac_ver > 0x5390) {
1811 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1812 sc->txpow2[i] = 5;
1813 } else if (sc->mac_ver < 0x5390) {
1814 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1815 sc->txpow2[i] = 5;
1816 }
1817 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1818 "chan %d: power1=%d, power2=%d\n",
1819 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1820 }
1821 /* Read power settings for 5GHz channels. */
1822 for (i = 0; i < 40; i += 2) {
1823 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1824 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1825 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1826
1827 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1828 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1829 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1830 }
1831 /* Fix broken Tx power entries. */
1832 for (i = 0; i < 40; i++ ) {
1833 if (sc->mac_ver != 0x5592) {
1834 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1835 sc->txpow1[14 + i] = 5;
1836 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1837 sc->txpow2[14 + i] = 5;
1838 }
1839 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1840 "chan %d: power1=%d, power2=%d\n",
1841 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1842 sc->txpow2[14 + i]);
1843 }
1844 }
1845
1846 static int
run_read_eeprom(struct run_softc * sc)1847 run_read_eeprom(struct run_softc *sc)
1848 {
1849 struct ieee80211com *ic = &sc->sc_ic;
1850 int8_t delta_2ghz, delta_5ghz;
1851 uint32_t tmp;
1852 uint16_t val;
1853 int ridx, ant, i;
1854
1855 /* check whether the ROM is eFUSE ROM or EEPROM */
1856 sc->sc_srom_read = run_eeprom_read_2;
1857 if (sc->mac_ver >= 0x3070) {
1858 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1859 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp);
1860 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1861 sc->sc_srom_read = run_efuse_read_2;
1862 }
1863
1864 /* read ROM version */
1865 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1866 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1867 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1868
1869 /* read MAC address */
1870 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1871 ic->ic_macaddr[0] = val & 0xff;
1872 ic->ic_macaddr[1] = val >> 8;
1873 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1874 ic->ic_macaddr[2] = val & 0xff;
1875 ic->ic_macaddr[3] = val >> 8;
1876 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1877 ic->ic_macaddr[4] = val & 0xff;
1878 ic->ic_macaddr[5] = val >> 8;
1879
1880 if (sc->mac_ver < 0x3593) {
1881 /* read vender BBP settings */
1882 for (i = 0; i < 10; i++) {
1883 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1884 sc->bbp[i].val = val & 0xff;
1885 sc->bbp[i].reg = val >> 8;
1886 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1887 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
1888 }
1889 if (sc->mac_ver >= 0x3071) {
1890 /* read vendor RF settings */
1891 for (i = 0; i < 10; i++) {
1892 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1893 &val);
1894 sc->rf[i].val = val & 0xff;
1895 sc->rf[i].reg = val >> 8;
1896 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n",
1897 sc->rf[i].reg, sc->rf[i].val);
1898 }
1899 }
1900 }
1901
1902 /* read RF frequency offset from EEPROM */
1903 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1904 RT3593_EEPROM_FREQ, &val);
1905 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1906 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n",
1907 sc->freq & 0xff);
1908
1909 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1910 RT3593_EEPROM_FREQ_LEDS, &val);
1911 if (val >> 8 != 0xff) {
1912 /* read LEDs operating mode */
1913 sc->leds = val >> 8;
1914 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1915 RT3593_EEPROM_LED1, &sc->led[0]);
1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1917 RT3593_EEPROM_LED2, &sc->led[1]);
1918 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1919 RT3593_EEPROM_LED3, &sc->led[2]);
1920 } else {
1921 /* broken EEPROM, use default settings */
1922 sc->leds = 0x01;
1923 sc->led[0] = 0x5555;
1924 sc->led[1] = 0x2221;
1925 sc->led[2] = 0x5627; /* differs from RT2860 */
1926 }
1927 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1928 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1929 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1930
1931 /* read RF information */
1932 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1933 run_srom_read(sc, 0x00, &val);
1934 else
1935 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1936
1937 if (val == 0xffff) {
1938 device_printf(sc->sc_dev,
1939 "invalid EEPROM antenna info, using default\n");
1940 if (sc->mac_ver == 0x3572) {
1941 /* default to RF3052 2T2R */
1942 sc->rf_rev = RT3070_RF_3052;
1943 sc->ntxchains = 2;
1944 sc->nrxchains = 2;
1945 } else if (sc->mac_ver >= 0x3070) {
1946 /* default to RF3020 1T1R */
1947 sc->rf_rev = RT3070_RF_3020;
1948 sc->ntxchains = 1;
1949 sc->nrxchains = 1;
1950 } else {
1951 /* default to RF2820 1T2R */
1952 sc->rf_rev = RT2860_RF_2820;
1953 sc->ntxchains = 1;
1954 sc->nrxchains = 2;
1955 }
1956 } else {
1957 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1958 sc->rf_rev = val;
1959 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1960 } else
1961 sc->rf_rev = (val >> 8) & 0xf;
1962 sc->ntxchains = (val >> 4) & 0xf;
1963 sc->nrxchains = val & 0xf;
1964 }
1965 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n",
1966 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1967
1968 /* check if RF supports automatic Tx access gain control */
1969 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1970 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val);
1971 /* check if driver should patch the DAC issue */
1972 if ((val >> 8) != 0xff)
1973 sc->patch_dac = (val >> 15) & 1;
1974 if ((val & 0xff) != 0xff) {
1975 sc->ext_5ghz_lna = (val >> 3) & 1;
1976 sc->ext_2ghz_lna = (val >> 2) & 1;
1977 /* check if RF supports automatic Tx access gain control */
1978 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1979 /* check if we have a hardware radio switch */
1980 sc->rfswitch = val & 1;
1981 }
1982
1983 /* Read Tx power settings. */
1984 if (sc->mac_ver == 0x3593)
1985 run_rt3593_get_txpower(sc);
1986 else
1987 run_get_txpower(sc);
1988
1989 /* read Tx power compensation for each Tx rate */
1990 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1991 delta_2ghz = delta_5ghz = 0;
1992 if ((val & 0xff) != 0xff && (val & 0x80)) {
1993 delta_2ghz = val & 0xf;
1994 if (!(val & 0x40)) /* negative number */
1995 delta_2ghz = -delta_2ghz;
1996 }
1997 val >>= 8;
1998 if ((val & 0xff) != 0xff && (val & 0x80)) {
1999 delta_5ghz = val & 0xf;
2000 if (!(val & 0x40)) /* negative number */
2001 delta_5ghz = -delta_5ghz;
2002 }
2003 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
2004 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz);
2005
2006 for (ridx = 0; ridx < 5; ridx++) {
2007 uint32_t reg;
2008
2009 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
2010 reg = val;
2011 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
2012 reg |= (uint32_t)val << 16;
2013
2014 sc->txpow20mhz[ridx] = reg;
2015 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
2016 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
2017
2018 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
2019 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
2020 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
2021 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
2022 }
2023
2024 /* Read RSSI offsets and LNA gains from EEPROM. */
2025 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
2026 RT3593_EEPROM_RSSI1_2GHZ, &val);
2027 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
2028 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
2029 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
2030 RT3593_EEPROM_RSSI2_2GHZ, &val);
2031 if (sc->mac_ver >= 0x3070) {
2032 if (sc->mac_ver == 0x3593) {
2033 sc->txmixgain_2ghz = 0;
2034 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
2035 } else {
2036 /*
2037 * On RT3070 chips (limited to 2 Rx chains), this ROM
2038 * field contains the Tx mixer gain for the 2GHz band.
2039 */
2040 if ((val & 0xff) != 0xff)
2041 sc->txmixgain_2ghz = val & 0x7;
2042 }
2043 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n",
2044 sc->txmixgain_2ghz);
2045 } else
2046 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
2047 if (sc->mac_ver == 0x3593)
2048 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
2049 sc->lna[2] = val >> 8; /* channel group 2 */
2050
2051 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
2052 RT3593_EEPROM_RSSI1_5GHZ, &val);
2053 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
2054 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
2055 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
2056 RT3593_EEPROM_RSSI2_5GHZ, &val);
2057 if (sc->mac_ver == 0x3572) {
2058 /*
2059 * On RT3572 chips (limited to 2 Rx chains), this ROM
2060 * field contains the Tx mixer gain for the 5GHz band.
2061 */
2062 if ((val & 0xff) != 0xff)
2063 sc->txmixgain_5ghz = val & 0x7;
2064 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n",
2065 sc->txmixgain_5ghz);
2066 } else
2067 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
2068 if (sc->mac_ver == 0x3593) {
2069 sc->txmixgain_5ghz = 0;
2070 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
2071 }
2072 sc->lna[3] = val >> 8; /* channel group 3 */
2073
2074 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
2075 RT3593_EEPROM_LNA, &val);
2076 sc->lna[0] = val & 0xff; /* channel group 0 */
2077 sc->lna[1] = val >> 8; /* channel group 1 */
2078
2079 /* fix broken 5GHz LNA entries */
2080 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
2081 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2082 "invalid LNA for channel group %d\n", 2);
2083 sc->lna[2] = sc->lna[1];
2084 }
2085 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
2086 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2087 "invalid LNA for channel group %d\n", 3);
2088 sc->lna[3] = sc->lna[1];
2089 }
2090
2091 /* fix broken RSSI offset entries */
2092 for (ant = 0; ant < 3; ant++) {
2093 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
2094 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2095 "invalid RSSI%d offset: %d (2GHz)\n",
2096 ant + 1, sc->rssi_2ghz[ant]);
2097 sc->rssi_2ghz[ant] = 0;
2098 }
2099 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
2100 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2101 "invalid RSSI%d offset: %d (5GHz)\n",
2102 ant + 1, sc->rssi_5ghz[ant]);
2103 sc->rssi_5ghz[ant] = 0;
2104 }
2105 }
2106 return (0);
2107 }
2108
2109 static struct ieee80211_node *
run_node_alloc(struct ieee80211vap * vap,const uint8_t mac[IEEE80211_ADDR_LEN])2110 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2111 {
2112 return malloc(sizeof (struct run_node), M_80211_NODE,
2113 M_NOWAIT | M_ZERO);
2114 }
2115
2116 static int
run_media_change(if_t ifp)2117 run_media_change(if_t ifp)
2118 {
2119 struct ieee80211vap *vap = if_getsoftc(ifp);
2120 struct ieee80211com *ic = vap->iv_ic;
2121 const struct ieee80211_txparam *tp;
2122 struct run_softc *sc = ic->ic_softc;
2123 uint8_t rate, ridx;
2124 int error;
2125
2126 RUN_LOCK(sc);
2127
2128 error = ieee80211_media_change(ifp);
2129 if (error != 0) {
2130 RUN_UNLOCK(sc);
2131 return (error);
2132 }
2133
2134 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2135 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2136 struct ieee80211_node *ni;
2137 struct run_node *rn;
2138
2139 /* XXX TODO: methodize with MCS rates */
2140 rate = ic->ic_sup_rates[ic->ic_curmode].
2141 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2142 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2143 if (rt2860_rates[ridx].rate == rate)
2144 break;
2145
2146 ni = ieee80211_ref_node(vap->iv_bss);
2147 rn = RUN_NODE(ni);
2148 rn->fix_ridx = ridx;
2149 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n",
2150 rate, rn->fix_ridx);
2151 ieee80211_free_node(ni);
2152 }
2153
2154 #if 0
2155 if ((if_getflags(ifp) & IFF_UP) &&
2156 (if_getdrvflags(ifp) & RUN_RUNNING)){
2157 run_init_locked(sc);
2158 }
2159 #endif
2160
2161 RUN_UNLOCK(sc);
2162
2163 return (0);
2164 }
2165
2166 static int
run_newstate(struct ieee80211vap * vap,enum ieee80211_state nstate,int arg)2167 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2168 {
2169 const struct ieee80211_txparam *tp;
2170 struct ieee80211com *ic = vap->iv_ic;
2171 struct run_softc *sc = ic->ic_softc;
2172 struct run_vap *rvp = RUN_VAP(vap);
2173 enum ieee80211_state ostate;
2174 uint32_t sta[3];
2175 uint8_t ratectl;
2176 uint8_t restart_ratectl = 0;
2177 uint8_t bid = 1 << rvp->rvp_id;
2178
2179 ostate = vap->iv_state;
2180 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n",
2181 ieee80211_state_name[ostate],
2182 ieee80211_state_name[nstate]);
2183
2184 IEEE80211_UNLOCK(ic);
2185 RUN_LOCK(sc);
2186
2187 ratectl = sc->ratectl_run; /* remember current state */
2188 sc->ratectl_run = RUN_RATECTL_OFF;
2189 usb_callout_stop(&sc->ratectl_ch);
2190
2191 if (ostate == IEEE80211_S_RUN) {
2192 /* turn link LED off */
2193 run_set_leds(sc, RT2860_LED_RADIO);
2194 }
2195
2196 switch (nstate) {
2197 case IEEE80211_S_INIT:
2198 restart_ratectl = 1;
2199
2200 if (ostate != IEEE80211_S_RUN)
2201 break;
2202
2203 ratectl &= ~bid;
2204 sc->runbmap &= ~bid;
2205
2206 /* abort TSF synchronization if there is no vap running */
2207 if (--sc->running == 0)
2208 run_disable_tsf(sc);
2209 break;
2210
2211 case IEEE80211_S_RUN:
2212 if (!(sc->runbmap & bid)) {
2213 if(sc->running++)
2214 restart_ratectl = 1;
2215 sc->runbmap |= bid;
2216 }
2217
2218 m_freem(rvp->beacon_mbuf);
2219 rvp->beacon_mbuf = NULL;
2220
2221 switch (vap->iv_opmode) {
2222 case IEEE80211_M_HOSTAP:
2223 case IEEE80211_M_MBSS:
2224 sc->ap_running |= bid;
2225 ic->ic_opmode = vap->iv_opmode;
2226 run_update_beacon_cb(vap);
2227 break;
2228 case IEEE80211_M_IBSS:
2229 sc->adhoc_running |= bid;
2230 if (!sc->ap_running)
2231 ic->ic_opmode = vap->iv_opmode;
2232 run_update_beacon_cb(vap);
2233 break;
2234 case IEEE80211_M_STA:
2235 sc->sta_running |= bid;
2236 if (!sc->ap_running && !sc->adhoc_running)
2237 ic->ic_opmode = vap->iv_opmode;
2238
2239 /* read statistic counters (clear on read) */
2240 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2241 (uint8_t *)sta, sizeof sta);
2242
2243 break;
2244 default:
2245 ic->ic_opmode = vap->iv_opmode;
2246 break;
2247 }
2248
2249 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2250 struct ieee80211_node *ni;
2251
2252 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2253 RUN_UNLOCK(sc);
2254 IEEE80211_LOCK(ic);
2255 return (-1);
2256 }
2257 run_updateslot(ic);
2258 run_enable_mrr(sc);
2259 run_set_txpreamble(sc);
2260 run_set_basicrates(sc);
2261 ni = ieee80211_ref_node(vap->iv_bss);
2262 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2263 run_set_bssid(sc, sc->sc_bssid);
2264 ieee80211_free_node(ni);
2265 run_enable_tsf_sync(sc);
2266
2267 /* enable automatic rate adaptation */
2268 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2269 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2270 ratectl |= bid;
2271 } else
2272 run_enable_tsf(sc);
2273
2274 /* turn link LED on */
2275 run_set_leds(sc, RT2860_LED_RADIO |
2276 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2277 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2278
2279 break;
2280 default:
2281 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n");
2282 break;
2283 }
2284
2285 /* restart amrr for running VAPs */
2286 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2287 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2288
2289 RUN_UNLOCK(sc);
2290 IEEE80211_LOCK(ic);
2291
2292 return(rvp->newstate(vap, nstate, arg));
2293 }
2294
2295 static int
run_wme_update(struct ieee80211com * ic)2296 run_wme_update(struct ieee80211com *ic)
2297 {
2298 struct chanAccParams chp;
2299 struct run_softc *sc = ic->ic_softc;
2300 const struct wmeParams *ac;
2301 int aci, error = 0;
2302
2303 ieee80211_wme_ic_getparams(ic, &chp);
2304 ac = chp.cap_wmeParams;
2305
2306 /* update MAC TX configuration registers */
2307 RUN_LOCK(sc);
2308 for (aci = 0; aci < WME_NUM_AC; aci++) {
2309 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2310 ac[aci].wmep_logcwmax << 16 |
2311 ac[aci].wmep_logcwmin << 12 |
2312 ac[aci].wmep_aifsn << 8 |
2313 ac[aci].wmep_txopLimit);
2314 if (error) goto err;
2315 }
2316
2317 /* update SCH/DMA registers too */
2318 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2319 ac[WME_AC_VO].wmep_aifsn << 12 |
2320 ac[WME_AC_VI].wmep_aifsn << 8 |
2321 ac[WME_AC_BK].wmep_aifsn << 4 |
2322 ac[WME_AC_BE].wmep_aifsn);
2323 if (error) goto err;
2324 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2325 ac[WME_AC_VO].wmep_logcwmin << 12 |
2326 ac[WME_AC_VI].wmep_logcwmin << 8 |
2327 ac[WME_AC_BK].wmep_logcwmin << 4 |
2328 ac[WME_AC_BE].wmep_logcwmin);
2329 if (error) goto err;
2330 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2331 ac[WME_AC_VO].wmep_logcwmax << 12 |
2332 ac[WME_AC_VI].wmep_logcwmax << 8 |
2333 ac[WME_AC_BK].wmep_logcwmax << 4 |
2334 ac[WME_AC_BE].wmep_logcwmax);
2335 if (error) goto err;
2336 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2337 ac[WME_AC_BK].wmep_txopLimit << 16 |
2338 ac[WME_AC_BE].wmep_txopLimit);
2339 if (error) goto err;
2340 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2341 ac[WME_AC_VO].wmep_txopLimit << 16 |
2342 ac[WME_AC_VI].wmep_txopLimit);
2343
2344 err:
2345 RUN_UNLOCK(sc);
2346 if (error)
2347 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n");
2348
2349 return (error);
2350 }
2351
2352 static void
run_key_set_cb(void * arg)2353 run_key_set_cb(void *arg)
2354 {
2355 struct run_cmdq *cmdq = arg;
2356 struct ieee80211vap *vap = cmdq->arg1;
2357 struct ieee80211_key *k = cmdq->k;
2358 struct ieee80211com *ic = vap->iv_ic;
2359 struct run_softc *sc = ic->ic_softc;
2360 struct ieee80211_node *ni;
2361 u_int cipher = k->wk_cipher->ic_cipher;
2362 uint32_t attr;
2363 uint16_t base, associd;
2364 uint8_t mode, wcid, iv[8];
2365
2366 RUN_LOCK_ASSERT(sc, MA_OWNED);
2367
2368 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2369 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2370 else
2371 ni = vap->iv_bss;
2372 associd = (ni != NULL) ? ni->ni_associd : 0;
2373
2374 /* map net80211 cipher to RT2860 security mode */
2375 switch (cipher) {
2376 case IEEE80211_CIPHER_WEP:
2377 if(k->wk_keylen < 8)
2378 mode = RT2860_MODE_WEP40;
2379 else
2380 mode = RT2860_MODE_WEP104;
2381 break;
2382 case IEEE80211_CIPHER_TKIP:
2383 mode = RT2860_MODE_TKIP;
2384 break;
2385 case IEEE80211_CIPHER_AES_CCM:
2386 mode = RT2860_MODE_AES_CCMP;
2387 break;
2388 default:
2389 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n");
2390 return;
2391 }
2392
2393 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2394 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2395 associd, k->wk_keyix, mode,
2396 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2397 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2398 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2399
2400 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2401 wcid = 0; /* NB: update WCID0 for group keys */
2402 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2403 } else {
2404 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2405 1 : RUN_AID2WCID(associd);
2406 base = RT2860_PKEY(wcid);
2407 }
2408
2409 if (cipher == IEEE80211_CIPHER_TKIP) {
2410 if(run_write_region_1(sc, base, k->wk_key, 16))
2411 return;
2412 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2413 return;
2414 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2415 return;
2416 } else {
2417 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2418 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2419 return;
2420 }
2421
2422 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2423 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2424 /* set initial packet number in IV+EIV */
2425 if (cipher == IEEE80211_CIPHER_WEP) {
2426 memset(iv, 0, sizeof iv);
2427 iv[3] = vap->iv_def_txkey << 6;
2428 } else {
2429 if (cipher == IEEE80211_CIPHER_TKIP) {
2430 iv[0] = k->wk_keytsc >> 8;
2431 iv[1] = (iv[0] | 0x20) & 0x7f;
2432 iv[2] = k->wk_keytsc;
2433 } else /* CCMP */ {
2434 iv[0] = k->wk_keytsc;
2435 iv[1] = k->wk_keytsc >> 8;
2436 iv[2] = 0;
2437 }
2438 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2439 iv[4] = k->wk_keytsc >> 16;
2440 iv[5] = k->wk_keytsc >> 24;
2441 iv[6] = k->wk_keytsc >> 32;
2442 iv[7] = k->wk_keytsc >> 40;
2443 }
2444 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2445 return;
2446 }
2447
2448 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2449 /* install group key */
2450 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2451 return;
2452 attr &= ~(0xf << (k->wk_keyix * 4));
2453 attr |= mode << (k->wk_keyix * 4);
2454 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2455 return;
2456 } else {
2457 /* install pairwise key */
2458 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2459 return;
2460 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2461 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2462 return;
2463 }
2464
2465 /* TODO create a pass-thru key entry? */
2466
2467 /* need wcid to delete the right key later */
2468 k->wk_pad = wcid;
2469 }
2470
2471 /*
2472 * Don't have to be deferred, but in order to keep order of
2473 * execution, i.e. with run_key_delete(), defer this and let
2474 * run_cmdq_cb() maintain the order.
2475 *
2476 * return 0 on error
2477 */
2478 static int
run_key_set(struct ieee80211vap * vap,struct ieee80211_key * k)2479 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2480 {
2481 struct ieee80211com *ic = vap->iv_ic;
2482 struct run_softc *sc = ic->ic_softc;
2483 uint32_t i;
2484
2485 i = RUN_CMDQ_GET(&sc->cmdq_store);
2486 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2487 sc->cmdq[i].func = run_key_set_cb;
2488 sc->cmdq[i].arg0 = NULL;
2489 sc->cmdq[i].arg1 = vap;
2490 sc->cmdq[i].k = k;
2491 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2492 ieee80211_runtask(ic, &sc->cmdq_task);
2493
2494 /*
2495 * To make sure key will be set when hostapd
2496 * calls iv_key_set() before if_init().
2497 */
2498 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2499 RUN_LOCK(sc);
2500 sc->cmdq_key_set = RUN_CMDQ_GO;
2501 RUN_UNLOCK(sc);
2502 }
2503
2504 return (1);
2505 }
2506
2507 /*
2508 * If wlan is destroyed without being brought down i.e. without
2509 * wlan down or wpa_cli terminate, this function is called after
2510 * vap is gone. Don't refer it.
2511 */
2512 static void
run_key_delete_cb(void * arg)2513 run_key_delete_cb(void *arg)
2514 {
2515 struct run_cmdq *cmdq = arg;
2516 struct run_softc *sc = cmdq->arg1;
2517 struct ieee80211_key *k = &cmdq->key;
2518 uint32_t attr;
2519 uint8_t wcid;
2520
2521 RUN_LOCK_ASSERT(sc, MA_OWNED);
2522
2523 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2524 /* remove group key */
2525 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n");
2526 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2527 attr &= ~(0xf << (k->wk_keyix * 4));
2528 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2529 } else {
2530 /* remove pairwise key */
2531 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2532 "removing key for wcid %x\n", k->wk_pad);
2533 /* matching wcid was written to wk_pad in run_key_set() */
2534 wcid = k->wk_pad;
2535 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2536 attr &= ~0xf;
2537 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2538 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2539 }
2540
2541 k->wk_pad = 0;
2542 }
2543
2544 /*
2545 * return 0 on error
2546 */
2547 static int
run_key_delete(struct ieee80211vap * vap,struct ieee80211_key * k)2548 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2549 {
2550 struct ieee80211com *ic = vap->iv_ic;
2551 struct run_softc *sc = ic->ic_softc;
2552 struct ieee80211_key *k0;
2553 uint32_t i;
2554
2555 /*
2556 * When called back, key might be gone. So, make a copy
2557 * of some values need to delete keys before deferring.
2558 * But, because of LOR with node lock, cannot use lock here.
2559 * So, use atomic instead.
2560 */
2561 i = RUN_CMDQ_GET(&sc->cmdq_store);
2562 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2563 sc->cmdq[i].func = run_key_delete_cb;
2564 sc->cmdq[i].arg0 = NULL;
2565 sc->cmdq[i].arg1 = sc;
2566 k0 = &sc->cmdq[i].key;
2567 k0->wk_flags = k->wk_flags;
2568 k0->wk_keyix = k->wk_keyix;
2569 /* matching wcid was written to wk_pad in run_key_set() */
2570 k0->wk_pad = k->wk_pad;
2571 ieee80211_runtask(ic, &sc->cmdq_task);
2572 return (1); /* return fake success */
2573
2574 }
2575
2576 static void
run_ratectl_to(void * arg)2577 run_ratectl_to(void *arg)
2578 {
2579 struct run_softc *sc = arg;
2580
2581 /* do it in a process context, so it can go sleep */
2582 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2583 /* next timeout will be rescheduled in the callback task */
2584 }
2585
2586 /* ARGSUSED */
2587 static void
run_ratectl_cb(void * arg,int pending)2588 run_ratectl_cb(void *arg, int pending)
2589 {
2590 struct run_softc *sc = arg;
2591 struct ieee80211com *ic = &sc->sc_ic;
2592 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2593
2594 if (vap == NULL)
2595 return;
2596
2597 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2598 /*
2599 * run_reset_livelock() doesn't do anything with AMRR,
2600 * but Ralink wants us to call it every 1 sec. So, we
2601 * piggyback here rather than creating another callout.
2602 * Livelock may occur only in HOSTAP or IBSS mode
2603 * (when h/w is sending beacons).
2604 */
2605 RUN_LOCK(sc);
2606 run_reset_livelock(sc);
2607 /* just in case, there are some stats to drain */
2608 run_drain_fifo(sc);
2609 RUN_UNLOCK(sc);
2610 }
2611
2612 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2613
2614 RUN_LOCK(sc);
2615 if(sc->ratectl_run != RUN_RATECTL_OFF)
2616 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2617 RUN_UNLOCK(sc);
2618 }
2619
2620 static void
run_drain_fifo(void * arg)2621 run_drain_fifo(void *arg)
2622 {
2623 struct run_softc *sc = arg;
2624 uint32_t stat;
2625 uint16_t (*wstat)[3];
2626 uint8_t wcid, mcs, pid;
2627 int8_t retry;
2628
2629 RUN_LOCK_ASSERT(sc, MA_OWNED);
2630
2631 for (;;) {
2632 /* drain Tx status FIFO (maxsize = 16) */
2633 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2634 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat);
2635 if (!(stat & RT2860_TXQ_VLD))
2636 break;
2637
2638 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2639
2640 /* if no ACK was requested, no feedback is available */
2641 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2642 wcid == 0)
2643 continue;
2644
2645 /*
2646 * Even though each stat is Tx-complete-status like format,
2647 * the device can poll stats. Because there is no guarantee
2648 * that the referring node is still around when read the stats.
2649 * So that, if we use ieee80211_ratectl_tx_update(), we will
2650 * have hard time not to refer already freed node.
2651 *
2652 * To eliminate such page faults, we poll stats in softc.
2653 * Then, update the rates later with ieee80211_ratectl_tx_update().
2654 */
2655 wstat = &(sc->wcid_stats[wcid]);
2656 (*wstat)[RUN_TXCNT]++;
2657 if (stat & RT2860_TXQ_OK)
2658 (*wstat)[RUN_SUCCESS]++;
2659 else
2660 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2661 /*
2662 * Check if there were retries, ie if the Tx success rate is
2663 * different from the requested rate. Note that it works only
2664 * because we do not allow rate fallback from OFDM to CCK.
2665 */
2666 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2667 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2668 if ((retry = pid -1 - mcs) > 0) {
2669 (*wstat)[RUN_TXCNT] += retry;
2670 (*wstat)[RUN_RETRY] += retry;
2671 }
2672 }
2673 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt);
2674
2675 sc->fifo_cnt = 0;
2676 }
2677
2678 static void
run_iter_func(void * arg,struct ieee80211_node * ni)2679 run_iter_func(void *arg, struct ieee80211_node *ni)
2680 {
2681 struct run_softc *sc = arg;
2682 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
2683 struct ieee80211vap *vap = ni->ni_vap;
2684 struct run_node *rn = RUN_NODE(ni);
2685 union run_stats sta[2];
2686 uint16_t (*wstat)[3];
2687 int error, ridx;
2688
2689 RUN_LOCK(sc);
2690
2691 /* Check for special case */
2692 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2693 ni != vap->iv_bss)
2694 goto fail;
2695
2696 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
2697 IEEE80211_RATECTL_TX_STATS_RETRIES;
2698 txs->ni = ni;
2699 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2700 vap->iv_opmode == IEEE80211_M_STA)) {
2701 /* read statistic counters (clear on read) and update AMRR state */
2702 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2703 sizeof sta);
2704 if (error != 0)
2705 goto fail;
2706
2707 /* count failed TX as errors */
2708 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2709 le16toh(sta[0].error.fail));
2710
2711 txs->nretries = le16toh(sta[1].tx.retry);
2712 txs->nsuccess = le16toh(sta[1].tx.success);
2713 /* nretries??? */
2714 txs->nframes = txs->nretries + txs->nsuccess +
2715 le16toh(sta[0].error.fail);
2716
2717 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2718 "retrycnt=%d success=%d failcnt=%d\n",
2719 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail));
2720 } else {
2721 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2722
2723 if (wstat == &(sc->wcid_stats[0]) ||
2724 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2725 goto fail;
2726
2727 txs->nretries = (*wstat)[RUN_RETRY];
2728 txs->nsuccess = (*wstat)[RUN_SUCCESS];
2729 txs->nframes = (*wstat)[RUN_TXCNT];
2730 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2731 "retrycnt=%d txcnt=%d success=%d\n",
2732 txs->nretries, txs->nframes, txs->nsuccess);
2733
2734 memset(wstat, 0, sizeof(*wstat));
2735 }
2736
2737 ieee80211_ratectl_tx_update(vap, txs);
2738 ieee80211_ratectl_rate(ni, NULL, 0);
2739 /* XXX TODO: methodize with MCS rates */
2740 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2741 if (rt2860_rates[ridx].rate == ni->ni_txrate)
2742 break;
2743 rn->amrr_ridx = ridx;
2744
2745 fail:
2746 RUN_UNLOCK(sc);
2747
2748 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, ridx=%d\n", ni->ni_txrate, rn->amrr_ridx);
2749 }
2750
2751 static void
run_newassoc_cb(void * arg)2752 run_newassoc_cb(void *arg)
2753 {
2754 struct run_cmdq *cmdq = arg;
2755 struct ieee80211_node *ni = cmdq->arg1;
2756 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2757 uint8_t wcid = cmdq->wcid;
2758
2759 RUN_LOCK_ASSERT(sc, MA_OWNED);
2760
2761 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2762 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2763
2764 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2765 }
2766
2767 static void
run_newassoc(struct ieee80211_node * ni,int isnew)2768 run_newassoc(struct ieee80211_node *ni, int isnew)
2769 {
2770 struct run_node *rn = RUN_NODE(ni);
2771 struct ieee80211vap *vap = ni->ni_vap;
2772 struct ieee80211com *ic = vap->iv_ic;
2773 struct run_softc *sc = ic->ic_softc;
2774 uint8_t rate;
2775 uint8_t ridx;
2776 uint8_t wcid;
2777
2778 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2779 1 : RUN_AID2WCID(ni->ni_associd);
2780
2781 if (wcid > RT2870_WCID_MAX) {
2782 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2783 return;
2784 }
2785
2786 /* only interested in true associations */
2787 if (isnew && ni->ni_associd != 0) {
2788 /*
2789 * This function could is called though timeout function.
2790 * Need to defer.
2791 */
2792 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2793 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt);
2794 sc->cmdq[cnt].func = run_newassoc_cb;
2795 sc->cmdq[cnt].arg0 = NULL;
2796 sc->cmdq[cnt].arg1 = ni;
2797 sc->cmdq[cnt].wcid = wcid;
2798 ieee80211_runtask(ic, &sc->cmdq_task);
2799 }
2800
2801 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
2802 "new assoc isnew=%d associd=%x addr=%s\n",
2803 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2804
2805 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2806 /* XXX TODO: methodize with MCS rates */
2807 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2808 if (rt2860_rates[ridx].rate == rate)
2809 break;
2810 rn->mgt_ridx = ridx;
2811 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2812 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2813
2814 RUN_LOCK(sc);
2815 if(sc->ratectl_run != RUN_RATECTL_OFF)
2816 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2817 RUN_UNLOCK(sc);
2818 }
2819
2820 /*
2821 * Return the Rx chain with the highest RSSI for a given frame.
2822 */
2823 static __inline uint8_t
run_maxrssi_chain(struct run_softc * sc,const struct rt2860_rxwi * rxwi)2824 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2825 {
2826 uint8_t rxchain = 0;
2827
2828 if (sc->nrxchains > 1) {
2829 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2830 rxchain = 1;
2831 if (sc->nrxchains > 2)
2832 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2833 rxchain = 2;
2834 }
2835 return (rxchain);
2836 }
2837
2838 static void
run_recv_mgmt(struct ieee80211_node * ni,struct mbuf * m,int subtype,const struct ieee80211_rx_stats * rxs,int rssi,int nf)2839 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2840 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2841 {
2842 struct ieee80211vap *vap = ni->ni_vap;
2843 struct run_softc *sc = vap->iv_ic->ic_softc;
2844 struct run_vap *rvp = RUN_VAP(vap);
2845 uint64_t ni_tstamp, rx_tstamp;
2846
2847 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2848
2849 if (vap->iv_state == IEEE80211_S_RUN &&
2850 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2851 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2852 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2853 RUN_LOCK(sc);
2854 run_get_tsf(sc, &rx_tstamp);
2855 RUN_UNLOCK(sc);
2856 rx_tstamp = le64toh(rx_tstamp);
2857
2858 if (ni_tstamp >= rx_tstamp) {
2859 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON,
2860 "ibss merge, tsf %ju tstamp %ju\n",
2861 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2862 (void) ieee80211_ibss_merge(ni);
2863 }
2864 }
2865 }
2866
2867 static void
run_rx_frame(struct run_softc * sc,struct mbuf * m,uint32_t dmalen)2868 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2869 {
2870 struct ieee80211com *ic = &sc->sc_ic;
2871 struct ieee80211_frame *wh;
2872 struct ieee80211_node *ni;
2873 struct rt2870_rxd *rxd;
2874 struct rt2860_rxwi *rxwi;
2875 uint32_t flags;
2876 uint16_t len, rxwisize;
2877 uint8_t ant, rssi;
2878 int8_t nf;
2879
2880 rxwisize = sizeof(struct rt2860_rxwi);
2881 if (sc->mac_ver == 0x5592)
2882 rxwisize += sizeof(uint64_t);
2883 else if (sc->mac_ver == 0x3593)
2884 rxwisize += sizeof(uint32_t);
2885
2886 if (__predict_false(dmalen <
2887 rxwisize + sizeof(struct ieee80211_frame_ack))) {
2888 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2889 "payload is too short: dma length %u < %zu\n",
2890 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack));
2891 goto fail;
2892 }
2893
2894 rxwi = mtod(m, struct rt2860_rxwi *);
2895 len = le16toh(rxwi->len) & 0xfff;
2896
2897 if (__predict_false(len > dmalen - rxwisize)) {
2898 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2899 "bad RXWI length %u > %u\n", len, dmalen);
2900 goto fail;
2901 }
2902
2903 /* Rx descriptor is located at the end */
2904 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2905 flags = le32toh(rxd->flags);
2906
2907 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2908 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n",
2909 (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2910 goto fail;
2911 }
2912
2913 if (flags & RT2860_RX_L2PAD) {
2914 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2915 "received RT2860_RX_L2PAD frame\n");
2916 len += 2;
2917 }
2918
2919 m->m_data += rxwisize;
2920 m->m_pkthdr.len = m->m_len = len;
2921
2922 wh = mtod(m, struct ieee80211_frame *);
2923
2924 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 &&
2925 (flags & RT2860_RX_DEC) != 0) {
2926 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2927 m->m_flags |= M_WEP;
2928 }
2929
2930 if (len >= sizeof(struct ieee80211_frame_min)) {
2931 ni = ieee80211_find_rxnode(ic,
2932 mtod(m, struct ieee80211_frame_min *));
2933 } else
2934 ni = NULL;
2935
2936 if(ni && ni->ni_flags & IEEE80211_NODE_HT) {
2937 m->m_flags |= M_AMPDU;
2938 }
2939
2940 if (__predict_false(flags & RT2860_RX_MICERR)) {
2941 /* report MIC failures to net80211 for TKIP */
2942 if (ni != NULL)
2943 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2944 rxwi->keyidx);
2945 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2946 "MIC error. Someone is lying.\n");
2947 goto fail;
2948 }
2949
2950 ant = run_maxrssi_chain(sc, rxwi);
2951 rssi = rxwi->rssi[ant];
2952 nf = run_rssi2dbm(sc, rssi, ant);
2953
2954 if (__predict_false(ieee80211_radiotap_active(ic))) {
2955 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2956 uint16_t phy;
2957
2958 tap->wr_flags = 0;
2959 if (flags & RT2860_RX_L2PAD)
2960 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
2961 tap->wr_antsignal = rssi;
2962 tap->wr_antenna = ant;
2963 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2964 tap->wr_rate = 2; /* in case it can't be found below */
2965 RUN_LOCK(sc);
2966 run_get_tsf(sc, &tap->wr_tsf);
2967 RUN_UNLOCK(sc);
2968 phy = le16toh(rxwi->phy);
2969 switch (phy & RT2860_PHY_MODE) {
2970 case RT2860_PHY_CCK:
2971 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2972 case 0: tap->wr_rate = 2; break;
2973 case 1: tap->wr_rate = 4; break;
2974 case 2: tap->wr_rate = 11; break;
2975 case 3: tap->wr_rate = 22; break;
2976 }
2977 if (phy & RT2860_PHY_SHPRE)
2978 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2979 break;
2980 case RT2860_PHY_OFDM:
2981 switch (phy & RT2860_PHY_MCS) {
2982 case 0: tap->wr_rate = 12; break;
2983 case 1: tap->wr_rate = 18; break;
2984 case 2: tap->wr_rate = 24; break;
2985 case 3: tap->wr_rate = 36; break;
2986 case 4: tap->wr_rate = 48; break;
2987 case 5: tap->wr_rate = 72; break;
2988 case 6: tap->wr_rate = 96; break;
2989 case 7: tap->wr_rate = 108; break;
2990 }
2991 break;
2992 }
2993 }
2994
2995 if (ni != NULL) {
2996 (void)ieee80211_input(ni, m, rssi, nf);
2997 ieee80211_free_node(ni);
2998 } else {
2999 (void)ieee80211_input_all(ic, m, rssi, nf);
3000 }
3001
3002 return;
3003
3004 fail:
3005 m_freem(m);
3006 counter_u64_add(ic->ic_ierrors, 1);
3007 }
3008
3009 static void
run_bulk_rx_callback(struct usb_xfer * xfer,usb_error_t error)3010 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
3011 {
3012 struct run_softc *sc = usbd_xfer_softc(xfer);
3013 struct ieee80211com *ic = &sc->sc_ic;
3014 struct mbuf *m = NULL;
3015 struct mbuf *m0;
3016 uint32_t dmalen, mbuf_len;
3017 uint16_t rxwisize;
3018 int xferlen;
3019
3020 rxwisize = sizeof(struct rt2860_rxwi);
3021 if (sc->mac_ver == 0x5592)
3022 rxwisize += sizeof(uint64_t);
3023 else if (sc->mac_ver == 0x3593)
3024 rxwisize += sizeof(uint32_t);
3025
3026 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
3027
3028 switch (USB_GET_STATE(xfer)) {
3029 case USB_ST_TRANSFERRED:
3030
3031 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
3032 "rx done, actlen=%d\n", xferlen);
3033
3034 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
3035 sizeof(struct rt2870_rxd))) {
3036 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3037 "xfer too short %d\n", xferlen);
3038 goto tr_setup;
3039 }
3040
3041 m = sc->rx_m;
3042 sc->rx_m = NULL;
3043
3044 /* FALLTHROUGH */
3045 case USB_ST_SETUP:
3046 tr_setup:
3047 if (sc->rx_m == NULL) {
3048 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
3049 RUN_MAX_RXSZ);
3050 }
3051 if (sc->rx_m == NULL) {
3052 RUN_DPRINTF(sc, RUN_DEBUG_RECV |
3053 RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3054 "could not allocate mbuf - idle with stall\n");
3055 counter_u64_add(ic->ic_ierrors, 1);
3056 usbd_xfer_set_stall(xfer);
3057 usbd_xfer_set_frames(xfer, 0);
3058 } else {
3059 /*
3060 * Directly loading a mbuf cluster into DMA to
3061 * save some data copying. This works because
3062 * there is only one cluster.
3063 */
3064 usbd_xfer_set_frame_data(xfer, 0,
3065 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
3066 usbd_xfer_set_frames(xfer, 1);
3067 }
3068 usbd_transfer_submit(xfer);
3069 break;
3070
3071 default: /* Error */
3072 if (error != USB_ERR_CANCELLED) {
3073 /* try to clear stall first */
3074 usbd_xfer_set_stall(xfer);
3075 if (error == USB_ERR_TIMEOUT)
3076 device_printf(sc->sc_dev, "device timeout\n");
3077 counter_u64_add(ic->ic_ierrors, 1);
3078 goto tr_setup;
3079 }
3080 if (sc->rx_m != NULL) {
3081 m_freem(sc->rx_m);
3082 sc->rx_m = NULL;
3083 }
3084 break;
3085 }
3086
3087 if (m == NULL)
3088 return;
3089
3090 /* inputting all the frames must be last */
3091
3092 RUN_UNLOCK(sc);
3093
3094 m->m_pkthdr.len = m->m_len = xferlen;
3095
3096 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
3097 for(;;) {
3098 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
3099
3100 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
3101 ((dmalen & 3) != 0)) {
3102 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3103 "bad DMA length %u\n", dmalen);
3104 break;
3105 }
3106 if ((dmalen + 8) > (uint32_t)xferlen) {
3107 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3108 "bad DMA length %u > %d\n",
3109 dmalen + 8, xferlen);
3110 break;
3111 }
3112
3113 /* If it is the last one or a single frame, we won't copy. */
3114 if ((xferlen -= dmalen + 8) <= 8) {
3115 /* trim 32-bit DMA-len header */
3116 m->m_data += 4;
3117 m->m_pkthdr.len = m->m_len -= 4;
3118 run_rx_frame(sc, m, dmalen);
3119 m = NULL; /* don't free source buffer */
3120 break;
3121 }
3122
3123 mbuf_len = dmalen + sizeof(struct rt2870_rxd);
3124 if (__predict_false(mbuf_len > MCLBYTES)) {
3125 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3126 "payload is too big: mbuf_len %u\n", mbuf_len);
3127 counter_u64_add(ic->ic_ierrors, 1);
3128 break;
3129 }
3130
3131 /* copy aggregated frames to another mbuf */
3132 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3133 if (__predict_false(m0 == NULL)) {
3134 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC,
3135 "could not allocate mbuf\n");
3136 counter_u64_add(ic->ic_ierrors, 1);
3137 break;
3138 }
3139 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3140 mbuf_len, mtod(m0, caddr_t));
3141 m0->m_pkthdr.len = m0->m_len = mbuf_len;
3142 run_rx_frame(sc, m0, dmalen);
3143
3144 /* update data ptr */
3145 m->m_data += mbuf_len + 4;
3146 m->m_pkthdr.len = m->m_len -= mbuf_len + 4;
3147 }
3148
3149 /* make sure we free the source buffer, if any */
3150 m_freem(m);
3151
3152 #ifdef IEEE80211_SUPPORT_SUPERG
3153 ieee80211_ff_age_all(ic, 100);
3154 #endif
3155 RUN_LOCK(sc);
3156 }
3157
3158 static void
run_tx_free(struct run_endpoint_queue * pq,struct run_tx_data * data,int txerr)3159 run_tx_free(struct run_endpoint_queue *pq,
3160 struct run_tx_data *data, int txerr)
3161 {
3162
3163 ieee80211_tx_complete(data->ni, data->m, txerr);
3164
3165 data->m = NULL;
3166 data->ni = NULL;
3167
3168 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3169 pq->tx_nfree++;
3170 }
3171
3172 static void
run_bulk_tx_callbackN(struct usb_xfer * xfer,usb_error_t error,u_int index)3173 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3174 {
3175 struct run_softc *sc = usbd_xfer_softc(xfer);
3176 struct ieee80211com *ic = &sc->sc_ic;
3177 struct run_tx_data *data;
3178 struct ieee80211vap *vap = NULL;
3179 struct usb_page_cache *pc;
3180 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3181 struct mbuf *m;
3182 usb_frlength_t size;
3183 int actlen;
3184 int sumlen;
3185
3186 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3187
3188 switch (USB_GET_STATE(xfer)) {
3189 case USB_ST_TRANSFERRED:
3190 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3191 "transfer complete: %d bytes @ index %d\n", actlen, index);
3192
3193 data = usbd_xfer_get_priv(xfer);
3194 run_tx_free(pq, data, 0);
3195 usbd_xfer_set_priv(xfer, NULL);
3196
3197 /* FALLTHROUGH */
3198 case USB_ST_SETUP:
3199 tr_setup:
3200 data = STAILQ_FIRST(&pq->tx_qh);
3201 if (data == NULL)
3202 break;
3203
3204 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3205
3206 m = data->m;
3207 size = (sc->mac_ver == 0x5592) ?
3208 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3209 if ((m->m_pkthdr.len +
3210 size + 3 + 8) > RUN_MAX_TXSZ) {
3211 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB,
3212 "data overflow, %u bytes\n", m->m_pkthdr.len);
3213 run_tx_free(pq, data, 1);
3214 goto tr_setup;
3215 }
3216
3217 pc = usbd_xfer_get_frame(xfer, 0);
3218 usbd_copy_in(pc, 0, &data->desc, size);
3219 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3220 size += m->m_pkthdr.len;
3221 /*
3222 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3223 * 4-byte padding), and be sure to zero those trailing
3224 * bytes:
3225 */
3226 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3227 size += ((-size) & 3) + 8;
3228
3229 vap = data->ni->ni_vap;
3230 if (ieee80211_radiotap_active_vap(vap)) {
3231 const struct ieee80211_frame *wh;
3232 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3233 struct rt2860_txwi *txwi =
3234 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3235 int has_l2pad;
3236
3237 wh = mtod(m, struct ieee80211_frame *);
3238 has_l2pad = IEEE80211_HAS_ADDR4(wh) !=
3239 IEEE80211_QOS_HAS_SEQ(wh);
3240
3241 tap->wt_flags = 0;
3242 tap->wt_rate = rt2860_rates[data->ridx].rate;
3243 tap->wt_hwqueue = index;
3244 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3245 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3246 if (has_l2pad)
3247 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
3248
3249 ieee80211_radiotap_tx(vap, m);
3250 }
3251
3252 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3253 "sending frame len=%u/%u @ index %d\n",
3254 m->m_pkthdr.len, size, index);
3255
3256 usbd_xfer_set_frame_len(xfer, 0, size);
3257 usbd_xfer_set_priv(xfer, data);
3258 usbd_transfer_submit(xfer);
3259 run_start(sc);
3260
3261 break;
3262
3263 default:
3264 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3265 "USB transfer error, %s\n", usbd_errstr(error));
3266
3267 data = usbd_xfer_get_priv(xfer);
3268
3269 if (data != NULL) {
3270 if(data->ni != NULL)
3271 vap = data->ni->ni_vap;
3272 run_tx_free(pq, data, error);
3273 usbd_xfer_set_priv(xfer, NULL);
3274 }
3275
3276 if (vap == NULL)
3277 vap = TAILQ_FIRST(&ic->ic_vaps);
3278
3279 if (error != USB_ERR_CANCELLED) {
3280 if (error == USB_ERR_TIMEOUT) {
3281 device_printf(sc->sc_dev, "device timeout\n");
3282 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3283 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3284 "cmdq_store=%d\n", i);
3285 sc->cmdq[i].func = run_usb_timeout_cb;
3286 sc->cmdq[i].arg0 = vap;
3287 ieee80211_runtask(ic, &sc->cmdq_task);
3288 }
3289
3290 /*
3291 * Try to clear stall first, also if other
3292 * errors occur, hence clearing stall
3293 * introduces a 50 ms delay:
3294 */
3295 usbd_xfer_set_stall(xfer);
3296 goto tr_setup;
3297 }
3298 break;
3299 }
3300 #ifdef IEEE80211_SUPPORT_SUPERG
3301 /* XXX TODO: make this deferred rather than unlock/relock */
3302 /* XXX TODO: should only do the QoS AC this belongs to */
3303 if (pq->tx_nfree >= RUN_TX_RING_COUNT) {
3304 RUN_UNLOCK(sc);
3305 ieee80211_ff_flush_all(ic);
3306 RUN_LOCK(sc);
3307 }
3308 #endif
3309 }
3310
3311 static void
run_bulk_tx_callback0(struct usb_xfer * xfer,usb_error_t error)3312 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3313 {
3314 run_bulk_tx_callbackN(xfer, error, 0);
3315 }
3316
3317 static void
run_bulk_tx_callback1(struct usb_xfer * xfer,usb_error_t error)3318 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3319 {
3320 run_bulk_tx_callbackN(xfer, error, 1);
3321 }
3322
3323 static void
run_bulk_tx_callback2(struct usb_xfer * xfer,usb_error_t error)3324 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3325 {
3326 run_bulk_tx_callbackN(xfer, error, 2);
3327 }
3328
3329 static void
run_bulk_tx_callback3(struct usb_xfer * xfer,usb_error_t error)3330 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3331 {
3332 run_bulk_tx_callbackN(xfer, error, 3);
3333 }
3334
3335 static void
run_bulk_tx_callback4(struct usb_xfer * xfer,usb_error_t error)3336 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3337 {
3338 run_bulk_tx_callbackN(xfer, error, 4);
3339 }
3340
3341 static void
run_bulk_tx_callback5(struct usb_xfer * xfer,usb_error_t error)3342 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3343 {
3344 run_bulk_tx_callbackN(xfer, error, 5);
3345 }
3346
3347 static void
run_set_tx_desc(struct run_softc * sc,struct run_tx_data * data)3348 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3349 {
3350 struct mbuf *m = data->m;
3351 struct ieee80211com *ic = &sc->sc_ic;
3352 struct ieee80211vap *vap = data->ni->ni_vap;
3353 struct ieee80211_frame *wh;
3354 struct rt2870_txd *txd;
3355 struct rt2860_txwi *txwi;
3356 uint16_t xferlen, txwisize;
3357 uint16_t mcs;
3358 uint8_t ridx = data->ridx;
3359 uint8_t pad;
3360
3361 /* get MCS code from rate index */
3362 mcs = rt2860_rates[ridx].mcs;
3363
3364 txwisize = (sc->mac_ver == 0x5592) ?
3365 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3366 xferlen = txwisize + m->m_pkthdr.len;
3367
3368 /* roundup to 32-bit alignment */
3369 xferlen = (xferlen + 3) & ~3;
3370
3371 txd = (struct rt2870_txd *)&data->desc;
3372 txd->len = htole16(xferlen);
3373
3374 wh = mtod(m, struct ieee80211_frame *);
3375
3376 /*
3377 * Ether both are true or both are false, the header
3378 * are nicely aligned to 32-bit. So, no L2 padding.
3379 */
3380 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3381 pad = 0;
3382 else
3383 pad = 2;
3384
3385 /* setup TX Wireless Information */
3386 txwi = (struct rt2860_txwi *)(txd + 1);
3387 txwi->len = htole16(m->m_pkthdr.len - pad);
3388 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3389 mcs |= RT2860_PHY_CCK;
3390 if (ridx != RT2860_RIDX_CCK1 &&
3391 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3392 mcs |= RT2860_PHY_SHPRE;
3393 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) {
3394 mcs |= RT2860_PHY_OFDM;
3395 } else if (rt2860_rates[ridx].phy == IEEE80211_T_HT) {
3396 /* XXX TODO: [adrian] set short preamble for MCS? */
3397 mcs |= RT2860_PHY_HT_MIX; /* Mixed, not greenfield */
3398 }
3399 txwi->phy = htole16(mcs);
3400
3401 /* check if RTS/CTS or CTS-to-self protection is required */
3402 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3403 ((m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) ||
3404 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3405 rt2860_rates[ridx].phy == IEEE80211_T_OFDM) ||
3406 ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) &&
3407 rt2860_rates[ridx].phy == IEEE80211_T_HT)))
3408 txwi->txop |= RT2860_TX_TXOP_HT;
3409 else
3410 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3411
3412 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3413 txwi->xflags |= RT2860_TX_NSEQ;
3414 }
3415
3416 /* This function must be called locked */
3417 static int
run_tx(struct run_softc * sc,struct mbuf * m,struct ieee80211_node * ni)3418 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3419 {
3420 struct ieee80211com *ic = &sc->sc_ic;
3421 struct ieee80211vap *vap = ni->ni_vap;
3422 struct ieee80211_frame *wh;
3423 const struct ieee80211_txparam *tp = ni->ni_txparms;
3424 struct run_node *rn = RUN_NODE(ni);
3425 struct run_tx_data *data;
3426 struct rt2870_txd *txd;
3427 struct rt2860_txwi *txwi;
3428 uint16_t qos;
3429 uint16_t dur;
3430 uint16_t qid;
3431 uint8_t type;
3432 uint8_t tid;
3433 uint8_t ridx;
3434 uint8_t ctl_ridx;
3435 uint8_t qflags;
3436 uint8_t xflags = 0;
3437 int hasqos;
3438
3439 RUN_LOCK_ASSERT(sc, MA_OWNED);
3440
3441 wh = mtod(m, struct ieee80211_frame *);
3442
3443 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3444
3445 /*
3446 * There are 7 bulk endpoints: 1 for RX
3447 * and 6 for TX (4 EDCAs + HCCA + Prio).
3448 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3449 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3450 */
3451 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3452 uint8_t *frm;
3453
3454 frm = ieee80211_getqos(wh);
3455 qos = le16toh(*(const uint16_t *)frm);
3456 tid = qos & IEEE80211_QOS_TID;
3457 qid = TID_TO_WME_AC(tid);
3458 } else {
3459 qos = 0;
3460 tid = 0;
3461 qid = WME_AC_BE;
3462 }
3463 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3464
3465 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3466 qos, qid, tid, qflags);
3467
3468 /* pickup a rate index */
3469 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3470 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3471 /* XXX TODO: methodize for 11n; use MCS0 for 11NA/11NG */
3472 ridx = (ic->ic_curmode == IEEE80211_MODE_11A || ic->ic_curmode == IEEE80211_MODE_11NA) ?
3473 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3474 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3475 } else {
3476 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3477 ridx = rn->fix_ridx;
3478 else
3479 ridx = rn->amrr_ridx;
3480 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3481 }
3482
3483 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3484 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3485 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3486 xflags |= RT2860_TX_ACK;
3487 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3488 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3489 else
3490 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3491 USETW(wh->i_dur, dur);
3492 }
3493
3494 /* reserve slots for mgmt packets, just in case */
3495 if (sc->sc_epq[qid].tx_nfree < 3) {
3496 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid);
3497 return (-1);
3498 }
3499
3500 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3501 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3502 sc->sc_epq[qid].tx_nfree--;
3503
3504 txd = (struct rt2870_txd *)&data->desc;
3505 txd->flags = qflags;
3506 txwi = (struct rt2860_txwi *)(txd + 1);
3507 txwi->xflags = xflags;
3508 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3509 txwi->wcid = 0;
3510 else
3511 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3512 1 : RUN_AID2WCID(ni->ni_associd);
3513
3514 /* clear leftover garbage bits */
3515 txwi->flags = 0;
3516 txwi->txop = 0;
3517
3518 data->m = m;
3519 data->ni = ni;
3520 data->ridx = ridx;
3521
3522 run_set_tx_desc(sc, data);
3523
3524 /*
3525 * The chip keeps track of 2 kind of Tx stats,
3526 * * TX_STAT_FIFO, for per WCID stats, and
3527 * * TX_STA_CNT0 for all-TX-in-one stats.
3528 *
3529 * To use FIFO stats, we need to store MCS into the driver-private
3530 * PacketID field. So that, we can tell whose stats when we read them.
3531 * We add 1 to the MCS because setting the PacketID field to 0 means
3532 * that we don't want feedback in TX_STAT_FIFO.
3533 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3534 *
3535 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3536 */
3537 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3538 vap->iv_opmode == IEEE80211_M_MBSS) {
3539 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3540 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3541
3542 /*
3543 * Unlike PCI based devices, we don't get any interrupt from
3544 * USB devices, so we simulate FIFO-is-full interrupt here.
3545 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3546 * quickly get fulled. To prevent overflow, increment a counter on
3547 * every FIFO stat request, so we know how many slots are left.
3548 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3549 * are used only in those modes.
3550 * We just drain stats. AMRR gets updated every 1 sec by
3551 * run_ratectl_cb() via callout.
3552 * Call it early. Otherwise overflow.
3553 */
3554 if (sc->fifo_cnt++ == 10) {
3555 /*
3556 * With multiple vaps or if_bridge, if_start() is called
3557 * with a non-sleepable lock, tcpinp. So, need to defer.
3558 */
3559 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3560 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i);
3561 sc->cmdq[i].func = run_drain_fifo;
3562 sc->cmdq[i].arg0 = sc;
3563 ieee80211_runtask(ic, &sc->cmdq_task);
3564 }
3565 }
3566
3567 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3568
3569 usbd_transfer_start(sc->sc_xfer[qid]);
3570
3571 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3572 "sending data frame len=%d rate=%d qid=%d\n",
3573 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3574 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3575
3576 return (0);
3577 }
3578
3579 static int
run_tx_mgt(struct run_softc * sc,struct mbuf * m,struct ieee80211_node * ni)3580 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3581 {
3582 struct ieee80211com *ic = &sc->sc_ic;
3583 struct run_node *rn = RUN_NODE(ni);
3584 struct run_tx_data *data;
3585 struct ieee80211_frame *wh;
3586 struct rt2870_txd *txd;
3587 struct rt2860_txwi *txwi;
3588 uint16_t dur;
3589 uint8_t ridx = rn->mgt_ridx;
3590 uint8_t xflags = 0;
3591 uint8_t wflags = 0;
3592
3593 RUN_LOCK_ASSERT(sc, MA_OWNED);
3594
3595 wh = mtod(m, struct ieee80211_frame *);
3596
3597 /* tell hardware to add timestamp for probe responses */
3598 if ((wh->i_fc[0] &
3599 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3600 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3601 wflags |= RT2860_TX_TS;
3602 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3603 xflags |= RT2860_TX_ACK;
3604
3605 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3606 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3607 USETW(wh->i_dur, dur);
3608 }
3609
3610 if (sc->sc_epq[0].tx_nfree == 0)
3611 /* let caller free mbuf */
3612 return (EIO);
3613 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3614 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3615 sc->sc_epq[0].tx_nfree--;
3616
3617 txd = (struct rt2870_txd *)&data->desc;
3618 txd->flags = RT2860_TX_QSEL_EDCA;
3619 txwi = (struct rt2860_txwi *)(txd + 1);
3620 txwi->wcid = 0xff;
3621 txwi->flags = wflags;
3622 txwi->xflags = xflags;
3623 txwi->txop = 0; /* clear leftover garbage bits */
3624
3625 data->m = m;
3626 data->ni = ni;
3627 data->ridx = ridx;
3628
3629 run_set_tx_desc(sc, data);
3630
3631 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n",
3632 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3633 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate);
3634
3635 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3636
3637 usbd_transfer_start(sc->sc_xfer[0]);
3638
3639 return (0);
3640 }
3641
3642 static int
run_sendprot(struct run_softc * sc,const struct mbuf * m,struct ieee80211_node * ni,int prot,int rate)3643 run_sendprot(struct run_softc *sc,
3644 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3645 {
3646 struct ieee80211com *ic = ni->ni_ic;
3647 struct run_tx_data *data;
3648 struct rt2870_txd *txd;
3649 struct rt2860_txwi *txwi;
3650 struct mbuf *mprot;
3651 int ridx;
3652 int protrate;
3653 uint8_t wflags = 0;
3654 uint8_t xflags = 0;
3655
3656 RUN_LOCK_ASSERT(sc, MA_OWNED);
3657
3658 /* check that there are free slots before allocating the mbuf */
3659 if (sc->sc_epq[0].tx_nfree == 0)
3660 /* let caller free mbuf */
3661 return (ENOBUFS);
3662
3663 mprot = ieee80211_alloc_prot(ni, m, rate, prot);
3664 if (mprot == NULL) {
3665 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3666 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n");
3667 return (ENOBUFS);
3668 }
3669
3670 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3671 wflags = RT2860_TX_FRAG;
3672 xflags = 0;
3673 if (prot == IEEE80211_PROT_RTSCTS)
3674 xflags |= RT2860_TX_ACK;
3675
3676 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3677 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3678 sc->sc_epq[0].tx_nfree--;
3679
3680 txd = (struct rt2870_txd *)&data->desc;
3681 txd->flags = RT2860_TX_QSEL_EDCA;
3682 txwi = (struct rt2860_txwi *)(txd + 1);
3683 txwi->wcid = 0xff;
3684 txwi->flags = wflags;
3685 txwi->xflags = xflags;
3686 txwi->txop = 0; /* clear leftover garbage bits */
3687
3688 data->m = mprot;
3689 data->ni = ieee80211_ref_node(ni);
3690
3691 /* XXX TODO: methodize with MCS rates */
3692 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3693 if (rt2860_rates[ridx].rate == protrate)
3694 break;
3695 data->ridx = ridx;
3696
3697 run_set_tx_desc(sc, data);
3698
3699 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n",
3700 m->m_pkthdr.len, rate);
3701
3702 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3703
3704 usbd_transfer_start(sc->sc_xfer[0]);
3705
3706 return (0);
3707 }
3708
3709 static int
run_tx_param(struct run_softc * sc,struct mbuf * m,struct ieee80211_node * ni,const struct ieee80211_bpf_params * params)3710 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3711 const struct ieee80211_bpf_params *params)
3712 {
3713 struct ieee80211com *ic = ni->ni_ic;
3714 struct run_tx_data *data;
3715 struct rt2870_txd *txd;
3716 struct rt2860_txwi *txwi;
3717 uint8_t ridx;
3718 uint8_t rate;
3719 uint8_t opflags = 0;
3720 uint8_t xflags = 0;
3721 int error;
3722
3723 RUN_LOCK_ASSERT(sc, MA_OWNED);
3724
3725 KASSERT(params != NULL, ("no raw xmit params"));
3726
3727 rate = params->ibp_rate0;
3728 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3729 /* let caller free mbuf */
3730 return (EINVAL);
3731 }
3732
3733 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3734 xflags |= RT2860_TX_ACK;
3735 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3736 error = run_sendprot(sc, m, ni,
3737 params->ibp_flags & IEEE80211_BPF_RTS ?
3738 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3739 rate);
3740 if (error) {
3741 /* let caller free mbuf */
3742 return error;
3743 }
3744 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3745 }
3746
3747 if (sc->sc_epq[0].tx_nfree == 0) {
3748 /* let caller free mbuf */
3749 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3750 "sending raw frame, but tx ring is full\n");
3751 return (EIO);
3752 }
3753 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3754 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3755 sc->sc_epq[0].tx_nfree--;
3756
3757 txd = (struct rt2870_txd *)&data->desc;
3758 txd->flags = RT2860_TX_QSEL_EDCA;
3759 txwi = (struct rt2860_txwi *)(txd + 1);
3760 txwi->wcid = 0xff;
3761 txwi->xflags = xflags;
3762 txwi->txop = opflags;
3763 txwi->flags = 0; /* clear leftover garbage bits */
3764
3765 data->m = m;
3766 data->ni = ni;
3767 /* XXX TODO: methodize with MCS rates */
3768 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3769 if (rt2860_rates[ridx].rate == rate)
3770 break;
3771 data->ridx = ridx;
3772
3773 run_set_tx_desc(sc, data);
3774
3775 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n",
3776 m->m_pkthdr.len, rate);
3777
3778 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3779
3780 usbd_transfer_start(sc->sc_xfer[0]);
3781
3782 return (0);
3783 }
3784
3785 static int
run_raw_xmit(struct ieee80211_node * ni,struct mbuf * m,const struct ieee80211_bpf_params * params)3786 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3787 const struct ieee80211_bpf_params *params)
3788 {
3789 struct run_softc *sc = ni->ni_ic->ic_softc;
3790 int error = 0;
3791
3792 RUN_LOCK(sc);
3793
3794 /* prevent management frames from being sent if we're not ready */
3795 if (!(sc->sc_flags & RUN_RUNNING)) {
3796 error = ENETDOWN;
3797 goto done;
3798 }
3799
3800 if (params == NULL) {
3801 /* tx mgt packet */
3802 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3803 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n");
3804 goto done;
3805 }
3806 } else {
3807 /* tx raw packet with param */
3808 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3809 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n");
3810 goto done;
3811 }
3812 }
3813
3814 done:
3815 RUN_UNLOCK(sc);
3816
3817 if (error != 0) {
3818 if(m != NULL)
3819 m_freem(m);
3820 }
3821
3822 return (error);
3823 }
3824
3825 static int
run_transmit(struct ieee80211com * ic,struct mbuf * m)3826 run_transmit(struct ieee80211com *ic, struct mbuf *m)
3827 {
3828 struct run_softc *sc = ic->ic_softc;
3829 int error;
3830
3831 RUN_LOCK(sc);
3832 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3833 RUN_UNLOCK(sc);
3834 return (ENXIO);
3835 }
3836 error = mbufq_enqueue(&sc->sc_snd, m);
3837 if (error) {
3838 RUN_UNLOCK(sc);
3839 return (error);
3840 }
3841 run_start(sc);
3842 RUN_UNLOCK(sc);
3843
3844 return (0);
3845 }
3846
3847 static void
run_start(struct run_softc * sc)3848 run_start(struct run_softc *sc)
3849 {
3850 struct ieee80211_node *ni;
3851 struct mbuf *m;
3852
3853 RUN_LOCK_ASSERT(sc, MA_OWNED);
3854
3855 if ((sc->sc_flags & RUN_RUNNING) == 0)
3856 return;
3857
3858 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3859 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3860 if (run_tx(sc, m, ni) != 0) {
3861 mbufq_prepend(&sc->sc_snd, m);
3862 break;
3863 }
3864 }
3865 }
3866
3867 static void
run_parent(struct ieee80211com * ic)3868 run_parent(struct ieee80211com *ic)
3869 {
3870 struct run_softc *sc = ic->ic_softc;
3871 int startall = 0;
3872
3873 RUN_LOCK(sc);
3874 if (sc->sc_detached) {
3875 RUN_UNLOCK(sc);
3876 return;
3877 }
3878
3879 if (ic->ic_nrunning > 0) {
3880 if (!(sc->sc_flags & RUN_RUNNING)) {
3881 startall = 1;
3882 run_init_locked(sc);
3883 } else
3884 run_update_promisc_locked(sc);
3885 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3886 run_stop(sc);
3887 RUN_UNLOCK(sc);
3888 if (startall)
3889 ieee80211_start_all(ic);
3890 }
3891
3892 static void
run_iq_calib(struct run_softc * sc,u_int chan)3893 run_iq_calib(struct run_softc *sc, u_int chan)
3894 {
3895 uint16_t val;
3896
3897 /* Tx0 IQ gain. */
3898 run_bbp_write(sc, 158, 0x2c);
3899 if (chan <= 14)
3900 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3901 else if (chan <= 64) {
3902 run_efuse_read(sc,
3903 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3904 &val, 1);
3905 } else if (chan <= 138) {
3906 run_efuse_read(sc,
3907 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3908 &val, 1);
3909 } else if (chan <= 165) {
3910 run_efuse_read(sc,
3911 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3912 &val, 1);
3913 } else
3914 val = 0;
3915 run_bbp_write(sc, 159, val);
3916
3917 /* Tx0 IQ phase. */
3918 run_bbp_write(sc, 158, 0x2d);
3919 if (chan <= 14) {
3920 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3921 &val, 1);
3922 } else if (chan <= 64) {
3923 run_efuse_read(sc,
3924 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3925 &val, 1);
3926 } else if (chan <= 138) {
3927 run_efuse_read(sc,
3928 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3929 &val, 1);
3930 } else if (chan <= 165) {
3931 run_efuse_read(sc,
3932 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3933 &val, 1);
3934 } else
3935 val = 0;
3936 run_bbp_write(sc, 159, val);
3937
3938 /* Tx1 IQ gain. */
3939 run_bbp_write(sc, 158, 0x4a);
3940 if (chan <= 14) {
3941 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3942 &val, 1);
3943 } else if (chan <= 64) {
3944 run_efuse_read(sc,
3945 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3946 &val, 1);
3947 } else if (chan <= 138) {
3948 run_efuse_read(sc,
3949 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3950 &val, 1);
3951 } else if (chan <= 165) {
3952 run_efuse_read(sc,
3953 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3954 &val, 1);
3955 } else
3956 val = 0;
3957 run_bbp_write(sc, 159, val);
3958
3959 /* Tx1 IQ phase. */
3960 run_bbp_write(sc, 158, 0x4b);
3961 if (chan <= 14) {
3962 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3963 &val, 1);
3964 } else if (chan <= 64) {
3965 run_efuse_read(sc,
3966 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3967 &val, 1);
3968 } else if (chan <= 138) {
3969 run_efuse_read(sc,
3970 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3971 &val, 1);
3972 } else if (chan <= 165) {
3973 run_efuse_read(sc,
3974 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3975 &val, 1);
3976 } else
3977 val = 0;
3978 run_bbp_write(sc, 159, val);
3979
3980 /* RF IQ compensation control. */
3981 run_bbp_write(sc, 158, 0x04);
3982 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3983 &val, 1);
3984 run_bbp_write(sc, 159, val);
3985
3986 /* RF IQ imbalance compensation control. */
3987 run_bbp_write(sc, 158, 0x03);
3988 run_efuse_read(sc,
3989 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3990 run_bbp_write(sc, 159, val);
3991 }
3992
3993 static void
run_set_agc(struct run_softc * sc,uint8_t agc)3994 run_set_agc(struct run_softc *sc, uint8_t agc)
3995 {
3996 uint8_t bbp;
3997
3998 if (sc->mac_ver == 0x3572) {
3999 run_bbp_read(sc, 27, &bbp);
4000 bbp &= ~(0x3 << 5);
4001 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
4002 run_bbp_write(sc, 66, agc);
4003 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
4004 run_bbp_write(sc, 66, agc);
4005 } else
4006 run_bbp_write(sc, 66, agc);
4007 }
4008
4009 static void
run_select_chan_group(struct run_softc * sc,int group)4010 run_select_chan_group(struct run_softc *sc, int group)
4011 {
4012 uint32_t tmp;
4013 uint8_t agc;
4014
4015 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
4016 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
4017 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
4018 if (sc->mac_ver < 0x3572)
4019 run_bbp_write(sc, 86, 0x00);
4020
4021 if (sc->mac_ver == 0x3593) {
4022 run_bbp_write(sc, 77, 0x98);
4023 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
4024 }
4025
4026 if (group == 0) {
4027 if (sc->ext_2ghz_lna) {
4028 if (sc->mac_ver >= 0x5390)
4029 run_bbp_write(sc, 75, 0x52);
4030 else {
4031 run_bbp_write(sc, 82, 0x62);
4032 run_bbp_write(sc, 75, 0x46);
4033 }
4034 } else {
4035 if (sc->mac_ver == 0x5592) {
4036 run_bbp_write(sc, 79, 0x1c);
4037 run_bbp_write(sc, 80, 0x0e);
4038 run_bbp_write(sc, 81, 0x3a);
4039 run_bbp_write(sc, 82, 0x62);
4040
4041 run_bbp_write(sc, 195, 0x80);
4042 run_bbp_write(sc, 196, 0xe0);
4043 run_bbp_write(sc, 195, 0x81);
4044 run_bbp_write(sc, 196, 0x1f);
4045 run_bbp_write(sc, 195, 0x82);
4046 run_bbp_write(sc, 196, 0x38);
4047 run_bbp_write(sc, 195, 0x83);
4048 run_bbp_write(sc, 196, 0x32);
4049 run_bbp_write(sc, 195, 0x85);
4050 run_bbp_write(sc, 196, 0x28);
4051 run_bbp_write(sc, 195, 0x86);
4052 run_bbp_write(sc, 196, 0x19);
4053 } else if (sc->mac_ver >= 0x5390)
4054 run_bbp_write(sc, 75, 0x50);
4055 else {
4056 run_bbp_write(sc, 82,
4057 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
4058 run_bbp_write(sc, 75, 0x50);
4059 }
4060 }
4061 } else {
4062 if (sc->mac_ver == 0x5592) {
4063 run_bbp_write(sc, 79, 0x18);
4064 run_bbp_write(sc, 80, 0x08);
4065 run_bbp_write(sc, 81, 0x38);
4066 run_bbp_write(sc, 82, 0x92);
4067
4068 run_bbp_write(sc, 195, 0x80);
4069 run_bbp_write(sc, 196, 0xf0);
4070 run_bbp_write(sc, 195, 0x81);
4071 run_bbp_write(sc, 196, 0x1e);
4072 run_bbp_write(sc, 195, 0x82);
4073 run_bbp_write(sc, 196, 0x28);
4074 run_bbp_write(sc, 195, 0x83);
4075 run_bbp_write(sc, 196, 0x20);
4076 run_bbp_write(sc, 195, 0x85);
4077 run_bbp_write(sc, 196, 0x7f);
4078 run_bbp_write(sc, 195, 0x86);
4079 run_bbp_write(sc, 196, 0x7f);
4080 } else if (sc->mac_ver == 0x3572)
4081 run_bbp_write(sc, 82, 0x94);
4082 else
4083 run_bbp_write(sc, 82,
4084 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4085 if (sc->ext_5ghz_lna)
4086 run_bbp_write(sc, 75, 0x46);
4087 else
4088 run_bbp_write(sc, 75, 0x50);
4089 }
4090
4091 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4092 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4093 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4094 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4095
4096 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4097 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4098 if (sc->mac_ver == 0x3593)
4099 tmp |= 1 << 29 | 1 << 28;
4100 if (sc->nrxchains > 1)
4101 tmp |= RT2860_LNA_PE1_EN;
4102 if (group == 0) { /* 2GHz */
4103 tmp |= RT2860_PA_PE_G0_EN;
4104 if (sc->ntxchains > 1)
4105 tmp |= RT2860_PA_PE_G1_EN;
4106 if (sc->mac_ver == 0x3593) {
4107 if (sc->ntxchains > 2)
4108 tmp |= 1 << 25;
4109 }
4110 } else { /* 5GHz */
4111 tmp |= RT2860_PA_PE_A0_EN;
4112 if (sc->ntxchains > 1)
4113 tmp |= RT2860_PA_PE_A1_EN;
4114 }
4115 if (sc->mac_ver == 0x3572) {
4116 run_rt3070_rf_write(sc, 8, 0x00);
4117 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4118 run_rt3070_rf_write(sc, 8, 0x80);
4119 } else
4120 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4121
4122 if (sc->mac_ver == 0x5592) {
4123 run_bbp_write(sc, 195, 0x8d);
4124 run_bbp_write(sc, 196, 0x1a);
4125 }
4126
4127 if (sc->mac_ver == 0x3593) {
4128 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4129 tmp &= ~0x01010000;
4130 if (group == 0)
4131 tmp |= 0x00010000;
4132 tmp = (tmp & ~0x00009090) | 0x00000090;
4133 run_write(sc, RT2860_GPIO_CTRL, tmp);
4134 }
4135
4136 /* set initial AGC value */
4137 if (group == 0) { /* 2GHz band */
4138 if (sc->mac_ver >= 0x3070)
4139 agc = 0x1c + sc->lna[0] * 2;
4140 else
4141 agc = 0x2e + sc->lna[0];
4142 } else { /* 5GHz band */
4143 if (sc->mac_ver == 0x5592)
4144 agc = 0x24 + sc->lna[group] * 2;
4145 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4146 agc = 0x22 + (sc->lna[group] * 5) / 3;
4147 else
4148 agc = 0x32 + (sc->lna[group] * 5) / 3;
4149 }
4150 run_set_agc(sc, agc);
4151 }
4152
4153 static void
run_rt2870_set_chan(struct run_softc * sc,u_int chan)4154 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4155 {
4156 const struct rfprog *rfprog = rt2860_rf2850;
4157 uint32_t r2, r3, r4;
4158 int8_t txpow1, txpow2;
4159 int i;
4160
4161 /* find the settings for this channel (we know it exists) */
4162 for (i = 0; rfprog[i].chan != chan; i++);
4163
4164 r2 = rfprog[i].r2;
4165 if (sc->ntxchains == 1)
4166 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4167 if (sc->nrxchains == 1)
4168 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4169 else if (sc->nrxchains == 2)
4170 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4171
4172 /* use Tx power values from EEPROM */
4173 txpow1 = sc->txpow1[i];
4174 txpow2 = sc->txpow2[i];
4175
4176 /* Initialize RF R3 and R4. */
4177 r3 = rfprog[i].r3 & 0xffffc1ff;
4178 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4179 if (chan > 14) {
4180 if (txpow1 >= 0) {
4181 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4182 r3 |= (txpow1 << 10) | (1 << 9);
4183 } else {
4184 txpow1 += 7;
4185
4186 /* txpow1 is not possible larger than 15. */
4187 r3 |= (txpow1 << 10);
4188 }
4189 if (txpow2 >= 0) {
4190 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4191 r4 |= (txpow2 << 7) | (1 << 6);
4192 } else {
4193 txpow2 += 7;
4194 r4 |= (txpow2 << 7);
4195 }
4196 } else {
4197 /* Set Tx0 power. */
4198 r3 |= (txpow1 << 9);
4199
4200 /* Set frequency offset and Tx1 power. */
4201 r4 |= (txpow2 << 6);
4202 }
4203
4204 run_rt2870_rf_write(sc, rfprog[i].r1);
4205 run_rt2870_rf_write(sc, r2);
4206 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4207 run_rt2870_rf_write(sc, r4);
4208
4209 run_delay(sc, 10);
4210
4211 run_rt2870_rf_write(sc, rfprog[i].r1);
4212 run_rt2870_rf_write(sc, r2);
4213 run_rt2870_rf_write(sc, r3 | (1 << 2));
4214 run_rt2870_rf_write(sc, r4);
4215
4216 run_delay(sc, 10);
4217
4218 run_rt2870_rf_write(sc, rfprog[i].r1);
4219 run_rt2870_rf_write(sc, r2);
4220 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4221 run_rt2870_rf_write(sc, r4);
4222 }
4223
4224 static void
run_rt3070_set_chan(struct run_softc * sc,u_int chan)4225 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4226 {
4227 int8_t txpow1, txpow2;
4228 uint8_t rf;
4229 int i;
4230
4231 /* find the settings for this channel (we know it exists) */
4232 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4233
4234 /* use Tx power values from EEPROM */
4235 txpow1 = sc->txpow1[i];
4236 txpow2 = sc->txpow2[i];
4237
4238 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4239
4240 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4241 run_rt3070_rf_read(sc, 3, &rf);
4242 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4243 run_rt3070_rf_write(sc, 3, rf);
4244
4245 run_rt3070_rf_read(sc, 6, &rf);
4246 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4247 run_rt3070_rf_write(sc, 6, rf);
4248
4249 /* set Tx0 power */
4250 run_rt3070_rf_read(sc, 12, &rf);
4251 rf = (rf & ~0x1f) | txpow1;
4252 run_rt3070_rf_write(sc, 12, rf);
4253
4254 /* set Tx1 power */
4255 run_rt3070_rf_read(sc, 13, &rf);
4256 rf = (rf & ~0x1f) | txpow2;
4257 run_rt3070_rf_write(sc, 13, rf);
4258
4259 run_rt3070_rf_read(sc, 1, &rf);
4260 rf &= ~0xfc;
4261 if (sc->ntxchains == 1)
4262 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4263 else if (sc->ntxchains == 2)
4264 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4265 if (sc->nrxchains == 1)
4266 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4267 else if (sc->nrxchains == 2)
4268 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4269 run_rt3070_rf_write(sc, 1, rf);
4270
4271 /* set RF offset */
4272 run_rt3070_rf_read(sc, 23, &rf);
4273 rf = (rf & ~0x7f) | sc->freq;
4274 run_rt3070_rf_write(sc, 23, rf);
4275
4276 /* program RF filter */
4277 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4278 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4279 run_rt3070_rf_write(sc, 24, rf);
4280 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4281 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4282 run_rt3070_rf_write(sc, 31, rf);
4283
4284 /* enable RF tuning */
4285 run_rt3070_rf_read(sc, 7, &rf);
4286 run_rt3070_rf_write(sc, 7, rf | 0x01);
4287 }
4288
4289 static void
run_rt3572_set_chan(struct run_softc * sc,u_int chan)4290 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4291 {
4292 int8_t txpow1, txpow2;
4293 uint32_t tmp;
4294 uint8_t rf;
4295 int i;
4296
4297 /* find the settings for this channel (we know it exists) */
4298 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4299
4300 /* use Tx power values from EEPROM */
4301 txpow1 = sc->txpow1[i];
4302 txpow2 = sc->txpow2[i];
4303
4304 if (chan <= 14) {
4305 run_bbp_write(sc, 25, sc->bbp25);
4306 run_bbp_write(sc, 26, sc->bbp26);
4307 } else {
4308 /* enable IQ phase correction */
4309 run_bbp_write(sc, 25, 0x09);
4310 run_bbp_write(sc, 26, 0xff);
4311 }
4312
4313 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4314 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4315 run_rt3070_rf_read(sc, 6, &rf);
4316 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4317 rf |= (chan <= 14) ? 0x08 : 0x04;
4318 run_rt3070_rf_write(sc, 6, rf);
4319
4320 /* set PLL mode */
4321 run_rt3070_rf_read(sc, 5, &rf);
4322 rf &= ~(0x08 | 0x04);
4323 rf |= (chan <= 14) ? 0x04 : 0x08;
4324 run_rt3070_rf_write(sc, 5, rf);
4325
4326 /* set Tx power for chain 0 */
4327 if (chan <= 14)
4328 rf = 0x60 | txpow1;
4329 else
4330 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4331 run_rt3070_rf_write(sc, 12, rf);
4332
4333 /* set Tx power for chain 1 */
4334 if (chan <= 14)
4335 rf = 0x60 | txpow2;
4336 else
4337 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4338 run_rt3070_rf_write(sc, 13, rf);
4339
4340 /* set Tx/Rx streams */
4341 run_rt3070_rf_read(sc, 1, &rf);
4342 rf &= ~0xfc;
4343 if (sc->ntxchains == 1)
4344 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4345 else if (sc->ntxchains == 2)
4346 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4347 if (sc->nrxchains == 1)
4348 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4349 else if (sc->nrxchains == 2)
4350 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4351 run_rt3070_rf_write(sc, 1, rf);
4352
4353 /* set RF offset */
4354 run_rt3070_rf_read(sc, 23, &rf);
4355 rf = (rf & ~0x7f) | sc->freq;
4356 run_rt3070_rf_write(sc, 23, rf);
4357
4358 /* program RF filter */
4359 rf = sc->rf24_20mhz;
4360 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4361 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4362
4363 /* enable RF tuning */
4364 run_rt3070_rf_read(sc, 7, &rf);
4365 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4366 run_rt3070_rf_write(sc, 7, rf);
4367
4368 /* TSSI */
4369 rf = (chan <= 14) ? 0xc3 : 0xc0;
4370 run_rt3070_rf_write(sc, 9, rf);
4371
4372 /* set loop filter 1 */
4373 run_rt3070_rf_write(sc, 10, 0xf1);
4374 /* set loop filter 2 */
4375 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4376
4377 /* set tx_mx2_ic */
4378 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4379 /* set tx_mx1_ic */
4380 if (chan <= 14)
4381 rf = 0x48 | sc->txmixgain_2ghz;
4382 else
4383 rf = 0x78 | sc->txmixgain_5ghz;
4384 run_rt3070_rf_write(sc, 16, rf);
4385
4386 /* set tx_lo1 */
4387 run_rt3070_rf_write(sc, 17, 0x23);
4388 /* set tx_lo2 */
4389 if (chan <= 14)
4390 rf = 0x93;
4391 else if (chan <= 64)
4392 rf = 0xb7;
4393 else if (chan <= 128)
4394 rf = 0x74;
4395 else
4396 rf = 0x72;
4397 run_rt3070_rf_write(sc, 19, rf);
4398
4399 /* set rx_lo1 */
4400 if (chan <= 14)
4401 rf = 0xb3;
4402 else if (chan <= 64)
4403 rf = 0xf6;
4404 else if (chan <= 128)
4405 rf = 0xf4;
4406 else
4407 rf = 0xf3;
4408 run_rt3070_rf_write(sc, 20, rf);
4409
4410 /* set pfd_delay */
4411 if (chan <= 14)
4412 rf = 0x15;
4413 else if (chan <= 64)
4414 rf = 0x3d;
4415 else
4416 rf = 0x01;
4417 run_rt3070_rf_write(sc, 25, rf);
4418
4419 /* set rx_lo2 */
4420 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4421 /* set ldo_rf_vc */
4422 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4423 /* set drv_cc */
4424 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4425
4426 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4427 tmp &= ~0x8080;
4428 if (chan <= 14)
4429 tmp |= 0x80;
4430 run_write(sc, RT2860_GPIO_CTRL, tmp);
4431
4432 /* enable RF tuning */
4433 run_rt3070_rf_read(sc, 7, &rf);
4434 run_rt3070_rf_write(sc, 7, rf | 0x01);
4435
4436 run_delay(sc, 2);
4437 }
4438
4439 static void
run_rt3593_set_chan(struct run_softc * sc,u_int chan)4440 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4441 {
4442 int8_t txpow1, txpow2, txpow3;
4443 uint8_t h20mhz, rf;
4444 int i;
4445
4446 /* find the settings for this channel (we know it exists) */
4447 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4448
4449 /* use Tx power values from EEPROM */
4450 txpow1 = sc->txpow1[i];
4451 txpow2 = sc->txpow2[i];
4452 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4453
4454 if (chan <= 14) {
4455 run_bbp_write(sc, 25, sc->bbp25);
4456 run_bbp_write(sc, 26, sc->bbp26);
4457 } else {
4458 /* Enable IQ phase correction. */
4459 run_bbp_write(sc, 25, 0x09);
4460 run_bbp_write(sc, 26, 0xff);
4461 }
4462
4463 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4464 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4465 run_rt3070_rf_read(sc, 11, &rf);
4466 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4467 run_rt3070_rf_write(sc, 11, rf);
4468
4469 /* Set pll_idoh. */
4470 run_rt3070_rf_read(sc, 11, &rf);
4471 rf &= ~0x4c;
4472 rf |= (chan <= 14) ? 0x44 : 0x48;
4473 run_rt3070_rf_write(sc, 11, rf);
4474
4475 if (chan <= 14)
4476 rf = txpow1 & 0x1f;
4477 else
4478 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4479 run_rt3070_rf_write(sc, 53, rf);
4480
4481 if (chan <= 14)
4482 rf = txpow2 & 0x1f;
4483 else
4484 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4485 run_rt3070_rf_write(sc, 55, rf);
4486
4487 if (chan <= 14)
4488 rf = txpow3 & 0x1f;
4489 else
4490 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4491 run_rt3070_rf_write(sc, 54, rf);
4492
4493 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4494 if (sc->ntxchains == 3)
4495 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4496 else
4497 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4498 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4499 run_rt3070_rf_write(sc, 1, rf);
4500
4501 run_adjust_freq_offset(sc);
4502
4503 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4504
4505 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4506 run_rt3070_rf_read(sc, 30, &rf);
4507 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4508 run_rt3070_rf_write(sc, 30, rf);
4509
4510 run_rt3070_rf_read(sc, 36, &rf);
4511 if (chan <= 14)
4512 rf |= 0x80;
4513 else
4514 rf &= ~0x80;
4515 run_rt3070_rf_write(sc, 36, rf);
4516
4517 /* Set vcolo_bs. */
4518 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4519 /* Set pfd_delay. */
4520 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4521
4522 /* Set vco bias current control. */
4523 run_rt3070_rf_read(sc, 6, &rf);
4524 rf &= ~0xc0;
4525 if (chan <= 14)
4526 rf |= 0x40;
4527 else if (chan <= 128)
4528 rf |= 0x80;
4529 else
4530 rf |= 0x40;
4531 run_rt3070_rf_write(sc, 6, rf);
4532
4533 run_rt3070_rf_read(sc, 30, &rf);
4534 rf = (rf & ~0x18) | 0x10;
4535 run_rt3070_rf_write(sc, 30, rf);
4536
4537 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4538 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4539
4540 run_rt3070_rf_read(sc, 51, &rf);
4541 rf = (rf & ~0x03) | 0x01;
4542 run_rt3070_rf_write(sc, 51, rf);
4543 /* Set tx_mx1_cc. */
4544 run_rt3070_rf_read(sc, 51, &rf);
4545 rf &= ~0x1c;
4546 rf |= (chan <= 14) ? 0x14 : 0x10;
4547 run_rt3070_rf_write(sc, 51, rf);
4548 /* Set tx_mx1_ic. */
4549 run_rt3070_rf_read(sc, 51, &rf);
4550 rf &= ~0xe0;
4551 rf |= (chan <= 14) ? 0x60 : 0x40;
4552 run_rt3070_rf_write(sc, 51, rf);
4553 /* Set tx_lo1_ic. */
4554 run_rt3070_rf_read(sc, 49, &rf);
4555 rf &= ~0x1c;
4556 rf |= (chan <= 14) ? 0x0c : 0x08;
4557 run_rt3070_rf_write(sc, 49, rf);
4558 /* Set tx_lo1_en. */
4559 run_rt3070_rf_read(sc, 50, &rf);
4560 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4561 /* Set drv_cc. */
4562 run_rt3070_rf_read(sc, 57, &rf);
4563 rf &= ~0xfc;
4564 rf |= (chan <= 14) ? 0x6c : 0x3c;
4565 run_rt3070_rf_write(sc, 57, rf);
4566 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4567 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4568 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4569 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4570 /* Enable VCO calibration. */
4571 run_rt3070_rf_read(sc, 3, &rf);
4572 rf &= ~RT5390_VCOCAL;
4573 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4574 run_rt3070_rf_write(sc, 3, rf);
4575
4576 if (chan <= 14)
4577 rf = 0x23;
4578 else if (chan <= 64)
4579 rf = 0x36;
4580 else if (chan <= 128)
4581 rf = 0x32;
4582 else
4583 rf = 0x30;
4584 run_rt3070_rf_write(sc, 39, rf);
4585 if (chan <= 14)
4586 rf = 0xbb;
4587 else if (chan <= 64)
4588 rf = 0xeb;
4589 else if (chan <= 128)
4590 rf = 0xb3;
4591 else
4592 rf = 0x9b;
4593 run_rt3070_rf_write(sc, 45, rf);
4594
4595 /* Set FEQ/AEQ control. */
4596 run_bbp_write(sc, 105, 0x34);
4597 }
4598
4599 static void
run_rt5390_set_chan(struct run_softc * sc,u_int chan)4600 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4601 {
4602 int8_t txpow1, txpow2;
4603 uint8_t rf;
4604 int i;
4605
4606 /* find the settings for this channel (we know it exists) */
4607 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4608
4609 /* use Tx power values from EEPROM */
4610 txpow1 = sc->txpow1[i];
4611 txpow2 = sc->txpow2[i];
4612
4613 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4614 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4615 run_rt3070_rf_read(sc, 11, &rf);
4616 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4617 run_rt3070_rf_write(sc, 11, rf);
4618
4619 run_rt3070_rf_read(sc, 49, &rf);
4620 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4621 /* The valid range of the RF R49 is 0x00 to 0x27. */
4622 if ((rf & 0x3f) > 0x27)
4623 rf = (rf & ~0x3f) | 0x27;
4624 run_rt3070_rf_write(sc, 49, rf);
4625
4626 if (sc->mac_ver == 0x5392) {
4627 run_rt3070_rf_read(sc, 50, &rf);
4628 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4629 /* The valid range of the RF R50 is 0x00 to 0x27. */
4630 if ((rf & 0x3f) > 0x27)
4631 rf = (rf & ~0x3f) | 0x27;
4632 run_rt3070_rf_write(sc, 50, rf);
4633 }
4634
4635 run_rt3070_rf_read(sc, 1, &rf);
4636 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4637 if (sc->mac_ver == 0x5392)
4638 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4639 run_rt3070_rf_write(sc, 1, rf);
4640
4641 if (sc->mac_ver != 0x5392) {
4642 run_rt3070_rf_read(sc, 2, &rf);
4643 rf |= 0x80;
4644 run_rt3070_rf_write(sc, 2, rf);
4645 run_delay(sc, 10);
4646 rf &= 0x7f;
4647 run_rt3070_rf_write(sc, 2, rf);
4648 }
4649
4650 run_adjust_freq_offset(sc);
4651
4652 if (sc->mac_ver == 0x5392) {
4653 /* Fix for RT5392C. */
4654 if (sc->mac_rev >= 0x0223) {
4655 if (chan <= 4)
4656 rf = 0x0f;
4657 else if (chan >= 5 && chan <= 7)
4658 rf = 0x0e;
4659 else
4660 rf = 0x0d;
4661 run_rt3070_rf_write(sc, 23, rf);
4662
4663 if (chan <= 4)
4664 rf = 0x0c;
4665 else if (chan == 5)
4666 rf = 0x0b;
4667 else if (chan >= 6 && chan <= 7)
4668 rf = 0x0a;
4669 else if (chan >= 8 && chan <= 10)
4670 rf = 0x09;
4671 else
4672 rf = 0x08;
4673 run_rt3070_rf_write(sc, 59, rf);
4674 } else {
4675 if (chan <= 11)
4676 rf = 0x0f;
4677 else
4678 rf = 0x0b;
4679 run_rt3070_rf_write(sc, 59, rf);
4680 }
4681 } else {
4682 /* Fix for RT5390F. */
4683 if (sc->mac_rev >= 0x0502) {
4684 if (chan <= 11)
4685 rf = 0x43;
4686 else
4687 rf = 0x23;
4688 run_rt3070_rf_write(sc, 55, rf);
4689
4690 if (chan <= 11)
4691 rf = 0x0f;
4692 else if (chan == 12)
4693 rf = 0x0d;
4694 else
4695 rf = 0x0b;
4696 run_rt3070_rf_write(sc, 59, rf);
4697 } else {
4698 run_rt3070_rf_write(sc, 55, 0x44);
4699 run_rt3070_rf_write(sc, 59, 0x8f);
4700 }
4701 }
4702
4703 /* Enable VCO calibration. */
4704 run_rt3070_rf_read(sc, 3, &rf);
4705 rf |= RT5390_VCOCAL;
4706 run_rt3070_rf_write(sc, 3, rf);
4707 }
4708
4709 static void
run_rt5592_set_chan(struct run_softc * sc,u_int chan)4710 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4711 {
4712 const struct rt5592_freqs *freqs;
4713 uint32_t tmp;
4714 uint8_t reg, rf, txpow_bound;
4715 int8_t txpow1, txpow2;
4716 int i;
4717
4718 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4719 freqs = (tmp & RT5592_SEL_XTAL) ?
4720 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4721
4722 /* find the settings for this channel (we know it exists) */
4723 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4724
4725 /* use Tx power values from EEPROM */
4726 txpow1 = sc->txpow1[i];
4727 txpow2 = sc->txpow2[i];
4728
4729 run_read(sc, RT3070_LDO_CFG0, &tmp);
4730 tmp &= ~0x1c000000;
4731 if (chan > 14)
4732 tmp |= 0x14000000;
4733 run_write(sc, RT3070_LDO_CFG0, tmp);
4734
4735 /* N setting. */
4736 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4737 run_rt3070_rf_read(sc, 9, &rf);
4738 rf &= ~(1 << 4);
4739 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4740 run_rt3070_rf_write(sc, 9, rf);
4741
4742 /* K setting. */
4743 run_rt3070_rf_read(sc, 9, &rf);
4744 rf &= ~0x0f;
4745 rf |= (freqs->k & 0x0f);
4746 run_rt3070_rf_write(sc, 9, rf);
4747
4748 /* Mode setting. */
4749 run_rt3070_rf_read(sc, 11, &rf);
4750 rf &= ~0x0c;
4751 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4752 run_rt3070_rf_write(sc, 11, rf);
4753 run_rt3070_rf_read(sc, 9, &rf);
4754 rf &= ~(1 << 7);
4755 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4756 run_rt3070_rf_write(sc, 9, rf);
4757
4758 /* R setting. */
4759 run_rt3070_rf_read(sc, 11, &rf);
4760 rf &= ~0x03;
4761 rf |= (freqs->r - 0x1);
4762 run_rt3070_rf_write(sc, 11, rf);
4763
4764 if (chan <= 14) {
4765 /* Initialize RF registers for 2GHZ. */
4766 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4767 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4768 rt5592_2ghz_def_rf[i].val);
4769 }
4770
4771 rf = (chan <= 10) ? 0x07 : 0x06;
4772 run_rt3070_rf_write(sc, 23, rf);
4773 run_rt3070_rf_write(sc, 59, rf);
4774
4775 run_rt3070_rf_write(sc, 55, 0x43);
4776
4777 /*
4778 * RF R49/R50 Tx power ALC code.
4779 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4780 */
4781 reg = 2;
4782 txpow_bound = 0x27;
4783 } else {
4784 /* Initialize RF registers for 5GHZ. */
4785 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4786 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4787 rt5592_5ghz_def_rf[i].val);
4788 }
4789 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4790 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4791 chan <= rt5592_chan_5ghz[i].lastchan) {
4792 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4793 rt5592_chan_5ghz[i].val);
4794 }
4795 }
4796
4797 /*
4798 * RF R49/R50 Tx power ALC code.
4799 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4800 */
4801 reg = 3;
4802 txpow_bound = 0x2b;
4803 }
4804
4805 /* RF R49 ch0 Tx power ALC code. */
4806 run_rt3070_rf_read(sc, 49, &rf);
4807 rf &= ~0xc0;
4808 rf |= (reg << 6);
4809 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4810 if ((rf & 0x3f) > txpow_bound)
4811 rf = (rf & ~0x3f) | txpow_bound;
4812 run_rt3070_rf_write(sc, 49, rf);
4813
4814 /* RF R50 ch1 Tx power ALC code. */
4815 run_rt3070_rf_read(sc, 50, &rf);
4816 rf &= ~(1 << 7 | 1 << 6);
4817 rf |= (reg << 6);
4818 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4819 if ((rf & 0x3f) > txpow_bound)
4820 rf = (rf & ~0x3f) | txpow_bound;
4821 run_rt3070_rf_write(sc, 50, rf);
4822
4823 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4824 run_rt3070_rf_read(sc, 1, &rf);
4825 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4826 if (sc->ntxchains > 1)
4827 rf |= RT3070_TX1_PD;
4828 if (sc->nrxchains > 1)
4829 rf |= RT3070_RX1_PD;
4830 run_rt3070_rf_write(sc, 1, rf);
4831
4832 run_rt3070_rf_write(sc, 6, 0xe4);
4833
4834 run_rt3070_rf_write(sc, 30, 0x10);
4835 run_rt3070_rf_write(sc, 31, 0x80);
4836 run_rt3070_rf_write(sc, 32, 0x80);
4837
4838 run_adjust_freq_offset(sc);
4839
4840 /* Enable VCO calibration. */
4841 run_rt3070_rf_read(sc, 3, &rf);
4842 rf |= RT5390_VCOCAL;
4843 run_rt3070_rf_write(sc, 3, rf);
4844 }
4845
4846 static void
run_set_rx_antenna(struct run_softc * sc,int aux)4847 run_set_rx_antenna(struct run_softc *sc, int aux)
4848 {
4849 uint32_t tmp;
4850 uint8_t bbp152;
4851
4852 if (aux) {
4853 if (sc->rf_rev == RT5390_RF_5370) {
4854 run_bbp_read(sc, 152, &bbp152);
4855 run_bbp_write(sc, 152, bbp152 & ~0x80);
4856 } else {
4857 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4858 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4859 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4860 }
4861 } else {
4862 if (sc->rf_rev == RT5390_RF_5370) {
4863 run_bbp_read(sc, 152, &bbp152);
4864 run_bbp_write(sc, 152, bbp152 | 0x80);
4865 } else {
4866 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4867 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4868 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4869 }
4870 }
4871 }
4872
4873 static int
run_set_chan(struct run_softc * sc,struct ieee80211_channel * c)4874 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4875 {
4876 struct ieee80211com *ic = &sc->sc_ic;
4877 u_int chan, group;
4878
4879 chan = ieee80211_chan2ieee(ic, c);
4880 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4881 return (EINVAL);
4882
4883 if (sc->mac_ver == 0x5592)
4884 run_rt5592_set_chan(sc, chan);
4885 else if (sc->mac_ver >= 0x5390)
4886 run_rt5390_set_chan(sc, chan);
4887 else if (sc->mac_ver == 0x3593)
4888 run_rt3593_set_chan(sc, chan);
4889 else if (sc->mac_ver == 0x3572)
4890 run_rt3572_set_chan(sc, chan);
4891 else if (sc->mac_ver >= 0x3070)
4892 run_rt3070_set_chan(sc, chan);
4893 else
4894 run_rt2870_set_chan(sc, chan);
4895
4896 /* determine channel group */
4897 if (chan <= 14)
4898 group = 0;
4899 else if (chan <= 64)
4900 group = 1;
4901 else if (chan <= 128)
4902 group = 2;
4903 else
4904 group = 3;
4905
4906 /* XXX necessary only when group has changed! */
4907 run_select_chan_group(sc, group);
4908
4909 run_delay(sc, 10);
4910
4911 /* Perform IQ calibration. */
4912 if (sc->mac_ver >= 0x5392)
4913 run_iq_calib(sc, chan);
4914
4915 return (0);
4916 }
4917
4918 static void
run_set_channel(struct ieee80211com * ic)4919 run_set_channel(struct ieee80211com *ic)
4920 {
4921 struct run_softc *sc = ic->ic_softc;
4922
4923 RUN_LOCK(sc);
4924 run_set_chan(sc, ic->ic_curchan);
4925 RUN_UNLOCK(sc);
4926
4927 return;
4928 }
4929
4930 static void
run_getradiocaps(struct ieee80211com * ic,int maxchans,int * nchans,struct ieee80211_channel chans[])4931 run_getradiocaps(struct ieee80211com *ic,
4932 int maxchans, int *nchans, struct ieee80211_channel chans[])
4933 {
4934 struct run_softc *sc = ic->ic_softc;
4935 uint8_t bands[IEEE80211_MODE_BYTES];
4936
4937 memset(bands, 0, sizeof(bands));
4938 setbit(bands, IEEE80211_MODE_11B);
4939 setbit(bands, IEEE80211_MODE_11G);
4940 if (sc->rf_rev != RT3070_RF_2020)
4941 setbit(bands, IEEE80211_MODE_11NG);
4942
4943 /* Note: for now, only support HT20 channels */
4944 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0);
4945
4946 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
4947 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
4948 sc->rf_rev == RT5592_RF_5592) {
4949 setbit(bands, IEEE80211_MODE_11A);
4950 if (sc->rf_rev != RT3070_RF_2020)
4951 setbit(bands, IEEE80211_MODE_11NA);
4952 /* Note: for now, only support HT20 channels */
4953 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
4954 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0);
4955 }
4956 }
4957
4958 static void
run_scan_start(struct ieee80211com * ic)4959 run_scan_start(struct ieee80211com *ic)
4960 {
4961 struct run_softc *sc = ic->ic_softc;
4962
4963 RUN_LOCK(sc);
4964
4965 /* abort TSF synchronization */
4966 run_disable_tsf(sc);
4967 run_set_bssid(sc, ieee80211broadcastaddr);
4968
4969 RUN_UNLOCK(sc);
4970
4971 return;
4972 }
4973
4974 static void
run_scan_end(struct ieee80211com * ic)4975 run_scan_end(struct ieee80211com *ic)
4976 {
4977 struct run_softc *sc = ic->ic_softc;
4978
4979 RUN_LOCK(sc);
4980
4981 run_enable_tsf_sync(sc);
4982 run_set_bssid(sc, sc->sc_bssid);
4983
4984 RUN_UNLOCK(sc);
4985
4986 return;
4987 }
4988
4989 /*
4990 * Could be called from ieee80211_node_timeout()
4991 * (non-sleepable thread)
4992 */
4993 static void
run_update_beacon(struct ieee80211vap * vap,int item)4994 run_update_beacon(struct ieee80211vap *vap, int item)
4995 {
4996 struct ieee80211com *ic = vap->iv_ic;
4997 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4998 struct ieee80211_node *ni = vap->iv_bss;
4999 struct run_softc *sc = ic->ic_softc;
5000 struct run_vap *rvp = RUN_VAP(vap);
5001 int mcast = 0;
5002 uint32_t i;
5003
5004 switch (item) {
5005 case IEEE80211_BEACON_ERP:
5006 run_updateslot(ic);
5007 break;
5008 case IEEE80211_BEACON_HTINFO:
5009 run_updateprot(ic);
5010 break;
5011 case IEEE80211_BEACON_TIM:
5012 mcast = 1; /*TODO*/
5013 break;
5014 default:
5015 break;
5016 }
5017
5018 setbit(bo->bo_flags, item);
5019 if (rvp->beacon_mbuf == NULL) {
5020 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
5021 if (rvp->beacon_mbuf == NULL)
5022 return;
5023 }
5024 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
5025
5026 i = RUN_CMDQ_GET(&sc->cmdq_store);
5027 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5028 sc->cmdq[i].func = run_update_beacon_cb;
5029 sc->cmdq[i].arg0 = vap;
5030 ieee80211_runtask(ic, &sc->cmdq_task);
5031
5032 return;
5033 }
5034
5035 static void
run_update_beacon_cb(void * arg)5036 run_update_beacon_cb(void *arg)
5037 {
5038 struct ieee80211vap *vap = arg;
5039 struct ieee80211_node *ni = vap->iv_bss;
5040 struct run_vap *rvp = RUN_VAP(vap);
5041 struct ieee80211com *ic = vap->iv_ic;
5042 struct run_softc *sc = ic->ic_softc;
5043 struct rt2860_txwi txwi;
5044 struct mbuf *m;
5045 uint16_t txwisize;
5046 uint8_t ridx;
5047
5048 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
5049 return;
5050 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
5051 return;
5052
5053 /*
5054 * No need to call ieee80211_beacon_update(), run_update_beacon()
5055 * is taking care of appropriate calls.
5056 */
5057 if (rvp->beacon_mbuf == NULL) {
5058 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
5059 if (rvp->beacon_mbuf == NULL)
5060 return;
5061 }
5062 m = rvp->beacon_mbuf;
5063
5064 memset(&txwi, 0, sizeof(txwi));
5065 txwi.wcid = 0xff;
5066 txwi.len = htole16(m->m_pkthdr.len);
5067
5068 /* send beacons at the lowest available rate */
5069 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
5070 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
5071 txwi.phy = htole16(rt2860_rates[ridx].mcs);
5072 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
5073 txwi.phy |= htole16(RT2860_PHY_OFDM);
5074 txwi.txop = RT2860_TX_TXOP_HT;
5075 txwi.flags = RT2860_TX_TS;
5076 txwi.xflags = RT2860_TX_NSEQ;
5077
5078 txwisize = (sc->mac_ver == 0x5592) ?
5079 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
5080 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
5081 txwisize);
5082 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
5083 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
5084 }
5085
5086 static void
run_updateprot(struct ieee80211com * ic)5087 run_updateprot(struct ieee80211com *ic)
5088 {
5089 struct run_softc *sc = ic->ic_softc;
5090 uint32_t i;
5091
5092 i = RUN_CMDQ_GET(&sc->cmdq_store);
5093 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5094 sc->cmdq[i].func = run_updateprot_cb;
5095 sc->cmdq[i].arg0 = ic;
5096 ieee80211_runtask(ic, &sc->cmdq_task);
5097 }
5098
5099 static void
run_updateprot_cb(void * arg)5100 run_updateprot_cb(void *arg)
5101 {
5102 struct ieee80211com *ic = arg;
5103 struct run_softc *sc = ic->ic_softc;
5104 uint32_t tmp;
5105
5106 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5107 /* setup protection frame rate (MCS code) */
5108 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5109 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5110 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5111
5112 /* CCK frames don't require protection */
5113 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5114 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5115 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5116 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5117 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5118 tmp |= RT2860_PROT_CTRL_CTS;
5119 }
5120 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5121 }
5122
5123 static void
run_usb_timeout_cb(void * arg)5124 run_usb_timeout_cb(void *arg)
5125 {
5126 struct ieee80211vap *vap = arg;
5127 struct run_softc *sc = vap->iv_ic->ic_softc;
5128
5129 RUN_LOCK_ASSERT(sc, MA_OWNED);
5130
5131 if(vap->iv_state == IEEE80211_S_RUN &&
5132 vap->iv_opmode != IEEE80211_M_STA)
5133 run_reset_livelock(sc);
5134 else if (vap->iv_state == IEEE80211_S_SCAN) {
5135 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5136 "timeout caused by scan\n");
5137 /* cancel bgscan */
5138 ieee80211_cancel_scan(vap);
5139 } else
5140 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5141 "timeout by unknown cause\n");
5142 }
5143
5144 static void
run_reset_livelock(struct run_softc * sc)5145 run_reset_livelock(struct run_softc *sc)
5146 {
5147 uint32_t tmp;
5148
5149 RUN_LOCK_ASSERT(sc, MA_OWNED);
5150
5151 /*
5152 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5153 * can run into a livelock and start sending CTS-to-self frames like
5154 * crazy if protection is enabled. Reset MAC/BBP for a while
5155 */
5156 run_read(sc, RT2860_DEBUG, &tmp);
5157 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp);
5158 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5159 RUN_DPRINTF(sc, RUN_DEBUG_RESET,
5160 "CTS-to-self livelock detected\n");
5161 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5162 run_delay(sc, 1);
5163 run_write(sc, RT2860_MAC_SYS_CTRL,
5164 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5165 }
5166 }
5167
5168 static void
run_update_promisc_locked(struct run_softc * sc)5169 run_update_promisc_locked(struct run_softc *sc)
5170 {
5171 uint32_t tmp;
5172
5173 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5174
5175 tmp |= RT2860_DROP_UC_NOME;
5176 if (sc->sc_ic.ic_promisc > 0)
5177 tmp &= ~RT2860_DROP_UC_NOME;
5178
5179 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5180
5181 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n",
5182 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving");
5183 }
5184
5185 static void
run_update_promisc(struct ieee80211com * ic)5186 run_update_promisc(struct ieee80211com *ic)
5187 {
5188 struct run_softc *sc = ic->ic_softc;
5189
5190 if ((sc->sc_flags & RUN_RUNNING) == 0)
5191 return;
5192
5193 RUN_LOCK(sc);
5194 run_update_promisc_locked(sc);
5195 RUN_UNLOCK(sc);
5196 }
5197
5198 static void
run_enable_tsf_sync(struct run_softc * sc)5199 run_enable_tsf_sync(struct run_softc *sc)
5200 {
5201 struct ieee80211com *ic = &sc->sc_ic;
5202 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5203 uint32_t tmp;
5204
5205 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n",
5206 RUN_VAP(vap)->rvp_id, ic->ic_opmode);
5207
5208 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5209 tmp &= ~0x1fffff;
5210 tmp |= vap->iv_bss->ni_intval * 16;
5211 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5212
5213 if (ic->ic_opmode == IEEE80211_M_STA) {
5214 /*
5215 * Local TSF is always updated with remote TSF on beacon
5216 * reception.
5217 */
5218 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5219 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5220 tmp |= RT2860_BCN_TX_EN;
5221 /*
5222 * Local TSF is updated with remote TSF on beacon reception
5223 * only if the remote TSF is greater than local TSF.
5224 */
5225 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5226 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5227 ic->ic_opmode == IEEE80211_M_MBSS) {
5228 tmp |= RT2860_BCN_TX_EN;
5229 /* SYNC with nobody */
5230 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5231 } else {
5232 RUN_DPRINTF(sc, RUN_DEBUG_BEACON,
5233 "Enabling TSF failed. undefined opmode\n");
5234 return;
5235 }
5236
5237 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5238 }
5239
5240 static void
run_enable_tsf(struct run_softc * sc)5241 run_enable_tsf(struct run_softc *sc)
5242 {
5243 uint32_t tmp;
5244
5245 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5246 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5247 tmp |= RT2860_TSF_TIMER_EN;
5248 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5249 }
5250 }
5251
5252 static void
run_disable_tsf(struct run_softc * sc)5253 run_disable_tsf(struct run_softc *sc)
5254 {
5255 uint32_t tmp;
5256
5257 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5258 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
5259 RT2860_TBTT_TIMER_EN);
5260 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5261 }
5262 }
5263
5264 static void
run_get_tsf(struct run_softc * sc,uint64_t * buf)5265 run_get_tsf(struct run_softc *sc, uint64_t *buf)
5266 {
5267 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5268 sizeof(*buf));
5269 }
5270
5271 static void
run_enable_mrr(struct run_softc * sc)5272 run_enable_mrr(struct run_softc *sc)
5273 {
5274 #define CCK(mcs) (mcs)
5275 #define OFDM(mcs) (1 << 3 | (mcs))
5276 run_write(sc, RT2860_LG_FBK_CFG0,
5277 OFDM(6) << 28 | /* 54->48 */
5278 OFDM(5) << 24 | /* 48->36 */
5279 OFDM(4) << 20 | /* 36->24 */
5280 OFDM(3) << 16 | /* 24->18 */
5281 OFDM(2) << 12 | /* 18->12 */
5282 OFDM(1) << 8 | /* 12-> 9 */
5283 OFDM(0) << 4 | /* 9-> 6 */
5284 OFDM(0)); /* 6-> 6 */
5285
5286 run_write(sc, RT2860_LG_FBK_CFG1,
5287 CCK(2) << 12 | /* 11->5.5 */
5288 CCK(1) << 8 | /* 5.5-> 2 */
5289 CCK(0) << 4 | /* 2-> 1 */
5290 CCK(0)); /* 1-> 1 */
5291 #undef OFDM
5292 #undef CCK
5293 }
5294
5295 static void
run_set_txpreamble(struct run_softc * sc)5296 run_set_txpreamble(struct run_softc *sc)
5297 {
5298 struct ieee80211com *ic = &sc->sc_ic;
5299 uint32_t tmp;
5300
5301 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5302 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5303 tmp |= RT2860_CCK_SHORT_EN;
5304 else
5305 tmp &= ~RT2860_CCK_SHORT_EN;
5306 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5307 }
5308
5309 static void
run_set_basicrates(struct run_softc * sc)5310 run_set_basicrates(struct run_softc *sc)
5311 {
5312 struct ieee80211com *ic = &sc->sc_ic;
5313
5314 /* set basic rates mask */
5315 if (ic->ic_curmode == IEEE80211_MODE_11B)
5316 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5317 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5318 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5319 else /* 11g */
5320 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5321 }
5322
5323 static void
run_set_leds(struct run_softc * sc,uint16_t which)5324 run_set_leds(struct run_softc *sc, uint16_t which)
5325 {
5326 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5327 which | (sc->leds & 0x7f));
5328 }
5329
5330 static void
run_set_bssid(struct run_softc * sc,const uint8_t * bssid)5331 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5332 {
5333 run_write(sc, RT2860_MAC_BSSID_DW0,
5334 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5335 run_write(sc, RT2860_MAC_BSSID_DW1,
5336 bssid[4] | bssid[5] << 8);
5337 }
5338
5339 static void
run_set_macaddr(struct run_softc * sc,const uint8_t * addr)5340 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5341 {
5342 run_write(sc, RT2860_MAC_ADDR_DW0,
5343 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5344 run_write(sc, RT2860_MAC_ADDR_DW1,
5345 addr[4] | addr[5] << 8 | 0xff << 16);
5346 }
5347
5348 static void
run_updateslot(struct ieee80211com * ic)5349 run_updateslot(struct ieee80211com *ic)
5350 {
5351 struct run_softc *sc = ic->ic_softc;
5352 uint32_t i;
5353
5354 i = RUN_CMDQ_GET(&sc->cmdq_store);
5355 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5356 sc->cmdq[i].func = run_updateslot_cb;
5357 sc->cmdq[i].arg0 = ic;
5358 ieee80211_runtask(ic, &sc->cmdq_task);
5359
5360 return;
5361 }
5362
5363 /* ARGSUSED */
5364 static void
run_updateslot_cb(void * arg)5365 run_updateslot_cb(void *arg)
5366 {
5367 struct ieee80211com *ic = arg;
5368 struct run_softc *sc = ic->ic_softc;
5369 uint32_t tmp;
5370
5371 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5372 tmp &= ~0xff;
5373 tmp |= IEEE80211_GET_SLOTTIME(ic);
5374 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5375 }
5376
5377 static void
run_update_mcast(struct ieee80211com * ic)5378 run_update_mcast(struct ieee80211com *ic)
5379 {
5380 }
5381
5382 static int8_t
run_rssi2dbm(struct run_softc * sc,uint8_t rssi,uint8_t rxchain)5383 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5384 {
5385 struct ieee80211com *ic = &sc->sc_ic;
5386 struct ieee80211_channel *c = ic->ic_curchan;
5387 int delta;
5388
5389 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5390 u_int chan = ieee80211_chan2ieee(ic, c);
5391 delta = sc->rssi_5ghz[rxchain];
5392
5393 /* determine channel group */
5394 if (chan <= 64)
5395 delta -= sc->lna[1];
5396 else if (chan <= 128)
5397 delta -= sc->lna[2];
5398 else
5399 delta -= sc->lna[3];
5400 } else
5401 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5402
5403 return (-12 - delta - rssi);
5404 }
5405
5406 static void
run_rt5390_bbp_init(struct run_softc * sc)5407 run_rt5390_bbp_init(struct run_softc *sc)
5408 {
5409 u_int i;
5410 uint8_t bbp;
5411
5412 /* Apply maximum likelihood detection for 2 stream case. */
5413 run_bbp_read(sc, 105, &bbp);
5414 if (sc->nrxchains > 1)
5415 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5416
5417 /* Avoid data lost and CRC error. */
5418 run_bbp_read(sc, 4, &bbp);
5419 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5420
5421 if (sc->mac_ver == 0x5592) {
5422 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5423 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5424 rt5592_def_bbp[i].val);
5425 }
5426 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5427 run_bbp_write(sc, 195, i + 0x80);
5428 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5429 }
5430 } else {
5431 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5432 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5433 rt5390_def_bbp[i].val);
5434 }
5435 }
5436 if (sc->mac_ver == 0x5392) {
5437 run_bbp_write(sc, 88, 0x90);
5438 run_bbp_write(sc, 95, 0x9a);
5439 run_bbp_write(sc, 98, 0x12);
5440 run_bbp_write(sc, 106, 0x12);
5441 run_bbp_write(sc, 134, 0xd0);
5442 run_bbp_write(sc, 135, 0xf6);
5443 run_bbp_write(sc, 148, 0x84);
5444 }
5445
5446 run_bbp_read(sc, 152, &bbp);
5447 run_bbp_write(sc, 152, bbp | 0x80);
5448
5449 /* Fix BBP254 for RT5592C. */
5450 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5451 run_bbp_read(sc, 254, &bbp);
5452 run_bbp_write(sc, 254, bbp | 0x80);
5453 }
5454
5455 /* Disable hardware antenna diversity. */
5456 if (sc->mac_ver == 0x5390)
5457 run_bbp_write(sc, 154, 0);
5458
5459 /* Initialize Rx CCK/OFDM frequency offset report. */
5460 run_bbp_write(sc, 142, 1);
5461 run_bbp_write(sc, 143, 57);
5462 }
5463
5464 static int
run_bbp_init(struct run_softc * sc)5465 run_bbp_init(struct run_softc *sc)
5466 {
5467 int i, error, ntries;
5468 uint8_t bbp0;
5469
5470 /* wait for BBP to wake up */
5471 for (ntries = 0; ntries < 20; ntries++) {
5472 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5473 return error;
5474 if (bbp0 != 0 && bbp0 != 0xff)
5475 break;
5476 }
5477 if (ntries == 20)
5478 return (ETIMEDOUT);
5479
5480 /* initialize BBP registers to default values */
5481 if (sc->mac_ver >= 0x5390)
5482 run_rt5390_bbp_init(sc);
5483 else {
5484 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5485 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5486 rt2860_def_bbp[i].val);
5487 }
5488 }
5489
5490 if (sc->mac_ver == 0x3593) {
5491 run_bbp_write(sc, 79, 0x13);
5492 run_bbp_write(sc, 80, 0x05);
5493 run_bbp_write(sc, 81, 0x33);
5494 run_bbp_write(sc, 86, 0x46);
5495 run_bbp_write(sc, 137, 0x0f);
5496 }
5497
5498 /* fix BBP84 for RT2860E */
5499 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5500 run_bbp_write(sc, 84, 0x19);
5501
5502 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5503 sc->mac_ver != 0x5592)) {
5504 run_bbp_write(sc, 79, 0x13);
5505 run_bbp_write(sc, 80, 0x05);
5506 run_bbp_write(sc, 81, 0x33);
5507 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5508 run_bbp_write(sc, 69, 0x16);
5509 run_bbp_write(sc, 73, 0x12);
5510 }
5511 return (0);
5512 }
5513
5514 static int
run_rt3070_rf_init(struct run_softc * sc)5515 run_rt3070_rf_init(struct run_softc *sc)
5516 {
5517 uint32_t tmp;
5518 uint8_t bbp4, mingain, rf, target;
5519 u_int i;
5520
5521 run_rt3070_rf_read(sc, 30, &rf);
5522 /* toggle RF R30 bit 7 */
5523 run_rt3070_rf_write(sc, 30, rf | 0x80);
5524 run_delay(sc, 10);
5525 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5526
5527 /* initialize RF registers to default value */
5528 if (sc->mac_ver == 0x3572) {
5529 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5530 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5531 rt3572_def_rf[i].val);
5532 }
5533 } else {
5534 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5535 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5536 rt3070_def_rf[i].val);
5537 }
5538 }
5539
5540 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5541 /*
5542 * Change voltage from 1.2V to 1.35V for RT3070.
5543 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5544 * in RT3070(F).
5545 */
5546 run_read(sc, RT3070_LDO_CFG0, &tmp);
5547 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5548 run_write(sc, RT3070_LDO_CFG0, tmp);
5549
5550 } else if (sc->mac_ver == 0x3071) {
5551 run_rt3070_rf_read(sc, 6, &rf);
5552 run_rt3070_rf_write(sc, 6, rf | 0x40);
5553 run_rt3070_rf_write(sc, 31, 0x14);
5554
5555 run_read(sc, RT3070_LDO_CFG0, &tmp);
5556 tmp &= ~0x1f000000;
5557 if (sc->mac_rev < 0x0211)
5558 tmp |= 0x0d000000; /* 1.3V */
5559 else
5560 tmp |= 0x01000000; /* 1.2V */
5561 run_write(sc, RT3070_LDO_CFG0, tmp);
5562
5563 /* patch LNA_PE_G1 */
5564 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5565 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5566
5567 } else if (sc->mac_ver == 0x3572) {
5568 run_rt3070_rf_read(sc, 6, &rf);
5569 run_rt3070_rf_write(sc, 6, rf | 0x40);
5570
5571 /* increase voltage from 1.2V to 1.35V */
5572 run_read(sc, RT3070_LDO_CFG0, &tmp);
5573 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5574 run_write(sc, RT3070_LDO_CFG0, tmp);
5575
5576 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5577 run_delay(sc, 1); /* wait for 1msec */
5578 /* decrease voltage back to 1.2V */
5579 tmp = (tmp & ~0x1f000000) | 0x01000000;
5580 run_write(sc, RT3070_LDO_CFG0, tmp);
5581 }
5582 }
5583
5584 /* select 20MHz bandwidth */
5585 run_rt3070_rf_read(sc, 31, &rf);
5586 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5587
5588 /* calibrate filter for 20MHz bandwidth */
5589 sc->rf24_20mhz = 0x1f; /* default value */
5590 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5591 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5592
5593 /* select 40MHz bandwidth */
5594 run_bbp_read(sc, 4, &bbp4);
5595 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5596 run_rt3070_rf_read(sc, 31, &rf);
5597 run_rt3070_rf_write(sc, 31, rf | 0x20);
5598
5599 /* calibrate filter for 40MHz bandwidth */
5600 sc->rf24_40mhz = 0x2f; /* default value */
5601 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5602 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5603
5604 /* go back to 20MHz bandwidth */
5605 run_bbp_read(sc, 4, &bbp4);
5606 run_bbp_write(sc, 4, bbp4 & ~0x18);
5607
5608 if (sc->mac_ver == 0x3572) {
5609 /* save default BBP registers 25 and 26 values */
5610 run_bbp_read(sc, 25, &sc->bbp25);
5611 run_bbp_read(sc, 26, &sc->bbp26);
5612 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5613 run_rt3070_rf_write(sc, 27, 0x03);
5614
5615 run_read(sc, RT3070_OPT_14, &tmp);
5616 run_write(sc, RT3070_OPT_14, tmp | 1);
5617
5618 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5619 run_rt3070_rf_read(sc, 17, &rf);
5620 rf &= ~RT3070_TX_LO1;
5621 if ((sc->mac_ver == 0x3070 ||
5622 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5623 !sc->ext_2ghz_lna)
5624 rf |= 0x20; /* fix for long range Rx issue */
5625 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5626 if (sc->txmixgain_2ghz >= mingain)
5627 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5628 run_rt3070_rf_write(sc, 17, rf);
5629 }
5630
5631 if (sc->mac_ver == 0x3071) {
5632 run_rt3070_rf_read(sc, 1, &rf);
5633 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5634 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5635 run_rt3070_rf_write(sc, 1, rf);
5636
5637 run_rt3070_rf_read(sc, 15, &rf);
5638 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5639
5640 run_rt3070_rf_read(sc, 20, &rf);
5641 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5642
5643 run_rt3070_rf_read(sc, 21, &rf);
5644 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5645 }
5646
5647 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5648 /* fix Tx to Rx IQ glitch by raising RF voltage */
5649 run_rt3070_rf_read(sc, 27, &rf);
5650 rf &= ~0x77;
5651 if (sc->mac_rev < 0x0211)
5652 rf |= 0x03;
5653 run_rt3070_rf_write(sc, 27, rf);
5654 }
5655 return (0);
5656 }
5657
5658 static void
run_rt3593_rf_init(struct run_softc * sc)5659 run_rt3593_rf_init(struct run_softc *sc)
5660 {
5661 uint32_t tmp;
5662 uint8_t rf;
5663 u_int i;
5664
5665 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5666 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5667 tmp &= ~(1 << 4 | 1 << 7);
5668 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5669
5670 /* Initialize RF registers to default value. */
5671 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5672 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5673 rt3593_def_rf[i].val);
5674 }
5675
5676 /* Toggle RF R2 to initiate calibration. */
5677 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5678
5679 /* Initialize RF frequency offset. */
5680 run_adjust_freq_offset(sc);
5681
5682 run_rt3070_rf_read(sc, 18, &rf);
5683 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5684
5685 /*
5686 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5687 * decrease voltage back to 1.2V.
5688 */
5689 run_read(sc, RT3070_LDO_CFG0, &tmp);
5690 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5691 run_write(sc, RT3070_LDO_CFG0, tmp);
5692 run_delay(sc, 1);
5693 tmp = (tmp & ~0x1f000000) | 0x01000000;
5694 run_write(sc, RT3070_LDO_CFG0, tmp);
5695
5696 sc->rf24_20mhz = 0x1f;
5697 sc->rf24_40mhz = 0x2f;
5698
5699 /* Save default BBP registers 25 and 26 values. */
5700 run_bbp_read(sc, 25, &sc->bbp25);
5701 run_bbp_read(sc, 26, &sc->bbp26);
5702
5703 run_read(sc, RT3070_OPT_14, &tmp);
5704 run_write(sc, RT3070_OPT_14, tmp | 1);
5705 }
5706
5707 static void
run_rt5390_rf_init(struct run_softc * sc)5708 run_rt5390_rf_init(struct run_softc *sc)
5709 {
5710 uint32_t tmp;
5711 uint8_t rf;
5712 u_int i;
5713
5714 /* Toggle RF R2 to initiate calibration. */
5715 if (sc->mac_ver == 0x5390) {
5716 run_rt3070_rf_read(sc, 2, &rf);
5717 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5718 run_delay(sc, 10);
5719 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5720 } else {
5721 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5722 run_delay(sc, 10);
5723 }
5724
5725 /* Initialize RF registers to default value. */
5726 if (sc->mac_ver == 0x5592) {
5727 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5728 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5729 rt5592_def_rf[i].val);
5730 }
5731 /* Initialize RF frequency offset. */
5732 run_adjust_freq_offset(sc);
5733 } else if (sc->mac_ver == 0x5392) {
5734 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5735 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5736 rt5392_def_rf[i].val);
5737 }
5738 if (sc->mac_rev >= 0x0223) {
5739 run_rt3070_rf_write(sc, 23, 0x0f);
5740 run_rt3070_rf_write(sc, 24, 0x3e);
5741 run_rt3070_rf_write(sc, 51, 0x32);
5742 run_rt3070_rf_write(sc, 53, 0x22);
5743 run_rt3070_rf_write(sc, 56, 0xc1);
5744 run_rt3070_rf_write(sc, 59, 0x0f);
5745 }
5746 } else {
5747 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5748 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5749 rt5390_def_rf[i].val);
5750 }
5751 if (sc->mac_rev >= 0x0502) {
5752 run_rt3070_rf_write(sc, 6, 0xe0);
5753 run_rt3070_rf_write(sc, 25, 0x80);
5754 run_rt3070_rf_write(sc, 46, 0x73);
5755 run_rt3070_rf_write(sc, 53, 0x00);
5756 run_rt3070_rf_write(sc, 56, 0x42);
5757 run_rt3070_rf_write(sc, 61, 0xd1);
5758 }
5759 }
5760
5761 sc->rf24_20mhz = 0x1f; /* default value */
5762 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5763
5764 if (sc->mac_rev < 0x0211)
5765 run_rt3070_rf_write(sc, 27, 0x3);
5766
5767 run_read(sc, RT3070_OPT_14, &tmp);
5768 run_write(sc, RT3070_OPT_14, tmp | 1);
5769 }
5770
5771 static int
run_rt3070_filter_calib(struct run_softc * sc,uint8_t init,uint8_t target,uint8_t * val)5772 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5773 uint8_t *val)
5774 {
5775 uint8_t rf22, rf24;
5776 uint8_t bbp55_pb, bbp55_sb, delta;
5777 int ntries;
5778
5779 /* program filter */
5780 run_rt3070_rf_read(sc, 24, &rf24);
5781 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5782 run_rt3070_rf_write(sc, 24, rf24);
5783
5784 /* enable baseband loopback mode */
5785 run_rt3070_rf_read(sc, 22, &rf22);
5786 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5787
5788 /* set power and frequency of passband test tone */
5789 run_bbp_write(sc, 24, 0x00);
5790 for (ntries = 0; ntries < 100; ntries++) {
5791 /* transmit test tone */
5792 run_bbp_write(sc, 25, 0x90);
5793 run_delay(sc, 10);
5794 /* read received power */
5795 run_bbp_read(sc, 55, &bbp55_pb);
5796 if (bbp55_pb != 0)
5797 break;
5798 }
5799 if (ntries == 100)
5800 return (ETIMEDOUT);
5801
5802 /* set power and frequency of stopband test tone */
5803 run_bbp_write(sc, 24, 0x06);
5804 for (ntries = 0; ntries < 100; ntries++) {
5805 /* transmit test tone */
5806 run_bbp_write(sc, 25, 0x90);
5807 run_delay(sc, 10);
5808 /* read received power */
5809 run_bbp_read(sc, 55, &bbp55_sb);
5810
5811 delta = bbp55_pb - bbp55_sb;
5812 if (delta > target)
5813 break;
5814
5815 /* reprogram filter */
5816 rf24++;
5817 run_rt3070_rf_write(sc, 24, rf24);
5818 }
5819 if (ntries < 100) {
5820 if (rf24 != init)
5821 rf24--; /* backtrack */
5822 *val = rf24;
5823 run_rt3070_rf_write(sc, 24, rf24);
5824 }
5825
5826 /* restore initial state */
5827 run_bbp_write(sc, 24, 0x00);
5828
5829 /* disable baseband loopback mode */
5830 run_rt3070_rf_read(sc, 22, &rf22);
5831 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5832
5833 return (0);
5834 }
5835
5836 static void
run_rt3070_rf_setup(struct run_softc * sc)5837 run_rt3070_rf_setup(struct run_softc *sc)
5838 {
5839 uint8_t bbp, rf;
5840 int i;
5841
5842 if (sc->mac_ver == 0x3572) {
5843 /* enable DC filter */
5844 if (sc->mac_rev >= 0x0201)
5845 run_bbp_write(sc, 103, 0xc0);
5846
5847 run_bbp_read(sc, 138, &bbp);
5848 if (sc->ntxchains == 1)
5849 bbp |= 0x20; /* turn off DAC1 */
5850 if (sc->nrxchains == 1)
5851 bbp &= ~0x02; /* turn off ADC1 */
5852 run_bbp_write(sc, 138, bbp);
5853
5854 if (sc->mac_rev >= 0x0211) {
5855 /* improve power consumption */
5856 run_bbp_read(sc, 31, &bbp);
5857 run_bbp_write(sc, 31, bbp & ~0x03);
5858 }
5859
5860 run_rt3070_rf_read(sc, 16, &rf);
5861 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5862 run_rt3070_rf_write(sc, 16, rf);
5863
5864 } else if (sc->mac_ver == 0x3071) {
5865 if (sc->mac_rev >= 0x0211) {
5866 /* enable DC filter */
5867 run_bbp_write(sc, 103, 0xc0);
5868
5869 /* improve power consumption */
5870 run_bbp_read(sc, 31, &bbp);
5871 run_bbp_write(sc, 31, bbp & ~0x03);
5872 }
5873
5874 run_bbp_read(sc, 138, &bbp);
5875 if (sc->ntxchains == 1)
5876 bbp |= 0x20; /* turn off DAC1 */
5877 if (sc->nrxchains == 1)
5878 bbp &= ~0x02; /* turn off ADC1 */
5879 run_bbp_write(sc, 138, bbp);
5880
5881 run_write(sc, RT2860_TX_SW_CFG1, 0);
5882 if (sc->mac_rev < 0x0211) {
5883 run_write(sc, RT2860_TX_SW_CFG2,
5884 sc->patch_dac ? 0x2c : 0x0f);
5885 } else
5886 run_write(sc, RT2860_TX_SW_CFG2, 0);
5887
5888 } else if (sc->mac_ver == 0x3070) {
5889 if (sc->mac_rev >= 0x0201) {
5890 /* enable DC filter */
5891 run_bbp_write(sc, 103, 0xc0);
5892
5893 /* improve power consumption */
5894 run_bbp_read(sc, 31, &bbp);
5895 run_bbp_write(sc, 31, bbp & ~0x03);
5896 }
5897
5898 if (sc->mac_rev < 0x0201) {
5899 run_write(sc, RT2860_TX_SW_CFG1, 0);
5900 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5901 } else
5902 run_write(sc, RT2860_TX_SW_CFG2, 0);
5903 }
5904
5905 /* initialize RF registers from ROM for >=RT3071*/
5906 if (sc->mac_ver >= 0x3071) {
5907 for (i = 0; i < 10; i++) {
5908 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5909 continue;
5910 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5911 }
5912 }
5913 }
5914
5915 static void
run_rt3593_rf_setup(struct run_softc * sc)5916 run_rt3593_rf_setup(struct run_softc *sc)
5917 {
5918 uint8_t bbp, rf;
5919
5920 if (sc->mac_rev >= 0x0211) {
5921 /* Enable DC filter. */
5922 run_bbp_write(sc, 103, 0xc0);
5923 }
5924 run_write(sc, RT2860_TX_SW_CFG1, 0);
5925 if (sc->mac_rev < 0x0211) {
5926 run_write(sc, RT2860_TX_SW_CFG2,
5927 sc->patch_dac ? 0x2c : 0x0f);
5928 } else
5929 run_write(sc, RT2860_TX_SW_CFG2, 0);
5930
5931 run_rt3070_rf_read(sc, 50, &rf);
5932 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5933
5934 run_rt3070_rf_read(sc, 51, &rf);
5935 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5936 ((sc->txmixgain_2ghz & 0x07) << 2);
5937 run_rt3070_rf_write(sc, 51, rf);
5938
5939 run_rt3070_rf_read(sc, 38, &rf);
5940 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5941
5942 run_rt3070_rf_read(sc, 39, &rf);
5943 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5944
5945 run_rt3070_rf_read(sc, 1, &rf);
5946 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5947
5948 run_rt3070_rf_read(sc, 30, &rf);
5949 rf = (rf & ~0x18) | 0x10;
5950 run_rt3070_rf_write(sc, 30, rf);
5951
5952 /* Apply maximum likelihood detection for 2 stream case. */
5953 run_bbp_read(sc, 105, &bbp);
5954 if (sc->nrxchains > 1)
5955 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5956
5957 /* Avoid data lost and CRC error. */
5958 run_bbp_read(sc, 4, &bbp);
5959 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5960
5961 run_bbp_write(sc, 92, 0x02);
5962 run_bbp_write(sc, 82, 0x82);
5963 run_bbp_write(sc, 106, 0x05);
5964 run_bbp_write(sc, 104, 0x92);
5965 run_bbp_write(sc, 88, 0x90);
5966 run_bbp_write(sc, 148, 0xc8);
5967 run_bbp_write(sc, 47, 0x48);
5968 run_bbp_write(sc, 120, 0x50);
5969
5970 run_bbp_write(sc, 163, 0x9d);
5971
5972 /* SNR mapping. */
5973 run_bbp_write(sc, 142, 0x06);
5974 run_bbp_write(sc, 143, 0xa0);
5975 run_bbp_write(sc, 142, 0x07);
5976 run_bbp_write(sc, 143, 0xa1);
5977 run_bbp_write(sc, 142, 0x08);
5978 run_bbp_write(sc, 143, 0xa2);
5979
5980 run_bbp_write(sc, 31, 0x08);
5981 run_bbp_write(sc, 68, 0x0b);
5982 run_bbp_write(sc, 105, 0x04);
5983 }
5984
5985 static void
run_rt5390_rf_setup(struct run_softc * sc)5986 run_rt5390_rf_setup(struct run_softc *sc)
5987 {
5988 uint8_t bbp, rf;
5989
5990 if (sc->mac_rev >= 0x0211) {
5991 /* Enable DC filter. */
5992 run_bbp_write(sc, 103, 0xc0);
5993
5994 if (sc->mac_ver != 0x5592) {
5995 /* Improve power consumption. */
5996 run_bbp_read(sc, 31, &bbp);
5997 run_bbp_write(sc, 31, bbp & ~0x03);
5998 }
5999 }
6000
6001 run_bbp_read(sc, 138, &bbp);
6002 if (sc->ntxchains == 1)
6003 bbp |= 0x20; /* turn off DAC1 */
6004 if (sc->nrxchains == 1)
6005 bbp &= ~0x02; /* turn off ADC1 */
6006 run_bbp_write(sc, 138, bbp);
6007
6008 run_rt3070_rf_read(sc, 38, &rf);
6009 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
6010
6011 run_rt3070_rf_read(sc, 39, &rf);
6012 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
6013
6014 /* Avoid data lost and CRC error. */
6015 run_bbp_read(sc, 4, &bbp);
6016 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
6017
6018 run_rt3070_rf_read(sc, 30, &rf);
6019 rf = (rf & ~0x18) | 0x10;
6020 run_rt3070_rf_write(sc, 30, rf);
6021
6022 if (sc->mac_ver != 0x5592) {
6023 run_write(sc, RT2860_TX_SW_CFG1, 0);
6024 if (sc->mac_rev < 0x0211) {
6025 run_write(sc, RT2860_TX_SW_CFG2,
6026 sc->patch_dac ? 0x2c : 0x0f);
6027 } else
6028 run_write(sc, RT2860_TX_SW_CFG2, 0);
6029 }
6030 }
6031
6032 static int
run_txrx_enable(struct run_softc * sc)6033 run_txrx_enable(struct run_softc *sc)
6034 {
6035 struct ieee80211com *ic = &sc->sc_ic;
6036 uint32_t tmp;
6037 int error, ntries;
6038
6039 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
6040 for (ntries = 0; ntries < 200; ntries++) {
6041 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
6042 return (error);
6043 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6044 break;
6045 run_delay(sc, 50);
6046 }
6047 if (ntries == 200)
6048 return (ETIMEDOUT);
6049
6050 run_delay(sc, 50);
6051
6052 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
6053 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6054
6055 /* enable Rx bulk aggregation (set timeout and limit) */
6056 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
6057 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
6058 run_write(sc, RT2860_USB_DMA_CFG, tmp);
6059
6060 /* set Rx filter */
6061 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
6062 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
6063 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
6064 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
6065 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
6066 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
6067 if (ic->ic_opmode == IEEE80211_M_STA)
6068 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
6069 }
6070 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
6071
6072 run_write(sc, RT2860_MAC_SYS_CTRL,
6073 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6074
6075 return (0);
6076 }
6077
6078 static void
run_adjust_freq_offset(struct run_softc * sc)6079 run_adjust_freq_offset(struct run_softc *sc)
6080 {
6081 uint8_t rf, tmp;
6082
6083 run_rt3070_rf_read(sc, 17, &rf);
6084 tmp = rf;
6085 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
6086 rf = MIN(rf, 0x5f);
6087
6088 if (tmp != rf)
6089 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
6090 }
6091
6092 static void
run_init_locked(struct run_softc * sc)6093 run_init_locked(struct run_softc *sc)
6094 {
6095 struct ieee80211com *ic = &sc->sc_ic;
6096 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6097 uint32_t tmp;
6098 uint8_t bbp1, bbp3;
6099 int i;
6100 int ridx;
6101 int ntries;
6102
6103 if (ic->ic_nrunning > 1)
6104 return;
6105
6106 run_stop(sc);
6107
6108 if (run_load_microcode(sc) != 0) {
6109 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
6110 goto fail;
6111 }
6112
6113 for (ntries = 0; ntries < 100; ntries++) {
6114 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
6115 goto fail;
6116 if (tmp != 0 && tmp != 0xffffffff)
6117 break;
6118 run_delay(sc, 10);
6119 }
6120 if (ntries == 100)
6121 goto fail;
6122
6123 for (i = 0; i != RUN_EP_QUEUES; i++)
6124 run_setup_tx_list(sc, &sc->sc_epq[i]);
6125
6126 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
6127
6128 for (ntries = 0; ntries < 100; ntries++) {
6129 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6130 goto fail;
6131 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6132 break;
6133 run_delay(sc, 10);
6134 }
6135 if (ntries == 100) {
6136 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6137 goto fail;
6138 }
6139 tmp &= 0xff0;
6140 tmp |= RT2860_TX_WB_DDONE;
6141 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6142
6143 /* turn off PME_OEN to solve high-current issue */
6144 run_read(sc, RT2860_SYS_CTRL, &tmp);
6145 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6146
6147 run_write(sc, RT2860_MAC_SYS_CTRL,
6148 RT2860_BBP_HRST | RT2860_MAC_SRST);
6149 run_write(sc, RT2860_USB_DMA_CFG, 0);
6150
6151 if (run_reset(sc) != 0) {
6152 device_printf(sc->sc_dev, "could not reset chipset\n");
6153 goto fail;
6154 }
6155
6156 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6157
6158 /* init Tx power for all Tx rates (from EEPROM) */
6159 for (ridx = 0; ridx < 5; ridx++) {
6160 if (sc->txpow20mhz[ridx] == 0xffffffff)
6161 continue;
6162 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6163 }
6164
6165 for (i = 0; i < nitems(rt2870_def_mac); i++)
6166 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6167 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6168 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6169 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6170
6171 if (sc->mac_ver >= 0x5390) {
6172 run_write(sc, RT2860_TX_SW_CFG0,
6173 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6174 if (sc->mac_ver >= 0x5392) {
6175 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6176 if (sc->mac_ver == 0x5592) {
6177 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6178 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6179 } else {
6180 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6181 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6182 }
6183 }
6184 } else if (sc->mac_ver == 0x3593) {
6185 run_write(sc, RT2860_TX_SW_CFG0,
6186 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6187 } else if (sc->mac_ver >= 0x3070) {
6188 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6189 run_write(sc, RT2860_TX_SW_CFG0,
6190 4 << RT2860_DLY_PAPE_EN_SHIFT);
6191 }
6192
6193 /* wait while MAC is busy */
6194 for (ntries = 0; ntries < 100; ntries++) {
6195 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6196 goto fail;
6197 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6198 break;
6199 run_delay(sc, 10);
6200 }
6201 if (ntries == 100)
6202 goto fail;
6203
6204 /* clear Host to MCU mailbox */
6205 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6206 run_write(sc, RT2860_H2M_MAILBOX, 0);
6207 run_delay(sc, 10);
6208
6209 if (run_bbp_init(sc) != 0) {
6210 device_printf(sc->sc_dev, "could not initialize BBP\n");
6211 goto fail;
6212 }
6213
6214 /* abort TSF synchronization */
6215 run_disable_tsf(sc);
6216
6217 /* clear RX WCID search table */
6218 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6219 /* clear WCID attribute table */
6220 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6221
6222 /* hostapd sets a key before init. So, don't clear it. */
6223 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6224 /* clear shared key table */
6225 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6226 /* clear shared key mode */
6227 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6228 }
6229
6230 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6231 tmp = (tmp & ~0xff) | 0x1e;
6232 run_write(sc, RT2860_US_CYC_CNT, tmp);
6233
6234 if (sc->mac_rev != 0x0101)
6235 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6236
6237 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6238 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6239
6240 /* write vendor-specific BBP values (from EEPROM) */
6241 if (sc->mac_ver < 0x3593) {
6242 for (i = 0; i < 10; i++) {
6243 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6244 continue;
6245 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6246 }
6247 }
6248
6249 /* select Main antenna for 1T1R devices */
6250 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6251 run_set_rx_antenna(sc, 0);
6252
6253 /* send LEDs operating mode to microcontroller */
6254 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6255 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6256 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6257
6258 if (sc->mac_ver >= 0x5390)
6259 run_rt5390_rf_init(sc);
6260 else if (sc->mac_ver == 0x3593)
6261 run_rt3593_rf_init(sc);
6262 else if (sc->mac_ver >= 0x3070)
6263 run_rt3070_rf_init(sc);
6264
6265 /* disable non-existing Rx chains */
6266 run_bbp_read(sc, 3, &bbp3);
6267 bbp3 &= ~(1 << 3 | 1 << 4);
6268 if (sc->nrxchains == 2)
6269 bbp3 |= 1 << 3;
6270 else if (sc->nrxchains == 3)
6271 bbp3 |= 1 << 4;
6272 run_bbp_write(sc, 3, bbp3);
6273
6274 /* disable non-existing Tx chains */
6275 run_bbp_read(sc, 1, &bbp1);
6276 if (sc->ntxchains == 1)
6277 bbp1 &= ~(1 << 3 | 1 << 4);
6278 run_bbp_write(sc, 1, bbp1);
6279
6280 if (sc->mac_ver >= 0x5390)
6281 run_rt5390_rf_setup(sc);
6282 else if (sc->mac_ver == 0x3593)
6283 run_rt3593_rf_setup(sc);
6284 else if (sc->mac_ver >= 0x3070)
6285 run_rt3070_rf_setup(sc);
6286
6287 /* select default channel */
6288 run_set_chan(sc, ic->ic_curchan);
6289
6290 /* setup initial protection mode */
6291 run_updateprot_cb(ic);
6292
6293 /* turn radio LED on */
6294 run_set_leds(sc, RT2860_LED_RADIO);
6295
6296 /* Set up AUTO_RSP_CFG register for auto response */
6297 run_write(sc, RT2860_AUTO_RSP_CFG, RT2860_AUTO_RSP_EN |
6298 RT2860_BAC_ACKPOLICY_EN | RT2860_CTS_40M_MODE_EN);
6299
6300 sc->sc_flags |= RUN_RUNNING;
6301 sc->cmdq_run = RUN_CMDQ_GO;
6302
6303 for (i = 0; i != RUN_N_XFER; i++)
6304 usbd_xfer_set_stall(sc->sc_xfer[i]);
6305
6306 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6307
6308 if (run_txrx_enable(sc) != 0)
6309 goto fail;
6310
6311 return;
6312
6313 fail:
6314 run_stop(sc);
6315 }
6316
6317 static void
run_stop(void * arg)6318 run_stop(void *arg)
6319 {
6320 struct run_softc *sc = (struct run_softc *)arg;
6321 uint32_t tmp;
6322 int i;
6323 int ntries;
6324
6325 RUN_LOCK_ASSERT(sc, MA_OWNED);
6326
6327 if (sc->sc_flags & RUN_RUNNING)
6328 run_set_leds(sc, 0); /* turn all LEDs off */
6329
6330 sc->sc_flags &= ~RUN_RUNNING;
6331
6332 sc->ratectl_run = RUN_RATECTL_OFF;
6333 sc->cmdq_run = sc->cmdq_key_set;
6334
6335 RUN_UNLOCK(sc);
6336
6337 for(i = 0; i < RUN_N_XFER; i++)
6338 usbd_transfer_drain(sc->sc_xfer[i]);
6339
6340 RUN_LOCK(sc);
6341
6342 run_drain_mbufq(sc);
6343
6344 if (sc->rx_m != NULL) {
6345 m_free(sc->rx_m);
6346 sc->rx_m = NULL;
6347 }
6348
6349 /* Disable Tx/Rx DMA. */
6350 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6351 return;
6352 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6353 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6354
6355 for (ntries = 0; ntries < 100; ntries++) {
6356 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6357 return;
6358 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6359 break;
6360 run_delay(sc, 10);
6361 }
6362 if (ntries == 100) {
6363 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6364 return;
6365 }
6366
6367 /* disable Tx/Rx */
6368 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6369 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6370 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6371
6372 /* wait for pending Tx to complete */
6373 for (ntries = 0; ntries < 100; ntries++) {
6374 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6375 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6376 "Cannot read Tx queue count\n");
6377 break;
6378 }
6379 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6380 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6381 "All Tx cleared\n");
6382 break;
6383 }
6384 run_delay(sc, 10);
6385 }
6386 if (ntries >= 100)
6387 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6388 "There are still pending Tx\n");
6389 run_delay(sc, 10);
6390 run_write(sc, RT2860_USB_DMA_CFG, 0);
6391
6392 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6393 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6394
6395 for (i = 0; i != RUN_EP_QUEUES; i++)
6396 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6397 }
6398
6399 static void
run_delay(struct run_softc * sc,u_int ms)6400 run_delay(struct run_softc *sc, u_int ms)
6401 {
6402 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6403 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6404 }
6405
6406 static void
run_update_chw(struct ieee80211com * ic)6407 run_update_chw(struct ieee80211com *ic)
6408 {
6409
6410 printf("%s: TODO\n", __func__);
6411 }
6412
6413 static int
run_ampdu_enable(struct ieee80211_node * ni,struct ieee80211_tx_ampdu * tap)6414 run_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
6415 {
6416
6417 /* For now, no A-MPDU TX support in the driver */
6418 return (0);
6419 }
6420
6421 static device_method_t run_methods[] = {
6422 /* Device interface */
6423 DEVMETHOD(device_probe, run_match),
6424 DEVMETHOD(device_attach, run_attach),
6425 DEVMETHOD(device_detach, run_detach),
6426 DEVMETHOD_END
6427 };
6428
6429 static driver_t run_driver = {
6430 .name = "run",
6431 .methods = run_methods,
6432 .size = sizeof(struct run_softc)
6433 };
6434
6435 DRIVER_MODULE(run, uhub, run_driver, run_driver_loaded, NULL);
6436 MODULE_DEPEND(run, wlan, 1, 1, 1);
6437 MODULE_DEPEND(run, usb, 1, 1, 1);
6438 MODULE_DEPEND(run, firmware, 1, 1, 1);
6439 MODULE_VERSION(run, 1);
6440 USB_PNP_HOST_INFO(run_devs);
6441