2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
30 #include <sys/param.h>
31 #include <sys/eventhandler.h>
32 #include <sys/sockio.h>
33 #include <sys/sysctl.h>
35 #include <sys/mutex.h>
37 #include <sys/kernel.h>
38 #include <sys/socket.h>
39 #include <sys/systm.h>
40 #include <sys/malloc.h>
41 #include <sys/module.h>
43 #include <sys/endian.h>
44 #include <sys/linker.h>
45 #include <sys/firmware.h>
50 #include <net/if_var.h>
51 #include <net/if_arp.h>
52 #include <net/ethernet.h>
53 #include <net/if_dl.h>
54 #include <net/if_media.h>
55 #include <net/if_types.h>
57 #include <netinet/in.h>
58 #include <netinet/in_systm.h>
59 #include <netinet/in_var.h>
60 #include <netinet/if_ether.h>
61 #include <netinet/ip.h>
63 #include <net80211/ieee80211_var.h>
64 #include <net80211/ieee80211_regdomain.h>
65 #include <net80211/ieee80211_radiotap.h>
66 #include <net80211/ieee80211_ratectl.h>
67 #ifdef IEEE80211_SUPPORT_SUPERG
68 #include <net80211/ieee80211_superg.h>
71 #include <dev/usb/usb.h>
72 #include <dev/usb/usbdi.h>
75 #define USB_DEBUG_VAR run_debug
76 #include <dev/usb/usb_debug.h>
77 #include <dev/usb/usb_msctest.h>
79 #include <dev/usb/wlan/if_runreg.h>
80 #include <dev/usb/wlan/if_runvar.h>
88 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
90 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
94 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
95 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */
96 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */
97 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */
98 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */
99 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */
100 RUN_DEBUG_USB = 0x00000040, /* usb requests */
101 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */
102 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */
103 RUN_DEBUG_INTR = 0x00000200, /* ISR */
104 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */
105 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */
106 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */
107 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */
108 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */
109 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */
110 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */
111 RUN_DEBUG_CMD = 0x00020000, /* command queue */
112 RUN_DEBUG_ANY = 0xffffffff
115 #define RUN_DPRINTF(_sc, _m, ...) do { \
116 if (run_debug & (_m)) \
117 device_printf((_sc)->sc_dev, __VA_ARGS__); \
120 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0)
123 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
126 * Because of LOR in run_key_delete(), use atomic instead.
127 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
129 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
131 static const STRUCT_USB_HOST_ID run_devs[] = {
132 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
133 #define RUN_DEV_EJECT(v,p) \
134 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
136 RUN_DEV(ABOCOM, RT2770),
137 RUN_DEV(ABOCOM, RT2870),
138 RUN_DEV(ABOCOM, RT3070),
139 RUN_DEV(ABOCOM, RT3071),
140 RUN_DEV(ABOCOM, RT3072),
141 RUN_DEV(ABOCOM2, RT2870_1),
142 RUN_DEV(ACCTON, RT2770),
143 RUN_DEV(ACCTON, RT2870_1),
144 RUN_DEV(ACCTON, RT2870_2),
145 RUN_DEV(ACCTON, RT2870_3),
146 RUN_DEV(ACCTON, RT2870_4),
147 RUN_DEV(ACCTON, RT2870_5),
148 RUN_DEV(ACCTON, RT3070),
149 RUN_DEV(ACCTON, RT3070_1),
150 RUN_DEV(ACCTON, RT3070_2),
151 RUN_DEV(ACCTON, RT3070_3),
152 RUN_DEV(ACCTON, RT3070_4),
153 RUN_DEV(ACCTON, RT3070_5),
154 RUN_DEV(AIRTIES, RT3070),
155 RUN_DEV(ALLWIN, RT2070),
156 RUN_DEV(ALLWIN, RT2770),
157 RUN_DEV(ALLWIN, RT2870),
158 RUN_DEV(ALLWIN, RT3070),
159 RUN_DEV(ALLWIN, RT3071),
160 RUN_DEV(ALLWIN, RT3072),
161 RUN_DEV(ALLWIN, RT3572),
162 RUN_DEV(AMIGO, RT2870_1),
163 RUN_DEV(AMIGO, RT2870_2),
164 RUN_DEV(AMIT, CGWLUSB2GNR),
165 RUN_DEV(AMIT, RT2870_1),
166 RUN_DEV(AMIT2, RT2870),
167 RUN_DEV(ASUS, RT2870_1),
168 RUN_DEV(ASUS, RT2870_2),
169 RUN_DEV(ASUS, RT2870_3),
170 RUN_DEV(ASUS, RT2870_4),
171 RUN_DEV(ASUS, RT2870_5),
172 RUN_DEV(ASUS, USBN13),
173 RUN_DEV(ASUS, RT3070_1),
174 RUN_DEV(ASUS, USBN66),
175 RUN_DEV(ASUS, USB_N53),
176 RUN_DEV(ASUS2, USBN11),
177 RUN_DEV(AZUREWAVE, RT2870_1),
178 RUN_DEV(AZUREWAVE, RT2870_2),
179 RUN_DEV(AZUREWAVE, RT3070_1),
180 RUN_DEV(AZUREWAVE, RT3070_2),
181 RUN_DEV(AZUREWAVE, RT3070_3),
182 RUN_DEV(BELKIN, F9L1103),
183 RUN_DEV(BELKIN, F5D8053V3),
184 RUN_DEV(BELKIN, F5D8055),
185 RUN_DEV(BELKIN, F5D8055V2),
186 RUN_DEV(BELKIN, F6D4050V1),
187 RUN_DEV(BELKIN, F6D4050V2),
188 RUN_DEV(BELKIN, RT2870_1),
189 RUN_DEV(BELKIN, RT2870_2),
190 RUN_DEV(CISCOLINKSYS, AE1000),
191 RUN_DEV(CISCOLINKSYS2, RT3070),
192 RUN_DEV(CISCOLINKSYS3, RT3070),
193 RUN_DEV(CONCEPTRONIC2, RT2870_1),
194 RUN_DEV(CONCEPTRONIC2, RT2870_2),
195 RUN_DEV(CONCEPTRONIC2, RT2870_3),
196 RUN_DEV(CONCEPTRONIC2, RT2870_4),
197 RUN_DEV(CONCEPTRONIC2, RT2870_5),
198 RUN_DEV(CONCEPTRONIC2, RT2870_6),
199 RUN_DEV(CONCEPTRONIC2, RT2870_7),
200 RUN_DEV(CONCEPTRONIC2, RT2870_8),
201 RUN_DEV(CONCEPTRONIC2, RT3070_1),
202 RUN_DEV(CONCEPTRONIC2, RT3070_2),
203 RUN_DEV(CONCEPTRONIC2, VIGORN61),
204 RUN_DEV(COREGA, CGWLUSB300GNM),
205 RUN_DEV(COREGA, RT2870_1),
206 RUN_DEV(COREGA, RT2870_2),
207 RUN_DEV(COREGA, RT2870_3),
208 RUN_DEV(COREGA, RT3070),
209 RUN_DEV(CYBERTAN, RT2870),
210 RUN_DEV(DLINK, RT2870),
211 RUN_DEV(DLINK, RT3072),
212 RUN_DEV(DLINK, DWA125A3),
213 RUN_DEV(DLINK, DWA127),
214 RUN_DEV(DLINK, DWA140B3),
215 RUN_DEV(DLINK, DWA160B2),
216 RUN_DEV(DLINK, DWA140D1),
217 RUN_DEV(DLINK, DWA162),
218 RUN_DEV(DLINK2, DWA130),
219 RUN_DEV(DLINK2, RT2870_1),
220 RUN_DEV(DLINK2, RT2870_2),
221 RUN_DEV(DLINK2, RT3070_1),
222 RUN_DEV(DLINK2, RT3070_2),
223 RUN_DEV(DLINK2, RT3070_3),
224 RUN_DEV(DLINK2, RT3070_4),
225 RUN_DEV(DLINK2, RT3070_5),
226 RUN_DEV(DLINK2, RT3072),
227 RUN_DEV(DLINK2, RT3072_1),
228 RUN_DEV(EDIMAX, EW7717),
229 RUN_DEV(EDIMAX, EW7718),
230 RUN_DEV(EDIMAX, EW7733UND),
231 RUN_DEV(EDIMAX, RT2870_1),
232 RUN_DEV(ENCORE, RT3070_1),
233 RUN_DEV(ENCORE, RT3070_2),
234 RUN_DEV(ENCORE, RT3070_3),
235 RUN_DEV(GIGABYTE, GNWB31N),
236 RUN_DEV(GIGABYTE, GNWB32L),
237 RUN_DEV(GIGABYTE, RT2870_1),
238 RUN_DEV(GIGASET, RT3070_1),
239 RUN_DEV(GIGASET, RT3070_2),
240 RUN_DEV(GUILLEMOT, HWNU300),
241 RUN_DEV(HAWKING, HWUN2),
242 RUN_DEV(HAWKING, RT2870_1),
243 RUN_DEV(HAWKING, RT2870_2),
244 RUN_DEV(HAWKING, RT3070),
245 RUN_DEV(IODATA, RT3072_1),
246 RUN_DEV(IODATA, RT3072_2),
247 RUN_DEV(IODATA, RT3072_3),
248 RUN_DEV(IODATA, RT3072_4),
249 RUN_DEV(LINKSYS4, RT3070),
250 RUN_DEV(LINKSYS4, WUSB100),
251 RUN_DEV(LINKSYS4, WUSB54GCV3),
252 RUN_DEV(LINKSYS4, WUSB600N),
253 RUN_DEV(LINKSYS4, WUSB600NV2),
254 RUN_DEV(LOGITEC, RT2870_1),
255 RUN_DEV(LOGITEC, RT2870_2),
256 RUN_DEV(LOGITEC, RT2870_3),
257 RUN_DEV(LOGITEC, LANW300NU2),
258 RUN_DEV(LOGITEC, LANW150NU2),
259 RUN_DEV(LOGITEC, LANW300NU2S),
260 RUN_DEV(MELCO, WLIUCG300HP),
261 RUN_DEV(MELCO, RT2870_2),
262 RUN_DEV(MELCO, WLIUCAG300N),
263 RUN_DEV(MELCO, WLIUCG300N),
264 RUN_DEV(MELCO, WLIUCG301N),
265 RUN_DEV(MELCO, WLIUCGN),
266 RUN_DEV(MELCO, WLIUCGNM),
267 RUN_DEV(MELCO, WLIUCG300HPV1),
268 RUN_DEV(MELCO, WLIUCGNM2),
269 RUN_DEV(MOTOROLA4, RT2770),
270 RUN_DEV(MOTOROLA4, RT3070),
271 RUN_DEV(MSI, RT3070_1),
272 RUN_DEV(MSI, RT3070_2),
273 RUN_DEV(MSI, RT3070_3),
274 RUN_DEV(MSI, RT3070_4),
275 RUN_DEV(MSI, RT3070_5),
276 RUN_DEV(MSI, RT3070_6),
277 RUN_DEV(MSI, RT3070_7),
278 RUN_DEV(MSI, RT3070_8),
279 RUN_DEV(MSI, RT3070_9),
280 RUN_DEV(MSI, RT3070_10),
281 RUN_DEV(MSI, RT3070_11),
282 RUN_DEV(NETGEAR, WNDA4100),
283 RUN_DEV(OVISLINK, RT3072),
284 RUN_DEV(PARA, RT3070),
285 RUN_DEV(PEGATRON, RT2870),
286 RUN_DEV(PEGATRON, RT3070),
287 RUN_DEV(PEGATRON, RT3070_2),
288 RUN_DEV(PEGATRON, RT3070_3),
289 RUN_DEV(PHILIPS, RT2870),
290 RUN_DEV(PLANEX2, GWUS300MINIS),
291 RUN_DEV(PLANEX2, GWUSMICRON),
292 RUN_DEV(PLANEX2, RT2870),
293 RUN_DEV(PLANEX2, RT3070),
294 RUN_DEV(QCOM, RT2870),
295 RUN_DEV(QUANTA, RT3070),
296 RUN_DEV(RALINK, RT2070),
297 RUN_DEV(RALINK, RT2770),
298 RUN_DEV(RALINK, RT2870),
299 RUN_DEV(RALINK, RT3070),
300 RUN_DEV(RALINK, RT3071),
301 RUN_DEV(RALINK, RT3072),
302 RUN_DEV(RALINK, RT3370),
303 RUN_DEV(RALINK, RT3572),
304 RUN_DEV(RALINK, RT3573),
305 RUN_DEV(RALINK, RT5370),
306 RUN_DEV(RALINK, RT5372),
307 RUN_DEV(RALINK, RT5572),
308 RUN_DEV(RALINK, RT8070),
309 RUN_DEV(SAMSUNG, WIS09ABGN),
310 RUN_DEV(SAMSUNG2, RT2870_1),
311 RUN_DEV(SENAO, RT2870_1),
312 RUN_DEV(SENAO, RT2870_2),
313 RUN_DEV(SENAO, RT2870_3),
314 RUN_DEV(SENAO, RT2870_4),
315 RUN_DEV(SENAO, RT3070),
316 RUN_DEV(SENAO, RT3071),
317 RUN_DEV(SENAO, RT3072_1),
318 RUN_DEV(SENAO, RT3072_2),
319 RUN_DEV(SENAO, RT3072_3),
320 RUN_DEV(SENAO, RT3072_4),
321 RUN_DEV(SENAO, RT3072_5),
322 RUN_DEV(SITECOMEU, RT2770),
323 RUN_DEV(SITECOMEU, RT2870_1),
324 RUN_DEV(SITECOMEU, RT2870_2),
325 RUN_DEV(SITECOMEU, RT2870_3),
326 RUN_DEV(SITECOMEU, RT2870_4),
327 RUN_DEV(SITECOMEU, RT3070),
328 RUN_DEV(SITECOMEU, RT3070_2),
329 RUN_DEV(SITECOMEU, RT3070_3),
330 RUN_DEV(SITECOMEU, RT3070_4),
331 RUN_DEV(SITECOMEU, RT3071),
332 RUN_DEV(SITECOMEU, RT3072_1),
333 RUN_DEV(SITECOMEU, RT3072_2),
334 RUN_DEV(SITECOMEU, RT3072_3),
335 RUN_DEV(SITECOMEU, RT3072_4),
336 RUN_DEV(SITECOMEU, RT3072_5),
337 RUN_DEV(SITECOMEU, RT3072_6),
338 RUN_DEV(SITECOMEU, WL608),
339 RUN_DEV(SPARKLAN, RT2870_1),
340 RUN_DEV(SPARKLAN, RT3070),
341 RUN_DEV(SWEEX2, LW153),
342 RUN_DEV(SWEEX2, LW303),
343 RUN_DEV(SWEEX2, LW313),
344 RUN_DEV(TOSHIBA, RT3070),
345 RUN_DEV(UMEDIA, RT2870_1),
346 RUN_DEV(ZCOM, RT2870_1),
347 RUN_DEV(ZCOM, RT2870_2),
348 RUN_DEV(ZINWELL, RT2870_1),
349 RUN_DEV(ZINWELL, RT2870_2),
350 RUN_DEV(ZINWELL, RT3070),
351 RUN_DEV(ZINWELL, RT3072_1),
352 RUN_DEV(ZINWELL, RT3072_2),
353 RUN_DEV(ZYXEL, RT2870_1),
354 RUN_DEV(ZYXEL, RT2870_2),
355 RUN_DEV(ZYXEL, RT3070),
356 RUN_DEV_EJECT(ZYXEL, NWD2705),
357 RUN_DEV_EJECT(RALINK, RT_STOR),
362 static device_probe_t run_match;
363 static device_attach_t run_attach;
364 static device_detach_t run_detach;
366 static usb_callback_t run_bulk_rx_callback;
367 static usb_callback_t run_bulk_tx_callback0;
368 static usb_callback_t run_bulk_tx_callback1;
369 static usb_callback_t run_bulk_tx_callback2;
370 static usb_callback_t run_bulk_tx_callback3;
371 static usb_callback_t run_bulk_tx_callback4;
372 static usb_callback_t run_bulk_tx_callback5;
374 static void run_autoinst(void *, struct usb_device *,
375 struct usb_attach_arg *);
376 static int run_driver_loaded(struct module *, int, void *);
377 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
378 usb_error_t error, u_int index);
379 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
380 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
381 const uint8_t [IEEE80211_ADDR_LEN],
382 const uint8_t [IEEE80211_ADDR_LEN]);
383 static void run_vap_delete(struct ieee80211vap *);
384 static void run_cmdq_cb(void *, int);
385 static void run_setup_tx_list(struct run_softc *,
386 struct run_endpoint_queue *);
387 static void run_unsetup_tx_list(struct run_softc *,
388 struct run_endpoint_queue *);
389 static int run_load_microcode(struct run_softc *);
390 static int run_reset(struct run_softc *);
391 static usb_error_t run_do_request(struct run_softc *,
392 struct usb_device_request *, void *);
393 static int run_read(struct run_softc *, uint16_t, uint32_t *);
394 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
395 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
396 static int run_write(struct run_softc *, uint16_t, uint32_t);
397 static int run_write_region_1(struct run_softc *, uint16_t,
398 const uint8_t *, int);
399 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
400 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
401 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
402 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
403 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
404 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
405 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
406 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
407 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
408 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
409 static const char *run_get_rf(uint16_t);
410 static void run_rt3593_get_txpower(struct run_softc *);
411 static void run_get_txpower(struct run_softc *);
412 static int run_read_eeprom(struct run_softc *);
413 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
414 const uint8_t mac[IEEE80211_ADDR_LEN]);
415 static int run_media_change(struct ifnet *);
416 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
417 static int run_wme_update(struct ieee80211com *);
418 static void run_key_set_cb(void *);
419 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
420 static void run_key_delete_cb(void *);
421 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
422 static void run_ratectl_to(void *);
423 static void run_ratectl_cb(void *, int);
424 static void run_drain_fifo(void *);
425 static void run_iter_func(void *, struct ieee80211_node *);
426 static void run_newassoc_cb(void *);
427 static void run_newassoc(struct ieee80211_node *, int);
428 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
429 const struct ieee80211_rx_stats *, int, int);
430 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
431 static void run_tx_free(struct run_endpoint_queue *pq,
432 struct run_tx_data *, int);
433 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
434 static int run_tx(struct run_softc *, struct mbuf *,
435 struct ieee80211_node *);
436 static int run_tx_mgt(struct run_softc *, struct mbuf *,
437 struct ieee80211_node *);
438 static int run_sendprot(struct run_softc *, const struct mbuf *,
439 struct ieee80211_node *, int, int);
440 static int run_tx_param(struct run_softc *, struct mbuf *,
441 struct ieee80211_node *,
442 const struct ieee80211_bpf_params *);
443 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
444 const struct ieee80211_bpf_params *);
445 static int run_transmit(struct ieee80211com *, struct mbuf *);
446 static void run_start(struct run_softc *);
447 static void run_parent(struct ieee80211com *);
448 static void run_iq_calib(struct run_softc *, u_int);
449 static void run_set_agc(struct run_softc *, uint8_t);
450 static void run_select_chan_group(struct run_softc *, int);
451 static void run_set_rx_antenna(struct run_softc *, int);
452 static void run_rt2870_set_chan(struct run_softc *, u_int);
453 static void run_rt3070_set_chan(struct run_softc *, u_int);
454 static void run_rt3572_set_chan(struct run_softc *, u_int);
455 static void run_rt3593_set_chan(struct run_softc *, u_int);
456 static void run_rt5390_set_chan(struct run_softc *, u_int);
457 static void run_rt5592_set_chan(struct run_softc *, u_int);
458 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
459 static void run_set_channel(struct ieee80211com *);
460 static void run_getradiocaps(struct ieee80211com *, int, int *,
461 struct ieee80211_channel[]);
462 static void run_scan_start(struct ieee80211com *);
463 static void run_scan_end(struct ieee80211com *);
464 static void run_update_beacon(struct ieee80211vap *, int);
465 static void run_update_beacon_cb(void *);
466 static void run_updateprot(struct ieee80211com *);
467 static void run_updateprot_cb(void *);
468 static void run_usb_timeout_cb(void *);
469 static void run_reset_livelock(struct run_softc *);
470 static void run_enable_tsf_sync(struct run_softc *);
471 static void run_enable_tsf(struct run_softc *);
472 static void run_disable_tsf(struct run_softc *);
473 static void run_get_tsf(struct run_softc *, uint64_t *);
474 static void run_enable_mrr(struct run_softc *);
475 static void run_set_txpreamble(struct run_softc *);
476 static void run_set_basicrates(struct run_softc *);
477 static void run_set_leds(struct run_softc *, uint16_t);
478 static void run_set_bssid(struct run_softc *, const uint8_t *);
479 static void run_set_macaddr(struct run_softc *, const uint8_t *);
480 static void run_updateslot(struct ieee80211com *);
481 static void run_updateslot_cb(void *);
482 static void run_update_mcast(struct ieee80211com *);
483 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
484 static void run_update_promisc_locked(struct run_softc *);
485 static void run_update_promisc(struct ieee80211com *);
486 static void run_rt5390_bbp_init(struct run_softc *);
487 static int run_bbp_init(struct run_softc *);
488 static int run_rt3070_rf_init(struct run_softc *);
489 static void run_rt3593_rf_init(struct run_softc *);
490 static void run_rt5390_rf_init(struct run_softc *);
491 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
493 static void run_rt3070_rf_setup(struct run_softc *);
494 static void run_rt3593_rf_setup(struct run_softc *);
495 static void run_rt5390_rf_setup(struct run_softc *);
496 static int run_txrx_enable(struct run_softc *);
497 static void run_adjust_freq_offset(struct run_softc *);
498 static void run_init_locked(struct run_softc *);
499 static void run_stop(void *);
500 static void run_delay(struct run_softc *, u_int);
501 static void run_update_chw(struct ieee80211com *ic);
502 static int run_ampdu_enable(struct ieee80211_node *ni,
503 struct ieee80211_tx_ampdu *tap);
505 static eventhandler_tag run_etag;
507 static const struct rt2860_rate {
510 enum ieee80211_phytype phy;
515 /* CCK rates (11b) */
516 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
517 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
518 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
519 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
521 /* OFDM rates (11a / 11g) */
522 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
523 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
524 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
525 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
526 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
527 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
528 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
529 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 },
531 /* MCS - single stream */
532 { 0x80, 0, IEEE80211_T_HT, 4, 60, 60 },
533 { 0x81, 1, IEEE80211_T_HT, 4, 60, 60 },
534 { 0x82, 2, IEEE80211_T_HT, 4, 60, 60 },
535 { 0x83, 3, IEEE80211_T_HT, 4, 60, 60 },
536 { 0x84, 4, IEEE80211_T_HT, 4, 60, 60 },
537 { 0x85, 5, IEEE80211_T_HT, 4, 60, 60 },
538 { 0x86, 6, IEEE80211_T_HT, 4, 60, 60 },
539 { 0x87, 7, IEEE80211_T_HT, 4, 60, 60 },
541 /* MCS - 2 streams */
542 { 0x88, 8, IEEE80211_T_HT, 4, 60, 60 },
543 { 0x89, 9, IEEE80211_T_HT, 4, 60, 60 },
544 { 0x8a, 10, IEEE80211_T_HT, 4, 60, 60 },
545 { 0x8b, 11, IEEE80211_T_HT, 4, 60, 60 },
546 { 0x8c, 12, IEEE80211_T_HT, 4, 60, 60 },
547 { 0x8d, 13, IEEE80211_T_HT, 4, 60, 60 },
548 { 0x8e, 14, IEEE80211_T_HT, 4, 60, 60 },
549 { 0x8f, 15, IEEE80211_T_HT, 4, 60, 60 },
551 /* MCS - 3 streams */
552 { 0x90, 16, IEEE80211_T_HT, 4, 60, 60 },
553 { 0x91, 17, IEEE80211_T_HT, 4, 60, 60 },
554 { 0x92, 18, IEEE80211_T_HT, 4, 60, 60 },
555 { 0x93, 19, IEEE80211_T_HT, 4, 60, 60 },
556 { 0x94, 20, IEEE80211_T_HT, 4, 60, 60 },
557 { 0x95, 21, IEEE80211_T_HT, 4, 60, 60 },
558 { 0x96, 22, IEEE80211_T_HT, 4, 60, 60 },
559 { 0x97, 23, IEEE80211_T_HT, 4, 60, 60 },
562 /* These are indexes into the above rt2860_rates[] array */
563 #define RT2860_RIDX_CCK1 0
564 #define RT2860_RIDX_CCK11 3
565 #define RT2860_RIDX_OFDM6 4
566 #define RT2860_RIDX_MCS0 12
567 #define RT2860_RIDX_MAX 36
569 static const struct {
572 } rt2870_def_mac[] = {
576 static const struct {
579 } rt2860_def_bbp[] = {
581 },rt5390_def_bbp[] = {
583 },rt5592_def_bbp[] = {
588 * Default values for BBP register R196 for RT5592.
590 static const uint8_t rt5592_bbp_r196[] = {
591 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
592 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
593 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
594 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
595 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
596 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
597 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
598 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
599 0x2e, 0x36, 0x30, 0x6e
602 static const struct rfprog {
604 uint32_t r1, r2, r3, r4;
605 } rt2860_rf2850[] = {
615 static const struct rt5592_freqs {
618 } rt5592_freqs_20mhz[] = {
620 },rt5592_freqs_40mhz[] = {
624 static const struct {
627 } rt3070_def_rf[] = {
629 },rt3572_def_rf[] = {
631 },rt3593_def_rf[] = {
633 },rt5390_def_rf[] = {
635 },rt5392_def_rf[] = {
637 },rt5592_def_rf[] = {
639 },rt5592_2ghz_def_rf[] = {
641 },rt5592_5ghz_def_rf[] = {
645 static const struct {
650 } rt5592_chan_5ghz[] = {
654 static const struct usb_config run_config[RUN_N_XFER] = {
657 .endpoint = UE_ADDR_ANY,
659 .direction = UE_DIR_OUT,
660 .bufsize = RUN_MAX_TXSZ,
661 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
662 .callback = run_bulk_tx_callback0,
663 .timeout = 5000, /* ms */
667 .endpoint = UE_ADDR_ANY,
668 .direction = UE_DIR_OUT,
670 .bufsize = RUN_MAX_TXSZ,
671 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
672 .callback = run_bulk_tx_callback1,
673 .timeout = 5000, /* ms */
677 .endpoint = UE_ADDR_ANY,
678 .direction = UE_DIR_OUT,
680 .bufsize = RUN_MAX_TXSZ,
681 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
682 .callback = run_bulk_tx_callback2,
683 .timeout = 5000, /* ms */
687 .endpoint = UE_ADDR_ANY,
688 .direction = UE_DIR_OUT,
690 .bufsize = RUN_MAX_TXSZ,
691 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
692 .callback = run_bulk_tx_callback3,
693 .timeout = 5000, /* ms */
695 [RUN_BULK_TX_HCCA] = {
697 .endpoint = UE_ADDR_ANY,
698 .direction = UE_DIR_OUT,
700 .bufsize = RUN_MAX_TXSZ,
701 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
702 .callback = run_bulk_tx_callback4,
703 .timeout = 5000, /* ms */
705 [RUN_BULK_TX_PRIO] = {
707 .endpoint = UE_ADDR_ANY,
708 .direction = UE_DIR_OUT,
710 .bufsize = RUN_MAX_TXSZ,
711 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
712 .callback = run_bulk_tx_callback5,
713 .timeout = 5000, /* ms */
717 .endpoint = UE_ADDR_ANY,
718 .direction = UE_DIR_IN,
719 .bufsize = RUN_MAX_RXSZ,
720 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
721 .callback = run_bulk_rx_callback,
726 run_autoinst(void *arg, struct usb_device *udev,
727 struct usb_attach_arg *uaa)
729 struct usb_interface *iface;
730 struct usb_interface_descriptor *id;
732 if (uaa->dev_state != UAA_DEV_READY)
735 iface = usbd_get_iface(udev, 0);
739 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
741 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
744 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
745 uaa->dev_state = UAA_DEV_EJECTING;
749 run_driver_loaded(struct module *mod, int what, void *arg)
753 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
754 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
757 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
766 run_match(device_t self)
768 struct usb_attach_arg *uaa = device_get_ivars(self);
770 if (uaa->usb_mode != USB_MODE_HOST)
772 if (uaa->info.bConfigIndex != 0)
774 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
777 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
781 run_attach(device_t self)
783 struct run_softc *sc = device_get_softc(self);
784 struct usb_attach_arg *uaa = device_get_ivars(self);
785 struct ieee80211com *ic = &sc->sc_ic;
790 device_set_usb_desc(self);
791 sc->sc_udev = uaa->device;
793 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
794 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
796 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
797 MTX_NETWORK_LOCK, MTX_DEF);
798 mbufq_init(&sc->sc_snd, ifqmaxlen);
800 iface_index = RT2860_IFACE_INDEX;
802 error = usbd_transfer_setup(uaa->device, &iface_index,
803 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
805 device_printf(self, "could not allocate USB transfers, "
806 "err=%s\n", usbd_errstr(error));
812 /* wait for the chip to settle */
813 for (ntries = 0; ntries < 100; ntries++) {
814 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
818 if (ver != 0 && ver != 0xffffffff)
823 device_printf(sc->sc_dev,
824 "timeout waiting for NIC to initialize\n");
828 sc->mac_ver = ver >> 16;
829 sc->mac_rev = ver & 0xffff;
831 /* retrieve RF rev. no and various other things from EEPROM */
834 device_printf(sc->sc_dev,
835 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
836 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
837 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
842 ic->ic_name = device_get_nameunit(self);
843 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
844 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
846 /* set device capabilities */
848 IEEE80211_C_STA | /* station mode supported */
849 IEEE80211_C_MONITOR | /* monitor mode supported */
852 IEEE80211_C_WDS | /* 4-address traffic works */
854 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
855 IEEE80211_C_SHSLOT | /* short slot time supported */
856 IEEE80211_C_SWAMSDUTX | /* Do software A-MSDU TX */
857 IEEE80211_C_FF | /* Atheros fast-frames */
858 IEEE80211_C_WME | /* WME */
859 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
862 * RF2020 is not an 11n device.
864 if (sc->rf_rev != RT3070_RF_2020) {
865 device_printf(sc->sc_dev, "[HT] Enabling 802.11n\n");
868 IEEE80211_HTC_AMPDU |
869 IEEE80211_HTC_AMSDU |
870 IEEE80211_HTCAP_MAXAMSDU_3839 |
871 IEEE80211_HTCAP_SMPS_OFF;
873 ic->ic_rxstream = sc->nrxchains;
874 ic->ic_txstream = sc->ntxchains;
878 IEEE80211_CRYPTO_WEP |
879 IEEE80211_CRYPTO_AES_CCM |
880 IEEE80211_CRYPTO_TKIPMIC |
881 IEEE80211_CRYPTO_TKIP;
883 ic->ic_flags |= IEEE80211_F_DATAPAD;
884 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
886 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
889 ieee80211_ifattach(ic);
891 ic->ic_scan_start = run_scan_start;
892 ic->ic_scan_end = run_scan_end;
893 ic->ic_set_channel = run_set_channel;
894 ic->ic_getradiocaps = run_getradiocaps;
895 ic->ic_node_alloc = run_node_alloc;
896 ic->ic_newassoc = run_newassoc;
897 ic->ic_updateslot = run_updateslot;
898 ic->ic_update_mcast = run_update_mcast;
899 ic->ic_wme.wme_update = run_wme_update;
900 ic->ic_raw_xmit = run_raw_xmit;
901 ic->ic_update_promisc = run_update_promisc;
902 ic->ic_vap_create = run_vap_create;
903 ic->ic_vap_delete = run_vap_delete;
904 ic->ic_transmit = run_transmit;
905 ic->ic_parent = run_parent;
906 ic->ic_update_chw = run_update_chw;
907 ic->ic_ampdu_enable = run_ampdu_enable;
909 ieee80211_radiotap_attach(ic,
910 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
911 RUN_TX_RADIOTAP_PRESENT,
912 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
913 RUN_RX_RADIOTAP_PRESENT);
915 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
916 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
917 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
920 ieee80211_announce(ic);
930 run_drain_mbufq(struct run_softc *sc)
933 struct ieee80211_node *ni;
935 RUN_LOCK_ASSERT(sc, MA_OWNED);
936 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
937 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
938 m->m_pkthdr.rcvif = NULL;
939 ieee80211_free_node(ni);
945 run_detach(device_t self)
947 struct run_softc *sc = device_get_softc(self);
948 struct ieee80211com *ic = &sc->sc_ic;
955 /* stop all USB transfers */
956 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
959 sc->ratectl_run = RUN_RATECTL_OFF;
960 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
962 /* free TX list, if any */
963 for (i = 0; i != RUN_EP_QUEUES; i++)
964 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
970 if (sc->sc_ic.ic_softc == sc) {
972 usb_callout_drain(&sc->ratectl_ch);
973 ieee80211_draintask(ic, &sc->cmdq_task);
974 ieee80211_draintask(ic, &sc->ratectl_task);
975 ieee80211_ifdetach(ic);
978 mtx_destroy(&sc->sc_mtx);
983 static struct ieee80211vap *
984 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
985 enum ieee80211_opmode opmode, int flags,
986 const uint8_t bssid[IEEE80211_ADDR_LEN],
987 const uint8_t mac[IEEE80211_ADDR_LEN])
989 struct run_softc *sc = ic->ic_softc;
991 struct ieee80211vap *vap;
994 if (sc->rvp_cnt >= RUN_VAP_MAX) {
995 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
1000 case IEEE80211_M_STA:
1001 /* enable s/w bmiss handling for sta mode */
1002 flags |= IEEE80211_CLONE_NOBEACONS;
1004 case IEEE80211_M_IBSS:
1005 case IEEE80211_M_MONITOR:
1006 case IEEE80211_M_HOSTAP:
1007 case IEEE80211_M_MBSS:
1008 /* other than WDS vaps, only one at a time */
1009 if (!TAILQ_EMPTY(&ic->ic_vaps))
1012 case IEEE80211_M_WDS:
1013 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
1014 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
1016 /* WDS vap's always share the local mac address. */
1017 flags &= ~IEEE80211_CLONE_BSSID;
1021 device_printf(sc->sc_dev,
1022 "wds only supported in ap mode\n");
1027 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
1031 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
1034 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
1037 free(rvp, M_80211_VAP);
1041 vap->iv_update_beacon = run_update_beacon;
1042 vap->iv_max_aid = RT2870_WCID_MAX;
1045 * The linux rt2800 driver limits 1 stream devices to a 32KB
1048 if (ic->ic_rxstream > 1)
1049 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K;
1051 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_32K;
1052 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_2; /* 2uS */
1055 * To delete the right key from h/w, we need wcid.
1056 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
1057 * and matching wcid will be written into there. So, cast
1058 * some spells to remove 'const' from ieee80211_key{}
1060 vap->iv_key_delete = (void *)run_key_delete;
1061 vap->iv_key_set = (void *)run_key_set;
1063 /* override state transition machine */
1064 rvp->newstate = vap->iv_newstate;
1065 vap->iv_newstate = run_newstate;
1066 if (opmode == IEEE80211_M_IBSS) {
1067 rvp->recv_mgmt = vap->iv_recv_mgmt;
1068 vap->iv_recv_mgmt = run_recv_mgmt;
1071 ieee80211_ratectl_init(vap);
1072 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
1074 /* complete setup */
1075 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
1078 /* make sure id is always unique */
1079 for (i = 0; i < RUN_VAP_MAX; i++) {
1080 if((sc->rvp_bmap & 1 << i) == 0){
1081 sc->rvp_bmap |= 1 << i;
1086 if (sc->rvp_cnt++ == 0)
1087 ic->ic_opmode = opmode;
1089 if (opmode == IEEE80211_M_HOSTAP)
1090 sc->cmdq_run = RUN_CMDQ_GO;
1092 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n",
1093 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1099 run_vap_delete(struct ieee80211vap *vap)
1101 struct run_vap *rvp = RUN_VAP(vap);
1102 struct ieee80211com *ic;
1103 struct run_softc *sc;
1114 m_freem(rvp->beacon_mbuf);
1115 rvp->beacon_mbuf = NULL;
1117 rvp_id = rvp->rvp_id;
1118 sc->ratectl_run &= ~(1 << rvp_id);
1119 sc->rvp_bmap &= ~(1 << rvp_id);
1120 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1121 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1124 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
1125 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1126 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1130 ieee80211_ratectl_deinit(vap);
1131 ieee80211_vap_detach(vap);
1132 free(rvp, M_80211_VAP);
1136 * There are numbers of functions need to be called in context thread.
1137 * Rather than creating taskqueue event for each of those functions,
1138 * here is all-for-one taskqueue callback function. This function
1139 * guarantees deferred functions are executed in the same order they
1141 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1144 run_cmdq_cb(void *arg, int pending)
1146 struct run_softc *sc = arg;
1149 /* call cmdq[].func locked */
1151 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1152 i = sc->cmdq_exec, pending--) {
1153 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n",
1155 if (sc->cmdq_run == RUN_CMDQ_GO) {
1157 * If arg0 is NULL, callback func needs more
1158 * than one arg. So, pass ptr to cmdq struct.
1160 if (sc->cmdq[i].arg0)
1161 sc->cmdq[i].func(sc->cmdq[i].arg0);
1163 sc->cmdq[i].func(&sc->cmdq[i]);
1165 sc->cmdq[i].arg0 = NULL;
1166 sc->cmdq[i].func = NULL;
1168 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1174 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1176 struct run_tx_data *data;
1178 memset(pq, 0, sizeof(*pq));
1180 STAILQ_INIT(&pq->tx_qh);
1181 STAILQ_INIT(&pq->tx_fh);
1183 for (data = &pq->tx_data[0];
1184 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1186 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1188 pq->tx_nfree = RUN_TX_RING_COUNT;
1192 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1194 struct run_tx_data *data;
1196 /* make sure any subsequent use of the queues will fail */
1198 STAILQ_INIT(&pq->tx_fh);
1199 STAILQ_INIT(&pq->tx_qh);
1201 /* free up all node references and mbufs */
1202 for (data = &pq->tx_data[0];
1203 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1204 if (data->m != NULL) {
1208 if (data->ni != NULL) {
1209 ieee80211_free_node(data->ni);
1216 run_load_microcode(struct run_softc *sc)
1218 usb_device_request_t req;
1219 const struct firmware *fw;
1223 const uint64_t *temp;
1227 fw = firmware_get("runfw");
1230 device_printf(sc->sc_dev,
1231 "failed loadfirmware of file %s\n", "runfw");
1235 if (fw->datasize != 8192) {
1236 device_printf(sc->sc_dev,
1237 "invalid firmware size (should be 8KB)\n");
1243 * RT3071/RT3072 use a different firmware
1244 * run-rt2870 (8KB) contains both,
1245 * first half (4KB) is for rt2870,
1246 * last half is for rt3071.
1249 if ((sc->mac_ver) != 0x2860 &&
1250 (sc->mac_ver) != 0x2872 &&
1251 (sc->mac_ver) != 0x3070) {
1255 /* cheap sanity check */
1258 if (bytes != be64toh(0xffffff0210280210ULL)) {
1259 device_printf(sc->sc_dev, "firmware checksum failed\n");
1264 /* write microcode image */
1265 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1266 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1267 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1268 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1271 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1272 req.bRequest = RT2870_RESET;
1273 USETW(req.wValue, 8);
1274 USETW(req.wIndex, 0);
1275 USETW(req.wLength, 0);
1276 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1278 device_printf(sc->sc_dev, "firmware reset failed\n");
1284 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1285 run_write(sc, RT2860_H2M_MAILBOX, 0);
1286 run_write(sc, RT2860_H2M_INTSRC, 0);
1287 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1290 /* wait until microcontroller is ready */
1291 for (ntries = 0; ntries < 1000; ntries++) {
1292 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1294 if (tmp & RT2860_MCU_READY)
1298 if (ntries == 1000) {
1299 device_printf(sc->sc_dev,
1300 "timeout waiting for MCU to initialize\n");
1304 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1305 (base == fw->data) ? "RT2870" : "RT3071",
1306 *(base + 4092), *(base + 4093));
1309 firmware_put(fw, FIRMWARE_UNLOAD);
1314 run_reset(struct run_softc *sc)
1316 usb_device_request_t req;
1318 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1319 req.bRequest = RT2870_RESET;
1320 USETW(req.wValue, 1);
1321 USETW(req.wIndex, 0);
1322 USETW(req.wLength, 0);
1323 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1327 run_do_request(struct run_softc *sc,
1328 struct usb_device_request *req, void *data)
1333 RUN_LOCK_ASSERT(sc, MA_OWNED);
1336 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1337 req, data, 0, NULL, 250 /* ms */);
1340 RUN_DPRINTF(sc, RUN_DEBUG_USB,
1341 "Control request failed, %s (retrying)\n",
1349 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1354 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1356 *val = le32toh(tmp);
1363 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1365 usb_device_request_t req;
1367 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1368 req.bRequest = RT2870_READ_REGION_1;
1369 USETW(req.wValue, 0);
1370 USETW(req.wIndex, reg);
1371 USETW(req.wLength, len);
1373 return (run_do_request(sc, &req, buf));
1377 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1379 usb_device_request_t req;
1381 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1382 req.bRequest = RT2870_WRITE_2;
1383 USETW(req.wValue, val);
1384 USETW(req.wIndex, reg);
1385 USETW(req.wLength, 0);
1387 return (run_do_request(sc, &req, NULL));
1391 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1395 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1396 error = run_write_2(sc, reg + 2, val >> 16);
1401 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1407 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1408 * We thus issue multiple WRITE_2 commands instead.
1410 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1411 for (i = 0; i < len && error == 0; i += 2)
1412 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1415 usb_device_request_t req;
1419 * NOTE: It appears the WRITE_REGION_1 command cannot be
1420 * passed a huge amount of data, which will crash the
1421 * firmware. Limit amount of data passed to 64-bytes at a
1429 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1430 req.bRequest = RT2870_WRITE_REGION_1;
1431 USETW(req.wValue, 0);
1432 USETW(req.wIndex, reg);
1433 USETW(req.wLength, delta);
1434 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1446 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1450 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1451 for (i = 0; i < len && error == 0; i += 4)
1452 error = run_write(sc, reg + i, val);
1457 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1463 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1469 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1475 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1476 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1477 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1478 for (ntries = 0; ntries < 100; ntries++) {
1479 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1481 if (!(tmp & RT3070_EFSROM_KICK))
1488 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1489 *val = 0xffff; /* address not found */
1492 /* determine to which 32-bit register our 16-bit word belongs */
1493 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1494 if ((error = run_read(sc, reg, &tmp)) != 0)
1497 tmp >>= (8 * (addr & 0x3));
1498 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1503 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1505 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1507 return (run_efuse_read(sc, addr, val, 2));
1511 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1513 usb_device_request_t req;
1518 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1519 req.bRequest = RT2870_EEPROM_READ;
1520 USETW(req.wValue, 0);
1521 USETW(req.wIndex, addr);
1522 USETW(req.wLength, sizeof(tmp));
1524 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1526 *val = le16toh(tmp);
1533 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1535 /* either eFUSE ROM or EEPROM */
1536 return sc->sc_srom_read(sc, addr, val);
1540 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1545 for (ntries = 0; ntries < 10; ntries++) {
1546 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1548 if (!(tmp & RT2860_RF_REG_CTRL))
1554 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1558 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1563 for (ntries = 0; ntries < 100; ntries++) {
1564 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1566 if (!(tmp & RT3070_RF_KICK))
1572 tmp = RT3070_RF_KICK | reg << 8;
1573 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1576 for (ntries = 0; ntries < 100; ntries++) {
1577 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1579 if (!(tmp & RT3070_RF_KICK))
1590 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1595 for (ntries = 0; ntries < 10; ntries++) {
1596 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1598 if (!(tmp & RT3070_RF_KICK))
1604 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1605 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1609 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1614 for (ntries = 0; ntries < 10; ntries++) {
1615 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1617 if (!(tmp & RT2860_BBP_CSR_KICK))
1623 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1624 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1627 for (ntries = 0; ntries < 10; ntries++) {
1628 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1630 if (!(tmp & RT2860_BBP_CSR_KICK))
1641 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1646 for (ntries = 0; ntries < 10; ntries++) {
1647 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1649 if (!(tmp & RT2860_BBP_CSR_KICK))
1655 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1656 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1660 * Send a command to the 8051 microcontroller unit.
1663 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1668 for (ntries = 0; ntries < 100; ntries++) {
1669 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1671 if (!(tmp & RT2860_H2M_BUSY))
1677 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1678 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1679 error = run_write(sc, RT2860_HOST_CMD, cmd);
1684 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1685 * Used to adjust per-rate Tx power registers.
1687 static __inline uint32_t
1688 b4inc(uint32_t b32, int8_t delta)
1692 for (i = 0; i < 8; i++) {
1699 b32 = b32 >> 4 | b4 << 28;
1705 run_get_rf(uint16_t rev)
1708 case RT2860_RF_2820: return "RT2820";
1709 case RT2860_RF_2850: return "RT2850";
1710 case RT2860_RF_2720: return "RT2720";
1711 case RT2860_RF_2750: return "RT2750";
1712 case RT3070_RF_3020: return "RT3020";
1713 case RT3070_RF_2020: return "RT2020";
1714 case RT3070_RF_3021: return "RT3021";
1715 case RT3070_RF_3022: return "RT3022";
1716 case RT3070_RF_3052: return "RT3052";
1717 case RT3593_RF_3053: return "RT3053";
1718 case RT5592_RF_5592: return "RT5592";
1719 case RT5390_RF_5370: return "RT5370";
1720 case RT5390_RF_5372: return "RT5372";
1726 run_rt3593_get_txpower(struct run_softc *sc)
1731 /* Read power settings for 2GHz channels. */
1732 for (i = 0; i < 14; i += 2) {
1733 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1734 RT2860_EEPROM_PWR2GHZ_BASE1;
1735 run_srom_read(sc, addr + i / 2, &val);
1736 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1737 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1739 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1740 RT2860_EEPROM_PWR2GHZ_BASE2;
1741 run_srom_read(sc, addr + i / 2, &val);
1742 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1743 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1745 if (sc->ntxchains == 3) {
1746 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1748 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1749 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1752 /* Fix broken Tx power entries. */
1753 for (i = 0; i < 14; i++) {
1754 if (sc->txpow1[i] > 31)
1756 if (sc->txpow2[i] > 31)
1758 if (sc->ntxchains == 3) {
1759 if (sc->txpow3[i] > 31)
1763 /* Read power settings for 5GHz channels. */
1764 for (i = 0; i < 40; i += 2) {
1765 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1766 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1767 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1769 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1770 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1771 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1773 if (sc->ntxchains == 3) {
1774 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1776 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1777 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1783 run_get_txpower(struct run_softc *sc)
1788 /* Read power settings for 2GHz channels. */
1789 for (i = 0; i < 14; i += 2) {
1790 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1791 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1792 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1794 if (sc->mac_ver != 0x5390) {
1796 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1797 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1798 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1801 /* Fix broken Tx power entries. */
1802 for (i = 0; i < 14; i++) {
1803 if (sc->mac_ver >= 0x5390) {
1804 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1807 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1810 if (sc->mac_ver > 0x5390) {
1811 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1813 } else if (sc->mac_ver < 0x5390) {
1814 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1817 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1818 "chan %d: power1=%d, power2=%d\n",
1819 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1821 /* Read power settings for 5GHz channels. */
1822 for (i = 0; i < 40; i += 2) {
1823 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1824 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1825 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1827 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1828 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1829 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1831 /* Fix broken Tx power entries. */
1832 for (i = 0; i < 40; i++ ) {
1833 if (sc->mac_ver != 0x5592) {
1834 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1835 sc->txpow1[14 + i] = 5;
1836 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1837 sc->txpow2[14 + i] = 5;
1839 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1840 "chan %d: power1=%d, power2=%d\n",
1841 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1842 sc->txpow2[14 + i]);
1847 run_read_eeprom(struct run_softc *sc)
1849 struct ieee80211com *ic = &sc->sc_ic;
1850 int8_t delta_2ghz, delta_5ghz;
1855 /* check whether the ROM is eFUSE ROM or EEPROM */
1856 sc->sc_srom_read = run_eeprom_read_2;
1857 if (sc->mac_ver >= 0x3070) {
1858 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1859 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp);
1860 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1861 sc->sc_srom_read = run_efuse_read_2;
1864 /* read ROM version */
1865 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1866 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1867 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1869 /* read MAC address */
1870 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1871 ic->ic_macaddr[0] = val & 0xff;
1872 ic->ic_macaddr[1] = val >> 8;
1873 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1874 ic->ic_macaddr[2] = val & 0xff;
1875 ic->ic_macaddr[3] = val >> 8;
1876 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1877 ic->ic_macaddr[4] = val & 0xff;
1878 ic->ic_macaddr[5] = val >> 8;
1880 if (sc->mac_ver < 0x3593) {
1881 /* read vender BBP settings */
1882 for (i = 0; i < 10; i++) {
1883 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1884 sc->bbp[i].val = val & 0xff;
1885 sc->bbp[i].reg = val >> 8;
1886 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1887 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
1889 if (sc->mac_ver >= 0x3071) {
1890 /* read vendor RF settings */
1891 for (i = 0; i < 10; i++) {
1892 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1894 sc->rf[i].val = val & 0xff;
1895 sc->rf[i].reg = val >> 8;
1896 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n",
1897 sc->rf[i].reg, sc->rf[i].val);
1902 /* read RF frequency offset from EEPROM */
1903 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1904 RT3593_EEPROM_FREQ, &val);
1905 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1906 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n",
1909 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1910 RT3593_EEPROM_FREQ_LEDS, &val);
1911 if (val >> 8 != 0xff) {
1912 /* read LEDs operating mode */
1913 sc->leds = val >> 8;
1914 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1915 RT3593_EEPROM_LED1, &sc->led[0]);
1916 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1917 RT3593_EEPROM_LED2, &sc->led[1]);
1918 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1919 RT3593_EEPROM_LED3, &sc->led[2]);
1921 /* broken EEPROM, use default settings */
1923 sc->led[0] = 0x5555;
1924 sc->led[1] = 0x2221;
1925 sc->led[2] = 0x5627; /* differs from RT2860 */
1927 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1928 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1929 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1931 /* read RF information */
1932 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1933 run_srom_read(sc, 0x00, &val);
1935 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1937 if (val == 0xffff) {
1938 device_printf(sc->sc_dev,
1939 "invalid EEPROM antenna info, using default\n");
1940 if (sc->mac_ver == 0x3572) {
1941 /* default to RF3052 2T2R */
1942 sc->rf_rev = RT3070_RF_3052;
1945 } else if (sc->mac_ver >= 0x3070) {
1946 /* default to RF3020 1T1R */
1947 sc->rf_rev = RT3070_RF_3020;
1951 /* default to RF2820 1T2R */
1952 sc->rf_rev = RT2860_RF_2820;
1957 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1959 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1961 sc->rf_rev = (val >> 8) & 0xf;
1962 sc->ntxchains = (val >> 4) & 0xf;
1963 sc->nrxchains = val & 0xf;
1965 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n",
1966 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1968 /* check if RF supports automatic Tx access gain control */
1969 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1970 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val);
1971 /* check if driver should patch the DAC issue */
1972 if ((val >> 8) != 0xff)
1973 sc->patch_dac = (val >> 15) & 1;
1974 if ((val & 0xff) != 0xff) {
1975 sc->ext_5ghz_lna = (val >> 3) & 1;
1976 sc->ext_2ghz_lna = (val >> 2) & 1;
1977 /* check if RF supports automatic Tx access gain control */
1978 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1979 /* check if we have a hardware radio switch */
1980 sc->rfswitch = val & 1;
1983 /* Read Tx power settings. */
1984 if (sc->mac_ver == 0x3593)
1985 run_rt3593_get_txpower(sc);
1987 run_get_txpower(sc);
1989 /* read Tx power compensation for each Tx rate */
1990 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1991 delta_2ghz = delta_5ghz = 0;
1992 if ((val & 0xff) != 0xff && (val & 0x80)) {
1993 delta_2ghz = val & 0xf;
1994 if (!(val & 0x40)) /* negative number */
1995 delta_2ghz = -delta_2ghz;
1998 if ((val & 0xff) != 0xff && (val & 0x80)) {
1999 delta_5ghz = val & 0xf;
2000 if (!(val & 0x40)) /* negative number */
2001 delta_5ghz = -delta_5ghz;
2003 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
2004 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz);
2006 for (ridx = 0; ridx < 5; ridx++) {
2009 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
2011 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
2012 reg |= (uint32_t)val << 16;
2014 sc->txpow20mhz[ridx] = reg;
2015 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
2016 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
2018 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
2019 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
2020 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
2021 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
2024 /* Read RSSI offsets and LNA gains from EEPROM. */
2025 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
2026 RT3593_EEPROM_RSSI1_2GHZ, &val);
2027 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
2028 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
2029 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
2030 RT3593_EEPROM_RSSI2_2GHZ, &val);
2031 if (sc->mac_ver >= 0x3070) {
2032 if (sc->mac_ver == 0x3593) {
2033 sc->txmixgain_2ghz = 0;
2034 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
2037 * On RT3070 chips (limited to 2 Rx chains), this ROM
2038 * field contains the Tx mixer gain for the 2GHz band.
2040 if ((val & 0xff) != 0xff)
2041 sc->txmixgain_2ghz = val & 0x7;
2043 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n",
2044 sc->txmixgain_2ghz);
2046 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
2047 if (sc->mac_ver == 0x3593)
2048 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
2049 sc->lna[2] = val >> 8; /* channel group 2 */
2051 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
2052 RT3593_EEPROM_RSSI1_5GHZ, &val);
2053 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
2054 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
2055 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
2056 RT3593_EEPROM_RSSI2_5GHZ, &val);
2057 if (sc->mac_ver == 0x3572) {
2059 * On RT3572 chips (limited to 2 Rx chains), this ROM
2060 * field contains the Tx mixer gain for the 5GHz band.
2062 if ((val & 0xff) != 0xff)
2063 sc->txmixgain_5ghz = val & 0x7;
2064 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n",
2065 sc->txmixgain_5ghz);
2067 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
2068 if (sc->mac_ver == 0x3593) {
2069 sc->txmixgain_5ghz = 0;
2070 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
2072 sc->lna[3] = val >> 8; /* channel group 3 */
2074 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
2075 RT3593_EEPROM_LNA, &val);
2076 sc->lna[0] = val & 0xff; /* channel group 0 */
2077 sc->lna[1] = val >> 8; /* channel group 1 */
2079 /* fix broken 5GHz LNA entries */
2080 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
2081 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2082 "invalid LNA for channel group %d\n", 2);
2083 sc->lna[2] = sc->lna[1];
2085 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
2086 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2087 "invalid LNA for channel group %d\n", 3);
2088 sc->lna[3] = sc->lna[1];
2091 /* fix broken RSSI offset entries */
2092 for (ant = 0; ant < 3; ant++) {
2093 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
2094 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2095 "invalid RSSI%d offset: %d (2GHz)\n",
2096 ant + 1, sc->rssi_2ghz[ant]);
2097 sc->rssi_2ghz[ant] = 0;
2099 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
2100 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2101 "invalid RSSI%d offset: %d (5GHz)\n",
2102 ant + 1, sc->rssi_5ghz[ant]);
2103 sc->rssi_5ghz[ant] = 0;
2109 static struct ieee80211_node *
2110 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2112 return malloc(sizeof (struct run_node), M_80211_NODE,
2117 run_media_change(struct ifnet *ifp)
2119 struct ieee80211vap *vap = ifp->if_softc;
2120 struct ieee80211com *ic = vap->iv_ic;
2121 const struct ieee80211_txparam *tp;
2122 struct run_softc *sc = ic->ic_softc;
2128 error = ieee80211_media_change(ifp);
2129 if (error != ENETRESET) {
2134 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2135 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2136 struct ieee80211_node *ni;
2137 struct run_node *rn;
2139 /* XXX TODO: methodize with MCS rates */
2140 rate = ic->ic_sup_rates[ic->ic_curmode].
2141 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2142 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2143 if (rt2860_rates[ridx].rate == rate)
2146 ni = ieee80211_ref_node(vap->iv_bss);
2148 rn->fix_ridx = ridx;
2149 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n",
2150 rate, rn->fix_ridx);
2151 ieee80211_free_node(ni);
2155 if ((ifp->if_flags & IFF_UP) &&
2156 (ifp->if_drv_flags & RUN_RUNNING)){
2157 run_init_locked(sc);
2167 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2169 const struct ieee80211_txparam *tp;
2170 struct ieee80211com *ic = vap->iv_ic;
2171 struct run_softc *sc = ic->ic_softc;
2172 struct run_vap *rvp = RUN_VAP(vap);
2173 enum ieee80211_state ostate;
2176 uint8_t restart_ratectl = 0;
2177 uint8_t bid = 1 << rvp->rvp_id;
2179 ostate = vap->iv_state;
2180 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n",
2181 ieee80211_state_name[ostate],
2182 ieee80211_state_name[nstate]);
2184 IEEE80211_UNLOCK(ic);
2187 ratectl = sc->ratectl_run; /* remember current state */
2188 sc->ratectl_run = RUN_RATECTL_OFF;
2189 usb_callout_stop(&sc->ratectl_ch);
2191 if (ostate == IEEE80211_S_RUN) {
2192 /* turn link LED off */
2193 run_set_leds(sc, RT2860_LED_RADIO);
2197 case IEEE80211_S_INIT:
2198 restart_ratectl = 1;
2200 if (ostate != IEEE80211_S_RUN)
2204 sc->runbmap &= ~bid;
2206 /* abort TSF synchronization if there is no vap running */
2207 if (--sc->running == 0)
2208 run_disable_tsf(sc);
2211 case IEEE80211_S_RUN:
2212 if (!(sc->runbmap & bid)) {
2214 restart_ratectl = 1;
2218 m_freem(rvp->beacon_mbuf);
2219 rvp->beacon_mbuf = NULL;
2221 switch (vap->iv_opmode) {
2222 case IEEE80211_M_HOSTAP:
2223 case IEEE80211_M_MBSS:
2224 sc->ap_running |= bid;
2225 ic->ic_opmode = vap->iv_opmode;
2226 run_update_beacon_cb(vap);
2228 case IEEE80211_M_IBSS:
2229 sc->adhoc_running |= bid;
2230 if (!sc->ap_running)
2231 ic->ic_opmode = vap->iv_opmode;
2232 run_update_beacon_cb(vap);
2234 case IEEE80211_M_STA:
2235 sc->sta_running |= bid;
2236 if (!sc->ap_running && !sc->adhoc_running)
2237 ic->ic_opmode = vap->iv_opmode;
2239 /* read statistic counters (clear on read) */
2240 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2241 (uint8_t *)sta, sizeof sta);
2245 ic->ic_opmode = vap->iv_opmode;
2249 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2250 struct ieee80211_node *ni;
2252 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2259 run_set_txpreamble(sc);
2260 run_set_basicrates(sc);
2261 ni = ieee80211_ref_node(vap->iv_bss);
2262 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2263 run_set_bssid(sc, sc->sc_bssid);
2264 ieee80211_free_node(ni);
2265 run_enable_tsf_sync(sc);
2267 /* enable automatic rate adaptation */
2268 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2269 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2274 /* turn link LED on */
2275 run_set_leds(sc, RT2860_LED_RADIO |
2276 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2277 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2281 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n");
2285 /* restart amrr for running VAPs */
2286 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2287 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2292 return(rvp->newstate(vap, nstate, arg));
2296 run_wme_update(struct ieee80211com *ic)
2298 struct chanAccParams chp;
2299 struct run_softc *sc = ic->ic_softc;
2300 const struct wmeParams *ac;
2303 ieee80211_wme_ic_getparams(ic, &chp);
2304 ac = chp.cap_wmeParams;
2306 /* update MAC TX configuration registers */
2308 for (aci = 0; aci < WME_NUM_AC; aci++) {
2309 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2310 ac[aci].wmep_logcwmax << 16 |
2311 ac[aci].wmep_logcwmin << 12 |
2312 ac[aci].wmep_aifsn << 8 |
2313 ac[aci].wmep_txopLimit);
2314 if (error) goto err;
2317 /* update SCH/DMA registers too */
2318 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2319 ac[WME_AC_VO].wmep_aifsn << 12 |
2320 ac[WME_AC_VI].wmep_aifsn << 8 |
2321 ac[WME_AC_BK].wmep_aifsn << 4 |
2322 ac[WME_AC_BE].wmep_aifsn);
2323 if (error) goto err;
2324 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2325 ac[WME_AC_VO].wmep_logcwmin << 12 |
2326 ac[WME_AC_VI].wmep_logcwmin << 8 |
2327 ac[WME_AC_BK].wmep_logcwmin << 4 |
2328 ac[WME_AC_BE].wmep_logcwmin);
2329 if (error) goto err;
2330 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2331 ac[WME_AC_VO].wmep_logcwmax << 12 |
2332 ac[WME_AC_VI].wmep_logcwmax << 8 |
2333 ac[WME_AC_BK].wmep_logcwmax << 4 |
2334 ac[WME_AC_BE].wmep_logcwmax);
2335 if (error) goto err;
2336 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2337 ac[WME_AC_BK].wmep_txopLimit << 16 |
2338 ac[WME_AC_BE].wmep_txopLimit);
2339 if (error) goto err;
2340 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2341 ac[WME_AC_VO].wmep_txopLimit << 16 |
2342 ac[WME_AC_VI].wmep_txopLimit);
2347 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n");
2353 run_key_set_cb(void *arg)
2355 struct run_cmdq *cmdq = arg;
2356 struct ieee80211vap *vap = cmdq->arg1;
2357 struct ieee80211_key *k = cmdq->k;
2358 struct ieee80211com *ic = vap->iv_ic;
2359 struct run_softc *sc = ic->ic_softc;
2360 struct ieee80211_node *ni;
2361 u_int cipher = k->wk_cipher->ic_cipher;
2363 uint16_t base, associd;
2364 uint8_t mode, wcid, iv[8];
2366 RUN_LOCK_ASSERT(sc, MA_OWNED);
2368 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2369 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2372 associd = (ni != NULL) ? ni->ni_associd : 0;
2374 /* map net80211 cipher to RT2860 security mode */
2376 case IEEE80211_CIPHER_WEP:
2377 if(k->wk_keylen < 8)
2378 mode = RT2860_MODE_WEP40;
2380 mode = RT2860_MODE_WEP104;
2382 case IEEE80211_CIPHER_TKIP:
2383 mode = RT2860_MODE_TKIP;
2385 case IEEE80211_CIPHER_AES_CCM:
2386 mode = RT2860_MODE_AES_CCMP;
2389 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n");
2393 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2394 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2395 associd, k->wk_keyix, mode,
2396 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2397 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2398 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2400 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2401 wcid = 0; /* NB: update WCID0 for group keys */
2402 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2404 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2405 1 : RUN_AID2WCID(associd);
2406 base = RT2860_PKEY(wcid);
2409 if (cipher == IEEE80211_CIPHER_TKIP) {
2410 if(run_write_region_1(sc, base, k->wk_key, 16))
2412 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2414 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2417 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2418 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2422 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2423 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2424 /* set initial packet number in IV+EIV */
2425 if (cipher == IEEE80211_CIPHER_WEP) {
2426 memset(iv, 0, sizeof iv);
2427 iv[3] = vap->iv_def_txkey << 6;
2429 if (cipher == IEEE80211_CIPHER_TKIP) {
2430 iv[0] = k->wk_keytsc >> 8;
2431 iv[1] = (iv[0] | 0x20) & 0x7f;
2432 iv[2] = k->wk_keytsc;
2434 iv[0] = k->wk_keytsc;
2435 iv[1] = k->wk_keytsc >> 8;
2438 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2439 iv[4] = k->wk_keytsc >> 16;
2440 iv[5] = k->wk_keytsc >> 24;
2441 iv[6] = k->wk_keytsc >> 32;
2442 iv[7] = k->wk_keytsc >> 40;
2444 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2448 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2449 /* install group key */
2450 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2452 attr &= ~(0xf << (k->wk_keyix * 4));
2453 attr |= mode << (k->wk_keyix * 4);
2454 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2457 /* install pairwise key */
2458 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2460 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2461 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2465 /* TODO create a pass-thru key entry? */
2467 /* need wcid to delete the right key later */
2472 * Don't have to be deferred, but in order to keep order of
2473 * execution, i.e. with run_key_delete(), defer this and let
2474 * run_cmdq_cb() maintain the order.
2479 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2481 struct ieee80211com *ic = vap->iv_ic;
2482 struct run_softc *sc = ic->ic_softc;
2485 i = RUN_CMDQ_GET(&sc->cmdq_store);
2486 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2487 sc->cmdq[i].func = run_key_set_cb;
2488 sc->cmdq[i].arg0 = NULL;
2489 sc->cmdq[i].arg1 = vap;
2491 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2492 ieee80211_runtask(ic, &sc->cmdq_task);
2495 * To make sure key will be set when hostapd
2496 * calls iv_key_set() before if_init().
2498 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2500 sc->cmdq_key_set = RUN_CMDQ_GO;
2508 * If wlan is destroyed without being brought down i.e. without
2509 * wlan down or wpa_cli terminate, this function is called after
2510 * vap is gone. Don't refer it.
2513 run_key_delete_cb(void *arg)
2515 struct run_cmdq *cmdq = arg;
2516 struct run_softc *sc = cmdq->arg1;
2517 struct ieee80211_key *k = &cmdq->key;
2521 RUN_LOCK_ASSERT(sc, MA_OWNED);
2523 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2524 /* remove group key */
2525 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n");
2526 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2527 attr &= ~(0xf << (k->wk_keyix * 4));
2528 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2530 /* remove pairwise key */
2531 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2532 "removing key for wcid %x\n", k->wk_pad);
2533 /* matching wcid was written to wk_pad in run_key_set() */
2535 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2537 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2538 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2548 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2550 struct ieee80211com *ic = vap->iv_ic;
2551 struct run_softc *sc = ic->ic_softc;
2552 struct ieee80211_key *k0;
2556 * When called back, key might be gone. So, make a copy
2557 * of some values need to delete keys before deferring.
2558 * But, because of LOR with node lock, cannot use lock here.
2559 * So, use atomic instead.
2561 i = RUN_CMDQ_GET(&sc->cmdq_store);
2562 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2563 sc->cmdq[i].func = run_key_delete_cb;
2564 sc->cmdq[i].arg0 = NULL;
2565 sc->cmdq[i].arg1 = sc;
2566 k0 = &sc->cmdq[i].key;
2567 k0->wk_flags = k->wk_flags;
2568 k0->wk_keyix = k->wk_keyix;
2569 /* matching wcid was written to wk_pad in run_key_set() */
2570 k0->wk_pad = k->wk_pad;
2571 ieee80211_runtask(ic, &sc->cmdq_task);
2572 return (1); /* return fake success */
2577 run_ratectl_to(void *arg)
2579 struct run_softc *sc = arg;
2581 /* do it in a process context, so it can go sleep */
2582 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2583 /* next timeout will be rescheduled in the callback task */
2588 run_ratectl_cb(void *arg, int pending)
2590 struct run_softc *sc = arg;
2591 struct ieee80211com *ic = &sc->sc_ic;
2592 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2597 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2599 * run_reset_livelock() doesn't do anything with AMRR,
2600 * but Ralink wants us to call it every 1 sec. So, we
2601 * piggyback here rather than creating another callout.
2602 * Livelock may occur only in HOSTAP or IBSS mode
2603 * (when h/w is sending beacons).
2606 run_reset_livelock(sc);
2607 /* just in case, there are some stats to drain */
2612 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2615 if(sc->ratectl_run != RUN_RATECTL_OFF)
2616 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2621 run_drain_fifo(void *arg)
2623 struct run_softc *sc = arg;
2625 uint16_t (*wstat)[3];
2626 uint8_t wcid, mcs, pid;
2629 RUN_LOCK_ASSERT(sc, MA_OWNED);
2632 /* drain Tx status FIFO (maxsize = 16) */
2633 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2634 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat);
2635 if (!(stat & RT2860_TXQ_VLD))
2638 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2640 /* if no ACK was requested, no feedback is available */
2641 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2646 * Even though each stat is Tx-complete-status like format,
2647 * the device can poll stats. Because there is no guarantee
2648 * that the referring node is still around when read the stats.
2649 * So that, if we use ieee80211_ratectl_tx_update(), we will
2650 * have hard time not to refer already freed node.
2652 * To eliminate such page faults, we poll stats in softc.
2653 * Then, update the rates later with ieee80211_ratectl_tx_update().
2655 wstat = &(sc->wcid_stats[wcid]);
2656 (*wstat)[RUN_TXCNT]++;
2657 if (stat & RT2860_TXQ_OK)
2658 (*wstat)[RUN_SUCCESS]++;
2660 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2662 * Check if there were retries, ie if the Tx success rate is
2663 * different from the requested rate. Note that it works only
2664 * because we do not allow rate fallback from OFDM to CCK.
2666 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2667 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2668 if ((retry = pid -1 - mcs) > 0) {
2669 (*wstat)[RUN_TXCNT] += retry;
2670 (*wstat)[RUN_RETRY] += retry;
2673 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt);
2679 run_iter_func(void *arg, struct ieee80211_node *ni)
2681 struct run_softc *sc = arg;
2682 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
2683 struct ieee80211vap *vap = ni->ni_vap;
2684 struct run_node *rn = RUN_NODE(ni);
2685 union run_stats sta[2];
2686 uint16_t (*wstat)[3];
2691 /* Check for special case */
2692 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2696 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
2697 IEEE80211_RATECTL_TX_STATS_RETRIES;
2699 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2700 vap->iv_opmode == IEEE80211_M_STA)) {
2701 /* read statistic counters (clear on read) and update AMRR state */
2702 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2707 /* count failed TX as errors */
2708 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2709 le16toh(sta[0].error.fail));
2711 txs->nretries = le16toh(sta[1].tx.retry);
2712 txs->nsuccess = le16toh(sta[1].tx.success);
2714 txs->nframes = txs->nretries + txs->nsuccess +
2715 le16toh(sta[0].error.fail);
2717 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2718 "retrycnt=%d success=%d failcnt=%d\n",
2719 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail));
2721 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2723 if (wstat == &(sc->wcid_stats[0]) ||
2724 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2727 txs->nretries = (*wstat)[RUN_RETRY];
2728 txs->nsuccess = (*wstat)[RUN_SUCCESS];
2729 txs->nframes = (*wstat)[RUN_TXCNT];
2730 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2731 "retrycnt=%d txcnt=%d success=%d\n",
2732 txs->nretries, txs->nframes, txs->nsuccess);
2734 memset(wstat, 0, sizeof(*wstat));
2737 ieee80211_ratectl_tx_update(vap, txs);
2738 ieee80211_ratectl_rate(ni, NULL, 0);
2739 /* XXX TODO: methodize with MCS rates */
2740 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2741 if (rt2860_rates[ridx].rate == ni->ni_txrate)
2743 rn->amrr_ridx = ridx;
2748 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, ridx=%d\n", ni->ni_txrate, rn->amrr_ridx);
2752 run_newassoc_cb(void *arg)
2754 struct run_cmdq *cmdq = arg;
2755 struct ieee80211_node *ni = cmdq->arg1;
2756 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2757 uint8_t wcid = cmdq->wcid;
2759 RUN_LOCK_ASSERT(sc, MA_OWNED);
2761 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2762 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2764 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2768 run_newassoc(struct ieee80211_node *ni, int isnew)
2770 struct run_node *rn = RUN_NODE(ni);
2771 struct ieee80211vap *vap = ni->ni_vap;
2772 struct ieee80211com *ic = vap->iv_ic;
2773 struct run_softc *sc = ic->ic_softc;
2778 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2779 1 : RUN_AID2WCID(ni->ni_associd);
2781 if (wcid > RT2870_WCID_MAX) {
2782 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2786 /* only interested in true associations */
2787 if (isnew && ni->ni_associd != 0) {
2790 * This function could is called though timeout function.
2793 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2794 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt);
2795 sc->cmdq[cnt].func = run_newassoc_cb;
2796 sc->cmdq[cnt].arg0 = NULL;
2797 sc->cmdq[cnt].arg1 = ni;
2798 sc->cmdq[cnt].wcid = wcid;
2799 ieee80211_runtask(ic, &sc->cmdq_task);
2802 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
2803 "new assoc isnew=%d associd=%x addr=%s\n",
2804 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2806 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2807 /* XXX TODO: methodize with MCS rates */
2808 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2809 if (rt2860_rates[ridx].rate == rate)
2811 rn->mgt_ridx = ridx;
2812 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2813 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2816 if(sc->ratectl_run != RUN_RATECTL_OFF)
2817 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2822 * Return the Rx chain with the highest RSSI for a given frame.
2824 static __inline uint8_t
2825 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2827 uint8_t rxchain = 0;
2829 if (sc->nrxchains > 1) {
2830 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2832 if (sc->nrxchains > 2)
2833 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2840 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2841 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2843 struct ieee80211vap *vap = ni->ni_vap;
2844 struct run_softc *sc = vap->iv_ic->ic_softc;
2845 struct run_vap *rvp = RUN_VAP(vap);
2846 uint64_t ni_tstamp, rx_tstamp;
2848 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2850 if (vap->iv_state == IEEE80211_S_RUN &&
2851 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2852 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2853 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2855 run_get_tsf(sc, &rx_tstamp);
2857 rx_tstamp = le64toh(rx_tstamp);
2859 if (ni_tstamp >= rx_tstamp) {
2860 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON,
2861 "ibss merge, tsf %ju tstamp %ju\n",
2862 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2863 (void) ieee80211_ibss_merge(ni);
2869 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2871 struct ieee80211com *ic = &sc->sc_ic;
2872 struct ieee80211_frame *wh;
2873 struct ieee80211_node *ni;
2874 struct epoch_tracker et;
2875 struct rt2870_rxd *rxd;
2876 struct rt2860_rxwi *rxwi;
2878 uint16_t len, rxwisize;
2882 rxwisize = sizeof(struct rt2860_rxwi);
2883 if (sc->mac_ver == 0x5592)
2884 rxwisize += sizeof(uint64_t);
2885 else if (sc->mac_ver == 0x3593)
2886 rxwisize += sizeof(uint32_t);
2888 if (__predict_false(dmalen <
2889 rxwisize + sizeof(struct ieee80211_frame_ack))) {
2890 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2891 "payload is too short: dma length %u < %zu\n",
2892 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack));
2896 rxwi = mtod(m, struct rt2860_rxwi *);
2897 len = le16toh(rxwi->len) & 0xfff;
2899 if (__predict_false(len > dmalen - rxwisize)) {
2900 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2901 "bad RXWI length %u > %u\n", len, dmalen);
2905 /* Rx descriptor is located at the end */
2906 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2907 flags = le32toh(rxd->flags);
2909 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2910 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n",
2911 (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2915 if (flags & RT2860_RX_L2PAD) {
2916 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2917 "received RT2860_RX_L2PAD frame\n");
2921 m->m_data += rxwisize;
2922 m->m_pkthdr.len = m->m_len = len;
2924 wh = mtod(m, struct ieee80211_frame *);
2926 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 &&
2927 (flags & RT2860_RX_DEC) != 0) {
2928 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2929 m->m_flags |= M_WEP;
2932 if (len >= sizeof(struct ieee80211_frame_min)) {
2933 ni = ieee80211_find_rxnode(ic,
2934 mtod(m, struct ieee80211_frame_min *));
2938 if(ni && ni->ni_flags & IEEE80211_NODE_HT) {
2939 m->m_flags |= M_AMPDU;
2942 if (__predict_false(flags & RT2860_RX_MICERR)) {
2943 /* report MIC failures to net80211 for TKIP */
2945 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2947 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2948 "MIC error. Someone is lying.\n");
2952 ant = run_maxrssi_chain(sc, rxwi);
2953 rssi = rxwi->rssi[ant];
2954 nf = run_rssi2dbm(sc, rssi, ant);
2956 if (__predict_false(ieee80211_radiotap_active(ic))) {
2957 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2961 if (flags & RT2860_RX_L2PAD)
2962 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
2963 tap->wr_antsignal = rssi;
2964 tap->wr_antenna = ant;
2965 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2966 tap->wr_rate = 2; /* in case it can't be found below */
2968 run_get_tsf(sc, &tap->wr_tsf);
2970 phy = le16toh(rxwi->phy);
2971 switch (phy & RT2860_PHY_MODE) {
2972 case RT2860_PHY_CCK:
2973 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2974 case 0: tap->wr_rate = 2; break;
2975 case 1: tap->wr_rate = 4; break;
2976 case 2: tap->wr_rate = 11; break;
2977 case 3: tap->wr_rate = 22; break;
2979 if (phy & RT2860_PHY_SHPRE)
2980 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2982 case RT2860_PHY_OFDM:
2983 switch (phy & RT2860_PHY_MCS) {
2984 case 0: tap->wr_rate = 12; break;
2985 case 1: tap->wr_rate = 18; break;
2986 case 2: tap->wr_rate = 24; break;
2987 case 3: tap->wr_rate = 36; break;
2988 case 4: tap->wr_rate = 48; break;
2989 case 5: tap->wr_rate = 72; break;
2990 case 6: tap->wr_rate = 96; break;
2991 case 7: tap->wr_rate = 108; break;
2997 NET_EPOCH_ENTER(et);
2999 (void)ieee80211_input(ni, m, rssi, nf);
3000 ieee80211_free_node(ni);
3002 (void)ieee80211_input_all(ic, m, rssi, nf);
3010 counter_u64_add(ic->ic_ierrors, 1);
3014 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
3016 struct run_softc *sc = usbd_xfer_softc(xfer);
3017 struct ieee80211com *ic = &sc->sc_ic;
3018 struct mbuf *m = NULL;
3020 uint32_t dmalen, mbuf_len;
3024 rxwisize = sizeof(struct rt2860_rxwi);
3025 if (sc->mac_ver == 0x5592)
3026 rxwisize += sizeof(uint64_t);
3027 else if (sc->mac_ver == 0x3593)
3028 rxwisize += sizeof(uint32_t);
3030 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
3032 switch (USB_GET_STATE(xfer)) {
3033 case USB_ST_TRANSFERRED:
3035 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
3036 "rx done, actlen=%d\n", xferlen);
3038 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
3039 sizeof(struct rt2870_rxd))) {
3040 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3041 "xfer too short %d\n", xferlen);
3051 if (sc->rx_m == NULL) {
3052 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
3055 if (sc->rx_m == NULL) {
3056 RUN_DPRINTF(sc, RUN_DEBUG_RECV |
3057 RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3058 "could not allocate mbuf - idle with stall\n");
3059 counter_u64_add(ic->ic_ierrors, 1);
3060 usbd_xfer_set_stall(xfer);
3061 usbd_xfer_set_frames(xfer, 0);
3064 * Directly loading a mbuf cluster into DMA to
3065 * save some data copying. This works because
3066 * there is only one cluster.
3068 usbd_xfer_set_frame_data(xfer, 0,
3069 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
3070 usbd_xfer_set_frames(xfer, 1);
3072 usbd_transfer_submit(xfer);
3075 default: /* Error */
3076 if (error != USB_ERR_CANCELLED) {
3077 /* try to clear stall first */
3078 usbd_xfer_set_stall(xfer);
3079 if (error == USB_ERR_TIMEOUT)
3080 device_printf(sc->sc_dev, "device timeout\n");
3081 counter_u64_add(ic->ic_ierrors, 1);
3084 if (sc->rx_m != NULL) {
3094 /* inputting all the frames must be last */
3098 m->m_pkthdr.len = m->m_len = xferlen;
3100 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
3102 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
3104 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
3105 ((dmalen & 3) != 0)) {
3106 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3107 "bad DMA length %u\n", dmalen);
3110 if ((dmalen + 8) > (uint32_t)xferlen) {
3111 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3112 "bad DMA length %u > %d\n",
3113 dmalen + 8, xferlen);
3117 /* If it is the last one or a single frame, we won't copy. */
3118 if ((xferlen -= dmalen + 8) <= 8) {
3119 /* trim 32-bit DMA-len header */
3121 m->m_pkthdr.len = m->m_len -= 4;
3122 run_rx_frame(sc, m, dmalen);
3123 m = NULL; /* don't free source buffer */
3127 mbuf_len = dmalen + sizeof(struct rt2870_rxd);
3128 if (__predict_false(mbuf_len > MCLBYTES)) {
3129 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3130 "payload is too big: mbuf_len %u\n", mbuf_len);
3131 counter_u64_add(ic->ic_ierrors, 1);
3135 /* copy aggregated frames to another mbuf */
3136 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3137 if (__predict_false(m0 == NULL)) {
3138 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC,
3139 "could not allocate mbuf\n");
3140 counter_u64_add(ic->ic_ierrors, 1);
3143 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3144 mbuf_len, mtod(m0, caddr_t));
3145 m0->m_pkthdr.len = m0->m_len = mbuf_len;
3146 run_rx_frame(sc, m0, dmalen);
3148 /* update data ptr */
3149 m->m_data += mbuf_len + 4;
3150 m->m_pkthdr.len = m->m_len -= mbuf_len + 4;
3153 /* make sure we free the source buffer, if any */
3156 #ifdef IEEE80211_SUPPORT_SUPERG
3157 ieee80211_ff_age_all(ic, 100);
3163 run_tx_free(struct run_endpoint_queue *pq,
3164 struct run_tx_data *data, int txerr)
3167 ieee80211_tx_complete(data->ni, data->m, txerr);
3172 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3177 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3179 struct run_softc *sc = usbd_xfer_softc(xfer);
3180 struct ieee80211com *ic = &sc->sc_ic;
3181 struct run_tx_data *data;
3182 struct ieee80211vap *vap = NULL;
3183 struct usb_page_cache *pc;
3184 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3186 usb_frlength_t size;
3190 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3192 switch (USB_GET_STATE(xfer)) {
3193 case USB_ST_TRANSFERRED:
3194 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3195 "transfer complete: %d bytes @ index %d\n", actlen, index);
3197 data = usbd_xfer_get_priv(xfer);
3198 run_tx_free(pq, data, 0);
3199 usbd_xfer_set_priv(xfer, NULL);
3204 data = STAILQ_FIRST(&pq->tx_qh);
3208 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3211 size = (sc->mac_ver == 0x5592) ?
3212 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3213 if ((m->m_pkthdr.len +
3214 size + 3 + 8) > RUN_MAX_TXSZ) {
3215 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB,
3216 "data overflow, %u bytes\n", m->m_pkthdr.len);
3217 run_tx_free(pq, data, 1);
3221 pc = usbd_xfer_get_frame(xfer, 0);
3222 usbd_copy_in(pc, 0, &data->desc, size);
3223 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3224 size += m->m_pkthdr.len;
3226 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3227 * 4-byte padding), and be sure to zero those trailing
3230 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3231 size += ((-size) & 3) + 8;
3233 vap = data->ni->ni_vap;
3234 if (ieee80211_radiotap_active_vap(vap)) {
3235 const struct ieee80211_frame *wh;
3236 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3237 struct rt2860_txwi *txwi =
3238 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3241 wh = mtod(m, struct ieee80211_frame *);
3242 has_l2pad = IEEE80211_HAS_ADDR4(wh) !=
3243 IEEE80211_QOS_HAS_SEQ(wh);
3246 tap->wt_rate = rt2860_rates[data->ridx].rate;
3247 tap->wt_hwqueue = index;
3248 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3249 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3251 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
3253 ieee80211_radiotap_tx(vap, m);
3256 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3257 "sending frame len=%u/%u @ index %d\n",
3258 m->m_pkthdr.len, size, index);
3260 usbd_xfer_set_frame_len(xfer, 0, size);
3261 usbd_xfer_set_priv(xfer, data);
3262 usbd_transfer_submit(xfer);
3268 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3269 "USB transfer error, %s\n", usbd_errstr(error));
3271 data = usbd_xfer_get_priv(xfer);
3274 if(data->ni != NULL)
3275 vap = data->ni->ni_vap;
3276 run_tx_free(pq, data, error);
3277 usbd_xfer_set_priv(xfer, NULL);
3281 vap = TAILQ_FIRST(&ic->ic_vaps);
3283 if (error != USB_ERR_CANCELLED) {
3284 if (error == USB_ERR_TIMEOUT) {
3285 device_printf(sc->sc_dev, "device timeout\n");
3286 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3287 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3288 "cmdq_store=%d\n", i);
3289 sc->cmdq[i].func = run_usb_timeout_cb;
3290 sc->cmdq[i].arg0 = vap;
3291 ieee80211_runtask(ic, &sc->cmdq_task);
3295 * Try to clear stall first, also if other
3296 * errors occur, hence clearing stall
3297 * introduces a 50 ms delay:
3299 usbd_xfer_set_stall(xfer);
3304 #ifdef IEEE80211_SUPPORT_SUPERG
3305 /* XXX TODO: make this deferred rather than unlock/relock */
3306 /* XXX TODO: should only do the QoS AC this belongs to */
3307 if (pq->tx_nfree >= RUN_TX_RING_COUNT) {
3309 ieee80211_ff_flush_all(ic);
3316 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3318 run_bulk_tx_callbackN(xfer, error, 0);
3322 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3324 run_bulk_tx_callbackN(xfer, error, 1);
3328 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3330 run_bulk_tx_callbackN(xfer, error, 2);
3334 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3336 run_bulk_tx_callbackN(xfer, error, 3);
3340 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3342 run_bulk_tx_callbackN(xfer, error, 4);
3346 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3348 run_bulk_tx_callbackN(xfer, error, 5);
3352 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3354 struct mbuf *m = data->m;
3355 struct ieee80211com *ic = &sc->sc_ic;
3356 struct ieee80211vap *vap = data->ni->ni_vap;
3357 struct ieee80211_frame *wh;
3358 struct rt2870_txd *txd;
3359 struct rt2860_txwi *txwi;
3360 uint16_t xferlen, txwisize;
3362 uint8_t ridx = data->ridx;
3365 /* get MCS code from rate index */
3366 mcs = rt2860_rates[ridx].mcs;
3368 txwisize = (sc->mac_ver == 0x5592) ?
3369 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3370 xferlen = txwisize + m->m_pkthdr.len;
3372 /* roundup to 32-bit alignment */
3373 xferlen = (xferlen + 3) & ~3;
3375 txd = (struct rt2870_txd *)&data->desc;
3376 txd->len = htole16(xferlen);
3378 wh = mtod(m, struct ieee80211_frame *);
3381 * Ether both are true or both are false, the header
3382 * are nicely aligned to 32-bit. So, no L2 padding.
3384 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3389 /* setup TX Wireless Information */
3390 txwi = (struct rt2860_txwi *)(txd + 1);
3391 txwi->len = htole16(m->m_pkthdr.len - pad);
3392 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3393 mcs |= RT2860_PHY_CCK;
3394 if (ridx != RT2860_RIDX_CCK1 &&
3395 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3396 mcs |= RT2860_PHY_SHPRE;
3397 } else if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM) {
3398 mcs |= RT2860_PHY_OFDM;
3399 } else if (rt2860_rates[ridx].phy == IEEE80211_T_HT) {
3400 /* XXX TODO: [adrian] set short preamble for MCS? */
3401 mcs |= RT2860_PHY_HT_MIX; /* Mixed, not greenfield */
3403 txwi->phy = htole16(mcs);
3405 /* check if RTS/CTS or CTS-to-self protection is required */
3406 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3407 ((m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) ||
3408 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3409 rt2860_rates[ridx].phy == IEEE80211_T_OFDM) ||
3410 ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) &&
3411 rt2860_rates[ridx].phy == IEEE80211_T_HT)))
3412 txwi->txop |= RT2860_TX_TXOP_HT;
3414 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3416 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3417 txwi->xflags |= RT2860_TX_NSEQ;
3420 /* This function must be called locked */
3422 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3424 struct ieee80211com *ic = &sc->sc_ic;
3425 struct ieee80211vap *vap = ni->ni_vap;
3426 struct ieee80211_frame *wh;
3427 const struct ieee80211_txparam *tp = ni->ni_txparms;
3428 struct run_node *rn = RUN_NODE(ni);
3429 struct run_tx_data *data;
3430 struct rt2870_txd *txd;
3431 struct rt2860_txwi *txwi;
3443 RUN_LOCK_ASSERT(sc, MA_OWNED);
3445 wh = mtod(m, struct ieee80211_frame *);
3447 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3450 * There are 7 bulk endpoints: 1 for RX
3451 * and 6 for TX (4 EDCAs + HCCA + Prio).
3452 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3453 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3455 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3458 frm = ieee80211_getqos(wh);
3459 qos = le16toh(*(const uint16_t *)frm);
3460 tid = qos & IEEE80211_QOS_TID;
3461 qid = TID_TO_WME_AC(tid);
3467 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3469 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3470 qos, qid, tid, qflags);
3472 /* pickup a rate index */
3473 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3474 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3475 /* XXX TODO: methodize for 11n; use MCS0 for 11NA/11NG */
3476 ridx = (ic->ic_curmode == IEEE80211_MODE_11A || ic->ic_curmode == IEEE80211_MODE_11NA) ?
3477 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3478 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3480 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3481 ridx = rn->fix_ridx;
3483 ridx = rn->amrr_ridx;
3484 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3487 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3488 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3489 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3490 xflags |= RT2860_TX_ACK;
3491 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3492 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3494 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3495 USETW(wh->i_dur, dur);
3498 /* reserve slots for mgmt packets, just in case */
3499 if (sc->sc_epq[qid].tx_nfree < 3) {
3500 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid);
3504 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3505 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3506 sc->sc_epq[qid].tx_nfree--;
3508 txd = (struct rt2870_txd *)&data->desc;
3509 txd->flags = qflags;
3510 txwi = (struct rt2860_txwi *)(txd + 1);
3511 txwi->xflags = xflags;
3512 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3515 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3516 1 : RUN_AID2WCID(ni->ni_associd);
3518 /* clear leftover garbage bits */
3526 run_set_tx_desc(sc, data);
3529 * The chip keeps track of 2 kind of Tx stats,
3530 * * TX_STAT_FIFO, for per WCID stats, and
3531 * * TX_STA_CNT0 for all-TX-in-one stats.
3533 * To use FIFO stats, we need to store MCS into the driver-private
3534 * PacketID field. So that, we can tell whose stats when we read them.
3535 * We add 1 to the MCS because setting the PacketID field to 0 means
3536 * that we don't want feedback in TX_STAT_FIFO.
3537 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3539 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3541 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3542 vap->iv_opmode == IEEE80211_M_MBSS) {
3543 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3544 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3547 * Unlike PCI based devices, we don't get any interrupt from
3548 * USB devices, so we simulate FIFO-is-full interrupt here.
3549 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3550 * quickly get fulled. To prevent overflow, increment a counter on
3551 * every FIFO stat request, so we know how many slots are left.
3552 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3553 * are used only in those modes.
3554 * We just drain stats. AMRR gets updated every 1 sec by
3555 * run_ratectl_cb() via callout.
3556 * Call it early. Otherwise overflow.
3558 if (sc->fifo_cnt++ == 10) {
3560 * With multiple vaps or if_bridge, if_start() is called
3561 * with a non-sleepable lock, tcpinp. So, need to defer.
3563 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3564 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i);
3565 sc->cmdq[i].func = run_drain_fifo;
3566 sc->cmdq[i].arg0 = sc;
3567 ieee80211_runtask(ic, &sc->cmdq_task);
3571 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3573 usbd_transfer_start(sc->sc_xfer[qid]);
3575 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3576 "sending data frame len=%d rate=%d qid=%d\n",
3577 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3578 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3584 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3586 struct ieee80211com *ic = &sc->sc_ic;
3587 struct run_node *rn = RUN_NODE(ni);
3588 struct run_tx_data *data;
3589 struct ieee80211_frame *wh;
3590 struct rt2870_txd *txd;
3591 struct rt2860_txwi *txwi;
3593 uint8_t ridx = rn->mgt_ridx;
3597 RUN_LOCK_ASSERT(sc, MA_OWNED);
3599 wh = mtod(m, struct ieee80211_frame *);
3601 /* tell hardware to add timestamp for probe responses */
3603 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3604 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3605 wflags |= RT2860_TX_TS;
3606 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3607 xflags |= RT2860_TX_ACK;
3609 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3610 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3611 USETW(wh->i_dur, dur);
3614 if (sc->sc_epq[0].tx_nfree == 0)
3615 /* let caller free mbuf */
3617 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3618 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3619 sc->sc_epq[0].tx_nfree--;
3621 txd = (struct rt2870_txd *)&data->desc;
3622 txd->flags = RT2860_TX_QSEL_EDCA;
3623 txwi = (struct rt2860_txwi *)(txd + 1);
3625 txwi->flags = wflags;
3626 txwi->xflags = xflags;
3627 txwi->txop = 0; /* clear leftover garbage bits */
3633 run_set_tx_desc(sc, data);
3635 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n",
3636 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3637 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate);
3639 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3641 usbd_transfer_start(sc->sc_xfer[0]);
3647 run_sendprot(struct run_softc *sc,
3648 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3650 struct ieee80211com *ic = ni->ni_ic;
3651 struct run_tx_data *data;
3652 struct rt2870_txd *txd;
3653 struct rt2860_txwi *txwi;
3660 RUN_LOCK_ASSERT(sc, MA_OWNED);
3662 /* check that there are free slots before allocating the mbuf */
3663 if (sc->sc_epq[0].tx_nfree == 0)
3664 /* let caller free mbuf */
3667 mprot = ieee80211_alloc_prot(ni, m, rate, prot);
3668 if (mprot == NULL) {
3669 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3670 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n");
3674 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3675 wflags = RT2860_TX_FRAG;
3677 if (prot == IEEE80211_PROT_RTSCTS)
3678 xflags |= RT2860_TX_ACK;
3680 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3681 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3682 sc->sc_epq[0].tx_nfree--;
3684 txd = (struct rt2870_txd *)&data->desc;
3685 txd->flags = RT2860_TX_QSEL_EDCA;
3686 txwi = (struct rt2860_txwi *)(txd + 1);
3688 txwi->flags = wflags;
3689 txwi->xflags = xflags;
3690 txwi->txop = 0; /* clear leftover garbage bits */
3693 data->ni = ieee80211_ref_node(ni);
3695 /* XXX TODO: methodize with MCS rates */
3696 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3697 if (rt2860_rates[ridx].rate == protrate)
3701 run_set_tx_desc(sc, data);
3703 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n",
3704 m->m_pkthdr.len, rate);
3706 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3708 usbd_transfer_start(sc->sc_xfer[0]);
3714 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3715 const struct ieee80211_bpf_params *params)
3717 struct ieee80211com *ic = ni->ni_ic;
3718 struct run_tx_data *data;
3719 struct rt2870_txd *txd;
3720 struct rt2860_txwi *txwi;
3723 uint8_t opflags = 0;
3727 RUN_LOCK_ASSERT(sc, MA_OWNED);
3729 KASSERT(params != NULL, ("no raw xmit params"));
3731 rate = params->ibp_rate0;
3732 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3733 /* let caller free mbuf */
3737 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3738 xflags |= RT2860_TX_ACK;
3739 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3740 error = run_sendprot(sc, m, ni,
3741 params->ibp_flags & IEEE80211_BPF_RTS ?
3742 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3745 /* let caller free mbuf */
3748 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3751 if (sc->sc_epq[0].tx_nfree == 0) {
3752 /* let caller free mbuf */
3753 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3754 "sending raw frame, but tx ring is full\n");
3757 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3758 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3759 sc->sc_epq[0].tx_nfree--;
3761 txd = (struct rt2870_txd *)&data->desc;
3762 txd->flags = RT2860_TX_QSEL_EDCA;
3763 txwi = (struct rt2860_txwi *)(txd + 1);
3765 txwi->xflags = xflags;
3766 txwi->txop = opflags;
3767 txwi->flags = 0; /* clear leftover garbage bits */
3771 /* XXX TODO: methodize with MCS rates */
3772 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3773 if (rt2860_rates[ridx].rate == rate)
3777 run_set_tx_desc(sc, data);
3779 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n",
3780 m->m_pkthdr.len, rate);
3782 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3784 usbd_transfer_start(sc->sc_xfer[0]);
3790 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3791 const struct ieee80211_bpf_params *params)
3793 struct run_softc *sc = ni->ni_ic->ic_softc;
3798 /* prevent management frames from being sent if we're not ready */
3799 if (!(sc->sc_flags & RUN_RUNNING)) {
3804 if (params == NULL) {
3806 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3807 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n");
3811 /* tx raw packet with param */
3812 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3813 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n");
3830 run_transmit(struct ieee80211com *ic, struct mbuf *m)
3832 struct run_softc *sc = ic->ic_softc;
3836 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3840 error = mbufq_enqueue(&sc->sc_snd, m);
3852 run_start(struct run_softc *sc)
3854 struct ieee80211_node *ni;
3857 RUN_LOCK_ASSERT(sc, MA_OWNED);
3859 if ((sc->sc_flags & RUN_RUNNING) == 0)
3862 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3863 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3864 if (run_tx(sc, m, ni) != 0) {
3865 mbufq_prepend(&sc->sc_snd, m);
3872 run_parent(struct ieee80211com *ic)
3874 struct run_softc *sc = ic->ic_softc;
3878 if (sc->sc_detached) {
3883 if (ic->ic_nrunning > 0) {
3884 if (!(sc->sc_flags & RUN_RUNNING)) {
3886 run_init_locked(sc);
3888 run_update_promisc_locked(sc);
3889 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3893 ieee80211_start_all(ic);
3897 run_iq_calib(struct run_softc *sc, u_int chan)
3902 run_bbp_write(sc, 158, 0x2c);
3904 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3905 else if (chan <= 64) {
3907 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3909 } else if (chan <= 138) {
3911 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3913 } else if (chan <= 165) {
3915 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3919 run_bbp_write(sc, 159, val);
3922 run_bbp_write(sc, 158, 0x2d);
3924 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3926 } else if (chan <= 64) {
3928 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3930 } else if (chan <= 138) {
3932 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3934 } else if (chan <= 165) {
3936 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3940 run_bbp_write(sc, 159, val);
3943 run_bbp_write(sc, 158, 0x4a);
3945 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3947 } else if (chan <= 64) {
3949 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3951 } else if (chan <= 138) {
3953 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3955 } else if (chan <= 165) {
3957 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3961 run_bbp_write(sc, 159, val);
3964 run_bbp_write(sc, 158, 0x4b);
3966 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3968 } else if (chan <= 64) {
3970 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3972 } else if (chan <= 138) {
3974 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3976 } else if (chan <= 165) {
3978 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3982 run_bbp_write(sc, 159, val);
3984 /* RF IQ compensation control. */
3985 run_bbp_write(sc, 158, 0x04);
3986 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3988 run_bbp_write(sc, 159, val);
3990 /* RF IQ imbalance compensation control. */
3991 run_bbp_write(sc, 158, 0x03);
3993 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3994 run_bbp_write(sc, 159, val);
3998 run_set_agc(struct run_softc *sc, uint8_t agc)
4002 if (sc->mac_ver == 0x3572) {
4003 run_bbp_read(sc, 27, &bbp);
4005 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
4006 run_bbp_write(sc, 66, agc);
4007 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
4008 run_bbp_write(sc, 66, agc);
4010 run_bbp_write(sc, 66, agc);
4014 run_select_chan_group(struct run_softc *sc, int group)
4019 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
4020 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
4021 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
4022 if (sc->mac_ver < 0x3572)
4023 run_bbp_write(sc, 86, 0x00);
4025 if (sc->mac_ver == 0x3593) {
4026 run_bbp_write(sc, 77, 0x98);
4027 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
4031 if (sc->ext_2ghz_lna) {
4032 if (sc->mac_ver >= 0x5390)
4033 run_bbp_write(sc, 75, 0x52);
4035 run_bbp_write(sc, 82, 0x62);
4036 run_bbp_write(sc, 75, 0x46);
4039 if (sc->mac_ver == 0x5592) {
4040 run_bbp_write(sc, 79, 0x1c);
4041 run_bbp_write(sc, 80, 0x0e);
4042 run_bbp_write(sc, 81, 0x3a);
4043 run_bbp_write(sc, 82, 0x62);
4045 run_bbp_write(sc, 195, 0x80);
4046 run_bbp_write(sc, 196, 0xe0);
4047 run_bbp_write(sc, 195, 0x81);
4048 run_bbp_write(sc, 196, 0x1f);
4049 run_bbp_write(sc, 195, 0x82);
4050 run_bbp_write(sc, 196, 0x38);
4051 run_bbp_write(sc, 195, 0x83);
4052 run_bbp_write(sc, 196, 0x32);
4053 run_bbp_write(sc, 195, 0x85);
4054 run_bbp_write(sc, 196, 0x28);
4055 run_bbp_write(sc, 195, 0x86);
4056 run_bbp_write(sc, 196, 0x19);
4057 } else if (sc->mac_ver >= 0x5390)
4058 run_bbp_write(sc, 75, 0x50);
4060 run_bbp_write(sc, 82,
4061 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
4062 run_bbp_write(sc, 75, 0x50);
4066 if (sc->mac_ver == 0x5592) {
4067 run_bbp_write(sc, 79, 0x18);
4068 run_bbp_write(sc, 80, 0x08);
4069 run_bbp_write(sc, 81, 0x38);
4070 run_bbp_write(sc, 82, 0x92);
4072 run_bbp_write(sc, 195, 0x80);
4073 run_bbp_write(sc, 196, 0xf0);
4074 run_bbp_write(sc, 195, 0x81);
4075 run_bbp_write(sc, 196, 0x1e);
4076 run_bbp_write(sc, 195, 0x82);
4077 run_bbp_write(sc, 196, 0x28);
4078 run_bbp_write(sc, 195, 0x83);
4079 run_bbp_write(sc, 196, 0x20);
4080 run_bbp_write(sc, 195, 0x85);
4081 run_bbp_write(sc, 196, 0x7f);
4082 run_bbp_write(sc, 195, 0x86);
4083 run_bbp_write(sc, 196, 0x7f);
4084 } else if (sc->mac_ver == 0x3572)
4085 run_bbp_write(sc, 82, 0x94);
4087 run_bbp_write(sc, 82,
4088 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4089 if (sc->ext_5ghz_lna)
4090 run_bbp_write(sc, 75, 0x46);
4092 run_bbp_write(sc, 75, 0x50);
4095 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4096 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4097 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4098 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4100 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4101 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4102 if (sc->mac_ver == 0x3593)
4103 tmp |= 1 << 29 | 1 << 28;
4104 if (sc->nrxchains > 1)
4105 tmp |= RT2860_LNA_PE1_EN;
4106 if (group == 0) { /* 2GHz */
4107 tmp |= RT2860_PA_PE_G0_EN;
4108 if (sc->ntxchains > 1)
4109 tmp |= RT2860_PA_PE_G1_EN;
4110 if (sc->mac_ver == 0x3593) {
4111 if (sc->ntxchains > 2)
4115 tmp |= RT2860_PA_PE_A0_EN;
4116 if (sc->ntxchains > 1)
4117 tmp |= RT2860_PA_PE_A1_EN;
4119 if (sc->mac_ver == 0x3572) {
4120 run_rt3070_rf_write(sc, 8, 0x00);
4121 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4122 run_rt3070_rf_write(sc, 8, 0x80);
4124 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4126 if (sc->mac_ver == 0x5592) {
4127 run_bbp_write(sc, 195, 0x8d);
4128 run_bbp_write(sc, 196, 0x1a);
4131 if (sc->mac_ver == 0x3593) {
4132 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4136 tmp = (tmp & ~0x00009090) | 0x00000090;
4137 run_write(sc, RT2860_GPIO_CTRL, tmp);
4140 /* set initial AGC value */
4141 if (group == 0) { /* 2GHz band */
4142 if (sc->mac_ver >= 0x3070)
4143 agc = 0x1c + sc->lna[0] * 2;
4145 agc = 0x2e + sc->lna[0];
4146 } else { /* 5GHz band */
4147 if (sc->mac_ver == 0x5592)
4148 agc = 0x24 + sc->lna[group] * 2;
4149 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4150 agc = 0x22 + (sc->lna[group] * 5) / 3;
4152 agc = 0x32 + (sc->lna[group] * 5) / 3;
4154 run_set_agc(sc, agc);
4158 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4160 const struct rfprog *rfprog = rt2860_rf2850;
4161 uint32_t r2, r3, r4;
4162 int8_t txpow1, txpow2;
4165 /* find the settings for this channel (we know it exists) */
4166 for (i = 0; rfprog[i].chan != chan; i++);
4169 if (sc->ntxchains == 1)
4170 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4171 if (sc->nrxchains == 1)
4172 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4173 else if (sc->nrxchains == 2)
4174 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4176 /* use Tx power values from EEPROM */
4177 txpow1 = sc->txpow1[i];
4178 txpow2 = sc->txpow2[i];
4180 /* Initialize RF R3 and R4. */
4181 r3 = rfprog[i].r3 & 0xffffc1ff;
4182 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4185 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4186 r3 |= (txpow1 << 10) | (1 << 9);
4190 /* txpow1 is not possible larger than 15. */
4191 r3 |= (txpow1 << 10);
4194 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4195 r4 |= (txpow2 << 7) | (1 << 6);
4198 r4 |= (txpow2 << 7);
4201 /* Set Tx0 power. */
4202 r3 |= (txpow1 << 9);
4204 /* Set frequency offset and Tx1 power. */
4205 r4 |= (txpow2 << 6);
4208 run_rt2870_rf_write(sc, rfprog[i].r1);
4209 run_rt2870_rf_write(sc, r2);
4210 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4211 run_rt2870_rf_write(sc, r4);
4215 run_rt2870_rf_write(sc, rfprog[i].r1);
4216 run_rt2870_rf_write(sc, r2);
4217 run_rt2870_rf_write(sc, r3 | (1 << 2));
4218 run_rt2870_rf_write(sc, r4);
4222 run_rt2870_rf_write(sc, rfprog[i].r1);
4223 run_rt2870_rf_write(sc, r2);
4224 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4225 run_rt2870_rf_write(sc, r4);
4229 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4231 int8_t txpow1, txpow2;
4235 /* find the settings for this channel (we know it exists) */
4236 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4238 /* use Tx power values from EEPROM */
4239 txpow1 = sc->txpow1[i];
4240 txpow2 = sc->txpow2[i];
4242 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4244 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4245 run_rt3070_rf_read(sc, 3, &rf);
4246 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4247 run_rt3070_rf_write(sc, 3, rf);
4249 run_rt3070_rf_read(sc, 6, &rf);
4250 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4251 run_rt3070_rf_write(sc, 6, rf);
4254 run_rt3070_rf_read(sc, 12, &rf);
4255 rf = (rf & ~0x1f) | txpow1;
4256 run_rt3070_rf_write(sc, 12, rf);
4259 run_rt3070_rf_read(sc, 13, &rf);
4260 rf = (rf & ~0x1f) | txpow2;
4261 run_rt3070_rf_write(sc, 13, rf);
4263 run_rt3070_rf_read(sc, 1, &rf);
4265 if (sc->ntxchains == 1)
4266 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4267 else if (sc->ntxchains == 2)
4268 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4269 if (sc->nrxchains == 1)
4270 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4271 else if (sc->nrxchains == 2)
4272 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4273 run_rt3070_rf_write(sc, 1, rf);
4276 run_rt3070_rf_read(sc, 23, &rf);
4277 rf = (rf & ~0x7f) | sc->freq;
4278 run_rt3070_rf_write(sc, 23, rf);
4280 /* program RF filter */
4281 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4282 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4283 run_rt3070_rf_write(sc, 24, rf);
4284 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4285 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4286 run_rt3070_rf_write(sc, 31, rf);
4288 /* enable RF tuning */
4289 run_rt3070_rf_read(sc, 7, &rf);
4290 run_rt3070_rf_write(sc, 7, rf | 0x01);
4294 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4296 int8_t txpow1, txpow2;
4301 /* find the settings for this channel (we know it exists) */
4302 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4304 /* use Tx power values from EEPROM */
4305 txpow1 = sc->txpow1[i];
4306 txpow2 = sc->txpow2[i];
4309 run_bbp_write(sc, 25, sc->bbp25);
4310 run_bbp_write(sc, 26, sc->bbp26);
4312 /* enable IQ phase correction */
4313 run_bbp_write(sc, 25, 0x09);
4314 run_bbp_write(sc, 26, 0xff);
4317 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4318 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4319 run_rt3070_rf_read(sc, 6, &rf);
4320 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4321 rf |= (chan <= 14) ? 0x08 : 0x04;
4322 run_rt3070_rf_write(sc, 6, rf);
4325 run_rt3070_rf_read(sc, 5, &rf);
4326 rf &= ~(0x08 | 0x04);
4327 rf |= (chan <= 14) ? 0x04 : 0x08;
4328 run_rt3070_rf_write(sc, 5, rf);
4330 /* set Tx power for chain 0 */
4334 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4335 run_rt3070_rf_write(sc, 12, rf);
4337 /* set Tx power for chain 1 */
4341 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4342 run_rt3070_rf_write(sc, 13, rf);
4344 /* set Tx/Rx streams */
4345 run_rt3070_rf_read(sc, 1, &rf);
4347 if (sc->ntxchains == 1)
4348 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4349 else if (sc->ntxchains == 2)
4350 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4351 if (sc->nrxchains == 1)
4352 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4353 else if (sc->nrxchains == 2)
4354 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4355 run_rt3070_rf_write(sc, 1, rf);
4358 run_rt3070_rf_read(sc, 23, &rf);
4359 rf = (rf & ~0x7f) | sc->freq;
4360 run_rt3070_rf_write(sc, 23, rf);
4362 /* program RF filter */
4363 rf = sc->rf24_20mhz;
4364 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4365 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4367 /* enable RF tuning */
4368 run_rt3070_rf_read(sc, 7, &rf);
4369 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4370 run_rt3070_rf_write(sc, 7, rf);
4373 rf = (chan <= 14) ? 0xc3 : 0xc0;
4374 run_rt3070_rf_write(sc, 9, rf);
4376 /* set loop filter 1 */
4377 run_rt3070_rf_write(sc, 10, 0xf1);
4378 /* set loop filter 2 */
4379 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4382 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4385 rf = 0x48 | sc->txmixgain_2ghz;
4387 rf = 0x78 | sc->txmixgain_5ghz;
4388 run_rt3070_rf_write(sc, 16, rf);
4391 run_rt3070_rf_write(sc, 17, 0x23);
4395 else if (chan <= 64)
4397 else if (chan <= 128)
4401 run_rt3070_rf_write(sc, 19, rf);
4406 else if (chan <= 64)
4408 else if (chan <= 128)
4412 run_rt3070_rf_write(sc, 20, rf);
4417 else if (chan <= 64)
4421 run_rt3070_rf_write(sc, 25, rf);
4424 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4426 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4428 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4430 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4434 run_write(sc, RT2860_GPIO_CTRL, tmp);
4436 /* enable RF tuning */
4437 run_rt3070_rf_read(sc, 7, &rf);
4438 run_rt3070_rf_write(sc, 7, rf | 0x01);
4444 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4446 int8_t txpow1, txpow2, txpow3;
4450 /* find the settings for this channel (we know it exists) */
4451 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4453 /* use Tx power values from EEPROM */
4454 txpow1 = sc->txpow1[i];
4455 txpow2 = sc->txpow2[i];
4456 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4459 run_bbp_write(sc, 25, sc->bbp25);
4460 run_bbp_write(sc, 26, sc->bbp26);
4462 /* Enable IQ phase correction. */
4463 run_bbp_write(sc, 25, 0x09);
4464 run_bbp_write(sc, 26, 0xff);
4467 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4468 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4469 run_rt3070_rf_read(sc, 11, &rf);
4470 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4471 run_rt3070_rf_write(sc, 11, rf);
4474 run_rt3070_rf_read(sc, 11, &rf);
4476 rf |= (chan <= 14) ? 0x44 : 0x48;
4477 run_rt3070_rf_write(sc, 11, rf);
4482 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4483 run_rt3070_rf_write(sc, 53, rf);
4488 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4489 run_rt3070_rf_write(sc, 55, rf);
4494 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4495 run_rt3070_rf_write(sc, 54, rf);
4497 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4498 if (sc->ntxchains == 3)
4499 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4501 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4502 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4503 run_rt3070_rf_write(sc, 1, rf);
4505 run_adjust_freq_offset(sc);
4507 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4509 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4510 run_rt3070_rf_read(sc, 30, &rf);
4511 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4512 run_rt3070_rf_write(sc, 30, rf);
4514 run_rt3070_rf_read(sc, 36, &rf);
4519 run_rt3070_rf_write(sc, 36, rf);
4522 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4523 /* Set pfd_delay. */
4524 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4526 /* Set vco bias current control. */
4527 run_rt3070_rf_read(sc, 6, &rf);
4531 else if (chan <= 128)
4535 run_rt3070_rf_write(sc, 6, rf);
4537 run_rt3070_rf_read(sc, 30, &rf);
4538 rf = (rf & ~0x18) | 0x10;
4539 run_rt3070_rf_write(sc, 30, rf);
4541 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4542 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4544 run_rt3070_rf_read(sc, 51, &rf);
4545 rf = (rf & ~0x03) | 0x01;
4546 run_rt3070_rf_write(sc, 51, rf);
4547 /* Set tx_mx1_cc. */
4548 run_rt3070_rf_read(sc, 51, &rf);
4550 rf |= (chan <= 14) ? 0x14 : 0x10;
4551 run_rt3070_rf_write(sc, 51, rf);
4552 /* Set tx_mx1_ic. */
4553 run_rt3070_rf_read(sc, 51, &rf);
4555 rf |= (chan <= 14) ? 0x60 : 0x40;
4556 run_rt3070_rf_write(sc, 51, rf);
4557 /* Set tx_lo1_ic. */
4558 run_rt3070_rf_read(sc, 49, &rf);
4560 rf |= (chan <= 14) ? 0x0c : 0x08;
4561 run_rt3070_rf_write(sc, 49, rf);
4562 /* Set tx_lo1_en. */
4563 run_rt3070_rf_read(sc, 50, &rf);
4564 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4566 run_rt3070_rf_read(sc, 57, &rf);
4568 rf |= (chan <= 14) ? 0x6c : 0x3c;
4569 run_rt3070_rf_write(sc, 57, rf);
4570 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4571 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4572 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4573 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4574 /* Enable VCO calibration. */
4575 run_rt3070_rf_read(sc, 3, &rf);
4576 rf &= ~RT5390_VCOCAL;
4577 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4578 run_rt3070_rf_write(sc, 3, rf);
4582 else if (chan <= 64)
4584 else if (chan <= 128)
4588 run_rt3070_rf_write(sc, 39, rf);
4591 else if (chan <= 64)
4593 else if (chan <= 128)
4597 run_rt3070_rf_write(sc, 45, rf);
4599 /* Set FEQ/AEQ control. */
4600 run_bbp_write(sc, 105, 0x34);
4604 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4606 int8_t txpow1, txpow2;
4610 /* find the settings for this channel (we know it exists) */
4611 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4613 /* use Tx power values from EEPROM */
4614 txpow1 = sc->txpow1[i];
4615 txpow2 = sc->txpow2[i];
4617 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4618 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4619 run_rt3070_rf_read(sc, 11, &rf);
4620 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4621 run_rt3070_rf_write(sc, 11, rf);
4623 run_rt3070_rf_read(sc, 49, &rf);
4624 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4625 /* The valid range of the RF R49 is 0x00 to 0x27. */
4626 if ((rf & 0x3f) > 0x27)
4627 rf = (rf & ~0x3f) | 0x27;
4628 run_rt3070_rf_write(sc, 49, rf);
4630 if (sc->mac_ver == 0x5392) {
4631 run_rt3070_rf_read(sc, 50, &rf);
4632 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4633 /* The valid range of the RF R50 is 0x00 to 0x27. */
4634 if ((rf & 0x3f) > 0x27)
4635 rf = (rf & ~0x3f) | 0x27;
4636 run_rt3070_rf_write(sc, 50, rf);
4639 run_rt3070_rf_read(sc, 1, &rf);
4640 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4641 if (sc->mac_ver == 0x5392)
4642 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4643 run_rt3070_rf_write(sc, 1, rf);
4645 if (sc->mac_ver != 0x5392) {
4646 run_rt3070_rf_read(sc, 2, &rf);
4648 run_rt3070_rf_write(sc, 2, rf);
4651 run_rt3070_rf_write(sc, 2, rf);
4654 run_adjust_freq_offset(sc);
4656 if (sc->mac_ver == 0x5392) {
4657 /* Fix for RT5392C. */
4658 if (sc->mac_rev >= 0x0223) {
4661 else if (chan >= 5 && chan <= 7)
4665 run_rt3070_rf_write(sc, 23, rf);
4671 else if (chan >= 6 && chan <= 7)
4673 else if (chan >= 8 && chan <= 10)
4677 run_rt3070_rf_write(sc, 59, rf);
4683 run_rt3070_rf_write(sc, 59, rf);
4686 /* Fix for RT5390F. */
4687 if (sc->mac_rev >= 0x0502) {
4692 run_rt3070_rf_write(sc, 55, rf);
4696 else if (chan == 12)
4700 run_rt3070_rf_write(sc, 59, rf);
4702 run_rt3070_rf_write(sc, 55, 0x44);
4703 run_rt3070_rf_write(sc, 59, 0x8f);
4707 /* Enable VCO calibration. */
4708 run_rt3070_rf_read(sc, 3, &rf);
4709 rf |= RT5390_VCOCAL;
4710 run_rt3070_rf_write(sc, 3, rf);
4714 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4716 const struct rt5592_freqs *freqs;
4718 uint8_t reg, rf, txpow_bound;
4719 int8_t txpow1, txpow2;
4722 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4723 freqs = (tmp & RT5592_SEL_XTAL) ?
4724 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4726 /* find the settings for this channel (we know it exists) */
4727 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4729 /* use Tx power values from EEPROM */
4730 txpow1 = sc->txpow1[i];
4731 txpow2 = sc->txpow2[i];
4733 run_read(sc, RT3070_LDO_CFG0, &tmp);
4737 run_write(sc, RT3070_LDO_CFG0, tmp);
4740 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4741 run_rt3070_rf_read(sc, 9, &rf);
4743 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4744 run_rt3070_rf_write(sc, 9, rf);
4747 run_rt3070_rf_read(sc, 9, &rf);
4749 rf |= (freqs->k & 0x0f);
4750 run_rt3070_rf_write(sc, 9, rf);
4753 run_rt3070_rf_read(sc, 11, &rf);
4755 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4756 run_rt3070_rf_write(sc, 11, rf);
4757 run_rt3070_rf_read(sc, 9, &rf);
4759 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4760 run_rt3070_rf_write(sc, 9, rf);
4763 run_rt3070_rf_read(sc, 11, &rf);
4765 rf |= (freqs->r - 0x1);
4766 run_rt3070_rf_write(sc, 11, rf);
4769 /* Initialize RF registers for 2GHZ. */
4770 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4771 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4772 rt5592_2ghz_def_rf[i].val);
4775 rf = (chan <= 10) ? 0x07 : 0x06;
4776 run_rt3070_rf_write(sc, 23, rf);
4777 run_rt3070_rf_write(sc, 59, rf);
4779 run_rt3070_rf_write(sc, 55, 0x43);
4782 * RF R49/R50 Tx power ALC code.
4783 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4788 /* Initialize RF registers for 5GHZ. */
4789 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4790 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4791 rt5592_5ghz_def_rf[i].val);
4793 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4794 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4795 chan <= rt5592_chan_5ghz[i].lastchan) {
4796 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4797 rt5592_chan_5ghz[i].val);
4802 * RF R49/R50 Tx power ALC code.
4803 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4809 /* RF R49 ch0 Tx power ALC code. */
4810 run_rt3070_rf_read(sc, 49, &rf);
4813 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4814 if ((rf & 0x3f) > txpow_bound)
4815 rf = (rf & ~0x3f) | txpow_bound;
4816 run_rt3070_rf_write(sc, 49, rf);
4818 /* RF R50 ch1 Tx power ALC code. */
4819 run_rt3070_rf_read(sc, 50, &rf);
4820 rf &= ~(1 << 7 | 1 << 6);
4822 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4823 if ((rf & 0x3f) > txpow_bound)
4824 rf = (rf & ~0x3f) | txpow_bound;
4825 run_rt3070_rf_write(sc, 50, rf);
4827 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4828 run_rt3070_rf_read(sc, 1, &rf);
4829 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4830 if (sc->ntxchains > 1)
4831 rf |= RT3070_TX1_PD;
4832 if (sc->nrxchains > 1)
4833 rf |= RT3070_RX1_PD;
4834 run_rt3070_rf_write(sc, 1, rf);
4836 run_rt3070_rf_write(sc, 6, 0xe4);
4838 run_rt3070_rf_write(sc, 30, 0x10);
4839 run_rt3070_rf_write(sc, 31, 0x80);
4840 run_rt3070_rf_write(sc, 32, 0x80);
4842 run_adjust_freq_offset(sc);
4844 /* Enable VCO calibration. */
4845 run_rt3070_rf_read(sc, 3, &rf);
4846 rf |= RT5390_VCOCAL;
4847 run_rt3070_rf_write(sc, 3, rf);
4851 run_set_rx_antenna(struct run_softc *sc, int aux)
4857 if (sc->rf_rev == RT5390_RF_5370) {
4858 run_bbp_read(sc, 152, &bbp152);
4859 run_bbp_write(sc, 152, bbp152 & ~0x80);
4861 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4862 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4863 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4866 if (sc->rf_rev == RT5390_RF_5370) {
4867 run_bbp_read(sc, 152, &bbp152);
4868 run_bbp_write(sc, 152, bbp152 | 0x80);
4870 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4871 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4872 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4878 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4880 struct ieee80211com *ic = &sc->sc_ic;
4883 chan = ieee80211_chan2ieee(ic, c);
4884 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4887 if (sc->mac_ver == 0x5592)
4888 run_rt5592_set_chan(sc, chan);
4889 else if (sc->mac_ver >= 0x5390)
4890 run_rt5390_set_chan(sc, chan);
4891 else if (sc->mac_ver == 0x3593)
4892 run_rt3593_set_chan(sc, chan);
4893 else if (sc->mac_ver == 0x3572)
4894 run_rt3572_set_chan(sc, chan);
4895 else if (sc->mac_ver >= 0x3070)
4896 run_rt3070_set_chan(sc, chan);
4898 run_rt2870_set_chan(sc, chan);
4900 /* determine channel group */
4903 else if (chan <= 64)
4905 else if (chan <= 128)
4910 /* XXX necessary only when group has changed! */
4911 run_select_chan_group(sc, group);
4915 /* Perform IQ calibration. */
4916 if (sc->mac_ver >= 0x5392)
4917 run_iq_calib(sc, chan);
4923 run_set_channel(struct ieee80211com *ic)
4925 struct run_softc *sc = ic->ic_softc;
4928 run_set_chan(sc, ic->ic_curchan);
4935 run_getradiocaps(struct ieee80211com *ic,
4936 int maxchans, int *nchans, struct ieee80211_channel chans[])
4938 struct run_softc *sc = ic->ic_softc;
4939 uint8_t bands[IEEE80211_MODE_BYTES];
4941 memset(bands, 0, sizeof(bands));
4942 setbit(bands, IEEE80211_MODE_11B);
4943 setbit(bands, IEEE80211_MODE_11G);
4944 if (sc->rf_rev != RT3070_RF_2020)
4945 setbit(bands, IEEE80211_MODE_11NG);
4947 /* Note: for now, only support HT20 channels */
4948 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0);
4950 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
4951 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
4952 sc->rf_rev == RT5592_RF_5592) {
4953 setbit(bands, IEEE80211_MODE_11A);
4954 if (sc->rf_rev != RT3070_RF_2020)
4955 setbit(bands, IEEE80211_MODE_11NA);
4956 /* Note: for now, only support HT20 channels */
4957 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
4958 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0);
4963 run_scan_start(struct ieee80211com *ic)
4965 struct run_softc *sc = ic->ic_softc;
4969 /* abort TSF synchronization */
4970 run_disable_tsf(sc);
4971 run_set_bssid(sc, ieee80211broadcastaddr);
4979 run_scan_end(struct ieee80211com *ic)
4981 struct run_softc *sc = ic->ic_softc;
4985 run_enable_tsf_sync(sc);
4986 run_set_bssid(sc, sc->sc_bssid);
4994 * Could be called from ieee80211_node_timeout()
4995 * (non-sleepable thread)
4998 run_update_beacon(struct ieee80211vap *vap, int item)
5000 struct ieee80211com *ic = vap->iv_ic;
5001 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
5002 struct ieee80211_node *ni = vap->iv_bss;
5003 struct run_softc *sc = ic->ic_softc;
5004 struct run_vap *rvp = RUN_VAP(vap);
5009 case IEEE80211_BEACON_ERP:
5012 case IEEE80211_BEACON_HTINFO:
5015 case IEEE80211_BEACON_TIM:
5022 setbit(bo->bo_flags, item);
5023 if (rvp->beacon_mbuf == NULL) {
5024 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
5025 if (rvp->beacon_mbuf == NULL)
5028 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
5030 i = RUN_CMDQ_GET(&sc->cmdq_store);
5031 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5032 sc->cmdq[i].func = run_update_beacon_cb;
5033 sc->cmdq[i].arg0 = vap;
5034 ieee80211_runtask(ic, &sc->cmdq_task);
5040 run_update_beacon_cb(void *arg)
5042 struct ieee80211vap *vap = arg;
5043 struct ieee80211_node *ni = vap->iv_bss;
5044 struct run_vap *rvp = RUN_VAP(vap);
5045 struct ieee80211com *ic = vap->iv_ic;
5046 struct run_softc *sc = ic->ic_softc;
5047 struct rt2860_txwi txwi;
5052 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
5054 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
5058 * No need to call ieee80211_beacon_update(), run_update_beacon()
5059 * is taking care of appropriate calls.
5061 if (rvp->beacon_mbuf == NULL) {
5062 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
5063 if (rvp->beacon_mbuf == NULL)
5066 m = rvp->beacon_mbuf;
5068 memset(&txwi, 0, sizeof(txwi));
5070 txwi.len = htole16(m->m_pkthdr.len);
5072 /* send beacons at the lowest available rate */
5073 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
5074 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
5075 txwi.phy = htole16(rt2860_rates[ridx].mcs);
5076 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
5077 txwi.phy |= htole16(RT2860_PHY_OFDM);
5078 txwi.txop = RT2860_TX_TXOP_HT;
5079 txwi.flags = RT2860_TX_TS;
5080 txwi.xflags = RT2860_TX_NSEQ;
5082 txwisize = (sc->mac_ver == 0x5592) ?
5083 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
5084 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
5086 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
5087 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
5091 run_updateprot(struct ieee80211com *ic)
5093 struct run_softc *sc = ic->ic_softc;
5096 i = RUN_CMDQ_GET(&sc->cmdq_store);
5097 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5098 sc->cmdq[i].func = run_updateprot_cb;
5099 sc->cmdq[i].arg0 = ic;
5100 ieee80211_runtask(ic, &sc->cmdq_task);
5104 run_updateprot_cb(void *arg)
5106 struct ieee80211com *ic = arg;
5107 struct run_softc *sc = ic->ic_softc;
5110 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5111 /* setup protection frame rate (MCS code) */
5112 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5113 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5114 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5116 /* CCK frames don't require protection */
5117 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5118 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5119 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5120 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5121 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5122 tmp |= RT2860_PROT_CTRL_CTS;
5124 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5128 run_usb_timeout_cb(void *arg)
5130 struct ieee80211vap *vap = arg;
5131 struct run_softc *sc = vap->iv_ic->ic_softc;
5133 RUN_LOCK_ASSERT(sc, MA_OWNED);
5135 if(vap->iv_state == IEEE80211_S_RUN &&
5136 vap->iv_opmode != IEEE80211_M_STA)
5137 run_reset_livelock(sc);
5138 else if (vap->iv_state == IEEE80211_S_SCAN) {
5139 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5140 "timeout caused by scan\n");
5142 ieee80211_cancel_scan(vap);
5144 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5145 "timeout by unknown cause\n");
5149 run_reset_livelock(struct run_softc *sc)
5153 RUN_LOCK_ASSERT(sc, MA_OWNED);
5156 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5157 * can run into a livelock and start sending CTS-to-self frames like
5158 * crazy if protection is enabled. Reset MAC/BBP for a while
5160 run_read(sc, RT2860_DEBUG, &tmp);
5161 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp);
5162 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5163 RUN_DPRINTF(sc, RUN_DEBUG_RESET,
5164 "CTS-to-self livelock detected\n");
5165 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5167 run_write(sc, RT2860_MAC_SYS_CTRL,
5168 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5173 run_update_promisc_locked(struct run_softc *sc)
5177 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5179 tmp |= RT2860_DROP_UC_NOME;
5180 if (sc->sc_ic.ic_promisc > 0)
5181 tmp &= ~RT2860_DROP_UC_NOME;
5183 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5185 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n",
5186 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving");
5190 run_update_promisc(struct ieee80211com *ic)
5192 struct run_softc *sc = ic->ic_softc;
5194 if ((sc->sc_flags & RUN_RUNNING) == 0)
5198 run_update_promisc_locked(sc);
5203 run_enable_tsf_sync(struct run_softc *sc)
5205 struct ieee80211com *ic = &sc->sc_ic;
5206 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5209 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n",
5210 RUN_VAP(vap)->rvp_id, ic->ic_opmode);
5212 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5214 tmp |= vap->iv_bss->ni_intval * 16;
5215 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5217 if (ic->ic_opmode == IEEE80211_M_STA) {
5219 * Local TSF is always updated with remote TSF on beacon
5222 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5223 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5224 tmp |= RT2860_BCN_TX_EN;
5226 * Local TSF is updated with remote TSF on beacon reception
5227 * only if the remote TSF is greater than local TSF.
5229 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5230 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5231 ic->ic_opmode == IEEE80211_M_MBSS) {
5232 tmp |= RT2860_BCN_TX_EN;
5233 /* SYNC with nobody */
5234 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5236 RUN_DPRINTF(sc, RUN_DEBUG_BEACON,
5237 "Enabling TSF failed. undefined opmode\n");
5241 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5245 run_enable_tsf(struct run_softc *sc)
5249 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5250 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5251 tmp |= RT2860_TSF_TIMER_EN;
5252 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5257 run_disable_tsf(struct run_softc *sc)
5261 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5262 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
5263 RT2860_TBTT_TIMER_EN);
5264 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5269 run_get_tsf(struct run_softc *sc, uint64_t *buf)
5271 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5276 run_enable_mrr(struct run_softc *sc)
5278 #define CCK(mcs) (mcs)
5279 #define OFDM(mcs) (1 << 3 | (mcs))
5280 run_write(sc, RT2860_LG_FBK_CFG0,
5281 OFDM(6) << 28 | /* 54->48 */
5282 OFDM(5) << 24 | /* 48->36 */
5283 OFDM(4) << 20 | /* 36->24 */
5284 OFDM(3) << 16 | /* 24->18 */
5285 OFDM(2) << 12 | /* 18->12 */
5286 OFDM(1) << 8 | /* 12-> 9 */
5287 OFDM(0) << 4 | /* 9-> 6 */
5288 OFDM(0)); /* 6-> 6 */
5290 run_write(sc, RT2860_LG_FBK_CFG1,
5291 CCK(2) << 12 | /* 11->5.5 */
5292 CCK(1) << 8 | /* 5.5-> 2 */
5293 CCK(0) << 4 | /* 2-> 1 */
5294 CCK(0)); /* 1-> 1 */
5300 run_set_txpreamble(struct run_softc *sc)
5302 struct ieee80211com *ic = &sc->sc_ic;
5305 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5306 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5307 tmp |= RT2860_CCK_SHORT_EN;
5309 tmp &= ~RT2860_CCK_SHORT_EN;
5310 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5314 run_set_basicrates(struct run_softc *sc)
5316 struct ieee80211com *ic = &sc->sc_ic;
5318 /* set basic rates mask */
5319 if (ic->ic_curmode == IEEE80211_MODE_11B)
5320 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5321 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5322 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5324 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5328 run_set_leds(struct run_softc *sc, uint16_t which)
5330 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5331 which | (sc->leds & 0x7f));
5335 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5337 run_write(sc, RT2860_MAC_BSSID_DW0,
5338 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5339 run_write(sc, RT2860_MAC_BSSID_DW1,
5340 bssid[4] | bssid[5] << 8);
5344 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5346 run_write(sc, RT2860_MAC_ADDR_DW0,
5347 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5348 run_write(sc, RT2860_MAC_ADDR_DW1,
5349 addr[4] | addr[5] << 8 | 0xff << 16);
5353 run_updateslot(struct ieee80211com *ic)
5355 struct run_softc *sc = ic->ic_softc;
5358 i = RUN_CMDQ_GET(&sc->cmdq_store);
5359 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5360 sc->cmdq[i].func = run_updateslot_cb;
5361 sc->cmdq[i].arg0 = ic;
5362 ieee80211_runtask(ic, &sc->cmdq_task);
5369 run_updateslot_cb(void *arg)
5371 struct ieee80211com *ic = arg;
5372 struct run_softc *sc = ic->ic_softc;
5375 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5377 tmp |= IEEE80211_GET_SLOTTIME(ic);
5378 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5382 run_update_mcast(struct ieee80211com *ic)
5387 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5389 struct ieee80211com *ic = &sc->sc_ic;
5390 struct ieee80211_channel *c = ic->ic_curchan;
5393 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5394 u_int chan = ieee80211_chan2ieee(ic, c);
5395 delta = sc->rssi_5ghz[rxchain];
5397 /* determine channel group */
5399 delta -= sc->lna[1];
5400 else if (chan <= 128)
5401 delta -= sc->lna[2];
5403 delta -= sc->lna[3];
5405 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5407 return (-12 - delta - rssi);
5411 run_rt5390_bbp_init(struct run_softc *sc)
5416 /* Apply maximum likelihood detection for 2 stream case. */
5417 run_bbp_read(sc, 105, &bbp);
5418 if (sc->nrxchains > 1)
5419 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5421 /* Avoid data lost and CRC error. */
5422 run_bbp_read(sc, 4, &bbp);
5423 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5425 if (sc->mac_ver == 0x5592) {
5426 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5427 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5428 rt5592_def_bbp[i].val);
5430 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5431 run_bbp_write(sc, 195, i + 0x80);
5432 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5435 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5436 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5437 rt5390_def_bbp[i].val);
5440 if (sc->mac_ver == 0x5392) {
5441 run_bbp_write(sc, 88, 0x90);
5442 run_bbp_write(sc, 95, 0x9a);
5443 run_bbp_write(sc, 98, 0x12);
5444 run_bbp_write(sc, 106, 0x12);
5445 run_bbp_write(sc, 134, 0xd0);
5446 run_bbp_write(sc, 135, 0xf6);
5447 run_bbp_write(sc, 148, 0x84);
5450 run_bbp_read(sc, 152, &bbp);
5451 run_bbp_write(sc, 152, bbp | 0x80);
5453 /* Fix BBP254 for RT5592C. */
5454 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5455 run_bbp_read(sc, 254, &bbp);
5456 run_bbp_write(sc, 254, bbp | 0x80);
5459 /* Disable hardware antenna diversity. */
5460 if (sc->mac_ver == 0x5390)
5461 run_bbp_write(sc, 154, 0);
5463 /* Initialize Rx CCK/OFDM frequency offset report. */
5464 run_bbp_write(sc, 142, 1);
5465 run_bbp_write(sc, 143, 57);
5469 run_bbp_init(struct run_softc *sc)
5471 int i, error, ntries;
5474 /* wait for BBP to wake up */
5475 for (ntries = 0; ntries < 20; ntries++) {
5476 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5478 if (bbp0 != 0 && bbp0 != 0xff)
5484 /* initialize BBP registers to default values */
5485 if (sc->mac_ver >= 0x5390)
5486 run_rt5390_bbp_init(sc);
5488 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5489 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5490 rt2860_def_bbp[i].val);
5494 if (sc->mac_ver == 0x3593) {
5495 run_bbp_write(sc, 79, 0x13);
5496 run_bbp_write(sc, 80, 0x05);
5497 run_bbp_write(sc, 81, 0x33);
5498 run_bbp_write(sc, 86, 0x46);
5499 run_bbp_write(sc, 137, 0x0f);
5502 /* fix BBP84 for RT2860E */
5503 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5504 run_bbp_write(sc, 84, 0x19);
5506 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5507 sc->mac_ver != 0x5592)) {
5508 run_bbp_write(sc, 79, 0x13);
5509 run_bbp_write(sc, 80, 0x05);
5510 run_bbp_write(sc, 81, 0x33);
5511 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5512 run_bbp_write(sc, 69, 0x16);
5513 run_bbp_write(sc, 73, 0x12);
5519 run_rt3070_rf_init(struct run_softc *sc)
5522 uint8_t bbp4, mingain, rf, target;
5525 run_rt3070_rf_read(sc, 30, &rf);
5526 /* toggle RF R30 bit 7 */
5527 run_rt3070_rf_write(sc, 30, rf | 0x80);
5529 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5531 /* initialize RF registers to default value */
5532 if (sc->mac_ver == 0x3572) {
5533 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5534 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5535 rt3572_def_rf[i].val);
5538 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5539 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5540 rt3070_def_rf[i].val);
5544 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5546 * Change voltage from 1.2V to 1.35V for RT3070.
5547 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5550 run_read(sc, RT3070_LDO_CFG0, &tmp);
5551 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5552 run_write(sc, RT3070_LDO_CFG0, tmp);
5554 } else if (sc->mac_ver == 0x3071) {
5555 run_rt3070_rf_read(sc, 6, &rf);
5556 run_rt3070_rf_write(sc, 6, rf | 0x40);
5557 run_rt3070_rf_write(sc, 31, 0x14);
5559 run_read(sc, RT3070_LDO_CFG0, &tmp);
5561 if (sc->mac_rev < 0x0211)
5562 tmp |= 0x0d000000; /* 1.3V */
5564 tmp |= 0x01000000; /* 1.2V */
5565 run_write(sc, RT3070_LDO_CFG0, tmp);
5567 /* patch LNA_PE_G1 */
5568 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5569 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5571 } else if (sc->mac_ver == 0x3572) {
5572 run_rt3070_rf_read(sc, 6, &rf);
5573 run_rt3070_rf_write(sc, 6, rf | 0x40);
5575 /* increase voltage from 1.2V to 1.35V */
5576 run_read(sc, RT3070_LDO_CFG0, &tmp);
5577 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5578 run_write(sc, RT3070_LDO_CFG0, tmp);
5580 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5581 run_delay(sc, 1); /* wait for 1msec */
5582 /* decrease voltage back to 1.2V */
5583 tmp = (tmp & ~0x1f000000) | 0x01000000;
5584 run_write(sc, RT3070_LDO_CFG0, tmp);
5588 /* select 20MHz bandwidth */
5589 run_rt3070_rf_read(sc, 31, &rf);
5590 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5592 /* calibrate filter for 20MHz bandwidth */
5593 sc->rf24_20mhz = 0x1f; /* default value */
5594 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5595 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5597 /* select 40MHz bandwidth */
5598 run_bbp_read(sc, 4, &bbp4);
5599 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5600 run_rt3070_rf_read(sc, 31, &rf);
5601 run_rt3070_rf_write(sc, 31, rf | 0x20);
5603 /* calibrate filter for 40MHz bandwidth */
5604 sc->rf24_40mhz = 0x2f; /* default value */
5605 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5606 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5608 /* go back to 20MHz bandwidth */
5609 run_bbp_read(sc, 4, &bbp4);
5610 run_bbp_write(sc, 4, bbp4 & ~0x18);
5612 if (sc->mac_ver == 0x3572) {
5613 /* save default BBP registers 25 and 26 values */
5614 run_bbp_read(sc, 25, &sc->bbp25);
5615 run_bbp_read(sc, 26, &sc->bbp26);
5616 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5617 run_rt3070_rf_write(sc, 27, 0x03);
5619 run_read(sc, RT3070_OPT_14, &tmp);
5620 run_write(sc, RT3070_OPT_14, tmp | 1);
5622 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5623 run_rt3070_rf_read(sc, 17, &rf);
5624 rf &= ~RT3070_TX_LO1;
5625 if ((sc->mac_ver == 0x3070 ||
5626 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5628 rf |= 0x20; /* fix for long range Rx issue */
5629 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5630 if (sc->txmixgain_2ghz >= mingain)
5631 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5632 run_rt3070_rf_write(sc, 17, rf);
5635 if (sc->mac_ver == 0x3071) {
5636 run_rt3070_rf_read(sc, 1, &rf);
5637 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5638 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5639 run_rt3070_rf_write(sc, 1, rf);
5641 run_rt3070_rf_read(sc, 15, &rf);
5642 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5644 run_rt3070_rf_read(sc, 20, &rf);
5645 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5647 run_rt3070_rf_read(sc, 21, &rf);
5648 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5651 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5652 /* fix Tx to Rx IQ glitch by raising RF voltage */
5653 run_rt3070_rf_read(sc, 27, &rf);
5655 if (sc->mac_rev < 0x0211)
5657 run_rt3070_rf_write(sc, 27, rf);
5663 run_rt3593_rf_init(struct run_softc *sc)
5669 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5670 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5671 tmp &= ~(1 << 4 | 1 << 7);
5672 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5674 /* Initialize RF registers to default value. */
5675 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5676 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5677 rt3593_def_rf[i].val);
5680 /* Toggle RF R2 to initiate calibration. */
5681 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5683 /* Initialize RF frequency offset. */
5684 run_adjust_freq_offset(sc);
5686 run_rt3070_rf_read(sc, 18, &rf);
5687 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5690 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5691 * decrease voltage back to 1.2V.
5693 run_read(sc, RT3070_LDO_CFG0, &tmp);
5694 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5695 run_write(sc, RT3070_LDO_CFG0, tmp);
5697 tmp = (tmp & ~0x1f000000) | 0x01000000;
5698 run_write(sc, RT3070_LDO_CFG0, tmp);
5700 sc->rf24_20mhz = 0x1f;
5701 sc->rf24_40mhz = 0x2f;
5703 /* Save default BBP registers 25 and 26 values. */
5704 run_bbp_read(sc, 25, &sc->bbp25);
5705 run_bbp_read(sc, 26, &sc->bbp26);
5707 run_read(sc, RT3070_OPT_14, &tmp);
5708 run_write(sc, RT3070_OPT_14, tmp | 1);
5712 run_rt5390_rf_init(struct run_softc *sc)
5718 /* Toggle RF R2 to initiate calibration. */
5719 if (sc->mac_ver == 0x5390) {
5720 run_rt3070_rf_read(sc, 2, &rf);
5721 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5723 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5725 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5729 /* Initialize RF registers to default value. */
5730 if (sc->mac_ver == 0x5592) {
5731 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5732 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5733 rt5592_def_rf[i].val);
5735 /* Initialize RF frequency offset. */
5736 run_adjust_freq_offset(sc);
5737 } else if (sc->mac_ver == 0x5392) {
5738 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5739 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5740 rt5392_def_rf[i].val);
5742 if (sc->mac_rev >= 0x0223) {
5743 run_rt3070_rf_write(sc, 23, 0x0f);
5744 run_rt3070_rf_write(sc, 24, 0x3e);
5745 run_rt3070_rf_write(sc, 51, 0x32);
5746 run_rt3070_rf_write(sc, 53, 0x22);
5747 run_rt3070_rf_write(sc, 56, 0xc1);
5748 run_rt3070_rf_write(sc, 59, 0x0f);
5751 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5752 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5753 rt5390_def_rf[i].val);
5755 if (sc->mac_rev >= 0x0502) {
5756 run_rt3070_rf_write(sc, 6, 0xe0);
5757 run_rt3070_rf_write(sc, 25, 0x80);
5758 run_rt3070_rf_write(sc, 46, 0x73);
5759 run_rt3070_rf_write(sc, 53, 0x00);
5760 run_rt3070_rf_write(sc, 56, 0x42);
5761 run_rt3070_rf_write(sc, 61, 0xd1);
5765 sc->rf24_20mhz = 0x1f; /* default value */
5766 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5768 if (sc->mac_rev < 0x0211)
5769 run_rt3070_rf_write(sc, 27, 0x3);
5771 run_read(sc, RT3070_OPT_14, &tmp);
5772 run_write(sc, RT3070_OPT_14, tmp | 1);
5776 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5780 uint8_t bbp55_pb, bbp55_sb, delta;
5783 /* program filter */
5784 run_rt3070_rf_read(sc, 24, &rf24);
5785 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5786 run_rt3070_rf_write(sc, 24, rf24);
5788 /* enable baseband loopback mode */
5789 run_rt3070_rf_read(sc, 22, &rf22);
5790 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5792 /* set power and frequency of passband test tone */
5793 run_bbp_write(sc, 24, 0x00);
5794 for (ntries = 0; ntries < 100; ntries++) {
5795 /* transmit test tone */
5796 run_bbp_write(sc, 25, 0x90);
5798 /* read received power */
5799 run_bbp_read(sc, 55, &bbp55_pb);
5806 /* set power and frequency of stopband test tone */
5807 run_bbp_write(sc, 24, 0x06);
5808 for (ntries = 0; ntries < 100; ntries++) {
5809 /* transmit test tone */
5810 run_bbp_write(sc, 25, 0x90);
5812 /* read received power */
5813 run_bbp_read(sc, 55, &bbp55_sb);
5815 delta = bbp55_pb - bbp55_sb;
5819 /* reprogram filter */
5821 run_rt3070_rf_write(sc, 24, rf24);
5825 rf24--; /* backtrack */
5827 run_rt3070_rf_write(sc, 24, rf24);
5830 /* restore initial state */
5831 run_bbp_write(sc, 24, 0x00);
5833 /* disable baseband loopback mode */
5834 run_rt3070_rf_read(sc, 22, &rf22);
5835 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5841 run_rt3070_rf_setup(struct run_softc *sc)
5846 if (sc->mac_ver == 0x3572) {
5847 /* enable DC filter */
5848 if (sc->mac_rev >= 0x0201)
5849 run_bbp_write(sc, 103, 0xc0);
5851 run_bbp_read(sc, 138, &bbp);
5852 if (sc->ntxchains == 1)
5853 bbp |= 0x20; /* turn off DAC1 */
5854 if (sc->nrxchains == 1)
5855 bbp &= ~0x02; /* turn off ADC1 */
5856 run_bbp_write(sc, 138, bbp);
5858 if (sc->mac_rev >= 0x0211) {
5859 /* improve power consumption */
5860 run_bbp_read(sc, 31, &bbp);
5861 run_bbp_write(sc, 31, bbp & ~0x03);
5864 run_rt3070_rf_read(sc, 16, &rf);
5865 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5866 run_rt3070_rf_write(sc, 16, rf);
5868 } else if (sc->mac_ver == 0x3071) {
5869 if (sc->mac_rev >= 0x0211) {
5870 /* enable DC filter */
5871 run_bbp_write(sc, 103, 0xc0);
5873 /* improve power consumption */
5874 run_bbp_read(sc, 31, &bbp);
5875 run_bbp_write(sc, 31, bbp & ~0x03);
5878 run_bbp_read(sc, 138, &bbp);
5879 if (sc->ntxchains == 1)
5880 bbp |= 0x20; /* turn off DAC1 */
5881 if (sc->nrxchains == 1)
5882 bbp &= ~0x02; /* turn off ADC1 */
5883 run_bbp_write(sc, 138, bbp);
5885 run_write(sc, RT2860_TX_SW_CFG1, 0);
5886 if (sc->mac_rev < 0x0211) {
5887 run_write(sc, RT2860_TX_SW_CFG2,
5888 sc->patch_dac ? 0x2c : 0x0f);
5890 run_write(sc, RT2860_TX_SW_CFG2, 0);
5892 } else if (sc->mac_ver == 0x3070) {
5893 if (sc->mac_rev >= 0x0201) {
5894 /* enable DC filter */
5895 run_bbp_write(sc, 103, 0xc0);
5897 /* improve power consumption */
5898 run_bbp_read(sc, 31, &bbp);
5899 run_bbp_write(sc, 31, bbp & ~0x03);
5902 if (sc->mac_rev < 0x0201) {
5903 run_write(sc, RT2860_TX_SW_CFG1, 0);
5904 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5906 run_write(sc, RT2860_TX_SW_CFG2, 0);
5909 /* initialize RF registers from ROM for >=RT3071*/
5910 if (sc->mac_ver >= 0x3071) {
5911 for (i = 0; i < 10; i++) {
5912 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5914 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5920 run_rt3593_rf_setup(struct run_softc *sc)
5924 if (sc->mac_rev >= 0x0211) {
5925 /* Enable DC filter. */
5926 run_bbp_write(sc, 103, 0xc0);
5928 run_write(sc, RT2860_TX_SW_CFG1, 0);
5929 if (sc->mac_rev < 0x0211) {
5930 run_write(sc, RT2860_TX_SW_CFG2,
5931 sc->patch_dac ? 0x2c : 0x0f);
5933 run_write(sc, RT2860_TX_SW_CFG2, 0);
5935 run_rt3070_rf_read(sc, 50, &rf);
5936 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5938 run_rt3070_rf_read(sc, 51, &rf);
5939 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5940 ((sc->txmixgain_2ghz & 0x07) << 2);
5941 run_rt3070_rf_write(sc, 51, rf);
5943 run_rt3070_rf_read(sc, 38, &rf);
5944 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5946 run_rt3070_rf_read(sc, 39, &rf);
5947 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5949 run_rt3070_rf_read(sc, 1, &rf);
5950 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5952 run_rt3070_rf_read(sc, 30, &rf);
5953 rf = (rf & ~0x18) | 0x10;
5954 run_rt3070_rf_write(sc, 30, rf);
5956 /* Apply maximum likelihood detection for 2 stream case. */
5957 run_bbp_read(sc, 105, &bbp);
5958 if (sc->nrxchains > 1)
5959 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5961 /* Avoid data lost and CRC error. */
5962 run_bbp_read(sc, 4, &bbp);
5963 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5965 run_bbp_write(sc, 92, 0x02);
5966 run_bbp_write(sc, 82, 0x82);
5967 run_bbp_write(sc, 106, 0x05);
5968 run_bbp_write(sc, 104, 0x92);
5969 run_bbp_write(sc, 88, 0x90);
5970 run_bbp_write(sc, 148, 0xc8);
5971 run_bbp_write(sc, 47, 0x48);
5972 run_bbp_write(sc, 120, 0x50);
5974 run_bbp_write(sc, 163, 0x9d);
5977 run_bbp_write(sc, 142, 0x06);
5978 run_bbp_write(sc, 143, 0xa0);
5979 run_bbp_write(sc, 142, 0x07);
5980 run_bbp_write(sc, 143, 0xa1);
5981 run_bbp_write(sc, 142, 0x08);
5982 run_bbp_write(sc, 143, 0xa2);
5984 run_bbp_write(sc, 31, 0x08);
5985 run_bbp_write(sc, 68, 0x0b);
5986 run_bbp_write(sc, 105, 0x04);
5990 run_rt5390_rf_setup(struct run_softc *sc)
5994 if (sc->mac_rev >= 0x0211) {
5995 /* Enable DC filter. */
5996 run_bbp_write(sc, 103, 0xc0);
5998 if (sc->mac_ver != 0x5592) {
5999 /* Improve power consumption. */
6000 run_bbp_read(sc, 31, &bbp);
6001 run_bbp_write(sc, 31, bbp & ~0x03);
6005 run_bbp_read(sc, 138, &bbp);
6006 if (sc->ntxchains == 1)
6007 bbp |= 0x20; /* turn off DAC1 */
6008 if (sc->nrxchains == 1)
6009 bbp &= ~0x02; /* turn off ADC1 */
6010 run_bbp_write(sc, 138, bbp);
6012 run_rt3070_rf_read(sc, 38, &rf);
6013 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
6015 run_rt3070_rf_read(sc, 39, &rf);
6016 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
6018 /* Avoid data lost and CRC error. */
6019 run_bbp_read(sc, 4, &bbp);
6020 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
6022 run_rt3070_rf_read(sc, 30, &rf);
6023 rf = (rf & ~0x18) | 0x10;
6024 run_rt3070_rf_write(sc, 30, rf);
6026 if (sc->mac_ver != 0x5592) {
6027 run_write(sc, RT2860_TX_SW_CFG1, 0);
6028 if (sc->mac_rev < 0x0211) {
6029 run_write(sc, RT2860_TX_SW_CFG2,
6030 sc->patch_dac ? 0x2c : 0x0f);
6032 run_write(sc, RT2860_TX_SW_CFG2, 0);
6037 run_txrx_enable(struct run_softc *sc)
6039 struct ieee80211com *ic = &sc->sc_ic;
6043 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
6044 for (ntries = 0; ntries < 200; ntries++) {
6045 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
6047 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6056 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
6057 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6059 /* enable Rx bulk aggregation (set timeout and limit) */
6060 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
6061 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
6062 run_write(sc, RT2860_USB_DMA_CFG, tmp);
6065 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
6066 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
6067 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
6068 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
6069 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
6070 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
6071 if (ic->ic_opmode == IEEE80211_M_STA)
6072 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
6074 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
6076 run_write(sc, RT2860_MAC_SYS_CTRL,
6077 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6083 run_adjust_freq_offset(struct run_softc *sc)
6087 run_rt3070_rf_read(sc, 17, &rf);
6089 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
6093 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
6097 run_init_locked(struct run_softc *sc)
6099 struct ieee80211com *ic = &sc->sc_ic;
6100 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6107 if (ic->ic_nrunning > 1)
6112 if (run_load_microcode(sc) != 0) {
6113 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
6117 for (ntries = 0; ntries < 100; ntries++) {
6118 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
6120 if (tmp != 0 && tmp != 0xffffffff)
6127 for (i = 0; i != RUN_EP_QUEUES; i++)
6128 run_setup_tx_list(sc, &sc->sc_epq[i]);
6130 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
6132 for (ntries = 0; ntries < 100; ntries++) {
6133 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6135 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6139 if (ntries == 100) {
6140 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6144 tmp |= RT2860_TX_WB_DDONE;
6145 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6147 /* turn off PME_OEN to solve high-current issue */
6148 run_read(sc, RT2860_SYS_CTRL, &tmp);
6149 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6151 run_write(sc, RT2860_MAC_SYS_CTRL,
6152 RT2860_BBP_HRST | RT2860_MAC_SRST);
6153 run_write(sc, RT2860_USB_DMA_CFG, 0);
6155 if (run_reset(sc) != 0) {
6156 device_printf(sc->sc_dev, "could not reset chipset\n");
6160 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6162 /* init Tx power for all Tx rates (from EEPROM) */
6163 for (ridx = 0; ridx < 5; ridx++) {
6164 if (sc->txpow20mhz[ridx] == 0xffffffff)
6166 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6169 for (i = 0; i < nitems(rt2870_def_mac); i++)
6170 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6171 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6172 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6173 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6175 if (sc->mac_ver >= 0x5390) {
6176 run_write(sc, RT2860_TX_SW_CFG0,
6177 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6178 if (sc->mac_ver >= 0x5392) {
6179 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6180 if (sc->mac_ver == 0x5592) {
6181 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6182 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6184 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6185 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6188 } else if (sc->mac_ver == 0x3593) {
6189 run_write(sc, RT2860_TX_SW_CFG0,
6190 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6191 } else if (sc->mac_ver >= 0x3070) {
6192 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6193 run_write(sc, RT2860_TX_SW_CFG0,
6194 4 << RT2860_DLY_PAPE_EN_SHIFT);
6197 /* wait while MAC is busy */
6198 for (ntries = 0; ntries < 100; ntries++) {
6199 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6201 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6208 /* clear Host to MCU mailbox */
6209 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6210 run_write(sc, RT2860_H2M_MAILBOX, 0);
6213 if (run_bbp_init(sc) != 0) {
6214 device_printf(sc->sc_dev, "could not initialize BBP\n");
6218 /* abort TSF synchronization */
6219 run_disable_tsf(sc);
6221 /* clear RX WCID search table */
6222 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6223 /* clear WCID attribute table */
6224 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6226 /* hostapd sets a key before init. So, don't clear it. */
6227 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6228 /* clear shared key table */
6229 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6230 /* clear shared key mode */
6231 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6234 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6235 tmp = (tmp & ~0xff) | 0x1e;
6236 run_write(sc, RT2860_US_CYC_CNT, tmp);
6238 if (sc->mac_rev != 0x0101)
6239 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6241 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6242 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6244 /* write vendor-specific BBP values (from EEPROM) */
6245 if (sc->mac_ver < 0x3593) {
6246 for (i = 0; i < 10; i++) {
6247 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6249 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6253 /* select Main antenna for 1T1R devices */
6254 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6255 run_set_rx_antenna(sc, 0);
6257 /* send LEDs operating mode to microcontroller */
6258 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6259 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6260 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6262 if (sc->mac_ver >= 0x5390)
6263 run_rt5390_rf_init(sc);
6264 else if (sc->mac_ver == 0x3593)
6265 run_rt3593_rf_init(sc);
6266 else if (sc->mac_ver >= 0x3070)
6267 run_rt3070_rf_init(sc);
6269 /* disable non-existing Rx chains */
6270 run_bbp_read(sc, 3, &bbp3);
6271 bbp3 &= ~(1 << 3 | 1 << 4);
6272 if (sc->nrxchains == 2)
6274 else if (sc->nrxchains == 3)
6276 run_bbp_write(sc, 3, bbp3);
6278 /* disable non-existing Tx chains */
6279 run_bbp_read(sc, 1, &bbp1);
6280 if (sc->ntxchains == 1)
6281 bbp1 &= ~(1 << 3 | 1 << 4);
6282 run_bbp_write(sc, 1, bbp1);
6284 if (sc->mac_ver >= 0x5390)
6285 run_rt5390_rf_setup(sc);
6286 else if (sc->mac_ver == 0x3593)
6287 run_rt3593_rf_setup(sc);
6288 else if (sc->mac_ver >= 0x3070)
6289 run_rt3070_rf_setup(sc);
6291 /* select default channel */
6292 run_set_chan(sc, ic->ic_curchan);
6294 /* setup initial protection mode */
6295 run_updateprot_cb(ic);
6297 /* turn radio LED on */
6298 run_set_leds(sc, RT2860_LED_RADIO);
6300 /* Set up AUTO_RSP_CFG register for auto response */
6301 run_write(sc, RT2860_AUTO_RSP_CFG, RT2860_AUTO_RSP_EN |
6302 RT2860_BAC_ACKPOLICY_EN | RT2860_CTS_40M_MODE_EN);
6304 sc->sc_flags |= RUN_RUNNING;
6305 sc->cmdq_run = RUN_CMDQ_GO;
6307 for (i = 0; i != RUN_N_XFER; i++)
6308 usbd_xfer_set_stall(sc->sc_xfer[i]);
6310 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6312 if (run_txrx_enable(sc) != 0)
6324 struct run_softc *sc = (struct run_softc *)arg;
6329 RUN_LOCK_ASSERT(sc, MA_OWNED);
6331 if (sc->sc_flags & RUN_RUNNING)
6332 run_set_leds(sc, 0); /* turn all LEDs off */
6334 sc->sc_flags &= ~RUN_RUNNING;
6336 sc->ratectl_run = RUN_RATECTL_OFF;
6337 sc->cmdq_run = sc->cmdq_key_set;
6341 for(i = 0; i < RUN_N_XFER; i++)
6342 usbd_transfer_drain(sc->sc_xfer[i]);
6346 run_drain_mbufq(sc);
6348 if (sc->rx_m != NULL) {
6353 /* Disable Tx/Rx DMA. */
6354 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6356 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6357 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6359 for (ntries = 0; ntries < 100; ntries++) {
6360 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6362 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6366 if (ntries == 100) {
6367 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6372 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6373 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6374 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6376 /* wait for pending Tx to complete */
6377 for (ntries = 0; ntries < 100; ntries++) {
6378 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6379 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6380 "Cannot read Tx queue count\n");
6383 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6384 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6385 "All Tx cleared\n");
6391 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6392 "There are still pending Tx\n");
6394 run_write(sc, RT2860_USB_DMA_CFG, 0);
6396 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6397 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6399 for (i = 0; i != RUN_EP_QUEUES; i++)
6400 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6404 run_delay(struct run_softc *sc, u_int ms)
6406 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6407 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6412 run_update_chw(struct ieee80211com *ic)
6415 printf("%s: TODO\n", __func__);
6419 run_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
6422 /* For now, no A-MPDU TX support in the driver */
6426 static device_method_t run_methods[] = {
6427 /* Device interface */
6428 DEVMETHOD(device_probe, run_match),
6429 DEVMETHOD(device_attach, run_attach),
6430 DEVMETHOD(device_detach, run_detach),
6434 static driver_t run_driver = {
6436 .methods = run_methods,
6437 .size = sizeof(struct run_softc)
6440 static devclass_t run_devclass;
6442 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6443 MODULE_DEPEND(run, wlan, 1, 1, 1);
6444 MODULE_DEPEND(run, usb, 1, 1, 1);
6445 MODULE_DEPEND(run, firmware, 1, 1, 1);
6446 MODULE_VERSION(run, 1);
6447 USB_PNP_HOST_INFO(run_devs);
projects / FreeBSD / FreeBSD.git / blob