1 /*- 2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr> 3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca> 4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org> 5 * Copyright (c) 2013-2014 Kevin Lo 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __FBSDID("$FreeBSD$"); 22 23 /*- 24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver. 25 * http://www.ralinktech.com/ 26 */ 27 28 #include <sys/param.h> 29 #include <sys/sockio.h> 30 #include <sys/sysctl.h> 31 #include <sys/lock.h> 32 #include <sys/mutex.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/malloc.h> 38 #include <sys/module.h> 39 #include <sys/bus.h> 40 #include <sys/endian.h> 41 #include <sys/linker.h> 42 #include <sys/firmware.h> 43 #include <sys/kdb.h> 44 45 #include <machine/bus.h> 46 #include <machine/resource.h> 47 #include <sys/rman.h> 48 49 #include <net/bpf.h> 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/if_arp.h> 53 #include <net/ethernet.h> 54 #include <net/if_dl.h> 55 #include <net/if_media.h> 56 #include <net/if_types.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_systm.h> 60 #include <netinet/in_var.h> 61 #include <netinet/if_ether.h> 62 #include <netinet/ip.h> 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_regdomain.h> 66 #include <net80211/ieee80211_radiotap.h> 67 #include <net80211/ieee80211_ratectl.h> 68 69 #include <dev/usb/usb.h> 70 #include <dev/usb/usbdi.h> 71 #include "usbdevs.h" 72 73 #define USB_DEBUG_VAR run_debug 74 #include <dev/usb/usb_debug.h> 75 #include <dev/usb/usb_msctest.h> 76 77 #include <dev/usb/wlan/if_runreg.h> 78 #include <dev/usb/wlan/if_runvar.h> 79 80 #ifdef USB_DEBUG 81 #define RUN_DEBUG 82 #endif 83 84 #ifdef RUN_DEBUG 85 int run_debug = 0; 86 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run"); 87 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0, 88 "run debug level"); 89 #endif 90 91 #define IEEE80211_HAS_ADDR4(wh) \ 92 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS) 93 94 /* 95 * Because of LOR in run_key_delete(), use atomic instead. 96 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 97 */ 98 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ) 99 100 static const STRUCT_USB_HOST_ID run_devs[] = { 101 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } 102 #define RUN_DEV_EJECT(v,p) \ 103 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) } 104 #define RUN_EJECT 1 105 RUN_DEV(ABOCOM, RT2770), 106 RUN_DEV(ABOCOM, RT2870), 107 RUN_DEV(ABOCOM, RT3070), 108 RUN_DEV(ABOCOM, RT3071), 109 RUN_DEV(ABOCOM, RT3072), 110 RUN_DEV(ABOCOM2, RT2870_1), 111 RUN_DEV(ACCTON, RT2770), 112 RUN_DEV(ACCTON, RT2870_1), 113 RUN_DEV(ACCTON, RT2870_2), 114 RUN_DEV(ACCTON, RT2870_3), 115 RUN_DEV(ACCTON, RT2870_4), 116 RUN_DEV(ACCTON, RT2870_5), 117 RUN_DEV(ACCTON, RT3070), 118 RUN_DEV(ACCTON, RT3070_1), 119 RUN_DEV(ACCTON, RT3070_2), 120 RUN_DEV(ACCTON, RT3070_3), 121 RUN_DEV(ACCTON, RT3070_4), 122 RUN_DEV(ACCTON, RT3070_5), 123 RUN_DEV(AIRTIES, RT3070), 124 RUN_DEV(ALLWIN, RT2070), 125 RUN_DEV(ALLWIN, RT2770), 126 RUN_DEV(ALLWIN, RT2870), 127 RUN_DEV(ALLWIN, RT3070), 128 RUN_DEV(ALLWIN, RT3071), 129 RUN_DEV(ALLWIN, RT3072), 130 RUN_DEV(ALLWIN, RT3572), 131 RUN_DEV(AMIGO, RT2870_1), 132 RUN_DEV(AMIGO, RT2870_2), 133 RUN_DEV(AMIT, CGWLUSB2GNR), 134 RUN_DEV(AMIT, RT2870_1), 135 RUN_DEV(AMIT2, RT2870), 136 RUN_DEV(ASUS, RT2870_1), 137 RUN_DEV(ASUS, RT2870_2), 138 RUN_DEV(ASUS, RT2870_3), 139 RUN_DEV(ASUS, RT2870_4), 140 RUN_DEV(ASUS, RT2870_5), 141 RUN_DEV(ASUS, USBN13), 142 RUN_DEV(ASUS, RT3070_1), 143 RUN_DEV(ASUS, USBN66), 144 RUN_DEV(ASUS, USB_N53), 145 RUN_DEV(ASUS2, USBN11), 146 RUN_DEV(AZUREWAVE, RT2870_1), 147 RUN_DEV(AZUREWAVE, RT2870_2), 148 RUN_DEV(AZUREWAVE, RT3070_1), 149 RUN_DEV(AZUREWAVE, RT3070_2), 150 RUN_DEV(AZUREWAVE, RT3070_3), 151 RUN_DEV(BELKIN, F9L1103), 152 RUN_DEV(BELKIN, F5D8053V3), 153 RUN_DEV(BELKIN, F5D8055), 154 RUN_DEV(BELKIN, F5D8055V2), 155 RUN_DEV(BELKIN, F6D4050V1), 156 RUN_DEV(BELKIN, F6D4050V2), 157 RUN_DEV(BELKIN, RT2870_1), 158 RUN_DEV(BELKIN, RT2870_2), 159 RUN_DEV(CISCOLINKSYS, AE1000), 160 RUN_DEV(CISCOLINKSYS2, RT3070), 161 RUN_DEV(CISCOLINKSYS3, RT3070), 162 RUN_DEV(CONCEPTRONIC2, RT2870_1), 163 RUN_DEV(CONCEPTRONIC2, RT2870_2), 164 RUN_DEV(CONCEPTRONIC2, RT2870_3), 165 RUN_DEV(CONCEPTRONIC2, RT2870_4), 166 RUN_DEV(CONCEPTRONIC2, RT2870_5), 167 RUN_DEV(CONCEPTRONIC2, RT2870_6), 168 RUN_DEV(CONCEPTRONIC2, RT2870_7), 169 RUN_DEV(CONCEPTRONIC2, RT2870_8), 170 RUN_DEV(CONCEPTRONIC2, RT3070_1), 171 RUN_DEV(CONCEPTRONIC2, RT3070_2), 172 RUN_DEV(CONCEPTRONIC2, VIGORN61), 173 RUN_DEV(COREGA, CGWLUSB300GNM), 174 RUN_DEV(COREGA, RT2870_1), 175 RUN_DEV(COREGA, RT2870_2), 176 RUN_DEV(COREGA, RT2870_3), 177 RUN_DEV(COREGA, RT3070), 178 RUN_DEV(CYBERTAN, RT2870), 179 RUN_DEV(DLINK, RT2870), 180 RUN_DEV(DLINK, RT3072), 181 RUN_DEV(DLINK, DWA127), 182 RUN_DEV(DLINK, DWA140B3), 183 RUN_DEV(DLINK, DWA160B2), 184 RUN_DEV(DLINK, DWA140D1), 185 RUN_DEV(DLINK, DWA162), 186 RUN_DEV(DLINK2, DWA130), 187 RUN_DEV(DLINK2, RT2870_1), 188 RUN_DEV(DLINK2, RT2870_2), 189 RUN_DEV(DLINK2, RT3070_1), 190 RUN_DEV(DLINK2, RT3070_2), 191 RUN_DEV(DLINK2, RT3070_3), 192 RUN_DEV(DLINK2, RT3070_4), 193 RUN_DEV(DLINK2, RT3070_5), 194 RUN_DEV(DLINK2, RT3072), 195 RUN_DEV(DLINK2, RT3072_1), 196 RUN_DEV(EDIMAX, EW7717), 197 RUN_DEV(EDIMAX, EW7718), 198 RUN_DEV(EDIMAX, EW7733UND), 199 RUN_DEV(EDIMAX, RT2870_1), 200 RUN_DEV(ENCORE, RT3070_1), 201 RUN_DEV(ENCORE, RT3070_2), 202 RUN_DEV(ENCORE, RT3070_3), 203 RUN_DEV(GIGABYTE, GNWB31N), 204 RUN_DEV(GIGABYTE, GNWB32L), 205 RUN_DEV(GIGABYTE, RT2870_1), 206 RUN_DEV(GIGASET, RT3070_1), 207 RUN_DEV(GIGASET, RT3070_2), 208 RUN_DEV(GUILLEMOT, HWNU300), 209 RUN_DEV(HAWKING, HWUN2), 210 RUN_DEV(HAWKING, RT2870_1), 211 RUN_DEV(HAWKING, RT2870_2), 212 RUN_DEV(HAWKING, RT3070), 213 RUN_DEV(IODATA, RT3072_1), 214 RUN_DEV(IODATA, RT3072_2), 215 RUN_DEV(IODATA, RT3072_3), 216 RUN_DEV(IODATA, RT3072_4), 217 RUN_DEV(LINKSYS4, RT3070), 218 RUN_DEV(LINKSYS4, WUSB100), 219 RUN_DEV(LINKSYS4, WUSB54GCV3), 220 RUN_DEV(LINKSYS4, WUSB600N), 221 RUN_DEV(LINKSYS4, WUSB600NV2), 222 RUN_DEV(LOGITEC, RT2870_1), 223 RUN_DEV(LOGITEC, RT2870_2), 224 RUN_DEV(LOGITEC, RT2870_3), 225 RUN_DEV(LOGITEC, LANW300NU2), 226 RUN_DEV(LOGITEC, LANW150NU2), 227 RUN_DEV(LOGITEC, LANW300NU2S), 228 RUN_DEV(MELCO, WLIUCG300HP), 229 RUN_DEV(MELCO, RT2870_2), 230 RUN_DEV(MELCO, WLIUCAG300N), 231 RUN_DEV(MELCO, WLIUCG300N), 232 RUN_DEV(MELCO, WLIUCG301N), 233 RUN_DEV(MELCO, WLIUCGN), 234 RUN_DEV(MELCO, WLIUCGNM), 235 RUN_DEV(MELCO, WLIUCG300HPV1), 236 RUN_DEV(MELCO, WLIUCGNM2), 237 RUN_DEV(MOTOROLA4, RT2770), 238 RUN_DEV(MOTOROLA4, RT3070), 239 RUN_DEV(MSI, RT3070_1), 240 RUN_DEV(MSI, RT3070_2), 241 RUN_DEV(MSI, RT3070_3), 242 RUN_DEV(MSI, RT3070_4), 243 RUN_DEV(MSI, RT3070_5), 244 RUN_DEV(MSI, RT3070_6), 245 RUN_DEV(MSI, RT3070_7), 246 RUN_DEV(MSI, RT3070_8), 247 RUN_DEV(MSI, RT3070_9), 248 RUN_DEV(MSI, RT3070_10), 249 RUN_DEV(MSI, RT3070_11), 250 RUN_DEV(OVISLINK, RT3072), 251 RUN_DEV(PARA, RT3070), 252 RUN_DEV(PEGATRON, RT2870), 253 RUN_DEV(PEGATRON, RT3070), 254 RUN_DEV(PEGATRON, RT3070_2), 255 RUN_DEV(PEGATRON, RT3070_3), 256 RUN_DEV(PHILIPS, RT2870), 257 RUN_DEV(PLANEX2, GWUS300MINIS), 258 RUN_DEV(PLANEX2, GWUSMICRON), 259 RUN_DEV(PLANEX2, RT2870), 260 RUN_DEV(PLANEX2, RT3070), 261 RUN_DEV(QCOM, RT2870), 262 RUN_DEV(QUANTA, RT3070), 263 RUN_DEV(RALINK, RT2070), 264 RUN_DEV(RALINK, RT2770), 265 RUN_DEV(RALINK, RT2870), 266 RUN_DEV(RALINK, RT3070), 267 RUN_DEV(RALINK, RT3071), 268 RUN_DEV(RALINK, RT3072), 269 RUN_DEV(RALINK, RT3370), 270 RUN_DEV(RALINK, RT3572), 271 RUN_DEV(RALINK, RT3573), 272 RUN_DEV(RALINK, RT5370), 273 RUN_DEV(RALINK, RT5572), 274 RUN_DEV(RALINK, RT8070), 275 RUN_DEV(SAMSUNG, WIS09ABGN), 276 RUN_DEV(SAMSUNG2, RT2870_1), 277 RUN_DEV(SENAO, RT2870_1), 278 RUN_DEV(SENAO, RT2870_2), 279 RUN_DEV(SENAO, RT2870_3), 280 RUN_DEV(SENAO, RT2870_4), 281 RUN_DEV(SENAO, RT3070), 282 RUN_DEV(SENAO, RT3071), 283 RUN_DEV(SENAO, RT3072_1), 284 RUN_DEV(SENAO, RT3072_2), 285 RUN_DEV(SENAO, RT3072_3), 286 RUN_DEV(SENAO, RT3072_4), 287 RUN_DEV(SENAO, RT3072_5), 288 RUN_DEV(SITECOMEU, RT2770), 289 RUN_DEV(SITECOMEU, RT2870_1), 290 RUN_DEV(SITECOMEU, RT2870_2), 291 RUN_DEV(SITECOMEU, RT2870_3), 292 RUN_DEV(SITECOMEU, RT2870_4), 293 RUN_DEV(SITECOMEU, RT3070), 294 RUN_DEV(SITECOMEU, RT3070_2), 295 RUN_DEV(SITECOMEU, RT3070_3), 296 RUN_DEV(SITECOMEU, RT3070_4), 297 RUN_DEV(SITECOMEU, RT3071), 298 RUN_DEV(SITECOMEU, RT3072_1), 299 RUN_DEV(SITECOMEU, RT3072_2), 300 RUN_DEV(SITECOMEU, RT3072_3), 301 RUN_DEV(SITECOMEU, RT3072_4), 302 RUN_DEV(SITECOMEU, RT3072_5), 303 RUN_DEV(SITECOMEU, RT3072_6), 304 RUN_DEV(SITECOMEU, WL608), 305 RUN_DEV(SPARKLAN, RT2870_1), 306 RUN_DEV(SPARKLAN, RT3070), 307 RUN_DEV(SWEEX2, LW153), 308 RUN_DEV(SWEEX2, LW303), 309 RUN_DEV(SWEEX2, LW313), 310 RUN_DEV(TOSHIBA, RT3070), 311 RUN_DEV(UMEDIA, RT2870_1), 312 RUN_DEV(ZCOM, RT2870_1), 313 RUN_DEV(ZCOM, RT2870_2), 314 RUN_DEV(ZINWELL, RT2870_1), 315 RUN_DEV(ZINWELL, RT2870_2), 316 RUN_DEV(ZINWELL, RT3070), 317 RUN_DEV(ZINWELL, RT3072_1), 318 RUN_DEV(ZINWELL, RT3072_2), 319 RUN_DEV(ZYXEL, RT2870_1), 320 RUN_DEV(ZYXEL, RT2870_2), 321 RUN_DEV(ZYXEL, RT3070), 322 RUN_DEV_EJECT(ZYXEL, NWD2705), 323 RUN_DEV_EJECT(RALINK, RT_STOR), 324 #undef RUN_DEV_EJECT 325 #undef RUN_DEV 326 }; 327 328 static device_probe_t run_match; 329 static device_attach_t run_attach; 330 static device_detach_t run_detach; 331 332 static usb_callback_t run_bulk_rx_callback; 333 static usb_callback_t run_bulk_tx_callback0; 334 static usb_callback_t run_bulk_tx_callback1; 335 static usb_callback_t run_bulk_tx_callback2; 336 static usb_callback_t run_bulk_tx_callback3; 337 static usb_callback_t run_bulk_tx_callback4; 338 static usb_callback_t run_bulk_tx_callback5; 339 340 static void run_autoinst(void *, struct usb_device *, 341 struct usb_attach_arg *); 342 static int run_driver_loaded(struct module *, int, void *); 343 static void run_bulk_tx_callbackN(struct usb_xfer *xfer, 344 usb_error_t error, u_int index); 345 static struct ieee80211vap *run_vap_create(struct ieee80211com *, 346 const char [IFNAMSIZ], int, enum ieee80211_opmode, int, 347 const uint8_t [IEEE80211_ADDR_LEN], 348 const uint8_t [IEEE80211_ADDR_LEN]); 349 static void run_vap_delete(struct ieee80211vap *); 350 static void run_cmdq_cb(void *, int); 351 static void run_setup_tx_list(struct run_softc *, 352 struct run_endpoint_queue *); 353 static void run_unsetup_tx_list(struct run_softc *, 354 struct run_endpoint_queue *); 355 static int run_load_microcode(struct run_softc *); 356 static int run_reset(struct run_softc *); 357 static usb_error_t run_do_request(struct run_softc *, 358 struct usb_device_request *, void *); 359 static int run_read(struct run_softc *, uint16_t, uint32_t *); 360 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int); 361 static int run_write_2(struct run_softc *, uint16_t, uint16_t); 362 static int run_write(struct run_softc *, uint16_t, uint32_t); 363 static int run_write_region_1(struct run_softc *, uint16_t, 364 const uint8_t *, int); 365 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int); 366 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int); 367 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *); 368 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *); 369 static int run_rt2870_rf_write(struct run_softc *, uint32_t); 370 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *); 371 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t); 372 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *); 373 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t); 374 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t); 375 static const char *run_get_rf(uint16_t); 376 static void run_rt3593_get_txpower(struct run_softc *); 377 static void run_get_txpower(struct run_softc *); 378 static int run_read_eeprom(struct run_softc *); 379 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *, 380 const uint8_t mac[IEEE80211_ADDR_LEN]); 381 static int run_media_change(struct ifnet *); 382 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int); 383 static int run_wme_update(struct ieee80211com *); 384 static void run_wme_update_cb(void *); 385 static void run_key_update_begin(struct ieee80211vap *); 386 static void run_key_update_end(struct ieee80211vap *); 387 static void run_key_set_cb(void *); 388 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *, 389 const uint8_t mac[IEEE80211_ADDR_LEN]); 390 static void run_key_delete_cb(void *); 391 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *); 392 static void run_ratectl_to(void *); 393 static void run_ratectl_cb(void *, int); 394 static void run_drain_fifo(void *); 395 static void run_iter_func(void *, struct ieee80211_node *); 396 static void run_newassoc_cb(void *); 397 static void run_newassoc(struct ieee80211_node *, int); 398 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t); 399 static void run_tx_free(struct run_endpoint_queue *pq, 400 struct run_tx_data *, int); 401 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *); 402 static int run_tx(struct run_softc *, struct mbuf *, 403 struct ieee80211_node *); 404 static int run_tx_mgt(struct run_softc *, struct mbuf *, 405 struct ieee80211_node *); 406 static int run_sendprot(struct run_softc *, const struct mbuf *, 407 struct ieee80211_node *, int, int); 408 static int run_tx_param(struct run_softc *, struct mbuf *, 409 struct ieee80211_node *, 410 const struct ieee80211_bpf_params *); 411 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *, 412 const struct ieee80211_bpf_params *); 413 static void run_start(struct ifnet *); 414 static int run_ioctl(struct ifnet *, u_long, caddr_t); 415 static void run_iq_calib(struct run_softc *, u_int); 416 static void run_set_agc(struct run_softc *, uint8_t); 417 static void run_select_chan_group(struct run_softc *, int); 418 static void run_set_rx_antenna(struct run_softc *, int); 419 static void run_rt2870_set_chan(struct run_softc *, u_int); 420 static void run_rt3070_set_chan(struct run_softc *, u_int); 421 static void run_rt3572_set_chan(struct run_softc *, u_int); 422 static void run_rt3593_set_chan(struct run_softc *, u_int); 423 static void run_rt5390_set_chan(struct run_softc *, u_int); 424 static void run_rt5592_set_chan(struct run_softc *, u_int); 425 static int run_set_chan(struct run_softc *, struct ieee80211_channel *); 426 static void run_set_channel(struct ieee80211com *); 427 static void run_scan_start(struct ieee80211com *); 428 static void run_scan_end(struct ieee80211com *); 429 static void run_update_beacon(struct ieee80211vap *, int); 430 static void run_update_beacon_cb(void *); 431 static void run_updateprot(struct ieee80211com *); 432 static void run_updateprot_cb(void *); 433 static void run_usb_timeout_cb(void *); 434 static void run_reset_livelock(struct run_softc *); 435 static void run_enable_tsf_sync(struct run_softc *); 436 static void run_enable_mrr(struct run_softc *); 437 static void run_set_txpreamble(struct run_softc *); 438 static void run_set_basicrates(struct run_softc *); 439 static void run_set_leds(struct run_softc *, uint16_t); 440 static void run_set_bssid(struct run_softc *, const uint8_t *); 441 static void run_set_macaddr(struct run_softc *, const uint8_t *); 442 static void run_updateslot(struct ifnet *); 443 static void run_updateslot_cb(void *); 444 static void run_update_mcast(struct ifnet *); 445 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t); 446 static void run_update_promisc_locked(struct ifnet *); 447 static void run_update_promisc(struct ifnet *); 448 static void run_rt5390_bbp_init(struct run_softc *); 449 static int run_bbp_init(struct run_softc *); 450 static int run_rt3070_rf_init(struct run_softc *); 451 static void run_rt3593_rf_init(struct run_softc *); 452 static void run_rt5390_rf_init(struct run_softc *); 453 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t, 454 uint8_t *); 455 static void run_rt3070_rf_setup(struct run_softc *); 456 static void run_rt3593_rf_setup(struct run_softc *); 457 static void run_rt5390_rf_setup(struct run_softc *); 458 static int run_txrx_enable(struct run_softc *); 459 static void run_adjust_freq_offset(struct run_softc *); 460 static void run_init(void *); 461 static void run_init_locked(struct run_softc *); 462 static void run_stop(void *); 463 static void run_delay(struct run_softc *, u_int); 464 465 static eventhandler_tag run_etag; 466 467 static const struct rt2860_rate { 468 uint8_t rate; 469 uint8_t mcs; 470 enum ieee80211_phytype phy; 471 uint8_t ctl_ridx; 472 uint16_t sp_ack_dur; 473 uint16_t lp_ack_dur; 474 } rt2860_rates[] = { 475 { 2, 0, IEEE80211_T_DS, 0, 314, 314 }, 476 { 4, 1, IEEE80211_T_DS, 1, 258, 162 }, 477 { 11, 2, IEEE80211_T_DS, 2, 223, 127 }, 478 { 22, 3, IEEE80211_T_DS, 3, 213, 117 }, 479 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 }, 480 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 }, 481 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 }, 482 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 }, 483 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 }, 484 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 }, 485 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 }, 486 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 } 487 }; 488 489 static const struct { 490 uint16_t reg; 491 uint32_t val; 492 } rt2870_def_mac[] = { 493 RT2870_DEF_MAC 494 }; 495 496 static const struct { 497 uint8_t reg; 498 uint8_t val; 499 } rt2860_def_bbp[] = { 500 RT2860_DEF_BBP 501 },rt5390_def_bbp[] = { 502 RT5390_DEF_BBP 503 },rt5592_def_bbp[] = { 504 RT5592_DEF_BBP 505 }; 506 507 /* 508 * Default values for BBP register R196 for RT5592. 509 */ 510 static const uint8_t rt5592_bbp_r196[] = { 511 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00, 512 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36, 513 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40, 514 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41, 515 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16, 516 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00, 517 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 518 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c, 519 0x2e, 0x36, 0x30, 0x6e 520 }; 521 522 static const struct rfprog { 523 uint8_t chan; 524 uint32_t r1, r2, r3, r4; 525 } rt2860_rf2850[] = { 526 RT2860_RF2850 527 }; 528 529 struct { 530 uint8_t n, r, k; 531 } rt3070_freqs[] = { 532 RT3070_RF3052 533 }; 534 535 static const struct rt5592_freqs { 536 uint16_t n; 537 uint8_t k, m, r; 538 } rt5592_freqs_20mhz[] = { 539 RT5592_RF5592_20MHZ 540 },rt5592_freqs_40mhz[] = { 541 RT5592_RF5592_40MHZ 542 }; 543 544 static const struct { 545 uint8_t reg; 546 uint8_t val; 547 } rt3070_def_rf[] = { 548 RT3070_DEF_RF 549 },rt3572_def_rf[] = { 550 RT3572_DEF_RF 551 },rt3593_def_rf[] = { 552 RT3593_DEF_RF 553 },rt5390_def_rf[] = { 554 RT5390_DEF_RF 555 },rt5392_def_rf[] = { 556 RT5392_DEF_RF 557 },rt5592_def_rf[] = { 558 RT5592_DEF_RF 559 },rt5592_2ghz_def_rf[] = { 560 RT5592_2GHZ_DEF_RF 561 },rt5592_5ghz_def_rf[] = { 562 RT5592_5GHZ_DEF_RF 563 }; 564 565 static const struct { 566 u_int firstchan; 567 u_int lastchan; 568 uint8_t reg; 569 uint8_t val; 570 } rt5592_chan_5ghz[] = { 571 RT5592_CHAN_5GHZ 572 }; 573 574 static const struct usb_config run_config[RUN_N_XFER] = { 575 [RUN_BULK_TX_BE] = { 576 .type = UE_BULK, 577 .endpoint = UE_ADDR_ANY, 578 .ep_index = 0, 579 .direction = UE_DIR_OUT, 580 .bufsize = RUN_MAX_TXSZ, 581 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 582 .callback = run_bulk_tx_callback0, 583 .timeout = 5000, /* ms */ 584 }, 585 [RUN_BULK_TX_BK] = { 586 .type = UE_BULK, 587 .endpoint = UE_ADDR_ANY, 588 .direction = UE_DIR_OUT, 589 .ep_index = 1, 590 .bufsize = RUN_MAX_TXSZ, 591 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 592 .callback = run_bulk_tx_callback1, 593 .timeout = 5000, /* ms */ 594 }, 595 [RUN_BULK_TX_VI] = { 596 .type = UE_BULK, 597 .endpoint = UE_ADDR_ANY, 598 .direction = UE_DIR_OUT, 599 .ep_index = 2, 600 .bufsize = RUN_MAX_TXSZ, 601 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 602 .callback = run_bulk_tx_callback2, 603 .timeout = 5000, /* ms */ 604 }, 605 [RUN_BULK_TX_VO] = { 606 .type = UE_BULK, 607 .endpoint = UE_ADDR_ANY, 608 .direction = UE_DIR_OUT, 609 .ep_index = 3, 610 .bufsize = RUN_MAX_TXSZ, 611 .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, 612 .callback = run_bulk_tx_callback3, 613 .timeout = 5000, /* ms */ 614 }, 615 [RUN_BULK_TX_HCCA] = { 616 .type = UE_BULK, 617 .endpoint = UE_ADDR_ANY, 618 .direction = UE_DIR_OUT, 619 .ep_index = 4, 620 .bufsize = RUN_MAX_TXSZ, 621 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 622 .callback = run_bulk_tx_callback4, 623 .timeout = 5000, /* ms */ 624 }, 625 [RUN_BULK_TX_PRIO] = { 626 .type = UE_BULK, 627 .endpoint = UE_ADDR_ANY, 628 .direction = UE_DIR_OUT, 629 .ep_index = 5, 630 .bufsize = RUN_MAX_TXSZ, 631 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,}, 632 .callback = run_bulk_tx_callback5, 633 .timeout = 5000, /* ms */ 634 }, 635 [RUN_BULK_RX] = { 636 .type = UE_BULK, 637 .endpoint = UE_ADDR_ANY, 638 .direction = UE_DIR_IN, 639 .bufsize = RUN_MAX_RXSZ, 640 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,}, 641 .callback = run_bulk_rx_callback, 642 } 643 }; 644 645 static void 646 run_autoinst(void *arg, struct usb_device *udev, 647 struct usb_attach_arg *uaa) 648 { 649 struct usb_interface *iface; 650 struct usb_interface_descriptor *id; 651 652 if (uaa->dev_state != UAA_DEV_READY) 653 return; 654 655 iface = usbd_get_iface(udev, 0); 656 if (iface == NULL) 657 return; 658 id = iface->idesc; 659 if (id == NULL || id->bInterfaceClass != UICLASS_MASS) 660 return; 661 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)) 662 return; 663 664 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0) 665 uaa->dev_state = UAA_DEV_EJECTING; 666 } 667 668 static int 669 run_driver_loaded(struct module *mod, int what, void *arg) 670 { 671 switch (what) { 672 case MOD_LOAD: 673 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured, 674 run_autoinst, NULL, EVENTHANDLER_PRI_ANY); 675 break; 676 case MOD_UNLOAD: 677 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag); 678 break; 679 default: 680 return (EOPNOTSUPP); 681 } 682 return (0); 683 } 684 685 static int 686 run_match(device_t self) 687 { 688 struct usb_attach_arg *uaa = device_get_ivars(self); 689 690 if (uaa->usb_mode != USB_MODE_HOST) 691 return (ENXIO); 692 if (uaa->info.bConfigIndex != 0) 693 return (ENXIO); 694 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX) 695 return (ENXIO); 696 697 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa)); 698 } 699 700 static int 701 run_attach(device_t self) 702 { 703 struct run_softc *sc = device_get_softc(self); 704 struct usb_attach_arg *uaa = device_get_ivars(self); 705 struct ieee80211com *ic; 706 struct ifnet *ifp; 707 uint32_t ver; 708 int ntries, error; 709 uint8_t iface_index, bands; 710 711 device_set_usb_desc(self); 712 sc->sc_udev = uaa->device; 713 sc->sc_dev = self; 714 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT) 715 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED; 716 717 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev), 718 MTX_NETWORK_LOCK, MTX_DEF); 719 720 iface_index = RT2860_IFACE_INDEX; 721 722 error = usbd_transfer_setup(uaa->device, &iface_index, 723 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx); 724 if (error) { 725 device_printf(self, "could not allocate USB transfers, " 726 "err=%s\n", usbd_errstr(error)); 727 goto detach; 728 } 729 730 RUN_LOCK(sc); 731 732 /* wait for the chip to settle */ 733 for (ntries = 0; ntries < 100; ntries++) { 734 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) { 735 RUN_UNLOCK(sc); 736 goto detach; 737 } 738 if (ver != 0 && ver != 0xffffffff) 739 break; 740 run_delay(sc, 10); 741 } 742 if (ntries == 100) { 743 device_printf(sc->sc_dev, 744 "timeout waiting for NIC to initialize\n"); 745 RUN_UNLOCK(sc); 746 goto detach; 747 } 748 sc->mac_ver = ver >> 16; 749 sc->mac_rev = ver & 0xffff; 750 751 /* retrieve RF rev. no and various other things from EEPROM */ 752 run_read_eeprom(sc); 753 754 device_printf(sc->sc_dev, 755 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n", 756 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev), 757 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid)); 758 759 RUN_UNLOCK(sc); 760 761 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211); 762 if (ifp == NULL) { 763 device_printf(sc->sc_dev, "can not if_alloc()\n"); 764 goto detach; 765 } 766 ic = ifp->if_l2com; 767 768 ifp->if_softc = sc; 769 if_initname(ifp, "run", device_get_unit(sc->sc_dev)); 770 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 771 ifp->if_init = run_init; 772 ifp->if_ioctl = run_ioctl; 773 ifp->if_start = run_start; 774 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 775 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen; 776 IFQ_SET_READY(&ifp->if_snd); 777 778 ic->ic_ifp = ifp; 779 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 780 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 781 782 /* set device capabilities */ 783 ic->ic_caps = 784 IEEE80211_C_STA | /* station mode supported */ 785 IEEE80211_C_MONITOR | /* monitor mode supported */ 786 IEEE80211_C_IBSS | 787 IEEE80211_C_HOSTAP | 788 IEEE80211_C_WDS | /* 4-address traffic works */ 789 IEEE80211_C_MBSS | 790 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 791 IEEE80211_C_SHSLOT | /* short slot time supported */ 792 IEEE80211_C_WME | /* WME */ 793 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */ 794 795 ic->ic_cryptocaps = 796 IEEE80211_CRYPTO_WEP | 797 IEEE80211_CRYPTO_AES_CCM | 798 IEEE80211_CRYPTO_TKIPMIC | 799 IEEE80211_CRYPTO_TKIP; 800 801 ic->ic_flags |= IEEE80211_F_DATAPAD; 802 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; 803 804 bands = 0; 805 setbit(&bands, IEEE80211_MODE_11B); 806 setbit(&bands, IEEE80211_MODE_11G); 807 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 || 808 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 || 809 sc->rf_rev == RT5592_RF_5592) 810 setbit(&bands, IEEE80211_MODE_11A); 811 ieee80211_init_channels(ic, NULL, &bands); 812 813 ieee80211_ifattach(ic, sc->sc_bssid); 814 815 ic->ic_scan_start = run_scan_start; 816 ic->ic_scan_end = run_scan_end; 817 ic->ic_set_channel = run_set_channel; 818 ic->ic_node_alloc = run_node_alloc; 819 ic->ic_newassoc = run_newassoc; 820 ic->ic_updateslot = run_updateslot; 821 ic->ic_update_mcast = run_update_mcast; 822 ic->ic_wme.wme_update = run_wme_update; 823 ic->ic_raw_xmit = run_raw_xmit; 824 ic->ic_update_promisc = run_update_promisc; 825 826 ic->ic_vap_create = run_vap_create; 827 ic->ic_vap_delete = run_vap_delete; 828 829 ieee80211_radiotap_attach(ic, 830 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap), 831 RUN_TX_RADIOTAP_PRESENT, 832 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap), 833 RUN_RX_RADIOTAP_PRESENT); 834 835 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc); 836 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc); 837 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0); 838 839 if (bootverbose) 840 ieee80211_announce(ic); 841 842 return (0); 843 844 detach: 845 run_detach(self); 846 return (ENXIO); 847 } 848 849 static int 850 run_detach(device_t self) 851 { 852 struct run_softc *sc = device_get_softc(self); 853 struct ifnet *ifp = sc->sc_ifp; 854 struct ieee80211com *ic; 855 int i; 856 857 RUN_LOCK(sc); 858 sc->sc_detached = 1; 859 RUN_UNLOCK(sc); 860 861 /* stop all USB transfers */ 862 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER); 863 864 RUN_LOCK(sc); 865 sc->ratectl_run = RUN_RATECTL_OFF; 866 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT; 867 868 /* free TX list, if any */ 869 for (i = 0; i != RUN_EP_QUEUES; i++) 870 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 871 RUN_UNLOCK(sc); 872 873 if (ifp) { 874 ic = ifp->if_l2com; 875 /* drain tasks */ 876 usb_callout_drain(&sc->ratectl_ch); 877 ieee80211_draintask(ic, &sc->cmdq_task); 878 ieee80211_draintask(ic, &sc->ratectl_task); 879 ieee80211_ifdetach(ic); 880 if_free(ifp); 881 } 882 883 mtx_destroy(&sc->sc_mtx); 884 885 return (0); 886 } 887 888 static struct ieee80211vap * 889 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit, 890 enum ieee80211_opmode opmode, int flags, 891 const uint8_t bssid[IEEE80211_ADDR_LEN], 892 const uint8_t mac[IEEE80211_ADDR_LEN]) 893 { 894 struct ifnet *ifp = ic->ic_ifp; 895 struct run_softc *sc = ifp->if_softc; 896 struct run_vap *rvp; 897 struct ieee80211vap *vap; 898 int i; 899 900 if (sc->rvp_cnt >= RUN_VAP_MAX) { 901 if_printf(ifp, "number of VAPs maxed out\n"); 902 return (NULL); 903 } 904 905 switch (opmode) { 906 case IEEE80211_M_STA: 907 /* enable s/w bmiss handling for sta mode */ 908 flags |= IEEE80211_CLONE_NOBEACONS; 909 /* fall though */ 910 case IEEE80211_M_IBSS: 911 case IEEE80211_M_MONITOR: 912 case IEEE80211_M_HOSTAP: 913 case IEEE80211_M_MBSS: 914 /* other than WDS vaps, only one at a time */ 915 if (!TAILQ_EMPTY(&ic->ic_vaps)) 916 return (NULL); 917 break; 918 case IEEE80211_M_WDS: 919 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){ 920 if(vap->iv_opmode != IEEE80211_M_HOSTAP) 921 continue; 922 /* WDS vap's always share the local mac address. */ 923 flags &= ~IEEE80211_CLONE_BSSID; 924 break; 925 } 926 if (vap == NULL) { 927 if_printf(ifp, "wds only supported in ap mode\n"); 928 return (NULL); 929 } 930 break; 931 default: 932 if_printf(ifp, "unknown opmode %d\n", opmode); 933 return (NULL); 934 } 935 936 rvp = (struct run_vap *) malloc(sizeof(struct run_vap), 937 M_80211_VAP, M_NOWAIT | M_ZERO); 938 if (rvp == NULL) 939 return (NULL); 940 vap = &rvp->vap; 941 942 if (ieee80211_vap_setup(ic, vap, name, unit, 943 opmode, flags, bssid, mac) != 0) { 944 /* out of memory */ 945 free(rvp, M_80211_VAP); 946 return (NULL); 947 } 948 949 vap->iv_key_update_begin = run_key_update_begin; 950 vap->iv_key_update_end = run_key_update_end; 951 vap->iv_update_beacon = run_update_beacon; 952 vap->iv_max_aid = RT2870_WCID_MAX; 953 /* 954 * To delete the right key from h/w, we need wcid. 955 * Luckily, there is unused space in ieee80211_key{}, wk_pad, 956 * and matching wcid will be written into there. So, cast 957 * some spells to remove 'const' from ieee80211_key{} 958 */ 959 vap->iv_key_delete = (void *)run_key_delete; 960 vap->iv_key_set = (void *)run_key_set; 961 962 /* override state transition machine */ 963 rvp->newstate = vap->iv_newstate; 964 vap->iv_newstate = run_newstate; 965 966 ieee80211_ratectl_init(vap); 967 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */); 968 969 /* complete setup */ 970 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status); 971 972 /* make sure id is always unique */ 973 for (i = 0; i < RUN_VAP_MAX; i++) { 974 if((sc->rvp_bmap & 1 << i) == 0){ 975 sc->rvp_bmap |= 1 << i; 976 rvp->rvp_id = i; 977 break; 978 } 979 } 980 if (sc->rvp_cnt++ == 0) 981 ic->ic_opmode = opmode; 982 983 if (opmode == IEEE80211_M_HOSTAP) 984 sc->cmdq_run = RUN_CMDQ_GO; 985 986 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n", 987 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt); 988 989 return (vap); 990 } 991 992 static void 993 run_vap_delete(struct ieee80211vap *vap) 994 { 995 struct run_vap *rvp = RUN_VAP(vap); 996 struct ifnet *ifp; 997 struct ieee80211com *ic; 998 struct run_softc *sc; 999 uint8_t rvp_id; 1000 1001 if (vap == NULL) 1002 return; 1003 1004 ic = vap->iv_ic; 1005 ifp = ic->ic_ifp; 1006 1007 sc = ifp->if_softc; 1008 1009 RUN_LOCK(sc); 1010 1011 m_freem(rvp->beacon_mbuf); 1012 rvp->beacon_mbuf = NULL; 1013 1014 rvp_id = rvp->rvp_id; 1015 sc->ratectl_run &= ~(1 << rvp_id); 1016 sc->rvp_bmap &= ~(1 << rvp_id); 1017 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128); 1018 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512); 1019 --sc->rvp_cnt; 1020 1021 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n", 1022 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt); 1023 1024 RUN_UNLOCK(sc); 1025 1026 ieee80211_ratectl_deinit(vap); 1027 ieee80211_vap_detach(vap); 1028 free(rvp, M_80211_VAP); 1029 } 1030 1031 /* 1032 * There are numbers of functions need to be called in context thread. 1033 * Rather than creating taskqueue event for each of those functions, 1034 * here is all-for-one taskqueue callback function. This function 1035 * gurantees deferred functions are executed in the same order they 1036 * were enqueued. 1037 * '& RUN_CMDQ_MASQ' is to loop cmdq[]. 1038 */ 1039 static void 1040 run_cmdq_cb(void *arg, int pending) 1041 { 1042 struct run_softc *sc = arg; 1043 uint8_t i; 1044 1045 /* call cmdq[].func locked */ 1046 RUN_LOCK(sc); 1047 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending; 1048 i = sc->cmdq_exec, pending--) { 1049 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending); 1050 if (sc->cmdq_run == RUN_CMDQ_GO) { 1051 /* 1052 * If arg0 is NULL, callback func needs more 1053 * than one arg. So, pass ptr to cmdq struct. 1054 */ 1055 if (sc->cmdq[i].arg0) 1056 sc->cmdq[i].func(sc->cmdq[i].arg0); 1057 else 1058 sc->cmdq[i].func(&sc->cmdq[i]); 1059 } 1060 sc->cmdq[i].arg0 = NULL; 1061 sc->cmdq[i].func = NULL; 1062 sc->cmdq_exec++; 1063 sc->cmdq_exec &= RUN_CMDQ_MASQ; 1064 } 1065 RUN_UNLOCK(sc); 1066 } 1067 1068 static void 1069 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1070 { 1071 struct run_tx_data *data; 1072 1073 memset(pq, 0, sizeof(*pq)); 1074 1075 STAILQ_INIT(&pq->tx_qh); 1076 STAILQ_INIT(&pq->tx_fh); 1077 1078 for (data = &pq->tx_data[0]; 1079 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1080 data->sc = sc; 1081 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 1082 } 1083 pq->tx_nfree = RUN_TX_RING_COUNT; 1084 } 1085 1086 static void 1087 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq) 1088 { 1089 struct run_tx_data *data; 1090 1091 /* make sure any subsequent use of the queues will fail */ 1092 pq->tx_nfree = 0; 1093 STAILQ_INIT(&pq->tx_fh); 1094 STAILQ_INIT(&pq->tx_qh); 1095 1096 /* free up all node references and mbufs */ 1097 for (data = &pq->tx_data[0]; 1098 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) { 1099 if (data->m != NULL) { 1100 m_freem(data->m); 1101 data->m = NULL; 1102 } 1103 if (data->ni != NULL) { 1104 ieee80211_free_node(data->ni); 1105 data->ni = NULL; 1106 } 1107 } 1108 } 1109 1110 static int 1111 run_load_microcode(struct run_softc *sc) 1112 { 1113 usb_device_request_t req; 1114 const struct firmware *fw; 1115 const u_char *base; 1116 uint32_t tmp; 1117 int ntries, error; 1118 const uint64_t *temp; 1119 uint64_t bytes; 1120 1121 RUN_UNLOCK(sc); 1122 fw = firmware_get("runfw"); 1123 RUN_LOCK(sc); 1124 if (fw == NULL) { 1125 device_printf(sc->sc_dev, 1126 "failed loadfirmware of file %s\n", "runfw"); 1127 return ENOENT; 1128 } 1129 1130 if (fw->datasize != 8192) { 1131 device_printf(sc->sc_dev, 1132 "invalid firmware size (should be 8KB)\n"); 1133 error = EINVAL; 1134 goto fail; 1135 } 1136 1137 /* 1138 * RT3071/RT3072 use a different firmware 1139 * run-rt2870 (8KB) contains both, 1140 * first half (4KB) is for rt2870, 1141 * last half is for rt3071. 1142 */ 1143 base = fw->data; 1144 if ((sc->mac_ver) != 0x2860 && 1145 (sc->mac_ver) != 0x2872 && 1146 (sc->mac_ver) != 0x3070) { 1147 base += 4096; 1148 } 1149 1150 /* cheap sanity check */ 1151 temp = fw->data; 1152 bytes = *temp; 1153 if (bytes != be64toh(0xffffff0210280210ULL)) { 1154 device_printf(sc->sc_dev, "firmware checksum failed\n"); 1155 error = EINVAL; 1156 goto fail; 1157 } 1158 1159 /* write microcode image */ 1160 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) { 1161 run_write_region_1(sc, RT2870_FW_BASE, base, 4096); 1162 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff); 1163 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff); 1164 } 1165 1166 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1167 req.bRequest = RT2870_RESET; 1168 USETW(req.wValue, 8); 1169 USETW(req.wIndex, 0); 1170 USETW(req.wLength, 0); 1171 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) 1172 != 0) { 1173 device_printf(sc->sc_dev, "firmware reset failed\n"); 1174 goto fail; 1175 } 1176 1177 run_delay(sc, 10); 1178 1179 run_write(sc, RT2860_H2M_BBPAGENT, 0); 1180 run_write(sc, RT2860_H2M_MAILBOX, 0); 1181 run_write(sc, RT2860_H2M_INTSRC, 0); 1182 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0) 1183 goto fail; 1184 1185 /* wait until microcontroller is ready */ 1186 for (ntries = 0; ntries < 1000; ntries++) { 1187 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) 1188 goto fail; 1189 if (tmp & RT2860_MCU_READY) 1190 break; 1191 run_delay(sc, 10); 1192 } 1193 if (ntries == 1000) { 1194 device_printf(sc->sc_dev, 1195 "timeout waiting for MCU to initialize\n"); 1196 error = ETIMEDOUT; 1197 goto fail; 1198 } 1199 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n", 1200 (base == fw->data) ? "RT2870" : "RT3071", 1201 *(base + 4092), *(base + 4093)); 1202 1203 fail: 1204 firmware_put(fw, FIRMWARE_UNLOAD); 1205 return (error); 1206 } 1207 1208 static int 1209 run_reset(struct run_softc *sc) 1210 { 1211 usb_device_request_t req; 1212 1213 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1214 req.bRequest = RT2870_RESET; 1215 USETW(req.wValue, 1); 1216 USETW(req.wIndex, 0); 1217 USETW(req.wLength, 0); 1218 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)); 1219 } 1220 1221 static usb_error_t 1222 run_do_request(struct run_softc *sc, 1223 struct usb_device_request *req, void *data) 1224 { 1225 usb_error_t err; 1226 int ntries = 10; 1227 1228 RUN_LOCK_ASSERT(sc, MA_OWNED); 1229 1230 while (ntries--) { 1231 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, 1232 req, data, 0, NULL, 250 /* ms */); 1233 if (err == 0) 1234 break; 1235 DPRINTFN(1, "Control request failed, %s (retrying)\n", 1236 usbd_errstr(err)); 1237 run_delay(sc, 10); 1238 } 1239 return (err); 1240 } 1241 1242 static int 1243 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val) 1244 { 1245 uint32_t tmp; 1246 int error; 1247 1248 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp); 1249 if (error == 0) 1250 *val = le32toh(tmp); 1251 else 1252 *val = 0xffffffff; 1253 return (error); 1254 } 1255 1256 static int 1257 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len) 1258 { 1259 usb_device_request_t req; 1260 1261 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1262 req.bRequest = RT2870_READ_REGION_1; 1263 USETW(req.wValue, 0); 1264 USETW(req.wIndex, reg); 1265 USETW(req.wLength, len); 1266 1267 return (run_do_request(sc, &req, buf)); 1268 } 1269 1270 static int 1271 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val) 1272 { 1273 usb_device_request_t req; 1274 1275 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1276 req.bRequest = RT2870_WRITE_2; 1277 USETW(req.wValue, val); 1278 USETW(req.wIndex, reg); 1279 USETW(req.wLength, 0); 1280 1281 return (run_do_request(sc, &req, NULL)); 1282 } 1283 1284 static int 1285 run_write(struct run_softc *sc, uint16_t reg, uint32_t val) 1286 { 1287 int error; 1288 1289 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0) 1290 error = run_write_2(sc, reg + 2, val >> 16); 1291 return (error); 1292 } 1293 1294 static int 1295 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf, 1296 int len) 1297 { 1298 #if 1 1299 int i, error = 0; 1300 /* 1301 * NB: the WRITE_REGION_1 command is not stable on RT2860. 1302 * We thus issue multiple WRITE_2 commands instead. 1303 */ 1304 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n")); 1305 for (i = 0; i < len && error == 0; i += 2) 1306 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8); 1307 return (error); 1308 #else 1309 usb_device_request_t req; 1310 int error = 0; 1311 1312 /* 1313 * NOTE: It appears the WRITE_REGION_1 command cannot be 1314 * passed a huge amount of data, which will crash the 1315 * firmware. Limit amount of data passed to 64-bytes at a 1316 * time. 1317 */ 1318 while (len > 0) { 1319 int delta = 64; 1320 if (delta > len) 1321 delta = len; 1322 1323 req.bmRequestType = UT_WRITE_VENDOR_DEVICE; 1324 req.bRequest = RT2870_WRITE_REGION_1; 1325 USETW(req.wValue, 0); 1326 USETW(req.wIndex, reg); 1327 USETW(req.wLength, delta); 1328 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf)); 1329 if (error != 0) 1330 break; 1331 reg += delta; 1332 buf += delta; 1333 len -= delta; 1334 } 1335 return (error); 1336 #endif 1337 } 1338 1339 static int 1340 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len) 1341 { 1342 int i, error = 0; 1343 1344 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n")); 1345 for (i = 0; i < len && error == 0; i += 4) 1346 error = run_write(sc, reg + i, val); 1347 return (error); 1348 } 1349 1350 static int 1351 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count) 1352 { 1353 uint32_t tmp; 1354 uint16_t reg; 1355 int error, ntries; 1356 1357 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1358 return (error); 1359 1360 if (count == 2) 1361 addr *= 2; 1362 /*- 1363 * Read one 16-byte block into registers EFUSE_DATA[0-3]: 1364 * DATA0: F E D C 1365 * DATA1: B A 9 8 1366 * DATA2: 7 6 5 4 1367 * DATA3: 3 2 1 0 1368 */ 1369 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK); 1370 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK; 1371 run_write(sc, RT3070_EFUSE_CTRL, tmp); 1372 for (ntries = 0; ntries < 100; ntries++) { 1373 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0) 1374 return (error); 1375 if (!(tmp & RT3070_EFSROM_KICK)) 1376 break; 1377 run_delay(sc, 2); 1378 } 1379 if (ntries == 100) 1380 return (ETIMEDOUT); 1381 1382 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) { 1383 *val = 0xffff; /* address not found */ 1384 return (0); 1385 } 1386 /* determine to which 32-bit register our 16-bit word belongs */ 1387 reg = RT3070_EFUSE_DATA3 - (addr & 0xc); 1388 if ((error = run_read(sc, reg, &tmp)) != 0) 1389 return (error); 1390 1391 tmp >>= (8 * (addr & 0x3)); 1392 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff; 1393 1394 return (0); 1395 } 1396 1397 /* Read 16-bit from eFUSE ROM for RT3xxx. */ 1398 static int 1399 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1400 { 1401 return (run_efuse_read(sc, addr, val, 2)); 1402 } 1403 1404 static int 1405 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val) 1406 { 1407 usb_device_request_t req; 1408 uint16_t tmp; 1409 int error; 1410 1411 addr *= 2; 1412 req.bmRequestType = UT_READ_VENDOR_DEVICE; 1413 req.bRequest = RT2870_EEPROM_READ; 1414 USETW(req.wValue, 0); 1415 USETW(req.wIndex, addr); 1416 USETW(req.wLength, sizeof(tmp)); 1417 1418 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp); 1419 if (error == 0) 1420 *val = le16toh(tmp); 1421 else 1422 *val = 0xffff; 1423 return (error); 1424 } 1425 1426 static __inline int 1427 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val) 1428 { 1429 /* either eFUSE ROM or EEPROM */ 1430 return sc->sc_srom_read(sc, addr, val); 1431 } 1432 1433 static int 1434 run_rt2870_rf_write(struct run_softc *sc, uint32_t val) 1435 { 1436 uint32_t tmp; 1437 int error, ntries; 1438 1439 for (ntries = 0; ntries < 10; ntries++) { 1440 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0) 1441 return (error); 1442 if (!(tmp & RT2860_RF_REG_CTRL)) 1443 break; 1444 } 1445 if (ntries == 10) 1446 return (ETIMEDOUT); 1447 1448 return (run_write(sc, RT2860_RF_CSR_CFG0, val)); 1449 } 1450 1451 static int 1452 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1453 { 1454 uint32_t tmp; 1455 int error, ntries; 1456 1457 for (ntries = 0; ntries < 100; ntries++) { 1458 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1459 return (error); 1460 if (!(tmp & RT3070_RF_KICK)) 1461 break; 1462 } 1463 if (ntries == 100) 1464 return (ETIMEDOUT); 1465 1466 tmp = RT3070_RF_KICK | reg << 8; 1467 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0) 1468 return (error); 1469 1470 for (ntries = 0; ntries < 100; ntries++) { 1471 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1472 return (error); 1473 if (!(tmp & RT3070_RF_KICK)) 1474 break; 1475 } 1476 if (ntries == 100) 1477 return (ETIMEDOUT); 1478 1479 *val = tmp & 0xff; 1480 return (0); 1481 } 1482 1483 static int 1484 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1485 { 1486 uint32_t tmp; 1487 int error, ntries; 1488 1489 for (ntries = 0; ntries < 10; ntries++) { 1490 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0) 1491 return (error); 1492 if (!(tmp & RT3070_RF_KICK)) 1493 break; 1494 } 1495 if (ntries == 10) 1496 return (ETIMEDOUT); 1497 1498 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val; 1499 return (run_write(sc, RT3070_RF_CSR_CFG, tmp)); 1500 } 1501 1502 static int 1503 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val) 1504 { 1505 uint32_t tmp; 1506 int ntries, error; 1507 1508 for (ntries = 0; ntries < 10; ntries++) { 1509 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1510 return (error); 1511 if (!(tmp & RT2860_BBP_CSR_KICK)) 1512 break; 1513 } 1514 if (ntries == 10) 1515 return (ETIMEDOUT); 1516 1517 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8; 1518 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0) 1519 return (error); 1520 1521 for (ntries = 0; ntries < 10; ntries++) { 1522 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1523 return (error); 1524 if (!(tmp & RT2860_BBP_CSR_KICK)) 1525 break; 1526 } 1527 if (ntries == 10) 1528 return (ETIMEDOUT); 1529 1530 *val = tmp & 0xff; 1531 return (0); 1532 } 1533 1534 static int 1535 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val) 1536 { 1537 uint32_t tmp; 1538 int ntries, error; 1539 1540 for (ntries = 0; ntries < 10; ntries++) { 1541 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0) 1542 return (error); 1543 if (!(tmp & RT2860_BBP_CSR_KICK)) 1544 break; 1545 } 1546 if (ntries == 10) 1547 return (ETIMEDOUT); 1548 1549 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val; 1550 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp)); 1551 } 1552 1553 /* 1554 * Send a command to the 8051 microcontroller unit. 1555 */ 1556 static int 1557 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg) 1558 { 1559 uint32_t tmp; 1560 int error, ntries; 1561 1562 for (ntries = 0; ntries < 100; ntries++) { 1563 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0) 1564 return error; 1565 if (!(tmp & RT2860_H2M_BUSY)) 1566 break; 1567 } 1568 if (ntries == 100) 1569 return ETIMEDOUT; 1570 1571 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg; 1572 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0) 1573 error = run_write(sc, RT2860_HOST_CMD, cmd); 1574 return (error); 1575 } 1576 1577 /* 1578 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word. 1579 * Used to adjust per-rate Tx power registers. 1580 */ 1581 static __inline uint32_t 1582 b4inc(uint32_t b32, int8_t delta) 1583 { 1584 int8_t i, b4; 1585 1586 for (i = 0; i < 8; i++) { 1587 b4 = b32 & 0xf; 1588 b4 += delta; 1589 if (b4 < 0) 1590 b4 = 0; 1591 else if (b4 > 0xf) 1592 b4 = 0xf; 1593 b32 = b32 >> 4 | b4 << 28; 1594 } 1595 return (b32); 1596 } 1597 1598 static const char * 1599 run_get_rf(uint16_t rev) 1600 { 1601 switch (rev) { 1602 case RT2860_RF_2820: return "RT2820"; 1603 case RT2860_RF_2850: return "RT2850"; 1604 case RT2860_RF_2720: return "RT2720"; 1605 case RT2860_RF_2750: return "RT2750"; 1606 case RT3070_RF_3020: return "RT3020"; 1607 case RT3070_RF_2020: return "RT2020"; 1608 case RT3070_RF_3021: return "RT3021"; 1609 case RT3070_RF_3022: return "RT3022"; 1610 case RT3070_RF_3052: return "RT3052"; 1611 case RT3593_RF_3053: return "RT3053"; 1612 case RT5592_RF_5592: return "RT5592"; 1613 case RT5390_RF_5370: return "RT5370"; 1614 case RT5390_RF_5372: return "RT5372"; 1615 } 1616 return ("unknown"); 1617 } 1618 1619 static void 1620 run_rt3593_get_txpower(struct run_softc *sc) 1621 { 1622 uint16_t addr, val; 1623 int i; 1624 1625 /* Read power settings for 2GHz channels. */ 1626 for (i = 0; i < 14; i += 2) { 1627 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 : 1628 RT2860_EEPROM_PWR2GHZ_BASE1; 1629 run_srom_read(sc, addr + i / 2, &val); 1630 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1631 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1632 1633 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 : 1634 RT2860_EEPROM_PWR2GHZ_BASE2; 1635 run_srom_read(sc, addr + i / 2, &val); 1636 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1637 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1638 1639 if (sc->ntxchains == 3) { 1640 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2, 1641 &val); 1642 sc->txpow3[i + 0] = (int8_t)(val & 0xff); 1643 sc->txpow3[i + 1] = (int8_t)(val >> 8); 1644 } 1645 } 1646 /* Fix broken Tx power entries. */ 1647 for (i = 0; i < 14; i++) { 1648 if (sc->txpow1[i] > 31) 1649 sc->txpow1[i] = 5; 1650 if (sc->txpow2[i] > 31) 1651 sc->txpow2[i] = 5; 1652 if (sc->ntxchains == 3) { 1653 if (sc->txpow3[i] > 31) 1654 sc->txpow3[i] = 5; 1655 } 1656 } 1657 /* Read power settings for 5GHz channels. */ 1658 for (i = 0; i < 40; i += 2) { 1659 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1660 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1661 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1662 1663 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1664 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1665 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1666 1667 if (sc->ntxchains == 3) { 1668 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2, 1669 &val); 1670 sc->txpow3[i + 14] = (int8_t)(val & 0xff); 1671 sc->txpow3[i + 15] = (int8_t)(val >> 8); 1672 } 1673 } 1674 } 1675 1676 static void 1677 run_get_txpower(struct run_softc *sc) 1678 { 1679 uint16_t val; 1680 int i; 1681 1682 /* Read power settings for 2GHz channels. */ 1683 for (i = 0; i < 14; i += 2) { 1684 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val); 1685 sc->txpow1[i + 0] = (int8_t)(val & 0xff); 1686 sc->txpow1[i + 1] = (int8_t)(val >> 8); 1687 1688 if (sc->mac_ver != 0x5390) { 1689 run_srom_read(sc, 1690 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val); 1691 sc->txpow2[i + 0] = (int8_t)(val & 0xff); 1692 sc->txpow2[i + 1] = (int8_t)(val >> 8); 1693 } 1694 } 1695 /* Fix broken Tx power entries. */ 1696 for (i = 0; i < 14; i++) { 1697 if (sc->mac_ver >= 0x5390) { 1698 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 27) 1699 sc->txpow1[i] = 5; 1700 } else { 1701 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31) 1702 sc->txpow1[i] = 5; 1703 } 1704 if (sc->mac_ver > 0x5390) { 1705 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 27) 1706 sc->txpow2[i] = 5; 1707 } else if (sc->mac_ver < 0x5390) { 1708 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31) 1709 sc->txpow2[i] = 5; 1710 } 1711 DPRINTF("chan %d: power1=%d, power2=%d\n", 1712 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]); 1713 } 1714 /* Read power settings for 5GHz channels. */ 1715 for (i = 0; i < 40; i += 2) { 1716 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val); 1717 sc->txpow1[i + 14] = (int8_t)(val & 0xff); 1718 sc->txpow1[i + 15] = (int8_t)(val >> 8); 1719 1720 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val); 1721 sc->txpow2[i + 14] = (int8_t)(val & 0xff); 1722 sc->txpow2[i + 15] = (int8_t)(val >> 8); 1723 } 1724 /* Fix broken Tx power entries. */ 1725 for (i = 0; i < 40; i++ ) { 1726 if (sc->mac_ver != 0x5592) { 1727 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15) 1728 sc->txpow1[14 + i] = 5; 1729 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15) 1730 sc->txpow2[14 + i] = 5; 1731 } 1732 DPRINTF("chan %d: power1=%d, power2=%d\n", 1733 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i], 1734 sc->txpow2[14 + i]); 1735 } 1736 } 1737 1738 static int 1739 run_read_eeprom(struct run_softc *sc) 1740 { 1741 int8_t delta_2ghz, delta_5ghz; 1742 uint32_t tmp; 1743 uint16_t val; 1744 int ridx, ant, i; 1745 1746 /* check whether the ROM is eFUSE ROM or EEPROM */ 1747 sc->sc_srom_read = run_eeprom_read_2; 1748 if (sc->mac_ver >= 0x3070) { 1749 run_read(sc, RT3070_EFUSE_CTRL, &tmp); 1750 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp); 1751 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593) 1752 sc->sc_srom_read = run_efuse_read_2; 1753 } 1754 1755 /* read ROM version */ 1756 run_srom_read(sc, RT2860_EEPROM_VERSION, &val); 1757 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8); 1758 1759 /* read MAC address */ 1760 run_srom_read(sc, RT2860_EEPROM_MAC01, &val); 1761 sc->sc_bssid[0] = val & 0xff; 1762 sc->sc_bssid[1] = val >> 8; 1763 run_srom_read(sc, RT2860_EEPROM_MAC23, &val); 1764 sc->sc_bssid[2] = val & 0xff; 1765 sc->sc_bssid[3] = val >> 8; 1766 run_srom_read(sc, RT2860_EEPROM_MAC45, &val); 1767 sc->sc_bssid[4] = val & 0xff; 1768 sc->sc_bssid[5] = val >> 8; 1769 1770 if (sc->mac_ver < 0x3593) { 1771 /* read vender BBP settings */ 1772 for (i = 0; i < 10; i++) { 1773 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val); 1774 sc->bbp[i].val = val & 0xff; 1775 sc->bbp[i].reg = val >> 8; 1776 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, 1777 sc->bbp[i].val); 1778 } 1779 if (sc->mac_ver >= 0x3071) { 1780 /* read vendor RF settings */ 1781 for (i = 0; i < 10; i++) { 1782 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, 1783 &val); 1784 sc->rf[i].val = val & 0xff; 1785 sc->rf[i].reg = val >> 8; 1786 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg, 1787 sc->rf[i].val); 1788 } 1789 } 1790 } 1791 1792 /* read RF frequency offset from EEPROM */ 1793 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1794 RT3593_EEPROM_FREQ, &val); 1795 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0; 1796 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff); 1797 1798 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS : 1799 RT3593_EEPROM_FREQ_LEDS, &val); 1800 if (val >> 8 != 0xff) { 1801 /* read LEDs operating mode */ 1802 sc->leds = val >> 8; 1803 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 : 1804 RT3593_EEPROM_LED1, &sc->led[0]); 1805 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 : 1806 RT3593_EEPROM_LED2, &sc->led[1]); 1807 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 : 1808 RT3593_EEPROM_LED3, &sc->led[2]); 1809 } else { 1810 /* broken EEPROM, use default settings */ 1811 sc->leds = 0x01; 1812 sc->led[0] = 0x5555; 1813 sc->led[1] = 0x2221; 1814 sc->led[2] = 0x5627; /* differs from RT2860 */ 1815 } 1816 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n", 1817 sc->leds, sc->led[0], sc->led[1], sc->led[2]); 1818 1819 /* read RF information */ 1820 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) 1821 run_srom_read(sc, 0x00, &val); 1822 else 1823 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1824 1825 if (val == 0xffff) { 1826 device_printf(sc->sc_dev, 1827 "invalid EEPROM antenna info, using default\n"); 1828 DPRINTF("invalid EEPROM antenna info, using default\n"); 1829 if (sc->mac_ver == 0x3572) { 1830 /* default to RF3052 2T2R */ 1831 sc->rf_rev = RT3070_RF_3052; 1832 sc->ntxchains = 2; 1833 sc->nrxchains = 2; 1834 } else if (sc->mac_ver >= 0x3070) { 1835 /* default to RF3020 1T1R */ 1836 sc->rf_rev = RT3070_RF_3020; 1837 sc->ntxchains = 1; 1838 sc->nrxchains = 1; 1839 } else { 1840 /* default to RF2820 1T2R */ 1841 sc->rf_rev = RT2860_RF_2820; 1842 sc->ntxchains = 1; 1843 sc->nrxchains = 2; 1844 } 1845 } else { 1846 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) { 1847 sc->rf_rev = val; 1848 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val); 1849 } else 1850 sc->rf_rev = (val >> 8) & 0xf; 1851 sc->ntxchains = (val >> 4) & 0xf; 1852 sc->nrxchains = val & 0xf; 1853 } 1854 DPRINTF("EEPROM RF rev=0x%04x chains=%dT%dR\n", 1855 sc->rf_rev, sc->ntxchains, sc->nrxchains); 1856 1857 /* check if RF supports automatic Tx access gain control */ 1858 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val); 1859 DPRINTF("EEPROM CFG 0x%04x\n", val); 1860 /* check if driver should patch the DAC issue */ 1861 if ((val >> 8) != 0xff) 1862 sc->patch_dac = (val >> 15) & 1; 1863 if ((val & 0xff) != 0xff) { 1864 sc->ext_5ghz_lna = (val >> 3) & 1; 1865 sc->ext_2ghz_lna = (val >> 2) & 1; 1866 /* check if RF supports automatic Tx access gain control */ 1867 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1; 1868 /* check if we have a hardware radio switch */ 1869 sc->rfswitch = val & 1; 1870 } 1871 1872 /* Read Tx power settings. */ 1873 if (sc->mac_ver == 0x3593) 1874 run_rt3593_get_txpower(sc); 1875 else 1876 run_get_txpower(sc); 1877 1878 /* read Tx power compensation for each Tx rate */ 1879 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val); 1880 delta_2ghz = delta_5ghz = 0; 1881 if ((val & 0xff) != 0xff && (val & 0x80)) { 1882 delta_2ghz = val & 0xf; 1883 if (!(val & 0x40)) /* negative number */ 1884 delta_2ghz = -delta_2ghz; 1885 } 1886 val >>= 8; 1887 if ((val & 0xff) != 0xff && (val & 0x80)) { 1888 delta_5ghz = val & 0xf; 1889 if (!(val & 0x40)) /* negative number */ 1890 delta_5ghz = -delta_5ghz; 1891 } 1892 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n", 1893 delta_2ghz, delta_5ghz); 1894 1895 for (ridx = 0; ridx < 5; ridx++) { 1896 uint32_t reg; 1897 1898 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val); 1899 reg = val; 1900 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val); 1901 reg |= (uint32_t)val << 16; 1902 1903 sc->txpow20mhz[ridx] = reg; 1904 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz); 1905 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz); 1906 1907 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, " 1908 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx], 1909 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]); 1910 } 1911 1912 /* Read RSSI offsets and LNA gains from EEPROM. */ 1913 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ : 1914 RT3593_EEPROM_RSSI1_2GHZ, &val); 1915 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */ 1916 sc->rssi_2ghz[1] = val >> 8; /* Ant B */ 1917 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ : 1918 RT3593_EEPROM_RSSI2_2GHZ, &val); 1919 if (sc->mac_ver >= 0x3070) { 1920 if (sc->mac_ver == 0x3593) { 1921 sc->txmixgain_2ghz = 0; 1922 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1923 } else { 1924 /* 1925 * On RT3070 chips (limited to 2 Rx chains), this ROM 1926 * field contains the Tx mixer gain for the 2GHz band. 1927 */ 1928 if ((val & 0xff) != 0xff) 1929 sc->txmixgain_2ghz = val & 0x7; 1930 } 1931 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz); 1932 } else 1933 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */ 1934 if (sc->mac_ver == 0x3593) 1935 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1936 sc->lna[2] = val >> 8; /* channel group 2 */ 1937 1938 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ : 1939 RT3593_EEPROM_RSSI1_5GHZ, &val); 1940 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */ 1941 sc->rssi_5ghz[1] = val >> 8; /* Ant B */ 1942 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ : 1943 RT3593_EEPROM_RSSI2_5GHZ, &val); 1944 if (sc->mac_ver == 0x3572) { 1945 /* 1946 * On RT3572 chips (limited to 2 Rx chains), this ROM 1947 * field contains the Tx mixer gain for the 5GHz band. 1948 */ 1949 if ((val & 0xff) != 0xff) 1950 sc->txmixgain_5ghz = val & 0x7; 1951 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz); 1952 } else 1953 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */ 1954 if (sc->mac_ver == 0x3593) { 1955 sc->txmixgain_5ghz = 0; 1956 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val); 1957 } 1958 sc->lna[3] = val >> 8; /* channel group 3 */ 1959 1960 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA : 1961 RT3593_EEPROM_LNA, &val); 1962 sc->lna[0] = val & 0xff; /* channel group 0 */ 1963 sc->lna[1] = val >> 8; /* channel group 1 */ 1964 1965 /* fix broken 5GHz LNA entries */ 1966 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) { 1967 DPRINTF("invalid LNA for channel group %d\n", 2); 1968 sc->lna[2] = sc->lna[1]; 1969 } 1970 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) { 1971 DPRINTF("invalid LNA for channel group %d\n", 3); 1972 sc->lna[3] = sc->lna[1]; 1973 } 1974 1975 /* fix broken RSSI offset entries */ 1976 for (ant = 0; ant < 3; ant++) { 1977 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) { 1978 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n", 1979 ant + 1, sc->rssi_2ghz[ant]); 1980 sc->rssi_2ghz[ant] = 0; 1981 } 1982 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) { 1983 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n", 1984 ant + 1, sc->rssi_5ghz[ant]); 1985 sc->rssi_5ghz[ant] = 0; 1986 } 1987 } 1988 return (0); 1989 } 1990 1991 static struct ieee80211_node * 1992 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 1993 { 1994 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO); 1995 } 1996 1997 static int 1998 run_media_change(struct ifnet *ifp) 1999 { 2000 struct ieee80211vap *vap = ifp->if_softc; 2001 struct ieee80211com *ic = vap->iv_ic; 2002 const struct ieee80211_txparam *tp; 2003 struct run_softc *sc = ic->ic_ifp->if_softc; 2004 uint8_t rate, ridx; 2005 int error; 2006 2007 RUN_LOCK(sc); 2008 2009 error = ieee80211_media_change(ifp); 2010 if (error != ENETRESET) { 2011 RUN_UNLOCK(sc); 2012 return (error); 2013 } 2014 2015 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2016 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) { 2017 struct ieee80211_node *ni; 2018 struct run_node *rn; 2019 2020 rate = ic->ic_sup_rates[ic->ic_curmode]. 2021 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL; 2022 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2023 if (rt2860_rates[ridx].rate == rate) 2024 break; 2025 ni = ieee80211_ref_node(vap->iv_bss); 2026 rn = (struct run_node *)ni; 2027 rn->fix_ridx = ridx; 2028 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx); 2029 ieee80211_free_node(ni); 2030 } 2031 2032 #if 0 2033 if ((ifp->if_flags & IFF_UP) && 2034 (ifp->if_drv_flags & IFF_DRV_RUNNING)){ 2035 run_init_locked(sc); 2036 } 2037 #endif 2038 2039 RUN_UNLOCK(sc); 2040 2041 return (0); 2042 } 2043 2044 static int 2045 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) 2046 { 2047 const struct ieee80211_txparam *tp; 2048 struct ieee80211com *ic = vap->iv_ic; 2049 struct run_softc *sc = ic->ic_ifp->if_softc; 2050 struct run_vap *rvp = RUN_VAP(vap); 2051 enum ieee80211_state ostate; 2052 uint32_t sta[3]; 2053 uint32_t tmp; 2054 uint8_t ratectl; 2055 uint8_t restart_ratectl = 0; 2056 uint8_t bid = 1 << rvp->rvp_id; 2057 2058 ostate = vap->iv_state; 2059 DPRINTF("%s -> %s\n", 2060 ieee80211_state_name[ostate], 2061 ieee80211_state_name[nstate]); 2062 2063 IEEE80211_UNLOCK(ic); 2064 RUN_LOCK(sc); 2065 2066 ratectl = sc->ratectl_run; /* remember current state */ 2067 sc->ratectl_run = RUN_RATECTL_OFF; 2068 usb_callout_stop(&sc->ratectl_ch); 2069 2070 if (ostate == IEEE80211_S_RUN) { 2071 /* turn link LED off */ 2072 run_set_leds(sc, RT2860_LED_RADIO); 2073 } 2074 2075 switch (nstate) { 2076 case IEEE80211_S_INIT: 2077 restart_ratectl = 1; 2078 2079 if (ostate != IEEE80211_S_RUN) 2080 break; 2081 2082 ratectl &= ~bid; 2083 sc->runbmap &= ~bid; 2084 2085 /* abort TSF synchronization if there is no vap running */ 2086 if (--sc->running == 0) { 2087 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 2088 run_write(sc, RT2860_BCN_TIME_CFG, 2089 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 2090 RT2860_TBTT_TIMER_EN)); 2091 } 2092 break; 2093 2094 case IEEE80211_S_RUN: 2095 if (!(sc->runbmap & bid)) { 2096 if(sc->running++) 2097 restart_ratectl = 1; 2098 sc->runbmap |= bid; 2099 } 2100 2101 m_freem(rvp->beacon_mbuf); 2102 rvp->beacon_mbuf = NULL; 2103 2104 switch (vap->iv_opmode) { 2105 case IEEE80211_M_HOSTAP: 2106 case IEEE80211_M_MBSS: 2107 sc->ap_running |= bid; 2108 ic->ic_opmode = vap->iv_opmode; 2109 run_update_beacon_cb(vap); 2110 break; 2111 case IEEE80211_M_IBSS: 2112 sc->adhoc_running |= bid; 2113 if (!sc->ap_running) 2114 ic->ic_opmode = vap->iv_opmode; 2115 run_update_beacon_cb(vap); 2116 break; 2117 case IEEE80211_M_STA: 2118 sc->sta_running |= bid; 2119 if (!sc->ap_running && !sc->adhoc_running) 2120 ic->ic_opmode = vap->iv_opmode; 2121 2122 /* read statistic counters (clear on read) */ 2123 run_read_region_1(sc, RT2860_TX_STA_CNT0, 2124 (uint8_t *)sta, sizeof sta); 2125 2126 break; 2127 default: 2128 ic->ic_opmode = vap->iv_opmode; 2129 break; 2130 } 2131 2132 if (vap->iv_opmode != IEEE80211_M_MONITOR) { 2133 struct ieee80211_node *ni; 2134 2135 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) { 2136 RUN_UNLOCK(sc); 2137 IEEE80211_LOCK(ic); 2138 return (-1); 2139 } 2140 run_updateslot(ic->ic_ifp); 2141 run_enable_mrr(sc); 2142 run_set_txpreamble(sc); 2143 run_set_basicrates(sc); 2144 ni = ieee80211_ref_node(vap->iv_bss); 2145 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid); 2146 run_set_bssid(sc, ni->ni_bssid); 2147 ieee80211_free_node(ni); 2148 run_enable_tsf_sync(sc); 2149 2150 /* enable automatic rate adaptation */ 2151 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2152 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE) 2153 ratectl |= bid; 2154 } 2155 2156 /* turn link LED on */ 2157 run_set_leds(sc, RT2860_LED_RADIO | 2158 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ? 2159 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ)); 2160 2161 break; 2162 default: 2163 DPRINTFN(6, "undefined case\n"); 2164 break; 2165 } 2166 2167 /* restart amrr for running VAPs */ 2168 if ((sc->ratectl_run = ratectl) && restart_ratectl) 2169 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2170 2171 RUN_UNLOCK(sc); 2172 IEEE80211_LOCK(ic); 2173 2174 return(rvp->newstate(vap, nstate, arg)); 2175 } 2176 2177 /* ARGSUSED */ 2178 static void 2179 run_wme_update_cb(void *arg) 2180 { 2181 struct ieee80211com *ic = arg; 2182 struct run_softc *sc = ic->ic_ifp->if_softc; 2183 struct ieee80211_wme_state *wmesp = &ic->ic_wme; 2184 int aci, error = 0; 2185 2186 RUN_LOCK_ASSERT(sc, MA_OWNED); 2187 2188 /* update MAC TX configuration registers */ 2189 for (aci = 0; aci < WME_NUM_AC; aci++) { 2190 error = run_write(sc, RT2860_EDCA_AC_CFG(aci), 2191 wmesp->wme_params[aci].wmep_logcwmax << 16 | 2192 wmesp->wme_params[aci].wmep_logcwmin << 12 | 2193 wmesp->wme_params[aci].wmep_aifsn << 8 | 2194 wmesp->wme_params[aci].wmep_txopLimit); 2195 if (error) goto err; 2196 } 2197 2198 /* update SCH/DMA registers too */ 2199 error = run_write(sc, RT2860_WMM_AIFSN_CFG, 2200 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 | 2201 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 | 2202 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 | 2203 wmesp->wme_params[WME_AC_BE].wmep_aifsn); 2204 if (error) goto err; 2205 error = run_write(sc, RT2860_WMM_CWMIN_CFG, 2206 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 | 2207 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 | 2208 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 | 2209 wmesp->wme_params[WME_AC_BE].wmep_logcwmin); 2210 if (error) goto err; 2211 error = run_write(sc, RT2860_WMM_CWMAX_CFG, 2212 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 | 2213 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 | 2214 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 | 2215 wmesp->wme_params[WME_AC_BE].wmep_logcwmax); 2216 if (error) goto err; 2217 error = run_write(sc, RT2860_WMM_TXOP0_CFG, 2218 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 | 2219 wmesp->wme_params[WME_AC_BE].wmep_txopLimit); 2220 if (error) goto err; 2221 error = run_write(sc, RT2860_WMM_TXOP1_CFG, 2222 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 | 2223 wmesp->wme_params[WME_AC_VI].wmep_txopLimit); 2224 2225 err: 2226 if (error) 2227 DPRINTF("WME update failed\n"); 2228 2229 return; 2230 } 2231 2232 static int 2233 run_wme_update(struct ieee80211com *ic) 2234 { 2235 struct run_softc *sc = ic->ic_ifp->if_softc; 2236 2237 /* sometime called wothout lock */ 2238 if (mtx_owned(&ic->ic_comlock.mtx)) { 2239 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 2240 DPRINTF("cmdq_store=%d\n", i); 2241 sc->cmdq[i].func = run_wme_update_cb; 2242 sc->cmdq[i].arg0 = ic; 2243 ieee80211_runtask(ic, &sc->cmdq_task); 2244 return (0); 2245 } 2246 2247 RUN_LOCK(sc); 2248 run_wme_update_cb(ic); 2249 RUN_UNLOCK(sc); 2250 2251 /* return whatever, upper layer desn't care anyway */ 2252 return (0); 2253 } 2254 2255 static void 2256 run_key_update_begin(struct ieee80211vap *vap) 2257 { 2258 /* 2259 * To avoid out-of-order events, both run_key_set() and 2260 * _delete() are deferred and handled by run_cmdq_cb(). 2261 * So, there is nothing we need to do here. 2262 */ 2263 } 2264 2265 static void 2266 run_key_update_end(struct ieee80211vap *vap) 2267 { 2268 /* null */ 2269 } 2270 2271 static void 2272 run_key_set_cb(void *arg) 2273 { 2274 struct run_cmdq *cmdq = arg; 2275 struct ieee80211vap *vap = cmdq->arg1; 2276 struct ieee80211_key *k = cmdq->k; 2277 struct ieee80211com *ic = vap->iv_ic; 2278 struct run_softc *sc = ic->ic_ifp->if_softc; 2279 struct ieee80211_node *ni; 2280 uint32_t attr; 2281 uint16_t base, associd; 2282 uint8_t mode, wcid, iv[8]; 2283 2284 RUN_LOCK_ASSERT(sc, MA_OWNED); 2285 2286 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2287 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac); 2288 else 2289 ni = vap->iv_bss; 2290 associd = (ni != NULL) ? ni->ni_associd : 0; 2291 2292 /* map net80211 cipher to RT2860 security mode */ 2293 switch (k->wk_cipher->ic_cipher) { 2294 case IEEE80211_CIPHER_WEP: 2295 if(k->wk_keylen < 8) 2296 mode = RT2860_MODE_WEP40; 2297 else 2298 mode = RT2860_MODE_WEP104; 2299 break; 2300 case IEEE80211_CIPHER_TKIP: 2301 mode = RT2860_MODE_TKIP; 2302 break; 2303 case IEEE80211_CIPHER_AES_CCM: 2304 mode = RT2860_MODE_AES_CCMP; 2305 break; 2306 default: 2307 DPRINTF("undefined case\n"); 2308 return; 2309 } 2310 2311 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n", 2312 associd, k->wk_keyix, mode, 2313 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise", 2314 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off", 2315 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off"); 2316 2317 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2318 wcid = 0; /* NB: update WCID0 for group keys */ 2319 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix); 2320 } else { 2321 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2322 1 : RUN_AID2WCID(associd); 2323 base = RT2860_PKEY(wcid); 2324 } 2325 2326 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2327 if(run_write_region_1(sc, base, k->wk_key, 16)) 2328 return; 2329 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */ 2330 return; 2331 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */ 2332 return; 2333 } else { 2334 /* roundup len to 16-bit: XXX fix write_region_1() instead */ 2335 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1)) 2336 return; 2337 } 2338 2339 if (!(k->wk_flags & IEEE80211_KEY_GROUP) || 2340 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) { 2341 /* set initial packet number in IV+EIV */ 2342 if (k->wk_cipher == IEEE80211_CIPHER_WEP) { 2343 memset(iv, 0, sizeof iv); 2344 iv[3] = vap->iv_def_txkey << 6; 2345 } else { 2346 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) { 2347 iv[0] = k->wk_keytsc >> 8; 2348 iv[1] = (iv[0] | 0x20) & 0x7f; 2349 iv[2] = k->wk_keytsc; 2350 } else /* CCMP */ { 2351 iv[0] = k->wk_keytsc; 2352 iv[1] = k->wk_keytsc >> 8; 2353 iv[2] = 0; 2354 } 2355 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV; 2356 iv[4] = k->wk_keytsc >> 16; 2357 iv[5] = k->wk_keytsc >> 24; 2358 iv[6] = k->wk_keytsc >> 32; 2359 iv[7] = k->wk_keytsc >> 40; 2360 } 2361 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8)) 2362 return; 2363 } 2364 2365 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2366 /* install group key */ 2367 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr)) 2368 return; 2369 attr &= ~(0xf << (k->wk_keyix * 4)); 2370 attr |= mode << (k->wk_keyix * 4); 2371 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr)) 2372 return; 2373 } else { 2374 /* install pairwise key */ 2375 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr)) 2376 return; 2377 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN; 2378 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr)) 2379 return; 2380 } 2381 2382 /* TODO create a pass-thru key entry? */ 2383 2384 /* need wcid to delete the right key later */ 2385 k->wk_pad = wcid; 2386 } 2387 2388 /* 2389 * Don't have to be deferred, but in order to keep order of 2390 * execution, i.e. with run_key_delete(), defer this and let 2391 * run_cmdq_cb() maintain the order. 2392 * 2393 * return 0 on error 2394 */ 2395 static int 2396 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k, 2397 const uint8_t mac[IEEE80211_ADDR_LEN]) 2398 { 2399 struct ieee80211com *ic = vap->iv_ic; 2400 struct run_softc *sc = ic->ic_ifp->if_softc; 2401 uint32_t i; 2402 2403 i = RUN_CMDQ_GET(&sc->cmdq_store); 2404 DPRINTF("cmdq_store=%d\n", i); 2405 sc->cmdq[i].func = run_key_set_cb; 2406 sc->cmdq[i].arg0 = NULL; 2407 sc->cmdq[i].arg1 = vap; 2408 sc->cmdq[i].k = k; 2409 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac); 2410 ieee80211_runtask(ic, &sc->cmdq_task); 2411 2412 /* 2413 * To make sure key will be set when hostapd 2414 * calls iv_key_set() before if_init(). 2415 */ 2416 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 2417 RUN_LOCK(sc); 2418 sc->cmdq_key_set = RUN_CMDQ_GO; 2419 RUN_UNLOCK(sc); 2420 } 2421 2422 return (1); 2423 } 2424 2425 /* 2426 * If wlan is destroyed without being brought down i.e. without 2427 * wlan down or wpa_cli terminate, this function is called after 2428 * vap is gone. Don't refer it. 2429 */ 2430 static void 2431 run_key_delete_cb(void *arg) 2432 { 2433 struct run_cmdq *cmdq = arg; 2434 struct run_softc *sc = cmdq->arg1; 2435 struct ieee80211_key *k = &cmdq->key; 2436 uint32_t attr; 2437 uint8_t wcid; 2438 2439 RUN_LOCK_ASSERT(sc, MA_OWNED); 2440 2441 if (k->wk_flags & IEEE80211_KEY_GROUP) { 2442 /* remove group key */ 2443 DPRINTF("removing group key\n"); 2444 run_read(sc, RT2860_SKEY_MODE_0_7, &attr); 2445 attr &= ~(0xf << (k->wk_keyix * 4)); 2446 run_write(sc, RT2860_SKEY_MODE_0_7, attr); 2447 } else { 2448 /* remove pairwise key */ 2449 DPRINTF("removing key for wcid %x\n", k->wk_pad); 2450 /* matching wcid was written to wk_pad in run_key_set() */ 2451 wcid = k->wk_pad; 2452 run_read(sc, RT2860_WCID_ATTR(wcid), &attr); 2453 attr &= ~0xf; 2454 run_write(sc, RT2860_WCID_ATTR(wcid), attr); 2455 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8); 2456 } 2457 2458 k->wk_pad = 0; 2459 } 2460 2461 /* 2462 * return 0 on error 2463 */ 2464 static int 2465 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k) 2466 { 2467 struct ieee80211com *ic = vap->iv_ic; 2468 struct run_softc *sc = ic->ic_ifp->if_softc; 2469 struct ieee80211_key *k0; 2470 uint32_t i; 2471 2472 /* 2473 * When called back, key might be gone. So, make a copy 2474 * of some values need to delete keys before deferring. 2475 * But, because of LOR with node lock, cannot use lock here. 2476 * So, use atomic instead. 2477 */ 2478 i = RUN_CMDQ_GET(&sc->cmdq_store); 2479 DPRINTF("cmdq_store=%d\n", i); 2480 sc->cmdq[i].func = run_key_delete_cb; 2481 sc->cmdq[i].arg0 = NULL; 2482 sc->cmdq[i].arg1 = sc; 2483 k0 = &sc->cmdq[i].key; 2484 k0->wk_flags = k->wk_flags; 2485 k0->wk_keyix = k->wk_keyix; 2486 /* matching wcid was written to wk_pad in run_key_set() */ 2487 k0->wk_pad = k->wk_pad; 2488 ieee80211_runtask(ic, &sc->cmdq_task); 2489 return (1); /* return fake success */ 2490 2491 } 2492 2493 static void 2494 run_ratectl_to(void *arg) 2495 { 2496 struct run_softc *sc = arg; 2497 2498 /* do it in a process context, so it can go sleep */ 2499 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task); 2500 /* next timeout will be rescheduled in the callback task */ 2501 } 2502 2503 /* ARGSUSED */ 2504 static void 2505 run_ratectl_cb(void *arg, int pending) 2506 { 2507 struct run_softc *sc = arg; 2508 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 2509 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 2510 2511 if (vap == NULL) 2512 return; 2513 2514 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) { 2515 /* 2516 * run_reset_livelock() doesn't do anything with AMRR, 2517 * but Ralink wants us to call it every 1 sec. So, we 2518 * piggyback here rather than creating another callout. 2519 * Livelock may occur only in HOSTAP or IBSS mode 2520 * (when h/w is sending beacons). 2521 */ 2522 RUN_LOCK(sc); 2523 run_reset_livelock(sc); 2524 /* just in case, there are some stats to drain */ 2525 run_drain_fifo(sc); 2526 RUN_UNLOCK(sc); 2527 } 2528 2529 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc); 2530 2531 RUN_LOCK(sc); 2532 if(sc->ratectl_run != RUN_RATECTL_OFF) 2533 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2534 RUN_UNLOCK(sc); 2535 } 2536 2537 static void 2538 run_drain_fifo(void *arg) 2539 { 2540 struct run_softc *sc = arg; 2541 struct ifnet *ifp = sc->sc_ifp; 2542 uint32_t stat; 2543 uint16_t (*wstat)[3]; 2544 uint8_t wcid, mcs, pid; 2545 int8_t retry; 2546 2547 RUN_LOCK_ASSERT(sc, MA_OWNED); 2548 2549 for (;;) { 2550 /* drain Tx status FIFO (maxsize = 16) */ 2551 run_read(sc, RT2860_TX_STAT_FIFO, &stat); 2552 DPRINTFN(4, "tx stat 0x%08x\n", stat); 2553 if (!(stat & RT2860_TXQ_VLD)) 2554 break; 2555 2556 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; 2557 2558 /* if no ACK was requested, no feedback is available */ 2559 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX || 2560 wcid == 0) 2561 continue; 2562 2563 /* 2564 * Even though each stat is Tx-complete-status like format, 2565 * the device can poll stats. Because there is no guarantee 2566 * that the referring node is still around when read the stats. 2567 * So that, if we use ieee80211_ratectl_tx_update(), we will 2568 * have hard time not to refer already freed node. 2569 * 2570 * To eliminate such page faults, we poll stats in softc. 2571 * Then, update the rates later with ieee80211_ratectl_tx_update(). 2572 */ 2573 wstat = &(sc->wcid_stats[wcid]); 2574 (*wstat)[RUN_TXCNT]++; 2575 if (stat & RT2860_TXQ_OK) 2576 (*wstat)[RUN_SUCCESS]++; 2577 else 2578 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 2579 /* 2580 * Check if there were retries, ie if the Tx success rate is 2581 * different from the requested rate. Note that it works only 2582 * because we do not allow rate fallback from OFDM to CCK. 2583 */ 2584 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f; 2585 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf; 2586 if ((retry = pid -1 - mcs) > 0) { 2587 (*wstat)[RUN_TXCNT] += retry; 2588 (*wstat)[RUN_RETRY] += retry; 2589 } 2590 } 2591 DPRINTFN(3, "count=%d\n", sc->fifo_cnt); 2592 2593 sc->fifo_cnt = 0; 2594 } 2595 2596 static void 2597 run_iter_func(void *arg, struct ieee80211_node *ni) 2598 { 2599 struct run_softc *sc = arg; 2600 struct ieee80211vap *vap = ni->ni_vap; 2601 struct ieee80211com *ic = ni->ni_ic; 2602 struct ifnet *ifp = ic->ic_ifp; 2603 struct run_node *rn = (void *)ni; 2604 union run_stats sta[2]; 2605 uint16_t (*wstat)[3]; 2606 int txcnt, success, retrycnt, error; 2607 2608 RUN_LOCK(sc); 2609 2610 /* Check for special case */ 2611 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA && 2612 ni != vap->iv_bss) 2613 goto fail; 2614 2615 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS || 2616 vap->iv_opmode == IEEE80211_M_STA)) { 2617 /* read statistic counters (clear on read) and update AMRR state */ 2618 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta, 2619 sizeof sta); 2620 if (error != 0) 2621 goto fail; 2622 2623 /* count failed TX as errors */ 2624 if_inc_counter(ifp, IFCOUNTER_OERRORS, le16toh(sta[0].error.fail)); 2625 2626 retrycnt = le16toh(sta[1].tx.retry); 2627 success = le16toh(sta[1].tx.success); 2628 txcnt = retrycnt + success + le16toh(sta[0].error.fail); 2629 2630 DPRINTFN(3, "retrycnt=%d success=%d failcnt=%d\n", 2631 retrycnt, success, le16toh(sta[0].error.fail)); 2632 } else { 2633 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]); 2634 2635 if (wstat == &(sc->wcid_stats[0]) || 2636 wstat > &(sc->wcid_stats[RT2870_WCID_MAX])) 2637 goto fail; 2638 2639 txcnt = (*wstat)[RUN_TXCNT]; 2640 success = (*wstat)[RUN_SUCCESS]; 2641 retrycnt = (*wstat)[RUN_RETRY]; 2642 DPRINTFN(3, "retrycnt=%d txcnt=%d success=%d\n", 2643 retrycnt, txcnt, success); 2644 2645 memset(wstat, 0, sizeof(*wstat)); 2646 } 2647 2648 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success, &retrycnt); 2649 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0); 2650 2651 fail: 2652 RUN_UNLOCK(sc); 2653 2654 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx); 2655 } 2656 2657 static void 2658 run_newassoc_cb(void *arg) 2659 { 2660 struct run_cmdq *cmdq = arg; 2661 struct ieee80211_node *ni = cmdq->arg1; 2662 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc; 2663 uint8_t wcid = cmdq->wcid; 2664 2665 RUN_LOCK_ASSERT(sc, MA_OWNED); 2666 2667 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid), 2668 ni->ni_macaddr, IEEE80211_ADDR_LEN); 2669 2670 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid])); 2671 } 2672 2673 static void 2674 run_newassoc(struct ieee80211_node *ni, int isnew) 2675 { 2676 struct run_node *rn = (void *)ni; 2677 struct ieee80211_rateset *rs = &ni->ni_rates; 2678 struct ieee80211vap *vap = ni->ni_vap; 2679 struct ieee80211com *ic = vap->iv_ic; 2680 struct run_softc *sc = ic->ic_ifp->if_softc; 2681 uint8_t rate; 2682 uint8_t ridx; 2683 uint8_t wcid; 2684 int i, j; 2685 2686 wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 2687 1 : RUN_AID2WCID(ni->ni_associd); 2688 2689 if (wcid > RT2870_WCID_MAX) { 2690 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid); 2691 return; 2692 } 2693 2694 /* only interested in true associations */ 2695 if (isnew && ni->ni_associd != 0) { 2696 2697 /* 2698 * This function could is called though timeout function. 2699 * Need to defer. 2700 */ 2701 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store); 2702 DPRINTF("cmdq_store=%d\n", cnt); 2703 sc->cmdq[cnt].func = run_newassoc_cb; 2704 sc->cmdq[cnt].arg0 = NULL; 2705 sc->cmdq[cnt].arg1 = ni; 2706 sc->cmdq[cnt].wcid = wcid; 2707 ieee80211_runtask(ic, &sc->cmdq_task); 2708 } 2709 2710 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n", 2711 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr)); 2712 2713 for (i = 0; i < rs->rs_nrates; i++) { 2714 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL; 2715 /* convert 802.11 rate to hardware rate index */ 2716 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2717 if (rt2860_rates[ridx].rate == rate) 2718 break; 2719 rn->ridx[i] = ridx; 2720 /* determine rate of control response frames */ 2721 for (j = i; j >= 0; j--) { 2722 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) && 2723 rt2860_rates[rn->ridx[i]].phy == 2724 rt2860_rates[rn->ridx[j]].phy) 2725 break; 2726 } 2727 if (j >= 0) { 2728 rn->ctl_ridx[i] = rn->ridx[j]; 2729 } else { 2730 /* no basic rate found, use mandatory one */ 2731 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx; 2732 } 2733 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n", 2734 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]); 2735 } 2736 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate; 2737 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 2738 if (rt2860_rates[ridx].rate == rate) 2739 break; 2740 rn->mgt_ridx = ridx; 2741 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx); 2742 2743 RUN_LOCK(sc); 2744 if(sc->ratectl_run != RUN_RATECTL_OFF) 2745 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc); 2746 RUN_UNLOCK(sc); 2747 } 2748 2749 /* 2750 * Return the Rx chain with the highest RSSI for a given frame. 2751 */ 2752 static __inline uint8_t 2753 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi) 2754 { 2755 uint8_t rxchain = 0; 2756 2757 if (sc->nrxchains > 1) { 2758 if (rxwi->rssi[1] > rxwi->rssi[rxchain]) 2759 rxchain = 1; 2760 if (sc->nrxchains > 2) 2761 if (rxwi->rssi[2] > rxwi->rssi[rxchain]) 2762 rxchain = 2; 2763 } 2764 return (rxchain); 2765 } 2766 2767 static void 2768 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen) 2769 { 2770 struct ifnet *ifp = sc->sc_ifp; 2771 struct ieee80211com *ic = ifp->if_l2com; 2772 struct ieee80211_frame *wh; 2773 struct ieee80211_node *ni; 2774 struct rt2870_rxd *rxd; 2775 struct rt2860_rxwi *rxwi; 2776 uint32_t flags; 2777 uint16_t len, rxwisize; 2778 uint8_t ant, rssi; 2779 int8_t nf; 2780 2781 rxwi = mtod(m, struct rt2860_rxwi *); 2782 len = le16toh(rxwi->len) & 0xfff; 2783 rxwisize = sizeof(struct rt2860_rxwi); 2784 if (sc->mac_ver == 0x5592) 2785 rxwisize += sizeof(uint64_t); 2786 else if (sc->mac_ver == 0x3593) 2787 rxwisize += sizeof(uint32_t); 2788 if (__predict_false(len > dmalen)) { 2789 m_freem(m); 2790 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 2791 DPRINTF("bad RXWI length %u > %u\n", len, dmalen); 2792 return; 2793 } 2794 /* Rx descriptor is located at the end */ 2795 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen); 2796 flags = le32toh(rxd->flags); 2797 2798 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) { 2799 m_freem(m); 2800 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 2801 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV"); 2802 return; 2803 } 2804 2805 m->m_data += rxwisize; 2806 m->m_pkthdr.len = m->m_len -= rxwisize; 2807 2808 wh = mtod(m, struct ieee80211_frame *); 2809 2810 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 2811 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 2812 m->m_flags |= M_WEP; 2813 } 2814 2815 if (flags & RT2860_RX_L2PAD) { 2816 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n"); 2817 len += 2; 2818 } 2819 2820 ni = ieee80211_find_rxnode(ic, 2821 mtod(m, struct ieee80211_frame_min *)); 2822 2823 if (__predict_false(flags & RT2860_RX_MICERR)) { 2824 /* report MIC failures to net80211 for TKIP */ 2825 if (ni != NULL) 2826 ieee80211_notify_michael_failure(ni->ni_vap, wh, 2827 rxwi->keyidx); 2828 m_freem(m); 2829 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 2830 DPRINTF("MIC error. Someone is lying.\n"); 2831 return; 2832 } 2833 2834 ant = run_maxrssi_chain(sc, rxwi); 2835 rssi = rxwi->rssi[ant]; 2836 nf = run_rssi2dbm(sc, rssi, ant); 2837 2838 m->m_pkthdr.rcvif = ifp; 2839 m->m_pkthdr.len = m->m_len = len; 2840 2841 if (ni != NULL) { 2842 (void)ieee80211_input(ni, m, rssi, nf); 2843 ieee80211_free_node(ni); 2844 } else { 2845 (void)ieee80211_input_all(ic, m, rssi, nf); 2846 } 2847 2848 if (__predict_false(ieee80211_radiotap_active(ic))) { 2849 struct run_rx_radiotap_header *tap = &sc->sc_rxtap; 2850 uint16_t phy; 2851 2852 tap->wr_flags = 0; 2853 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 2854 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 2855 tap->wr_antsignal = rssi; 2856 tap->wr_antenna = ant; 2857 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant); 2858 tap->wr_rate = 2; /* in case it can't be found below */ 2859 phy = le16toh(rxwi->phy); 2860 switch (phy & RT2860_PHY_MODE) { 2861 case RT2860_PHY_CCK: 2862 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) { 2863 case 0: tap->wr_rate = 2; break; 2864 case 1: tap->wr_rate = 4; break; 2865 case 2: tap->wr_rate = 11; break; 2866 case 3: tap->wr_rate = 22; break; 2867 } 2868 if (phy & RT2860_PHY_SHPRE) 2869 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 2870 break; 2871 case RT2860_PHY_OFDM: 2872 switch (phy & RT2860_PHY_MCS) { 2873 case 0: tap->wr_rate = 12; break; 2874 case 1: tap->wr_rate = 18; break; 2875 case 2: tap->wr_rate = 24; break; 2876 case 3: tap->wr_rate = 36; break; 2877 case 4: tap->wr_rate = 48; break; 2878 case 5: tap->wr_rate = 72; break; 2879 case 6: tap->wr_rate = 96; break; 2880 case 7: tap->wr_rate = 108; break; 2881 } 2882 break; 2883 } 2884 } 2885 } 2886 2887 static void 2888 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error) 2889 { 2890 struct run_softc *sc = usbd_xfer_softc(xfer); 2891 struct ifnet *ifp = sc->sc_ifp; 2892 struct mbuf *m = NULL; 2893 struct mbuf *m0; 2894 uint32_t dmalen; 2895 uint16_t rxwisize; 2896 int xferlen; 2897 2898 rxwisize = sizeof(struct rt2860_rxwi); 2899 if (sc->mac_ver == 0x5592) 2900 rxwisize += sizeof(uint64_t); 2901 else if (sc->mac_ver == 0x3593) 2902 rxwisize += sizeof(uint32_t); 2903 2904 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL); 2905 2906 switch (USB_GET_STATE(xfer)) { 2907 case USB_ST_TRANSFERRED: 2908 2909 DPRINTFN(15, "rx done, actlen=%d\n", xferlen); 2910 2911 if (xferlen < (int)(sizeof(uint32_t) + rxwisize + 2912 sizeof(struct rt2870_rxd))) { 2913 DPRINTF("xfer too short %d\n", xferlen); 2914 goto tr_setup; 2915 } 2916 2917 m = sc->rx_m; 2918 sc->rx_m = NULL; 2919 2920 /* FALLTHROUGH */ 2921 case USB_ST_SETUP: 2922 tr_setup: 2923 if (sc->rx_m == NULL) { 2924 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, 2925 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */); 2926 } 2927 if (sc->rx_m == NULL) { 2928 DPRINTF("could not allocate mbuf - idle with stall\n"); 2929 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 2930 usbd_xfer_set_stall(xfer); 2931 usbd_xfer_set_frames(xfer, 0); 2932 } else { 2933 /* 2934 * Directly loading a mbuf cluster into DMA to 2935 * save some data copying. This works because 2936 * there is only one cluster. 2937 */ 2938 usbd_xfer_set_frame_data(xfer, 0, 2939 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ); 2940 usbd_xfer_set_frames(xfer, 1); 2941 } 2942 usbd_transfer_submit(xfer); 2943 break; 2944 2945 default: /* Error */ 2946 if (error != USB_ERR_CANCELLED) { 2947 /* try to clear stall first */ 2948 usbd_xfer_set_stall(xfer); 2949 2950 if (error == USB_ERR_TIMEOUT) 2951 device_printf(sc->sc_dev, "device timeout\n"); 2952 2953 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 2954 2955 goto tr_setup; 2956 } 2957 if (sc->rx_m != NULL) { 2958 m_freem(sc->rx_m); 2959 sc->rx_m = NULL; 2960 } 2961 break; 2962 } 2963 2964 if (m == NULL) 2965 return; 2966 2967 /* inputting all the frames must be last */ 2968 2969 RUN_UNLOCK(sc); 2970 2971 m->m_pkthdr.len = m->m_len = xferlen; 2972 2973 /* HW can aggregate multiple 802.11 frames in a single USB xfer */ 2974 for(;;) { 2975 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff; 2976 2977 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) || 2978 ((dmalen & 3) != 0)) { 2979 DPRINTF("bad DMA length %u\n", dmalen); 2980 break; 2981 } 2982 if ((dmalen + 8) > (uint32_t)xferlen) { 2983 DPRINTF("bad DMA length %u > %d\n", 2984 dmalen + 8, xferlen); 2985 break; 2986 } 2987 2988 /* If it is the last one or a single frame, we won't copy. */ 2989 if ((xferlen -= dmalen + 8) <= 8) { 2990 /* trim 32-bit DMA-len header */ 2991 m->m_data += 4; 2992 m->m_pkthdr.len = m->m_len -= 4; 2993 run_rx_frame(sc, m, dmalen); 2994 m = NULL; /* don't free source buffer */ 2995 break; 2996 } 2997 2998 /* copy aggregated frames to another mbuf */ 2999 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 3000 if (__predict_false(m0 == NULL)) { 3001 DPRINTF("could not allocate mbuf\n"); 3002 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 3003 break; 3004 } 3005 m_copydata(m, 4 /* skip 32-bit DMA-len header */, 3006 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t)); 3007 m0->m_pkthdr.len = m0->m_len = 3008 dmalen + sizeof(struct rt2870_rxd); 3009 run_rx_frame(sc, m0, dmalen); 3010 3011 /* update data ptr */ 3012 m->m_data += dmalen + 8; 3013 m->m_pkthdr.len = m->m_len -= dmalen + 8; 3014 } 3015 3016 /* make sure we free the source buffer, if any */ 3017 m_freem(m); 3018 3019 RUN_LOCK(sc); 3020 } 3021 3022 static void 3023 run_tx_free(struct run_endpoint_queue *pq, 3024 struct run_tx_data *data, int txerr) 3025 { 3026 if (data->m != NULL) { 3027 if (data->m->m_flags & M_TXCB) 3028 ieee80211_process_callback(data->ni, data->m, 3029 txerr ? ETIMEDOUT : 0); 3030 m_freem(data->m); 3031 data->m = NULL; 3032 3033 if (data->ni == NULL) { 3034 DPRINTF("no node\n"); 3035 } else { 3036 ieee80211_free_node(data->ni); 3037 data->ni = NULL; 3038 } 3039 } 3040 3041 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next); 3042 pq->tx_nfree++; 3043 } 3044 3045 static void 3046 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index) 3047 { 3048 struct run_softc *sc = usbd_xfer_softc(xfer); 3049 struct ifnet *ifp = sc->sc_ifp; 3050 struct ieee80211com *ic = ifp->if_l2com; 3051 struct run_tx_data *data; 3052 struct ieee80211vap *vap = NULL; 3053 struct usb_page_cache *pc; 3054 struct run_endpoint_queue *pq = &sc->sc_epq[index]; 3055 struct mbuf *m; 3056 usb_frlength_t size; 3057 int actlen; 3058 int sumlen; 3059 3060 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL); 3061 3062 switch (USB_GET_STATE(xfer)) { 3063 case USB_ST_TRANSFERRED: 3064 DPRINTFN(11, "transfer complete: %d " 3065 "bytes @ index %d\n", actlen, index); 3066 3067 data = usbd_xfer_get_priv(xfer); 3068 3069 run_tx_free(pq, data, 0); 3070 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 3071 3072 usbd_xfer_set_priv(xfer, NULL); 3073 3074 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 3075 3076 /* FALLTHROUGH */ 3077 case USB_ST_SETUP: 3078 tr_setup: 3079 data = STAILQ_FIRST(&pq->tx_qh); 3080 if (data == NULL) 3081 break; 3082 3083 STAILQ_REMOVE_HEAD(&pq->tx_qh, next); 3084 3085 m = data->m; 3086 size = (sc->mac_ver == 0x5592) ? 3087 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc); 3088 if ((m->m_pkthdr.len + 3089 size + 3 + 8) > RUN_MAX_TXSZ) { 3090 DPRINTF("data overflow, %u bytes\n", 3091 m->m_pkthdr.len); 3092 3093 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 3094 3095 run_tx_free(pq, data, 1); 3096 3097 goto tr_setup; 3098 } 3099 3100 pc = usbd_xfer_get_frame(xfer, 0); 3101 usbd_copy_in(pc, 0, &data->desc, size); 3102 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len); 3103 size += m->m_pkthdr.len; 3104 /* 3105 * Align end on a 4-byte boundary, pad 8 bytes (CRC + 3106 * 4-byte padding), and be sure to zero those trailing 3107 * bytes: 3108 */ 3109 usbd_frame_zero(pc, size, ((-size) & 3) + 8); 3110 size += ((-size) & 3) + 8; 3111 3112 vap = data->ni->ni_vap; 3113 if (ieee80211_radiotap_active_vap(vap)) { 3114 struct run_tx_radiotap_header *tap = &sc->sc_txtap; 3115 struct rt2860_txwi *txwi = 3116 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd)); 3117 tap->wt_flags = 0; 3118 tap->wt_rate = rt2860_rates[data->ridx].rate; 3119 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 3120 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 3121 tap->wt_hwqueue = index; 3122 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE) 3123 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE; 3124 3125 ieee80211_radiotap_tx(vap, m); 3126 } 3127 3128 DPRINTFN(11, "sending frame len=%u/%u @ index %d\n", 3129 m->m_pkthdr.len, size, index); 3130 3131 usbd_xfer_set_frame_len(xfer, 0, size); 3132 usbd_xfer_set_priv(xfer, data); 3133 3134 usbd_transfer_submit(xfer); 3135 3136 RUN_UNLOCK(sc); 3137 run_start(ifp); 3138 RUN_LOCK(sc); 3139 3140 break; 3141 3142 default: 3143 DPRINTF("USB transfer error, %s\n", 3144 usbd_errstr(error)); 3145 3146 data = usbd_xfer_get_priv(xfer); 3147 3148 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 3149 3150 if (data != NULL) { 3151 if(data->ni != NULL) 3152 vap = data->ni->ni_vap; 3153 run_tx_free(pq, data, error); 3154 usbd_xfer_set_priv(xfer, NULL); 3155 } 3156 if (vap == NULL) 3157 vap = TAILQ_FIRST(&ic->ic_vaps); 3158 3159 if (error != USB_ERR_CANCELLED) { 3160 if (error == USB_ERR_TIMEOUT) { 3161 device_printf(sc->sc_dev, "device timeout\n"); 3162 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3163 DPRINTF("cmdq_store=%d\n", i); 3164 sc->cmdq[i].func = run_usb_timeout_cb; 3165 sc->cmdq[i].arg0 = vap; 3166 ieee80211_runtask(ic, &sc->cmdq_task); 3167 } 3168 3169 /* 3170 * Try to clear stall first, also if other 3171 * errors occur, hence clearing stall 3172 * introduces a 50 ms delay: 3173 */ 3174 usbd_xfer_set_stall(xfer); 3175 goto tr_setup; 3176 } 3177 break; 3178 } 3179 } 3180 3181 static void 3182 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error) 3183 { 3184 run_bulk_tx_callbackN(xfer, error, 0); 3185 } 3186 3187 static void 3188 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error) 3189 { 3190 run_bulk_tx_callbackN(xfer, error, 1); 3191 } 3192 3193 static void 3194 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error) 3195 { 3196 run_bulk_tx_callbackN(xfer, error, 2); 3197 } 3198 3199 static void 3200 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error) 3201 { 3202 run_bulk_tx_callbackN(xfer, error, 3); 3203 } 3204 3205 static void 3206 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error) 3207 { 3208 run_bulk_tx_callbackN(xfer, error, 4); 3209 } 3210 3211 static void 3212 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error) 3213 { 3214 run_bulk_tx_callbackN(xfer, error, 5); 3215 } 3216 3217 static void 3218 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data) 3219 { 3220 struct mbuf *m = data->m; 3221 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3222 struct ieee80211vap *vap = data->ni->ni_vap; 3223 struct ieee80211_frame *wh; 3224 struct rt2870_txd *txd; 3225 struct rt2860_txwi *txwi; 3226 uint16_t xferlen, txwisize; 3227 uint16_t mcs; 3228 uint8_t ridx = data->ridx; 3229 uint8_t pad; 3230 3231 /* get MCS code from rate index */ 3232 mcs = rt2860_rates[ridx].mcs; 3233 3234 txwisize = (sc->mac_ver == 0x5592) ? 3235 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi); 3236 xferlen = txwisize + m->m_pkthdr.len; 3237 3238 /* roundup to 32-bit alignment */ 3239 xferlen = (xferlen + 3) & ~3; 3240 3241 txd = (struct rt2870_txd *)&data->desc; 3242 txd->len = htole16(xferlen); 3243 3244 wh = mtod(m, struct ieee80211_frame *); 3245 3246 /* 3247 * Ether both are true or both are false, the header 3248 * are nicely aligned to 32-bit. So, no L2 padding. 3249 */ 3250 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh)) 3251 pad = 0; 3252 else 3253 pad = 2; 3254 3255 /* setup TX Wireless Information */ 3256 txwi = (struct rt2860_txwi *)(txd + 1); 3257 txwi->len = htole16(m->m_pkthdr.len - pad); 3258 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) { 3259 mcs |= RT2860_PHY_CCK; 3260 if (ridx != RT2860_RIDX_CCK1 && 3261 (ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 3262 mcs |= RT2860_PHY_SHPRE; 3263 } else 3264 mcs |= RT2860_PHY_OFDM; 3265 txwi->phy = htole16(mcs); 3266 3267 /* check if RTS/CTS or CTS-to-self protection is required */ 3268 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3269 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold || 3270 ((ic->ic_flags & IEEE80211_F_USEPROT) && 3271 rt2860_rates[ridx].phy == IEEE80211_T_OFDM))) 3272 txwi->txop |= RT2860_TX_TXOP_HT; 3273 else 3274 txwi->txop |= RT2860_TX_TXOP_BACKOFF; 3275 3276 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh)) 3277 txwi->xflags |= RT2860_TX_NSEQ; 3278 } 3279 3280 /* This function must be called locked */ 3281 static int 3282 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3283 { 3284 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3285 struct ieee80211vap *vap = ni->ni_vap; 3286 struct ieee80211_frame *wh; 3287 struct ieee80211_channel *chan; 3288 const struct ieee80211_txparam *tp; 3289 struct run_node *rn = (void *)ni; 3290 struct run_tx_data *data; 3291 struct rt2870_txd *txd; 3292 struct rt2860_txwi *txwi; 3293 uint16_t qos; 3294 uint16_t dur; 3295 uint16_t qid; 3296 uint8_t type; 3297 uint8_t tid; 3298 uint8_t ridx; 3299 uint8_t ctl_ridx; 3300 uint8_t qflags; 3301 uint8_t xflags = 0; 3302 int hasqos; 3303 3304 RUN_LOCK_ASSERT(sc, MA_OWNED); 3305 3306 wh = mtod(m, struct ieee80211_frame *); 3307 3308 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3309 3310 /* 3311 * There are 7 bulk endpoints: 1 for RX 3312 * and 6 for TX (4 EDCAs + HCCA + Prio). 3313 * Update 03-14-2009: some devices like the Planex GW-US300MiniS 3314 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki). 3315 */ 3316 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) { 3317 uint8_t *frm; 3318 3319 if(IEEE80211_HAS_ADDR4(wh)) 3320 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos; 3321 else 3322 frm =((struct ieee80211_qosframe *)wh)->i_qos; 3323 3324 qos = le16toh(*(const uint16_t *)frm); 3325 tid = qos & IEEE80211_QOS_TID; 3326 qid = TID_TO_WME_AC(tid); 3327 } else { 3328 qos = 0; 3329 tid = 0; 3330 qid = WME_AC_BE; 3331 } 3332 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA; 3333 3334 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n", 3335 qos, qid, tid, qflags); 3336 3337 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan; 3338 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)]; 3339 3340 /* pickup a rate index */ 3341 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 3342 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) { 3343 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 3344 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 3345 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3346 } else { 3347 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) 3348 ridx = rn->fix_ridx; 3349 else 3350 ridx = rn->amrr_ridx; 3351 ctl_ridx = rt2860_rates[ridx].ctl_ridx; 3352 } 3353 3354 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) && 3355 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) != 3356 IEEE80211_QOS_ACKPOLICY_NOACK)) { 3357 xflags |= RT2860_TX_ACK; 3358 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 3359 dur = rt2860_rates[ctl_ridx].sp_ack_dur; 3360 else 3361 dur = rt2860_rates[ctl_ridx].lp_ack_dur; 3362 USETW(wh->i_dur, dur); 3363 } 3364 3365 /* reserve slots for mgmt packets, just in case */ 3366 if (sc->sc_epq[qid].tx_nfree < 3) { 3367 DPRINTFN(10, "tx ring %d is full\n", qid); 3368 return (-1); 3369 } 3370 3371 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh); 3372 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next); 3373 sc->sc_epq[qid].tx_nfree--; 3374 3375 txd = (struct rt2870_txd *)&data->desc; 3376 txd->flags = qflags; 3377 txwi = (struct rt2860_txwi *)(txd + 1); 3378 txwi->xflags = xflags; 3379 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 3380 txwi->wcid = 0; 3381 else 3382 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ? 3383 1 : RUN_AID2WCID(ni->ni_associd); 3384 3385 /* clear leftover garbage bits */ 3386 txwi->flags = 0; 3387 txwi->txop = 0; 3388 3389 data->m = m; 3390 data->ni = ni; 3391 data->ridx = ridx; 3392 3393 run_set_tx_desc(sc, data); 3394 3395 /* 3396 * The chip keeps track of 2 kind of Tx stats, 3397 * * TX_STAT_FIFO, for per WCID stats, and 3398 * * TX_STA_CNT0 for all-TX-in-one stats. 3399 * 3400 * To use FIFO stats, we need to store MCS into the driver-private 3401 * PacketID field. So that, we can tell whose stats when we read them. 3402 * We add 1 to the MCS because setting the PacketID field to 0 means 3403 * that we don't want feedback in TX_STAT_FIFO. 3404 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job. 3405 * 3406 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx(). 3407 */ 3408 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP || 3409 vap->iv_opmode == IEEE80211_M_MBSS) { 3410 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf; 3411 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT); 3412 3413 /* 3414 * Unlike PCI based devices, we don't get any interrupt from 3415 * USB devices, so we simulate FIFO-is-full interrupt here. 3416 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots 3417 * quickly get fulled. To prevent overflow, increment a counter on 3418 * every FIFO stat request, so we know how many slots are left. 3419 * We do this only in HOSTAP or multiple vap mode since FIFO stats 3420 * are used only in those modes. 3421 * We just drain stats. AMRR gets updated every 1 sec by 3422 * run_ratectl_cb() via callout. 3423 * Call it early. Otherwise overflow. 3424 */ 3425 if (sc->fifo_cnt++ == 10) { 3426 /* 3427 * With multiple vaps or if_bridge, if_start() is called 3428 * with a non-sleepable lock, tcpinp. So, need to defer. 3429 */ 3430 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store); 3431 DPRINTFN(6, "cmdq_store=%d\n", i); 3432 sc->cmdq[i].func = run_drain_fifo; 3433 sc->cmdq[i].arg0 = sc; 3434 ieee80211_runtask(ic, &sc->cmdq_task); 3435 } 3436 } 3437 3438 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next); 3439 3440 usbd_transfer_start(sc->sc_xfer[qid]); 3441 3442 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", 3443 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) + 3444 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid); 3445 3446 return (0); 3447 } 3448 3449 static int 3450 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni) 3451 { 3452 struct ifnet *ifp = sc->sc_ifp; 3453 struct ieee80211com *ic = ifp->if_l2com; 3454 struct run_node *rn = (void *)ni; 3455 struct run_tx_data *data; 3456 struct ieee80211_frame *wh; 3457 struct rt2870_txd *txd; 3458 struct rt2860_txwi *txwi; 3459 uint16_t dur; 3460 uint8_t ridx = rn->mgt_ridx; 3461 uint8_t type; 3462 uint8_t xflags = 0; 3463 uint8_t wflags = 0; 3464 3465 RUN_LOCK_ASSERT(sc, MA_OWNED); 3466 3467 wh = mtod(m, struct ieee80211_frame *); 3468 3469 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3470 3471 /* tell hardware to add timestamp for probe responses */ 3472 if ((wh->i_fc[0] & 3473 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) == 3474 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP)) 3475 wflags |= RT2860_TX_TS; 3476 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { 3477 xflags |= RT2860_TX_ACK; 3478 3479 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate, 3480 ic->ic_flags & IEEE80211_F_SHPREAMBLE); 3481 USETW(wh->i_dur, dur); 3482 } 3483 3484 if (sc->sc_epq[0].tx_nfree == 0) { 3485 /* let caller free mbuf */ 3486 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3487 return (EIO); 3488 } 3489 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3490 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3491 sc->sc_epq[0].tx_nfree--; 3492 3493 txd = (struct rt2870_txd *)&data->desc; 3494 txd->flags = RT2860_TX_QSEL_EDCA; 3495 txwi = (struct rt2860_txwi *)(txd + 1); 3496 txwi->wcid = 0xff; 3497 txwi->flags = wflags; 3498 txwi->xflags = xflags; 3499 txwi->txop = 0; /* clear leftover garbage bits */ 3500 3501 data->m = m; 3502 data->ni = ni; 3503 data->ridx = ridx; 3504 3505 run_set_tx_desc(sc, data); 3506 3507 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len + 3508 (int)(sizeof(struct rt2870_txd) + sizeof(struct rt2860_txwi)), 3509 rt2860_rates[ridx].rate); 3510 3511 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3512 3513 usbd_transfer_start(sc->sc_xfer[0]); 3514 3515 return (0); 3516 } 3517 3518 static int 3519 run_sendprot(struct run_softc *sc, 3520 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate) 3521 { 3522 struct ieee80211com *ic = ni->ni_ic; 3523 struct ieee80211_frame *wh; 3524 struct run_tx_data *data; 3525 struct rt2870_txd *txd; 3526 struct rt2860_txwi *txwi; 3527 struct mbuf *mprot; 3528 int ridx; 3529 int protrate; 3530 int ackrate; 3531 int pktlen; 3532 int isshort; 3533 uint16_t dur; 3534 uint8_t type; 3535 uint8_t wflags = 0; 3536 uint8_t xflags = 0; 3537 3538 RUN_LOCK_ASSERT(sc, MA_OWNED); 3539 3540 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY, 3541 ("protection %d", prot)); 3542 3543 wh = mtod(m, struct ieee80211_frame *); 3544 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN; 3545 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3546 3547 protrate = ieee80211_ctl_rate(ic->ic_rt, rate); 3548 ackrate = ieee80211_ack_rate(ic->ic_rt, rate); 3549 3550 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0; 3551 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort) 3552 + ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3553 wflags = RT2860_TX_FRAG; 3554 3555 /* check that there are free slots before allocating the mbuf */ 3556 if (sc->sc_epq[0].tx_nfree == 0) { 3557 /* let caller free mbuf */ 3558 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3559 return (ENOBUFS); 3560 } 3561 3562 if (prot == IEEE80211_PROT_RTSCTS) { 3563 /* NB: CTS is the same size as an ACK */ 3564 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort); 3565 xflags |= RT2860_TX_ACK; 3566 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur); 3567 } else { 3568 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur); 3569 } 3570 if (mprot == NULL) { 3571 if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1); 3572 DPRINTF("could not allocate mbuf\n"); 3573 return (ENOBUFS); 3574 } 3575 3576 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3577 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3578 sc->sc_epq[0].tx_nfree--; 3579 3580 txd = (struct rt2870_txd *)&data->desc; 3581 txd->flags = RT2860_TX_QSEL_EDCA; 3582 txwi = (struct rt2860_txwi *)(txd + 1); 3583 txwi->wcid = 0xff; 3584 txwi->flags = wflags; 3585 txwi->xflags = xflags; 3586 txwi->txop = 0; /* clear leftover garbage bits */ 3587 3588 data->m = mprot; 3589 data->ni = ieee80211_ref_node(ni); 3590 3591 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3592 if (rt2860_rates[ridx].rate == protrate) 3593 break; 3594 data->ridx = ridx; 3595 3596 run_set_tx_desc(sc, data); 3597 3598 DPRINTFN(1, "sending prot len=%u rate=%u\n", 3599 m->m_pkthdr.len, rate); 3600 3601 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3602 3603 usbd_transfer_start(sc->sc_xfer[0]); 3604 3605 return (0); 3606 } 3607 3608 static int 3609 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni, 3610 const struct ieee80211_bpf_params *params) 3611 { 3612 struct ieee80211com *ic = ni->ni_ic; 3613 struct ieee80211_frame *wh; 3614 struct run_tx_data *data; 3615 struct rt2870_txd *txd; 3616 struct rt2860_txwi *txwi; 3617 uint8_t type; 3618 uint8_t ridx; 3619 uint8_t rate; 3620 uint8_t opflags = 0; 3621 uint8_t xflags = 0; 3622 int error; 3623 3624 RUN_LOCK_ASSERT(sc, MA_OWNED); 3625 3626 KASSERT(params != NULL, ("no raw xmit params")); 3627 3628 wh = mtod(m, struct ieee80211_frame *); 3629 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 3630 3631 rate = params->ibp_rate0; 3632 if (!ieee80211_isratevalid(ic->ic_rt, rate)) { 3633 /* let caller free mbuf */ 3634 return (EINVAL); 3635 } 3636 3637 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) 3638 xflags |= RT2860_TX_ACK; 3639 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) { 3640 error = run_sendprot(sc, m, ni, 3641 params->ibp_flags & IEEE80211_BPF_RTS ? 3642 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY, 3643 rate); 3644 if (error) { 3645 /* let caller free mbuf */ 3646 return error; 3647 } 3648 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS; 3649 } 3650 3651 if (sc->sc_epq[0].tx_nfree == 0) { 3652 /* let caller free mbuf */ 3653 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3654 DPRINTF("sending raw frame, but tx ring is full\n"); 3655 return (EIO); 3656 } 3657 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh); 3658 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next); 3659 sc->sc_epq[0].tx_nfree--; 3660 3661 txd = (struct rt2870_txd *)&data->desc; 3662 txd->flags = RT2860_TX_QSEL_EDCA; 3663 txwi = (struct rt2860_txwi *)(txd + 1); 3664 txwi->wcid = 0xff; 3665 txwi->xflags = xflags; 3666 txwi->txop = opflags; 3667 txwi->flags = 0; /* clear leftover garbage bits */ 3668 3669 data->m = m; 3670 data->ni = ni; 3671 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++) 3672 if (rt2860_rates[ridx].rate == rate) 3673 break; 3674 data->ridx = ridx; 3675 3676 run_set_tx_desc(sc, data); 3677 3678 DPRINTFN(10, "sending raw frame len=%u rate=%u\n", 3679 m->m_pkthdr.len, rate); 3680 3681 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next); 3682 3683 usbd_transfer_start(sc->sc_xfer[0]); 3684 3685 return (0); 3686 } 3687 3688 static int 3689 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 3690 const struct ieee80211_bpf_params *params) 3691 { 3692 struct ifnet *ifp = ni->ni_ic->ic_ifp; 3693 struct run_softc *sc = ifp->if_softc; 3694 int error = 0; 3695 3696 RUN_LOCK(sc); 3697 3698 /* prevent management frames from being sent if we're not ready */ 3699 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 3700 error = ENETDOWN; 3701 goto done; 3702 } 3703 3704 if (params == NULL) { 3705 /* tx mgt packet */ 3706 if ((error = run_tx_mgt(sc, m, ni)) != 0) { 3707 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 3708 DPRINTF("mgt tx failed\n"); 3709 goto done; 3710 } 3711 } else { 3712 /* tx raw packet with param */ 3713 if ((error = run_tx_param(sc, m, ni, params)) != 0) { 3714 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 3715 DPRINTF("tx with param failed\n"); 3716 goto done; 3717 } 3718 } 3719 3720 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 3721 3722 done: 3723 RUN_UNLOCK(sc); 3724 3725 if (error != 0) { 3726 if(m != NULL) 3727 m_freem(m); 3728 ieee80211_free_node(ni); 3729 } 3730 3731 return (error); 3732 } 3733 3734 static void 3735 run_start(struct ifnet *ifp) 3736 { 3737 struct run_softc *sc = ifp->if_softc; 3738 struct ieee80211_node *ni; 3739 struct mbuf *m; 3740 3741 RUN_LOCK(sc); 3742 3743 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 3744 RUN_UNLOCK(sc); 3745 return; 3746 } 3747 3748 for (;;) { 3749 /* send data frames */ 3750 IFQ_DRV_DEQUEUE(&ifp->if_snd, m); 3751 if (m == NULL) 3752 break; 3753 3754 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 3755 if (run_tx(sc, m, ni) != 0) { 3756 IFQ_DRV_PREPEND(&ifp->if_snd, m); 3757 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 3758 break; 3759 } 3760 } 3761 3762 RUN_UNLOCK(sc); 3763 } 3764 3765 static int 3766 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 3767 { 3768 struct run_softc *sc = ifp->if_softc; 3769 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 3770 struct ifreq *ifr = (struct ifreq *) data; 3771 int startall = 0; 3772 int error; 3773 3774 RUN_LOCK(sc); 3775 error = sc->sc_detached ? ENXIO : 0; 3776 RUN_UNLOCK(sc); 3777 if (error) 3778 return (error); 3779 3780 switch (cmd) { 3781 case SIOCSIFFLAGS: 3782 RUN_LOCK(sc); 3783 if (ifp->if_flags & IFF_UP) { 3784 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){ 3785 startall = 1; 3786 run_init_locked(sc); 3787 } else 3788 run_update_promisc_locked(ifp); 3789 } else { 3790 if (ifp->if_drv_flags & IFF_DRV_RUNNING && 3791 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)) { 3792 run_stop(sc); 3793 } 3794 } 3795 RUN_UNLOCK(sc); 3796 if (startall) 3797 ieee80211_start_all(ic); 3798 break; 3799 case SIOCGIFMEDIA: 3800 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); 3801 break; 3802 case SIOCGIFADDR: 3803 error = ether_ioctl(ifp, cmd, data); 3804 break; 3805 default: 3806 error = EINVAL; 3807 break; 3808 } 3809 3810 return (error); 3811 } 3812 3813 static void 3814 run_iq_calib(struct run_softc *sc, u_int chan) 3815 { 3816 uint16_t val; 3817 3818 /* Tx0 IQ gain. */ 3819 run_bbp_write(sc, 158, 0x2c); 3820 if (chan <= 14) 3821 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1); 3822 else if (chan <= 64) { 3823 run_efuse_read(sc, 3824 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ, 3825 &val, 1); 3826 } else if (chan <= 138) { 3827 run_efuse_read(sc, 3828 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ, 3829 &val, 1); 3830 } else if (chan <= 165) { 3831 run_efuse_read(sc, 3832 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ, 3833 &val, 1); 3834 } else 3835 val = 0; 3836 run_bbp_write(sc, 159, val); 3837 3838 /* Tx0 IQ phase. */ 3839 run_bbp_write(sc, 158, 0x2d); 3840 if (chan <= 14) { 3841 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ, 3842 &val, 1); 3843 } else if (chan <= 64) { 3844 run_efuse_read(sc, 3845 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ, 3846 &val, 1); 3847 } else if (chan <= 138) { 3848 run_efuse_read(sc, 3849 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ, 3850 &val, 1); 3851 } else if (chan <= 165) { 3852 run_efuse_read(sc, 3853 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ, 3854 &val, 1); 3855 } else 3856 val = 0; 3857 run_bbp_write(sc, 159, val); 3858 3859 /* Tx1 IQ gain. */ 3860 run_bbp_write(sc, 158, 0x4a); 3861 if (chan <= 14) { 3862 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ, 3863 &val, 1); 3864 } else if (chan <= 64) { 3865 run_efuse_read(sc, 3866 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ, 3867 &val, 1); 3868 } else if (chan <= 138) { 3869 run_efuse_read(sc, 3870 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ, 3871 &val, 1); 3872 } else if (chan <= 165) { 3873 run_efuse_read(sc, 3874 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ, 3875 &val, 1); 3876 } else 3877 val = 0; 3878 run_bbp_write(sc, 159, val); 3879 3880 /* Tx1 IQ phase. */ 3881 run_bbp_write(sc, 158, 0x4b); 3882 if (chan <= 14) { 3883 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ, 3884 &val, 1); 3885 } else if (chan <= 64) { 3886 run_efuse_read(sc, 3887 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ, 3888 &val, 1); 3889 } else if (chan <= 138) { 3890 run_efuse_read(sc, 3891 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ, 3892 &val, 1); 3893 } else if (chan <= 165) { 3894 run_efuse_read(sc, 3895 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ, 3896 &val, 1); 3897 } else 3898 val = 0; 3899 run_bbp_write(sc, 159, val); 3900 3901 /* RF IQ compensation control. */ 3902 run_bbp_write(sc, 158, 0x04); 3903 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL, 3904 &val, 1); 3905 run_bbp_write(sc, 159, val); 3906 3907 /* RF IQ imbalance compensation control. */ 3908 run_bbp_write(sc, 158, 0x03); 3909 run_efuse_read(sc, 3910 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1); 3911 run_bbp_write(sc, 159, val); 3912 } 3913 3914 static void 3915 run_set_agc(struct run_softc *sc, uint8_t agc) 3916 { 3917 uint8_t bbp; 3918 3919 if (sc->mac_ver == 0x3572) { 3920 run_bbp_read(sc, 27, &bbp); 3921 bbp &= ~(0x3 << 5); 3922 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */ 3923 run_bbp_write(sc, 66, agc); 3924 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */ 3925 run_bbp_write(sc, 66, agc); 3926 } else 3927 run_bbp_write(sc, 66, agc); 3928 } 3929 3930 static void 3931 run_select_chan_group(struct run_softc *sc, int group) 3932 { 3933 uint32_t tmp; 3934 uint8_t agc; 3935 3936 run_bbp_write(sc, 62, 0x37 - sc->lna[group]); 3937 run_bbp_write(sc, 63, 0x37 - sc->lna[group]); 3938 run_bbp_write(sc, 64, 0x37 - sc->lna[group]); 3939 if (sc->mac_ver < 0x3572) 3940 run_bbp_write(sc, 86, 0x00); 3941 3942 if (sc->mac_ver == 0x3593) { 3943 run_bbp_write(sc, 77, 0x98); 3944 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a); 3945 } 3946 3947 if (group == 0) { 3948 if (sc->ext_2ghz_lna) { 3949 if (sc->mac_ver >= 0x5390) 3950 run_bbp_write(sc, 75, 0x52); 3951 else { 3952 run_bbp_write(sc, 82, 0x62); 3953 run_bbp_write(sc, 75, 0x46); 3954 } 3955 } else { 3956 if (sc->mac_ver == 0x5592) { 3957 run_bbp_write(sc, 79, 0x1c); 3958 run_bbp_write(sc, 80, 0x0e); 3959 run_bbp_write(sc, 81, 0x3a); 3960 run_bbp_write(sc, 82, 0x62); 3961 3962 run_bbp_write(sc, 195, 0x80); 3963 run_bbp_write(sc, 196, 0xe0); 3964 run_bbp_write(sc, 195, 0x81); 3965 run_bbp_write(sc, 196, 0x1f); 3966 run_bbp_write(sc, 195, 0x82); 3967 run_bbp_write(sc, 196, 0x38); 3968 run_bbp_write(sc, 195, 0x83); 3969 run_bbp_write(sc, 196, 0x32); 3970 run_bbp_write(sc, 195, 0x85); 3971 run_bbp_write(sc, 196, 0x28); 3972 run_bbp_write(sc, 195, 0x86); 3973 run_bbp_write(sc, 196, 0x19); 3974 } else if (sc->mac_ver >= 0x5390) 3975 run_bbp_write(sc, 75, 0x50); 3976 else { 3977 run_bbp_write(sc, 82, 3978 (sc->mac_ver == 0x3593) ? 0x62 : 0x84); 3979 run_bbp_write(sc, 75, 0x50); 3980 } 3981 } 3982 } else { 3983 if (sc->mac_ver == 0x5592) { 3984 run_bbp_write(sc, 79, 0x18); 3985 run_bbp_write(sc, 80, 0x08); 3986 run_bbp_write(sc, 81, 0x38); 3987 run_bbp_write(sc, 82, 0x92); 3988 3989 run_bbp_write(sc, 195, 0x80); 3990 run_bbp_write(sc, 196, 0xf0); 3991 run_bbp_write(sc, 195, 0x81); 3992 run_bbp_write(sc, 196, 0x1e); 3993 run_bbp_write(sc, 195, 0x82); 3994 run_bbp_write(sc, 196, 0x28); 3995 run_bbp_write(sc, 195, 0x83); 3996 run_bbp_write(sc, 196, 0x20); 3997 run_bbp_write(sc, 195, 0x85); 3998 run_bbp_write(sc, 196, 0x7f); 3999 run_bbp_write(sc, 195, 0x86); 4000 run_bbp_write(sc, 196, 0x7f); 4001 } else if (sc->mac_ver == 0x3572) 4002 run_bbp_write(sc, 82, 0x94); 4003 else 4004 run_bbp_write(sc, 82, 4005 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2); 4006 if (sc->ext_5ghz_lna) 4007 run_bbp_write(sc, 75, 0x46); 4008 else 4009 run_bbp_write(sc, 75, 0x50); 4010 } 4011 4012 run_read(sc, RT2860_TX_BAND_CFG, &tmp); 4013 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P); 4014 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P; 4015 run_write(sc, RT2860_TX_BAND_CFG, tmp); 4016 4017 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */ 4018 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN; 4019 if (sc->mac_ver == 0x3593) 4020 tmp |= 1 << 29 | 1 << 28; 4021 if (sc->nrxchains > 1) 4022 tmp |= RT2860_LNA_PE1_EN; 4023 if (group == 0) { /* 2GHz */ 4024 tmp |= RT2860_PA_PE_G0_EN; 4025 if (sc->ntxchains > 1) 4026 tmp |= RT2860_PA_PE_G1_EN; 4027 if (sc->mac_ver == 0x3593) { 4028 if (sc->ntxchains > 2) 4029 tmp |= 1 << 25; 4030 } 4031 } else { /* 5GHz */ 4032 tmp |= RT2860_PA_PE_A0_EN; 4033 if (sc->ntxchains > 1) 4034 tmp |= RT2860_PA_PE_A1_EN; 4035 } 4036 if (sc->mac_ver == 0x3572) { 4037 run_rt3070_rf_write(sc, 8, 0x00); 4038 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4039 run_rt3070_rf_write(sc, 8, 0x80); 4040 } else 4041 run_write(sc, RT2860_TX_PIN_CFG, tmp); 4042 4043 if (sc->mac_ver == 0x5592) { 4044 run_bbp_write(sc, 195, 0x8d); 4045 run_bbp_write(sc, 196, 0x1a); 4046 } 4047 4048 if (sc->mac_ver == 0x3593) { 4049 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4050 tmp &= ~0x01010000; 4051 if (group == 0) 4052 tmp |= 0x00010000; 4053 tmp = (tmp & ~0x00009090) | 0x00000090; 4054 run_write(sc, RT2860_GPIO_CTRL, tmp); 4055 } 4056 4057 /* set initial AGC value */ 4058 if (group == 0) { /* 2GHz band */ 4059 if (sc->mac_ver >= 0x3070) 4060 agc = 0x1c + sc->lna[0] * 2; 4061 else 4062 agc = 0x2e + sc->lna[0]; 4063 } else { /* 5GHz band */ 4064 if (sc->mac_ver == 0x5592) 4065 agc = 0x24 + sc->lna[group] * 2; 4066 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593) 4067 agc = 0x22 + (sc->lna[group] * 5) / 3; 4068 else 4069 agc = 0x32 + (sc->lna[group] * 5) / 3; 4070 } 4071 run_set_agc(sc, agc); 4072 } 4073 4074 static void 4075 run_rt2870_set_chan(struct run_softc *sc, u_int chan) 4076 { 4077 const struct rfprog *rfprog = rt2860_rf2850; 4078 uint32_t r2, r3, r4; 4079 int8_t txpow1, txpow2; 4080 int i; 4081 4082 /* find the settings for this channel (we know it exists) */ 4083 for (i = 0; rfprog[i].chan != chan; i++); 4084 4085 r2 = rfprog[i].r2; 4086 if (sc->ntxchains == 1) 4087 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */ 4088 if (sc->nrxchains == 1) 4089 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */ 4090 else if (sc->nrxchains == 2) 4091 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */ 4092 4093 /* use Tx power values from EEPROM */ 4094 txpow1 = sc->txpow1[i]; 4095 txpow2 = sc->txpow2[i]; 4096 4097 /* Initialize RF R3 and R4. */ 4098 r3 = rfprog[i].r3 & 0xffffc1ff; 4099 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15); 4100 if (chan > 14) { 4101 if (txpow1 >= 0) { 4102 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1); 4103 r3 |= (txpow1 << 10) | (1 << 9); 4104 } else { 4105 txpow1 += 7; 4106 4107 /* txpow1 is not possible larger than 15. */ 4108 r3 |= (txpow1 << 10); 4109 } 4110 if (txpow2 >= 0) { 4111 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2); 4112 r4 |= (txpow2 << 7) | (1 << 6); 4113 } else { 4114 txpow2 += 7; 4115 r4 |= (txpow2 << 7); 4116 } 4117 } else { 4118 /* Set Tx0 power. */ 4119 r3 |= (txpow1 << 9); 4120 4121 /* Set frequency offset and Tx1 power. */ 4122 r4 |= (txpow2 << 6); 4123 } 4124 4125 run_rt2870_rf_write(sc, rfprog[i].r1); 4126 run_rt2870_rf_write(sc, r2); 4127 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4128 run_rt2870_rf_write(sc, r4); 4129 4130 run_delay(sc, 10); 4131 4132 run_rt2870_rf_write(sc, rfprog[i].r1); 4133 run_rt2870_rf_write(sc, r2); 4134 run_rt2870_rf_write(sc, r3 | (1 << 2)); 4135 run_rt2870_rf_write(sc, r4); 4136 4137 run_delay(sc, 10); 4138 4139 run_rt2870_rf_write(sc, rfprog[i].r1); 4140 run_rt2870_rf_write(sc, r2); 4141 run_rt2870_rf_write(sc, r3 & ~(1 << 2)); 4142 run_rt2870_rf_write(sc, r4); 4143 } 4144 4145 static void 4146 run_rt3070_set_chan(struct run_softc *sc, u_int chan) 4147 { 4148 int8_t txpow1, txpow2; 4149 uint8_t rf; 4150 int i; 4151 4152 /* find the settings for this channel (we know it exists) */ 4153 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4154 4155 /* use Tx power values from EEPROM */ 4156 txpow1 = sc->txpow1[i]; 4157 txpow2 = sc->txpow2[i]; 4158 4159 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4160 4161 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */ 4162 run_rt3070_rf_read(sc, 3, &rf); 4163 rf = (rf & ~0x0f) | rt3070_freqs[i].k; 4164 run_rt3070_rf_write(sc, 3, rf); 4165 4166 run_rt3070_rf_read(sc, 6, &rf); 4167 rf = (rf & ~0x03) | rt3070_freqs[i].r; 4168 run_rt3070_rf_write(sc, 6, rf); 4169 4170 /* set Tx0 power */ 4171 run_rt3070_rf_read(sc, 12, &rf); 4172 rf = (rf & ~0x1f) | txpow1; 4173 run_rt3070_rf_write(sc, 12, rf); 4174 4175 /* set Tx1 power */ 4176 run_rt3070_rf_read(sc, 13, &rf); 4177 rf = (rf & ~0x1f) | txpow2; 4178 run_rt3070_rf_write(sc, 13, rf); 4179 4180 run_rt3070_rf_read(sc, 1, &rf); 4181 rf &= ~0xfc; 4182 if (sc->ntxchains == 1) 4183 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4184 else if (sc->ntxchains == 2) 4185 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4186 if (sc->nrxchains == 1) 4187 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4188 else if (sc->nrxchains == 2) 4189 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4190 run_rt3070_rf_write(sc, 1, rf); 4191 4192 /* set RF offset */ 4193 run_rt3070_rf_read(sc, 23, &rf); 4194 rf = (rf & ~0x7f) | sc->freq; 4195 run_rt3070_rf_write(sc, 23, rf); 4196 4197 /* program RF filter */ 4198 run_rt3070_rf_read(sc, 24, &rf); /* Tx */ 4199 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4200 run_rt3070_rf_write(sc, 24, rf); 4201 run_rt3070_rf_read(sc, 31, &rf); /* Rx */ 4202 rf = (rf & ~0x3f) | sc->rf24_20mhz; 4203 run_rt3070_rf_write(sc, 31, rf); 4204 4205 /* enable RF tuning */ 4206 run_rt3070_rf_read(sc, 7, &rf); 4207 run_rt3070_rf_write(sc, 7, rf | 0x01); 4208 } 4209 4210 static void 4211 run_rt3572_set_chan(struct run_softc *sc, u_int chan) 4212 { 4213 int8_t txpow1, txpow2; 4214 uint32_t tmp; 4215 uint8_t rf; 4216 int i; 4217 4218 /* find the settings for this channel (we know it exists) */ 4219 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4220 4221 /* use Tx power values from EEPROM */ 4222 txpow1 = sc->txpow1[i]; 4223 txpow2 = sc->txpow2[i]; 4224 4225 if (chan <= 14) { 4226 run_bbp_write(sc, 25, sc->bbp25); 4227 run_bbp_write(sc, 26, sc->bbp26); 4228 } else { 4229 /* enable IQ phase correction */ 4230 run_bbp_write(sc, 25, 0x09); 4231 run_bbp_write(sc, 26, 0xff); 4232 } 4233 4234 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n); 4235 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k); 4236 run_rt3070_rf_read(sc, 6, &rf); 4237 rf = (rf & ~0x0f) | rt3070_freqs[i].r; 4238 rf |= (chan <= 14) ? 0x08 : 0x04; 4239 run_rt3070_rf_write(sc, 6, rf); 4240 4241 /* set PLL mode */ 4242 run_rt3070_rf_read(sc, 5, &rf); 4243 rf &= ~(0x08 | 0x04); 4244 rf |= (chan <= 14) ? 0x04 : 0x08; 4245 run_rt3070_rf_write(sc, 5, rf); 4246 4247 /* set Tx power for chain 0 */ 4248 if (chan <= 14) 4249 rf = 0x60 | txpow1; 4250 else 4251 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3); 4252 run_rt3070_rf_write(sc, 12, rf); 4253 4254 /* set Tx power for chain 1 */ 4255 if (chan <= 14) 4256 rf = 0x60 | txpow2; 4257 else 4258 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3); 4259 run_rt3070_rf_write(sc, 13, rf); 4260 4261 /* set Tx/Rx streams */ 4262 run_rt3070_rf_read(sc, 1, &rf); 4263 rf &= ~0xfc; 4264 if (sc->ntxchains == 1) 4265 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */ 4266 else if (sc->ntxchains == 2) 4267 rf |= 1 << 7; /* 2T: disable Tx chain 3 */ 4268 if (sc->nrxchains == 1) 4269 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */ 4270 else if (sc->nrxchains == 2) 4271 rf |= 1 << 6; /* 2R: disable Rx chain 3 */ 4272 run_rt3070_rf_write(sc, 1, rf); 4273 4274 /* set RF offset */ 4275 run_rt3070_rf_read(sc, 23, &rf); 4276 rf = (rf & ~0x7f) | sc->freq; 4277 run_rt3070_rf_write(sc, 23, rf); 4278 4279 /* program RF filter */ 4280 rf = sc->rf24_20mhz; 4281 run_rt3070_rf_write(sc, 24, rf); /* Tx */ 4282 run_rt3070_rf_write(sc, 31, rf); /* Rx */ 4283 4284 /* enable RF tuning */ 4285 run_rt3070_rf_read(sc, 7, &rf); 4286 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14); 4287 run_rt3070_rf_write(sc, 7, rf); 4288 4289 /* TSSI */ 4290 rf = (chan <= 14) ? 0xc3 : 0xc0; 4291 run_rt3070_rf_write(sc, 9, rf); 4292 4293 /* set loop filter 1 */ 4294 run_rt3070_rf_write(sc, 10, 0xf1); 4295 /* set loop filter 2 */ 4296 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00); 4297 4298 /* set tx_mx2_ic */ 4299 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43); 4300 /* set tx_mx1_ic */ 4301 if (chan <= 14) 4302 rf = 0x48 | sc->txmixgain_2ghz; 4303 else 4304 rf = 0x78 | sc->txmixgain_5ghz; 4305 run_rt3070_rf_write(sc, 16, rf); 4306 4307 /* set tx_lo1 */ 4308 run_rt3070_rf_write(sc, 17, 0x23); 4309 /* set tx_lo2 */ 4310 if (chan <= 14) 4311 rf = 0x93; 4312 else if (chan <= 64) 4313 rf = 0xb7; 4314 else if (chan <= 128) 4315 rf = 0x74; 4316 else 4317 rf = 0x72; 4318 run_rt3070_rf_write(sc, 19, rf); 4319 4320 /* set rx_lo1 */ 4321 if (chan <= 14) 4322 rf = 0xb3; 4323 else if (chan <= 64) 4324 rf = 0xf6; 4325 else if (chan <= 128) 4326 rf = 0xf4; 4327 else 4328 rf = 0xf3; 4329 run_rt3070_rf_write(sc, 20, rf); 4330 4331 /* set pfd_delay */ 4332 if (chan <= 14) 4333 rf = 0x15; 4334 else if (chan <= 64) 4335 rf = 0x3d; 4336 else 4337 rf = 0x01; 4338 run_rt3070_rf_write(sc, 25, rf); 4339 4340 /* set rx_lo2 */ 4341 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87); 4342 /* set ldo_rf_vc */ 4343 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01); 4344 /* set drv_cc */ 4345 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f); 4346 4347 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4348 tmp &= ~0x8080; 4349 if (chan <= 14) 4350 tmp |= 0x80; 4351 run_write(sc, RT2860_GPIO_CTRL, tmp); 4352 4353 /* enable RF tuning */ 4354 run_rt3070_rf_read(sc, 7, &rf); 4355 run_rt3070_rf_write(sc, 7, rf | 0x01); 4356 4357 run_delay(sc, 2); 4358 } 4359 4360 static void 4361 run_rt3593_set_chan(struct run_softc *sc, u_int chan) 4362 { 4363 int8_t txpow1, txpow2, txpow3; 4364 uint8_t h20mhz, rf; 4365 int i; 4366 4367 /* find the settings for this channel (we know it exists) */ 4368 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4369 4370 /* use Tx power values from EEPROM */ 4371 txpow1 = sc->txpow1[i]; 4372 txpow2 = sc->txpow2[i]; 4373 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0; 4374 4375 if (chan <= 14) { 4376 run_bbp_write(sc, 25, sc->bbp25); 4377 run_bbp_write(sc, 26, sc->bbp26); 4378 } else { 4379 /* Enable IQ phase correction. */ 4380 run_bbp_write(sc, 25, 0x09); 4381 run_bbp_write(sc, 26, 0xff); 4382 } 4383 4384 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4385 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4386 run_rt3070_rf_read(sc, 11, &rf); 4387 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4388 run_rt3070_rf_write(sc, 11, rf); 4389 4390 /* Set pll_idoh. */ 4391 run_rt3070_rf_read(sc, 11, &rf); 4392 rf &= ~0x4c; 4393 rf |= (chan <= 14) ? 0x44 : 0x48; 4394 run_rt3070_rf_write(sc, 11, rf); 4395 4396 if (chan <= 14) 4397 rf = txpow1 & 0x1f; 4398 else 4399 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07); 4400 run_rt3070_rf_write(sc, 53, rf); 4401 4402 if (chan <= 14) 4403 rf = txpow2 & 0x1f; 4404 else 4405 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07); 4406 run_rt3070_rf_write(sc, 55, rf); 4407 4408 if (chan <= 14) 4409 rf = txpow3 & 0x1f; 4410 else 4411 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07); 4412 run_rt3070_rf_write(sc, 54, rf); 4413 4414 rf = RT3070_RF_BLOCK | RT3070_PLL_PD; 4415 if (sc->ntxchains == 3) 4416 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD; 4417 else 4418 rf |= RT3070_TX0_PD | RT3070_TX1_PD; 4419 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD; 4420 run_rt3070_rf_write(sc, 1, rf); 4421 4422 run_adjust_freq_offset(sc); 4423 4424 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80); 4425 4426 h20mhz = (sc->rf24_20mhz & 0x20) >> 5; 4427 run_rt3070_rf_read(sc, 30, &rf); 4428 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2); 4429 run_rt3070_rf_write(sc, 30, rf); 4430 4431 run_rt3070_rf_read(sc, 36, &rf); 4432 if (chan <= 14) 4433 rf |= 0x80; 4434 else 4435 rf &= ~0x80; 4436 run_rt3070_rf_write(sc, 36, rf); 4437 4438 /* Set vcolo_bs. */ 4439 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20); 4440 /* Set pfd_delay. */ 4441 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12); 4442 4443 /* Set vco bias current control. */ 4444 run_rt3070_rf_read(sc, 6, &rf); 4445 rf &= ~0xc0; 4446 if (chan <= 14) 4447 rf |= 0x40; 4448 else if (chan <= 128) 4449 rf |= 0x80; 4450 else 4451 rf |= 0x40; 4452 run_rt3070_rf_write(sc, 6, rf); 4453 4454 run_rt3070_rf_read(sc, 30, &rf); 4455 rf = (rf & ~0x18) | 0x10; 4456 run_rt3070_rf_write(sc, 30, rf); 4457 4458 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8); 4459 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23); 4460 4461 run_rt3070_rf_read(sc, 51, &rf); 4462 rf = (rf & ~0x03) | 0x01; 4463 run_rt3070_rf_write(sc, 51, rf); 4464 /* Set tx_mx1_cc. */ 4465 run_rt3070_rf_read(sc, 51, &rf); 4466 rf &= ~0x1c; 4467 rf |= (chan <= 14) ? 0x14 : 0x10; 4468 run_rt3070_rf_write(sc, 51, rf); 4469 /* Set tx_mx1_ic. */ 4470 run_rt3070_rf_read(sc, 51, &rf); 4471 rf &= ~0xe0; 4472 rf |= (chan <= 14) ? 0x60 : 0x40; 4473 run_rt3070_rf_write(sc, 51, rf); 4474 /* Set tx_lo1_ic. */ 4475 run_rt3070_rf_read(sc, 49, &rf); 4476 rf &= ~0x1c; 4477 rf |= (chan <= 14) ? 0x0c : 0x08; 4478 run_rt3070_rf_write(sc, 49, rf); 4479 /* Set tx_lo1_en. */ 4480 run_rt3070_rf_read(sc, 50, &rf); 4481 run_rt3070_rf_write(sc, 50, rf & ~0x20); 4482 /* Set drv_cc. */ 4483 run_rt3070_rf_read(sc, 57, &rf); 4484 rf &= ~0xfc; 4485 rf |= (chan <= 14) ? 0x6c : 0x3c; 4486 run_rt3070_rf_write(sc, 57, rf); 4487 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */ 4488 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b); 4489 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */ 4490 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05); 4491 /* Enable VCO calibration. */ 4492 run_rt3070_rf_read(sc, 3, &rf); 4493 rf &= ~RT5390_VCOCAL; 4494 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe; 4495 run_rt3070_rf_write(sc, 3, rf); 4496 4497 if (chan <= 14) 4498 rf = 0x23; 4499 else if (chan <= 64) 4500 rf = 0x36; 4501 else if (chan <= 128) 4502 rf = 0x32; 4503 else 4504 rf = 0x30; 4505 run_rt3070_rf_write(sc, 39, rf); 4506 if (chan <= 14) 4507 rf = 0xbb; 4508 else if (chan <= 64) 4509 rf = 0xeb; 4510 else if (chan <= 128) 4511 rf = 0xb3; 4512 else 4513 rf = 0x9b; 4514 run_rt3070_rf_write(sc, 45, rf); 4515 4516 /* Set FEQ/AEQ control. */ 4517 run_bbp_write(sc, 105, 0x34); 4518 } 4519 4520 static void 4521 run_rt5390_set_chan(struct run_softc *sc, u_int chan) 4522 { 4523 int8_t txpow1, txpow2; 4524 uint8_t rf; 4525 int i; 4526 4527 /* find the settings for this channel (we know it exists) */ 4528 for (i = 0; rt2860_rf2850[i].chan != chan; i++); 4529 4530 /* use Tx power values from EEPROM */ 4531 txpow1 = sc->txpow1[i]; 4532 txpow2 = sc->txpow2[i]; 4533 4534 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n); 4535 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f); 4536 run_rt3070_rf_read(sc, 11, &rf); 4537 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03); 4538 run_rt3070_rf_write(sc, 11, rf); 4539 4540 run_rt3070_rf_read(sc, 49, &rf); 4541 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4542 /* The valid range of the RF R49 is 0x00 to 0x27. */ 4543 if ((rf & 0x3f) > 0x27) 4544 rf = (rf & ~0x3f) | 0x27; 4545 run_rt3070_rf_write(sc, 49, rf); 4546 4547 if (sc->mac_ver == 0x5392) { 4548 run_rt3070_rf_read(sc, 50, &rf); 4549 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4550 /* The valid range of the RF R50 is 0x00 to 0x27. */ 4551 if ((rf & 0x3f) > 0x27) 4552 rf = (rf & ~0x3f) | 0x27; 4553 run_rt3070_rf_write(sc, 50, rf); 4554 } 4555 4556 run_rt3070_rf_read(sc, 1, &rf); 4557 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD; 4558 if (sc->mac_ver == 0x5392) 4559 rf |= RT3070_RX1_PD | RT3070_TX1_PD; 4560 run_rt3070_rf_write(sc, 1, rf); 4561 4562 if (sc->mac_ver != 0x5392) { 4563 run_rt3070_rf_read(sc, 2, &rf); 4564 rf |= 0x80; 4565 run_rt3070_rf_write(sc, 2, rf); 4566 run_delay(sc, 10); 4567 rf &= 0x7f; 4568 run_rt3070_rf_write(sc, 2, rf); 4569 } 4570 4571 run_adjust_freq_offset(sc); 4572 4573 if (sc->mac_ver == 0x5392) { 4574 /* Fix for RT5392C. */ 4575 if (sc->mac_rev >= 0x0223) { 4576 if (chan <= 4) 4577 rf = 0x0f; 4578 else if (chan >= 5 && chan <= 7) 4579 rf = 0x0e; 4580 else 4581 rf = 0x0d; 4582 run_rt3070_rf_write(sc, 23, rf); 4583 4584 if (chan <= 4) 4585 rf = 0x0c; 4586 else if (chan == 5) 4587 rf = 0x0b; 4588 else if (chan >= 6 && chan <= 7) 4589 rf = 0x0a; 4590 else if (chan >= 8 && chan <= 10) 4591 rf = 0x09; 4592 else 4593 rf = 0x08; 4594 run_rt3070_rf_write(sc, 59, rf); 4595 } else { 4596 if (chan <= 11) 4597 rf = 0x0f; 4598 else 4599 rf = 0x0b; 4600 run_rt3070_rf_write(sc, 59, rf); 4601 } 4602 } else { 4603 /* Fix for RT5390F. */ 4604 if (sc->mac_rev >= 0x0502) { 4605 if (chan <= 11) 4606 rf = 0x43; 4607 else 4608 rf = 0x23; 4609 run_rt3070_rf_write(sc, 55, rf); 4610 4611 if (chan <= 11) 4612 rf = 0x0f; 4613 else if (chan == 12) 4614 rf = 0x0d; 4615 else 4616 rf = 0x0b; 4617 run_rt3070_rf_write(sc, 59, rf); 4618 } else { 4619 run_rt3070_rf_write(sc, 55, 0x44); 4620 run_rt3070_rf_write(sc, 59, 0x8f); 4621 } 4622 } 4623 4624 /* Enable VCO calibration. */ 4625 run_rt3070_rf_read(sc, 3, &rf); 4626 rf |= RT5390_VCOCAL; 4627 run_rt3070_rf_write(sc, 3, rf); 4628 } 4629 4630 static void 4631 run_rt5592_set_chan(struct run_softc *sc, u_int chan) 4632 { 4633 const struct rt5592_freqs *freqs; 4634 uint32_t tmp; 4635 uint8_t reg, rf, txpow_bound; 4636 int8_t txpow1, txpow2; 4637 int i; 4638 4639 run_read(sc, RT5592_DEBUG_INDEX, &tmp); 4640 freqs = (tmp & RT5592_SEL_XTAL) ? 4641 rt5592_freqs_40mhz : rt5592_freqs_20mhz; 4642 4643 /* find the settings for this channel (we know it exists) */ 4644 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++); 4645 4646 /* use Tx power values from EEPROM */ 4647 txpow1 = sc->txpow1[i]; 4648 txpow2 = sc->txpow2[i]; 4649 4650 run_read(sc, RT3070_LDO_CFG0, &tmp); 4651 tmp &= ~0x1c000000; 4652 if (chan > 14) 4653 tmp |= 0x14000000; 4654 run_write(sc, RT3070_LDO_CFG0, tmp); 4655 4656 /* N setting. */ 4657 run_rt3070_rf_write(sc, 8, freqs->n & 0xff); 4658 run_rt3070_rf_read(sc, 9, &rf); 4659 rf &= ~(1 << 4); 4660 rf |= ((freqs->n & 0x0100) >> 8) << 4; 4661 run_rt3070_rf_write(sc, 9, rf); 4662 4663 /* K setting. */ 4664 run_rt3070_rf_read(sc, 9, &rf); 4665 rf &= ~0x0f; 4666 rf |= (freqs->k & 0x0f); 4667 run_rt3070_rf_write(sc, 9, rf); 4668 4669 /* Mode setting. */ 4670 run_rt3070_rf_read(sc, 11, &rf); 4671 rf &= ~0x0c; 4672 rf |= ((freqs->m - 0x8) & 0x3) << 2; 4673 run_rt3070_rf_write(sc, 11, rf); 4674 run_rt3070_rf_read(sc, 9, &rf); 4675 rf &= ~(1 << 7); 4676 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7; 4677 run_rt3070_rf_write(sc, 9, rf); 4678 4679 /* R setting. */ 4680 run_rt3070_rf_read(sc, 11, &rf); 4681 rf &= ~0x03; 4682 rf |= (freqs->r - 0x1); 4683 run_rt3070_rf_write(sc, 11, rf); 4684 4685 if (chan <= 14) { 4686 /* Initialize RF registers for 2GHZ. */ 4687 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) { 4688 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg, 4689 rt5592_2ghz_def_rf[i].val); 4690 } 4691 4692 rf = (chan <= 10) ? 0x07 : 0x06; 4693 run_rt3070_rf_write(sc, 23, rf); 4694 run_rt3070_rf_write(sc, 59, rf); 4695 4696 run_rt3070_rf_write(sc, 55, 0x43); 4697 4698 /* 4699 * RF R49/R50 Tx power ALC code. 4700 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27. 4701 */ 4702 reg = 2; 4703 txpow_bound = 0x27; 4704 } else { 4705 /* Initialize RF registers for 5GHZ. */ 4706 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) { 4707 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg, 4708 rt5592_5ghz_def_rf[i].val); 4709 } 4710 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) { 4711 if (chan >= rt5592_chan_5ghz[i].firstchan && 4712 chan <= rt5592_chan_5ghz[i].lastchan) { 4713 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg, 4714 rt5592_chan_5ghz[i].val); 4715 } 4716 } 4717 4718 /* 4719 * RF R49/R50 Tx power ALC code. 4720 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b. 4721 */ 4722 reg = 3; 4723 txpow_bound = 0x2b; 4724 } 4725 4726 /* RF R49 ch0 Tx power ALC code. */ 4727 run_rt3070_rf_read(sc, 49, &rf); 4728 rf &= ~0xc0; 4729 rf |= (reg << 6); 4730 rf = (rf & ~0x3f) | (txpow1 & 0x3f); 4731 if ((rf & 0x3f) > txpow_bound) 4732 rf = (rf & ~0x3f) | txpow_bound; 4733 run_rt3070_rf_write(sc, 49, rf); 4734 4735 /* RF R50 ch1 Tx power ALC code. */ 4736 run_rt3070_rf_read(sc, 50, &rf); 4737 rf &= ~(1 << 7 | 1 << 6); 4738 rf |= (reg << 6); 4739 rf = (rf & ~0x3f) | (txpow2 & 0x3f); 4740 if ((rf & 0x3f) > txpow_bound) 4741 rf = (rf & ~0x3f) | txpow_bound; 4742 run_rt3070_rf_write(sc, 50, rf); 4743 4744 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */ 4745 run_rt3070_rf_read(sc, 1, &rf); 4746 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD); 4747 if (sc->ntxchains > 1) 4748 rf |= RT3070_TX1_PD; 4749 if (sc->nrxchains > 1) 4750 rf |= RT3070_RX1_PD; 4751 run_rt3070_rf_write(sc, 1, rf); 4752 4753 run_rt3070_rf_write(sc, 6, 0xe4); 4754 4755 run_rt3070_rf_write(sc, 30, 0x10); 4756 run_rt3070_rf_write(sc, 31, 0x80); 4757 run_rt3070_rf_write(sc, 32, 0x80); 4758 4759 run_adjust_freq_offset(sc); 4760 4761 /* Enable VCO calibration. */ 4762 run_rt3070_rf_read(sc, 3, &rf); 4763 rf |= RT5390_VCOCAL; 4764 run_rt3070_rf_write(sc, 3, rf); 4765 } 4766 4767 static void 4768 run_set_rx_antenna(struct run_softc *sc, int aux) 4769 { 4770 uint32_t tmp; 4771 uint8_t bbp152; 4772 4773 if (aux) { 4774 if (sc->rf_rev == RT5390_RF_5370) { 4775 run_bbp_read(sc, 152, &bbp152); 4776 run_bbp_write(sc, 152, bbp152 & ~0x80); 4777 } else { 4778 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0); 4779 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4780 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08); 4781 } 4782 } else { 4783 if (sc->rf_rev == RT5390_RF_5370) { 4784 run_bbp_read(sc, 152, &bbp152); 4785 run_bbp_write(sc, 152, bbp152 | 0x80); 4786 } else { 4787 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1); 4788 run_read(sc, RT2860_GPIO_CTRL, &tmp); 4789 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808); 4790 } 4791 } 4792 } 4793 4794 static int 4795 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c) 4796 { 4797 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 4798 u_int chan, group; 4799 4800 chan = ieee80211_chan2ieee(ic, c); 4801 if (chan == 0 || chan == IEEE80211_CHAN_ANY) 4802 return (EINVAL); 4803 4804 if (sc->mac_ver == 0x5592) 4805 run_rt5592_set_chan(sc, chan); 4806 else if (sc->mac_ver >= 0x5390) 4807 run_rt5390_set_chan(sc, chan); 4808 else if (sc->mac_ver == 0x3593) 4809 run_rt3593_set_chan(sc, chan); 4810 else if (sc->mac_ver == 0x3572) 4811 run_rt3572_set_chan(sc, chan); 4812 else if (sc->mac_ver >= 0x3070) 4813 run_rt3070_set_chan(sc, chan); 4814 else 4815 run_rt2870_set_chan(sc, chan); 4816 4817 /* determine channel group */ 4818 if (chan <= 14) 4819 group = 0; 4820 else if (chan <= 64) 4821 group = 1; 4822 else if (chan <= 128) 4823 group = 2; 4824 else 4825 group = 3; 4826 4827 /* XXX necessary only when group has changed! */ 4828 run_select_chan_group(sc, group); 4829 4830 run_delay(sc, 10); 4831 4832 /* Perform IQ calibration. */ 4833 if (sc->mac_ver >= 0x5392) 4834 run_iq_calib(sc, chan); 4835 4836 return (0); 4837 } 4838 4839 static void 4840 run_set_channel(struct ieee80211com *ic) 4841 { 4842 struct run_softc *sc = ic->ic_ifp->if_softc; 4843 4844 RUN_LOCK(sc); 4845 run_set_chan(sc, ic->ic_curchan); 4846 RUN_UNLOCK(sc); 4847 4848 return; 4849 } 4850 4851 static void 4852 run_scan_start(struct ieee80211com *ic) 4853 { 4854 struct run_softc *sc = ic->ic_ifp->if_softc; 4855 uint32_t tmp; 4856 4857 RUN_LOCK(sc); 4858 4859 /* abort TSF synchronization */ 4860 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 4861 run_write(sc, RT2860_BCN_TIME_CFG, 4862 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 4863 RT2860_TBTT_TIMER_EN)); 4864 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr); 4865 4866 RUN_UNLOCK(sc); 4867 4868 return; 4869 } 4870 4871 static void 4872 run_scan_end(struct ieee80211com *ic) 4873 { 4874 struct run_softc *sc = ic->ic_ifp->if_softc; 4875 4876 RUN_LOCK(sc); 4877 4878 run_enable_tsf_sync(sc); 4879 /* XXX keep local copy */ 4880 run_set_bssid(sc, sc->sc_bssid); 4881 4882 RUN_UNLOCK(sc); 4883 4884 return; 4885 } 4886 4887 /* 4888 * Could be called from ieee80211_node_timeout() 4889 * (non-sleepable thread) 4890 */ 4891 static void 4892 run_update_beacon(struct ieee80211vap *vap, int item) 4893 { 4894 struct ieee80211com *ic = vap->iv_ic; 4895 struct run_softc *sc = ic->ic_ifp->if_softc; 4896 struct run_vap *rvp = RUN_VAP(vap); 4897 int mcast = 0; 4898 uint32_t i; 4899 4900 KASSERT(vap != NULL, ("no beacon")); 4901 4902 switch (item) { 4903 case IEEE80211_BEACON_ERP: 4904 run_updateslot(ic->ic_ifp); 4905 break; 4906 case IEEE80211_BEACON_HTINFO: 4907 run_updateprot(ic); 4908 break; 4909 case IEEE80211_BEACON_TIM: 4910 mcast = 1; /*TODO*/ 4911 break; 4912 default: 4913 break; 4914 } 4915 4916 setbit(rvp->bo.bo_flags, item); 4917 if (rvp->beacon_mbuf == NULL) { 4918 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4919 &rvp->bo); 4920 if (rvp->beacon_mbuf == NULL) 4921 return; 4922 } 4923 ieee80211_beacon_update(vap->iv_bss, &rvp->bo, rvp->beacon_mbuf, mcast); 4924 4925 i = RUN_CMDQ_GET(&sc->cmdq_store); 4926 DPRINTF("cmdq_store=%d\n", i); 4927 sc->cmdq[i].func = run_update_beacon_cb; 4928 sc->cmdq[i].arg0 = vap; 4929 ieee80211_runtask(ic, &sc->cmdq_task); 4930 4931 return; 4932 } 4933 4934 static void 4935 run_update_beacon_cb(void *arg) 4936 { 4937 struct ieee80211vap *vap = arg; 4938 struct run_vap *rvp = RUN_VAP(vap); 4939 struct ieee80211com *ic = vap->iv_ic; 4940 struct run_softc *sc = ic->ic_ifp->if_softc; 4941 struct rt2860_txwi txwi; 4942 struct mbuf *m; 4943 uint16_t txwisize; 4944 uint8_t ridx; 4945 4946 if (vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC) 4947 return; 4948 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) 4949 return; 4950 4951 /* 4952 * No need to call ieee80211_beacon_update(), run_update_beacon() 4953 * is taking care of apropriate calls. 4954 */ 4955 if (rvp->beacon_mbuf == NULL) { 4956 rvp->beacon_mbuf = ieee80211_beacon_alloc(vap->iv_bss, 4957 &rvp->bo); 4958 if (rvp->beacon_mbuf == NULL) 4959 return; 4960 } 4961 m = rvp->beacon_mbuf; 4962 4963 memset(&txwi, 0, sizeof(txwi)); 4964 txwi.wcid = 0xff; 4965 txwi.len = htole16(m->m_pkthdr.len); 4966 4967 /* send beacons at the lowest available rate */ 4968 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ? 4969 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1; 4970 txwi.phy = htole16(rt2860_rates[ridx].mcs); 4971 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) 4972 txwi.phy |= htole16(RT2860_PHY_OFDM); 4973 txwi.txop = RT2860_TX_TXOP_HT; 4974 txwi.flags = RT2860_TX_TS; 4975 txwi.xflags = RT2860_TX_NSEQ; 4976 4977 txwisize = (sc->mac_ver == 0x5592) ? 4978 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi); 4979 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi, 4980 txwisize); 4981 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize, 4982 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); 4983 } 4984 4985 static void 4986 run_updateprot(struct ieee80211com *ic) 4987 { 4988 struct run_softc *sc = ic->ic_ifp->if_softc; 4989 uint32_t i; 4990 4991 i = RUN_CMDQ_GET(&sc->cmdq_store); 4992 DPRINTF("cmdq_store=%d\n", i); 4993 sc->cmdq[i].func = run_updateprot_cb; 4994 sc->cmdq[i].arg0 = ic; 4995 ieee80211_runtask(ic, &sc->cmdq_task); 4996 } 4997 4998 static void 4999 run_updateprot_cb(void *arg) 5000 { 5001 struct ieee80211com *ic = arg; 5002 struct run_softc *sc = ic->ic_ifp->if_softc; 5003 uint32_t tmp; 5004 5005 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL; 5006 /* setup protection frame rate (MCS code) */ 5007 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ? 5008 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM : 5009 rt2860_rates[RT2860_RIDX_CCK11].mcs; 5010 5011 /* CCK frames don't require protection */ 5012 run_write(sc, RT2860_CCK_PROT_CFG, tmp); 5013 if (ic->ic_flags & IEEE80211_F_USEPROT) { 5014 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) 5015 tmp |= RT2860_PROT_CTRL_RTS_CTS; 5016 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) 5017 tmp |= RT2860_PROT_CTRL_CTS; 5018 } 5019 run_write(sc, RT2860_OFDM_PROT_CFG, tmp); 5020 } 5021 5022 static void 5023 run_usb_timeout_cb(void *arg) 5024 { 5025 struct ieee80211vap *vap = arg; 5026 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc; 5027 5028 RUN_LOCK_ASSERT(sc, MA_OWNED); 5029 5030 if(vap->iv_state == IEEE80211_S_RUN && 5031 vap->iv_opmode != IEEE80211_M_STA) 5032 run_reset_livelock(sc); 5033 else if (vap->iv_state == IEEE80211_S_SCAN) { 5034 DPRINTF("timeout caused by scan\n"); 5035 /* cancel bgscan */ 5036 ieee80211_cancel_scan(vap); 5037 } else 5038 DPRINTF("timeout by unknown cause\n"); 5039 } 5040 5041 static void 5042 run_reset_livelock(struct run_softc *sc) 5043 { 5044 uint32_t tmp; 5045 5046 RUN_LOCK_ASSERT(sc, MA_OWNED); 5047 5048 /* 5049 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC 5050 * can run into a livelock and start sending CTS-to-self frames like 5051 * crazy if protection is enabled. Reset MAC/BBP for a while 5052 */ 5053 run_read(sc, RT2860_DEBUG, &tmp); 5054 DPRINTFN(3, "debug reg %08x\n", tmp); 5055 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) { 5056 DPRINTF("CTS-to-self livelock detected\n"); 5057 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST); 5058 run_delay(sc, 1); 5059 run_write(sc, RT2860_MAC_SYS_CTRL, 5060 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5061 } 5062 } 5063 5064 static void 5065 run_update_promisc_locked(struct ifnet *ifp) 5066 { 5067 struct run_softc *sc = ifp->if_softc; 5068 uint32_t tmp; 5069 5070 run_read(sc, RT2860_RX_FILTR_CFG, &tmp); 5071 5072 tmp |= RT2860_DROP_UC_NOME; 5073 if (ifp->if_flags & IFF_PROMISC) 5074 tmp &= ~RT2860_DROP_UC_NOME; 5075 5076 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5077 5078 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ? 5079 "entering" : "leaving"); 5080 } 5081 5082 static void 5083 run_update_promisc(struct ifnet *ifp) 5084 { 5085 struct run_softc *sc = ifp->if_softc; 5086 5087 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) 5088 return; 5089 5090 RUN_LOCK(sc); 5091 run_update_promisc_locked(ifp); 5092 RUN_UNLOCK(sc); 5093 } 5094 5095 static void 5096 run_enable_tsf_sync(struct run_softc *sc) 5097 { 5098 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5099 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 5100 uint32_t tmp; 5101 5102 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, 5103 ic->ic_opmode); 5104 5105 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 5106 tmp &= ~0x1fffff; 5107 tmp |= vap->iv_bss->ni_intval * 16; 5108 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN; 5109 5110 if (ic->ic_opmode == IEEE80211_M_STA) { 5111 /* 5112 * Local TSF is always updated with remote TSF on beacon 5113 * reception. 5114 */ 5115 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT; 5116 } else if (ic->ic_opmode == IEEE80211_M_IBSS) { 5117 tmp |= RT2860_BCN_TX_EN; 5118 /* 5119 * Local TSF is updated with remote TSF on beacon reception 5120 * only if the remote TSF is greater than local TSF. 5121 */ 5122 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT; 5123 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP || 5124 ic->ic_opmode == IEEE80211_M_MBSS) { 5125 tmp |= RT2860_BCN_TX_EN; 5126 /* SYNC with nobody */ 5127 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT; 5128 } else { 5129 DPRINTF("Enabling TSF failed. undefined opmode\n"); 5130 return; 5131 } 5132 5133 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 5134 } 5135 5136 static void 5137 run_enable_mrr(struct run_softc *sc) 5138 { 5139 #define CCK(mcs) (mcs) 5140 #define OFDM(mcs) (1 << 3 | (mcs)) 5141 run_write(sc, RT2860_LG_FBK_CFG0, 5142 OFDM(6) << 28 | /* 54->48 */ 5143 OFDM(5) << 24 | /* 48->36 */ 5144 OFDM(4) << 20 | /* 36->24 */ 5145 OFDM(3) << 16 | /* 24->18 */ 5146 OFDM(2) << 12 | /* 18->12 */ 5147 OFDM(1) << 8 | /* 12-> 9 */ 5148 OFDM(0) << 4 | /* 9-> 6 */ 5149 OFDM(0)); /* 6-> 6 */ 5150 5151 run_write(sc, RT2860_LG_FBK_CFG1, 5152 CCK(2) << 12 | /* 11->5.5 */ 5153 CCK(1) << 8 | /* 5.5-> 2 */ 5154 CCK(0) << 4 | /* 2-> 1 */ 5155 CCK(0)); /* 1-> 1 */ 5156 #undef OFDM 5157 #undef CCK 5158 } 5159 5160 static void 5161 run_set_txpreamble(struct run_softc *sc) 5162 { 5163 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5164 uint32_t tmp; 5165 5166 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp); 5167 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE) 5168 tmp |= RT2860_CCK_SHORT_EN; 5169 else 5170 tmp &= ~RT2860_CCK_SHORT_EN; 5171 run_write(sc, RT2860_AUTO_RSP_CFG, tmp); 5172 } 5173 5174 static void 5175 run_set_basicrates(struct run_softc *sc) 5176 { 5177 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5178 5179 /* set basic rates mask */ 5180 if (ic->ic_curmode == IEEE80211_MODE_11B) 5181 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003); 5182 else if (ic->ic_curmode == IEEE80211_MODE_11A) 5183 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150); 5184 else /* 11g */ 5185 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f); 5186 } 5187 5188 static void 5189 run_set_leds(struct run_softc *sc, uint16_t which) 5190 { 5191 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS, 5192 which | (sc->leds & 0x7f)); 5193 } 5194 5195 static void 5196 run_set_bssid(struct run_softc *sc, const uint8_t *bssid) 5197 { 5198 run_write(sc, RT2860_MAC_BSSID_DW0, 5199 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24); 5200 run_write(sc, RT2860_MAC_BSSID_DW1, 5201 bssid[4] | bssid[5] << 8); 5202 } 5203 5204 static void 5205 run_set_macaddr(struct run_softc *sc, const uint8_t *addr) 5206 { 5207 run_write(sc, RT2860_MAC_ADDR_DW0, 5208 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24); 5209 run_write(sc, RT2860_MAC_ADDR_DW1, 5210 addr[4] | addr[5] << 8 | 0xff << 16); 5211 } 5212 5213 static void 5214 run_updateslot(struct ifnet *ifp) 5215 { 5216 struct run_softc *sc = ifp->if_softc; 5217 struct ieee80211com *ic = ifp->if_l2com; 5218 uint32_t i; 5219 5220 i = RUN_CMDQ_GET(&sc->cmdq_store); 5221 DPRINTF("cmdq_store=%d\n", i); 5222 sc->cmdq[i].func = run_updateslot_cb; 5223 sc->cmdq[i].arg0 = ifp; 5224 ieee80211_runtask(ic, &sc->cmdq_task); 5225 5226 return; 5227 } 5228 5229 /* ARGSUSED */ 5230 static void 5231 run_updateslot_cb(void *arg) 5232 { 5233 struct ifnet *ifp = arg; 5234 struct run_softc *sc = ifp->if_softc; 5235 struct ieee80211com *ic = ifp->if_l2com; 5236 uint32_t tmp; 5237 5238 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp); 5239 tmp &= ~0xff; 5240 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20; 5241 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp); 5242 } 5243 5244 static void 5245 run_update_mcast(struct ifnet *ifp) 5246 { 5247 /* h/w filter supports getting everything or nothing */ 5248 ifp->if_flags |= IFF_ALLMULTI; 5249 } 5250 5251 static int8_t 5252 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain) 5253 { 5254 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5255 struct ieee80211_channel *c = ic->ic_curchan; 5256 int delta; 5257 5258 if (IEEE80211_IS_CHAN_5GHZ(c)) { 5259 u_int chan = ieee80211_chan2ieee(ic, c); 5260 delta = sc->rssi_5ghz[rxchain]; 5261 5262 /* determine channel group */ 5263 if (chan <= 64) 5264 delta -= sc->lna[1]; 5265 else if (chan <= 128) 5266 delta -= sc->lna[2]; 5267 else 5268 delta -= sc->lna[3]; 5269 } else 5270 delta = sc->rssi_2ghz[rxchain] - sc->lna[0]; 5271 5272 return (-12 - delta - rssi); 5273 } 5274 5275 static void 5276 run_rt5390_bbp_init(struct run_softc *sc) 5277 { 5278 int i; 5279 uint8_t bbp; 5280 5281 /* Apply maximum likelihood detection for 2 stream case. */ 5282 run_bbp_read(sc, 105, &bbp); 5283 if (sc->nrxchains > 1) 5284 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5285 5286 /* Avoid data lost and CRC error. */ 5287 run_bbp_read(sc, 4, &bbp); 5288 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5289 5290 if (sc->mac_ver == 0x5592) { 5291 for (i = 0; i < nitems(rt5592_def_bbp); i++) { 5292 run_bbp_write(sc, rt5592_def_bbp[i].reg, 5293 rt5592_def_bbp[i].val); 5294 } 5295 for (i = 0; i < nitems(rt5592_bbp_r196); i++) { 5296 run_bbp_write(sc, 195, i + 0x80); 5297 run_bbp_write(sc, 196, rt5592_bbp_r196[i]); 5298 } 5299 } else { 5300 for (i = 0; i < nitems(rt5390_def_bbp); i++) { 5301 run_bbp_write(sc, rt5390_def_bbp[i].reg, 5302 rt5390_def_bbp[i].val); 5303 } 5304 } 5305 if (sc->mac_ver == 0x5392) { 5306 run_bbp_write(sc, 88, 0x90); 5307 run_bbp_write(sc, 95, 0x9a); 5308 run_bbp_write(sc, 98, 0x12); 5309 run_bbp_write(sc, 106, 0x12); 5310 run_bbp_write(sc, 134, 0xd0); 5311 run_bbp_write(sc, 135, 0xf6); 5312 run_bbp_write(sc, 148, 0x84); 5313 } 5314 5315 run_bbp_read(sc, 152, &bbp); 5316 run_bbp_write(sc, 152, bbp | 0x80); 5317 5318 /* Fix BBP254 for RT5592C. */ 5319 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) { 5320 run_bbp_read(sc, 254, &bbp); 5321 run_bbp_write(sc, 254, bbp | 0x80); 5322 } 5323 5324 /* Disable hardware antenna diversity. */ 5325 if (sc->mac_ver == 0x5390) 5326 run_bbp_write(sc, 154, 0); 5327 5328 /* Initialize Rx CCK/OFDM frequency offset report. */ 5329 run_bbp_write(sc, 142, 1); 5330 run_bbp_write(sc, 143, 57); 5331 } 5332 5333 static int 5334 run_bbp_init(struct run_softc *sc) 5335 { 5336 int i, error, ntries; 5337 uint8_t bbp0; 5338 5339 /* wait for BBP to wake up */ 5340 for (ntries = 0; ntries < 20; ntries++) { 5341 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0) 5342 return error; 5343 if (bbp0 != 0 && bbp0 != 0xff) 5344 break; 5345 } 5346 if (ntries == 20) 5347 return (ETIMEDOUT); 5348 5349 /* initialize BBP registers to default values */ 5350 if (sc->mac_ver >= 0x5390) 5351 run_rt5390_bbp_init(sc); 5352 else { 5353 for (i = 0; i < nitems(rt2860_def_bbp); i++) { 5354 run_bbp_write(sc, rt2860_def_bbp[i].reg, 5355 rt2860_def_bbp[i].val); 5356 } 5357 } 5358 5359 if (sc->mac_ver == 0x3593) { 5360 run_bbp_write(sc, 79, 0x13); 5361 run_bbp_write(sc, 80, 0x05); 5362 run_bbp_write(sc, 81, 0x33); 5363 run_bbp_write(sc, 86, 0x46); 5364 run_bbp_write(sc, 137, 0x0f); 5365 } 5366 5367 /* fix BBP84 for RT2860E */ 5368 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101) 5369 run_bbp_write(sc, 84, 0x19); 5370 5371 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 && 5372 sc->mac_ver != 0x5592)) { 5373 run_bbp_write(sc, 79, 0x13); 5374 run_bbp_write(sc, 80, 0x05); 5375 run_bbp_write(sc, 81, 0x33); 5376 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) { 5377 run_bbp_write(sc, 69, 0x16); 5378 run_bbp_write(sc, 73, 0x12); 5379 } 5380 return (0); 5381 } 5382 5383 static int 5384 run_rt3070_rf_init(struct run_softc *sc) 5385 { 5386 uint32_t tmp; 5387 uint8_t bbp4, mingain, rf, target; 5388 int i; 5389 5390 run_rt3070_rf_read(sc, 30, &rf); 5391 /* toggle RF R30 bit 7 */ 5392 run_rt3070_rf_write(sc, 30, rf | 0x80); 5393 run_delay(sc, 10); 5394 run_rt3070_rf_write(sc, 30, rf & ~0x80); 5395 5396 /* initialize RF registers to default value */ 5397 if (sc->mac_ver == 0x3572) { 5398 for (i = 0; i < nitems(rt3572_def_rf); i++) { 5399 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg, 5400 rt3572_def_rf[i].val); 5401 } 5402 } else { 5403 for (i = 0; i < nitems(rt3070_def_rf); i++) { 5404 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg, 5405 rt3070_def_rf[i].val); 5406 } 5407 } 5408 5409 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) { 5410 /* 5411 * Change voltage from 1.2V to 1.35V for RT3070. 5412 * The DAC issue (RT3070_LDO_CFG0) has been fixed 5413 * in RT3070(F). 5414 */ 5415 run_read(sc, RT3070_LDO_CFG0, &tmp); 5416 tmp = (tmp & ~0x0f000000) | 0x0d000000; 5417 run_write(sc, RT3070_LDO_CFG0, tmp); 5418 5419 } else if (sc->mac_ver == 0x3071) { 5420 run_rt3070_rf_read(sc, 6, &rf); 5421 run_rt3070_rf_write(sc, 6, rf | 0x40); 5422 run_rt3070_rf_write(sc, 31, 0x14); 5423 5424 run_read(sc, RT3070_LDO_CFG0, &tmp); 5425 tmp &= ~0x1f000000; 5426 if (sc->mac_rev < 0x0211) 5427 tmp |= 0x0d000000; /* 1.3V */ 5428 else 5429 tmp |= 0x01000000; /* 1.2V */ 5430 run_write(sc, RT3070_LDO_CFG0, tmp); 5431 5432 /* patch LNA_PE_G1 */ 5433 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5434 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20); 5435 5436 } else if (sc->mac_ver == 0x3572) { 5437 run_rt3070_rf_read(sc, 6, &rf); 5438 run_rt3070_rf_write(sc, 6, rf | 0x40); 5439 5440 /* increase voltage from 1.2V to 1.35V */ 5441 run_read(sc, RT3070_LDO_CFG0, &tmp); 5442 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5443 run_write(sc, RT3070_LDO_CFG0, tmp); 5444 5445 if (sc->mac_rev < 0x0211 || !sc->patch_dac) { 5446 run_delay(sc, 1); /* wait for 1msec */ 5447 /* decrease voltage back to 1.2V */ 5448 tmp = (tmp & ~0x1f000000) | 0x01000000; 5449 run_write(sc, RT3070_LDO_CFG0, tmp); 5450 } 5451 } 5452 5453 /* select 20MHz bandwidth */ 5454 run_rt3070_rf_read(sc, 31, &rf); 5455 run_rt3070_rf_write(sc, 31, rf & ~0x20); 5456 5457 /* calibrate filter for 20MHz bandwidth */ 5458 sc->rf24_20mhz = 0x1f; /* default value */ 5459 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13; 5460 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz); 5461 5462 /* select 40MHz bandwidth */ 5463 run_bbp_read(sc, 4, &bbp4); 5464 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10); 5465 run_rt3070_rf_read(sc, 31, &rf); 5466 run_rt3070_rf_write(sc, 31, rf | 0x20); 5467 5468 /* calibrate filter for 40MHz bandwidth */ 5469 sc->rf24_40mhz = 0x2f; /* default value */ 5470 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15; 5471 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz); 5472 5473 /* go back to 20MHz bandwidth */ 5474 run_bbp_read(sc, 4, &bbp4); 5475 run_bbp_write(sc, 4, bbp4 & ~0x18); 5476 5477 if (sc->mac_ver == 0x3572) { 5478 /* save default BBP registers 25 and 26 values */ 5479 run_bbp_read(sc, 25, &sc->bbp25); 5480 run_bbp_read(sc, 26, &sc->bbp26); 5481 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211) 5482 run_rt3070_rf_write(sc, 27, 0x03); 5483 5484 run_read(sc, RT3070_OPT_14, &tmp); 5485 run_write(sc, RT3070_OPT_14, tmp | 1); 5486 5487 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5488 run_rt3070_rf_read(sc, 17, &rf); 5489 rf &= ~RT3070_TX_LO1; 5490 if ((sc->mac_ver == 0x3070 || 5491 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) && 5492 !sc->ext_2ghz_lna) 5493 rf |= 0x20; /* fix for long range Rx issue */ 5494 mingain = (sc->mac_ver == 0x3070) ? 1 : 2; 5495 if (sc->txmixgain_2ghz >= mingain) 5496 rf = (rf & ~0x7) | sc->txmixgain_2ghz; 5497 run_rt3070_rf_write(sc, 17, rf); 5498 } 5499 5500 if (sc->mac_ver == 0x3071) { 5501 run_rt3070_rf_read(sc, 1, &rf); 5502 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD); 5503 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD; 5504 run_rt3070_rf_write(sc, 1, rf); 5505 5506 run_rt3070_rf_read(sc, 15, &rf); 5507 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2); 5508 5509 run_rt3070_rf_read(sc, 20, &rf); 5510 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1); 5511 5512 run_rt3070_rf_read(sc, 21, &rf); 5513 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2); 5514 } 5515 5516 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) { 5517 /* fix Tx to Rx IQ glitch by raising RF voltage */ 5518 run_rt3070_rf_read(sc, 27, &rf); 5519 rf &= ~0x77; 5520 if (sc->mac_rev < 0x0211) 5521 rf |= 0x03; 5522 run_rt3070_rf_write(sc, 27, rf); 5523 } 5524 return (0); 5525 } 5526 5527 static void 5528 run_rt3593_rf_init(struct run_softc *sc) 5529 { 5530 uint32_t tmp; 5531 uint8_t rf; 5532 int i; 5533 5534 /* Disable the GPIO bits 4 and 7 for LNA PE control. */ 5535 run_read(sc, RT3070_GPIO_SWITCH, &tmp); 5536 tmp &= ~(1 << 4 | 1 << 7); 5537 run_write(sc, RT3070_GPIO_SWITCH, tmp); 5538 5539 /* Initialize RF registers to default value. */ 5540 for (i = 0; i < nitems(rt3593_def_rf); i++) { 5541 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg, 5542 rt3593_def_rf[i].val); 5543 } 5544 5545 /* Toggle RF R2 to initiate calibration. */ 5546 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5547 5548 /* Initialize RF frequency offset. */ 5549 run_adjust_freq_offset(sc); 5550 5551 run_rt3070_rf_read(sc, 18, &rf); 5552 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS); 5553 5554 /* 5555 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to 5556 * decrease voltage back to 1.2V. 5557 */ 5558 run_read(sc, RT3070_LDO_CFG0, &tmp); 5559 tmp = (tmp & ~0x1f000000) | 0x0d000000; 5560 run_write(sc, RT3070_LDO_CFG0, tmp); 5561 run_delay(sc, 1); 5562 tmp = (tmp & ~0x1f000000) | 0x01000000; 5563 run_write(sc, RT3070_LDO_CFG0, tmp); 5564 5565 sc->rf24_20mhz = 0x1f; 5566 sc->rf24_40mhz = 0x2f; 5567 5568 /* Save default BBP registers 25 and 26 values. */ 5569 run_bbp_read(sc, 25, &sc->bbp25); 5570 run_bbp_read(sc, 26, &sc->bbp26); 5571 5572 run_read(sc, RT3070_OPT_14, &tmp); 5573 run_write(sc, RT3070_OPT_14, tmp | 1); 5574 } 5575 5576 static void 5577 run_rt5390_rf_init(struct run_softc *sc) 5578 { 5579 uint32_t tmp; 5580 uint8_t rf; 5581 int i; 5582 5583 /* Toggle RF R2 to initiate calibration. */ 5584 if (sc->mac_ver == 0x5390) { 5585 run_rt3070_rf_read(sc, 2, &rf); 5586 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL); 5587 run_delay(sc, 10); 5588 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL); 5589 } else { 5590 run_rt3070_rf_write(sc, 2, RT5390_RESCAL); 5591 run_delay(sc, 10); 5592 } 5593 5594 /* Initialize RF registers to default value. */ 5595 if (sc->mac_ver == 0x5592) { 5596 for (i = 0; i < nitems(rt5592_def_rf); i++) { 5597 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg, 5598 rt5592_def_rf[i].val); 5599 } 5600 /* Initialize RF frequency offset. */ 5601 run_adjust_freq_offset(sc); 5602 } else if (sc->mac_ver == 0x5392) { 5603 for (i = 0; i < nitems(rt5392_def_rf); i++) { 5604 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg, 5605 rt5392_def_rf[i].val); 5606 } 5607 if (sc->mac_rev >= 0x0223) { 5608 run_rt3070_rf_write(sc, 23, 0x0f); 5609 run_rt3070_rf_write(sc, 24, 0x3e); 5610 run_rt3070_rf_write(sc, 51, 0x32); 5611 run_rt3070_rf_write(sc, 53, 0x22); 5612 run_rt3070_rf_write(sc, 56, 0xc1); 5613 run_rt3070_rf_write(sc, 59, 0x0f); 5614 } 5615 } else { 5616 for (i = 0; i < nitems(rt5390_def_rf); i++) { 5617 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg, 5618 rt5390_def_rf[i].val); 5619 } 5620 if (sc->mac_rev >= 0x0502) { 5621 run_rt3070_rf_write(sc, 6, 0xe0); 5622 run_rt3070_rf_write(sc, 25, 0x80); 5623 run_rt3070_rf_write(sc, 46, 0x73); 5624 run_rt3070_rf_write(sc, 53, 0x00); 5625 run_rt3070_rf_write(sc, 56, 0x42); 5626 run_rt3070_rf_write(sc, 61, 0xd1); 5627 } 5628 } 5629 5630 sc->rf24_20mhz = 0x1f; /* default value */ 5631 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f; 5632 5633 if (sc->mac_rev < 0x0211) 5634 run_rt3070_rf_write(sc, 27, 0x3); 5635 5636 run_read(sc, RT3070_OPT_14, &tmp); 5637 run_write(sc, RT3070_OPT_14, tmp | 1); 5638 } 5639 5640 static int 5641 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target, 5642 uint8_t *val) 5643 { 5644 uint8_t rf22, rf24; 5645 uint8_t bbp55_pb, bbp55_sb, delta; 5646 int ntries; 5647 5648 /* program filter */ 5649 run_rt3070_rf_read(sc, 24, &rf24); 5650 rf24 = (rf24 & 0xc0) | init; /* initial filter value */ 5651 run_rt3070_rf_write(sc, 24, rf24); 5652 5653 /* enable baseband loopback mode */ 5654 run_rt3070_rf_read(sc, 22, &rf22); 5655 run_rt3070_rf_write(sc, 22, rf22 | 0x01); 5656 5657 /* set power and frequency of passband test tone */ 5658 run_bbp_write(sc, 24, 0x00); 5659 for (ntries = 0; ntries < 100; ntries++) { 5660 /* transmit test tone */ 5661 run_bbp_write(sc, 25, 0x90); 5662 run_delay(sc, 10); 5663 /* read received power */ 5664 run_bbp_read(sc, 55, &bbp55_pb); 5665 if (bbp55_pb != 0) 5666 break; 5667 } 5668 if (ntries == 100) 5669 return (ETIMEDOUT); 5670 5671 /* set power and frequency of stopband test tone */ 5672 run_bbp_write(sc, 24, 0x06); 5673 for (ntries = 0; ntries < 100; ntries++) { 5674 /* transmit test tone */ 5675 run_bbp_write(sc, 25, 0x90); 5676 run_delay(sc, 10); 5677 /* read received power */ 5678 run_bbp_read(sc, 55, &bbp55_sb); 5679 5680 delta = bbp55_pb - bbp55_sb; 5681 if (delta > target) 5682 break; 5683 5684 /* reprogram filter */ 5685 rf24++; 5686 run_rt3070_rf_write(sc, 24, rf24); 5687 } 5688 if (ntries < 100) { 5689 if (rf24 != init) 5690 rf24--; /* backtrack */ 5691 *val = rf24; 5692 run_rt3070_rf_write(sc, 24, rf24); 5693 } 5694 5695 /* restore initial state */ 5696 run_bbp_write(sc, 24, 0x00); 5697 5698 /* disable baseband loopback mode */ 5699 run_rt3070_rf_read(sc, 22, &rf22); 5700 run_rt3070_rf_write(sc, 22, rf22 & ~0x01); 5701 5702 return (0); 5703 } 5704 5705 static void 5706 run_rt3070_rf_setup(struct run_softc *sc) 5707 { 5708 uint8_t bbp, rf; 5709 int i; 5710 5711 if (sc->mac_ver == 0x3572) { 5712 /* enable DC filter */ 5713 if (sc->mac_rev >= 0x0201) 5714 run_bbp_write(sc, 103, 0xc0); 5715 5716 run_bbp_read(sc, 138, &bbp); 5717 if (sc->ntxchains == 1) 5718 bbp |= 0x20; /* turn off DAC1 */ 5719 if (sc->nrxchains == 1) 5720 bbp &= ~0x02; /* turn off ADC1 */ 5721 run_bbp_write(sc, 138, bbp); 5722 5723 if (sc->mac_rev >= 0x0211) { 5724 /* improve power consumption */ 5725 run_bbp_read(sc, 31, &bbp); 5726 run_bbp_write(sc, 31, bbp & ~0x03); 5727 } 5728 5729 run_rt3070_rf_read(sc, 16, &rf); 5730 rf = (rf & ~0x07) | sc->txmixgain_2ghz; 5731 run_rt3070_rf_write(sc, 16, rf); 5732 5733 } else if (sc->mac_ver == 0x3071) { 5734 if (sc->mac_rev >= 0x0211) { 5735 /* enable DC filter */ 5736 run_bbp_write(sc, 103, 0xc0); 5737 5738 /* improve power consumption */ 5739 run_bbp_read(sc, 31, &bbp); 5740 run_bbp_write(sc, 31, bbp & ~0x03); 5741 } 5742 5743 run_bbp_read(sc, 138, &bbp); 5744 if (sc->ntxchains == 1) 5745 bbp |= 0x20; /* turn off DAC1 */ 5746 if (sc->nrxchains == 1) 5747 bbp &= ~0x02; /* turn off ADC1 */ 5748 run_bbp_write(sc, 138, bbp); 5749 5750 run_write(sc, RT2860_TX_SW_CFG1, 0); 5751 if (sc->mac_rev < 0x0211) { 5752 run_write(sc, RT2860_TX_SW_CFG2, 5753 sc->patch_dac ? 0x2c : 0x0f); 5754 } else 5755 run_write(sc, RT2860_TX_SW_CFG2, 0); 5756 5757 } else if (sc->mac_ver == 0x3070) { 5758 if (sc->mac_rev >= 0x0201) { 5759 /* enable DC filter */ 5760 run_bbp_write(sc, 103, 0xc0); 5761 5762 /* improve power consumption */ 5763 run_bbp_read(sc, 31, &bbp); 5764 run_bbp_write(sc, 31, bbp & ~0x03); 5765 } 5766 5767 if (sc->mac_rev < 0x0201) { 5768 run_write(sc, RT2860_TX_SW_CFG1, 0); 5769 run_write(sc, RT2860_TX_SW_CFG2, 0x2c); 5770 } else 5771 run_write(sc, RT2860_TX_SW_CFG2, 0); 5772 } 5773 5774 /* initialize RF registers from ROM for >=RT3071*/ 5775 if (sc->mac_ver >= 0x3071) { 5776 for (i = 0; i < 10; i++) { 5777 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff) 5778 continue; 5779 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val); 5780 } 5781 } 5782 } 5783 5784 static void 5785 run_rt3593_rf_setup(struct run_softc *sc) 5786 { 5787 uint8_t bbp, rf; 5788 5789 if (sc->mac_rev >= 0x0211) { 5790 /* Enable DC filter. */ 5791 run_bbp_write(sc, 103, 0xc0); 5792 } 5793 run_write(sc, RT2860_TX_SW_CFG1, 0); 5794 if (sc->mac_rev < 0x0211) { 5795 run_write(sc, RT2860_TX_SW_CFG2, 5796 sc->patch_dac ? 0x2c : 0x0f); 5797 } else 5798 run_write(sc, RT2860_TX_SW_CFG2, 0); 5799 5800 run_rt3070_rf_read(sc, 50, &rf); 5801 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2); 5802 5803 run_rt3070_rf_read(sc, 51, &rf); 5804 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) | 5805 ((sc->txmixgain_2ghz & 0x07) << 2); 5806 run_rt3070_rf_write(sc, 51, rf); 5807 5808 run_rt3070_rf_read(sc, 38, &rf); 5809 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5810 5811 run_rt3070_rf_read(sc, 39, &rf); 5812 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5813 5814 run_rt3070_rf_read(sc, 1, &rf); 5815 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD)); 5816 5817 run_rt3070_rf_read(sc, 30, &rf); 5818 rf = (rf & ~0x18) | 0x10; 5819 run_rt3070_rf_write(sc, 30, rf); 5820 5821 /* Apply maximum likelihood detection for 2 stream case. */ 5822 run_bbp_read(sc, 105, &bbp); 5823 if (sc->nrxchains > 1) 5824 run_bbp_write(sc, 105, bbp | RT5390_MLD); 5825 5826 /* Avoid data lost and CRC error. */ 5827 run_bbp_read(sc, 4, &bbp); 5828 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5829 5830 run_bbp_write(sc, 92, 0x02); 5831 run_bbp_write(sc, 82, 0x82); 5832 run_bbp_write(sc, 106, 0x05); 5833 run_bbp_write(sc, 104, 0x92); 5834 run_bbp_write(sc, 88, 0x90); 5835 run_bbp_write(sc, 148, 0xc8); 5836 run_bbp_write(sc, 47, 0x48); 5837 run_bbp_write(sc, 120, 0x50); 5838 5839 run_bbp_write(sc, 163, 0x9d); 5840 5841 /* SNR mapping. */ 5842 run_bbp_write(sc, 142, 0x06); 5843 run_bbp_write(sc, 143, 0xa0); 5844 run_bbp_write(sc, 142, 0x07); 5845 run_bbp_write(sc, 143, 0xa1); 5846 run_bbp_write(sc, 142, 0x08); 5847 run_bbp_write(sc, 143, 0xa2); 5848 5849 run_bbp_write(sc, 31, 0x08); 5850 run_bbp_write(sc, 68, 0x0b); 5851 run_bbp_write(sc, 105, 0x04); 5852 } 5853 5854 static void 5855 run_rt5390_rf_setup(struct run_softc *sc) 5856 { 5857 uint8_t bbp, rf; 5858 5859 if (sc->mac_rev >= 0x0211) { 5860 /* Enable DC filter. */ 5861 run_bbp_write(sc, 103, 0xc0); 5862 5863 if (sc->mac_ver != 0x5592) { 5864 /* Improve power consumption. */ 5865 run_bbp_read(sc, 31, &bbp); 5866 run_bbp_write(sc, 31, bbp & ~0x03); 5867 } 5868 } 5869 5870 run_bbp_read(sc, 138, &bbp); 5871 if (sc->ntxchains == 1) 5872 bbp |= 0x20; /* turn off DAC1 */ 5873 if (sc->nrxchains == 1) 5874 bbp &= ~0x02; /* turn off ADC1 */ 5875 run_bbp_write(sc, 138, bbp); 5876 5877 run_rt3070_rf_read(sc, 38, &rf); 5878 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1); 5879 5880 run_rt3070_rf_read(sc, 39, &rf); 5881 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2); 5882 5883 /* Avoid data lost and CRC error. */ 5884 run_bbp_read(sc, 4, &bbp); 5885 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL); 5886 5887 run_rt3070_rf_read(sc, 30, &rf); 5888 rf = (rf & ~0x18) | 0x10; 5889 run_rt3070_rf_write(sc, 30, rf); 5890 5891 if (sc->mac_ver != 0x5592) { 5892 run_write(sc, RT2860_TX_SW_CFG1, 0); 5893 if (sc->mac_rev < 0x0211) { 5894 run_write(sc, RT2860_TX_SW_CFG2, 5895 sc->patch_dac ? 0x2c : 0x0f); 5896 } else 5897 run_write(sc, RT2860_TX_SW_CFG2, 0); 5898 } 5899 } 5900 5901 static int 5902 run_txrx_enable(struct run_softc *sc) 5903 { 5904 struct ieee80211com *ic = sc->sc_ifp->if_l2com; 5905 uint32_t tmp; 5906 int error, ntries; 5907 5908 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN); 5909 for (ntries = 0; ntries < 200; ntries++) { 5910 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0) 5911 return (error); 5912 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 5913 break; 5914 run_delay(sc, 50); 5915 } 5916 if (ntries == 200) 5917 return (ETIMEDOUT); 5918 5919 run_delay(sc, 50); 5920 5921 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE; 5922 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 5923 5924 /* enable Rx bulk aggregation (set timeout and limit) */ 5925 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN | 5926 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2); 5927 run_write(sc, RT2860_USB_DMA_CFG, tmp); 5928 5929 /* set Rx filter */ 5930 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR; 5931 if (ic->ic_opmode != IEEE80211_M_MONITOR) { 5932 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL | 5933 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK | 5934 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV | 5935 RT2860_DROP_CFACK | RT2860_DROP_CFEND; 5936 if (ic->ic_opmode == IEEE80211_M_STA) 5937 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL; 5938 } 5939 run_write(sc, RT2860_RX_FILTR_CFG, tmp); 5940 5941 run_write(sc, RT2860_MAC_SYS_CTRL, 5942 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 5943 5944 return (0); 5945 } 5946 5947 static void 5948 run_adjust_freq_offset(struct run_softc *sc) 5949 { 5950 uint8_t rf, tmp; 5951 5952 run_rt3070_rf_read(sc, 17, &rf); 5953 tmp = rf; 5954 rf = (rf & ~0x7f) | (sc->freq & 0x7f); 5955 rf = MIN(rf, 0x5f); 5956 5957 if (tmp != rf) 5958 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf); 5959 } 5960 5961 static void 5962 run_init_locked(struct run_softc *sc) 5963 { 5964 struct ifnet *ifp = sc->sc_ifp; 5965 struct ieee80211com *ic = ifp->if_l2com; 5966 uint32_t tmp; 5967 uint8_t bbp1, bbp3; 5968 int i; 5969 int ridx; 5970 int ntries; 5971 5972 if (ic->ic_nrunning > 1) 5973 return; 5974 5975 run_stop(sc); 5976 5977 if (run_load_microcode(sc) != 0) { 5978 device_printf(sc->sc_dev, "could not load 8051 microcode\n"); 5979 goto fail; 5980 } 5981 5982 for (ntries = 0; ntries < 100; ntries++) { 5983 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0) 5984 goto fail; 5985 if (tmp != 0 && tmp != 0xffffffff) 5986 break; 5987 run_delay(sc, 10); 5988 } 5989 if (ntries == 100) 5990 goto fail; 5991 5992 for (i = 0; i != RUN_EP_QUEUES; i++) 5993 run_setup_tx_list(sc, &sc->sc_epq[i]); 5994 5995 run_set_macaddr(sc, IF_LLADDR(ifp)); 5996 5997 for (ntries = 0; ntries < 100; ntries++) { 5998 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 5999 goto fail; 6000 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6001 break; 6002 run_delay(sc, 10); 6003 } 6004 if (ntries == 100) { 6005 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6006 goto fail; 6007 } 6008 tmp &= 0xff0; 6009 tmp |= RT2860_TX_WB_DDONE; 6010 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6011 6012 /* turn off PME_OEN to solve high-current issue */ 6013 run_read(sc, RT2860_SYS_CTRL, &tmp); 6014 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN); 6015 6016 run_write(sc, RT2860_MAC_SYS_CTRL, 6017 RT2860_BBP_HRST | RT2860_MAC_SRST); 6018 run_write(sc, RT2860_USB_DMA_CFG, 0); 6019 6020 if (run_reset(sc) != 0) { 6021 device_printf(sc->sc_dev, "could not reset chipset\n"); 6022 goto fail; 6023 } 6024 6025 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6026 6027 /* init Tx power for all Tx rates (from EEPROM) */ 6028 for (ridx = 0; ridx < 5; ridx++) { 6029 if (sc->txpow20mhz[ridx] == 0xffffffff) 6030 continue; 6031 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]); 6032 } 6033 6034 for (i = 0; i < nitems(rt2870_def_mac); i++) 6035 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val); 6036 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273); 6037 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344); 6038 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa); 6039 6040 if (sc->mac_ver >= 0x5390) { 6041 run_write(sc, RT2860_TX_SW_CFG0, 6042 4 << RT2860_DLY_PAPE_EN_SHIFT | 4); 6043 if (sc->mac_ver >= 0x5392) { 6044 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff); 6045 if (sc->mac_ver == 0x5592) { 6046 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980); 6047 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082); 6048 } else { 6049 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980); 6050 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322); 6051 } 6052 } 6053 } else if (sc->mac_ver == 0x3593) { 6054 run_write(sc, RT2860_TX_SW_CFG0, 6055 4 << RT2860_DLY_PAPE_EN_SHIFT | 2); 6056 } else if (sc->mac_ver >= 0x3070) { 6057 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */ 6058 run_write(sc, RT2860_TX_SW_CFG0, 6059 4 << RT2860_DLY_PAPE_EN_SHIFT); 6060 } 6061 6062 /* wait while MAC is busy */ 6063 for (ntries = 0; ntries < 100; ntries++) { 6064 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0) 6065 goto fail; 6066 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY))) 6067 break; 6068 run_delay(sc, 10); 6069 } 6070 if (ntries == 100) 6071 goto fail; 6072 6073 /* clear Host to MCU mailbox */ 6074 run_write(sc, RT2860_H2M_BBPAGENT, 0); 6075 run_write(sc, RT2860_H2M_MAILBOX, 0); 6076 run_delay(sc, 10); 6077 6078 if (run_bbp_init(sc) != 0) { 6079 device_printf(sc->sc_dev, "could not initialize BBP\n"); 6080 goto fail; 6081 } 6082 6083 /* abort TSF synchronization */ 6084 run_read(sc, RT2860_BCN_TIME_CFG, &tmp); 6085 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN | 6086 RT2860_TBTT_TIMER_EN); 6087 run_write(sc, RT2860_BCN_TIME_CFG, tmp); 6088 6089 /* clear RX WCID search table */ 6090 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512); 6091 /* clear WCID attribute table */ 6092 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32); 6093 6094 /* hostapd sets a key before init. So, don't clear it. */ 6095 if (sc->cmdq_key_set != RUN_CMDQ_GO) { 6096 /* clear shared key table */ 6097 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32); 6098 /* clear shared key mode */ 6099 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4); 6100 } 6101 6102 run_read(sc, RT2860_US_CYC_CNT, &tmp); 6103 tmp = (tmp & ~0xff) | 0x1e; 6104 run_write(sc, RT2860_US_CYC_CNT, tmp); 6105 6106 if (sc->mac_rev != 0x0101) 6107 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f); 6108 6109 run_write(sc, RT2860_WMM_TXOP0_CFG, 0); 6110 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96); 6111 6112 /* write vendor-specific BBP values (from EEPROM) */ 6113 if (sc->mac_ver < 0x3593) { 6114 for (i = 0; i < 10; i++) { 6115 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff) 6116 continue; 6117 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val); 6118 } 6119 } 6120 6121 /* select Main antenna for 1T1R devices */ 6122 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370) 6123 run_set_rx_antenna(sc, 0); 6124 6125 /* send LEDs operating mode to microcontroller */ 6126 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]); 6127 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]); 6128 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]); 6129 6130 if (sc->mac_ver >= 0x5390) 6131 run_rt5390_rf_init(sc); 6132 else if (sc->mac_ver == 0x3593) 6133 run_rt3593_rf_init(sc); 6134 else if (sc->mac_ver >= 0x3070) 6135 run_rt3070_rf_init(sc); 6136 6137 /* disable non-existing Rx chains */ 6138 run_bbp_read(sc, 3, &bbp3); 6139 bbp3 &= ~(1 << 3 | 1 << 4); 6140 if (sc->nrxchains == 2) 6141 bbp3 |= 1 << 3; 6142 else if (sc->nrxchains == 3) 6143 bbp3 |= 1 << 4; 6144 run_bbp_write(sc, 3, bbp3); 6145 6146 /* disable non-existing Tx chains */ 6147 run_bbp_read(sc, 1, &bbp1); 6148 if (sc->ntxchains == 1) 6149 bbp1 &= ~(1 << 3 | 1 << 4); 6150 run_bbp_write(sc, 1, bbp1); 6151 6152 if (sc->mac_ver >= 0x5390) 6153 run_rt5390_rf_setup(sc); 6154 else if (sc->mac_ver == 0x3593) 6155 run_rt3593_rf_setup(sc); 6156 else if (sc->mac_ver >= 0x3070) 6157 run_rt3070_rf_setup(sc); 6158 6159 /* select default channel */ 6160 run_set_chan(sc, ic->ic_curchan); 6161 6162 /* setup initial protection mode */ 6163 run_updateprot_cb(ic); 6164 6165 /* turn radio LED on */ 6166 run_set_leds(sc, RT2860_LED_RADIO); 6167 6168 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 6169 ifp->if_drv_flags |= IFF_DRV_RUNNING; 6170 sc->cmdq_run = RUN_CMDQ_GO; 6171 6172 for (i = 0; i != RUN_N_XFER; i++) 6173 usbd_xfer_set_stall(sc->sc_xfer[i]); 6174 6175 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]); 6176 6177 if (run_txrx_enable(sc) != 0) 6178 goto fail; 6179 6180 return; 6181 6182 fail: 6183 run_stop(sc); 6184 } 6185 6186 static void 6187 run_init(void *arg) 6188 { 6189 struct run_softc *sc = arg; 6190 struct ifnet *ifp = sc->sc_ifp; 6191 struct ieee80211com *ic = ifp->if_l2com; 6192 6193 RUN_LOCK(sc); 6194 run_init_locked(sc); 6195 RUN_UNLOCK(sc); 6196 6197 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6198 ieee80211_start_all(ic); 6199 } 6200 6201 static void 6202 run_stop(void *arg) 6203 { 6204 struct run_softc *sc = (struct run_softc *)arg; 6205 struct ifnet *ifp = sc->sc_ifp; 6206 uint32_t tmp; 6207 int i; 6208 int ntries; 6209 6210 RUN_LOCK_ASSERT(sc, MA_OWNED); 6211 6212 if (ifp->if_drv_flags & IFF_DRV_RUNNING) 6213 run_set_leds(sc, 0); /* turn all LEDs off */ 6214 6215 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE); 6216 6217 sc->ratectl_run = RUN_RATECTL_OFF; 6218 sc->cmdq_run = sc->cmdq_key_set; 6219 6220 RUN_UNLOCK(sc); 6221 6222 for(i = 0; i < RUN_N_XFER; i++) 6223 usbd_transfer_drain(sc->sc_xfer[i]); 6224 6225 RUN_LOCK(sc); 6226 6227 if (sc->rx_m != NULL) { 6228 m_free(sc->rx_m); 6229 sc->rx_m = NULL; 6230 } 6231 6232 /* Disable Tx/Rx DMA. */ 6233 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6234 return; 6235 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN); 6236 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp); 6237 6238 for (ntries = 0; ntries < 100; ntries++) { 6239 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0) 6240 return; 6241 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0) 6242 break; 6243 run_delay(sc, 10); 6244 } 6245 if (ntries == 100) { 6246 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n"); 6247 return; 6248 } 6249 6250 /* disable Tx/Rx */ 6251 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp); 6252 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN); 6253 run_write(sc, RT2860_MAC_SYS_CTRL, tmp); 6254 6255 /* wait for pending Tx to complete */ 6256 for (ntries = 0; ntries < 100; ntries++) { 6257 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) { 6258 DPRINTF("Cannot read Tx queue count\n"); 6259 break; 6260 } 6261 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) { 6262 DPRINTF("All Tx cleared\n"); 6263 break; 6264 } 6265 run_delay(sc, 10); 6266 } 6267 if (ntries >= 100) 6268 DPRINTF("There are still pending Tx\n"); 6269 run_delay(sc, 10); 6270 run_write(sc, RT2860_USB_DMA_CFG, 0); 6271 6272 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST); 6273 run_write(sc, RT2860_MAC_SYS_CTRL, 0); 6274 6275 for (i = 0; i != RUN_EP_QUEUES; i++) 6276 run_unsetup_tx_list(sc, &sc->sc_epq[i]); 6277 } 6278 6279 static void 6280 run_delay(struct run_softc *sc, u_int ms) 6281 { 6282 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ? 6283 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms)); 6284 } 6285 6286 static device_method_t run_methods[] = { 6287 /* Device interface */ 6288 DEVMETHOD(device_probe, run_match), 6289 DEVMETHOD(device_attach, run_attach), 6290 DEVMETHOD(device_detach, run_detach), 6291 DEVMETHOD_END 6292 }; 6293 6294 static driver_t run_driver = { 6295 .name = "run", 6296 .methods = run_methods, 6297 .size = sizeof(struct run_softc) 6298 }; 6299 6300 static devclass_t run_devclass; 6301 6302 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL); 6303 MODULE_DEPEND(run, wlan, 1, 1, 1); 6304 MODULE_DEPEND(run, usb, 1, 1, 1); 6305 MODULE_DEPEND(run, firmware, 1, 1, 1); 6306 MODULE_VERSION(run, 1); 6307