2 * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
3 * Copyright (c) 2012 Bernhard Schmidt <bschmidt@FreeBSD.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * $OpenBSD: rt2860.c,v 1.65 2010/10/23 14:24:54 damien Exp $
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
24 * Ralink Technology RT2860/RT3090/RT3390/RT3562/RT5390/RT5392 chipset driver
25 * http://www.ralinktech.com/
28 #include <sys/param.h>
29 #include <sys/sysctl.h>
30 #include <sys/sockio.h>
32 #include <sys/kernel.h>
33 #include <sys/socket.h>
34 #include <sys/systm.h>
35 #include <sys/malloc.h>
37 #include <sys/mutex.h>
38 #include <sys/module.h>
40 #include <sys/endian.h>
41 #include <sys/firmware.h>
43 #include <machine/bus.h>
44 #include <machine/resource.h>
49 #include <net/if_var.h>
50 #include <net/if_arp.h>
51 #include <net/ethernet.h>
52 #include <net/if_dl.h>
53 #include <net/if_media.h>
54 #include <net/if_types.h>
56 #include <net80211/ieee80211_var.h>
57 #include <net80211/ieee80211_radiotap.h>
58 #include <net80211/ieee80211_regdomain.h>
59 #include <net80211/ieee80211_ratectl.h>
61 #include <netinet/in.h>
62 #include <netinet/in_systm.h>
63 #include <netinet/in_var.h>
64 #include <netinet/ip.h>
65 #include <netinet/if_ether.h>
67 #include <dev/ral/rt2860reg.h>
68 #include <dev/ral/rt2860var.h>
72 #define DPRINTF(x) do { if (sc->sc_debug > 0) printf x; } while (0)
73 #define DPRINTFN(n, x) do { if (sc->sc_debug >= (n)) printf x; } while (0)
76 #define DPRINTFN(n, x)
79 static struct ieee80211vap *rt2860_vap_create(struct ieee80211com *,
80 const char [IFNAMSIZ], int, enum ieee80211_opmode,
81 int, const uint8_t [IEEE80211_ADDR_LEN],
82 const uint8_t [IEEE80211_ADDR_LEN]);
83 static void rt2860_vap_delete(struct ieee80211vap *);
84 static void rt2860_dma_map_addr(void *, bus_dma_segment_t *, int, int);
85 static int rt2860_alloc_tx_ring(struct rt2860_softc *,
86 struct rt2860_tx_ring *);
87 static void rt2860_reset_tx_ring(struct rt2860_softc *,
88 struct rt2860_tx_ring *);
89 static void rt2860_free_tx_ring(struct rt2860_softc *,
90 struct rt2860_tx_ring *);
91 static int rt2860_alloc_tx_pool(struct rt2860_softc *);
92 static void rt2860_free_tx_pool(struct rt2860_softc *);
93 static int rt2860_alloc_rx_ring(struct rt2860_softc *,
94 struct rt2860_rx_ring *);
95 static void rt2860_reset_rx_ring(struct rt2860_softc *,
96 struct rt2860_rx_ring *);
97 static void rt2860_free_rx_ring(struct rt2860_softc *,
98 struct rt2860_rx_ring *);
99 static void rt2860_updatestats(struct rt2860_softc *);
100 static void rt2860_newassoc(struct ieee80211_node *, int);
101 static void rt2860_node_free(struct ieee80211_node *);
103 static int rt2860_ampdu_rx_start(struct ieee80211com *,
104 struct ieee80211_node *, uint8_t);
105 static void rt2860_ampdu_rx_stop(struct ieee80211com *,
106 struct ieee80211_node *, uint8_t);
108 static int rt2860_newstate(struct ieee80211vap *, enum ieee80211_state,
110 static uint16_t rt3090_efuse_read_2(struct rt2860_softc *, uint16_t);
111 static uint16_t rt2860_eeprom_read_2(struct rt2860_softc *, uint16_t);
112 static void rt2860_intr_coherent(struct rt2860_softc *);
113 static void rt2860_drain_stats_fifo(struct rt2860_softc *);
114 static void rt2860_tx_intr(struct rt2860_softc *, int);
115 static void rt2860_rx_intr(struct rt2860_softc *);
116 static void rt2860_tbtt_intr(struct rt2860_softc *);
117 static void rt2860_gp_intr(struct rt2860_softc *);
118 static int rt2860_tx(struct rt2860_softc *, struct mbuf *,
119 struct ieee80211_node *);
120 static int rt2860_raw_xmit(struct ieee80211_node *, struct mbuf *,
121 const struct ieee80211_bpf_params *);
122 static int rt2860_tx_raw(struct rt2860_softc *, struct mbuf *,
123 struct ieee80211_node *,
124 const struct ieee80211_bpf_params *params);
125 static void rt2860_start(struct ifnet *);
126 static void rt2860_start_locked(struct ifnet *);
127 static void rt2860_watchdog(void *);
128 static int rt2860_ioctl(struct ifnet *, u_long, caddr_t);
129 static void rt2860_mcu_bbp_write(struct rt2860_softc *, uint8_t, uint8_t);
130 static uint8_t rt2860_mcu_bbp_read(struct rt2860_softc *, uint8_t);
131 static void rt2860_rf_write(struct rt2860_softc *, uint8_t, uint32_t);
132 static uint8_t rt3090_rf_read(struct rt2860_softc *, uint8_t);
133 static void rt3090_rf_write(struct rt2860_softc *, uint8_t, uint8_t);
134 static int rt2860_mcu_cmd(struct rt2860_softc *, uint8_t, uint16_t, int);
135 static void rt2860_enable_mrr(struct rt2860_softc *);
136 static void rt2860_set_txpreamble(struct rt2860_softc *);
137 static void rt2860_set_basicrates(struct rt2860_softc *,
138 const struct ieee80211_rateset *);
139 static void rt2860_scan_start(struct ieee80211com *);
140 static void rt2860_scan_end(struct ieee80211com *);
141 static void rt2860_set_channel(struct ieee80211com *);
142 static void rt2860_select_chan_group(struct rt2860_softc *, int);
143 static void rt2860_set_chan(struct rt2860_softc *, u_int);
144 static void rt3090_set_chan(struct rt2860_softc *, u_int);
145 static void rt5390_set_chan(struct rt2860_softc *, u_int);
146 static int rt3090_rf_init(struct rt2860_softc *);
147 static void rt5390_rf_init(struct rt2860_softc *);
148 static void rt3090_rf_wakeup(struct rt2860_softc *);
149 static void rt5390_rf_wakeup(struct rt2860_softc *);
150 static int rt3090_filter_calib(struct rt2860_softc *, uint8_t, uint8_t,
152 static void rt3090_rf_setup(struct rt2860_softc *);
153 static void rt2860_set_leds(struct rt2860_softc *, uint16_t);
154 static void rt2860_set_gp_timer(struct rt2860_softc *, int);
155 static void rt2860_set_bssid(struct rt2860_softc *, const uint8_t *);
156 static void rt2860_set_macaddr(struct rt2860_softc *, const uint8_t *);
157 static void rt2860_update_promisc(struct ieee80211com *);
158 static void rt2860_updateslot(struct ieee80211com *);
159 static void rt2860_updateprot(struct ifnet *);
160 static int rt2860_updateedca(struct ieee80211com *);
162 static int rt2860_set_key(struct ieee80211com *, struct ieee80211_node *,
163 struct ieee80211_key *);
164 static void rt2860_delete_key(struct ieee80211com *,
165 struct ieee80211_node *, struct ieee80211_key *);
167 static int8_t rt2860_rssi2dbm(struct rt2860_softc *, uint8_t, uint8_t);
168 static const char *rt2860_get_rf(uint8_t);
169 static int rt2860_read_eeprom(struct rt2860_softc *,
170 uint8_t macaddr[IEEE80211_ADDR_LEN]);
171 static int rt2860_bbp_init(struct rt2860_softc *);
172 static void rt5390_bbp_init(struct rt2860_softc *);
173 static int rt2860_txrx_enable(struct rt2860_softc *);
174 static void rt2860_init(void *);
175 static void rt2860_init_locked(struct rt2860_softc *);
176 static void rt2860_stop(void *);
177 static void rt2860_stop_locked(struct rt2860_softc *);
178 static int rt2860_load_microcode(struct rt2860_softc *);
180 static void rt2860_calib(struct rt2860_softc *);
182 static void rt3090_set_rx_antenna(struct rt2860_softc *, int);
183 static void rt2860_switch_chan(struct rt2860_softc *,
184 struct ieee80211_channel *);
185 static int rt2860_setup_beacon(struct rt2860_softc *,
186 struct ieee80211vap *);
187 static void rt2860_enable_tsf_sync(struct rt2860_softc *);
189 static const struct {
192 } rt2860_def_mac[] = {
196 static const struct {
199 } rt2860_def_bbp[] = {
201 }, rt5390_def_bbp[] = {
205 static const struct rfprog {
207 uint32_t r1, r2, r3, r4;
208 } rt2860_rf2850[] = {
218 static const struct {
221 } rt3090_def_rf[] = {
223 }, rt5390_def_rf[] = {
225 }, rt5392_def_rf[] = {
230 rt2860_attach(device_t dev, int id)
232 struct rt2860_softc *sc = device_get_softc(dev);
233 struct ieee80211com *ic;
236 int error, ntries, qid;
238 uint8_t macaddr[IEEE80211_ADDR_LEN];
243 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
245 device_printf(sc->sc_dev, "can not if_alloc()\n");
250 mtx_init(&sc->sc_mtx, device_get_nameunit(dev), MTX_NETWORK_LOCK,
251 MTX_DEF | MTX_RECURSE);
253 callout_init_mtx(&sc->watchdog_ch, &sc->sc_mtx, 0);
255 /* wait for NIC to initialize */
256 for (ntries = 0; ntries < 100; ntries++) {
257 tmp = RAL_READ(sc, RT2860_ASIC_VER_ID);
258 if (tmp != 0 && tmp != 0xffffffff)
263 device_printf(sc->sc_dev,
264 "timeout waiting for NIC to initialize\n");
268 sc->mac_ver = tmp >> 16;
269 sc->mac_rev = tmp & 0xffff;
271 if (sc->mac_ver != 0x2860 &&
272 (id == 0x0681 || id == 0x0781 || id == 0x1059))
273 sc->sc_flags |= RT2860_ADVANCED_PS;
275 /* retrieve RF rev. no and various other things from EEPROM */
276 rt2860_read_eeprom(sc, macaddr);
277 device_printf(sc->sc_dev, "MAC/BBP RT%X (rev 0x%04X), "
278 "RF %s (MIMO %dT%dR), address %6D\n",
279 sc->mac_ver, sc->mac_rev, rt2860_get_rf(sc->rf_rev),
280 sc->ntxchains, sc->nrxchains, macaddr, ":");
283 * Allocate Tx (4 EDCAs + HCCA + Mgt) and Rx rings.
285 for (qid = 0; qid < 6; qid++) {
286 if ((error = rt2860_alloc_tx_ring(sc, &sc->txq[qid])) != 0) {
287 device_printf(sc->sc_dev,
288 "could not allocate Tx ring %d\n", qid);
293 if ((error = rt2860_alloc_rx_ring(sc, &sc->rxq)) != 0) {
294 device_printf(sc->sc_dev, "could not allocate Rx ring\n");
298 if ((error = rt2860_alloc_tx_pool(sc)) != 0) {
299 device_printf(sc->sc_dev, "could not allocate Tx pool\n");
303 /* mgmt ring is broken on RT2860C, use EDCA AC VO ring instead */
304 sc->mgtqid = (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) ?
308 if_initname(ifp, device_get_name(dev), device_get_unit(dev));
309 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
310 ifp->if_init = rt2860_init;
311 ifp->if_ioctl = rt2860_ioctl;
312 ifp->if_start = rt2860_start;
313 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
314 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
315 IFQ_SET_READY(&ifp->if_snd);
319 ic->ic_name = device_get_nameunit(dev);
320 ic->ic_opmode = IEEE80211_M_STA;
321 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
323 /* set device capabilities */
325 IEEE80211_C_STA /* station mode */
326 | IEEE80211_C_IBSS /* ibss, nee adhoc, mode */
327 | IEEE80211_C_HOSTAP /* hostap mode */
328 | IEEE80211_C_MONITOR /* monitor mode */
329 | IEEE80211_C_AHDEMO /* adhoc demo mode */
330 | IEEE80211_C_WDS /* 4-address traffic works */
331 | IEEE80211_C_MBSS /* mesh point link mode */
332 | IEEE80211_C_SHPREAMBLE /* short preamble supported */
333 | IEEE80211_C_SHSLOT /* short slot time supported */
334 | IEEE80211_C_WPA /* capable of WPA1+WPA2 */
336 | IEEE80211_C_BGSCAN /* capable of bg scanning */
338 | IEEE80211_C_WME /* 802.11e */
342 setbit(&bands, IEEE80211_MODE_11B);
343 setbit(&bands, IEEE80211_MODE_11G);
344 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850)
345 setbit(&bands, IEEE80211_MODE_11A);
346 ieee80211_init_channels(ic, NULL, &bands);
348 ieee80211_ifattach(ic, macaddr);
350 ic->ic_wme.wme_update = rt2860_updateedca;
351 ic->ic_scan_start = rt2860_scan_start;
352 ic->ic_scan_end = rt2860_scan_end;
353 ic->ic_set_channel = rt2860_set_channel;
354 ic->ic_updateslot = rt2860_updateslot;
355 ic->ic_update_promisc = rt2860_update_promisc;
356 ic->ic_raw_xmit = rt2860_raw_xmit;
357 sc->sc_node_free = ic->ic_node_free;
358 ic->ic_node_free = rt2860_node_free;
359 ic->ic_newassoc = rt2860_newassoc;
361 ic->ic_vap_create = rt2860_vap_create;
362 ic->ic_vap_delete = rt2860_vap_delete;
364 ieee80211_radiotap_attach(ic,
365 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
366 RT2860_TX_RADIOTAP_PRESENT,
367 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
368 RT2860_RX_RADIOTAP_PRESENT);
371 SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),
372 SYSCTL_CHILDREN(device_get_sysctl_tree(dev)), OID_AUTO,
373 "debug", CTLFLAG_RW, &sc->sc_debug, 0, "debug msgs");
376 ieee80211_announce(ic);
380 fail3: rt2860_free_rx_ring(sc, &sc->rxq);
381 fail2: while (--qid >= 0)
382 rt2860_free_tx_ring(sc, &sc->txq[qid]);
383 fail1: mtx_destroy(&sc->sc_mtx);
389 rt2860_detach(void *xsc)
391 struct rt2860_softc *sc = xsc;
392 struct ifnet *ifp = sc->sc_ifp;
393 struct ieee80211com *ic = ifp->if_l2com;
397 rt2860_stop_locked(sc);
400 ieee80211_ifdetach(ic);
402 for (qid = 0; qid < 6; qid++)
403 rt2860_free_tx_ring(sc, &sc->txq[qid]);
404 rt2860_free_rx_ring(sc, &sc->rxq);
405 rt2860_free_tx_pool(sc);
409 mtx_destroy(&sc->sc_mtx);
415 rt2860_shutdown(void *xsc)
417 struct rt2860_softc *sc = xsc;
423 rt2860_suspend(void *xsc)
425 struct rt2860_softc *sc = xsc;
431 rt2860_resume(void *xsc)
433 struct rt2860_softc *sc = xsc;
434 struct ifnet *ifp = sc->sc_ifp;
436 if (ifp->if_flags & IFF_UP)
440 static struct ieee80211vap *
441 rt2860_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
442 enum ieee80211_opmode opmode, int flags,
443 const uint8_t bssid[IEEE80211_ADDR_LEN],
444 const uint8_t mac[IEEE80211_ADDR_LEN])
446 struct ifnet *ifp = ic->ic_ifp;
447 struct rt2860_vap *rvp;
448 struct ieee80211vap *vap;
451 case IEEE80211_M_STA:
452 case IEEE80211_M_IBSS:
453 case IEEE80211_M_AHDEMO:
454 case IEEE80211_M_MONITOR:
455 case IEEE80211_M_HOSTAP:
456 case IEEE80211_M_MBSS:
458 if (!TAILQ_EMPTY(&ic->ic_vaps)) {
459 if_printf(ifp, "only 1 vap supported\n");
462 if (opmode == IEEE80211_M_STA)
463 flags |= IEEE80211_CLONE_NOBEACONS;
465 case IEEE80211_M_WDS:
466 if (TAILQ_EMPTY(&ic->ic_vaps) ||
467 ic->ic_opmode != IEEE80211_M_HOSTAP) {
468 if_printf(ifp, "wds only supported in ap mode\n");
472 * Silently remove any request for a unique
473 * bssid; WDS vap's always share the local
476 flags &= ~IEEE80211_CLONE_BSSID;
479 if_printf(ifp, "unknown opmode %d\n", opmode);
482 rvp = malloc(sizeof(struct rt2860_vap), M_80211_VAP, M_NOWAIT | M_ZERO);
486 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac);
488 /* override state transition machine */
489 rvp->ral_newstate = vap->iv_newstate;
490 vap->iv_newstate = rt2860_newstate;
492 vap->iv_update_beacon = rt2860_beacon_update;
495 /* HW supports up to 255 STAs (0-254) in HostAP and IBSS modes */
496 vap->iv_max_aid = min(IEEE80211_AID_MAX, RT2860_WCID_MAX);
498 ieee80211_ratectl_init(vap);
500 ieee80211_vap_attach(vap, ieee80211_media_change, ieee80211_media_status);
501 if (TAILQ_FIRST(&ic->ic_vaps) == vap)
502 ic->ic_opmode = opmode;
507 rt2860_vap_delete(struct ieee80211vap *vap)
509 struct rt2860_vap *rvp = RT2860_VAP(vap);
511 ieee80211_ratectl_deinit(vap);
512 ieee80211_vap_detach(vap);
513 free(rvp, M_80211_VAP);
517 rt2860_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error)
522 KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg));
524 *(bus_addr_t *)arg = segs[0].ds_addr;
529 rt2860_alloc_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
533 size = RT2860_TX_RING_COUNT * sizeof (struct rt2860_txd);
535 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0,
536 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
537 size, 1, size, 0, NULL, NULL, &ring->desc_dmat);
539 device_printf(sc->sc_dev, "could not create desc DMA map\n");
543 error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->txd,
544 BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map);
546 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
550 error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->txd,
551 size, rt2860_dma_map_addr, &ring->paddr, 0);
553 device_printf(sc->sc_dev, "could not load desc DMA map\n");
557 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
561 fail: rt2860_free_tx_ring(sc, ring);
566 rt2860_reset_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
568 struct rt2860_tx_data *data;
571 for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
572 if ((data = ring->data[i]) == NULL)
573 continue; /* nothing mapped in this slot */
575 if (data->m != NULL) {
576 bus_dmamap_sync(sc->txwi_dmat, data->map,
577 BUS_DMASYNC_POSTWRITE);
578 bus_dmamap_unload(sc->txwi_dmat, data->map);
582 if (data->ni != NULL) {
583 ieee80211_free_node(data->ni);
587 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
588 ring->data[i] = NULL;
592 ring->cur = ring->next = 0;
596 rt2860_free_tx_ring(struct rt2860_softc *sc, struct rt2860_tx_ring *ring)
598 struct rt2860_tx_data *data;
601 if (ring->txd != NULL) {
602 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
603 BUS_DMASYNC_POSTWRITE);
604 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
605 bus_dmamem_free(ring->desc_dmat, ring->txd, ring->desc_map);
607 if (ring->desc_dmat != NULL)
608 bus_dma_tag_destroy(ring->desc_dmat);
610 for (i = 0; i < RT2860_TX_RING_COUNT; i++) {
611 if ((data = ring->data[i]) == NULL)
612 continue; /* nothing mapped in this slot */
614 if (data->m != NULL) {
615 bus_dmamap_sync(sc->txwi_dmat, data->map,
616 BUS_DMASYNC_POSTWRITE);
617 bus_dmamap_unload(sc->txwi_dmat, data->map);
620 if (data->ni != NULL)
621 ieee80211_free_node(data->ni);
623 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
628 * Allocate a pool of TX Wireless Information blocks.
631 rt2860_alloc_tx_pool(struct rt2860_softc *sc)
637 size = RT2860_TX_POOL_COUNT * RT2860_TXWI_DMASZ;
639 /* init data_pool early in case of failure.. */
640 SLIST_INIT(&sc->data_pool);
642 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
643 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
644 size, 1, size, 0, NULL, NULL, &sc->txwi_dmat);
646 device_printf(sc->sc_dev, "could not create txwi DMA tag\n");
650 error = bus_dmamem_alloc(sc->txwi_dmat, (void **)&sc->txwi_vaddr,
651 BUS_DMA_NOWAIT | BUS_DMA_ZERO, &sc->txwi_map);
653 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
657 error = bus_dmamap_load(sc->txwi_dmat, sc->txwi_map,
658 sc->txwi_vaddr, size, rt2860_dma_map_addr, &paddr, 0);
660 device_printf(sc->sc_dev, "could not load txwi DMA map\n");
664 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
666 vaddr = sc->txwi_vaddr;
667 for (i = 0; i < RT2860_TX_POOL_COUNT; i++) {
668 struct rt2860_tx_data *data = &sc->data[i];
670 error = bus_dmamap_create(sc->txwi_dmat, 0, &data->map);
672 device_printf(sc->sc_dev, "could not create DMA map\n");
675 data->txwi = (struct rt2860_txwi *)vaddr;
677 vaddr += RT2860_TXWI_DMASZ;
678 paddr += RT2860_TXWI_DMASZ;
680 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
685 fail: rt2860_free_tx_pool(sc);
690 rt2860_free_tx_pool(struct rt2860_softc *sc)
692 if (sc->txwi_vaddr != NULL) {
693 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map,
694 BUS_DMASYNC_POSTWRITE);
695 bus_dmamap_unload(sc->txwi_dmat, sc->txwi_map);
696 bus_dmamem_free(sc->txwi_dmat, sc->txwi_vaddr, sc->txwi_map);
698 if (sc->txwi_dmat != NULL)
699 bus_dma_tag_destroy(sc->txwi_dmat);
701 while (!SLIST_EMPTY(&sc->data_pool)) {
702 struct rt2860_tx_data *data;
703 data = SLIST_FIRST(&sc->data_pool);
704 bus_dmamap_destroy(sc->txwi_dmat, data->map);
705 SLIST_REMOVE_HEAD(&sc->data_pool, next);
710 rt2860_alloc_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
715 size = RT2860_RX_RING_COUNT * sizeof (struct rt2860_rxd);
717 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 16, 0,
718 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
719 size, 1, size, 0, NULL, NULL, &ring->desc_dmat);
721 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
725 error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->rxd,
726 BUS_DMA_NOWAIT | BUS_DMA_ZERO, &ring->desc_map);
728 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
732 error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->rxd,
733 size, rt2860_dma_map_addr, &ring->paddr, 0);
735 device_printf(sc->sc_dev, "could not load desc DMA map\n");
739 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
740 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES,
741 1, MCLBYTES, 0, NULL, NULL, &ring->data_dmat);
743 device_printf(sc->sc_dev, "could not create data DMA tag\n");
747 for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
748 struct rt2860_rx_data *data = &ring->data[i];
749 struct rt2860_rxd *rxd = &ring->rxd[i];
751 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
753 device_printf(sc->sc_dev, "could not create DMA map\n");
757 data->m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
758 if (data->m == NULL) {
759 device_printf(sc->sc_dev,
760 "could not allocate rx mbuf\n");
765 error = bus_dmamap_load(ring->data_dmat, data->map,
766 mtod(data->m, void *), MCLBYTES, rt2860_dma_map_addr,
769 device_printf(sc->sc_dev,
770 "could not load rx buf DMA map");
774 rxd->sdp0 = htole32(physaddr);
775 rxd->sdl0 = htole16(MCLBYTES);
778 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
782 fail: rt2860_free_rx_ring(sc, ring);
787 rt2860_reset_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
791 for (i = 0; i < RT2860_RX_RING_COUNT; i++)
792 ring->rxd[i].sdl0 &= ~htole16(RT2860_RX_DDONE);
794 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
800 rt2860_free_rx_ring(struct rt2860_softc *sc, struct rt2860_rx_ring *ring)
804 if (ring->rxd != NULL) {
805 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
806 BUS_DMASYNC_POSTWRITE);
807 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
808 bus_dmamem_free(ring->desc_dmat, ring->rxd, ring->desc_map);
810 if (ring->desc_dmat != NULL)
811 bus_dma_tag_destroy(ring->desc_dmat);
813 for (i = 0; i < RT2860_RX_RING_COUNT; i++) {
814 struct rt2860_rx_data *data = &ring->data[i];
816 if (data->m != NULL) {
817 bus_dmamap_sync(ring->data_dmat, data->map,
818 BUS_DMASYNC_POSTREAD);
819 bus_dmamap_unload(ring->data_dmat, data->map);
822 if (data->map != NULL)
823 bus_dmamap_destroy(ring->data_dmat, data->map);
825 if (ring->data_dmat != NULL)
826 bus_dma_tag_destroy(ring->data_dmat);
830 rt2860_updatestats(struct rt2860_softc *sc)
832 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
835 * In IBSS or HostAP modes (when the hardware sends beacons), the
836 * MAC can run into a livelock and start sending CTS-to-self frames
837 * like crazy if protection is enabled. Fortunately, we can detect
838 * when such a situation occurs and reset the MAC.
840 if (ic->ic_curmode != IEEE80211_M_STA) {
841 /* check if we're in a livelock situation.. */
842 uint32_t tmp = RAL_READ(sc, RT2860_DEBUG);
843 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
844 /* ..and reset MAC/BBP for a while.. */
845 DPRINTF(("CTS-to-self livelock detected\n"));
846 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
847 RAL_BARRIER_WRITE(sc);
849 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL,
850 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
856 rt2860_newassoc(struct ieee80211_node *ni, int isnew)
858 struct ieee80211com *ic = ni->ni_ic;
859 struct rt2860_softc *sc = ic->ic_ifp->if_softc;
862 wcid = IEEE80211_AID(ni->ni_associd);
863 if (isnew && ni->ni_associd != 0) {
864 sc->wcid2ni[wcid] = ni;
866 /* init WCID table entry */
867 RAL_WRITE_REGION_1(sc, RT2860_WCID_ENTRY(wcid),
868 ni->ni_macaddr, IEEE80211_ADDR_LEN);
870 DPRINTF(("new assoc isnew=%d addr=%s WCID=%d\n",
871 isnew, ether_sprintf(ni->ni_macaddr), wcid));
875 rt2860_node_free(struct ieee80211_node *ni)
877 struct ieee80211com *ic = ni->ni_ic;
878 struct rt2860_softc *sc = ic->ic_ifp->if_softc;
881 if (ni->ni_associd != 0) {
882 wcid = IEEE80211_AID(ni->ni_associd);
884 /* clear Rx WCID search table entry */
885 RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(wcid), 0, 2);
887 sc->sc_node_free(ni);
892 rt2860_ampdu_rx_start(struct ieee80211com *ic, struct ieee80211_node *ni,
895 struct rt2860_softc *sc = ic->ic_softc;
896 uint8_t wcid = ((struct rt2860_node *)ni)->wcid;
899 /* update BA session mask */
900 tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4);
901 tmp |= (1 << tid) << 16;
902 RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp);
907 rt2860_ampdu_rx_stop(struct ieee80211com *ic, struct ieee80211_node *ni,
910 struct rt2860_softc *sc = ic->ic_softc;
911 uint8_t wcid = ((struct rt2860_node *)ni)->wcid;
914 /* update BA session mask */
915 tmp = RAL_READ(sc, RT2860_WCID_ENTRY(wcid) + 4);
916 tmp &= ~((1 << tid) << 16);
917 RAL_WRITE(sc, RT2860_WCID_ENTRY(wcid) + 4, tmp);
922 rt2860_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
924 struct rt2860_vap *rvp = RT2860_VAP(vap);
925 struct ieee80211com *ic = vap->iv_ic;
926 struct rt2860_softc *sc = ic->ic_ifp->if_softc;
930 if (vap->iv_state == IEEE80211_S_RUN) {
931 /* turn link LED off */
932 rt2860_set_leds(sc, RT2860_LED_RADIO);
935 if (nstate == IEEE80211_S_INIT && vap->iv_state == IEEE80211_S_RUN) {
936 /* abort TSF synchronization */
937 tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
938 RAL_WRITE(sc, RT2860_BCN_TIME_CFG,
939 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
940 RT2860_TBTT_TIMER_EN));
943 rt2860_set_gp_timer(sc, 0);
945 error = rvp->ral_newstate(vap, nstate, arg);
949 if (nstate == IEEE80211_S_RUN) {
950 struct ieee80211_node *ni = vap->iv_bss;
952 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
953 rt2860_enable_mrr(sc);
954 rt2860_set_txpreamble(sc);
955 rt2860_set_basicrates(sc, &ni->ni_rates);
956 rt2860_set_bssid(sc, ni->ni_bssid);
959 if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
960 vap->iv_opmode == IEEE80211_M_IBSS ||
961 vap->iv_opmode == IEEE80211_M_MBSS) {
962 error = rt2860_setup_beacon(sc, vap);
967 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
968 rt2860_enable_tsf_sync(sc);
969 rt2860_set_gp_timer(sc, 500);
972 /* turn link LED on */
973 rt2860_set_leds(sc, RT2860_LED_RADIO |
974 (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan) ?
975 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
980 /* Read 16-bit from eFUSE ROM (>=RT3071 only.) */
982 rt3090_efuse_read_2(struct rt2860_softc *sc, uint16_t addr)
990 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
996 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
997 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
998 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
999 RAL_WRITE(sc, RT3070_EFUSE_CTRL, tmp);
1000 for (ntries = 0; ntries < 500; ntries++) {
1001 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
1002 if (!(tmp & RT3070_EFSROM_KICK))
1009 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK)
1010 return 0xffff; /* address not found */
1012 /* determine to which 32-bit register our 16-bit word belongs */
1013 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1014 tmp = RAL_READ(sc, reg);
1016 return (addr & 2) ? tmp >> 16 : tmp & 0xffff;
1020 * Read 16 bits at address 'addr' from the serial EEPROM (either 93C46,
1024 rt2860_eeprom_read_2(struct rt2860_softc *sc, uint16_t addr)
1030 /* clock C once before the first command */
1031 RT2860_EEPROM_CTL(sc, 0);
1033 RT2860_EEPROM_CTL(sc, RT2860_S);
1034 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
1035 RT2860_EEPROM_CTL(sc, RT2860_S);
1037 /* write start bit (1) */
1038 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
1039 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
1041 /* write READ opcode (10) */
1042 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D);
1043 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_D | RT2860_C);
1044 RT2860_EEPROM_CTL(sc, RT2860_S);
1045 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
1047 /* write address (A5-A0 or A7-A0) */
1048 n = ((RAL_READ(sc, RT2860_PCI_EECTRL) & 0x30) == 0) ? 5 : 7;
1049 for (; n >= 0; n--) {
1050 RT2860_EEPROM_CTL(sc, RT2860_S |
1051 (((addr >> n) & 1) << RT2860_SHIFT_D));
1052 RT2860_EEPROM_CTL(sc, RT2860_S |
1053 (((addr >> n) & 1) << RT2860_SHIFT_D) | RT2860_C);
1056 RT2860_EEPROM_CTL(sc, RT2860_S);
1058 /* read data Q15-Q0 */
1060 for (n = 15; n >= 0; n--) {
1061 RT2860_EEPROM_CTL(sc, RT2860_S | RT2860_C);
1062 tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
1063 val |= ((tmp & RT2860_Q) >> RT2860_SHIFT_Q) << n;
1064 RT2860_EEPROM_CTL(sc, RT2860_S);
1067 RT2860_EEPROM_CTL(sc, 0);
1069 /* clear Chip Select and clock C */
1070 RT2860_EEPROM_CTL(sc, RT2860_S);
1071 RT2860_EEPROM_CTL(sc, 0);
1072 RT2860_EEPROM_CTL(sc, RT2860_C);
1077 static __inline uint16_t
1078 rt2860_srom_read(struct rt2860_softc *sc, uint8_t addr)
1080 /* either eFUSE ROM or EEPROM */
1081 return sc->sc_srom_read(sc, addr);
1085 rt2860_intr_coherent(struct rt2860_softc *sc)
1089 /* DMA finds data coherent event when checking the DDONE bit */
1091 DPRINTF(("Tx/Rx Coherent interrupt\n"));
1093 /* restart DMA engine */
1094 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
1095 tmp &= ~(RT2860_TX_WB_DDONE | RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
1096 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
1098 (void)rt2860_txrx_enable(sc);
1102 rt2860_drain_stats_fifo(struct rt2860_softc *sc)
1104 struct ifnet *ifp = sc->sc_ifp;
1105 struct ieee80211_node *ni;
1108 uint8_t wcid, mcs, pid;
1110 /* drain Tx status FIFO (maxsize = 16) */
1111 while ((stat = RAL_READ(sc, RT2860_TX_STAT_FIFO)) & RT2860_TXQ_VLD) {
1112 DPRINTFN(4, ("tx stat 0x%08x\n", stat));
1114 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
1115 ni = sc->wcid2ni[wcid];
1117 /* if no ACK was requested, no feedback is available */
1118 if (!(stat & RT2860_TXQ_ACKREQ) || wcid == 0xff || ni == NULL)
1121 /* update per-STA AMRR stats */
1122 if (stat & RT2860_TXQ_OK) {
1124 * Check if there were retries, ie if the Tx success
1125 * rate is different from the requested rate. Note
1126 * that it works only because we do not allow rate
1127 * fallback from OFDM to CCK.
1129 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
1130 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
1135 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
1136 IEEE80211_RATECTL_TX_SUCCESS, &retrycnt, NULL);
1138 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
1139 IEEE80211_RATECTL_TX_FAILURE, &retrycnt, NULL);
1140 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1146 rt2860_tx_intr(struct rt2860_softc *sc, int qid)
1148 struct ifnet *ifp = sc->sc_ifp;
1149 struct rt2860_tx_ring *ring = &sc->txq[qid];
1152 rt2860_drain_stats_fifo(sc);
1154 hw = RAL_READ(sc, RT2860_TX_DTX_IDX(qid));
1155 while (ring->next != hw) {
1156 struct rt2860_tx_data *data = ring->data[ring->next];
1159 bus_dmamap_sync(sc->txwi_dmat, data->map,
1160 BUS_DMASYNC_POSTWRITE);
1161 bus_dmamap_unload(sc->txwi_dmat, data->map);
1162 if (data->m->m_flags & M_TXCB) {
1163 ieee80211_process_callback(data->ni, data->m,
1167 ieee80211_free_node(data->ni);
1171 SLIST_INSERT_HEAD(&sc->data_pool, data, next);
1172 ring->data[ring->next] = NULL;
1174 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
1177 ring->next = (ring->next + 1) % RT2860_TX_RING_COUNT;
1180 sc->sc_tx_timer = 0;
1181 if (ring->queued < RT2860_TX_RING_COUNT)
1182 sc->qfullmsk &= ~(1 << qid);
1183 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
1184 rt2860_start_locked(ifp);
1188 * Return the Rx chain with the highest RSSI for a given frame.
1190 static __inline uint8_t
1191 rt2860_maxrssi_chain(struct rt2860_softc *sc, const struct rt2860_rxwi *rxwi)
1193 uint8_t rxchain = 0;
1195 if (sc->nrxchains > 1) {
1196 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
1198 if (sc->nrxchains > 2)
1199 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
1206 rt2860_rx_intr(struct rt2860_softc *sc)
1208 struct rt2860_rx_radiotap_header *tap;
1209 struct ifnet *ifp = sc->sc_ifp;
1210 struct ieee80211com *ic = ifp->if_l2com;
1211 struct ieee80211_frame *wh;
1212 struct ieee80211_node *ni;
1213 struct mbuf *m, *m1;
1214 bus_addr_t physaddr;
1221 hw = RAL_READ(sc, RT2860_FS_DRX_IDX) & 0xfff;
1222 while (sc->rxq.cur != hw) {
1223 struct rt2860_rx_data *data = &sc->rxq.data[sc->rxq.cur];
1224 struct rt2860_rxd *rxd = &sc->rxq.rxd[sc->rxq.cur];
1225 struct rt2860_rxwi *rxwi;
1227 bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map,
1228 BUS_DMASYNC_POSTREAD);
1230 if (__predict_false(!(rxd->sdl0 & htole16(RT2860_RX_DDONE)))) {
1231 DPRINTF(("RXD DDONE bit not set!\n"));
1232 break; /* should not happen */
1235 if (__predict_false(rxd->flags &
1236 htole32(RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
1237 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
1242 if (__predict_false(rxd->flags & htole32(RT2860_RX_MICERR))) {
1243 /* report MIC failures to net80211 for TKIP */
1244 ic->ic_stats.is_rx_locmicfail++;
1245 ieee80211_michael_mic_failure(ic, 0/* XXX */);
1246 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
1251 m1 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1252 if (__predict_false(m1 == NULL)) {
1253 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
1257 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
1258 BUS_DMASYNC_POSTREAD);
1259 bus_dmamap_unload(sc->rxq.data_dmat, data->map);
1261 error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1262 mtod(m1, void *), MCLBYTES, rt2860_dma_map_addr,
1264 if (__predict_false(error != 0)) {
1267 /* try to reload the old mbuf */
1268 error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1269 mtod(data->m, void *), MCLBYTES,
1270 rt2860_dma_map_addr, &physaddr, 0);
1271 if (__predict_false(error != 0)) {
1272 panic("%s: could not load old rx mbuf",
1273 device_get_name(sc->sc_dev));
1275 /* physical address may have changed */
1276 rxd->sdp0 = htole32(physaddr);
1277 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
1282 * New mbuf successfully loaded, update Rx ring and continue
1287 rxd->sdp0 = htole32(physaddr);
1289 rxwi = mtod(m, struct rt2860_rxwi *);
1292 m->m_pkthdr.rcvif = ifp;
1293 m->m_data = (caddr_t)(rxwi + 1);
1294 m->m_pkthdr.len = m->m_len = le16toh(rxwi->len) & 0xfff;
1296 wh = mtod(m, struct ieee80211_frame *);
1298 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
1299 /* frame is decrypted by hardware */
1300 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
1304 /* HW may insert 2 padding bytes after 802.11 header */
1305 if (rxd->flags & htole32(RT2860_RX_L2PAD)) {
1306 u_int hdrlen = ieee80211_hdrsize(wh);
1307 ovbcopy(wh, (caddr_t)wh + 2, hdrlen);
1309 wh = mtod(m, struct ieee80211_frame *);
1312 ant = rt2860_maxrssi_chain(sc, rxwi);
1313 rssi = rt2860_rssi2dbm(sc, rxwi->rssi[ant], ant);
1314 nf = RT2860_NOISE_FLOOR;
1316 if (ieee80211_radiotap_active(ic)) {
1317 tap = &sc->sc_rxtap;
1319 tap->wr_antenna = ant;
1320 tap->wr_antsignal = nf + rssi;
1321 tap->wr_antnoise = nf;
1322 /* in case it can't be found below */
1324 phy = le16toh(rxwi->phy);
1325 switch (phy & RT2860_PHY_MODE) {
1326 case RT2860_PHY_CCK:
1327 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
1328 case 0: tap->wr_rate = 2; break;
1329 case 1: tap->wr_rate = 4; break;
1330 case 2: tap->wr_rate = 11; break;
1331 case 3: tap->wr_rate = 22; break;
1333 if (phy & RT2860_PHY_SHPRE)
1334 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
1336 case RT2860_PHY_OFDM:
1337 switch (phy & RT2860_PHY_MCS) {
1338 case 0: tap->wr_rate = 12; break;
1339 case 1: tap->wr_rate = 18; break;
1340 case 2: tap->wr_rate = 24; break;
1341 case 3: tap->wr_rate = 36; break;
1342 case 4: tap->wr_rate = 48; break;
1343 case 5: tap->wr_rate = 72; break;
1344 case 6: tap->wr_rate = 96; break;
1345 case 7: tap->wr_rate = 108; break;
1352 wh = mtod(m, struct ieee80211_frame *);
1354 /* send the frame to the 802.11 layer */
1355 ni = ieee80211_find_rxnode(ic,
1356 (struct ieee80211_frame_min *)wh);
1358 (void)ieee80211_input(ni, m, rssi - nf, nf);
1359 ieee80211_free_node(ni);
1361 (void)ieee80211_input_all(ic, m, rssi - nf, nf);
1365 skip: rxd->sdl0 &= ~htole16(RT2860_RX_DDONE);
1367 bus_dmamap_sync(sc->rxq.desc_dmat, sc->rxq.desc_map,
1368 BUS_DMASYNC_PREWRITE);
1370 sc->rxq.cur = (sc->rxq.cur + 1) % RT2860_RX_RING_COUNT;
1373 /* tell HW what we have processed */
1374 RAL_WRITE(sc, RT2860_RX_CALC_IDX,
1375 (sc->rxq.cur - 1) % RT2860_RX_RING_COUNT);
1379 rt2860_tbtt_intr(struct rt2860_softc *sc)
1382 struct ieee80211com *ic = &sc->sc_ic;
1384 #ifndef IEEE80211_STA_ONLY
1385 if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
1386 /* one less beacon until next DTIM */
1387 if (ic->ic_dtim_count == 0)
1388 ic->ic_dtim_count = ic->ic_dtim_period - 1;
1390 ic->ic_dtim_count--;
1392 /* update dynamic parts of beacon */
1393 rt2860_setup_beacon(sc);
1395 /* flush buffered multicast frames */
1396 if (ic->ic_dtim_count == 0)
1397 ieee80211_notify_dtim(ic);
1400 /* check if protection mode has changed */
1401 if ((sc->sc_ic_flags ^ ic->ic_flags) & IEEE80211_F_USEPROT) {
1402 rt2860_updateprot(ic);
1403 sc->sc_ic_flags = ic->ic_flags;
1409 rt2860_gp_intr(struct rt2860_softc *sc)
1411 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
1412 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
1414 DPRINTFN(2, ("GP timeout state=%d\n", vap->iv_state));
1416 if (vap->iv_state == IEEE80211_S_RUN)
1417 rt2860_updatestats(sc);
1421 rt2860_intr(void *arg)
1423 struct rt2860_softc *sc = arg;
1428 r = RAL_READ(sc, RT2860_INT_STATUS);
1429 if (__predict_false(r == 0xffffffff)) {
1431 return; /* device likely went away */
1435 return; /* not for us */
1438 /* acknowledge interrupts */
1439 RAL_WRITE(sc, RT2860_INT_STATUS, r);
1441 if (r & RT2860_TX_RX_COHERENT)
1442 rt2860_intr_coherent(sc);
1444 if (r & RT2860_MAC_INT_2) /* TX status */
1445 rt2860_drain_stats_fifo(sc);
1447 if (r & RT2860_TX_DONE_INT5)
1448 rt2860_tx_intr(sc, 5);
1450 if (r & RT2860_RX_DONE_INT)
1453 if (r & RT2860_TX_DONE_INT4)
1454 rt2860_tx_intr(sc, 4);
1456 if (r & RT2860_TX_DONE_INT3)
1457 rt2860_tx_intr(sc, 3);
1459 if (r & RT2860_TX_DONE_INT2)
1460 rt2860_tx_intr(sc, 2);
1462 if (r & RT2860_TX_DONE_INT1)
1463 rt2860_tx_intr(sc, 1);
1465 if (r & RT2860_TX_DONE_INT0)
1466 rt2860_tx_intr(sc, 0);
1468 if (r & RT2860_MAC_INT_0) /* TBTT */
1469 rt2860_tbtt_intr(sc);
1471 if (r & RT2860_MAC_INT_3) /* Auto wakeup */
1474 if (r & RT2860_MAC_INT_4) /* GP timer */
1481 rt2860_tx(struct rt2860_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
1483 struct ifnet *ifp = sc->sc_ifp;
1484 struct ieee80211com *ic = ifp->if_l2com;
1485 struct ieee80211vap *vap = ni->ni_vap;
1486 struct rt2860_tx_ring *ring;
1487 struct rt2860_tx_data *data;
1488 struct rt2860_txd *txd;
1489 struct rt2860_txwi *txwi;
1490 struct ieee80211_frame *wh;
1491 const struct ieee80211_txparam *tp;
1492 struct ieee80211_key *k;
1494 bus_dma_segment_t segs[RT2860_MAX_SCATTER];
1495 bus_dma_segment_t *seg;
1498 uint8_t type, qsel, mcs, pid, tid, qid;
1499 int i, nsegs, ntxds, pad, rate, ridx, error;
1501 /* the data pool contains at least one element, pick the first */
1502 data = SLIST_FIRST(&sc->data_pool);
1504 wh = mtod(m, struct ieee80211_frame *);
1506 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
1507 k = ieee80211_crypto_encap(ni, m);
1513 /* packet header may have moved, reset our local pointer */
1514 wh = mtod(m, struct ieee80211_frame *);
1517 hdrlen = ieee80211_anyhdrsize(wh);
1518 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1520 tp = &vap->iv_txparms[ieee80211_chan2mode(ni->ni_chan)];
1521 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1522 rate = tp->mcastrate;
1523 } else if (m->m_flags & M_EAPOL) {
1524 rate = tp->mgmtrate;
1525 } else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
1526 rate = tp->ucastrate;
1528 (void) ieee80211_ratectl_rate(ni, NULL, 0);
1529 rate = ni->ni_txrate;
1531 rate &= IEEE80211_RATE_VAL;
1533 qid = M_WME_GETAC(m);
1534 if (IEEE80211_QOS_HAS_SEQ(wh)) {
1535 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0];
1536 tid = qos & IEEE80211_QOS_TID;
1541 ring = &sc->txq[qid];
1542 ridx = ieee80211_legacy_rate_lookup(ic->ic_rt, rate);
1544 /* get MCS code from rate index */
1545 mcs = rt2860_rates[ridx].mcs;
1547 /* setup TX Wireless Information */
1550 /* let HW generate seq numbers for non-QoS frames */
1551 txwi->xflags = qos ? 0 : RT2860_TX_NSEQ;
1552 if (type == IEEE80211_FC0_TYPE_DATA)
1553 txwi->wcid = IEEE80211_AID(ni->ni_associd);
1556 txwi->len = htole16(m->m_pkthdr.len);
1557 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
1558 txwi->phy = htole16(RT2860_PHY_CCK);
1559 if (ridx != RT2860_RIDX_CCK1 &&
1560 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
1561 mcs |= RT2860_PHY_SHPRE;
1563 txwi->phy = htole16(RT2860_PHY_OFDM);
1564 txwi->phy |= htole16(mcs);
1567 * We store the MCS code into the driver-private PacketID field.
1568 * The PacketID is latched into TX_STAT_FIFO when Tx completes so
1569 * that we know at which initial rate the frame was transmitted.
1570 * We add 1 to the MCS code because setting the PacketID field to
1571 * 0 means that we don't want feedback in TX_STAT_FIFO.
1573 pid = (mcs + 1) & 0xf;
1574 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
1576 /* check if RTS/CTS or CTS-to-self protection is required */
1577 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1578 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
1579 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
1580 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
1581 txwi->txop = RT2860_TX_TXOP_HT;
1583 txwi->txop = RT2860_TX_TXOP_BACKOFF;
1585 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1586 (!qos || (qos & IEEE80211_QOS_ACKPOLICY) !=
1587 IEEE80211_QOS_ACKPOLICY_NOACK)) {
1588 txwi->xflags |= RT2860_TX_ACK;
1590 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1591 dur = rt2860_rates[ridx].sp_ack_dur;
1593 dur = rt2860_rates[ridx].lp_ack_dur;
1594 *(uint16_t *)wh->i_dur = htole16(dur);
1596 /* ask MAC to insert timestamp into probe responses */
1598 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
1599 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
1600 /* NOTE: beacons do not pass through tx_data() */
1601 txwi->flags |= RT2860_TX_TS;
1603 if (ieee80211_radiotap_active_vap(vap)) {
1604 struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap;
1607 tap->wt_rate = rate;
1608 if (mcs & RT2860_PHY_SHPRE)
1609 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
1611 ieee80211_radiotap_tx(vap, m);
1614 pad = (hdrlen + 3) & ~3;
1616 /* copy and trim 802.11 header */
1617 memcpy(txwi + 1, wh, hdrlen);
1620 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs,
1622 if (__predict_false(error != 0 && error != EFBIG)) {
1623 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
1628 if (__predict_true(error == 0)) {
1629 /* determine how many TXDs are required */
1630 ntxds = 1 + (nsegs / 2);
1632 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
1633 /* not enough free TXDs, force mbuf defrag */
1634 bus_dmamap_unload(sc->txwi_dmat, data->map);
1638 if (__predict_false(error != 0)) {
1639 m1 = m_defrag(m, M_NOWAIT);
1641 device_printf(sc->sc_dev,
1642 "could not defragment mbuf\n");
1648 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m,
1650 if (__predict_false(error != 0)) {
1651 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
1657 /* determine how many TXDs are now required */
1658 ntxds = 1 + (nsegs / 2);
1660 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
1661 /* this is a hopeless case, drop the mbuf! */
1662 bus_dmamap_unload(sc->txwi_dmat, data->map);
1668 qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
1670 /* first segment is TXWI + 802.11 header */
1671 txd = &ring->txd[ring->cur];
1672 txd->sdp0 = htole32(data->paddr);
1673 txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad);
1676 /* setup payload segments */
1678 for (i = nsegs; i >= 2; i -= 2) {
1679 txd->sdp1 = htole32(seg->ds_addr);
1680 txd->sdl1 = htole16(seg->ds_len);
1682 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1683 /* grab a new Tx descriptor */
1684 txd = &ring->txd[ring->cur];
1685 txd->sdp0 = htole32(seg->ds_addr);
1686 txd->sdl0 = htole16(seg->ds_len);
1690 /* finalize last segment */
1692 txd->sdp1 = htole32(seg->ds_addr);
1693 txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1);
1695 txd->sdl0 |= htole16(RT2860_TX_LS0);
1699 /* remove from the free pool and link it into the SW Tx slot */
1700 SLIST_REMOVE_HEAD(&sc->data_pool, next);
1703 ring->data[ring->cur] = data;
1705 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
1706 bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE);
1707 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
1709 DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n",
1710 qid, txwi->wcid, nsegs, ridx));
1712 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1713 ring->queued += ntxds;
1714 if (ring->queued >= RT2860_TX_RING_COUNT)
1715 sc->qfullmsk |= 1 << qid;
1718 RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
1724 rt2860_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
1725 const struct ieee80211_bpf_params *params)
1727 struct ieee80211com *ic = ni->ni_ic;
1728 struct ifnet *ifp = ic->ic_ifp;
1729 struct rt2860_softc *sc = ifp->if_softc;
1734 /* prevent management frames from being sent if we're not ready */
1735 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1738 ieee80211_free_node(ni);
1741 if (params == NULL) {
1743 * Legacy path; interpret frame contents to decide
1744 * precisely how to send the frame.
1746 error = rt2860_tx(sc, m, ni);
1749 * Caller supplied explicit parameters to use in
1750 * sending the frame.
1752 error = rt2860_tx_raw(sc, m, ni, params);
1755 /* NB: m is reclaimed on tx failure */
1756 ieee80211_free_node(ni);
1757 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
1759 sc->sc_tx_timer = 5;
1765 rt2860_tx_raw(struct rt2860_softc *sc, struct mbuf *m,
1766 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params)
1768 struct ifnet *ifp = sc->sc_ifp;
1769 struct ieee80211com *ic = ifp->if_l2com;
1770 struct ieee80211vap *vap = ni->ni_vap;
1771 struct rt2860_tx_ring *ring;
1772 struct rt2860_tx_data *data;
1773 struct rt2860_txd *txd;
1774 struct rt2860_txwi *txwi;
1775 struct ieee80211_frame *wh;
1777 bus_dma_segment_t segs[RT2860_MAX_SCATTER];
1778 bus_dma_segment_t *seg;
1781 uint8_t type, qsel, mcs, pid, tid, qid;
1782 int i, nsegs, ntxds, pad, rate, ridx, error;
1784 /* the data pool contains at least one element, pick the first */
1785 data = SLIST_FIRST(&sc->data_pool);
1787 wh = mtod(m, struct ieee80211_frame *);
1788 hdrlen = ieee80211_hdrsize(wh);
1789 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
1791 /* Choose a TX rate index. */
1792 rate = params->ibp_rate0;
1793 ridx = ieee80211_legacy_rate_lookup(ic->ic_rt,
1794 rate & IEEE80211_RATE_VAL);
1795 if (ridx == (uint8_t)-1) {
1796 /* XXX fall back to mcast/mgmt rate? */
1801 qid = params->ibp_pri & 3;
1803 ring = &sc->txq[qid];
1805 /* get MCS code from rate index */
1806 mcs = rt2860_rates[ridx].mcs;
1808 /* setup TX Wireless Information */
1811 /* let HW generate seq numbers for non-QoS frames */
1812 txwi->xflags = params->ibp_pri & 3 ? 0 : RT2860_TX_NSEQ;
1814 txwi->len = htole16(m->m_pkthdr.len);
1815 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
1816 txwi->phy = htole16(RT2860_PHY_CCK);
1817 if (ridx != RT2860_RIDX_CCK1 &&
1818 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
1819 mcs |= RT2860_PHY_SHPRE;
1821 txwi->phy = htole16(RT2860_PHY_OFDM);
1822 txwi->phy |= htole16(mcs);
1825 * We store the MCS code into the driver-private PacketID field.
1826 * The PacketID is latched into TX_STAT_FIFO when Tx completes so
1827 * that we know at which initial rate the frame was transmitted.
1828 * We add 1 to the MCS code because setting the PacketID field to
1829 * 0 means that we don't want feedback in TX_STAT_FIFO.
1831 pid = (mcs + 1) & 0xf;
1832 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
1834 /* check if RTS/CTS or CTS-to-self protection is required */
1835 if (params->ibp_flags & IEEE80211_BPF_RTS ||
1836 params->ibp_flags & IEEE80211_BPF_CTS)
1837 txwi->txop = RT2860_TX_TXOP_HT;
1839 txwi->txop = RT2860_TX_TXOP_BACKOFF;
1840 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0) {
1841 txwi->xflags |= RT2860_TX_ACK;
1843 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1844 dur = rt2860_rates[ridx].sp_ack_dur;
1846 dur = rt2860_rates[ridx].lp_ack_dur;
1847 *(uint16_t *)wh->i_dur = htole16(dur);
1849 /* ask MAC to insert timestamp into probe responses */
1851 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
1852 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
1853 /* NOTE: beacons do not pass through tx_data() */
1854 txwi->flags |= RT2860_TX_TS;
1856 if (ieee80211_radiotap_active_vap(vap)) {
1857 struct rt2860_tx_radiotap_header *tap = &sc->sc_txtap;
1860 tap->wt_rate = rate;
1861 if (mcs & RT2860_PHY_SHPRE)
1862 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
1864 ieee80211_radiotap_tx(vap, m);
1867 pad = (hdrlen + 3) & ~3;
1869 /* copy and trim 802.11 header */
1870 memcpy(txwi + 1, wh, hdrlen);
1873 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m, segs,
1875 if (__predict_false(error != 0 && error != EFBIG)) {
1876 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
1881 if (__predict_true(error == 0)) {
1882 /* determine how many TXDs are required */
1883 ntxds = 1 + (nsegs / 2);
1885 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
1886 /* not enough free TXDs, force mbuf defrag */
1887 bus_dmamap_unload(sc->txwi_dmat, data->map);
1891 if (__predict_false(error != 0)) {
1892 m1 = m_defrag(m, M_NOWAIT);
1894 device_printf(sc->sc_dev,
1895 "could not defragment mbuf\n");
1901 error = bus_dmamap_load_mbuf_sg(sc->txwi_dmat, data->map, m,
1903 if (__predict_false(error != 0)) {
1904 device_printf(sc->sc_dev, "can't map mbuf (error %d)\n",
1910 /* determine how many TXDs are now required */
1911 ntxds = 1 + (nsegs / 2);
1913 if (ring->queued + ntxds >= RT2860_TX_RING_COUNT) {
1914 /* this is a hopeless case, drop the mbuf! */
1915 bus_dmamap_unload(sc->txwi_dmat, data->map);
1921 qsel = (qid < WME_NUM_AC) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_MGMT;
1923 /* first segment is TXWI + 802.11 header */
1924 txd = &ring->txd[ring->cur];
1925 txd->sdp0 = htole32(data->paddr);
1926 txd->sdl0 = htole16(sizeof (struct rt2860_txwi) + pad);
1929 /* setup payload segments */
1931 for (i = nsegs; i >= 2; i -= 2) {
1932 txd->sdp1 = htole32(seg->ds_addr);
1933 txd->sdl1 = htole16(seg->ds_len);
1935 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1936 /* grab a new Tx descriptor */
1937 txd = &ring->txd[ring->cur];
1938 txd->sdp0 = htole32(seg->ds_addr);
1939 txd->sdl0 = htole16(seg->ds_len);
1943 /* finalize last segment */
1945 txd->sdp1 = htole32(seg->ds_addr);
1946 txd->sdl1 = htole16(seg->ds_len | RT2860_TX_LS1);
1948 txd->sdl0 |= htole16(RT2860_TX_LS0);
1952 /* remove from the free pool and link it into the SW Tx slot */
1953 SLIST_REMOVE_HEAD(&sc->data_pool, next);
1956 ring->data[ring->cur] = data;
1958 bus_dmamap_sync(sc->txwi_dmat, sc->txwi_map, BUS_DMASYNC_PREWRITE);
1959 bus_dmamap_sync(sc->txwi_dmat, data->map, BUS_DMASYNC_PREWRITE);
1960 bus_dmamap_sync(ring->desc_dmat, ring->desc_map, BUS_DMASYNC_PREWRITE);
1962 DPRINTFN(4, ("sending frame qid=%d wcid=%d nsegs=%d ridx=%d\n",
1963 qid, txwi->wcid, nsegs, ridx));
1965 ring->cur = (ring->cur + 1) % RT2860_TX_RING_COUNT;
1966 ring->queued += ntxds;
1967 if (ring->queued >= RT2860_TX_RING_COUNT)
1968 sc->qfullmsk |= 1 << qid;
1971 RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), ring->cur);
1977 rt2860_start(struct ifnet *ifp)
1979 struct rt2860_softc *sc = ifp->if_softc;
1982 rt2860_start_locked(ifp);
1987 rt2860_start_locked(struct ifnet *ifp)
1989 struct rt2860_softc *sc = ifp->if_softc;
1990 struct ieee80211_node *ni;
1993 RAL_LOCK_ASSERT(sc);
1995 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
1996 (ifp->if_drv_flags & IFF_DRV_OACTIVE))
2000 if (SLIST_EMPTY(&sc->data_pool) || sc->qfullmsk != 0) {
2001 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
2004 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
2007 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
2008 if (rt2860_tx(sc, m, ni) != 0) {
2009 ieee80211_free_node(ni);
2010 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
2013 sc->sc_tx_timer = 5;
2018 rt2860_watchdog(void *arg)
2020 struct rt2860_softc *sc = arg;
2021 struct ifnet *ifp = sc->sc_ifp;
2023 RAL_LOCK_ASSERT(sc);
2025 KASSERT(ifp->if_drv_flags & IFF_DRV_RUNNING, ("not running"));
2027 if (sc->sc_invalid) /* card ejected */
2030 if (sc->sc_tx_timer > 0 && --sc->sc_tx_timer == 0) {
2031 if_printf(ifp, "device timeout\n");
2032 rt2860_stop_locked(sc);
2033 rt2860_init_locked(sc);
2034 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
2037 callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc);
2041 rt2860_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
2043 struct rt2860_softc *sc = ifp->if_softc;
2044 struct ieee80211com *ic = ifp->if_l2com;
2045 struct ifreq *ifr = (struct ifreq *)data;
2046 int error = 0, startall = 0;
2051 if (ifp->if_flags & IFF_UP) {
2052 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
2053 rt2860_init_locked(sc);
2056 rt2860_update_promisc(ic);
2058 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
2059 rt2860_stop_locked(sc);
2063 ieee80211_start_all(ic);
2066 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
2069 error = ether_ioctl(ifp, cmd, data);
2079 * Reading and writing from/to the BBP is different from RT2560 and RT2661.
2080 * We access the BBP through the 8051 microcontroller unit which means that
2081 * the microcode must be loaded first.
2084 rt2860_mcu_bbp_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
2088 for (ntries = 0; ntries < 100; ntries++) {
2089 if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
2093 if (ntries == 100) {
2094 device_printf(sc->sc_dev,
2095 "could not write to BBP through MCU\n");
2099 RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
2100 RT2860_BBP_CSR_KICK | reg << 8 | val);
2101 RAL_BARRIER_WRITE(sc);
2103 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0);
2108 rt2860_mcu_bbp_read(struct rt2860_softc *sc, uint8_t reg)
2113 for (ntries = 0; ntries < 100; ntries++) {
2114 if (!(RAL_READ(sc, RT2860_H2M_BBPAGENT) & RT2860_BBP_CSR_KICK))
2118 if (ntries == 100) {
2119 device_printf(sc->sc_dev,
2120 "could not read from BBP through MCU\n");
2124 RAL_WRITE(sc, RT2860_H2M_BBPAGENT, RT2860_BBP_RW_PARALLEL |
2125 RT2860_BBP_CSR_KICK | RT2860_BBP_CSR_READ | reg << 8);
2126 RAL_BARRIER_WRITE(sc);
2128 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_BBP, 0, 0);
2131 for (ntries = 0; ntries < 100; ntries++) {
2132 val = RAL_READ(sc, RT2860_H2M_BBPAGENT);
2133 if (!(val & RT2860_BBP_CSR_KICK))
2137 device_printf(sc->sc_dev, "could not read from BBP through MCU\n");
2143 * Write to one of the 4 programmable 24-bit RF registers.
2146 rt2860_rf_write(struct rt2860_softc *sc, uint8_t reg, uint32_t val)
2151 for (ntries = 0; ntries < 100; ntries++) {
2152 if (!(RAL_READ(sc, RT2860_RF_CSR_CFG0) & RT2860_RF_REG_CTRL))
2156 if (ntries == 100) {
2157 device_printf(sc->sc_dev, "could not write to RF\n");
2161 /* RF registers are 24-bit on the RT2860 */
2162 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT |
2163 (val & 0x3fffff) << 2 | (reg & 3);
2164 RAL_WRITE(sc, RT2860_RF_CSR_CFG0, tmp);
2168 rt3090_rf_read(struct rt2860_softc *sc, uint8_t reg)
2173 for (ntries = 0; ntries < 100; ntries++) {
2174 if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK))
2178 if (ntries == 100) {
2179 device_printf(sc->sc_dev, "could not read RF register\n");
2182 tmp = RT3070_RF_KICK | reg << 8;
2183 RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp);
2185 for (ntries = 0; ntries < 100; ntries++) {
2186 tmp = RAL_READ(sc, RT3070_RF_CSR_CFG);
2187 if (!(tmp & RT3070_RF_KICK))
2191 if (ntries == 100) {
2192 device_printf(sc->sc_dev, "could not read RF register\n");
2199 rt3090_rf_write(struct rt2860_softc *sc, uint8_t reg, uint8_t val)
2204 for (ntries = 0; ntries < 10; ntries++) {
2205 if (!(RAL_READ(sc, RT3070_RF_CSR_CFG) & RT3070_RF_KICK))
2210 device_printf(sc->sc_dev, "could not write to RF\n");
2214 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
2215 RAL_WRITE(sc, RT3070_RF_CSR_CFG, tmp);
2219 * Send a command to the 8051 microcontroller unit.
2222 rt2860_mcu_cmd(struct rt2860_softc *sc, uint8_t cmd, uint16_t arg, int wait)
2228 for (ntries = 0; ntries < 100; ntries++) {
2229 if (!(RAL_READ(sc, RT2860_H2M_MAILBOX) & RT2860_H2M_BUSY))
2236 cid = wait ? cmd : RT2860_TOKEN_NO_INTR;
2237 RAL_WRITE(sc, RT2860_H2M_MAILBOX, RT2860_H2M_BUSY | cid << 16 | arg);
2238 RAL_BARRIER_WRITE(sc);
2239 RAL_WRITE(sc, RT2860_HOST_CMD, cmd);
2243 /* wait for the command to complete */
2244 for (ntries = 0; ntries < 200; ntries++) {
2245 tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_CID);
2246 /* find the command slot */
2247 for (slot = 0; slot < 4; slot++, tmp >>= 8)
2248 if ((tmp & 0xff) == cid)
2254 if (ntries == 200) {
2255 /* clear command and status */
2256 RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
2257 RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
2260 /* get command status (1 means success) */
2261 tmp = RAL_READ(sc, RT2860_H2M_MAILBOX_STATUS);
2262 tmp = (tmp >> (slot * 8)) & 0xff;
2263 DPRINTF(("MCU command=0x%02x slot=%d status=0x%02x\n",
2265 /* clear command and status */
2266 RAL_WRITE(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
2267 RAL_WRITE(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
2268 return (tmp == 1) ? 0 : EIO;
2272 rt2860_enable_mrr(struct rt2860_softc *sc)
2274 #define CCK(mcs) (mcs)
2275 #define OFDM(mcs) (1 << 3 | (mcs))
2276 RAL_WRITE(sc, RT2860_LG_FBK_CFG0,
2277 OFDM(6) << 28 | /* 54->48 */
2278 OFDM(5) << 24 | /* 48->36 */
2279 OFDM(4) << 20 | /* 36->24 */
2280 OFDM(3) << 16 | /* 24->18 */
2281 OFDM(2) << 12 | /* 18->12 */
2282 OFDM(1) << 8 | /* 12-> 9 */
2283 OFDM(0) << 4 | /* 9-> 6 */
2284 OFDM(0)); /* 6-> 6 */
2286 RAL_WRITE(sc, RT2860_LG_FBK_CFG1,
2287 CCK(2) << 12 | /* 11->5.5 */
2288 CCK(1) << 8 | /* 5.5-> 2 */
2289 CCK(0) << 4 | /* 2-> 1 */
2290 CCK(0)); /* 1-> 1 */
2296 rt2860_set_txpreamble(struct rt2860_softc *sc)
2298 struct ifnet *ifp = sc->sc_ifp;
2299 struct ieee80211com *ic = ifp->if_l2com;
2302 tmp = RAL_READ(sc, RT2860_AUTO_RSP_CFG);
2303 tmp &= ~RT2860_CCK_SHORT_EN;
2304 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
2305 tmp |= RT2860_CCK_SHORT_EN;
2306 RAL_WRITE(sc, RT2860_AUTO_RSP_CFG, tmp);
2310 rt2860_set_basicrates(struct rt2860_softc *sc,
2311 const struct ieee80211_rateset *rs)
2313 #define RV(r) ((r) & IEEE80211_RATE_VAL)
2314 struct ifnet *ifp = sc->sc_ifp;
2315 struct ieee80211com *ic = ifp->if_l2com;
2320 for (i = 0; i < rs->rs_nrates; i++) {
2321 rate = rs->rs_rates[i];
2323 if (!(rate & IEEE80211_RATE_BASIC))
2326 mask |= 1 << ieee80211_legacy_rate_lookup(ic->ic_rt, RV(rate));
2329 RAL_WRITE(sc, RT2860_LEGACY_BASIC_RATE, mask);
2334 rt2860_scan_start(struct ieee80211com *ic)
2336 struct ifnet *ifp = ic->ic_ifp;
2337 struct rt2860_softc *sc = ifp->if_softc;
2340 tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
2341 RAL_WRITE(sc, RT2860_BCN_TIME_CFG,
2342 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2343 RT2860_TBTT_TIMER_EN));
2344 rt2860_set_gp_timer(sc, 0);
2348 rt2860_scan_end(struct ieee80211com *ic)
2350 struct ifnet *ifp = ic->ic_ifp;
2351 struct rt2860_softc *sc = ifp->if_softc;
2352 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2354 if (vap->iv_state == IEEE80211_S_RUN) {
2355 rt2860_enable_tsf_sync(sc);
2356 rt2860_set_gp_timer(sc, 500);
2361 rt2860_set_channel(struct ieee80211com *ic)
2363 struct ifnet *ifp = ic->ic_ifp;
2364 struct rt2860_softc *sc = ifp->if_softc;
2367 rt2860_switch_chan(sc, ic->ic_curchan);
2372 rt2860_select_chan_group(struct rt2860_softc *sc, int group)
2377 rt2860_mcu_bbp_write(sc, 62, 0x37 - sc->lna[group]);
2378 rt2860_mcu_bbp_write(sc, 63, 0x37 - sc->lna[group]);
2379 rt2860_mcu_bbp_write(sc, 64, 0x37 - sc->lna[group]);
2380 rt2860_mcu_bbp_write(sc, 86, 0x00);
2383 if (sc->ext_2ghz_lna) {
2384 rt2860_mcu_bbp_write(sc, 82, 0x62);
2385 rt2860_mcu_bbp_write(sc, 75, 0x46);
2387 rt2860_mcu_bbp_write(sc, 82, 0x84);
2388 rt2860_mcu_bbp_write(sc, 75, 0x50);
2391 if (sc->ext_5ghz_lna) {
2392 rt2860_mcu_bbp_write(sc, 82, 0xf2);
2393 rt2860_mcu_bbp_write(sc, 75, 0x46);
2395 rt2860_mcu_bbp_write(sc, 82, 0xf2);
2396 rt2860_mcu_bbp_write(sc, 75, 0x50);
2400 tmp = RAL_READ(sc, RT2860_TX_BAND_CFG);
2401 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
2402 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
2403 RAL_WRITE(sc, RT2860_TX_BAND_CFG, tmp);
2405 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
2406 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
2407 if (sc->nrxchains > 1)
2408 tmp |= RT2860_LNA_PE1_EN;
2409 if (sc->mac_ver == 0x3593 && sc->nrxchains > 2)
2410 tmp |= RT3593_LNA_PE2_EN;
2411 if (group == 0) { /* 2GHz */
2412 tmp |= RT2860_PA_PE_G0_EN;
2413 if (sc->ntxchains > 1)
2414 tmp |= RT2860_PA_PE_G1_EN;
2415 if (sc->mac_ver == 0x3593 && sc->ntxchains > 2)
2416 tmp |= RT3593_PA_PE_G2_EN;
2418 tmp |= RT2860_PA_PE_A0_EN;
2419 if (sc->ntxchains > 1)
2420 tmp |= RT2860_PA_PE_A1_EN;
2421 if (sc->mac_ver == 0x3593 && sc->ntxchains > 2)
2422 tmp |= RT3593_PA_PE_A2_EN;
2424 RAL_WRITE(sc, RT2860_TX_PIN_CFG, tmp);
2426 if (sc->mac_ver == 0x3593) {
2427 tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
2428 if (sc->sc_flags & RT2860_PCIE) {
2437 tmp = (tmp & ~0x00001000) | 0x00000010;
2438 RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp);
2441 /* set initial AGC value */
2442 if (group == 0) { /* 2GHz band */
2443 if (sc->mac_ver >= 0x3071)
2444 agc = 0x1c + sc->lna[0] * 2;
2446 agc = 0x2e + sc->lna[0];
2447 } else { /* 5GHz band */
2448 agc = 0x32 + (sc->lna[group] * 5) / 3;
2450 rt2860_mcu_bbp_write(sc, 66, agc);
2456 rt2860_set_chan(struct rt2860_softc *sc, u_int chan)
2458 const struct rfprog *rfprog = rt2860_rf2850;
2459 uint32_t r2, r3, r4;
2460 int8_t txpow1, txpow2;
2463 /* find the settings for this channel (we know it exists) */
2464 for (i = 0; rfprog[i].chan != chan; i++);
2467 if (sc->ntxchains == 1)
2468 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */
2469 if (sc->nrxchains == 1)
2470 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
2471 else if (sc->nrxchains == 2)
2472 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */
2474 /* use Tx power values from EEPROM */
2475 txpow1 = sc->txpow1[i];
2476 txpow2 = sc->txpow2[i];
2479 txpow1 = txpow1 << 1 | 1;
2481 txpow1 = (7 + txpow1) << 1;
2483 txpow2 = txpow2 << 1 | 1;
2485 txpow2 = (7 + txpow2) << 1;
2487 r3 = rfprog[i].r3 | txpow1 << 7;
2488 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4;
2490 rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
2491 rt2860_rf_write(sc, RT2860_RF2, r2);
2492 rt2860_rf_write(sc, RT2860_RF3, r3);
2493 rt2860_rf_write(sc, RT2860_RF4, r4);
2497 rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
2498 rt2860_rf_write(sc, RT2860_RF2, r2);
2499 rt2860_rf_write(sc, RT2860_RF3, r3 | 1);
2500 rt2860_rf_write(sc, RT2860_RF4, r4);
2504 rt2860_rf_write(sc, RT2860_RF1, rfprog[i].r1);
2505 rt2860_rf_write(sc, RT2860_RF2, r2);
2506 rt2860_rf_write(sc, RT2860_RF3, r3);
2507 rt2860_rf_write(sc, RT2860_RF4, r4);
2511 rt3090_set_chan(struct rt2860_softc *sc, u_int chan)
2513 int8_t txpow1, txpow2;
2517 /* RT3090 is 2GHz only */
2518 KASSERT(chan >= 1 && chan <= 14, ("chan %d not support", chan));
2520 /* find the settings for this channel (we know it exists) */
2521 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
2523 /* use Tx power values from EEPROM */
2524 txpow1 = sc->txpow1[i];
2525 txpow2 = sc->txpow2[i];
2527 rt3090_rf_write(sc, 2, rt3090_freqs[i].n);
2528 rf = rt3090_rf_read(sc, 3);
2529 rf = (rf & ~0x0f) | rt3090_freqs[i].k;
2530 rt3090_rf_write(sc, 3, rf);
2531 rf = rt3090_rf_read(sc, 6);
2532 rf = (rf & ~0x03) | rt3090_freqs[i].r;
2533 rt3090_rf_write(sc, 6, rf);
2536 rf = rt3090_rf_read(sc, 12);
2537 rf = (rf & ~0x1f) | txpow1;
2538 rt3090_rf_write(sc, 12, rf);
2541 rf = rt3090_rf_read(sc, 13);
2542 rf = (rf & ~0x1f) | txpow2;
2543 rt3090_rf_write(sc, 13, rf);
2545 rf = rt3090_rf_read(sc, 1);
2547 if (sc->ntxchains == 1)
2548 rf |= RT3070_TX1_PD | RT3070_TX2_PD;
2549 else if (sc->ntxchains == 2)
2550 rf |= RT3070_TX2_PD;
2551 if (sc->nrxchains == 1)
2552 rf |= RT3070_RX1_PD | RT3070_RX2_PD;
2553 else if (sc->nrxchains == 2)
2554 rf |= RT3070_RX2_PD;
2555 rt3090_rf_write(sc, 1, rf);
2558 rf = rt3090_rf_read(sc, 23);
2559 rf = (rf & ~0x7f) | sc->freq;
2560 rt3090_rf_write(sc, 23, rf);
2562 /* program RF filter */
2563 rf = rt3090_rf_read(sc, 24); /* Tx */
2564 rf = (rf & ~0x3f) | sc->rf24_20mhz;
2565 rt3090_rf_write(sc, 24, rf);
2566 rf = rt3090_rf_read(sc, 31); /* Rx */
2567 rf = (rf & ~0x3f) | sc->rf24_20mhz;
2568 rt3090_rf_write(sc, 31, rf);
2570 /* enable RF tuning */
2571 rf = rt3090_rf_read(sc, 7);
2572 rt3090_rf_write(sc, 7, rf | RT3070_TUNE);
2576 rt5390_set_chan(struct rt2860_softc *sc, u_int chan)
2578 uint8_t h20mhz, rf, tmp;
2579 int8_t txpow1, txpow2;
2582 /* RT5390 is 2GHz only */
2583 KASSERT(chan >= 1 && chan <= 14, ("chan %d not support", chan));
2585 /* find the settings for this channel (we know it exists) */
2586 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
2588 /* use Tx power values from EEPROM */
2589 txpow1 = sc->txpow1[i];
2590 txpow2 = sc->txpow2[i];
2592 rt3090_rf_write(sc, 8, rt3090_freqs[i].n);
2593 rt3090_rf_write(sc, 9, rt3090_freqs[i].k & 0x0f);
2594 rf = rt3090_rf_read(sc, 11);
2595 rf = (rf & ~0x03) | (rt3090_freqs[i].r & 0x03);
2596 rt3090_rf_write(sc, 11, rf);
2598 rf = rt3090_rf_read(sc, 49);
2599 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
2600 /* the valid range of the RF R49 is 0x00~0x27 */
2601 if ((rf & 0x3f) > 0x27)
2602 rf = (rf & ~0x3f) | 0x27;
2603 rt3090_rf_write(sc, 49, rf);
2604 if (sc->mac_ver == 0x5392) {
2605 rf = rt3090_rf_read(sc, 50);
2606 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
2607 /* the valid range of the RF R50 is 0x00~0x27 */
2608 if ((rf & 0x3f) > 0x27)
2609 rf = (rf & ~0x3f) | 0x27;
2610 rt3090_rf_write(sc, 50, rf);
2613 rf = rt3090_rf_read(sc, 1);
2614 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
2615 if (sc->mac_ver == 0x5392)
2616 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
2617 rt3090_rf_write(sc, 1, rf);
2619 rf = rt3090_rf_read(sc, 2);
2620 rt3090_rf_write(sc, 2, rf | RT3593_RESCAL);
2622 rt3090_rf_write(sc, 2, rf & ~RT3593_RESCAL);
2624 rf = rt3090_rf_read(sc, 17);
2626 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
2629 rt2860_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf, 0);
2631 if (sc->mac_ver == 0x5390) {
2634 else if (chan >= 5 && chan <= 6)
2636 else if (chan >= 7 && chan <= 10)
2640 rt3090_rf_write(sc, 55, rf);
2648 else if (chan >= 4 && chan <= 6)
2650 else if (chan >= 7 && chan <= 12)
2652 else if (chan == 13)
2656 rt3090_rf_write(sc, 59, rf);
2660 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
2661 rf = rt3090_rf_read(sc, 30);
2662 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
2663 rt3090_rf_write(sc, 30, rf);
2665 /* Rx BB filter VCM */
2666 rf = rt3090_rf_read(sc, 30);
2667 rf = (rf & ~0x18) | 0x10;
2668 rt3090_rf_write(sc, 30, rf);
2670 /* Initiate VCO calibration. */
2671 rf = rt3090_rf_read(sc, 3);
2672 rf |= RT3593_VCOCAL;
2673 rt3090_rf_write(sc, 3, rf);
2677 rt3090_rf_init(struct rt2860_softc *sc)
2683 rf = rt3090_rf_read(sc, 30);
2684 /* toggle RF R30 bit 7 */
2685 rt3090_rf_write(sc, 30, rf | 0x80);
2687 rt3090_rf_write(sc, 30, rf & ~0x80);
2689 tmp = RAL_READ(sc, RT3070_LDO_CFG0);
2691 if (sc->patch_dac && sc->mac_rev < 0x0211)
2692 tmp |= 0x0d000000; /* 1.35V */
2694 tmp |= 0x01000000; /* 1.2V */
2695 RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
2697 /* patch LNA_PE_G1 */
2698 tmp = RAL_READ(sc, RT3070_GPIO_SWITCH);
2699 RAL_WRITE(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
2701 /* initialize RF registers to default value */
2702 for (i = 0; i < nitems(rt3090_def_rf); i++) {
2703 rt3090_rf_write(sc, rt3090_def_rf[i].reg,
2704 rt3090_def_rf[i].val);
2707 /* select 20MHz bandwidth */
2708 rt3090_rf_write(sc, 31, 0x14);
2710 rf = rt3090_rf_read(sc, 6);
2711 rt3090_rf_write(sc, 6, rf | 0x40);
2713 if (sc->mac_ver != 0x3593) {
2714 /* calibrate filter for 20MHz bandwidth */
2715 sc->rf24_20mhz = 0x1f; /* default value */
2716 rt3090_filter_calib(sc, 0x07, 0x16, &sc->rf24_20mhz);
2718 /* select 40MHz bandwidth */
2719 bbp = rt2860_mcu_bbp_read(sc, 4);
2720 rt2860_mcu_bbp_write(sc, 4, (bbp & ~0x08) | 0x10);
2721 rf = rt3090_rf_read(sc, 31);
2722 rt3090_rf_write(sc, 31, rf | 0x20);
2724 /* calibrate filter for 40MHz bandwidth */
2725 sc->rf24_40mhz = 0x2f; /* default value */
2726 rt3090_filter_calib(sc, 0x27, 0x19, &sc->rf24_40mhz);
2728 /* go back to 20MHz bandwidth */
2729 bbp = rt2860_mcu_bbp_read(sc, 4);
2730 rt2860_mcu_bbp_write(sc, 4, bbp & ~0x18);
2732 if (sc->mac_rev < 0x0211)
2733 rt3090_rf_write(sc, 27, 0x03);
2735 tmp = RAL_READ(sc, RT3070_OPT_14);
2736 RAL_WRITE(sc, RT3070_OPT_14, tmp | 1);
2738 if (sc->rf_rev == RT3070_RF_3020)
2739 rt3090_set_rx_antenna(sc, 0);
2741 bbp = rt2860_mcu_bbp_read(sc, 138);
2742 if (sc->mac_ver == 0x3593) {
2743 if (sc->ntxchains == 1)
2744 bbp |= 0x60; /* turn off DAC1 and DAC2 */
2745 else if (sc->ntxchains == 2)
2746 bbp |= 0x40; /* turn off DAC2 */
2747 if (sc->nrxchains == 1)
2748 bbp &= ~0x06; /* turn off ADC1 and ADC2 */
2749 else if (sc->nrxchains == 2)
2750 bbp &= ~0x04; /* turn off ADC2 */
2752 if (sc->ntxchains == 1)
2753 bbp |= 0x20; /* turn off DAC1 */
2754 if (sc->nrxchains == 1)
2755 bbp &= ~0x02; /* turn off ADC1 */
2757 rt2860_mcu_bbp_write(sc, 138, bbp);
2759 rf = rt3090_rf_read(sc, 1);
2760 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
2761 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
2762 rt3090_rf_write(sc, 1, rf);
2764 rf = rt3090_rf_read(sc, 15);
2765 rt3090_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
2767 rf = rt3090_rf_read(sc, 17);
2768 rf &= ~RT3070_TX_LO1;
2769 if (sc->mac_rev >= 0x0211 && !sc->ext_2ghz_lna)
2770 rf |= 0x20; /* fix for long range Rx issue */
2771 if (sc->txmixgain_2ghz >= 2)
2772 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
2773 rt3090_rf_write(sc, 17, rf);
2775 rf = rt3090_rf_read(sc, 20);
2776 rt3090_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
2778 rf = rt3090_rf_read(sc, 21);
2779 rt3090_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
2785 rt5390_rf_init(struct rt2860_softc *sc)
2790 rf = rt3090_rf_read(sc, 2);
2791 /* Toggle RF R2 bit 7. */
2792 rt3090_rf_write(sc, 2, rf | RT3593_RESCAL);
2794 rt3090_rf_write(sc, 2, rf & ~RT3593_RESCAL);
2796 /* Initialize RF registers to default value. */
2797 if (sc->mac_ver == 0x5392) {
2798 for (i = 0; i < nitems(rt5392_def_rf); i++) {
2799 rt3090_rf_write(sc, rt5392_def_rf[i].reg,
2800 rt5392_def_rf[i].val);
2803 for (i = 0; i < nitems(rt5390_def_rf); i++) {
2804 rt3090_rf_write(sc, rt5390_def_rf[i].reg,
2805 rt5390_def_rf[i].val);
2809 sc->rf24_20mhz = 0x1f;
2810 sc->rf24_40mhz = 0x2f;
2812 if (sc->mac_rev < 0x0211)
2813 rt3090_rf_write(sc, 27, 0x03);
2815 /* Set led open drain enable. */
2816 RAL_WRITE(sc, RT3070_OPT_14, RAL_READ(sc, RT3070_OPT_14) | 1);
2818 RAL_WRITE(sc, RT2860_TX_SW_CFG1, 0);
2819 RAL_WRITE(sc, RT2860_TX_SW_CFG2, 0);
2821 if (sc->mac_ver == 0x5390)
2822 rt3090_set_rx_antenna(sc, 0);
2824 /* Patch RSSI inaccurate issue. */
2825 rt2860_mcu_bbp_write(sc, 79, 0x13);
2826 rt2860_mcu_bbp_write(sc, 80, 0x05);
2827 rt2860_mcu_bbp_write(sc, 81, 0x33);
2829 /* Enable DC filter. */
2830 if (sc->mac_rev >= 0x0211)
2831 rt2860_mcu_bbp_write(sc, 103, 0xc0);
2833 bbp = rt2860_mcu_bbp_read(sc, 138);
2834 if (sc->ntxchains == 1)
2835 bbp |= 0x20; /* Turn off DAC1. */
2836 if (sc->nrxchains == 1)
2837 bbp &= ~0x02; /* Turn off ADC1. */
2838 rt2860_mcu_bbp_write(sc, 138, bbp);
2840 /* Enable RX LO1 and LO2. */
2841 rt3090_rf_write(sc, 38, rt3090_rf_read(sc, 38) & ~RT5390_RX_LO1);
2842 rt3090_rf_write(sc, 39, rt3090_rf_read(sc, 39) & ~RT5390_RX_LO2);
2844 /* Avoid data lost and CRC error. */
2845 rt2860_mcu_bbp_write(sc, 4,
2846 rt2860_mcu_bbp_read(sc, 4) | RT5390_MAC_IF_CTRL);
2848 rf = rt3090_rf_read(sc, 30);
2849 rf = (rf & ~0x18) | 0x10;
2850 rt3090_rf_write(sc, 30, rf);
2854 rt3090_rf_wakeup(struct rt2860_softc *sc)
2859 if (sc->mac_ver == 0x3593) {
2861 rf = rt3090_rf_read(sc, 1);
2862 rt3090_rf_write(sc, 1, rf | RT3593_VCO);
2864 /* initiate VCO calibration */
2865 rf = rt3090_rf_read(sc, 3);
2866 rt3090_rf_write(sc, 3, rf | RT3593_VCOCAL);
2868 /* enable VCO bias current control */
2869 rf = rt3090_rf_read(sc, 6);
2870 rt3090_rf_write(sc, 6, rf | RT3593_VCO_IC);
2872 /* initiate res calibration */
2873 rf = rt3090_rf_read(sc, 2);
2874 rt3090_rf_write(sc, 2, rf | RT3593_RESCAL);
2876 /* set reference current control to 0.33 mA */
2877 rf = rt3090_rf_read(sc, 22);
2878 rf &= ~RT3593_CP_IC_MASK;
2879 rf |= 1 << RT3593_CP_IC_SHIFT;
2880 rt3090_rf_write(sc, 22, rf);
2883 rf = rt3090_rf_read(sc, 46);
2884 rt3090_rf_write(sc, 46, rf | RT3593_RX_CTB);
2886 rf = rt3090_rf_read(sc, 20);
2887 rf &= ~(RT3593_LDO_RF_VC_MASK | RT3593_LDO_PLL_VC_MASK);
2888 rt3090_rf_write(sc, 20, rf);
2890 /* enable RF block */
2891 rf = rt3090_rf_read(sc, 1);
2892 rt3090_rf_write(sc, 1, rf | RT3070_RF_BLOCK);
2894 /* enable VCO bias current control */
2895 rf = rt3090_rf_read(sc, 7);
2896 rt3090_rf_write(sc, 7, rf | 0x30);
2898 rf = rt3090_rf_read(sc, 9);
2899 rt3090_rf_write(sc, 9, rf | 0x0e);
2902 rf = rt3090_rf_read(sc, 21);
2903 rt3090_rf_write(sc, 21, rf | RT3070_RX_CTB);
2905 /* fix Tx to Rx IQ glitch by raising RF voltage */
2906 rf = rt3090_rf_read(sc, 27);
2908 if (sc->mac_rev < 0x0211)
2910 rt3090_rf_write(sc, 27, rf);
2912 if (sc->patch_dac && sc->mac_rev < 0x0211) {
2913 tmp = RAL_READ(sc, RT3070_LDO_CFG0);
2914 tmp = (tmp & ~0x1f000000) | 0x0d000000;
2915 RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
2920 rt5390_rf_wakeup(struct rt2860_softc *sc)
2925 rf = rt3090_rf_read(sc, 1);
2926 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD |
2928 if (sc->mac_ver == 0x5392)
2929 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
2930 rt3090_rf_write(sc, 1, rf);
2932 rf = rt3090_rf_read(sc, 6);
2933 rf |= RT3593_VCO_IC | RT3593_VCOCAL;
2934 if (sc->mac_ver == 0x5390)
2935 rf &= ~RT3593_VCO_IC;
2936 rt3090_rf_write(sc, 6, rf);
2938 rt3090_rf_write(sc, 2, rt3090_rf_read(sc, 2) | RT3593_RESCAL);
2940 rf = rt3090_rf_read(sc, 22);
2941 rf = (rf & ~0xe0) | 0x20;
2942 rt3090_rf_write(sc, 22, rf);
2944 rt3090_rf_write(sc, 42, rt3090_rf_read(sc, 42) | RT5390_RX_CTB);
2945 rt3090_rf_write(sc, 20, rt3090_rf_read(sc, 20) & ~0x77);
2946 rt3090_rf_write(sc, 3, rt3090_rf_read(sc, 3) | RT3593_VCOCAL);
2948 if (sc->patch_dac && sc->mac_rev < 0x0211) {
2949 tmp = RAL_READ(sc, RT3070_LDO_CFG0);
2950 tmp = (tmp & ~0x1f000000) | 0x0d000000;
2951 RAL_WRITE(sc, RT3070_LDO_CFG0, tmp);
2956 rt3090_filter_calib(struct rt2860_softc *sc, uint8_t init, uint8_t target,
2960 uint8_t bbp55_pb, bbp55_sb, delta;
2963 /* program filter */
2964 rf24 = rt3090_rf_read(sc, 24);
2965 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
2966 rt3090_rf_write(sc, 24, rf24);
2968 /* enable baseband loopback mode */
2969 rf22 = rt3090_rf_read(sc, 22);
2970 rt3090_rf_write(sc, 22, rf22 | RT3070_BB_LOOPBACK);
2972 /* set power and frequency of passband test tone */
2973 rt2860_mcu_bbp_write(sc, 24, 0x00);
2974 for (ntries = 0; ntries < 100; ntries++) {
2975 /* transmit test tone */
2976 rt2860_mcu_bbp_write(sc, 25, 0x90);
2978 /* read received power */
2979 bbp55_pb = rt2860_mcu_bbp_read(sc, 55);
2986 /* set power and frequency of stopband test tone */
2987 rt2860_mcu_bbp_write(sc, 24, 0x06);
2988 for (ntries = 0; ntries < 100; ntries++) {
2989 /* transmit test tone */
2990 rt2860_mcu_bbp_write(sc, 25, 0x90);
2992 /* read received power */
2993 bbp55_sb = rt2860_mcu_bbp_read(sc, 55);
2995 delta = bbp55_pb - bbp55_sb;
2999 /* reprogram filter */
3001 rt3090_rf_write(sc, 24, rf24);
3005 rf24--; /* backtrack */
3007 rt3090_rf_write(sc, 24, rf24);
3010 /* restore initial state */
3011 rt2860_mcu_bbp_write(sc, 24, 0x00);
3013 /* disable baseband loopback mode */
3014 rf22 = rt3090_rf_read(sc, 22);
3015 rt3090_rf_write(sc, 22, rf22 & ~RT3070_BB_LOOPBACK);
3021 rt3090_rf_setup(struct rt2860_softc *sc)
3026 if (sc->mac_rev >= 0x0211) {
3027 /* enable DC filter */
3028 rt2860_mcu_bbp_write(sc, 103, 0xc0);
3030 /* improve power consumption */
3031 bbp = rt2860_mcu_bbp_read(sc, 31);
3032 rt2860_mcu_bbp_write(sc, 31, bbp & ~0x03);
3035 RAL_WRITE(sc, RT2860_TX_SW_CFG1, 0);
3036 if (sc->mac_rev < 0x0211) {
3037 RAL_WRITE(sc, RT2860_TX_SW_CFG2,
3038 sc->patch_dac ? 0x2c : 0x0f);
3040 RAL_WRITE(sc, RT2860_TX_SW_CFG2, 0);
3042 /* initialize RF registers from ROM */
3043 if (sc->mac_ver < 0x5390) {
3044 for (i = 0; i < 10; i++) {
3045 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
3047 rt3090_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
3053 rt2860_set_leds(struct rt2860_softc *sc, uint16_t which)
3055 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
3056 which | (sc->leds & 0x7f), 0);
3060 * Hardware has a general-purpose programmable timer interrupt that can
3061 * periodically raise MAC_INT_4.
3064 rt2860_set_gp_timer(struct rt2860_softc *sc, int ms)
3068 /* disable GP timer before reprogramming it */
3069 tmp = RAL_READ(sc, RT2860_INT_TIMER_EN);
3070 RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp & ~RT2860_GP_TIMER_EN);
3075 tmp = RAL_READ(sc, RT2860_INT_TIMER_CFG);
3076 ms *= 16; /* Unit: 64us */
3077 tmp = (tmp & 0xffff) | ms << RT2860_GP_TIMER_SHIFT;
3078 RAL_WRITE(sc, RT2860_INT_TIMER_CFG, tmp);
3080 /* enable GP timer */
3081 tmp = RAL_READ(sc, RT2860_INT_TIMER_EN);
3082 RAL_WRITE(sc, RT2860_INT_TIMER_EN, tmp | RT2860_GP_TIMER_EN);
3086 rt2860_set_bssid(struct rt2860_softc *sc, const uint8_t *bssid)
3088 RAL_WRITE(sc, RT2860_MAC_BSSID_DW0,
3089 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
3090 RAL_WRITE(sc, RT2860_MAC_BSSID_DW1,
3091 bssid[4] | bssid[5] << 8);
3095 rt2860_set_macaddr(struct rt2860_softc *sc, const uint8_t *addr)
3097 RAL_WRITE(sc, RT2860_MAC_ADDR_DW0,
3098 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
3099 RAL_WRITE(sc, RT2860_MAC_ADDR_DW1,
3100 addr[4] | addr[5] << 8 | 0xff << 16);
3104 rt2860_updateslot(struct ieee80211com *ic)
3106 struct rt2860_softc *sc = ic->ic_softc;
3109 tmp = RAL_READ(sc, RT2860_BKOFF_SLOT_CFG);
3111 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
3112 RAL_WRITE(sc, RT2860_BKOFF_SLOT_CFG, tmp);
3116 rt2860_updateprot(struct ifnet *ifp)
3118 struct rt2860_softc *sc = ifp->if_softc;
3119 struct ieee80211com *ic = ifp->if_l2com;
3122 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
3123 /* setup protection frame rate (MCS code) */
3124 tmp |= IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ?
3125 rt2860_rates[RT2860_RIDX_OFDM6].mcs :
3126 rt2860_rates[RT2860_RIDX_CCK11].mcs;
3128 /* CCK frames don't require protection */
3129 RAL_WRITE(sc, RT2860_CCK_PROT_CFG, tmp);
3131 if (ic->ic_flags & IEEE80211_F_USEPROT) {
3132 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
3133 tmp |= RT2860_PROT_CTRL_RTS_CTS;
3134 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
3135 tmp |= RT2860_PROT_CTRL_CTS;
3137 RAL_WRITE(sc, RT2860_OFDM_PROT_CFG, tmp);
3141 rt2860_update_promisc(struct ieee80211com *ic)
3143 struct rt2860_softc *sc = ic->ic_softc;
3146 tmp = RAL_READ(sc, RT2860_RX_FILTR_CFG);
3147 tmp &= ~RT2860_DROP_NOT_MYBSS;
3148 if (!(ic->ic_ifp->if_flags & IFF_PROMISC))
3149 tmp |= RT2860_DROP_NOT_MYBSS;
3150 RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
3154 rt2860_updateedca(struct ieee80211com *ic)
3156 struct rt2860_softc *sc = ic->ic_ifp->if_softc;
3157 const struct wmeParams *wmep;
3160 wmep = ic->ic_wme.wme_chanParams.cap_wmeParams;
3162 /* update MAC TX configuration registers */
3163 for (aci = 0; aci < WME_NUM_AC; aci++) {
3164 RAL_WRITE(sc, RT2860_EDCA_AC_CFG(aci),
3165 wmep[aci].wmep_logcwmax << 16 |
3166 wmep[aci].wmep_logcwmin << 12 |
3167 wmep[aci].wmep_aifsn << 8 |
3168 wmep[aci].wmep_txopLimit);
3171 /* update SCH/DMA registers too */
3172 RAL_WRITE(sc, RT2860_WMM_AIFSN_CFG,
3173 wmep[WME_AC_VO].wmep_aifsn << 12 |
3174 wmep[WME_AC_VI].wmep_aifsn << 8 |
3175 wmep[WME_AC_BK].wmep_aifsn << 4 |
3176 wmep[WME_AC_BE].wmep_aifsn);
3177 RAL_WRITE(sc, RT2860_WMM_CWMIN_CFG,
3178 wmep[WME_AC_VO].wmep_logcwmin << 12 |
3179 wmep[WME_AC_VI].wmep_logcwmin << 8 |
3180 wmep[WME_AC_BK].wmep_logcwmin << 4 |
3181 wmep[WME_AC_BE].wmep_logcwmin);
3182 RAL_WRITE(sc, RT2860_WMM_CWMAX_CFG,
3183 wmep[WME_AC_VO].wmep_logcwmax << 12 |
3184 wmep[WME_AC_VI].wmep_logcwmax << 8 |
3185 wmep[WME_AC_BK].wmep_logcwmax << 4 |
3186 wmep[WME_AC_BE].wmep_logcwmax);
3187 RAL_WRITE(sc, RT2860_WMM_TXOP0_CFG,
3188 wmep[WME_AC_BK].wmep_txopLimit << 16 |
3189 wmep[WME_AC_BE].wmep_txopLimit);
3190 RAL_WRITE(sc, RT2860_WMM_TXOP1_CFG,
3191 wmep[WME_AC_VO].wmep_txopLimit << 16 |
3192 wmep[WME_AC_VI].wmep_txopLimit);
3199 rt2860_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
3200 struct ieee80211_key *k)
3202 struct rt2860_softc *sc = ic->ic_softc;
3205 uint8_t mode, wcid, iv[8];
3207 /* defer setting of WEP keys until interface is brought up */
3208 if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) !=
3209 (IFF_UP | IFF_RUNNING))
3212 /* map net80211 cipher to RT2860 security mode */
3213 switch (k->k_cipher) {
3214 case IEEE80211_CIPHER_WEP40:
3215 mode = RT2860_MODE_WEP40;
3217 case IEEE80211_CIPHER_WEP104:
3218 mode = RT2860_MODE_WEP104;
3220 case IEEE80211_CIPHER_TKIP:
3221 mode = RT2860_MODE_TKIP;
3223 case IEEE80211_CIPHER_CCMP:
3224 mode = RT2860_MODE_AES_CCMP;
3230 if (k->k_flags & IEEE80211_KEY_GROUP) {
3231 wcid = 0; /* NB: update WCID0 for group keys */
3232 base = RT2860_SKEY(0, k->k_id);
3234 wcid = ((struct rt2860_node *)ni)->wcid;
3235 base = RT2860_PKEY(wcid);
3238 if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
3239 RAL_WRITE_REGION_1(sc, base, k->k_key, 16);
3240 #ifndef IEEE80211_STA_ONLY
3241 if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
3242 RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[16], 8);
3243 RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[24], 8);
3247 RAL_WRITE_REGION_1(sc, base + 16, &k->k_key[24], 8);
3248 RAL_WRITE_REGION_1(sc, base + 24, &k->k_key[16], 8);
3251 RAL_WRITE_REGION_1(sc, base, k->k_key, k->k_len);
3253 if (!(k->k_flags & IEEE80211_KEY_GROUP) ||
3254 (k->k_flags & IEEE80211_KEY_TX)) {
3255 /* set initial packet number in IV+EIV */
3256 if (k->k_cipher == IEEE80211_CIPHER_WEP40 ||
3257 k->k_cipher == IEEE80211_CIPHER_WEP104) {
3258 uint32_t val = arc4random();
3259 /* skip weak IVs from Fluhrer/Mantin/Shamir */
3260 if (val >= 0x03ff00 && (val & 0xf8ff00) == 0x00ff00)
3265 iv[3] = k->k_id << 6;
3266 iv[4] = iv[5] = iv[6] = iv[7] = 0;
3268 if (k->k_cipher == IEEE80211_CIPHER_TKIP) {
3269 iv[0] = k->k_tsc >> 8;
3270 iv[1] = (iv[0] | 0x20) & 0x7f;
3274 iv[1] = k->k_tsc >> 8;
3277 iv[3] = k->k_id << 6 | IEEE80211_WEP_EXTIV;
3278 iv[4] = k->k_tsc >> 16;
3279 iv[5] = k->k_tsc >> 24;
3280 iv[6] = k->k_tsc >> 32;
3281 iv[7] = k->k_tsc >> 40;
3283 RAL_WRITE_REGION_1(sc, RT2860_IVEIV(wcid), iv, 8);
3286 if (k->k_flags & IEEE80211_KEY_GROUP) {
3287 /* install group key */
3288 attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7);
3289 attr &= ~(0xf << (k->k_id * 4));
3290 attr |= mode << (k->k_id * 4);
3291 RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr);
3293 /* install pairwise key */
3294 attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid));
3295 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
3296 RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr);
3302 rt2860_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
3303 struct ieee80211_key *k)
3305 struct rt2860_softc *sc = ic->ic_softc;
3309 if (k->k_flags & IEEE80211_KEY_GROUP) {
3310 /* remove group key */
3311 attr = RAL_READ(sc, RT2860_SKEY_MODE_0_7);
3312 attr &= ~(0xf << (k->k_id * 4));
3313 RAL_WRITE(sc, RT2860_SKEY_MODE_0_7, attr);
3316 /* remove pairwise key */
3317 wcid = ((struct rt2860_node *)ni)->wcid;
3318 attr = RAL_READ(sc, RT2860_WCID_ATTR(wcid));
3320 RAL_WRITE(sc, RT2860_WCID_ATTR(wcid), attr);
3326 rt2860_rssi2dbm(struct rt2860_softc *sc, uint8_t rssi, uint8_t rxchain)
3328 struct ifnet *ifp = sc->sc_ifp;
3329 struct ieee80211com *ic = ifp->if_l2com;
3330 struct ieee80211_channel *c = ic->ic_curchan;
3333 if (IEEE80211_IS_CHAN_5GHZ(c)) {
3334 u_int chan = ieee80211_chan2ieee(ic, c);
3335 delta = sc->rssi_5ghz[rxchain];
3337 /* determine channel group */
3339 delta -= sc->lna[1];
3340 else if (chan <= 128)
3341 delta -= sc->lna[2];
3343 delta -= sc->lna[3];
3345 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
3347 return -12 - delta - rssi;
3351 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
3352 * Used to adjust per-rate Tx power registers.
3354 static __inline uint32_t
3355 b4inc(uint32_t b32, int8_t delta)
3359 for (i = 0; i < 8; i++) {
3366 b32 = b32 >> 4 | b4 << 28;
3372 rt2860_get_rf(uint8_t rev)
3375 case RT2860_RF_2820: return "RT2820";
3376 case RT2860_RF_2850: return "RT2850";
3377 case RT2860_RF_2720: return "RT2720";
3378 case RT2860_RF_2750: return "RT2750";
3379 case RT3070_RF_3020: return "RT3020";
3380 case RT3070_RF_2020: return "RT2020";
3381 case RT3070_RF_3021: return "RT3021";
3382 case RT3070_RF_3022: return "RT3022";
3383 case RT3070_RF_3052: return "RT3052";
3384 case RT3070_RF_3320: return "RT3320";
3385 case RT3070_RF_3053: return "RT3053";
3386 case RT5390_RF_5390: return "RT5390";
3387 default: return "unknown";
3392 rt2860_read_eeprom(struct rt2860_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN])
3394 int8_t delta_2ghz, delta_5ghz;
3399 /* check whether the ROM is eFUSE ROM or EEPROM */
3400 sc->sc_srom_read = rt2860_eeprom_read_2;
3401 if (sc->mac_ver >= 0x3071) {
3402 tmp = RAL_READ(sc, RT3070_EFUSE_CTRL);
3403 DPRINTF(("EFUSE_CTRL=0x%08x\n", tmp));
3404 if (tmp & RT3070_SEL_EFUSE)
3405 sc->sc_srom_read = rt3090_efuse_read_2;
3408 /* read EEPROM version */
3409 val = rt2860_srom_read(sc, RT2860_EEPROM_VERSION);
3410 DPRINTF(("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8));
3412 /* read MAC address */
3413 val = rt2860_srom_read(sc, RT2860_EEPROM_MAC01);
3414 macaddr[0] = val & 0xff;
3415 macaddr[1] = val >> 8;
3416 val = rt2860_srom_read(sc, RT2860_EEPROM_MAC23);
3417 macaddr[2] = val & 0xff;
3418 macaddr[3] = val >> 8;
3419 val = rt2860_srom_read(sc, RT2860_EEPROM_MAC45);
3420 macaddr[4] = val & 0xff;
3421 macaddr[5] = val >> 8;
3423 /* read country code */
3424 val = rt2860_srom_read(sc, RT2860_EEPROM_COUNTRY);
3425 DPRINTF(("EEPROM region code=0x%04x\n", val));
3427 /* read vendor BBP settings */
3428 for (i = 0; i < 8; i++) {
3429 val = rt2860_srom_read(sc, RT2860_EEPROM_BBP_BASE + i);
3430 sc->bbp[i].val = val & 0xff;
3431 sc->bbp[i].reg = val >> 8;
3432 DPRINTF(("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val));
3434 if (sc->mac_ver >= 0x3071) {
3435 /* read vendor RF settings */
3436 for (i = 0; i < 10; i++) {
3437 val = rt2860_srom_read(sc, RT3071_EEPROM_RF_BASE + i);
3438 sc->rf[i].val = val & 0xff;
3439 sc->rf[i].reg = val >> 8;
3440 DPRINTF(("RF%d=0x%02x\n", sc->rf[i].reg,
3445 /* read RF frequency offset from EEPROM */
3446 val = rt2860_srom_read(sc, RT2860_EEPROM_FREQ_LEDS);
3447 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
3448 DPRINTF(("EEPROM freq offset %d\n", sc->freq & 0xff));
3449 if ((val >> 8) != 0xff) {
3450 /* read LEDs operating mode */
3451 sc->leds = val >> 8;
3452 sc->led[0] = rt2860_srom_read(sc, RT2860_EEPROM_LED1);
3453 sc->led[1] = rt2860_srom_read(sc, RT2860_EEPROM_LED2);
3454 sc->led[2] = rt2860_srom_read(sc, RT2860_EEPROM_LED3);
3456 /* broken EEPROM, use default settings */
3458 sc->led[0] = 0x5555;
3459 sc->led[1] = 0x2221;
3460 sc->led[2] = 0xa9f8;
3462 DPRINTF(("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
3463 sc->leds, sc->led[0], sc->led[1], sc->led[2]));
3465 /* read RF information */
3466 val = rt2860_srom_read(sc, RT2860_EEPROM_ANTENNA);
3467 if (val == 0xffff) {
3468 DPRINTF(("invalid EEPROM antenna info, using default\n"));
3469 if (sc->mac_ver >= 0x5390) {
3470 /* default to RF5390 */
3471 sc->rf_rev = RT5390_RF_5390;
3472 sc->ntxchains = (sc->mac_ver == 0x5392) ? 2 : 1;
3473 sc->nrxchains = (sc->mac_ver == 0x5392) ? 2 : 1;
3474 } else if (sc->mac_ver == 0x3593) {
3475 /* default to RF3053 3T3R */
3476 sc->rf_rev = RT3070_RF_3053;
3479 } else if (sc->mac_ver >= 0x3071) {
3480 /* default to RF3020 1T1R */
3481 sc->rf_rev = RT3070_RF_3020;
3485 /* default to RF2820 1T2R */
3486 sc->rf_rev = RT2860_RF_2820;
3491 sc->rf_rev = (val >> 8) & 0xf;
3492 if (sc->mac_ver >= 0x5390) {
3493 sc->ntxchains = (sc->mac_ver == 0x5392) ? 2 : 1;
3494 sc->nrxchains = (sc->mac_ver == 0x5392) ? 2 : 1;
3496 sc->ntxchains = (val >> 4) & 0xf;
3497 sc->nrxchains = val & 0xf;
3500 DPRINTF(("EEPROM RF rev=0x%02x chains=%dT%dR\n",
3501 sc->rf_rev, sc->ntxchains, sc->nrxchains));
3503 /* check if RF supports automatic Tx access gain control */
3504 val = rt2860_srom_read(sc, RT2860_EEPROM_CONFIG);
3505 DPRINTF(("EEPROM CFG 0x%04x\n", val));
3506 /* check if driver should patch the DAC issue */
3507 if ((val >> 8) != 0xff)
3508 sc->patch_dac = (val >> 15) & 1;
3509 if ((val & 0xff) != 0xff) {
3510 sc->ext_5ghz_lna = (val >> 3) & 1;
3511 sc->ext_2ghz_lna = (val >> 2) & 1;
3512 /* check if RF supports automatic Tx access gain control */
3513 sc->calib_2ghz = sc->calib_5ghz = 0; /* XXX (val >> 1) & 1 */;
3514 /* check if we have a hardware radio switch */
3515 sc->rfswitch = val & 1;
3517 if (sc->sc_flags & RT2860_ADVANCED_PS) {
3518 /* read PCIe power save level */
3519 val = rt2860_srom_read(sc, RT2860_EEPROM_PCIE_PSLEVEL);
3520 if ((val & 0xff) != 0xff) {
3521 sc->pslevel = val & 0x3;
3522 val = rt2860_srom_read(sc, RT2860_EEPROM_REV);
3523 if ((val & 0xff80) != 0x9280)
3524 sc->pslevel = MIN(sc->pslevel, 1);
3525 DPRINTF(("EEPROM PCIe PS Level=%d\n", sc->pslevel));
3529 /* read power settings for 2GHz channels */
3530 for (i = 0; i < 14; i += 2) {
3531 val = rt2860_srom_read(sc,
3532 RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2);
3533 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
3534 sc->txpow1[i + 1] = (int8_t)(val >> 8);
3536 if (sc->mac_ver != 0x5390) {
3537 val = rt2860_srom_read(sc,
3538 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2);
3539 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
3540 sc->txpow2[i + 1] = (int8_t)(val >> 8);
3543 /* fix broken Tx power entries */
3544 for (i = 0; i < 14; i++) {
3545 if (sc->txpow1[i] < 0 ||
3546 sc->txpow1[i] > ((sc->mac_ver >= 0x5390) ? 39 : 31))
3548 if (sc->mac_ver != 0x5390) {
3549 if (sc->txpow2[i] < 0 ||
3550 sc->txpow2[i] > ((sc->mac_ver == 0x5392) ? 39 : 31))
3553 DPRINTF(("chan %d: power1=%d, power2=%d\n",
3554 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]));
3556 /* read power settings for 5GHz channels */
3557 for (i = 0; i < 40; i += 2) {
3558 val = rt2860_srom_read(sc,
3559 RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2);
3560 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
3561 sc->txpow1[i + 15] = (int8_t)(val >> 8);
3563 val = rt2860_srom_read(sc,
3564 RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2);
3565 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
3566 sc->txpow2[i + 15] = (int8_t)(val >> 8);
3568 /* fix broken Tx power entries */
3569 for (i = 0; i < 40; i++) {
3570 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
3571 sc->txpow1[14 + i] = 5;
3572 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
3573 sc->txpow2[14 + i] = 5;
3574 DPRINTF(("chan %d: power1=%d, power2=%d\n",
3575 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
3576 sc->txpow2[14 + i]));
3579 /* read Tx power compensation for each Tx rate */
3580 val = rt2860_srom_read(sc, RT2860_EEPROM_DELTAPWR);
3581 delta_2ghz = delta_5ghz = 0;
3582 if ((val & 0xff) != 0xff && (val & 0x80)) {
3583 delta_2ghz = val & 0xf;
3584 if (!(val & 0x40)) /* negative number */
3585 delta_2ghz = -delta_2ghz;
3588 if ((val & 0xff) != 0xff && (val & 0x80)) {
3589 delta_5ghz = val & 0xf;
3590 if (!(val & 0x40)) /* negative number */
3591 delta_5ghz = -delta_5ghz;
3593 DPRINTF(("power compensation=%d (2GHz), %d (5GHz)\n",
3594 delta_2ghz, delta_5ghz));
3596 for (ridx = 0; ridx < 5; ridx++) {
3599 val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2);
3601 val = rt2860_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1);
3602 reg |= (uint32_t)val << 16;
3604 sc->txpow20mhz[ridx] = reg;
3605 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
3606 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
3608 DPRINTF(("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
3609 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
3610 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]));
3613 /* read factory-calibrated samples for temperature compensation */
3614 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_2GHZ);
3615 sc->tssi_2ghz[0] = val & 0xff; /* [-4] */
3616 sc->tssi_2ghz[1] = val >> 8; /* [-3] */
3617 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_2GHZ);
3618 sc->tssi_2ghz[2] = val & 0xff; /* [-2] */
3619 sc->tssi_2ghz[3] = val >> 8; /* [-1] */
3620 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_2GHZ);
3621 sc->tssi_2ghz[4] = val & 0xff; /* [+0] */
3622 sc->tssi_2ghz[5] = val >> 8; /* [+1] */
3623 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_2GHZ);
3624 sc->tssi_2ghz[6] = val & 0xff; /* [+2] */
3625 sc->tssi_2ghz[7] = val >> 8; /* [+3] */
3626 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_2GHZ);
3627 sc->tssi_2ghz[8] = val & 0xff; /* [+4] */
3628 sc->step_2ghz = val >> 8;
3629 DPRINTF(("TSSI 2GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
3630 "0x%02x 0x%02x step=%d\n", sc->tssi_2ghz[0], sc->tssi_2ghz[1],
3631 sc->tssi_2ghz[2], sc->tssi_2ghz[3], sc->tssi_2ghz[4],
3632 sc->tssi_2ghz[5], sc->tssi_2ghz[6], sc->tssi_2ghz[7],
3633 sc->tssi_2ghz[8], sc->step_2ghz));
3634 /* check that ref value is correct, otherwise disable calibration */
3635 if (sc->tssi_2ghz[4] == 0xff)
3638 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI1_5GHZ);
3639 sc->tssi_5ghz[0] = val & 0xff; /* [-4] */
3640 sc->tssi_5ghz[1] = val >> 8; /* [-3] */
3641 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI2_5GHZ);
3642 sc->tssi_5ghz[2] = val & 0xff; /* [-2] */
3643 sc->tssi_5ghz[3] = val >> 8; /* [-1] */
3644 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI3_5GHZ);
3645 sc->tssi_5ghz[4] = val & 0xff; /* [+0] */
3646 sc->tssi_5ghz[5] = val >> 8; /* [+1] */
3647 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI4_5GHZ);
3648 sc->tssi_5ghz[6] = val & 0xff; /* [+2] */
3649 sc->tssi_5ghz[7] = val >> 8; /* [+3] */
3650 val = rt2860_srom_read(sc, RT2860_EEPROM_TSSI5_5GHZ);
3651 sc->tssi_5ghz[8] = val & 0xff; /* [+4] */
3652 sc->step_5ghz = val >> 8;
3653 DPRINTF(("TSSI 5GHz: 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x 0x%02x "
3654 "0x%02x 0x%02x step=%d\n", sc->tssi_5ghz[0], sc->tssi_5ghz[1],
3655 sc->tssi_5ghz[2], sc->tssi_5ghz[3], sc->tssi_5ghz[4],
3656 sc->tssi_5ghz[5], sc->tssi_5ghz[6], sc->tssi_5ghz[7],
3657 sc->tssi_5ghz[8], sc->step_5ghz));
3658 /* check that ref value is correct, otherwise disable calibration */
3659 if (sc->tssi_5ghz[4] == 0xff)
3662 /* read RSSI offsets and LNA gains from EEPROM */
3663 val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ);
3664 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
3665 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
3666 val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ);
3667 if (sc->mac_ver >= 0x3071) {
3669 * On RT3090 chips (limited to 2 Rx chains), this ROM
3670 * field contains the Tx mixer gain for the 2GHz band.
3672 if ((val & 0xff) != 0xff)
3673 sc->txmixgain_2ghz = val & 0x7;
3674 DPRINTF(("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz));
3676 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
3677 sc->lna[2] = val >> 8; /* channel group 2 */
3679 val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ);
3680 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
3681 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
3682 val = rt2860_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ);
3683 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
3684 sc->lna[3] = val >> 8; /* channel group 3 */
3686 val = rt2860_srom_read(sc, RT2860_EEPROM_LNA);
3687 if (sc->mac_ver >= 0x3071)
3688 sc->lna[0] = RT3090_DEF_LNA;
3689 else /* channel group 0 */
3690 sc->lna[0] = val & 0xff;
3691 sc->lna[1] = val >> 8; /* channel group 1 */
3693 /* fix broken 5GHz LNA entries */
3694 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
3695 DPRINTF(("invalid LNA for channel group %d\n", 2));
3696 sc->lna[2] = sc->lna[1];
3698 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
3699 DPRINTF(("invalid LNA for channel group %d\n", 3));
3700 sc->lna[3] = sc->lna[1];
3703 /* fix broken RSSI offset entries */
3704 for (ant = 0; ant < 3; ant++) {
3705 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
3706 DPRINTF(("invalid RSSI%d offset: %d (2GHz)\n",
3707 ant + 1, sc->rssi_2ghz[ant]));
3708 sc->rssi_2ghz[ant] = 0;
3710 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
3711 DPRINTF(("invalid RSSI%d offset: %d (5GHz)\n",
3712 ant + 1, sc->rssi_5ghz[ant]));
3713 sc->rssi_5ghz[ant] = 0;
3721 rt2860_bbp_init(struct rt2860_softc *sc)
3725 /* wait for BBP to wake up */
3726 for (ntries = 0; ntries < 20; ntries++) {
3727 uint8_t bbp0 = rt2860_mcu_bbp_read(sc, 0);
3728 if (bbp0 != 0 && bbp0 != 0xff)
3732 device_printf(sc->sc_dev,
3733 "timeout waiting for BBP to wake up\n");
3737 /* initialize BBP registers to default values */
3738 if (sc->mac_ver >= 0x5390)
3739 rt5390_bbp_init(sc);
3741 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
3742 rt2860_mcu_bbp_write(sc, rt2860_def_bbp[i].reg,
3743 rt2860_def_bbp[i].val);
3747 /* fix BBP84 for RT2860E */
3748 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
3749 rt2860_mcu_bbp_write(sc, 84, 0x19);
3751 if (sc->mac_ver >= 0x3071) {
3752 rt2860_mcu_bbp_write(sc, 79, 0x13);
3753 rt2860_mcu_bbp_write(sc, 80, 0x05);
3754 rt2860_mcu_bbp_write(sc, 81, 0x33);
3755 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
3756 rt2860_mcu_bbp_write(sc, 69, 0x16);
3757 rt2860_mcu_bbp_write(sc, 73, 0x12);
3764 rt5390_bbp_init(struct rt2860_softc *sc)
3769 /* Apply maximum likelihood detection for 2 stream case. */
3770 if (sc->nrxchains > 1) {
3771 bbp = rt2860_mcu_bbp_read(sc, 105);
3772 rt2860_mcu_bbp_write(sc, 105, bbp | RT5390_MLD);
3775 /* Avoid data lost and CRC error. */
3776 bbp = rt2860_mcu_bbp_read(sc, 4);
3777 rt2860_mcu_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
3779 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
3780 rt2860_mcu_bbp_write(sc, rt5390_def_bbp[i].reg,
3781 rt5390_def_bbp[i].val);
3784 if (sc->mac_ver == 0x5392) {
3785 rt2860_mcu_bbp_write(sc, 84, 0x9a);
3786 rt2860_mcu_bbp_write(sc, 95, 0x9a);
3787 rt2860_mcu_bbp_write(sc, 98, 0x12);
3788 rt2860_mcu_bbp_write(sc, 106, 0x05);
3789 rt2860_mcu_bbp_write(sc, 134, 0xd0);
3790 rt2860_mcu_bbp_write(sc, 135, 0xf6);
3793 bbp = rt2860_mcu_bbp_read(sc, 152);
3794 rt2860_mcu_bbp_write(sc, 152, bbp | 0x80);
3796 /* Disable hardware antenna diversity. */
3797 if (sc->mac_ver == 0x5390)
3798 rt2860_mcu_bbp_write(sc, 154, 0);
3802 rt2860_txrx_enable(struct rt2860_softc *sc)
3804 struct ifnet *ifp = sc->sc_ifp;
3805 struct ieee80211com *ic = ifp->if_l2com;
3809 /* enable Tx/Rx DMA engine */
3810 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
3811 RAL_BARRIER_READ_WRITE(sc);
3812 for (ntries = 0; ntries < 200; ntries++) {
3813 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
3814 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
3818 if (ntries == 200) {
3819 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
3825 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN |
3826 RT2860_WPDMA_BT_SIZE64 << RT2860_WPDMA_BT_SIZE_SHIFT;
3827 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
3830 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
3831 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
3832 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
3833 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
3834 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
3835 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
3836 if (ic->ic_opmode == IEEE80211_M_STA)
3837 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
3839 RAL_WRITE(sc, RT2860_RX_FILTR_CFG, tmp);
3841 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL,
3842 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
3848 rt2860_init(void *arg)
3850 struct rt2860_softc *sc = arg;
3851 struct ifnet *ifp = sc->sc_ifp;
3852 struct ieee80211com *ic = ifp->if_l2com;
3855 rt2860_init_locked(sc);
3858 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
3859 ieee80211_start_all(ic);
3863 rt2860_init_locked(struct rt2860_softc *sc)
3865 struct ifnet *ifp = sc->sc_ifp;
3866 struct ieee80211com *ic = ifp->if_l2com;
3869 int i, qid, ridx, ntries, error;
3871 RAL_LOCK_ASSERT(sc);
3874 /* hardware has a radio switch on GPIO pin 2 */
3875 if (!(RAL_READ(sc, RT2860_GPIO_CTRL) & (1 << 2))) {
3876 device_printf(sc->sc_dev,
3877 "radio is disabled by hardware switch\n");
3879 rt2860_stop_locked(sc);
3884 RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE);
3887 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
3889 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
3891 /* PBF hardware reset */
3892 RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
3893 RAL_BARRIER_WRITE(sc);
3894 RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
3896 if ((error = rt2860_load_microcode(sc)) != 0) {
3897 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
3898 rt2860_stop_locked(sc);
3902 rt2860_set_macaddr(sc, IF_LLADDR(ifp));
3904 /* init Tx power for all Tx rates (from EEPROM) */
3905 for (ridx = 0; ridx < 5; ridx++) {
3906 if (sc->txpow20mhz[ridx] == 0xffffffff)
3908 RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
3911 for (ntries = 0; ntries < 100; ntries++) {
3912 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
3913 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
3917 if (ntries == 100) {
3918 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
3919 rt2860_stop_locked(sc);
3923 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
3925 /* reset Rx ring and all 6 Tx rings */
3926 RAL_WRITE(sc, RT2860_WPDMA_RST_IDX, 0x1003f);
3928 /* PBF hardware reset */
3929 RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe1f);
3930 RAL_BARRIER_WRITE(sc);
3931 RAL_WRITE(sc, RT2860_SYS_CTRL, 0xe00);
3933 RAL_WRITE(sc, RT2860_PWR_PIN_CFG, RT2860_IO_RA_PE | RT2860_IO_RF_PE);
3935 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
3936 RAL_BARRIER_WRITE(sc);
3937 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
3939 for (i = 0; i < nitems(rt2860_def_mac); i++)
3940 RAL_WRITE(sc, rt2860_def_mac[i].reg, rt2860_def_mac[i].val);
3941 if (sc->mac_ver >= 0x5390)
3942 RAL_WRITE(sc, RT2860_TX_SW_CFG0, 0x00000404);
3943 else if (sc->mac_ver >= 0x3071) {
3944 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
3945 RAL_WRITE(sc, RT2860_TX_SW_CFG0,
3946 4 << RT2860_DLY_PAPE_EN_SHIFT);
3949 if (!(RAL_READ(sc, RT2860_PCI_CFG) & RT2860_PCI_CFG_PCI)) {
3950 sc->sc_flags |= RT2860_PCIE;
3951 /* PCIe has different clock cycle count than PCI */
3952 tmp = RAL_READ(sc, RT2860_US_CYC_CNT);
3953 tmp = (tmp & ~0xff) | 0x7d;
3954 RAL_WRITE(sc, RT2860_US_CYC_CNT, tmp);
3957 /* wait while MAC is busy */
3958 for (ntries = 0; ntries < 100; ntries++) {
3959 if (!(RAL_READ(sc, RT2860_MAC_STATUS_REG) &
3960 (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
3964 if (ntries == 100) {
3965 device_printf(sc->sc_dev, "timeout waiting for MAC\n");
3966 rt2860_stop_locked(sc);
3970 /* clear Host to MCU mailbox */
3971 RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
3972 RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0);
3974 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0);
3977 if ((error = rt2860_bbp_init(sc)) != 0) {
3978 rt2860_stop_locked(sc);
3982 /* clear RX WCID search table */
3983 RAL_SET_REGION_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
3984 /* clear pairwise key table */
3985 RAL_SET_REGION_4(sc, RT2860_PKEY(0), 0, 2048);
3986 /* clear IV/EIV table */
3987 RAL_SET_REGION_4(sc, RT2860_IVEIV(0), 0, 512);
3988 /* clear WCID attribute table */
3989 RAL_SET_REGION_4(sc, RT2860_WCID_ATTR(0), 0, 256);
3990 /* clear shared key table */
3991 RAL_SET_REGION_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
3992 /* clear shared key mode */
3993 RAL_SET_REGION_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
3995 /* init Tx rings (4 EDCAs + HCCA + Mgt) */
3996 for (qid = 0; qid < 6; qid++) {
3997 RAL_WRITE(sc, RT2860_TX_BASE_PTR(qid), sc->txq[qid].paddr);
3998 RAL_WRITE(sc, RT2860_TX_MAX_CNT(qid), RT2860_TX_RING_COUNT);
3999 RAL_WRITE(sc, RT2860_TX_CTX_IDX(qid), 0);
4003 RAL_WRITE(sc, RT2860_RX_BASE_PTR, sc->rxq.paddr);
4004 RAL_WRITE(sc, RT2860_RX_MAX_CNT, RT2860_RX_RING_COUNT);
4005 RAL_WRITE(sc, RT2860_RX_CALC_IDX, RT2860_RX_RING_COUNT - 1);
4007 /* setup maximum buffer sizes */
4008 RAL_WRITE(sc, RT2860_MAX_LEN_CFG, 1 << 12 |
4009 (MCLBYTES - sizeof (struct rt2860_rxwi) - 2));
4011 for (ntries = 0; ntries < 100; ntries++) {
4012 tmp = RAL_READ(sc, RT2860_WPDMA_GLO_CFG);
4013 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
4017 if (ntries == 100) {
4018 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
4019 rt2860_stop_locked(sc);
4023 RAL_WRITE(sc, RT2860_WPDMA_GLO_CFG, tmp);
4025 /* disable interrupts mitigation */
4026 RAL_WRITE(sc, RT2860_DELAY_INT_CFG, 0);
4028 /* write vendor-specific BBP values (from EEPROM) */
4029 for (i = 0; i < 8; i++) {
4030 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
4032 rt2860_mcu_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
4035 /* select Main antenna for 1T1R devices */
4036 if (sc->rf_rev == RT3070_RF_2020 ||
4037 sc->rf_rev == RT3070_RF_3020 ||
4038 sc->rf_rev == RT3070_RF_3320 ||
4039 sc->mac_ver == 0x5390)
4040 rt3090_set_rx_antenna(sc, 0);
4042 /* send LEDs operating mode to microcontroller */
4043 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0], 0);
4044 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1], 0);
4045 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2], 0);
4047 if (sc->mac_ver >= 0x5390)
4049 else if (sc->mac_ver >= 0x3071) {
4050 if ((error = rt3090_rf_init(sc)) != 0) {
4051 rt2860_stop_locked(sc);
4056 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_SLEEP, 0x02ff, 1);
4057 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_WAKEUP, 0, 1);
4059 if (sc->mac_ver >= 0x5390)
4060 rt5390_rf_wakeup(sc);
4061 else if (sc->mac_ver >= 0x3071)
4062 rt3090_rf_wakeup(sc);
4064 /* disable non-existing Rx chains */
4065 bbp3 = rt2860_mcu_bbp_read(sc, 3);
4066 bbp3 &= ~(1 << 3 | 1 << 4);
4067 if (sc->nrxchains == 2)
4069 else if (sc->nrxchains == 3)
4071 rt2860_mcu_bbp_write(sc, 3, bbp3);
4073 /* disable non-existing Tx chains */
4074 bbp1 = rt2860_mcu_bbp_read(sc, 1);
4075 if (sc->ntxchains == 1)
4076 bbp1 = (bbp1 & ~(1 << 3 | 1 << 4));
4077 else if (sc->mac_ver == 0x3593 && sc->ntxchains == 2)
4078 bbp1 = (bbp1 & ~(1 << 4)) | 1 << 3;
4079 else if (sc->mac_ver == 0x3593 && sc->ntxchains == 3)
4080 bbp1 = (bbp1 & ~(1 << 3)) | 1 << 4;
4081 rt2860_mcu_bbp_write(sc, 1, bbp1);
4083 if (sc->mac_ver >= 0x3071)
4084 rt3090_rf_setup(sc);
4086 /* select default channel */
4087 rt2860_switch_chan(sc, ic->ic_curchan);
4089 /* reset RF from MCU */
4090 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0, 0);
4092 /* set RTS threshold */
4093 tmp = RAL_READ(sc, RT2860_TX_RTS_CFG);
4095 tmp |= IEEE80211_RTS_DEFAULT << 8;
4096 RAL_WRITE(sc, RT2860_TX_RTS_CFG, tmp);
4098 /* setup initial protection mode */
4099 rt2860_updateprot(ifp);
4101 /* turn radio LED on */
4102 rt2860_set_leds(sc, RT2860_LED_RADIO);
4104 /* enable Tx/Rx DMA engine */
4105 if ((error = rt2860_txrx_enable(sc)) != 0) {
4106 rt2860_stop_locked(sc);
4110 /* clear pending interrupts */
4111 RAL_WRITE(sc, RT2860_INT_STATUS, 0xffffffff);
4112 /* enable interrupts */
4113 RAL_WRITE(sc, RT2860_INT_MASK, 0x3fffc);
4115 if (sc->sc_flags & RT2860_ADVANCED_PS)
4116 rt2860_mcu_cmd(sc, RT2860_MCU_CMD_PSLEVEL, sc->pslevel, 0);
4118 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
4119 ifp->if_drv_flags |= IFF_DRV_RUNNING;
4121 callout_reset(&sc->watchdog_ch, hz, rt2860_watchdog, sc);
4125 rt2860_stop(void *arg)
4127 struct rt2860_softc *sc = arg;
4130 rt2860_stop_locked(sc);
4135 rt2860_stop_locked(struct rt2860_softc *sc)
4137 struct ifnet *ifp = sc->sc_ifp;
4141 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
4142 rt2860_set_leds(sc, 0); /* turn all LEDs off */
4144 callout_stop(&sc->watchdog_ch);
4145 sc->sc_tx_timer = 0;
4146 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
4148 /* disable interrupts */
4149 RAL_WRITE(sc, RT2860_INT_MASK, 0);
4151 /* disable GP timer */
4152 rt2860_set_gp_timer(sc, 0);
4155 tmp = RAL_READ(sc, RT2860_MAC_SYS_CTRL);
4156 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
4157 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, tmp);
4160 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
4161 RAL_BARRIER_WRITE(sc);
4162 RAL_WRITE(sc, RT2860_MAC_SYS_CTRL, 0);
4164 /* reset Tx and Rx rings (and reclaim TXWIs) */
4166 for (qid = 0; qid < 6; qid++)
4167 rt2860_reset_tx_ring(sc, &sc->txq[qid]);
4168 rt2860_reset_rx_ring(sc, &sc->rxq);
4172 rt2860_load_microcode(struct rt2860_softc *sc)
4174 const struct firmware *fp;
4177 RAL_LOCK_ASSERT(sc);
4180 fp = firmware_get("rt2860fw");
4183 device_printf(sc->sc_dev,
4184 "unable to receive rt2860fw firmware image\n");
4188 /* set "host program ram write selection" bit */
4189 RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_HST_PM_SEL);
4190 /* write microcode image */
4191 RAL_WRITE_REGION_1(sc, RT2860_FW_BASE, fp->data, fp->datasize);
4192 /* kick microcontroller unit */
4193 RAL_WRITE(sc, RT2860_SYS_CTRL, 0);
4194 RAL_BARRIER_WRITE(sc);
4195 RAL_WRITE(sc, RT2860_SYS_CTRL, RT2860_MCU_RESET);
4197 RAL_WRITE(sc, RT2860_H2M_BBPAGENT, 0);
4198 RAL_WRITE(sc, RT2860_H2M_MAILBOX, 0);
4200 /* wait until microcontroller is ready */
4201 RAL_BARRIER_READ_WRITE(sc);
4202 for (ntries = 0; ntries < 1000; ntries++) {
4203 if (RAL_READ(sc, RT2860_SYS_CTRL) & RT2860_MCU_READY)
4207 if (ntries == 1000) {
4208 device_printf(sc->sc_dev,
4209 "timeout waiting for MCU to initialize\n");
4214 firmware_put(fp, FIRMWARE_UNLOAD);
4219 * This function is called periodically to adjust Tx power based on
4220 * temperature variation.
4224 rt2860_calib(struct rt2860_softc *sc)
4226 struct ieee80211com *ic = &sc->sc_ic;
4227 const uint8_t *tssi;
4228 uint8_t step, bbp49;
4231 /* read current temperature */
4232 bbp49 = rt2860_mcu_bbp_read(sc, 49);
4234 if (IEEE80211_IS_CHAN_2GHZ(ic->ic_bss->ni_chan)) {
4235 tssi = &sc->tssi_2ghz[4];
4236 step = sc->step_2ghz;
4238 tssi = &sc->tssi_5ghz[4];
4239 step = sc->step_5ghz;
4242 if (bbp49 < tssi[0]) { /* lower than reference */
4243 /* use higher Tx power than default */
4244 for (d = 0; d > -4 && bbp49 <= tssi[d - 1]; d--);
4245 } else if (bbp49 > tssi[0]) { /* greater than reference */
4246 /* use lower Tx power than default */
4247 for (d = 0; d < +4 && bbp49 >= tssi[d + 1]; d++);
4249 /* use default Tx power */
4254 DPRINTF(("BBP49=0x%02x, adjusting Tx power by %d\n", bbp49, d));
4256 /* write adjusted Tx power values for each Tx rate */
4257 for (ridx = 0; ridx < 5; ridx++) {
4258 if (sc->txpow20mhz[ridx] == 0xffffffff)
4260 RAL_WRITE(sc, RT2860_TX_PWR_CFG(ridx),
4261 b4inc(sc->txpow20mhz[ridx], d));
4267 rt3090_set_rx_antenna(struct rt2860_softc *sc, int aux)
4272 if (sc->mac_ver == 0x5390) {
4273 rt2860_mcu_bbp_write(sc, 152,
4274 rt2860_mcu_bbp_read(sc, 152) & ~0x80);
4276 tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
4277 RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp & ~RT2860_C);
4278 tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
4279 RAL_WRITE(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4282 if (sc->mac_ver == 0x5390) {
4283 rt2860_mcu_bbp_write(sc, 152,
4284 rt2860_mcu_bbp_read(sc, 152) | 0x80);
4286 tmp = RAL_READ(sc, RT2860_PCI_EECTRL);
4287 RAL_WRITE(sc, RT2860_PCI_EECTRL, tmp | RT2860_C);
4288 tmp = RAL_READ(sc, RT2860_GPIO_CTRL);
4289 RAL_WRITE(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4295 rt2860_switch_chan(struct rt2860_softc *sc, struct ieee80211_channel *c)
4297 struct ifnet *ifp = sc->sc_ifp;
4298 struct ieee80211com *ic = ifp->if_l2com;
4301 chan = ieee80211_chan2ieee(ic, c);
4302 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4305 if (sc->mac_ver >= 0x5390)
4306 rt5390_set_chan(sc, chan);
4307 else if (sc->mac_ver >= 0x3071)
4308 rt3090_set_chan(sc, chan);
4310 rt2860_set_chan(sc, chan);
4312 /* determine channel group */
4315 else if (chan <= 64)
4317 else if (chan <= 128)
4322 /* XXX necessary only when group has changed! */
4323 if (sc->mac_ver < 0x5390)
4324 rt2860_select_chan_group(sc, group);
4330 rt2860_setup_beacon(struct rt2860_softc *sc, struct ieee80211vap *vap)
4332 struct ieee80211com *ic = vap->iv_ic;
4333 struct ieee80211_beacon_offsets bo;
4334 struct rt2860_txwi txwi;
4338 if ((m = ieee80211_beacon_alloc(vap->iv_bss, &bo)) == NULL)
4341 memset(&txwi, 0, sizeof txwi);
4343 txwi.len = htole16(m->m_pkthdr.len);
4344 /* send beacons at the lowest available rate */
4345 ridx = IEEE80211_IS_CHAN_5GHZ(ic->ic_bsschan) ?
4346 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4347 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4348 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4349 txwi.phy |= htole16(RT2860_PHY_OFDM);
4350 txwi.txop = RT2860_TX_TXOP_HT;
4351 txwi.flags = RT2860_TX_TS;
4352 txwi.xflags = RT2860_TX_NSEQ;
4354 RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0),
4355 (uint8_t *)&txwi, sizeof txwi);
4356 RAL_WRITE_REGION_1(sc, RT2860_BCN_BASE(0) + sizeof txwi,
4357 mtod(m, uint8_t *), m->m_pkthdr.len);
4365 rt2860_enable_tsf_sync(struct rt2860_softc *sc)
4367 struct ifnet *ifp = sc->sc_ifp;
4368 struct ieee80211com *ic = ifp->if_l2com;
4369 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4372 tmp = RAL_READ(sc, RT2860_BCN_TIME_CFG);
4375 tmp |= vap->iv_bss->ni_intval * 16;
4376 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
4377 if (vap->iv_opmode == IEEE80211_M_STA) {
4379 * Local TSF is always updated with remote TSF on beacon
4382 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
4384 else if (vap->iv_opmode == IEEE80211_M_IBSS ||
4385 vap->iv_opmode == IEEE80211_M_MBSS) {
4386 tmp |= RT2860_BCN_TX_EN;
4388 * Local TSF is updated with remote TSF on beacon reception
4389 * only if the remote TSF is greater than local TSF.
4391 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
4392 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
4393 tmp |= RT2860_BCN_TX_EN;
4394 /* SYNC with nobody */
4395 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
4398 RAL_WRITE(sc, RT2860_BCN_TIME_CFG, tmp);
projects / FreeBSD / FreeBSD.git / blob