1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 * 19 * $FreeBSD: head/sys/dev/usb/wlan/if_run.c 262795 2014-03-05 18:39:27Z hselasky $ 20 */ 21 22 /*- 23 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 24 * http://www.ralinktech.com/ 25 */ 26 27 #include <sys/param.h> 28 #include <sys/sockio.h> 29 #include <sys/sysctl.h> 30 #include <sys/lock.h> 31 #include <sys/mbuf.h> 32 #include <sys/kernel.h> 33 #include <sys/socket.h> 34 #include <sys/systm.h> 35 #include <sys/malloc.h> 36 #include <sys/module.h> 37 #include <sys/bus.h> 38 #include <sys/endian.h> 39 #include <sys/linker.h> 40 #include <sys/firmware.h> 41 42 #include <sys/rman.h> 43 44 #include <net/bpf.h> 45 #include <net/if.h> 46 #include <net/if_var.h> 47 #include <net/if_arp.h> 48 #include <net/ethernet.h> 49 #include <net/if_dl.h> 50 #include <net/if_media.h> 51 #include <net/if_types.h> 52 #include <net/ifq_var.h> 53 54 #include <netinet/in.h> 55 #include <netinet/in_systm.h> 56 #include <netinet/in_var.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip.h> 59 60 #include <netproto/802_11/ieee80211_var.h> 61 #include <netproto/802_11/ieee80211_regdomain.h> 62 #include <netproto/802_11/ieee80211_radiotap.h> 63 #include <netproto/802_11/ieee80211_ratectl.h> 64 65 #include <bus/u4b/usb.h> 66 #include <bus/u4b/usbdi.h> 67 #include "usbdevs.h" 68 69 #define USB_DEBUG_VAR run_debug 70 #include <bus/u4b/usb_debug.h> 71 #include <bus/u4b/usb_msctest.h> 72 73 #include <bus/u4b/wlan/if_runreg.h> 74 #include <bus/u4b/wlan/if_runvar.h> 75 76 #ifdef USB_DEBUG 77 #define RUN_DEBUG 78 #endif 79 80 #ifdef RUN_DEBUG 81 int run_debug = 0; 82 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 83 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0, 84 "run debug level"); 85 #endif 86 87 #define IEEE80211_HAS_ADDR4(wh) \ 88 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 89 90 /* 91 * Because of LOR in run_key_delete(), use atomic instead. 92 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 93 */ 94 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 95 96 static const STRUCT_USB_HOST_ID run_devs[] = { 97 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 98 #define RUN_DEV_EJECT(v,p) \ 99 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 100 #define RUN_EJECT 1 101 RUN_DEV(ABOCOM, RT2770), 102 RUN_DEV(ABOCOM, RT2870), 103 RUN_DEV(ABOCOM, RT3070), 104 RUN_DEV(ABOCOM, RT3071), 105 RUN_DEV(ABOCOM, RT3072), 106 RUN_DEV(ABOCOM2, RT2870_1), 107 RUN_DEV(ACCTON, RT2770), 108 RUN_DEV(ACCTON, RT2870_1), 109 RUN_DEV(ACCTON, RT2870_2), 110 RUN_DEV(ACCTON, RT2870_3), 111 RUN_DEV(ACCTON, RT2870_4), 112 RUN_DEV(ACCTON, RT2870_5), 113 RUN_DEV(ACCTON, RT3070), 114 RUN_DEV(ACCTON, RT3070_1), 115 RUN_DEV(ACCTON, RT3070_2), 116 RUN_DEV(ACCTON, RT3070_3), 117 RUN_DEV(ACCTON, RT3070_4), 118 RUN_DEV(ACCTON, RT3070_5), 119 RUN_DEV(AIRTIES, RT3070), 120 RUN_DEV(ALLWIN, RT2070), 121 RUN_DEV(ALLWIN, RT2770), 122 RUN_DEV(ALLWIN, RT2870), 123 RUN_DEV(ALLWIN, RT3070), 124 RUN_DEV(ALLWIN, RT3071), 125 RUN_DEV(ALLWIN, RT3072), 126 RUN_DEV(ALLWIN, RT3572), 127 RUN_DEV(AMIGO, RT2870_1), 128 RUN_DEV(AMIGO, RT2870_2), 129 RUN_DEV(AMIT, CGWLUSB2GNR), 130 RUN_DEV(AMIT, RT2870_1), 131 RUN_DEV(AMIT2, RT2870), 132 RUN_DEV(ASUS, RT2870_1), 133 RUN_DEV(ASUS, RT2870_2), 134 RUN_DEV(ASUS, RT2870_3), 135 RUN_DEV(ASUS, RT2870_4), 136 RUN_DEV(ASUS, RT2870_5), 137 RUN_DEV(ASUS, USBN13), 138 RUN_DEV(ASUS, RT3070_1), 139 RUN_DEV(ASUS, USBN66), 140 RUN_DEV(ASUS, USB_N53), 141 RUN_DEV(ASUS2, USBN11), 142 RUN_DEV(AZUREWAVE, RT2870_1), 143 RUN_DEV(AZUREWAVE, RT2870_2), 144 RUN_DEV(AZUREWAVE, RT3070_1), 145 RUN_DEV(AZUREWAVE, RT3070_2), 146 RUN_DEV(AZUREWAVE, RT3070_3), 147 RUN_DEV(BELKIN, F9L1103), 148 RUN_DEV(BELKIN, F5D8053V3), 149 RUN_DEV(BELKIN, F5D8055), 150 RUN_DEV(BELKIN, F5D8055V2), 151 RUN_DEV(BELKIN, F6D4050V1), 152 RUN_DEV(BELKIN, F6D4050V2), 153 RUN_DEV(BELKIN, RT2870_1), 154 RUN_DEV(BELKIN, RT2870_2), 155 RUN_DEV(CISCOLINKSYS, AE1000), 156 RUN_DEV(CISCOLINKSYS2, RT3070), 157 RUN_DEV(CISCOLINKSYS3, RT3070), 158 RUN_DEV(CONCEPTRONIC2, RT2870_1), 159 RUN_DEV(CONCEPTRONIC2, RT2870_2), 160 RUN_DEV(CONCEPTRONIC2, RT2870_3), 161 RUN_DEV(CONCEPTRONIC2, RT2870_4), 162 RUN_DEV(CONCEPTRONIC2, RT2870_5), 163 RUN_DEV(CONCEPTRONIC2, RT2870_6), 164 RUN_DEV(CONCEPTRONIC2, RT2870_7), 165 RUN_DEV(CONCEPTRONIC2, RT2870_8), 166 RUN_DEV(CONCEPTRONIC2, RT3070_1), 167 RUN_DEV(CONCEPTRONIC2, RT3070_2), 168 RUN_DEV(CONCEPTRONIC2, VIGORN61), 169 RUN_DEV(COREGA, CGWLUSB300GNM), 170 RUN_DEV(COREGA, RT2870_1), 171 RUN_DEV(COREGA, RT2870_2), 172 RUN_DEV(COREGA, RT2870_3), 173 RUN_DEV(COREGA, RT3070), 174 RUN_DEV(CYBERTAN, RT2870), 175 RUN_DEV(DLINK, RT2870), 176 RUN_DEV(DLINK, RT3072), 177 RUN_DEV(DLINK, DWA127), 178 RUN_DEV(DLINK, DWA140B3), 179 RUN_DEV(DLINK, DWA160B2), 180 RUN_DEV(DLINK, DWA162), 181 RUN_DEV(DLINK2, DWA130), 182 RUN_DEV(DLINK2, RT2870_1), 183 RUN_DEV(DLINK2, RT2870_2), 184 RUN_DEV(DLINK2, RT3070_1), 185 RUN_DEV(DLINK2, RT3070_2), 186 RUN_DEV(DLINK2, RT3070_3), 187 RUN_DEV(DLINK2, RT3070_4), 188 RUN_DEV(DLINK2, RT3070_5), 189 RUN_DEV(DLINK2, RT3072), 190 RUN_DEV(DLINK2, RT3072_1), 191 RUN_DEV(EDIMAX, EW7717), 192 RUN_DEV(EDIMAX, EW7718), 193 RUN_DEV(EDIMAX, EW7733UND), 194 RUN_DEV(EDIMAX, RT2870_1), 195 RUN_DEV(ENCORE, RT3070_1), 196 RUN_DEV(ENCORE, RT3070_2), 197 RUN_DEV(ENCORE, RT3070_3), 198 RUN_DEV(GIGABYTE, GNWB31N), 199 RUN_DEV(GIGABYTE, GNWB32L), 200 RUN_DEV(GIGABYTE, RT2870_1), 201 RUN_DEV(GIGASET, RT3070_1), 202 RUN_DEV(GIGASET, RT3070_2), 203 RUN_DEV(GUILLEMOT, HWNU300), 204 RUN_DEV(HAWKING, HWUN2), 205 RUN_DEV(HAWKING, RT2870_1), 206 RUN_DEV(HAWKING, RT2870_2), 207 RUN_DEV(HAWKING, RT3070), 208 RUN_DEV(IODATA, RT3072_1), 209 RUN_DEV(IODATA, RT3072_2), 210 RUN_DEV(IODATA, RT3072_3), 211 RUN_DEV(IODATA, RT3072_4), 212 RUN_DEV(LINKSYS4, RT3070), 213 RUN_DEV(LINKSYS4, WUSB100), 214 RUN_DEV(LINKSYS4, WUSB54GCV3), 215 RUN_DEV(LINKSYS4, WUSB600N), 216 RUN_DEV(LINKSYS4, WUSB600NV2), 217 RUN_DEV(LOGITEC, RT2870_1), 218 RUN_DEV(LOGITEC, RT2870_2), 219 RUN_DEV(LOGITEC, RT2870_3), 220 RUN_DEV(LOGITEC, LANW300NU2), 221 RUN_DEV(LOGITEC, LANW150NU2), 222 RUN_DEV(LOGITEC, LANW300NU2S), 223 RUN_DEV(MELCO, RT2870_1), 224 RUN_DEV(MELCO, RT2870_2), 225 RUN_DEV(MELCO, WLIUCAG300N), 226 RUN_DEV(MELCO, WLIUCG300N), 227 RUN_DEV(MELCO, WLIUCG301N), 228 RUN_DEV(MELCO, WLIUCGN), 229 RUN_DEV(MELCO, WLIUCGNM), 230 RUN_DEV(MELCO, WLIUCGNM2), 231 RUN_DEV(MOTOROLA4, RT2770), 232 RUN_DEV(MOTOROLA4, RT3070), 233 RUN_DEV(MSI, RT3070_1), 234 RUN_DEV(MSI, RT3070_2), 235 RUN_DEV(MSI, RT3070_3), 236 RUN_DEV(MSI, RT3070_4), 237 RUN_DEV(MSI, RT3070_5), 238 RUN_DEV(MSI, RT3070_6), 239 RUN_DEV(MSI, RT3070_7), 240 RUN_DEV(MSI, RT3070_8), 241 RUN_DEV(MSI, RT3070_9), 242 RUN_DEV(MSI, RT3070_10), 243 RUN_DEV(MSI, RT3070_11), 244 RUN_DEV(OVISLINK, RT3072), 245 RUN_DEV(PARA, RT3070), 246 RUN_DEV(PEGATRON, RT2870), 247 RUN_DEV(PEGATRON, RT3070), 248 RUN_DEV(PEGATRON, RT3070_2), 249 RUN_DEV(PEGATRON, RT3070_3), 250 RUN_DEV(PHILIPS, RT2870), 251 RUN_DEV(PLANEX2, GWUS300MINIS), 252 RUN_DEV(PLANEX2, GWUSMICRON), 253 RUN_DEV(PLANEX2, RT2870), 254 RUN_DEV(PLANEX2, RT3070), 255 RUN_DEV(QCOM, RT2870), 256 RUN_DEV(QUANTA, RT3070), 257 RUN_DEV(RALINK, RT2070), 258 RUN_DEV(RALINK, RT2770), 259 RUN_DEV(RALINK, RT2870), 260 RUN_DEV(RALINK, RT3070), 261 RUN_DEV(RALINK, RT3071), 262 RUN_DEV(RALINK, RT3072), 263 RUN_DEV(RALINK, RT3370), 264 RUN_DEV(RALINK, RT3572), 265 RUN_DEV(RALINK, RT3573), 266 RUN_DEV(RALINK, RT5370), 267 RUN_DEV(RALINK, RT5572), 268 RUN_DEV(RALINK, RT8070), 269 RUN_DEV(SAMSUNG, WIS09ABGN), 270 RUN_DEV(SAMSUNG2, RT2870_1), 271 RUN_DEV(SENAO, RT2870_1), 272 RUN_DEV(SENAO, RT2870_2), 273 RUN_DEV(SENAO, RT2870_3), 274 RUN_DEV(SENAO, RT2870_4), 275 RUN_DEV(SENAO, RT3070), 276 RUN_DEV(SENAO, RT3071), 277 RUN_DEV(SENAO, RT3072_1), 278 RUN_DEV(SENAO, RT3072_2), 279 RUN_DEV(SENAO, RT3072_3), 280 RUN_DEV(SENAO, RT3072_4), 281 RUN_DEV(SENAO, RT3072_5), 282 RUN_DEV(SITECOMEU, RT2770), 283 RUN_DEV(SITECOMEU, RT2870_1), 284 RUN_DEV(SITECOMEU, RT2870_2), 285 RUN_DEV(SITECOMEU, RT2870_3), 286 RUN_DEV(SITECOMEU, RT2870_4), 287 RUN_DEV(SITECOMEU, RT3070), 288 RUN_DEV(SITECOMEU, RT3070_2), 289 RUN_DEV(SITECOMEU, RT3070_3), 290 RUN_DEV(SITECOMEU, RT3070_4), 291 RUN_DEV(SITECOMEU, RT3071), 292 RUN_DEV(SITECOMEU, RT3072_1), 293 RUN_DEV(SITECOMEU, RT3072_2), 294 RUN_DEV(SITECOMEU, RT3072_3), 295 RUN_DEV(SITECOMEU, RT3072_4), 296 RUN_DEV(SITECOMEU, RT3072_5), 297 RUN_DEV(SITECOMEU, RT3072_6), 298 RUN_DEV(SITECOMEU, WL608), 299 RUN_DEV(SPARKLAN, RT2870_1), 300 RUN_DEV(SPARKLAN, RT3070), 301 RUN_DEV(SWEEX2, LW153), 302 RUN_DEV(SWEEX2, LW303), 303 RUN_DEV(SWEEX2, LW313), 304 RUN_DEV(TOSHIBA, RT3070), 305 RUN_DEV(UMEDIA, RT2870_1), 306 RUN_DEV(ZCOM, RT2870_1), 307 RUN_DEV(ZCOM, RT2870_2), 308 RUN_DEV(ZINWELL, RT2870_1), 309 RUN_DEV(ZINWELL, RT2870_2), 310 RUN_DEV(ZINWELL, RT3070), 311 RUN_DEV(ZINWELL, RT3072_1), 312 RUN_DEV(ZINWELL, RT3072_2), 313 RUN_DEV(ZYXEL, RT2870_1), 314 RUN_DEV(ZYXEL, RT2870_2), 315 RUN_DEV_EJECT(ZYXEL, NWD2705), 316 RUN_DEV_EJECT(RALINK, RT_STOR), 317 #undef RUN_DEV_EJECT 318 #undef RUN_DEV 319 }; 320 321 static device_probe_t run_match; 322 static device_attach_t run_attach; 323 static device_detach_t run_detach; 324 325 static usb_callback_t run_bulk_rx_callback; 326 static usb_callback_t run_bulk_tx_callback0; 327 static usb_callback_t run_bulk_tx_callback1; 328 static usb_callback_t run_bulk_tx_callback2; 329 static usb_callback_t run_bulk_tx_callback3; 330 static usb_callback_t run_bulk_tx_callback4; 331 static usb_callback_t run_bulk_tx_callback5; 332 333 static void run_autoinst(void *, struct usb_device *, 334 struct usb_attach_arg *); 335 static int run_driver_loaded(struct module *, int, void *); 336 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 337 usb_error_t error, u_int index); 338 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 339 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 340 const uint8_t [IEEE80211_ADDR_LEN], 341 const uint8_t [IEEE80211_ADDR_LEN]); 342 static void run_vap_delete(struct ieee80211vap *); 343 static void run_cmdq_cb(void *, int); 344 static void run_setup_tx_list(struct run_softc *, 345 struct run_endpoint_queue *); 346 static void run_unsetup_tx_list(struct run_softc *, 347 struct run_endpoint_queue *); 348 static int run_load_microcode(struct run_softc *); 349 static int run_reset(struct run_softc *); 350 static usb_error_t run_do_request(struct run_softc *, 351 struct usb_device_request *, void *); 352 static int run_read(struct run_softc *, uint16_t, uint32_t *); 353 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 354 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 355 static int run_write(struct run_softc *, uint16_t, uint32_t); 356 static int run_write_region_1(struct run_softc *, uint16_t, 357 const uint8_t *, int); 358 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 359 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 360 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 361 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 362 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 363 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 364 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 365 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 366 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 367 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 368 static const char *run_get_rf(uint16_t); 369 static void run_rt3593_get_txpower(struct run_softc *); 370 static void run_get_txpower(struct run_softc *); 371 static int run_read_eeprom(struct run_softc *); 372 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 373 const uint8_t mac[IEEE80211_ADDR_LEN]); 374 static int run_media_change(struct ifnet *); 375 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 376 static int run_wme_update(struct ieee80211com *); 377 static void run_wme_update_cb(void *); 378 static void run_key_update_begin(struct ieee80211vap *); 379 static void run_key_update_end(struct ieee80211vap *); 380 static void run_key_set_cb(void *); 381 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 382 const uint8_t mac[IEEE80211_ADDR_LEN]); 383 static void run_key_delete_cb(void *); 384 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 385 static void run_ratectl_to(void *); 386 static void run_ratectl_cb(void *, int); 387 static void run_drain_fifo(void *); 388 static void run_iter_func(void *, struct ieee80211_node *); 389 static void run_newassoc_cb(void *); 390 static void run_newassoc(struct ieee80211_node *, int); 391 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 392 static void run_tx_free(struct run_endpoint_queue *pq, 393 struct run_tx_data *, int); 394 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 395 static int run_tx(struct run_softc *, struct mbuf *, 396 struct ieee80211_node *); 397 static int run_tx_mgt(struct run_softc *, struct mbuf *, 398 struct ieee80211_node *); 399 static int run_sendprot(struct run_softc *, const struct mbuf *, 400 struct ieee80211_node *, int, int); 401 static int run_tx_param(struct run_softc *, struct mbuf *, 402 struct ieee80211_node *, 403 const struct ieee80211_bpf_params *); 404 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 405 const struct ieee80211_bpf_params *); 406 static void run_start_locked(struct ifnet *); 407 static void run_start(struct ifnet *, struct ifaltq_subque *); 408 static int run_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *); 409 static void run_iq_calib(struct run_softc *, u_int); 410 static void run_set_agc(struct run_softc *, uint8_t); 411 static void run_select_chan_group(struct run_softc *, int); 412 static void run_set_rx_antenna(struct run_softc *, int); 413 static void run_rt2870_set_chan(struct run_softc *, u_int); 414 static void run_rt3070_set_chan(struct run_softc *, u_int); 415 static void run_rt3572_set_chan(struct run_softc *, u_int); 416 static void run_rt3593_set_chan(struct run_softc *, u_int); 417 static void run_rt5390_set_chan(struct run_softc *, u_int); 418 static void run_rt5592_set_chan(struct run_softc *, u_int); 419 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 420 static void run_set_channel(struct ieee80211com *); 421 static void run_scan_start(struct ieee80211com *); 422 static void run_scan_end(struct ieee80211com *); 423 static void run_update_beacon(struct ieee80211vap *, int); 424 static void run_update_beacon_cb(void *); 425 static void run_updateprot(struct ieee80211com *); 426 static void run_updateprot_cb(void *); 427 static void run_usb_timeout_cb(void *); 428 static void run_reset_livelock(struct run_softc *); 429 static void run_enable_tsf_sync(struct run_softc *); 430 static void run_enable_mrr(struct run_softc *); 431 static void run_set_txpreamble(struct run_softc *); 432 static void run_set_basicrates(struct run_softc *); 433 static void run_set_leds(struct run_softc *, uint16_t); 434 static void run_set_bssid(struct run_softc *, const uint8_t *); 435 static void run_set_macaddr(struct run_softc *, const uint8_t *); 436 static void run_updateslot(struct ifnet *); 437 static void run_updateslot_cb(void *); 438 static void run_update_mcast(struct ifnet *); 439 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 440 static void run_update_promisc_locked(struct ifnet *); 441 static void run_update_promisc(struct ifnet *); 442 static void run_rt5390_bbp_init(struct run_softc *); 443 static int run_bbp_init(struct run_softc *); 444 static int run_rt3070_rf_init(struct run_softc *); 445 static void run_rt3593_rf_init(struct run_softc *); 446 static void run_rt5390_rf_init(struct run_softc *); 447 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 448 uint8_t *); 449 static void run_rt3070_rf_setup(struct run_softc *); 450 static void run_rt3593_rf_setup(struct run_softc *); 451 static void run_rt5390_rf_setup(struct run_softc *); 452 static int run_txrx_enable(struct run_softc *); 453 static void run_adjust_freq_offset(struct run_softc *); 454 static void run_init(void *); 455 static void run_init_locked(struct run_softc *); 456 static void run_stop(void *); 457 static void run_delay(struct run_softc *, u_int); 458 459 static eventhandler_tag run_etag; 460 461 static const struct rt2860_rate { 462 uint8_t rate; 463 uint8_t mcs; 464 enum ieee80211_phytype phy; 465 uint8_t ctl_ridx; 466 uint16_t sp_ack_dur; 467 uint16_t lp_ack_dur; 468 } rt2860_rates[] = { 469 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 470 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 471 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 472 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 473 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 474 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 475 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 476 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 477 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 478 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 479 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 480 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 481 }; 482 483 static const struct { 484 uint16_t reg; 485 uint32_t val; 486 } rt2870_def_mac[] = { 487 RT2870_DEF_MAC 488 }; 489 490 static const struct { 491 uint8_t reg; 492 uint8_t val; 493 } rt2860_def_bbp[] = { 494 RT2860_DEF_BBP 495 },rt5390_def_bbp[] = { 496 RT5390_DEF_BBP 497 },rt5592_def_bbp[] = { 498 RT5592_DEF_BBP 499 }; 500 501 /* 502 * Default values for BBP register R196 for RT5592. 503 */ 504 static const uint8_t rt5592_bbp_r196[] = { 505 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 506 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 507 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 508 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 509 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 510 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 511 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 512 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 513 0x2e, 0x36, 0x30, 0x6e 514 }; 515 516 static const struct rfprog { 517 uint8_t chan; 518 uint32_t r1, r2, r3, r4; 519 } rt2860_rf2850[] = { 520 RT2860_RF2850 521 }; 522 523 struct { 524 uint8_t n, r, k; 525 } rt3070_freqs[] = { 526 RT3070_RF3052 527 }; 528 529 static const struct rt5592_freqs { 530 uint16_t n; 531 uint8_t k, m, r; 532 } rt5592_freqs_20mhz[] = { 533 RT5592_RF5592_20MHZ 534 },rt5592_freqs_40mhz[] = { 535 RT5592_RF5592_40MHZ 536 }; 537 538 static const struct { 539 uint8_t reg; 540 uint8_t val; 541 } rt3070_def_rf[] = { 542 RT3070_DEF_RF 543 },rt3572_def_rf[] = { 544 RT3572_DEF_RF 545 },rt3593_def_rf[] = { 546 RT3593_DEF_RF 547 },rt5390_def_rf[] = { 548 RT5390_DEF_RF 549 },rt5392_def_rf[] = { 550 RT5392_DEF_RF 551 },rt5592_def_rf[] = { 552 RT5592_DEF_RF 553 },rt5592_2ghz_def_rf[] = { 554 RT5592_2GHZ_DEF_RF 555 },rt5592_5ghz_def_rf[] = { 556 RT5592_5GHZ_DEF_RF 557 }; 558 559 static const struct { 560 u_int firstchan; 561 u_int lastchan; 562 uint8_t reg; 563 uint8_t val; 564 } rt5592_chan_5ghz[] = { 565 RT5592_CHAN_5GHZ 566 }; 567 568 static const struct usb_config run_config[RUN_N_XFER] = { 569 [RUN_BULK_TX_BE] = { 570 .type = UE_BULK, 571 .endpoint = UE_ADDR_ANY, 572 .ep_index = 0, 573 .direction = UE_DIR_OUT, 574 .bufsize = RUN_MAX_TXSZ, 575 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 576 .callback = run_bulk_tx_callback0, 577 .timeout = 5000, /* ms */ 578 }, 579 [RUN_BULK_TX_BK] = { 580 .type = UE_BULK, 581 .endpoint = UE_ADDR_ANY, 582 .direction = UE_DIR_OUT, 583 .ep_index = 1, 584 .bufsize = RUN_MAX_TXSZ, 585 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 586 .callback = run_bulk_tx_callback1, 587 .timeout = 5000, /* ms */ 588 }, 589 [RUN_BULK_TX_VI] = { 590 .type = UE_BULK, 591 .endpoint = UE_ADDR_ANY, 592 .direction = UE_DIR_OUT, 593 .ep_index = 2, 594 .bufsize = RUN_MAX_TXSZ, 595 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 596 .callback = run_bulk_tx_callback2, 597 .timeout = 5000, /* ms */ 598 }, 599 [RUN_BULK_TX_VO] = { 600 .type = UE_BULK, 601 .endpoint = UE_ADDR_ANY, 602 .direction = UE_DIR_OUT, 603 .ep_index = 3, 604 .bufsize = RUN_MAX_TXSZ, 605 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 606 .callback = run_bulk_tx_callback3, 607 .timeout = 5000, /* ms */ 608 }, 609 [RUN_BULK_TX_HCCA] = { 610 .type = UE_BULK, 611 .endpoint = UE_ADDR_ANY, 612 .direction = UE_DIR_OUT, 613 .ep_index = 4, 614 .bufsize = RUN_MAX_TXSZ, 615 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 616 .callback = run_bulk_tx_callback4, 617 .timeout = 5000, /* ms */ 618 }, 619 [RUN_BULK_TX_PRIO] = { 620 .type = UE_BULK, 621 .endpoint = UE_ADDR_ANY, 622 .direction = UE_DIR_OUT, 623 .ep_index = 5, 624 .bufsize = RUN_MAX_TXSZ, 625 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 626 .callback = run_bulk_tx_callback5, 627 .timeout = 5000, /* ms */ 628 }, 629 [RUN_BULK_RX] = { 630 .type = UE_BULK, 631 .endpoint = UE_ADDR_ANY, 632 .direction = UE_DIR_IN, 633 .bufsize = RUN_MAX_RXSZ, 634 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 635 .callback = run_bulk_rx_callback, 636 } 637 }; 638 639 static void 640 run_autoinst(void *arg, struct usb_device *udev, 641 struct usb_attach_arg *uaa) 642 { 643 struct usb_interface *iface; 644 struct usb_interface_descriptor *id; 645 646 if (uaa->dev_state != UAA_DEV_READY) 647 return; 648 649 iface = usbd_get_iface(udev, 0); 650 if (iface == NULL) 651 return; 652 id = iface->idesc; 653 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 654 return; 655 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 656 return; 657 658 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 659 uaa->dev_state = UAA_DEV_EJECTING; 660 } 661 662 static int 663 run_driver_loaded(struct module *mod, int what, void *arg) 664 { 665 switch (what) { 666 case MOD_LOAD: 667 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 668 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 669 break; 670 case MOD_UNLOAD: 671 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 672 break; 673 default: 674 return (EOPNOTSUPP); 675 } 676 return (0); 677 } 678 679 static int 680 run_match(device_t self) 681 { 682 struct usb_attach_arg *uaa = device_get_ivars(self); 683 684 if (uaa->usb_mode != USB_MODE_HOST) 685 return (ENXIO); 686 if (uaa->info.bConfigIndex != 0) 687 return (ENXIO); 688 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 689 return (ENXIO); 690 691 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 692 } 693 694 static int 695 run_attach(device_t self) 696 { 697 struct run_softc *sc = device_get_softc(self); 698 struct usb_attach_arg *uaa = device_get_ivars(self); 699 struct ieee80211com *ic; 700 struct ifnet *ifp; 701 uint32_t ver; 702 int ntries, error; 703 uint8_t iface_index, bands; 704 char ethstr[ETHER_ADDRSTRLEN + 1]; 705 706 wlan_serialize_enter(); 707 708 device_set_usb_desc(self); 709 sc->sc_udev = uaa->device; 710 sc->sc_dev = self; 711 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 712 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 713 714 lockinit(&sc->sc_lock, device_get_nameunit(sc->sc_dev), 715 0, LK_CANRECURSE); 716 717 iface_index = RT2860_IFACE_INDEX; 718 719 error = usbd_transfer_setup(uaa->device, &iface_index, 720 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_lock); 721 if (error) { 722 device_printf(self, "could not allocate USB transfers, " 723 "err=%s\n", usbd_errstr(error)); 724 goto detach; 725 } 726 727 RUN_LOCK(sc); 728 729 /* wait for the chip to settle */ 730 for (ntries = 0; ntries < 100; ntries++) { 731 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 732 RUN_UNLOCK(sc); 733 goto detach; 734 } 735 if (ver != 0 && ver != 0xffffffff) 736 break; 737 run_delay(sc, 10); 738 } 739 if (ntries == 100) { 740 device_printf(sc->sc_dev, 741 "timeout waiting for NIC to initialize\n"); 742 RUN_UNLOCK(sc); 743 goto detach; 744 } 745 sc->mac_ver = ver >> 16; 746 sc->mac_rev = ver & 0xffff; 747 748 /* retrieve RF rev. no and various other things from EEPROM */ 749 run_read_eeprom(sc); 750 751 device_printf(sc->sc_dev, 752 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 753 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 754 sc->ntxchains, sc->nrxchains, kether_ntoa(sc->sc_bssid, ethstr)); 755 756 RUN_UNLOCK(sc); 757 758 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 759 if (ifp == NULL) { 760 device_printf(sc->sc_dev, "can not if_alloc()\n"); 761 goto detach; 762 } 763 ic = ifp->if_l2com; 764 765 ifp->if_softc = sc; 766 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 767 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 768 ifp->if_init = run_init; 769 ifp->if_ioctl = run_ioctl; 770 ifp->if_start = run_start; 771 ifq_set_maxlen(&ifp->if_snd, ifqmaxlen); 772 #if 0 /* XXX swildner: see c3d4131842e47b168d93a0650d58d425ebeef789 */ 773 ifq_set_ready(&ifp->if_snd); 774 #endif 775 776 ic->ic_ifp = ifp; 777 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 778 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 779 780 /* set device capabilities */ 781 ic->ic_caps = 782 IEEE80211_C_STA | /* station mode supported */ 783 IEEE80211_C_MONITOR | /* monitor mode supported */ 784 IEEE80211_C_IBSS | 785 IEEE80211_C_HOSTAP | 786 IEEE80211_C_WDS | /* 4-address traffic works */ 787 IEEE80211_C_MBSS | 788 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 789 IEEE80211_C_SHSLOT | /* short slot time supported */ 790 IEEE80211_C_WME | /* WME */ 791 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 792 793 ic->ic_cryptocaps = 794 IEEE80211_CRYPTO_WEP | 795 IEEE80211_CRYPTO_AES_CCM | 796 IEEE80211_CRYPTO_TKIPMIC | 797 IEEE80211_CRYPTO_TKIP; 798 799 ic->ic_flags |= IEEE80211_F_DATAPAD; 800 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 801 802 bands = 0; 803 setbit(&bands, IEEE80211_MODE_11B); 804 setbit(&bands, IEEE80211_MODE_11G); 805 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 806 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 807 sc->rf_rev == RT5592_RF_5592) 808 setbit(&bands, IEEE80211_MODE_11A); 809 ieee80211_init_channels(ic, NULL, &bands); 810 811 ieee80211_ifattach(ic, sc->sc_bssid); 812 813 ic->ic_scan_start = run_scan_start; 814 ic->ic_scan_end = run_scan_end; 815 ic->ic_set_channel = run_set_channel; 816 ic->ic_node_alloc = run_node_alloc; 817 ic->ic_newassoc = run_newassoc; 818 ic->ic_updateslot = run_updateslot; 819 ic->ic_update_mcast = run_update_mcast; 820 ic->ic_wme.wme_update = run_wme_update; 821 ic->ic_raw_xmit = run_raw_xmit; 822 ic->ic_update_promisc = run_update_promisc; 823 824 ic->ic_vap_create = run_vap_create; 825 ic->ic_vap_delete = run_vap_delete; 826 827 ieee80211_radiotap_attach(ic, 828 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 829 RUN_TX_RADIOTAP_PRESENT, 830 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 831 RUN_RX_RADIOTAP_PRESENT); 832 833 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 834 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 835 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_lock, 1); 836 837 if (bootverbose) 838 ieee80211_announce(ic); 839 840 wlan_serialize_exit(); 841 return (0); 842 843 detach: 844 wlan_serialize_exit(); 845 run_detach(self); 846 return (ENXIO); 847 } 848 849 static int 850 run_detach(device_t self) 851 { 852 struct run_softc *sc = device_get_softc(self); 853 struct ifnet *ifp = sc->sc_ifp; 854 struct ieee80211com *ic; 855 int i; 856 857 wlan_serialize_enter(); 858 sc->sc_detached = 1; 859 860 /* stop all USB transfers */ 861 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 862 863 RUN_LOCK(sc); 864 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 RUN_UNLOCK(sc); 872 873 if (ifp) { 874 ic = ifp->if_l2com; 875 /* drain tasks */ 876 usb_callout_drain(&sc->ratectl_ch); 877 ieee80211_draintask(ic, &sc->cmdq_task); 878 ieee80211_draintask(ic, &sc->ratectl_task); 879 ieee80211_ifdetach(ic); 880 if_free(ifp); 881 } 882 883 lockuninit(&sc->sc_lock); 884 885 wlan_serialize_exit(); 886 return (0); 887 } 888 889 static struct ieee80211vap * 890 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 891 enum ieee80211_opmode opmode, int flags, 892 const uint8_t bssid[IEEE80211_ADDR_LEN], 893 const uint8_t mac[IEEE80211_ADDR_LEN]) 894 { 895 struct ifnet *ifp = ic->ic_ifp; 896 struct run_softc *sc = ifp->if_softc; 897 struct run_vap *rvp; 898 struct ieee80211vap *vap; 899 int i; 900 901 if (sc->rvp_cnt >= RUN_VAP_MAX) { 902 if_printf(ifp, "number of VAPs maxed out\n"); 903 return (NULL); 904 } 905 906 switch (opmode) { 907 case IEEE80211_M_STA: 908 /* enable s/w bmiss handling for sta mode */ 909 flags |= IEEE80211_CLONE_NOBEACONS; 910 /* fall though */ 911 case IEEE80211_M_IBSS: 912 case IEEE80211_M_MONITOR: 913 case IEEE80211_M_HOSTAP: 914 case IEEE80211_M_MBSS: 915 /* other than WDS vaps, only one at a time */ 916 if (!TAILQ_EMPTY(&ic->ic_vaps)) 917 return (NULL); 918 break; 919 case IEEE80211_M_WDS: 920 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 921 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 922 continue; 923 /* WDS vap's always share the local mac address. */ 924 flags &= ~IEEE80211_CLONE_BSSID; 925 break; 926 } 927 if (vap == NULL) { 928 if_printf(ifp, "wds only supported in ap mode\n"); 929 return (NULL); 930 } 931 break; 932 default: 933 if_printf(ifp, "unknown opmode %d\n", opmode); 934 return (NULL); 935 } 936 937 rvp = (struct run_vap *) kmalloc(sizeof(struct run_vap), 938 M_80211_VAP, M_INTWAIT | M_ZERO); 939 vap = &rvp->vap; 940 941 if (ieee80211_vap_setup(ic, vap, name, unit, 942 opmode, flags, bssid, mac) != 0) { 943 /* out of memory */ 944 kfree(rvp, M_80211_VAP); 945 return (NULL); 946 } 947 948 vap->iv_key_update_begin = run_key_update_begin; 949 vap->iv_key_update_end = run_key_update_end; 950 vap->iv_update_beacon = run_update_beacon; 951 vap->iv_max_aid = RT2870_WCID_MAX; 952 /* 953 * To delete the right key from h/w, we need wcid. 954 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 955 * and matching wcid will be written into there. So, cast 956 * some spells to remove 'const' from ieee80211_key{} 957 */ 958 vap->iv_key_delete = (void *)run_key_delete; 959 vap->iv_key_set = (void *)run_key_set; 960 961 /* override state transition machine */ 962 rvp->newstate = vap->iv_newstate; 963 vap->iv_newstate = run_newstate; 964 965 ieee80211_ratectl_init(vap); 966 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 967 968 /* complete setup */ 969 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 970 971 /* make sure id is always unique */ 972 for (i = 0; i < RUN_VAP_MAX; i++) { 973 if((sc->rvp_bmap & 1 << i) == 0){ 974 sc->rvp_bmap |= 1 << i; 975 rvp->rvp_id = i; 976 break; 977 } 978 } 979 if (sc->rvp_cnt++ == 0) 980 ic->ic_opmode = opmode; 981 982 if (opmode == IEEE80211_M_HOSTAP) 983 sc->cmdq_run = RUN_CMDQ_GO; 984 985 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 986 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 987 988 return (vap); 989 } 990 991 static void 992 run_vap_delete(struct ieee80211vap *vap) 993 { 994 struct run_vap *rvp = RUN_VAP(vap); 995 struct ifnet *ifp; 996 struct ieee80211com *ic; 997 struct run_softc *sc; 998 uint8_t rvp_id; 999 1000 if (vap == NULL) 1001 return; 1002 1003 ic = vap->iv_ic; 1004 ifp = ic->ic_ifp; 1005 1006 sc = ifp->if_softc; 1007 1008 RUN_LOCK(sc); 1009 1010 m_freem(rvp->beacon_mbuf); 1011 rvp->beacon_mbuf = NULL; 1012 1013 rvp_id = rvp->rvp_id; 1014 sc->ratectl_run &= ~(1 << rvp_id); 1015 sc->rvp_bmap &= ~(1 << rvp_id); 1016 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1017 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1018 --sc->rvp_cnt; 1019 1020 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1021 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1022 1023 RUN_UNLOCK(sc); 1024 1025 ieee80211_ratectl_deinit(vap); 1026 ieee80211_vap_detach(vap); 1027 kfree(rvp, M_80211_VAP); 1028 } 1029 1030 /* 1031 * There are numbers of functions need to be called in context thread. 1032 * Rather than creating taskqueue event for each of those functions, 1033 * here is all-for-one taskqueue callback function. This function 1034 * gurantees deferred functions are executed in the same order they 1035 * were enqueued. 1036 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1037 */ 1038 static void 1039 run_cmdq_cb(void *arg, int pending) 1040 { 1041 struct run_softc *sc = arg; 1042 uint8_t i; 1043 1044 /* call cmdq[].func locked */ 1045 RUN_LOCK(sc); 1046 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1047 i = sc->cmdq_exec, pending--) { 1048 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1049 if (sc->cmdq_run == RUN_CMDQ_GO) { 1050 /* 1051 * If arg0 is NULL, callback func needs more 1052 * than one arg. So, pass ptr to cmdq struct. 1053 */ 1054 if (sc->cmdq[i].arg0) 1055 sc->cmdq[i].func(sc->cmdq[i].arg0); 1056 else 1057 sc->cmdq[i].func(&sc->cmdq[i]); 1058 } 1059 sc->cmdq[i].arg0 = NULL; 1060 sc->cmdq[i].func = NULL; 1061 sc->cmdq_exec++; 1062 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1063 } 1064 RUN_UNLOCK(sc); 1065 } 1066 1067 static void 1068 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1069 { 1070 struct run_tx_data *data; 1071 1072 memset(pq, 0, sizeof(*pq)); 1073 1074 STAILQ_INIT(&pq->tx_qh); 1075 STAILQ_INIT(&pq->tx_fh); 1076 1077 for (data = &pq->tx_data[0]; 1078 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1079 data->sc = sc; 1080 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1081 } 1082 pq->tx_nfree = RUN_TX_RING_COUNT; 1083 } 1084 1085 static void 1086 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1087 { 1088 struct run_tx_data *data; 1089 1090 /* make sure any subsequent use of the queues will fail */ 1091 pq->tx_nfree = 0; 1092 STAILQ_INIT(&pq->tx_fh); 1093 STAILQ_INIT(&pq->tx_qh); 1094 1095 /* free up all node references and mbufs */ 1096 for (data = &pq->tx_data[0]; 1097 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1098 if (data->m != NULL) { 1099 m_freem(data->m); 1100 data->m = NULL; 1101 } 1102 if (data->ni != NULL) { 1103 ieee80211_free_node(data->ni); 1104 data->ni = NULL; 1105 } 1106 } 1107 } 1108 1109 static int 1110 run_load_microcode(struct run_softc *sc) 1111 { 1112 usb_device_request_t req; 1113 const struct firmware *fw; 1114 const u_char *base; 1115 uint32_t tmp; 1116 int ntries, error; 1117 const uint64_t *temp; 1118 uint64_t bytes; 1119 1120 wlan_assert_serialized(); 1121 1122 wlan_serialize_exit(); 1123 fw = firmware_get("runfw"); 1124 wlan_serialize_enter(); 1125 if (fw == NULL) { 1126 device_printf(sc->sc_dev, 1127 "failed loadfirmware of file %s\n", "runfw"); 1128 return ENOENT; 1129 } 1130 1131 if (fw->datasize != 8192) { 1132 device_printf(sc->sc_dev, 1133 "invalid firmware size (should be 8KB)\n"); 1134 error = EINVAL; 1135 goto fail; 1136 } 1137 1138 /* 1139 * RT3071/RT3072 use a different firmware 1140 * run-rt2870 (8KB) contains both, 1141 * first half (4KB) is for rt2870, 1142 * last half is for rt3071. 1143 */ 1144 base = fw->data; 1145 if ((sc->mac_ver) != 0x2860 && 1146 (sc->mac_ver) != 0x2872 && 1147 (sc->mac_ver) != 0x3070) { 1148 base += 4096; 1149 } 1150 1151 /* cheap sanity check */ 1152 temp = fw->data; 1153 bytes = *temp; 1154 if (bytes != be64toh(0xffffff0210280210ULL)) { 1155 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1156 error = EINVAL; 1157 goto fail; 1158 } 1159 1160 /* write microcode image */ 1161 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1162 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1163 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1164 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1165 } 1166 1167 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1168 req.bRequest = RT2870_RESET; 1169 USETW(req.wValue, 8); 1170 USETW(req.wIndex, 0); 1171 USETW(req.wLength, 0); 1172 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL)) 1173 != 0) { 1174 device_printf(sc->sc_dev, "firmware reset failed\n"); 1175 goto fail; 1176 } 1177 1178 run_delay(sc, 10); 1179 1180 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1181 run_write(sc, RT2860_H2M_MAILBOX, 0); 1182 run_write(sc, RT2860_H2M_INTSRC, 0); 1183 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1184 goto fail; 1185 1186 /* wait until microcontroller is ready */ 1187 for (ntries = 0; ntries < 1000; ntries++) { 1188 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1189 goto fail; 1190 if (tmp & RT2860_MCU_READY) 1191 break; 1192 run_delay(sc, 10); 1193 } 1194 if (ntries == 1000) { 1195 device_printf(sc->sc_dev, 1196 "timeout waiting for MCU to initialize\n"); 1197 error = ETIMEDOUT; 1198 goto fail; 1199 } 1200 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1201 (base == fw->data) ? "RT2870" : "RT3071", 1202 *(base + 4092), *(base + 4093)); 1203 1204 fail: 1205 firmware_put(fw, FIRMWARE_UNLOAD); 1206 return (error); 1207 } 1208 1209 static int 1210 run_reset(struct run_softc *sc) 1211 { 1212 usb_device_request_t req; 1213 usb_error_t error; 1214 1215 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1216 req.bRequest = RT2870_RESET; 1217 USETW(req.wValue, 1); 1218 USETW(req.wIndex, 0); 1219 USETW(req.wLength, 0); 1220 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, NULL); 1221 return (error); 1222 } 1223 1224 static usb_error_t 1225 run_do_request(struct run_softc *sc, 1226 struct usb_device_request *req, void *data) 1227 { 1228 usb_error_t err; 1229 int ntries = 10; 1230 1231 RUN_LOCK_ASSERT(sc, MA_OWNED); 1232 1233 while (ntries--) { 1234 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_lock, 1235 req, data, 0, NULL, 250 /* ms */); 1236 if (err == 0) 1237 break; 1238 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1239 usbd_errstr(err)); 1240 run_delay(sc, 10); 1241 } 1242 return (err); 1243 } 1244 1245 static int 1246 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1247 { 1248 uint32_t tmp; 1249 int error; 1250 1251 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1252 if (error == 0) 1253 *val = le32toh(tmp); 1254 else 1255 *val = 0xffffffff; 1256 return (error); 1257 } 1258 1259 static int 1260 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1261 { 1262 usb_device_request_t req; 1263 1264 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1265 req.bRequest = RT2870_READ_REGION_1; 1266 USETW(req.wValue, 0); 1267 USETW(req.wIndex, reg); 1268 USETW(req.wLength, len); 1269 1270 return (run_do_request(sc, &req, buf)); 1271 } 1272 1273 static int 1274 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1275 { 1276 usb_device_request_t req; 1277 1278 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1279 req.bRequest = RT2870_WRITE_2; 1280 USETW(req.wValue, val); 1281 USETW(req.wIndex, reg); 1282 USETW(req.wLength, 0); 1283 1284 return (run_do_request(sc, &req, NULL)); 1285 } 1286 1287 static int 1288 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1289 { 1290 int error; 1291 1292 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1293 error = run_write_2(sc, reg + 2, val >> 16); 1294 return (error); 1295 } 1296 1297 static int 1298 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1299 int len) 1300 { 1301 #if 1 1302 int i, error = 0; 1303 /* 1304 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1305 * We thus issue multiple WRITE_2 commands instead. 1306 */ 1307 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1308 for (i = 0; i < len && error == 0; i += 2) 1309 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1310 return (error); 1311 #else 1312 usb_device_request_t req; 1313 int error = 0; 1314 1315 /* 1316 * NOTE: It appears the WRITE_REGION_1 command cannot be 1317 * passed a huge amount of data, which will crash the 1318 * firmware. Limit amount of data passed to 64-bytes at a 1319 * time. 1320 */ 1321 while (len > 0) { 1322 int delta = 64; 1323 if (delta > len) 1324 delta = len; 1325 1326 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1327 req.bRequest = RT2870_WRITE_REGION_1; 1328 USETW(req.wValue, 0); 1329 USETW(req.wIndex, reg); 1330 USETW(req.wLength, delta); 1331 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1332 if (error != 0) 1333 break; 1334 reg += delta; 1335 buf += delta; 1336 len -= delta; 1337 } 1338 return (error); 1339 #endif 1340 } 1341 1342 static int 1343 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1344 { 1345 int i, error = 0; 1346 1347 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1348 for (i = 0; i < len && error == 0; i += 4) 1349 error = run_write(sc, reg + i, val); 1350 return (error); 1351 } 1352 1353 static int 1354 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1355 { 1356 uint32_t tmp; 1357 uint16_t reg; 1358 int error, ntries; 1359 1360 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1361 return (error); 1362 1363 if (count == 2) 1364 addr *= 2; 1365 /*- 1366 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1367 * DATA0: F E D C 1368 * DATA1: B A 9 8 1369 * DATA2: 7 6 5 4 1370 * DATA3: 3 2 1 0 1371 */ 1372 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1373 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1374 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1375 for (ntries = 0; ntries < 100; ntries++) { 1376 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1377 return (error); 1378 if (!(tmp & RT3070_EFSROM_KICK)) 1379 break; 1380 run_delay(sc, 2); 1381 } 1382 if (ntries == 100) 1383 return (ETIMEDOUT); 1384 1385 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1386 *val = 0xffff; /* address not found */ 1387 return (0); 1388 } 1389 /* determine to which 32-bit register our 16-bit word belongs */ 1390 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1391 if ((error = run_read(sc, reg, &tmp)) != 0) 1392 return (error); 1393 1394 tmp >>= (8 * (addr & 0x3)); 1395 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1396 1397 return (0); 1398 } 1399 1400 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1401 static int 1402 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1403 { 1404 return (run_efuse_read(sc, addr, val, 2)); 1405 } 1406 1407 static int 1408 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1409 { 1410 usb_device_request_t req; 1411 uint16_t tmp; 1412 int error; 1413 1414 addr *= 2; 1415 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1416 req.bRequest = RT2870_EEPROM_READ; 1417 USETW(req.wValue, 0); 1418 USETW(req.wIndex, addr); 1419 USETW(req.wLength, sizeof(tmp)); 1420 1421 error = usbd_do_request(sc->sc_udev, &sc->sc_lock, &req, &tmp); 1422 if (error == 0) 1423 *val = le16toh(tmp); 1424 else 1425 *val = 0xffff; 1426 return (error); 1427 } 1428 1429 static __inline int 1430 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1431 { 1432 /* either eFUSE ROM or EEPROM */ 1433 return sc->sc_srom_read(sc, addr, val); 1434 } 1435 1436 static int 1437 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1438 { 1439 uint32_t tmp; 1440 int error, ntries; 1441 1442 for (ntries = 0; ntries < 10; ntries++) { 1443 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1444 return (error); 1445 if (!(tmp & RT2860_RF_REG_CTRL)) 1446 break; 1447 } 1448 if (ntries == 10) 1449 return (ETIMEDOUT); 1450 1451 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1452 } 1453 1454 static int 1455 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1456 { 1457 uint32_t tmp; 1458 int error, ntries; 1459 1460 for (ntries = 0; ntries < 100; ntries++) { 1461 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1462 return (error); 1463 if (!(tmp & RT3070_RF_KICK)) 1464 break; 1465 } 1466 if (ntries == 100) 1467 return (ETIMEDOUT); 1468 1469 tmp = RT3070_RF_KICK | reg << 8; 1470 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1471 return (error); 1472 1473 for (ntries = 0; ntries < 100; ntries++) { 1474 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1475 return (error); 1476 if (!(tmp & RT3070_RF_KICK)) 1477 break; 1478 } 1479 if (ntries == 100) 1480 return (ETIMEDOUT); 1481 1482 *val = tmp & 0xff; 1483 return (0); 1484 } 1485 1486 static int 1487 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1488 { 1489 uint32_t tmp; 1490 int error, ntries; 1491 1492 for (ntries = 0; ntries < 10; ntries++) { 1493 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1494 return (error); 1495 if (!(tmp & RT3070_RF_KICK)) 1496 break; 1497 } 1498 if (ntries == 10) 1499 return (ETIMEDOUT); 1500 1501 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1502 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1503 } 1504 1505 static int 1506 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1507 { 1508 uint32_t tmp; 1509 int ntries, error; 1510 1511 for (ntries = 0; ntries < 10; ntries++) { 1512 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1513 return (error); 1514 if (!(tmp & RT2860_BBP_CSR_KICK)) 1515 break; 1516 } 1517 if (ntries == 10) 1518 return (ETIMEDOUT); 1519 1520 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1521 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1522 return (error); 1523 1524 for (ntries = 0; ntries < 10; ntries++) { 1525 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1526 return (error); 1527 if (!(tmp & RT2860_BBP_CSR_KICK)) 1528 break; 1529 } 1530 if (ntries == 10) 1531 return (ETIMEDOUT); 1532 1533 *val = tmp & 0xff; 1534 return (0); 1535 } 1536 1537 static int 1538 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1539 { 1540 uint32_t tmp; 1541 int ntries, error; 1542 1543 for (ntries = 0; ntries < 10; ntries++) { 1544 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1545 return (error); 1546 if (!(tmp & RT2860_BBP_CSR_KICK)) 1547 break; 1548 } 1549 if (ntries == 10) 1550 return (ETIMEDOUT); 1551 1552 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1553 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1554 } 1555 1556 /* 1557 * Send a command to the 8051 microcontroller unit. 1558 */ 1559 static int 1560 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1561 { 1562 uint32_t tmp; 1563 int error, ntries; 1564 1565 for (ntries = 0; ntries < 100; ntries++) { 1566 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1567 return error; 1568 if (!(tmp & RT2860_H2M_BUSY)) 1569 break; 1570 } 1571 if (ntries == 100) 1572 return ETIMEDOUT; 1573 1574 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1575 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1576 error = run_write(sc, RT2860_HOST_CMD, cmd); 1577 return (error); 1578 } 1579 1580 /* 1581 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1582 * Used to adjust per-rate Tx power registers. 1583 */ 1584 static __inline uint32_t 1585 b4inc(uint32_t b32, int8_t delta) 1586 { 1587 int8_t i, b4; 1588 1589 for (i = 0; i < 8; i++) { 1590 b4 = b32 & 0xf; 1591 b4 += delta; 1592 if (b4 < 0) 1593 b4 = 0; 1594 else if (b4 > 0xf) 1595 b4 = 0xf; 1596 b32 = b32 >> 4 | b4 << 28; 1597 } 1598 return (b32); 1599 } 1600 1601 static const char * 1602 run_get_rf(uint16_t rev) 1603 { 1604 switch (rev) { 1605 case RT2860_RF_2820: return "RT2820"; 1606 case RT2860_RF_2850: return "RT2850"; 1607 case RT2860_RF_2720: return "RT2720"; 1608 case RT2860_RF_2750: return "RT2750"; 1609 case RT3070_RF_3020: return "RT3020"; 1610 case RT3070_RF_2020: return "RT2020"; 1611 case RT3070_RF_3021: return "RT3021"; 1612 case RT3070_RF_3022: return "RT3022"; 1613 case RT3070_RF_3052: return "RT3052"; 1614 case RT3593_RF_3053: return "RT3053"; 1615 case RT5592_RF_5592: return "RT5592"; 1616 case RT5390_RF_5370: return "RT5370"; 1617 case RT5390_RF_5372: return "RT5372"; 1618 } 1619 return ("unknown"); 1620 } 1621 1622 static void 1623 run_rt3593_get_txpower(struct run_softc *sc) 1624 { 1625 uint16_t addr, val; 1626 int i; 1627 1628 /* Read power settings for 2GHz channels. */ 1629 for (i = 0; i < 14; i += 2) { 1630 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1631 RT2860_EEPROM_PWR2GHZ_BASE1; 1632 run_srom_read(sc, addr + i / 2, &val); 1633 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1634 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1635 1636 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1637 RT2860_EEPROM_PWR2GHZ_BASE2; 1638 run_srom_read(sc, addr + i / 2, &val); 1639 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1640 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1641 1642 if (sc->ntxchains == 3) { 1643 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1644 &val); 1645 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1646 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1647 } 1648 } 1649 /* Fix broken Tx power entries. */ 1650 for (i = 0; i < 14; i++) { 1651 if (sc->txpow1[i] > 31) 1652 sc->txpow1[i] = 5; 1653 if (sc->txpow2[i] > 31) 1654 sc->txpow2[i] = 5; 1655 if (sc->ntxchains == 3) { 1656 if (sc->txpow3[i] > 31) 1657 sc->txpow3[i] = 5; 1658 } 1659 } 1660 /* Read power settings for 5GHz channels. */ 1661 for (i = 0; i < 40; i += 2) { 1662 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1663 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1664 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1665 1666 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1667 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1668 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1669 1670 if (sc->ntxchains == 3) { 1671 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1672 &val); 1673 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1674 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1675 } 1676 } 1677 } 1678 1679 static void 1680 run_get_txpower(struct run_softc *sc) 1681 { 1682 uint16_t val; 1683 int i; 1684 1685 /* Read power settings for 2GHz channels. */ 1686 for (i = 0; i < 14; i += 2) { 1687 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1688 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1689 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1690 1691 if (sc->mac_ver != 0x5390) { 1692 run_srom_read(sc, 1693 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1694 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1695 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1696 } 1697 } 1698 /* Fix broken Tx power entries. */ 1699 for (i = 0; i < 14; i++) { 1700 if (sc->mac_ver >= 0x5390) { 1701 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1702 sc->txpow1[i] = 5; 1703 } else { 1704 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1705 sc->txpow1[i] = 5; 1706 } 1707 if (sc->mac_ver > 0x5390) { 1708 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1709 sc->txpow2[i] = 5; 1710 } else if (sc->mac_ver < 0x5390) { 1711 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1712 sc->txpow2[i] = 5; 1713 } 1714 DPRINTF("chan %d: power1=%d, power2=%d\n", 1715 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1716 } 1717 /* Read power settings for 5GHz channels. */ 1718 for (i = 0; i < 40; i += 2) { 1719 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1720 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1721 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1722 1723 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1724 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1725 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1726 } 1727 /* Fix broken Tx power entries. */ 1728 for (i = 0; i < 40; i++ ) { 1729 if (sc->mac_ver != 0x5592) { 1730 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1731 sc->txpow1[14 + i] = 5; 1732 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1733 sc->txpow2[14 + i] = 5; 1734 } 1735 DPRINTF("chan %d: power1=%d, power2=%d\n", 1736 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1737 sc->txpow2[14 + i]); 1738 } 1739 } 1740 1741 static int 1742 run_read_eeprom(struct run_softc *sc) 1743 { 1744 int8_t delta_2ghz, delta_5ghz; 1745 uint32_t tmp; 1746 uint16_t val; 1747 int ridx, ant, i; 1748 1749 /* check whether the ROM is eFUSE ROM or EEPROM */ 1750 sc->sc_srom_read = run_eeprom_read_2; 1751 if (sc->mac_ver >= 0x3070) { 1752 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1753 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1754 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1755 sc->sc_srom_read = run_efuse_read_2; 1756 } 1757 1758 /* read ROM version */ 1759 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1760 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1761 1762 /* read MAC address */ 1763 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1764 sc->sc_bssid[0] = val & 0xff; 1765 sc->sc_bssid[1] = val >> 8; 1766 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1767 sc->sc_bssid[2] = val & 0xff; 1768 sc->sc_bssid[3] = val >> 8; 1769 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1770 sc->sc_bssid[4] = val & 0xff; 1771 sc->sc_bssid[5] = val >> 8; 1772 1773 if (sc->mac_ver < 0x3593) { 1774 /* read vender BBP settings */ 1775 for (i = 0; i < 10; i++) { 1776 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1777 sc->bbp[i].val = val & 0xff; 1778 sc->bbp[i].reg = val >> 8; 1779 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1780 sc->bbp[i].val); 1781 } 1782 if (sc->mac_ver >= 0x3071) { 1783 /* read vendor RF settings */ 1784 for (i = 0; i < 10; i++) { 1785 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1786 &val); 1787 sc->rf[i].val = val & 0xff; 1788 sc->rf[i].reg = val >> 8; 1789 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1790 sc->rf[i].val); 1791 } 1792 } 1793 } 1794 1795 /* read RF frequency offset from EEPROM */ 1796 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1797 RT3593_EEPROM_FREQ, &val); 1798 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1799 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1800 1801 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1802 RT3593_EEPROM_FREQ_LEDS, &val); 1803 if (val >> 8 != 0xff) { 1804 /* read LEDs operating mode */ 1805 sc->leds = val >> 8; 1806 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1807 RT3593_EEPROM_LED1, &sc->led[0]); 1808 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1809 RT3593_EEPROM_LED2, &sc->led[1]); 1810 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1811 RT3593_EEPROM_LED3, &sc->led[2]); 1812 } else { 1813 /* broken EEPROM, use default settings */ 1814 sc->leds = 0x01; 1815 sc->led[0] = 0x5555; 1816 sc->led[1] = 0x2221; 1817 sc->led[2] = 0x5627; /* differs from RT2860 */ 1818 } 1819 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1820 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1821 1822 /* read RF information */ 1823 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1824 run_srom_read(sc, 0x00, &val); 1825 else 1826 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1827 1828 if (val == 0xffff) { 1829 device_printf(sc->sc_dev, 1830 "invalid EEPROM antenna info, using default\n"); 1831 DPRINTF("invalid EEPROM antenna info, using default\n"); 1832 if (sc->mac_ver == 0x3572) { 1833 /* default to RF3052 2T2R */ 1834 sc->rf_rev = RT3070_RF_3052; 1835 sc->ntxchains = 2; 1836 sc->nrxchains = 2; 1837 } else if (sc->mac_ver >= 0x3070) { 1838 /* default to RF3020 1T1R */ 1839 sc->rf_rev = RT3070_RF_3020; 1840 sc->ntxchains = 1; 1841 sc->nrxchains = 1; 1842 } else { 1843 /* default to RF2820 1T2R */ 1844 sc->rf_rev = RT2860_RF_2820; 1845 sc->ntxchains = 1; 1846 sc->nrxchains = 2; 1847 } 1848 } else { 1849 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1850 sc->rf_rev = val; 1851 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1852 } else 1853 sc->rf_rev = (val >> 8) & 0xf; 1854 sc->ntxchains = (val >> 4) & 0xf; 1855 sc->nrxchains = val & 0xf; 1856 } 1857 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1858 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1859 1860 /* check if RF supports automatic Tx access gain control */ 1861 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1862 DPRINTF("EEPROM CFG 0x%04x\n", val); 1863 /* check if driver should patch the DAC issue */ 1864 if ((val >> 8) != 0xff) 1865 sc->patch_dac = (val >> 15) & 1; 1866 if ((val & 0xff) != 0xff) { 1867 sc->ext_5ghz_lna = (val >> 3) & 1; 1868 sc->ext_2ghz_lna = (val >> 2) & 1; 1869 /* check if RF supports automatic Tx access gain control */ 1870 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1871 /* check if we have a hardware radio switch */ 1872 sc->rfswitch = val & 1; 1873 } 1874 1875 /* Read Tx power settings. */ 1876 if (sc->mac_ver == 0x3593) 1877 run_rt3593_get_txpower(sc); 1878 else 1879 run_get_txpower(sc); 1880 1881 /* read Tx power compensation for each Tx rate */ 1882 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1883 delta_2ghz = delta_5ghz = 0; 1884 if ((val & 0xff) != 0xff && (val & 0x80)) { 1885 delta_2ghz = val & 0xf; 1886 if (!(val & 0x40)) /* negative number */ 1887 delta_2ghz = -delta_2ghz; 1888 } 1889 val >>= 8; 1890 if ((val & 0xff) != 0xff && (val & 0x80)) { 1891 delta_5ghz = val & 0xf; 1892 if (!(val & 0x40)) /* negative number */ 1893 delta_5ghz = -delta_5ghz; 1894 } 1895 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1896 delta_2ghz, delta_5ghz); 1897 1898 for (ridx = 0; ridx < 5; ridx++) { 1899 uint32_t reg; 1900 1901 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1902 reg = val; 1903 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1904 reg |= (uint32_t)val << 16; 1905 1906 sc->txpow20mhz[ridx] = reg; 1907 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1908 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1909 1910 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1911 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1912 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1913 } 1914 1915 /* Read RSSI offsets and LNA gains from EEPROM. */ 1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1917 RT3593_EEPROM_RSSI1_2GHZ, &val); 1918 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1919 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1920 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1921 RT3593_EEPROM_RSSI2_2GHZ, &val); 1922 if (sc->mac_ver >= 0x3070) { 1923 if (sc->mac_ver == 0x3593) { 1924 sc->txmixgain_2ghz = 0; 1925 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1926 } else { 1927 /* 1928 * On RT3070 chips (limited to 2 Rx chains), this ROM 1929 * field contains the Tx mixer gain for the 2GHz band. 1930 */ 1931 if ((val & 0xff) != 0xff) 1932 sc->txmixgain_2ghz = val & 0x7; 1933 } 1934 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1935 } else 1936 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1937 if (sc->mac_ver == 0x3593) 1938 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1939 sc->lna[2] = val >> 8; /* channel group 2 */ 1940 1941 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1942 RT3593_EEPROM_RSSI1_5GHZ, &val); 1943 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1944 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1945 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1946 RT3593_EEPROM_RSSI2_5GHZ, &val); 1947 if (sc->mac_ver == 0x3572) { 1948 /* 1949 * On RT3572 chips (limited to 2 Rx chains), this ROM 1950 * field contains the Tx mixer gain for the 5GHz band. 1951 */ 1952 if ((val & 0xff) != 0xff) 1953 sc->txmixgain_5ghz = val & 0x7; 1954 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1955 } else 1956 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1957 if (sc->mac_ver == 0x3593) { 1958 sc->txmixgain_5ghz = 0; 1959 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1960 } 1961 sc->lna[3] = val >> 8; /* channel group 3 */ 1962 1963 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1964 RT3593_EEPROM_LNA, &val); 1965 sc->lna[0] = val & 0xff; /* channel group 0 */ 1966 sc->lna[1] = val >> 8; /* channel group 1 */ 1967 1968 /* fix broken 5GHz LNA entries */ 1969 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1970 DPRINTF("invalid LNA for channel group %d\n", 2); 1971 sc->lna[2] = sc->lna[1]; 1972 } 1973 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1974 DPRINTF("invalid LNA for channel group %d\n", 3); 1975 sc->lna[3] = sc->lna[1]; 1976 } 1977 1978 /* fix broken RSSI offset entries */ 1979 for (ant = 0; ant < 3; ant++) { 1980 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1981 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1982 ant + 1, sc->rssi_2ghz[ant]); 1983 sc->rssi_2ghz[ant] = 0; 1984 } 1985 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1986 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1987 ant + 1, sc->rssi_5ghz[ant]); 1988 sc->rssi_5ghz[ant] = 0; 1989 } 1990 } 1991 return (0); 1992 } 1993 1994 static struct ieee80211_node * 1995 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1996 { 1997 return kmalloc(sizeof (struct run_node), M_DEVBUF, M_WAITOK | M_ZERO); 1998 } 1999 2000 static int 2001 run_media_change(struct ifnet *ifp) 2002 { 2003 struct ieee80211vap *vap = ifp->if_softc; 2004 struct ieee80211com *ic = vap->iv_ic; 2005 const struct ieee80211_txparam *tp; 2006 struct run_softc *sc = ic->ic_ifp->if_softc; 2007 uint8_t rate, ridx; 2008 int error; 2009 2010 RUN_LOCK(sc); 2011 2012 error = ieee80211_media_change(ifp); 2013 if (error != ENETRESET) { 2014 RUN_UNLOCK(sc); 2015 return (error); 2016 } 2017 2018 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2019 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2020 struct ieee80211_node *ni; 2021 struct run_node *rn; 2022 2023 rate = ic->ic_sup_rates[ic->ic_curmode]. 2024 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2025 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2026 if (rt2860_rates[ridx].rate == rate) 2027 break; 2028 ni = ieee80211_ref_node(vap->iv_bss); 2029 rn = (struct run_node *)ni; 2030 rn->fix_ridx = ridx; 2031 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2032 ieee80211_free_node(ni); 2033 } 2034 2035 #if 0 2036 if ((ifp->if_flags & IFF_UP) && 2037 (ifp->if_flags & IFF_RUNNING)){ 2038 run_init_locked(sc); 2039 } 2040 #endif 2041 2042 RUN_UNLOCK(sc); 2043 2044 return (0); 2045 } 2046 2047 static int 2048 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2049 { 2050 const struct ieee80211_txparam *tp; 2051 struct ieee80211com *ic = vap->iv_ic; 2052 struct run_softc *sc = ic->ic_ifp->if_softc; 2053 struct run_vap *rvp = RUN_VAP(vap); 2054 enum ieee80211_state ostate; 2055 uint32_t sta[3]; 2056 uint32_t tmp; 2057 uint8_t ratectl; 2058 uint8_t restart_ratectl = 0; 2059 uint8_t bid = 1 << rvp->rvp_id; 2060 2061 ostate = vap->iv_state; 2062 DPRINTF("%s -> %s\n", 2063 ieee80211_state_name[ostate], 2064 ieee80211_state_name[nstate]); 2065 2066 RUN_LOCK(sc); 2067 2068 ratectl = sc->ratectl_run; /* remember current state */ 2069 sc->ratectl_run = RUN_RATECTL_OFF; 2070 usb_callout_stop(&sc->ratectl_ch); 2071 2072 if (ostate == IEEE80211_S_RUN) { 2073 /* turn link LED off */ 2074 run_set_leds(sc, RT2860_LED_RADIO); 2075 } 2076 2077 switch (nstate) { 2078 case IEEE80211_S_INIT: 2079 restart_ratectl = 1; 2080 2081 if (ostate != IEEE80211_S_RUN) 2082 break; 2083 2084 ratectl &= ~bid; 2085 sc->runbmap &= ~bid; 2086 2087 /* abort TSF synchronization if there is no vap running */ 2088 if (--sc->running == 0) { 2089 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2090 run_write(sc, RT2860_BCN_TIME_CFG, 2091 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2092 RT2860_TBTT_TIMER_EN)); 2093 } 2094 break; 2095 2096 case IEEE80211_S_RUN: 2097 if (!(sc->runbmap & bid)) { 2098 if(sc->running++) 2099 restart_ratectl = 1; 2100 sc->runbmap |= bid; 2101 } 2102 2103 m_freem(rvp->beacon_mbuf); 2104 rvp->beacon_mbuf = NULL; 2105 2106 switch (vap->iv_opmode) { 2107 case IEEE80211_M_HOSTAP: 2108 case IEEE80211_M_MBSS: 2109 sc->ap_running |= bid; 2110 ic->ic_opmode = vap->iv_opmode; 2111 run_update_beacon_cb(vap); 2112 break; 2113 case IEEE80211_M_IBSS: 2114 sc->adhoc_running |= bid; 2115 if (!sc->ap_running) 2116 ic->ic_opmode = vap->iv_opmode; 2117 run_update_beacon_cb(vap); 2118 break; 2119 case IEEE80211_M_STA: 2120 sc->sta_running |= bid; 2121 if (!sc->ap_running && !sc->adhoc_running) 2122 ic->ic_opmode = vap->iv_opmode; 2123 2124 /* read statistic counters (clear on read) */ 2125 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2126 (uint8_t *)sta, sizeof sta); 2127 2128 break; 2129 default: 2130 ic->ic_opmode = vap->iv_opmode; 2131 break; 2132 } 2133 2134 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2135 struct ieee80211_node *ni; 2136 2137 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2138 RUN_UNLOCK(sc); 2139 return (-1); 2140 } 2141 run_updateslot(ic->ic_ifp); 2142 run_enable_mrr(sc); 2143 run_set_txpreamble(sc); 2144 run_set_basicrates(sc); 2145 ni = ieee80211_ref_node(vap->iv_bss); 2146 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2147 run_set_bssid(sc, ni->ni_bssid); 2148 ieee80211_free_node(ni); 2149 run_enable_tsf_sync(sc); 2150 2151 /* enable automatic rate adaptation */ 2152 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2153 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2154 ratectl |= bid; 2155 } 2156 2157 /* turn link LED on */ 2158 run_set_leds(sc, RT2860_LED_RADIO | 2159 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2160 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2161 2162 break; 2163 default: 2164 DPRINTFN(6, "undefined case\n"); 2165 break; 2166 } 2167 2168 /* restart amrr for running VAPs */ 2169 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2170 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2171 2172 RUN_UNLOCK(sc); 2173 2174 return(rvp->newstate(vap, nstate, arg)); 2175 } 2176 2177 /* ARGSUSED */ 2178 static void 2179 run_wme_update_cb(void *arg) 2180 { 2181 struct ieee80211com *ic = arg; 2182 struct run_softc *sc = ic->ic_ifp->if_softc; 2183 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2184 int aci, error = 0; 2185 2186 RUN_LOCK_ASSERT(sc, MA_OWNED); 2187 2188 /* update MAC TX configuration registers */ 2189 for (aci = 0; aci < WME_NUM_AC; aci++) { 2190 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2191 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2192 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2193 wmesp->wme_params[aci].wmep_aifsn << 8 | 2194 wmesp->wme_params[aci].wmep_txopLimit); 2195 if (error) goto err; 2196 } 2197 2198 /* update SCH/DMA registers too */ 2199 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2200 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2201 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2202 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2203 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2204 if (error) goto err; 2205 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2206 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2207 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2208 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2209 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2210 if (error) goto err; 2211 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2212 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2213 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2214 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2215 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2216 if (error) goto err; 2217 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2218 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2219 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2220 if (error) goto err; 2221 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2222 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2223 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2224 2225 err: 2226 if (error) 2227 DPRINTF("WME update failed\n"); 2228 2229 return; 2230 } 2231 2232 static int 2233 run_wme_update(struct ieee80211com *ic) 2234 { 2235 struct run_softc *sc = ic->ic_ifp->if_softc; 2236 2237 #if 0 /* XXX swildner */ 2238 /* sometime called without lock */ 2239 if (mtx_owned(&ic->ic_comlock.mtx)) { 2240 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2241 DPRINTF("cmdq_store=%d\n", i); 2242 sc->cmdq[i].func = run_wme_update_cb; 2243 sc->cmdq[i].arg0 = ic; 2244 ieee80211_runtask(ic, &sc->cmdq_task); 2245 return (0); 2246 } 2247 #endif 2248 2249 RUN_LOCK(sc); 2250 run_wme_update_cb(ic); 2251 RUN_UNLOCK(sc); 2252 2253 /* return whatever, upper layer desn't care anyway */ 2254 return (0); 2255 } 2256 2257 static void 2258 run_key_update_begin(struct ieee80211vap *vap) 2259 { 2260 /* 2261 * To avoid out-of-order events, both run_key_set() and 2262 * _delete() are deferred and handled by run_cmdq_cb(). 2263 * So, there is nothing we need to do here. 2264 */ 2265 } 2266 2267 static void 2268 run_key_update_end(struct ieee80211vap *vap) 2269 { 2270 /* null */ 2271 } 2272 2273 static void 2274 run_key_set_cb(void *arg) 2275 { 2276 struct run_cmdq *cmdq = arg; 2277 struct ieee80211vap *vap = cmdq->arg1; 2278 struct ieee80211_key *k = cmdq->k; 2279 struct ieee80211com *ic = vap->iv_ic; 2280 struct run_softc *sc = ic->ic_ifp->if_softc; 2281 struct ieee80211_node *ni; 2282 uint32_t attr; 2283 uint16_t base, associd; 2284 uint8_t mode, wcid, iv[8]; 2285 2286 RUN_LOCK_ASSERT(sc, MA_OWNED); 2287 2288 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2289 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2290 else 2291 ni = vap->iv_bss; 2292 associd = (ni != NULL) ? ni->ni_associd : 0; 2293 2294 /* map net80211 cipher to RT2860 security mode */ 2295 switch (k->wk_cipher->ic_cipher) { 2296 case IEEE80211_CIPHER_WEP: 2297 if(k->wk_keylen < 8) 2298 mode = RT2860_MODE_WEP40; 2299 else 2300 mode = RT2860_MODE_WEP104; 2301 break; 2302 case IEEE80211_CIPHER_TKIP: 2303 mode = RT2860_MODE_TKIP; 2304 break; 2305 case IEEE80211_CIPHER_AES_CCM: 2306 mode = RT2860_MODE_AES_CCMP; 2307 break; 2308 default: 2309 DPRINTF("undefined case\n"); 2310 return; 2311 } 2312 2313 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2314 associd, k->wk_keyix, mode, 2315 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2316 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2317 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2318 2319 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2320 wcid = 0; /* NB: update WCID0 for group keys */ 2321 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2322 } else { 2323 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2324 1 : RUN_AID2WCID(associd); 2325 base = RT2860_PKEY(wcid); 2326 } 2327 2328 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2329 if(run_write_region_1(sc, base, k->wk_key, 16)) 2330 return; 2331 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2332 return; 2333 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2334 return; 2335 } else { 2336 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2337 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2338 return; 2339 } 2340 2341 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2342 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2343 /* set initial packet number in IV+EIV */ 2344 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2345 memset(iv, 0, sizeof iv); 2346 iv[3] = vap->iv_def_txkey << 6; 2347 } else { 2348 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2349 iv[0] = k->wk_keytsc >> 8; 2350 iv[1] = (iv[0] | 0x20) & 0x7f; 2351 iv[2] = k->wk_keytsc; 2352 } else /* CCMP */ { 2353 iv[0] = k->wk_keytsc; 2354 iv[1] = k->wk_keytsc >> 8; 2355 iv[2] = 0; 2356 } 2357 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2358 iv[4] = k->wk_keytsc >> 16; 2359 iv[5] = k->wk_keytsc >> 24; 2360 iv[6] = k->wk_keytsc >> 32; 2361 iv[7] = k->wk_keytsc >> 40; 2362 } 2363 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2364 return; 2365 } 2366 2367 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2368 /* install group key */ 2369 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2370 return; 2371 attr &= ~(0xf << (k->wk_keyix * 4)); 2372 attr |= mode << (k->wk_keyix * 4); 2373 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2374 return; 2375 } else { 2376 /* install pairwise key */ 2377 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2378 return; 2379 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2380 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2381 return; 2382 } 2383 2384 /* TODO create a pass-thru key entry? */ 2385 2386 /* need wcid to delete the right key later */ 2387 k->wk_pad = wcid; 2388 } 2389 2390 /* 2391 * Don't have to be deferred, but in order to keep order of 2392 * execution, i.e. with run_key_delete(), defer this and let 2393 * run_cmdq_cb() maintain the order. 2394 * 2395 * return 0 on error 2396 */ 2397 static int 2398 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2399 const uint8_t mac[IEEE80211_ADDR_LEN]) 2400 { 2401 struct ieee80211com *ic = vap->iv_ic; 2402 struct run_softc *sc = ic->ic_ifp->if_softc; 2403 uint32_t i; 2404 2405 i = RUN_CMDQ_GET(&sc->cmdq_store); 2406 DPRINTF("cmdq_store=%d\n", i); 2407 sc->cmdq[i].func = run_key_set_cb; 2408 sc->cmdq[i].arg0 = NULL; 2409 sc->cmdq[i].arg1 = vap; 2410 sc->cmdq[i].k = k; 2411 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2412 ieee80211_runtask(ic, &sc->cmdq_task); 2413 2414 /* 2415 * To make sure key will be set when hostapd 2416 * calls iv_key_set() before if_init(). 2417 */ 2418 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2419 RUN_LOCK(sc); 2420 sc->cmdq_key_set = RUN_CMDQ_GO; 2421 RUN_UNLOCK(sc); 2422 } 2423 2424 return (1); 2425 } 2426 2427 /* 2428 * If wlan is destroyed without being brought down i.e. without 2429 * wlan down or wpa_cli terminate, this function is called after 2430 * vap is gone. Don't refer it. 2431 */ 2432 static void 2433 run_key_delete_cb(void *arg) 2434 { 2435 struct run_cmdq *cmdq = arg; 2436 struct run_softc *sc = cmdq->arg1; 2437 struct ieee80211_key *k = &cmdq->key; 2438 uint32_t attr; 2439 uint8_t wcid; 2440 2441 RUN_LOCK_ASSERT(sc, MA_OWNED); 2442 2443 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2444 /* remove group key */ 2445 DPRINTF("removing group key\n"); 2446 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2447 attr &= ~(0xf << (k->wk_keyix * 4)); 2448 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2449 } else { 2450 /* remove pairwise key */ 2451 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2452 /* matching wcid was written to wk_pad in run_key_set() */ 2453 wcid = k->wk_pad; 2454 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2455 attr &= ~0xf; 2456 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2457 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2458 } 2459 2460 k->wk_pad = 0; 2461 } 2462 2463 /* 2464 * return 0 on error 2465 */ 2466 static int 2467 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2468 { 2469 struct ieee80211com *ic = vap->iv_ic; 2470 struct run_softc *sc = ic->ic_ifp->if_softc; 2471 struct ieee80211_key *k0; 2472 uint32_t i; 2473 2474 /* 2475 * When called back, key might be gone. So, make a copy 2476 * of some values need to delete keys before deferring. 2477 * But, because of LOR with node lock, cannot use lock here. 2478 * So, use atomic instead. 2479 */ 2480 i = RUN_CMDQ_GET(&sc->cmdq_store); 2481 DPRINTF("cmdq_store=%d\n", i); 2482 sc->cmdq[i].func = run_key_delete_cb; 2483 sc->cmdq[i].arg0 = NULL; 2484 sc->cmdq[i].arg1 = sc; 2485 k0 = &sc->cmdq[i].key; 2486 k0->wk_flags = k->wk_flags; 2487 k0->wk_keyix = k->wk_keyix; 2488 /* matching wcid was written to wk_pad in run_key_set() */ 2489 k0->wk_pad = k->wk_pad; 2490 ieee80211_runtask(ic, &sc->cmdq_task); 2491 return (1); /* return fake success */ 2492 2493 } 2494 2495 static void 2496 run_ratectl_to(void *arg) 2497 { 2498 struct run_softc *sc = arg; 2499 2500 /* do it in a process context, so it can go sleep */ 2501 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2502 /* next timeout will be rescheduled in the callback task */ 2503 } 2504 2505 /* ARGSUSED */ 2506 static void 2507 run_ratectl_cb(void *arg, int pending) 2508 { 2509 struct run_softc *sc = arg; 2510 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2511 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2512 2513 if (vap == NULL) 2514 return; 2515 2516 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2517 /* 2518 * run_reset_livelock() doesn't do anything with AMRR, 2519 * but Ralink wants us to call it every 1 sec. So, we 2520 * piggyback here rather than creating another callout. 2521 * Livelock may occur only in HOSTAP or IBSS mode 2522 * (when h/w is sending beacons). 2523 */ 2524 RUN_LOCK(sc); 2525 run_reset_livelock(sc); 2526 /* just in case, there are some stats to drain */ 2527 run_drain_fifo(sc); 2528 RUN_UNLOCK(sc); 2529 } 2530 2531 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2532 2533 RUN_LOCK(sc); 2534 if(sc->ratectl_run != RUN_RATECTL_OFF) 2535 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2536 RUN_UNLOCK(sc); 2537 } 2538 2539 static void 2540 run_drain_fifo(void *arg) 2541 { 2542 struct run_softc *sc = arg; 2543 struct ifnet *ifp = sc->sc_ifp; 2544 uint32_t stat; 2545 uint16_t (*wstat)[3]; 2546 uint8_t wcid, mcs, pid; 2547 int8_t retry; 2548 2549 RUN_LOCK_ASSERT(sc, MA_OWNED); 2550 2551 for (;;) { 2552 /* drain Tx status FIFO (maxsize = 16) */ 2553 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2554 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2555 if (!(stat & RT2860_TXQ_VLD)) 2556 break; 2557 2558 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2559 2560 /* if no ACK was requested, no feedback is available */ 2561 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2562 wcid == 0) 2563 continue; 2564 2565 /* 2566 * Even though each stat is Tx-complete-status like format, 2567 * the device can poll stats. Because there is no guarantee 2568 * that the referring node is still around when read the stats. 2569 * So that, if we use ieee80211_ratectl_tx_update(), we will 2570 * have hard time not to refer already freed node. 2571 * 2572 * To eliminate such page faults, we poll stats in softc. 2573 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2574 */ 2575 wstat = &(sc->wcid_stats[wcid]); 2576 (*wstat)[RUN_TXCNT]++; 2577 if (stat & RT2860_TXQ_OK) 2578 (*wstat)[RUN_SUCCESS]++; 2579 else 2580 ifp->if_oerrors++; 2581 /* 2582 * Check if there were retries, ie if the Tx success rate is 2583 * different from the requested rate. Note that it works only 2584 * because we do not allow rate fallback from OFDM to CCK. 2585 */ 2586 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2587 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2588 if ((retry = pid -1 - mcs) > 0) { 2589 (*wstat)[RUN_TXCNT] += retry; 2590 (*wstat)[RUN_RETRY] += retry; 2591 } 2592 } 2593 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2594 2595 sc->fifo_cnt = 0; 2596 } 2597 2598 static void 2599 run_iter_func(void *arg, struct ieee80211_node *ni) 2600 { 2601 struct run_softc *sc = arg; 2602 struct ieee80211vap *vap = ni->ni_vap; 2603 struct ieee80211com *ic = ni->ni_ic; 2604 struct ifnet *ifp = ic->ic_ifp; 2605 struct run_node *rn = (void *)ni; 2606 union run_stats sta[2]; 2607 uint16_t (*wstat)[3]; 2608 int txcnt, success, retrycnt, error; 2609 2610 RUN_LOCK(sc); 2611 2612 /* Check for special case */ 2613 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2614 ni != vap->iv_bss) 2615 goto fail; 2616 2617 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2618 vap->iv_opmode == IEEE80211_M_STA)) { 2619 /* read statistic counters (clear on read) and update AMRR state */ 2620 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2621 sizeof sta); 2622 if (error != 0) 2623 goto fail; 2624 2625 /* count failed TX as errors */ 2626 ifp->if_oerrors += le16toh(sta[0].error.fail); 2627 2628 retrycnt = le16toh(sta[1].tx.retry); 2629 success = le16toh(sta[1].tx.success); 2630 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2631 2632 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2633 retrycnt, success, le16toh(sta[0].error.fail)); 2634 } else { 2635 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2636 2637 if (wstat == &(sc->wcid_stats[0]) || 2638 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2639 goto fail; 2640 2641 txcnt = (*wstat)[RUN_TXCNT]; 2642 success = (*wstat)[RUN_SUCCESS]; 2643 retrycnt = (*wstat)[RUN_RETRY]; 2644 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2645 retrycnt, txcnt, success); 2646 2647 memset(wstat, 0, sizeof(*wstat)); 2648 } 2649 2650 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2651 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2652 2653 fail: 2654 RUN_UNLOCK(sc); 2655 2656 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2657 } 2658 2659 static void 2660 run_newassoc_cb(void *arg) 2661 { 2662 struct run_cmdq *cmdq = arg; 2663 struct ieee80211_node *ni = cmdq->arg1; 2664 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2665 uint8_t wcid = cmdq->wcid; 2666 2667 RUN_LOCK_ASSERT(sc, MA_OWNED); 2668 2669 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2670 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2671 2672 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2673 } 2674 2675 static void 2676 run_newassoc(struct ieee80211_node *ni, int isnew) 2677 { 2678 struct run_node *rn = (void *)ni; 2679 struct ieee80211_rateset *rs = &ni->ni_rates; 2680 struct ieee80211vap *vap = ni->ni_vap; 2681 struct ieee80211com *ic = vap->iv_ic; 2682 struct run_softc *sc = ic->ic_ifp->if_softc; 2683 uint8_t rate; 2684 uint8_t ridx; 2685 uint8_t wcid; 2686 int i, j; 2687 #ifdef RUN_DEBUG 2688 char ethstr[ETHER_ADDRSTRLEN + 1]; 2689 #endif 2690 2691 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2692 1 : RUN_AID2WCID(ni->ni_associd); 2693 2694 if (wcid > RT2870_WCID_MAX) { 2695 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2696 return; 2697 } 2698 2699 /* only interested in true associations */ 2700 if (isnew && ni->ni_associd != 0) { 2701 2702 /* 2703 * This function could is called though timeout function. 2704 * Need to defer. 2705 */ 2706 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2707 DPRINTF("cmdq_store=%d\n", cnt); 2708 sc->cmdq[cnt].func = run_newassoc_cb; 2709 sc->cmdq[cnt].arg0 = NULL; 2710 sc->cmdq[cnt].arg1 = ni; 2711 sc->cmdq[cnt].wcid = wcid; 2712 ieee80211_runtask(ic, &sc->cmdq_task); 2713 } 2714 2715 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2716 isnew, ni->ni_associd, kether_ntoa(ni->ni_macaddr, ethstr)); 2717 2718 for (i = 0; i < rs->rs_nrates; i++) { 2719 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2720 /* convert 802.11 rate to hardware rate index */ 2721 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2722 if (rt2860_rates[ridx].rate == rate) 2723 break; 2724 rn->ridx[i] = ridx; 2725 /* determine rate of control response frames */ 2726 for (j = i; j >= 0; j--) { 2727 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2728 rt2860_rates[rn->ridx[i]].phy == 2729 rt2860_rates[rn->ridx[j]].phy) 2730 break; 2731 } 2732 if (j >= 0) { 2733 rn->ctl_ridx[i] = rn->ridx[j]; 2734 } else { 2735 /* no basic rate found, use mandatory one */ 2736 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2737 } 2738 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2739 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2740 } 2741 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2742 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2743 if (rt2860_rates[ridx].rate == rate) 2744 break; 2745 rn->mgt_ridx = ridx; 2746 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2747 2748 RUN_LOCK(sc); 2749 if(sc->ratectl_run != RUN_RATECTL_OFF) 2750 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2751 RUN_UNLOCK(sc); 2752 } 2753 2754 /* 2755 * Return the Rx chain with the highest RSSI for a given frame. 2756 */ 2757 static __inline uint8_t 2758 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2759 { 2760 uint8_t rxchain = 0; 2761 2762 if (sc->nrxchains > 1) { 2763 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2764 rxchain = 1; 2765 if (sc->nrxchains > 2) 2766 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2767 rxchain = 2; 2768 } 2769 return (rxchain); 2770 } 2771 2772 static void 2773 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2774 { 2775 struct ifnet *ifp = sc->sc_ifp; 2776 struct ieee80211com *ic = ifp->if_l2com; 2777 struct ieee80211_frame *wh; 2778 struct ieee80211_node *ni; 2779 struct rt2870_rxd *rxd; 2780 struct rt2860_rxwi *rxwi; 2781 uint32_t flags; 2782 uint16_t len, rxwisize; 2783 uint8_t ant, rssi; 2784 int8_t nf; 2785 2786 rxwi = mtod(m, struct rt2860_rxwi *); 2787 len = le16toh(rxwi->len) & 0xfff; 2788 rxwisize = sizeof(struct rt2860_rxwi); 2789 if (sc->mac_ver == 0x5592) 2790 rxwisize += sizeof(uint64_t); 2791 else if (sc->mac_ver == 0x3593) 2792 rxwisize += sizeof(uint32_t); 2793 if (__predict_false(len > dmalen)) { 2794 m_freem(m); 2795 ifp->if_ierrors++; 2796 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2797 return; 2798 } 2799 /* Rx descriptor is located at the end */ 2800 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2801 flags = le32toh(rxd->flags); 2802 2803 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2804 m_freem(m); 2805 ifp->if_ierrors++; 2806 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2807 return; 2808 } 2809 2810 m->m_data += rxwisize; 2811 m->m_pkthdr.len = m->m_len -= rxwisize; 2812 2813 wh = mtod(m, struct ieee80211_frame *); 2814 2815 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 2816 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 2817 m->m_flags |= M_WEP; 2818 } 2819 2820 if (flags & RT2860_RX_L2PAD) { 2821 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2822 len += 2; 2823 } 2824 2825 ni = ieee80211_find_rxnode(ic, 2826 mtod(m, struct ieee80211_frame_min *)); 2827 2828 if (__predict_false(flags & RT2860_RX_MICERR)) { 2829 /* report MIC failures to net80211 for TKIP */ 2830 if (ni != NULL) 2831 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2832 rxwi->keyidx); 2833 m_freem(m); 2834 ifp->if_ierrors++; 2835 DPRINTF("MIC error. Someone is lying.\n"); 2836 return; 2837 } 2838 2839 ant = run_maxrssi_chain(sc, rxwi); 2840 rssi = rxwi->rssi[ant]; 2841 nf = run_rssi2dbm(sc, rssi, ant); 2842 2843 m->m_pkthdr.rcvif = ifp; 2844 m->m_pkthdr.len = m->m_len = len; 2845 2846 if (ni != NULL) { 2847 (void)ieee80211_input(ni, m, rssi, nf); 2848 ieee80211_free_node(ni); 2849 } else { 2850 (void)ieee80211_input_all(ic, m, rssi, nf); 2851 } 2852 2853 if (__predict_false(ieee80211_radiotap_active(ic))) { 2854 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2855 uint16_t phy; 2856 2857 tap->wr_flags = 0; 2858 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2859 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2860 tap->wr_antsignal = rssi; 2861 tap->wr_antenna = ant; 2862 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2863 tap->wr_rate = 2; /* in case it can't be found below */ 2864 phy = le16toh(rxwi->phy); 2865 switch (phy & RT2860_PHY_MODE) { 2866 case RT2860_PHY_CCK: 2867 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2868 case 0: tap->wr_rate = 2; break; 2869 case 1: tap->wr_rate = 4; break; 2870 case 2: tap->wr_rate = 11; break; 2871 case 3: tap->wr_rate = 22; break; 2872 } 2873 if (phy & RT2860_PHY_SHPRE) 2874 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2875 break; 2876 case RT2860_PHY_OFDM: 2877 switch (phy & RT2860_PHY_MCS) { 2878 case 0: tap->wr_rate = 12; break; 2879 case 1: tap->wr_rate = 18; break; 2880 case 2: tap->wr_rate = 24; break; 2881 case 3: tap->wr_rate = 36; break; 2882 case 4: tap->wr_rate = 48; break; 2883 case 5: tap->wr_rate = 72; break; 2884 case 6: tap->wr_rate = 96; break; 2885 case 7: tap->wr_rate = 108; break; 2886 } 2887 break; 2888 } 2889 } 2890 } 2891 2892 static void 2893 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2894 { 2895 struct run_softc *sc = usbd_xfer_softc(xfer); 2896 struct ifnet *ifp = sc->sc_ifp; 2897 struct mbuf *m = NULL; 2898 struct mbuf *m0; 2899 uint32_t dmalen; 2900 uint16_t rxwisize; 2901 int xferlen; 2902 2903 rxwisize = sizeof(struct rt2860_rxwi); 2904 if (sc->mac_ver == 0x5592) 2905 rxwisize += sizeof(uint64_t); 2906 else if (sc->mac_ver == 0x3593) 2907 rxwisize += sizeof(uint32_t); 2908 2909 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2910 2911 switch (USB_GET_STATE(xfer)) { 2912 case USB_ST_TRANSFERRED: 2913 2914 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2915 2916 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2917 sizeof(struct rt2870_rxd))) { 2918 DPRINTF("xfer too short %d\n", xferlen); 2919 goto tr_setup; 2920 } 2921 2922 m = sc->rx_m; 2923 sc->rx_m = NULL; 2924 2925 /* FALLTHROUGH */ 2926 case USB_ST_SETUP: 2927 tr_setup: 2928 if (sc->rx_m == NULL) { 2929 sc->rx_m = m_getjcl(MB_DONTWAIT, MT_DATA, M_PKTHDR, 2930 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2931 } 2932 if (sc->rx_m == NULL) { 2933 DPRINTF("could not allocate mbuf - idle with stall\n"); 2934 ifp->if_ierrors++; 2935 usbd_xfer_set_stall(xfer); 2936 usbd_xfer_set_frames(xfer, 0); 2937 } else { 2938 /* 2939 * Directly loading a mbuf cluster into DMA to 2940 * save some data copying. This works because 2941 * there is only one cluster. 2942 */ 2943 usbd_xfer_set_frame_data(xfer, 0, 2944 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2945 usbd_xfer_set_frames(xfer, 1); 2946 } 2947 usbd_transfer_submit(xfer); 2948 break; 2949 2950 default: /* Error */ 2951 if (error != USB_ERR_CANCELLED) { 2952 /* try to clear stall first */ 2953 usbd_xfer_set_stall(xfer); 2954 2955 if (error == USB_ERR_TIMEOUT) 2956 device_printf(sc->sc_dev, "device timeout\n"); 2957 2958 ifp->if_ierrors++; 2959 2960 goto tr_setup; 2961 } 2962 if (sc->rx_m != NULL) { 2963 m_freem(sc->rx_m); 2964 sc->rx_m = NULL; 2965 } 2966 break; 2967 } 2968 2969 if (m == NULL) 2970 return; 2971 2972 /* inputting all the frames must be last */ 2973 2974 RUN_UNLOCK(sc); 2975 2976 m->m_pkthdr.len = m->m_len = xferlen; 2977 2978 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2979 for(;;) { 2980 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2981 2982 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2983 ((dmalen & 3) != 0)) { 2984 DPRINTF("bad DMA length %u\n", dmalen); 2985 break; 2986 } 2987 if ((dmalen + 8) > (uint32_t)xferlen) { 2988 DPRINTF("bad DMA length %u > %d\n", 2989 dmalen + 8, xferlen); 2990 break; 2991 } 2992 2993 /* If it is the last one or a single frame, we won't copy. */ 2994 if ((xferlen -= dmalen + 8) <= 8) { 2995 /* trim 32-bit DMA-len header */ 2996 m->m_data += 4; 2997 m->m_pkthdr.len = m->m_len -= 4; 2998 run_rx_frame(sc, m, dmalen); 2999 m = NULL; /* don't free source buffer */ 3000 break; 3001 } 3002 3003 /* copy aggregated frames to another mbuf */ 3004 m0 = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR); 3005 if (__predict_false(m0 == NULL)) { 3006 DPRINTF("could not allocate mbuf\n"); 3007 ifp->if_ierrors++; 3008 break; 3009 } 3010 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3011 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3012 m0->m_pkthdr.len = m0->m_len = 3013 dmalen + sizeof(struct rt2870_rxd); 3014 run_rx_frame(sc, m0, dmalen); 3015 3016 /* update data ptr */ 3017 m->m_data += dmalen + 8; 3018 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3019 } 3020 3021 /* make sure we free the source buffer, if any */ 3022 m_freem(m); 3023 3024 RUN_LOCK(sc); 3025 } 3026 3027 static void 3028 run_tx_free(struct run_endpoint_queue *pq, 3029 struct run_tx_data *data, int txerr) 3030 { 3031 if (data->m != NULL) { 3032 if (data->m->m_flags & M_TXCB) 3033 ieee80211_process_callback(data->ni, data->m, 3034 txerr ? ETIMEDOUT : 0); 3035 m_freem(data->m); 3036 data->m = NULL; 3037 3038 if (data->ni == NULL) { 3039 DPRINTF("no node\n"); 3040 } else { 3041 ieee80211_free_node(data->ni); 3042 data->ni = NULL; 3043 } 3044 } 3045 3046 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3047 pq->tx_nfree++; 3048 } 3049 3050 static void 3051 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3052 { 3053 struct run_softc *sc = usbd_xfer_softc(xfer); 3054 struct ifnet *ifp = sc->sc_ifp; 3055 struct ieee80211com *ic = ifp->if_l2com; 3056 struct run_tx_data *data; 3057 struct ieee80211vap *vap = NULL; 3058 struct usb_page_cache *pc; 3059 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3060 struct mbuf *m; 3061 usb_frlength_t size; 3062 int actlen; 3063 int sumlen; 3064 3065 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3066 3067 switch (USB_GET_STATE(xfer)) { 3068 case USB_ST_TRANSFERRED: 3069 DPRINTFN(11, "transfer complete: %d " 3070 "bytes @ index %d\n", actlen, index); 3071 3072 data = usbd_xfer_get_priv(xfer); 3073 3074 run_tx_free(pq, data, 0); 3075 ifq_clr_oactive(&ifp->if_snd); 3076 3077 usbd_xfer_set_priv(xfer, NULL); 3078 3079 ifp->if_opackets++; 3080 3081 /* FALLTHROUGH */ 3082 case USB_ST_SETUP: 3083 tr_setup: 3084 data = STAILQ_FIRST(&pq->tx_qh); 3085 if (data == NULL) 3086 break; 3087 3088 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3089 3090 m = data->m; 3091 size = (sc->mac_ver == 0x5592) ? 3092 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3093 if ((m->m_pkthdr.len + 3094 size + 3 + 8) > RUN_MAX_TXSZ) { 3095 DPRINTF("data overflow, %u bytes\n", 3096 m->m_pkthdr.len); 3097 3098 ifp->if_oerrors++; 3099 3100 run_tx_free(pq, data, 1); 3101 3102 goto tr_setup; 3103 } 3104 3105 pc = usbd_xfer_get_frame(xfer, 0); 3106 usbd_copy_in(pc, 0, &data->desc, size); 3107 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3108 size += m->m_pkthdr.len; 3109 /* 3110 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3111 * 4-byte padding), and be sure to zero those trailing 3112 * bytes: 3113 */ 3114 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3115 size += ((-size) & 3) + 8; 3116 3117 vap = data->ni->ni_vap; 3118 if (ieee80211_radiotap_active_vap(vap)) { 3119 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3120 struct rt2860_txwi *txwi = 3121 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3122 tap->wt_flags = 0; 3123 tap->wt_rate = rt2860_rates[data->ridx].rate; 3124 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3125 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3126 tap->wt_hwqueue = index; 3127 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3128 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3129 3130 ieee80211_radiotap_tx(vap, m); 3131 } 3132 3133 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3134 m->m_pkthdr.len, size, index); 3135 3136 usbd_xfer_set_frame_len(xfer, 0, size); 3137 usbd_xfer_set_priv(xfer, data); 3138 3139 usbd_transfer_submit(xfer); 3140 3141 run_start_locked(ifp); 3142 3143 break; 3144 3145 default: 3146 DPRINTF("USB transfer error, %s\n", 3147 usbd_errstr(error)); 3148 3149 data = usbd_xfer_get_priv(xfer); 3150 3151 ifp->if_oerrors++; 3152 3153 if (data != NULL) { 3154 if(data->ni != NULL) 3155 vap = data->ni->ni_vap; 3156 run_tx_free(pq, data, error); 3157 usbd_xfer_set_priv(xfer, NULL); 3158 } 3159 if (vap == NULL) 3160 vap = TAILQ_FIRST(&ic->ic_vaps); 3161 3162 if (error != USB_ERR_CANCELLED) { 3163 if (error == USB_ERR_TIMEOUT) { 3164 device_printf(sc->sc_dev, "device timeout\n"); 3165 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3166 DPRINTF("cmdq_store=%d\n", i); 3167 sc->cmdq[i].func = run_usb_timeout_cb; 3168 sc->cmdq[i].arg0 = vap; 3169 ieee80211_runtask(ic, &sc->cmdq_task); 3170 } 3171 3172 /* 3173 * Try to clear stall first, also if other 3174 * errors occur, hence clearing stall 3175 * introduces a 50 ms delay: 3176 */ 3177 usbd_xfer_set_stall(xfer); 3178 goto tr_setup; 3179 } 3180 break; 3181 } 3182 } 3183 3184 static void 3185 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3186 { 3187 run_bulk_tx_callbackN(xfer, error, 0); 3188 } 3189 3190 static void 3191 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3192 { 3193 run_bulk_tx_callbackN(xfer, error, 1); 3194 } 3195 3196 static void 3197 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3198 { 3199 run_bulk_tx_callbackN(xfer, error, 2); 3200 } 3201 3202 static void 3203 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3204 { 3205 run_bulk_tx_callbackN(xfer, error, 3); 3206 } 3207 3208 static void 3209 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3210 { 3211 run_bulk_tx_callbackN(xfer, error, 4); 3212 } 3213 3214 static void 3215 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3216 { 3217 run_bulk_tx_callbackN(xfer, error, 5); 3218 } 3219 3220 static void 3221 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3222 { 3223 struct mbuf *m = data->m; 3224 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3225 struct ieee80211vap *vap = data->ni->ni_vap; 3226 struct ieee80211_frame *wh; 3227 struct rt2870_txd *txd; 3228 struct rt2860_txwi *txwi; 3229 uint16_t xferlen, txwisize; 3230 uint16_t mcs; 3231 uint8_t ridx = data->ridx; 3232 uint8_t pad; 3233 3234 /* get MCS code from rate index */ 3235 mcs = rt2860_rates[ridx].mcs; 3236 3237 txwisize = (sc->mac_ver == 0x5592) ? 3238 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3239 xferlen = txwisize + m->m_pkthdr.len; 3240 3241 /* roundup to 32-bit alignment */ 3242 xferlen = (xferlen + 3) & ~3; 3243 3244 txd = (struct rt2870_txd *)&data->desc; 3245 txd->len = htole16(xferlen); 3246 3247 wh = mtod(m, struct ieee80211_frame *); 3248 3249 /* 3250 * Ether both are true or both are false, the header 3251 * are nicely aligned to 32-bit. So, no L2 padding. 3252 */ 3253 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3254 pad = 0; 3255 else 3256 pad = 2; 3257 3258 /* setup TX Wireless Information */ 3259 txwi = (struct rt2860_txwi *)(txd + 1); 3260 txwi->len = htole16(m->m_pkthdr.len - pad); 3261 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3262 txwi->phy = htole16(RT2860_PHY_CCK); 3263 if (ridx != RT2860_RIDX_CCK1 && 3264 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3265 mcs |= RT2860_PHY_SHPRE; 3266 } else 3267 txwi->phy = htole16(RT2860_PHY_OFDM); 3268 txwi->phy |= htole16(mcs); 3269 3270 /* check if RTS/CTS or CTS-to-self protection is required */ 3271 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3272 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3273 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3274 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3275 txwi->txop |= RT2860_TX_TXOP_HT; 3276 else 3277 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3278 3279 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3280 txwi->xflags |= RT2860_TX_NSEQ; 3281 } 3282 3283 /* This function must be called locked */ 3284 static int 3285 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3286 { 3287 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3288 struct ieee80211vap *vap = ni->ni_vap; 3289 struct ieee80211_frame *wh; 3290 struct ieee80211_channel *chan; 3291 const struct ieee80211_txparam *tp; 3292 struct run_node *rn = (void *)ni; 3293 struct run_tx_data *data; 3294 struct rt2870_txd *txd; 3295 struct rt2860_txwi *txwi; 3296 uint16_t qos; 3297 uint16_t dur; 3298 uint16_t qid; 3299 uint8_t type; 3300 uint8_t tid; 3301 uint8_t ridx; 3302 uint8_t ctl_ridx; 3303 uint8_t qflags; 3304 uint8_t xflags = 0; 3305 int hasqos; 3306 3307 #if 0 /* XXX swildner: lock needed? */ 3308 RUN_LOCK_ASSERT(sc, MA_OWNED); 3309 #endif 3310 3311 wh = mtod(m, struct ieee80211_frame *); 3312 3313 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3314 3315 /* 3316 * There are 7 bulk endpoints: 1 for RX 3317 * and 6 for TX (4 EDCAs + HCCA + Prio). 3318 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3319 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3320 */ 3321 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3322 uint8_t *frm; 3323 3324 if(IEEE80211_HAS_ADDR4(wh)) 3325 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3326 else 3327 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3328 3329 qos = le16toh(*(const uint16_t *)frm); 3330 tid = qos & IEEE80211_QOS_TID; 3331 qid = TID_TO_WME_AC(tid); 3332 } else { 3333 qos = 0; 3334 tid = 0; 3335 qid = WME_AC_BE; 3336 } 3337 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3338 3339 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3340 qos, qid, tid, qflags); 3341 3342 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3343 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3344 3345 /* pickup a rate index */ 3346 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3347 type != IEEE80211_FC0_TYPE_DATA) { 3348 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3349 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3350 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3351 } else { 3352 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3353 ridx = rn->fix_ridx; 3354 else 3355 ridx = rn->amrr_ridx; 3356 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3357 } 3358 3359 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3360 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3361 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3362 xflags |= RT2860_TX_ACK; 3363 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3364 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3365 else 3366 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3367 USETW(wh->i_dur, dur); 3368 } 3369 3370 /* reserve slots for mgmt packets, just in case */ 3371 if (sc->sc_epq[qid].tx_nfree < 3) { 3372 DPRINTFN(10, "tx ring %d is full\n", qid); 3373 return (-1); 3374 } 3375 3376 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3377 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3378 sc->sc_epq[qid].tx_nfree--; 3379 3380 txd = (struct rt2870_txd *)&data->desc; 3381 txd->flags = qflags; 3382 txwi = (struct rt2860_txwi *)(txd + 1); 3383 txwi->xflags = xflags; 3384 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3385 txwi->wcid = 0; 3386 else 3387 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3388 1 : RUN_AID2WCID(ni->ni_associd); 3389 3390 /* clear leftover garbage bits */ 3391 txwi->flags = 0; 3392 txwi->txop = 0; 3393 3394 data->m = m; 3395 data->ni = ni; 3396 data->ridx = ridx; 3397 3398 run_set_tx_desc(sc, data); 3399 3400 /* 3401 * The chip keeps track of 2 kind of Tx stats, 3402 * * TX_STAT_FIFO, for per WCID stats, and 3403 * * TX_STA_CNT0 for all-TX-in-one stats. 3404 * 3405 * To use FIFO stats, we need to store MCS into the driver-private 3406 * PacketID field. So that, we can tell whose stats when we read them. 3407 * We add 1 to the MCS because setting the PacketID field to 0 means 3408 * that we don't want feedback in TX_STAT_FIFO. 3409 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3410 * 3411 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3412 */ 3413 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3414 vap->iv_opmode == IEEE80211_M_MBSS) { 3415 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3416 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3417 3418 /* 3419 * Unlike PCI based devices, we don't get any interrupt from 3420 * USB devices, so we simulate FIFO-is-full interrupt here. 3421 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3422 * quickly get fulled. To prevent overflow, increment a counter on 3423 * every FIFO stat request, so we know how many slots are left. 3424 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3425 * are used only in those modes. 3426 * We just drain stats. AMRR gets updated every 1 sec by 3427 * run_ratectl_cb() via callout. 3428 * Call it early. Otherwise overflow. 3429 */ 3430 if (sc->fifo_cnt++ == 10) { 3431 /* 3432 * With multiple vaps or if_bridge, if_start() is called 3433 * with a non-sleepable lock, tcpinp. So, need to defer. 3434 */ 3435 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3436 DPRINTFN(6, "cmdq_store=%d\n", i); 3437 sc->cmdq[i].func = run_drain_fifo; 3438 sc->cmdq[i].arg0 = sc; 3439 ieee80211_runtask(ic, &sc->cmdq_task); 3440 } 3441 } 3442 3443 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3444 3445 RUN_LOCK(sc); 3446 usbd_transfer_start(sc->sc_xfer[qid]); 3447 RUN_UNLOCK(sc); 3448 3449 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3450 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3451 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3452 3453 return (0); 3454 } 3455 3456 static int 3457 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3458 { 3459 struct ifnet *ifp = sc->sc_ifp; 3460 struct ieee80211com *ic = ifp->if_l2com; 3461 struct run_node *rn = (void *)ni; 3462 struct run_tx_data *data; 3463 struct ieee80211_frame *wh; 3464 struct rt2870_txd *txd; 3465 struct rt2860_txwi *txwi; 3466 uint16_t dur; 3467 uint8_t ridx = rn->mgt_ridx; 3468 uint8_t type; 3469 uint8_t xflags = 0; 3470 uint8_t wflags = 0; 3471 3472 RUN_LOCK_ASSERT(sc, MA_OWNED); 3473 3474 wh = mtod(m, struct ieee80211_frame *); 3475 3476 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3477 3478 /* tell hardware to add timestamp for probe responses */ 3479 if ((wh->i_fc[0] & 3480 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3481 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3482 wflags |= RT2860_TX_TS; 3483 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3484 xflags |= RT2860_TX_ACK; 3485 3486 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3487 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3488 USETW(wh->i_dur, dur); 3489 } 3490 3491 if (sc->sc_epq[0].tx_nfree == 0) { 3492 /* let caller free mbuf */ 3493 ifq_set_oactive(&ifp->if_snd); 3494 return (EIO); 3495 } 3496 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3497 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3498 sc->sc_epq[0].tx_nfree--; 3499 3500 txd = (struct rt2870_txd *)&data->desc; 3501 txd->flags = RT2860_TX_QSEL_EDCA; 3502 txwi = (struct rt2860_txwi *)(txd + 1); 3503 txwi->wcid = 0xff; 3504 txwi->flags = wflags; 3505 txwi->xflags = xflags; 3506 txwi->txop = 0; /* clear leftover garbage bits */ 3507 3508 data->m = m; 3509 data->ni = ni; 3510 data->ridx = ridx; 3511 3512 run_set_tx_desc(sc, data); 3513 3514 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3515 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3516 rt2860_rates[ridx].rate); 3517 3518 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3519 3520 usbd_transfer_start(sc->sc_xfer[0]); 3521 3522 return (0); 3523 } 3524 3525 static int 3526 run_sendprot(struct run_softc *sc, 3527 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3528 { 3529 struct ieee80211com *ic = ni->ni_ic; 3530 struct ieee80211_frame *wh; 3531 struct run_tx_data *data; 3532 struct rt2870_txd *txd; 3533 struct rt2860_txwi *txwi; 3534 struct mbuf *mprot; 3535 int ridx; 3536 int protrate; 3537 int ackrate; 3538 int pktlen; 3539 int isshort; 3540 uint16_t dur; 3541 uint8_t type; 3542 uint8_t wflags = 0; 3543 uint8_t xflags = 0; 3544 3545 RUN_LOCK_ASSERT(sc, MA_OWNED); 3546 3547 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3548 ("protection %d", prot)); 3549 3550 wh = mtod(m, struct ieee80211_frame *); 3551 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3552 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3553 3554 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3555 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3556 3557 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3558 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3559 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3560 wflags = RT2860_TX_FRAG; 3561 3562 /* check that there are free slots before allocating the mbuf */ 3563 if (sc->sc_epq[0].tx_nfree == 0) { 3564 /* let caller free mbuf */ 3565 ifq_set_oactive(&sc->sc_ifp->if_snd); 3566 return (ENOBUFS); 3567 } 3568 3569 if (prot == IEEE80211_PROT_RTSCTS) { 3570 /* NB: CTS is the same size as an ACK */ 3571 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3572 xflags |= RT2860_TX_ACK; 3573 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3574 } else { 3575 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3576 } 3577 if (mprot == NULL) { 3578 sc->sc_ifp->if_oerrors++; 3579 DPRINTF("could not allocate mbuf\n"); 3580 return (ENOBUFS); 3581 } 3582 3583 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3584 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3585 sc->sc_epq[0].tx_nfree--; 3586 3587 txd = (struct rt2870_txd *)&data->desc; 3588 txd->flags = RT2860_TX_QSEL_EDCA; 3589 txwi = (struct rt2860_txwi *)(txd + 1); 3590 txwi->wcid = 0xff; 3591 txwi->flags = wflags; 3592 txwi->xflags = xflags; 3593 txwi->txop = 0; /* clear leftover garbage bits */ 3594 3595 data->m = mprot; 3596 data->ni = ieee80211_ref_node(ni); 3597 3598 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3599 if (rt2860_rates[ridx].rate == protrate) 3600 break; 3601 data->ridx = ridx; 3602 3603 run_set_tx_desc(sc, data); 3604 3605 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3606 m->m_pkthdr.len, rate); 3607 3608 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3609 3610 usbd_transfer_start(sc->sc_xfer[0]); 3611 3612 return (0); 3613 } 3614 3615 static int 3616 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3617 const struct ieee80211_bpf_params *params) 3618 { 3619 struct ieee80211com *ic = ni->ni_ic; 3620 struct ieee80211_frame *wh; 3621 struct run_tx_data *data; 3622 struct rt2870_txd *txd; 3623 struct rt2860_txwi *txwi; 3624 uint8_t type; 3625 uint8_t ridx; 3626 uint8_t rate; 3627 uint8_t opflags = 0; 3628 uint8_t xflags = 0; 3629 int error; 3630 3631 RUN_LOCK_ASSERT(sc, MA_OWNED); 3632 3633 KASSERT(params != NULL, ("no raw xmit params")); 3634 3635 wh = mtod(m, struct ieee80211_frame *); 3636 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3637 3638 rate = params->ibp_rate0; 3639 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3640 /* let caller free mbuf */ 3641 return (EINVAL); 3642 } 3643 3644 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3645 xflags |= RT2860_TX_ACK; 3646 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3647 error = run_sendprot(sc, m, ni, 3648 params->ibp_flags & IEEE80211_BPF_RTS ? 3649 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3650 rate); 3651 if (error) { 3652 /* let caller free mbuf */ 3653 return error; 3654 } 3655 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3656 } 3657 3658 if (sc->sc_epq[0].tx_nfree == 0) { 3659 /* let caller free mbuf */ 3660 ifq_set_oactive(&sc->sc_ifp->if_snd); 3661 DPRINTF("sending raw frame, but tx ring is full\n"); 3662 return (EIO); 3663 } 3664 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3665 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3666 sc->sc_epq[0].tx_nfree--; 3667 3668 txd = (struct rt2870_txd *)&data->desc; 3669 txd->flags = RT2860_TX_QSEL_EDCA; 3670 txwi = (struct rt2860_txwi *)(txd + 1); 3671 txwi->wcid = 0xff; 3672 txwi->xflags = xflags; 3673 txwi->txop = opflags; 3674 txwi->flags = 0; /* clear leftover garbage bits */ 3675 3676 data->m = m; 3677 data->ni = ni; 3678 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3679 if (rt2860_rates[ridx].rate == rate) 3680 break; 3681 data->ridx = ridx; 3682 3683 run_set_tx_desc(sc, data); 3684 3685 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3686 m->m_pkthdr.len, rate); 3687 3688 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3689 3690 usbd_transfer_start(sc->sc_xfer[0]); 3691 3692 return (0); 3693 } 3694 3695 static int 3696 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3697 const struct ieee80211_bpf_params *params) 3698 { 3699 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3700 struct run_softc *sc = ifp->if_softc; 3701 int error = 0; 3702 3703 RUN_LOCK(sc); 3704 3705 /* prevent management frames from being sent if we're not ready */ 3706 if (!(ifp->if_flags & IFF_RUNNING)) { 3707 error = ENETDOWN; 3708 goto done; 3709 } 3710 3711 if (params == NULL) { 3712 /* tx mgt packet */ 3713 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3714 ifp->if_oerrors++; 3715 DPRINTF("mgt tx failed\n"); 3716 goto done; 3717 } 3718 } else { 3719 /* tx raw packet with param */ 3720 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3721 ifp->if_oerrors++; 3722 DPRINTF("tx with param failed\n"); 3723 goto done; 3724 } 3725 } 3726 3727 ifp->if_opackets++; 3728 3729 done: 3730 RUN_UNLOCK(sc); 3731 3732 if (error != 0) { 3733 if(m != NULL) 3734 m_freem(m); 3735 ieee80211_free_node(ni); 3736 } 3737 3738 return (error); 3739 } 3740 3741 static void 3742 run_start_locked(struct ifnet *ifp) 3743 { 3744 struct run_softc *sc = ifp->if_softc; 3745 struct ieee80211_node *ni; 3746 struct mbuf *m = NULL; 3747 3748 if ((ifp->if_flags & IFF_RUNNING) == 0) 3749 return; 3750 3751 for (;;) { 3752 /* send data frames */ 3753 m = ifq_dequeue(&ifp->if_snd); 3754 if (m == NULL) 3755 break; 3756 3757 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3758 if (run_tx(sc, m, ni) != 0) { 3759 ifq_prepend(&ifp->if_snd, m); 3760 ifq_set_oactive(&ifp->if_snd); 3761 break; 3762 } 3763 } 3764 } 3765 3766 static void 3767 run_start(struct ifnet *ifp, struct ifaltq_subque *ifsq) 3768 { 3769 ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq); 3770 run_start_locked(ifp); 3771 } 3772 3773 static int 3774 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr) 3775 { 3776 struct run_softc *sc = ifp->if_softc; 3777 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3778 struct ifreq *ifr = (struct ifreq *) data; 3779 int startall = 0; 3780 int error; 3781 3782 RUN_LOCK(sc); 3783 error = sc->sc_detached ? ENXIO : 0; 3784 RUN_UNLOCK(sc); 3785 if (error) 3786 return (error); 3787 3788 switch (cmd) { 3789 case SIOCSIFFLAGS: 3790 RUN_LOCK(sc); 3791 if (ifp->if_flags & IFF_UP) { 3792 if (!(ifp->if_flags & IFF_RUNNING)){ 3793 startall = 1; 3794 run_init_locked(sc); 3795 } else 3796 run_update_promisc_locked(ifp); 3797 } else { 3798 if (ifp->if_flags & IFF_RUNNING && 3799 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3800 run_stop(sc); 3801 } 3802 } 3803 RUN_UNLOCK(sc); 3804 if (startall) 3805 ieee80211_start_all(ic); 3806 break; 3807 case SIOCGIFMEDIA: 3808 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3809 break; 3810 case SIOCGIFADDR: 3811 error = ether_ioctl(ifp, cmd, data); 3812 break; 3813 default: 3814 error = EINVAL; 3815 break; 3816 } 3817 3818 return (error); 3819 } 3820 3821 static void 3822 run_iq_calib(struct run_softc *sc, u_int chan) 3823 { 3824 uint16_t val; 3825 3826 /* Tx0 IQ gain. */ 3827 run_bbp_write(sc, 158, 0x2c); 3828 if (chan <= 14) 3829 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3830 else if (chan <= 64) { 3831 run_efuse_read(sc, 3832 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3833 &val, 1); 3834 } else if (chan <= 138) { 3835 run_efuse_read(sc, 3836 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3837 &val, 1); 3838 } else if (chan <= 165) { 3839 run_efuse_read(sc, 3840 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3841 &val, 1); 3842 } else 3843 val = 0; 3844 run_bbp_write(sc, 159, val); 3845 3846 /* Tx0 IQ phase. */ 3847 run_bbp_write(sc, 158, 0x2d); 3848 if (chan <= 14) { 3849 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3850 &val, 1); 3851 } else if (chan <= 64) { 3852 run_efuse_read(sc, 3853 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3854 &val, 1); 3855 } else if (chan <= 138) { 3856 run_efuse_read(sc, 3857 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3858 &val, 1); 3859 } else if (chan <= 165) { 3860 run_efuse_read(sc, 3861 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3862 &val, 1); 3863 } else 3864 val = 0; 3865 run_bbp_write(sc, 159, val); 3866 3867 /* Tx1 IQ gain. */ 3868 run_bbp_write(sc, 158, 0x4a); 3869 if (chan <= 14) { 3870 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3871 &val, 1); 3872 } else if (chan <= 64) { 3873 run_efuse_read(sc, 3874 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3875 &val, 1); 3876 } else if (chan <= 138) { 3877 run_efuse_read(sc, 3878 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3879 &val, 1); 3880 } else if (chan <= 165) { 3881 run_efuse_read(sc, 3882 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3883 &val, 1); 3884 } else 3885 val = 0; 3886 run_bbp_write(sc, 159, val); 3887 3888 /* Tx1 IQ phase. */ 3889 run_bbp_write(sc, 158, 0x4b); 3890 if (chan <= 14) { 3891 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3892 &val, 1); 3893 } else if (chan <= 64) { 3894 run_efuse_read(sc, 3895 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3896 &val, 1); 3897 } else if (chan <= 138) { 3898 run_efuse_read(sc, 3899 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3900 &val, 1); 3901 } else if (chan <= 165) { 3902 run_efuse_read(sc, 3903 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3904 &val, 1); 3905 } else 3906 val = 0; 3907 run_bbp_write(sc, 159, val); 3908 3909 /* RF IQ compensation control. */ 3910 run_bbp_write(sc, 158, 0x04); 3911 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3912 &val, 1); 3913 run_bbp_write(sc, 159, val); 3914 3915 /* RF IQ imbalance compensation control. */ 3916 run_bbp_write(sc, 158, 0x03); 3917 run_efuse_read(sc, 3918 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3919 run_bbp_write(sc, 159, val); 3920 } 3921 3922 static void 3923 run_set_agc(struct run_softc *sc, uint8_t agc) 3924 { 3925 uint8_t bbp; 3926 3927 if (sc->mac_ver == 0x3572) { 3928 run_bbp_read(sc, 27, &bbp); 3929 bbp &= ~(0x3 << 5); 3930 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3931 run_bbp_write(sc, 66, agc); 3932 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3933 run_bbp_write(sc, 66, agc); 3934 } else 3935 run_bbp_write(sc, 66, agc); 3936 } 3937 3938 static void 3939 run_select_chan_group(struct run_softc *sc, int group) 3940 { 3941 uint32_t tmp; 3942 uint8_t agc; 3943 3944 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3945 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3946 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3947 if (sc->mac_ver < 0x3572) 3948 run_bbp_write(sc, 86, 0x00); 3949 3950 if (sc->mac_ver == 0x3593) { 3951 run_bbp_write(sc, 77, 0x98); 3952 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3953 } 3954 3955 if (group == 0) { 3956 if (sc->ext_2ghz_lna) { 3957 if (sc->mac_ver >= 0x5390) 3958 run_bbp_write(sc, 75, 0x52); 3959 else { 3960 run_bbp_write(sc, 82, 0x62); 3961 run_bbp_write(sc, 75, 0x46); 3962 } 3963 } else { 3964 if (sc->mac_ver == 0x5592) { 3965 run_bbp_write(sc, 79, 0x1c); 3966 run_bbp_write(sc, 80, 0x0e); 3967 run_bbp_write(sc, 81, 0x3a); 3968 run_bbp_write(sc, 82, 0x62); 3969 3970 run_bbp_write(sc, 195, 0x80); 3971 run_bbp_write(sc, 196, 0xe0); 3972 run_bbp_write(sc, 195, 0x81); 3973 run_bbp_write(sc, 196, 0x1f); 3974 run_bbp_write(sc, 195, 0x82); 3975 run_bbp_write(sc, 196, 0x38); 3976 run_bbp_write(sc, 195, 0x83); 3977 run_bbp_write(sc, 196, 0x32); 3978 run_bbp_write(sc, 195, 0x85); 3979 run_bbp_write(sc, 196, 0x28); 3980 run_bbp_write(sc, 195, 0x86); 3981 run_bbp_write(sc, 196, 0x19); 3982 } else if (sc->mac_ver >= 0x5390) 3983 run_bbp_write(sc, 75, 0x50); 3984 else { 3985 run_bbp_write(sc, 82, 3986 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3987 run_bbp_write(sc, 75, 0x50); 3988 } 3989 } 3990 } else { 3991 if (sc->mac_ver == 0x5592) { 3992 run_bbp_write(sc, 79, 0x18); 3993 run_bbp_write(sc, 80, 0x08); 3994 run_bbp_write(sc, 81, 0x38); 3995 run_bbp_write(sc, 82, 0x92); 3996 3997 run_bbp_write(sc, 195, 0x80); 3998 run_bbp_write(sc, 196, 0xf0); 3999 run_bbp_write(sc, 195, 0x81); 4000 run_bbp_write(sc, 196, 0x1e); 4001 run_bbp_write(sc, 195, 0x82); 4002 run_bbp_write(sc, 196, 0x28); 4003 run_bbp_write(sc, 195, 0x83); 4004 run_bbp_write(sc, 196, 0x20); 4005 run_bbp_write(sc, 195, 0x85); 4006 run_bbp_write(sc, 196, 0x7f); 4007 run_bbp_write(sc, 195, 0x86); 4008 run_bbp_write(sc, 196, 0x7f); 4009 } else if (sc->mac_ver == 0x3572) 4010 run_bbp_write(sc, 82, 0x94); 4011 else 4012 run_bbp_write(sc, 82, 4013 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4014 if (sc->ext_5ghz_lna) 4015 run_bbp_write(sc, 75, 0x46); 4016 else 4017 run_bbp_write(sc, 75, 0x50); 4018 } 4019 4020 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4021 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4022 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4023 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4024 4025 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4026 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4027 if (sc->mac_ver == 0x3593) 4028 tmp |= 1 << 29 | 1 << 28; 4029 if (sc->nrxchains > 1) 4030 tmp |= RT2860_LNA_PE1_EN; 4031 if (group == 0) { /* 2GHz */ 4032 tmp |= RT2860_PA_PE_G0_EN; 4033 if (sc->ntxchains > 1) 4034 tmp |= RT2860_PA_PE_G1_EN; 4035 if (sc->mac_ver == 0x3593) { 4036 if (sc->ntxchains > 2) 4037 tmp |= 1 << 25; 4038 } 4039 } else { /* 5GHz */ 4040 tmp |= RT2860_PA_PE_A0_EN; 4041 if (sc->ntxchains > 1) 4042 tmp |= RT2860_PA_PE_A1_EN; 4043 } 4044 if (sc->mac_ver == 0x3572) { 4045 run_rt3070_rf_write(sc, 8, 0x00); 4046 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4047 run_rt3070_rf_write(sc, 8, 0x80); 4048 } else 4049 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4050 4051 if (sc->mac_ver == 0x5592) { 4052 run_bbp_write(sc, 195, 0x8d); 4053 run_bbp_write(sc, 196, 0x1a); 4054 } 4055 4056 if (sc->mac_ver == 0x3593) { 4057 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4058 tmp &= ~0x01010000; 4059 if (group == 0) 4060 tmp |= 0x00010000; 4061 tmp = (tmp & ~0x00009090) | 0x00000090; 4062 run_write(sc, RT2860_GPIO_CTRL, tmp); 4063 } 4064 4065 /* set initial AGC value */ 4066 if (group == 0) { /* 2GHz band */ 4067 if (sc->mac_ver >= 0x3070) 4068 agc = 0x1c + sc->lna[0] * 2; 4069 else 4070 agc = 0x2e + sc->lna[0]; 4071 } else { /* 5GHz band */ 4072 if (sc->mac_ver == 0x5592) 4073 agc = 0x24 + sc->lna[group] * 2; 4074 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4075 agc = 0x22 + (sc->lna[group] * 5) / 3; 4076 else 4077 agc = 0x32 + (sc->lna[group] * 5) / 3; 4078 } 4079 run_set_agc(sc, agc); 4080 } 4081 4082 static void 4083 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4084 { 4085 const struct rfprog *rfprog = rt2860_rf2850; 4086 uint32_t r2, r3, r4; 4087 int8_t txpow1, txpow2; 4088 int i; 4089 4090 /* find the settings for this channel (we know it exists) */ 4091 for (i = 0; rfprog[i].chan != chan; i++); 4092 4093 r2 = rfprog[i].r2; 4094 if (sc->ntxchains == 1) 4095 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4096 if (sc->nrxchains == 1) 4097 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4098 else if (sc->nrxchains == 2) 4099 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4100 4101 /* use Tx power values from EEPROM */ 4102 txpow1 = sc->txpow1[i]; 4103 txpow2 = sc->txpow2[i]; 4104 4105 /* Initialize RF R3 and R4. */ 4106 r3 = rfprog[i].r3 & 0xffffc1ff; 4107 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4108 if (chan > 14) { 4109 if (txpow1 >= 0) { 4110 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4111 r3 |= (txpow1 << 10) | (1 << 9); 4112 } else { 4113 txpow1 += 7; 4114 4115 /* txpow1 is not possible larger than 15. */ 4116 r3 |= (txpow1 << 10); 4117 } 4118 if (txpow2 >= 0) { 4119 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4120 r4 |= (txpow2 << 7) | (1 << 6); 4121 } else { 4122 txpow2 += 7; 4123 r4 |= (txpow2 << 7); 4124 } 4125 } else { 4126 /* Set Tx0 power. */ 4127 r3 |= (txpow1 << 9); 4128 4129 /* Set frequency offset and Tx1 power. */ 4130 r4 |= (txpow2 << 6); 4131 } 4132 4133 run_rt2870_rf_write(sc, rfprog[i].r1); 4134 run_rt2870_rf_write(sc, r2); 4135 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4136 run_rt2870_rf_write(sc, r4); 4137 4138 run_delay(sc, 10); 4139 4140 run_rt2870_rf_write(sc, rfprog[i].r1); 4141 run_rt2870_rf_write(sc, r2); 4142 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4143 run_rt2870_rf_write(sc, r4); 4144 4145 run_delay(sc, 10); 4146 4147 run_rt2870_rf_write(sc, rfprog[i].r1); 4148 run_rt2870_rf_write(sc, r2); 4149 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4150 run_rt2870_rf_write(sc, r4); 4151 } 4152 4153 static void 4154 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4155 { 4156 int8_t txpow1, txpow2; 4157 uint8_t rf; 4158 int i; 4159 4160 /* find the settings for this channel (we know it exists) */ 4161 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4162 4163 /* use Tx power values from EEPROM */ 4164 txpow1 = sc->txpow1[i]; 4165 txpow2 = sc->txpow2[i]; 4166 4167 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4168 4169 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4170 run_rt3070_rf_read(sc, 3, &rf); 4171 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4172 run_rt3070_rf_write(sc, 3, rf); 4173 4174 run_rt3070_rf_read(sc, 6, &rf); 4175 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4176 run_rt3070_rf_write(sc, 6, rf); 4177 4178 /* set Tx0 power */ 4179 run_rt3070_rf_read(sc, 12, &rf); 4180 rf = (rf & ~0x1f) | txpow1; 4181 run_rt3070_rf_write(sc, 12, rf); 4182 4183 /* set Tx1 power */ 4184 run_rt3070_rf_read(sc, 13, &rf); 4185 rf = (rf & ~0x1f) | txpow2; 4186 run_rt3070_rf_write(sc, 13, rf); 4187 4188 run_rt3070_rf_read(sc, 1, &rf); 4189 rf &= ~0xfc; 4190 if (sc->ntxchains == 1) 4191 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4192 else if (sc->ntxchains == 2) 4193 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4194 if (sc->nrxchains == 1) 4195 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4196 else if (sc->nrxchains == 2) 4197 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4198 run_rt3070_rf_write(sc, 1, rf); 4199 4200 /* set RF offset */ 4201 run_rt3070_rf_read(sc, 23, &rf); 4202 rf = (rf & ~0x7f) | sc->freq; 4203 run_rt3070_rf_write(sc, 23, rf); 4204 4205 /* program RF filter */ 4206 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4207 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4208 run_rt3070_rf_write(sc, 24, rf); 4209 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4210 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4211 run_rt3070_rf_write(sc, 31, rf); 4212 4213 /* enable RF tuning */ 4214 run_rt3070_rf_read(sc, 7, &rf); 4215 run_rt3070_rf_write(sc, 7, rf | 0x01); 4216 } 4217 4218 static void 4219 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4220 { 4221 int8_t txpow1, txpow2; 4222 uint32_t tmp; 4223 uint8_t rf; 4224 int i; 4225 4226 /* find the settings for this channel (we know it exists) */ 4227 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4228 4229 /* use Tx power values from EEPROM */ 4230 txpow1 = sc->txpow1[i]; 4231 txpow2 = sc->txpow2[i]; 4232 4233 if (chan <= 14) { 4234 run_bbp_write(sc, 25, sc->bbp25); 4235 run_bbp_write(sc, 26, sc->bbp26); 4236 } else { 4237 /* enable IQ phase correction */ 4238 run_bbp_write(sc, 25, 0x09); 4239 run_bbp_write(sc, 26, 0xff); 4240 } 4241 4242 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4243 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4244 run_rt3070_rf_read(sc, 6, &rf); 4245 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4246 rf |= (chan <= 14) ? 0x08 : 0x04; 4247 run_rt3070_rf_write(sc, 6, rf); 4248 4249 /* set PLL mode */ 4250 run_rt3070_rf_read(sc, 5, &rf); 4251 rf &= ~(0x08 | 0x04); 4252 rf |= (chan <= 14) ? 0x04 : 0x08; 4253 run_rt3070_rf_write(sc, 5, rf); 4254 4255 /* set Tx power for chain 0 */ 4256 if (chan <= 14) 4257 rf = 0x60 | txpow1; 4258 else 4259 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4260 run_rt3070_rf_write(sc, 12, rf); 4261 4262 /* set Tx power for chain 1 */ 4263 if (chan <= 14) 4264 rf = 0x60 | txpow2; 4265 else 4266 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4267 run_rt3070_rf_write(sc, 13, rf); 4268 4269 /* set Tx/Rx streams */ 4270 run_rt3070_rf_read(sc, 1, &rf); 4271 rf &= ~0xfc; 4272 if (sc->ntxchains == 1) 4273 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4274 else if (sc->ntxchains == 2) 4275 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4276 if (sc->nrxchains == 1) 4277 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4278 else if (sc->nrxchains == 2) 4279 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4280 run_rt3070_rf_write(sc, 1, rf); 4281 4282 /* set RF offset */ 4283 run_rt3070_rf_read(sc, 23, &rf); 4284 rf = (rf & ~0x7f) | sc->freq; 4285 run_rt3070_rf_write(sc, 23, rf); 4286 4287 /* program RF filter */ 4288 rf = sc->rf24_20mhz; 4289 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4290 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4291 4292 /* enable RF tuning */ 4293 run_rt3070_rf_read(sc, 7, &rf); 4294 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4295 run_rt3070_rf_write(sc, 7, rf); 4296 4297 /* TSSI */ 4298 rf = (chan <= 14) ? 0xc3 : 0xc0; 4299 run_rt3070_rf_write(sc, 9, rf); 4300 4301 /* set loop filter 1 */ 4302 run_rt3070_rf_write(sc, 10, 0xf1); 4303 /* set loop filter 2 */ 4304 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4305 4306 /* set tx_mx2_ic */ 4307 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4308 /* set tx_mx1_ic */ 4309 if (chan <= 14) 4310 rf = 0x48 | sc->txmixgain_2ghz; 4311 else 4312 rf = 0x78 | sc->txmixgain_5ghz; 4313 run_rt3070_rf_write(sc, 16, rf); 4314 4315 /* set tx_lo1 */ 4316 run_rt3070_rf_write(sc, 17, 0x23); 4317 /* set tx_lo2 */ 4318 if (chan <= 14) 4319 rf = 0x93; 4320 else if (chan <= 64) 4321 rf = 0xb7; 4322 else if (chan <= 128) 4323 rf = 0x74; 4324 else 4325 rf = 0x72; 4326 run_rt3070_rf_write(sc, 19, rf); 4327 4328 /* set rx_lo1 */ 4329 if (chan <= 14) 4330 rf = 0xb3; 4331 else if (chan <= 64) 4332 rf = 0xf6; 4333 else if (chan <= 128) 4334 rf = 0xf4; 4335 else 4336 rf = 0xf3; 4337 run_rt3070_rf_write(sc, 20, rf); 4338 4339 /* set pfd_delay */ 4340 if (chan <= 14) 4341 rf = 0x15; 4342 else if (chan <= 64) 4343 rf = 0x3d; 4344 else 4345 rf = 0x01; 4346 run_rt3070_rf_write(sc, 25, rf); 4347 4348 /* set rx_lo2 */ 4349 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4350 /* set ldo_rf_vc */ 4351 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4352 /* set drv_cc */ 4353 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4354 4355 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4356 tmp &= ~0x8080; 4357 if (chan <= 14) 4358 tmp |= 0x80; 4359 run_write(sc, RT2860_GPIO_CTRL, tmp); 4360 4361 /* enable RF tuning */ 4362 run_rt3070_rf_read(sc, 7, &rf); 4363 run_rt3070_rf_write(sc, 7, rf | 0x01); 4364 4365 run_delay(sc, 2); 4366 } 4367 4368 static void 4369 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4370 { 4371 int8_t txpow1, txpow2, txpow3; 4372 uint8_t h20mhz, rf; 4373 int i; 4374 4375 /* find the settings for this channel (we know it exists) */ 4376 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4377 4378 /* use Tx power values from EEPROM */ 4379 txpow1 = sc->txpow1[i]; 4380 txpow2 = sc->txpow2[i]; 4381 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4382 4383 if (chan <= 14) { 4384 run_bbp_write(sc, 25, sc->bbp25); 4385 run_bbp_write(sc, 26, sc->bbp26); 4386 } else { 4387 /* Enable IQ phase correction. */ 4388 run_bbp_write(sc, 25, 0x09); 4389 run_bbp_write(sc, 26, 0xff); 4390 } 4391 4392 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4393 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4394 run_rt3070_rf_read(sc, 11, &rf); 4395 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4396 run_rt3070_rf_write(sc, 11, rf); 4397 4398 /* Set pll_idoh. */ 4399 run_rt3070_rf_read(sc, 11, &rf); 4400 rf &= ~0x4c; 4401 rf |= (chan <= 14) ? 0x44 : 0x48; 4402 run_rt3070_rf_write(sc, 11, rf); 4403 4404 if (chan <= 14) 4405 rf = txpow1 & 0x1f; 4406 else 4407 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4408 run_rt3070_rf_write(sc, 53, rf); 4409 4410 if (chan <= 14) 4411 rf = txpow2 & 0x1f; 4412 else 4413 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4414 run_rt3070_rf_write(sc, 55, rf); 4415 4416 if (chan <= 14) 4417 rf = txpow3 & 0x1f; 4418 else 4419 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4420 run_rt3070_rf_write(sc, 54, rf); 4421 4422 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4423 if (sc->ntxchains == 3) 4424 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4425 else 4426 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4427 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4428 run_rt3070_rf_write(sc, 1, rf); 4429 4430 run_adjust_freq_offset(sc); 4431 4432 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4433 4434 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4435 run_rt3070_rf_read(sc, 30, &rf); 4436 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4437 run_rt3070_rf_write(sc, 30, rf); 4438 4439 run_rt3070_rf_read(sc, 36, &rf); 4440 if (chan <= 14) 4441 rf |= 0x80; 4442 else 4443 rf &= ~0x80; 4444 run_rt3070_rf_write(sc, 36, rf); 4445 4446 /* Set vcolo_bs. */ 4447 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4448 /* Set pfd_delay. */ 4449 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4450 4451 /* Set vco bias current control. */ 4452 run_rt3070_rf_read(sc, 6, &rf); 4453 rf &= ~0xc0; 4454 if (chan <= 14) 4455 rf |= 0x40; 4456 else if (chan <= 128) 4457 rf |= 0x80; 4458 else 4459 rf |= 0x40; 4460 run_rt3070_rf_write(sc, 6, rf); 4461 4462 run_rt3070_rf_read(sc, 30, &rf); 4463 rf = (rf & ~0x18) | 0x10; 4464 run_rt3070_rf_write(sc, 30, rf); 4465 4466 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4467 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4468 4469 run_rt3070_rf_read(sc, 51, &rf); 4470 rf = (rf & ~0x03) | 0x01; 4471 run_rt3070_rf_write(sc, 51, rf); 4472 /* Set tx_mx1_cc. */ 4473 run_rt3070_rf_read(sc, 51, &rf); 4474 rf &= ~0x1c; 4475 rf |= (chan <= 14) ? 0x14 : 0x10; 4476 run_rt3070_rf_write(sc, 51, rf); 4477 /* Set tx_mx1_ic. */ 4478 run_rt3070_rf_read(sc, 51, &rf); 4479 rf &= ~0xe0; 4480 rf |= (chan <= 14) ? 0x60 : 0x40; 4481 run_rt3070_rf_write(sc, 51, rf); 4482 /* Set tx_lo1_ic. */ 4483 run_rt3070_rf_read(sc, 49, &rf); 4484 rf &= ~0x1c; 4485 rf |= (chan <= 14) ? 0x0c : 0x08; 4486 run_rt3070_rf_write(sc, 49, rf); 4487 /* Set tx_lo1_en. */ 4488 run_rt3070_rf_read(sc, 50, &rf); 4489 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4490 /* Set drv_cc. */ 4491 run_rt3070_rf_read(sc, 57, &rf); 4492 rf &= ~0xfc; 4493 rf |= (chan <= 14) ? 0x6c : 0x3c; 4494 run_rt3070_rf_write(sc, 57, rf); 4495 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4496 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4497 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4498 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4499 /* Enable VCO calibration. */ 4500 run_rt3070_rf_read(sc, 3, &rf); 4501 rf &= ~RT5390_VCOCAL; 4502 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4503 run_rt3070_rf_write(sc, 3, rf); 4504 4505 if (chan <= 14) 4506 rf = 0x23; 4507 else if (chan <= 64) 4508 rf = 0x36; 4509 else if (chan <= 128) 4510 rf = 0x32; 4511 else 4512 rf = 0x30; 4513 run_rt3070_rf_write(sc, 39, rf); 4514 if (chan <= 14) 4515 rf = 0xbb; 4516 else if (chan <= 64) 4517 rf = 0xeb; 4518 else if (chan <= 128) 4519 rf = 0xb3; 4520 else 4521 rf = 0x9b; 4522 run_rt3070_rf_write(sc, 45, rf); 4523 4524 /* Set FEQ/AEQ control. */ 4525 run_bbp_write(sc, 105, 0x34); 4526 } 4527 4528 static void 4529 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4530 { 4531 int8_t txpow1, txpow2; 4532 uint8_t rf; 4533 int i; 4534 4535 /* find the settings for this channel (we know it exists) */ 4536 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4537 4538 /* use Tx power values from EEPROM */ 4539 txpow1 = sc->txpow1[i]; 4540 txpow2 = sc->txpow2[i]; 4541 4542 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4543 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4544 run_rt3070_rf_read(sc, 11, &rf); 4545 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4546 run_rt3070_rf_write(sc, 11, rf); 4547 4548 run_rt3070_rf_read(sc, 49, &rf); 4549 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4550 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4551 if ((rf & 0x3f) > 0x27) 4552 rf = (rf & ~0x3f) | 0x27; 4553 run_rt3070_rf_write(sc, 49, rf); 4554 4555 if (sc->mac_ver == 0x5392) { 4556 run_rt3070_rf_read(sc, 50, &rf); 4557 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4558 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4559 if ((rf & 0x3f) > 0x27) 4560 rf = (rf & ~0x3f) | 0x27; 4561 run_rt3070_rf_write(sc, 50, rf); 4562 } 4563 4564 run_rt3070_rf_read(sc, 1, &rf); 4565 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4566 if (sc->mac_ver == 0x5392) 4567 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4568 run_rt3070_rf_write(sc, 1, rf); 4569 4570 if (sc->mac_ver != 0x5392) { 4571 run_rt3070_rf_read(sc, 2, &rf); 4572 rf |= 0x80; 4573 run_rt3070_rf_write(sc, 2, rf); 4574 run_delay(sc, 10); 4575 rf &= 0x7f; 4576 run_rt3070_rf_write(sc, 2, rf); 4577 } 4578 4579 run_adjust_freq_offset(sc); 4580 4581 if (sc->mac_ver == 0x5392) { 4582 /* Fix for RT5392C. */ 4583 if (sc->mac_rev >= 0x0223) { 4584 if (chan <= 4) 4585 rf = 0x0f; 4586 else if (chan >= 5 && chan <= 7) 4587 rf = 0x0e; 4588 else 4589 rf = 0x0d; 4590 run_rt3070_rf_write(sc, 23, rf); 4591 4592 if (chan <= 4) 4593 rf = 0x0c; 4594 else if (chan == 5) 4595 rf = 0x0b; 4596 else if (chan >= 6 && chan <= 7) 4597 rf = 0x0a; 4598 else if (chan >= 8 && chan <= 10) 4599 rf = 0x09; 4600 else 4601 rf = 0x08; 4602 run_rt3070_rf_write(sc, 59, rf); 4603 } else { 4604 if (chan <= 11) 4605 rf = 0x0f; 4606 else 4607 rf = 0x0b; 4608 run_rt3070_rf_write(sc, 59, rf); 4609 } 4610 } else { 4611 /* Fix for RT5390F. */ 4612 if (sc->mac_rev >= 0x0502) { 4613 if (chan <= 11) 4614 rf = 0x43; 4615 else 4616 rf = 0x23; 4617 run_rt3070_rf_write(sc, 55, rf); 4618 4619 if (chan <= 11) 4620 rf = 0x0f; 4621 else if (chan == 12) 4622 rf = 0x0d; 4623 else 4624 rf = 0x0b; 4625 run_rt3070_rf_write(sc, 59, rf); 4626 } else { 4627 run_rt3070_rf_write(sc, 55, 0x44); 4628 run_rt3070_rf_write(sc, 59, 0x8f); 4629 } 4630 } 4631 4632 /* Enable VCO calibration. */ 4633 run_rt3070_rf_read(sc, 3, &rf); 4634 rf |= RT5390_VCOCAL; 4635 run_rt3070_rf_write(sc, 3, rf); 4636 } 4637 4638 static void 4639 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4640 { 4641 const struct rt5592_freqs *freqs; 4642 uint32_t tmp; 4643 uint8_t reg, rf, txpow_bound; 4644 int8_t txpow1, txpow2; 4645 int i; 4646 4647 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4648 freqs = (tmp & RT5592_SEL_XTAL) ? 4649 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4650 4651 /* find the settings for this channel (we know it exists) */ 4652 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4653 4654 /* use Tx power values from EEPROM */ 4655 txpow1 = sc->txpow1[i]; 4656 txpow2 = sc->txpow2[i]; 4657 4658 run_read(sc, RT3070_LDO_CFG0, &tmp); 4659 tmp &= ~0x1c000000; 4660 if (chan > 14) 4661 tmp |= 0x14000000; 4662 run_write(sc, RT3070_LDO_CFG0, tmp); 4663 4664 /* N setting. */ 4665 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4666 run_rt3070_rf_read(sc, 9, &rf); 4667 rf &= ~(1 << 4); 4668 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4669 run_rt3070_rf_write(sc, 9, rf); 4670 4671 /* K setting. */ 4672 run_rt3070_rf_read(sc, 9, &rf); 4673 rf &= ~0x0f; 4674 rf |= (freqs->k & 0x0f); 4675 run_rt3070_rf_write(sc, 9, rf); 4676 4677 /* Mode setting. */ 4678 run_rt3070_rf_read(sc, 11, &rf); 4679 rf &= ~0x0c; 4680 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4681 run_rt3070_rf_write(sc, 11, rf); 4682 run_rt3070_rf_read(sc, 9, &rf); 4683 rf &= ~(1 << 7); 4684 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4685 run_rt3070_rf_write(sc, 9, rf); 4686 4687 /* R setting. */ 4688 run_rt3070_rf_read(sc, 11, &rf); 4689 rf &= ~0x03; 4690 rf |= (freqs->r - 0x1); 4691 run_rt3070_rf_write(sc, 11, rf); 4692 4693 if (chan <= 14) { 4694 /* Initialize RF registers for 2GHZ. */ 4695 for (i = 0; i < NELEM(rt5592_2ghz_def_rf); i++) { 4696 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4697 rt5592_2ghz_def_rf[i].val); 4698 } 4699 4700 rf = (chan <= 10) ? 0x07 : 0x06; 4701 run_rt3070_rf_write(sc, 23, rf); 4702 run_rt3070_rf_write(sc, 59, rf); 4703 4704 run_rt3070_rf_write(sc, 55, 0x43); 4705 4706 /* 4707 * RF R49/R50 Tx power ALC code. 4708 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4709 */ 4710 reg = 2; 4711 txpow_bound = 0x27; 4712 } else { 4713 /* Initialize RF registers for 5GHZ. */ 4714 for (i = 0; i < NELEM(rt5592_5ghz_def_rf); i++) { 4715 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4716 rt5592_5ghz_def_rf[i].val); 4717 } 4718 for (i = 0; i < NELEM(rt5592_chan_5ghz); i++) { 4719 if (chan >= rt5592_chan_5ghz[i].firstchan && 4720 chan <= rt5592_chan_5ghz[i].lastchan) { 4721 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4722 rt5592_chan_5ghz[i].val); 4723 } 4724 } 4725 4726 /* 4727 * RF R49/R50 Tx power ALC code. 4728 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4729 */ 4730 reg = 3; 4731 txpow_bound = 0x2b; 4732 } 4733 4734 /* RF R49 ch0 Tx power ALC code. */ 4735 run_rt3070_rf_read(sc, 49, &rf); 4736 rf &= ~0xc0; 4737 rf |= (reg << 6); 4738 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4739 if ((rf & 0x3f) > txpow_bound) 4740 rf = (rf & ~0x3f) | txpow_bound; 4741 run_rt3070_rf_write(sc, 49, rf); 4742 4743 /* RF R50 ch1 Tx power ALC code. */ 4744 run_rt3070_rf_read(sc, 50, &rf); 4745 rf &= ~(1 << 7 | 1 << 6); 4746 rf |= (reg << 6); 4747 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4748 if ((rf & 0x3f) > txpow_bound) 4749 rf = (rf & ~0x3f) | txpow_bound; 4750 run_rt3070_rf_write(sc, 50, rf); 4751 4752 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4753 run_rt3070_rf_read(sc, 1, &rf); 4754 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4755 if (sc->ntxchains > 1) 4756 rf |= RT3070_TX1_PD; 4757 if (sc->nrxchains > 1) 4758 rf |= RT3070_RX1_PD; 4759 run_rt3070_rf_write(sc, 1, rf); 4760 4761 run_rt3070_rf_write(sc, 6, 0xe4); 4762 4763 run_rt3070_rf_write(sc, 30, 0x10); 4764 run_rt3070_rf_write(sc, 31, 0x80); 4765 run_rt3070_rf_write(sc, 32, 0x80); 4766 4767 run_adjust_freq_offset(sc); 4768 4769 /* Enable VCO calibration. */ 4770 run_rt3070_rf_read(sc, 3, &rf); 4771 rf |= RT5390_VCOCAL; 4772 run_rt3070_rf_write(sc, 3, rf); 4773 } 4774 4775 static void 4776 run_set_rx_antenna(struct run_softc *sc, int aux) 4777 { 4778 uint32_t tmp; 4779 uint8_t bbp152; 4780 4781 if (aux) { 4782 if (sc->rf_rev == RT5390_RF_5370) { 4783 run_bbp_read(sc, 152, &bbp152); 4784 run_bbp_write(sc, 152, bbp152 & ~0x80); 4785 } else { 4786 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4787 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4788 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4789 } 4790 } else { 4791 if (sc->rf_rev == RT5390_RF_5370) { 4792 run_bbp_read(sc, 152, &bbp152); 4793 run_bbp_write(sc, 152, bbp152 | 0x80); 4794 } else { 4795 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4796 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4797 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4798 } 4799 } 4800 } 4801 4802 static int 4803 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4804 { 4805 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4806 u_int chan, group; 4807 4808 chan = ieee80211_chan2ieee(ic, c); 4809 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4810 return (EINVAL); 4811 4812 if (sc->mac_ver == 0x5592) 4813 run_rt5592_set_chan(sc, chan); 4814 else if (sc->mac_ver >= 0x5390) 4815 run_rt5390_set_chan(sc, chan); 4816 else if (sc->mac_ver == 0x3593) 4817 run_rt3593_set_chan(sc, chan); 4818 else if (sc->mac_ver == 0x3572) 4819 run_rt3572_set_chan(sc, chan); 4820 else if (sc->mac_ver >= 0x3070) 4821 run_rt3070_set_chan(sc, chan); 4822 else 4823 run_rt2870_set_chan(sc, chan); 4824 4825 /* determine channel group */ 4826 if (chan <= 14) 4827 group = 0; 4828 else if (chan <= 64) 4829 group = 1; 4830 else if (chan <= 128) 4831 group = 2; 4832 else 4833 group = 3; 4834 4835 /* XXX necessary only when group has changed! */ 4836 run_select_chan_group(sc, group); 4837 4838 run_delay(sc, 10); 4839 4840 /* Perform IQ calibration. */ 4841 if (sc->mac_ver >= 0x5392) 4842 run_iq_calib(sc, chan); 4843 4844 return (0); 4845 } 4846 4847 static void 4848 run_set_channel(struct ieee80211com *ic) 4849 { 4850 struct run_softc *sc = ic->ic_ifp->if_softc; 4851 4852 RUN_LOCK(sc); 4853 run_set_chan(sc, ic->ic_curchan); 4854 RUN_UNLOCK(sc); 4855 4856 return; 4857 } 4858 4859 static void 4860 run_scan_start(struct ieee80211com *ic) 4861 { 4862 struct run_softc *sc = ic->ic_ifp->if_softc; 4863 uint32_t tmp; 4864 4865 RUN_LOCK(sc); 4866 4867 /* abort TSF synchronization */ 4868 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4869 run_write(sc, RT2860_BCN_TIME_CFG, 4870 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4871 RT2860_TBTT_TIMER_EN)); 4872 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4873 4874 RUN_UNLOCK(sc); 4875 4876 return; 4877 } 4878 4879 static void 4880 run_scan_end(struct ieee80211com *ic) 4881 { 4882 struct run_softc *sc = ic->ic_ifp->if_softc; 4883 4884 RUN_LOCK(sc); 4885 4886 run_enable_tsf_sync(sc); 4887 /* XXX keep local copy */ 4888 run_set_bssid(sc, sc->sc_bssid); 4889 4890 RUN_UNLOCK(sc); 4891 4892 return; 4893 } 4894 4895 /* 4896 * Could be called from ieee80211_node_timeout() 4897 * (non-sleepable thread) 4898 */ 4899 static void 4900 run_update_beacon(struct ieee80211vap *vap, int item) 4901 { 4902 struct ieee80211com *ic = vap->iv_ic; 4903 struct run_softc *sc = ic->ic_ifp->if_softc; 4904 struct run_vap *rvp = RUN_VAP(vap); 4905 int mcast = 0; 4906 uint32_t i; 4907 4908 KASSERT(vap != NULL, ("no beacon")); 4909 4910 switch (item) { 4911 case IEEE80211_BEACON_ERP: 4912 run_updateslot(ic->ic_ifp); 4913 break; 4914 case IEEE80211_BEACON_HTINFO: 4915 run_updateprot(ic); 4916 break; 4917 case IEEE80211_BEACON_TIM: 4918 mcast = 1; /*TODO*/ 4919 break; 4920 default: 4921 break; 4922 } 4923 4924 setbit(rvp->bo.bo_flags, item); 4925 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4926 4927 i = RUN_CMDQ_GET(&sc->cmdq_store); 4928 DPRINTF("cmdq_store=%d\n", i); 4929 sc->cmdq[i].func = run_update_beacon_cb; 4930 sc->cmdq[i].arg0 = vap; 4931 ieee80211_runtask(ic, &sc->cmdq_task); 4932 4933 return; 4934 } 4935 4936 static void 4937 run_update_beacon_cb(void *arg) 4938 { 4939 struct ieee80211vap *vap = arg; 4940 struct run_vap *rvp = RUN_VAP(vap); 4941 struct ieee80211com *ic = vap->iv_ic; 4942 struct run_softc *sc = ic->ic_ifp->if_softc; 4943 struct rt2860_txwi txwi; 4944 struct mbuf *m; 4945 uint16_t txwisize; 4946 uint8_t ridx; 4947 4948 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4949 return; 4950 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4951 return; 4952 4953 /* 4954 * No need to call ieee80211_beacon_update(), run_update_beacon() 4955 * is taking care of apropriate calls. 4956 */ 4957 if (rvp->beacon_mbuf == NULL) { 4958 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4959 &rvp->bo); 4960 if (rvp->beacon_mbuf == NULL) 4961 return; 4962 } 4963 m = rvp->beacon_mbuf; 4964 4965 memset(&txwi, 0, sizeof(txwi)); 4966 txwi.wcid = 0xff; 4967 txwi.len = htole16(m->m_pkthdr.len); 4968 4969 /* send beacons at the lowest available rate */ 4970 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4971 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4972 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4973 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4974 txwi.phy |= htole16(RT2860_PHY_OFDM); 4975 txwi.txop = RT2860_TX_TXOP_HT; 4976 txwi.flags = RT2860_TX_TS; 4977 txwi.xflags = RT2860_TX_NSEQ; 4978 4979 txwisize = (sc->mac_ver == 0x5592) ? 4980 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4981 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4982 txwisize); 4983 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4984 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4985 } 4986 4987 static void 4988 run_updateprot(struct ieee80211com *ic) 4989 { 4990 struct run_softc *sc = ic->ic_ifp->if_softc; 4991 uint32_t i; 4992 4993 i = RUN_CMDQ_GET(&sc->cmdq_store); 4994 DPRINTF("cmdq_store=%d\n", i); 4995 sc->cmdq[i].func = run_updateprot_cb; 4996 sc->cmdq[i].arg0 = ic; 4997 ieee80211_runtask(ic, &sc->cmdq_task); 4998 } 4999 5000 static void 5001 run_updateprot_cb(void *arg) 5002 { 5003 struct ieee80211com *ic = arg; 5004 struct run_softc *sc = ic->ic_ifp->if_softc; 5005 uint32_t tmp; 5006 5007 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5008 /* setup protection frame rate (MCS code) */ 5009 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5010 rt2860_rates[RT2860_RIDX_OFDM6].mcs : 5011 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5012 5013 /* CCK frames don't require protection */ 5014 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5015 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5016 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5017 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5018 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5019 tmp |= RT2860_PROT_CTRL_CTS; 5020 } 5021 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5022 } 5023 5024 static void 5025 run_usb_timeout_cb(void *arg) 5026 { 5027 struct ieee80211vap *vap = arg; 5028 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 5029 5030 RUN_LOCK_ASSERT(sc, MA_OWNED); 5031 5032 if(vap->iv_state == IEEE80211_S_RUN && 5033 vap->iv_opmode != IEEE80211_M_STA) 5034 run_reset_livelock(sc); 5035 else if (vap->iv_state == IEEE80211_S_SCAN) { 5036 DPRINTF("timeout caused by scan\n"); 5037 /* cancel bgscan */ 5038 ieee80211_cancel_scan(vap); 5039 } else 5040 DPRINTF("timeout by unknown cause\n"); 5041 } 5042 5043 static void 5044 run_reset_livelock(struct run_softc *sc) 5045 { 5046 uint32_t tmp; 5047 5048 RUN_LOCK_ASSERT(sc, MA_OWNED); 5049 5050 /* 5051 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5052 * can run into a livelock and start sending CTS-to-self frames like 5053 * crazy if protection is enabled. Reset MAC/BBP for a while 5054 */ 5055 run_read(sc, RT2860_DEBUG, &tmp); 5056 DPRINTFN(3, "debug reg %08x\n", tmp); 5057 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5058 DPRINTF("CTS-to-self livelock detected\n"); 5059 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5060 run_delay(sc, 1); 5061 run_write(sc, RT2860_MAC_SYS_CTRL, 5062 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5063 } 5064 } 5065 5066 static void 5067 run_update_promisc_locked(struct ifnet *ifp) 5068 { 5069 struct run_softc *sc = ifp->if_softc; 5070 uint32_t tmp; 5071 5072 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5073 5074 tmp |= RT2860_DROP_UC_NOME; 5075 if (ifp->if_flags & IFF_PROMISC) 5076 tmp &= ~RT2860_DROP_UC_NOME; 5077 5078 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5079 5080 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 5081 "entering" : "leaving"); 5082 } 5083 5084 static void 5085 run_update_promisc(struct ifnet *ifp) 5086 { 5087 struct run_softc *sc = ifp->if_softc; 5088 5089 if ((ifp->if_flags & IFF_RUNNING) == 0) 5090 return; 5091 5092 RUN_LOCK(sc); 5093 run_update_promisc_locked(ifp); 5094 RUN_UNLOCK(sc); 5095 } 5096 5097 static void 5098 run_enable_tsf_sync(struct run_softc *sc) 5099 { 5100 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5101 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5102 uint32_t tmp; 5103 5104 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5105 ic->ic_opmode); 5106 5107 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5108 tmp &= ~0x1fffff; 5109 tmp |= vap->iv_bss->ni_intval * 16; 5110 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5111 5112 if (ic->ic_opmode == IEEE80211_M_STA) { 5113 /* 5114 * Local TSF is always updated with remote TSF on beacon 5115 * reception. 5116 */ 5117 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5118 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5119 tmp |= RT2860_BCN_TX_EN; 5120 /* 5121 * Local TSF is updated with remote TSF on beacon reception 5122 * only if the remote TSF is greater than local TSF. 5123 */ 5124 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5125 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5126 ic->ic_opmode == IEEE80211_M_MBSS) { 5127 tmp |= RT2860_BCN_TX_EN; 5128 /* SYNC with nobody */ 5129 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5130 } else { 5131 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5132 return; 5133 } 5134 5135 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5136 } 5137 5138 static void 5139 run_enable_mrr(struct run_softc *sc) 5140 { 5141 #define CCK(mcs) (mcs) 5142 #define OFDM(mcs) (1 << 3 | (mcs)) 5143 run_write(sc, RT2860_LG_FBK_CFG0, 5144 OFDM(6) << 28 | /* 54->48 */ 5145 OFDM(5) << 24 | /* 48->36 */ 5146 OFDM(4) << 20 | /* 36->24 */ 5147 OFDM(3) << 16 | /* 24->18 */ 5148 OFDM(2) << 12 | /* 18->12 */ 5149 OFDM(1) << 8 | /* 12-> 9 */ 5150 OFDM(0) << 4 | /* 9-> 6 */ 5151 OFDM(0)); /* 6-> 6 */ 5152 5153 run_write(sc, RT2860_LG_FBK_CFG1, 5154 CCK(2) << 12 | /* 11->5.5 */ 5155 CCK(1) << 8 | /* 5.5-> 2 */ 5156 CCK(0) << 4 | /* 2-> 1 */ 5157 CCK(0)); /* 1-> 1 */ 5158 #undef OFDM 5159 #undef CCK 5160 } 5161 5162 static void 5163 run_set_txpreamble(struct run_softc *sc) 5164 { 5165 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5166 uint32_t tmp; 5167 5168 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5169 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5170 tmp |= RT2860_CCK_SHORT_EN; 5171 else 5172 tmp &= ~RT2860_CCK_SHORT_EN; 5173 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5174 } 5175 5176 static void 5177 run_set_basicrates(struct run_softc *sc) 5178 { 5179 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5180 5181 /* set basic rates mask */ 5182 if (ic->ic_curmode == IEEE80211_MODE_11B) 5183 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5184 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5185 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5186 else /* 11g */ 5187 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5188 } 5189 5190 static void 5191 run_set_leds(struct run_softc *sc, uint16_t which) 5192 { 5193 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5194 which | (sc->leds & 0x7f)); 5195 } 5196 5197 static void 5198 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5199 { 5200 run_write(sc, RT2860_MAC_BSSID_DW0, 5201 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5202 run_write(sc, RT2860_MAC_BSSID_DW1, 5203 bssid[4] | bssid[5] << 8); 5204 } 5205 5206 static void 5207 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5208 { 5209 run_write(sc, RT2860_MAC_ADDR_DW0, 5210 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5211 run_write(sc, RT2860_MAC_ADDR_DW1, 5212 addr[4] | addr[5] << 8 | 0xff << 16); 5213 } 5214 5215 static void 5216 run_updateslot(struct ifnet *ifp) 5217 { 5218 struct run_softc *sc = ifp->if_softc; 5219 struct ieee80211com *ic = ifp->if_l2com; 5220 uint32_t i; 5221 5222 i = RUN_CMDQ_GET(&sc->cmdq_store); 5223 DPRINTF("cmdq_store=%d\n", i); 5224 sc->cmdq[i].func = run_updateslot_cb; 5225 sc->cmdq[i].arg0 = ifp; 5226 ieee80211_runtask(ic, &sc->cmdq_task); 5227 5228 return; 5229 } 5230 5231 /* ARGSUSED */ 5232 static void 5233 run_updateslot_cb(void *arg) 5234 { 5235 struct ifnet *ifp = arg; 5236 struct run_softc *sc = ifp->if_softc; 5237 struct ieee80211com *ic = ifp->if_l2com; 5238 uint32_t tmp; 5239 5240 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5241 tmp &= ~0xff; 5242 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5243 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5244 } 5245 5246 static void 5247 run_update_mcast(struct ifnet *ifp) 5248 { 5249 /* h/w filter supports getting everything or nothing */ 5250 ifp->if_flags |= IFF_ALLMULTI; 5251 } 5252 5253 static int8_t 5254 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5255 { 5256 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5257 struct ieee80211_channel *c = ic->ic_curchan; 5258 int delta; 5259 5260 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5261 u_int chan = ieee80211_chan2ieee(ic, c); 5262 delta = sc->rssi_5ghz[rxchain]; 5263 5264 /* determine channel group */ 5265 if (chan <= 64) 5266 delta -= sc->lna[1]; 5267 else if (chan <= 128) 5268 delta -= sc->lna[2]; 5269 else 5270 delta -= sc->lna[3]; 5271 } else 5272 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5273 5274 return (-12 - delta - rssi); 5275 } 5276 5277 static void 5278 run_rt5390_bbp_init(struct run_softc *sc) 5279 { 5280 int i; 5281 uint8_t bbp; 5282 5283 /* Apply maximum likelihood detection for 2 stream case. */ 5284 run_bbp_read(sc, 105, &bbp); 5285 if (sc->nrxchains > 1) 5286 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5287 5288 /* Avoid data lost and CRC error. */ 5289 run_bbp_read(sc, 4, &bbp); 5290 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5291 5292 if (sc->mac_ver == 0x5592) { 5293 for (i = 0; i < NELEM(rt5592_def_bbp); i++) { 5294 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5295 rt5592_def_bbp[i].val); 5296 } 5297 for (i = 0; i < NELEM(rt5592_bbp_r196); i++) { 5298 run_bbp_write(sc, 195, i + 0x80); 5299 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5300 } 5301 } else { 5302 for (i = 0; i < NELEM(rt5390_def_bbp); i++) { 5303 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5304 rt5390_def_bbp[i].val); 5305 } 5306 } 5307 if (sc->mac_ver == 0x5392) { 5308 run_bbp_write(sc, 88, 0x90); 5309 run_bbp_write(sc, 95, 0x9a); 5310 run_bbp_write(sc, 98, 0x12); 5311 run_bbp_write(sc, 106, 0x12); 5312 run_bbp_write(sc, 134, 0xd0); 5313 run_bbp_write(sc, 135, 0xf6); 5314 run_bbp_write(sc, 148, 0x84); 5315 } 5316 5317 run_bbp_read(sc, 152, &bbp); 5318 run_bbp_write(sc, 152, bbp | 0x80); 5319 5320 /* Fix BBP254 for RT5592C. */ 5321 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5322 run_bbp_read(sc, 254, &bbp); 5323 run_bbp_write(sc, 254, bbp | 0x80); 5324 } 5325 5326 /* Disable hardware antenna diversity. */ 5327 if (sc->mac_ver == 0x5390) 5328 run_bbp_write(sc, 154, 0); 5329 5330 /* Initialize Rx CCK/OFDM frequency offset report. */ 5331 run_bbp_write(sc, 142, 1); 5332 run_bbp_write(sc, 143, 57); 5333 } 5334 5335 static int 5336 run_bbp_init(struct run_softc *sc) 5337 { 5338 int i, error, ntries; 5339 uint8_t bbp0; 5340 5341 /* wait for BBP to wake up */ 5342 for (ntries = 0; ntries < 20; ntries++) { 5343 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5344 return error; 5345 if (bbp0 != 0 && bbp0 != 0xff) 5346 break; 5347 } 5348 if (ntries == 20) 5349 return (ETIMEDOUT); 5350 5351 /* initialize BBP registers to default values */ 5352 if (sc->mac_ver >= 0x5390) 5353 run_rt5390_bbp_init(sc); 5354 else { 5355 for (i = 0; i < NELEM(rt2860_def_bbp); i++) { 5356 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5357 rt2860_def_bbp[i].val); 5358 } 5359 } 5360 5361 if (sc->mac_ver == 0x3593) { 5362 run_bbp_write(sc, 79, 0x13); 5363 run_bbp_write(sc, 80, 0x05); 5364 run_bbp_write(sc, 81, 0x33); 5365 run_bbp_write(sc, 86, 0x46); 5366 run_bbp_write(sc, 137, 0x0f); 5367 } 5368 5369 /* fix BBP84 for RT2860E */ 5370 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5371 run_bbp_write(sc, 84, 0x19); 5372 5373 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5374 sc->mac_ver != 0x5592)) { 5375 run_bbp_write(sc, 79, 0x13); 5376 run_bbp_write(sc, 80, 0x05); 5377 run_bbp_write(sc, 81, 0x33); 5378 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5379 run_bbp_write(sc, 69, 0x16); 5380 run_bbp_write(sc, 73, 0x12); 5381 } 5382 return (0); 5383 } 5384 5385 static int 5386 run_rt3070_rf_init(struct run_softc *sc) 5387 { 5388 uint32_t tmp; 5389 uint8_t bbp4, mingain, rf, target; 5390 int i; 5391 5392 run_rt3070_rf_read(sc, 30, &rf); 5393 /* toggle RF R30 bit 7 */ 5394 run_rt3070_rf_write(sc, 30, rf | 0x80); 5395 run_delay(sc, 10); 5396 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5397 5398 /* initialize RF registers to default value */ 5399 if (sc->mac_ver == 0x3572) { 5400 for (i = 0; i < NELEM(rt3572_def_rf); i++) { 5401 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5402 rt3572_def_rf[i].val); 5403 } 5404 } else { 5405 for (i = 0; i < NELEM(rt3070_def_rf); i++) { 5406 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5407 rt3070_def_rf[i].val); 5408 } 5409 } 5410 5411 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5412 /* 5413 * Change voltage from 1.2V to 1.35V for RT3070. 5414 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5415 * in RT3070(F). 5416 */ 5417 run_read(sc, RT3070_LDO_CFG0, &tmp); 5418 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5419 run_write(sc, RT3070_LDO_CFG0, tmp); 5420 5421 } else if (sc->mac_ver == 0x3071) { 5422 run_rt3070_rf_read(sc, 6, &rf); 5423 run_rt3070_rf_write(sc, 6, rf | 0x40); 5424 run_rt3070_rf_write(sc, 31, 0x14); 5425 5426 run_read(sc, RT3070_LDO_CFG0, &tmp); 5427 tmp &= ~0x1f000000; 5428 if (sc->mac_rev < 0x0211) 5429 tmp |= 0x0d000000; /* 1.3V */ 5430 else 5431 tmp |= 0x01000000; /* 1.2V */ 5432 run_write(sc, RT3070_LDO_CFG0, tmp); 5433 5434 /* patch LNA_PE_G1 */ 5435 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5436 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5437 5438 } else if (sc->mac_ver == 0x3572) { 5439 run_rt3070_rf_read(sc, 6, &rf); 5440 run_rt3070_rf_write(sc, 6, rf | 0x40); 5441 5442 /* increase voltage from 1.2V to 1.35V */ 5443 run_read(sc, RT3070_LDO_CFG0, &tmp); 5444 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5445 run_write(sc, RT3070_LDO_CFG0, tmp); 5446 5447 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5448 run_delay(sc, 1); /* wait for 1msec */ 5449 /* decrease voltage back to 1.2V */ 5450 tmp = (tmp & ~0x1f000000) | 0x01000000; 5451 run_write(sc, RT3070_LDO_CFG0, tmp); 5452 } 5453 } 5454 5455 /* select 20MHz bandwidth */ 5456 run_rt3070_rf_read(sc, 31, &rf); 5457 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5458 5459 /* calibrate filter for 20MHz bandwidth */ 5460 sc->rf24_20mhz = 0x1f; /* default value */ 5461 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5462 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5463 5464 /* select 40MHz bandwidth */ 5465 run_bbp_read(sc, 4, &bbp4); 5466 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5467 run_rt3070_rf_read(sc, 31, &rf); 5468 run_rt3070_rf_write(sc, 31, rf | 0x20); 5469 5470 /* calibrate filter for 40MHz bandwidth */ 5471 sc->rf24_40mhz = 0x2f; /* default value */ 5472 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5473 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5474 5475 /* go back to 20MHz bandwidth */ 5476 run_bbp_read(sc, 4, &bbp4); 5477 run_bbp_write(sc, 4, bbp4 & ~0x18); 5478 5479 if (sc->mac_ver == 0x3572) { 5480 /* save default BBP registers 25 and 26 values */ 5481 run_bbp_read(sc, 25, &sc->bbp25); 5482 run_bbp_read(sc, 26, &sc->bbp26); 5483 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5484 run_rt3070_rf_write(sc, 27, 0x03); 5485 5486 run_read(sc, RT3070_OPT_14, &tmp); 5487 run_write(sc, RT3070_OPT_14, tmp | 1); 5488 5489 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5490 run_rt3070_rf_read(sc, 17, &rf); 5491 rf &= ~RT3070_TX_LO1; 5492 if ((sc->mac_ver == 0x3070 || 5493 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5494 !sc->ext_2ghz_lna) 5495 rf |= 0x20; /* fix for long range Rx issue */ 5496 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5497 if (sc->txmixgain_2ghz >= mingain) 5498 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5499 run_rt3070_rf_write(sc, 17, rf); 5500 } 5501 5502 if (sc->mac_rev == 0x3071) { 5503 run_rt3070_rf_read(sc, 1, &rf); 5504 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5505 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5506 run_rt3070_rf_write(sc, 1, rf); 5507 5508 run_rt3070_rf_read(sc, 15, &rf); 5509 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5510 5511 run_rt3070_rf_read(sc, 20, &rf); 5512 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5513 5514 run_rt3070_rf_read(sc, 21, &rf); 5515 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5516 } 5517 5518 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5519 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5520 run_rt3070_rf_read(sc, 27, &rf); 5521 rf &= ~0x77; 5522 if (sc->mac_rev < 0x0211) 5523 rf |= 0x03; 5524 run_rt3070_rf_write(sc, 27, rf); 5525 } 5526 return (0); 5527 } 5528 5529 static void 5530 run_rt3593_rf_init(struct run_softc *sc) 5531 { 5532 uint32_t tmp; 5533 uint8_t rf; 5534 int i; 5535 5536 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5537 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5538 tmp &= ~(1 << 4 | 1 << 7); 5539 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5540 5541 /* Initialize RF registers to default value. */ 5542 for (i = 0; i < NELEM(rt3593_def_rf); i++) { 5543 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5544 rt3593_def_rf[i].val); 5545 } 5546 5547 /* Toggle RF R2 to initiate calibration. */ 5548 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5549 5550 /* Initialize RF frequency offset. */ 5551 run_adjust_freq_offset(sc); 5552 5553 run_rt3070_rf_read(sc, 18, &rf); 5554 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5555 5556 /* 5557 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5558 * decrease voltage back to 1.2V. 5559 */ 5560 run_read(sc, RT3070_LDO_CFG0, &tmp); 5561 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5562 run_write(sc, RT3070_LDO_CFG0, tmp); 5563 run_delay(sc, 1); 5564 tmp = (tmp & ~0x1f000000) | 0x01000000; 5565 run_write(sc, RT3070_LDO_CFG0, tmp); 5566 5567 sc->rf24_20mhz = 0x1f; 5568 sc->rf24_40mhz = 0x2f; 5569 5570 /* Save default BBP registers 25 and 26 values. */ 5571 run_bbp_read(sc, 25, &sc->bbp25); 5572 run_bbp_read(sc, 26, &sc->bbp26); 5573 5574 run_read(sc, RT3070_OPT_14, &tmp); 5575 run_write(sc, RT3070_OPT_14, tmp | 1); 5576 } 5577 5578 static void 5579 run_rt5390_rf_init(struct run_softc *sc) 5580 { 5581 uint32_t tmp; 5582 uint8_t rf; 5583 int i; 5584 5585 /* Toggle RF R2 to initiate calibration. */ 5586 if (sc->mac_ver == 0x5390) { 5587 run_rt3070_rf_read(sc, 2, &rf); 5588 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5589 run_delay(sc, 10); 5590 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5591 } else { 5592 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5593 run_delay(sc, 10); 5594 } 5595 5596 /* Initialize RF registers to default value. */ 5597 if (sc->mac_ver == 0x5592) { 5598 for (i = 0; i < NELEM(rt5592_def_rf); i++) { 5599 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5600 rt5592_def_rf[i].val); 5601 } 5602 /* Initialize RF frequency offset. */ 5603 run_adjust_freq_offset(sc); 5604 } else if (sc->mac_ver == 0x5392) { 5605 for (i = 0; i < NELEM(rt5392_def_rf); i++) { 5606 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5607 rt5392_def_rf[i].val); 5608 } 5609 if (sc->mac_rev >= 0x0223) { 5610 run_rt3070_rf_write(sc, 23, 0x0f); 5611 run_rt3070_rf_write(sc, 24, 0x3e); 5612 run_rt3070_rf_write(sc, 51, 0x32); 5613 run_rt3070_rf_write(sc, 53, 0x22); 5614 run_rt3070_rf_write(sc, 56, 0xc1); 5615 run_rt3070_rf_write(sc, 59, 0x0f); 5616 } 5617 } else { 5618 for (i = 0; i < NELEM(rt5390_def_rf); i++) { 5619 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5620 rt5390_def_rf[i].val); 5621 } 5622 if (sc->mac_rev >= 0x0502) { 5623 run_rt3070_rf_write(sc, 6, 0xe0); 5624 run_rt3070_rf_write(sc, 25, 0x80); 5625 run_rt3070_rf_write(sc, 46, 0x73); 5626 run_rt3070_rf_write(sc, 53, 0x00); 5627 run_rt3070_rf_write(sc, 56, 0x42); 5628 run_rt3070_rf_write(sc, 61, 0xd1); 5629 } 5630 } 5631 5632 sc->rf24_20mhz = 0x1f; /* default value */ 5633 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5634 5635 if (sc->mac_rev < 0x0211) 5636 run_rt3070_rf_write(sc, 27, 0x3); 5637 5638 run_read(sc, RT3070_OPT_14, &tmp); 5639 run_write(sc, RT3070_OPT_14, tmp | 1); 5640 } 5641 5642 static int 5643 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5644 uint8_t *val) 5645 { 5646 uint8_t rf22, rf24; 5647 uint8_t bbp55_pb, bbp55_sb, delta; 5648 int ntries; 5649 5650 /* program filter */ 5651 run_rt3070_rf_read(sc, 24, &rf24); 5652 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5653 run_rt3070_rf_write(sc, 24, rf24); 5654 5655 /* enable baseband loopback mode */ 5656 run_rt3070_rf_read(sc, 22, &rf22); 5657 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5658 5659 /* set power and frequency of passband test tone */ 5660 run_bbp_write(sc, 24, 0x00); 5661 for (ntries = 0; ntries < 100; ntries++) { 5662 /* transmit test tone */ 5663 run_bbp_write(sc, 25, 0x90); 5664 run_delay(sc, 10); 5665 /* read received power */ 5666 run_bbp_read(sc, 55, &bbp55_pb); 5667 if (bbp55_pb != 0) 5668 break; 5669 } 5670 if (ntries == 100) 5671 return (ETIMEDOUT); 5672 5673 /* set power and frequency of stopband test tone */ 5674 run_bbp_write(sc, 24, 0x06); 5675 for (ntries = 0; ntries < 100; ntries++) { 5676 /* transmit test tone */ 5677 run_bbp_write(sc, 25, 0x90); 5678 run_delay(sc, 10); 5679 /* read received power */ 5680 run_bbp_read(sc, 55, &bbp55_sb); 5681 5682 delta = bbp55_pb - bbp55_sb; 5683 if (delta > target) 5684 break; 5685 5686 /* reprogram filter */ 5687 rf24++; 5688 run_rt3070_rf_write(sc, 24, rf24); 5689 } 5690 if (ntries < 100) { 5691 if (rf24 != init) 5692 rf24--; /* backtrack */ 5693 *val = rf24; 5694 run_rt3070_rf_write(sc, 24, rf24); 5695 } 5696 5697 /* restore initial state */ 5698 run_bbp_write(sc, 24, 0x00); 5699 5700 /* disable baseband loopback mode */ 5701 run_rt3070_rf_read(sc, 22, &rf22); 5702 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5703 5704 return (0); 5705 } 5706 5707 static void 5708 run_rt3070_rf_setup(struct run_softc *sc) 5709 { 5710 uint8_t bbp, rf; 5711 int i; 5712 5713 if (sc->mac_ver == 0x3572) { 5714 /* enable DC filter */ 5715 if (sc->mac_rev >= 0x0201) 5716 run_bbp_write(sc, 103, 0xc0); 5717 5718 run_bbp_read(sc, 138, &bbp); 5719 if (sc->ntxchains == 1) 5720 bbp |= 0x20; /* turn off DAC1 */ 5721 if (sc->nrxchains == 1) 5722 bbp &= ~0x02; /* turn off ADC1 */ 5723 run_bbp_write(sc, 138, bbp); 5724 5725 if (sc->mac_rev >= 0x0211) { 5726 /* improve power consumption */ 5727 run_bbp_read(sc, 31, &bbp); 5728 run_bbp_write(sc, 31, bbp & ~0x03); 5729 } 5730 5731 run_rt3070_rf_read(sc, 16, &rf); 5732 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5733 run_rt3070_rf_write(sc, 16, rf); 5734 5735 } else if (sc->mac_ver == 0x3071) { 5736 if (sc->mac_rev >= 0x0211) { 5737 /* enable DC filter */ 5738 run_bbp_write(sc, 103, 0xc0); 5739 5740 /* improve power consumption */ 5741 run_bbp_read(sc, 31, &bbp); 5742 run_bbp_write(sc, 31, bbp & ~0x03); 5743 } 5744 5745 run_bbp_read(sc, 138, &bbp); 5746 if (sc->ntxchains == 1) 5747 bbp |= 0x20; /* turn off DAC1 */ 5748 if (sc->nrxchains == 1) 5749 bbp &= ~0x02; /* turn off ADC1 */ 5750 run_bbp_write(sc, 138, bbp); 5751 5752 run_write(sc, RT2860_TX_SW_CFG1, 0); 5753 if (sc->mac_rev < 0x0211) { 5754 run_write(sc, RT2860_TX_SW_CFG2, 5755 sc->patch_dac ? 0x2c : 0x0f); 5756 } else 5757 run_write(sc, RT2860_TX_SW_CFG2, 0); 5758 5759 } else if (sc->mac_ver == 0x3070) { 5760 if (sc->mac_rev >= 0x0201) { 5761 /* enable DC filter */ 5762 run_bbp_write(sc, 103, 0xc0); 5763 5764 /* improve power consumption */ 5765 run_bbp_read(sc, 31, &bbp); 5766 run_bbp_write(sc, 31, bbp & ~0x03); 5767 } 5768 5769 if (sc->mac_rev < 0x0201) { 5770 run_write(sc, RT2860_TX_SW_CFG1, 0); 5771 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5772 } else 5773 run_write(sc, RT2860_TX_SW_CFG2, 0); 5774 } 5775 5776 /* initialize RF registers from ROM for >=RT3071*/ 5777 if (sc->mac_ver >= 0x3071) { 5778 for (i = 0; i < 10; i++) { 5779 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5780 continue; 5781 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5782 } 5783 } 5784 } 5785 5786 static void 5787 run_rt3593_rf_setup(struct run_softc *sc) 5788 { 5789 uint8_t bbp, rf; 5790 5791 if (sc->mac_rev >= 0x0211) { 5792 /* Enable DC filter. */ 5793 run_bbp_write(sc, 103, 0xc0); 5794 } 5795 run_write(sc, RT2860_TX_SW_CFG1, 0); 5796 if (sc->mac_rev < 0x0211) { 5797 run_write(sc, RT2860_TX_SW_CFG2, 5798 sc->patch_dac ? 0x2c : 0x0f); 5799 } else 5800 run_write(sc, RT2860_TX_SW_CFG2, 0); 5801 5802 run_rt3070_rf_read(sc, 50, &rf); 5803 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5804 5805 run_rt3070_rf_read(sc, 51, &rf); 5806 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5807 ((sc->txmixgain_2ghz & 0x07) << 2); 5808 run_rt3070_rf_write(sc, 51, rf); 5809 5810 run_rt3070_rf_read(sc, 38, &rf); 5811 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5812 5813 run_rt3070_rf_read(sc, 39, &rf); 5814 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5815 5816 run_rt3070_rf_read(sc, 1, &rf); 5817 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5818 5819 run_rt3070_rf_read(sc, 30, &rf); 5820 rf = (rf & ~0x18) | 0x10; 5821 run_rt3070_rf_write(sc, 30, rf); 5822 5823 /* Apply maximum likelihood detection for 2 stream case. */ 5824 run_bbp_read(sc, 105, &bbp); 5825 if (sc->nrxchains > 1) 5826 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5827 5828 /* Avoid data lost and CRC error. */ 5829 run_bbp_read(sc, 4, &bbp); 5830 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5831 5832 run_bbp_write(sc, 92, 0x02); 5833 run_bbp_write(sc, 82, 0x82); 5834 run_bbp_write(sc, 106, 0x05); 5835 run_bbp_write(sc, 104, 0x92); 5836 run_bbp_write(sc, 88, 0x90); 5837 run_bbp_write(sc, 148, 0xc8); 5838 run_bbp_write(sc, 47, 0x48); 5839 run_bbp_write(sc, 120, 0x50); 5840 5841 run_bbp_write(sc, 163, 0x9d); 5842 5843 /* SNR mapping. */ 5844 run_bbp_write(sc, 142, 0x06); 5845 run_bbp_write(sc, 143, 0xa0); 5846 run_bbp_write(sc, 142, 0x07); 5847 run_bbp_write(sc, 143, 0xa1); 5848 run_bbp_write(sc, 142, 0x08); 5849 run_bbp_write(sc, 143, 0xa2); 5850 5851 run_bbp_write(sc, 31, 0x08); 5852 run_bbp_write(sc, 68, 0x0b); 5853 run_bbp_write(sc, 105, 0x04); 5854 } 5855 5856 static void 5857 run_rt5390_rf_setup(struct run_softc *sc) 5858 { 5859 uint8_t bbp, rf; 5860 5861 if (sc->mac_rev >= 0x0211) { 5862 /* Enable DC filter. */ 5863 run_bbp_write(sc, 103, 0xc0); 5864 5865 if (sc->mac_ver != 0x5592) { 5866 /* Improve power consumption. */ 5867 run_bbp_read(sc, 31, &bbp); 5868 run_bbp_write(sc, 31, bbp & ~0x03); 5869 } 5870 } 5871 5872 run_bbp_read(sc, 138, &bbp); 5873 if (sc->ntxchains == 1) 5874 bbp |= 0x20; /* turn off DAC1 */ 5875 if (sc->nrxchains == 1) 5876 bbp &= ~0x02; /* turn off ADC1 */ 5877 run_bbp_write(sc, 138, bbp); 5878 5879 run_rt3070_rf_read(sc, 38, &rf); 5880 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5881 5882 run_rt3070_rf_read(sc, 39, &rf); 5883 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5884 5885 /* Avoid data lost and CRC error. */ 5886 run_bbp_read(sc, 4, &bbp); 5887 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5888 5889 run_rt3070_rf_read(sc, 30, &rf); 5890 rf = (rf & ~0x18) | 0x10; 5891 run_rt3070_rf_write(sc, 30, rf); 5892 5893 if (sc->mac_ver != 0x5592) { 5894 run_write(sc, RT2860_TX_SW_CFG1, 0); 5895 if (sc->mac_rev < 0x0211) { 5896 run_write(sc, RT2860_TX_SW_CFG2, 5897 sc->patch_dac ? 0x2c : 0x0f); 5898 } else 5899 run_write(sc, RT2860_TX_SW_CFG2, 0); 5900 } 5901 } 5902 5903 static int 5904 run_txrx_enable(struct run_softc *sc) 5905 { 5906 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5907 uint32_t tmp; 5908 int error, ntries; 5909 5910 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5911 for (ntries = 0; ntries < 200; ntries++) { 5912 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5913 return (error); 5914 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5915 break; 5916 run_delay(sc, 50); 5917 } 5918 if (ntries == 200) 5919 return (ETIMEDOUT); 5920 5921 run_delay(sc, 50); 5922 5923 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5924 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5925 5926 /* enable Rx bulk aggregation (set timeout and limit) */ 5927 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5928 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5929 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5930 5931 /* set Rx filter */ 5932 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5933 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5934 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5935 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5936 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5937 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5938 if (ic->ic_opmode == IEEE80211_M_STA) 5939 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5940 } 5941 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5942 5943 run_write(sc, RT2860_MAC_SYS_CTRL, 5944 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5945 5946 return (0); 5947 } 5948 5949 static void 5950 run_adjust_freq_offset(struct run_softc *sc) 5951 { 5952 uint8_t rf, tmp; 5953 5954 run_rt3070_rf_read(sc, 17, &rf); 5955 tmp = rf; 5956 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5957 rf = MIN(rf, 0x5f); 5958 5959 if (tmp != rf) 5960 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5961 } 5962 5963 static void 5964 run_init_locked(struct run_softc *sc) 5965 { 5966 struct ifnet *ifp = sc->sc_ifp; 5967 struct ieee80211com *ic = ifp->if_l2com; 5968 uint32_t tmp; 5969 uint8_t bbp1, bbp3; 5970 int i; 5971 int ridx; 5972 int ntries; 5973 5974 if (ic->ic_nrunning > 1) 5975 return; 5976 5977 run_stop(sc); 5978 5979 if (run_load_microcode(sc) != 0) { 5980 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5981 goto fail; 5982 } 5983 5984 for (ntries = 0; ntries < 100; ntries++) { 5985 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5986 goto fail; 5987 if (tmp != 0 && tmp != 0xffffffff) 5988 break; 5989 run_delay(sc, 10); 5990 } 5991 if (ntries == 100) 5992 goto fail; 5993 5994 for (i = 0; i != RUN_EP_QUEUES; i++) 5995 run_setup_tx_list(sc, &sc->sc_epq[i]); 5996 5997 run_set_macaddr(sc, IF_LLADDR(ifp)); 5998 5999 for (ntries = 0; ntries < 100; ntries++) { 6000 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6001 goto fail; 6002 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6003 break; 6004 run_delay(sc, 10); 6005 } 6006 if (ntries == 100) { 6007 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6008 goto fail; 6009 } 6010 tmp &= 0xff0; 6011 tmp |= RT2860_TX_WB_DDONE; 6012 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6013 6014 /* turn off PME_OEN to solve high-current issue */ 6015 run_read(sc, RT2860_SYS_CTRL, &tmp); 6016 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6017 6018 run_write(sc, RT2860_MAC_SYS_CTRL, 6019 RT2860_BBP_HRST | RT2860_MAC_SRST); 6020 run_write(sc, RT2860_USB_DMA_CFG, 0); 6021 6022 if (run_reset(sc) != 0) { 6023 device_printf(sc->sc_dev, "could not reset chipset\n"); 6024 goto fail; 6025 } 6026 6027 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6028 6029 /* init Tx power for all Tx rates (from EEPROM) */ 6030 for (ridx = 0; ridx < 5; ridx++) { 6031 if (sc->txpow20mhz[ridx] == 0xffffffff) 6032 continue; 6033 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6034 } 6035 6036 for (i = 0; i < NELEM(rt2870_def_mac); i++) 6037 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6038 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6039 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6040 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6041 6042 if (sc->mac_ver >= 0x5390) { 6043 run_write(sc, RT2860_TX_SW_CFG0, 6044 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6045 if (sc->mac_ver >= 0x5392) { 6046 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6047 if (sc->mac_ver == 0x5592) { 6048 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6049 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6050 } else { 6051 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6052 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6053 } 6054 } 6055 } else if (sc->mac_ver == 0x3593) { 6056 run_write(sc, RT2860_TX_SW_CFG0, 6057 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6058 } else if (sc->mac_ver >= 0x3070) { 6059 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6060 run_write(sc, RT2860_TX_SW_CFG0, 6061 4 << RT2860_DLY_PAPE_EN_SHIFT); 6062 } 6063 6064 /* wait while MAC is busy */ 6065 for (ntries = 0; ntries < 100; ntries++) { 6066 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6067 goto fail; 6068 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6069 break; 6070 run_delay(sc, 10); 6071 } 6072 if (ntries == 100) 6073 goto fail; 6074 6075 /* clear Host to MCU mailbox */ 6076 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6077 run_write(sc, RT2860_H2M_MAILBOX, 0); 6078 run_delay(sc, 10); 6079 6080 if (run_bbp_init(sc) != 0) { 6081 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6082 goto fail; 6083 } 6084 6085 /* abort TSF synchronization */ 6086 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6087 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6088 RT2860_TBTT_TIMER_EN); 6089 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6090 6091 /* clear RX WCID search table */ 6092 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6093 /* clear WCID attribute table */ 6094 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6095 6096 /* hostapd sets a key before init. So, don't clear it. */ 6097 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6098 /* clear shared key table */ 6099 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6100 /* clear shared key mode */ 6101 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6102 } 6103 6104 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6105 tmp = (tmp & ~0xff) | 0x1e; 6106 run_write(sc, RT2860_US_CYC_CNT, tmp); 6107 6108 if (sc->mac_rev != 0x0101) 6109 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6110 6111 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6112 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6113 6114 /* write vendor-specific BBP values (from EEPROM) */ 6115 if (sc->mac_ver < 0x3593) { 6116 for (i = 0; i < 10; i++) { 6117 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6118 continue; 6119 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6120 } 6121 } 6122 6123 /* select Main antenna for 1T1R devices */ 6124 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6125 run_set_rx_antenna(sc, 0); 6126 6127 /* send LEDs operating mode to microcontroller */ 6128 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6129 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6130 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6131 6132 if (sc->mac_ver >= 0x5390) 6133 run_rt5390_rf_init(sc); 6134 else if (sc->mac_ver == 0x3593) 6135 run_rt3593_rf_init(sc); 6136 else if (sc->mac_ver >= 0x3070) 6137 run_rt3070_rf_init(sc); 6138 6139 /* disable non-existing Rx chains */ 6140 run_bbp_read(sc, 3, &bbp3); 6141 bbp3 &= ~(1 << 3 | 1 << 4); 6142 if (sc->nrxchains == 2) 6143 bbp3 |= 1 << 3; 6144 else if (sc->nrxchains == 3) 6145 bbp3 |= 1 << 4; 6146 run_bbp_write(sc, 3, bbp3); 6147 6148 /* disable non-existing Tx chains */ 6149 run_bbp_read(sc, 1, &bbp1); 6150 if (sc->ntxchains == 1) 6151 bbp1 &= ~(1 << 3 | 1 << 4); 6152 run_bbp_write(sc, 1, bbp1); 6153 6154 if (sc->mac_ver >= 0x5390) 6155 run_rt5390_rf_setup(sc); 6156 else if (sc->mac_ver == 0x3593) 6157 run_rt3593_rf_setup(sc); 6158 else if (sc->mac_ver >= 0x3070) 6159 run_rt3070_rf_setup(sc); 6160 6161 /* select default channel */ 6162 run_set_chan(sc, ic->ic_curchan); 6163 6164 /* setup initial protection mode */ 6165 run_updateprot_cb(ic); 6166 6167 /* turn radio LED on */ 6168 run_set_leds(sc, RT2860_LED_RADIO); 6169 6170 ifq_clr_oactive(&ifp->if_snd); 6171 ifp->if_flags |= IFF_RUNNING; 6172 sc->cmdq_run = RUN_CMDQ_GO; 6173 6174 for (i = 0; i != RUN_N_XFER; i++) 6175 usbd_xfer_set_stall(sc->sc_xfer[i]); 6176 6177 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6178 6179 if (run_txrx_enable(sc) != 0) 6180 goto fail; 6181 6182 return; 6183 6184 fail: 6185 run_stop(sc); 6186 } 6187 6188 static void 6189 run_init(void *arg) 6190 { 6191 struct run_softc *sc = arg; 6192 struct ifnet *ifp = sc->sc_ifp; 6193 struct ieee80211com *ic = ifp->if_l2com; 6194 6195 RUN_LOCK(sc); 6196 run_init_locked(sc); 6197 RUN_UNLOCK(sc); 6198 6199 if (ifp->if_flags & IFF_RUNNING) 6200 ieee80211_start_all(ic); 6201 } 6202 6203 static void 6204 run_stop(void *arg) 6205 { 6206 struct run_softc *sc = (struct run_softc *)arg; 6207 struct ifnet *ifp = sc->sc_ifp; 6208 uint32_t tmp; 6209 int i; 6210 int ntries; 6211 6212 RUN_LOCK_ASSERT(sc, MA_OWNED); 6213 6214 if (ifp->if_flags & IFF_RUNNING) 6215 run_set_leds(sc, 0); /* turn all LEDs off */ 6216 6217 ifp->if_flags &= ~IFF_RUNNING; 6218 ifq_clr_oactive(&ifp->if_snd); 6219 6220 sc->ratectl_run = RUN_RATECTL_OFF; 6221 sc->cmdq_run = sc->cmdq_key_set; 6222 6223 RUN_UNLOCK(sc); 6224 6225 for(i = 0; i < RUN_N_XFER; i++) 6226 usbd_transfer_drain(sc->sc_xfer[i]); 6227 6228 RUN_LOCK(sc); 6229 6230 if (sc->rx_m != NULL) { 6231 m_free(sc->rx_m); 6232 sc->rx_m = NULL; 6233 } 6234 6235 /* Disable Tx/Rx DMA. */ 6236 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6237 return; 6238 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6239 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6240 6241 for (ntries = 0; ntries < 100; ntries++) { 6242 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6243 return; 6244 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6245 break; 6246 run_delay(sc, 10); 6247 } 6248 if (ntries == 100) { 6249 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6250 return; 6251 } 6252 6253 /* disable Tx/Rx */ 6254 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6255 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6256 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6257 6258 /* wait for pending Tx to complete */ 6259 for (ntries = 0; ntries < 100; ntries++) { 6260 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6261 DPRINTF("Cannot read Tx queue count\n"); 6262 break; 6263 } 6264 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6265 DPRINTF("All Tx cleared\n"); 6266 break; 6267 } 6268 run_delay(sc, 10); 6269 } 6270 if (ntries >= 100) 6271 DPRINTF("There are still pending Tx\n"); 6272 run_delay(sc, 10); 6273 run_write(sc, RT2860_USB_DMA_CFG, 0); 6274 6275 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6276 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6277 6278 for (i = 0; i != RUN_EP_QUEUES; i++) 6279 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6280 } 6281 6282 static void 6283 run_delay(struct run_softc *sc, u_int ms) 6284 { 6285 usb_pause_ls(lockowned(&sc->sc_lock) ? &sc->sc_lock : NULL, 6286 &wlan_global_serializer, 6287 USB_MS_TO_TICKS(ms)); 6288 } 6289 6290 static device_method_t run_methods[] = { 6291 /* Device interface */ 6292 DEVMETHOD(device_probe, run_match), 6293 DEVMETHOD(device_attach, run_attach), 6294 DEVMETHOD(device_detach, run_detach), 6295 DEVMETHOD_END 6296 }; 6297 6298 static driver_t run_driver = { 6299 .name = "run", 6300 .methods = run_methods, 6301 .size = sizeof(struct run_softc) 6302 }; 6303 6304 static devclass_t run_devclass; 6305 6306 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6307 MODULE_DEPEND(run, wlan, 1, 1, 1); 6308 MODULE_DEPEND(run, usb, 1, 1, 1); 6309 MODULE_DEPEND(run, firmware, 1, 1, 1); 6310 MODULE_VERSION(run, 1); 6311