1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include "opt_wlan.h" 29 30 #include <sys/param.h> 31 #include <sys/sockio.h> 32 #include <sys/sysctl.h> 33 #include <sys/lock.h> 34 #include <sys/mutex.h> 35 #include <sys/mbuf.h> 36 #include <sys/kernel.h> 37 #include <sys/socket.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/module.h> 41 #include <sys/bus.h> 42 #include <sys/endian.h> 43 #include <sys/linker.h> 44 #include <sys/firmware.h> 45 #include <sys/kdb.h> 46 47 #include <net/bpf.h> 48 #include <net/if.h> 49 #include <net/if_var.h> 50 #include <net/if_arp.h> 51 #include <net/ethernet.h> 52 #include <net/if_dl.h> 53 #include <net/if_media.h> 54 #include <net/if_types.h> 55 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/if_ether.h> 60 #include <netinet/ip.h> 61 62 #include <net80211/ieee80211_var.h> 63 #include <net80211/ieee80211_regdomain.h> 64 #include <net80211/ieee80211_radiotap.h> 65 #include <net80211/ieee80211_ratectl.h> 66 67 #include <dev/usb/usb.h> 68 #include <dev/usb/usbdi.h> 69 #include "usbdevs.h" 70 71 #define USB_DEBUG_VAR run_debug 72 #include <dev/usb/usb_debug.h> 73 #include <dev/usb/usb_msctest.h> 74 75 #include <dev/usb/wlan/if_runreg.h> 76 #include <dev/usb/wlan/if_runvar.h> 77 78 #ifdef USB_DEBUG 79 #define RUN_DEBUG 80 #endif 81 82 #ifdef RUN_DEBUG 83 int run_debug = 0; 84 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 85 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 86 "run debug level"); 87 88 enum { 89 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */ 90 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */ 91 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */ 92 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */ 93 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */ 94 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */ 95 RUN_DEBUG_USB = 0x00000040, /* usb requests */ 96 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */ 97 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */ 98 RUN_DEBUG_INTR = 0x00000200, /* ISR */ 99 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */ 100 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */ 101 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */ 102 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */ 103 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */ 104 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */ 105 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */ 106 RUN_DEBUG_CMD = 0x00020000, /* command queue */ 107 RUN_DEBUG_ANY = 0xffffffff 108 }; 109 110 #define RUN_DPRINTF(_sc, _m, ...) do { \ 111 if (run_debug & (_m)) \ 112 device_printf((_sc)->sc_dev, __VA_ARGS__); \ 113 } while(0) 114 #else 115 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0) 116 #endif 117 118 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh) 119 120 /* 121 * Because of LOR in run_key_delete(), use atomic instead. 122 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 123 */ 124 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 125 126 static const STRUCT_USB_HOST_ID run_devs[] = { 127 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 128 #define RUN_DEV_EJECT(v,p) \ 129 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 130 #define RUN_EJECT 1 131 RUN_DEV(ABOCOM, RT2770), 132 RUN_DEV(ABOCOM, RT2870), 133 RUN_DEV(ABOCOM, RT3070), 134 RUN_DEV(ABOCOM, RT3071), 135 RUN_DEV(ABOCOM, RT3072), 136 RUN_DEV(ABOCOM2, RT2870_1), 137 RUN_DEV(ACCTON, RT2770), 138 RUN_DEV(ACCTON, RT2870_1), 139 RUN_DEV(ACCTON, RT2870_2), 140 RUN_DEV(ACCTON, RT2870_3), 141 RUN_DEV(ACCTON, RT2870_4), 142 RUN_DEV(ACCTON, RT2870_5), 143 RUN_DEV(ACCTON, RT3070), 144 RUN_DEV(ACCTON, RT3070_1), 145 RUN_DEV(ACCTON, RT3070_2), 146 RUN_DEV(ACCTON, RT3070_3), 147 RUN_DEV(ACCTON, RT3070_4), 148 RUN_DEV(ACCTON, RT3070_5), 149 RUN_DEV(AIRTIES, RT3070), 150 RUN_DEV(ALLWIN, RT2070), 151 RUN_DEV(ALLWIN, RT2770), 152 RUN_DEV(ALLWIN, RT2870), 153 RUN_DEV(ALLWIN, RT3070), 154 RUN_DEV(ALLWIN, RT3071), 155 RUN_DEV(ALLWIN, RT3072), 156 RUN_DEV(ALLWIN, RT3572), 157 RUN_DEV(AMIGO, RT2870_1), 158 RUN_DEV(AMIGO, RT2870_2), 159 RUN_DEV(AMIT, CGWLUSB2GNR), 160 RUN_DEV(AMIT, RT2870_1), 161 RUN_DEV(AMIT2, RT2870), 162 RUN_DEV(ASUS, RT2870_1), 163 RUN_DEV(ASUS, RT2870_2), 164 RUN_DEV(ASUS, RT2870_3), 165 RUN_DEV(ASUS, RT2870_4), 166 RUN_DEV(ASUS, RT2870_5), 167 RUN_DEV(ASUS, USBN13), 168 RUN_DEV(ASUS, RT3070_1), 169 RUN_DEV(ASUS, USBN66), 170 RUN_DEV(ASUS, USB_N53), 171 RUN_DEV(ASUS2, USBN11), 172 RUN_DEV(AZUREWAVE, RT2870_1), 173 RUN_DEV(AZUREWAVE, RT2870_2), 174 RUN_DEV(AZUREWAVE, RT3070_1), 175 RUN_DEV(AZUREWAVE, RT3070_2), 176 RUN_DEV(AZUREWAVE, RT3070_3), 177 RUN_DEV(BELKIN, F9L1103), 178 RUN_DEV(BELKIN, F5D8053V3), 179 RUN_DEV(BELKIN, F5D8055), 180 RUN_DEV(BELKIN, F5D8055V2), 181 RUN_DEV(BELKIN, F6D4050V1), 182 RUN_DEV(BELKIN, F6D4050V2), 183 RUN_DEV(BELKIN, RT2870_1), 184 RUN_DEV(BELKIN, RT2870_2), 185 RUN_DEV(CISCOLINKSYS, AE1000), 186 RUN_DEV(CISCOLINKSYS2, RT3070), 187 RUN_DEV(CISCOLINKSYS3, RT3070), 188 RUN_DEV(CONCEPTRONIC2, RT2870_1), 189 RUN_DEV(CONCEPTRONIC2, RT2870_2), 190 RUN_DEV(CONCEPTRONIC2, RT2870_3), 191 RUN_DEV(CONCEPTRONIC2, RT2870_4), 192 RUN_DEV(CONCEPTRONIC2, RT2870_5), 193 RUN_DEV(CONCEPTRONIC2, RT2870_6), 194 RUN_DEV(CONCEPTRONIC2, RT2870_7), 195 RUN_DEV(CONCEPTRONIC2, RT2870_8), 196 RUN_DEV(CONCEPTRONIC2, RT3070_1), 197 RUN_DEV(CONCEPTRONIC2, RT3070_2), 198 RUN_DEV(CONCEPTRONIC2, VIGORN61), 199 RUN_DEV(COREGA, CGWLUSB300GNM), 200 RUN_DEV(COREGA, RT2870_1), 201 RUN_DEV(COREGA, RT2870_2), 202 RUN_DEV(COREGA, RT2870_3), 203 RUN_DEV(COREGA, RT3070), 204 RUN_DEV(CYBERTAN, RT2870), 205 RUN_DEV(DLINK, RT2870), 206 RUN_DEV(DLINK, RT3072), 207 RUN_DEV(DLINK, DWA125A3), 208 RUN_DEV(DLINK, DWA127), 209 RUN_DEV(DLINK, DWA140B3), 210 RUN_DEV(DLINK, DWA160B2), 211 RUN_DEV(DLINK, DWA140D1), 212 RUN_DEV(DLINK, DWA162), 213 RUN_DEV(DLINK2, DWA130), 214 RUN_DEV(DLINK2, RT2870_1), 215 RUN_DEV(DLINK2, RT2870_2), 216 RUN_DEV(DLINK2, RT3070_1), 217 RUN_DEV(DLINK2, RT3070_2), 218 RUN_DEV(DLINK2, RT3070_3), 219 RUN_DEV(DLINK2, RT3070_4), 220 RUN_DEV(DLINK2, RT3070_5), 221 RUN_DEV(DLINK2, RT3072), 222 RUN_DEV(DLINK2, RT3072_1), 223 RUN_DEV(EDIMAX, EW7717), 224 RUN_DEV(EDIMAX, EW7718), 225 RUN_DEV(EDIMAX, EW7733UND), 226 RUN_DEV(EDIMAX, RT2870_1), 227 RUN_DEV(ENCORE, RT3070_1), 228 RUN_DEV(ENCORE, RT3070_2), 229 RUN_DEV(ENCORE, RT3070_3), 230 RUN_DEV(GIGABYTE, GNWB31N), 231 RUN_DEV(GIGABYTE, GNWB32L), 232 RUN_DEV(GIGABYTE, RT2870_1), 233 RUN_DEV(GIGASET, RT3070_1), 234 RUN_DEV(GIGASET, RT3070_2), 235 RUN_DEV(GUILLEMOT, HWNU300), 236 RUN_DEV(HAWKING, HWUN2), 237 RUN_DEV(HAWKING, RT2870_1), 238 RUN_DEV(HAWKING, RT2870_2), 239 RUN_DEV(HAWKING, RT3070), 240 RUN_DEV(IODATA, RT3072_1), 241 RUN_DEV(IODATA, RT3072_2), 242 RUN_DEV(IODATA, RT3072_3), 243 RUN_DEV(IODATA, RT3072_4), 244 RUN_DEV(LINKSYS4, RT3070), 245 RUN_DEV(LINKSYS4, WUSB100), 246 RUN_DEV(LINKSYS4, WUSB54GCV3), 247 RUN_DEV(LINKSYS4, WUSB600N), 248 RUN_DEV(LINKSYS4, WUSB600NV2), 249 RUN_DEV(LOGITEC, RT2870_1), 250 RUN_DEV(LOGITEC, RT2870_2), 251 RUN_DEV(LOGITEC, RT2870_3), 252 RUN_DEV(LOGITEC, LANW300NU2), 253 RUN_DEV(LOGITEC, LANW150NU2), 254 RUN_DEV(LOGITEC, LANW300NU2S), 255 RUN_DEV(MELCO, WLIUCG300HP), 256 RUN_DEV(MELCO, RT2870_2), 257 RUN_DEV(MELCO, WLIUCAG300N), 258 RUN_DEV(MELCO, WLIUCG300N), 259 RUN_DEV(MELCO, WLIUCG301N), 260 RUN_DEV(MELCO, WLIUCGN), 261 RUN_DEV(MELCO, WLIUCGNM), 262 RUN_DEV(MELCO, WLIUCG300HPV1), 263 RUN_DEV(MELCO, WLIUCGNM2), 264 RUN_DEV(MOTOROLA4, RT2770), 265 RUN_DEV(MOTOROLA4, RT3070), 266 RUN_DEV(MSI, RT3070_1), 267 RUN_DEV(MSI, RT3070_2), 268 RUN_DEV(MSI, RT3070_3), 269 RUN_DEV(MSI, RT3070_4), 270 RUN_DEV(MSI, RT3070_5), 271 RUN_DEV(MSI, RT3070_6), 272 RUN_DEV(MSI, RT3070_7), 273 RUN_DEV(MSI, RT3070_8), 274 RUN_DEV(MSI, RT3070_9), 275 RUN_DEV(MSI, RT3070_10), 276 RUN_DEV(MSI, RT3070_11), 277 RUN_DEV(NETGEAR, WNDA4100), 278 RUN_DEV(OVISLINK, RT3072), 279 RUN_DEV(PARA, RT3070), 280 RUN_DEV(PEGATRON, RT2870), 281 RUN_DEV(PEGATRON, RT3070), 282 RUN_DEV(PEGATRON, RT3070_2), 283 RUN_DEV(PEGATRON, RT3070_3), 284 RUN_DEV(PHILIPS, RT2870), 285 RUN_DEV(PLANEX2, GWUS300MINIS), 286 RUN_DEV(PLANEX2, GWUSMICRON), 287 RUN_DEV(PLANEX2, RT2870), 288 RUN_DEV(PLANEX2, RT3070), 289 RUN_DEV(QCOM, RT2870), 290 RUN_DEV(QUANTA, RT3070), 291 RUN_DEV(RALINK, RT2070), 292 RUN_DEV(RALINK, RT2770), 293 RUN_DEV(RALINK, RT2870), 294 RUN_DEV(RALINK, RT3070), 295 RUN_DEV(RALINK, RT3071), 296 RUN_DEV(RALINK, RT3072), 297 RUN_DEV(RALINK, RT3370), 298 RUN_DEV(RALINK, RT3572), 299 RUN_DEV(RALINK, RT3573), 300 RUN_DEV(RALINK, RT5370), 301 RUN_DEV(RALINK, RT5372), 302 RUN_DEV(RALINK, RT5572), 303 RUN_DEV(RALINK, RT8070), 304 RUN_DEV(SAMSUNG, WIS09ABGN), 305 RUN_DEV(SAMSUNG2, RT2870_1), 306 RUN_DEV(SENAO, RT2870_1), 307 RUN_DEV(SENAO, RT2870_2), 308 RUN_DEV(SENAO, RT2870_3), 309 RUN_DEV(SENAO, RT2870_4), 310 RUN_DEV(SENAO, RT3070), 311 RUN_DEV(SENAO, RT3071), 312 RUN_DEV(SENAO, RT3072_1), 313 RUN_DEV(SENAO, RT3072_2), 314 RUN_DEV(SENAO, RT3072_3), 315 RUN_DEV(SENAO, RT3072_4), 316 RUN_DEV(SENAO, RT3072_5), 317 RUN_DEV(SITECOMEU, RT2770), 318 RUN_DEV(SITECOMEU, RT2870_1), 319 RUN_DEV(SITECOMEU, RT2870_2), 320 RUN_DEV(SITECOMEU, RT2870_3), 321 RUN_DEV(SITECOMEU, RT2870_4), 322 RUN_DEV(SITECOMEU, RT3070), 323 RUN_DEV(SITECOMEU, RT3070_2), 324 RUN_DEV(SITECOMEU, RT3070_3), 325 RUN_DEV(SITECOMEU, RT3070_4), 326 RUN_DEV(SITECOMEU, RT3071), 327 RUN_DEV(SITECOMEU, RT3072_1), 328 RUN_DEV(SITECOMEU, RT3072_2), 329 RUN_DEV(SITECOMEU, RT3072_3), 330 RUN_DEV(SITECOMEU, RT3072_4), 331 RUN_DEV(SITECOMEU, RT3072_5), 332 RUN_DEV(SITECOMEU, RT3072_6), 333 RUN_DEV(SITECOMEU, WL608), 334 RUN_DEV(SPARKLAN, RT2870_1), 335 RUN_DEV(SPARKLAN, RT3070), 336 RUN_DEV(SWEEX2, LW153), 337 RUN_DEV(SWEEX2, LW303), 338 RUN_DEV(SWEEX2, LW313), 339 RUN_DEV(TOSHIBA, RT3070), 340 RUN_DEV(UMEDIA, RT2870_1), 341 RUN_DEV(ZCOM, RT2870_1), 342 RUN_DEV(ZCOM, RT2870_2), 343 RUN_DEV(ZINWELL, RT2870_1), 344 RUN_DEV(ZINWELL, RT2870_2), 345 RUN_DEV(ZINWELL, RT3070), 346 RUN_DEV(ZINWELL, RT3072_1), 347 RUN_DEV(ZINWELL, RT3072_2), 348 RUN_DEV(ZYXEL, RT2870_1), 349 RUN_DEV(ZYXEL, RT2870_2), 350 RUN_DEV(ZYXEL, RT3070), 351 RUN_DEV_EJECT(ZYXEL, NWD2705), 352 RUN_DEV_EJECT(RALINK, RT_STOR), 353 #undef RUN_DEV_EJECT 354 #undef RUN_DEV 355 }; 356 357 static device_probe_t run_match; 358 static device_attach_t run_attach; 359 static device_detach_t run_detach; 360 361 static usb_callback_t run_bulk_rx_callback; 362 static usb_callback_t run_bulk_tx_callback0; 363 static usb_callback_t run_bulk_tx_callback1; 364 static usb_callback_t run_bulk_tx_callback2; 365 static usb_callback_t run_bulk_tx_callback3; 366 static usb_callback_t run_bulk_tx_callback4; 367 static usb_callback_t run_bulk_tx_callback5; 368 369 static void run_autoinst(void *, struct usb_device *, 370 struct usb_attach_arg *); 371 static int run_driver_loaded(struct module *, int, void *); 372 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 373 usb_error_t error, u_int index); 374 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 375 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 376 const uint8_t [IEEE80211_ADDR_LEN], 377 const uint8_t [IEEE80211_ADDR_LEN]); 378 static void run_vap_delete(struct ieee80211vap *); 379 static void run_cmdq_cb(void *, int); 380 static void run_setup_tx_list(struct run_softc *, 381 struct run_endpoint_queue *); 382 static void run_unsetup_tx_list(struct run_softc *, 383 struct run_endpoint_queue *); 384 static int run_load_microcode(struct run_softc *); 385 static int run_reset(struct run_softc *); 386 static usb_error_t run_do_request(struct run_softc *, 387 struct usb_device_request *, void *); 388 static int run_read(struct run_softc *, uint16_t, uint32_t *); 389 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 390 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 391 static int run_write(struct run_softc *, uint16_t, uint32_t); 392 static int run_write_region_1(struct run_softc *, uint16_t, 393 const uint8_t *, int); 394 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 395 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 396 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 397 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 398 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 399 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 400 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 401 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 402 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 403 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 404 static const char *run_get_rf(uint16_t); 405 static void run_rt3593_get_txpower(struct run_softc *); 406 static void run_get_txpower(struct run_softc *); 407 static int run_read_eeprom(struct run_softc *); 408 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 409 const uint8_t mac[IEEE80211_ADDR_LEN]); 410 static int run_media_change(struct ifnet *); 411 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 412 static int run_wme_update(struct ieee80211com *); 413 static void run_key_set_cb(void *); 414 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *); 415 static void run_key_delete_cb(void *); 416 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 417 static void run_ratectl_to(void *); 418 static void run_ratectl_cb(void *, int); 419 static void run_drain_fifo(void *); 420 static void run_iter_func(void *, struct ieee80211_node *); 421 static void run_newassoc_cb(void *); 422 static void run_newassoc(struct ieee80211_node *, int); 423 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, 424 const struct ieee80211_rx_stats *, int, int); 425 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 426 static void run_tx_free(struct run_endpoint_queue *pq, 427 struct run_tx_data *, int); 428 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 429 static int run_tx(struct run_softc *, struct mbuf *, 430 struct ieee80211_node *); 431 static int run_tx_mgt(struct run_softc *, struct mbuf *, 432 struct ieee80211_node *); 433 static int run_sendprot(struct run_softc *, const struct mbuf *, 434 struct ieee80211_node *, int, int); 435 static int run_tx_param(struct run_softc *, struct mbuf *, 436 struct ieee80211_node *, 437 const struct ieee80211_bpf_params *); 438 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 439 const struct ieee80211_bpf_params *); 440 static int run_transmit(struct ieee80211com *, struct mbuf *); 441 static void run_start(struct run_softc *); 442 static void run_parent(struct ieee80211com *); 443 static void run_iq_calib(struct run_softc *, u_int); 444 static void run_set_agc(struct run_softc *, uint8_t); 445 static void run_select_chan_group(struct run_softc *, int); 446 static void run_set_rx_antenna(struct run_softc *, int); 447 static void run_rt2870_set_chan(struct run_softc *, u_int); 448 static void run_rt3070_set_chan(struct run_softc *, u_int); 449 static void run_rt3572_set_chan(struct run_softc *, u_int); 450 static void run_rt3593_set_chan(struct run_softc *, u_int); 451 static void run_rt5390_set_chan(struct run_softc *, u_int); 452 static void run_rt5592_set_chan(struct run_softc *, u_int); 453 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 454 static void run_set_channel(struct ieee80211com *); 455 static void run_getradiocaps(struct ieee80211com *, int, int *, 456 struct ieee80211_channel[]); 457 static void run_scan_start(struct ieee80211com *); 458 static void run_scan_end(struct ieee80211com *); 459 static void run_update_beacon(struct ieee80211vap *, int); 460 static void run_update_beacon_cb(void *); 461 static void run_updateprot(struct ieee80211com *); 462 static void run_updateprot_cb(void *); 463 static void run_usb_timeout_cb(void *); 464 static void run_reset_livelock(struct run_softc *); 465 static void run_enable_tsf_sync(struct run_softc *); 466 static void run_enable_tsf(struct run_softc *); 467 static void run_disable_tsf(struct run_softc *); 468 static void run_get_tsf(struct run_softc *, uint64_t *); 469 static void run_enable_mrr(struct run_softc *); 470 static void run_set_txpreamble(struct run_softc *); 471 static void run_set_basicrates(struct run_softc *); 472 static void run_set_leds(struct run_softc *, uint16_t); 473 static void run_set_bssid(struct run_softc *, const uint8_t *); 474 static void run_set_macaddr(struct run_softc *, const uint8_t *); 475 static void run_updateslot(struct ieee80211com *); 476 static void run_updateslot_cb(void *); 477 static void run_update_mcast(struct ieee80211com *); 478 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 479 static void run_update_promisc_locked(struct run_softc *); 480 static void run_update_promisc(struct ieee80211com *); 481 static void run_rt5390_bbp_init(struct run_softc *); 482 static int run_bbp_init(struct run_softc *); 483 static int run_rt3070_rf_init(struct run_softc *); 484 static void run_rt3593_rf_init(struct run_softc *); 485 static void run_rt5390_rf_init(struct run_softc *); 486 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 487 uint8_t *); 488 static void run_rt3070_rf_setup(struct run_softc *); 489 static void run_rt3593_rf_setup(struct run_softc *); 490 static void run_rt5390_rf_setup(struct run_softc *); 491 static int run_txrx_enable(struct run_softc *); 492 static void run_adjust_freq_offset(struct run_softc *); 493 static void run_init_locked(struct run_softc *); 494 static void run_stop(void *); 495 static void run_delay(struct run_softc *, u_int); 496 497 static eventhandler_tag run_etag; 498 499 static const struct rt2860_rate { 500 uint8_t rate; 501 uint8_t mcs; 502 enum ieee80211_phytype phy; 503 uint8_t ctl_ridx; 504 uint16_t sp_ack_dur; 505 uint16_t lp_ack_dur; 506 } rt2860_rates[] = { 507 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 508 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 509 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 510 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 511 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 512 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 513 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 514 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 515 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 516 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 517 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 518 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 519 }; 520 521 static const struct { 522 uint16_t reg; 523 uint32_t val; 524 } rt2870_def_mac[] = { 525 RT2870_DEF_MAC 526 }; 527 528 static const struct { 529 uint8_t reg; 530 uint8_t val; 531 } rt2860_def_bbp[] = { 532 RT2860_DEF_BBP 533 },rt5390_def_bbp[] = { 534 RT5390_DEF_BBP 535 },rt5592_def_bbp[] = { 536 RT5592_DEF_BBP 537 }; 538 539 /* 540 * Default values for BBP register R196 for RT5592. 541 */ 542 static const uint8_t rt5592_bbp_r196[] = { 543 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 544 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 545 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 546 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 547 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 548 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 549 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 550 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 551 0x2e, 0x36, 0x30, 0x6e 552 }; 553 554 static const struct rfprog { 555 uint8_t chan; 556 uint32_t r1, r2, r3, r4; 557 } rt2860_rf2850[] = { 558 RT2860_RF2850 559 }; 560 561 struct { 562 uint8_t n, r, k; 563 } rt3070_freqs[] = { 564 RT3070_RF3052 565 }; 566 567 static const struct rt5592_freqs { 568 uint16_t n; 569 uint8_t k, m, r; 570 } rt5592_freqs_20mhz[] = { 571 RT5592_RF5592_20MHZ 572 },rt5592_freqs_40mhz[] = { 573 RT5592_RF5592_40MHZ 574 }; 575 576 static const struct { 577 uint8_t reg; 578 uint8_t val; 579 } rt3070_def_rf[] = { 580 RT3070_DEF_RF 581 },rt3572_def_rf[] = { 582 RT3572_DEF_RF 583 },rt3593_def_rf[] = { 584 RT3593_DEF_RF 585 },rt5390_def_rf[] = { 586 RT5390_DEF_RF 587 },rt5392_def_rf[] = { 588 RT5392_DEF_RF 589 },rt5592_def_rf[] = { 590 RT5592_DEF_RF 591 },rt5592_2ghz_def_rf[] = { 592 RT5592_2GHZ_DEF_RF 593 },rt5592_5ghz_def_rf[] = { 594 RT5592_5GHZ_DEF_RF 595 }; 596 597 static const struct { 598 u_int firstchan; 599 u_int lastchan; 600 uint8_t reg; 601 uint8_t val; 602 } rt5592_chan_5ghz[] = { 603 RT5592_CHAN_5GHZ 604 }; 605 606 static const struct usb_config run_config[RUN_N_XFER] = { 607 [RUN_BULK_TX_BE] = { 608 .type = UE_BULK, 609 .endpoint = UE_ADDR_ANY, 610 .ep_index = 0, 611 .direction = UE_DIR_OUT, 612 .bufsize = RUN_MAX_TXSZ, 613 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 614 .callback = run_bulk_tx_callback0, 615 .timeout = 5000, /* ms */ 616 }, 617 [RUN_BULK_TX_BK] = { 618 .type = UE_BULK, 619 .endpoint = UE_ADDR_ANY, 620 .direction = UE_DIR_OUT, 621 .ep_index = 1, 622 .bufsize = RUN_MAX_TXSZ, 623 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 624 .callback = run_bulk_tx_callback1, 625 .timeout = 5000, /* ms */ 626 }, 627 [RUN_BULK_TX_VI] = { 628 .type = UE_BULK, 629 .endpoint = UE_ADDR_ANY, 630 .direction = UE_DIR_OUT, 631 .ep_index = 2, 632 .bufsize = RUN_MAX_TXSZ, 633 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 634 .callback = run_bulk_tx_callback2, 635 .timeout = 5000, /* ms */ 636 }, 637 [RUN_BULK_TX_VO] = { 638 .type = UE_BULK, 639 .endpoint = UE_ADDR_ANY, 640 .direction = UE_DIR_OUT, 641 .ep_index = 3, 642 .bufsize = RUN_MAX_TXSZ, 643 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 644 .callback = run_bulk_tx_callback3, 645 .timeout = 5000, /* ms */ 646 }, 647 [RUN_BULK_TX_HCCA] = { 648 .type = UE_BULK, 649 .endpoint = UE_ADDR_ANY, 650 .direction = UE_DIR_OUT, 651 .ep_index = 4, 652 .bufsize = RUN_MAX_TXSZ, 653 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 654 .callback = run_bulk_tx_callback4, 655 .timeout = 5000, /* ms */ 656 }, 657 [RUN_BULK_TX_PRIO] = { 658 .type = UE_BULK, 659 .endpoint = UE_ADDR_ANY, 660 .direction = UE_DIR_OUT, 661 .ep_index = 5, 662 .bufsize = RUN_MAX_TXSZ, 663 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 664 .callback = run_bulk_tx_callback5, 665 .timeout = 5000, /* ms */ 666 }, 667 [RUN_BULK_RX] = { 668 .type = UE_BULK, 669 .endpoint = UE_ADDR_ANY, 670 .direction = UE_DIR_IN, 671 .bufsize = RUN_MAX_RXSZ, 672 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 673 .callback = run_bulk_rx_callback, 674 } 675 }; 676 677 static void 678 run_autoinst(void *arg, struct usb_device *udev, 679 struct usb_attach_arg *uaa) 680 { 681 struct usb_interface *iface; 682 struct usb_interface_descriptor *id; 683 684 if (uaa->dev_state != UAA_DEV_READY) 685 return; 686 687 iface = usbd_get_iface(udev, 0); 688 if (iface == NULL) 689 return; 690 id = iface->idesc; 691 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 692 return; 693 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 694 return; 695 696 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 697 uaa->dev_state = UAA_DEV_EJECTING; 698 } 699 700 static int 701 run_driver_loaded(struct module *mod, int what, void *arg) 702 { 703 switch (what) { 704 case MOD_LOAD: 705 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 706 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 707 break; 708 case MOD_UNLOAD: 709 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 710 break; 711 default: 712 return (EOPNOTSUPP); 713 } 714 return (0); 715 } 716 717 static int 718 run_match(device_t self) 719 { 720 struct usb_attach_arg *uaa = device_get_ivars(self); 721 722 if (uaa->usb_mode != USB_MODE_HOST) 723 return (ENXIO); 724 if (uaa->info.bConfigIndex != 0) 725 return (ENXIO); 726 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 727 return (ENXIO); 728 729 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 730 } 731 732 static int 733 run_attach(device_t self) 734 { 735 struct run_softc *sc = device_get_softc(self); 736 struct usb_attach_arg *uaa = device_get_ivars(self); 737 struct ieee80211com *ic = &sc->sc_ic; 738 uint32_t ver; 739 uint8_t iface_index; 740 int ntries, error; 741 742 device_set_usb_desc(self); 743 sc->sc_udev = uaa->device; 744 sc->sc_dev = self; 745 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 746 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 747 748 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 749 MTX_NETWORK_LOCK, MTX_DEF); 750 mbufq_init(&sc->sc_snd, ifqmaxlen); 751 752 iface_index = RT2860_IFACE_INDEX; 753 754 error = usbd_transfer_setup(uaa->device, &iface_index, 755 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 756 if (error) { 757 device_printf(self, "could not allocate USB transfers, " 758 "err=%s\n", usbd_errstr(error)); 759 goto detach; 760 } 761 762 RUN_LOCK(sc); 763 764 /* wait for the chip to settle */ 765 for (ntries = 0; ntries < 100; ntries++) { 766 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 767 RUN_UNLOCK(sc); 768 goto detach; 769 } 770 if (ver != 0 && ver != 0xffffffff) 771 break; 772 run_delay(sc, 10); 773 } 774 if (ntries == 100) { 775 device_printf(sc->sc_dev, 776 "timeout waiting for NIC to initialize\n"); 777 RUN_UNLOCK(sc); 778 goto detach; 779 } 780 sc->mac_ver = ver >> 16; 781 sc->mac_rev = ver & 0xffff; 782 783 /* retrieve RF rev. no and various other things from EEPROM */ 784 run_read_eeprom(sc); 785 786 device_printf(sc->sc_dev, 787 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 788 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 789 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr)); 790 791 RUN_UNLOCK(sc); 792 793 ic->ic_softc = sc; 794 ic->ic_name = device_get_nameunit(self); 795 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 796 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 797 798 /* set device capabilities */ 799 ic->ic_caps = 800 IEEE80211_C_STA | /* station mode supported */ 801 IEEE80211_C_MONITOR | /* monitor mode supported */ 802 IEEE80211_C_IBSS | 803 IEEE80211_C_HOSTAP | 804 IEEE80211_C_WDS | /* 4-address traffic works */ 805 IEEE80211_C_MBSS | 806 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 807 IEEE80211_C_SHSLOT | /* short slot time supported */ 808 IEEE80211_C_WME | /* WME */ 809 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 810 811 ic->ic_cryptocaps = 812 IEEE80211_CRYPTO_WEP | 813 IEEE80211_CRYPTO_AES_CCM | 814 IEEE80211_CRYPTO_TKIPMIC | 815 IEEE80211_CRYPTO_TKIP; 816 817 ic->ic_flags |= IEEE80211_F_DATAPAD; 818 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 819 820 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, 821 ic->ic_channels); 822 823 ieee80211_ifattach(ic); 824 825 ic->ic_scan_start = run_scan_start; 826 ic->ic_scan_end = run_scan_end; 827 ic->ic_set_channel = run_set_channel; 828 ic->ic_getradiocaps = run_getradiocaps; 829 ic->ic_node_alloc = run_node_alloc; 830 ic->ic_newassoc = run_newassoc; 831 ic->ic_updateslot = run_updateslot; 832 ic->ic_update_mcast = run_update_mcast; 833 ic->ic_wme.wme_update = run_wme_update; 834 ic->ic_raw_xmit = run_raw_xmit; 835 ic->ic_update_promisc = run_update_promisc; 836 ic->ic_vap_create = run_vap_create; 837 ic->ic_vap_delete = run_vap_delete; 838 ic->ic_transmit = run_transmit; 839 ic->ic_parent = run_parent; 840 841 ieee80211_radiotap_attach(ic, 842 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 843 RUN_TX_RADIOTAP_PRESENT, 844 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 845 RUN_RX_RADIOTAP_PRESENT); 846 847 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 848 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 849 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 850 851 if (bootverbose) 852 ieee80211_announce(ic); 853 854 return (0); 855 856 detach: 857 run_detach(self); 858 return (ENXIO); 859 } 860 861 static void 862 run_drain_mbufq(struct run_softc *sc) 863 { 864 struct mbuf *m; 865 struct ieee80211_node *ni; 866 867 RUN_LOCK_ASSERT(sc, MA_OWNED); 868 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 869 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 870 m->m_pkthdr.rcvif = NULL; 871 ieee80211_free_node(ni); 872 m_freem(m); 873 } 874 } 875 876 static int 877 run_detach(device_t self) 878 { 879 struct run_softc *sc = device_get_softc(self); 880 struct ieee80211com *ic = &sc->sc_ic; 881 int i; 882 883 RUN_LOCK(sc); 884 sc->sc_detached = 1; 885 RUN_UNLOCK(sc); 886 887 /* stop all USB transfers */ 888 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 889 890 RUN_LOCK(sc); 891 sc->ratectl_run = RUN_RATECTL_OFF; 892 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 893 894 /* free TX list, if any */ 895 for (i = 0; i != RUN_EP_QUEUES; i++) 896 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 897 898 /* Free TX queue */ 899 run_drain_mbufq(sc); 900 RUN_UNLOCK(sc); 901 902 if (sc->sc_ic.ic_softc == sc) { 903 /* drain tasks */ 904 usb_callout_drain(&sc->ratectl_ch); 905 ieee80211_draintask(ic, &sc->cmdq_task); 906 ieee80211_draintask(ic, &sc->ratectl_task); 907 ieee80211_ifdetach(ic); 908 } 909 910 mtx_destroy(&sc->sc_mtx); 911 912 return (0); 913 } 914 915 static struct ieee80211vap * 916 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 917 enum ieee80211_opmode opmode, int flags, 918 const uint8_t bssid[IEEE80211_ADDR_LEN], 919 const uint8_t mac[IEEE80211_ADDR_LEN]) 920 { 921 struct run_softc *sc = ic->ic_softc; 922 struct run_vap *rvp; 923 struct ieee80211vap *vap; 924 int i; 925 926 if (sc->rvp_cnt >= RUN_VAP_MAX) { 927 device_printf(sc->sc_dev, "number of VAPs maxed out\n"); 928 return (NULL); 929 } 930 931 switch (opmode) { 932 case IEEE80211_M_STA: 933 /* enable s/w bmiss handling for sta mode */ 934 flags |= IEEE80211_CLONE_NOBEACONS; 935 /* fall though */ 936 case IEEE80211_M_IBSS: 937 case IEEE80211_M_MONITOR: 938 case IEEE80211_M_HOSTAP: 939 case IEEE80211_M_MBSS: 940 /* other than WDS vaps, only one at a time */ 941 if (!TAILQ_EMPTY(&ic->ic_vaps)) 942 return (NULL); 943 break; 944 case IEEE80211_M_WDS: 945 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 946 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 947 continue; 948 /* WDS vap's always share the local mac address. */ 949 flags &= ~IEEE80211_CLONE_BSSID; 950 break; 951 } 952 if (vap == NULL) { 953 device_printf(sc->sc_dev, 954 "wds only supported in ap mode\n"); 955 return (NULL); 956 } 957 break; 958 default: 959 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode); 960 return (NULL); 961 } 962 963 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO); 964 vap = &rvp->vap; 965 966 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, 967 bssid) != 0) { 968 /* out of memory */ 969 free(rvp, M_80211_VAP); 970 return (NULL); 971 } 972 973 vap->iv_update_beacon = run_update_beacon; 974 vap->iv_max_aid = RT2870_WCID_MAX; 975 /* 976 * To delete the right key from h/w, we need wcid. 977 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 978 * and matching wcid will be written into there. So, cast 979 * some spells to remove 'const' from ieee80211_key{} 980 */ 981 vap->iv_key_delete = (void *)run_key_delete; 982 vap->iv_key_set = (void *)run_key_set; 983 984 /* override state transition machine */ 985 rvp->newstate = vap->iv_newstate; 986 vap->iv_newstate = run_newstate; 987 if (opmode == IEEE80211_M_IBSS) { 988 rvp->recv_mgmt = vap->iv_recv_mgmt; 989 vap->iv_recv_mgmt = run_recv_mgmt; 990 } 991 992 ieee80211_ratectl_init(vap); 993 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 994 995 /* complete setup */ 996 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status, 997 mac); 998 999 /* make sure id is always unique */ 1000 for (i = 0; i < RUN_VAP_MAX; i++) { 1001 if((sc->rvp_bmap & 1 << i) == 0){ 1002 sc->rvp_bmap |= 1 << i; 1003 rvp->rvp_id = i; 1004 break; 1005 } 1006 } 1007 if (sc->rvp_cnt++ == 0) 1008 ic->ic_opmode = opmode; 1009 1010 if (opmode == IEEE80211_M_HOSTAP) 1011 sc->cmdq_run = RUN_CMDQ_GO; 1012 1013 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n", 1014 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1015 1016 return (vap); 1017 } 1018 1019 static void 1020 run_vap_delete(struct ieee80211vap *vap) 1021 { 1022 struct run_vap *rvp = RUN_VAP(vap); 1023 struct ieee80211com *ic; 1024 struct run_softc *sc; 1025 uint8_t rvp_id; 1026 1027 if (vap == NULL) 1028 return; 1029 1030 ic = vap->iv_ic; 1031 sc = ic->ic_softc; 1032 1033 RUN_LOCK(sc); 1034 1035 m_freem(rvp->beacon_mbuf); 1036 rvp->beacon_mbuf = NULL; 1037 1038 rvp_id = rvp->rvp_id; 1039 sc->ratectl_run &= ~(1 << rvp_id); 1040 sc->rvp_bmap &= ~(1 << rvp_id); 1041 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1042 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1043 --sc->rvp_cnt; 1044 1045 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 1046 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1047 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1048 1049 RUN_UNLOCK(sc); 1050 1051 ieee80211_ratectl_deinit(vap); 1052 ieee80211_vap_detach(vap); 1053 free(rvp, M_80211_VAP); 1054 } 1055 1056 /* 1057 * There are numbers of functions need to be called in context thread. 1058 * Rather than creating taskqueue event for each of those functions, 1059 * here is all-for-one taskqueue callback function. This function 1060 * guarantees deferred functions are executed in the same order they 1061 * were enqueued. 1062 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1063 */ 1064 static void 1065 run_cmdq_cb(void *arg, int pending) 1066 { 1067 struct run_softc *sc = arg; 1068 uint8_t i; 1069 1070 /* call cmdq[].func locked */ 1071 RUN_LOCK(sc); 1072 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1073 i = sc->cmdq_exec, pending--) { 1074 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n", 1075 i, pending); 1076 if (sc->cmdq_run == RUN_CMDQ_GO) { 1077 /* 1078 * If arg0 is NULL, callback func needs more 1079 * than one arg. So, pass ptr to cmdq struct. 1080 */ 1081 if (sc->cmdq[i].arg0) 1082 sc->cmdq[i].func(sc->cmdq[i].arg0); 1083 else 1084 sc->cmdq[i].func(&sc->cmdq[i]); 1085 } 1086 sc->cmdq[i].arg0 = NULL; 1087 sc->cmdq[i].func = NULL; 1088 sc->cmdq_exec++; 1089 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1090 } 1091 RUN_UNLOCK(sc); 1092 } 1093 1094 static void 1095 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1096 { 1097 struct run_tx_data *data; 1098 1099 memset(pq, 0, sizeof(*pq)); 1100 1101 STAILQ_INIT(&pq->tx_qh); 1102 STAILQ_INIT(&pq->tx_fh); 1103 1104 for (data = &pq->tx_data[0]; 1105 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1106 data->sc = sc; 1107 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1108 } 1109 pq->tx_nfree = RUN_TX_RING_COUNT; 1110 } 1111 1112 static void 1113 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1114 { 1115 struct run_tx_data *data; 1116 1117 /* make sure any subsequent use of the queues will fail */ 1118 pq->tx_nfree = 0; 1119 STAILQ_INIT(&pq->tx_fh); 1120 STAILQ_INIT(&pq->tx_qh); 1121 1122 /* free up all node references and mbufs */ 1123 for (data = &pq->tx_data[0]; 1124 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1125 if (data->m != NULL) { 1126 m_freem(data->m); 1127 data->m = NULL; 1128 } 1129 if (data->ni != NULL) { 1130 ieee80211_free_node(data->ni); 1131 data->ni = NULL; 1132 } 1133 } 1134 } 1135 1136 static int 1137 run_load_microcode(struct run_softc *sc) 1138 { 1139 usb_device_request_t req; 1140 const struct firmware *fw; 1141 const u_char *base; 1142 uint32_t tmp; 1143 int ntries, error; 1144 const uint64_t *temp; 1145 uint64_t bytes; 1146 1147 RUN_UNLOCK(sc); 1148 fw = firmware_get("runfw"); 1149 RUN_LOCK(sc); 1150 if (fw == NULL) { 1151 device_printf(sc->sc_dev, 1152 "failed loadfirmware of file %s\n", "runfw"); 1153 return ENOENT; 1154 } 1155 1156 if (fw->datasize != 8192) { 1157 device_printf(sc->sc_dev, 1158 "invalid firmware size (should be 8KB)\n"); 1159 error = EINVAL; 1160 goto fail; 1161 } 1162 1163 /* 1164 * RT3071/RT3072 use a different firmware 1165 * run-rt2870 (8KB) contains both, 1166 * first half (4KB) is for rt2870, 1167 * last half is for rt3071. 1168 */ 1169 base = fw->data; 1170 if ((sc->mac_ver) != 0x2860 && 1171 (sc->mac_ver) != 0x2872 && 1172 (sc->mac_ver) != 0x3070) { 1173 base += 4096; 1174 } 1175 1176 /* cheap sanity check */ 1177 temp = fw->data; 1178 bytes = *temp; 1179 if (bytes != be64toh(0xffffff0210280210ULL)) { 1180 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1181 error = EINVAL; 1182 goto fail; 1183 } 1184 1185 /* write microcode image */ 1186 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1187 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1188 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1189 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1190 } 1191 1192 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1193 req.bRequest = RT2870_RESET; 1194 USETW(req.wValue, 8); 1195 USETW(req.wIndex, 0); 1196 USETW(req.wLength, 0); 1197 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1198 != 0) { 1199 device_printf(sc->sc_dev, "firmware reset failed\n"); 1200 goto fail; 1201 } 1202 1203 run_delay(sc, 10); 1204 1205 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1206 run_write(sc, RT2860_H2M_MAILBOX, 0); 1207 run_write(sc, RT2860_H2M_INTSRC, 0); 1208 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1209 goto fail; 1210 1211 /* wait until microcontroller is ready */ 1212 for (ntries = 0; ntries < 1000; ntries++) { 1213 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1214 goto fail; 1215 if (tmp & RT2860_MCU_READY) 1216 break; 1217 run_delay(sc, 10); 1218 } 1219 if (ntries == 1000) { 1220 device_printf(sc->sc_dev, 1221 "timeout waiting for MCU to initialize\n"); 1222 error = ETIMEDOUT; 1223 goto fail; 1224 } 1225 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1226 (base == fw->data) ? "RT2870" : "RT3071", 1227 *(base + 4092), *(base + 4093)); 1228 1229 fail: 1230 firmware_put(fw, FIRMWARE_UNLOAD); 1231 return (error); 1232 } 1233 1234 static int 1235 run_reset(struct run_softc *sc) 1236 { 1237 usb_device_request_t req; 1238 1239 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1240 req.bRequest = RT2870_RESET; 1241 USETW(req.wValue, 1); 1242 USETW(req.wIndex, 0); 1243 USETW(req.wLength, 0); 1244 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1245 } 1246 1247 static usb_error_t 1248 run_do_request(struct run_softc *sc, 1249 struct usb_device_request *req, void *data) 1250 { 1251 usb_error_t err; 1252 int ntries = 10; 1253 1254 RUN_LOCK_ASSERT(sc, MA_OWNED); 1255 1256 while (ntries--) { 1257 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1258 req, data, 0, NULL, 250 /* ms */); 1259 if (err == 0) 1260 break; 1261 RUN_DPRINTF(sc, RUN_DEBUG_USB, 1262 "Control request failed, %s (retrying)\n", 1263 usbd_errstr(err)); 1264 run_delay(sc, 10); 1265 } 1266 return (err); 1267 } 1268 1269 static int 1270 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1271 { 1272 uint32_t tmp; 1273 int error; 1274 1275 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1276 if (error == 0) 1277 *val = le32toh(tmp); 1278 else 1279 *val = 0xffffffff; 1280 return (error); 1281 } 1282 1283 static int 1284 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1285 { 1286 usb_device_request_t req; 1287 1288 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1289 req.bRequest = RT2870_READ_REGION_1; 1290 USETW(req.wValue, 0); 1291 USETW(req.wIndex, reg); 1292 USETW(req.wLength, len); 1293 1294 return (run_do_request(sc, &req, buf)); 1295 } 1296 1297 static int 1298 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1299 { 1300 usb_device_request_t req; 1301 1302 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1303 req.bRequest = RT2870_WRITE_2; 1304 USETW(req.wValue, val); 1305 USETW(req.wIndex, reg); 1306 USETW(req.wLength, 0); 1307 1308 return (run_do_request(sc, &req, NULL)); 1309 } 1310 1311 static int 1312 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1313 { 1314 int error; 1315 1316 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1317 error = run_write_2(sc, reg + 2, val >> 16); 1318 return (error); 1319 } 1320 1321 static int 1322 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1323 int len) 1324 { 1325 #if 1 1326 int i, error = 0; 1327 /* 1328 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1329 * We thus issue multiple WRITE_2 commands instead. 1330 */ 1331 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1332 for (i = 0; i < len && error == 0; i += 2) 1333 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1334 return (error); 1335 #else 1336 usb_device_request_t req; 1337 int error = 0; 1338 1339 /* 1340 * NOTE: It appears the WRITE_REGION_1 command cannot be 1341 * passed a huge amount of data, which will crash the 1342 * firmware. Limit amount of data passed to 64-bytes at a 1343 * time. 1344 */ 1345 while (len > 0) { 1346 int delta = 64; 1347 if (delta > len) 1348 delta = len; 1349 1350 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1351 req.bRequest = RT2870_WRITE_REGION_1; 1352 USETW(req.wValue, 0); 1353 USETW(req.wIndex, reg); 1354 USETW(req.wLength, delta); 1355 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1356 if (error != 0) 1357 break; 1358 reg += delta; 1359 buf += delta; 1360 len -= delta; 1361 } 1362 return (error); 1363 #endif 1364 } 1365 1366 static int 1367 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1368 { 1369 int i, error = 0; 1370 1371 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1372 for (i = 0; i < len && error == 0; i += 4) 1373 error = run_write(sc, reg + i, val); 1374 return (error); 1375 } 1376 1377 static int 1378 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1379 { 1380 uint32_t tmp; 1381 uint16_t reg; 1382 int error, ntries; 1383 1384 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1385 return (error); 1386 1387 if (count == 2) 1388 addr *= 2; 1389 /*- 1390 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1391 * DATA0: F E D C 1392 * DATA1: B A 9 8 1393 * DATA2: 7 6 5 4 1394 * DATA3: 3 2 1 0 1395 */ 1396 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1397 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1398 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1399 for (ntries = 0; ntries < 100; ntries++) { 1400 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1401 return (error); 1402 if (!(tmp & RT3070_EFSROM_KICK)) 1403 break; 1404 run_delay(sc, 2); 1405 } 1406 if (ntries == 100) 1407 return (ETIMEDOUT); 1408 1409 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1410 *val = 0xffff; /* address not found */ 1411 return (0); 1412 } 1413 /* determine to which 32-bit register our 16-bit word belongs */ 1414 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1415 if ((error = run_read(sc, reg, &tmp)) != 0) 1416 return (error); 1417 1418 tmp >>= (8 * (addr & 0x3)); 1419 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1420 1421 return (0); 1422 } 1423 1424 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1425 static int 1426 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1427 { 1428 return (run_efuse_read(sc, addr, val, 2)); 1429 } 1430 1431 static int 1432 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1433 { 1434 usb_device_request_t req; 1435 uint16_t tmp; 1436 int error; 1437 1438 addr *= 2; 1439 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1440 req.bRequest = RT2870_EEPROM_READ; 1441 USETW(req.wValue, 0); 1442 USETW(req.wIndex, addr); 1443 USETW(req.wLength, sizeof(tmp)); 1444 1445 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1446 if (error == 0) 1447 *val = le16toh(tmp); 1448 else 1449 *val = 0xffff; 1450 return (error); 1451 } 1452 1453 static __inline int 1454 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1455 { 1456 /* either eFUSE ROM or EEPROM */ 1457 return sc->sc_srom_read(sc, addr, val); 1458 } 1459 1460 static int 1461 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1462 { 1463 uint32_t tmp; 1464 int error, ntries; 1465 1466 for (ntries = 0; ntries < 10; ntries++) { 1467 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1468 return (error); 1469 if (!(tmp & RT2860_RF_REG_CTRL)) 1470 break; 1471 } 1472 if (ntries == 10) 1473 return (ETIMEDOUT); 1474 1475 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1476 } 1477 1478 static int 1479 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1480 { 1481 uint32_t tmp; 1482 int error, ntries; 1483 1484 for (ntries = 0; ntries < 100; ntries++) { 1485 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1486 return (error); 1487 if (!(tmp & RT3070_RF_KICK)) 1488 break; 1489 } 1490 if (ntries == 100) 1491 return (ETIMEDOUT); 1492 1493 tmp = RT3070_RF_KICK | reg << 8; 1494 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1495 return (error); 1496 1497 for (ntries = 0; ntries < 100; ntries++) { 1498 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1499 return (error); 1500 if (!(tmp & RT3070_RF_KICK)) 1501 break; 1502 } 1503 if (ntries == 100) 1504 return (ETIMEDOUT); 1505 1506 *val = tmp & 0xff; 1507 return (0); 1508 } 1509 1510 static int 1511 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1512 { 1513 uint32_t tmp; 1514 int error, ntries; 1515 1516 for (ntries = 0; ntries < 10; ntries++) { 1517 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1518 return (error); 1519 if (!(tmp & RT3070_RF_KICK)) 1520 break; 1521 } 1522 if (ntries == 10) 1523 return (ETIMEDOUT); 1524 1525 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1526 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1527 } 1528 1529 static int 1530 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1531 { 1532 uint32_t tmp; 1533 int ntries, error; 1534 1535 for (ntries = 0; ntries < 10; ntries++) { 1536 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1537 return (error); 1538 if (!(tmp & RT2860_BBP_CSR_KICK)) 1539 break; 1540 } 1541 if (ntries == 10) 1542 return (ETIMEDOUT); 1543 1544 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1545 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1546 return (error); 1547 1548 for (ntries = 0; ntries < 10; ntries++) { 1549 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1550 return (error); 1551 if (!(tmp & RT2860_BBP_CSR_KICK)) 1552 break; 1553 } 1554 if (ntries == 10) 1555 return (ETIMEDOUT); 1556 1557 *val = tmp & 0xff; 1558 return (0); 1559 } 1560 1561 static int 1562 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1563 { 1564 uint32_t tmp; 1565 int ntries, error; 1566 1567 for (ntries = 0; ntries < 10; ntries++) { 1568 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1569 return (error); 1570 if (!(tmp & RT2860_BBP_CSR_KICK)) 1571 break; 1572 } 1573 if (ntries == 10) 1574 return (ETIMEDOUT); 1575 1576 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1577 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1578 } 1579 1580 /* 1581 * Send a command to the 8051 microcontroller unit. 1582 */ 1583 static int 1584 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1585 { 1586 uint32_t tmp; 1587 int error, ntries; 1588 1589 for (ntries = 0; ntries < 100; ntries++) { 1590 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1591 return error; 1592 if (!(tmp & RT2860_H2M_BUSY)) 1593 break; 1594 } 1595 if (ntries == 100) 1596 return ETIMEDOUT; 1597 1598 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1599 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1600 error = run_write(sc, RT2860_HOST_CMD, cmd); 1601 return (error); 1602 } 1603 1604 /* 1605 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1606 * Used to adjust per-rate Tx power registers. 1607 */ 1608 static __inline uint32_t 1609 b4inc(uint32_t b32, int8_t delta) 1610 { 1611 int8_t i, b4; 1612 1613 for (i = 0; i < 8; i++) { 1614 b4 = b32 & 0xf; 1615 b4 += delta; 1616 if (b4 < 0) 1617 b4 = 0; 1618 else if (b4 > 0xf) 1619 b4 = 0xf; 1620 b32 = b32 >> 4 | b4 << 28; 1621 } 1622 return (b32); 1623 } 1624 1625 static const char * 1626 run_get_rf(uint16_t rev) 1627 { 1628 switch (rev) { 1629 case RT2860_RF_2820: return "RT2820"; 1630 case RT2860_RF_2850: return "RT2850"; 1631 case RT2860_RF_2720: return "RT2720"; 1632 case RT2860_RF_2750: return "RT2750"; 1633 case RT3070_RF_3020: return "RT3020"; 1634 case RT3070_RF_2020: return "RT2020"; 1635 case RT3070_RF_3021: return "RT3021"; 1636 case RT3070_RF_3022: return "RT3022"; 1637 case RT3070_RF_3052: return "RT3052"; 1638 case RT3593_RF_3053: return "RT3053"; 1639 case RT5592_RF_5592: return "RT5592"; 1640 case RT5390_RF_5370: return "RT5370"; 1641 case RT5390_RF_5372: return "RT5372"; 1642 } 1643 return ("unknown"); 1644 } 1645 1646 static void 1647 run_rt3593_get_txpower(struct run_softc *sc) 1648 { 1649 uint16_t addr, val; 1650 int i; 1651 1652 /* Read power settings for 2GHz channels. */ 1653 for (i = 0; i < 14; i += 2) { 1654 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1655 RT2860_EEPROM_PWR2GHZ_BASE1; 1656 run_srom_read(sc, addr + i / 2, &val); 1657 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1658 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1659 1660 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1661 RT2860_EEPROM_PWR2GHZ_BASE2; 1662 run_srom_read(sc, addr + i / 2, &val); 1663 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1664 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1665 1666 if (sc->ntxchains == 3) { 1667 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1668 &val); 1669 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1670 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1671 } 1672 } 1673 /* Fix broken Tx power entries. */ 1674 for (i = 0; i < 14; i++) { 1675 if (sc->txpow1[i] > 31) 1676 sc->txpow1[i] = 5; 1677 if (sc->txpow2[i] > 31) 1678 sc->txpow2[i] = 5; 1679 if (sc->ntxchains == 3) { 1680 if (sc->txpow3[i] > 31) 1681 sc->txpow3[i] = 5; 1682 } 1683 } 1684 /* Read power settings for 5GHz channels. */ 1685 for (i = 0; i < 40; i += 2) { 1686 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1687 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1688 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1689 1690 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1691 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1692 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1693 1694 if (sc->ntxchains == 3) { 1695 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1696 &val); 1697 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1698 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1699 } 1700 } 1701 } 1702 1703 static void 1704 run_get_txpower(struct run_softc *sc) 1705 { 1706 uint16_t val; 1707 int i; 1708 1709 /* Read power settings for 2GHz channels. */ 1710 for (i = 0; i < 14; i += 2) { 1711 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1712 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1713 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1714 1715 if (sc->mac_ver != 0x5390) { 1716 run_srom_read(sc, 1717 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1718 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1719 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1720 } 1721 } 1722 /* Fix broken Tx power entries. */ 1723 for (i = 0; i < 14; i++) { 1724 if (sc->mac_ver >= 0x5390) { 1725 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39) 1726 sc->txpow1[i] = 5; 1727 } else { 1728 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1729 sc->txpow1[i] = 5; 1730 } 1731 if (sc->mac_ver > 0x5390) { 1732 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39) 1733 sc->txpow2[i] = 5; 1734 } else if (sc->mac_ver < 0x5390) { 1735 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1736 sc->txpow2[i] = 5; 1737 } 1738 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1739 "chan %d: power1=%d, power2=%d\n", 1740 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1741 } 1742 /* Read power settings for 5GHz channels. */ 1743 for (i = 0; i < 40; i += 2) { 1744 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1745 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1746 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1747 1748 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1749 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1750 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1751 } 1752 /* Fix broken Tx power entries. */ 1753 for (i = 0; i < 40; i++ ) { 1754 if (sc->mac_ver != 0x5592) { 1755 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1756 sc->txpow1[14 + i] = 5; 1757 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1758 sc->txpow2[14 + i] = 5; 1759 } 1760 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR, 1761 "chan %d: power1=%d, power2=%d\n", 1762 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1763 sc->txpow2[14 + i]); 1764 } 1765 } 1766 1767 static int 1768 run_read_eeprom(struct run_softc *sc) 1769 { 1770 struct ieee80211com *ic = &sc->sc_ic; 1771 int8_t delta_2ghz, delta_5ghz; 1772 uint32_t tmp; 1773 uint16_t val; 1774 int ridx, ant, i; 1775 1776 /* check whether the ROM is eFUSE ROM or EEPROM */ 1777 sc->sc_srom_read = run_eeprom_read_2; 1778 if (sc->mac_ver >= 0x3070) { 1779 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1780 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp); 1781 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1782 sc->sc_srom_read = run_efuse_read_2; 1783 } 1784 1785 /* read ROM version */ 1786 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1787 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1788 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff); 1789 1790 /* read MAC address */ 1791 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1792 ic->ic_macaddr[0] = val & 0xff; 1793 ic->ic_macaddr[1] = val >> 8; 1794 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1795 ic->ic_macaddr[2] = val & 0xff; 1796 ic->ic_macaddr[3] = val >> 8; 1797 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1798 ic->ic_macaddr[4] = val & 0xff; 1799 ic->ic_macaddr[5] = val >> 8; 1800 1801 if (sc->mac_ver < 0x3593) { 1802 /* read vender BBP settings */ 1803 for (i = 0; i < 10; i++) { 1804 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1805 sc->bbp[i].val = val & 0xff; 1806 sc->bbp[i].reg = val >> 8; 1807 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1808 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val); 1809 } 1810 if (sc->mac_ver >= 0x3071) { 1811 /* read vendor RF settings */ 1812 for (i = 0; i < 10; i++) { 1813 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1814 &val); 1815 sc->rf[i].val = val & 0xff; 1816 sc->rf[i].reg = val >> 8; 1817 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n", 1818 sc->rf[i].reg, sc->rf[i].val); 1819 } 1820 } 1821 } 1822 1823 /* read RF frequency offset from EEPROM */ 1824 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1825 RT3593_EEPROM_FREQ, &val); 1826 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1827 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n", 1828 sc->freq & 0xff); 1829 1830 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1831 RT3593_EEPROM_FREQ_LEDS, &val); 1832 if (val >> 8 != 0xff) { 1833 /* read LEDs operating mode */ 1834 sc->leds = val >> 8; 1835 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1836 RT3593_EEPROM_LED1, &sc->led[0]); 1837 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1838 RT3593_EEPROM_LED2, &sc->led[1]); 1839 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1840 RT3593_EEPROM_LED3, &sc->led[2]); 1841 } else { 1842 /* broken EEPROM, use default settings */ 1843 sc->leds = 0x01; 1844 sc->led[0] = 0x5555; 1845 sc->led[1] = 0x2221; 1846 sc->led[2] = 0x5627; /* differs from RT2860 */ 1847 } 1848 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 1849 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1850 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1851 1852 /* read RF information */ 1853 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1854 run_srom_read(sc, 0x00, &val); 1855 else 1856 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1857 1858 if (val == 0xffff) { 1859 device_printf(sc->sc_dev, 1860 "invalid EEPROM antenna info, using default\n"); 1861 if (sc->mac_ver == 0x3572) { 1862 /* default to RF3052 2T2R */ 1863 sc->rf_rev = RT3070_RF_3052; 1864 sc->ntxchains = 2; 1865 sc->nrxchains = 2; 1866 } else if (sc->mac_ver >= 0x3070) { 1867 /* default to RF3020 1T1R */ 1868 sc->rf_rev = RT3070_RF_3020; 1869 sc->ntxchains = 1; 1870 sc->nrxchains = 1; 1871 } else { 1872 /* default to RF2820 1T2R */ 1873 sc->rf_rev = RT2860_RF_2820; 1874 sc->ntxchains = 1; 1875 sc->nrxchains = 2; 1876 } 1877 } else { 1878 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1879 sc->rf_rev = val; 1880 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1881 } else 1882 sc->rf_rev = (val >> 8) & 0xf; 1883 sc->ntxchains = (val >> 4) & 0xf; 1884 sc->nrxchains = val & 0xf; 1885 } 1886 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n", 1887 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1888 1889 /* check if RF supports automatic Tx access gain control */ 1890 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1891 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val); 1892 /* check if driver should patch the DAC issue */ 1893 if ((val >> 8) != 0xff) 1894 sc->patch_dac = (val >> 15) & 1; 1895 if ((val & 0xff) != 0xff) { 1896 sc->ext_5ghz_lna = (val >> 3) & 1; 1897 sc->ext_2ghz_lna = (val >> 2) & 1; 1898 /* check if RF supports automatic Tx access gain control */ 1899 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1900 /* check if we have a hardware radio switch */ 1901 sc->rfswitch = val & 1; 1902 } 1903 1904 /* Read Tx power settings. */ 1905 if (sc->mac_ver == 0x3593) 1906 run_rt3593_get_txpower(sc); 1907 else 1908 run_get_txpower(sc); 1909 1910 /* read Tx power compensation for each Tx rate */ 1911 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1912 delta_2ghz = delta_5ghz = 0; 1913 if ((val & 0xff) != 0xff && (val & 0x80)) { 1914 delta_2ghz = val & 0xf; 1915 if (!(val & 0x40)) /* negative number */ 1916 delta_2ghz = -delta_2ghz; 1917 } 1918 val >>= 8; 1919 if ((val & 0xff) != 0xff && (val & 0x80)) { 1920 delta_5ghz = val & 0xf; 1921 if (!(val & 0x40)) /* negative number */ 1922 delta_5ghz = -delta_5ghz; 1923 } 1924 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1925 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz); 1926 1927 for (ridx = 0; ridx < 5; ridx++) { 1928 uint32_t reg; 1929 1930 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1931 reg = val; 1932 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1933 reg |= (uint32_t)val << 16; 1934 1935 sc->txpow20mhz[ridx] = reg; 1936 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1937 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1938 1939 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR, 1940 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1941 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1942 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1943 } 1944 1945 /* Read RSSI offsets and LNA gains from EEPROM. */ 1946 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1947 RT3593_EEPROM_RSSI1_2GHZ, &val); 1948 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1949 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1950 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1951 RT3593_EEPROM_RSSI2_2GHZ, &val); 1952 if (sc->mac_ver >= 0x3070) { 1953 if (sc->mac_ver == 0x3593) { 1954 sc->txmixgain_2ghz = 0; 1955 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1956 } else { 1957 /* 1958 * On RT3070 chips (limited to 2 Rx chains), this ROM 1959 * field contains the Tx mixer gain for the 2GHz band. 1960 */ 1961 if ((val & 0xff) != 0xff) 1962 sc->txmixgain_2ghz = val & 0x7; 1963 } 1964 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n", 1965 sc->txmixgain_2ghz); 1966 } else 1967 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1968 if (sc->mac_ver == 0x3593) 1969 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1970 sc->lna[2] = val >> 8; /* channel group 2 */ 1971 1972 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1973 RT3593_EEPROM_RSSI1_5GHZ, &val); 1974 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1975 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1976 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1977 RT3593_EEPROM_RSSI2_5GHZ, &val); 1978 if (sc->mac_ver == 0x3572) { 1979 /* 1980 * On RT3572 chips (limited to 2 Rx chains), this ROM 1981 * field contains the Tx mixer gain for the 5GHz band. 1982 */ 1983 if ((val & 0xff) != 0xff) 1984 sc->txmixgain_5ghz = val & 0x7; 1985 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n", 1986 sc->txmixgain_5ghz); 1987 } else 1988 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1989 if (sc->mac_ver == 0x3593) { 1990 sc->txmixgain_5ghz = 0; 1991 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1992 } 1993 sc->lna[3] = val >> 8; /* channel group 3 */ 1994 1995 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1996 RT3593_EEPROM_LNA, &val); 1997 sc->lna[0] = val & 0xff; /* channel group 0 */ 1998 sc->lna[1] = val >> 8; /* channel group 1 */ 1999 2000 /* fix broken 5GHz LNA entries */ 2001 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 2002 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2003 "invalid LNA for channel group %d\n", 2); 2004 sc->lna[2] = sc->lna[1]; 2005 } 2006 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 2007 RUN_DPRINTF(sc, RUN_DEBUG_ROM, 2008 "invalid LNA for channel group %d\n", 3); 2009 sc->lna[3] = sc->lna[1]; 2010 } 2011 2012 /* fix broken RSSI offset entries */ 2013 for (ant = 0; ant < 3; ant++) { 2014 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 2015 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2016 "invalid RSSI%d offset: %d (2GHz)\n", 2017 ant + 1, sc->rssi_2ghz[ant]); 2018 sc->rssi_2ghz[ant] = 0; 2019 } 2020 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 2021 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI, 2022 "invalid RSSI%d offset: %d (5GHz)\n", 2023 ant + 1, sc->rssi_5ghz[ant]); 2024 sc->rssi_5ghz[ant] = 0; 2025 } 2026 } 2027 return (0); 2028 } 2029 2030 static struct ieee80211_node * 2031 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 2032 { 2033 return malloc(sizeof (struct run_node), M_80211_NODE, 2034 M_NOWAIT | M_ZERO); 2035 } 2036 2037 static int 2038 run_media_change(struct ifnet *ifp) 2039 { 2040 struct ieee80211vap *vap = ifp->if_softc; 2041 struct ieee80211com *ic = vap->iv_ic; 2042 const struct ieee80211_txparam *tp; 2043 struct run_softc *sc = ic->ic_softc; 2044 uint8_t rate, ridx; 2045 int error; 2046 2047 RUN_LOCK(sc); 2048 2049 error = ieee80211_media_change(ifp); 2050 if (error != ENETRESET) { 2051 RUN_UNLOCK(sc); 2052 return (error); 2053 } 2054 2055 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2056 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2057 struct ieee80211_node *ni; 2058 struct run_node *rn; 2059 2060 rate = ic->ic_sup_rates[ic->ic_curmode]. 2061 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2062 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2063 if (rt2860_rates[ridx].rate == rate) 2064 break; 2065 ni = ieee80211_ref_node(vap->iv_bss); 2066 rn = RUN_NODE(ni); 2067 rn->fix_ridx = ridx; 2068 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n", 2069 rate, rn->fix_ridx); 2070 ieee80211_free_node(ni); 2071 } 2072 2073 #if 0 2074 if ((ifp->if_flags & IFF_UP) && 2075 (ifp->if_drv_flags & RUN_RUNNING)){ 2076 run_init_locked(sc); 2077 } 2078 #endif 2079 2080 RUN_UNLOCK(sc); 2081 2082 return (0); 2083 } 2084 2085 static int 2086 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2087 { 2088 const struct ieee80211_txparam *tp; 2089 struct ieee80211com *ic = vap->iv_ic; 2090 struct run_softc *sc = ic->ic_softc; 2091 struct run_vap *rvp = RUN_VAP(vap); 2092 enum ieee80211_state ostate; 2093 uint32_t sta[3]; 2094 uint8_t ratectl; 2095 uint8_t restart_ratectl = 0; 2096 uint8_t bid = 1 << rvp->rvp_id; 2097 2098 ostate = vap->iv_state; 2099 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n", 2100 ieee80211_state_name[ostate], 2101 ieee80211_state_name[nstate]); 2102 2103 IEEE80211_UNLOCK(ic); 2104 RUN_LOCK(sc); 2105 2106 ratectl = sc->ratectl_run; /* remember current state */ 2107 sc->ratectl_run = RUN_RATECTL_OFF; 2108 usb_callout_stop(&sc->ratectl_ch); 2109 2110 if (ostate == IEEE80211_S_RUN) { 2111 /* turn link LED off */ 2112 run_set_leds(sc, RT2860_LED_RADIO); 2113 } 2114 2115 switch (nstate) { 2116 case IEEE80211_S_INIT: 2117 restart_ratectl = 1; 2118 2119 if (ostate != IEEE80211_S_RUN) 2120 break; 2121 2122 ratectl &= ~bid; 2123 sc->runbmap &= ~bid; 2124 2125 /* abort TSF synchronization if there is no vap running */ 2126 if (--sc->running == 0) 2127 run_disable_tsf(sc); 2128 break; 2129 2130 case IEEE80211_S_RUN: 2131 if (!(sc->runbmap & bid)) { 2132 if(sc->running++) 2133 restart_ratectl = 1; 2134 sc->runbmap |= bid; 2135 } 2136 2137 m_freem(rvp->beacon_mbuf); 2138 rvp->beacon_mbuf = NULL; 2139 2140 switch (vap->iv_opmode) { 2141 case IEEE80211_M_HOSTAP: 2142 case IEEE80211_M_MBSS: 2143 sc->ap_running |= bid; 2144 ic->ic_opmode = vap->iv_opmode; 2145 run_update_beacon_cb(vap); 2146 break; 2147 case IEEE80211_M_IBSS: 2148 sc->adhoc_running |= bid; 2149 if (!sc->ap_running) 2150 ic->ic_opmode = vap->iv_opmode; 2151 run_update_beacon_cb(vap); 2152 break; 2153 case IEEE80211_M_STA: 2154 sc->sta_running |= bid; 2155 if (!sc->ap_running && !sc->adhoc_running) 2156 ic->ic_opmode = vap->iv_opmode; 2157 2158 /* read statistic counters (clear on read) */ 2159 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2160 (uint8_t *)sta, sizeof sta); 2161 2162 break; 2163 default: 2164 ic->ic_opmode = vap->iv_opmode; 2165 break; 2166 } 2167 2168 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2169 struct ieee80211_node *ni; 2170 2171 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2172 RUN_UNLOCK(sc); 2173 IEEE80211_LOCK(ic); 2174 return (-1); 2175 } 2176 run_updateslot(ic); 2177 run_enable_mrr(sc); 2178 run_set_txpreamble(sc); 2179 run_set_basicrates(sc); 2180 ni = ieee80211_ref_node(vap->iv_bss); 2181 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2182 run_set_bssid(sc, sc->sc_bssid); 2183 ieee80211_free_node(ni); 2184 run_enable_tsf_sync(sc); 2185 2186 /* enable automatic rate adaptation */ 2187 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2188 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2189 ratectl |= bid; 2190 } else 2191 run_enable_tsf(sc); 2192 2193 /* turn link LED on */ 2194 run_set_leds(sc, RT2860_LED_RADIO | 2195 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2196 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2197 2198 break; 2199 default: 2200 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n"); 2201 break; 2202 } 2203 2204 /* restart amrr for running VAPs */ 2205 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2206 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2207 2208 RUN_UNLOCK(sc); 2209 IEEE80211_LOCK(ic); 2210 2211 return(rvp->newstate(vap, nstate, arg)); 2212 } 2213 2214 static int 2215 run_wme_update(struct ieee80211com *ic) 2216 { 2217 struct chanAccParams chp; 2218 struct run_softc *sc = ic->ic_softc; 2219 const struct wmeParams *ac; 2220 int aci, error = 0; 2221 2222 ieee80211_wme_ic_getparams(ic, &chp); 2223 ac = chp.cap_wmeParams; 2224 2225 /* update MAC TX configuration registers */ 2226 RUN_LOCK(sc); 2227 for (aci = 0; aci < WME_NUM_AC; aci++) { 2228 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2229 ac[aci].wmep_logcwmax << 16 | 2230 ac[aci].wmep_logcwmin << 12 | 2231 ac[aci].wmep_aifsn << 8 | 2232 ac[aci].wmep_txopLimit); 2233 if (error) goto err; 2234 } 2235 2236 /* update SCH/DMA registers too */ 2237 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2238 ac[WME_AC_VO].wmep_aifsn << 12 | 2239 ac[WME_AC_VI].wmep_aifsn << 8 | 2240 ac[WME_AC_BK].wmep_aifsn << 4 | 2241 ac[WME_AC_BE].wmep_aifsn); 2242 if (error) goto err; 2243 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2244 ac[WME_AC_VO].wmep_logcwmin << 12 | 2245 ac[WME_AC_VI].wmep_logcwmin << 8 | 2246 ac[WME_AC_BK].wmep_logcwmin << 4 | 2247 ac[WME_AC_BE].wmep_logcwmin); 2248 if (error) goto err; 2249 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2250 ac[WME_AC_VO].wmep_logcwmax << 12 | 2251 ac[WME_AC_VI].wmep_logcwmax << 8 | 2252 ac[WME_AC_BK].wmep_logcwmax << 4 | 2253 ac[WME_AC_BE].wmep_logcwmax); 2254 if (error) goto err; 2255 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2256 ac[WME_AC_BK].wmep_txopLimit << 16 | 2257 ac[WME_AC_BE].wmep_txopLimit); 2258 if (error) goto err; 2259 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2260 ac[WME_AC_VO].wmep_txopLimit << 16 | 2261 ac[WME_AC_VI].wmep_txopLimit); 2262 2263 err: 2264 RUN_UNLOCK(sc); 2265 if (error) 2266 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n"); 2267 2268 return (error); 2269 } 2270 2271 static void 2272 run_key_set_cb(void *arg) 2273 { 2274 struct run_cmdq *cmdq = arg; 2275 struct ieee80211vap *vap = cmdq->arg1; 2276 struct ieee80211_key *k = cmdq->k; 2277 struct ieee80211com *ic = vap->iv_ic; 2278 struct run_softc *sc = ic->ic_softc; 2279 struct ieee80211_node *ni; 2280 u_int cipher = k->wk_cipher->ic_cipher; 2281 uint32_t attr; 2282 uint16_t base, associd; 2283 uint8_t mode, wcid, iv[8]; 2284 2285 RUN_LOCK_ASSERT(sc, MA_OWNED); 2286 2287 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2288 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2289 else 2290 ni = vap->iv_bss; 2291 associd = (ni != NULL) ? ni->ni_associd : 0; 2292 2293 /* map net80211 cipher to RT2860 security mode */ 2294 switch (cipher) { 2295 case IEEE80211_CIPHER_WEP: 2296 if(k->wk_keylen < 8) 2297 mode = RT2860_MODE_WEP40; 2298 else 2299 mode = RT2860_MODE_WEP104; 2300 break; 2301 case IEEE80211_CIPHER_TKIP: 2302 mode = RT2860_MODE_TKIP; 2303 break; 2304 case IEEE80211_CIPHER_AES_CCM: 2305 mode = RT2860_MODE_AES_CCMP; 2306 break; 2307 default: 2308 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n"); 2309 return; 2310 } 2311 2312 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2313 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2314 associd, k->wk_keyix, mode, 2315 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2316 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2317 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2318 2319 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2320 wcid = 0; /* NB: update WCID0 for group keys */ 2321 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2322 } else { 2323 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2324 1 : RUN_AID2WCID(associd); 2325 base = RT2860_PKEY(wcid); 2326 } 2327 2328 if (cipher == IEEE80211_CIPHER_TKIP) { 2329 if(run_write_region_1(sc, base, k->wk_key, 16)) 2330 return; 2331 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2332 return; 2333 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2334 return; 2335 } else { 2336 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2337 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2338 return; 2339 } 2340 2341 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2342 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2343 /* set initial packet number in IV+EIV */ 2344 if (cipher == IEEE80211_CIPHER_WEP) { 2345 memset(iv, 0, sizeof iv); 2346 iv[3] = vap->iv_def_txkey << 6; 2347 } else { 2348 if (cipher == IEEE80211_CIPHER_TKIP) { 2349 iv[0] = k->wk_keytsc >> 8; 2350 iv[1] = (iv[0] | 0x20) & 0x7f; 2351 iv[2] = k->wk_keytsc; 2352 } else /* CCMP */ { 2353 iv[0] = k->wk_keytsc; 2354 iv[1] = k->wk_keytsc >> 8; 2355 iv[2] = 0; 2356 } 2357 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2358 iv[4] = k->wk_keytsc >> 16; 2359 iv[5] = k->wk_keytsc >> 24; 2360 iv[6] = k->wk_keytsc >> 32; 2361 iv[7] = k->wk_keytsc >> 40; 2362 } 2363 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2364 return; 2365 } 2366 2367 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2368 /* install group key */ 2369 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2370 return; 2371 attr &= ~(0xf << (k->wk_keyix * 4)); 2372 attr |= mode << (k->wk_keyix * 4); 2373 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2374 return; 2375 } else { 2376 /* install pairwise key */ 2377 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2378 return; 2379 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2380 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2381 return; 2382 } 2383 2384 /* TODO create a pass-thru key entry? */ 2385 2386 /* need wcid to delete the right key later */ 2387 k->wk_pad = wcid; 2388 } 2389 2390 /* 2391 * Don't have to be deferred, but in order to keep order of 2392 * execution, i.e. with run_key_delete(), defer this and let 2393 * run_cmdq_cb() maintain the order. 2394 * 2395 * return 0 on error 2396 */ 2397 static int 2398 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k) 2399 { 2400 struct ieee80211com *ic = vap->iv_ic; 2401 struct run_softc *sc = ic->ic_softc; 2402 uint32_t i; 2403 2404 i = RUN_CMDQ_GET(&sc->cmdq_store); 2405 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2406 sc->cmdq[i].func = run_key_set_cb; 2407 sc->cmdq[i].arg0 = NULL; 2408 sc->cmdq[i].arg1 = vap; 2409 sc->cmdq[i].k = k; 2410 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr); 2411 ieee80211_runtask(ic, &sc->cmdq_task); 2412 2413 /* 2414 * To make sure key will be set when hostapd 2415 * calls iv_key_set() before if_init(). 2416 */ 2417 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2418 RUN_LOCK(sc); 2419 sc->cmdq_key_set = RUN_CMDQ_GO; 2420 RUN_UNLOCK(sc); 2421 } 2422 2423 return (1); 2424 } 2425 2426 /* 2427 * If wlan is destroyed without being brought down i.e. without 2428 * wlan down or wpa_cli terminate, this function is called after 2429 * vap is gone. Don't refer it. 2430 */ 2431 static void 2432 run_key_delete_cb(void *arg) 2433 { 2434 struct run_cmdq *cmdq = arg; 2435 struct run_softc *sc = cmdq->arg1; 2436 struct ieee80211_key *k = &cmdq->key; 2437 uint32_t attr; 2438 uint8_t wcid; 2439 2440 RUN_LOCK_ASSERT(sc, MA_OWNED); 2441 2442 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2443 /* remove group key */ 2444 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n"); 2445 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2446 attr &= ~(0xf << (k->wk_keyix * 4)); 2447 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2448 } else { 2449 /* remove pairwise key */ 2450 RUN_DPRINTF(sc, RUN_DEBUG_KEY, 2451 "removing key for wcid %x\n", k->wk_pad); 2452 /* matching wcid was written to wk_pad in run_key_set() */ 2453 wcid = k->wk_pad; 2454 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2455 attr &= ~0xf; 2456 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2457 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2458 } 2459 2460 k->wk_pad = 0; 2461 } 2462 2463 /* 2464 * return 0 on error 2465 */ 2466 static int 2467 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2468 { 2469 struct ieee80211com *ic = vap->iv_ic; 2470 struct run_softc *sc = ic->ic_softc; 2471 struct ieee80211_key *k0; 2472 uint32_t i; 2473 2474 /* 2475 * When called back, key might be gone. So, make a copy 2476 * of some values need to delete keys before deferring. 2477 * But, because of LOR with node lock, cannot use lock here. 2478 * So, use atomic instead. 2479 */ 2480 i = RUN_CMDQ_GET(&sc->cmdq_store); 2481 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i); 2482 sc->cmdq[i].func = run_key_delete_cb; 2483 sc->cmdq[i].arg0 = NULL; 2484 sc->cmdq[i].arg1 = sc; 2485 k0 = &sc->cmdq[i].key; 2486 k0->wk_flags = k->wk_flags; 2487 k0->wk_keyix = k->wk_keyix; 2488 /* matching wcid was written to wk_pad in run_key_set() */ 2489 k0->wk_pad = k->wk_pad; 2490 ieee80211_runtask(ic, &sc->cmdq_task); 2491 return (1); /* return fake success */ 2492 2493 } 2494 2495 static void 2496 run_ratectl_to(void *arg) 2497 { 2498 struct run_softc *sc = arg; 2499 2500 /* do it in a process context, so it can go sleep */ 2501 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task); 2502 /* next timeout will be rescheduled in the callback task */ 2503 } 2504 2505 /* ARGSUSED */ 2506 static void 2507 run_ratectl_cb(void *arg, int pending) 2508 { 2509 struct run_softc *sc = arg; 2510 struct ieee80211com *ic = &sc->sc_ic; 2511 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2512 2513 if (vap == NULL) 2514 return; 2515 2516 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2517 /* 2518 * run_reset_livelock() doesn't do anything with AMRR, 2519 * but Ralink wants us to call it every 1 sec. So, we 2520 * piggyback here rather than creating another callout. 2521 * Livelock may occur only in HOSTAP or IBSS mode 2522 * (when h/w is sending beacons). 2523 */ 2524 RUN_LOCK(sc); 2525 run_reset_livelock(sc); 2526 /* just in case, there are some stats to drain */ 2527 run_drain_fifo(sc); 2528 RUN_UNLOCK(sc); 2529 } 2530 2531 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2532 2533 RUN_LOCK(sc); 2534 if(sc->ratectl_run != RUN_RATECTL_OFF) 2535 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2536 RUN_UNLOCK(sc); 2537 } 2538 2539 static void 2540 run_drain_fifo(void *arg) 2541 { 2542 struct run_softc *sc = arg; 2543 uint32_t stat; 2544 uint16_t (*wstat)[3]; 2545 uint8_t wcid, mcs, pid; 2546 int8_t retry; 2547 2548 RUN_LOCK_ASSERT(sc, MA_OWNED); 2549 2550 for (;;) { 2551 /* drain Tx status FIFO (maxsize = 16) */ 2552 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2553 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat); 2554 if (!(stat & RT2860_TXQ_VLD)) 2555 break; 2556 2557 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2558 2559 /* if no ACK was requested, no feedback is available */ 2560 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2561 wcid == 0) 2562 continue; 2563 2564 /* 2565 * Even though each stat is Tx-complete-status like format, 2566 * the device can poll stats. Because there is no guarantee 2567 * that the referring node is still around when read the stats. 2568 * So that, if we use ieee80211_ratectl_tx_update(), we will 2569 * have hard time not to refer already freed node. 2570 * 2571 * To eliminate such page faults, we poll stats in softc. 2572 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2573 */ 2574 wstat = &(sc->wcid_stats[wcid]); 2575 (*wstat)[RUN_TXCNT]++; 2576 if (stat & RT2860_TXQ_OK) 2577 (*wstat)[RUN_SUCCESS]++; 2578 else 2579 counter_u64_add(sc->sc_ic.ic_oerrors, 1); 2580 /* 2581 * Check if there were retries, ie if the Tx success rate is 2582 * different from the requested rate. Note that it works only 2583 * because we do not allow rate fallback from OFDM to CCK. 2584 */ 2585 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2586 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2587 if ((retry = pid -1 - mcs) > 0) { 2588 (*wstat)[RUN_TXCNT] += retry; 2589 (*wstat)[RUN_RETRY] += retry; 2590 } 2591 } 2592 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt); 2593 2594 sc->fifo_cnt = 0; 2595 } 2596 2597 static void 2598 run_iter_func(void *arg, struct ieee80211_node *ni) 2599 { 2600 struct run_softc *sc = arg; 2601 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs; 2602 struct ieee80211vap *vap = ni->ni_vap; 2603 struct run_node *rn = RUN_NODE(ni); 2604 union run_stats sta[2]; 2605 uint16_t (*wstat)[3]; 2606 int error; 2607 2608 RUN_LOCK(sc); 2609 2610 /* Check for special case */ 2611 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2612 ni != vap->iv_bss) 2613 goto fail; 2614 2615 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE | 2616 IEEE80211_RATECTL_TX_STATS_RETRIES; 2617 txs->ni = ni; 2618 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2619 vap->iv_opmode == IEEE80211_M_STA)) { 2620 /* read statistic counters (clear on read) and update AMRR state */ 2621 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2622 sizeof sta); 2623 if (error != 0) 2624 goto fail; 2625 2626 /* count failed TX as errors */ 2627 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 2628 le16toh(sta[0].error.fail)); 2629 2630 txs->nretries = le16toh(sta[1].tx.retry); 2631 txs->nsuccess = le16toh(sta[1].tx.success); 2632 /* nretries??? */ 2633 txs->nframes = txs->nretries + txs->nsuccess + 2634 le16toh(sta[0].error.fail); 2635 2636 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2637 "retrycnt=%d success=%d failcnt=%d\n", 2638 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail)); 2639 } else { 2640 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2641 2642 if (wstat == &(sc->wcid_stats[0]) || 2643 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2644 goto fail; 2645 2646 txs->nretries = (*wstat)[RUN_RETRY]; 2647 txs->nsuccess = (*wstat)[RUN_SUCCESS]; 2648 txs->nframes = (*wstat)[RUN_TXCNT]; 2649 RUN_DPRINTF(sc, RUN_DEBUG_RATE, 2650 "retrycnt=%d txcnt=%d success=%d\n", 2651 txs->nretries, txs->nframes, txs->nsuccess); 2652 2653 memset(wstat, 0, sizeof(*wstat)); 2654 } 2655 2656 ieee80211_ratectl_tx_update(vap, txs); 2657 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2658 2659 fail: 2660 RUN_UNLOCK(sc); 2661 2662 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx); 2663 } 2664 2665 static void 2666 run_newassoc_cb(void *arg) 2667 { 2668 struct run_cmdq *cmdq = arg; 2669 struct ieee80211_node *ni = cmdq->arg1; 2670 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc; 2671 uint8_t wcid = cmdq->wcid; 2672 2673 RUN_LOCK_ASSERT(sc, MA_OWNED); 2674 2675 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2676 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2677 2678 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2679 } 2680 2681 static void 2682 run_newassoc(struct ieee80211_node *ni, int isnew) 2683 { 2684 struct run_node *rn = RUN_NODE(ni); 2685 struct ieee80211_rateset *rs = &ni->ni_rates; 2686 struct ieee80211vap *vap = ni->ni_vap; 2687 struct ieee80211com *ic = vap->iv_ic; 2688 struct run_softc *sc = ic->ic_softc; 2689 uint8_t rate; 2690 uint8_t ridx; 2691 uint8_t wcid; 2692 int i, j; 2693 2694 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2695 1 : RUN_AID2WCID(ni->ni_associd); 2696 2697 if (wcid > RT2870_WCID_MAX) { 2698 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2699 return; 2700 } 2701 2702 /* only interested in true associations */ 2703 if (isnew && ni->ni_associd != 0) { 2704 2705 /* 2706 * This function could is called though timeout function. 2707 * Need to defer. 2708 */ 2709 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2710 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt); 2711 sc->cmdq[cnt].func = run_newassoc_cb; 2712 sc->cmdq[cnt].arg0 = NULL; 2713 sc->cmdq[cnt].arg1 = ni; 2714 sc->cmdq[cnt].wcid = wcid; 2715 ieee80211_runtask(ic, &sc->cmdq_task); 2716 } 2717 2718 RUN_DPRINTF(sc, RUN_DEBUG_STATE, 2719 "new assoc isnew=%d associd=%x addr=%s\n", 2720 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2721 2722 for (i = 0; i < rs->rs_nrates; i++) { 2723 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2724 /* convert 802.11 rate to hardware rate index */ 2725 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2726 if (rt2860_rates[ridx].rate == rate) 2727 break; 2728 rn->ridx[i] = ridx; 2729 /* determine rate of control response frames */ 2730 for (j = i; j >= 0; j--) { 2731 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2732 rt2860_rates[rn->ridx[i]].phy == 2733 rt2860_rates[rn->ridx[j]].phy) 2734 break; 2735 } 2736 if (j >= 0) { 2737 rn->ctl_ridx[i] = rn->ridx[j]; 2738 } else { 2739 /* no basic rate found, use mandatory one */ 2740 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2741 } 2742 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2743 "rate=0x%02x ridx=%d ctl_ridx=%d\n", 2744 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2745 } 2746 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2747 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2748 if (rt2860_rates[ridx].rate == rate) 2749 break; 2750 rn->mgt_ridx = ridx; 2751 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE, 2752 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2753 2754 RUN_LOCK(sc); 2755 if(sc->ratectl_run != RUN_RATECTL_OFF) 2756 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2757 RUN_UNLOCK(sc); 2758 } 2759 2760 /* 2761 * Return the Rx chain with the highest RSSI for a given frame. 2762 */ 2763 static __inline uint8_t 2764 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2765 { 2766 uint8_t rxchain = 0; 2767 2768 if (sc->nrxchains > 1) { 2769 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2770 rxchain = 1; 2771 if (sc->nrxchains > 2) 2772 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2773 rxchain = 2; 2774 } 2775 return (rxchain); 2776 } 2777 2778 static void 2779 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, 2780 const struct ieee80211_rx_stats *rxs, int rssi, int nf) 2781 { 2782 struct ieee80211vap *vap = ni->ni_vap; 2783 struct run_softc *sc = vap->iv_ic->ic_softc; 2784 struct run_vap *rvp = RUN_VAP(vap); 2785 uint64_t ni_tstamp, rx_tstamp; 2786 2787 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf); 2788 2789 if (vap->iv_state == IEEE80211_S_RUN && 2790 (subtype == IEEE80211_FC0_SUBTYPE_BEACON || 2791 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) { 2792 ni_tstamp = le64toh(ni->ni_tstamp.tsf); 2793 RUN_LOCK(sc); 2794 run_get_tsf(sc, &rx_tstamp); 2795 RUN_UNLOCK(sc); 2796 rx_tstamp = le64toh(rx_tstamp); 2797 2798 if (ni_tstamp >= rx_tstamp) { 2799 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON, 2800 "ibss merge, tsf %ju tstamp %ju\n", 2801 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp); 2802 (void) ieee80211_ibss_merge(ni); 2803 } 2804 } 2805 } 2806 2807 static void 2808 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2809 { 2810 struct ieee80211com *ic = &sc->sc_ic; 2811 struct ieee80211_frame *wh; 2812 struct ieee80211_node *ni; 2813 struct rt2870_rxd *rxd; 2814 struct rt2860_rxwi *rxwi; 2815 uint32_t flags; 2816 uint16_t len, rxwisize; 2817 uint8_t ant, rssi; 2818 int8_t nf; 2819 2820 rxwisize = sizeof(struct rt2860_rxwi); 2821 if (sc->mac_ver == 0x5592) 2822 rxwisize += sizeof(uint64_t); 2823 else if (sc->mac_ver == 0x3593) 2824 rxwisize += sizeof(uint32_t); 2825 2826 if (__predict_false(dmalen < 2827 rxwisize + sizeof(struct ieee80211_frame_ack))) { 2828 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2829 "payload is too short: dma length %u < %zu\n", 2830 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack)); 2831 goto fail; 2832 } 2833 2834 rxwi = mtod(m, struct rt2860_rxwi *); 2835 len = le16toh(rxwi->len) & 0xfff; 2836 2837 if (__predict_false(len > dmalen - rxwisize)) { 2838 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2839 "bad RXWI length %u > %u\n", len, dmalen); 2840 goto fail; 2841 } 2842 2843 /* Rx descriptor is located at the end */ 2844 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2845 flags = le32toh(rxd->flags); 2846 2847 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2848 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n", 2849 (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2850 goto fail; 2851 } 2852 2853 if (flags & RT2860_RX_L2PAD) { 2854 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2855 "received RT2860_RX_L2PAD frame\n"); 2856 len += 2; 2857 } 2858 2859 m->m_data += rxwisize; 2860 m->m_pkthdr.len = m->m_len = len; 2861 2862 wh = mtod(m, struct ieee80211_frame *); 2863 2864 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 && 2865 (flags & RT2860_RX_DEC) != 0) { 2866 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2867 m->m_flags |= M_WEP; 2868 } 2869 2870 if (len >= sizeof(struct ieee80211_frame_min)) { 2871 ni = ieee80211_find_rxnode(ic, 2872 mtod(m, struct ieee80211_frame_min *)); 2873 } else 2874 ni = NULL; 2875 2876 if (__predict_false(flags & RT2860_RX_MICERR)) { 2877 /* report MIC failures to net80211 for TKIP */ 2878 if (ni != NULL) 2879 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2880 rxwi->keyidx); 2881 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2882 "MIC error. Someone is lying.\n"); 2883 goto fail; 2884 } 2885 2886 ant = run_maxrssi_chain(sc, rxwi); 2887 rssi = rxwi->rssi[ant]; 2888 nf = run_rssi2dbm(sc, rssi, ant); 2889 2890 if (__predict_false(ieee80211_radiotap_active(ic))) { 2891 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2892 uint16_t phy; 2893 2894 tap->wr_flags = 0; 2895 if (flags & RT2860_RX_L2PAD) 2896 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 2897 tap->wr_antsignal = rssi; 2898 tap->wr_antenna = ant; 2899 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2900 tap->wr_rate = 2; /* in case it can't be found below */ 2901 RUN_LOCK(sc); 2902 run_get_tsf(sc, &tap->wr_tsf); 2903 RUN_UNLOCK(sc); 2904 phy = le16toh(rxwi->phy); 2905 switch (phy & RT2860_PHY_MODE) { 2906 case RT2860_PHY_CCK: 2907 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2908 case 0: tap->wr_rate = 2; break; 2909 case 1: tap->wr_rate = 4; break; 2910 case 2: tap->wr_rate = 11; break; 2911 case 3: tap->wr_rate = 22; break; 2912 } 2913 if (phy & RT2860_PHY_SHPRE) 2914 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2915 break; 2916 case RT2860_PHY_OFDM: 2917 switch (phy & RT2860_PHY_MCS) { 2918 case 0: tap->wr_rate = 12; break; 2919 case 1: tap->wr_rate = 18; break; 2920 case 2: tap->wr_rate = 24; break; 2921 case 3: tap->wr_rate = 36; break; 2922 case 4: tap->wr_rate = 48; break; 2923 case 5: tap->wr_rate = 72; break; 2924 case 6: tap->wr_rate = 96; break; 2925 case 7: tap->wr_rate = 108; break; 2926 } 2927 break; 2928 } 2929 } 2930 2931 if (ni != NULL) { 2932 (void)ieee80211_input(ni, m, rssi, nf); 2933 ieee80211_free_node(ni); 2934 } else { 2935 (void)ieee80211_input_all(ic, m, rssi, nf); 2936 } 2937 2938 return; 2939 2940 fail: 2941 m_freem(m); 2942 counter_u64_add(ic->ic_ierrors, 1); 2943 } 2944 2945 static void 2946 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2947 { 2948 struct run_softc *sc = usbd_xfer_softc(xfer); 2949 struct ieee80211com *ic = &sc->sc_ic; 2950 struct mbuf *m = NULL; 2951 struct mbuf *m0; 2952 uint32_t dmalen, mbuf_len; 2953 uint16_t rxwisize; 2954 int xferlen; 2955 2956 rxwisize = sizeof(struct rt2860_rxwi); 2957 if (sc->mac_ver == 0x5592) 2958 rxwisize += sizeof(uint64_t); 2959 else if (sc->mac_ver == 0x3593) 2960 rxwisize += sizeof(uint32_t); 2961 2962 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2963 2964 switch (USB_GET_STATE(xfer)) { 2965 case USB_ST_TRANSFERRED: 2966 2967 RUN_DPRINTF(sc, RUN_DEBUG_RECV, 2968 "rx done, actlen=%d\n", xferlen); 2969 2970 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2971 sizeof(struct rt2870_rxd))) { 2972 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 2973 "xfer too short %d\n", xferlen); 2974 goto tr_setup; 2975 } 2976 2977 m = sc->rx_m; 2978 sc->rx_m = NULL; 2979 2980 /* FALLTHROUGH */ 2981 case USB_ST_SETUP: 2982 tr_setup: 2983 if (sc->rx_m == NULL) { 2984 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2985 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2986 } 2987 if (sc->rx_m == NULL) { 2988 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC, 2989 "could not allocate mbuf - idle with stall\n"); 2990 counter_u64_add(ic->ic_ierrors, 1); 2991 usbd_xfer_set_stall(xfer); 2992 usbd_xfer_set_frames(xfer, 0); 2993 } else { 2994 /* 2995 * Directly loading a mbuf cluster into DMA to 2996 * save some data copying. This works because 2997 * there is only one cluster. 2998 */ 2999 usbd_xfer_set_frame_data(xfer, 0, 3000 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 3001 usbd_xfer_set_frames(xfer, 1); 3002 } 3003 usbd_transfer_submit(xfer); 3004 break; 3005 3006 default: /* Error */ 3007 if (error != USB_ERR_CANCELLED) { 3008 /* try to clear stall first */ 3009 usbd_xfer_set_stall(xfer); 3010 if (error == USB_ERR_TIMEOUT) 3011 device_printf(sc->sc_dev, "device timeout\n"); 3012 counter_u64_add(ic->ic_ierrors, 1); 3013 goto tr_setup; 3014 } 3015 if (sc->rx_m != NULL) { 3016 m_freem(sc->rx_m); 3017 sc->rx_m = NULL; 3018 } 3019 break; 3020 } 3021 3022 if (m == NULL) 3023 return; 3024 3025 /* inputting all the frames must be last */ 3026 3027 RUN_UNLOCK(sc); 3028 3029 m->m_pkthdr.len = m->m_len = xferlen; 3030 3031 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 3032 for(;;) { 3033 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 3034 3035 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 3036 ((dmalen & 3) != 0)) { 3037 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3038 "bad DMA length %u\n", dmalen); 3039 break; 3040 } 3041 if ((dmalen + 8) > (uint32_t)xferlen) { 3042 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3043 "bad DMA length %u > %d\n", 3044 dmalen + 8, xferlen); 3045 break; 3046 } 3047 3048 /* If it is the last one or a single frame, we won't copy. */ 3049 if ((xferlen -= dmalen + 8) <= 8) { 3050 /* trim 32-bit DMA-len header */ 3051 m->m_data += 4; 3052 m->m_pkthdr.len = m->m_len -= 4; 3053 run_rx_frame(sc, m, dmalen); 3054 m = NULL; /* don't free source buffer */ 3055 break; 3056 } 3057 3058 mbuf_len = dmalen + sizeof(struct rt2870_rxd); 3059 if (__predict_false(mbuf_len > MCLBYTES)) { 3060 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB, 3061 "payload is too big: mbuf_len %u\n", mbuf_len); 3062 counter_u64_add(ic->ic_ierrors, 1); 3063 break; 3064 } 3065 3066 /* copy aggregated frames to another mbuf */ 3067 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3068 if (__predict_false(m0 == NULL)) { 3069 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC, 3070 "could not allocate mbuf\n"); 3071 counter_u64_add(ic->ic_ierrors, 1); 3072 break; 3073 } 3074 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3075 mbuf_len, mtod(m0, caddr_t)); 3076 m0->m_pkthdr.len = m0->m_len = mbuf_len; 3077 run_rx_frame(sc, m0, dmalen); 3078 3079 /* update data ptr */ 3080 m->m_data += mbuf_len + 4; 3081 m->m_pkthdr.len = m->m_len -= mbuf_len + 4; 3082 } 3083 3084 /* make sure we free the source buffer, if any */ 3085 m_freem(m); 3086 3087 RUN_LOCK(sc); 3088 } 3089 3090 static void 3091 run_tx_free(struct run_endpoint_queue *pq, 3092 struct run_tx_data *data, int txerr) 3093 { 3094 3095 ieee80211_tx_complete(data->ni, data->m, txerr); 3096 3097 data->m = NULL; 3098 data->ni = NULL; 3099 3100 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3101 pq->tx_nfree++; 3102 } 3103 3104 static void 3105 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3106 { 3107 struct run_softc *sc = usbd_xfer_softc(xfer); 3108 struct ieee80211com *ic = &sc->sc_ic; 3109 struct run_tx_data *data; 3110 struct ieee80211vap *vap = NULL; 3111 struct usb_page_cache *pc; 3112 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3113 struct mbuf *m; 3114 usb_frlength_t size; 3115 int actlen; 3116 int sumlen; 3117 3118 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3119 3120 switch (USB_GET_STATE(xfer)) { 3121 case USB_ST_TRANSFERRED: 3122 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3123 "transfer complete: %d bytes @ index %d\n", actlen, index); 3124 3125 data = usbd_xfer_get_priv(xfer); 3126 run_tx_free(pq, data, 0); 3127 usbd_xfer_set_priv(xfer, NULL); 3128 3129 /* FALLTHROUGH */ 3130 case USB_ST_SETUP: 3131 tr_setup: 3132 data = STAILQ_FIRST(&pq->tx_qh); 3133 if (data == NULL) 3134 break; 3135 3136 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3137 3138 m = data->m; 3139 size = (sc->mac_ver == 0x5592) ? 3140 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3141 if ((m->m_pkthdr.len + 3142 size + 3 + 8) > RUN_MAX_TXSZ) { 3143 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB, 3144 "data overflow, %u bytes\n", m->m_pkthdr.len); 3145 run_tx_free(pq, data, 1); 3146 goto tr_setup; 3147 } 3148 3149 pc = usbd_xfer_get_frame(xfer, 0); 3150 usbd_copy_in(pc, 0, &data->desc, size); 3151 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3152 size += m->m_pkthdr.len; 3153 /* 3154 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3155 * 4-byte padding), and be sure to zero those trailing 3156 * bytes: 3157 */ 3158 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3159 size += ((-size) & 3) + 8; 3160 3161 vap = data->ni->ni_vap; 3162 if (ieee80211_radiotap_active_vap(vap)) { 3163 const struct ieee80211_frame *wh; 3164 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3165 struct rt2860_txwi *txwi = 3166 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3167 int has_l2pad; 3168 3169 wh = mtod(m, struct ieee80211_frame *); 3170 has_l2pad = IEEE80211_HAS_ADDR4(wh) != 3171 IEEE80211_QOS_HAS_SEQ(wh); 3172 3173 tap->wt_flags = 0; 3174 tap->wt_rate = rt2860_rates[data->ridx].rate; 3175 tap->wt_hwqueue = index; 3176 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3177 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3178 if (has_l2pad) 3179 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD; 3180 3181 ieee80211_radiotap_tx(vap, m); 3182 } 3183 3184 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3185 "sending frame len=%u/%u @ index %d\n", 3186 m->m_pkthdr.len, size, index); 3187 3188 usbd_xfer_set_frame_len(xfer, 0, size); 3189 usbd_xfer_set_priv(xfer, data); 3190 usbd_transfer_submit(xfer); 3191 run_start(sc); 3192 3193 break; 3194 3195 default: 3196 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3197 "USB transfer error, %s\n", usbd_errstr(error)); 3198 3199 data = usbd_xfer_get_priv(xfer); 3200 3201 if (data != NULL) { 3202 if(data->ni != NULL) 3203 vap = data->ni->ni_vap; 3204 run_tx_free(pq, data, error); 3205 usbd_xfer_set_priv(xfer, NULL); 3206 } 3207 3208 if (vap == NULL) 3209 vap = TAILQ_FIRST(&ic->ic_vaps); 3210 3211 if (error != USB_ERR_CANCELLED) { 3212 if (error == USB_ERR_TIMEOUT) { 3213 device_printf(sc->sc_dev, "device timeout\n"); 3214 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3215 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB, 3216 "cmdq_store=%d\n", i); 3217 sc->cmdq[i].func = run_usb_timeout_cb; 3218 sc->cmdq[i].arg0 = vap; 3219 ieee80211_runtask(ic, &sc->cmdq_task); 3220 } 3221 3222 /* 3223 * Try to clear stall first, also if other 3224 * errors occur, hence clearing stall 3225 * introduces a 50 ms delay: 3226 */ 3227 usbd_xfer_set_stall(xfer); 3228 goto tr_setup; 3229 } 3230 break; 3231 } 3232 } 3233 3234 static void 3235 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3236 { 3237 run_bulk_tx_callbackN(xfer, error, 0); 3238 } 3239 3240 static void 3241 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3242 { 3243 run_bulk_tx_callbackN(xfer, error, 1); 3244 } 3245 3246 static void 3247 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3248 { 3249 run_bulk_tx_callbackN(xfer, error, 2); 3250 } 3251 3252 static void 3253 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3254 { 3255 run_bulk_tx_callbackN(xfer, error, 3); 3256 } 3257 3258 static void 3259 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3260 { 3261 run_bulk_tx_callbackN(xfer, error, 4); 3262 } 3263 3264 static void 3265 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3266 { 3267 run_bulk_tx_callbackN(xfer, error, 5); 3268 } 3269 3270 static void 3271 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3272 { 3273 struct mbuf *m = data->m; 3274 struct ieee80211com *ic = &sc->sc_ic; 3275 struct ieee80211vap *vap = data->ni->ni_vap; 3276 struct ieee80211_frame *wh; 3277 struct rt2870_txd *txd; 3278 struct rt2860_txwi *txwi; 3279 uint16_t xferlen, txwisize; 3280 uint16_t mcs; 3281 uint8_t ridx = data->ridx; 3282 uint8_t pad; 3283 3284 /* get MCS code from rate index */ 3285 mcs = rt2860_rates[ridx].mcs; 3286 3287 txwisize = (sc->mac_ver == 0x5592) ? 3288 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3289 xferlen = txwisize + m->m_pkthdr.len; 3290 3291 /* roundup to 32-bit alignment */ 3292 xferlen = (xferlen + 3) & ~3; 3293 3294 txd = (struct rt2870_txd *)&data->desc; 3295 txd->len = htole16(xferlen); 3296 3297 wh = mtod(m, struct ieee80211_frame *); 3298 3299 /* 3300 * Ether both are true or both are false, the header 3301 * are nicely aligned to 32-bit. So, no L2 padding. 3302 */ 3303 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3304 pad = 0; 3305 else 3306 pad = 2; 3307 3308 /* setup TX Wireless Information */ 3309 txwi = (struct rt2860_txwi *)(txd + 1); 3310 txwi->len = htole16(m->m_pkthdr.len - pad); 3311 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3312 mcs |= RT2860_PHY_CCK; 3313 if (ridx != RT2860_RIDX_CCK1 && 3314 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3315 mcs |= RT2860_PHY_SHPRE; 3316 } else 3317 mcs |= RT2860_PHY_OFDM; 3318 txwi->phy = htole16(mcs); 3319 3320 /* check if RTS/CTS or CTS-to-self protection is required */ 3321 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3322 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3323 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3324 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3325 txwi->txop |= RT2860_TX_TXOP_HT; 3326 else 3327 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3328 3329 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3330 txwi->xflags |= RT2860_TX_NSEQ; 3331 } 3332 3333 /* This function must be called locked */ 3334 static int 3335 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3336 { 3337 struct ieee80211com *ic = &sc->sc_ic; 3338 struct ieee80211vap *vap = ni->ni_vap; 3339 struct ieee80211_frame *wh; 3340 const struct ieee80211_txparam *tp = ni->ni_txparms; 3341 struct run_node *rn = RUN_NODE(ni); 3342 struct run_tx_data *data; 3343 struct rt2870_txd *txd; 3344 struct rt2860_txwi *txwi; 3345 uint16_t qos; 3346 uint16_t dur; 3347 uint16_t qid; 3348 uint8_t type; 3349 uint8_t tid; 3350 uint8_t ridx; 3351 uint8_t ctl_ridx; 3352 uint8_t qflags; 3353 uint8_t xflags = 0; 3354 int hasqos; 3355 3356 RUN_LOCK_ASSERT(sc, MA_OWNED); 3357 3358 wh = mtod(m, struct ieee80211_frame *); 3359 3360 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3361 3362 /* 3363 * There are 7 bulk endpoints: 1 for RX 3364 * and 6 for TX (4 EDCAs + HCCA + Prio). 3365 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3366 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3367 */ 3368 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3369 uint8_t *frm; 3370 3371 frm = ieee80211_getqos(wh); 3372 qos = le16toh(*(const uint16_t *)frm); 3373 tid = qos & IEEE80211_QOS_TID; 3374 qid = TID_TO_WME_AC(tid); 3375 } else { 3376 qos = 0; 3377 tid = 0; 3378 qid = WME_AC_BE; 3379 } 3380 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3381 3382 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3383 qos, qid, tid, qflags); 3384 3385 /* pickup a rate index */ 3386 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3387 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3388 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3389 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3390 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3391 } else { 3392 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3393 ridx = rn->fix_ridx; 3394 else 3395 ridx = rn->amrr_ridx; 3396 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3397 } 3398 3399 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3400 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3401 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3402 xflags |= RT2860_TX_ACK; 3403 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3404 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3405 else 3406 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3407 USETW(wh->i_dur, dur); 3408 } 3409 3410 /* reserve slots for mgmt packets, just in case */ 3411 if (sc->sc_epq[qid].tx_nfree < 3) { 3412 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid); 3413 return (-1); 3414 } 3415 3416 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3417 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3418 sc->sc_epq[qid].tx_nfree--; 3419 3420 txd = (struct rt2870_txd *)&data->desc; 3421 txd->flags = qflags; 3422 txwi = (struct rt2860_txwi *)(txd + 1); 3423 txwi->xflags = xflags; 3424 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3425 txwi->wcid = 0; 3426 else 3427 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3428 1 : RUN_AID2WCID(ni->ni_associd); 3429 3430 /* clear leftover garbage bits */ 3431 txwi->flags = 0; 3432 txwi->txop = 0; 3433 3434 data->m = m; 3435 data->ni = ni; 3436 data->ridx = ridx; 3437 3438 run_set_tx_desc(sc, data); 3439 3440 /* 3441 * The chip keeps track of 2 kind of Tx stats, 3442 * * TX_STAT_FIFO, for per WCID stats, and 3443 * * TX_STA_CNT0 for all-TX-in-one stats. 3444 * 3445 * To use FIFO stats, we need to store MCS into the driver-private 3446 * PacketID field. So that, we can tell whose stats when we read them. 3447 * We add 1 to the MCS because setting the PacketID field to 0 means 3448 * that we don't want feedback in TX_STAT_FIFO. 3449 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3450 * 3451 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3452 */ 3453 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3454 vap->iv_opmode == IEEE80211_M_MBSS) { 3455 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3456 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3457 3458 /* 3459 * Unlike PCI based devices, we don't get any interrupt from 3460 * USB devices, so we simulate FIFO-is-full interrupt here. 3461 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots 3462 * quickly get fulled. To prevent overflow, increment a counter on 3463 * every FIFO stat request, so we know how many slots are left. 3464 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3465 * are used only in those modes. 3466 * We just drain stats. AMRR gets updated every 1 sec by 3467 * run_ratectl_cb() via callout. 3468 * Call it early. Otherwise overflow. 3469 */ 3470 if (sc->fifo_cnt++ == 10) { 3471 /* 3472 * With multiple vaps or if_bridge, if_start() is called 3473 * with a non-sleepable lock, tcpinp. So, need to defer. 3474 */ 3475 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3476 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i); 3477 sc->cmdq[i].func = run_drain_fifo; 3478 sc->cmdq[i].arg0 = sc; 3479 ieee80211_runtask(ic, &sc->cmdq_task); 3480 } 3481 } 3482 3483 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3484 3485 usbd_transfer_start(sc->sc_xfer[qid]); 3486 3487 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3488 "sending data frame len=%d rate=%d qid=%d\n", 3489 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3490 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3491 3492 return (0); 3493 } 3494 3495 static int 3496 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3497 { 3498 struct ieee80211com *ic = &sc->sc_ic; 3499 struct run_node *rn = RUN_NODE(ni); 3500 struct run_tx_data *data; 3501 struct ieee80211_frame *wh; 3502 struct rt2870_txd *txd; 3503 struct rt2860_txwi *txwi; 3504 uint16_t dur; 3505 uint8_t ridx = rn->mgt_ridx; 3506 uint8_t xflags = 0; 3507 uint8_t wflags = 0; 3508 3509 RUN_LOCK_ASSERT(sc, MA_OWNED); 3510 3511 wh = mtod(m, struct ieee80211_frame *); 3512 3513 /* tell hardware to add timestamp for probe responses */ 3514 if ((wh->i_fc[0] & 3515 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3516 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3517 wflags |= RT2860_TX_TS; 3518 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3519 xflags |= RT2860_TX_ACK; 3520 3521 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3522 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3523 USETW(wh->i_dur, dur); 3524 } 3525 3526 if (sc->sc_epq[0].tx_nfree == 0) 3527 /* let caller free mbuf */ 3528 return (EIO); 3529 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3530 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3531 sc->sc_epq[0].tx_nfree--; 3532 3533 txd = (struct rt2870_txd *)&data->desc; 3534 txd->flags = RT2860_TX_QSEL_EDCA; 3535 txwi = (struct rt2860_txwi *)(txd + 1); 3536 txwi->wcid = 0xff; 3537 txwi->flags = wflags; 3538 txwi->xflags = xflags; 3539 txwi->txop = 0; /* clear leftover garbage bits */ 3540 3541 data->m = m; 3542 data->ni = ni; 3543 data->ridx = ridx; 3544 3545 run_set_tx_desc(sc, data); 3546 3547 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n", 3548 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3549 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate); 3550 3551 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3552 3553 usbd_transfer_start(sc->sc_xfer[0]); 3554 3555 return (0); 3556 } 3557 3558 static int 3559 run_sendprot(struct run_softc *sc, 3560 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3561 { 3562 struct ieee80211com *ic = ni->ni_ic; 3563 struct run_tx_data *data; 3564 struct rt2870_txd *txd; 3565 struct rt2860_txwi *txwi; 3566 struct mbuf *mprot; 3567 int ridx; 3568 int protrate; 3569 uint8_t wflags = 0; 3570 uint8_t xflags = 0; 3571 3572 RUN_LOCK_ASSERT(sc, MA_OWNED); 3573 3574 /* check that there are free slots before allocating the mbuf */ 3575 if (sc->sc_epq[0].tx_nfree == 0) 3576 /* let caller free mbuf */ 3577 return (ENOBUFS); 3578 3579 mprot = ieee80211_alloc_prot(ni, m, rate, prot); 3580 if (mprot == NULL) { 3581 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1); 3582 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n"); 3583 return (ENOBUFS); 3584 } 3585 3586 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3587 wflags = RT2860_TX_FRAG; 3588 xflags = 0; 3589 if (prot == IEEE80211_PROT_RTSCTS) 3590 xflags |= RT2860_TX_ACK; 3591 3592 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3593 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3594 sc->sc_epq[0].tx_nfree--; 3595 3596 txd = (struct rt2870_txd *)&data->desc; 3597 txd->flags = RT2860_TX_QSEL_EDCA; 3598 txwi = (struct rt2860_txwi *)(txd + 1); 3599 txwi->wcid = 0xff; 3600 txwi->flags = wflags; 3601 txwi->xflags = xflags; 3602 txwi->txop = 0; /* clear leftover garbage bits */ 3603 3604 data->m = mprot; 3605 data->ni = ieee80211_ref_node(ni); 3606 3607 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3608 if (rt2860_rates[ridx].rate == protrate) 3609 break; 3610 data->ridx = ridx; 3611 3612 run_set_tx_desc(sc, data); 3613 3614 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n", 3615 m->m_pkthdr.len, rate); 3616 3617 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3618 3619 usbd_transfer_start(sc->sc_xfer[0]); 3620 3621 return (0); 3622 } 3623 3624 static int 3625 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3626 const struct ieee80211_bpf_params *params) 3627 { 3628 struct ieee80211com *ic = ni->ni_ic; 3629 struct run_tx_data *data; 3630 struct rt2870_txd *txd; 3631 struct rt2860_txwi *txwi; 3632 uint8_t ridx; 3633 uint8_t rate; 3634 uint8_t opflags = 0; 3635 uint8_t xflags = 0; 3636 int error; 3637 3638 RUN_LOCK_ASSERT(sc, MA_OWNED); 3639 3640 KASSERT(params != NULL, ("no raw xmit params")); 3641 3642 rate = params->ibp_rate0; 3643 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3644 /* let caller free mbuf */ 3645 return (EINVAL); 3646 } 3647 3648 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3649 xflags |= RT2860_TX_ACK; 3650 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3651 error = run_sendprot(sc, m, ni, 3652 params->ibp_flags & IEEE80211_BPF_RTS ? 3653 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3654 rate); 3655 if (error) { 3656 /* let caller free mbuf */ 3657 return error; 3658 } 3659 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3660 } 3661 3662 if (sc->sc_epq[0].tx_nfree == 0) { 3663 /* let caller free mbuf */ 3664 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, 3665 "sending raw frame, but tx ring is full\n"); 3666 return (EIO); 3667 } 3668 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3669 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3670 sc->sc_epq[0].tx_nfree--; 3671 3672 txd = (struct rt2870_txd *)&data->desc; 3673 txd->flags = RT2860_TX_QSEL_EDCA; 3674 txwi = (struct rt2860_txwi *)(txd + 1); 3675 txwi->wcid = 0xff; 3676 txwi->xflags = xflags; 3677 txwi->txop = opflags; 3678 txwi->flags = 0; /* clear leftover garbage bits */ 3679 3680 data->m = m; 3681 data->ni = ni; 3682 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3683 if (rt2860_rates[ridx].rate == rate) 3684 break; 3685 data->ridx = ridx; 3686 3687 run_set_tx_desc(sc, data); 3688 3689 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n", 3690 m->m_pkthdr.len, rate); 3691 3692 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3693 3694 usbd_transfer_start(sc->sc_xfer[0]); 3695 3696 return (0); 3697 } 3698 3699 static int 3700 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3701 const struct ieee80211_bpf_params *params) 3702 { 3703 struct run_softc *sc = ni->ni_ic->ic_softc; 3704 int error = 0; 3705 3706 RUN_LOCK(sc); 3707 3708 /* prevent management frames from being sent if we're not ready */ 3709 if (!(sc->sc_flags & RUN_RUNNING)) { 3710 error = ENETDOWN; 3711 goto done; 3712 } 3713 3714 if (params == NULL) { 3715 /* tx mgt packet */ 3716 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3717 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n"); 3718 goto done; 3719 } 3720 } else { 3721 /* tx raw packet with param */ 3722 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3723 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n"); 3724 goto done; 3725 } 3726 } 3727 3728 done: 3729 RUN_UNLOCK(sc); 3730 3731 if (error != 0) { 3732 if(m != NULL) 3733 m_freem(m); 3734 } 3735 3736 return (error); 3737 } 3738 3739 static int 3740 run_transmit(struct ieee80211com *ic, struct mbuf *m) 3741 { 3742 struct run_softc *sc = ic->ic_softc; 3743 int error; 3744 3745 RUN_LOCK(sc); 3746 if ((sc->sc_flags & RUN_RUNNING) == 0) { 3747 RUN_UNLOCK(sc); 3748 return (ENXIO); 3749 } 3750 error = mbufq_enqueue(&sc->sc_snd, m); 3751 if (error) { 3752 RUN_UNLOCK(sc); 3753 return (error); 3754 } 3755 run_start(sc); 3756 RUN_UNLOCK(sc); 3757 3758 return (0); 3759 } 3760 3761 static void 3762 run_start(struct run_softc *sc) 3763 { 3764 struct ieee80211_node *ni; 3765 struct mbuf *m; 3766 3767 RUN_LOCK_ASSERT(sc, MA_OWNED); 3768 3769 if ((sc->sc_flags & RUN_RUNNING) == 0) 3770 return; 3771 3772 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) { 3773 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3774 if (run_tx(sc, m, ni) != 0) { 3775 mbufq_prepend(&sc->sc_snd, m); 3776 break; 3777 } 3778 } 3779 } 3780 3781 static void 3782 run_parent(struct ieee80211com *ic) 3783 { 3784 struct run_softc *sc = ic->ic_softc; 3785 int startall = 0; 3786 3787 RUN_LOCK(sc); 3788 if (sc->sc_detached) { 3789 RUN_UNLOCK(sc); 3790 return; 3791 } 3792 3793 if (ic->ic_nrunning > 0) { 3794 if (!(sc->sc_flags & RUN_RUNNING)) { 3795 startall = 1; 3796 run_init_locked(sc); 3797 } else 3798 run_update_promisc_locked(sc); 3799 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1) 3800 run_stop(sc); 3801 RUN_UNLOCK(sc); 3802 if (startall) 3803 ieee80211_start_all(ic); 3804 } 3805 3806 static void 3807 run_iq_calib(struct run_softc *sc, u_int chan) 3808 { 3809 uint16_t val; 3810 3811 /* Tx0 IQ gain. */ 3812 run_bbp_write(sc, 158, 0x2c); 3813 if (chan <= 14) 3814 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3815 else if (chan <= 64) { 3816 run_efuse_read(sc, 3817 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3818 &val, 1); 3819 } else if (chan <= 138) { 3820 run_efuse_read(sc, 3821 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3822 &val, 1); 3823 } else if (chan <= 165) { 3824 run_efuse_read(sc, 3825 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3826 &val, 1); 3827 } else 3828 val = 0; 3829 run_bbp_write(sc, 159, val); 3830 3831 /* Tx0 IQ phase. */ 3832 run_bbp_write(sc, 158, 0x2d); 3833 if (chan <= 14) { 3834 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3835 &val, 1); 3836 } else if (chan <= 64) { 3837 run_efuse_read(sc, 3838 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3839 &val, 1); 3840 } else if (chan <= 138) { 3841 run_efuse_read(sc, 3842 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3843 &val, 1); 3844 } else if (chan <= 165) { 3845 run_efuse_read(sc, 3846 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3847 &val, 1); 3848 } else 3849 val = 0; 3850 run_bbp_write(sc, 159, val); 3851 3852 /* Tx1 IQ gain. */ 3853 run_bbp_write(sc, 158, 0x4a); 3854 if (chan <= 14) { 3855 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3856 &val, 1); 3857 } else if (chan <= 64) { 3858 run_efuse_read(sc, 3859 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3860 &val, 1); 3861 } else if (chan <= 138) { 3862 run_efuse_read(sc, 3863 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3864 &val, 1); 3865 } else if (chan <= 165) { 3866 run_efuse_read(sc, 3867 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3868 &val, 1); 3869 } else 3870 val = 0; 3871 run_bbp_write(sc, 159, val); 3872 3873 /* Tx1 IQ phase. */ 3874 run_bbp_write(sc, 158, 0x4b); 3875 if (chan <= 14) { 3876 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3877 &val, 1); 3878 } else if (chan <= 64) { 3879 run_efuse_read(sc, 3880 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3881 &val, 1); 3882 } else if (chan <= 138) { 3883 run_efuse_read(sc, 3884 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3885 &val, 1); 3886 } else if (chan <= 165) { 3887 run_efuse_read(sc, 3888 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3889 &val, 1); 3890 } else 3891 val = 0; 3892 run_bbp_write(sc, 159, val); 3893 3894 /* RF IQ compensation control. */ 3895 run_bbp_write(sc, 158, 0x04); 3896 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3897 &val, 1); 3898 run_bbp_write(sc, 159, val); 3899 3900 /* RF IQ imbalance compensation control. */ 3901 run_bbp_write(sc, 158, 0x03); 3902 run_efuse_read(sc, 3903 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3904 run_bbp_write(sc, 159, val); 3905 } 3906 3907 static void 3908 run_set_agc(struct run_softc *sc, uint8_t agc) 3909 { 3910 uint8_t bbp; 3911 3912 if (sc->mac_ver == 0x3572) { 3913 run_bbp_read(sc, 27, &bbp); 3914 bbp &= ~(0x3 << 5); 3915 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3916 run_bbp_write(sc, 66, agc); 3917 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3918 run_bbp_write(sc, 66, agc); 3919 } else 3920 run_bbp_write(sc, 66, agc); 3921 } 3922 3923 static void 3924 run_select_chan_group(struct run_softc *sc, int group) 3925 { 3926 uint32_t tmp; 3927 uint8_t agc; 3928 3929 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3930 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3931 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3932 if (sc->mac_ver < 0x3572) 3933 run_bbp_write(sc, 86, 0x00); 3934 3935 if (sc->mac_ver == 0x3593) { 3936 run_bbp_write(sc, 77, 0x98); 3937 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3938 } 3939 3940 if (group == 0) { 3941 if (sc->ext_2ghz_lna) { 3942 if (sc->mac_ver >= 0x5390) 3943 run_bbp_write(sc, 75, 0x52); 3944 else { 3945 run_bbp_write(sc, 82, 0x62); 3946 run_bbp_write(sc, 75, 0x46); 3947 } 3948 } else { 3949 if (sc->mac_ver == 0x5592) { 3950 run_bbp_write(sc, 79, 0x1c); 3951 run_bbp_write(sc, 80, 0x0e); 3952 run_bbp_write(sc, 81, 0x3a); 3953 run_bbp_write(sc, 82, 0x62); 3954 3955 run_bbp_write(sc, 195, 0x80); 3956 run_bbp_write(sc, 196, 0xe0); 3957 run_bbp_write(sc, 195, 0x81); 3958 run_bbp_write(sc, 196, 0x1f); 3959 run_bbp_write(sc, 195, 0x82); 3960 run_bbp_write(sc, 196, 0x38); 3961 run_bbp_write(sc, 195, 0x83); 3962 run_bbp_write(sc, 196, 0x32); 3963 run_bbp_write(sc, 195, 0x85); 3964 run_bbp_write(sc, 196, 0x28); 3965 run_bbp_write(sc, 195, 0x86); 3966 run_bbp_write(sc, 196, 0x19); 3967 } else if (sc->mac_ver >= 0x5390) 3968 run_bbp_write(sc, 75, 0x50); 3969 else { 3970 run_bbp_write(sc, 82, 3971 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3972 run_bbp_write(sc, 75, 0x50); 3973 } 3974 } 3975 } else { 3976 if (sc->mac_ver == 0x5592) { 3977 run_bbp_write(sc, 79, 0x18); 3978 run_bbp_write(sc, 80, 0x08); 3979 run_bbp_write(sc, 81, 0x38); 3980 run_bbp_write(sc, 82, 0x92); 3981 3982 run_bbp_write(sc, 195, 0x80); 3983 run_bbp_write(sc, 196, 0xf0); 3984 run_bbp_write(sc, 195, 0x81); 3985 run_bbp_write(sc, 196, 0x1e); 3986 run_bbp_write(sc, 195, 0x82); 3987 run_bbp_write(sc, 196, 0x28); 3988 run_bbp_write(sc, 195, 0x83); 3989 run_bbp_write(sc, 196, 0x20); 3990 run_bbp_write(sc, 195, 0x85); 3991 run_bbp_write(sc, 196, 0x7f); 3992 run_bbp_write(sc, 195, 0x86); 3993 run_bbp_write(sc, 196, 0x7f); 3994 } else if (sc->mac_ver == 0x3572) 3995 run_bbp_write(sc, 82, 0x94); 3996 else 3997 run_bbp_write(sc, 82, 3998 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 3999 if (sc->ext_5ghz_lna) 4000 run_bbp_write(sc, 75, 0x46); 4001 else 4002 run_bbp_write(sc, 75, 0x50); 4003 } 4004 4005 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4006 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4007 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4008 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4009 4010 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4011 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4012 if (sc->mac_ver == 0x3593) 4013 tmp |= 1 << 29 | 1 << 28; 4014 if (sc->nrxchains > 1) 4015 tmp |= RT2860_LNA_PE1_EN; 4016 if (group == 0) { /* 2GHz */ 4017 tmp |= RT2860_PA_PE_G0_EN; 4018 if (sc->ntxchains > 1) 4019 tmp |= RT2860_PA_PE_G1_EN; 4020 if (sc->mac_ver == 0x3593) { 4021 if (sc->ntxchains > 2) 4022 tmp |= 1 << 25; 4023 } 4024 } else { /* 5GHz */ 4025 tmp |= RT2860_PA_PE_A0_EN; 4026 if (sc->ntxchains > 1) 4027 tmp |= RT2860_PA_PE_A1_EN; 4028 } 4029 if (sc->mac_ver == 0x3572) { 4030 run_rt3070_rf_write(sc, 8, 0x00); 4031 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4032 run_rt3070_rf_write(sc, 8, 0x80); 4033 } else 4034 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4035 4036 if (sc->mac_ver == 0x5592) { 4037 run_bbp_write(sc, 195, 0x8d); 4038 run_bbp_write(sc, 196, 0x1a); 4039 } 4040 4041 if (sc->mac_ver == 0x3593) { 4042 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4043 tmp &= ~0x01010000; 4044 if (group == 0) 4045 tmp |= 0x00010000; 4046 tmp = (tmp & ~0x00009090) | 0x00000090; 4047 run_write(sc, RT2860_GPIO_CTRL, tmp); 4048 } 4049 4050 /* set initial AGC value */ 4051 if (group == 0) { /* 2GHz band */ 4052 if (sc->mac_ver >= 0x3070) 4053 agc = 0x1c + sc->lna[0] * 2; 4054 else 4055 agc = 0x2e + sc->lna[0]; 4056 } else { /* 5GHz band */ 4057 if (sc->mac_ver == 0x5592) 4058 agc = 0x24 + sc->lna[group] * 2; 4059 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4060 agc = 0x22 + (sc->lna[group] * 5) / 3; 4061 else 4062 agc = 0x32 + (sc->lna[group] * 5) / 3; 4063 } 4064 run_set_agc(sc, agc); 4065 } 4066 4067 static void 4068 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4069 { 4070 const struct rfprog *rfprog = rt2860_rf2850; 4071 uint32_t r2, r3, r4; 4072 int8_t txpow1, txpow2; 4073 int i; 4074 4075 /* find the settings for this channel (we know it exists) */ 4076 for (i = 0; rfprog[i].chan != chan; i++); 4077 4078 r2 = rfprog[i].r2; 4079 if (sc->ntxchains == 1) 4080 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4081 if (sc->nrxchains == 1) 4082 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4083 else if (sc->nrxchains == 2) 4084 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4085 4086 /* use Tx power values from EEPROM */ 4087 txpow1 = sc->txpow1[i]; 4088 txpow2 = sc->txpow2[i]; 4089 4090 /* Initialize RF R3 and R4. */ 4091 r3 = rfprog[i].r3 & 0xffffc1ff; 4092 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4093 if (chan > 14) { 4094 if (txpow1 >= 0) { 4095 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4096 r3 |= (txpow1 << 10) | (1 << 9); 4097 } else { 4098 txpow1 += 7; 4099 4100 /* txpow1 is not possible larger than 15. */ 4101 r3 |= (txpow1 << 10); 4102 } 4103 if (txpow2 >= 0) { 4104 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4105 r4 |= (txpow2 << 7) | (1 << 6); 4106 } else { 4107 txpow2 += 7; 4108 r4 |= (txpow2 << 7); 4109 } 4110 } else { 4111 /* Set Tx0 power. */ 4112 r3 |= (txpow1 << 9); 4113 4114 /* Set frequency offset and Tx1 power. */ 4115 r4 |= (txpow2 << 6); 4116 } 4117 4118 run_rt2870_rf_write(sc, rfprog[i].r1); 4119 run_rt2870_rf_write(sc, r2); 4120 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4121 run_rt2870_rf_write(sc, r4); 4122 4123 run_delay(sc, 10); 4124 4125 run_rt2870_rf_write(sc, rfprog[i].r1); 4126 run_rt2870_rf_write(sc, r2); 4127 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4128 run_rt2870_rf_write(sc, r4); 4129 4130 run_delay(sc, 10); 4131 4132 run_rt2870_rf_write(sc, rfprog[i].r1); 4133 run_rt2870_rf_write(sc, r2); 4134 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4135 run_rt2870_rf_write(sc, r4); 4136 } 4137 4138 static void 4139 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4140 { 4141 int8_t txpow1, txpow2; 4142 uint8_t rf; 4143 int i; 4144 4145 /* find the settings for this channel (we know it exists) */ 4146 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4147 4148 /* use Tx power values from EEPROM */ 4149 txpow1 = sc->txpow1[i]; 4150 txpow2 = sc->txpow2[i]; 4151 4152 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4153 4154 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4155 run_rt3070_rf_read(sc, 3, &rf); 4156 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4157 run_rt3070_rf_write(sc, 3, rf); 4158 4159 run_rt3070_rf_read(sc, 6, &rf); 4160 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4161 run_rt3070_rf_write(sc, 6, rf); 4162 4163 /* set Tx0 power */ 4164 run_rt3070_rf_read(sc, 12, &rf); 4165 rf = (rf & ~0x1f) | txpow1; 4166 run_rt3070_rf_write(sc, 12, rf); 4167 4168 /* set Tx1 power */ 4169 run_rt3070_rf_read(sc, 13, &rf); 4170 rf = (rf & ~0x1f) | txpow2; 4171 run_rt3070_rf_write(sc, 13, rf); 4172 4173 run_rt3070_rf_read(sc, 1, &rf); 4174 rf &= ~0xfc; 4175 if (sc->ntxchains == 1) 4176 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4177 else if (sc->ntxchains == 2) 4178 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4179 if (sc->nrxchains == 1) 4180 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4181 else if (sc->nrxchains == 2) 4182 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4183 run_rt3070_rf_write(sc, 1, rf); 4184 4185 /* set RF offset */ 4186 run_rt3070_rf_read(sc, 23, &rf); 4187 rf = (rf & ~0x7f) | sc->freq; 4188 run_rt3070_rf_write(sc, 23, rf); 4189 4190 /* program RF filter */ 4191 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4192 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4193 run_rt3070_rf_write(sc, 24, rf); 4194 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4195 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4196 run_rt3070_rf_write(sc, 31, rf); 4197 4198 /* enable RF tuning */ 4199 run_rt3070_rf_read(sc, 7, &rf); 4200 run_rt3070_rf_write(sc, 7, rf | 0x01); 4201 } 4202 4203 static void 4204 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4205 { 4206 int8_t txpow1, txpow2; 4207 uint32_t tmp; 4208 uint8_t rf; 4209 int i; 4210 4211 /* find the settings for this channel (we know it exists) */ 4212 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4213 4214 /* use Tx power values from EEPROM */ 4215 txpow1 = sc->txpow1[i]; 4216 txpow2 = sc->txpow2[i]; 4217 4218 if (chan <= 14) { 4219 run_bbp_write(sc, 25, sc->bbp25); 4220 run_bbp_write(sc, 26, sc->bbp26); 4221 } else { 4222 /* enable IQ phase correction */ 4223 run_bbp_write(sc, 25, 0x09); 4224 run_bbp_write(sc, 26, 0xff); 4225 } 4226 4227 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4228 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4229 run_rt3070_rf_read(sc, 6, &rf); 4230 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4231 rf |= (chan <= 14) ? 0x08 : 0x04; 4232 run_rt3070_rf_write(sc, 6, rf); 4233 4234 /* set PLL mode */ 4235 run_rt3070_rf_read(sc, 5, &rf); 4236 rf &= ~(0x08 | 0x04); 4237 rf |= (chan <= 14) ? 0x04 : 0x08; 4238 run_rt3070_rf_write(sc, 5, rf); 4239 4240 /* set Tx power for chain 0 */ 4241 if (chan <= 14) 4242 rf = 0x60 | txpow1; 4243 else 4244 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4245 run_rt3070_rf_write(sc, 12, rf); 4246 4247 /* set Tx power for chain 1 */ 4248 if (chan <= 14) 4249 rf = 0x60 | txpow2; 4250 else 4251 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4252 run_rt3070_rf_write(sc, 13, rf); 4253 4254 /* set Tx/Rx streams */ 4255 run_rt3070_rf_read(sc, 1, &rf); 4256 rf &= ~0xfc; 4257 if (sc->ntxchains == 1) 4258 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4259 else if (sc->ntxchains == 2) 4260 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4261 if (sc->nrxchains == 1) 4262 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4263 else if (sc->nrxchains == 2) 4264 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4265 run_rt3070_rf_write(sc, 1, rf); 4266 4267 /* set RF offset */ 4268 run_rt3070_rf_read(sc, 23, &rf); 4269 rf = (rf & ~0x7f) | sc->freq; 4270 run_rt3070_rf_write(sc, 23, rf); 4271 4272 /* program RF filter */ 4273 rf = sc->rf24_20mhz; 4274 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4275 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4276 4277 /* enable RF tuning */ 4278 run_rt3070_rf_read(sc, 7, &rf); 4279 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4280 run_rt3070_rf_write(sc, 7, rf); 4281 4282 /* TSSI */ 4283 rf = (chan <= 14) ? 0xc3 : 0xc0; 4284 run_rt3070_rf_write(sc, 9, rf); 4285 4286 /* set loop filter 1 */ 4287 run_rt3070_rf_write(sc, 10, 0xf1); 4288 /* set loop filter 2 */ 4289 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4290 4291 /* set tx_mx2_ic */ 4292 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4293 /* set tx_mx1_ic */ 4294 if (chan <= 14) 4295 rf = 0x48 | sc->txmixgain_2ghz; 4296 else 4297 rf = 0x78 | sc->txmixgain_5ghz; 4298 run_rt3070_rf_write(sc, 16, rf); 4299 4300 /* set tx_lo1 */ 4301 run_rt3070_rf_write(sc, 17, 0x23); 4302 /* set tx_lo2 */ 4303 if (chan <= 14) 4304 rf = 0x93; 4305 else if (chan <= 64) 4306 rf = 0xb7; 4307 else if (chan <= 128) 4308 rf = 0x74; 4309 else 4310 rf = 0x72; 4311 run_rt3070_rf_write(sc, 19, rf); 4312 4313 /* set rx_lo1 */ 4314 if (chan <= 14) 4315 rf = 0xb3; 4316 else if (chan <= 64) 4317 rf = 0xf6; 4318 else if (chan <= 128) 4319 rf = 0xf4; 4320 else 4321 rf = 0xf3; 4322 run_rt3070_rf_write(sc, 20, rf); 4323 4324 /* set pfd_delay */ 4325 if (chan <= 14) 4326 rf = 0x15; 4327 else if (chan <= 64) 4328 rf = 0x3d; 4329 else 4330 rf = 0x01; 4331 run_rt3070_rf_write(sc, 25, rf); 4332 4333 /* set rx_lo2 */ 4334 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4335 /* set ldo_rf_vc */ 4336 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4337 /* set drv_cc */ 4338 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4339 4340 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4341 tmp &= ~0x8080; 4342 if (chan <= 14) 4343 tmp |= 0x80; 4344 run_write(sc, RT2860_GPIO_CTRL, tmp); 4345 4346 /* enable RF tuning */ 4347 run_rt3070_rf_read(sc, 7, &rf); 4348 run_rt3070_rf_write(sc, 7, rf | 0x01); 4349 4350 run_delay(sc, 2); 4351 } 4352 4353 static void 4354 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4355 { 4356 int8_t txpow1, txpow2, txpow3; 4357 uint8_t h20mhz, rf; 4358 int i; 4359 4360 /* find the settings for this channel (we know it exists) */ 4361 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4362 4363 /* use Tx power values from EEPROM */ 4364 txpow1 = sc->txpow1[i]; 4365 txpow2 = sc->txpow2[i]; 4366 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4367 4368 if (chan <= 14) { 4369 run_bbp_write(sc, 25, sc->bbp25); 4370 run_bbp_write(sc, 26, sc->bbp26); 4371 } else { 4372 /* Enable IQ phase correction. */ 4373 run_bbp_write(sc, 25, 0x09); 4374 run_bbp_write(sc, 26, 0xff); 4375 } 4376 4377 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4378 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4379 run_rt3070_rf_read(sc, 11, &rf); 4380 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4381 run_rt3070_rf_write(sc, 11, rf); 4382 4383 /* Set pll_idoh. */ 4384 run_rt3070_rf_read(sc, 11, &rf); 4385 rf &= ~0x4c; 4386 rf |= (chan <= 14) ? 0x44 : 0x48; 4387 run_rt3070_rf_write(sc, 11, rf); 4388 4389 if (chan <= 14) 4390 rf = txpow1 & 0x1f; 4391 else 4392 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4393 run_rt3070_rf_write(sc, 53, rf); 4394 4395 if (chan <= 14) 4396 rf = txpow2 & 0x1f; 4397 else 4398 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4399 run_rt3070_rf_write(sc, 55, rf); 4400 4401 if (chan <= 14) 4402 rf = txpow3 & 0x1f; 4403 else 4404 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4405 run_rt3070_rf_write(sc, 54, rf); 4406 4407 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4408 if (sc->ntxchains == 3) 4409 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4410 else 4411 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4412 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4413 run_rt3070_rf_write(sc, 1, rf); 4414 4415 run_adjust_freq_offset(sc); 4416 4417 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4418 4419 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4420 run_rt3070_rf_read(sc, 30, &rf); 4421 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4422 run_rt3070_rf_write(sc, 30, rf); 4423 4424 run_rt3070_rf_read(sc, 36, &rf); 4425 if (chan <= 14) 4426 rf |= 0x80; 4427 else 4428 rf &= ~0x80; 4429 run_rt3070_rf_write(sc, 36, rf); 4430 4431 /* Set vcolo_bs. */ 4432 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4433 /* Set pfd_delay. */ 4434 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4435 4436 /* Set vco bias current control. */ 4437 run_rt3070_rf_read(sc, 6, &rf); 4438 rf &= ~0xc0; 4439 if (chan <= 14) 4440 rf |= 0x40; 4441 else if (chan <= 128) 4442 rf |= 0x80; 4443 else 4444 rf |= 0x40; 4445 run_rt3070_rf_write(sc, 6, rf); 4446 4447 run_rt3070_rf_read(sc, 30, &rf); 4448 rf = (rf & ~0x18) | 0x10; 4449 run_rt3070_rf_write(sc, 30, rf); 4450 4451 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4452 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4453 4454 run_rt3070_rf_read(sc, 51, &rf); 4455 rf = (rf & ~0x03) | 0x01; 4456 run_rt3070_rf_write(sc, 51, rf); 4457 /* Set tx_mx1_cc. */ 4458 run_rt3070_rf_read(sc, 51, &rf); 4459 rf &= ~0x1c; 4460 rf |= (chan <= 14) ? 0x14 : 0x10; 4461 run_rt3070_rf_write(sc, 51, rf); 4462 /* Set tx_mx1_ic. */ 4463 run_rt3070_rf_read(sc, 51, &rf); 4464 rf &= ~0xe0; 4465 rf |= (chan <= 14) ? 0x60 : 0x40; 4466 run_rt3070_rf_write(sc, 51, rf); 4467 /* Set tx_lo1_ic. */ 4468 run_rt3070_rf_read(sc, 49, &rf); 4469 rf &= ~0x1c; 4470 rf |= (chan <= 14) ? 0x0c : 0x08; 4471 run_rt3070_rf_write(sc, 49, rf); 4472 /* Set tx_lo1_en. */ 4473 run_rt3070_rf_read(sc, 50, &rf); 4474 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4475 /* Set drv_cc. */ 4476 run_rt3070_rf_read(sc, 57, &rf); 4477 rf &= ~0xfc; 4478 rf |= (chan <= 14) ? 0x6c : 0x3c; 4479 run_rt3070_rf_write(sc, 57, rf); 4480 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4481 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4482 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4483 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4484 /* Enable VCO calibration. */ 4485 run_rt3070_rf_read(sc, 3, &rf); 4486 rf &= ~RT5390_VCOCAL; 4487 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4488 run_rt3070_rf_write(sc, 3, rf); 4489 4490 if (chan <= 14) 4491 rf = 0x23; 4492 else if (chan <= 64) 4493 rf = 0x36; 4494 else if (chan <= 128) 4495 rf = 0x32; 4496 else 4497 rf = 0x30; 4498 run_rt3070_rf_write(sc, 39, rf); 4499 if (chan <= 14) 4500 rf = 0xbb; 4501 else if (chan <= 64) 4502 rf = 0xeb; 4503 else if (chan <= 128) 4504 rf = 0xb3; 4505 else 4506 rf = 0x9b; 4507 run_rt3070_rf_write(sc, 45, rf); 4508 4509 /* Set FEQ/AEQ control. */ 4510 run_bbp_write(sc, 105, 0x34); 4511 } 4512 4513 static void 4514 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4515 { 4516 int8_t txpow1, txpow2; 4517 uint8_t rf; 4518 int i; 4519 4520 /* find the settings for this channel (we know it exists) */ 4521 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4522 4523 /* use Tx power values from EEPROM */ 4524 txpow1 = sc->txpow1[i]; 4525 txpow2 = sc->txpow2[i]; 4526 4527 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4528 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4529 run_rt3070_rf_read(sc, 11, &rf); 4530 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4531 run_rt3070_rf_write(sc, 11, rf); 4532 4533 run_rt3070_rf_read(sc, 49, &rf); 4534 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4535 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4536 if ((rf & 0x3f) > 0x27) 4537 rf = (rf & ~0x3f) | 0x27; 4538 run_rt3070_rf_write(sc, 49, rf); 4539 4540 if (sc->mac_ver == 0x5392) { 4541 run_rt3070_rf_read(sc, 50, &rf); 4542 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4543 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4544 if ((rf & 0x3f) > 0x27) 4545 rf = (rf & ~0x3f) | 0x27; 4546 run_rt3070_rf_write(sc, 50, rf); 4547 } 4548 4549 run_rt3070_rf_read(sc, 1, &rf); 4550 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4551 if (sc->mac_ver == 0x5392) 4552 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4553 run_rt3070_rf_write(sc, 1, rf); 4554 4555 if (sc->mac_ver != 0x5392) { 4556 run_rt3070_rf_read(sc, 2, &rf); 4557 rf |= 0x80; 4558 run_rt3070_rf_write(sc, 2, rf); 4559 run_delay(sc, 10); 4560 rf &= 0x7f; 4561 run_rt3070_rf_write(sc, 2, rf); 4562 } 4563 4564 run_adjust_freq_offset(sc); 4565 4566 if (sc->mac_ver == 0x5392) { 4567 /* Fix for RT5392C. */ 4568 if (sc->mac_rev >= 0x0223) { 4569 if (chan <= 4) 4570 rf = 0x0f; 4571 else if (chan >= 5 && chan <= 7) 4572 rf = 0x0e; 4573 else 4574 rf = 0x0d; 4575 run_rt3070_rf_write(sc, 23, rf); 4576 4577 if (chan <= 4) 4578 rf = 0x0c; 4579 else if (chan == 5) 4580 rf = 0x0b; 4581 else if (chan >= 6 && chan <= 7) 4582 rf = 0x0a; 4583 else if (chan >= 8 && chan <= 10) 4584 rf = 0x09; 4585 else 4586 rf = 0x08; 4587 run_rt3070_rf_write(sc, 59, rf); 4588 } else { 4589 if (chan <= 11) 4590 rf = 0x0f; 4591 else 4592 rf = 0x0b; 4593 run_rt3070_rf_write(sc, 59, rf); 4594 } 4595 } else { 4596 /* Fix for RT5390F. */ 4597 if (sc->mac_rev >= 0x0502) { 4598 if (chan <= 11) 4599 rf = 0x43; 4600 else 4601 rf = 0x23; 4602 run_rt3070_rf_write(sc, 55, rf); 4603 4604 if (chan <= 11) 4605 rf = 0x0f; 4606 else if (chan == 12) 4607 rf = 0x0d; 4608 else 4609 rf = 0x0b; 4610 run_rt3070_rf_write(sc, 59, rf); 4611 } else { 4612 run_rt3070_rf_write(sc, 55, 0x44); 4613 run_rt3070_rf_write(sc, 59, 0x8f); 4614 } 4615 } 4616 4617 /* Enable VCO calibration. */ 4618 run_rt3070_rf_read(sc, 3, &rf); 4619 rf |= RT5390_VCOCAL; 4620 run_rt3070_rf_write(sc, 3, rf); 4621 } 4622 4623 static void 4624 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4625 { 4626 const struct rt5592_freqs *freqs; 4627 uint32_t tmp; 4628 uint8_t reg, rf, txpow_bound; 4629 int8_t txpow1, txpow2; 4630 int i; 4631 4632 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4633 freqs = (tmp & RT5592_SEL_XTAL) ? 4634 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4635 4636 /* find the settings for this channel (we know it exists) */ 4637 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4638 4639 /* use Tx power values from EEPROM */ 4640 txpow1 = sc->txpow1[i]; 4641 txpow2 = sc->txpow2[i]; 4642 4643 run_read(sc, RT3070_LDO_CFG0, &tmp); 4644 tmp &= ~0x1c000000; 4645 if (chan > 14) 4646 tmp |= 0x14000000; 4647 run_write(sc, RT3070_LDO_CFG0, tmp); 4648 4649 /* N setting. */ 4650 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4651 run_rt3070_rf_read(sc, 9, &rf); 4652 rf &= ~(1 << 4); 4653 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4654 run_rt3070_rf_write(sc, 9, rf); 4655 4656 /* K setting. */ 4657 run_rt3070_rf_read(sc, 9, &rf); 4658 rf &= ~0x0f; 4659 rf |= (freqs->k & 0x0f); 4660 run_rt3070_rf_write(sc, 9, rf); 4661 4662 /* Mode setting. */ 4663 run_rt3070_rf_read(sc, 11, &rf); 4664 rf &= ~0x0c; 4665 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4666 run_rt3070_rf_write(sc, 11, rf); 4667 run_rt3070_rf_read(sc, 9, &rf); 4668 rf &= ~(1 << 7); 4669 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4670 run_rt3070_rf_write(sc, 9, rf); 4671 4672 /* R setting. */ 4673 run_rt3070_rf_read(sc, 11, &rf); 4674 rf &= ~0x03; 4675 rf |= (freqs->r - 0x1); 4676 run_rt3070_rf_write(sc, 11, rf); 4677 4678 if (chan <= 14) { 4679 /* Initialize RF registers for 2GHZ. */ 4680 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4681 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4682 rt5592_2ghz_def_rf[i].val); 4683 } 4684 4685 rf = (chan <= 10) ? 0x07 : 0x06; 4686 run_rt3070_rf_write(sc, 23, rf); 4687 run_rt3070_rf_write(sc, 59, rf); 4688 4689 run_rt3070_rf_write(sc, 55, 0x43); 4690 4691 /* 4692 * RF R49/R50 Tx power ALC code. 4693 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4694 */ 4695 reg = 2; 4696 txpow_bound = 0x27; 4697 } else { 4698 /* Initialize RF registers for 5GHZ. */ 4699 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4700 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4701 rt5592_5ghz_def_rf[i].val); 4702 } 4703 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4704 if (chan >= rt5592_chan_5ghz[i].firstchan && 4705 chan <= rt5592_chan_5ghz[i].lastchan) { 4706 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4707 rt5592_chan_5ghz[i].val); 4708 } 4709 } 4710 4711 /* 4712 * RF R49/R50 Tx power ALC code. 4713 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4714 */ 4715 reg = 3; 4716 txpow_bound = 0x2b; 4717 } 4718 4719 /* RF R49 ch0 Tx power ALC code. */ 4720 run_rt3070_rf_read(sc, 49, &rf); 4721 rf &= ~0xc0; 4722 rf |= (reg << 6); 4723 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4724 if ((rf & 0x3f) > txpow_bound) 4725 rf = (rf & ~0x3f) | txpow_bound; 4726 run_rt3070_rf_write(sc, 49, rf); 4727 4728 /* RF R50 ch1 Tx power ALC code. */ 4729 run_rt3070_rf_read(sc, 50, &rf); 4730 rf &= ~(1 << 7 | 1 << 6); 4731 rf |= (reg << 6); 4732 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4733 if ((rf & 0x3f) > txpow_bound) 4734 rf = (rf & ~0x3f) | txpow_bound; 4735 run_rt3070_rf_write(sc, 50, rf); 4736 4737 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4738 run_rt3070_rf_read(sc, 1, &rf); 4739 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4740 if (sc->ntxchains > 1) 4741 rf |= RT3070_TX1_PD; 4742 if (sc->nrxchains > 1) 4743 rf |= RT3070_RX1_PD; 4744 run_rt3070_rf_write(sc, 1, rf); 4745 4746 run_rt3070_rf_write(sc, 6, 0xe4); 4747 4748 run_rt3070_rf_write(sc, 30, 0x10); 4749 run_rt3070_rf_write(sc, 31, 0x80); 4750 run_rt3070_rf_write(sc, 32, 0x80); 4751 4752 run_adjust_freq_offset(sc); 4753 4754 /* Enable VCO calibration. */ 4755 run_rt3070_rf_read(sc, 3, &rf); 4756 rf |= RT5390_VCOCAL; 4757 run_rt3070_rf_write(sc, 3, rf); 4758 } 4759 4760 static void 4761 run_set_rx_antenna(struct run_softc *sc, int aux) 4762 { 4763 uint32_t tmp; 4764 uint8_t bbp152; 4765 4766 if (aux) { 4767 if (sc->rf_rev == RT5390_RF_5370) { 4768 run_bbp_read(sc, 152, &bbp152); 4769 run_bbp_write(sc, 152, bbp152 & ~0x80); 4770 } else { 4771 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4772 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4773 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4774 } 4775 } else { 4776 if (sc->rf_rev == RT5390_RF_5370) { 4777 run_bbp_read(sc, 152, &bbp152); 4778 run_bbp_write(sc, 152, bbp152 | 0x80); 4779 } else { 4780 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4781 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4782 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4783 } 4784 } 4785 } 4786 4787 static int 4788 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4789 { 4790 struct ieee80211com *ic = &sc->sc_ic; 4791 u_int chan, group; 4792 4793 chan = ieee80211_chan2ieee(ic, c); 4794 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4795 return (EINVAL); 4796 4797 if (sc->mac_ver == 0x5592) 4798 run_rt5592_set_chan(sc, chan); 4799 else if (sc->mac_ver >= 0x5390) 4800 run_rt5390_set_chan(sc, chan); 4801 else if (sc->mac_ver == 0x3593) 4802 run_rt3593_set_chan(sc, chan); 4803 else if (sc->mac_ver == 0x3572) 4804 run_rt3572_set_chan(sc, chan); 4805 else if (sc->mac_ver >= 0x3070) 4806 run_rt3070_set_chan(sc, chan); 4807 else 4808 run_rt2870_set_chan(sc, chan); 4809 4810 /* determine channel group */ 4811 if (chan <= 14) 4812 group = 0; 4813 else if (chan <= 64) 4814 group = 1; 4815 else if (chan <= 128) 4816 group = 2; 4817 else 4818 group = 3; 4819 4820 /* XXX necessary only when group has changed! */ 4821 run_select_chan_group(sc, group); 4822 4823 run_delay(sc, 10); 4824 4825 /* Perform IQ calibration. */ 4826 if (sc->mac_ver >= 0x5392) 4827 run_iq_calib(sc, chan); 4828 4829 return (0); 4830 } 4831 4832 static void 4833 run_set_channel(struct ieee80211com *ic) 4834 { 4835 struct run_softc *sc = ic->ic_softc; 4836 4837 RUN_LOCK(sc); 4838 run_set_chan(sc, ic->ic_curchan); 4839 RUN_UNLOCK(sc); 4840 4841 return; 4842 } 4843 4844 static void 4845 run_getradiocaps(struct ieee80211com *ic, 4846 int maxchans, int *nchans, struct ieee80211_channel chans[]) 4847 { 4848 struct run_softc *sc = ic->ic_softc; 4849 uint8_t bands[IEEE80211_MODE_BYTES]; 4850 4851 memset(bands, 0, sizeof(bands)); 4852 setbit(bands, IEEE80211_MODE_11B); 4853 setbit(bands, IEEE80211_MODE_11G); 4854 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0); 4855 4856 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 4857 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 4858 sc->rf_rev == RT5592_RF_5592) { 4859 setbit(bands, IEEE80211_MODE_11A); 4860 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans, 4861 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0); 4862 } 4863 } 4864 4865 static void 4866 run_scan_start(struct ieee80211com *ic) 4867 { 4868 struct run_softc *sc = ic->ic_softc; 4869 4870 RUN_LOCK(sc); 4871 4872 /* abort TSF synchronization */ 4873 run_disable_tsf(sc); 4874 run_set_bssid(sc, ieee80211broadcastaddr); 4875 4876 RUN_UNLOCK(sc); 4877 4878 return; 4879 } 4880 4881 static void 4882 run_scan_end(struct ieee80211com *ic) 4883 { 4884 struct run_softc *sc = ic->ic_softc; 4885 4886 RUN_LOCK(sc); 4887 4888 run_enable_tsf_sync(sc); 4889 run_set_bssid(sc, sc->sc_bssid); 4890 4891 RUN_UNLOCK(sc); 4892 4893 return; 4894 } 4895 4896 /* 4897 * Could be called from ieee80211_node_timeout() 4898 * (non-sleepable thread) 4899 */ 4900 static void 4901 run_update_beacon(struct ieee80211vap *vap, int item) 4902 { 4903 struct ieee80211com *ic = vap->iv_ic; 4904 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 4905 struct ieee80211_node *ni = vap->iv_bss; 4906 struct run_softc *sc = ic->ic_softc; 4907 struct run_vap *rvp = RUN_VAP(vap); 4908 int mcast = 0; 4909 uint32_t i; 4910 4911 switch (item) { 4912 case IEEE80211_BEACON_ERP: 4913 run_updateslot(ic); 4914 break; 4915 case IEEE80211_BEACON_HTINFO: 4916 run_updateprot(ic); 4917 break; 4918 case IEEE80211_BEACON_TIM: 4919 mcast = 1; /*TODO*/ 4920 break; 4921 default: 4922 break; 4923 } 4924 4925 setbit(bo->bo_flags, item); 4926 if (rvp->beacon_mbuf == NULL) { 4927 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4928 if (rvp->beacon_mbuf == NULL) 4929 return; 4930 } 4931 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast); 4932 4933 i = RUN_CMDQ_GET(&sc->cmdq_store); 4934 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 4935 sc->cmdq[i].func = run_update_beacon_cb; 4936 sc->cmdq[i].arg0 = vap; 4937 ieee80211_runtask(ic, &sc->cmdq_task); 4938 4939 return; 4940 } 4941 4942 static void 4943 run_update_beacon_cb(void *arg) 4944 { 4945 struct ieee80211vap *vap = arg; 4946 struct ieee80211_node *ni = vap->iv_bss; 4947 struct run_vap *rvp = RUN_VAP(vap); 4948 struct ieee80211com *ic = vap->iv_ic; 4949 struct run_softc *sc = ic->ic_softc; 4950 struct rt2860_txwi txwi; 4951 struct mbuf *m; 4952 uint16_t txwisize; 4953 uint8_t ridx; 4954 4955 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 4956 return; 4957 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4958 return; 4959 4960 /* 4961 * No need to call ieee80211_beacon_update(), run_update_beacon() 4962 * is taking care of appropriate calls. 4963 */ 4964 if (rvp->beacon_mbuf == NULL) { 4965 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni); 4966 if (rvp->beacon_mbuf == NULL) 4967 return; 4968 } 4969 m = rvp->beacon_mbuf; 4970 4971 memset(&txwi, 0, sizeof(txwi)); 4972 txwi.wcid = 0xff; 4973 txwi.len = htole16(m->m_pkthdr.len); 4974 4975 /* send beacons at the lowest available rate */ 4976 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4977 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4978 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4979 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4980 txwi.phy |= htole16(RT2860_PHY_OFDM); 4981 txwi.txop = RT2860_TX_TXOP_HT; 4982 txwi.flags = RT2860_TX_TS; 4983 txwi.xflags = RT2860_TX_NSEQ; 4984 4985 txwisize = (sc->mac_ver == 0x5592) ? 4986 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4987 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4988 txwisize); 4989 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4990 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4991 } 4992 4993 static void 4994 run_updateprot(struct ieee80211com *ic) 4995 { 4996 struct run_softc *sc = ic->ic_softc; 4997 uint32_t i; 4998 4999 i = RUN_CMDQ_GET(&sc->cmdq_store); 5000 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5001 sc->cmdq[i].func = run_updateprot_cb; 5002 sc->cmdq[i].arg0 = ic; 5003 ieee80211_runtask(ic, &sc->cmdq_task); 5004 } 5005 5006 static void 5007 run_updateprot_cb(void *arg) 5008 { 5009 struct ieee80211com *ic = arg; 5010 struct run_softc *sc = ic->ic_softc; 5011 uint32_t tmp; 5012 5013 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5014 /* setup protection frame rate (MCS code) */ 5015 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5016 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5017 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5018 5019 /* CCK frames don't require protection */ 5020 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5021 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5022 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5023 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5024 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5025 tmp |= RT2860_PROT_CTRL_CTS; 5026 } 5027 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5028 } 5029 5030 static void 5031 run_usb_timeout_cb(void *arg) 5032 { 5033 struct ieee80211vap *vap = arg; 5034 struct run_softc *sc = vap->iv_ic->ic_softc; 5035 5036 RUN_LOCK_ASSERT(sc, MA_OWNED); 5037 5038 if(vap->iv_state == IEEE80211_S_RUN && 5039 vap->iv_opmode != IEEE80211_M_STA) 5040 run_reset_livelock(sc); 5041 else if (vap->iv_state == IEEE80211_S_SCAN) { 5042 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5043 "timeout caused by scan\n"); 5044 /* cancel bgscan */ 5045 ieee80211_cancel_scan(vap); 5046 } else 5047 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE, 5048 "timeout by unknown cause\n"); 5049 } 5050 5051 static void 5052 run_reset_livelock(struct run_softc *sc) 5053 { 5054 uint32_t tmp; 5055 5056 RUN_LOCK_ASSERT(sc, MA_OWNED); 5057 5058 /* 5059 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5060 * can run into a livelock and start sending CTS-to-self frames like 5061 * crazy if protection is enabled. Reset MAC/BBP for a while 5062 */ 5063 run_read(sc, RT2860_DEBUG, &tmp); 5064 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp); 5065 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5066 RUN_DPRINTF(sc, RUN_DEBUG_RESET, 5067 "CTS-to-self livelock detected\n"); 5068 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5069 run_delay(sc, 1); 5070 run_write(sc, RT2860_MAC_SYS_CTRL, 5071 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5072 } 5073 } 5074 5075 static void 5076 run_update_promisc_locked(struct run_softc *sc) 5077 { 5078 uint32_t tmp; 5079 5080 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5081 5082 tmp |= RT2860_DROP_UC_NOME; 5083 if (sc->sc_ic.ic_promisc > 0) 5084 tmp &= ~RT2860_DROP_UC_NOME; 5085 5086 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5087 5088 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n", 5089 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving"); 5090 } 5091 5092 static void 5093 run_update_promisc(struct ieee80211com *ic) 5094 { 5095 struct run_softc *sc = ic->ic_softc; 5096 5097 if ((sc->sc_flags & RUN_RUNNING) == 0) 5098 return; 5099 5100 RUN_LOCK(sc); 5101 run_update_promisc_locked(sc); 5102 RUN_UNLOCK(sc); 5103 } 5104 5105 static void 5106 run_enable_tsf_sync(struct run_softc *sc) 5107 { 5108 struct ieee80211com *ic = &sc->sc_ic; 5109 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5110 uint32_t tmp; 5111 5112 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n", 5113 RUN_VAP(vap)->rvp_id, ic->ic_opmode); 5114 5115 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5116 tmp &= ~0x1fffff; 5117 tmp |= vap->iv_bss->ni_intval * 16; 5118 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5119 5120 if (ic->ic_opmode == IEEE80211_M_STA) { 5121 /* 5122 * Local TSF is always updated with remote TSF on beacon 5123 * reception. 5124 */ 5125 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5126 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5127 tmp |= RT2860_BCN_TX_EN; 5128 /* 5129 * Local TSF is updated with remote TSF on beacon reception 5130 * only if the remote TSF is greater than local TSF. 5131 */ 5132 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5133 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5134 ic->ic_opmode == IEEE80211_M_MBSS) { 5135 tmp |= RT2860_BCN_TX_EN; 5136 /* SYNC with nobody */ 5137 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5138 } else { 5139 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, 5140 "Enabling TSF failed. undefined opmode\n"); 5141 return; 5142 } 5143 5144 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5145 } 5146 5147 static void 5148 run_enable_tsf(struct run_softc *sc) 5149 { 5150 uint32_t tmp; 5151 5152 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5153 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN); 5154 tmp |= RT2860_TSF_TIMER_EN; 5155 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5156 } 5157 } 5158 5159 static void 5160 run_disable_tsf(struct run_softc *sc) 5161 { 5162 uint32_t tmp; 5163 5164 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) { 5165 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 5166 RT2860_TBTT_TIMER_EN); 5167 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5168 } 5169 } 5170 5171 static void 5172 run_get_tsf(struct run_softc *sc, uint64_t *buf) 5173 { 5174 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf, 5175 sizeof(*buf)); 5176 } 5177 5178 static void 5179 run_enable_mrr(struct run_softc *sc) 5180 { 5181 #define CCK(mcs) (mcs) 5182 #define OFDM(mcs) (1 << 3 | (mcs)) 5183 run_write(sc, RT2860_LG_FBK_CFG0, 5184 OFDM(6) << 28 | /* 54->48 */ 5185 OFDM(5) << 24 | /* 48->36 */ 5186 OFDM(4) << 20 | /* 36->24 */ 5187 OFDM(3) << 16 | /* 24->18 */ 5188 OFDM(2) << 12 | /* 18->12 */ 5189 OFDM(1) << 8 | /* 12-> 9 */ 5190 OFDM(0) << 4 | /* 9-> 6 */ 5191 OFDM(0)); /* 6-> 6 */ 5192 5193 run_write(sc, RT2860_LG_FBK_CFG1, 5194 CCK(2) << 12 | /* 11->5.5 */ 5195 CCK(1) << 8 | /* 5.5-> 2 */ 5196 CCK(0) << 4 | /* 2-> 1 */ 5197 CCK(0)); /* 1-> 1 */ 5198 #undef OFDM 5199 #undef CCK 5200 } 5201 5202 static void 5203 run_set_txpreamble(struct run_softc *sc) 5204 { 5205 struct ieee80211com *ic = &sc->sc_ic; 5206 uint32_t tmp; 5207 5208 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5209 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5210 tmp |= RT2860_CCK_SHORT_EN; 5211 else 5212 tmp &= ~RT2860_CCK_SHORT_EN; 5213 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5214 } 5215 5216 static void 5217 run_set_basicrates(struct run_softc *sc) 5218 { 5219 struct ieee80211com *ic = &sc->sc_ic; 5220 5221 /* set basic rates mask */ 5222 if (ic->ic_curmode == IEEE80211_MODE_11B) 5223 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5224 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5225 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5226 else /* 11g */ 5227 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5228 } 5229 5230 static void 5231 run_set_leds(struct run_softc *sc, uint16_t which) 5232 { 5233 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5234 which | (sc->leds & 0x7f)); 5235 } 5236 5237 static void 5238 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5239 { 5240 run_write(sc, RT2860_MAC_BSSID_DW0, 5241 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5242 run_write(sc, RT2860_MAC_BSSID_DW1, 5243 bssid[4] | bssid[5] << 8); 5244 } 5245 5246 static void 5247 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5248 { 5249 run_write(sc, RT2860_MAC_ADDR_DW0, 5250 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5251 run_write(sc, RT2860_MAC_ADDR_DW1, 5252 addr[4] | addr[5] << 8 | 0xff << 16); 5253 } 5254 5255 static void 5256 run_updateslot(struct ieee80211com *ic) 5257 { 5258 struct run_softc *sc = ic->ic_softc; 5259 uint32_t i; 5260 5261 i = RUN_CMDQ_GET(&sc->cmdq_store); 5262 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i); 5263 sc->cmdq[i].func = run_updateslot_cb; 5264 sc->cmdq[i].arg0 = ic; 5265 ieee80211_runtask(ic, &sc->cmdq_task); 5266 5267 return; 5268 } 5269 5270 /* ARGSUSED */ 5271 static void 5272 run_updateslot_cb(void *arg) 5273 { 5274 struct ieee80211com *ic = arg; 5275 struct run_softc *sc = ic->ic_softc; 5276 uint32_t tmp; 5277 5278 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5279 tmp &= ~0xff; 5280 tmp |= IEEE80211_GET_SLOTTIME(ic); 5281 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5282 } 5283 5284 static void 5285 run_update_mcast(struct ieee80211com *ic) 5286 { 5287 } 5288 5289 static int8_t 5290 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5291 { 5292 struct ieee80211com *ic = &sc->sc_ic; 5293 struct ieee80211_channel *c = ic->ic_curchan; 5294 int delta; 5295 5296 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5297 u_int chan = ieee80211_chan2ieee(ic, c); 5298 delta = sc->rssi_5ghz[rxchain]; 5299 5300 /* determine channel group */ 5301 if (chan <= 64) 5302 delta -= sc->lna[1]; 5303 else if (chan <= 128) 5304 delta -= sc->lna[2]; 5305 else 5306 delta -= sc->lna[3]; 5307 } else 5308 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5309 5310 return (-12 - delta - rssi); 5311 } 5312 5313 static void 5314 run_rt5390_bbp_init(struct run_softc *sc) 5315 { 5316 u_int i; 5317 uint8_t bbp; 5318 5319 /* Apply maximum likelihood detection for 2 stream case. */ 5320 run_bbp_read(sc, 105, &bbp); 5321 if (sc->nrxchains > 1) 5322 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5323 5324 /* Avoid data lost and CRC error. */ 5325 run_bbp_read(sc, 4, &bbp); 5326 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5327 5328 if (sc->mac_ver == 0x5592) { 5329 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5330 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5331 rt5592_def_bbp[i].val); 5332 } 5333 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5334 run_bbp_write(sc, 195, i + 0x80); 5335 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5336 } 5337 } else { 5338 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5339 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5340 rt5390_def_bbp[i].val); 5341 } 5342 } 5343 if (sc->mac_ver == 0x5392) { 5344 run_bbp_write(sc, 88, 0x90); 5345 run_bbp_write(sc, 95, 0x9a); 5346 run_bbp_write(sc, 98, 0x12); 5347 run_bbp_write(sc, 106, 0x12); 5348 run_bbp_write(sc, 134, 0xd0); 5349 run_bbp_write(sc, 135, 0xf6); 5350 run_bbp_write(sc, 148, 0x84); 5351 } 5352 5353 run_bbp_read(sc, 152, &bbp); 5354 run_bbp_write(sc, 152, bbp | 0x80); 5355 5356 /* Fix BBP254 for RT5592C. */ 5357 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5358 run_bbp_read(sc, 254, &bbp); 5359 run_bbp_write(sc, 254, bbp | 0x80); 5360 } 5361 5362 /* Disable hardware antenna diversity. */ 5363 if (sc->mac_ver == 0x5390) 5364 run_bbp_write(sc, 154, 0); 5365 5366 /* Initialize Rx CCK/OFDM frequency offset report. */ 5367 run_bbp_write(sc, 142, 1); 5368 run_bbp_write(sc, 143, 57); 5369 } 5370 5371 static int 5372 run_bbp_init(struct run_softc *sc) 5373 { 5374 int i, error, ntries; 5375 uint8_t bbp0; 5376 5377 /* wait for BBP to wake up */ 5378 for (ntries = 0; ntries < 20; ntries++) { 5379 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5380 return error; 5381 if (bbp0 != 0 && bbp0 != 0xff) 5382 break; 5383 } 5384 if (ntries == 20) 5385 return (ETIMEDOUT); 5386 5387 /* initialize BBP registers to default values */ 5388 if (sc->mac_ver >= 0x5390) 5389 run_rt5390_bbp_init(sc); 5390 else { 5391 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5392 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5393 rt2860_def_bbp[i].val); 5394 } 5395 } 5396 5397 if (sc->mac_ver == 0x3593) { 5398 run_bbp_write(sc, 79, 0x13); 5399 run_bbp_write(sc, 80, 0x05); 5400 run_bbp_write(sc, 81, 0x33); 5401 run_bbp_write(sc, 86, 0x46); 5402 run_bbp_write(sc, 137, 0x0f); 5403 } 5404 5405 /* fix BBP84 for RT2860E */ 5406 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5407 run_bbp_write(sc, 84, 0x19); 5408 5409 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5410 sc->mac_ver != 0x5592)) { 5411 run_bbp_write(sc, 79, 0x13); 5412 run_bbp_write(sc, 80, 0x05); 5413 run_bbp_write(sc, 81, 0x33); 5414 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5415 run_bbp_write(sc, 69, 0x16); 5416 run_bbp_write(sc, 73, 0x12); 5417 } 5418 return (0); 5419 } 5420 5421 static int 5422 run_rt3070_rf_init(struct run_softc *sc) 5423 { 5424 uint32_t tmp; 5425 uint8_t bbp4, mingain, rf, target; 5426 u_int i; 5427 5428 run_rt3070_rf_read(sc, 30, &rf); 5429 /* toggle RF R30 bit 7 */ 5430 run_rt3070_rf_write(sc, 30, rf | 0x80); 5431 run_delay(sc, 10); 5432 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5433 5434 /* initialize RF registers to default value */ 5435 if (sc->mac_ver == 0x3572) { 5436 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5437 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5438 rt3572_def_rf[i].val); 5439 } 5440 } else { 5441 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5442 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5443 rt3070_def_rf[i].val); 5444 } 5445 } 5446 5447 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5448 /* 5449 * Change voltage from 1.2V to 1.35V for RT3070. 5450 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5451 * in RT3070(F). 5452 */ 5453 run_read(sc, RT3070_LDO_CFG0, &tmp); 5454 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5455 run_write(sc, RT3070_LDO_CFG0, tmp); 5456 5457 } else if (sc->mac_ver == 0x3071) { 5458 run_rt3070_rf_read(sc, 6, &rf); 5459 run_rt3070_rf_write(sc, 6, rf | 0x40); 5460 run_rt3070_rf_write(sc, 31, 0x14); 5461 5462 run_read(sc, RT3070_LDO_CFG0, &tmp); 5463 tmp &= ~0x1f000000; 5464 if (sc->mac_rev < 0x0211) 5465 tmp |= 0x0d000000; /* 1.3V */ 5466 else 5467 tmp |= 0x01000000; /* 1.2V */ 5468 run_write(sc, RT3070_LDO_CFG0, tmp); 5469 5470 /* patch LNA_PE_G1 */ 5471 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5472 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5473 5474 } else if (sc->mac_ver == 0x3572) { 5475 run_rt3070_rf_read(sc, 6, &rf); 5476 run_rt3070_rf_write(sc, 6, rf | 0x40); 5477 5478 /* increase voltage from 1.2V to 1.35V */ 5479 run_read(sc, RT3070_LDO_CFG0, &tmp); 5480 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5481 run_write(sc, RT3070_LDO_CFG0, tmp); 5482 5483 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5484 run_delay(sc, 1); /* wait for 1msec */ 5485 /* decrease voltage back to 1.2V */ 5486 tmp = (tmp & ~0x1f000000) | 0x01000000; 5487 run_write(sc, RT3070_LDO_CFG0, tmp); 5488 } 5489 } 5490 5491 /* select 20MHz bandwidth */ 5492 run_rt3070_rf_read(sc, 31, &rf); 5493 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5494 5495 /* calibrate filter for 20MHz bandwidth */ 5496 sc->rf24_20mhz = 0x1f; /* default value */ 5497 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5498 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5499 5500 /* select 40MHz bandwidth */ 5501 run_bbp_read(sc, 4, &bbp4); 5502 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5503 run_rt3070_rf_read(sc, 31, &rf); 5504 run_rt3070_rf_write(sc, 31, rf | 0x20); 5505 5506 /* calibrate filter for 40MHz bandwidth */ 5507 sc->rf24_40mhz = 0x2f; /* default value */ 5508 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5509 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5510 5511 /* go back to 20MHz bandwidth */ 5512 run_bbp_read(sc, 4, &bbp4); 5513 run_bbp_write(sc, 4, bbp4 & ~0x18); 5514 5515 if (sc->mac_ver == 0x3572) { 5516 /* save default BBP registers 25 and 26 values */ 5517 run_bbp_read(sc, 25, &sc->bbp25); 5518 run_bbp_read(sc, 26, &sc->bbp26); 5519 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5520 run_rt3070_rf_write(sc, 27, 0x03); 5521 5522 run_read(sc, RT3070_OPT_14, &tmp); 5523 run_write(sc, RT3070_OPT_14, tmp | 1); 5524 5525 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5526 run_rt3070_rf_read(sc, 17, &rf); 5527 rf &= ~RT3070_TX_LO1; 5528 if ((sc->mac_ver == 0x3070 || 5529 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5530 !sc->ext_2ghz_lna) 5531 rf |= 0x20; /* fix for long range Rx issue */ 5532 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5533 if (sc->txmixgain_2ghz >= mingain) 5534 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5535 run_rt3070_rf_write(sc, 17, rf); 5536 } 5537 5538 if (sc->mac_ver == 0x3071) { 5539 run_rt3070_rf_read(sc, 1, &rf); 5540 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5541 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5542 run_rt3070_rf_write(sc, 1, rf); 5543 5544 run_rt3070_rf_read(sc, 15, &rf); 5545 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5546 5547 run_rt3070_rf_read(sc, 20, &rf); 5548 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5549 5550 run_rt3070_rf_read(sc, 21, &rf); 5551 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5552 } 5553 5554 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5555 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5556 run_rt3070_rf_read(sc, 27, &rf); 5557 rf &= ~0x77; 5558 if (sc->mac_rev < 0x0211) 5559 rf |= 0x03; 5560 run_rt3070_rf_write(sc, 27, rf); 5561 } 5562 return (0); 5563 } 5564 5565 static void 5566 run_rt3593_rf_init(struct run_softc *sc) 5567 { 5568 uint32_t tmp; 5569 uint8_t rf; 5570 u_int i; 5571 5572 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5573 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5574 tmp &= ~(1 << 4 | 1 << 7); 5575 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5576 5577 /* Initialize RF registers to default value. */ 5578 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5579 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5580 rt3593_def_rf[i].val); 5581 } 5582 5583 /* Toggle RF R2 to initiate calibration. */ 5584 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5585 5586 /* Initialize RF frequency offset. */ 5587 run_adjust_freq_offset(sc); 5588 5589 run_rt3070_rf_read(sc, 18, &rf); 5590 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5591 5592 /* 5593 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5594 * decrease voltage back to 1.2V. 5595 */ 5596 run_read(sc, RT3070_LDO_CFG0, &tmp); 5597 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5598 run_write(sc, RT3070_LDO_CFG0, tmp); 5599 run_delay(sc, 1); 5600 tmp = (tmp & ~0x1f000000) | 0x01000000; 5601 run_write(sc, RT3070_LDO_CFG0, tmp); 5602 5603 sc->rf24_20mhz = 0x1f; 5604 sc->rf24_40mhz = 0x2f; 5605 5606 /* Save default BBP registers 25 and 26 values. */ 5607 run_bbp_read(sc, 25, &sc->bbp25); 5608 run_bbp_read(sc, 26, &sc->bbp26); 5609 5610 run_read(sc, RT3070_OPT_14, &tmp); 5611 run_write(sc, RT3070_OPT_14, tmp | 1); 5612 } 5613 5614 static void 5615 run_rt5390_rf_init(struct run_softc *sc) 5616 { 5617 uint32_t tmp; 5618 uint8_t rf; 5619 u_int i; 5620 5621 /* Toggle RF R2 to initiate calibration. */ 5622 if (sc->mac_ver == 0x5390) { 5623 run_rt3070_rf_read(sc, 2, &rf); 5624 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5625 run_delay(sc, 10); 5626 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5627 } else { 5628 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5629 run_delay(sc, 10); 5630 } 5631 5632 /* Initialize RF registers to default value. */ 5633 if (sc->mac_ver == 0x5592) { 5634 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5635 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5636 rt5592_def_rf[i].val); 5637 } 5638 /* Initialize RF frequency offset. */ 5639 run_adjust_freq_offset(sc); 5640 } else if (sc->mac_ver == 0x5392) { 5641 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5642 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5643 rt5392_def_rf[i].val); 5644 } 5645 if (sc->mac_rev >= 0x0223) { 5646 run_rt3070_rf_write(sc, 23, 0x0f); 5647 run_rt3070_rf_write(sc, 24, 0x3e); 5648 run_rt3070_rf_write(sc, 51, 0x32); 5649 run_rt3070_rf_write(sc, 53, 0x22); 5650 run_rt3070_rf_write(sc, 56, 0xc1); 5651 run_rt3070_rf_write(sc, 59, 0x0f); 5652 } 5653 } else { 5654 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5655 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5656 rt5390_def_rf[i].val); 5657 } 5658 if (sc->mac_rev >= 0x0502) { 5659 run_rt3070_rf_write(sc, 6, 0xe0); 5660 run_rt3070_rf_write(sc, 25, 0x80); 5661 run_rt3070_rf_write(sc, 46, 0x73); 5662 run_rt3070_rf_write(sc, 53, 0x00); 5663 run_rt3070_rf_write(sc, 56, 0x42); 5664 run_rt3070_rf_write(sc, 61, 0xd1); 5665 } 5666 } 5667 5668 sc->rf24_20mhz = 0x1f; /* default value */ 5669 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5670 5671 if (sc->mac_rev < 0x0211) 5672 run_rt3070_rf_write(sc, 27, 0x3); 5673 5674 run_read(sc, RT3070_OPT_14, &tmp); 5675 run_write(sc, RT3070_OPT_14, tmp | 1); 5676 } 5677 5678 static int 5679 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5680 uint8_t *val) 5681 { 5682 uint8_t rf22, rf24; 5683 uint8_t bbp55_pb, bbp55_sb, delta; 5684 int ntries; 5685 5686 /* program filter */ 5687 run_rt3070_rf_read(sc, 24, &rf24); 5688 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5689 run_rt3070_rf_write(sc, 24, rf24); 5690 5691 /* enable baseband loopback mode */ 5692 run_rt3070_rf_read(sc, 22, &rf22); 5693 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5694 5695 /* set power and frequency of passband test tone */ 5696 run_bbp_write(sc, 24, 0x00); 5697 for (ntries = 0; ntries < 100; ntries++) { 5698 /* transmit test tone */ 5699 run_bbp_write(sc, 25, 0x90); 5700 run_delay(sc, 10); 5701 /* read received power */ 5702 run_bbp_read(sc, 55, &bbp55_pb); 5703 if (bbp55_pb != 0) 5704 break; 5705 } 5706 if (ntries == 100) 5707 return (ETIMEDOUT); 5708 5709 /* set power and frequency of stopband test tone */ 5710 run_bbp_write(sc, 24, 0x06); 5711 for (ntries = 0; ntries < 100; ntries++) { 5712 /* transmit test tone */ 5713 run_bbp_write(sc, 25, 0x90); 5714 run_delay(sc, 10); 5715 /* read received power */ 5716 run_bbp_read(sc, 55, &bbp55_sb); 5717 5718 delta = bbp55_pb - bbp55_sb; 5719 if (delta > target) 5720 break; 5721 5722 /* reprogram filter */ 5723 rf24++; 5724 run_rt3070_rf_write(sc, 24, rf24); 5725 } 5726 if (ntries < 100) { 5727 if (rf24 != init) 5728 rf24--; /* backtrack */ 5729 *val = rf24; 5730 run_rt3070_rf_write(sc, 24, rf24); 5731 } 5732 5733 /* restore initial state */ 5734 run_bbp_write(sc, 24, 0x00); 5735 5736 /* disable baseband loopback mode */ 5737 run_rt3070_rf_read(sc, 22, &rf22); 5738 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5739 5740 return (0); 5741 } 5742 5743 static void 5744 run_rt3070_rf_setup(struct run_softc *sc) 5745 { 5746 uint8_t bbp, rf; 5747 int i; 5748 5749 if (sc->mac_ver == 0x3572) { 5750 /* enable DC filter */ 5751 if (sc->mac_rev >= 0x0201) 5752 run_bbp_write(sc, 103, 0xc0); 5753 5754 run_bbp_read(sc, 138, &bbp); 5755 if (sc->ntxchains == 1) 5756 bbp |= 0x20; /* turn off DAC1 */ 5757 if (sc->nrxchains == 1) 5758 bbp &= ~0x02; /* turn off ADC1 */ 5759 run_bbp_write(sc, 138, bbp); 5760 5761 if (sc->mac_rev >= 0x0211) { 5762 /* improve power consumption */ 5763 run_bbp_read(sc, 31, &bbp); 5764 run_bbp_write(sc, 31, bbp & ~0x03); 5765 } 5766 5767 run_rt3070_rf_read(sc, 16, &rf); 5768 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5769 run_rt3070_rf_write(sc, 16, rf); 5770 5771 } else if (sc->mac_ver == 0x3071) { 5772 if (sc->mac_rev >= 0x0211) { 5773 /* enable DC filter */ 5774 run_bbp_write(sc, 103, 0xc0); 5775 5776 /* improve power consumption */ 5777 run_bbp_read(sc, 31, &bbp); 5778 run_bbp_write(sc, 31, bbp & ~0x03); 5779 } 5780 5781 run_bbp_read(sc, 138, &bbp); 5782 if (sc->ntxchains == 1) 5783 bbp |= 0x20; /* turn off DAC1 */ 5784 if (sc->nrxchains == 1) 5785 bbp &= ~0x02; /* turn off ADC1 */ 5786 run_bbp_write(sc, 138, bbp); 5787 5788 run_write(sc, RT2860_TX_SW_CFG1, 0); 5789 if (sc->mac_rev < 0x0211) { 5790 run_write(sc, RT2860_TX_SW_CFG2, 5791 sc->patch_dac ? 0x2c : 0x0f); 5792 } else 5793 run_write(sc, RT2860_TX_SW_CFG2, 0); 5794 5795 } else if (sc->mac_ver == 0x3070) { 5796 if (sc->mac_rev >= 0x0201) { 5797 /* enable DC filter */ 5798 run_bbp_write(sc, 103, 0xc0); 5799 5800 /* improve power consumption */ 5801 run_bbp_read(sc, 31, &bbp); 5802 run_bbp_write(sc, 31, bbp & ~0x03); 5803 } 5804 5805 if (sc->mac_rev < 0x0201) { 5806 run_write(sc, RT2860_TX_SW_CFG1, 0); 5807 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5808 } else 5809 run_write(sc, RT2860_TX_SW_CFG2, 0); 5810 } 5811 5812 /* initialize RF registers from ROM for >=RT3071*/ 5813 if (sc->mac_ver >= 0x3071) { 5814 for (i = 0; i < 10; i++) { 5815 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5816 continue; 5817 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5818 } 5819 } 5820 } 5821 5822 static void 5823 run_rt3593_rf_setup(struct run_softc *sc) 5824 { 5825 uint8_t bbp, rf; 5826 5827 if (sc->mac_rev >= 0x0211) { 5828 /* Enable DC filter. */ 5829 run_bbp_write(sc, 103, 0xc0); 5830 } 5831 run_write(sc, RT2860_TX_SW_CFG1, 0); 5832 if (sc->mac_rev < 0x0211) { 5833 run_write(sc, RT2860_TX_SW_CFG2, 5834 sc->patch_dac ? 0x2c : 0x0f); 5835 } else 5836 run_write(sc, RT2860_TX_SW_CFG2, 0); 5837 5838 run_rt3070_rf_read(sc, 50, &rf); 5839 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5840 5841 run_rt3070_rf_read(sc, 51, &rf); 5842 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5843 ((sc->txmixgain_2ghz & 0x07) << 2); 5844 run_rt3070_rf_write(sc, 51, rf); 5845 5846 run_rt3070_rf_read(sc, 38, &rf); 5847 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5848 5849 run_rt3070_rf_read(sc, 39, &rf); 5850 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5851 5852 run_rt3070_rf_read(sc, 1, &rf); 5853 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5854 5855 run_rt3070_rf_read(sc, 30, &rf); 5856 rf = (rf & ~0x18) | 0x10; 5857 run_rt3070_rf_write(sc, 30, rf); 5858 5859 /* Apply maximum likelihood detection for 2 stream case. */ 5860 run_bbp_read(sc, 105, &bbp); 5861 if (sc->nrxchains > 1) 5862 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5863 5864 /* Avoid data lost and CRC error. */ 5865 run_bbp_read(sc, 4, &bbp); 5866 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5867 5868 run_bbp_write(sc, 92, 0x02); 5869 run_bbp_write(sc, 82, 0x82); 5870 run_bbp_write(sc, 106, 0x05); 5871 run_bbp_write(sc, 104, 0x92); 5872 run_bbp_write(sc, 88, 0x90); 5873 run_bbp_write(sc, 148, 0xc8); 5874 run_bbp_write(sc, 47, 0x48); 5875 run_bbp_write(sc, 120, 0x50); 5876 5877 run_bbp_write(sc, 163, 0x9d); 5878 5879 /* SNR mapping. */ 5880 run_bbp_write(sc, 142, 0x06); 5881 run_bbp_write(sc, 143, 0xa0); 5882 run_bbp_write(sc, 142, 0x07); 5883 run_bbp_write(sc, 143, 0xa1); 5884 run_bbp_write(sc, 142, 0x08); 5885 run_bbp_write(sc, 143, 0xa2); 5886 5887 run_bbp_write(sc, 31, 0x08); 5888 run_bbp_write(sc, 68, 0x0b); 5889 run_bbp_write(sc, 105, 0x04); 5890 } 5891 5892 static void 5893 run_rt5390_rf_setup(struct run_softc *sc) 5894 { 5895 uint8_t bbp, rf; 5896 5897 if (sc->mac_rev >= 0x0211) { 5898 /* Enable DC filter. */ 5899 run_bbp_write(sc, 103, 0xc0); 5900 5901 if (sc->mac_ver != 0x5592) { 5902 /* Improve power consumption. */ 5903 run_bbp_read(sc, 31, &bbp); 5904 run_bbp_write(sc, 31, bbp & ~0x03); 5905 } 5906 } 5907 5908 run_bbp_read(sc, 138, &bbp); 5909 if (sc->ntxchains == 1) 5910 bbp |= 0x20; /* turn off DAC1 */ 5911 if (sc->nrxchains == 1) 5912 bbp &= ~0x02; /* turn off ADC1 */ 5913 run_bbp_write(sc, 138, bbp); 5914 5915 run_rt3070_rf_read(sc, 38, &rf); 5916 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5917 5918 run_rt3070_rf_read(sc, 39, &rf); 5919 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5920 5921 /* Avoid data lost and CRC error. */ 5922 run_bbp_read(sc, 4, &bbp); 5923 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5924 5925 run_rt3070_rf_read(sc, 30, &rf); 5926 rf = (rf & ~0x18) | 0x10; 5927 run_rt3070_rf_write(sc, 30, rf); 5928 5929 if (sc->mac_ver != 0x5592) { 5930 run_write(sc, RT2860_TX_SW_CFG1, 0); 5931 if (sc->mac_rev < 0x0211) { 5932 run_write(sc, RT2860_TX_SW_CFG2, 5933 sc->patch_dac ? 0x2c : 0x0f); 5934 } else 5935 run_write(sc, RT2860_TX_SW_CFG2, 0); 5936 } 5937 } 5938 5939 static int 5940 run_txrx_enable(struct run_softc *sc) 5941 { 5942 struct ieee80211com *ic = &sc->sc_ic; 5943 uint32_t tmp; 5944 int error, ntries; 5945 5946 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5947 for (ntries = 0; ntries < 200; ntries++) { 5948 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5949 return (error); 5950 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5951 break; 5952 run_delay(sc, 50); 5953 } 5954 if (ntries == 200) 5955 return (ETIMEDOUT); 5956 5957 run_delay(sc, 50); 5958 5959 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5960 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5961 5962 /* enable Rx bulk aggregation (set timeout and limit) */ 5963 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5964 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5965 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5966 5967 /* set Rx filter */ 5968 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5969 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5970 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5971 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5972 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5973 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5974 if (ic->ic_opmode == IEEE80211_M_STA) 5975 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5976 } 5977 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5978 5979 run_write(sc, RT2860_MAC_SYS_CTRL, 5980 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5981 5982 return (0); 5983 } 5984 5985 static void 5986 run_adjust_freq_offset(struct run_softc *sc) 5987 { 5988 uint8_t rf, tmp; 5989 5990 run_rt3070_rf_read(sc, 17, &rf); 5991 tmp = rf; 5992 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5993 rf = MIN(rf, 0x5f); 5994 5995 if (tmp != rf) 5996 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5997 } 5998 5999 static void 6000 run_init_locked(struct run_softc *sc) 6001 { 6002 struct ieee80211com *ic = &sc->sc_ic; 6003 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 6004 uint32_t tmp; 6005 uint8_t bbp1, bbp3; 6006 int i; 6007 int ridx; 6008 int ntries; 6009 6010 if (ic->ic_nrunning > 1) 6011 return; 6012 6013 run_stop(sc); 6014 6015 if (run_load_microcode(sc) != 0) { 6016 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 6017 goto fail; 6018 } 6019 6020 for (ntries = 0; ntries < 100; ntries++) { 6021 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 6022 goto fail; 6023 if (tmp != 0 && tmp != 0xffffffff) 6024 break; 6025 run_delay(sc, 10); 6026 } 6027 if (ntries == 100) 6028 goto fail; 6029 6030 for (i = 0; i != RUN_EP_QUEUES; i++) 6031 run_setup_tx_list(sc, &sc->sc_epq[i]); 6032 6033 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr); 6034 6035 for (ntries = 0; ntries < 100; ntries++) { 6036 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6037 goto fail; 6038 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6039 break; 6040 run_delay(sc, 10); 6041 } 6042 if (ntries == 100) { 6043 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6044 goto fail; 6045 } 6046 tmp &= 0xff0; 6047 tmp |= RT2860_TX_WB_DDONE; 6048 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6049 6050 /* turn off PME_OEN to solve high-current issue */ 6051 run_read(sc, RT2860_SYS_CTRL, &tmp); 6052 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6053 6054 run_write(sc, RT2860_MAC_SYS_CTRL, 6055 RT2860_BBP_HRST | RT2860_MAC_SRST); 6056 run_write(sc, RT2860_USB_DMA_CFG, 0); 6057 6058 if (run_reset(sc) != 0) { 6059 device_printf(sc->sc_dev, "could not reset chipset\n"); 6060 goto fail; 6061 } 6062 6063 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6064 6065 /* init Tx power for all Tx rates (from EEPROM) */ 6066 for (ridx = 0; ridx < 5; ridx++) { 6067 if (sc->txpow20mhz[ridx] == 0xffffffff) 6068 continue; 6069 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6070 } 6071 6072 for (i = 0; i < nitems(rt2870_def_mac); i++) 6073 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6074 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6075 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6076 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6077 6078 if (sc->mac_ver >= 0x5390) { 6079 run_write(sc, RT2860_TX_SW_CFG0, 6080 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6081 if (sc->mac_ver >= 0x5392) { 6082 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6083 if (sc->mac_ver == 0x5592) { 6084 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6085 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6086 } else { 6087 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6088 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6089 } 6090 } 6091 } else if (sc->mac_ver == 0x3593) { 6092 run_write(sc, RT2860_TX_SW_CFG0, 6093 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6094 } else if (sc->mac_ver >= 0x3070) { 6095 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6096 run_write(sc, RT2860_TX_SW_CFG0, 6097 4 << RT2860_DLY_PAPE_EN_SHIFT); 6098 } 6099 6100 /* wait while MAC is busy */ 6101 for (ntries = 0; ntries < 100; ntries++) { 6102 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6103 goto fail; 6104 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6105 break; 6106 run_delay(sc, 10); 6107 } 6108 if (ntries == 100) 6109 goto fail; 6110 6111 /* clear Host to MCU mailbox */ 6112 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6113 run_write(sc, RT2860_H2M_MAILBOX, 0); 6114 run_delay(sc, 10); 6115 6116 if (run_bbp_init(sc) != 0) { 6117 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6118 goto fail; 6119 } 6120 6121 /* abort TSF synchronization */ 6122 run_disable_tsf(sc); 6123 6124 /* clear RX WCID search table */ 6125 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6126 /* clear WCID attribute table */ 6127 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6128 6129 /* hostapd sets a key before init. So, don't clear it. */ 6130 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6131 /* clear shared key table */ 6132 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6133 /* clear shared key mode */ 6134 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6135 } 6136 6137 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6138 tmp = (tmp & ~0xff) | 0x1e; 6139 run_write(sc, RT2860_US_CYC_CNT, tmp); 6140 6141 if (sc->mac_rev != 0x0101) 6142 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6143 6144 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6145 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6146 6147 /* write vendor-specific BBP values (from EEPROM) */ 6148 if (sc->mac_ver < 0x3593) { 6149 for (i = 0; i < 10; i++) { 6150 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6151 continue; 6152 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6153 } 6154 } 6155 6156 /* select Main antenna for 1T1R devices */ 6157 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6158 run_set_rx_antenna(sc, 0); 6159 6160 /* send LEDs operating mode to microcontroller */ 6161 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6162 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6163 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6164 6165 if (sc->mac_ver >= 0x5390) 6166 run_rt5390_rf_init(sc); 6167 else if (sc->mac_ver == 0x3593) 6168 run_rt3593_rf_init(sc); 6169 else if (sc->mac_ver >= 0x3070) 6170 run_rt3070_rf_init(sc); 6171 6172 /* disable non-existing Rx chains */ 6173 run_bbp_read(sc, 3, &bbp3); 6174 bbp3 &= ~(1 << 3 | 1 << 4); 6175 if (sc->nrxchains == 2) 6176 bbp3 |= 1 << 3; 6177 else if (sc->nrxchains == 3) 6178 bbp3 |= 1 << 4; 6179 run_bbp_write(sc, 3, bbp3); 6180 6181 /* disable non-existing Tx chains */ 6182 run_bbp_read(sc, 1, &bbp1); 6183 if (sc->ntxchains == 1) 6184 bbp1 &= ~(1 << 3 | 1 << 4); 6185 run_bbp_write(sc, 1, bbp1); 6186 6187 if (sc->mac_ver >= 0x5390) 6188 run_rt5390_rf_setup(sc); 6189 else if (sc->mac_ver == 0x3593) 6190 run_rt3593_rf_setup(sc); 6191 else if (sc->mac_ver >= 0x3070) 6192 run_rt3070_rf_setup(sc); 6193 6194 /* select default channel */ 6195 run_set_chan(sc, ic->ic_curchan); 6196 6197 /* setup initial protection mode */ 6198 run_updateprot_cb(ic); 6199 6200 /* turn radio LED on */ 6201 run_set_leds(sc, RT2860_LED_RADIO); 6202 6203 sc->sc_flags |= RUN_RUNNING; 6204 sc->cmdq_run = RUN_CMDQ_GO; 6205 6206 for (i = 0; i != RUN_N_XFER; i++) 6207 usbd_xfer_set_stall(sc->sc_xfer[i]); 6208 6209 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6210 6211 if (run_txrx_enable(sc) != 0) 6212 goto fail; 6213 6214 return; 6215 6216 fail: 6217 run_stop(sc); 6218 } 6219 6220 static void 6221 run_stop(void *arg) 6222 { 6223 struct run_softc *sc = (struct run_softc *)arg; 6224 uint32_t tmp; 6225 int i; 6226 int ntries; 6227 6228 RUN_LOCK_ASSERT(sc, MA_OWNED); 6229 6230 if (sc->sc_flags & RUN_RUNNING) 6231 run_set_leds(sc, 0); /* turn all LEDs off */ 6232 6233 sc->sc_flags &= ~RUN_RUNNING; 6234 6235 sc->ratectl_run = RUN_RATECTL_OFF; 6236 sc->cmdq_run = sc->cmdq_key_set; 6237 6238 RUN_UNLOCK(sc); 6239 6240 for(i = 0; i < RUN_N_XFER; i++) 6241 usbd_transfer_drain(sc->sc_xfer[i]); 6242 6243 RUN_LOCK(sc); 6244 6245 run_drain_mbufq(sc); 6246 6247 if (sc->rx_m != NULL) { 6248 m_free(sc->rx_m); 6249 sc->rx_m = NULL; 6250 } 6251 6252 /* Disable Tx/Rx DMA. */ 6253 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6254 return; 6255 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6256 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6257 6258 for (ntries = 0; ntries < 100; ntries++) { 6259 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6260 return; 6261 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6262 break; 6263 run_delay(sc, 10); 6264 } 6265 if (ntries == 100) { 6266 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6267 return; 6268 } 6269 6270 /* disable Tx/Rx */ 6271 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6272 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6273 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6274 6275 /* wait for pending Tx to complete */ 6276 for (ntries = 0; ntries < 100; ntries++) { 6277 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6278 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6279 "Cannot read Tx queue count\n"); 6280 break; 6281 } 6282 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6283 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6284 "All Tx cleared\n"); 6285 break; 6286 } 6287 run_delay(sc, 10); 6288 } 6289 if (ntries >= 100) 6290 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET, 6291 "There are still pending Tx\n"); 6292 run_delay(sc, 10); 6293 run_write(sc, RT2860_USB_DMA_CFG, 0); 6294 6295 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6296 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6297 6298 for (i = 0; i != RUN_EP_QUEUES; i++) 6299 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6300 } 6301 6302 static void 6303 run_delay(struct run_softc *sc, u_int ms) 6304 { 6305 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6306 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6307 } 6308 6309 static device_method_t run_methods[] = { 6310 /* Device interface */ 6311 DEVMETHOD(device_probe, run_match), 6312 DEVMETHOD(device_attach, run_attach), 6313 DEVMETHOD(device_detach, run_detach), 6314 DEVMETHOD_END 6315 }; 6316 6317 static driver_t run_driver = { 6318 .name = "run", 6319 .methods = run_methods, 6320 .size = sizeof(struct run_softc) 6321 }; 6322 6323 static devclass_t run_devclass; 6324 6325 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6326 MODULE_DEPEND(run, wlan, 1, 1, 1); 6327 MODULE_DEPEND(run, usb, 1, 1, 1); 6328 MODULE_DEPEND(run, firmware, 1, 1, 1); 6329 MODULE_VERSION(run, 1); 6330 USB_PNP_HOST_INFO(run_devs); 6331