1 /*-
2 * Copyright (c) 2008,2010 Damien Bergamini <[email protected]>
3 * ported to FreeBSD by Akinori Furukoshi <[email protected]>
4 * USB Consulting, Hans Petter Selasky <[email protected]>
5 * Copyright (c) 2013-2014 Kevin Lo
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
22
23 /*-
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
26 */
27
28 #include "opt_wlan.h"
29
30 #include <sys/param.h>
31 #include <sys/sockio.h>
32 #include <sys/sysctl.h>
33 #include <sys/lock.h>
34 #include <sys/mutex.h>
35 #include <sys/mbuf.h>
36 #include <sys/kernel.h>
37 #include <sys/socket.h>
38 #include <sys/systm.h>
39 #include <sys/malloc.h>
40 #include <sys/module.h>
41 #include <sys/bus.h>
42 #include <sys/endian.h>
43 #include <sys/linker.h>
44 #include <sys/firmware.h>
45 #include <sys/kdb.h>
46
47 #include <net/bpf.h>
48 #include <net/if.h>
49 #include <net/if_var.h>
50 #include <net/if_arp.h>
51 #include <net/ethernet.h>
52 #include <net/if_dl.h>
53 #include <net/if_media.h>
54 #include <net/if_types.h>
55
56 #include <netinet/in.h>
57 #include <netinet/in_systm.h>
58 #include <netinet/in_var.h>
59 #include <netinet/if_ether.h>
60 #include <netinet/ip.h>
61
62 #include <net80211/ieee80211_var.h>
63 #include <net80211/ieee80211_regdomain.h>
64 #include <net80211/ieee80211_radiotap.h>
65 #include <net80211/ieee80211_ratectl.h>
66
67 #include <dev/usb/usb.h>
68 #include <dev/usb/usbdi.h>
69 #include "usbdevs.h"
70
71 #define USB_DEBUG_VAR run_debug
72 #include <dev/usb/usb_debug.h>
73 #include <dev/usb/usb_msctest.h>
74
75 #include <dev/usb/wlan/if_runreg.h>
76 #include <dev/usb/wlan/if_runvar.h>
77
78 #ifdef USB_DEBUG
79 #define RUN_DEBUG
80 #endif
81
82 #ifdef RUN_DEBUG
83 int run_debug = 0;
84 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
85 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
86 "run debug level");
87
88 enum {
89 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
90 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */
91 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */
92 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */
93 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */
94 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */
95 RUN_DEBUG_USB = 0x00000040, /* usb requests */
96 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */
97 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */
98 RUN_DEBUG_INTR = 0x00000200, /* ISR */
99 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */
100 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */
101 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */
102 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */
103 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */
104 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */
105 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */
106 RUN_DEBUG_CMD = 0x00020000, /* command queue */
107 RUN_DEBUG_ANY = 0xffffffff
108 };
109
110 #define RUN_DPRINTF(_sc, _m, ...) do { \
111 if (run_debug & (_m)) \
112 device_printf((_sc)->sc_dev, __VA_ARGS__); \
113 } while(0)
114 #else
115 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0)
116 #endif
117
118 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
119
120 /*
121 * Because of LOR in run_key_delete(), use atomic instead.
122 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
123 */
124 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
125
126 static const STRUCT_USB_HOST_ID run_devs[] = {
127 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
128 #define RUN_DEV_EJECT(v,p) \
129 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
130 #define RUN_EJECT 1
131 RUN_DEV(ABOCOM, RT2770),
132 RUN_DEV(ABOCOM, RT2870),
133 RUN_DEV(ABOCOM, RT3070),
134 RUN_DEV(ABOCOM, RT3071),
135 RUN_DEV(ABOCOM, RT3072),
136 RUN_DEV(ABOCOM2, RT2870_1),
137 RUN_DEV(ACCTON, RT2770),
138 RUN_DEV(ACCTON, RT2870_1),
139 RUN_DEV(ACCTON, RT2870_2),
140 RUN_DEV(ACCTON, RT2870_3),
141 RUN_DEV(ACCTON, RT2870_4),
142 RUN_DEV(ACCTON, RT2870_5),
143 RUN_DEV(ACCTON, RT3070),
144 RUN_DEV(ACCTON, RT3070_1),
145 RUN_DEV(ACCTON, RT3070_2),
146 RUN_DEV(ACCTON, RT3070_3),
147 RUN_DEV(ACCTON, RT3070_4),
148 RUN_DEV(ACCTON, RT3070_5),
149 RUN_DEV(AIRTIES, RT3070),
150 RUN_DEV(ALLWIN, RT2070),
151 RUN_DEV(ALLWIN, RT2770),
152 RUN_DEV(ALLWIN, RT2870),
153 RUN_DEV(ALLWIN, RT3070),
154 RUN_DEV(ALLWIN, RT3071),
155 RUN_DEV(ALLWIN, RT3072),
156 RUN_DEV(ALLWIN, RT3572),
157 RUN_DEV(AMIGO, RT2870_1),
158 RUN_DEV(AMIGO, RT2870_2),
159 RUN_DEV(AMIT, CGWLUSB2GNR),
160 RUN_DEV(AMIT, RT2870_1),
161 RUN_DEV(AMIT2, RT2870),
162 RUN_DEV(ASUS, RT2870_1),
163 RUN_DEV(ASUS, RT2870_2),
164 RUN_DEV(ASUS, RT2870_3),
165 RUN_DEV(ASUS, RT2870_4),
166 RUN_DEV(ASUS, RT2870_5),
167 RUN_DEV(ASUS, USBN13),
168 RUN_DEV(ASUS, RT3070_1),
169 RUN_DEV(ASUS, USBN66),
170 RUN_DEV(ASUS, USB_N53),
171 RUN_DEV(ASUS2, USBN11),
172 RUN_DEV(AZUREWAVE, RT2870_1),
173 RUN_DEV(AZUREWAVE, RT2870_2),
174 RUN_DEV(AZUREWAVE, RT3070_1),
175 RUN_DEV(AZUREWAVE, RT3070_2),
176 RUN_DEV(AZUREWAVE, RT3070_3),
177 RUN_DEV(BELKIN, F9L1103),
178 RUN_DEV(BELKIN, F5D8053V3),
179 RUN_DEV(BELKIN, F5D8055),
180 RUN_DEV(BELKIN, F5D8055V2),
181 RUN_DEV(BELKIN, F6D4050V1),
182 RUN_DEV(BELKIN, F6D4050V2),
183 RUN_DEV(BELKIN, RT2870_1),
184 RUN_DEV(BELKIN, RT2870_2),
185 RUN_DEV(CISCOLINKSYS, AE1000),
186 RUN_DEV(CISCOLINKSYS2, RT3070),
187 RUN_DEV(CISCOLINKSYS3, RT3070),
188 RUN_DEV(CONCEPTRONIC2, RT2870_1),
189 RUN_DEV(CONCEPTRONIC2, RT2870_2),
190 RUN_DEV(CONCEPTRONIC2, RT2870_3),
191 RUN_DEV(CONCEPTRONIC2, RT2870_4),
192 RUN_DEV(CONCEPTRONIC2, RT2870_5),
193 RUN_DEV(CONCEPTRONIC2, RT2870_6),
194 RUN_DEV(CONCEPTRONIC2, RT2870_7),
195 RUN_DEV(CONCEPTRONIC2, RT2870_8),
196 RUN_DEV(CONCEPTRONIC2, RT3070_1),
197 RUN_DEV(CONCEPTRONIC2, RT3070_2),
198 RUN_DEV(CONCEPTRONIC2, VIGORN61),
199 RUN_DEV(COREGA, CGWLUSB300GNM),
200 RUN_DEV(COREGA, RT2870_1),
201 RUN_DEV(COREGA, RT2870_2),
202 RUN_DEV(COREGA, RT2870_3),
203 RUN_DEV(COREGA, RT3070),
204 RUN_DEV(CYBERTAN, RT2870),
205 RUN_DEV(DLINK, RT2870),
206 RUN_DEV(DLINK, RT3072),
207 RUN_DEV(DLINK, DWA125A3),
208 RUN_DEV(DLINK, DWA127),
209 RUN_DEV(DLINK, DWA140B3),
210 RUN_DEV(DLINK, DWA160B2),
211 RUN_DEV(DLINK, DWA140D1),
212 RUN_DEV(DLINK, DWA162),
213 RUN_DEV(DLINK2, DWA130),
214 RUN_DEV(DLINK2, RT2870_1),
215 RUN_DEV(DLINK2, RT2870_2),
216 RUN_DEV(DLINK2, RT3070_1),
217 RUN_DEV(DLINK2, RT3070_2),
218 RUN_DEV(DLINK2, RT3070_3),
219 RUN_DEV(DLINK2, RT3070_4),
220 RUN_DEV(DLINK2, RT3070_5),
221 RUN_DEV(DLINK2, RT3072),
222 RUN_DEV(DLINK2, RT3072_1),
223 RUN_DEV(EDIMAX, EW7717),
224 RUN_DEV(EDIMAX, EW7718),
225 RUN_DEV(EDIMAX, EW7733UND),
226 RUN_DEV(EDIMAX, RT2870_1),
227 RUN_DEV(ENCORE, RT3070_1),
228 RUN_DEV(ENCORE, RT3070_2),
229 RUN_DEV(ENCORE, RT3070_3),
230 RUN_DEV(GIGABYTE, GNWB31N),
231 RUN_DEV(GIGABYTE, GNWB32L),
232 RUN_DEV(GIGABYTE, RT2870_1),
233 RUN_DEV(GIGASET, RT3070_1),
234 RUN_DEV(GIGASET, RT3070_2),
235 RUN_DEV(GUILLEMOT, HWNU300),
236 RUN_DEV(HAWKING, HWUN2),
237 RUN_DEV(HAWKING, RT2870_1),
238 RUN_DEV(HAWKING, RT2870_2),
239 RUN_DEV(HAWKING, RT3070),
240 RUN_DEV(IODATA, RT3072_1),
241 RUN_DEV(IODATA, RT3072_2),
242 RUN_DEV(IODATA, RT3072_3),
243 RUN_DEV(IODATA, RT3072_4),
244 RUN_DEV(LINKSYS4, RT3070),
245 RUN_DEV(LINKSYS4, WUSB100),
246 RUN_DEV(LINKSYS4, WUSB54GCV3),
247 RUN_DEV(LINKSYS4, WUSB600N),
248 RUN_DEV(LINKSYS4, WUSB600NV2),
249 RUN_DEV(LOGITEC, RT2870_1),
250 RUN_DEV(LOGITEC, RT2870_2),
251 RUN_DEV(LOGITEC, RT2870_3),
252 RUN_DEV(LOGITEC, LANW300NU2),
253 RUN_DEV(LOGITEC, LANW150NU2),
254 RUN_DEV(LOGITEC, LANW300NU2S),
255 RUN_DEV(MELCO, WLIUCG300HP),
256 RUN_DEV(MELCO, RT2870_2),
257 RUN_DEV(MELCO, WLIUCAG300N),
258 RUN_DEV(MELCO, WLIUCG300N),
259 RUN_DEV(MELCO, WLIUCG301N),
260 RUN_DEV(MELCO, WLIUCGN),
261 RUN_DEV(MELCO, WLIUCGNM),
262 RUN_DEV(MELCO, WLIUCG300HPV1),
263 RUN_DEV(MELCO, WLIUCGNM2),
264 RUN_DEV(MOTOROLA4, RT2770),
265 RUN_DEV(MOTOROLA4, RT3070),
266 RUN_DEV(MSI, RT3070_1),
267 RUN_DEV(MSI, RT3070_2),
268 RUN_DEV(MSI, RT3070_3),
269 RUN_DEV(MSI, RT3070_4),
270 RUN_DEV(MSI, RT3070_5),
271 RUN_DEV(MSI, RT3070_6),
272 RUN_DEV(MSI, RT3070_7),
273 RUN_DEV(MSI, RT3070_8),
274 RUN_DEV(MSI, RT3070_9),
275 RUN_DEV(MSI, RT3070_10),
276 RUN_DEV(MSI, RT3070_11),
277 RUN_DEV(NETGEAR, WNDA4100),
278 RUN_DEV(OVISLINK, RT3072),
279 RUN_DEV(PARA, RT3070),
280 RUN_DEV(PEGATRON, RT2870),
281 RUN_DEV(PEGATRON, RT3070),
282 RUN_DEV(PEGATRON, RT3070_2),
283 RUN_DEV(PEGATRON, RT3070_3),
284 RUN_DEV(PHILIPS, RT2870),
285 RUN_DEV(PLANEX2, GWUS300MINIS),
286 RUN_DEV(PLANEX2, GWUSMICRON),
287 RUN_DEV(PLANEX2, RT2870),
288 RUN_DEV(PLANEX2, RT3070),
289 RUN_DEV(QCOM, RT2870),
290 RUN_DEV(QUANTA, RT3070),
291 RUN_DEV(RALINK, RT2070),
292 RUN_DEV(RALINK, RT2770),
293 RUN_DEV(RALINK, RT2870),
294 RUN_DEV(RALINK, RT3070),
295 RUN_DEV(RALINK, RT3071),
296 RUN_DEV(RALINK, RT3072),
297 RUN_DEV(RALINK, RT3370),
298 RUN_DEV(RALINK, RT3572),
299 RUN_DEV(RALINK, RT3573),
300 RUN_DEV(RALINK, RT5370),
301 RUN_DEV(RALINK, RT5372),
302 RUN_DEV(RALINK, RT5572),
303 RUN_DEV(RALINK, RT8070),
304 RUN_DEV(SAMSUNG, WIS09ABGN),
305 RUN_DEV(SAMSUNG2, RT2870_1),
306 RUN_DEV(SENAO, RT2870_1),
307 RUN_DEV(SENAO, RT2870_2),
308 RUN_DEV(SENAO, RT2870_3),
309 RUN_DEV(SENAO, RT2870_4),
310 RUN_DEV(SENAO, RT3070),
311 RUN_DEV(SENAO, RT3071),
312 RUN_DEV(SENAO, RT3072_1),
313 RUN_DEV(SENAO, RT3072_2),
314 RUN_DEV(SENAO, RT3072_3),
315 RUN_DEV(SENAO, RT3072_4),
316 RUN_DEV(SENAO, RT3072_5),
317 RUN_DEV(SITECOMEU, RT2770),
318 RUN_DEV(SITECOMEU, RT2870_1),
319 RUN_DEV(SITECOMEU, RT2870_2),
320 RUN_DEV(SITECOMEU, RT2870_3),
321 RUN_DEV(SITECOMEU, RT2870_4),
322 RUN_DEV(SITECOMEU, RT3070),
323 RUN_DEV(SITECOMEU, RT3070_2),
324 RUN_DEV(SITECOMEU, RT3070_3),
325 RUN_DEV(SITECOMEU, RT3070_4),
326 RUN_DEV(SITECOMEU, RT3071),
327 RUN_DEV(SITECOMEU, RT3072_1),
328 RUN_DEV(SITECOMEU, RT3072_2),
329 RUN_DEV(SITECOMEU, RT3072_3),
330 RUN_DEV(SITECOMEU, RT3072_4),
331 RUN_DEV(SITECOMEU, RT3072_5),
332 RUN_DEV(SITECOMEU, RT3072_6),
333 RUN_DEV(SITECOMEU, WL608),
334 RUN_DEV(SPARKLAN, RT2870_1),
335 RUN_DEV(SPARKLAN, RT3070),
336 RUN_DEV(SWEEX2, LW153),
337 RUN_DEV(SWEEX2, LW303),
338 RUN_DEV(SWEEX2, LW313),
339 RUN_DEV(TOSHIBA, RT3070),
340 RUN_DEV(UMEDIA, RT2870_1),
341 RUN_DEV(ZCOM, RT2870_1),
342 RUN_DEV(ZCOM, RT2870_2),
343 RUN_DEV(ZINWELL, RT2870_1),
344 RUN_DEV(ZINWELL, RT2870_2),
345 RUN_DEV(ZINWELL, RT3070),
346 RUN_DEV(ZINWELL, RT3072_1),
347 RUN_DEV(ZINWELL, RT3072_2),
348 RUN_DEV(ZYXEL, RT2870_1),
349 RUN_DEV(ZYXEL, RT2870_2),
350 RUN_DEV(ZYXEL, RT3070),
351 RUN_DEV_EJECT(ZYXEL, NWD2705),
352 RUN_DEV_EJECT(RALINK, RT_STOR),
353 #undef RUN_DEV_EJECT
354 #undef RUN_DEV
355 };
356
357 static device_probe_t run_match;
358 static device_attach_t run_attach;
359 static device_detach_t run_detach;
360
361 static usb_callback_t run_bulk_rx_callback;
362 static usb_callback_t run_bulk_tx_callback0;
363 static usb_callback_t run_bulk_tx_callback1;
364 static usb_callback_t run_bulk_tx_callback2;
365 static usb_callback_t run_bulk_tx_callback3;
366 static usb_callback_t run_bulk_tx_callback4;
367 static usb_callback_t run_bulk_tx_callback5;
368
369 static void run_autoinst(void *, struct usb_device *,
370 struct usb_attach_arg *);
371 static int run_driver_loaded(struct module *, int, void *);
372 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
373 usb_error_t error, u_int index);
374 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
375 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
376 const uint8_t [IEEE80211_ADDR_LEN],
377 const uint8_t [IEEE80211_ADDR_LEN]);
378 static void run_vap_delete(struct ieee80211vap *);
379 static void run_cmdq_cb(void *, int);
380 static void run_setup_tx_list(struct run_softc *,
381 struct run_endpoint_queue *);
382 static void run_unsetup_tx_list(struct run_softc *,
383 struct run_endpoint_queue *);
384 static int run_load_microcode(struct run_softc *);
385 static int run_reset(struct run_softc *);
386 static usb_error_t run_do_request(struct run_softc *,
387 struct usb_device_request *, void *);
388 static int run_read(struct run_softc *, uint16_t, uint32_t *);
389 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
390 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
391 static int run_write(struct run_softc *, uint16_t, uint32_t);
392 static int run_write_region_1(struct run_softc *, uint16_t,
393 const uint8_t *, int);
394 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
395 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
396 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
397 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
398 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
399 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
400 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
401 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
402 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
403 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
404 static const char *run_get_rf(uint16_t);
405 static void run_rt3593_get_txpower(struct run_softc *);
406 static void run_get_txpower(struct run_softc *);
407 static int run_read_eeprom(struct run_softc *);
408 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
409 const uint8_t mac[IEEE80211_ADDR_LEN]);
410 static int run_media_change(struct ifnet *);
411 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
412 static int run_wme_update(struct ieee80211com *);
413 static void run_key_set_cb(void *);
414 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
415 static void run_key_delete_cb(void *);
416 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
417 static void run_ratectl_to(void *);
418 static void run_ratectl_cb(void *, int);
419 static void run_drain_fifo(void *);
420 static void run_iter_func(void *, struct ieee80211_node *);
421 static void run_newassoc_cb(void *);
422 static void run_newassoc(struct ieee80211_node *, int);
423 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
424 const struct ieee80211_rx_stats *, int, int);
425 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
426 static void run_tx_free(struct run_endpoint_queue *pq,
427 struct run_tx_data *, int);
428 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
429 static int run_tx(struct run_softc *, struct mbuf *,
430 struct ieee80211_node *);
431 static int run_tx_mgt(struct run_softc *, struct mbuf *,
432 struct ieee80211_node *);
433 static int run_sendprot(struct run_softc *, const struct mbuf *,
434 struct ieee80211_node *, int, int);
435 static int run_tx_param(struct run_softc *, struct mbuf *,
436 struct ieee80211_node *,
437 const struct ieee80211_bpf_params *);
438 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
439 const struct ieee80211_bpf_params *);
440 static int run_transmit(struct ieee80211com *, struct mbuf *);
441 static void run_start(struct run_softc *);
442 static void run_parent(struct ieee80211com *);
443 static void run_iq_calib(struct run_softc *, u_int);
444 static void run_set_agc(struct run_softc *, uint8_t);
445 static void run_select_chan_group(struct run_softc *, int);
446 static void run_set_rx_antenna(struct run_softc *, int);
447 static void run_rt2870_set_chan(struct run_softc *, u_int);
448 static void run_rt3070_set_chan(struct run_softc *, u_int);
449 static void run_rt3572_set_chan(struct run_softc *, u_int);
450 static void run_rt3593_set_chan(struct run_softc *, u_int);
451 static void run_rt5390_set_chan(struct run_softc *, u_int);
452 static void run_rt5592_set_chan(struct run_softc *, u_int);
453 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
454 static void run_set_channel(struct ieee80211com *);
455 static void run_getradiocaps(struct ieee80211com *, int, int *,
456 struct ieee80211_channel[]);
457 static void run_scan_start(struct ieee80211com *);
458 static void run_scan_end(struct ieee80211com *);
459 static void run_update_beacon(struct ieee80211vap *, int);
460 static void run_update_beacon_cb(void *);
461 static void run_updateprot(struct ieee80211com *);
462 static void run_updateprot_cb(void *);
463 static void run_usb_timeout_cb(void *);
464 static void run_reset_livelock(struct run_softc *);
465 static void run_enable_tsf_sync(struct run_softc *);
466 static void run_enable_tsf(struct run_softc *);
467 static void run_disable_tsf(struct run_softc *);
468 static void run_get_tsf(struct run_softc *, uint64_t *);
469 static void run_enable_mrr(struct run_softc *);
470 static void run_set_txpreamble(struct run_softc *);
471 static void run_set_basicrates(struct run_softc *);
472 static void run_set_leds(struct run_softc *, uint16_t);
473 static void run_set_bssid(struct run_softc *, const uint8_t *);
474 static void run_set_macaddr(struct run_softc *, const uint8_t *);
475 static void run_updateslot(struct ieee80211com *);
476 static void run_updateslot_cb(void *);
477 static void run_update_mcast(struct ieee80211com *);
478 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
479 static void run_update_promisc_locked(struct run_softc *);
480 static void run_update_promisc(struct ieee80211com *);
481 static void run_rt5390_bbp_init(struct run_softc *);
482 static int run_bbp_init(struct run_softc *);
483 static int run_rt3070_rf_init(struct run_softc *);
484 static void run_rt3593_rf_init(struct run_softc *);
485 static void run_rt5390_rf_init(struct run_softc *);
486 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
487 uint8_t *);
488 static void run_rt3070_rf_setup(struct run_softc *);
489 static void run_rt3593_rf_setup(struct run_softc *);
490 static void run_rt5390_rf_setup(struct run_softc *);
491 static int run_txrx_enable(struct run_softc *);
492 static void run_adjust_freq_offset(struct run_softc *);
493 static void run_init_locked(struct run_softc *);
494 static void run_stop(void *);
495 static void run_delay(struct run_softc *, u_int);
496
497 static eventhandler_tag run_etag;
498
499 static const struct rt2860_rate {
500 uint8_t rate;
501 uint8_t mcs;
502 enum ieee80211_phytype phy;
503 uint8_t ctl_ridx;
504 uint16_t sp_ack_dur;
505 uint16_t lp_ack_dur;
506 } rt2860_rates[] = {
507 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
508 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
509 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
510 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
511 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
512 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
513 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
514 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
515 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
516 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
517 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
518 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
519 };
520
521 static const struct {
522 uint16_t reg;
523 uint32_t val;
524 } rt2870_def_mac[] = {
525 RT2870_DEF_MAC
526 };
527
528 static const struct {
529 uint8_t reg;
530 uint8_t val;
531 } rt2860_def_bbp[] = {
532 RT2860_DEF_BBP
533 },rt5390_def_bbp[] = {
534 RT5390_DEF_BBP
535 },rt5592_def_bbp[] = {
536 RT5592_DEF_BBP
537 };
538
539 /*
540 * Default values for BBP register R196 for RT5592.
541 */
542 static const uint8_t rt5592_bbp_r196[] = {
543 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
544 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
545 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
546 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
547 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
548 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
549 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
550 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
551 0x2e, 0x36, 0x30, 0x6e
552 };
553
554 static const struct rfprog {
555 uint8_t chan;
556 uint32_t r1, r2, r3, r4;
557 } rt2860_rf2850[] = {
558 RT2860_RF2850
559 };
560
561 struct {
562 uint8_t n, r, k;
563 } rt3070_freqs[] = {
564 RT3070_RF3052
565 };
566
567 static const struct rt5592_freqs {
568 uint16_t n;
569 uint8_t k, m, r;
570 } rt5592_freqs_20mhz[] = {
571 RT5592_RF5592_20MHZ
572 },rt5592_freqs_40mhz[] = {
573 RT5592_RF5592_40MHZ
574 };
575
576 static const struct {
577 uint8_t reg;
578 uint8_t val;
579 } rt3070_def_rf[] = {
580 RT3070_DEF_RF
581 },rt3572_def_rf[] = {
582 RT3572_DEF_RF
583 },rt3593_def_rf[] = {
584 RT3593_DEF_RF
585 },rt5390_def_rf[] = {
586 RT5390_DEF_RF
587 },rt5392_def_rf[] = {
588 RT5392_DEF_RF
589 },rt5592_def_rf[] = {
590 RT5592_DEF_RF
591 },rt5592_2ghz_def_rf[] = {
592 RT5592_2GHZ_DEF_RF
593 },rt5592_5ghz_def_rf[] = {
594 RT5592_5GHZ_DEF_RF
595 };
596
597 static const struct {
598 u_int firstchan;
599 u_int lastchan;
600 uint8_t reg;
601 uint8_t val;
602 } rt5592_chan_5ghz[] = {
603 RT5592_CHAN_5GHZ
604 };
605
606 static const struct usb_config run_config[RUN_N_XFER] = {
607 [RUN_BULK_TX_BE] = {
608 .type = UE_BULK,
609 .endpoint = UE_ADDR_ANY,
610 .ep_index = 0,
611 .direction = UE_DIR_OUT,
612 .bufsize = RUN_MAX_TXSZ,
613 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
614 .callback = run_bulk_tx_callback0,
615 .timeout = 5000, /* ms */
616 },
617 [RUN_BULK_TX_BK] = {
618 .type = UE_BULK,
619 .endpoint = UE_ADDR_ANY,
620 .direction = UE_DIR_OUT,
621 .ep_index = 1,
622 .bufsize = RUN_MAX_TXSZ,
623 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
624 .callback = run_bulk_tx_callback1,
625 .timeout = 5000, /* ms */
626 },
627 [RUN_BULK_TX_VI] = {
628 .type = UE_BULK,
629 .endpoint = UE_ADDR_ANY,
630 .direction = UE_DIR_OUT,
631 .ep_index = 2,
632 .bufsize = RUN_MAX_TXSZ,
633 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
634 .callback = run_bulk_tx_callback2,
635 .timeout = 5000, /* ms */
636 },
637 [RUN_BULK_TX_VO] = {
638 .type = UE_BULK,
639 .endpoint = UE_ADDR_ANY,
640 .direction = UE_DIR_OUT,
641 .ep_index = 3,
642 .bufsize = RUN_MAX_TXSZ,
643 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
644 .callback = run_bulk_tx_callback3,
645 .timeout = 5000, /* ms */
646 },
647 [RUN_BULK_TX_HCCA] = {
648 .type = UE_BULK,
649 .endpoint = UE_ADDR_ANY,
650 .direction = UE_DIR_OUT,
651 .ep_index = 4,
652 .bufsize = RUN_MAX_TXSZ,
653 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
654 .callback = run_bulk_tx_callback4,
655 .timeout = 5000, /* ms */
656 },
657 [RUN_BULK_TX_PRIO] = {
658 .type = UE_BULK,
659 .endpoint = UE_ADDR_ANY,
660 .direction = UE_DIR_OUT,
661 .ep_index = 5,
662 .bufsize = RUN_MAX_TXSZ,
663 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
664 .callback = run_bulk_tx_callback5,
665 .timeout = 5000, /* ms */
666 },
667 [RUN_BULK_RX] = {
668 .type = UE_BULK,
669 .endpoint = UE_ADDR_ANY,
670 .direction = UE_DIR_IN,
671 .bufsize = RUN_MAX_RXSZ,
672 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
673 .callback = run_bulk_rx_callback,
674 }
675 };
676
677 static void
run_autoinst(void * arg,struct usb_device * udev,struct usb_attach_arg * uaa)678 run_autoinst(void *arg, struct usb_device *udev,
679 struct usb_attach_arg *uaa)
680 {
681 struct usb_interface *iface;
682 struct usb_interface_descriptor *id;
683
684 if (uaa->dev_state != UAA_DEV_READY)
685 return;
686
687 iface = usbd_get_iface(udev, 0);
688 if (iface == NULL)
689 return;
690 id = iface->idesc;
691 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
692 return;
693 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
694 return;
695
696 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
697 uaa->dev_state = UAA_DEV_EJECTING;
698 }
699
700 static int
run_driver_loaded(struct module * mod,int what,void * arg)701 run_driver_loaded(struct module *mod, int what, void *arg)
702 {
703 switch (what) {
704 case MOD_LOAD:
705 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
706 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
707 break;
708 case MOD_UNLOAD:
709 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
710 break;
711 default:
712 return (EOPNOTSUPP);
713 }
714 return (0);
715 }
716
717 static int
run_match(device_t self)718 run_match(device_t self)
719 {
720 struct usb_attach_arg *uaa = device_get_ivars(self);
721
722 if (uaa->usb_mode != USB_MODE_HOST)
723 return (ENXIO);
724 if (uaa->info.bConfigIndex != 0)
725 return (ENXIO);
726 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
727 return (ENXIO);
728
729 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
730 }
731
732 static int
run_attach(device_t self)733 run_attach(device_t self)
734 {
735 struct run_softc *sc = device_get_softc(self);
736 struct usb_attach_arg *uaa = device_get_ivars(self);
737 struct ieee80211com *ic = &sc->sc_ic;
738 uint32_t ver;
739 uint8_t iface_index;
740 int ntries, error;
741
742 device_set_usb_desc(self);
743 sc->sc_udev = uaa->device;
744 sc->sc_dev = self;
745 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
746 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
747
748 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
749 MTX_NETWORK_LOCK, MTX_DEF);
750 mbufq_init(&sc->sc_snd, ifqmaxlen);
751
752 iface_index = RT2860_IFACE_INDEX;
753
754 error = usbd_transfer_setup(uaa->device, &iface_index,
755 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
756 if (error) {
757 device_printf(self, "could not allocate USB transfers, "
758 "err=%s\n", usbd_errstr(error));
759 goto detach;
760 }
761
762 RUN_LOCK(sc);
763
764 /* wait for the chip to settle */
765 for (ntries = 0; ntries < 100; ntries++) {
766 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
767 RUN_UNLOCK(sc);
768 goto detach;
769 }
770 if (ver != 0 && ver != 0xffffffff)
771 break;
772 run_delay(sc, 10);
773 }
774 if (ntries == 100) {
775 device_printf(sc->sc_dev,
776 "timeout waiting for NIC to initialize\n");
777 RUN_UNLOCK(sc);
778 goto detach;
779 }
780 sc->mac_ver = ver >> 16;
781 sc->mac_rev = ver & 0xffff;
782
783 /* retrieve RF rev. no and various other things from EEPROM */
784 run_read_eeprom(sc);
785
786 device_printf(sc->sc_dev,
787 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
788 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
789 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
790
791 RUN_UNLOCK(sc);
792
793 ic->ic_softc = sc;
794 ic->ic_name = device_get_nameunit(self);
795 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
796 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
797
798 /* set device capabilities */
799 ic->ic_caps =
800 IEEE80211_C_STA | /* station mode supported */
801 IEEE80211_C_MONITOR | /* monitor mode supported */
802 IEEE80211_C_IBSS |
803 IEEE80211_C_HOSTAP |
804 IEEE80211_C_WDS | /* 4-address traffic works */
805 IEEE80211_C_MBSS |
806 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
807 IEEE80211_C_SHSLOT | /* short slot time supported */
808 IEEE80211_C_WME | /* WME */
809 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
810
811 ic->ic_cryptocaps =
812 IEEE80211_CRYPTO_WEP |
813 IEEE80211_CRYPTO_AES_CCM |
814 IEEE80211_CRYPTO_TKIPMIC |
815 IEEE80211_CRYPTO_TKIP;
816
817 ic->ic_flags |= IEEE80211_F_DATAPAD;
818 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
819
820 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
821 ic->ic_channels);
822
823 ieee80211_ifattach(ic);
824
825 ic->ic_scan_start = run_scan_start;
826 ic->ic_scan_end = run_scan_end;
827 ic->ic_set_channel = run_set_channel;
828 ic->ic_getradiocaps = run_getradiocaps;
829 ic->ic_node_alloc = run_node_alloc;
830 ic->ic_newassoc = run_newassoc;
831 ic->ic_updateslot = run_updateslot;
832 ic->ic_update_mcast = run_update_mcast;
833 ic->ic_wme.wme_update = run_wme_update;
834 ic->ic_raw_xmit = run_raw_xmit;
835 ic->ic_update_promisc = run_update_promisc;
836 ic->ic_vap_create = run_vap_create;
837 ic->ic_vap_delete = run_vap_delete;
838 ic->ic_transmit = run_transmit;
839 ic->ic_parent = run_parent;
840
841 ieee80211_radiotap_attach(ic,
842 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
843 RUN_TX_RADIOTAP_PRESENT,
844 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
845 RUN_RX_RADIOTAP_PRESENT);
846
847 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
848 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
849 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
850
851 if (bootverbose)
852 ieee80211_announce(ic);
853
854 return (0);
855
856 detach:
857 run_detach(self);
858 return (ENXIO);
859 }
860
861 static void
run_drain_mbufq(struct run_softc * sc)862 run_drain_mbufq(struct run_softc *sc)
863 {
864 struct mbuf *m;
865 struct ieee80211_node *ni;
866
867 RUN_LOCK_ASSERT(sc, MA_OWNED);
868 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
869 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
870 m->m_pkthdr.rcvif = NULL;
871 ieee80211_free_node(ni);
872 m_freem(m);
873 }
874 }
875
876 static int
run_detach(device_t self)877 run_detach(device_t self)
878 {
879 struct run_softc *sc = device_get_softc(self);
880 struct ieee80211com *ic = &sc->sc_ic;
881 int i;
882
883 RUN_LOCK(sc);
884 sc->sc_detached = 1;
885 RUN_UNLOCK(sc);
886
887 /* stop all USB transfers */
888 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
889
890 RUN_LOCK(sc);
891 sc->ratectl_run = RUN_RATECTL_OFF;
892 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
893
894 /* free TX list, if any */
895 for (i = 0; i != RUN_EP_QUEUES; i++)
896 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
897
898 /* Free TX queue */
899 run_drain_mbufq(sc);
900 RUN_UNLOCK(sc);
901
902 if (sc->sc_ic.ic_softc == sc) {
903 /* drain tasks */
904 usb_callout_drain(&sc->ratectl_ch);
905 ieee80211_draintask(ic, &sc->cmdq_task);
906 ieee80211_draintask(ic, &sc->ratectl_task);
907 ieee80211_ifdetach(ic);
908 }
909
910 mtx_destroy(&sc->sc_mtx);
911
912 return (0);
913 }
914
915 static struct ieee80211vap *
run_vap_create(struct ieee80211com * ic,const char name[IFNAMSIZ],int unit,enum ieee80211_opmode opmode,int flags,const uint8_t bssid[IEEE80211_ADDR_LEN],const uint8_t mac[IEEE80211_ADDR_LEN])916 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
917 enum ieee80211_opmode opmode, int flags,
918 const uint8_t bssid[IEEE80211_ADDR_LEN],
919 const uint8_t mac[IEEE80211_ADDR_LEN])
920 {
921 struct run_softc *sc = ic->ic_softc;
922 struct run_vap *rvp;
923 struct ieee80211vap *vap;
924 int i;
925
926 if (sc->rvp_cnt >= RUN_VAP_MAX) {
927 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
928 return (NULL);
929 }
930
931 switch (opmode) {
932 case IEEE80211_M_STA:
933 /* enable s/w bmiss handling for sta mode */
934 flags |= IEEE80211_CLONE_NOBEACONS;
935 /* fall though */
936 case IEEE80211_M_IBSS:
937 case IEEE80211_M_MONITOR:
938 case IEEE80211_M_HOSTAP:
939 case IEEE80211_M_MBSS:
940 /* other than WDS vaps, only one at a time */
941 if (!TAILQ_EMPTY(&ic->ic_vaps))
942 return (NULL);
943 break;
944 case IEEE80211_M_WDS:
945 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
946 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
947 continue;
948 /* WDS vap's always share the local mac address. */
949 flags &= ~IEEE80211_CLONE_BSSID;
950 break;
951 }
952 if (vap == NULL) {
953 device_printf(sc->sc_dev,
954 "wds only supported in ap mode\n");
955 return (NULL);
956 }
957 break;
958 default:
959 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
960 return (NULL);
961 }
962
963 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
964 vap = &rvp->vap;
965
966 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
967 bssid) != 0) {
968 /* out of memory */
969 free(rvp, M_80211_VAP);
970 return (NULL);
971 }
972
973 vap->iv_update_beacon = run_update_beacon;
974 vap->iv_max_aid = RT2870_WCID_MAX;
975 /*
976 * To delete the right key from h/w, we need wcid.
977 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
978 * and matching wcid will be written into there. So, cast
979 * some spells to remove 'const' from ieee80211_key{}
980 */
981 vap->iv_key_delete = (void *)run_key_delete;
982 vap->iv_key_set = (void *)run_key_set;
983
984 /* override state transition machine */
985 rvp->newstate = vap->iv_newstate;
986 vap->iv_newstate = run_newstate;
987 if (opmode == IEEE80211_M_IBSS) {
988 rvp->recv_mgmt = vap->iv_recv_mgmt;
989 vap->iv_recv_mgmt = run_recv_mgmt;
990 }
991
992 ieee80211_ratectl_init(vap);
993 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
994
995 /* complete setup */
996 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
997 mac);
998
999 /* make sure id is always unique */
1000 for (i = 0; i < RUN_VAP_MAX; i++) {
1001 if((sc->rvp_bmap & 1 << i) == 0){
1002 sc->rvp_bmap |= 1 << i;
1003 rvp->rvp_id = i;
1004 break;
1005 }
1006 }
1007 if (sc->rvp_cnt++ == 0)
1008 ic->ic_opmode = opmode;
1009
1010 if (opmode == IEEE80211_M_HOSTAP)
1011 sc->cmdq_run = RUN_CMDQ_GO;
1012
1013 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n",
1014 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1015
1016 return (vap);
1017 }
1018
1019 static void
run_vap_delete(struct ieee80211vap * vap)1020 run_vap_delete(struct ieee80211vap *vap)
1021 {
1022 struct run_vap *rvp = RUN_VAP(vap);
1023 struct ieee80211com *ic;
1024 struct run_softc *sc;
1025 uint8_t rvp_id;
1026
1027 if (vap == NULL)
1028 return;
1029
1030 ic = vap->iv_ic;
1031 sc = ic->ic_softc;
1032
1033 RUN_LOCK(sc);
1034
1035 m_freem(rvp->beacon_mbuf);
1036 rvp->beacon_mbuf = NULL;
1037
1038 rvp_id = rvp->rvp_id;
1039 sc->ratectl_run &= ~(1 << rvp_id);
1040 sc->rvp_bmap &= ~(1 << rvp_id);
1041 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1042 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1043 --sc->rvp_cnt;
1044
1045 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
1046 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1047 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1048
1049 RUN_UNLOCK(sc);
1050
1051 ieee80211_ratectl_deinit(vap);
1052 ieee80211_vap_detach(vap);
1053 free(rvp, M_80211_VAP);
1054 }
1055
1056 /*
1057 * There are numbers of functions need to be called in context thread.
1058 * Rather than creating taskqueue event for each of those functions,
1059 * here is all-for-one taskqueue callback function. This function
1060 * guarantees deferred functions are executed in the same order they
1061 * were enqueued.
1062 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1063 */
1064 static void
run_cmdq_cb(void * arg,int pending)1065 run_cmdq_cb(void *arg, int pending)
1066 {
1067 struct run_softc *sc = arg;
1068 uint8_t i;
1069
1070 /* call cmdq[].func locked */
1071 RUN_LOCK(sc);
1072 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1073 i = sc->cmdq_exec, pending--) {
1074 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n",
1075 i, pending);
1076 if (sc->cmdq_run == RUN_CMDQ_GO) {
1077 /*
1078 * If arg0 is NULL, callback func needs more
1079 * than one arg. So, pass ptr to cmdq struct.
1080 */
1081 if (sc->cmdq[i].arg0)
1082 sc->cmdq[i].func(sc->cmdq[i].arg0);
1083 else
1084 sc->cmdq[i].func(&sc->cmdq[i]);
1085 }
1086 sc->cmdq[i].arg0 = NULL;
1087 sc->cmdq[i].func = NULL;
1088 sc->cmdq_exec++;
1089 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1090 }
1091 RUN_UNLOCK(sc);
1092 }
1093
1094 static void
run_setup_tx_list(struct run_softc * sc,struct run_endpoint_queue * pq)1095 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1096 {
1097 struct run_tx_data *data;
1098
1099 memset(pq, 0, sizeof(*pq));
1100
1101 STAILQ_INIT(&pq->tx_qh);
1102 STAILQ_INIT(&pq->tx_fh);
1103
1104 for (data = &pq->tx_data[0];
1105 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1106 data->sc = sc;
1107 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1108 }
1109 pq->tx_nfree = RUN_TX_RING_COUNT;
1110 }
1111
1112 static void
run_unsetup_tx_list(struct run_softc * sc,struct run_endpoint_queue * pq)1113 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1114 {
1115 struct run_tx_data *data;
1116
1117 /* make sure any subsequent use of the queues will fail */
1118 pq->tx_nfree = 0;
1119 STAILQ_INIT(&pq->tx_fh);
1120 STAILQ_INIT(&pq->tx_qh);
1121
1122 /* free up all node references and mbufs */
1123 for (data = &pq->tx_data[0];
1124 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1125 if (data->m != NULL) {
1126 m_freem(data->m);
1127 data->m = NULL;
1128 }
1129 if (data->ni != NULL) {
1130 ieee80211_free_node(data->ni);
1131 data->ni = NULL;
1132 }
1133 }
1134 }
1135
1136 static int
run_load_microcode(struct run_softc * sc)1137 run_load_microcode(struct run_softc *sc)
1138 {
1139 usb_device_request_t req;
1140 const struct firmware *fw;
1141 const u_char *base;
1142 uint32_t tmp;
1143 int ntries, error;
1144 const uint64_t *temp;
1145 uint64_t bytes;
1146
1147 RUN_UNLOCK(sc);
1148 fw = firmware_get("runfw");
1149 RUN_LOCK(sc);
1150 if (fw == NULL) {
1151 device_printf(sc->sc_dev,
1152 "failed loadfirmware of file %s\n", "runfw");
1153 return ENOENT;
1154 }
1155
1156 if (fw->datasize != 8192) {
1157 device_printf(sc->sc_dev,
1158 "invalid firmware size (should be 8KB)\n");
1159 error = EINVAL;
1160 goto fail;
1161 }
1162
1163 /*
1164 * RT3071/RT3072 use a different firmware
1165 * run-rt2870 (8KB) contains both,
1166 * first half (4KB) is for rt2870,
1167 * last half is for rt3071.
1168 */
1169 base = fw->data;
1170 if ((sc->mac_ver) != 0x2860 &&
1171 (sc->mac_ver) != 0x2872 &&
1172 (sc->mac_ver) != 0x3070) {
1173 base += 4096;
1174 }
1175
1176 /* cheap sanity check */
1177 temp = fw->data;
1178 bytes = *temp;
1179 if (bytes != be64toh(0xffffff0210280210ULL)) {
1180 device_printf(sc->sc_dev, "firmware checksum failed\n");
1181 error = EINVAL;
1182 goto fail;
1183 }
1184
1185 /* write microcode image */
1186 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1187 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1188 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1189 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1190 }
1191
1192 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1193 req.bRequest = RT2870_RESET;
1194 USETW(req.wValue, 8);
1195 USETW(req.wIndex, 0);
1196 USETW(req.wLength, 0);
1197 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1198 != 0) {
1199 device_printf(sc->sc_dev, "firmware reset failed\n");
1200 goto fail;
1201 }
1202
1203 run_delay(sc, 10);
1204
1205 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1206 run_write(sc, RT2860_H2M_MAILBOX, 0);
1207 run_write(sc, RT2860_H2M_INTSRC, 0);
1208 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1209 goto fail;
1210
1211 /* wait until microcontroller is ready */
1212 for (ntries = 0; ntries < 1000; ntries++) {
1213 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1214 goto fail;
1215 if (tmp & RT2860_MCU_READY)
1216 break;
1217 run_delay(sc, 10);
1218 }
1219 if (ntries == 1000) {
1220 device_printf(sc->sc_dev,
1221 "timeout waiting for MCU to initialize\n");
1222 error = ETIMEDOUT;
1223 goto fail;
1224 }
1225 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1226 (base == fw->data) ? "RT2870" : "RT3071",
1227 *(base + 4092), *(base + 4093));
1228
1229 fail:
1230 firmware_put(fw, FIRMWARE_UNLOAD);
1231 return (error);
1232 }
1233
1234 static int
run_reset(struct run_softc * sc)1235 run_reset(struct run_softc *sc)
1236 {
1237 usb_device_request_t req;
1238
1239 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1240 req.bRequest = RT2870_RESET;
1241 USETW(req.wValue, 1);
1242 USETW(req.wIndex, 0);
1243 USETW(req.wLength, 0);
1244 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1245 }
1246
1247 static usb_error_t
run_do_request(struct run_softc * sc,struct usb_device_request * req,void * data)1248 run_do_request(struct run_softc *sc,
1249 struct usb_device_request *req, void *data)
1250 {
1251 usb_error_t err;
1252 int ntries = 10;
1253
1254 RUN_LOCK_ASSERT(sc, MA_OWNED);
1255
1256 while (ntries--) {
1257 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1258 req, data, 0, NULL, 250 /* ms */);
1259 if (err == 0)
1260 break;
1261 RUN_DPRINTF(sc, RUN_DEBUG_USB,
1262 "Control request failed, %s (retrying)\n",
1263 usbd_errstr(err));
1264 run_delay(sc, 10);
1265 }
1266 return (err);
1267 }
1268
1269 static int
run_read(struct run_softc * sc,uint16_t reg,uint32_t * val)1270 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1271 {
1272 uint32_t tmp;
1273 int error;
1274
1275 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1276 if (error == 0)
1277 *val = le32toh(tmp);
1278 else
1279 *val = 0xffffffff;
1280 return (error);
1281 }
1282
1283 static int
run_read_region_1(struct run_softc * sc,uint16_t reg,uint8_t * buf,int len)1284 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1285 {
1286 usb_device_request_t req;
1287
1288 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1289 req.bRequest = RT2870_READ_REGION_1;
1290 USETW(req.wValue, 0);
1291 USETW(req.wIndex, reg);
1292 USETW(req.wLength, len);
1293
1294 return (run_do_request(sc, &req, buf));
1295 }
1296
1297 static int
run_write_2(struct run_softc * sc,uint16_t reg,uint16_t val)1298 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1299 {
1300 usb_device_request_t req;
1301
1302 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1303 req.bRequest = RT2870_WRITE_2;
1304 USETW(req.wValue, val);
1305 USETW(req.wIndex, reg);
1306 USETW(req.wLength, 0);
1307
1308 return (run_do_request(sc, &req, NULL));
1309 }
1310
1311 static int
run_write(struct run_softc * sc,uint16_t reg,uint32_t val)1312 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1313 {
1314 int error;
1315
1316 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1317 error = run_write_2(sc, reg + 2, val >> 16);
1318 return (error);
1319 }
1320
1321 static int
run_write_region_1(struct run_softc * sc,uint16_t reg,const uint8_t * buf,int len)1322 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1323 int len)
1324 {
1325 #if 1
1326 int i, error = 0;
1327 /*
1328 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1329 * We thus issue multiple WRITE_2 commands instead.
1330 */
1331 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1332 for (i = 0; i < len && error == 0; i += 2)
1333 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1334 return (error);
1335 #else
1336 usb_device_request_t req;
1337 int error = 0;
1338
1339 /*
1340 * NOTE: It appears the WRITE_REGION_1 command cannot be
1341 * passed a huge amount of data, which will crash the
1342 * firmware. Limit amount of data passed to 64-bytes at a
1343 * time.
1344 */
1345 while (len > 0) {
1346 int delta = 64;
1347 if (delta > len)
1348 delta = len;
1349
1350 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1351 req.bRequest = RT2870_WRITE_REGION_1;
1352 USETW(req.wValue, 0);
1353 USETW(req.wIndex, reg);
1354 USETW(req.wLength, delta);
1355 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1356 if (error != 0)
1357 break;
1358 reg += delta;
1359 buf += delta;
1360 len -= delta;
1361 }
1362 return (error);
1363 #endif
1364 }
1365
1366 static int
run_set_region_4(struct run_softc * sc,uint16_t reg,uint32_t val,int len)1367 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1368 {
1369 int i, error = 0;
1370
1371 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1372 for (i = 0; i < len && error == 0; i += 4)
1373 error = run_write(sc, reg + i, val);
1374 return (error);
1375 }
1376
1377 static int
run_efuse_read(struct run_softc * sc,uint16_t addr,uint16_t * val,int count)1378 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1379 {
1380 uint32_t tmp;
1381 uint16_t reg;
1382 int error, ntries;
1383
1384 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1385 return (error);
1386
1387 if (count == 2)
1388 addr *= 2;
1389 /*-
1390 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1391 * DATA0: F E D C
1392 * DATA1: B A 9 8
1393 * DATA2: 7 6 5 4
1394 * DATA3: 3 2 1 0
1395 */
1396 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1397 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1398 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1399 for (ntries = 0; ntries < 100; ntries++) {
1400 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1401 return (error);
1402 if (!(tmp & RT3070_EFSROM_KICK))
1403 break;
1404 run_delay(sc, 2);
1405 }
1406 if (ntries == 100)
1407 return (ETIMEDOUT);
1408
1409 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1410 *val = 0xffff; /* address not found */
1411 return (0);
1412 }
1413 /* determine to which 32-bit register our 16-bit word belongs */
1414 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1415 if ((error = run_read(sc, reg, &tmp)) != 0)
1416 return (error);
1417
1418 tmp >>= (8 * (addr & 0x3));
1419 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1420
1421 return (0);
1422 }
1423
1424 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1425 static int
run_efuse_read_2(struct run_softc * sc,uint16_t addr,uint16_t * val)1426 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1427 {
1428 return (run_efuse_read(sc, addr, val, 2));
1429 }
1430
1431 static int
run_eeprom_read_2(struct run_softc * sc,uint16_t addr,uint16_t * val)1432 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1433 {
1434 usb_device_request_t req;
1435 uint16_t tmp;
1436 int error;
1437
1438 addr *= 2;
1439 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1440 req.bRequest = RT2870_EEPROM_READ;
1441 USETW(req.wValue, 0);
1442 USETW(req.wIndex, addr);
1443 USETW(req.wLength, sizeof(tmp));
1444
1445 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1446 if (error == 0)
1447 *val = le16toh(tmp);
1448 else
1449 *val = 0xffff;
1450 return (error);
1451 }
1452
1453 static __inline int
run_srom_read(struct run_softc * sc,uint16_t addr,uint16_t * val)1454 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1455 {
1456 /* either eFUSE ROM or EEPROM */
1457 return sc->sc_srom_read(sc, addr, val);
1458 }
1459
1460 static int
run_rt2870_rf_write(struct run_softc * sc,uint32_t val)1461 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1462 {
1463 uint32_t tmp;
1464 int error, ntries;
1465
1466 for (ntries = 0; ntries < 10; ntries++) {
1467 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1468 return (error);
1469 if (!(tmp & RT2860_RF_REG_CTRL))
1470 break;
1471 }
1472 if (ntries == 10)
1473 return (ETIMEDOUT);
1474
1475 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1476 }
1477
1478 static int
run_rt3070_rf_read(struct run_softc * sc,uint8_t reg,uint8_t * val)1479 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1480 {
1481 uint32_t tmp;
1482 int error, ntries;
1483
1484 for (ntries = 0; ntries < 100; ntries++) {
1485 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1486 return (error);
1487 if (!(tmp & RT3070_RF_KICK))
1488 break;
1489 }
1490 if (ntries == 100)
1491 return (ETIMEDOUT);
1492
1493 tmp = RT3070_RF_KICK | reg << 8;
1494 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1495 return (error);
1496
1497 for (ntries = 0; ntries < 100; ntries++) {
1498 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1499 return (error);
1500 if (!(tmp & RT3070_RF_KICK))
1501 break;
1502 }
1503 if (ntries == 100)
1504 return (ETIMEDOUT);
1505
1506 *val = tmp & 0xff;
1507 return (0);
1508 }
1509
1510 static int
run_rt3070_rf_write(struct run_softc * sc,uint8_t reg,uint8_t val)1511 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1512 {
1513 uint32_t tmp;
1514 int error, ntries;
1515
1516 for (ntries = 0; ntries < 10; ntries++) {
1517 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1518 return (error);
1519 if (!(tmp & RT3070_RF_KICK))
1520 break;
1521 }
1522 if (ntries == 10)
1523 return (ETIMEDOUT);
1524
1525 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1526 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1527 }
1528
1529 static int
run_bbp_read(struct run_softc * sc,uint8_t reg,uint8_t * val)1530 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1531 {
1532 uint32_t tmp;
1533 int ntries, error;
1534
1535 for (ntries = 0; ntries < 10; ntries++) {
1536 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1537 return (error);
1538 if (!(tmp & RT2860_BBP_CSR_KICK))
1539 break;
1540 }
1541 if (ntries == 10)
1542 return (ETIMEDOUT);
1543
1544 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1545 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1546 return (error);
1547
1548 for (ntries = 0; ntries < 10; ntries++) {
1549 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1550 return (error);
1551 if (!(tmp & RT2860_BBP_CSR_KICK))
1552 break;
1553 }
1554 if (ntries == 10)
1555 return (ETIMEDOUT);
1556
1557 *val = tmp & 0xff;
1558 return (0);
1559 }
1560
1561 static int
run_bbp_write(struct run_softc * sc,uint8_t reg,uint8_t val)1562 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1563 {
1564 uint32_t tmp;
1565 int ntries, error;
1566
1567 for (ntries = 0; ntries < 10; ntries++) {
1568 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1569 return (error);
1570 if (!(tmp & RT2860_BBP_CSR_KICK))
1571 break;
1572 }
1573 if (ntries == 10)
1574 return (ETIMEDOUT);
1575
1576 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1577 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1578 }
1579
1580 /*
1581 * Send a command to the 8051 microcontroller unit.
1582 */
1583 static int
run_mcu_cmd(struct run_softc * sc,uint8_t cmd,uint16_t arg)1584 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1585 {
1586 uint32_t tmp;
1587 int error, ntries;
1588
1589 for (ntries = 0; ntries < 100; ntries++) {
1590 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1591 return error;
1592 if (!(tmp & RT2860_H2M_BUSY))
1593 break;
1594 }
1595 if (ntries == 100)
1596 return ETIMEDOUT;
1597
1598 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1599 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1600 error = run_write(sc, RT2860_HOST_CMD, cmd);
1601 return (error);
1602 }
1603
1604 /*
1605 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1606 * Used to adjust per-rate Tx power registers.
1607 */
1608 static __inline uint32_t
b4inc(uint32_t b32,int8_t delta)1609 b4inc(uint32_t b32, int8_t delta)
1610 {
1611 int8_t i, b4;
1612
1613 for (i = 0; i < 8; i++) {
1614 b4 = b32 & 0xf;
1615 b4 += delta;
1616 if (b4 < 0)
1617 b4 = 0;
1618 else if (b4 > 0xf)
1619 b4 = 0xf;
1620 b32 = b32 >> 4 | b4 << 28;
1621 }
1622 return (b32);
1623 }
1624
1625 static const char *
run_get_rf(uint16_t rev)1626 run_get_rf(uint16_t rev)
1627 {
1628 switch (rev) {
1629 case RT2860_RF_2820: return "RT2820";
1630 case RT2860_RF_2850: return "RT2850";
1631 case RT2860_RF_2720: return "RT2720";
1632 case RT2860_RF_2750: return "RT2750";
1633 case RT3070_RF_3020: return "RT3020";
1634 case RT3070_RF_2020: return "RT2020";
1635 case RT3070_RF_3021: return "RT3021";
1636 case RT3070_RF_3022: return "RT3022";
1637 case RT3070_RF_3052: return "RT3052";
1638 case RT3593_RF_3053: return "RT3053";
1639 case RT5592_RF_5592: return "RT5592";
1640 case RT5390_RF_5370: return "RT5370";
1641 case RT5390_RF_5372: return "RT5372";
1642 }
1643 return ("unknown");
1644 }
1645
1646 static void
run_rt3593_get_txpower(struct run_softc * sc)1647 run_rt3593_get_txpower(struct run_softc *sc)
1648 {
1649 uint16_t addr, val;
1650 int i;
1651
1652 /* Read power settings for 2GHz channels. */
1653 for (i = 0; i < 14; i += 2) {
1654 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1655 RT2860_EEPROM_PWR2GHZ_BASE1;
1656 run_srom_read(sc, addr + i / 2, &val);
1657 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1658 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1659
1660 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1661 RT2860_EEPROM_PWR2GHZ_BASE2;
1662 run_srom_read(sc, addr + i / 2, &val);
1663 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1664 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1665
1666 if (sc->ntxchains == 3) {
1667 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1668 &val);
1669 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1670 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1671 }
1672 }
1673 /* Fix broken Tx power entries. */
1674 for (i = 0; i < 14; i++) {
1675 if (sc->txpow1[i] > 31)
1676 sc->txpow1[i] = 5;
1677 if (sc->txpow2[i] > 31)
1678 sc->txpow2[i] = 5;
1679 if (sc->ntxchains == 3) {
1680 if (sc->txpow3[i] > 31)
1681 sc->txpow3[i] = 5;
1682 }
1683 }
1684 /* Read power settings for 5GHz channels. */
1685 for (i = 0; i < 40; i += 2) {
1686 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1687 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1688 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1689
1690 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1691 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1692 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1693
1694 if (sc->ntxchains == 3) {
1695 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1696 &val);
1697 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1698 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1699 }
1700 }
1701 }
1702
1703 static void
run_get_txpower(struct run_softc * sc)1704 run_get_txpower(struct run_softc *sc)
1705 {
1706 uint16_t val;
1707 int i;
1708
1709 /* Read power settings for 2GHz channels. */
1710 for (i = 0; i < 14; i += 2) {
1711 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1712 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1713 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1714
1715 if (sc->mac_ver != 0x5390) {
1716 run_srom_read(sc,
1717 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1718 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1719 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1720 }
1721 }
1722 /* Fix broken Tx power entries. */
1723 for (i = 0; i < 14; i++) {
1724 if (sc->mac_ver >= 0x5390) {
1725 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1726 sc->txpow1[i] = 5;
1727 } else {
1728 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1729 sc->txpow1[i] = 5;
1730 }
1731 if (sc->mac_ver > 0x5390) {
1732 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1733 sc->txpow2[i] = 5;
1734 } else if (sc->mac_ver < 0x5390) {
1735 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1736 sc->txpow2[i] = 5;
1737 }
1738 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1739 "chan %d: power1=%d, power2=%d\n",
1740 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1741 }
1742 /* Read power settings for 5GHz channels. */
1743 for (i = 0; i < 40; i += 2) {
1744 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1745 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1746 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1747
1748 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1749 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1750 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1751 }
1752 /* Fix broken Tx power entries. */
1753 for (i = 0; i < 40; i++ ) {
1754 if (sc->mac_ver != 0x5592) {
1755 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1756 sc->txpow1[14 + i] = 5;
1757 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1758 sc->txpow2[14 + i] = 5;
1759 }
1760 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1761 "chan %d: power1=%d, power2=%d\n",
1762 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1763 sc->txpow2[14 + i]);
1764 }
1765 }
1766
1767 static int
run_read_eeprom(struct run_softc * sc)1768 run_read_eeprom(struct run_softc *sc)
1769 {
1770 struct ieee80211com *ic = &sc->sc_ic;
1771 int8_t delta_2ghz, delta_5ghz;
1772 uint32_t tmp;
1773 uint16_t val;
1774 int ridx, ant, i;
1775
1776 /* check whether the ROM is eFUSE ROM or EEPROM */
1777 sc->sc_srom_read = run_eeprom_read_2;
1778 if (sc->mac_ver >= 0x3070) {
1779 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1780 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp);
1781 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1782 sc->sc_srom_read = run_efuse_read_2;
1783 }
1784
1785 /* read ROM version */
1786 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1787 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1788 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1789
1790 /* read MAC address */
1791 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1792 ic->ic_macaddr[0] = val & 0xff;
1793 ic->ic_macaddr[1] = val >> 8;
1794 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1795 ic->ic_macaddr[2] = val & 0xff;
1796 ic->ic_macaddr[3] = val >> 8;
1797 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1798 ic->ic_macaddr[4] = val & 0xff;
1799 ic->ic_macaddr[5] = val >> 8;
1800
1801 if (sc->mac_ver < 0x3593) {
1802 /* read vender BBP settings */
1803 for (i = 0; i < 10; i++) {
1804 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1805 sc->bbp[i].val = val & 0xff;
1806 sc->bbp[i].reg = val >> 8;
1807 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1808 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
1809 }
1810 if (sc->mac_ver >= 0x3071) {
1811 /* read vendor RF settings */
1812 for (i = 0; i < 10; i++) {
1813 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1814 &val);
1815 sc->rf[i].val = val & 0xff;
1816 sc->rf[i].reg = val >> 8;
1817 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n",
1818 sc->rf[i].reg, sc->rf[i].val);
1819 }
1820 }
1821 }
1822
1823 /* read RF frequency offset from EEPROM */
1824 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1825 RT3593_EEPROM_FREQ, &val);
1826 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1827 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n",
1828 sc->freq & 0xff);
1829
1830 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1831 RT3593_EEPROM_FREQ_LEDS, &val);
1832 if (val >> 8 != 0xff) {
1833 /* read LEDs operating mode */
1834 sc->leds = val >> 8;
1835 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1836 RT3593_EEPROM_LED1, &sc->led[0]);
1837 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1838 RT3593_EEPROM_LED2, &sc->led[1]);
1839 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1840 RT3593_EEPROM_LED3, &sc->led[2]);
1841 } else {
1842 /* broken EEPROM, use default settings */
1843 sc->leds = 0x01;
1844 sc->led[0] = 0x5555;
1845 sc->led[1] = 0x2221;
1846 sc->led[2] = 0x5627; /* differs from RT2860 */
1847 }
1848 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1849 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1850 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1851
1852 /* read RF information */
1853 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1854 run_srom_read(sc, 0x00, &val);
1855 else
1856 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1857
1858 if (val == 0xffff) {
1859 device_printf(sc->sc_dev,
1860 "invalid EEPROM antenna info, using default\n");
1861 if (sc->mac_ver == 0x3572) {
1862 /* default to RF3052 2T2R */
1863 sc->rf_rev = RT3070_RF_3052;
1864 sc->ntxchains = 2;
1865 sc->nrxchains = 2;
1866 } else if (sc->mac_ver >= 0x3070) {
1867 /* default to RF3020 1T1R */
1868 sc->rf_rev = RT3070_RF_3020;
1869 sc->ntxchains = 1;
1870 sc->nrxchains = 1;
1871 } else {
1872 /* default to RF2820 1T2R */
1873 sc->rf_rev = RT2860_RF_2820;
1874 sc->ntxchains = 1;
1875 sc->nrxchains = 2;
1876 }
1877 } else {
1878 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1879 sc->rf_rev = val;
1880 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1881 } else
1882 sc->rf_rev = (val >> 8) & 0xf;
1883 sc->ntxchains = (val >> 4) & 0xf;
1884 sc->nrxchains = val & 0xf;
1885 }
1886 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n",
1887 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1888
1889 /* check if RF supports automatic Tx access gain control */
1890 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1891 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val);
1892 /* check if driver should patch the DAC issue */
1893 if ((val >> 8) != 0xff)
1894 sc->patch_dac = (val >> 15) & 1;
1895 if ((val & 0xff) != 0xff) {
1896 sc->ext_5ghz_lna = (val >> 3) & 1;
1897 sc->ext_2ghz_lna = (val >> 2) & 1;
1898 /* check if RF supports automatic Tx access gain control */
1899 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1900 /* check if we have a hardware radio switch */
1901 sc->rfswitch = val & 1;
1902 }
1903
1904 /* Read Tx power settings. */
1905 if (sc->mac_ver == 0x3593)
1906 run_rt3593_get_txpower(sc);
1907 else
1908 run_get_txpower(sc);
1909
1910 /* read Tx power compensation for each Tx rate */
1911 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1912 delta_2ghz = delta_5ghz = 0;
1913 if ((val & 0xff) != 0xff && (val & 0x80)) {
1914 delta_2ghz = val & 0xf;
1915 if (!(val & 0x40)) /* negative number */
1916 delta_2ghz = -delta_2ghz;
1917 }
1918 val >>= 8;
1919 if ((val & 0xff) != 0xff && (val & 0x80)) {
1920 delta_5ghz = val & 0xf;
1921 if (!(val & 0x40)) /* negative number */
1922 delta_5ghz = -delta_5ghz;
1923 }
1924 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1925 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz);
1926
1927 for (ridx = 0; ridx < 5; ridx++) {
1928 uint32_t reg;
1929
1930 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1931 reg = val;
1932 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1933 reg |= (uint32_t)val << 16;
1934
1935 sc->txpow20mhz[ridx] = reg;
1936 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1937 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1938
1939 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1940 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1941 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1942 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1943 }
1944
1945 /* Read RSSI offsets and LNA gains from EEPROM. */
1946 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1947 RT3593_EEPROM_RSSI1_2GHZ, &val);
1948 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1949 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1950 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1951 RT3593_EEPROM_RSSI2_2GHZ, &val);
1952 if (sc->mac_ver >= 0x3070) {
1953 if (sc->mac_ver == 0x3593) {
1954 sc->txmixgain_2ghz = 0;
1955 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1956 } else {
1957 /*
1958 * On RT3070 chips (limited to 2 Rx chains), this ROM
1959 * field contains the Tx mixer gain for the 2GHz band.
1960 */
1961 if ((val & 0xff) != 0xff)
1962 sc->txmixgain_2ghz = val & 0x7;
1963 }
1964 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n",
1965 sc->txmixgain_2ghz);
1966 } else
1967 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1968 if (sc->mac_ver == 0x3593)
1969 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1970 sc->lna[2] = val >> 8; /* channel group 2 */
1971
1972 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1973 RT3593_EEPROM_RSSI1_5GHZ, &val);
1974 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1975 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1976 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1977 RT3593_EEPROM_RSSI2_5GHZ, &val);
1978 if (sc->mac_ver == 0x3572) {
1979 /*
1980 * On RT3572 chips (limited to 2 Rx chains), this ROM
1981 * field contains the Tx mixer gain for the 5GHz band.
1982 */
1983 if ((val & 0xff) != 0xff)
1984 sc->txmixgain_5ghz = val & 0x7;
1985 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n",
1986 sc->txmixgain_5ghz);
1987 } else
1988 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1989 if (sc->mac_ver == 0x3593) {
1990 sc->txmixgain_5ghz = 0;
1991 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1992 }
1993 sc->lna[3] = val >> 8; /* channel group 3 */
1994
1995 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1996 RT3593_EEPROM_LNA, &val);
1997 sc->lna[0] = val & 0xff; /* channel group 0 */
1998 sc->lna[1] = val >> 8; /* channel group 1 */
1999
2000 /* fix broken 5GHz LNA entries */
2001 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
2002 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2003 "invalid LNA for channel group %d\n", 2);
2004 sc->lna[2] = sc->lna[1];
2005 }
2006 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
2007 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2008 "invalid LNA for channel group %d\n", 3);
2009 sc->lna[3] = sc->lna[1];
2010 }
2011
2012 /* fix broken RSSI offset entries */
2013 for (ant = 0; ant < 3; ant++) {
2014 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
2015 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2016 "invalid RSSI%d offset: %d (2GHz)\n",
2017 ant + 1, sc->rssi_2ghz[ant]);
2018 sc->rssi_2ghz[ant] = 0;
2019 }
2020 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
2021 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2022 "invalid RSSI%d offset: %d (5GHz)\n",
2023 ant + 1, sc->rssi_5ghz[ant]);
2024 sc->rssi_5ghz[ant] = 0;
2025 }
2026 }
2027 return (0);
2028 }
2029
2030 static struct ieee80211_node *
run_node_alloc(struct ieee80211vap * vap,const uint8_t mac[IEEE80211_ADDR_LEN])2031 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2032 {
2033 return malloc(sizeof (struct run_node), M_80211_NODE,
2034 M_NOWAIT | M_ZERO);
2035 }
2036
2037 static int
run_media_change(struct ifnet * ifp)2038 run_media_change(struct ifnet *ifp)
2039 {
2040 struct ieee80211vap *vap = ifp->if_softc;
2041 struct ieee80211com *ic = vap->iv_ic;
2042 const struct ieee80211_txparam *tp;
2043 struct run_softc *sc = ic->ic_softc;
2044 uint8_t rate, ridx;
2045 int error;
2046
2047 RUN_LOCK(sc);
2048
2049 error = ieee80211_media_change(ifp);
2050 if (error != ENETRESET) {
2051 RUN_UNLOCK(sc);
2052 return (error);
2053 }
2054
2055 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2056 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2057 struct ieee80211_node *ni;
2058 struct run_node *rn;
2059
2060 rate = ic->ic_sup_rates[ic->ic_curmode].
2061 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2062 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2063 if (rt2860_rates[ridx].rate == rate)
2064 break;
2065 ni = ieee80211_ref_node(vap->iv_bss);
2066 rn = RUN_NODE(ni);
2067 rn->fix_ridx = ridx;
2068 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n",
2069 rate, rn->fix_ridx);
2070 ieee80211_free_node(ni);
2071 }
2072
2073 #if 0
2074 if ((ifp->if_flags & IFF_UP) &&
2075 (ifp->if_drv_flags & RUN_RUNNING)){
2076 run_init_locked(sc);
2077 }
2078 #endif
2079
2080 RUN_UNLOCK(sc);
2081
2082 return (0);
2083 }
2084
2085 static int
run_newstate(struct ieee80211vap * vap,enum ieee80211_state nstate,int arg)2086 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2087 {
2088 const struct ieee80211_txparam *tp;
2089 struct ieee80211com *ic = vap->iv_ic;
2090 struct run_softc *sc = ic->ic_softc;
2091 struct run_vap *rvp = RUN_VAP(vap);
2092 enum ieee80211_state ostate;
2093 uint32_t sta[3];
2094 uint8_t ratectl;
2095 uint8_t restart_ratectl = 0;
2096 uint8_t bid = 1 << rvp->rvp_id;
2097
2098 ostate = vap->iv_state;
2099 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n",
2100 ieee80211_state_name[ostate],
2101 ieee80211_state_name[nstate]);
2102
2103 IEEE80211_UNLOCK(ic);
2104 RUN_LOCK(sc);
2105
2106 ratectl = sc->ratectl_run; /* remember current state */
2107 sc->ratectl_run = RUN_RATECTL_OFF;
2108 usb_callout_stop(&sc->ratectl_ch);
2109
2110 if (ostate == IEEE80211_S_RUN) {
2111 /* turn link LED off */
2112 run_set_leds(sc, RT2860_LED_RADIO);
2113 }
2114
2115 switch (nstate) {
2116 case IEEE80211_S_INIT:
2117 restart_ratectl = 1;
2118
2119 if (ostate != IEEE80211_S_RUN)
2120 break;
2121
2122 ratectl &= ~bid;
2123 sc->runbmap &= ~bid;
2124
2125 /* abort TSF synchronization if there is no vap running */
2126 if (--sc->running == 0)
2127 run_disable_tsf(sc);
2128 break;
2129
2130 case IEEE80211_S_RUN:
2131 if (!(sc->runbmap & bid)) {
2132 if(sc->running++)
2133 restart_ratectl = 1;
2134 sc->runbmap |= bid;
2135 }
2136
2137 m_freem(rvp->beacon_mbuf);
2138 rvp->beacon_mbuf = NULL;
2139
2140 switch (vap->iv_opmode) {
2141 case IEEE80211_M_HOSTAP:
2142 case IEEE80211_M_MBSS:
2143 sc->ap_running |= bid;
2144 ic->ic_opmode = vap->iv_opmode;
2145 run_update_beacon_cb(vap);
2146 break;
2147 case IEEE80211_M_IBSS:
2148 sc->adhoc_running |= bid;
2149 if (!sc->ap_running)
2150 ic->ic_opmode = vap->iv_opmode;
2151 run_update_beacon_cb(vap);
2152 break;
2153 case IEEE80211_M_STA:
2154 sc->sta_running |= bid;
2155 if (!sc->ap_running && !sc->adhoc_running)
2156 ic->ic_opmode = vap->iv_opmode;
2157
2158 /* read statistic counters (clear on read) */
2159 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2160 (uint8_t *)sta, sizeof sta);
2161
2162 break;
2163 default:
2164 ic->ic_opmode = vap->iv_opmode;
2165 break;
2166 }
2167
2168 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2169 struct ieee80211_node *ni;
2170
2171 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2172 RUN_UNLOCK(sc);
2173 IEEE80211_LOCK(ic);
2174 return (-1);
2175 }
2176 run_updateslot(ic);
2177 run_enable_mrr(sc);
2178 run_set_txpreamble(sc);
2179 run_set_basicrates(sc);
2180 ni = ieee80211_ref_node(vap->iv_bss);
2181 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2182 run_set_bssid(sc, sc->sc_bssid);
2183 ieee80211_free_node(ni);
2184 run_enable_tsf_sync(sc);
2185
2186 /* enable automatic rate adaptation */
2187 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2188 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2189 ratectl |= bid;
2190 } else
2191 run_enable_tsf(sc);
2192
2193 /* turn link LED on */
2194 run_set_leds(sc, RT2860_LED_RADIO |
2195 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2196 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2197
2198 break;
2199 default:
2200 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n");
2201 break;
2202 }
2203
2204 /* restart amrr for running VAPs */
2205 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2206 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2207
2208 RUN_UNLOCK(sc);
2209 IEEE80211_LOCK(ic);
2210
2211 return(rvp->newstate(vap, nstate, arg));
2212 }
2213
2214 static int
run_wme_update(struct ieee80211com * ic)2215 run_wme_update(struct ieee80211com *ic)
2216 {
2217 struct chanAccParams chp;
2218 struct run_softc *sc = ic->ic_softc;
2219 const struct wmeParams *ac;
2220 int aci, error = 0;
2221
2222 ieee80211_wme_ic_getparams(ic, &chp);
2223 ac = chp.cap_wmeParams;
2224
2225 /* update MAC TX configuration registers */
2226 RUN_LOCK(sc);
2227 for (aci = 0; aci < WME_NUM_AC; aci++) {
2228 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2229 ac[aci].wmep_logcwmax << 16 |
2230 ac[aci].wmep_logcwmin << 12 |
2231 ac[aci].wmep_aifsn << 8 |
2232 ac[aci].wmep_txopLimit);
2233 if (error) goto err;
2234 }
2235
2236 /* update SCH/DMA registers too */
2237 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2238 ac[WME_AC_VO].wmep_aifsn << 12 |
2239 ac[WME_AC_VI].wmep_aifsn << 8 |
2240 ac[WME_AC_BK].wmep_aifsn << 4 |
2241 ac[WME_AC_BE].wmep_aifsn);
2242 if (error) goto err;
2243 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2244 ac[WME_AC_VO].wmep_logcwmin << 12 |
2245 ac[WME_AC_VI].wmep_logcwmin << 8 |
2246 ac[WME_AC_BK].wmep_logcwmin << 4 |
2247 ac[WME_AC_BE].wmep_logcwmin);
2248 if (error) goto err;
2249 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2250 ac[WME_AC_VO].wmep_logcwmax << 12 |
2251 ac[WME_AC_VI].wmep_logcwmax << 8 |
2252 ac[WME_AC_BK].wmep_logcwmax << 4 |
2253 ac[WME_AC_BE].wmep_logcwmax);
2254 if (error) goto err;
2255 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2256 ac[WME_AC_BK].wmep_txopLimit << 16 |
2257 ac[WME_AC_BE].wmep_txopLimit);
2258 if (error) goto err;
2259 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2260 ac[WME_AC_VO].wmep_txopLimit << 16 |
2261 ac[WME_AC_VI].wmep_txopLimit);
2262
2263 err:
2264 RUN_UNLOCK(sc);
2265 if (error)
2266 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n");
2267
2268 return (error);
2269 }
2270
2271 static void
run_key_set_cb(void * arg)2272 run_key_set_cb(void *arg)
2273 {
2274 struct run_cmdq *cmdq = arg;
2275 struct ieee80211vap *vap = cmdq->arg1;
2276 struct ieee80211_key *k = cmdq->k;
2277 struct ieee80211com *ic = vap->iv_ic;
2278 struct run_softc *sc = ic->ic_softc;
2279 struct ieee80211_node *ni;
2280 u_int cipher = k->wk_cipher->ic_cipher;
2281 uint32_t attr;
2282 uint16_t base, associd;
2283 uint8_t mode, wcid, iv[8];
2284
2285 RUN_LOCK_ASSERT(sc, MA_OWNED);
2286
2287 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2288 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2289 else
2290 ni = vap->iv_bss;
2291 associd = (ni != NULL) ? ni->ni_associd : 0;
2292
2293 /* map net80211 cipher to RT2860 security mode */
2294 switch (cipher) {
2295 case IEEE80211_CIPHER_WEP:
2296 if(k->wk_keylen < 8)
2297 mode = RT2860_MODE_WEP40;
2298 else
2299 mode = RT2860_MODE_WEP104;
2300 break;
2301 case IEEE80211_CIPHER_TKIP:
2302 mode = RT2860_MODE_TKIP;
2303 break;
2304 case IEEE80211_CIPHER_AES_CCM:
2305 mode = RT2860_MODE_AES_CCMP;
2306 break;
2307 default:
2308 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n");
2309 return;
2310 }
2311
2312 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2313 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2314 associd, k->wk_keyix, mode,
2315 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2316 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2317 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2318
2319 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2320 wcid = 0; /* NB: update WCID0 for group keys */
2321 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2322 } else {
2323 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2324 1 : RUN_AID2WCID(associd);
2325 base = RT2860_PKEY(wcid);
2326 }
2327
2328 if (cipher == IEEE80211_CIPHER_TKIP) {
2329 if(run_write_region_1(sc, base, k->wk_key, 16))
2330 return;
2331 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2332 return;
2333 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2334 return;
2335 } else {
2336 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2337 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2338 return;
2339 }
2340
2341 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2342 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2343 /* set initial packet number in IV+EIV */
2344 if (cipher == IEEE80211_CIPHER_WEP) {
2345 memset(iv, 0, sizeof iv);
2346 iv[3] = vap->iv_def_txkey << 6;
2347 } else {
2348 if (cipher == IEEE80211_CIPHER_TKIP) {
2349 iv[0] = k->wk_keytsc >> 8;
2350 iv[1] = (iv[0] | 0x20) & 0x7f;
2351 iv[2] = k->wk_keytsc;
2352 } else /* CCMP */ {
2353 iv[0] = k->wk_keytsc;
2354 iv[1] = k->wk_keytsc >> 8;
2355 iv[2] = 0;
2356 }
2357 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2358 iv[4] = k->wk_keytsc >> 16;
2359 iv[5] = k->wk_keytsc >> 24;
2360 iv[6] = k->wk_keytsc >> 32;
2361 iv[7] = k->wk_keytsc >> 40;
2362 }
2363 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2364 return;
2365 }
2366
2367 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2368 /* install group key */
2369 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2370 return;
2371 attr &= ~(0xf << (k->wk_keyix * 4));
2372 attr |= mode << (k->wk_keyix * 4);
2373 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2374 return;
2375 } else {
2376 /* install pairwise key */
2377 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2378 return;
2379 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2380 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2381 return;
2382 }
2383
2384 /* TODO create a pass-thru key entry? */
2385
2386 /* need wcid to delete the right key later */
2387 k->wk_pad = wcid;
2388 }
2389
2390 /*
2391 * Don't have to be deferred, but in order to keep order of
2392 * execution, i.e. with run_key_delete(), defer this and let
2393 * run_cmdq_cb() maintain the order.
2394 *
2395 * return 0 on error
2396 */
2397 static int
run_key_set(struct ieee80211vap * vap,struct ieee80211_key * k)2398 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2399 {
2400 struct ieee80211com *ic = vap->iv_ic;
2401 struct run_softc *sc = ic->ic_softc;
2402 uint32_t i;
2403
2404 i = RUN_CMDQ_GET(&sc->cmdq_store);
2405 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2406 sc->cmdq[i].func = run_key_set_cb;
2407 sc->cmdq[i].arg0 = NULL;
2408 sc->cmdq[i].arg1 = vap;
2409 sc->cmdq[i].k = k;
2410 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2411 ieee80211_runtask(ic, &sc->cmdq_task);
2412
2413 /*
2414 * To make sure key will be set when hostapd
2415 * calls iv_key_set() before if_init().
2416 */
2417 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2418 RUN_LOCK(sc);
2419 sc->cmdq_key_set = RUN_CMDQ_GO;
2420 RUN_UNLOCK(sc);
2421 }
2422
2423 return (1);
2424 }
2425
2426 /*
2427 * If wlan is destroyed without being brought down i.e. without
2428 * wlan down or wpa_cli terminate, this function is called after
2429 * vap is gone. Don't refer it.
2430 */
2431 static void
run_key_delete_cb(void * arg)2432 run_key_delete_cb(void *arg)
2433 {
2434 struct run_cmdq *cmdq = arg;
2435 struct run_softc *sc = cmdq->arg1;
2436 struct ieee80211_key *k = &cmdq->key;
2437 uint32_t attr;
2438 uint8_t wcid;
2439
2440 RUN_LOCK_ASSERT(sc, MA_OWNED);
2441
2442 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2443 /* remove group key */
2444 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n");
2445 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2446 attr &= ~(0xf << (k->wk_keyix * 4));
2447 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2448 } else {
2449 /* remove pairwise key */
2450 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2451 "removing key for wcid %x\n", k->wk_pad);
2452 /* matching wcid was written to wk_pad in run_key_set() */
2453 wcid = k->wk_pad;
2454 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2455 attr &= ~0xf;
2456 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2457 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2458 }
2459
2460 k->wk_pad = 0;
2461 }
2462
2463 /*
2464 * return 0 on error
2465 */
2466 static int
run_key_delete(struct ieee80211vap * vap,struct ieee80211_key * k)2467 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2468 {
2469 struct ieee80211com *ic = vap->iv_ic;
2470 struct run_softc *sc = ic->ic_softc;
2471 struct ieee80211_key *k0;
2472 uint32_t i;
2473
2474 /*
2475 * When called back, key might be gone. So, make a copy
2476 * of some values need to delete keys before deferring.
2477 * But, because of LOR with node lock, cannot use lock here.
2478 * So, use atomic instead.
2479 */
2480 i = RUN_CMDQ_GET(&sc->cmdq_store);
2481 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2482 sc->cmdq[i].func = run_key_delete_cb;
2483 sc->cmdq[i].arg0 = NULL;
2484 sc->cmdq[i].arg1 = sc;
2485 k0 = &sc->cmdq[i].key;
2486 k0->wk_flags = k->wk_flags;
2487 k0->wk_keyix = k->wk_keyix;
2488 /* matching wcid was written to wk_pad in run_key_set() */
2489 k0->wk_pad = k->wk_pad;
2490 ieee80211_runtask(ic, &sc->cmdq_task);
2491 return (1); /* return fake success */
2492
2493 }
2494
2495 static void
run_ratectl_to(void * arg)2496 run_ratectl_to(void *arg)
2497 {
2498 struct run_softc *sc = arg;
2499
2500 /* do it in a process context, so it can go sleep */
2501 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2502 /* next timeout will be rescheduled in the callback task */
2503 }
2504
2505 /* ARGSUSED */
2506 static void
run_ratectl_cb(void * arg,int pending)2507 run_ratectl_cb(void *arg, int pending)
2508 {
2509 struct run_softc *sc = arg;
2510 struct ieee80211com *ic = &sc->sc_ic;
2511 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2512
2513 if (vap == NULL)
2514 return;
2515
2516 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2517 /*
2518 * run_reset_livelock() doesn't do anything with AMRR,
2519 * but Ralink wants us to call it every 1 sec. So, we
2520 * piggyback here rather than creating another callout.
2521 * Livelock may occur only in HOSTAP or IBSS mode
2522 * (when h/w is sending beacons).
2523 */
2524 RUN_LOCK(sc);
2525 run_reset_livelock(sc);
2526 /* just in case, there are some stats to drain */
2527 run_drain_fifo(sc);
2528 RUN_UNLOCK(sc);
2529 }
2530
2531 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2532
2533 RUN_LOCK(sc);
2534 if(sc->ratectl_run != RUN_RATECTL_OFF)
2535 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2536 RUN_UNLOCK(sc);
2537 }
2538
2539 static void
run_drain_fifo(void * arg)2540 run_drain_fifo(void *arg)
2541 {
2542 struct run_softc *sc = arg;
2543 uint32_t stat;
2544 uint16_t (*wstat)[3];
2545 uint8_t wcid, mcs, pid;
2546 int8_t retry;
2547
2548 RUN_LOCK_ASSERT(sc, MA_OWNED);
2549
2550 for (;;) {
2551 /* drain Tx status FIFO (maxsize = 16) */
2552 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2553 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat);
2554 if (!(stat & RT2860_TXQ_VLD))
2555 break;
2556
2557 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2558
2559 /* if no ACK was requested, no feedback is available */
2560 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2561 wcid == 0)
2562 continue;
2563
2564 /*
2565 * Even though each stat is Tx-complete-status like format,
2566 * the device can poll stats. Because there is no guarantee
2567 * that the referring node is still around when read the stats.
2568 * So that, if we use ieee80211_ratectl_tx_update(), we will
2569 * have hard time not to refer already freed node.
2570 *
2571 * To eliminate such page faults, we poll stats in softc.
2572 * Then, update the rates later with ieee80211_ratectl_tx_update().
2573 */
2574 wstat = &(sc->wcid_stats[wcid]);
2575 (*wstat)[RUN_TXCNT]++;
2576 if (stat & RT2860_TXQ_OK)
2577 (*wstat)[RUN_SUCCESS]++;
2578 else
2579 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2580 /*
2581 * Check if there were retries, ie if the Tx success rate is
2582 * different from the requested rate. Note that it works only
2583 * because we do not allow rate fallback from OFDM to CCK.
2584 */
2585 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2586 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2587 if ((retry = pid -1 - mcs) > 0) {
2588 (*wstat)[RUN_TXCNT] += retry;
2589 (*wstat)[RUN_RETRY] += retry;
2590 }
2591 }
2592 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt);
2593
2594 sc->fifo_cnt = 0;
2595 }
2596
2597 static void
run_iter_func(void * arg,struct ieee80211_node * ni)2598 run_iter_func(void *arg, struct ieee80211_node *ni)
2599 {
2600 struct run_softc *sc = arg;
2601 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
2602 struct ieee80211vap *vap = ni->ni_vap;
2603 struct run_node *rn = RUN_NODE(ni);
2604 union run_stats sta[2];
2605 uint16_t (*wstat)[3];
2606 int error;
2607
2608 RUN_LOCK(sc);
2609
2610 /* Check for special case */
2611 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2612 ni != vap->iv_bss)
2613 goto fail;
2614
2615 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
2616 IEEE80211_RATECTL_TX_STATS_RETRIES;
2617 txs->ni = ni;
2618 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2619 vap->iv_opmode == IEEE80211_M_STA)) {
2620 /* read statistic counters (clear on read) and update AMRR state */
2621 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2622 sizeof sta);
2623 if (error != 0)
2624 goto fail;
2625
2626 /* count failed TX as errors */
2627 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2628 le16toh(sta[0].error.fail));
2629
2630 txs->nretries = le16toh(sta[1].tx.retry);
2631 txs->nsuccess = le16toh(sta[1].tx.success);
2632 /* nretries??? */
2633 txs->nframes = txs->nretries + txs->nsuccess +
2634 le16toh(sta[0].error.fail);
2635
2636 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2637 "retrycnt=%d success=%d failcnt=%d\n",
2638 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail));
2639 } else {
2640 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2641
2642 if (wstat == &(sc->wcid_stats[0]) ||
2643 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2644 goto fail;
2645
2646 txs->nretries = (*wstat)[RUN_RETRY];
2647 txs->nsuccess = (*wstat)[RUN_SUCCESS];
2648 txs->nframes = (*wstat)[RUN_TXCNT];
2649 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2650 "retrycnt=%d txcnt=%d success=%d\n",
2651 txs->nretries, txs->nframes, txs->nsuccess);
2652
2653 memset(wstat, 0, sizeof(*wstat));
2654 }
2655
2656 ieee80211_ratectl_tx_update(vap, txs);
2657 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2658
2659 fail:
2660 RUN_UNLOCK(sc);
2661
2662 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx);
2663 }
2664
2665 static void
run_newassoc_cb(void * arg)2666 run_newassoc_cb(void *arg)
2667 {
2668 struct run_cmdq *cmdq = arg;
2669 struct ieee80211_node *ni = cmdq->arg1;
2670 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2671 uint8_t wcid = cmdq->wcid;
2672
2673 RUN_LOCK_ASSERT(sc, MA_OWNED);
2674
2675 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2676 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2677
2678 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2679 }
2680
2681 static void
run_newassoc(struct ieee80211_node * ni,int isnew)2682 run_newassoc(struct ieee80211_node *ni, int isnew)
2683 {
2684 struct run_node *rn = RUN_NODE(ni);
2685 struct ieee80211_rateset *rs = &ni->ni_rates;
2686 struct ieee80211vap *vap = ni->ni_vap;
2687 struct ieee80211com *ic = vap->iv_ic;
2688 struct run_softc *sc = ic->ic_softc;
2689 uint8_t rate;
2690 uint8_t ridx;
2691 uint8_t wcid;
2692 int i, j;
2693
2694 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2695 1 : RUN_AID2WCID(ni->ni_associd);
2696
2697 if (wcid > RT2870_WCID_MAX) {
2698 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2699 return;
2700 }
2701
2702 /* only interested in true associations */
2703 if (isnew && ni->ni_associd != 0) {
2704
2705 /*
2706 * This function could is called though timeout function.
2707 * Need to defer.
2708 */
2709 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2710 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt);
2711 sc->cmdq[cnt].func = run_newassoc_cb;
2712 sc->cmdq[cnt].arg0 = NULL;
2713 sc->cmdq[cnt].arg1 = ni;
2714 sc->cmdq[cnt].wcid = wcid;
2715 ieee80211_runtask(ic, &sc->cmdq_task);
2716 }
2717
2718 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
2719 "new assoc isnew=%d associd=%x addr=%s\n",
2720 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2721
2722 for (i = 0; i < rs->rs_nrates; i++) {
2723 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2724 /* convert 802.11 rate to hardware rate index */
2725 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2726 if (rt2860_rates[ridx].rate == rate)
2727 break;
2728 rn->ridx[i] = ridx;
2729 /* determine rate of control response frames */
2730 for (j = i; j >= 0; j--) {
2731 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2732 rt2860_rates[rn->ridx[i]].phy ==
2733 rt2860_rates[rn->ridx[j]].phy)
2734 break;
2735 }
2736 if (j >= 0) {
2737 rn->ctl_ridx[i] = rn->ridx[j];
2738 } else {
2739 /* no basic rate found, use mandatory one */
2740 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2741 }
2742 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2743 "rate=0x%02x ridx=%d ctl_ridx=%d\n",
2744 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2745 }
2746 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2747 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2748 if (rt2860_rates[ridx].rate == rate)
2749 break;
2750 rn->mgt_ridx = ridx;
2751 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2752 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2753
2754 RUN_LOCK(sc);
2755 if(sc->ratectl_run != RUN_RATECTL_OFF)
2756 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2757 RUN_UNLOCK(sc);
2758 }
2759
2760 /*
2761 * Return the Rx chain with the highest RSSI for a given frame.
2762 */
2763 static __inline uint8_t
run_maxrssi_chain(struct run_softc * sc,const struct rt2860_rxwi * rxwi)2764 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2765 {
2766 uint8_t rxchain = 0;
2767
2768 if (sc->nrxchains > 1) {
2769 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2770 rxchain = 1;
2771 if (sc->nrxchains > 2)
2772 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2773 rxchain = 2;
2774 }
2775 return (rxchain);
2776 }
2777
2778 static void
run_recv_mgmt(struct ieee80211_node * ni,struct mbuf * m,int subtype,const struct ieee80211_rx_stats * rxs,int rssi,int nf)2779 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2780 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2781 {
2782 struct ieee80211vap *vap = ni->ni_vap;
2783 struct run_softc *sc = vap->iv_ic->ic_softc;
2784 struct run_vap *rvp = RUN_VAP(vap);
2785 uint64_t ni_tstamp, rx_tstamp;
2786
2787 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2788
2789 if (vap->iv_state == IEEE80211_S_RUN &&
2790 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2791 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2792 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2793 RUN_LOCK(sc);
2794 run_get_tsf(sc, &rx_tstamp);
2795 RUN_UNLOCK(sc);
2796 rx_tstamp = le64toh(rx_tstamp);
2797
2798 if (ni_tstamp >= rx_tstamp) {
2799 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON,
2800 "ibss merge, tsf %ju tstamp %ju\n",
2801 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2802 (void) ieee80211_ibss_merge(ni);
2803 }
2804 }
2805 }
2806
2807 static void
run_rx_frame(struct run_softc * sc,struct mbuf * m,uint32_t dmalen)2808 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2809 {
2810 struct ieee80211com *ic = &sc->sc_ic;
2811 struct ieee80211_frame *wh;
2812 struct ieee80211_node *ni;
2813 struct rt2870_rxd *rxd;
2814 struct rt2860_rxwi *rxwi;
2815 uint32_t flags;
2816 uint16_t len, rxwisize;
2817 uint8_t ant, rssi;
2818 int8_t nf;
2819
2820 rxwisize = sizeof(struct rt2860_rxwi);
2821 if (sc->mac_ver == 0x5592)
2822 rxwisize += sizeof(uint64_t);
2823 else if (sc->mac_ver == 0x3593)
2824 rxwisize += sizeof(uint32_t);
2825
2826 if (__predict_false(dmalen <
2827 rxwisize + sizeof(struct ieee80211_frame_ack))) {
2828 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2829 "payload is too short: dma length %u < %zu\n",
2830 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack));
2831 goto fail;
2832 }
2833
2834 rxwi = mtod(m, struct rt2860_rxwi *);
2835 len = le16toh(rxwi->len) & 0xfff;
2836
2837 if (__predict_false(len > dmalen - rxwisize)) {
2838 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2839 "bad RXWI length %u > %u\n", len, dmalen);
2840 goto fail;
2841 }
2842
2843 /* Rx descriptor is located at the end */
2844 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2845 flags = le32toh(rxd->flags);
2846
2847 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2848 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n",
2849 (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2850 goto fail;
2851 }
2852
2853 if (flags & RT2860_RX_L2PAD) {
2854 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2855 "received RT2860_RX_L2PAD frame\n");
2856 len += 2;
2857 }
2858
2859 m->m_data += rxwisize;
2860 m->m_pkthdr.len = m->m_len = len;
2861
2862 wh = mtod(m, struct ieee80211_frame *);
2863
2864 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 &&
2865 (flags & RT2860_RX_DEC) != 0) {
2866 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2867 m->m_flags |= M_WEP;
2868 }
2869
2870 if (len >= sizeof(struct ieee80211_frame_min)) {
2871 ni = ieee80211_find_rxnode(ic,
2872 mtod(m, struct ieee80211_frame_min *));
2873 } else
2874 ni = NULL;
2875
2876 if (__predict_false(flags & RT2860_RX_MICERR)) {
2877 /* report MIC failures to net80211 for TKIP */
2878 if (ni != NULL)
2879 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2880 rxwi->keyidx);
2881 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2882 "MIC error. Someone is lying.\n");
2883 goto fail;
2884 }
2885
2886 ant = run_maxrssi_chain(sc, rxwi);
2887 rssi = rxwi->rssi[ant];
2888 nf = run_rssi2dbm(sc, rssi, ant);
2889
2890 if (__predict_false(ieee80211_radiotap_active(ic))) {
2891 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2892 uint16_t phy;
2893
2894 tap->wr_flags = 0;
2895 if (flags & RT2860_RX_L2PAD)
2896 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
2897 tap->wr_antsignal = rssi;
2898 tap->wr_antenna = ant;
2899 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2900 tap->wr_rate = 2; /* in case it can't be found below */
2901 RUN_LOCK(sc);
2902 run_get_tsf(sc, &tap->wr_tsf);
2903 RUN_UNLOCK(sc);
2904 phy = le16toh(rxwi->phy);
2905 switch (phy & RT2860_PHY_MODE) {
2906 case RT2860_PHY_CCK:
2907 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2908 case 0: tap->wr_rate = 2; break;
2909 case 1: tap->wr_rate = 4; break;
2910 case 2: tap->wr_rate = 11; break;
2911 case 3: tap->wr_rate = 22; break;
2912 }
2913 if (phy & RT2860_PHY_SHPRE)
2914 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2915 break;
2916 case RT2860_PHY_OFDM:
2917 switch (phy & RT2860_PHY_MCS) {
2918 case 0: tap->wr_rate = 12; break;
2919 case 1: tap->wr_rate = 18; break;
2920 case 2: tap->wr_rate = 24; break;
2921 case 3: tap->wr_rate = 36; break;
2922 case 4: tap->wr_rate = 48; break;
2923 case 5: tap->wr_rate = 72; break;
2924 case 6: tap->wr_rate = 96; break;
2925 case 7: tap->wr_rate = 108; break;
2926 }
2927 break;
2928 }
2929 }
2930
2931 if (ni != NULL) {
2932 (void)ieee80211_input(ni, m, rssi, nf);
2933 ieee80211_free_node(ni);
2934 } else {
2935 (void)ieee80211_input_all(ic, m, rssi, nf);
2936 }
2937
2938 return;
2939
2940 fail:
2941 m_freem(m);
2942 counter_u64_add(ic->ic_ierrors, 1);
2943 }
2944
2945 static void
run_bulk_rx_callback(struct usb_xfer * xfer,usb_error_t error)2946 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2947 {
2948 struct run_softc *sc = usbd_xfer_softc(xfer);
2949 struct ieee80211com *ic = &sc->sc_ic;
2950 struct mbuf *m = NULL;
2951 struct mbuf *m0;
2952 uint32_t dmalen, mbuf_len;
2953 uint16_t rxwisize;
2954 int xferlen;
2955
2956 rxwisize = sizeof(struct rt2860_rxwi);
2957 if (sc->mac_ver == 0x5592)
2958 rxwisize += sizeof(uint64_t);
2959 else if (sc->mac_ver == 0x3593)
2960 rxwisize += sizeof(uint32_t);
2961
2962 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2963
2964 switch (USB_GET_STATE(xfer)) {
2965 case USB_ST_TRANSFERRED:
2966
2967 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2968 "rx done, actlen=%d\n", xferlen);
2969
2970 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2971 sizeof(struct rt2870_rxd))) {
2972 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
2973 "xfer too short %d\n", xferlen);
2974 goto tr_setup;
2975 }
2976
2977 m = sc->rx_m;
2978 sc->rx_m = NULL;
2979
2980 /* FALLTHROUGH */
2981 case USB_ST_SETUP:
2982 tr_setup:
2983 if (sc->rx_m == NULL) {
2984 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2985 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2986 }
2987 if (sc->rx_m == NULL) {
2988 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC,
2989 "could not allocate mbuf - idle with stall\n");
2990 counter_u64_add(ic->ic_ierrors, 1);
2991 usbd_xfer_set_stall(xfer);
2992 usbd_xfer_set_frames(xfer, 0);
2993 } else {
2994 /*
2995 * Directly loading a mbuf cluster into DMA to
2996 * save some data copying. This works because
2997 * there is only one cluster.
2998 */
2999 usbd_xfer_set_frame_data(xfer, 0,
3000 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
3001 usbd_xfer_set_frames(xfer, 1);
3002 }
3003 usbd_transfer_submit(xfer);
3004 break;
3005
3006 default: /* Error */
3007 if (error != USB_ERR_CANCELLED) {
3008 /* try to clear stall first */
3009 usbd_xfer_set_stall(xfer);
3010 if (error == USB_ERR_TIMEOUT)
3011 device_printf(sc->sc_dev, "device timeout\n");
3012 counter_u64_add(ic->ic_ierrors, 1);
3013 goto tr_setup;
3014 }
3015 if (sc->rx_m != NULL) {
3016 m_freem(sc->rx_m);
3017 sc->rx_m = NULL;
3018 }
3019 break;
3020 }
3021
3022 if (m == NULL)
3023 return;
3024
3025 /* inputting all the frames must be last */
3026
3027 RUN_UNLOCK(sc);
3028
3029 m->m_pkthdr.len = m->m_len = xferlen;
3030
3031 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
3032 for(;;) {
3033 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
3034
3035 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
3036 ((dmalen & 3) != 0)) {
3037 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3038 "bad DMA length %u\n", dmalen);
3039 break;
3040 }
3041 if ((dmalen + 8) > (uint32_t)xferlen) {
3042 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3043 "bad DMA length %u > %d\n",
3044 dmalen + 8, xferlen);
3045 break;
3046 }
3047
3048 /* If it is the last one or a single frame, we won't copy. */
3049 if ((xferlen -= dmalen + 8) <= 8) {
3050 /* trim 32-bit DMA-len header */
3051 m->m_data += 4;
3052 m->m_pkthdr.len = m->m_len -= 4;
3053 run_rx_frame(sc, m, dmalen);
3054 m = NULL; /* don't free source buffer */
3055 break;
3056 }
3057
3058 mbuf_len = dmalen + sizeof(struct rt2870_rxd);
3059 if (__predict_false(mbuf_len > MCLBYTES)) {
3060 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3061 "payload is too big: mbuf_len %u\n", mbuf_len);
3062 counter_u64_add(ic->ic_ierrors, 1);
3063 break;
3064 }
3065
3066 /* copy aggregated frames to another mbuf */
3067 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3068 if (__predict_false(m0 == NULL)) {
3069 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC,
3070 "could not allocate mbuf\n");
3071 counter_u64_add(ic->ic_ierrors, 1);
3072 break;
3073 }
3074 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3075 mbuf_len, mtod(m0, caddr_t));
3076 m0->m_pkthdr.len = m0->m_len = mbuf_len;
3077 run_rx_frame(sc, m0, dmalen);
3078
3079 /* update data ptr */
3080 m->m_data += mbuf_len + 4;
3081 m->m_pkthdr.len = m->m_len -= mbuf_len + 4;
3082 }
3083
3084 /* make sure we free the source buffer, if any */
3085 m_freem(m);
3086
3087 RUN_LOCK(sc);
3088 }
3089
3090 static void
run_tx_free(struct run_endpoint_queue * pq,struct run_tx_data * data,int txerr)3091 run_tx_free(struct run_endpoint_queue *pq,
3092 struct run_tx_data *data, int txerr)
3093 {
3094
3095 ieee80211_tx_complete(data->ni, data->m, txerr);
3096
3097 data->m = NULL;
3098 data->ni = NULL;
3099
3100 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3101 pq->tx_nfree++;
3102 }
3103
3104 static void
run_bulk_tx_callbackN(struct usb_xfer * xfer,usb_error_t error,u_int index)3105 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3106 {
3107 struct run_softc *sc = usbd_xfer_softc(xfer);
3108 struct ieee80211com *ic = &sc->sc_ic;
3109 struct run_tx_data *data;
3110 struct ieee80211vap *vap = NULL;
3111 struct usb_page_cache *pc;
3112 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3113 struct mbuf *m;
3114 usb_frlength_t size;
3115 int actlen;
3116 int sumlen;
3117
3118 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3119
3120 switch (USB_GET_STATE(xfer)) {
3121 case USB_ST_TRANSFERRED:
3122 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3123 "transfer complete: %d bytes @ index %d\n", actlen, index);
3124
3125 data = usbd_xfer_get_priv(xfer);
3126 run_tx_free(pq, data, 0);
3127 usbd_xfer_set_priv(xfer, NULL);
3128
3129 /* FALLTHROUGH */
3130 case USB_ST_SETUP:
3131 tr_setup:
3132 data = STAILQ_FIRST(&pq->tx_qh);
3133 if (data == NULL)
3134 break;
3135
3136 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3137
3138 m = data->m;
3139 size = (sc->mac_ver == 0x5592) ?
3140 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3141 if ((m->m_pkthdr.len +
3142 size + 3 + 8) > RUN_MAX_TXSZ) {
3143 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB,
3144 "data overflow, %u bytes\n", m->m_pkthdr.len);
3145 run_tx_free(pq, data, 1);
3146 goto tr_setup;
3147 }
3148
3149 pc = usbd_xfer_get_frame(xfer, 0);
3150 usbd_copy_in(pc, 0, &data->desc, size);
3151 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3152 size += m->m_pkthdr.len;
3153 /*
3154 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3155 * 4-byte padding), and be sure to zero those trailing
3156 * bytes:
3157 */
3158 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3159 size += ((-size) & 3) + 8;
3160
3161 vap = data->ni->ni_vap;
3162 if (ieee80211_radiotap_active_vap(vap)) {
3163 const struct ieee80211_frame *wh;
3164 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3165 struct rt2860_txwi *txwi =
3166 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3167 int has_l2pad;
3168
3169 wh = mtod(m, struct ieee80211_frame *);
3170 has_l2pad = IEEE80211_HAS_ADDR4(wh) !=
3171 IEEE80211_QOS_HAS_SEQ(wh);
3172
3173 tap->wt_flags = 0;
3174 tap->wt_rate = rt2860_rates[data->ridx].rate;
3175 tap->wt_hwqueue = index;
3176 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3177 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3178 if (has_l2pad)
3179 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
3180
3181 ieee80211_radiotap_tx(vap, m);
3182 }
3183
3184 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3185 "sending frame len=%u/%u @ index %d\n",
3186 m->m_pkthdr.len, size, index);
3187
3188 usbd_xfer_set_frame_len(xfer, 0, size);
3189 usbd_xfer_set_priv(xfer, data);
3190 usbd_transfer_submit(xfer);
3191 run_start(sc);
3192
3193 break;
3194
3195 default:
3196 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3197 "USB transfer error, %s\n", usbd_errstr(error));
3198
3199 data = usbd_xfer_get_priv(xfer);
3200
3201 if (data != NULL) {
3202 if(data->ni != NULL)
3203 vap = data->ni->ni_vap;
3204 run_tx_free(pq, data, error);
3205 usbd_xfer_set_priv(xfer, NULL);
3206 }
3207
3208 if (vap == NULL)
3209 vap = TAILQ_FIRST(&ic->ic_vaps);
3210
3211 if (error != USB_ERR_CANCELLED) {
3212 if (error == USB_ERR_TIMEOUT) {
3213 device_printf(sc->sc_dev, "device timeout\n");
3214 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3215 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3216 "cmdq_store=%d\n", i);
3217 sc->cmdq[i].func = run_usb_timeout_cb;
3218 sc->cmdq[i].arg0 = vap;
3219 ieee80211_runtask(ic, &sc->cmdq_task);
3220 }
3221
3222 /*
3223 * Try to clear stall first, also if other
3224 * errors occur, hence clearing stall
3225 * introduces a 50 ms delay:
3226 */
3227 usbd_xfer_set_stall(xfer);
3228 goto tr_setup;
3229 }
3230 break;
3231 }
3232 }
3233
3234 static void
run_bulk_tx_callback0(struct usb_xfer * xfer,usb_error_t error)3235 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3236 {
3237 run_bulk_tx_callbackN(xfer, error, 0);
3238 }
3239
3240 static void
run_bulk_tx_callback1(struct usb_xfer * xfer,usb_error_t error)3241 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3242 {
3243 run_bulk_tx_callbackN(xfer, error, 1);
3244 }
3245
3246 static void
run_bulk_tx_callback2(struct usb_xfer * xfer,usb_error_t error)3247 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3248 {
3249 run_bulk_tx_callbackN(xfer, error, 2);
3250 }
3251
3252 static void
run_bulk_tx_callback3(struct usb_xfer * xfer,usb_error_t error)3253 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3254 {
3255 run_bulk_tx_callbackN(xfer, error, 3);
3256 }
3257
3258 static void
run_bulk_tx_callback4(struct usb_xfer * xfer,usb_error_t error)3259 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3260 {
3261 run_bulk_tx_callbackN(xfer, error, 4);
3262 }
3263
3264 static void
run_bulk_tx_callback5(struct usb_xfer * xfer,usb_error_t error)3265 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3266 {
3267 run_bulk_tx_callbackN(xfer, error, 5);
3268 }
3269
3270 static void
run_set_tx_desc(struct run_softc * sc,struct run_tx_data * data)3271 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3272 {
3273 struct mbuf *m = data->m;
3274 struct ieee80211com *ic = &sc->sc_ic;
3275 struct ieee80211vap *vap = data->ni->ni_vap;
3276 struct ieee80211_frame *wh;
3277 struct rt2870_txd *txd;
3278 struct rt2860_txwi *txwi;
3279 uint16_t xferlen, txwisize;
3280 uint16_t mcs;
3281 uint8_t ridx = data->ridx;
3282 uint8_t pad;
3283
3284 /* get MCS code from rate index */
3285 mcs = rt2860_rates[ridx].mcs;
3286
3287 txwisize = (sc->mac_ver == 0x5592) ?
3288 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3289 xferlen = txwisize + m->m_pkthdr.len;
3290
3291 /* roundup to 32-bit alignment */
3292 xferlen = (xferlen + 3) & ~3;
3293
3294 txd = (struct rt2870_txd *)&data->desc;
3295 txd->len = htole16(xferlen);
3296
3297 wh = mtod(m, struct ieee80211_frame *);
3298
3299 /*
3300 * Ether both are true or both are false, the header
3301 * are nicely aligned to 32-bit. So, no L2 padding.
3302 */
3303 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3304 pad = 0;
3305 else
3306 pad = 2;
3307
3308 /* setup TX Wireless Information */
3309 txwi = (struct rt2860_txwi *)(txd + 1);
3310 txwi->len = htole16(m->m_pkthdr.len - pad);
3311 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3312 mcs |= RT2860_PHY_CCK;
3313 if (ridx != RT2860_RIDX_CCK1 &&
3314 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3315 mcs |= RT2860_PHY_SHPRE;
3316 } else
3317 mcs |= RT2860_PHY_OFDM;
3318 txwi->phy = htole16(mcs);
3319
3320 /* check if RTS/CTS or CTS-to-self protection is required */
3321 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3322 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3323 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3324 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3325 txwi->txop |= RT2860_TX_TXOP_HT;
3326 else
3327 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3328
3329 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3330 txwi->xflags |= RT2860_TX_NSEQ;
3331 }
3332
3333 /* This function must be called locked */
3334 static int
run_tx(struct run_softc * sc,struct mbuf * m,struct ieee80211_node * ni)3335 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3336 {
3337 struct ieee80211com *ic = &sc->sc_ic;
3338 struct ieee80211vap *vap = ni->ni_vap;
3339 struct ieee80211_frame *wh;
3340 const struct ieee80211_txparam *tp = ni->ni_txparms;
3341 struct run_node *rn = RUN_NODE(ni);
3342 struct run_tx_data *data;
3343 struct rt2870_txd *txd;
3344 struct rt2860_txwi *txwi;
3345 uint16_t qos;
3346 uint16_t dur;
3347 uint16_t qid;
3348 uint8_t type;
3349 uint8_t tid;
3350 uint8_t ridx;
3351 uint8_t ctl_ridx;
3352 uint8_t qflags;
3353 uint8_t xflags = 0;
3354 int hasqos;
3355
3356 RUN_LOCK_ASSERT(sc, MA_OWNED);
3357
3358 wh = mtod(m, struct ieee80211_frame *);
3359
3360 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3361
3362 /*
3363 * There are 7 bulk endpoints: 1 for RX
3364 * and 6 for TX (4 EDCAs + HCCA + Prio).
3365 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3366 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3367 */
3368 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3369 uint8_t *frm;
3370
3371 frm = ieee80211_getqos(wh);
3372 qos = le16toh(*(const uint16_t *)frm);
3373 tid = qos & IEEE80211_QOS_TID;
3374 qid = TID_TO_WME_AC(tid);
3375 } else {
3376 qos = 0;
3377 tid = 0;
3378 qid = WME_AC_BE;
3379 }
3380 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3381
3382 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3383 qos, qid, tid, qflags);
3384
3385 /* pickup a rate index */
3386 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3387 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3388 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3389 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3390 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3391 } else {
3392 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3393 ridx = rn->fix_ridx;
3394 else
3395 ridx = rn->amrr_ridx;
3396 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3397 }
3398
3399 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3400 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3401 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3402 xflags |= RT2860_TX_ACK;
3403 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3404 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3405 else
3406 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3407 USETW(wh->i_dur, dur);
3408 }
3409
3410 /* reserve slots for mgmt packets, just in case */
3411 if (sc->sc_epq[qid].tx_nfree < 3) {
3412 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid);
3413 return (-1);
3414 }
3415
3416 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3417 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3418 sc->sc_epq[qid].tx_nfree--;
3419
3420 txd = (struct rt2870_txd *)&data->desc;
3421 txd->flags = qflags;
3422 txwi = (struct rt2860_txwi *)(txd + 1);
3423 txwi->xflags = xflags;
3424 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3425 txwi->wcid = 0;
3426 else
3427 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3428 1 : RUN_AID2WCID(ni->ni_associd);
3429
3430 /* clear leftover garbage bits */
3431 txwi->flags = 0;
3432 txwi->txop = 0;
3433
3434 data->m = m;
3435 data->ni = ni;
3436 data->ridx = ridx;
3437
3438 run_set_tx_desc(sc, data);
3439
3440 /*
3441 * The chip keeps track of 2 kind of Tx stats,
3442 * * TX_STAT_FIFO, for per WCID stats, and
3443 * * TX_STA_CNT0 for all-TX-in-one stats.
3444 *
3445 * To use FIFO stats, we need to store MCS into the driver-private
3446 * PacketID field. So that, we can tell whose stats when we read them.
3447 * We add 1 to the MCS because setting the PacketID field to 0 means
3448 * that we don't want feedback in TX_STAT_FIFO.
3449 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3450 *
3451 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3452 */
3453 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3454 vap->iv_opmode == IEEE80211_M_MBSS) {
3455 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3456 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3457
3458 /*
3459 * Unlike PCI based devices, we don't get any interrupt from
3460 * USB devices, so we simulate FIFO-is-full interrupt here.
3461 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3462 * quickly get fulled. To prevent overflow, increment a counter on
3463 * every FIFO stat request, so we know how many slots are left.
3464 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3465 * are used only in those modes.
3466 * We just drain stats. AMRR gets updated every 1 sec by
3467 * run_ratectl_cb() via callout.
3468 * Call it early. Otherwise overflow.
3469 */
3470 if (sc->fifo_cnt++ == 10) {
3471 /*
3472 * With multiple vaps or if_bridge, if_start() is called
3473 * with a non-sleepable lock, tcpinp. So, need to defer.
3474 */
3475 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3476 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i);
3477 sc->cmdq[i].func = run_drain_fifo;
3478 sc->cmdq[i].arg0 = sc;
3479 ieee80211_runtask(ic, &sc->cmdq_task);
3480 }
3481 }
3482
3483 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3484
3485 usbd_transfer_start(sc->sc_xfer[qid]);
3486
3487 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3488 "sending data frame len=%d rate=%d qid=%d\n",
3489 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3490 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3491
3492 return (0);
3493 }
3494
3495 static int
run_tx_mgt(struct run_softc * sc,struct mbuf * m,struct ieee80211_node * ni)3496 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3497 {
3498 struct ieee80211com *ic = &sc->sc_ic;
3499 struct run_node *rn = RUN_NODE(ni);
3500 struct run_tx_data *data;
3501 struct ieee80211_frame *wh;
3502 struct rt2870_txd *txd;
3503 struct rt2860_txwi *txwi;
3504 uint16_t dur;
3505 uint8_t ridx = rn->mgt_ridx;
3506 uint8_t xflags = 0;
3507 uint8_t wflags = 0;
3508
3509 RUN_LOCK_ASSERT(sc, MA_OWNED);
3510
3511 wh = mtod(m, struct ieee80211_frame *);
3512
3513 /* tell hardware to add timestamp for probe responses */
3514 if ((wh->i_fc[0] &
3515 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3516 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3517 wflags |= RT2860_TX_TS;
3518 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3519 xflags |= RT2860_TX_ACK;
3520
3521 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3522 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3523 USETW(wh->i_dur, dur);
3524 }
3525
3526 if (sc->sc_epq[0].tx_nfree == 0)
3527 /* let caller free mbuf */
3528 return (EIO);
3529 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3530 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3531 sc->sc_epq[0].tx_nfree--;
3532
3533 txd = (struct rt2870_txd *)&data->desc;
3534 txd->flags = RT2860_TX_QSEL_EDCA;
3535 txwi = (struct rt2860_txwi *)(txd + 1);
3536 txwi->wcid = 0xff;
3537 txwi->flags = wflags;
3538 txwi->xflags = xflags;
3539 txwi->txop = 0; /* clear leftover garbage bits */
3540
3541 data->m = m;
3542 data->ni = ni;
3543 data->ridx = ridx;
3544
3545 run_set_tx_desc(sc, data);
3546
3547 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n",
3548 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3549 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate);
3550
3551 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3552
3553 usbd_transfer_start(sc->sc_xfer[0]);
3554
3555 return (0);
3556 }
3557
3558 static int
run_sendprot(struct run_softc * sc,const struct mbuf * m,struct ieee80211_node * ni,int prot,int rate)3559 run_sendprot(struct run_softc *sc,
3560 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3561 {
3562 struct ieee80211com *ic = ni->ni_ic;
3563 struct run_tx_data *data;
3564 struct rt2870_txd *txd;
3565 struct rt2860_txwi *txwi;
3566 struct mbuf *mprot;
3567 int ridx;
3568 int protrate;
3569 uint8_t wflags = 0;
3570 uint8_t xflags = 0;
3571
3572 RUN_LOCK_ASSERT(sc, MA_OWNED);
3573
3574 /* check that there are free slots before allocating the mbuf */
3575 if (sc->sc_epq[0].tx_nfree == 0)
3576 /* let caller free mbuf */
3577 return (ENOBUFS);
3578
3579 mprot = ieee80211_alloc_prot(ni, m, rate, prot);
3580 if (mprot == NULL) {
3581 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3582 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n");
3583 return (ENOBUFS);
3584 }
3585
3586 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3587 wflags = RT2860_TX_FRAG;
3588 xflags = 0;
3589 if (prot == IEEE80211_PROT_RTSCTS)
3590 xflags |= RT2860_TX_ACK;
3591
3592 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3593 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3594 sc->sc_epq[0].tx_nfree--;
3595
3596 txd = (struct rt2870_txd *)&data->desc;
3597 txd->flags = RT2860_TX_QSEL_EDCA;
3598 txwi = (struct rt2860_txwi *)(txd + 1);
3599 txwi->wcid = 0xff;
3600 txwi->flags = wflags;
3601 txwi->xflags = xflags;
3602 txwi->txop = 0; /* clear leftover garbage bits */
3603
3604 data->m = mprot;
3605 data->ni = ieee80211_ref_node(ni);
3606
3607 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3608 if (rt2860_rates[ridx].rate == protrate)
3609 break;
3610 data->ridx = ridx;
3611
3612 run_set_tx_desc(sc, data);
3613
3614 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n",
3615 m->m_pkthdr.len, rate);
3616
3617 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3618
3619 usbd_transfer_start(sc->sc_xfer[0]);
3620
3621 return (0);
3622 }
3623
3624 static int
run_tx_param(struct run_softc * sc,struct mbuf * m,struct ieee80211_node * ni,const struct ieee80211_bpf_params * params)3625 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3626 const struct ieee80211_bpf_params *params)
3627 {
3628 struct ieee80211com *ic = ni->ni_ic;
3629 struct run_tx_data *data;
3630 struct rt2870_txd *txd;
3631 struct rt2860_txwi *txwi;
3632 uint8_t ridx;
3633 uint8_t rate;
3634 uint8_t opflags = 0;
3635 uint8_t xflags = 0;
3636 int error;
3637
3638 RUN_LOCK_ASSERT(sc, MA_OWNED);
3639
3640 KASSERT(params != NULL, ("no raw xmit params"));
3641
3642 rate = params->ibp_rate0;
3643 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3644 /* let caller free mbuf */
3645 return (EINVAL);
3646 }
3647
3648 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3649 xflags |= RT2860_TX_ACK;
3650 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3651 error = run_sendprot(sc, m, ni,
3652 params->ibp_flags & IEEE80211_BPF_RTS ?
3653 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3654 rate);
3655 if (error) {
3656 /* let caller free mbuf */
3657 return error;
3658 }
3659 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3660 }
3661
3662 if (sc->sc_epq[0].tx_nfree == 0) {
3663 /* let caller free mbuf */
3664 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3665 "sending raw frame, but tx ring is full\n");
3666 return (EIO);
3667 }
3668 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3669 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3670 sc->sc_epq[0].tx_nfree--;
3671
3672 txd = (struct rt2870_txd *)&data->desc;
3673 txd->flags = RT2860_TX_QSEL_EDCA;
3674 txwi = (struct rt2860_txwi *)(txd + 1);
3675 txwi->wcid = 0xff;
3676 txwi->xflags = xflags;
3677 txwi->txop = opflags;
3678 txwi->flags = 0; /* clear leftover garbage bits */
3679
3680 data->m = m;
3681 data->ni = ni;
3682 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3683 if (rt2860_rates[ridx].rate == rate)
3684 break;
3685 data->ridx = ridx;
3686
3687 run_set_tx_desc(sc, data);
3688
3689 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n",
3690 m->m_pkthdr.len, rate);
3691
3692 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3693
3694 usbd_transfer_start(sc->sc_xfer[0]);
3695
3696 return (0);
3697 }
3698
3699 static int
run_raw_xmit(struct ieee80211_node * ni,struct mbuf * m,const struct ieee80211_bpf_params * params)3700 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3701 const struct ieee80211_bpf_params *params)
3702 {
3703 struct run_softc *sc = ni->ni_ic->ic_softc;
3704 int error = 0;
3705
3706 RUN_LOCK(sc);
3707
3708 /* prevent management frames from being sent if we're not ready */
3709 if (!(sc->sc_flags & RUN_RUNNING)) {
3710 error = ENETDOWN;
3711 goto done;
3712 }
3713
3714 if (params == NULL) {
3715 /* tx mgt packet */
3716 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3717 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n");
3718 goto done;
3719 }
3720 } else {
3721 /* tx raw packet with param */
3722 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3723 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n");
3724 goto done;
3725 }
3726 }
3727
3728 done:
3729 RUN_UNLOCK(sc);
3730
3731 if (error != 0) {
3732 if(m != NULL)
3733 m_freem(m);
3734 }
3735
3736 return (error);
3737 }
3738
3739 static int
run_transmit(struct ieee80211com * ic,struct mbuf * m)3740 run_transmit(struct ieee80211com *ic, struct mbuf *m)
3741 {
3742 struct run_softc *sc = ic->ic_softc;
3743 int error;
3744
3745 RUN_LOCK(sc);
3746 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3747 RUN_UNLOCK(sc);
3748 return (ENXIO);
3749 }
3750 error = mbufq_enqueue(&sc->sc_snd, m);
3751 if (error) {
3752 RUN_UNLOCK(sc);
3753 return (error);
3754 }
3755 run_start(sc);
3756 RUN_UNLOCK(sc);
3757
3758 return (0);
3759 }
3760
3761 static void
run_start(struct run_softc * sc)3762 run_start(struct run_softc *sc)
3763 {
3764 struct ieee80211_node *ni;
3765 struct mbuf *m;
3766
3767 RUN_LOCK_ASSERT(sc, MA_OWNED);
3768
3769 if ((sc->sc_flags & RUN_RUNNING) == 0)
3770 return;
3771
3772 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3773 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3774 if (run_tx(sc, m, ni) != 0) {
3775 mbufq_prepend(&sc->sc_snd, m);
3776 break;
3777 }
3778 }
3779 }
3780
3781 static void
run_parent(struct ieee80211com * ic)3782 run_parent(struct ieee80211com *ic)
3783 {
3784 struct run_softc *sc = ic->ic_softc;
3785 int startall = 0;
3786
3787 RUN_LOCK(sc);
3788 if (sc->sc_detached) {
3789 RUN_UNLOCK(sc);
3790 return;
3791 }
3792
3793 if (ic->ic_nrunning > 0) {
3794 if (!(sc->sc_flags & RUN_RUNNING)) {
3795 startall = 1;
3796 run_init_locked(sc);
3797 } else
3798 run_update_promisc_locked(sc);
3799 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3800 run_stop(sc);
3801 RUN_UNLOCK(sc);
3802 if (startall)
3803 ieee80211_start_all(ic);
3804 }
3805
3806 static void
run_iq_calib(struct run_softc * sc,u_int chan)3807 run_iq_calib(struct run_softc *sc, u_int chan)
3808 {
3809 uint16_t val;
3810
3811 /* Tx0 IQ gain. */
3812 run_bbp_write(sc, 158, 0x2c);
3813 if (chan <= 14)
3814 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3815 else if (chan <= 64) {
3816 run_efuse_read(sc,
3817 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3818 &val, 1);
3819 } else if (chan <= 138) {
3820 run_efuse_read(sc,
3821 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3822 &val, 1);
3823 } else if (chan <= 165) {
3824 run_efuse_read(sc,
3825 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3826 &val, 1);
3827 } else
3828 val = 0;
3829 run_bbp_write(sc, 159, val);
3830
3831 /* Tx0 IQ phase. */
3832 run_bbp_write(sc, 158, 0x2d);
3833 if (chan <= 14) {
3834 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3835 &val, 1);
3836 } else if (chan <= 64) {
3837 run_efuse_read(sc,
3838 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3839 &val, 1);
3840 } else if (chan <= 138) {
3841 run_efuse_read(sc,
3842 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3843 &val, 1);
3844 } else if (chan <= 165) {
3845 run_efuse_read(sc,
3846 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3847 &val, 1);
3848 } else
3849 val = 0;
3850 run_bbp_write(sc, 159, val);
3851
3852 /* Tx1 IQ gain. */
3853 run_bbp_write(sc, 158, 0x4a);
3854 if (chan <= 14) {
3855 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3856 &val, 1);
3857 } else if (chan <= 64) {
3858 run_efuse_read(sc,
3859 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3860 &val, 1);
3861 } else if (chan <= 138) {
3862 run_efuse_read(sc,
3863 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3864 &val, 1);
3865 } else if (chan <= 165) {
3866 run_efuse_read(sc,
3867 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3868 &val, 1);
3869 } else
3870 val = 0;
3871 run_bbp_write(sc, 159, val);
3872
3873 /* Tx1 IQ phase. */
3874 run_bbp_write(sc, 158, 0x4b);
3875 if (chan <= 14) {
3876 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3877 &val, 1);
3878 } else if (chan <= 64) {
3879 run_efuse_read(sc,
3880 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3881 &val, 1);
3882 } else if (chan <= 138) {
3883 run_efuse_read(sc,
3884 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3885 &val, 1);
3886 } else if (chan <= 165) {
3887 run_efuse_read(sc,
3888 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3889 &val, 1);
3890 } else
3891 val = 0;
3892 run_bbp_write(sc, 159, val);
3893
3894 /* RF IQ compensation control. */
3895 run_bbp_write(sc, 158, 0x04);
3896 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3897 &val, 1);
3898 run_bbp_write(sc, 159, val);
3899
3900 /* RF IQ imbalance compensation control. */
3901 run_bbp_write(sc, 158, 0x03);
3902 run_efuse_read(sc,
3903 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3904 run_bbp_write(sc, 159, val);
3905 }
3906
3907 static void
run_set_agc(struct run_softc * sc,uint8_t agc)3908 run_set_agc(struct run_softc *sc, uint8_t agc)
3909 {
3910 uint8_t bbp;
3911
3912 if (sc->mac_ver == 0x3572) {
3913 run_bbp_read(sc, 27, &bbp);
3914 bbp &= ~(0x3 << 5);
3915 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3916 run_bbp_write(sc, 66, agc);
3917 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3918 run_bbp_write(sc, 66, agc);
3919 } else
3920 run_bbp_write(sc, 66, agc);
3921 }
3922
3923 static void
run_select_chan_group(struct run_softc * sc,int group)3924 run_select_chan_group(struct run_softc *sc, int group)
3925 {
3926 uint32_t tmp;
3927 uint8_t agc;
3928
3929 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3930 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3931 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3932 if (sc->mac_ver < 0x3572)
3933 run_bbp_write(sc, 86, 0x00);
3934
3935 if (sc->mac_ver == 0x3593) {
3936 run_bbp_write(sc, 77, 0x98);
3937 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3938 }
3939
3940 if (group == 0) {
3941 if (sc->ext_2ghz_lna) {
3942 if (sc->mac_ver >= 0x5390)
3943 run_bbp_write(sc, 75, 0x52);
3944 else {
3945 run_bbp_write(sc, 82, 0x62);
3946 run_bbp_write(sc, 75, 0x46);
3947 }
3948 } else {
3949 if (sc->mac_ver == 0x5592) {
3950 run_bbp_write(sc, 79, 0x1c);
3951 run_bbp_write(sc, 80, 0x0e);
3952 run_bbp_write(sc, 81, 0x3a);
3953 run_bbp_write(sc, 82, 0x62);
3954
3955 run_bbp_write(sc, 195, 0x80);
3956 run_bbp_write(sc, 196, 0xe0);
3957 run_bbp_write(sc, 195, 0x81);
3958 run_bbp_write(sc, 196, 0x1f);
3959 run_bbp_write(sc, 195, 0x82);
3960 run_bbp_write(sc, 196, 0x38);
3961 run_bbp_write(sc, 195, 0x83);
3962 run_bbp_write(sc, 196, 0x32);
3963 run_bbp_write(sc, 195, 0x85);
3964 run_bbp_write(sc, 196, 0x28);
3965 run_bbp_write(sc, 195, 0x86);
3966 run_bbp_write(sc, 196, 0x19);
3967 } else if (sc->mac_ver >= 0x5390)
3968 run_bbp_write(sc, 75, 0x50);
3969 else {
3970 run_bbp_write(sc, 82,
3971 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3972 run_bbp_write(sc, 75, 0x50);
3973 }
3974 }
3975 } else {
3976 if (sc->mac_ver == 0x5592) {
3977 run_bbp_write(sc, 79, 0x18);
3978 run_bbp_write(sc, 80, 0x08);
3979 run_bbp_write(sc, 81, 0x38);
3980 run_bbp_write(sc, 82, 0x92);
3981
3982 run_bbp_write(sc, 195, 0x80);
3983 run_bbp_write(sc, 196, 0xf0);
3984 run_bbp_write(sc, 195, 0x81);
3985 run_bbp_write(sc, 196, 0x1e);
3986 run_bbp_write(sc, 195, 0x82);
3987 run_bbp_write(sc, 196, 0x28);
3988 run_bbp_write(sc, 195, 0x83);
3989 run_bbp_write(sc, 196, 0x20);
3990 run_bbp_write(sc, 195, 0x85);
3991 run_bbp_write(sc, 196, 0x7f);
3992 run_bbp_write(sc, 195, 0x86);
3993 run_bbp_write(sc, 196, 0x7f);
3994 } else if (sc->mac_ver == 0x3572)
3995 run_bbp_write(sc, 82, 0x94);
3996 else
3997 run_bbp_write(sc, 82,
3998 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
3999 if (sc->ext_5ghz_lna)
4000 run_bbp_write(sc, 75, 0x46);
4001 else
4002 run_bbp_write(sc, 75, 0x50);
4003 }
4004
4005 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4006 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4007 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4008 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4009
4010 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4011 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4012 if (sc->mac_ver == 0x3593)
4013 tmp |= 1 << 29 | 1 << 28;
4014 if (sc->nrxchains > 1)
4015 tmp |= RT2860_LNA_PE1_EN;
4016 if (group == 0) { /* 2GHz */
4017 tmp |= RT2860_PA_PE_G0_EN;
4018 if (sc->ntxchains > 1)
4019 tmp |= RT2860_PA_PE_G1_EN;
4020 if (sc->mac_ver == 0x3593) {
4021 if (sc->ntxchains > 2)
4022 tmp |= 1 << 25;
4023 }
4024 } else { /* 5GHz */
4025 tmp |= RT2860_PA_PE_A0_EN;
4026 if (sc->ntxchains > 1)
4027 tmp |= RT2860_PA_PE_A1_EN;
4028 }
4029 if (sc->mac_ver == 0x3572) {
4030 run_rt3070_rf_write(sc, 8, 0x00);
4031 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4032 run_rt3070_rf_write(sc, 8, 0x80);
4033 } else
4034 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4035
4036 if (sc->mac_ver == 0x5592) {
4037 run_bbp_write(sc, 195, 0x8d);
4038 run_bbp_write(sc, 196, 0x1a);
4039 }
4040
4041 if (sc->mac_ver == 0x3593) {
4042 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4043 tmp &= ~0x01010000;
4044 if (group == 0)
4045 tmp |= 0x00010000;
4046 tmp = (tmp & ~0x00009090) | 0x00000090;
4047 run_write(sc, RT2860_GPIO_CTRL, tmp);
4048 }
4049
4050 /* set initial AGC value */
4051 if (group == 0) { /* 2GHz band */
4052 if (sc->mac_ver >= 0x3070)
4053 agc = 0x1c + sc->lna[0] * 2;
4054 else
4055 agc = 0x2e + sc->lna[0];
4056 } else { /* 5GHz band */
4057 if (sc->mac_ver == 0x5592)
4058 agc = 0x24 + sc->lna[group] * 2;
4059 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4060 agc = 0x22 + (sc->lna[group] * 5) / 3;
4061 else
4062 agc = 0x32 + (sc->lna[group] * 5) / 3;
4063 }
4064 run_set_agc(sc, agc);
4065 }
4066
4067 static void
run_rt2870_set_chan(struct run_softc * sc,u_int chan)4068 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4069 {
4070 const struct rfprog *rfprog = rt2860_rf2850;
4071 uint32_t r2, r3, r4;
4072 int8_t txpow1, txpow2;
4073 int i;
4074
4075 /* find the settings for this channel (we know it exists) */
4076 for (i = 0; rfprog[i].chan != chan; i++);
4077
4078 r2 = rfprog[i].r2;
4079 if (sc->ntxchains == 1)
4080 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4081 if (sc->nrxchains == 1)
4082 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4083 else if (sc->nrxchains == 2)
4084 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4085
4086 /* use Tx power values from EEPROM */
4087 txpow1 = sc->txpow1[i];
4088 txpow2 = sc->txpow2[i];
4089
4090 /* Initialize RF R3 and R4. */
4091 r3 = rfprog[i].r3 & 0xffffc1ff;
4092 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4093 if (chan > 14) {
4094 if (txpow1 >= 0) {
4095 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4096 r3 |= (txpow1 << 10) | (1 << 9);
4097 } else {
4098 txpow1 += 7;
4099
4100 /* txpow1 is not possible larger than 15. */
4101 r3 |= (txpow1 << 10);
4102 }
4103 if (txpow2 >= 0) {
4104 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4105 r4 |= (txpow2 << 7) | (1 << 6);
4106 } else {
4107 txpow2 += 7;
4108 r4 |= (txpow2 << 7);
4109 }
4110 } else {
4111 /* Set Tx0 power. */
4112 r3 |= (txpow1 << 9);
4113
4114 /* Set frequency offset and Tx1 power. */
4115 r4 |= (txpow2 << 6);
4116 }
4117
4118 run_rt2870_rf_write(sc, rfprog[i].r1);
4119 run_rt2870_rf_write(sc, r2);
4120 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4121 run_rt2870_rf_write(sc, r4);
4122
4123 run_delay(sc, 10);
4124
4125 run_rt2870_rf_write(sc, rfprog[i].r1);
4126 run_rt2870_rf_write(sc, r2);
4127 run_rt2870_rf_write(sc, r3 | (1 << 2));
4128 run_rt2870_rf_write(sc, r4);
4129
4130 run_delay(sc, 10);
4131
4132 run_rt2870_rf_write(sc, rfprog[i].r1);
4133 run_rt2870_rf_write(sc, r2);
4134 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4135 run_rt2870_rf_write(sc, r4);
4136 }
4137
4138 static void
run_rt3070_set_chan(struct run_softc * sc,u_int chan)4139 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4140 {
4141 int8_t txpow1, txpow2;
4142 uint8_t rf;
4143 int i;
4144
4145 /* find the settings for this channel (we know it exists) */
4146 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4147
4148 /* use Tx power values from EEPROM */
4149 txpow1 = sc->txpow1[i];
4150 txpow2 = sc->txpow2[i];
4151
4152 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4153
4154 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4155 run_rt3070_rf_read(sc, 3, &rf);
4156 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4157 run_rt3070_rf_write(sc, 3, rf);
4158
4159 run_rt3070_rf_read(sc, 6, &rf);
4160 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4161 run_rt3070_rf_write(sc, 6, rf);
4162
4163 /* set Tx0 power */
4164 run_rt3070_rf_read(sc, 12, &rf);
4165 rf = (rf & ~0x1f) | txpow1;
4166 run_rt3070_rf_write(sc, 12, rf);
4167
4168 /* set Tx1 power */
4169 run_rt3070_rf_read(sc, 13, &rf);
4170 rf = (rf & ~0x1f) | txpow2;
4171 run_rt3070_rf_write(sc, 13, rf);
4172
4173 run_rt3070_rf_read(sc, 1, &rf);
4174 rf &= ~0xfc;
4175 if (sc->ntxchains == 1)
4176 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4177 else if (sc->ntxchains == 2)
4178 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4179 if (sc->nrxchains == 1)
4180 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4181 else if (sc->nrxchains == 2)
4182 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4183 run_rt3070_rf_write(sc, 1, rf);
4184
4185 /* set RF offset */
4186 run_rt3070_rf_read(sc, 23, &rf);
4187 rf = (rf & ~0x7f) | sc->freq;
4188 run_rt3070_rf_write(sc, 23, rf);
4189
4190 /* program RF filter */
4191 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4192 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4193 run_rt3070_rf_write(sc, 24, rf);
4194 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4195 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4196 run_rt3070_rf_write(sc, 31, rf);
4197
4198 /* enable RF tuning */
4199 run_rt3070_rf_read(sc, 7, &rf);
4200 run_rt3070_rf_write(sc, 7, rf | 0x01);
4201 }
4202
4203 static void
run_rt3572_set_chan(struct run_softc * sc,u_int chan)4204 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4205 {
4206 int8_t txpow1, txpow2;
4207 uint32_t tmp;
4208 uint8_t rf;
4209 int i;
4210
4211 /* find the settings for this channel (we know it exists) */
4212 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4213
4214 /* use Tx power values from EEPROM */
4215 txpow1 = sc->txpow1[i];
4216 txpow2 = sc->txpow2[i];
4217
4218 if (chan <= 14) {
4219 run_bbp_write(sc, 25, sc->bbp25);
4220 run_bbp_write(sc, 26, sc->bbp26);
4221 } else {
4222 /* enable IQ phase correction */
4223 run_bbp_write(sc, 25, 0x09);
4224 run_bbp_write(sc, 26, 0xff);
4225 }
4226
4227 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4228 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4229 run_rt3070_rf_read(sc, 6, &rf);
4230 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4231 rf |= (chan <= 14) ? 0x08 : 0x04;
4232 run_rt3070_rf_write(sc, 6, rf);
4233
4234 /* set PLL mode */
4235 run_rt3070_rf_read(sc, 5, &rf);
4236 rf &= ~(0x08 | 0x04);
4237 rf |= (chan <= 14) ? 0x04 : 0x08;
4238 run_rt3070_rf_write(sc, 5, rf);
4239
4240 /* set Tx power for chain 0 */
4241 if (chan <= 14)
4242 rf = 0x60 | txpow1;
4243 else
4244 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4245 run_rt3070_rf_write(sc, 12, rf);
4246
4247 /* set Tx power for chain 1 */
4248 if (chan <= 14)
4249 rf = 0x60 | txpow2;
4250 else
4251 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4252 run_rt3070_rf_write(sc, 13, rf);
4253
4254 /* set Tx/Rx streams */
4255 run_rt3070_rf_read(sc, 1, &rf);
4256 rf &= ~0xfc;
4257 if (sc->ntxchains == 1)
4258 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4259 else if (sc->ntxchains == 2)
4260 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4261 if (sc->nrxchains == 1)
4262 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4263 else if (sc->nrxchains == 2)
4264 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4265 run_rt3070_rf_write(sc, 1, rf);
4266
4267 /* set RF offset */
4268 run_rt3070_rf_read(sc, 23, &rf);
4269 rf = (rf & ~0x7f) | sc->freq;
4270 run_rt3070_rf_write(sc, 23, rf);
4271
4272 /* program RF filter */
4273 rf = sc->rf24_20mhz;
4274 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4275 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4276
4277 /* enable RF tuning */
4278 run_rt3070_rf_read(sc, 7, &rf);
4279 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4280 run_rt3070_rf_write(sc, 7, rf);
4281
4282 /* TSSI */
4283 rf = (chan <= 14) ? 0xc3 : 0xc0;
4284 run_rt3070_rf_write(sc, 9, rf);
4285
4286 /* set loop filter 1 */
4287 run_rt3070_rf_write(sc, 10, 0xf1);
4288 /* set loop filter 2 */
4289 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4290
4291 /* set tx_mx2_ic */
4292 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4293 /* set tx_mx1_ic */
4294 if (chan <= 14)
4295 rf = 0x48 | sc->txmixgain_2ghz;
4296 else
4297 rf = 0x78 | sc->txmixgain_5ghz;
4298 run_rt3070_rf_write(sc, 16, rf);
4299
4300 /* set tx_lo1 */
4301 run_rt3070_rf_write(sc, 17, 0x23);
4302 /* set tx_lo2 */
4303 if (chan <= 14)
4304 rf = 0x93;
4305 else if (chan <= 64)
4306 rf = 0xb7;
4307 else if (chan <= 128)
4308 rf = 0x74;
4309 else
4310 rf = 0x72;
4311 run_rt3070_rf_write(sc, 19, rf);
4312
4313 /* set rx_lo1 */
4314 if (chan <= 14)
4315 rf = 0xb3;
4316 else if (chan <= 64)
4317 rf = 0xf6;
4318 else if (chan <= 128)
4319 rf = 0xf4;
4320 else
4321 rf = 0xf3;
4322 run_rt3070_rf_write(sc, 20, rf);
4323
4324 /* set pfd_delay */
4325 if (chan <= 14)
4326 rf = 0x15;
4327 else if (chan <= 64)
4328 rf = 0x3d;
4329 else
4330 rf = 0x01;
4331 run_rt3070_rf_write(sc, 25, rf);
4332
4333 /* set rx_lo2 */
4334 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4335 /* set ldo_rf_vc */
4336 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4337 /* set drv_cc */
4338 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4339
4340 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4341 tmp &= ~0x8080;
4342 if (chan <= 14)
4343 tmp |= 0x80;
4344 run_write(sc, RT2860_GPIO_CTRL, tmp);
4345
4346 /* enable RF tuning */
4347 run_rt3070_rf_read(sc, 7, &rf);
4348 run_rt3070_rf_write(sc, 7, rf | 0x01);
4349
4350 run_delay(sc, 2);
4351 }
4352
4353 static void
run_rt3593_set_chan(struct run_softc * sc,u_int chan)4354 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4355 {
4356 int8_t txpow1, txpow2, txpow3;
4357 uint8_t h20mhz, rf;
4358 int i;
4359
4360 /* find the settings for this channel (we know it exists) */
4361 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4362
4363 /* use Tx power values from EEPROM */
4364 txpow1 = sc->txpow1[i];
4365 txpow2 = sc->txpow2[i];
4366 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4367
4368 if (chan <= 14) {
4369 run_bbp_write(sc, 25, sc->bbp25);
4370 run_bbp_write(sc, 26, sc->bbp26);
4371 } else {
4372 /* Enable IQ phase correction. */
4373 run_bbp_write(sc, 25, 0x09);
4374 run_bbp_write(sc, 26, 0xff);
4375 }
4376
4377 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4378 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4379 run_rt3070_rf_read(sc, 11, &rf);
4380 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4381 run_rt3070_rf_write(sc, 11, rf);
4382
4383 /* Set pll_idoh. */
4384 run_rt3070_rf_read(sc, 11, &rf);
4385 rf &= ~0x4c;
4386 rf |= (chan <= 14) ? 0x44 : 0x48;
4387 run_rt3070_rf_write(sc, 11, rf);
4388
4389 if (chan <= 14)
4390 rf = txpow1 & 0x1f;
4391 else
4392 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4393 run_rt3070_rf_write(sc, 53, rf);
4394
4395 if (chan <= 14)
4396 rf = txpow2 & 0x1f;
4397 else
4398 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4399 run_rt3070_rf_write(sc, 55, rf);
4400
4401 if (chan <= 14)
4402 rf = txpow3 & 0x1f;
4403 else
4404 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4405 run_rt3070_rf_write(sc, 54, rf);
4406
4407 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4408 if (sc->ntxchains == 3)
4409 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4410 else
4411 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4412 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4413 run_rt3070_rf_write(sc, 1, rf);
4414
4415 run_adjust_freq_offset(sc);
4416
4417 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4418
4419 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4420 run_rt3070_rf_read(sc, 30, &rf);
4421 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4422 run_rt3070_rf_write(sc, 30, rf);
4423
4424 run_rt3070_rf_read(sc, 36, &rf);
4425 if (chan <= 14)
4426 rf |= 0x80;
4427 else
4428 rf &= ~0x80;
4429 run_rt3070_rf_write(sc, 36, rf);
4430
4431 /* Set vcolo_bs. */
4432 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4433 /* Set pfd_delay. */
4434 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4435
4436 /* Set vco bias current control. */
4437 run_rt3070_rf_read(sc, 6, &rf);
4438 rf &= ~0xc0;
4439 if (chan <= 14)
4440 rf |= 0x40;
4441 else if (chan <= 128)
4442 rf |= 0x80;
4443 else
4444 rf |= 0x40;
4445 run_rt3070_rf_write(sc, 6, rf);
4446
4447 run_rt3070_rf_read(sc, 30, &rf);
4448 rf = (rf & ~0x18) | 0x10;
4449 run_rt3070_rf_write(sc, 30, rf);
4450
4451 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4452 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4453
4454 run_rt3070_rf_read(sc, 51, &rf);
4455 rf = (rf & ~0x03) | 0x01;
4456 run_rt3070_rf_write(sc, 51, rf);
4457 /* Set tx_mx1_cc. */
4458 run_rt3070_rf_read(sc, 51, &rf);
4459 rf &= ~0x1c;
4460 rf |= (chan <= 14) ? 0x14 : 0x10;
4461 run_rt3070_rf_write(sc, 51, rf);
4462 /* Set tx_mx1_ic. */
4463 run_rt3070_rf_read(sc, 51, &rf);
4464 rf &= ~0xe0;
4465 rf |= (chan <= 14) ? 0x60 : 0x40;
4466 run_rt3070_rf_write(sc, 51, rf);
4467 /* Set tx_lo1_ic. */
4468 run_rt3070_rf_read(sc, 49, &rf);
4469 rf &= ~0x1c;
4470 rf |= (chan <= 14) ? 0x0c : 0x08;
4471 run_rt3070_rf_write(sc, 49, rf);
4472 /* Set tx_lo1_en. */
4473 run_rt3070_rf_read(sc, 50, &rf);
4474 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4475 /* Set drv_cc. */
4476 run_rt3070_rf_read(sc, 57, &rf);
4477 rf &= ~0xfc;
4478 rf |= (chan <= 14) ? 0x6c : 0x3c;
4479 run_rt3070_rf_write(sc, 57, rf);
4480 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4481 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4482 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4483 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4484 /* Enable VCO calibration. */
4485 run_rt3070_rf_read(sc, 3, &rf);
4486 rf &= ~RT5390_VCOCAL;
4487 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4488 run_rt3070_rf_write(sc, 3, rf);
4489
4490 if (chan <= 14)
4491 rf = 0x23;
4492 else if (chan <= 64)
4493 rf = 0x36;
4494 else if (chan <= 128)
4495 rf = 0x32;
4496 else
4497 rf = 0x30;
4498 run_rt3070_rf_write(sc, 39, rf);
4499 if (chan <= 14)
4500 rf = 0xbb;
4501 else if (chan <= 64)
4502 rf = 0xeb;
4503 else if (chan <= 128)
4504 rf = 0xb3;
4505 else
4506 rf = 0x9b;
4507 run_rt3070_rf_write(sc, 45, rf);
4508
4509 /* Set FEQ/AEQ control. */
4510 run_bbp_write(sc, 105, 0x34);
4511 }
4512
4513 static void
run_rt5390_set_chan(struct run_softc * sc,u_int chan)4514 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4515 {
4516 int8_t txpow1, txpow2;
4517 uint8_t rf;
4518 int i;
4519
4520 /* find the settings for this channel (we know it exists) */
4521 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4522
4523 /* use Tx power values from EEPROM */
4524 txpow1 = sc->txpow1[i];
4525 txpow2 = sc->txpow2[i];
4526
4527 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4528 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4529 run_rt3070_rf_read(sc, 11, &rf);
4530 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4531 run_rt3070_rf_write(sc, 11, rf);
4532
4533 run_rt3070_rf_read(sc, 49, &rf);
4534 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4535 /* The valid range of the RF R49 is 0x00 to 0x27. */
4536 if ((rf & 0x3f) > 0x27)
4537 rf = (rf & ~0x3f) | 0x27;
4538 run_rt3070_rf_write(sc, 49, rf);
4539
4540 if (sc->mac_ver == 0x5392) {
4541 run_rt3070_rf_read(sc, 50, &rf);
4542 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4543 /* The valid range of the RF R50 is 0x00 to 0x27. */
4544 if ((rf & 0x3f) > 0x27)
4545 rf = (rf & ~0x3f) | 0x27;
4546 run_rt3070_rf_write(sc, 50, rf);
4547 }
4548
4549 run_rt3070_rf_read(sc, 1, &rf);
4550 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4551 if (sc->mac_ver == 0x5392)
4552 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4553 run_rt3070_rf_write(sc, 1, rf);
4554
4555 if (sc->mac_ver != 0x5392) {
4556 run_rt3070_rf_read(sc, 2, &rf);
4557 rf |= 0x80;
4558 run_rt3070_rf_write(sc, 2, rf);
4559 run_delay(sc, 10);
4560 rf &= 0x7f;
4561 run_rt3070_rf_write(sc, 2, rf);
4562 }
4563
4564 run_adjust_freq_offset(sc);
4565
4566 if (sc->mac_ver == 0x5392) {
4567 /* Fix for RT5392C. */
4568 if (sc->mac_rev >= 0x0223) {
4569 if (chan <= 4)
4570 rf = 0x0f;
4571 else if (chan >= 5 && chan <= 7)
4572 rf = 0x0e;
4573 else
4574 rf = 0x0d;
4575 run_rt3070_rf_write(sc, 23, rf);
4576
4577 if (chan <= 4)
4578 rf = 0x0c;
4579 else if (chan == 5)
4580 rf = 0x0b;
4581 else if (chan >= 6 && chan <= 7)
4582 rf = 0x0a;
4583 else if (chan >= 8 && chan <= 10)
4584 rf = 0x09;
4585 else
4586 rf = 0x08;
4587 run_rt3070_rf_write(sc, 59, rf);
4588 } else {
4589 if (chan <= 11)
4590 rf = 0x0f;
4591 else
4592 rf = 0x0b;
4593 run_rt3070_rf_write(sc, 59, rf);
4594 }
4595 } else {
4596 /* Fix for RT5390F. */
4597 if (sc->mac_rev >= 0x0502) {
4598 if (chan <= 11)
4599 rf = 0x43;
4600 else
4601 rf = 0x23;
4602 run_rt3070_rf_write(sc, 55, rf);
4603
4604 if (chan <= 11)
4605 rf = 0x0f;
4606 else if (chan == 12)
4607 rf = 0x0d;
4608 else
4609 rf = 0x0b;
4610 run_rt3070_rf_write(sc, 59, rf);
4611 } else {
4612 run_rt3070_rf_write(sc, 55, 0x44);
4613 run_rt3070_rf_write(sc, 59, 0x8f);
4614 }
4615 }
4616
4617 /* Enable VCO calibration. */
4618 run_rt3070_rf_read(sc, 3, &rf);
4619 rf |= RT5390_VCOCAL;
4620 run_rt3070_rf_write(sc, 3, rf);
4621 }
4622
4623 static void
run_rt5592_set_chan(struct run_softc * sc,u_int chan)4624 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4625 {
4626 const struct rt5592_freqs *freqs;
4627 uint32_t tmp;
4628 uint8_t reg, rf, txpow_bound;
4629 int8_t txpow1, txpow2;
4630 int i;
4631
4632 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4633 freqs = (tmp & RT5592_SEL_XTAL) ?
4634 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4635
4636 /* find the settings for this channel (we know it exists) */
4637 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4638
4639 /* use Tx power values from EEPROM */
4640 txpow1 = sc->txpow1[i];
4641 txpow2 = sc->txpow2[i];
4642
4643 run_read(sc, RT3070_LDO_CFG0, &tmp);
4644 tmp &= ~0x1c000000;
4645 if (chan > 14)
4646 tmp |= 0x14000000;
4647 run_write(sc, RT3070_LDO_CFG0, tmp);
4648
4649 /* N setting. */
4650 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4651 run_rt3070_rf_read(sc, 9, &rf);
4652 rf &= ~(1 << 4);
4653 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4654 run_rt3070_rf_write(sc, 9, rf);
4655
4656 /* K setting. */
4657 run_rt3070_rf_read(sc, 9, &rf);
4658 rf &= ~0x0f;
4659 rf |= (freqs->k & 0x0f);
4660 run_rt3070_rf_write(sc, 9, rf);
4661
4662 /* Mode setting. */
4663 run_rt3070_rf_read(sc, 11, &rf);
4664 rf &= ~0x0c;
4665 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4666 run_rt3070_rf_write(sc, 11, rf);
4667 run_rt3070_rf_read(sc, 9, &rf);
4668 rf &= ~(1 << 7);
4669 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4670 run_rt3070_rf_write(sc, 9, rf);
4671
4672 /* R setting. */
4673 run_rt3070_rf_read(sc, 11, &rf);
4674 rf &= ~0x03;
4675 rf |= (freqs->r - 0x1);
4676 run_rt3070_rf_write(sc, 11, rf);
4677
4678 if (chan <= 14) {
4679 /* Initialize RF registers for 2GHZ. */
4680 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4681 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4682 rt5592_2ghz_def_rf[i].val);
4683 }
4684
4685 rf = (chan <= 10) ? 0x07 : 0x06;
4686 run_rt3070_rf_write(sc, 23, rf);
4687 run_rt3070_rf_write(sc, 59, rf);
4688
4689 run_rt3070_rf_write(sc, 55, 0x43);
4690
4691 /*
4692 * RF R49/R50 Tx power ALC code.
4693 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4694 */
4695 reg = 2;
4696 txpow_bound = 0x27;
4697 } else {
4698 /* Initialize RF registers for 5GHZ. */
4699 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4700 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4701 rt5592_5ghz_def_rf[i].val);
4702 }
4703 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4704 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4705 chan <= rt5592_chan_5ghz[i].lastchan) {
4706 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4707 rt5592_chan_5ghz[i].val);
4708 }
4709 }
4710
4711 /*
4712 * RF R49/R50 Tx power ALC code.
4713 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4714 */
4715 reg = 3;
4716 txpow_bound = 0x2b;
4717 }
4718
4719 /* RF R49 ch0 Tx power ALC code. */
4720 run_rt3070_rf_read(sc, 49, &rf);
4721 rf &= ~0xc0;
4722 rf |= (reg << 6);
4723 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4724 if ((rf & 0x3f) > txpow_bound)
4725 rf = (rf & ~0x3f) | txpow_bound;
4726 run_rt3070_rf_write(sc, 49, rf);
4727
4728 /* RF R50 ch1 Tx power ALC code. */
4729 run_rt3070_rf_read(sc, 50, &rf);
4730 rf &= ~(1 << 7 | 1 << 6);
4731 rf |= (reg << 6);
4732 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4733 if ((rf & 0x3f) > txpow_bound)
4734 rf = (rf & ~0x3f) | txpow_bound;
4735 run_rt3070_rf_write(sc, 50, rf);
4736
4737 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4738 run_rt3070_rf_read(sc, 1, &rf);
4739 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4740 if (sc->ntxchains > 1)
4741 rf |= RT3070_TX1_PD;
4742 if (sc->nrxchains > 1)
4743 rf |= RT3070_RX1_PD;
4744 run_rt3070_rf_write(sc, 1, rf);
4745
4746 run_rt3070_rf_write(sc, 6, 0xe4);
4747
4748 run_rt3070_rf_write(sc, 30, 0x10);
4749 run_rt3070_rf_write(sc, 31, 0x80);
4750 run_rt3070_rf_write(sc, 32, 0x80);
4751
4752 run_adjust_freq_offset(sc);
4753
4754 /* Enable VCO calibration. */
4755 run_rt3070_rf_read(sc, 3, &rf);
4756 rf |= RT5390_VCOCAL;
4757 run_rt3070_rf_write(sc, 3, rf);
4758 }
4759
4760 static void
run_set_rx_antenna(struct run_softc * sc,int aux)4761 run_set_rx_antenna(struct run_softc *sc, int aux)
4762 {
4763 uint32_t tmp;
4764 uint8_t bbp152;
4765
4766 if (aux) {
4767 if (sc->rf_rev == RT5390_RF_5370) {
4768 run_bbp_read(sc, 152, &bbp152);
4769 run_bbp_write(sc, 152, bbp152 & ~0x80);
4770 } else {
4771 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4772 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4773 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4774 }
4775 } else {
4776 if (sc->rf_rev == RT5390_RF_5370) {
4777 run_bbp_read(sc, 152, &bbp152);
4778 run_bbp_write(sc, 152, bbp152 | 0x80);
4779 } else {
4780 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4781 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4782 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4783 }
4784 }
4785 }
4786
4787 static int
run_set_chan(struct run_softc * sc,struct ieee80211_channel * c)4788 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4789 {
4790 struct ieee80211com *ic = &sc->sc_ic;
4791 u_int chan, group;
4792
4793 chan = ieee80211_chan2ieee(ic, c);
4794 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4795 return (EINVAL);
4796
4797 if (sc->mac_ver == 0x5592)
4798 run_rt5592_set_chan(sc, chan);
4799 else if (sc->mac_ver >= 0x5390)
4800 run_rt5390_set_chan(sc, chan);
4801 else if (sc->mac_ver == 0x3593)
4802 run_rt3593_set_chan(sc, chan);
4803 else if (sc->mac_ver == 0x3572)
4804 run_rt3572_set_chan(sc, chan);
4805 else if (sc->mac_ver >= 0x3070)
4806 run_rt3070_set_chan(sc, chan);
4807 else
4808 run_rt2870_set_chan(sc, chan);
4809
4810 /* determine channel group */
4811 if (chan <= 14)
4812 group = 0;
4813 else if (chan <= 64)
4814 group = 1;
4815 else if (chan <= 128)
4816 group = 2;
4817 else
4818 group = 3;
4819
4820 /* XXX necessary only when group has changed! */
4821 run_select_chan_group(sc, group);
4822
4823 run_delay(sc, 10);
4824
4825 /* Perform IQ calibration. */
4826 if (sc->mac_ver >= 0x5392)
4827 run_iq_calib(sc, chan);
4828
4829 return (0);
4830 }
4831
4832 static void
run_set_channel(struct ieee80211com * ic)4833 run_set_channel(struct ieee80211com *ic)
4834 {
4835 struct run_softc *sc = ic->ic_softc;
4836
4837 RUN_LOCK(sc);
4838 run_set_chan(sc, ic->ic_curchan);
4839 RUN_UNLOCK(sc);
4840
4841 return;
4842 }
4843
4844 static void
run_getradiocaps(struct ieee80211com * ic,int maxchans,int * nchans,struct ieee80211_channel chans[])4845 run_getradiocaps(struct ieee80211com *ic,
4846 int maxchans, int *nchans, struct ieee80211_channel chans[])
4847 {
4848 struct run_softc *sc = ic->ic_softc;
4849 uint8_t bands[IEEE80211_MODE_BYTES];
4850
4851 memset(bands, 0, sizeof(bands));
4852 setbit(bands, IEEE80211_MODE_11B);
4853 setbit(bands, IEEE80211_MODE_11G);
4854 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0);
4855
4856 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
4857 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
4858 sc->rf_rev == RT5592_RF_5592) {
4859 setbit(bands, IEEE80211_MODE_11A);
4860 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
4861 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0);
4862 }
4863 }
4864
4865 static void
run_scan_start(struct ieee80211com * ic)4866 run_scan_start(struct ieee80211com *ic)
4867 {
4868 struct run_softc *sc = ic->ic_softc;
4869
4870 RUN_LOCK(sc);
4871
4872 /* abort TSF synchronization */
4873 run_disable_tsf(sc);
4874 run_set_bssid(sc, ieee80211broadcastaddr);
4875
4876 RUN_UNLOCK(sc);
4877
4878 return;
4879 }
4880
4881 static void
run_scan_end(struct ieee80211com * ic)4882 run_scan_end(struct ieee80211com *ic)
4883 {
4884 struct run_softc *sc = ic->ic_softc;
4885
4886 RUN_LOCK(sc);
4887
4888 run_enable_tsf_sync(sc);
4889 run_set_bssid(sc, sc->sc_bssid);
4890
4891 RUN_UNLOCK(sc);
4892
4893 return;
4894 }
4895
4896 /*
4897 * Could be called from ieee80211_node_timeout()
4898 * (non-sleepable thread)
4899 */
4900 static void
run_update_beacon(struct ieee80211vap * vap,int item)4901 run_update_beacon(struct ieee80211vap *vap, int item)
4902 {
4903 struct ieee80211com *ic = vap->iv_ic;
4904 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4905 struct ieee80211_node *ni = vap->iv_bss;
4906 struct run_softc *sc = ic->ic_softc;
4907 struct run_vap *rvp = RUN_VAP(vap);
4908 int mcast = 0;
4909 uint32_t i;
4910
4911 switch (item) {
4912 case IEEE80211_BEACON_ERP:
4913 run_updateslot(ic);
4914 break;
4915 case IEEE80211_BEACON_HTINFO:
4916 run_updateprot(ic);
4917 break;
4918 case IEEE80211_BEACON_TIM:
4919 mcast = 1; /*TODO*/
4920 break;
4921 default:
4922 break;
4923 }
4924
4925 setbit(bo->bo_flags, item);
4926 if (rvp->beacon_mbuf == NULL) {
4927 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4928 if (rvp->beacon_mbuf == NULL)
4929 return;
4930 }
4931 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
4932
4933 i = RUN_CMDQ_GET(&sc->cmdq_store);
4934 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
4935 sc->cmdq[i].func = run_update_beacon_cb;
4936 sc->cmdq[i].arg0 = vap;
4937 ieee80211_runtask(ic, &sc->cmdq_task);
4938
4939 return;
4940 }
4941
4942 static void
run_update_beacon_cb(void * arg)4943 run_update_beacon_cb(void *arg)
4944 {
4945 struct ieee80211vap *vap = arg;
4946 struct ieee80211_node *ni = vap->iv_bss;
4947 struct run_vap *rvp = RUN_VAP(vap);
4948 struct ieee80211com *ic = vap->iv_ic;
4949 struct run_softc *sc = ic->ic_softc;
4950 struct rt2860_txwi txwi;
4951 struct mbuf *m;
4952 uint16_t txwisize;
4953 uint8_t ridx;
4954
4955 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
4956 return;
4957 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4958 return;
4959
4960 /*
4961 * No need to call ieee80211_beacon_update(), run_update_beacon()
4962 * is taking care of appropriate calls.
4963 */
4964 if (rvp->beacon_mbuf == NULL) {
4965 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4966 if (rvp->beacon_mbuf == NULL)
4967 return;
4968 }
4969 m = rvp->beacon_mbuf;
4970
4971 memset(&txwi, 0, sizeof(txwi));
4972 txwi.wcid = 0xff;
4973 txwi.len = htole16(m->m_pkthdr.len);
4974
4975 /* send beacons at the lowest available rate */
4976 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4977 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4978 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4979 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4980 txwi.phy |= htole16(RT2860_PHY_OFDM);
4981 txwi.txop = RT2860_TX_TXOP_HT;
4982 txwi.flags = RT2860_TX_TS;
4983 txwi.xflags = RT2860_TX_NSEQ;
4984
4985 txwisize = (sc->mac_ver == 0x5592) ?
4986 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4987 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4988 txwisize);
4989 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4990 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4991 }
4992
4993 static void
run_updateprot(struct ieee80211com * ic)4994 run_updateprot(struct ieee80211com *ic)
4995 {
4996 struct run_softc *sc = ic->ic_softc;
4997 uint32_t i;
4998
4999 i = RUN_CMDQ_GET(&sc->cmdq_store);
5000 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5001 sc->cmdq[i].func = run_updateprot_cb;
5002 sc->cmdq[i].arg0 = ic;
5003 ieee80211_runtask(ic, &sc->cmdq_task);
5004 }
5005
5006 static void
run_updateprot_cb(void * arg)5007 run_updateprot_cb(void *arg)
5008 {
5009 struct ieee80211com *ic = arg;
5010 struct run_softc *sc = ic->ic_softc;
5011 uint32_t tmp;
5012
5013 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5014 /* setup protection frame rate (MCS code) */
5015 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5016 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5017 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5018
5019 /* CCK frames don't require protection */
5020 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5021 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5022 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5023 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5024 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5025 tmp |= RT2860_PROT_CTRL_CTS;
5026 }
5027 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5028 }
5029
5030 static void
run_usb_timeout_cb(void * arg)5031 run_usb_timeout_cb(void *arg)
5032 {
5033 struct ieee80211vap *vap = arg;
5034 struct run_softc *sc = vap->iv_ic->ic_softc;
5035
5036 RUN_LOCK_ASSERT(sc, MA_OWNED);
5037
5038 if(vap->iv_state == IEEE80211_S_RUN &&
5039 vap->iv_opmode != IEEE80211_M_STA)
5040 run_reset_livelock(sc);
5041 else if (vap->iv_state == IEEE80211_S_SCAN) {
5042 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5043 "timeout caused by scan\n");
5044 /* cancel bgscan */
5045 ieee80211_cancel_scan(vap);
5046 } else
5047 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5048 "timeout by unknown cause\n");
5049 }
5050
5051 static void
run_reset_livelock(struct run_softc * sc)5052 run_reset_livelock(struct run_softc *sc)
5053 {
5054 uint32_t tmp;
5055
5056 RUN_LOCK_ASSERT(sc, MA_OWNED);
5057
5058 /*
5059 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5060 * can run into a livelock and start sending CTS-to-self frames like
5061 * crazy if protection is enabled. Reset MAC/BBP for a while
5062 */
5063 run_read(sc, RT2860_DEBUG, &tmp);
5064 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp);
5065 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5066 RUN_DPRINTF(sc, RUN_DEBUG_RESET,
5067 "CTS-to-self livelock detected\n");
5068 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5069 run_delay(sc, 1);
5070 run_write(sc, RT2860_MAC_SYS_CTRL,
5071 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5072 }
5073 }
5074
5075 static void
run_update_promisc_locked(struct run_softc * sc)5076 run_update_promisc_locked(struct run_softc *sc)
5077 {
5078 uint32_t tmp;
5079
5080 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5081
5082 tmp |= RT2860_DROP_UC_NOME;
5083 if (sc->sc_ic.ic_promisc > 0)
5084 tmp &= ~RT2860_DROP_UC_NOME;
5085
5086 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5087
5088 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n",
5089 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving");
5090 }
5091
5092 static void
run_update_promisc(struct ieee80211com * ic)5093 run_update_promisc(struct ieee80211com *ic)
5094 {
5095 struct run_softc *sc = ic->ic_softc;
5096
5097 if ((sc->sc_flags & RUN_RUNNING) == 0)
5098 return;
5099
5100 RUN_LOCK(sc);
5101 run_update_promisc_locked(sc);
5102 RUN_UNLOCK(sc);
5103 }
5104
5105 static void
run_enable_tsf_sync(struct run_softc * sc)5106 run_enable_tsf_sync(struct run_softc *sc)
5107 {
5108 struct ieee80211com *ic = &sc->sc_ic;
5109 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5110 uint32_t tmp;
5111
5112 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n",
5113 RUN_VAP(vap)->rvp_id, ic->ic_opmode);
5114
5115 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5116 tmp &= ~0x1fffff;
5117 tmp |= vap->iv_bss->ni_intval * 16;
5118 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5119
5120 if (ic->ic_opmode == IEEE80211_M_STA) {
5121 /*
5122 * Local TSF is always updated with remote TSF on beacon
5123 * reception.
5124 */
5125 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5126 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5127 tmp |= RT2860_BCN_TX_EN;
5128 /*
5129 * Local TSF is updated with remote TSF on beacon reception
5130 * only if the remote TSF is greater than local TSF.
5131 */
5132 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5133 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5134 ic->ic_opmode == IEEE80211_M_MBSS) {
5135 tmp |= RT2860_BCN_TX_EN;
5136 /* SYNC with nobody */
5137 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5138 } else {
5139 RUN_DPRINTF(sc, RUN_DEBUG_BEACON,
5140 "Enabling TSF failed. undefined opmode\n");
5141 return;
5142 }
5143
5144 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5145 }
5146
5147 static void
run_enable_tsf(struct run_softc * sc)5148 run_enable_tsf(struct run_softc *sc)
5149 {
5150 uint32_t tmp;
5151
5152 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5153 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5154 tmp |= RT2860_TSF_TIMER_EN;
5155 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5156 }
5157 }
5158
5159 static void
run_disable_tsf(struct run_softc * sc)5160 run_disable_tsf(struct run_softc *sc)
5161 {
5162 uint32_t tmp;
5163
5164 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5165 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
5166 RT2860_TBTT_TIMER_EN);
5167 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5168 }
5169 }
5170
5171 static void
run_get_tsf(struct run_softc * sc,uint64_t * buf)5172 run_get_tsf(struct run_softc *sc, uint64_t *buf)
5173 {
5174 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5175 sizeof(*buf));
5176 }
5177
5178 static void
run_enable_mrr(struct run_softc * sc)5179 run_enable_mrr(struct run_softc *sc)
5180 {
5181 #define CCK(mcs) (mcs)
5182 #define OFDM(mcs) (1 << 3 | (mcs))
5183 run_write(sc, RT2860_LG_FBK_CFG0,
5184 OFDM(6) << 28 | /* 54->48 */
5185 OFDM(5) << 24 | /* 48->36 */
5186 OFDM(4) << 20 | /* 36->24 */
5187 OFDM(3) << 16 | /* 24->18 */
5188 OFDM(2) << 12 | /* 18->12 */
5189 OFDM(1) << 8 | /* 12-> 9 */
5190 OFDM(0) << 4 | /* 9-> 6 */
5191 OFDM(0)); /* 6-> 6 */
5192
5193 run_write(sc, RT2860_LG_FBK_CFG1,
5194 CCK(2) << 12 | /* 11->5.5 */
5195 CCK(1) << 8 | /* 5.5-> 2 */
5196 CCK(0) << 4 | /* 2-> 1 */
5197 CCK(0)); /* 1-> 1 */
5198 #undef OFDM
5199 #undef CCK
5200 }
5201
5202 static void
run_set_txpreamble(struct run_softc * sc)5203 run_set_txpreamble(struct run_softc *sc)
5204 {
5205 struct ieee80211com *ic = &sc->sc_ic;
5206 uint32_t tmp;
5207
5208 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5209 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5210 tmp |= RT2860_CCK_SHORT_EN;
5211 else
5212 tmp &= ~RT2860_CCK_SHORT_EN;
5213 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5214 }
5215
5216 static void
run_set_basicrates(struct run_softc * sc)5217 run_set_basicrates(struct run_softc *sc)
5218 {
5219 struct ieee80211com *ic = &sc->sc_ic;
5220
5221 /* set basic rates mask */
5222 if (ic->ic_curmode == IEEE80211_MODE_11B)
5223 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5224 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5225 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5226 else /* 11g */
5227 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5228 }
5229
5230 static void
run_set_leds(struct run_softc * sc,uint16_t which)5231 run_set_leds(struct run_softc *sc, uint16_t which)
5232 {
5233 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5234 which | (sc->leds & 0x7f));
5235 }
5236
5237 static void
run_set_bssid(struct run_softc * sc,const uint8_t * bssid)5238 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5239 {
5240 run_write(sc, RT2860_MAC_BSSID_DW0,
5241 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5242 run_write(sc, RT2860_MAC_BSSID_DW1,
5243 bssid[4] | bssid[5] << 8);
5244 }
5245
5246 static void
run_set_macaddr(struct run_softc * sc,const uint8_t * addr)5247 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5248 {
5249 run_write(sc, RT2860_MAC_ADDR_DW0,
5250 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5251 run_write(sc, RT2860_MAC_ADDR_DW1,
5252 addr[4] | addr[5] << 8 | 0xff << 16);
5253 }
5254
5255 static void
run_updateslot(struct ieee80211com * ic)5256 run_updateslot(struct ieee80211com *ic)
5257 {
5258 struct run_softc *sc = ic->ic_softc;
5259 uint32_t i;
5260
5261 i = RUN_CMDQ_GET(&sc->cmdq_store);
5262 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5263 sc->cmdq[i].func = run_updateslot_cb;
5264 sc->cmdq[i].arg0 = ic;
5265 ieee80211_runtask(ic, &sc->cmdq_task);
5266
5267 return;
5268 }
5269
5270 /* ARGSUSED */
5271 static void
run_updateslot_cb(void * arg)5272 run_updateslot_cb(void *arg)
5273 {
5274 struct ieee80211com *ic = arg;
5275 struct run_softc *sc = ic->ic_softc;
5276 uint32_t tmp;
5277
5278 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5279 tmp &= ~0xff;
5280 tmp |= IEEE80211_GET_SLOTTIME(ic);
5281 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5282 }
5283
5284 static void
run_update_mcast(struct ieee80211com * ic)5285 run_update_mcast(struct ieee80211com *ic)
5286 {
5287 }
5288
5289 static int8_t
run_rssi2dbm(struct run_softc * sc,uint8_t rssi,uint8_t rxchain)5290 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5291 {
5292 struct ieee80211com *ic = &sc->sc_ic;
5293 struct ieee80211_channel *c = ic->ic_curchan;
5294 int delta;
5295
5296 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5297 u_int chan = ieee80211_chan2ieee(ic, c);
5298 delta = sc->rssi_5ghz[rxchain];
5299
5300 /* determine channel group */
5301 if (chan <= 64)
5302 delta -= sc->lna[1];
5303 else if (chan <= 128)
5304 delta -= sc->lna[2];
5305 else
5306 delta -= sc->lna[3];
5307 } else
5308 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5309
5310 return (-12 - delta - rssi);
5311 }
5312
5313 static void
run_rt5390_bbp_init(struct run_softc * sc)5314 run_rt5390_bbp_init(struct run_softc *sc)
5315 {
5316 u_int i;
5317 uint8_t bbp;
5318
5319 /* Apply maximum likelihood detection for 2 stream case. */
5320 run_bbp_read(sc, 105, &bbp);
5321 if (sc->nrxchains > 1)
5322 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5323
5324 /* Avoid data lost and CRC error. */
5325 run_bbp_read(sc, 4, &bbp);
5326 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5327
5328 if (sc->mac_ver == 0x5592) {
5329 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5330 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5331 rt5592_def_bbp[i].val);
5332 }
5333 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5334 run_bbp_write(sc, 195, i + 0x80);
5335 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5336 }
5337 } else {
5338 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5339 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5340 rt5390_def_bbp[i].val);
5341 }
5342 }
5343 if (sc->mac_ver == 0x5392) {
5344 run_bbp_write(sc, 88, 0x90);
5345 run_bbp_write(sc, 95, 0x9a);
5346 run_bbp_write(sc, 98, 0x12);
5347 run_bbp_write(sc, 106, 0x12);
5348 run_bbp_write(sc, 134, 0xd0);
5349 run_bbp_write(sc, 135, 0xf6);
5350 run_bbp_write(sc, 148, 0x84);
5351 }
5352
5353 run_bbp_read(sc, 152, &bbp);
5354 run_bbp_write(sc, 152, bbp | 0x80);
5355
5356 /* Fix BBP254 for RT5592C. */
5357 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5358 run_bbp_read(sc, 254, &bbp);
5359 run_bbp_write(sc, 254, bbp | 0x80);
5360 }
5361
5362 /* Disable hardware antenna diversity. */
5363 if (sc->mac_ver == 0x5390)
5364 run_bbp_write(sc, 154, 0);
5365
5366 /* Initialize Rx CCK/OFDM frequency offset report. */
5367 run_bbp_write(sc, 142, 1);
5368 run_bbp_write(sc, 143, 57);
5369 }
5370
5371 static int
run_bbp_init(struct run_softc * sc)5372 run_bbp_init(struct run_softc *sc)
5373 {
5374 int i, error, ntries;
5375 uint8_t bbp0;
5376
5377 /* wait for BBP to wake up */
5378 for (ntries = 0; ntries < 20; ntries++) {
5379 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5380 return error;
5381 if (bbp0 != 0 && bbp0 != 0xff)
5382 break;
5383 }
5384 if (ntries == 20)
5385 return (ETIMEDOUT);
5386
5387 /* initialize BBP registers to default values */
5388 if (sc->mac_ver >= 0x5390)
5389 run_rt5390_bbp_init(sc);
5390 else {
5391 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5392 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5393 rt2860_def_bbp[i].val);
5394 }
5395 }
5396
5397 if (sc->mac_ver == 0x3593) {
5398 run_bbp_write(sc, 79, 0x13);
5399 run_bbp_write(sc, 80, 0x05);
5400 run_bbp_write(sc, 81, 0x33);
5401 run_bbp_write(sc, 86, 0x46);
5402 run_bbp_write(sc, 137, 0x0f);
5403 }
5404
5405 /* fix BBP84 for RT2860E */
5406 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5407 run_bbp_write(sc, 84, 0x19);
5408
5409 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5410 sc->mac_ver != 0x5592)) {
5411 run_bbp_write(sc, 79, 0x13);
5412 run_bbp_write(sc, 80, 0x05);
5413 run_bbp_write(sc, 81, 0x33);
5414 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5415 run_bbp_write(sc, 69, 0x16);
5416 run_bbp_write(sc, 73, 0x12);
5417 }
5418 return (0);
5419 }
5420
5421 static int
run_rt3070_rf_init(struct run_softc * sc)5422 run_rt3070_rf_init(struct run_softc *sc)
5423 {
5424 uint32_t tmp;
5425 uint8_t bbp4, mingain, rf, target;
5426 u_int i;
5427
5428 run_rt3070_rf_read(sc, 30, &rf);
5429 /* toggle RF R30 bit 7 */
5430 run_rt3070_rf_write(sc, 30, rf | 0x80);
5431 run_delay(sc, 10);
5432 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5433
5434 /* initialize RF registers to default value */
5435 if (sc->mac_ver == 0x3572) {
5436 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5437 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5438 rt3572_def_rf[i].val);
5439 }
5440 } else {
5441 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5442 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5443 rt3070_def_rf[i].val);
5444 }
5445 }
5446
5447 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5448 /*
5449 * Change voltage from 1.2V to 1.35V for RT3070.
5450 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5451 * in RT3070(F).
5452 */
5453 run_read(sc, RT3070_LDO_CFG0, &tmp);
5454 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5455 run_write(sc, RT3070_LDO_CFG0, tmp);
5456
5457 } else if (sc->mac_ver == 0x3071) {
5458 run_rt3070_rf_read(sc, 6, &rf);
5459 run_rt3070_rf_write(sc, 6, rf | 0x40);
5460 run_rt3070_rf_write(sc, 31, 0x14);
5461
5462 run_read(sc, RT3070_LDO_CFG0, &tmp);
5463 tmp &= ~0x1f000000;
5464 if (sc->mac_rev < 0x0211)
5465 tmp |= 0x0d000000; /* 1.3V */
5466 else
5467 tmp |= 0x01000000; /* 1.2V */
5468 run_write(sc, RT3070_LDO_CFG0, tmp);
5469
5470 /* patch LNA_PE_G1 */
5471 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5472 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5473
5474 } else if (sc->mac_ver == 0x3572) {
5475 run_rt3070_rf_read(sc, 6, &rf);
5476 run_rt3070_rf_write(sc, 6, rf | 0x40);
5477
5478 /* increase voltage from 1.2V to 1.35V */
5479 run_read(sc, RT3070_LDO_CFG0, &tmp);
5480 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5481 run_write(sc, RT3070_LDO_CFG0, tmp);
5482
5483 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5484 run_delay(sc, 1); /* wait for 1msec */
5485 /* decrease voltage back to 1.2V */
5486 tmp = (tmp & ~0x1f000000) | 0x01000000;
5487 run_write(sc, RT3070_LDO_CFG0, tmp);
5488 }
5489 }
5490
5491 /* select 20MHz bandwidth */
5492 run_rt3070_rf_read(sc, 31, &rf);
5493 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5494
5495 /* calibrate filter for 20MHz bandwidth */
5496 sc->rf24_20mhz = 0x1f; /* default value */
5497 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5498 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5499
5500 /* select 40MHz bandwidth */
5501 run_bbp_read(sc, 4, &bbp4);
5502 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5503 run_rt3070_rf_read(sc, 31, &rf);
5504 run_rt3070_rf_write(sc, 31, rf | 0x20);
5505
5506 /* calibrate filter for 40MHz bandwidth */
5507 sc->rf24_40mhz = 0x2f; /* default value */
5508 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5509 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5510
5511 /* go back to 20MHz bandwidth */
5512 run_bbp_read(sc, 4, &bbp4);
5513 run_bbp_write(sc, 4, bbp4 & ~0x18);
5514
5515 if (sc->mac_ver == 0x3572) {
5516 /* save default BBP registers 25 and 26 values */
5517 run_bbp_read(sc, 25, &sc->bbp25);
5518 run_bbp_read(sc, 26, &sc->bbp26);
5519 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5520 run_rt3070_rf_write(sc, 27, 0x03);
5521
5522 run_read(sc, RT3070_OPT_14, &tmp);
5523 run_write(sc, RT3070_OPT_14, tmp | 1);
5524
5525 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5526 run_rt3070_rf_read(sc, 17, &rf);
5527 rf &= ~RT3070_TX_LO1;
5528 if ((sc->mac_ver == 0x3070 ||
5529 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5530 !sc->ext_2ghz_lna)
5531 rf |= 0x20; /* fix for long range Rx issue */
5532 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5533 if (sc->txmixgain_2ghz >= mingain)
5534 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5535 run_rt3070_rf_write(sc, 17, rf);
5536 }
5537
5538 if (sc->mac_ver == 0x3071) {
5539 run_rt3070_rf_read(sc, 1, &rf);
5540 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5541 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5542 run_rt3070_rf_write(sc, 1, rf);
5543
5544 run_rt3070_rf_read(sc, 15, &rf);
5545 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5546
5547 run_rt3070_rf_read(sc, 20, &rf);
5548 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5549
5550 run_rt3070_rf_read(sc, 21, &rf);
5551 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5552 }
5553
5554 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5555 /* fix Tx to Rx IQ glitch by raising RF voltage */
5556 run_rt3070_rf_read(sc, 27, &rf);
5557 rf &= ~0x77;
5558 if (sc->mac_rev < 0x0211)
5559 rf |= 0x03;
5560 run_rt3070_rf_write(sc, 27, rf);
5561 }
5562 return (0);
5563 }
5564
5565 static void
run_rt3593_rf_init(struct run_softc * sc)5566 run_rt3593_rf_init(struct run_softc *sc)
5567 {
5568 uint32_t tmp;
5569 uint8_t rf;
5570 u_int i;
5571
5572 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5573 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5574 tmp &= ~(1 << 4 | 1 << 7);
5575 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5576
5577 /* Initialize RF registers to default value. */
5578 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5579 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5580 rt3593_def_rf[i].val);
5581 }
5582
5583 /* Toggle RF R2 to initiate calibration. */
5584 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5585
5586 /* Initialize RF frequency offset. */
5587 run_adjust_freq_offset(sc);
5588
5589 run_rt3070_rf_read(sc, 18, &rf);
5590 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5591
5592 /*
5593 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5594 * decrease voltage back to 1.2V.
5595 */
5596 run_read(sc, RT3070_LDO_CFG0, &tmp);
5597 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5598 run_write(sc, RT3070_LDO_CFG0, tmp);
5599 run_delay(sc, 1);
5600 tmp = (tmp & ~0x1f000000) | 0x01000000;
5601 run_write(sc, RT3070_LDO_CFG0, tmp);
5602
5603 sc->rf24_20mhz = 0x1f;
5604 sc->rf24_40mhz = 0x2f;
5605
5606 /* Save default BBP registers 25 and 26 values. */
5607 run_bbp_read(sc, 25, &sc->bbp25);
5608 run_bbp_read(sc, 26, &sc->bbp26);
5609
5610 run_read(sc, RT3070_OPT_14, &tmp);
5611 run_write(sc, RT3070_OPT_14, tmp | 1);
5612 }
5613
5614 static void
run_rt5390_rf_init(struct run_softc * sc)5615 run_rt5390_rf_init(struct run_softc *sc)
5616 {
5617 uint32_t tmp;
5618 uint8_t rf;
5619 u_int i;
5620
5621 /* Toggle RF R2 to initiate calibration. */
5622 if (sc->mac_ver == 0x5390) {
5623 run_rt3070_rf_read(sc, 2, &rf);
5624 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5625 run_delay(sc, 10);
5626 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5627 } else {
5628 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5629 run_delay(sc, 10);
5630 }
5631
5632 /* Initialize RF registers to default value. */
5633 if (sc->mac_ver == 0x5592) {
5634 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5635 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5636 rt5592_def_rf[i].val);
5637 }
5638 /* Initialize RF frequency offset. */
5639 run_adjust_freq_offset(sc);
5640 } else if (sc->mac_ver == 0x5392) {
5641 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5642 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5643 rt5392_def_rf[i].val);
5644 }
5645 if (sc->mac_rev >= 0x0223) {
5646 run_rt3070_rf_write(sc, 23, 0x0f);
5647 run_rt3070_rf_write(sc, 24, 0x3e);
5648 run_rt3070_rf_write(sc, 51, 0x32);
5649 run_rt3070_rf_write(sc, 53, 0x22);
5650 run_rt3070_rf_write(sc, 56, 0xc1);
5651 run_rt3070_rf_write(sc, 59, 0x0f);
5652 }
5653 } else {
5654 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5655 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5656 rt5390_def_rf[i].val);
5657 }
5658 if (sc->mac_rev >= 0x0502) {
5659 run_rt3070_rf_write(sc, 6, 0xe0);
5660 run_rt3070_rf_write(sc, 25, 0x80);
5661 run_rt3070_rf_write(sc, 46, 0x73);
5662 run_rt3070_rf_write(sc, 53, 0x00);
5663 run_rt3070_rf_write(sc, 56, 0x42);
5664 run_rt3070_rf_write(sc, 61, 0xd1);
5665 }
5666 }
5667
5668 sc->rf24_20mhz = 0x1f; /* default value */
5669 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5670
5671 if (sc->mac_rev < 0x0211)
5672 run_rt3070_rf_write(sc, 27, 0x3);
5673
5674 run_read(sc, RT3070_OPT_14, &tmp);
5675 run_write(sc, RT3070_OPT_14, tmp | 1);
5676 }
5677
5678 static int
run_rt3070_filter_calib(struct run_softc * sc,uint8_t init,uint8_t target,uint8_t * val)5679 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5680 uint8_t *val)
5681 {
5682 uint8_t rf22, rf24;
5683 uint8_t bbp55_pb, bbp55_sb, delta;
5684 int ntries;
5685
5686 /* program filter */
5687 run_rt3070_rf_read(sc, 24, &rf24);
5688 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5689 run_rt3070_rf_write(sc, 24, rf24);
5690
5691 /* enable baseband loopback mode */
5692 run_rt3070_rf_read(sc, 22, &rf22);
5693 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5694
5695 /* set power and frequency of passband test tone */
5696 run_bbp_write(sc, 24, 0x00);
5697 for (ntries = 0; ntries < 100; ntries++) {
5698 /* transmit test tone */
5699 run_bbp_write(sc, 25, 0x90);
5700 run_delay(sc, 10);
5701 /* read received power */
5702 run_bbp_read(sc, 55, &bbp55_pb);
5703 if (bbp55_pb != 0)
5704 break;
5705 }
5706 if (ntries == 100)
5707 return (ETIMEDOUT);
5708
5709 /* set power and frequency of stopband test tone */
5710 run_bbp_write(sc, 24, 0x06);
5711 for (ntries = 0; ntries < 100; ntries++) {
5712 /* transmit test tone */
5713 run_bbp_write(sc, 25, 0x90);
5714 run_delay(sc, 10);
5715 /* read received power */
5716 run_bbp_read(sc, 55, &bbp55_sb);
5717
5718 delta = bbp55_pb - bbp55_sb;
5719 if (delta > target)
5720 break;
5721
5722 /* reprogram filter */
5723 rf24++;
5724 run_rt3070_rf_write(sc, 24, rf24);
5725 }
5726 if (ntries < 100) {
5727 if (rf24 != init)
5728 rf24--; /* backtrack */
5729 *val = rf24;
5730 run_rt3070_rf_write(sc, 24, rf24);
5731 }
5732
5733 /* restore initial state */
5734 run_bbp_write(sc, 24, 0x00);
5735
5736 /* disable baseband loopback mode */
5737 run_rt3070_rf_read(sc, 22, &rf22);
5738 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5739
5740 return (0);
5741 }
5742
5743 static void
run_rt3070_rf_setup(struct run_softc * sc)5744 run_rt3070_rf_setup(struct run_softc *sc)
5745 {
5746 uint8_t bbp, rf;
5747 int i;
5748
5749 if (sc->mac_ver == 0x3572) {
5750 /* enable DC filter */
5751 if (sc->mac_rev >= 0x0201)
5752 run_bbp_write(sc, 103, 0xc0);
5753
5754 run_bbp_read(sc, 138, &bbp);
5755 if (sc->ntxchains == 1)
5756 bbp |= 0x20; /* turn off DAC1 */
5757 if (sc->nrxchains == 1)
5758 bbp &= ~0x02; /* turn off ADC1 */
5759 run_bbp_write(sc, 138, bbp);
5760
5761 if (sc->mac_rev >= 0x0211) {
5762 /* improve power consumption */
5763 run_bbp_read(sc, 31, &bbp);
5764 run_bbp_write(sc, 31, bbp & ~0x03);
5765 }
5766
5767 run_rt3070_rf_read(sc, 16, &rf);
5768 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5769 run_rt3070_rf_write(sc, 16, rf);
5770
5771 } else if (sc->mac_ver == 0x3071) {
5772 if (sc->mac_rev >= 0x0211) {
5773 /* enable DC filter */
5774 run_bbp_write(sc, 103, 0xc0);
5775
5776 /* improve power consumption */
5777 run_bbp_read(sc, 31, &bbp);
5778 run_bbp_write(sc, 31, bbp & ~0x03);
5779 }
5780
5781 run_bbp_read(sc, 138, &bbp);
5782 if (sc->ntxchains == 1)
5783 bbp |= 0x20; /* turn off DAC1 */
5784 if (sc->nrxchains == 1)
5785 bbp &= ~0x02; /* turn off ADC1 */
5786 run_bbp_write(sc, 138, bbp);
5787
5788 run_write(sc, RT2860_TX_SW_CFG1, 0);
5789 if (sc->mac_rev < 0x0211) {
5790 run_write(sc, RT2860_TX_SW_CFG2,
5791 sc->patch_dac ? 0x2c : 0x0f);
5792 } else
5793 run_write(sc, RT2860_TX_SW_CFG2, 0);
5794
5795 } else if (sc->mac_ver == 0x3070) {
5796 if (sc->mac_rev >= 0x0201) {
5797 /* enable DC filter */
5798 run_bbp_write(sc, 103, 0xc0);
5799
5800 /* improve power consumption */
5801 run_bbp_read(sc, 31, &bbp);
5802 run_bbp_write(sc, 31, bbp & ~0x03);
5803 }
5804
5805 if (sc->mac_rev < 0x0201) {
5806 run_write(sc, RT2860_TX_SW_CFG1, 0);
5807 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5808 } else
5809 run_write(sc, RT2860_TX_SW_CFG2, 0);
5810 }
5811
5812 /* initialize RF registers from ROM for >=RT3071*/
5813 if (sc->mac_ver >= 0x3071) {
5814 for (i = 0; i < 10; i++) {
5815 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5816 continue;
5817 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5818 }
5819 }
5820 }
5821
5822 static void
run_rt3593_rf_setup(struct run_softc * sc)5823 run_rt3593_rf_setup(struct run_softc *sc)
5824 {
5825 uint8_t bbp, rf;
5826
5827 if (sc->mac_rev >= 0x0211) {
5828 /* Enable DC filter. */
5829 run_bbp_write(sc, 103, 0xc0);
5830 }
5831 run_write(sc, RT2860_TX_SW_CFG1, 0);
5832 if (sc->mac_rev < 0x0211) {
5833 run_write(sc, RT2860_TX_SW_CFG2,
5834 sc->patch_dac ? 0x2c : 0x0f);
5835 } else
5836 run_write(sc, RT2860_TX_SW_CFG2, 0);
5837
5838 run_rt3070_rf_read(sc, 50, &rf);
5839 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5840
5841 run_rt3070_rf_read(sc, 51, &rf);
5842 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5843 ((sc->txmixgain_2ghz & 0x07) << 2);
5844 run_rt3070_rf_write(sc, 51, rf);
5845
5846 run_rt3070_rf_read(sc, 38, &rf);
5847 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5848
5849 run_rt3070_rf_read(sc, 39, &rf);
5850 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5851
5852 run_rt3070_rf_read(sc, 1, &rf);
5853 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5854
5855 run_rt3070_rf_read(sc, 30, &rf);
5856 rf = (rf & ~0x18) | 0x10;
5857 run_rt3070_rf_write(sc, 30, rf);
5858
5859 /* Apply maximum likelihood detection for 2 stream case. */
5860 run_bbp_read(sc, 105, &bbp);
5861 if (sc->nrxchains > 1)
5862 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5863
5864 /* Avoid data lost and CRC error. */
5865 run_bbp_read(sc, 4, &bbp);
5866 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5867
5868 run_bbp_write(sc, 92, 0x02);
5869 run_bbp_write(sc, 82, 0x82);
5870 run_bbp_write(sc, 106, 0x05);
5871 run_bbp_write(sc, 104, 0x92);
5872 run_bbp_write(sc, 88, 0x90);
5873 run_bbp_write(sc, 148, 0xc8);
5874 run_bbp_write(sc, 47, 0x48);
5875 run_bbp_write(sc, 120, 0x50);
5876
5877 run_bbp_write(sc, 163, 0x9d);
5878
5879 /* SNR mapping. */
5880 run_bbp_write(sc, 142, 0x06);
5881 run_bbp_write(sc, 143, 0xa0);
5882 run_bbp_write(sc, 142, 0x07);
5883 run_bbp_write(sc, 143, 0xa1);
5884 run_bbp_write(sc, 142, 0x08);
5885 run_bbp_write(sc, 143, 0xa2);
5886
5887 run_bbp_write(sc, 31, 0x08);
5888 run_bbp_write(sc, 68, 0x0b);
5889 run_bbp_write(sc, 105, 0x04);
5890 }
5891
5892 static void
run_rt5390_rf_setup(struct run_softc * sc)5893 run_rt5390_rf_setup(struct run_softc *sc)
5894 {
5895 uint8_t bbp, rf;
5896
5897 if (sc->mac_rev >= 0x0211) {
5898 /* Enable DC filter. */
5899 run_bbp_write(sc, 103, 0xc0);
5900
5901 if (sc->mac_ver != 0x5592) {
5902 /* Improve power consumption. */
5903 run_bbp_read(sc, 31, &bbp);
5904 run_bbp_write(sc, 31, bbp & ~0x03);
5905 }
5906 }
5907
5908 run_bbp_read(sc, 138, &bbp);
5909 if (sc->ntxchains == 1)
5910 bbp |= 0x20; /* turn off DAC1 */
5911 if (sc->nrxchains == 1)
5912 bbp &= ~0x02; /* turn off ADC1 */
5913 run_bbp_write(sc, 138, bbp);
5914
5915 run_rt3070_rf_read(sc, 38, &rf);
5916 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5917
5918 run_rt3070_rf_read(sc, 39, &rf);
5919 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5920
5921 /* Avoid data lost and CRC error. */
5922 run_bbp_read(sc, 4, &bbp);
5923 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5924
5925 run_rt3070_rf_read(sc, 30, &rf);
5926 rf = (rf & ~0x18) | 0x10;
5927 run_rt3070_rf_write(sc, 30, rf);
5928
5929 if (sc->mac_ver != 0x5592) {
5930 run_write(sc, RT2860_TX_SW_CFG1, 0);
5931 if (sc->mac_rev < 0x0211) {
5932 run_write(sc, RT2860_TX_SW_CFG2,
5933 sc->patch_dac ? 0x2c : 0x0f);
5934 } else
5935 run_write(sc, RT2860_TX_SW_CFG2, 0);
5936 }
5937 }
5938
5939 static int
run_txrx_enable(struct run_softc * sc)5940 run_txrx_enable(struct run_softc *sc)
5941 {
5942 struct ieee80211com *ic = &sc->sc_ic;
5943 uint32_t tmp;
5944 int error, ntries;
5945
5946 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5947 for (ntries = 0; ntries < 200; ntries++) {
5948 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5949 return (error);
5950 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5951 break;
5952 run_delay(sc, 50);
5953 }
5954 if (ntries == 200)
5955 return (ETIMEDOUT);
5956
5957 run_delay(sc, 50);
5958
5959 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5960 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5961
5962 /* enable Rx bulk aggregation (set timeout and limit) */
5963 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5964 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5965 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5966
5967 /* set Rx filter */
5968 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5969 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5970 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5971 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5972 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5973 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5974 if (ic->ic_opmode == IEEE80211_M_STA)
5975 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5976 }
5977 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5978
5979 run_write(sc, RT2860_MAC_SYS_CTRL,
5980 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5981
5982 return (0);
5983 }
5984
5985 static void
run_adjust_freq_offset(struct run_softc * sc)5986 run_adjust_freq_offset(struct run_softc *sc)
5987 {
5988 uint8_t rf, tmp;
5989
5990 run_rt3070_rf_read(sc, 17, &rf);
5991 tmp = rf;
5992 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5993 rf = MIN(rf, 0x5f);
5994
5995 if (tmp != rf)
5996 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5997 }
5998
5999 static void
run_init_locked(struct run_softc * sc)6000 run_init_locked(struct run_softc *sc)
6001 {
6002 struct ieee80211com *ic = &sc->sc_ic;
6003 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6004 uint32_t tmp;
6005 uint8_t bbp1, bbp3;
6006 int i;
6007 int ridx;
6008 int ntries;
6009
6010 if (ic->ic_nrunning > 1)
6011 return;
6012
6013 run_stop(sc);
6014
6015 if (run_load_microcode(sc) != 0) {
6016 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
6017 goto fail;
6018 }
6019
6020 for (ntries = 0; ntries < 100; ntries++) {
6021 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
6022 goto fail;
6023 if (tmp != 0 && tmp != 0xffffffff)
6024 break;
6025 run_delay(sc, 10);
6026 }
6027 if (ntries == 100)
6028 goto fail;
6029
6030 for (i = 0; i != RUN_EP_QUEUES; i++)
6031 run_setup_tx_list(sc, &sc->sc_epq[i]);
6032
6033 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
6034
6035 for (ntries = 0; ntries < 100; ntries++) {
6036 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6037 goto fail;
6038 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6039 break;
6040 run_delay(sc, 10);
6041 }
6042 if (ntries == 100) {
6043 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6044 goto fail;
6045 }
6046 tmp &= 0xff0;
6047 tmp |= RT2860_TX_WB_DDONE;
6048 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6049
6050 /* turn off PME_OEN to solve high-current issue */
6051 run_read(sc, RT2860_SYS_CTRL, &tmp);
6052 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6053
6054 run_write(sc, RT2860_MAC_SYS_CTRL,
6055 RT2860_BBP_HRST | RT2860_MAC_SRST);
6056 run_write(sc, RT2860_USB_DMA_CFG, 0);
6057
6058 if (run_reset(sc) != 0) {
6059 device_printf(sc->sc_dev, "could not reset chipset\n");
6060 goto fail;
6061 }
6062
6063 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6064
6065 /* init Tx power for all Tx rates (from EEPROM) */
6066 for (ridx = 0; ridx < 5; ridx++) {
6067 if (sc->txpow20mhz[ridx] == 0xffffffff)
6068 continue;
6069 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6070 }
6071
6072 for (i = 0; i < nitems(rt2870_def_mac); i++)
6073 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6074 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6075 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6076 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6077
6078 if (sc->mac_ver >= 0x5390) {
6079 run_write(sc, RT2860_TX_SW_CFG0,
6080 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6081 if (sc->mac_ver >= 0x5392) {
6082 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6083 if (sc->mac_ver == 0x5592) {
6084 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6085 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6086 } else {
6087 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6088 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6089 }
6090 }
6091 } else if (sc->mac_ver == 0x3593) {
6092 run_write(sc, RT2860_TX_SW_CFG0,
6093 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6094 } else if (sc->mac_ver >= 0x3070) {
6095 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6096 run_write(sc, RT2860_TX_SW_CFG0,
6097 4 << RT2860_DLY_PAPE_EN_SHIFT);
6098 }
6099
6100 /* wait while MAC is busy */
6101 for (ntries = 0; ntries < 100; ntries++) {
6102 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6103 goto fail;
6104 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6105 break;
6106 run_delay(sc, 10);
6107 }
6108 if (ntries == 100)
6109 goto fail;
6110
6111 /* clear Host to MCU mailbox */
6112 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6113 run_write(sc, RT2860_H2M_MAILBOX, 0);
6114 run_delay(sc, 10);
6115
6116 if (run_bbp_init(sc) != 0) {
6117 device_printf(sc->sc_dev, "could not initialize BBP\n");
6118 goto fail;
6119 }
6120
6121 /* abort TSF synchronization */
6122 run_disable_tsf(sc);
6123
6124 /* clear RX WCID search table */
6125 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6126 /* clear WCID attribute table */
6127 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6128
6129 /* hostapd sets a key before init. So, don't clear it. */
6130 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6131 /* clear shared key table */
6132 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6133 /* clear shared key mode */
6134 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6135 }
6136
6137 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6138 tmp = (tmp & ~0xff) | 0x1e;
6139 run_write(sc, RT2860_US_CYC_CNT, tmp);
6140
6141 if (sc->mac_rev != 0x0101)
6142 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6143
6144 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6145 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6146
6147 /* write vendor-specific BBP values (from EEPROM) */
6148 if (sc->mac_ver < 0x3593) {
6149 for (i = 0; i < 10; i++) {
6150 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6151 continue;
6152 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6153 }
6154 }
6155
6156 /* select Main antenna for 1T1R devices */
6157 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6158 run_set_rx_antenna(sc, 0);
6159
6160 /* send LEDs operating mode to microcontroller */
6161 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6162 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6163 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6164
6165 if (sc->mac_ver >= 0x5390)
6166 run_rt5390_rf_init(sc);
6167 else if (sc->mac_ver == 0x3593)
6168 run_rt3593_rf_init(sc);
6169 else if (sc->mac_ver >= 0x3070)
6170 run_rt3070_rf_init(sc);
6171
6172 /* disable non-existing Rx chains */
6173 run_bbp_read(sc, 3, &bbp3);
6174 bbp3 &= ~(1 << 3 | 1 << 4);
6175 if (sc->nrxchains == 2)
6176 bbp3 |= 1 << 3;
6177 else if (sc->nrxchains == 3)
6178 bbp3 |= 1 << 4;
6179 run_bbp_write(sc, 3, bbp3);
6180
6181 /* disable non-existing Tx chains */
6182 run_bbp_read(sc, 1, &bbp1);
6183 if (sc->ntxchains == 1)
6184 bbp1 &= ~(1 << 3 | 1 << 4);
6185 run_bbp_write(sc, 1, bbp1);
6186
6187 if (sc->mac_ver >= 0x5390)
6188 run_rt5390_rf_setup(sc);
6189 else if (sc->mac_ver == 0x3593)
6190 run_rt3593_rf_setup(sc);
6191 else if (sc->mac_ver >= 0x3070)
6192 run_rt3070_rf_setup(sc);
6193
6194 /* select default channel */
6195 run_set_chan(sc, ic->ic_curchan);
6196
6197 /* setup initial protection mode */
6198 run_updateprot_cb(ic);
6199
6200 /* turn radio LED on */
6201 run_set_leds(sc, RT2860_LED_RADIO);
6202
6203 sc->sc_flags |= RUN_RUNNING;
6204 sc->cmdq_run = RUN_CMDQ_GO;
6205
6206 for (i = 0; i != RUN_N_XFER; i++)
6207 usbd_xfer_set_stall(sc->sc_xfer[i]);
6208
6209 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6210
6211 if (run_txrx_enable(sc) != 0)
6212 goto fail;
6213
6214 return;
6215
6216 fail:
6217 run_stop(sc);
6218 }
6219
6220 static void
run_stop(void * arg)6221 run_stop(void *arg)
6222 {
6223 struct run_softc *sc = (struct run_softc *)arg;
6224 uint32_t tmp;
6225 int i;
6226 int ntries;
6227
6228 RUN_LOCK_ASSERT(sc, MA_OWNED);
6229
6230 if (sc->sc_flags & RUN_RUNNING)
6231 run_set_leds(sc, 0); /* turn all LEDs off */
6232
6233 sc->sc_flags &= ~RUN_RUNNING;
6234
6235 sc->ratectl_run = RUN_RATECTL_OFF;
6236 sc->cmdq_run = sc->cmdq_key_set;
6237
6238 RUN_UNLOCK(sc);
6239
6240 for(i = 0; i < RUN_N_XFER; i++)
6241 usbd_transfer_drain(sc->sc_xfer[i]);
6242
6243 RUN_LOCK(sc);
6244
6245 run_drain_mbufq(sc);
6246
6247 if (sc->rx_m != NULL) {
6248 m_free(sc->rx_m);
6249 sc->rx_m = NULL;
6250 }
6251
6252 /* Disable Tx/Rx DMA. */
6253 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6254 return;
6255 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6256 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6257
6258 for (ntries = 0; ntries < 100; ntries++) {
6259 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6260 return;
6261 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6262 break;
6263 run_delay(sc, 10);
6264 }
6265 if (ntries == 100) {
6266 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6267 return;
6268 }
6269
6270 /* disable Tx/Rx */
6271 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6272 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6273 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6274
6275 /* wait for pending Tx to complete */
6276 for (ntries = 0; ntries < 100; ntries++) {
6277 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6278 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6279 "Cannot read Tx queue count\n");
6280 break;
6281 }
6282 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6283 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6284 "All Tx cleared\n");
6285 break;
6286 }
6287 run_delay(sc, 10);
6288 }
6289 if (ntries >= 100)
6290 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6291 "There are still pending Tx\n");
6292 run_delay(sc, 10);
6293 run_write(sc, RT2860_USB_DMA_CFG, 0);
6294
6295 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6296 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6297
6298 for (i = 0; i != RUN_EP_QUEUES; i++)
6299 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6300 }
6301
6302 static void
run_delay(struct run_softc * sc,u_int ms)6303 run_delay(struct run_softc *sc, u_int ms)
6304 {
6305 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6306 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6307 }
6308
6309 static device_method_t run_methods[] = {
6310 /* Device interface */
6311 DEVMETHOD(device_probe, run_match),
6312 DEVMETHOD(device_attach, run_attach),
6313 DEVMETHOD(device_detach, run_detach),
6314 DEVMETHOD_END
6315 };
6316
6317 static driver_t run_driver = {
6318 .name = "run",
6319 .methods = run_methods,
6320 .size = sizeof(struct run_softc)
6321 };
6322
6323 static devclass_t run_devclass;
6324
6325 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6326 MODULE_DEPEND(run, wlan, 1, 1, 1);
6327 MODULE_DEPEND(run, usb, 1, 1, 1);
6328 MODULE_DEPEND(run, firmware, 1, 1, 1);
6329 MODULE_VERSION(run, 1);
6330 USB_PNP_HOST_INFO(run_devs);
6331