1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 * 19 * $FreeBSD: head/sys/dev/usb/wlan/if_run.c 299176 2016-05-06 15:09:21Z pfg $ 20 */ 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mbuf.h> 32 #include <sys/kernel.h> 33 #include <sys/socket.h> 34 #include <sys/systm.h> 35 #include <sys/malloc.h> 36 #include <sys/module.h> 37 #include <sys/bus.h> 38 #include <sys/endian.h> 39 #include <sys/linker.h> 40 #include <sys/firmware.h> 41 42 #include <sys/rman.h> 43 44 #include <net/bpf.h> 45 #include <net/if.h> 46 #include <net/if_var.h> 47 #include <net/if_arp.h> 48 #include <net/ethernet.h> 49 #include <net/if_dl.h> 50 #include <net/if_media.h> 51 #include <net/if_types.h> 52 53 #include <netinet/in.h> 54 #include <netinet/in_systm.h> 55 #include <netinet/in_var.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip.h> 58 59 #include <netproto/802_11/ieee80211_var.h> 60 #include <netproto/802_11/ieee80211_regdomain.h> 61 #include <netproto/802_11/ieee80211_radiotap.h> 62 #include <netproto/802_11/ieee80211_ratectl.h> 63 64 #include <bus/u4b/usb.h> 65 #include <bus/u4b/usbdi.h> 66 #include "usbdevs.h" 67 68 #define USB_DEBUG_VAR run_debug 69 #include <bus/u4b/usb_debug.h> 70 #include <bus/u4b/usb_msctest.h> 71 72 #include <bus/u4b/wlan/if_runreg.h> 73 #include <bus/u4b/wlan/if_runvar.h> 74 75 #ifdef USB_DEBUG 76 #define RUN_DEBUG 77 #endif 78 79 #ifdef RUN_DEBUG 80 int run_debug = 0; 81 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 82 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 83 "run debug level"); 84 #endif 85 86 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 87 88 /* 89 * Because of LOR in run_key_delete(), use atomic instead. 90 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 91 */ 92 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 93 94 static const STRUCT_USB_HOST_ID run_devs[] = { 95 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 96 #define RUN_DEV_EJECT(v,p) \ 97 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 98 #define RUN_EJECT 1 99 RUN_DEV(ABOCOM, RT2770), 100 RUN_DEV(ABOCOM, RT2870), 101 RUN_DEV(ABOCOM, RT3070), 102 RUN_DEV(ABOCOM, RT3071), 103 RUN_DEV(ABOCOM, RT3072), 104 RUN_DEV(ABOCOM2, RT2870_1), 105 RUN_DEV(ACCTON, RT2770), 106 RUN_DEV(ACCTON, RT2870_1), 107 RUN_DEV(ACCTON, RT2870_2), 108 RUN_DEV(ACCTON, RT2870_3), 109 RUN_DEV(ACCTON, RT2870_4), 110 RUN_DEV(ACCTON, RT2870_5), 111 RUN_DEV(ACCTON, RT3070), 112 RUN_DEV(ACCTON, RT3070_1), 113 RUN_DEV(ACCTON, RT3070_2), 114 RUN_DEV(ACCTON, RT3070_3), 115 RUN_DEV(ACCTON, RT3070_4), 116 RUN_DEV(ACCTON, RT3070_5), 117 RUN_DEV(AIRTIES, RT3070), 118 RUN_DEV(ALLWIN, RT2070), 119 RUN_DEV(ALLWIN, RT2770), 120 RUN_DEV(ALLWIN, RT2870), 121 RUN_DEV(ALLWIN, RT3070), 122 RUN_DEV(ALLWIN, RT3071), 123 RUN_DEV(ALLWIN, RT3072), 124 RUN_DEV(ALLWIN, RT3572), 125 RUN_DEV(AMIGO, RT2870_1), 126 RUN_DEV(AMIGO, RT2870_2), 127 RUN_DEV(AMIT, CGWLUSB2GNR), 128 RUN_DEV(AMIT, RT2870_1), 129 RUN_DEV(AMIT2, RT2870), 130 RUN_DEV(ASUS, RT2870_1), 131 RUN_DEV(ASUS, RT2870_2), 132 RUN_DEV(ASUS, RT2870_3), 133 RUN_DEV(ASUS, RT2870_4), 134 RUN_DEV(ASUS, RT2870_5), 135 RUN_DEV(ASUS, USBN13), 136 RUN_DEV(ASUS, RT3070_1), 137 RUN_DEV(ASUS, USBN66), 138 RUN_DEV(ASUS, USB_N53), 139 RUN_DEV(ASUS2, USBN11), 140 RUN_DEV(AZUREWAVE, RT2870_1), 141 RUN_DEV(AZUREWAVE, RT2870_2), 142 RUN_DEV(AZUREWAVE, RT3070_1), 143 RUN_DEV(AZUREWAVE, RT3070_2), 144 RUN_DEV(AZUREWAVE, RT3070_3), 145 RUN_DEV(BELKIN, F9L1103), 146 RUN_DEV(BELKIN, F5D8053V3), 147 RUN_DEV(BELKIN, F5D8055), 148 RUN_DEV(BELKIN, F5D8055V2), 149 RUN_DEV(BELKIN, F6D4050V1), 150 RUN_DEV(BELKIN, F6D4050V2), 151 RUN_DEV(BELKIN, RT2870_1), 152 RUN_DEV(BELKIN, RT2870_2), 153 RUN_DEV(CISCOLINKSYS, AE1000), 154 RUN_DEV(CISCOLINKSYS2, RT3070), 155 RUN_DEV(CISCOLINKSYS3, RT3070), 156 RUN_DEV(CONCEPTRONIC2, RT2870_1), 157 RUN_DEV(CONCEPTRONIC2, RT2870_2), 158 RUN_DEV(CONCEPTRONIC2, RT2870_3), 159 RUN_DEV(CONCEPTRONIC2, RT2870_4), 160 RUN_DEV(CONCEPTRONIC2, RT2870_5), 161 RUN_DEV(CONCEPTRONIC2, RT2870_6), 162 RUN_DEV(CONCEPTRONIC2, RT2870_7), 163 RUN_DEV(CONCEPTRONIC2, RT2870_8), 164 RUN_DEV(CONCEPTRONIC2, RT3070_1), 165 RUN_DEV(CONCEPTRONIC2, RT3070_2), 166 RUN_DEV(CONCEPTRONIC2, VIGORN61), 167 RUN_DEV(COREGA, CGWLUSB300GNM), 168 RUN_DEV(COREGA, RT2870_1), 169 RUN_DEV(COREGA, RT2870_2), 170 RUN_DEV(COREGA, RT2870_3), 171 RUN_DEV(COREGA, RT3070), 172 RUN_DEV(CYBERTAN, RT2870), 173 RUN_DEV(DLINK, RT2870), 174 RUN_DEV(DLINK, RT3072), 175 RUN_DEV(DLINK, DWA127), 176 RUN_DEV(DLINK, DWA140B3), 177 RUN_DEV(DLINK, DWA160B2), 178 RUN_DEV(DLINK, DWA140D1), 179 RUN_DEV(DLINK, DWA162), 180 RUN_DEV(DLINK2, DWA130), 181 RUN_DEV(DLINK2, RT2870_1), 182 RUN_DEV(DLINK2, RT2870_2), 183 RUN_DEV(DLINK2, RT3070_1), 184 RUN_DEV(DLINK2, RT3070_2), 185 RUN_DEV(DLINK2, RT3070_3), 186 RUN_DEV(DLINK2, RT3070_4), 187 RUN_DEV(DLINK2, RT3070_5), 188 RUN_DEV(DLINK2, RT3072), 189 RUN_DEV(DLINK2, RT3072_1), 190 RUN_DEV(EDIMAX, EW7717), 191 RUN_DEV(EDIMAX, EW7718), 192 RUN_DEV(EDIMAX, EW7733UND), 193 RUN_DEV(EDIMAX, RT2870_1), 194 RUN_DEV(ENCORE, RT3070_1), 195 RUN_DEV(ENCORE, RT3070_2), 196 RUN_DEV(ENCORE, RT3070_3), 197 RUN_DEV(GIGABYTE, GNWB31N), 198 RUN_DEV(GIGABYTE, GNWB32L), 199 RUN_DEV(GIGABYTE, RT2870_1), 200 RUN_DEV(GIGASET, RT3070_1), 201 RUN_DEV(GIGASET, RT3070_2), 202 RUN_DEV(GUILLEMOT, HWNU300), 203 RUN_DEV(HAWKING, HWUN2), 204 RUN_DEV(HAWKING, RT2870_1), 205 RUN_DEV(HAWKING, RT2870_2), 206 RUN_DEV(HAWKING, RT3070), 207 RUN_DEV(IODATA, RT3072_1), 208 RUN_DEV(IODATA, RT3072_2), 209 RUN_DEV(IODATA, RT3072_3), 210 RUN_DEV(IODATA, RT3072_4), 211 RUN_DEV(LINKSYS4, RT3070), 212 RUN_DEV(LINKSYS4, WUSB100), 213 RUN_DEV(LINKSYS4, WUSB54GCV3), 214 RUN_DEV(LINKSYS4, WUSB600N), 215 RUN_DEV(LINKSYS4, WUSB600NV2), 216 RUN_DEV(LOGITEC, RT2870_1), 217 RUN_DEV(LOGITEC, RT2870_2), 218 RUN_DEV(LOGITEC, RT2870_3), 219 RUN_DEV(LOGITEC, LANW300NU2), 220 RUN_DEV(LOGITEC, LANW150NU2), 221 RUN_DEV(LOGITEC, LANW300NU2S), 222 RUN_DEV(MELCO, WLIUCG300HP), 223 RUN_DEV(MELCO, RT2870_2), 224 RUN_DEV(MELCO, WLIUCAG300N), 225 RUN_DEV(MELCO, WLIUCG300N), 226 RUN_DEV(MELCO, WLIUCG301N), 227 RUN_DEV(MELCO, WLIUCGN), 228 RUN_DEV(MELCO, WLIUCGNM), 229 RUN_DEV(MELCO, WLIUCG300HPV1), 230 RUN_DEV(MELCO, WLIUCGNM2), 231 RUN_DEV(MOTOROLA4, RT2770), 232 RUN_DEV(MOTOROLA4, RT3070), 233 RUN_DEV(MSI, RT3070_1), 234 RUN_DEV(MSI, RT3070_2), 235 RUN_DEV(MSI, RT3070_3), 236 RUN_DEV(MSI, RT3070_4), 237 RUN_DEV(MSI, RT3070_5), 238 RUN_DEV(MSI, RT3070_6), 239 RUN_DEV(MSI, RT3070_7), 240 RUN_DEV(MSI, RT3070_8), 241 RUN_DEV(MSI, RT3070_9), 242 RUN_DEV(MSI, RT3070_10), 243 RUN_DEV(MSI, RT3070_11), 244 RUN_DEV(NETGEAR, WNDA4100), 245 RUN_DEV(OVISLINK, RT3072), 246 RUN_DEV(PARA, RT3070), 247 RUN_DEV(PEGATRON, RT2870), 248 RUN_DEV(PEGATRON, RT3070), 249 RUN_DEV(PEGATRON, RT3070_2), 250 RUN_DEV(PEGATRON, RT3070_3), 251 RUN_DEV(PHILIPS, RT2870), 252 RUN_DEV(PLANEX2, GWUS300MINIS), 253 RUN_DEV(PLANEX2, GWUSMICRON), 254 RUN_DEV(PLANEX2, RT2870), 255 RUN_DEV(PLANEX2, RT3070), 256 RUN_DEV(QCOM, RT2870), 257 RUN_DEV(QUANTA, RT3070), 258 RUN_DEV(RALINK, RT2070), 259 RUN_DEV(RALINK, RT2770), 260 RUN_DEV(RALINK, RT2870), 261 RUN_DEV(RALINK, RT3070), 262 RUN_DEV(RALINK, RT3071), 263 RUN_DEV(RALINK, RT3072), 264 RUN_DEV(RALINK, RT3370), 265 RUN_DEV(RALINK, RT3572), 266 RUN_DEV(RALINK, RT3573), 267 RUN_DEV(RALINK, RT5370), 268 RUN_DEV(RALINK, RT5572), 269 RUN_DEV(RALINK, RT8070), 270 RUN_DEV(SAMSUNG, WIS09ABGN), 271 RUN_DEV(SAMSUNG2, RT2870_1), 272 RUN_DEV(SENAO, RT2870_1), 273 RUN_DEV(SENAO, RT2870_2), 274 RUN_DEV(SENAO, RT2870_3), 275 RUN_DEV(SENAO, RT2870_4), 276 RUN_DEV(SENAO, RT3070), 277 RUN_DEV(SENAO, RT3071), 278 RUN_DEV(SENAO, RT3072_1), 279 RUN_DEV(SENAO, RT3072_2), 280 RUN_DEV(SENAO, RT3072_3), 281 RUN_DEV(SENAO, RT3072_4), 282 RUN_DEV(SENAO, RT3072_5), 283 RUN_DEV(SITECOMEU, RT2770), 284 RUN_DEV(SITECOMEU, RT2870_1), 285 RUN_DEV(SITECOMEU, RT2870_2), 286 RUN_DEV(SITECOMEU, RT2870_3), 287 RUN_DEV(SITECOMEU, RT2870_4), 288 RUN_DEV(SITECOMEU, RT3070), 289 RUN_DEV(SITECOMEU, RT3070_2), 290 RUN_DEV(SITECOMEU, RT3070_3), 291 RUN_DEV(SITECOMEU, RT3070_4), 292 RUN_DEV(SITECOMEU, RT3071), 293 RUN_DEV(SITECOMEU, RT3072_1), 294 RUN_DEV(SITECOMEU, RT3072_2), 295 RUN_DEV(SITECOMEU, RT3072_3), 296 RUN_DEV(SITECOMEU, RT3072_4), 297 RUN_DEV(SITECOMEU, RT3072_5), 298 RUN_DEV(SITECOMEU, RT3072_6), 299 RUN_DEV(SITECOMEU, WL608), 300 RUN_DEV(SPARKLAN, RT2870_1), 301 RUN_DEV(SPARKLAN, RT3070), 302 RUN_DEV(SWEEX2, LW153), 303 RUN_DEV(SWEEX2, LW303), 304 RUN_DEV(SWEEX2, LW313), 305 RUN_DEV(TOSHIBA, RT3070), 306 RUN_DEV(UMEDIA, RT2870_1), 307 RUN_DEV(ZCOM, RT2870_1), 308 RUN_DEV(ZCOM, RT2870_2), 309 RUN_DEV(ZINWELL, RT2870_1), 310 RUN_DEV(ZINWELL, RT2870_2), 311 RUN_DEV(ZINWELL, RT3070), 312 RUN_DEV(ZINWELL, RT3072_1), 313 RUN_DEV(ZINWELL, RT3072_2), 314 RUN_DEV(ZYXEL, RT2870_1), 315 RUN_DEV(ZYXEL, RT2870_2), 316 RUN_DEV(ZYXEL, RT3070), 317 RUN_DEV_EJECT(ZYXEL, NWD2705), 318 RUN_DEV_EJECT(RALINK, RT_STOR), 319 #undef RUN_DEV_EJECT 320 #undef RUN_DEV 321 }; 322 323 static device_probe_t run_match; 324 static device_attach_t run_attach; 325 static device_detach_t run_detach; 326 327 static usb_callback_t run_bulk_rx_callback; 328 static usb_callback_t run_bulk_tx_callback0; 329 static usb_callback_t run_bulk_tx_callback1; 330 static usb_callback_t run_bulk_tx_callback2; 331 static usb_callback_t run_bulk_tx_callback3; 332 static usb_callback_t run_bulk_tx_callback4; 333 static usb_callback_t run_bulk_tx_callback5; 334 335 static void run_autoinst(void *, struct usb_device *, 336 struct usb_attach_arg *); 337 static int run_driver_loaded(struct module *, int, void *); 338 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 339 usb_error_t error, u_int index); 340 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 341 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 342 const uint8_t [IEEE80211_ADDR_LEN], 343 const uint8_t [IEEE80211_ADDR_LEN]); 344 static void run_vap_delete(struct ieee80211vap *); 345 static void run_cmdq_cb(void *, int); 346 static void run_setup_tx_list(struct run_softc *, 347 struct run_endpoint_queue *); 348 static void run_unsetup_tx_list(struct run_softc *, 349 struct run_endpoint_queue *); 350 static int run_load_microcode(struct run_softc *); 351 static int run_reset(struct run_softc *); 352 static usb_error_t run_do_request(struct run_softc *, 353 struct usb_device_request *, void *); 354 static int run_read(struct run_softc *, uint16_t, uint32_t *); 355 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 356 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 357 static int run_write(struct run_softc *, uint16_t, uint32_t); 358 static int run_write_region_1(struct run_softc *, uint16_t, 359 const uint8_t *, int); 360 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 361 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 362 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 363 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 364 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 365 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 366 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 367 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 368 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 369 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 370 static const char *run_get_rf(uint16_t); 371 static void run_rt3593_get_txpower(struct run_softc *); 372 static void run_get_txpower(struct run_softc *); 373 static int run_read_eeprom(struct run_softc *); 374 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 375 const uint8_t mac[IEEE80211_ADDR_LEN]); 376 static int run_media_change(struct ifnet *); 377 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 378 static int run_wme_update(struct ieee80211com *); 379 static void run_key_set_cb(void *); 380 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 381 static void run_key_delete_cb(void *); 382 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 383 static void run_ratectl_to(void *); 384 static void run_ratectl_cb(void *, int); 385 static void run_drain_fifo(void *); 386 static void run_iter_func(void *, struct ieee80211_node *); 387 static void run_newassoc_cb(void *); 388 static void run_newassoc(struct ieee80211_node *, int); 389 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 390 const struct ieee80211_rx_stats *, int, int); 391 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 392 static void run_tx_free(struct run_endpoint_queue *pq, 393 struct run_tx_data *, int); 394 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 395 static int run_tx(struct run_softc *, struct mbuf *, 396 struct ieee80211_node *); 397 static int run_tx_mgt(struct run_softc *, struct mbuf *, 398 struct ieee80211_node *); 399 static int run_sendprot(struct run_softc *, const struct mbuf *, 400 struct ieee80211_node *, int, int); 401 static int run_tx_param(struct run_softc *, struct mbuf *, 402 struct ieee80211_node *, 403 const struct ieee80211_bpf_params *); 404 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 405 const struct ieee80211_bpf_params *); 406 static int run_transmit(struct ieee80211com *, struct mbuf *); 407 static void run_start(struct run_softc *); 408 static void run_parent(struct ieee80211com *); 409 static void run_iq_calib(struct run_softc *, u_int); 410 static void run_set_agc(struct run_softc *, uint8_t); 411 static void run_select_chan_group(struct run_softc *, int); 412 static void run_set_rx_antenna(struct run_softc *, int); 413 static void run_rt2870_set_chan(struct run_softc *, u_int); 414 static void run_rt3070_set_chan(struct run_softc *, u_int); 415 static void run_rt3572_set_chan(struct run_softc *, u_int); 416 static void run_rt3593_set_chan(struct run_softc *, u_int); 417 static void run_rt5390_set_chan(struct run_softc *, u_int); 418 static void run_rt5592_set_chan(struct run_softc *, u_int); 419 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 420 static void run_set_channel(struct ieee80211com *); 421 static void run_scan_start(struct ieee80211com *); 422 static void run_scan_end(struct ieee80211com *); 423 static void run_update_beacon(struct ieee80211vap *, int); 424 static void run_update_beacon_cb(void *); 425 static void run_updateprot(struct ieee80211com *); 426 static void run_updateprot_cb(void *); 427 static void run_usb_timeout_cb(void *); 428 static void run_reset_livelock(struct run_softc *); 429 static void run_enable_tsf_sync(struct run_softc *); 430 static void run_enable_tsf(struct run_softc *); 431 static void run_get_tsf(struct run_softc *, uint64_t *); 432 static void run_enable_mrr(struct run_softc *); 433 static void run_set_txpreamble(struct run_softc *); 434 static void run_set_basicrates(struct run_softc *); 435 static void run_set_leds(struct run_softc *, uint16_t); 436 static void run_set_bssid(struct run_softc *, const uint8_t *); 437 static void run_set_macaddr(struct run_softc *, const uint8_t *); 438 static void run_updateslot(struct ieee80211com *); 439 static void run_updateslot_cb(void *); 440 static void run_update_mcast(struct ieee80211com *); 441 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 442 static void run_update_promisc_locked(struct run_softc *); 443 static void run_update_promisc(struct ieee80211com *); 444 static void run_rt5390_bbp_init(struct run_softc *); 445 static int run_bbp_init(struct run_softc *); 446 static int run_rt3070_rf_init(struct run_softc *); 447 static void run_rt3593_rf_init(struct run_softc *); 448 static void run_rt5390_rf_init(struct run_softc *); 449 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 450 uint8_t *); 451 static void run_rt3070_rf_setup(struct run_softc *); 452 static void run_rt3593_rf_setup(struct run_softc *); 453 static void run_rt5390_rf_setup(struct run_softc *); 454 static int run_txrx_enable(struct run_softc *); 455 static void run_adjust_freq_offset(struct run_softc *); 456 static void run_init_locked(struct run_softc *); 457 static void run_stop(void *); 458 static void run_delay(struct run_softc *, u_int); 459 460 static eventhandler_tag run_etag; 461 462 static const struct rt2860_rate { 463 uint8_t rate; 464 uint8_t mcs; 465 enum ieee80211_phytype phy; 466 uint8_t ctl_ridx; 467 uint16_t sp_ack_dur; 468 uint16_t lp_ack_dur; 469 } rt2860_rates[] = { 470 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 471 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 472 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 473 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 474 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 475 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 476 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 477 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 478 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 479 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 480 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 481 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 482 }; 483 484 static const struct { 485 uint16_t reg; 486 uint32_t val; 487 } rt2870_def_mac[] = { 488 RT2870_DEF_MAC 489 }; 490 491 static const struct { 492 uint8_t reg; 493 uint8_t val; 494 } rt2860_def_bbp[] = { 495 RT2860_DEF_BBP 496 },rt5390_def_bbp[] = { 497 RT5390_DEF_BBP 498 },rt5592_def_bbp[] = { 499 RT5592_DEF_BBP 500 }; 501 502 /* 503 * Default values for BBP register R196 for RT5592. 504 */ 505 static const uint8_t rt5592_bbp_r196[] = { 506 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 507 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 508 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 509 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 510 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 511 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 512 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 513 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 514 0x2e, 0x36, 0x30, 0x6e 515 }; 516 517 static const struct rfprog { 518 uint8_t chan; 519 uint32_t r1, r2, r3, r4; 520 } rt2860_rf2850[] = { 521 RT2860_RF2850 522 }; 523 524 struct { 525 uint8_t n, r, k; 526 } rt3070_freqs[] = { 527 RT3070_RF3052 528 }; 529 530 static const struct rt5592_freqs { 531 uint16_t n; 532 uint8_t k, m, r; 533 } rt5592_freqs_20mhz[] = { 534 RT5592_RF5592_20MHZ 535 },rt5592_freqs_40mhz[] = { 536 RT5592_RF5592_40MHZ 537 }; 538 539 static const struct { 540 uint8_t reg; 541 uint8_t val; 542 } rt3070_def_rf[] = { 543 RT3070_DEF_RF 544 },rt3572_def_rf[] = { 545 RT3572_DEF_RF 546 },rt3593_def_rf[] = { 547 RT3593_DEF_RF 548 },rt5390_def_rf[] = { 549 RT5390_DEF_RF 550 },rt5392_def_rf[] = { 551 RT5392_DEF_RF 552 },rt5592_def_rf[] = { 553 RT5592_DEF_RF 554 },rt5592_2ghz_def_rf[] = { 555 RT5592_2GHZ_DEF_RF 556 },rt5592_5ghz_def_rf[] = { 557 RT5592_5GHZ_DEF_RF 558 }; 559 560 static const struct { 561 u_int firstchan; 562 u_int lastchan; 563 uint8_t reg; 564 uint8_t val; 565 } rt5592_chan_5ghz[] = { 566 RT5592_CHAN_5GHZ 567 }; 568 569 static const struct usb_config run_config[RUN_N_XFER] = { 570 [RUN_BULK_TX_BE] = { 571 .type = UE_BULK, 572 .endpoint = UE_ADDR_ANY, 573 .ep_index = 0, 574 .direction = UE_DIR_OUT, 575 .bufsize = RUN_MAX_TXSZ, 576 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 577 .callback = run_bulk_tx_callback0, 578 .timeout = 5000, /* ms */ 579 }, 580 [RUN_BULK_TX_BK] = { 581 .type = UE_BULK, 582 .endpoint = UE_ADDR_ANY, 583 .direction = UE_DIR_OUT, 584 .ep_index = 1, 585 .bufsize = RUN_MAX_TXSZ, 586 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 587 .callback = run_bulk_tx_callback1, 588 .timeout = 5000, /* ms */ 589 }, 590 [RUN_BULK_TX_VI] = { 591 .type = UE_BULK, 592 .endpoint = UE_ADDR_ANY, 593 .direction = UE_DIR_OUT, 594 .ep_index = 2, 595 .bufsize = RUN_MAX_TXSZ, 596 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 597 .callback = run_bulk_tx_callback2, 598 .timeout = 5000, /* ms */ 599 }, 600 [RUN_BULK_TX_VO] = { 601 .type = UE_BULK, 602 .endpoint = UE_ADDR_ANY, 603 .direction = UE_DIR_OUT, 604 .ep_index = 3, 605 .bufsize = RUN_MAX_TXSZ, 606 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 607 .callback = run_bulk_tx_callback3, 608 .timeout = 5000, /* ms */ 609 }, 610 [RUN_BULK_TX_HCCA] = { 611 .type = UE_BULK, 612 .endpoint = UE_ADDR_ANY, 613 .direction = UE_DIR_OUT, 614 .ep_index = 4, 615 .bufsize = RUN_MAX_TXSZ, 616 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 617 .callback = run_bulk_tx_callback4, 618 .timeout = 5000, /* ms */ 619 }, 620 [RUN_BULK_TX_PRIO] = { 621 .type = UE_BULK, 622 .endpoint = UE_ADDR_ANY, 623 .direction = UE_DIR_OUT, 624 .ep_index = 5, 625 .bufsize = RUN_MAX_TXSZ, 626 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 627 .callback = run_bulk_tx_callback5, 628 .timeout = 5000, /* ms */ 629 }, 630 [RUN_BULK_RX] = { 631 .type = UE_BULK, 632 .endpoint = UE_ADDR_ANY, 633 .direction = UE_DIR_IN, 634 .bufsize = RUN_MAX_RXSZ, 635 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 636 .callback = run_bulk_rx_callback, 637 } 638 }; 639 640 static void 641 run_autoinst(void *arg, struct usb_device *udev, 642 struct usb_attach_arg *uaa) 643 { 644 struct usb_interface *iface; 645 struct usb_interface_descriptor *id; 646 647 if (uaa->dev_state != UAA_DEV_READY) 648 return; 649 650 iface = usbd_get_iface(udev, 0); 651 if (iface == NULL) 652 return; 653 id = iface->idesc; 654 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 655 return; 656 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 657 return; 658 659 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 660 uaa->dev_state = UAA_DEV_EJECTING; 661 } 662 663 static int 664 run_driver_loaded(struct module *mod, int what, void *arg) 665 { 666 switch (what) { 667 case MOD_LOAD: 668 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 669 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 670 break; 671 case MOD_UNLOAD: 672 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 673 break; 674 default: 675 return (EOPNOTSUPP); 676 } 677 return (0); 678 } 679 680 static int 681 run_match(device_t self) 682 { 683 struct usb_attach_arg *uaa = device_get_ivars(self); 684 685 if (uaa->usb_mode != USB_MODE_HOST) 686 return (ENXIO); 687 if (uaa->info.bConfigIndex != 0) 688 return (ENXIO); 689 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 690 return (ENXIO); 691 692 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 693 } 694 695 static int 696 run_attach(device_t self) 697 { 698 struct run_softc *sc = device_get_softc(self); 699 struct usb_attach_arg *uaa = device_get_ivars(self); 700 struct ieee80211com *ic = &sc->sc_ic; 701 uint32_t ver; 702 uint8_t bands[IEEE80211_MODE_BYTES]; 703 uint8_t iface_index; 704 int ntries, error; 705 706 device_set_usb_desc(self); 707 sc->sc_udev = uaa->device; 708 sc->sc_dev = self; 709 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 710 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 711 712 #if defined(__DragonFly__) 713 lockinit(&sc->sc_lock, device_get_nameunit(sc->sc_dev), 714 0, LK_CANRECURSE); 715 #else 716 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 717 MTX_NETWORK_LOCK, MTX_DEF); 718 #endif 719 mbufq_init(&sc->sc_snd, ifqmaxlen); 720 721 iface_index = RT2860_IFACE_INDEX; 722 723 error = usbd_transfer_setup(uaa->device, &iface_index, 724 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_lock); 725 if (error) { 726 device_printf(self, "could not allocate USB transfers, " 727 "err=%s\n", usbd_errstr(error)); 728 goto detach; 729 } 730 731 RUN_LOCK(sc); 732 733 /* wait for the chip to settle */ 734 for (ntries = 0; ntries < 100; ntries++) { 735 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 736 RUN_UNLOCK(sc); 737 goto detach; 738 } 739 if (ver != 0 && ver != 0xffffffff) 740 break; 741 run_delay(sc, 10); 742 } 743 if (ntries == 100) { 744 device_printf(sc->sc_dev, 745 "timeout waiting for NIC to initialize\n"); 746 RUN_UNLOCK(sc); 747 goto detach; 748 } 749 sc->mac_ver = ver >> 16; 750 sc->mac_rev = ver & 0xffff; 751 752 /* retrieve RF rev. no and various other things from EEPROM */ 753 run_read_eeprom(sc); 754 755 device_printf(sc->sc_dev, 756 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 757 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 758 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 759 760 RUN_UNLOCK(sc); 761 762 ic->ic_softc = sc; 763 ic->ic_name = device_get_nameunit(self); 764 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 765 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 766 767 /* set device capabilities */ 768 ic->ic_caps = 769 IEEE80211_C_STA | /* station mode supported */ 770 IEEE80211_C_MONITOR | /* monitor mode supported */ 771 IEEE80211_C_IBSS | 772 IEEE80211_C_HOSTAP | 773 IEEE80211_C_WDS | /* 4-address traffic works */ 774 IEEE80211_C_MBSS | 775 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 776 IEEE80211_C_SHSLOT | /* short slot time supported */ 777 IEEE80211_C_WME | /* WME */ 778 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 779 780 ic->ic_cryptocaps = 781 IEEE80211_CRYPTO_WEP | 782 IEEE80211_CRYPTO_AES_CCM | 783 IEEE80211_CRYPTO_TKIPMIC | 784 IEEE80211_CRYPTO_TKIP; 785 786 ic->ic_flags |= IEEE80211_F_DATAPAD; 787 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 788 789 memset(bands, 0, sizeof(bands)); 790 setbit(bands, IEEE80211_MODE_11B); 791 setbit(bands, IEEE80211_MODE_11G); 792 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 793 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 794 sc->rf_rev == RT5592_RF_5592) 795 setbit(bands, IEEE80211_MODE_11A); 796 ieee80211_init_channels(ic, NULL, bands); 797 798 ieee80211_ifattach(ic); 799 800 ic->ic_scan_start = run_scan_start; 801 ic->ic_scan_end = run_scan_end; 802 ic->ic_set_channel = run_set_channel; 803 ic->ic_node_alloc = run_node_alloc; 804 ic->ic_newassoc = run_newassoc; 805 ic->ic_updateslot = run_updateslot; 806 ic->ic_update_mcast = run_update_mcast; 807 ic->ic_wme.wme_update = run_wme_update; 808 ic->ic_raw_xmit = run_raw_xmit; 809 ic->ic_update_promisc = run_update_promisc; 810 ic->ic_vap_create = run_vap_create; 811 ic->ic_vap_delete = run_vap_delete; 812 ic->ic_transmit = run_transmit; 813 ic->ic_parent = run_parent; 814 815 ieee80211_radiotap_attach(ic, 816 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 817 RUN_TX_RADIOTAP_PRESENT, 818 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 819 RUN_RX_RADIOTAP_PRESENT); 820 821 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 822 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 823 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_lock, 0); 824 825 if (bootverbose) 826 ieee80211_announce(ic); 827 828 return (0); 829 830 detach: 831 run_detach(self); 832 return (ENXIO); 833 } 834 835 static void 836 run_drain_mbufq(struct run_softc *sc) 837 { 838 struct mbuf *m; 839 struct ieee80211_node *ni; 840 841 RUN_LOCK_ASSERT(sc, MA_OWNED); 842 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 843 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 844 m->m_pkthdr.rcvif = NULL; 845 ieee80211_free_node(ni); 846 m_freem(m); 847 } 848 } 849 850 static int 851 run_detach(device_t self) 852 { 853 struct run_softc *sc = device_get_softc(self); 854 struct ieee80211com *ic = &sc->sc_ic; 855 int i; 856 857 RUN_LOCK(sc); 858 sc->sc_detached = 1; 859 RUN_UNLOCK(sc); 860 861 /* stop all USB transfers */ 862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 863 864 RUN_LOCK(sc); 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 872 /* Free TX queue */ 873 run_drain_mbufq(sc); 874 RUN_UNLOCK(sc); 875 876 if (sc->sc_ic.ic_softc == sc) { 877 /* drain tasks */ 878 usb_callout_drain(&sc->ratectl_ch); 879 ieee80211_draintask(ic, &sc->cmdq_task); 880 ieee80211_draintask(ic, &sc->ratectl_task); 881 ieee80211_ifdetach(ic); 882 } 883 884 #if defined(__DragonFly__) 885 lockuninit(&sc->sc_lock); 886 #else 887 mtx_destroy(&sc->sc_mtx); 888 #endif 889 890 return (0); 891 } 892 893 static struct ieee80211vap * 894 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 895 enum ieee80211_opmode opmode, int flags, 896 const uint8_t bssid[IEEE80211_ADDR_LEN], 897 const uint8_t mac[IEEE80211_ADDR_LEN]) 898 { 899 struct run_softc *sc = ic->ic_softc; 900 struct run_vap *rvp; 901 struct ieee80211vap *vap; 902 int i; 903 904 if (sc->rvp_cnt >= RUN_VAP_MAX) { 905 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 906 return (NULL); 907 } 908 909 switch (opmode) { 910 case IEEE80211_M_STA: 911 /* enable s/w bmiss handling for sta mode */ 912 flags |= IEEE80211_CLONE_NOBEACONS; 913 /* fall though */ 914 case IEEE80211_M_IBSS: 915 case IEEE80211_M_MONITOR: 916 case IEEE80211_M_HOSTAP: 917 case IEEE80211_M_MBSS: 918 /* other than WDS vaps, only one at a time */ 919 if (!TAILQ_EMPTY(&ic->ic_vaps)) 920 return (NULL); 921 break; 922 case IEEE80211_M_WDS: 923 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 924 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 925 continue; 926 /* WDS vap's always share the local mac address. */ 927 flags &= ~IEEE80211_CLONE_BSSID; 928 break; 929 } 930 if (vap == NULL) { 931 device_printf(sc->sc_dev, 932 "wds only supported in ap mode\n"); 933 return (NULL); 934 } 935 break; 936 default: 937 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 938 return (NULL); 939 } 940 941 rvp = kmalloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 942 vap = &rvp->vap; 943 944 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 945 bssid) != 0) { 946 /* out of memory */ 947 kfree(rvp, M_80211_VAP); 948 return (NULL); 949 } 950 951 vap->iv_update_beacon = run_update_beacon; 952 vap->iv_max_aid = RT2870_WCID_MAX; 953 /* 954 * To delete the right key from h/w, we need wcid. 955 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 956 * and matching wcid will be written into there. So, cast 957 * some spells to remove 'const' from ieee80211_key{} 958 */ 959 vap->iv_key_delete = (void *)run_key_delete; 960 vap->iv_key_set = (void *)run_key_set; 961 962 /* override state transition machine */ 963 rvp->newstate = vap->iv_newstate; 964 vap->iv_newstate = run_newstate; 965 if (opmode == IEEE80211_M_IBSS) { 966 rvp->recv_mgmt = vap->iv_recv_mgmt; 967 vap->iv_recv_mgmt = run_recv_mgmt; 968 } 969 970 ieee80211_ratectl_init(vap); 971 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 972 973 /* complete setup */ 974 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 975 mac); 976 977 /* make sure id is always unique */ 978 for (i = 0; i < RUN_VAP_MAX; i++) { 979 if((sc->rvp_bmap & 1 << i) == 0){ 980 sc->rvp_bmap |= 1 << i; 981 rvp->rvp_id = i; 982 break; 983 } 984 } 985 if (sc->rvp_cnt++ == 0) 986 ic->ic_opmode = opmode; 987 988 if (opmode == IEEE80211_M_HOSTAP) 989 sc->cmdq_run = RUN_CMDQ_GO; 990 991 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 992 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 993 994 return (vap); 995 } 996 997 static void 998 run_vap_delete(struct ieee80211vap *vap) 999 { 1000 struct run_vap *rvp = RUN_VAP(vap); 1001 struct ieee80211com *ic; 1002 struct run_softc *sc; 1003 uint8_t rvp_id; 1004 1005 if (vap == NULL) 1006 return; 1007 1008 ic = vap->iv_ic; 1009 sc = ic->ic_softc; 1010 1011 RUN_LOCK(sc); 1012 1013 m_freem(rvp->beacon_mbuf); 1014 rvp->beacon_mbuf = NULL; 1015 1016 rvp_id = rvp->rvp_id; 1017 sc->ratectl_run &= ~(1 << rvp_id); 1018 sc->rvp_bmap &= ~(1 << rvp_id); 1019 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1020 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1021 --sc->rvp_cnt; 1022 1023 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1024 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1025 1026 RUN_UNLOCK(sc); 1027 1028 ieee80211_ratectl_deinit(vap); 1029 ieee80211_vap_detach(vap); 1030 kfree(rvp, M_80211_VAP); 1031 } 1032 1033 /* 1034 * There are numbers of functions need to be called in context thread. 1035 * Rather than creating taskqueue event for each of those functions, 1036 * here is all-for-one taskqueue callback function. This function 1037 * guarantees deferred functions are executed in the same order they 1038 * were enqueued. 1039 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1040 */ 1041 static void 1042 run_cmdq_cb(void *arg, int pending) 1043 { 1044 struct run_softc *sc = arg; 1045 uint8_t i; 1046 1047 /* call cmdq[].func locked */ 1048 RUN_LOCK(sc); 1049 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1050 i = sc->cmdq_exec, pending--) { 1051 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1052 if (sc->cmdq_run == RUN_CMDQ_GO) { 1053 /* 1054 * If arg0 is NULL, callback func needs more 1055 * than one arg. So, pass ptr to cmdq struct. 1056 */ 1057 if (sc->cmdq[i].arg0) 1058 sc->cmdq[i].func(sc->cmdq[i].arg0); 1059 else 1060 sc->cmdq[i].func(&sc->cmdq[i]); 1061 } 1062 sc->cmdq[i].arg0 = NULL; 1063 sc->cmdq[i].func = NULL; 1064 sc->cmdq_exec++; 1065 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1066 } 1067 RUN_UNLOCK(sc); 1068 } 1069 1070 static void 1071 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1072 { 1073 struct run_tx_data *data; 1074 1075 memset(pq, 0, sizeof(*pq)); 1076 1077 STAILQ_INIT(&pq->tx_qh); 1078 STAILQ_INIT(&pq->tx_fh); 1079 1080 for (data = &pq->tx_data[0]; 1081 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1082 data->sc = sc; 1083 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1084 } 1085 pq->tx_nfree = RUN_TX_RING_COUNT; 1086 } 1087 1088 static void 1089 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1090 { 1091 struct run_tx_data *data; 1092 1093 /* make sure any subsequent use of the queues will fail */ 1094 pq->tx_nfree = 0; 1095 STAILQ_INIT(&pq->tx_fh); 1096 STAILQ_INIT(&pq->tx_qh); 1097 1098 /* free up all node references and mbufs */ 1099 for (data = &pq->tx_data[0]; 1100 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1101 if (data->m != NULL) { 1102 m_freem(data->m); 1103 data->m = NULL; 1104 } 1105 if (data->ni != NULL) { 1106 ieee80211_free_node(data->ni); 1107 data->ni = NULL; 1108 } 1109 } 1110 } 1111 1112 static int 1113 run_load_microcode(struct run_softc *sc) 1114 { 1115 usb_device_request_t req; 1116 const struct firmware *fw; 1117 const u_char *base; 1118 uint32_t tmp; 1119 int ntries, error; 1120 const uint64_t *temp; 1121 uint64_t bytes; 1122 1123 RUN_UNLOCK(sc); 1124 fw = firmware_get("runfw"); 1125 RUN_LOCK(sc); 1126 if (fw == NULL) { 1127 device_printf(sc->sc_dev, 1128 "failed loadfirmware of file %s\n", "runfw"); 1129 return ENOENT; 1130 } 1131 1132 if (fw->datasize != 8192) { 1133 device_printf(sc->sc_dev, 1134 "invalid firmware size (should be 8KB)\n"); 1135 error = EINVAL; 1136 goto fail; 1137 } 1138 1139 /* 1140 * RT3071/RT3072 use a different firmware 1141 * run-rt2870 (8KB) contains both, 1142 * first half (4KB) is for rt2870, 1143 * last half is for rt3071. 1144 */ 1145 base = fw->data; 1146 if ((sc->mac_ver) != 0x2860 && 1147 (sc->mac_ver) != 0x2872 && 1148 (sc->mac_ver) != 0x3070) { 1149 base += 4096; 1150 } 1151 1152 /* cheap sanity check */ 1153 temp = (const void *)fw->data; 1154 bytes = *temp; 1155 if (bytes != be64toh(0xffffff0210280210ULL)) { 1156 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1157 error = EINVAL; 1158 goto fail; 1159 } 1160 1161 /* write microcode image */ 1162 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1163 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1164 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1165 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1166 } 1167 1168 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1169 req.bRequest = RT2870_RESET; 1170 USETW(req.wValue, 8); 1171 USETW(req.wIndex, 0); 1172 USETW(req.wLength, 0); 1173 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL)) 1174 != 0) { 1175 device_printf(sc->sc_dev, "firmware reset failed\n"); 1176 goto fail; 1177 } 1178 1179 run_delay(sc, 10); 1180 1181 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1182 run_write(sc, RT2860_H2M_MAILBOX, 0); 1183 run_write(sc, RT2860_H2M_INTSRC, 0); 1184 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1185 goto fail; 1186 1187 /* wait until microcontroller is ready */ 1188 for (ntries = 0; ntries < 1000; ntries++) { 1189 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1190 goto fail; 1191 if (tmp & RT2860_MCU_READY) 1192 break; 1193 run_delay(sc, 10); 1194 } 1195 if (ntries == 1000) { 1196 device_printf(sc->sc_dev, 1197 "timeout waiting for MCU to initialize\n"); 1198 error = ETIMEDOUT; 1199 goto fail; 1200 } 1201 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1202 (base == fw->data) ? "RT2870" : "RT3071", 1203 *(base + 4092), *(base + 4093)); 1204 1205 fail: 1206 firmware_put(fw, FIRMWARE_UNLOAD); 1207 return (error); 1208 } 1209 1210 static int 1211 run_reset(struct run_softc *sc) 1212 { 1213 usb_device_request_t req; 1214 1215 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1216 req.bRequest = RT2870_RESET; 1217 USETW(req.wValue, 1); 1218 USETW(req.wIndex, 0); 1219 USETW(req.wLength, 0); 1220 return (usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL)); 1221 } 1222 1223 static usb_error_t 1224 run_do_request(struct run_softc *sc, 1225 struct usb_device_request *req, void *data) 1226 { 1227 usb_error_t err = 0; /* assign to whack bogus gcc warning */ 1228 int ntries = 10; 1229 1230 RUN_LOCK_ASSERT(sc, MA_OWNED); 1231 1232 while (ntries--) { 1233 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_lock, 1234 req, data, 0, NULL, 250 /* ms */); 1235 if (err == 0) 1236 break; 1237 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1238 usbd_errstr(err)); 1239 run_delay(sc, 10); 1240 } 1241 return (err); 1242 } 1243 1244 static int 1245 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1246 { 1247 uint32_t tmp; 1248 int error; 1249 1250 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1251 if (error == 0) 1252 *val = le32toh(tmp); 1253 else 1254 *val = 0xffffffff; 1255 return (error); 1256 } 1257 1258 static int 1259 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1260 { 1261 usb_device_request_t req; 1262 1263 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1264 req.bRequest = RT2870_READ_REGION_1; 1265 USETW(req.wValue, 0); 1266 USETW(req.wIndex, reg); 1267 USETW(req.wLength, len); 1268 1269 return (run_do_request(sc, &req, buf)); 1270 } 1271 1272 static int 1273 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1274 { 1275 usb_device_request_t req; 1276 1277 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1278 req.bRequest = RT2870_WRITE_2; 1279 USETW(req.wValue, val); 1280 USETW(req.wIndex, reg); 1281 USETW(req.wLength, 0); 1282 1283 return (run_do_request(sc, &req, NULL)); 1284 } 1285 1286 static int 1287 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1288 { 1289 int error; 1290 1291 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1292 error = run_write_2(sc, reg + 2, val >> 16); 1293 return (error); 1294 } 1295 1296 static int 1297 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1298 int len) 1299 { 1300 #if 1 1301 int i, error = 0; 1302 /* 1303 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1304 * We thus issue multiple WRITE_2 commands instead. 1305 */ 1306 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1307 for (i = 0; i < len && error == 0; i += 2) 1308 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1309 return (error); 1310 #else 1311 usb_device_request_t req; 1312 int error = 0; 1313 1314 /* 1315 * NOTE: It appears the WRITE_REGION_1 command cannot be 1316 * passed a huge amount of data, which will crash the 1317 * firmware. Limit amount of data passed to 64-bytes at a 1318 * time. 1319 */ 1320 while (len > 0) { 1321 int delta = 64; 1322 if (delta > len) 1323 delta = len; 1324 1325 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1326 req.bRequest = RT2870_WRITE_REGION_1; 1327 USETW(req.wValue, 0); 1328 USETW(req.wIndex, reg); 1329 USETW(req.wLength, delta); 1330 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1331 if (error != 0) 1332 break; 1333 reg += delta; 1334 buf += delta; 1335 len -= delta; 1336 } 1337 return (error); 1338 #endif 1339 } 1340 1341 static int 1342 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1343 { 1344 int i, error = 0; 1345 1346 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1347 for (i = 0; i < len && error == 0; i += 4) 1348 error = run_write(sc, reg + i, val); 1349 return (error); 1350 } 1351 1352 static int 1353 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1354 { 1355 uint32_t tmp; 1356 uint16_t reg; 1357 int error, ntries; 1358 1359 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1360 return (error); 1361 1362 if (count == 2) 1363 addr *= 2; 1364 /*- 1365 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1366 * DATA0: F E D C 1367 * DATA1: B A 9 8 1368 * DATA2: 7 6 5 4 1369 * DATA3: 3 2 1 0 1370 */ 1371 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1372 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1373 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1374 for (ntries = 0; ntries < 100; ntries++) { 1375 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1376 return (error); 1377 if (!(tmp & RT3070_EFSROM_KICK)) 1378 break; 1379 run_delay(sc, 2); 1380 } 1381 if (ntries == 100) 1382 return (ETIMEDOUT); 1383 1384 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1385 *val = 0xffff; /* address not found */ 1386 return (0); 1387 } 1388 /* determine to which 32-bit register our 16-bit word belongs */ 1389 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1390 if ((error = run_read(sc, reg, &tmp)) != 0) 1391 return (error); 1392 1393 tmp >>= (8 * (addr & 0x3)); 1394 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1395 1396 return (0); 1397 } 1398 1399 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1400 static int 1401 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1402 { 1403 return (run_efuse_read(sc, addr, val, 2)); 1404 } 1405 1406 static int 1407 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1408 { 1409 usb_device_request_t req; 1410 uint16_t tmp; 1411 int error; 1412 1413 addr *= 2; 1414 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1415 req.bRequest = RT2870_EEPROM_READ; 1416 USETW(req.wValue, 0); 1417 USETW(req.wIndex, addr); 1418 USETW(req.wLength, sizeof(tmp)); 1419 1420 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, &tmp); 1421 if (error == 0) 1422 *val = le16toh(tmp); 1423 else 1424 *val = 0xffff; 1425 return (error); 1426 } 1427 1428 static __inline int 1429 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1430 { 1431 /* either eFUSE ROM or EEPROM */ 1432 return sc->sc_srom_read(sc, addr, val); 1433 } 1434 1435 static int 1436 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1437 { 1438 uint32_t tmp; 1439 int error, ntries; 1440 1441 for (ntries = 0; ntries < 10; ntries++) { 1442 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1443 return (error); 1444 if (!(tmp & RT2860_RF_REG_CTRL)) 1445 break; 1446 } 1447 if (ntries == 10) 1448 return (ETIMEDOUT); 1449 1450 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1451 } 1452 1453 static int 1454 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1455 { 1456 uint32_t tmp; 1457 int error, ntries; 1458 1459 *val = 0; 1460 for (ntries = 0; ntries < 100; ntries++) { 1461 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1462 return (error); 1463 if (!(tmp & RT3070_RF_KICK)) 1464 break; 1465 } 1466 if (ntries == 100) 1467 return (ETIMEDOUT); 1468 1469 tmp = RT3070_RF_KICK | reg << 8; 1470 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1471 return (error); 1472 1473 for (ntries = 0; ntries < 100; ntries++) { 1474 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1475 return (error); 1476 if (!(tmp & RT3070_RF_KICK)) 1477 break; 1478 } 1479 if (ntries == 100) 1480 return (ETIMEDOUT); 1481 1482 *val = tmp & 0xff; 1483 return (0); 1484 } 1485 1486 static int 1487 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1488 { 1489 uint32_t tmp; 1490 int error, ntries; 1491 1492 for (ntries = 0; ntries < 10; ntries++) { 1493 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1494 return (error); 1495 if (!(tmp & RT3070_RF_KICK)) 1496 break; 1497 } 1498 if (ntries == 10) 1499 return (ETIMEDOUT); 1500 1501 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1502 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1503 } 1504 1505 static int 1506 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1507 { 1508 uint32_t tmp; 1509 int ntries, error; 1510 1511 for (ntries = 0; ntries < 10; ntries++) { 1512 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1513 return (error); 1514 if (!(tmp & RT2860_BBP_CSR_KICK)) 1515 break; 1516 } 1517 if (ntries == 10) 1518 return (ETIMEDOUT); 1519 1520 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1521 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1522 return (error); 1523 1524 for (ntries = 0; ntries < 10; ntries++) { 1525 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1526 return (error); 1527 if (!(tmp & RT2860_BBP_CSR_KICK)) 1528 break; 1529 } 1530 if (ntries == 10) 1531 return (ETIMEDOUT); 1532 1533 *val = tmp & 0xff; 1534 return (0); 1535 } 1536 1537 static int 1538 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1539 { 1540 uint32_t tmp; 1541 int ntries, error; 1542 1543 for (ntries = 0; ntries < 10; ntries++) { 1544 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1545 return (error); 1546 if (!(tmp & RT2860_BBP_CSR_KICK)) 1547 break; 1548 } 1549 if (ntries == 10) 1550 return (ETIMEDOUT); 1551 1552 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1553 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1554 } 1555 1556 /* 1557 * Send a command to the 8051 microcontroller unit. 1558 */ 1559 static int 1560 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1561 { 1562 uint32_t tmp; 1563 int error, ntries; 1564 1565 for (ntries = 0; ntries < 100; ntries++) { 1566 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1567 return error; 1568 if (!(tmp & RT2860_H2M_BUSY)) 1569 break; 1570 } 1571 if (ntries == 100) 1572 return ETIMEDOUT; 1573 1574 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1575 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1576 error = run_write(sc, RT2860_HOST_CMD, cmd); 1577 return (error); 1578 } 1579 1580 /* 1581 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1582 * Used to adjust per-rate Tx power registers. 1583 */ 1584 static __inline uint32_t 1585 b4inc(uint32_t b32, int8_t delta) 1586 { 1587 int8_t i, b4; 1588 1589 for (i = 0; i < 8; i++) { 1590 b4 = b32 & 0xf; 1591 b4 += delta; 1592 if (b4 < 0) 1593 b4 = 0; 1594 else if (b4 > 0xf) 1595 b4 = 0xf; 1596 b32 = b32 >> 4 | b4 << 28; 1597 } 1598 return (b32); 1599 } 1600 1601 static const char * 1602 run_get_rf(uint16_t rev) 1603 { 1604 switch (rev) { 1605 case RT2860_RF_2820: return "RT2820"; 1606 case RT2860_RF_2850: return "RT2850"; 1607 case RT2860_RF_2720: return "RT2720"; 1608 case RT2860_RF_2750: return "RT2750"; 1609 case RT3070_RF_3020: return "RT3020"; 1610 case RT3070_RF_2020: return "RT2020"; 1611 case RT3070_RF_3021: return "RT3021"; 1612 case RT3070_RF_3022: return "RT3022"; 1613 case RT3070_RF_3052: return "RT3052"; 1614 case RT3593_RF_3053: return "RT3053"; 1615 case RT5592_RF_5592: return "RT5592"; 1616 case RT5390_RF_5370: return "RT5370"; 1617 case RT5390_RF_5372: return "RT5372"; 1618 } 1619 return ("unknown"); 1620 } 1621 1622 static void 1623 run_rt3593_get_txpower(struct run_softc *sc) 1624 { 1625 uint16_t addr, val; 1626 int i; 1627 1628 /* Read power settings for 2GHz channels. */ 1629 for (i = 0; i < 14; i += 2) { 1630 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1631 RT2860_EEPROM_PWR2GHZ_BASE1; 1632 run_srom_read(sc, addr + i / 2, &val); 1633 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1634 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1635 1636 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1637 RT2860_EEPROM_PWR2GHZ_BASE2; 1638 run_srom_read(sc, addr + i / 2, &val); 1639 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1640 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1641 1642 if (sc->ntxchains == 3) { 1643 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1644 &val); 1645 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1646 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1647 } 1648 } 1649 /* Fix broken Tx power entries. */ 1650 for (i = 0; i < 14; i++) { 1651 if (sc->txpow1[i] > 31) 1652 sc->txpow1[i] = 5; 1653 if (sc->txpow2[i] > 31) 1654 sc->txpow2[i] = 5; 1655 if (sc->ntxchains == 3) { 1656 if (sc->txpow3[i] > 31) 1657 sc->txpow3[i] = 5; 1658 } 1659 } 1660 /* Read power settings for 5GHz channels. */ 1661 for (i = 0; i < 40; i += 2) { 1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1663 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1664 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1665 1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1667 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1668 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1669 1670 if (sc->ntxchains == 3) { 1671 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1672 &val); 1673 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1674 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1675 } 1676 } 1677 } 1678 1679 static void 1680 run_get_txpower(struct run_softc *sc) 1681 { 1682 uint16_t val; 1683 int i; 1684 1685 /* Read power settings for 2GHz channels. */ 1686 for (i = 0; i < 14; i += 2) { 1687 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1688 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1689 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1690 1691 if (sc->mac_ver != 0x5390) { 1692 run_srom_read(sc, 1693 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1694 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1695 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1696 } 1697 } 1698 /* Fix broken Tx power entries. */ 1699 for (i = 0; i < 14; i++) { 1700 if (sc->mac_ver >= 0x5390) { 1701 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1702 sc->txpow1[i] = 5; 1703 } else { 1704 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1705 sc->txpow1[i] = 5; 1706 } 1707 if (sc->mac_ver > 0x5390) { 1708 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1709 sc->txpow2[i] = 5; 1710 } else if (sc->mac_ver < 0x5390) { 1711 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1712 sc->txpow2[i] = 5; 1713 } 1714 DPRINTF("chan %d: power1=%d, power2=%d\n", 1715 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1716 } 1717 /* Read power settings for 5GHz channels. */ 1718 for (i = 0; i < 40; i += 2) { 1719 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1720 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1721 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1722 1723 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1724 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1725 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1726 } 1727 /* Fix broken Tx power entries. */ 1728 for (i = 0; i < 40; i++ ) { 1729 if (sc->mac_ver != 0x5592) { 1730 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1731 sc->txpow1[14 + i] = 5; 1732 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1733 sc->txpow2[14 + i] = 5; 1734 } 1735 DPRINTF("chan %d: power1=%d, power2=%d\n", 1736 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1737 sc->txpow2[14 + i]); 1738 } 1739 } 1740 1741 static int 1742 run_read_eeprom(struct run_softc *sc) 1743 { 1744 struct ieee80211com *ic = &sc->sc_ic; 1745 int8_t delta_2ghz, delta_5ghz; 1746 uint32_t tmp; 1747 uint16_t val; 1748 int ridx, ant, i; 1749 1750 /* check whether the ROM is eFUSE ROM or EEPROM */ 1751 sc->sc_srom_read = run_eeprom_read_2; 1752 if (sc->mac_ver >= 0x3070) { 1753 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1754 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1755 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1756 sc->sc_srom_read = run_efuse_read_2; 1757 } 1758 1759 /* read ROM version */ 1760 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1761 DPRINTF("EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1762 1763 /* read MAC address */ 1764 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1765 ic->ic_macaddr[0] = val & 0xff; 1766 ic->ic_macaddr[1] = val >> 8; 1767 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1768 ic->ic_macaddr[2] = val & 0xff; 1769 ic->ic_macaddr[3] = val >> 8; 1770 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1771 ic->ic_macaddr[4] = val & 0xff; 1772 ic->ic_macaddr[5] = val >> 8; 1773 1774 if (sc->mac_ver < 0x3593) { 1775 /* read vender BBP settings */ 1776 for (i = 0; i < 10; i++) { 1777 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1778 sc->bbp[i].val = val & 0xff; 1779 sc->bbp[i].reg = val >> 8; 1780 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1781 sc->bbp[i].val); 1782 } 1783 if (sc->mac_ver >= 0x3071) { 1784 /* read vendor RF settings */ 1785 for (i = 0; i < 10; i++) { 1786 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1787 &val); 1788 sc->rf[i].val = val & 0xff; 1789 sc->rf[i].reg = val >> 8; 1790 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1791 sc->rf[i].val); 1792 } 1793 } 1794 } 1795 1796 /* read RF frequency offset from EEPROM */ 1797 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1798 RT3593_EEPROM_FREQ, &val); 1799 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1800 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1801 1802 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1803 RT3593_EEPROM_FREQ_LEDS, &val); 1804 if (val >> 8 != 0xff) { 1805 /* read LEDs operating mode */ 1806 sc->leds = val >> 8; 1807 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1808 RT3593_EEPROM_LED1, &sc->led[0]); 1809 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1810 RT3593_EEPROM_LED2, &sc->led[1]); 1811 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1812 RT3593_EEPROM_LED3, &sc->led[2]); 1813 } else { 1814 /* broken EEPROM, use default settings */ 1815 sc->leds = 0x01; 1816 sc->led[0] = 0x5555; 1817 sc->led[1] = 0x2221; 1818 sc->led[2] = 0x5627; /* differs from RT2860 */ 1819 } 1820 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1821 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1822 1823 /* read RF information */ 1824 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1825 run_srom_read(sc, 0x00, &val); 1826 else 1827 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1828 1829 if (val == 0xffff) { 1830 device_printf(sc->sc_dev, 1831 "invalid EEPROM antenna info, using default\n"); 1832 DPRINTF("invalid EEPROM antenna info, using default\n"); 1833 if (sc->mac_ver == 0x3572) { 1834 /* default to RF3052 2T2R */ 1835 sc->rf_rev = RT3070_RF_3052; 1836 sc->ntxchains = 2; 1837 sc->nrxchains = 2; 1838 } else if (sc->mac_ver >= 0x3070) { 1839 /* default to RF3020 1T1R */ 1840 sc->rf_rev = RT3070_RF_3020; 1841 sc->ntxchains = 1; 1842 sc->nrxchains = 1; 1843 } else { 1844 /* default to RF2820 1T2R */ 1845 sc->rf_rev = RT2860_RF_2820; 1846 sc->ntxchains = 1; 1847 sc->nrxchains = 2; 1848 } 1849 } else { 1850 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1851 sc->rf_rev = val; 1852 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1853 } else 1854 sc->rf_rev = (val >> 8) & 0xf; 1855 sc->ntxchains = (val >> 4) & 0xf; 1856 sc->nrxchains = val & 0xf; 1857 } 1858 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1859 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1860 1861 /* check if RF supports automatic Tx access gain control */ 1862 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1863 DPRINTF("EEPROM CFG 0x%04x\n", val); 1864 /* check if driver should patch the DAC issue */ 1865 if ((val >> 8) != 0xff) 1866 sc->patch_dac = (val >> 15) & 1; 1867 if ((val & 0xff) != 0xff) { 1868 sc->ext_5ghz_lna = (val >> 3) & 1; 1869 sc->ext_2ghz_lna = (val >> 2) & 1; 1870 /* check if RF supports automatic Tx access gain control */ 1871 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1872 /* check if we have a hardware radio switch */ 1873 sc->rfswitch = val & 1; 1874 } 1875 1876 /* Read Tx power settings. */ 1877 if (sc->mac_ver == 0x3593) 1878 run_rt3593_get_txpower(sc); 1879 else 1880 run_get_txpower(sc); 1881 1882 /* read Tx power compensation for each Tx rate */ 1883 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1884 delta_2ghz = delta_5ghz = 0; 1885 if ((val & 0xff) != 0xff && (val & 0x80)) { 1886 delta_2ghz = val & 0xf; 1887 if (!(val & 0x40)) /* negative number */ 1888 delta_2ghz = -delta_2ghz; 1889 } 1890 val >>= 8; 1891 if ((val & 0xff) != 0xff && (val & 0x80)) { 1892 delta_5ghz = val & 0xf; 1893 if (!(val & 0x40)) /* negative number */ 1894 delta_5ghz = -delta_5ghz; 1895 } 1896 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1897 delta_2ghz, delta_5ghz); 1898 1899 for (ridx = 0; ridx < 5; ridx++) { 1900 uint32_t reg; 1901 1902 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1903 reg = val; 1904 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1905 reg |= (uint32_t)val << 16; 1906 1907 sc->txpow20mhz[ridx] = reg; 1908 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1909 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1910 1911 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1912 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1913 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1914 } 1915 1916 /* Read RSSI offsets and LNA gains from EEPROM. */ 1917 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1918 RT3593_EEPROM_RSSI1_2GHZ, &val); 1919 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1920 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1921 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1922 RT3593_EEPROM_RSSI2_2GHZ, &val); 1923 if (sc->mac_ver >= 0x3070) { 1924 if (sc->mac_ver == 0x3593) { 1925 sc->txmixgain_2ghz = 0; 1926 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1927 } else { 1928 /* 1929 * On RT3070 chips (limited to 2 Rx chains), this ROM 1930 * field contains the Tx mixer gain for the 2GHz band. 1931 */ 1932 if ((val & 0xff) != 0xff) 1933 sc->txmixgain_2ghz = val & 0x7; 1934 } 1935 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1936 } else 1937 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1938 if (sc->mac_ver == 0x3593) 1939 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1940 sc->lna[2] = val >> 8; /* channel group 2 */ 1941 1942 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1943 RT3593_EEPROM_RSSI1_5GHZ, &val); 1944 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1945 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1946 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1947 RT3593_EEPROM_RSSI2_5GHZ, &val); 1948 if (sc->mac_ver == 0x3572) { 1949 /* 1950 * On RT3572 chips (limited to 2 Rx chains), this ROM 1951 * field contains the Tx mixer gain for the 5GHz band. 1952 */ 1953 if ((val & 0xff) != 0xff) 1954 sc->txmixgain_5ghz = val & 0x7; 1955 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1956 } else 1957 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1958 if (sc->mac_ver == 0x3593) { 1959 sc->txmixgain_5ghz = 0; 1960 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1961 } 1962 sc->lna[3] = val >> 8; /* channel group 3 */ 1963 1964 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1965 RT3593_EEPROM_LNA, &val); 1966 sc->lna[0] = val & 0xff; /* channel group 0 */ 1967 sc->lna[1] = val >> 8; /* channel group 1 */ 1968 1969 /* fix broken 5GHz LNA entries */ 1970 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1971 DPRINTF("invalid LNA for channel group %d\n", 2); 1972 sc->lna[2] = sc->lna[1]; 1973 } 1974 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1975 DPRINTF("invalid LNA for channel group %d\n", 3); 1976 sc->lna[3] = sc->lna[1]; 1977 } 1978 1979 /* fix broken RSSI offset entries */ 1980 for (ant = 0; ant < 3; ant++) { 1981 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1982 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1983 ant + 1, sc->rssi_2ghz[ant]); 1984 sc->rssi_2ghz[ant] = 0; 1985 } 1986 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1987 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1988 ant + 1, sc->rssi_5ghz[ant]); 1989 sc->rssi_5ghz[ant] = 0; 1990 } 1991 } 1992 return (0); 1993 } 1994 1995 static struct ieee80211_node * 1996 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1997 { 1998 return kmalloc(sizeof (struct run_node), M_DEVBUF, M_WAITOK | M_ZERO); 1999 } 2000 2001 static int 2002 run_media_change(struct ifnet *ifp) 2003 { 2004 struct ieee80211vap *vap = ifp->if_softc; 2005 struct ieee80211com *ic = vap->iv_ic; 2006 const struct ieee80211_txparam *tp; 2007 struct run_softc *sc = ic->ic_softc; 2008 uint8_t rate, ridx; 2009 int error; 2010 2011 RUN_LOCK(sc); 2012 2013 error = ieee80211_media_change(ifp); 2014 if (error != ENETRESET) { 2015 RUN_UNLOCK(sc); 2016 return (error); 2017 } 2018 2019 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2020 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2021 struct ieee80211_node *ni; 2022 struct run_node *rn; 2023 2024 rate = ic->ic_sup_rates[ic->ic_curmode]. 2025 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2026 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2027 if (rt2860_rates[ridx].rate == rate) 2028 break; 2029 ni = ieee80211_ref_node(vap->iv_bss); 2030 rn = RUN_NODE(ni); 2031 rn->fix_ridx = ridx; 2032 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2033 ieee80211_free_node(ni); 2034 } 2035 2036 #if 0 2037 if ((ifp->if_flags & IFF_UP) && 2038 (ifp->if_drv_flags & RUN_RUNNING)){ 2039 run_init_locked(sc); 2040 } 2041 #endif 2042 2043 RUN_UNLOCK(sc); 2044 2045 return (0); 2046 } 2047 2048 static int 2049 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2050 { 2051 const struct ieee80211_txparam *tp; 2052 struct ieee80211com *ic = vap->iv_ic; 2053 struct run_softc *sc = ic->ic_softc; 2054 struct run_vap *rvp = RUN_VAP(vap); 2055 enum ieee80211_state ostate; 2056 uint32_t sta[3]; 2057 uint32_t tmp; 2058 uint8_t ratectl; 2059 uint8_t restart_ratectl = 0; 2060 uint8_t bid = 1 << rvp->rvp_id; 2061 2062 ostate = vap->iv_state; 2063 DPRINTF("%s -> %s\n", 2064 ieee80211_state_name[ostate], 2065 ieee80211_state_name[nstate]); 2066 2067 IEEE80211_UNLOCK(ic); 2068 RUN_LOCK(sc); 2069 2070 ratectl = sc->ratectl_run; /* remember current state */ 2071 sc->ratectl_run = RUN_RATECTL_OFF; 2072 usb_callout_stop(&sc->ratectl_ch); 2073 2074 if (ostate == IEEE80211_S_RUN) { 2075 /* turn link LED off */ 2076 run_set_leds(sc, RT2860_LED_RADIO); 2077 } 2078 2079 switch (nstate) { 2080 case IEEE80211_S_INIT: 2081 restart_ratectl = 1; 2082 2083 if (ostate != IEEE80211_S_RUN) 2084 break; 2085 2086 ratectl &= ~bid; 2087 sc->runbmap &= ~bid; 2088 2089 /* abort TSF synchronization if there is no vap running */ 2090 if (--sc->running == 0) { 2091 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2092 run_write(sc, RT2860_BCN_TIME_CFG, 2093 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2094 RT2860_TBTT_TIMER_EN)); 2095 } 2096 break; 2097 2098 case IEEE80211_S_RUN: 2099 if (!(sc->runbmap & bid)) { 2100 if(sc->running++) 2101 restart_ratectl = 1; 2102 sc->runbmap |= bid; 2103 } 2104 2105 m_freem(rvp->beacon_mbuf); 2106 rvp->beacon_mbuf = NULL; 2107 2108 switch (vap->iv_opmode) { 2109 case IEEE80211_M_HOSTAP: 2110 case IEEE80211_M_MBSS: 2111 sc->ap_running |= bid; 2112 ic->ic_opmode = vap->iv_opmode; 2113 run_update_beacon_cb(vap); 2114 break; 2115 case IEEE80211_M_IBSS: 2116 sc->adhoc_running |= bid; 2117 if (!sc->ap_running) 2118 ic->ic_opmode = vap->iv_opmode; 2119 run_update_beacon_cb(vap); 2120 break; 2121 case IEEE80211_M_STA: 2122 sc->sta_running |= bid; 2123 if (!sc->ap_running && !sc->adhoc_running) 2124 ic->ic_opmode = vap->iv_opmode; 2125 2126 /* read statistic counters (clear on read) */ 2127 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2128 (uint8_t *)sta, sizeof sta); 2129 2130 break; 2131 default: 2132 ic->ic_opmode = vap->iv_opmode; 2133 break; 2134 } 2135 2136 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2137 struct ieee80211_node *ni; 2138 2139 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2140 RUN_UNLOCK(sc); 2141 IEEE80211_LOCK(ic); 2142 return (-1); 2143 } 2144 run_updateslot(ic); 2145 run_enable_mrr(sc); 2146 run_set_txpreamble(sc); 2147 run_set_basicrates(sc); 2148 ni = ieee80211_ref_node(vap->iv_bss); 2149 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2150 run_set_bssid(sc, sc->sc_bssid); 2151 ieee80211_free_node(ni); 2152 run_enable_tsf_sync(sc); 2153 2154 /* enable automatic rate adaptation */ 2155 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2156 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2157 ratectl |= bid; 2158 } else 2159 run_enable_tsf(sc); 2160 2161 /* turn link LED on */ 2162 run_set_leds(sc, RT2860_LED_RADIO | 2163 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2164 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2165 2166 break; 2167 default: 2168 DPRINTFN(6, "undefined case\n"); 2169 break; 2170 } 2171 2172 /* restart amrr for running VAPs */ 2173 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2174 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2175 2176 RUN_UNLOCK(sc); 2177 IEEE80211_LOCK(ic); 2178 2179 return(rvp->newstate(vap, nstate, arg)); 2180 } 2181 2182 static int 2183 run_wme_update(struct ieee80211com *ic) 2184 { 2185 struct run_softc *sc = ic->ic_softc; 2186 const struct wmeParams *ac = 2187 ic->ic_wme.wme_chanParams.cap_wmeParams; 2188 int aci, error = 0; 2189 2190 /* update MAC TX configuration registers */ 2191 RUN_LOCK(sc); 2192 for (aci = 0; aci < WME_NUM_AC; aci++) { 2193 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2194 ac[aci].wmep_logcwmax << 16 | 2195 ac[aci].wmep_logcwmin << 12 | 2196 ac[aci].wmep_aifsn << 8 | 2197 ac[aci].wmep_txopLimit); 2198 if (error) goto err; 2199 } 2200 2201 /* update SCH/DMA registers too */ 2202 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2203 ac[WME_AC_VO].wmep_aifsn << 12 | 2204 ac[WME_AC_VI].wmep_aifsn << 8 | 2205 ac[WME_AC_BK].wmep_aifsn << 4 | 2206 ac[WME_AC_BE].wmep_aifsn); 2207 if (error) goto err; 2208 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2209 ac[WME_AC_VO].wmep_logcwmin << 12 | 2210 ac[WME_AC_VI].wmep_logcwmin << 8 | 2211 ac[WME_AC_BK].wmep_logcwmin << 4 | 2212 ac[WME_AC_BE].wmep_logcwmin); 2213 if (error) goto err; 2214 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2215 ac[WME_AC_VO].wmep_logcwmax << 12 | 2216 ac[WME_AC_VI].wmep_logcwmax << 8 | 2217 ac[WME_AC_BK].wmep_logcwmax << 4 | 2218 ac[WME_AC_BE].wmep_logcwmax); 2219 if (error) goto err; 2220 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2221 ac[WME_AC_BK].wmep_txopLimit << 16 | 2222 ac[WME_AC_BE].wmep_txopLimit); 2223 if (error) goto err; 2224 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2225 ac[WME_AC_VO].wmep_txopLimit << 16 | 2226 ac[WME_AC_VI].wmep_txopLimit); 2227 2228 err: 2229 RUN_UNLOCK(sc); 2230 if (error) 2231 DPRINTF("WME update failed\n"); 2232 2233 return (error); 2234 } 2235 2236 static void 2237 run_key_set_cb(void *arg) 2238 { 2239 struct run_cmdq *cmdq = arg; 2240 struct ieee80211vap *vap = cmdq->arg1; 2241 struct ieee80211_key *k = cmdq->k; 2242 struct ieee80211com *ic = vap->iv_ic; 2243 struct run_softc *sc = ic->ic_softc; 2244 struct ieee80211_node *ni; 2245 u_int cipher = k->wk_cipher->ic_cipher; 2246 uint32_t attr; 2247 uint16_t base, associd; 2248 uint8_t mode, wcid, iv[8]; 2249 2250 RUN_LOCK_ASSERT(sc, MA_OWNED); 2251 2252 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2253 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2254 else 2255 ni = vap->iv_bss; 2256 associd = (ni != NULL) ? ni->ni_associd : 0; 2257 2258 /* map net80211 cipher to RT2860 security mode */ 2259 switch (cipher) { 2260 case IEEE80211_CIPHER_WEP: 2261 if(k->wk_keylen < 8) 2262 mode = RT2860_MODE_WEP40; 2263 else 2264 mode = RT2860_MODE_WEP104; 2265 break; 2266 case IEEE80211_CIPHER_TKIP: 2267 mode = RT2860_MODE_TKIP; 2268 break; 2269 case IEEE80211_CIPHER_AES_CCM: 2270 mode = RT2860_MODE_AES_CCMP; 2271 break; 2272 default: 2273 DPRINTF("undefined case\n"); 2274 return; 2275 } 2276 2277 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2278 associd, k->wk_keyix, mode, 2279 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2280 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2281 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2282 2283 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2284 wcid = 0; /* NB: update WCID0 for group keys */ 2285 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2286 } else { 2287 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2288 1 : RUN_AID2WCID(associd); 2289 base = RT2860_PKEY(wcid); 2290 } 2291 2292 if (cipher == IEEE80211_CIPHER_TKIP) { 2293 if(run_write_region_1(sc, base, k->wk_key, 16)) 2294 return; 2295 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2296 return; 2297 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2298 return; 2299 } else { 2300 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2301 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2302 return; 2303 } 2304 2305 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2306 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2307 /* set initial packet number in IV+EIV */ 2308 if (cipher == IEEE80211_CIPHER_WEP) { 2309 memset(iv, 0, sizeof iv); 2310 iv[3] = vap->iv_def_txkey << 6; 2311 } else { 2312 if (cipher == IEEE80211_CIPHER_TKIP) { 2313 iv[0] = k->wk_keytsc >> 8; 2314 iv[1] = (iv[0] | 0x20) & 0x7f; 2315 iv[2] = k->wk_keytsc; 2316 } else /* CCMP */ { 2317 iv[0] = k->wk_keytsc; 2318 iv[1] = k->wk_keytsc >> 8; 2319 iv[2] = 0; 2320 } 2321 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2322 iv[4] = k->wk_keytsc >> 16; 2323 iv[5] = k->wk_keytsc >> 24; 2324 iv[6] = k->wk_keytsc >> 32; 2325 iv[7] = k->wk_keytsc >> 40; 2326 } 2327 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2328 return; 2329 } 2330 2331 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2332 /* install group key */ 2333 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2334 return; 2335 attr &= ~(0xf << (k->wk_keyix * 4)); 2336 attr |= mode << (k->wk_keyix * 4); 2337 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2338 return; 2339 } else { 2340 /* install pairwise key */ 2341 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2342 return; 2343 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2344 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2345 return; 2346 } 2347 2348 /* TODO create a pass-thru key entry? */ 2349 2350 /* need wcid to delete the right key later */ 2351 k->wk_pad = wcid; 2352 } 2353 2354 /* 2355 * Don't have to be deferred, but in order to keep order of 2356 * execution, i.e. with run_key_delete(), defer this and let 2357 * run_cmdq_cb() maintain the order. 2358 * 2359 * return 0 on error 2360 */ 2361 static int 2362 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2363 { 2364 struct ieee80211com *ic = vap->iv_ic; 2365 struct run_softc *sc = ic->ic_softc; 2366 uint32_t i; 2367 2368 i = RUN_CMDQ_GET(&sc->cmdq_store); 2369 DPRINTF("cmdq_store=%d\n", i); 2370 sc->cmdq[i].func = run_key_set_cb; 2371 sc->cmdq[i].arg0 = NULL; 2372 sc->cmdq[i].arg1 = vap; 2373 sc->cmdq[i].k = k; 2374 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2375 ieee80211_runtask(ic, &sc->cmdq_task); 2376 2377 /* 2378 * To make sure key will be set when hostapd 2379 * calls iv_key_set() before if_init(). 2380 */ 2381 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2382 RUN_LOCK(sc); 2383 sc->cmdq_key_set = RUN_CMDQ_GO; 2384 RUN_UNLOCK(sc); 2385 } 2386 2387 return (1); 2388 } 2389 2390 /* 2391 * If wlan is destroyed without being brought down i.e. without 2392 * wlan down or wpa_cli terminate, this function is called after 2393 * vap is gone. Don't refer it. 2394 */ 2395 static void 2396 run_key_delete_cb(void *arg) 2397 { 2398 struct run_cmdq *cmdq = arg; 2399 struct run_softc *sc = cmdq->arg1; 2400 struct ieee80211_key *k = &cmdq->key; 2401 uint32_t attr; 2402 uint8_t wcid; 2403 2404 RUN_LOCK_ASSERT(sc, MA_OWNED); 2405 2406 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2407 /* remove group key */ 2408 DPRINTF("removing group key\n"); 2409 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2410 attr &= ~(0xf << (k->wk_keyix * 4)); 2411 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2412 } else { 2413 /* remove pairwise key */ 2414 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2415 /* matching wcid was written to wk_pad in run_key_set() */ 2416 wcid = k->wk_pad; 2417 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2418 attr &= ~0xf; 2419 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2420 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2421 } 2422 2423 k->wk_pad = 0; 2424 } 2425 2426 /* 2427 * return 0 on error 2428 */ 2429 static int 2430 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2431 { 2432 struct ieee80211com *ic = vap->iv_ic; 2433 struct run_softc *sc = ic->ic_softc; 2434 struct ieee80211_key *k0; 2435 uint32_t i; 2436 2437 /* 2438 * When called back, key might be gone. So, make a copy 2439 * of some values need to delete keys before deferring. 2440 * But, because of LOR with node lock, cannot use lock here. 2441 * So, use atomic instead. 2442 */ 2443 i = RUN_CMDQ_GET(&sc->cmdq_store); 2444 DPRINTF("cmdq_store=%d\n", i); 2445 sc->cmdq[i].func = run_key_delete_cb; 2446 sc->cmdq[i].arg0 = NULL; 2447 sc->cmdq[i].arg1 = sc; 2448 k0 = &sc->cmdq[i].key; 2449 k0->wk_flags = k->wk_flags; 2450 k0->wk_keyix = k->wk_keyix; 2451 /* matching wcid was written to wk_pad in run_key_set() */ 2452 k0->wk_pad = k->wk_pad; 2453 ieee80211_runtask(ic, &sc->cmdq_task); 2454 return (1); /* return fake success */ 2455 2456 } 2457 2458 static void 2459 run_ratectl_to(void *arg) 2460 { 2461 struct run_softc *sc = arg; 2462 2463 /* do it in a process context, so it can go sleep */ 2464 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2465 /* next timeout will be rescheduled in the callback task */ 2466 } 2467 2468 /* ARGSUSED */ 2469 static void 2470 run_ratectl_cb(void *arg, int pending) 2471 { 2472 struct run_softc *sc = arg; 2473 struct ieee80211com *ic = &sc->sc_ic; 2474 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2475 2476 if (vap == NULL) 2477 return; 2478 2479 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2480 /* 2481 * run_reset_livelock() doesn't do anything with AMRR, 2482 * but Ralink wants us to call it every 1 sec. So, we 2483 * piggyback here rather than creating another callout. 2484 * Livelock may occur only in HOSTAP or IBSS mode 2485 * (when h/w is sending beacons). 2486 */ 2487 RUN_LOCK(sc); 2488 run_reset_livelock(sc); 2489 /* just in case, there are some stats to drain */ 2490 run_drain_fifo(sc); 2491 RUN_UNLOCK(sc); 2492 } 2493 2494 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2495 2496 RUN_LOCK(sc); 2497 if(sc->ratectl_run != RUN_RATECTL_OFF) 2498 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2499 RUN_UNLOCK(sc); 2500 } 2501 2502 static void 2503 run_drain_fifo(void *arg) 2504 { 2505 struct run_softc *sc = arg; 2506 uint32_t stat; 2507 uint16_t (*wstat)[3]; 2508 uint8_t wcid, mcs, pid; 2509 int8_t retry; 2510 2511 RUN_LOCK_ASSERT(sc, MA_OWNED); 2512 2513 for (;;) { 2514 /* drain Tx status FIFO (maxsize = 16) */ 2515 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2516 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2517 if (!(stat & RT2860_TXQ_VLD)) 2518 break; 2519 2520 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2521 2522 /* if no ACK was requested, no feedback is available */ 2523 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2524 wcid == 0) 2525 continue; 2526 2527 /* 2528 * Even though each stat is Tx-complete-status like format, 2529 * the device can poll stats. Because there is no guarantee 2530 * that the referring node is still around when read the stats. 2531 * So that, if we use ieee80211_ratectl_tx_update(), we will 2532 * have hard time not to refer already freed node. 2533 * 2534 * To eliminate such page faults, we poll stats in softc. 2535 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2536 */ 2537 wstat = &(sc->wcid_stats[wcid]); 2538 (*wstat)[RUN_TXCNT]++; 2539 if (stat & RT2860_TXQ_OK) { 2540 (*wstat)[RUN_SUCCESS]++; 2541 } else { 2542 #if defined(__DragonFly__) 2543 ++sc->sc_ic.ic_oerrors; 2544 #else 2545 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2546 #endif 2547 } 2548 /* 2549 * Check if there were retries, ie if the Tx success rate is 2550 * different from the requested rate. Note that it works only 2551 * because we do not allow rate fallback from OFDM to CCK. 2552 */ 2553 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2554 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2555 if ((retry = pid -1 - mcs) > 0) { 2556 (*wstat)[RUN_TXCNT] += retry; 2557 (*wstat)[RUN_RETRY] += retry; 2558 } 2559 } 2560 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2561 2562 sc->fifo_cnt = 0; 2563 } 2564 2565 static void 2566 run_iter_func(void *arg, struct ieee80211_node *ni) 2567 { 2568 struct run_softc *sc = arg; 2569 struct ieee80211vap *vap = ni->ni_vap; 2570 struct run_node *rn = RUN_NODE(ni); 2571 union run_stats sta[2]; 2572 uint16_t (*wstat)[3]; 2573 int txcnt, success, retrycnt, error; 2574 2575 RUN_LOCK(sc); 2576 2577 /* Check for special case */ 2578 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2579 ni != vap->iv_bss) 2580 goto fail; 2581 2582 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2583 vap->iv_opmode == IEEE80211_M_STA)) { 2584 /* read statistic counters (clear on read) and update AMRR state */ 2585 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2586 sizeof sta); 2587 if (error != 0) 2588 goto fail; 2589 2590 /* count failed TX as errors */ 2591 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2592 le16toh(sta[0].error.fail)); 2593 2594 retrycnt = le16toh(sta[1].tx.retry); 2595 success = le16toh(sta[1].tx.success); 2596 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2597 2598 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2599 retrycnt, success, le16toh(sta[0].error.fail)); 2600 } else { 2601 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2602 2603 if (wstat == &(sc->wcid_stats[0]) || 2604 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2605 goto fail; 2606 2607 txcnt = (*wstat)[RUN_TXCNT]; 2608 success = (*wstat)[RUN_SUCCESS]; 2609 retrycnt = (*wstat)[RUN_RETRY]; 2610 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2611 retrycnt, txcnt, success); 2612 2613 memset(wstat, 0, sizeof(*wstat)); 2614 } 2615 2616 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2617 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2618 2619 fail: 2620 RUN_UNLOCK(sc); 2621 2622 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2623 } 2624 2625 static void 2626 run_newassoc_cb(void *arg) 2627 { 2628 struct run_cmdq *cmdq = arg; 2629 struct ieee80211_node *ni = cmdq->arg1; 2630 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2631 uint8_t wcid = cmdq->wcid; 2632 2633 RUN_LOCK_ASSERT(sc, MA_OWNED); 2634 2635 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2636 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2637 2638 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2639 } 2640 2641 static void 2642 run_newassoc(struct ieee80211_node *ni, int isnew) 2643 { 2644 struct run_node *rn = RUN_NODE(ni); 2645 struct ieee80211_rateset *rs = &ni->ni_rates; 2646 struct ieee80211vap *vap = ni->ni_vap; 2647 struct ieee80211com *ic = vap->iv_ic; 2648 struct run_softc *sc = ic->ic_softc; 2649 uint8_t rate; 2650 uint8_t ridx; 2651 uint8_t wcid; 2652 int i, j; 2653 2654 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2655 1 : RUN_AID2WCID(ni->ni_associd); 2656 2657 if (wcid > RT2870_WCID_MAX) { 2658 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2659 return; 2660 } 2661 2662 /* only interested in true associations */ 2663 if (isnew && ni->ni_associd != 0) { 2664 2665 /* 2666 * This function could is called though timeout function. 2667 * Need to defer. 2668 */ 2669 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2670 DPRINTF("cmdq_store=%d\n", cnt); 2671 sc->cmdq[cnt].func = run_newassoc_cb; 2672 sc->cmdq[cnt].arg0 = NULL; 2673 sc->cmdq[cnt].arg1 = ni; 2674 sc->cmdq[cnt].wcid = wcid; 2675 ieee80211_runtask(ic, &sc->cmdq_task); 2676 } 2677 2678 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2679 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2680 2681 for (i = 0; i < rs->rs_nrates; i++) { 2682 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2683 /* convert 802.11 rate to hardware rate index */ 2684 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2685 if (rt2860_rates[ridx].rate == rate) 2686 break; 2687 rn->ridx[i] = ridx; 2688 /* determine rate of control response frames */ 2689 for (j = i; j >= 0; j--) { 2690 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2691 rt2860_rates[rn->ridx[i]].phy == 2692 rt2860_rates[rn->ridx[j]].phy) 2693 break; 2694 } 2695 if (j >= 0) { 2696 rn->ctl_ridx[i] = rn->ridx[j]; 2697 } else { 2698 /* no basic rate found, use mandatory one */ 2699 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2700 } 2701 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2702 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2703 } 2704 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2705 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2706 if (rt2860_rates[ridx].rate == rate) 2707 break; 2708 rn->mgt_ridx = ridx; 2709 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2710 2711 RUN_LOCK(sc); 2712 if(sc->ratectl_run != RUN_RATECTL_OFF) 2713 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2714 RUN_UNLOCK(sc); 2715 } 2716 2717 /* 2718 * Return the Rx chain with the highest RSSI for a given frame. 2719 */ 2720 static __inline uint8_t 2721 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2722 { 2723 uint8_t rxchain = 0; 2724 2725 if (sc->nrxchains > 1) { 2726 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2727 rxchain = 1; 2728 if (sc->nrxchains > 2) 2729 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2730 rxchain = 2; 2731 } 2732 return (rxchain); 2733 } 2734 2735 static void 2736 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2737 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2738 { 2739 struct ieee80211vap *vap = ni->ni_vap; 2740 struct run_softc *sc = vap->iv_ic->ic_softc; 2741 struct run_vap *rvp = RUN_VAP(vap); 2742 uint64_t ni_tstamp, rx_tstamp; 2743 2744 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2745 2746 if (vap->iv_state == IEEE80211_S_RUN && 2747 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2748 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2749 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2750 RUN_LOCK(sc); 2751 run_get_tsf(sc, &rx_tstamp); 2752 RUN_UNLOCK(sc); 2753 rx_tstamp = le64toh(rx_tstamp); 2754 2755 if (ni_tstamp >= rx_tstamp) { 2756 DPRINTF("ibss merge, tsf %ju tstamp %ju\n", 2757 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2758 (void) ieee80211_ibss_merge(ni); 2759 } 2760 } 2761 } 2762 2763 static void 2764 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2765 { 2766 struct ieee80211com *ic = &sc->sc_ic; 2767 struct ieee80211_frame *wh; 2768 struct ieee80211_node *ni; 2769 struct rt2870_rxd *rxd; 2770 struct rt2860_rxwi *rxwi; 2771 uint32_t flags; 2772 uint16_t len, rxwisize; 2773 uint8_t ant, rssi; 2774 int8_t nf; 2775 2776 rxwi = mtod(m, struct rt2860_rxwi *); 2777 len = le16toh(rxwi->len) & 0xfff; 2778 rxwisize = sizeof(struct rt2860_rxwi); 2779 if (sc->mac_ver == 0x5592) 2780 rxwisize += sizeof(uint64_t); 2781 else if (sc->mac_ver == 0x3593) 2782 rxwisize += sizeof(uint32_t); 2783 if (__predict_false(len > dmalen)) { 2784 m_freem(m); 2785 #if defined(__DragonFly__) 2786 ++ic->ic_ierrors; 2787 #else 2788 counter_u64_add(ic->ic_ierrors, 1); 2789 #endif 2790 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2791 return; 2792 } 2793 /* Rx descriptor is located at the end */ 2794 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2795 flags = le32toh(rxd->flags); 2796 2797 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2798 m_freem(m); 2799 #if defined(__DragonFly__) 2800 ++ic->ic_ierrors; 2801 #else 2802 counter_u64_add(ic->ic_ierrors, 1); 2803 #endif 2804 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2805 return; 2806 } 2807 2808 m->m_data += rxwisize; 2809 m->m_pkthdr.len = m->m_len -= rxwisize; 2810 2811 wh = mtod(m, struct ieee80211_frame *); 2812 2813 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2814 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2815 m->m_flags |= M_WEP; 2816 } 2817 2818 if (flags & RT2860_RX_L2PAD) { 2819 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2820 len += 2; 2821 } 2822 2823 ni = ieee80211_find_rxnode(ic, 2824 mtod(m, struct ieee80211_frame_min *)); 2825 2826 if (__predict_false(flags & RT2860_RX_MICERR)) { 2827 /* report MIC failures to net80211 for TKIP */ 2828 if (ni != NULL) 2829 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2830 rxwi->keyidx); 2831 m_freem(m); 2832 #if defined(__DragonFly__) 2833 ++ic->ic_ierrors; 2834 #else 2835 counter_u64_add(ic->ic_ierrors, 1); 2836 #endif 2837 DPRINTF("MIC error. Someone is lying.\n"); 2838 return; 2839 } 2840 2841 ant = run_maxrssi_chain(sc, rxwi); 2842 rssi = rxwi->rssi[ant]; 2843 nf = run_rssi2dbm(sc, rssi, ant); 2844 2845 m->m_pkthdr.len = m->m_len = len; 2846 2847 if (__predict_false(ieee80211_radiotap_active(ic))) { 2848 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2849 uint16_t phy; 2850 2851 tap->wr_flags = 0; 2852 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2853 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2854 tap->wr_antsignal = rssi; 2855 tap->wr_antenna = ant; 2856 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2857 tap->wr_rate = 2; /* in case it can't be found below */ 2858 RUN_LOCK(sc); 2859 run_get_tsf(sc, &tap->wr_tsf); 2860 RUN_UNLOCK(sc); 2861 phy = le16toh(rxwi->phy); 2862 switch (phy & RT2860_PHY_MODE) { 2863 case RT2860_PHY_CCK: 2864 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2865 case 0: tap->wr_rate = 2; break; 2866 case 1: tap->wr_rate = 4; break; 2867 case 2: tap->wr_rate = 11; break; 2868 case 3: tap->wr_rate = 22; break; 2869 } 2870 if (phy & RT2860_PHY_SHPRE) 2871 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2872 break; 2873 case RT2860_PHY_OFDM: 2874 switch (phy & RT2860_PHY_MCS) { 2875 case 0: tap->wr_rate = 12; break; 2876 case 1: tap->wr_rate = 18; break; 2877 case 2: tap->wr_rate = 24; break; 2878 case 3: tap->wr_rate = 36; break; 2879 case 4: tap->wr_rate = 48; break; 2880 case 5: tap->wr_rate = 72; break; 2881 case 6: tap->wr_rate = 96; break; 2882 case 7: tap->wr_rate = 108; break; 2883 } 2884 break; 2885 } 2886 } 2887 2888 if (ni != NULL) { 2889 (void)ieee80211_input(ni, m, rssi, nf); 2890 ieee80211_free_node(ni); 2891 } else { 2892 (void)ieee80211_input_all(ic, m, rssi, nf); 2893 } 2894 } 2895 2896 static void 2897 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2898 { 2899 struct run_softc *sc = usbd_xfer_softc(xfer); 2900 struct ieee80211com *ic = &sc->sc_ic; 2901 struct mbuf *m = NULL; 2902 struct mbuf *m0; 2903 uint32_t dmalen; 2904 uint16_t rxwisize; 2905 int xferlen; 2906 2907 rxwisize = sizeof(struct rt2860_rxwi); 2908 if (sc->mac_ver == 0x5592) 2909 rxwisize += sizeof(uint64_t); 2910 else if (sc->mac_ver == 0x3593) 2911 rxwisize += sizeof(uint32_t); 2912 2913 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2914 2915 switch (USB_GET_STATE(xfer)) { 2916 case USB_ST_TRANSFERRED: 2917 2918 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2919 2920 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2921 sizeof(struct rt2870_rxd))) { 2922 DPRINTF("xfer too short %d\n", xferlen); 2923 goto tr_setup; 2924 } 2925 2926 m = sc->rx_m; 2927 sc->rx_m = NULL; 2928 2929 /* FALLTHROUGH */ 2930 case USB_ST_SETUP: 2931 tr_setup: 2932 if (sc->rx_m == NULL) { 2933 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2934 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2935 } 2936 if (sc->rx_m == NULL) { 2937 DPRINTF("could not allocate mbuf - idle with stall\n"); 2938 #if defined(__DragonFly__) 2939 ++ic->ic_ierrors; 2940 #else 2941 counter_u64_add(ic->ic_ierrors, 1); 2942 #endif 2943 usbd_xfer_set_stall(xfer); 2944 usbd_xfer_set_frames(xfer, 0); 2945 } else { 2946 /* 2947 * Directly loading a mbuf cluster into DMA to 2948 * save some data copying. This works because 2949 * there is only one cluster. 2950 */ 2951 usbd_xfer_set_frame_data(xfer, 0, 2952 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2953 usbd_xfer_set_frames(xfer, 1); 2954 } 2955 usbd_transfer_submit(xfer); 2956 break; 2957 2958 default: /* Error */ 2959 if (error != USB_ERR_CANCELLED) { 2960 /* try to clear stall first */ 2961 usbd_xfer_set_stall(xfer); 2962 if (error == USB_ERR_TIMEOUT) 2963 device_printf(sc->sc_dev, "device timeout\n"); 2964 #if defined(__DragonFly__) 2965 ++ic->ic_ierrors; 2966 #else 2967 counter_u64_add(ic->ic_ierrors, 1); 2968 #endif 2969 goto tr_setup; 2970 } 2971 if (sc->rx_m != NULL) { 2972 m_freem(sc->rx_m); 2973 sc->rx_m = NULL; 2974 } 2975 break; 2976 } 2977 2978 if (m == NULL) 2979 return; 2980 2981 /* inputting all the frames must be last */ 2982 2983 RUN_UNLOCK(sc); 2984 2985 m->m_pkthdr.len = m->m_len = xferlen; 2986 2987 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2988 for(;;) { 2989 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2990 2991 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2992 ((dmalen & 3) != 0)) { 2993 DPRINTF("bad DMA length %u\n", dmalen); 2994 break; 2995 } 2996 if ((dmalen + 8) > (uint32_t)xferlen) { 2997 DPRINTF("bad DMA length %u > %d\n", 2998 dmalen + 8, xferlen); 2999 break; 3000 } 3001 3002 /* If it is the last one or a single frame, we won't copy. */ 3003 if ((xferlen -= dmalen + 8) <= 8) { 3004 /* trim 32-bit DMA-len header */ 3005 m->m_data += 4; 3006 m->m_pkthdr.len = m->m_len -= 4; 3007 run_rx_frame(sc, m, dmalen); 3008 m = NULL; /* don't free source buffer */ 3009 break; 3010 } 3011 3012 /* copy aggregated frames to another mbuf */ 3013 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3014 if (__predict_false(m0 == NULL)) { 3015 DPRINTF("could not allocate mbuf\n"); 3016 #if defined(__DragonFly__) 3017 ++ic->ic_ierrors; 3018 #else 3019 counter_u64_add(ic->ic_ierrors, 1); 3020 #endif 3021 break; 3022 } 3023 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3024 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3025 m0->m_pkthdr.len = m0->m_len = 3026 dmalen + sizeof(struct rt2870_rxd); 3027 run_rx_frame(sc, m0, dmalen); 3028 3029 /* update data ptr */ 3030 m->m_data += dmalen + 8; 3031 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3032 } 3033 3034 /* make sure we free the source buffer, if any */ 3035 m_freem(m); 3036 3037 RUN_LOCK(sc); 3038 } 3039 3040 static void 3041 run_tx_free(struct run_endpoint_queue *pq, 3042 struct run_tx_data *data, int txerr) 3043 { 3044 3045 ieee80211_tx_complete(data->ni, data->m, txerr); 3046 3047 data->m = NULL; 3048 data->ni = NULL; 3049 3050 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3051 pq->tx_nfree++; 3052 } 3053 3054 static void 3055 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3056 { 3057 struct run_softc *sc = usbd_xfer_softc(xfer); 3058 struct ieee80211com *ic = &sc->sc_ic; 3059 struct run_tx_data *data; 3060 struct ieee80211vap *vap = NULL; 3061 struct usb_page_cache *pc; 3062 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3063 struct mbuf *m; 3064 usb_frlength_t size; 3065 int actlen; 3066 int sumlen; 3067 3068 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3069 3070 switch (USB_GET_STATE(xfer)) { 3071 case USB_ST_TRANSFERRED: 3072 DPRINTFN(11, "transfer complete: %d " 3073 "bytes @ index %d\n", actlen, index); 3074 3075 data = usbd_xfer_get_priv(xfer); 3076 run_tx_free(pq, data, 0); 3077 usbd_xfer_set_priv(xfer, NULL); 3078 3079 /* FALLTHROUGH */ 3080 case USB_ST_SETUP: 3081 tr_setup: 3082 data = STAILQ_FIRST(&pq->tx_qh); 3083 if (data == NULL) 3084 break; 3085 3086 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3087 3088 m = data->m; 3089 size = (sc->mac_ver == 0x5592) ? 3090 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3091 if ((m->m_pkthdr.len + 3092 size + 3 + 8) > RUN_MAX_TXSZ) { 3093 DPRINTF("data overflow, %u bytes\n", 3094 m->m_pkthdr.len); 3095 run_tx_free(pq, data, 1); 3096 goto tr_setup; 3097 } 3098 3099 pc = usbd_xfer_get_frame(xfer, 0); 3100 usbd_copy_in(pc, 0, &data->desc, size); 3101 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3102 size += m->m_pkthdr.len; 3103 /* 3104 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3105 * 4-byte padding), and be sure to zero those trailing 3106 * bytes: 3107 */ 3108 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3109 size += ((-size) & 3) + 8; 3110 3111 vap = data->ni->ni_vap; 3112 if (ieee80211_radiotap_active_vap(vap)) { 3113 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3114 struct rt2860_txwi *txwi = 3115 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3116 tap->wt_flags = 0; 3117 tap->wt_rate = rt2860_rates[data->ridx].rate; 3118 run_get_tsf(sc, &tap->wt_tsf); 3119 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3120 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3121 tap->wt_hwqueue = index; 3122 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3123 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3124 3125 ieee80211_radiotap_tx(vap, m); 3126 } 3127 3128 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3129 m->m_pkthdr.len, size, index); 3130 3131 usbd_xfer_set_frame_len(xfer, 0, size); 3132 usbd_xfer_set_priv(xfer, data); 3133 usbd_transfer_submit(xfer); 3134 run_start(sc); 3135 3136 break; 3137 3138 default: 3139 DPRINTF("USB transfer error, %s\n", 3140 usbd_errstr(error)); 3141 3142 data = usbd_xfer_get_priv(xfer); 3143 3144 if (data != NULL) { 3145 if(data->ni != NULL) 3146 vap = data->ni->ni_vap; 3147 run_tx_free(pq, data, error); 3148 usbd_xfer_set_priv(xfer, NULL); 3149 } 3150 3151 if (vap == NULL) 3152 vap = TAILQ_FIRST(&ic->ic_vaps); 3153 3154 if (error != USB_ERR_CANCELLED) { 3155 if (error == USB_ERR_TIMEOUT) { 3156 device_printf(sc->sc_dev, "device timeout\n"); 3157 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3158 DPRINTF("cmdq_store=%d\n", i); 3159 sc->cmdq[i].func = run_usb_timeout_cb; 3160 sc->cmdq[i].arg0 = vap; 3161 ieee80211_runtask(ic, &sc->cmdq_task); 3162 } 3163 3164 /* 3165 * Try to clear stall first, also if other 3166 * errors occur, hence clearing stall 3167 * introduces a 50 ms delay: 3168 */ 3169 usbd_xfer_set_stall(xfer); 3170 goto tr_setup; 3171 } 3172 break; 3173 } 3174 } 3175 3176 static void 3177 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3178 { 3179 run_bulk_tx_callbackN(xfer, error, 0); 3180 } 3181 3182 static void 3183 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3184 { 3185 run_bulk_tx_callbackN(xfer, error, 1); 3186 } 3187 3188 static void 3189 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3190 { 3191 run_bulk_tx_callbackN(xfer, error, 2); 3192 } 3193 3194 static void 3195 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3196 { 3197 run_bulk_tx_callbackN(xfer, error, 3); 3198 } 3199 3200 static void 3201 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3202 { 3203 run_bulk_tx_callbackN(xfer, error, 4); 3204 } 3205 3206 static void 3207 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3208 { 3209 run_bulk_tx_callbackN(xfer, error, 5); 3210 } 3211 3212 static void 3213 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3214 { 3215 struct mbuf *m = data->m; 3216 struct ieee80211com *ic = &sc->sc_ic; 3217 struct ieee80211vap *vap = data->ni->ni_vap; 3218 struct ieee80211_frame *wh; 3219 struct rt2870_txd *txd; 3220 struct rt2860_txwi *txwi; 3221 uint16_t xferlen, txwisize; 3222 uint16_t mcs; 3223 uint8_t ridx = data->ridx; 3224 uint8_t pad; 3225 3226 /* get MCS code from rate index */ 3227 mcs = rt2860_rates[ridx].mcs; 3228 3229 txwisize = (sc->mac_ver == 0x5592) ? 3230 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3231 xferlen = txwisize + m->m_pkthdr.len; 3232 3233 /* roundup to 32-bit alignment */ 3234 xferlen = (xferlen + 3) & ~3; 3235 3236 txd = (struct rt2870_txd *)&data->desc; 3237 txd->len = htole16(xferlen); 3238 3239 wh = mtod(m, struct ieee80211_frame *); 3240 3241 /* 3242 * Ether both are true or both are false, the header 3243 * are nicely aligned to 32-bit. So, no L2 padding. 3244 */ 3245 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3246 pad = 0; 3247 else 3248 pad = 2; 3249 3250 /* setup TX Wireless Information */ 3251 txwi = (struct rt2860_txwi *)(txd + 1); 3252 txwi->len = htole16(m->m_pkthdr.len - pad); 3253 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3254 mcs |= RT2860_PHY_CCK; 3255 if (ridx != RT2860_RIDX_CCK1 && 3256 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3257 mcs |= RT2860_PHY_SHPRE; 3258 } else 3259 mcs |= RT2860_PHY_OFDM; 3260 txwi->phy = htole16(mcs); 3261 3262 /* check if RTS/CTS or CTS-to-self protection is required */ 3263 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3264 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3265 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3266 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3267 txwi->txop |= RT2860_TX_TXOP_HT; 3268 else 3269 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3270 3271 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3272 txwi->xflags |= RT2860_TX_NSEQ; 3273 } 3274 3275 /* This function must be called locked */ 3276 static int 3277 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3278 { 3279 struct ieee80211com *ic = &sc->sc_ic; 3280 struct ieee80211vap *vap = ni->ni_vap; 3281 struct ieee80211_frame *wh; 3282 struct ieee80211_channel *chan; 3283 const struct ieee80211_txparam *tp; 3284 struct run_node *rn = RUN_NODE(ni); 3285 struct run_tx_data *data; 3286 struct rt2870_txd *txd; 3287 struct rt2860_txwi *txwi; 3288 uint16_t qos; 3289 uint16_t dur; 3290 uint16_t qid; 3291 uint8_t type; 3292 uint8_t tid; 3293 uint8_t ridx; 3294 uint8_t ctl_ridx; 3295 uint8_t qflags; 3296 uint8_t xflags = 0; 3297 int hasqos; 3298 3299 RUN_LOCK_ASSERT(sc, MA_OWNED); 3300 3301 wh = mtod(m, struct ieee80211_frame *); 3302 3303 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3304 3305 /* 3306 * There are 7 bulk endpoints: 1 for RX 3307 * and 6 for TX (4 EDCAs + HCCA + Prio). 3308 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3309 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3310 */ 3311 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3312 uint8_t *frm; 3313 3314 if(IEEE80211_HAS_ADDR4(wh)) 3315 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3316 else 3317 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3318 3319 qos = le16toh(*(const uint16_t *)frm); 3320 tid = qos & IEEE80211_QOS_TID; 3321 qid = TID_TO_WME_AC(tid); 3322 } else { 3323 qos = 0; 3324 tid = 0; 3325 qid = WME_AC_BE; 3326 } 3327 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3328 3329 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3330 qos, qid, tid, qflags); 3331 3332 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3333 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3334 3335 /* pickup a rate index */ 3336 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3337 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3338 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3339 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3340 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3341 } else { 3342 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3343 ridx = rn->fix_ridx; 3344 else 3345 ridx = rn->amrr_ridx; 3346 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3347 } 3348 3349 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3350 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3351 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3352 xflags |= RT2860_TX_ACK; 3353 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3354 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3355 else 3356 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3357 USETW(wh->i_dur, dur); 3358 } 3359 3360 /* reserve slots for mgmt packets, just in case */ 3361 if (sc->sc_epq[qid].tx_nfree < 3) { 3362 DPRINTFN(10, "tx ring %d is full\n", qid); 3363 return (-1); 3364 } 3365 3366 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3367 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3368 sc->sc_epq[qid].tx_nfree--; 3369 3370 txd = (struct rt2870_txd *)&data->desc; 3371 txd->flags = qflags; 3372 txwi = (struct rt2860_txwi *)(txd + 1); 3373 txwi->xflags = xflags; 3374 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3375 txwi->wcid = 0; 3376 else 3377 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3378 1 : RUN_AID2WCID(ni->ni_associd); 3379 3380 /* clear leftover garbage bits */ 3381 txwi->flags = 0; 3382 txwi->txop = 0; 3383 3384 data->m = m; 3385 data->ni = ni; 3386 data->ridx = ridx; 3387 3388 run_set_tx_desc(sc, data); 3389 3390 /* 3391 * The chip keeps track of 2 kind of Tx stats, 3392 * * TX_STAT_FIFO, for per WCID stats, and 3393 * * TX_STA_CNT0 for all-TX-in-one stats. 3394 * 3395 * To use FIFO stats, we need to store MCS into the driver-private 3396 * PacketID field. So that, we can tell whose stats when we read them. 3397 * We add 1 to the MCS because setting the PacketID field to 0 means 3398 * that we don't want feedback in TX_STAT_FIFO. 3399 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3400 * 3401 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3402 */ 3403 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3404 vap->iv_opmode == IEEE80211_M_MBSS) { 3405 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3406 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3407 3408 /* 3409 * Unlike PCI based devices, we don't get any interrupt from 3410 * USB devices, so we simulate FIFO-is-full interrupt here. 3411 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3412 * quickly get fulled. To prevent overflow, increment a counter on 3413 * every FIFO stat request, so we know how many slots are left. 3414 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3415 * are used only in those modes. 3416 * We just drain stats. AMRR gets updated every 1 sec by 3417 * run_ratectl_cb() via callout. 3418 * Call it early. Otherwise overflow. 3419 */ 3420 if (sc->fifo_cnt++ == 10) { 3421 /* 3422 * With multiple vaps or if_bridge, if_start() is called 3423 * with a non-sleepable lock, tcpinp. So, need to defer. 3424 */ 3425 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3426 DPRINTFN(6, "cmdq_store=%d\n", i); 3427 sc->cmdq[i].func = run_drain_fifo; 3428 sc->cmdq[i].arg0 = sc; 3429 ieee80211_runtask(ic, &sc->cmdq_task); 3430 } 3431 } 3432 3433 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3434 3435 usbd_transfer_start(sc->sc_xfer[qid]); 3436 3437 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3438 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3439 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3440 3441 return (0); 3442 } 3443 3444 static int 3445 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3446 { 3447 struct ieee80211com *ic = &sc->sc_ic; 3448 struct run_node *rn = RUN_NODE(ni); 3449 struct run_tx_data *data; 3450 struct ieee80211_frame *wh; 3451 struct rt2870_txd *txd; 3452 struct rt2860_txwi *txwi; 3453 uint16_t dur; 3454 uint8_t ridx = rn->mgt_ridx; 3455 uint8_t type; 3456 uint8_t xflags = 0; 3457 uint8_t wflags = 0; 3458 3459 RUN_LOCK_ASSERT(sc, MA_OWNED); 3460 3461 wh = mtod(m, struct ieee80211_frame *); 3462 3463 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3464 3465 /* tell hardware to add timestamp for probe responses */ 3466 if ((wh->i_fc[0] & 3467 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3468 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3469 wflags |= RT2860_TX_TS; 3470 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3471 xflags |= RT2860_TX_ACK; 3472 3473 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3474 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3475 USETW(wh->i_dur, dur); 3476 } 3477 3478 if (sc->sc_epq[0].tx_nfree == 0) 3479 /* let caller free mbuf */ 3480 return (EIO); 3481 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3482 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3483 sc->sc_epq[0].tx_nfree--; 3484 3485 txd = (struct rt2870_txd *)&data->desc; 3486 txd->flags = RT2860_TX_QSEL_EDCA; 3487 txwi = (struct rt2860_txwi *)(txd + 1); 3488 txwi->wcid = 0xff; 3489 txwi->flags = wflags; 3490 txwi->xflags = xflags; 3491 txwi->txop = 0; /* clear leftover garbage bits */ 3492 3493 data->m = m; 3494 data->ni = ni; 3495 data->ridx = ridx; 3496 3497 run_set_tx_desc(sc, data); 3498 3499 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3500 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3501 rt2860_rates[ridx].rate); 3502 3503 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3504 3505 usbd_transfer_start(sc->sc_xfer[0]); 3506 3507 return (0); 3508 } 3509 3510 static int 3511 run_sendprot(struct run_softc *sc, 3512 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3513 { 3514 struct ieee80211com *ic = ni->ni_ic; 3515 struct ieee80211_frame *wh; 3516 struct run_tx_data *data; 3517 struct rt2870_txd *txd; 3518 struct rt2860_txwi *txwi; 3519 struct mbuf *mprot; 3520 int ridx; 3521 int protrate; 3522 int ackrate; 3523 int pktlen; 3524 int isshort; 3525 uint16_t dur; 3526 uint8_t type; 3527 uint8_t wflags = 0; 3528 uint8_t xflags = 0; 3529 3530 RUN_LOCK_ASSERT(sc, MA_OWNED); 3531 3532 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3533 ("protection %d", prot)); 3534 3535 wh = mtod(m, struct ieee80211_frame *); 3536 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3537 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3538 3539 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3540 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3541 3542 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3543 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3544 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3545 wflags = RT2860_TX_FRAG; 3546 3547 /* check that there are free slots before allocating the mbuf */ 3548 if (sc->sc_epq[0].tx_nfree == 0) 3549 /* let caller free mbuf */ 3550 return (ENOBUFS); 3551 3552 if (prot == IEEE80211_PROT_RTSCTS) { 3553 /* NB: CTS is the same size as an ACK */ 3554 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3555 xflags |= RT2860_TX_ACK; 3556 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3557 } else { 3558 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3559 } 3560 if (mprot == NULL) { 3561 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3562 DPRINTF("could not allocate mbuf\n"); 3563 return (ENOBUFS); 3564 } 3565 3566 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3567 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3568 sc->sc_epq[0].tx_nfree--; 3569 3570 txd = (struct rt2870_txd *)&data->desc; 3571 txd->flags = RT2860_TX_QSEL_EDCA; 3572 txwi = (struct rt2860_txwi *)(txd + 1); 3573 txwi->wcid = 0xff; 3574 txwi->flags = wflags; 3575 txwi->xflags = xflags; 3576 txwi->txop = 0; /* clear leftover garbage bits */ 3577 3578 data->m = mprot; 3579 data->ni = ieee80211_ref_node(ni); 3580 3581 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3582 if (rt2860_rates[ridx].rate == protrate) 3583 break; 3584 data->ridx = ridx; 3585 3586 run_set_tx_desc(sc, data); 3587 3588 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3589 m->m_pkthdr.len, rate); 3590 3591 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3592 3593 usbd_transfer_start(sc->sc_xfer[0]); 3594 3595 return (0); 3596 } 3597 3598 static int 3599 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3600 const struct ieee80211_bpf_params *params) 3601 { 3602 struct ieee80211com *ic = ni->ni_ic; 3603 struct ieee80211_frame *wh; 3604 struct run_tx_data *data; 3605 struct rt2870_txd *txd; 3606 struct rt2860_txwi *txwi; 3607 uint8_t type; 3608 uint8_t ridx; 3609 uint8_t rate; 3610 uint8_t opflags = 0; 3611 uint8_t xflags = 0; 3612 int error; 3613 3614 RUN_LOCK_ASSERT(sc, MA_OWNED); 3615 3616 KASSERT(params != NULL, ("no raw xmit params")); 3617 3618 wh = mtod(m, struct ieee80211_frame *); 3619 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3620 3621 rate = params->ibp_rate0; 3622 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3623 /* let caller free mbuf */ 3624 return (EINVAL); 3625 } 3626 3627 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3628 xflags |= RT2860_TX_ACK; 3629 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3630 error = run_sendprot(sc, m, ni, 3631 params->ibp_flags & IEEE80211_BPF_RTS ? 3632 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3633 rate); 3634 if (error) { 3635 /* let caller free mbuf */ 3636 return error; 3637 } 3638 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3639 } 3640 3641 if (sc->sc_epq[0].tx_nfree == 0) { 3642 /* let caller free mbuf */ 3643 DPRINTF("sending raw frame, but tx ring is full\n"); 3644 return (EIO); 3645 } 3646 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3647 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3648 sc->sc_epq[0].tx_nfree--; 3649 3650 txd = (struct rt2870_txd *)&data->desc; 3651 txd->flags = RT2860_TX_QSEL_EDCA; 3652 txwi = (struct rt2860_txwi *)(txd + 1); 3653 txwi->wcid = 0xff; 3654 txwi->xflags = xflags; 3655 txwi->txop = opflags; 3656 txwi->flags = 0; /* clear leftover garbage bits */ 3657 3658 data->m = m; 3659 data->ni = ni; 3660 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3661 if (rt2860_rates[ridx].rate == rate) 3662 break; 3663 data->ridx = ridx; 3664 3665 run_set_tx_desc(sc, data); 3666 3667 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3668 m->m_pkthdr.len, rate); 3669 3670 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3671 3672 usbd_transfer_start(sc->sc_xfer[0]); 3673 3674 return (0); 3675 } 3676 3677 static int 3678 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3679 const struct ieee80211_bpf_params *params) 3680 { 3681 struct run_softc *sc = ni->ni_ic->ic_softc; 3682 int error = 0; 3683 3684 RUN_LOCK(sc); 3685 3686 /* prevent management frames from being sent if we're not ready */ 3687 if (!(sc->sc_flags & RUN_RUNNING)) { 3688 error = ENETDOWN; 3689 goto done; 3690 } 3691 3692 if (params == NULL) { 3693 /* tx mgt packet */ 3694 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3695 DPRINTF("mgt tx failed\n"); 3696 goto done; 3697 } 3698 } else { 3699 /* tx raw packet with param */ 3700 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3701 DPRINTF("tx with param failed\n"); 3702 goto done; 3703 } 3704 } 3705 3706 done: 3707 RUN_UNLOCK(sc); 3708 3709 if (error != 0) { 3710 if(m != NULL) 3711 m_freem(m); 3712 } 3713 3714 return (error); 3715 } 3716 3717 static int 3718 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3719 { 3720 struct run_softc *sc = ic->ic_softc; 3721 int error; 3722 3723 RUN_LOCK(sc); 3724 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3725 RUN_UNLOCK(sc); 3726 return (ENXIO); 3727 } 3728 error = mbufq_enqueue(&sc->sc_snd, m); 3729 if (error) { 3730 RUN_UNLOCK(sc); 3731 return (error); 3732 } 3733 run_start(sc); 3734 RUN_UNLOCK(sc); 3735 3736 return (0); 3737 } 3738 3739 static void 3740 run_start(struct run_softc *sc) 3741 { 3742 struct ieee80211_node *ni; 3743 struct mbuf *m; 3744 3745 RUN_LOCK_ASSERT(sc, MA_OWNED); 3746 3747 if ((sc->sc_flags & RUN_RUNNING) == 0) 3748 return; 3749 3750 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3751 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3752 if (run_tx(sc, m, ni) != 0) { 3753 mbufq_prepend(&sc->sc_snd, m); 3754 break; 3755 } 3756 } 3757 } 3758 3759 static void 3760 run_parent(struct ieee80211com *ic) 3761 { 3762 struct run_softc *sc = ic->ic_softc; 3763 int startall = 0; 3764 3765 RUN_LOCK(sc); 3766 if (sc->sc_detached) { 3767 RUN_UNLOCK(sc); 3768 return; 3769 } 3770 3771 if (ic->ic_nrunning > 0) { 3772 if (!(sc->sc_flags & RUN_RUNNING)) { 3773 startall = 1; 3774 run_init_locked(sc); 3775 } else 3776 run_update_promisc_locked(sc); 3777 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3778 run_stop(sc); 3779 RUN_UNLOCK(sc); 3780 if (startall) 3781 ieee80211_start_all(ic); 3782 } 3783 3784 static void 3785 run_iq_calib(struct run_softc *sc, u_int chan) 3786 { 3787 uint16_t val; 3788 3789 /* Tx0 IQ gain. */ 3790 run_bbp_write(sc, 158, 0x2c); 3791 if (chan <= 14) 3792 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3793 else if (chan <= 64) { 3794 run_efuse_read(sc, 3795 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3796 &val, 1); 3797 } else if (chan <= 138) { 3798 run_efuse_read(sc, 3799 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3800 &val, 1); 3801 } else if (chan <= 165) { 3802 run_efuse_read(sc, 3803 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3804 &val, 1); 3805 } else 3806 val = 0; 3807 run_bbp_write(sc, 159, val); 3808 3809 /* Tx0 IQ phase. */ 3810 run_bbp_write(sc, 158, 0x2d); 3811 if (chan <= 14) { 3812 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3813 &val, 1); 3814 } else if (chan <= 64) { 3815 run_efuse_read(sc, 3816 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3817 &val, 1); 3818 } else if (chan <= 138) { 3819 run_efuse_read(sc, 3820 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3821 &val, 1); 3822 } else if (chan <= 165) { 3823 run_efuse_read(sc, 3824 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3825 &val, 1); 3826 } else 3827 val = 0; 3828 run_bbp_write(sc, 159, val); 3829 3830 /* Tx1 IQ gain. */ 3831 run_bbp_write(sc, 158, 0x4a); 3832 if (chan <= 14) { 3833 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3834 &val, 1); 3835 } else if (chan <= 64) { 3836 run_efuse_read(sc, 3837 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3838 &val, 1); 3839 } else if (chan <= 138) { 3840 run_efuse_read(sc, 3841 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3842 &val, 1); 3843 } else if (chan <= 165) { 3844 run_efuse_read(sc, 3845 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3846 &val, 1); 3847 } else 3848 val = 0; 3849 run_bbp_write(sc, 159, val); 3850 3851 /* Tx1 IQ phase. */ 3852 run_bbp_write(sc, 158, 0x4b); 3853 if (chan <= 14) { 3854 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3855 &val, 1); 3856 } else if (chan <= 64) { 3857 run_efuse_read(sc, 3858 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3859 &val, 1); 3860 } else if (chan <= 138) { 3861 run_efuse_read(sc, 3862 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3863 &val, 1); 3864 } else if (chan <= 165) { 3865 run_efuse_read(sc, 3866 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3867 &val, 1); 3868 } else 3869 val = 0; 3870 run_bbp_write(sc, 159, val); 3871 3872 /* RF IQ compensation control. */ 3873 run_bbp_write(sc, 158, 0x04); 3874 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3875 &val, 1); 3876 run_bbp_write(sc, 159, val); 3877 3878 /* RF IQ imbalance compensation control. */ 3879 run_bbp_write(sc, 158, 0x03); 3880 run_efuse_read(sc, 3881 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3882 run_bbp_write(sc, 159, val); 3883 } 3884 3885 static void 3886 run_set_agc(struct run_softc *sc, uint8_t agc) 3887 { 3888 uint8_t bbp; 3889 3890 if (sc->mac_ver == 0x3572) { 3891 run_bbp_read(sc, 27, &bbp); 3892 bbp &= ~(0x3 << 5); 3893 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3894 run_bbp_write(sc, 66, agc); 3895 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3896 run_bbp_write(sc, 66, agc); 3897 } else 3898 run_bbp_write(sc, 66, agc); 3899 } 3900 3901 static void 3902 run_select_chan_group(struct run_softc *sc, int group) 3903 { 3904 uint32_t tmp; 3905 uint8_t agc; 3906 3907 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3908 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3909 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3910 if (sc->mac_ver < 0x3572) 3911 run_bbp_write(sc, 86, 0x00); 3912 3913 if (sc->mac_ver == 0x3593) { 3914 run_bbp_write(sc, 77, 0x98); 3915 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3916 } 3917 3918 if (group == 0) { 3919 if (sc->ext_2ghz_lna) { 3920 if (sc->mac_ver >= 0x5390) 3921 run_bbp_write(sc, 75, 0x52); 3922 else { 3923 run_bbp_write(sc, 82, 0x62); 3924 run_bbp_write(sc, 75, 0x46); 3925 } 3926 } else { 3927 if (sc->mac_ver == 0x5592) { 3928 run_bbp_write(sc, 79, 0x1c); 3929 run_bbp_write(sc, 80, 0x0e); 3930 run_bbp_write(sc, 81, 0x3a); 3931 run_bbp_write(sc, 82, 0x62); 3932 3933 run_bbp_write(sc, 195, 0x80); 3934 run_bbp_write(sc, 196, 0xe0); 3935 run_bbp_write(sc, 195, 0x81); 3936 run_bbp_write(sc, 196, 0x1f); 3937 run_bbp_write(sc, 195, 0x82); 3938 run_bbp_write(sc, 196, 0x38); 3939 run_bbp_write(sc, 195, 0x83); 3940 run_bbp_write(sc, 196, 0x32); 3941 run_bbp_write(sc, 195, 0x85); 3942 run_bbp_write(sc, 196, 0x28); 3943 run_bbp_write(sc, 195, 0x86); 3944 run_bbp_write(sc, 196, 0x19); 3945 } else if (sc->mac_ver >= 0x5390) 3946 run_bbp_write(sc, 75, 0x50); 3947 else { 3948 run_bbp_write(sc, 82, 3949 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3950 run_bbp_write(sc, 75, 0x50); 3951 } 3952 } 3953 } else { 3954 if (sc->mac_ver == 0x5592) { 3955 run_bbp_write(sc, 79, 0x18); 3956 run_bbp_write(sc, 80, 0x08); 3957 run_bbp_write(sc, 81, 0x38); 3958 run_bbp_write(sc, 82, 0x92); 3959 3960 run_bbp_write(sc, 195, 0x80); 3961 run_bbp_write(sc, 196, 0xf0); 3962 run_bbp_write(sc, 195, 0x81); 3963 run_bbp_write(sc, 196, 0x1e); 3964 run_bbp_write(sc, 195, 0x82); 3965 run_bbp_write(sc, 196, 0x28); 3966 run_bbp_write(sc, 195, 0x83); 3967 run_bbp_write(sc, 196, 0x20); 3968 run_bbp_write(sc, 195, 0x85); 3969 run_bbp_write(sc, 196, 0x7f); 3970 run_bbp_write(sc, 195, 0x86); 3971 run_bbp_write(sc, 196, 0x7f); 3972 } else if (sc->mac_ver == 0x3572) 3973 run_bbp_write(sc, 82, 0x94); 3974 else 3975 run_bbp_write(sc, 82, 3976 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3977 if (sc->ext_5ghz_lna) 3978 run_bbp_write(sc, 75, 0x46); 3979 else 3980 run_bbp_write(sc, 75, 0x50); 3981 } 3982 3983 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3984 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3985 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3986 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3987 3988 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3989 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3990 if (sc->mac_ver == 0x3593) 3991 tmp |= 1 << 29 | 1 << 28; 3992 if (sc->nrxchains > 1) 3993 tmp |= RT2860_LNA_PE1_EN; 3994 if (group == 0) { /* 2GHz */ 3995 tmp |= RT2860_PA_PE_G0_EN; 3996 if (sc->ntxchains > 1) 3997 tmp |= RT2860_PA_PE_G1_EN; 3998 if (sc->mac_ver == 0x3593) { 3999 if (sc->ntxchains > 2) 4000 tmp |= 1 << 25; 4001 } 4002 } else { /* 5GHz */ 4003 tmp |= RT2860_PA_PE_A0_EN; 4004 if (sc->ntxchains > 1) 4005 tmp |= RT2860_PA_PE_A1_EN; 4006 } 4007 if (sc->mac_ver == 0x3572) { 4008 run_rt3070_rf_write(sc, 8, 0x00); 4009 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4010 run_rt3070_rf_write(sc, 8, 0x80); 4011 } else 4012 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4013 4014 if (sc->mac_ver == 0x5592) { 4015 run_bbp_write(sc, 195, 0x8d); 4016 run_bbp_write(sc, 196, 0x1a); 4017 } 4018 4019 if (sc->mac_ver == 0x3593) { 4020 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4021 tmp &= ~0x01010000; 4022 if (group == 0) 4023 tmp |= 0x00010000; 4024 tmp = (tmp & ~0x00009090) | 0x00000090; 4025 run_write(sc, RT2860_GPIO_CTRL, tmp); 4026 } 4027 4028 /* set initial AGC value */ 4029 if (group == 0) { /* 2GHz band */ 4030 if (sc->mac_ver >= 0x3070) 4031 agc = 0x1c + sc->lna[0] * 2; 4032 else 4033 agc = 0x2e + sc->lna[0]; 4034 } else { /* 5GHz band */ 4035 if (sc->mac_ver == 0x5592) 4036 agc = 0x24 + sc->lna[group] * 2; 4037 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4038 agc = 0x22 + (sc->lna[group] * 5) / 3; 4039 else 4040 agc = 0x32 + (sc->lna[group] * 5) / 3; 4041 } 4042 run_set_agc(sc, agc); 4043 } 4044 4045 static void 4046 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4047 { 4048 const struct rfprog *rfprog = rt2860_rf2850; 4049 uint32_t r2, r3, r4; 4050 int8_t txpow1, txpow2; 4051 int i; 4052 4053 /* find the settings for this channel (we know it exists) */ 4054 for (i = 0; rfprog[i].chan != chan; i++); 4055 4056 r2 = rfprog[i].r2; 4057 if (sc->ntxchains == 1) 4058 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4059 if (sc->nrxchains == 1) 4060 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4061 else if (sc->nrxchains == 2) 4062 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4063 4064 /* use Tx power values from EEPROM */ 4065 txpow1 = sc->txpow1[i]; 4066 txpow2 = sc->txpow2[i]; 4067 4068 /* Initialize RF R3 and R4. */ 4069 r3 = rfprog[i].r3 & 0xffffc1ff; 4070 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4071 if (chan > 14) { 4072 if (txpow1 >= 0) { 4073 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4074 r3 |= (txpow1 << 10) | (1 << 9); 4075 } else { 4076 txpow1 += 7; 4077 4078 /* txpow1 is not possible larger than 15. */ 4079 r3 |= (txpow1 << 10); 4080 } 4081 if (txpow2 >= 0) { 4082 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4083 r4 |= (txpow2 << 7) | (1 << 6); 4084 } else { 4085 txpow2 += 7; 4086 r4 |= (txpow2 << 7); 4087 } 4088 } else { 4089 /* Set Tx0 power. */ 4090 r3 |= (txpow1 << 9); 4091 4092 /* Set frequency offset and Tx1 power. */ 4093 r4 |= (txpow2 << 6); 4094 } 4095 4096 run_rt2870_rf_write(sc, rfprog[i].r1); 4097 run_rt2870_rf_write(sc, r2); 4098 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4099 run_rt2870_rf_write(sc, r4); 4100 4101 run_delay(sc, 10); 4102 4103 run_rt2870_rf_write(sc, rfprog[i].r1); 4104 run_rt2870_rf_write(sc, r2); 4105 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4106 run_rt2870_rf_write(sc, r4); 4107 4108 run_delay(sc, 10); 4109 4110 run_rt2870_rf_write(sc, rfprog[i].r1); 4111 run_rt2870_rf_write(sc, r2); 4112 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4113 run_rt2870_rf_write(sc, r4); 4114 } 4115 4116 static void 4117 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4118 { 4119 int8_t txpow1, txpow2; 4120 uint8_t rf; 4121 int i; 4122 4123 /* find the settings for this channel (we know it exists) */ 4124 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4125 4126 /* use Tx power values from EEPROM */ 4127 txpow1 = sc->txpow1[i]; 4128 txpow2 = sc->txpow2[i]; 4129 4130 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4131 4132 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4133 run_rt3070_rf_read(sc, 3, &rf); 4134 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4135 run_rt3070_rf_write(sc, 3, rf); 4136 4137 run_rt3070_rf_read(sc, 6, &rf); 4138 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4139 run_rt3070_rf_write(sc, 6, rf); 4140 4141 /* set Tx0 power */ 4142 run_rt3070_rf_read(sc, 12, &rf); 4143 rf = (rf & ~0x1f) | txpow1; 4144 run_rt3070_rf_write(sc, 12, rf); 4145 4146 /* set Tx1 power */ 4147 run_rt3070_rf_read(sc, 13, &rf); 4148 rf = (rf & ~0x1f) | txpow2; 4149 run_rt3070_rf_write(sc, 13, rf); 4150 4151 run_rt3070_rf_read(sc, 1, &rf); 4152 rf &= ~0xfc; 4153 if (sc->ntxchains == 1) 4154 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4155 else if (sc->ntxchains == 2) 4156 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4157 if (sc->nrxchains == 1) 4158 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4159 else if (sc->nrxchains == 2) 4160 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4161 run_rt3070_rf_write(sc, 1, rf); 4162 4163 /* set RF offset */ 4164 run_rt3070_rf_read(sc, 23, &rf); 4165 rf = (rf & ~0x7f) | sc->freq; 4166 run_rt3070_rf_write(sc, 23, rf); 4167 4168 /* program RF filter */ 4169 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4170 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4171 run_rt3070_rf_write(sc, 24, rf); 4172 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4173 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4174 run_rt3070_rf_write(sc, 31, rf); 4175 4176 /* enable RF tuning */ 4177 run_rt3070_rf_read(sc, 7, &rf); 4178 run_rt3070_rf_write(sc, 7, rf | 0x01); 4179 } 4180 4181 static void 4182 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4183 { 4184 int8_t txpow1, txpow2; 4185 uint32_t tmp; 4186 uint8_t rf; 4187 int i; 4188 4189 /* find the settings for this channel (we know it exists) */ 4190 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4191 4192 /* use Tx power values from EEPROM */ 4193 txpow1 = sc->txpow1[i]; 4194 txpow2 = sc->txpow2[i]; 4195 4196 if (chan <= 14) { 4197 run_bbp_write(sc, 25, sc->bbp25); 4198 run_bbp_write(sc, 26, sc->bbp26); 4199 } else { 4200 /* enable IQ phase correction */ 4201 run_bbp_write(sc, 25, 0x09); 4202 run_bbp_write(sc, 26, 0xff); 4203 } 4204 4205 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4206 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4207 run_rt3070_rf_read(sc, 6, &rf); 4208 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4209 rf |= (chan <= 14) ? 0x08 : 0x04; 4210 run_rt3070_rf_write(sc, 6, rf); 4211 4212 /* set PLL mode */ 4213 run_rt3070_rf_read(sc, 5, &rf); 4214 rf &= ~(0x08 | 0x04); 4215 rf |= (chan <= 14) ? 0x04 : 0x08; 4216 run_rt3070_rf_write(sc, 5, rf); 4217 4218 /* set Tx power for chain 0 */ 4219 if (chan <= 14) 4220 rf = 0x60 | txpow1; 4221 else 4222 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4223 run_rt3070_rf_write(sc, 12, rf); 4224 4225 /* set Tx power for chain 1 */ 4226 if (chan <= 14) 4227 rf = 0x60 | txpow2; 4228 else 4229 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4230 run_rt3070_rf_write(sc, 13, rf); 4231 4232 /* set Tx/Rx streams */ 4233 run_rt3070_rf_read(sc, 1, &rf); 4234 rf &= ~0xfc; 4235 if (sc->ntxchains == 1) 4236 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4237 else if (sc->ntxchains == 2) 4238 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4239 if (sc->nrxchains == 1) 4240 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4241 else if (sc->nrxchains == 2) 4242 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4243 run_rt3070_rf_write(sc, 1, rf); 4244 4245 /* set RF offset */ 4246 run_rt3070_rf_read(sc, 23, &rf); 4247 rf = (rf & ~0x7f) | sc->freq; 4248 run_rt3070_rf_write(sc, 23, rf); 4249 4250 /* program RF filter */ 4251 rf = sc->rf24_20mhz; 4252 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4253 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4254 4255 /* enable RF tuning */ 4256 run_rt3070_rf_read(sc, 7, &rf); 4257 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4258 run_rt3070_rf_write(sc, 7, rf); 4259 4260 /* TSSI */ 4261 rf = (chan <= 14) ? 0xc3 : 0xc0; 4262 run_rt3070_rf_write(sc, 9, rf); 4263 4264 /* set loop filter 1 */ 4265 run_rt3070_rf_write(sc, 10, 0xf1); 4266 /* set loop filter 2 */ 4267 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4268 4269 /* set tx_mx2_ic */ 4270 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4271 /* set tx_mx1_ic */ 4272 if (chan <= 14) 4273 rf = 0x48 | sc->txmixgain_2ghz; 4274 else 4275 rf = 0x78 | sc->txmixgain_5ghz; 4276 run_rt3070_rf_write(sc, 16, rf); 4277 4278 /* set tx_lo1 */ 4279 run_rt3070_rf_write(sc, 17, 0x23); 4280 /* set tx_lo2 */ 4281 if (chan <= 14) 4282 rf = 0x93; 4283 else if (chan <= 64) 4284 rf = 0xb7; 4285 else if (chan <= 128) 4286 rf = 0x74; 4287 else 4288 rf = 0x72; 4289 run_rt3070_rf_write(sc, 19, rf); 4290 4291 /* set rx_lo1 */ 4292 if (chan <= 14) 4293 rf = 0xb3; 4294 else if (chan <= 64) 4295 rf = 0xf6; 4296 else if (chan <= 128) 4297 rf = 0xf4; 4298 else 4299 rf = 0xf3; 4300 run_rt3070_rf_write(sc, 20, rf); 4301 4302 /* set pfd_delay */ 4303 if (chan <= 14) 4304 rf = 0x15; 4305 else if (chan <= 64) 4306 rf = 0x3d; 4307 else 4308 rf = 0x01; 4309 run_rt3070_rf_write(sc, 25, rf); 4310 4311 /* set rx_lo2 */ 4312 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4313 /* set ldo_rf_vc */ 4314 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4315 /* set drv_cc */ 4316 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4317 4318 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4319 tmp &= ~0x8080; 4320 if (chan <= 14) 4321 tmp |= 0x80; 4322 run_write(sc, RT2860_GPIO_CTRL, tmp); 4323 4324 /* enable RF tuning */ 4325 run_rt3070_rf_read(sc, 7, &rf); 4326 run_rt3070_rf_write(sc, 7, rf | 0x01); 4327 4328 run_delay(sc, 2); 4329 } 4330 4331 static void 4332 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4333 { 4334 int8_t txpow1, txpow2, txpow3; 4335 uint8_t h20mhz, rf; 4336 int i; 4337 4338 /* find the settings for this channel (we know it exists) */ 4339 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4340 4341 /* use Tx power values from EEPROM */ 4342 txpow1 = sc->txpow1[i]; 4343 txpow2 = sc->txpow2[i]; 4344 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4345 4346 if (chan <= 14) { 4347 run_bbp_write(sc, 25, sc->bbp25); 4348 run_bbp_write(sc, 26, sc->bbp26); 4349 } else { 4350 /* Enable IQ phase correction. */ 4351 run_bbp_write(sc, 25, 0x09); 4352 run_bbp_write(sc, 26, 0xff); 4353 } 4354 4355 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4356 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4357 run_rt3070_rf_read(sc, 11, &rf); 4358 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4359 run_rt3070_rf_write(sc, 11, rf); 4360 4361 /* Set pll_idoh. */ 4362 run_rt3070_rf_read(sc, 11, &rf); 4363 rf &= ~0x4c; 4364 rf |= (chan <= 14) ? 0x44 : 0x48; 4365 run_rt3070_rf_write(sc, 11, rf); 4366 4367 if (chan <= 14) 4368 rf = txpow1 & 0x1f; 4369 else 4370 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4371 run_rt3070_rf_write(sc, 53, rf); 4372 4373 if (chan <= 14) 4374 rf = txpow2 & 0x1f; 4375 else 4376 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4377 run_rt3070_rf_write(sc, 55, rf); 4378 4379 if (chan <= 14) 4380 rf = txpow3 & 0x1f; 4381 else 4382 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4383 run_rt3070_rf_write(sc, 54, rf); 4384 4385 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4386 if (sc->ntxchains == 3) 4387 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4388 else 4389 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4390 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4391 run_rt3070_rf_write(sc, 1, rf); 4392 4393 run_adjust_freq_offset(sc); 4394 4395 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4396 4397 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4398 run_rt3070_rf_read(sc, 30, &rf); 4399 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4400 run_rt3070_rf_write(sc, 30, rf); 4401 4402 run_rt3070_rf_read(sc, 36, &rf); 4403 if (chan <= 14) 4404 rf |= 0x80; 4405 else 4406 rf &= ~0x80; 4407 run_rt3070_rf_write(sc, 36, rf); 4408 4409 /* Set vcolo_bs. */ 4410 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4411 /* Set pfd_delay. */ 4412 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4413 4414 /* Set vco bias current control. */ 4415 run_rt3070_rf_read(sc, 6, &rf); 4416 rf &= ~0xc0; 4417 if (chan <= 14) 4418 rf |= 0x40; 4419 else if (chan <= 128) 4420 rf |= 0x80; 4421 else 4422 rf |= 0x40; 4423 run_rt3070_rf_write(sc, 6, rf); 4424 4425 run_rt3070_rf_read(sc, 30, &rf); 4426 rf = (rf & ~0x18) | 0x10; 4427 run_rt3070_rf_write(sc, 30, rf); 4428 4429 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4430 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4431 4432 run_rt3070_rf_read(sc, 51, &rf); 4433 rf = (rf & ~0x03) | 0x01; 4434 run_rt3070_rf_write(sc, 51, rf); 4435 /* Set tx_mx1_cc. */ 4436 run_rt3070_rf_read(sc, 51, &rf); 4437 rf &= ~0x1c; 4438 rf |= (chan <= 14) ? 0x14 : 0x10; 4439 run_rt3070_rf_write(sc, 51, rf); 4440 /* Set tx_mx1_ic. */ 4441 run_rt3070_rf_read(sc, 51, &rf); 4442 rf &= ~0xe0; 4443 rf |= (chan <= 14) ? 0x60 : 0x40; 4444 run_rt3070_rf_write(sc, 51, rf); 4445 /* Set tx_lo1_ic. */ 4446 run_rt3070_rf_read(sc, 49, &rf); 4447 rf &= ~0x1c; 4448 rf |= (chan <= 14) ? 0x0c : 0x08; 4449 run_rt3070_rf_write(sc, 49, rf); 4450 /* Set tx_lo1_en. */ 4451 run_rt3070_rf_read(sc, 50, &rf); 4452 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4453 /* Set drv_cc. */ 4454 run_rt3070_rf_read(sc, 57, &rf); 4455 rf &= ~0xfc; 4456 rf |= (chan <= 14) ? 0x6c : 0x3c; 4457 run_rt3070_rf_write(sc, 57, rf); 4458 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4459 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4460 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4461 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4462 /* Enable VCO calibration. */ 4463 run_rt3070_rf_read(sc, 3, &rf); 4464 rf &= ~RT5390_VCOCAL; 4465 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4466 run_rt3070_rf_write(sc, 3, rf); 4467 4468 if (chan <= 14) 4469 rf = 0x23; 4470 else if (chan <= 64) 4471 rf = 0x36; 4472 else if (chan <= 128) 4473 rf = 0x32; 4474 else 4475 rf = 0x30; 4476 run_rt3070_rf_write(sc, 39, rf); 4477 if (chan <= 14) 4478 rf = 0xbb; 4479 else if (chan <= 64) 4480 rf = 0xeb; 4481 else if (chan <= 128) 4482 rf = 0xb3; 4483 else 4484 rf = 0x9b; 4485 run_rt3070_rf_write(sc, 45, rf); 4486 4487 /* Set FEQ/AEQ control. */ 4488 run_bbp_write(sc, 105, 0x34); 4489 } 4490 4491 static void 4492 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4493 { 4494 int8_t txpow1, txpow2; 4495 uint8_t rf; 4496 int i; 4497 4498 /* find the settings for this channel (we know it exists) */ 4499 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4500 4501 /* use Tx power values from EEPROM */ 4502 txpow1 = sc->txpow1[i]; 4503 txpow2 = sc->txpow2[i]; 4504 4505 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4506 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4507 run_rt3070_rf_read(sc, 11, &rf); 4508 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4509 run_rt3070_rf_write(sc, 11, rf); 4510 4511 run_rt3070_rf_read(sc, 49, &rf); 4512 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4513 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4514 if ((rf & 0x3f) > 0x27) 4515 rf = (rf & ~0x3f) | 0x27; 4516 run_rt3070_rf_write(sc, 49, rf); 4517 4518 if (sc->mac_ver == 0x5392) { 4519 run_rt3070_rf_read(sc, 50, &rf); 4520 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4521 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4522 if ((rf & 0x3f) > 0x27) 4523 rf = (rf & ~0x3f) | 0x27; 4524 run_rt3070_rf_write(sc, 50, rf); 4525 } 4526 4527 run_rt3070_rf_read(sc, 1, &rf); 4528 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4529 if (sc->mac_ver == 0x5392) 4530 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4531 run_rt3070_rf_write(sc, 1, rf); 4532 4533 if (sc->mac_ver != 0x5392) { 4534 run_rt3070_rf_read(sc, 2, &rf); 4535 rf |= 0x80; 4536 run_rt3070_rf_write(sc, 2, rf); 4537 run_delay(sc, 10); 4538 rf &= 0x7f; 4539 run_rt3070_rf_write(sc, 2, rf); 4540 } 4541 4542 run_adjust_freq_offset(sc); 4543 4544 if (sc->mac_ver == 0x5392) { 4545 /* Fix for RT5392C. */ 4546 if (sc->mac_rev >= 0x0223) { 4547 if (chan <= 4) 4548 rf = 0x0f; 4549 else if (chan >= 5 && chan <= 7) 4550 rf = 0x0e; 4551 else 4552 rf = 0x0d; 4553 run_rt3070_rf_write(sc, 23, rf); 4554 4555 if (chan <= 4) 4556 rf = 0x0c; 4557 else if (chan == 5) 4558 rf = 0x0b; 4559 else if (chan >= 6 && chan <= 7) 4560 rf = 0x0a; 4561 else if (chan >= 8 && chan <= 10) 4562 rf = 0x09; 4563 else 4564 rf = 0x08; 4565 run_rt3070_rf_write(sc, 59, rf); 4566 } else { 4567 if (chan <= 11) 4568 rf = 0x0f; 4569 else 4570 rf = 0x0b; 4571 run_rt3070_rf_write(sc, 59, rf); 4572 } 4573 } else { 4574 /* Fix for RT5390F. */ 4575 if (sc->mac_rev >= 0x0502) { 4576 if (chan <= 11) 4577 rf = 0x43; 4578 else 4579 rf = 0x23; 4580 run_rt3070_rf_write(sc, 55, rf); 4581 4582 if (chan <= 11) 4583 rf = 0x0f; 4584 else if (chan == 12) 4585 rf = 0x0d; 4586 else 4587 rf = 0x0b; 4588 run_rt3070_rf_write(sc, 59, rf); 4589 } else { 4590 run_rt3070_rf_write(sc, 55, 0x44); 4591 run_rt3070_rf_write(sc, 59, 0x8f); 4592 } 4593 } 4594 4595 /* Enable VCO calibration. */ 4596 run_rt3070_rf_read(sc, 3, &rf); 4597 rf |= RT5390_VCOCAL; 4598 run_rt3070_rf_write(sc, 3, rf); 4599 } 4600 4601 static void 4602 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4603 { 4604 const struct rt5592_freqs *freqs; 4605 uint32_t tmp; 4606 uint8_t reg, rf, txpow_bound; 4607 int8_t txpow1, txpow2; 4608 int i; 4609 4610 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4611 freqs = (tmp & RT5592_SEL_XTAL) ? 4612 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4613 4614 /* find the settings for this channel (we know it exists) */ 4615 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4616 4617 /* use Tx power values from EEPROM */ 4618 txpow1 = sc->txpow1[i]; 4619 txpow2 = sc->txpow2[i]; 4620 4621 run_read(sc, RT3070_LDO_CFG0, &tmp); 4622 tmp &= ~0x1c000000; 4623 if (chan > 14) 4624 tmp |= 0x14000000; 4625 run_write(sc, RT3070_LDO_CFG0, tmp); 4626 4627 /* N setting. */ 4628 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4629 run_rt3070_rf_read(sc, 9, &rf); 4630 rf &= ~(1 << 4); 4631 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4632 run_rt3070_rf_write(sc, 9, rf); 4633 4634 /* K setting. */ 4635 run_rt3070_rf_read(sc, 9, &rf); 4636 rf &= ~0x0f; 4637 rf |= (freqs->k & 0x0f); 4638 run_rt3070_rf_write(sc, 9, rf); 4639 4640 /* Mode setting. */ 4641 run_rt3070_rf_read(sc, 11, &rf); 4642 rf &= ~0x0c; 4643 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4644 run_rt3070_rf_write(sc, 11, rf); 4645 run_rt3070_rf_read(sc, 9, &rf); 4646 rf &= ~(1 << 7); 4647 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4648 run_rt3070_rf_write(sc, 9, rf); 4649 4650 /* R setting. */ 4651 run_rt3070_rf_read(sc, 11, &rf); 4652 rf &= ~0x03; 4653 rf |= (freqs->r - 0x1); 4654 run_rt3070_rf_write(sc, 11, rf); 4655 4656 if (chan <= 14) { 4657 /* Initialize RF registers for 2GHZ. */ 4658 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4659 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4660 rt5592_2ghz_def_rf[i].val); 4661 } 4662 4663 rf = (chan <= 10) ? 0x07 : 0x06; 4664 run_rt3070_rf_write(sc, 23, rf); 4665 run_rt3070_rf_write(sc, 59, rf); 4666 4667 run_rt3070_rf_write(sc, 55, 0x43); 4668 4669 /* 4670 * RF R49/R50 Tx power ALC code. 4671 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4672 */ 4673 reg = 2; 4674 txpow_bound = 0x27; 4675 } else { 4676 /* Initialize RF registers for 5GHZ. */ 4677 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4678 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4679 rt5592_5ghz_def_rf[i].val); 4680 } 4681 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4682 if (chan >= rt5592_chan_5ghz[i].firstchan && 4683 chan <= rt5592_chan_5ghz[i].lastchan) { 4684 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4685 rt5592_chan_5ghz[i].val); 4686 } 4687 } 4688 4689 /* 4690 * RF R49/R50 Tx power ALC code. 4691 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4692 */ 4693 reg = 3; 4694 txpow_bound = 0x2b; 4695 } 4696 4697 /* RF R49 ch0 Tx power ALC code. */ 4698 run_rt3070_rf_read(sc, 49, &rf); 4699 rf &= ~0xc0; 4700 rf |= (reg << 6); 4701 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4702 if ((rf & 0x3f) > txpow_bound) 4703 rf = (rf & ~0x3f) | txpow_bound; 4704 run_rt3070_rf_write(sc, 49, rf); 4705 4706 /* RF R50 ch1 Tx power ALC code. */ 4707 run_rt3070_rf_read(sc, 50, &rf); 4708 rf &= ~(1 << 7 | 1 << 6); 4709 rf |= (reg << 6); 4710 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4711 if ((rf & 0x3f) > txpow_bound) 4712 rf = (rf & ~0x3f) | txpow_bound; 4713 run_rt3070_rf_write(sc, 50, rf); 4714 4715 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4716 run_rt3070_rf_read(sc, 1, &rf); 4717 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4718 if (sc->ntxchains > 1) 4719 rf |= RT3070_TX1_PD; 4720 if (sc->nrxchains > 1) 4721 rf |= RT3070_RX1_PD; 4722 run_rt3070_rf_write(sc, 1, rf); 4723 4724 run_rt3070_rf_write(sc, 6, 0xe4); 4725 4726 run_rt3070_rf_write(sc, 30, 0x10); 4727 run_rt3070_rf_write(sc, 31, 0x80); 4728 run_rt3070_rf_write(sc, 32, 0x80); 4729 4730 run_adjust_freq_offset(sc); 4731 4732 /* Enable VCO calibration. */ 4733 run_rt3070_rf_read(sc, 3, &rf); 4734 rf |= RT5390_VCOCAL; 4735 run_rt3070_rf_write(sc, 3, rf); 4736 } 4737 4738 static void 4739 run_set_rx_antenna(struct run_softc *sc, int aux) 4740 { 4741 uint32_t tmp; 4742 uint8_t bbp152; 4743 4744 if (aux) { 4745 if (sc->rf_rev == RT5390_RF_5370) { 4746 run_bbp_read(sc, 152, &bbp152); 4747 run_bbp_write(sc, 152, bbp152 & ~0x80); 4748 } else { 4749 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4750 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4751 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4752 } 4753 } else { 4754 if (sc->rf_rev == RT5390_RF_5370) { 4755 run_bbp_read(sc, 152, &bbp152); 4756 run_bbp_write(sc, 152, bbp152 | 0x80); 4757 } else { 4758 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4759 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4760 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4761 } 4762 } 4763 } 4764 4765 static int 4766 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4767 { 4768 struct ieee80211com *ic = &sc->sc_ic; 4769 u_int chan, group; 4770 4771 chan = ieee80211_chan2ieee(ic, c); 4772 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4773 return (EINVAL); 4774 4775 if (sc->mac_ver == 0x5592) 4776 run_rt5592_set_chan(sc, chan); 4777 else if (sc->mac_ver >= 0x5390) 4778 run_rt5390_set_chan(sc, chan); 4779 else if (sc->mac_ver == 0x3593) 4780 run_rt3593_set_chan(sc, chan); 4781 else if (sc->mac_ver == 0x3572) 4782 run_rt3572_set_chan(sc, chan); 4783 else if (sc->mac_ver >= 0x3070) 4784 run_rt3070_set_chan(sc, chan); 4785 else 4786 run_rt2870_set_chan(sc, chan); 4787 4788 /* determine channel group */ 4789 if (chan <= 14) 4790 group = 0; 4791 else if (chan <= 64) 4792 group = 1; 4793 else if (chan <= 128) 4794 group = 2; 4795 else 4796 group = 3; 4797 4798 /* XXX necessary only when group has changed! */ 4799 run_select_chan_group(sc, group); 4800 4801 run_delay(sc, 10); 4802 4803 /* Perform IQ calibration. */ 4804 if (sc->mac_ver >= 0x5392) 4805 run_iq_calib(sc, chan); 4806 4807 return (0); 4808 } 4809 4810 static void 4811 run_set_channel(struct ieee80211com *ic) 4812 { 4813 struct run_softc *sc = ic->ic_softc; 4814 4815 RUN_LOCK(sc); 4816 run_set_chan(sc, ic->ic_curchan); 4817 RUN_UNLOCK(sc); 4818 4819 return; 4820 } 4821 4822 static void 4823 run_scan_start(struct ieee80211com *ic) 4824 { 4825 struct run_softc *sc = ic->ic_softc; 4826 uint32_t tmp; 4827 4828 RUN_LOCK(sc); 4829 4830 /* abort TSF synchronization */ 4831 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4832 run_write(sc, RT2860_BCN_TIME_CFG, 4833 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4834 RT2860_TBTT_TIMER_EN)); 4835 run_set_bssid(sc, ieee80211broadcastaddr); 4836 4837 RUN_UNLOCK(sc); 4838 4839 return; 4840 } 4841 4842 static void 4843 run_scan_end(struct ieee80211com *ic) 4844 { 4845 struct run_softc *sc = ic->ic_softc; 4846 4847 RUN_LOCK(sc); 4848 4849 run_enable_tsf_sync(sc); 4850 run_set_bssid(sc, sc->sc_bssid); 4851 4852 RUN_UNLOCK(sc); 4853 4854 return; 4855 } 4856 4857 /* 4858 * Could be called from ieee80211_node_timeout() 4859 * (non-sleepable thread) 4860 */ 4861 static void 4862 run_update_beacon(struct ieee80211vap *vap, int item) 4863 { 4864 struct ieee80211com *ic = vap->iv_ic; 4865 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4866 struct ieee80211_node *ni = vap->iv_bss; 4867 struct run_softc *sc = ic->ic_softc; 4868 struct run_vap *rvp = RUN_VAP(vap); 4869 int mcast = 0; 4870 uint32_t i; 4871 4872 switch (item) { 4873 case IEEE80211_BEACON_ERP: 4874 run_updateslot(ic); 4875 break; 4876 case IEEE80211_BEACON_HTINFO: 4877 run_updateprot(ic); 4878 break; 4879 case IEEE80211_BEACON_TIM: 4880 mcast = 1; /*TODO*/ 4881 break; 4882 default: 4883 break; 4884 } 4885 4886 setbit(bo->bo_flags, item); 4887 if (rvp->beacon_mbuf == NULL) { 4888 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4889 if (rvp->beacon_mbuf == NULL) 4890 return; 4891 } 4892 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4893 4894 i = RUN_CMDQ_GET(&sc->cmdq_store); 4895 DPRINTF("cmdq_store=%d\n", i); 4896 sc->cmdq[i].func = run_update_beacon_cb; 4897 sc->cmdq[i].arg0 = vap; 4898 ieee80211_runtask(ic, &sc->cmdq_task); 4899 4900 return; 4901 } 4902 4903 static void 4904 run_update_beacon_cb(void *arg) 4905 { 4906 struct ieee80211vap *vap = arg; 4907 struct ieee80211_node *ni = vap->iv_bss; 4908 struct run_vap *rvp = RUN_VAP(vap); 4909 struct ieee80211com *ic = vap->iv_ic; 4910 struct run_softc *sc = ic->ic_softc; 4911 struct rt2860_txwi txwi; 4912 struct mbuf *m; 4913 uint16_t txwisize; 4914 uint8_t ridx; 4915 4916 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4917 return; 4918 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4919 return; 4920 4921 /* 4922 * No need to call ieee80211_beacon_update(), run_update_beacon() 4923 * is taking care of appropriate calls. 4924 */ 4925 if (rvp->beacon_mbuf == NULL) { 4926 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4927 if (rvp->beacon_mbuf == NULL) 4928 return; 4929 } 4930 m = rvp->beacon_mbuf; 4931 4932 memset(&txwi, 0, sizeof(txwi)); 4933 txwi.wcid = 0xff; 4934 txwi.len = htole16(m->m_pkthdr.len); 4935 4936 /* send beacons at the lowest available rate */ 4937 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4938 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4939 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4940 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4941 txwi.phy |= htole16(RT2860_PHY_OFDM); 4942 txwi.txop = RT2860_TX_TXOP_HT; 4943 txwi.flags = RT2860_TX_TS; 4944 txwi.xflags = RT2860_TX_NSEQ; 4945 4946 txwisize = (sc->mac_ver == 0x5592) ? 4947 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4948 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4949 txwisize); 4950 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4951 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4952 } 4953 4954 static void 4955 run_updateprot(struct ieee80211com *ic) 4956 { 4957 struct run_softc *sc = ic->ic_softc; 4958 uint32_t i; 4959 4960 i = RUN_CMDQ_GET(&sc->cmdq_store); 4961 DPRINTF("cmdq_store=%d\n", i); 4962 sc->cmdq[i].func = run_updateprot_cb; 4963 sc->cmdq[i].arg0 = ic; 4964 ieee80211_runtask(ic, &sc->cmdq_task); 4965 } 4966 4967 static void 4968 run_updateprot_cb(void *arg) 4969 { 4970 struct ieee80211com *ic = arg; 4971 struct run_softc *sc = ic->ic_softc; 4972 uint32_t tmp; 4973 4974 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4975 /* setup protection frame rate (MCS code) */ 4976 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4977 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 4978 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4979 4980 /* CCK frames don't require protection */ 4981 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4982 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4983 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4984 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4985 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4986 tmp |= RT2860_PROT_CTRL_CTS; 4987 } 4988 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4989 } 4990 4991 static void 4992 run_usb_timeout_cb(void *arg) 4993 { 4994 struct ieee80211vap *vap = arg; 4995 struct run_softc *sc = vap->iv_ic->ic_softc; 4996 4997 RUN_LOCK_ASSERT(sc, MA_OWNED); 4998 4999 if(vap->iv_state == IEEE80211_S_RUN && 5000 vap->iv_opmode != IEEE80211_M_STA) 5001 run_reset_livelock(sc); 5002 else if (vap->iv_state == IEEE80211_S_SCAN) { 5003 DPRINTF("timeout caused by scan\n"); 5004 /* cancel bgscan */ 5005 ieee80211_cancel_scan(vap); 5006 } else 5007 DPRINTF("timeout by unknown cause\n"); 5008 } 5009 5010 static void 5011 run_reset_livelock(struct run_softc *sc) 5012 { 5013 uint32_t tmp; 5014 5015 RUN_LOCK_ASSERT(sc, MA_OWNED); 5016 5017 /* 5018 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5019 * can run into a livelock and start sending CTS-to-self frames like 5020 * crazy if protection is enabled. Reset MAC/BBP for a while 5021 */ 5022 run_read(sc, RT2860_DEBUG, &tmp); 5023 DPRINTFN(3, "debug reg %08x\n", tmp); 5024 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5025 DPRINTF("CTS-to-self livelock detected\n"); 5026 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5027 run_delay(sc, 1); 5028 run_write(sc, RT2860_MAC_SYS_CTRL, 5029 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5030 } 5031 } 5032 5033 static void 5034 run_update_promisc_locked(struct run_softc *sc) 5035 { 5036 uint32_t tmp; 5037 5038 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5039 5040 tmp |= RT2860_DROP_UC_NOME; 5041 if (sc->sc_ic.ic_promisc > 0) 5042 tmp &= ~RT2860_DROP_UC_NOME; 5043 5044 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5045 5046 DPRINTF("%s promiscuous mode\n", (sc->sc_ic.ic_promisc > 0) ? 5047 "entering" : "leaving"); 5048 } 5049 5050 static void 5051 run_update_promisc(struct ieee80211com *ic) 5052 { 5053 struct run_softc *sc = ic->ic_softc; 5054 5055 if ((sc->sc_flags & RUN_RUNNING) == 0) 5056 return; 5057 5058 RUN_LOCK(sc); 5059 run_update_promisc_locked(sc); 5060 RUN_UNLOCK(sc); 5061 } 5062 5063 static void 5064 run_enable_tsf_sync(struct run_softc *sc) 5065 { 5066 struct ieee80211com *ic = &sc->sc_ic; 5067 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5068 uint32_t tmp; 5069 5070 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5071 ic->ic_opmode); 5072 5073 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5074 tmp &= ~0x1fffff; 5075 tmp |= vap->iv_bss->ni_intval * 16; 5076 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5077 5078 if (ic->ic_opmode == IEEE80211_M_STA) { 5079 /* 5080 * Local TSF is always updated with remote TSF on beacon 5081 * reception. 5082 */ 5083 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5084 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5085 tmp |= RT2860_BCN_TX_EN; 5086 /* 5087 * Local TSF is updated with remote TSF on beacon reception 5088 * only if the remote TSF is greater than local TSF. 5089 */ 5090 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5091 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5092 ic->ic_opmode == IEEE80211_M_MBSS) { 5093 tmp |= RT2860_BCN_TX_EN; 5094 /* SYNC with nobody */ 5095 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5096 } else { 5097 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5098 return; 5099 } 5100 5101 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5102 } 5103 5104 static void 5105 run_enable_tsf(struct run_softc *sc) 5106 { 5107 uint32_t tmp; 5108 5109 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5110 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5111 tmp |= RT2860_TSF_TIMER_EN; 5112 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5113 } 5114 } 5115 5116 static void 5117 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5118 { 5119 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5120 sizeof(*buf)); 5121 } 5122 5123 static void 5124 run_enable_mrr(struct run_softc *sc) 5125 { 5126 #define CCK(mcs) (mcs) 5127 #define OFDM(mcs) (1 << 3 | (mcs)) 5128 run_write(sc, RT2860_LG_FBK_CFG0, 5129 OFDM(6) << 28 | /* 54->48 */ 5130 OFDM(5) << 24 | /* 48->36 */ 5131 OFDM(4) << 20 | /* 36->24 */ 5132 OFDM(3) << 16 | /* 24->18 */ 5133 OFDM(2) << 12 | /* 18->12 */ 5134 OFDM(1) << 8 | /* 12-> 9 */ 5135 OFDM(0) << 4 | /* 9-> 6 */ 5136 OFDM(0)); /* 6-> 6 */ 5137 5138 run_write(sc, RT2860_LG_FBK_CFG1, 5139 CCK(2) << 12 | /* 11->5.5 */ 5140 CCK(1) << 8 | /* 5.5-> 2 */ 5141 CCK(0) << 4 | /* 2-> 1 */ 5142 CCK(0)); /* 1-> 1 */ 5143 #undef OFDM 5144 #undef CCK 5145 } 5146 5147 static void 5148 run_set_txpreamble(struct run_softc *sc) 5149 { 5150 struct ieee80211com *ic = &sc->sc_ic; 5151 uint32_t tmp; 5152 5153 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5154 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5155 tmp |= RT2860_CCK_SHORT_EN; 5156 else 5157 tmp &= ~RT2860_CCK_SHORT_EN; 5158 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5159 } 5160 5161 static void 5162 run_set_basicrates(struct run_softc *sc) 5163 { 5164 struct ieee80211com *ic = &sc->sc_ic; 5165 5166 /* set basic rates mask */ 5167 if (ic->ic_curmode == IEEE80211_MODE_11B) 5168 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5169 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5170 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5171 else /* 11g */ 5172 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5173 } 5174 5175 static void 5176 run_set_leds(struct run_softc *sc, uint16_t which) 5177 { 5178 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5179 which | (sc->leds & 0x7f)); 5180 } 5181 5182 static void 5183 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5184 { 5185 run_write(sc, RT2860_MAC_BSSID_DW0, 5186 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5187 run_write(sc, RT2860_MAC_BSSID_DW1, 5188 bssid[4] | bssid[5] << 8); 5189 } 5190 5191 static void 5192 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5193 { 5194 run_write(sc, RT2860_MAC_ADDR_DW0, 5195 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5196 run_write(sc, RT2860_MAC_ADDR_DW1, 5197 addr[4] | addr[5] << 8 | 0xff << 16); 5198 } 5199 5200 static void 5201 run_updateslot(struct ieee80211com *ic) 5202 { 5203 struct run_softc *sc = ic->ic_softc; 5204 uint32_t i; 5205 5206 i = RUN_CMDQ_GET(&sc->cmdq_store); 5207 DPRINTF("cmdq_store=%d\n", i); 5208 sc->cmdq[i].func = run_updateslot_cb; 5209 sc->cmdq[i].arg0 = ic; 5210 ieee80211_runtask(ic, &sc->cmdq_task); 5211 5212 return; 5213 } 5214 5215 /* ARGSUSED */ 5216 static void 5217 run_updateslot_cb(void *arg) 5218 { 5219 struct ieee80211com *ic = arg; 5220 struct run_softc *sc = ic->ic_softc; 5221 uint32_t tmp; 5222 5223 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5224 tmp &= ~0xff; 5225 tmp |= IEEE80211_GET_SLOTTIME(ic); 5226 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5227 } 5228 5229 static void 5230 run_update_mcast(struct ieee80211com *ic) 5231 { 5232 } 5233 5234 static int8_t 5235 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5236 { 5237 struct ieee80211com *ic = &sc->sc_ic; 5238 struct ieee80211_channel *c = ic->ic_curchan; 5239 int delta; 5240 5241 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5242 u_int chan = ieee80211_chan2ieee(ic, c); 5243 delta = sc->rssi_5ghz[rxchain]; 5244 5245 /* determine channel group */ 5246 if (chan <= 64) 5247 delta -= sc->lna[1]; 5248 else if (chan <= 128) 5249 delta -= sc->lna[2]; 5250 else 5251 delta -= sc->lna[3]; 5252 } else 5253 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5254 5255 return (-12 - delta - rssi); 5256 } 5257 5258 static void 5259 run_rt5390_bbp_init(struct run_softc *sc) 5260 { 5261 u_int i; 5262 uint8_t bbp; 5263 5264 /* Apply maximum likelihood detection for 2 stream case. */ 5265 run_bbp_read(sc, 105, &bbp); 5266 if (sc->nrxchains > 1) 5267 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5268 5269 /* Avoid data lost and CRC error. */ 5270 run_bbp_read(sc, 4, &bbp); 5271 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5272 5273 if (sc->mac_ver == 0x5592) { 5274 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5275 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5276 rt5592_def_bbp[i].val); 5277 } 5278 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5279 run_bbp_write(sc, 195, i + 0x80); 5280 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5281 } 5282 } else { 5283 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5284 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5285 rt5390_def_bbp[i].val); 5286 } 5287 } 5288 if (sc->mac_ver == 0x5392) { 5289 run_bbp_write(sc, 88, 0x90); 5290 run_bbp_write(sc, 95, 0x9a); 5291 run_bbp_write(sc, 98, 0x12); 5292 run_bbp_write(sc, 106, 0x12); 5293 run_bbp_write(sc, 134, 0xd0); 5294 run_bbp_write(sc, 135, 0xf6); 5295 run_bbp_write(sc, 148, 0x84); 5296 } 5297 5298 run_bbp_read(sc, 152, &bbp); 5299 run_bbp_write(sc, 152, bbp | 0x80); 5300 5301 /* Fix BBP254 for RT5592C. */ 5302 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5303 run_bbp_read(sc, 254, &bbp); 5304 run_bbp_write(sc, 254, bbp | 0x80); 5305 } 5306 5307 /* Disable hardware antenna diversity. */ 5308 if (sc->mac_ver == 0x5390) 5309 run_bbp_write(sc, 154, 0); 5310 5311 /* Initialize Rx CCK/OFDM frequency offset report. */ 5312 run_bbp_write(sc, 142, 1); 5313 run_bbp_write(sc, 143, 57); 5314 } 5315 5316 static int 5317 run_bbp_init(struct run_softc *sc) 5318 { 5319 int i, error, ntries; 5320 uint8_t bbp0; 5321 5322 /* wait for BBP to wake up */ 5323 for (ntries = 0; ntries < 20; ntries++) { 5324 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5325 return error; 5326 if (bbp0 != 0 && bbp0 != 0xff) 5327 break; 5328 } 5329 if (ntries == 20) 5330 return (ETIMEDOUT); 5331 5332 /* initialize BBP registers to default values */ 5333 if (sc->mac_ver >= 0x5390) 5334 run_rt5390_bbp_init(sc); 5335 else { 5336 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5337 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5338 rt2860_def_bbp[i].val); 5339 } 5340 } 5341 5342 if (sc->mac_ver == 0x3593) { 5343 run_bbp_write(sc, 79, 0x13); 5344 run_bbp_write(sc, 80, 0x05); 5345 run_bbp_write(sc, 81, 0x33); 5346 run_bbp_write(sc, 86, 0x46); 5347 run_bbp_write(sc, 137, 0x0f); 5348 } 5349 5350 /* fix BBP84 for RT2860E */ 5351 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5352 run_bbp_write(sc, 84, 0x19); 5353 5354 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5355 sc->mac_ver != 0x5592)) { 5356 run_bbp_write(sc, 79, 0x13); 5357 run_bbp_write(sc, 80, 0x05); 5358 run_bbp_write(sc, 81, 0x33); 5359 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5360 run_bbp_write(sc, 69, 0x16); 5361 run_bbp_write(sc, 73, 0x12); 5362 } 5363 return (0); 5364 } 5365 5366 static int 5367 run_rt3070_rf_init(struct run_softc *sc) 5368 { 5369 uint32_t tmp; 5370 uint8_t bbp4, mingain, rf, target; 5371 u_int i; 5372 5373 run_rt3070_rf_read(sc, 30, &rf); 5374 /* toggle RF R30 bit 7 */ 5375 run_rt3070_rf_write(sc, 30, rf | 0x80); 5376 run_delay(sc, 10); 5377 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5378 5379 /* initialize RF registers to default value */ 5380 if (sc->mac_ver == 0x3572) { 5381 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5382 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5383 rt3572_def_rf[i].val); 5384 } 5385 } else { 5386 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5387 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5388 rt3070_def_rf[i].val); 5389 } 5390 } 5391 5392 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5393 /* 5394 * Change voltage from 1.2V to 1.35V for RT3070. 5395 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5396 * in RT3070(F). 5397 */ 5398 run_read(sc, RT3070_LDO_CFG0, &tmp); 5399 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5400 run_write(sc, RT3070_LDO_CFG0, tmp); 5401 5402 } else if (sc->mac_ver == 0x3071) { 5403 run_rt3070_rf_read(sc, 6, &rf); 5404 run_rt3070_rf_write(sc, 6, rf | 0x40); 5405 run_rt3070_rf_write(sc, 31, 0x14); 5406 5407 run_read(sc, RT3070_LDO_CFG0, &tmp); 5408 tmp &= ~0x1f000000; 5409 if (sc->mac_rev < 0x0211) 5410 tmp |= 0x0d000000; /* 1.3V */ 5411 else 5412 tmp |= 0x01000000; /* 1.2V */ 5413 run_write(sc, RT3070_LDO_CFG0, tmp); 5414 5415 /* patch LNA_PE_G1 */ 5416 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5417 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5418 5419 } else if (sc->mac_ver == 0x3572) { 5420 run_rt3070_rf_read(sc, 6, &rf); 5421 run_rt3070_rf_write(sc, 6, rf | 0x40); 5422 5423 /* increase voltage from 1.2V to 1.35V */ 5424 run_read(sc, RT3070_LDO_CFG0, &tmp); 5425 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5426 run_write(sc, RT3070_LDO_CFG0, tmp); 5427 5428 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5429 run_delay(sc, 1); /* wait for 1msec */ 5430 /* decrease voltage back to 1.2V */ 5431 tmp = (tmp & ~0x1f000000) | 0x01000000; 5432 run_write(sc, RT3070_LDO_CFG0, tmp); 5433 } 5434 } 5435 5436 /* select 20MHz bandwidth */ 5437 run_rt3070_rf_read(sc, 31, &rf); 5438 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5439 5440 /* calibrate filter for 20MHz bandwidth */ 5441 sc->rf24_20mhz = 0x1f; /* default value */ 5442 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5443 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5444 5445 /* select 40MHz bandwidth */ 5446 run_bbp_read(sc, 4, &bbp4); 5447 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5448 run_rt3070_rf_read(sc, 31, &rf); 5449 run_rt3070_rf_write(sc, 31, rf | 0x20); 5450 5451 /* calibrate filter for 40MHz bandwidth */ 5452 sc->rf24_40mhz = 0x2f; /* default value */ 5453 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5454 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5455 5456 /* go back to 20MHz bandwidth */ 5457 run_bbp_read(sc, 4, &bbp4); 5458 run_bbp_write(sc, 4, bbp4 & ~0x18); 5459 5460 if (sc->mac_ver == 0x3572) { 5461 /* save default BBP registers 25 and 26 values */ 5462 run_bbp_read(sc, 25, &sc->bbp25); 5463 run_bbp_read(sc, 26, &sc->bbp26); 5464 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5465 run_rt3070_rf_write(sc, 27, 0x03); 5466 5467 run_read(sc, RT3070_OPT_14, &tmp); 5468 run_write(sc, RT3070_OPT_14, tmp | 1); 5469 5470 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5471 run_rt3070_rf_read(sc, 17, &rf); 5472 rf &= ~RT3070_TX_LO1; 5473 if ((sc->mac_ver == 0x3070 || 5474 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5475 !sc->ext_2ghz_lna) 5476 rf |= 0x20; /* fix for long range Rx issue */ 5477 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5478 if (sc->txmixgain_2ghz >= mingain) 5479 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5480 run_rt3070_rf_write(sc, 17, rf); 5481 } 5482 5483 if (sc->mac_ver == 0x3071) { 5484 run_rt3070_rf_read(sc, 1, &rf); 5485 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5486 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5487 run_rt3070_rf_write(sc, 1, rf); 5488 5489 run_rt3070_rf_read(sc, 15, &rf); 5490 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5491 5492 run_rt3070_rf_read(sc, 20, &rf); 5493 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5494 5495 run_rt3070_rf_read(sc, 21, &rf); 5496 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5497 } 5498 5499 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5500 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5501 run_rt3070_rf_read(sc, 27, &rf); 5502 rf &= ~0x77; 5503 if (sc->mac_rev < 0x0211) 5504 rf |= 0x03; 5505 run_rt3070_rf_write(sc, 27, rf); 5506 } 5507 return (0); 5508 } 5509 5510 static void 5511 run_rt3593_rf_init(struct run_softc *sc) 5512 { 5513 uint32_t tmp; 5514 uint8_t rf; 5515 u_int i; 5516 5517 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5518 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5519 tmp &= ~(1 << 4 | 1 << 7); 5520 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5521 5522 /* Initialize RF registers to default value. */ 5523 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5524 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5525 rt3593_def_rf[i].val); 5526 } 5527 5528 /* Toggle RF R2 to initiate calibration. */ 5529 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5530 5531 /* Initialize RF frequency offset. */ 5532 run_adjust_freq_offset(sc); 5533 5534 run_rt3070_rf_read(sc, 18, &rf); 5535 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5536 5537 /* 5538 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5539 * decrease voltage back to 1.2V. 5540 */ 5541 run_read(sc, RT3070_LDO_CFG0, &tmp); 5542 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5543 run_write(sc, RT3070_LDO_CFG0, tmp); 5544 run_delay(sc, 1); 5545 tmp = (tmp & ~0x1f000000) | 0x01000000; 5546 run_write(sc, RT3070_LDO_CFG0, tmp); 5547 5548 sc->rf24_20mhz = 0x1f; 5549 sc->rf24_40mhz = 0x2f; 5550 5551 /* Save default BBP registers 25 and 26 values. */ 5552 run_bbp_read(sc, 25, &sc->bbp25); 5553 run_bbp_read(sc, 26, &sc->bbp26); 5554 5555 run_read(sc, RT3070_OPT_14, &tmp); 5556 run_write(sc, RT3070_OPT_14, tmp | 1); 5557 } 5558 5559 static void 5560 run_rt5390_rf_init(struct run_softc *sc) 5561 { 5562 uint32_t tmp; 5563 uint8_t rf; 5564 u_int i; 5565 5566 /* Toggle RF R2 to initiate calibration. */ 5567 if (sc->mac_ver == 0x5390) { 5568 run_rt3070_rf_read(sc, 2, &rf); 5569 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5570 run_delay(sc, 10); 5571 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5572 } else { 5573 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5574 run_delay(sc, 10); 5575 } 5576 5577 /* Initialize RF registers to default value. */ 5578 if (sc->mac_ver == 0x5592) { 5579 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5580 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5581 rt5592_def_rf[i].val); 5582 } 5583 /* Initialize RF frequency offset. */ 5584 run_adjust_freq_offset(sc); 5585 } else if (sc->mac_ver == 0x5392) { 5586 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5587 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5588 rt5392_def_rf[i].val); 5589 } 5590 if (sc->mac_rev >= 0x0223) { 5591 run_rt3070_rf_write(sc, 23, 0x0f); 5592 run_rt3070_rf_write(sc, 24, 0x3e); 5593 run_rt3070_rf_write(sc, 51, 0x32); 5594 run_rt3070_rf_write(sc, 53, 0x22); 5595 run_rt3070_rf_write(sc, 56, 0xc1); 5596 run_rt3070_rf_write(sc, 59, 0x0f); 5597 } 5598 } else { 5599 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5600 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5601 rt5390_def_rf[i].val); 5602 } 5603 if (sc->mac_rev >= 0x0502) { 5604 run_rt3070_rf_write(sc, 6, 0xe0); 5605 run_rt3070_rf_write(sc, 25, 0x80); 5606 run_rt3070_rf_write(sc, 46, 0x73); 5607 run_rt3070_rf_write(sc, 53, 0x00); 5608 run_rt3070_rf_write(sc, 56, 0x42); 5609 run_rt3070_rf_write(sc, 61, 0xd1); 5610 } 5611 } 5612 5613 sc->rf24_20mhz = 0x1f; /* default value */ 5614 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5615 5616 if (sc->mac_rev < 0x0211) 5617 run_rt3070_rf_write(sc, 27, 0x3); 5618 5619 run_read(sc, RT3070_OPT_14, &tmp); 5620 run_write(sc, RT3070_OPT_14, tmp | 1); 5621 } 5622 5623 static int 5624 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5625 uint8_t *val) 5626 { 5627 uint8_t rf22, rf24; 5628 uint8_t bbp55_pb, bbp55_sb, delta; 5629 int ntries; 5630 5631 /* program filter */ 5632 run_rt3070_rf_read(sc, 24, &rf24); 5633 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5634 run_rt3070_rf_write(sc, 24, rf24); 5635 5636 /* enable baseband loopback mode */ 5637 run_rt3070_rf_read(sc, 22, &rf22); 5638 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5639 5640 /* set power and frequency of passband test tone */ 5641 run_bbp_write(sc, 24, 0x00); 5642 for (ntries = 0; ntries < 100; ntries++) { 5643 /* transmit test tone */ 5644 run_bbp_write(sc, 25, 0x90); 5645 run_delay(sc, 10); 5646 /* read received power */ 5647 run_bbp_read(sc, 55, &bbp55_pb); 5648 if (bbp55_pb != 0) 5649 break; 5650 } 5651 if (ntries == 100) 5652 return (ETIMEDOUT); 5653 5654 /* set power and frequency of stopband test tone */ 5655 run_bbp_write(sc, 24, 0x06); 5656 for (ntries = 0; ntries < 100; ntries++) { 5657 /* transmit test tone */ 5658 run_bbp_write(sc, 25, 0x90); 5659 run_delay(sc, 10); 5660 /* read received power */ 5661 run_bbp_read(sc, 55, &bbp55_sb); 5662 5663 delta = bbp55_pb - bbp55_sb; 5664 if (delta > target) 5665 break; 5666 5667 /* reprogram filter */ 5668 rf24++; 5669 run_rt3070_rf_write(sc, 24, rf24); 5670 } 5671 if (ntries < 100) { 5672 if (rf24 != init) 5673 rf24--; /* backtrack */ 5674 *val = rf24; 5675 run_rt3070_rf_write(sc, 24, rf24); 5676 } 5677 5678 /* restore initial state */ 5679 run_bbp_write(sc, 24, 0x00); 5680 5681 /* disable baseband loopback mode */ 5682 run_rt3070_rf_read(sc, 22, &rf22); 5683 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5684 5685 return (0); 5686 } 5687 5688 static void 5689 run_rt3070_rf_setup(struct run_softc *sc) 5690 { 5691 uint8_t bbp, rf; 5692 int i; 5693 5694 if (sc->mac_ver == 0x3572) { 5695 /* enable DC filter */ 5696 if (sc->mac_rev >= 0x0201) 5697 run_bbp_write(sc, 103, 0xc0); 5698 5699 run_bbp_read(sc, 138, &bbp); 5700 if (sc->ntxchains == 1) 5701 bbp |= 0x20; /* turn off DAC1 */ 5702 if (sc->nrxchains == 1) 5703 bbp &= ~0x02; /* turn off ADC1 */ 5704 run_bbp_write(sc, 138, bbp); 5705 5706 if (sc->mac_rev >= 0x0211) { 5707 /* improve power consumption */ 5708 run_bbp_read(sc, 31, &bbp); 5709 run_bbp_write(sc, 31, bbp & ~0x03); 5710 } 5711 5712 run_rt3070_rf_read(sc, 16, &rf); 5713 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5714 run_rt3070_rf_write(sc, 16, rf); 5715 5716 } else if (sc->mac_ver == 0x3071) { 5717 if (sc->mac_rev >= 0x0211) { 5718 /* enable DC filter */ 5719 run_bbp_write(sc, 103, 0xc0); 5720 5721 /* improve power consumption */ 5722 run_bbp_read(sc, 31, &bbp); 5723 run_bbp_write(sc, 31, bbp & ~0x03); 5724 } 5725 5726 run_bbp_read(sc, 138, &bbp); 5727 if (sc->ntxchains == 1) 5728 bbp |= 0x20; /* turn off DAC1 */ 5729 if (sc->nrxchains == 1) 5730 bbp &= ~0x02; /* turn off ADC1 */ 5731 run_bbp_write(sc, 138, bbp); 5732 5733 run_write(sc, RT2860_TX_SW_CFG1, 0); 5734 if (sc->mac_rev < 0x0211) { 5735 run_write(sc, RT2860_TX_SW_CFG2, 5736 sc->patch_dac ? 0x2c : 0x0f); 5737 } else 5738 run_write(sc, RT2860_TX_SW_CFG2, 0); 5739 5740 } else if (sc->mac_ver == 0x3070) { 5741 if (sc->mac_rev >= 0x0201) { 5742 /* enable DC filter */ 5743 run_bbp_write(sc, 103, 0xc0); 5744 5745 /* improve power consumption */ 5746 run_bbp_read(sc, 31, &bbp); 5747 run_bbp_write(sc, 31, bbp & ~0x03); 5748 } 5749 5750 if (sc->mac_rev < 0x0201) { 5751 run_write(sc, RT2860_TX_SW_CFG1, 0); 5752 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5753 } else 5754 run_write(sc, RT2860_TX_SW_CFG2, 0); 5755 } 5756 5757 /* initialize RF registers from ROM for >=RT3071*/ 5758 if (sc->mac_ver >= 0x3071) { 5759 for (i = 0; i < 10; i++) { 5760 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5761 continue; 5762 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5763 } 5764 } 5765 } 5766 5767 static void 5768 run_rt3593_rf_setup(struct run_softc *sc) 5769 { 5770 uint8_t bbp, rf; 5771 5772 if (sc->mac_rev >= 0x0211) { 5773 /* Enable DC filter. */ 5774 run_bbp_write(sc, 103, 0xc0); 5775 } 5776 run_write(sc, RT2860_TX_SW_CFG1, 0); 5777 if (sc->mac_rev < 0x0211) { 5778 run_write(sc, RT2860_TX_SW_CFG2, 5779 sc->patch_dac ? 0x2c : 0x0f); 5780 } else 5781 run_write(sc, RT2860_TX_SW_CFG2, 0); 5782 5783 run_rt3070_rf_read(sc, 50, &rf); 5784 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5785 5786 run_rt3070_rf_read(sc, 51, &rf); 5787 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5788 ((sc->txmixgain_2ghz & 0x07) << 2); 5789 run_rt3070_rf_write(sc, 51, rf); 5790 5791 run_rt3070_rf_read(sc, 38, &rf); 5792 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5793 5794 run_rt3070_rf_read(sc, 39, &rf); 5795 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5796 5797 run_rt3070_rf_read(sc, 1, &rf); 5798 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5799 5800 run_rt3070_rf_read(sc, 30, &rf); 5801 rf = (rf & ~0x18) | 0x10; 5802 run_rt3070_rf_write(sc, 30, rf); 5803 5804 /* Apply maximum likelihood detection for 2 stream case. */ 5805 run_bbp_read(sc, 105, &bbp); 5806 if (sc->nrxchains > 1) 5807 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5808 5809 /* Avoid data lost and CRC error. */ 5810 run_bbp_read(sc, 4, &bbp); 5811 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5812 5813 run_bbp_write(sc, 92, 0x02); 5814 run_bbp_write(sc, 82, 0x82); 5815 run_bbp_write(sc, 106, 0x05); 5816 run_bbp_write(sc, 104, 0x92); 5817 run_bbp_write(sc, 88, 0x90); 5818 run_bbp_write(sc, 148, 0xc8); 5819 run_bbp_write(sc, 47, 0x48); 5820 run_bbp_write(sc, 120, 0x50); 5821 5822 run_bbp_write(sc, 163, 0x9d); 5823 5824 /* SNR mapping. */ 5825 run_bbp_write(sc, 142, 0x06); 5826 run_bbp_write(sc, 143, 0xa0); 5827 run_bbp_write(sc, 142, 0x07); 5828 run_bbp_write(sc, 143, 0xa1); 5829 run_bbp_write(sc, 142, 0x08); 5830 run_bbp_write(sc, 143, 0xa2); 5831 5832 run_bbp_write(sc, 31, 0x08); 5833 run_bbp_write(sc, 68, 0x0b); 5834 run_bbp_write(sc, 105, 0x04); 5835 } 5836 5837 static void 5838 run_rt5390_rf_setup(struct run_softc *sc) 5839 { 5840 uint8_t bbp, rf; 5841 5842 if (sc->mac_rev >= 0x0211) { 5843 /* Enable DC filter. */ 5844 run_bbp_write(sc, 103, 0xc0); 5845 5846 if (sc->mac_ver != 0x5592) { 5847 /* Improve power consumption. */ 5848 run_bbp_read(sc, 31, &bbp); 5849 run_bbp_write(sc, 31, bbp & ~0x03); 5850 } 5851 } 5852 5853 run_bbp_read(sc, 138, &bbp); 5854 if (sc->ntxchains == 1) 5855 bbp |= 0x20; /* turn off DAC1 */ 5856 if (sc->nrxchains == 1) 5857 bbp &= ~0x02; /* turn off ADC1 */ 5858 run_bbp_write(sc, 138, bbp); 5859 5860 run_rt3070_rf_read(sc, 38, &rf); 5861 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5862 5863 run_rt3070_rf_read(sc, 39, &rf); 5864 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5865 5866 /* Avoid data lost and CRC error. */ 5867 run_bbp_read(sc, 4, &bbp); 5868 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5869 5870 run_rt3070_rf_read(sc, 30, &rf); 5871 rf = (rf & ~0x18) | 0x10; 5872 run_rt3070_rf_write(sc, 30, rf); 5873 5874 if (sc->mac_ver != 0x5592) { 5875 run_write(sc, RT2860_TX_SW_CFG1, 0); 5876 if (sc->mac_rev < 0x0211) { 5877 run_write(sc, RT2860_TX_SW_CFG2, 5878 sc->patch_dac ? 0x2c : 0x0f); 5879 } else 5880 run_write(sc, RT2860_TX_SW_CFG2, 0); 5881 } 5882 } 5883 5884 static int 5885 run_txrx_enable(struct run_softc *sc) 5886 { 5887 struct ieee80211com *ic = &sc->sc_ic; 5888 uint32_t tmp; 5889 int error, ntries; 5890 5891 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5892 for (ntries = 0; ntries < 200; ntries++) { 5893 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5894 return (error); 5895 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5896 break; 5897 run_delay(sc, 50); 5898 } 5899 if (ntries == 200) 5900 return (ETIMEDOUT); 5901 5902 run_delay(sc, 50); 5903 5904 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5905 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5906 5907 /* enable Rx bulk aggregation (set timeout and limit) */ 5908 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5909 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5910 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5911 5912 /* set Rx filter */ 5913 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5914 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5915 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5916 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5917 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5918 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5919 if (ic->ic_opmode == IEEE80211_M_STA) 5920 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5921 } 5922 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5923 5924 run_write(sc, RT2860_MAC_SYS_CTRL, 5925 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5926 5927 return (0); 5928 } 5929 5930 static void 5931 run_adjust_freq_offset(struct run_softc *sc) 5932 { 5933 uint8_t rf, tmp; 5934 5935 run_rt3070_rf_read(sc, 17, &rf); 5936 tmp = rf; 5937 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5938 rf = MIN(rf, 0x5f); 5939 5940 if (tmp != rf) 5941 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5942 } 5943 5944 static void 5945 run_init_locked(struct run_softc *sc) 5946 { 5947 struct ieee80211com *ic = &sc->sc_ic; 5948 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5949 uint32_t tmp; 5950 uint8_t bbp1, bbp3; 5951 int i; 5952 int ridx; 5953 int ntries; 5954 5955 if (ic->ic_nrunning > 1) 5956 return; 5957 5958 run_stop(sc); 5959 5960 if (run_load_microcode(sc) != 0) { 5961 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5962 goto fail; 5963 } 5964 5965 for (ntries = 0; ntries < 100; ntries++) { 5966 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5967 goto fail; 5968 if (tmp != 0 && tmp != 0xffffffff) 5969 break; 5970 run_delay(sc, 10); 5971 } 5972 if (ntries == 100) 5973 goto fail; 5974 5975 for (i = 0; i != RUN_EP_QUEUES; i++) 5976 run_setup_tx_list(sc, &sc->sc_epq[i]); 5977 5978 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 5979 5980 for (ntries = 0; ntries < 100; ntries++) { 5981 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5982 goto fail; 5983 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5984 break; 5985 run_delay(sc, 10); 5986 } 5987 if (ntries == 100) { 5988 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 5989 goto fail; 5990 } 5991 tmp &= 0xff0; 5992 tmp |= RT2860_TX_WB_DDONE; 5993 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5994 5995 /* turn off PME_OEN to solve high-current issue */ 5996 run_read(sc, RT2860_SYS_CTRL, &tmp); 5997 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 5998 5999 run_write(sc, RT2860_MAC_SYS_CTRL, 6000 RT2860_BBP_HRST | RT2860_MAC_SRST); 6001 run_write(sc, RT2860_USB_DMA_CFG, 0); 6002 6003 if (run_reset(sc) != 0) { 6004 device_printf(sc->sc_dev, "could not reset chipset\n"); 6005 goto fail; 6006 } 6007 6008 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6009 6010 /* init Tx power for all Tx rates (from EEPROM) */ 6011 for (ridx = 0; ridx < 5; ridx++) { 6012 if (sc->txpow20mhz[ridx] == 0xffffffff) 6013 continue; 6014 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6015 } 6016 6017 for (i = 0; i < nitems(rt2870_def_mac); i++) 6018 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6019 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6020 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6021 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6022 6023 if (sc->mac_ver >= 0x5390) { 6024 run_write(sc, RT2860_TX_SW_CFG0, 6025 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6026 if (sc->mac_ver >= 0x5392) { 6027 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6028 if (sc->mac_ver == 0x5592) { 6029 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6030 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6031 } else { 6032 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6033 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6034 } 6035 } 6036 } else if (sc->mac_ver == 0x3593) { 6037 run_write(sc, RT2860_TX_SW_CFG0, 6038 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6039 } else if (sc->mac_ver >= 0x3070) { 6040 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6041 run_write(sc, RT2860_TX_SW_CFG0, 6042 4 << RT2860_DLY_PAPE_EN_SHIFT); 6043 } 6044 6045 /* wait while MAC is busy */ 6046 for (ntries = 0; ntries < 100; ntries++) { 6047 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6048 goto fail; 6049 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6050 break; 6051 run_delay(sc, 10); 6052 } 6053 if (ntries == 100) 6054 goto fail; 6055 6056 /* clear Host to MCU mailbox */ 6057 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6058 run_write(sc, RT2860_H2M_MAILBOX, 0); 6059 run_delay(sc, 10); 6060 6061 if (run_bbp_init(sc) != 0) { 6062 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6063 goto fail; 6064 } 6065 6066 /* abort TSF synchronization */ 6067 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6068 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6069 RT2860_TBTT_TIMER_EN); 6070 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6071 6072 /* clear RX WCID search table */ 6073 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6074 /* clear WCID attribute table */ 6075 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6076 6077 /* hostapd sets a key before init. So, don't clear it. */ 6078 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6079 /* clear shared key table */ 6080 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6081 /* clear shared key mode */ 6082 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6083 } 6084 6085 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6086 tmp = (tmp & ~0xff) | 0x1e; 6087 run_write(sc, RT2860_US_CYC_CNT, tmp); 6088 6089 if (sc->mac_rev != 0x0101) 6090 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6091 6092 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6093 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6094 6095 /* write vendor-specific BBP values (from EEPROM) */ 6096 if (sc->mac_ver < 0x3593) { 6097 for (i = 0; i < 10; i++) { 6098 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6099 continue; 6100 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6101 } 6102 } 6103 6104 /* select Main antenna for 1T1R devices */ 6105 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6106 run_set_rx_antenna(sc, 0); 6107 6108 /* send LEDs operating mode to microcontroller */ 6109 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6110 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6111 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6112 6113 if (sc->mac_ver >= 0x5390) 6114 run_rt5390_rf_init(sc); 6115 else if (sc->mac_ver == 0x3593) 6116 run_rt3593_rf_init(sc); 6117 else if (sc->mac_ver >= 0x3070) 6118 run_rt3070_rf_init(sc); 6119 6120 /* disable non-existing Rx chains */ 6121 run_bbp_read(sc, 3, &bbp3); 6122 bbp3 &= ~(1 << 3 | 1 << 4); 6123 if (sc->nrxchains == 2) 6124 bbp3 |= 1 << 3; 6125 else if (sc->nrxchains == 3) 6126 bbp3 |= 1 << 4; 6127 run_bbp_write(sc, 3, bbp3); 6128 6129 /* disable non-existing Tx chains */ 6130 run_bbp_read(sc, 1, &bbp1); 6131 if (sc->ntxchains == 1) 6132 bbp1 &= ~(1 << 3 | 1 << 4); 6133 run_bbp_write(sc, 1, bbp1); 6134 6135 if (sc->mac_ver >= 0x5390) 6136 run_rt5390_rf_setup(sc); 6137 else if (sc->mac_ver == 0x3593) 6138 run_rt3593_rf_setup(sc); 6139 else if (sc->mac_ver >= 0x3070) 6140 run_rt3070_rf_setup(sc); 6141 6142 /* select default channel */ 6143 run_set_chan(sc, ic->ic_curchan); 6144 6145 /* setup initial protection mode */ 6146 run_updateprot_cb(ic); 6147 6148 /* turn radio LED on */ 6149 run_set_leds(sc, RT2860_LED_RADIO); 6150 6151 sc->sc_flags |= RUN_RUNNING; 6152 sc->cmdq_run = RUN_CMDQ_GO; 6153 6154 for (i = 0; i != RUN_N_XFER; i++) 6155 usbd_xfer_set_stall(sc->sc_xfer[i]); 6156 6157 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6158 6159 if (run_txrx_enable(sc) != 0) 6160 goto fail; 6161 6162 return; 6163 6164 fail: 6165 run_stop(sc); 6166 } 6167 6168 static void 6169 run_stop(void *arg) 6170 { 6171 struct run_softc *sc = (struct run_softc *)arg; 6172 uint32_t tmp; 6173 int i; 6174 int ntries; 6175 6176 RUN_LOCK_ASSERT(sc, MA_OWNED); 6177 6178 if (sc->sc_flags & RUN_RUNNING) 6179 run_set_leds(sc, 0); /* turn all LEDs off */ 6180 6181 sc->sc_flags &= ~RUN_RUNNING; 6182 6183 sc->ratectl_run = RUN_RATECTL_OFF; 6184 sc->cmdq_run = sc->cmdq_key_set; 6185 6186 RUN_UNLOCK(sc); 6187 6188 for(i = 0; i < RUN_N_XFER; i++) 6189 usbd_transfer_drain(sc->sc_xfer[i]); 6190 6191 RUN_LOCK(sc); 6192 6193 run_drain_mbufq(sc); 6194 6195 if (sc->rx_m != NULL) { 6196 m_free(sc->rx_m); 6197 sc->rx_m = NULL; 6198 } 6199 6200 /* Disable Tx/Rx DMA. */ 6201 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6202 return; 6203 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6204 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6205 6206 for (ntries = 0; ntries < 100; ntries++) { 6207 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6208 return; 6209 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6210 break; 6211 run_delay(sc, 10); 6212 } 6213 if (ntries == 100) { 6214 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6215 return; 6216 } 6217 6218 /* disable Tx/Rx */ 6219 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6220 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6221 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6222 6223 /* wait for pending Tx to complete */ 6224 for (ntries = 0; ntries < 100; ntries++) { 6225 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6226 DPRINTF("Cannot read Tx queue count\n"); 6227 break; 6228 } 6229 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6230 DPRINTF("All Tx cleared\n"); 6231 break; 6232 } 6233 run_delay(sc, 10); 6234 } 6235 if (ntries >= 100) 6236 DPRINTF("There are still pending Tx\n"); 6237 run_delay(sc, 10); 6238 run_write(sc, RT2860_USB_DMA_CFG, 0); 6239 6240 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6241 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6242 6243 for (i = 0; i != RUN_EP_QUEUES; i++) 6244 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6245 } 6246 6247 static void 6248 run_delay(struct run_softc *sc, u_int ms) 6249 { 6250 usb_pause_mtx(lockowned(&sc->sc_lock) ? &sc->sc_lock : NULL, 6251 USB_MS_TO_TICKS(ms)); 6252 } 6253 6254 static device_method_t run_methods[] = { 6255 /* Device interface */ 6256 DEVMETHOD(device_probe, run_match), 6257 DEVMETHOD(device_attach, run_attach), 6258 DEVMETHOD(device_detach, run_detach), 6259 DEVMETHOD_END 6260 }; 6261 6262 static driver_t run_driver = { 6263 .name = "run", 6264 .methods = run_methods, 6265 .size = sizeof(struct run_softc) 6266 }; 6267 6268 static devclass_t run_devclass; 6269 6270 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6271 MODULE_DEPEND(run, wlan, 1, 1, 1); 6272 MODULE_DEPEND(run, usb, 1, 1, 1); 6273 MODULE_DEPEND(run, firmware, 1, 1, 1); 6274 MODULE_VERSION(run, 1); 6275 #if 0 /* Not implemented by DragonFly */ 6276 USB_PNP_HOST_INFO(run_devs); 6277 #endif 6278