2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
30 #include <sys/param.h>
31 #include <sys/eventhandler.h>
32 #include <sys/sockio.h>
33 #include <sys/sysctl.h>
35 #include <sys/mutex.h>
37 #include <sys/kernel.h>
38 #include <sys/socket.h>
39 #include <sys/systm.h>
40 #include <sys/malloc.h>
41 #include <sys/module.h>
43 #include <sys/endian.h>
44 #include <sys/linker.h>
45 #include <sys/firmware.h>
50 #include <net/if_var.h>
51 #include <net/if_arp.h>
52 #include <net/ethernet.h>
53 #include <net/if_dl.h>
54 #include <net/if_media.h>
55 #include <net/if_types.h>
57 #include <netinet/in.h>
58 #include <netinet/in_systm.h>
59 #include <netinet/in_var.h>
60 #include <netinet/if_ether.h>
61 #include <netinet/ip.h>
63 #include <net80211/ieee80211_var.h>
64 #include <net80211/ieee80211_regdomain.h>
65 #include <net80211/ieee80211_radiotap.h>
66 #include <net80211/ieee80211_ratectl.h>
68 #include <dev/usb/usb.h>
69 #include <dev/usb/usbdi.h>
72 #define USB_DEBUG_VAR run_debug
73 #include <dev/usb/usb_debug.h>
74 #include <dev/usb/usb_msctest.h>
76 #include <dev/usb/wlan/if_runreg.h>
77 #include <dev/usb/wlan/if_runvar.h>
85 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
86 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
90 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
91 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */
92 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */
93 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */
94 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */
95 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */
96 RUN_DEBUG_USB = 0x00000040, /* usb requests */
97 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */
98 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */
99 RUN_DEBUG_INTR = 0x00000200, /* ISR */
100 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */
101 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */
102 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */
103 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */
104 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */
105 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */
106 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */
107 RUN_DEBUG_CMD = 0x00020000, /* command queue */
108 RUN_DEBUG_ANY = 0xffffffff
111 #define RUN_DPRINTF(_sc, _m, ...) do { \
112 if (run_debug & (_m)) \
113 device_printf((_sc)->sc_dev, __VA_ARGS__); \
116 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0)
119 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
122 * Because of LOR in run_key_delete(), use atomic instead.
123 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
125 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
127 static const STRUCT_USB_HOST_ID run_devs[] = {
128 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
129 #define RUN_DEV_EJECT(v,p) \
130 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
132 RUN_DEV(ABOCOM, RT2770),
133 RUN_DEV(ABOCOM, RT2870),
134 RUN_DEV(ABOCOM, RT3070),
135 RUN_DEV(ABOCOM, RT3071),
136 RUN_DEV(ABOCOM, RT3072),
137 RUN_DEV(ABOCOM2, RT2870_1),
138 RUN_DEV(ACCTON, RT2770),
139 RUN_DEV(ACCTON, RT2870_1),
140 RUN_DEV(ACCTON, RT2870_2),
141 RUN_DEV(ACCTON, RT2870_3),
142 RUN_DEV(ACCTON, RT2870_4),
143 RUN_DEV(ACCTON, RT2870_5),
144 RUN_DEV(ACCTON, RT3070),
145 RUN_DEV(ACCTON, RT3070_1),
146 RUN_DEV(ACCTON, RT3070_2),
147 RUN_DEV(ACCTON, RT3070_3),
148 RUN_DEV(ACCTON, RT3070_4),
149 RUN_DEV(ACCTON, RT3070_5),
150 RUN_DEV(AIRTIES, RT3070),
151 RUN_DEV(ALLWIN, RT2070),
152 RUN_DEV(ALLWIN, RT2770),
153 RUN_DEV(ALLWIN, RT2870),
154 RUN_DEV(ALLWIN, RT3070),
155 RUN_DEV(ALLWIN, RT3071),
156 RUN_DEV(ALLWIN, RT3072),
157 RUN_DEV(ALLWIN, RT3572),
158 RUN_DEV(AMIGO, RT2870_1),
159 RUN_DEV(AMIGO, RT2870_2),
160 RUN_DEV(AMIT, CGWLUSB2GNR),
161 RUN_DEV(AMIT, RT2870_1),
162 RUN_DEV(AMIT2, RT2870),
163 RUN_DEV(ASUS, RT2870_1),
164 RUN_DEV(ASUS, RT2870_2),
165 RUN_DEV(ASUS, RT2870_3),
166 RUN_DEV(ASUS, RT2870_4),
167 RUN_DEV(ASUS, RT2870_5),
168 RUN_DEV(ASUS, USBN13),
169 RUN_DEV(ASUS, RT3070_1),
170 RUN_DEV(ASUS, USBN66),
171 RUN_DEV(ASUS, USB_N53),
172 RUN_DEV(ASUS2, USBN11),
173 RUN_DEV(AZUREWAVE, RT2870_1),
174 RUN_DEV(AZUREWAVE, RT2870_2),
175 RUN_DEV(AZUREWAVE, RT3070_1),
176 RUN_DEV(AZUREWAVE, RT3070_2),
177 RUN_DEV(AZUREWAVE, RT3070_3),
178 RUN_DEV(BELKIN, F9L1103),
179 RUN_DEV(BELKIN, F5D8053V3),
180 RUN_DEV(BELKIN, F5D8055),
181 RUN_DEV(BELKIN, F5D8055V2),
182 RUN_DEV(BELKIN, F6D4050V1),
183 RUN_DEV(BELKIN, F6D4050V2),
184 RUN_DEV(BELKIN, RT2870_1),
185 RUN_DEV(BELKIN, RT2870_2),
186 RUN_DEV(CISCOLINKSYS, AE1000),
187 RUN_DEV(CISCOLINKSYS2, RT3070),
188 RUN_DEV(CISCOLINKSYS3, RT3070),
189 RUN_DEV(CONCEPTRONIC2, RT2870_1),
190 RUN_DEV(CONCEPTRONIC2, RT2870_2),
191 RUN_DEV(CONCEPTRONIC2, RT2870_3),
192 RUN_DEV(CONCEPTRONIC2, RT2870_4),
193 RUN_DEV(CONCEPTRONIC2, RT2870_5),
194 RUN_DEV(CONCEPTRONIC2, RT2870_6),
195 RUN_DEV(CONCEPTRONIC2, RT2870_7),
196 RUN_DEV(CONCEPTRONIC2, RT2870_8),
197 RUN_DEV(CONCEPTRONIC2, RT3070_1),
198 RUN_DEV(CONCEPTRONIC2, RT3070_2),
199 RUN_DEV(CONCEPTRONIC2, VIGORN61),
200 RUN_DEV(COREGA, CGWLUSB300GNM),
201 RUN_DEV(COREGA, RT2870_1),
202 RUN_DEV(COREGA, RT2870_2),
203 RUN_DEV(COREGA, RT2870_3),
204 RUN_DEV(COREGA, RT3070),
205 RUN_DEV(CYBERTAN, RT2870),
206 RUN_DEV(DLINK, RT2870),
207 RUN_DEV(DLINK, RT3072),
208 RUN_DEV(DLINK, DWA125A3),
209 RUN_DEV(DLINK, DWA127),
210 RUN_DEV(DLINK, DWA140B3),
211 RUN_DEV(DLINK, DWA160B2),
212 RUN_DEV(DLINK, DWA140D1),
213 RUN_DEV(DLINK, DWA162),
214 RUN_DEV(DLINK2, DWA130),
215 RUN_DEV(DLINK2, RT2870_1),
216 RUN_DEV(DLINK2, RT2870_2),
217 RUN_DEV(DLINK2, RT3070_1),
218 RUN_DEV(DLINK2, RT3070_2),
219 RUN_DEV(DLINK2, RT3070_3),
220 RUN_DEV(DLINK2, RT3070_4),
221 RUN_DEV(DLINK2, RT3070_5),
222 RUN_DEV(DLINK2, RT3072),
223 RUN_DEV(DLINK2, RT3072_1),
224 RUN_DEV(EDIMAX, EW7717),
225 RUN_DEV(EDIMAX, EW7718),
226 RUN_DEV(EDIMAX, EW7733UND),
227 RUN_DEV(EDIMAX, RT2870_1),
228 RUN_DEV(ENCORE, RT3070_1),
229 RUN_DEV(ENCORE, RT3070_2),
230 RUN_DEV(ENCORE, RT3070_3),
231 RUN_DEV(GIGABYTE, GNWB31N),
232 RUN_DEV(GIGABYTE, GNWB32L),
233 RUN_DEV(GIGABYTE, RT2870_1),
234 RUN_DEV(GIGASET, RT3070_1),
235 RUN_DEV(GIGASET, RT3070_2),
236 RUN_DEV(GUILLEMOT, HWNU300),
237 RUN_DEV(HAWKING, HWUN2),
238 RUN_DEV(HAWKING, RT2870_1),
239 RUN_DEV(HAWKING, RT2870_2),
240 RUN_DEV(HAWKING, RT3070),
241 RUN_DEV(IODATA, RT3072_1),
242 RUN_DEV(IODATA, RT3072_2),
243 RUN_DEV(IODATA, RT3072_3),
244 RUN_DEV(IODATA, RT3072_4),
245 RUN_DEV(LINKSYS4, RT3070),
246 RUN_DEV(LINKSYS4, WUSB100),
247 RUN_DEV(LINKSYS4, WUSB54GCV3),
248 RUN_DEV(LINKSYS4, WUSB600N),
249 RUN_DEV(LINKSYS4, WUSB600NV2),
250 RUN_DEV(LOGITEC, RT2870_1),
251 RUN_DEV(LOGITEC, RT2870_2),
252 RUN_DEV(LOGITEC, RT2870_3),
253 RUN_DEV(LOGITEC, LANW300NU2),
254 RUN_DEV(LOGITEC, LANW150NU2),
255 RUN_DEV(LOGITEC, LANW300NU2S),
256 RUN_DEV(MELCO, WLIUCG300HP),
257 RUN_DEV(MELCO, RT2870_2),
258 RUN_DEV(MELCO, WLIUCAG300N),
259 RUN_DEV(MELCO, WLIUCG300N),
260 RUN_DEV(MELCO, WLIUCG301N),
261 RUN_DEV(MELCO, WLIUCGN),
262 RUN_DEV(MELCO, WLIUCGNM),
263 RUN_DEV(MELCO, WLIUCG300HPV1),
264 RUN_DEV(MELCO, WLIUCGNM2),
265 RUN_DEV(MOTOROLA4, RT2770),
266 RUN_DEV(MOTOROLA4, RT3070),
267 RUN_DEV(MSI, RT3070_1),
268 RUN_DEV(MSI, RT3070_2),
269 RUN_DEV(MSI, RT3070_3),
270 RUN_DEV(MSI, RT3070_4),
271 RUN_DEV(MSI, RT3070_5),
272 RUN_DEV(MSI, RT3070_6),
273 RUN_DEV(MSI, RT3070_7),
274 RUN_DEV(MSI, RT3070_8),
275 RUN_DEV(MSI, RT3070_9),
276 RUN_DEV(MSI, RT3070_10),
277 RUN_DEV(MSI, RT3070_11),
278 RUN_DEV(NETGEAR, WNDA4100),
279 RUN_DEV(OVISLINK, RT3072),
280 RUN_DEV(PARA, RT3070),
281 RUN_DEV(PEGATRON, RT2870),
282 RUN_DEV(PEGATRON, RT3070),
283 RUN_DEV(PEGATRON, RT3070_2),
284 RUN_DEV(PEGATRON, RT3070_3),
285 RUN_DEV(PHILIPS, RT2870),
286 RUN_DEV(PLANEX2, GWUS300MINIS),
287 RUN_DEV(PLANEX2, GWUSMICRON),
288 RUN_DEV(PLANEX2, RT2870),
289 RUN_DEV(PLANEX2, RT3070),
290 RUN_DEV(QCOM, RT2870),
291 RUN_DEV(QUANTA, RT3070),
292 RUN_DEV(RALINK, RT2070),
293 RUN_DEV(RALINK, RT2770),
294 RUN_DEV(RALINK, RT2870),
295 RUN_DEV(RALINK, RT3070),
296 RUN_DEV(RALINK, RT3071),
297 RUN_DEV(RALINK, RT3072),
298 RUN_DEV(RALINK, RT3370),
299 RUN_DEV(RALINK, RT3572),
300 RUN_DEV(RALINK, RT3573),
301 RUN_DEV(RALINK, RT5370),
302 RUN_DEV(RALINK, RT5372),
303 RUN_DEV(RALINK, RT5572),
304 RUN_DEV(RALINK, RT8070),
305 RUN_DEV(SAMSUNG, WIS09ABGN),
306 RUN_DEV(SAMSUNG2, RT2870_1),
307 RUN_DEV(SENAO, RT2870_1),
308 RUN_DEV(SENAO, RT2870_2),
309 RUN_DEV(SENAO, RT2870_3),
310 RUN_DEV(SENAO, RT2870_4),
311 RUN_DEV(SENAO, RT3070),
312 RUN_DEV(SENAO, RT3071),
313 RUN_DEV(SENAO, RT3072_1),
314 RUN_DEV(SENAO, RT3072_2),
315 RUN_DEV(SENAO, RT3072_3),
316 RUN_DEV(SENAO, RT3072_4),
317 RUN_DEV(SENAO, RT3072_5),
318 RUN_DEV(SITECOMEU, RT2770),
319 RUN_DEV(SITECOMEU, RT2870_1),
320 RUN_DEV(SITECOMEU, RT2870_2),
321 RUN_DEV(SITECOMEU, RT2870_3),
322 RUN_DEV(SITECOMEU, RT2870_4),
323 RUN_DEV(SITECOMEU, RT3070),
324 RUN_DEV(SITECOMEU, RT3070_2),
325 RUN_DEV(SITECOMEU, RT3070_3),
326 RUN_DEV(SITECOMEU, RT3070_4),
327 RUN_DEV(SITECOMEU, RT3071),
328 RUN_DEV(SITECOMEU, RT3072_1),
329 RUN_DEV(SITECOMEU, RT3072_2),
330 RUN_DEV(SITECOMEU, RT3072_3),
331 RUN_DEV(SITECOMEU, RT3072_4),
332 RUN_DEV(SITECOMEU, RT3072_5),
333 RUN_DEV(SITECOMEU, RT3072_6),
334 RUN_DEV(SITECOMEU, WL608),
335 RUN_DEV(SPARKLAN, RT2870_1),
336 RUN_DEV(SPARKLAN, RT3070),
337 RUN_DEV(SWEEX2, LW153),
338 RUN_DEV(SWEEX2, LW303),
339 RUN_DEV(SWEEX2, LW313),
340 RUN_DEV(TOSHIBA, RT3070),
341 RUN_DEV(UMEDIA, RT2870_1),
342 RUN_DEV(ZCOM, RT2870_1),
343 RUN_DEV(ZCOM, RT2870_2),
344 RUN_DEV(ZINWELL, RT2870_1),
345 RUN_DEV(ZINWELL, RT2870_2),
346 RUN_DEV(ZINWELL, RT3070),
347 RUN_DEV(ZINWELL, RT3072_1),
348 RUN_DEV(ZINWELL, RT3072_2),
349 RUN_DEV(ZYXEL, RT2870_1),
350 RUN_DEV(ZYXEL, RT2870_2),
351 RUN_DEV(ZYXEL, RT3070),
352 RUN_DEV_EJECT(ZYXEL, NWD2705),
353 RUN_DEV_EJECT(RALINK, RT_STOR),
358 static device_probe_t run_match;
359 static device_attach_t run_attach;
360 static device_detach_t run_detach;
362 static usb_callback_t run_bulk_rx_callback;
363 static usb_callback_t run_bulk_tx_callback0;
364 static usb_callback_t run_bulk_tx_callback1;
365 static usb_callback_t run_bulk_tx_callback2;
366 static usb_callback_t run_bulk_tx_callback3;
367 static usb_callback_t run_bulk_tx_callback4;
368 static usb_callback_t run_bulk_tx_callback5;
370 static void run_autoinst(void *, struct usb_device *,
371 struct usb_attach_arg *);
372 static int run_driver_loaded(struct module *, int, void *);
373 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
374 usb_error_t error, u_int index);
375 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
376 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
377 const uint8_t [IEEE80211_ADDR_LEN],
378 const uint8_t [IEEE80211_ADDR_LEN]);
379 static void run_vap_delete(struct ieee80211vap *);
380 static void run_cmdq_cb(void *, int);
381 static void run_setup_tx_list(struct run_softc *,
382 struct run_endpoint_queue *);
383 static void run_unsetup_tx_list(struct run_softc *,
384 struct run_endpoint_queue *);
385 static int run_load_microcode(struct run_softc *);
386 static int run_reset(struct run_softc *);
387 static usb_error_t run_do_request(struct run_softc *,
388 struct usb_device_request *, void *);
389 static int run_read(struct run_softc *, uint16_t, uint32_t *);
390 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
391 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
392 static int run_write(struct run_softc *, uint16_t, uint32_t);
393 static int run_write_region_1(struct run_softc *, uint16_t,
394 const uint8_t *, int);
395 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
396 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
397 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
398 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
399 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
400 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
401 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
402 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
403 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
404 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
405 static const char *run_get_rf(uint16_t);
406 static void run_rt3593_get_txpower(struct run_softc *);
407 static void run_get_txpower(struct run_softc *);
408 static int run_read_eeprom(struct run_softc *);
409 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
410 const uint8_t mac[IEEE80211_ADDR_LEN]);
411 static int run_media_change(struct ifnet *);
412 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
413 static int run_wme_update(struct ieee80211com *);
414 static void run_key_set_cb(void *);
415 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
416 static void run_key_delete_cb(void *);
417 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
418 static void run_ratectl_to(void *);
419 static void run_ratectl_cb(void *, int);
420 static void run_drain_fifo(void *);
421 static void run_iter_func(void *, struct ieee80211_node *);
422 static void run_newassoc_cb(void *);
423 static void run_newassoc(struct ieee80211_node *, int);
424 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
425 const struct ieee80211_rx_stats *, int, int);
426 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
427 static void run_tx_free(struct run_endpoint_queue *pq,
428 struct run_tx_data *, int);
429 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
430 static int run_tx(struct run_softc *, struct mbuf *,
431 struct ieee80211_node *);
432 static int run_tx_mgt(struct run_softc *, struct mbuf *,
433 struct ieee80211_node *);
434 static int run_sendprot(struct run_softc *, const struct mbuf *,
435 struct ieee80211_node *, int, int);
436 static int run_tx_param(struct run_softc *, struct mbuf *,
437 struct ieee80211_node *,
438 const struct ieee80211_bpf_params *);
439 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
440 const struct ieee80211_bpf_params *);
441 static int run_transmit(struct ieee80211com *, struct mbuf *);
442 static void run_start(struct run_softc *);
443 static void run_parent(struct ieee80211com *);
444 static void run_iq_calib(struct run_softc *, u_int);
445 static void run_set_agc(struct run_softc *, uint8_t);
446 static void run_select_chan_group(struct run_softc *, int);
447 static void run_set_rx_antenna(struct run_softc *, int);
448 static void run_rt2870_set_chan(struct run_softc *, u_int);
449 static void run_rt3070_set_chan(struct run_softc *, u_int);
450 static void run_rt3572_set_chan(struct run_softc *, u_int);
451 static void run_rt3593_set_chan(struct run_softc *, u_int);
452 static void run_rt5390_set_chan(struct run_softc *, u_int);
453 static void run_rt5592_set_chan(struct run_softc *, u_int);
454 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
455 static void run_set_channel(struct ieee80211com *);
456 static void run_getradiocaps(struct ieee80211com *, int, int *,
457 struct ieee80211_channel[]);
458 static void run_scan_start(struct ieee80211com *);
459 static void run_scan_end(struct ieee80211com *);
460 static void run_update_beacon(struct ieee80211vap *, int);
461 static void run_update_beacon_cb(void *);
462 static void run_updateprot(struct ieee80211com *);
463 static void run_updateprot_cb(void *);
464 static void run_usb_timeout_cb(void *);
465 static void run_reset_livelock(struct run_softc *);
466 static void run_enable_tsf_sync(struct run_softc *);
467 static void run_enable_tsf(struct run_softc *);
468 static void run_disable_tsf(struct run_softc *);
469 static void run_get_tsf(struct run_softc *, uint64_t *);
470 static void run_enable_mrr(struct run_softc *);
471 static void run_set_txpreamble(struct run_softc *);
472 static void run_set_basicrates(struct run_softc *);
473 static void run_set_leds(struct run_softc *, uint16_t);
474 static void run_set_bssid(struct run_softc *, const uint8_t *);
475 static void run_set_macaddr(struct run_softc *, const uint8_t *);
476 static void run_updateslot(struct ieee80211com *);
477 static void run_updateslot_cb(void *);
478 static void run_update_mcast(struct ieee80211com *);
479 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
480 static void run_update_promisc_locked(struct run_softc *);
481 static void run_update_promisc(struct ieee80211com *);
482 static void run_rt5390_bbp_init(struct run_softc *);
483 static int run_bbp_init(struct run_softc *);
484 static int run_rt3070_rf_init(struct run_softc *);
485 static void run_rt3593_rf_init(struct run_softc *);
486 static void run_rt5390_rf_init(struct run_softc *);
487 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
489 static void run_rt3070_rf_setup(struct run_softc *);
490 static void run_rt3593_rf_setup(struct run_softc *);
491 static void run_rt5390_rf_setup(struct run_softc *);
492 static int run_txrx_enable(struct run_softc *);
493 static void run_adjust_freq_offset(struct run_softc *);
494 static void run_init_locked(struct run_softc *);
495 static void run_stop(void *);
496 static void run_delay(struct run_softc *, u_int);
498 static eventhandler_tag run_etag;
500 static const struct rt2860_rate {
503 enum ieee80211_phytype phy;
508 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
509 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
510 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
511 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
512 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
513 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
514 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
515 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
516 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
517 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
518 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
519 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
522 static const struct {
525 } rt2870_def_mac[] = {
529 static const struct {
532 } rt2860_def_bbp[] = {
534 },rt5390_def_bbp[] = {
536 },rt5592_def_bbp[] = {
541 * Default values for BBP register R196 for RT5592.
543 static const uint8_t rt5592_bbp_r196[] = {
544 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
545 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
546 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
547 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
548 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
549 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
550 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
551 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
552 0x2e, 0x36, 0x30, 0x6e
555 static const struct rfprog {
557 uint32_t r1, r2, r3, r4;
558 } rt2860_rf2850[] = {
568 static const struct rt5592_freqs {
571 } rt5592_freqs_20mhz[] = {
573 },rt5592_freqs_40mhz[] = {
577 static const struct {
580 } rt3070_def_rf[] = {
582 },rt3572_def_rf[] = {
584 },rt3593_def_rf[] = {
586 },rt5390_def_rf[] = {
588 },rt5392_def_rf[] = {
590 },rt5592_def_rf[] = {
592 },rt5592_2ghz_def_rf[] = {
594 },rt5592_5ghz_def_rf[] = {
598 static const struct {
603 } rt5592_chan_5ghz[] = {
607 static const struct usb_config run_config[RUN_N_XFER] = {
610 .endpoint = UE_ADDR_ANY,
612 .direction = UE_DIR_OUT,
613 .bufsize = RUN_MAX_TXSZ,
614 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
615 .callback = run_bulk_tx_callback0,
616 .timeout = 5000, /* ms */
620 .endpoint = UE_ADDR_ANY,
621 .direction = UE_DIR_OUT,
623 .bufsize = RUN_MAX_TXSZ,
624 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
625 .callback = run_bulk_tx_callback1,
626 .timeout = 5000, /* ms */
630 .endpoint = UE_ADDR_ANY,
631 .direction = UE_DIR_OUT,
633 .bufsize = RUN_MAX_TXSZ,
634 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
635 .callback = run_bulk_tx_callback2,
636 .timeout = 5000, /* ms */
640 .endpoint = UE_ADDR_ANY,
641 .direction = UE_DIR_OUT,
643 .bufsize = RUN_MAX_TXSZ,
644 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
645 .callback = run_bulk_tx_callback3,
646 .timeout = 5000, /* ms */
648 [RUN_BULK_TX_HCCA] = {
650 .endpoint = UE_ADDR_ANY,
651 .direction = UE_DIR_OUT,
653 .bufsize = RUN_MAX_TXSZ,
654 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
655 .callback = run_bulk_tx_callback4,
656 .timeout = 5000, /* ms */
658 [RUN_BULK_TX_PRIO] = {
660 .endpoint = UE_ADDR_ANY,
661 .direction = UE_DIR_OUT,
663 .bufsize = RUN_MAX_TXSZ,
664 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
665 .callback = run_bulk_tx_callback5,
666 .timeout = 5000, /* ms */
670 .endpoint = UE_ADDR_ANY,
671 .direction = UE_DIR_IN,
672 .bufsize = RUN_MAX_RXSZ,
673 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
674 .callback = run_bulk_rx_callback,
679 run_autoinst(void *arg, struct usb_device *udev,
680 struct usb_attach_arg *uaa)
682 struct usb_interface *iface;
683 struct usb_interface_descriptor *id;
685 if (uaa->dev_state != UAA_DEV_READY)
688 iface = usbd_get_iface(udev, 0);
692 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
694 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
697 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
698 uaa->dev_state = UAA_DEV_EJECTING;
702 run_driver_loaded(struct module *mod, int what, void *arg)
706 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
707 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
710 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
719 run_match(device_t self)
721 struct usb_attach_arg *uaa = device_get_ivars(self);
723 if (uaa->usb_mode != USB_MODE_HOST)
725 if (uaa->info.bConfigIndex != 0)
727 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
730 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
734 run_attach(device_t self)
736 struct run_softc *sc = device_get_softc(self);
737 struct usb_attach_arg *uaa = device_get_ivars(self);
738 struct ieee80211com *ic = &sc->sc_ic;
743 device_set_usb_desc(self);
744 sc->sc_udev = uaa->device;
746 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
747 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
749 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
750 MTX_NETWORK_LOCK, MTX_DEF);
751 mbufq_init(&sc->sc_snd, ifqmaxlen);
753 iface_index = RT2860_IFACE_INDEX;
755 error = usbd_transfer_setup(uaa->device, &iface_index,
756 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
758 device_printf(self, "could not allocate USB transfers, "
759 "err=%s\n", usbd_errstr(error));
765 /* wait for the chip to settle */
766 for (ntries = 0; ntries < 100; ntries++) {
767 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
771 if (ver != 0 && ver != 0xffffffff)
776 device_printf(sc->sc_dev,
777 "timeout waiting for NIC to initialize\n");
781 sc->mac_ver = ver >> 16;
782 sc->mac_rev = ver & 0xffff;
784 /* retrieve RF rev. no and various other things from EEPROM */
787 device_printf(sc->sc_dev,
788 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
789 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
790 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
795 ic->ic_name = device_get_nameunit(self);
796 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
797 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
799 /* set device capabilities */
801 IEEE80211_C_STA | /* station mode supported */
802 IEEE80211_C_MONITOR | /* monitor mode supported */
805 IEEE80211_C_WDS | /* 4-address traffic works */
807 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
808 IEEE80211_C_SHSLOT | /* short slot time supported */
809 IEEE80211_C_WME | /* WME */
810 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
813 IEEE80211_CRYPTO_WEP |
814 IEEE80211_CRYPTO_AES_CCM |
815 IEEE80211_CRYPTO_TKIPMIC |
816 IEEE80211_CRYPTO_TKIP;
818 ic->ic_flags |= IEEE80211_F_DATAPAD;
819 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
821 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
824 ieee80211_ifattach(ic);
826 ic->ic_scan_start = run_scan_start;
827 ic->ic_scan_end = run_scan_end;
828 ic->ic_set_channel = run_set_channel;
829 ic->ic_getradiocaps = run_getradiocaps;
830 ic->ic_node_alloc = run_node_alloc;
831 ic->ic_newassoc = run_newassoc;
832 ic->ic_updateslot = run_updateslot;
833 ic->ic_update_mcast = run_update_mcast;
834 ic->ic_wme.wme_update = run_wme_update;
835 ic->ic_raw_xmit = run_raw_xmit;
836 ic->ic_update_promisc = run_update_promisc;
837 ic->ic_vap_create = run_vap_create;
838 ic->ic_vap_delete = run_vap_delete;
839 ic->ic_transmit = run_transmit;
840 ic->ic_parent = run_parent;
842 ieee80211_radiotap_attach(ic,
843 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
844 RUN_TX_RADIOTAP_PRESENT,
845 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
846 RUN_RX_RADIOTAP_PRESENT);
848 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
849 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
850 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
853 ieee80211_announce(ic);
863 run_drain_mbufq(struct run_softc *sc)
866 struct ieee80211_node *ni;
868 RUN_LOCK_ASSERT(sc, MA_OWNED);
869 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
870 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
871 m->m_pkthdr.rcvif = NULL;
872 ieee80211_free_node(ni);
878 run_detach(device_t self)
880 struct run_softc *sc = device_get_softc(self);
881 struct ieee80211com *ic = &sc->sc_ic;
888 /* stop all USB transfers */
889 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
892 sc->ratectl_run = RUN_RATECTL_OFF;
893 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
895 /* free TX list, if any */
896 for (i = 0; i != RUN_EP_QUEUES; i++)
897 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
903 if (sc->sc_ic.ic_softc == sc) {
905 usb_callout_drain(&sc->ratectl_ch);
906 ieee80211_draintask(ic, &sc->cmdq_task);
907 ieee80211_draintask(ic, &sc->ratectl_task);
908 ieee80211_ifdetach(ic);
911 mtx_destroy(&sc->sc_mtx);
916 static struct ieee80211vap *
917 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
918 enum ieee80211_opmode opmode, int flags,
919 const uint8_t bssid[IEEE80211_ADDR_LEN],
920 const uint8_t mac[IEEE80211_ADDR_LEN])
922 struct run_softc *sc = ic->ic_softc;
924 struct ieee80211vap *vap;
927 if (sc->rvp_cnt >= RUN_VAP_MAX) {
928 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
933 case IEEE80211_M_STA:
934 /* enable s/w bmiss handling for sta mode */
935 flags |= IEEE80211_CLONE_NOBEACONS;
937 case IEEE80211_M_IBSS:
938 case IEEE80211_M_MONITOR:
939 case IEEE80211_M_HOSTAP:
940 case IEEE80211_M_MBSS:
941 /* other than WDS vaps, only one at a time */
942 if (!TAILQ_EMPTY(&ic->ic_vaps))
945 case IEEE80211_M_WDS:
946 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
947 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
949 /* WDS vap's always share the local mac address. */
950 flags &= ~IEEE80211_CLONE_BSSID;
954 device_printf(sc->sc_dev,
955 "wds only supported in ap mode\n");
960 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
964 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
967 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
970 free(rvp, M_80211_VAP);
974 vap->iv_update_beacon = run_update_beacon;
975 vap->iv_max_aid = RT2870_WCID_MAX;
977 * To delete the right key from h/w, we need wcid.
978 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
979 * and matching wcid will be written into there. So, cast
980 * some spells to remove 'const' from ieee80211_key{}
982 vap->iv_key_delete = (void *)run_key_delete;
983 vap->iv_key_set = (void *)run_key_set;
985 /* override state transition machine */
986 rvp->newstate = vap->iv_newstate;
987 vap->iv_newstate = run_newstate;
988 if (opmode == IEEE80211_M_IBSS) {
989 rvp->recv_mgmt = vap->iv_recv_mgmt;
990 vap->iv_recv_mgmt = run_recv_mgmt;
993 ieee80211_ratectl_init(vap);
994 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
997 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
1000 /* make sure id is always unique */
1001 for (i = 0; i < RUN_VAP_MAX; i++) {
1002 if((sc->rvp_bmap & 1 << i) == 0){
1003 sc->rvp_bmap |= 1 << i;
1008 if (sc->rvp_cnt++ == 0)
1009 ic->ic_opmode = opmode;
1011 if (opmode == IEEE80211_M_HOSTAP)
1012 sc->cmdq_run = RUN_CMDQ_GO;
1014 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n",
1015 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1021 run_vap_delete(struct ieee80211vap *vap)
1023 struct run_vap *rvp = RUN_VAP(vap);
1024 struct ieee80211com *ic;
1025 struct run_softc *sc;
1036 m_freem(rvp->beacon_mbuf);
1037 rvp->beacon_mbuf = NULL;
1039 rvp_id = rvp->rvp_id;
1040 sc->ratectl_run &= ~(1 << rvp_id);
1041 sc->rvp_bmap &= ~(1 << rvp_id);
1042 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1043 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1046 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
1047 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1048 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1052 ieee80211_ratectl_deinit(vap);
1053 ieee80211_vap_detach(vap);
1054 free(rvp, M_80211_VAP);
1058 * There are numbers of functions need to be called in context thread.
1059 * Rather than creating taskqueue event for each of those functions,
1060 * here is all-for-one taskqueue callback function. This function
1061 * guarantees deferred functions are executed in the same order they
1063 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1066 run_cmdq_cb(void *arg, int pending)
1068 struct run_softc *sc = arg;
1071 /* call cmdq[].func locked */
1073 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1074 i = sc->cmdq_exec, pending--) {
1075 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n",
1077 if (sc->cmdq_run == RUN_CMDQ_GO) {
1079 * If arg0 is NULL, callback func needs more
1080 * than one arg. So, pass ptr to cmdq struct.
1082 if (sc->cmdq[i].arg0)
1083 sc->cmdq[i].func(sc->cmdq[i].arg0);
1085 sc->cmdq[i].func(&sc->cmdq[i]);
1087 sc->cmdq[i].arg0 = NULL;
1088 sc->cmdq[i].func = NULL;
1090 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1096 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1098 struct run_tx_data *data;
1100 memset(pq, 0, sizeof(*pq));
1102 STAILQ_INIT(&pq->tx_qh);
1103 STAILQ_INIT(&pq->tx_fh);
1105 for (data = &pq->tx_data[0];
1106 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1108 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1110 pq->tx_nfree = RUN_TX_RING_COUNT;
1114 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1116 struct run_tx_data *data;
1118 /* make sure any subsequent use of the queues will fail */
1120 STAILQ_INIT(&pq->tx_fh);
1121 STAILQ_INIT(&pq->tx_qh);
1123 /* free up all node references and mbufs */
1124 for (data = &pq->tx_data[0];
1125 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1126 if (data->m != NULL) {
1130 if (data->ni != NULL) {
1131 ieee80211_free_node(data->ni);
1138 run_load_microcode(struct run_softc *sc)
1140 usb_device_request_t req;
1141 const struct firmware *fw;
1145 const uint64_t *temp;
1149 fw = firmware_get("runfw");
1152 device_printf(sc->sc_dev,
1153 "failed loadfirmware of file %s\n", "runfw");
1157 if (fw->datasize != 8192) {
1158 device_printf(sc->sc_dev,
1159 "invalid firmware size (should be 8KB)\n");
1165 * RT3071/RT3072 use a different firmware
1166 * run-rt2870 (8KB) contains both,
1167 * first half (4KB) is for rt2870,
1168 * last half is for rt3071.
1171 if ((sc->mac_ver) != 0x2860 &&
1172 (sc->mac_ver) != 0x2872 &&
1173 (sc->mac_ver) != 0x3070) {
1177 /* cheap sanity check */
1180 if (bytes != be64toh(0xffffff0210280210ULL)) {
1181 device_printf(sc->sc_dev, "firmware checksum failed\n");
1186 /* write microcode image */
1187 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1188 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1189 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1190 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1193 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1194 req.bRequest = RT2870_RESET;
1195 USETW(req.wValue, 8);
1196 USETW(req.wIndex, 0);
1197 USETW(req.wLength, 0);
1198 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1200 device_printf(sc->sc_dev, "firmware reset failed\n");
1206 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1207 run_write(sc, RT2860_H2M_MAILBOX, 0);
1208 run_write(sc, RT2860_H2M_INTSRC, 0);
1209 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1212 /* wait until microcontroller is ready */
1213 for (ntries = 0; ntries < 1000; ntries++) {
1214 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1216 if (tmp & RT2860_MCU_READY)
1220 if (ntries == 1000) {
1221 device_printf(sc->sc_dev,
1222 "timeout waiting for MCU to initialize\n");
1226 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1227 (base == fw->data) ? "RT2870" : "RT3071",
1228 *(base + 4092), *(base + 4093));
1231 firmware_put(fw, FIRMWARE_UNLOAD);
1236 run_reset(struct run_softc *sc)
1238 usb_device_request_t req;
1240 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1241 req.bRequest = RT2870_RESET;
1242 USETW(req.wValue, 1);
1243 USETW(req.wIndex, 0);
1244 USETW(req.wLength, 0);
1245 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1249 run_do_request(struct run_softc *sc,
1250 struct usb_device_request *req, void *data)
1255 RUN_LOCK_ASSERT(sc, MA_OWNED);
1258 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1259 req, data, 0, NULL, 250 /* ms */);
1262 RUN_DPRINTF(sc, RUN_DEBUG_USB,
1263 "Control request failed, %s (retrying)\n",
1271 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1276 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1278 *val = le32toh(tmp);
1285 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1287 usb_device_request_t req;
1289 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1290 req.bRequest = RT2870_READ_REGION_1;
1291 USETW(req.wValue, 0);
1292 USETW(req.wIndex, reg);
1293 USETW(req.wLength, len);
1295 return (run_do_request(sc, &req, buf));
1299 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1301 usb_device_request_t req;
1303 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1304 req.bRequest = RT2870_WRITE_2;
1305 USETW(req.wValue, val);
1306 USETW(req.wIndex, reg);
1307 USETW(req.wLength, 0);
1309 return (run_do_request(sc, &req, NULL));
1313 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1317 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1318 error = run_write_2(sc, reg + 2, val >> 16);
1323 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1329 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1330 * We thus issue multiple WRITE_2 commands instead.
1332 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1333 for (i = 0; i < len && error == 0; i += 2)
1334 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1337 usb_device_request_t req;
1341 * NOTE: It appears the WRITE_REGION_1 command cannot be
1342 * passed a huge amount of data, which will crash the
1343 * firmware. Limit amount of data passed to 64-bytes at a
1351 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1352 req.bRequest = RT2870_WRITE_REGION_1;
1353 USETW(req.wValue, 0);
1354 USETW(req.wIndex, reg);
1355 USETW(req.wLength, delta);
1356 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1368 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1372 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1373 for (i = 0; i < len && error == 0; i += 4)
1374 error = run_write(sc, reg + i, val);
1379 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1385 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1391 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1397 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1398 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1399 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1400 for (ntries = 0; ntries < 100; ntries++) {
1401 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1403 if (!(tmp & RT3070_EFSROM_KICK))
1410 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1411 *val = 0xffff; /* address not found */
1414 /* determine to which 32-bit register our 16-bit word belongs */
1415 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1416 if ((error = run_read(sc, reg, &tmp)) != 0)
1419 tmp >>= (8 * (addr & 0x3));
1420 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1425 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1427 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1429 return (run_efuse_read(sc, addr, val, 2));
1433 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1435 usb_device_request_t req;
1440 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1441 req.bRequest = RT2870_EEPROM_READ;
1442 USETW(req.wValue, 0);
1443 USETW(req.wIndex, addr);
1444 USETW(req.wLength, sizeof(tmp));
1446 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1448 *val = le16toh(tmp);
1455 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1457 /* either eFUSE ROM or EEPROM */
1458 return sc->sc_srom_read(sc, addr, val);
1462 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1467 for (ntries = 0; ntries < 10; ntries++) {
1468 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1470 if (!(tmp & RT2860_RF_REG_CTRL))
1476 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1480 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1485 for (ntries = 0; ntries < 100; ntries++) {
1486 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1488 if (!(tmp & RT3070_RF_KICK))
1494 tmp = RT3070_RF_KICK | reg << 8;
1495 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1498 for (ntries = 0; ntries < 100; ntries++) {
1499 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1501 if (!(tmp & RT3070_RF_KICK))
1512 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1517 for (ntries = 0; ntries < 10; ntries++) {
1518 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1520 if (!(tmp & RT3070_RF_KICK))
1526 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1527 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1531 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1536 for (ntries = 0; ntries < 10; ntries++) {
1537 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1539 if (!(tmp & RT2860_BBP_CSR_KICK))
1545 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1546 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1549 for (ntries = 0; ntries < 10; ntries++) {
1550 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1552 if (!(tmp & RT2860_BBP_CSR_KICK))
1563 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1568 for (ntries = 0; ntries < 10; ntries++) {
1569 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1571 if (!(tmp & RT2860_BBP_CSR_KICK))
1577 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1578 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1582 * Send a command to the 8051 microcontroller unit.
1585 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1590 for (ntries = 0; ntries < 100; ntries++) {
1591 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1593 if (!(tmp & RT2860_H2M_BUSY))
1599 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1600 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1601 error = run_write(sc, RT2860_HOST_CMD, cmd);
1606 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1607 * Used to adjust per-rate Tx power registers.
1609 static __inline uint32_t
1610 b4inc(uint32_t b32, int8_t delta)
1614 for (i = 0; i < 8; i++) {
1621 b32 = b32 >> 4 | b4 << 28;
1627 run_get_rf(uint16_t rev)
1630 case RT2860_RF_2820: return "RT2820";
1631 case RT2860_RF_2850: return "RT2850";
1632 case RT2860_RF_2720: return "RT2720";
1633 case RT2860_RF_2750: return "RT2750";
1634 case RT3070_RF_3020: return "RT3020";
1635 case RT3070_RF_2020: return "RT2020";
1636 case RT3070_RF_3021: return "RT3021";
1637 case RT3070_RF_3022: return "RT3022";
1638 case RT3070_RF_3052: return "RT3052";
1639 case RT3593_RF_3053: return "RT3053";
1640 case RT5592_RF_5592: return "RT5592";
1641 case RT5390_RF_5370: return "RT5370";
1642 case RT5390_RF_5372: return "RT5372";
1648 run_rt3593_get_txpower(struct run_softc *sc)
1653 /* Read power settings for 2GHz channels. */
1654 for (i = 0; i < 14; i += 2) {
1655 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1656 RT2860_EEPROM_PWR2GHZ_BASE1;
1657 run_srom_read(sc, addr + i / 2, &val);
1658 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1659 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1661 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1662 RT2860_EEPROM_PWR2GHZ_BASE2;
1663 run_srom_read(sc, addr + i / 2, &val);
1664 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1665 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1667 if (sc->ntxchains == 3) {
1668 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1670 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1671 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1674 /* Fix broken Tx power entries. */
1675 for (i = 0; i < 14; i++) {
1676 if (sc->txpow1[i] > 31)
1678 if (sc->txpow2[i] > 31)
1680 if (sc->ntxchains == 3) {
1681 if (sc->txpow3[i] > 31)
1685 /* Read power settings for 5GHz channels. */
1686 for (i = 0; i < 40; i += 2) {
1687 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1688 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1689 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1691 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1692 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1693 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1695 if (sc->ntxchains == 3) {
1696 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1698 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1699 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1705 run_get_txpower(struct run_softc *sc)
1710 /* Read power settings for 2GHz channels. */
1711 for (i = 0; i < 14; i += 2) {
1712 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1713 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1714 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1716 if (sc->mac_ver != 0x5390) {
1718 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1719 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1720 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1723 /* Fix broken Tx power entries. */
1724 for (i = 0; i < 14; i++) {
1725 if (sc->mac_ver >= 0x5390) {
1726 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1729 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1732 if (sc->mac_ver > 0x5390) {
1733 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1735 } else if (sc->mac_ver < 0x5390) {
1736 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1739 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1740 "chan %d: power1=%d, power2=%d\n",
1741 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1743 /* Read power settings for 5GHz channels. */
1744 for (i = 0; i < 40; i += 2) {
1745 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1746 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1747 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1749 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1750 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1751 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1753 /* Fix broken Tx power entries. */
1754 for (i = 0; i < 40; i++ ) {
1755 if (sc->mac_ver != 0x5592) {
1756 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1757 sc->txpow1[14 + i] = 5;
1758 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1759 sc->txpow2[14 + i] = 5;
1761 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1762 "chan %d: power1=%d, power2=%d\n",
1763 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1764 sc->txpow2[14 + i]);
1769 run_read_eeprom(struct run_softc *sc)
1771 struct ieee80211com *ic = &sc->sc_ic;
1772 int8_t delta_2ghz, delta_5ghz;
1777 /* check whether the ROM is eFUSE ROM or EEPROM */
1778 sc->sc_srom_read = run_eeprom_read_2;
1779 if (sc->mac_ver >= 0x3070) {
1780 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1781 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp);
1782 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1783 sc->sc_srom_read = run_efuse_read_2;
1786 /* read ROM version */
1787 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1788 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1789 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1791 /* read MAC address */
1792 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1793 ic->ic_macaddr[0] = val & 0xff;
1794 ic->ic_macaddr[1] = val >> 8;
1795 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1796 ic->ic_macaddr[2] = val & 0xff;
1797 ic->ic_macaddr[3] = val >> 8;
1798 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1799 ic->ic_macaddr[4] = val & 0xff;
1800 ic->ic_macaddr[5] = val >> 8;
1802 if (sc->mac_ver < 0x3593) {
1803 /* read vender BBP settings */
1804 for (i = 0; i < 10; i++) {
1805 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1806 sc->bbp[i].val = val & 0xff;
1807 sc->bbp[i].reg = val >> 8;
1808 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1809 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
1811 if (sc->mac_ver >= 0x3071) {
1812 /* read vendor RF settings */
1813 for (i = 0; i < 10; i++) {
1814 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1816 sc->rf[i].val = val & 0xff;
1817 sc->rf[i].reg = val >> 8;
1818 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n",
1819 sc->rf[i].reg, sc->rf[i].val);
1824 /* read RF frequency offset from EEPROM */
1825 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1826 RT3593_EEPROM_FREQ, &val);
1827 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1828 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n",
1831 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1832 RT3593_EEPROM_FREQ_LEDS, &val);
1833 if (val >> 8 != 0xff) {
1834 /* read LEDs operating mode */
1835 sc->leds = val >> 8;
1836 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1837 RT3593_EEPROM_LED1, &sc->led[0]);
1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1839 RT3593_EEPROM_LED2, &sc->led[1]);
1840 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1841 RT3593_EEPROM_LED3, &sc->led[2]);
1843 /* broken EEPROM, use default settings */
1845 sc->led[0] = 0x5555;
1846 sc->led[1] = 0x2221;
1847 sc->led[2] = 0x5627; /* differs from RT2860 */
1849 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1850 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1851 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1853 /* read RF information */
1854 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1855 run_srom_read(sc, 0x00, &val);
1857 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1859 if (val == 0xffff) {
1860 device_printf(sc->sc_dev,
1861 "invalid EEPROM antenna info, using default\n");
1862 if (sc->mac_ver == 0x3572) {
1863 /* default to RF3052 2T2R */
1864 sc->rf_rev = RT3070_RF_3052;
1867 } else if (sc->mac_ver >= 0x3070) {
1868 /* default to RF3020 1T1R */
1869 sc->rf_rev = RT3070_RF_3020;
1873 /* default to RF2820 1T2R */
1874 sc->rf_rev = RT2860_RF_2820;
1879 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1881 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1883 sc->rf_rev = (val >> 8) & 0xf;
1884 sc->ntxchains = (val >> 4) & 0xf;
1885 sc->nrxchains = val & 0xf;
1887 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n",
1888 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1890 /* check if RF supports automatic Tx access gain control */
1891 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1892 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val);
1893 /* check if driver should patch the DAC issue */
1894 if ((val >> 8) != 0xff)
1895 sc->patch_dac = (val >> 15) & 1;
1896 if ((val & 0xff) != 0xff) {
1897 sc->ext_5ghz_lna = (val >> 3) & 1;
1898 sc->ext_2ghz_lna = (val >> 2) & 1;
1899 /* check if RF supports automatic Tx access gain control */
1900 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1901 /* check if we have a hardware radio switch */
1902 sc->rfswitch = val & 1;
1905 /* Read Tx power settings. */
1906 if (sc->mac_ver == 0x3593)
1907 run_rt3593_get_txpower(sc);
1909 run_get_txpower(sc);
1911 /* read Tx power compensation for each Tx rate */
1912 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1913 delta_2ghz = delta_5ghz = 0;
1914 if ((val & 0xff) != 0xff && (val & 0x80)) {
1915 delta_2ghz = val & 0xf;
1916 if (!(val & 0x40)) /* negative number */
1917 delta_2ghz = -delta_2ghz;
1920 if ((val & 0xff) != 0xff && (val & 0x80)) {
1921 delta_5ghz = val & 0xf;
1922 if (!(val & 0x40)) /* negative number */
1923 delta_5ghz = -delta_5ghz;
1925 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1926 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz);
1928 for (ridx = 0; ridx < 5; ridx++) {
1931 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1933 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1934 reg |= (uint32_t)val << 16;
1936 sc->txpow20mhz[ridx] = reg;
1937 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1938 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1940 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1941 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1942 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1943 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1946 /* Read RSSI offsets and LNA gains from EEPROM. */
1947 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1948 RT3593_EEPROM_RSSI1_2GHZ, &val);
1949 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1950 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1951 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1952 RT3593_EEPROM_RSSI2_2GHZ, &val);
1953 if (sc->mac_ver >= 0x3070) {
1954 if (sc->mac_ver == 0x3593) {
1955 sc->txmixgain_2ghz = 0;
1956 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1959 * On RT3070 chips (limited to 2 Rx chains), this ROM
1960 * field contains the Tx mixer gain for the 2GHz band.
1962 if ((val & 0xff) != 0xff)
1963 sc->txmixgain_2ghz = val & 0x7;
1965 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n",
1966 sc->txmixgain_2ghz);
1968 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1969 if (sc->mac_ver == 0x3593)
1970 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1971 sc->lna[2] = val >> 8; /* channel group 2 */
1973 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1974 RT3593_EEPROM_RSSI1_5GHZ, &val);
1975 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1976 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1977 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1978 RT3593_EEPROM_RSSI2_5GHZ, &val);
1979 if (sc->mac_ver == 0x3572) {
1981 * On RT3572 chips (limited to 2 Rx chains), this ROM
1982 * field contains the Tx mixer gain for the 5GHz band.
1984 if ((val & 0xff) != 0xff)
1985 sc->txmixgain_5ghz = val & 0x7;
1986 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n",
1987 sc->txmixgain_5ghz);
1989 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1990 if (sc->mac_ver == 0x3593) {
1991 sc->txmixgain_5ghz = 0;
1992 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1994 sc->lna[3] = val >> 8; /* channel group 3 */
1996 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1997 RT3593_EEPROM_LNA, &val);
1998 sc->lna[0] = val & 0xff; /* channel group 0 */
1999 sc->lna[1] = val >> 8; /* channel group 1 */
2001 /* fix broken 5GHz LNA entries */
2002 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
2003 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2004 "invalid LNA for channel group %d\n", 2);
2005 sc->lna[2] = sc->lna[1];
2007 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
2008 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2009 "invalid LNA for channel group %d\n", 3);
2010 sc->lna[3] = sc->lna[1];
2013 /* fix broken RSSI offset entries */
2014 for (ant = 0; ant < 3; ant++) {
2015 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
2016 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2017 "invalid RSSI%d offset: %d (2GHz)\n",
2018 ant + 1, sc->rssi_2ghz[ant]);
2019 sc->rssi_2ghz[ant] = 0;
2021 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
2022 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2023 "invalid RSSI%d offset: %d (5GHz)\n",
2024 ant + 1, sc->rssi_5ghz[ant]);
2025 sc->rssi_5ghz[ant] = 0;
2031 static struct ieee80211_node *
2032 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2034 return malloc(sizeof (struct run_node), M_80211_NODE,
2039 run_media_change(struct ifnet *ifp)
2041 struct ieee80211vap *vap = ifp->if_softc;
2042 struct ieee80211com *ic = vap->iv_ic;
2043 const struct ieee80211_txparam *tp;
2044 struct run_softc *sc = ic->ic_softc;
2050 error = ieee80211_media_change(ifp);
2051 if (error != ENETRESET) {
2056 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2057 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2058 struct ieee80211_node *ni;
2059 struct run_node *rn;
2061 rate = ic->ic_sup_rates[ic->ic_curmode].
2062 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2063 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2064 if (rt2860_rates[ridx].rate == rate)
2066 ni = ieee80211_ref_node(vap->iv_bss);
2068 rn->fix_ridx = ridx;
2069 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n",
2070 rate, rn->fix_ridx);
2071 ieee80211_free_node(ni);
2075 if ((ifp->if_flags & IFF_UP) &&
2076 (ifp->if_drv_flags & RUN_RUNNING)){
2077 run_init_locked(sc);
2087 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2089 const struct ieee80211_txparam *tp;
2090 struct ieee80211com *ic = vap->iv_ic;
2091 struct run_softc *sc = ic->ic_softc;
2092 struct run_vap *rvp = RUN_VAP(vap);
2093 enum ieee80211_state ostate;
2096 uint8_t restart_ratectl = 0;
2097 uint8_t bid = 1 << rvp->rvp_id;
2099 ostate = vap->iv_state;
2100 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n",
2101 ieee80211_state_name[ostate],
2102 ieee80211_state_name[nstate]);
2104 IEEE80211_UNLOCK(ic);
2107 ratectl = sc->ratectl_run; /* remember current state */
2108 sc->ratectl_run = RUN_RATECTL_OFF;
2109 usb_callout_stop(&sc->ratectl_ch);
2111 if (ostate == IEEE80211_S_RUN) {
2112 /* turn link LED off */
2113 run_set_leds(sc, RT2860_LED_RADIO);
2117 case IEEE80211_S_INIT:
2118 restart_ratectl = 1;
2120 if (ostate != IEEE80211_S_RUN)
2124 sc->runbmap &= ~bid;
2126 /* abort TSF synchronization if there is no vap running */
2127 if (--sc->running == 0)
2128 run_disable_tsf(sc);
2131 case IEEE80211_S_RUN:
2132 if (!(sc->runbmap & bid)) {
2134 restart_ratectl = 1;
2138 m_freem(rvp->beacon_mbuf);
2139 rvp->beacon_mbuf = NULL;
2141 switch (vap->iv_opmode) {
2142 case IEEE80211_M_HOSTAP:
2143 case IEEE80211_M_MBSS:
2144 sc->ap_running |= bid;
2145 ic->ic_opmode = vap->iv_opmode;
2146 run_update_beacon_cb(vap);
2148 case IEEE80211_M_IBSS:
2149 sc->adhoc_running |= bid;
2150 if (!sc->ap_running)
2151 ic->ic_opmode = vap->iv_opmode;
2152 run_update_beacon_cb(vap);
2154 case IEEE80211_M_STA:
2155 sc->sta_running |= bid;
2156 if (!sc->ap_running && !sc->adhoc_running)
2157 ic->ic_opmode = vap->iv_opmode;
2159 /* read statistic counters (clear on read) */
2160 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2161 (uint8_t *)sta, sizeof sta);
2165 ic->ic_opmode = vap->iv_opmode;
2169 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2170 struct ieee80211_node *ni;
2172 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2179 run_set_txpreamble(sc);
2180 run_set_basicrates(sc);
2181 ni = ieee80211_ref_node(vap->iv_bss);
2182 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2183 run_set_bssid(sc, sc->sc_bssid);
2184 ieee80211_free_node(ni);
2185 run_enable_tsf_sync(sc);
2187 /* enable automatic rate adaptation */
2188 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2189 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2194 /* turn link LED on */
2195 run_set_leds(sc, RT2860_LED_RADIO |
2196 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2197 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2201 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n");
2205 /* restart amrr for running VAPs */
2206 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2207 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2212 return(rvp->newstate(vap, nstate, arg));
2216 run_wme_update(struct ieee80211com *ic)
2218 struct chanAccParams chp;
2219 struct run_softc *sc = ic->ic_softc;
2220 const struct wmeParams *ac;
2223 ieee80211_wme_ic_getparams(ic, &chp);
2224 ac = chp.cap_wmeParams;
2226 /* update MAC TX configuration registers */
2228 for (aci = 0; aci < WME_NUM_AC; aci++) {
2229 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2230 ac[aci].wmep_logcwmax << 16 |
2231 ac[aci].wmep_logcwmin << 12 |
2232 ac[aci].wmep_aifsn << 8 |
2233 ac[aci].wmep_txopLimit);
2234 if (error) goto err;
2237 /* update SCH/DMA registers too */
2238 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2239 ac[WME_AC_VO].wmep_aifsn << 12 |
2240 ac[WME_AC_VI].wmep_aifsn << 8 |
2241 ac[WME_AC_BK].wmep_aifsn << 4 |
2242 ac[WME_AC_BE].wmep_aifsn);
2243 if (error) goto err;
2244 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2245 ac[WME_AC_VO].wmep_logcwmin << 12 |
2246 ac[WME_AC_VI].wmep_logcwmin << 8 |
2247 ac[WME_AC_BK].wmep_logcwmin << 4 |
2248 ac[WME_AC_BE].wmep_logcwmin);
2249 if (error) goto err;
2250 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2251 ac[WME_AC_VO].wmep_logcwmax << 12 |
2252 ac[WME_AC_VI].wmep_logcwmax << 8 |
2253 ac[WME_AC_BK].wmep_logcwmax << 4 |
2254 ac[WME_AC_BE].wmep_logcwmax);
2255 if (error) goto err;
2256 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2257 ac[WME_AC_BK].wmep_txopLimit << 16 |
2258 ac[WME_AC_BE].wmep_txopLimit);
2259 if (error) goto err;
2260 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2261 ac[WME_AC_VO].wmep_txopLimit << 16 |
2262 ac[WME_AC_VI].wmep_txopLimit);
2267 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n");
2273 run_key_set_cb(void *arg)
2275 struct run_cmdq *cmdq = arg;
2276 struct ieee80211vap *vap = cmdq->arg1;
2277 struct ieee80211_key *k = cmdq->k;
2278 struct ieee80211com *ic = vap->iv_ic;
2279 struct run_softc *sc = ic->ic_softc;
2280 struct ieee80211_node *ni;
2281 u_int cipher = k->wk_cipher->ic_cipher;
2283 uint16_t base, associd;
2284 uint8_t mode, wcid, iv[8];
2286 RUN_LOCK_ASSERT(sc, MA_OWNED);
2288 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2289 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2292 associd = (ni != NULL) ? ni->ni_associd : 0;
2294 /* map net80211 cipher to RT2860 security mode */
2296 case IEEE80211_CIPHER_WEP:
2297 if(k->wk_keylen < 8)
2298 mode = RT2860_MODE_WEP40;
2300 mode = RT2860_MODE_WEP104;
2302 case IEEE80211_CIPHER_TKIP:
2303 mode = RT2860_MODE_TKIP;
2305 case IEEE80211_CIPHER_AES_CCM:
2306 mode = RT2860_MODE_AES_CCMP;
2309 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n");
2313 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2314 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2315 associd, k->wk_keyix, mode,
2316 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2317 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2318 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2320 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2321 wcid = 0; /* NB: update WCID0 for group keys */
2322 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2324 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2325 1 : RUN_AID2WCID(associd);
2326 base = RT2860_PKEY(wcid);
2329 if (cipher == IEEE80211_CIPHER_TKIP) {
2330 if(run_write_region_1(sc, base, k->wk_key, 16))
2332 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2334 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2337 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2338 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2342 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2343 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2344 /* set initial packet number in IV+EIV */
2345 if (cipher == IEEE80211_CIPHER_WEP) {
2346 memset(iv, 0, sizeof iv);
2347 iv[3] = vap->iv_def_txkey << 6;
2349 if (cipher == IEEE80211_CIPHER_TKIP) {
2350 iv[0] = k->wk_keytsc >> 8;
2351 iv[1] = (iv[0] | 0x20) & 0x7f;
2352 iv[2] = k->wk_keytsc;
2354 iv[0] = k->wk_keytsc;
2355 iv[1] = k->wk_keytsc >> 8;
2358 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2359 iv[4] = k->wk_keytsc >> 16;
2360 iv[5] = k->wk_keytsc >> 24;
2361 iv[6] = k->wk_keytsc >> 32;
2362 iv[7] = k->wk_keytsc >> 40;
2364 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2368 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2369 /* install group key */
2370 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2372 attr &= ~(0xf << (k->wk_keyix * 4));
2373 attr |= mode << (k->wk_keyix * 4);
2374 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2377 /* install pairwise key */
2378 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2380 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2381 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2385 /* TODO create a pass-thru key entry? */
2387 /* need wcid to delete the right key later */
2392 * Don't have to be deferred, but in order to keep order of
2393 * execution, i.e. with run_key_delete(), defer this and let
2394 * run_cmdq_cb() maintain the order.
2399 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2401 struct ieee80211com *ic = vap->iv_ic;
2402 struct run_softc *sc = ic->ic_softc;
2405 i = RUN_CMDQ_GET(&sc->cmdq_store);
2406 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2407 sc->cmdq[i].func = run_key_set_cb;
2408 sc->cmdq[i].arg0 = NULL;
2409 sc->cmdq[i].arg1 = vap;
2411 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2412 ieee80211_runtask(ic, &sc->cmdq_task);
2415 * To make sure key will be set when hostapd
2416 * calls iv_key_set() before if_init().
2418 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2420 sc->cmdq_key_set = RUN_CMDQ_GO;
2428 * If wlan is destroyed without being brought down i.e. without
2429 * wlan down or wpa_cli terminate, this function is called after
2430 * vap is gone. Don't refer it.
2433 run_key_delete_cb(void *arg)
2435 struct run_cmdq *cmdq = arg;
2436 struct run_softc *sc = cmdq->arg1;
2437 struct ieee80211_key *k = &cmdq->key;
2441 RUN_LOCK_ASSERT(sc, MA_OWNED);
2443 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2444 /* remove group key */
2445 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n");
2446 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2447 attr &= ~(0xf << (k->wk_keyix * 4));
2448 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2450 /* remove pairwise key */
2451 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2452 "removing key for wcid %x\n", k->wk_pad);
2453 /* matching wcid was written to wk_pad in run_key_set() */
2455 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2457 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2458 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2468 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2470 struct ieee80211com *ic = vap->iv_ic;
2471 struct run_softc *sc = ic->ic_softc;
2472 struct ieee80211_key *k0;
2476 * When called back, key might be gone. So, make a copy
2477 * of some values need to delete keys before deferring.
2478 * But, because of LOR with node lock, cannot use lock here.
2479 * So, use atomic instead.
2481 i = RUN_CMDQ_GET(&sc->cmdq_store);
2482 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2483 sc->cmdq[i].func = run_key_delete_cb;
2484 sc->cmdq[i].arg0 = NULL;
2485 sc->cmdq[i].arg1 = sc;
2486 k0 = &sc->cmdq[i].key;
2487 k0->wk_flags = k->wk_flags;
2488 k0->wk_keyix = k->wk_keyix;
2489 /* matching wcid was written to wk_pad in run_key_set() */
2490 k0->wk_pad = k->wk_pad;
2491 ieee80211_runtask(ic, &sc->cmdq_task);
2492 return (1); /* return fake success */
2497 run_ratectl_to(void *arg)
2499 struct run_softc *sc = arg;
2501 /* do it in a process context, so it can go sleep */
2502 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2503 /* next timeout will be rescheduled in the callback task */
2508 run_ratectl_cb(void *arg, int pending)
2510 struct run_softc *sc = arg;
2511 struct ieee80211com *ic = &sc->sc_ic;
2512 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2517 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2519 * run_reset_livelock() doesn't do anything with AMRR,
2520 * but Ralink wants us to call it every 1 sec. So, we
2521 * piggyback here rather than creating another callout.
2522 * Livelock may occur only in HOSTAP or IBSS mode
2523 * (when h/w is sending beacons).
2526 run_reset_livelock(sc);
2527 /* just in case, there are some stats to drain */
2532 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2535 if(sc->ratectl_run != RUN_RATECTL_OFF)
2536 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2541 run_drain_fifo(void *arg)
2543 struct run_softc *sc = arg;
2545 uint16_t (*wstat)[3];
2546 uint8_t wcid, mcs, pid;
2549 RUN_LOCK_ASSERT(sc, MA_OWNED);
2552 /* drain Tx status FIFO (maxsize = 16) */
2553 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2554 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat);
2555 if (!(stat & RT2860_TXQ_VLD))
2558 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2560 /* if no ACK was requested, no feedback is available */
2561 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2566 * Even though each stat is Tx-complete-status like format,
2567 * the device can poll stats. Because there is no guarantee
2568 * that the referring node is still around when read the stats.
2569 * So that, if we use ieee80211_ratectl_tx_update(), we will
2570 * have hard time not to refer already freed node.
2572 * To eliminate such page faults, we poll stats in softc.
2573 * Then, update the rates later with ieee80211_ratectl_tx_update().
2575 wstat = &(sc->wcid_stats[wcid]);
2576 (*wstat)[RUN_TXCNT]++;
2577 if (stat & RT2860_TXQ_OK)
2578 (*wstat)[RUN_SUCCESS]++;
2580 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2582 * Check if there were retries, ie if the Tx success rate is
2583 * different from the requested rate. Note that it works only
2584 * because we do not allow rate fallback from OFDM to CCK.
2586 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2587 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2588 if ((retry = pid -1 - mcs) > 0) {
2589 (*wstat)[RUN_TXCNT] += retry;
2590 (*wstat)[RUN_RETRY] += retry;
2593 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt);
2599 run_iter_func(void *arg, struct ieee80211_node *ni)
2601 struct run_softc *sc = arg;
2602 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
2603 struct ieee80211vap *vap = ni->ni_vap;
2604 struct run_node *rn = RUN_NODE(ni);
2605 union run_stats sta[2];
2606 uint16_t (*wstat)[3];
2611 /* Check for special case */
2612 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2616 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
2617 IEEE80211_RATECTL_TX_STATS_RETRIES;
2619 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2620 vap->iv_opmode == IEEE80211_M_STA)) {
2621 /* read statistic counters (clear on read) and update AMRR state */
2622 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2627 /* count failed TX as errors */
2628 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2629 le16toh(sta[0].error.fail));
2631 txs->nretries = le16toh(sta[1].tx.retry);
2632 txs->nsuccess = le16toh(sta[1].tx.success);
2634 txs->nframes = txs->nretries + txs->nsuccess +
2635 le16toh(sta[0].error.fail);
2637 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2638 "retrycnt=%d success=%d failcnt=%d\n",
2639 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail));
2641 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2643 if (wstat == &(sc->wcid_stats[0]) ||
2644 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2647 txs->nretries = (*wstat)[RUN_RETRY];
2648 txs->nsuccess = (*wstat)[RUN_SUCCESS];
2649 txs->nframes = (*wstat)[RUN_TXCNT];
2650 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2651 "retrycnt=%d txcnt=%d success=%d\n",
2652 txs->nretries, txs->nframes, txs->nsuccess);
2654 memset(wstat, 0, sizeof(*wstat));
2657 ieee80211_ratectl_tx_update(vap, txs);
2658 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2663 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx);
2667 run_newassoc_cb(void *arg)
2669 struct run_cmdq *cmdq = arg;
2670 struct ieee80211_node *ni = cmdq->arg1;
2671 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2672 uint8_t wcid = cmdq->wcid;
2674 RUN_LOCK_ASSERT(sc, MA_OWNED);
2676 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2677 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2679 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2683 run_newassoc(struct ieee80211_node *ni, int isnew)
2685 struct run_node *rn = RUN_NODE(ni);
2686 struct ieee80211_rateset *rs = &ni->ni_rates;
2687 struct ieee80211vap *vap = ni->ni_vap;
2688 struct ieee80211com *ic = vap->iv_ic;
2689 struct run_softc *sc = ic->ic_softc;
2695 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2696 1 : RUN_AID2WCID(ni->ni_associd);
2698 if (wcid > RT2870_WCID_MAX) {
2699 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2703 /* only interested in true associations */
2704 if (isnew && ni->ni_associd != 0) {
2707 * This function could is called though timeout function.
2710 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2711 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt);
2712 sc->cmdq[cnt].func = run_newassoc_cb;
2713 sc->cmdq[cnt].arg0 = NULL;
2714 sc->cmdq[cnt].arg1 = ni;
2715 sc->cmdq[cnt].wcid = wcid;
2716 ieee80211_runtask(ic, &sc->cmdq_task);
2719 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
2720 "new assoc isnew=%d associd=%x addr=%s\n",
2721 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2723 for (i = 0; i < rs->rs_nrates; i++) {
2724 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2725 /* convert 802.11 rate to hardware rate index */
2726 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2727 if (rt2860_rates[ridx].rate == rate)
2730 /* determine rate of control response frames */
2731 for (j = i; j >= 0; j--) {
2732 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2733 rt2860_rates[rn->ridx[i]].phy ==
2734 rt2860_rates[rn->ridx[j]].phy)
2738 rn->ctl_ridx[i] = rn->ridx[j];
2740 /* no basic rate found, use mandatory one */
2741 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2743 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2744 "rate=0x%02x ridx=%d ctl_ridx=%d\n",
2745 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2747 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2748 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2749 if (rt2860_rates[ridx].rate == rate)
2751 rn->mgt_ridx = ridx;
2752 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2753 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2756 if(sc->ratectl_run != RUN_RATECTL_OFF)
2757 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2762 * Return the Rx chain with the highest RSSI for a given frame.
2764 static __inline uint8_t
2765 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2767 uint8_t rxchain = 0;
2769 if (sc->nrxchains > 1) {
2770 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2772 if (sc->nrxchains > 2)
2773 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2780 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2781 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2783 struct ieee80211vap *vap = ni->ni_vap;
2784 struct run_softc *sc = vap->iv_ic->ic_softc;
2785 struct run_vap *rvp = RUN_VAP(vap);
2786 uint64_t ni_tstamp, rx_tstamp;
2788 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2790 if (vap->iv_state == IEEE80211_S_RUN &&
2791 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2792 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2793 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2795 run_get_tsf(sc, &rx_tstamp);
2797 rx_tstamp = le64toh(rx_tstamp);
2799 if (ni_tstamp >= rx_tstamp) {
2800 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON,
2801 "ibss merge, tsf %ju tstamp %ju\n",
2802 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2803 (void) ieee80211_ibss_merge(ni);
2809 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2811 struct ieee80211com *ic = &sc->sc_ic;
2812 struct ieee80211_frame *wh;
2813 struct ieee80211_node *ni;
2814 struct rt2870_rxd *rxd;
2815 struct rt2860_rxwi *rxwi;
2817 uint16_t len, rxwisize;
2821 rxwisize = sizeof(struct rt2860_rxwi);
2822 if (sc->mac_ver == 0x5592)
2823 rxwisize += sizeof(uint64_t);
2824 else if (sc->mac_ver == 0x3593)
2825 rxwisize += sizeof(uint32_t);
2827 if (__predict_false(dmalen <
2828 rxwisize + sizeof(struct ieee80211_frame_ack))) {
2829 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2830 "payload is too short: dma length %u < %zu\n",
2831 dmalen, rxwisize + sizeof(struct ieee80211_frame_ack));
2835 rxwi = mtod(m, struct rt2860_rxwi *);
2836 len = le16toh(rxwi->len) & 0xfff;
2838 if (__predict_false(len > dmalen - rxwisize)) {
2839 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2840 "bad RXWI length %u > %u\n", len, dmalen);
2844 /* Rx descriptor is located at the end */
2845 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2846 flags = le32toh(rxd->flags);
2848 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2849 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n",
2850 (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2854 if (flags & RT2860_RX_L2PAD) {
2855 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2856 "received RT2860_RX_L2PAD frame\n");
2860 m->m_data += rxwisize;
2861 m->m_pkthdr.len = m->m_len = len;
2863 wh = mtod(m, struct ieee80211_frame *);
2865 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) != 0 &&
2866 (flags & RT2860_RX_DEC) != 0) {
2867 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2868 m->m_flags |= M_WEP;
2871 if (len >= sizeof(struct ieee80211_frame_min)) {
2872 ni = ieee80211_find_rxnode(ic,
2873 mtod(m, struct ieee80211_frame_min *));
2877 if (__predict_false(flags & RT2860_RX_MICERR)) {
2878 /* report MIC failures to net80211 for TKIP */
2880 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2882 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2883 "MIC error. Someone is lying.\n");
2887 ant = run_maxrssi_chain(sc, rxwi);
2888 rssi = rxwi->rssi[ant];
2889 nf = run_rssi2dbm(sc, rssi, ant);
2891 if (__predict_false(ieee80211_radiotap_active(ic))) {
2892 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2896 if (flags & RT2860_RX_L2PAD)
2897 tap->wr_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
2898 tap->wr_antsignal = rssi;
2899 tap->wr_antenna = ant;
2900 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2901 tap->wr_rate = 2; /* in case it can't be found below */
2903 run_get_tsf(sc, &tap->wr_tsf);
2905 phy = le16toh(rxwi->phy);
2906 switch (phy & RT2860_PHY_MODE) {
2907 case RT2860_PHY_CCK:
2908 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2909 case 0: tap->wr_rate = 2; break;
2910 case 1: tap->wr_rate = 4; break;
2911 case 2: tap->wr_rate = 11; break;
2912 case 3: tap->wr_rate = 22; break;
2914 if (phy & RT2860_PHY_SHPRE)
2915 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2917 case RT2860_PHY_OFDM:
2918 switch (phy & RT2860_PHY_MCS) {
2919 case 0: tap->wr_rate = 12; break;
2920 case 1: tap->wr_rate = 18; break;
2921 case 2: tap->wr_rate = 24; break;
2922 case 3: tap->wr_rate = 36; break;
2923 case 4: tap->wr_rate = 48; break;
2924 case 5: tap->wr_rate = 72; break;
2925 case 6: tap->wr_rate = 96; break;
2926 case 7: tap->wr_rate = 108; break;
2933 (void)ieee80211_input(ni, m, rssi, nf);
2934 ieee80211_free_node(ni);
2936 (void)ieee80211_input_all(ic, m, rssi, nf);
2943 counter_u64_add(ic->ic_ierrors, 1);
2947 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2949 struct run_softc *sc = usbd_xfer_softc(xfer);
2950 struct ieee80211com *ic = &sc->sc_ic;
2951 struct mbuf *m = NULL;
2953 uint32_t dmalen, mbuf_len;
2957 rxwisize = sizeof(struct rt2860_rxwi);
2958 if (sc->mac_ver == 0x5592)
2959 rxwisize += sizeof(uint64_t);
2960 else if (sc->mac_ver == 0x3593)
2961 rxwisize += sizeof(uint32_t);
2963 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2965 switch (USB_GET_STATE(xfer)) {
2966 case USB_ST_TRANSFERRED:
2968 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2969 "rx done, actlen=%d\n", xferlen);
2971 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2972 sizeof(struct rt2870_rxd))) {
2973 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
2974 "xfer too short %d\n", xferlen);
2984 if (sc->rx_m == NULL) {
2985 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2986 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2988 if (sc->rx_m == NULL) {
2989 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC,
2990 "could not allocate mbuf - idle with stall\n");
2991 counter_u64_add(ic->ic_ierrors, 1);
2992 usbd_xfer_set_stall(xfer);
2993 usbd_xfer_set_frames(xfer, 0);
2996 * Directly loading a mbuf cluster into DMA to
2997 * save some data copying. This works because
2998 * there is only one cluster.
3000 usbd_xfer_set_frame_data(xfer, 0,
3001 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
3002 usbd_xfer_set_frames(xfer, 1);
3004 usbd_transfer_submit(xfer);
3007 default: /* Error */
3008 if (error != USB_ERR_CANCELLED) {
3009 /* try to clear stall first */
3010 usbd_xfer_set_stall(xfer);
3011 if (error == USB_ERR_TIMEOUT)
3012 device_printf(sc->sc_dev, "device timeout\n");
3013 counter_u64_add(ic->ic_ierrors, 1);
3016 if (sc->rx_m != NULL) {
3026 /* inputting all the frames must be last */
3030 m->m_pkthdr.len = m->m_len = xferlen;
3032 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
3034 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
3036 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
3037 ((dmalen & 3) != 0)) {
3038 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3039 "bad DMA length %u\n", dmalen);
3042 if ((dmalen + 8) > (uint32_t)xferlen) {
3043 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3044 "bad DMA length %u > %d\n",
3045 dmalen + 8, xferlen);
3049 /* If it is the last one or a single frame, we won't copy. */
3050 if ((xferlen -= dmalen + 8) <= 8) {
3051 /* trim 32-bit DMA-len header */
3053 m->m_pkthdr.len = m->m_len -= 4;
3054 run_rx_frame(sc, m, dmalen);
3055 m = NULL; /* don't free source buffer */
3059 mbuf_len = dmalen + sizeof(struct rt2870_rxd);
3060 if (__predict_false(mbuf_len > MCLBYTES)) {
3061 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3062 "payload is too big: mbuf_len %u\n", mbuf_len);
3063 counter_u64_add(ic->ic_ierrors, 1);
3067 /* copy aggregated frames to another mbuf */
3068 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3069 if (__predict_false(m0 == NULL)) {
3070 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC,
3071 "could not allocate mbuf\n");
3072 counter_u64_add(ic->ic_ierrors, 1);
3075 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3076 mbuf_len, mtod(m0, caddr_t));
3077 m0->m_pkthdr.len = m0->m_len = mbuf_len;
3078 run_rx_frame(sc, m0, dmalen);
3080 /* update data ptr */
3081 m->m_data += mbuf_len + 4;
3082 m->m_pkthdr.len = m->m_len -= mbuf_len + 4;
3085 /* make sure we free the source buffer, if any */
3092 run_tx_free(struct run_endpoint_queue *pq,
3093 struct run_tx_data *data, int txerr)
3096 ieee80211_tx_complete(data->ni, data->m, txerr);
3101 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3106 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3108 struct run_softc *sc = usbd_xfer_softc(xfer);
3109 struct ieee80211com *ic = &sc->sc_ic;
3110 struct run_tx_data *data;
3111 struct ieee80211vap *vap = NULL;
3112 struct usb_page_cache *pc;
3113 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3115 usb_frlength_t size;
3119 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3121 switch (USB_GET_STATE(xfer)) {
3122 case USB_ST_TRANSFERRED:
3123 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3124 "transfer complete: %d bytes @ index %d\n", actlen, index);
3126 data = usbd_xfer_get_priv(xfer);
3127 run_tx_free(pq, data, 0);
3128 usbd_xfer_set_priv(xfer, NULL);
3133 data = STAILQ_FIRST(&pq->tx_qh);
3137 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3140 size = (sc->mac_ver == 0x5592) ?
3141 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3142 if ((m->m_pkthdr.len +
3143 size + 3 + 8) > RUN_MAX_TXSZ) {
3144 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB,
3145 "data overflow, %u bytes\n", m->m_pkthdr.len);
3146 run_tx_free(pq, data, 1);
3150 pc = usbd_xfer_get_frame(xfer, 0);
3151 usbd_copy_in(pc, 0, &data->desc, size);
3152 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3153 size += m->m_pkthdr.len;
3155 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3156 * 4-byte padding), and be sure to zero those trailing
3159 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3160 size += ((-size) & 3) + 8;
3162 vap = data->ni->ni_vap;
3163 if (ieee80211_radiotap_active_vap(vap)) {
3164 const struct ieee80211_frame *wh;
3165 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3166 struct rt2860_txwi *txwi =
3167 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3170 wh = mtod(m, struct ieee80211_frame *);
3171 has_l2pad = IEEE80211_HAS_ADDR4(wh) !=
3172 IEEE80211_QOS_HAS_SEQ(wh);
3175 tap->wt_rate = rt2860_rates[data->ridx].rate;
3176 tap->wt_hwqueue = index;
3177 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3178 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3180 tap->wt_flags |= IEEE80211_RADIOTAP_F_DATAPAD;
3182 ieee80211_radiotap_tx(vap, m);
3185 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3186 "sending frame len=%u/%u @ index %d\n",
3187 m->m_pkthdr.len, size, index);
3189 usbd_xfer_set_frame_len(xfer, 0, size);
3190 usbd_xfer_set_priv(xfer, data);
3191 usbd_transfer_submit(xfer);
3197 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3198 "USB transfer error, %s\n", usbd_errstr(error));
3200 data = usbd_xfer_get_priv(xfer);
3203 if(data->ni != NULL)
3204 vap = data->ni->ni_vap;
3205 run_tx_free(pq, data, error);
3206 usbd_xfer_set_priv(xfer, NULL);
3210 vap = TAILQ_FIRST(&ic->ic_vaps);
3212 if (error != USB_ERR_CANCELLED) {
3213 if (error == USB_ERR_TIMEOUT) {
3214 device_printf(sc->sc_dev, "device timeout\n");
3215 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3216 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3217 "cmdq_store=%d\n", i);
3218 sc->cmdq[i].func = run_usb_timeout_cb;
3219 sc->cmdq[i].arg0 = vap;
3220 ieee80211_runtask(ic, &sc->cmdq_task);
3224 * Try to clear stall first, also if other
3225 * errors occur, hence clearing stall
3226 * introduces a 50 ms delay:
3228 usbd_xfer_set_stall(xfer);
3236 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3238 run_bulk_tx_callbackN(xfer, error, 0);
3242 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3244 run_bulk_tx_callbackN(xfer, error, 1);
3248 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3250 run_bulk_tx_callbackN(xfer, error, 2);
3254 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3256 run_bulk_tx_callbackN(xfer, error, 3);
3260 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3262 run_bulk_tx_callbackN(xfer, error, 4);
3266 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3268 run_bulk_tx_callbackN(xfer, error, 5);
3272 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3274 struct mbuf *m = data->m;
3275 struct ieee80211com *ic = &sc->sc_ic;
3276 struct ieee80211vap *vap = data->ni->ni_vap;
3277 struct ieee80211_frame *wh;
3278 struct rt2870_txd *txd;
3279 struct rt2860_txwi *txwi;
3280 uint16_t xferlen, txwisize;
3282 uint8_t ridx = data->ridx;
3285 /* get MCS code from rate index */
3286 mcs = rt2860_rates[ridx].mcs;
3288 txwisize = (sc->mac_ver == 0x5592) ?
3289 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3290 xferlen = txwisize + m->m_pkthdr.len;
3292 /* roundup to 32-bit alignment */
3293 xferlen = (xferlen + 3) & ~3;
3295 txd = (struct rt2870_txd *)&data->desc;
3296 txd->len = htole16(xferlen);
3298 wh = mtod(m, struct ieee80211_frame *);
3301 * Ether both are true or both are false, the header
3302 * are nicely aligned to 32-bit. So, no L2 padding.
3304 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3309 /* setup TX Wireless Information */
3310 txwi = (struct rt2860_txwi *)(txd + 1);
3311 txwi->len = htole16(m->m_pkthdr.len - pad);
3312 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3313 mcs |= RT2860_PHY_CCK;
3314 if (ridx != RT2860_RIDX_CCK1 &&
3315 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3316 mcs |= RT2860_PHY_SHPRE;
3318 mcs |= RT2860_PHY_OFDM;
3319 txwi->phy = htole16(mcs);
3321 /* check if RTS/CTS or CTS-to-self protection is required */
3322 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3323 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3324 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3325 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3326 txwi->txop |= RT2860_TX_TXOP_HT;
3328 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3330 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3331 txwi->xflags |= RT2860_TX_NSEQ;
3334 /* This function must be called locked */
3336 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3338 struct ieee80211com *ic = &sc->sc_ic;
3339 struct ieee80211vap *vap = ni->ni_vap;
3340 struct ieee80211_frame *wh;
3341 const struct ieee80211_txparam *tp = ni->ni_txparms;
3342 struct run_node *rn = RUN_NODE(ni);
3343 struct run_tx_data *data;
3344 struct rt2870_txd *txd;
3345 struct rt2860_txwi *txwi;
3357 RUN_LOCK_ASSERT(sc, MA_OWNED);
3359 wh = mtod(m, struct ieee80211_frame *);
3361 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3364 * There are 7 bulk endpoints: 1 for RX
3365 * and 6 for TX (4 EDCAs + HCCA + Prio).
3366 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3367 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3369 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3372 frm = ieee80211_getqos(wh);
3373 qos = le16toh(*(const uint16_t *)frm);
3374 tid = qos & IEEE80211_QOS_TID;
3375 qid = TID_TO_WME_AC(tid);
3381 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3383 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3384 qos, qid, tid, qflags);
3386 /* pickup a rate index */
3387 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3388 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3389 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3390 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3391 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3393 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3394 ridx = rn->fix_ridx;
3396 ridx = rn->amrr_ridx;
3397 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3400 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3401 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3402 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3403 xflags |= RT2860_TX_ACK;
3404 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3405 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3407 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3408 USETW(wh->i_dur, dur);
3411 /* reserve slots for mgmt packets, just in case */
3412 if (sc->sc_epq[qid].tx_nfree < 3) {
3413 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid);
3417 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3418 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3419 sc->sc_epq[qid].tx_nfree--;
3421 txd = (struct rt2870_txd *)&data->desc;
3422 txd->flags = qflags;
3423 txwi = (struct rt2860_txwi *)(txd + 1);
3424 txwi->xflags = xflags;
3425 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3428 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3429 1 : RUN_AID2WCID(ni->ni_associd);
3431 /* clear leftover garbage bits */
3439 run_set_tx_desc(sc, data);
3442 * The chip keeps track of 2 kind of Tx stats,
3443 * * TX_STAT_FIFO, for per WCID stats, and
3444 * * TX_STA_CNT0 for all-TX-in-one stats.
3446 * To use FIFO stats, we need to store MCS into the driver-private
3447 * PacketID field. So that, we can tell whose stats when we read them.
3448 * We add 1 to the MCS because setting the PacketID field to 0 means
3449 * that we don't want feedback in TX_STAT_FIFO.
3450 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3452 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3454 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3455 vap->iv_opmode == IEEE80211_M_MBSS) {
3456 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3457 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3460 * Unlike PCI based devices, we don't get any interrupt from
3461 * USB devices, so we simulate FIFO-is-full interrupt here.
3462 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3463 * quickly get fulled. To prevent overflow, increment a counter on
3464 * every FIFO stat request, so we know how many slots are left.
3465 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3466 * are used only in those modes.
3467 * We just drain stats. AMRR gets updated every 1 sec by
3468 * run_ratectl_cb() via callout.
3469 * Call it early. Otherwise overflow.
3471 if (sc->fifo_cnt++ == 10) {
3473 * With multiple vaps or if_bridge, if_start() is called
3474 * with a non-sleepable lock, tcpinp. So, need to defer.
3476 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3477 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i);
3478 sc->cmdq[i].func = run_drain_fifo;
3479 sc->cmdq[i].arg0 = sc;
3480 ieee80211_runtask(ic, &sc->cmdq_task);
3484 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3486 usbd_transfer_start(sc->sc_xfer[qid]);
3488 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3489 "sending data frame len=%d rate=%d qid=%d\n",
3490 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3491 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3497 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3499 struct ieee80211com *ic = &sc->sc_ic;
3500 struct run_node *rn = RUN_NODE(ni);
3501 struct run_tx_data *data;
3502 struct ieee80211_frame *wh;
3503 struct rt2870_txd *txd;
3504 struct rt2860_txwi *txwi;
3506 uint8_t ridx = rn->mgt_ridx;
3510 RUN_LOCK_ASSERT(sc, MA_OWNED);
3512 wh = mtod(m, struct ieee80211_frame *);
3514 /* tell hardware to add timestamp for probe responses */
3516 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3517 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3518 wflags |= RT2860_TX_TS;
3519 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3520 xflags |= RT2860_TX_ACK;
3522 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3523 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3524 USETW(wh->i_dur, dur);
3527 if (sc->sc_epq[0].tx_nfree == 0)
3528 /* let caller free mbuf */
3530 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3531 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3532 sc->sc_epq[0].tx_nfree--;
3534 txd = (struct rt2870_txd *)&data->desc;
3535 txd->flags = RT2860_TX_QSEL_EDCA;
3536 txwi = (struct rt2860_txwi *)(txd + 1);
3538 txwi->flags = wflags;
3539 txwi->xflags = xflags;
3540 txwi->txop = 0; /* clear leftover garbage bits */
3546 run_set_tx_desc(sc, data);
3548 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n",
3549 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3550 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate);
3552 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3554 usbd_transfer_start(sc->sc_xfer[0]);
3560 run_sendprot(struct run_softc *sc,
3561 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3563 struct ieee80211com *ic = ni->ni_ic;
3564 struct run_tx_data *data;
3565 struct rt2870_txd *txd;
3566 struct rt2860_txwi *txwi;
3573 RUN_LOCK_ASSERT(sc, MA_OWNED);
3575 /* check that there are free slots before allocating the mbuf */
3576 if (sc->sc_epq[0].tx_nfree == 0)
3577 /* let caller free mbuf */
3580 mprot = ieee80211_alloc_prot(ni, m, rate, prot);
3581 if (mprot == NULL) {
3582 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3583 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n");
3587 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3588 wflags = RT2860_TX_FRAG;
3590 if (prot == IEEE80211_PROT_RTSCTS)
3591 xflags |= RT2860_TX_ACK;
3593 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3594 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3595 sc->sc_epq[0].tx_nfree--;
3597 txd = (struct rt2870_txd *)&data->desc;
3598 txd->flags = RT2860_TX_QSEL_EDCA;
3599 txwi = (struct rt2860_txwi *)(txd + 1);
3601 txwi->flags = wflags;
3602 txwi->xflags = xflags;
3603 txwi->txop = 0; /* clear leftover garbage bits */
3606 data->ni = ieee80211_ref_node(ni);
3608 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3609 if (rt2860_rates[ridx].rate == protrate)
3613 run_set_tx_desc(sc, data);
3615 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n",
3616 m->m_pkthdr.len, rate);
3618 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3620 usbd_transfer_start(sc->sc_xfer[0]);
3626 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3627 const struct ieee80211_bpf_params *params)
3629 struct ieee80211com *ic = ni->ni_ic;
3630 struct run_tx_data *data;
3631 struct rt2870_txd *txd;
3632 struct rt2860_txwi *txwi;
3635 uint8_t opflags = 0;
3639 RUN_LOCK_ASSERT(sc, MA_OWNED);
3641 KASSERT(params != NULL, ("no raw xmit params"));
3643 rate = params->ibp_rate0;
3644 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3645 /* let caller free mbuf */
3649 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3650 xflags |= RT2860_TX_ACK;
3651 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3652 error = run_sendprot(sc, m, ni,
3653 params->ibp_flags & IEEE80211_BPF_RTS ?
3654 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3657 /* let caller free mbuf */
3660 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3663 if (sc->sc_epq[0].tx_nfree == 0) {
3664 /* let caller free mbuf */
3665 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3666 "sending raw frame, but tx ring is full\n");
3669 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3670 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3671 sc->sc_epq[0].tx_nfree--;
3673 txd = (struct rt2870_txd *)&data->desc;
3674 txd->flags = RT2860_TX_QSEL_EDCA;
3675 txwi = (struct rt2860_txwi *)(txd + 1);
3677 txwi->xflags = xflags;
3678 txwi->txop = opflags;
3679 txwi->flags = 0; /* clear leftover garbage bits */
3683 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3684 if (rt2860_rates[ridx].rate == rate)
3688 run_set_tx_desc(sc, data);
3690 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n",
3691 m->m_pkthdr.len, rate);
3693 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3695 usbd_transfer_start(sc->sc_xfer[0]);
3701 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3702 const struct ieee80211_bpf_params *params)
3704 struct run_softc *sc = ni->ni_ic->ic_softc;
3709 /* prevent management frames from being sent if we're not ready */
3710 if (!(sc->sc_flags & RUN_RUNNING)) {
3715 if (params == NULL) {
3717 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3718 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n");
3722 /* tx raw packet with param */
3723 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3724 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n");
3741 run_transmit(struct ieee80211com *ic, struct mbuf *m)
3743 struct run_softc *sc = ic->ic_softc;
3747 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3751 error = mbufq_enqueue(&sc->sc_snd, m);
3763 run_start(struct run_softc *sc)
3765 struct ieee80211_node *ni;
3768 RUN_LOCK_ASSERT(sc, MA_OWNED);
3770 if ((sc->sc_flags & RUN_RUNNING) == 0)
3773 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3774 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3775 if (run_tx(sc, m, ni) != 0) {
3776 mbufq_prepend(&sc->sc_snd, m);
3783 run_parent(struct ieee80211com *ic)
3785 struct run_softc *sc = ic->ic_softc;
3789 if (sc->sc_detached) {
3794 if (ic->ic_nrunning > 0) {
3795 if (!(sc->sc_flags & RUN_RUNNING)) {
3797 run_init_locked(sc);
3799 run_update_promisc_locked(sc);
3800 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3804 ieee80211_start_all(ic);
3808 run_iq_calib(struct run_softc *sc, u_int chan)
3813 run_bbp_write(sc, 158, 0x2c);
3815 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3816 else if (chan <= 64) {
3818 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3820 } else if (chan <= 138) {
3822 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3824 } else if (chan <= 165) {
3826 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3830 run_bbp_write(sc, 159, val);
3833 run_bbp_write(sc, 158, 0x2d);
3835 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3837 } else if (chan <= 64) {
3839 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3841 } else if (chan <= 138) {
3843 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3845 } else if (chan <= 165) {
3847 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3851 run_bbp_write(sc, 159, val);
3854 run_bbp_write(sc, 158, 0x4a);
3856 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3858 } else if (chan <= 64) {
3860 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3862 } else if (chan <= 138) {
3864 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3866 } else if (chan <= 165) {
3868 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3872 run_bbp_write(sc, 159, val);
3875 run_bbp_write(sc, 158, 0x4b);
3877 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3879 } else if (chan <= 64) {
3881 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3883 } else if (chan <= 138) {
3885 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3887 } else if (chan <= 165) {
3889 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3893 run_bbp_write(sc, 159, val);
3895 /* RF IQ compensation control. */
3896 run_bbp_write(sc, 158, 0x04);
3897 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3899 run_bbp_write(sc, 159, val);
3901 /* RF IQ imbalance compensation control. */
3902 run_bbp_write(sc, 158, 0x03);
3904 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3905 run_bbp_write(sc, 159, val);
3909 run_set_agc(struct run_softc *sc, uint8_t agc)
3913 if (sc->mac_ver == 0x3572) {
3914 run_bbp_read(sc, 27, &bbp);
3916 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3917 run_bbp_write(sc, 66, agc);
3918 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3919 run_bbp_write(sc, 66, agc);
3921 run_bbp_write(sc, 66, agc);
3925 run_select_chan_group(struct run_softc *sc, int group)
3930 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3931 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3932 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3933 if (sc->mac_ver < 0x3572)
3934 run_bbp_write(sc, 86, 0x00);
3936 if (sc->mac_ver == 0x3593) {
3937 run_bbp_write(sc, 77, 0x98);
3938 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3942 if (sc->ext_2ghz_lna) {
3943 if (sc->mac_ver >= 0x5390)
3944 run_bbp_write(sc, 75, 0x52);
3946 run_bbp_write(sc, 82, 0x62);
3947 run_bbp_write(sc, 75, 0x46);
3950 if (sc->mac_ver == 0x5592) {
3951 run_bbp_write(sc, 79, 0x1c);
3952 run_bbp_write(sc, 80, 0x0e);
3953 run_bbp_write(sc, 81, 0x3a);
3954 run_bbp_write(sc, 82, 0x62);
3956 run_bbp_write(sc, 195, 0x80);
3957 run_bbp_write(sc, 196, 0xe0);
3958 run_bbp_write(sc, 195, 0x81);
3959 run_bbp_write(sc, 196, 0x1f);
3960 run_bbp_write(sc, 195, 0x82);
3961 run_bbp_write(sc, 196, 0x38);
3962 run_bbp_write(sc, 195, 0x83);
3963 run_bbp_write(sc, 196, 0x32);
3964 run_bbp_write(sc, 195, 0x85);
3965 run_bbp_write(sc, 196, 0x28);
3966 run_bbp_write(sc, 195, 0x86);
3967 run_bbp_write(sc, 196, 0x19);
3968 } else if (sc->mac_ver >= 0x5390)
3969 run_bbp_write(sc, 75, 0x50);
3971 run_bbp_write(sc, 82,
3972 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3973 run_bbp_write(sc, 75, 0x50);
3977 if (sc->mac_ver == 0x5592) {
3978 run_bbp_write(sc, 79, 0x18);
3979 run_bbp_write(sc, 80, 0x08);
3980 run_bbp_write(sc, 81, 0x38);
3981 run_bbp_write(sc, 82, 0x92);
3983 run_bbp_write(sc, 195, 0x80);
3984 run_bbp_write(sc, 196, 0xf0);
3985 run_bbp_write(sc, 195, 0x81);
3986 run_bbp_write(sc, 196, 0x1e);
3987 run_bbp_write(sc, 195, 0x82);
3988 run_bbp_write(sc, 196, 0x28);
3989 run_bbp_write(sc, 195, 0x83);
3990 run_bbp_write(sc, 196, 0x20);
3991 run_bbp_write(sc, 195, 0x85);
3992 run_bbp_write(sc, 196, 0x7f);
3993 run_bbp_write(sc, 195, 0x86);
3994 run_bbp_write(sc, 196, 0x7f);
3995 } else if (sc->mac_ver == 0x3572)
3996 run_bbp_write(sc, 82, 0x94);
3998 run_bbp_write(sc, 82,
3999 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
4000 if (sc->ext_5ghz_lna)
4001 run_bbp_write(sc, 75, 0x46);
4003 run_bbp_write(sc, 75, 0x50);
4006 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
4007 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
4008 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
4009 run_write(sc, RT2860_TX_BAND_CFG, tmp);
4011 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
4012 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
4013 if (sc->mac_ver == 0x3593)
4014 tmp |= 1 << 29 | 1 << 28;
4015 if (sc->nrxchains > 1)
4016 tmp |= RT2860_LNA_PE1_EN;
4017 if (group == 0) { /* 2GHz */
4018 tmp |= RT2860_PA_PE_G0_EN;
4019 if (sc->ntxchains > 1)
4020 tmp |= RT2860_PA_PE_G1_EN;
4021 if (sc->mac_ver == 0x3593) {
4022 if (sc->ntxchains > 2)
4026 tmp |= RT2860_PA_PE_A0_EN;
4027 if (sc->ntxchains > 1)
4028 tmp |= RT2860_PA_PE_A1_EN;
4030 if (sc->mac_ver == 0x3572) {
4031 run_rt3070_rf_write(sc, 8, 0x00);
4032 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4033 run_rt3070_rf_write(sc, 8, 0x80);
4035 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4037 if (sc->mac_ver == 0x5592) {
4038 run_bbp_write(sc, 195, 0x8d);
4039 run_bbp_write(sc, 196, 0x1a);
4042 if (sc->mac_ver == 0x3593) {
4043 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4047 tmp = (tmp & ~0x00009090) | 0x00000090;
4048 run_write(sc, RT2860_GPIO_CTRL, tmp);
4051 /* set initial AGC value */
4052 if (group == 0) { /* 2GHz band */
4053 if (sc->mac_ver >= 0x3070)
4054 agc = 0x1c + sc->lna[0] * 2;
4056 agc = 0x2e + sc->lna[0];
4057 } else { /* 5GHz band */
4058 if (sc->mac_ver == 0x5592)
4059 agc = 0x24 + sc->lna[group] * 2;
4060 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4061 agc = 0x22 + (sc->lna[group] * 5) / 3;
4063 agc = 0x32 + (sc->lna[group] * 5) / 3;
4065 run_set_agc(sc, agc);
4069 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4071 const struct rfprog *rfprog = rt2860_rf2850;
4072 uint32_t r2, r3, r4;
4073 int8_t txpow1, txpow2;
4076 /* find the settings for this channel (we know it exists) */
4077 for (i = 0; rfprog[i].chan != chan; i++);
4080 if (sc->ntxchains == 1)
4081 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4082 if (sc->nrxchains == 1)
4083 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4084 else if (sc->nrxchains == 2)
4085 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4087 /* use Tx power values from EEPROM */
4088 txpow1 = sc->txpow1[i];
4089 txpow2 = sc->txpow2[i];
4091 /* Initialize RF R3 and R4. */
4092 r3 = rfprog[i].r3 & 0xffffc1ff;
4093 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4096 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4097 r3 |= (txpow1 << 10) | (1 << 9);
4101 /* txpow1 is not possible larger than 15. */
4102 r3 |= (txpow1 << 10);
4105 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4106 r4 |= (txpow2 << 7) | (1 << 6);
4109 r4 |= (txpow2 << 7);
4112 /* Set Tx0 power. */
4113 r3 |= (txpow1 << 9);
4115 /* Set frequency offset and Tx1 power. */
4116 r4 |= (txpow2 << 6);
4119 run_rt2870_rf_write(sc, rfprog[i].r1);
4120 run_rt2870_rf_write(sc, r2);
4121 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4122 run_rt2870_rf_write(sc, r4);
4126 run_rt2870_rf_write(sc, rfprog[i].r1);
4127 run_rt2870_rf_write(sc, r2);
4128 run_rt2870_rf_write(sc, r3 | (1 << 2));
4129 run_rt2870_rf_write(sc, r4);
4133 run_rt2870_rf_write(sc, rfprog[i].r1);
4134 run_rt2870_rf_write(sc, r2);
4135 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4136 run_rt2870_rf_write(sc, r4);
4140 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4142 int8_t txpow1, txpow2;
4146 /* find the settings for this channel (we know it exists) */
4147 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4149 /* use Tx power values from EEPROM */
4150 txpow1 = sc->txpow1[i];
4151 txpow2 = sc->txpow2[i];
4153 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4155 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4156 run_rt3070_rf_read(sc, 3, &rf);
4157 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4158 run_rt3070_rf_write(sc, 3, rf);
4160 run_rt3070_rf_read(sc, 6, &rf);
4161 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4162 run_rt3070_rf_write(sc, 6, rf);
4165 run_rt3070_rf_read(sc, 12, &rf);
4166 rf = (rf & ~0x1f) | txpow1;
4167 run_rt3070_rf_write(sc, 12, rf);
4170 run_rt3070_rf_read(sc, 13, &rf);
4171 rf = (rf & ~0x1f) | txpow2;
4172 run_rt3070_rf_write(sc, 13, rf);
4174 run_rt3070_rf_read(sc, 1, &rf);
4176 if (sc->ntxchains == 1)
4177 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4178 else if (sc->ntxchains == 2)
4179 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4180 if (sc->nrxchains == 1)
4181 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4182 else if (sc->nrxchains == 2)
4183 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4184 run_rt3070_rf_write(sc, 1, rf);
4187 run_rt3070_rf_read(sc, 23, &rf);
4188 rf = (rf & ~0x7f) | sc->freq;
4189 run_rt3070_rf_write(sc, 23, rf);
4191 /* program RF filter */
4192 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4193 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4194 run_rt3070_rf_write(sc, 24, rf);
4195 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4196 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4197 run_rt3070_rf_write(sc, 31, rf);
4199 /* enable RF tuning */
4200 run_rt3070_rf_read(sc, 7, &rf);
4201 run_rt3070_rf_write(sc, 7, rf | 0x01);
4205 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4207 int8_t txpow1, txpow2;
4212 /* find the settings for this channel (we know it exists) */
4213 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4215 /* use Tx power values from EEPROM */
4216 txpow1 = sc->txpow1[i];
4217 txpow2 = sc->txpow2[i];
4220 run_bbp_write(sc, 25, sc->bbp25);
4221 run_bbp_write(sc, 26, sc->bbp26);
4223 /* enable IQ phase correction */
4224 run_bbp_write(sc, 25, 0x09);
4225 run_bbp_write(sc, 26, 0xff);
4228 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4229 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4230 run_rt3070_rf_read(sc, 6, &rf);
4231 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4232 rf |= (chan <= 14) ? 0x08 : 0x04;
4233 run_rt3070_rf_write(sc, 6, rf);
4236 run_rt3070_rf_read(sc, 5, &rf);
4237 rf &= ~(0x08 | 0x04);
4238 rf |= (chan <= 14) ? 0x04 : 0x08;
4239 run_rt3070_rf_write(sc, 5, rf);
4241 /* set Tx power for chain 0 */
4245 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4246 run_rt3070_rf_write(sc, 12, rf);
4248 /* set Tx power for chain 1 */
4252 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4253 run_rt3070_rf_write(sc, 13, rf);
4255 /* set Tx/Rx streams */
4256 run_rt3070_rf_read(sc, 1, &rf);
4258 if (sc->ntxchains == 1)
4259 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4260 else if (sc->ntxchains == 2)
4261 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4262 if (sc->nrxchains == 1)
4263 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4264 else if (sc->nrxchains == 2)
4265 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4266 run_rt3070_rf_write(sc, 1, rf);
4269 run_rt3070_rf_read(sc, 23, &rf);
4270 rf = (rf & ~0x7f) | sc->freq;
4271 run_rt3070_rf_write(sc, 23, rf);
4273 /* program RF filter */
4274 rf = sc->rf24_20mhz;
4275 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4276 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4278 /* enable RF tuning */
4279 run_rt3070_rf_read(sc, 7, &rf);
4280 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4281 run_rt3070_rf_write(sc, 7, rf);
4284 rf = (chan <= 14) ? 0xc3 : 0xc0;
4285 run_rt3070_rf_write(sc, 9, rf);
4287 /* set loop filter 1 */
4288 run_rt3070_rf_write(sc, 10, 0xf1);
4289 /* set loop filter 2 */
4290 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4293 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4296 rf = 0x48 | sc->txmixgain_2ghz;
4298 rf = 0x78 | sc->txmixgain_5ghz;
4299 run_rt3070_rf_write(sc, 16, rf);
4302 run_rt3070_rf_write(sc, 17, 0x23);
4306 else if (chan <= 64)
4308 else if (chan <= 128)
4312 run_rt3070_rf_write(sc, 19, rf);
4317 else if (chan <= 64)
4319 else if (chan <= 128)
4323 run_rt3070_rf_write(sc, 20, rf);
4328 else if (chan <= 64)
4332 run_rt3070_rf_write(sc, 25, rf);
4335 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4337 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4339 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4341 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4345 run_write(sc, RT2860_GPIO_CTRL, tmp);
4347 /* enable RF tuning */
4348 run_rt3070_rf_read(sc, 7, &rf);
4349 run_rt3070_rf_write(sc, 7, rf | 0x01);
4355 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4357 int8_t txpow1, txpow2, txpow3;
4361 /* find the settings for this channel (we know it exists) */
4362 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4364 /* use Tx power values from EEPROM */
4365 txpow1 = sc->txpow1[i];
4366 txpow2 = sc->txpow2[i];
4367 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4370 run_bbp_write(sc, 25, sc->bbp25);
4371 run_bbp_write(sc, 26, sc->bbp26);
4373 /* Enable IQ phase correction. */
4374 run_bbp_write(sc, 25, 0x09);
4375 run_bbp_write(sc, 26, 0xff);
4378 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4379 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4380 run_rt3070_rf_read(sc, 11, &rf);
4381 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4382 run_rt3070_rf_write(sc, 11, rf);
4385 run_rt3070_rf_read(sc, 11, &rf);
4387 rf |= (chan <= 14) ? 0x44 : 0x48;
4388 run_rt3070_rf_write(sc, 11, rf);
4393 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4394 run_rt3070_rf_write(sc, 53, rf);
4399 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4400 run_rt3070_rf_write(sc, 55, rf);
4405 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4406 run_rt3070_rf_write(sc, 54, rf);
4408 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4409 if (sc->ntxchains == 3)
4410 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4412 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4413 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4414 run_rt3070_rf_write(sc, 1, rf);
4416 run_adjust_freq_offset(sc);
4418 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4420 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4421 run_rt3070_rf_read(sc, 30, &rf);
4422 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4423 run_rt3070_rf_write(sc, 30, rf);
4425 run_rt3070_rf_read(sc, 36, &rf);
4430 run_rt3070_rf_write(sc, 36, rf);
4433 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4434 /* Set pfd_delay. */
4435 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4437 /* Set vco bias current control. */
4438 run_rt3070_rf_read(sc, 6, &rf);
4442 else if (chan <= 128)
4446 run_rt3070_rf_write(sc, 6, rf);
4448 run_rt3070_rf_read(sc, 30, &rf);
4449 rf = (rf & ~0x18) | 0x10;
4450 run_rt3070_rf_write(sc, 30, rf);
4452 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4453 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4455 run_rt3070_rf_read(sc, 51, &rf);
4456 rf = (rf & ~0x03) | 0x01;
4457 run_rt3070_rf_write(sc, 51, rf);
4458 /* Set tx_mx1_cc. */
4459 run_rt3070_rf_read(sc, 51, &rf);
4461 rf |= (chan <= 14) ? 0x14 : 0x10;
4462 run_rt3070_rf_write(sc, 51, rf);
4463 /* Set tx_mx1_ic. */
4464 run_rt3070_rf_read(sc, 51, &rf);
4466 rf |= (chan <= 14) ? 0x60 : 0x40;
4467 run_rt3070_rf_write(sc, 51, rf);
4468 /* Set tx_lo1_ic. */
4469 run_rt3070_rf_read(sc, 49, &rf);
4471 rf |= (chan <= 14) ? 0x0c : 0x08;
4472 run_rt3070_rf_write(sc, 49, rf);
4473 /* Set tx_lo1_en. */
4474 run_rt3070_rf_read(sc, 50, &rf);
4475 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4477 run_rt3070_rf_read(sc, 57, &rf);
4479 rf |= (chan <= 14) ? 0x6c : 0x3c;
4480 run_rt3070_rf_write(sc, 57, rf);
4481 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4482 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4483 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4484 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4485 /* Enable VCO calibration. */
4486 run_rt3070_rf_read(sc, 3, &rf);
4487 rf &= ~RT5390_VCOCAL;
4488 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4489 run_rt3070_rf_write(sc, 3, rf);
4493 else if (chan <= 64)
4495 else if (chan <= 128)
4499 run_rt3070_rf_write(sc, 39, rf);
4502 else if (chan <= 64)
4504 else if (chan <= 128)
4508 run_rt3070_rf_write(sc, 45, rf);
4510 /* Set FEQ/AEQ control. */
4511 run_bbp_write(sc, 105, 0x34);
4515 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4517 int8_t txpow1, txpow2;
4521 /* find the settings for this channel (we know it exists) */
4522 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4524 /* use Tx power values from EEPROM */
4525 txpow1 = sc->txpow1[i];
4526 txpow2 = sc->txpow2[i];
4528 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4529 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4530 run_rt3070_rf_read(sc, 11, &rf);
4531 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4532 run_rt3070_rf_write(sc, 11, rf);
4534 run_rt3070_rf_read(sc, 49, &rf);
4535 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4536 /* The valid range of the RF R49 is 0x00 to 0x27. */
4537 if ((rf & 0x3f) > 0x27)
4538 rf = (rf & ~0x3f) | 0x27;
4539 run_rt3070_rf_write(sc, 49, rf);
4541 if (sc->mac_ver == 0x5392) {
4542 run_rt3070_rf_read(sc, 50, &rf);
4543 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4544 /* The valid range of the RF R50 is 0x00 to 0x27. */
4545 if ((rf & 0x3f) > 0x27)
4546 rf = (rf & ~0x3f) | 0x27;
4547 run_rt3070_rf_write(sc, 50, rf);
4550 run_rt3070_rf_read(sc, 1, &rf);
4551 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4552 if (sc->mac_ver == 0x5392)
4553 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4554 run_rt3070_rf_write(sc, 1, rf);
4556 if (sc->mac_ver != 0x5392) {
4557 run_rt3070_rf_read(sc, 2, &rf);
4559 run_rt3070_rf_write(sc, 2, rf);
4562 run_rt3070_rf_write(sc, 2, rf);
4565 run_adjust_freq_offset(sc);
4567 if (sc->mac_ver == 0x5392) {
4568 /* Fix for RT5392C. */
4569 if (sc->mac_rev >= 0x0223) {
4572 else if (chan >= 5 && chan <= 7)
4576 run_rt3070_rf_write(sc, 23, rf);
4582 else if (chan >= 6 && chan <= 7)
4584 else if (chan >= 8 && chan <= 10)
4588 run_rt3070_rf_write(sc, 59, rf);
4594 run_rt3070_rf_write(sc, 59, rf);
4597 /* Fix for RT5390F. */
4598 if (sc->mac_rev >= 0x0502) {
4603 run_rt3070_rf_write(sc, 55, rf);
4607 else if (chan == 12)
4611 run_rt3070_rf_write(sc, 59, rf);
4613 run_rt3070_rf_write(sc, 55, 0x44);
4614 run_rt3070_rf_write(sc, 59, 0x8f);
4618 /* Enable VCO calibration. */
4619 run_rt3070_rf_read(sc, 3, &rf);
4620 rf |= RT5390_VCOCAL;
4621 run_rt3070_rf_write(sc, 3, rf);
4625 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4627 const struct rt5592_freqs *freqs;
4629 uint8_t reg, rf, txpow_bound;
4630 int8_t txpow1, txpow2;
4633 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4634 freqs = (tmp & RT5592_SEL_XTAL) ?
4635 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4637 /* find the settings for this channel (we know it exists) */
4638 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4640 /* use Tx power values from EEPROM */
4641 txpow1 = sc->txpow1[i];
4642 txpow2 = sc->txpow2[i];
4644 run_read(sc, RT3070_LDO_CFG0, &tmp);
4648 run_write(sc, RT3070_LDO_CFG0, tmp);
4651 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4652 run_rt3070_rf_read(sc, 9, &rf);
4654 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4655 run_rt3070_rf_write(sc, 9, rf);
4658 run_rt3070_rf_read(sc, 9, &rf);
4660 rf |= (freqs->k & 0x0f);
4661 run_rt3070_rf_write(sc, 9, rf);
4664 run_rt3070_rf_read(sc, 11, &rf);
4666 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4667 run_rt3070_rf_write(sc, 11, rf);
4668 run_rt3070_rf_read(sc, 9, &rf);
4670 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4671 run_rt3070_rf_write(sc, 9, rf);
4674 run_rt3070_rf_read(sc, 11, &rf);
4676 rf |= (freqs->r - 0x1);
4677 run_rt3070_rf_write(sc, 11, rf);
4680 /* Initialize RF registers for 2GHZ. */
4681 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4682 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4683 rt5592_2ghz_def_rf[i].val);
4686 rf = (chan <= 10) ? 0x07 : 0x06;
4687 run_rt3070_rf_write(sc, 23, rf);
4688 run_rt3070_rf_write(sc, 59, rf);
4690 run_rt3070_rf_write(sc, 55, 0x43);
4693 * RF R49/R50 Tx power ALC code.
4694 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4699 /* Initialize RF registers for 5GHZ. */
4700 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4701 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4702 rt5592_5ghz_def_rf[i].val);
4704 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4705 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4706 chan <= rt5592_chan_5ghz[i].lastchan) {
4707 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4708 rt5592_chan_5ghz[i].val);
4713 * RF R49/R50 Tx power ALC code.
4714 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4720 /* RF R49 ch0 Tx power ALC code. */
4721 run_rt3070_rf_read(sc, 49, &rf);
4724 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4725 if ((rf & 0x3f) > txpow_bound)
4726 rf = (rf & ~0x3f) | txpow_bound;
4727 run_rt3070_rf_write(sc, 49, rf);
4729 /* RF R50 ch1 Tx power ALC code. */
4730 run_rt3070_rf_read(sc, 50, &rf);
4731 rf &= ~(1 << 7 | 1 << 6);
4733 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4734 if ((rf & 0x3f) > txpow_bound)
4735 rf = (rf & ~0x3f) | txpow_bound;
4736 run_rt3070_rf_write(sc, 50, rf);
4738 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4739 run_rt3070_rf_read(sc, 1, &rf);
4740 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4741 if (sc->ntxchains > 1)
4742 rf |= RT3070_TX1_PD;
4743 if (sc->nrxchains > 1)
4744 rf |= RT3070_RX1_PD;
4745 run_rt3070_rf_write(sc, 1, rf);
4747 run_rt3070_rf_write(sc, 6, 0xe4);
4749 run_rt3070_rf_write(sc, 30, 0x10);
4750 run_rt3070_rf_write(sc, 31, 0x80);
4751 run_rt3070_rf_write(sc, 32, 0x80);
4753 run_adjust_freq_offset(sc);
4755 /* Enable VCO calibration. */
4756 run_rt3070_rf_read(sc, 3, &rf);
4757 rf |= RT5390_VCOCAL;
4758 run_rt3070_rf_write(sc, 3, rf);
4762 run_set_rx_antenna(struct run_softc *sc, int aux)
4768 if (sc->rf_rev == RT5390_RF_5370) {
4769 run_bbp_read(sc, 152, &bbp152);
4770 run_bbp_write(sc, 152, bbp152 & ~0x80);
4772 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4773 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4774 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4777 if (sc->rf_rev == RT5390_RF_5370) {
4778 run_bbp_read(sc, 152, &bbp152);
4779 run_bbp_write(sc, 152, bbp152 | 0x80);
4781 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4782 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4783 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4789 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4791 struct ieee80211com *ic = &sc->sc_ic;
4794 chan = ieee80211_chan2ieee(ic, c);
4795 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4798 if (sc->mac_ver == 0x5592)
4799 run_rt5592_set_chan(sc, chan);
4800 else if (sc->mac_ver >= 0x5390)
4801 run_rt5390_set_chan(sc, chan);
4802 else if (sc->mac_ver == 0x3593)
4803 run_rt3593_set_chan(sc, chan);
4804 else if (sc->mac_ver == 0x3572)
4805 run_rt3572_set_chan(sc, chan);
4806 else if (sc->mac_ver >= 0x3070)
4807 run_rt3070_set_chan(sc, chan);
4809 run_rt2870_set_chan(sc, chan);
4811 /* determine channel group */
4814 else if (chan <= 64)
4816 else if (chan <= 128)
4821 /* XXX necessary only when group has changed! */
4822 run_select_chan_group(sc, group);
4826 /* Perform IQ calibration. */
4827 if (sc->mac_ver >= 0x5392)
4828 run_iq_calib(sc, chan);
4834 run_set_channel(struct ieee80211com *ic)
4836 struct run_softc *sc = ic->ic_softc;
4839 run_set_chan(sc, ic->ic_curchan);
4846 run_getradiocaps(struct ieee80211com *ic,
4847 int maxchans, int *nchans, struct ieee80211_channel chans[])
4849 struct run_softc *sc = ic->ic_softc;
4850 uint8_t bands[IEEE80211_MODE_BYTES];
4852 memset(bands, 0, sizeof(bands));
4853 setbit(bands, IEEE80211_MODE_11B);
4854 setbit(bands, IEEE80211_MODE_11G);
4855 ieee80211_add_channels_default_2ghz(chans, maxchans, nchans, bands, 0);
4857 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
4858 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
4859 sc->rf_rev == RT5592_RF_5592) {
4860 setbit(bands, IEEE80211_MODE_11A);
4861 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
4862 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0);
4867 run_scan_start(struct ieee80211com *ic)
4869 struct run_softc *sc = ic->ic_softc;
4873 /* abort TSF synchronization */
4874 run_disable_tsf(sc);
4875 run_set_bssid(sc, ieee80211broadcastaddr);
4883 run_scan_end(struct ieee80211com *ic)
4885 struct run_softc *sc = ic->ic_softc;
4889 run_enable_tsf_sync(sc);
4890 run_set_bssid(sc, sc->sc_bssid);
4898 * Could be called from ieee80211_node_timeout()
4899 * (non-sleepable thread)
4902 run_update_beacon(struct ieee80211vap *vap, int item)
4904 struct ieee80211com *ic = vap->iv_ic;
4905 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4906 struct ieee80211_node *ni = vap->iv_bss;
4907 struct run_softc *sc = ic->ic_softc;
4908 struct run_vap *rvp = RUN_VAP(vap);
4913 case IEEE80211_BEACON_ERP:
4916 case IEEE80211_BEACON_HTINFO:
4919 case IEEE80211_BEACON_TIM:
4926 setbit(bo->bo_flags, item);
4927 if (rvp->beacon_mbuf == NULL) {
4928 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4929 if (rvp->beacon_mbuf == NULL)
4932 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
4934 i = RUN_CMDQ_GET(&sc->cmdq_store);
4935 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
4936 sc->cmdq[i].func = run_update_beacon_cb;
4937 sc->cmdq[i].arg0 = vap;
4938 ieee80211_runtask(ic, &sc->cmdq_task);
4944 run_update_beacon_cb(void *arg)
4946 struct ieee80211vap *vap = arg;
4947 struct ieee80211_node *ni = vap->iv_bss;
4948 struct run_vap *rvp = RUN_VAP(vap);
4949 struct ieee80211com *ic = vap->iv_ic;
4950 struct run_softc *sc = ic->ic_softc;
4951 struct rt2860_txwi txwi;
4956 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
4958 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4962 * No need to call ieee80211_beacon_update(), run_update_beacon()
4963 * is taking care of appropriate calls.
4965 if (rvp->beacon_mbuf == NULL) {
4966 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4967 if (rvp->beacon_mbuf == NULL)
4970 m = rvp->beacon_mbuf;
4972 memset(&txwi, 0, sizeof(txwi));
4974 txwi.len = htole16(m->m_pkthdr.len);
4976 /* send beacons at the lowest available rate */
4977 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4978 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4979 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4980 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4981 txwi.phy |= htole16(RT2860_PHY_OFDM);
4982 txwi.txop = RT2860_TX_TXOP_HT;
4983 txwi.flags = RT2860_TX_TS;
4984 txwi.xflags = RT2860_TX_NSEQ;
4986 txwisize = (sc->mac_ver == 0x5592) ?
4987 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4988 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4990 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4991 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4995 run_updateprot(struct ieee80211com *ic)
4997 struct run_softc *sc = ic->ic_softc;
5000 i = RUN_CMDQ_GET(&sc->cmdq_store);
5001 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5002 sc->cmdq[i].func = run_updateprot_cb;
5003 sc->cmdq[i].arg0 = ic;
5004 ieee80211_runtask(ic, &sc->cmdq_task);
5008 run_updateprot_cb(void *arg)
5010 struct ieee80211com *ic = arg;
5011 struct run_softc *sc = ic->ic_softc;
5014 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5015 /* setup protection frame rate (MCS code) */
5016 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5017 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5018 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5020 /* CCK frames don't require protection */
5021 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5022 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5023 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5024 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5025 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5026 tmp |= RT2860_PROT_CTRL_CTS;
5028 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5032 run_usb_timeout_cb(void *arg)
5034 struct ieee80211vap *vap = arg;
5035 struct run_softc *sc = vap->iv_ic->ic_softc;
5037 RUN_LOCK_ASSERT(sc, MA_OWNED);
5039 if(vap->iv_state == IEEE80211_S_RUN &&
5040 vap->iv_opmode != IEEE80211_M_STA)
5041 run_reset_livelock(sc);
5042 else if (vap->iv_state == IEEE80211_S_SCAN) {
5043 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5044 "timeout caused by scan\n");
5046 ieee80211_cancel_scan(vap);
5048 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5049 "timeout by unknown cause\n");
5053 run_reset_livelock(struct run_softc *sc)
5057 RUN_LOCK_ASSERT(sc, MA_OWNED);
5060 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5061 * can run into a livelock and start sending CTS-to-self frames like
5062 * crazy if protection is enabled. Reset MAC/BBP for a while
5064 run_read(sc, RT2860_DEBUG, &tmp);
5065 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp);
5066 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5067 RUN_DPRINTF(sc, RUN_DEBUG_RESET,
5068 "CTS-to-self livelock detected\n");
5069 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5071 run_write(sc, RT2860_MAC_SYS_CTRL,
5072 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5077 run_update_promisc_locked(struct run_softc *sc)
5081 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5083 tmp |= RT2860_DROP_UC_NOME;
5084 if (sc->sc_ic.ic_promisc > 0)
5085 tmp &= ~RT2860_DROP_UC_NOME;
5087 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5089 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n",
5090 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving");
5094 run_update_promisc(struct ieee80211com *ic)
5096 struct run_softc *sc = ic->ic_softc;
5098 if ((sc->sc_flags & RUN_RUNNING) == 0)
5102 run_update_promisc_locked(sc);
5107 run_enable_tsf_sync(struct run_softc *sc)
5109 struct ieee80211com *ic = &sc->sc_ic;
5110 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5113 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n",
5114 RUN_VAP(vap)->rvp_id, ic->ic_opmode);
5116 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5118 tmp |= vap->iv_bss->ni_intval * 16;
5119 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5121 if (ic->ic_opmode == IEEE80211_M_STA) {
5123 * Local TSF is always updated with remote TSF on beacon
5126 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5127 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5128 tmp |= RT2860_BCN_TX_EN;
5130 * Local TSF is updated with remote TSF on beacon reception
5131 * only if the remote TSF is greater than local TSF.
5133 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5134 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5135 ic->ic_opmode == IEEE80211_M_MBSS) {
5136 tmp |= RT2860_BCN_TX_EN;
5137 /* SYNC with nobody */
5138 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5140 RUN_DPRINTF(sc, RUN_DEBUG_BEACON,
5141 "Enabling TSF failed. undefined opmode\n");
5145 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5149 run_enable_tsf(struct run_softc *sc)
5153 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5154 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5155 tmp |= RT2860_TSF_TIMER_EN;
5156 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5161 run_disable_tsf(struct run_softc *sc)
5165 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5166 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
5167 RT2860_TBTT_TIMER_EN);
5168 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5173 run_get_tsf(struct run_softc *sc, uint64_t *buf)
5175 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5180 run_enable_mrr(struct run_softc *sc)
5182 #define CCK(mcs) (mcs)
5183 #define OFDM(mcs) (1 << 3 | (mcs))
5184 run_write(sc, RT2860_LG_FBK_CFG0,
5185 OFDM(6) << 28 | /* 54->48 */
5186 OFDM(5) << 24 | /* 48->36 */
5187 OFDM(4) << 20 | /* 36->24 */
5188 OFDM(3) << 16 | /* 24->18 */
5189 OFDM(2) << 12 | /* 18->12 */
5190 OFDM(1) << 8 | /* 12-> 9 */
5191 OFDM(0) << 4 | /* 9-> 6 */
5192 OFDM(0)); /* 6-> 6 */
5194 run_write(sc, RT2860_LG_FBK_CFG1,
5195 CCK(2) << 12 | /* 11->5.5 */
5196 CCK(1) << 8 | /* 5.5-> 2 */
5197 CCK(0) << 4 | /* 2-> 1 */
5198 CCK(0)); /* 1-> 1 */
5204 run_set_txpreamble(struct run_softc *sc)
5206 struct ieee80211com *ic = &sc->sc_ic;
5209 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5210 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5211 tmp |= RT2860_CCK_SHORT_EN;
5213 tmp &= ~RT2860_CCK_SHORT_EN;
5214 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5218 run_set_basicrates(struct run_softc *sc)
5220 struct ieee80211com *ic = &sc->sc_ic;
5222 /* set basic rates mask */
5223 if (ic->ic_curmode == IEEE80211_MODE_11B)
5224 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5225 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5226 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5228 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5232 run_set_leds(struct run_softc *sc, uint16_t which)
5234 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5235 which | (sc->leds & 0x7f));
5239 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5241 run_write(sc, RT2860_MAC_BSSID_DW0,
5242 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5243 run_write(sc, RT2860_MAC_BSSID_DW1,
5244 bssid[4] | bssid[5] << 8);
5248 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5250 run_write(sc, RT2860_MAC_ADDR_DW0,
5251 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5252 run_write(sc, RT2860_MAC_ADDR_DW1,
5253 addr[4] | addr[5] << 8 | 0xff << 16);
5257 run_updateslot(struct ieee80211com *ic)
5259 struct run_softc *sc = ic->ic_softc;
5262 i = RUN_CMDQ_GET(&sc->cmdq_store);
5263 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5264 sc->cmdq[i].func = run_updateslot_cb;
5265 sc->cmdq[i].arg0 = ic;
5266 ieee80211_runtask(ic, &sc->cmdq_task);
5273 run_updateslot_cb(void *arg)
5275 struct ieee80211com *ic = arg;
5276 struct run_softc *sc = ic->ic_softc;
5279 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5281 tmp |= IEEE80211_GET_SLOTTIME(ic);
5282 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5286 run_update_mcast(struct ieee80211com *ic)
5291 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5293 struct ieee80211com *ic = &sc->sc_ic;
5294 struct ieee80211_channel *c = ic->ic_curchan;
5297 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5298 u_int chan = ieee80211_chan2ieee(ic, c);
5299 delta = sc->rssi_5ghz[rxchain];
5301 /* determine channel group */
5303 delta -= sc->lna[1];
5304 else if (chan <= 128)
5305 delta -= sc->lna[2];
5307 delta -= sc->lna[3];
5309 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5311 return (-12 - delta - rssi);
5315 run_rt5390_bbp_init(struct run_softc *sc)
5320 /* Apply maximum likelihood detection for 2 stream case. */
5321 run_bbp_read(sc, 105, &bbp);
5322 if (sc->nrxchains > 1)
5323 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5325 /* Avoid data lost and CRC error. */
5326 run_bbp_read(sc, 4, &bbp);
5327 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5329 if (sc->mac_ver == 0x5592) {
5330 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5331 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5332 rt5592_def_bbp[i].val);
5334 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5335 run_bbp_write(sc, 195, i + 0x80);
5336 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5339 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5340 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5341 rt5390_def_bbp[i].val);
5344 if (sc->mac_ver == 0x5392) {
5345 run_bbp_write(sc, 88, 0x90);
5346 run_bbp_write(sc, 95, 0x9a);
5347 run_bbp_write(sc, 98, 0x12);
5348 run_bbp_write(sc, 106, 0x12);
5349 run_bbp_write(sc, 134, 0xd0);
5350 run_bbp_write(sc, 135, 0xf6);
5351 run_bbp_write(sc, 148, 0x84);
5354 run_bbp_read(sc, 152, &bbp);
5355 run_bbp_write(sc, 152, bbp | 0x80);
5357 /* Fix BBP254 for RT5592C. */
5358 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5359 run_bbp_read(sc, 254, &bbp);
5360 run_bbp_write(sc, 254, bbp | 0x80);
5363 /* Disable hardware antenna diversity. */
5364 if (sc->mac_ver == 0x5390)
5365 run_bbp_write(sc, 154, 0);
5367 /* Initialize Rx CCK/OFDM frequency offset report. */
5368 run_bbp_write(sc, 142, 1);
5369 run_bbp_write(sc, 143, 57);
5373 run_bbp_init(struct run_softc *sc)
5375 int i, error, ntries;
5378 /* wait for BBP to wake up */
5379 for (ntries = 0; ntries < 20; ntries++) {
5380 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5382 if (bbp0 != 0 && bbp0 != 0xff)
5388 /* initialize BBP registers to default values */
5389 if (sc->mac_ver >= 0x5390)
5390 run_rt5390_bbp_init(sc);
5392 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5393 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5394 rt2860_def_bbp[i].val);
5398 if (sc->mac_ver == 0x3593) {
5399 run_bbp_write(sc, 79, 0x13);
5400 run_bbp_write(sc, 80, 0x05);
5401 run_bbp_write(sc, 81, 0x33);
5402 run_bbp_write(sc, 86, 0x46);
5403 run_bbp_write(sc, 137, 0x0f);
5406 /* fix BBP84 for RT2860E */
5407 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5408 run_bbp_write(sc, 84, 0x19);
5410 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5411 sc->mac_ver != 0x5592)) {
5412 run_bbp_write(sc, 79, 0x13);
5413 run_bbp_write(sc, 80, 0x05);
5414 run_bbp_write(sc, 81, 0x33);
5415 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5416 run_bbp_write(sc, 69, 0x16);
5417 run_bbp_write(sc, 73, 0x12);
5423 run_rt3070_rf_init(struct run_softc *sc)
5426 uint8_t bbp4, mingain, rf, target;
5429 run_rt3070_rf_read(sc, 30, &rf);
5430 /* toggle RF R30 bit 7 */
5431 run_rt3070_rf_write(sc, 30, rf | 0x80);
5433 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5435 /* initialize RF registers to default value */
5436 if (sc->mac_ver == 0x3572) {
5437 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5438 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5439 rt3572_def_rf[i].val);
5442 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5443 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5444 rt3070_def_rf[i].val);
5448 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5450 * Change voltage from 1.2V to 1.35V for RT3070.
5451 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5454 run_read(sc, RT3070_LDO_CFG0, &tmp);
5455 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5456 run_write(sc, RT3070_LDO_CFG0, tmp);
5458 } else if (sc->mac_ver == 0x3071) {
5459 run_rt3070_rf_read(sc, 6, &rf);
5460 run_rt3070_rf_write(sc, 6, rf | 0x40);
5461 run_rt3070_rf_write(sc, 31, 0x14);
5463 run_read(sc, RT3070_LDO_CFG0, &tmp);
5465 if (sc->mac_rev < 0x0211)
5466 tmp |= 0x0d000000; /* 1.3V */
5468 tmp |= 0x01000000; /* 1.2V */
5469 run_write(sc, RT3070_LDO_CFG0, tmp);
5471 /* patch LNA_PE_G1 */
5472 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5473 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5475 } else if (sc->mac_ver == 0x3572) {
5476 run_rt3070_rf_read(sc, 6, &rf);
5477 run_rt3070_rf_write(sc, 6, rf | 0x40);
5479 /* increase voltage from 1.2V to 1.35V */
5480 run_read(sc, RT3070_LDO_CFG0, &tmp);
5481 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5482 run_write(sc, RT3070_LDO_CFG0, tmp);
5484 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5485 run_delay(sc, 1); /* wait for 1msec */
5486 /* decrease voltage back to 1.2V */
5487 tmp = (tmp & ~0x1f000000) | 0x01000000;
5488 run_write(sc, RT3070_LDO_CFG0, tmp);
5492 /* select 20MHz bandwidth */
5493 run_rt3070_rf_read(sc, 31, &rf);
5494 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5496 /* calibrate filter for 20MHz bandwidth */
5497 sc->rf24_20mhz = 0x1f; /* default value */
5498 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5499 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5501 /* select 40MHz bandwidth */
5502 run_bbp_read(sc, 4, &bbp4);
5503 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5504 run_rt3070_rf_read(sc, 31, &rf);
5505 run_rt3070_rf_write(sc, 31, rf | 0x20);
5507 /* calibrate filter for 40MHz bandwidth */
5508 sc->rf24_40mhz = 0x2f; /* default value */
5509 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5510 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5512 /* go back to 20MHz bandwidth */
5513 run_bbp_read(sc, 4, &bbp4);
5514 run_bbp_write(sc, 4, bbp4 & ~0x18);
5516 if (sc->mac_ver == 0x3572) {
5517 /* save default BBP registers 25 and 26 values */
5518 run_bbp_read(sc, 25, &sc->bbp25);
5519 run_bbp_read(sc, 26, &sc->bbp26);
5520 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5521 run_rt3070_rf_write(sc, 27, 0x03);
5523 run_read(sc, RT3070_OPT_14, &tmp);
5524 run_write(sc, RT3070_OPT_14, tmp | 1);
5526 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5527 run_rt3070_rf_read(sc, 17, &rf);
5528 rf &= ~RT3070_TX_LO1;
5529 if ((sc->mac_ver == 0x3070 ||
5530 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5532 rf |= 0x20; /* fix for long range Rx issue */
5533 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5534 if (sc->txmixgain_2ghz >= mingain)
5535 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5536 run_rt3070_rf_write(sc, 17, rf);
5539 if (sc->mac_ver == 0x3071) {
5540 run_rt3070_rf_read(sc, 1, &rf);
5541 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5542 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5543 run_rt3070_rf_write(sc, 1, rf);
5545 run_rt3070_rf_read(sc, 15, &rf);
5546 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5548 run_rt3070_rf_read(sc, 20, &rf);
5549 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5551 run_rt3070_rf_read(sc, 21, &rf);
5552 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5555 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5556 /* fix Tx to Rx IQ glitch by raising RF voltage */
5557 run_rt3070_rf_read(sc, 27, &rf);
5559 if (sc->mac_rev < 0x0211)
5561 run_rt3070_rf_write(sc, 27, rf);
5567 run_rt3593_rf_init(struct run_softc *sc)
5573 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5574 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5575 tmp &= ~(1 << 4 | 1 << 7);
5576 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5578 /* Initialize RF registers to default value. */
5579 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5580 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5581 rt3593_def_rf[i].val);
5584 /* Toggle RF R2 to initiate calibration. */
5585 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5587 /* Initialize RF frequency offset. */
5588 run_adjust_freq_offset(sc);
5590 run_rt3070_rf_read(sc, 18, &rf);
5591 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5594 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5595 * decrease voltage back to 1.2V.
5597 run_read(sc, RT3070_LDO_CFG0, &tmp);
5598 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5599 run_write(sc, RT3070_LDO_CFG0, tmp);
5601 tmp = (tmp & ~0x1f000000) | 0x01000000;
5602 run_write(sc, RT3070_LDO_CFG0, tmp);
5604 sc->rf24_20mhz = 0x1f;
5605 sc->rf24_40mhz = 0x2f;
5607 /* Save default BBP registers 25 and 26 values. */
5608 run_bbp_read(sc, 25, &sc->bbp25);
5609 run_bbp_read(sc, 26, &sc->bbp26);
5611 run_read(sc, RT3070_OPT_14, &tmp);
5612 run_write(sc, RT3070_OPT_14, tmp | 1);
5616 run_rt5390_rf_init(struct run_softc *sc)
5622 /* Toggle RF R2 to initiate calibration. */
5623 if (sc->mac_ver == 0x5390) {
5624 run_rt3070_rf_read(sc, 2, &rf);
5625 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5627 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5629 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5633 /* Initialize RF registers to default value. */
5634 if (sc->mac_ver == 0x5592) {
5635 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5636 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5637 rt5592_def_rf[i].val);
5639 /* Initialize RF frequency offset. */
5640 run_adjust_freq_offset(sc);
5641 } else if (sc->mac_ver == 0x5392) {
5642 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5643 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5644 rt5392_def_rf[i].val);
5646 if (sc->mac_rev >= 0x0223) {
5647 run_rt3070_rf_write(sc, 23, 0x0f);
5648 run_rt3070_rf_write(sc, 24, 0x3e);
5649 run_rt3070_rf_write(sc, 51, 0x32);
5650 run_rt3070_rf_write(sc, 53, 0x22);
5651 run_rt3070_rf_write(sc, 56, 0xc1);
5652 run_rt3070_rf_write(sc, 59, 0x0f);
5655 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5656 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5657 rt5390_def_rf[i].val);
5659 if (sc->mac_rev >= 0x0502) {
5660 run_rt3070_rf_write(sc, 6, 0xe0);
5661 run_rt3070_rf_write(sc, 25, 0x80);
5662 run_rt3070_rf_write(sc, 46, 0x73);
5663 run_rt3070_rf_write(sc, 53, 0x00);
5664 run_rt3070_rf_write(sc, 56, 0x42);
5665 run_rt3070_rf_write(sc, 61, 0xd1);
5669 sc->rf24_20mhz = 0x1f; /* default value */
5670 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5672 if (sc->mac_rev < 0x0211)
5673 run_rt3070_rf_write(sc, 27, 0x3);
5675 run_read(sc, RT3070_OPT_14, &tmp);
5676 run_write(sc, RT3070_OPT_14, tmp | 1);
5680 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5684 uint8_t bbp55_pb, bbp55_sb, delta;
5687 /* program filter */
5688 run_rt3070_rf_read(sc, 24, &rf24);
5689 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5690 run_rt3070_rf_write(sc, 24, rf24);
5692 /* enable baseband loopback mode */
5693 run_rt3070_rf_read(sc, 22, &rf22);
5694 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5696 /* set power and frequency of passband test tone */
5697 run_bbp_write(sc, 24, 0x00);
5698 for (ntries = 0; ntries < 100; ntries++) {
5699 /* transmit test tone */
5700 run_bbp_write(sc, 25, 0x90);
5702 /* read received power */
5703 run_bbp_read(sc, 55, &bbp55_pb);
5710 /* set power and frequency of stopband test tone */
5711 run_bbp_write(sc, 24, 0x06);
5712 for (ntries = 0; ntries < 100; ntries++) {
5713 /* transmit test tone */
5714 run_bbp_write(sc, 25, 0x90);
5716 /* read received power */
5717 run_bbp_read(sc, 55, &bbp55_sb);
5719 delta = bbp55_pb - bbp55_sb;
5723 /* reprogram filter */
5725 run_rt3070_rf_write(sc, 24, rf24);
5729 rf24--; /* backtrack */
5731 run_rt3070_rf_write(sc, 24, rf24);
5734 /* restore initial state */
5735 run_bbp_write(sc, 24, 0x00);
5737 /* disable baseband loopback mode */
5738 run_rt3070_rf_read(sc, 22, &rf22);
5739 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5745 run_rt3070_rf_setup(struct run_softc *sc)
5750 if (sc->mac_ver == 0x3572) {
5751 /* enable DC filter */
5752 if (sc->mac_rev >= 0x0201)
5753 run_bbp_write(sc, 103, 0xc0);
5755 run_bbp_read(sc, 138, &bbp);
5756 if (sc->ntxchains == 1)
5757 bbp |= 0x20; /* turn off DAC1 */
5758 if (sc->nrxchains == 1)
5759 bbp &= ~0x02; /* turn off ADC1 */
5760 run_bbp_write(sc, 138, bbp);
5762 if (sc->mac_rev >= 0x0211) {
5763 /* improve power consumption */
5764 run_bbp_read(sc, 31, &bbp);
5765 run_bbp_write(sc, 31, bbp & ~0x03);
5768 run_rt3070_rf_read(sc, 16, &rf);
5769 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5770 run_rt3070_rf_write(sc, 16, rf);
5772 } else if (sc->mac_ver == 0x3071) {
5773 if (sc->mac_rev >= 0x0211) {
5774 /* enable DC filter */
5775 run_bbp_write(sc, 103, 0xc0);
5777 /* improve power consumption */
5778 run_bbp_read(sc, 31, &bbp);
5779 run_bbp_write(sc, 31, bbp & ~0x03);
5782 run_bbp_read(sc, 138, &bbp);
5783 if (sc->ntxchains == 1)
5784 bbp |= 0x20; /* turn off DAC1 */
5785 if (sc->nrxchains == 1)
5786 bbp &= ~0x02; /* turn off ADC1 */
5787 run_bbp_write(sc, 138, bbp);
5789 run_write(sc, RT2860_TX_SW_CFG1, 0);
5790 if (sc->mac_rev < 0x0211) {
5791 run_write(sc, RT2860_TX_SW_CFG2,
5792 sc->patch_dac ? 0x2c : 0x0f);
5794 run_write(sc, RT2860_TX_SW_CFG2, 0);
5796 } else if (sc->mac_ver == 0x3070) {
5797 if (sc->mac_rev >= 0x0201) {
5798 /* enable DC filter */
5799 run_bbp_write(sc, 103, 0xc0);
5801 /* improve power consumption */
5802 run_bbp_read(sc, 31, &bbp);
5803 run_bbp_write(sc, 31, bbp & ~0x03);
5806 if (sc->mac_rev < 0x0201) {
5807 run_write(sc, RT2860_TX_SW_CFG1, 0);
5808 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5810 run_write(sc, RT2860_TX_SW_CFG2, 0);
5813 /* initialize RF registers from ROM for >=RT3071*/
5814 if (sc->mac_ver >= 0x3071) {
5815 for (i = 0; i < 10; i++) {
5816 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5818 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5824 run_rt3593_rf_setup(struct run_softc *sc)
5828 if (sc->mac_rev >= 0x0211) {
5829 /* Enable DC filter. */
5830 run_bbp_write(sc, 103, 0xc0);
5832 run_write(sc, RT2860_TX_SW_CFG1, 0);
5833 if (sc->mac_rev < 0x0211) {
5834 run_write(sc, RT2860_TX_SW_CFG2,
5835 sc->patch_dac ? 0x2c : 0x0f);
5837 run_write(sc, RT2860_TX_SW_CFG2, 0);
5839 run_rt3070_rf_read(sc, 50, &rf);
5840 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5842 run_rt3070_rf_read(sc, 51, &rf);
5843 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5844 ((sc->txmixgain_2ghz & 0x07) << 2);
5845 run_rt3070_rf_write(sc, 51, rf);
5847 run_rt3070_rf_read(sc, 38, &rf);
5848 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5850 run_rt3070_rf_read(sc, 39, &rf);
5851 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5853 run_rt3070_rf_read(sc, 1, &rf);
5854 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5856 run_rt3070_rf_read(sc, 30, &rf);
5857 rf = (rf & ~0x18) | 0x10;
5858 run_rt3070_rf_write(sc, 30, rf);
5860 /* Apply maximum likelihood detection for 2 stream case. */
5861 run_bbp_read(sc, 105, &bbp);
5862 if (sc->nrxchains > 1)
5863 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5865 /* Avoid data lost and CRC error. */
5866 run_bbp_read(sc, 4, &bbp);
5867 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5869 run_bbp_write(sc, 92, 0x02);
5870 run_bbp_write(sc, 82, 0x82);
5871 run_bbp_write(sc, 106, 0x05);
5872 run_bbp_write(sc, 104, 0x92);
5873 run_bbp_write(sc, 88, 0x90);
5874 run_bbp_write(sc, 148, 0xc8);
5875 run_bbp_write(sc, 47, 0x48);
5876 run_bbp_write(sc, 120, 0x50);
5878 run_bbp_write(sc, 163, 0x9d);
5881 run_bbp_write(sc, 142, 0x06);
5882 run_bbp_write(sc, 143, 0xa0);
5883 run_bbp_write(sc, 142, 0x07);
5884 run_bbp_write(sc, 143, 0xa1);
5885 run_bbp_write(sc, 142, 0x08);
5886 run_bbp_write(sc, 143, 0xa2);
5888 run_bbp_write(sc, 31, 0x08);
5889 run_bbp_write(sc, 68, 0x0b);
5890 run_bbp_write(sc, 105, 0x04);
5894 run_rt5390_rf_setup(struct run_softc *sc)
5898 if (sc->mac_rev >= 0x0211) {
5899 /* Enable DC filter. */
5900 run_bbp_write(sc, 103, 0xc0);
5902 if (sc->mac_ver != 0x5592) {
5903 /* Improve power consumption. */
5904 run_bbp_read(sc, 31, &bbp);
5905 run_bbp_write(sc, 31, bbp & ~0x03);
5909 run_bbp_read(sc, 138, &bbp);
5910 if (sc->ntxchains == 1)
5911 bbp |= 0x20; /* turn off DAC1 */
5912 if (sc->nrxchains == 1)
5913 bbp &= ~0x02; /* turn off ADC1 */
5914 run_bbp_write(sc, 138, bbp);
5916 run_rt3070_rf_read(sc, 38, &rf);
5917 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5919 run_rt3070_rf_read(sc, 39, &rf);
5920 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5922 /* Avoid data lost and CRC error. */
5923 run_bbp_read(sc, 4, &bbp);
5924 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5926 run_rt3070_rf_read(sc, 30, &rf);
5927 rf = (rf & ~0x18) | 0x10;
5928 run_rt3070_rf_write(sc, 30, rf);
5930 if (sc->mac_ver != 0x5592) {
5931 run_write(sc, RT2860_TX_SW_CFG1, 0);
5932 if (sc->mac_rev < 0x0211) {
5933 run_write(sc, RT2860_TX_SW_CFG2,
5934 sc->patch_dac ? 0x2c : 0x0f);
5936 run_write(sc, RT2860_TX_SW_CFG2, 0);
5941 run_txrx_enable(struct run_softc *sc)
5943 struct ieee80211com *ic = &sc->sc_ic;
5947 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5948 for (ntries = 0; ntries < 200; ntries++) {
5949 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5951 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5960 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5961 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5963 /* enable Rx bulk aggregation (set timeout and limit) */
5964 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5965 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5966 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5969 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5970 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5971 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5972 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5973 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5974 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5975 if (ic->ic_opmode == IEEE80211_M_STA)
5976 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5978 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5980 run_write(sc, RT2860_MAC_SYS_CTRL,
5981 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5987 run_adjust_freq_offset(struct run_softc *sc)
5991 run_rt3070_rf_read(sc, 17, &rf);
5993 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5997 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
6001 run_init_locked(struct run_softc *sc)
6003 struct ieee80211com *ic = &sc->sc_ic;
6004 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
6011 if (ic->ic_nrunning > 1)
6016 if (run_load_microcode(sc) != 0) {
6017 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
6021 for (ntries = 0; ntries < 100; ntries++) {
6022 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
6024 if (tmp != 0 && tmp != 0xffffffff)
6031 for (i = 0; i != RUN_EP_QUEUES; i++)
6032 run_setup_tx_list(sc, &sc->sc_epq[i]);
6034 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
6036 for (ntries = 0; ntries < 100; ntries++) {
6037 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6039 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6043 if (ntries == 100) {
6044 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6048 tmp |= RT2860_TX_WB_DDONE;
6049 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6051 /* turn off PME_OEN to solve high-current issue */
6052 run_read(sc, RT2860_SYS_CTRL, &tmp);
6053 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6055 run_write(sc, RT2860_MAC_SYS_CTRL,
6056 RT2860_BBP_HRST | RT2860_MAC_SRST);
6057 run_write(sc, RT2860_USB_DMA_CFG, 0);
6059 if (run_reset(sc) != 0) {
6060 device_printf(sc->sc_dev, "could not reset chipset\n");
6064 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6066 /* init Tx power for all Tx rates (from EEPROM) */
6067 for (ridx = 0; ridx < 5; ridx++) {
6068 if (sc->txpow20mhz[ridx] == 0xffffffff)
6070 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6073 for (i = 0; i < nitems(rt2870_def_mac); i++)
6074 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6075 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6076 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6077 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6079 if (sc->mac_ver >= 0x5390) {
6080 run_write(sc, RT2860_TX_SW_CFG0,
6081 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6082 if (sc->mac_ver >= 0x5392) {
6083 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6084 if (sc->mac_ver == 0x5592) {
6085 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6086 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6088 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6089 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6092 } else if (sc->mac_ver == 0x3593) {
6093 run_write(sc, RT2860_TX_SW_CFG0,
6094 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6095 } else if (sc->mac_ver >= 0x3070) {
6096 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6097 run_write(sc, RT2860_TX_SW_CFG0,
6098 4 << RT2860_DLY_PAPE_EN_SHIFT);
6101 /* wait while MAC is busy */
6102 for (ntries = 0; ntries < 100; ntries++) {
6103 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6105 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6112 /* clear Host to MCU mailbox */
6113 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6114 run_write(sc, RT2860_H2M_MAILBOX, 0);
6117 if (run_bbp_init(sc) != 0) {
6118 device_printf(sc->sc_dev, "could not initialize BBP\n");
6122 /* abort TSF synchronization */
6123 run_disable_tsf(sc);
6125 /* clear RX WCID search table */
6126 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6127 /* clear WCID attribute table */
6128 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6130 /* hostapd sets a key before init. So, don't clear it. */
6131 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6132 /* clear shared key table */
6133 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6134 /* clear shared key mode */
6135 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6138 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6139 tmp = (tmp & ~0xff) | 0x1e;
6140 run_write(sc, RT2860_US_CYC_CNT, tmp);
6142 if (sc->mac_rev != 0x0101)
6143 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6145 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6146 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6148 /* write vendor-specific BBP values (from EEPROM) */
6149 if (sc->mac_ver < 0x3593) {
6150 for (i = 0; i < 10; i++) {
6151 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6153 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6157 /* select Main antenna for 1T1R devices */
6158 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6159 run_set_rx_antenna(sc, 0);
6161 /* send LEDs operating mode to microcontroller */
6162 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6163 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6164 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6166 if (sc->mac_ver >= 0x5390)
6167 run_rt5390_rf_init(sc);
6168 else if (sc->mac_ver == 0x3593)
6169 run_rt3593_rf_init(sc);
6170 else if (sc->mac_ver >= 0x3070)
6171 run_rt3070_rf_init(sc);
6173 /* disable non-existing Rx chains */
6174 run_bbp_read(sc, 3, &bbp3);
6175 bbp3 &= ~(1 << 3 | 1 << 4);
6176 if (sc->nrxchains == 2)
6178 else if (sc->nrxchains == 3)
6180 run_bbp_write(sc, 3, bbp3);
6182 /* disable non-existing Tx chains */
6183 run_bbp_read(sc, 1, &bbp1);
6184 if (sc->ntxchains == 1)
6185 bbp1 &= ~(1 << 3 | 1 << 4);
6186 run_bbp_write(sc, 1, bbp1);
6188 if (sc->mac_ver >= 0x5390)
6189 run_rt5390_rf_setup(sc);
6190 else if (sc->mac_ver == 0x3593)
6191 run_rt3593_rf_setup(sc);
6192 else if (sc->mac_ver >= 0x3070)
6193 run_rt3070_rf_setup(sc);
6195 /* select default channel */
6196 run_set_chan(sc, ic->ic_curchan);
6198 /* setup initial protection mode */
6199 run_updateprot_cb(ic);
6201 /* turn radio LED on */
6202 run_set_leds(sc, RT2860_LED_RADIO);
6204 sc->sc_flags |= RUN_RUNNING;
6205 sc->cmdq_run = RUN_CMDQ_GO;
6207 for (i = 0; i != RUN_N_XFER; i++)
6208 usbd_xfer_set_stall(sc->sc_xfer[i]);
6210 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6212 if (run_txrx_enable(sc) != 0)
6224 struct run_softc *sc = (struct run_softc *)arg;
6229 RUN_LOCK_ASSERT(sc, MA_OWNED);
6231 if (sc->sc_flags & RUN_RUNNING)
6232 run_set_leds(sc, 0); /* turn all LEDs off */
6234 sc->sc_flags &= ~RUN_RUNNING;
6236 sc->ratectl_run = RUN_RATECTL_OFF;
6237 sc->cmdq_run = sc->cmdq_key_set;
6241 for(i = 0; i < RUN_N_XFER; i++)
6242 usbd_transfer_drain(sc->sc_xfer[i]);
6246 run_drain_mbufq(sc);
6248 if (sc->rx_m != NULL) {
6253 /* Disable Tx/Rx DMA. */
6254 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6256 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6257 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6259 for (ntries = 0; ntries < 100; ntries++) {
6260 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6262 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6266 if (ntries == 100) {
6267 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6272 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6273 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6274 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6276 /* wait for pending Tx to complete */
6277 for (ntries = 0; ntries < 100; ntries++) {
6278 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6279 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6280 "Cannot read Tx queue count\n");
6283 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6284 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6285 "All Tx cleared\n");
6291 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6292 "There are still pending Tx\n");
6294 run_write(sc, RT2860_USB_DMA_CFG, 0);
6296 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6297 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6299 for (i = 0; i != RUN_EP_QUEUES; i++)
6300 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6304 run_delay(struct run_softc *sc, u_int ms)
6306 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6307 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6310 static device_method_t run_methods[] = {
6311 /* Device interface */
6312 DEVMETHOD(device_probe, run_match),
6313 DEVMETHOD(device_attach, run_attach),
6314 DEVMETHOD(device_detach, run_detach),
6318 static driver_t run_driver = {
6320 .methods = run_methods,
6321 .size = sizeof(struct run_softc)
6324 static devclass_t run_devclass;
6326 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6327 MODULE_DEPEND(run, wlan, 1, 1, 1);
6328 MODULE_DEPEND(run, usb, 1, 1, 1);
6329 MODULE_DEPEND(run, firmware, 1, 1, 1);
6330 MODULE_VERSION(run, 1);
6331 USB_PNP_HOST_INFO(run_devs);