1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 * 19 * $FreeBSD: head/sys/dev/usb/wlan/if_run.c 299176 2016-05-06 15:09:21Z pfg $ 20 */ 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mbuf.h> 32 #include <sys/kernel.h> 33 #include <sys/socket.h> 34 #include <sys/systm.h> 35 #include <sys/malloc.h> 36 #include <sys/module.h> 37 #include <sys/bus.h> 38 #include <sys/endian.h> 39 #include <sys/linker.h> 40 #include <sys/firmware.h> 41 42 #include <sys/rman.h> 43 44 #include <net/bpf.h> 45 #include <net/if.h> 46 #include <net/if_var.h> 47 #include <net/if_arp.h> 48 #include <net/ethernet.h> 49 #include <net/if_dl.h> 50 #include <net/if_media.h> 51 #include <net/if_types.h> 52 53 #include <netinet/in.h> 54 #include <netinet/in_systm.h> 55 #include <netinet/in_var.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip.h> 58 59 #include <netproto/802_11/ieee80211_var.h> 60 #include <netproto/802_11/ieee80211_regdomain.h> 61 #include <netproto/802_11/ieee80211_radiotap.h> 62 #include <netproto/802_11/ieee80211_ratectl.h> 63 64 #include <bus/u4b/usb.h> 65 #include <bus/u4b/usbdi.h> 66 #include "usbdevs.h" 67 68 #define USB_DEBUG_VAR run_debug 69 #include <bus/u4b/usb_debug.h> 70 #include <bus/u4b/usb_msctest.h> 71 72 #include <bus/u4b/wlan/if_runreg.h> 73 #include <bus/u4b/wlan/if_runvar.h> 74 75 #ifdef USB_DEBUG 76 #define RUN_DEBUG 77 #endif 78 79 #ifdef RUN_DEBUG 80 int run_debug = 0; 81 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 82 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 83 "run debug level"); 84 #endif 85 86 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 87 88 /* 89 * Because of LOR in run_key_delete(), use atomic instead. 90 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 91 */ 92 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 93 94 static const STRUCT_USB_HOST_ID run_devs[] = { 95 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 96 #define RUN_DEV_EJECT(v,p) \ 97 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 98 #define RUN_EJECT 1 99 RUN_DEV(ABOCOM, RT2770), 100 RUN_DEV(ABOCOM, RT2870), 101 RUN_DEV(ABOCOM, RT3070), 102 RUN_DEV(ABOCOM, RT3071), 103 RUN_DEV(ABOCOM, RT3072), 104 RUN_DEV(ABOCOM2, RT2870_1), 105 RUN_DEV(ACCTON, RT2770), 106 RUN_DEV(ACCTON, RT2870_1), 107 RUN_DEV(ACCTON, RT2870_2), 108 RUN_DEV(ACCTON, RT2870_3), 109 RUN_DEV(ACCTON, RT2870_4), 110 RUN_DEV(ACCTON, RT2870_5), 111 RUN_DEV(ACCTON, RT3070), 112 RUN_DEV(ACCTON, RT3070_1), 113 RUN_DEV(ACCTON, RT3070_2), 114 RUN_DEV(ACCTON, RT3070_3), 115 RUN_DEV(ACCTON, RT3070_4), 116 RUN_DEV(ACCTON, RT3070_5), 117 RUN_DEV(AIRTIES, RT3070), 118 RUN_DEV(ALLWIN, RT2070), 119 RUN_DEV(ALLWIN, RT2770), 120 RUN_DEV(ALLWIN, RT2870), 121 RUN_DEV(ALLWIN, RT3070), 122 RUN_DEV(ALLWIN, RT3071), 123 RUN_DEV(ALLWIN, RT3072), 124 RUN_DEV(ALLWIN, RT3572), 125 RUN_DEV(AMIGO, RT2870_1), 126 RUN_DEV(AMIGO, RT2870_2), 127 RUN_DEV(AMIT, CGWLUSB2GNR), 128 RUN_DEV(AMIT, RT2870_1), 129 RUN_DEV(AMIT2, RT2870), 130 RUN_DEV(ASUS, RT2870_1), 131 RUN_DEV(ASUS, RT2870_2), 132 RUN_DEV(ASUS, RT2870_3), 133 RUN_DEV(ASUS, RT2870_4), 134 RUN_DEV(ASUS, RT2870_5), 135 RUN_DEV(ASUS, USBN13), 136 RUN_DEV(ASUS, RT3070_1), 137 RUN_DEV(ASUS, USBN66), 138 RUN_DEV(ASUS, USB_N53), 139 RUN_DEV(ASUS2, USBN11), 140 RUN_DEV(AZUREWAVE, RT2870_1), 141 RUN_DEV(AZUREWAVE, RT2870_2), 142 RUN_DEV(AZUREWAVE, RT3070_1), 143 RUN_DEV(AZUREWAVE, RT3070_2), 144 RUN_DEV(AZUREWAVE, RT3070_3), 145 RUN_DEV(BELKIN, F9L1103), 146 RUN_DEV(BELKIN, F5D8053V3), 147 RUN_DEV(BELKIN, F5D8055), 148 RUN_DEV(BELKIN, F5D8055V2), 149 RUN_DEV(BELKIN, F6D4050V1), 150 RUN_DEV(BELKIN, F6D4050V2), 151 RUN_DEV(BELKIN, RT2870_1), 152 RUN_DEV(BELKIN, RT2870_2), 153 RUN_DEV(CISCOLINKSYS, AE1000), 154 RUN_DEV(CISCOLINKSYS2, RT3070), 155 RUN_DEV(CISCOLINKSYS3, RT3070), 156 RUN_DEV(CONCEPTRONIC2, RT2870_1), 157 RUN_DEV(CONCEPTRONIC2, RT2870_2), 158 RUN_DEV(CONCEPTRONIC2, RT2870_3), 159 RUN_DEV(CONCEPTRONIC2, RT2870_4), 160 RUN_DEV(CONCEPTRONIC2, RT2870_5), 161 RUN_DEV(CONCEPTRONIC2, RT2870_6), 162 RUN_DEV(CONCEPTRONIC2, RT2870_7), 163 RUN_DEV(CONCEPTRONIC2, RT2870_8), 164 RUN_DEV(CONCEPTRONIC2, RT3070_1), 165 RUN_DEV(CONCEPTRONIC2, RT3070_2), 166 RUN_DEV(CONCEPTRONIC2, VIGORN61), 167 RUN_DEV(COREGA, CGWLUSB300GNM), 168 RUN_DEV(COREGA, RT2870_1), 169 RUN_DEV(COREGA, RT2870_2), 170 RUN_DEV(COREGA, RT2870_3), 171 RUN_DEV(COREGA, RT3070), 172 RUN_DEV(CYBERTAN, RT2870), 173 RUN_DEV(DLINK, RT2870), 174 RUN_DEV(DLINK, RT3072), 175 RUN_DEV(DLINK, DWA127), 176 RUN_DEV(DLINK, DWA140B3), 177 RUN_DEV(DLINK, DWA160B2), 178 RUN_DEV(DLINK, DWA140D1), 179 RUN_DEV(DLINK, DWA162), 180 RUN_DEV(DLINK2, DWA130), 181 RUN_DEV(DLINK2, RT2870_1), 182 RUN_DEV(DLINK2, RT2870_2), 183 RUN_DEV(DLINK2, RT3070_1), 184 RUN_DEV(DLINK2, RT3070_2), 185 RUN_DEV(DLINK2, RT3070_3), 186 RUN_DEV(DLINK2, RT3070_4), 187 RUN_DEV(DLINK2, RT3070_5), 188 RUN_DEV(DLINK2, RT3072), 189 RUN_DEV(DLINK2, RT3072_1), 190 RUN_DEV(EDIMAX, EW7717), 191 RUN_DEV(EDIMAX, EW7718), 192 RUN_DEV(EDIMAX, EW7733UND), 193 RUN_DEV(EDIMAX, RT2870_1), 194 RUN_DEV(ENCORE, RT3070_1), 195 RUN_DEV(ENCORE, RT3070_2), 196 RUN_DEV(ENCORE, RT3070_3), 197 RUN_DEV(GIGABYTE, GNWB31N), 198 RUN_DEV(GIGABYTE, GNWB32L), 199 RUN_DEV(GIGABYTE, RT2870_1), 200 RUN_DEV(GIGASET, RT3070_1), 201 RUN_DEV(GIGASET, RT3070_2), 202 RUN_DEV(GUILLEMOT, HWNU300), 203 RUN_DEV(HAWKING, HWUN2), 204 RUN_DEV(HAWKING, RT2870_1), 205 RUN_DEV(HAWKING, RT2870_2), 206 RUN_DEV(HAWKING, RT3070), 207 RUN_DEV(IODATA, RT3072_1), 208 RUN_DEV(IODATA, RT3072_2), 209 RUN_DEV(IODATA, RT3072_3), 210 RUN_DEV(IODATA, RT3072_4), 211 RUN_DEV(LINKSYS4, RT3070), 212 RUN_DEV(LINKSYS4, WUSB100), 213 RUN_DEV(LINKSYS4, WUSB54GCV3), 214 RUN_DEV(LINKSYS4, WUSB600N), 215 RUN_DEV(LINKSYS4, WUSB600NV2), 216 RUN_DEV(LOGITEC, RT2870_1), 217 RUN_DEV(LOGITEC, RT2870_2), 218 RUN_DEV(LOGITEC, RT2870_3), 219 RUN_DEV(LOGITEC, LANW300NU2), 220 RUN_DEV(LOGITEC, LANW150NU2), 221 RUN_DEV(LOGITEC, LANW300NU2S), 222 RUN_DEV(MELCO, WLIUCG300HP), 223 RUN_DEV(MELCO, RT2870_2), 224 RUN_DEV(MELCO, WLIUCAG300N), 225 RUN_DEV(MELCO, WLIUCG300N), 226 RUN_DEV(MELCO, WLIUCG301N), 227 RUN_DEV(MELCO, WLIUCGN), 228 RUN_DEV(MELCO, WLIUCGNM), 229 RUN_DEV(MELCO, WLIUCG300HPV1), 230 RUN_DEV(MELCO, WLIUCGNM2), 231 RUN_DEV(MOTOROLA4, RT2770), 232 RUN_DEV(MOTOROLA4, RT3070), 233 RUN_DEV(MSI, RT3070_1), 234 RUN_DEV(MSI, RT3070_2), 235 RUN_DEV(MSI, RT3070_3), 236 RUN_DEV(MSI, RT3070_4), 237 RUN_DEV(MSI, RT3070_5), 238 RUN_DEV(MSI, RT3070_6), 239 RUN_DEV(MSI, RT3070_7), 240 RUN_DEV(MSI, RT3070_8), 241 RUN_DEV(MSI, RT3070_9), 242 RUN_DEV(MSI, RT3070_10), 243 RUN_DEV(MSI, RT3070_11), 244 RUN_DEV(NETGEAR, WNDA4100), 245 RUN_DEV(OVISLINK, RT3072), 246 RUN_DEV(PARA, RT3070), 247 RUN_DEV(PEGATRON, RT2870), 248 RUN_DEV(PEGATRON, RT3070), 249 RUN_DEV(PEGATRON, RT3070_2), 250 RUN_DEV(PEGATRON, RT3070_3), 251 RUN_DEV(PHILIPS, RT2870), 252 RUN_DEV(PLANEX2, GWUS300MINIS), 253 RUN_DEV(PLANEX2, GWUSMICRON), 254 RUN_DEV(PLANEX2, RT2870), 255 RUN_DEV(PLANEX2, RT3070), 256 RUN_DEV(QCOM, RT2870), 257 RUN_DEV(QUANTA, RT3070), 258 RUN_DEV(RALINK, RT2070), 259 RUN_DEV(RALINK, RT2770), 260 RUN_DEV(RALINK, RT2870), 261 RUN_DEV(RALINK, RT3070), 262 RUN_DEV(RALINK, RT3071), 263 RUN_DEV(RALINK, RT3072), 264 RUN_DEV(RALINK, RT3370), 265 RUN_DEV(RALINK, RT3572), 266 RUN_DEV(RALINK, RT3573), 267 RUN_DEV(RALINK, RT5370), 268 RUN_DEV(RALINK, RT5572), 269 RUN_DEV(RALINK, RT8070), 270 RUN_DEV(SAMSUNG, WIS09ABGN), 271 RUN_DEV(SAMSUNG2, RT2870_1), 272 RUN_DEV(SENAO, RT2870_1), 273 RUN_DEV(SENAO, RT2870_2), 274 RUN_DEV(SENAO, RT2870_3), 275 RUN_DEV(SENAO, RT2870_4), 276 RUN_DEV(SENAO, RT3070), 277 RUN_DEV(SENAO, RT3071), 278 RUN_DEV(SENAO, RT3072_1), 279 RUN_DEV(SENAO, RT3072_2), 280 RUN_DEV(SENAO, RT3072_3), 281 RUN_DEV(SENAO, RT3072_4), 282 RUN_DEV(SENAO, RT3072_5), 283 RUN_DEV(SITECOMEU, RT2770), 284 RUN_DEV(SITECOMEU, RT2870_1), 285 RUN_DEV(SITECOMEU, RT2870_2), 286 RUN_DEV(SITECOMEU, RT2870_3), 287 RUN_DEV(SITECOMEU, RT2870_4), 288 RUN_DEV(SITECOMEU, RT3070), 289 RUN_DEV(SITECOMEU, RT3070_2), 290 RUN_DEV(SITECOMEU, RT3070_3), 291 RUN_DEV(SITECOMEU, RT3070_4), 292 RUN_DEV(SITECOMEU, RT3071), 293 RUN_DEV(SITECOMEU, RT3072_1), 294 RUN_DEV(SITECOMEU, RT3072_2), 295 RUN_DEV(SITECOMEU, RT3072_3), 296 RUN_DEV(SITECOMEU, RT3072_4), 297 RUN_DEV(SITECOMEU, RT3072_5), 298 RUN_DEV(SITECOMEU, RT3072_6), 299 RUN_DEV(SITECOMEU, WL608), 300 RUN_DEV(SPARKLAN, RT2870_1), 301 RUN_DEV(SPARKLAN, RT3070), 302 RUN_DEV(SWEEX2, LW153), 303 RUN_DEV(SWEEX2, LW303), 304 RUN_DEV(SWEEX2, LW313), 305 RUN_DEV(TOSHIBA, RT3070), 306 RUN_DEV(UMEDIA, RT2870_1), 307 RUN_DEV(ZCOM, RT2870_1), 308 RUN_DEV(ZCOM, RT2870_2), 309 RUN_DEV(ZINWELL, RT2870_1), 310 RUN_DEV(ZINWELL, RT2870_2), 311 RUN_DEV(ZINWELL, RT3070), 312 RUN_DEV(ZINWELL, RT3072_1), 313 RUN_DEV(ZINWELL, RT3072_2), 314 RUN_DEV(ZYXEL, RT2870_1), 315 RUN_DEV(ZYXEL, RT2870_2), 316 RUN_DEV(ZYXEL, RT3070), 317 RUN_DEV_EJECT(ZYXEL, NWD2705), 318 RUN_DEV_EJECT(RALINK, RT_STOR), 319 #undef RUN_DEV_EJECT 320 #undef RUN_DEV 321 }; 322 323 static device_probe_t run_match; 324 static device_attach_t run_attach; 325 static device_detach_t run_detach; 326 327 static usb_callback_t run_bulk_rx_callback; 328 static usb_callback_t run_bulk_tx_callback0; 329 static usb_callback_t run_bulk_tx_callback1; 330 static usb_callback_t run_bulk_tx_callback2; 331 static usb_callback_t run_bulk_tx_callback3; 332 static usb_callback_t run_bulk_tx_callback4; 333 static usb_callback_t run_bulk_tx_callback5; 334 335 static void run_autoinst(void *, struct usb_device *, 336 struct usb_attach_arg *); 337 static int run_driver_loaded(struct module *, int, void *); 338 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 339 usb_error_t error, u_int index); 340 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 341 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 342 const uint8_t [IEEE80211_ADDR_LEN], 343 const uint8_t [IEEE80211_ADDR_LEN]); 344 static void run_vap_delete(struct ieee80211vap *); 345 static void run_cmdq_cb(void *, int); 346 static void run_setup_tx_list(struct run_softc *, 347 struct run_endpoint_queue *); 348 static void run_unsetup_tx_list(struct run_softc *, 349 struct run_endpoint_queue *); 350 static int run_load_microcode(struct run_softc *); 351 static int run_reset(struct run_softc *); 352 static usb_error_t run_do_request(struct run_softc *, 353 struct usb_device_request *, void *); 354 static int run_read(struct run_softc *, uint16_t, uint32_t *); 355 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 356 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 357 static int run_write(struct run_softc *, uint16_t, uint32_t); 358 static int run_write_region_1(struct run_softc *, uint16_t, 359 const uint8_t *, int); 360 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 361 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 362 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 363 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 364 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 365 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 366 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 367 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 368 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 369 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 370 static const char *run_get_rf(uint16_t); 371 static void run_rt3593_get_txpower(struct run_softc *); 372 static void run_get_txpower(struct run_softc *); 373 static int run_read_eeprom(struct run_softc *); 374 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 375 const uint8_t mac[IEEE80211_ADDR_LEN]); 376 static int run_media_change(struct ifnet *); 377 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 378 static int run_wme_update(struct ieee80211com *); 379 static void run_key_set_cb(void *); 380 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 381 static void run_key_delete_cb(void *); 382 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 383 static void run_ratectl_to(void *); 384 static void run_ratectl_cb(void *, int); 385 static void run_drain_fifo(void *); 386 static void run_iter_func(void *, struct ieee80211_node *); 387 static void run_newassoc_cb(void *); 388 static void run_newassoc(struct ieee80211_node *, int); 389 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 390 const struct ieee80211_rx_stats *, int, int); 391 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 392 static void run_tx_free(struct run_endpoint_queue *pq, 393 struct run_tx_data *, int); 394 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 395 static int run_tx(struct run_softc *, struct mbuf *, 396 struct ieee80211_node *); 397 static int run_tx_mgt(struct run_softc *, struct mbuf *, 398 struct ieee80211_node *); 399 static int run_sendprot(struct run_softc *, const struct mbuf *, 400 struct ieee80211_node *, int, int); 401 static int run_tx_param(struct run_softc *, struct mbuf *, 402 struct ieee80211_node *, 403 const struct ieee80211_bpf_params *); 404 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 405 const struct ieee80211_bpf_params *); 406 static int run_transmit(struct ieee80211com *, struct mbuf *); 407 static void run_start(struct run_softc *); 408 static void run_parent(struct ieee80211com *); 409 static void run_iq_calib(struct run_softc *, u_int); 410 static void run_set_agc(struct run_softc *, uint8_t); 411 static void run_select_chan_group(struct run_softc *, int); 412 static void run_set_rx_antenna(struct run_softc *, int); 413 static void run_rt2870_set_chan(struct run_softc *, u_int); 414 static void run_rt3070_set_chan(struct run_softc *, u_int); 415 static void run_rt3572_set_chan(struct run_softc *, u_int); 416 static void run_rt3593_set_chan(struct run_softc *, u_int); 417 static void run_rt5390_set_chan(struct run_softc *, u_int); 418 static void run_rt5592_set_chan(struct run_softc *, u_int); 419 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 420 static void run_set_channel(struct ieee80211com *); 421 static void run_scan_start(struct ieee80211com *); 422 static void run_scan_end(struct ieee80211com *); 423 static void run_update_beacon(struct ieee80211vap *, int); 424 static void run_update_beacon_cb(void *); 425 static void run_updateprot(struct ieee80211com *); 426 static void run_updateprot_cb(void *); 427 static void run_usb_timeout_cb(void *); 428 static void run_reset_livelock(struct run_softc *); 429 static void run_enable_tsf_sync(struct run_softc *); 430 static void run_enable_tsf(struct run_softc *); 431 static void run_get_tsf(struct run_softc *, uint64_t *); 432 static void run_enable_mrr(struct run_softc *); 433 static void run_set_txpreamble(struct run_softc *); 434 static void run_set_basicrates(struct run_softc *); 435 static void run_set_leds(struct run_softc *, uint16_t); 436 static void run_set_bssid(struct run_softc *, const uint8_t *); 437 static void run_set_macaddr(struct run_softc *, const uint8_t *); 438 static void run_updateslot(struct ieee80211com *); 439 static void run_updateslot_cb(void *); 440 static void run_update_mcast(struct ieee80211com *); 441 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 442 static void run_update_promisc_locked(struct run_softc *); 443 static void run_update_promisc(struct ieee80211com *); 444 static void run_rt5390_bbp_init(struct run_softc *); 445 static int run_bbp_init(struct run_softc *); 446 static int run_rt3070_rf_init(struct run_softc *); 447 static void run_rt3593_rf_init(struct run_softc *); 448 static void run_rt5390_rf_init(struct run_softc *); 449 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 450 uint8_t *); 451 static void run_rt3070_rf_setup(struct run_softc *); 452 static void run_rt3593_rf_setup(struct run_softc *); 453 static void run_rt5390_rf_setup(struct run_softc *); 454 static int run_txrx_enable(struct run_softc *); 455 static void run_adjust_freq_offset(struct run_softc *); 456 static void run_init_locked(struct run_softc *); 457 static void run_stop(void *); 458 static void run_delay(struct run_softc *, u_int); 459 460 static eventhandler_tag run_etag; 461 462 static const struct rt2860_rate { 463 uint8_t rate; 464 uint8_t mcs; 465 enum ieee80211_phytype phy; 466 uint8_t ctl_ridx; 467 uint16_t sp_ack_dur; 468 uint16_t lp_ack_dur; 469 } rt2860_rates[] = { 470 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 471 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 472 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 473 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 474 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 475 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 476 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 477 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 478 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 479 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 480 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 481 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 482 }; 483 484 static const struct { 485 uint16_t reg; 486 uint32_t val; 487 } rt2870_def_mac[] = { 488 RT2870_DEF_MAC 489 }; 490 491 static const struct { 492 uint8_t reg; 493 uint8_t val; 494 } rt2860_def_bbp[] = { 495 RT2860_DEF_BBP 496 },rt5390_def_bbp[] = { 497 RT5390_DEF_BBP 498 },rt5592_def_bbp[] = { 499 RT5592_DEF_BBP 500 }; 501 502 /* 503 * Default values for BBP register R196 for RT5592. 504 */ 505 static const uint8_t rt5592_bbp_r196[] = { 506 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 507 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 508 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 509 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 510 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 511 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 512 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 513 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 514 0x2e, 0x36, 0x30, 0x6e 515 }; 516 517 static const struct rfprog { 518 uint8_t chan; 519 uint32_t r1, r2, r3, r4; 520 } rt2860_rf2850[] = { 521 RT2860_RF2850 522 }; 523 524 struct { 525 uint8_t n, r, k; 526 } rt3070_freqs[] = { 527 RT3070_RF3052 528 }; 529 530 static const struct rt5592_freqs { 531 uint16_t n; 532 uint8_t k, m, r; 533 } rt5592_freqs_20mhz[] = { 534 RT5592_RF5592_20MHZ 535 },rt5592_freqs_40mhz[] = { 536 RT5592_RF5592_40MHZ 537 }; 538 539 static const struct { 540 uint8_t reg; 541 uint8_t val; 542 } rt3070_def_rf[] = { 543 RT3070_DEF_RF 544 },rt3572_def_rf[] = { 545 RT3572_DEF_RF 546 },rt3593_def_rf[] = { 547 RT3593_DEF_RF 548 },rt5390_def_rf[] = { 549 RT5390_DEF_RF 550 },rt5392_def_rf[] = { 551 RT5392_DEF_RF 552 },rt5592_def_rf[] = { 553 RT5592_DEF_RF 554 },rt5592_2ghz_def_rf[] = { 555 RT5592_2GHZ_DEF_RF 556 },rt5592_5ghz_def_rf[] = { 557 RT5592_5GHZ_DEF_RF 558 }; 559 560 static const struct { 561 u_int firstchan; 562 u_int lastchan; 563 uint8_t reg; 564 uint8_t val; 565 } rt5592_chan_5ghz[] = { 566 RT5592_CHAN_5GHZ 567 }; 568 569 static const struct usb_config run_config[RUN_N_XFER] = { 570 [RUN_BULK_TX_BE] = { 571 .type = UE_BULK, 572 .endpoint = UE_ADDR_ANY, 573 .ep_index = 0, 574 .direction = UE_DIR_OUT, 575 .bufsize = RUN_MAX_TXSZ, 576 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 577 .callback = run_bulk_tx_callback0, 578 .timeout = 5000, /* ms */ 579 }, 580 [RUN_BULK_TX_BK] = { 581 .type = UE_BULK, 582 .endpoint = UE_ADDR_ANY, 583 .direction = UE_DIR_OUT, 584 .ep_index = 1, 585 .bufsize = RUN_MAX_TXSZ, 586 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 587 .callback = run_bulk_tx_callback1, 588 .timeout = 5000, /* ms */ 589 }, 590 [RUN_BULK_TX_VI] = { 591 .type = UE_BULK, 592 .endpoint = UE_ADDR_ANY, 593 .direction = UE_DIR_OUT, 594 .ep_index = 2, 595 .bufsize = RUN_MAX_TXSZ, 596 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 597 .callback = run_bulk_tx_callback2, 598 .timeout = 5000, /* ms */ 599 }, 600 [RUN_BULK_TX_VO] = { 601 .type = UE_BULK, 602 .endpoint = UE_ADDR_ANY, 603 .direction = UE_DIR_OUT, 604 .ep_index = 3, 605 .bufsize = RUN_MAX_TXSZ, 606 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 607 .callback = run_bulk_tx_callback3, 608 .timeout = 5000, /* ms */ 609 }, 610 [RUN_BULK_TX_HCCA] = { 611 .type = UE_BULK, 612 .endpoint = UE_ADDR_ANY, 613 .direction = UE_DIR_OUT, 614 .ep_index = 4, 615 .bufsize = RUN_MAX_TXSZ, 616 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 617 .callback = run_bulk_tx_callback4, 618 .timeout = 5000, /* ms */ 619 }, 620 [RUN_BULK_TX_PRIO] = { 621 .type = UE_BULK, 622 .endpoint = UE_ADDR_ANY, 623 .direction = UE_DIR_OUT, 624 .ep_index = 5, 625 .bufsize = RUN_MAX_TXSZ, 626 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 627 .callback = run_bulk_tx_callback5, 628 .timeout = 5000, /* ms */ 629 }, 630 [RUN_BULK_RX] = { 631 .type = UE_BULK, 632 .endpoint = UE_ADDR_ANY, 633 .direction = UE_DIR_IN, 634 .bufsize = RUN_MAX_RXSZ, 635 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 636 .callback = run_bulk_rx_callback, 637 } 638 }; 639 640 static void 641 run_autoinst(void *arg, struct usb_device *udev, 642 struct usb_attach_arg *uaa) 643 { 644 struct usb_interface *iface; 645 struct usb_interface_descriptor *id; 646 647 if (uaa->dev_state != UAA_DEV_READY) 648 return; 649 650 iface = usbd_get_iface(udev, 0); 651 if (iface == NULL) 652 return; 653 id = iface->idesc; 654 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 655 return; 656 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 657 return; 658 659 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 660 uaa->dev_state = UAA_DEV_EJECTING; 661 } 662 663 static int 664 run_driver_loaded(struct module *mod, int what, void *arg) 665 { 666 switch (what) { 667 case MOD_LOAD: 668 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 669 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 670 break; 671 case MOD_UNLOAD: 672 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 673 break; 674 default: 675 return (EOPNOTSUPP); 676 } 677 return (0); 678 } 679 680 static int 681 run_match(device_t self) 682 { 683 struct usb_attach_arg *uaa = device_get_ivars(self); 684 685 if (uaa->usb_mode != USB_MODE_HOST) 686 return (ENXIO); 687 if (uaa->info.bConfigIndex != 0) 688 return (ENXIO); 689 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 690 return (ENXIO); 691 692 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 693 } 694 695 static int 696 run_attach(device_t self) 697 { 698 struct run_softc *sc = device_get_softc(self); 699 struct usb_attach_arg *uaa = device_get_ivars(self); 700 struct ieee80211com *ic = &sc->sc_ic; 701 uint32_t ver; 702 uint8_t bands[IEEE80211_MODE_BYTES]; 703 uint8_t iface_index; 704 int ntries, error; 705 706 device_set_usb_desc(self); 707 sc->sc_udev = uaa->device; 708 sc->sc_dev = self; 709 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 710 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 711 712 #if defined(__DragonFly__) 713 lockinit(&sc->sc_lock, device_get_nameunit(sc->sc_dev), 714 0, LK_CANRECURSE); 715 #else 716 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 717 MTX_NETWORK_LOCK, MTX_DEF); 718 #endif 719 mbufq_init(&sc->sc_snd, ifqmaxlen); 720 721 iface_index = RT2860_IFACE_INDEX; 722 723 error = usbd_transfer_setup(uaa->device, &iface_index, 724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_lock); 725 if (error) { 726 device_printf(self, "could not allocate USB transfers, " 727 "err=%s\n", usbd_errstr(error)); 728 goto detach; 729 } 730 731 RUN_LOCK(sc); 732 733 /* wait for the chip to settle */ 734 for (ntries = 0; ntries < 100; ntries++) { 735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 736 RUN_UNLOCK(sc); 737 goto detach; 738 } 739 if (ver != 0 && ver != 0xffffffff) 740 break; 741 run_delay(sc, 10); 742 } 743 if (ntries == 100) { 744 device_printf(sc->sc_dev, 745 "timeout waiting for NIC to initialize\n"); 746 RUN_UNLOCK(sc); 747 goto detach; 748 } 749 sc->mac_ver = ver >> 16; 750 sc->mac_rev = ver & 0xffff; 751 752 /* retrieve RF rev. no and various other things from EEPROM */ 753 run_read_eeprom(sc); 754 755 device_printf(sc->sc_dev, 756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 759 760 RUN_UNLOCK(sc); 761 762 ic->ic_softc = sc; 763 ic->ic_name = device_get_nameunit(self); 764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 766 767 /* set device capabilities */ 768 ic->ic_caps = 769 IEEE80211_C_STA | /* station mode supported */ 770 IEEE80211_C_MONITOR | /* monitor mode supported */ 771 IEEE80211_C_IBSS | 772 IEEE80211_C_HOSTAP | 773 IEEE80211_C_WDS | /* 4-address traffic works */ 774 IEEE80211_C_MBSS | 775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 776 IEEE80211_C_SHSLOT | /* short slot time supported */ 777 IEEE80211_C_WME | /* WME */ 778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 779 780 ic->ic_cryptocaps = 781 IEEE80211_CRYPTO_WEP | 782 IEEE80211_CRYPTO_AES_CCM | 783 IEEE80211_CRYPTO_TKIPMIC | 784 IEEE80211_CRYPTO_TKIP; 785 786 ic->ic_flags |= IEEE80211_F_DATAPAD; 787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 788 789 memset(bands, 0, sizeof(bands)); 790 setbit(bands, IEEE80211_MODE_11B); 791 setbit(bands, IEEE80211_MODE_11G); 792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 794 sc->rf_rev == RT5592_RF_5592) 795 setbit(bands, IEEE80211_MODE_11A); 796 ieee80211_init_channels(ic, NULL, bands); 797 798 ieee80211_ifattach(ic); 799 800 ic->ic_scan_start = run_scan_start; 801 ic->ic_scan_end = run_scan_end; 802 ic->ic_set_channel = run_set_channel; 803 ic->ic_node_alloc = run_node_alloc; 804 ic->ic_newassoc = run_newassoc; 805 ic->ic_updateslot = run_updateslot; 806 ic->ic_update_mcast = run_update_mcast; 807 ic->ic_wme.wme_update = run_wme_update; 808 ic->ic_raw_xmit = run_raw_xmit; 809 ic->ic_update_promisc = run_update_promisc; 810 ic->ic_vap_create = run_vap_create; 811 ic->ic_vap_delete = run_vap_delete; 812 ic->ic_transmit = run_transmit; 813 ic->ic_parent = run_parent; 814 815 ieee80211_radiotap_attach(ic, 816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 817 RUN_TX_RADIOTAP_PRESENT, 818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 819 RUN_RX_RADIOTAP_PRESENT); 820 821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_lock, 0); 824 825 if (bootverbose) 826 ieee80211_announce(ic); 827 828 return (0); 829 830 detach: 831 run_detach(self); 832 return (ENXIO); 833 } 834 835 static void 836 run_drain_mbufq(struct run_softc *sc) 837 { 838 struct mbuf *m; 839 struct ieee80211_node *ni; 840 841 RUN_LOCK_ASSERT(sc, MA_OWNED); 842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 844 m->m_pkthdr.rcvif = NULL; 845 ieee80211_free_node(ni); 846 m_freem(m); 847 } 848 } 849 850 static int 851 run_detach(device_t self) 852 { 853 struct run_softc *sc = device_get_softc(self); 854 struct ieee80211com *ic = &sc->sc_ic; 855 int i; 856 857 RUN_LOCK(sc); 858 sc->sc_detached = 1; 859 RUN_UNLOCK(sc); 860 861 /* stop all USB transfers */ 862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 863 864 RUN_LOCK(sc); 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 872 /* Free TX queue */ 873 run_drain_mbufq(sc); 874 RUN_UNLOCK(sc); 875 876 if (sc->sc_ic.ic_softc == sc) { 877 /* drain tasks */ 878 usb_callout_drain(&sc->ratectl_ch); 879 ieee80211_draintask(ic, &sc->cmdq_task); 880 ieee80211_draintask(ic, &sc->ratectl_task); 881 ieee80211_ifdetach(ic); 882 } 883 884 #if defined(__DragonFly__) 885 lockuninit(&sc->sc_lock); 886 #else 887 mtx_destroy(&sc->sc_mtx); 888 #endif 889 890 return (0); 891 } 892 893 static struct ieee80211vap * 894 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 895 enum ieee80211_opmode opmode, int flags, 896 const uint8_t bssid[IEEE80211_ADDR_LEN], 897 const uint8_t mac[IEEE80211_ADDR_LEN]) 898 { 899 struct run_softc *sc = ic->ic_softc; 900 struct run_vap *rvp; 901 struct ieee80211vap *vap; 902 int i; 903 904 if (sc->rvp_cnt >= RUN_VAP_MAX) { 905 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 906 return (NULL); 907 } 908 909 switch (opmode) { 910 case IEEE80211_M_STA: 911 /* enable s/w bmiss handling for sta mode */ 912 flags |= IEEE80211_CLONE_NOBEACONS; 913 /* fall though */ 914 case IEEE80211_M_IBSS: 915 case IEEE80211_M_MONITOR: 916 case IEEE80211_M_HOSTAP: 917 case IEEE80211_M_MBSS: 918 /* other than WDS vaps, only one at a time */ 919 if (!TAILQ_EMPTY(&ic->ic_vaps)) 920 return (NULL); 921 break; 922 case IEEE80211_M_WDS: 923 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 924 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 925 continue; 926 /* WDS vap's always share the local mac address. */ 927 flags &= ~IEEE80211_CLONE_BSSID; 928 break; 929 } 930 if (vap == NULL) { 931 device_printf(sc->sc_dev, 932 "wds only supported in ap mode\n"); 933 return (NULL); 934 } 935 break; 936 default: 937 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 938 return (NULL); 939 } 940 941 rvp = kmalloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 942 vap = &rvp->vap; 943 944 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 945 bssid) != 0) { 946 /* out of memory */ 947 kfree(rvp, M_80211_VAP); 948 return (NULL); 949 } 950 951 vap->iv_update_beacon = run_update_beacon; 952 vap->iv_max_aid = RT2870_WCID_MAX; 953 /* 954 * To delete the right key from h/w, we need wcid. 955 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 956 * and matching wcid will be written into there. So, cast 957 * some spells to remove 'const' from ieee80211_key{} 958 */ 959 vap->iv_key_delete = (void *)run_key_delete; 960 vap->iv_key_set = (void *)run_key_set; 961 962 /* override state transition machine */ 963 rvp->newstate = vap->iv_newstate; 964 vap->iv_newstate = run_newstate; 965 if (opmode == IEEE80211_M_IBSS) { 966 rvp->recv_mgmt = vap->iv_recv_mgmt; 967 vap->iv_recv_mgmt = run_recv_mgmt; 968 } 969 970 ieee80211_ratectl_init(vap); 971 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 972 973 /* complete setup */ 974 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 975 mac); 976 977 /* make sure id is always unique */ 978 for (i = 0; i < RUN_VAP_MAX; i++) { 979 if((sc->rvp_bmap & 1 << i) == 0){ 980 sc->rvp_bmap |= 1 << i; 981 rvp->rvp_id = i; 982 break; 983 } 984 } 985 if (sc->rvp_cnt++ == 0) 986 ic->ic_opmode = opmode; 987 988 if (opmode == IEEE80211_M_HOSTAP) 989 sc->cmdq_run = RUN_CMDQ_GO; 990 991 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 992 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 993 994 return (vap); 995 } 996 997 static void 998 run_vap_delete(struct ieee80211vap *vap) 999 { 1000 struct run_vap *rvp = RUN_VAP(vap); 1001 struct ieee80211com *ic; 1002 struct run_softc *sc; 1003 uint8_t rvp_id; 1004 1005 if (vap == NULL) 1006 return; 1007 1008 ic = vap->iv_ic; 1009 sc = ic->ic_softc; 1010 1011 RUN_LOCK(sc); 1012 1013 m_freem(rvp->beacon_mbuf); 1014 rvp->beacon_mbuf = NULL; 1015 1016 rvp_id = rvp->rvp_id; 1017 sc->ratectl_run &= ~(1 << rvp_id); 1018 sc->rvp_bmap &= ~(1 << rvp_id); 1019 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1020 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1021 --sc->rvp_cnt; 1022 1023 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1024 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1025 1026 RUN_UNLOCK(sc); 1027 1028 ieee80211_ratectl_deinit(vap); 1029 ieee80211_vap_detach(vap); 1030 kfree(rvp, M_80211_VAP); 1031 } 1032 1033 /* 1034 * There are numbers of functions need to be called in context thread. 1035 * Rather than creating taskqueue event for each of those functions, 1036 * here is all-for-one taskqueue callback function. This function 1037 * guarantees deferred functions are executed in the same order they 1038 * were enqueued. 1039 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1040 */ 1041 static void 1042 run_cmdq_cb(void *arg, int pending) 1043 { 1044 struct run_softc *sc = arg; 1045 uint8_t i; 1046 1047 /* call cmdq[].func locked */ 1048 RUN_LOCK(sc); 1049 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1050 i = sc->cmdq_exec, pending--) { 1051 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1052 if (sc->cmdq_run == RUN_CMDQ_GO) { 1053 /* 1054 * If arg0 is NULL, callback func needs more 1055 * than one arg. So, pass ptr to cmdq struct. 1056 */ 1057 if (sc->cmdq[i].arg0) 1058 sc->cmdq[i].func(sc->cmdq[i].arg0); 1059 else 1060 sc->cmdq[i].func(&sc->cmdq[i]); 1061 } 1062 sc->cmdq[i].arg0 = NULL; 1063 sc->cmdq[i].func = NULL; 1064 sc->cmdq_exec++; 1065 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1066 } 1067 RUN_UNLOCK(sc); 1068 } 1069 1070 static void 1071 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1072 { 1073 struct run_tx_data *data; 1074 1075 memset(pq, 0, sizeof(*pq)); 1076 1077 STAILQ_INIT(&pq->tx_qh); 1078 STAILQ_INIT(&pq->tx_fh); 1079 1080 for (data = &pq->tx_data[0]; 1081 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1082 data->sc = sc; 1083 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1084 } 1085 pq->tx_nfree = RUN_TX_RING_COUNT; 1086 } 1087 1088 static void 1089 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1090 { 1091 struct run_tx_data *data; 1092 1093 /* make sure any subsequent use of the queues will fail */ 1094 pq->tx_nfree = 0; 1095 STAILQ_INIT(&pq->tx_fh); 1096 STAILQ_INIT(&pq->tx_qh); 1097 1098 /* free up all node references and mbufs */ 1099 for (data = &pq->tx_data[0]; 1100 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1101 if (data->m != NULL) { 1102 m_freem(data->m); 1103 data->m = NULL; 1104 } 1105 if (data->ni != NULL) { 1106 ieee80211_free_node(data->ni); 1107 data->ni = NULL; 1108 } 1109 } 1110 } 1111 1112 static int 1113 run_load_microcode(struct run_softc *sc) 1114 { 1115 usb_device_request_t req; 1116 const struct firmware *fw; 1117 const u_char *base; 1118 uint32_t tmp; 1119 int ntries, error; 1120 const uint64_t *temp; 1121 uint64_t bytes; 1122 1123 RUN_UNLOCK(sc); 1124 fw = firmware_get("runfw"); 1125 RUN_LOCK(sc); 1126 if (fw == NULL) { 1127 device_printf(sc->sc_dev, 1128 "failed loadfirmware of file %s\n", "runfw"); 1129 return ENOENT; 1130 } 1131 1132 if (fw->datasize != 8192) { 1133 device_printf(sc->sc_dev, 1134 "invalid firmware size (should be 8KB)\n"); 1135 error = EINVAL; 1136 goto fail; 1137 } 1138 1139 /* 1140 * RT3071/RT3072 use a different firmware 1141 * run-rt2870 (8KB) contains both, 1142 * first half (4KB) is for rt2870, 1143 * last half is for rt3071. 1144 */ 1145 base = fw->data; 1146 if ((sc->mac_ver) != 0x2860 && 1147 (sc->mac_ver) != 0x2872 && 1148 (sc->mac_ver) != 0x3070) { 1149 base += 4096; 1150 } 1151 1152 /* cheap sanity check */ 1153 temp = fw->data; 1154 bytes = *temp; 1155 if (bytes != be64toh(0xffffff0210280210ULL)) { 1156 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1157 error = EINVAL; 1158 goto fail; 1159 } 1160 1161 /* write microcode image */ 1162 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1163 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1164 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1165 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1166 } 1167 1168 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1169 req.bRequest = RT2870_RESET; 1170 USETW(req.wValue, 8); 1171 USETW(req.wIndex, 0); 1172 USETW(req.wLength, 0); 1173 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL)) 1174 != 0) { 1175 device_printf(sc->sc_dev, "firmware reset failed\n"); 1176 goto fail; 1177 } 1178 1179 run_delay(sc, 10); 1180 1181 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1182 run_write(sc, RT2860_H2M_MAILBOX, 0); 1183 run_write(sc, RT2860_H2M_INTSRC, 0); 1184 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1185 goto fail; 1186 1187 /* wait until microcontroller is ready */ 1188 for (ntries = 0; ntries < 1000; ntries++) { 1189 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1190 goto fail; 1191 if (tmp & RT2860_MCU_READY) 1192 break; 1193 run_delay(sc, 10); 1194 } 1195 if (ntries == 1000) { 1196 device_printf(sc->sc_dev, 1197 "timeout waiting for MCU to initialize\n"); 1198 error = ETIMEDOUT; 1199 goto fail; 1200 } 1201 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1202 (base == fw->data) ? "RT2870" : "RT3071", 1203 *(base + 4092), *(base + 4093)); 1204 1205 fail: 1206 firmware_put(fw, FIRMWARE_UNLOAD); 1207 return (error); 1208 } 1209 1210 static int 1211 run_reset(struct run_softc *sc) 1212 { 1213 usb_device_request_t req; 1214 1215 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1216 req.bRequest = RT2870_RESET; 1217 USETW(req.wValue, 1); 1218 USETW(req.wIndex, 0); 1219 USETW(req.wLength, 0); 1220 return (usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL)); 1221 } 1222 1223 static usb_error_t 1224 run_do_request(struct run_softc *sc, 1225 struct usb_device_request *req, void *data) 1226 { 1227 usb_error_t err; 1228 int ntries = 10; 1229 1230 RUN_LOCK_ASSERT(sc, MA_OWNED); 1231 1232 while (ntries--) { 1233 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_lock, 1234 req, data, 0, NULL, 250 /* ms */); 1235 if (err == 0) 1236 break; 1237 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1238 usbd_errstr(err)); 1239 run_delay(sc, 10); 1240 } 1241 return (err); 1242 } 1243 1244 static int 1245 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1246 { 1247 uint32_t tmp; 1248 int error; 1249 1250 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1251 if (error == 0) 1252 *val = le32toh(tmp); 1253 else 1254 *val = 0xffffffff; 1255 return (error); 1256 } 1257 1258 static int 1259 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1260 { 1261 usb_device_request_t req; 1262 1263 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1264 req.bRequest = RT2870_READ_REGION_1; 1265 USETW(req.wValue, 0); 1266 USETW(req.wIndex, reg); 1267 USETW(req.wLength, len); 1268 1269 return (run_do_request(sc, &req, buf)); 1270 } 1271 1272 static int 1273 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1274 { 1275 usb_device_request_t req; 1276 1277 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1278 req.bRequest = RT2870_WRITE_2; 1279 USETW(req.wValue, val); 1280 USETW(req.wIndex, reg); 1281 USETW(req.wLength, 0); 1282 1283 return (run_do_request(sc, &req, NULL)); 1284 } 1285 1286 static int 1287 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1288 { 1289 int error; 1290 1291 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1292 error = run_write_2(sc, reg + 2, val >> 16); 1293 return (error); 1294 } 1295 1296 static int 1297 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1298 int len) 1299 { 1300 #if 1 1301 int i, error = 0; 1302 /* 1303 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1304 * We thus issue multiple WRITE_2 commands instead. 1305 */ 1306 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1307 for (i = 0; i < len && error == 0; i += 2) 1308 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1309 return (error); 1310 #else 1311 usb_device_request_t req; 1312 int error = 0; 1313 1314 /* 1315 * NOTE: It appears the WRITE_REGION_1 command cannot be 1316 * passed a huge amount of data, which will crash the 1317 * firmware. Limit amount of data passed to 64-bytes at a 1318 * time. 1319 */ 1320 while (len > 0) { 1321 int delta = 64; 1322 if (delta > len) 1323 delta = len; 1324 1325 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1326 req.bRequest = RT2870_WRITE_REGION_1; 1327 USETW(req.wValue, 0); 1328 USETW(req.wIndex, reg); 1329 USETW(req.wLength, delta); 1330 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1331 if (error != 0) 1332 break; 1333 reg += delta; 1334 buf += delta; 1335 len -= delta; 1336 } 1337 return (error); 1338 #endif 1339 } 1340 1341 static int 1342 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1343 { 1344 int i, error = 0; 1345 1346 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1347 for (i = 0; i < len && error == 0; i += 4) 1348 error = run_write(sc, reg + i, val); 1349 return (error); 1350 } 1351 1352 static int 1353 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1354 { 1355 uint32_t tmp; 1356 uint16_t reg; 1357 int error, ntries; 1358 1359 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1360 return (error); 1361 1362 if (count == 2) 1363 addr *= 2; 1364 /*- 1365 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1366 * DATA0: F E D C 1367 * DATA1: B A 9 8 1368 * DATA2: 7 6 5 4 1369 * DATA3: 3 2 1 0 1370 */ 1371 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1372 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1373 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1374 for (ntries = 0; ntries < 100; ntries++) { 1375 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1376 return (error); 1377 if (!(tmp & RT3070_EFSROM_KICK)) 1378 break; 1379 run_delay(sc, 2); 1380 } 1381 if (ntries == 100) 1382 return (ETIMEDOUT); 1383 1384 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1385 *val = 0xffff; /* address not found */ 1386 return (0); 1387 } 1388 /* determine to which 32-bit register our 16-bit word belongs */ 1389 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1390 if ((error = run_read(sc, reg, &tmp)) != 0) 1391 return (error); 1392 1393 tmp >>= (8 * (addr & 0x3)); 1394 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1395 1396 return (0); 1397 } 1398 1399 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1400 static int 1401 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1402 { 1403 return (run_efuse_read(sc, addr, val, 2)); 1404 } 1405 1406 static int 1407 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1408 { 1409 usb_device_request_t req; 1410 uint16_t tmp; 1411 int error; 1412 1413 addr *= 2; 1414 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1415 req.bRequest = RT2870_EEPROM_READ; 1416 USETW(req.wValue, 0); 1417 USETW(req.wIndex, addr); 1418 USETW(req.wLength, sizeof(tmp)); 1419 1420 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, &tmp); 1421 if (error == 0) 1422 *val = le16toh(tmp); 1423 else 1424 *val = 0xffff; 1425 return (error); 1426 } 1427 1428 static __inline int 1429 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1430 { 1431 /* either eFUSE ROM or EEPROM */ 1432 return sc->sc_srom_read(sc, addr, val); 1433 } 1434 1435 static int 1436 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1437 { 1438 uint32_t tmp; 1439 int error, ntries; 1440 1441 for (ntries = 0; ntries < 10; ntries++) { 1442 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1443 return (error); 1444 if (!(tmp & RT2860_RF_REG_CTRL)) 1445 break; 1446 } 1447 if (ntries == 10) 1448 return (ETIMEDOUT); 1449 1450 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1451 } 1452 1453 static int 1454 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1455 { 1456 uint32_t tmp; 1457 int error, ntries; 1458 1459 for (ntries = 0; ntries < 100; ntries++) { 1460 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1461 return (error); 1462 if (!(tmp & RT3070_RF_KICK)) 1463 break; 1464 } 1465 if (ntries == 100) 1466 return (ETIMEDOUT); 1467 1468 tmp = RT3070_RF_KICK | reg << 8; 1469 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1470 return (error); 1471 1472 for (ntries = 0; ntries < 100; ntries++) { 1473 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1474 return (error); 1475 if (!(tmp & RT3070_RF_KICK)) 1476 break; 1477 } 1478 if (ntries == 100) 1479 return (ETIMEDOUT); 1480 1481 *val = tmp & 0xff; 1482 return (0); 1483 } 1484 1485 static int 1486 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1487 { 1488 uint32_t tmp; 1489 int error, ntries; 1490 1491 for (ntries = 0; ntries < 10; ntries++) { 1492 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1493 return (error); 1494 if (!(tmp & RT3070_RF_KICK)) 1495 break; 1496 } 1497 if (ntries == 10) 1498 return (ETIMEDOUT); 1499 1500 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1501 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1502 } 1503 1504 static int 1505 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1506 { 1507 uint32_t tmp; 1508 int ntries, error; 1509 1510 for (ntries = 0; ntries < 10; ntries++) { 1511 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1512 return (error); 1513 if (!(tmp & RT2860_BBP_CSR_KICK)) 1514 break; 1515 } 1516 if (ntries == 10) 1517 return (ETIMEDOUT); 1518 1519 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1520 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1521 return (error); 1522 1523 for (ntries = 0; ntries < 10; ntries++) { 1524 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1525 return (error); 1526 if (!(tmp & RT2860_BBP_CSR_KICK)) 1527 break; 1528 } 1529 if (ntries == 10) 1530 return (ETIMEDOUT); 1531 1532 *val = tmp & 0xff; 1533 return (0); 1534 } 1535 1536 static int 1537 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1538 { 1539 uint32_t tmp; 1540 int ntries, error; 1541 1542 for (ntries = 0; ntries < 10; ntries++) { 1543 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1544 return (error); 1545 if (!(tmp & RT2860_BBP_CSR_KICK)) 1546 break; 1547 } 1548 if (ntries == 10) 1549 return (ETIMEDOUT); 1550 1551 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1552 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1553 } 1554 1555 /* 1556 * Send a command to the 8051 microcontroller unit. 1557 */ 1558 static int 1559 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1560 { 1561 uint32_t tmp; 1562 int error, ntries; 1563 1564 for (ntries = 0; ntries < 100; ntries++) { 1565 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1566 return error; 1567 if (!(tmp & RT2860_H2M_BUSY)) 1568 break; 1569 } 1570 if (ntries == 100) 1571 return ETIMEDOUT; 1572 1573 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1574 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1575 error = run_write(sc, RT2860_HOST_CMD, cmd); 1576 return (error); 1577 } 1578 1579 /* 1580 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1581 * Used to adjust per-rate Tx power registers. 1582 */ 1583 static __inline uint32_t 1584 b4inc(uint32_t b32, int8_t delta) 1585 { 1586 int8_t i, b4; 1587 1588 for (i = 0; i < 8; i++) { 1589 b4 = b32 & 0xf; 1590 b4 += delta; 1591 if (b4 < 0) 1592 b4 = 0; 1593 else if (b4 > 0xf) 1594 b4 = 0xf; 1595 b32 = b32 >> 4 | b4 << 28; 1596 } 1597 return (b32); 1598 } 1599 1600 static const char * 1601 run_get_rf(uint16_t rev) 1602 { 1603 switch (rev) { 1604 case RT2860_RF_2820: return "RT2820"; 1605 case RT2860_RF_2850: return "RT2850"; 1606 case RT2860_RF_2720: return "RT2720"; 1607 case RT2860_RF_2750: return "RT2750"; 1608 case RT3070_RF_3020: return "RT3020"; 1609 case RT3070_RF_2020: return "RT2020"; 1610 case RT3070_RF_3021: return "RT3021"; 1611 case RT3070_RF_3022: return "RT3022"; 1612 case RT3070_RF_3052: return "RT3052"; 1613 case RT3593_RF_3053: return "RT3053"; 1614 case RT5592_RF_5592: return "RT5592"; 1615 case RT5390_RF_5370: return "RT5370"; 1616 case RT5390_RF_5372: return "RT5372"; 1617 } 1618 return ("unknown"); 1619 } 1620 1621 static void 1622 run_rt3593_get_txpower(struct run_softc *sc) 1623 { 1624 uint16_t addr, val; 1625 int i; 1626 1627 /* Read power settings for 2GHz channels. */ 1628 for (i = 0; i < 14; i += 2) { 1629 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1630 RT2860_EEPROM_PWR2GHZ_BASE1; 1631 run_srom_read(sc, addr + i / 2, &val); 1632 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1633 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1634 1635 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1636 RT2860_EEPROM_PWR2GHZ_BASE2; 1637 run_srom_read(sc, addr + i / 2, &val); 1638 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1639 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1640 1641 if (sc->ntxchains == 3) { 1642 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1643 &val); 1644 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1645 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1646 } 1647 } 1648 /* Fix broken Tx power entries. */ 1649 for (i = 0; i < 14; i++) { 1650 if (sc->txpow1[i] > 31) 1651 sc->txpow1[i] = 5; 1652 if (sc->txpow2[i] > 31) 1653 sc->txpow2[i] = 5; 1654 if (sc->ntxchains == 3) { 1655 if (sc->txpow3[i] > 31) 1656 sc->txpow3[i] = 5; 1657 } 1658 } 1659 /* Read power settings for 5GHz channels. */ 1660 for (i = 0; i < 40; i += 2) { 1661 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1662 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1663 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1664 1665 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1666 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1667 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1668 1669 if (sc->ntxchains == 3) { 1670 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1671 &val); 1672 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1673 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1674 } 1675 } 1676 } 1677 1678 static void 1679 run_get_txpower(struct run_softc *sc) 1680 { 1681 uint16_t val; 1682 int i; 1683 1684 /* Read power settings for 2GHz channels. */ 1685 for (i = 0; i < 14; i += 2) { 1686 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1687 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1688 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1689 1690 if (sc->mac_ver != 0x5390) { 1691 run_srom_read(sc, 1692 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1693 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1694 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1695 } 1696 } 1697 /* Fix broken Tx power entries. */ 1698 for (i = 0; i < 14; i++) { 1699 if (sc->mac_ver >= 0x5390) { 1700 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1701 sc->txpow1[i] = 5; 1702 } else { 1703 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1704 sc->txpow1[i] = 5; 1705 } 1706 if (sc->mac_ver > 0x5390) { 1707 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1708 sc->txpow2[i] = 5; 1709 } else if (sc->mac_ver < 0x5390) { 1710 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1711 sc->txpow2[i] = 5; 1712 } 1713 DPRINTF("chan %d: power1=%d, power2=%d\n", 1714 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1715 } 1716 /* Read power settings for 5GHz channels. */ 1717 for (i = 0; i < 40; i += 2) { 1718 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1719 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1720 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1721 1722 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1723 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1724 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1725 } 1726 /* Fix broken Tx power entries. */ 1727 for (i = 0; i < 40; i++ ) { 1728 if (sc->mac_ver != 0x5592) { 1729 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1730 sc->txpow1[14 + i] = 5; 1731 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1732 sc->txpow2[14 + i] = 5; 1733 } 1734 DPRINTF("chan %d: power1=%d, power2=%d\n", 1735 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1736 sc->txpow2[14 + i]); 1737 } 1738 } 1739 1740 static int 1741 run_read_eeprom(struct run_softc *sc) 1742 { 1743 struct ieee80211com *ic = &sc->sc_ic; 1744 int8_t delta_2ghz, delta_5ghz; 1745 uint32_t tmp; 1746 uint16_t val; 1747 int ridx, ant, i; 1748 1749 /* check whether the ROM is eFUSE ROM or EEPROM */ 1750 sc->sc_srom_read = run_eeprom_read_2; 1751 if (sc->mac_ver >= 0x3070) { 1752 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1753 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1754 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1755 sc->sc_srom_read = run_efuse_read_2; 1756 } 1757 1758 /* read ROM version */ 1759 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1760 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1761 1762 /* read MAC address */ 1763 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1764 ic->ic_macaddr[0] = val & 0xff; 1765 ic->ic_macaddr[1] = val >> 8; 1766 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1767 ic->ic_macaddr[2] = val & 0xff; 1768 ic->ic_macaddr[3] = val >> 8; 1769 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1770 ic->ic_macaddr[4] = val & 0xff; 1771 ic->ic_macaddr[5] = val >> 8; 1772 1773 if (sc->mac_ver < 0x3593) { 1774 /* read vender BBP settings */ 1775 for (i = 0; i < 10; i++) { 1776 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1777 sc->bbp[i].val = val & 0xff; 1778 sc->bbp[i].reg = val >> 8; 1779 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1780 sc->bbp[i].val); 1781 } 1782 if (sc->mac_ver >= 0x3071) { 1783 /* read vendor RF settings */ 1784 for (i = 0; i < 10; i++) { 1785 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1786 &val); 1787 sc->rf[i].val = val & 0xff; 1788 sc->rf[i].reg = val >> 8; 1789 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1790 sc->rf[i].val); 1791 } 1792 } 1793 } 1794 1795 /* read RF frequency offset from EEPROM */ 1796 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1797 RT3593_EEPROM_FREQ, &val); 1798 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1799 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1800 1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1802 RT3593_EEPROM_FREQ_LEDS, &val); 1803 if (val >> 8 != 0xff) { 1804 /* read LEDs operating mode */ 1805 sc->leds = val >> 8; 1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1807 RT3593_EEPROM_LED1, &sc->led[0]); 1808 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1809 RT3593_EEPROM_LED2, &sc->led[1]); 1810 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1811 RT3593_EEPROM_LED3, &sc->led[2]); 1812 } else { 1813 /* broken EEPROM, use default settings */ 1814 sc->leds = 0x01; 1815 sc->led[0] = 0x5555; 1816 sc->led[1] = 0x2221; 1817 sc->led[2] = 0x5627; /* differs from RT2860 */ 1818 } 1819 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1820 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1821 1822 /* read RF information */ 1823 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1824 run_srom_read(sc, 0x00, &val); 1825 else 1826 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1827 1828 if (val == 0xffff) { 1829 device_printf(sc->sc_dev, 1830 "invalid EEPROM antenna info, using default\n"); 1831 DPRINTF("invalid EEPROM antenna info, using default\n"); 1832 if (sc->mac_ver == 0x3572) { 1833 /* default to RF3052 2T2R */ 1834 sc->rf_rev = RT3070_RF_3052; 1835 sc->ntxchains = 2; 1836 sc->nrxchains = 2; 1837 } else if (sc->mac_ver >= 0x3070) { 1838 /* default to RF3020 1T1R */ 1839 sc->rf_rev = RT3070_RF_3020; 1840 sc->ntxchains = 1; 1841 sc->nrxchains = 1; 1842 } else { 1843 /* default to RF2820 1T2R */ 1844 sc->rf_rev = RT2860_RF_2820; 1845 sc->ntxchains = 1; 1846 sc->nrxchains = 2; 1847 } 1848 } else { 1849 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1850 sc->rf_rev = val; 1851 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1852 } else 1853 sc->rf_rev = (val >> 8) & 0xf; 1854 sc->ntxchains = (val >> 4) & 0xf; 1855 sc->nrxchains = val & 0xf; 1856 } 1857 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1858 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1859 1860 /* check if RF supports automatic Tx access gain control */ 1861 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1862 DPRINTF("EEPROM CFG 0x%04x\n", val); 1863 /* check if driver should patch the DAC issue */ 1864 if ((val >> 8) != 0xff) 1865 sc->patch_dac = (val >> 15) & 1; 1866 if ((val & 0xff) != 0xff) { 1867 sc->ext_5ghz_lna = (val >> 3) & 1; 1868 sc->ext_2ghz_lna = (val >> 2) & 1; 1869 /* check if RF supports automatic Tx access gain control */ 1870 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1871 /* check if we have a hardware radio switch */ 1872 sc->rfswitch = val & 1; 1873 } 1874 1875 /* Read Tx power settings. */ 1876 if (sc->mac_ver == 0x3593) 1877 run_rt3593_get_txpower(sc); 1878 else 1879 run_get_txpower(sc); 1880 1881 /* read Tx power compensation for each Tx rate */ 1882 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1883 delta_2ghz = delta_5ghz = 0; 1884 if ((val & 0xff) != 0xff && (val & 0x80)) { 1885 delta_2ghz = val & 0xf; 1886 if (!(val & 0x40)) /* negative number */ 1887 delta_2ghz = -delta_2ghz; 1888 } 1889 val >>= 8; 1890 if ((val & 0xff) != 0xff && (val & 0x80)) { 1891 delta_5ghz = val & 0xf; 1892 if (!(val & 0x40)) /* negative number */ 1893 delta_5ghz = -delta_5ghz; 1894 } 1895 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1896 delta_2ghz, delta_5ghz); 1897 1898 for (ridx = 0; ridx < 5; ridx++) { 1899 uint32_t reg; 1900 1901 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1902 reg = val; 1903 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1904 reg |= (uint32_t)val << 16; 1905 1906 sc->txpow20mhz[ridx] = reg; 1907 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1908 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1909 1910 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1911 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1912 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1913 } 1914 1915 /* Read RSSI offsets and LNA gains from EEPROM. */ 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1917 RT3593_EEPROM_RSSI1_2GHZ, &val); 1918 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1919 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1920 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1921 RT3593_EEPROM_RSSI2_2GHZ, &val); 1922 if (sc->mac_ver >= 0x3070) { 1923 if (sc->mac_ver == 0x3593) { 1924 sc->txmixgain_2ghz = 0; 1925 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1926 } else { 1927 /* 1928 * On RT3070 chips (limited to 2 Rx chains), this ROM 1929 * field contains the Tx mixer gain for the 2GHz band. 1930 */ 1931 if ((val & 0xff) != 0xff) 1932 sc->txmixgain_2ghz = val & 0x7; 1933 } 1934 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1935 } else 1936 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1937 if (sc->mac_ver == 0x3593) 1938 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1939 sc->lna[2] = val >> 8; /* channel group 2 */ 1940 1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1942 RT3593_EEPROM_RSSI1_5GHZ, &val); 1943 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1944 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1946 RT3593_EEPROM_RSSI2_5GHZ, &val); 1947 if (sc->mac_ver == 0x3572) { 1948 /* 1949 * On RT3572 chips (limited to 2 Rx chains), this ROM 1950 * field contains the Tx mixer gain for the 5GHz band. 1951 */ 1952 if ((val & 0xff) != 0xff) 1953 sc->txmixgain_5ghz = val & 0x7; 1954 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1955 } else 1956 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1957 if (sc->mac_ver == 0x3593) { 1958 sc->txmixgain_5ghz = 0; 1959 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1960 } 1961 sc->lna[3] = val >> 8; /* channel group 3 */ 1962 1963 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1964 RT3593_EEPROM_LNA, &val); 1965 sc->lna[0] = val & 0xff; /* channel group 0 */ 1966 sc->lna[1] = val >> 8; /* channel group 1 */ 1967 1968 /* fix broken 5GHz LNA entries */ 1969 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1970 DPRINTF("invalid LNA for channel group %d\n", 2); 1971 sc->lna[2] = sc->lna[1]; 1972 } 1973 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1974 DPRINTF("invalid LNA for channel group %d\n", 3); 1975 sc->lna[3] = sc->lna[1]; 1976 } 1977 1978 /* fix broken RSSI offset entries */ 1979 for (ant = 0; ant < 3; ant++) { 1980 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1981 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1982 ant + 1, sc->rssi_2ghz[ant]); 1983 sc->rssi_2ghz[ant] = 0; 1984 } 1985 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1986 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1987 ant + 1, sc->rssi_5ghz[ant]); 1988 sc->rssi_5ghz[ant] = 0; 1989 } 1990 } 1991 return (0); 1992 } 1993 1994 static struct ieee80211_node * 1995 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1996 { 1997 return kmalloc(sizeof (struct run_node), M_DEVBUF, M_WAITOK | M_ZERO); 1998 } 1999 2000 static int 2001 run_media_change(struct ifnet *ifp) 2002 { 2003 struct ieee80211vap *vap = ifp->if_softc; 2004 struct ieee80211com *ic = vap->iv_ic; 2005 const struct ieee80211_txparam *tp; 2006 struct run_softc *sc = ic->ic_softc; 2007 uint8_t rate, ridx; 2008 int error; 2009 2010 RUN_LOCK(sc); 2011 2012 error = ieee80211_media_change(ifp); 2013 if (error != ENETRESET) { 2014 RUN_UNLOCK(sc); 2015 return (error); 2016 } 2017 2018 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2019 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2020 struct ieee80211_node *ni; 2021 struct run_node *rn; 2022 2023 rate = ic->ic_sup_rates[ic->ic_curmode]. 2024 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2025 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2026 if (rt2860_rates[ridx].rate == rate) 2027 break; 2028 ni = ieee80211_ref_node(vap->iv_bss); 2029 rn = RUN_NODE(ni); 2030 rn->fix_ridx = ridx; 2031 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2032 ieee80211_free_node(ni); 2033 } 2034 2035 #if 0 2036 if ((ifp->if_flags & IFF_UP) && 2037 (ifp->if_drv_flags & RUN_RUNNING)){ 2038 run_init_locked(sc); 2039 } 2040 #endif 2041 2042 RUN_UNLOCK(sc); 2043 2044 return (0); 2045 } 2046 2047 static int 2048 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2049 { 2050 const struct ieee80211_txparam *tp; 2051 struct ieee80211com *ic = vap->iv_ic; 2052 struct run_softc *sc = ic->ic_softc; 2053 struct run_vap *rvp = RUN_VAP(vap); 2054 enum ieee80211_state ostate; 2055 uint32_t sta[3]; 2056 uint32_t tmp; 2057 uint8_t ratectl; 2058 uint8_t restart_ratectl = 0; 2059 uint8_t bid = 1 << rvp->rvp_id; 2060 2061 ostate = vap->iv_state; 2062 DPRINTF("%s -> %s\n", 2063 ieee80211_state_name[ostate], 2064 ieee80211_state_name[nstate]); 2065 2066 IEEE80211_UNLOCK(ic); 2067 RUN_LOCK(sc); 2068 2069 ratectl = sc->ratectl_run; /* remember current state */ 2070 sc->ratectl_run = RUN_RATECTL_OFF; 2071 usb_callout_stop(&sc->ratectl_ch); 2072 2073 if (ostate == IEEE80211_S_RUN) { 2074 /* turn link LED off */ 2075 run_set_leds(sc, RT2860_LED_RADIO); 2076 } 2077 2078 switch (nstate) { 2079 case IEEE80211_S_INIT: 2080 restart_ratectl = 1; 2081 2082 if (ostate != IEEE80211_S_RUN) 2083 break; 2084 2085 ratectl &= ~bid; 2086 sc->runbmap &= ~bid; 2087 2088 /* abort TSF synchronization if there is no vap running */ 2089 if (--sc->running == 0) { 2090 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2091 run_write(sc, RT2860_BCN_TIME_CFG, 2092 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2093 RT2860_TBTT_TIMER_EN)); 2094 } 2095 break; 2096 2097 case IEEE80211_S_RUN: 2098 if (!(sc->runbmap & bid)) { 2099 if(sc->running++) 2100 restart_ratectl = 1; 2101 sc->runbmap |= bid; 2102 } 2103 2104 m_freem(rvp->beacon_mbuf); 2105 rvp->beacon_mbuf = NULL; 2106 2107 switch (vap->iv_opmode) { 2108 case IEEE80211_M_HOSTAP: 2109 case IEEE80211_M_MBSS: 2110 sc->ap_running |= bid; 2111 ic->ic_opmode = vap->iv_opmode; 2112 run_update_beacon_cb(vap); 2113 break; 2114 case IEEE80211_M_IBSS: 2115 sc->adhoc_running |= bid; 2116 if (!sc->ap_running) 2117 ic->ic_opmode = vap->iv_opmode; 2118 run_update_beacon_cb(vap); 2119 break; 2120 case IEEE80211_M_STA: 2121 sc->sta_running |= bid; 2122 if (!sc->ap_running && !sc->adhoc_running) 2123 ic->ic_opmode = vap->iv_opmode; 2124 2125 /* read statistic counters (clear on read) */ 2126 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2127 (uint8_t *)sta, sizeof sta); 2128 2129 break; 2130 default: 2131 ic->ic_opmode = vap->iv_opmode; 2132 break; 2133 } 2134 2135 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2136 struct ieee80211_node *ni; 2137 2138 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2139 RUN_UNLOCK(sc); 2140 IEEE80211_LOCK(ic); 2141 return (-1); 2142 } 2143 run_updateslot(ic); 2144 run_enable_mrr(sc); 2145 run_set_txpreamble(sc); 2146 run_set_basicrates(sc); 2147 ni = ieee80211_ref_node(vap->iv_bss); 2148 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2149 run_set_bssid(sc, sc->sc_bssid); 2150 ieee80211_free_node(ni); 2151 run_enable_tsf_sync(sc); 2152 2153 /* enable automatic rate adaptation */ 2154 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2155 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2156 ratectl |= bid; 2157 } else 2158 run_enable_tsf(sc); 2159 2160 /* turn link LED on */ 2161 run_set_leds(sc, RT2860_LED_RADIO | 2162 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2163 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2164 2165 break; 2166 default: 2167 DPRINTFN(6, "undefined case\n"); 2168 break; 2169 } 2170 2171 /* restart amrr for running VAPs */ 2172 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2173 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2174 2175 RUN_UNLOCK(sc); 2176 IEEE80211_LOCK(ic); 2177 2178 return(rvp->newstate(vap, nstate, arg)); 2179 } 2180 2181 static int 2182 run_wme_update(struct ieee80211com *ic) 2183 { 2184 struct run_softc *sc = ic->ic_softc; 2185 const struct wmeParams *ac = 2186 ic->ic_wme.wme_chanParams.cap_wmeParams; 2187 int aci, error = 0; 2188 2189 /* update MAC TX configuration registers */ 2190 RUN_LOCK(sc); 2191 for (aci = 0; aci < WME_NUM_AC; aci++) { 2192 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2193 ac[aci].wmep_logcwmax << 16 | 2194 ac[aci].wmep_logcwmin << 12 | 2195 ac[aci].wmep_aifsn << 8 | 2196 ac[aci].wmep_txopLimit); 2197 if (error) goto err; 2198 } 2199 2200 /* update SCH/DMA registers too */ 2201 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2202 ac[WME_AC_VO].wmep_aifsn << 12 | 2203 ac[WME_AC_VI].wmep_aifsn << 8 | 2204 ac[WME_AC_BK].wmep_aifsn << 4 | 2205 ac[WME_AC_BE].wmep_aifsn); 2206 if (error) goto err; 2207 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2208 ac[WME_AC_VO].wmep_logcwmin << 12 | 2209 ac[WME_AC_VI].wmep_logcwmin << 8 | 2210 ac[WME_AC_BK].wmep_logcwmin << 4 | 2211 ac[WME_AC_BE].wmep_logcwmin); 2212 if (error) goto err; 2213 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2214 ac[WME_AC_VO].wmep_logcwmax << 12 | 2215 ac[WME_AC_VI].wmep_logcwmax << 8 | 2216 ac[WME_AC_BK].wmep_logcwmax << 4 | 2217 ac[WME_AC_BE].wmep_logcwmax); 2218 if (error) goto err; 2219 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2220 ac[WME_AC_BK].wmep_txopLimit << 16 | 2221 ac[WME_AC_BE].wmep_txopLimit); 2222 if (error) goto err; 2223 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2224 ac[WME_AC_VO].wmep_txopLimit << 16 | 2225 ac[WME_AC_VI].wmep_txopLimit); 2226 2227 err: 2228 RUN_UNLOCK(sc); 2229 if (error) 2230 DPRINTF("WME update failed\n"); 2231 2232 return (error); 2233 } 2234 2235 static void 2236 run_key_set_cb(void *arg) 2237 { 2238 struct run_cmdq *cmdq = arg; 2239 struct ieee80211vap *vap = cmdq->arg1; 2240 struct ieee80211_key *k = cmdq->k; 2241 struct ieee80211com *ic = vap->iv_ic; 2242 struct run_softc *sc = ic->ic_softc; 2243 struct ieee80211_node *ni; 2244 u_int cipher = k->wk_cipher->ic_cipher; 2245 uint32_t attr; 2246 uint16_t base, associd; 2247 uint8_t mode, wcid, iv[8]; 2248 2249 RUN_LOCK_ASSERT(sc, MA_OWNED); 2250 2251 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2252 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2253 else 2254 ni = vap->iv_bss; 2255 associd = (ni != NULL) ? ni->ni_associd : 0; 2256 2257 /* map net80211 cipher to RT2860 security mode */ 2258 switch (cipher) { 2259 case IEEE80211_CIPHER_WEP: 2260 if(k->wk_keylen < 8) 2261 mode = RT2860_MODE_WEP40; 2262 else 2263 mode = RT2860_MODE_WEP104; 2264 break; 2265 case IEEE80211_CIPHER_TKIP: 2266 mode = RT2860_MODE_TKIP; 2267 break; 2268 case IEEE80211_CIPHER_AES_CCM: 2269 mode = RT2860_MODE_AES_CCMP; 2270 break; 2271 default: 2272 DPRINTF("undefined case\n"); 2273 return; 2274 } 2275 2276 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2277 associd, k->wk_keyix, mode, 2278 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2279 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2280 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2281 2282 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2283 wcid = 0; /* NB: update WCID0 for group keys */ 2284 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2285 } else { 2286 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2287 1 : RUN_AID2WCID(associd); 2288 base = RT2860_PKEY(wcid); 2289 } 2290 2291 if (cipher == IEEE80211_CIPHER_TKIP) { 2292 if(run_write_region_1(sc, base, k->wk_key, 16)) 2293 return; 2294 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2295 return; 2296 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2297 return; 2298 } else { 2299 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2300 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2301 return; 2302 } 2303 2304 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2305 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2306 /* set initial packet number in IV+EIV */ 2307 if (cipher == IEEE80211_CIPHER_WEP) { 2308 memset(iv, 0, sizeof iv); 2309 iv[3] = vap->iv_def_txkey << 6; 2310 } else { 2311 if (cipher == IEEE80211_CIPHER_TKIP) { 2312 iv[0] = k->wk_keytsc >> 8; 2313 iv[1] = (iv[0] | 0x20) & 0x7f; 2314 iv[2] = k->wk_keytsc; 2315 } else /* CCMP */ { 2316 iv[0] = k->wk_keytsc; 2317 iv[1] = k->wk_keytsc >> 8; 2318 iv[2] = 0; 2319 } 2320 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2321 iv[4] = k->wk_keytsc >> 16; 2322 iv[5] = k->wk_keytsc >> 24; 2323 iv[6] = k->wk_keytsc >> 32; 2324 iv[7] = k->wk_keytsc >> 40; 2325 } 2326 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2327 return; 2328 } 2329 2330 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2331 /* install group key */ 2332 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2333 return; 2334 attr &= ~(0xf << (k->wk_keyix * 4)); 2335 attr |= mode << (k->wk_keyix * 4); 2336 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2337 return; 2338 } else { 2339 /* install pairwise key */ 2340 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2341 return; 2342 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2343 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2344 return; 2345 } 2346 2347 /* TODO create a pass-thru key entry? */ 2348 2349 /* need wcid to delete the right key later */ 2350 k->wk_pad = wcid; 2351 } 2352 2353 /* 2354 * Don't have to be deferred, but in order to keep order of 2355 * execution, i.e. with run_key_delete(), defer this and let 2356 * run_cmdq_cb() maintain the order. 2357 * 2358 * return 0 on error 2359 */ 2360 static int 2361 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2362 { 2363 struct ieee80211com *ic = vap->iv_ic; 2364 struct run_softc *sc = ic->ic_softc; 2365 uint32_t i; 2366 2367 i = RUN_CMDQ_GET(&sc->cmdq_store); 2368 DPRINTF("cmdq_store=%d\n", i); 2369 sc->cmdq[i].func = run_key_set_cb; 2370 sc->cmdq[i].arg0 = NULL; 2371 sc->cmdq[i].arg1 = vap; 2372 sc->cmdq[i].k = k; 2373 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2374 ieee80211_runtask(ic, &sc->cmdq_task); 2375 2376 /* 2377 * To make sure key will be set when hostapd 2378 * calls iv_key_set() before if_init(). 2379 */ 2380 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2381 RUN_LOCK(sc); 2382 sc->cmdq_key_set = RUN_CMDQ_GO; 2383 RUN_UNLOCK(sc); 2384 } 2385 2386 return (1); 2387 } 2388 2389 /* 2390 * If wlan is destroyed without being brought down i.e. without 2391 * wlan down or wpa_cli terminate, this function is called after 2392 * vap is gone. Don't refer it. 2393 */ 2394 static void 2395 run_key_delete_cb(void *arg) 2396 { 2397 struct run_cmdq *cmdq = arg; 2398 struct run_softc *sc = cmdq->arg1; 2399 struct ieee80211_key *k = &cmdq->key; 2400 uint32_t attr; 2401 uint8_t wcid; 2402 2403 RUN_LOCK_ASSERT(sc, MA_OWNED); 2404 2405 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2406 /* remove group key */ 2407 DPRINTF("removing group key\n"); 2408 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2409 attr &= ~(0xf << (k->wk_keyix * 4)); 2410 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2411 } else { 2412 /* remove pairwise key */ 2413 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2414 /* matching wcid was written to wk_pad in run_key_set() */ 2415 wcid = k->wk_pad; 2416 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2417 attr &= ~0xf; 2418 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2419 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2420 } 2421 2422 k->wk_pad = 0; 2423 } 2424 2425 /* 2426 * return 0 on error 2427 */ 2428 static int 2429 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2430 { 2431 struct ieee80211com *ic = vap->iv_ic; 2432 struct run_softc *sc = ic->ic_softc; 2433 struct ieee80211_key *k0; 2434 uint32_t i; 2435 2436 /* 2437 * When called back, key might be gone. So, make a copy 2438 * of some values need to delete keys before deferring. 2439 * But, because of LOR with node lock, cannot use lock here. 2440 * So, use atomic instead. 2441 */ 2442 i = RUN_CMDQ_GET(&sc->cmdq_store); 2443 DPRINTF("cmdq_store=%d\n", i); 2444 sc->cmdq[i].func = run_key_delete_cb; 2445 sc->cmdq[i].arg0 = NULL; 2446 sc->cmdq[i].arg1 = sc; 2447 k0 = &sc->cmdq[i].key; 2448 k0->wk_flags = k->wk_flags; 2449 k0->wk_keyix = k->wk_keyix; 2450 /* matching wcid was written to wk_pad in run_key_set() */ 2451 k0->wk_pad = k->wk_pad; 2452 ieee80211_runtask(ic, &sc->cmdq_task); 2453 return (1); /* return fake success */ 2454 2455 } 2456 2457 static void 2458 run_ratectl_to(void *arg) 2459 { 2460 struct run_softc *sc = arg; 2461 2462 /* do it in a process context, so it can go sleep */ 2463 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2464 /* next timeout will be rescheduled in the callback task */ 2465 } 2466 2467 /* ARGSUSED */ 2468 static void 2469 run_ratectl_cb(void *arg, int pending) 2470 { 2471 struct run_softc *sc = arg; 2472 struct ieee80211com *ic = &sc->sc_ic; 2473 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2474 2475 if (vap == NULL) 2476 return; 2477 2478 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2479 /* 2480 * run_reset_livelock() doesn't do anything with AMRR, 2481 * but Ralink wants us to call it every 1 sec. So, we 2482 * piggyback here rather than creating another callout. 2483 * Livelock may occur only in HOSTAP or IBSS mode 2484 * (when h/w is sending beacons). 2485 */ 2486 RUN_LOCK(sc); 2487 run_reset_livelock(sc); 2488 /* just in case, there are some stats to drain */ 2489 run_drain_fifo(sc); 2490 RUN_UNLOCK(sc); 2491 } 2492 2493 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2494 2495 RUN_LOCK(sc); 2496 if(sc->ratectl_run != RUN_RATECTL_OFF) 2497 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2498 RUN_UNLOCK(sc); 2499 } 2500 2501 static void 2502 run_drain_fifo(void *arg) 2503 { 2504 struct run_softc *sc = arg; 2505 uint32_t stat; 2506 uint16_t (*wstat)[3]; 2507 uint8_t wcid, mcs, pid; 2508 int8_t retry; 2509 2510 RUN_LOCK_ASSERT(sc, MA_OWNED); 2511 2512 for (;;) { 2513 /* drain Tx status FIFO (maxsize = 16) */ 2514 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2515 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2516 if (!(stat & RT2860_TXQ_VLD)) 2517 break; 2518 2519 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2520 2521 /* if no ACK was requested, no feedback is available */ 2522 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2523 wcid == 0) 2524 continue; 2525 2526 /* 2527 * Even though each stat is Tx-complete-status like format, 2528 * the device can poll stats. Because there is no guarantee 2529 * that the referring node is still around when read the stats. 2530 * So that, if we use ieee80211_ratectl_tx_update(), we will 2531 * have hard time not to refer already freed node. 2532 * 2533 * To eliminate such page faults, we poll stats in softc. 2534 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2535 */ 2536 wstat = &(sc->wcid_stats[wcid]); 2537 (*wstat)[RUN_TXCNT]++; 2538 if (stat & RT2860_TXQ_OK) { 2539 (*wstat)[RUN_SUCCESS]++; 2540 } else { 2541 #if defined(__DragonFly__) 2542 ++sc->sc_ic.ic_oerrors; 2543 #else 2544 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2545 #endif 2546 } 2547 /* 2548 * Check if there were retries, ie if the Tx success rate is 2549 * different from the requested rate. Note that it works only 2550 * because we do not allow rate fallback from OFDM to CCK. 2551 */ 2552 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2553 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2554 if ((retry = pid -1 - mcs) > 0) { 2555 (*wstat)[RUN_TXCNT] += retry; 2556 (*wstat)[RUN_RETRY] += retry; 2557 } 2558 } 2559 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2560 2561 sc->fifo_cnt = 0; 2562 } 2563 2564 static void 2565 run_iter_func(void *arg, struct ieee80211_node *ni) 2566 { 2567 struct run_softc *sc = arg; 2568 struct ieee80211vap *vap = ni->ni_vap; 2569 struct run_node *rn = RUN_NODE(ni); 2570 union run_stats sta[2]; 2571 uint16_t (*wstat)[3]; 2572 int txcnt, success, retrycnt, error; 2573 2574 RUN_LOCK(sc); 2575 2576 /* Check for special case */ 2577 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2578 ni != vap->iv_bss) 2579 goto fail; 2580 2581 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2582 vap->iv_opmode == IEEE80211_M_STA)) { 2583 /* read statistic counters (clear on read) and update AMRR state */ 2584 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2585 sizeof sta); 2586 if (error != 0) 2587 goto fail; 2588 2589 /* count failed TX as errors */ 2590 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2591 le16toh(sta[0].error.fail)); 2592 2593 retrycnt = le16toh(sta[1].tx.retry); 2594 success = le16toh(sta[1].tx.success); 2595 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2596 2597 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2598 retrycnt, success, le16toh(sta[0].error.fail)); 2599 } else { 2600 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2601 2602 if (wstat == &(sc->wcid_stats[0]) || 2603 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2604 goto fail; 2605 2606 txcnt = (*wstat)[RUN_TXCNT]; 2607 success = (*wstat)[RUN_SUCCESS]; 2608 retrycnt = (*wstat)[RUN_RETRY]; 2609 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2610 retrycnt, txcnt, success); 2611 2612 memset(wstat, 0, sizeof(*wstat)); 2613 } 2614 2615 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2616 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2617 2618 fail: 2619 RUN_UNLOCK(sc); 2620 2621 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2622 } 2623 2624 static void 2625 run_newassoc_cb(void *arg) 2626 { 2627 struct run_cmdq *cmdq = arg; 2628 struct ieee80211_node *ni = cmdq->arg1; 2629 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2630 uint8_t wcid = cmdq->wcid; 2631 2632 RUN_LOCK_ASSERT(sc, MA_OWNED); 2633 2634 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2635 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2636 2637 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2638 } 2639 2640 static void 2641 run_newassoc(struct ieee80211_node *ni, int isnew) 2642 { 2643 struct run_node *rn = RUN_NODE(ni); 2644 struct ieee80211_rateset *rs = &ni->ni_rates; 2645 struct ieee80211vap *vap = ni->ni_vap; 2646 struct ieee80211com *ic = vap->iv_ic; 2647 struct run_softc *sc = ic->ic_softc; 2648 uint8_t rate; 2649 uint8_t ridx; 2650 uint8_t wcid; 2651 int i, j; 2652 2653 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2654 1 : RUN_AID2WCID(ni->ni_associd); 2655 2656 if (wcid > RT2870_WCID_MAX) { 2657 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2658 return; 2659 } 2660 2661 /* only interested in true associations */ 2662 if (isnew && ni->ni_associd != 0) { 2663 2664 /* 2665 * This function could is called though timeout function. 2666 * Need to defer. 2667 */ 2668 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2669 DPRINTF("cmdq_store=%d\n", cnt); 2670 sc->cmdq[cnt].func = run_newassoc_cb; 2671 sc->cmdq[cnt].arg0 = NULL; 2672 sc->cmdq[cnt].arg1 = ni; 2673 sc->cmdq[cnt].wcid = wcid; 2674 ieee80211_runtask(ic, &sc->cmdq_task); 2675 } 2676 2677 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2678 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2679 2680 for (i = 0; i < rs->rs_nrates; i++) { 2681 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2682 /* convert 802.11 rate to hardware rate index */ 2683 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2684 if (rt2860_rates[ridx].rate == rate) 2685 break; 2686 rn->ridx[i] = ridx; 2687 /* determine rate of control response frames */ 2688 for (j = i; j >= 0; j--) { 2689 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2690 rt2860_rates[rn->ridx[i]].phy == 2691 rt2860_rates[rn->ridx[j]].phy) 2692 break; 2693 } 2694 if (j >= 0) { 2695 rn->ctl_ridx[i] = rn->ridx[j]; 2696 } else { 2697 /* no basic rate found, use mandatory one */ 2698 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2699 } 2700 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2701 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2702 } 2703 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2704 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2705 if (rt2860_rates[ridx].rate == rate) 2706 break; 2707 rn->mgt_ridx = ridx; 2708 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2709 2710 RUN_LOCK(sc); 2711 if(sc->ratectl_run != RUN_RATECTL_OFF) 2712 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2713 RUN_UNLOCK(sc); 2714 } 2715 2716 /* 2717 * Return the Rx chain with the highest RSSI for a given frame. 2718 */ 2719 static __inline uint8_t 2720 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2721 { 2722 uint8_t rxchain = 0; 2723 2724 if (sc->nrxchains > 1) { 2725 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2726 rxchain = 1; 2727 if (sc->nrxchains > 2) 2728 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2729 rxchain = 2; 2730 } 2731 return (rxchain); 2732 } 2733 2734 static void 2735 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2736 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2737 { 2738 struct ieee80211vap *vap = ni->ni_vap; 2739 struct run_softc *sc = vap->iv_ic->ic_softc; 2740 struct run_vap *rvp = RUN_VAP(vap); 2741 uint64_t ni_tstamp, rx_tstamp; 2742 2743 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2744 2745 if (vap->iv_state == IEEE80211_S_RUN && 2746 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2747 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2748 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2749 RUN_LOCK(sc); 2750 run_get_tsf(sc, &rx_tstamp); 2751 RUN_UNLOCK(sc); 2752 rx_tstamp = le64toh(rx_tstamp); 2753 2754 if (ni_tstamp >= rx_tstamp) { 2755 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2756 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2757 (void) ieee80211_ibss_merge(ni); 2758 } 2759 } 2760 } 2761 2762 static void 2763 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2764 { 2765 struct ieee80211com *ic = &sc->sc_ic; 2766 struct ieee80211_frame *wh; 2767 struct ieee80211_node *ni; 2768 struct rt2870_rxd *rxd; 2769 struct rt2860_rxwi *rxwi; 2770 uint32_t flags; 2771 uint16_t len, rxwisize; 2772 uint8_t ant, rssi; 2773 int8_t nf; 2774 2775 rxwi = mtod(m, struct rt2860_rxwi *); 2776 len = le16toh(rxwi->len) & 0xfff; 2777 rxwisize = sizeof(struct rt2860_rxwi); 2778 if (sc->mac_ver == 0x5592) 2779 rxwisize += sizeof(uint64_t); 2780 else if (sc->mac_ver == 0x3593) 2781 rxwisize += sizeof(uint32_t); 2782 if (__predict_false(len > dmalen)) { 2783 m_freem(m); 2784 #if defined(__DragonFly__) 2785 ++ic->ic_ierrors; 2786 #else 2787 counter_u64_add(ic->ic_ierrors, 1); 2788 #endif 2789 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2790 return; 2791 } 2792 /* Rx descriptor is located at the end */ 2793 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2794 flags = le32toh(rxd->flags); 2795 2796 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2797 m_freem(m); 2798 #if defined(__DragonFly__) 2799 ++ic->ic_ierrors; 2800 #else 2801 counter_u64_add(ic->ic_ierrors, 1); 2802 #endif 2803 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2804 return; 2805 } 2806 2807 m->m_data += rxwisize; 2808 m->m_pkthdr.len = m->m_len -= rxwisize; 2809 2810 wh = mtod(m, struct ieee80211_frame *); 2811 2812 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2813 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2814 m->m_flags |= M_WEP; 2815 } 2816 2817 if (flags & RT2860_RX_L2PAD) { 2818 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2819 len += 2; 2820 } 2821 2822 ni = ieee80211_find_rxnode(ic, 2823 mtod(m, struct ieee80211_frame_min *)); 2824 2825 if (__predict_false(flags & RT2860_RX_MICERR)) { 2826 /* report MIC failures to net80211 for TKIP */ 2827 if (ni != NULL) 2828 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2829 rxwi->keyidx); 2830 m_freem(m); 2831 #if defined(__DragonFly__) 2832 ++ic->ic_ierrors; 2833 #else 2834 counter_u64_add(ic->ic_ierrors, 1); 2835 #endif 2836 DPRINTF("MIC error. Someone is lying.\n"); 2837 return; 2838 } 2839 2840 ant = run_maxrssi_chain(sc, rxwi); 2841 rssi = rxwi->rssi[ant]; 2842 nf = run_rssi2dbm(sc, rssi, ant); 2843 2844 m->m_pkthdr.len = m->m_len = len; 2845 2846 if (__predict_false(ieee80211_radiotap_active(ic))) { 2847 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2848 uint16_t phy; 2849 2850 tap->wr_flags = 0; 2851 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2852 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2853 tap->wr_antsignal = rssi; 2854 tap->wr_antenna = ant; 2855 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2856 tap->wr_rate = 2; /* in case it can't be found below */ 2857 RUN_LOCK(sc); 2858 run_get_tsf(sc, &tap->wr_tsf); 2859 RUN_UNLOCK(sc); 2860 phy = le16toh(rxwi->phy); 2861 switch (phy & RT2860_PHY_MODE) { 2862 case RT2860_PHY_CCK: 2863 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2864 case 0: tap->wr_rate = 2; break; 2865 case 1: tap->wr_rate = 4; break; 2866 case 2: tap->wr_rate = 11; break; 2867 case 3: tap->wr_rate = 22; break; 2868 } 2869 if (phy & RT2860_PHY_SHPRE) 2870 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2871 break; 2872 case RT2860_PHY_OFDM: 2873 switch (phy & RT2860_PHY_MCS) { 2874 case 0: tap->wr_rate = 12; break; 2875 case 1: tap->wr_rate = 18; break; 2876 case 2: tap->wr_rate = 24; break; 2877 case 3: tap->wr_rate = 36; break; 2878 case 4: tap->wr_rate = 48; break; 2879 case 5: tap->wr_rate = 72; break; 2880 case 6: tap->wr_rate = 96; break; 2881 case 7: tap->wr_rate = 108; break; 2882 } 2883 break; 2884 } 2885 } 2886 2887 if (ni != NULL) { 2888 (void)ieee80211_input(ni, m, rssi, nf); 2889 ieee80211_free_node(ni); 2890 } else { 2891 (void)ieee80211_input_all(ic, m, rssi, nf); 2892 } 2893 } 2894 2895 static void 2896 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2897 { 2898 struct run_softc *sc = usbd_xfer_softc(xfer); 2899 struct ieee80211com *ic = &sc->sc_ic; 2900 struct mbuf *m = NULL; 2901 struct mbuf *m0; 2902 uint32_t dmalen; 2903 uint16_t rxwisize; 2904 int xferlen; 2905 2906 rxwisize = sizeof(struct rt2860_rxwi); 2907 if (sc->mac_ver == 0x5592) 2908 rxwisize += sizeof(uint64_t); 2909 else if (sc->mac_ver == 0x3593) 2910 rxwisize += sizeof(uint32_t); 2911 2912 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2913 2914 switch (USB_GET_STATE(xfer)) { 2915 case USB_ST_TRANSFERRED: 2916 2917 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2918 2919 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2920 sizeof(struct rt2870_rxd))) { 2921 DPRINTF("xfer too short %d\n", xferlen); 2922 goto tr_setup; 2923 } 2924 2925 m = sc->rx_m; 2926 sc->rx_m = NULL; 2927 2928 /* FALLTHROUGH */ 2929 case USB_ST_SETUP: 2930 tr_setup: 2931 if (sc->rx_m == NULL) { 2932 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2933 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2934 } 2935 if (sc->rx_m == NULL) { 2936 DPRINTF("could not allocate mbuf - idle with stall\n"); 2937 #if defined(__DragonFly__) 2938 ++ic->ic_ierrors; 2939 #else 2940 counter_u64_add(ic->ic_ierrors, 1); 2941 #endif 2942 usbd_xfer_set_stall(xfer); 2943 usbd_xfer_set_frames(xfer, 0); 2944 } else { 2945 /* 2946 * Directly loading a mbuf cluster into DMA to 2947 * save some data copying. This works because 2948 * there is only one cluster. 2949 */ 2950 usbd_xfer_set_frame_data(xfer, 0, 2951 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2952 usbd_xfer_set_frames(xfer, 1); 2953 } 2954 usbd_transfer_submit(xfer); 2955 break; 2956 2957 default: /* Error */ 2958 if (error != USB_ERR_CANCELLED) { 2959 /* try to clear stall first */ 2960 usbd_xfer_set_stall(xfer); 2961 if (error == USB_ERR_TIMEOUT) 2962 device_printf(sc->sc_dev, "device timeout\n"); 2963 #if defined(__DragonFly__) 2964 ++ic->ic_ierrors; 2965 #else 2966 counter_u64_add(ic->ic_ierrors, 1); 2967 #endif 2968 goto tr_setup; 2969 } 2970 if (sc->rx_m != NULL) { 2971 m_freem(sc->rx_m); 2972 sc->rx_m = NULL; 2973 } 2974 break; 2975 } 2976 2977 if (m == NULL) 2978 return; 2979 2980 /* inputting all the frames must be last */ 2981 2982 RUN_UNLOCK(sc); 2983 2984 m->m_pkthdr.len = m->m_len = xferlen; 2985 2986 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2987 for(;;) { 2988 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2989 2990 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2991 ((dmalen & 3) != 0)) { 2992 DPRINTF("bad DMA length %u\n", dmalen); 2993 break; 2994 } 2995 if ((dmalen + 8) > (uint32_t)xferlen) { 2996 DPRINTF("bad DMA length %u > %d\n", 2997 dmalen + 8, xferlen); 2998 break; 2999 } 3000 3001 /* If it is the last one or a single frame, we won't copy. */ 3002 if ((xferlen -= dmalen + 8) <= 8) { 3003 /* trim 32-bit DMA-len header */ 3004 m->m_data += 4; 3005 m->m_pkthdr.len = m->m_len -= 4; 3006 run_rx_frame(sc, m, dmalen); 3007 m = NULL; /* don't free source buffer */ 3008 break; 3009 } 3010 3011 /* copy aggregated frames to another mbuf */ 3012 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3013 if (__predict_false(m0 == NULL)) { 3014 DPRINTF("could not allocate mbuf\n"); 3015 #if defined(__DragonFly__) 3016 ++ic->ic_ierrors; 3017 #else 3018 counter_u64_add(ic->ic_ierrors, 1); 3019 #endif 3020 break; 3021 } 3022 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3023 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3024 m0->m_pkthdr.len = m0->m_len = 3025 dmalen + sizeof(struct rt2870_rxd); 3026 run_rx_frame(sc, m0, dmalen); 3027 3028 /* update data ptr */ 3029 m->m_data += dmalen + 8; 3030 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3031 } 3032 3033 /* make sure we free the source buffer, if any */ 3034 m_freem(m); 3035 3036 RUN_LOCK(sc); 3037 } 3038 3039 static void 3040 run_tx_free(struct run_endpoint_queue *pq, 3041 struct run_tx_data *data, int txerr) 3042 { 3043 3044 ieee80211_tx_complete(data->ni, data->m, txerr); 3045 3046 data->m = NULL; 3047 data->ni = NULL; 3048 3049 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3050 pq->tx_nfree++; 3051 } 3052 3053 static void 3054 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3055 { 3056 struct run_softc *sc = usbd_xfer_softc(xfer); 3057 struct ieee80211com *ic = &sc->sc_ic; 3058 struct run_tx_data *data; 3059 struct ieee80211vap *vap = NULL; 3060 struct usb_page_cache *pc; 3061 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3062 struct mbuf *m; 3063 usb_frlength_t size; 3064 int actlen; 3065 int sumlen; 3066 3067 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3068 3069 switch (USB_GET_STATE(xfer)) { 3070 case USB_ST_TRANSFERRED: 3071 DPRINTFN(11, "transfer complete: %d " 3072 "bytes @ index %d\n", actlen, index); 3073 3074 data = usbd_xfer_get_priv(xfer); 3075 run_tx_free(pq, data, 0); 3076 usbd_xfer_set_priv(xfer, NULL); 3077 3078 /* FALLTHROUGH */ 3079 case USB_ST_SETUP: 3080 tr_setup: 3081 data = STAILQ_FIRST(&pq->tx_qh); 3082 if (data == NULL) 3083 break; 3084 3085 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3086 3087 m = data->m; 3088 size = (sc->mac_ver == 0x5592) ? 3089 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3090 if ((m->m_pkthdr.len + 3091 size + 3 + 8) > RUN_MAX_TXSZ) { 3092 DPRINTF("data overflow, %u bytes\n", 3093 m->m_pkthdr.len); 3094 run_tx_free(pq, data, 1); 3095 goto tr_setup; 3096 } 3097 3098 pc = usbd_xfer_get_frame(xfer, 0); 3099 usbd_copy_in(pc, 0, &data->desc, size); 3100 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3101 size += m->m_pkthdr.len; 3102 /* 3103 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3104 * 4-byte padding), and be sure to zero those trailing 3105 * bytes: 3106 */ 3107 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3108 size += ((-size) & 3) + 8; 3109 3110 vap = data->ni->ni_vap; 3111 if (ieee80211_radiotap_active_vap(vap)) { 3112 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3113 struct rt2860_txwi *txwi = 3114 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3115 tap->wt_flags = 0; 3116 tap->wt_rate = rt2860_rates[data->ridx].rate; 3117 run_get_tsf(sc, &tap->wt_tsf); 3118 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3119 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3120 tap->wt_hwqueue = index; 3121 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3122 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3123 3124 ieee80211_radiotap_tx(vap, m); 3125 } 3126 3127 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3128 m->m_pkthdr.len, size, index); 3129 3130 usbd_xfer_set_frame_len(xfer, 0, size); 3131 usbd_xfer_set_priv(xfer, data); 3132 usbd_transfer_submit(xfer); 3133 run_start(sc); 3134 3135 break; 3136 3137 default: 3138 DPRINTF("USB transfer error, %s\n", 3139 usbd_errstr(error)); 3140 3141 data = usbd_xfer_get_priv(xfer); 3142 3143 if (data != NULL) { 3144 if(data->ni != NULL) 3145 vap = data->ni->ni_vap; 3146 run_tx_free(pq, data, error); 3147 usbd_xfer_set_priv(xfer, NULL); 3148 } 3149 3150 if (vap == NULL) 3151 vap = TAILQ_FIRST(&ic->ic_vaps); 3152 3153 if (error != USB_ERR_CANCELLED) { 3154 if (error == USB_ERR_TIMEOUT) { 3155 device_printf(sc->sc_dev, "device timeout\n"); 3156 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3157 DPRINTF("cmdq_store=%d\n", i); 3158 sc->cmdq[i].func = run_usb_timeout_cb; 3159 sc->cmdq[i].arg0 = vap; 3160 ieee80211_runtask(ic, &sc->cmdq_task); 3161 } 3162 3163 /* 3164 * Try to clear stall first, also if other 3165 * errors occur, hence clearing stall 3166 * introduces a 50 ms delay: 3167 */ 3168 usbd_xfer_set_stall(xfer); 3169 goto tr_setup; 3170 } 3171 break; 3172 } 3173 } 3174 3175 static void 3176 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3177 { 3178 run_bulk_tx_callbackN(xfer, error, 0); 3179 } 3180 3181 static void 3182 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3183 { 3184 run_bulk_tx_callbackN(xfer, error, 1); 3185 } 3186 3187 static void 3188 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3189 { 3190 run_bulk_tx_callbackN(xfer, error, 2); 3191 } 3192 3193 static void 3194 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3195 { 3196 run_bulk_tx_callbackN(xfer, error, 3); 3197 } 3198 3199 static void 3200 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3201 { 3202 run_bulk_tx_callbackN(xfer, error, 4); 3203 } 3204 3205 static void 3206 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3207 { 3208 run_bulk_tx_callbackN(xfer, error, 5); 3209 } 3210 3211 static void 3212 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3213 { 3214 struct mbuf *m = data->m; 3215 struct ieee80211com *ic = &sc->sc_ic; 3216 struct ieee80211vap *vap = data->ni->ni_vap; 3217 struct ieee80211_frame *wh; 3218 struct rt2870_txd *txd; 3219 struct rt2860_txwi *txwi; 3220 uint16_t xferlen, txwisize; 3221 uint16_t mcs; 3222 uint8_t ridx = data->ridx; 3223 uint8_t pad; 3224 3225 /* get MCS code from rate index */ 3226 mcs = rt2860_rates[ridx].mcs; 3227 3228 txwisize = (sc->mac_ver == 0x5592) ? 3229 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3230 xferlen = txwisize + m->m_pkthdr.len; 3231 3232 /* roundup to 32-bit alignment */ 3233 xferlen = (xferlen + 3) & ~3; 3234 3235 txd = (struct rt2870_txd *)&data->desc; 3236 txd->len = htole16(xferlen); 3237 3238 wh = mtod(m, struct ieee80211_frame *); 3239 3240 /* 3241 * Ether both are true or both are false, the header 3242 * are nicely aligned to 32-bit. So, no L2 padding. 3243 */ 3244 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3245 pad = 0; 3246 else 3247 pad = 2; 3248 3249 /* setup TX Wireless Information */ 3250 txwi = (struct rt2860_txwi *)(txd + 1); 3251 txwi->len = htole16(m->m_pkthdr.len - pad); 3252 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3253 mcs |= RT2860_PHY_CCK; 3254 if (ridx != RT2860_RIDX_CCK1 && 3255 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3256 mcs |= RT2860_PHY_SHPRE; 3257 } else 3258 mcs |= RT2860_PHY_OFDM; 3259 txwi->phy = htole16(mcs); 3260 3261 /* check if RTS/CTS or CTS-to-self protection is required */ 3262 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3263 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3264 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3265 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3266 txwi->txop |= RT2860_TX_TXOP_HT; 3267 else 3268 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3269 3270 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3271 txwi->xflags |= RT2860_TX_NSEQ; 3272 } 3273 3274 /* This function must be called locked */ 3275 static int 3276 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3277 { 3278 struct ieee80211com *ic = &sc->sc_ic; 3279 struct ieee80211vap *vap = ni->ni_vap; 3280 struct ieee80211_frame *wh; 3281 struct ieee80211_channel *chan; 3282 const struct ieee80211_txparam *tp; 3283 struct run_node *rn = RUN_NODE(ni); 3284 struct run_tx_data *data; 3285 struct rt2870_txd *txd; 3286 struct rt2860_txwi *txwi; 3287 uint16_t qos; 3288 uint16_t dur; 3289 uint16_t qid; 3290 uint8_t type; 3291 uint8_t tid; 3292 uint8_t ridx; 3293 uint8_t ctl_ridx; 3294 uint8_t qflags; 3295 uint8_t xflags = 0; 3296 int hasqos; 3297 3298 RUN_LOCK_ASSERT(sc, MA_OWNED); 3299 3300 wh = mtod(m, struct ieee80211_frame *); 3301 3302 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3303 3304 /* 3305 * There are 7 bulk endpoints: 1 for RX 3306 * and 6 for TX (4 EDCAs + HCCA + Prio). 3307 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3308 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3309 */ 3310 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3311 uint8_t *frm; 3312 3313 if(IEEE80211_HAS_ADDR4(wh)) 3314 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3315 else 3316 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3317 3318 qos = le16toh(*(const uint16_t *)frm); 3319 tid = qos & IEEE80211_QOS_TID; 3320 qid = TID_TO_WME_AC(tid); 3321 } else { 3322 qos = 0; 3323 tid = 0; 3324 qid = WME_AC_BE; 3325 } 3326 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3327 3328 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3329 qos, qid, tid, qflags); 3330 3331 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3332 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3333 3334 /* pickup a rate index */ 3335 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3336 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3337 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3338 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3339 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3340 } else { 3341 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3342 ridx = rn->fix_ridx; 3343 else 3344 ridx = rn->amrr_ridx; 3345 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3346 } 3347 3348 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3349 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3350 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3351 xflags |= RT2860_TX_ACK; 3352 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3353 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3354 else 3355 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3356 USETW(wh->i_dur, dur); 3357 } 3358 3359 /* reserve slots for mgmt packets, just in case */ 3360 if (sc->sc_epq[qid].tx_nfree < 3) { 3361 DPRINTFN(10, "tx ring %d is full\n", qid); 3362 return (-1); 3363 } 3364 3365 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3366 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3367 sc->sc_epq[qid].tx_nfree--; 3368 3369 txd = (struct rt2870_txd *)&data->desc; 3370 txd->flags = qflags; 3371 txwi = (struct rt2860_txwi *)(txd + 1); 3372 txwi->xflags = xflags; 3373 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3374 txwi->wcid = 0; 3375 else 3376 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3377 1 : RUN_AID2WCID(ni->ni_associd); 3378 3379 /* clear leftover garbage bits */ 3380 txwi->flags = 0; 3381 txwi->txop = 0; 3382 3383 data->m = m; 3384 data->ni = ni; 3385 data->ridx = ridx; 3386 3387 run_set_tx_desc(sc, data); 3388 3389 /* 3390 * The chip keeps track of 2 kind of Tx stats, 3391 * * TX_STAT_FIFO, for per WCID stats, and 3392 * * TX_STA_CNT0 for all-TX-in-one stats. 3393 * 3394 * To use FIFO stats, we need to store MCS into the driver-private 3395 * PacketID field. So that, we can tell whose stats when we read them. 3396 * We add 1 to the MCS because setting the PacketID field to 0 means 3397 * that we don't want feedback in TX_STAT_FIFO. 3398 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3399 * 3400 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3401 */ 3402 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3403 vap->iv_opmode == IEEE80211_M_MBSS) { 3404 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3405 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3406 3407 /* 3408 * Unlike PCI based devices, we don't get any interrupt from 3409 * USB devices, so we simulate FIFO-is-full interrupt here. 3410 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3411 * quickly get fulled. To prevent overflow, increment a counter on 3412 * every FIFO stat request, so we know how many slots are left. 3413 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3414 * are used only in those modes. 3415 * We just drain stats. AMRR gets updated every 1 sec by 3416 * run_ratectl_cb() via callout. 3417 * Call it early. Otherwise overflow. 3418 */ 3419 if (sc->fifo_cnt++ == 10) { 3420 /* 3421 * With multiple vaps or if_bridge, if_start() is called 3422 * with a non-sleepable lock, tcpinp. So, need to defer. 3423 */ 3424 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3425 DPRINTFN(6, "cmdq_store=%d\n", i); 3426 sc->cmdq[i].func = run_drain_fifo; 3427 sc->cmdq[i].arg0 = sc; 3428 ieee80211_runtask(ic, &sc->cmdq_task); 3429 } 3430 } 3431 3432 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3433 3434 usbd_transfer_start(sc->sc_xfer[qid]); 3435 3436 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3437 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3438 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3439 3440 return (0); 3441 } 3442 3443 static int 3444 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3445 { 3446 struct ieee80211com *ic = &sc->sc_ic; 3447 struct run_node *rn = RUN_NODE(ni); 3448 struct run_tx_data *data; 3449 struct ieee80211_frame *wh; 3450 struct rt2870_txd *txd; 3451 struct rt2860_txwi *txwi; 3452 uint16_t dur; 3453 uint8_t ridx = rn->mgt_ridx; 3454 uint8_t type; 3455 uint8_t xflags = 0; 3456 uint8_t wflags = 0; 3457 3458 RUN_LOCK_ASSERT(sc, MA_OWNED); 3459 3460 wh = mtod(m, struct ieee80211_frame *); 3461 3462 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3463 3464 /* tell hardware to add timestamp for probe responses */ 3465 if ((wh->i_fc[0] & 3466 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3467 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3468 wflags |= RT2860_TX_TS; 3469 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3470 xflags |= RT2860_TX_ACK; 3471 3472 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3473 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3474 USETW(wh->i_dur, dur); 3475 } 3476 3477 if (sc->sc_epq[0].tx_nfree == 0) 3478 /* let caller free mbuf */ 3479 return (EIO); 3480 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3481 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3482 sc->sc_epq[0].tx_nfree--; 3483 3484 txd = (struct rt2870_txd *)&data->desc; 3485 txd->flags = RT2860_TX_QSEL_EDCA; 3486 txwi = (struct rt2860_txwi *)(txd + 1); 3487 txwi->wcid = 0xff; 3488 txwi->flags = wflags; 3489 txwi->xflags = xflags; 3490 txwi->txop = 0; /* clear leftover garbage bits */ 3491 3492 data->m = m; 3493 data->ni = ni; 3494 data->ridx = ridx; 3495 3496 run_set_tx_desc(sc, data); 3497 3498 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3499 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3500 rt2860_rates[ridx].rate); 3501 3502 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3503 3504 usbd_transfer_start(sc->sc_xfer[0]); 3505 3506 return (0); 3507 } 3508 3509 static int 3510 run_sendprot(struct run_softc *sc, 3511 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3512 { 3513 struct ieee80211com *ic = ni->ni_ic; 3514 struct ieee80211_frame *wh; 3515 struct run_tx_data *data; 3516 struct rt2870_txd *txd; 3517 struct rt2860_txwi *txwi; 3518 struct mbuf *mprot; 3519 int ridx; 3520 int protrate; 3521 int ackrate; 3522 int pktlen; 3523 int isshort; 3524 uint16_t dur; 3525 uint8_t type; 3526 uint8_t wflags = 0; 3527 uint8_t xflags = 0; 3528 3529 RUN_LOCK_ASSERT(sc, MA_OWNED); 3530 3531 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3532 ("protection %d", prot)); 3533 3534 wh = mtod(m, struct ieee80211_frame *); 3535 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3536 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3537 3538 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3539 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3540 3541 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3542 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3543 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3544 wflags = RT2860_TX_FRAG; 3545 3546 /* check that there are free slots before allocating the mbuf */ 3547 if (sc->sc_epq[0].tx_nfree == 0) 3548 /* let caller free mbuf */ 3549 return (ENOBUFS); 3550 3551 if (prot == IEEE80211_PROT_RTSCTS) { 3552 /* NB: CTS is the same size as an ACK */ 3553 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3554 xflags |= RT2860_TX_ACK; 3555 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3556 } else { 3557 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3558 } 3559 if (mprot == NULL) { 3560 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3561 DPRINTF("could not allocate mbuf\n"); 3562 return (ENOBUFS); 3563 } 3564 3565 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3566 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3567 sc->sc_epq[0].tx_nfree--; 3568 3569 txd = (struct rt2870_txd *)&data->desc; 3570 txd->flags = RT2860_TX_QSEL_EDCA; 3571 txwi = (struct rt2860_txwi *)(txd + 1); 3572 txwi->wcid = 0xff; 3573 txwi->flags = wflags; 3574 txwi->xflags = xflags; 3575 txwi->txop = 0; /* clear leftover garbage bits */ 3576 3577 data->m = mprot; 3578 data->ni = ieee80211_ref_node(ni); 3579 3580 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3581 if (rt2860_rates[ridx].rate == protrate) 3582 break; 3583 data->ridx = ridx; 3584 3585 run_set_tx_desc(sc, data); 3586 3587 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3588 m->m_pkthdr.len, rate); 3589 3590 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3591 3592 usbd_transfer_start(sc->sc_xfer[0]); 3593 3594 return (0); 3595 } 3596 3597 static int 3598 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3599 const struct ieee80211_bpf_params *params) 3600 { 3601 struct ieee80211com *ic = ni->ni_ic; 3602 struct ieee80211_frame *wh; 3603 struct run_tx_data *data; 3604 struct rt2870_txd *txd; 3605 struct rt2860_txwi *txwi; 3606 uint8_t type; 3607 uint8_t ridx; 3608 uint8_t rate; 3609 uint8_t opflags = 0; 3610 uint8_t xflags = 0; 3611 int error; 3612 3613 RUN_LOCK_ASSERT(sc, MA_OWNED); 3614 3615 KASSERT(params != NULL, ("no raw xmit params")); 3616 3617 wh = mtod(m, struct ieee80211_frame *); 3618 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3619 3620 rate = params->ibp_rate0; 3621 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3622 /* let caller free mbuf */ 3623 return (EINVAL); 3624 } 3625 3626 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3627 xflags |= RT2860_TX_ACK; 3628 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3629 error = run_sendprot(sc, m, ni, 3630 params->ibp_flags & IEEE80211_BPF_RTS ? 3631 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3632 rate); 3633 if (error) { 3634 /* let caller free mbuf */ 3635 return error; 3636 } 3637 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3638 } 3639 3640 if (sc->sc_epq[0].tx_nfree == 0) { 3641 /* let caller free mbuf */ 3642 DPRINTF("sending raw frame, but tx ring is full\n"); 3643 return (EIO); 3644 } 3645 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3646 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3647 sc->sc_epq[0].tx_nfree--; 3648 3649 txd = (struct rt2870_txd *)&data->desc; 3650 txd->flags = RT2860_TX_QSEL_EDCA; 3651 txwi = (struct rt2860_txwi *)(txd + 1); 3652 txwi->wcid = 0xff; 3653 txwi->xflags = xflags; 3654 txwi->txop = opflags; 3655 txwi->flags = 0; /* clear leftover garbage bits */ 3656 3657 data->m = m; 3658 data->ni = ni; 3659 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3660 if (rt2860_rates[ridx].rate == rate) 3661 break; 3662 data->ridx = ridx; 3663 3664 run_set_tx_desc(sc, data); 3665 3666 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3667 m->m_pkthdr.len, rate); 3668 3669 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3670 3671 usbd_transfer_start(sc->sc_xfer[0]); 3672 3673 return (0); 3674 } 3675 3676 static int 3677 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3678 const struct ieee80211_bpf_params *params) 3679 { 3680 struct run_softc *sc = ni->ni_ic->ic_softc; 3681 int error = 0; 3682 3683 RUN_LOCK(sc); 3684 3685 /* prevent management frames from being sent if we're not ready */ 3686 if (!(sc->sc_flags & RUN_RUNNING)) { 3687 error = ENETDOWN; 3688 goto done; 3689 } 3690 3691 if (params == NULL) { 3692 /* tx mgt packet */ 3693 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3694 DPRINTF("mgt tx failed\n"); 3695 goto done; 3696 } 3697 } else { 3698 /* tx raw packet with param */ 3699 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3700 DPRINTF("tx with param failed\n"); 3701 goto done; 3702 } 3703 } 3704 3705 done: 3706 RUN_UNLOCK(sc); 3707 3708 if (error != 0) { 3709 if(m != NULL) 3710 m_freem(m); 3711 } 3712 3713 return (error); 3714 } 3715 3716 static int 3717 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3718 { 3719 struct run_softc *sc = ic->ic_softc; 3720 int error; 3721 3722 RUN_LOCK(sc); 3723 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3724 RUN_UNLOCK(sc); 3725 return (ENXIO); 3726 } 3727 error = mbufq_enqueue(&sc->sc_snd, m); 3728 if (error) { 3729 RUN_UNLOCK(sc); 3730 return (error); 3731 } 3732 run_start(sc); 3733 RUN_UNLOCK(sc); 3734 3735 return (0); 3736 } 3737 3738 static void 3739 run_start(struct run_softc *sc) 3740 { 3741 struct ieee80211_node *ni; 3742 struct mbuf *m; 3743 3744 RUN_LOCK_ASSERT(sc, MA_OWNED); 3745 3746 if ((sc->sc_flags & RUN_RUNNING) == 0) 3747 return; 3748 3749 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3750 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3751 if (run_tx(sc, m, ni) != 0) { 3752 mbufq_prepend(&sc->sc_snd, m); 3753 break; 3754 } 3755 } 3756 } 3757 3758 static void 3759 run_parent(struct ieee80211com *ic) 3760 { 3761 struct run_softc *sc = ic->ic_softc; 3762 int startall = 0; 3763 3764 RUN_LOCK(sc); 3765 if (sc->sc_detached) { 3766 RUN_UNLOCK(sc); 3767 return; 3768 } 3769 3770 if (ic->ic_nrunning > 0) { 3771 if (!(sc->sc_flags & RUN_RUNNING)) { 3772 startall = 1; 3773 run_init_locked(sc); 3774 } else 3775 run_update_promisc_locked(sc); 3776 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3777 run_stop(sc); 3778 RUN_UNLOCK(sc); 3779 if (startall) 3780 ieee80211_start_all(ic); 3781 } 3782 3783 static void 3784 run_iq_calib(struct run_softc *sc, u_int chan) 3785 { 3786 uint16_t val; 3787 3788 /* Tx0 IQ gain. */ 3789 run_bbp_write(sc, 158, 0x2c); 3790 if (chan <= 14) 3791 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3792 else if (chan <= 64) { 3793 run_efuse_read(sc, 3794 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3795 &val, 1); 3796 } else if (chan <= 138) { 3797 run_efuse_read(sc, 3798 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3799 &val, 1); 3800 } else if (chan <= 165) { 3801 run_efuse_read(sc, 3802 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3803 &val, 1); 3804 } else 3805 val = 0; 3806 run_bbp_write(sc, 159, val); 3807 3808 /* Tx0 IQ phase. */ 3809 run_bbp_write(sc, 158, 0x2d); 3810 if (chan <= 14) { 3811 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3812 &val, 1); 3813 } else if (chan <= 64) { 3814 run_efuse_read(sc, 3815 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3816 &val, 1); 3817 } else if (chan <= 138) { 3818 run_efuse_read(sc, 3819 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3820 &val, 1); 3821 } else if (chan <= 165) { 3822 run_efuse_read(sc, 3823 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3824 &val, 1); 3825 } else 3826 val = 0; 3827 run_bbp_write(sc, 159, val); 3828 3829 /* Tx1 IQ gain. */ 3830 run_bbp_write(sc, 158, 0x4a); 3831 if (chan <= 14) { 3832 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3833 &val, 1); 3834 } else if (chan <= 64) { 3835 run_efuse_read(sc, 3836 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3837 &val, 1); 3838 } else if (chan <= 138) { 3839 run_efuse_read(sc, 3840 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3841 &val, 1); 3842 } else if (chan <= 165) { 3843 run_efuse_read(sc, 3844 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3845 &val, 1); 3846 } else 3847 val = 0; 3848 run_bbp_write(sc, 159, val); 3849 3850 /* Tx1 IQ phase. */ 3851 run_bbp_write(sc, 158, 0x4b); 3852 if (chan <= 14) { 3853 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3854 &val, 1); 3855 } else if (chan <= 64) { 3856 run_efuse_read(sc, 3857 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3858 &val, 1); 3859 } else if (chan <= 138) { 3860 run_efuse_read(sc, 3861 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3862 &val, 1); 3863 } else if (chan <= 165) { 3864 run_efuse_read(sc, 3865 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3866 &val, 1); 3867 } else 3868 val = 0; 3869 run_bbp_write(sc, 159, val); 3870 3871 /* RF IQ compensation control. */ 3872 run_bbp_write(sc, 158, 0x04); 3873 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3874 &val, 1); 3875 run_bbp_write(sc, 159, val); 3876 3877 /* RF IQ imbalance compensation control. */ 3878 run_bbp_write(sc, 158, 0x03); 3879 run_efuse_read(sc, 3880 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3881 run_bbp_write(sc, 159, val); 3882 } 3883 3884 static void 3885 run_set_agc(struct run_softc *sc, uint8_t agc) 3886 { 3887 uint8_t bbp; 3888 3889 if (sc->mac_ver == 0x3572) { 3890 run_bbp_read(sc, 27, &bbp); 3891 bbp &= ~(0x3 << 5); 3892 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3893 run_bbp_write(sc, 66, agc); 3894 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3895 run_bbp_write(sc, 66, agc); 3896 } else 3897 run_bbp_write(sc, 66, agc); 3898 } 3899 3900 static void 3901 run_select_chan_group(struct run_softc *sc, int group) 3902 { 3903 uint32_t tmp; 3904 uint8_t agc; 3905 3906 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3907 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3908 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3909 if (sc->mac_ver < 0x3572) 3910 run_bbp_write(sc, 86, 0x00); 3911 3912 if (sc->mac_ver == 0x3593) { 3913 run_bbp_write(sc, 77, 0x98); 3914 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3915 } 3916 3917 if (group == 0) { 3918 if (sc->ext_2ghz_lna) { 3919 if (sc->mac_ver >= 0x5390) 3920 run_bbp_write(sc, 75, 0x52); 3921 else { 3922 run_bbp_write(sc, 82, 0x62); 3923 run_bbp_write(sc, 75, 0x46); 3924 } 3925 } else { 3926 if (sc->mac_ver == 0x5592) { 3927 run_bbp_write(sc, 79, 0x1c); 3928 run_bbp_write(sc, 80, 0x0e); 3929 run_bbp_write(sc, 81, 0x3a); 3930 run_bbp_write(sc, 82, 0x62); 3931 3932 run_bbp_write(sc, 195, 0x80); 3933 run_bbp_write(sc, 196, 0xe0); 3934 run_bbp_write(sc, 195, 0x81); 3935 run_bbp_write(sc, 196, 0x1f); 3936 run_bbp_write(sc, 195, 0x82); 3937 run_bbp_write(sc, 196, 0x38); 3938 run_bbp_write(sc, 195, 0x83); 3939 run_bbp_write(sc, 196, 0x32); 3940 run_bbp_write(sc, 195, 0x85); 3941 run_bbp_write(sc, 196, 0x28); 3942 run_bbp_write(sc, 195, 0x86); 3943 run_bbp_write(sc, 196, 0x19); 3944 } else if (sc->mac_ver >= 0x5390) 3945 run_bbp_write(sc, 75, 0x50); 3946 else { 3947 run_bbp_write(sc, 82, 3948 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3949 run_bbp_write(sc, 75, 0x50); 3950 } 3951 } 3952 } else { 3953 if (sc->mac_ver == 0x5592) { 3954 run_bbp_write(sc, 79, 0x18); 3955 run_bbp_write(sc, 80, 0x08); 3956 run_bbp_write(sc, 81, 0x38); 3957 run_bbp_write(sc, 82, 0x92); 3958 3959 run_bbp_write(sc, 195, 0x80); 3960 run_bbp_write(sc, 196, 0xf0); 3961 run_bbp_write(sc, 195, 0x81); 3962 run_bbp_write(sc, 196, 0x1e); 3963 run_bbp_write(sc, 195, 0x82); 3964 run_bbp_write(sc, 196, 0x28); 3965 run_bbp_write(sc, 195, 0x83); 3966 run_bbp_write(sc, 196, 0x20); 3967 run_bbp_write(sc, 195, 0x85); 3968 run_bbp_write(sc, 196, 0x7f); 3969 run_bbp_write(sc, 195, 0x86); 3970 run_bbp_write(sc, 196, 0x7f); 3971 } else if (sc->mac_ver == 0x3572) 3972 run_bbp_write(sc, 82, 0x94); 3973 else 3974 run_bbp_write(sc, 82, 3975 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3976 if (sc->ext_5ghz_lna) 3977 run_bbp_write(sc, 75, 0x46); 3978 else 3979 run_bbp_write(sc, 75, 0x50); 3980 } 3981 3982 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3983 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3984 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3985 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3986 3987 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3988 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3989 if (sc->mac_ver == 0x3593) 3990 tmp |= 1 << 29 | 1 << 28; 3991 if (sc->nrxchains > 1) 3992 tmp |= RT2860_LNA_PE1_EN; 3993 if (group == 0) { /* 2GHz */ 3994 tmp |= RT2860_PA_PE_G0_EN; 3995 if (sc->ntxchains > 1) 3996 tmp |= RT2860_PA_PE_G1_EN; 3997 if (sc->mac_ver == 0x3593) { 3998 if (sc->ntxchains > 2) 3999 tmp |= 1 << 25; 4000 } 4001 } else { /* 5GHz */ 4002 tmp |= RT2860_PA_PE_A0_EN; 4003 if (sc->ntxchains > 1) 4004 tmp |= RT2860_PA_PE_A1_EN; 4005 } 4006 if (sc->mac_ver == 0x3572) { 4007 run_rt3070_rf_write(sc, 8, 0x00); 4008 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4009 run_rt3070_rf_write(sc, 8, 0x80); 4010 } else 4011 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4012 4013 if (sc->mac_ver == 0x5592) { 4014 run_bbp_write(sc, 195, 0x8d); 4015 run_bbp_write(sc, 196, 0x1a); 4016 } 4017 4018 if (sc->mac_ver == 0x3593) { 4019 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4020 tmp &= ~0x01010000; 4021 if (group == 0) 4022 tmp |= 0x00010000; 4023 tmp = (tmp & ~0x00009090) | 0x00000090; 4024 run_write(sc, RT2860_GPIO_CTRL, tmp); 4025 } 4026 4027 /* set initial AGC value */ 4028 if (group == 0) { /* 2GHz band */ 4029 if (sc->mac_ver >= 0x3070) 4030 agc = 0x1c + sc->lna[0] * 2; 4031 else 4032 agc = 0x2e + sc->lna[0]; 4033 } else { /* 5GHz band */ 4034 if (sc->mac_ver == 0x5592) 4035 agc = 0x24 + sc->lna[group] * 2; 4036 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4037 agc = 0x22 + (sc->lna[group] * 5) / 3; 4038 else 4039 agc = 0x32 + (sc->lna[group] * 5) / 3; 4040 } 4041 run_set_agc(sc, agc); 4042 } 4043 4044 static void 4045 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4046 { 4047 const struct rfprog *rfprog = rt2860_rf2850; 4048 uint32_t r2, r3, r4; 4049 int8_t txpow1, txpow2; 4050 int i; 4051 4052 /* find the settings for this channel (we know it exists) */ 4053 for (i = 0; rfprog[i].chan != chan; i++); 4054 4055 r2 = rfprog[i].r2; 4056 if (sc->ntxchains == 1) 4057 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4058 if (sc->nrxchains == 1) 4059 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4060 else if (sc->nrxchains == 2) 4061 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4062 4063 /* use Tx power values from EEPROM */ 4064 txpow1 = sc->txpow1[i]; 4065 txpow2 = sc->txpow2[i]; 4066 4067 /* Initialize RF R3 and R4. */ 4068 r3 = rfprog[i].r3 & 0xffffc1ff; 4069 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4070 if (chan > 14) { 4071 if (txpow1 >= 0) { 4072 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4073 r3 |= (txpow1 << 10) | (1 << 9); 4074 } else { 4075 txpow1 += 7; 4076 4077 /* txpow1 is not possible larger than 15. */ 4078 r3 |= (txpow1 << 10); 4079 } 4080 if (txpow2 >= 0) { 4081 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4082 r4 |= (txpow2 << 7) | (1 << 6); 4083 } else { 4084 txpow2 += 7; 4085 r4 |= (txpow2 << 7); 4086 } 4087 } else { 4088 /* Set Tx0 power. */ 4089 r3 |= (txpow1 << 9); 4090 4091 /* Set frequency offset and Tx1 power. */ 4092 r4 |= (txpow2 << 6); 4093 } 4094 4095 run_rt2870_rf_write(sc, rfprog[i].r1); 4096 run_rt2870_rf_write(sc, r2); 4097 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4098 run_rt2870_rf_write(sc, r4); 4099 4100 run_delay(sc, 10); 4101 4102 run_rt2870_rf_write(sc, rfprog[i].r1); 4103 run_rt2870_rf_write(sc, r2); 4104 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4105 run_rt2870_rf_write(sc, r4); 4106 4107 run_delay(sc, 10); 4108 4109 run_rt2870_rf_write(sc, rfprog[i].r1); 4110 run_rt2870_rf_write(sc, r2); 4111 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4112 run_rt2870_rf_write(sc, r4); 4113 } 4114 4115 static void 4116 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4117 { 4118 int8_t txpow1, txpow2; 4119 uint8_t rf; 4120 int i; 4121 4122 /* find the settings for this channel (we know it exists) */ 4123 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4124 4125 /* use Tx power values from EEPROM */ 4126 txpow1 = sc->txpow1[i]; 4127 txpow2 = sc->txpow2[i]; 4128 4129 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4130 4131 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4132 run_rt3070_rf_read(sc, 3, &rf); 4133 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4134 run_rt3070_rf_write(sc, 3, rf); 4135 4136 run_rt3070_rf_read(sc, 6, &rf); 4137 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4138 run_rt3070_rf_write(sc, 6, rf); 4139 4140 /* set Tx0 power */ 4141 run_rt3070_rf_read(sc, 12, &rf); 4142 rf = (rf & ~0x1f) | txpow1; 4143 run_rt3070_rf_write(sc, 12, rf); 4144 4145 /* set Tx1 power */ 4146 run_rt3070_rf_read(sc, 13, &rf); 4147 rf = (rf & ~0x1f) | txpow2; 4148 run_rt3070_rf_write(sc, 13, rf); 4149 4150 run_rt3070_rf_read(sc, 1, &rf); 4151 rf &= ~0xfc; 4152 if (sc->ntxchains == 1) 4153 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4154 else if (sc->ntxchains == 2) 4155 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4156 if (sc->nrxchains == 1) 4157 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4158 else if (sc->nrxchains == 2) 4159 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4160 run_rt3070_rf_write(sc, 1, rf); 4161 4162 /* set RF offset */ 4163 run_rt3070_rf_read(sc, 23, &rf); 4164 rf = (rf & ~0x7f) | sc->freq; 4165 run_rt3070_rf_write(sc, 23, rf); 4166 4167 /* program RF filter */ 4168 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4169 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4170 run_rt3070_rf_write(sc, 24, rf); 4171 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4172 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4173 run_rt3070_rf_write(sc, 31, rf); 4174 4175 /* enable RF tuning */ 4176 run_rt3070_rf_read(sc, 7, &rf); 4177 run_rt3070_rf_write(sc, 7, rf | 0x01); 4178 } 4179 4180 static void 4181 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4182 { 4183 int8_t txpow1, txpow2; 4184 uint32_t tmp; 4185 uint8_t rf; 4186 int i; 4187 4188 /* find the settings for this channel (we know it exists) */ 4189 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4190 4191 /* use Tx power values from EEPROM */ 4192 txpow1 = sc->txpow1[i]; 4193 txpow2 = sc->txpow2[i]; 4194 4195 if (chan <= 14) { 4196 run_bbp_write(sc, 25, sc->bbp25); 4197 run_bbp_write(sc, 26, sc->bbp26); 4198 } else { 4199 /* enable IQ phase correction */ 4200 run_bbp_write(sc, 25, 0x09); 4201 run_bbp_write(sc, 26, 0xff); 4202 } 4203 4204 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4205 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4206 run_rt3070_rf_read(sc, 6, &rf); 4207 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4208 rf |= (chan <= 14) ? 0x08 : 0x04; 4209 run_rt3070_rf_write(sc, 6, rf); 4210 4211 /* set PLL mode */ 4212 run_rt3070_rf_read(sc, 5, &rf); 4213 rf &= ~(0x08 | 0x04); 4214 rf |= (chan <= 14) ? 0x04 : 0x08; 4215 run_rt3070_rf_write(sc, 5, rf); 4216 4217 /* set Tx power for chain 0 */ 4218 if (chan <= 14) 4219 rf = 0x60 | txpow1; 4220 else 4221 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4222 run_rt3070_rf_write(sc, 12, rf); 4223 4224 /* set Tx power for chain 1 */ 4225 if (chan <= 14) 4226 rf = 0x60 | txpow2; 4227 else 4228 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4229 run_rt3070_rf_write(sc, 13, rf); 4230 4231 /* set Tx/Rx streams */ 4232 run_rt3070_rf_read(sc, 1, &rf); 4233 rf &= ~0xfc; 4234 if (sc->ntxchains == 1) 4235 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4236 else if (sc->ntxchains == 2) 4237 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4238 if (sc->nrxchains == 1) 4239 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4240 else if (sc->nrxchains == 2) 4241 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4242 run_rt3070_rf_write(sc, 1, rf); 4243 4244 /* set RF offset */ 4245 run_rt3070_rf_read(sc, 23, &rf); 4246 rf = (rf & ~0x7f) | sc->freq; 4247 run_rt3070_rf_write(sc, 23, rf); 4248 4249 /* program RF filter */ 4250 rf = sc->rf24_20mhz; 4251 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4252 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4253 4254 /* enable RF tuning */ 4255 run_rt3070_rf_read(sc, 7, &rf); 4256 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4257 run_rt3070_rf_write(sc, 7, rf); 4258 4259 /* TSSI */ 4260 rf = (chan <= 14) ? 0xc3 : 0xc0; 4261 run_rt3070_rf_write(sc, 9, rf); 4262 4263 /* set loop filter 1 */ 4264 run_rt3070_rf_write(sc, 10, 0xf1); 4265 /* set loop filter 2 */ 4266 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4267 4268 /* set tx_mx2_ic */ 4269 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4270 /* set tx_mx1_ic */ 4271 if (chan <= 14) 4272 rf = 0x48 | sc->txmixgain_2ghz; 4273 else 4274 rf = 0x78 | sc->txmixgain_5ghz; 4275 run_rt3070_rf_write(sc, 16, rf); 4276 4277 /* set tx_lo1 */ 4278 run_rt3070_rf_write(sc, 17, 0x23); 4279 /* set tx_lo2 */ 4280 if (chan <= 14) 4281 rf = 0x93; 4282 else if (chan <= 64) 4283 rf = 0xb7; 4284 else if (chan <= 128) 4285 rf = 0x74; 4286 else 4287 rf = 0x72; 4288 run_rt3070_rf_write(sc, 19, rf); 4289 4290 /* set rx_lo1 */ 4291 if (chan <= 14) 4292 rf = 0xb3; 4293 else if (chan <= 64) 4294 rf = 0xf6; 4295 else if (chan <= 128) 4296 rf = 0xf4; 4297 else 4298 rf = 0xf3; 4299 run_rt3070_rf_write(sc, 20, rf); 4300 4301 /* set pfd_delay */ 4302 if (chan <= 14) 4303 rf = 0x15; 4304 else if (chan <= 64) 4305 rf = 0x3d; 4306 else 4307 rf = 0x01; 4308 run_rt3070_rf_write(sc, 25, rf); 4309 4310 /* set rx_lo2 */ 4311 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4312 /* set ldo_rf_vc */ 4313 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4314 /* set drv_cc */ 4315 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4316 4317 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4318 tmp &= ~0x8080; 4319 if (chan <= 14) 4320 tmp |= 0x80; 4321 run_write(sc, RT2860_GPIO_CTRL, tmp); 4322 4323 /* enable RF tuning */ 4324 run_rt3070_rf_read(sc, 7, &rf); 4325 run_rt3070_rf_write(sc, 7, rf | 0x01); 4326 4327 run_delay(sc, 2); 4328 } 4329 4330 static void 4331 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4332 { 4333 int8_t txpow1, txpow2, txpow3; 4334 uint8_t h20mhz, rf; 4335 int i; 4336 4337 /* find the settings for this channel (we know it exists) */ 4338 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4339 4340 /* use Tx power values from EEPROM */ 4341 txpow1 = sc->txpow1[i]; 4342 txpow2 = sc->txpow2[i]; 4343 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4344 4345 if (chan <= 14) { 4346 run_bbp_write(sc, 25, sc->bbp25); 4347 run_bbp_write(sc, 26, sc->bbp26); 4348 } else { 4349 /* Enable IQ phase correction. */ 4350 run_bbp_write(sc, 25, 0x09); 4351 run_bbp_write(sc, 26, 0xff); 4352 } 4353 4354 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4355 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4356 run_rt3070_rf_read(sc, 11, &rf); 4357 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4358 run_rt3070_rf_write(sc, 11, rf); 4359 4360 /* Set pll_idoh. */ 4361 run_rt3070_rf_read(sc, 11, &rf); 4362 rf &= ~0x4c; 4363 rf |= (chan <= 14) ? 0x44 : 0x48; 4364 run_rt3070_rf_write(sc, 11, rf); 4365 4366 if (chan <= 14) 4367 rf = txpow1 & 0x1f; 4368 else 4369 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4370 run_rt3070_rf_write(sc, 53, rf); 4371 4372 if (chan <= 14) 4373 rf = txpow2 & 0x1f; 4374 else 4375 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4376 run_rt3070_rf_write(sc, 55, rf); 4377 4378 if (chan <= 14) 4379 rf = txpow3 & 0x1f; 4380 else 4381 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4382 run_rt3070_rf_write(sc, 54, rf); 4383 4384 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4385 if (sc->ntxchains == 3) 4386 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4387 else 4388 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4389 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4390 run_rt3070_rf_write(sc, 1, rf); 4391 4392 run_adjust_freq_offset(sc); 4393 4394 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4395 4396 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4397 run_rt3070_rf_read(sc, 30, &rf); 4398 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4399 run_rt3070_rf_write(sc, 30, rf); 4400 4401 run_rt3070_rf_read(sc, 36, &rf); 4402 if (chan <= 14) 4403 rf |= 0x80; 4404 else 4405 rf &= ~0x80; 4406 run_rt3070_rf_write(sc, 36, rf); 4407 4408 /* Set vcolo_bs. */ 4409 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4410 /* Set pfd_delay. */ 4411 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4412 4413 /* Set vco bias current control. */ 4414 run_rt3070_rf_read(sc, 6, &rf); 4415 rf &= ~0xc0; 4416 if (chan <= 14) 4417 rf |= 0x40; 4418 else if (chan <= 128) 4419 rf |= 0x80; 4420 else 4421 rf |= 0x40; 4422 run_rt3070_rf_write(sc, 6, rf); 4423 4424 run_rt3070_rf_read(sc, 30, &rf); 4425 rf = (rf & ~0x18) | 0x10; 4426 run_rt3070_rf_write(sc, 30, rf); 4427 4428 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4429 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4430 4431 run_rt3070_rf_read(sc, 51, &rf); 4432 rf = (rf & ~0x03) | 0x01; 4433 run_rt3070_rf_write(sc, 51, rf); 4434 /* Set tx_mx1_cc. */ 4435 run_rt3070_rf_read(sc, 51, &rf); 4436 rf &= ~0x1c; 4437 rf |= (chan <= 14) ? 0x14 : 0x10; 4438 run_rt3070_rf_write(sc, 51, rf); 4439 /* Set tx_mx1_ic. */ 4440 run_rt3070_rf_read(sc, 51, &rf); 4441 rf &= ~0xe0; 4442 rf |= (chan <= 14) ? 0x60 : 0x40; 4443 run_rt3070_rf_write(sc, 51, rf); 4444 /* Set tx_lo1_ic. */ 4445 run_rt3070_rf_read(sc, 49, &rf); 4446 rf &= ~0x1c; 4447 rf |= (chan <= 14) ? 0x0c : 0x08; 4448 run_rt3070_rf_write(sc, 49, rf); 4449 /* Set tx_lo1_en. */ 4450 run_rt3070_rf_read(sc, 50, &rf); 4451 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4452 /* Set drv_cc. */ 4453 run_rt3070_rf_read(sc, 57, &rf); 4454 rf &= ~0xfc; 4455 rf |= (chan <= 14) ? 0x6c : 0x3c; 4456 run_rt3070_rf_write(sc, 57, rf); 4457 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4458 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4459 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4460 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4461 /* Enable VCO calibration. */ 4462 run_rt3070_rf_read(sc, 3, &rf); 4463 rf &= ~RT5390_VCOCAL; 4464 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4465 run_rt3070_rf_write(sc, 3, rf); 4466 4467 if (chan <= 14) 4468 rf = 0x23; 4469 else if (chan <= 64) 4470 rf = 0x36; 4471 else if (chan <= 128) 4472 rf = 0x32; 4473 else 4474 rf = 0x30; 4475 run_rt3070_rf_write(sc, 39, rf); 4476 if (chan <= 14) 4477 rf = 0xbb; 4478 else if (chan <= 64) 4479 rf = 0xeb; 4480 else if (chan <= 128) 4481 rf = 0xb3; 4482 else 4483 rf = 0x9b; 4484 run_rt3070_rf_write(sc, 45, rf); 4485 4486 /* Set FEQ/AEQ control. */ 4487 run_bbp_write(sc, 105, 0x34); 4488 } 4489 4490 static void 4491 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4492 { 4493 int8_t txpow1, txpow2; 4494 uint8_t rf; 4495 int i; 4496 4497 /* find the settings for this channel (we know it exists) */ 4498 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4499 4500 /* use Tx power values from EEPROM */ 4501 txpow1 = sc->txpow1[i]; 4502 txpow2 = sc->txpow2[i]; 4503 4504 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4505 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4506 run_rt3070_rf_read(sc, 11, &rf); 4507 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4508 run_rt3070_rf_write(sc, 11, rf); 4509 4510 run_rt3070_rf_read(sc, 49, &rf); 4511 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4512 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4513 if ((rf & 0x3f) > 0x27) 4514 rf = (rf & ~0x3f) | 0x27; 4515 run_rt3070_rf_write(sc, 49, rf); 4516 4517 if (sc->mac_ver == 0x5392) { 4518 run_rt3070_rf_read(sc, 50, &rf); 4519 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4520 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4521 if ((rf & 0x3f) > 0x27) 4522 rf = (rf & ~0x3f) | 0x27; 4523 run_rt3070_rf_write(sc, 50, rf); 4524 } 4525 4526 run_rt3070_rf_read(sc, 1, &rf); 4527 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4528 if (sc->mac_ver == 0x5392) 4529 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4530 run_rt3070_rf_write(sc, 1, rf); 4531 4532 if (sc->mac_ver != 0x5392) { 4533 run_rt3070_rf_read(sc, 2, &rf); 4534 rf |= 0x80; 4535 run_rt3070_rf_write(sc, 2, rf); 4536 run_delay(sc, 10); 4537 rf &= 0x7f; 4538 run_rt3070_rf_write(sc, 2, rf); 4539 } 4540 4541 run_adjust_freq_offset(sc); 4542 4543 if (sc->mac_ver == 0x5392) { 4544 /* Fix for RT5392C. */ 4545 if (sc->mac_rev >= 0x0223) { 4546 if (chan <= 4) 4547 rf = 0x0f; 4548 else if (chan >= 5 && chan <= 7) 4549 rf = 0x0e; 4550 else 4551 rf = 0x0d; 4552 run_rt3070_rf_write(sc, 23, rf); 4553 4554 if (chan <= 4) 4555 rf = 0x0c; 4556 else if (chan == 5) 4557 rf = 0x0b; 4558 else if (chan >= 6 && chan <= 7) 4559 rf = 0x0a; 4560 else if (chan >= 8 && chan <= 10) 4561 rf = 0x09; 4562 else 4563 rf = 0x08; 4564 run_rt3070_rf_write(sc, 59, rf); 4565 } else { 4566 if (chan <= 11) 4567 rf = 0x0f; 4568 else 4569 rf = 0x0b; 4570 run_rt3070_rf_write(sc, 59, rf); 4571 } 4572 } else { 4573 /* Fix for RT5390F. */ 4574 if (sc->mac_rev >= 0x0502) { 4575 if (chan <= 11) 4576 rf = 0x43; 4577 else 4578 rf = 0x23; 4579 run_rt3070_rf_write(sc, 55, rf); 4580 4581 if (chan <= 11) 4582 rf = 0x0f; 4583 else if (chan == 12) 4584 rf = 0x0d; 4585 else 4586 rf = 0x0b; 4587 run_rt3070_rf_write(sc, 59, rf); 4588 } else { 4589 run_rt3070_rf_write(sc, 55, 0x44); 4590 run_rt3070_rf_write(sc, 59, 0x8f); 4591 } 4592 } 4593 4594 /* Enable VCO calibration. */ 4595 run_rt3070_rf_read(sc, 3, &rf); 4596 rf |= RT5390_VCOCAL; 4597 run_rt3070_rf_write(sc, 3, rf); 4598 } 4599 4600 static void 4601 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4602 { 4603 const struct rt5592_freqs *freqs; 4604 uint32_t tmp; 4605 uint8_t reg, rf, txpow_bound; 4606 int8_t txpow1, txpow2; 4607 int i; 4608 4609 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4610 freqs = (tmp & RT5592_SEL_XTAL) ? 4611 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4612 4613 /* find the settings for this channel (we know it exists) */ 4614 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4615 4616 /* use Tx power values from EEPROM */ 4617 txpow1 = sc->txpow1[i]; 4618 txpow2 = sc->txpow2[i]; 4619 4620 run_read(sc, RT3070_LDO_CFG0, &tmp); 4621 tmp &= ~0x1c000000; 4622 if (chan > 14) 4623 tmp |= 0x14000000; 4624 run_write(sc, RT3070_LDO_CFG0, tmp); 4625 4626 /* N setting. */ 4627 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4628 run_rt3070_rf_read(sc, 9, &rf); 4629 rf &= ~(1 << 4); 4630 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4631 run_rt3070_rf_write(sc, 9, rf); 4632 4633 /* K setting. */ 4634 run_rt3070_rf_read(sc, 9, &rf); 4635 rf &= ~0x0f; 4636 rf |= (freqs->k & 0x0f); 4637 run_rt3070_rf_write(sc, 9, rf); 4638 4639 /* Mode setting. */ 4640 run_rt3070_rf_read(sc, 11, &rf); 4641 rf &= ~0x0c; 4642 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4643 run_rt3070_rf_write(sc, 11, rf); 4644 run_rt3070_rf_read(sc, 9, &rf); 4645 rf &= ~(1 << 7); 4646 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4647 run_rt3070_rf_write(sc, 9, rf); 4648 4649 /* R setting. */ 4650 run_rt3070_rf_read(sc, 11, &rf); 4651 rf &= ~0x03; 4652 rf |= (freqs->r - 0x1); 4653 run_rt3070_rf_write(sc, 11, rf); 4654 4655 if (chan <= 14) { 4656 /* Initialize RF registers for 2GHZ. */ 4657 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4658 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4659 rt5592_2ghz_def_rf[i].val); 4660 } 4661 4662 rf = (chan <= 10) ? 0x07 : 0x06; 4663 run_rt3070_rf_write(sc, 23, rf); 4664 run_rt3070_rf_write(sc, 59, rf); 4665 4666 run_rt3070_rf_write(sc, 55, 0x43); 4667 4668 /* 4669 * RF R49/R50 Tx power ALC code. 4670 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4671 */ 4672 reg = 2; 4673 txpow_bound = 0x27; 4674 } else { 4675 /* Initialize RF registers for 5GHZ. */ 4676 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4677 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4678 rt5592_5ghz_def_rf[i].val); 4679 } 4680 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4681 if (chan >= rt5592_chan_5ghz[i].firstchan && 4682 chan <= rt5592_chan_5ghz[i].lastchan) { 4683 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4684 rt5592_chan_5ghz[i].val); 4685 } 4686 } 4687 4688 /* 4689 * RF R49/R50 Tx power ALC code. 4690 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4691 */ 4692 reg = 3; 4693 txpow_bound = 0x2b; 4694 } 4695 4696 /* RF R49 ch0 Tx power ALC code. */ 4697 run_rt3070_rf_read(sc, 49, &rf); 4698 rf &= ~0xc0; 4699 rf |= (reg << 6); 4700 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4701 if ((rf & 0x3f) > txpow_bound) 4702 rf = (rf & ~0x3f) | txpow_bound; 4703 run_rt3070_rf_write(sc, 49, rf); 4704 4705 /* RF R50 ch1 Tx power ALC code. */ 4706 run_rt3070_rf_read(sc, 50, &rf); 4707 rf &= ~(1 << 7 | 1 << 6); 4708 rf |= (reg << 6); 4709 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4710 if ((rf & 0x3f) > txpow_bound) 4711 rf = (rf & ~0x3f) | txpow_bound; 4712 run_rt3070_rf_write(sc, 50, rf); 4713 4714 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4715 run_rt3070_rf_read(sc, 1, &rf); 4716 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4717 if (sc->ntxchains > 1) 4718 rf |= RT3070_TX1_PD; 4719 if (sc->nrxchains > 1) 4720 rf |= RT3070_RX1_PD; 4721 run_rt3070_rf_write(sc, 1, rf); 4722 4723 run_rt3070_rf_write(sc, 6, 0xe4); 4724 4725 run_rt3070_rf_write(sc, 30, 0x10); 4726 run_rt3070_rf_write(sc, 31, 0x80); 4727 run_rt3070_rf_write(sc, 32, 0x80); 4728 4729 run_adjust_freq_offset(sc); 4730 4731 /* Enable VCO calibration. */ 4732 run_rt3070_rf_read(sc, 3, &rf); 4733 rf |= RT5390_VCOCAL; 4734 run_rt3070_rf_write(sc, 3, rf); 4735 } 4736 4737 static void 4738 run_set_rx_antenna(struct run_softc *sc, int aux) 4739 { 4740 uint32_t tmp; 4741 uint8_t bbp152; 4742 4743 if (aux) { 4744 if (sc->rf_rev == RT5390_RF_5370) { 4745 run_bbp_read(sc, 152, &bbp152); 4746 run_bbp_write(sc, 152, bbp152 & ~0x80); 4747 } else { 4748 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4749 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4750 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4751 } 4752 } else { 4753 if (sc->rf_rev == RT5390_RF_5370) { 4754 run_bbp_read(sc, 152, &bbp152); 4755 run_bbp_write(sc, 152, bbp152 | 0x80); 4756 } else { 4757 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4758 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4759 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4760 } 4761 } 4762 } 4763 4764 static int 4765 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4766 { 4767 struct ieee80211com *ic = &sc->sc_ic; 4768 u_int chan, group; 4769 4770 chan = ieee80211_chan2ieee(ic, c); 4771 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4772 return (EINVAL); 4773 4774 if (sc->mac_ver == 0x5592) 4775 run_rt5592_set_chan(sc, chan); 4776 else if (sc->mac_ver >= 0x5390) 4777 run_rt5390_set_chan(sc, chan); 4778 else if (sc->mac_ver == 0x3593) 4779 run_rt3593_set_chan(sc, chan); 4780 else if (sc->mac_ver == 0x3572) 4781 run_rt3572_set_chan(sc, chan); 4782 else if (sc->mac_ver >= 0x3070) 4783 run_rt3070_set_chan(sc, chan); 4784 else 4785 run_rt2870_set_chan(sc, chan); 4786 4787 /* determine channel group */ 4788 if (chan <= 14) 4789 group = 0; 4790 else if (chan <= 64) 4791 group = 1; 4792 else if (chan <= 128) 4793 group = 2; 4794 else 4795 group = 3; 4796 4797 /* XXX necessary only when group has changed! */ 4798 run_select_chan_group(sc, group); 4799 4800 run_delay(sc, 10); 4801 4802 /* Perform IQ calibration. */ 4803 if (sc->mac_ver >= 0x5392) 4804 run_iq_calib(sc, chan); 4805 4806 return (0); 4807 } 4808 4809 static void 4810 run_set_channel(struct ieee80211com *ic) 4811 { 4812 struct run_softc *sc = ic->ic_softc; 4813 4814 RUN_LOCK(sc); 4815 run_set_chan(sc, ic->ic_curchan); 4816 RUN_UNLOCK(sc); 4817 4818 return; 4819 } 4820 4821 static void 4822 run_scan_start(struct ieee80211com *ic) 4823 { 4824 struct run_softc *sc = ic->ic_softc; 4825 uint32_t tmp; 4826 4827 RUN_LOCK(sc); 4828 4829 /* abort TSF synchronization */ 4830 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4831 run_write(sc, RT2860_BCN_TIME_CFG, 4832 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4833 RT2860_TBTT_TIMER_EN)); 4834 run_set_bssid(sc, ieee80211broadcastaddr); 4835 4836 RUN_UNLOCK(sc); 4837 4838 return; 4839 } 4840 4841 static void 4842 run_scan_end(struct ieee80211com *ic) 4843 { 4844 struct run_softc *sc = ic->ic_softc; 4845 4846 RUN_LOCK(sc); 4847 4848 run_enable_tsf_sync(sc); 4849 run_set_bssid(sc, sc->sc_bssid); 4850 4851 RUN_UNLOCK(sc); 4852 4853 return; 4854 } 4855 4856 /* 4857 * Could be called from ieee80211_node_timeout() 4858 * (non-sleepable thread) 4859 */ 4860 static void 4861 run_update_beacon(struct ieee80211vap *vap, int item) 4862 { 4863 struct ieee80211com *ic = vap->iv_ic; 4864 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4865 struct ieee80211_node *ni = vap->iv_bss; 4866 struct run_softc *sc = ic->ic_softc; 4867 struct run_vap *rvp = RUN_VAP(vap); 4868 int mcast = 0; 4869 uint32_t i; 4870 4871 switch (item) { 4872 case IEEE80211_BEACON_ERP: 4873 run_updateslot(ic); 4874 break; 4875 case IEEE80211_BEACON_HTINFO: 4876 run_updateprot(ic); 4877 break; 4878 case IEEE80211_BEACON_TIM: 4879 mcast = 1; /*TODO*/ 4880 break; 4881 default: 4882 break; 4883 } 4884 4885 setbit(bo->bo_flags, item); 4886 if (rvp->beacon_mbuf == NULL) { 4887 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4888 if (rvp->beacon_mbuf == NULL) 4889 return; 4890 } 4891 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4892 4893 i = RUN_CMDQ_GET(&sc->cmdq_store); 4894 DPRINTF("cmdq_store=%d\n", i); 4895 sc->cmdq[i].func = run_update_beacon_cb; 4896 sc->cmdq[i].arg0 = vap; 4897 ieee80211_runtask(ic, &sc->cmdq_task); 4898 4899 return; 4900 } 4901 4902 static void 4903 run_update_beacon_cb(void *arg) 4904 { 4905 struct ieee80211vap *vap = arg; 4906 struct ieee80211_node *ni = vap->iv_bss; 4907 struct run_vap *rvp = RUN_VAP(vap); 4908 struct ieee80211com *ic = vap->iv_ic; 4909 struct run_softc *sc = ic->ic_softc; 4910 struct rt2860_txwi txwi; 4911 struct mbuf *m; 4912 uint16_t txwisize; 4913 uint8_t ridx; 4914 4915 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4916 return; 4917 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4918 return; 4919 4920 /* 4921 * No need to call ieee80211_beacon_update(), run_update_beacon() 4922 * is taking care of appropriate calls. 4923 */ 4924 if (rvp->beacon_mbuf == NULL) { 4925 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4926 if (rvp->beacon_mbuf == NULL) 4927 return; 4928 } 4929 m = rvp->beacon_mbuf; 4930 4931 memset(&txwi, 0, sizeof(txwi)); 4932 txwi.wcid = 0xff; 4933 txwi.len = htole16(m->m_pkthdr.len); 4934 4935 /* send beacons at the lowest available rate */ 4936 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4937 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4938 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4939 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4940 txwi.phy |= htole16(RT2860_PHY_OFDM); 4941 txwi.txop = RT2860_TX_TXOP_HT; 4942 txwi.flags = RT2860_TX_TS; 4943 txwi.xflags = RT2860_TX_NSEQ; 4944 4945 txwisize = (sc->mac_ver == 0x5592) ? 4946 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4947 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4948 txwisize); 4949 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4950 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4951 } 4952 4953 static void 4954 run_updateprot(struct ieee80211com *ic) 4955 { 4956 struct run_softc *sc = ic->ic_softc; 4957 uint32_t i; 4958 4959 i = RUN_CMDQ_GET(&sc->cmdq_store); 4960 DPRINTF("cmdq_store=%d\n", i); 4961 sc->cmdq[i].func = run_updateprot_cb; 4962 sc->cmdq[i].arg0 = ic; 4963 ieee80211_runtask(ic, &sc->cmdq_task); 4964 } 4965 4966 static void 4967 run_updateprot_cb(void *arg) 4968 { 4969 struct ieee80211com *ic = arg; 4970 struct run_softc *sc = ic->ic_softc; 4971 uint32_t tmp; 4972 4973 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4974 /* setup protection frame rate (MCS code) */ 4975 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4976 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4977 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4978 4979 /* CCK frames don't require protection */ 4980 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4981 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4982 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4983 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4984 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4985 tmp |= RT2860_PROT_CTRL_CTS; 4986 } 4987 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4988 } 4989 4990 static void 4991 run_usb_timeout_cb(void *arg) 4992 { 4993 struct ieee80211vap *vap = arg; 4994 struct run_softc *sc = vap->iv_ic->ic_softc; 4995 4996 RUN_LOCK_ASSERT(sc, MA_OWNED); 4997 4998 if(vap->iv_state == IEEE80211_S_RUN && 4999 vap->iv_opmode != IEEE80211_M_STA) 5000 run_reset_livelock(sc); 5001 else if (vap->iv_state == IEEE80211_S_SCAN) { 5002 DPRINTF("timeout caused by scan\n"); 5003 /* cancel bgscan */ 5004 ieee80211_cancel_scan(vap); 5005 } else 5006 DPRINTF("timeout by unknown cause\n"); 5007 } 5008 5009 static void 5010 run_reset_livelock(struct run_softc *sc) 5011 { 5012 uint32_t tmp; 5013 5014 RUN_LOCK_ASSERT(sc, MA_OWNED); 5015 5016 /* 5017 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5018 * can run into a livelock and start sending CTS-to-self frames like 5019 * crazy if protection is enabled. Reset MAC/BBP for a while 5020 */ 5021 run_read(sc, RT2860_DEBUG, &tmp); 5022 DPRINTFN(3, "debug reg %08x\n", tmp); 5023 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5024 DPRINTF("CTS-to-self livelock detected\n"); 5025 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5026 run_delay(sc, 1); 5027 run_write(sc, RT2860_MAC_SYS_CTRL, 5028 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5029 } 5030 } 5031 5032 static void 5033 run_update_promisc_locked(struct run_softc *sc) 5034 { 5035 uint32_t tmp; 5036 5037 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5038 5039 tmp |= RT2860_DROP_UC_NOME; 5040 if (sc->sc_ic.ic_promisc > 0) 5041 tmp &= ~RT2860_DROP_UC_NOME; 5042 5043 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5044 5045 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5046 "entering" : "leaving"); 5047 } 5048 5049 static void 5050 run_update_promisc(struct ieee80211com *ic) 5051 { 5052 struct run_softc *sc = ic->ic_softc; 5053 5054 if ((sc->sc_flags & RUN_RUNNING) == 0) 5055 return; 5056 5057 RUN_LOCK(sc); 5058 run_update_promisc_locked(sc); 5059 RUN_UNLOCK(sc); 5060 } 5061 5062 static void 5063 run_enable_tsf_sync(struct run_softc *sc) 5064 { 5065 struct ieee80211com *ic = &sc->sc_ic; 5066 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5067 uint32_t tmp; 5068 5069 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5070 ic->ic_opmode); 5071 5072 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5073 tmp &= ~0x1fffff; 5074 tmp |= vap->iv_bss->ni_intval * 16; 5075 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5076 5077 if (ic->ic_opmode == IEEE80211_M_STA) { 5078 /* 5079 * Local TSF is always updated with remote TSF on beacon 5080 * reception. 5081 */ 5082 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5083 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5084 tmp |= RT2860_BCN_TX_EN; 5085 /* 5086 * Local TSF is updated with remote TSF on beacon reception 5087 * only if the remote TSF is greater than local TSF. 5088 */ 5089 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5090 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5091 ic->ic_opmode == IEEE80211_M_MBSS) { 5092 tmp |= RT2860_BCN_TX_EN; 5093 /* SYNC with nobody */ 5094 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5095 } else { 5096 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5097 return; 5098 } 5099 5100 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5101 } 5102 5103 static void 5104 run_enable_tsf(struct run_softc *sc) 5105 { 5106 uint32_t tmp; 5107 5108 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5109 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5110 tmp |= RT2860_TSF_TIMER_EN; 5111 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5112 } 5113 } 5114 5115 static void 5116 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5117 { 5118 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5119 sizeof(*buf)); 5120 } 5121 5122 static void 5123 run_enable_mrr(struct run_softc *sc) 5124 { 5125 #define CCK(mcs) (mcs) 5126 #define OFDM(mcs) (1 << 3 | (mcs)) 5127 run_write(sc, RT2860_LG_FBK_CFG0, 5128 OFDM(6) << 28 | /* 54->48 */ 5129 OFDM(5) << 24 | /* 48->36 */ 5130 OFDM(4) << 20 | /* 36->24 */ 5131 OFDM(3) << 16 | /* 24->18 */ 5132 OFDM(2) << 12 | /* 18->12 */ 5133 OFDM(1) << 8 | /* 12-> 9 */ 5134 OFDM(0) << 4 | /* 9-> 6 */ 5135 OFDM(0)); /* 6-> 6 */ 5136 5137 run_write(sc, RT2860_LG_FBK_CFG1, 5138 CCK(2) << 12 | /* 11->5.5 */ 5139 CCK(1) << 8 | /* 5.5-> 2 */ 5140 CCK(0) << 4 | /* 2-> 1 */ 5141 CCK(0)); /* 1-> 1 */ 5142 #undef OFDM 5143 #undef CCK 5144 } 5145 5146 static void 5147 run_set_txpreamble(struct run_softc *sc) 5148 { 5149 struct ieee80211com *ic = &sc->sc_ic; 5150 uint32_t tmp; 5151 5152 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5153 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5154 tmp |= RT2860_CCK_SHORT_EN; 5155 else 5156 tmp &= ~RT2860_CCK_SHORT_EN; 5157 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5158 } 5159 5160 static void 5161 run_set_basicrates(struct run_softc *sc) 5162 { 5163 struct ieee80211com *ic = &sc->sc_ic; 5164 5165 /* set basic rates mask */ 5166 if (ic->ic_curmode == IEEE80211_MODE_11B) 5167 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5168 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5169 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5170 else /* 11g */ 5171 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5172 } 5173 5174 static void 5175 run_set_leds(struct run_softc *sc, uint16_t which) 5176 { 5177 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5178 which | (sc->leds & 0x7f)); 5179 } 5180 5181 static void 5182 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5183 { 5184 run_write(sc, RT2860_MAC_BSSID_DW0, 5185 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5186 run_write(sc, RT2860_MAC_BSSID_DW1, 5187 bssid[4] | bssid[5] << 8); 5188 } 5189 5190 static void 5191 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5192 { 5193 run_write(sc, RT2860_MAC_ADDR_DW0, 5194 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5195 run_write(sc, RT2860_MAC_ADDR_DW1, 5196 addr[4] | addr[5] << 8 | 0xff << 16); 5197 } 5198 5199 static void 5200 run_updateslot(struct ieee80211com *ic) 5201 { 5202 struct run_softc *sc = ic->ic_softc; 5203 uint32_t i; 5204 5205 i = RUN_CMDQ_GET(&sc->cmdq_store); 5206 DPRINTF("cmdq_store=%d\n", i); 5207 sc->cmdq[i].func = run_updateslot_cb; 5208 sc->cmdq[i].arg0 = ic; 5209 ieee80211_runtask(ic, &sc->cmdq_task); 5210 5211 return; 5212 } 5213 5214 /* ARGSUSED */ 5215 static void 5216 run_updateslot_cb(void *arg) 5217 { 5218 struct ieee80211com *ic = arg; 5219 struct run_softc *sc = ic->ic_softc; 5220 uint32_t tmp; 5221 5222 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5223 tmp &= ~0xff; 5224 tmp |= IEEE80211_GET_SLOTTIME(ic); 5225 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5226 } 5227 5228 static void 5229 run_update_mcast(struct ieee80211com *ic) 5230 { 5231 } 5232 5233 static int8_t 5234 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5235 { 5236 struct ieee80211com *ic = &sc->sc_ic; 5237 struct ieee80211_channel *c = ic->ic_curchan; 5238 int delta; 5239 5240 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5241 u_int chan = ieee80211_chan2ieee(ic, c); 5242 delta = sc->rssi_5ghz[rxchain]; 5243 5244 /* determine channel group */ 5245 if (chan <= 64) 5246 delta -= sc->lna[1]; 5247 else if (chan <= 128) 5248 delta -= sc->lna[2]; 5249 else 5250 delta -= sc->lna[3]; 5251 } else 5252 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5253 5254 return (-12 - delta - rssi); 5255 } 5256 5257 static void 5258 run_rt5390_bbp_init(struct run_softc *sc) 5259 { 5260 u_int i; 5261 uint8_t bbp; 5262 5263 /* Apply maximum likelihood detection for 2 stream case. */ 5264 run_bbp_read(sc, 105, &bbp); 5265 if (sc->nrxchains > 1) 5266 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5267 5268 /* Avoid data lost and CRC error. */ 5269 run_bbp_read(sc, 4, &bbp); 5270 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5271 5272 if (sc->mac_ver == 0x5592) { 5273 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5274 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5275 rt5592_def_bbp[i].val); 5276 } 5277 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5278 run_bbp_write(sc, 195, i + 0x80); 5279 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5280 } 5281 } else { 5282 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5283 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5284 rt5390_def_bbp[i].val); 5285 } 5286 } 5287 if (sc->mac_ver == 0x5392) { 5288 run_bbp_write(sc, 88, 0x90); 5289 run_bbp_write(sc, 95, 0x9a); 5290 run_bbp_write(sc, 98, 0x12); 5291 run_bbp_write(sc, 106, 0x12); 5292 run_bbp_write(sc, 134, 0xd0); 5293 run_bbp_write(sc, 135, 0xf6); 5294 run_bbp_write(sc, 148, 0x84); 5295 } 5296 5297 run_bbp_read(sc, 152, &bbp); 5298 run_bbp_write(sc, 152, bbp | 0x80); 5299 5300 /* Fix BBP254 for RT5592C. */ 5301 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5302 run_bbp_read(sc, 254, &bbp); 5303 run_bbp_write(sc, 254, bbp | 0x80); 5304 } 5305 5306 /* Disable hardware antenna diversity. */ 5307 if (sc->mac_ver == 0x5390) 5308 run_bbp_write(sc, 154, 0); 5309 5310 /* Initialize Rx CCK/OFDM frequency offset report. */ 5311 run_bbp_write(sc, 142, 1); 5312 run_bbp_write(sc, 143, 57); 5313 } 5314 5315 static int 5316 run_bbp_init(struct run_softc *sc) 5317 { 5318 int i, error, ntries; 5319 uint8_t bbp0; 5320 5321 /* wait for BBP to wake up */ 5322 for (ntries = 0; ntries < 20; ntries++) { 5323 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5324 return error; 5325 if (bbp0 != 0 && bbp0 != 0xff) 5326 break; 5327 } 5328 if (ntries == 20) 5329 return (ETIMEDOUT); 5330 5331 /* initialize BBP registers to default values */ 5332 if (sc->mac_ver >= 0x5390) 5333 run_rt5390_bbp_init(sc); 5334 else { 5335 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5336 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5337 rt2860_def_bbp[i].val); 5338 } 5339 } 5340 5341 if (sc->mac_ver == 0x3593) { 5342 run_bbp_write(sc, 79, 0x13); 5343 run_bbp_write(sc, 80, 0x05); 5344 run_bbp_write(sc, 81, 0x33); 5345 run_bbp_write(sc, 86, 0x46); 5346 run_bbp_write(sc, 137, 0x0f); 5347 } 5348 5349 /* fix BBP84 for RT2860E */ 5350 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5351 run_bbp_write(sc, 84, 0x19); 5352 5353 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5354 sc->mac_ver != 0x5592)) { 5355 run_bbp_write(sc, 79, 0x13); 5356 run_bbp_write(sc, 80, 0x05); 5357 run_bbp_write(sc, 81, 0x33); 5358 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5359 run_bbp_write(sc, 69, 0x16); 5360 run_bbp_write(sc, 73, 0x12); 5361 } 5362 return (0); 5363 } 5364 5365 static int 5366 run_rt3070_rf_init(struct run_softc *sc) 5367 { 5368 uint32_t tmp; 5369 uint8_t bbp4, mingain, rf, target; 5370 u_int i; 5371 5372 run_rt3070_rf_read(sc, 30, &rf); 5373 /* toggle RF R30 bit 7 */ 5374 run_rt3070_rf_write(sc, 30, rf | 0x80); 5375 run_delay(sc, 10); 5376 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5377 5378 /* initialize RF registers to default value */ 5379 if (sc->mac_ver == 0x3572) { 5380 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5381 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5382 rt3572_def_rf[i].val); 5383 } 5384 } else { 5385 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5386 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5387 rt3070_def_rf[i].val); 5388 } 5389 } 5390 5391 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5392 /* 5393 * Change voltage from 1.2V to 1.35V for RT3070. 5394 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5395 * in RT3070(F). 5396 */ 5397 run_read(sc, RT3070_LDO_CFG0, &tmp); 5398 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5399 run_write(sc, RT3070_LDO_CFG0, tmp); 5400 5401 } else if (sc->mac_ver == 0x3071) { 5402 run_rt3070_rf_read(sc, 6, &rf); 5403 run_rt3070_rf_write(sc, 6, rf | 0x40); 5404 run_rt3070_rf_write(sc, 31, 0x14); 5405 5406 run_read(sc, RT3070_LDO_CFG0, &tmp); 5407 tmp &= ~0x1f000000; 5408 if (sc->mac_rev < 0x0211) 5409 tmp |= 0x0d000000; /* 1.3V */ 5410 else 5411 tmp |= 0x01000000; /* 1.2V */ 5412 run_write(sc, RT3070_LDO_CFG0, tmp); 5413 5414 /* patch LNA_PE_G1 */ 5415 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5416 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5417 5418 } else if (sc->mac_ver == 0x3572) { 5419 run_rt3070_rf_read(sc, 6, &rf); 5420 run_rt3070_rf_write(sc, 6, rf | 0x40); 5421 5422 /* increase voltage from 1.2V to 1.35V */ 5423 run_read(sc, RT3070_LDO_CFG0, &tmp); 5424 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5425 run_write(sc, RT3070_LDO_CFG0, tmp); 5426 5427 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5428 run_delay(sc, 1); /* wait for 1msec */ 5429 /* decrease voltage back to 1.2V */ 5430 tmp = (tmp & ~0x1f000000) | 0x01000000; 5431 run_write(sc, RT3070_LDO_CFG0, tmp); 5432 } 5433 } 5434 5435 /* select 20MHz bandwidth */ 5436 run_rt3070_rf_read(sc, 31, &rf); 5437 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5438 5439 /* calibrate filter for 20MHz bandwidth */ 5440 sc->rf24_20mhz = 0x1f; /* default value */ 5441 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5442 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5443 5444 /* select 40MHz bandwidth */ 5445 run_bbp_read(sc, 4, &bbp4); 5446 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5447 run_rt3070_rf_read(sc, 31, &rf); 5448 run_rt3070_rf_write(sc, 31, rf | 0x20); 5449 5450 /* calibrate filter for 40MHz bandwidth */ 5451 sc->rf24_40mhz = 0x2f; /* default value */ 5452 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5453 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5454 5455 /* go back to 20MHz bandwidth */ 5456 run_bbp_read(sc, 4, &bbp4); 5457 run_bbp_write(sc, 4, bbp4 & ~0x18); 5458 5459 if (sc->mac_ver == 0x3572) { 5460 /* save default BBP registers 25 and 26 values */ 5461 run_bbp_read(sc, 25, &sc->bbp25); 5462 run_bbp_read(sc, 26, &sc->bbp26); 5463 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5464 run_rt3070_rf_write(sc, 27, 0x03); 5465 5466 run_read(sc, RT3070_OPT_14, &tmp); 5467 run_write(sc, RT3070_OPT_14, tmp | 1); 5468 5469 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5470 run_rt3070_rf_read(sc, 17, &rf); 5471 rf &= ~RT3070_TX_LO1; 5472 if ((sc->mac_ver == 0x3070 || 5473 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5474 !sc->ext_2ghz_lna) 5475 rf |= 0x20; /* fix for long range Rx issue */ 5476 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5477 if (sc->txmixgain_2ghz >= mingain) 5478 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5479 run_rt3070_rf_write(sc, 17, rf); 5480 } 5481 5482 if (sc->mac_ver == 0x3071) { 5483 run_rt3070_rf_read(sc, 1, &rf); 5484 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5485 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5486 run_rt3070_rf_write(sc, 1, rf); 5487 5488 run_rt3070_rf_read(sc, 15, &rf); 5489 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5490 5491 run_rt3070_rf_read(sc, 20, &rf); 5492 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5493 5494 run_rt3070_rf_read(sc, 21, &rf); 5495 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5496 } 5497 5498 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5499 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5500 run_rt3070_rf_read(sc, 27, &rf); 5501 rf &= ~0x77; 5502 if (sc->mac_rev < 0x0211) 5503 rf |= 0x03; 5504 run_rt3070_rf_write(sc, 27, rf); 5505 } 5506 return (0); 5507 } 5508 5509 static void 5510 run_rt3593_rf_init(struct run_softc *sc) 5511 { 5512 uint32_t tmp; 5513 uint8_t rf; 5514 u_int i; 5515 5516 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5517 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5518 tmp &= ~(1 << 4 | 1 << 7); 5519 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5520 5521 /* Initialize RF registers to default value. */ 5522 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5523 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5524 rt3593_def_rf[i].val); 5525 } 5526 5527 /* Toggle RF R2 to initiate calibration. */ 5528 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5529 5530 /* Initialize RF frequency offset. */ 5531 run_adjust_freq_offset(sc); 5532 5533 run_rt3070_rf_read(sc, 18, &rf); 5534 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5535 5536 /* 5537 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5538 * decrease voltage back to 1.2V. 5539 */ 5540 run_read(sc, RT3070_LDO_CFG0, &tmp); 5541 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5542 run_write(sc, RT3070_LDO_CFG0, tmp); 5543 run_delay(sc, 1); 5544 tmp = (tmp & ~0x1f000000) | 0x01000000; 5545 run_write(sc, RT3070_LDO_CFG0, tmp); 5546 5547 sc->rf24_20mhz = 0x1f; 5548 sc->rf24_40mhz = 0x2f; 5549 5550 /* Save default BBP registers 25 and 26 values. */ 5551 run_bbp_read(sc, 25, &sc->bbp25); 5552 run_bbp_read(sc, 26, &sc->bbp26); 5553 5554 run_read(sc, RT3070_OPT_14, &tmp); 5555 run_write(sc, RT3070_OPT_14, tmp | 1); 5556 } 5557 5558 static void 5559 run_rt5390_rf_init(struct run_softc *sc) 5560 { 5561 uint32_t tmp; 5562 uint8_t rf; 5563 u_int i; 5564 5565 /* Toggle RF R2 to initiate calibration. */ 5566 if (sc->mac_ver == 0x5390) { 5567 run_rt3070_rf_read(sc, 2, &rf); 5568 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5569 run_delay(sc, 10); 5570 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5571 } else { 5572 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5573 run_delay(sc, 10); 5574 } 5575 5576 /* Initialize RF registers to default value. */ 5577 if (sc->mac_ver == 0x5592) { 5578 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5579 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5580 rt5592_def_rf[i].val); 5581 } 5582 /* Initialize RF frequency offset. */ 5583 run_adjust_freq_offset(sc); 5584 } else if (sc->mac_ver == 0x5392) { 5585 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5586 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5587 rt5392_def_rf[i].val); 5588 } 5589 if (sc->mac_rev >= 0x0223) { 5590 run_rt3070_rf_write(sc, 23, 0x0f); 5591 run_rt3070_rf_write(sc, 24, 0x3e); 5592 run_rt3070_rf_write(sc, 51, 0x32); 5593 run_rt3070_rf_write(sc, 53, 0x22); 5594 run_rt3070_rf_write(sc, 56, 0xc1); 5595 run_rt3070_rf_write(sc, 59, 0x0f); 5596 } 5597 } else { 5598 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5599 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5600 rt5390_def_rf[i].val); 5601 } 5602 if (sc->mac_rev >= 0x0502) { 5603 run_rt3070_rf_write(sc, 6, 0xe0); 5604 run_rt3070_rf_write(sc, 25, 0x80); 5605 run_rt3070_rf_write(sc, 46, 0x73); 5606 run_rt3070_rf_write(sc, 53, 0x00); 5607 run_rt3070_rf_write(sc, 56, 0x42); 5608 run_rt3070_rf_write(sc, 61, 0xd1); 5609 } 5610 } 5611 5612 sc->rf24_20mhz = 0x1f; /* default value */ 5613 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5614 5615 if (sc->mac_rev < 0x0211) 5616 run_rt3070_rf_write(sc, 27, 0x3); 5617 5618 run_read(sc, RT3070_OPT_14, &tmp); 5619 run_write(sc, RT3070_OPT_14, tmp | 1); 5620 } 5621 5622 static int 5623 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5624 uint8_t *val) 5625 { 5626 uint8_t rf22, rf24; 5627 uint8_t bbp55_pb, bbp55_sb, delta; 5628 int ntries; 5629 5630 /* program filter */ 5631 run_rt3070_rf_read(sc, 24, &rf24); 5632 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5633 run_rt3070_rf_write(sc, 24, rf24); 5634 5635 /* enable baseband loopback mode */ 5636 run_rt3070_rf_read(sc, 22, &rf22); 5637 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5638 5639 /* set power and frequency of passband test tone */ 5640 run_bbp_write(sc, 24, 0x00); 5641 for (ntries = 0; ntries < 100; ntries++) { 5642 /* transmit test tone */ 5643 run_bbp_write(sc, 25, 0x90); 5644 run_delay(sc, 10); 5645 /* read received power */ 5646 run_bbp_read(sc, 55, &bbp55_pb); 5647 if (bbp55_pb != 0) 5648 break; 5649 } 5650 if (ntries == 100) 5651 return (ETIMEDOUT); 5652 5653 /* set power and frequency of stopband test tone */ 5654 run_bbp_write(sc, 24, 0x06); 5655 for (ntries = 0; ntries < 100; ntries++) { 5656 /* transmit test tone */ 5657 run_bbp_write(sc, 25, 0x90); 5658 run_delay(sc, 10); 5659 /* read received power */ 5660 run_bbp_read(sc, 55, &bbp55_sb); 5661 5662 delta = bbp55_pb - bbp55_sb; 5663 if (delta > target) 5664 break; 5665 5666 /* reprogram filter */ 5667 rf24++; 5668 run_rt3070_rf_write(sc, 24, rf24); 5669 } 5670 if (ntries < 100) { 5671 if (rf24 != init) 5672 rf24--; /* backtrack */ 5673 *val = rf24; 5674 run_rt3070_rf_write(sc, 24, rf24); 5675 } 5676 5677 /* restore initial state */ 5678 run_bbp_write(sc, 24, 0x00); 5679 5680 /* disable baseband loopback mode */ 5681 run_rt3070_rf_read(sc, 22, &rf22); 5682 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5683 5684 return (0); 5685 } 5686 5687 static void 5688 run_rt3070_rf_setup(struct run_softc *sc) 5689 { 5690 uint8_t bbp, rf; 5691 int i; 5692 5693 if (sc->mac_ver == 0x3572) { 5694 /* enable DC filter */ 5695 if (sc->mac_rev >= 0x0201) 5696 run_bbp_write(sc, 103, 0xc0); 5697 5698 run_bbp_read(sc, 138, &bbp); 5699 if (sc->ntxchains == 1) 5700 bbp |= 0x20; /* turn off DAC1 */ 5701 if (sc->nrxchains == 1) 5702 bbp &= ~0x02; /* turn off ADC1 */ 5703 run_bbp_write(sc, 138, bbp); 5704 5705 if (sc->mac_rev >= 0x0211) { 5706 /* improve power consumption */ 5707 run_bbp_read(sc, 31, &bbp); 5708 run_bbp_write(sc, 31, bbp & ~0x03); 5709 } 5710 5711 run_rt3070_rf_read(sc, 16, &rf); 5712 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5713 run_rt3070_rf_write(sc, 16, rf); 5714 5715 } else if (sc->mac_ver == 0x3071) { 5716 if (sc->mac_rev >= 0x0211) { 5717 /* enable DC filter */ 5718 run_bbp_write(sc, 103, 0xc0); 5719 5720 /* improve power consumption */ 5721 run_bbp_read(sc, 31, &bbp); 5722 run_bbp_write(sc, 31, bbp & ~0x03); 5723 } 5724 5725 run_bbp_read(sc, 138, &bbp); 5726 if (sc->ntxchains == 1) 5727 bbp |= 0x20; /* turn off DAC1 */ 5728 if (sc->nrxchains == 1) 5729 bbp &= ~0x02; /* turn off ADC1 */ 5730 run_bbp_write(sc, 138, bbp); 5731 5732 run_write(sc, RT2860_TX_SW_CFG1, 0); 5733 if (sc->mac_rev < 0x0211) { 5734 run_write(sc, RT2860_TX_SW_CFG2, 5735 sc->patch_dac ? 0x2c : 0x0f); 5736 } else 5737 run_write(sc, RT2860_TX_SW_CFG2, 0); 5738 5739 } else if (sc->mac_ver == 0x3070) { 5740 if (sc->mac_rev >= 0x0201) { 5741 /* enable DC filter */ 5742 run_bbp_write(sc, 103, 0xc0); 5743 5744 /* improve power consumption */ 5745 run_bbp_read(sc, 31, &bbp); 5746 run_bbp_write(sc, 31, bbp & ~0x03); 5747 } 5748 5749 if (sc->mac_rev < 0x0201) { 5750 run_write(sc, RT2860_TX_SW_CFG1, 0); 5751 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5752 } else 5753 run_write(sc, RT2860_TX_SW_CFG2, 0); 5754 } 5755 5756 /* initialize RF registers from ROM for >=RT3071*/ 5757 if (sc->mac_ver >= 0x3071) { 5758 for (i = 0; i < 10; i++) { 5759 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5760 continue; 5761 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5762 } 5763 } 5764 } 5765 5766 static void 5767 run_rt3593_rf_setup(struct run_softc *sc) 5768 { 5769 uint8_t bbp, rf; 5770 5771 if (sc->mac_rev >= 0x0211) { 5772 /* Enable DC filter. */ 5773 run_bbp_write(sc, 103, 0xc0); 5774 } 5775 run_write(sc, RT2860_TX_SW_CFG1, 0); 5776 if (sc->mac_rev < 0x0211) { 5777 run_write(sc, RT2860_TX_SW_CFG2, 5778 sc->patch_dac ? 0x2c : 0x0f); 5779 } else 5780 run_write(sc, RT2860_TX_SW_CFG2, 0); 5781 5782 run_rt3070_rf_read(sc, 50, &rf); 5783 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5784 5785 run_rt3070_rf_read(sc, 51, &rf); 5786 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5787 ((sc->txmixgain_2ghz & 0x07) << 2); 5788 run_rt3070_rf_write(sc, 51, rf); 5789 5790 run_rt3070_rf_read(sc, 38, &rf); 5791 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5792 5793 run_rt3070_rf_read(sc, 39, &rf); 5794 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5795 5796 run_rt3070_rf_read(sc, 1, &rf); 5797 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5798 5799 run_rt3070_rf_read(sc, 30, &rf); 5800 rf = (rf & ~0x18) | 0x10; 5801 run_rt3070_rf_write(sc, 30, rf); 5802 5803 /* Apply maximum likelihood detection for 2 stream case. */ 5804 run_bbp_read(sc, 105, &bbp); 5805 if (sc->nrxchains > 1) 5806 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5807 5808 /* Avoid data lost and CRC error. */ 5809 run_bbp_read(sc, 4, &bbp); 5810 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5811 5812 run_bbp_write(sc, 92, 0x02); 5813 run_bbp_write(sc, 82, 0x82); 5814 run_bbp_write(sc, 106, 0x05); 5815 run_bbp_write(sc, 104, 0x92); 5816 run_bbp_write(sc, 88, 0x90); 5817 run_bbp_write(sc, 148, 0xc8); 5818 run_bbp_write(sc, 47, 0x48); 5819 run_bbp_write(sc, 120, 0x50); 5820 5821 run_bbp_write(sc, 163, 0x9d); 5822 5823 /* SNR mapping. */ 5824 run_bbp_write(sc, 142, 0x06); 5825 run_bbp_write(sc, 143, 0xa0); 5826 run_bbp_write(sc, 142, 0x07); 5827 run_bbp_write(sc, 143, 0xa1); 5828 run_bbp_write(sc, 142, 0x08); 5829 run_bbp_write(sc, 143, 0xa2); 5830 5831 run_bbp_write(sc, 31, 0x08); 5832 run_bbp_write(sc, 68, 0x0b); 5833 run_bbp_write(sc, 105, 0x04); 5834 } 5835 5836 static void 5837 run_rt5390_rf_setup(struct run_softc *sc) 5838 { 5839 uint8_t bbp, rf; 5840 5841 if (sc->mac_rev >= 0x0211) { 5842 /* Enable DC filter. */ 5843 run_bbp_write(sc, 103, 0xc0); 5844 5845 if (sc->mac_ver != 0x5592) { 5846 /* Improve power consumption. */ 5847 run_bbp_read(sc, 31, &bbp); 5848 run_bbp_write(sc, 31, bbp & ~0x03); 5849 } 5850 } 5851 5852 run_bbp_read(sc, 138, &bbp); 5853 if (sc->ntxchains == 1) 5854 bbp |= 0x20; /* turn off DAC1 */ 5855 if (sc->nrxchains == 1) 5856 bbp &= ~0x02; /* turn off ADC1 */ 5857 run_bbp_write(sc, 138, bbp); 5858 5859 run_rt3070_rf_read(sc, 38, &rf); 5860 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5861 5862 run_rt3070_rf_read(sc, 39, &rf); 5863 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5864 5865 /* Avoid data lost and CRC error. */ 5866 run_bbp_read(sc, 4, &bbp); 5867 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5868 5869 run_rt3070_rf_read(sc, 30, &rf); 5870 rf = (rf & ~0x18) | 0x10; 5871 run_rt3070_rf_write(sc, 30, rf); 5872 5873 if (sc->mac_ver != 0x5592) { 5874 run_write(sc, RT2860_TX_SW_CFG1, 0); 5875 if (sc->mac_rev < 0x0211) { 5876 run_write(sc, RT2860_TX_SW_CFG2, 5877 sc->patch_dac ? 0x2c : 0x0f); 5878 } else 5879 run_write(sc, RT2860_TX_SW_CFG2, 0); 5880 } 5881 } 5882 5883 static int 5884 run_txrx_enable(struct run_softc *sc) 5885 { 5886 struct ieee80211com *ic = &sc->sc_ic; 5887 uint32_t tmp; 5888 int error, ntries; 5889 5890 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5891 for (ntries = 0; ntries < 200; ntries++) { 5892 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5893 return (error); 5894 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5895 break; 5896 run_delay(sc, 50); 5897 } 5898 if (ntries == 200) 5899 return (ETIMEDOUT); 5900 5901 run_delay(sc, 50); 5902 5903 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5904 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5905 5906 /* enable Rx bulk aggregation (set timeout and limit) */ 5907 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5908 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5909 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5910 5911 /* set Rx filter */ 5912 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5913 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5914 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5915 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5916 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5917 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5918 if (ic->ic_opmode == IEEE80211_M_STA) 5919 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5920 } 5921 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5922 5923 run_write(sc, RT2860_MAC_SYS_CTRL, 5924 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5925 5926 return (0); 5927 } 5928 5929 static void 5930 run_adjust_freq_offset(struct run_softc *sc) 5931 { 5932 uint8_t rf, tmp; 5933 5934 run_rt3070_rf_read(sc, 17, &rf); 5935 tmp = rf; 5936 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5937 rf = MIN(rf, 0x5f); 5938 5939 if (tmp != rf) 5940 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5941 } 5942 5943 static void 5944 run_init_locked(struct run_softc *sc) 5945 { 5946 struct ieee80211com *ic = &sc->sc_ic; 5947 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5948 uint32_t tmp; 5949 uint8_t bbp1, bbp3; 5950 int i; 5951 int ridx; 5952 int ntries; 5953 5954 if (ic->ic_nrunning > 1) 5955 return; 5956 5957 run_stop(sc); 5958 5959 if (run_load_microcode(sc) != 0) { 5960 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5961 goto fail; 5962 } 5963 5964 for (ntries = 0; ntries < 100; ntries++) { 5965 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5966 goto fail; 5967 if (tmp != 0 && tmp != 0xffffffff) 5968 break; 5969 run_delay(sc, 10); 5970 } 5971 if (ntries == 100) 5972 goto fail; 5973 5974 for (i = 0; i != RUN_EP_QUEUES; i++) 5975 run_setup_tx_list(sc, &sc->sc_epq[i]); 5976 5977 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5978 5979 for (ntries = 0; ntries < 100; ntries++) { 5980 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5981 goto fail; 5982 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5983 break; 5984 run_delay(sc, 10); 5985 } 5986 if (ntries == 100) { 5987 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5988 goto fail; 5989 } 5990 tmp &= 0xff0; 5991 tmp |= RT2860_TX_WB_DDONE; 5992 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5993 5994 /* turn off PME_OEN to solve high-current issue */ 5995 run_read(sc, RT2860_SYS_CTRL, &tmp); 5996 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5997 5998 run_write(sc, RT2860_MAC_SYS_CTRL, 5999 RT2860_BBP_HRST | RT2860_MAC_SRST); 6000 run_write(sc, RT2860_USB_DMA_CFG, 0); 6001 6002 if (run_reset(sc) != 0) { 6003 device_printf(sc->sc_dev, "could not reset chipset\n"); 6004 goto fail; 6005 } 6006 6007 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6008 6009 /* init Tx power for all Tx rates (from EEPROM) */ 6010 for (ridx = 0; ridx < 5; ridx++) { 6011 if (sc->txpow20mhz[ridx] == 0xffffffff) 6012 continue; 6013 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6014 } 6015 6016 for (i = 0; i < nitems(rt2870_def_mac); i++) 6017 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6018 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6019 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6020 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6021 6022 if (sc->mac_ver >= 0x5390) { 6023 run_write(sc, RT2860_TX_SW_CFG0, 6024 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6025 if (sc->mac_ver >= 0x5392) { 6026 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6027 if (sc->mac_ver == 0x5592) { 6028 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6029 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6030 } else { 6031 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6032 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6033 } 6034 } 6035 } else if (sc->mac_ver == 0x3593) { 6036 run_write(sc, RT2860_TX_SW_CFG0, 6037 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6038 } else if (sc->mac_ver >= 0x3070) { 6039 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6040 run_write(sc, RT2860_TX_SW_CFG0, 6041 4 << RT2860_DLY_PAPE_EN_SHIFT); 6042 } 6043 6044 /* wait while MAC is busy */ 6045 for (ntries = 0; ntries < 100; ntries++) { 6046 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6047 goto fail; 6048 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6049 break; 6050 run_delay(sc, 10); 6051 } 6052 if (ntries == 100) 6053 goto fail; 6054 6055 /* clear Host to MCU mailbox */ 6056 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6057 run_write(sc, RT2860_H2M_MAILBOX, 0); 6058 run_delay(sc, 10); 6059 6060 if (run_bbp_init(sc) != 0) { 6061 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6062 goto fail; 6063 } 6064 6065 /* abort TSF synchronization */ 6066 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6067 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6068 RT2860_TBTT_TIMER_EN); 6069 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6070 6071 /* clear RX WCID search table */ 6072 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6073 /* clear WCID attribute table */ 6074 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6075 6076 /* hostapd sets a key before init. So, don't clear it. */ 6077 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6078 /* clear shared key table */ 6079 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6080 /* clear shared key mode */ 6081 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6082 } 6083 6084 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6085 tmp = (tmp & ~0xff) | 0x1e; 6086 run_write(sc, RT2860_US_CYC_CNT, tmp); 6087 6088 if (sc->mac_rev != 0x0101) 6089 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6090 6091 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6092 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6093 6094 /* write vendor-specific BBP values (from EEPROM) */ 6095 if (sc->mac_ver < 0x3593) { 6096 for (i = 0; i < 10; i++) { 6097 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6098 continue; 6099 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6100 } 6101 } 6102 6103 /* select Main antenna for 1T1R devices */ 6104 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6105 run_set_rx_antenna(sc, 0); 6106 6107 /* send LEDs operating mode to microcontroller */ 6108 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6109 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6110 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6111 6112 if (sc->mac_ver >= 0x5390) 6113 run_rt5390_rf_init(sc); 6114 else if (sc->mac_ver == 0x3593) 6115 run_rt3593_rf_init(sc); 6116 else if (sc->mac_ver >= 0x3070) 6117 run_rt3070_rf_init(sc); 6118 6119 /* disable non-existing Rx chains */ 6120 run_bbp_read(sc, 3, &bbp3); 6121 bbp3 &= ~(1 << 3 | 1 << 4); 6122 if (sc->nrxchains == 2) 6123 bbp3 |= 1 << 3; 6124 else if (sc->nrxchains == 3) 6125 bbp3 |= 1 << 4; 6126 run_bbp_write(sc, 3, bbp3); 6127 6128 /* disable non-existing Tx chains */ 6129 run_bbp_read(sc, 1, &bbp1); 6130 if (sc->ntxchains == 1) 6131 bbp1 &= ~(1 << 3 | 1 << 4); 6132 run_bbp_write(sc, 1, bbp1); 6133 6134 if (sc->mac_ver >= 0x5390) 6135 run_rt5390_rf_setup(sc); 6136 else if (sc->mac_ver == 0x3593) 6137 run_rt3593_rf_setup(sc); 6138 else if (sc->mac_ver >= 0x3070) 6139 run_rt3070_rf_setup(sc); 6140 6141 /* select default channel */ 6142 run_set_chan(sc, ic->ic_curchan); 6143 6144 /* setup initial protection mode */ 6145 run_updateprot_cb(ic); 6146 6147 /* turn radio LED on */ 6148 run_set_leds(sc, RT2860_LED_RADIO); 6149 6150 sc->sc_flags |= RUN_RUNNING; 6151 sc->cmdq_run = RUN_CMDQ_GO; 6152 6153 for (i = 0; i != RUN_N_XFER; i++) 6154 usbd_xfer_set_stall(sc->sc_xfer[i]); 6155 6156 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6157 6158 if (run_txrx_enable(sc) != 0) 6159 goto fail; 6160 6161 return; 6162 6163 fail: 6164 run_stop(sc); 6165 } 6166 6167 static void 6168 run_stop(void *arg) 6169 { 6170 struct run_softc *sc = (struct run_softc *)arg; 6171 uint32_t tmp; 6172 int i; 6173 int ntries; 6174 6175 RUN_LOCK_ASSERT(sc, MA_OWNED); 6176 6177 if (sc->sc_flags & RUN_RUNNING) 6178 run_set_leds(sc, 0); /* turn all LEDs off */ 6179 6180 sc->sc_flags &= ~RUN_RUNNING; 6181 6182 sc->ratectl_run = RUN_RATECTL_OFF; 6183 sc->cmdq_run = sc->cmdq_key_set; 6184 6185 RUN_UNLOCK(sc); 6186 6187 for(i = 0; i < RUN_N_XFER; i++) 6188 usbd_transfer_drain(sc->sc_xfer[i]); 6189 6190 RUN_LOCK(sc); 6191 6192 run_drain_mbufq(sc); 6193 6194 if (sc->rx_m != NULL) { 6195 m_free(sc->rx_m); 6196 sc->rx_m = NULL; 6197 } 6198 6199 /* Disable Tx/Rx DMA. */ 6200 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6201 return; 6202 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6203 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6204 6205 for (ntries = 0; ntries < 100; ntries++) { 6206 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6207 return; 6208 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6209 break; 6210 run_delay(sc, 10); 6211 } 6212 if (ntries == 100) { 6213 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6214 return; 6215 } 6216 6217 /* disable Tx/Rx */ 6218 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6219 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6220 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6221 6222 /* wait for pending Tx to complete */ 6223 for (ntries = 0; ntries < 100; ntries++) { 6224 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6225 DPRINTF("Cannot read Tx queue count\n"); 6226 break; 6227 } 6228 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6229 DPRINTF("All Tx cleared\n"); 6230 break; 6231 } 6232 run_delay(sc, 10); 6233 } 6234 if (ntries >= 100) 6235 DPRINTF("There are still pending Tx\n"); 6236 run_delay(sc, 10); 6237 run_write(sc, RT2860_USB_DMA_CFG, 0); 6238 6239 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6240 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6241 6242 for (i = 0; i != RUN_EP_QUEUES; i++) 6243 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6244 } 6245 6246 static void 6247 run_delay(struct run_softc *sc, u_int ms) 6248 { 6249 usb_pause_mtx(lockowned(&sc->sc_lock) ? &sc->sc_lock : NULL, 6250 USB_MS_TO_TICKS(ms)); 6251 } 6252 6253 static device_method_t run_methods[] = { 6254 /* Device interface */ 6255 DEVMETHOD(device_probe, run_match), 6256 DEVMETHOD(device_attach, run_attach), 6257 DEVMETHOD(device_detach, run_detach), 6258 DEVMETHOD_END 6259 }; 6260 6261 static driver_t run_driver = { 6262 .name = "run", 6263 .methods = run_methods, 6264 .size = sizeof(struct run_softc) 6265 }; 6266 6267 static devclass_t run_devclass; 6268 6269 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6270 MODULE_DEPEND(run, wlan, 1, 1, 1); 6271 MODULE_DEPEND(run, usb, 1, 1, 1); 6272 MODULE_DEPEND(run, firmware, 1, 1, 1); 6273 MODULE_VERSION(run, 1); 6274 #if 0 /* Not implemented by DragonFly */ 6275 USB_PNP_HOST_INFO(run_devs); 6276 #endif 6277