1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 * 19 * $FreeBSD: head/sys/dev/usb/wlan/if_run.c 270643 2014-08-26 02:20:37Z kevlo $ 20 */ 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mbuf.h> 32 #include <sys/kernel.h> 33 #include <sys/socket.h> 34 #include <sys/systm.h> 35 #include <sys/malloc.h> 36 #include <sys/module.h> 37 #include <sys/bus.h> 38 #include <sys/endian.h> 39 #include <sys/linker.h> 40 #include <sys/firmware.h> 41 42 #include <sys/rman.h> 43 44 #include <net/bpf.h> 45 #include <net/if.h> 46 #include <net/if_var.h> 47 #include <net/if_arp.h> 48 #include <net/ethernet.h> 49 #include <net/if_dl.h> 50 #include <net/if_media.h> 51 #include <net/if_types.h> 52 #include <net/ifq_var.h> 53 54 #include <netinet/in.h> 55 #include <netinet/in_systm.h> 56 #include <netinet/in_var.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip.h> 59 60 #include <netproto/802_11/ieee80211_var.h> 61 #include <netproto/802_11/ieee80211_regdomain.h> 62 #include <netproto/802_11/ieee80211_radiotap.h> 63 #include <netproto/802_11/ieee80211_ratectl.h> 64 65 #include <bus/u4b/usb.h> 66 #include <bus/u4b/usbdi.h> 67 #include "usbdevs.h" 68 69 #define USB_DEBUG_VAR run_debug 70 #include <bus/u4b/usb_debug.h> 71 #include <bus/u4b/usb_msctest.h> 72 73 #include <bus/u4b/wlan/if_runreg.h> 74 #include <bus/u4b/wlan/if_runvar.h> 75 76 #ifdef USB_DEBUG 77 #define RUN_DEBUG 78 #endif 79 80 #ifdef RUN_DEBUG 81 int run_debug = 0; 82 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 83 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 84 "run debug level"); 85 #endif 86 87 #define IEEE80211_HAS_ADDR4(wh) \ 88 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 89 90 /* 91 * Because of LOR in run_key_delete(), use atomic instead. 92 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 93 */ 94 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 95 96 static const STRUCT_USB_HOST_ID run_devs[] = { 97 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 98 #define RUN_DEV_EJECT(v,p) \ 99 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 100 #define RUN_EJECT 1 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS, USBN66), 140 RUN_DEV(ASUS, USB_N53), 141 RUN_DEV(ASUS2, USBN11), 142 RUN_DEV(AZUREWAVE, RT2870_1), 143 RUN_DEV(AZUREWAVE, RT2870_2), 144 RUN_DEV(AZUREWAVE, RT3070_1), 145 RUN_DEV(AZUREWAVE, RT3070_2), 146 RUN_DEV(AZUREWAVE, RT3070_3), 147 RUN_DEV(BELKIN, F9L1103), 148 RUN_DEV(BELKIN, F5D8053V3), 149 RUN_DEV(BELKIN, F5D8055), 150 RUN_DEV(BELKIN, F5D8055V2), 151 RUN_DEV(BELKIN, F6D4050V1), 152 RUN_DEV(BELKIN, F6D4050V2), 153 RUN_DEV(BELKIN, RT2870_1), 154 RUN_DEV(BELKIN, RT2870_2), 155 RUN_DEV(CISCOLINKSYS, AE1000), 156 RUN_DEV(CISCOLINKSYS2, RT3070), 157 RUN_DEV(CISCOLINKSYS3, RT3070), 158 RUN_DEV(CONCEPTRONIC2, RT2870_1), 159 RUN_DEV(CONCEPTRONIC2, RT2870_2), 160 RUN_DEV(CONCEPTRONIC2, RT2870_3), 161 RUN_DEV(CONCEPTRONIC2, RT2870_4), 162 RUN_DEV(CONCEPTRONIC2, RT2870_5), 163 RUN_DEV(CONCEPTRONIC2, RT2870_6), 164 RUN_DEV(CONCEPTRONIC2, RT2870_7), 165 RUN_DEV(CONCEPTRONIC2, RT2870_8), 166 RUN_DEV(CONCEPTRONIC2, RT3070_1), 167 RUN_DEV(CONCEPTRONIC2, RT3070_2), 168 RUN_DEV(CONCEPTRONIC2, VIGORN61), 169 RUN_DEV(COREGA, CGWLUSB300GNM), 170 RUN_DEV(COREGA, RT2870_1), 171 RUN_DEV(COREGA, RT2870_2), 172 RUN_DEV(COREGA, RT2870_3), 173 RUN_DEV(COREGA, RT3070), 174 RUN_DEV(CYBERTAN, RT2870), 175 RUN_DEV(DLINK, RT2870), 176 RUN_DEV(DLINK, RT3072), 177 RUN_DEV(DLINK, DWA127), 178 RUN_DEV(DLINK, DWA140B3), 179 RUN_DEV(DLINK, DWA160B2), 180 RUN_DEV(DLINK, DWA140D1), 181 RUN_DEV(DLINK, DWA162), 182 RUN_DEV(DLINK2, DWA130), 183 RUN_DEV(DLINK2, RT2870_1), 184 RUN_DEV(DLINK2, RT2870_2), 185 RUN_DEV(DLINK2, RT3070_1), 186 RUN_DEV(DLINK2, RT3070_2), 187 RUN_DEV(DLINK2, RT3070_3), 188 RUN_DEV(DLINK2, RT3070_4), 189 RUN_DEV(DLINK2, RT3070_5), 190 RUN_DEV(DLINK2, RT3072), 191 RUN_DEV(DLINK2, RT3072_1), 192 RUN_DEV(EDIMAX, EW7717), 193 RUN_DEV(EDIMAX, EW7718), 194 RUN_DEV(EDIMAX, EW7733UND), 195 RUN_DEV(EDIMAX, RT2870_1), 196 RUN_DEV(ENCORE, RT3070_1), 197 RUN_DEV(ENCORE, RT3070_2), 198 RUN_DEV(ENCORE, RT3070_3), 199 RUN_DEV(GIGABYTE, GNWB31N), 200 RUN_DEV(GIGABYTE, GNWB32L), 201 RUN_DEV(GIGABYTE, RT2870_1), 202 RUN_DEV(GIGASET, RT3070_1), 203 RUN_DEV(GIGASET, RT3070_2), 204 RUN_DEV(GUILLEMOT, HWNU300), 205 RUN_DEV(HAWKING, HWUN2), 206 RUN_DEV(HAWKING, RT2870_1), 207 RUN_DEV(HAWKING, RT2870_2), 208 RUN_DEV(HAWKING, RT3070), 209 RUN_DEV(IODATA, RT3072_1), 210 RUN_DEV(IODATA, RT3072_2), 211 RUN_DEV(IODATA, RT3072_3), 212 RUN_DEV(IODATA, RT3072_4), 213 RUN_DEV(LINKSYS4, RT3070), 214 RUN_DEV(LINKSYS4, WUSB100), 215 RUN_DEV(LINKSYS4, WUSB54GCV3), 216 RUN_DEV(LINKSYS4, WUSB600N), 217 RUN_DEV(LINKSYS4, WUSB600NV2), 218 RUN_DEV(LOGITEC, RT2870_1), 219 RUN_DEV(LOGITEC, RT2870_2), 220 RUN_DEV(LOGITEC, RT2870_3), 221 RUN_DEV(LOGITEC, LANW300NU2), 222 RUN_DEV(LOGITEC, LANW150NU2), 223 RUN_DEV(LOGITEC, LANW300NU2S), 224 RUN_DEV(MELCO, RT2870_1), 225 RUN_DEV(MELCO, RT2870_2), 226 RUN_DEV(MELCO, WLIUCAG300N), 227 RUN_DEV(MELCO, WLIUCG300N), 228 RUN_DEV(MELCO, WLIUCG301N), 229 RUN_DEV(MELCO, WLIUCGN), 230 RUN_DEV(MELCO, WLIUCGNM), 231 RUN_DEV(MELCO, WLIUCGNM2), 232 RUN_DEV(MOTOROLA4, RT2770), 233 RUN_DEV(MOTOROLA4, RT3070), 234 RUN_DEV(MSI, RT3070_1), 235 RUN_DEV(MSI, RT3070_2), 236 RUN_DEV(MSI, RT3070_3), 237 RUN_DEV(MSI, RT3070_4), 238 RUN_DEV(MSI, RT3070_5), 239 RUN_DEV(MSI, RT3070_6), 240 RUN_DEV(MSI, RT3070_7), 241 RUN_DEV(MSI, RT3070_8), 242 RUN_DEV(MSI, RT3070_9), 243 RUN_DEV(MSI, RT3070_10), 244 RUN_DEV(MSI, RT3070_11), 245 RUN_DEV(OVISLINK, RT3072), 246 RUN_DEV(PARA, RT3070), 247 RUN_DEV(PEGATRON, RT2870), 248 RUN_DEV(PEGATRON, RT3070), 249 RUN_DEV(PEGATRON, RT3070_2), 250 RUN_DEV(PEGATRON, RT3070_3), 251 RUN_DEV(PHILIPS, RT2870), 252 RUN_DEV(PLANEX2, GWUS300MINIS), 253 RUN_DEV(PLANEX2, GWUSMICRON), 254 RUN_DEV(PLANEX2, RT2870), 255 RUN_DEV(PLANEX2, RT3070), 256 RUN_DEV(QCOM, RT2870), 257 RUN_DEV(QUANTA, RT3070), 258 RUN_DEV(RALINK, RT2070), 259 RUN_DEV(RALINK, RT2770), 260 RUN_DEV(RALINK, RT2870), 261 RUN_DEV(RALINK, RT3070), 262 RUN_DEV(RALINK, RT3071), 263 RUN_DEV(RALINK, RT3072), 264 RUN_DEV(RALINK, RT3370), 265 RUN_DEV(RALINK, RT3572), 266 RUN_DEV(RALINK, RT3573), 267 RUN_DEV(RALINK, RT5370), 268 RUN_DEV(RALINK, RT5572), 269 RUN_DEV(RALINK, RT8070), 270 RUN_DEV(SAMSUNG, WIS09ABGN), 271 RUN_DEV(SAMSUNG2, RT2870_1), 272 RUN_DEV(SENAO, RT2870_1), 273 RUN_DEV(SENAO, RT2870_2), 274 RUN_DEV(SENAO, RT2870_3), 275 RUN_DEV(SENAO, RT2870_4), 276 RUN_DEV(SENAO, RT3070), 277 RUN_DEV(SENAO, RT3071), 278 RUN_DEV(SENAO, RT3072_1), 279 RUN_DEV(SENAO, RT3072_2), 280 RUN_DEV(SENAO, RT3072_3), 281 RUN_DEV(SENAO, RT3072_4), 282 RUN_DEV(SENAO, RT3072_5), 283 RUN_DEV(SITECOMEU, RT2770), 284 RUN_DEV(SITECOMEU, RT2870_1), 285 RUN_DEV(SITECOMEU, RT2870_2), 286 RUN_DEV(SITECOMEU, RT2870_3), 287 RUN_DEV(SITECOMEU, RT2870_4), 288 RUN_DEV(SITECOMEU, RT3070), 289 RUN_DEV(SITECOMEU, RT3070_2), 290 RUN_DEV(SITECOMEU, RT3070_3), 291 RUN_DEV(SITECOMEU, RT3070_4), 292 RUN_DEV(SITECOMEU, RT3071), 293 RUN_DEV(SITECOMEU, RT3072_1), 294 RUN_DEV(SITECOMEU, RT3072_2), 295 RUN_DEV(SITECOMEU, RT3072_3), 296 RUN_DEV(SITECOMEU, RT3072_4), 297 RUN_DEV(SITECOMEU, RT3072_5), 298 RUN_DEV(SITECOMEU, RT3072_6), 299 RUN_DEV(SITECOMEU, WL608), 300 RUN_DEV(SPARKLAN, RT2870_1), 301 RUN_DEV(SPARKLAN, RT3070), 302 RUN_DEV(SWEEX2, LW153), 303 RUN_DEV(SWEEX2, LW303), 304 RUN_DEV(SWEEX2, LW313), 305 RUN_DEV(TOSHIBA, RT3070), 306 RUN_DEV(UMEDIA, RT2870_1), 307 RUN_DEV(ZCOM, RT2870_1), 308 RUN_DEV(ZCOM, RT2870_2), 309 RUN_DEV(ZINWELL, RT2870_1), 310 RUN_DEV(ZINWELL, RT2870_2), 311 RUN_DEV(ZINWELL, RT3070), 312 RUN_DEV(ZINWELL, RT3072_1), 313 RUN_DEV(ZINWELL, RT3072_2), 314 RUN_DEV(ZYXEL, RT2870_1), 315 RUN_DEV(ZYXEL, RT2870_2), 316 RUN_DEV(ZYXEL, RT3070), 317 RUN_DEV_EJECT(ZYXEL, NWD2705), 318 RUN_DEV_EJECT(RALINK, RT_STOR), 319 #undef RUN_DEV_EJECT 320 #undef RUN_DEV 321 }; 322 323 static device_probe_t run_match; 324 static device_attach_t run_attach; 325 static device_detach_t run_detach; 326 327 static usb_callback_t run_bulk_rx_callback; 328 static usb_callback_t run_bulk_tx_callback0; 329 static usb_callback_t run_bulk_tx_callback1; 330 static usb_callback_t run_bulk_tx_callback2; 331 static usb_callback_t run_bulk_tx_callback3; 332 static usb_callback_t run_bulk_tx_callback4; 333 static usb_callback_t run_bulk_tx_callback5; 334 335 static void run_autoinst(void *, struct usb_device *, 336 struct usb_attach_arg *); 337 static int run_driver_loaded(struct module *, int, void *); 338 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 339 usb_error_t error, u_int index); 340 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 341 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 342 const uint8_t [IEEE80211_ADDR_LEN], 343 const uint8_t [IEEE80211_ADDR_LEN]); 344 static void run_vap_delete(struct ieee80211vap *); 345 static void run_cmdq_cb(void *, int); 346 static void run_setup_tx_list(struct run_softc *, 347 struct run_endpoint_queue *); 348 static void run_unsetup_tx_list(struct run_softc *, 349 struct run_endpoint_queue *); 350 static int run_load_microcode(struct run_softc *); 351 static int run_reset(struct run_softc *); 352 static usb_error_t run_do_request(struct run_softc *, 353 struct usb_device_request *, void *); 354 static int run_read(struct run_softc *, uint16_t, uint32_t *); 355 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 356 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 357 static int run_write(struct run_softc *, uint16_t, uint32_t); 358 static int run_write_region_1(struct run_softc *, uint16_t, 359 const uint8_t *, int); 360 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 361 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 362 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 363 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 364 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 365 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 366 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 367 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 368 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 369 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 370 static const char *run_get_rf(uint16_t); 371 static void run_rt3593_get_txpower(struct run_softc *); 372 static void run_get_txpower(struct run_softc *); 373 static int run_read_eeprom(struct run_softc *); 374 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 375 const uint8_t mac[IEEE80211_ADDR_LEN]); 376 static int run_media_change(struct ifnet *); 377 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 378 static int run_wme_update(struct ieee80211com *); 379 static void run_wme_update_cb(void *); 380 static void run_key_update_begin(struct ieee80211vap *); 381 static void run_key_update_end(struct ieee80211vap *); 382 static void run_key_set_cb(void *); 383 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 384 const uint8_t mac[IEEE80211_ADDR_LEN]); 385 static void run_key_delete_cb(void *); 386 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 387 static void run_ratectl_to(void *); 388 static void run_ratectl_cb(void *, int); 389 static void run_drain_fifo(void *); 390 static void run_iter_func(void *, struct ieee80211_node *); 391 static void run_newassoc_cb(void *); 392 static void run_newassoc(struct ieee80211_node *, int); 393 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 394 static void run_tx_free(struct run_endpoint_queue *pq, 395 struct run_tx_data *, int); 396 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 397 static int run_tx(struct run_softc *, struct mbuf *, 398 struct ieee80211_node *); 399 static int run_tx_mgt(struct run_softc *, struct mbuf *, 400 struct ieee80211_node *); 401 static int run_sendprot(struct run_softc *, const struct mbuf *, 402 struct ieee80211_node *, int, int); 403 static int run_tx_param(struct run_softc *, struct mbuf *, 404 struct ieee80211_node *, 405 const struct ieee80211_bpf_params *); 406 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 407 const struct ieee80211_bpf_params *); 408 static void run_start(struct ifnet *, struct ifaltq_subque *); 409 static int run_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 410 static void run_iq_calib(struct run_softc *, u_int); 411 static void run_set_agc(struct run_softc *, uint8_t); 412 static void run_select_chan_group(struct run_softc *, int); 413 static void run_set_rx_antenna(struct run_softc *, int); 414 static void run_rt2870_set_chan(struct run_softc *, u_int); 415 static void run_rt3070_set_chan(struct run_softc *, u_int); 416 static void run_rt3572_set_chan(struct run_softc *, u_int); 417 static void run_rt3593_set_chan(struct run_softc *, u_int); 418 static void run_rt5390_set_chan(struct run_softc *, u_int); 419 static void run_rt5592_set_chan(struct run_softc *, u_int); 420 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 421 static void run_set_channel(struct ieee80211com *); 422 static void run_scan_start(struct ieee80211com *); 423 static void run_scan_end(struct ieee80211com *); 424 static void run_update_beacon(struct ieee80211vap *, int); 425 static void run_update_beacon_cb(void *); 426 static void run_updateprot(struct ieee80211com *); 427 static void run_updateprot_cb(void *); 428 static void run_usb_timeout_cb(void *); 429 static void run_reset_livelock(struct run_softc *); 430 static void run_enable_tsf_sync(struct run_softc *); 431 static void run_enable_mrr(struct run_softc *); 432 static void run_set_txpreamble(struct run_softc *); 433 static void run_set_basicrates(struct run_softc *); 434 static void run_set_leds(struct run_softc *, uint16_t); 435 static void run_set_bssid(struct run_softc *, const uint8_t *); 436 static void run_set_macaddr(struct run_softc *, const uint8_t *); 437 static void run_updateslot(struct ifnet *); 438 static void run_updateslot_cb(void *); 439 static void run_update_mcast(struct ifnet *); 440 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 441 static void run_update_promisc_locked(struct ifnet *); 442 static void run_update_promisc(struct ifnet *); 443 static void run_rt5390_bbp_init(struct run_softc *); 444 static int run_bbp_init(struct run_softc *); 445 static int run_rt3070_rf_init(struct run_softc *); 446 static void run_rt3593_rf_init(struct run_softc *); 447 static void run_rt5390_rf_init(struct run_softc *); 448 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 449 uint8_t *); 450 static void run_rt3070_rf_setup(struct run_softc *); 451 static void run_rt3593_rf_setup(struct run_softc *); 452 static void run_rt5390_rf_setup(struct run_softc *); 453 static int run_txrx_enable(struct run_softc *); 454 static void run_adjust_freq_offset(struct run_softc *); 455 static void run_init(void *); 456 static void run_init_locked(struct run_softc *); 457 static void run_stop(void *); 458 static void run_delay(struct run_softc *, u_int); 459 460 static eventhandler_tag run_etag; 461 462 static const struct rt2860_rate { 463 uint8_t rate; 464 uint8_t mcs; 465 enum ieee80211_phytype phy; 466 uint8_t ctl_ridx; 467 uint16_t sp_ack_dur; 468 uint16_t lp_ack_dur; 469 } rt2860_rates[] = { 470 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 471 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 472 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 473 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 474 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 475 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 476 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 477 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 478 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 479 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 480 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 481 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 482 }; 483 484 static const struct { 485 uint16_t reg; 486 uint32_t val; 487 } rt2870_def_mac[] = { 488 RT2870_DEF_MAC 489 }; 490 491 static const struct { 492 uint8_t reg; 493 uint8_t val; 494 } rt2860_def_bbp[] = { 495 RT2860_DEF_BBP 496 },rt5390_def_bbp[] = { 497 RT5390_DEF_BBP 498 },rt5592_def_bbp[] = { 499 RT5592_DEF_BBP 500 }; 501 502 /* 503 * Default values for BBP register R196 for RT5592. 504 */ 505 static const uint8_t rt5592_bbp_r196[] = { 506 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 507 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 508 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 509 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 510 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 511 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 512 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 513 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 514 0x2e, 0x36, 0x30, 0x6e 515 }; 516 517 static const struct rfprog { 518 uint8_t chan; 519 uint32_t r1, r2, r3, r4; 520 } rt2860_rf2850[] = { 521 RT2860_RF2850 522 }; 523 524 struct { 525 uint8_t n, r, k; 526 } rt3070_freqs[] = { 527 RT3070_RF3052 528 }; 529 530 static const struct rt5592_freqs { 531 uint16_t n; 532 uint8_t k, m, r; 533 } rt5592_freqs_20mhz[] = { 534 RT5592_RF5592_20MHZ 535 },rt5592_freqs_40mhz[] = { 536 RT5592_RF5592_40MHZ 537 }; 538 539 static const struct { 540 uint8_t reg; 541 uint8_t val; 542 } rt3070_def_rf[] = { 543 RT3070_DEF_RF 544 },rt3572_def_rf[] = { 545 RT3572_DEF_RF 546 },rt3593_def_rf[] = { 547 RT3593_DEF_RF 548 },rt5390_def_rf[] = { 549 RT5390_DEF_RF 550 },rt5392_def_rf[] = { 551 RT5392_DEF_RF 552 },rt5592_def_rf[] = { 553 RT5592_DEF_RF 554 },rt5592_2ghz_def_rf[] = { 555 RT5592_2GHZ_DEF_RF 556 },rt5592_5ghz_def_rf[] = { 557 RT5592_5GHZ_DEF_RF 558 }; 559 560 static const struct { 561 u_int firstchan; 562 u_int lastchan; 563 uint8_t reg; 564 uint8_t val; 565 } rt5592_chan_5ghz[] = { 566 RT5592_CHAN_5GHZ 567 }; 568 569 static const struct usb_config run_config[RUN_N_XFER] = { 570 [RUN_BULK_TX_BE] = { 571 .type = UE_BULK, 572 .endpoint = UE_ADDR_ANY, 573 .ep_index = 0, 574 .direction = UE_DIR_OUT, 575 .bufsize = RUN_MAX_TXSZ, 576 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 577 .callback = run_bulk_tx_callback0, 578 .timeout = 5000, /* ms */ 579 }, 580 [RUN_BULK_TX_BK] = { 581 .type = UE_BULK, 582 .endpoint = UE_ADDR_ANY, 583 .direction = UE_DIR_OUT, 584 .ep_index = 1, 585 .bufsize = RUN_MAX_TXSZ, 586 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 587 .callback = run_bulk_tx_callback1, 588 .timeout = 5000, /* ms */ 589 }, 590 [RUN_BULK_TX_VI] = { 591 .type = UE_BULK, 592 .endpoint = UE_ADDR_ANY, 593 .direction = UE_DIR_OUT, 594 .ep_index = 2, 595 .bufsize = RUN_MAX_TXSZ, 596 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 597 .callback = run_bulk_tx_callback2, 598 .timeout = 5000, /* ms */ 599 }, 600 [RUN_BULK_TX_VO] = { 601 .type = UE_BULK, 602 .endpoint = UE_ADDR_ANY, 603 .direction = UE_DIR_OUT, 604 .ep_index = 3, 605 .bufsize = RUN_MAX_TXSZ, 606 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 607 .callback = run_bulk_tx_callback3, 608 .timeout = 5000, /* ms */ 609 }, 610 [RUN_BULK_TX_HCCA] = { 611 .type = UE_BULK, 612 .endpoint = UE_ADDR_ANY, 613 .direction = UE_DIR_OUT, 614 .ep_index = 4, 615 .bufsize = RUN_MAX_TXSZ, 616 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 617 .callback = run_bulk_tx_callback4, 618 .timeout = 5000, /* ms */ 619 }, 620 [RUN_BULK_TX_PRIO] = { 621 .type = UE_BULK, 622 .endpoint = UE_ADDR_ANY, 623 .direction = UE_DIR_OUT, 624 .ep_index = 5, 625 .bufsize = RUN_MAX_TXSZ, 626 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 627 .callback = run_bulk_tx_callback5, 628 .timeout = 5000, /* ms */ 629 }, 630 [RUN_BULK_RX] = { 631 .type = UE_BULK, 632 .endpoint = UE_ADDR_ANY, 633 .direction = UE_DIR_IN, 634 .bufsize = RUN_MAX_RXSZ, 635 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 636 .callback = run_bulk_rx_callback, 637 } 638 }; 639 640 static void 641 run_autoinst(void *arg, struct usb_device *udev, 642 struct usb_attach_arg *uaa) 643 { 644 struct usb_interface *iface; 645 struct usb_interface_descriptor *id; 646 647 if (uaa->dev_state != UAA_DEV_READY) 648 return; 649 650 iface = usbd_get_iface(udev, 0); 651 if (iface == NULL) 652 return; 653 id = iface->idesc; 654 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 655 return; 656 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 657 return; 658 659 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 660 uaa->dev_state = UAA_DEV_EJECTING; 661 } 662 663 static int 664 run_driver_loaded(struct module *mod, int what, void *arg) 665 { 666 switch (what) { 667 case MOD_LOAD: 668 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 669 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 670 break; 671 case MOD_UNLOAD: 672 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 673 break; 674 default: 675 return (EOPNOTSUPP); 676 } 677 return (0); 678 } 679 680 static int 681 run_match(device_t self) 682 { 683 struct usb_attach_arg *uaa = device_get_ivars(self); 684 685 if (uaa->usb_mode != USB_MODE_HOST) 686 return (ENXIO); 687 if (uaa->info.bConfigIndex != 0) 688 return (ENXIO); 689 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 690 return (ENXIO); 691 692 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 693 } 694 695 static int 696 run_attach(device_t self) 697 { 698 struct run_softc *sc = device_get_softc(self); 699 struct usb_attach_arg *uaa = device_get_ivars(self); 700 struct ieee80211com *ic; 701 struct ifnet *ifp; 702 uint32_t ver; 703 int ntries, error; 704 uint8_t iface_index, bands; 705 char ethstr[ETHER_ADDRSTRLEN + 1]; 706 707 wlan_serialize_enter(); 708 709 device_set_usb_desc(self); 710 sc->sc_udev = uaa->device; 711 sc->sc_dev = self; 712 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 713 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 714 715 lockinit(&sc->sc_lock, device_get_nameunit(sc->sc_dev), 716 0, LK_CANRECURSE); 717 718 iface_index = RT2860_IFACE_INDEX; 719 720 error = usbd_transfer_setup(uaa->device, &iface_index, 721 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_lock); 722 if (error) { 723 device_printf(self, "could not allocate USB transfers, " 724 "err=%s\n", usbd_errstr(error)); 725 goto detach; 726 } 727 728 RUN_LOCK(sc); 729 730 /* wait for the chip to settle */ 731 for (ntries = 0; ntries < 100; ntries++) { 732 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 733 RUN_UNLOCK(sc); 734 goto detach; 735 } 736 if (ver != 0 && ver != 0xffffffff) 737 break; 738 run_delay(sc, 10); 739 } 740 if (ntries == 100) { 741 device_printf(sc->sc_dev, 742 "timeout waiting for NIC to initialize\n"); 743 RUN_UNLOCK(sc); 744 goto detach; 745 } 746 sc->mac_ver = ver >> 16; 747 sc->mac_rev = ver & 0xffff; 748 749 /* retrieve RF rev. no and various other things from EEPROM */ 750 run_read_eeprom(sc); 751 752 device_printf(sc->sc_dev, 753 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 754 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 755 sc->ntxchains, sc->nrxchains, kether_ntoa(sc->sc_bssid, ethstr)); 756 757 RUN_UNLOCK(sc); 758 759 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 760 if (ifp == NULL) { 761 device_printf(sc->sc_dev, "can not if_alloc()\n"); 762 goto detach; 763 } 764 ic = ifp->if_l2com; 765 766 ifp->if_softc = sc; 767 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 768 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 769 ifp->if_init = run_init; 770 ifp->if_ioctl = run_ioctl; 771 ifp->if_start = run_start; 772 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 773 #if 0 /* XXX swildner: see c3d4131842e47b168d93a0650d58d425ebeef789 */ 774 ifq_set_ready(&ifp->if_snd); 775 #endif 776 777 ic->ic_ifp = ifp; 778 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 779 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 780 781 /* set device capabilities */ 782 ic->ic_caps = 783 IEEE80211_C_STA | /* station mode supported */ 784 IEEE80211_C_MONITOR | /* monitor mode supported */ 785 IEEE80211_C_IBSS | 786 IEEE80211_C_HOSTAP | 787 IEEE80211_C_WDS | /* 4-address traffic works */ 788 IEEE80211_C_MBSS | 789 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 790 IEEE80211_C_SHSLOT | /* short slot time supported */ 791 IEEE80211_C_WME | /* WME */ 792 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 793 794 ic->ic_cryptocaps = 795 IEEE80211_CRYPTO_WEP | 796 IEEE80211_CRYPTO_AES_CCM | 797 IEEE80211_CRYPTO_TKIPMIC | 798 IEEE80211_CRYPTO_TKIP; 799 800 ic->ic_flags |= IEEE80211_F_DATAPAD; 801 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 802 803 bands = 0; 804 setbit(&bands, IEEE80211_MODE_11B); 805 setbit(&bands, IEEE80211_MODE_11G); 806 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 807 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 808 sc->rf_rev == RT5592_RF_5592) 809 setbit(&bands, IEEE80211_MODE_11A); 810 ieee80211_init_channels(ic, NULL, &bands); 811 812 ieee80211_ifattach(ic, sc->sc_bssid); 813 814 ic->ic_scan_start = run_scan_start; 815 ic->ic_scan_end = run_scan_end; 816 ic->ic_set_channel = run_set_channel; 817 ic->ic_node_alloc = run_node_alloc; 818 ic->ic_newassoc = run_newassoc; 819 ic->ic_updateslot = run_updateslot; 820 ic->ic_update_mcast = run_update_mcast; 821 ic->ic_wme.wme_update = run_wme_update; 822 ic->ic_raw_xmit = run_raw_xmit; 823 ic->ic_update_promisc = run_update_promisc; 824 825 ic->ic_vap_create = run_vap_create; 826 ic->ic_vap_delete = run_vap_delete; 827 828 ieee80211_radiotap_attach(ic, 829 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 830 RUN_TX_RADIOTAP_PRESENT, 831 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 832 RUN_RX_RADIOTAP_PRESENT); 833 834 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 835 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 836 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_lock, 1); 837 838 if (bootverbose) 839 ieee80211_announce(ic); 840 841 wlan_serialize_exit(); 842 return (0); 843 844 detach: 845 wlan_serialize_exit(); 846 run_detach(self); 847 return (ENXIO); 848 } 849 850 static int 851 run_detach(device_t self) 852 { 853 struct run_softc *sc = device_get_softc(self); 854 struct ifnet *ifp = sc->sc_ifp; 855 struct ieee80211com *ic; 856 int i; 857 858 wlan_serialize_enter(); 859 sc->sc_detached = 1; 860 861 /* stop all USB transfers */ 862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 863 864 RUN_LOCK(sc); 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 RUN_UNLOCK(sc); 872 873 if (ifp) { 874 ic = ifp->if_l2com; 875 /* drain tasks */ 876 usb_callout_drain(&sc->ratectl_ch); 877 ieee80211_draintask(ic, &sc->cmdq_task); 878 ieee80211_draintask(ic, &sc->ratectl_task); 879 ieee80211_ifdetach(ic); 880 if_free(ifp); 881 } 882 883 lockuninit(&sc->sc_lock); 884 885 wlan_serialize_exit(); 886 return (0); 887 } 888 889 static struct ieee80211vap * 890 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 891 enum ieee80211_opmode opmode, int flags, 892 const uint8_t bssid[IEEE80211_ADDR_LEN], 893 const uint8_t mac[IEEE80211_ADDR_LEN]) 894 { 895 struct ifnet *ifp = ic->ic_ifp; 896 struct run_softc *sc = ifp->if_softc; 897 struct run_vap *rvp; 898 struct ieee80211vap *vap; 899 int i; 900 901 if (sc->rvp_cnt >= RUN_VAP_MAX) { 902 if_printf(ifp, "number of VAPs maxed out\n"); 903 return (NULL); 904 } 905 906 switch (opmode) { 907 case IEEE80211_M_STA: 908 /* enable s/w bmiss handling for sta mode */ 909 flags |= IEEE80211_CLONE_NOBEACONS; 910 /* fall though */ 911 case IEEE80211_M_IBSS: 912 case IEEE80211_M_MONITOR: 913 case IEEE80211_M_HOSTAP: 914 case IEEE80211_M_MBSS: 915 /* other than WDS vaps, only one at a time */ 916 if (!TAILQ_EMPTY(&ic->ic_vaps)) 917 return (NULL); 918 break; 919 case IEEE80211_M_WDS: 920 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 921 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 922 continue; 923 /* WDS vap's always share the local mac address. */ 924 flags &= ~IEEE80211_CLONE_BSSID; 925 break; 926 } 927 if (vap == NULL) { 928 if_printf(ifp, "wds only supported in ap mode\n"); 929 return (NULL); 930 } 931 break; 932 default: 933 if_printf(ifp, "unknown opmode %d\n", opmode); 934 return (NULL); 935 } 936 937 rvp = (struct run_vap *) kmalloc(sizeof(struct run_vap), 938 M_80211_VAP, M_INTWAIT | M_ZERO); 939 vap = &rvp->vap; 940 941 if (ieee80211_vap_setup(ic, vap, name, unit, 942 opmode, flags, bssid, mac) != 0) { 943 /* out of memory */ 944 kfree(rvp, M_80211_VAP); 945 return (NULL); 946 } 947 948 vap->iv_key_update_begin = run_key_update_begin; 949 vap->iv_key_update_end = run_key_update_end; 950 vap->iv_update_beacon = run_update_beacon; 951 vap->iv_max_aid = RT2870_WCID_MAX; 952 /* 953 * To delete the right key from h/w, we need wcid. 954 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 955 * and matching wcid will be written into there. So, cast 956 * some spells to remove 'const' from ieee80211_key{} 957 */ 958 vap->iv_key_delete = (void *)run_key_delete; 959 vap->iv_key_set = (void *)run_key_set; 960 961 /* override state transition machine */ 962 rvp->newstate = vap->iv_newstate; 963 vap->iv_newstate = run_newstate; 964 965 ieee80211_ratectl_init(vap); 966 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 967 968 /* complete setup */ 969 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 970 971 /* make sure id is always unique */ 972 for (i = 0; i < RUN_VAP_MAX; i++) { 973 if((sc->rvp_bmap & 1 << i) == 0){ 974 sc->rvp_bmap |= 1 << i; 975 rvp->rvp_id = i; 976 break; 977 } 978 } 979 if (sc->rvp_cnt++ == 0) 980 ic->ic_opmode = opmode; 981 982 if (opmode == IEEE80211_M_HOSTAP) 983 sc->cmdq_run = RUN_CMDQ_GO; 984 985 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 986 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 987 988 return (vap); 989 } 990 991 static void 992 run_vap_delete(struct ieee80211vap *vap) 993 { 994 struct run_vap *rvp = RUN_VAP(vap); 995 struct ifnet *ifp; 996 struct ieee80211com *ic; 997 struct run_softc *sc; 998 uint8_t rvp_id; 999 1000 if (vap == NULL) 1001 return; 1002 1003 ic = vap->iv_ic; 1004 ifp = ic->ic_ifp; 1005 1006 sc = ifp->if_softc; 1007 1008 RUN_LOCK(sc); 1009 1010 m_freem(rvp->beacon_mbuf); 1011 rvp->beacon_mbuf = NULL; 1012 1013 rvp_id = rvp->rvp_id; 1014 sc->ratectl_run &= ~(1 << rvp_id); 1015 sc->rvp_bmap &= ~(1 << rvp_id); 1016 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1017 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1018 --sc->rvp_cnt; 1019 1020 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1021 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1022 1023 RUN_UNLOCK(sc); 1024 1025 ieee80211_ratectl_deinit(vap); 1026 ieee80211_vap_detach(vap); 1027 kfree(rvp, M_80211_VAP); 1028 } 1029 1030 /* 1031 * There are numbers of functions need to be called in context thread. 1032 * Rather than creating taskqueue event for each of those functions, 1033 * here is all-for-one taskqueue callback function. This function 1034 * gurantees deferred functions are executed in the same order they 1035 * were enqueued. 1036 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1037 */ 1038 static void 1039 run_cmdq_cb(void *arg, int pending) 1040 { 1041 struct run_softc *sc = arg; 1042 uint8_t i; 1043 1044 /* call cmdq[].func locked */ 1045 RUN_LOCK(sc); 1046 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1047 i = sc->cmdq_exec, pending--) { 1048 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1049 if (sc->cmdq_run == RUN_CMDQ_GO) { 1050 /* 1051 * If arg0 is NULL, callback func needs more 1052 * than one arg. So, pass ptr to cmdq struct. 1053 */ 1054 if (sc->cmdq[i].arg0) 1055 sc->cmdq[i].func(sc->cmdq[i].arg0); 1056 else 1057 sc->cmdq[i].func(&sc->cmdq[i]); 1058 } 1059 sc->cmdq[i].arg0 = NULL; 1060 sc->cmdq[i].func = NULL; 1061 sc->cmdq_exec++; 1062 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1063 } 1064 RUN_UNLOCK(sc); 1065 } 1066 1067 static void 1068 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1069 { 1070 struct run_tx_data *data; 1071 1072 memset(pq, 0, sizeof(*pq)); 1073 1074 STAILQ_INIT(&pq->tx_qh); 1075 STAILQ_INIT(&pq->tx_fh); 1076 1077 for (data = &pq->tx_data[0]; 1078 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1079 data->sc = sc; 1080 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1081 } 1082 pq->tx_nfree = RUN_TX_RING_COUNT; 1083 } 1084 1085 static void 1086 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1087 { 1088 struct run_tx_data *data; 1089 1090 /* make sure any subsequent use of the queues will fail */ 1091 pq->tx_nfree = 0; 1092 STAILQ_INIT(&pq->tx_fh); 1093 STAILQ_INIT(&pq->tx_qh); 1094 1095 /* free up all node references and mbufs */ 1096 for (data = &pq->tx_data[0]; 1097 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1098 if (data->m != NULL) { 1099 m_freem(data->m); 1100 data->m = NULL; 1101 } 1102 if (data->ni != NULL) { 1103 ieee80211_free_node(data->ni); 1104 data->ni = NULL; 1105 } 1106 } 1107 } 1108 1109 static int 1110 run_load_microcode(struct run_softc *sc) 1111 { 1112 usb_device_request_t req; 1113 const struct firmware *fw; 1114 const u_char *base; 1115 uint32_t tmp; 1116 int ntries, error; 1117 const uint64_t *temp; 1118 uint64_t bytes; 1119 1120 wlan_assert_serialized(); 1121 1122 wlan_serialize_exit(); 1123 fw = firmware_get("runfw"); 1124 wlan_serialize_enter(); 1125 if (fw == NULL) { 1126 device_printf(sc->sc_dev, 1127 "failed loadfirmware of file %s\n", "runfw"); 1128 return ENOENT; 1129 } 1130 1131 if (fw->datasize != 8192) { 1132 device_printf(sc->sc_dev, 1133 "invalid firmware size (should be 8KB)\n"); 1134 error = EINVAL; 1135 goto fail; 1136 } 1137 1138 /* 1139 * RT3071/RT3072 use a different firmware 1140 * run-rt2870 (8KB) contains both, 1141 * first half (4KB) is for rt2870, 1142 * last half is for rt3071. 1143 */ 1144 base = fw->data; 1145 if ((sc->mac_ver) != 0x2860 && 1146 (sc->mac_ver) != 0x2872 && 1147 (sc->mac_ver) != 0x3070) { 1148 base += 4096; 1149 } 1150 1151 /* cheap sanity check */ 1152 temp = fw->data; 1153 bytes = *temp; 1154 if (bytes != be64toh(0xffffff0210280210ULL)) { 1155 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1156 error = EINVAL; 1157 goto fail; 1158 } 1159 1160 /* write microcode image */ 1161 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1162 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1163 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1164 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1165 } 1166 1167 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1168 req.bRequest = RT2870_RESET; 1169 USETW(req.wValue, 8); 1170 USETW(req.wIndex, 0); 1171 USETW(req.wLength, 0); 1172 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL)) 1173 != 0) { 1174 device_printf(sc->sc_dev, "firmware reset failed\n"); 1175 goto fail; 1176 } 1177 1178 run_delay(sc, 10); 1179 1180 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1181 run_write(sc, RT2860_H2M_MAILBOX, 0); 1182 run_write(sc, RT2860_H2M_INTSRC, 0); 1183 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1184 goto fail; 1185 1186 /* wait until microcontroller is ready */ 1187 for (ntries = 0; ntries < 1000; ntries++) { 1188 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1189 goto fail; 1190 if (tmp & RT2860_MCU_READY) 1191 break; 1192 run_delay(sc, 10); 1193 } 1194 if (ntries == 1000) { 1195 device_printf(sc->sc_dev, 1196 "timeout waiting for MCU to initialize\n"); 1197 error = ETIMEDOUT; 1198 goto fail; 1199 } 1200 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1201 (base == fw->data) ? "RT2870" : "RT3071", 1202 *(base + 4092), *(base + 4093)); 1203 1204 fail: 1205 firmware_put(fw, FIRMWARE_UNLOAD); 1206 return (error); 1207 } 1208 1209 static int 1210 run_reset(struct run_softc *sc) 1211 { 1212 usb_device_request_t req; 1213 usb_error_t error; 1214 1215 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1216 req.bRequest = RT2870_RESET; 1217 USETW(req.wValue, 1); 1218 USETW(req.wIndex, 0); 1219 USETW(req.wLength, 0); 1220 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL); 1221 return (error); 1222 } 1223 1224 static usb_error_t 1225 run_do_request(struct run_softc *sc, 1226 struct usb_device_request *req, void *data) 1227 { 1228 usb_error_t err; 1229 int ntries = 10; 1230 1231 RUN_LOCK_ASSERT(sc, MA_OWNED); 1232 1233 while (ntries--) { 1234 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_lock, 1235 req, data, 0, NULL, 250 /* ms */); 1236 if (err == 0) 1237 break; 1238 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1239 usbd_errstr(err)); 1240 run_delay(sc, 10); 1241 } 1242 return (err); 1243 } 1244 1245 static int 1246 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1247 { 1248 uint32_t tmp; 1249 int error; 1250 1251 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1252 if (error == 0) 1253 *val = le32toh(tmp); 1254 else 1255 *val = 0xffffffff; 1256 return (error); 1257 } 1258 1259 static int 1260 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1261 { 1262 usb_device_request_t req; 1263 1264 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1265 req.bRequest = RT2870_READ_REGION_1; 1266 USETW(req.wValue, 0); 1267 USETW(req.wIndex, reg); 1268 USETW(req.wLength, len); 1269 1270 return (run_do_request(sc, &req, buf)); 1271 } 1272 1273 static int 1274 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1275 { 1276 usb_device_request_t req; 1277 1278 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1279 req.bRequest = RT2870_WRITE_2; 1280 USETW(req.wValue, val); 1281 USETW(req.wIndex, reg); 1282 USETW(req.wLength, 0); 1283 1284 return (run_do_request(sc, &req, NULL)); 1285 } 1286 1287 static int 1288 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1289 { 1290 int error; 1291 1292 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1293 error = run_write_2(sc, reg + 2, val >> 16); 1294 return (error); 1295 } 1296 1297 static int 1298 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1299 int len) 1300 { 1301 #if 1 1302 int i, error = 0; 1303 /* 1304 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1305 * We thus issue multiple WRITE_2 commands instead. 1306 */ 1307 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1308 for (i = 0; i < len && error == 0; i += 2) 1309 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1310 return (error); 1311 #else 1312 usb_device_request_t req; 1313 int error = 0; 1314 1315 /* 1316 * NOTE: It appears the WRITE_REGION_1 command cannot be 1317 * passed a huge amount of data, which will crash the 1318 * firmware. Limit amount of data passed to 64-bytes at a 1319 * time. 1320 */ 1321 while (len > 0) { 1322 int delta = 64; 1323 if (delta > len) 1324 delta = len; 1325 1326 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1327 req.bRequest = RT2870_WRITE_REGION_1; 1328 USETW(req.wValue, 0); 1329 USETW(req.wIndex, reg); 1330 USETW(req.wLength, delta); 1331 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1332 if (error != 0) 1333 break; 1334 reg += delta; 1335 buf += delta; 1336 len -= delta; 1337 } 1338 return (error); 1339 #endif 1340 } 1341 1342 static int 1343 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1344 { 1345 int i, error = 0; 1346 1347 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1348 for (i = 0; i < len && error == 0; i += 4) 1349 error = run_write(sc, reg + i, val); 1350 return (error); 1351 } 1352 1353 static int 1354 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1355 { 1356 uint32_t tmp; 1357 uint16_t reg; 1358 int error, ntries; 1359 1360 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1361 return (error); 1362 1363 if (count == 2) 1364 addr *= 2; 1365 /*- 1366 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1367 * DATA0: F E D C 1368 * DATA1: B A 9 8 1369 * DATA2: 7 6 5 4 1370 * DATA3: 3 2 1 0 1371 */ 1372 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1373 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1374 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1375 for (ntries = 0; ntries < 100; ntries++) { 1376 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1377 return (error); 1378 if (!(tmp & RT3070_EFSROM_KICK)) 1379 break; 1380 run_delay(sc, 2); 1381 } 1382 if (ntries == 100) 1383 return (ETIMEDOUT); 1384 1385 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1386 *val = 0xffff; /* address not found */ 1387 return (0); 1388 } 1389 /* determine to which 32-bit register our 16-bit word belongs */ 1390 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1391 if ((error = run_read(sc, reg, &tmp)) != 0) 1392 return (error); 1393 1394 tmp >>= (8 * (addr & 0x3)); 1395 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1396 1397 return (0); 1398 } 1399 1400 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1401 static int 1402 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1403 { 1404 return (run_efuse_read(sc, addr, val, 2)); 1405 } 1406 1407 static int 1408 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1409 { 1410 usb_device_request_t req; 1411 uint16_t tmp; 1412 int error; 1413 1414 addr *= 2; 1415 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1416 req.bRequest = RT2870_EEPROM_READ; 1417 USETW(req.wValue, 0); 1418 USETW(req.wIndex, addr); 1419 USETW(req.wLength, sizeof(tmp)); 1420 1421 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, &tmp); 1422 if (error == 0) 1423 *val = le16toh(tmp); 1424 else 1425 *val = 0xffff; 1426 return (error); 1427 } 1428 1429 static __inline int 1430 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1431 { 1432 /* either eFUSE ROM or EEPROM */ 1433 return sc->sc_srom_read(sc, addr, val); 1434 } 1435 1436 static int 1437 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1438 { 1439 uint32_t tmp; 1440 int error, ntries; 1441 1442 for (ntries = 0; ntries < 10; ntries++) { 1443 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1444 return (error); 1445 if (!(tmp & RT2860_RF_REG_CTRL)) 1446 break; 1447 } 1448 if (ntries == 10) 1449 return (ETIMEDOUT); 1450 1451 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1452 } 1453 1454 static int 1455 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1456 { 1457 uint32_t tmp; 1458 int error, ntries; 1459 1460 for (ntries = 0; ntries < 100; ntries++) { 1461 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1462 return (error); 1463 if (!(tmp & RT3070_RF_KICK)) 1464 break; 1465 } 1466 if (ntries == 100) 1467 return (ETIMEDOUT); 1468 1469 tmp = RT3070_RF_KICK | reg << 8; 1470 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1471 return (error); 1472 1473 for (ntries = 0; ntries < 100; ntries++) { 1474 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1475 return (error); 1476 if (!(tmp & RT3070_RF_KICK)) 1477 break; 1478 } 1479 if (ntries == 100) 1480 return (ETIMEDOUT); 1481 1482 *val = tmp & 0xff; 1483 return (0); 1484 } 1485 1486 static int 1487 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1488 { 1489 uint32_t tmp; 1490 int error, ntries; 1491 1492 for (ntries = 0; ntries < 10; ntries++) { 1493 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1494 return (error); 1495 if (!(tmp & RT3070_RF_KICK)) 1496 break; 1497 } 1498 if (ntries == 10) 1499 return (ETIMEDOUT); 1500 1501 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1502 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1503 } 1504 1505 static int 1506 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1507 { 1508 uint32_t tmp; 1509 int ntries, error; 1510 1511 for (ntries = 0; ntries < 10; ntries++) { 1512 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1513 return (error); 1514 if (!(tmp & RT2860_BBP_CSR_KICK)) 1515 break; 1516 } 1517 if (ntries == 10) 1518 return (ETIMEDOUT); 1519 1520 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1521 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1522 return (error); 1523 1524 for (ntries = 0; ntries < 10; ntries++) { 1525 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1526 return (error); 1527 if (!(tmp & RT2860_BBP_CSR_KICK)) 1528 break; 1529 } 1530 if (ntries == 10) 1531 return (ETIMEDOUT); 1532 1533 *val = tmp & 0xff; 1534 return (0); 1535 } 1536 1537 static int 1538 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1539 { 1540 uint32_t tmp; 1541 int ntries, error; 1542 1543 for (ntries = 0; ntries < 10; ntries++) { 1544 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1545 return (error); 1546 if (!(tmp & RT2860_BBP_CSR_KICK)) 1547 break; 1548 } 1549 if (ntries == 10) 1550 return (ETIMEDOUT); 1551 1552 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1553 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1554 } 1555 1556 /* 1557 * Send a command to the 8051 microcontroller unit. 1558 */ 1559 static int 1560 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1561 { 1562 uint32_t tmp; 1563 int error, ntries; 1564 1565 for (ntries = 0; ntries < 100; ntries++) { 1566 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1567 return error; 1568 if (!(tmp & RT2860_H2M_BUSY)) 1569 break; 1570 } 1571 if (ntries == 100) 1572 return ETIMEDOUT; 1573 1574 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1575 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1576 error = run_write(sc, RT2860_HOST_CMD, cmd); 1577 return (error); 1578 } 1579 1580 /* 1581 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1582 * Used to adjust per-rate Tx power registers. 1583 */ 1584 static __inline uint32_t 1585 b4inc(uint32_t b32, int8_t delta) 1586 { 1587 int8_t i, b4; 1588 1589 for (i = 0; i < 8; i++) { 1590 b4 = b32 & 0xf; 1591 b4 += delta; 1592 if (b4 < 0) 1593 b4 = 0; 1594 else if (b4 > 0xf) 1595 b4 = 0xf; 1596 b32 = b32 >> 4 | b4 << 28; 1597 } 1598 return (b32); 1599 } 1600 1601 static const char * 1602 run_get_rf(uint16_t rev) 1603 { 1604 switch (rev) { 1605 case RT2860_RF_2820: return "RT2820"; 1606 case RT2860_RF_2850: return "RT2850"; 1607 case RT2860_RF_2720: return "RT2720"; 1608 case RT2860_RF_2750: return "RT2750"; 1609 case RT3070_RF_3020: return "RT3020"; 1610 case RT3070_RF_2020: return "RT2020"; 1611 case RT3070_RF_3021: return "RT3021"; 1612 case RT3070_RF_3022: return "RT3022"; 1613 case RT3070_RF_3052: return "RT3052"; 1614 case RT3593_RF_3053: return "RT3053"; 1615 case RT5592_RF_5592: return "RT5592"; 1616 case RT5390_RF_5370: return "RT5370"; 1617 case RT5390_RF_5372: return "RT5372"; 1618 } 1619 return ("unknown"); 1620 } 1621 1622 static void 1623 run_rt3593_get_txpower(struct run_softc *sc) 1624 { 1625 uint16_t addr, val; 1626 int i; 1627 1628 /* Read power settings for 2GHz channels. */ 1629 for (i = 0; i < 14; i += 2) { 1630 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1631 RT2860_EEPROM_PWR2GHZ_BASE1; 1632 run_srom_read(sc, addr + i / 2, &val); 1633 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1634 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1635 1636 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1637 RT2860_EEPROM_PWR2GHZ_BASE2; 1638 run_srom_read(sc, addr + i / 2, &val); 1639 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1640 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1641 1642 if (sc->ntxchains == 3) { 1643 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1644 &val); 1645 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1646 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1647 } 1648 } 1649 /* Fix broken Tx power entries. */ 1650 for (i = 0; i < 14; i++) { 1651 if (sc->txpow1[i] > 31) 1652 sc->txpow1[i] = 5; 1653 if (sc->txpow2[i] > 31) 1654 sc->txpow2[i] = 5; 1655 if (sc->ntxchains == 3) { 1656 if (sc->txpow3[i] > 31) 1657 sc->txpow3[i] = 5; 1658 } 1659 } 1660 /* Read power settings for 5GHz channels. */ 1661 for (i = 0; i < 40; i += 2) { 1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1663 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1664 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1665 1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1667 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1668 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1669 1670 if (sc->ntxchains == 3) { 1671 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1672 &val); 1673 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1674 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1675 } 1676 } 1677 } 1678 1679 static void 1680 run_get_txpower(struct run_softc *sc) 1681 { 1682 uint16_t val; 1683 int i; 1684 1685 /* Read power settings for 2GHz channels. */ 1686 for (i = 0; i < 14; i += 2) { 1687 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1688 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1689 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1690 1691 if (sc->mac_ver != 0x5390) { 1692 run_srom_read(sc, 1693 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1694 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1695 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1696 } 1697 } 1698 /* Fix broken Tx power entries. */ 1699 for (i = 0; i < 14; i++) { 1700 if (sc->mac_ver >= 0x5390) { 1701 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1702 sc->txpow1[i] = 5; 1703 } else { 1704 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1705 sc->txpow1[i] = 5; 1706 } 1707 if (sc->mac_ver > 0x5390) { 1708 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1709 sc->txpow2[i] = 5; 1710 } else if (sc->mac_ver < 0x5390) { 1711 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1712 sc->txpow2[i] = 5; 1713 } 1714 DPRINTF("chan %d: power1=%d, power2=%d\n", 1715 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1716 } 1717 /* Read power settings for 5GHz channels. */ 1718 for (i = 0; i < 40; i += 2) { 1719 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1720 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1721 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1722 1723 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1724 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1725 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1726 } 1727 /* Fix broken Tx power entries. */ 1728 for (i = 0; i < 40; i++ ) { 1729 if (sc->mac_ver != 0x5592) { 1730 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1731 sc->txpow1[14 + i] = 5; 1732 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1733 sc->txpow2[14 + i] = 5; 1734 } 1735 DPRINTF("chan %d: power1=%d, power2=%d\n", 1736 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1737 sc->txpow2[14 + i]); 1738 } 1739 } 1740 1741 static int 1742 run_read_eeprom(struct run_softc *sc) 1743 { 1744 int8_t delta_2ghz, delta_5ghz; 1745 uint32_t tmp; 1746 uint16_t val; 1747 int ridx, ant, i; 1748 1749 /* check whether the ROM is eFUSE ROM or EEPROM */ 1750 sc->sc_srom_read = run_eeprom_read_2; 1751 if (sc->mac_ver >= 0x3070) { 1752 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1753 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1754 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1755 sc->sc_srom_read = run_efuse_read_2; 1756 } 1757 1758 /* read ROM version */ 1759 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1760 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1761 1762 /* read MAC address */ 1763 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1764 sc->sc_bssid[0] = val & 0xff; 1765 sc->sc_bssid[1] = val >> 8; 1766 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1767 sc->sc_bssid[2] = val & 0xff; 1768 sc->sc_bssid[3] = val >> 8; 1769 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1770 sc->sc_bssid[4] = val & 0xff; 1771 sc->sc_bssid[5] = val >> 8; 1772 1773 if (sc->mac_ver < 0x3593) { 1774 /* read vender BBP settings */ 1775 for (i = 0; i < 10; i++) { 1776 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1777 sc->bbp[i].val = val & 0xff; 1778 sc->bbp[i].reg = val >> 8; 1779 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1780 sc->bbp[i].val); 1781 } 1782 if (sc->mac_ver >= 0x3071) { 1783 /* read vendor RF settings */ 1784 for (i = 0; i < 10; i++) { 1785 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1786 &val); 1787 sc->rf[i].val = val & 0xff; 1788 sc->rf[i].reg = val >> 8; 1789 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1790 sc->rf[i].val); 1791 } 1792 } 1793 } 1794 1795 /* read RF frequency offset from EEPROM */ 1796 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1797 RT3593_EEPROM_FREQ, &val); 1798 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1799 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1800 1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1802 RT3593_EEPROM_FREQ_LEDS, &val); 1803 if (val >> 8 != 0xff) { 1804 /* read LEDs operating mode */ 1805 sc->leds = val >> 8; 1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1807 RT3593_EEPROM_LED1, &sc->led[0]); 1808 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1809 RT3593_EEPROM_LED2, &sc->led[1]); 1810 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1811 RT3593_EEPROM_LED3, &sc->led[2]); 1812 } else { 1813 /* broken EEPROM, use default settings */ 1814 sc->leds = 0x01; 1815 sc->led[0] = 0x5555; 1816 sc->led[1] = 0x2221; 1817 sc->led[2] = 0x5627; /* differs from RT2860 */ 1818 } 1819 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1820 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1821 1822 /* read RF information */ 1823 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1824 run_srom_read(sc, 0x00, &val); 1825 else 1826 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1827 1828 if (val == 0xffff) { 1829 device_printf(sc->sc_dev, 1830 "invalid EEPROM antenna info, using default\n"); 1831 DPRINTF("invalid EEPROM antenna info, using default\n"); 1832 if (sc->mac_ver == 0x3572) { 1833 /* default to RF3052 2T2R */ 1834 sc->rf_rev = RT3070_RF_3052; 1835 sc->ntxchains = 2; 1836 sc->nrxchains = 2; 1837 } else if (sc->mac_ver >= 0x3070) { 1838 /* default to RF3020 1T1R */ 1839 sc->rf_rev = RT3070_RF_3020; 1840 sc->ntxchains = 1; 1841 sc->nrxchains = 1; 1842 } else { 1843 /* default to RF2820 1T2R */ 1844 sc->rf_rev = RT2860_RF_2820; 1845 sc->ntxchains = 1; 1846 sc->nrxchains = 2; 1847 } 1848 } else { 1849 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1850 sc->rf_rev = val; 1851 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1852 } else 1853 sc->rf_rev = (val >> 8) & 0xf; 1854 sc->ntxchains = (val >> 4) & 0xf; 1855 sc->nrxchains = val & 0xf; 1856 } 1857 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1858 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1859 1860 /* check if RF supports automatic Tx access gain control */ 1861 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1862 DPRINTF("EEPROM CFG 0x%04x\n", val); 1863 /* check if driver should patch the DAC issue */ 1864 if ((val >> 8) != 0xff) 1865 sc->patch_dac = (val >> 15) & 1; 1866 if ((val & 0xff) != 0xff) { 1867 sc->ext_5ghz_lna = (val >> 3) & 1; 1868 sc->ext_2ghz_lna = (val >> 2) & 1; 1869 /* check if RF supports automatic Tx access gain control */ 1870 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1871 /* check if we have a hardware radio switch */ 1872 sc->rfswitch = val & 1; 1873 } 1874 1875 /* Read Tx power settings. */ 1876 if (sc->mac_ver == 0x3593) 1877 run_rt3593_get_txpower(sc); 1878 else 1879 run_get_txpower(sc); 1880 1881 /* read Tx power compensation for each Tx rate */ 1882 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1883 delta_2ghz = delta_5ghz = 0; 1884 if ((val & 0xff) != 0xff && (val & 0x80)) { 1885 delta_2ghz = val & 0xf; 1886 if (!(val & 0x40)) /* negative number */ 1887 delta_2ghz = -delta_2ghz; 1888 } 1889 val >>= 8; 1890 if ((val & 0xff) != 0xff && (val & 0x80)) { 1891 delta_5ghz = val & 0xf; 1892 if (!(val & 0x40)) /* negative number */ 1893 delta_5ghz = -delta_5ghz; 1894 } 1895 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1896 delta_2ghz, delta_5ghz); 1897 1898 for (ridx = 0; ridx < 5; ridx++) { 1899 uint32_t reg; 1900 1901 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1902 reg = val; 1903 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1904 reg |= (uint32_t)val << 16; 1905 1906 sc->txpow20mhz[ridx] = reg; 1907 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1908 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1909 1910 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1911 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1912 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1913 } 1914 1915 /* Read RSSI offsets and LNA gains from EEPROM. */ 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1917 RT3593_EEPROM_RSSI1_2GHZ, &val); 1918 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1919 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1920 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1921 RT3593_EEPROM_RSSI2_2GHZ, &val); 1922 if (sc->mac_ver >= 0x3070) { 1923 if (sc->mac_ver == 0x3593) { 1924 sc->txmixgain_2ghz = 0; 1925 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1926 } else { 1927 /* 1928 * On RT3070 chips (limited to 2 Rx chains), this ROM 1929 * field contains the Tx mixer gain for the 2GHz band. 1930 */ 1931 if ((val & 0xff) != 0xff) 1932 sc->txmixgain_2ghz = val & 0x7; 1933 } 1934 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1935 } else 1936 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1937 if (sc->mac_ver == 0x3593) 1938 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1939 sc->lna[2] = val >> 8; /* channel group 2 */ 1940 1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1942 RT3593_EEPROM_RSSI1_5GHZ, &val); 1943 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1944 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1946 RT3593_EEPROM_RSSI2_5GHZ, &val); 1947 if (sc->mac_ver == 0x3572) { 1948 /* 1949 * On RT3572 chips (limited to 2 Rx chains), this ROM 1950 * field contains the Tx mixer gain for the 5GHz band. 1951 */ 1952 if ((val & 0xff) != 0xff) 1953 sc->txmixgain_5ghz = val & 0x7; 1954 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1955 } else 1956 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1957 if (sc->mac_ver == 0x3593) { 1958 sc->txmixgain_5ghz = 0; 1959 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1960 } 1961 sc->lna[3] = val >> 8; /* channel group 3 */ 1962 1963 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1964 RT3593_EEPROM_LNA, &val); 1965 sc->lna[0] = val & 0xff; /* channel group 0 */ 1966 sc->lna[1] = val >> 8; /* channel group 1 */ 1967 1968 /* fix broken 5GHz LNA entries */ 1969 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1970 DPRINTF("invalid LNA for channel group %d\n", 2); 1971 sc->lna[2] = sc->lna[1]; 1972 } 1973 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1974 DPRINTF("invalid LNA for channel group %d\n", 3); 1975 sc->lna[3] = sc->lna[1]; 1976 } 1977 1978 /* fix broken RSSI offset entries */ 1979 for (ant = 0; ant < 3; ant++) { 1980 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1981 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1982 ant + 1, sc->rssi_2ghz[ant]); 1983 sc->rssi_2ghz[ant] = 0; 1984 } 1985 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1986 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1987 ant + 1, sc->rssi_5ghz[ant]); 1988 sc->rssi_5ghz[ant] = 0; 1989 } 1990 } 1991 return (0); 1992 } 1993 1994 static struct ieee80211_node * 1995 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1996 { 1997 return kmalloc(sizeof (struct run_node), M_DEVBUF, M_WAITOK | M_ZERO); 1998 } 1999 2000 static int 2001 run_media_change(struct ifnet *ifp) 2002 { 2003 struct ieee80211vap *vap = ifp->if_softc; 2004 struct ieee80211com *ic = vap->iv_ic; 2005 const struct ieee80211_txparam *tp; 2006 struct run_softc *sc = ic->ic_ifp->if_softc; 2007 uint8_t rate, ridx; 2008 int error; 2009 2010 RUN_LOCK(sc); 2011 2012 error = ieee80211_media_change(ifp); 2013 if (error != ENETRESET) { 2014 RUN_UNLOCK(sc); 2015 return (error); 2016 } 2017 2018 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2019 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2020 struct ieee80211_node *ni; 2021 struct run_node *rn; 2022 2023 rate = ic->ic_sup_rates[ic->ic_curmode]. 2024 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2025 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2026 if (rt2860_rates[ridx].rate == rate) 2027 break; 2028 ni = ieee80211_ref_node(vap->iv_bss); 2029 rn = (struct run_node *)ni; 2030 rn->fix_ridx = ridx; 2031 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2032 ieee80211_free_node(ni); 2033 } 2034 2035 #if 0 2036 if ((ifp->if_flags & IFF_UP) && 2037 (ifp->if_flags & IFF_RUNNING)){ 2038 run_init_locked(sc); 2039 } 2040 #endif 2041 2042 RUN_UNLOCK(sc); 2043 2044 return (0); 2045 } 2046 2047 static int 2048 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2049 { 2050 const struct ieee80211_txparam *tp; 2051 struct ieee80211com *ic = vap->iv_ic; 2052 struct run_softc *sc = ic->ic_ifp->if_softc; 2053 struct run_vap *rvp = RUN_VAP(vap); 2054 enum ieee80211_state ostate; 2055 uint32_t sta[3]; 2056 uint32_t tmp; 2057 uint8_t ratectl; 2058 uint8_t restart_ratectl = 0; 2059 uint8_t bid = 1 << rvp->rvp_id; 2060 2061 ostate = vap->iv_state; 2062 DPRINTF("%s -> %s\n", 2063 ieee80211_state_name[ostate], 2064 ieee80211_state_name[nstate]); 2065 2066 RUN_LOCK(sc); 2067 2068 ratectl = sc->ratectl_run; /* remember current state */ 2069 sc->ratectl_run = RUN_RATECTL_OFF; 2070 usb_callout_stop(&sc->ratectl_ch); 2071 2072 if (ostate == IEEE80211_S_RUN) { 2073 /* turn link LED off */ 2074 run_set_leds(sc, RT2860_LED_RADIO); 2075 } 2076 2077 switch (nstate) { 2078 case IEEE80211_S_INIT: 2079 restart_ratectl = 1; 2080 2081 if (ostate != IEEE80211_S_RUN) 2082 break; 2083 2084 ratectl &= ~bid; 2085 sc->runbmap &= ~bid; 2086 2087 /* abort TSF synchronization if there is no vap running */ 2088 if (--sc->running == 0) { 2089 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2090 run_write(sc, RT2860_BCN_TIME_CFG, 2091 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2092 RT2860_TBTT_TIMER_EN)); 2093 } 2094 break; 2095 2096 case IEEE80211_S_RUN: 2097 if (!(sc->runbmap & bid)) { 2098 if(sc->running++) 2099 restart_ratectl = 1; 2100 sc->runbmap |= bid; 2101 } 2102 2103 m_freem(rvp->beacon_mbuf); 2104 rvp->beacon_mbuf = NULL; 2105 2106 switch (vap->iv_opmode) { 2107 case IEEE80211_M_HOSTAP: 2108 case IEEE80211_M_MBSS: 2109 sc->ap_running |= bid; 2110 ic->ic_opmode = vap->iv_opmode; 2111 run_update_beacon_cb(vap); 2112 break; 2113 case IEEE80211_M_IBSS: 2114 sc->adhoc_running |= bid; 2115 if (!sc->ap_running) 2116 ic->ic_opmode = vap->iv_opmode; 2117 run_update_beacon_cb(vap); 2118 break; 2119 case IEEE80211_M_STA: 2120 sc->sta_running |= bid; 2121 if (!sc->ap_running && !sc->adhoc_running) 2122 ic->ic_opmode = vap->iv_opmode; 2123 2124 /* read statistic counters (clear on read) */ 2125 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2126 (uint8_t *)sta, sizeof sta); 2127 2128 break; 2129 default: 2130 ic->ic_opmode = vap->iv_opmode; 2131 break; 2132 } 2133 2134 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2135 struct ieee80211_node *ni; 2136 2137 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2138 RUN_UNLOCK(sc); 2139 return (-1); 2140 } 2141 run_updateslot(ic->ic_ifp); 2142 run_enable_mrr(sc); 2143 run_set_txpreamble(sc); 2144 run_set_basicrates(sc); 2145 ni = ieee80211_ref_node(vap->iv_bss); 2146 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2147 run_set_bssid(sc, ni->ni_bssid); 2148 ieee80211_free_node(ni); 2149 run_enable_tsf_sync(sc); 2150 2151 /* enable automatic rate adaptation */ 2152 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2153 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2154 ratectl |= bid; 2155 } 2156 2157 /* turn link LED on */ 2158 run_set_leds(sc, RT2860_LED_RADIO | 2159 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2160 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2161 2162 break; 2163 default: 2164 DPRINTFN(6, "undefined case\n"); 2165 break; 2166 } 2167 2168 /* restart amrr for running VAPs */ 2169 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2170 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2171 2172 RUN_UNLOCK(sc); 2173 2174 return(rvp->newstate(vap, nstate, arg)); 2175 } 2176 2177 /* ARGSUSED */ 2178 static void 2179 run_wme_update_cb(void *arg) 2180 { 2181 struct ieee80211com *ic = arg; 2182 struct run_softc *sc = ic->ic_ifp->if_softc; 2183 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2184 int aci, error = 0; 2185 2186 RUN_LOCK_ASSERT(sc, MA_OWNED); 2187 2188 /* update MAC TX configuration registers */ 2189 for (aci = 0; aci < WME_NUM_AC; aci++) { 2190 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2191 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2192 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2193 wmesp->wme_params[aci].wmep_aifsn << 8 | 2194 wmesp->wme_params[aci].wmep_txopLimit); 2195 if (error) goto err; 2196 } 2197 2198 /* update SCH/DMA registers too */ 2199 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2200 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2201 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2202 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2203 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2204 if (error) goto err; 2205 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2206 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2207 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2208 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2209 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2210 if (error) goto err; 2211 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2212 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2213 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2214 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2215 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2216 if (error) goto err; 2217 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2218 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2219 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2220 if (error) goto err; 2221 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2222 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2223 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2224 2225 err: 2226 if (error) 2227 DPRINTF("WME update failed\n"); 2228 2229 return; 2230 } 2231 2232 static int 2233 run_wme_update(struct ieee80211com *ic) 2234 { 2235 struct run_softc *sc = ic->ic_ifp->if_softc; 2236 2237 #if defined(__DragonFly__) 2238 if (lockstatus(&ic->ic_comlock, curthread) == LK_EXCLUSIVE) { 2239 #else 2240 if (mtx_owned(&ic->ic_comlock.mtx)) { 2241 #endif 2242 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2243 DPRINTF("cmdq_store=%d\n", i); 2244 sc->cmdq[i].func = run_wme_update_cb; 2245 sc->cmdq[i].arg0 = ic; 2246 ieee80211_runtask(ic, &sc->cmdq_task); 2247 return (0); 2248 } 2249 2250 RUN_LOCK(sc); 2251 run_wme_update_cb(ic); 2252 RUN_UNLOCK(sc); 2253 2254 /* return whatever, upper layer desn't care anyway */ 2255 return (0); 2256 } 2257 2258 static void 2259 run_key_update_begin(struct ieee80211vap *vap) 2260 { 2261 /* 2262 * To avoid out-of-order events, both run_key_set() and 2263 * _delete() are deferred and handled by run_cmdq_cb(). 2264 * So, there is nothing we need to do here. 2265 */ 2266 } 2267 2268 static void 2269 run_key_update_end(struct ieee80211vap *vap) 2270 { 2271 /* null */ 2272 } 2273 2274 static void 2275 run_key_set_cb(void *arg) 2276 { 2277 struct run_cmdq *cmdq = arg; 2278 struct ieee80211vap *vap = cmdq->arg1; 2279 struct ieee80211_key *k = cmdq->k; 2280 struct ieee80211com *ic = vap->iv_ic; 2281 struct run_softc *sc = ic->ic_ifp->if_softc; 2282 struct ieee80211_node *ni; 2283 uint32_t attr; 2284 uint16_t base, associd; 2285 uint8_t mode, wcid, iv[8]; 2286 2287 RUN_LOCK_ASSERT(sc, MA_OWNED); 2288 2289 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2290 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2291 else 2292 ni = vap->iv_bss; 2293 associd = (ni != NULL) ? ni->ni_associd : 0; 2294 2295 /* map net80211 cipher to RT2860 security mode */ 2296 switch (k->wk_cipher->ic_cipher) { 2297 case IEEE80211_CIPHER_WEP: 2298 if(k->wk_keylen < 8) 2299 mode = RT2860_MODE_WEP40; 2300 else 2301 mode = RT2860_MODE_WEP104; 2302 break; 2303 case IEEE80211_CIPHER_TKIP: 2304 mode = RT2860_MODE_TKIP; 2305 break; 2306 case IEEE80211_CIPHER_AES_CCM: 2307 mode = RT2860_MODE_AES_CCMP; 2308 break; 2309 default: 2310 DPRINTF("undefined case\n"); 2311 return; 2312 } 2313 2314 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2315 associd, k->wk_keyix, mode, 2316 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2317 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2318 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2319 2320 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2321 wcid = 0; /* NB: update WCID0 for group keys */ 2322 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2323 } else { 2324 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2325 1 : RUN_AID2WCID(associd); 2326 base = RT2860_PKEY(wcid); 2327 } 2328 2329 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2330 if(run_write_region_1(sc, base, k->wk_key, 16)) 2331 return; 2332 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2333 return; 2334 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2335 return; 2336 } else { 2337 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2338 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2339 return; 2340 } 2341 2342 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2343 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2344 /* set initial packet number in IV+EIV */ 2345 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2346 memset(iv, 0, sizeof iv); 2347 iv[3] = vap->iv_def_txkey << 6; 2348 } else { 2349 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2350 iv[0] = k->wk_keytsc >> 8; 2351 iv[1] = (iv[0] | 0x20) & 0x7f; 2352 iv[2] = k->wk_keytsc; 2353 } else /* CCMP */ { 2354 iv[0] = k->wk_keytsc; 2355 iv[1] = k->wk_keytsc >> 8; 2356 iv[2] = 0; 2357 } 2358 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2359 iv[4] = k->wk_keytsc >> 16; 2360 iv[5] = k->wk_keytsc >> 24; 2361 iv[6] = k->wk_keytsc >> 32; 2362 iv[7] = k->wk_keytsc >> 40; 2363 } 2364 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2365 return; 2366 } 2367 2368 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2369 /* install group key */ 2370 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2371 return; 2372 attr &= ~(0xf << (k->wk_keyix * 4)); 2373 attr |= mode << (k->wk_keyix * 4); 2374 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2375 return; 2376 } else { 2377 /* install pairwise key */ 2378 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2379 return; 2380 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2381 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2382 return; 2383 } 2384 2385 /* TODO create a pass-thru key entry? */ 2386 2387 /* need wcid to delete the right key later */ 2388 k->wk_pad = wcid; 2389 } 2390 2391 /* 2392 * Don't have to be deferred, but in order to keep order of 2393 * execution, i.e. with run_key_delete(), defer this and let 2394 * run_cmdq_cb() maintain the order. 2395 * 2396 * return 0 on error 2397 */ 2398 static int 2399 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2400 const uint8_t mac[IEEE80211_ADDR_LEN]) 2401 { 2402 struct ieee80211com *ic = vap->iv_ic; 2403 struct run_softc *sc = ic->ic_ifp->if_softc; 2404 uint32_t i; 2405 2406 i = RUN_CMDQ_GET(&sc->cmdq_store); 2407 DPRINTF("cmdq_store=%d\n", i); 2408 sc->cmdq[i].func = run_key_set_cb; 2409 sc->cmdq[i].arg0 = NULL; 2410 sc->cmdq[i].arg1 = vap; 2411 sc->cmdq[i].k = k; 2412 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2413 ieee80211_runtask(ic, &sc->cmdq_task); 2414 2415 /* 2416 * To make sure key will be set when hostapd 2417 * calls iv_key_set() before if_init(). 2418 */ 2419 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2420 RUN_LOCK(sc); 2421 sc->cmdq_key_set = RUN_CMDQ_GO; 2422 RUN_UNLOCK(sc); 2423 } 2424 2425 return (1); 2426 } 2427 2428 /* 2429 * If wlan is destroyed without being brought down i.e. without 2430 * wlan down or wpa_cli terminate, this function is called after 2431 * vap is gone. Don't refer it. 2432 */ 2433 static void 2434 run_key_delete_cb(void *arg) 2435 { 2436 struct run_cmdq *cmdq = arg; 2437 struct run_softc *sc = cmdq->arg1; 2438 struct ieee80211_key *k = &cmdq->key; 2439 uint32_t attr; 2440 uint8_t wcid; 2441 2442 RUN_LOCK_ASSERT(sc, MA_OWNED); 2443 2444 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2445 /* remove group key */ 2446 DPRINTF("removing group key\n"); 2447 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2448 attr &= ~(0xf << (k->wk_keyix * 4)); 2449 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2450 } else { 2451 /* remove pairwise key */ 2452 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2453 /* matching wcid was written to wk_pad in run_key_set() */ 2454 wcid = k->wk_pad; 2455 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2456 attr &= ~0xf; 2457 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2458 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2459 } 2460 2461 k->wk_pad = 0; 2462 } 2463 2464 /* 2465 * return 0 on error 2466 */ 2467 static int 2468 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2469 { 2470 struct ieee80211com *ic = vap->iv_ic; 2471 struct run_softc *sc = ic->ic_ifp->if_softc; 2472 struct ieee80211_key *k0; 2473 uint32_t i; 2474 2475 /* 2476 * When called back, key might be gone. So, make a copy 2477 * of some values need to delete keys before deferring. 2478 * But, because of LOR with node lock, cannot use lock here. 2479 * So, use atomic instead. 2480 */ 2481 i = RUN_CMDQ_GET(&sc->cmdq_store); 2482 DPRINTF("cmdq_store=%d\n", i); 2483 sc->cmdq[i].func = run_key_delete_cb; 2484 sc->cmdq[i].arg0 = NULL; 2485 sc->cmdq[i].arg1 = sc; 2486 k0 = &sc->cmdq[i].key; 2487 k0->wk_flags = k->wk_flags; 2488 k0->wk_keyix = k->wk_keyix; 2489 /* matching wcid was written to wk_pad in run_key_set() */ 2490 k0->wk_pad = k->wk_pad; 2491 ieee80211_runtask(ic, &sc->cmdq_task); 2492 return (1); /* return fake success */ 2493 2494 } 2495 2496 static void 2497 run_ratectl_to(void *arg) 2498 { 2499 struct run_softc *sc = arg; 2500 2501 /* do it in a process context, so it can go sleep */ 2502 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2503 /* next timeout will be rescheduled in the callback task */ 2504 } 2505 2506 /* ARGSUSED */ 2507 static void 2508 run_ratectl_cb(void *arg, int pending) 2509 { 2510 struct run_softc *sc = arg; 2511 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2512 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2513 2514 if (vap == NULL) 2515 return; 2516 2517 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2518 /* 2519 * run_reset_livelock() doesn't do anything with AMRR, 2520 * but Ralink wants us to call it every 1 sec. So, we 2521 * piggyback here rather than creating another callout. 2522 * Livelock may occur only in HOSTAP or IBSS mode 2523 * (when h/w is sending beacons). 2524 */ 2525 RUN_LOCK(sc); 2526 run_reset_livelock(sc); 2527 /* just in case, there are some stats to drain */ 2528 run_drain_fifo(sc); 2529 RUN_UNLOCK(sc); 2530 } 2531 2532 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2533 2534 RUN_LOCK(sc); 2535 if(sc->ratectl_run != RUN_RATECTL_OFF) 2536 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2537 RUN_UNLOCK(sc); 2538 } 2539 2540 static void 2541 run_drain_fifo(void *arg) 2542 { 2543 struct run_softc *sc = arg; 2544 struct ifnet *ifp = sc->sc_ifp; 2545 uint32_t stat; 2546 uint16_t (*wstat)[3]; 2547 uint8_t wcid, mcs, pid; 2548 int8_t retry; 2549 2550 RUN_LOCK_ASSERT(sc, MA_OWNED); 2551 2552 for (;;) { 2553 /* drain Tx status FIFO (maxsize = 16) */ 2554 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2555 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2556 if (!(stat & RT2860_TXQ_VLD)) 2557 break; 2558 2559 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2560 2561 /* if no ACK was requested, no feedback is available */ 2562 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2563 wcid == 0) 2564 continue; 2565 2566 /* 2567 * Even though each stat is Tx-complete-status like format, 2568 * the device can poll stats. Because there is no guarantee 2569 * that the referring node is still around when read the stats. 2570 * So that, if we use ieee80211_ratectl_tx_update(), we will 2571 * have hard time not to refer already freed node. 2572 * 2573 * To eliminate such page faults, we poll stats in softc. 2574 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2575 */ 2576 wstat = &(sc->wcid_stats[wcid]); 2577 (*wstat)[RUN_TXCNT]++; 2578 if (stat & RT2860_TXQ_OK) 2579 (*wstat)[RUN_SUCCESS]++; 2580 else 2581 ifp->if_oerrors++; 2582 /* 2583 * Check if there were retries, ie if the Tx success rate is 2584 * different from the requested rate. Note that it works only 2585 * because we do not allow rate fallback from OFDM to CCK. 2586 */ 2587 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2588 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2589 if ((retry = pid -1 - mcs) > 0) { 2590 (*wstat)[RUN_TXCNT] += retry; 2591 (*wstat)[RUN_RETRY] += retry; 2592 } 2593 } 2594 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2595 2596 sc->fifo_cnt = 0; 2597 } 2598 2599 static void 2600 run_iter_func(void *arg, struct ieee80211_node *ni) 2601 { 2602 struct run_softc *sc = arg; 2603 struct ieee80211vap *vap = ni->ni_vap; 2604 struct ieee80211com *ic = ni->ni_ic; 2605 struct ifnet *ifp = ic->ic_ifp; 2606 struct run_node *rn = (void *)ni; 2607 union run_stats sta[2]; 2608 uint16_t (*wstat)[3]; 2609 int txcnt, success, retrycnt, error; 2610 2611 RUN_LOCK(sc); 2612 2613 /* Check for special case */ 2614 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2615 ni != vap->iv_bss) 2616 goto fail; 2617 2618 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2619 vap->iv_opmode == IEEE80211_M_STA)) { 2620 /* read statistic counters (clear on read) and update AMRR state */ 2621 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2622 sizeof sta); 2623 if (error != 0) 2624 goto fail; 2625 2626 /* count failed TX as errors */ 2627 ifp->if_oerrors += le16toh(sta[0].error.fail); 2628 2629 retrycnt = le16toh(sta[1].tx.retry); 2630 success = le16toh(sta[1].tx.success); 2631 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2632 2633 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2634 retrycnt, success, le16toh(sta[0].error.fail)); 2635 } else { 2636 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2637 2638 if (wstat == &(sc->wcid_stats[0]) || 2639 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2640 goto fail; 2641 2642 txcnt = (*wstat)[RUN_TXCNT]; 2643 success = (*wstat)[RUN_SUCCESS]; 2644 retrycnt = (*wstat)[RUN_RETRY]; 2645 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2646 retrycnt, txcnt, success); 2647 2648 memset(wstat, 0, sizeof(*wstat)); 2649 } 2650 2651 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2652 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2653 2654 fail: 2655 RUN_UNLOCK(sc); 2656 2657 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2658 } 2659 2660 static void 2661 run_newassoc_cb(void *arg) 2662 { 2663 struct run_cmdq *cmdq = arg; 2664 struct ieee80211_node *ni = cmdq->arg1; 2665 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2666 uint8_t wcid = cmdq->wcid; 2667 2668 RUN_LOCK_ASSERT(sc, MA_OWNED); 2669 2670 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2671 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2672 2673 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2674 } 2675 2676 static void 2677 run_newassoc(struct ieee80211_node *ni, int isnew) 2678 { 2679 struct run_node *rn = (void *)ni; 2680 struct ieee80211_rateset *rs = &ni->ni_rates; 2681 struct ieee80211vap *vap = ni->ni_vap; 2682 struct ieee80211com *ic = vap->iv_ic; 2683 struct run_softc *sc = ic->ic_ifp->if_softc; 2684 uint8_t rate; 2685 uint8_t ridx; 2686 uint8_t wcid; 2687 int i, j; 2688 #ifdef RUN_DEBUG 2689 char ethstr[ETHER_ADDRSTRLEN + 1]; 2690 #endif 2691 2692 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2693 1 : RUN_AID2WCID(ni->ni_associd); 2694 2695 if (wcid > RT2870_WCID_MAX) { 2696 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2697 return; 2698 } 2699 2700 /* only interested in true associations */ 2701 if (isnew && ni->ni_associd != 0) { 2702 2703 /* 2704 * This function could is called though timeout function. 2705 * Need to defer. 2706 */ 2707 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2708 DPRINTF("cmdq_store=%d\n", cnt); 2709 sc->cmdq[cnt].func = run_newassoc_cb; 2710 sc->cmdq[cnt].arg0 = NULL; 2711 sc->cmdq[cnt].arg1 = ni; 2712 sc->cmdq[cnt].wcid = wcid; 2713 ieee80211_runtask(ic, &sc->cmdq_task); 2714 } 2715 2716 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2717 isnew, ni->ni_associd, kether_ntoa(ni->ni_macaddr, ethstr)); 2718 2719 for (i = 0; i < rs->rs_nrates; i++) { 2720 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2721 /* convert 802.11 rate to hardware rate index */ 2722 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2723 if (rt2860_rates[ridx].rate == rate) 2724 break; 2725 rn->ridx[i] = ridx; 2726 /* determine rate of control response frames */ 2727 for (j = i; j >= 0; j--) { 2728 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2729 rt2860_rates[rn->ridx[i]].phy == 2730 rt2860_rates[rn->ridx[j]].phy) 2731 break; 2732 } 2733 if (j >= 0) { 2734 rn->ctl_ridx[i] = rn->ridx[j]; 2735 } else { 2736 /* no basic rate found, use mandatory one */ 2737 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2738 } 2739 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2740 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2741 } 2742 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2743 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2744 if (rt2860_rates[ridx].rate == rate) 2745 break; 2746 rn->mgt_ridx = ridx; 2747 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2748 2749 RUN_LOCK(sc); 2750 if(sc->ratectl_run != RUN_RATECTL_OFF) 2751 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2752 RUN_UNLOCK(sc); 2753 } 2754 2755 /* 2756 * Return the Rx chain with the highest RSSI for a given frame. 2757 */ 2758 static __inline uint8_t 2759 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2760 { 2761 uint8_t rxchain = 0; 2762 2763 if (sc->nrxchains > 1) { 2764 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2765 rxchain = 1; 2766 if (sc->nrxchains > 2) 2767 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2768 rxchain = 2; 2769 } 2770 return (rxchain); 2771 } 2772 2773 static void 2774 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2775 { 2776 struct ifnet *ifp = sc->sc_ifp; 2777 struct ieee80211com *ic = ifp->if_l2com; 2778 struct ieee80211_frame *wh; 2779 struct ieee80211_node *ni; 2780 struct rt2870_rxd *rxd; 2781 struct rt2860_rxwi *rxwi; 2782 uint32_t flags; 2783 uint16_t len, rxwisize; 2784 uint8_t ant, rssi; 2785 int8_t nf; 2786 2787 rxwi = mtod(m, struct rt2860_rxwi *); 2788 len = le16toh(rxwi->len) & 0xfff; 2789 rxwisize = sizeof(struct rt2860_rxwi); 2790 if (sc->mac_ver == 0x5592) 2791 rxwisize += sizeof(uint64_t); 2792 else if (sc->mac_ver == 0x3593) 2793 rxwisize += sizeof(uint32_t); 2794 if (__predict_false(len > dmalen)) { 2795 m_freem(m); 2796 ifp->if_ierrors++; 2797 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2798 return; 2799 } 2800 /* Rx descriptor is located at the end */ 2801 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2802 flags = le32toh(rxd->flags); 2803 2804 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2805 m_freem(m); 2806 ifp->if_ierrors++; 2807 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2808 return; 2809 } 2810 2811 m->m_data += rxwisize; 2812 m->m_pkthdr.len = m->m_len -= rxwisize; 2813 2814 wh = mtod(m, struct ieee80211_frame *); 2815 2816 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2817 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2818 m->m_flags |= M_WEP; 2819 } 2820 2821 if (flags & RT2860_RX_L2PAD) { 2822 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2823 len += 2; 2824 } 2825 2826 ni = ieee80211_find_rxnode(ic, 2827 mtod(m, struct ieee80211_frame_min *)); 2828 2829 if (__predict_false(flags & RT2860_RX_MICERR)) { 2830 /* report MIC failures to net80211 for TKIP */ 2831 if (ni != NULL) 2832 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2833 rxwi->keyidx); 2834 m_freem(m); 2835 ifp->if_ierrors++; 2836 DPRINTF("MIC error. Someone is lying.\n"); 2837 return; 2838 } 2839 2840 ant = run_maxrssi_chain(sc, rxwi); 2841 rssi = rxwi->rssi[ant]; 2842 nf = run_rssi2dbm(sc, rssi, ant); 2843 2844 m->m_pkthdr.rcvif = ifp; 2845 m->m_pkthdr.len = m->m_len = len; 2846 2847 if (ni != NULL) { 2848 (void)ieee80211_input(ni, m, rssi, nf); 2849 ieee80211_free_node(ni); 2850 } else { 2851 (void)ieee80211_input_all(ic, m, rssi, nf); 2852 } 2853 2854 if (__predict_false(ieee80211_radiotap_active(ic))) { 2855 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2856 uint16_t phy; 2857 2858 tap->wr_flags = 0; 2859 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2860 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2861 tap->wr_antsignal = rssi; 2862 tap->wr_antenna = ant; 2863 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2864 tap->wr_rate = 2; /* in case it can't be found below */ 2865 phy = le16toh(rxwi->phy); 2866 switch (phy & RT2860_PHY_MODE) { 2867 case RT2860_PHY_CCK: 2868 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2869 case 0: tap->wr_rate = 2; break; 2870 case 1: tap->wr_rate = 4; break; 2871 case 2: tap->wr_rate = 11; break; 2872 case 3: tap->wr_rate = 22; break; 2873 } 2874 if (phy & RT2860_PHY_SHPRE) 2875 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2876 break; 2877 case RT2860_PHY_OFDM: 2878 switch (phy & RT2860_PHY_MCS) { 2879 case 0: tap->wr_rate = 12; break; 2880 case 1: tap->wr_rate = 18; break; 2881 case 2: tap->wr_rate = 24; break; 2882 case 3: tap->wr_rate = 36; break; 2883 case 4: tap->wr_rate = 48; break; 2884 case 5: tap->wr_rate = 72; break; 2885 case 6: tap->wr_rate = 96; break; 2886 case 7: tap->wr_rate = 108; break; 2887 } 2888 break; 2889 } 2890 } 2891 } 2892 2893 static void 2894 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2895 { 2896 struct run_softc *sc = usbd_xfer_softc(xfer); 2897 struct ifnet *ifp = sc->sc_ifp; 2898 struct mbuf *m = NULL; 2899 struct mbuf *m0; 2900 uint32_t dmalen; 2901 uint16_t rxwisize; 2902 int xferlen; 2903 2904 rxwisize = sizeof(struct rt2860_rxwi); 2905 if (sc->mac_ver == 0x5592) 2906 rxwisize += sizeof(uint64_t); 2907 else if (sc->mac_ver == 0x3593) 2908 rxwisize += sizeof(uint32_t); 2909 2910 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2911 2912 switch (USB_GET_STATE(xfer)) { 2913 case USB_ST_TRANSFERRED: 2914 2915 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2916 2917 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2918 sizeof(struct rt2870_rxd))) { 2919 DPRINTF("xfer too short %d\n", xferlen); 2920 goto tr_setup; 2921 } 2922 2923 m = sc->rx_m; 2924 sc->rx_m = NULL; 2925 2926 /* FALLTHROUGH */ 2927 case USB_ST_SETUP: 2928 tr_setup: 2929 if (sc->rx_m == NULL) { 2930 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2931 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2932 } 2933 if (sc->rx_m == NULL) { 2934 DPRINTF("could not allocate mbuf - idle with stall\n"); 2935 ifp->if_ierrors++; 2936 usbd_xfer_set_stall(xfer); 2937 usbd_xfer_set_frames(xfer, 0); 2938 } else { 2939 /* 2940 * Directly loading a mbuf cluster into DMA to 2941 * save some data copying. This works because 2942 * there is only one cluster. 2943 */ 2944 usbd_xfer_set_frame_data(xfer, 0, 2945 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2946 usbd_xfer_set_frames(xfer, 1); 2947 } 2948 usbd_transfer_submit(xfer); 2949 break; 2950 2951 default: /* Error */ 2952 if (error != USB_ERR_CANCELLED) { 2953 /* try to clear stall first */ 2954 usbd_xfer_set_stall(xfer); 2955 2956 if (error == USB_ERR_TIMEOUT) 2957 device_printf(sc->sc_dev, "device timeout\n"); 2958 2959 ifp->if_ierrors++; 2960 2961 goto tr_setup; 2962 } 2963 if (sc->rx_m != NULL) { 2964 m_freem(sc->rx_m); 2965 sc->rx_m = NULL; 2966 } 2967 break; 2968 } 2969 2970 if (m == NULL) 2971 return; 2972 2973 /* inputting all the frames must be last */ 2974 2975 RUN_UNLOCK(sc); 2976 2977 m->m_pkthdr.len = m->m_len = xferlen; 2978 2979 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2980 for(;;) { 2981 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2982 2983 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2984 ((dmalen & 3) != 0)) { 2985 DPRINTF("bad DMA length %u\n", dmalen); 2986 break; 2987 } 2988 if ((dmalen + 8) > (uint32_t)xferlen) { 2989 DPRINTF("bad DMA length %u > %d\n", 2990 dmalen + 8, xferlen); 2991 break; 2992 } 2993 2994 /* If it is the last one or a single frame, we won't copy. */ 2995 if ((xferlen -= dmalen + 8) <= 8) { 2996 /* trim 32-bit DMA-len header */ 2997 m->m_data += 4; 2998 m->m_pkthdr.len = m->m_len -= 4; 2999 run_rx_frame(sc, m, dmalen); 3000 m = NULL; /* don't free source buffer */ 3001 break; 3002 } 3003 3004 /* copy aggregated frames to another mbuf */ 3005 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3006 if (__predict_false(m0 == NULL)) { 3007 DPRINTF("could not allocate mbuf\n"); 3008 ifp->if_ierrors++; 3009 break; 3010 } 3011 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3012 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3013 m0->m_pkthdr.len = m0->m_len = 3014 dmalen + sizeof(struct rt2870_rxd); 3015 run_rx_frame(sc, m0, dmalen); 3016 3017 /* update data ptr */ 3018 m->m_data += dmalen + 8; 3019 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3020 } 3021 3022 /* make sure we free the source buffer, if any */ 3023 m_freem(m); 3024 3025 RUN_LOCK(sc); 3026 } 3027 3028 static void 3029 run_tx_free(struct run_endpoint_queue *pq, 3030 struct run_tx_data *data, int txerr) 3031 { 3032 if (data->m != NULL) { 3033 if (data->m->m_flags & M_TXCB) 3034 ieee80211_process_callback(data->ni, data->m, 3035 txerr ? ETIMEDOUT : 0); 3036 m_freem(data->m); 3037 data->m = NULL; 3038 3039 if (data->ni == NULL) { 3040 DPRINTF("no node\n"); 3041 } else { 3042 ieee80211_free_node(data->ni); 3043 data->ni = NULL; 3044 } 3045 } 3046 3047 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3048 pq->tx_nfree++; 3049 } 3050 3051 static void 3052 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3053 { 3054 struct run_softc *sc = usbd_xfer_softc(xfer); 3055 struct ifnet *ifp = sc->sc_ifp; 3056 struct ieee80211com *ic = ifp->if_l2com; 3057 struct run_tx_data *data; 3058 struct ieee80211vap *vap = NULL; 3059 struct usb_page_cache *pc; 3060 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3061 struct mbuf *m; 3062 usb_frlength_t size; 3063 int actlen; 3064 int sumlen; 3065 3066 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3067 3068 switch (USB_GET_STATE(xfer)) { 3069 case USB_ST_TRANSFERRED: 3070 DPRINTFN(11, "transfer complete: %d " 3071 "bytes @ index %d\n", actlen, index); 3072 3073 data = usbd_xfer_get_priv(xfer); 3074 3075 run_tx_free(pq, data, 0); 3076 ifq_clr_oactive(&ifp->if_snd); 3077 3078 usbd_xfer_set_priv(xfer, NULL); 3079 3080 ifp->if_opackets++; 3081 3082 /* FALLTHROUGH */ 3083 case USB_ST_SETUP: 3084 tr_setup: 3085 data = STAILQ_FIRST(&pq->tx_qh); 3086 if (data == NULL) 3087 break; 3088 3089 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3090 3091 m = data->m; 3092 size = (sc->mac_ver == 0x5592) ? 3093 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3094 if ((m->m_pkthdr.len + 3095 size + 3 + 8) > RUN_MAX_TXSZ) { 3096 DPRINTF("data overflow, %u bytes\n", 3097 m->m_pkthdr.len); 3098 3099 ifp->if_oerrors++; 3100 3101 run_tx_free(pq, data, 1); 3102 3103 goto tr_setup; 3104 } 3105 3106 pc = usbd_xfer_get_frame(xfer, 0); 3107 usbd_copy_in(pc, 0, &data->desc, size); 3108 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3109 size += m->m_pkthdr.len; 3110 /* 3111 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3112 * 4-byte padding), and be sure to zero those trailing 3113 * bytes: 3114 */ 3115 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3116 size += ((-size) & 3) + 8; 3117 3118 vap = data->ni->ni_vap; 3119 if (ieee80211_radiotap_active_vap(vap)) { 3120 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3121 struct rt2860_txwi *txwi = 3122 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3123 tap->wt_flags = 0; 3124 tap->wt_rate = rt2860_rates[data->ridx].rate; 3125 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3126 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3127 tap->wt_hwqueue = index; 3128 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3129 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3130 3131 ieee80211_radiotap_tx(vap, m); 3132 } 3133 3134 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3135 m->m_pkthdr.len, size, index); 3136 3137 usbd_xfer_set_frame_len(xfer, 0, size); 3138 usbd_xfer_set_priv(xfer, data); 3139 3140 usbd_transfer_submit(xfer); 3141 3142 run_start(ifp, NULL); 3143 3144 break; 3145 3146 default: 3147 DPRINTF("USB transfer error, %s\n", 3148 usbd_errstr(error)); 3149 3150 data = usbd_xfer_get_priv(xfer); 3151 3152 ifp->if_oerrors++; 3153 3154 if (data != NULL) { 3155 if(data->ni != NULL) 3156 vap = data->ni->ni_vap; 3157 run_tx_free(pq, data, error); 3158 usbd_xfer_set_priv(xfer, NULL); 3159 } 3160 if (vap == NULL) 3161 vap = TAILQ_FIRST(&ic->ic_vaps); 3162 3163 if (error != USB_ERR_CANCELLED) { 3164 if (error == USB_ERR_TIMEOUT) { 3165 device_printf(sc->sc_dev, "device timeout\n"); 3166 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3167 DPRINTF("cmdq_store=%d\n", i); 3168 sc->cmdq[i].func = run_usb_timeout_cb; 3169 sc->cmdq[i].arg0 = vap; 3170 ieee80211_runtask(ic, &sc->cmdq_task); 3171 } 3172 3173 /* 3174 * Try to clear stall first, also if other 3175 * errors occur, hence clearing stall 3176 * introduces a 50 ms delay: 3177 */ 3178 usbd_xfer_set_stall(xfer); 3179 goto tr_setup; 3180 } 3181 break; 3182 } 3183 } 3184 3185 static void 3186 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3187 { 3188 run_bulk_tx_callbackN(xfer, error, 0); 3189 } 3190 3191 static void 3192 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3193 { 3194 run_bulk_tx_callbackN(xfer, error, 1); 3195 } 3196 3197 static void 3198 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3199 { 3200 run_bulk_tx_callbackN(xfer, error, 2); 3201 } 3202 3203 static void 3204 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3205 { 3206 run_bulk_tx_callbackN(xfer, error, 3); 3207 } 3208 3209 static void 3210 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3211 { 3212 run_bulk_tx_callbackN(xfer, error, 4); 3213 } 3214 3215 static void 3216 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3217 { 3218 run_bulk_tx_callbackN(xfer, error, 5); 3219 } 3220 3221 static void 3222 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3223 { 3224 struct mbuf *m = data->m; 3225 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3226 struct ieee80211vap *vap = data->ni->ni_vap; 3227 struct ieee80211_frame *wh; 3228 struct rt2870_txd *txd; 3229 struct rt2860_txwi *txwi; 3230 uint16_t xferlen, txwisize; 3231 uint16_t mcs; 3232 uint8_t ridx = data->ridx; 3233 uint8_t pad; 3234 3235 /* get MCS code from rate index */ 3236 mcs = rt2860_rates[ridx].mcs; 3237 3238 txwisize = (sc->mac_ver == 0x5592) ? 3239 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3240 xferlen = txwisize + m->m_pkthdr.len; 3241 3242 /* roundup to 32-bit alignment */ 3243 xferlen = (xferlen + 3) & ~3; 3244 3245 txd = (struct rt2870_txd *)&data->desc; 3246 txd->len = htole16(xferlen); 3247 3248 wh = mtod(m, struct ieee80211_frame *); 3249 3250 /* 3251 * Ether both are true or both are false, the header 3252 * are nicely aligned to 32-bit. So, no L2 padding. 3253 */ 3254 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3255 pad = 0; 3256 else 3257 pad = 2; 3258 3259 /* setup TX Wireless Information */ 3260 txwi = (struct rt2860_txwi *)(txd + 1); 3261 txwi->len = htole16(m->m_pkthdr.len - pad); 3262 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3263 mcs |= RT2860_PHY_CCK; 3264 if (ridx != RT2860_RIDX_CCK1 && 3265 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3266 mcs |= RT2860_PHY_SHPRE; 3267 } else 3268 mcs |= RT2860_PHY_OFDM; 3269 txwi->phy |= htole16(mcs); 3270 3271 /* check if RTS/CTS or CTS-to-self protection is required */ 3272 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3273 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3274 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3275 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3276 txwi->txop |= RT2860_TX_TXOP_HT; 3277 else 3278 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3279 3280 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3281 txwi->xflags |= RT2860_TX_NSEQ; 3282 } 3283 3284 /* This function must be called locked */ 3285 static int 3286 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3287 { 3288 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3289 struct ieee80211vap *vap = ni->ni_vap; 3290 struct ieee80211_frame *wh; 3291 struct ieee80211_channel *chan; 3292 const struct ieee80211_txparam *tp; 3293 struct run_node *rn = (void *)ni; 3294 struct run_tx_data *data; 3295 struct rt2870_txd *txd; 3296 struct rt2860_txwi *txwi; 3297 uint16_t qos; 3298 uint16_t dur; 3299 uint16_t qid; 3300 uint8_t type; 3301 uint8_t tid; 3302 uint8_t ridx; 3303 uint8_t ctl_ridx; 3304 uint8_t qflags; 3305 uint8_t xflags = 0; 3306 int hasqos; 3307 3308 #if 0 /* XXX swildner: lock needed? */ 3309 RUN_LOCK_ASSERT(sc, MA_OWNED); 3310 #endif 3311 3312 wh = mtod(m, struct ieee80211_frame *); 3313 3314 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3315 3316 /* 3317 * There are 7 bulk endpoints: 1 for RX 3318 * and 6 for TX (4 EDCAs + HCCA + Prio). 3319 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3320 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3321 */ 3322 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3323 uint8_t *frm; 3324 3325 if(IEEE80211_HAS_ADDR4(wh)) 3326 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3327 else 3328 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3329 3330 qos = le16toh(*(const uint16_t *)frm); 3331 tid = qos & IEEE80211_QOS_TID; 3332 qid = TID_TO_WME_AC(tid); 3333 } else { 3334 qos = 0; 3335 tid = 0; 3336 qid = WME_AC_BE; 3337 } 3338 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3339 3340 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3341 qos, qid, tid, qflags); 3342 3343 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3344 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3345 3346 /* pickup a rate index */ 3347 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3348 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3349 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3350 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3351 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3352 } else { 3353 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3354 ridx = rn->fix_ridx; 3355 else 3356 ridx = rn->amrr_ridx; 3357 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3358 } 3359 3360 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3361 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3362 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3363 xflags |= RT2860_TX_ACK; 3364 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3365 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3366 else 3367 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3368 USETW(wh->i_dur, dur); 3369 } 3370 3371 /* reserve slots for mgmt packets, just in case */ 3372 if (sc->sc_epq[qid].tx_nfree < 3) { 3373 DPRINTFN(10, "tx ring %d is full\n", qid); 3374 return (-1); 3375 } 3376 3377 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3378 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3379 sc->sc_epq[qid].tx_nfree--; 3380 3381 txd = (struct rt2870_txd *)&data->desc; 3382 txd->flags = qflags; 3383 txwi = (struct rt2860_txwi *)(txd + 1); 3384 txwi->xflags = xflags; 3385 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3386 txwi->wcid = 0; 3387 else 3388 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3389 1 : RUN_AID2WCID(ni->ni_associd); 3390 3391 /* clear leftover garbage bits */ 3392 txwi->flags = 0; 3393 txwi->txop = 0; 3394 3395 data->m = m; 3396 data->ni = ni; 3397 data->ridx = ridx; 3398 3399 run_set_tx_desc(sc, data); 3400 3401 /* 3402 * The chip keeps track of 2 kind of Tx stats, 3403 * * TX_STAT_FIFO, for per WCID stats, and 3404 * * TX_STA_CNT0 for all-TX-in-one stats. 3405 * 3406 * To use FIFO stats, we need to store MCS into the driver-private 3407 * PacketID field. So that, we can tell whose stats when we read them. 3408 * We add 1 to the MCS because setting the PacketID field to 0 means 3409 * that we don't want feedback in TX_STAT_FIFO. 3410 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3411 * 3412 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3413 */ 3414 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3415 vap->iv_opmode == IEEE80211_M_MBSS) { 3416 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3417 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3418 3419 /* 3420 * Unlike PCI based devices, we don't get any interrupt from 3421 * USB devices, so we simulate FIFO-is-full interrupt here. 3422 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3423 * quickly get fulled. To prevent overflow, increment a counter on 3424 * every FIFO stat request, so we know how many slots are left. 3425 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3426 * are used only in those modes. 3427 * We just drain stats. AMRR gets updated every 1 sec by 3428 * run_ratectl_cb() via callout. 3429 * Call it early. Otherwise overflow. 3430 */ 3431 if (sc->fifo_cnt++ == 10) { 3432 /* 3433 * With multiple vaps or if_bridge, if_start() is called 3434 * with a non-sleepable lock, tcpinp. So, need to defer. 3435 */ 3436 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3437 DPRINTFN(6, "cmdq_store=%d\n", i); 3438 sc->cmdq[i].func = run_drain_fifo; 3439 sc->cmdq[i].arg0 = sc; 3440 ieee80211_runtask(ic, &sc->cmdq_task); 3441 } 3442 } 3443 3444 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3445 3446 RUN_LOCK(sc); 3447 usbd_transfer_start(sc->sc_xfer[qid]); 3448 RUN_UNLOCK(sc); 3449 3450 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3451 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3452 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3453 3454 return (0); 3455 } 3456 3457 static int 3458 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3459 { 3460 struct ifnet *ifp = sc->sc_ifp; 3461 struct ieee80211com *ic = ifp->if_l2com; 3462 struct run_node *rn = (void *)ni; 3463 struct run_tx_data *data; 3464 struct ieee80211_frame *wh; 3465 struct rt2870_txd *txd; 3466 struct rt2860_txwi *txwi; 3467 uint16_t dur; 3468 uint8_t ridx = rn->mgt_ridx; 3469 uint8_t type; 3470 uint8_t xflags = 0; 3471 uint8_t wflags = 0; 3472 3473 RUN_LOCK_ASSERT(sc, MA_OWNED); 3474 3475 wh = mtod(m, struct ieee80211_frame *); 3476 3477 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3478 3479 /* tell hardware to add timestamp for probe responses */ 3480 if ((wh->i_fc[0] & 3481 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3482 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3483 wflags |= RT2860_TX_TS; 3484 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3485 xflags |= RT2860_TX_ACK; 3486 3487 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3488 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3489 USETW(wh->i_dur, dur); 3490 } 3491 3492 if (sc->sc_epq[0].tx_nfree == 0) { 3493 /* let caller free mbuf */ 3494 ifq_set_oactive(&ifp->if_snd); 3495 return (EIO); 3496 } 3497 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3498 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3499 sc->sc_epq[0].tx_nfree--; 3500 3501 txd = (struct rt2870_txd *)&data->desc; 3502 txd->flags = RT2860_TX_QSEL_EDCA; 3503 txwi = (struct rt2860_txwi *)(txd + 1); 3504 txwi->wcid = 0xff; 3505 txwi->flags = wflags; 3506 txwi->xflags = xflags; 3507 txwi->txop = 0; /* clear leftover garbage bits */ 3508 3509 data->m = m; 3510 data->ni = ni; 3511 data->ridx = ridx; 3512 3513 run_set_tx_desc(sc, data); 3514 3515 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3516 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3517 rt2860_rates[ridx].rate); 3518 3519 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3520 3521 usbd_transfer_start(sc->sc_xfer[0]); 3522 3523 return (0); 3524 } 3525 3526 static int 3527 run_sendprot(struct run_softc *sc, 3528 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3529 { 3530 struct ieee80211com *ic = ni->ni_ic; 3531 struct ieee80211_frame *wh; 3532 struct run_tx_data *data; 3533 struct rt2870_txd *txd; 3534 struct rt2860_txwi *txwi; 3535 struct mbuf *mprot; 3536 int ridx; 3537 int protrate; 3538 int ackrate; 3539 int pktlen; 3540 int isshort; 3541 uint16_t dur; 3542 uint8_t type; 3543 uint8_t wflags = 0; 3544 uint8_t xflags = 0; 3545 3546 RUN_LOCK_ASSERT(sc, MA_OWNED); 3547 3548 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3549 ("protection %d", prot)); 3550 3551 wh = mtod(m, struct ieee80211_frame *); 3552 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3553 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3554 3555 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3556 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3557 3558 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3559 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3560 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3561 wflags = RT2860_TX_FRAG; 3562 3563 /* check that there are free slots before allocating the mbuf */ 3564 if (sc->sc_epq[0].tx_nfree == 0) { 3565 /* let caller free mbuf */ 3566 ifq_set_oactive(&sc->sc_ifp->if_snd); 3567 return (ENOBUFS); 3568 } 3569 3570 if (prot == IEEE80211_PROT_RTSCTS) { 3571 /* NB: CTS is the same size as an ACK */ 3572 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3573 xflags |= RT2860_TX_ACK; 3574 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3575 } else { 3576 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3577 } 3578 if (mprot == NULL) { 3579 sc->sc_ifp->if_oerrors++; 3580 DPRINTF("could not allocate mbuf\n"); 3581 return (ENOBUFS); 3582 } 3583 3584 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3585 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3586 sc->sc_epq[0].tx_nfree--; 3587 3588 txd = (struct rt2870_txd *)&data->desc; 3589 txd->flags = RT2860_TX_QSEL_EDCA; 3590 txwi = (struct rt2860_txwi *)(txd + 1); 3591 txwi->wcid = 0xff; 3592 txwi->flags = wflags; 3593 txwi->xflags = xflags; 3594 txwi->txop = 0; /* clear leftover garbage bits */ 3595 3596 data->m = mprot; 3597 data->ni = ieee80211_ref_node(ni); 3598 3599 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3600 if (rt2860_rates[ridx].rate == protrate) 3601 break; 3602 data->ridx = ridx; 3603 3604 run_set_tx_desc(sc, data); 3605 3606 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3607 m->m_pkthdr.len, rate); 3608 3609 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3610 3611 usbd_transfer_start(sc->sc_xfer[0]); 3612 3613 return (0); 3614 } 3615 3616 static int 3617 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3618 const struct ieee80211_bpf_params *params) 3619 { 3620 struct ieee80211com *ic = ni->ni_ic; 3621 struct ieee80211_frame *wh; 3622 struct run_tx_data *data; 3623 struct rt2870_txd *txd; 3624 struct rt2860_txwi *txwi; 3625 uint8_t type; 3626 uint8_t ridx; 3627 uint8_t rate; 3628 uint8_t opflags = 0; 3629 uint8_t xflags = 0; 3630 int error; 3631 3632 RUN_LOCK_ASSERT(sc, MA_OWNED); 3633 3634 KASSERT(params != NULL, ("no raw xmit params")); 3635 3636 wh = mtod(m, struct ieee80211_frame *); 3637 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3638 3639 rate = params->ibp_rate0; 3640 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3641 /* let caller free mbuf */ 3642 return (EINVAL); 3643 } 3644 3645 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3646 xflags |= RT2860_TX_ACK; 3647 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3648 error = run_sendprot(sc, m, ni, 3649 params->ibp_flags & IEEE80211_BPF_RTS ? 3650 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3651 rate); 3652 if (error) { 3653 /* let caller free mbuf */ 3654 return error; 3655 } 3656 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3657 } 3658 3659 if (sc->sc_epq[0].tx_nfree == 0) { 3660 /* let caller free mbuf */ 3661 ifq_set_oactive(&sc->sc_ifp->if_snd); 3662 DPRINTF("sending raw frame, but tx ring is full\n"); 3663 return (EIO); 3664 } 3665 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3666 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3667 sc->sc_epq[0].tx_nfree--; 3668 3669 txd = (struct rt2870_txd *)&data->desc; 3670 txd->flags = RT2860_TX_QSEL_EDCA; 3671 txwi = (struct rt2860_txwi *)(txd + 1); 3672 txwi->wcid = 0xff; 3673 txwi->xflags = xflags; 3674 txwi->txop = opflags; 3675 txwi->flags = 0; /* clear leftover garbage bits */ 3676 3677 data->m = m; 3678 data->ni = ni; 3679 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3680 if (rt2860_rates[ridx].rate == rate) 3681 break; 3682 data->ridx = ridx; 3683 3684 run_set_tx_desc(sc, data); 3685 3686 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3687 m->m_pkthdr.len, rate); 3688 3689 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3690 3691 usbd_transfer_start(sc->sc_xfer[0]); 3692 3693 return (0); 3694 } 3695 3696 static int 3697 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3698 const struct ieee80211_bpf_params *params) 3699 { 3700 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3701 struct run_softc *sc = ifp->if_softc; 3702 int error = 0; 3703 3704 RUN_LOCK(sc); 3705 3706 /* prevent management frames from being sent if we're not ready */ 3707 if (!(ifp->if_flags & IFF_RUNNING)) { 3708 error = ENETDOWN; 3709 goto done; 3710 } 3711 3712 if (params == NULL) { 3713 /* tx mgt packet */ 3714 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3715 ifp->if_oerrors++; 3716 DPRINTF("mgt tx failed\n"); 3717 goto done; 3718 } 3719 } else { 3720 /* tx raw packet with param */ 3721 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3722 ifp->if_oerrors++; 3723 DPRINTF("tx with param failed\n"); 3724 goto done; 3725 } 3726 } 3727 3728 ifp->if_opackets++; 3729 3730 done: 3731 RUN_UNLOCK(sc); 3732 3733 if (error != 0) { 3734 if(m != NULL) 3735 m_freem(m); 3736 ieee80211_free_node(ni); 3737 } 3738 3739 return (error); 3740 } 3741 3742 static void 3743 run_start(struct ifnet *ifp, struct ifaltq_subque *ifsq) 3744 { 3745 struct run_softc *sc = ifp->if_softc; 3746 struct ieee80211_node *ni; 3747 struct mbuf *m = NULL; 3748 3749 #if 0 3750 ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq); 3751 #endif 3752 if ((ifp->if_flags & IFF_RUNNING) == 0) 3753 return; 3754 3755 RUN_LOCK(sc); 3756 for (;;) { 3757 /* send data frames */ 3758 m = ifq_dequeue(&ifp->if_snd); 3759 if (m == NULL) 3760 break; 3761 3762 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3763 if (run_tx(sc, m, ni) != 0) { 3764 ifq_prepend(&ifp->if_snd, m); 3765 ifq_set_oactive(&ifp->if_snd); 3766 break; 3767 } 3768 } 3769 RUN_UNLOCK(sc); 3770 } 3771 3772 static int 3773 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 3774 { 3775 struct run_softc *sc = ifp->if_softc; 3776 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3777 struct ifreq *ifr = (struct ifreq *) data; 3778 int startall = 0; 3779 int error; 3780 3781 RUN_LOCK(sc); 3782 error = sc->sc_detached ? ENXIO : 0; 3783 RUN_UNLOCK(sc); 3784 if (error) 3785 return (error); 3786 3787 switch (cmd) { 3788 case SIOCSIFFLAGS: 3789 RUN_LOCK(sc); 3790 if (ifp->if_flags & IFF_UP) { 3791 if (!(ifp->if_flags & IFF_RUNNING)){ 3792 startall = 1; 3793 run_init_locked(sc); 3794 } else 3795 run_update_promisc_locked(ifp); 3796 } else { 3797 if (ifp->if_flags & IFF_RUNNING && 3798 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3799 run_stop(sc); 3800 } 3801 } 3802 RUN_UNLOCK(sc); 3803 if (startall) 3804 ieee80211_start_all(ic); 3805 break; 3806 case SIOCGIFMEDIA: 3807 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3808 break; 3809 case SIOCGIFADDR: 3810 error = ether_ioctl(ifp, cmd, data); 3811 break; 3812 default: 3813 error = EINVAL; 3814 break; 3815 } 3816 3817 return (error); 3818 } 3819 3820 static void 3821 run_iq_calib(struct run_softc *sc, u_int chan) 3822 { 3823 uint16_t val; 3824 3825 /* Tx0 IQ gain. */ 3826 run_bbp_write(sc, 158, 0x2c); 3827 if (chan <= 14) 3828 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3829 else if (chan <= 64) { 3830 run_efuse_read(sc, 3831 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3832 &val, 1); 3833 } else if (chan <= 138) { 3834 run_efuse_read(sc, 3835 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3836 &val, 1); 3837 } else if (chan <= 165) { 3838 run_efuse_read(sc, 3839 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3840 &val, 1); 3841 } else 3842 val = 0; 3843 run_bbp_write(sc, 159, val); 3844 3845 /* Tx0 IQ phase. */ 3846 run_bbp_write(sc, 158, 0x2d); 3847 if (chan <= 14) { 3848 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3849 &val, 1); 3850 } else if (chan <= 64) { 3851 run_efuse_read(sc, 3852 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3853 &val, 1); 3854 } else if (chan <= 138) { 3855 run_efuse_read(sc, 3856 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3857 &val, 1); 3858 } else if (chan <= 165) { 3859 run_efuse_read(sc, 3860 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3861 &val, 1); 3862 } else 3863 val = 0; 3864 run_bbp_write(sc, 159, val); 3865 3866 /* Tx1 IQ gain. */ 3867 run_bbp_write(sc, 158, 0x4a); 3868 if (chan <= 14) { 3869 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3870 &val, 1); 3871 } else if (chan <= 64) { 3872 run_efuse_read(sc, 3873 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3874 &val, 1); 3875 } else if (chan <= 138) { 3876 run_efuse_read(sc, 3877 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3878 &val, 1); 3879 } else if (chan <= 165) { 3880 run_efuse_read(sc, 3881 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3882 &val, 1); 3883 } else 3884 val = 0; 3885 run_bbp_write(sc, 159, val); 3886 3887 /* Tx1 IQ phase. */ 3888 run_bbp_write(sc, 158, 0x4b); 3889 if (chan <= 14) { 3890 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3891 &val, 1); 3892 } else if (chan <= 64) { 3893 run_efuse_read(sc, 3894 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3895 &val, 1); 3896 } else if (chan <= 138) { 3897 run_efuse_read(sc, 3898 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3899 &val, 1); 3900 } else if (chan <= 165) { 3901 run_efuse_read(sc, 3902 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3903 &val, 1); 3904 } else 3905 val = 0; 3906 run_bbp_write(sc, 159, val); 3907 3908 /* RF IQ compensation control. */ 3909 run_bbp_write(sc, 158, 0x04); 3910 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3911 &val, 1); 3912 run_bbp_write(sc, 159, val); 3913 3914 /* RF IQ imbalance compensation control. */ 3915 run_bbp_write(sc, 158, 0x03); 3916 run_efuse_read(sc, 3917 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3918 run_bbp_write(sc, 159, val); 3919 } 3920 3921 static void 3922 run_set_agc(struct run_softc *sc, uint8_t agc) 3923 { 3924 uint8_t bbp; 3925 3926 if (sc->mac_ver == 0x3572) { 3927 run_bbp_read(sc, 27, &bbp); 3928 bbp &= ~(0x3 << 5); 3929 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3930 run_bbp_write(sc, 66, agc); 3931 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3932 run_bbp_write(sc, 66, agc); 3933 } else 3934 run_bbp_write(sc, 66, agc); 3935 } 3936 3937 static void 3938 run_select_chan_group(struct run_softc *sc, int group) 3939 { 3940 uint32_t tmp; 3941 uint8_t agc; 3942 3943 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3944 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3945 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3946 if (sc->mac_ver < 0x3572) 3947 run_bbp_write(sc, 86, 0x00); 3948 3949 if (sc->mac_ver == 0x3593) { 3950 run_bbp_write(sc, 77, 0x98); 3951 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3952 } 3953 3954 if (group == 0) { 3955 if (sc->ext_2ghz_lna) { 3956 if (sc->mac_ver >= 0x5390) 3957 run_bbp_write(sc, 75, 0x52); 3958 else { 3959 run_bbp_write(sc, 82, 0x62); 3960 run_bbp_write(sc, 75, 0x46); 3961 } 3962 } else { 3963 if (sc->mac_ver == 0x5592) { 3964 run_bbp_write(sc, 79, 0x1c); 3965 run_bbp_write(sc, 80, 0x0e); 3966 run_bbp_write(sc, 81, 0x3a); 3967 run_bbp_write(sc, 82, 0x62); 3968 3969 run_bbp_write(sc, 195, 0x80); 3970 run_bbp_write(sc, 196, 0xe0); 3971 run_bbp_write(sc, 195, 0x81); 3972 run_bbp_write(sc, 196, 0x1f); 3973 run_bbp_write(sc, 195, 0x82); 3974 run_bbp_write(sc, 196, 0x38); 3975 run_bbp_write(sc, 195, 0x83); 3976 run_bbp_write(sc, 196, 0x32); 3977 run_bbp_write(sc, 195, 0x85); 3978 run_bbp_write(sc, 196, 0x28); 3979 run_bbp_write(sc, 195, 0x86); 3980 run_bbp_write(sc, 196, 0x19); 3981 } else if (sc->mac_ver >= 0x5390) 3982 run_bbp_write(sc, 75, 0x50); 3983 else { 3984 run_bbp_write(sc, 82, 3985 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3986 run_bbp_write(sc, 75, 0x50); 3987 } 3988 } 3989 } else { 3990 if (sc->mac_ver == 0x5592) { 3991 run_bbp_write(sc, 79, 0x18); 3992 run_bbp_write(sc, 80, 0x08); 3993 run_bbp_write(sc, 81, 0x38); 3994 run_bbp_write(sc, 82, 0x92); 3995 3996 run_bbp_write(sc, 195, 0x80); 3997 run_bbp_write(sc, 196, 0xf0); 3998 run_bbp_write(sc, 195, 0x81); 3999 run_bbp_write(sc, 196, 0x1e); 4000 run_bbp_write(sc, 195, 0x82); 4001 run_bbp_write(sc, 196, 0x28); 4002 run_bbp_write(sc, 195, 0x83); 4003 run_bbp_write(sc, 196, 0x20); 4004 run_bbp_write(sc, 195, 0x85); 4005 run_bbp_write(sc, 196, 0x7f); 4006 run_bbp_write(sc, 195, 0x86); 4007 run_bbp_write(sc, 196, 0x7f); 4008 } else if (sc->mac_ver == 0x3572) 4009 run_bbp_write(sc, 82, 0x94); 4010 else 4011 run_bbp_write(sc, 82, 4012 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4013 if (sc->ext_5ghz_lna) 4014 run_bbp_write(sc, 75, 0x46); 4015 else 4016 run_bbp_write(sc, 75, 0x50); 4017 } 4018 4019 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4020 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4021 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4022 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4023 4024 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4025 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4026 if (sc->mac_ver == 0x3593) 4027 tmp |= 1 << 29 | 1 << 28; 4028 if (sc->nrxchains > 1) 4029 tmp |= RT2860_LNA_PE1_EN; 4030 if (group == 0) { /* 2GHz */ 4031 tmp |= RT2860_PA_PE_G0_EN; 4032 if (sc->ntxchains > 1) 4033 tmp |= RT2860_PA_PE_G1_EN; 4034 if (sc->mac_ver == 0x3593) { 4035 if (sc->ntxchains > 2) 4036 tmp |= 1 << 25; 4037 } 4038 } else { /* 5GHz */ 4039 tmp |= RT2860_PA_PE_A0_EN; 4040 if (sc->ntxchains > 1) 4041 tmp |= RT2860_PA_PE_A1_EN; 4042 } 4043 if (sc->mac_ver == 0x3572) { 4044 run_rt3070_rf_write(sc, 8, 0x00); 4045 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4046 run_rt3070_rf_write(sc, 8, 0x80); 4047 } else 4048 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4049 4050 if (sc->mac_ver == 0x5592) { 4051 run_bbp_write(sc, 195, 0x8d); 4052 run_bbp_write(sc, 196, 0x1a); 4053 } 4054 4055 if (sc->mac_ver == 0x3593) { 4056 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4057 tmp &= ~0x01010000; 4058 if (group == 0) 4059 tmp |= 0x00010000; 4060 tmp = (tmp & ~0x00009090) | 0x00000090; 4061 run_write(sc, RT2860_GPIO_CTRL, tmp); 4062 } 4063 4064 /* set initial AGC value */ 4065 if (group == 0) { /* 2GHz band */ 4066 if (sc->mac_ver >= 0x3070) 4067 agc = 0x1c + sc->lna[0] * 2; 4068 else 4069 agc = 0x2e + sc->lna[0]; 4070 } else { /* 5GHz band */ 4071 if (sc->mac_ver == 0x5592) 4072 agc = 0x24 + sc->lna[group] * 2; 4073 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4074 agc = 0x22 + (sc->lna[group] * 5) / 3; 4075 else 4076 agc = 0x32 + (sc->lna[group] * 5) / 3; 4077 } 4078 run_set_agc(sc, agc); 4079 } 4080 4081 static void 4082 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4083 { 4084 const struct rfprog *rfprog = rt2860_rf2850; 4085 uint32_t r2, r3, r4; 4086 int8_t txpow1, txpow2; 4087 int i; 4088 4089 /* find the settings for this channel (we know it exists) */ 4090 for (i = 0; rfprog[i].chan != chan; i++); 4091 4092 r2 = rfprog[i].r2; 4093 if (sc->ntxchains == 1) 4094 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4095 if (sc->nrxchains == 1) 4096 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4097 else if (sc->nrxchains == 2) 4098 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4099 4100 /* use Tx power values from EEPROM */ 4101 txpow1 = sc->txpow1[i]; 4102 txpow2 = sc->txpow2[i]; 4103 4104 /* Initialize RF R3 and R4. */ 4105 r3 = rfprog[i].r3 & 0xffffc1ff; 4106 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4107 if (chan > 14) { 4108 if (txpow1 >= 0) { 4109 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4110 r3 |= (txpow1 << 10) | (1 << 9); 4111 } else { 4112 txpow1 += 7; 4113 4114 /* txpow1 is not possible larger than 15. */ 4115 r3 |= (txpow1 << 10); 4116 } 4117 if (txpow2 >= 0) { 4118 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4119 r4 |= (txpow2 << 7) | (1 << 6); 4120 } else { 4121 txpow2 += 7; 4122 r4 |= (txpow2 << 7); 4123 } 4124 } else { 4125 /* Set Tx0 power. */ 4126 r3 |= (txpow1 << 9); 4127 4128 /* Set frequency offset and Tx1 power. */ 4129 r4 |= (txpow2 << 6); 4130 } 4131 4132 run_rt2870_rf_write(sc, rfprog[i].r1); 4133 run_rt2870_rf_write(sc, r2); 4134 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4135 run_rt2870_rf_write(sc, r4); 4136 4137 run_delay(sc, 10); 4138 4139 run_rt2870_rf_write(sc, rfprog[i].r1); 4140 run_rt2870_rf_write(sc, r2); 4141 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4142 run_rt2870_rf_write(sc, r4); 4143 4144 run_delay(sc, 10); 4145 4146 run_rt2870_rf_write(sc, rfprog[i].r1); 4147 run_rt2870_rf_write(sc, r2); 4148 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4149 run_rt2870_rf_write(sc, r4); 4150 } 4151 4152 static void 4153 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4154 { 4155 int8_t txpow1, txpow2; 4156 uint8_t rf; 4157 int i; 4158 4159 /* find the settings for this channel (we know it exists) */ 4160 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4161 4162 /* use Tx power values from EEPROM */ 4163 txpow1 = sc->txpow1[i]; 4164 txpow2 = sc->txpow2[i]; 4165 4166 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4167 4168 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4169 run_rt3070_rf_read(sc, 3, &rf); 4170 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4171 run_rt3070_rf_write(sc, 3, rf); 4172 4173 run_rt3070_rf_read(sc, 6, &rf); 4174 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4175 run_rt3070_rf_write(sc, 6, rf); 4176 4177 /* set Tx0 power */ 4178 run_rt3070_rf_read(sc, 12, &rf); 4179 rf = (rf & ~0x1f) | txpow1; 4180 run_rt3070_rf_write(sc, 12, rf); 4181 4182 /* set Tx1 power */ 4183 run_rt3070_rf_read(sc, 13, &rf); 4184 rf = (rf & ~0x1f) | txpow2; 4185 run_rt3070_rf_write(sc, 13, rf); 4186 4187 run_rt3070_rf_read(sc, 1, &rf); 4188 rf &= ~0xfc; 4189 if (sc->ntxchains == 1) 4190 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4191 else if (sc->ntxchains == 2) 4192 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4193 if (sc->nrxchains == 1) 4194 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4195 else if (sc->nrxchains == 2) 4196 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4197 run_rt3070_rf_write(sc, 1, rf); 4198 4199 /* set RF offset */ 4200 run_rt3070_rf_read(sc, 23, &rf); 4201 rf = (rf & ~0x7f) | sc->freq; 4202 run_rt3070_rf_write(sc, 23, rf); 4203 4204 /* program RF filter */ 4205 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4206 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4207 run_rt3070_rf_write(sc, 24, rf); 4208 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4209 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4210 run_rt3070_rf_write(sc, 31, rf); 4211 4212 /* enable RF tuning */ 4213 run_rt3070_rf_read(sc, 7, &rf); 4214 run_rt3070_rf_write(sc, 7, rf | 0x01); 4215 } 4216 4217 static void 4218 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4219 { 4220 int8_t txpow1, txpow2; 4221 uint32_t tmp; 4222 uint8_t rf; 4223 int i; 4224 4225 /* find the settings for this channel (we know it exists) */ 4226 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4227 4228 /* use Tx power values from EEPROM */ 4229 txpow1 = sc->txpow1[i]; 4230 txpow2 = sc->txpow2[i]; 4231 4232 if (chan <= 14) { 4233 run_bbp_write(sc, 25, sc->bbp25); 4234 run_bbp_write(sc, 26, sc->bbp26); 4235 } else { 4236 /* enable IQ phase correction */ 4237 run_bbp_write(sc, 25, 0x09); 4238 run_bbp_write(sc, 26, 0xff); 4239 } 4240 4241 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4242 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4243 run_rt3070_rf_read(sc, 6, &rf); 4244 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4245 rf |= (chan <= 14) ? 0x08 : 0x04; 4246 run_rt3070_rf_write(sc, 6, rf); 4247 4248 /* set PLL mode */ 4249 run_rt3070_rf_read(sc, 5, &rf); 4250 rf &= ~(0x08 | 0x04); 4251 rf |= (chan <= 14) ? 0x04 : 0x08; 4252 run_rt3070_rf_write(sc, 5, rf); 4253 4254 /* set Tx power for chain 0 */ 4255 if (chan <= 14) 4256 rf = 0x60 | txpow1; 4257 else 4258 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4259 run_rt3070_rf_write(sc, 12, rf); 4260 4261 /* set Tx power for chain 1 */ 4262 if (chan <= 14) 4263 rf = 0x60 | txpow2; 4264 else 4265 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4266 run_rt3070_rf_write(sc, 13, rf); 4267 4268 /* set Tx/Rx streams */ 4269 run_rt3070_rf_read(sc, 1, &rf); 4270 rf &= ~0xfc; 4271 if (sc->ntxchains == 1) 4272 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4273 else if (sc->ntxchains == 2) 4274 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4275 if (sc->nrxchains == 1) 4276 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4277 else if (sc->nrxchains == 2) 4278 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4279 run_rt3070_rf_write(sc, 1, rf); 4280 4281 /* set RF offset */ 4282 run_rt3070_rf_read(sc, 23, &rf); 4283 rf = (rf & ~0x7f) | sc->freq; 4284 run_rt3070_rf_write(sc, 23, rf); 4285 4286 /* program RF filter */ 4287 rf = sc->rf24_20mhz; 4288 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4289 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4290 4291 /* enable RF tuning */ 4292 run_rt3070_rf_read(sc, 7, &rf); 4293 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4294 run_rt3070_rf_write(sc, 7, rf); 4295 4296 /* TSSI */ 4297 rf = (chan <= 14) ? 0xc3 : 0xc0; 4298 run_rt3070_rf_write(sc, 9, rf); 4299 4300 /* set loop filter 1 */ 4301 run_rt3070_rf_write(sc, 10, 0xf1); 4302 /* set loop filter 2 */ 4303 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4304 4305 /* set tx_mx2_ic */ 4306 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4307 /* set tx_mx1_ic */ 4308 if (chan <= 14) 4309 rf = 0x48 | sc->txmixgain_2ghz; 4310 else 4311 rf = 0x78 | sc->txmixgain_5ghz; 4312 run_rt3070_rf_write(sc, 16, rf); 4313 4314 /* set tx_lo1 */ 4315 run_rt3070_rf_write(sc, 17, 0x23); 4316 /* set tx_lo2 */ 4317 if (chan <= 14) 4318 rf = 0x93; 4319 else if (chan <= 64) 4320 rf = 0xb7; 4321 else if (chan <= 128) 4322 rf = 0x74; 4323 else 4324 rf = 0x72; 4325 run_rt3070_rf_write(sc, 19, rf); 4326 4327 /* set rx_lo1 */ 4328 if (chan <= 14) 4329 rf = 0xb3; 4330 else if (chan <= 64) 4331 rf = 0xf6; 4332 else if (chan <= 128) 4333 rf = 0xf4; 4334 else 4335 rf = 0xf3; 4336 run_rt3070_rf_write(sc, 20, rf); 4337 4338 /* set pfd_delay */ 4339 if (chan <= 14) 4340 rf = 0x15; 4341 else if (chan <= 64) 4342 rf = 0x3d; 4343 else 4344 rf = 0x01; 4345 run_rt3070_rf_write(sc, 25, rf); 4346 4347 /* set rx_lo2 */ 4348 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4349 /* set ldo_rf_vc */ 4350 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4351 /* set drv_cc */ 4352 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4353 4354 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4355 tmp &= ~0x8080; 4356 if (chan <= 14) 4357 tmp |= 0x80; 4358 run_write(sc, RT2860_GPIO_CTRL, tmp); 4359 4360 /* enable RF tuning */ 4361 run_rt3070_rf_read(sc, 7, &rf); 4362 run_rt3070_rf_write(sc, 7, rf | 0x01); 4363 4364 run_delay(sc, 2); 4365 } 4366 4367 static void 4368 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4369 { 4370 int8_t txpow1, txpow2, txpow3; 4371 uint8_t h20mhz, rf; 4372 int i; 4373 4374 /* find the settings for this channel (we know it exists) */ 4375 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4376 4377 /* use Tx power values from EEPROM */ 4378 txpow1 = sc->txpow1[i]; 4379 txpow2 = sc->txpow2[i]; 4380 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4381 4382 if (chan <= 14) { 4383 run_bbp_write(sc, 25, sc->bbp25); 4384 run_bbp_write(sc, 26, sc->bbp26); 4385 } else { 4386 /* Enable IQ phase correction. */ 4387 run_bbp_write(sc, 25, 0x09); 4388 run_bbp_write(sc, 26, 0xff); 4389 } 4390 4391 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4392 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4393 run_rt3070_rf_read(sc, 11, &rf); 4394 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4395 run_rt3070_rf_write(sc, 11, rf); 4396 4397 /* Set pll_idoh. */ 4398 run_rt3070_rf_read(sc, 11, &rf); 4399 rf &= ~0x4c; 4400 rf |= (chan <= 14) ? 0x44 : 0x48; 4401 run_rt3070_rf_write(sc, 11, rf); 4402 4403 if (chan <= 14) 4404 rf = txpow1 & 0x1f; 4405 else 4406 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4407 run_rt3070_rf_write(sc, 53, rf); 4408 4409 if (chan <= 14) 4410 rf = txpow2 & 0x1f; 4411 else 4412 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4413 run_rt3070_rf_write(sc, 55, rf); 4414 4415 if (chan <= 14) 4416 rf = txpow3 & 0x1f; 4417 else 4418 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4419 run_rt3070_rf_write(sc, 54, rf); 4420 4421 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4422 if (sc->ntxchains == 3) 4423 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4424 else 4425 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4426 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4427 run_rt3070_rf_write(sc, 1, rf); 4428 4429 run_adjust_freq_offset(sc); 4430 4431 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4432 4433 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4434 run_rt3070_rf_read(sc, 30, &rf); 4435 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4436 run_rt3070_rf_write(sc, 30, rf); 4437 4438 run_rt3070_rf_read(sc, 36, &rf); 4439 if (chan <= 14) 4440 rf |= 0x80; 4441 else 4442 rf &= ~0x80; 4443 run_rt3070_rf_write(sc, 36, rf); 4444 4445 /* Set vcolo_bs. */ 4446 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4447 /* Set pfd_delay. */ 4448 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4449 4450 /* Set vco bias current control. */ 4451 run_rt3070_rf_read(sc, 6, &rf); 4452 rf &= ~0xc0; 4453 if (chan <= 14) 4454 rf |= 0x40; 4455 else if (chan <= 128) 4456 rf |= 0x80; 4457 else 4458 rf |= 0x40; 4459 run_rt3070_rf_write(sc, 6, rf); 4460 4461 run_rt3070_rf_read(sc, 30, &rf); 4462 rf = (rf & ~0x18) | 0x10; 4463 run_rt3070_rf_write(sc, 30, rf); 4464 4465 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4466 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4467 4468 run_rt3070_rf_read(sc, 51, &rf); 4469 rf = (rf & ~0x03) | 0x01; 4470 run_rt3070_rf_write(sc, 51, rf); 4471 /* Set tx_mx1_cc. */ 4472 run_rt3070_rf_read(sc, 51, &rf); 4473 rf &= ~0x1c; 4474 rf |= (chan <= 14) ? 0x14 : 0x10; 4475 run_rt3070_rf_write(sc, 51, rf); 4476 /* Set tx_mx1_ic. */ 4477 run_rt3070_rf_read(sc, 51, &rf); 4478 rf &= ~0xe0; 4479 rf |= (chan <= 14) ? 0x60 : 0x40; 4480 run_rt3070_rf_write(sc, 51, rf); 4481 /* Set tx_lo1_ic. */ 4482 run_rt3070_rf_read(sc, 49, &rf); 4483 rf &= ~0x1c; 4484 rf |= (chan <= 14) ? 0x0c : 0x08; 4485 run_rt3070_rf_write(sc, 49, rf); 4486 /* Set tx_lo1_en. */ 4487 run_rt3070_rf_read(sc, 50, &rf); 4488 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4489 /* Set drv_cc. */ 4490 run_rt3070_rf_read(sc, 57, &rf); 4491 rf &= ~0xfc; 4492 rf |= (chan <= 14) ? 0x6c : 0x3c; 4493 run_rt3070_rf_write(sc, 57, rf); 4494 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4495 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4496 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4497 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4498 /* Enable VCO calibration. */ 4499 run_rt3070_rf_read(sc, 3, &rf); 4500 rf &= ~RT5390_VCOCAL; 4501 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4502 run_rt3070_rf_write(sc, 3, rf); 4503 4504 if (chan <= 14) 4505 rf = 0x23; 4506 else if (chan <= 64) 4507 rf = 0x36; 4508 else if (chan <= 128) 4509 rf = 0x32; 4510 else 4511 rf = 0x30; 4512 run_rt3070_rf_write(sc, 39, rf); 4513 if (chan <= 14) 4514 rf = 0xbb; 4515 else if (chan <= 64) 4516 rf = 0xeb; 4517 else if (chan <= 128) 4518 rf = 0xb3; 4519 else 4520 rf = 0x9b; 4521 run_rt3070_rf_write(sc, 45, rf); 4522 4523 /* Set FEQ/AEQ control. */ 4524 run_bbp_write(sc, 105, 0x34); 4525 } 4526 4527 static void 4528 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4529 { 4530 int8_t txpow1, txpow2; 4531 uint8_t rf; 4532 int i; 4533 4534 /* find the settings for this channel (we know it exists) */ 4535 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4536 4537 /* use Tx power values from EEPROM */ 4538 txpow1 = sc->txpow1[i]; 4539 txpow2 = sc->txpow2[i]; 4540 4541 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4542 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4543 run_rt3070_rf_read(sc, 11, &rf); 4544 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4545 run_rt3070_rf_write(sc, 11, rf); 4546 4547 run_rt3070_rf_read(sc, 49, &rf); 4548 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4549 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4550 if ((rf & 0x3f) > 0x27) 4551 rf = (rf & ~0x3f) | 0x27; 4552 run_rt3070_rf_write(sc, 49, rf); 4553 4554 if (sc->mac_ver == 0x5392) { 4555 run_rt3070_rf_read(sc, 50, &rf); 4556 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4557 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4558 if ((rf & 0x3f) > 0x27) 4559 rf = (rf & ~0x3f) | 0x27; 4560 run_rt3070_rf_write(sc, 50, rf); 4561 } 4562 4563 run_rt3070_rf_read(sc, 1, &rf); 4564 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4565 if (sc->mac_ver == 0x5392) 4566 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4567 run_rt3070_rf_write(sc, 1, rf); 4568 4569 if (sc->mac_ver != 0x5392) { 4570 run_rt3070_rf_read(sc, 2, &rf); 4571 rf |= 0x80; 4572 run_rt3070_rf_write(sc, 2, rf); 4573 run_delay(sc, 10); 4574 rf &= 0x7f; 4575 run_rt3070_rf_write(sc, 2, rf); 4576 } 4577 4578 run_adjust_freq_offset(sc); 4579 4580 if (sc->mac_ver == 0x5392) { 4581 /* Fix for RT5392C. */ 4582 if (sc->mac_rev >= 0x0223) { 4583 if (chan <= 4) 4584 rf = 0x0f; 4585 else if (chan >= 5 && chan <= 7) 4586 rf = 0x0e; 4587 else 4588 rf = 0x0d; 4589 run_rt3070_rf_write(sc, 23, rf); 4590 4591 if (chan <= 4) 4592 rf = 0x0c; 4593 else if (chan == 5) 4594 rf = 0x0b; 4595 else if (chan >= 6 && chan <= 7) 4596 rf = 0x0a; 4597 else if (chan >= 8 && chan <= 10) 4598 rf = 0x09; 4599 else 4600 rf = 0x08; 4601 run_rt3070_rf_write(sc, 59, rf); 4602 } else { 4603 if (chan <= 11) 4604 rf = 0x0f; 4605 else 4606 rf = 0x0b; 4607 run_rt3070_rf_write(sc, 59, rf); 4608 } 4609 } else { 4610 /* Fix for RT5390F. */ 4611 if (sc->mac_rev >= 0x0502) { 4612 if (chan <= 11) 4613 rf = 0x43; 4614 else 4615 rf = 0x23; 4616 run_rt3070_rf_write(sc, 55, rf); 4617 4618 if (chan <= 11) 4619 rf = 0x0f; 4620 else if (chan == 12) 4621 rf = 0x0d; 4622 else 4623 rf = 0x0b; 4624 run_rt3070_rf_write(sc, 59, rf); 4625 } else { 4626 run_rt3070_rf_write(sc, 55, 0x44); 4627 run_rt3070_rf_write(sc, 59, 0x8f); 4628 } 4629 } 4630 4631 /* Enable VCO calibration. */ 4632 run_rt3070_rf_read(sc, 3, &rf); 4633 rf |= RT5390_VCOCAL; 4634 run_rt3070_rf_write(sc, 3, rf); 4635 } 4636 4637 static void 4638 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4639 { 4640 const struct rt5592_freqs *freqs; 4641 uint32_t tmp; 4642 uint8_t reg, rf, txpow_bound; 4643 int8_t txpow1, txpow2; 4644 int i; 4645 4646 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4647 freqs = (tmp & RT5592_SEL_XTAL) ? 4648 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4649 4650 /* find the settings for this channel (we know it exists) */ 4651 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4652 4653 /* use Tx power values from EEPROM */ 4654 txpow1 = sc->txpow1[i]; 4655 txpow2 = sc->txpow2[i]; 4656 4657 run_read(sc, RT3070_LDO_CFG0, &tmp); 4658 tmp &= ~0x1c000000; 4659 if (chan > 14) 4660 tmp |= 0x14000000; 4661 run_write(sc, RT3070_LDO_CFG0, tmp); 4662 4663 /* N setting. */ 4664 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4665 run_rt3070_rf_read(sc, 9, &rf); 4666 rf &= ~(1 << 4); 4667 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4668 run_rt3070_rf_write(sc, 9, rf); 4669 4670 /* K setting. */ 4671 run_rt3070_rf_read(sc, 9, &rf); 4672 rf &= ~0x0f; 4673 rf |= (freqs->k & 0x0f); 4674 run_rt3070_rf_write(sc, 9, rf); 4675 4676 /* Mode setting. */ 4677 run_rt3070_rf_read(sc, 11, &rf); 4678 rf &= ~0x0c; 4679 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4680 run_rt3070_rf_write(sc, 11, rf); 4681 run_rt3070_rf_read(sc, 9, &rf); 4682 rf &= ~(1 << 7); 4683 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4684 run_rt3070_rf_write(sc, 9, rf); 4685 4686 /* R setting. */ 4687 run_rt3070_rf_read(sc, 11, &rf); 4688 rf &= ~0x03; 4689 rf |= (freqs->r - 0x1); 4690 run_rt3070_rf_write(sc, 11, rf); 4691 4692 if (chan <= 14) { 4693 /* Initialize RF registers for 2GHZ. */ 4694 for (i = 0; i < NELEM(rt5592_2ghz_def_rf); i++) { 4695 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4696 rt5592_2ghz_def_rf[i].val); 4697 } 4698 4699 rf = (chan <= 10) ? 0x07 : 0x06; 4700 run_rt3070_rf_write(sc, 23, rf); 4701 run_rt3070_rf_write(sc, 59, rf); 4702 4703 run_rt3070_rf_write(sc, 55, 0x43); 4704 4705 /* 4706 * RF R49/R50 Tx power ALC code. 4707 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4708 */ 4709 reg = 2; 4710 txpow_bound = 0x27; 4711 } else { 4712 /* Initialize RF registers for 5GHZ. */ 4713 for (i = 0; i < NELEM(rt5592_5ghz_def_rf); i++) { 4714 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4715 rt5592_5ghz_def_rf[i].val); 4716 } 4717 for (i = 0; i < NELEM(rt5592_chan_5ghz); i++) { 4718 if (chan >= rt5592_chan_5ghz[i].firstchan && 4719 chan <= rt5592_chan_5ghz[i].lastchan) { 4720 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4721 rt5592_chan_5ghz[i].val); 4722 } 4723 } 4724 4725 /* 4726 * RF R49/R50 Tx power ALC code. 4727 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4728 */ 4729 reg = 3; 4730 txpow_bound = 0x2b; 4731 } 4732 4733 /* RF R49 ch0 Tx power ALC code. */ 4734 run_rt3070_rf_read(sc, 49, &rf); 4735 rf &= ~0xc0; 4736 rf |= (reg << 6); 4737 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4738 if ((rf & 0x3f) > txpow_bound) 4739 rf = (rf & ~0x3f) | txpow_bound; 4740 run_rt3070_rf_write(sc, 49, rf); 4741 4742 /* RF R50 ch1 Tx power ALC code. */ 4743 run_rt3070_rf_read(sc, 50, &rf); 4744 rf &= ~(1 << 7 | 1 << 6); 4745 rf |= (reg << 6); 4746 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4747 if ((rf & 0x3f) > txpow_bound) 4748 rf = (rf & ~0x3f) | txpow_bound; 4749 run_rt3070_rf_write(sc, 50, rf); 4750 4751 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4752 run_rt3070_rf_read(sc, 1, &rf); 4753 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4754 if (sc->ntxchains > 1) 4755 rf |= RT3070_TX1_PD; 4756 if (sc->nrxchains > 1) 4757 rf |= RT3070_RX1_PD; 4758 run_rt3070_rf_write(sc, 1, rf); 4759 4760 run_rt3070_rf_write(sc, 6, 0xe4); 4761 4762 run_rt3070_rf_write(sc, 30, 0x10); 4763 run_rt3070_rf_write(sc, 31, 0x80); 4764 run_rt3070_rf_write(sc, 32, 0x80); 4765 4766 run_adjust_freq_offset(sc); 4767 4768 /* Enable VCO calibration. */ 4769 run_rt3070_rf_read(sc, 3, &rf); 4770 rf |= RT5390_VCOCAL; 4771 run_rt3070_rf_write(sc, 3, rf); 4772 } 4773 4774 static void 4775 run_set_rx_antenna(struct run_softc *sc, int aux) 4776 { 4777 uint32_t tmp; 4778 uint8_t bbp152; 4779 4780 if (aux) { 4781 if (sc->rf_rev == RT5390_RF_5370) { 4782 run_bbp_read(sc, 152, &bbp152); 4783 run_bbp_write(sc, 152, bbp152 & ~0x80); 4784 } else { 4785 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4786 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4787 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4788 } 4789 } else { 4790 if (sc->rf_rev == RT5390_RF_5370) { 4791 run_bbp_read(sc, 152, &bbp152); 4792 run_bbp_write(sc, 152, bbp152 | 0x80); 4793 } else { 4794 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4795 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4796 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4797 } 4798 } 4799 } 4800 4801 static int 4802 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4803 { 4804 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4805 u_int chan, group; 4806 4807 chan = ieee80211_chan2ieee(ic, c); 4808 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4809 return (EINVAL); 4810 4811 if (sc->mac_ver == 0x5592) 4812 run_rt5592_set_chan(sc, chan); 4813 else if (sc->mac_ver >= 0x5390) 4814 run_rt5390_set_chan(sc, chan); 4815 else if (sc->mac_ver == 0x3593) 4816 run_rt3593_set_chan(sc, chan); 4817 else if (sc->mac_ver == 0x3572) 4818 run_rt3572_set_chan(sc, chan); 4819 else if (sc->mac_ver >= 0x3070) 4820 run_rt3070_set_chan(sc, chan); 4821 else 4822 run_rt2870_set_chan(sc, chan); 4823 4824 /* determine channel group */ 4825 if (chan <= 14) 4826 group = 0; 4827 else if (chan <= 64) 4828 group = 1; 4829 else if (chan <= 128) 4830 group = 2; 4831 else 4832 group = 3; 4833 4834 /* XXX necessary only when group has changed! */ 4835 run_select_chan_group(sc, group); 4836 4837 run_delay(sc, 10); 4838 4839 /* Perform IQ calibration. */ 4840 if (sc->mac_ver >= 0x5392) 4841 run_iq_calib(sc, chan); 4842 4843 return (0); 4844 } 4845 4846 static void 4847 run_set_channel(struct ieee80211com *ic) 4848 { 4849 struct run_softc *sc = ic->ic_ifp->if_softc; 4850 4851 RUN_LOCK(sc); 4852 run_set_chan(sc, ic->ic_curchan); 4853 RUN_UNLOCK(sc); 4854 4855 return; 4856 } 4857 4858 static void 4859 run_scan_start(struct ieee80211com *ic) 4860 { 4861 struct run_softc *sc = ic->ic_ifp->if_softc; 4862 uint32_t tmp; 4863 4864 RUN_LOCK(sc); 4865 4866 /* abort TSF synchronization */ 4867 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4868 run_write(sc, RT2860_BCN_TIME_CFG, 4869 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4870 RT2860_TBTT_TIMER_EN)); 4871 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4872 4873 RUN_UNLOCK(sc); 4874 4875 return; 4876 } 4877 4878 static void 4879 run_scan_end(struct ieee80211com *ic) 4880 { 4881 struct run_softc *sc = ic->ic_ifp->if_softc; 4882 4883 RUN_LOCK(sc); 4884 4885 run_enable_tsf_sync(sc); 4886 /* XXX keep local copy */ 4887 run_set_bssid(sc, sc->sc_bssid); 4888 4889 RUN_UNLOCK(sc); 4890 4891 return; 4892 } 4893 4894 /* 4895 * Could be called from ieee80211_node_timeout() 4896 * (non-sleepable thread) 4897 */ 4898 static void 4899 run_update_beacon(struct ieee80211vap *vap, int item) 4900 { 4901 struct ieee80211com *ic = vap->iv_ic; 4902 struct run_softc *sc = ic->ic_ifp->if_softc; 4903 struct run_vap *rvp = RUN_VAP(vap); 4904 int mcast = 0; 4905 uint32_t i; 4906 4907 KASSERT(vap != NULL, ("no beacon")); 4908 4909 switch (item) { 4910 case IEEE80211_BEACON_ERP: 4911 run_updateslot(ic->ic_ifp); 4912 break; 4913 case IEEE80211_BEACON_HTINFO: 4914 run_updateprot(ic); 4915 break; 4916 case IEEE80211_BEACON_TIM: 4917 mcast = 1; /*TODO*/ 4918 break; 4919 default: 4920 break; 4921 } 4922 4923 setbit(rvp->bo.bo_flags, item); 4924 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4925 4926 i = RUN_CMDQ_GET(&sc->cmdq_store); 4927 DPRINTF("cmdq_store=%d\n", i); 4928 sc->cmdq[i].func = run_update_beacon_cb; 4929 sc->cmdq[i].arg0 = vap; 4930 ieee80211_runtask(ic, &sc->cmdq_task); 4931 4932 return; 4933 } 4934 4935 static void 4936 run_update_beacon_cb(void *arg) 4937 { 4938 struct ieee80211vap *vap = arg; 4939 struct run_vap *rvp = RUN_VAP(vap); 4940 struct ieee80211com *ic = vap->iv_ic; 4941 struct run_softc *sc = ic->ic_ifp->if_softc; 4942 struct rt2860_txwi txwi; 4943 struct mbuf *m; 4944 uint16_t txwisize; 4945 uint8_t ridx; 4946 4947 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4948 return; 4949 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4950 return; 4951 4952 /* 4953 * No need to call ieee80211_beacon_update(), run_update_beacon() 4954 * is taking care of apropriate calls. 4955 */ 4956 if (rvp->beacon_mbuf == NULL) { 4957 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4958 &rvp->bo); 4959 if (rvp->beacon_mbuf == NULL) 4960 return; 4961 } 4962 m = rvp->beacon_mbuf; 4963 4964 memset(&txwi, 0, sizeof(txwi)); 4965 txwi.wcid = 0xff; 4966 txwi.len = htole16(m->m_pkthdr.len); 4967 4968 /* send beacons at the lowest available rate */ 4969 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4970 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4971 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4972 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4973 txwi.phy |= htole16(RT2860_PHY_OFDM); 4974 txwi.txop = RT2860_TX_TXOP_HT; 4975 txwi.flags = RT2860_TX_TS; 4976 txwi.xflags = RT2860_TX_NSEQ; 4977 4978 txwisize = (sc->mac_ver == 0x5592) ? 4979 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4980 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4981 txwisize); 4982 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4983 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4984 } 4985 4986 static void 4987 run_updateprot(struct ieee80211com *ic) 4988 { 4989 struct run_softc *sc = ic->ic_ifp->if_softc; 4990 uint32_t i; 4991 4992 i = RUN_CMDQ_GET(&sc->cmdq_store); 4993 DPRINTF("cmdq_store=%d\n", i); 4994 sc->cmdq[i].func = run_updateprot_cb; 4995 sc->cmdq[i].arg0 = ic; 4996 ieee80211_runtask(ic, &sc->cmdq_task); 4997 } 4998 4999 static void 5000 run_updateprot_cb(void *arg) 5001 { 5002 struct ieee80211com *ic = arg; 5003 struct run_softc *sc = ic->ic_ifp->if_softc; 5004 uint32_t tmp; 5005 5006 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5007 /* setup protection frame rate (MCS code) */ 5008 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5009 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5010 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5011 5012 /* CCK frames don't require protection */ 5013 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5014 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5015 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5016 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5017 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5018 tmp |= RT2860_PROT_CTRL_CTS; 5019 } 5020 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5021 } 5022 5023 static void 5024 run_usb_timeout_cb(void *arg) 5025 { 5026 struct ieee80211vap *vap = arg; 5027 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 5028 5029 RUN_LOCK_ASSERT(sc, MA_OWNED); 5030 5031 if(vap->iv_state == IEEE80211_S_RUN && 5032 vap->iv_opmode != IEEE80211_M_STA) 5033 run_reset_livelock(sc); 5034 else if (vap->iv_state == IEEE80211_S_SCAN) { 5035 DPRINTF("timeout caused by scan\n"); 5036 /* cancel bgscan */ 5037 ieee80211_cancel_scan(vap); 5038 } else 5039 DPRINTF("timeout by unknown cause\n"); 5040 } 5041 5042 static void 5043 run_reset_livelock(struct run_softc *sc) 5044 { 5045 uint32_t tmp; 5046 5047 RUN_LOCK_ASSERT(sc, MA_OWNED); 5048 5049 /* 5050 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5051 * can run into a livelock and start sending CTS-to-self frames like 5052 * crazy if protection is enabled. Reset MAC/BBP for a while 5053 */ 5054 run_read(sc, RT2860_DEBUG, &tmp); 5055 DPRINTFN(3, "debug reg %08x\n", tmp); 5056 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5057 DPRINTF("CTS-to-self livelock detected\n"); 5058 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5059 run_delay(sc, 1); 5060 run_write(sc, RT2860_MAC_SYS_CTRL, 5061 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5062 } 5063 } 5064 5065 static void 5066 run_update_promisc_locked(struct ifnet *ifp) 5067 { 5068 struct run_softc *sc = ifp->if_softc; 5069 uint32_t tmp; 5070 5071 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5072 5073 tmp |= RT2860_DROP_UC_NOME; 5074 if (ifp->if_flags & IFF_PROMISC) 5075 tmp &= ~RT2860_DROP_UC_NOME; 5076 5077 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5078 5079 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 5080 "entering" : "leaving"); 5081 } 5082 5083 static void 5084 run_update_promisc(struct ifnet *ifp) 5085 { 5086 struct run_softc *sc = ifp->if_softc; 5087 5088 if ((ifp->if_flags & IFF_RUNNING) == 0) 5089 return; 5090 5091 RUN_LOCK(sc); 5092 run_update_promisc_locked(ifp); 5093 RUN_UNLOCK(sc); 5094 } 5095 5096 static void 5097 run_enable_tsf_sync(struct run_softc *sc) 5098 { 5099 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5100 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5101 uint32_t tmp; 5102 5103 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5104 ic->ic_opmode); 5105 5106 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5107 tmp &= ~0x1fffff; 5108 tmp |= vap->iv_bss->ni_intval * 16; 5109 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5110 5111 if (ic->ic_opmode == IEEE80211_M_STA) { 5112 /* 5113 * Local TSF is always updated with remote TSF on beacon 5114 * reception. 5115 */ 5116 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5117 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5118 tmp |= RT2860_BCN_TX_EN; 5119 /* 5120 * Local TSF is updated with remote TSF on beacon reception 5121 * only if the remote TSF is greater than local TSF. 5122 */ 5123 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5124 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5125 ic->ic_opmode == IEEE80211_M_MBSS) { 5126 tmp |= RT2860_BCN_TX_EN; 5127 /* SYNC with nobody */ 5128 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5129 } else { 5130 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5131 return; 5132 } 5133 5134 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5135 } 5136 5137 static void 5138 run_enable_mrr(struct run_softc *sc) 5139 { 5140 #define CCK(mcs) (mcs) 5141 #define OFDM(mcs) (1 << 3 | (mcs)) 5142 run_write(sc, RT2860_LG_FBK_CFG0, 5143 OFDM(6) << 28 | /* 54->48 */ 5144 OFDM(5) << 24 | /* 48->36 */ 5145 OFDM(4) << 20 | /* 36->24 */ 5146 OFDM(3) << 16 | /* 24->18 */ 5147 OFDM(2) << 12 | /* 18->12 */ 5148 OFDM(1) << 8 | /* 12-> 9 */ 5149 OFDM(0) << 4 | /* 9-> 6 */ 5150 OFDM(0)); /* 6-> 6 */ 5151 5152 run_write(sc, RT2860_LG_FBK_CFG1, 5153 CCK(2) << 12 | /* 11->5.5 */ 5154 CCK(1) << 8 | /* 5.5-> 2 */ 5155 CCK(0) << 4 | /* 2-> 1 */ 5156 CCK(0)); /* 1-> 1 */ 5157 #undef OFDM 5158 #undef CCK 5159 } 5160 5161 static void 5162 run_set_txpreamble(struct run_softc *sc) 5163 { 5164 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5165 uint32_t tmp; 5166 5167 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5168 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5169 tmp |= RT2860_CCK_SHORT_EN; 5170 else 5171 tmp &= ~RT2860_CCK_SHORT_EN; 5172 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5173 } 5174 5175 static void 5176 run_set_basicrates(struct run_softc *sc) 5177 { 5178 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5179 5180 /* set basic rates mask */ 5181 if (ic->ic_curmode == IEEE80211_MODE_11B) 5182 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5183 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5184 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5185 else /* 11g */ 5186 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5187 } 5188 5189 static void 5190 run_set_leds(struct run_softc *sc, uint16_t which) 5191 { 5192 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5193 which | (sc->leds & 0x7f)); 5194 } 5195 5196 static void 5197 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5198 { 5199 run_write(sc, RT2860_MAC_BSSID_DW0, 5200 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5201 run_write(sc, RT2860_MAC_BSSID_DW1, 5202 bssid[4] | bssid[5] << 8); 5203 } 5204 5205 static void 5206 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5207 { 5208 run_write(sc, RT2860_MAC_ADDR_DW0, 5209 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5210 run_write(sc, RT2860_MAC_ADDR_DW1, 5211 addr[4] | addr[5] << 8 | 0xff << 16); 5212 } 5213 5214 static void 5215 run_updateslot(struct ifnet *ifp) 5216 { 5217 struct run_softc *sc = ifp->if_softc; 5218 struct ieee80211com *ic = ifp->if_l2com; 5219 uint32_t i; 5220 5221 i = RUN_CMDQ_GET(&sc->cmdq_store); 5222 DPRINTF("cmdq_store=%d\n", i); 5223 sc->cmdq[i].func = run_updateslot_cb; 5224 sc->cmdq[i].arg0 = ifp; 5225 ieee80211_runtask(ic, &sc->cmdq_task); 5226 5227 return; 5228 } 5229 5230 /* ARGSUSED */ 5231 static void 5232 run_updateslot_cb(void *arg) 5233 { 5234 struct ifnet *ifp = arg; 5235 struct run_softc *sc = ifp->if_softc; 5236 struct ieee80211com *ic = ifp->if_l2com; 5237 uint32_t tmp; 5238 5239 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5240 tmp &= ~0xff; 5241 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5242 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5243 } 5244 5245 static void 5246 run_update_mcast(struct ifnet *ifp) 5247 { 5248 /* h/w filter supports getting everything or nothing */ 5249 ifp->if_flags |= IFF_ALLMULTI; 5250 } 5251 5252 static int8_t 5253 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5254 { 5255 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5256 struct ieee80211_channel *c = ic->ic_curchan; 5257 int delta; 5258 5259 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5260 u_int chan = ieee80211_chan2ieee(ic, c); 5261 delta = sc->rssi_5ghz[rxchain]; 5262 5263 /* determine channel group */ 5264 if (chan <= 64) 5265 delta -= sc->lna[1]; 5266 else if (chan <= 128) 5267 delta -= sc->lna[2]; 5268 else 5269 delta -= sc->lna[3]; 5270 } else 5271 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5272 5273 return (-12 - delta - rssi); 5274 } 5275 5276 static void 5277 run_rt5390_bbp_init(struct run_softc *sc) 5278 { 5279 int i; 5280 uint8_t bbp; 5281 5282 /* Apply maximum likelihood detection for 2 stream case. */ 5283 run_bbp_read(sc, 105, &bbp); 5284 if (sc->nrxchains > 1) 5285 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5286 5287 /* Avoid data lost and CRC error. */ 5288 run_bbp_read(sc, 4, &bbp); 5289 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5290 5291 if (sc->mac_ver == 0x5592) { 5292 for (i = 0; i < NELEM(rt5592_def_bbp); i++) { 5293 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5294 rt5592_def_bbp[i].val); 5295 } 5296 for (i = 0; i < NELEM(rt5592_bbp_r196); i++) { 5297 run_bbp_write(sc, 195, i + 0x80); 5298 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5299 } 5300 } else { 5301 for (i = 0; i < NELEM(rt5390_def_bbp); i++) { 5302 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5303 rt5390_def_bbp[i].val); 5304 } 5305 } 5306 if (sc->mac_ver == 0x5392) { 5307 run_bbp_write(sc, 88, 0x90); 5308 run_bbp_write(sc, 95, 0x9a); 5309 run_bbp_write(sc, 98, 0x12); 5310 run_bbp_write(sc, 106, 0x12); 5311 run_bbp_write(sc, 134, 0xd0); 5312 run_bbp_write(sc, 135, 0xf6); 5313 run_bbp_write(sc, 148, 0x84); 5314 } 5315 5316 run_bbp_read(sc, 152, &bbp); 5317 run_bbp_write(sc, 152, bbp | 0x80); 5318 5319 /* Fix BBP254 for RT5592C. */ 5320 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5321 run_bbp_read(sc, 254, &bbp); 5322 run_bbp_write(sc, 254, bbp | 0x80); 5323 } 5324 5325 /* Disable hardware antenna diversity. */ 5326 if (sc->mac_ver == 0x5390) 5327 run_bbp_write(sc, 154, 0); 5328 5329 /* Initialize Rx CCK/OFDM frequency offset report. */ 5330 run_bbp_write(sc, 142, 1); 5331 run_bbp_write(sc, 143, 57); 5332 } 5333 5334 static int 5335 run_bbp_init(struct run_softc *sc) 5336 { 5337 int i, error, ntries; 5338 uint8_t bbp0; 5339 5340 /* wait for BBP to wake up */ 5341 for (ntries = 0; ntries < 20; ntries++) { 5342 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5343 return error; 5344 if (bbp0 != 0 && bbp0 != 0xff) 5345 break; 5346 } 5347 if (ntries == 20) 5348 return (ETIMEDOUT); 5349 5350 /* initialize BBP registers to default values */ 5351 if (sc->mac_ver >= 0x5390) 5352 run_rt5390_bbp_init(sc); 5353 else { 5354 for (i = 0; i < NELEM(rt2860_def_bbp); i++) { 5355 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5356 rt2860_def_bbp[i].val); 5357 } 5358 } 5359 5360 if (sc->mac_ver == 0x3593) { 5361 run_bbp_write(sc, 79, 0x13); 5362 run_bbp_write(sc, 80, 0x05); 5363 run_bbp_write(sc, 81, 0x33); 5364 run_bbp_write(sc, 86, 0x46); 5365 run_bbp_write(sc, 137, 0x0f); 5366 } 5367 5368 /* fix BBP84 for RT2860E */ 5369 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5370 run_bbp_write(sc, 84, 0x19); 5371 5372 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5373 sc->mac_ver != 0x5592)) { 5374 run_bbp_write(sc, 79, 0x13); 5375 run_bbp_write(sc, 80, 0x05); 5376 run_bbp_write(sc, 81, 0x33); 5377 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5378 run_bbp_write(sc, 69, 0x16); 5379 run_bbp_write(sc, 73, 0x12); 5380 } 5381 return (0); 5382 } 5383 5384 static int 5385 run_rt3070_rf_init(struct run_softc *sc) 5386 { 5387 uint32_t tmp; 5388 uint8_t bbp4, mingain, rf, target; 5389 int i; 5390 5391 run_rt3070_rf_read(sc, 30, &rf); 5392 /* toggle RF R30 bit 7 */ 5393 run_rt3070_rf_write(sc, 30, rf | 0x80); 5394 run_delay(sc, 10); 5395 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5396 5397 /* initialize RF registers to default value */ 5398 if (sc->mac_ver == 0x3572) { 5399 for (i = 0; i < NELEM(rt3572_def_rf); i++) { 5400 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5401 rt3572_def_rf[i].val); 5402 } 5403 } else { 5404 for (i = 0; i < NELEM(rt3070_def_rf); i++) { 5405 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5406 rt3070_def_rf[i].val); 5407 } 5408 } 5409 5410 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5411 /* 5412 * Change voltage from 1.2V to 1.35V for RT3070. 5413 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5414 * in RT3070(F). 5415 */ 5416 run_read(sc, RT3070_LDO_CFG0, &tmp); 5417 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5418 run_write(sc, RT3070_LDO_CFG0, tmp); 5419 5420 } else if (sc->mac_ver == 0x3071) { 5421 run_rt3070_rf_read(sc, 6, &rf); 5422 run_rt3070_rf_write(sc, 6, rf | 0x40); 5423 run_rt3070_rf_write(sc, 31, 0x14); 5424 5425 run_read(sc, RT3070_LDO_CFG0, &tmp); 5426 tmp &= ~0x1f000000; 5427 if (sc->mac_rev < 0x0211) 5428 tmp |= 0x0d000000; /* 1.3V */ 5429 else 5430 tmp |= 0x01000000; /* 1.2V */ 5431 run_write(sc, RT3070_LDO_CFG0, tmp); 5432 5433 /* patch LNA_PE_G1 */ 5434 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5435 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5436 5437 } else if (sc->mac_ver == 0x3572) { 5438 run_rt3070_rf_read(sc, 6, &rf); 5439 run_rt3070_rf_write(sc, 6, rf | 0x40); 5440 5441 /* increase voltage from 1.2V to 1.35V */ 5442 run_read(sc, RT3070_LDO_CFG0, &tmp); 5443 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5444 run_write(sc, RT3070_LDO_CFG0, tmp); 5445 5446 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5447 run_delay(sc, 1); /* wait for 1msec */ 5448 /* decrease voltage back to 1.2V */ 5449 tmp = (tmp & ~0x1f000000) | 0x01000000; 5450 run_write(sc, RT3070_LDO_CFG0, tmp); 5451 } 5452 } 5453 5454 /* select 20MHz bandwidth */ 5455 run_rt3070_rf_read(sc, 31, &rf); 5456 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5457 5458 /* calibrate filter for 20MHz bandwidth */ 5459 sc->rf24_20mhz = 0x1f; /* default value */ 5460 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5461 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5462 5463 /* select 40MHz bandwidth */ 5464 run_bbp_read(sc, 4, &bbp4); 5465 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5466 run_rt3070_rf_read(sc, 31, &rf); 5467 run_rt3070_rf_write(sc, 31, rf | 0x20); 5468 5469 /* calibrate filter for 40MHz bandwidth */ 5470 sc->rf24_40mhz = 0x2f; /* default value */ 5471 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5472 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5473 5474 /* go back to 20MHz bandwidth */ 5475 run_bbp_read(sc, 4, &bbp4); 5476 run_bbp_write(sc, 4, bbp4 & ~0x18); 5477 5478 if (sc->mac_ver == 0x3572) { 5479 /* save default BBP registers 25 and 26 values */ 5480 run_bbp_read(sc, 25, &sc->bbp25); 5481 run_bbp_read(sc, 26, &sc->bbp26); 5482 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5483 run_rt3070_rf_write(sc, 27, 0x03); 5484 5485 run_read(sc, RT3070_OPT_14, &tmp); 5486 run_write(sc, RT3070_OPT_14, tmp | 1); 5487 5488 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5489 run_rt3070_rf_read(sc, 17, &rf); 5490 rf &= ~RT3070_TX_LO1; 5491 if ((sc->mac_ver == 0x3070 || 5492 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5493 !sc->ext_2ghz_lna) 5494 rf |= 0x20; /* fix for long range Rx issue */ 5495 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5496 if (sc->txmixgain_2ghz >= mingain) 5497 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5498 run_rt3070_rf_write(sc, 17, rf); 5499 } 5500 5501 if (sc->mac_ver == 0x3071) { 5502 run_rt3070_rf_read(sc, 1, &rf); 5503 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5504 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5505 run_rt3070_rf_write(sc, 1, rf); 5506 5507 run_rt3070_rf_read(sc, 15, &rf); 5508 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5509 5510 run_rt3070_rf_read(sc, 20, &rf); 5511 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5512 5513 run_rt3070_rf_read(sc, 21, &rf); 5514 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5515 } 5516 5517 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5518 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5519 run_rt3070_rf_read(sc, 27, &rf); 5520 rf &= ~0x77; 5521 if (sc->mac_rev < 0x0211) 5522 rf |= 0x03; 5523 run_rt3070_rf_write(sc, 27, rf); 5524 } 5525 return (0); 5526 } 5527 5528 static void 5529 run_rt3593_rf_init(struct run_softc *sc) 5530 { 5531 uint32_t tmp; 5532 uint8_t rf; 5533 int i; 5534 5535 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5536 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5537 tmp &= ~(1 << 4 | 1 << 7); 5538 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5539 5540 /* Initialize RF registers to default value. */ 5541 for (i = 0; i < NELEM(rt3593_def_rf); i++) { 5542 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5543 rt3593_def_rf[i].val); 5544 } 5545 5546 /* Toggle RF R2 to initiate calibration. */ 5547 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5548 5549 /* Initialize RF frequency offset. */ 5550 run_adjust_freq_offset(sc); 5551 5552 run_rt3070_rf_read(sc, 18, &rf); 5553 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5554 5555 /* 5556 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5557 * decrease voltage back to 1.2V. 5558 */ 5559 run_read(sc, RT3070_LDO_CFG0, &tmp); 5560 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5561 run_write(sc, RT3070_LDO_CFG0, tmp); 5562 run_delay(sc, 1); 5563 tmp = (tmp & ~0x1f000000) | 0x01000000; 5564 run_write(sc, RT3070_LDO_CFG0, tmp); 5565 5566 sc->rf24_20mhz = 0x1f; 5567 sc->rf24_40mhz = 0x2f; 5568 5569 /* Save default BBP registers 25 and 26 values. */ 5570 run_bbp_read(sc, 25, &sc->bbp25); 5571 run_bbp_read(sc, 26, &sc->bbp26); 5572 5573 run_read(sc, RT3070_OPT_14, &tmp); 5574 run_write(sc, RT3070_OPT_14, tmp | 1); 5575 } 5576 5577 static void 5578 run_rt5390_rf_init(struct run_softc *sc) 5579 { 5580 uint32_t tmp; 5581 uint8_t rf; 5582 int i; 5583 5584 /* Toggle RF R2 to initiate calibration. */ 5585 if (sc->mac_ver == 0x5390) { 5586 run_rt3070_rf_read(sc, 2, &rf); 5587 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5588 run_delay(sc, 10); 5589 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5590 } else { 5591 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5592 run_delay(sc, 10); 5593 } 5594 5595 /* Initialize RF registers to default value. */ 5596 if (sc->mac_ver == 0x5592) { 5597 for (i = 0; i < NELEM(rt5592_def_rf); i++) { 5598 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5599 rt5592_def_rf[i].val); 5600 } 5601 /* Initialize RF frequency offset. */ 5602 run_adjust_freq_offset(sc); 5603 } else if (sc->mac_ver == 0x5392) { 5604 for (i = 0; i < NELEM(rt5392_def_rf); i++) { 5605 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5606 rt5392_def_rf[i].val); 5607 } 5608 if (sc->mac_rev >= 0x0223) { 5609 run_rt3070_rf_write(sc, 23, 0x0f); 5610 run_rt3070_rf_write(sc, 24, 0x3e); 5611 run_rt3070_rf_write(sc, 51, 0x32); 5612 run_rt3070_rf_write(sc, 53, 0x22); 5613 run_rt3070_rf_write(sc, 56, 0xc1); 5614 run_rt3070_rf_write(sc, 59, 0x0f); 5615 } 5616 } else { 5617 for (i = 0; i < NELEM(rt5390_def_rf); i++) { 5618 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5619 rt5390_def_rf[i].val); 5620 } 5621 if (sc->mac_rev >= 0x0502) { 5622 run_rt3070_rf_write(sc, 6, 0xe0); 5623 run_rt3070_rf_write(sc, 25, 0x80); 5624 run_rt3070_rf_write(sc, 46, 0x73); 5625 run_rt3070_rf_write(sc, 53, 0x00); 5626 run_rt3070_rf_write(sc, 56, 0x42); 5627 run_rt3070_rf_write(sc, 61, 0xd1); 5628 } 5629 } 5630 5631 sc->rf24_20mhz = 0x1f; /* default value */ 5632 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5633 5634 if (sc->mac_rev < 0x0211) 5635 run_rt3070_rf_write(sc, 27, 0x3); 5636 5637 run_read(sc, RT3070_OPT_14, &tmp); 5638 run_write(sc, RT3070_OPT_14, tmp | 1); 5639 } 5640 5641 static int 5642 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5643 uint8_t *val) 5644 { 5645 uint8_t rf22, rf24; 5646 uint8_t bbp55_pb, bbp55_sb, delta; 5647 int ntries; 5648 5649 /* program filter */ 5650 run_rt3070_rf_read(sc, 24, &rf24); 5651 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5652 run_rt3070_rf_write(sc, 24, rf24); 5653 5654 /* enable baseband loopback mode */ 5655 run_rt3070_rf_read(sc, 22, &rf22); 5656 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5657 5658 /* set power and frequency of passband test tone */ 5659 run_bbp_write(sc, 24, 0x00); 5660 for (ntries = 0; ntries < 100; ntries++) { 5661 /* transmit test tone */ 5662 run_bbp_write(sc, 25, 0x90); 5663 run_delay(sc, 10); 5664 /* read received power */ 5665 run_bbp_read(sc, 55, &bbp55_pb); 5666 if (bbp55_pb != 0) 5667 break; 5668 } 5669 if (ntries == 100) 5670 return (ETIMEDOUT); 5671 5672 /* set power and frequency of stopband test tone */ 5673 run_bbp_write(sc, 24, 0x06); 5674 for (ntries = 0; ntries < 100; ntries++) { 5675 /* transmit test tone */ 5676 run_bbp_write(sc, 25, 0x90); 5677 run_delay(sc, 10); 5678 /* read received power */ 5679 run_bbp_read(sc, 55, &bbp55_sb); 5680 5681 delta = bbp55_pb - bbp55_sb; 5682 if (delta > target) 5683 break; 5684 5685 /* reprogram filter */ 5686 rf24++; 5687 run_rt3070_rf_write(sc, 24, rf24); 5688 } 5689 if (ntries < 100) { 5690 if (rf24 != init) 5691 rf24--; /* backtrack */ 5692 *val = rf24; 5693 run_rt3070_rf_write(sc, 24, rf24); 5694 } 5695 5696 /* restore initial state */ 5697 run_bbp_write(sc, 24, 0x00); 5698 5699 /* disable baseband loopback mode */ 5700 run_rt3070_rf_read(sc, 22, &rf22); 5701 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5702 5703 return (0); 5704 } 5705 5706 static void 5707 run_rt3070_rf_setup(struct run_softc *sc) 5708 { 5709 uint8_t bbp, rf; 5710 int i; 5711 5712 if (sc->mac_ver == 0x3572) { 5713 /* enable DC filter */ 5714 if (sc->mac_rev >= 0x0201) 5715 run_bbp_write(sc, 103, 0xc0); 5716 5717 run_bbp_read(sc, 138, &bbp); 5718 if (sc->ntxchains == 1) 5719 bbp |= 0x20; /* turn off DAC1 */ 5720 if (sc->nrxchains == 1) 5721 bbp &= ~0x02; /* turn off ADC1 */ 5722 run_bbp_write(sc, 138, bbp); 5723 5724 if (sc->mac_rev >= 0x0211) { 5725 /* improve power consumption */ 5726 run_bbp_read(sc, 31, &bbp); 5727 run_bbp_write(sc, 31, bbp & ~0x03); 5728 } 5729 5730 run_rt3070_rf_read(sc, 16, &rf); 5731 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5732 run_rt3070_rf_write(sc, 16, rf); 5733 5734 } else if (sc->mac_ver == 0x3071) { 5735 if (sc->mac_rev >= 0x0211) { 5736 /* enable DC filter */ 5737 run_bbp_write(sc, 103, 0xc0); 5738 5739 /* improve power consumption */ 5740 run_bbp_read(sc, 31, &bbp); 5741 run_bbp_write(sc, 31, bbp & ~0x03); 5742 } 5743 5744 run_bbp_read(sc, 138, &bbp); 5745 if (sc->ntxchains == 1) 5746 bbp |= 0x20; /* turn off DAC1 */ 5747 if (sc->nrxchains == 1) 5748 bbp &= ~0x02; /* turn off ADC1 */ 5749 run_bbp_write(sc, 138, bbp); 5750 5751 run_write(sc, RT2860_TX_SW_CFG1, 0); 5752 if (sc->mac_rev < 0x0211) { 5753 run_write(sc, RT2860_TX_SW_CFG2, 5754 sc->patch_dac ? 0x2c : 0x0f); 5755 } else 5756 run_write(sc, RT2860_TX_SW_CFG2, 0); 5757 5758 } else if (sc->mac_ver == 0x3070) { 5759 if (sc->mac_rev >= 0x0201) { 5760 /* enable DC filter */ 5761 run_bbp_write(sc, 103, 0xc0); 5762 5763 /* improve power consumption */ 5764 run_bbp_read(sc, 31, &bbp); 5765 run_bbp_write(sc, 31, bbp & ~0x03); 5766 } 5767 5768 if (sc->mac_rev < 0x0201) { 5769 run_write(sc, RT2860_TX_SW_CFG1, 0); 5770 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5771 } else 5772 run_write(sc, RT2860_TX_SW_CFG2, 0); 5773 } 5774 5775 /* initialize RF registers from ROM for >=RT3071*/ 5776 if (sc->mac_ver >= 0x3071) { 5777 for (i = 0; i < 10; i++) { 5778 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5779 continue; 5780 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5781 } 5782 } 5783 } 5784 5785 static void 5786 run_rt3593_rf_setup(struct run_softc *sc) 5787 { 5788 uint8_t bbp, rf; 5789 5790 if (sc->mac_rev >= 0x0211) { 5791 /* Enable DC filter. */ 5792 run_bbp_write(sc, 103, 0xc0); 5793 } 5794 run_write(sc, RT2860_TX_SW_CFG1, 0); 5795 if (sc->mac_rev < 0x0211) { 5796 run_write(sc, RT2860_TX_SW_CFG2, 5797 sc->patch_dac ? 0x2c : 0x0f); 5798 } else 5799 run_write(sc, RT2860_TX_SW_CFG2, 0); 5800 5801 run_rt3070_rf_read(sc, 50, &rf); 5802 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5803 5804 run_rt3070_rf_read(sc, 51, &rf); 5805 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5806 ((sc->txmixgain_2ghz & 0x07) << 2); 5807 run_rt3070_rf_write(sc, 51, rf); 5808 5809 run_rt3070_rf_read(sc, 38, &rf); 5810 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5811 5812 run_rt3070_rf_read(sc, 39, &rf); 5813 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5814 5815 run_rt3070_rf_read(sc, 1, &rf); 5816 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5817 5818 run_rt3070_rf_read(sc, 30, &rf); 5819 rf = (rf & ~0x18) | 0x10; 5820 run_rt3070_rf_write(sc, 30, rf); 5821 5822 /* Apply maximum likelihood detection for 2 stream case. */ 5823 run_bbp_read(sc, 105, &bbp); 5824 if (sc->nrxchains > 1) 5825 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5826 5827 /* Avoid data lost and CRC error. */ 5828 run_bbp_read(sc, 4, &bbp); 5829 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5830 5831 run_bbp_write(sc, 92, 0x02); 5832 run_bbp_write(sc, 82, 0x82); 5833 run_bbp_write(sc, 106, 0x05); 5834 run_bbp_write(sc, 104, 0x92); 5835 run_bbp_write(sc, 88, 0x90); 5836 run_bbp_write(sc, 148, 0xc8); 5837 run_bbp_write(sc, 47, 0x48); 5838 run_bbp_write(sc, 120, 0x50); 5839 5840 run_bbp_write(sc, 163, 0x9d); 5841 5842 /* SNR mapping. */ 5843 run_bbp_write(sc, 142, 0x06); 5844 run_bbp_write(sc, 143, 0xa0); 5845 run_bbp_write(sc, 142, 0x07); 5846 run_bbp_write(sc, 143, 0xa1); 5847 run_bbp_write(sc, 142, 0x08); 5848 run_bbp_write(sc, 143, 0xa2); 5849 5850 run_bbp_write(sc, 31, 0x08); 5851 run_bbp_write(sc, 68, 0x0b); 5852 run_bbp_write(sc, 105, 0x04); 5853 } 5854 5855 static void 5856 run_rt5390_rf_setup(struct run_softc *sc) 5857 { 5858 uint8_t bbp, rf; 5859 5860 if (sc->mac_rev >= 0x0211) { 5861 /* Enable DC filter. */ 5862 run_bbp_write(sc, 103, 0xc0); 5863 5864 if (sc->mac_ver != 0x5592) { 5865 /* Improve power consumption. */ 5866 run_bbp_read(sc, 31, &bbp); 5867 run_bbp_write(sc, 31, bbp & ~0x03); 5868 } 5869 } 5870 5871 run_bbp_read(sc, 138, &bbp); 5872 if (sc->ntxchains == 1) 5873 bbp |= 0x20; /* turn off DAC1 */ 5874 if (sc->nrxchains == 1) 5875 bbp &= ~0x02; /* turn off ADC1 */ 5876 run_bbp_write(sc, 138, bbp); 5877 5878 run_rt3070_rf_read(sc, 38, &rf); 5879 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5880 5881 run_rt3070_rf_read(sc, 39, &rf); 5882 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5883 5884 /* Avoid data lost and CRC error. */ 5885 run_bbp_read(sc, 4, &bbp); 5886 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5887 5888 run_rt3070_rf_read(sc, 30, &rf); 5889 rf = (rf & ~0x18) | 0x10; 5890 run_rt3070_rf_write(sc, 30, rf); 5891 5892 if (sc->mac_ver != 0x5592) { 5893 run_write(sc, RT2860_TX_SW_CFG1, 0); 5894 if (sc->mac_rev < 0x0211) { 5895 run_write(sc, RT2860_TX_SW_CFG2, 5896 sc->patch_dac ? 0x2c : 0x0f); 5897 } else 5898 run_write(sc, RT2860_TX_SW_CFG2, 0); 5899 } 5900 } 5901 5902 static int 5903 run_txrx_enable(struct run_softc *sc) 5904 { 5905 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5906 uint32_t tmp; 5907 int error, ntries; 5908 5909 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5910 for (ntries = 0; ntries < 200; ntries++) { 5911 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5912 return (error); 5913 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5914 break; 5915 run_delay(sc, 50); 5916 } 5917 if (ntries == 200) 5918 return (ETIMEDOUT); 5919 5920 run_delay(sc, 50); 5921 5922 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5923 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5924 5925 /* enable Rx bulk aggregation (set timeout and limit) */ 5926 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5927 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5928 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5929 5930 /* set Rx filter */ 5931 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5932 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5933 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5934 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5935 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5936 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5937 if (ic->ic_opmode == IEEE80211_M_STA) 5938 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5939 } 5940 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5941 5942 run_write(sc, RT2860_MAC_SYS_CTRL, 5943 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5944 5945 return (0); 5946 } 5947 5948 static void 5949 run_adjust_freq_offset(struct run_softc *sc) 5950 { 5951 uint8_t rf, tmp; 5952 5953 run_rt3070_rf_read(sc, 17, &rf); 5954 tmp = rf; 5955 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5956 rf = MIN(rf, 0x5f); 5957 5958 if (tmp != rf) 5959 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5960 } 5961 5962 static void 5963 run_init_locked(struct run_softc *sc) 5964 { 5965 struct ifnet *ifp = sc->sc_ifp; 5966 struct ieee80211com *ic = ifp->if_l2com; 5967 uint32_t tmp; 5968 uint8_t bbp1, bbp3; 5969 int i; 5970 int ridx; 5971 int ntries; 5972 5973 if (ic->ic_nrunning > 1) 5974 return; 5975 5976 run_stop(sc); 5977 5978 if (run_load_microcode(sc) != 0) { 5979 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5980 goto fail; 5981 } 5982 5983 for (ntries = 0; ntries < 100; ntries++) { 5984 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5985 goto fail; 5986 if (tmp != 0 && tmp != 0xffffffff) 5987 break; 5988 run_delay(sc, 10); 5989 } 5990 if (ntries == 100) 5991 goto fail; 5992 5993 for (i = 0; i != RUN_EP_QUEUES; i++) 5994 run_setup_tx_list(sc, &sc->sc_epq[i]); 5995 5996 run_set_macaddr(sc, IF_LLADDR(ifp)); 5997 5998 for (ntries = 0; ntries < 100; ntries++) { 5999 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6000 goto fail; 6001 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6002 break; 6003 run_delay(sc, 10); 6004 } 6005 if (ntries == 100) { 6006 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6007 goto fail; 6008 } 6009 tmp &= 0xff0; 6010 tmp |= RT2860_TX_WB_DDONE; 6011 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6012 6013 /* turn off PME_OEN to solve high-current issue */ 6014 run_read(sc, RT2860_SYS_CTRL, &tmp); 6015 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6016 6017 run_write(sc, RT2860_MAC_SYS_CTRL, 6018 RT2860_BBP_HRST | RT2860_MAC_SRST); 6019 run_write(sc, RT2860_USB_DMA_CFG, 0); 6020 6021 if (run_reset(sc) != 0) { 6022 device_printf(sc->sc_dev, "could not reset chipset\n"); 6023 goto fail; 6024 } 6025 6026 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6027 6028 /* init Tx power for all Tx rates (from EEPROM) */ 6029 for (ridx = 0; ridx < 5; ridx++) { 6030 if (sc->txpow20mhz[ridx] == 0xffffffff) 6031 continue; 6032 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6033 } 6034 6035 for (i = 0; i < NELEM(rt2870_def_mac); i++) 6036 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6037 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6038 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6039 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6040 6041 if (sc->mac_ver >= 0x5390) { 6042 run_write(sc, RT2860_TX_SW_CFG0, 6043 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6044 if (sc->mac_ver >= 0x5392) { 6045 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6046 if (sc->mac_ver == 0x5592) { 6047 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6048 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6049 } else { 6050 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6051 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6052 } 6053 } 6054 } else if (sc->mac_ver == 0x3593) { 6055 run_write(sc, RT2860_TX_SW_CFG0, 6056 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6057 } else if (sc->mac_ver >= 0x3070) { 6058 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6059 run_write(sc, RT2860_TX_SW_CFG0, 6060 4 << RT2860_DLY_PAPE_EN_SHIFT); 6061 } 6062 6063 /* wait while MAC is busy */ 6064 for (ntries = 0; ntries < 100; ntries++) { 6065 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6066 goto fail; 6067 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6068 break; 6069 run_delay(sc, 10); 6070 } 6071 if (ntries == 100) 6072 goto fail; 6073 6074 /* clear Host to MCU mailbox */ 6075 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6076 run_write(sc, RT2860_H2M_MAILBOX, 0); 6077 run_delay(sc, 10); 6078 6079 if (run_bbp_init(sc) != 0) { 6080 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6081 goto fail; 6082 } 6083 6084 /* abort TSF synchronization */ 6085 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6086 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6087 RT2860_TBTT_TIMER_EN); 6088 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6089 6090 /* clear RX WCID search table */ 6091 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6092 /* clear WCID attribute table */ 6093 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6094 6095 /* hostapd sets a key before init. So, don't clear it. */ 6096 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6097 /* clear shared key table */ 6098 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6099 /* clear shared key mode */ 6100 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6101 } 6102 6103 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6104 tmp = (tmp & ~0xff) | 0x1e; 6105 run_write(sc, RT2860_US_CYC_CNT, tmp); 6106 6107 if (sc->mac_rev != 0x0101) 6108 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6109 6110 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6111 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6112 6113 /* write vendor-specific BBP values (from EEPROM) */ 6114 if (sc->mac_ver < 0x3593) { 6115 for (i = 0; i < 10; i++) { 6116 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6117 continue; 6118 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6119 } 6120 } 6121 6122 /* select Main antenna for 1T1R devices */ 6123 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6124 run_set_rx_antenna(sc, 0); 6125 6126 /* send LEDs operating mode to microcontroller */ 6127 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6128 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6129 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6130 6131 if (sc->mac_ver >= 0x5390) 6132 run_rt5390_rf_init(sc); 6133 else if (sc->mac_ver == 0x3593) 6134 run_rt3593_rf_init(sc); 6135 else if (sc->mac_ver >= 0x3070) 6136 run_rt3070_rf_init(sc); 6137 6138 /* disable non-existing Rx chains */ 6139 run_bbp_read(sc, 3, &bbp3); 6140 bbp3 &= ~(1 << 3 | 1 << 4); 6141 if (sc->nrxchains == 2) 6142 bbp3 |= 1 << 3; 6143 else if (sc->nrxchains == 3) 6144 bbp3 |= 1 << 4; 6145 run_bbp_write(sc, 3, bbp3); 6146 6147 /* disable non-existing Tx chains */ 6148 run_bbp_read(sc, 1, &bbp1); 6149 if (sc->ntxchains == 1) 6150 bbp1 &= ~(1 << 3 | 1 << 4); 6151 run_bbp_write(sc, 1, bbp1); 6152 6153 if (sc->mac_ver >= 0x5390) 6154 run_rt5390_rf_setup(sc); 6155 else if (sc->mac_ver == 0x3593) 6156 run_rt3593_rf_setup(sc); 6157 else if (sc->mac_ver >= 0x3070) 6158 run_rt3070_rf_setup(sc); 6159 6160 /* select default channel */ 6161 run_set_chan(sc, ic->ic_curchan); 6162 6163 /* setup initial protection mode */ 6164 run_updateprot_cb(ic); 6165 6166 /* turn radio LED on */ 6167 run_set_leds(sc, RT2860_LED_RADIO); 6168 6169 ifq_clr_oactive(&ifp->if_snd); 6170 ifp->if_flags |= IFF_RUNNING; 6171 sc->cmdq_run = RUN_CMDQ_GO; 6172 6173 for (i = 0; i != RUN_N_XFER; i++) 6174 usbd_xfer_set_stall(sc->sc_xfer[i]); 6175 6176 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6177 6178 if (run_txrx_enable(sc) != 0) 6179 goto fail; 6180 6181 return; 6182 6183 fail: 6184 run_stop(sc); 6185 } 6186 6187 static void 6188 run_init(void *arg) 6189 { 6190 struct run_softc *sc = arg; 6191 struct ifnet *ifp = sc->sc_ifp; 6192 struct ieee80211com *ic = ifp->if_l2com; 6193 6194 RUN_LOCK(sc); 6195 run_init_locked(sc); 6196 RUN_UNLOCK(sc); 6197 6198 if (ifp->if_flags & IFF_RUNNING) 6199 ieee80211_start_all(ic); 6200 } 6201 6202 static void 6203 run_stop(void *arg) 6204 { 6205 struct run_softc *sc = (struct run_softc *)arg; 6206 struct ifnet *ifp = sc->sc_ifp; 6207 uint32_t tmp; 6208 int i; 6209 int ntries; 6210 6211 RUN_LOCK_ASSERT(sc, MA_OWNED); 6212 6213 if (ifp->if_flags & IFF_RUNNING) 6214 run_set_leds(sc, 0); /* turn all LEDs off */ 6215 6216 ifp->if_flags &= ~IFF_RUNNING; 6217 ifq_clr_oactive(&ifp->if_snd); 6218 6219 sc->ratectl_run = RUN_RATECTL_OFF; 6220 sc->cmdq_run = sc->cmdq_key_set; 6221 6222 RUN_UNLOCK(sc); 6223 6224 for(i = 0; i < RUN_N_XFER; i++) 6225 usbd_transfer_drain(sc->sc_xfer[i]); 6226 6227 RUN_LOCK(sc); 6228 6229 if (sc->rx_m != NULL) { 6230 m_free(sc->rx_m); 6231 sc->rx_m = NULL; 6232 } 6233 6234 /* Disable Tx/Rx DMA. */ 6235 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6236 return; 6237 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6238 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6239 6240 for (ntries = 0; ntries < 100; ntries++) { 6241 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6242 return; 6243 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6244 break; 6245 run_delay(sc, 10); 6246 } 6247 if (ntries == 100) { 6248 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6249 return; 6250 } 6251 6252 /* disable Tx/Rx */ 6253 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6254 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6255 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6256 6257 /* wait for pending Tx to complete */ 6258 for (ntries = 0; ntries < 100; ntries++) { 6259 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6260 DPRINTF("Cannot read Tx queue count\n"); 6261 break; 6262 } 6263 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6264 DPRINTF("All Tx cleared\n"); 6265 break; 6266 } 6267 run_delay(sc, 10); 6268 } 6269 if (ntries >= 100) 6270 DPRINTF("There are still pending Tx\n"); 6271 run_delay(sc, 10); 6272 run_write(sc, RT2860_USB_DMA_CFG, 0); 6273 6274 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6275 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6276 6277 for (i = 0; i != RUN_EP_QUEUES; i++) 6278 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6279 } 6280 6281 static void 6282 run_delay(struct run_softc *sc, u_int ms) 6283 { 6284 usb_pause_mtx(lockowned(&sc->sc_lock) ? &sc->sc_lock : NULL, 6285 USB_MS_TO_TICKS(ms)); 6286 } 6287 6288 static device_method_t run_methods[] = { 6289 /* Device interface */ 6290 DEVMETHOD(device_probe, run_match), 6291 DEVMETHOD(device_attach, run_attach), 6292 DEVMETHOD(device_detach, run_detach), 6293 DEVMETHOD_END 6294 }; 6295 6296 static driver_t run_driver = { 6297 .name = "run", 6298 .methods = run_methods, 6299 .size = sizeof(struct run_softc) 6300 }; 6301 6302 static devclass_t run_devclass; 6303 6304 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6305 MODULE_DEPEND(run, wlan, 1, 1, 1); 6306 MODULE_DEPEND(run, usb, 1, 1, 1); 6307 MODULE_DEPEND(run, firmware, 1, 1, 1); 6308 MODULE_VERSION(run, 1); 6309