2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
5 * Copyright (c) 2013-2014 Kevin Lo
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/cdefs.h>
21 __FBSDID("$FreeBSD$");
24 * Ralink Technology RT2700U/RT2800U/RT3000U/RT3900E chipset driver.
25 * http://www.ralinktech.com/
30 #include <sys/param.h>
31 #include <sys/sockio.h>
32 #include <sys/sysctl.h>
34 #include <sys/mutex.h>
36 #include <sys/kernel.h>
37 #include <sys/socket.h>
38 #include <sys/systm.h>
39 #include <sys/malloc.h>
40 #include <sys/module.h>
42 #include <sys/endian.h>
43 #include <sys/linker.h>
44 #include <sys/firmware.h>
47 #include <machine/bus.h>
48 #include <machine/resource.h>
53 #include <net/if_var.h>
54 #include <net/if_arp.h>
55 #include <net/ethernet.h>
56 #include <net/if_dl.h>
57 #include <net/if_media.h>
58 #include <net/if_types.h>
60 #include <netinet/in.h>
61 #include <netinet/in_systm.h>
62 #include <netinet/in_var.h>
63 #include <netinet/if_ether.h>
64 #include <netinet/ip.h>
66 #include <net80211/ieee80211_var.h>
67 #include <net80211/ieee80211_regdomain.h>
68 #include <net80211/ieee80211_radiotap.h>
69 #include <net80211/ieee80211_ratectl.h>
71 #include <dev/usb/usb.h>
72 #include <dev/usb/usbdi.h>
75 #define USB_DEBUG_VAR run_debug
76 #include <dev/usb/usb_debug.h>
77 #include <dev/usb/usb_msctest.h>
79 #include <dev/usb/wlan/if_runreg.h>
80 #include <dev/usb/wlan/if_runvar.h>
88 static SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
89 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RWTUN, &run_debug, 0,
93 RUN_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
94 RUN_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */
95 RUN_DEBUG_RECV = 0x00000004, /* basic recv operation */
96 RUN_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */
97 RUN_DEBUG_STATE = 0x00000010, /* 802.11 state transitions */
98 RUN_DEBUG_RATE = 0x00000020, /* rate adaptation */
99 RUN_DEBUG_USB = 0x00000040, /* usb requests */
100 RUN_DEBUG_FIRMWARE = 0x00000080, /* firmware(9) loading debug */
101 RUN_DEBUG_BEACON = 0x00000100, /* beacon handling */
102 RUN_DEBUG_INTR = 0x00000200, /* ISR */
103 RUN_DEBUG_TEMP = 0x00000400, /* temperature calibration */
104 RUN_DEBUG_ROM = 0x00000800, /* various ROM info */
105 RUN_DEBUG_KEY = 0x00001000, /* crypto keys management */
106 RUN_DEBUG_TXPWR = 0x00002000, /* dump Tx power values */
107 RUN_DEBUG_RSSI = 0x00004000, /* dump RSSI lookups */
108 RUN_DEBUG_RESET = 0x00008000, /* initialization progress */
109 RUN_DEBUG_CALIB = 0x00010000, /* calibration progress */
110 RUN_DEBUG_CMD = 0x00020000, /* command queue */
111 RUN_DEBUG_ANY = 0xffffffff
114 #define RUN_DPRINTF(_sc, _m, ...) do { \
115 if (run_debug & (_m)) \
116 device_printf((_sc)->sc_dev, __VA_ARGS__); \
119 #define RUN_DPRINTF(_sc, _m, ...) do { (void) _sc; } while (0)
122 #define IEEE80211_HAS_ADDR4(wh) IEEE80211_IS_DSTODS(wh)
125 * Because of LOR in run_key_delete(), use atomic instead.
126 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
128 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
130 static const STRUCT_USB_HOST_ID run_devs[] = {
131 #define RUN_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) }
132 #define RUN_DEV_EJECT(v,p) \
133 { USB_VPI(USB_VENDOR_##v, USB_PRODUCT_##v##_##p, RUN_EJECT) }
135 RUN_DEV(ABOCOM, RT2770),
136 RUN_DEV(ABOCOM, RT2870),
137 RUN_DEV(ABOCOM, RT3070),
138 RUN_DEV(ABOCOM, RT3071),
139 RUN_DEV(ABOCOM, RT3072),
140 RUN_DEV(ABOCOM2, RT2870_1),
141 RUN_DEV(ACCTON, RT2770),
142 RUN_DEV(ACCTON, RT2870_1),
143 RUN_DEV(ACCTON, RT2870_2),
144 RUN_DEV(ACCTON, RT2870_3),
145 RUN_DEV(ACCTON, RT2870_4),
146 RUN_DEV(ACCTON, RT2870_5),
147 RUN_DEV(ACCTON, RT3070),
148 RUN_DEV(ACCTON, RT3070_1),
149 RUN_DEV(ACCTON, RT3070_2),
150 RUN_DEV(ACCTON, RT3070_3),
151 RUN_DEV(ACCTON, RT3070_4),
152 RUN_DEV(ACCTON, RT3070_5),
153 RUN_DEV(AIRTIES, RT3070),
154 RUN_DEV(ALLWIN, RT2070),
155 RUN_DEV(ALLWIN, RT2770),
156 RUN_DEV(ALLWIN, RT2870),
157 RUN_DEV(ALLWIN, RT3070),
158 RUN_DEV(ALLWIN, RT3071),
159 RUN_DEV(ALLWIN, RT3072),
160 RUN_DEV(ALLWIN, RT3572),
161 RUN_DEV(AMIGO, RT2870_1),
162 RUN_DEV(AMIGO, RT2870_2),
163 RUN_DEV(AMIT, CGWLUSB2GNR),
164 RUN_DEV(AMIT, RT2870_1),
165 RUN_DEV(AMIT2, RT2870),
166 RUN_DEV(ASUS, RT2870_1),
167 RUN_DEV(ASUS, RT2870_2),
168 RUN_DEV(ASUS, RT2870_3),
169 RUN_DEV(ASUS, RT2870_4),
170 RUN_DEV(ASUS, RT2870_5),
171 RUN_DEV(ASUS, USBN13),
172 RUN_DEV(ASUS, RT3070_1),
173 RUN_DEV(ASUS, USBN66),
174 RUN_DEV(ASUS, USB_N53),
175 RUN_DEV(ASUS2, USBN11),
176 RUN_DEV(AZUREWAVE, RT2870_1),
177 RUN_DEV(AZUREWAVE, RT2870_2),
178 RUN_DEV(AZUREWAVE, RT3070_1),
179 RUN_DEV(AZUREWAVE, RT3070_2),
180 RUN_DEV(AZUREWAVE, RT3070_3),
181 RUN_DEV(BELKIN, F9L1103),
182 RUN_DEV(BELKIN, F5D8053V3),
183 RUN_DEV(BELKIN, F5D8055),
184 RUN_DEV(BELKIN, F5D8055V2),
185 RUN_DEV(BELKIN, F6D4050V1),
186 RUN_DEV(BELKIN, F6D4050V2),
187 RUN_DEV(BELKIN, RT2870_1),
188 RUN_DEV(BELKIN, RT2870_2),
189 RUN_DEV(CISCOLINKSYS, AE1000),
190 RUN_DEV(CISCOLINKSYS2, RT3070),
191 RUN_DEV(CISCOLINKSYS3, RT3070),
192 RUN_DEV(CONCEPTRONIC2, RT2870_1),
193 RUN_DEV(CONCEPTRONIC2, RT2870_2),
194 RUN_DEV(CONCEPTRONIC2, RT2870_3),
195 RUN_DEV(CONCEPTRONIC2, RT2870_4),
196 RUN_DEV(CONCEPTRONIC2, RT2870_5),
197 RUN_DEV(CONCEPTRONIC2, RT2870_6),
198 RUN_DEV(CONCEPTRONIC2, RT2870_7),
199 RUN_DEV(CONCEPTRONIC2, RT2870_8),
200 RUN_DEV(CONCEPTRONIC2, RT3070_1),
201 RUN_DEV(CONCEPTRONIC2, RT3070_2),
202 RUN_DEV(CONCEPTRONIC2, VIGORN61),
203 RUN_DEV(COREGA, CGWLUSB300GNM),
204 RUN_DEV(COREGA, RT2870_1),
205 RUN_DEV(COREGA, RT2870_2),
206 RUN_DEV(COREGA, RT2870_3),
207 RUN_DEV(COREGA, RT3070),
208 RUN_DEV(CYBERTAN, RT2870),
209 RUN_DEV(DLINK, RT2870),
210 RUN_DEV(DLINK, RT3072),
211 RUN_DEV(DLINK, DWA125A3),
212 RUN_DEV(DLINK, DWA127),
213 RUN_DEV(DLINK, DWA140B3),
214 RUN_DEV(DLINK, DWA160B2),
215 RUN_DEV(DLINK, DWA140D1),
216 RUN_DEV(DLINK, DWA162),
217 RUN_DEV(DLINK2, DWA130),
218 RUN_DEV(DLINK2, RT2870_1),
219 RUN_DEV(DLINK2, RT2870_2),
220 RUN_DEV(DLINK2, RT3070_1),
221 RUN_DEV(DLINK2, RT3070_2),
222 RUN_DEV(DLINK2, RT3070_3),
223 RUN_DEV(DLINK2, RT3070_4),
224 RUN_DEV(DLINK2, RT3070_5),
225 RUN_DEV(DLINK2, RT3072),
226 RUN_DEV(DLINK2, RT3072_1),
227 RUN_DEV(EDIMAX, EW7717),
228 RUN_DEV(EDIMAX, EW7718),
229 RUN_DEV(EDIMAX, EW7733UND),
230 RUN_DEV(EDIMAX, RT2870_1),
231 RUN_DEV(ENCORE, RT3070_1),
232 RUN_DEV(ENCORE, RT3070_2),
233 RUN_DEV(ENCORE, RT3070_3),
234 RUN_DEV(GIGABYTE, GNWB31N),
235 RUN_DEV(GIGABYTE, GNWB32L),
236 RUN_DEV(GIGABYTE, RT2870_1),
237 RUN_DEV(GIGASET, RT3070_1),
238 RUN_DEV(GIGASET, RT3070_2),
239 RUN_DEV(GUILLEMOT, HWNU300),
240 RUN_DEV(HAWKING, HWUN2),
241 RUN_DEV(HAWKING, RT2870_1),
242 RUN_DEV(HAWKING, RT2870_2),
243 RUN_DEV(HAWKING, RT3070),
244 RUN_DEV(IODATA, RT3072_1),
245 RUN_DEV(IODATA, RT3072_2),
246 RUN_DEV(IODATA, RT3072_3),
247 RUN_DEV(IODATA, RT3072_4),
248 RUN_DEV(LINKSYS4, RT3070),
249 RUN_DEV(LINKSYS4, WUSB100),
250 RUN_DEV(LINKSYS4, WUSB54GCV3),
251 RUN_DEV(LINKSYS4, WUSB600N),
252 RUN_DEV(LINKSYS4, WUSB600NV2),
253 RUN_DEV(LOGITEC, RT2870_1),
254 RUN_DEV(LOGITEC, RT2870_2),
255 RUN_DEV(LOGITEC, RT2870_3),
256 RUN_DEV(LOGITEC, LANW300NU2),
257 RUN_DEV(LOGITEC, LANW150NU2),
258 RUN_DEV(LOGITEC, LANW300NU2S),
259 RUN_DEV(MELCO, WLIUCG300HP),
260 RUN_DEV(MELCO, RT2870_2),
261 RUN_DEV(MELCO, WLIUCAG300N),
262 RUN_DEV(MELCO, WLIUCG300N),
263 RUN_DEV(MELCO, WLIUCG301N),
264 RUN_DEV(MELCO, WLIUCGN),
265 RUN_DEV(MELCO, WLIUCGNM),
266 RUN_DEV(MELCO, WLIUCG300HPV1),
267 RUN_DEV(MELCO, WLIUCGNM2),
268 RUN_DEV(MOTOROLA4, RT2770),
269 RUN_DEV(MOTOROLA4, RT3070),
270 RUN_DEV(MSI, RT3070_1),
271 RUN_DEV(MSI, RT3070_2),
272 RUN_DEV(MSI, RT3070_3),
273 RUN_DEV(MSI, RT3070_4),
274 RUN_DEV(MSI, RT3070_5),
275 RUN_DEV(MSI, RT3070_6),
276 RUN_DEV(MSI, RT3070_7),
277 RUN_DEV(MSI, RT3070_8),
278 RUN_DEV(MSI, RT3070_9),
279 RUN_DEV(MSI, RT3070_10),
280 RUN_DEV(MSI, RT3070_11),
281 RUN_DEV(NETGEAR, WNDA4100),
282 RUN_DEV(OVISLINK, RT3072),
283 RUN_DEV(PARA, RT3070),
284 RUN_DEV(PEGATRON, RT2870),
285 RUN_DEV(PEGATRON, RT3070),
286 RUN_DEV(PEGATRON, RT3070_2),
287 RUN_DEV(PEGATRON, RT3070_3),
288 RUN_DEV(PHILIPS, RT2870),
289 RUN_DEV(PLANEX2, GWUS300MINIS),
290 RUN_DEV(PLANEX2, GWUSMICRON),
291 RUN_DEV(PLANEX2, RT2870),
292 RUN_DEV(PLANEX2, RT3070),
293 RUN_DEV(QCOM, RT2870),
294 RUN_DEV(QUANTA, RT3070),
295 RUN_DEV(RALINK, RT2070),
296 RUN_DEV(RALINK, RT2770),
297 RUN_DEV(RALINK, RT2870),
298 RUN_DEV(RALINK, RT3070),
299 RUN_DEV(RALINK, RT3071),
300 RUN_DEV(RALINK, RT3072),
301 RUN_DEV(RALINK, RT3370),
302 RUN_DEV(RALINK, RT3572),
303 RUN_DEV(RALINK, RT3573),
304 RUN_DEV(RALINK, RT5370),
305 RUN_DEV(RALINK, RT5372),
306 RUN_DEV(RALINK, RT5572),
307 RUN_DEV(RALINK, RT8070),
308 RUN_DEV(SAMSUNG, WIS09ABGN),
309 RUN_DEV(SAMSUNG2, RT2870_1),
310 RUN_DEV(SENAO, RT2870_1),
311 RUN_DEV(SENAO, RT2870_2),
312 RUN_DEV(SENAO, RT2870_3),
313 RUN_DEV(SENAO, RT2870_4),
314 RUN_DEV(SENAO, RT3070),
315 RUN_DEV(SENAO, RT3071),
316 RUN_DEV(SENAO, RT3072_1),
317 RUN_DEV(SENAO, RT3072_2),
318 RUN_DEV(SENAO, RT3072_3),
319 RUN_DEV(SENAO, RT3072_4),
320 RUN_DEV(SENAO, RT3072_5),
321 RUN_DEV(SITECOMEU, RT2770),
322 RUN_DEV(SITECOMEU, RT2870_1),
323 RUN_DEV(SITECOMEU, RT2870_2),
324 RUN_DEV(SITECOMEU, RT2870_3),
325 RUN_DEV(SITECOMEU, RT2870_4),
326 RUN_DEV(SITECOMEU, RT3070),
327 RUN_DEV(SITECOMEU, RT3070_2),
328 RUN_DEV(SITECOMEU, RT3070_3),
329 RUN_DEV(SITECOMEU, RT3070_4),
330 RUN_DEV(SITECOMEU, RT3071),
331 RUN_DEV(SITECOMEU, RT3072_1),
332 RUN_DEV(SITECOMEU, RT3072_2),
333 RUN_DEV(SITECOMEU, RT3072_3),
334 RUN_DEV(SITECOMEU, RT3072_4),
335 RUN_DEV(SITECOMEU, RT3072_5),
336 RUN_DEV(SITECOMEU, RT3072_6),
337 RUN_DEV(SITECOMEU, WL608),
338 RUN_DEV(SPARKLAN, RT2870_1),
339 RUN_DEV(SPARKLAN, RT3070),
340 RUN_DEV(SWEEX2, LW153),
341 RUN_DEV(SWEEX2, LW303),
342 RUN_DEV(SWEEX2, LW313),
343 RUN_DEV(TOSHIBA, RT3070),
344 RUN_DEV(UMEDIA, RT2870_1),
345 RUN_DEV(ZCOM, RT2870_1),
346 RUN_DEV(ZCOM, RT2870_2),
347 RUN_DEV(ZINWELL, RT2870_1),
348 RUN_DEV(ZINWELL, RT2870_2),
349 RUN_DEV(ZINWELL, RT3070),
350 RUN_DEV(ZINWELL, RT3072_1),
351 RUN_DEV(ZINWELL, RT3072_2),
352 RUN_DEV(ZYXEL, RT2870_1),
353 RUN_DEV(ZYXEL, RT2870_2),
354 RUN_DEV(ZYXEL, RT3070),
355 RUN_DEV_EJECT(ZYXEL, NWD2705),
356 RUN_DEV_EJECT(RALINK, RT_STOR),
361 static device_probe_t run_match;
362 static device_attach_t run_attach;
363 static device_detach_t run_detach;
365 static usb_callback_t run_bulk_rx_callback;
366 static usb_callback_t run_bulk_tx_callback0;
367 static usb_callback_t run_bulk_tx_callback1;
368 static usb_callback_t run_bulk_tx_callback2;
369 static usb_callback_t run_bulk_tx_callback3;
370 static usb_callback_t run_bulk_tx_callback4;
371 static usb_callback_t run_bulk_tx_callback5;
373 static void run_autoinst(void *, struct usb_device *,
374 struct usb_attach_arg *);
375 static int run_driver_loaded(struct module *, int, void *);
376 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
377 usb_error_t error, u_int index);
378 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
379 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
380 const uint8_t [IEEE80211_ADDR_LEN],
381 const uint8_t [IEEE80211_ADDR_LEN]);
382 static void run_vap_delete(struct ieee80211vap *);
383 static void run_cmdq_cb(void *, int);
384 static void run_setup_tx_list(struct run_softc *,
385 struct run_endpoint_queue *);
386 static void run_unsetup_tx_list(struct run_softc *,
387 struct run_endpoint_queue *);
388 static int run_load_microcode(struct run_softc *);
389 static int run_reset(struct run_softc *);
390 static usb_error_t run_do_request(struct run_softc *,
391 struct usb_device_request *, void *);
392 static int run_read(struct run_softc *, uint16_t, uint32_t *);
393 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
394 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
395 static int run_write(struct run_softc *, uint16_t, uint32_t);
396 static int run_write_region_1(struct run_softc *, uint16_t,
397 const uint8_t *, int);
398 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
399 static int run_efuse_read(struct run_softc *, uint16_t, uint16_t *, int);
400 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
401 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
402 static int run_rt2870_rf_write(struct run_softc *, uint32_t);
403 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
404 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
405 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
406 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
407 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
408 static const char *run_get_rf(uint16_t);
409 static void run_rt3593_get_txpower(struct run_softc *);
410 static void run_get_txpower(struct run_softc *);
411 static int run_read_eeprom(struct run_softc *);
412 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
413 const uint8_t mac[IEEE80211_ADDR_LEN]);
414 static int run_media_change(struct ifnet *);
415 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
416 static int run_wme_update(struct ieee80211com *);
417 static void run_key_set_cb(void *);
418 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *);
419 static void run_key_delete_cb(void *);
420 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
421 static void run_ratectl_to(void *);
422 static void run_ratectl_cb(void *, int);
423 static void run_drain_fifo(void *);
424 static void run_iter_func(void *, struct ieee80211_node *);
425 static void run_newassoc_cb(void *);
426 static void run_newassoc(struct ieee80211_node *, int);
427 static void run_recv_mgmt(struct ieee80211_node *, struct mbuf *, int,
428 const struct ieee80211_rx_stats *, int, int);
429 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
430 static void run_tx_free(struct run_endpoint_queue *pq,
431 struct run_tx_data *, int);
432 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
433 static int run_tx(struct run_softc *, struct mbuf *,
434 struct ieee80211_node *);
435 static int run_tx_mgt(struct run_softc *, struct mbuf *,
436 struct ieee80211_node *);
437 static int run_sendprot(struct run_softc *, const struct mbuf *,
438 struct ieee80211_node *, int, int);
439 static int run_tx_param(struct run_softc *, struct mbuf *,
440 struct ieee80211_node *,
441 const struct ieee80211_bpf_params *);
442 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
443 const struct ieee80211_bpf_params *);
444 static int run_transmit(struct ieee80211com *, struct mbuf *);
445 static void run_start(struct run_softc *);
446 static void run_parent(struct ieee80211com *);
447 static void run_iq_calib(struct run_softc *, u_int);
448 static void run_set_agc(struct run_softc *, uint8_t);
449 static void run_select_chan_group(struct run_softc *, int);
450 static void run_set_rx_antenna(struct run_softc *, int);
451 static void run_rt2870_set_chan(struct run_softc *, u_int);
452 static void run_rt3070_set_chan(struct run_softc *, u_int);
453 static void run_rt3572_set_chan(struct run_softc *, u_int);
454 static void run_rt3593_set_chan(struct run_softc *, u_int);
455 static void run_rt5390_set_chan(struct run_softc *, u_int);
456 static void run_rt5592_set_chan(struct run_softc *, u_int);
457 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
458 static void run_set_channel(struct ieee80211com *);
459 static void run_getradiocaps(struct ieee80211com *, int, int *,
460 struct ieee80211_channel[]);
461 static void run_scan_start(struct ieee80211com *);
462 static void run_scan_end(struct ieee80211com *);
463 static void run_update_beacon(struct ieee80211vap *, int);
464 static void run_update_beacon_cb(void *);
465 static void run_updateprot(struct ieee80211com *);
466 static void run_updateprot_cb(void *);
467 static void run_usb_timeout_cb(void *);
468 static void run_reset_livelock(struct run_softc *);
469 static void run_enable_tsf_sync(struct run_softc *);
470 static void run_enable_tsf(struct run_softc *);
471 static void run_get_tsf(struct run_softc *, uint64_t *);
472 static void run_enable_mrr(struct run_softc *);
473 static void run_set_txpreamble(struct run_softc *);
474 static void run_set_basicrates(struct run_softc *);
475 static void run_set_leds(struct run_softc *, uint16_t);
476 static void run_set_bssid(struct run_softc *, const uint8_t *);
477 static void run_set_macaddr(struct run_softc *, const uint8_t *);
478 static void run_updateslot(struct ieee80211com *);
479 static void run_updateslot_cb(void *);
480 static void run_update_mcast(struct ieee80211com *);
481 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
482 static void run_update_promisc_locked(struct run_softc *);
483 static void run_update_promisc(struct ieee80211com *);
484 static void run_rt5390_bbp_init(struct run_softc *);
485 static int run_bbp_init(struct run_softc *);
486 static int run_rt3070_rf_init(struct run_softc *);
487 static void run_rt3593_rf_init(struct run_softc *);
488 static void run_rt5390_rf_init(struct run_softc *);
489 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
491 static void run_rt3070_rf_setup(struct run_softc *);
492 static void run_rt3593_rf_setup(struct run_softc *);
493 static void run_rt5390_rf_setup(struct run_softc *);
494 static int run_txrx_enable(struct run_softc *);
495 static void run_adjust_freq_offset(struct run_softc *);
496 static void run_init_locked(struct run_softc *);
497 static void run_stop(void *);
498 static void run_delay(struct run_softc *, u_int);
500 static eventhandler_tag run_etag;
502 static const struct rt2860_rate {
505 enum ieee80211_phytype phy;
510 { 2, 0, IEEE80211_T_DS, 0, 314, 314 },
511 { 4, 1, IEEE80211_T_DS, 1, 258, 162 },
512 { 11, 2, IEEE80211_T_DS, 2, 223, 127 },
513 { 22, 3, IEEE80211_T_DS, 3, 213, 117 },
514 { 12, 0, IEEE80211_T_OFDM, 4, 60, 60 },
515 { 18, 1, IEEE80211_T_OFDM, 4, 52, 52 },
516 { 24, 2, IEEE80211_T_OFDM, 6, 48, 48 },
517 { 36, 3, IEEE80211_T_OFDM, 6, 44, 44 },
518 { 48, 4, IEEE80211_T_OFDM, 8, 44, 44 },
519 { 72, 5, IEEE80211_T_OFDM, 8, 40, 40 },
520 { 96, 6, IEEE80211_T_OFDM, 8, 40, 40 },
521 { 108, 7, IEEE80211_T_OFDM, 8, 40, 40 }
524 static const struct {
527 } rt2870_def_mac[] = {
531 static const struct {
534 } rt2860_def_bbp[] = {
536 },rt5390_def_bbp[] = {
538 },rt5592_def_bbp[] = {
543 * Default values for BBP register R196 for RT5592.
545 static const uint8_t rt5592_bbp_r196[] = {
546 0xe0, 0x1f, 0x38, 0x32, 0x08, 0x28, 0x19, 0x0a, 0xff, 0x00,
547 0x16, 0x10, 0x10, 0x0b, 0x36, 0x2c, 0x26, 0x24, 0x42, 0x36,
548 0x30, 0x2d, 0x4c, 0x46, 0x3d, 0x40, 0x3e, 0x42, 0x3d, 0x40,
549 0x3c, 0x34, 0x2c, 0x2f, 0x3c, 0x35, 0x2e, 0x2a, 0x49, 0x41,
550 0x36, 0x31, 0x30, 0x30, 0x0e, 0x0d, 0x28, 0x21, 0x1c, 0x16,
551 0x50, 0x4a, 0x43, 0x40, 0x10, 0x10, 0x10, 0x10, 0x00, 0x00,
552 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
553 0x00, 0x00, 0x7d, 0x14, 0x32, 0x2c, 0x36, 0x4c, 0x43, 0x2c,
554 0x2e, 0x36, 0x30, 0x6e
557 static const struct rfprog {
559 uint32_t r1, r2, r3, r4;
560 } rt2860_rf2850[] = {
570 static const struct rt5592_freqs {
573 } rt5592_freqs_20mhz[] = {
575 },rt5592_freqs_40mhz[] = {
579 static const struct {
582 } rt3070_def_rf[] = {
584 },rt3572_def_rf[] = {
586 },rt3593_def_rf[] = {
588 },rt5390_def_rf[] = {
590 },rt5392_def_rf[] = {
592 },rt5592_def_rf[] = {
594 },rt5592_2ghz_def_rf[] = {
596 },rt5592_5ghz_def_rf[] = {
600 static const struct {
605 } rt5592_chan_5ghz[] = {
609 static const struct usb_config run_config[RUN_N_XFER] = {
612 .endpoint = UE_ADDR_ANY,
614 .direction = UE_DIR_OUT,
615 .bufsize = RUN_MAX_TXSZ,
616 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
617 .callback = run_bulk_tx_callback0,
618 .timeout = 5000, /* ms */
622 .endpoint = UE_ADDR_ANY,
623 .direction = UE_DIR_OUT,
625 .bufsize = RUN_MAX_TXSZ,
626 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
627 .callback = run_bulk_tx_callback1,
628 .timeout = 5000, /* ms */
632 .endpoint = UE_ADDR_ANY,
633 .direction = UE_DIR_OUT,
635 .bufsize = RUN_MAX_TXSZ,
636 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
637 .callback = run_bulk_tx_callback2,
638 .timeout = 5000, /* ms */
642 .endpoint = UE_ADDR_ANY,
643 .direction = UE_DIR_OUT,
645 .bufsize = RUN_MAX_TXSZ,
646 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
647 .callback = run_bulk_tx_callback3,
648 .timeout = 5000, /* ms */
650 [RUN_BULK_TX_HCCA] = {
652 .endpoint = UE_ADDR_ANY,
653 .direction = UE_DIR_OUT,
655 .bufsize = RUN_MAX_TXSZ,
656 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
657 .callback = run_bulk_tx_callback4,
658 .timeout = 5000, /* ms */
660 [RUN_BULK_TX_PRIO] = {
662 .endpoint = UE_ADDR_ANY,
663 .direction = UE_DIR_OUT,
665 .bufsize = RUN_MAX_TXSZ,
666 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
667 .callback = run_bulk_tx_callback5,
668 .timeout = 5000, /* ms */
672 .endpoint = UE_ADDR_ANY,
673 .direction = UE_DIR_IN,
674 .bufsize = RUN_MAX_RXSZ,
675 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
676 .callback = run_bulk_rx_callback,
681 run_autoinst(void *arg, struct usb_device *udev,
682 struct usb_attach_arg *uaa)
684 struct usb_interface *iface;
685 struct usb_interface_descriptor *id;
687 if (uaa->dev_state != UAA_DEV_READY)
690 iface = usbd_get_iface(udev, 0);
694 if (id == NULL || id->bInterfaceClass != UICLASS_MASS)
696 if (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa))
699 if (usb_msc_eject(udev, 0, MSC_EJECT_STOPUNIT) == 0)
700 uaa->dev_state = UAA_DEV_EJECTING;
704 run_driver_loaded(struct module *mod, int what, void *arg)
708 run_etag = EVENTHANDLER_REGISTER(usb_dev_configured,
709 run_autoinst, NULL, EVENTHANDLER_PRI_ANY);
712 EVENTHANDLER_DEREGISTER(usb_dev_configured, run_etag);
721 run_match(device_t self)
723 struct usb_attach_arg *uaa = device_get_ivars(self);
725 if (uaa->usb_mode != USB_MODE_HOST)
727 if (uaa->info.bConfigIndex != 0)
729 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
732 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
736 run_attach(device_t self)
738 struct run_softc *sc = device_get_softc(self);
739 struct usb_attach_arg *uaa = device_get_ivars(self);
740 struct ieee80211com *ic = &sc->sc_ic;
745 device_set_usb_desc(self);
746 sc->sc_udev = uaa->device;
748 if (USB_GET_DRIVER_INFO(uaa) != RUN_EJECT)
749 sc->sc_flags |= RUN_FLAG_FWLOAD_NEEDED;
751 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
752 MTX_NETWORK_LOCK, MTX_DEF);
753 mbufq_init(&sc->sc_snd, ifqmaxlen);
755 iface_index = RT2860_IFACE_INDEX;
757 error = usbd_transfer_setup(uaa->device, &iface_index,
758 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
760 device_printf(self, "could not allocate USB transfers, "
761 "err=%s\n", usbd_errstr(error));
767 /* wait for the chip to settle */
768 for (ntries = 0; ntries < 100; ntries++) {
769 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0) {
773 if (ver != 0 && ver != 0xffffffff)
778 device_printf(sc->sc_dev,
779 "timeout waiting for NIC to initialize\n");
783 sc->mac_ver = ver >> 16;
784 sc->mac_rev = ver & 0xffff;
786 /* retrieve RF rev. no and various other things from EEPROM */
789 device_printf(sc->sc_dev,
790 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
791 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
792 sc->ntxchains, sc->nrxchains, ether_sprintf(ic->ic_macaddr));
797 ic->ic_name = device_get_nameunit(self);
798 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
799 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
801 /* set device capabilities */
803 IEEE80211_C_STA | /* station mode supported */
804 IEEE80211_C_MONITOR | /* monitor mode supported */
807 IEEE80211_C_WDS | /* 4-address traffic works */
809 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
810 IEEE80211_C_SHSLOT | /* short slot time supported */
811 IEEE80211_C_WME | /* WME */
812 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
815 IEEE80211_CRYPTO_WEP |
816 IEEE80211_CRYPTO_AES_CCM |
817 IEEE80211_CRYPTO_TKIPMIC |
818 IEEE80211_CRYPTO_TKIP;
820 ic->ic_flags |= IEEE80211_F_DATAPAD;
821 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
823 run_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
826 ieee80211_ifattach(ic);
828 ic->ic_scan_start = run_scan_start;
829 ic->ic_scan_end = run_scan_end;
830 ic->ic_set_channel = run_set_channel;
831 ic->ic_getradiocaps = run_getradiocaps;
832 ic->ic_node_alloc = run_node_alloc;
833 ic->ic_newassoc = run_newassoc;
834 ic->ic_updateslot = run_updateslot;
835 ic->ic_update_mcast = run_update_mcast;
836 ic->ic_wme.wme_update = run_wme_update;
837 ic->ic_raw_xmit = run_raw_xmit;
838 ic->ic_update_promisc = run_update_promisc;
839 ic->ic_vap_create = run_vap_create;
840 ic->ic_vap_delete = run_vap_delete;
841 ic->ic_transmit = run_transmit;
842 ic->ic_parent = run_parent;
844 ieee80211_radiotap_attach(ic,
845 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
846 RUN_TX_RADIOTAP_PRESENT,
847 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
848 RUN_RX_RADIOTAP_PRESENT);
850 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
851 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
852 usb_callout_init_mtx(&sc->ratectl_ch, &sc->sc_mtx, 0);
855 ieee80211_announce(ic);
865 run_drain_mbufq(struct run_softc *sc)
868 struct ieee80211_node *ni;
870 RUN_LOCK_ASSERT(sc, MA_OWNED);
871 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
872 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
873 m->m_pkthdr.rcvif = NULL;
874 ieee80211_free_node(ni);
880 run_detach(device_t self)
882 struct run_softc *sc = device_get_softc(self);
883 struct ieee80211com *ic = &sc->sc_ic;
890 /* stop all USB transfers */
891 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
894 sc->ratectl_run = RUN_RATECTL_OFF;
895 sc->cmdq_run = sc->cmdq_key_set = RUN_CMDQ_ABORT;
897 /* free TX list, if any */
898 for (i = 0; i != RUN_EP_QUEUES; i++)
899 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
905 if (sc->sc_ic.ic_softc == sc) {
907 usb_callout_drain(&sc->ratectl_ch);
908 ieee80211_draintask(ic, &sc->cmdq_task);
909 ieee80211_draintask(ic, &sc->ratectl_task);
910 ieee80211_ifdetach(ic);
913 mtx_destroy(&sc->sc_mtx);
918 static struct ieee80211vap *
919 run_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
920 enum ieee80211_opmode opmode, int flags,
921 const uint8_t bssid[IEEE80211_ADDR_LEN],
922 const uint8_t mac[IEEE80211_ADDR_LEN])
924 struct run_softc *sc = ic->ic_softc;
926 struct ieee80211vap *vap;
929 if (sc->rvp_cnt >= RUN_VAP_MAX) {
930 device_printf(sc->sc_dev, "number of VAPs maxed out\n");
935 case IEEE80211_M_STA:
936 /* enable s/w bmiss handling for sta mode */
937 flags |= IEEE80211_CLONE_NOBEACONS;
939 case IEEE80211_M_IBSS:
940 case IEEE80211_M_MONITOR:
941 case IEEE80211_M_HOSTAP:
942 case IEEE80211_M_MBSS:
943 /* other than WDS vaps, only one at a time */
944 if (!TAILQ_EMPTY(&ic->ic_vaps))
947 case IEEE80211_M_WDS:
948 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
949 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
951 /* WDS vap's always share the local mac address. */
952 flags &= ~IEEE80211_CLONE_BSSID;
956 device_printf(sc->sc_dev,
957 "wds only supported in ap mode\n");
962 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
966 rvp = malloc(sizeof(struct run_vap), M_80211_VAP, M_WAITOK | M_ZERO);
969 if (ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
972 free(rvp, M_80211_VAP);
976 vap->iv_update_beacon = run_update_beacon;
977 vap->iv_max_aid = RT2870_WCID_MAX;
979 * To delete the right key from h/w, we need wcid.
980 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
981 * and matching wcid will be written into there. So, cast
982 * some spells to remove 'const' from ieee80211_key{}
984 vap->iv_key_delete = (void *)run_key_delete;
985 vap->iv_key_set = (void *)run_key_set;
987 /* override state transition machine */
988 rvp->newstate = vap->iv_newstate;
989 vap->iv_newstate = run_newstate;
990 if (opmode == IEEE80211_M_IBSS) {
991 rvp->recv_mgmt = vap->iv_recv_mgmt;
992 vap->iv_recv_mgmt = run_recv_mgmt;
995 ieee80211_ratectl_init(vap);
996 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
999 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status,
1002 /* make sure id is always unique */
1003 for (i = 0; i < RUN_VAP_MAX; i++) {
1004 if((sc->rvp_bmap & 1 << i) == 0){
1005 sc->rvp_bmap |= 1 << i;
1010 if (sc->rvp_cnt++ == 0)
1011 ic->ic_opmode = opmode;
1013 if (opmode == IEEE80211_M_HOSTAP)
1014 sc->cmdq_run = RUN_CMDQ_GO;
1016 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "rvp_id=%d bmap=%x rvp_cnt=%d\n",
1017 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1023 run_vap_delete(struct ieee80211vap *vap)
1025 struct run_vap *rvp = RUN_VAP(vap);
1026 struct ieee80211com *ic;
1027 struct run_softc *sc;
1038 m_freem(rvp->beacon_mbuf);
1039 rvp->beacon_mbuf = NULL;
1041 rvp_id = rvp->rvp_id;
1042 sc->ratectl_run &= ~(1 << rvp_id);
1043 sc->rvp_bmap &= ~(1 << rvp_id);
1044 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
1045 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
1048 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
1049 "vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
1050 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
1054 ieee80211_ratectl_deinit(vap);
1055 ieee80211_vap_detach(vap);
1056 free(rvp, M_80211_VAP);
1060 * There are numbers of functions need to be called in context thread.
1061 * Rather than creating taskqueue event for each of those functions,
1062 * here is all-for-one taskqueue callback function. This function
1063 * guarantees deferred functions are executed in the same order they
1065 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
1068 run_cmdq_cb(void *arg, int pending)
1070 struct run_softc *sc = arg;
1073 /* call cmdq[].func locked */
1075 for (i = sc->cmdq_exec; sc->cmdq[i].func && pending;
1076 i = sc->cmdq_exec, pending--) {
1077 RUN_DPRINTF(sc, RUN_DEBUG_CMD, "cmdq_exec=%d pending=%d\n",
1079 if (sc->cmdq_run == RUN_CMDQ_GO) {
1081 * If arg0 is NULL, callback func needs more
1082 * than one arg. So, pass ptr to cmdq struct.
1084 if (sc->cmdq[i].arg0)
1085 sc->cmdq[i].func(sc->cmdq[i].arg0);
1087 sc->cmdq[i].func(&sc->cmdq[i]);
1089 sc->cmdq[i].arg0 = NULL;
1090 sc->cmdq[i].func = NULL;
1092 sc->cmdq_exec &= RUN_CMDQ_MASQ;
1098 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1100 struct run_tx_data *data;
1102 memset(pq, 0, sizeof(*pq));
1104 STAILQ_INIT(&pq->tx_qh);
1105 STAILQ_INIT(&pq->tx_fh);
1107 for (data = &pq->tx_data[0];
1108 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1110 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
1112 pq->tx_nfree = RUN_TX_RING_COUNT;
1116 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
1118 struct run_tx_data *data;
1120 /* make sure any subsequent use of the queues will fail */
1122 STAILQ_INIT(&pq->tx_fh);
1123 STAILQ_INIT(&pq->tx_qh);
1125 /* free up all node references and mbufs */
1126 for (data = &pq->tx_data[0];
1127 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
1128 if (data->m != NULL) {
1132 if (data->ni != NULL) {
1133 ieee80211_free_node(data->ni);
1140 run_load_microcode(struct run_softc *sc)
1142 usb_device_request_t req;
1143 const struct firmware *fw;
1147 const uint64_t *temp;
1151 fw = firmware_get("runfw");
1154 device_printf(sc->sc_dev,
1155 "failed loadfirmware of file %s\n", "runfw");
1159 if (fw->datasize != 8192) {
1160 device_printf(sc->sc_dev,
1161 "invalid firmware size (should be 8KB)\n");
1167 * RT3071/RT3072 use a different firmware
1168 * run-rt2870 (8KB) contains both,
1169 * first half (4KB) is for rt2870,
1170 * last half is for rt3071.
1173 if ((sc->mac_ver) != 0x2860 &&
1174 (sc->mac_ver) != 0x2872 &&
1175 (sc->mac_ver) != 0x3070) {
1179 /* cheap sanity check */
1182 if (bytes != be64toh(0xffffff0210280210ULL)) {
1183 device_printf(sc->sc_dev, "firmware checksum failed\n");
1188 /* write microcode image */
1189 if (sc->sc_flags & RUN_FLAG_FWLOAD_NEEDED) {
1190 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1191 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1192 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1195 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1196 req.bRequest = RT2870_RESET;
1197 USETW(req.wValue, 8);
1198 USETW(req.wIndex, 0);
1199 USETW(req.wLength, 0);
1200 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL))
1202 device_printf(sc->sc_dev, "firmware reset failed\n");
1208 run_write(sc, RT2860_H2M_BBPAGENT, 0);
1209 run_write(sc, RT2860_H2M_MAILBOX, 0);
1210 run_write(sc, RT2860_H2M_INTSRC, 0);
1211 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1214 /* wait until microcontroller is ready */
1215 for (ntries = 0; ntries < 1000; ntries++) {
1216 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0)
1218 if (tmp & RT2860_MCU_READY)
1222 if (ntries == 1000) {
1223 device_printf(sc->sc_dev,
1224 "timeout waiting for MCU to initialize\n");
1228 device_printf(sc->sc_dev, "firmware %s ver. %u.%u loaded\n",
1229 (base == fw->data) ? "RT2870" : "RT3071",
1230 *(base + 4092), *(base + 4093));
1233 firmware_put(fw, FIRMWARE_UNLOAD);
1238 run_reset(struct run_softc *sc)
1240 usb_device_request_t req;
1242 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1243 req.bRequest = RT2870_RESET;
1244 USETW(req.wValue, 1);
1245 USETW(req.wIndex, 0);
1246 USETW(req.wLength, 0);
1247 return (usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL));
1251 run_do_request(struct run_softc *sc,
1252 struct usb_device_request *req, void *data)
1257 RUN_LOCK_ASSERT(sc, MA_OWNED);
1260 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1261 req, data, 0, NULL, 250 /* ms */);
1264 RUN_DPRINTF(sc, RUN_DEBUG_USB,
1265 "Control request failed, %s (retrying)\n",
1273 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1278 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1280 *val = le32toh(tmp);
1287 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1289 usb_device_request_t req;
1291 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1292 req.bRequest = RT2870_READ_REGION_1;
1293 USETW(req.wValue, 0);
1294 USETW(req.wIndex, reg);
1295 USETW(req.wLength, len);
1297 return (run_do_request(sc, &req, buf));
1301 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1303 usb_device_request_t req;
1305 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1306 req.bRequest = RT2870_WRITE_2;
1307 USETW(req.wValue, val);
1308 USETW(req.wIndex, reg);
1309 USETW(req.wLength, 0);
1311 return (run_do_request(sc, &req, NULL));
1315 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1319 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1320 error = run_write_2(sc, reg + 2, val >> 16);
1325 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1331 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1332 * We thus issue multiple WRITE_2 commands instead.
1334 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1335 for (i = 0; i < len && error == 0; i += 2)
1336 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1339 usb_device_request_t req;
1343 * NOTE: It appears the WRITE_REGION_1 command cannot be
1344 * passed a huge amount of data, which will crash the
1345 * firmware. Limit amount of data passed to 64-bytes at a
1353 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1354 req.bRequest = RT2870_WRITE_REGION_1;
1355 USETW(req.wValue, 0);
1356 USETW(req.wIndex, reg);
1357 USETW(req.wLength, delta);
1358 error = run_do_request(sc, &req, __DECONST(uint8_t *, buf));
1370 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1374 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1375 for (i = 0; i < len && error == 0; i += 4)
1376 error = run_write(sc, reg + i, val);
1381 run_efuse_read(struct run_softc *sc, uint16_t addr, uint16_t *val, int count)
1387 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1393 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1399 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1400 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1401 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1402 for (ntries = 0; ntries < 100; ntries++) {
1403 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1405 if (!(tmp & RT3070_EFSROM_KICK))
1412 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1413 *val = 0xffff; /* address not found */
1416 /* determine to which 32-bit register our 16-bit word belongs */
1417 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1418 if ((error = run_read(sc, reg, &tmp)) != 0)
1421 tmp >>= (8 * (addr & 0x3));
1422 *val = (addr & 1) ? tmp >> 16 : tmp & 0xffff;
1427 /* Read 16-bit from eFUSE ROM for RT3xxx. */
1429 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1431 return (run_efuse_read(sc, addr, val, 2));
1435 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1437 usb_device_request_t req;
1442 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1443 req.bRequest = RT2870_EEPROM_READ;
1444 USETW(req.wValue, 0);
1445 USETW(req.wIndex, addr);
1446 USETW(req.wLength, sizeof(tmp));
1448 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1450 *val = le16toh(tmp);
1457 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1459 /* either eFUSE ROM or EEPROM */
1460 return sc->sc_srom_read(sc, addr, val);
1464 run_rt2870_rf_write(struct run_softc *sc, uint32_t val)
1469 for (ntries = 0; ntries < 10; ntries++) {
1470 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1472 if (!(tmp & RT2860_RF_REG_CTRL))
1478 return (run_write(sc, RT2860_RF_CSR_CFG0, val));
1482 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1487 for (ntries = 0; ntries < 100; ntries++) {
1488 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1490 if (!(tmp & RT3070_RF_KICK))
1496 tmp = RT3070_RF_KICK | reg << 8;
1497 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1500 for (ntries = 0; ntries < 100; ntries++) {
1501 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1503 if (!(tmp & RT3070_RF_KICK))
1514 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1519 for (ntries = 0; ntries < 10; ntries++) {
1520 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1522 if (!(tmp & RT3070_RF_KICK))
1528 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1529 return (run_write(sc, RT3070_RF_CSR_CFG, tmp));
1533 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1538 for (ntries = 0; ntries < 10; ntries++) {
1539 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1541 if (!(tmp & RT2860_BBP_CSR_KICK))
1547 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1548 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1551 for (ntries = 0; ntries < 10; ntries++) {
1552 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1554 if (!(tmp & RT2860_BBP_CSR_KICK))
1565 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1570 for (ntries = 0; ntries < 10; ntries++) {
1571 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1573 if (!(tmp & RT2860_BBP_CSR_KICK))
1579 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1580 return (run_write(sc, RT2860_BBP_CSR_CFG, tmp));
1584 * Send a command to the 8051 microcontroller unit.
1587 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1592 for (ntries = 0; ntries < 100; ntries++) {
1593 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1595 if (!(tmp & RT2860_H2M_BUSY))
1601 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1602 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1603 error = run_write(sc, RT2860_HOST_CMD, cmd);
1608 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1609 * Used to adjust per-rate Tx power registers.
1611 static __inline uint32_t
1612 b4inc(uint32_t b32, int8_t delta)
1616 for (i = 0; i < 8; i++) {
1623 b32 = b32 >> 4 | b4 << 28;
1629 run_get_rf(uint16_t rev)
1632 case RT2860_RF_2820: return "RT2820";
1633 case RT2860_RF_2850: return "RT2850";
1634 case RT2860_RF_2720: return "RT2720";
1635 case RT2860_RF_2750: return "RT2750";
1636 case RT3070_RF_3020: return "RT3020";
1637 case RT3070_RF_2020: return "RT2020";
1638 case RT3070_RF_3021: return "RT3021";
1639 case RT3070_RF_3022: return "RT3022";
1640 case RT3070_RF_3052: return "RT3052";
1641 case RT3593_RF_3053: return "RT3053";
1642 case RT5592_RF_5592: return "RT5592";
1643 case RT5390_RF_5370: return "RT5370";
1644 case RT5390_RF_5372: return "RT5372";
1650 run_rt3593_get_txpower(struct run_softc *sc)
1655 /* Read power settings for 2GHz channels. */
1656 for (i = 0; i < 14; i += 2) {
1657 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE1 :
1658 RT2860_EEPROM_PWR2GHZ_BASE1;
1659 run_srom_read(sc, addr + i / 2, &val);
1660 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1661 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1663 addr = (sc->ntxchains == 3) ? RT3593_EEPROM_PWR2GHZ_BASE2 :
1664 RT2860_EEPROM_PWR2GHZ_BASE2;
1665 run_srom_read(sc, addr + i / 2, &val);
1666 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1667 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1669 if (sc->ntxchains == 3) {
1670 run_srom_read(sc, RT3593_EEPROM_PWR2GHZ_BASE3 + i / 2,
1672 sc->txpow3[i + 0] = (int8_t)(val & 0xff);
1673 sc->txpow3[i + 1] = (int8_t)(val >> 8);
1676 /* Fix broken Tx power entries. */
1677 for (i = 0; i < 14; i++) {
1678 if (sc->txpow1[i] > 31)
1680 if (sc->txpow2[i] > 31)
1682 if (sc->ntxchains == 3) {
1683 if (sc->txpow3[i] > 31)
1687 /* Read power settings for 5GHz channels. */
1688 for (i = 0; i < 40; i += 2) {
1689 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1690 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1691 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1693 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1694 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1695 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1697 if (sc->ntxchains == 3) {
1698 run_srom_read(sc, RT3593_EEPROM_PWR5GHZ_BASE3 + i / 2,
1700 sc->txpow3[i + 14] = (int8_t)(val & 0xff);
1701 sc->txpow3[i + 15] = (int8_t)(val >> 8);
1707 run_get_txpower(struct run_softc *sc)
1712 /* Read power settings for 2GHz channels. */
1713 for (i = 0; i < 14; i += 2) {
1714 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1715 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1716 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1718 if (sc->mac_ver != 0x5390) {
1720 RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1721 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1722 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1725 /* Fix broken Tx power entries. */
1726 for (i = 0; i < 14; i++) {
1727 if (sc->mac_ver >= 0x5390) {
1728 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 39)
1731 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1734 if (sc->mac_ver > 0x5390) {
1735 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 39)
1737 } else if (sc->mac_ver < 0x5390) {
1738 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1741 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1742 "chan %d: power1=%d, power2=%d\n",
1743 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1745 /* Read power settings for 5GHz channels. */
1746 for (i = 0; i < 40; i += 2) {
1747 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1748 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1749 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1751 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1752 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1753 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1755 /* Fix broken Tx power entries. */
1756 for (i = 0; i < 40; i++ ) {
1757 if (sc->mac_ver != 0x5592) {
1758 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1759 sc->txpow1[14 + i] = 5;
1760 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1761 sc->txpow2[14 + i] = 5;
1763 RUN_DPRINTF(sc, RUN_DEBUG_TXPWR,
1764 "chan %d: power1=%d, power2=%d\n",
1765 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1766 sc->txpow2[14 + i]);
1771 run_read_eeprom(struct run_softc *sc)
1773 struct ieee80211com *ic = &sc->sc_ic;
1774 int8_t delta_2ghz, delta_5ghz;
1779 /* check whether the ROM is eFUSE ROM or EEPROM */
1780 sc->sc_srom_read = run_eeprom_read_2;
1781 if (sc->mac_ver >= 0x3070) {
1782 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1783 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EFUSE_CTRL=0x%08x\n", tmp);
1784 if ((tmp & RT3070_SEL_EFUSE) || sc->mac_ver == 0x3593)
1785 sc->sc_srom_read = run_efuse_read_2;
1788 /* read ROM version */
1789 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1790 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1791 "EEPROM rev=%d, FAE=%d\n", val >> 8, val & 0xff);
1793 /* read MAC address */
1794 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1795 ic->ic_macaddr[0] = val & 0xff;
1796 ic->ic_macaddr[1] = val >> 8;
1797 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1798 ic->ic_macaddr[2] = val & 0xff;
1799 ic->ic_macaddr[3] = val >> 8;
1800 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1801 ic->ic_macaddr[4] = val & 0xff;
1802 ic->ic_macaddr[5] = val >> 8;
1804 if (sc->mac_ver < 0x3593) {
1805 /* read vender BBP settings */
1806 for (i = 0; i < 10; i++) {
1807 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1808 sc->bbp[i].val = val & 0xff;
1809 sc->bbp[i].reg = val >> 8;
1810 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1811 "BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
1813 if (sc->mac_ver >= 0x3071) {
1814 /* read vendor RF settings */
1815 for (i = 0; i < 10; i++) {
1816 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i,
1818 sc->rf[i].val = val & 0xff;
1819 sc->rf[i].reg = val >> 8;
1820 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "RF%d=0x%02x\n",
1821 sc->rf[i].reg, sc->rf[i].val);
1826 /* read RF frequency offset from EEPROM */
1827 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1828 RT3593_EEPROM_FREQ, &val);
1829 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1830 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM freq offset %d\n",
1833 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_FREQ_LEDS :
1834 RT3593_EEPROM_FREQ_LEDS, &val);
1835 if (val >> 8 != 0xff) {
1836 /* read LEDs operating mode */
1837 sc->leds = val >> 8;
1838 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED1 :
1839 RT3593_EEPROM_LED1, &sc->led[0]);
1840 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED2 :
1841 RT3593_EEPROM_LED2, &sc->led[1]);
1842 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LED3 :
1843 RT3593_EEPROM_LED3, &sc->led[2]);
1845 /* broken EEPROM, use default settings */
1847 sc->led[0] = 0x5555;
1848 sc->led[1] = 0x2221;
1849 sc->led[2] = 0x5627; /* differs from RT2860 */
1851 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
1852 "EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1853 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1855 /* read RF information */
1856 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392)
1857 run_srom_read(sc, 0x00, &val);
1859 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1861 if (val == 0xffff) {
1862 device_printf(sc->sc_dev,
1863 "invalid EEPROM antenna info, using default\n");
1864 if (sc->mac_ver == 0x3572) {
1865 /* default to RF3052 2T2R */
1866 sc->rf_rev = RT3070_RF_3052;
1869 } else if (sc->mac_ver >= 0x3070) {
1870 /* default to RF3020 1T1R */
1871 sc->rf_rev = RT3070_RF_3020;
1875 /* default to RF2820 1T2R */
1876 sc->rf_rev = RT2860_RF_2820;
1881 if (sc->mac_ver == 0x5390 || sc->mac_ver ==0x5392) {
1883 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1885 sc->rf_rev = (val >> 8) & 0xf;
1886 sc->ntxchains = (val >> 4) & 0xf;
1887 sc->nrxchains = val & 0xf;
1889 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM RF rev=0x%04x chains=%dT%dR\n",
1890 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1892 /* check if RF supports automatic Tx access gain control */
1893 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1894 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "EEPROM CFG 0x%04x\n", val);
1895 /* check if driver should patch the DAC issue */
1896 if ((val >> 8) != 0xff)
1897 sc->patch_dac = (val >> 15) & 1;
1898 if ((val & 0xff) != 0xff) {
1899 sc->ext_5ghz_lna = (val >> 3) & 1;
1900 sc->ext_2ghz_lna = (val >> 2) & 1;
1901 /* check if RF supports automatic Tx access gain control */
1902 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1903 /* check if we have a hardware radio switch */
1904 sc->rfswitch = val & 1;
1907 /* Read Tx power settings. */
1908 if (sc->mac_ver == 0x3593)
1909 run_rt3593_get_txpower(sc);
1911 run_get_txpower(sc);
1913 /* read Tx power compensation for each Tx rate */
1914 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1915 delta_2ghz = delta_5ghz = 0;
1916 if ((val & 0xff) != 0xff && (val & 0x80)) {
1917 delta_2ghz = val & 0xf;
1918 if (!(val & 0x40)) /* negative number */
1919 delta_2ghz = -delta_2ghz;
1922 if ((val & 0xff) != 0xff && (val & 0x80)) {
1923 delta_5ghz = val & 0xf;
1924 if (!(val & 0x40)) /* negative number */
1925 delta_5ghz = -delta_5ghz;
1927 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1928 "power compensation=%d (2GHz), %d (5GHz)\n", delta_2ghz, delta_5ghz);
1930 for (ridx = 0; ridx < 5; ridx++) {
1933 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1935 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1936 reg |= (uint32_t)val << 16;
1938 sc->txpow20mhz[ridx] = reg;
1939 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1940 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1942 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_TXPWR,
1943 "ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1944 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1945 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1948 /* Read RSSI offsets and LNA gains from EEPROM. */
1949 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_2GHZ :
1950 RT3593_EEPROM_RSSI1_2GHZ, &val);
1951 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1952 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1953 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_2GHZ :
1954 RT3593_EEPROM_RSSI2_2GHZ, &val);
1955 if (sc->mac_ver >= 0x3070) {
1956 if (sc->mac_ver == 0x3593) {
1957 sc->txmixgain_2ghz = 0;
1958 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1961 * On RT3070 chips (limited to 2 Rx chains), this ROM
1962 * field contains the Tx mixer gain for the 2GHz band.
1964 if ((val & 0xff) != 0xff)
1965 sc->txmixgain_2ghz = val & 0x7;
1967 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (2GHz)\n",
1968 sc->txmixgain_2ghz);
1970 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1971 if (sc->mac_ver == 0x3593)
1972 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1973 sc->lna[2] = val >> 8; /* channel group 2 */
1975 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI1_5GHZ :
1976 RT3593_EEPROM_RSSI1_5GHZ, &val);
1977 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1978 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1979 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_RSSI2_5GHZ :
1980 RT3593_EEPROM_RSSI2_5GHZ, &val);
1981 if (sc->mac_ver == 0x3572) {
1983 * On RT3572 chips (limited to 2 Rx chains), this ROM
1984 * field contains the Tx mixer gain for the 5GHz band.
1986 if ((val & 0xff) != 0xff)
1987 sc->txmixgain_5ghz = val & 0x7;
1988 RUN_DPRINTF(sc, RUN_DEBUG_ROM, "tx mixer gain=%u (5GHz)\n",
1989 sc->txmixgain_5ghz);
1991 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1992 if (sc->mac_ver == 0x3593) {
1993 sc->txmixgain_5ghz = 0;
1994 run_srom_read(sc, RT3593_EEPROM_LNA_5GHZ, &val);
1996 sc->lna[3] = val >> 8; /* channel group 3 */
1998 run_srom_read(sc, (sc->mac_ver != 0x3593) ? RT2860_EEPROM_LNA :
1999 RT3593_EEPROM_LNA, &val);
2000 sc->lna[0] = val & 0xff; /* channel group 0 */
2001 sc->lna[1] = val >> 8; /* channel group 1 */
2003 /* fix broken 5GHz LNA entries */
2004 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
2005 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2006 "invalid LNA for channel group %d\n", 2);
2007 sc->lna[2] = sc->lna[1];
2009 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
2010 RUN_DPRINTF(sc, RUN_DEBUG_ROM,
2011 "invalid LNA for channel group %d\n", 3);
2012 sc->lna[3] = sc->lna[1];
2015 /* fix broken RSSI offset entries */
2016 for (ant = 0; ant < 3; ant++) {
2017 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
2018 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2019 "invalid RSSI%d offset: %d (2GHz)\n",
2020 ant + 1, sc->rssi_2ghz[ant]);
2021 sc->rssi_2ghz[ant] = 0;
2023 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
2024 RUN_DPRINTF(sc, RUN_DEBUG_ROM | RUN_DEBUG_RSSI,
2025 "invalid RSSI%d offset: %d (5GHz)\n",
2026 ant + 1, sc->rssi_5ghz[ant]);
2027 sc->rssi_5ghz[ant] = 0;
2033 static struct ieee80211_node *
2034 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
2036 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
2040 run_media_change(struct ifnet *ifp)
2042 struct ieee80211vap *vap = ifp->if_softc;
2043 struct ieee80211com *ic = vap->iv_ic;
2044 const struct ieee80211_txparam *tp;
2045 struct run_softc *sc = ic->ic_softc;
2051 error = ieee80211_media_change(ifp);
2052 if (error != ENETRESET) {
2057 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2058 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
2059 struct ieee80211_node *ni;
2060 struct run_node *rn;
2062 rate = ic->ic_sup_rates[ic->ic_curmode].
2063 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
2064 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2065 if (rt2860_rates[ridx].rate == rate)
2067 ni = ieee80211_ref_node(vap->iv_bss);
2069 rn->fix_ridx = ridx;
2070 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "rate=%d, fix_ridx=%d\n",
2071 rate, rn->fix_ridx);
2072 ieee80211_free_node(ni);
2076 if ((ifp->if_flags & IFF_UP) &&
2077 (ifp->if_drv_flags & RUN_RUNNING)){
2078 run_init_locked(sc);
2088 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
2090 const struct ieee80211_txparam *tp;
2091 struct ieee80211com *ic = vap->iv_ic;
2092 struct run_softc *sc = ic->ic_softc;
2093 struct run_vap *rvp = RUN_VAP(vap);
2094 enum ieee80211_state ostate;
2098 uint8_t restart_ratectl = 0;
2099 uint8_t bid = 1 << rvp->rvp_id;
2101 ostate = vap->iv_state;
2102 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "%s -> %s\n",
2103 ieee80211_state_name[ostate],
2104 ieee80211_state_name[nstate]);
2106 IEEE80211_UNLOCK(ic);
2109 ratectl = sc->ratectl_run; /* remember current state */
2110 sc->ratectl_run = RUN_RATECTL_OFF;
2111 usb_callout_stop(&sc->ratectl_ch);
2113 if (ostate == IEEE80211_S_RUN) {
2114 /* turn link LED off */
2115 run_set_leds(sc, RT2860_LED_RADIO);
2119 case IEEE80211_S_INIT:
2120 restart_ratectl = 1;
2122 if (ostate != IEEE80211_S_RUN)
2126 sc->runbmap &= ~bid;
2128 /* abort TSF synchronization if there is no vap running */
2129 if (--sc->running == 0) {
2130 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
2131 run_write(sc, RT2860_BCN_TIME_CFG,
2132 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
2133 RT2860_TBTT_TIMER_EN));
2137 case IEEE80211_S_RUN:
2138 if (!(sc->runbmap & bid)) {
2140 restart_ratectl = 1;
2144 m_freem(rvp->beacon_mbuf);
2145 rvp->beacon_mbuf = NULL;
2147 switch (vap->iv_opmode) {
2148 case IEEE80211_M_HOSTAP:
2149 case IEEE80211_M_MBSS:
2150 sc->ap_running |= bid;
2151 ic->ic_opmode = vap->iv_opmode;
2152 run_update_beacon_cb(vap);
2154 case IEEE80211_M_IBSS:
2155 sc->adhoc_running |= bid;
2156 if (!sc->ap_running)
2157 ic->ic_opmode = vap->iv_opmode;
2158 run_update_beacon_cb(vap);
2160 case IEEE80211_M_STA:
2161 sc->sta_running |= bid;
2162 if (!sc->ap_running && !sc->adhoc_running)
2163 ic->ic_opmode = vap->iv_opmode;
2165 /* read statistic counters (clear on read) */
2166 run_read_region_1(sc, RT2860_TX_STA_CNT0,
2167 (uint8_t *)sta, sizeof sta);
2171 ic->ic_opmode = vap->iv_opmode;
2175 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
2176 struct ieee80211_node *ni;
2178 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC) {
2185 run_set_txpreamble(sc);
2186 run_set_basicrates(sc);
2187 ni = ieee80211_ref_node(vap->iv_bss);
2188 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
2189 run_set_bssid(sc, sc->sc_bssid);
2190 ieee80211_free_node(ni);
2191 run_enable_tsf_sync(sc);
2193 /* enable automatic rate adaptation */
2194 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2195 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
2200 /* turn link LED on */
2201 run_set_leds(sc, RT2860_LED_RADIO |
2202 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
2203 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
2207 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "undefined state\n");
2211 /* restart amrr for running VAPs */
2212 if ((sc->ratectl_run = ratectl) && restart_ratectl)
2213 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2218 return(rvp->newstate(vap, nstate, arg));
2222 run_wme_update(struct ieee80211com *ic)
2224 struct chanAccParams chp;
2225 struct run_softc *sc = ic->ic_softc;
2226 const struct wmeParams *ac;
2229 ieee80211_wme_ic_getparams(ic, &chp);
2230 ac = chp.cap_wmeParams;
2232 /* update MAC TX configuration registers */
2234 for (aci = 0; aci < WME_NUM_AC; aci++) {
2235 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
2236 ac[aci].wmep_logcwmax << 16 |
2237 ac[aci].wmep_logcwmin << 12 |
2238 ac[aci].wmep_aifsn << 8 |
2239 ac[aci].wmep_txopLimit);
2240 if (error) goto err;
2243 /* update SCH/DMA registers too */
2244 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
2245 ac[WME_AC_VO].wmep_aifsn << 12 |
2246 ac[WME_AC_VI].wmep_aifsn << 8 |
2247 ac[WME_AC_BK].wmep_aifsn << 4 |
2248 ac[WME_AC_BE].wmep_aifsn);
2249 if (error) goto err;
2250 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
2251 ac[WME_AC_VO].wmep_logcwmin << 12 |
2252 ac[WME_AC_VI].wmep_logcwmin << 8 |
2253 ac[WME_AC_BK].wmep_logcwmin << 4 |
2254 ac[WME_AC_BE].wmep_logcwmin);
2255 if (error) goto err;
2256 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
2257 ac[WME_AC_VO].wmep_logcwmax << 12 |
2258 ac[WME_AC_VI].wmep_logcwmax << 8 |
2259 ac[WME_AC_BK].wmep_logcwmax << 4 |
2260 ac[WME_AC_BE].wmep_logcwmax);
2261 if (error) goto err;
2262 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
2263 ac[WME_AC_BK].wmep_txopLimit << 16 |
2264 ac[WME_AC_BE].wmep_txopLimit);
2265 if (error) goto err;
2266 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
2267 ac[WME_AC_VO].wmep_txopLimit << 16 |
2268 ac[WME_AC_VI].wmep_txopLimit);
2273 RUN_DPRINTF(sc, RUN_DEBUG_USB, "WME update failed\n");
2279 run_key_set_cb(void *arg)
2281 struct run_cmdq *cmdq = arg;
2282 struct ieee80211vap *vap = cmdq->arg1;
2283 struct ieee80211_key *k = cmdq->k;
2284 struct ieee80211com *ic = vap->iv_ic;
2285 struct run_softc *sc = ic->ic_softc;
2286 struct ieee80211_node *ni;
2287 u_int cipher = k->wk_cipher->ic_cipher;
2289 uint16_t base, associd;
2290 uint8_t mode, wcid, iv[8];
2292 RUN_LOCK_ASSERT(sc, MA_OWNED);
2294 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2295 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
2298 associd = (ni != NULL) ? ni->ni_associd : 0;
2300 /* map net80211 cipher to RT2860 security mode */
2302 case IEEE80211_CIPHER_WEP:
2303 if(k->wk_keylen < 8)
2304 mode = RT2860_MODE_WEP40;
2306 mode = RT2860_MODE_WEP104;
2308 case IEEE80211_CIPHER_TKIP:
2309 mode = RT2860_MODE_TKIP;
2311 case IEEE80211_CIPHER_AES_CCM:
2312 mode = RT2860_MODE_AES_CCMP;
2315 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "undefined case\n");
2319 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2320 "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
2321 associd, k->wk_keyix, mode,
2322 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
2323 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
2324 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
2326 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2327 wcid = 0; /* NB: update WCID0 for group keys */
2328 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
2330 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2331 1 : RUN_AID2WCID(associd);
2332 base = RT2860_PKEY(wcid);
2335 if (cipher == IEEE80211_CIPHER_TKIP) {
2336 if(run_write_region_1(sc, base, k->wk_key, 16))
2338 if(run_write_region_1(sc, base + 16, &k->wk_key[16], 8)) /* wk_txmic */
2340 if(run_write_region_1(sc, base + 24, &k->wk_key[24], 8)) /* wk_rxmic */
2343 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2344 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2348 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2349 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2350 /* set initial packet number in IV+EIV */
2351 if (cipher == IEEE80211_CIPHER_WEP) {
2352 memset(iv, 0, sizeof iv);
2353 iv[3] = vap->iv_def_txkey << 6;
2355 if (cipher == IEEE80211_CIPHER_TKIP) {
2356 iv[0] = k->wk_keytsc >> 8;
2357 iv[1] = (iv[0] | 0x20) & 0x7f;
2358 iv[2] = k->wk_keytsc;
2360 iv[0] = k->wk_keytsc;
2361 iv[1] = k->wk_keytsc >> 8;
2364 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2365 iv[4] = k->wk_keytsc >> 16;
2366 iv[5] = k->wk_keytsc >> 24;
2367 iv[6] = k->wk_keytsc >> 32;
2368 iv[7] = k->wk_keytsc >> 40;
2370 if (run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2374 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2375 /* install group key */
2376 if (run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2378 attr &= ~(0xf << (k->wk_keyix * 4));
2379 attr |= mode << (k->wk_keyix * 4);
2380 if (run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2383 /* install pairwise key */
2384 if (run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2386 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2387 if (run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2391 /* TODO create a pass-thru key entry? */
2393 /* need wcid to delete the right key later */
2398 * Don't have to be deferred, but in order to keep order of
2399 * execution, i.e. with run_key_delete(), defer this and let
2400 * run_cmdq_cb() maintain the order.
2405 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k)
2407 struct ieee80211com *ic = vap->iv_ic;
2408 struct run_softc *sc = ic->ic_softc;
2411 i = RUN_CMDQ_GET(&sc->cmdq_store);
2412 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2413 sc->cmdq[i].func = run_key_set_cb;
2414 sc->cmdq[i].arg0 = NULL;
2415 sc->cmdq[i].arg1 = vap;
2417 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, k->wk_macaddr);
2418 ieee80211_runtask(ic, &sc->cmdq_task);
2421 * To make sure key will be set when hostapd
2422 * calls iv_key_set() before if_init().
2424 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
2426 sc->cmdq_key_set = RUN_CMDQ_GO;
2434 * If wlan is destroyed without being brought down i.e. without
2435 * wlan down or wpa_cli terminate, this function is called after
2436 * vap is gone. Don't refer it.
2439 run_key_delete_cb(void *arg)
2441 struct run_cmdq *cmdq = arg;
2442 struct run_softc *sc = cmdq->arg1;
2443 struct ieee80211_key *k = &cmdq->key;
2447 RUN_LOCK_ASSERT(sc, MA_OWNED);
2449 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2450 /* remove group key */
2451 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "removing group key\n");
2452 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2453 attr &= ~(0xf << (k->wk_keyix * 4));
2454 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2456 /* remove pairwise key */
2457 RUN_DPRINTF(sc, RUN_DEBUG_KEY,
2458 "removing key for wcid %x\n", k->wk_pad);
2459 /* matching wcid was written to wk_pad in run_key_set() */
2461 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2463 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2464 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2474 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2476 struct ieee80211com *ic = vap->iv_ic;
2477 struct run_softc *sc = ic->ic_softc;
2478 struct ieee80211_key *k0;
2482 * When called back, key might be gone. So, make a copy
2483 * of some values need to delete keys before deferring.
2484 * But, because of LOR with node lock, cannot use lock here.
2485 * So, use atomic instead.
2487 i = RUN_CMDQ_GET(&sc->cmdq_store);
2488 RUN_DPRINTF(sc, RUN_DEBUG_KEY, "cmdq_store=%d\n", i);
2489 sc->cmdq[i].func = run_key_delete_cb;
2490 sc->cmdq[i].arg0 = NULL;
2491 sc->cmdq[i].arg1 = sc;
2492 k0 = &sc->cmdq[i].key;
2493 k0->wk_flags = k->wk_flags;
2494 k0->wk_keyix = k->wk_keyix;
2495 /* matching wcid was written to wk_pad in run_key_set() */
2496 k0->wk_pad = k->wk_pad;
2497 ieee80211_runtask(ic, &sc->cmdq_task);
2498 return (1); /* return fake success */
2503 run_ratectl_to(void *arg)
2505 struct run_softc *sc = arg;
2507 /* do it in a process context, so it can go sleep */
2508 ieee80211_runtask(&sc->sc_ic, &sc->ratectl_task);
2509 /* next timeout will be rescheduled in the callback task */
2514 run_ratectl_cb(void *arg, int pending)
2516 struct run_softc *sc = arg;
2517 struct ieee80211com *ic = &sc->sc_ic;
2518 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2523 if (sc->rvp_cnt > 1 || vap->iv_opmode != IEEE80211_M_STA) {
2525 * run_reset_livelock() doesn't do anything with AMRR,
2526 * but Ralink wants us to call it every 1 sec. So, we
2527 * piggyback here rather than creating another callout.
2528 * Livelock may occur only in HOSTAP or IBSS mode
2529 * (when h/w is sending beacons).
2532 run_reset_livelock(sc);
2533 /* just in case, there are some stats to drain */
2538 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2541 if(sc->ratectl_run != RUN_RATECTL_OFF)
2542 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2547 run_drain_fifo(void *arg)
2549 struct run_softc *sc = arg;
2551 uint16_t (*wstat)[3];
2552 uint8_t wcid, mcs, pid;
2555 RUN_LOCK_ASSERT(sc, MA_OWNED);
2558 /* drain Tx status FIFO (maxsize = 16) */
2559 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2560 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx stat 0x%08x\n", stat);
2561 if (!(stat & RT2860_TXQ_VLD))
2564 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2566 /* if no ACK was requested, no feedback is available */
2567 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2572 * Even though each stat is Tx-complete-status like format,
2573 * the device can poll stats. Because there is no guarantee
2574 * that the referring node is still around when read the stats.
2575 * So that, if we use ieee80211_ratectl_tx_update(), we will
2576 * have hard time not to refer already freed node.
2578 * To eliminate such page faults, we poll stats in softc.
2579 * Then, update the rates later with ieee80211_ratectl_tx_update().
2581 wstat = &(sc->wcid_stats[wcid]);
2582 (*wstat)[RUN_TXCNT]++;
2583 if (stat & RT2860_TXQ_OK)
2584 (*wstat)[RUN_SUCCESS]++;
2586 counter_u64_add(sc->sc_ic.ic_oerrors, 1);
2588 * Check if there were retries, ie if the Tx success rate is
2589 * different from the requested rate. Note that it works only
2590 * because we do not allow rate fallback from OFDM to CCK.
2592 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2593 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2594 if ((retry = pid -1 - mcs) > 0) {
2595 (*wstat)[RUN_TXCNT] += retry;
2596 (*wstat)[RUN_RETRY] += retry;
2599 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "count=%d\n", sc->fifo_cnt);
2605 run_iter_func(void *arg, struct ieee80211_node *ni)
2607 struct run_softc *sc = arg;
2608 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
2609 struct ieee80211vap *vap = ni->ni_vap;
2610 struct run_node *rn = RUN_NODE(ni);
2611 union run_stats sta[2];
2612 uint16_t (*wstat)[3];
2617 /* Check for special case */
2618 if (sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA &&
2622 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
2623 IEEE80211_RATECTL_TX_STATS_RETRIES;
2625 if (sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2626 vap->iv_opmode == IEEE80211_M_STA)) {
2627 /* read statistic counters (clear on read) and update AMRR state */
2628 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2633 /* count failed TX as errors */
2634 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS,
2635 le16toh(sta[0].error.fail));
2637 txs->nretries = le16toh(sta[1].tx.retry);
2638 txs->nsuccess = le16toh(sta[1].tx.success);
2640 txs->nframes = txs->nretries + txs->nsuccess +
2641 le16toh(sta[0].error.fail);
2643 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2644 "retrycnt=%d success=%d failcnt=%d\n",
2645 txs->nretries, txs->nsuccess, le16toh(sta[0].error.fail));
2647 wstat = &(sc->wcid_stats[RUN_AID2WCID(ni->ni_associd)]);
2649 if (wstat == &(sc->wcid_stats[0]) ||
2650 wstat > &(sc->wcid_stats[RT2870_WCID_MAX]))
2653 txs->nretries = (*wstat)[RUN_RETRY];
2654 txs->nsuccess = (*wstat)[RUN_SUCCESS];
2655 txs->nframes = (*wstat)[RUN_TXCNT];
2656 RUN_DPRINTF(sc, RUN_DEBUG_RATE,
2657 "retrycnt=%d txcnt=%d success=%d\n",
2658 txs->nretries, txs->nframes, txs->nsuccess);
2660 memset(wstat, 0, sizeof(*wstat));
2663 ieee80211_ratectl_tx_update(vap, txs);
2664 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2669 RUN_DPRINTF(sc, RUN_DEBUG_RATE, "ridx=%d\n", rn->amrr_ridx);
2673 run_newassoc_cb(void *arg)
2675 struct run_cmdq *cmdq = arg;
2676 struct ieee80211_node *ni = cmdq->arg1;
2677 struct run_softc *sc = ni->ni_vap->iv_ic->ic_softc;
2678 uint8_t wcid = cmdq->wcid;
2680 RUN_LOCK_ASSERT(sc, MA_OWNED);
2682 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2683 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2685 memset(&(sc->wcid_stats[wcid]), 0, sizeof(sc->wcid_stats[wcid]));
2689 run_newassoc(struct ieee80211_node *ni, int isnew)
2691 struct run_node *rn = RUN_NODE(ni);
2692 struct ieee80211_rateset *rs = &ni->ni_rates;
2693 struct ieee80211vap *vap = ni->ni_vap;
2694 struct ieee80211com *ic = vap->iv_ic;
2695 struct run_softc *sc = ic->ic_softc;
2701 wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
2702 1 : RUN_AID2WCID(ni->ni_associd);
2704 if (wcid > RT2870_WCID_MAX) {
2705 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2709 /* only interested in true associations */
2710 if (isnew && ni->ni_associd != 0) {
2713 * This function could is called though timeout function.
2716 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2717 RUN_DPRINTF(sc, RUN_DEBUG_STATE, "cmdq_store=%d\n", cnt);
2718 sc->cmdq[cnt].func = run_newassoc_cb;
2719 sc->cmdq[cnt].arg0 = NULL;
2720 sc->cmdq[cnt].arg1 = ni;
2721 sc->cmdq[cnt].wcid = wcid;
2722 ieee80211_runtask(ic, &sc->cmdq_task);
2725 RUN_DPRINTF(sc, RUN_DEBUG_STATE,
2726 "new assoc isnew=%d associd=%x addr=%s\n",
2727 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2729 for (i = 0; i < rs->rs_nrates; i++) {
2730 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2731 /* convert 802.11 rate to hardware rate index */
2732 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2733 if (rt2860_rates[ridx].rate == rate)
2736 /* determine rate of control response frames */
2737 for (j = i; j >= 0; j--) {
2738 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2739 rt2860_rates[rn->ridx[i]].phy ==
2740 rt2860_rates[rn->ridx[j]].phy)
2744 rn->ctl_ridx[i] = rn->ridx[j];
2746 /* no basic rate found, use mandatory one */
2747 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2749 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2750 "rate=0x%02x ridx=%d ctl_ridx=%d\n",
2751 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2753 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2754 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2755 if (rt2860_rates[ridx].rate == rate)
2757 rn->mgt_ridx = ridx;
2758 RUN_DPRINTF(sc, RUN_DEBUG_STATE | RUN_DEBUG_RATE,
2759 "rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2762 if(sc->ratectl_run != RUN_RATECTL_OFF)
2763 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2768 * Return the Rx chain with the highest RSSI for a given frame.
2770 static __inline uint8_t
2771 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2773 uint8_t rxchain = 0;
2775 if (sc->nrxchains > 1) {
2776 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2778 if (sc->nrxchains > 2)
2779 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2786 run_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype,
2787 const struct ieee80211_rx_stats *rxs, int rssi, int nf)
2789 struct ieee80211vap *vap = ni->ni_vap;
2790 struct run_softc *sc = vap->iv_ic->ic_softc;
2791 struct run_vap *rvp = RUN_VAP(vap);
2792 uint64_t ni_tstamp, rx_tstamp;
2794 rvp->recv_mgmt(ni, m, subtype, rxs, rssi, nf);
2796 if (vap->iv_state == IEEE80211_S_RUN &&
2797 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
2798 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
2799 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
2801 run_get_tsf(sc, &rx_tstamp);
2803 rx_tstamp = le64toh(rx_tstamp);
2805 if (ni_tstamp >= rx_tstamp) {
2806 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_BEACON,
2807 "ibss merge, tsf %ju tstamp %ju\n",
2808 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
2809 (void) ieee80211_ibss_merge(ni);
2815 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2817 struct ieee80211com *ic = &sc->sc_ic;
2818 struct ieee80211_frame *wh;
2819 struct ieee80211_node *ni;
2820 struct rt2870_rxd *rxd;
2821 struct rt2860_rxwi *rxwi;
2823 uint16_t len, rxwisize;
2827 rxwi = mtod(m, struct rt2860_rxwi *);
2828 len = le16toh(rxwi->len) & 0xfff;
2829 rxwisize = sizeof(struct rt2860_rxwi);
2830 if (sc->mac_ver == 0x5592)
2831 rxwisize += sizeof(uint64_t);
2832 else if (sc->mac_ver == 0x3593)
2833 rxwisize += sizeof(uint32_t);
2834 if (__predict_false(len > dmalen)) {
2836 counter_u64_add(ic->ic_ierrors, 1);
2837 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2838 "bad RXWI length %u > %u\n", len, dmalen);
2841 /* Rx descriptor is located at the end */
2842 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2843 flags = le32toh(rxd->flags);
2845 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2847 counter_u64_add(ic->ic_ierrors, 1);
2848 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s error.\n",
2849 (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2853 m->m_data += rxwisize;
2854 m->m_pkthdr.len = m->m_len -= rxwisize;
2856 wh = mtod(m, struct ieee80211_frame *);
2858 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2859 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED;
2860 m->m_flags |= M_WEP;
2863 if (flags & RT2860_RX_L2PAD) {
2864 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2865 "received RT2860_RX_L2PAD frame\n");
2869 ni = ieee80211_find_rxnode(ic,
2870 mtod(m, struct ieee80211_frame_min *));
2872 if (__predict_false(flags & RT2860_RX_MICERR)) {
2873 /* report MIC failures to net80211 for TKIP */
2875 ieee80211_notify_michael_failure(ni->ni_vap, wh,
2878 counter_u64_add(ic->ic_ierrors, 1);
2879 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2880 "MIC error. Someone is lying.\n");
2884 ant = run_maxrssi_chain(sc, rxwi);
2885 rssi = rxwi->rssi[ant];
2886 nf = run_rssi2dbm(sc, rssi, ant);
2888 m->m_pkthdr.len = m->m_len = len;
2890 if (__predict_false(ieee80211_radiotap_active(ic))) {
2891 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2895 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq);
2896 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags);
2897 tap->wr_antsignal = rssi;
2898 tap->wr_antenna = ant;
2899 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2900 tap->wr_rate = 2; /* in case it can't be found below */
2902 run_get_tsf(sc, &tap->wr_tsf);
2904 phy = le16toh(rxwi->phy);
2905 switch (phy & RT2860_PHY_MODE) {
2906 case RT2860_PHY_CCK:
2907 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2908 case 0: tap->wr_rate = 2; break;
2909 case 1: tap->wr_rate = 4; break;
2910 case 2: tap->wr_rate = 11; break;
2911 case 3: tap->wr_rate = 22; break;
2913 if (phy & RT2860_PHY_SHPRE)
2914 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2916 case RT2860_PHY_OFDM:
2917 switch (phy & RT2860_PHY_MCS) {
2918 case 0: tap->wr_rate = 12; break;
2919 case 1: tap->wr_rate = 18; break;
2920 case 2: tap->wr_rate = 24; break;
2921 case 3: tap->wr_rate = 36; break;
2922 case 4: tap->wr_rate = 48; break;
2923 case 5: tap->wr_rate = 72; break;
2924 case 6: tap->wr_rate = 96; break;
2925 case 7: tap->wr_rate = 108; break;
2932 (void)ieee80211_input(ni, m, rssi, nf);
2933 ieee80211_free_node(ni);
2935 (void)ieee80211_input_all(ic, m, rssi, nf);
2940 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2942 struct run_softc *sc = usbd_xfer_softc(xfer);
2943 struct ieee80211com *ic = &sc->sc_ic;
2944 struct mbuf *m = NULL;
2950 rxwisize = sizeof(struct rt2860_rxwi);
2951 if (sc->mac_ver == 0x5592)
2952 rxwisize += sizeof(uint64_t);
2953 else if (sc->mac_ver == 0x3593)
2954 rxwisize += sizeof(uint32_t);
2956 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2958 switch (USB_GET_STATE(xfer)) {
2959 case USB_ST_TRANSFERRED:
2961 RUN_DPRINTF(sc, RUN_DEBUG_RECV,
2962 "rx done, actlen=%d\n", xferlen);
2964 if (xferlen < (int)(sizeof(uint32_t) + rxwisize +
2965 sizeof(struct rt2870_rxd))) {
2966 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
2967 "xfer too short %d\n", xferlen);
2977 if (sc->rx_m == NULL) {
2978 sc->rx_m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR,
2979 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2981 if (sc->rx_m == NULL) {
2982 RUN_DPRINTF(sc, RUN_DEBUG_RECV | RUN_DEBUG_RECV_DESC,
2983 "could not allocate mbuf - idle with stall\n");
2984 counter_u64_add(ic->ic_ierrors, 1);
2985 usbd_xfer_set_stall(xfer);
2986 usbd_xfer_set_frames(xfer, 0);
2989 * Directly loading a mbuf cluster into DMA to
2990 * save some data copying. This works because
2991 * there is only one cluster.
2993 usbd_xfer_set_frame_data(xfer, 0,
2994 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2995 usbd_xfer_set_frames(xfer, 1);
2997 usbd_transfer_submit(xfer);
3000 default: /* Error */
3001 if (error != USB_ERR_CANCELLED) {
3002 /* try to clear stall first */
3003 usbd_xfer_set_stall(xfer);
3004 if (error == USB_ERR_TIMEOUT)
3005 device_printf(sc->sc_dev, "device timeout\n");
3006 counter_u64_add(ic->ic_ierrors, 1);
3009 if (sc->rx_m != NULL) {
3019 /* inputting all the frames must be last */
3023 m->m_pkthdr.len = m->m_len = xferlen;
3025 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
3027 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
3029 if ((dmalen >= (uint32_t)-8) || (dmalen == 0) ||
3030 ((dmalen & 3) != 0)) {
3031 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3032 "bad DMA length %u\n", dmalen);
3035 if ((dmalen + 8) > (uint32_t)xferlen) {
3036 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC | RUN_DEBUG_USB,
3037 "bad DMA length %u > %d\n",
3038 dmalen + 8, xferlen);
3042 /* If it is the last one or a single frame, we won't copy. */
3043 if ((xferlen -= dmalen + 8) <= 8) {
3044 /* trim 32-bit DMA-len header */
3046 m->m_pkthdr.len = m->m_len -= 4;
3047 run_rx_frame(sc, m, dmalen);
3048 m = NULL; /* don't free source buffer */
3052 /* copy aggregated frames to another mbuf */
3053 m0 = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
3054 if (__predict_false(m0 == NULL)) {
3055 RUN_DPRINTF(sc, RUN_DEBUG_RECV_DESC,
3056 "could not allocate mbuf\n");
3057 counter_u64_add(ic->ic_ierrors, 1);
3060 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
3061 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
3062 m0->m_pkthdr.len = m0->m_len =
3063 dmalen + sizeof(struct rt2870_rxd);
3064 run_rx_frame(sc, m0, dmalen);
3066 /* update data ptr */
3067 m->m_data += dmalen + 8;
3068 m->m_pkthdr.len = m->m_len -= dmalen + 8;
3071 /* make sure we free the source buffer, if any */
3078 run_tx_free(struct run_endpoint_queue *pq,
3079 struct run_tx_data *data, int txerr)
3082 ieee80211_tx_complete(data->ni, data->m, txerr);
3087 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
3092 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, u_int index)
3094 struct run_softc *sc = usbd_xfer_softc(xfer);
3095 struct ieee80211com *ic = &sc->sc_ic;
3096 struct run_tx_data *data;
3097 struct ieee80211vap *vap = NULL;
3098 struct usb_page_cache *pc;
3099 struct run_endpoint_queue *pq = &sc->sc_epq[index];
3101 usb_frlength_t size;
3105 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
3107 switch (USB_GET_STATE(xfer)) {
3108 case USB_ST_TRANSFERRED:
3109 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3110 "transfer complete: %d bytes @ index %d\n", actlen, index);
3112 data = usbd_xfer_get_priv(xfer);
3113 run_tx_free(pq, data, 0);
3114 usbd_xfer_set_priv(xfer, NULL);
3119 data = STAILQ_FIRST(&pq->tx_qh);
3123 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
3126 size = (sc->mac_ver == 0x5592) ?
3127 sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
3128 if ((m->m_pkthdr.len +
3129 size + 3 + 8) > RUN_MAX_TXSZ) {
3130 RUN_DPRINTF(sc, RUN_DEBUG_XMIT_DESC | RUN_DEBUG_USB,
3131 "data overflow, %u bytes\n", m->m_pkthdr.len);
3132 run_tx_free(pq, data, 1);
3136 pc = usbd_xfer_get_frame(xfer, 0);
3137 usbd_copy_in(pc, 0, &data->desc, size);
3138 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
3139 size += m->m_pkthdr.len;
3141 * Align end on a 4-byte boundary, pad 8 bytes (CRC +
3142 * 4-byte padding), and be sure to zero those trailing
3145 usbd_frame_zero(pc, size, ((-size) & 3) + 8);
3146 size += ((-size) & 3) + 8;
3148 vap = data->ni->ni_vap;
3149 if (ieee80211_radiotap_active_vap(vap)) {
3150 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
3151 struct rt2860_txwi *txwi =
3152 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
3154 tap->wt_rate = rt2860_rates[data->ridx].rate;
3155 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq);
3156 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags);
3157 tap->wt_hwqueue = index;
3158 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
3159 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3161 ieee80211_radiotap_tx(vap, m);
3164 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3165 "sending frame len=%u/%u @ index %d\n",
3166 m->m_pkthdr.len, size, index);
3168 usbd_xfer_set_frame_len(xfer, 0, size);
3169 usbd_xfer_set_priv(xfer, data);
3170 usbd_transfer_submit(xfer);
3176 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3177 "USB transfer error, %s\n", usbd_errstr(error));
3179 data = usbd_xfer_get_priv(xfer);
3182 if(data->ni != NULL)
3183 vap = data->ni->ni_vap;
3184 run_tx_free(pq, data, error);
3185 usbd_xfer_set_priv(xfer, NULL);
3189 vap = TAILQ_FIRST(&ic->ic_vaps);
3191 if (error != USB_ERR_CANCELLED) {
3192 if (error == USB_ERR_TIMEOUT) {
3193 device_printf(sc->sc_dev, "device timeout\n");
3194 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3195 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_USB,
3196 "cmdq_store=%d\n", i);
3197 sc->cmdq[i].func = run_usb_timeout_cb;
3198 sc->cmdq[i].arg0 = vap;
3199 ieee80211_runtask(ic, &sc->cmdq_task);
3203 * Try to clear stall first, also if other
3204 * errors occur, hence clearing stall
3205 * introduces a 50 ms delay:
3207 usbd_xfer_set_stall(xfer);
3215 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
3217 run_bulk_tx_callbackN(xfer, error, 0);
3221 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
3223 run_bulk_tx_callbackN(xfer, error, 1);
3227 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
3229 run_bulk_tx_callbackN(xfer, error, 2);
3233 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
3235 run_bulk_tx_callbackN(xfer, error, 3);
3239 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
3241 run_bulk_tx_callbackN(xfer, error, 4);
3245 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
3247 run_bulk_tx_callbackN(xfer, error, 5);
3251 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
3253 struct mbuf *m = data->m;
3254 struct ieee80211com *ic = &sc->sc_ic;
3255 struct ieee80211vap *vap = data->ni->ni_vap;
3256 struct ieee80211_frame *wh;
3257 struct rt2870_txd *txd;
3258 struct rt2860_txwi *txwi;
3259 uint16_t xferlen, txwisize;
3261 uint8_t ridx = data->ridx;
3264 /* get MCS code from rate index */
3265 mcs = rt2860_rates[ridx].mcs;
3267 txwisize = (sc->mac_ver == 0x5592) ?
3268 sizeof(*txwi) + sizeof(uint32_t) : sizeof(*txwi);
3269 xferlen = txwisize + m->m_pkthdr.len;
3271 /* roundup to 32-bit alignment */
3272 xferlen = (xferlen + 3) & ~3;
3274 txd = (struct rt2870_txd *)&data->desc;
3275 txd->len = htole16(xferlen);
3277 wh = mtod(m, struct ieee80211_frame *);
3280 * Ether both are true or both are false, the header
3281 * are nicely aligned to 32-bit. So, no L2 padding.
3283 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
3288 /* setup TX Wireless Information */
3289 txwi = (struct rt2860_txwi *)(txd + 1);
3290 txwi->len = htole16(m->m_pkthdr.len - pad);
3291 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
3292 mcs |= RT2860_PHY_CCK;
3293 if (ridx != RT2860_RIDX_CCK1 &&
3294 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
3295 mcs |= RT2860_PHY_SHPRE;
3297 mcs |= RT2860_PHY_OFDM;
3298 txwi->phy = htole16(mcs);
3300 /* check if RTS/CTS or CTS-to-self protection is required */
3301 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3302 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
3303 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
3304 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
3305 txwi->txop |= RT2860_TX_TXOP_HT;
3307 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
3309 if (vap->iv_opmode != IEEE80211_M_STA && !IEEE80211_QOS_HAS_SEQ(wh))
3310 txwi->xflags |= RT2860_TX_NSEQ;
3313 /* This function must be called locked */
3315 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3317 struct ieee80211com *ic = &sc->sc_ic;
3318 struct ieee80211vap *vap = ni->ni_vap;
3319 struct ieee80211_frame *wh;
3320 const struct ieee80211_txparam *tp = ni->ni_txparms;
3321 struct run_node *rn = RUN_NODE(ni);
3322 struct run_tx_data *data;
3323 struct rt2870_txd *txd;
3324 struct rt2860_txwi *txwi;
3336 RUN_LOCK_ASSERT(sc, MA_OWNED);
3338 wh = mtod(m, struct ieee80211_frame *);
3340 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3343 * There are 7 bulk endpoints: 1 for RX
3344 * and 6 for TX (4 EDCAs + HCCA + Prio).
3345 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
3346 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
3348 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
3351 if(IEEE80211_HAS_ADDR4(wh))
3352 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
3354 frm =((struct ieee80211_qosframe *)wh)->i_qos;
3356 qos = le16toh(*(const uint16_t *)frm);
3357 tid = qos & IEEE80211_QOS_TID;
3358 qid = TID_TO_WME_AC(tid);
3364 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
3366 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "qos %d\tqid %d\ttid %d\tqflags %x\n",
3367 qos, qid, tid, qflags);
3369 /* pickup a rate index */
3370 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
3371 type != IEEE80211_FC0_TYPE_DATA || m->m_flags & M_EAPOL) {
3372 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3373 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3374 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3376 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
3377 ridx = rn->fix_ridx;
3379 ridx = rn->amrr_ridx;
3380 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
3383 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
3384 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
3385 IEEE80211_QOS_ACKPOLICY_NOACK)) {
3386 xflags |= RT2860_TX_ACK;
3387 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
3388 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
3390 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
3391 USETW(wh->i_dur, dur);
3394 /* reserve slots for mgmt packets, just in case */
3395 if (sc->sc_epq[qid].tx_nfree < 3) {
3396 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx ring %d is full\n", qid);
3400 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
3401 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
3402 sc->sc_epq[qid].tx_nfree--;
3404 txd = (struct rt2870_txd *)&data->desc;
3405 txd->flags = qflags;
3406 txwi = (struct rt2860_txwi *)(txd + 1);
3407 txwi->xflags = xflags;
3408 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
3411 txwi->wcid = (vap->iv_opmode == IEEE80211_M_STA) ?
3412 1 : RUN_AID2WCID(ni->ni_associd);
3414 /* clear leftover garbage bits */
3422 run_set_tx_desc(sc, data);
3425 * The chip keeps track of 2 kind of Tx stats,
3426 * * TX_STAT_FIFO, for per WCID stats, and
3427 * * TX_STA_CNT0 for all-TX-in-one stats.
3429 * To use FIFO stats, we need to store MCS into the driver-private
3430 * PacketID field. So that, we can tell whose stats when we read them.
3431 * We add 1 to the MCS because setting the PacketID field to 0 means
3432 * that we don't want feedback in TX_STAT_FIFO.
3433 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3435 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3437 if (sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3438 vap->iv_opmode == IEEE80211_M_MBSS) {
3439 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3440 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3443 * Unlike PCI based devices, we don't get any interrupt from
3444 * USB devices, so we simulate FIFO-is-full interrupt here.
3445 * Ralink recommends to drain FIFO stats every 100 ms, but 16 slots
3446 * quickly get fulled. To prevent overflow, increment a counter on
3447 * every FIFO stat request, so we know how many slots are left.
3448 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3449 * are used only in those modes.
3450 * We just drain stats. AMRR gets updated every 1 sec by
3451 * run_ratectl_cb() via callout.
3452 * Call it early. Otherwise overflow.
3454 if (sc->fifo_cnt++ == 10) {
3456 * With multiple vaps or if_bridge, if_start() is called
3457 * with a non-sleepable lock, tcpinp. So, need to defer.
3459 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3460 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "cmdq_store=%d\n", i);
3461 sc->cmdq[i].func = run_drain_fifo;
3462 sc->cmdq[i].arg0 = sc;
3463 ieee80211_runtask(ic, &sc->cmdq_task);
3467 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3469 usbd_transfer_start(sc->sc_xfer[qid]);
3471 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3472 "sending data frame len=%d rate=%d qid=%d\n",
3473 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3474 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate, qid);
3480 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3482 struct ieee80211com *ic = &sc->sc_ic;
3483 struct run_node *rn = RUN_NODE(ni);
3484 struct run_tx_data *data;
3485 struct ieee80211_frame *wh;
3486 struct rt2870_txd *txd;
3487 struct rt2860_txwi *txwi;
3489 uint8_t ridx = rn->mgt_ridx;
3493 RUN_LOCK_ASSERT(sc, MA_OWNED);
3495 wh = mtod(m, struct ieee80211_frame *);
3497 /* tell hardware to add timestamp for probe responses */
3499 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3500 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3501 wflags |= RT2860_TX_TS;
3502 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3503 xflags |= RT2860_TX_ACK;
3505 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3506 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3507 USETW(wh->i_dur, dur);
3510 if (sc->sc_epq[0].tx_nfree == 0)
3511 /* let caller free mbuf */
3513 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3514 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3515 sc->sc_epq[0].tx_nfree--;
3517 txd = (struct rt2870_txd *)&data->desc;
3518 txd->flags = RT2860_TX_QSEL_EDCA;
3519 txwi = (struct rt2860_txwi *)(txd + 1);
3521 txwi->flags = wflags;
3522 txwi->xflags = xflags;
3523 txwi->txop = 0; /* clear leftover garbage bits */
3529 run_set_tx_desc(sc, data);
3531 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending mgt frame len=%d rate=%d\n",
3532 m->m_pkthdr.len + (int)(sizeof(struct rt2870_txd) +
3533 sizeof(struct rt2860_txwi)), rt2860_rates[ridx].rate);
3535 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3537 usbd_transfer_start(sc->sc_xfer[0]);
3543 run_sendprot(struct run_softc *sc,
3544 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3546 struct ieee80211com *ic = ni->ni_ic;
3547 struct run_tx_data *data;
3548 struct rt2870_txd *txd;
3549 struct rt2860_txwi *txwi;
3556 RUN_LOCK_ASSERT(sc, MA_OWNED);
3558 /* check that there are free slots before allocating the mbuf */
3559 if (sc->sc_epq[0].tx_nfree == 0)
3560 /* let caller free mbuf */
3563 mprot = ieee80211_alloc_prot(ni, m, rate, prot);
3564 if (mprot == NULL) {
3565 if_inc_counter(ni->ni_vap->iv_ifp, IFCOUNTER_OERRORS, 1);
3566 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "could not allocate mbuf\n");
3570 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3571 wflags = RT2860_TX_FRAG;
3573 if (prot == IEEE80211_PROT_RTSCTS)
3574 xflags |= RT2860_TX_ACK;
3576 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3577 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3578 sc->sc_epq[0].tx_nfree--;
3580 txd = (struct rt2870_txd *)&data->desc;
3581 txd->flags = RT2860_TX_QSEL_EDCA;
3582 txwi = (struct rt2860_txwi *)(txd + 1);
3584 txwi->flags = wflags;
3585 txwi->xflags = xflags;
3586 txwi->txop = 0; /* clear leftover garbage bits */
3589 data->ni = ieee80211_ref_node(ni);
3591 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3592 if (rt2860_rates[ridx].rate == protrate)
3596 run_set_tx_desc(sc, data);
3598 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending prot len=%u rate=%u\n",
3599 m->m_pkthdr.len, rate);
3601 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3603 usbd_transfer_start(sc->sc_xfer[0]);
3609 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3610 const struct ieee80211_bpf_params *params)
3612 struct ieee80211com *ic = ni->ni_ic;
3613 struct run_tx_data *data;
3614 struct rt2870_txd *txd;
3615 struct rt2860_txwi *txwi;
3618 uint8_t opflags = 0;
3622 RUN_LOCK_ASSERT(sc, MA_OWNED);
3624 KASSERT(params != NULL, ("no raw xmit params"));
3626 rate = params->ibp_rate0;
3627 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3628 /* let caller free mbuf */
3632 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3633 xflags |= RT2860_TX_ACK;
3634 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3635 error = run_sendprot(sc, m, ni,
3636 params->ibp_flags & IEEE80211_BPF_RTS ?
3637 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3640 /* let caller free mbuf */
3643 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3646 if (sc->sc_epq[0].tx_nfree == 0) {
3647 /* let caller free mbuf */
3648 RUN_DPRINTF(sc, RUN_DEBUG_XMIT,
3649 "sending raw frame, but tx ring is full\n");
3652 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3653 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3654 sc->sc_epq[0].tx_nfree--;
3656 txd = (struct rt2870_txd *)&data->desc;
3657 txd->flags = RT2860_TX_QSEL_EDCA;
3658 txwi = (struct rt2860_txwi *)(txd + 1);
3660 txwi->xflags = xflags;
3661 txwi->txop = opflags;
3662 txwi->flags = 0; /* clear leftover garbage bits */
3666 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3667 if (rt2860_rates[ridx].rate == rate)
3671 run_set_tx_desc(sc, data);
3673 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "sending raw frame len=%u rate=%u\n",
3674 m->m_pkthdr.len, rate);
3676 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3678 usbd_transfer_start(sc->sc_xfer[0]);
3684 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3685 const struct ieee80211_bpf_params *params)
3687 struct run_softc *sc = ni->ni_ic->ic_softc;
3692 /* prevent management frames from being sent if we're not ready */
3693 if (!(sc->sc_flags & RUN_RUNNING)) {
3698 if (params == NULL) {
3700 if ((error = run_tx_mgt(sc, m, ni)) != 0) {
3701 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "mgt tx failed\n");
3705 /* tx raw packet with param */
3706 if ((error = run_tx_param(sc, m, ni, params)) != 0) {
3707 RUN_DPRINTF(sc, RUN_DEBUG_XMIT, "tx with param failed\n");
3724 run_transmit(struct ieee80211com *ic, struct mbuf *m)
3726 struct run_softc *sc = ic->ic_softc;
3730 if ((sc->sc_flags & RUN_RUNNING) == 0) {
3734 error = mbufq_enqueue(&sc->sc_snd, m);
3746 run_start(struct run_softc *sc)
3748 struct ieee80211_node *ni;
3751 RUN_LOCK_ASSERT(sc, MA_OWNED);
3753 if ((sc->sc_flags & RUN_RUNNING) == 0)
3756 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
3757 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3758 if (run_tx(sc, m, ni) != 0) {
3759 mbufq_prepend(&sc->sc_snd, m);
3766 run_parent(struct ieee80211com *ic)
3768 struct run_softc *sc = ic->ic_softc;
3772 if (sc->sc_detached) {
3777 if (ic->ic_nrunning > 0) {
3778 if (!(sc->sc_flags & RUN_RUNNING)) {
3780 run_init_locked(sc);
3782 run_update_promisc_locked(sc);
3783 } else if ((sc->sc_flags & RUN_RUNNING) && sc->rvp_cnt <= 1)
3787 ieee80211_start_all(ic);
3791 run_iq_calib(struct run_softc *sc, u_int chan)
3796 run_bbp_write(sc, 158, 0x2c);
3798 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX0_2GHZ, &val, 1);
3799 else if (chan <= 64) {
3801 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH36_TO_CH64_5GHZ,
3803 } else if (chan <= 138) {
3805 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH100_TO_CH138_5GHZ,
3807 } else if (chan <= 165) {
3809 RT5390_EEPROM_IQ_GAIN_CAL_TX0_CH140_TO_CH165_5GHZ,
3813 run_bbp_write(sc, 159, val);
3816 run_bbp_write(sc, 158, 0x2d);
3818 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX0_2GHZ,
3820 } else if (chan <= 64) {
3822 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH36_TO_CH64_5GHZ,
3824 } else if (chan <= 138) {
3826 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH100_TO_CH138_5GHZ,
3828 } else if (chan <= 165) {
3830 RT5390_EEPROM_IQ_PHASE_CAL_TX0_CH140_TO_CH165_5GHZ,
3834 run_bbp_write(sc, 159, val);
3837 run_bbp_write(sc, 158, 0x4a);
3839 run_efuse_read(sc, RT5390_EEPROM_IQ_GAIN_CAL_TX1_2GHZ,
3841 } else if (chan <= 64) {
3843 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH36_TO_CH64_5GHZ,
3845 } else if (chan <= 138) {
3847 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH100_TO_CH138_5GHZ,
3849 } else if (chan <= 165) {
3851 RT5390_EEPROM_IQ_GAIN_CAL_TX1_CH140_TO_CH165_5GHZ,
3855 run_bbp_write(sc, 159, val);
3858 run_bbp_write(sc, 158, 0x4b);
3860 run_efuse_read(sc, RT5390_EEPROM_IQ_PHASE_CAL_TX1_2GHZ,
3862 } else if (chan <= 64) {
3864 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH36_TO_CH64_5GHZ,
3866 } else if (chan <= 138) {
3868 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH100_TO_CH138_5GHZ,
3870 } else if (chan <= 165) {
3872 RT5390_EEPROM_IQ_PHASE_CAL_TX1_CH140_TO_CH165_5GHZ,
3876 run_bbp_write(sc, 159, val);
3878 /* RF IQ compensation control. */
3879 run_bbp_write(sc, 158, 0x04);
3880 run_efuse_read(sc, RT5390_EEPROM_RF_IQ_COMPENSATION_CTL,
3882 run_bbp_write(sc, 159, val);
3884 /* RF IQ imbalance compensation control. */
3885 run_bbp_write(sc, 158, 0x03);
3887 RT5390_EEPROM_RF_IQ_IMBALANCE_COMPENSATION_CTL, &val, 1);
3888 run_bbp_write(sc, 159, val);
3892 run_set_agc(struct run_softc *sc, uint8_t agc)
3896 if (sc->mac_ver == 0x3572) {
3897 run_bbp_read(sc, 27, &bbp);
3899 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3900 run_bbp_write(sc, 66, agc);
3901 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3902 run_bbp_write(sc, 66, agc);
3904 run_bbp_write(sc, 66, agc);
3908 run_select_chan_group(struct run_softc *sc, int group)
3913 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3914 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3915 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3916 if (sc->mac_ver < 0x3572)
3917 run_bbp_write(sc, 86, 0x00);
3919 if (sc->mac_ver == 0x3593) {
3920 run_bbp_write(sc, 77, 0x98);
3921 run_bbp_write(sc, 83, (group == 0) ? 0x8a : 0x9a);
3925 if (sc->ext_2ghz_lna) {
3926 if (sc->mac_ver >= 0x5390)
3927 run_bbp_write(sc, 75, 0x52);
3929 run_bbp_write(sc, 82, 0x62);
3930 run_bbp_write(sc, 75, 0x46);
3933 if (sc->mac_ver == 0x5592) {
3934 run_bbp_write(sc, 79, 0x1c);
3935 run_bbp_write(sc, 80, 0x0e);
3936 run_bbp_write(sc, 81, 0x3a);
3937 run_bbp_write(sc, 82, 0x62);
3939 run_bbp_write(sc, 195, 0x80);
3940 run_bbp_write(sc, 196, 0xe0);
3941 run_bbp_write(sc, 195, 0x81);
3942 run_bbp_write(sc, 196, 0x1f);
3943 run_bbp_write(sc, 195, 0x82);
3944 run_bbp_write(sc, 196, 0x38);
3945 run_bbp_write(sc, 195, 0x83);
3946 run_bbp_write(sc, 196, 0x32);
3947 run_bbp_write(sc, 195, 0x85);
3948 run_bbp_write(sc, 196, 0x28);
3949 run_bbp_write(sc, 195, 0x86);
3950 run_bbp_write(sc, 196, 0x19);
3951 } else if (sc->mac_ver >= 0x5390)
3952 run_bbp_write(sc, 75, 0x50);
3954 run_bbp_write(sc, 82,
3955 (sc->mac_ver == 0x3593) ? 0x62 : 0x84);
3956 run_bbp_write(sc, 75, 0x50);
3960 if (sc->mac_ver == 0x5592) {
3961 run_bbp_write(sc, 79, 0x18);
3962 run_bbp_write(sc, 80, 0x08);
3963 run_bbp_write(sc, 81, 0x38);
3964 run_bbp_write(sc, 82, 0x92);
3966 run_bbp_write(sc, 195, 0x80);
3967 run_bbp_write(sc, 196, 0xf0);
3968 run_bbp_write(sc, 195, 0x81);
3969 run_bbp_write(sc, 196, 0x1e);
3970 run_bbp_write(sc, 195, 0x82);
3971 run_bbp_write(sc, 196, 0x28);
3972 run_bbp_write(sc, 195, 0x83);
3973 run_bbp_write(sc, 196, 0x20);
3974 run_bbp_write(sc, 195, 0x85);
3975 run_bbp_write(sc, 196, 0x7f);
3976 run_bbp_write(sc, 195, 0x86);
3977 run_bbp_write(sc, 196, 0x7f);
3978 } else if (sc->mac_ver == 0x3572)
3979 run_bbp_write(sc, 82, 0x94);
3981 run_bbp_write(sc, 82,
3982 (sc->mac_ver == 0x3593) ? 0x82 : 0xf2);
3983 if (sc->ext_5ghz_lna)
3984 run_bbp_write(sc, 75, 0x46);
3986 run_bbp_write(sc, 75, 0x50);
3989 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
3990 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
3991 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
3992 run_write(sc, RT2860_TX_BAND_CFG, tmp);
3994 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
3995 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
3996 if (sc->mac_ver == 0x3593)
3997 tmp |= 1 << 29 | 1 << 28;
3998 if (sc->nrxchains > 1)
3999 tmp |= RT2860_LNA_PE1_EN;
4000 if (group == 0) { /* 2GHz */
4001 tmp |= RT2860_PA_PE_G0_EN;
4002 if (sc->ntxchains > 1)
4003 tmp |= RT2860_PA_PE_G1_EN;
4004 if (sc->mac_ver == 0x3593) {
4005 if (sc->ntxchains > 2)
4009 tmp |= RT2860_PA_PE_A0_EN;
4010 if (sc->ntxchains > 1)
4011 tmp |= RT2860_PA_PE_A1_EN;
4013 if (sc->mac_ver == 0x3572) {
4014 run_rt3070_rf_write(sc, 8, 0x00);
4015 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4016 run_rt3070_rf_write(sc, 8, 0x80);
4018 run_write(sc, RT2860_TX_PIN_CFG, tmp);
4020 if (sc->mac_ver == 0x5592) {
4021 run_bbp_write(sc, 195, 0x8d);
4022 run_bbp_write(sc, 196, 0x1a);
4025 if (sc->mac_ver == 0x3593) {
4026 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4030 tmp = (tmp & ~0x00009090) | 0x00000090;
4031 run_write(sc, RT2860_GPIO_CTRL, tmp);
4034 /* set initial AGC value */
4035 if (group == 0) { /* 2GHz band */
4036 if (sc->mac_ver >= 0x3070)
4037 agc = 0x1c + sc->lna[0] * 2;
4039 agc = 0x2e + sc->lna[0];
4040 } else { /* 5GHz band */
4041 if (sc->mac_ver == 0x5592)
4042 agc = 0x24 + sc->lna[group] * 2;
4043 else if (sc->mac_ver == 0x3572 || sc->mac_ver == 0x3593)
4044 agc = 0x22 + (sc->lna[group] * 5) / 3;
4046 agc = 0x32 + (sc->lna[group] * 5) / 3;
4048 run_set_agc(sc, agc);
4052 run_rt2870_set_chan(struct run_softc *sc, u_int chan)
4054 const struct rfprog *rfprog = rt2860_rf2850;
4055 uint32_t r2, r3, r4;
4056 int8_t txpow1, txpow2;
4059 /* find the settings for this channel (we know it exists) */
4060 for (i = 0; rfprog[i].chan != chan; i++);
4063 if (sc->ntxchains == 1)
4064 r2 |= 1 << 14; /* 1T: disable Tx chain 2 */
4065 if (sc->nrxchains == 1)
4066 r2 |= 1 << 17 | 1 << 6; /* 1R: disable Rx chains 2 & 3 */
4067 else if (sc->nrxchains == 2)
4068 r2 |= 1 << 6; /* 2R: disable Rx chain 3 */
4070 /* use Tx power values from EEPROM */
4071 txpow1 = sc->txpow1[i];
4072 txpow2 = sc->txpow2[i];
4074 /* Initialize RF R3 and R4. */
4075 r3 = rfprog[i].r3 & 0xffffc1ff;
4076 r4 = (rfprog[i].r4 & ~(0x001f87c0)) | (sc->freq << 15);
4079 txpow1 = (txpow1 > 0xf) ? (0xf) : (txpow1);
4080 r3 |= (txpow1 << 10) | (1 << 9);
4084 /* txpow1 is not possible larger than 15. */
4085 r3 |= (txpow1 << 10);
4088 txpow2 = (txpow2 > 0xf) ? (0xf) : (txpow2);
4089 r4 |= (txpow2 << 7) | (1 << 6);
4092 r4 |= (txpow2 << 7);
4095 /* Set Tx0 power. */
4096 r3 |= (txpow1 << 9);
4098 /* Set frequency offset and Tx1 power. */
4099 r4 |= (txpow2 << 6);
4102 run_rt2870_rf_write(sc, rfprog[i].r1);
4103 run_rt2870_rf_write(sc, r2);
4104 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4105 run_rt2870_rf_write(sc, r4);
4109 run_rt2870_rf_write(sc, rfprog[i].r1);
4110 run_rt2870_rf_write(sc, r2);
4111 run_rt2870_rf_write(sc, r3 | (1 << 2));
4112 run_rt2870_rf_write(sc, r4);
4116 run_rt2870_rf_write(sc, rfprog[i].r1);
4117 run_rt2870_rf_write(sc, r2);
4118 run_rt2870_rf_write(sc, r3 & ~(1 << 2));
4119 run_rt2870_rf_write(sc, r4);
4123 run_rt3070_set_chan(struct run_softc *sc, u_int chan)
4125 int8_t txpow1, txpow2;
4129 /* find the settings for this channel (we know it exists) */
4130 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4132 /* use Tx power values from EEPROM */
4133 txpow1 = sc->txpow1[i];
4134 txpow2 = sc->txpow2[i];
4136 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4138 /* RT3370/RT3390: RF R3 [7:4] is not reserved bits. */
4139 run_rt3070_rf_read(sc, 3, &rf);
4140 rf = (rf & ~0x0f) | rt3070_freqs[i].k;
4141 run_rt3070_rf_write(sc, 3, rf);
4143 run_rt3070_rf_read(sc, 6, &rf);
4144 rf = (rf & ~0x03) | rt3070_freqs[i].r;
4145 run_rt3070_rf_write(sc, 6, rf);
4148 run_rt3070_rf_read(sc, 12, &rf);
4149 rf = (rf & ~0x1f) | txpow1;
4150 run_rt3070_rf_write(sc, 12, rf);
4153 run_rt3070_rf_read(sc, 13, &rf);
4154 rf = (rf & ~0x1f) | txpow2;
4155 run_rt3070_rf_write(sc, 13, rf);
4157 run_rt3070_rf_read(sc, 1, &rf);
4159 if (sc->ntxchains == 1)
4160 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4161 else if (sc->ntxchains == 2)
4162 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4163 if (sc->nrxchains == 1)
4164 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4165 else if (sc->nrxchains == 2)
4166 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4167 run_rt3070_rf_write(sc, 1, rf);
4170 run_rt3070_rf_read(sc, 23, &rf);
4171 rf = (rf & ~0x7f) | sc->freq;
4172 run_rt3070_rf_write(sc, 23, rf);
4174 /* program RF filter */
4175 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
4176 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4177 run_rt3070_rf_write(sc, 24, rf);
4178 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
4179 rf = (rf & ~0x3f) | sc->rf24_20mhz;
4180 run_rt3070_rf_write(sc, 31, rf);
4182 /* enable RF tuning */
4183 run_rt3070_rf_read(sc, 7, &rf);
4184 run_rt3070_rf_write(sc, 7, rf | 0x01);
4188 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
4190 int8_t txpow1, txpow2;
4195 /* find the settings for this channel (we know it exists) */
4196 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4198 /* use Tx power values from EEPROM */
4199 txpow1 = sc->txpow1[i];
4200 txpow2 = sc->txpow2[i];
4203 run_bbp_write(sc, 25, sc->bbp25);
4204 run_bbp_write(sc, 26, sc->bbp26);
4206 /* enable IQ phase correction */
4207 run_bbp_write(sc, 25, 0x09);
4208 run_bbp_write(sc, 26, 0xff);
4211 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
4212 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
4213 run_rt3070_rf_read(sc, 6, &rf);
4214 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
4215 rf |= (chan <= 14) ? 0x08 : 0x04;
4216 run_rt3070_rf_write(sc, 6, rf);
4219 run_rt3070_rf_read(sc, 5, &rf);
4220 rf &= ~(0x08 | 0x04);
4221 rf |= (chan <= 14) ? 0x04 : 0x08;
4222 run_rt3070_rf_write(sc, 5, rf);
4224 /* set Tx power for chain 0 */
4228 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
4229 run_rt3070_rf_write(sc, 12, rf);
4231 /* set Tx power for chain 1 */
4235 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
4236 run_rt3070_rf_write(sc, 13, rf);
4238 /* set Tx/Rx streams */
4239 run_rt3070_rf_read(sc, 1, &rf);
4241 if (sc->ntxchains == 1)
4242 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
4243 else if (sc->ntxchains == 2)
4244 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
4245 if (sc->nrxchains == 1)
4246 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
4247 else if (sc->nrxchains == 2)
4248 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
4249 run_rt3070_rf_write(sc, 1, rf);
4252 run_rt3070_rf_read(sc, 23, &rf);
4253 rf = (rf & ~0x7f) | sc->freq;
4254 run_rt3070_rf_write(sc, 23, rf);
4256 /* program RF filter */
4257 rf = sc->rf24_20mhz;
4258 run_rt3070_rf_write(sc, 24, rf); /* Tx */
4259 run_rt3070_rf_write(sc, 31, rf); /* Rx */
4261 /* enable RF tuning */
4262 run_rt3070_rf_read(sc, 7, &rf);
4263 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
4264 run_rt3070_rf_write(sc, 7, rf);
4267 rf = (chan <= 14) ? 0xc3 : 0xc0;
4268 run_rt3070_rf_write(sc, 9, rf);
4270 /* set loop filter 1 */
4271 run_rt3070_rf_write(sc, 10, 0xf1);
4272 /* set loop filter 2 */
4273 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
4276 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
4279 rf = 0x48 | sc->txmixgain_2ghz;
4281 rf = 0x78 | sc->txmixgain_5ghz;
4282 run_rt3070_rf_write(sc, 16, rf);
4285 run_rt3070_rf_write(sc, 17, 0x23);
4289 else if (chan <= 64)
4291 else if (chan <= 128)
4295 run_rt3070_rf_write(sc, 19, rf);
4300 else if (chan <= 64)
4302 else if (chan <= 128)
4306 run_rt3070_rf_write(sc, 20, rf);
4311 else if (chan <= 64)
4315 run_rt3070_rf_write(sc, 25, rf);
4318 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
4320 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
4322 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
4324 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4328 run_write(sc, RT2860_GPIO_CTRL, tmp);
4330 /* enable RF tuning */
4331 run_rt3070_rf_read(sc, 7, &rf);
4332 run_rt3070_rf_write(sc, 7, rf | 0x01);
4338 run_rt3593_set_chan(struct run_softc *sc, u_int chan)
4340 int8_t txpow1, txpow2, txpow3;
4344 /* find the settings for this channel (we know it exists) */
4345 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4347 /* use Tx power values from EEPROM */
4348 txpow1 = sc->txpow1[i];
4349 txpow2 = sc->txpow2[i];
4350 txpow3 = (sc->ntxchains == 3) ? sc->txpow3[i] : 0;
4353 run_bbp_write(sc, 25, sc->bbp25);
4354 run_bbp_write(sc, 26, sc->bbp26);
4356 /* Enable IQ phase correction. */
4357 run_bbp_write(sc, 25, 0x09);
4358 run_bbp_write(sc, 26, 0xff);
4361 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4362 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4363 run_rt3070_rf_read(sc, 11, &rf);
4364 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4365 run_rt3070_rf_write(sc, 11, rf);
4368 run_rt3070_rf_read(sc, 11, &rf);
4370 rf |= (chan <= 14) ? 0x44 : 0x48;
4371 run_rt3070_rf_write(sc, 11, rf);
4376 rf = 0x40 | ((txpow1 & 0x18) << 1) | (txpow1 & 0x07);
4377 run_rt3070_rf_write(sc, 53, rf);
4382 rf = 0x40 | ((txpow2 & 0x18) << 1) | (txpow2 & 0x07);
4383 run_rt3070_rf_write(sc, 55, rf);
4388 rf = 0x40 | ((txpow3 & 0x18) << 1) | (txpow3 & 0x07);
4389 run_rt3070_rf_write(sc, 54, rf);
4391 rf = RT3070_RF_BLOCK | RT3070_PLL_PD;
4392 if (sc->ntxchains == 3)
4393 rf |= RT3070_TX0_PD | RT3070_TX1_PD | RT3070_TX2_PD;
4395 rf |= RT3070_TX0_PD | RT3070_TX1_PD;
4396 rf |= RT3070_RX0_PD | RT3070_RX1_PD | RT3070_RX2_PD;
4397 run_rt3070_rf_write(sc, 1, rf);
4399 run_adjust_freq_offset(sc);
4401 run_rt3070_rf_write(sc, 31, (chan <= 14) ? 0xa0 : 0x80);
4403 h20mhz = (sc->rf24_20mhz & 0x20) >> 5;
4404 run_rt3070_rf_read(sc, 30, &rf);
4405 rf = (rf & ~0x06) | (h20mhz << 1) | (h20mhz << 2);
4406 run_rt3070_rf_write(sc, 30, rf);
4408 run_rt3070_rf_read(sc, 36, &rf);
4413 run_rt3070_rf_write(sc, 36, rf);
4416 run_rt3070_rf_write(sc, 34, (chan <= 14) ? 0x3c : 0x20);
4417 /* Set pfd_delay. */
4418 run_rt3070_rf_write(sc, 12, (chan <= 14) ? 0x1a : 0x12);
4420 /* Set vco bias current control. */
4421 run_rt3070_rf_read(sc, 6, &rf);
4425 else if (chan <= 128)
4429 run_rt3070_rf_write(sc, 6, rf);
4431 run_rt3070_rf_read(sc, 30, &rf);
4432 rf = (rf & ~0x18) | 0x10;
4433 run_rt3070_rf_write(sc, 30, rf);
4435 run_rt3070_rf_write(sc, 10, (chan <= 14) ? 0xd3 : 0xd8);
4436 run_rt3070_rf_write(sc, 13, (chan <= 14) ? 0x12 : 0x23);
4438 run_rt3070_rf_read(sc, 51, &rf);
4439 rf = (rf & ~0x03) | 0x01;
4440 run_rt3070_rf_write(sc, 51, rf);
4441 /* Set tx_mx1_cc. */
4442 run_rt3070_rf_read(sc, 51, &rf);
4444 rf |= (chan <= 14) ? 0x14 : 0x10;
4445 run_rt3070_rf_write(sc, 51, rf);
4446 /* Set tx_mx1_ic. */
4447 run_rt3070_rf_read(sc, 51, &rf);
4449 rf |= (chan <= 14) ? 0x60 : 0x40;
4450 run_rt3070_rf_write(sc, 51, rf);
4451 /* Set tx_lo1_ic. */
4452 run_rt3070_rf_read(sc, 49, &rf);
4454 rf |= (chan <= 14) ? 0x0c : 0x08;
4455 run_rt3070_rf_write(sc, 49, rf);
4456 /* Set tx_lo1_en. */
4457 run_rt3070_rf_read(sc, 50, &rf);
4458 run_rt3070_rf_write(sc, 50, rf & ~0x20);
4460 run_rt3070_rf_read(sc, 57, &rf);
4462 rf |= (chan <= 14) ? 0x6c : 0x3c;
4463 run_rt3070_rf_write(sc, 57, rf);
4464 /* Set rx_mix1_ic, rxa_lnactr, lna_vc, lna_inbias_en and lna_en. */
4465 run_rt3070_rf_write(sc, 44, (chan <= 14) ? 0x93 : 0x9b);
4466 /* Set drv_gnd_a, tx_vga_cc_a and tx_mx2_gain. */
4467 run_rt3070_rf_write(sc, 52, (chan <= 14) ? 0x45 : 0x05);
4468 /* Enable VCO calibration. */
4469 run_rt3070_rf_read(sc, 3, &rf);
4470 rf &= ~RT5390_VCOCAL;
4471 rf |= (chan <= 14) ? RT5390_VCOCAL : 0xbe;
4472 run_rt3070_rf_write(sc, 3, rf);
4476 else if (chan <= 64)
4478 else if (chan <= 128)
4482 run_rt3070_rf_write(sc, 39, rf);
4485 else if (chan <= 64)
4487 else if (chan <= 128)
4491 run_rt3070_rf_write(sc, 45, rf);
4493 /* Set FEQ/AEQ control. */
4494 run_bbp_write(sc, 105, 0x34);
4498 run_rt5390_set_chan(struct run_softc *sc, u_int chan)
4500 int8_t txpow1, txpow2;
4504 /* find the settings for this channel (we know it exists) */
4505 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
4507 /* use Tx power values from EEPROM */
4508 txpow1 = sc->txpow1[i];
4509 txpow2 = sc->txpow2[i];
4511 run_rt3070_rf_write(sc, 8, rt3070_freqs[i].n);
4512 run_rt3070_rf_write(sc, 9, rt3070_freqs[i].k & 0x0f);
4513 run_rt3070_rf_read(sc, 11, &rf);
4514 rf = (rf & ~0x03) | (rt3070_freqs[i].r & 0x03);
4515 run_rt3070_rf_write(sc, 11, rf);
4517 run_rt3070_rf_read(sc, 49, &rf);
4518 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4519 /* The valid range of the RF R49 is 0x00 to 0x27. */
4520 if ((rf & 0x3f) > 0x27)
4521 rf = (rf & ~0x3f) | 0x27;
4522 run_rt3070_rf_write(sc, 49, rf);
4524 if (sc->mac_ver == 0x5392) {
4525 run_rt3070_rf_read(sc, 50, &rf);
4526 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4527 /* The valid range of the RF R50 is 0x00 to 0x27. */
4528 if ((rf & 0x3f) > 0x27)
4529 rf = (rf & ~0x3f) | 0x27;
4530 run_rt3070_rf_write(sc, 50, rf);
4533 run_rt3070_rf_read(sc, 1, &rf);
4534 rf |= RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD;
4535 if (sc->mac_ver == 0x5392)
4536 rf |= RT3070_RX1_PD | RT3070_TX1_PD;
4537 run_rt3070_rf_write(sc, 1, rf);
4539 if (sc->mac_ver != 0x5392) {
4540 run_rt3070_rf_read(sc, 2, &rf);
4542 run_rt3070_rf_write(sc, 2, rf);
4545 run_rt3070_rf_write(sc, 2, rf);
4548 run_adjust_freq_offset(sc);
4550 if (sc->mac_ver == 0x5392) {
4551 /* Fix for RT5392C. */
4552 if (sc->mac_rev >= 0x0223) {
4555 else if (chan >= 5 && chan <= 7)
4559 run_rt3070_rf_write(sc, 23, rf);
4565 else if (chan >= 6 && chan <= 7)
4567 else if (chan >= 8 && chan <= 10)
4571 run_rt3070_rf_write(sc, 59, rf);
4577 run_rt3070_rf_write(sc, 59, rf);
4580 /* Fix for RT5390F. */
4581 if (sc->mac_rev >= 0x0502) {
4586 run_rt3070_rf_write(sc, 55, rf);
4590 else if (chan == 12)
4594 run_rt3070_rf_write(sc, 59, rf);
4596 run_rt3070_rf_write(sc, 55, 0x44);
4597 run_rt3070_rf_write(sc, 59, 0x8f);
4601 /* Enable VCO calibration. */
4602 run_rt3070_rf_read(sc, 3, &rf);
4603 rf |= RT5390_VCOCAL;
4604 run_rt3070_rf_write(sc, 3, rf);
4608 run_rt5592_set_chan(struct run_softc *sc, u_int chan)
4610 const struct rt5592_freqs *freqs;
4612 uint8_t reg, rf, txpow_bound;
4613 int8_t txpow1, txpow2;
4616 run_read(sc, RT5592_DEBUG_INDEX, &tmp);
4617 freqs = (tmp & RT5592_SEL_XTAL) ?
4618 rt5592_freqs_40mhz : rt5592_freqs_20mhz;
4620 /* find the settings for this channel (we know it exists) */
4621 for (i = 0; rt2860_rf2850[i].chan != chan; i++, freqs++);
4623 /* use Tx power values from EEPROM */
4624 txpow1 = sc->txpow1[i];
4625 txpow2 = sc->txpow2[i];
4627 run_read(sc, RT3070_LDO_CFG0, &tmp);
4631 run_write(sc, RT3070_LDO_CFG0, tmp);
4634 run_rt3070_rf_write(sc, 8, freqs->n & 0xff);
4635 run_rt3070_rf_read(sc, 9, &rf);
4637 rf |= ((freqs->n & 0x0100) >> 8) << 4;
4638 run_rt3070_rf_write(sc, 9, rf);
4641 run_rt3070_rf_read(sc, 9, &rf);
4643 rf |= (freqs->k & 0x0f);
4644 run_rt3070_rf_write(sc, 9, rf);
4647 run_rt3070_rf_read(sc, 11, &rf);
4649 rf |= ((freqs->m - 0x8) & 0x3) << 2;
4650 run_rt3070_rf_write(sc, 11, rf);
4651 run_rt3070_rf_read(sc, 9, &rf);
4653 rf |= (((freqs->m - 0x8) & 0x4) >> 2) << 7;
4654 run_rt3070_rf_write(sc, 9, rf);
4657 run_rt3070_rf_read(sc, 11, &rf);
4659 rf |= (freqs->r - 0x1);
4660 run_rt3070_rf_write(sc, 11, rf);
4663 /* Initialize RF registers for 2GHZ. */
4664 for (i = 0; i < nitems(rt5592_2ghz_def_rf); i++) {
4665 run_rt3070_rf_write(sc, rt5592_2ghz_def_rf[i].reg,
4666 rt5592_2ghz_def_rf[i].val);
4669 rf = (chan <= 10) ? 0x07 : 0x06;
4670 run_rt3070_rf_write(sc, 23, rf);
4671 run_rt3070_rf_write(sc, 59, rf);
4673 run_rt3070_rf_write(sc, 55, 0x43);
4676 * RF R49/R50 Tx power ALC code.
4677 * G-band bit<7:6>=1:0, bit<5:0> range from 0x0 ~ 0x27.
4682 /* Initialize RF registers for 5GHZ. */
4683 for (i = 0; i < nitems(rt5592_5ghz_def_rf); i++) {
4684 run_rt3070_rf_write(sc, rt5592_5ghz_def_rf[i].reg,
4685 rt5592_5ghz_def_rf[i].val);
4687 for (i = 0; i < nitems(rt5592_chan_5ghz); i++) {
4688 if (chan >= rt5592_chan_5ghz[i].firstchan &&
4689 chan <= rt5592_chan_5ghz[i].lastchan) {
4690 run_rt3070_rf_write(sc, rt5592_chan_5ghz[i].reg,
4691 rt5592_chan_5ghz[i].val);
4696 * RF R49/R50 Tx power ALC code.
4697 * A-band bit<7:6>=1:1, bit<5:0> range from 0x0 ~ 0x2b.
4703 /* RF R49 ch0 Tx power ALC code. */
4704 run_rt3070_rf_read(sc, 49, &rf);
4707 rf = (rf & ~0x3f) | (txpow1 & 0x3f);
4708 if ((rf & 0x3f) > txpow_bound)
4709 rf = (rf & ~0x3f) | txpow_bound;
4710 run_rt3070_rf_write(sc, 49, rf);
4712 /* RF R50 ch1 Tx power ALC code. */
4713 run_rt3070_rf_read(sc, 50, &rf);
4714 rf &= ~(1 << 7 | 1 << 6);
4716 rf = (rf & ~0x3f) | (txpow2 & 0x3f);
4717 if ((rf & 0x3f) > txpow_bound)
4718 rf = (rf & ~0x3f) | txpow_bound;
4719 run_rt3070_rf_write(sc, 50, rf);
4721 /* Enable RF_BLOCK, PLL_PD, RX0_PD, and TX0_PD. */
4722 run_rt3070_rf_read(sc, 1, &rf);
4723 rf |= (RT3070_RF_BLOCK | RT3070_PLL_PD | RT3070_RX0_PD | RT3070_TX0_PD);
4724 if (sc->ntxchains > 1)
4725 rf |= RT3070_TX1_PD;
4726 if (sc->nrxchains > 1)
4727 rf |= RT3070_RX1_PD;
4728 run_rt3070_rf_write(sc, 1, rf);
4730 run_rt3070_rf_write(sc, 6, 0xe4);
4732 run_rt3070_rf_write(sc, 30, 0x10);
4733 run_rt3070_rf_write(sc, 31, 0x80);
4734 run_rt3070_rf_write(sc, 32, 0x80);
4736 run_adjust_freq_offset(sc);
4738 /* Enable VCO calibration. */
4739 run_rt3070_rf_read(sc, 3, &rf);
4740 rf |= RT5390_VCOCAL;
4741 run_rt3070_rf_write(sc, 3, rf);
4745 run_set_rx_antenna(struct run_softc *sc, int aux)
4751 if (sc->rf_rev == RT5390_RF_5370) {
4752 run_bbp_read(sc, 152, &bbp152);
4753 run_bbp_write(sc, 152, bbp152 & ~0x80);
4755 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
4756 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4757 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
4760 if (sc->rf_rev == RT5390_RF_5370) {
4761 run_bbp_read(sc, 152, &bbp152);
4762 run_bbp_write(sc, 152, bbp152 | 0x80);
4764 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
4765 run_read(sc, RT2860_GPIO_CTRL, &tmp);
4766 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
4772 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
4774 struct ieee80211com *ic = &sc->sc_ic;
4777 chan = ieee80211_chan2ieee(ic, c);
4778 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
4781 if (sc->mac_ver == 0x5592)
4782 run_rt5592_set_chan(sc, chan);
4783 else if (sc->mac_ver >= 0x5390)
4784 run_rt5390_set_chan(sc, chan);
4785 else if (sc->mac_ver == 0x3593)
4786 run_rt3593_set_chan(sc, chan);
4787 else if (sc->mac_ver == 0x3572)
4788 run_rt3572_set_chan(sc, chan);
4789 else if (sc->mac_ver >= 0x3070)
4790 run_rt3070_set_chan(sc, chan);
4792 run_rt2870_set_chan(sc, chan);
4794 /* determine channel group */
4797 else if (chan <= 64)
4799 else if (chan <= 128)
4804 /* XXX necessary only when group has changed! */
4805 run_select_chan_group(sc, group);
4809 /* Perform IQ calibration. */
4810 if (sc->mac_ver >= 0x5392)
4811 run_iq_calib(sc, chan);
4817 run_set_channel(struct ieee80211com *ic)
4819 struct run_softc *sc = ic->ic_softc;
4822 run_set_chan(sc, ic->ic_curchan);
4829 run_getradiocaps(struct ieee80211com *ic,
4830 int maxchans, int *nchans, struct ieee80211_channel chans[])
4832 struct run_softc *sc = ic->ic_softc;
4833 uint8_t bands[IEEE80211_MODE_BYTES];
4835 memset(bands, 0, sizeof(bands));
4836 setbit(bands, IEEE80211_MODE_11B);
4837 setbit(bands, IEEE80211_MODE_11G);
4838 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans,
4839 run_chan_2ghz, nitems(run_chan_2ghz), bands, 0);
4841 if (sc->rf_rev == RT2860_RF_2750 || sc->rf_rev == RT2860_RF_2850 ||
4842 sc->rf_rev == RT3070_RF_3052 || sc->rf_rev == RT3593_RF_3053 ||
4843 sc->rf_rev == RT5592_RF_5592) {
4844 setbit(bands, IEEE80211_MODE_11A);
4845 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
4846 run_chan_5ghz, nitems(run_chan_5ghz), bands, 0);
4851 run_scan_start(struct ieee80211com *ic)
4853 struct run_softc *sc = ic->ic_softc;
4858 /* abort TSF synchronization */
4859 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4860 run_write(sc, RT2860_BCN_TIME_CFG,
4861 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4862 RT2860_TBTT_TIMER_EN));
4863 run_set_bssid(sc, ieee80211broadcastaddr);
4871 run_scan_end(struct ieee80211com *ic)
4873 struct run_softc *sc = ic->ic_softc;
4877 run_enable_tsf_sync(sc);
4878 run_set_bssid(sc, sc->sc_bssid);
4886 * Could be called from ieee80211_node_timeout()
4887 * (non-sleepable thread)
4890 run_update_beacon(struct ieee80211vap *vap, int item)
4892 struct ieee80211com *ic = vap->iv_ic;
4893 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
4894 struct ieee80211_node *ni = vap->iv_bss;
4895 struct run_softc *sc = ic->ic_softc;
4896 struct run_vap *rvp = RUN_VAP(vap);
4901 case IEEE80211_BEACON_ERP:
4904 case IEEE80211_BEACON_HTINFO:
4907 case IEEE80211_BEACON_TIM:
4914 setbit(bo->bo_flags, item);
4915 if (rvp->beacon_mbuf == NULL) {
4916 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4917 if (rvp->beacon_mbuf == NULL)
4920 ieee80211_beacon_update(ni, rvp->beacon_mbuf, mcast);
4922 i = RUN_CMDQ_GET(&sc->cmdq_store);
4923 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
4924 sc->cmdq[i].func = run_update_beacon_cb;
4925 sc->cmdq[i].arg0 = vap;
4926 ieee80211_runtask(ic, &sc->cmdq_task);
4932 run_update_beacon_cb(void *arg)
4934 struct ieee80211vap *vap = arg;
4935 struct ieee80211_node *ni = vap->iv_bss;
4936 struct run_vap *rvp = RUN_VAP(vap);
4937 struct ieee80211com *ic = vap->iv_ic;
4938 struct run_softc *sc = ic->ic_softc;
4939 struct rt2860_txwi txwi;
4944 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
4946 if (ic->ic_bsschan == IEEE80211_CHAN_ANYC)
4950 * No need to call ieee80211_beacon_update(), run_update_beacon()
4951 * is taking care of appropriate calls.
4953 if (rvp->beacon_mbuf == NULL) {
4954 rvp->beacon_mbuf = ieee80211_beacon_alloc(ni);
4955 if (rvp->beacon_mbuf == NULL)
4958 m = rvp->beacon_mbuf;
4960 memset(&txwi, 0, sizeof(txwi));
4962 txwi.len = htole16(m->m_pkthdr.len);
4964 /* send beacons at the lowest available rate */
4965 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4966 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
4967 txwi.phy = htole16(rt2860_rates[ridx].mcs);
4968 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
4969 txwi.phy |= htole16(RT2860_PHY_OFDM);
4970 txwi.txop = RT2860_TX_TXOP_HT;
4971 txwi.flags = RT2860_TX_TS;
4972 txwi.xflags = RT2860_TX_NSEQ;
4974 txwisize = (sc->mac_ver == 0x5592) ?
4975 sizeof(txwi) + sizeof(uint32_t) : sizeof(txwi);
4976 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id), (uint8_t *)&txwi,
4978 run_write_region_1(sc, RT2860_BCN_BASE(rvp->rvp_id) + txwisize,
4979 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1);
4983 run_updateprot(struct ieee80211com *ic)
4985 struct run_softc *sc = ic->ic_softc;
4988 i = RUN_CMDQ_GET(&sc->cmdq_store);
4989 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
4990 sc->cmdq[i].func = run_updateprot_cb;
4991 sc->cmdq[i].arg0 = ic;
4992 ieee80211_runtask(ic, &sc->cmdq_task);
4996 run_updateprot_cb(void *arg)
4998 struct ieee80211com *ic = arg;
4999 struct run_softc *sc = ic->ic_softc;
5002 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
5003 /* setup protection frame rate (MCS code) */
5004 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
5005 rt2860_rates[RT2860_RIDX_OFDM6].mcs | RT2860_PHY_OFDM :
5006 rt2860_rates[RT2860_RIDX_CCK11].mcs;
5008 /* CCK frames don't require protection */
5009 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
5010 if (ic->ic_flags & IEEE80211_F_USEPROT) {
5011 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
5012 tmp |= RT2860_PROT_CTRL_RTS_CTS;
5013 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
5014 tmp |= RT2860_PROT_CTRL_CTS;
5016 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
5020 run_usb_timeout_cb(void *arg)
5022 struct ieee80211vap *vap = arg;
5023 struct run_softc *sc = vap->iv_ic->ic_softc;
5025 RUN_LOCK_ASSERT(sc, MA_OWNED);
5027 if(vap->iv_state == IEEE80211_S_RUN &&
5028 vap->iv_opmode != IEEE80211_M_STA)
5029 run_reset_livelock(sc);
5030 else if (vap->iv_state == IEEE80211_S_SCAN) {
5031 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5032 "timeout caused by scan\n");
5034 ieee80211_cancel_scan(vap);
5036 RUN_DPRINTF(sc, RUN_DEBUG_USB | RUN_DEBUG_STATE,
5037 "timeout by unknown cause\n");
5041 run_reset_livelock(struct run_softc *sc)
5045 RUN_LOCK_ASSERT(sc, MA_OWNED);
5048 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
5049 * can run into a livelock and start sending CTS-to-self frames like
5050 * crazy if protection is enabled. Reset MAC/BBP for a while
5052 run_read(sc, RT2860_DEBUG, &tmp);
5053 RUN_DPRINTF(sc, RUN_DEBUG_RESET, "debug reg %08x\n", tmp);
5054 if ((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))) {
5055 RUN_DPRINTF(sc, RUN_DEBUG_RESET,
5056 "CTS-to-self livelock detected\n");
5057 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
5059 run_write(sc, RT2860_MAC_SYS_CTRL,
5060 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5065 run_update_promisc_locked(struct run_softc *sc)
5069 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
5071 tmp |= RT2860_DROP_UC_NOME;
5072 if (sc->sc_ic.ic_promisc > 0)
5073 tmp &= ~RT2860_DROP_UC_NOME;
5075 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5077 RUN_DPRINTF(sc, RUN_DEBUG_RECV, "%s promiscuous mode\n",
5078 (sc->sc_ic.ic_promisc > 0) ? "entering" : "leaving");
5082 run_update_promisc(struct ieee80211com *ic)
5084 struct run_softc *sc = ic->ic_softc;
5086 if ((sc->sc_flags & RUN_RUNNING) == 0)
5090 run_update_promisc_locked(sc);
5095 run_enable_tsf_sync(struct run_softc *sc)
5097 struct ieee80211com *ic = &sc->sc_ic;
5098 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5101 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "rvp_id=%d ic_opmode=%d\n",
5102 RUN_VAP(vap)->rvp_id, ic->ic_opmode);
5104 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
5106 tmp |= vap->iv_bss->ni_intval * 16;
5107 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
5109 if (ic->ic_opmode == IEEE80211_M_STA) {
5111 * Local TSF is always updated with remote TSF on beacon
5114 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
5115 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
5116 tmp |= RT2860_BCN_TX_EN;
5118 * Local TSF is updated with remote TSF on beacon reception
5119 * only if the remote TSF is greater than local TSF.
5121 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
5122 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
5123 ic->ic_opmode == IEEE80211_M_MBSS) {
5124 tmp |= RT2860_BCN_TX_EN;
5125 /* SYNC with nobody */
5126 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
5128 RUN_DPRINTF(sc, RUN_DEBUG_BEACON,
5129 "Enabling TSF failed. undefined opmode\n");
5133 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5137 run_enable_tsf(struct run_softc *sc)
5141 if (run_read(sc, RT2860_BCN_TIME_CFG, &tmp) == 0) {
5142 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TBTT_TIMER_EN);
5143 tmp |= RT2860_TSF_TIMER_EN;
5144 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
5149 run_get_tsf(struct run_softc *sc, uint64_t *buf)
5151 run_read_region_1(sc, RT2860_TSF_TIMER_DW0, (uint8_t *)buf,
5156 run_enable_mrr(struct run_softc *sc)
5158 #define CCK(mcs) (mcs)
5159 #define OFDM(mcs) (1 << 3 | (mcs))
5160 run_write(sc, RT2860_LG_FBK_CFG0,
5161 OFDM(6) << 28 | /* 54->48 */
5162 OFDM(5) << 24 | /* 48->36 */
5163 OFDM(4) << 20 | /* 36->24 */
5164 OFDM(3) << 16 | /* 24->18 */
5165 OFDM(2) << 12 | /* 18->12 */
5166 OFDM(1) << 8 | /* 12-> 9 */
5167 OFDM(0) << 4 | /* 9-> 6 */
5168 OFDM(0)); /* 6-> 6 */
5170 run_write(sc, RT2860_LG_FBK_CFG1,
5171 CCK(2) << 12 | /* 11->5.5 */
5172 CCK(1) << 8 | /* 5.5-> 2 */
5173 CCK(0) << 4 | /* 2-> 1 */
5174 CCK(0)); /* 1-> 1 */
5180 run_set_txpreamble(struct run_softc *sc)
5182 struct ieee80211com *ic = &sc->sc_ic;
5185 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
5186 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
5187 tmp |= RT2860_CCK_SHORT_EN;
5189 tmp &= ~RT2860_CCK_SHORT_EN;
5190 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
5194 run_set_basicrates(struct run_softc *sc)
5196 struct ieee80211com *ic = &sc->sc_ic;
5198 /* set basic rates mask */
5199 if (ic->ic_curmode == IEEE80211_MODE_11B)
5200 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
5201 else if (ic->ic_curmode == IEEE80211_MODE_11A)
5202 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
5204 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
5208 run_set_leds(struct run_softc *sc, uint16_t which)
5210 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
5211 which | (sc->leds & 0x7f));
5215 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
5217 run_write(sc, RT2860_MAC_BSSID_DW0,
5218 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
5219 run_write(sc, RT2860_MAC_BSSID_DW1,
5220 bssid[4] | bssid[5] << 8);
5224 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
5226 run_write(sc, RT2860_MAC_ADDR_DW0,
5227 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
5228 run_write(sc, RT2860_MAC_ADDR_DW1,
5229 addr[4] | addr[5] << 8 | 0xff << 16);
5233 run_updateslot(struct ieee80211com *ic)
5235 struct run_softc *sc = ic->ic_softc;
5238 i = RUN_CMDQ_GET(&sc->cmdq_store);
5239 RUN_DPRINTF(sc, RUN_DEBUG_BEACON, "cmdq_store=%d\n", i);
5240 sc->cmdq[i].func = run_updateslot_cb;
5241 sc->cmdq[i].arg0 = ic;
5242 ieee80211_runtask(ic, &sc->cmdq_task);
5249 run_updateslot_cb(void *arg)
5251 struct ieee80211com *ic = arg;
5252 struct run_softc *sc = ic->ic_softc;
5255 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
5257 tmp |= IEEE80211_GET_SLOTTIME(ic);
5258 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
5262 run_update_mcast(struct ieee80211com *ic)
5267 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
5269 struct ieee80211com *ic = &sc->sc_ic;
5270 struct ieee80211_channel *c = ic->ic_curchan;
5273 if (IEEE80211_IS_CHAN_5GHZ(c)) {
5274 u_int chan = ieee80211_chan2ieee(ic, c);
5275 delta = sc->rssi_5ghz[rxchain];
5277 /* determine channel group */
5279 delta -= sc->lna[1];
5280 else if (chan <= 128)
5281 delta -= sc->lna[2];
5283 delta -= sc->lna[3];
5285 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
5287 return (-12 - delta - rssi);
5291 run_rt5390_bbp_init(struct run_softc *sc)
5296 /* Apply maximum likelihood detection for 2 stream case. */
5297 run_bbp_read(sc, 105, &bbp);
5298 if (sc->nrxchains > 1)
5299 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5301 /* Avoid data lost and CRC error. */
5302 run_bbp_read(sc, 4, &bbp);
5303 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5305 if (sc->mac_ver == 0x5592) {
5306 for (i = 0; i < nitems(rt5592_def_bbp); i++) {
5307 run_bbp_write(sc, rt5592_def_bbp[i].reg,
5308 rt5592_def_bbp[i].val);
5310 for (i = 0; i < nitems(rt5592_bbp_r196); i++) {
5311 run_bbp_write(sc, 195, i + 0x80);
5312 run_bbp_write(sc, 196, rt5592_bbp_r196[i]);
5315 for (i = 0; i < nitems(rt5390_def_bbp); i++) {
5316 run_bbp_write(sc, rt5390_def_bbp[i].reg,
5317 rt5390_def_bbp[i].val);
5320 if (sc->mac_ver == 0x5392) {
5321 run_bbp_write(sc, 88, 0x90);
5322 run_bbp_write(sc, 95, 0x9a);
5323 run_bbp_write(sc, 98, 0x12);
5324 run_bbp_write(sc, 106, 0x12);
5325 run_bbp_write(sc, 134, 0xd0);
5326 run_bbp_write(sc, 135, 0xf6);
5327 run_bbp_write(sc, 148, 0x84);
5330 run_bbp_read(sc, 152, &bbp);
5331 run_bbp_write(sc, 152, bbp | 0x80);
5333 /* Fix BBP254 for RT5592C. */
5334 if (sc->mac_ver == 0x5592 && sc->mac_rev >= 0x0221) {
5335 run_bbp_read(sc, 254, &bbp);
5336 run_bbp_write(sc, 254, bbp | 0x80);
5339 /* Disable hardware antenna diversity. */
5340 if (sc->mac_ver == 0x5390)
5341 run_bbp_write(sc, 154, 0);
5343 /* Initialize Rx CCK/OFDM frequency offset report. */
5344 run_bbp_write(sc, 142, 1);
5345 run_bbp_write(sc, 143, 57);
5349 run_bbp_init(struct run_softc *sc)
5351 int i, error, ntries;
5354 /* wait for BBP to wake up */
5355 for (ntries = 0; ntries < 20; ntries++) {
5356 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
5358 if (bbp0 != 0 && bbp0 != 0xff)
5364 /* initialize BBP registers to default values */
5365 if (sc->mac_ver >= 0x5390)
5366 run_rt5390_bbp_init(sc);
5368 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
5369 run_bbp_write(sc, rt2860_def_bbp[i].reg,
5370 rt2860_def_bbp[i].val);
5374 if (sc->mac_ver == 0x3593) {
5375 run_bbp_write(sc, 79, 0x13);
5376 run_bbp_write(sc, 80, 0x05);
5377 run_bbp_write(sc, 81, 0x33);
5378 run_bbp_write(sc, 86, 0x46);
5379 run_bbp_write(sc, 137, 0x0f);
5382 /* fix BBP84 for RT2860E */
5383 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
5384 run_bbp_write(sc, 84, 0x19);
5386 if (sc->mac_ver >= 0x3070 && (sc->mac_ver != 0x3593 &&
5387 sc->mac_ver != 0x5592)) {
5388 run_bbp_write(sc, 79, 0x13);
5389 run_bbp_write(sc, 80, 0x05);
5390 run_bbp_write(sc, 81, 0x33);
5391 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
5392 run_bbp_write(sc, 69, 0x16);
5393 run_bbp_write(sc, 73, 0x12);
5399 run_rt3070_rf_init(struct run_softc *sc)
5402 uint8_t bbp4, mingain, rf, target;
5405 run_rt3070_rf_read(sc, 30, &rf);
5406 /* toggle RF R30 bit 7 */
5407 run_rt3070_rf_write(sc, 30, rf | 0x80);
5409 run_rt3070_rf_write(sc, 30, rf & ~0x80);
5411 /* initialize RF registers to default value */
5412 if (sc->mac_ver == 0x3572) {
5413 for (i = 0; i < nitems(rt3572_def_rf); i++) {
5414 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
5415 rt3572_def_rf[i].val);
5418 for (i = 0; i < nitems(rt3070_def_rf); i++) {
5419 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
5420 rt3070_def_rf[i].val);
5424 if (sc->mac_ver == 0x3070 && sc->mac_rev < 0x0201) {
5426 * Change voltage from 1.2V to 1.35V for RT3070.
5427 * The DAC issue (RT3070_LDO_CFG0) has been fixed
5430 run_read(sc, RT3070_LDO_CFG0, &tmp);
5431 tmp = (tmp & ~0x0f000000) | 0x0d000000;
5432 run_write(sc, RT3070_LDO_CFG0, tmp);
5434 } else if (sc->mac_ver == 0x3071) {
5435 run_rt3070_rf_read(sc, 6, &rf);
5436 run_rt3070_rf_write(sc, 6, rf | 0x40);
5437 run_rt3070_rf_write(sc, 31, 0x14);
5439 run_read(sc, RT3070_LDO_CFG0, &tmp);
5441 if (sc->mac_rev < 0x0211)
5442 tmp |= 0x0d000000; /* 1.3V */
5444 tmp |= 0x01000000; /* 1.2V */
5445 run_write(sc, RT3070_LDO_CFG0, tmp);
5447 /* patch LNA_PE_G1 */
5448 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5449 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
5451 } else if (sc->mac_ver == 0x3572) {
5452 run_rt3070_rf_read(sc, 6, &rf);
5453 run_rt3070_rf_write(sc, 6, rf | 0x40);
5455 /* increase voltage from 1.2V to 1.35V */
5456 run_read(sc, RT3070_LDO_CFG0, &tmp);
5457 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5458 run_write(sc, RT3070_LDO_CFG0, tmp);
5460 if (sc->mac_rev < 0x0211 || !sc->patch_dac) {
5461 run_delay(sc, 1); /* wait for 1msec */
5462 /* decrease voltage back to 1.2V */
5463 tmp = (tmp & ~0x1f000000) | 0x01000000;
5464 run_write(sc, RT3070_LDO_CFG0, tmp);
5468 /* select 20MHz bandwidth */
5469 run_rt3070_rf_read(sc, 31, &rf);
5470 run_rt3070_rf_write(sc, 31, rf & ~0x20);
5472 /* calibrate filter for 20MHz bandwidth */
5473 sc->rf24_20mhz = 0x1f; /* default value */
5474 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
5475 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
5477 /* select 40MHz bandwidth */
5478 run_bbp_read(sc, 4, &bbp4);
5479 run_bbp_write(sc, 4, (bbp4 & ~0x18) | 0x10);
5480 run_rt3070_rf_read(sc, 31, &rf);
5481 run_rt3070_rf_write(sc, 31, rf | 0x20);
5483 /* calibrate filter for 40MHz bandwidth */
5484 sc->rf24_40mhz = 0x2f; /* default value */
5485 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
5486 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
5488 /* go back to 20MHz bandwidth */
5489 run_bbp_read(sc, 4, &bbp4);
5490 run_bbp_write(sc, 4, bbp4 & ~0x18);
5492 if (sc->mac_ver == 0x3572) {
5493 /* save default BBP registers 25 and 26 values */
5494 run_bbp_read(sc, 25, &sc->bbp25);
5495 run_bbp_read(sc, 26, &sc->bbp26);
5496 } else if (sc->mac_rev < 0x0201 || sc->mac_rev < 0x0211)
5497 run_rt3070_rf_write(sc, 27, 0x03);
5499 run_read(sc, RT3070_OPT_14, &tmp);
5500 run_write(sc, RT3070_OPT_14, tmp | 1);
5502 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5503 run_rt3070_rf_read(sc, 17, &rf);
5504 rf &= ~RT3070_TX_LO1;
5505 if ((sc->mac_ver == 0x3070 ||
5506 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
5508 rf |= 0x20; /* fix for long range Rx issue */
5509 mingain = (sc->mac_ver == 0x3070) ? 1 : 2;
5510 if (sc->txmixgain_2ghz >= mingain)
5511 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
5512 run_rt3070_rf_write(sc, 17, rf);
5515 if (sc->mac_ver == 0x3071) {
5516 run_rt3070_rf_read(sc, 1, &rf);
5517 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
5518 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
5519 run_rt3070_rf_write(sc, 1, rf);
5521 run_rt3070_rf_read(sc, 15, &rf);
5522 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
5524 run_rt3070_rf_read(sc, 20, &rf);
5525 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
5527 run_rt3070_rf_read(sc, 21, &rf);
5528 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
5531 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
5532 /* fix Tx to Rx IQ glitch by raising RF voltage */
5533 run_rt3070_rf_read(sc, 27, &rf);
5535 if (sc->mac_rev < 0x0211)
5537 run_rt3070_rf_write(sc, 27, rf);
5543 run_rt3593_rf_init(struct run_softc *sc)
5549 /* Disable the GPIO bits 4 and 7 for LNA PE control. */
5550 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
5551 tmp &= ~(1 << 4 | 1 << 7);
5552 run_write(sc, RT3070_GPIO_SWITCH, tmp);
5554 /* Initialize RF registers to default value. */
5555 for (i = 0; i < nitems(rt3593_def_rf); i++) {
5556 run_rt3070_rf_write(sc, rt3593_def_rf[i].reg,
5557 rt3593_def_rf[i].val);
5560 /* Toggle RF R2 to initiate calibration. */
5561 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5563 /* Initialize RF frequency offset. */
5564 run_adjust_freq_offset(sc);
5566 run_rt3070_rf_read(sc, 18, &rf);
5567 run_rt3070_rf_write(sc, 18, rf | RT3593_AUTOTUNE_BYPASS);
5570 * Increase voltage from 1.2V to 1.35V, wait for 1 msec to
5571 * decrease voltage back to 1.2V.
5573 run_read(sc, RT3070_LDO_CFG0, &tmp);
5574 tmp = (tmp & ~0x1f000000) | 0x0d000000;
5575 run_write(sc, RT3070_LDO_CFG0, tmp);
5577 tmp = (tmp & ~0x1f000000) | 0x01000000;
5578 run_write(sc, RT3070_LDO_CFG0, tmp);
5580 sc->rf24_20mhz = 0x1f;
5581 sc->rf24_40mhz = 0x2f;
5583 /* Save default BBP registers 25 and 26 values. */
5584 run_bbp_read(sc, 25, &sc->bbp25);
5585 run_bbp_read(sc, 26, &sc->bbp26);
5587 run_read(sc, RT3070_OPT_14, &tmp);
5588 run_write(sc, RT3070_OPT_14, tmp | 1);
5592 run_rt5390_rf_init(struct run_softc *sc)
5598 /* Toggle RF R2 to initiate calibration. */
5599 if (sc->mac_ver == 0x5390) {
5600 run_rt3070_rf_read(sc, 2, &rf);
5601 run_rt3070_rf_write(sc, 2, rf | RT5390_RESCAL);
5603 run_rt3070_rf_write(sc, 2, rf & ~RT5390_RESCAL);
5605 run_rt3070_rf_write(sc, 2, RT5390_RESCAL);
5609 /* Initialize RF registers to default value. */
5610 if (sc->mac_ver == 0x5592) {
5611 for (i = 0; i < nitems(rt5592_def_rf); i++) {
5612 run_rt3070_rf_write(sc, rt5592_def_rf[i].reg,
5613 rt5592_def_rf[i].val);
5615 /* Initialize RF frequency offset. */
5616 run_adjust_freq_offset(sc);
5617 } else if (sc->mac_ver == 0x5392) {
5618 for (i = 0; i < nitems(rt5392_def_rf); i++) {
5619 run_rt3070_rf_write(sc, rt5392_def_rf[i].reg,
5620 rt5392_def_rf[i].val);
5622 if (sc->mac_rev >= 0x0223) {
5623 run_rt3070_rf_write(sc, 23, 0x0f);
5624 run_rt3070_rf_write(sc, 24, 0x3e);
5625 run_rt3070_rf_write(sc, 51, 0x32);
5626 run_rt3070_rf_write(sc, 53, 0x22);
5627 run_rt3070_rf_write(sc, 56, 0xc1);
5628 run_rt3070_rf_write(sc, 59, 0x0f);
5631 for (i = 0; i < nitems(rt5390_def_rf); i++) {
5632 run_rt3070_rf_write(sc, rt5390_def_rf[i].reg,
5633 rt5390_def_rf[i].val);
5635 if (sc->mac_rev >= 0x0502) {
5636 run_rt3070_rf_write(sc, 6, 0xe0);
5637 run_rt3070_rf_write(sc, 25, 0x80);
5638 run_rt3070_rf_write(sc, 46, 0x73);
5639 run_rt3070_rf_write(sc, 53, 0x00);
5640 run_rt3070_rf_write(sc, 56, 0x42);
5641 run_rt3070_rf_write(sc, 61, 0xd1);
5645 sc->rf24_20mhz = 0x1f; /* default value */
5646 sc->rf24_40mhz = (sc->mac_ver == 0x5592) ? 0 : 0x2f;
5648 if (sc->mac_rev < 0x0211)
5649 run_rt3070_rf_write(sc, 27, 0x3);
5651 run_read(sc, RT3070_OPT_14, &tmp);
5652 run_write(sc, RT3070_OPT_14, tmp | 1);
5656 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
5660 uint8_t bbp55_pb, bbp55_sb, delta;
5663 /* program filter */
5664 run_rt3070_rf_read(sc, 24, &rf24);
5665 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
5666 run_rt3070_rf_write(sc, 24, rf24);
5668 /* enable baseband loopback mode */
5669 run_rt3070_rf_read(sc, 22, &rf22);
5670 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
5672 /* set power and frequency of passband test tone */
5673 run_bbp_write(sc, 24, 0x00);
5674 for (ntries = 0; ntries < 100; ntries++) {
5675 /* transmit test tone */
5676 run_bbp_write(sc, 25, 0x90);
5678 /* read received power */
5679 run_bbp_read(sc, 55, &bbp55_pb);
5686 /* set power and frequency of stopband test tone */
5687 run_bbp_write(sc, 24, 0x06);
5688 for (ntries = 0; ntries < 100; ntries++) {
5689 /* transmit test tone */
5690 run_bbp_write(sc, 25, 0x90);
5692 /* read received power */
5693 run_bbp_read(sc, 55, &bbp55_sb);
5695 delta = bbp55_pb - bbp55_sb;
5699 /* reprogram filter */
5701 run_rt3070_rf_write(sc, 24, rf24);
5705 rf24--; /* backtrack */
5707 run_rt3070_rf_write(sc, 24, rf24);
5710 /* restore initial state */
5711 run_bbp_write(sc, 24, 0x00);
5713 /* disable baseband loopback mode */
5714 run_rt3070_rf_read(sc, 22, &rf22);
5715 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
5721 run_rt3070_rf_setup(struct run_softc *sc)
5726 if (sc->mac_ver == 0x3572) {
5727 /* enable DC filter */
5728 if (sc->mac_rev >= 0x0201)
5729 run_bbp_write(sc, 103, 0xc0);
5731 run_bbp_read(sc, 138, &bbp);
5732 if (sc->ntxchains == 1)
5733 bbp |= 0x20; /* turn off DAC1 */
5734 if (sc->nrxchains == 1)
5735 bbp &= ~0x02; /* turn off ADC1 */
5736 run_bbp_write(sc, 138, bbp);
5738 if (sc->mac_rev >= 0x0211) {
5739 /* improve power consumption */
5740 run_bbp_read(sc, 31, &bbp);
5741 run_bbp_write(sc, 31, bbp & ~0x03);
5744 run_rt3070_rf_read(sc, 16, &rf);
5745 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
5746 run_rt3070_rf_write(sc, 16, rf);
5748 } else if (sc->mac_ver == 0x3071) {
5749 if (sc->mac_rev >= 0x0211) {
5750 /* enable DC filter */
5751 run_bbp_write(sc, 103, 0xc0);
5753 /* improve power consumption */
5754 run_bbp_read(sc, 31, &bbp);
5755 run_bbp_write(sc, 31, bbp & ~0x03);
5758 run_bbp_read(sc, 138, &bbp);
5759 if (sc->ntxchains == 1)
5760 bbp |= 0x20; /* turn off DAC1 */
5761 if (sc->nrxchains == 1)
5762 bbp &= ~0x02; /* turn off ADC1 */
5763 run_bbp_write(sc, 138, bbp);
5765 run_write(sc, RT2860_TX_SW_CFG1, 0);
5766 if (sc->mac_rev < 0x0211) {
5767 run_write(sc, RT2860_TX_SW_CFG2,
5768 sc->patch_dac ? 0x2c : 0x0f);
5770 run_write(sc, RT2860_TX_SW_CFG2, 0);
5772 } else if (sc->mac_ver == 0x3070) {
5773 if (sc->mac_rev >= 0x0201) {
5774 /* enable DC filter */
5775 run_bbp_write(sc, 103, 0xc0);
5777 /* improve power consumption */
5778 run_bbp_read(sc, 31, &bbp);
5779 run_bbp_write(sc, 31, bbp & ~0x03);
5782 if (sc->mac_rev < 0x0201) {
5783 run_write(sc, RT2860_TX_SW_CFG1, 0);
5784 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
5786 run_write(sc, RT2860_TX_SW_CFG2, 0);
5789 /* initialize RF registers from ROM for >=RT3071*/
5790 if (sc->mac_ver >= 0x3071) {
5791 for (i = 0; i < 10; i++) {
5792 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
5794 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
5800 run_rt3593_rf_setup(struct run_softc *sc)
5804 if (sc->mac_rev >= 0x0211) {
5805 /* Enable DC filter. */
5806 run_bbp_write(sc, 103, 0xc0);
5808 run_write(sc, RT2860_TX_SW_CFG1, 0);
5809 if (sc->mac_rev < 0x0211) {
5810 run_write(sc, RT2860_TX_SW_CFG2,
5811 sc->patch_dac ? 0x2c : 0x0f);
5813 run_write(sc, RT2860_TX_SW_CFG2, 0);
5815 run_rt3070_rf_read(sc, 50, &rf);
5816 run_rt3070_rf_write(sc, 50, rf & ~RT3593_TX_LO2);
5818 run_rt3070_rf_read(sc, 51, &rf);
5819 rf = (rf & ~(RT3593_TX_LO1 | 0x0c)) |
5820 ((sc->txmixgain_2ghz & 0x07) << 2);
5821 run_rt3070_rf_write(sc, 51, rf);
5823 run_rt3070_rf_read(sc, 38, &rf);
5824 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5826 run_rt3070_rf_read(sc, 39, &rf);
5827 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5829 run_rt3070_rf_read(sc, 1, &rf);
5830 run_rt3070_rf_write(sc, 1, rf & ~(RT3070_RF_BLOCK | RT3070_PLL_PD));
5832 run_rt3070_rf_read(sc, 30, &rf);
5833 rf = (rf & ~0x18) | 0x10;
5834 run_rt3070_rf_write(sc, 30, rf);
5836 /* Apply maximum likelihood detection for 2 stream case. */
5837 run_bbp_read(sc, 105, &bbp);
5838 if (sc->nrxchains > 1)
5839 run_bbp_write(sc, 105, bbp | RT5390_MLD);
5841 /* Avoid data lost and CRC error. */
5842 run_bbp_read(sc, 4, &bbp);
5843 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5845 run_bbp_write(sc, 92, 0x02);
5846 run_bbp_write(sc, 82, 0x82);
5847 run_bbp_write(sc, 106, 0x05);
5848 run_bbp_write(sc, 104, 0x92);
5849 run_bbp_write(sc, 88, 0x90);
5850 run_bbp_write(sc, 148, 0xc8);
5851 run_bbp_write(sc, 47, 0x48);
5852 run_bbp_write(sc, 120, 0x50);
5854 run_bbp_write(sc, 163, 0x9d);
5857 run_bbp_write(sc, 142, 0x06);
5858 run_bbp_write(sc, 143, 0xa0);
5859 run_bbp_write(sc, 142, 0x07);
5860 run_bbp_write(sc, 143, 0xa1);
5861 run_bbp_write(sc, 142, 0x08);
5862 run_bbp_write(sc, 143, 0xa2);
5864 run_bbp_write(sc, 31, 0x08);
5865 run_bbp_write(sc, 68, 0x0b);
5866 run_bbp_write(sc, 105, 0x04);
5870 run_rt5390_rf_setup(struct run_softc *sc)
5874 if (sc->mac_rev >= 0x0211) {
5875 /* Enable DC filter. */
5876 run_bbp_write(sc, 103, 0xc0);
5878 if (sc->mac_ver != 0x5592) {
5879 /* Improve power consumption. */
5880 run_bbp_read(sc, 31, &bbp);
5881 run_bbp_write(sc, 31, bbp & ~0x03);
5885 run_bbp_read(sc, 138, &bbp);
5886 if (sc->ntxchains == 1)
5887 bbp |= 0x20; /* turn off DAC1 */
5888 if (sc->nrxchains == 1)
5889 bbp &= ~0x02; /* turn off ADC1 */
5890 run_bbp_write(sc, 138, bbp);
5892 run_rt3070_rf_read(sc, 38, &rf);
5893 run_rt3070_rf_write(sc, 38, rf & ~RT5390_RX_LO1);
5895 run_rt3070_rf_read(sc, 39, &rf);
5896 run_rt3070_rf_write(sc, 39, rf & ~RT5390_RX_LO2);
5898 /* Avoid data lost and CRC error. */
5899 run_bbp_read(sc, 4, &bbp);
5900 run_bbp_write(sc, 4, bbp | RT5390_MAC_IF_CTRL);
5902 run_rt3070_rf_read(sc, 30, &rf);
5903 rf = (rf & ~0x18) | 0x10;
5904 run_rt3070_rf_write(sc, 30, rf);
5906 if (sc->mac_ver != 0x5592) {
5907 run_write(sc, RT2860_TX_SW_CFG1, 0);
5908 if (sc->mac_rev < 0x0211) {
5909 run_write(sc, RT2860_TX_SW_CFG2,
5910 sc->patch_dac ? 0x2c : 0x0f);
5912 run_write(sc, RT2860_TX_SW_CFG2, 0);
5917 run_txrx_enable(struct run_softc *sc)
5919 struct ieee80211com *ic = &sc->sc_ic;
5923 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
5924 for (ntries = 0; ntries < 200; ntries++) {
5925 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
5927 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
5936 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
5937 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
5939 /* enable Rx bulk aggregation (set timeout and limit) */
5940 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
5941 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
5942 run_write(sc, RT2860_USB_DMA_CFG, tmp);
5945 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
5946 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
5947 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
5948 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
5949 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
5950 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
5951 if (ic->ic_opmode == IEEE80211_M_STA)
5952 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
5954 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
5956 run_write(sc, RT2860_MAC_SYS_CTRL,
5957 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
5963 run_adjust_freq_offset(struct run_softc *sc)
5967 run_rt3070_rf_read(sc, 17, &rf);
5969 rf = (rf & ~0x7f) | (sc->freq & 0x7f);
5973 run_mcu_cmd(sc, 0x74, (tmp << 8 ) | rf);
5977 run_init_locked(struct run_softc *sc)
5979 struct ieee80211com *ic = &sc->sc_ic;
5980 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5987 if (ic->ic_nrunning > 1)
5992 if (run_load_microcode(sc) != 0) {
5993 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
5997 for (ntries = 0; ntries < 100; ntries++) {
5998 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
6000 if (tmp != 0 && tmp != 0xffffffff)
6007 for (i = 0; i != RUN_EP_QUEUES; i++)
6008 run_setup_tx_list(sc, &sc->sc_epq[i]);
6010 run_set_macaddr(sc, vap ? vap->iv_myaddr : ic->ic_macaddr);
6012 for (ntries = 0; ntries < 100; ntries++) {
6013 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6015 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6019 if (ntries == 100) {
6020 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6024 tmp |= RT2860_TX_WB_DDONE;
6025 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6027 /* turn off PME_OEN to solve high-current issue */
6028 run_read(sc, RT2860_SYS_CTRL, &tmp);
6029 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
6031 run_write(sc, RT2860_MAC_SYS_CTRL,
6032 RT2860_BBP_HRST | RT2860_MAC_SRST);
6033 run_write(sc, RT2860_USB_DMA_CFG, 0);
6035 if (run_reset(sc) != 0) {
6036 device_printf(sc->sc_dev, "could not reset chipset\n");
6040 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6042 /* init Tx power for all Tx rates (from EEPROM) */
6043 for (ridx = 0; ridx < 5; ridx++) {
6044 if (sc->txpow20mhz[ridx] == 0xffffffff)
6046 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
6049 for (i = 0; i < nitems(rt2870_def_mac); i++)
6050 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
6051 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
6052 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
6053 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
6055 if (sc->mac_ver >= 0x5390) {
6056 run_write(sc, RT2860_TX_SW_CFG0,
6057 4 << RT2860_DLY_PAPE_EN_SHIFT | 4);
6058 if (sc->mac_ver >= 0x5392) {
6059 run_write(sc, RT2860_MAX_LEN_CFG, 0x00002fff);
6060 if (sc->mac_ver == 0x5592) {
6061 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcba980);
6062 run_write(sc, RT2860_TXOP_HLDR_ET, 0x00000082);
6064 run_write(sc, RT2860_HT_FBK_CFG1, 0xedcb4980);
6065 run_write(sc, RT2860_LG_FBK_CFG0, 0xedcba322);
6068 } else if (sc->mac_ver == 0x3593) {
6069 run_write(sc, RT2860_TX_SW_CFG0,
6070 4 << RT2860_DLY_PAPE_EN_SHIFT | 2);
6071 } else if (sc->mac_ver >= 0x3070) {
6072 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
6073 run_write(sc, RT2860_TX_SW_CFG0,
6074 4 << RT2860_DLY_PAPE_EN_SHIFT);
6077 /* wait while MAC is busy */
6078 for (ntries = 0; ntries < 100; ntries++) {
6079 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
6081 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
6088 /* clear Host to MCU mailbox */
6089 run_write(sc, RT2860_H2M_BBPAGENT, 0);
6090 run_write(sc, RT2860_H2M_MAILBOX, 0);
6093 if (run_bbp_init(sc) != 0) {
6094 device_printf(sc->sc_dev, "could not initialize BBP\n");
6098 /* abort TSF synchronization */
6099 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
6100 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
6101 RT2860_TBTT_TIMER_EN);
6102 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
6104 /* clear RX WCID search table */
6105 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
6106 /* clear WCID attribute table */
6107 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
6109 /* hostapd sets a key before init. So, don't clear it. */
6110 if (sc->cmdq_key_set != RUN_CMDQ_GO) {
6111 /* clear shared key table */
6112 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
6113 /* clear shared key mode */
6114 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
6117 run_read(sc, RT2860_US_CYC_CNT, &tmp);
6118 tmp = (tmp & ~0xff) | 0x1e;
6119 run_write(sc, RT2860_US_CYC_CNT, tmp);
6121 if (sc->mac_rev != 0x0101)
6122 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
6124 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
6125 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
6127 /* write vendor-specific BBP values (from EEPROM) */
6128 if (sc->mac_ver < 0x3593) {
6129 for (i = 0; i < 10; i++) {
6130 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
6132 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
6136 /* select Main antenna for 1T1R devices */
6137 if (sc->rf_rev == RT3070_RF_3020 || sc->rf_rev == RT5390_RF_5370)
6138 run_set_rx_antenna(sc, 0);
6140 /* send LEDs operating mode to microcontroller */
6141 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
6142 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
6143 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
6145 if (sc->mac_ver >= 0x5390)
6146 run_rt5390_rf_init(sc);
6147 else if (sc->mac_ver == 0x3593)
6148 run_rt3593_rf_init(sc);
6149 else if (sc->mac_ver >= 0x3070)
6150 run_rt3070_rf_init(sc);
6152 /* disable non-existing Rx chains */
6153 run_bbp_read(sc, 3, &bbp3);
6154 bbp3 &= ~(1 << 3 | 1 << 4);
6155 if (sc->nrxchains == 2)
6157 else if (sc->nrxchains == 3)
6159 run_bbp_write(sc, 3, bbp3);
6161 /* disable non-existing Tx chains */
6162 run_bbp_read(sc, 1, &bbp1);
6163 if (sc->ntxchains == 1)
6164 bbp1 &= ~(1 << 3 | 1 << 4);
6165 run_bbp_write(sc, 1, bbp1);
6167 if (sc->mac_ver >= 0x5390)
6168 run_rt5390_rf_setup(sc);
6169 else if (sc->mac_ver == 0x3593)
6170 run_rt3593_rf_setup(sc);
6171 else if (sc->mac_ver >= 0x3070)
6172 run_rt3070_rf_setup(sc);
6174 /* select default channel */
6175 run_set_chan(sc, ic->ic_curchan);
6177 /* setup initial protection mode */
6178 run_updateprot_cb(ic);
6180 /* turn radio LED on */
6181 run_set_leds(sc, RT2860_LED_RADIO);
6183 sc->sc_flags |= RUN_RUNNING;
6184 sc->cmdq_run = RUN_CMDQ_GO;
6186 for (i = 0; i != RUN_N_XFER; i++)
6187 usbd_xfer_set_stall(sc->sc_xfer[i]);
6189 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
6191 if (run_txrx_enable(sc) != 0)
6203 struct run_softc *sc = (struct run_softc *)arg;
6208 RUN_LOCK_ASSERT(sc, MA_OWNED);
6210 if (sc->sc_flags & RUN_RUNNING)
6211 run_set_leds(sc, 0); /* turn all LEDs off */
6213 sc->sc_flags &= ~RUN_RUNNING;
6215 sc->ratectl_run = RUN_RATECTL_OFF;
6216 sc->cmdq_run = sc->cmdq_key_set;
6220 for(i = 0; i < RUN_N_XFER; i++)
6221 usbd_transfer_drain(sc->sc_xfer[i]);
6225 run_drain_mbufq(sc);
6227 if (sc->rx_m != NULL) {
6232 /* Disable Tx/Rx DMA. */
6233 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6235 tmp &= ~(RT2860_RX_DMA_EN | RT2860_TX_DMA_EN);
6236 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
6238 for (ntries = 0; ntries < 100; ntries++) {
6239 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
6241 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
6245 if (ntries == 100) {
6246 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
6251 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
6252 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
6253 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
6255 /* wait for pending Tx to complete */
6256 for (ntries = 0; ntries < 100; ntries++) {
6257 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0) {
6258 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6259 "Cannot read Tx queue count\n");
6262 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0) {
6263 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6264 "All Tx cleared\n");
6270 RUN_DPRINTF(sc, RUN_DEBUG_XMIT | RUN_DEBUG_RESET,
6271 "There are still pending Tx\n");
6273 run_write(sc, RT2860_USB_DMA_CFG, 0);
6275 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
6276 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
6278 for (i = 0; i != RUN_EP_QUEUES; i++)
6279 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
6283 run_delay(struct run_softc *sc, u_int ms)
6285 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
6286 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
6289 static device_method_t run_methods[] = {
6290 /* Device interface */
6291 DEVMETHOD(device_probe, run_match),
6292 DEVMETHOD(device_attach, run_attach),
6293 DEVMETHOD(device_detach, run_detach),
6297 static driver_t run_driver = {
6299 .methods = run_methods,
6300 .size = sizeof(struct run_softc)
6303 static devclass_t run_devclass;
6305 DRIVER_MODULE(run, uhub, run_driver, run_devclass, run_driver_loaded, NULL);
6306 MODULE_DEPEND(run, wlan, 1, 1, 1);
6307 MODULE_DEPEND(run, usb, 1, 1, 1);
6308 MODULE_DEPEND(run, firmware, 1, 1, 1);
6309 MODULE_VERSION(run, 1);
6310 USB_PNP_HOST_INFO(run_devs);