1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 * 18 * $FreeBSD: src/sys/dev/usb/wlan/if_run.c,v 1.40 2013/03/19 02:17:34 svnexp Exp $ 19 */ 20 21 /*- 22 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver. 23 * http://www.ralinktech.com/ 24 */ 25 26 #include <sys/param.h> 27 #include <sys/sockio.h> 28 #include <sys/sysctl.h> 29 #include <sys/lock.h> 30 #include <sys/mbuf.h> 31 #include <sys/kernel.h> 32 #include <sys/socket.h> 33 #include <sys/systm.h> 34 #include <sys/malloc.h> 35 #include <sys/module.h> 36 #include <sys/bus.h> 37 #include <sys/endian.h> 38 #include <sys/linker.h> 39 #include <sys/firmware.h> 40 41 #include <sys/rman.h> 42 43 #include <net/bpf.h> 44 #include <net/if.h> 45 #include <net/if_arp.h> 46 #include <net/ethernet.h> 47 #include <net/if_dl.h> 48 #include <net/if_media.h> 49 #include <net/if_types.h> 50 #include <net/ifq_var.h> 51 52 #include <netinet/in.h> 53 #include <netinet/in_systm.h> 54 #include <netinet/in_var.h> 55 #include <netinet/if_ether.h> 56 #include <netinet/ip.h> 57 58 #include <netproto/802_11/ieee80211_var.h> 59 #include <netproto/802_11/ieee80211_regdomain.h> 60 #include <netproto/802_11/ieee80211_radiotap.h> 61 #include <netproto/802_11/ieee80211_ratectl.h> 62 63 #include <bus/u4b/usb.h> 64 #include <bus/u4b/usbdi.h> 65 #include "usbdevs.h" 66 67 #define USB_DEBUG_VAR run_debug 68 #include <bus/u4b/usb_debug.h> 69 70 #include <bus/u4b/wlan/if_runreg.h> 71 #include <bus/u4b/wlan/if_runvar.h> 72 73 #ifdef USB_DEBUG 74 #define RUN_DEBUG 75 #endif 76 77 #ifdef RUN_DEBUG 78 int run_debug = 0; 79 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 80 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 81 "run debug level"); 82 #endif 83 84 #define IEEE80211_HAS_ADDR4(wh) \ 85 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 86 87 /* 88 * Because of LOR in run_key_delete(), use atomic instead. 89 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 90 */ 91 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 92 93 static const STRUCT_USB_HOST_ID run_devs[] = { 94 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 95 RUN_DEV(ABOCOM, RT2770), 96 RUN_DEV(ABOCOM, RT2870), 97 RUN_DEV(ABOCOM, RT3070), 98 RUN_DEV(ABOCOM, RT3071), 99 RUN_DEV(ABOCOM, RT3072), 100 RUN_DEV(ABOCOM2, RT2870_1), 101 RUN_DEV(ACCTON, RT2770), 102 RUN_DEV(ACCTON, RT2870_1), 103 RUN_DEV(ACCTON, RT2870_2), 104 RUN_DEV(ACCTON, RT2870_3), 105 RUN_DEV(ACCTON, RT2870_4), 106 RUN_DEV(ACCTON, RT2870_5), 107 RUN_DEV(ACCTON, RT3070), 108 RUN_DEV(ACCTON, RT3070_1), 109 RUN_DEV(ACCTON, RT3070_2), 110 RUN_DEV(ACCTON, RT3070_3), 111 RUN_DEV(ACCTON, RT3070_4), 112 RUN_DEV(ACCTON, RT3070_5), 113 RUN_DEV(AIRTIES, RT3070), 114 RUN_DEV(ALLWIN, RT2070), 115 RUN_DEV(ALLWIN, RT2770), 116 RUN_DEV(ALLWIN, RT2870), 117 RUN_DEV(ALLWIN, RT3070), 118 RUN_DEV(ALLWIN, RT3071), 119 RUN_DEV(ALLWIN, RT3072), 120 RUN_DEV(ALLWIN, RT3572), 121 RUN_DEV(AMIGO, RT2870_1), 122 RUN_DEV(AMIGO, RT2870_2), 123 RUN_DEV(AMIT, CGWLUSB2GNR), 124 RUN_DEV(AMIT, RT2870_1), 125 RUN_DEV(AMIT2, RT2870), 126 RUN_DEV(ASUS, RT2870_1), 127 RUN_DEV(ASUS, RT2870_2), 128 RUN_DEV(ASUS, RT2870_3), 129 RUN_DEV(ASUS, RT2870_4), 130 RUN_DEV(ASUS, RT2870_5), 131 RUN_DEV(ASUS, USBN13), 132 RUN_DEV(ASUS, RT3070_1), 133 RUN_DEV(ASUS, USB_N53), 134 RUN_DEV(ASUS2, USBN11), 135 RUN_DEV(AZUREWAVE, RT2870_1), 136 RUN_DEV(AZUREWAVE, RT2870_2), 137 RUN_DEV(AZUREWAVE, RT3070_1), 138 RUN_DEV(AZUREWAVE, RT3070_2), 139 RUN_DEV(AZUREWAVE, RT3070_3), 140 RUN_DEV(BELKIN, F5D8053V3), 141 RUN_DEV(BELKIN, F5D8055), 142 RUN_DEV(BELKIN, F5D8055V2), 143 RUN_DEV(BELKIN, F6D4050V1), 144 RUN_DEV(BELKIN, RT2870_1), 145 RUN_DEV(BELKIN, RT2870_2), 146 RUN_DEV(CISCOLINKSYS, AE1000), 147 RUN_DEV(CISCOLINKSYS2, RT3070), 148 RUN_DEV(CISCOLINKSYS3, RT3070), 149 RUN_DEV(CONCEPTRONIC2, RT2870_1), 150 RUN_DEV(CONCEPTRONIC2, RT2870_2), 151 RUN_DEV(CONCEPTRONIC2, RT2870_3), 152 RUN_DEV(CONCEPTRONIC2, RT2870_4), 153 RUN_DEV(CONCEPTRONIC2, RT2870_5), 154 RUN_DEV(CONCEPTRONIC2, RT2870_6), 155 RUN_DEV(CONCEPTRONIC2, RT2870_7), 156 RUN_DEV(CONCEPTRONIC2, RT2870_8), 157 RUN_DEV(CONCEPTRONIC2, RT3070_1), 158 RUN_DEV(CONCEPTRONIC2, RT3070_2), 159 RUN_DEV(CONCEPTRONIC2, VIGORN61), 160 RUN_DEV(COREGA, CGWLUSB300GNM), 161 RUN_DEV(COREGA, RT2870_1), 162 RUN_DEV(COREGA, RT2870_2), 163 RUN_DEV(COREGA, RT2870_3), 164 RUN_DEV(COREGA, RT3070), 165 RUN_DEV(CYBERTAN, RT2870), 166 RUN_DEV(DLINK, RT2870), 167 RUN_DEV(DLINK, RT3072), 168 RUN_DEV(DLINK2, DWA130), 169 RUN_DEV(DLINK2, RT2870_1), 170 RUN_DEV(DLINK2, RT2870_2), 171 RUN_DEV(DLINK2, RT3070_1), 172 RUN_DEV(DLINK2, RT3070_2), 173 RUN_DEV(DLINK2, RT3070_3), 174 RUN_DEV(DLINK2, RT3070_4), 175 RUN_DEV(DLINK2, RT3070_5), 176 RUN_DEV(DLINK2, RT3072), 177 RUN_DEV(DLINK2, RT3072_1), 178 RUN_DEV(EDIMAX, EW7717), 179 RUN_DEV(EDIMAX, EW7718), 180 RUN_DEV(EDIMAX, RT2870_1), 181 RUN_DEV(ENCORE, RT3070_1), 182 RUN_DEV(ENCORE, RT3070_2), 183 RUN_DEV(ENCORE, RT3070_3), 184 RUN_DEV(GIGABYTE, GNWB31N), 185 RUN_DEV(GIGABYTE, GNWB32L), 186 RUN_DEV(GIGABYTE, RT2870_1), 187 RUN_DEV(GIGASET, RT3070_1), 188 RUN_DEV(GIGASET, RT3070_2), 189 RUN_DEV(GUILLEMOT, HWNU300), 190 RUN_DEV(HAWKING, HWUN2), 191 RUN_DEV(HAWKING, RT2870_1), 192 RUN_DEV(HAWKING, RT2870_2), 193 RUN_DEV(HAWKING, RT3070), 194 RUN_DEV(IODATA, RT3072_1), 195 RUN_DEV(IODATA, RT3072_2), 196 RUN_DEV(IODATA, RT3072_3), 197 RUN_DEV(IODATA, RT3072_4), 198 RUN_DEV(LINKSYS4, RT3070), 199 RUN_DEV(LINKSYS4, WUSB100), 200 RUN_DEV(LINKSYS4, WUSB54GCV3), 201 RUN_DEV(LINKSYS4, WUSB600N), 202 RUN_DEV(LINKSYS4, WUSB600NV2), 203 RUN_DEV(LOGITEC, RT2870_1), 204 RUN_DEV(LOGITEC, RT2870_2), 205 RUN_DEV(LOGITEC, RT2870_3), 206 RUN_DEV(LOGITEC, LANW300NU2), 207 RUN_DEV(LOGITEC, LANW150NU2), 208 RUN_DEV(LOGITEC, LANW300NU2S), 209 RUN_DEV(MELCO, RT2870_1), 210 RUN_DEV(MELCO, RT2870_2), 211 RUN_DEV(MELCO, WLIUCAG300N), 212 RUN_DEV(MELCO, WLIUCG300N), 213 RUN_DEV(MELCO, WLIUCG301N), 214 RUN_DEV(MELCO, WLIUCGN), 215 RUN_DEV(MELCO, WLIUCGNM), 216 RUN_DEV(MELCO, WLIUCGNM2), 217 RUN_DEV(MOTOROLA4, RT2770), 218 RUN_DEV(MOTOROLA4, RT3070), 219 RUN_DEV(MSI, RT3070_1), 220 RUN_DEV(MSI, RT3070_2), 221 RUN_DEV(MSI, RT3070_3), 222 RUN_DEV(MSI, RT3070_4), 223 RUN_DEV(MSI, RT3070_5), 224 RUN_DEV(MSI, RT3070_6), 225 RUN_DEV(MSI, RT3070_7), 226 RUN_DEV(MSI, RT3070_8), 227 RUN_DEV(MSI, RT3070_9), 228 RUN_DEV(MSI, RT3070_10), 229 RUN_DEV(MSI, RT3070_11), 230 RUN_DEV(OVISLINK, RT3072), 231 RUN_DEV(PARA, RT3070), 232 RUN_DEV(PEGATRON, RT2870), 233 RUN_DEV(PEGATRON, RT3070), 234 RUN_DEV(PEGATRON, RT3070_2), 235 RUN_DEV(PEGATRON, RT3070_3), 236 RUN_DEV(PHILIPS, RT2870), 237 RUN_DEV(PLANEX2, GWUS300MINIS), 238 RUN_DEV(PLANEX2, GWUSMICRON), 239 RUN_DEV(PLANEX2, RT2870), 240 RUN_DEV(PLANEX2, RT3070), 241 RUN_DEV(QCOM, RT2870), 242 RUN_DEV(QUANTA, RT3070), 243 RUN_DEV(RALINK, RT2070), 244 RUN_DEV(RALINK, RT2770), 245 RUN_DEV(RALINK, RT2870), 246 RUN_DEV(RALINK, RT3070), 247 RUN_DEV(RALINK, RT3071), 248 RUN_DEV(RALINK, RT3072), 249 RUN_DEV(RALINK, RT3370), 250 RUN_DEV(RALINK, RT3572), 251 RUN_DEV(RALINK, RT8070), 252 RUN_DEV(SAMSUNG, WIS09ABGN), 253 RUN_DEV(SAMSUNG2, RT2870_1), 254 RUN_DEV(SENAO, RT2870_1), 255 RUN_DEV(SENAO, RT2870_2), 256 RUN_DEV(SENAO, RT2870_3), 257 RUN_DEV(SENAO, RT2870_4), 258 RUN_DEV(SENAO, RT3070), 259 RUN_DEV(SENAO, RT3071), 260 RUN_DEV(SENAO, RT3072_1), 261 RUN_DEV(SENAO, RT3072_2), 262 RUN_DEV(SENAO, RT3072_3), 263 RUN_DEV(SENAO, RT3072_4), 264 RUN_DEV(SENAO, RT3072_5), 265 RUN_DEV(SITECOMEU, RT2770), 266 RUN_DEV(SITECOMEU, RT2870_1), 267 RUN_DEV(SITECOMEU, RT2870_2), 268 RUN_DEV(SITECOMEU, RT2870_3), 269 RUN_DEV(SITECOMEU, RT2870_4), 270 RUN_DEV(SITECOMEU, RT3070), 271 RUN_DEV(SITECOMEU, RT3070_2), 272 RUN_DEV(SITECOMEU, RT3070_3), 273 RUN_DEV(SITECOMEU, RT3070_4), 274 RUN_DEV(SITECOMEU, RT3071), 275 RUN_DEV(SITECOMEU, RT3072_1), 276 RUN_DEV(SITECOMEU, RT3072_2), 277 RUN_DEV(SITECOMEU, RT3072_3), 278 RUN_DEV(SITECOMEU, RT3072_4), 279 RUN_DEV(SITECOMEU, RT3072_5), 280 RUN_DEV(SITECOMEU, RT3072_6), 281 RUN_DEV(SITECOMEU, WL608), 282 RUN_DEV(SPARKLAN, RT2870_1), 283 RUN_DEV(SPARKLAN, RT3070), 284 RUN_DEV(SWEEX2, LW153), 285 RUN_DEV(SWEEX2, LW303), 286 RUN_DEV(SWEEX2, LW313), 287 RUN_DEV(TOSHIBA, RT3070), 288 RUN_DEV(UMEDIA, RT2870_1), 289 RUN_DEV(ZCOM, RT2870_1), 290 RUN_DEV(ZCOM, RT2870_2), 291 RUN_DEV(ZINWELL, RT2870_1), 292 RUN_DEV(ZINWELL, RT2870_2), 293 RUN_DEV(ZINWELL, RT3070), 294 RUN_DEV(ZINWELL, RT3072_1), 295 RUN_DEV(ZINWELL, RT3072_2), 296 RUN_DEV(ZYXEL, RT2870_1), 297 RUN_DEV(ZYXEL, RT2870_2), 298 #undef RUN_DEV 299 }; 300 301 static device_probe_t run_match; 302 static device_attach_t run_attach; 303 static device_detach_t run_detach; 304 305 static usb_callback_t run_bulk_rx_callback; 306 static usb_callback_t run_bulk_tx_callback0; 307 static usb_callback_t run_bulk_tx_callback1; 308 static usb_callback_t run_bulk_tx_callback2; 309 static usb_callback_t run_bulk_tx_callback3; 310 static usb_callback_t run_bulk_tx_callback4; 311 static usb_callback_t run_bulk_tx_callback5; 312 313 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 314 usb_error_t error, unsigned int index); 315 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 316 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 317 const uint8_t [IEEE80211_ADDR_LEN], 318 const uint8_t [IEEE80211_ADDR_LEN]); 319 static void run_vap_delete(struct ieee80211vap *); 320 static void run_cmdq_cb(void *, int); 321 static void run_setup_tx_list(struct run_softc *, 322 struct run_endpoint_queue *); 323 static void run_unsetup_tx_list(struct run_softc *, 324 struct run_endpoint_queue *); 325 static int run_load_microcode(struct run_softc *); 326 static int run_reset(struct run_softc *); 327 static usb_error_t run_do_request(struct run_softc *, 328 struct usb_device_request *, void *); 329 static int run_read(struct run_softc *, uint16_t, uint32_t *); 330 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 331 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 332 static int run_write(struct run_softc *, uint16_t, uint32_t); 333 static int run_write_region_1(struct run_softc *, uint16_t, 334 const uint8_t *, int); 335 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 336 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 337 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 338 static int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t); 339 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 340 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 341 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 342 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 343 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 344 static const char *run_get_rf(int); 345 static int run_read_eeprom(struct run_softc *); 346 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 347 const uint8_t mac[IEEE80211_ADDR_LEN]); 348 static int run_media_change(struct ifnet *); 349 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 350 static int run_wme_update(struct ieee80211com *); 351 static void run_wme_update_cb(void *); 352 static void run_key_update_begin(struct ieee80211vap *); 353 static void run_key_update_end(struct ieee80211vap *); 354 static void run_key_set_cb(void *); 355 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 356 const uint8_t mac[IEEE80211_ADDR_LEN]); 357 static void run_key_delete_cb(void *); 358 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 359 static void run_ratectl_to(void *); 360 static void run_ratectl_cb(void *, int); 361 static void run_drain_fifo(void *); 362 static void run_iter_func(void *, struct ieee80211_node *); 363 static void run_newassoc_cb(void *); 364 static void run_newassoc(struct ieee80211_node *, int); 365 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 366 static void run_tx_free(struct run_endpoint_queue *pq, 367 struct run_tx_data *, int); 368 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 369 static int run_tx(struct run_softc *, struct mbuf *, 370 struct ieee80211_node *); 371 static int run_tx_mgt(struct run_softc *, struct mbuf *, 372 struct ieee80211_node *); 373 static int run_sendprot(struct run_softc *, const struct mbuf *, 374 struct ieee80211_node *, int, int); 375 static int run_tx_param(struct run_softc *, struct mbuf *, 376 struct ieee80211_node *, 377 const struct ieee80211_bpf_params *); 378 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 379 const struct ieee80211_bpf_params *); 380 static void run_start_locked(struct ifnet *); 381 static void run_start(struct ifnet *, struct ifaltq_subque *); 382 static int run_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 383 static void run_set_agc(struct run_softc *, uint8_t); 384 static void run_select_chan_group(struct run_softc *, int); 385 static void run_set_rx_antenna(struct run_softc *, int); 386 static void run_rt2870_set_chan(struct run_softc *, u_int); 387 static void run_rt3070_set_chan(struct run_softc *, u_int); 388 static void run_rt3572_set_chan(struct run_softc *, u_int); 389 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 390 static void run_set_channel(struct ieee80211com *); 391 static void run_scan_start(struct ieee80211com *); 392 static void run_scan_end(struct ieee80211com *); 393 static void run_update_beacon(struct ieee80211vap *, int); 394 static void run_update_beacon_cb(void *); 395 static void run_updateprot(struct ieee80211com *); 396 static void run_updateprot_cb(void *); 397 static void run_usb_timeout_cb(void *); 398 static void run_reset_livelock(struct run_softc *); 399 static void run_enable_tsf_sync(struct run_softc *); 400 static void run_enable_mrr(struct run_softc *); 401 static void run_set_txpreamble(struct run_softc *); 402 static void run_set_basicrates(struct run_softc *); 403 static void run_set_leds(struct run_softc *, uint16_t); 404 static void run_set_bssid(struct run_softc *, const uint8_t *); 405 static void run_set_macaddr(struct run_softc *, const uint8_t *); 406 static void run_updateslot(struct ifnet *); 407 static void run_updateslot_cb(void *); 408 static void run_update_mcast(struct ifnet *); 409 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 410 static void run_update_promisc_locked(struct ifnet *); 411 static void run_update_promisc(struct ifnet *); 412 static int run_bbp_init(struct run_softc *); 413 static int run_rt3070_rf_init(struct run_softc *); 414 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 415 uint8_t *); 416 static void run_rt3070_rf_setup(struct run_softc *); 417 static int run_txrx_enable(struct run_softc *); 418 static void run_init(void *); 419 static void run_init_locked(struct run_softc *); 420 static void run_stop(void *); 421 static void run_delay(struct run_softc *, unsigned int); 422 423 static const struct { 424 uint16_t reg; 425 uint32_t val; 426 } rt2870_def_mac[] = { 427 RT2870_DEF_MAC 428 }; 429 430 static const struct { 431 uint8_t reg; 432 uint8_t val; 433 } rt2860_def_bbp[] = { 434 RT2860_DEF_BBP 435 }; 436 437 static const struct rfprog { 438 uint8_t chan; 439 uint32_t r1, r2, r3, r4; 440 } rt2860_rf2850[] = { 441 RT2860_RF2850 442 }; 443 444 struct { 445 uint8_t n, r, k; 446 } rt3070_freqs[] = { 447 RT3070_RF3052 448 }; 449 450 static const struct { 451 uint8_t reg; 452 uint8_t val; 453 } rt3070_def_rf[] = { 454 RT3070_DEF_RF 455 },rt3572_def_rf[] = { 456 RT3572_DEF_RF 457 }; 458 459 static const struct usb_config run_config[RUN_N_XFER] = { 460 [RUN_BULK_TX_BE] = { 461 .type = UE_BULK, 462 .endpoint = UE_ADDR_ANY, 463 .ep_index = 0, 464 .direction = UE_DIR_OUT, 465 .bufsize = RUN_MAX_TXSZ, 466 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 467 .callback = run_bulk_tx_callback0, 468 .timeout = 5000, /* ms */ 469 }, 470 [RUN_BULK_TX_BK] = { 471 .type = UE_BULK, 472 .endpoint = UE_ADDR_ANY, 473 .direction = UE_DIR_OUT, 474 .ep_index = 1, 475 .bufsize = RUN_MAX_TXSZ, 476 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 477 .callback = run_bulk_tx_callback1, 478 .timeout = 5000, /* ms */ 479 }, 480 [RUN_BULK_TX_VI] = { 481 .type = UE_BULK, 482 .endpoint = UE_ADDR_ANY, 483 .direction = UE_DIR_OUT, 484 .ep_index = 2, 485 .bufsize = RUN_MAX_TXSZ, 486 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 487 .callback = run_bulk_tx_callback2, 488 .timeout = 5000, /* ms */ 489 }, 490 [RUN_BULK_TX_VO] = { 491 .type = UE_BULK, 492 .endpoint = UE_ADDR_ANY, 493 .direction = UE_DIR_OUT, 494 .ep_index = 3, 495 .bufsize = RUN_MAX_TXSZ, 496 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 497 .callback = run_bulk_tx_callback3, 498 .timeout = 5000, /* ms */ 499 }, 500 [RUN_BULK_TX_HCCA] = { 501 .type = UE_BULK, 502 .endpoint = UE_ADDR_ANY, 503 .direction = UE_DIR_OUT, 504 .ep_index = 4, 505 .bufsize = RUN_MAX_TXSZ, 506 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 507 .callback = run_bulk_tx_callback4, 508 .timeout = 5000, /* ms */ 509 }, 510 [RUN_BULK_TX_PRIO] = { 511 .type = UE_BULK, 512 .endpoint = UE_ADDR_ANY, 513 .direction = UE_DIR_OUT, 514 .ep_index = 5, 515 .bufsize = RUN_MAX_TXSZ, 516 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 517 .callback = run_bulk_tx_callback5, 518 .timeout = 5000, /* ms */ 519 }, 520 [RUN_BULK_RX] = { 521 .type = UE_BULK, 522 .endpoint = UE_ADDR_ANY, 523 .direction = UE_DIR_IN, 524 .bufsize = RUN_MAX_RXSZ, 525 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 526 .callback = run_bulk_rx_callback, 527 } 528 }; 529 530 static int 531 run_match(device_t self) 532 { 533 struct usb_attach_arg *uaa = device_get_ivars(self); 534 535 if (uaa->usb_mode != USB_MODE_HOST) 536 return (ENXIO); 537 if (uaa->info.bConfigIndex != 0) 538 return (ENXIO); 539 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 540 return (ENXIO); 541 542 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 543 } 544 545 static int 546 run_attach(device_t self) 547 { 548 struct run_softc *sc = device_get_softc(self); 549 struct usb_attach_arg *uaa = device_get_ivars(self); 550 struct ieee80211com *ic; 551 struct ifnet *ifp; 552 uint32_t ver; 553 int i, ntries, error; 554 uint8_t iface_index, bands; 555 char ethstr[ETHER_ADDRSTRLEN + 1]; 556 557 wlan_serialize_enter(); 558 559 device_set_usb_desc(self); 560 sc->sc_udev = uaa->device; 561 sc->sc_dev = self; 562 563 lockinit(&sc->sc_lock, device_get_nameunit(sc->sc_dev), 564 0, LK_CANRECURSE); 565 566 iface_index = RT2860_IFACE_INDEX; 567 568 error = usbd_transfer_setup(uaa->device, &iface_index, 569 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_lock); 570 if (error) { 571 device_printf(self, "could not allocate USB transfers, " 572 "err=%s\n", usbd_errstr(error)); 573 goto detach; 574 } 575 576 RUN_LOCK(sc); 577 578 /* wait for the chip to settle */ 579 for (ntries = 0; ntries < 100; ntries++) { 580 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 581 RUN_UNLOCK(sc); 582 goto detach; 583 } 584 if (ver != 0 && ver != 0xffffffff) 585 break; 586 run_delay(sc, 10); 587 } 588 if (ntries == 100) { 589 device_printf(sc->sc_dev, 590 "timeout waiting for NIC to initialize\n"); 591 RUN_UNLOCK(sc); 592 goto detach; 593 } 594 sc->mac_ver = ver >> 16; 595 sc->mac_rev = ver & 0xffff; 596 597 /* retrieve RF rev. no and various other things from EEPROM */ 598 run_read_eeprom(sc); 599 600 device_printf(sc->sc_dev, 601 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 602 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 603 sc->ntxchains, sc->nrxchains, kether_ntoa(sc->sc_bssid, ethstr)); 604 605 RUN_UNLOCK(sc); 606 607 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 608 if (ifp == NULL) { 609 device_printf(sc->sc_dev, "can not if_alloc()\n"); 610 goto detach; 611 } 612 ic = ifp->if_l2com; 613 614 ifp->if_softc = sc; 615 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 616 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 617 ifp->if_init = run_init; 618 ifp->if_ioctl = run_ioctl; 619 ifp->if_start = run_start; 620 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 621 #if 0 /* XXX swildner: see c3d4131842e47b168d93a0650d58d425ebeef789 */ 622 ifq_set_ready(&ifp->if_snd); 623 #endif 624 625 ic->ic_ifp = ifp; 626 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 627 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 628 629 /* set device capabilities */ 630 ic->ic_caps = 631 IEEE80211_C_STA | /* station mode supported */ 632 IEEE80211_C_MONITOR | /* monitor mode supported */ 633 IEEE80211_C_IBSS | 634 IEEE80211_C_HOSTAP | 635 IEEE80211_C_WDS | /* 4-address traffic works */ 636 IEEE80211_C_MBSS | 637 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 638 IEEE80211_C_SHSLOT | /* short slot time supported */ 639 IEEE80211_C_WME | /* WME */ 640 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 641 642 ic->ic_cryptocaps = 643 IEEE80211_CRYPTO_WEP | 644 IEEE80211_CRYPTO_AES_CCM | 645 IEEE80211_CRYPTO_TKIPMIC | 646 IEEE80211_CRYPTO_TKIP; 647 648 ic->ic_flags |= IEEE80211_F_DATAPAD; 649 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 650 651 bands = 0; 652 setbit(&bands, IEEE80211_MODE_11B); 653 setbit(&bands, IEEE80211_MODE_11G); 654 ieee80211_init_channels(ic, NULL, &bands); 655 656 /* 657 * Do this by own because h/w supports 658 * more channels than ieee80211_init_channels() 659 */ 660 if (sc->rf_rev == RT2860_RF_2750 || 661 sc->rf_rev == RT2860_RF_2850 || 662 sc->rf_rev == RT3070_RF_3052) { 663 /* set supported .11a rates */ 664 for (i = 14; i < NELEM(rt2860_rf2850); i++) { 665 uint8_t chan = rt2860_rf2850[i].chan; 666 ic->ic_channels[ic->ic_nchans].ic_freq = 667 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A); 668 ic->ic_channels[ic->ic_nchans].ic_ieee = chan; 669 ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A; 670 ic->ic_channels[ic->ic_nchans].ic_extieee = 0; 671 ic->ic_nchans++; 672 } 673 } 674 675 ieee80211_ifattach(ic, sc->sc_bssid); 676 677 ic->ic_scan_start = run_scan_start; 678 ic->ic_scan_end = run_scan_end; 679 ic->ic_set_channel = run_set_channel; 680 ic->ic_node_alloc = run_node_alloc; 681 ic->ic_newassoc = run_newassoc; 682 ic->ic_updateslot = run_updateslot; 683 ic->ic_update_mcast = run_update_mcast; 684 ic->ic_wme.wme_update = run_wme_update; 685 ic->ic_raw_xmit = run_raw_xmit; 686 ic->ic_update_promisc = run_update_promisc; 687 688 ic->ic_vap_create = run_vap_create; 689 ic->ic_vap_delete = run_vap_delete; 690 691 ieee80211_radiotap_attach(ic, 692 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 693 RUN_TX_RADIOTAP_PRESENT, 694 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 695 RUN_RX_RADIOTAP_PRESENT); 696 697 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 698 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 699 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_lock, 1); 700 701 if (bootverbose) 702 ieee80211_announce(ic); 703 704 wlan_serialize_exit(); 705 return (0); 706 707 detach: 708 wlan_serialize_exit(); 709 run_detach(self); 710 return (ENXIO); 711 } 712 713 static int 714 run_detach(device_t self) 715 { 716 struct run_softc *sc = device_get_softc(self); 717 struct ifnet *ifp = sc->sc_ifp; 718 struct ieee80211com *ic; 719 int i; 720 721 wlan_serialize_enter(); 722 sc->sc_detached = 1; 723 724 /* stop all USB transfers */ 725 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 726 727 RUN_LOCK(sc); 728 729 sc->ratectl_run = RUN_RATECTL_OFF; 730 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 731 732 /* free TX list, if any */ 733 for (i = 0; i != RUN_EP_QUEUES; i++) 734 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 735 RUN_UNLOCK(sc); 736 737 if (ifp) { 738 ic = ifp->if_l2com; 739 /* drain tasks */ 740 usb_callout_drain(&sc->ratectl_ch); 741 ieee80211_draintask(ic, &sc->cmdq_task); 742 ieee80211_draintask(ic, &sc->ratectl_task); 743 ieee80211_ifdetach(ic); 744 if_free(ifp); 745 } 746 747 lockuninit(&sc->sc_lock); 748 749 wlan_serialize_exit(); 750 return (0); 751 } 752 753 static struct ieee80211vap * 754 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 755 enum ieee80211_opmode opmode, int flags, 756 const uint8_t bssid[IEEE80211_ADDR_LEN], 757 const uint8_t mac[IEEE80211_ADDR_LEN]) 758 { 759 struct ifnet *ifp = ic->ic_ifp; 760 struct run_softc *sc = ifp->if_softc; 761 struct run_vap *rvp; 762 struct ieee80211vap *vap; 763 int i; 764 765 if (sc->rvp_cnt >= RUN_VAP_MAX) { 766 if_printf(ifp, "number of VAPs maxed out\n"); 767 return (NULL); 768 } 769 770 switch (opmode) { 771 case IEEE80211_M_STA: 772 /* enable s/w bmiss handling for sta mode */ 773 flags |= IEEE80211_CLONE_NOBEACONS; 774 /* fall though */ 775 case IEEE80211_M_IBSS: 776 case IEEE80211_M_MONITOR: 777 case IEEE80211_M_HOSTAP: 778 case IEEE80211_M_MBSS: 779 /* other than WDS vaps, only one at a time */ 780 if (!TAILQ_EMPTY(&ic->ic_vaps)) 781 return (NULL); 782 break; 783 case IEEE80211_M_WDS: 784 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 785 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 786 continue; 787 /* WDS vap's always share the local mac address. */ 788 flags &= ~IEEE80211_CLONE_BSSID; 789 break; 790 } 791 if (vap == NULL) { 792 if_printf(ifp, "wds only supported in ap mode\n"); 793 return (NULL); 794 } 795 break; 796 default: 797 if_printf(ifp, "unknown opmode %d\n", opmode); 798 return (NULL); 799 } 800 801 rvp = (struct run_vap *) kmalloc(sizeof(struct run_vap), 802 M_80211_VAP, M_INTWAIT | M_ZERO); 803 vap = &rvp->vap; 804 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac); 805 806 vap->iv_key_update_begin = run_key_update_begin; 807 vap->iv_key_update_end = run_key_update_end; 808 vap->iv_update_beacon = run_update_beacon; 809 vap->iv_max_aid = RT2870_WCID_MAX; 810 /* 811 * To delete the right key from h/w, we need wcid. 812 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 813 * and matching wcid will be written into there. So, cast 814 * some spells to remove 'const' from ieee80211_key{} 815 */ 816 vap->iv_key_delete = (void *)run_key_delete; 817 vap->iv_key_set = (void *)run_key_set; 818 819 /* override state transition machine */ 820 rvp->newstate = vap->iv_newstate; 821 vap->iv_newstate = run_newstate; 822 823 ieee80211_ratectl_init(vap); 824 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 825 826 /* complete setup */ 827 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 828 829 /* make sure id is always unique */ 830 for (i = 0; i < RUN_VAP_MAX; i++) { 831 if((sc->rvp_bmap & 1 << i) == 0){ 832 sc->rvp_bmap |= 1 << i; 833 rvp->rvp_id = i; 834 break; 835 } 836 } 837 if (sc->rvp_cnt++ == 0) 838 ic->ic_opmode = opmode; 839 840 if (opmode == IEEE80211_M_HOSTAP) 841 sc->cmdq_run = RUN_CMDQ_GO; 842 843 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 844 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 845 846 return (vap); 847 } 848 849 static void 850 run_vap_delete(struct ieee80211vap *vap) 851 { 852 struct run_vap *rvp = RUN_VAP(vap); 853 struct ifnet *ifp; 854 struct ieee80211com *ic; 855 struct run_softc *sc; 856 uint8_t rvp_id; 857 858 if (vap == NULL) 859 return; 860 861 ic = vap->iv_ic; 862 ifp = ic->ic_ifp; 863 864 sc = ifp->if_softc; 865 866 RUN_LOCK(sc); 867 868 m_freem(rvp->beacon_mbuf); 869 rvp->beacon_mbuf = NULL; 870 871 rvp_id = rvp->rvp_id; 872 sc->ratectl_run &= ~(1 << rvp_id); 873 sc->rvp_bmap &= ~(1 << rvp_id); 874 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 875 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 876 --sc->rvp_cnt; 877 878 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 879 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 880 881 RUN_UNLOCK(sc); 882 883 ieee80211_ratectl_deinit(vap); 884 ieee80211_vap_detach(vap); 885 kfree(rvp, M_80211_VAP); 886 } 887 888 /* 889 * There are numbers of functions need to be called in context thread. 890 * Rather than creating taskqueue event for each of those functions, 891 * here is all-for-one taskqueue callback function. This function 892 * gurantees deferred functions are executed in the same order they 893 * were enqueued. 894 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 895 */ 896 static void 897 run_cmdq_cb(void *arg, int pending) 898 { 899 struct run_softc *sc = arg; 900 uint8_t i; 901 902 /* call cmdq[].func locked */ 903 RUN_LOCK(sc); 904 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 905 i = sc->cmdq_exec, pending--) { 906 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 907 if (sc->cmdq_run == RUN_CMDQ_GO) { 908 /* 909 * If arg0 is NULL, callback func needs more 910 * than one arg. So, pass ptr to cmdq struct. 911 */ 912 if (sc->cmdq[i].arg0) 913 sc->cmdq[i].func(sc->cmdq[i].arg0); 914 else 915 sc->cmdq[i].func(&sc->cmdq[i]); 916 } 917 sc->cmdq[i].arg0 = NULL; 918 sc->cmdq[i].func = NULL; 919 sc->cmdq_exec++; 920 sc->cmdq_exec &= RUN_CMDQ_MASQ; 921 } 922 RUN_UNLOCK(sc); 923 } 924 925 static void 926 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 927 { 928 struct run_tx_data *data; 929 930 memset(pq, 0, sizeof(*pq)); 931 932 STAILQ_INIT(&pq->tx_qh); 933 STAILQ_INIT(&pq->tx_fh); 934 935 for (data = &pq->tx_data[0]; 936 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 937 data->sc = sc; 938 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 939 } 940 pq->tx_nfree = RUN_TX_RING_COUNT; 941 } 942 943 static void 944 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 945 { 946 struct run_tx_data *data; 947 948 /* make sure any subsequent use of the queues will fail */ 949 pq->tx_nfree = 0; 950 STAILQ_INIT(&pq->tx_fh); 951 STAILQ_INIT(&pq->tx_qh); 952 953 /* free up all node references and mbufs */ 954 for (data = &pq->tx_data[0]; 955 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 956 if (data->m != NULL) { 957 m_freem(data->m); 958 data->m = NULL; 959 } 960 if (data->ni != NULL) { 961 ieee80211_free_node(data->ni); 962 data->ni = NULL; 963 } 964 } 965 } 966 967 static int 968 run_load_microcode(struct run_softc *sc) 969 { 970 usb_device_request_t req; 971 const struct firmware *fw; 972 const u_char *base; 973 uint32_t tmp; 974 int ntries, error; 975 const uint64_t *temp; 976 uint64_t bytes; 977 int wlan_serialized; 978 979 wlan_serialized = IS_SERIALIZED(&wlan_global_serializer); 980 if (wlan_serialized) 981 wlan_serialize_exit(); 982 fw = firmware_get("runfw"); 983 if (wlan_serialized) 984 wlan_serialize_enter(); 985 if (fw == NULL) { 986 device_printf(sc->sc_dev, 987 "failed loadfirmware of file %s\n", "runfw"); 988 return ENOENT; 989 } 990 991 if (fw->datasize != 8192) { 992 device_printf(sc->sc_dev, 993 "invalid firmware size (should be 8KB)\n"); 994 error = EINVAL; 995 goto fail; 996 } 997 998 /* 999 * RT3071/RT3072 use a different firmware 1000 * run-rt2870 (8KB) contains both, 1001 * first half (4KB) is for rt2870, 1002 * last half is for rt3071. 1003 */ 1004 base = fw->data; 1005 if ((sc->mac_ver) != 0x2860 && 1006 (sc->mac_ver) != 0x2872 && 1007 (sc->mac_ver) != 0x3070) { 1008 base += 4096; 1009 } 1010 1011 /* cheap sanity check */ 1012 temp = fw->data; 1013 bytes = *temp; 1014 if (bytes != be64toh(0xffffff0210280210)) { 1015 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1016 error = EINVAL; 1017 goto fail; 1018 } 1019 1020 run_read(sc, RT2860_ASIC_VER_ID, &tmp); 1021 /* write microcode image */ 1022 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1023 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1024 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1025 1026 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1027 req.bRequest = RT2870_RESET; 1028 USETW(req.wValue, 8); 1029 USETW(req.wIndex, 0); 1030 USETW(req.wLength, 0); 1031 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL)) 1032 != 0) { 1033 device_printf(sc->sc_dev, "firmware reset failed\n"); 1034 goto fail; 1035 } 1036 1037 run_delay(sc, 10); 1038 1039 run_write(sc, RT2860_H2M_MAILBOX, 0); 1040 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1041 goto fail; 1042 1043 /* wait until microcontroller is ready */ 1044 for (ntries = 0; ntries < 1000; ntries++) { 1045 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) { 1046 goto fail; 1047 } 1048 if (tmp & RT2860_MCU_READY) 1049 break; 1050 run_delay(sc, 10); 1051 } 1052 if (ntries == 1000) { 1053 device_printf(sc->sc_dev, 1054 "timeout waiting for MCU to initialize\n"); 1055 error = ETIMEDOUT; 1056 goto fail; 1057 } 1058 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1059 (base == fw->data) ? "RT2870" : "RT3071", 1060 *(base + 4092), *(base + 4093)); 1061 1062 fail: 1063 firmware_put(fw, FIRMWARE_UNLOAD); 1064 return (error); 1065 } 1066 1067 int 1068 run_reset(struct run_softc *sc) 1069 { 1070 usb_device_request_t req; 1071 usb_error_t error; 1072 1073 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1074 req.bRequest = RT2870_RESET; 1075 USETW(req.wValue, 1); 1076 USETW(req.wIndex, 0); 1077 USETW(req.wLength, 0); 1078 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL); 1079 return (error); 1080 } 1081 1082 static usb_error_t 1083 run_do_request(struct run_softc *sc, 1084 struct usb_device_request *req, void *data) 1085 { 1086 usb_error_t err; 1087 int ntries = 10; 1088 1089 RUN_LOCK_ASSERT(sc, MA_OWNED); 1090 1091 while (ntries--) { 1092 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_lock, 1093 req, data, 0, NULL, 250 /* ms */); 1094 if (err == 0) 1095 break; 1096 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1097 usbd_errstr(err)); 1098 run_delay(sc, 10); 1099 } 1100 return (err); 1101 } 1102 1103 static int 1104 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1105 { 1106 uint32_t tmp; 1107 int error; 1108 1109 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1110 if (error == 0) 1111 *val = le32toh(tmp); 1112 else 1113 *val = 0xffffffff; 1114 return (error); 1115 } 1116 1117 static int 1118 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1119 { 1120 usb_device_request_t req; 1121 1122 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1123 req.bRequest = RT2870_READ_REGION_1; 1124 USETW(req.wValue, 0); 1125 USETW(req.wIndex, reg); 1126 USETW(req.wLength, len); 1127 1128 return (run_do_request(sc, &req, buf)); 1129 } 1130 1131 static int 1132 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1133 { 1134 usb_device_request_t req; 1135 1136 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1137 req.bRequest = RT2870_WRITE_2; 1138 USETW(req.wValue, val); 1139 USETW(req.wIndex, reg); 1140 USETW(req.wLength, 0); 1141 1142 return (run_do_request(sc, &req, NULL)); 1143 } 1144 1145 static int 1146 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1147 { 1148 int error; 1149 1150 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1151 error = run_write_2(sc, reg + 2, val >> 16); 1152 return (error); 1153 } 1154 1155 static int 1156 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1157 int len) 1158 { 1159 #if 1 1160 int i, error = 0; 1161 /* 1162 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1163 * We thus issue multiple WRITE_2 commands instead. 1164 */ 1165 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1166 for (i = 0; i < len && error == 0; i += 2) 1167 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1168 return (error); 1169 #else 1170 usb_device_request_t req; 1171 1172 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1173 req.bRequest = RT2870_WRITE_REGION_1; 1174 USETW(req.wValue, 0); 1175 USETW(req.wIndex, reg); 1176 USETW(req.wLength, len); 1177 return (run_do_request(sc, &req, buf)); 1178 #endif 1179 } 1180 1181 static int 1182 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1183 { 1184 int i, error = 0; 1185 1186 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1187 for (i = 0; i < len && error == 0; i += 4) 1188 error = run_write(sc, reg + i, val); 1189 return (error); 1190 } 1191 1192 /* Read 16-bit from eFUSE ROM (RT3070 only.) */ 1193 static int 1194 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1195 { 1196 uint32_t tmp; 1197 uint16_t reg; 1198 int error, ntries; 1199 1200 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1201 return (error); 1202 1203 addr *= 2; 1204 /*- 1205 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1206 * DATA0: F E D C 1207 * DATA1: B A 9 8 1208 * DATA2: 7 6 5 4 1209 * DATA3: 3 2 1 0 1210 */ 1211 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1212 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1213 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1214 for (ntries = 0; ntries < 100; ntries++) { 1215 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1216 return (error); 1217 if (!(tmp & RT3070_EFSROM_KICK)) 1218 break; 1219 run_delay(sc, 2); 1220 } 1221 if (ntries == 100) 1222 return (ETIMEDOUT); 1223 1224 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1225 *val = 0xffff; /* address not found */ 1226 return (0); 1227 } 1228 /* determine to which 32-bit register our 16-bit word belongs */ 1229 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1230 if ((error = run_read(sc, reg, &tmp)) != 0) 1231 return (error); 1232 1233 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff; 1234 return (0); 1235 } 1236 1237 static int 1238 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1239 { 1240 usb_device_request_t req; 1241 uint16_t tmp; 1242 int error; 1243 1244 addr *= 2; 1245 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1246 req.bRequest = RT2870_EEPROM_READ; 1247 USETW(req.wValue, 0); 1248 USETW(req.wIndex, addr); 1249 USETW(req.wLength, sizeof tmp); 1250 1251 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, &tmp); 1252 if (error == 0) 1253 *val = le16toh(tmp); 1254 else 1255 *val = 0xffff; 1256 return (error); 1257 } 1258 1259 static __inline int 1260 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1261 { 1262 /* either eFUSE ROM or EEPROM */ 1263 return sc->sc_srom_read(sc, addr, val); 1264 } 1265 1266 static int 1267 run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val) 1268 { 1269 uint32_t tmp; 1270 int error, ntries; 1271 1272 for (ntries = 0; ntries < 10; ntries++) { 1273 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1274 return (error); 1275 if (!(tmp & RT2860_RF_REG_CTRL)) 1276 break; 1277 } 1278 if (ntries == 10) 1279 return (ETIMEDOUT); 1280 1281 /* RF registers are 24-bit on the RT2860 */ 1282 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT | 1283 (val & 0x3fffff) << 2 | (reg & 3); 1284 return (run_write(sc, RT2860_RF_CSR_CFG0, tmp)); 1285 } 1286 1287 static int 1288 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1289 { 1290 uint32_t tmp; 1291 int error, ntries; 1292 1293 for (ntries = 0; ntries < 100; ntries++) { 1294 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1295 return (error); 1296 if (!(tmp & RT3070_RF_KICK)) 1297 break; 1298 } 1299 if (ntries == 100) 1300 return (ETIMEDOUT); 1301 1302 tmp = RT3070_RF_KICK | reg << 8; 1303 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1304 return (error); 1305 1306 for (ntries = 0; ntries < 100; ntries++) { 1307 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1308 return (error); 1309 if (!(tmp & RT3070_RF_KICK)) 1310 break; 1311 } 1312 if (ntries == 100) 1313 return (ETIMEDOUT); 1314 1315 *val = tmp & 0xff; 1316 return (0); 1317 } 1318 1319 static int 1320 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1321 { 1322 uint32_t tmp; 1323 int error, ntries; 1324 1325 for (ntries = 0; ntries < 10; ntries++) { 1326 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1327 return (error); 1328 if (!(tmp & RT3070_RF_KICK)) 1329 break; 1330 } 1331 if (ntries == 10) 1332 return (ETIMEDOUT); 1333 1334 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1335 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1336 } 1337 1338 static int 1339 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1340 { 1341 uint32_t tmp; 1342 int ntries, error; 1343 1344 for (ntries = 0; ntries < 10; ntries++) { 1345 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1346 return (error); 1347 if (!(tmp & RT2860_BBP_CSR_KICK)) 1348 break; 1349 } 1350 if (ntries == 10) 1351 return (ETIMEDOUT); 1352 1353 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1354 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1355 return (error); 1356 1357 for (ntries = 0; ntries < 10; ntries++) { 1358 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1359 return (error); 1360 if (!(tmp & RT2860_BBP_CSR_KICK)) 1361 break; 1362 } 1363 if (ntries == 10) 1364 return (ETIMEDOUT); 1365 1366 *val = tmp & 0xff; 1367 return (0); 1368 } 1369 1370 static int 1371 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1372 { 1373 uint32_t tmp; 1374 int ntries, error; 1375 1376 for (ntries = 0; ntries < 10; ntries++) { 1377 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1378 return (error); 1379 if (!(tmp & RT2860_BBP_CSR_KICK)) 1380 break; 1381 } 1382 if (ntries == 10) 1383 return (ETIMEDOUT); 1384 1385 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1386 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1387 } 1388 1389 /* 1390 * Send a command to the 8051 microcontroller unit. 1391 */ 1392 static int 1393 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1394 { 1395 uint32_t tmp; 1396 int error, ntries; 1397 1398 for (ntries = 0; ntries < 100; ntries++) { 1399 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1400 return error; 1401 if (!(tmp & RT2860_H2M_BUSY)) 1402 break; 1403 } 1404 if (ntries == 100) 1405 return ETIMEDOUT; 1406 1407 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1408 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1409 error = run_write(sc, RT2860_HOST_CMD, cmd); 1410 return (error); 1411 } 1412 1413 /* 1414 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1415 * Used to adjust per-rate Tx power registers. 1416 */ 1417 static __inline uint32_t 1418 b4inc(uint32_t b32, int8_t delta) 1419 { 1420 int8_t i, b4; 1421 1422 for (i = 0; i < 8; i++) { 1423 b4 = b32 & 0xf; 1424 b4 += delta; 1425 if (b4 < 0) 1426 b4 = 0; 1427 else if (b4 > 0xf) 1428 b4 = 0xf; 1429 b32 = b32 >> 4 | b4 << 28; 1430 } 1431 return (b32); 1432 } 1433 1434 static const char * 1435 run_get_rf(int rev) 1436 { 1437 switch (rev) { 1438 case RT2860_RF_2820: return "RT2820"; 1439 case RT2860_RF_2850: return "RT2850"; 1440 case RT2860_RF_2720: return "RT2720"; 1441 case RT2860_RF_2750: return "RT2750"; 1442 case RT3070_RF_3020: return "RT3020"; 1443 case RT3070_RF_2020: return "RT2020"; 1444 case RT3070_RF_3021: return "RT3021"; 1445 case RT3070_RF_3022: return "RT3022"; 1446 case RT3070_RF_3052: return "RT3052"; 1447 } 1448 return ("unknown"); 1449 } 1450 1451 int 1452 run_read_eeprom(struct run_softc *sc) 1453 { 1454 int8_t delta_2ghz, delta_5ghz; 1455 uint32_t tmp; 1456 uint16_t val; 1457 int ridx, ant, i; 1458 1459 /* check whether the ROM is eFUSE ROM or EEPROM */ 1460 sc->sc_srom_read = run_eeprom_read_2; 1461 if (sc->mac_ver >= 0x3070) { 1462 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1463 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1464 if (tmp & RT3070_SEL_EFUSE) 1465 sc->sc_srom_read = run_efuse_read_2; 1466 } 1467 1468 /* read ROM version */ 1469 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1470 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1471 1472 /* read MAC address */ 1473 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1474 sc->sc_bssid[0] = val & 0xff; 1475 sc->sc_bssid[1] = val >> 8; 1476 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1477 sc->sc_bssid[2] = val & 0xff; 1478 sc->sc_bssid[3] = val >> 8; 1479 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1480 sc->sc_bssid[4] = val & 0xff; 1481 sc->sc_bssid[5] = val >> 8; 1482 1483 /* read vender BBP settings */ 1484 for (i = 0; i < 10; i++) { 1485 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1486 sc->bbp[i].val = val & 0xff; 1487 sc->bbp[i].reg = val >> 8; 1488 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1489 } 1490 if (sc->mac_ver >= 0x3071) { 1491 /* read vendor RF settings */ 1492 for (i = 0; i < 10; i++) { 1493 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val); 1494 sc->rf[i].val = val & 0xff; 1495 sc->rf[i].reg = val >> 8; 1496 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1497 sc->rf[i].val); 1498 } 1499 } 1500 1501 /* read RF frequency offset from EEPROM */ 1502 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val); 1503 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1504 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1505 1506 if (val >> 8 != 0xff) { 1507 /* read LEDs operating mode */ 1508 sc->leds = val >> 8; 1509 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]); 1510 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]); 1511 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]); 1512 } else { 1513 /* broken EEPROM, use default settings */ 1514 sc->leds = 0x01; 1515 sc->led[0] = 0x5555; 1516 sc->led[1] = 0x2221; 1517 sc->led[2] = 0x5627; /* differs from RT2860 */ 1518 } 1519 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1520 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1521 1522 /* read RF information */ 1523 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1524 if (val == 0xffff) { 1525 DPRINTF("invalid EEPROM antenna info, using default\n"); 1526 if (sc->mac_ver == 0x3572) { 1527 /* default to RF3052 2T2R */ 1528 sc->rf_rev = RT3070_RF_3052; 1529 sc->ntxchains = 2; 1530 sc->nrxchains = 2; 1531 } else if (sc->mac_ver >= 0x3070) { 1532 /* default to RF3020 1T1R */ 1533 sc->rf_rev = RT3070_RF_3020; 1534 sc->ntxchains = 1; 1535 sc->nrxchains = 1; 1536 } else { 1537 /* default to RF2820 1T2R */ 1538 sc->rf_rev = RT2860_RF_2820; 1539 sc->ntxchains = 1; 1540 sc->nrxchains = 2; 1541 } 1542 } else { 1543 sc->rf_rev = (val >> 8) & 0xf; 1544 sc->ntxchains = (val >> 4) & 0xf; 1545 sc->nrxchains = val & 0xf; 1546 } 1547 DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n", 1548 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1549 1550 /* check if RF supports automatic Tx access gain control */ 1551 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1552 DPRINTF("EEPROM CFG 0x%04x\n", val); 1553 /* check if driver should patch the DAC issue */ 1554 if ((val >> 8) != 0xff) 1555 sc->patch_dac = (val >> 15) & 1; 1556 if ((val & 0xff) != 0xff) { 1557 sc->ext_5ghz_lna = (val >> 3) & 1; 1558 sc->ext_2ghz_lna = (val >> 2) & 1; 1559 /* check if RF supports automatic Tx access gain control */ 1560 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1561 /* check if we have a hardware radio switch */ 1562 sc->rfswitch = val & 1; 1563 } 1564 1565 /* read power settings for 2GHz channels */ 1566 for (i = 0; i < 14; i += 2) { 1567 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1568 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1569 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1570 1571 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1572 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1573 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1574 } 1575 /* fix broken Tx power entries */ 1576 for (i = 0; i < 14; i++) { 1577 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1578 sc->txpow1[i] = 5; 1579 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1580 sc->txpow2[i] = 5; 1581 DPRINTF("chan %d: power1=%d, power2=%d\n", 1582 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1583 } 1584 /* read power settings for 5GHz channels */ 1585 for (i = 0; i < 40; i += 2) { 1586 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1587 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1588 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1589 1590 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1591 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1592 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1593 } 1594 /* fix broken Tx power entries */ 1595 for (i = 0; i < 40; i++) { 1596 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1597 sc->txpow1[14 + i] = 5; 1598 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1599 sc->txpow2[14 + i] = 5; 1600 DPRINTF("chan %d: power1=%d, power2=%d\n", 1601 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1602 sc->txpow2[14 + i]); 1603 } 1604 1605 /* read Tx power compensation for each Tx rate */ 1606 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1607 delta_2ghz = delta_5ghz = 0; 1608 if ((val & 0xff) != 0xff && (val & 0x80)) { 1609 delta_2ghz = val & 0xf; 1610 if (!(val & 0x40)) /* negative number */ 1611 delta_2ghz = -delta_2ghz; 1612 } 1613 val >>= 8; 1614 if ((val & 0xff) != 0xff && (val & 0x80)) { 1615 delta_5ghz = val & 0xf; 1616 if (!(val & 0x40)) /* negative number */ 1617 delta_5ghz = -delta_5ghz; 1618 } 1619 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1620 delta_2ghz, delta_5ghz); 1621 1622 for (ridx = 0; ridx < 5; ridx++) { 1623 uint32_t reg; 1624 1625 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1626 reg = val; 1627 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1628 reg |= (uint32_t)val << 16; 1629 1630 sc->txpow20mhz[ridx] = reg; 1631 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1632 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1633 1634 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1635 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1636 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1637 } 1638 1639 /* read RSSI offsets and LNA gains from EEPROM */ 1640 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val); 1641 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1642 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1643 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val); 1644 if (sc->mac_ver >= 0x3070) { 1645 /* 1646 * On RT3070 chips (limited to 2 Rx chains), this ROM 1647 * field contains the Tx mixer gain for the 2GHz band. 1648 */ 1649 if ((val & 0xff) != 0xff) 1650 sc->txmixgain_2ghz = val & 0x7; 1651 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1652 } else 1653 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1654 sc->lna[2] = val >> 8; /* channel group 2 */ 1655 1656 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val); 1657 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1658 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1659 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val); 1660 if (sc->mac_ver == 0x3572) { 1661 /* 1662 * On RT3572 chips (limited to 2 Rx chains), this ROM 1663 * field contains the Tx mixer gain for the 5GHz band. 1664 */ 1665 if ((val & 0xff) != 0xff) 1666 sc->txmixgain_5ghz = val & 0x7; 1667 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1668 } else 1669 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1670 sc->lna[3] = val >> 8; /* channel group 3 */ 1671 1672 run_srom_read(sc, RT2860_EEPROM_LNA, &val); 1673 sc->lna[0] = val & 0xff; /* channel group 0 */ 1674 sc->lna[1] = val >> 8; /* channel group 1 */ 1675 1676 /* fix broken 5GHz LNA entries */ 1677 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1678 DPRINTF("invalid LNA for channel group %d\n", 2); 1679 sc->lna[2] = sc->lna[1]; 1680 } 1681 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1682 DPRINTF("invalid LNA for channel group %d\n", 3); 1683 sc->lna[3] = sc->lna[1]; 1684 } 1685 1686 /* fix broken RSSI offset entries */ 1687 for (ant = 0; ant < 3; ant++) { 1688 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1689 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1690 ant + 1, sc->rssi_2ghz[ant]); 1691 sc->rssi_2ghz[ant] = 0; 1692 } 1693 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1694 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1695 ant + 1, sc->rssi_5ghz[ant]); 1696 sc->rssi_5ghz[ant] = 0; 1697 } 1698 } 1699 return (0); 1700 } 1701 1702 static struct ieee80211_node * 1703 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1704 { 1705 return kmalloc(sizeof (struct run_node), M_DEVBUF, M_WAITOK | M_ZERO); 1706 } 1707 1708 static int 1709 run_media_change(struct ifnet *ifp) 1710 { 1711 struct ieee80211vap *vap = ifp->if_softc; 1712 struct ieee80211com *ic = vap->iv_ic; 1713 const struct ieee80211_txparam *tp; 1714 struct run_softc *sc = ic->ic_ifp->if_softc; 1715 uint8_t rate, ridx; 1716 int error; 1717 1718 RUN_LOCK(sc); 1719 1720 error = ieee80211_media_change(ifp); 1721 if (error != ENETRESET) { 1722 RUN_UNLOCK(sc); 1723 return (error); 1724 } 1725 1726 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1727 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 1728 struct ieee80211_node *ni; 1729 struct run_node *rn; 1730 1731 rate = ic->ic_sup_rates[ic->ic_curmode]. 1732 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 1733 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 1734 if (rt2860_rates[ridx].rate == rate) 1735 break; 1736 ni = ieee80211_ref_node(vap->iv_bss); 1737 rn = (struct run_node *)ni; 1738 rn->fix_ridx = ridx; 1739 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 1740 ieee80211_free_node(ni); 1741 } 1742 1743 #if 0 1744 if ((ifp->if_flags & IFF_UP) && 1745 (ifp->if_flags & IFF_RUNNING)){ 1746 run_init_locked(sc); 1747 } 1748 #endif 1749 1750 RUN_UNLOCK(sc); 1751 1752 return (0); 1753 } 1754 1755 static int 1756 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 1757 { 1758 const struct ieee80211_txparam *tp; 1759 struct ieee80211com *ic = vap->iv_ic; 1760 struct run_softc *sc = ic->ic_ifp->if_softc; 1761 struct run_vap *rvp = RUN_VAP(vap); 1762 enum ieee80211_state ostate; 1763 uint32_t sta[3]; 1764 uint32_t tmp; 1765 uint8_t ratectl; 1766 uint8_t restart_ratectl = 0; 1767 uint8_t bid = 1 << rvp->rvp_id; 1768 1769 ostate = vap->iv_state; 1770 DPRINTF("%s -> %s\n", 1771 ieee80211_state_name[ostate], 1772 ieee80211_state_name[nstate]); 1773 1774 RUN_LOCK(sc); 1775 1776 ratectl = sc->ratectl_run; /* remember current state */ 1777 sc->ratectl_run = RUN_RATECTL_OFF; 1778 usb_callout_stop(&sc->ratectl_ch); 1779 1780 if (ostate == IEEE80211_S_RUN) { 1781 /* turn link LED off */ 1782 run_set_leds(sc, RT2860_LED_RADIO); 1783 } 1784 1785 switch (nstate) { 1786 case IEEE80211_S_INIT: 1787 restart_ratectl = 1; 1788 1789 if (ostate != IEEE80211_S_RUN) 1790 break; 1791 1792 ratectl &= ~bid; 1793 sc->runbmap &= ~bid; 1794 1795 /* abort TSF synchronization if there is no vap running */ 1796 if (--sc->running == 0) { 1797 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 1798 run_write(sc, RT2860_BCN_TIME_CFG, 1799 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 1800 RT2860_TBTT_TIMER_EN)); 1801 } 1802 break; 1803 1804 case IEEE80211_S_RUN: 1805 if (!(sc->runbmap & bid)) { 1806 if(sc->running++) 1807 restart_ratectl = 1; 1808 sc->runbmap |= bid; 1809 } 1810 1811 m_freem(rvp->beacon_mbuf); 1812 rvp->beacon_mbuf = NULL; 1813 1814 switch (vap->iv_opmode) { 1815 case IEEE80211_M_HOSTAP: 1816 case IEEE80211_M_MBSS: 1817 sc->ap_running |= bid; 1818 ic->ic_opmode = vap->iv_opmode; 1819 run_update_beacon_cb(vap); 1820 break; 1821 case IEEE80211_M_IBSS: 1822 sc->adhoc_running |= bid; 1823 if (!sc->ap_running) 1824 ic->ic_opmode = vap->iv_opmode; 1825 run_update_beacon_cb(vap); 1826 break; 1827 case IEEE80211_M_STA: 1828 sc->sta_running |= bid; 1829 if (!sc->ap_running && !sc->adhoc_running) 1830 ic->ic_opmode = vap->iv_opmode; 1831 1832 /* read statistic counters (clear on read) */ 1833 run_read_region_1(sc, RT2860_TX_STA_CNT0, 1834 (uint8_t *)sta, sizeof sta); 1835 1836 break; 1837 default: 1838 ic->ic_opmode = vap->iv_opmode; 1839 break; 1840 } 1841 1842 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 1843 struct ieee80211_node *ni; 1844 1845 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 1846 return (-1); 1847 run_updateslot(ic->ic_ifp); 1848 run_enable_mrr(sc); 1849 run_set_txpreamble(sc); 1850 run_set_basicrates(sc); 1851 ni = ieee80211_ref_node(vap->iv_bss); 1852 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 1853 run_set_bssid(sc, ni->ni_bssid); 1854 ieee80211_free_node(ni); 1855 run_enable_tsf_sync(sc); 1856 1857 /* enable automatic rate adaptation */ 1858 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1859 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 1860 ratectl |= bid; 1861 } 1862 1863 /* turn link LED on */ 1864 run_set_leds(sc, RT2860_LED_RADIO | 1865 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 1866 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 1867 1868 break; 1869 default: 1870 DPRINTFN(6, "undefined case\n"); 1871 break; 1872 } 1873 1874 /* restart amrr for running VAPs */ 1875 if ((sc->ratectl_run = ratectl) && restart_ratectl) 1876 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 1877 1878 RUN_UNLOCK(sc); 1879 1880 return(rvp->newstate(vap, nstate, arg)); 1881 } 1882 1883 /* ARGSUSED */ 1884 static void 1885 run_wme_update_cb(void *arg) 1886 { 1887 struct ieee80211com *ic = arg; 1888 struct run_softc *sc = ic->ic_ifp->if_softc; 1889 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 1890 int aci, error = 0; 1891 1892 RUN_LOCK_ASSERT(sc, MA_OWNED); 1893 1894 /* update MAC TX configuration registers */ 1895 for (aci = 0; aci < WME_NUM_AC; aci++) { 1896 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 1897 wmesp->wme_params[aci].wmep_logcwmax << 16 | 1898 wmesp->wme_params[aci].wmep_logcwmin << 12 | 1899 wmesp->wme_params[aci].wmep_aifsn << 8 | 1900 wmesp->wme_params[aci].wmep_txopLimit); 1901 if (error) goto err; 1902 } 1903 1904 /* update SCH/DMA registers too */ 1905 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 1906 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 1907 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 1908 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 1909 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 1910 if (error) goto err; 1911 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 1912 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 1913 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 1914 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 1915 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 1916 if (error) goto err; 1917 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 1918 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 1919 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 1920 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 1921 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 1922 if (error) goto err; 1923 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 1924 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 1925 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 1926 if (error) goto err; 1927 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 1928 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 1929 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 1930 1931 err: 1932 if (error) 1933 DPRINTF("WME update failed\n"); 1934 1935 return; 1936 } 1937 1938 static int 1939 run_wme_update(struct ieee80211com *ic) 1940 { 1941 struct run_softc *sc = ic->ic_ifp->if_softc; 1942 1943 #if 0 /* XXX swildner */ 1944 /* sometime called without lock */ 1945 if (mtx_owned(&ic->ic_comlock.mtx)) { 1946 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 1947 DPRINTF("cmdq_store=%d\n", i); 1948 sc->cmdq[i].func = run_wme_update_cb; 1949 sc->cmdq[i].arg0 = ic; 1950 ieee80211_runtask(ic, &sc->cmdq_task); 1951 return (0); 1952 } 1953 #endif 1954 1955 RUN_LOCK(sc); 1956 run_wme_update_cb(ic); 1957 RUN_UNLOCK(sc); 1958 1959 /* return whatever, upper layer desn't care anyway */ 1960 return (0); 1961 } 1962 1963 static void 1964 run_key_update_begin(struct ieee80211vap *vap) 1965 { 1966 /* 1967 * To avoid out-of-order events, both run_key_set() and 1968 * _delete() are deferred and handled by run_cmdq_cb(). 1969 * So, there is nothing we need to do here. 1970 */ 1971 } 1972 1973 static void 1974 run_key_update_end(struct ieee80211vap *vap) 1975 { 1976 /* null */ 1977 } 1978 1979 static void 1980 run_key_set_cb(void *arg) 1981 { 1982 struct run_cmdq *cmdq = arg; 1983 struct ieee80211vap *vap = cmdq->arg1; 1984 struct ieee80211_key *k = cmdq->k; 1985 struct ieee80211com *ic = vap->iv_ic; 1986 struct run_softc *sc = ic->ic_ifp->if_softc; 1987 struct ieee80211_node *ni; 1988 uint32_t attr; 1989 uint16_t base, associd; 1990 uint8_t mode, wcid, iv[8]; 1991 1992 RUN_LOCK_ASSERT(sc, MA_OWNED); 1993 1994 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 1995 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 1996 else 1997 ni = vap->iv_bss; 1998 associd = (ni != NULL) ? ni->ni_associd : 0; 1999 2000 /* map net80211 cipher to RT2860 security mode */ 2001 switch (k->wk_cipher->ic_cipher) { 2002 case IEEE80211_CIPHER_WEP: 2003 if(k->wk_keylen < 8) 2004 mode = RT2860_MODE_WEP40; 2005 else 2006 mode = RT2860_MODE_WEP104; 2007 break; 2008 case IEEE80211_CIPHER_TKIP: 2009 mode = RT2860_MODE_TKIP; 2010 break; 2011 case IEEE80211_CIPHER_AES_CCM: 2012 mode = RT2860_MODE_AES_CCMP; 2013 break; 2014 default: 2015 DPRINTF("undefined case\n"); 2016 return; 2017 } 2018 2019 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2020 associd, k->wk_keyix, mode, 2021 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2022 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2023 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2024 2025 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2026 wcid = 0; /* NB: update WCID0 for group keys */ 2027 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2028 } else { 2029 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2030 1 : RUN_AID2WCID(associd); 2031 base = RT2860_PKEY(wcid); 2032 } 2033 2034 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2035 if(run_write_region_1(sc, base, k->wk_key, 16)) 2036 return; 2037 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2038 return; 2039 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2040 return; 2041 } else { 2042 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2043 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2044 return; 2045 } 2046 2047 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2048 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2049 /* set initial packet number in IV+EIV */ 2050 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2051 memset(iv, 0, sizeof iv); 2052 iv[3] = vap->iv_def_txkey << 6; 2053 } else { 2054 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2055 iv[0] = k->wk_keytsc >> 8; 2056 iv[1] = (iv[0] | 0x20) & 0x7f; 2057 iv[2] = k->wk_keytsc; 2058 } else /* CCMP */ { 2059 iv[0] = k->wk_keytsc; 2060 iv[1] = k->wk_keytsc >> 8; 2061 iv[2] = 0; 2062 } 2063 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2064 iv[4] = k->wk_keytsc >> 16; 2065 iv[5] = k->wk_keytsc >> 24; 2066 iv[6] = k->wk_keytsc >> 32; 2067 iv[7] = k->wk_keytsc >> 40; 2068 } 2069 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2070 return; 2071 } 2072 2073 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2074 /* install group key */ 2075 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2076 return; 2077 attr &= ~(0xf << (k->wk_keyix * 4)); 2078 attr |= mode << (k->wk_keyix * 4); 2079 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2080 return; 2081 } else { 2082 /* install pairwise key */ 2083 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2084 return; 2085 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2086 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2087 return; 2088 } 2089 2090 /* TODO create a pass-thru key entry? */ 2091 2092 /* need wcid to delete the right key later */ 2093 k->wk_pad = wcid; 2094 } 2095 2096 /* 2097 * Don't have to be deferred, but in order to keep order of 2098 * execution, i.e. with run_key_delete(), defer this and let 2099 * run_cmdq_cb() maintain the order. 2100 * 2101 * return 0 on error 2102 */ 2103 static int 2104 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2105 const uint8_t mac[IEEE80211_ADDR_LEN]) 2106 { 2107 struct ieee80211com *ic = vap->iv_ic; 2108 struct run_softc *sc = ic->ic_ifp->if_softc; 2109 uint32_t i; 2110 2111 i = RUN_CMDQ_GET(&sc->cmdq_store); 2112 DPRINTF("cmdq_store=%d\n", i); 2113 sc->cmdq[i].func = run_key_set_cb; 2114 sc->cmdq[i].arg0 = NULL; 2115 sc->cmdq[i].arg1 = vap; 2116 sc->cmdq[i].k = k; 2117 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2118 ieee80211_runtask(ic, &sc->cmdq_task); 2119 2120 /* 2121 * To make sure key will be set when hostapd 2122 * calls iv_key_set() before if_init(). 2123 */ 2124 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2125 RUN_LOCK(sc); 2126 sc->cmdq_key_set = RUN_CMDQ_GO; 2127 RUN_UNLOCK(sc); 2128 } 2129 2130 return (1); 2131 } 2132 2133 /* 2134 * If wlan is destroyed without being brought down i.e. without 2135 * wlan down or wpa_cli terminate, this function is called after 2136 * vap is gone. Don't refer it. 2137 */ 2138 static void 2139 run_key_delete_cb(void *arg) 2140 { 2141 struct run_cmdq *cmdq = arg; 2142 struct run_softc *sc = cmdq->arg1; 2143 struct ieee80211_key *k = &cmdq->key; 2144 uint32_t attr; 2145 uint8_t wcid; 2146 2147 RUN_LOCK_ASSERT(sc, MA_OWNED); 2148 2149 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2150 /* remove group key */ 2151 DPRINTF("removing group key\n"); 2152 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2153 attr &= ~(0xf << (k->wk_keyix * 4)); 2154 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2155 } else { 2156 /* remove pairwise key */ 2157 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2158 /* matching wcid was written to wk_pad in run_key_set() */ 2159 wcid = k->wk_pad; 2160 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2161 attr &= ~0xf; 2162 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2163 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2164 } 2165 2166 k->wk_pad = 0; 2167 } 2168 2169 /* 2170 * return 0 on error 2171 */ 2172 static int 2173 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2174 { 2175 struct ieee80211com *ic = vap->iv_ic; 2176 struct run_softc *sc = ic->ic_ifp->if_softc; 2177 struct ieee80211_key *k0; 2178 uint32_t i; 2179 2180 /* 2181 * When called back, key might be gone. So, make a copy 2182 * of some values need to delete keys before deferring. 2183 * But, because of LOR with node lock, cannot use lock here. 2184 * So, use atomic instead. 2185 */ 2186 i = RUN_CMDQ_GET(&sc->cmdq_store); 2187 DPRINTF("cmdq_store=%d\n", i); 2188 sc->cmdq[i].func = run_key_delete_cb; 2189 sc->cmdq[i].arg0 = NULL; 2190 sc->cmdq[i].arg1 = sc; 2191 k0 = &sc->cmdq[i].key; 2192 k0->wk_flags = k->wk_flags; 2193 k0->wk_keyix = k->wk_keyix; 2194 /* matching wcid was written to wk_pad in run_key_set() */ 2195 k0->wk_pad = k->wk_pad; 2196 ieee80211_runtask(ic, &sc->cmdq_task); 2197 return (1); /* return fake success */ 2198 2199 } 2200 2201 static void 2202 run_ratectl_to(void *arg) 2203 { 2204 struct run_softc *sc = arg; 2205 2206 /* do it in a process context, so it can go sleep */ 2207 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2208 /* next timeout will be rescheduled in the callback task */ 2209 } 2210 2211 /* ARGSUSED */ 2212 static void 2213 run_ratectl_cb(void *arg, int pending) 2214 { 2215 struct run_softc *sc = arg; 2216 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2217 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2218 2219 if (vap == NULL) 2220 return; 2221 2222 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA) 2223 run_iter_func(sc, vap->iv_bss); 2224 else { 2225 /* 2226 * run_reset_livelock() doesn't do anything with AMRR, 2227 * but Ralink wants us to call it every 1 sec. So, we 2228 * piggyback here rather than creating another callout. 2229 * Livelock may occur only in HOSTAP or IBSS mode 2230 * (when h/w is sending beacons). 2231 */ 2232 RUN_LOCK(sc); 2233 run_reset_livelock(sc); 2234 /* just in case, there are some stats to drain */ 2235 run_drain_fifo(sc); 2236 RUN_UNLOCK(sc); 2237 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2238 } 2239 2240 if(sc->ratectl_run != RUN_RATECTL_OFF) 2241 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2242 } 2243 2244 static void 2245 run_drain_fifo(void *arg) 2246 { 2247 struct run_softc *sc = arg; 2248 struct ifnet *ifp = sc->sc_ifp; 2249 uint32_t stat; 2250 uint16_t (*wstat)[3]; 2251 uint8_t wcid, mcs, pid; 2252 int8_t retry; 2253 2254 RUN_LOCK_ASSERT(sc, MA_OWNED); 2255 2256 for (;;) { 2257 /* drain Tx status FIFO (maxsize = 16) */ 2258 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2259 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2260 if (!(stat & RT2860_TXQ_VLD)) 2261 break; 2262 2263 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2264 2265 /* if no ACK was requested, no feedback is available */ 2266 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2267 wcid == 0) 2268 continue; 2269 2270 /* 2271 * Even though each stat is Tx-complete-status like format, 2272 * the device can poll stats. Because there is no guarantee 2273 * that the referring node is still around when read the stats. 2274 * So that, if we use ieee80211_ratectl_tx_update(), we will 2275 * have hard time not to refer already freed node. 2276 * 2277 * To eliminate such page faults, we poll stats in softc. 2278 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2279 */ 2280 wstat = &(sc->wcid_stats[wcid]); 2281 (*wstat)[RUN_TXCNT]++; 2282 if (stat & RT2860_TXQ_OK) 2283 (*wstat)[RUN_SUCCESS]++; 2284 else 2285 ifp->if_oerrors++; 2286 /* 2287 * Check if there were retries, ie if the Tx success rate is 2288 * different from the requested rate. Note that it works only 2289 * because we do not allow rate fallback from OFDM to CCK. 2290 */ 2291 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2292 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2293 if ((retry = pid -1 - mcs) > 0) { 2294 (*wstat)[RUN_TXCNT] += retry; 2295 (*wstat)[RUN_RETRY] += retry; 2296 } 2297 } 2298 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2299 2300 sc->fifo_cnt = 0; 2301 } 2302 2303 static void 2304 run_iter_func(void *arg, struct ieee80211_node *ni) 2305 { 2306 struct run_softc *sc = arg; 2307 struct ieee80211vap *vap = ni->ni_vap; 2308 struct ieee80211com *ic = ni->ni_ic; 2309 struct ifnet *ifp = ic->ic_ifp; 2310 struct run_node *rn = (void *)ni; 2311 union run_stats sta[2]; 2312 uint16_t (*wstat)[3]; 2313 int txcnt, success, retrycnt, error; 2314 2315 RUN_LOCK(sc); 2316 2317 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2318 vap->iv_opmode == IEEE80211_M_STA)) { 2319 /* read statistic counters (clear on read) and update AMRR state */ 2320 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2321 sizeof sta); 2322 if (error != 0) 2323 goto fail; 2324 2325 /* count failed TX as errors */ 2326 ifp->if_oerrors += le16toh(sta[0].error.fail); 2327 2328 retrycnt = le16toh(sta[1].tx.retry); 2329 success = le16toh(sta[1].tx.success); 2330 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2331 2332 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2333 retrycnt, success, le16toh(sta[0].error.fail)); 2334 } else { 2335 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2336 2337 if (wstat == &(sc->wcid_stats[0]) || 2338 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2339 goto fail; 2340 2341 txcnt = (*wstat)[RUN_TXCNT]; 2342 success = (*wstat)[RUN_SUCCESS]; 2343 retrycnt = (*wstat)[RUN_RETRY]; 2344 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2345 retrycnt, txcnt, success); 2346 2347 memset(wstat, 0, sizeof(*wstat)); 2348 } 2349 2350 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2351 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2352 2353 fail: 2354 RUN_UNLOCK(sc); 2355 2356 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2357 } 2358 2359 static void 2360 run_newassoc_cb(void *arg) 2361 { 2362 struct run_cmdq *cmdq = arg; 2363 struct ieee80211_node *ni = cmdq->arg1; 2364 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2365 uint8_t wcid = cmdq->wcid; 2366 2367 RUN_LOCK_ASSERT(sc, MA_OWNED); 2368 2369 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2370 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2371 2372 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2373 } 2374 2375 static void 2376 run_newassoc(struct ieee80211_node *ni, int isnew) 2377 { 2378 struct run_node *rn = (void *)ni; 2379 struct ieee80211_rateset *rs = &ni->ni_rates; 2380 struct ieee80211vap *vap = ni->ni_vap; 2381 struct ieee80211com *ic = vap->iv_ic; 2382 struct run_softc *sc = ic->ic_ifp->if_softc; 2383 uint8_t rate; 2384 uint8_t ridx; 2385 uint8_t wcid; 2386 int i, j; 2387 #ifdef RUN_DEBUG 2388 char ethstr[ETHER_ADDRSTRLEN + 1]; 2389 #endif 2390 2391 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2392 1 : RUN_AID2WCID(ni->ni_associd); 2393 2394 if (wcid > RT2870_WCID_MAX) { 2395 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2396 return; 2397 } 2398 2399 /* only interested in true associations */ 2400 if (isnew && ni->ni_associd != 0) { 2401 2402 /* 2403 * This function could is called though timeout function. 2404 * Need to defer. 2405 */ 2406 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2407 DPRINTF("cmdq_store=%d\n", cnt); 2408 sc->cmdq[cnt].func = run_newassoc_cb; 2409 sc->cmdq[cnt].arg0 = NULL; 2410 sc->cmdq[cnt].arg1 = ni; 2411 sc->cmdq[cnt].wcid = wcid; 2412 ieee80211_runtask(ic, &sc->cmdq_task); 2413 } 2414 2415 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2416 isnew, ni->ni_associd, kether_ntoa(ni->ni_macaddr, ethstr)); 2417 2418 for (i = 0; i < rs->rs_nrates; i++) { 2419 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2420 /* convert 802.11 rate to hardware rate index */ 2421 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2422 if (rt2860_rates[ridx].rate == rate) 2423 break; 2424 rn->ridx[i] = ridx; 2425 /* determine rate of control response frames */ 2426 for (j = i; j >= 0; j--) { 2427 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2428 rt2860_rates[rn->ridx[i]].phy == 2429 rt2860_rates[rn->ridx[j]].phy) 2430 break; 2431 } 2432 if (j >= 0) { 2433 rn->ctl_ridx[i] = rn->ridx[j]; 2434 } else { 2435 /* no basic rate found, use mandatory one */ 2436 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2437 } 2438 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2439 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2440 } 2441 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2442 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2443 if (rt2860_rates[ridx].rate == rate) 2444 break; 2445 rn->mgt_ridx = ridx; 2446 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2447 2448 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2449 } 2450 2451 /* 2452 * Return the Rx chain with the highest RSSI for a given frame. 2453 */ 2454 static __inline uint8_t 2455 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2456 { 2457 uint8_t rxchain = 0; 2458 2459 if (sc->nrxchains > 1) { 2460 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2461 rxchain = 1; 2462 if (sc->nrxchains > 2) 2463 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2464 rxchain = 2; 2465 } 2466 return (rxchain); 2467 } 2468 2469 static void 2470 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2471 { 2472 struct ifnet *ifp = sc->sc_ifp; 2473 struct ieee80211com *ic = ifp->if_l2com; 2474 struct ieee80211_frame *wh; 2475 struct ieee80211_node *ni; 2476 struct rt2870_rxd *rxd; 2477 struct rt2860_rxwi *rxwi; 2478 uint32_t flags; 2479 uint16_t len, phy; 2480 uint8_t ant, rssi; 2481 int8_t nf; 2482 2483 rxwi = mtod(m, struct rt2860_rxwi *); 2484 len = le16toh(rxwi->len) & 0xfff; 2485 if (__predict_false(len > dmalen)) { 2486 m_freem(m); 2487 ifp->if_ierrors++; 2488 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2489 return; 2490 } 2491 /* Rx descriptor is located at the end */ 2492 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2493 flags = le32toh(rxd->flags); 2494 2495 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2496 m_freem(m); 2497 ifp->if_ierrors++; 2498 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2499 return; 2500 } 2501 2502 m->m_data += sizeof(struct rt2860_rxwi); 2503 m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi); 2504 2505 wh = mtod(m, struct ieee80211_frame *); 2506 2507 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2508 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2509 m->m_flags |= M_WEP; 2510 } 2511 2512 if (flags & RT2860_RX_L2PAD) { 2513 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2514 len += 2; 2515 } 2516 2517 ni = ieee80211_find_rxnode(ic, 2518 mtod(m, struct ieee80211_frame_min *)); 2519 2520 if (__predict_false(flags & RT2860_RX_MICERR)) { 2521 /* report MIC failures to net80211 for TKIP */ 2522 if (ni != NULL) 2523 ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx); 2524 m_freem(m); 2525 ifp->if_ierrors++; 2526 DPRINTF("MIC error. Someone is lying.\n"); 2527 return; 2528 } 2529 2530 ant = run_maxrssi_chain(sc, rxwi); 2531 rssi = rxwi->rssi[ant]; 2532 nf = run_rssi2dbm(sc, rssi, ant); 2533 2534 m->m_pkthdr.rcvif = ifp; 2535 m->m_pkthdr.len = m->m_len = len; 2536 2537 if (ni != NULL) { 2538 (void)ieee80211_input(ni, m, rssi, nf); 2539 ieee80211_free_node(ni); 2540 } else { 2541 (void)ieee80211_input_all(ic, m, rssi, nf); 2542 } 2543 2544 if (__predict_false(ieee80211_radiotap_active(ic))) { 2545 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2546 2547 tap->wr_flags = 0; 2548 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2549 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2550 tap->wr_antsignal = rssi; 2551 tap->wr_antenna = ant; 2552 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2553 tap->wr_rate = 2; /* in case it can't be found below */ 2554 phy = le16toh(rxwi->phy); 2555 switch (phy & RT2860_PHY_MODE) { 2556 case RT2860_PHY_CCK: 2557 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2558 case 0: tap->wr_rate = 2; break; 2559 case 1: tap->wr_rate = 4; break; 2560 case 2: tap->wr_rate = 11; break; 2561 case 3: tap->wr_rate = 22; break; 2562 } 2563 if (phy & RT2860_PHY_SHPRE) 2564 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2565 break; 2566 case RT2860_PHY_OFDM: 2567 switch (phy & RT2860_PHY_MCS) { 2568 case 0: tap->wr_rate = 12; break; 2569 case 1: tap->wr_rate = 18; break; 2570 case 2: tap->wr_rate = 24; break; 2571 case 3: tap->wr_rate = 36; break; 2572 case 4: tap->wr_rate = 48; break; 2573 case 5: tap->wr_rate = 72; break; 2574 case 6: tap->wr_rate = 96; break; 2575 case 7: tap->wr_rate = 108; break; 2576 } 2577 break; 2578 } 2579 } 2580 } 2581 2582 static void 2583 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2584 { 2585 struct run_softc *sc = usbd_xfer_softc(xfer); 2586 struct ifnet *ifp = sc->sc_ifp; 2587 struct mbuf *m = NULL; 2588 struct mbuf *m0; 2589 uint32_t dmalen; 2590 int xferlen; 2591 2592 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2593 2594 switch (USB_GET_STATE(xfer)) { 2595 case USB_ST_TRANSFERRED: 2596 2597 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2598 2599 if (xferlen < (int)(sizeof(uint32_t) + 2600 sizeof(struct rt2860_rxwi) + sizeof(struct rt2870_rxd))) { 2601 DPRINTF("xfer too short %d\n", xferlen); 2602 goto tr_setup; 2603 } 2604 2605 m = sc->rx_m; 2606 sc->rx_m = NULL; 2607 2608 /* FALLTHROUGH */ 2609 case USB_ST_SETUP: 2610 tr_setup: 2611 if (sc->rx_m == NULL) { 2612 sc->rx_m = m_getjcl(MB_DONTWAIT, MT_DATA, M_PKTHDR, 2613 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2614 } 2615 if (sc->rx_m == NULL) { 2616 DPRINTF("could not allocate mbuf - idle with stall\n"); 2617 ifp->if_ierrors++; 2618 usbd_xfer_set_stall(xfer); 2619 usbd_xfer_set_frames(xfer, 0); 2620 } else { 2621 /* 2622 * Directly loading a mbuf cluster into DMA to 2623 * save some data copying. This works because 2624 * there is only one cluster. 2625 */ 2626 usbd_xfer_set_frame_data(xfer, 0, 2627 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2628 usbd_xfer_set_frames(xfer, 1); 2629 } 2630 usbd_transfer_submit(xfer); 2631 break; 2632 2633 default: /* Error */ 2634 if (error != USB_ERR_CANCELLED) { 2635 /* try to clear stall first */ 2636 usbd_xfer_set_stall(xfer); 2637 2638 if (error == USB_ERR_TIMEOUT) 2639 device_printf(sc->sc_dev, "device timeout\n"); 2640 2641 ifp->if_ierrors++; 2642 2643 goto tr_setup; 2644 } 2645 if (sc->rx_m != NULL) { 2646 m_freem(sc->rx_m); 2647 sc->rx_m = NULL; 2648 } 2649 break; 2650 } 2651 2652 if (m == NULL) 2653 return; 2654 2655 /* inputting all the frames must be last */ 2656 2657 RUN_UNLOCK(sc); 2658 2659 m->m_pkthdr.len = m->m_len = xferlen; 2660 2661 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2662 for(;;) { 2663 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2664 2665 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2666 ((dmalen & 3) != 0)) { 2667 DPRINTF("bad DMA length %u\n", dmalen); 2668 break; 2669 } 2670 if ((dmalen + 8) > (uint32_t)xferlen) { 2671 DPRINTF("bad DMA length %u > %d\n", 2672 dmalen + 8, xferlen); 2673 break; 2674 } 2675 2676 /* If it is the last one or a single frame, we won't copy. */ 2677 if ((xferlen -= dmalen + 8) <= 8) { 2678 /* trim 32-bit DMA-len header */ 2679 m->m_data += 4; 2680 m->m_pkthdr.len = m->m_len -= 4; 2681 run_rx_frame(sc, m, dmalen); 2682 break; 2683 } 2684 2685 /* copy aggregated frames to another mbuf */ 2686 m0 = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR); 2687 if (__predict_false(m0 == NULL)) { 2688 DPRINTF("could not allocate mbuf\n"); 2689 ifp->if_ierrors++; 2690 break; 2691 } 2692 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 2693 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 2694 m0->m_pkthdr.len = m0->m_len = 2695 dmalen + sizeof(struct rt2870_rxd); 2696 run_rx_frame(sc, m0, dmalen); 2697 2698 /* update data ptr */ 2699 m->m_data += dmalen + 8; 2700 m->m_pkthdr.len = m->m_len -= dmalen + 8; 2701 } 2702 2703 RUN_LOCK(sc); 2704 } 2705 2706 static void 2707 run_tx_free(struct run_endpoint_queue *pq, 2708 struct run_tx_data *data, int txerr) 2709 { 2710 if (data->m != NULL) { 2711 if (data->m->m_flags & M_TXCB) 2712 ieee80211_process_callback(data->ni, data->m, 2713 txerr ? ETIMEDOUT : 0); 2714 m_freem(data->m); 2715 data->m = NULL; 2716 2717 if (data->ni == NULL) { 2718 DPRINTF("no node\n"); 2719 } else { 2720 ieee80211_free_node(data->ni); 2721 data->ni = NULL; 2722 } 2723 } 2724 2725 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 2726 pq->tx_nfree++; 2727 } 2728 2729 static void 2730 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, unsigned int index) 2731 { 2732 struct run_softc *sc = usbd_xfer_softc(xfer); 2733 struct ifnet *ifp = sc->sc_ifp; 2734 struct ieee80211com *ic = ifp->if_l2com; 2735 struct run_tx_data *data; 2736 struct ieee80211vap *vap = NULL; 2737 struct usb_page_cache *pc; 2738 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 2739 struct mbuf *m; 2740 usb_frlength_t size; 2741 int actlen; 2742 int sumlen; 2743 2744 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 2745 2746 switch (USB_GET_STATE(xfer)) { 2747 case USB_ST_TRANSFERRED: 2748 DPRINTFN(11, "transfer complete: %d " 2749 "bytes @ index %d\n", actlen, index); 2750 2751 data = usbd_xfer_get_priv(xfer); 2752 2753 run_tx_free(pq, data, 0); 2754 ifq_clr_oactive(&ifp->if_snd); 2755 2756 usbd_xfer_set_priv(xfer, NULL); 2757 2758 ifp->if_opackets++; 2759 2760 /* FALLTHROUGH */ 2761 case USB_ST_SETUP: 2762 tr_setup: 2763 data = STAILQ_FIRST(&pq->tx_qh); 2764 if (data == NULL) 2765 break; 2766 2767 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 2768 2769 m = data->m; 2770 if ((m->m_pkthdr.len + 2771 sizeof(data->desc) + 3 + 8) > RUN_MAX_TXSZ) { 2772 DPRINTF("data overflow, %u bytes\n", 2773 m->m_pkthdr.len); 2774 2775 ifp->if_oerrors++; 2776 2777 run_tx_free(pq, data, 1); 2778 2779 goto tr_setup; 2780 } 2781 2782 pc = usbd_xfer_get_frame(xfer, 0); 2783 size = sizeof(data->desc); 2784 usbd_copy_in(pc, 0, &data->desc, size); 2785 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 2786 size += m->m_pkthdr.len; 2787 /* 2788 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 2789 * 4-byte padding), and be sure to zero those trailing 2790 * bytes: 2791 */ 2792 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 2793 size += ((-size) & 3) + 8; 2794 2795 vap = data->ni->ni_vap; 2796 if (ieee80211_radiotap_active_vap(vap)) { 2797 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 2798 struct rt2860_txwi *txwi = 2799 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 2800 2801 tap->wt_flags = 0; 2802 tap->wt_rate = rt2860_rates[data->ridx].rate; 2803 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 2804 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 2805 tap->wt_hwqueue = index; 2806 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 2807 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2808 2809 ieee80211_radiotap_tx(vap, m); 2810 } 2811 2812 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 2813 m->m_pkthdr.len, size, index); 2814 2815 usbd_xfer_set_frame_len(xfer, 0, size); 2816 usbd_xfer_set_priv(xfer, data); 2817 2818 usbd_transfer_submit(xfer); 2819 2820 run_start_locked(ifp); 2821 2822 break; 2823 2824 default: 2825 DPRINTF("USB transfer error, %s\n", 2826 usbd_errstr(error)); 2827 2828 data = usbd_xfer_get_priv(xfer); 2829 2830 ifp->if_oerrors++; 2831 2832 if (data != NULL) { 2833 if(data->ni != NULL) 2834 vap = data->ni->ni_vap; 2835 run_tx_free(pq, data, error); 2836 usbd_xfer_set_priv(xfer, NULL); 2837 } 2838 if (vap == NULL) 2839 vap = TAILQ_FIRST(&ic->ic_vaps); 2840 2841 if (error != USB_ERR_CANCELLED) { 2842 if (error == USB_ERR_TIMEOUT) { 2843 device_printf(sc->sc_dev, "device timeout\n"); 2844 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2845 DPRINTF("cmdq_store=%d\n", i); 2846 sc->cmdq[i].func = run_usb_timeout_cb; 2847 sc->cmdq[i].arg0 = vap; 2848 ieee80211_runtask(ic, &sc->cmdq_task); 2849 } 2850 2851 /* 2852 * Try to clear stall first, also if other 2853 * errors occur, hence clearing stall 2854 * introduces a 50 ms delay: 2855 */ 2856 usbd_xfer_set_stall(xfer); 2857 goto tr_setup; 2858 } 2859 break; 2860 } 2861 } 2862 2863 static void 2864 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 2865 { 2866 run_bulk_tx_callbackN(xfer, error, 0); 2867 } 2868 2869 static void 2870 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 2871 { 2872 run_bulk_tx_callbackN(xfer, error, 1); 2873 } 2874 2875 static void 2876 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 2877 { 2878 run_bulk_tx_callbackN(xfer, error, 2); 2879 } 2880 2881 static void 2882 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 2883 { 2884 run_bulk_tx_callbackN(xfer, error, 3); 2885 } 2886 2887 static void 2888 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 2889 { 2890 run_bulk_tx_callbackN(xfer, error, 4); 2891 } 2892 2893 static void 2894 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 2895 { 2896 run_bulk_tx_callbackN(xfer, error, 5); 2897 } 2898 2899 static void 2900 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 2901 { 2902 struct mbuf *m = data->m; 2903 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2904 struct ieee80211vap *vap = data->ni->ni_vap; 2905 struct ieee80211_frame *wh; 2906 struct rt2870_txd *txd; 2907 struct rt2860_txwi *txwi; 2908 uint16_t xferlen; 2909 uint16_t mcs; 2910 uint8_t ridx = data->ridx; 2911 uint8_t pad; 2912 2913 /* get MCS code from rate index */ 2914 mcs = rt2860_rates[ridx].mcs; 2915 2916 xferlen = sizeof(*txwi) + m->m_pkthdr.len; 2917 2918 /* roundup to 32-bit alignment */ 2919 xferlen = (xferlen + 3) & ~3; 2920 2921 txd = (struct rt2870_txd *)&data->desc; 2922 txd->len = htole16(xferlen); 2923 2924 wh = mtod(m, struct ieee80211_frame *); 2925 2926 /* 2927 * Ether both are true or both are false, the header 2928 * are nicely aligned to 32-bit. So, no L2 padding. 2929 */ 2930 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 2931 pad = 0; 2932 else 2933 pad = 2; 2934 2935 /* setup TX Wireless Information */ 2936 txwi = (struct rt2860_txwi *)(txd + 1); 2937 txwi->len = htole16(m->m_pkthdr.len - pad); 2938 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 2939 txwi->phy = htole16(RT2860_PHY_CCK); 2940 if (ridx != RT2860_RIDX_CCK1 && 2941 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 2942 mcs |= RT2860_PHY_SHPRE; 2943 } else 2944 txwi->phy = htole16(RT2860_PHY_OFDM); 2945 txwi->phy |= htole16(mcs); 2946 2947 /* check if RTS/CTS or CTS-to-self protection is required */ 2948 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 2949 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 2950 ((ic->ic_flags & IEEE80211_F_USEPROT) && 2951 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 2952 txwi->txop |= RT2860_TX_TXOP_HT; 2953 else 2954 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 2955 2956 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 2957 txwi->xflags |= RT2860_TX_NSEQ; 2958 } 2959 2960 /* This function must be called locked */ 2961 static int 2962 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 2963 { 2964 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2965 struct ieee80211vap *vap = ni->ni_vap; 2966 struct ieee80211_frame *wh; 2967 struct ieee80211_channel *chan; 2968 const struct ieee80211_txparam *tp; 2969 struct run_node *rn = (void *)ni; 2970 struct run_tx_data *data; 2971 struct rt2870_txd *txd; 2972 struct rt2860_txwi *txwi; 2973 uint16_t qos; 2974 uint16_t dur; 2975 uint16_t qid; 2976 uint8_t type; 2977 uint8_t tid; 2978 uint8_t ridx; 2979 uint8_t ctl_ridx; 2980 uint8_t qflags; 2981 uint8_t xflags = 0; 2982 int hasqos; 2983 2984 #if 0 /* XXX swildner: lock needed? */ 2985 RUN_LOCK_ASSERT(sc, MA_OWNED); 2986 #endif 2987 2988 wh = mtod(m, struct ieee80211_frame *); 2989 2990 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 2991 2992 /* 2993 * There are 7 bulk endpoints: 1 for RX 2994 * and 6 for TX (4 EDCAs + HCCA + Prio). 2995 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 2996 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 2997 */ 2998 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 2999 uint8_t *frm; 3000 3001 if(IEEE80211_HAS_ADDR4(wh)) 3002 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3003 else 3004 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3005 3006 qos = le16toh(*(const uint16_t *)frm); 3007 tid = qos & IEEE80211_QOS_TID; 3008 qid = TID_TO_WME_AC(tid); 3009 } else { 3010 qos = 0; 3011 tid = 0; 3012 qid = WME_AC_BE; 3013 } 3014 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3015 3016 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3017 qos, qid, tid, qflags); 3018 3019 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3020 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3021 3022 /* pickup a rate index */ 3023 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3024 type != IEEE80211_FC0_TYPE_DATA) { 3025 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3026 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3027 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3028 } else { 3029 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3030 ridx = rn->fix_ridx; 3031 else 3032 ridx = rn->amrr_ridx; 3033 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3034 } 3035 3036 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3037 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3038 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3039 xflags |= RT2860_TX_ACK; 3040 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3041 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3042 else 3043 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3044 *(uint16_t *)wh->i_dur = htole16(dur); 3045 } 3046 3047 /* reserve slots for mgmt packets, just in case */ 3048 if (sc->sc_epq[qid].tx_nfree < 3) { 3049 DPRINTFN(10, "tx ring %d is full\n", qid); 3050 return (-1); 3051 } 3052 3053 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3054 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3055 sc->sc_epq[qid].tx_nfree--; 3056 3057 txd = (struct rt2870_txd *)&data->desc; 3058 txd->flags = qflags; 3059 txwi = (struct rt2860_txwi *)(txd + 1); 3060 txwi->xflags = xflags; 3061 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3062 txwi->wcid = 0; 3063 } else { 3064 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3065 1 : RUN_AID2WCID(ni->ni_associd); 3066 } 3067 /* clear leftover garbage bits */ 3068 txwi->flags = 0; 3069 txwi->txop = 0; 3070 3071 data->m = m; 3072 data->ni = ni; 3073 data->ridx = ridx; 3074 3075 run_set_tx_desc(sc, data); 3076 3077 /* 3078 * The chip keeps track of 2 kind of Tx stats, 3079 * * TX_STAT_FIFO, for per WCID stats, and 3080 * * TX_STA_CNT0 for all-TX-in-one stats. 3081 * 3082 * To use FIFO stats, we need to store MCS into the driver-private 3083 * PacketID field. So that, we can tell whose stats when we read them. 3084 * We add 1 to the MCS because setting the PacketID field to 0 means 3085 * that we don't want feedback in TX_STAT_FIFO. 3086 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3087 * 3088 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3089 */ 3090 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3091 vap->iv_opmode == IEEE80211_M_MBSS) { 3092 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3093 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3094 3095 /* 3096 * Unlike PCI based devices, we don't get any interrupt from 3097 * USB devices, so we simulate FIFO-is-full interrupt here. 3098 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3099 * quickly get fulled. To prevent overflow, increment a counter on 3100 * every FIFO stat request, so we know how many slots are left. 3101 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3102 * are used only in those modes. 3103 * We just drain stats. AMRR gets updated every 1 sec by 3104 * run_ratectl_cb() via callout. 3105 * Call it early. Otherwise overflow. 3106 */ 3107 if (sc->fifo_cnt++ == 10) { 3108 /* 3109 * With multiple vaps or if_bridge, if_start() is called 3110 * with a non-sleepable lock, tcpinp. So, need to defer. 3111 */ 3112 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3113 DPRINTFN(6, "cmdq_store=%d\n", i); 3114 sc->cmdq[i].func = run_drain_fifo; 3115 sc->cmdq[i].arg0 = sc; 3116 ieee80211_runtask(ic, &sc->cmdq_task); 3117 } 3118 } 3119 3120 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3121 3122 RUN_LOCK(sc); 3123 usbd_transfer_start(sc->sc_xfer[qid]); 3124 RUN_UNLOCK(sc); 3125 3126 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len + 3127 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3128 rt2860_rates[ridx].rate, qid); 3129 3130 return (0); 3131 } 3132 3133 static int 3134 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3135 { 3136 struct ifnet *ifp = sc->sc_ifp; 3137 struct ieee80211com *ic = ifp->if_l2com; 3138 struct run_node *rn = (void *)ni; 3139 struct run_tx_data *data; 3140 struct ieee80211_frame *wh; 3141 struct rt2870_txd *txd; 3142 struct rt2860_txwi *txwi; 3143 uint16_t dur; 3144 uint8_t ridx = rn->mgt_ridx; 3145 uint8_t type; 3146 uint8_t xflags = 0; 3147 uint8_t wflags = 0; 3148 3149 RUN_LOCK_ASSERT(sc, MA_OWNED); 3150 3151 wh = mtod(m, struct ieee80211_frame *); 3152 3153 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3154 3155 /* tell hardware to add timestamp for probe responses */ 3156 if ((wh->i_fc[0] & 3157 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3158 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3159 wflags |= RT2860_TX_TS; 3160 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3161 xflags |= RT2860_TX_ACK; 3162 3163 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3164 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3165 *(uint16_t *)wh->i_dur = htole16(dur); 3166 } 3167 3168 if (sc->sc_epq[0].tx_nfree == 0) { 3169 /* let caller free mbuf */ 3170 ifq_set_oactive(&ifp->if_snd); 3171 return (EIO); 3172 } 3173 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3174 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3175 sc->sc_epq[0].tx_nfree--; 3176 3177 txd = (struct rt2870_txd *)&data->desc; 3178 txd->flags = RT2860_TX_QSEL_EDCA; 3179 txwi = (struct rt2860_txwi *)(txd + 1); 3180 txwi->wcid = 0xff; 3181 txwi->flags = wflags; 3182 txwi->xflags = xflags; 3183 txwi->txop = 0; /* clear leftover garbage bits */ 3184 3185 data->m = m; 3186 data->ni = ni; 3187 data->ridx = ridx; 3188 3189 run_set_tx_desc(sc, data); 3190 3191 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3192 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)), 3193 rt2860_rates[ridx].rate); 3194 3195 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3196 3197 usbd_transfer_start(sc->sc_xfer[0]); 3198 3199 return (0); 3200 } 3201 3202 static int 3203 run_sendprot(struct run_softc *sc, 3204 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3205 { 3206 struct ieee80211com *ic = ni->ni_ic; 3207 struct ieee80211_frame *wh; 3208 struct run_tx_data *data; 3209 struct rt2870_txd *txd; 3210 struct rt2860_txwi *txwi; 3211 struct mbuf *mprot; 3212 int ridx; 3213 int protrate; 3214 int ackrate; 3215 int pktlen; 3216 int isshort; 3217 uint16_t dur; 3218 uint8_t type; 3219 uint8_t wflags = 0; 3220 uint8_t xflags = 0; 3221 3222 RUN_LOCK_ASSERT(sc, MA_OWNED); 3223 3224 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3225 ("protection %d", prot)); 3226 3227 wh = mtod(m, struct ieee80211_frame *); 3228 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3229 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3230 3231 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3232 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3233 3234 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3235 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3236 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3237 wflags = RT2860_TX_FRAG; 3238 3239 /* check that there are free slots before allocating the mbuf */ 3240 if (sc->sc_epq[0].tx_nfree == 0) { 3241 /* let caller free mbuf */ 3242 ifq_set_oactive(&sc->sc_ifp->if_snd); 3243 return (ENOBUFS); 3244 } 3245 3246 if (prot == IEEE80211_PROT_RTSCTS) { 3247 /* NB: CTS is the same size as an ACK */ 3248 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3249 xflags |= RT2860_TX_ACK; 3250 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3251 } else { 3252 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3253 } 3254 if (mprot == NULL) { 3255 sc->sc_ifp->if_oerrors++; 3256 DPRINTF("could not allocate mbuf\n"); 3257 return (ENOBUFS); 3258 } 3259 3260 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3261 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3262 sc->sc_epq[0].tx_nfree--; 3263 3264 txd = (struct rt2870_txd *)&data->desc; 3265 txd->flags = RT2860_TX_QSEL_EDCA; 3266 txwi = (struct rt2860_txwi *)(txd + 1); 3267 txwi->wcid = 0xff; 3268 txwi->flags = wflags; 3269 txwi->xflags = xflags; 3270 txwi->txop = 0; /* clear leftover garbage bits */ 3271 3272 data->m = mprot; 3273 data->ni = ieee80211_ref_node(ni); 3274 3275 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3276 if (rt2860_rates[ridx].rate == protrate) 3277 break; 3278 data->ridx = ridx; 3279 3280 run_set_tx_desc(sc, data); 3281 3282 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3283 m->m_pkthdr.len, rate); 3284 3285 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3286 3287 usbd_transfer_start(sc->sc_xfer[0]); 3288 3289 return (0); 3290 } 3291 3292 static int 3293 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3294 const struct ieee80211_bpf_params *params) 3295 { 3296 struct ieee80211com *ic = ni->ni_ic; 3297 struct ieee80211_frame *wh; 3298 struct run_tx_data *data; 3299 struct rt2870_txd *txd; 3300 struct rt2860_txwi *txwi; 3301 uint8_t type; 3302 uint8_t ridx; 3303 uint8_t rate; 3304 uint8_t opflags = 0; 3305 uint8_t xflags = 0; 3306 int error; 3307 3308 RUN_LOCK_ASSERT(sc, MA_OWNED); 3309 3310 KASSERT(params != NULL, ("no raw xmit params")); 3311 3312 wh = mtod(m, struct ieee80211_frame *); 3313 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3314 3315 rate = params->ibp_rate0; 3316 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3317 /* let caller free mbuf */ 3318 return (EINVAL); 3319 } 3320 3321 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3322 xflags |= RT2860_TX_ACK; 3323 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3324 error = run_sendprot(sc, m, ni, 3325 params->ibp_flags & IEEE80211_BPF_RTS ? 3326 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3327 rate); 3328 if (error) { 3329 /* let caller free mbuf */ 3330 return error; 3331 } 3332 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3333 } 3334 3335 if (sc->sc_epq[0].tx_nfree == 0) { 3336 /* let caller free mbuf */ 3337 ifq_set_oactive(&sc->sc_ifp->if_snd); 3338 DPRINTF("sending raw frame, but tx ring is full\n"); 3339 return (EIO); 3340 } 3341 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3342 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3343 sc->sc_epq[0].tx_nfree--; 3344 3345 txd = (struct rt2870_txd *)&data->desc; 3346 txd->flags = RT2860_TX_QSEL_EDCA; 3347 txwi = (struct rt2860_txwi *)(txd + 1); 3348 txwi->wcid = 0xff; 3349 txwi->xflags = xflags; 3350 txwi->txop = opflags; 3351 txwi->flags = 0; /* clear leftover garbage bits */ 3352 3353 data->m = m; 3354 data->ni = ni; 3355 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3356 if (rt2860_rates[ridx].rate == rate) 3357 break; 3358 data->ridx = ridx; 3359 3360 run_set_tx_desc(sc, data); 3361 3362 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3363 m->m_pkthdr.len, rate); 3364 3365 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3366 3367 usbd_transfer_start(sc->sc_xfer[0]); 3368 3369 return (0); 3370 } 3371 3372 static int 3373 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3374 const struct ieee80211_bpf_params *params) 3375 { 3376 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3377 struct run_softc *sc = ifp->if_softc; 3378 int error = 0; 3379 3380 RUN_LOCK(sc); 3381 3382 /* prevent management frames from being sent if we're not ready */ 3383 if (!(ifp->if_flags & IFF_RUNNING)) { 3384 error = ENETDOWN; 3385 goto done; 3386 } 3387 3388 if (params == NULL) { 3389 /* tx mgt packet */ 3390 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3391 ifp->if_oerrors++; 3392 DPRINTF("mgt tx failed\n"); 3393 goto done; 3394 } 3395 } else { 3396 /* tx raw packet with param */ 3397 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3398 ifp->if_oerrors++; 3399 DPRINTF("tx with param failed\n"); 3400 goto done; 3401 } 3402 } 3403 3404 ifp->if_opackets++; 3405 3406 done: 3407 RUN_UNLOCK(sc); 3408 3409 if (error != 0) { 3410 if(m != NULL) 3411 m_freem(m); 3412 ieee80211_free_node(ni); 3413 } 3414 3415 return (error); 3416 } 3417 3418 static void 3419 run_start_locked(struct ifnet *ifp) 3420 { 3421 struct run_softc *sc = ifp->if_softc; 3422 struct ieee80211_node *ni; 3423 struct mbuf *m = NULL; 3424 3425 if ((ifp->if_flags & IFF_RUNNING) == 0) 3426 return; 3427 3428 for (;;) { 3429 /* send data frames */ 3430 m = ifq_dequeue(&ifp->if_snd); 3431 if (m == NULL) 3432 break; 3433 3434 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3435 if (run_tx(sc, m, ni) != 0) { 3436 ifq_prepend(&ifp->if_snd, m); 3437 ifq_set_oactive(&ifp->if_snd); 3438 break; 3439 } 3440 } 3441 } 3442 3443 static void 3444 run_start(struct ifnet *ifp, struct ifaltq_subque *ifsq) 3445 { 3446 ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq); 3447 run_start_locked(ifp); 3448 } 3449 3450 static int 3451 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 3452 { 3453 struct run_softc *sc = ifp->if_softc; 3454 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3455 struct ifreq *ifr = (struct ifreq *) data; 3456 int startall = 0; 3457 int error; 3458 3459 RUN_LOCK(sc); 3460 error = sc->sc_detached ? ENXIO : 0; 3461 RUN_UNLOCK(sc); 3462 if (error) 3463 return (error); 3464 3465 switch (cmd) { 3466 case SIOCSIFFLAGS: 3467 RUN_LOCK(sc); 3468 if (ifp->if_flags & IFF_UP) { 3469 if (!(ifp->if_flags & IFF_RUNNING)){ 3470 startall = 1; 3471 run_init_locked(sc); 3472 } else 3473 run_update_promisc_locked(ifp); 3474 } else { 3475 if (ifp->if_flags & IFF_RUNNING && 3476 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3477 run_stop(sc); 3478 } 3479 } 3480 RUN_UNLOCK(sc); 3481 if (startall) 3482 ieee80211_start_all(ic); 3483 break; 3484 case SIOCGIFMEDIA: 3485 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3486 break; 3487 case SIOCGIFADDR: 3488 error = ether_ioctl(ifp, cmd, data); 3489 break; 3490 default: 3491 error = EINVAL; 3492 break; 3493 } 3494 3495 return (error); 3496 } 3497 3498 static void 3499 run_set_agc(struct run_softc *sc, uint8_t agc) 3500 { 3501 uint8_t bbp; 3502 3503 if (sc->mac_ver == 0x3572) { 3504 run_bbp_read(sc, 27, &bbp); 3505 bbp &= ~(0x3 << 5); 3506 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3507 run_bbp_write(sc, 66, agc); 3508 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3509 run_bbp_write(sc, 66, agc); 3510 } else 3511 run_bbp_write(sc, 66, agc); 3512 } 3513 3514 static void 3515 run_select_chan_group(struct run_softc *sc, int group) 3516 { 3517 uint32_t tmp; 3518 uint8_t agc; 3519 3520 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3521 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3522 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3523 run_bbp_write(sc, 86, 0x00); 3524 3525 if (group == 0) { 3526 if (sc->ext_2ghz_lna) { 3527 run_bbp_write(sc, 82, 0x62); 3528 run_bbp_write(sc, 75, 0x46); 3529 } else { 3530 run_bbp_write(sc, 82, 0x84); 3531 run_bbp_write(sc, 75, 0x50); 3532 } 3533 } else { 3534 if (sc->mac_ver == 0x3572) 3535 run_bbp_write(sc, 82, 0x94); 3536 else 3537 run_bbp_write(sc, 82, 0xf2); 3538 if (sc->ext_5ghz_lna) 3539 run_bbp_write(sc, 75, 0x46); 3540 else 3541 run_bbp_write(sc, 75, 0x50); 3542 } 3543 3544 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 3545 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 3546 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 3547 run_write(sc, RT2860_TX_BAND_CFG, tmp); 3548 3549 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 3550 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 3551 if (sc->nrxchains > 1) 3552 tmp |= RT2860_LNA_PE1_EN; 3553 if (group == 0) { /* 2GHz */ 3554 tmp |= RT2860_PA_PE_G0_EN; 3555 if (sc->ntxchains > 1) 3556 tmp |= RT2860_PA_PE_G1_EN; 3557 } else { /* 5GHz */ 3558 tmp |= RT2860_PA_PE_A0_EN; 3559 if (sc->ntxchains > 1) 3560 tmp |= RT2860_PA_PE_A1_EN; 3561 } 3562 if (sc->mac_ver == 0x3572) { 3563 run_rt3070_rf_write(sc, 8, 0x00); 3564 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3565 run_rt3070_rf_write(sc, 8, 0x80); 3566 } else 3567 run_write(sc, RT2860_TX_PIN_CFG, tmp); 3568 3569 /* set initial AGC value */ 3570 if (group == 0) { /* 2GHz band */ 3571 if (sc->mac_ver >= 0x3070) 3572 agc = 0x1c + sc->lna[0] * 2; 3573 else 3574 agc = 0x2e + sc->lna[0]; 3575 } else { /* 5GHz band */ 3576 if (sc->mac_ver == 0x3572) 3577 agc = 0x22 + (sc->lna[group] * 5) / 3; 3578 else 3579 agc = 0x32 + (sc->lna[group] * 5) / 3; 3580 } 3581 run_set_agc(sc, agc); 3582 } 3583 3584 static void 3585 run_rt2870_set_chan(struct run_softc *sc, uint32_t chan) 3586 { 3587 const struct rfprog *rfprog = rt2860_rf2850; 3588 uint32_t r2, r3, r4; 3589 int8_t txpow1, txpow2; 3590 int i; 3591 3592 /* find the settings for this channel (we know it exists) */ 3593 for (i = 0; rfprog[i].chan != chan; i++); 3594 3595 r2 = rfprog[i].r2; 3596 if (sc->ntxchains == 1) 3597 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */ 3598 if (sc->nrxchains == 1) 3599 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3600 else if (sc->nrxchains == 2) 3601 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */ 3602 3603 /* use Tx power values from EEPROM */ 3604 txpow1 = sc->txpow1[i]; 3605 txpow2 = sc->txpow2[i]; 3606 if (chan > 14) { 3607 if (txpow1 >= 0) 3608 txpow1 = txpow1 << 1 | 1; 3609 else 3610 txpow1 = (7 + txpow1) << 1; 3611 if (txpow2 >= 0) 3612 txpow2 = txpow2 << 1 | 1; 3613 else 3614 txpow2 = (7 + txpow2) << 1; 3615 } 3616 r3 = rfprog[i].r3 | txpow1 << 7; 3617 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4; 3618 3619 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3620 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3621 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3622 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3623 3624 run_delay(sc, 10); 3625 3626 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3627 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3628 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1); 3629 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3630 3631 run_delay(sc, 10); 3632 3633 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1); 3634 run_rt2870_rf_write(sc, RT2860_RF2, r2); 3635 run_rt2870_rf_write(sc, RT2860_RF3, r3); 3636 run_rt2870_rf_write(sc, RT2860_RF4, r4); 3637 } 3638 3639 static void 3640 run_rt3070_set_chan(struct run_softc *sc, uint32_t chan) 3641 { 3642 int8_t txpow1, txpow2; 3643 uint8_t rf; 3644 int i; 3645 3646 /* RT3070 is 2GHz only */ 3647 KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n")); 3648 3649 /* find the settings for this channel (we know it exists) */ 3650 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3651 3652 /* use Tx power values from EEPROM */ 3653 txpow1 = sc->txpow1[i]; 3654 txpow2 = sc->txpow2[i]; 3655 3656 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3657 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3658 run_rt3070_rf_read(sc, 6, &rf); 3659 rf = (rf & ~0x03) | rt3070_freqs[i].r; 3660 run_rt3070_rf_write(sc, 6, rf); 3661 3662 /* set Tx0 power */ 3663 run_rt3070_rf_read(sc, 12, &rf); 3664 rf = (rf & ~0x1f) | txpow1; 3665 run_rt3070_rf_write(sc, 12, rf); 3666 3667 /* set Tx1 power */ 3668 run_rt3070_rf_read(sc, 13, &rf); 3669 rf = (rf & ~0x1f) | txpow2; 3670 run_rt3070_rf_write(sc, 13, rf); 3671 3672 run_rt3070_rf_read(sc, 1, &rf); 3673 rf &= ~0xfc; 3674 if (sc->ntxchains == 1) 3675 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3676 else if (sc->ntxchains == 2) 3677 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3678 if (sc->nrxchains == 1) 3679 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3680 else if (sc->nrxchains == 2) 3681 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3682 run_rt3070_rf_write(sc, 1, rf); 3683 3684 /* set RF offset */ 3685 run_rt3070_rf_read(sc, 23, &rf); 3686 rf = (rf & ~0x7f) | sc->freq; 3687 run_rt3070_rf_write(sc, 23, rf); 3688 3689 /* program RF filter */ 3690 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 3691 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3692 run_rt3070_rf_write(sc, 24, rf); 3693 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 3694 rf = (rf & ~0x3f) | sc->rf24_20mhz; 3695 run_rt3070_rf_write(sc, 31, rf); 3696 3697 /* enable RF tuning */ 3698 run_rt3070_rf_read(sc, 7, &rf); 3699 run_rt3070_rf_write(sc, 7, rf | 0x01); 3700 } 3701 3702 static void 3703 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 3704 { 3705 int8_t txpow1, txpow2; 3706 uint32_t tmp; 3707 uint8_t rf; 3708 int i; 3709 3710 /* find the settings for this channel (we know it exists) */ 3711 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 3712 3713 /* use Tx power values from EEPROM */ 3714 txpow1 = sc->txpow1[i]; 3715 txpow2 = sc->txpow2[i]; 3716 3717 if (chan <= 14) { 3718 run_bbp_write(sc, 25, sc->bbp25); 3719 run_bbp_write(sc, 26, sc->bbp26); 3720 } else { 3721 /* enable IQ phase correction */ 3722 run_bbp_write(sc, 25, 0x09); 3723 run_bbp_write(sc, 26, 0xff); 3724 } 3725 3726 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 3727 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 3728 run_rt3070_rf_read(sc, 6, &rf); 3729 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 3730 rf |= (chan <= 14) ? 0x08 : 0x04; 3731 run_rt3070_rf_write(sc, 6, rf); 3732 3733 /* set PLL mode */ 3734 run_rt3070_rf_read(sc, 5, &rf); 3735 rf &= ~(0x08 | 0x04); 3736 rf |= (chan <= 14) ? 0x04 : 0x08; 3737 run_rt3070_rf_write(sc, 5, rf); 3738 3739 /* set Tx power for chain 0 */ 3740 if (chan <= 14) 3741 rf = 0x60 | txpow1; 3742 else 3743 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 3744 run_rt3070_rf_write(sc, 12, rf); 3745 3746 /* set Tx power for chain 1 */ 3747 if (chan <= 14) 3748 rf = 0x60 | txpow2; 3749 else 3750 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 3751 run_rt3070_rf_write(sc, 13, rf); 3752 3753 /* set Tx/Rx streams */ 3754 run_rt3070_rf_read(sc, 1, &rf); 3755 rf &= ~0xfc; 3756 if (sc->ntxchains == 1) 3757 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 3758 else if (sc->ntxchains == 2) 3759 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 3760 if (sc->nrxchains == 1) 3761 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 3762 else if (sc->nrxchains == 2) 3763 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 3764 run_rt3070_rf_write(sc, 1, rf); 3765 3766 /* set RF offset */ 3767 run_rt3070_rf_read(sc, 23, &rf); 3768 rf = (rf & ~0x7f) | sc->freq; 3769 run_rt3070_rf_write(sc, 23, rf); 3770 3771 /* program RF filter */ 3772 rf = sc->rf24_20mhz; 3773 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 3774 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 3775 3776 /* enable RF tuning */ 3777 run_rt3070_rf_read(sc, 7, &rf); 3778 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 3779 run_rt3070_rf_write(sc, 7, rf); 3780 3781 /* TSSI */ 3782 rf = (chan <= 14) ? 0xc3 : 0xc0; 3783 run_rt3070_rf_write(sc, 9, rf); 3784 3785 /* set loop filter 1 */ 3786 run_rt3070_rf_write(sc, 10, 0xf1); 3787 /* set loop filter 2 */ 3788 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 3789 3790 /* set tx_mx2_ic */ 3791 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 3792 /* set tx_mx1_ic */ 3793 if (chan <= 14) 3794 rf = 0x48 | sc->txmixgain_2ghz; 3795 else 3796 rf = 0x78 | sc->txmixgain_5ghz; 3797 run_rt3070_rf_write(sc, 16, rf); 3798 3799 /* set tx_lo1 */ 3800 run_rt3070_rf_write(sc, 17, 0x23); 3801 /* set tx_lo2 */ 3802 if (chan <= 14) 3803 rf = 0x93; 3804 else if (chan <= 64) 3805 rf = 0xb7; 3806 else if (chan <= 128) 3807 rf = 0x74; 3808 else 3809 rf = 0x72; 3810 run_rt3070_rf_write(sc, 19, rf); 3811 3812 /* set rx_lo1 */ 3813 if (chan <= 14) 3814 rf = 0xb3; 3815 else if (chan <= 64) 3816 rf = 0xf6; 3817 else if (chan <= 128) 3818 rf = 0xf4; 3819 else 3820 rf = 0xf3; 3821 run_rt3070_rf_write(sc, 20, rf); 3822 3823 /* set pfd_delay */ 3824 if (chan <= 14) 3825 rf = 0x15; 3826 else if (chan <= 64) 3827 rf = 0x3d; 3828 else 3829 rf = 0x01; 3830 run_rt3070_rf_write(sc, 25, rf); 3831 3832 /* set rx_lo2 */ 3833 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 3834 /* set ldo_rf_vc */ 3835 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 3836 /* set drv_cc */ 3837 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 3838 3839 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3840 tmp &= ~0x8080; 3841 if (chan <= 14) 3842 tmp |= 0x80; 3843 run_write(sc, RT2860_GPIO_CTRL, tmp); 3844 3845 /* enable RF tuning */ 3846 run_rt3070_rf_read(sc, 7, &rf); 3847 run_rt3070_rf_write(sc, 7, rf | 0x01); 3848 3849 run_delay(sc, 2); 3850 } 3851 3852 static void 3853 run_set_rx_antenna(struct run_softc *sc, int aux) 3854 { 3855 uint32_t tmp; 3856 3857 if (aux) { 3858 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 3859 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3860 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 3861 } else { 3862 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 3863 run_read(sc, RT2860_GPIO_CTRL, &tmp); 3864 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 3865 } 3866 } 3867 3868 static int 3869 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 3870 { 3871 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3872 uint32_t chan, group; 3873 3874 chan = ieee80211_chan2ieee(ic, c); 3875 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 3876 return (EINVAL); 3877 3878 if (sc->mac_ver == 0x3572) 3879 run_rt3572_set_chan(sc, chan); 3880 else if (sc->mac_ver >= 0x3070) 3881 run_rt3070_set_chan(sc, chan); 3882 else 3883 run_rt2870_set_chan(sc, chan); 3884 3885 /* determine channel group */ 3886 if (chan <= 14) 3887 group = 0; 3888 else if (chan <= 64) 3889 group = 1; 3890 else if (chan <= 128) 3891 group = 2; 3892 else 3893 group = 3; 3894 3895 /* XXX necessary only when group has changed! */ 3896 run_select_chan_group(sc, group); 3897 3898 run_delay(sc, 10); 3899 3900 return (0); 3901 } 3902 3903 static void 3904 run_set_channel(struct ieee80211com *ic) 3905 { 3906 struct run_softc *sc = ic->ic_ifp->if_softc; 3907 3908 RUN_LOCK(sc); 3909 run_set_chan(sc, ic->ic_curchan); 3910 RUN_UNLOCK(sc); 3911 3912 return; 3913 } 3914 3915 static void 3916 run_scan_start(struct ieee80211com *ic) 3917 { 3918 struct run_softc *sc = ic->ic_ifp->if_softc; 3919 uint32_t tmp; 3920 3921 RUN_LOCK(sc); 3922 3923 /* abort TSF synchronization */ 3924 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 3925 run_write(sc, RT2860_BCN_TIME_CFG, 3926 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 3927 RT2860_TBTT_TIMER_EN)); 3928 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 3929 3930 RUN_UNLOCK(sc); 3931 3932 return; 3933 } 3934 3935 static void 3936 run_scan_end(struct ieee80211com *ic) 3937 { 3938 struct run_softc *sc = ic->ic_ifp->if_softc; 3939 3940 RUN_LOCK(sc); 3941 3942 run_enable_tsf_sync(sc); 3943 /* XXX keep local copy */ 3944 run_set_bssid(sc, sc->sc_bssid); 3945 3946 RUN_UNLOCK(sc); 3947 3948 return; 3949 } 3950 3951 /* 3952 * Could be called from ieee80211_node_timeout() 3953 * (non-sleepable thread) 3954 */ 3955 static void 3956 run_update_beacon(struct ieee80211vap *vap, int item) 3957 { 3958 struct ieee80211com *ic = vap->iv_ic; 3959 struct run_softc *sc = ic->ic_ifp->if_softc; 3960 struct run_vap *rvp = RUN_VAP(vap); 3961 int mcast = 0; 3962 uint32_t i; 3963 3964 KASSERT(vap != NULL, ("no beacon")); 3965 3966 switch (item) { 3967 case IEEE80211_BEACON_ERP: 3968 run_updateslot(ic->ic_ifp); 3969 break; 3970 case IEEE80211_BEACON_HTINFO: 3971 run_updateprot(ic); 3972 break; 3973 case IEEE80211_BEACON_TIM: 3974 mcast = 1; /*TODO*/ 3975 break; 3976 default: 3977 break; 3978 } 3979 3980 setbit(rvp->bo.bo_flags, item); 3981 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 3982 3983 i = RUN_CMDQ_GET(&sc->cmdq_store); 3984 DPRINTF("cmdq_store=%d\n", i); 3985 sc->cmdq[i].func = run_update_beacon_cb; 3986 sc->cmdq[i].arg0 = vap; 3987 ieee80211_runtask(ic, &sc->cmdq_task); 3988 3989 return; 3990 } 3991 3992 static void 3993 run_update_beacon_cb(void *arg) 3994 { 3995 struct ieee80211vap *vap = arg; 3996 struct run_vap *rvp = RUN_VAP(vap); 3997 struct ieee80211com *ic = vap->iv_ic; 3998 struct run_softc *sc = ic->ic_ifp->if_softc; 3999 struct rt2860_txwi txwi; 4000 struct mbuf *m; 4001 uint8_t ridx; 4002 4003 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4004 return; 4005 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4006 return; 4007 4008 /* 4009 * No need to call ieee80211_beacon_update(), run_update_beacon() 4010 * is taking care of apropriate calls. 4011 */ 4012 if (rvp->beacon_mbuf == NULL) { 4013 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4014 &rvp->bo); 4015 if (rvp->beacon_mbuf == NULL) 4016 return; 4017 } 4018 m = rvp->beacon_mbuf; 4019 4020 memset(&txwi, 0, sizeof txwi); 4021 txwi.wcid = 0xff; 4022 txwi.len = htole16(m->m_pkthdr.len); 4023 /* send beacons at the lowest available rate */ 4024 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4025 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4026 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4027 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4028 txwi.phy |= htole16(RT2860_PHY_OFDM); 4029 txwi.txop = RT2860_TX_TXOP_HT; 4030 txwi.flags = RT2860_TX_TS; 4031 txwi.xflags = RT2860_TX_NSEQ; 4032 4033 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), 4034 (uint8_t *)&txwi, sizeof txwi); 4035 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + sizeof txwi, 4036 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); /* roundup len */ 4037 4038 return; 4039 } 4040 4041 static void 4042 run_updateprot(struct ieee80211com *ic) 4043 { 4044 struct run_softc *sc = ic->ic_ifp->if_softc; 4045 uint32_t i; 4046 4047 i = RUN_CMDQ_GET(&sc->cmdq_store); 4048 DPRINTF("cmdq_store=%d\n", i); 4049 sc->cmdq[i].func = run_updateprot_cb; 4050 sc->cmdq[i].arg0 = ic; 4051 ieee80211_runtask(ic, &sc->cmdq_task); 4052 } 4053 4054 static void 4055 run_updateprot_cb(void *arg) 4056 { 4057 struct ieee80211com *ic = arg; 4058 struct run_softc *sc = ic->ic_ifp->if_softc; 4059 uint32_t tmp; 4060 4061 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 4062 /* setup protection frame rate (MCS code) */ 4063 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 4064 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 4065 rt2860_rates[RT2860_RIDX_CCK11].mcs; 4066 4067 /* CCK frames don't require protection */ 4068 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 4069 if (ic->ic_flags & IEEE80211_F_USEPROT) { 4070 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 4071 tmp |= RT2860_PROT_CTRL_RTS_CTS; 4072 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 4073 tmp |= RT2860_PROT_CTRL_CTS; 4074 } 4075 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 4076 } 4077 4078 static void 4079 run_usb_timeout_cb(void *arg) 4080 { 4081 struct ieee80211vap *vap = arg; 4082 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 4083 4084 RUN_LOCK_ASSERT(sc, MA_OWNED); 4085 4086 if(vap->iv_state == IEEE80211_S_RUN && 4087 vap->iv_opmode != IEEE80211_M_STA) 4088 run_reset_livelock(sc); 4089 else if (vap->iv_state == IEEE80211_S_SCAN) { 4090 DPRINTF("timeout caused by scan\n"); 4091 /* cancel bgscan */ 4092 ieee80211_cancel_scan(vap); 4093 } else 4094 DPRINTF("timeout by unknown cause\n"); 4095 } 4096 4097 static void 4098 run_reset_livelock(struct run_softc *sc) 4099 { 4100 uint32_t tmp; 4101 4102 RUN_LOCK_ASSERT(sc, MA_OWNED); 4103 4104 /* 4105 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 4106 * can run into a livelock and start sending CTS-to-self frames like 4107 * crazy if protection is enabled. Reset MAC/BBP for a while 4108 */ 4109 run_read(sc, RT2860_DEBUG, &tmp); 4110 DPRINTFN(3, "debug reg %08x\n", tmp); 4111 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 4112 DPRINTF("CTS-to-self livelock detected\n"); 4113 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 4114 run_delay(sc, 1); 4115 run_write(sc, RT2860_MAC_SYS_CTRL, 4116 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4117 } 4118 } 4119 4120 static void 4121 run_update_promisc_locked(struct ifnet *ifp) 4122 { 4123 struct run_softc *sc = ifp->if_softc; 4124 uint32_t tmp; 4125 4126 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 4127 4128 tmp |= RT2860_DROP_UC_NOME; 4129 if (ifp->if_flags & IFF_PROMISC) 4130 tmp &= ~RT2860_DROP_UC_NOME; 4131 4132 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4133 4134 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 4135 "entering" : "leaving"); 4136 } 4137 4138 static void 4139 run_update_promisc(struct ifnet *ifp) 4140 { 4141 struct run_softc *sc = ifp->if_softc; 4142 4143 if ((ifp->if_flags & IFF_RUNNING) == 0) 4144 return; 4145 4146 RUN_LOCK(sc); 4147 run_update_promisc_locked(ifp); 4148 RUN_UNLOCK(sc); 4149 } 4150 4151 static void 4152 run_enable_tsf_sync(struct run_softc *sc) 4153 { 4154 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4155 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 4156 uint32_t tmp; 4157 4158 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode); 4159 4160 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4161 tmp &= ~0x1fffff; 4162 tmp |= vap->iv_bss->ni_intval * 16; 4163 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 4164 4165 if (ic->ic_opmode == IEEE80211_M_STA) { 4166 /* 4167 * Local TSF is always updated with remote TSF on beacon 4168 * reception. 4169 */ 4170 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 4171 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 4172 tmp |= RT2860_BCN_TX_EN; 4173 /* 4174 * Local TSF is updated with remote TSF on beacon reception 4175 * only if the remote TSF is greater than local TSF. 4176 */ 4177 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 4178 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 4179 ic->ic_opmode == IEEE80211_M_MBSS) { 4180 tmp |= RT2860_BCN_TX_EN; 4181 /* SYNC with nobody */ 4182 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 4183 } else { 4184 DPRINTF("Enabling TSF failed. undefined opmode\n"); 4185 return; 4186 } 4187 4188 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4189 } 4190 4191 static void 4192 run_enable_mrr(struct run_softc *sc) 4193 { 4194 #define CCK(mcs) (mcs) 4195 #define OFDM(mcs) (1 << 3 | (mcs)) 4196 run_write(sc, RT2860_LG_FBK_CFG0, 4197 OFDM(6) << 28 | /* 54->48 */ 4198 OFDM(5) << 24 | /* 48->36 */ 4199 OFDM(4) << 20 | /* 36->24 */ 4200 OFDM(3) << 16 | /* 24->18 */ 4201 OFDM(2) << 12 | /* 18->12 */ 4202 OFDM(1) << 8 | /* 12-> 9 */ 4203 OFDM(0) << 4 | /* 9-> 6 */ 4204 OFDM(0)); /* 6-> 6 */ 4205 4206 run_write(sc, RT2860_LG_FBK_CFG1, 4207 CCK(2) << 12 | /* 11->5.5 */ 4208 CCK(1) << 8 | /* 5.5-> 2 */ 4209 CCK(0) << 4 | /* 2-> 1 */ 4210 CCK(0)); /* 1-> 1 */ 4211 #undef OFDM 4212 #undef CCK 4213 } 4214 4215 static void 4216 run_set_txpreamble(struct run_softc *sc) 4217 { 4218 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4219 uint32_t tmp; 4220 4221 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 4222 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 4223 tmp |= RT2860_CCK_SHORT_EN; 4224 else 4225 tmp &= ~RT2860_CCK_SHORT_EN; 4226 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 4227 } 4228 4229 static void 4230 run_set_basicrates(struct run_softc *sc) 4231 { 4232 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4233 4234 /* set basic rates mask */ 4235 if (ic->ic_curmode == IEEE80211_MODE_11B) 4236 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 4237 else if (ic->ic_curmode == IEEE80211_MODE_11A) 4238 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 4239 else /* 11g */ 4240 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 4241 } 4242 4243 static void 4244 run_set_leds(struct run_softc *sc, uint16_t which) 4245 { 4246 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 4247 which | (sc->leds & 0x7f)); 4248 } 4249 4250 static void 4251 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 4252 { 4253 run_write(sc, RT2860_MAC_BSSID_DW0, 4254 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 4255 run_write(sc, RT2860_MAC_BSSID_DW1, 4256 bssid[4] | bssid[5] << 8); 4257 } 4258 4259 static void 4260 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 4261 { 4262 run_write(sc, RT2860_MAC_ADDR_DW0, 4263 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 4264 run_write(sc, RT2860_MAC_ADDR_DW1, 4265 addr[4] | addr[5] << 8 | 0xff << 16); 4266 } 4267 4268 static void 4269 run_updateslot(struct ifnet *ifp) 4270 { 4271 struct run_softc *sc = ifp->if_softc; 4272 struct ieee80211com *ic = ifp->if_l2com; 4273 uint32_t i; 4274 4275 i = RUN_CMDQ_GET(&sc->cmdq_store); 4276 DPRINTF("cmdq_store=%d\n", i); 4277 sc->cmdq[i].func = run_updateslot_cb; 4278 sc->cmdq[i].arg0 = ifp; 4279 ieee80211_runtask(ic, &sc->cmdq_task); 4280 4281 return; 4282 } 4283 4284 /* ARGSUSED */ 4285 static void 4286 run_updateslot_cb(void *arg) 4287 { 4288 struct ifnet *ifp = arg; 4289 struct run_softc *sc = ifp->if_softc; 4290 struct ieee80211com *ic = ifp->if_l2com; 4291 uint32_t tmp; 4292 4293 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 4294 tmp &= ~0xff; 4295 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 4296 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 4297 } 4298 4299 static void 4300 run_update_mcast(struct ifnet *ifp) 4301 { 4302 /* h/w filter supports getting everything or nothing */ 4303 ifp->if_flags |= IFF_ALLMULTI; 4304 } 4305 4306 static int8_t 4307 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 4308 { 4309 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4310 struct ieee80211_channel *c = ic->ic_curchan; 4311 int delta; 4312 4313 if (IEEE80211_IS_CHAN_5GHZ(c)) { 4314 uint32_t chan = ieee80211_chan2ieee(ic, c); 4315 delta = sc->rssi_5ghz[rxchain]; 4316 4317 /* determine channel group */ 4318 if (chan <= 64) 4319 delta -= sc->lna[1]; 4320 else if (chan <= 128) 4321 delta -= sc->lna[2]; 4322 else 4323 delta -= sc->lna[3]; 4324 } else 4325 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 4326 4327 return (-12 - delta - rssi); 4328 } 4329 4330 static int 4331 run_bbp_init(struct run_softc *sc) 4332 { 4333 int i, error, ntries; 4334 uint8_t bbp0; 4335 4336 /* wait for BBP to wake up */ 4337 for (ntries = 0; ntries < 20; ntries++) { 4338 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 4339 return error; 4340 if (bbp0 != 0 && bbp0 != 0xff) 4341 break; 4342 } 4343 if (ntries == 20) 4344 return (ETIMEDOUT); 4345 4346 /* initialize BBP registers to default values */ 4347 for (i = 0; i < NELEM(rt2860_def_bbp); i++) { 4348 run_bbp_write(sc, rt2860_def_bbp[i].reg, 4349 rt2860_def_bbp[i].val); 4350 } 4351 4352 /* fix BBP84 for RT2860E */ 4353 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 4354 run_bbp_write(sc, 84, 0x19); 4355 4356 if (sc->mac_ver >= 0x3070) { 4357 run_bbp_write(sc, 79, 0x13); 4358 run_bbp_write(sc, 80, 0x05); 4359 run_bbp_write(sc, 81, 0x33); 4360 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 4361 run_bbp_write(sc, 69, 0x16); 4362 run_bbp_write(sc, 73, 0x12); 4363 } 4364 return (0); 4365 } 4366 4367 static int 4368 run_rt3070_rf_init(struct run_softc *sc) 4369 { 4370 uint32_t tmp; 4371 uint8_t rf, target, bbp4; 4372 int i; 4373 4374 run_rt3070_rf_read(sc, 30, &rf); 4375 /* toggle RF R30 bit 7 */ 4376 run_rt3070_rf_write(sc, 30, rf | 0x80); 4377 run_delay(sc, 10); 4378 run_rt3070_rf_write(sc, 30, rf & ~0x80); 4379 4380 /* initialize RF registers to default value */ 4381 if (sc->mac_ver == 0x3572) { 4382 for (i = 0; i < NELEM(rt3572_def_rf); i++) { 4383 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 4384 rt3572_def_rf[i].val); 4385 } 4386 } else { 4387 for (i = 0; i < NELEM(rt3070_def_rf); i++) { 4388 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 4389 rt3070_def_rf[i].val); 4390 } 4391 } 4392 4393 if (sc->mac_ver == 0x3070) { 4394 /* change voltage from 1.2V to 1.35V for RT3070 */ 4395 run_read(sc, RT3070_LDO_CFG0, &tmp); 4396 tmp = (tmp & ~0x0f000000) | 0x0d000000; 4397 run_write(sc, RT3070_LDO_CFG0, tmp); 4398 4399 } else if (sc->mac_ver == 0x3071) { 4400 run_rt3070_rf_read(sc, 6, &rf); 4401 run_rt3070_rf_write(sc, 6, rf | 0x40); 4402 run_rt3070_rf_write(sc, 31, 0x14); 4403 4404 run_read(sc, RT3070_LDO_CFG0, &tmp); 4405 tmp &= ~0x1f000000; 4406 if (sc->mac_rev < 0x0211) 4407 tmp |= 0x0d000000; /* 1.3V */ 4408 else 4409 tmp |= 0x01000000; /* 1.2V */ 4410 run_write(sc, RT3070_LDO_CFG0, tmp); 4411 4412 /* patch LNA_PE_G1 */ 4413 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 4414 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 4415 4416 } else if (sc->mac_ver == 0x3572) { 4417 run_rt3070_rf_read(sc, 6, &rf); 4418 run_rt3070_rf_write(sc, 6, rf | 0x40); 4419 4420 /* increase voltage from 1.2V to 1.35V */ 4421 run_read(sc, RT3070_LDO_CFG0, &tmp); 4422 tmp = (tmp & ~0x1f000000) | 0x0d000000; 4423 run_write(sc, RT3070_LDO_CFG0, tmp); 4424 4425 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 4426 run_delay(sc, 1); /* wait for 1msec */ 4427 /* decrease voltage back to 1.2V */ 4428 tmp = (tmp & ~0x1f000000) | 0x01000000; 4429 run_write(sc, RT3070_LDO_CFG0, tmp); 4430 } 4431 } 4432 4433 /* select 20MHz bandwidth */ 4434 run_rt3070_rf_read(sc, 31, &rf); 4435 run_rt3070_rf_write(sc, 31, rf & ~0x20); 4436 4437 /* calibrate filter for 20MHz bandwidth */ 4438 sc->rf24_20mhz = 0x1f; /* default value */ 4439 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 4440 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 4441 4442 /* select 40MHz bandwidth */ 4443 run_bbp_read(sc, 4, &bbp4); 4444 run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10); 4445 run_rt3070_rf_read(sc, 31, &rf); 4446 run_rt3070_rf_write(sc, 31, rf | 0x20); 4447 4448 /* calibrate filter for 40MHz bandwidth */ 4449 sc->rf24_40mhz = 0x2f; /* default value */ 4450 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 4451 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 4452 4453 /* go back to 20MHz bandwidth */ 4454 run_bbp_read(sc, 4, &bbp4); 4455 run_bbp_write(sc, 4, bbp4 & ~0x18); 4456 4457 if (sc->mac_ver == 0x3572) { 4458 /* save default BBP registers 25 and 26 values */ 4459 run_bbp_read(sc, 25, &sc->bbp25); 4460 run_bbp_read(sc, 26, &sc->bbp26); 4461 } else if (sc->mac_rev < 0x0211) 4462 run_rt3070_rf_write(sc, 27, 0x03); 4463 4464 run_read(sc, RT3070_OPT_14, &tmp); 4465 run_write(sc, RT3070_OPT_14, tmp | 1); 4466 4467 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4468 run_rt3070_rf_read(sc, 17, &rf); 4469 rf &= ~RT3070_TX_LO1; 4470 if ((sc->mac_ver == 0x3070 || 4471 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 4472 !sc->ext_2ghz_lna) 4473 rf |= 0x20; /* fix for long range Rx issue */ 4474 if (sc->txmixgain_2ghz >= 1) 4475 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 4476 run_rt3070_rf_write(sc, 17, rf); 4477 } 4478 4479 if (sc->mac_rev == 0x3071) { 4480 run_rt3070_rf_read(sc, 1, &rf); 4481 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 4482 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 4483 run_rt3070_rf_write(sc, 1, rf); 4484 4485 run_rt3070_rf_read(sc, 15, &rf); 4486 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 4487 4488 run_rt3070_rf_read(sc, 20, &rf); 4489 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 4490 4491 run_rt3070_rf_read(sc, 21, &rf); 4492 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 4493 } 4494 4495 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 4496 /* fix Tx to Rx IQ glitch by raising RF voltage */ 4497 run_rt3070_rf_read(sc, 27, &rf); 4498 rf &= ~0x77; 4499 if (sc->mac_rev < 0x0211) 4500 rf |= 0x03; 4501 run_rt3070_rf_write(sc, 27, rf); 4502 } 4503 return (0); 4504 } 4505 4506 static int 4507 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 4508 uint8_t *val) 4509 { 4510 uint8_t rf22, rf24; 4511 uint8_t bbp55_pb, bbp55_sb, delta; 4512 int ntries; 4513 4514 /* program filter */ 4515 run_rt3070_rf_read(sc, 24, &rf24); 4516 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 4517 run_rt3070_rf_write(sc, 24, rf24); 4518 4519 /* enable baseband loopback mode */ 4520 run_rt3070_rf_read(sc, 22, &rf22); 4521 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 4522 4523 /* set power and frequency of passband test tone */ 4524 run_bbp_write(sc, 24, 0x00); 4525 for (ntries = 0; ntries < 100; ntries++) { 4526 /* transmit test tone */ 4527 run_bbp_write(sc, 25, 0x90); 4528 run_delay(sc, 10); 4529 /* read received power */ 4530 run_bbp_read(sc, 55, &bbp55_pb); 4531 if (bbp55_pb != 0) 4532 break; 4533 } 4534 if (ntries == 100) 4535 return ETIMEDOUT; 4536 4537 /* set power and frequency of stopband test tone */ 4538 run_bbp_write(sc, 24, 0x06); 4539 for (ntries = 0; ntries < 100; ntries++) { 4540 /* transmit test tone */ 4541 run_bbp_write(sc, 25, 0x90); 4542 run_delay(sc, 10); 4543 /* read received power */ 4544 run_bbp_read(sc, 55, &bbp55_sb); 4545 4546 delta = bbp55_pb - bbp55_sb; 4547 if (delta > target) 4548 break; 4549 4550 /* reprogram filter */ 4551 rf24++; 4552 run_rt3070_rf_write(sc, 24, rf24); 4553 } 4554 if (ntries < 100) { 4555 if (rf24 != init) 4556 rf24--; /* backtrack */ 4557 *val = rf24; 4558 run_rt3070_rf_write(sc, 24, rf24); 4559 } 4560 4561 /* restore initial state */ 4562 run_bbp_write(sc, 24, 0x00); 4563 4564 /* disable baseband loopback mode */ 4565 run_rt3070_rf_read(sc, 22, &rf22); 4566 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 4567 4568 return (0); 4569 } 4570 4571 static void 4572 run_rt3070_rf_setup(struct run_softc *sc) 4573 { 4574 uint8_t bbp, rf; 4575 int i; 4576 4577 if (sc->mac_ver == 0x3572) { 4578 /* enable DC filter */ 4579 if (sc->mac_rev >= 0x0201) 4580 run_bbp_write(sc, 103, 0xc0); 4581 4582 run_bbp_read(sc, 138, &bbp); 4583 if (sc->ntxchains == 1) 4584 bbp |= 0x20; /* turn off DAC1 */ 4585 if (sc->nrxchains == 1) 4586 bbp &= ~0x02; /* turn off ADC1 */ 4587 run_bbp_write(sc, 138, bbp); 4588 4589 if (sc->mac_rev >= 0x0211) { 4590 /* improve power consumption */ 4591 run_bbp_read(sc, 31, &bbp); 4592 run_bbp_write(sc, 31, bbp & ~0x03); 4593 } 4594 4595 run_rt3070_rf_read(sc, 16, &rf); 4596 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 4597 run_rt3070_rf_write(sc, 16, rf); 4598 4599 } else if (sc->mac_ver == 0x3071) { 4600 /* enable DC filter */ 4601 if (sc->mac_rev >= 0x0201) 4602 run_bbp_write(sc, 103, 0xc0); 4603 4604 run_bbp_read(sc, 138, &bbp); 4605 if (sc->ntxchains == 1) 4606 bbp |= 0x20; /* turn off DAC1 */ 4607 if (sc->nrxchains == 1) 4608 bbp &= ~0x02; /* turn off ADC1 */ 4609 run_bbp_write(sc, 138, bbp); 4610 4611 if (sc->mac_rev >= 0x0211) { 4612 /* improve power consumption */ 4613 run_bbp_read(sc, 31, &bbp); 4614 run_bbp_write(sc, 31, bbp & ~0x03); 4615 } 4616 4617 run_write(sc, RT2860_TX_SW_CFG1, 0); 4618 if (sc->mac_rev < 0x0211) { 4619 run_write(sc, RT2860_TX_SW_CFG2, 4620 sc->patch_dac ? 0x2c : 0x0f); 4621 } else 4622 run_write(sc, RT2860_TX_SW_CFG2, 0); 4623 4624 } else if (sc->mac_ver == 0x3070) { 4625 if (sc->mac_rev >= 0x0201) { 4626 /* enable DC filter */ 4627 run_bbp_write(sc, 103, 0xc0); 4628 4629 /* improve power consumption */ 4630 run_bbp_read(sc, 31, &bbp); 4631 run_bbp_write(sc, 31, bbp & ~0x03); 4632 } 4633 4634 if (sc->mac_rev < 0x0211) { 4635 run_write(sc, RT2860_TX_SW_CFG1, 0); 4636 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 4637 } else 4638 run_write(sc, RT2860_TX_SW_CFG2, 0); 4639 } 4640 4641 /* initialize RF registers from ROM for >=RT3071*/ 4642 if (sc->mac_ver >= 0x3071) { 4643 for (i = 0; i < 10; i++) { 4644 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 4645 continue; 4646 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 4647 } 4648 } 4649 } 4650 4651 static int 4652 run_txrx_enable(struct run_softc *sc) 4653 { 4654 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4655 uint32_t tmp; 4656 int error, ntries; 4657 4658 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 4659 for (ntries = 0; ntries < 200; ntries++) { 4660 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 4661 return error; 4662 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4663 break; 4664 run_delay(sc, 50); 4665 } 4666 if (ntries == 200) 4667 return ETIMEDOUT; 4668 4669 run_delay(sc, 50); 4670 4671 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 4672 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4673 4674 /* enable Rx bulk aggregation (set timeout and limit) */ 4675 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 4676 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 4677 run_write(sc, RT2860_USB_DMA_CFG, tmp); 4678 4679 /* set Rx filter */ 4680 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 4681 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 4682 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 4683 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 4684 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 4685 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 4686 if (ic->ic_opmode == IEEE80211_M_STA) 4687 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 4688 } 4689 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 4690 4691 run_write(sc, RT2860_MAC_SYS_CTRL, 4692 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4693 4694 return (0); 4695 } 4696 4697 static void 4698 run_init_locked(struct run_softc *sc) 4699 { 4700 struct ifnet *ifp = sc->sc_ifp; 4701 struct ieee80211com *ic = ifp->if_l2com; 4702 uint32_t tmp; 4703 uint8_t bbp1, bbp3; 4704 int i; 4705 int ridx; 4706 int ntries; 4707 4708 if (ic->ic_nrunning > 1) 4709 return; 4710 4711 run_stop(sc); 4712 4713 if (run_load_microcode(sc) != 0) { 4714 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 4715 goto fail; 4716 } 4717 4718 for (ntries = 0; ntries < 100; ntries++) { 4719 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 4720 goto fail; 4721 if (tmp != 0 && tmp != 0xffffffff) 4722 break; 4723 run_delay(sc, 10); 4724 } 4725 if (ntries == 100) 4726 goto fail; 4727 4728 for (i = 0; i != RUN_EP_QUEUES; i++) 4729 run_setup_tx_list(sc, &sc->sc_epq[i]); 4730 4731 run_set_macaddr(sc, IF_LLADDR(ifp)); 4732 4733 for (ntries = 0; ntries < 100; ntries++) { 4734 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 4735 goto fail; 4736 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 4737 break; 4738 run_delay(sc, 10); 4739 } 4740 if (ntries == 100) { 4741 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 4742 goto fail; 4743 } 4744 tmp &= 0xff0; 4745 tmp |= RT2860_TX_WB_DDONE; 4746 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 4747 4748 /* turn off PME_OEN to solve high-current issue */ 4749 run_read(sc, RT2860_SYS_CTRL, &tmp); 4750 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 4751 4752 run_write(sc, RT2860_MAC_SYS_CTRL, 4753 RT2860_BBP_HRST | RT2860_MAC_SRST); 4754 run_write(sc, RT2860_USB_DMA_CFG, 0); 4755 4756 if (run_reset(sc) != 0) { 4757 device_printf(sc->sc_dev, "could not reset chipset\n"); 4758 goto fail; 4759 } 4760 4761 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4762 4763 /* init Tx power for all Tx rates (from EEPROM) */ 4764 for (ridx = 0; ridx < 5; ridx++) { 4765 if (sc->txpow20mhz[ridx] == 0xffffffff) 4766 continue; 4767 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 4768 } 4769 4770 for (i = 0; i < NELEM(rt2870_def_mac); i++) 4771 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 4772 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 4773 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 4774 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 4775 4776 if (sc->mac_ver >= 0x3070) { 4777 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 4778 run_write(sc, RT2860_TX_SW_CFG0, 4779 4 << RT2860_DLY_PAPE_EN_SHIFT); 4780 } 4781 4782 /* wait while MAC is busy */ 4783 for (ntries = 0; ntries < 100; ntries++) { 4784 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 4785 goto fail; 4786 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 4787 break; 4788 run_delay(sc, 10); 4789 } 4790 if (ntries == 100) 4791 goto fail; 4792 4793 /* clear Host to MCU mailbox */ 4794 run_write(sc, RT2860_H2M_BBPAGENT, 0); 4795 run_write(sc, RT2860_H2M_MAILBOX, 0); 4796 run_delay(sc, 10); 4797 4798 if (run_bbp_init(sc) != 0) { 4799 device_printf(sc->sc_dev, "could not initialize BBP\n"); 4800 goto fail; 4801 } 4802 4803 /* abort TSF synchronization */ 4804 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4805 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4806 RT2860_TBTT_TIMER_EN); 4807 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 4808 4809 /* clear RX WCID search table */ 4810 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 4811 /* clear WCID attribute table */ 4812 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 4813 4814 /* hostapd sets a key before init. So, don't clear it. */ 4815 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 4816 /* clear shared key table */ 4817 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 4818 /* clear shared key mode */ 4819 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 4820 } 4821 4822 run_read(sc, RT2860_US_CYC_CNT, &tmp); 4823 tmp = (tmp & ~0xff) | 0x1e; 4824 run_write(sc, RT2860_US_CYC_CNT, tmp); 4825 4826 if (sc->mac_rev != 0x0101) 4827 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 4828 4829 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 4830 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 4831 4832 /* write vendor-specific BBP values (from EEPROM) */ 4833 for (i = 0; i < 10; i++) { 4834 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 4835 continue; 4836 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 4837 } 4838 4839 /* select Main antenna for 1T1R devices */ 4840 if (sc->rf_rev == RT3070_RF_3020) 4841 run_set_rx_antenna(sc, 0); 4842 4843 /* send LEDs operating mode to microcontroller */ 4844 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 4845 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 4846 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 4847 4848 if (sc->mac_ver >= 0x3070) 4849 run_rt3070_rf_init(sc); 4850 4851 /* disable non-existing Rx chains */ 4852 run_bbp_read(sc, 3, &bbp3); 4853 bbp3 &= ~(1 << 3 | 1 << 4); 4854 if (sc->nrxchains == 2) 4855 bbp3 |= 1 << 3; 4856 else if (sc->nrxchains == 3) 4857 bbp3 |= 1 << 4; 4858 run_bbp_write(sc, 3, bbp3); 4859 4860 /* disable non-existing Tx chains */ 4861 run_bbp_read(sc, 1, &bbp1); 4862 if (sc->ntxchains == 1) 4863 bbp1 &= ~(1 << 3 | 1 << 4); 4864 run_bbp_write(sc, 1, bbp1); 4865 4866 if (sc->mac_ver >= 0x3070) 4867 run_rt3070_rf_setup(sc); 4868 4869 /* select default channel */ 4870 run_set_chan(sc, ic->ic_curchan); 4871 4872 /* setup initial protection mode */ 4873 run_updateprot_cb(ic); 4874 4875 /* turn radio LED on */ 4876 run_set_leds(sc, RT2860_LED_RADIO); 4877 4878 ifq_clr_oactive(&ifp->if_snd); 4879 ifp->if_flags |= IFF_RUNNING; 4880 sc->cmdq_run = RUN_CMDQ_GO; 4881 4882 for (i = 0; i != RUN_N_XFER; i++) 4883 usbd_xfer_set_stall(sc->sc_xfer[i]); 4884 4885 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 4886 4887 if (run_txrx_enable(sc) != 0) 4888 goto fail; 4889 4890 return; 4891 4892 fail: 4893 run_stop(sc); 4894 } 4895 4896 static void 4897 run_init(void *arg) 4898 { 4899 struct run_softc *sc = arg; 4900 struct ifnet *ifp = sc->sc_ifp; 4901 struct ieee80211com *ic = ifp->if_l2com; 4902 4903 RUN_LOCK(sc); 4904 run_init_locked(sc); 4905 RUN_UNLOCK(sc); 4906 4907 if (ifp->if_flags & IFF_RUNNING) 4908 ieee80211_start_all(ic); 4909 } 4910 4911 static void 4912 run_stop(void *arg) 4913 { 4914 struct run_softc *sc = (struct run_softc *)arg; 4915 struct ifnet *ifp = sc->sc_ifp; 4916 uint32_t tmp; 4917 int i; 4918 int ntries; 4919 4920 RUN_LOCK_ASSERT(sc, MA_OWNED); 4921 4922 if (ifp->if_flags & IFF_RUNNING) 4923 run_set_leds(sc, 0); /* turn all LEDs off */ 4924 4925 ifp->if_flags &= ~IFF_RUNNING; 4926 ifq_clr_oactive(&ifp->if_snd); 4927 4928 sc->ratectl_run = RUN_RATECTL_OFF; 4929 sc->cmdq_run = sc->cmdq_key_set; 4930 4931 RUN_UNLOCK(sc); 4932 4933 for(i = 0; i < RUN_N_XFER; i++) 4934 usbd_transfer_drain(sc->sc_xfer[i]); 4935 4936 RUN_LOCK(sc); 4937 4938 if (sc->rx_m != NULL) { 4939 m_free(sc->rx_m); 4940 sc->rx_m = NULL; 4941 } 4942 4943 /* disable Tx/Rx */ 4944 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 4945 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 4946 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 4947 4948 /* wait for pending Tx to complete */ 4949 for (ntries = 0; ntries < 100; ntries++) { 4950 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 4951 DPRINTF("Cannot read Tx queue count\n"); 4952 break; 4953 } 4954 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 4955 DPRINTF("All Tx cleared\n"); 4956 break; 4957 } 4958 run_delay(sc, 10); 4959 } 4960 if (ntries >= 100) 4961 DPRINTF("There are still pending Tx\n"); 4962 run_delay(sc, 10); 4963 run_write(sc, RT2860_USB_DMA_CFG, 0); 4964 4965 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 4966 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 4967 4968 for (i = 0; i != RUN_EP_QUEUES; i++) 4969 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 4970 4971 return; 4972 } 4973 4974 static void 4975 run_delay(struct run_softc *sc, unsigned int ms) 4976 { 4977 zsleep(sc, &wlan_global_serializer, 0, "rundelay", 4978 USB_MS_TO_TICKS(ms)); 4979 // usb_pause_mtx(lockowned(&sc->sc_lock) ? 4980 // &sc->sc_lock : NULL, USB_MS_TO_TICKS(ms)); 4981 } 4982 4983 static device_method_t run_methods[] = { 4984 /* Device interface */ 4985 DEVMETHOD(device_probe, run_match), 4986 DEVMETHOD(device_attach, run_attach), 4987 DEVMETHOD(device_detach, run_detach), 4988 DEVMETHOD_END 4989 }; 4990 4991 static driver_t run_driver = { 4992 .name = "run", 4993 .methods = run_methods, 4994 .size = sizeof(struct run_softc) 4995 }; 4996 4997 static devclass_t run_devclass; 4998 4999 DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0); 5000 MODULE_DEPEND(run, wlan, 1, 1, 1); 5001 MODULE_DEPEND(run, usb, 1, 1, 1); 5002 MODULE_DEPEND(run, firmware, 1, 1, 1); 5003 MODULE_VERSION(run, 1); 5004